Skip to content

Commit 4d4654b

Browse files
committed
Update hardening reports for local resume proof
1 parent 31eb726 commit 4d4654b

2 files changed

Lines changed: 19 additions & 12 deletions

File tree

reports/public-selfhost-hardening/final-report.md

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
Date: 2026-06-24
44

5-
Implementation commit hash: `a206a2bde44de87ae50a2886ae5fe0bf111abfeb`
5+
Implementation commit hash: `31eb72629d266b8b8827d1a998b482e43a84819a`
66

77
Branch: `next-phase`
88

@@ -15,6 +15,7 @@ Branch: `next-phase`
1515
- Confirmed the real Codex path invokes the configured Codex binary with `ALL_ADAPTERS_SIMULATION_MODE=0` and `CODEX_SIMULATION_MODE=0`.
1616
- Hardened simulation result handling so the shared simulation runner writes `is_simulation=true`, and Codex/Claude normalizers preserve or infer simulation status from deterministic simulation artifacts instead of relabeling them as real when normalization runs with simulation env disabled.
1717
- Added `codencer run events`, `codencer run report`, `codencer run cancel`, and structured `codencer run resume` blocker behavior.
18+
- Exposed daemon-backed local `codencer run resume` for states already supported by `RecoveryService.ResumeRun` (`created` and `paused_for_gate`), with explicit `run_resumed` CLI events and structured `run_resume_blocked` output when the selected run is not resumable.
1819
- Added Gateway MCP async lifecycle tools: `codencer.start_project_run`, `codencer.submit_project_task`, `codencer.list_project_runs`, `codencer.get_project_run`, `codencer.get_project_run_status`, `codencer.get_gateway_run_events`, true project-scoped `codencer.cancel_project_run`, and a structured `codencer.resume_project_run` capability blocker.
1920
- Preserved `codencer.submit_project_task_and_wait` as a compatibility tool while adding non-blocking submit/start paths for planners that should not hold one long HTTP/MCP request open.
2021
- Updated Gateway Console simple-task submit to send `wait=false`, poll the run report until terminal status, display `pending` while waiting, and emit the terminal audit event once when report refresh observes completion.
@@ -186,6 +187,12 @@ Branch: `next-phase`
186187
- `make verify-release-artifact-selfhost VERSION=v0.3.0-selfhost-artifact-verify TARGETS=host REQUIRE_TARGETS=host` after adding store-backed Gateway API redaction sweep - passed
187188
- `make verify-public-release` after adding store-backed Gateway API redaction sweep - passed
188189
- `git diff --check` after adding store-backed Gateway API redaction sweep - passed
190+
- `go test ./internal/localexec ./internal/app ./internal/service ./cmd/codencer` after exposing local run resume - passed
191+
- `make build-codencer && ./scripts/verify_public_selfhost_release.sh` after exposing local run resume - passed
192+
- `go test ./...` after exposing local run resume - passed
193+
- `make verify-gateway` after exposing local run resume - passed
194+
- `make verify-public-release` after exposing local run resume - passed
195+
- `git diff --check` after exposing local run resume - passed
189196
- `CODENCER_E2E_REAL_EXECUTORS=codex,claude CODENCER_E2E_CODEX_COMMAND=<codex-binary> CODENCER_E2E_CLAUDE_COMMAND=<claude-binary> make verify-public-selfhost-rc` - failed by design with `NO-GO` after Codex and Claude passed and Antigravity was missing
190197
- `cd web/gateway-console && CODENCER_E2E_BIN_DIR=../../bin CODENCER_E2E_EXECUTOR_ADAPTER=antigravity CODENCER_E2E_EXECUTOR_PROFILE=antigravity-default CODENCER_E2E_ANTIGRAVITY_INSTANCE_FILE=<temp-file> node tests/live/verify-live.mjs` - failed correctly; the provided Antigravity LS did not expose the isolated verifier repo workspace
191198
- `git diff --check` - passed
@@ -195,11 +202,11 @@ Branch: `next-phase`
195202
- Antigravity real executor proof is not proven in the public self-host RC gate.
196203
- Latest Codex real executor RC subgate passed with the configured Codex binary and simulation disabled, but the overall default public RC gate remains `NO-GO` because Claude Code and Antigravity proofs were missing from that run.
197204
- Current local Antigravity app processes expose reachable RPC endpoints, but the available candidates do not expose the isolated verifier repo workspace through `GetWorkspaceInfos`, so the verifier refuses to bind them for public release proof.
198-
- `codencer run resume` and Gateway MCP `codencer.resume_project_run` are exposed as structured blockers because the daemon/Relay path does not yet expose a true resume route. Gateway MCP unsupported resume attempts now record sanitized `resume_project_run_requested` and `resume_project_run_blocked` audit events for run-history correlation.
205+
- Local `codencer run resume` now routes through the daemon and succeeds for `created` or `paused_for_gate` runs supported by `RecoveryService.ResumeRun`; completed/non-resumable local runs still return a structured `run_resume_blocked` capability blocker. Gateway/Relay project-level `codencer.resume_project_run` remains a structured blocker and records sanitized `resume_project_run_requested` and `resume_project_run_blocked` audit events for run-history correlation.
199206
- Project-scoped cancel now routes through Gateway, Relay, Connector, and local daemon cancellation; whether the underlying executor stops immediately remains bounded by daemon/executor cancellation semantics.
200207
- Raw log/artifact upload remains unsupported by design. `codencer sync publish --confirm` ingests metadata-only run/project summaries into Gateway history; it does not upload local reports, logs, artifacts, daemon URLs, or filesystem paths.
201208
- Run history/audit synced-scope transport now exists for explicit metadata-only `codencer sync publish`, including sanitized aggregate and per-run sync audit events; broader incremental sync policy and external source reconciliation remain incomplete.
202-
- Human interrupt lifecycle is still partial: local report/event records, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, unsupported resume-attempt audit, and a Console run-detail response panel now exist, but true resume remains incomplete.
209+
- Human interrupt lifecycle is still partial: local report/event records, local daemon-backed resume for resumable states, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, unsupported Gateway resume-attempt audit, and a Console run-detail response panel now exist, but automatic continuation after human response and Gateway/Relay project resume remain incomplete.
203210
- Broader explicit JSON/debug/path surface policy proof remains incomplete. Default local human CLI output now covers init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output, and the source/artifact Gateway verifier now covers public Gateway API and MCP leak checks for core list/run/audit/activation surfaces.
204211

205212
Verdict: NO-GO

reports/public-selfhost-hardening/implementation-audit.md

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ the exact package was not available in the current attachment cache.
3737
| Local-first source of truth | Partially implemented | Local daemon/CLI exists; default init/config/project/status/run/submit human output is redacted, while explicit JSON/debug/path outputs still carry local state for operator tooling. |
3838
| Explicit sync/publish | Partially implemented | `codencer sync status/preview/publish` now provides metadata-only preview; confirmed publish ingests sanitized metadata into Gateway run history and records aggregate/per-run sync audit events. Raw logs/artifacts remain blocked. |
3939
| Local CLI submit UX | Partially implemented | `codencer submit` exists and is local-first; default human output redacts local paths, but progress UX remains narrow. |
40-
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; Gateway/Relay/Connector now route true project-scoped cancel, Gateway MCP exposes async start/submit/list/status/report/events/cancel, and resume remains a structured capability blocker with requested/blocked audit events. Gateway Console now submits simple tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
41-
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, unsupported Gateway MCP resume attempts record requested/blocked audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; true resume remains incomplete. |
40+
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; local resume now routes through daemon `RecoveryService.ResumeRun` for `created` and `paused_for_gate` runs and returns structured blockers for non-resumable states. Gateway/Relay/Connector now route true project-scoped cancel, Gateway MCP exposes async start/submit/list/status/report/events/cancel, and Gateway project resume remains a structured capability blocker with requested/blocked audit events. Gateway Console now submits simple tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
41+
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, local daemon-backed resume exists for resumable states, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, unsupported Gateway MCP resume attempts record requested/blocked audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; automatic continuation after human response remains incomplete. |
4242
| Real executor proofs | Partially implemented | Codex has prior artifact-backed proof and latest rerun invoked the real Codex binary with simulation disabled but failed on an external Codex usage-limit error; earlier Claude Code proof exists; Antigravity remains unproven and now fails early when the provided LS workspace does not match the isolated verifier repo. |
4343
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, grouped lifecycle summaries, and explicit synced metadata audit events; broader synced/local ingest transport remains incomplete. |
4444
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output. Source-tree and unpacked-artifact Gateway smoke now also sweeps public Gateway API outputs for relays, projects, machines, connectors, executors, runs, run detail/events, audit events, and activation commands. Broader explicit JSON/debug/path surface policy proof is still incomplete. |
@@ -72,20 +72,20 @@ the exact package was not available in the current attachment cache.
7272

7373
| Requirement | Status | Evidence |
7474
| --- | --- | --- |
75-
| Submit/status/events/report/cancel/resume lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists. Gateway MCP now exposes `codencer.start_project_run`, `codencer.submit_project_task`, `codencer.list_project_runs`, `codencer.get_project_run_status`, `codencer.get_run_report`, `codencer.get_gateway_run_events`, and project-scoped `codencer.cancel_project_run`; `resume_project_run` remains a structured capability blocker and records `resume_project_run_requested` plus `resume_project_run_blocked` audit events. |
75+
| Submit/status/events/report/cancel/resume lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists, and local resume succeeds for daemon-resumable `created` and `paused_for_gate` states while returning structured blockers for non-resumable states. Gateway MCP now exposes `codencer.start_project_run`, `codencer.submit_project_task`, `codencer.list_project_runs`, `codencer.get_project_run_status`, `codencer.get_run_report`, `codencer.get_gateway_run_events`, and project-scoped `codencer.cancel_project_run`; `resume_project_run` remains a structured capability blocker and records `resume_project_run_requested` plus `resume_project_run_blocked` audit events. |
7676
| Long-running tasks not dependent on one blocking request | Partially implemented | Local submit can run without `--wait`, Relay MCP has async project tools, Gateway MCP has a non-blocking async lifecycle, and Gateway Console simple-task submit now returns after submission and polls reports until terminal evidence is available. Manifest mode remains a blocking advanced path. |
7777
| `get_run_report` for simple and manifest runs | Implemented for covered Gateway paths | Gateway tests cover submit/get report and manifest report paths. |
78-
| Run state transitions include waiting/canceled/resumed | Partially implemented | Domain has states/gates in daemon tests; Gateway MCP preserves non-terminal `submitted/running` states, forwards project-scoped cancel, records `run_cancelled`, and still exposes structured resume blockers where true resume support is absent. |
78+
| Run state transitions include waiting/canceled/resumed | Partially implemented | Domain has states/gates in daemon tests; local daemon/CLI resume records `run_resumed` for daemon-resumable states and `run_resume_blocked` for non-resumable states. Gateway MCP preserves non-terminal `submitted/running` states, forwards project-scoped cancel, records `run_cancelled`, and still exposes structured resume blockers where Gateway project resume support is absent. |
7979

8080
### 03 - Human Interrupts and Permissions
8181

8282
| Requirement | Status | Evidence |
8383
| --- | --- | --- |
8484
| Planning approval required | Partially implemented | Local blockers map manual approvals to `planning_approval_required` interrupt records; no complete UI/MCP approval lifecycle. |
85-
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer, while true resume remains incomplete. |
85+
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer, while automatic continuation after the answer remains incomplete. |
8686
| Permission requests | Partially implemented | Dangerous executor confirmation exists in Gateway Console, unsafe-action blockers map to `permission_request_required`, and Antigravity unsupported/out-of-workspace permission waits now become manual-attention results instead of timeouts; no generalized permission-request lifecycle. |
8787
| OS/system human action required | Partially implemented | Daemon-not-running blockers map to `os_system_human_action_required` records; no full OS-action resolver flow. |
88-
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, and unsupported Gateway MCP resume requested/blocked events; project-scoped cancel is forwarded and audited; resume still returns a structured unsupported/capability blocker. |
88+
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`, `run_resumed`, and `run_resume_blocked`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, and unsupported Gateway MCP resume requested/blocked events; project-scoped cancel is forwarded and audited; Gateway project resume still returns a structured unsupported/capability blocker. |
8989

9090
### 04 - CLI Commands and Control Plane
9191

@@ -96,7 +96,7 @@ the exact package was not available in the current attachment cache.
9696
| `codencer run events` | Implemented | `run events` returns local run timeline/events for known run plan records. |
9797
| `codencer run report` | Implemented | `run report` returns the local run report without relying on a Gateway call. |
9898
| `codencer run cancel` | Partially implemented | `run cancel` is exposed locally, and project-scoped Gateway/Relay/Connector cancel now reaches daemon-backed cancellation; executor-specific cancellation behavior still depends on the active executor/daemon state. |
99-
| `codencer run resume` | Partially implemented | `run resume` is exposed as a structured unsupported blocker until daemon HTTP resume exists; Gateway MCP resume attempts now also emit sanitized requested/blocked audit events for run-history correlation. |
99+
| `codencer run resume` | Partially implemented | `run resume` now calls daemon HTTP resume and succeeds for `created` or `paused_for_gate` runs supported by `RecoveryService.ResumeRun`; non-resumable runs return a structured blocker with `run_resume_blocked`, and Gateway MCP resume attempts emit sanitized requested/blocked audit events for run-history correlation. |
100100
| `codencer executor list/scan/test/default` | Implemented | Implemented in `cmd/codencer/main.go`. |
101101
| `codencer sync` or publish equivalent | Partially implemented | `codencer sync status/preview/publish` exists with metadata-only preview and no raw upload. |
102102
| Public defaults are local/self-host | Partially implemented | Config/default docs and scripts exist; needs re-check against new specs. |
@@ -137,8 +137,8 @@ the exact package was not available in the current attachment cache.
137137
The release remains `NO-GO` until at least these are resolved:
138138

139139
1. Antigravity real executor proof must pass or the final verdict must remain `NO-GO`.
140-
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task submit/report polling, and project-scoped cancel; manifest mode and true resume remain incomplete or structured blockers.
141-
3. Human interrupt lifecycle still needs true resume support; first-class local interrupt records plus Gateway HTTP/MCP/Console response audit and unsupported resume requested/blocked audit now exist for blocker outcomes.
140+
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task submit/report polling, project-scoped cancel, and local daemon-backed resume for resumable states; manifest mode and Gateway/Relay project resume remain incomplete or structured blockers.
141+
3. Human interrupt lifecycle still needs automatic continuation after human response and Gateway/Relay project resume; first-class local interrupt records plus local resume, Gateway HTTP/MCP/Console response audit, and unsupported Gateway resume requested/blocked audit now exist for blocker outcomes.
142142
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, run resume blocker output, and core source/artifact Gateway API outputs are now covered.
143143
5. Raw log/artifact sync remains unsupported by design; only sanitized metadata-only `codencer sync publish --confirm` is implemented.
144144
6. Broader incremental sync policy and external source reconciliation remain incomplete even though Gateway-observed and explicit synced metadata history/audit now exist.

0 commit comments

Comments
 (0)