Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 24 additions & 19 deletions .agent-loop/LOOP_STATE.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,18 @@
## Current State

- Active initiative: `WS-POL-001` - Submission Artifact Policy Foundation
- Active planning chunk: none
- Active implementation chunk: `WS-POL-001-10` - Pre-Submit Live Drill Hardening
- Branch: `codex/ws-pol-001-10-pre-submit-hardening`
- Status: `WS-POL-001-10` is open as PR #72. Implementation and internal
review are complete; CodeRabbit follow-up fixes are addressed locally and the
branch is awaiting pushed CI reruns and the human merge checkpoint.
- Last merged implementation SHA: `8a524de`
- Last merge commit: `8a524de`
- Current gate: PR #72 external checks after evidence rebind, then human merge
decision
- Next chunk: inactive until `WS-POL-001-10` reaches a human checkpoint
- Active planning chunk: `WS-POL-001-11` - Actor Identity And Profile Registry
- Active implementation chunk: none
- Branch: `codex/ws-pol-001-11-actor-identity-profile-contract`
- Status: `WS-POL-001-10` merged through PR #72. `WS-POL-001-11` has contract,
internal review evidence, and PR trust bundle prepared for human review.
Implementation is inactive until the contract is approved and the user gives
an explicit implementation start signal.
- Last merged implementation SHA: `cc78f2a`
- Last merge commit: `1bbde47`
- Current gate: human review of `WS-POL-001-11` contract
- Next chunk: `WS-POL-001-11` is contract-only until human review approves the
implementation boundary

## Operating Rule

Expand Down Expand Up @@ -41,12 +42,12 @@ project setup runtime boundary. It removed the production fixture adapter and
did not change task, checker, post-submit, review, revision, payment,
reputation, blockchain, frontend, or object-storage behavior.

The active `WS-POL-001-10` chunk is a corrective hardening chunk for the
pre-submit live API drill. It fixes guide-version conflict mapping, guide-create
source snapshot capture, active-guide checker summary visibility, worker
self-profile onboarding, and failed pre-submit audit evidence. It does not
change post-submit policy, review, revision, payment, reputation, blockchain,
frontend, or agent-runtime behavior.
The merged `WS-POL-001-10` chunk was a corrective hardening chunk for the
pre-submit live API drill. It fixed guide-version conflict mapping,
guide-create source snapshot capture, active-guide checker summary visibility,
worker self-profile onboarding, and failed pre-submit audit evidence. It did
not change post-submit policy, review, revision, payment, reputation,
blockchain, frontend, or agent-runtime behavior.

## Last Review State

Expand Down Expand Up @@ -107,5 +108,9 @@ frontend, or agent-runtime behavior.
- PR #71 merged into `main` as `8a524de`.
- `WS-POL-001-10` started after the user's explicit start signal for the first
five pre-submit hardening fixes from the live API drill.
- PR #72 is open from `codex/ws-pol-001-10-pre-submit-hardening`; CodeRabbit
follow-up fixes are applied locally and require CI rerun after push.
- PR #72 merged into `main` as `1bbde47`.
- `WS-POL-001-11` is the next planned bounded chunk. It should add local
Workstream actor identity and actor profile registries for verified Flow
actors before the next Terminal Benchmark live API drill.
- `WS-POL-001-11` internal review evidence is tracked at `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-11-internal-review-evidence.md`.
- `WS-POL-001-11` PR trust bundle is tracked at `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-11-pr-trust-bundle.md`.
65 changes: 65 additions & 0 deletions .agent-loop/REVIEW_LOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -228,3 +228,68 @@ and removal of remaining construction-state compatibility surfaces.
Evidence: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-08-internal-review-evidence.md`

External review response: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-08-external-review-response.md`

## WS-POL-001-09

Status: merged through PR #71 on 2026-07-06.

Merge commit: `8a524de`

Required reviewer tracks:

- senior engineering
- QA/test
- security/auth
- product/ops
- architecture
- CI integrity
- docs
- reuse/dedup
- test delta

Result: PASS after fixes; external review addressed; GitHub checks passed.

Scope: removed the production `local_fixture` project setup runtime and old
runtime selector, kept deterministic test behavior in explicit test-local
fakes only, and preserved OpenAI Agents SDK as the configured project setup
runtime boundary.

Evidence: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-09-internal-review-evidence.md`

External review response: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-09-external-review-response.md`

## WS-POL-001-10

Status: merged through PR #72 on 2026-07-06.

Merge commit: `1bbde47`

Reviewed implementation SHA: `cc78f2a`

Required reviewer tracks:

- senior engineering
- QA/test
- security/auth
- product/ops
- architecture
- CI integrity
- docs
- reuse/dedup
- test delta

Result: PASS after fixes; external review addressed; GitHub checks passed.

Scope: duplicate guide-version conflict handling, guide-create source snapshot
capture, active-guide checker summary visibility, worker self-profile
onboarding through authenticated API, nullable worker identity response
coverage, and durable failed-pre-submit audit evidence without creating a
submission.

Next chunk: `WS-POL-001-11` should define and then implement local actor
identity and actor profile registries before the next Terminal Benchmark live
API drill.

Evidence: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-10-internal-review-evidence.md`

External review response: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-10-external-review-response.md`
13 changes: 8 additions & 5 deletions .agent-loop/WORK_QUEUE.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

| Chunk | Title | Risk | Status |
|---|---|---:|---|
| TBD | Next WS-POL-001 bounded chunk | L1 | Inactive until explicit user start signal and chunk contract |
| `WS-POL-001-11` | Actor Identity And Profile Registry Contract | L1 | Contract-only branch active; implementation waits for human review |

## Completed

Expand All @@ -21,13 +21,16 @@
| `WS-POL-001-06` | Terminal Benchmark Real Fixture Drill | L1 | Merged through PR #67 |
| `WS-POL-001-07` | Task Contract Artifact Field Cleanup | L1 | Merged through PR #68 |
| `WS-POL-001-08` | Celery Project Setup Pipeline | L1 | Merged through PR #69 |
| `WS-POL-001-09` | OpenAI Agents SDK Runtime Only | L1 | Merged through PR #71 |
| `WS-POL-001-10` | Pre-Submit Live Drill Hardening | L1 | Merged through PR #72 |

## Proposed Next

No chunk is active. The next likely step is a new bounded chunk to prove the
automatic Celery project setup path against the Terminal Benchmark example with
real API calls, but it must receive an explicit chunk contract before
implementation starts.
The next implementation chunk should create local Workstream actor identity and
actor profile registries for verified Flow actors. It must not turn Workstream
into the auth provider, and persisted profiles must not become permission
authority. After that merge, rerun the Terminal Benchmark live API drill through
real HTTP calls.

## Blocked

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -749,3 +749,142 @@ The removed fixture path cannot be used as a production project setup runtime;
test fakes stay visibly test-local; operator docs do not imply fallback
behavior; and the project-agent port remains available for deliberate future
runtime providers.

### WS-POL-001-10: Pre-Submit Live Drill Hardening

Goal:

Harden the concrete pre-submit setup and intake gaps found during the real
Terminal Benchmark API drill.

Risk:

L1

Depends on:

`WS-POL-001-09`

Status:

Merged through PR #72.

Scope:

Duplicate guide-version conflict mapping, guide-create source snapshot capture,
active-guide checker summary visibility, worker self-profile onboarding through
authenticated API, and durable failed-pre-submit audit evidence without creating
a submission.

Human review focus:

Worker profile setup is a real authenticated API path, active-guide checker
visibility does not expose compiled bundle bodies, and failed pre-submit
attempts remain outside product review decisions.

### WS-POL-001-11: Actor Identity And Profile Registry

Goal:

Create local `ActorIdentity` and shared `ActorProfile` registries for verified
Flow actors before the next Terminal Benchmark live API drill.

Risk:

L1

Depends on:

`WS-POL-001-10`

Allowed files:

```text
backend/alembic/versions/*_actor_identity_profile_registry.py
backend/app/api/router.py
backend/app/api/deps/auth.py
backend/app/api/routes/demo.py
backend/app/api/routes/auth.py
backend/app/db/models.py
backend/app/modules/actors/__init__.py
backend/app/modules/actors/models.py
backend/app/modules/actors/repository.py
backend/app/modules/actors/schemas.py
backend/app/modules/actors/service.py
backend/app/modules/tasks/models.py
backend/app/modules/tasks/repository.py
backend/app/modules/tasks/router.py
backend/app/modules/tasks/schemas.py
backend/app/modules/tasks/service.py
backend/tests/test_actors.py
backend/tests/test_alembic.py
backend/tests/test_auth.py
backend/tests/test_tasks.py
backend/scripts/week1_dry_run.py
backend/scripts/week1_api_e2e.py
backend/scripts/week2_api_e2e.py
examples/terminal_benchmark/terminal_benchmark_api_e2e.py
docs/architecture_data_model.md
docs/architecture_lockdown.md
docs/architecture_system_architecture.md
docs/glossary.md
docs/operations_roles_permissions.md
docs/spec_chunk_2_auth_actor_boundary.md
docs/spec_chunk_4_task_queue_assignment.md
.agent-loop/LOOP_STATE.md
.agent-loop/WORK_QUEUE.md
.agent-loop/REVIEW_LOG.md
.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md
.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md
.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-11-actor-identity-profile-registry.md
.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-11-*
```

Not allowed:

```text
Workstream-owned login, signup, password reset, password storage, primary auth sessions, or API-key auth
Flow token verifier replacement
route access from persisted profile rows instead of verified token roles
task/submission/checker/review/revision/payment/reputation behavior changes
agent runtime, project setup pipeline, Celery, storage, frontend, demo feature, or blockchain changes
```

Acceptance criteria:

- `ActorIdentity` and `ActorProfile` models/tables exist with unique identity
and profile constraints.
- Existing worker/reviewer profile rows are backfilled into the shared profile
model and the separate profile tables, ORM models, and repository authority
paths stop owning profile state.
- Seeded migration tests prove worker/reviewer profile backfill preserves
profile type, status, skill tags, scope, and table removal.
- Flow token verification remains pure. Actor registration uses a separate
actors service/repository boundary.
- Route authorization remains token-derived.
- Profile status values are explicit. `observed` is audit/display metadata,
`active` is explicit workflow eligibility, and profile status is never route
permission.
- Observation refresh preserves existing `active` and `disabled` profile
status unless an explicit audited profile workflow changes status.
- Worker claim requires both verified worker token role and active worker
profile.
- Stored profiles without matching token roles do not grant operator, worker,
reviewer, or project-manager access.
- Stale backend demo/script imports of old worker/reviewer profile models are
removed, rewired, or retired so the shared actor profile model is the only
profile authority.
- Stale backend script/example calls to `/api/v1/demo/worker-profile` are
removed, rewired to `POST /api/v1/workers/me/profile`, or explicitly retired.
- Verification includes a stale helper scan for old profile model imports and
the removed demo worker-profile endpoint.

Required reviewers:

senior engineering, QA/test, security/auth, product/ops, architecture, docs,
reuse/dedup, test delta.

Human review focus:

The shared actor/profile model removes duplicated profile storage without
turning persisted profiles into auth or permission authority.
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@
## Current Status

`WS-POL-001-01`, `WS-POL-001-02`, `WS-POL-001-03`, `WS-POL-001-04`,
`WS-POL-001-05`, `WS-POL-001-06`, `WS-POL-001-07`, `WS-POL-001-08`, and
`WS-POL-001-09` are merged to `main`. `WS-POL-001-10` is open as PR #72 from
`codex/ws-pol-001-10-pre-submit-hardening` after the user's explicit start
signal for the first five pre-submit hardening fixes from the real Terminal
Benchmark API drill.
`WS-POL-001-05`, `WS-POL-001-06`, `WS-POL-001-07`, `WS-POL-001-08`,
`WS-POL-001-09`, and `WS-POL-001-10` are merged to `main`. `WS-POL-001-11`
contract evidence is ready for external review and human approval.
Implementation remains inactive until human review approves the actor
identity/profile implementation boundary and the user gives an explicit
implementation start signal.

## Active Chunk

`WS-POL-001-10` - Pre-Submit Live Drill Hardening.
`WS-POL-001-11` contract review. Implementation is inactive.

## Chunk Status

Expand All @@ -26,13 +27,14 @@ Benchmark API drill.
| `WS-POL-001-07` | Merged | `codex/ws-pol-001-07-task-contract-cleanup` | 68 | Removes task-owned `required_files`/`required_evidence` from request/response/model/migration and keeps artifact requirements project-policy driven. |
| `WS-POL-001-08` | Merged | `codex/ws-pol-001-08-celery-project-setup` | 69 | Makes guide/source capture enqueue Celery pre-submit setup automatically: sufficiency first, blocked stops, draft submission artifact policy next; removes remaining construction-state compatibility surfaces. |
| `WS-POL-001-09` | Merged | `codex/ws-pol-001-09-openai-agent-sdk-only` | 71 | Removes the production `local_fixture` project setup runtime and old runtime selector; keeps deterministic test behavior in explicit test-local fakes only. |
| `WS-POL-001-10` | PR open; CodeRabbit fixes applied locally | `codex/ws-pol-001-10-pre-submit-hardening` | 72 | Hardens duplicate guide-version conflicts, guide-create source snapshots, active-guide checker summaries, worker self-profile onboarding, and failed pre-submit audit evidence. |
| `WS-POL-001-10` | Merged | `codex/ws-pol-001-10-pre-submit-hardening` | 72 | Hardens duplicate guide-version conflicts, guide-create source snapshots, active-guide checker summaries, worker self-profile onboarding, and failed pre-submit audit evidence. |
| `WS-POL-001-11` | Internal review complete; implementation inactive | `codex/ws-pol-001-11-actor-identity-profile-contract` | 73 | Defines local Workstream actor identity and actor profile registries for verified Flow actors before the next live API drill. |

## Blockers

| Blocker | Owner | Next action |
|---|---|---|
| None | - | Push evidence-rebound follow-up, rerun PR #72 CI, then human checkpoint for `WS-POL-001-10`. |
| None | - | Human review decides whether to accept the contract before implementation starts. |

## Follow-Ups

Expand All @@ -41,3 +43,4 @@ Benchmark API drill.
| Add public revision lifecycle coverage instead of direct `needs_revision` test setup | Test-delta review | High for `WS-POL-001-05` |
| Add focused `0007 -> 0006` downgrade assertion for locked-context columns and constraints | QA/test-delta review | Medium follow-up |
| Extract shared artifact path and forbidden-pattern helpers before further checker-policy expansion | Reuse/dedup review | Medium follow-up |
| Add profile-level audit events if actor/profile changes become reputation-sensitive | Security review on PR #72 | Medium follow-up |
Loading
Loading