feat(CC-261/CC-262-M1/CC-263): doc cleanup + isolation-level policy + portable SHA-1#162
Merged
Conversation
…shipped core/README.md: drop the parenthetical deferral note; state-writer module is now real and operative. agents/project-pm.md: update runtime PR exemption wording to be version-agnostic. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… no-op map + portable SHA-1 - core/policy/isolation-level.yaml: new enum none/read-only/workspace-write/sandboxed - adapters/claude/isolation-map.yaml: no-op translation table for claude-executor - scripts/lib/portable.sh: _portable_sha1() cross-platform helper with FAKE_SHA1_MISSING stub - scripts/lib/state-writer.sh: _sw_project_key uses _portable_sha1 instead of raw sha1sum - scripts/test-state-store.sh: case_project_key_no_sha1sum stub test (30 passed, 0 failed) - BACKLOG: close CC-261, CC-263; update CC-262 M1 shipped note - MILESTONES: CC-262 M1 ✅ (#162), CC-261 ✅ (#162) - CHANGELOG: [Unreleased] entries for all three tickets Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add case_portable_sha1_shasum_fallback to test-portable.sh: uses FAKE_SHA1SUM_MISSING=1 + fake shasum shim to exercise the shasum -a 1 fallback branch independently of sha1sum availability. Also fix portable.sh comment to document FAKE_SHA1SUM_MISSING. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… contract test-portable.sh: assert exact digest (da39a3...) instead of regex; a broken _portable_sha1 returning an arbitrary 40-hex string would now fail. core/README.md: revert over-stated present-tense writer contract to accurately reflect that definition-layer validation is deferred to a future milestone. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
case_portable_sha1_both_missing: forces FAKE_SHA1_MISSING=1, asserts _portable_sha1 exits non-zero and emits the expected warning to stderr when neither sha1sum nor shasum is available. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace fixed-digest fake shasum with a real sha1sum passthrough shim (ignoring shasum's -a 1 flags). The test now asserts the correct SHA-1 of "test-input\n" (19877dd...), so a broken impl returning a constant or wrong-branch hash will fail. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ack integration scripts/test-state-store.sh: - case_dispatch_correct_partition: replace sha1sum|cut with _portable_sha1 - case_dispatch_subdir_partition_key: split git-rev-parse + _portable_sha1 - Add case_project_key_shasum_fallback: FAKE_SHA1SUM_MISSING=1 + fake shasum shim, asserts _sw_project_key returns 40-hex (not global) via shasum fallback path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ation parity test - core/README.md: remove explicit scripts/lib/state-writer.sh path; generalize to "scripts/ layer" to satisfy core/* layer invariant - test-portable.sh: replace sha1sum-backed fake shasum with openssl dgst -sha1 shim; sha1sum-independent on macOS/BSD - test-state-store.sh: same openssl shim fix for case_project_key_shasum_fallback - test-core-schemas.sh: add case_isolation_level_adapter_parity that validates adapters/claude/isolation-map.yaml keys == core/policy/isolation-level.yaml values Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Shell-based brief-validate + codex-post-verify pipeline to replace codex-executor subagent 2.5x overhead (~40 tool calls x 8s = ~6 min). Priority P2, active, next after PR #162 merges. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
core/policy/isolation-level.yaml(4 isolation values) +adapters/claude/isolation-map.yaml(no-op mappings for claude-executor)_portable_sha1()helper toscripts/lib/portable.sh(triessha1sum, falls back toshasum -a 1); consume it inscripts/lib/state-writer.sh_sw_project_key(); update state-store tests to use_portable_sha1Gate status (latest: gate-20260525-175621)
NO-GO — 3 remaining issues being fixed in parallel:
core/README.md:36— explicitscripts/lib/state-writer.shpath violates core layer invariant (fix: generalize to "scripts/ layer")test-portable.sh:1199+test-state-store.sh:501— fake shasum shims delegate tosha1sum; not truly sha1sum-independent (fix: useopenssl dgst -sha1)adapters/claude/isolation-map.yaml— missing parity test vscore/policy/isolation-level.yaml(fix: addcase_isolation_level_adapter_paritytotest-core-schemas.sh)Test plan
bash scripts/test-portable.sh— all passbash scripts/test-state-store.sh— all passbash scripts/test-core-schemas.sh— all pass including new parity testbash scripts/run-all-tests.sh— all suites pass🤖 Generated with Claude Code