You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Added Gateway HTTP and MCP operator-response recording for Gateway-observed human interrupts, with sanitized `human_interrupt_responded` audit metadata and explicit next actions that keep automatic continuation separated from resume routing.
36
36
- Added explicit `follow_up=resume` behavior for Gateway-observed human interrupt responses. The response is recorded first, then Gateway uses the stored safe route metadata to attempt `resume_project_run`, returning either a resumed run payload or a structured blocker while auditing `resume_project_run_requested`, `run_resumed`, or `resume_project_run_blocked`.
37
37
- Added explicit `follow_up=cancel` behavior for Gateway-observed human interrupt responses. The response is recorded first, then Gateway uses the stored safe route metadata to attempt `cancel_project_run`, returning either a cancelled run payload or a structured blocker while auditing `cancel_project_run_requested`, `run_cancelled`, or `cancel_project_run_blocked`.
38
+
- Added explicit `follow_up=start_new_task` behavior for Gateway-observed human interrupt responses. The response is recorded first, then Gateway requires a separate `new_task_goal`, uses the stored safe route metadata to submit the replacement task with `wait=false`, and returns either the submitted follow-up run or a structured `new_task_goal_required` blocker while auditing `start_new_task_requested` or `start_new_task_blocked`.
38
39
- Wired project run resume through Gateway HTTP, Gateway MCP, Relay HTTP, Relay MCP, Connector project proxy, and local daemon-backed resume. Successful daemon-resumable states produce `run_resumed`; completed or otherwise non-resumable runs still return structured `run_resume_blocked` / `resume_project_run_blocked` blockers with sanitized audit metadata.
39
40
- Updated Gateway Console manifest/run-plan submissions to use the async `wait=false` path, so both simple task mode and advanced manifest mode return after submission and rely on report polling for terminal evidence.
40
41
- Added Gateway API regression coverage proving manifest-mode project run creation forwards `wait=false`, returns a submitted run, preserves `run_history_id`, and later resolves the terminal report through the report endpoint.
- Project-scoped cancel now routes through Gateway, Relay, Connector, and local daemon cancellation; whether the underlying executor stops immediately remains bounded by daemon/executor cancellation semantics.
298
314
- Raw log/artifact upload remains unsupported by design. `codencer sync publish --confirm` ingests metadata-only run/project summaries into Gateway history; it does not upload local reports, logs, artifacts, daemon URLs, or filesystem paths.
299
315
- Run history/audit synced-scope transport now exists for explicit metadata-only `codencer sync publish`, including sanitized aggregate and per-run sync audit events; broader incremental sync policy and external source reconciliation remain incomplete.
300
-
- Human interrupt lifecycle is still partial: local report/event records, local and project-level daemon-backed resume for resumable states, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, explicit `follow_up=resume/cancel` handling, resume/cancel-attempt audit, and a Console run-detail response panel now exist. Broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete.
316
+
- Human interrupt lifecycle is still partial: local report/event records, local and project-level daemon-backed resume for resumable states, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, explicit `follow_up=resume/cancel/start_new_task` handling, resume/cancel/start-new-task audit, and a Console run-detail response panel now exist. Broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete.
301
317
- Broader explicit JSON/debug/path surface policy proof remains incomplete. Default local human CLI output now covers init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, and run resume blocker output, and the source/artifact Gateway verifier now covers public Gateway API and MCP leak checks for core list/run/audit/activation surfaces.
Copy file name to clipboardExpand all lines: reports/public-selfhost-hardening/implementation-audit.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,7 @@ the exact package was not available in the current attachment cache.
38
38
| Explicit sync/publish | Partially implemented |`codencer sync status/preview/publish` now provides metadata-only preview; confirmed publish ingests sanitized metadata into Gateway run history and records aggregate/per-run sync audit events. Raw logs/artifacts remain blocked. |
39
39
| Local CLI submit UX | Partially implemented |`codencer submit` exists and is local-first; default human output redacts local paths and now shows local lifecycle progress for run id, submitted step/profile, task status, terminal result, report-store availability, and non-terminal `codencer run report <run_id>` follow-up. Broader interactive/progress streaming remains narrow. |
40
40
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; local resume now routes through daemon `RecoveryService.ResumeRun` for `created` and `paused_for_gate` runs and returns structured blockers for non-resumable or missing-run states. Gateway/Relay/Connector now route true project-scoped cancel and project-scoped resume, Gateway MCP exposes async start/submit/list/status/report/events/cancel/resume, successful resumable project resumes produce `run_resumed`, and non-resumable project resumes produce structured requested/blocked audit events. Gateway Console now submits simple tasks and advanced manifest/run-plan tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
41
-
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, local and project-level daemon-backed resume exist for resumable states, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, explicit `follow_up=resume/cancel` uses stored safe route metadata to attempt resume/cancel and audit the requested/resumed/cancelled/blocked outcome, non-resumable resume attempts record requested/blocked audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete. |
41
+
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, local and project-level daemon-backed resume exist for resumable states, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, explicit `follow_up=resume/cancel/start_new_task` uses stored safe route metadata to attempt resume/cancel or submit a replacement task with `wait=false`, missing replacement goals return `new_task_goal_required`, and all three paths audit the requested/resumed/cancelled/submitted/blocked outcome; broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete. |
42
42
| Real executor proofs | Partially implemented | Codex has prior artifact-backed proof and latest rerun invoked the real Codex binary with simulation disabled but failed on an external Codex usage-limit error; earlier Claude Code proof exists; Antigravity remains unproven and now fails early when the provided LS workspace does not match the isolated verifier repo. |
43
43
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, grouped lifecycle summaries, and explicit synced metadata audit events; broader synced/local ingest transport remains incomplete. |
44
44
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, and run resume blocker output. Source-tree and unpacked-artifact Gateway smoke now also sweeps public Gateway API outputs for relays, projects, machines, connectors, executors, runs, run detail/events, audit events, and activation commands. Broader explicit JSON/debug/path surface policy proof is still incomplete. |
@@ -82,10 +82,10 @@ the exact package was not available in the current attachment cache.
82
82
| Requirement | Status | Evidence |
83
83
| --- | --- | --- |
84
84
| Planning approval required | Partially implemented | Local blockers map manual approvals to `planning_approval_required` interrupt records; no complete UI/MCP approval lifecycle. |
85
-
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer and an explicit `follow_up=resume/cancel` can attempt project resume/cancel through the stored route, while broader planner/executor continuation after arbitrary answers remains incomplete. |
85
+
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer and an explicit `follow_up=resume/cancel/start_new_task` can attempt project resume/cancel or submit a replacement task through the stored route, while broader planner/executor continuation after arbitrary answers remains incomplete. |
86
86
| Permission requests | Partially implemented | Dangerous executor confirmation exists in Gateway Console, unsafe-action blockers map to `permission_request_required`, and Antigravity unsupported/out-of-workspace permission waits now become manual-attention results instead of timeouts; no generalized permission-request lifecycle. |
87
87
| OS/system human action required | Partially implemented | Daemon-not-running blockers map to `os_system_human_action_required` records; no full OS-action resolver flow. |
88
-
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`, `run_resumed`, and `run_resume_blocked`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, explicit follow-up resume/cancel attempts, project resume requested/blocked events for non-resumable states, and `run_resumed` or `run_cancelled` when downstream project resume/cancel succeeds; project-scoped cancel and resume are forwarded and audited. |
88
+
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`, `run_resumed`, and `run_resume_blocked`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, explicit follow-up resume/cancel/start-new-task attempts, project resume requested/blocked events for non-resumable states, `run_resumed` or `run_cancelled` when downstream project resume/cancel succeeds, and `start_new_task_requested` / `start_new_task_blocked` for replacement tasks; project-scoped cancel and resume are forwarded and audited. |
89
89
90
90
### 04 - CLI Commands and Control Plane
91
91
@@ -138,7 +138,7 @@ The release remains `NO-GO` until at least these are resolved:
138
138
139
139
1. Antigravity real executor proof must pass or the final verdict must remain `NO-GO`.
140
140
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task and advanced manifest/run-plan submit/report polling, project-scoped cancel, and local/project-level daemon-backed resume for resumable states; non-resumable project resume still returns structured blockers.
141
-
3. Human interrupt lifecycle still needs broader planner/executor continuation after arbitrary answer/approval/permission responses; first-class local interrupt records plus local and project-level resume/cancel, explicit Gateway `follow_up=resume/cancel`, Gateway HTTP/MCP/Console response audit, and non-resumable resume requested/blocked audit now exist for blocker outcomes.
141
+
3. Human interrupt lifecycle still needs broader planner/executor continuation after arbitrary answer/approval/permission responses; first-class local interrupt records plus local and project-level resume/cancel, explicit Gateway `follow_up=resume/cancel/start_new_task`, Gateway HTTP/MCP/Console response audit, and non-resumable resume requested/blocked audit now exist for blocker outcomes.
142
142
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, run resume blocker output, and core source/artifact Gateway API outputs are now covered.
143
143
5. Raw log/artifact sync remains unsupported by design; only sanitized metadata-only `codencer sync publish --confirm` is implemented.
144
144
6. Broader incremental sync policy and external source reconciliation remain incomplete even though Gateway-observed and explicit synced metadata history/audit now exist.
0 commit comments