Skip to content

Commit 0421bde

Browse files
committed
Update hardening report for CLI redaction gate
1 parent 5183227 commit 0421bde

2 files changed

Lines changed: 15 additions & 6 deletions

File tree

reports/public-selfhost-hardening/final-report.md

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
Date: 2026-06-24
44

5-
Implementation commit hash: `5ebc8985b7112bb770c8d90c53c8f5e667eaea90`
5+
Implementation commit hash: `518322742dc6e5945d54dd8f34a3de3fd9c06ee2`
66

77
Branch: `next-phase`
88

@@ -19,6 +19,8 @@ Branch: `next-phase`
1919
- Wired project run cancellation through Gateway HTTP, Gateway MCP, Relay HTTP, Relay MCP, Connector project proxy, and local daemon-backed cancellation, with Gateway run history/audit events for `cancel_project_run_requested` and terminal `run_cancelled`.
2020
- Added `codencer sync status`, `codencer sync preview`, and `codencer sync publish` as explicit metadata-only sync controls. Raw artifacts/logs are blocked, and confirmed publish ingests only sanitized metadata into Gateway run history with `scope=synced`.
2121
- Redacted local absolute repo/report paths, daemon URLs, token-like text, and unsafe executor summaries from default human CLI project/status/submit/run output while preserving explicit `--json` operator detail.
22+
- Redacted default human `codencer init` and `codencer config show` output so local home/config/project/machine file paths and daemon URLs stay available through explicit JSON/path commands but are not printed by default.
23+
- Extended the artifact-backed public self-host release verifier with a default CLI redaction gate covering `init`, `config show`, `project init`, `project status`, `project scan`, `executor list`, and `sync preview`.
2224
- Added Gateway run-history `scope` metadata and exposed it through the API and Console run list/detail views.
2325
- Added Gateway-observed run/audit `limit`/`offset` pagination, server-side filters, grouped lifecycle summaries, and Console previous/next controls for Runs and Audit.
2426
- Added first-class local `human_interrupts` records and `human_interrupt_created` Gateway audit events for blocker/question/approval/permission/system-action outcomes.
@@ -69,6 +71,7 @@ Branch: `next-phase`
6971
- `reports/gateway-console-screenshots/2026-06-24-1616`
7072
- `reports/gateway-console-screenshots/2026-06-24-1626`
7173
- `reports/gateway-console-screenshots/2026-06-24-1631`
74+
- `reports/gateway-console-screenshots/2026-06-24-1643`
7275

7376
## Commands Run
7477

@@ -87,6 +90,10 @@ Branch: `next-phase`
8790
- `go test ./...` after adding Gateway Console async submit/report polling - passed
8891
- `go test ./internal/connector ./internal/gateway ./internal/relay ./internal/localexec` after adding project-scoped cancel routing - passed
8992
- `go test ./...` after adding project-scoped cancel routing - passed
93+
- `bash -n scripts/verify_public_selfhost_release.sh` after adding default CLI redaction checks - passed
94+
- `go test ./cmd/codencer -run 'TestInitHumanOutputDoesNotLeakLocalPaths|TestConfigProfilesAndSelfHostDefaultsJSON'` - passed
95+
- `make build-codencer && ./scripts/verify_public_selfhost_release.sh` - passed
96+
- `go test ./...` after default init/config redaction - passed
9097
- `cd web/gateway-console && npm run format:check` - passed
9198
- `cd web/gateway-console && npm run lint` - passed
9299
- `cd web/gateway-console && npm run typecheck` - passed
@@ -111,6 +118,8 @@ Branch: `next-phase`
111118
- `CODENCER_E2E_REQUIRED_REAL_EXECUTORS=codex CODENCER_E2E_REAL_EXECUTOR=codex CODENCER_E2E_REAL_EXECUTOR_COMMAND=<configured-codex-binary> make verify-public-selfhost-rc` - passed with scoped `GO` for Codex-only proof
112119
- `make verify-public-release` - passed
113120
- `make verify-public-selfhost-release TARGETS=host REQUIRE_TARGETS=host` - passed after project-scoped cancel routing and console e2e stabilization
121+
- `make verify-public-release` after default CLI redaction checks - passed
122+
- `make verify-public-selfhost-release TARGETS=host REQUIRE_TARGETS=host` after default CLI redaction checks - passed
114123
- `CODENCER_E2E_REAL_EXECUTORS=codex,claude CODENCER_E2E_CODEX_COMMAND=<codex-binary> CODENCER_E2E_CLAUDE_COMMAND=<claude-binary> make verify-public-selfhost-rc` - failed by design with `NO-GO` after Codex and Claude passed and Antigravity was missing
115124
- `cd web/gateway-console && CODENCER_E2E_BIN_DIR=../../bin CODENCER_E2E_EXECUTOR_ADAPTER=antigravity CODENCER_E2E_EXECUTOR_PROFILE=antigravity-default CODENCER_E2E_ANTIGRAVITY_INSTANCE_FILE=<temp-file> node tests/live/verify-live.mjs` - failed correctly; the provided Antigravity LS did not expose the isolated verifier repo workspace
116125
- `git diff --check` - passed
@@ -125,6 +134,6 @@ Branch: `next-phase`
125134
- Raw log/artifact upload remains unsupported by design. `codencer sync publish --confirm` ingests metadata-only run/project summaries into Gateway history; it does not upload local reports, logs, artifacts, daemon URLs, or filesystem paths.
126135
- Run history/audit synced-scope transport now exists for explicit metadata-only `codencer sync publish`; broader incremental sync policy and external source reconciliation remain incomplete.
127136
- Human interrupt lifecycle is still partial: local report/event records and Gateway blocker audit exist, but complete operator answer/resume UI/MCP flows are not fully proven.
128-
- Full cross-surface redaction proof remains incomplete. Default local human CLI output and sync preview are covered, but explicit JSON/debug/path commands still require final policy review against the release gate.
137+
- Full cross-surface redaction proof remains incomplete. Default local human CLI output now covers init, config show, project init/status/scan, executor list, sync preview, submit, and run output in deterministic tests/verifiers, but explicit JSON/debug/path commands still require final policy review against the release gate.
129138

130139
Verdict: NO-GO

reports/public-selfhost-hardening/implementation-audit.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,14 @@ the exact package was not available in the current attachment cache.
3434
| --- | --- | --- |
3535
| Spec files present | Partially implemented | Files now exist, but exact-source fidelity is unclear. |
3636
| Acceptance YAML present | Implemented | `docs/acceptance/public-selfhost-release-gate.yaml` exists. |
37-
| Local-first source of truth | Partially implemented | Local daemon/CLI exists; default project/status/run/submit human output is redacted, while explicit JSON/debug outputs still carry local state for operator tooling. |
37+
| Local-first source of truth | Partially implemented | Local daemon/CLI exists; default init/config/project/status/run/submit human output is redacted, while explicit JSON/debug/path outputs still carry local state for operator tooling. |
3838
| Explicit sync/publish | Partially implemented | `codencer sync status/preview/publish` now provides metadata-only preview; confirmed publish ingests sanitized metadata into Gateway run history. Raw logs/artifacts remain blocked. |
3939
| Local CLI submit UX | Partially implemented | `codencer submit` exists and is local-first; default human output redacts local paths, but progress UX remains narrow. |
4040
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; Gateway/Relay/Connector now route true project-scoped cancel, Gateway MCP exposes async start/submit/list/status/report/events/cancel, and resume remains a structured capability blocker. Gateway Console now submits simple tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
4141
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, Gateway blocker outcomes emit `human_interrupt_created` audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; complete answer/resume UI/MCP lifecycle remains incomplete. |
4242
| Real executor proofs | Partially implemented | Codex has prior artifact-backed proof and latest rerun invoked the real Codex binary with simulation disabled but failed on an external Codex usage-limit error; earlier Claude Code proof exists; Antigravity remains unproven and now fails early when the provided LS workspace does not match the isolated verifier repo. |
4343
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, and grouped lifecycle summaries; synced/local ingest transport remains incomplete. |
44-
| Redaction | Partially implemented | Gateway/sync sanitization exists and default local human CLI output is tested for path/daemon URL redaction; full cross-surface redaction proof is still incomplete. |
44+
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, and run output; full explicit JSON/debug/path surface policy proof is still incomplete. |
4545
| Public/private boundary | Partially implemented | Docs/checks exist; public repo still contains cloud-control-plane packages that need boundary review against the new specs. |
4646
| Public RC verifier | Partially implemented | `make verify-public-selfhost-rc` emits only `GO`/`NO-GO`, requires configured real-proof coverage, and reports `NO-GO` when required proofs are missing; Antigravity remains unproven. |
4747

@@ -66,7 +66,7 @@ the exact package was not available in the current attachment cache.
6666
| Gateway is control plane/index/sync target, not global source of truth | Partially implemented | Gateway records Gateway-observed run history; local sync preview reports `scope=local`; confirmed sync publish creates sanitized `scope=synced` history records. |
6767
| Raw logs/artifacts not uploaded by default | Partially implemented | Gateway sanitizes report JSON; `codencer sync` is metadata-only and blocks raw artifact/log upload. Local reports can still contain local refs on disk. |
6868
| Explicit sync/publish behavior | Partially implemented | `codencer sync status/preview/publish` exists; publish requires `--confirm`, requires login, blocks raw artifact/log requests, and sends only sanitized metadata. |
69-
| Default output does not leak local paths | Partially implemented | Default human output for project/status/submit/run events/run report is redacted and tested; explicit `--json` reports still include local `repo_root`, `daemon_url`, and `report_path` for operator tooling. |
69+
| Default output does not leak local paths | Partially implemented | Default human output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, and run report is redacted and tested; explicit `--json` and path/debug commands still include local `repo_root`, `daemon_url`, and `report_path` for operator tooling. |
7070

7171
### 02 - Execution Lifecycle
7272

@@ -139,7 +139,7 @@ The release remains `NO-GO` until at least these are resolved:
139139
1. Antigravity real executor proof must pass or the final verdict must remain `NO-GO`.
140140
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task submit/report polling, and project-scoped cancel; manifest mode and true resume remain incomplete or structured blockers.
141141
3. Human interrupt lifecycle still needs complete operator answer/resume UI/MCP flows; first-class local interrupt records and Gateway audit now exist for blocker outcomes.
142-
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output and sync preview are now covered.
142+
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, and run output is now covered.
143143
5. Raw log/artifact sync remains unsupported by design; only sanitized metadata-only `codencer sync publish --confirm` is implemented.
144144
6. Broader incremental sync policy and external source reconciliation remain incomplete even though Gateway-observed and explicit synced metadata history now exist.
145145
7. The final hardening report must end with exactly `Verdict: GO` or `Verdict: NO-GO`.

0 commit comments

Comments
 (0)