Skip to content

agent-collab: add reliable shared-HOME governance#10

Merged
sumitake merged 3 commits into
mainfrom
dev/codex/gemini-governance
Jul 15, 2026
Merged

agent-collab: add reliable shared-HOME governance#10
sumitake merged 3 commits into
mainfrom
dev/codex/gemini-governance

Conversation

@sumitake

@sumitake sumitake commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

  • Publish the public policy, schemas, client, verifier, skills, and release projections for a closed standalone managed-provider bundle.
  • Keep provider executors, authentication mechanics, raw command construction, and host-specific implementation exclusively in the private workspace-built artifact.
  • Link the exact private runtime implementation in sumitake/agent-collab-workspace#1886.
  • Do not publish a public plugin release during this private development-channel phase.

Exact source pair

  • Public head: bff69a49e19c04a0c5d7be4dfbbc7965c3de019f (GitHub signature: verified).
  • Private workspace head: 75e4912dbbc81c68509c09af5af2c83a304b7a86 (GitHub signature: verified).
  • Workspace dependency PR #1882 is merged.

Public/private boundary

  • Public code defines policy, roles, routing, family independence, request/result schemas, client validation, lifecycle projections, and a policy-only bundle verifier.
  • Public code does not contain a provider executor, raw provider command, credential, private absolute path, retired package tree, downloader, post-install hook, or workspace bootstrap path.
  • The verifier authenticates the closed member manifest without revealing private executor implementation.
  • The plugin can operate standalone after an operator installs the signed/private runtime artifact; it never requires access to the workspace repository at runtime.
  • Shared real-HOME plus PTY is policy-authorized for reliable Gemini, Grok, Composer, OpenCode, and eligible Codex execution, with role-specific authority and typed failure.
  • Claude remains asynchronous/inbox-only; autonomous Claude invocation through OpenCode is prohibited.
  • Read-only advisory calls and mutation-capable worker calls are separate contracts with no silent promotion or fallback.
  • No replacement provider-specific plugin or compatibility preset is created.

Lifecycle and resource contract

  • Bundle schema 2, runtime contract 3, broker protocol 2, provider result schema 1.
  • Exact source/member identity is projected through install, refresh, rollback, uninstall, and public transition.
  • The broker starts on demand and has zero idle process or wake cost after its idle teardown. The optional private development watcher is separate, briefly polling once per minute, and removable.
  • Deployment and rollback require immutable artifact verification, bounded typed responses, exact state readback, and residue checks.
  • Developer ID signing/notarization is documented as a future production gate; it is not falsely claimed for this private build.

Generated and release surfaces

  • Skill specs and generated SKILL.md files are in parity.
  • Claude and Codex marketplaces/manifests are in parity.
  • Version metadata is bumped from 3.2.0 to 3.3.0.
  • A unique changelog.d/ fragment is present; generated CHANGELOG.md remains unchanged under the fragment-only convention.
  • Policy-only archive generation succeeds without private runtime source.

Verification

  • Focused closed-bundle/provider/lifecycle suites — 213 passed.
  • python3 -m unittest discover -s tests -t .292 passed.
  • python3 -m unittest discover -s scripts -p 'test_*.py'254 passed.
  • python3 scripts/build_skills.py --check.
  • python3 scripts/build_marketplace.py --check.
  • python3 scripts/build-changelog.py --dry-run.
  • python3 scripts/check_release_consistency.py — version 3.3.0 consistent.
  • python3 scripts/build_plugin_archive.py --output /private/tmp/agent-collab-3.3.0-policy-contract3.plugin.
  • python3 scripts/secret_scan.py — 181 text files scanned, clean.
  • python3 scripts/check-public-export-safety.py --active-tree --history.
  • git diff --check.

Review and post-condition

Tier 3: this changes the runtime verification contract, routing authority, family provenance, lifecycle state, and release boundary. Antigravity approved the exact pair at high confidence and Claude approved it at medium confidence, both with zero blockers. Claude's remaining negative-path coverage suggestions are explicitly nonblocking.

Keep this PR draft until exact-head CI, both independent reviews, the disposable launchd probe, private activation, and fresh-session managed routing pass. After merge, verify exact merged commits and the linked workspace dependency. Do not publish a public plugin release without separate operator authorization.

Compliance trace

author: codex
standing_directives: public policy-only boundary; closed private runtime bundle; managed-provider-only routing; fragment-only changelog; signed commits; deterministic release and export validation; no public release in this phase
tier: 3
cross_check: APPROVE — Antigravity 2f3a5806-7e4e-4b42-9ab5-54b2ff4a2ba1 approved the exact 75e4912/bff69a4 pair at high confidence; Claude a4e16c6d-c352-4425-aacc-a2b4fcfa0c12 approved the same pair at medium confidence with zero blockers
post_condition: preserve draft until exact-head CI and reviews plus linked private activation and fresh-session route verification pass; no public plugin release in this phase
mcp_coverage_gap: NONE
contributor_rights: OPERATOR-CONFIRMED
operator_reserved: no
peer_review_verdict: APPROVE
peer_review_message_id: 2f3a5806-7e4e-4b42-9ab5-54b2ff4a2ba1
peer_review_agent: antigravity
peer_review_model: Antigravity managed reviewer
peer_review_effort: N/A
peer_review_reviewed_sha: bff69a4
peer_review_concerns_integrated: workspace f5c45b5 removes a second following replay lookup and guarantees cleanup of frozen publish staging; same-UID arbitrary replacement remains explicitly outside the threat model; typed malformed-frame handling matches the protocol; remaining suggested negative-path coverage is nonblocking

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the agent-collab package from version 3.2.0 to 3.3.0. The primary changes introduce a distinct broker-only gemini/governance contract using Gemini 3.1 Pro with high selection and artifact-bound proof validation. Additionally, the signed-runtime contract is advanced to version 2, and all provider routes (including Codex) are made uniformly broker-only. The managed-provider reliability policy is updated to adopt canonical passwd HOME. Comprehensive unit and contract tests have been added to validate the new Gemini governance policy and response handling. No reviewer comments were provided for assessment.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@sumitake

Copy link
Copy Markdown
Owner Author

Merge convergence record (2026-07-15, operator-directed takeover — Codex idle):

  • author: codex (gpt-5.6-sol arc, PR authored during the dev-channel cycle)
  • distinct-family review 1 (Anthropic): claude session 472ca883 (model claude-fable-5, effort high) — APPROVE. Basis: overnight deep review of this exact head incl. byte-parity verification of runtime_bundle.py against the workspace side (identical SHA), provider-stack review, and the standalone-bundle design review arc (γ workspace #1925/#1928 threads).
  • distinct-family review 2 (xAI): managed Grok grok-4.5 (effort N/A), verbatim: 'VERDICT: PROCEED / CONFIDENCE: H' — 5 non-blocking hygiene concerns recorded (signing_profile self-attested; effective_effort proof hard-coded high; tools_disabled semantics; member-inspection TOCTOU residual within documented trust model; private identifier naming) — none block ('No finding that would make me ask to hold').
  • CI: all checks SUCCESS. No public release is implied by this merge (private dev-channel phase; release remains separately gated).
  • Rationale for merging now: the ACTIVE runtime build (b2ce1ba27e4a-d59ae466c950) consumes a branch stacked on this head; plugin main cannot rebuild the shipped runtime until this + the broker-ping branch merge.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bff69a49e1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

or _sha256(binary) != item["sha256"]
not stat.S_ISDIR(bundle_info.st_mode)
or bundle_info.st_uid != os.getuid()
or stat.S_IMODE(bundle_info.st_mode) != runtime_bundle.INSTALL_MODE

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Stop requiring Git-untrackable bundle directory mode

In an activation release, the release workflow classifies and builds from a fresh actions/checkout (.github/workflows/release.yml classify/build jobs), but Git does not preserve arbitrary directory permissions in a checkout. This exact 0500 check on the runtime bundle directory therefore makes build_plugin_archive.py --print-mode/archive creation fail with “activation runtime bundle root identity is invalid” for a valid signed bundle whose tracked files have the expected modes; the archive/staging code needs to impose the canonical bundle-directory mode instead of requiring the checkout directory to already have it.

Useful? React with 👍 / 👎.

@sumitake sumitake merged commit d39feaa into main Jul 15, 2026
23 checks passed
@sumitake sumitake deleted the dev/codex/gemini-governance branch July 15, 2026 05:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant