Feat/memory primitive#170
Open
NeuralEmpowerment wants to merge 20 commits into
Open
Conversation
Captures the agentic-primitives entrypoint contract for inbound file injection (CLAUDE.md, plugins, loose subagents) the workspace image exposes to any orchestrator. Frames the full workspace responsibility as inject/isolate/observe — this spec extends inject; isolate and observe are status quo. Key decisions captured: - Bind-mount at /etc/agentic/workspace/ (read-only) as the universal inbound seam. - Three optional env vars: AGENTIC_WORKSPACE_CONTEXT/_PLUGINS/_AGENTS. - No AGENTIC_WORKSPACE_ALLOWED_TOOLS — tool restrictions live inside subagent frontmatter or plugin permissions, not as a separate env-var concept. - Three entrypoint actions: copy CLAUDE.md, copy + flag plugins, copy loose subagents. - Plugin-bundled subagents come for free via Claude's --plugin-dir auto-discovery; no extra entrypoint step. - Python WorkspaceFiles helper exposes bind_mount + inject primitives for orchestrators that prefer library import. Phasing: env-var rename in agentic-domain-runner first (AGENTIC_DOMAIN_* → AGENTIC_WORKSPACE_*), then entrypoint, then helper, then image release. Sibling spec (already merged in agentic-domain-runner) referenced for the consumer-side view. Also includes the original handoff doc that started this brainstorming (docs/handoff-workspace-files-primitive.md).
Self-review revisions to 2026-05-12-workspace-injection-contract-design: §5 — entrypoint script: - Extract path/default constants to readonly vars at the top so each path literal appears once (WS_MOUNT, WS_MOUNT_PLUGINS, WS_TARGET_PLUGINS, WS_DEFAULT_CONTEXT, WS_PLUGIN_MANIFEST, etc.) - Pull the duplicated 'filter by env list OR discover all' pattern into a __ws_names helper used by both the plugin and subagent actions - Action bodies become tight read-loops keyed off the helper's name stream - Brief 'why this shape' note explaining the choices §11 — documentation deliverables (NEW): - 11.1 docs/workspace.md as canonical workspace reference - 11.2 README 'Workspace' section signposting to docs/workspace.md - 11.3 ADR-035 capturing durable decisions (035 is the next free number after 034) - 11.4 sibling-repo doc sync in agentic-domain-runner as part of Phase A (env rename) cspell.json added with project-specific vocabulary (agentic, tmpfs, frontmatter, homelab, neuralempowerment, dataclass/dataclasses, pathlib, Pytest, sdlc, Syntropic, etc.) to clear the spec's IDE diagnostic noise.
…ket)
WS in agentic-domain-runner is a real WebSocket concept (/v0/conversations/{cid}/stream
upgrades to WS). Avoid the collision in the workspace entrypoint script by
using INJECT_ as the prefix for path/default constants instead. Captures
the intent of the section (file injection) without ambiguity.
Also gitignore .claude/scheduled_tasks.lock and .claude/settings.local.json
(local-only artifacts that shouldn't be tracked).
5 phases, ~15 tasks with TDD steps:
A. Env-var rename in agentic-domain-runner (AGENTIC_DOMAIN_* →
AGENTIC_WORKSPACE_*, /etc/agentic/domain/ → /etc/agentic/workspace/,
AGENTIC_ALLOWED_TOOLS removed)
B. Entrypoint section 5.5 + 6 integration tests against the built image
C. WorkspaceFiles Python helper (bind_mount + inject) + 3 unit tests +
export
D. docs/workspace.md canonical reference + README Workspace section +
ADR-035
E. Image build/tag + runner pickup + previously-blocked live smoke
Each task has exact file paths, runnable commands, and the actual code
to write. Spec coverage and type-consistency checked in self-review
notes at the end.
Implements spec §5 — file injection from a bind-mounted
/etc/agentic/workspace/ into the agent-visible workspace.
When the bind-mount is present, copies:
- CLAUDE.md → /workspace/CLAUDE.md (verbatim)
- plugins/<name>/ → /workspace/.agentic-plugins/<name>/, appending
--plugin-dir to AGENTIC_PLUGIN_FLAGS (existing baked-in plugins
stay intact)
- agents/<name>.md → ~/.claude/agents/<name>.md (loose subagents;
plugin-bundled subagents load automatically via --plugin-dir)
First integration test (test_entrypoint_copies_workspace_context_md)
covers the CLAUDE.md path. Remaining tests come in the next commit.
Six tests against the built workspace image: - test_entrypoint_copies_workspace_context_md - test_entrypoint_copies_workspace_plugins - test_entrypoint_copies_loose_subagents - test_entrypoint_filters_plugins_by_env - test_entrypoint_skips_when_no_workspace_mount - test_entrypoint_skips_invalid_plugin_dir - test_entrypoint_appends_to_agentic_plugin_flags_does_not_replace Mirrors the existing tests/integration/test_entrypoint_lsp_settings.py pattern (docker run --rm with tmpfs home + optional bind-mounts + env).
…uild cmd mismatch) 001 — LSP entrypoint tests fail because the entrypoint prints discovery logs on stdout, polluting the JSON the tests expect. Pre-existing; fix is to redirect [entrypoint] log lines to stderr. 002 — Plan referenced docker build providers/workspaces/claude-cli but the canonical command is uv run scripts/build-provider.py claude-cli. Subagent worked around it; capturing so the plan and docs/workspace.md get the right command before Phase E.
New module agentic_isolation.workspace_files implementing spec §6.
bind_mount(host, ctr, read_only) -> docker.types.Mount
Host-resident static content. Resolves relative paths to absolute.
inject(container_id, ctr_path, content: bytes) -> None
Generated / remote-fetched content. Streams a single-file tar
archive via docker.put_archive(). Works after create_container,
before start_container — and against remote daemons / K8s.
Three unit tests cover the Mount descriptor shape, relative-path
resolution, and the put_archive call shape with a mocked client.
Three documentation deliverables for the workspace-injection-contract
plus a fresh-agent-session breadcrumb at the top of CLAUDE.md so new
sessions land on docs/workspace.md → ADR-035 → entrypoint.sh without
spelunking.
- docs/workspace.md: canonical workspace reference (~150 lines).
Three responsibilities (inject/isolate/observe), bind-mount layout,
env-var contract, what the agent sees, observe surface, Python
helper usage example, build commands, pointers.
- docs/adrs/035-workspace-injection-contract.md: durable decision
record. Context, decision, four alternatives considered, positive +
negative + neutral consequences, implementation pointers.
Cross-links design spec + plan + sibling runner spec.
- README.md: tight 'Workspace' section after Docker Workspace Images,
signposting docs/workspace.md and ADR-035. ADR list also updated
to include ADR-035.
Final reviewer caught one stale reference and two non-blocking cosmetic observations: - docs/superpowers/specs/2026-05-12-workspace-injection-contract-design.md:186 said '__ws_names helper' but the implementation was renamed to '__inject_names' in commit 822e706. One-line fix. - docs/issues/003-workspace-injection-cosmetic-followups.md captures two low-priority items for later: defer mkdir of /workspace/.agentic-plugins/ until at least one plugin is actually copied; add a docstring note to WorkspaceFiles.inject() about put_archive's parent-dir requirement. Reviewer verdict was APPROVED with these as optional follow-ups; the PR is ready to merge.
CI's QA → Python Isolation → Check formatting step failed on this file. Phase C subagent added the export test but didn't run the formatter afterward. One-line whitespace fix.
CI's QA → Python Isolation → Lint failed on two issues:
1. workspace_files.py:45 had quoted forward refs ('docker.types.Mount')
when the underlying type is runtime-imported inside the method —
ruff RUF066 prefers unquoted when possible. Now uses 'from docker
import types as docker_types' at module level and references the
real type without quotes.
2. tests/test_workspace_files.py imported pytest unnecessarily
(F401). Tests use plain functions, not pytest fixtures from the
import.
Auto-fixed via 'uv run ruff check --fix .'. 174 tests still pass.
9 review comments, all addressed:
entrypoint.sh:
- /workspace/CLAUDE.md is now chmod 600 (was 644) — orchestrators may
embed credentials or private guidance; matches the mode used for
~/.claude/settings.json and ~/.git-credentials earlier in the script.
- Plugin copy is now idempotent across re-runs against a persistent
/workspace volume. Without the rm-first the 'cp -a src dst' pattern
against an existing dst/ creates a nested dst/<basename>/ tree.
tests/integration/test_entrypoint_workspace_injection.py:
- Removed unused 'json' and 'tempfile' imports.
lib/python/agentic_isolation/agentic_isolation/workspace_files.py:
- inject() now validates container_path is absolute and has a
non-empty basename, raising ValueError otherwise. Was silently
producing tar entries with empty/invalid filenames for paths like
'/' or 'relative/path'.
- Two new unit tests cover the rejection paths.
docs/workspace.md:
- Fixed Python snippet — was mixing docker_client + client variable
names; copy-paste-runnable now.
docs/superpowers/plans/2026-05-12-workspace-injection-contract.md:
- Replaced the two 'docker build providers/workspaces/claude-cli'
invocations with the canonical 'just build-workspace-claude-cli'
(docs/issues/002 had already noted this).
CLAUDE.md:
- Removed the absolute /Users/neural/... path; replaced with a link
to the sibling repo's Gitea URL.
docs/handoff-workspace-files-primitive.md:
- Deleted. The original handoff doc that kicked off this brainstorming
described the OLD per-domain contract (/etc/agentic/domain,
AGENTIC_DOMAIN_*, AGENTIC_ALLOWED_TOOLS, entrypoint preamble
templating). The merged spec + ADR-035 + docs/workspace.md
supersede it. Git history preserves it.
176 Python tests + 7 integration tests + 1 OpenAPI snapshot all green.
Adds an entry to CHANGELOG.md '## [Unreleased]' summarizing the workspace-injection-contract work: entrypoint section 5.5, WorkspaceFiles Python helper, canonical docs/workspace.md + ADR-035, 12 new tests (7 integration + 5 unit), and the docs/issues/ convention. Notes the backwards-compat behavior, the deliberate choice to keep tool restrictions out of the workspace env-var contract, and the sibling agentic-domain-runner branch with the AGENTIC_WORKSPACE_* rename.
Five new comments from Copilot's second review:
README.md:
- Spelled out env var names (AGENTIC_WORKSPACE_PLUGINS / _AGENTS)
instead of the abbreviated /_PLUGINS / _AGENTS form that could
cause copy-paste misconfiguration.
docs/workspace.md:
- inject() example now targets /workspace/CLAUDE.md (parent
guaranteed by the image) instead of /etc/agentic/workspace/...
which only exists when the orchestrator bind-mounts it. Added
a comment explaining why.
providers/workspaces/claude-cli/scripts/entrypoint.sh:
- Security fix: __inject_safe_filter rejects plugin/agent names
containing '/' or '..'. Previously a value like
AGENTIC_WORKSPACE_PLUGINS='../etc' could escape the intended
/etc/agentic/workspace/plugins/ mount.
lib/python/agentic_isolation/agentic_isolation/workspace_files.py:
- inject() now explicitly rejects trailing slashes; docstring is
accurate. Path('/foo/') normalizes to /foo internally, so the
earlier basename check didn't actually catch this.
- Renamed test_inject_rejects_empty_basename to
test_inject_rejects_root_path since the trailing-slash check
now catches '/' first.
- New test_inject_rejects_trailing_slash.
docs/superpowers/specs/2026-05-12-workspace-injection-contract-design.md:
- Spec snippet was showing chmod 644 but impl uses 600 (the change
we made for round 1). Synced spec → 600 to remove drift.
Tests:
- 177 Python (+1 for trailing-slash test)
- 7 integration green
- ruff check + format clean
- Image rebuilt and integration tests passed against fresh image.
Adds the design for a workspace-image memory primitive that extends the
workspace injection contract (ADR-035) with:
- A memory contract — three required env vars from the host
(AGENTIC_MEMORY_{PROVIDER,NAMESPACE,URL}) plus three optional
(NAMESPACE_KIND, AUTH, CONFIG_JSON). Per-provider adapter scripts
at /opt/agentic/memory/<provider>/init.sh translate to provider-
specific env (e.g. HINDSIGHT_BANK_ID).
- A memory doctor — a Python+shell CLI at /opt/agentic/memory/doctor
that validates env vars, namespace shape, adapter existence,
backend DNS+health, and delegates provider-specific checks. Dual
output (pretty to stderr, JSON to stdout). Three-level exit codes
(0 pass / 1 warning / 2 fail). Auto-invokes in --quick mode from
entrypoint section 5.7; soft-fails by default; AGENTIC_MEMORY_
REQUIRED=true opts into hard fail.
Both pieces are coordinated — the doctor is what makes the contract's
soft-fail posture safe (loud enough for humans without breaking the
agent's startup path). Auto-fix scope is deliberately client-side
only: namespace sanitization and config-file generation. The doctor
never mutates the backend (no bank creation, no admin operations).
Provider adapter pattern lifted from ADR-035's plugin injection: small
(~30 lines) per-adapter, validation logic centralized in the doctor.
Adoption: agentic-domain-runner gets a 4-line env injection in
src/runner/mod.rs (per-task isolation via agent_task_id). Syntropic137
(future) uses the same contract with workflow::phase namespaces. Hermes
is explicitly out of scope — hindsight ships as a native Hermes plugin
upstream via `hermes memory setup` (announced 2026-04-06).
Phased implementation plan in the spec; ADR documents the four
alternatives considered (no contract, memory-as-plugin, manual doctor
only, hard-fail default) and why each was rejected.
Branch feat/memory-primitive off feat/workspace-injection-contract;
ADR-036 status is draft pending user review of the open questions
section in the spec (5 design choices deferred for explicit
confirmation).
…k-mode User decisions on the 5 open questions in the spec: 1. No --quick flag. One doctor mode: full preflight. Speed isn't the priority; honesty is. 2. No AGENTIC_MEMORY_REQUIRED env var. Setting AGENTIC_MEMORY_PROVIDER IS the opt-in; opt-in is automatic hard-fail. If you don't want hard fail, don't set the provider — entrypoint then skips sections 5.6 and 5.7 entirely. Adding a second env var to allow ignoring the first is a workaround for not having designed the contract sharply. 3. Audit trail via host bind-mount at /var/agentic/memory-doctor/. JSONL per day, one line per container start. 4. Hindsight dynamicBankId conflict is auto-fixed. Doctor rewrites the stale ~/.hindsight/claude-code.json with dynamicBankId: false so the contract's HINDSIGHT_BANK_ID env var takes effect. 5. No claude doctor integration. Memory diagnostics via /opt/agentic/memory/doctor directly. Wrappers, if any, live in the orchestrator. Spec's "Open questions" section becomes "Decisions locked." ADR Alternative 4 rewritten to articulate WHY soft-fail-by-default was rejected (the user's specific reasoning: "if you enable memory, you want failure when misconfigured"). Consequences section calls out the intentional divergence from ADR-035's soft-fail posture and the reasoning — ADR-035 handles optional content with graceful degradation; ADR-036 handles a binary feature. Spec sections 5.7 and "Auto-fix scope" updated to remove the removed flag and add the new auto-fix. Status remains draft pending implementation phase 1.
…ration
Adds the memory contract + doctor primitive per ADR-036, with no
provider adapters yet (Phase 2 adds hindsight on top of this).
Python package (lib/python/agentic_memory/):
- contract.py: MemoryContract dataclass + namespace validation +
sanitization
- doctor.py: 8 Check classes covering env_contract, namespace shape,
provider known, adapter exists, config_json valid, backend DNS,
backend /health, and delegated provider_specific. CLI surface
(--json, --verbose, --fix, --provider/namespace/url overrides).
Exit 0 or 1 — no warning tier.
- tests/: 53 unit tests covering every check, every contract field,
the CLI surface, and the runner. All passing under stdlib pytest.
- pyproject.toml declares console_scripts entry agentic-memory-doctor.
Workspace integration:
- providers/workspaces/claude-cli/memory/doctor: bash entry that
exec's the Python module via /opt/venv's python.
- entrypoint.sh: new sections 5.6 (adapter init) and 5.7 (doctor
preflight). Both no-op when AGENTIC_MEMORY_PROVIDER is unset.
When the provider IS set: 5.6 sources /opt/agentic/memory/<p>/
init.sh; 5.7 runs the doctor with --json appended to
/var/agentic/memory-doctor/<YYYY-MM-DD>.jsonl, hard-fails the
container on non-zero exit.
- Dockerfile: COPY memory/ /opt/agentic/memory/, create the audit
dir at /var/agentic/memory-doctor/, set permissions on init.sh
and doctor.sh files for all providers.
Build system:
- scripts/build-provider.py: adds stage_memory() function and
agentic_memory to required_packages. Both wheels now built and
staged into the image at /tmp/packages/*.whl for uv pip install.
Verified via `uv run scripts/build-provider.py claude-cli --stage-only`:
both wheels build cleanly, memory/ adapter directory copied to
build context, no errors.
Phase 2 (hindsight adapter) adds providers/workspaces/claude-cli/
memory/hindsight/{init.sh,doctor.sh}. Phase 3 wires this into
agentic-domain-runner.
… tests
Adds the first provider adapter under
providers/workspaces/claude-cli/memory/hindsight/:
- init.sh — translates AGENTIC_MEMORY_* contract into HINDSIGHT_* env
vars. Sets HINDSIGHT_DYNAMIC_BANK_ID=false explicitly (so the env
var HINDSIGHT_BANK_ID actually takes effect — verified empirically
in agentic-memory probe bank-derivation-modes). Writes
~/.hindsight/claude-code.json when AGENTIC_MEMORY_CONFIG_JSON is
supplied.
- doctor.sh — provider-specific health check (called from Python's
ProviderSpecificCheck). Verifies the backend's GET /v1/default/banks
returns 200 and checks bank membership ("not in list" = lazy-create
pending = pass). Auto-fixes stale ~/.hindsight/claude-code.json
configs that set dynamicBankId:true (a stale-state issue where
HINDSIGHT_BANK_ID env override is silently ignored). Python is used
for JSON parsing — robust against malformed configs.
API discovery: hindsight 0.6.x no longer supports
GET /v1/default/banks/<id> (returns 405). doctor.sh uses the list
endpoint and filters in Python.
Integration tests at tests/integration/test_entrypoint_memory.py
mirror test_entrypoint_workspace_injection.py:
1. No provider → entrypoint completes normally (sections 5.6/5.7 no-op)
2. Provider + reachable backend → doctor pass, adapter env vars
exported, AGENTIC_MEMORY_READY=1, audit JSONL written
3. Provider + unreachable backend → doctor fail, container exits 1
4. Provider + missing namespace → env_contract check fails
5. Unknown provider name → provider_known check fails
6. Stale dynamicBankId:true config → auto-fixed to false,
other keys preserved
7. /opt/agentic/memory/doctor with no provider → exit 0 (no-op)
8. /opt/agentic/memory/doctor --json → JSON to stdout, exit 1
8/8 integration tests passing against the rebuilt
agentic-workspace-claude-cli:latest image. Combined with 53 unit
tests in lib/python/agentic_memory/, full coverage of the contract
+ doctor + adapter end-to-end.
Discovered + fixed during testing:
- API endpoint shape change (GET /banks/<id> → use list endpoint)
- Entrypoint log lines go to stdout per existing convention (not
stderr) — tests updated accordingly
There was a problem hiding this comment.
Pull request overview
This PR extends the agentic-workspace-claude-cli workspace image with (1) a workspace injection contract implementation (entrypoint section 5.5) and (2) a new “memory primitive” (ADR-036) consisting of per-provider adapters plus a agentic_memory Python “doctor” that validates configuration and backend reachability at container start.
Changes:
- Added workspace injection composition in the workspace entrypoint (context file, plugins, loose subagents) plus integration tests and docs (ADR-035 /
docs/workspace.md). - Added memory primitive plumbing: staged
/opt/agentic/memory/*adapters, entrypoint sections 5.6/5.7, hindsight adapter scripts, and a Python-basedagentic-memory-doctorwith unit + integration tests. - Updated build tooling and image packaging to include
agentic_memoryand copy thememory/adapter tree into the Docker image.
Reviewed changes
Copilot reviewed 33 out of 36 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/integration/test_entrypoint_workspace_injection.py | New integration coverage for entrypoint section 5.5 workspace injection behavior. |
| tests/integration/test_entrypoint_memory.py | New integration coverage for memory entrypoint sections 5.6/5.7 and doctor behavior. |
| scripts/build-provider.py | Stages memory/ into build context and includes agentic_memory wheel in the image build. |
| README.md | Adds a Workspace section pointing to canonical docs and ADR-035. |
| providers/workspaces/claude-cli/scripts/entrypoint.sh | Implements workspace injection (5.5) and memory adapter + doctor sections (5.6/5.7). |
| providers/workspaces/claude-cli/memory/hindsight/init.sh | Adds hindsight adapter env translation (AGENTIC_MEMORY_* → HINDSIGHT_*). |
| providers/workspaces/claude-cli/memory/hindsight/doctor.sh | Adds hindsight provider-specific health checks for the doctor. |
| providers/workspaces/claude-cli/memory/doctor | Adds /opt/agentic/memory/doctor wrapper that execs python -m agentic_memory.doctor. |
| providers/workspaces/claude-cli/Dockerfile | Copies memory/ into the image and sets permissions + audit dir ownership. |
| lib/python/agentic_memory/tests/test_doctor.py | Unit tests for doctor checks, runner, and CLI behavior. |
| lib/python/agentic_memory/tests/test_contract.py | Unit tests for contract parsing + namespace validation utilities. |
| lib/python/agentic_memory/tests/init.py | Establishes the agentic_memory.tests package. |
| lib/python/agentic_memory/README.md | Package-level documentation for the memory contract + doctor. |
| lib/python/agentic_memory/pyproject.toml | Defines the new agentic-memory Python package and CLI entry point. |
| lib/python/agentic_memory/agentic_memory/doctor.py | Implements doctor checks, formatting, and CLI. |
| lib/python/agentic_memory/agentic_memory/contract.py | Implements contract parsing and namespace validation/sanitization. |
| lib/python/agentic_memory/agentic_memory/init.py | Package init + version. |
| lib/python/agentic_isolation/tests/test_workspace_files.py | Unit tests for the new WorkspaceFiles staging helper. |
| lib/python/agentic_isolation/tests/test_package_exports.py | Verifies WorkspaceFiles is exported from agentic_isolation. |
| lib/python/agentic_isolation/agentic_isolation/workspace_files.py | Adds WorkspaceFiles helper (bind_mount + inject). |
| lib/python/agentic_isolation/agentic_isolation/init.py | Exports WorkspaceFiles in the package public API. |
| docs/workspace.md | Canonical doc for workspace responsibilities and injection contract. |
| docs/superpowers/specs/2026-05-13-memory-primitive-and-doctor-design.md | Design spec for memory primitive + doctor. |
| docs/superpowers/specs/2026-05-12-workspace-injection-contract-design.md | Design spec for workspace injection contract. |
| docs/superpowers/plans/2026-05-12-workspace-injection-contract.md | Implementation plan for workspace injection contract + helper. |
| docs/issues/README.md | Documents the local docs/issues/ convention. |
| docs/issues/003-workspace-injection-cosmetic-followups.md | Captures follow-up notes for workspace injection polish. |
| docs/issues/002-build-command-mismatch-in-plan.md | Notes plan correction for the canonical workspace build command. |
| docs/issues/001-lsp-entrypoint-test-stdout-pollution.md | Captures pre-existing test failures due to entrypoint stdout logging. |
| docs/adrs/036-memory-primitive-and-doctor.md | Adds ADR-036 documenting memory primitive/doctor decisions. |
| docs/adrs/035-workspace-injection-contract.md | Adds ADR-035 documenting workspace injection contract decisions. |
| cspell.json | Adds project dictionary entries for new terms. |
| CLAUDE.md | Adds pointers to workspace contract docs/ADR for new sessions. |
| CHANGELOG.md | Documents the workspace injection contract deliverables in Unreleased. |
| .gitignore | Ignores additional local .claude/ files. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+319
to
+322
| # Run the doctor. Pretty output → stderr (always shown). JSON → audit log | ||
| # (appended). Exit non-zero = workspace stops. | ||
| if /opt/agentic/memory/doctor --json >> "${AGENTIC_MEMORY_AUDIT_FILE}" 2>&1; then | ||
| echo "[entrypoint] memory doctor: pass (audit: ${AGENTIC_MEMORY_AUDIT_FILE})" |
Comment on lines
+32
to
+36
| LIST_URL="${HINDSIGHT_API_URL}/v1/default/banks" | ||
| HTTP_STATUS=$(curl -sS -o /tmp/hindsight-doctor-body -w "%{http_code}" \ | ||
| --max-time 5 \ | ||
| ${HINDSIGHT_API_TOKEN:+-H "Authorization: Bearer ${HINDSIGHT_API_TOKEN}"} \ | ||
| "${LIST_URL}" || echo "000") |
Comment on lines
+17
to
+22
| (soft-fail by default) and on-demand via a CLI subcommand. | ||
|
|
||
| The primitive extends the [Workspace Injection Contract](../../adrs/035-workspace-injection-contract.md) | ||
| (ADR-035) following the same shape: three env vars from the host, a baked-in | ||
| adapter layer inside the image, soft-fail-with-loud-logs as the default | ||
| posture. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.