Skip to content

v0.8.67 Setup support: runtime posture card with constitution boundary #3406

Description

@Hmbown

Constitution boundary update (2026-06-29)

This issue owns the runtime security posture that the constitution creator must not silently change.

The trust/approval/sandbox step should expose a small explicit posture selector such as ask-first / normal agent / high-trust local, then show the actual config effects: default_mode, approval_policy, sandbox/network/trust behavior, and any warnings.

The constitution creator (#3793) may collect an autonomy preference and may recommend one of these runtime postures, but applying the posture must be a separate explicit action owned here. This prevents a user-global constitution from becoming a hidden permissions file.

Acceptance additions:

  • A constitution autonomy preference does not directly mutate runtime mode/approval/sandbox/trust.
  • Applying a runtime posture from setup shows a visible config diff and confirmation.
  • Doctor/setup report can show both: constitution preference and effective runtime posture, side by side.

Product shape

This step turns "how much can CodeWhale do on its own?" into a small, legible choice — like a difficulty/mode selector, not a policy document. The user picks one of a few named postures (ask-first / normal agent / high-trust local) and sees, in plain language, what each allows and protects. Advanced users can drill into approval policy, sandbox, network, and privacy individually; first-run users take the recommended preset and move on. The effective policy — and where it comes from (default / user / project / CLI / env) — is always visible.

Non-goals

  • Not inventing a new policy engine; reuse the existing workspace-trust, approval-policy, sandbox, and network-policy runtime.
  • Not forcing power users through a simplified preset — advanced controls remain reachable.
  • Not changing project-level overlay precedence semantics; only surfacing and warning about overrides.

Safe fallback

  • Skipping the step leaves current/default trust + approval + sandbox intact (status inherited/optional).
  • A risky combination (e.g. high-trust + untrusted workspace + open network) surfaces a clear warning but remains a permitted explicit choice; setup never silently overrides a deliberate user pick.
  • Summaries redact any secret-bearing policy detail.

Problem

The setup wizard should help users understand and configure safety boundaries before they start running agents. Workspace trust, approval policy, sandbox behavior, network access, telemetry/privacy, hooks, and secret handling are currently scattered across docs, config, onboarding, and runtime prompts.

Scope

  • Reuse or replace the current workspace trust onboarding screen with a richer setup step.
  • Explain and configure approval policy, sandbox mode, workspace trust, network policy, and optional telemetry/privacy settings where supported.
  • Surface risky configuration clearly without fearmongering or hiding the escape hatches power users need.
  • Show the current effective policy and where it comes from: defaults, user config, project config, CLI flags, or environment.
  • Ensure setup summaries redact secrets and avoid logging sensitive policy details unnecessarily.
  • Add tests for trust choice, approval policy choice, sandbox choice, skipped setup, project override warning, and redacted summary behavior.

Definition of done

  • Users can see and configure the safety posture before first real agent work.
  • Existing users can rerun setup to inspect current trust/approval/sandbox/network state.
  • Policy changes go through comment-preserving config persistence or explicitly require a restart when needed.
  • Docs and setup copy agree with actual runtime behavior.

Localization / UX

Doctor / docs expectations

Acceptance criteria

  • Users can choose a safety posture before first real agent work; advanced controls are reachable but not forced.
  • Effective policy and its source (default/user/project/CLI/env) is displayed.
  • Existing users can rerun /setup to inspect current trust/approval/sandbox/network state.
  • Policy changes persist through comment-preserving config writes (v0.8.67 Setup: config persistence, migration, secret handling, and rollback #3410) or clearly require a restart.
  • A risky-but-deliberate combination warns without silently overriding.
  • Summaries redact secrets; tests cover trust choice, approval policy, sandbox, skipped setup, project-override warning, and redaction.

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationenhancementNew feature or requestreliabilityReliability, flaky behavior, retries, fallbacks, and robustnesssecuritySecurity, isolation, permissions, or trust-boundary worktuiTerminal UI behavior, rendering, or interactionuxUser experience, interaction, or presentation polishv0.8.67Targeting v0.8.67

    Projects

    Status
    Done

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions