Hare/yoi
1
1
Fork 0
Code Actions Packages Releases Activity

feat: move profile scope to launch policy

Browse Source
This commit is contained in:
Keisuke Hirata 2026-06-14 15:52:59 +09:00
parent cdb12af997
commit 21bf009a3f
No known key found for this signature in database
10 changed files with 279 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crates/manifest/src/config.rs
View File

@ -729,9 +729,6 @@ impl TryFrom<PodManifestConfig> for PodManifest {
},
};
if cfg.scope.allow.is_empty() {
return Err(ResolveError::MissingField("scope.allow"));
}
for rule in &cfg.scope.allow {
ensure_absolute("scope.allow.target", &rule.target)?;
}
@ -1028,11 +1025,11 @@ mod tests {
}
#[test]
fn resolve_rejects_empty_scope() {
fn resolve_accepts_empty_scope_for_profile_launch_policy() {
let mut cfg = minimal_valid();
cfg.scope.allow.clear();
let err = PodManifest::try_from(cfg).unwrap_err();
assert!(matches!(err, ResolveError::MissingField("scope.allow")));
let manifest = PodManifest::try_from(cfg).unwrap();
assert!(manifest.scope.allow.is_empty());
}
#[test]

39
crates/manifest/src/profile.rs
View File

@ -1262,12 +1262,7 @@ fn profile_scope_to_config(
scope: Option<ProfileScopeConfig>,
workspace_base: &Path,
) -> Result<ScopeConfig, ProfileError> {
profile_scope_intent_to_config(
scope,
workspace_base,
Some(ProfileScopeIntent::WorkspaceWrite),
"scope",
)
profile_scope_intent_to_config(scope, workspace_base, None, "scope")
}
fn profile_delegation_scope_to_config(
@ -1594,10 +1589,9 @@ mod tests {
assert!(companion.feature.task.enabled);
assert!(companion.feature.pods.enabled);
assert!(companion.feature.ticket.enabled);
assert_eq!(companion.scope.allow[0].permission, Permission::Write);
assert_eq!(companion.scope.deny.len(), 1);
assert_eq!(companion.scope.deny[0].permission, Permission::Write);
assert_eq!(companion.scope.deny[0].target, tmp.path().join(".worktree"));
assert!(companion.scope.allow.is_empty());
assert!(companion.scope.deny.is_empty());
assert!(companion.delegation_scope.allow.is_empty());
assert_eq!(companion.model.ref_.as_deref(), Some("codex-oauth/gpt-5.5"));
assert!(companion.web.is_some());
@ -1605,7 +1599,8 @@ mod tests {
assert!(!intake.feature.task.enabled);
assert!(!intake.feature.pods.enabled);
assert!(intake.feature.ticket.enabled);
assert_eq!(intake.scope.allow[0].permission, Permission::Read);
assert!(intake.scope.allow.is_empty());
assert!(intake.delegation_scope.allow.is_empty());
assert_eq!(intake.model.ref_.as_deref(), Some("codex-oauth/gpt-5.5"));
assert!(intake.web.is_some());
assert!(!intake.feature.ticket_orchestration.enabled);
@ -1615,21 +1610,19 @@ mod tests {
assert!(orchestrator.feature.pods.enabled);
assert!(orchestrator.feature.ticket.enabled);
assert!(orchestrator.feature.ticket_orchestration.enabled);
assert_eq!(orchestrator.scope.allow[0].permission, Permission::Read);
assert!(orchestrator.scope.allow.is_empty());
assert!(orchestrator.delegation_scope.allow.is_empty());
assert_eq!(
orchestrator.model.ref_.as_deref(),
Some("codex-oauth/gpt-5.5")
);
assert!(orchestrator.web.is_some());
assert_eq!(
orchestrator.delegation_scope.allow[0].permission,
Permission::Write
);
let coder = resolve("coder");
assert!(coder.feature.task.enabled);
assert!(!coder.feature.pods.enabled);
assert_eq!(coder.scope.allow[0].permission, Permission::Write);
assert!(coder.scope.allow.is_empty());
assert!(coder.delegation_scope.allow.is_empty());
assert_eq!(coder.model.ref_.as_deref(), Some("codex-oauth/gpt-5.5"));
assert!(coder.web.is_some());
@ -1637,7 +1630,8 @@ mod tests {
assert!(!reviewer.feature.task.enabled);
assert!(!reviewer.feature.pods.enabled);
assert!(!reviewer.feature.ticket.enabled);
assert_eq!(reviewer.scope.allow[0].permission, Permission::Read);
assert!(reviewer.scope.allow.is_empty());
assert!(reviewer.delegation_scope.allow.is_empty());
assert_eq!(reviewer.model.ref_.as_deref(), Some("codex-oauth/gpt-5.5"));
assert!(reviewer.web.is_some());
}
@ -1959,11 +1953,8 @@ return profile {
resolved.manifest.model.ref_.as_deref(),
Some("codex-oauth/gpt-5.5")
);
assert_eq!(resolved.manifest.scope.allow[0].target, tmp.path());
assert_eq!(
resolved.manifest.scope.allow[0].permission,
Permission::Write
);
assert!(resolved.manifest.scope.allow.is_empty());
assert!(resolved.manifest.delegation_scope.allow.is_empty());
assert!(resolved.manifest.session.record_event_trace);
assert_eq!(
resolved.profile.as_ref().unwrap().name.as_deref(),
@ -2016,7 +2007,7 @@ record_event_trace = false
resolved.manifest.pod.prompt_pack.as_deref(),
Some(yoi_dir.join("prompts.toml").as_path())
);
assert_eq!(resolved.manifest.scope.allow[0].target, nested);
assert!(resolved.manifest.scope.allow.is_empty());
assert_eq!(
resolved
.manifest

238
crates/pod/src/entrypoint.rs
View File

@ -5,7 +5,8 @@ use std::process::ExitCode;
use crate::{Pod, PodController, PromptLoader};
use clap::{CommandFactory, FromArgMatches, Parser};
use manifest::{
PodManifest, PodManifestConfig, ProfileResolveOptions, ProfileResolver, ProfileSelector, paths,
Permission, PodManifest, PodManifestConfig, ProfileResolveOptions, ProfileResolver,
ProfileSelector, ScopeConfig, ScopeRule, paths,
};
use pod_store::{CombinedStore, FsPodStore, PodMetadataStore};
use session_store::{FsStore, SegmentId, Store};
@ -147,27 +148,43 @@ where
{
let workspace_root = runtime_workspace_root(cli)?;
let runtime_pod_name = runtime_pod_name(cli, &workspace_root);
let mut manifest_and_loader = if let Some(config_json) = cli.spawn_config_json.as_deref() {
load_spawn_config_json(config_json)?
} else if let Some(profile) = &cli.profile {
let selector = ProfileSelector::parse_cli(profile);
load_profile_fn(&selector, &workspace_root, &runtime_pod_name)?
} else if let Some(path) = &cli.manifest {
load_single_manifest(path, cli.pod.as_deref(), &runtime_pod_name)?
} else {
if cli.project.is_some() {
return Err(
let ((mut manifest, loader), manifest_source) =
if let Some(config_json) = cli.spawn_config_json.as_deref() {
(
load_spawn_config_json(config_json)?,
ManifestSource::SpawnConfig,
)
} else if let Some(profile) = &cli.profile {
let selector = ProfileSelector::parse_cli(profile);
(
load_profile_fn(&selector, &workspace_root, &runtime_pod_name)?,
ManifestSource::ProfileLaunch,
)
} else if let Some(path) = &cli.manifest {
(
load_single_manifest(path, cli.pod.as_deref(), &runtime_pod_name)?,
ManifestSource::ManifestFile,
)
} else {
if cli.project.is_some() {
return Err(
"--project is no longer supported; normal startup uses profile discovery/default, \
and --manifest <PATH> is the only one-file manifest mode"
.to_string(),
);
}
let selector = ProfileSelector::Default;
load_profile_fn(&selector, &workspace_root, &runtime_pod_name)?
};
}
let selector = ProfileSelector::Default;
(
load_profile_fn(&selector, &workspace_root, &runtime_pod_name)?,
ManifestSource::ProfileLaunch,
)
};
apply_session_restore_overrides(&mut manifest_and_loader.0, cli)?;
Ok(manifest_and_loader)
if manifest_source == ManifestSource::ProfileLaunch {
apply_profile_launch_policy(&mut manifest, &workspace_root, cli.ticket_role.as_deref())?;
}
apply_session_restore_overrides(&mut manifest, cli)?;
Ok((manifest, loader))
}
fn apply_session_restore_overrides(manifest: &mut PodManifest, cli: &Cli) -> Result<(), String> {
@ -233,9 +250,106 @@ fn load_single_manifest(
}
let manifest = PodManifest::try_from(config)
.map_err(|e| format!("failed to resolve manifest {}: {e}", path.display()))?;
if manifest.scope.allow.is_empty() {
return Err(format!(
"manifest {} must declare scope.allow; profile launches receive concrete scope from launch policy",
path.display()
));
}
Ok((manifest, PromptLoader::builtins_only()))
}
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
enum ManifestSource {
ProfileLaunch,
ManifestFile,
SpawnConfig,
}
fn read_rule(target: PathBuf) -> ScopeRule {
ScopeRule {
target,
permission: Permission::Read,
recursive: true,
}
}
fn write_rule(target: PathBuf) -> ScopeRule {
ScopeRule {
target,
permission: Permission::Write,
recursive: true,
}
}
fn workspace_scope(
workspace_root: &Path,
permission: Permission,
deny_write: &[PathBuf],
) -> ScopeConfig {
let allow_rule = ScopeRule {
target: workspace_root.to_path_buf(),
permission,
recursive: true,
};
let deny = deny_write
.iter()
.cloned()
.map(write_rule)
.collect::<Vec<_>>();
ScopeConfig {
allow: vec![allow_rule],
deny,
}
}
fn workspace_worktree_delegation(workspace_root: &Path) -> ScopeConfig {
ScopeConfig {
allow: vec![
read_rule(workspace_root.to_path_buf()),
write_rule(workspace_root.join(".worktree")),
],
deny: Vec::new(),
}
}
fn apply_profile_launch_policy(
manifest: &mut PodManifest,
workspace_root: &Path,
ticket_role: Option<&str>,
) -> Result<(), String> {
let role = match ticket_role {
Some(raw) => {
Some(TicketRole::parse(raw).ok_or_else(|| format!("invalid ticket role `{raw}`"))?)
}
None => None,
};
match role {
Some(TicketRole::Orchestrator) => {
manifest.scope = workspace_scope(workspace_root, Permission::Read, &[]);
manifest.delegation_scope = workspace_worktree_delegation(workspace_root);
}
Some(TicketRole::Intake) | Some(TicketRole::Reviewer) => {
manifest.scope = workspace_scope(workspace_root, Permission::Read, &[]);
manifest.delegation_scope = ScopeConfig::default();
}
Some(TicketRole::Coder) => {
manifest.scope = workspace_scope(workspace_root, Permission::Write, &[]);
manifest.delegation_scope = ScopeConfig::default();
}
None => {
let worktree_root = workspace_root.join(".worktree");
manifest.scope = workspace_scope(
workspace_root,
Permission::Write,
std::slice::from_ref(&worktree_root),
);
manifest.delegation_scope = workspace_worktree_delegation(workspace_root);
}
}
Ok(())
}
pub async fn run_cli() -> ExitCode {
run_cli_from("yoi pod", std::env::args_os().skip(1)).await
}
@ -762,6 +876,96 @@ permission = "write"
assert!(called);
assert_eq!(manifest.pod.name, "runtime-workspace");
assert_eq!(manifest.scope.allow.len(), 1);
assert_eq!(manifest.scope.allow[0].target, workspace);
assert_eq!(manifest.scope.allow[0].permission, Permission::Write);
assert_eq!(manifest.scope.deny.len(), 1);
assert_eq!(
manifest.scope.deny[0].target,
tmp.path().join("runtime-workspace/.worktree")
);
assert_eq!(manifest.scope.deny[0].permission, Permission::Write);
assert_eq!(manifest.delegation_scope.allow.len(), 2);
assert_eq!(
manifest.delegation_scope.allow[0].target,
tmp.path().join("runtime-workspace")
);
assert_eq!(
manifest.delegation_scope.allow[0].permission,
Permission::Read
);
assert_eq!(
manifest.delegation_scope.allow[1].target,
tmp.path().join("runtime-workspace/.worktree")
);
assert_eq!(
manifest.delegation_scope.allow[1].permission,
Permission::Write
);
}
#[test]
fn orchestrator_profile_launch_gets_read_root_and_worktree_delegation_from_launch_policy() {
let tmp = TempDir::new().unwrap();
let workspace = tmp.path().join("original-workspace");
std::fs::create_dir(&workspace).unwrap();
let cli = Cli::try_parse_from([
"yoi pod",
"--workspace",
workspace.to_str().unwrap(),
"--profile",
"builtin:orchestrator",
"--ticket-role",
"orchestrator",
])
.unwrap();
let (manifest, _loader) =
resolve_manifest_with_profile_loader(&cli, |selector, _workspace_root, pod_name| {
assert_eq!(
selector,
&ProfileSelector::source_named(
manifest::ProfileRegistrySource::Builtin,
"orchestrator"
)
);
let mut manifest =
PodManifest::from_toml(&manifest_toml("from-orchestrator-profile", tmp.path()))
.unwrap();
manifest.pod.name = pod_name.to_string();
Ok((manifest, PromptLoader::builtins_only()))
})
.unwrap();
assert_eq!(manifest.scope.allow.len(), 1);
assert_eq!(manifest.scope.allow[0].target, workspace);
assert_eq!(manifest.scope.allow[0].permission, Permission::Read);
assert!(manifest.scope.deny.is_empty());
assert_eq!(manifest.delegation_scope.allow.len(), 2);
assert_eq!(
manifest.delegation_scope.allow[0].target,
tmp.path().join("original-workspace")
);
assert_eq!(
manifest.delegation_scope.allow[0].permission,
Permission::Read
);
assert_eq!(
manifest.delegation_scope.allow[1].target,
tmp.path().join("original-workspace/.worktree")
);
assert_eq!(
manifest.delegation_scope.allow[1].permission,
Permission::Write
);
assert!(
!manifest
.delegation_scope
.allow
.iter()
.any(|rule| rule.target == tmp.path().join("original-workspace")
&& rule.permission == Permission::Write)
);
}
#[test]

40
crates/pod/src/spawn/tool.rs
View File

@ -1054,6 +1054,46 @@ mod tests {
}
}
#[test]
fn orchestration_delegation_allows_root_read_and_worktree_writes_not_root_writes() {
let tmp = TempDir::new().unwrap();
let workspace_root = tmp.path().join("original");
let implementation_worktree = workspace_root.join(".worktree/ticket-1");
std::fs::create_dir_all(&implementation_worktree).unwrap();
let delegation = DelegationScope::from_config(&ScopeConfig {
allow: vec![
abs_rule(&workspace_root, Permission::Read),
abs_rule(&workspace_root.join(".worktree"), Permission::Write),
],
deny: Vec::new(),
})
.unwrap();
let coder_scope = vec![
abs_rule(&workspace_root, Permission::Read),
abs_rule(&implementation_worktree, Permission::Write),
];
assert!(
coder_scope
.iter()
.all(|rule| delegation.allows_rule(rule).unwrap())
);
let reviewer_scope = vec![abs_rule(&workspace_root, Permission::Read)];
assert!(
reviewer_scope
.iter()
.all(|rule| delegation.allows_rule(rule).unwrap())
);
let root_writer_scope = vec![abs_rule(&workspace_root, Permission::Write)];
assert!(
root_writer_scope
.iter()
.any(|rule| !delegation.allows_rule(rule).unwrap())
);
}
fn parent_manifest(root: &Path, deny: Option<&Path>) -> PodManifest {
PodManifestConfig {
pod: PodMetaConfig {

1
resources/profiles/coder.lua
View File

@ -2,7 +2,6 @@ local p = yoi.profile.import("builtin:default")
p.slug = "coder"
p.description = "Coder role profile with bundled reusable policy"
p.scope = yoi.scope.workspace_write()
p.worker.instruction = "$yoi/role/coder"
p.feature = {
task = { enabled = true },

3
resources/profiles/companion.lua
View File

@ -2,9 +2,6 @@ local p = yoi.profile.import("builtin:default")
p.slug = "companion"
p.description = "Companion role profile with bundled reusable policy"
p.scope = yoi.scope.workspace_write({
deny_write = { ".worktree" },
})
p.feature = {
task = { enabled = true },
memory = { enabled = true },

1
resources/profiles/default.lua
View File

@ -2,7 +2,6 @@ return yoi.profile {
slug = "default",
description = "Default Yoi coding profile",
scope = yoi.scope.workspace_write(),
session = {
record_event_trace = true,

1
resources/profiles/intake.lua
View File

@ -2,7 +2,6 @@ local p = yoi.profile.import("builtin:default")
p.slug = "intake"
p.description = "Intake role profile with bundled reusable policy"
p.scope = yoi.scope.workspace_read()
p.worker.instruction = "$yoi/role/intake"
p.feature = {
task = { enabled = false },

2
resources/profiles/orchestrator.lua
View File

@ -2,7 +2,6 @@ local p = yoi.profile.import("builtin:default")
p.slug = "orchestrator"
p.description = "Orchestrator role profile with bundled reusable policy"
p.scope = "workspace_read"
p.worker.instruction = "$yoi/role/orchestrator"
p.feature = {
task = { enabled = false },
@ -12,6 +11,5 @@ p.feature = {
ticket = { enabled = true, access = "lifecycle" },
ticket_orchestration = { enabled = true },
}
p.delegation_scope = "workspace_write"
return p

1
resources/profiles/reviewer.lua
View File

@ -2,7 +2,6 @@ local p = yoi.profile.import("builtin:default")
p.slug = "reviewer"
p.description = "Reviewer role profile with bundled reusable policy"
p.scope = yoi.scope.workspace_read()
p.worker.instruction = "$yoi/role/reviewer"
p.feature = {
task = { enabled = false },