Safer + usable: one hardened registry, real CLI, e2e proof, accurate README#44
Merged
Merged
Conversation
There were two registries with disjoint capabilities: the class-based core/registry/AgentRegistry (auto-discovery, manifest querying — the one actually wired into index.ts, the API server, and the demos) and an object-literal core/AgentRegistry that held the hardened security properties (STRIDE E-5 audited collision rejection, HIGH-tier ApprovalGate preflight, emergency stop, compliance status) but was imported only by compliance.ts and two tests. The hardened controls therefore did not run on the real runtime start path. This ports all of them into the wired class registry: - register() now rejects id collisions with a safety.violation audit event instead of a bare throw (STRIDE E-5) - startAgent() (and the start() alias used by the API server) runs the HIGH-tier ApprovalGate + riskJustification + genAIRisks preflight - emergencyStop(), complianceStatus(), list(), registerAndStart() added - compliance.ts and the two integration/security tests repointed to the single registry; test bodies and assertions unchanged - redundant src/core/AgentRegistry.ts deleted - STRIDE E-5 now credits the runtime registry, not the unwired twin Typecheck clean, 126/126 tests pass, STRIDE claim gate green. https://claude.ai/code/session_01Ds4diwEnvZ863CUoNCQEkY
The CLI claimed "NOW FULLY FUNCTIONAL" but package.json had no `bin` entry and cli/bin.js imported a non-existent ./index.js (the build is noEmit and never compiles cli/), so `npx everythingos` did nothing. - package.json: add bin (`everythingos`, `eos`) - cli/bin.js: launch cli/index.ts via the local tsx runtime, so the CLI works from a cloned repo after `npm ci` with no build step - `eos new <name>`: prompts for risk tier + description and generates an agent from src/agents/_scaffold — preserving the explicit Zod manifest and per-channel allowlists. It substitutes identity/tier/channels only; it never widens channels to wildcards, so a generated agent goes through the same security pipeline as a built-in one - interactive "Create Agent" rerouted to the same scaffold generator; removed writeAgentFile, which emitted an agent with no riskConfig (wildcard `*` channels — an ACL escape hatch the constraints forbid) - ask()/select() are now EOF-safe (default LOW + default description on non-TTY/EOF) instead of hanging forever - openDocs(): corrected the wrong `m0rs3c0d3` GitHub handle to noisyloop Verified end-to-end via the bin launcher (piped + non-TTY): generated agents load, validateManifest passes, the constructor's channel ACL runs with explicit non-wildcard channels. Typecheck clean, 126/126 tests pass. https://claude.ai/code/session_01Ds4diwEnvZ863CUoNCQEkY
examples/e2e-proof.ts registers a custom MEDIUM-tier agent through the
consolidated AgentRegistry and exercises every layer for real:
- register/start runs the compliance preflight
- untrusted input arrives over the EventBus (subscribe channel ACL)
- input goes through the real sanitizeInput injection pipeline
- the agent performs an observable side effect (writes JSON files)
- act() enforces the publish channel ACL and records a tamper-evident
DecisionLedger entry
- the driver independently verifies the ledger entry + chain and the
audit-log chain
No mocks anywhere. Each layer is asserted and, on failure, the script
names the broken layer and exits non-zero (it does not work around a
broken layer). Run via `npm run e2e:proof`. Audit/ledger/output
artifacts are isolated under a gitignored .e2e-proof/ dir.
Verified: proof passes end-to-end (7/7 stages); 126/126 tests still pass.
https://claude.ai/code/session_01Ds4diwEnvZ863CUoNCQEkY
- Add a "Build your first agent" section using the now-real CLI (`npx everythingos new` / `eos new`), the register/run snippet, and `npm run e2e:proof` as the no-mocks proof of life - Surface the Glasswally integration from "What It Is" with an anchor link — it was a real differentiator buried at the bottom - Quick Start fixes: the clone URL/dir used lowercase `everythingos` (clone creates `EverythingOS`; `cd everythingos` fails on a case-sensitive FS) → corrected to the canonical case; the GitHub handle was already correct (noisyloop) - Replace the broken `cp .env.example .env` step — there is no .env.example in the repo — with a direct .env creation that sets EOS_AGENT_SECRET - Surface `npm run e2e:proof` in Quick Start The architecture diagram already reflects the real wired components (updated earlier in this branch); after the registry consolidation its "risk-tier preflight" claim is now literally accurate. https://claude.ai/code/session_01Ds4diwEnvZ863CUoNCQEkY
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Makes EverythingOS both safer and approachable without weakening any security control. Four commits, one per task; all verified (typecheck clean, 126/126 tests, STRIDE claim gate green, e2e proof 7/7).
211dd62refactor(security): consolidate the two AgentRegistry implementations. There were two registries with disjoint capabilities: the wired class registry (core/registry/AgentRegistry— used byindex.ts, the API server, demos) had a bare-throw collision guard and no preflight/emergency-stop; the hardened object registry (core/AgentRegistry) had the STRIDE E-5 audited collision rejection + HIGH-tierApprovalGatepreflight but was imported only bycompliance.ts+ 2 tests — so the hardened controls never ran on the real start path. Ported all hardened properties into the wired registry, repointedcompliance.ts+ both tests (assertions unchanged), deletedsrc/core/AgentRegistry.ts, and corrected the STRIDE E-5 location.60b50edfeat(cli): realbin+eos new.package.jsonhad nobinandbin.jsimported a non-existent compiled file, sonpx everythingosdid nothing. Addedbin(everythingos/eos), madebin.jslaunch via localtsx, and wiredeos new <name>to the_scaffoldtemplate (Zod manifest + explicit per-channel allowlists). RemovedwriteAgentFile, which emitted agents with noriskConfig→ wildcard*channels (an ACL escape hatch). Made prompts EOF-safe. Fixed a wrongm0rs3c0d3GitHub handle in the CLI.6d3920ftest(e2e): real proof-of-life example.examples/e2e-proof.ts+npm run e2e:proof: a custom MEDIUM-tier agent goes registry → subscribe ACL → real injection-sanitization → observable file side effect →act()(publish ACL + DecisionLedger) → independent ledger + audit chain verification. No mocks; names the broken layer and exits non-zero if anything fails.f05344bdocs: README matches the code. "Build your first agent" section on the real CLI, Glasswally surfaced from the top, clone URL/dir case fixed, brokencp .env.example .envstep replaced (no such file in repo).Constraint compliance
No security control removed or weakened for ergonomics — the opposite: Task 1 moved hardening onto the live path, Task 2 removed an ACL escape hatch. Generated/custom agents go through the identical pipeline as built-in ones; HIGH-tier still requires a registered
ApprovalGateAgent.Test plan
npm run typecheck— cleannpm test— 126/126 pass, 10/10 suitesnpm run check:stride— green (E-5 still test-backed)npm run e2e:proof— 7/7 stages pass with real chain verificationeos newverified end-to-end (piped + non-TTY): generated agents load, manifest validates, channel ACL non-wildcard