Skip to content

Commit 8e9717d

Browse files
committed
Update hardening reports for start follow up
1 parent e4693fa commit 8e9717d

2 files changed

Lines changed: 22 additions & 6 deletions

File tree

reports/public-selfhost-hardening/final-report.md

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
Date: 2026-06-24
44

5-
Implementation commit hash: `39520cc3aa140db65cbd79e92cc1daf982793645`
5+
Implementation commit hash: `e4693fabbcd61a52f3e99495a427182ac1dd656b`
66

77
Branch: `next-phase`
88

@@ -35,6 +35,7 @@ Branch: `next-phase`
3535
- Added Gateway HTTP and MCP operator-response recording for Gateway-observed human interrupts, with sanitized `human_interrupt_responded` audit metadata and explicit next actions that keep automatic continuation separated from resume routing.
3636
- Added explicit `follow_up=resume` behavior for Gateway-observed human interrupt responses. The response is recorded first, then Gateway uses the stored safe route metadata to attempt `resume_project_run`, returning either a resumed run payload or a structured blocker while auditing `resume_project_run_requested`, `run_resumed`, or `resume_project_run_blocked`.
3737
- Added explicit `follow_up=cancel` behavior for Gateway-observed human interrupt responses. The response is recorded first, then Gateway uses the stored safe route metadata to attempt `cancel_project_run`, returning either a cancelled run payload or a structured blocker while auditing `cancel_project_run_requested`, `run_cancelled`, or `cancel_project_run_blocked`.
38+
- Added explicit `follow_up=start_new_task` behavior for Gateway-observed human interrupt responses. The response is recorded first, then Gateway requires a separate `new_task_goal`, uses the stored safe route metadata to submit the replacement task with `wait=false`, and returns either the submitted follow-up run or a structured `new_task_goal_required` blocker while auditing `start_new_task_requested` or `start_new_task_blocked`.
3839
- Wired project run resume through Gateway HTTP, Gateway MCP, Relay HTTP, Relay MCP, Connector project proxy, and local daemon-backed resume. Successful daemon-resumable states produce `run_resumed`; completed or otherwise non-resumable runs still return structured `run_resume_blocked` / `resume_project_run_blocked` blockers with sanitized audit metadata.
3940
- Updated Gateway Console manifest/run-plan submissions to use the async `wait=false` path, so both simple task mode and advanced manifest mode return after submission and rely on report polling for terminal evidence.
4041
- Added Gateway API regression coverage proving manifest-mode project run creation forwards `wait=false`, returns a submitted run, preserves `run_history_id`, and later resolves the terminal report through the report endpoint.
@@ -108,6 +109,8 @@ Branch: `next-phase`
108109
- `reports/gateway-console-screenshots/2026-06-24-1923`
109110
- `reports/gateway-console-screenshots/2026-06-24-1938`
110111
- `reports/gateway-console-screenshots/2026-06-24-1942`
112+
- `reports/gateway-console-screenshots/2026-06-24-1953`
113+
- `reports/gateway-console-screenshots/2026-06-24-1956`
111114

112115
## Commands Run
113116

@@ -285,6 +288,19 @@ Branch: `next-phase`
285288
- `make verify-gateway-console-live` after adding explicit human-interrupt follow-up cancel - passed
286289
- `make verify-public-release` after adding explicit human-interrupt follow-up cancel - passed
287290
- `make verify-public-selfhost-release TARGETS=host REQUIRE_TARGETS=host` after adding explicit human-interrupt follow-up cancel - passed; visual evidence `reports/gateway-console-screenshots/2026-06-24-1942`
291+
- `gofmt -w internal/gateway/api.go internal/gateway/tools.go internal/gateway/gateway_test.go` after adding explicit human-interrupt follow-up start_new_task - passed
292+
- `go test ./internal/gateway` after adding explicit human-interrupt follow-up start_new_task - passed
293+
- `cd web/gateway-console && npx prettier --write api/run-history.ts features/console/run-detail-screen.tsx` after adding explicit human-interrupt follow-up start_new_task - passed
294+
- `cd web/gateway-console && npm run format:check` after adding explicit human-interrupt follow-up start_new_task - passed
295+
- `cd web/gateway-console && npm run lint` after adding explicit human-interrupt follow-up start_new_task - passed
296+
- `cd web/gateway-console && npm run typecheck` after adding explicit human-interrupt follow-up start_new_task - passed
297+
- `cd web/gateway-console && npm run test` after adding explicit human-interrupt follow-up start_new_task - passed
298+
- `cd web/gateway-console && npm run build && npm run test:e2e` after adding explicit human-interrupt follow-up start_new_task - passed
299+
- `go test ./...` after adding explicit human-interrupt follow-up start_new_task - passed
300+
- `make verify-gateway` after adding explicit human-interrupt follow-up start_new_task - passed
301+
- `make verify-gateway-console` after adding explicit human-interrupt follow-up start_new_task - passed; visual evidence `reports/gateway-console-screenshots/2026-06-24-1953`
302+
- `make verify-public-release` after adding explicit human-interrupt follow-up start_new_task - passed
303+
- `make verify-public-selfhost-release TARGETS=host REQUIRE_TARGETS=host` after adding explicit human-interrupt follow-up start_new_task - passed; visual evidence `reports/gateway-console-screenshots/2026-06-24-1956`
288304
- `git diff --check` - passed
289305

290306
## Remaining Blockers
@@ -297,7 +313,7 @@ Branch: `next-phase`
297313
- Project-scoped cancel now routes through Gateway, Relay, Connector, and local daemon cancellation; whether the underlying executor stops immediately remains bounded by daemon/executor cancellation semantics.
298314
- Raw log/artifact upload remains unsupported by design. `codencer sync publish --confirm` ingests metadata-only run/project summaries into Gateway history; it does not upload local reports, logs, artifacts, daemon URLs, or filesystem paths.
299315
- Run history/audit synced-scope transport now exists for explicit metadata-only `codencer sync publish`, including sanitized aggregate and per-run sync audit events; broader incremental sync policy and external source reconciliation remain incomplete.
300-
- Human interrupt lifecycle is still partial: local report/event records, local and project-level daemon-backed resume for resumable states, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, explicit `follow_up=resume/cancel` handling, resume/cancel-attempt audit, and a Console run-detail response panel now exist. Broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete.
316+
- Human interrupt lifecycle is still partial: local report/event records, local and project-level daemon-backed resume for resumable states, Gateway blocker audit, sanitized Gateway HTTP/MCP operator-response audit, explicit `follow_up=resume/cancel/start_new_task` handling, resume/cancel/start-new-task audit, and a Console run-detail response panel now exist. Broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete.
301317
- Broader explicit JSON/debug/path surface policy proof remains incomplete. Default local human CLI output now covers init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, and run resume blocker output, and the source/artifact Gateway verifier now covers public Gateway API and MCP leak checks for core list/run/audit/activation surfaces.
302318

303319
Verdict: NO-GO

reports/public-selfhost-hardening/implementation-audit.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ the exact package was not available in the current attachment cache.
3838
| Explicit sync/publish | Partially implemented | `codencer sync status/preview/publish` now provides metadata-only preview; confirmed publish ingests sanitized metadata into Gateway run history and records aggregate/per-run sync audit events. Raw logs/artifacts remain blocked. |
3939
| Local CLI submit UX | Partially implemented | `codencer submit` exists and is local-first; default human output redacts local paths and now shows local lifecycle progress for run id, submitted step/profile, task status, terminal result, report-store availability, and non-terminal `codencer run report <run_id>` follow-up. Broader interactive/progress streaming remains narrow. |
4040
| Async run lifecycle | Partially implemented | Local `run start/list/get/status/events/report/cancel/resume` exists; local resume now routes through daemon `RecoveryService.ResumeRun` for `created` and `paused_for_gate` runs and returns structured blockers for non-resumable or missing-run states. Gateway/Relay/Connector now route true project-scoped cancel and project-scoped resume, Gateway MCP exposes async start/submit/list/status/report/events/cancel/resume, successful resumable project resumes produce `run_resumed`, and non-resumable project resumes produce structured requested/blocked audit events. Gateway Console now submits simple tasks and advanced manifest/run-plan tasks with `wait=false`, polls run reports, and records terminal audit events on report refresh. |
41-
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, local and project-level daemon-backed resume exist for resumable states, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, explicit `follow_up=resume/cancel` uses stored safe route metadata to attempt resume/cancel and audit the requested/resumed/cancelled/blocked outcome, non-resumable resume attempts record requested/blocked audit events, and Antigravity unsafe permission waits now fail fast as manual-attention results; broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete. |
41+
| Human interrupt lifecycle | Partially implemented | Local reports/events now expose first-class `human_interrupts`, local and project-level daemon-backed resume exist for resumable states, Gateway blocker outcomes emit `human_interrupt_created` audit events, Gateway HTTP/MCP and Console run detail can record sanitized operator responses as `human_interrupt_responded`, explicit `follow_up=resume/cancel/start_new_task` uses stored safe route metadata to attempt resume/cancel or submit a replacement task with `wait=false`, missing replacement goals return `new_task_goal_required`, and all three paths audit the requested/resumed/cancelled/submitted/blocked outcome; broader planner/executor continuation after arbitrary answer/approval/permission responses remains incomplete. |
4242
| Real executor proofs | Partially implemented | Codex has prior artifact-backed proof and latest rerun invoked the real Codex binary with simulation disabled but failed on an external Codex usage-limit error; earlier Claude Code proof exists; Antigravity remains unproven and now fails early when the provided LS workspace does not match the isolated verifier repo. |
4343
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, grouped lifecycle summaries, and explicit synced metadata audit events; broader synced/local ingest transport remains incomplete. |
4444
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, and run resume blocker output. Source-tree and unpacked-artifact Gateway smoke now also sweeps public Gateway API outputs for relays, projects, machines, connectors, executors, runs, run detail/events, audit events, and activation commands. Broader explicit JSON/debug/path surface policy proof is still incomplete. |
@@ -82,10 +82,10 @@ the exact package was not available in the current attachment cache.
8282
| Requirement | Status | Evidence |
8383
| --- | --- | --- |
8484
| Planning approval required | Partially implemented | Local blockers map manual approvals to `planning_approval_required` interrupt records; no complete UI/MCP approval lifecycle. |
85-
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer and an explicit `follow_up=resume/cancel` can attempt project resume/cancel through the stored route, while broader planner/executor continuation after arbitrary answers remains incomplete. |
85+
| Clarifying questions | Partially implemented | Question blockers now produce `clarifying_question_required` interrupt records and Gateway `human_interrupt_created` audit; Gateway HTTP/MCP and Console run detail can record a sanitized operator answer and an explicit `follow_up=resume/cancel/start_new_task` can attempt project resume/cancel or submit a replacement task through the stored route, while broader planner/executor continuation after arbitrary answers remains incomplete. |
8686
| Permission requests | Partially implemented | Dangerous executor confirmation exists in Gateway Console, unsafe-action blockers map to `permission_request_required`, and Antigravity unsupported/out-of-workspace permission waits now become manual-attention results instead of timeouts; no generalized permission-request lifecycle. |
8787
| OS/system human action required | Partially implemented | Daemon-not-running blockers map to `os_system_human_action_required` records; no full OS-action resolver flow. |
88-
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`, `run_resumed`, and `run_resume_blocked`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, explicit follow-up resume/cancel attempts, project resume requested/blocked events for non-resumable states, and `run_resumed` or `run_cancelled` when downstream project resume/cancel succeeds; project-scoped cancel and resume are forwarded and audited. |
88+
| Resume/cancel/audit interrupt lifecycle | Partially implemented | Local events include `human_interrupt_created`, `run_resumed`, and `run_resume_blocked`; Gateway audit records blocker interrupts, sanitized operator responses from HTTP/MCP/Console, explicit follow-up resume/cancel/start-new-task attempts, project resume requested/blocked events for non-resumable states, `run_resumed` or `run_cancelled` when downstream project resume/cancel succeeds, and `start_new_task_requested` / `start_new_task_blocked` for replacement tasks; project-scoped cancel and resume are forwarded and audited. |
8989

9090
### 04 - CLI Commands and Control Plane
9191

@@ -138,7 +138,7 @@ The release remains `NO-GO` until at least these are resolved:
138138

139139
1. Antigravity real executor proof must pass or the final verdict must remain `NO-GO`.
140140
2. Async lifecycle now covers local, Relay MCP, Gateway MCP, Gateway Console simple-task and advanced manifest/run-plan submit/report polling, project-scoped cancel, and local/project-level daemon-backed resume for resumable states; non-resumable project resume still returns structured blockers.
141-
3. Human interrupt lifecycle still needs broader planner/executor continuation after arbitrary answer/approval/permission responses; first-class local interrupt records plus local and project-level resume/cancel, explicit Gateway `follow_up=resume/cancel`, Gateway HTTP/MCP/Console response audit, and non-resumable resume requested/blocked audit now exist for blocker outcomes.
141+
3. Human interrupt lifecycle still needs broader planner/executor continuation after arbitrary answer/approval/permission responses; first-class local interrupt records plus local and project-level resume/cancel, explicit Gateway `follow_up=resume/cancel/start_new_task`, Gateway HTTP/MCP/Console response audit, and non-resumable resume requested/blocked audit now exist for blocker outcomes.
142142
4. Full redaction proof across every CLI/MCP/UI/Gateway surface remains incomplete, although default local human CLI output for init, config show, config profile/set commands, project init/status/scan, executor list/scan/test/default, setup self-host/relay, activation self-host, sync preview, submit, run events, run report, run resume blocker output, and core source/artifact Gateway API outputs are now covered.
143143
5. Raw log/artifact sync remains unsupported by design; only sanitized metadata-only `codencer sync publish --confirm` is implemented.
144144
6. Broader incremental sync policy and external source reconciliation remain incomplete even though Gateway-observed and explicit synced metadata history/audit now exist.

0 commit comments

Comments
 (0)