Skip to content

Commit 6df71a1

Browse files
committed
Update hardening reports for resume audit proof
1 parent 9c2b348 commit 6df71a1

2 files changed

Lines changed: 16 additions & 10 deletions

File tree

reports/public-selfhost-hardening/final-report.md

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
Date: 2026-06-24
44

5-
Implementation commit hash: `3eefe92a55e8915ef903b11546c8b037ef054c2a`
5+
Implementation commit hash: `9c2b34836c2d6cbe38e91e039d31661274848fc6`
66

77
Branch: `next-phase`
88

@@ -28,6 +28,7 @@ Branch: `next-phase`
2828
- Added Gateway-observed run/audit `limit`/`offset` pagination, server-side filters, grouped lifecycle summaries, and Console previous/next controls for Runs and Audit.
2929
- Added first-class local `human_interrupts` records and `human_interrupt_created` Gateway audit events for blocker/question/approval/permission/system-action outcomes.
3030
- Added Gateway HTTP and MCP operator-response recording for Gateway-observed human interrupts, with sanitized `human_interrupt_responded` audit metadata and explicit next actions that keep true resume marked unsupported.
31+
- Added Gateway MCP audit evidence for unsupported resume attempts: `codencer.resume_project_run` now records sanitized `resume_project_run_requested` and `resume_project_run_blocked` events with run/project/relay correlation metadata while returning the structured capability blocker.
3132
- Added a Gateway Console run-detail human interrupt response panel that appears for blocked/waiting runs, records sanitized operator responses through the Gateway API, refreshes run/audit data, and keeps resume framed as a separate capability check rather than automatic restart.
3233
- Added Antigravity executor profiles so executor discovery exposes Antigravity as a real profile family.
3334
- Added isolated Antigravity proof plumbing: `CODENCER_ANTIGRAVITY_DAEMON_DIR` discovery override, preservation of explicit verifier workspace roots, and live-verifier support for `CODENCER_E2E_ANTIGRAVITY_INSTANCE_JSON`, `CODENCER_E2E_ANTIGRAVITY_INSTANCE_FILE`, and `CODENCER_E2E_ANTIGRAVITY_DAEMON_DIR`.
@@ -174,6 +175,11 @@ Branch: `next-phase`
174175
- `go test ./internal/gateway` after asserting sync publish audit records - passed
175176
- `make verify-gateway` after asserting sync publish audit records - passed
176177
- `make verify-public-release` after asserting sync publish audit records - passed
178+
- `go test ./internal/gateway` after adding unsupported resume blocker audit evidence - passed
179+
- `go test ./...` after adding unsupported resume blocker audit evidence - passed
180+
- `make verify-gateway` after adding unsupported resume blocker audit evidence - passed
181+
- `python3 scripts/check_public_boundary.py` after adding unsupported resume blocker audit evidence - passed
182+
- `make verify-public-release` after adding unsupported resume blocker audit evidence - passed
177183
- `CODENCER_E2E_REAL_EXECUTORS=codex,claude CODENCER_E2E_CODEX_COMMAND=<codex-binary> CODENCER_E2E_CLAUDE_COMMAND=<claude-binary> make verify-public-selfhost-rc` - failed by design with `NO-GO` after Codex and Claude passed and Antigravity was missing
178184
- `cd web/gateway-console && CODENCER_E2E_BIN_DIR=../../bin CODENCER_E2E_EXECUTOR_ADAPTER=antigravity CODENCER_E2E_EXECUTOR_PROFILE=antigravity-default CODENCER_E2E_ANTIGRAVITY_INSTANCE_FILE=<temp-file> node tests/live/verify-live.mjs` - failed correctly; the provided Antigravity LS did not expose the isolated verifier repo workspace
179185
- `git diff --check` - passed
@@ -183,11 +189,11 @@ Branch: `next-phase`
183189
- Antigravity real executor proof is not proven in the public self-host RC gate.
184190
- Latest Codex real executor RC subgate passed with the configured Codex binary and simulation disabled, but the overall default public RC gate remains `NO-GO` because Claude Code and Antigravity proofs were missing from that run.
185191
- Current local Antigravity app processes expose reachable RPC endpoints, but the available candidates do not expose the isolated verifier repo workspace through `GetWorkspaceInfos`, so the verifier refuses to bind them for public release proof.
186-
- `codencer run resume` and Gateway MCP `codencer.resume_project_run` are exposed as structured blockers because the daemon/Relay path does not yet expose a true resume route.
192+
- `codencer run resume` and Gateway MCP `codencer.resume_project_run` are exposed as structured blockers because the daemon/Relay path does not yet expose a true resume route. Gateway MCP unsupported resume attempts now record sanitized `resume_project_run_requested` and `resume_project_run_blocked` audit events for run-history correlation.
187193
- Project-scoped cancel now routes through Gateway, Relay, Connector, and local daemon cancellation; whether the underlying executor stops immediately remains bounded by daemon/executor cancellation semantics.
188194
- Raw log/artifact upload remains unsupported by design. `codencer sync publish --confirm` ingests metadata-only run/project summaries into Gateway history; it does not upload local reports, logs, artifacts, daemon URLs, or filesystem paths.
189195
- Run history/audit synced-scope transport now exists for explicit metadata-only `codencer sync publish`, including sanitized aggregate and per-run sync audit events; broader incremental sync policy and external source reconciliation remain incomplete.
190-
- Human interrupt lifecycle is still partial: local report/event records, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, and a Console run-detail response panel now exist, but true resume remains incomplete.
196+
- Human interrupt lifecycle is still partial: local report/event records, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, unsupported resume-attempt audit, and a Console run-detail response panel now exist, but true resume remains incomplete.
191197
- Full explicit JSON/debug/path surface policy proof remains incomplete. Default local human CLI output now covers init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output in deterministic tests/verifiers.
192198

193199
Verdict: NO-GO

reports/public-selfhost-hardening/implementation-audit.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ the exact package was not available in the current attachment cache.
3737
| Local-first source of truth | Partially implemented | Local daemon/CLI exists; default init/config/project/status/run/submit human output is redacted, while explicit JSON/debug/path outputs still carry local state for operator tooling. |
3838
| Explicit sync/publish | Partially implemented | `codencer sync status/preview/publish` now provides metadata-only preview; confirmed publish ingests sanitized metadata into Gateway run history and records aggregate/per-run sync audit events. Raw logs/artifacts remain blocked. |
3939
| Local CLI submit UX | Partially implemented | `codencer submit` exists and is local-first; default human output redacts local paths, but progress UX remains narrow. |
40-
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; Gateway/Relay/Connector now route true project-scoped cancel, Gateway MCP exposes async start/submit/list/status/report/events/cancel, and resume remains a structured capability blocker. Gateway Console now submits simple tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
41-
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, and Antigravity unsafe permission waits now fail fast as manual-attention results; true resume remains incomplete. |
40+
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; Gateway/Relay/Connector now route true project-scoped cancel, Gateway MCP exposes async start/submit/list/status/report/events/cancel, and resume remains a structured capability blocker with requested/blocked audit events. Gateway Console now submits simple tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
41+
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, unsupported Gateway MCP resume attempts record requested/blocked audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; true resume remains incomplete. |
4242
| Real executor proofs | Partially implemented | Codex has prior artifact-backed proof and latest rerun invoked the real Codex binary with simulation disabled but failed on an external Codex usage-limit error; earlier Claude Code proof exists; Antigravity remains unproven and now fails early when the provided LS workspace does not match the isolated verifier repo. |
4343
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, grouped lifecycle summaries, and explicit synced metadata audit events; broader synced/local ingest transport remains incomplete. |
4444
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output; full explicit JSON/debug/path surface policy proof is still incomplete. |
@@ -72,7 +72,7 @@ the exact package was not available in the current attachment cache.
7272

7373
| Requirement | Status | Evidence |
7474
| --- | --- | --- |
75-
| Submit/status/events/report/cancel/resume lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists. Gateway MCP now exposes `codencer.start_project_run`, `codencer.submit_project_task`, `codencer.list_project_runs`, `codencer.get_project_run_status`, `codencer.get_run_report`, `codencer.get_gateway_run_events`, and project-scoped `codencer.cancel_project_run`; `resume_project_run` remains a structured capability blocker. |
75+
| Submit/status/events/report/cancel/resume lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists. Gateway MCP now exposes `codencer.start_project_run`, `codencer.submit_project_task`, `codencer.list_project_runs`, `codencer.get_project_run_status`, `codencer.get_run_report`, `codencer.get_gateway_run_events`, and project-scoped `codencer.cancel_project_run`; `resume_project_run` remains a structured capability blocker and records `resume_project_run_requested` plus `resume_project_run_blocked` audit events. |
7676
| Long-running tasks not dependent on one blocking request | Partially implemented | Local submit can run without `--wait`, Relay MCP has async project tools, Gateway MCP has a non-blocking async lifecycle, and Gateway Console simple-task submit now returns after submission and polls reports until terminal evidence is available. Manifest mode remains a blocking advanced path. |
7777
| `get_run_report` for simple and manifest runs | Implemented for covered Gateway paths | Gateway tests cover submit/get report and manifest report paths. |
7878
| Run state transitions include waiting/canceled/resumed | Partially implemented | Domain has states/gates in daemon tests; Gateway MCP preserves non-terminal `submitted/running` states, forwards project-scoped cancel, records `run_cancelled`, and still exposes structured resume blockers where true resume support is absent. |
@@ -85,7 +85,7 @@ the exact package was not available in the current attachment cache.
8585
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer, while true resume remains incomplete. |
8686
| Permission requests | Partially implemented | Dangerous executor confirmation exists in Gateway Console, unsafe-action blockers map to `permission_request_required`, and Antigravity unsupported/out-of-workspace permission waits now become manual-attention results instead of timeouts; no generalized permission-request lifecycle. |
8787
| OS/system human action required | Partially implemented | Daemon-not-running blockers map to `os_system_human_action_required` records; no full OS-action resolver flow. |
88-
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`; Gateway audit records blocker interrupts and sanitized operator responses from HTTP/MCP/Console; project-scoped cancel is forwarded and audited; resume still returns a structured unsupported/capability blocker. |
88+
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, and unsupported Gateway MCP resume requested/blocked events; project-scoped cancel is forwarded and audited; resume still returns a structured unsupported/capability blocker. |
8989

9090
### 04 - CLI Commands and Control Plane
9191

@@ -96,7 +96,7 @@ the exact package was not available in the current attachment cache.
9696
| `codencer run events` | Implemented | `run events` returns local run timeline/events for known run plan records. |
9797
| `codencer run report` | Implemented | `run report` returns the local run report without relying on a Gateway call. |
9898
| `codencer run cancel` | Partially implemented | `run cancel` is exposed locally, and project-scoped Gateway/Relay/Connector cancel now reaches daemon-backed cancellation; executor-specific cancellation behavior still depends on the active executor/daemon state. |
99-
| `codencer run resume` | Partially implemented | `run resume` is exposed as a structured unsupported blocker until daemon HTTP resume exists. |
99+
| `codencer run resume` | Partially implemented | `run resume` is exposed as a structured unsupported blocker until daemon HTTP resume exists; Gateway MCP resume attempts now also emit sanitized requested/blocked audit events for run-history correlation. |
100100
| `codencer executor list/scan/test/default` | Implemented | Implemented in `cmd/codencer/main.go`. |
101101
| `codencer sync` or publish equivalent | Partially implemented | `codencer sync status/preview/publish` exists with metadata-only preview and no raw upload. |
102102
| Public defaults are local/self-host | Partially implemented | Config/default docs and scripts exist; needs re-check against new specs. |
@@ -117,7 +117,7 @@ the exact package was not available in the current attachment cache.
117117
| --- | --- | --- |
118118
| Compact run history | Implemented | `/api/gateway/v1/runs` and `/console/runs` exist. |
119119
| Run detail | Implemented | `/api/gateway/v1/runs/{id}` and `/console/runs/[id]` exist. |
120-
| Audit lifecycle events | Implemented for Gateway-observed runs | Gateway records task/route/relay/connector/executor/start/terminal/report events, `human_interrupt_created` for blocker outcomes, and sanitized `human_interrupt_responded` operator responses. |
120+
| Audit lifecycle events | Implemented for Gateway-observed runs | Gateway records task/route/relay/connector/executor/start/terminal/report events, `human_interrupt_created` for blocker outcomes, sanitized `human_interrupt_responded` operator responses, and unsupported Gateway MCP resume requested/blocked events. |
121121
| Pagination | Implemented for Gateway-observed history | Runs and audit support `limit`/`offset` and return `pagination.has_more`/`next_offset`; Console exposes previous/next controls. |
122122
| Filters | Implemented for Gateway-observed history | Runs support project/status/scope; audit supports event type, project, run ID, and run history filters. |
123123
| Grouped audit | Implemented for Gateway-observed history | Audit responses include grouped lifecycle summaries, and Console renders a grouped lifecycle section linking to run detail. |
@@ -138,7 +138,7 @@ The release remains `NO-GO` until at least these are resolved:
138138

139139
1. Antigravity real executor proof must pass or the final verdict must remain `NO-GO`.
140140
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task submit/report polling, and project-scoped cancel; manifest mode and true resume remain incomplete or structured blockers.
141-
3. Human interrupt lifecycle still needs true resume support; first-class local interrupt records plus Gateway HTTP/MCP/Console response audit now exist for blocker outcomes.
141+
3. Human interrupt lifecycle still needs true resume support; first-class local interrupt records plus Gateway HTTP/MCP/Console response audit and unsupported resume requested/blocked audit now exist for blocker outcomes.
142142
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, run events, run report, and run resume blocker output is now covered.
143143
5. Raw log/artifact sync remains unsupported by design; only sanitized metadata-only `codencer sync publish --confirm` is implemented.
144144
6. Broader incremental sync policy and external source reconciliation remain incomplete even though Gateway-observed and explicit synced metadata history/audit now exist.

0 commit comments

Comments
 (0)