Skip to content

Commit 683489c

Browse files
committed
Update hardening reports for cancel follow up
1 parent 39520cc commit 683489c

2 files changed

Lines changed: 24 additions & 6 deletions

File tree

reports/public-selfhost-hardening/final-report.md

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
Date: 2026-06-24
44

5-
Implementation commit hash: `5792a13cb5af2129917d876cd28a16d119f1b3f6`
5+
Implementation commit hash: `39520cc3aa140db65cbd79e92cc1daf982793645`
66

77
Branch: `next-phase`
88

@@ -34,6 +34,7 @@ Branch: `next-phase`
3434
- Added first-class local `human_interrupts` records and `human_interrupt_created` Gateway audit events for blocker/question/approval/permission/system-action outcomes.
3535
- Added Gateway HTTP and MCP operator-response recording for Gateway-observed human interrupts, with sanitized `human_interrupt_responded` audit metadata and explicit next actions that keep automatic continuation separated from resume routing.
3636
- Added explicit `follow_up=resume` behavior for Gateway-observed human interrupt responses. The response is recorded first, then Gateway uses the stored safe route metadata to attempt `resume_project_run`, returning either a resumed run payload or a structured blocker while auditing `resume_project_run_requested`, `run_resumed`, or `resume_project_run_blocked`.
37+
- Added explicit `follow_up=cancel` behavior for Gateway-observed human interrupt responses. The response is recorded first, then Gateway uses the stored safe route metadata to attempt `cancel_project_run`, returning either a cancelled run payload or a structured blocker while auditing `cancel_project_run_requested`, `run_cancelled`, or `cancel_project_run_blocked`.
3738
- Wired project run resume through Gateway HTTP, Gateway MCP, Relay HTTP, Relay MCP, Connector project proxy, and local daemon-backed resume. Successful daemon-resumable states produce `run_resumed`; completed or otherwise non-resumable runs still return structured `run_resume_blocked` / `resume_project_run_blocked` blockers with sanitized audit metadata.
3839
- Updated Gateway Console manifest/run-plan submissions to use the async `wait=false` path, so both simple task mode and advanced manifest mode return after submission and rely on report polling for terminal evidence.
3940
- Added Gateway API regression coverage proving manifest-mode project run creation forwards `wait=false`, returns a submitted run, preserves `run_history_id`, and later resolves the terminal report through the report endpoint.
@@ -105,6 +106,8 @@ Branch: `next-phase`
105106
- `reports/gateway-console-screenshots/2026-06-24-1909`
106107
- `reports/gateway-console-screenshots/2026-06-24-1912`
107108
- `reports/gateway-console-screenshots/2026-06-24-1923`
109+
- `reports/gateway-console-screenshots/2026-06-24-1938`
110+
- `reports/gateway-console-screenshots/2026-06-24-1942`
108111

109112
## Commands Run
110113

@@ -267,6 +270,21 @@ Branch: `next-phase`
267270
- `go test ./...` after adding local submit progress output - passed
268271
- `make verify-public-release` after adding local submit progress output - passed
269272
- `make verify-public-selfhost-release TARGETS=host REQUIRE_TARGETS=host` after adding local submit progress output - passed; visual evidence `reports/gateway-console-screenshots/2026-06-24-1923`
273+
- `gofmt -w internal/gateway/api.go internal/gateway/tools.go internal/gateway/gateway_test.go` after adding explicit human-interrupt follow-up cancel - passed
274+
- `cd web/gateway-console && npx prettier --write api/run-history.ts features/console/run-detail-screen.tsx` after adding explicit human-interrupt follow-up cancel - passed
275+
- `go test ./internal/gateway` after adding explicit human-interrupt follow-up cancel - passed
276+
- `cd web/gateway-console && npm run format:check` after adding explicit human-interrupt follow-up cancel - passed
277+
- `cd web/gateway-console && npm run lint` after adding explicit human-interrupt follow-up cancel - passed
278+
- `cd web/gateway-console && npm run typecheck` after adding explicit human-interrupt follow-up cancel - passed
279+
- `cd web/gateway-console && npm run test` after adding explicit human-interrupt follow-up cancel - passed
280+
- `cd web/gateway-console && npm run test:e2e` after adding explicit human-interrupt follow-up cancel - passed
281+
- `cd web/gateway-console && npm run build` after adding explicit human-interrupt follow-up cancel - failed once when run concurrently with `npm run test:e2e` because both commands shared `.next`; passed when rerun sequentially
282+
- `go test ./...` after adding explicit human-interrupt follow-up cancel - passed
283+
- `make verify-gateway` after adding explicit human-interrupt follow-up cancel - passed
284+
- `make verify-gateway-console` after adding explicit human-interrupt follow-up cancel - passed; visual evidence `reports/gateway-console-screenshots/2026-06-24-1938`
285+
- `make verify-gateway-console-live` after adding explicit human-interrupt follow-up cancel - passed
286+
- `make verify-public-release` after adding explicit human-interrupt follow-up cancel - passed
287+
- `make verify-public-selfhost-release TARGETS=host REQUIRE_TARGETS=host` after adding explicit human-interrupt follow-up cancel - passed; visual evidence `reports/gateway-console-screenshots/2026-06-24-1942`
270288
- `git diff --check` - passed
271289

272290
## Remaining Blockers
@@ -279,7 +297,7 @@ Branch: `next-phase`
279297
- Project-scoped cancel now routes through Gateway, Relay, Connector, and local daemon cancellation; whether the underlying executor stops immediately remains bounded by daemon/executor cancellation semantics.
280298
- Raw log/artifact upload remains unsupported by design. `codencer sync publish --confirm` ingests metadata-only run/project summaries into Gateway history; it does not upload local reports, logs, artifacts, daemon URLs, or filesystem paths.
281299
- Run history/audit synced-scope transport now exists for explicit metadata-only `codencer sync publish`, including sanitized aggregate and per-run sync audit events; broader incremental sync policy and external source reconciliation remain incomplete.
282-
- Human interrupt lifecycle is still partial: local report/event records, local and project-level daemon-backed resume for resumable states, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, explicit `follow_up=resume` handling, resume-attempt audit, and a Console run-detail response panel now exist. Broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete.
300+
- Human interrupt lifecycle is still partial: local report/event records, local and project-level daemon-backed resume for resumable states, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, explicit `follow_up=resume/cancel` handling, resume/cancel-attempt audit, and a Console run-detail response panel now exist. Broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete.
283301
- Broader explicit JSON/debug/path surface policy proof remains incomplete. Default local human CLI output now covers init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, and run resume blocker output, and the source/artifact Gateway verifier now covers public Gateway API and MCP leak checks for core list/run/audit/activation surfaces.
284302

285303
Verdict: NO-GO

reports/public-selfhost-hardening/implementation-audit.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ the exact package was not available in the current attachment cache.
3838
| Explicit sync/publish | Partially implemented | `codencer sync status/preview/publish` now provides metadata-only preview; confirmed publish ingests sanitized metadata into Gateway run history and records aggregate/per-run sync audit events. Raw logs/artifacts remain blocked. |
3939
| Local CLI submit UX | Partially implemented | `codencer submit` exists and is local-first; default human output redacts local paths and now shows local lifecycle progress for run id, submitted step/profile, task status, terminal result, report-store availability, and non-terminal `codencer run report <run_id>` follow-up. Broader interactive/progress streaming remains narrow. |
4040
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; local resume now routes through daemon `RecoveryService.ResumeRun` for `created` and `paused_for_gate` runs and returns structured blockers for non-resumable or missing-run states. Gateway/Relay/Connector now route true project-scoped cancel and project-scoped resume, Gateway MCP exposes async start/submit/list/status/report/events/cancel/resume, successful resumable project resumes produce `run_resumed`, and non-resumable project resumes produce structured requested/blocked audit events. Gateway Console now submits simple tasks and advanced manifest/run-plan tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
41-
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, local and project-level daemon-backed resume exist for resumable states, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, explicit `follow_up=resume` attempts resume through stored safe route metadata and audit the requested/resumed/blocked outcome, non-resumable resume attempts record requested/blocked audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete. |
41+
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, local and project-level daemon-backed resume exist for resumable states, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, explicit `follow_up=resume/cancel` uses stored safe route metadata to attempt resume/cancel and audit the requested/resumed/cancelled/blocked outcome, non-resumable resume attempts record requested/blocked audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete. |
4242
| Real executor proofs | Partially implemented | Codex has prior artifact-backed proof and latest rerun invoked the real Codex binary with simulation disabled but failed on an external Codex usage-limit error; earlier Claude Code proof exists; Antigravity remains unproven and now fails early when the provided LS workspace does not match the isolated verifier repo. |
4343
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, grouped lifecycle summaries, and explicit synced metadata audit events; broader synced/local ingest transport remains incomplete. |
4444
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, and run resume blocker output. Source-tree and unpacked-artifact Gateway smoke now also sweeps public Gateway API outputs for relays, projects, machines, connectors, executors, runs, run detail/events, audit events, and activation commands. Broader explicit JSON/debug/path surface policy proof is still incomplete. |
@@ -82,10 +82,10 @@ the exact package was not available in the current attachment cache.
8282
| Requirement | Status | Evidence |
8383
| --- | --- | --- |
8484
| Planning approval required | Partially implemented | Local blockers map manual approvals to `planning_approval_required` interrupt records; no complete UI/MCP approval lifecycle. |
85-
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer and an explicit `follow_up=resume` can attempt project resume through the stored route, while broader planner/executor continuation after arbitrary answers remains incomplete. |
85+
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer and an explicit `follow_up=resume/cancel` can attempt project resume/cancel through the stored route, while broader planner/executor continuation after arbitrary answers remains incomplete. |
8686
| Permission requests | Partially implemented | Dangerous executor confirmation exists in Gateway Console, unsafe-action blockers map to `permission_request_required`, and Antigravity unsupported/out-of-workspace permission waits now become manual-attention results instead of timeouts; no generalized permission-request lifecycle. |
8787
| OS/system human action required | Partially implemented | Daemon-not-running blockers map to `os_system_human_action_required` records; no full OS-action resolver flow. |
88-
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`, `run_resumed`, and `run_resume_blocked`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, explicit follow-up resume attempts, project resume requested/blocked events for non-resumable states, and `run_resumed` when downstream project resume succeeds; project-scoped cancel and resume are forwarded and audited. |
88+
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`, `run_resumed`, and `run_resume_blocked`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, explicit follow-up resume/cancel attempts, project resume requested/blocked events for non-resumable states, and `run_resumed` or `run_cancelled` when downstream project resume/cancel succeeds; project-scoped cancel and resume are forwarded and audited. |
8989

9090
### 04 - CLI Commands and Control Plane
9191

@@ -138,7 +138,7 @@ The release remains `NO-GO` until at least these are resolved:
138138

139139
1. Antigravity real executor proof must pass or the final verdict must remain `NO-GO`.
140140
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task and advanced manifest/run-plan submit/report polling, project-scoped cancel, and local/project-level daemon-backed resume for resumable states; non-resumable project resume still returns structured blockers.
141-
3. Human interrupt lifecycle still needs broader planner/executor continuation after arbitrary answer/approval/permission responses; first-class local interrupt records plus local and project-level resume, explicit Gateway `follow_up=resume`, Gateway HTTP/MCP/Console response audit, and non-resumable resume requested/blocked audit now exist for blocker outcomes.
141+
3. Human interrupt lifecycle still needs broader planner/executor continuation after arbitrary answer/approval/permission responses; first-class local interrupt records plus local and project-level resume/cancel, explicit Gateway `follow_up=resume/cancel`, Gateway HTTP/MCP/Console response audit, and non-resumable resume requested/blocked audit now exist for blocker outcomes.
142142
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, run resume blocker output, and core source/artifact Gateway API outputs are now covered.
143143
5. Raw log/artifact sync remains unsupported by design; only sanitized metadata-only `codencer sync publish --confirm` is implemented.
144144
6. Broader incremental sync policy and external source reconciliation remain incomplete even though Gateway-observed and explicit synced metadata history/audit now exist.

0 commit comments

Comments
 (0)