refactor(agent): decompose entrypoint.py into modular src/ package wi…#23
Merged
refactor(agent): decompose entrypoint.py into modular src/ package wi…#23
Conversation
added 2 commits
April 12, 2026 13:10
…th Cedar policy engine Decompose the monolithic agent/entrypoint.py (~2,100 lines) into 13 focused modules under agent/src/, add a Cedar-based policy engine for tool-call governance, and fix 15 review findings across Python and CDK TypeScript code. Agent decomposition: - config.py, models.py (TaskType enum), pipeline.py, runner.py, context.py, prompt_builder.py, hooks.py, policy.py, post_hooks.py, repo.py, shell.py, telemetry.py - entrypoint.py retained as re-export shim for backward compatibility Cedar policy engine (agent/src/policy.py + hooks.py): - In-process cedarpy evaluation with deny-list model (fail-closed) - pr_review agents denied Write/Edit; protected path and destructive command blocking for all agents - Per-repo custom Cedar policies via Blueprint security.cedarPolicies - PreToolUse hook integration with Claude Agent SDK - POLICY_DECISION telemetry events on denied decisions Critical fixes: - log() was silently discarding message text - PolicyEngine changed from fail-open to fail-closed - Hook fallbacks now deny (not silently allow) on invalid inputs CDK changes: - Blueprint cedarPolicies resolved to readonly property - context-hydration: POLICY_EXTRACTORS mapping table, managedWordLists support, formatGuardrailBlocked helper, tightened filter_type union - cedar_policies passthrough in orchestrator and repo-config Tests: 139 Python (6 new test files), 604 CDK (4 files updated) Documentation: 7 docs updated for new module structure and Cedar status
Cedar entity UIDs use Type::"id" format — when the resource ID
contained double quotes (e.g. git commit -m "fix bug"), the parser
failed and returned NoDecision, which fail-closed denied the call.
This blocked virtually all real git/gh commands in production.
Fix: use fixed sentinel resource IDs ("command" for execute_bash,
"file" for write_file) instead of embedding raw command/path text
in the Cedar entity UID. The deny-list policies only match on
context.command and context.file_path, never on the resource ID,
so behavior is identical.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
added 2 commits
April 12, 2026 13:46
…ng, doc notes - Add Cedar deny pattern for bare `git push -f` (no trailing args) - Track UserMessage in message_counts, log string content - Extract _format_tool_result helper to deduplicate ToolResultBlock formatting - Parametrize quote-handling tests - Document sentinel resource ID constraint for custom Cedar policies in policy.py module docstring and SECURITY.md
This was referenced Apr 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…th Cedar policy engine
Fixes #20, #18, #19
Decompose the monolithic agent/entrypoint.py (~2,100 lines) into 13 focused modules under agent/src/, add a Cedar-based policy engine for tool-call governance, and fix 15 review findings across Python and CDK TypeScript code.
Agent decomposition:
Cedar policy engine (agent/src/policy.py + hooks.py):
CDK changes:
Tests: 139 Python (6 new test files), 604 CDK (4 files updated)
Documentation: 7 docs updated for new module structure and Cedar status
Area
cdk— infrastructure, handlers, constructsagent— Python runtime / Docker imagecli—bgagentclientdocs— guides or design sources (docs/guides/,docs/design/)tooling— rootmise.toml, scripts, CI workflowsTip: AGENTS.md lists where to edit and which tests to extend.
Related
Changes
Acknowledgment
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.