You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Redacted local absolute repo/report paths, daemon URLs, token-like text, and unsafe executor summaries from default human CLI project/status/submit/run output while preserving explicit `--json` operator detail.
25
25
- Redacted default human `codencer init` and `codencer config show` output so local home/config/project/machine file paths and daemon URLs stay available through explicit JSON/path commands but are not printed by default.
26
26
- Extended the artifact-backed public self-host release verifier with default CLI redaction gates covering `init`, `config show`, `project init`, `project status`, `project scan`, `executor list`, `sync preview`, plus an isolated daemon-backed local run proof for `submit`, `run events`, `run report`, and the structured `run resume` capability blocker.
27
+
- Strengthened the Gateway smoke used by source-tree and unpacked-artifact self-host verification so it runs with an isolated store-backed Gateway, seeds Relay profiles through the public API, and checks Gateway API outputs for relays, projects, machines, connectors, executors, runs, run detail, run events, audit events, and activation commands for local path, daemon URL, token, and unsafe field leaks.
27
28
- Added Gateway run-history `scope` metadata and exposed it through the API and Console run list/detail views.
28
29
- Added Gateway-observed run/audit `limit`/`offset` pagination, server-side filters, grouped lifecycle summaries, and Console previous/next controls for Runs and Audit.
29
30
- Added first-class local `human_interrupts` records and `human_interrupt_created` Gateway audit events for blocker/question/approval/permission/system-action outcomes.
-`bash -n scripts/verify_gateway.sh` after adding store-backed Gateway API redaction sweep - passed
185
+
-`make verify-gateway` after adding store-backed Gateway API redaction sweep - passed
186
+
-`make verify-release-artifact-selfhost VERSION=v0.3.0-selfhost-artifact-verify TARGETS=host REQUIRE_TARGETS=host` after adding store-backed Gateway API redaction sweep - passed
187
+
-`make verify-public-release` after adding store-backed Gateway API redaction sweep - passed
188
+
-`git diff --check` after adding store-backed Gateway API redaction sweep - passed
183
189
-`CODENCER_E2E_REAL_EXECUTORS=codex,claude CODENCER_E2E_CODEX_COMMAND=<codex-binary> CODENCER_E2E_CLAUDE_COMMAND=<claude-binary> make verify-public-selfhost-rc` - failed by design with `NO-GO` after Codex and Claude passed and Antigravity was missing
184
190
-`cd web/gateway-console && CODENCER_E2E_BIN_DIR=../../bin CODENCER_E2E_EXECUTOR_ADAPTER=antigravity CODENCER_E2E_EXECUTOR_PROFILE=antigravity-default CODENCER_E2E_ANTIGRAVITY_INSTANCE_FILE=<temp-file> node tests/live/verify-live.mjs` - failed correctly; the provided Antigravity LS did not expose the isolated verifier repo workspace
185
191
-`git diff --check` - passed
@@ -194,6 +200,6 @@ Branch: `next-phase`
194
200
- Raw log/artifact upload remains unsupported by design. `codencer sync publish --confirm` ingests metadata-only run/project summaries into Gateway history; it does not upload local reports, logs, artifacts, daemon URLs, or filesystem paths.
195
201
- Run history/audit synced-scope transport now exists for explicit metadata-only `codencer sync publish`, including sanitized aggregate and per-run sync audit events; broader incremental sync policy and external source reconciliation remain incomplete.
196
202
- Human interrupt lifecycle is still partial: local report/event records, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, unsupported resume-attempt audit, and a Console run-detail response panel now exist, but true resume remains incomplete.
197
-
-Full explicit JSON/debug/path surface policy proof remains incomplete. Default local human CLI output now covers init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output in deterministic tests/verifiers.
203
+
-Broader explicit JSON/debug/path surface policy proof remains incomplete. Default local human CLI output now covers init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output, and the source/artifact Gateway verifier now covers public Gateway API and MCP leak checks for core list/run/audit/activation surfaces.
Copy file name to clipboardExpand all lines: reports/public-selfhost-hardening/implementation-audit.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,7 +41,7 @@ the exact package was not available in the current attachment cache.
41
41
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, unsupported Gateway MCP resume attempts record requested/blocked audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; true resume remains incomplete. |
42
42
| Real executor proofs | Partially implemented | Codex has prior artifact-backed proof and latest rerun invoked the real Codex binary with simulation disabled but failed on an external Codex usage-limit error; earlier Claude Code proof exists; Antigravity remains unproven and now fails early when the provided LS workspace does not match the isolated verifier repo. |
43
43
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, grouped lifecycle summaries, and explicit synced metadata audit events; broader synced/local ingest transport remains incomplete. |
44
-
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output; full explicit JSON/debug/path surface policy proof is still incomplete. |
44
+
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output. Source-tree and unpacked-artifact Gateway smoke now also sweeps public Gateway API outputs for relays, projects, machines, connectors, executors, runs, run detail/events, audit events, and activation commands. Broader explicit JSON/debug/path surface policy proof is still incomplete. |
45
45
| Public/private boundary | Partially implemented | Docs/checks exist; public repo still contains cloud-control-plane packages that need boundary review against the new specs. |
46
46
| Public RC verifier | Partially implemented |`make verify-public-selfhost-rc` emits only `GO`/`NO-GO`, requires configured real-proof coverage, reports `NO-GO` when required proofs are missing, and public boundary checks reject stale active docs claiming `PARTIAL` verdicts; Antigravity remains unproven. |
47
47
@@ -55,7 +55,7 @@ the exact package was not available in the current attachment cache.
55
55
| Fake/simulation cannot satisfy GO | Implemented for current verifier | Real executor gates reject simulation text/metadata and missing required real proofs force `NO-GO`; Codex and Claude real gates passed with simulation disabled. |
| Codex, Claude Code, and Antigravity real proofs | Partially implemented | Codex passed current artifact-backed scoped proof in `reports/public-selfhost-rc/20260624T120012Z`; Codex and Claude Code passed earlier artifact-backed real gates in `reports/public-selfhost-rc/20260624T105654Z`; Antigravity remains missing. |
58
-
| Missing reports/audit/path leaks fail gate | Partially implemented | Existing Gateway live verifier checks report/audit/leaks and now asserts run/audit pagination plus grouped audit arrays; human interrupt audit is covered for blocker outcomes, but multi-executor proof coverage remains incomplete. |
58
+
| Missing reports/audit/path leaks fail gate | Partially implemented | Existing Gateway live verifier checks report/audit/leaks and now asserts run/audit pagination plus grouped audit arrays; source/artifact Gateway smoke sweeps core public Gateway API outputs for path/token/unsafe-field leaks; human interrupt audit is covered for blocker outcomes, but multi-executor proof coverage remains incomplete. |
59
59
| Machine-readable and human report | Implemented |`reports/public-selfhost-rc/<timestamp>/summary.json` and `.md` are produced by the RC script. |
60
60
61
61
### 01 - Local-first Source of Truth
@@ -66,7 +66,7 @@ the exact package was not available in the current attachment cache.
66
66
| Gateway is control plane/index/sync target, not global source of truth | Partially implemented | Gateway records Gateway-observed run history; local sync preview reports `scope=local`; confirmed sync publish creates sanitized `scope=synced` history records. |
67
67
| Raw logs/artifacts not uploaded by default | Partially implemented | Gateway sanitizes report JSON; `codencer sync` is metadata-only and blocks raw artifact/log upload. Local reports can still contain local refs on disk. |
68
68
| Explicit sync/publish behavior | Partially implemented |`codencer sync status/preview/publish` exists; publish requires `--confirm`, requires login, blocks raw artifact/log requests, sends only sanitized metadata, and Gateway records sanitized `sync.publish`/`sync.run_published` audit events. |
69
-
| Default output does not leak local paths | Partially implemented | Default human output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output is redacted and tested; explicit`--json` and path/debug commands still include local `repo_root`, `daemon_url`, and `report_path` for operator tooling. |
69
+
| Default output does not leak local paths | Partially implemented | Default human output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output is redacted and tested; source/artifact Gateway API outputs are now checked for local path, daemon URL, token, and unsafe field leaks. Explicit`--json` and path/debug commands still include local `repo_root`, `daemon_url`, and `report_path` for operator tooling. |
70
70
71
71
### 02 - Execution Lifecycle
72
72
@@ -139,7 +139,7 @@ The release remains `NO-GO` until at least these are resolved:
139
139
1. Antigravity real executor proof must pass or the final verdict must remain `NO-GO`.
140
140
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task submit/report polling, and project-scoped cancel; manifest mode and true resume remain incomplete or structured blockers.
141
141
3. Human interrupt lifecycle still needs true resume support; first-class local interrupt records plus Gateway HTTP/MCP/Console response audit and unsupported resume requested/blocked audit now exist for blocker outcomes.
142
-
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output is now covered.
142
+
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, run resume blocker output, and core source/artifact Gateway API outputs are now covered.
143
143
5. Raw log/artifact sync remains unsupported by design; only sanitized metadata-only `codencer sync publish --confirm` is implemented.
144
144
6. Broader incremental sync policy and external source reconciliation remain incomplete even though Gateway-observed and explicit synced metadata history/audit now exist.
145
145
7. The final hardening report must end with exactly `Verdict: GO` or `Verdict: NO-GO`.
0 commit comments