Skip to content

Complete Varlock runtime contract#312

Merged
WalksWithASwagger merged 1 commit into
mainfrom
codex/issue-310-varlock-runtime-contract-2
Jul 11, 2026
Merged

Complete Varlock runtime contract#312
WalksWithASwagger merged 1 commit into
mainfrom
codex/issue-310-varlock-runtime-contract-2

Conversation

@WalksWithASwagger

Copy link
Copy Markdown
Owner

Summary

  • complete the committed environment schema against the active provider and runtime code surface
  • add agent-safe validation, audit, staged scan, and non-secret child-injection smoke commands
  • add repository agent instructions that prohibit reading value files or printing process environments
  • preserve the existing Node and npm runtime contract by keeping the Varlock CLI externally installed

Verification

  • npx --yes varlock@1.10.0 load --agent --show-all
  • npx --yes varlock@1.10.0 audit
  • npx --yes varlock@1.10.0 run --inject vars -- node scripts/varlock-injection-smoke.mjs
  • npx --yes varlock@1.10.0 scan --staged
  • npm run verify (511 passed; docs, public boundary, dry-run smoke, and package boundary passed)
  • cached diff check and local-path/credential-shaped addition review

Acceptance Self-Check

  • Schema coverage matches the active provider-facing code surface.
  • Agent instructions prohibit reading environment value files and printing process environments.
  • The non-secret smoke proves Varlock injection reaches the child process.
  • Existing tests pass.
  • No real value, machine path, ignored value file, or provider setting was exposed or changed.
  • Diff stays within the agentic delivery size limit.

Closes #310

@github-actions

Copy link
Copy Markdown

Agentic PR Review

Verdict: review-ready

Checks:

  • Linked issue via Closes #... or Refs #...: yes
  • Issue acceptance criteria found: 5
  • PR verification section present: yes
  • PR acceptance self-check present: yes
  • Diff within v1 limits: yes

@github-actions github-actions Bot added the review-ready Agent-created PR is ready for human review. label Jul 11, 2026
@WalksWithASwagger

Copy link
Copy Markdown
Owner Author

Codex review: APPROVE. Added schema names map to active provider, doctor, browser, and smoke consumers; the non-secret injection sentinel is safe; 511 tests, audit, scan, secret scan, and review checks pass. No blocking findings.

@WalksWithASwagger WalksWithASwagger merged commit 9c03873 into main Jul 11, 2026
5 checks passed
@WalksWithASwagger WalksWithASwagger deleted the codex/issue-310-varlock-runtime-contract-2 branch July 11, 2026 01:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

review-ready Agent-created PR is ready for human review.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

varlock: verify the provider schema and safe agent command pattern

1 participant