Skip to content

fix: make ~/.ica the canonical shared config root#254

Merged
ksamaschke merged 1 commit intodevfrom
codex/ica-global-config-20260315064227
Mar 15, 2026
Merged

fix: make ~/.ica the canonical shared config root#254
ksamaschke merged 1 commit intodevfrom
codex/ica-global-config-20260315064227

Conversation

@ksamaschke
Copy link
Copy Markdown
Contributor

@ksamaschke ksamaschke commented Mar 15, 2026

Summary

  • make ~/.ica the canonical shared ICA config/state root
  • keep the active agent home as an override instead of a global default
  • update installer, loader, MCP, docs, and regression coverage to match

Changes

  • add shared runtime path helpers for ICA_STATE_HOME and active agent-home resolution
  • seed and migrate shared user config/workflow into ~/.ica during user-scope installs
  • stop broad .codex/.claude fallback in config and tracking resolution
  • make MCP config/token/trust resolution prefer shared global state with active agent-home override
  • add tests for shared-global vs active-agent precedence and installer migration behavior

Test Plan

  • npm run build:quick
  • node tests/hooks/unit/test-config-loader.js
  • node --test dist/tests/installer/tracking-config.test.js dist/tests/installer/executor.test.js
  • python3 -m unittest tests.mcp_proxy.test_proxy

Notes

  • npm audit --omit=dev --audit-level=high reports existing dependency vulnerabilities in upstream dependencies; this PR does not change dependency versions.

@ksamaschke
Copy link
Copy Markdown
Contributor Author

ksamaschke commented Mar 15, 2026

ICA-REVIEW
ICA-REVIEW-RECEIPT
Reviewer-Stage: 3 (temp checkout)
Reviewer-Agent: reviewer (subagent)
PR: #254
Base: dev
Head-SHA: 66439e3
Date-UTC: 2026-03-15T06:47:04Z

Findings: 0
NO FINDINGS

Checks/Tests:

  • npm run build:quick (PASS)
  • node tests/hooks/unit/test-config-loader.js (PASS)
  • node --test dist/tests/installer/tracking-config.test.js dist/tests/installer/executor.test.js (PASS)
  • python3 -m unittest tests.mcp_proxy.test_proxy (PASS)

Notes:

  • Stage 3 review executed from a fresh temp checkout.
  • GitHub Actions checks were still in progress at receipt time.

Result: PASS

@ksamaschke
Copy link
Copy Markdown
Contributor Author

ksamaschke commented Mar 15, 2026

ICA-SECURITY-REVIEW
ICA-SECURITY-REVIEW-RECEIPT
Security-Reviewer-Stage: post-pr (temp checkout)
Security-Reviewer-Agent: security reviewer (subagent)
Security-Reviewer-Execution: dedicated-security-subagent
Security-Reviewer-Executor: github:ksamaschke
Security-Reviewer-Run-ID: sec-20260315T064718Z-66439e3c4e9a
PR: #254
Base: dev
Head-SHA: 66439e3
Date-UTC: 2026-03-15T06:47:18Z

Findings: 0
NO FINDINGS

Checks/Tests:

  • Diff security review of path-resolution and config-override changes (PASS)
  • python3 -m unittest tests.mcp_proxy.test_proxy (PASS)
  • node --test dist/tests/installer/tracking-config.test.js dist/tests/installer/executor.test.js (PASS)

Notes:

  • Reviewed for path traversal, config-scope confusion, unsafe fallback precedence, and credential-handling regressions.
  • npm audit reports existing repository dependency vulnerabilities outside this PR's code changes.

Result: PASS

@ksamaschke ksamaschke merged commit 86bc743 into dev Mar 15, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ksamaschke