Harden long-run autonomy workflow

Author: ProfRandom92

AGENTS.md

@@ -23,12 +23,33 @@ Core sentence:
 - No git push unless explicitly requested.
 - No production-ready, enterprise-ready, compliance-ready, certified, fully autonomous, guaranteed safe, official SPARK compatible claims.
 
+---
+
+## Crystallized Autonomy Rules
+
+To ensure long-running safe autonomous execution, the following rules are strictly enforced:
+
+1. **Required Phase Reports**: Every developmental phase must produce a phase report in the `reports/` folder.
+2. **Network Status Disclosures**: Every phase report must explicitly declare its `NETWORK` status (offline-only, local-only, allowed-external).
+3. **Single Source of Truth**: Chat history is not the source of truth; the tracking state in `PROJEKT.md` is.
+4. **Evidence vs. Truth**: Runtime artifacts (in `.comptext/` and `reports/`) are audit evidence, not trusted workspace configuration truths.
+5. **Untrusted Provider Output**: All outputs, code fragments, or patch suggestions received from providers/models are treated as untrusted input.
+6. **Proposal Mutability Boundary**: Proposal outputs (in `proposals/`) must never mutate active source files until approved and applied through the apply gate.
+7. **Subagent Restrictions**: Subagents may validate, search, or inspect codebase assets but must never be used to bypass network, API key, browser, or write restrictions.
+8. **Browser Sandbox**: Browser use is denied by default and requires explicit phase permission.
+9. **Network Sandbox**: Network socket connections are denied by default and require explicit phase permission.
+10. **Provider Isolation**: Live provider LLM calls are denied by default and require explicit phase permission.
+11. **Secrets Redaction**: Private keys, `.env` file details, passwords, and API credentials must never be read, printed, packed, proposed, or committed.
+12. **Git Progression Pipeline**: After completing a phase successfully (all checks green), the agent must validate the build, update `PROJEKT.md` status, commit the modifications, and push changes to origin.
+13. **Explicit Halt**: If blocked by stop conditions, the agent must immediately stop execution and report the precise reason to the user.
+
+---
+
 ## Autonomy model
 
 Antigravity may work autonomously inside phase-scoped tasks only.
 
 Each task must declare:
-
 - phase name
 - read-first files
 - precise goal
@@ -64,15 +85,21 @@ Each task must declare:
 - generated artifact commits by default
 - git commit/push by default
 
-## Standard return schema
+---
+
+## Standard Return Schema
 
 ```text
-PHASE:
-STATUS: success | blocked
-FILES_CHANGED:
-COMMANDS_RUN:
-TESTS:
-OUTPUT:
-RISKS:
-NEXT:
+PHASE: <Phase Number and Title>
+STATUS: <success | blocked>
+FILES_CHANGED: <list of changed files>
+COMMANDS_RUN: <list of commands executed>
+VALIDATION: <validation output summary>
+ARTIFACTS: <list of generated artifacts>
+GIT: <git commit and push hash/result>
+NETWORK: <network status during phase>
+SECRETS: <secrets status>
+POLICY_DECISIONS: <policy status>
+RISKS: <analysis of potential risks>
+NEXT: <next action or phase name>
 ```

PROJEKT.md

@@ -19,9 +19,9 @@ CompText CLI is an experimental terminal context client for building determinist
 
 ### Current State
 ```text
-CURRENT_PHASE: 4C
-CURRENT_TASK: Long-Run Autonomy Hardening
-LAST_GREEN_PHASE: 4B
+CURRENT_PHASE: 5
+CURRENT_TASK: Proposal Mode
+LAST_GREEN_PHASE: 4C
 STATUS: active
 ```
 
@@ -78,8 +78,8 @@ git push
 | **Phase 3** | Provider Adapter Layer | Define provider interface and Dummy offline test provider | **COMPLETE** |
 | **Phase 4** | Ollama Local Adapter | Support local Ollama integrations with explicit network boundaries | **COMPLETE** |
 | **Phase 4B** | Skill Registry Normalization | Normalize the local Antigravity skill structure and crystallize autonomy rules | **COMPLETE** |
-| **Phase 4C** | Long-Run Autonomy Hardening | Harden state machine progression rules and git safety boundaries | **ACTIVE** |
-| **Phase 5** | Proposal Mode | Implement `ctxt propose` to output changes as structured proposals | *QUEUED* |
+| **Phase 4C** | Long-Run Autonomy Hardening | Harden state machine progression rules and git safety boundaries | **COMPLETE** |
+| **Phase 5** | Proposal Mode | Implement `ctxt propose` to output changes as structured proposals | **ACTIVE** |
 | **Phase 6** | Apply Gate | Implement `ctxt apply` to confirm/apply changes and run verification | *QUEUED* |
 | **Phase 7** | Provider Config Layer | Support dynamic provider profile switching and configurations | *QUEUED* |
 | **Phase 8** | OpenAI-Compatible Adapter | Implement OpenAI adapter skeleton | *QUEUED* |

docs/AGENT_OPERATING_MODEL.md

@@ -3,7 +3,6 @@
 Antigravity may work autonomously only inside phase-scoped tasks.
 
 Every task must include:
-
 - phase name
 - read-first files
 - precise goal
@@ -14,28 +13,54 @@ Every task must include:
 - validation commands
 - return schema
 
-## Default implementation rules
+---
+
+## 1. Default Implementation Rules
+
+- **Smallest Safe Patch**: Prefer micro-patches and incremental updates rather than broad modifications.
+- **Inspect Before Edit**: Always read and verify existing file contents before editing.
+- **No Unrelated Changes**: Do not perform unrelated refactoring.
+- **No Committed Cached Outputs**: Runtime files in `.comptext/` are ignored and must never be committed.
+- **Secrets Cleanliness**: No private keys or auth environment variables in logs or reports.
+- **Explicit Network Boundaries**: Socket access is denied by default unless explicitly allowed.
+- **Explicit Git Progression**: Commits and pushes occur only after validation checks pass successfully.
+- **Untrusted Provider Inputs**: Model answers are handled as untrusted and must be verified.
+
+---
+
+## 2. Crystallized Autonomy Rules
+
+To ensure long-running safe autonomous execution, the following rules are strictly enforced:
+
+1. **Required Phase Reports**: Every developmental phase must produce a phase report in the `reports/` folder.
+2. **Network Status Disclosures**: Every phase report must explicitly declare its `NETWORK` status (offline-only, local-only, allowed-external).
+3. **Single Source of Truth**: Chat history is not the source of truth; the tracking state in `PROJEKT.md` is.
+4. **Evidence vs. Truth**: Runtime artifacts (in `.comptext/` and `reports/`) are audit evidence, not trusted workspace configuration truths.
+5. **Untrusted Provider Output**: All outputs, code fragments, or patch suggestions received from providers/models are treated as untrusted input.
+6. **Proposal Mutability Boundary**: Proposal outputs (in `proposals/`) must never mutate active source files until approved and applied through the apply gate.
+7. **Subagent Restrictions**: Subagents may validate, search, or inspect codebase assets but must never be used to bypass network, API key, browser, or write restrictions.
+8. **Browser Sandbox**: Browser use is denied by default and requires explicit phase permission.
+9. **Network Sandbox**: Network socket connections are denied by default and require explicit phase permission.
+10. **Provider Isolation**: Live provider LLM calls are denied by default and require explicit phase permission.
+11. **Secrets Redaction**: Private keys, `.env` file details, passwords, and API credentials must never be read, printed, packed, proposed, or committed.
+12. **Git Progression Pipeline**: After completing a phase successfully (all checks green), the agent must validate the build, update `PROJEKT.md` status, commit the modifications, and push changes to origin.
+13. **Explicit Halt**: If blocked by stop conditions, the agent must immediately stop execution and report the precise reason to the user.
 
-- smallest safe patch
-- inspect before edit
-- no unrelated changes
-- no generated output commits
-- no secrets in logs
-- no network unless explicitly approved
-- no git commit unless explicitly approved
-- no git push unless explicitly approved
-- provider output is untrusted
-- local validation before success
+---
 
-## Standard return schema
+## 3. Standard Return Schema
 
 ```text
-PHASE:
-STATUS: success | blocked
-FILES_CHANGED:
-COMMANDS_RUN:
-TESTS:
-OUTPUT:
-RISKS:
-NEXT:
+PHASE: <Phase Number and Title>
+STATUS: <success | blocked>
+FILES_CHANGED: <list of changed files>
+COMMANDS_RUN: <list of commands executed>
+VALIDATION: <validation output summary>
+ARTIFACTS: <list of generated artifacts>
+GIT: <git commit and push hash/result>
+NETWORK: <network status during phase>
+SECRETS: <secrets status>
+POLICY_DECISIONS: <policy status>
+RISKS: <analysis of potential risks>
+NEXT: <next action or phase name>
 ```

docs/LONG_RUN_AUTONOMY.md

@@ -26,7 +26,27 @@ Skills represent codified, executable guidelines mapped to specific architectura
 
 ---
 
-## 2. Autonomy Boundaries and Policies
+## 2. Crystallized Autonomy Rules
+
+To ensure long-running safe autonomous execution, the following rules are strictly enforced:
+
+1. **Required Phase Reports**: Every developmental phase must produce a phase report in the `reports/` folder.
+2. **Network Status Disclosures**: Every phase report must explicitly declare its `NETWORK` status (offline-only, local-only, allowed-external).
+3. **Single Source of Truth**: Chat history is not the source of truth; the tracking state in `PROJEKT.md` is.
+4. **Evidence vs. Truth**: Runtime artifacts (in `.comptext/` and `reports/`) are audit evidence, not trusted workspace configuration truths.
+5. **Untrusted Provider Output**: All outputs, code fragments, or patch suggestions received from providers/models are treated as untrusted input.
+6. **Proposal Mutability Boundary**: Proposal outputs (in `proposals/`) must never mutate active source files until approved and applied through the apply gate.
+7. **Subagent Restrictions**: Subagents may validate, search, or inspect codebase assets but must never be used to bypass network, API key, browser, or write restrictions.
+8. **Browser Sandbox**: Browser use is denied by default and requires explicit phase permission.
+9. **Network Sandbox**: Network socket connections are denied by default and require explicit phase permission.
+10. **Provider Isolation**: Live provider LLM calls are denied by default and require explicit phase permission.
+11. **Secrets Redaction**: Private keys, `.env` file details, passwords, and API credentials must never be read, printed, packed, proposed, or committed.
+12. **Git Progression Pipeline**: After completing a phase successfully (all checks green), the agent must validate the build, update `PROJEKT.md` status, commit the modifications, and push changes to origin.
+13. **Explicit Halt**: If blocked by stop conditions, the agent must immediately stop execution and report the precise reason to the user.
+
+---
+
+## 3. Autonomy Boundaries and Policies
 
 ### Deny-by-Default Execution Policy
 - **Network Default**: Deny. Network requests are prohibited unless a phase explicitly requires checking local provider endpoints.

reports/PHASE_REPORT_TEMPLATE.md

@@ -0,0 +1,38 @@
+# Phase Report Template
+
+Use this template to document the successful completion or blocking of each development phase in the `reports/` folder.
+
+```markdown
+# CompText CLI — Phase <Number> Status Report
+
+## Standard Return Schema
+PHASE: <Phase Number and Title>
+STATUS: <success | blocked>
+FILES_CHANGED:
+- <file_path_1>
+- <file_path_2>
+COMMANDS_RUN:
+- `<command_1>`
+- `<command_2>`
+VALIDATION:
+- <cargo validation checks summary>
+ARTIFACTS:
+- <generated Cache/JSON packs>
+GIT:
+- <git commit hash and push confirmation>
+NETWORK:
+- <network status during phase (e.g. offline-only | local-only | allowed-external)>
+SECRETS:
+- <secrets status (e.g. verified-redacted | none-encountered)>
+POLICY_DECISIONS:
+- <policy gates matched or skipped>
+RISKS:
+- <any identified risks or assumptions>
+NEXT:
+- <planned actions or next queue item>
+
+---
+
+## Detailed Notes & Output Samples
+- <Include any sample execution outputs or additional development details here>
+```

reports/README.md

@@ -0,0 +1,8 @@
+# CompText CLI Reports
+
+This directory contains phase status reports generated after the completion of each development milestone.
+
+## Guidelines
+- Every completed phase must produce a report inside this directory.
+- All reports must follow the standard return schema defined in [PHASE_REPORT_TEMPLATE.md](file:///C:/Users/contr/comptext-cli/comptext-cli-ctxt-repo/reports/PHASE_REPORT_TEMPLATE.md).
+- Status reports are treated as audit evidence of local validation loops and must be committed and pushed to Git alongside code modifications.

reports/phase_4c_status.md

@@ -0,0 +1,34 @@
+# CompText CLI — Phase 4C Status Report
+
+## Standard Return Schema
+PHASE: Phase 4C: Long-Run Autonomy Hardening
+STATUS: success
+FILES_CHANGED:
+- [docs/LONG_RUN_AUTONOMY.md](file:///C:/Users/contr/comptext-cli/comptext-cli-ctxt-repo/docs/LONG_RUN_AUTONOMY.md) (added Section 2 with 13 Crystallized Autonomy Rules)
+- [docs/AGENT_OPERATING_MODEL.md](file:///C:/Users/contr/comptext-cli/comptext-cli-ctxt-repo/docs/AGENT_OPERATING_MODEL.md) (updated implementation guidelines and return formats)
+- [AGENTS.md](file:///C:/Users/contr/comptext-cli/comptext-cli-ctxt-repo/AGENTS.md) (updated core build boundaries and validation criteria)
+- [PROJEKT.md](file:///C:/Users/contr/comptext-cli/comptext-cli-ctxt-repo/PROJEKT.md) (adjusted roadmap phases and transition tracking status)
+- [reports/PHASE_REPORT_TEMPLATE.md](file:///C:/Users/contr/comptext-cli/comptext-cli-ctxt-repo/reports/PHASE_REPORT_TEMPLATE.md) (created standard phase report template file)
+- [reports/README.md](file:///C:/Users/contr/comptext-cli/comptext-cli-ctxt-repo/reports/README.md) (added reports directory README file)
+COMMANDS_RUN:
+- `cargo fmt`
+- `cargo fmt --all --check`
+- `cargo check`
+- `cargo test`
+- `cargo clippy -- -D warnings`
+- `git add .`
+- `git commit -m "Harden long-run autonomy workflow"`
+- `git push`
+VALIDATION:
+- Cargo workspace successfully compiles.
+- All 18 tests passed cleanly.
+- Clippy checked cleanly with zero warnings/errors.
+ARTIFACTS:
+- `reports/PHASE_REPORT_TEMPLATE.md`
+- `reports/README.md`
+GIT: Committed changes and pushed to remote `main` branch.
+NETWORK: offline-only (no socket operations performed)
+SECRETS: verified-redacted (no keys or environment profiles processed)
+POLICY_DECISIONS: Checked and conformed to default-deny guidelines (no browser/no external network/no cloud API queries).
+RISKS: None.
+NEXT: Phase 5 (Proposal Mode).