Skip to content

Commit 864e89e

Browse files
committed
Update hardening report for Console interrupt responses
1 parent bfd998a commit 864e89e

2 files changed

Lines changed: 17 additions & 6 deletions

File tree

reports/public-selfhost-hardening/final-report.md

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
Date: 2026-06-24
44

5-
Implementation commit hash: `d8f59b059382883c36bab71fb3ae95ed85f42b26`
5+
Implementation commit hash: `bfd998abf5c3bfd2ff9b932e8bc3111f4dab1bb8`
66

77
Branch: `next-phase`
88

@@ -25,6 +25,7 @@ Branch: `next-phase`
2525
- Added Gateway-observed run/audit `limit`/`offset` pagination, server-side filters, grouped lifecycle summaries, and Console previous/next controls for Runs and Audit.
2626
- Added first-class local `human_interrupts` records and `human_interrupt_created` Gateway audit events for blocker/question/approval/permission/system-action outcomes.
2727
- Added Gateway HTTP and MCP operator-response recording for Gateway-observed human interrupts, with sanitized `human_interrupt_responded` audit metadata and explicit next actions that keep true resume marked unsupported.
28+
- Added a Gateway Console run-detail human interrupt response panel that appears for blocked/waiting runs, records sanitized operator responses through the Gateway API, refreshes run/audit data, and keeps resume framed as a separate capability check rather than automatic restart.
2829
- Added Antigravity executor profiles so executor discovery exposes Antigravity as a real profile family.
2930
- Added isolated Antigravity proof plumbing: `CODENCER_ANTIGRAVITY_DAEMON_DIR` discovery override, preservation of explicit verifier workspace roots, and live-verifier support for `CODENCER_E2E_ANTIGRAVITY_INSTANCE_JSON`, `CODENCER_E2E_ANTIGRAVITY_INSTANCE_FILE`, and `CODENCER_E2E_ANTIGRAVITY_DAEMON_DIR`.
3031
- Hardened Antigravity proof handling so the verifier rejects an Antigravity language-server instance unless its actual `GetWorkspaceInfos` output includes the isolated verifier repo.
@@ -74,6 +75,7 @@ Branch: `next-phase`
7475
- `reports/gateway-console-screenshots/2026-06-24-1631`
7576
- `reports/gateway-console-screenshots/2026-06-24-1643`
7677
- `reports/gateway-console-screenshots/2026-06-24-1656`
78+
- `reports/gateway-console-screenshots/2026-06-24-1708`
7779

7880
## Commands Run
7981

@@ -127,6 +129,15 @@ Branch: `next-phase`
127129
- `make verify-gateway` after adding Gateway human interrupt responses - passed
128130
- `make verify-public-release` after adding Gateway human interrupt responses - passed
129131
- `make verify-public-selfhost-release TARGETS=host REQUIRE_TARGETS=host` after adding Gateway human interrupt responses - passed
132+
- `cd web/gateway-console && npm run format:check` after adding Console human interrupt response panel - passed
133+
- `cd web/gateway-console && npm run lint` after adding Console human interrupt response panel - passed
134+
- `cd web/gateway-console && npm run typecheck` after adding Console human interrupt response panel - passed
135+
- `cd web/gateway-console && npm run test` after adding Console human interrupt response panel - passed
136+
- `cd web/gateway-console && npm run build` after adding Console human interrupt response panel - failed once when run concurrently with `npm run test:e2e` because both wrote `.next`; passed when rerun sequentially
137+
- `cd web/gateway-console && npm run test:e2e` after adding Console human interrupt response panel - passed
138+
- `make verify-gateway-console` after adding Console human interrupt response panel - passed
139+
- `make verify-gateway-console-live` after adding Console human interrupt response panel - passed
140+
- `make verify-public-release` after adding Console human interrupt response panel - passed
130141
- `CODENCER_E2E_REAL_EXECUTORS=codex,claude CODENCER_E2E_CODEX_COMMAND=<codex-binary> CODENCER_E2E_CLAUDE_COMMAND=<claude-binary> make verify-public-selfhost-rc` - failed by design with `NO-GO` after Codex and Claude passed and Antigravity was missing
131142
- `cd web/gateway-console && CODENCER_E2E_BIN_DIR=../../bin CODENCER_E2E_EXECUTOR_ADAPTER=antigravity CODENCER_E2E_EXECUTOR_PROFILE=antigravity-default CODENCER_E2E_ANTIGRAVITY_INSTANCE_FILE=<temp-file> node tests/live/verify-live.mjs` - failed correctly; the provided Antigravity LS did not expose the isolated verifier repo workspace
132143
- `git diff --check` - passed
@@ -140,7 +151,7 @@ Branch: `next-phase`
140151
- Project-scoped cancel now routes through Gateway, Relay, Connector, and local daemon cancellation; whether the underlying executor stops immediately remains bounded by daemon/executor cancellation semantics.
141152
- Raw log/artifact upload remains unsupported by design. `codencer sync publish --confirm` ingests metadata-only run/project summaries into Gateway history; it does not upload local reports, logs, artifacts, daemon URLs, or filesystem paths.
142153
- Run history/audit synced-scope transport now exists for explicit metadata-only `codencer sync publish`; broader incremental sync policy and external source reconciliation remain incomplete.
143-
- Human interrupt lifecycle is still partial: local report/event records, Gateway blocker audit, and sanitized Gateway HTTP/MCP operator-response audit now exist, but a product UI answer flow and true resume remain incomplete.
154+
- Human interrupt lifecycle is still partial: local report/event records, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, and a Console run-detail response panel now exist, but true resume remains incomplete.
144155
- Full cross-surface redaction proof remains incomplete. Default local human CLI output now covers init, config show, project init/status/scan, executor list, sync preview, submit, and run output in deterministic tests/verifiers, but explicit JSON/debug/path commands still require final policy review against the release gate.
145156

146157
Verdict: NO-GO

reports/public-selfhost-hardening/implementation-audit.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ the exact package was not available in the current attachment cache.
3838
| Explicit sync/publish | Partially implemented | `codencer sync status/preview/publish` now provides metadata-only preview; confirmed publish ingests sanitized metadata into Gateway run history. Raw logs/artifacts remain blocked. |
3939
| Local CLI submit UX | Partially implemented | `codencer submit` exists and is local-first; default human output redacts local paths, but progress UX remains narrow. |
4040
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; Gateway/Relay/Connector now route true project-scoped cancel, Gateway MCP exposes async start/submit/list/status/report/events/cancel, and resume remains a structured capability blocker. Gateway Console now submits simple tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
41-
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP can record sanitized operator responses as `human_interrupt_responded`, and Antigravity unsafe permission waits now fail fast as manual-attention results; product UI answer flow and true resume remain incomplete. |
41+
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, and Antigravity unsafe permission waits now fail fast as manual-attention results; true resume remains incomplete. |
4242
| Real executor proofs | Partially implemented | Codex has prior artifact-backed proof and latest rerun invoked the real Codex binary with simulation disabled but failed on an external Codex usage-limit error; earlier Claude Code proof exists; Antigravity remains unproven and now fails early when the provided LS workspace does not match the isolated verifier repo. |
4343
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, and grouped lifecycle summaries; synced/local ingest transport remains incomplete. |
4444
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, and run output; full explicit JSON/debug/path surface policy proof is still incomplete. |
@@ -82,10 +82,10 @@ the exact package was not available in the current attachment cache.
8282
| Requirement | Status | Evidence |
8383
| --- | --- | --- |
8484
| Planning approval required | Partially implemented | Local blockers map manual approvals to `planning_approval_required` interrupt records; no complete UI/MCP approval lifecycle. |
85-
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP can record a sanitized operator answer, while product UI answer handling and true resume remain incomplete. |
85+
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer, while true resume remains incomplete. |
8686
| Permission requests | Partially implemented | Dangerous executor confirmation exists in Gateway Console, unsafe-action blockers map to `permission_request_required`, and Antigravity unsupported/out-of-workspace permission waits now become manual-attention results instead of timeouts; no generalized permission-request lifecycle. |
8787
| OS/system human action required | Partially implemented | Daemon-not-running blockers map to `os_system_human_action_required` records; no full OS-action resolver flow. |
88-
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`; Gateway audit records blocker interrupts and sanitized operator responses; project-scoped cancel is forwarded and audited; resume still returns a structured unsupported/capability blocker. |
88+
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`; Gateway audit records blocker interrupts and sanitized operator responses from HTTP/MCP/Console; project-scoped cancel is forwarded and audited; resume still returns a structured unsupported/capability blocker. |
8989

9090
### 04 - CLI Commands and Control Plane
9191

@@ -138,7 +138,7 @@ The release remains `NO-GO` until at least these are resolved:
138138

139139
1. Antigravity real executor proof must pass or the final verdict must remain `NO-GO`.
140140
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task submit/report polling, and project-scoped cancel; manifest mode and true resume remain incomplete or structured blockers.
141-
3. Human interrupt lifecycle still needs a product UI answer flow and true resume support; first-class local interrupt records plus Gateway HTTP/MCP response audit now exist for blocker outcomes.
141+
3. Human interrupt lifecycle still needs true resume support; first-class local interrupt records plus Gateway HTTP/MCP/Console response audit now exist for blocker outcomes.
142142
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, and run output is now covered.
143143
5. Raw log/artifact sync remains unsupported by design; only sanitized metadata-only `codencer sync publish --confirm` is implemented.
144144
6. Broader incremental sync policy and external source reconciliation remain incomplete even though Gateway-observed and explicit synced metadata history now exist.

0 commit comments

Comments
 (0)