[codex] Integrate governed Git delivery into editor foundation#1551
Merged
oscharko merged 18 commits intoJun 26, 2026
Merged
Conversation
…and risk semantics (#471) (#1503) Introduce the typed contract foundation for Epic #470 governed Git delivery: three keiko-contracts leaf modules (git-delivery, git-delivery-policy, git-delivery-provider) defining the 10-kind action model, the 4-class risk taxonomy with data-driven severity, the approval-intent model, the lifecycle envelope (resolved inputs / policy decision / approval requirement / preview / result / evidence ref), repo and org policy packs with a deterministic fail-closed evaluator, and provider-neutral branch-protection / checks / pull-request / merge-readiness interfaces. Adds ADR-0058, an operator-facing governance doc, and a keiko-tools boundary test proving the read-only terminal baseline still denies every Git mutation so governed write authority lives only behind these typed contracts (AC5). Enables CI and CodeQL on the feat integration branch by mirroring the existing feat/prompt-enhancer-1307 trigger and protected-branch-gate entries. Refs #471 Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
#1509) Implement the deterministic preflight and mutation orchestration kernel for governed local Git writes (Issue #472, Epic #470), consuming the #471 contracts. - Lifecycle orchestrator (runGitMutation): resolve, preflight, preview, policy, execute, result — the single execution authority over local mutation kinds. - Deterministic preflight evaluators over a content-free worktree snapshot, with typed findings (blocking/advisory severity; user-actionable/internal remediation); idempotent reruns by construction. - Narrow local Git adapter: a typed port with NO generic exec method, a closed governed command table, a dedicated allowlist, and pure argv builders with flag-injection guards. The Node adapter runs plans through the existing keiko-tools no-shell spawn boundary. - Structured failure taxonomy (policy-block / preflight-block / execution-failure / provider-failure / recovery-required) consumable without string parsing. - Idempotency journal (records successes only) and safe-retry semantics. - ADR-0059 + docs; barrel exports + surface pins; ./internal/git-mutation subpath. The read-only terminal git baseline is preserved and machine-checked complementary to the governed write surface. Remote/provider execution (push/PR/merge) is deferred to #476-#478 behind a separate gateway. Refs #472 Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…d action-sheet UX contracts (#473) (#1513) Implement the approval and preview presentation layer for governed Git delivery (Issue #473, Epic #470) on top of the #471 contracts and the #472 execution kernel. - keiko-contracts: new strict-leaf git-delivery-action-sheet.ts projecting the kernel's content-free facts into a UI-safe GitDeliveryActionSheet — a three-state union (ready-to-execute / waiting-for-approval / blocked), an approval summary with mandatory/optional/impossible necessity, a content-free preview manifest (branch targets, mutation scope, remote impact, PR/merge/branch-protection/checks state, expected blockers), a policy/preflight/provider-not-ready blocked-cause classification, and recovery hints with a suggested governed recovery strategy. Includes the wire request type and pure assemblers/guards/parsers. - keiko-server: POST /api/git-delivery/action-sheet — a read-only/computational BFF endpoint that runs the pure kernel phases (evaluateGitPreflight + evaluateGitPolicy over TRUSTED server policy packs) and projects them into a sheet. Default-false deployment capability gate; CSRF + body-cap + strict-key + secret-shape + unsafe-format-char (Trojan-Source) rejection; deep-redacted response; expiry-aware approval demotion (clock parity with the #472 kernel). - keiko-ui: desktop GitDeliveryActionSheetCard rendering ready/blocked/recovery states with alertdialog semantics, focus management, a status live region, not-colour-alone labelling, and jest-axe coverage; fetchGitDeliveryActionSheet client. - ADR-0060 + docs/git-delivery/governed-git-approval-surface.md; regenerated ADR-0051 visual-regression proofs (evidence/1300) after the additive .gdas-* globals.css block. Authority stays server-side; the action sheet is a pure projection over backend facts, never a second policy system. No mutation executes in this slice (local execution is #472; remote push/PR/merge are #476-#478). Content-free throughout. Refs #473 Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…rt, and recovery metadata (Refs #474) (#1517) * feat(git-delivery): add governed Git mutation evidence ledger, audit export, and recovery metadata (Refs #474) Deliver the audit and compliance backbone for Epic #470 governed Git delivery so mutating repository actions become inspectable, exportable, and supportable after execution (Issue #474). - keiko-contracts: new strict-leaf `git-delivery-evidence.ts` defining the content-free `GitDeliveryEvidenceRecord`, exportable `GitDeliveryAuditPacket`, AC1 outcome-class vocabulary, the net-new retrospective three-way `GitDeliveryRecoveryDisposition` (retryable/user-fixable/policy-forbidden/none), and total exhaustive recovery-disposition derivations. Reuses the #473 recovery action-hint and #471 strategy vocabularies (no parallel subsystem). - keiko-tools: pure `buildGitDeliveryEvidenceRecord` projecting the #472 `GitMutationLifecycleResult` into a record for EVERY terminal outcome; hashes remote identifiers, the provider external id, and the repo identity (content-free by construction). - keiko-server: bounded, date-bucketed append-only evidence ledger (`mutationEvidenceLedger.ts`, redact-then-persist, fail-closed, never throws) and a capability-gated `GET /api/git-delivery/evidence` audit-export route with re-redaction on read. - ADR-0061 and docs/git-delivery/governed-git-evidence-ledger.md. Tests: 47 new (contracts 13, tools 21, server 13) proving AC1 completeness, AC2/AC5 no-secret-leak, AC3 recovery classification, AC4 export. Producer wiring of the kernel into a live execution route remains deferred to #476-#478. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(git-delivery): harden #474 evidence ledger per adversarial review (Refs #474) Adversarial 5-lens review (security/architecture/correctness/tests/redaction-skeptic; 3 SHIP, 1 SHIP_WITH_FIXES, no blockers). Confirmed fixes: - correctness (medium): effectiveBlockReason no longer attaches an eagerly-evaluated policy block reason to a preflight-blocked outcome (the policy gate never fired); preflight blocks now carry no policy blockReason. Regression test added. - audit integrity: strip bidirectional/zero-width/BOM format characters from echoed branch names so a crafted ref cannot visually spoof an audit row. Test added. - guard: isGitDeliveryAuditPacket now verifies recordCount === records.length. - export honesty: the audit packet now carries a bounded-window limitation note; multi-day cross-bucket + window-exclusion route tests added. - docs: soften the SHA-256/redactor wording (redactor is a secret-shape backstop, not a catch-all; the primary control is by-construction hashing); document that approver ids and branch names are deliberately retained governance provenance; correct ADR-0061 builder deps (deps.hash), correlation mechanism, server filenames, and the stale boundary-review note. Disposition: raw approver ids are intentional governance provenance (AC2 requires preserving approval provenance); not a leak. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…with commit-intent composition (Refs #475) (#1523) * feat(git-delivery): commit-message policy + commit-intent contracts and branch-switch kind (Refs #475) Adds two strict keiko-contracts leaves (git-commit-policy.ts, git-commit-intent.ts) and the governed branch-switch action kind. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * docs(adr): ADR-0062 governed local git flows and commit-intent (Refs #475) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * feat(git-delivery): branch-switch kernel, read-only worktree snapshot reader, commit-intent summary (Refs #475) Adds the governed branch-switch command across the #472 kernel (adapter argv, orchestrator dispatch, preflight switch-target-missing), a read-only worktree snapshot reader on the internal git-mutation subpath, and the pure commit-intent change summarizer. Threads the new finding code through the action-sheet projection recovery-hint table. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * feat(git-delivery): governed local branch/staging/commit execution + preview routes (Refs #475) Adds the BFF execution surface for the #475 local flows: branch create/switch + staging routes and a read-only commit preview + governed commit execute route. Each runs the #472 kernel (preflight + policy + approval) over a server-built live snapshot, enforces the commit-message policy before the kernel, surfaces commit-intent quality warnings, and records evidence through the #474 ledger. Capability- and CSRF-gated, content-free, fail-closed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * feat(git-delivery): governed local git flow desktop surface (Refs #475) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * docs(git-delivery): governed local git flows reference (Refs #475) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * test(git-delivery): browser e2e evidence for governed commit no-bypass + fix window persistence (Refs #475) Adds a deterministic Playwright spec (real packaged app, governed routes intercepted) proving the browser commit path surfaces the governed message-policy block and cannot bypass /commit/execute (AC5 browser half). Fixes the governedGit window persistence from evidence-reference (which strips the slash-bearing project path → broken empty window on reload) to fs-reference, matching the path-carrying files/editor windows. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * style(git-delivery): satisfy strict lint in #475 test files (Refs #475) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…ardening (Refs #475) (#1525) * test(git-delivery): raise branch coverage + harden commit-message validator totality (Refs #475) Adversarial-review follow-ups: guard new RegExp in the issue-key check so the pure validateGitCommitMessage stays total (and fails closed) on a malformed operator-configured pattern. Add an execution-core integration test (real git through the default seams) + route branch-coverage for worktree-unavailable, approval-required, allowEmpty, the real branch/staging specs, and validation paths; drop the unused isStringArray guard. Restores keiko-server branches above its ratchet floor. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> (cherry picked from commit 1a99e4e) * fix(test): use the real in-memory store in the resolveProjectWorkspace test (Refs #475) The fake Project literal did not satisfy the UiStore type under the full tsc --noEmit (which checks test files); use createInMemoryUiStore so the test is type-safe. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…tream, and protected-target awareness (#1527) Add the governed publish layer (Issue #476, Epic #470) that turns local commit completion into safe remote delivery. `git push` becomes a controlled publish workflow with explicit preview, policy enforcement, recovery semantics, and evidence capture for allowed and blocked attempts. - keiko-tools: new `git-publish-gateway.ts` (pure) — `GitPushCommand`, the narrow `GitRemotePublishAdapter` port, a dedicated push-only allowlist, `buildPushArgv` (refuses force), the publish-rejection taxonomy, and the `runGitPublish` orchestrator producing a kernel-shaped lifecycle result. New `git-publish-node.ts` Node executor classifies rejections from git output. Push preflight gains a `non-fast-forward` finding. - keiko-server: new `pushExecution.ts` (`executeGovernedPublish`, default-safe publish policy pack, preview/response projections) + `pushRoutes.ts` (`/api/git-delivery/push/preview` read-only, `/push/execute` governed). - keiko-ui: a Publish section in `GovernedGitFlowCard`. - Protected/shared targets are blocked by policy (stricter than user branches); force push is blocked by default (publish risk ceiling + argv refusal). - ADR-0063; integration, route, unit, UI, and packaged-app browser evidence. Refs #476 Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…etadata orchestration (Refs #477) (#1531) Deliver the governed pull request layer for Epic #470 (ADR-0064): turn a published branch into a review-ready GitHub PR through an explicit, governed workflow — a parallel execution authority to the #476 publish gateway, never an extension of it. - contracts: new strict leaf git-pull-request.ts — provider-neutral, content-free readiness model (objectExists vs reviewReady + severity-ranked blockers), deterministic metadata synthesis, draft-vs-ready recommendation, reviewer/label/ linkage suggestions, and a neutral rejection taxonomy with exhaustive disposition/error-code tables. No cross-package imports, no provider field names. - tools: git-pr-gateway.ts (pure PR gateway — GitPullRequestCommand carrying title/body, narrow two-method adapter port, dedicated `gh api` allowlist with NO merge/delete, pure argv builders, GitHub-error classifier, effective policy, runGitPullRequest returning a kernel-shaped lifecycle the #474 evidence builder consumes unchanged) + git-pr-node.ts (Node `gh api` executor; gh reads its own token, Keiko never does). - server: prExecution.ts + prRoutes.ts (read-only preview + governed execute) under a default-safe KEIKO_DEFAULT_PR_POLICY_PACK; content-free evidence (only byte lengths), capability-gated behind KEIKO_GIT_DELIVERY_ENABLED. - ui: GovernedPullRequestCard.tsx command center (editable metadata draft, readiness panel, recommendation, normalized failures). Inline CSS vars (globals.css untouched); WCAG 2.2 AA (aria-live, text-not-colour). - tests: contracts/tools/server/ui unit + a11y suites; browser e2e proving the PR path reaches the governed BFF routes with no bypass (evidence under docs/git-delivery/evidence/477). Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…ent, and guided recovery (Refs #478) (#1534) The merge layer of Epic #470 (ADR-0065): a THIRD parallel `gh api` execution authority that turns a review-ready pull request into a merged base branch as a governed release decision. Merge cannot execute until preflight, policy + final approval, and a provider readiness gate all pass; the provider's own enforcement is the backstop. - keiko-contracts: NEW leaf git-merge.ts — provider-neutral merge-readiness model (severity-ranked blockers reusing GitDeliveryMergeBlockReason + lifecycle states), strategy eligibility (policy ∩ provider capability), merge recommendation, and the rejection taxonomy with exhaustive error-code / recovery-disposition tables. Pure; existing contracts unchanged. - keiko-tools: git-merge-gateway.ts (GitMergeCommand, narrow two-method GitMergeAdapter, dedicated `gh api` merge allowlist, argv builders, ordered GitHub merge-error classifier, mergeable_state mapper, runGitMerge 3-gate orchestrator producing a kernel-shaped lifecycle) + git-merge-node.ts (Node `gh api` executor: readiness reads + merge PUT + guarded non-fatal branch DELETE; token read by gh, never by Keiko). - keiko-server: gitDelivery/mergeExecution.ts (approval-gated KEIKO_DEFAULT_MERGE_POLICY_PACK; preview/execute projections carrying per-blocker recovery info) + mergeRoutes.ts (read-only preview + governed execute, capability gate, validation, #474 evidence). Route group registered. - keiko-ui: GovernedMergeCard.tsx (window "governedMerge": eligible-strategy selector, readiness/recovery panel, final high-risk confirmation, outcome banner; inline CSS vars, globals.css untouched) + api client + window registry. - Docs: ADR-0065, docs/git-delivery/governed-merge.md. - Tests: contracts (38), tools gateway/node (55), server routes (13), UI card + a11y (17); browser e2e (playwright.issue-478) proving no merge-anyway bypass, with evidence under docs/git-delivery/evidence/478. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…onciliation (Refs #470) (#1538) The #479 closeout summary recorded that Epic #470 must remain open until the GitHub issue and project-board records for #472, #477, and #478 were reconciled with their already-merged code. #477 and #478 have since been closed; this finalizes the remaining reconciliation of #472 (governed Git mutation execution kernel, PR #1509 / 401b08a) and retires the closure-gating note now that all nine child issues (#471-#479) are closed and every Definition-of-Done and Expected-Verification item is evidenced. Refs #470 Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
73 tasks
oscharko
merged commit 7a33111
into
feat/keiko-agent-native-editor-foundation-and-runtime
12 checks passed
This was referenced Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Integrates Epic #470 governed end-to-end Git delivery into the active Epic #1491 editor foundation branch without widening the editor Git surface into a second delivery implementation.
Key integration decisions:
/api/git/statusand/api/git/diff./api/git-delivery/*: branch, stage, commit, publish, pull request, merge, recovery, policy, approval, and evidence.Integration Notes
origin/feat/keiko-establish-governed-end-to-end-git-deliveryinto the currentorigin/feat/keiko-agent-native-editor-foundation-and-runtimesnapshot.docs/git-delivery/.docs/git-delivery/editor-integration.mdto document the read-only editor Git vs governed Git delivery mutation boundary.Verification
npm cinpm run check:git-delivery-evidencenpm run build:packagesnpm exec vitest -- run packages/keiko-contracts/src/index.test.ts packages/keiko-server/src/routes.test.ts packages/keiko-tools/src/index.test.tsnpm run typechecknpm run lintnpm run arch:checknpm run arch:check:negativenpm exec vitest -- run packages/keiko-contracts/src/git-*.test.ts packages/keiko-server/src/gitDelivery/*.test.ts packages/keiko-tools/src/git-*.test.tsFollow-up Before Merge
This PR is draft while #1388/#1389 work is still running on the base branch. Before merging, refresh against the final Epic #1491 branch tip and confirm that #1389 delegates mutating Git actions to the governed Git delivery APIs/windows.