Skip to content

feat(agent-journal): filter phase-B provider context#128

Merged
feniix merged 3 commits into
mainfrom
feat/agent-journal-provider-context
Jul 13, 2026
Merged

feat(agent-journal): filter phase-B provider context#128
feniix merged 3 commits into
mainfrom
feat/agent-journal-provider-context

Conversation

@feniix

@feniix feniix commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

Adds an evaluation-only logical request boundary for the frozen Pi 0.80.6 OpenAI Codex SSE path. Every provider call re-identifies the current runtime Agent Journal capsule, removes the complete phase-A Agent-message prefix, snapshots trusted configuration, independently converts the remaining suffix through Pi's installed serializer, and rebuilds the full provider input from that snapshot.

The boundary rejects malformed, drifted, spoofed, oversized, proxy-backed, accessor-backed, or non-SSE inputs. Failures return a content-free non-serializable sentinel because Pi swallows provider-hook exceptions; the real serializer test proves this prevents fetch. A loopback server also captures and decompresses the actual SSE body and matches its logical byte digest.

This PR is intentionally not B3 completion. Independent suffix witnessing, extension-order attestation, physical fetch-body receipts, authenticated real-Pi proof, and real-runner wiring remain required.

The safe pre-acceptance ledger is also reconciled through merged PRs #126 and #127 without advancing the infrastructure gate.

Validation

  • RED: provider-boundary module absent
  • Security RED: own __proto__ carrier bypassed unknown-key detection
  • Security RED: post-construction configuration mutation was accepted
  • Security RED: appended provider input could preserve phase-A content
  • Agent Journal suite: 279 tests passed
  • Coverage: 87.16% lines, 84.80% statements, 92.06% functions, 80.44% branches
  • npm run check:ci
  • package MCP build
  • dry-run package leak scan: zero evaluation files
  • specdocs validation
  • independent code review: no blockers
  • independent security re-review: no blockers
  • independent evaluation-integrity re-review: no blockers

Deferred infrastructure proof

  • independent final suffix witness
  • extension allowlist and order attestation
  • physical zstd/fetch-body receipt
  • authenticated four-process real-Pi execution

Compound Engineering
Pi

feniix added 3 commits July 13, 2026 12:56
Record the merge commits and successful main CI runs for the ledger
reconciliation and canonical-receipt infrastructure slices without
advancing the pre-acceptance program gate.

RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-program-ledger.test.ts
Failure: ledger omitted merged PRs 126 and 127.
Freeze evaluation continuation to the Pi 0.80.6 Codex SSE payload,
remove every pre-boundary message, validate the runtime capsule and
provider body, and fail closed with a non-serializable abort payload.
A loopback test captures and hashes the actual decompressed SSE body.

RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-provider-context.test.ts
Failures: module absent; loopback request blocked by invalid synthetic auth; own __proto__ carrier bypassed unknown-key detection.
Snapshot trusted filter configuration, independently convert the filtered
Agent-message suffix through the frozen Codex serializer, and rebuild the
full provider input from that result so same-length or appended carriers
cannot preserve phase-A content. Document the remaining B3 proof boundary.

RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-provider-context.test.ts -t snapshots
Failures: mutated configuration was accepted and an appended phase-A provider item reached the rebuilt wire body.
@feniix
feniix merged commit 568d0ef into main Jul 13, 2026
2 checks passed
@feniix
feniix deleted the feat/agent-journal-provider-context branch July 13, 2026 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant