Skip to content

Oracle Wave 2: capability catch-up (v2.48.0)#27

Merged
drknowhow merged 5 commits into
oracle-wave-1from
oracle-wave-2
Jul 2, 2026
Merged

Oracle Wave 2: capability catch-up (v2.48.0)#27
drknowhow merged 5 commits into
oracle-wave-1from
oracle-wave-2

Conversation

@drknowhow

Copy link
Copy Markdown
Owner

Summary

Stacked on #26 (Wave 1) — GitHub will retarget to main when it merges.

  • c3_project + c3_artifacts as read-tier Discovery/chat tools. Deny-by-default allowlists; the wrapper signature has no allow_write and the registry drops undeclared keys, so write verbs cannot reach handle_project from any transport. Every resolution re-validated against discovered projects (resolve_project alone accepts any on-disk .c3 folder). Artifacts scan (mutates the manifest) and restore are blocked.
  • Sub-project awareness. Scanner surfaces is_subproject/parent_path/subproject_* (registry value, config back-link fallback, broken links degrade); FederatedGraph gets a serve-time parent_child overlay working on cache hits too; cross tools gain scope ('' | 'top' | project name/path + its children).
  • Scheduled activity digest in the review loop: digest_enabled default false, live config, pre-stamped last_digest_at, date + latest.json persistence with retention, optional JSONL notify sink, GET /api/activity/digest/latest, Activity banner + Settings toggle.
  • Multi-backend delegate_task (codex/gemini/claude/auto) through cli.tools.delegate behind _OracleDelegateRuntime — read-only shim forcing memory bridges off, notifications suppressed, codex sandbox read-only. CLI backends require an explicit or focused project; the target project's own backend enablement is honored.

Testing

  • 50 new tests (bridge contracts incl. _BLOCKED_MEMORY_ACTIONS == _MEMORY_WRITE pin, registry allow_write kill-switch, hierarchy overlay fresh+cached, digest scheduling, delegate shim). Full suite 1005 passed / 1 skipped.
  • Live smoke: both tools on the Discovery API, c3_project list returned the 27-project registry, edit+allow_write rejected, hierarchy fields on all projects, digest route null until enabled.

drknowhow added 5 commits July 2, 2026 14:14
…/chat tools

Deny-by-default allowlists: c3_project permits list/info/subprojects/search/
read/compress/status/memory/impact/edits/validate — register/unregister,
sub_* mutations, edit/shell, and 'scan' (reveals unregistered .c3 projects,
outside the discovered-project trust boundary) are excluded. The wrapper
signature has no allow_write and no write-op params; the registry drops
undeclared keys, so write verbs cannot reach handle_project from any
transport. Every resolution passes resolve_project THEN validate_project_path
(the resolver accepts any on-disk .c3 folder; Oracle re-checks membership).
c3_artifacts blocks scan (mutates the manifest despite the handler's
READ_ACTIONS listing) and restore; list/history/show/diff/status proxy
through the validated runtime cache. MCP + OpenAPI pick both up from
TOOL_SPECS automatically. Tests pin the allowlist enums, the allow_write
drop, and _BLOCKED_MEMORY_ACTIONS == cli.tools.project._MEMORY_WRITE.
…y, scoped cross tools

The Oracle treated every project as flat, ignoring the v2.44 parent/child
model. Now: ProjectScanner carries registry parent_path (previously dropped)
and _enrich adds is_subproject / parent_path (child-config back-link as
fallback; broken links degrade to top-level) / subproject_rel_paths / count —
/api/projects and the list_projects chat tool surface hierarchy for free.
FederatedGraph gains a serve-time parent_child overlay applied on BOTH fresh
builds and cache hits (hierarchy lives in .c3/config.json, which the
facts-mtime cache key never sees; the overlay is never baked into the cache
file, and no fact-level edges are added — they would pollute similarity
clustering). c3_search_cross / c3_edits_cross gain an optional scope param:
'' = all, 'top' = top-level only, or a project name/path = that project plus
its direct sub-projects (resolved + validated).
ActivityReporter was fully built but only reachable on demand. The review
loop now emits a cross-project digest when due: config-gated (digest_enabled
default FALSE — current behavior preserved; digest_interval_seconds daily;
digest_narrate opt-in since narration costs a cloud LLM call), config read
live each cycle so toggling needs no restart, last_digest_at pre-stamped in
review_state.json so an overlapping run_now can't double-digest, digests
persisted to ~/.c3/oracle/activity_digests/<date>.json + latest.json with
retention pruning (digest_retention_days), optional one-line JSONL notify
sink (digest_notify_file), and the whole path try/except-wrapped so a digest
failure never kills the review cycle. New GET /api/activity/digest/latest;
Activity tab shows a last-scheduled-digest banner; Settings gains the toggle
and interval (round-trips through the existing /api/config).
…ni/claude/auto)

Oracle agents ran only on Ollama while core C3's delegate layer already had
hardened Codex/Gemini/Claude CLI backends. Agents now carry a per-agent
backend (default 'ollama' = unchanged nested tool loop); CLI backends route
through cli.tools.delegate.handle_delegate against _OracleDelegateRuntime —
a read-only shim of the target project's runtime that forces
codex/gemini memory bridges OFF (they write facts into the target),
notifications None (no NotificationStore writes), and
codex_default_sandbox='read-only', while passing everything else through.
CLI backends need a concrete project (subprocess cwd + the TARGET's own
delegate config; Oracle never force-enables a backend): explicit
project_path arg → conversation's focused project (via thread-local conv
state) → instructive error; never silently picked. delegate_task spec/defs
gain optional project_path; agent modal gains a backend select; delegate
progress notes stream to the UI through the existing agent event sink.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant