agent-collab: add reliable shared-HOME governance#10
Conversation
There was a problem hiding this comment.
Code Review
This pull request updates the agent-collab package from version 3.2.0 to 3.3.0. The primary changes introduce a distinct broker-only gemini/governance contract using Gemini 3.1 Pro with high selection and artifact-bound proof validation. Additionally, the signed-runtime contract is advanced to version 2, and all provider routes (including Codex) are made uniformly broker-only. The managed-provider reliability policy is updated to adopt canonical passwd HOME. Comprehensive unit and contract tests have been added to validate the new Gemini governance policy and response handling. No reviewer comments were provided for assessment.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
Merge convergence record (2026-07-15, operator-directed takeover — Codex idle):
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bff69a49e1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| or _sha256(binary) != item["sha256"] | ||
| not stat.S_ISDIR(bundle_info.st_mode) | ||
| or bundle_info.st_uid != os.getuid() | ||
| or stat.S_IMODE(bundle_info.st_mode) != runtime_bundle.INSTALL_MODE |
There was a problem hiding this comment.
Stop requiring Git-untrackable bundle directory mode
In an activation release, the release workflow classifies and builds from a fresh actions/checkout (.github/workflows/release.yml classify/build jobs), but Git does not preserve arbitrary directory permissions in a checkout. This exact 0500 check on the runtime bundle directory therefore makes build_plugin_archive.py --print-mode/archive creation fail with “activation runtime bundle root identity is invalid” for a valid signed bundle whose tracked files have the expected modes; the archive/staging code needs to impose the canonical bundle-directory mode instead of requiring the checkout directory to already have it.
Useful? React with 👍 / 👎.
Summary
Exact source pair
bff69a49e19c04a0c5d7be4dfbbc7965c3de019f(GitHub signature: verified).75e4912dbbc81c68509c09af5af2c83a304b7a86(GitHub signature: verified).Public/private boundary
Lifecycle and resource contract
2, runtime contract3, broker protocol2, provider result schema1.Generated and release surfaces
SKILL.mdfiles are in parity.changelog.d/fragment is present; generatedCHANGELOG.mdremains unchanged under the fragment-only convention.Verification
python3 -m unittest discover -s tests -t .— 292 passed.python3 -m unittest discover -s scripts -p 'test_*.py'— 254 passed.python3 scripts/build_skills.py --check.python3 scripts/build_marketplace.py --check.python3 scripts/build-changelog.py --dry-run.python3 scripts/check_release_consistency.py— version 3.3.0 consistent.python3 scripts/build_plugin_archive.py --output /private/tmp/agent-collab-3.3.0-policy-contract3.plugin.python3 scripts/secret_scan.py— 181 text files scanned, clean.python3 scripts/check-public-export-safety.py --active-tree --history.git diff --check.Review and post-condition
Tier 3: this changes the runtime verification contract, routing authority, family provenance, lifecycle state, and release boundary. Antigravity approved the exact pair at high confidence and Claude approved it at medium confidence, both with zero blockers. Claude's remaining negative-path coverage suggestions are explicitly nonblocking.
Keep this PR draft until exact-head CI, both independent reviews, the disposable launchd probe, private activation, and fresh-session managed routing pass. After merge, verify exact merged commits and the linked workspace dependency. Do not publish a public plugin release without separate operator authorization.
Compliance trace
author: codex
standing_directives: public policy-only boundary; closed private runtime bundle; managed-provider-only routing; fragment-only changelog; signed commits; deterministic release and export validation; no public release in this phase
tier: 3
cross_check: APPROVE — Antigravity 2f3a5806-7e4e-4b42-9ab5-54b2ff4a2ba1 approved the exact 75e4912/bff69a4 pair at high confidence; Claude a4e16c6d-c352-4425-aacc-a2b4fcfa0c12 approved the same pair at medium confidence with zero blockers
post_condition: preserve draft until exact-head CI and reviews plus linked private activation and fresh-session route verification pass; no public plugin release in this phase
mcp_coverage_gap: NONE
contributor_rights: OPERATOR-CONFIRMED
operator_reserved: no
peer_review_verdict: APPROVE
peer_review_message_id: 2f3a5806-7e4e-4b42-9ab5-54b2ff4a2ba1
peer_review_agent: antigravity
peer_review_model: Antigravity managed reviewer
peer_review_effort: N/A
peer_review_reviewed_sha: bff69a4
peer_review_concerns_integrated: workspace f5c45b5 removes a second following replay lookup and guarantees cleanup of frozen publish staging; same-UID arbitrary replacement remains explicitly outside the threat model; typed malformed-frame handling matches the protocol; remaining suggested negative-path coverage is nonblocking