Hare/yoi
1
1
Fork 0
Code Actions Packages Releases Activity

merge: sync e2e critical branch

Browse Source 
# Conflicts:
#	.yoi/tickets/00001KV10SN02/item.md
#	.yoi/tickets/00001KV10SN02/thread.md
This commit is contained in:
Keisuke Hirata 2026-06-14 14:26:50 +09:00
commit b6c6fc040d
No known key found for this signature in database
16 changed files with 1539 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.yoi/tickets/00001KV09X0XC/artifacts/orchestration-plan.jsonl Normal file
View File

@ -0,0 +1 @@
{"id":"orch-plan-20260613-184114-1","ticket_id":"00001KV09X0XC","kind":"accepted_plan","accepted_plan":{"summary":"Add a Panel ready-ticket action that records user refinement instructions, transitions ready -> planning through typed backend after state refresh, and attempts Intake restore/launch without queue/implementation side effects.","branch":"ticket-00001KV09X0XC-panel-return-planning","worktree":"/home/hare/Projects/yoi/.worktree/panel-return-planning","role_plan":"Coder works in dedicated Panel/Ticket action worktree; Reviewer focuses on lifecycle authority, stale-state rejection, no implementation side effects, and Intake failure diagnostics."},"author":"orchestrator","at":"2026-06-13T18:41:14Z"}

4
.yoi/tickets/00001KV09X0XC/item.md
View File

@ -1,8 +1,8 @@
---
title: 'Panel から ready Ticket を指示付きで planning に戻して Intake を再開できるようにする'
state: 'queued'
state: 'done'
created_at: '2026-06-13T10:54:34Z'
updated_at: '2026-06-13T16:33:26Z'
updated_at: '2026-06-14T05:09:07Z'
assignee: null
readiness: 'implementation_ready'
risk_flags: ['panel-action', 'ticket-lifecycle', 'role-session', 'authority-boundary']

153
.yoi/tickets/00001KV09X0XC/thread.md
View File

@ -29,4 +29,157 @@ Intake refinement completed. ユーザーが draft を承認し、意図・受
Ticket を `workspace-panel` が queued にしました。
---
<!-- event: decision author: orchestrator at: 2026-06-13T18:41:14Z -->
## Decision
Routing decision: implementation_ready
Reason:
- Ticket は `queued` で、ready Ticket を Panel からユーザー指示付きで `planning` に戻し Intake を再開する action の intent / requirements / acceptance criteria / invariants が具体化されている。
- `TicketRelationQuery` / `TicketOrchestrationPlanQuery` に blocker はない。
- Risk は panel-action / ticket-lifecycle / role-session / authority-boundary だが、対象は `ready -> planning` のみ、typed backend 経由、Queue/Orchestrator/worktree/coder side effect 不発生という binding invariants が明記済み。
- `00001KV0X254D` と同じ Panel 周辺に触れる可能性はあるが action dispatch と orchestration branch config は論理的に分離できる。merge conflict が出たらその Ticket を止めて報告する。
Evidence checked:
- Ticket body / thread / artifacts。
- relation records: なし。
- orchestration plan records: なし。
- workspace state: Orchestrator worktree clean、dedicated child worktree で実装予定。
IntentPacket:
- Panel の ready Ticket row から Queue とは別に refinement/intake 再開 action を実行できるようにし、ユーザー指示を Ticket thread に保存して typed `ready -> planning` を記録し、Intake restore/launch を試行する。
Binding decisions / invariants:
- この action は implementation routing ではなく requirements sync への戻し。
- `queued` / `inprogress` は範囲外。
- stale state は再読込して拒否する。
- Queue、`queued -> inprogress`、worktree 作成、coder/reviewer spawn は発生させない。
Validation:
- Focused Panel/action tests、Ticket lifecycle/role-session tests、`cargo test -p tui workspace_panel`、`cargo test -p ticket`、`cargo fmt --check`、`git diff --check`。
---
<!-- event: state_changed author: orchestrator at: 2026-06-13T18:41:25Z from: queued to: inprogress reason: orchestrator_acceptance_unblocked field: state -->
## State changed
Ticket evidence、relation records、orchestration plan、workspace state を確認した。Blocking relation はなく、implementation-ready。実装 side effect の前に inprogress acceptance を記録する。
---
<!-- event: implementation_report author: orchestrator at: 2026-06-13T18:42:45Z -->
## Implementation report
Implementation handoff started.
- Worktree: `/home/hare/Projects/yoi/.worktree/panel-return-planning`
- Branch: `ticket-00001KV09X0XC-panel-return-planning`
- Coder Pod: `coder-00001KV09X0XC-return-planning`
- Scope: root workspace non-recursive read for launch validation only; child worktree read; writes limited to relevant TUI/Ticket/Client/Yoi/Pod role-session surfaces, target, and this Ticket record。
Next: Coder implementation_report / commit / validation evidence を確認後、Reviewer を起動する。
---
<!-- event: implementation_report author: hare at: 2026-06-13T19:01:36Z -->
## Implementation report
Commit: `f74146c6` (`tui: return ready tickets to planning from panel`)
Files changed:
- `crates/tui/src/multi_pod.rs`
What changed:
- Added a separate Panel path for selected `ready` Ticket rows when the composer target is Ticket Intake and the user submits non-empty refinement instructions.
- The action rereads the Ticket through the typed local Ticket backend and records a typed `ready -> planning` `state_changed` event with the user's refinement instruction in the Ticket thread.
- The action does not invoke Queue, `queued -> inprogress`, worktree creation, or implementation-role spawning.
- After the state change it attempts the Intake continuation path:
- launch and claim a new Intake Pod when no local Intake claim exists,
- notify a live claimed Intake Pod,
- open/restore a restorable claimed Intake Pod,
- or leave a visible diagnostic for stale claims without launching a duplicate.
- Added focused tests for stale-state rejection, state/event recording, action dispatch selection, launch-after-mutation followup, and role-session claim recording for post-launch Intake Pods.
Validation:
- `cargo test -p tui planning_return`
- `cargo test -p tui intake_registry`
- `cargo test -p tui workspace_panel`
- `cargo test -p ticket`
- `cargo fmt --check`
- `git diff --check`
Residual risks:
- No real terminal/PTTY Panel E2E was run; coverage is focused unit/action-path validation.
- The existing Panel composer model exposes this via Ticket Intake target + selected ready row + non-empty text, rather than adding a new visible button/menu surface.
---
<!-- event: review author: hare at: 2026-06-13T19:07:43Z status: approve -->
## Review: approve
Evidence reviewed:
- Inspected `git diff c4465a04..HEAD`; source changes are confined to `crates/tui/src/multi_pod.rs` plus Ticket record/report updates.
- Panel dispatch now has a separate `ReturnReadyTicketToPlanning` path for non-empty composer text when the composer target is Ticket Intake and the selected row action is `Queue`/ready.
- The mutation path reloads the Ticket from `LocalTicketBackend`, rejects non-`ready` current state, and records a typed `ready -> planning` `state_changed` event with author `workspace-panel`, reason `panel_return_to_planning`, and the user instruction in the thread body.
- The follow-up paths are Intake-only: launch when unclaimed, notify live claimed Intake, open/restorable claimed Intake, or diagnose stale claim without duplicate launch. I did not find calls to queue dispatch, `queued -> inprogress`, worktree creation, Orchestrator/Coder/Reviewer spawn in this path.
- Tests cover successful planning return, stale-state rejection, dispatch separation from Queue/generic Intake launch, state-before-launch follow-up, and launched-claim registry handling. Existing queue action coverage remains present.
Validation run:
- `cargo test -p tui planning_return` — pass (4 tests)
- `cargo test -p tui intake_registry` — pass (4 tests)
- `cargo test -p tui workspace_panel` — pass (12 tests)
- `cargo test -p ticket` — pass (68 tests + doctests)
- `cargo fmt --check` — pass
- `git diff --check c4465a04..HEAD` — pass
Residual notes:
- No real terminal/PTTY Panel E2E was run; this remains a unit/action-path review only.
- Discoverability depends on the existing composer target model: select a ready Ticket row, switch to Ticket Intake, type non-empty refinement instructions, then Enter. The implementation makes this visible in status/actionbar text; no separate button/menu was added.
---
<!-- event: implementation_report author: orchestrator at: 2026-06-14T05:08:58Z -->
## Implementation report
Integration outcome: merged and validated.
- Implementation branch: `ticket-00001KV09X0XC-panel-return-planning`
- Implementation commits: `f74146c6 tui: return ready tickets to planning from panel`, `cb565477 ticket: report panel planning return implementation`
- Review commit: `9d4abe50 ticket: approve panel planning return`
- Orchestrator merge commit: `7a6321d9 merge: panel return planning`
Reviewer result:
- `approve`。ready Ticket row + Ticket Intake target + non-empty instruction のみで typed `ready -> planning` を記録し、stale state を拒否し、Queue / worktree / implementation Pod side effects を発生させないことを確認済み。
Orchestrator validation after merge:
- `cargo test -p tui planning_return`: PASS
- `cargo test -p tui intake_registry`: PASS
- `cargo test -p tui workspace_panel`: PASS
- `cargo test -p ticket`: PASS
- `cargo fmt --check`: PASS
- `git diff --check`: PASS
Residual notes:
- Review note の通り、real terminal/PTTY Panel E2E は未実施。coverage は focused unit/action-path validation。
- Discoverability は既存 composer target modelTicket Intake target + ready row selection + non-empty textに依存し、独立ボタン/メニューは追加していない。
Next:
- Mark Ticket done and clean up child coder/reviewer Pods plus implementation worktree/branch.
---
<!-- event: state_changed author: orchestrator at: 2026-06-14T05:09:07Z from: inprogress to: done reason: merged_and_validated field: state -->
## State changed
Implementation branch was reviewed, approved, merged into the Orchestrator branch as `7a6321d9`, and validated in the Orchestrator worktree. Focused TUI planning-return/intake/workspace-panel tests, Ticket tests, formatting, and diff check passed. Ticket implementation work is done; closure remains separate.
---

1
.yoi/tickets/00001KV0SP0TY/artifacts/orchestration-plan.jsonl Normal file
View File

@ -0,0 +1 @@
{"id":"orch-plan-20260613-184114-1","ticket_id":"00001KV0SP0TY","kind":"accepted_plan","accepted_plan":{"summary":"Remove feature-layer HostAuthority/grant model from pod::feature and built-in feature install paths, preserving contribution diagnostics and Ticket feature config/backend validation without introducing replacement permission semantics.","branch":"ticket-00001KV0SP0TY-remove-feature-hostauthority","worktree":"/home/hare/Projects/yoi/.worktree/remove-feature-hostauthority","role_plan":"Coder performs API cleanup in dedicated worktree; Reviewer focuses on no replacement authority layer, Ticket feature access preservation, and Plugin/MCP permission non-goals."},"author":"orchestrator","at":"2026-06-13T18:41:14Z"}

4
.yoi/tickets/00001KV0SP0TY/item.md
View File

@ -1,8 +1,8 @@
---
title: 'Remove feature-layer HostAuthority model'
state: 'queued'
state: 'done'
created_at: '2026-06-13T15:30:22Z'
updated_at: '2026-06-13T16:33:15Z'
updated_at: '2026-06-13T19:02:01Z'
assignee: null
readiness: 'implementation_ready'
risk_flags: ['feature-api', 'tool-registry', 'ticket-tools']

163
.yoi/tickets/00001KV0SP0TY/thread.md
View File

@ -42,4 +42,167 @@ Marked ready by `yoi ticket state`.
Ticket を `workspace-panel` が queued にしました。
---
<!-- event: decision author: orchestrator at: 2026-06-13T18:41:14Z -->
## Decision
Routing decision: implementation_ready
Reason:
- Ticket は `queued` で、feature-layer `HostAuthority*` model を削除し、permission/trust は Plugin/MCP/Ticket/tool owning layers に置く decision が明確。
- `TicketRelationQuery` には incoming `depends_on``00001KTR81P9X` がこの Ticket に依存)があるが、この Ticket 自身を blocking する relation はない。むしろ後続 dynamic provider work の前提として先に進めるべき。
- `TicketOrchestrationPlanQuery` に blocker はない。
- Risk は feature-api / tool-registry / ticket-tools だが、削除対象・非目標Plugin/MCP permission policy を導入しない)が明記済み。
- 他 queued work と主な変更面が異なるため並列開始可能。API cleanup の影響が大きい場合は Coder に escalation させる。
Evidence checked:
- Ticket body / thread / artifacts。
- relation records: incoming dependency from `00001KTR81P9X` only。
- orchestration plan records: なし。
- bounded code context: `HostAuthority*` occurrences across `crates/pod` / feature registry / ticket/task feature tests。
IntentPacket:
- `pod::feature` public API から `HostAuthority`, `HostAuthorityRequest`, `HostAuthorityGrantSet` と related grant/install report semantics を削除し、ordinary contribution diagnostics に整理する。
Binding decisions / invariants:
- Renamed feature-layer authority/grant model は作らない。
- Plugin permission policy / MCP trust policy はこの Ticket で実装しない。
- Ticket tools は explicit TicketFeatureConfig / backend validation / access-level config を維持する。
- Useful contribution checksduplicate names、undeclared categories等は残す。
Validation:
- Focused pod feature / ticket / task tests、`cargo fmt --check`、`cargo check --workspace --all-targets`、可能なら `nix build .#yoi`
---
<!-- event: state_changed author: orchestrator at: 2026-06-13T18:41:25Z from: queued to: inprogress reason: orchestrator_acceptance_unblocked field: state -->
## State changed
Ticket evidence、relation records、orchestration plan、workspace state を確認した。This Ticket 自身を blocking する relation はなく、incoming dependent Ticket の前提として先に進めるべき。実装 side effect の前に inprogress acceptance を記録する。
---
<!-- event: implementation_report author: orchestrator at: 2026-06-13T18:42:45Z -->
## Implementation report
Implementation handoff started.
- Worktree: `/home/hare/Projects/yoi/.worktree/remove-feature-hostauthority`
- Branch: `ticket-00001KV0SP0TY-remove-feature-hostauthority`
- Coder Pod: `coder-00001KV0SP0TY-hostauthority`
- Scope: root workspace non-recursive read for launch validation only; child worktree read; writes limited to relevant feature/Ticket/tool/client/workflow/manifest/docs surfaces, target, and this Ticket record。
Next: Coder implementation_report / commit / validation evidence を確認後、Reviewer を起動する。
---
<!-- event: implementation_report author: hare at: 2026-06-13T18:53:02Z -->
## Implementation report
Commit: `5549c50d8679` (`feat: remove feature host authority API`)
Files changed:
- `crates/pod/src/feature.rs`
- Removed `HostAuthority`, `HostAuthorityRequest`, `HostAuthorityGrantSet`, host-authority denial errors, grant plumbing, and per-tool host-authority gates from the public feature API/install path.
- Kept ordinary contribution declaration diagnostics: duplicate names, undeclared/mismatched tools, undeclared hooks/background tasks/services, skipped contributions, and service requirement diagnostics.
- Kept install reports focused on installed/skipped contributions and diagnostics without security grant semantics.
- `crates/pod/src/feature/builtin/ticket.rs`
- Stopped declaring TicketBackend host authority and registering Ticket tools with feature-layer authority requirements.
- Preserved explicit `TicketFeatureConfig`, backend provider/root validation, and access-level-controlled tool exposure.
- `crates/pod/src/feature/builtin/task/mod.rs`
- Removed Task feature prose that referenced feature-layer host authorities.
Validation:
- `cargo test -p pod feature:: --lib` — passed (46 tests).
- `cargo test -p pod feature::builtin::task --lib` — passed (18 tests).
- `cargo test -p ticket` — passed (68 tests + doc-tests).
- `cargo fmt --check` — passed.
- `cargo check --workspace --all-targets` — passed.
- `git diff --check` — passed before commit.
- Source grep under `crates/**/*.rs` found no remaining `HostAuthority*`, `host_authority`, `with_host_authority`, `requested_host_authorities`, or `required_host_authorities` symbols/terminology after cleanup.
Residual risks / notes:
- `nix build .#yoi` was not run; this change does not modify dependencies, `Cargo.lock`, packaging, or source filters.
- Related Plugin/MCP planning Ticket review was not performed from this delegated Coder scope because only Ticket `00001KV0SP0TY` is readable/writable in `.yoi/tickets`; no Plugin/MCP permission or trust policy was implemented.
---
<!-- event: review author: hare at: 2026-06-13T18:58:42Z status: approve -->
## Review: approve
Reviewed implementation commits `5549c50d` and `3faf7d7b` against Ticket `00001KV0SP0TY`.
Evidence:
- `crates/pod/src/feature.rs` removes the feature-layer `HostAuthority`, `HostAuthorityRequest`, `HostAuthorityGrantSet`, grant/denial/install-report semantics, and per-tool authority gates. The remaining feature API is contribution/lifecycle/diagnostic oriented: tools, hooks, background tasks, services, notifications, and install diagnostics.
- No renamed equivalent authority/grant layer was introduced in `pod::feature`; remaining checks are ordinary contribution diagnostics such as duplicate tool names, undeclared tools/hooks/background tasks/services, service requirements, skipped contributions, and install errors.
- `crates/pod/src/feature/builtin/ticket.rs` no longer requests or registers feature-layer host authority. Ticket tool exposure remains controlled by `TicketFeatureConfig` resolution, backend provider/root validation, and `TicketFeatureAccess` / base-orchestration tool selection. Missing/invalid backend roots and unsupported providers still fail closed without registering tools.
- `crates/pod/src/feature/builtin/task/mod.rs` no longer describes task tools in host-authority terms; task hooks/tools still install through the normal feature registry path.
- Source grep under `crates/**/*.rs` found no remaining `HostAuthority`, `HostAuthorityRequest`, `HostAuthorityGrantSet`, `host_authority`, `with_host_authority`, `requested_host_authorities`, or `required_host_authorities` symbols/terms.
- Related Plugin/MCP planning Tickets inspected (`00001KTR81P9X`, `00001KTR82RB7`, `00001KSXRQ4G8`, `00001KT0Z4BK8`) state that Plugin/MCP permission/trust policy is not a `pod::feature` authority/grant dependency. The remaining mentions are negative boundary statements, not implementation reliance.
Validation performed:
- `git diff --check c4465a04..HEAD` — passed.
- `cargo test -p pod feature:: --lib` — passed.
- `cargo test -p pod feature::builtin::task --lib` — passed.
- `cargo test -p ticket` — passed.
- `cargo fmt --check` — passed.
- `cargo check --workspace --all-targets` — passed.
Not run:
- `nix build .#yoi`; skipped because this review scope is source read-only with writes limited to `target/` and this Ticket record, and the change does not touch dependencies, `Cargo.lock`, packaging, or source filters.
Risks / notes:
- This intentionally removes the feature-layer authority gate rather than replacing it. Any future Plugin/MCP permission policy must be implemented in its owning layer and must not reintroduce this as a feature-layer grant API.
Decision: approved.
---
<!-- event: implementation_report author: orchestrator at: 2026-06-13T19:01:55Z -->
## Implementation report
Integration outcome: merged and validated.
- Implementation branch: `ticket-00001KV0SP0TY-remove-feature-hostauthority`
- Implementation commits: `5549c50d feat: remove feature host authority API`, `3faf7d7b ticket: report host authority cleanup`
- Review commit: `92e64bda ticket: approve host authority cleanup`
- Orchestrator merge commit: `297e95ef merge: remove feature host authority`
Reviewer result:
- `approve`。feature-layer `HostAuthority` / `HostAuthorityRequest` / `HostAuthorityGrantSet`、grant/denial/install-report semantics、per-tool authority gates が削除され、renamed replacement authority layer は導入されていないことを確認済み。
Orchestrator validation after merge:
- `cargo test -p pod feature:: --lib`: PASS
- `cargo test -p pod feature::builtin::task --lib`: PASS
- `cargo test -p ticket`: PASS
- `cargo fmt --check`: PASS
- `git diff --check`: PASS
- `cargo check --workspace --all-targets`: first attempt failed due to host disk full (`No space left on device`); after stopping HostAuthority child Pods and removing their child worktree/target, rerun PASS。
Cleanup performed:
- stopped `coder-00001KV0SP0TY-hostauthority` and `reviewer-00001KV0SP0TY-hostauthority`
- removed child worktree `/home/hare/Projects/yoi/.worktree/remove-feature-hostauthority`
- deleted branch `ticket-00001KV0SP0TY-remove-feature-hostauthority`
Not run:
- `nix build .#yoi`; skipped because dependencies / `Cargo.lock` / packaging/source filters were not changed and disk pressure was encountered during validation。
Next:
- mark Ticket done. Closure remains separate.
---
<!-- event: state_changed author: orchestrator at: 2026-06-13T19:02:01Z from: inprogress to: done reason: merged_and_validated field: state -->
## State changed
Implementation branch was reviewed, approved, merged into the Orchestrator branch as `297e95ef`, and validated in the Orchestrator worktree. Focused pod/ticket tests, formatting, diff check, and `cargo check --workspace --all-targets` passed after cleanup freed disk space. Ticket implementation work is done; closure remains separate.
---

1
.yoi/tickets/00001KV0X254D/artifacts/orchestration-plan.jsonl Normal file
View File

@ -0,0 +1 @@
{"id":"orch-plan-20260613-184114-1","ticket_id":"00001KV0X254D","kind":"accepted_plan","accepted_plan":{"summary":"Implement typed ticket.config orchestration branch resolution and apply it to Panel Orchestrator worktree create/reuse/restore diagnostics, preserving defaults and non-destructive safety checks.","branch":"ticket-00001KV0X254D-orchestration-branch-config","worktree":"/home/hare/Projects/yoi/.worktree/orchestration-branch-config","role_plan":"Coder writes config/resolution/TUI tests in dedicated worktree; Reviewer checks branch validation, default preservation, and non-destructive mismatch behavior."},"author":"orchestrator","at":"2026-06-13T18:41:14Z"}

4
.yoi/tickets/00001KV0X254D/item.md
View File

@ -1,8 +1,8 @@
---
title: 'Panel Orchestrator の orchestration branch 名を ticket.config.toml で設定可能にする'
state: 'queued'
state: 'done'
created_at: '2026-06-13T16:29:25Z'
updated_at: '2026-06-13T16:33:27Z'
updated_at: '2026-06-14T05:05:57Z'
assignee: null
readiness: 'implementation_ready'
risk_flags: ['config-schema', 'git-worktree', 'panel-orchestration']

160
.yoi/tickets/00001KV0X254D/thread.md
View File

@ -29,4 +29,164 @@ Intake 済み。要件・受け入れ条件・binding invariants・validation
Ticket を `workspace-panel` が queued にしました。
---
<!-- event: decision author: orchestrator at: 2026-06-13T18:41:14Z -->
## Decision
Routing decision: implementation_ready
Reason:
- Ticket は `queued` で、`.yoi/ticket.config.toml` に Panel Orchestrator の orchestration branch 名を typed config として追加する intent / requirements / acceptance criteria / invariants が具体化されている。
- `TicketRelationQuery` / `TicketOrchestrationPlanQuery` に blocker はない。
- Risk は config-schema / git-worktree / panel-orchestration だが、既存 default 維持、invalid branch の Git 操作前拒否、mismatched worktree の非破壊 diagnostic という安全境界が明記済み。
- 他 queued/inprogress との主な変更面は Panel orchestration worktree/config resolution で、E2E critical path・feature API cleanup・planning return action とは branch/worktree を分けて進められる。merge conflict が出た場合はその時点で止めて報告する。
Evidence checked:
- Ticket body / thread / artifacts。
- relation records: なし。
- orchestration plan records: なし。
- workspace state: Orchestrator worktree clean、dedicated child worktree で実装予定。
IntentPacket:
- `.yoi/ticket.config.toml` の typed config から Panel Orchestrator の resolved orchestration branch を取得し、worktree create / reuse / restore validation / diagnostics が同じ resolved value を使うようにする。
Binding decisions / invariants:
- 設定なしの default `orchestration/<workspace-orchestrator-pod-name>` は維持する。
- invalid branch は Git 操作前に拒否する。
- dirty/unknown/mismatched worktree を自動修復・削除・checkout しない。
- Ticket backend / Profile / prompt context への hidden injection ではなく明示 workspace config として扱う。
Validation:
- Focused ticket config / TUI orchestration tests、`cargo fmt --check`、`git diff --check`、`target/debug/yoi ticket doctor`。
---
<!-- event: state_changed author: orchestrator at: 2026-06-13T18:41:25Z from: queued to: inprogress reason: orchestrator_acceptance_unblocked field: state -->
## State changed
Ticket evidence、relation records、orchestration plan、workspace state を確認した。Blocking relation はなく、implementation-ready。実装 side effect の前に inprogress acceptance を記録する。
---
<!-- event: implementation_report author: orchestrator at: 2026-06-13T18:42:45Z -->
## Implementation report
Implementation handoff started.
- Worktree: `/home/hare/Projects/yoi/.worktree/orchestration-branch-config`
- Branch: `ticket-00001KV0X254D-orchestration-branch-config`
- Coder Pod: `coder-00001KV0X254D-orch-branch`
- Scope: root workspace non-recursive read for launch validation only; child worktree read; writes limited to relevant TUI/Ticket/Client/Yoi crates, target, and this Ticket record。
Next: Coder implementation_report / commit / validation evidence を確認後、Reviewer を起動する。
---
<!-- event: implementation_report author: hare at: 2026-06-13T18:59:21Z -->
## Implementation report
Implemented Ticket 00001KV0X254D.
Files changed:
- `crates/ticket/src/config.rs`
- Added typed `[orchestration] branch = "..."` config support via `TicketOrchestrationConfig` and validated `GitBranchName`.
- Kept default behavior as no configured branch; documented the optional config in the generated scaffold.
- Added config validation tests for valid custom branches and invalid Git branch names.
- `crates/tui/src/multi_pod.rs`
- Resolved Panel Orchestrator worktree branch from typed ticket config, falling back to `orchestration/<workspace-orchestrator-pod-name>`.
- Reused the resolved branch for worktree creation, existing-worktree validation, restore preparation, queue handoff checks, and restore diagnostics.
- Preserved refusal behavior for dirty/unknown/mismatched worktrees; mismatches are diagnostic and do not checkout/delete/repair.
- Added TUI tests covering custom configured branch creation/reuse/restore, invalid branch rejection before worktree Git operations, and mismatched restore rejection without checkout.
Validation:
- `cargo test -p ticket config --lib` — passed.
- `cargo test -p tui ensure_and_restore_use_configured_orchestration_branch --lib` — passed.
- `cargo test -p tui invalid_configured_orchestration_branch_is_rejected_before_git_worktree_operations --lib` — passed.
- `cargo test -p tui restore_rejects_mismatched_configured_orchestration_branch_without_checkout --lib` — passed.
- `cargo fmt --check` — passed.
- `git diff --check` — passed.
- `cargo build -p yoi` — passed.
- `target/debug/yoi ticket doctor` — passed.
Additional note:
- I also tried broader `cargo test -p tui orchestration --lib`; it compiled but includes the existing `multi_pod::tests::orchestrator_launch_context_uses_orchestration_root_for_runtime_workspace` failure, in code not touched by this change. The focused new orchestration-branch tests listed above pass.
Commit:
- `1c54689e tui: configure orchestration branch`
Residual risks:
- Branch validation is implemented as an internal Git-ref compatible validator rather than invoking `git check-ref-format`, so it is intentionally conservative (for example, rejects spaces and full `refs/...` names) before any worktree Git operation.
---
<!-- event: review author: hare at: 2026-06-13T19:05:48Z status: approve -->
## Review: approve
Approve.
Evidence:
- `crates/ticket/src/config.rs` adds typed `[orchestration] branch = "..."` via `TicketOrchestrationConfig` and `GitBranchName`, with `deny_unknown_fields` preserved and scaffold documentation limited to the Ticket config surface. Missing config leaves `orchestration.branch_name() == None`, preserving the existing default.
- `crates/tui/src/multi_pod.rs` resolves the Panel Orchestrator branch once through `resolved_orchestration_worktree_layout`, falling back to `orchestration/<workspace-orchestrator-pod-name>`, and uses that layout for create/reuse, restore preparation/validation/diagnostics, and Queue handoff preflight/sync notices.
- Invalid configured branches fail during Ticket config loading / branch resolution before `.worktree` creation; existing dirty, unknown, wrong-branch, or unrelated-repo paths remain diagnostic-only and are not checked out, deleted, reset, or repaired.
- No hidden prompt/Profile injection or unrelated config surface drift was found; the change stays in typed Ticket config plus Panel orchestration worktree handling.
- Tests cover default resolution, configured branch creation/restore, invalid branch rejection before worktree operations, mismatched branch diagnostics without checkout, and Queue paths using the resolved branch.
Validation performed:
- `git diff --check c4465a04..HEAD` — passed.
- `cargo fmt --check` — passed.
- `cargo test -p ticket config --lib` — passed (23 tests).
- `cargo test -p tui orchestration_worktree --lib` — passed (3 tests).
- `cargo test -p tui configured_orchestration_branch --lib` — passed (3 tests).
- `cargo test -p tui ticket_queue_action --lib` — passed (5 tests).
- `cargo test -p tui orchestration --lib` — failed only on the known unrelated `multi_pod::tests::orchestrator_launch_context_uses_orchestration_root_for_runtime_workspace` stale assertion; the branch/config-focused cases in that run passed.
Residual risk:
- Branch validation is an internal git-ref-compatible validator rather than an invocation of `git check-ref-format`; reviewed as acceptable and conservative for this Ticket.
---
<!-- event: implementation_report author: orchestrator at: 2026-06-14T05:05:48Z -->
## Implementation report
Integration outcome: merged and validated.
- Implementation branch: `ticket-00001KV0X254D-orchestration-branch-config`
- Implementation commits: `1c54689e tui: configure orchestration branch`, `fc075bc6 ticket: report orchestration branch config`
- Review commit: `9ad87dda ticket: approve orchestration branch config`
- Orchestrator merge commit: `290c4230 merge: orchestration branch config`
Reviewer result:
- `approve`。typed `[orchestration] branch` config、default preservation、invalid branch pre-Git rejection、create/reuse/restore/queue paths sharing resolved branch、non-destructive mismatch diagnostics を確認済み。
Orchestrator validation after merge:
- `cargo test -p ticket config --lib`: PASS
- `cargo test -p tui orchestration_worktree --lib`: PASS
- `cargo test -p tui configured_orchestration_branch --lib`: PASS
- `cargo test -p tui ticket_queue_action --lib`: PASS
- `cargo fmt --check`: PASS
- `git diff --check`: PASS
- `cargo build -p yoi`: PASS
- `target/debug/yoi ticket doctor`: PASS
Residual notes:
- Broad `cargo test -p tui orchestration --lib` contains a known unrelated stale assertion (`orchestrator_launch_context_uses_orchestration_root_for_runtime_workspace`) from child validation; focused branch/config tests pass.
Next:
- Mark Ticket done and clean up child coder/reviewer Pods plus implementation worktree/branch.
---
<!-- event: state_changed author: orchestrator at: 2026-06-14T05:05:57Z from: inprogress to: done reason: merged_and_validated field: state -->
## State changed
Implementation branch was reviewed, approved, merged into the Orchestrator branch as `290c4230`, and validated in the Orchestrator worktree. Focused ticket config / TUI orchestration worktree / configured branch / queue action tests, formatting, diff check, `cargo build -p yoi`, and `yoi ticket doctor` passed. Ticket implementation work is done; closure remains separate.
---

2
.yoi/tickets/00001KV10SN02/item.md
View File

@ -1,6 +1,6 @@
---
title: 'E2E: close remaining critical-path gaps after panel harness'
state: 'queued'
state: 'inprogress'
created_at: '2026-06-13T17:34:41Z'
updated_at: '2026-06-14T05:24:37Z'
assignee: null

50
.yoi/tickets/00001KV10SN02/thread.md
View File

@ -25,6 +25,53 @@ LocalTicketBackend によって作成されました。
Ticket を `workspace-panel` が queued にしました。
---
<!-- event: implementation_report author: orchestrator at: 2026-06-13T18:33:30Z -->
## Implementation report
Implementation handoff resumed successfully after retry.
- Previous blocker was child launch validation requiring workspace root read grant.
- Retried `SpawnPod` with explicit non-recursive read grant for `/home/hare/Projects/yoi` plus child worktree read/write scopes.
- Coder Pod started: `coder-00001KV10SN02-e2e-critical`
- Worktree: `/home/hare/Projects/yoi/.worktree/e2e-critical-path`
- Branch: `ticket-00001KV10SN02-e2e-critical-path`
The root workspace grant is non-recursive and is only for runtime launch validation. Coder instructions explicitly prohibit inspecting, writing, running git, validating, merging, or cleaning up in the root/original workspace.
---
<!-- event: state_changed author: orchestrator at: 2026-06-13T18:43:30Z from: queued to: inprogress reason: orchestrator_acceptance_recorded_after_spawn_retry field: state -->
## State changed
Coder Pod `coder-00001KV10SN02-e2e-critical` has been started after SpawnPod retry with explicit root non-recursive read grant. This records the missing acceptance marker before further implementation/review side effects continue; previous handoff report already documented the retry and scope.
---
<!-- event: implementation_report author: orchestrator at: 2026-06-13T19:04:40Z -->
## Implementation report
Implementation blocked / stopped for now.
Problem:
- Coder Pod `coder-00001KV10SN02-e2e-critical` is in an inconsistent communication state: `ReadPodOutput` reports it as stopped/unreachable, while restore/list surfaces report the socket as live/reachable, and `SendToPod` times out waiting for initial Snapshot.
- Worktree `/home/hare/Projects/yoi/.worktree/e2e-critical-path` contains uncommitted changes in `crates/tui/src/multi_pod.rs`, `crates/tui/src/single_pod.rs`, `tests/e2e/src/lib.rs`, `tests/e2e/tests/panel.rs`, and new `tests/e2e/tests/rewind.rs`.
- No Coder final report, commit, or Ticket implementation_report was received.
Decision:
- Per user instruction, stop this Ticket instead of attempting to merge incomplete/unreviewed work.
- Do not merge this branch.
- Preserve the dirty worktree for human/next-Orchestrator inspection rather than deleting it.
Recovery needed:
- Inspect dirty diff in `/home/hare/Projects/yoi/.worktree/e2e-critical-path`.
- Decide whether to salvage/commit after validation, ask Coder to continue after runtime recovery, or discard and restart from clean branch.
- Do not mark done until implementation is committed, reviewed, and validated.
---
<!-- event: implementation_report author: hare at: 2026-06-14T05:24:37Z -->
@ -57,6 +104,3 @@ Additional note:
Residual risks:
- Rewind E2E uses an e2e-test-only canned in-process fixture instead of a provider/socket-backed Pod, intentionally avoiding credentials/network while still exercising the real single-Pod TUI/PTTY path.
- nix build emitted the expected dirty-tree warning before succeeding.
---

269
crates/pod/src/feature.rs
View File

@ -1,8 +1,8 @@
//! Feature contribution registry for Pod-hosted builtin/plugin modules.
//!
//! This module defines the Pod-side feature boundary used to collect
//! descriptor metadata, host authority requests, tool contributions, safe hook
//! contributions, background task declarations, and service declarations before
//! descriptor metadata, tool contributions, safe hook contributions, background
//! task declarations, and service declarations before
//! installing them into the existing Worker/HookRegistry host surfaces.
//!
//! The first implementation slice is intentionally host-mediated and
@ -69,26 +69,6 @@ pub enum FeatureRuntimeKind {
ExternalPlugin,
}
/// Host authority requested by a feature for host-mediated operations that can
/// cross sandbox or model-context boundaries.
///
/// Contribution declarations such as tools, hooks, background tasks, and
/// services are descriptor/package-approved host-visible contributions, not
/// host authorities. Host authority grants are additive and do not replace
/// manifest/tool permission checks.
#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum HostAuthority {
Filesystem,
Network,
SecretRef { id: String },
ModelNotification,
PodManagement,
StateStore { name: String },
TicketBackend { root: String },
ServiceAccess { service: ServiceId },
}
/// A safe hook contribution point exposed to feature modules.
#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
@ -99,82 +79,6 @@ pub enum FeatureHookPoint {
TurnEnd,
}
/// Host authority request declared by a feature descriptor.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct HostAuthorityRequest {
pub authority: HostAuthority,
pub required: bool,
pub reason: String,
}
impl HostAuthorityRequest {
pub fn required(authority: HostAuthority, reason: impl Into<String>) -> Self {
Self {
authority,
required: true,
reason: reason.into(),
}
}
pub fn optional(authority: HostAuthority, reason: impl Into<String>) -> Self {
Self {
authority,
required: false,
reason: reason.into(),
}
}
}
/// Host authority grants resolved by the host for one feature installation.
#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize, Deserialize)]
pub struct HostAuthorityGrantSet {
granted: HashSet<HostAuthority>,
denied: Vec<HostAuthorityDenial>,
}
impl HostAuthorityGrantSet {
pub fn grant_all(requests: &[HostAuthorityRequest]) -> Self {
Self {
granted: requests
.iter()
.map(|request| request.authority.clone())
.collect(),
denied: Vec::new(),
}
}
pub fn empty() -> Self {
Self::default()
}
pub fn contains(&self, authority: &HostAuthority) -> bool {
self.granted.contains(authority)
}
pub fn denied(&self) -> &[HostAuthorityDenial] {
&self.denied
}
pub fn grant(&mut self, authority: HostAuthority) {
self.granted.insert(authority);
}
pub fn deny(&mut self, authority: HostAuthority, reason: impl Into<String>) {
self.granted.remove(&authority);
self.denied.push(HostAuthorityDenial {
authority,
reason: reason.into(),
});
}
}
/// Host-side denial of a requested feature host authority.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct HostAuthorityDenial {
pub authority: HostAuthority,
pub reason: String,
}
/// Serializable declaration of a tool contribution. The executable factory is
/// carried by [`ToolContribution`] during installation.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
@ -192,12 +96,10 @@ impl ToolDeclaration {
}
}
/// Executable tool contribution wrapper. Host-authority requirements are optional
/// per-tool gates for privileged host APIs, not permission to contribute a tool.
/// Executable tool contribution wrapper.
pub struct ToolContribution {
name: String,
definition: ToolDefinition,
required_host_authorities: Vec<HostAuthority>,
}
impl ToolContribution {
@ -205,18 +107,9 @@ impl ToolContribution {
Self {
name: name.into(),
definition,
required_host_authorities: Vec::new(),
}
}
pub fn with_required_host_authorities(
mut self,
required_host_authorities: Vec<HostAuthority>,
) -> Self {
self.required_host_authorities = required_host_authorities;
self
}
pub fn name(&self) -> &str {
&self.name
}
@ -410,7 +303,6 @@ pub struct FeatureDescriptor {
pub display_name: String,
pub version: String,
pub description: String,
pub requested_host_authorities: Vec<HostAuthorityRequest>,
pub tools: Vec<ToolDeclaration>,
pub hooks: Vec<HookDeclaration>,
pub background_tasks: Vec<BackgroundTaskDeclaration>,
@ -426,7 +318,6 @@ impl FeatureDescriptor {
display_name: display_name.into(),
version: env!("CARGO_PKG_VERSION").into(),
description: String::new(),
requested_host_authorities: Vec::new(),
tools: Vec::new(),
hooks: Vec::new(),
background_tasks: Vec::new(),
@ -440,11 +331,6 @@ impl FeatureDescriptor {
self
}
pub fn with_host_authority(mut self, request: HostAuthorityRequest) -> Self {
self.requested_host_authorities.push(request);
self
}
pub fn with_tool(mut self, tool: ToolDeclaration) -> Self {
self.tools.push(tool);
self
@ -543,7 +429,6 @@ pub struct FeatureInstallReport {
pub feature_id: FeatureId,
pub runtime: FeatureRuntimeKind,
pub installed: bool,
pub host_authority_grants: HostAuthorityGrantSet,
pub installed_tools: Vec<String>,
pub installed_hooks: Vec<HookDeclaration>,
pub declared_background_tasks: Vec<BackgroundTaskDeclaration>,
@ -554,12 +439,11 @@ pub struct FeatureInstallReport {
}
impl FeatureInstallReport {
fn new(descriptor: &FeatureDescriptor, host_authority_grants: HostAuthorityGrantSet) -> Self {
fn new(descriptor: &FeatureDescriptor) -> Self {
Self {
feature_id: descriptor.id.clone(),
runtime: descriptor.runtime.clone(),
installed: false,
host_authority_grants,
installed_tools: Vec::new(),
installed_hooks: Vec::new(),
declared_background_tasks: Vec::new(),
@ -653,38 +537,14 @@ fn reject_undeclared_contribution(
error
}
fn require_host_authority(
host_authority_grants: &HostAuthorityGrantSet,
report: &mut FeatureInstallReport,
kind: FeatureContributionKind,
name: impl Into<String>,
authority: &HostAuthority,
) -> Result<(), FeatureInstallError> {
if host_authority_grants.contains(authority) {
return Ok(());
}
let reason = format!("required host authority was not granted: {authority:?}");
report.mark_skipped(kind, name, reason.clone());
Err(FeatureInstallError::HostAuthorityDenied(reason))
}
/// Model-visible durable notification sink skeleton. The first slice exposes
/// the boundary without implementing a new event channel.
pub struct FeatureNotificationSink<'a> {
host_authority_grants: &'a HostAuthorityGrantSet,
report: &'a mut FeatureInstallReport,
}
impl FeatureNotificationSink<'_> {
pub fn notify_model(&mut self, message: impl Into<String>) -> Result<(), FeatureInstallError> {
require_host_authority(
self.host_authority_grants,
self.report,
FeatureContributionKind::Notification,
"notify_model",
&HostAuthority::ModelNotification,
)?;
let message = message.into();
self.report.diagnostics.push(FeatureDiagnostic::warning(format!(
"model notification requested during feature installation but no durable Notify host is attached: {message}"
@ -744,7 +604,6 @@ impl FeatureDiagnosticSink<'_> {
pub struct ToolContributionRegistrar<'a> {
feature_id: &'a FeatureId,
declarations: &'a FeatureContributionDeclarations,
host_authority_grants: &'a HostAuthorityGrantSet,
pending_tools: &'a mut Vec<ToolDefinition>,
installed_tool_names: &'a mut HashMap<String, FeatureId>,
report: &'a mut FeatureInstallReport,
@ -776,16 +635,6 @@ impl ToolContributionRegistrar<'_> {
));
}
for authority in &contribution.required_host_authorities {
require_host_authority(
self.host_authority_grants,
self.report,
FeatureContributionKind::Tool,
model_visible_name.clone(),
authority,
)?;
}
if let Some(first) = self.installed_tool_names.get(&model_visible_name) {
let error = FeatureInstallError::DuplicateToolName {
tool: model_visible_name.clone(),
@ -951,7 +800,6 @@ impl FeatureServiceRegistrar<'_> {
pub struct FeatureInstallContext<'a> {
feature_id: &'a FeatureId,
declarations: &'a FeatureContributionDeclarations,
host_authority_grants: &'a HostAuthorityGrantSet,
pending_tools: &'a mut Vec<ToolDefinition>,
installed_tool_names: &'a mut HashMap<String, FeatureId>,
hook_builder: &'a mut HookRegistryBuilder,
@ -964,15 +812,10 @@ impl FeatureInstallContext<'_> {
self.feature_id
}
pub fn host_authority_grants(&self) -> &HostAuthorityGrantSet {
self.host_authority_grants
}
pub fn tools(&mut self) -> ToolContributionRegistrar<'_> {
ToolContributionRegistrar {
feature_id: self.feature_id,
declarations: self.declarations,
host_authority_grants: self.host_authority_grants,
pending_tools: self.pending_tools,
installed_tool_names: self.installed_tool_names,
report: self.report,
@ -1007,7 +850,6 @@ impl FeatureInstallContext<'_> {
pub fn notifications(&mut self) -> FeatureNotificationSink<'_> {
FeatureNotificationSink {
host_authority_grants: self.host_authority_grants,
report: self.report,
}
}
@ -1107,10 +949,8 @@ impl FeatureRegistryBuilder {
let mut seen_features = HashSet::new();
for (module, descriptor) in self.modules.into_iter().zip(descriptors.into_iter()) {
let host_authority_grants =
HostAuthorityGrantSet::grant_all(&descriptor.requested_host_authorities);
let declarations = FeatureContributionDeclarations::from_descriptor(&descriptor);
let mut report = FeatureInstallReport::new(&descriptor, host_authority_grants.clone());
let mut report = FeatureInstallReport::new(&descriptor);
if !seen_features.insert(descriptor.id.clone()) {
report.diagnostics.push(FeatureDiagnostic::error(format!(
@ -1126,13 +966,6 @@ impl FeatureRegistryBuilder {
continue;
}
for authority in host_authority_grants.denied() {
report.diagnostics.push(FeatureDiagnostic::warning(format!(
"host authority denied: {:?}: {}",
authority.authority, authority.reason
)));
}
let mut required_service_failed = false;
for requirement in descriptor.requires_services.iter().cloned() {
if service_registry.provides(&requirement.id) {
@ -1192,7 +1025,6 @@ impl FeatureRegistryBuilder {
let mut context = FeatureInstallContext {
feature_id: &descriptor.id,
declarations: &declarations,
host_authority_grants: &host_authority_grants,
pending_tools,
installed_tool_names: &mut installed_tool_names,
hook_builder,
@ -1256,8 +1088,6 @@ pub enum FeatureInstallError {
first_feature: String,
duplicate_feature: String,
},
#[error("feature host authority denied: {0}")]
HostAuthorityDenied(String),
#[error("feature install failed: {0}")]
Install(String),
}
@ -1335,7 +1165,7 @@ mod tests {
}
#[test]
fn descriptor_contributions_and_empty_host_authority_grants_are_recorded() {
fn descriptor_contributions_are_recorded() {
let descriptor = FeatureDescriptor::builtin("dummy", "Dummy")
.with_tool(ToolDeclaration::new("Dummy", "dummy tool"))
.with_background_task(BackgroundTaskDeclaration::descriptor_only(
@ -1358,7 +1188,6 @@ mod tests {
assert!(feature_report.installed);
assert_eq!(feature_report.installed_tools, vec!["Dummy"]);
assert_eq!(feature_report.declared_background_tasks[0].name, "daily");
assert!(feature_report.host_authority_grants.denied().is_empty());
}
#[test]
@ -1421,79 +1250,6 @@ mod tests {
assert_eq!(report.reports[0].skipped[0].name, "Actual");
}
#[test]
fn tool_host_authority_requirements_use_host_authority_grants_not_contribution_declarations() {
struct HostAuthorityToolFeature {
descriptor: FeatureDescriptor,
required_host_authorities: Vec<HostAuthority>,
}
impl FeatureModule for HostAuthorityToolFeature {
fn descriptor(&self) -> FeatureDescriptor {
self.descriptor.clone()
}
fn install(
&self,
context: &mut FeatureInstallContext<'_>,
) -> Result<(), FeatureInstallError> {
context.tools().register(
ToolContribution::new("NetworkTool", dummy_tool("NetworkTool"))
.with_required_host_authorities(self.required_host_authorities.clone()),
)
}
}
let mut hook_builder = HookRegistryBuilder::default();
let mut pending_tools = Vec::new();
let missing_grant = FeatureDescriptor::builtin("missing-host-authority", "Missing")
.with_tool(ToolDeclaration::new("NetworkTool", "network host API tool"));
let missing_report = FeatureRegistryBuilder::new()
.with_module(HostAuthorityToolFeature {
descriptor: missing_grant,
required_host_authorities: vec![HostAuthority::Network],
})
.install_into_pending(&mut pending_tools, &mut hook_builder);
assert!(pending_tools.is_empty());
assert!(!missing_report.reports[0].installed);
assert!(
missing_report.reports[0]
.diagnostics
.iter()
.any(|diagnostic| {
diagnostic
.message
.contains("required host authority was not granted")
})
);
assert_eq!(
missing_report.reports[0].skipped[0].kind,
FeatureContributionKind::Tool
);
let granted = FeatureDescriptor::builtin("granted-host-authority", "Granted")
.with_host_authority(HostAuthorityRequest::required(
HostAuthority::Network,
"uses a host network API",
))
.with_tool(ToolDeclaration::new("NetworkTool", "network host API tool"));
let granted_report = FeatureRegistryBuilder::new()
.with_module(HostAuthorityToolFeature {
descriptor: granted,
required_host_authorities: vec![HostAuthority::Network],
})
.install_into_pending(&mut pending_tools, &mut hook_builder);
assert!(granted_report.reports[0].installed);
assert!(
granted_report.reports[0]
.host_authority_grants
.contains(&HostAuthority::Network)
);
assert_eq!(pending_tools.len(), 1);
}
#[test]
fn stateful_tool_definition_is_materialized_once_for_report_and_worker() {
struct StatefulToolFeature {
@ -1790,7 +1546,7 @@ mod tests {
}
#[test]
fn background_task_declaration_is_not_host_authority_gated() {
fn background_task_declaration_is_descriptor_contribution() {
let descriptor = FeatureDescriptor::builtin("background", "Background")
.with_background_task(BackgroundTaskDeclaration::descriptor_only(
"declared-task",
@ -1811,7 +1567,7 @@ mod tests {
}
#[test]
fn service_provider_declaration_is_not_host_authority_gated() {
fn service_provider_declaration_is_descriptor_contribution() {
let service = ServiceId::builtin("declared-service");
let descriptor = FeatureDescriptor::builtin("service", "Service").with_provided_service(
ServiceDeclaration::new(service.clone(), "1", "descriptor contribution"),
@ -1829,7 +1585,7 @@ mod tests {
}
#[test]
fn builtin_internal_task_feature_descriptor_has_exact_tools_hooks_and_no_host_authorities() {
fn builtin_internal_task_feature_descriptor_has_exact_tools_hooks() {
let descriptor = builtin::task_tools_feature().descriptor();
let tool_names: Vec<_> = descriptor
.tools
@ -1845,7 +1601,6 @@ mod tests {
assert_eq!(descriptor.id.as_str(), "builtin:task-tools");
assert_eq!(descriptor.runtime, FeatureRuntimeKind::Builtin);
assert!(descriptor.requested_host_authorities.is_empty());
assert_eq!(
hook_points,
vec![FeatureHookPoint::PreRequest, FeatureHookPoint::PreToolCall]
@ -1860,7 +1615,7 @@ mod tests {
}
#[test]
fn builtin_internal_task_feature_installs_declared_tools_without_host_authorities() {
fn builtin_internal_task_feature_installs_declared_tools() {
let mut hook_builder = HookRegistryBuilder::default();
let mut pending_tools = Vec::new();
let mut builder = FeatureRegistryBuilder::new();
@ -1882,10 +1637,6 @@ mod tests {
assert_eq!(report.reports.len(), 1);
assert!(report.reports[0].installed);
assert_eq!(
report.reports[0].host_authority_grants,
HostAuthorityGrantSet::empty()
);
assert!(report.reports[0].skipped.is_empty());
assert!(report.reports[0].diagnostics.is_empty());
assert_eq!(report.reports[0].installed_hooks.len(), 2);

5
crates/pod/src/feature/builtin/task/mod.rs
View File

@ -35,9 +35,8 @@ const TASK_MANAGEMENT_TOOL_NAMES: [&str; 2] = ["TaskCreate", "TaskUpdate"];
///
/// The returned module contributes `TaskCreate`, `TaskUpdate`, `TaskGet`, and
/// `TaskList` through descriptor-approved tool registration, plus built-in hooks
/// that maintain Task-reminder state. It does not request sandbox/external-plugin
/// host authorities; normal ToolRegistry and PreToolCall permission policy still
/// applies at call time.
/// that maintain Task-reminder state. Normal ToolRegistry and PreToolCall
/// permission policy still applies at call time.
pub fn task_tools_feature() -> TaskFeature {
TaskFeature::new()
}

29
crates/pod/src/feature/builtin/ticket.rs
View File

@ -18,14 +18,13 @@ use ticket::{
use crate::feature::{
FeatureDescriptor, FeatureDiagnostic, FeatureInstallContext, FeatureInstallError,
FeatureModule, HostAuthority, HostAuthorityRequest, ToolContribution, ToolDeclaration,
FeatureModule, ToolContribution, ToolDeclaration,
};
const FEATURE_ID: &str = "ticket";
const FEATURE_NAME: &str = "Ticket tools";
const FEATURE_DESCRIPTION: &str = "Typed local Ticket work-item operations over a bounded backend root. \
The tools operate through the ticket crate backend and do not grant generic filesystem write scope.";
const AUTHORITY_REASON: &str = "Use a configured local Ticket backend root for typed work-item operations without generic filesystem write authority.";
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub enum TicketFeatureAccess {
@ -150,12 +149,6 @@ impl TicketFeature {
names
}
fn authority(&self) -> HostAuthority {
HostAuthority::TicketBackend {
root: self.backend_root.display().to_string(),
}
}
fn usable_backend_root(&self) -> Result<PathBuf, String> {
let root = self
.backend_root
@ -171,11 +164,7 @@ impl TicketFeature {
impl FeatureModule for TicketFeature {
fn descriptor(&self) -> FeatureDescriptor {
let mut descriptor = FeatureDescriptor::builtin(FEATURE_ID, FEATURE_NAME)
.with_description(FEATURE_DESCRIPTION)
.with_host_authority(HostAuthorityRequest::required(
self.authority(),
AUTHORITY_REASON,
));
.with_description(FEATURE_DESCRIPTION);
let enabled_tool_names = self.enabled_tool_names();
for name in &enabled_tool_names {
descriptor = descriptor.with_tool(ToolDeclaration::new(
@ -207,7 +196,6 @@ impl FeatureModule for TicketFeature {
return Ok(());
}
};
let authority = self.authority();
let backend = LocalTicketBackend::new(usable_root)
.with_record_language(self.record_language.as_deref());
let allowed_tool_names = self.enabled_tool_names();
@ -221,10 +209,7 @@ impl FeatureModule for TicketFeature {
{
continue;
}
tools.register(
ToolContribution::new(name, definition)
.with_required_host_authorities(vec![authority.clone()]),
)?;
tools.register(ToolContribution::new(name, definition))?;
}
Ok(())
}
@ -284,7 +269,7 @@ mod tests {
}
#[test]
fn descriptor_declares_ticket_tools_and_backend_authority() {
fn descriptor_declares_ticket_tools() {
let temp = TempDir::new().unwrap();
let feature = ticket_tools_feature(temp.path());
let descriptor = feature.descriptor();
@ -299,11 +284,6 @@ mod tests {
.collect::<Vec<_>>(),
TICKET_TOOL_NAMES
);
assert_eq!(descriptor.requested_host_authorities.len(), 1);
assert!(matches!(
descriptor.requested_host_authorities[0].authority,
HostAuthority::TicketBackend { .. }
));
}
#[test]
@ -321,7 +301,6 @@ mod tests {
.collect::<Vec<_>>(),
TICKET_READ_ONLY_TOOL_NAMES
);
assert_eq!(descriptor.requested_host_authorities.len(), 1);
}
#[test]

154
crates/ticket/src/config.rs
View File

@ -35,6 +35,9 @@ pub fn ticket_config_scaffold() -> String {
out.push_str(
"\n# Optional durable Ticket record language. When unset, generated Ticket text keeps current defaults.\n# [ticket]\n# language = \"Japanese\"\n",
);
out.push_str(
"\n# Optional Panel Orchestrator worktree branch. When unset, Panel uses orchestration/<workspace-orchestrator-pod-name>.\n# [orchestration]\n# branch = \"orchestration/<workspace-orchestrator-pod-name>\"\n",
);
for role in TicketRole::ALL {
out.push_str(&format!(
"\n[roles.{role}]\nprofile = \"{}\"\nworkflow = \"{}\"\n",
@ -67,15 +70,110 @@ pub enum TicketConfigError {
pub struct TicketConfig {
pub backend: TicketBackendConfig,
pub ticket: TicketRecordConfig,
pub orchestration: TicketOrchestrationConfig,
pub roles: TicketRoleProfiles,
}
#[derive(Debug, Clone, PartialEq, Eq, Default)]
pub struct TicketOrchestrationConfig {
pub branch: Option<GitBranchName>,
}
impl TicketOrchestrationConfig {
pub fn branch_name(&self) -> Option<&str> {
self.branch.as_ref().map(GitBranchName::as_str)
}
}
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Serialize)]
pub struct GitBranchName(String);
impl GitBranchName {
pub fn new(value: impl Into<String>) -> Result<Self, String> {
let value = value.into();
let trimmed = value.trim();
if trimmed != value {
return Err("git branch name must not have leading or trailing whitespace".to_string());
}
validate_git_branch_name_value(trimmed)?;
Ok(Self(trimmed.to_string()))
}
pub fn as_str(&self) -> &str {
self.0.as_str()
}
}
impl<'de> Deserialize<'de> for GitBranchName {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: serde::Deserializer<'de>,
{
let value = String::deserialize(deserializer)?;
Self::new(value).map_err(serde::de::Error::custom)
}
}
impl fmt::Display for GitBranchName {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.write_str(self.as_str())
}
}
fn validate_git_branch_name_value(value: &str) -> Result<(), String> {
if value.is_empty() {
return Err("git branch name must not be empty".to_string());
}
if value == "@" {
return Err("git branch name must not be `@`".to_string());
}
if value.starts_with('-') {
return Err("git branch name must not start with `-`".to_string());
}
if value.starts_with("refs/") {
return Err("git branch name must be a short branch name, not a full ref".to_string());
}
if value.starts_with('/') || value.ends_with('/') || value.contains("//") {
return Err("git branch name must not contain empty path components".to_string());
}
if value.contains("..") {
return Err("git branch name must not contain `..`".to_string());
}
if value.contains("@{") {
return Err("git branch name must not contain `@{`".to_string());
}
if value.ends_with('.') {
return Err("git branch name must not end with `.`".to_string());
}
for component in value.split('/') {
if component.starts_with('.') {
return Err("git branch name components must not start with `.`".to_string());
}
if component.ends_with(".lock") {
return Err("git branch name components must not end with `.lock`".to_string());
}
}
for ch in value.chars() {
if ch.is_control() || matches!(ch, ' ' | '~' | '^' | ':' | '?' | '*' | '[' | '\\') {
return Err(format!(
"git branch name contains unsupported character `{}`",
ch.escape_default()
));
}
}
Ok(())
}
impl TicketConfig {
pub fn default_for_workspace(workspace_root: impl AsRef<Path>) -> Self {
let workspace_root = workspace_root.as_ref();
Self {
backend: TicketBackendConfig::default_for_workspace(workspace_root),
ticket: TicketRecordConfig::default(),
orchestration: TicketOrchestrationConfig::default(),
roles: TicketRoleProfiles::default(),
}
}
@ -528,9 +626,26 @@ struct RawTicketConfig {
#[serde(default)]
ticket: RawTicketRecordConfig,
#[serde(default)]
orchestration: RawTicketOrchestrationConfig,
#[serde(default)]
roles: BTreeMap<String, RawTicketRoleConfig>,
}
#[derive(Debug, Default, Deserialize)]
#[serde(deny_unknown_fields)]
struct RawTicketOrchestrationConfig {
#[serde(default)]
branch: Option<GitBranchName>,
}
impl RawTicketOrchestrationConfig {
fn resolve(self) -> TicketOrchestrationConfig {
TicketOrchestrationConfig {
branch: self.branch,
}
}
}
#[derive(Debug, Default, Deserialize)]
#[serde(deny_unknown_fields)]
struct RawTicketRecordConfig {
@ -576,6 +691,7 @@ impl RawTicketConfig {
}
})?,
ticket: self.ticket.resolve(),
orchestration: self.orchestration.resolve(),
roles,
})
}
@ -680,6 +796,7 @@ mod tests {
temp.path().join(DEFAULT_TICKET_BACKEND_RELATIVE_PATH)
);
assert_eq!(config.ticket_record_language(), None);
assert_eq!(config.orchestration.branch_name(), None);
for role in TicketRole::ALL {
let role_config = config.role(role);
assert_eq!(role_config.profile.as_str(), "inherit");
@ -701,6 +818,9 @@ root = "custom-tickets"
[ticket]
language = "Japanese"
[orchestration]
branch = "orchestration/custom-panel"
[roles.intake]
profile = "project:intake"
launch_prompt = "$workspace/ticket/intake/launch"
@ -730,6 +850,10 @@ workflow = "multi-agent-workflow"
);
assert_eq!(config.backend.root, temp.path().join("custom-tickets"));
assert_eq!(config.ticket_record_language(), Some("Japanese"));
assert_eq!(
config.orchestration.branch_name(),
Some("orchestration/custom-panel")
);
assert_eq!(
config.profile_for(TicketRole::Intake).as_str(),
"project:intake"
@ -756,6 +880,9 @@ workflow = "multi-agent-workflow"
assert!(scaffold.contains("provider = \"builtin:yoi_local\""));
assert!(scaffold.contains("root = \".yoi/tickets\""));
assert!(scaffold.contains("# [ticket]\n# language = \"Japanese\""));
assert!(scaffold.contains(
"# [orchestration]\n# branch = \"orchestration/<workspace-orchestrator-pod-name>\""
));
for role in TicketRole::ALL {
assert!(scaffold.contains(&format!("[roles.{role}]")));
assert!(scaffold.contains(&format!(
@ -773,6 +900,7 @@ workflow = "multi-agent-workflow"
)
.unwrap();
assert_eq!(config.backend_root(), temp.path().join(".yoi/tickets"));
assert_eq!(config.orchestration.branch_name(), None);
for role in TicketRole::ALL {
let role_config = config.role_launch_config(role).unwrap();
assert_eq!(role_config.profile.as_str(), role.default_profile());
@ -851,6 +979,32 @@ profile = "builtin:default"
);
}
#[test]
fn orchestration_branch_config_is_validated_as_git_branch_name() {
let temp = TempDir::new().unwrap();
write_config(
temp.path(),
r#"
[orchestration]
branch = "orchestration/panel:bad"
"#,
);
let error = TicketConfig::load_workspace(temp.path()).unwrap_err();
assert!(error.to_string().contains("git branch name"));
assert!(error.to_string().contains("unsupported character"));
}
#[test]
fn orchestration_branch_rejects_full_refs_and_dash_prefixes() {
assert!(GitBranchName::new("refs/heads/orchestration/panel").is_err());
assert!(GitBranchName::new("-orchestration-panel").is_err());
assert_eq!(
GitBranchName::new("orchestration/panel").unwrap().as_str(),
"orchestration/panel"
);
}
#[test]
fn role_table_without_profile_is_not_role_launch_ready() {
let temp = TempDir::new().unwrap();

856
crates/tui/src/multi_pod.rs
View File

File diff suppressed because it is too large Load Diff