Skip to content

release: prepare unified signed runtime activation#6

Merged
sumitake merged 4 commits into
mainfrom
dev/codex/activation-prep
Jul 13, 2026
Merged

release: prepare unified signed runtime activation#6
sumitake merged 4 commits into
mainfrom
dev/codex/activation-prep

Conversation

@sumitake

@sumitake sumitake commented Jul 12, 2026

Copy link
Copy Markdown
Owner

Summary

Prepares the single public agent-collab package for a future signed native-runtime activation without publishing private provider implementation. The change adds the closed status / prepare / login-grok setup client, exact activation-only third-party legal and SPDX evidence, stricter signed-archive verification, GitHub-hosted arm64 release validation, and the breaking public skill rename from ai-merge-resolve to merge-resolve.

This PR does not activate or publish the native runtime. Apple Developer Program approval, a Developer ID Application identity, signing, notarization, and final public artifact verification remain external release gates. Policy-only 3.1.0 behavior remains fail closed.

Companion private producer PR: sumitake/agent-collab-workspace#1882, final head bd75fdd. Merge order: workspace producer first, then this public preparation PR. A later signed activation release is required before local legacy packages are removed.

Boundary declaration

  • No provider executor source, raw provider command, credential, private absolute path, retired package tree, downloader, or post-install hook is included.
  • Native-runtime changes contain no artifact in this PR; implementation and credentials remain private.
  • The change does not create a host-specific preset or provider-specific plugin.

Generated and release surfaces

  • Skill specs and generated SKILL.md files are in parity.
  • Claude and Codex marketplaces/manifests are in parity.
  • Unique changelog.d/ fragments are present; generated CHANGELOG.md remains untouched under the fragment-only convention.
  • Distributed metadata remains consistently versioned at 3.1.0; activation is intentionally not released by this PR.

Verification

  • python3 scripts/build_skills.py --check
  • python3 scripts/build_marketplace.py --check
  • python3 scripts/build-changelog.py --check — intentionally reports the uncompiled fragments; python3 scripts/build-changelog.py --dry-run passed and the generated file is reserved for the release compiler.
  • python3 -m unittest discover -s tests -t . -v — 247 passed on head 57adf77e468b555cb514315b96205691d4ebd207.
  • python3 -m unittest discover -s scripts -p 'test_*.py' -v — 254 passed.
  • python3 scripts/check_release_consistency.py — 3.1.0 consistent.
  • python3 scripts/secret_scan.py — 174 public source files clean.
  • python3 scripts/check-public-export-safety.py --active-tree --history — safe.
  • git diff --check

Additional evidence:

  • Policy-only and activation archive tests prove runtime_setup.py is a required canonical member with source byte/mode parity; removing it fails closed. Fresh-module regressions prove the public client loads without the POSIX-only pwd module, omits caller-controlled HOME, and returns typed platform_unsupported before UID-dependent identity checks when POSIX UID APIs are unavailable.
  • Policy-only archive and SPDX/checksum evidence built deterministically; no native artifact or activation-only legal tree entered the policy archive.
  • The final private section-bound onefile diagnostic from workspace commit bd75fdd returned the exact closed management status response, bound the verified distribution to the unique loader-consumed Mach-O payload section, and passed strict dependency validation across 37 Mach-O members. It remains diagnostic only and is not a public release artifact.
  • Managed Grok 4.5 reviews through the archive fix returned runtime-client PASS, setup/docs APPROVE, archive-fix APPROVE, and aggregate PROCEED. The later non-POSIX pwd/UID guards are covered by deterministic tests and CI; a current-head managed-Grok retry could not safely launch because this Codex sandbox cannot write the canonical managed Grok lock/auth lineage, and no raw or alternate-auth fallback was used.

Review and post-condition

Tier 3: runtime verification, setup/authentication boundary, release supply chain, and workflow changes. The xAI-family review is independent of the OpenAI-family author and converged on PROCEED through the archive fix; the later portability patch remains deterministic-test and CI verified. Operator-reserved workflow/release paths are covered by the operator's session-specific pre-authorization; the operator remains the merge authority.

Post-merge, policy-only installation remains the only supported public state. Final activation, tag/release publication, and local legacy-package removal stay blocked until the separately built runtime is Developer ID signed, notarized, packaged with exact reviewed metadata/legal members, and verified by the public release workflow.

Compliance trace

author: Codex
standing_directives: public policy-only boundary, no provider source or raw recipe, fragment-only changelog, exact signed-runtime verification, retirement state preserved
tier: 3
cross_check: managed Grok 4.5 xAI segmented review VERDICT PROCEED through the archive fix; exact 57adf77 non-POSIX identity guard is deterministic-test verified after the same-family P2; current xAI retry remains sandbox-blocked with no raw fallback
post_condition: 247 repository tests and 254 script tests pass on 57adf77; policy-only 3.1.0 remains fail closed; signed activation and legacy-package removal remain blocked on Apple Developer ID signing and notarization
mcp_coverage_gap: NONE
contributor_rights: OWNER-AUTHORED
operator_reserved: yes

@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4b924a5c16

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/build_plugin_archive.py
@sumitake

Copy link
Copy Markdown
Owner Author

@codex review\n\nPlease review final commit 4b924a5. This is supplemental same-family defect review; the Tier-3 cross-check is the recorded xAI review.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4b924a5c16

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread plugins/agent-collab/runtime_setup.py
Comment thread plugins/agent-collab/runtime_client.py Outdated
@sumitake

Copy link
Copy Markdown
Owner Author

@codex review

Please review exact final commit 12cbb801df0d4984aa5d18bed72438202c98d0ea, including the packaged setup entrypoint and Windows-safe guarded pwd import. This is supplemental same-family defect review.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 12cbb801df

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread plugins/agent-collab/runtime_client.py
@sumitake

Copy link
Copy Markdown
Owner Author

@codex review exact head 57adf77. Verify the non-POSIX UID guard closes the unresolved runtime-client P2 without changing supported Darwin behavior. Same-family advisory only; operator remains merge authority.

@sumitake sumitake merged commit 092f49c into main Jul 13, 2026
17 checks passed
@sumitake sumitake deleted the dev/codex/activation-prep branch July 13, 2026 05:42
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Swish!

Reviewed commit: 57adf77e46

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant