From a8c32031ffe283917c6a48fe51d1735dc22d1cad Mon Sep 17 00:00:00 2001 From: eric Date: Sun, 5 Apr 2026 15:19:37 +0200 Subject: [PATCH] fix: do not truncate summaries --- .../8j9wr3q5w8i70g02aq0j8vqhw6ga4cyw-source | 1 + .../zhfr3hg0ix1pjrv54b0i1pv90n5mhymm-source | 1 - ...e-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa | 2 +- ...5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc | 8 ++-- README.md | 6 +++ flake.nix | 1 + src/controller/engine.rs | 4 +- src/controller/verifier.rs | 12 ++++- src/model/mod.rs | 3 +- src/model/plan.rs | 11 +++++ src/model/policy.rs | 16 +++---- src/process/shell.rs | 12 ++++- src/storage/toon/files.rs | 45 +++++++++++++++++-- 13 files changed, 100 insertions(+), 22 deletions(-) create mode 120000 .direnv/flake-inputs/8j9wr3q5w8i70g02aq0j8vqhw6ga4cyw-source delete mode 120000 .direnv/flake-inputs/zhfr3hg0ix1pjrv54b0i1pv90n5mhymm-source diff --git a/.direnv/flake-inputs/8j9wr3q5w8i70g02aq0j8vqhw6ga4cyw-source b/.direnv/flake-inputs/8j9wr3q5w8i70g02aq0j8vqhw6ga4cyw-source new file mode 120000 index 0000000..7b7966c --- /dev/null +++ b/.direnv/flake-inputs/8j9wr3q5w8i70g02aq0j8vqhw6ga4cyw-source @@ -0,0 +1 @@ +/nix/store/8j9wr3q5w8i70g02aq0j8vqhw6ga4cyw-source \ No newline at end of file diff --git a/.direnv/flake-inputs/zhfr3hg0ix1pjrv54b0i1pv90n5mhymm-source b/.direnv/flake-inputs/zhfr3hg0ix1pjrv54b0i1pv90n5mhymm-source deleted file mode 120000 index 44f0961..0000000 --- a/.direnv/flake-inputs/zhfr3hg0ix1pjrv54b0i1pv90n5mhymm-source +++ /dev/null @@ -1 +0,0 @@ -/nix/store/zhfr3hg0ix1pjrv54b0i1pv90n5mhymm-source \ No newline at end of file diff --git a/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa b/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa index 4ba9f1e..b27f145 120000 --- a/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa +++ b/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa @@ -1 +1 @@ -/nix/store/y0camphrdlb2higdygca6b3sqia1bgf6-nix-shell-env \ No newline at end of file +/nix/store/fdmbv2sg0n5nwkc82ph8dqqspq78y2l6-nix-shell-env \ No newline at end of file diff --git a/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc b/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc index 839510b..2055917 100644 --- a/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc +++ b/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc @@ -43,7 +43,7 @@ NIX_CC='/nix/store/s7qlr26bmc6n4r607scz8iiwcg6yg4ic-clang-wrapper-21.1.8' export NIX_CC NIX_CC_WRAPPER_TARGET_HOST_arm64_apple_darwin='1' export NIX_CC_WRAPPER_TARGET_HOST_arm64_apple_darwin -NIX_CFLAGS_COMPILE=' -frandom-seed=y0camphrdl -isystem /nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0/include -fmacro-prefix-map=/nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libcxx-20.1.0+apple-sdk-26.0 -isystem /nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev/include -fmacro-prefix-map=/nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-compiler-rt-libc-21.1.8-dev -isystem /nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev/include -fmacro-prefix-map=/nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libiconv-109.100.2-dev -isystem /nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev/include -fmacro-prefix-map=/nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libresolv-91-dev -isystem /nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev/include -fmacro-prefix-map=/nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libsbuf-14.1.0-dev -isystem /nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0/include -fmacro-prefix-map=/nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libcxx-20.1.0+apple-sdk-26.0 -isystem /nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev/include -fmacro-prefix-map=/nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-compiler-rt-libc-21.1.8-dev -isystem /nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev/include -fmacro-prefix-map=/nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libiconv-109.100.2-dev -isystem /nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev/include -fmacro-prefix-map=/nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libresolv-91-dev -isystem /nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev/include -fmacro-prefix-map=/nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libsbuf-14.1.0-dev' +NIX_CFLAGS_COMPILE=' -frandom-seed=fdmbv2sg0n -isystem /nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0/include -fmacro-prefix-map=/nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libcxx-20.1.0+apple-sdk-26.0 -isystem /nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev/include -fmacro-prefix-map=/nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-compiler-rt-libc-21.1.8-dev -isystem /nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev/include -fmacro-prefix-map=/nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libiconv-109.100.2-dev -isystem /nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev/include -fmacro-prefix-map=/nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libresolv-91-dev -isystem /nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev/include -fmacro-prefix-map=/nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libsbuf-14.1.0-dev -isystem /nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0/include -fmacro-prefix-map=/nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libcxx-20.1.0+apple-sdk-26.0 -isystem /nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev/include -fmacro-prefix-map=/nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-compiler-rt-libc-21.1.8-dev -isystem /nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev/include -fmacro-prefix-map=/nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libiconv-109.100.2-dev -isystem /nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev/include -fmacro-prefix-map=/nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libresolv-91-dev -isystem /nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev/include -fmacro-prefix-map=/nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libsbuf-14.1.0-dev' export NIX_CFLAGS_COMPILE NIX_DONT_SET_RPATH='1' export NIX_DONT_SET_RPATH @@ -71,7 +71,7 @@ OLDPWD='' export OLDPWD OPTERR='1' OSTYPE='darwin25.3.0' -PATH='/nix/store/6qbj40r0s289k5slmy8yna5x2hfz01wg-git-2.53.0/bin:/nix/store/0p9bi4b2dzlggz2irpnbvcf5rb6lcm9m-rustc-wrapper-1.94.0/bin:/nix/store/fp6mq617pb2rwrkc2fspjbwgf85jdb6n-cargo-1.94.0/bin:/nix/store/zhiy290rs2xwi9146nyz9w72q0sa9iq1-clippy-1.94.0/bin:/nix/store/fwgjpxfnwrbymfab8yd6hp9nws2b8jpn-rustfmt-1.94.0/bin:/nix/store/lnvhspzjms1qx8abfwr735h3cg3h265r-rust-analyzer-2026-03-23/bin:/nix/store/s7qlr26bmc6n4r607scz8iiwcg6yg4ic-clang-wrapper-21.1.8/bin:/nix/store/6adskryjj6g2p508xjxp2x4iwyy15gsr-clang-21.1.8/bin:/nix/store/akih5l2yxpzqyh63xvyc6zsxl7kl2x4v-coreutils-9.10/bin:/nix/store/hwn7mviydmcdr2gw3zx30rcc0xi7k40c-cctools-binutils-darwin-wrapper-1010.6/bin:/nix/store/yppcv1v8rdm3086ykynmf7w5yy61v30b-cctools-binutils-darwin-1010.6/bin:/nix/store/930py6p7h4xw7fwys7y3hx7rkyqnpvqq-xcbuild-0.1.1-unstable-2019-11-20-xcrun/bin:/nix/store/a85h00app701vf0ggln0r97yayszvwkk-libiconv-109.100.2/bin:/nix/store/akih5l2yxpzqyh63xvyc6zsxl7kl2x4v-coreutils-9.10/bin:/nix/store/f9ik2jdvk6shdnzr4l8mibqdiqjd9chb-findutils-4.10.0/bin:/nix/store/hrkhhbx6v8fzwnizwvqh9h0yff5vcp75-diffutils-3.12/bin:/nix/store/m188brzrrd4f0jdiy495vz8pz75j5kpn-gnused-4.9/bin:/nix/store/mwj8nml055g8w0c2yq1apajcwrqgsg9q-gnugrep-3.12/bin:/nix/store/bvrbfzyimpjxwn679252bhbbccnb43nr-gawk-5.3.2/bin:/nix/store/k5q5hl5zhvvh9j2q9nr6wk8wx4f5rddv-gnutar-1.35/bin:/nix/store/fx6qvxgcvfpjhy5wr9hsvpkpjqw5zgf0-gzip-1.14/bin:/nix/store/4rqfrsyqp53wavnk86k4flm35vhagwjk-bzip2-1.0.8-bin/bin:/nix/store/y40n7jzzy9qydb120kxgbzi55mprbkfm-gnumake-4.4.1/bin:/nix/store/s0psayl7zvkvwdcqc8fy1sbv8rlf1yq8-bash-5.3p9/bin:/nix/store/jqcdmxsh8zk7bn1qcxwq3dwjjx4p7i0f-patch-2.8/bin:/nix/store/fc6w1zkl1klj979isgaag8a66jmpq1qs-xz-5.8.2-bin/bin:/nix/store/5n5ynvylwkjrblm2lpj3ns2qc821fvmi-file-5.45/bin' +PATH='/nix/store/6qbj40r0s289k5slmy8yna5x2hfz01wg-git-2.53.0/bin:/nix/store/sw4y21fj45k4z29cnnlsnbv92dd2x6r4-codex-controller-loop-0.1.0/bin:/nix/store/0p9bi4b2dzlggz2irpnbvcf5rb6lcm9m-rustc-wrapper-1.94.0/bin:/nix/store/fp6mq617pb2rwrkc2fspjbwgf85jdb6n-cargo-1.94.0/bin:/nix/store/zhiy290rs2xwi9146nyz9w72q0sa9iq1-clippy-1.94.0/bin:/nix/store/fwgjpxfnwrbymfab8yd6hp9nws2b8jpn-rustfmt-1.94.0/bin:/nix/store/lnvhspzjms1qx8abfwr735h3cg3h265r-rust-analyzer-2026-03-23/bin:/nix/store/s7qlr26bmc6n4r607scz8iiwcg6yg4ic-clang-wrapper-21.1.8/bin:/nix/store/6adskryjj6g2p508xjxp2x4iwyy15gsr-clang-21.1.8/bin:/nix/store/akih5l2yxpzqyh63xvyc6zsxl7kl2x4v-coreutils-9.10/bin:/nix/store/hwn7mviydmcdr2gw3zx30rcc0xi7k40c-cctools-binutils-darwin-wrapper-1010.6/bin:/nix/store/yppcv1v8rdm3086ykynmf7w5yy61v30b-cctools-binutils-darwin-1010.6/bin:/nix/store/930py6p7h4xw7fwys7y3hx7rkyqnpvqq-xcbuild-0.1.1-unstable-2019-11-20-xcrun/bin:/nix/store/a85h00app701vf0ggln0r97yayszvwkk-libiconv-109.100.2/bin:/nix/store/akih5l2yxpzqyh63xvyc6zsxl7kl2x4v-coreutils-9.10/bin:/nix/store/f9ik2jdvk6shdnzr4l8mibqdiqjd9chb-findutils-4.10.0/bin:/nix/store/hrkhhbx6v8fzwnizwvqh9h0yff5vcp75-diffutils-3.12/bin:/nix/store/m188brzrrd4f0jdiy495vz8pz75j5kpn-gnused-4.9/bin:/nix/store/mwj8nml055g8w0c2yq1apajcwrqgsg9q-gnugrep-3.12/bin:/nix/store/bvrbfzyimpjxwn679252bhbbccnb43nr-gawk-5.3.2/bin:/nix/store/k5q5hl5zhvvh9j2q9nr6wk8wx4f5rddv-gnutar-1.35/bin:/nix/store/fx6qvxgcvfpjhy5wr9hsvpkpjqw5zgf0-gzip-1.14/bin:/nix/store/4rqfrsyqp53wavnk86k4flm35vhagwjk-bzip2-1.0.8-bin/bin:/nix/store/y40n7jzzy9qydb120kxgbzi55mprbkfm-gnumake-4.4.1/bin:/nix/store/s0psayl7zvkvwdcqc8fy1sbv8rlf1yq8-bash-5.3p9/bin:/nix/store/jqcdmxsh8zk7bn1qcxwq3dwjjx4p7i0f-patch-2.8/bin:/nix/store/fc6w1zkl1klj979isgaag8a66jmpq1qs-xz-5.8.2-bin/bin:/nix/store/5n5ynvylwkjrblm2lpj3ns2qc821fvmi-file-5.45/bin' export PATH PATH_LOCALE='/nix/store/r0di2qx1f6g3g2b4894ql8vyqd5h6q9h-locale-118/share/locale' export PATH_LOCALE @@ -161,7 +161,7 @@ mesonFlags='' export mesonFlags name='nix-shell-env' export name -nativeBuildInputs='/nix/store/6qbj40r0s289k5slmy8yna5x2hfz01wg-git-2.53.0 /nix/store/0p9bi4b2dzlggz2irpnbvcf5rb6lcm9m-rustc-wrapper-1.94.0 /nix/store/fp6mq617pb2rwrkc2fspjbwgf85jdb6n-cargo-1.94.0 /nix/store/zhiy290rs2xwi9146nyz9w72q0sa9iq1-clippy-1.94.0 /nix/store/fwgjpxfnwrbymfab8yd6hp9nws2b8jpn-rustfmt-1.94.0 /nix/store/lnvhspzjms1qx8abfwr735h3cg3h265r-rust-analyzer-2026-03-23' +nativeBuildInputs='/nix/store/6qbj40r0s289k5slmy8yna5x2hfz01wg-git-2.53.0 /nix/store/sw4y21fj45k4z29cnnlsnbv92dd2x6r4-codex-controller-loop-0.1.0 /nix/store/0p9bi4b2dzlggz2irpnbvcf5rb6lcm9m-rustc-wrapper-1.94.0 /nix/store/fp6mq617pb2rwrkc2fspjbwgf85jdb6n-cargo-1.94.0 /nix/store/zhiy290rs2xwi9146nyz9w72q0sa9iq1-clippy-1.94.0 /nix/store/fwgjpxfnwrbymfab8yd6hp9nws2b8jpn-rustfmt-1.94.0 /nix/store/lnvhspzjms1qx8abfwr735h3cg3h265r-rust-analyzer-2026-03-23' export nativeBuildInputs out='/Users/eric/Projects/nodeiwest/codex-controller-loop/outputs/out' export out @@ -182,7 +182,7 @@ phases='buildPhase' export phases pkg='/nix/store/q2dccg26bm7bn6ia1q30qkl5jck7wwgb-apple-sdk-14.4' declare -a pkgsBuildBuild=() -declare -a pkgsBuildHost=('/nix/store/6qbj40r0s289k5slmy8yna5x2hfz01wg-git-2.53.0' '/nix/store/0p9bi4b2dzlggz2irpnbvcf5rb6lcm9m-rustc-wrapper-1.94.0' '/nix/store/fp6mq617pb2rwrkc2fspjbwgf85jdb6n-cargo-1.94.0' '/nix/store/zhiy290rs2xwi9146nyz9w72q0sa9iq1-clippy-1.94.0' '/nix/store/fwgjpxfnwrbymfab8yd6hp9nws2b8jpn-rustfmt-1.94.0' '/nix/store/lnvhspzjms1qx8abfwr735h3cg3h265r-rust-analyzer-2026-03-23' '/nix/store/avjzyij6c5vbva2pqvfp7y9ch4aii05g-update-autotools-gnu-config-scripts-hook' '/nix/store/0y5xmdb7qfvimjwbq7ibg1xdgkgjwqng-no-broken-symlinks.sh' '/nix/store/cv1d7p48379km6a85h4zp6kr86brh32q-audit-tmpdir.sh' '/nix/store/85clx3b0xkdf58jn161iy80y5223ilbi-compress-man-pages.sh' '/nix/store/p3l1a5y7nllfyrjn2krlwgcc3z0cd3fq-make-symlinks-relative.sh' '/nix/store/5yzw0vhkyszf2d179m0qfkgxmp5wjjx4-move-docs.sh' '/nix/store/fyaryjvghbkpfnsyw97hb3lyb37s1pd6-move-lib64.sh' '/nix/store/kd4xwxjpjxi71jkm6ka0np72if9rm3y0-move-sbin.sh' '/nix/store/pag6l61paj1dc9sv15l7bm5c17xn5kyk-move-systemd-user-units.sh' '/nix/store/cmzya9irvxzlkh7lfy6i82gbp0saxqj3-multiple-outputs.sh' '/nix/store/x8c40nfigps493a07sdr2pm5s9j1cdc0-patch-shebangs.sh' '/nix/store/cickvswrvann041nqxb0rxilc46svw1n-prune-libtool-files.sh' '/nix/store/xyff06pkhki3qy1ls77w10s0v79c9il0-reproducible-builds.sh' '/nix/store/z7k98578dfzi6l3hsvbivzm7hfqlk0zc-set-source-date-epoch-to-latest.sh' '/nix/store/pilsssjjdxvdphlg2h19p0bfx5q0jzkn-strip.sh' '/nix/store/s7qlr26bmc6n4r607scz8iiwcg6yg4ic-clang-wrapper-21.1.8' '/nix/store/hwn7mviydmcdr2gw3zx30rcc0xi7k40c-cctools-binutils-darwin-wrapper-1010.6' '/nix/store/930py6p7h4xw7fwys7y3hx7rkyqnpvqq-xcbuild-0.1.1-unstable-2019-11-20-xcrun' ) +declare -a pkgsBuildHost=('/nix/store/6qbj40r0s289k5slmy8yna5x2hfz01wg-git-2.53.0' '/nix/store/sw4y21fj45k4z29cnnlsnbv92dd2x6r4-codex-controller-loop-0.1.0' '/nix/store/0p9bi4b2dzlggz2irpnbvcf5rb6lcm9m-rustc-wrapper-1.94.0' '/nix/store/fp6mq617pb2rwrkc2fspjbwgf85jdb6n-cargo-1.94.0' '/nix/store/zhiy290rs2xwi9146nyz9w72q0sa9iq1-clippy-1.94.0' '/nix/store/fwgjpxfnwrbymfab8yd6hp9nws2b8jpn-rustfmt-1.94.0' '/nix/store/lnvhspzjms1qx8abfwr735h3cg3h265r-rust-analyzer-2026-03-23' '/nix/store/avjzyij6c5vbva2pqvfp7y9ch4aii05g-update-autotools-gnu-config-scripts-hook' '/nix/store/0y5xmdb7qfvimjwbq7ibg1xdgkgjwqng-no-broken-symlinks.sh' '/nix/store/cv1d7p48379km6a85h4zp6kr86brh32q-audit-tmpdir.sh' '/nix/store/85clx3b0xkdf58jn161iy80y5223ilbi-compress-man-pages.sh' '/nix/store/p3l1a5y7nllfyrjn2krlwgcc3z0cd3fq-make-symlinks-relative.sh' '/nix/store/5yzw0vhkyszf2d179m0qfkgxmp5wjjx4-move-docs.sh' '/nix/store/fyaryjvghbkpfnsyw97hb3lyb37s1pd6-move-lib64.sh' '/nix/store/kd4xwxjpjxi71jkm6ka0np72if9rm3y0-move-sbin.sh' '/nix/store/pag6l61paj1dc9sv15l7bm5c17xn5kyk-move-systemd-user-units.sh' '/nix/store/cmzya9irvxzlkh7lfy6i82gbp0saxqj3-multiple-outputs.sh' '/nix/store/x8c40nfigps493a07sdr2pm5s9j1cdc0-patch-shebangs.sh' '/nix/store/cickvswrvann041nqxb0rxilc46svw1n-prune-libtool-files.sh' '/nix/store/xyff06pkhki3qy1ls77w10s0v79c9il0-reproducible-builds.sh' '/nix/store/z7k98578dfzi6l3hsvbivzm7hfqlk0zc-set-source-date-epoch-to-latest.sh' '/nix/store/pilsssjjdxvdphlg2h19p0bfx5q0jzkn-strip.sh' '/nix/store/s7qlr26bmc6n4r607scz8iiwcg6yg4ic-clang-wrapper-21.1.8' '/nix/store/hwn7mviydmcdr2gw3zx30rcc0xi7k40c-cctools-binutils-darwin-wrapper-1010.6' '/nix/store/930py6p7h4xw7fwys7y3hx7rkyqnpvqq-xcbuild-0.1.1-unstable-2019-11-20-xcrun' ) declare -a pkgsBuildTarget=() declare -a pkgsHostHost=('/nix/store/gas29mwgqh0i3d4083ygl9b65sll1yil-libcxx-20.1.0+apple-sdk-26.0' '/nix/store/pnazzar06qzgcbsln5shjnmrq0krryww-compiler-rt-libc-21.1.8-dev' '/nix/store/hnb6cg3cfrsnhfppiaa6zzpk1i57wzm3-compiler-rt-libc-21.1.8' ) declare -a pkgsHostTarget=('/nix/store/q2dccg26bm7bn6ia1q30qkl5jck7wwgb-apple-sdk-14.4' '/nix/store/4l8729yjln4zhnry763pklqb75dwmrd2-libiconv-109.100.2-dev' '/nix/store/a85h00app701vf0ggln0r97yayszvwkk-libiconv-109.100.2' '/nix/store/d6dh7sdypw64lf74iv0gwgphvs1dq3fa-libresolv-91-dev' '/nix/store/ymxg8vmmk5l8wvs5lld3vl9k3rhvdh59-libresolv-91' '/nix/store/ykwz6395vf4gn185zfvkx30avzmap11y-libsbuf-14.1.0-dev' '/nix/store/3kl23yrdmyy7c8m4fvzg2kilks9ca83s-libsbuf-14.1.0' '/nix/store/22mhkcy5mpkgsa7k1d04qkxybnkwhqc4-libutil-72' ) diff --git a/README.md b/README.md index d0f6ad1..9c4253f 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,12 @@ The repo-local task config lives at: .agent/controller-loop/task.toon ``` +To run verifier/test commands with unrestricted command execution (for environments that are blocked by socket-backed sandboxing), edit the config to include: + +```text +shell-execution-mode: full-access +``` + ## Commands ```bash diff --git a/flake.nix b/flake.nix index 0901b53..c768a1a 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,7 @@ devShells.default = pkgs.mkShell { packages = [ pkgs.git + codex-controller-loop pkgs.rustc pkgs.cargo pkgs.clippy diff --git a/src/controller/engine.rs b/src/controller/engine.rs index d9b527f..bc9a107 100644 --- a/src/controller/engine.rs +++ b/src/controller/engine.rs @@ -247,7 +247,7 @@ pub fn runtime_loop( continue; } - let verification = verifier::verify_step(&repo_root, &exec, &event_tx)?; + let verification = verifier::verify_step(&repo_root, &config, &exec, &event_tx)?; if !verification.passed { plan.mark_blocked(&step.id); plan.append_step_note(&step.id, verification.summary.as_str()); @@ -276,7 +276,7 @@ pub fn runtime_loop( continue; } - let tests = verifier::run_tests(&repo_root, &exec, &event_tx)?; + let tests = verifier::run_tests(&repo_root, &config, &exec, &event_tx)?; if !tests.passed { plan.mark_todo(&step.id); plan.append_step_note(&step.id, tests.summary.as_str()); diff --git a/src/controller/verifier.rs b/src/controller/verifier.rs index 3f0778a..f844a95 100644 --- a/src/controller/verifier.rs +++ b/src/controller/verifier.rs @@ -10,12 +10,14 @@ use crate::process; pub fn verify_step( repo_root: &std::path::Path, + config: &TaskConfig, response: &ExecutionResponse, event_tx: &Sender, ) -> Result { process::run_shell_commands( repo_root, &response.verification_commands, + &config.shell_execution_mode, event_tx, "Verification", None, @@ -37,8 +39,16 @@ pub fn verify_cleanup( pub fn run_tests( repo_root: &std::path::Path, + config: &TaskConfig, response: &ExecutionResponse, event_tx: &Sender, ) -> Result { - process::run_shell_commands(repo_root, &response.test_commands, event_tx, "Tests", None) + process::run_shell_commands( + repo_root, + &response.test_commands, + &config.shell_execution_mode, + event_tx, + "Tests", + None, + ) } diff --git a/src/model/mod.rs b/src/model/mod.rs index ea70950..3d4aa96 100644 --- a/src/model/mod.rs +++ b/src/model/mod.rs @@ -14,7 +14,8 @@ pub use self::controller::{ }; #[allow(unused_imports)] pub use self::plan::{ - CleanupRule, ContinueUntil, Plan, PlanDelta, PlanStep, TaskConfig, VerificationCheck, + CleanupRule, ContinueUntil, Plan, PlanDelta, PlanStep, ShellExecutionMode, TaskConfig, + VerificationCheck, }; #[allow(unused_imports)] pub use self::response::{ControllerSummary, ExecutionResponse, PlannerResponse}; diff --git a/src/model/plan.rs b/src/model/plan.rs index fe7e764..d0750f5 100644 --- a/src/model/plan.rs +++ b/src/model/plan.rs @@ -14,6 +14,14 @@ pub enum ContinueUntil { ManualStop, } +#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)] +#[serde(rename_all = "kebab-case")] +pub enum ShellExecutionMode { + #[default] + Constrained, + FullAccess, +} + #[derive(Debug, Clone, Serialize, Deserialize)] pub struct TaskConfig { pub engine: String, @@ -25,6 +33,8 @@ pub struct TaskConfig { pub continue_until: ContinueUntil, pub max_runs: u32, pub max_wall_clock: String, + #[serde(default)] + pub shell_execution_mode: ShellExecutionMode, } impl TaskConfig { @@ -40,6 +50,7 @@ impl TaskConfig { continue_until: ContinueUntil::FixedPoint, max_runs: 12, max_wall_clock: "4h".to_string(), + shell_execution_mode: ShellExecutionMode::Constrained, } } diff --git a/src/model/policy.rs b/src/model/policy.rs index 5c4e149..cf705b3 100644 --- a/src/model/policy.rs +++ b/src/model/policy.rs @@ -29,7 +29,7 @@ pub struct RoutingRules { pub decision_rules: Vec, } -#[derive(Debug, Clone, Serialize, Deserialize)] +#[derive(Debug, Clone, Serialize, Deserialize, Default)] #[serde(rename_all = "kebab-case", default)] pub struct PolicyGate { pub require_fields: Vec, @@ -44,7 +44,7 @@ pub struct PolicyDecision { pub reason: String, } -#[derive(Debug, Clone, Serialize, Deserialize)] +#[derive(Debug, Clone, Serialize, Deserialize, Default)] #[serde(rename_all = "kebab-case", default)] pub struct HandoffEnvelope { #[serde(alias = "id")] @@ -129,7 +129,7 @@ pub struct HandoffCriteria { pub optional: Vec, } -#[derive(Debug, Clone, Serialize, Deserialize)] +#[derive(Debug, Clone, Serialize, Deserialize, Default)] #[serde(rename_all = "kebab-case", default)] pub struct ReviewEnvelope { pub from: StringCell, @@ -137,7 +137,7 @@ pub struct ReviewEnvelope { pub review: ReviewPayload, } -#[derive(Debug, Clone, Serialize, Deserialize)] +#[derive(Debug, Clone, Serialize, Deserialize, Default)] #[serde(rename_all = "kebab-case", default)] pub struct ReviewPayload { #[serde(default)] @@ -325,10 +325,10 @@ impl HandoffEnvelope { ); } - if let Some(conf) = self.conf - && !(0.0..=1.0).contains(&conf) - { - bail!("confidence value must be normalized in 0.0..1.0, got {conf}"); + if let Some(conf) = self.conf { + if !(0.0..=1.0).contains(&conf) { + bail!("confidence value must be normalized in 0.0..1.0, got {conf}"); + } } Ok(()) diff --git a/src/process/shell.rs b/src/process/shell.rs index bbf8802..5c1b193 100644 --- a/src/process/shell.rs +++ b/src/process/shell.rs @@ -5,12 +5,15 @@ use std::sync::mpsc::Sender; use anyhow::{Context, Result}; use crate::app::AppEvent; -use crate::model::{CommandSummary, SessionEntry, SessionSource, SessionStream}; +use crate::model::{ + CommandSummary, SessionEntry, SessionSource, SessionStream, ShellExecutionMode, +}; use crate::repo; pub fn run_shell_commands( repo_root: &Path, commands: &[String], + shell_mode: &ShellExecutionMode, event_tx: &Sender, title: &str, tag: Option, @@ -32,6 +35,13 @@ pub fn run_shell_commands( .arg("-lc") .arg(command) .current_dir(repo_root) + .env( + "SHELL_EXECUTION_MODE", + match shell_mode { + ShellExecutionMode::Constrained => "constrained", + ShellExecutionMode::FullAccess => "full", + }, + ) .output() .with_context(|| format!("failed to execute shell command: {command}"))?; diff --git a/src/storage/toon/files.rs b/src/storage/toon/files.rs index 23aa8c0..33d994d 100644 --- a/src/storage/toon/files.rs +++ b/src/storage/toon/files.rs @@ -8,9 +8,20 @@ use crate::repo; use super::codec::{write_plan, write_state}; -pub(crate) const DEFAULT_GOAL: &str = "# Goal\n\nDescribe the goal for this controller.\n"; -pub(crate) const DEFAULT_STANDARDS: &str = - "# Standards\n\n- Keep code maintainable.\n- Avoid one-off hacks.\n- Leave tests green.\n"; +pub(crate) const DEFAULT_GOAL: &str = concat!( + "# Goal\n\n", + "Build the requested change as production-quality software.\n", + "Solve the real task, fit the existing architecture, and leave behind code that is easy to read, test, and extend.\n", +); +pub(crate) const DEFAULT_STANDARDS: &str = concat!( + "# Standards\n\n", + "- Prefer clear, simple designs over clever or sprawling code.\n", + "- Build reusable abstractions when logic would otherwise be duplicated, hard-coded, or tightly coupled.\n", + "- Do not ship one-off patches, special-case spaghetti, or temporary scaffolding as the final design.\n", + "- Keep module boundaries, naming, and control flow easy for another engineer to understand quickly.\n", + "- Update or add focused tests for the behavior you change, and keep the relevant test suite green.\n", + "- Remove dead code, debug leftovers, and incidental complexity before finishing.\n", +); pub fn ensure_controller_files(config: &TaskConfig) -> Result<()> { for path in [ @@ -59,3 +70,31 @@ pub(crate) fn write_markdown_path(path: &Path, content: &str) -> Result<()> { } fs::write(path, content).with_context(|| format!("failed to write {}", path.display())) } + +#[cfg(test)] +mod tests { + use tempfile::tempdir; + + use crate::model::TaskConfig; + use crate::test_support::CurrentDirGuard; + + use super::{ensure_controller_files, read_markdown, DEFAULT_GOAL, DEFAULT_STANDARDS}; + + #[test] + fn ensure_controller_files_uses_quality_focused_default_prompts() { + let temp = tempdir().expect("tempdir"); + let _cwd = CurrentDirGuard::enter(temp.path()); + let config = TaskConfig::default_for("quality-defaults"); + + ensure_controller_files(&config).expect("ensure files"); + + let goal = read_markdown(&config.goal_file).expect("read goal"); + let standards = read_markdown(&config.standards_file).expect("read standards"); + + assert_eq!(goal, DEFAULT_GOAL); + assert_eq!(standards, DEFAULT_STANDARDS); + assert!(goal.contains("production-quality software")); + assert!(standards.contains("reusable abstractions")); + assert!(standards.contains("one-off patches")); + } +}