feat(agent-journal): witness provider fetch bytes#129
Merged
Conversation
Record the provider-context merge and successful main CI without advancing the infrastructure acceptance gate. RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-program-ledger.test.ts Failure: ledger omitted merged PR 128.
Wrap the frozen Codex SSE fetch boundary, verify exactly one approved request against the logical filter receipt, safely bound zstd decoding, and retain only content-free logical and physical SHA-256 evidence. RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-provider-fetch-witness.test.ts Failure: provider fetch witness module was absent. Security RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-provider-fetch-witness.test.ts -t Headers Failure: a Headers subclass executed its overridden get method and was forwarded.
Forward private copies of the validated physical body and native headers so caller-retained references cannot mutate bytes after attestation. RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-provider-fetch-witness.test.ts -t private Failure: fetch received the original mutable body and Headers references.
Bind exact endpoint paths, reject overridable URL and Headers objects, block callback reentry before validation, clear receipts on transport failure, and assert server-observed physical bytes against the receipt. Also state that real Pi runner proof remains deferred. RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-provider-fetch-witness.test.ts -t reentry Failures: forged Headers and URL values forwarded, callback reentry sent twice, transport failure retained a receipt, and non-Codex paths were accepted.
Snapshot native headers before invoking receipt callbacks and reject an in-flight first result when a concurrent duplicate terminally invalidates the witness. RED: npx vitest run packages/pi-agent-journal/__tests__/evaluation-provider-fetch-witness.test.ts -t snapshots Failures: callback-mutated headers were forwarded and the first concurrent request resolved after duplicate invalidation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an evaluation-only physical fetch witness for the frozen Pi 0.80.6 Codex SSE path. It allows exactly one request to the exact approved endpoint, snapshots native headers and request bytes before callbacks, bounds zstd decompression, and independently matches the decompressed logical body to the provider-filter receipt.
The safe receipt contains only an opaque attempt ID, endpoint/transport/encoding enums, counts, byte lengths, and SHA-256 digests. The forwarded request receives private body/header copies, validation failures never reach fetch, duplicate or reentrant requests invalidate the witness, and transport failures clear evidence and become terminal.
This remains a narrow infrastructure primitive. Extension-order, credentials/provider authenticity, attempt scheduling, a real Pi runner lifecycle, and full B3 acceptance remain deferred.
The pre-acceptance ledger is also reconciled through merged PR #128 without advancing the user gate.
Validation
npm run check:ciDeferred infrastructure proof