diff --git a/.yoi/tickets/00001KVFDX9AF/artifacts/orchestration-plan.jsonl b/.yoi/tickets/00001KVFDX9AF/artifacts/orchestration-plan.jsonl index 9e8c0bce..a7e647d8 100644 --- a/.yoi/tickets/00001KVFDX9AF/artifacts/orchestration-plan.jsonl +++ b/.yoi/tickets/00001KVFDX9AF/artifacts/orchestration-plan.jsonl @@ -1,2 +1,3 @@ {"id":"orch-plan-20260619-102132-1","ticket_id":"00001KVFDX9AF","kind":"waiting_capacity_note","note":"明示 queue review で確認済み。依存 Ticket `00001KV5W3PHW` / `00001KV5W3PJ3` は closed で blocker ではないが、同時 queued の `00001KVFD3YSV` CLI inspection と `00001KVFDX9AY` fs host API はいずれも Plugin manifest/grant/runtime/diagnostic 周辺を触る。まず read-only CLI inspection を開始し、host API implementation は conflict / reviewer-coder bottleneck を避けるため queued のまま待機する。次の routing pass で再確認する。","author":"yoi-orchestrator","at":"2026-06-19T10:21:32Z"} {"id":"orch-plan-20260619-102132-2","ticket_id":"00001KVFDX9AF","kind":"do_not_parallelize","related_ticket":"00001KVFDX9AY","note":"`https` と `fs` host API はどちらも WASM Plugin Tool runtime host import boundary、Plugin grant model、diagnostics/tests/package behavior に触れるため、同時実装は conflict risk が高い。片方の merged/validated 後にもう片方を再 routing する。","author":"yoi-orchestrator","at":"2026-06-19T10:21:32Z"} +{"id":"orch-plan-20260619-142431-3","ticket_id":"00001KVFDX9AF","kind":"accepted_plan","accepted_plan":{"summary":"WASM Plugin Tool runtime に明示 grant された HTTPS outbound host API を追加する。HTTPS-only、private/local target rejection、method/host/path allowlist、bounded request/response/timeout/redirect/diagnostics、secret redaction、ordinary Tool result path、no ambient env/network authority を満たす。","branch":"impl/00001KVFDX9AF-plugin-https-host-api","worktree":"/home/hare/Projects/yoi/.worktree/00001KVFDX9AF-plugin-https-host-api","role_plan":"Orchestrator は専用 implementation worktree を作成し、Coder をその worktree への narrow write scope で起動する。Reviewer は実装報告後に read-only で確認する。`fs` host API と Component Model migration は重複する Plugin runtime/grant surface のため queued hold を維持する。"},"author":"yoi-orchestrator","at":"2026-06-19T14:24:31Z"} diff --git a/.yoi/tickets/00001KVFDX9AF/item.md b/.yoi/tickets/00001KVFDX9AF/item.md index f5339da7..58b7ee41 100644 --- a/.yoi/tickets/00001KVFDX9AF/item.md +++ b/.yoi/tickets/00001KVFDX9AF/item.md @@ -1,8 +1,8 @@ --- title: 'Plugin: implement https host API for Tool runtime' -state: 'queued' +state: 'inprogress' created_at: '2026-06-19T07:53:13Z' -updated_at: '2026-06-19T10:22:26Z' +updated_at: '2026-06-19T14:25:28Z' assignee: null readiness: 'implementation_ready' risk_flags: ['plugin', 'https', 'host-api', 'network', 'sandbox', 'secrets', 'permission-grants'] diff --git a/.yoi/tickets/00001KVFDX9AF/thread.md b/.yoi/tickets/00001KVFDX9AF/thread.md index 44bf0a3b..56ed9117 100644 --- a/.yoi/tickets/00001KVFDX9AF/thread.md +++ b/.yoi/tickets/00001KVFDX9AF/thread.md @@ -37,3 +37,112 @@ Next action: - その時点で `fs` host API Ticket との ordering / conflict も再確認する。 --- + + + +## Decision + +Routing decision: implementation_ready + +Reason: +- Panel Queue により、この Ticket は Orchestrator routing 対象として明示許可された。 +- Ticket body には、HTTPS host API intent、binding invariants、acceptance criteria、non-goals、validation、escalation-worthy risk domain が実装可能な粒度で揃っている。 +- 依存 relation の `00001KV5W3PHW` minimal WASM runtime、`00001KV5W3PJ3` permission grants、関連 `00001KVFD3YSV` CLI inspection は closed で blocker ではない。 +- Risk domain は network / secrets / host API / permission grants だが、Ticket は HTTPS-only、private/local target rejection、grant allowlist、bounded request/response/timeout/diagnostics、no ambient env/network、ordinary Tool result path を binding invariants として明示している。bounded context check 後も implementation 前に必要な追加 human decision は見つからなかった。 +- 同時 queued の `00001KVFDX9AY` fs host API と `00001KVG0HR96` Component Model migration は Plugin runtime/grant/diagnostic/packaging surface が重なるため、waiting/conflict notes を更新し queued のまま待機する。 + +Evidence checked: +- Ticket `00001KVFDX9AF` body / thread / artifacts。 +- `TicketRelationQuery(00001KVFDX9AF)`: depends_on は closed。related Ticket は context であり acceptance blocker ではない。 +- `TicketOrchestrationPlanQuery(00001KVFDX9AF)`: 既存 waiting/do_not_parallelize records を確認。今回 `accepted_plan` を記録済み。 +- Related completed Tickets: + - `00001KV5W3PHW` — minimal WASM Tool runtime closed。 + - `00001KV5W3PJ3` — Plugin permission grants closed。 + - `00001KVFD3YSV` — Plugin read-only CLI inspection closed。 +- Current queued Tickets: + - `00001KVFDX9AY` fs host API: do_not_parallelize / waiting reason を維持。 + - `00001KVG0HR96` Component Model migration: migration boundary / conflict waiting note を更新。 +- Orchestrator worktree `/home/hare/Projects/yoi/.worktree/orchestration`: clean。 +- Existing branch/worktree: matching `00001KVFDX9AF` branch/worktree はなし。 +- Visible Pods: self / peer / intake only; spawned child capacity is free。 +- Current code map: + - `crates/pod/src/feature/plugin.rs`: Plugin resolver, permission grants, static inspection, WASM tool feature。 + - `crates/pod/src/pod.rs`: WASM Tool runtime / `run_plugin_wasm_tool` / host import validation。 + - `crates/manifest/src/plugin.rs`: Plugin manifest and permission model。 + - `crates/yoi/src/plugin_cli.rs`: read-only inspection output should remain compatible with host API diagnostics。 + +IntentPacket: + +Intent: +- WASM Plugin Tool runtime に、明示 grant された outbound HTTPS request だけを実行できる `https` host API を追加する。 +- Plugin は ambient network access を持たず、host API import + requested permission + config grant + allowlist を満たす場合だけ bounded HTTPS request を実行できる。 + +Binding decisions / invariants: +- Host API name/domain は `https`。`web` ではない。 +- HTTPS-only。`http://`、localhost、private IP、link-local、unix socket、file URL、local/private host targets は reject。 +- Grant がない場合、network access 前に fail closed。 +- host / method / optional path prefix などの allowlist を表現し、grant と request を照合する。 +- Request/response は bounded。 + - method allowlist + - request body size bound + - header count/size bound + - response body size bound + - timeout + - redirect policy +- Credentials は ambient env から読まない。header/auth は explicit config / secret ref 経由だけ。 +- Diagnostics に secret-like header/token/body content を漏らさない。 +- HTTPS response は hidden context injection ではなく ordinary Tool result/history path に残す。 +- `fs` host API、WebSocket/SSE/timers、Service/Ingress lifecycle、Plugin package manager は non-goals。 + +Requirements / acceptance criteria: +- Granted Plugin Tool can perform an allowed HTTPS request through host API。 +- Missing `host_api.https` grant denies before network access。 +- Disallowed host / method / URL scheme denies。 +- `http://`, localhost, private IP, link-local, local/private host targets reject。 +- Timeout and response-size bounds are enforced。 +- Request/response diagnostics are bounded and redact secret-like values。 +- No ambient env credentials or ambient network APIs are exposed to WASM。 +- Tool result path remains ordinary Tool result/history path。 +- Tests cover allowed HTTPS, missing grant, disallowed host/method/scheme/private target, timeout, response truncation, secret redaction, no network without host API import/grant。 + +Implementation latitude: +- Choose exact ABI/import shape consistent with existing `yoi-plugin-wasm-1` host import design。 +- Choose narrow grant config representation for host/method/path allowlist consistent with current Plugin permission grant model。 +- Use local deterministic test server/mock if needed for allowed HTTPS/timeout/response bound tests, but keep network-safety tests deterministic。 +- Choose bounded response header/body representation that fits existing Tool result error/result types。 + +Escalate if: +- Implementing HTTPS requires broad runtime executor redesign or Component Model migration first。 +- Secure host/method/path grant model cannot be represented without breaking existing permission grant schema。 +- SecretRef handling requires new secret-store public API beyond explicit config references。 +- Safe private/local-host rejection cannot be implemented deterministically enough for tests。 +- Host API result/error shape requires product-visible Tool result schema decision beyond this Ticket。 + +Validation: +- Focused plugin HTTPS host API tests。 +- Relevant `cargo test` / `cargo check` for `pod`, `manifest`, `yoi` as changed。 +- `cargo fmt --check`。 +- `git diff --check`。 +- `nix build .#yoi` because dependency/package/network code may change。 + +Critical risks / reviewer focus: +- Network access before grant/allowlist checks。 +- Private/local/localhost bypass through DNS, redirects, IPv6, encoded URLs, or scheme confusion。 +- Secret leakage in diagnostics or Tool result/history。 +- Ambient env credential usage。 +- Unbounded request/response bodies or headers。 +- Hidden context injection by bypassing normal Tool result path。 +- Breaking existing Plugin permission grant enforcement or CLI inspection semantics。 + +Next action: +- `queued -> inprogress` を記録し、Ticket records を Orchestrator worktree に commit してから、専用 implementation worktree を作成し Coder Pod を narrow write scope で起動する。root/original workspace は操作しない。 + +--- + + + +## State changed + +Ticket body/thread, relation metadata, orchestration plan records, related completed Tickets, Orchestrator worktree, visible Pods, existing branch/worktree, and bounded Plugin host API code context were checked. Depends-on blockers are closed, prior CLI inspection related work is closed, and no dirty-state blocker or missing planning decision was found. `fs` host API and Component Model migration remain queued with conflict/migration waiting records. Accepting this queued Ticket for implementation before worktree/Pod side effects. + +--- diff --git a/.yoi/tickets/00001KVFDX9AY/artifacts/orchestration-plan.jsonl b/.yoi/tickets/00001KVFDX9AY/artifacts/orchestration-plan.jsonl index c2ed2135..4ce2b932 100644 --- a/.yoi/tickets/00001KVFDX9AY/artifacts/orchestration-plan.jsonl +++ b/.yoi/tickets/00001KVFDX9AY/artifacts/orchestration-plan.jsonl @@ -1,2 +1,3 @@ {"id":"orch-plan-20260619-102132-1","ticket_id":"00001KVFDX9AY","kind":"waiting_capacity_note","note":"明示 queue review で確認済み。依存 Ticket `00001KV5W3PHW` / `00001KV5W3PJ3` は closed で blocker ではないが、同時 queued の `00001KVFD3YSV` CLI inspection と `00001KVFDX9AF` https host API はいずれも Plugin manifest/grant/runtime/diagnostic 周辺を触る。まず read-only CLI inspection を開始し、host API implementation は conflict / reviewer-coder bottleneck を避けるため queued のまま待機する。次の routing pass で再確認する。","author":"yoi-orchestrator","at":"2026-06-19T10:21:32Z"} {"id":"orch-plan-20260619-102132-2","ticket_id":"00001KVFDX9AY","kind":"do_not_parallelize","related_ticket":"00001KVFDX9AF","note":"`fs` と `https` host API はどちらも WASM Plugin Tool runtime host import boundary、Plugin grant model、diagnostics/tests/package behavior に触れるため、同時実装は conflict risk が高い。片方の merged/validated 後にもう片方を再 routing する。","author":"yoi-orchestrator","at":"2026-06-19T10:21:32Z"} +{"id":"orch-plan-20260619-142431-3","ticket_id":"00001KVFDX9AY","kind":"waiting_capacity_note","note":"`00001KVFD3YSV` Plugin CLI inspection は closed になったため再 routing した。`https` host API Ticket `00001KVFDX9AF` を先に受理する。`fs` host API は既存 do_not_parallelize record の通り WASM Plugin Tool runtime host import boundary、Plugin grant model、diagnostics/tests/package behavior が重なるため、`https` の merge/validation outcome まで queued のまま待機する。Bounded reason: conflict / reviewer-coder bottleneck。","author":"yoi-orchestrator","at":"2026-06-19T14:24:31Z"} diff --git a/.yoi/tickets/00001KVFDX9AY/item.md b/.yoi/tickets/00001KVFDX9AY/item.md index f9d5f7ec..4201cf3c 100644 --- a/.yoi/tickets/00001KVFDX9AY/item.md +++ b/.yoi/tickets/00001KVFDX9AY/item.md @@ -2,7 +2,7 @@ title: 'Plugin: implement fs host API for Tool runtime' state: 'queued' created_at: '2026-06-19T07:53:13Z' -updated_at: '2026-06-19T10:22:26Z' +updated_at: '2026-06-19T14:24:31Z' assignee: null readiness: 'implementation_ready' risk_flags: ['plugin', 'fs', 'host-api', 'sandbox', 'path-safety', 'permission-grants', 'file-mutation'] diff --git a/.yoi/tickets/00001KVG0HR96/artifacts/orchestration-plan.jsonl b/.yoi/tickets/00001KVG0HR96/artifacts/orchestration-plan.jsonl index f2f2190e..e088ab42 100644 --- a/.yoi/tickets/00001KVG0HR96/artifacts/orchestration-plan.jsonl +++ b/.yoi/tickets/00001KVG0HR96/artifacts/orchestration-plan.jsonl @@ -1 +1,2 @@ {"id":"orch-plan-20260619-133549-1","ticket_id":"00001KVG0HR96","kind":"waiting_capacity_note","note":"明示 queue review で Ticket body / relations / orchestration plan / workspace state を確認した。依存 Ticket `00001KV5W3PHW` / `00001KV5W3PJ3` は closed で blocker ではないが、現在 `00001KVFD3YSV` Plugin CLI inspection が inprogress/review-needed で、さらに `00001KVFDX9AF` / `00001KVFDX9AY` host API Tickets も queued hold 中。Component Model runtime migration は Plugin runtime backend / manifest runtime metadata / WIT / grants / inspection / packaging に広く触れる migration boundary で、current CLI inspection outcome と host API ordering に強く依存・競合するため、現時点では queued のまま待機する。`00001KVFD3YSV` の merge/close 後に再 routing する。","author":"yoi-orchestrator","at":"2026-06-19T13:35:49Z"} +{"id":"orch-plan-20260619-142431-2","ticket_id":"00001KVG0HR96","kind":"waiting_capacity_note","note":"`00001KVFD3YSV` Plugin CLI inspection は closed になったため再 routing した。Component Model runtime migration は Plugin runtime backend / WIT / host API shape / grants / inspection / packaging に広く触れる migration boundary で、queued host API Tickets と衝突しやすい。まず `00001KVFDX9AF` https host API を受理し、`fs` host API と Component Model migration はその outcome 後に再 routing する。Bounded reason: migration boundary / conflict。","author":"yoi-orchestrator","at":"2026-06-19T14:24:31Z"} diff --git a/.yoi/tickets/00001KVG0HR96/item.md b/.yoi/tickets/00001KVG0HR96/item.md index dca77150..c27ab112 100644 --- a/.yoi/tickets/00001KVG0HR96/item.md +++ b/.yoi/tickets/00001KVG0HR96/item.md @@ -2,7 +2,7 @@ title: 'Plugin: migrate WASM Tool runtime to WebAssembly Component Model' state: 'queued' created_at: '2026-06-19T13:18:58Z' -updated_at: '2026-06-19T13:35:49Z' +updated_at: '2026-06-19T14:24:31Z' assignee: null readiness: 'implementation_ready' risk_flags: ['plugin', 'wasm', 'component-model', 'wit', 'runtime-backend', 'sandbox', 'packaging', 'sdk']