Skip to content

feat(evolution): APT-pattern safety gates with auto-rollback (ANGA-900)#76

Open
anhermon wants to merge 1 commit into
mainfrom
feature/anga-900-evolution-safety-gates
Open

feat(evolution): APT-pattern safety gates with auto-rollback (ANGA-900)#76
anhermon wants to merge 1 commit into
mainfrom
feature/anga-900-evolution-safety-gates

Conversation

@anhermon

Copy link
Copy Markdown
Owner

Summary

Implements Safety Gates for Anvil's 5-gate self-evolution engine using the APT (Agentic Prompt Template) pattern. Prevents performance degradation through automatic benchmark validation and rollback.

This addresses ANGA-900 from the APT pattern brainstorm (ANGA-865, Priority 1).

Changes

  • SafeApplier: New Applier trait implementation with three safety gates:

    1. Pre-hook: Backs up current prompt and captures baseline benchmark scores
    2. Apply: Writes evolved prompt to ~/.paperclip/harness/config.toml
    3. Post-hook: Runs benchmarks, compares to baseline, auto-rolls back if regression >10%
  • Benchmark runner: Shell script (scripts/run-evolution-benchmarks.sh) that measures:

    • Build success (25%)
    • Test pass rate (35%)
    • Clippy clean (20%)
    • Fmt clean (20%)
  • Backup management: Timestamped backups in ~/.paperclip/harness/prompt-backups/, keeps last 10

  • Integration: default_engine() now uses SafeApplier instead of DefaultApplier

  • Documentation: Added crates/evolution/SAFETY_GATES.md with full spec

Files Changed

  • crates/evolution/src/safe_applier.rs (new, 430 lines) — APT safety gates implementation
  • crates/evolution/src/defaults.rs — Updated default_engine() to use SafeApplier
  • crates/evolution/src/lib.rs — Export SafeApplier
  • scripts/run-evolution-benchmarks.sh (new, 86 lines) — Benchmark runner
  • crates/evolution/SAFETY_GATES.md (new, 178 lines) — Documentation

Test Plan

  • SafeApplier unit tests (backup creation, benchmark parsing)
  • Manual test: trigger evolution with SafeApplier
  • Verify backup directory creation
  • Verify benchmark script execution
  • Test auto-rollback on simulated regression
  • Verify cleanup of old backups
  • CI checks (build, clippy, fmt)

Verification (from ANGA-900)

  • Pre-hook backs up current version before applying evolved prompt
  • Post-hook runs full benchmark suite and compares to baseline
  • Auto-rollback triggers if performance regresses > 10%

Related

🤖 Generated with Claude Code

…A-900)

Implements SafeApplier with three-stage safety gates:
- Pre-hook: backs up current prompt before applying
- Apply: writes new prompt to config.toml
- Post-hook: runs benchmarks and auto-rolls back if performance regresses >10%

Includes:
- SafeApplier trait implementation with backup/restore logic
- Benchmark runner script (build/test/clippy/fmt metrics)
- Auto-rollback on >10% performance regression
- Backup management (keeps last 10 backups)
- Unit tests for backup and benchmark parsing
- Documentation in SAFETY_GATES.md

The default_engine() now uses SafeApplier instead of DefaultApplier.
Added unsafe_engine() for testing without safety gates.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ae81284dec

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +169 to +170
let output = Command::new(&self.benchmark_script)
.output()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Mark benchmark script executable before running it

run_benchmarks() invokes ./scripts/run-evolution-benchmarks.sh directly, but this commit adds that script with mode 100644 (not executable). On Unix, Command::new(...) returns a permission error, and apply() treats that as a benchmark failure, rolls back, and returns Err, so evolved prompts cannot be applied successfully. Either commit the script as executable (100755) or execute it via bash.

Useful? React with 👍 / 👎.

Comment on lines +34 to +35
passed=$(grep -oP '\d+(?= passed)' /tmp/test-output.txt | tail -1 || echo "0")
failed=$(grep -oP '\d+(?= failed)' /tmp/test-output.txt | tail -1 || echo "0")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Sum test results instead of using only last summary

The pass-rate calculation parses cargo test --workspace output with grep ... | tail -1, which only reads the final test-summary line. Workspace runs emit multiple summaries (one per test binary/package), so earlier failures can be ignored if the last summary is clean, producing an inflated test_pass_rate and potentially missing regressions that should trigger rollback.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant