Skip to content

Align live target/recovery control path with evidence-based execution contracts#290

Merged
mmprotest merged 1 commit into
mmprotest/implement-shell-normalization-for-command-executionfrom
mmprotest/improve-runner-control-flow-for-long-tasks
Apr 11, 2026
Merged

Align live target/recovery control path with evidence-based execution contracts#290
mmprotest merged 1 commit into
mmprotest/implement-shell-normalization-for-command-executionfrom
mmprotest/improve-runner-control-flow-for-long-tasks

Conversation

@mmprotest

Copy link
Copy Markdown
Owner

Motivation

  • The runner was prematurely pinning primary execution targets from single-file writes and losing important execution contract information (cwd, evidence), which caused silent drift, verifier/wrapper thrash, and inert recovery behavior.
  • Hard failures from actual direct runs were not consistently arming live recovery state used by execution control, leaving repair flows and summaries out of sync with real validation signals.
  • Shell normalization on Windows cmd missed many embedded Unix compound fragments and detached-launch assumptions that leak unsafe behavior into execution.

Description

  • Introduced an evidence-ranked seeding model and replacement rule via _TARGET_EVIDENCE_ORDER and updated _seed_primary_execution_target so a new seed replaces the current only when it has strictly stronger evidence (e.g., write_only < indirect_validation < direct_validation < direct_run).
  • Tracked the primary execution contract as a minimal pair (target, cwd) with helpers _target_contract, _primary_execution_contract, _same_target_contract, and preserved the contract through mission sync and state fields (including _primary_execution_target_cwd and _primary_execution_target_evidence).
  • Made live recovery activation evidence- and contract-based so activate_live_recovery_on_primary_failure only arms recovery when a hard failure occurs on the current primary contract and updates the same live state the control path reads (sets _recovery_mode, _failing_file, _failing_target_contract_summary, _primary_target_minimally_valid etc.).
  • Added narrow recovery-time guards in small_model_tool_guard to block sideways target-switch and new-wrapper thrash during recovery when the primary target is not yet minimally valid, while still allowing reads, helper edits, and reruns of the same contract.
  • Refreshed/augmented live validation candidates after material mutations with refresh_live_validation_candidates and called it from tooling flows so the validation set is not stuck on startup-only defaults.
  • Tightened Windows cmd shell checks in classify_and_rewrite_command and _detect_invalid_cmd_detached_launch to block embedded tail/wc fragments and more &-based detached-launch assumptions using conservative pattern checks (no full shell parser).
  • Fed a compact recovery block into the model context packet via build_model_context_packet so the model can see the pinned primary contract, recovery_mode, a short failing summary, minimal-valid flag, and whether switching is blocked.
  • Kept completion honesty by prepending an incomplete/execution-status notice when finalization runs while the primary target lacks clean direct validation.

Testing

  • Added/updated unit tests covering evidence replacement, cwd-aware contract behavior, recovery activation gating, recovery drift blocking, embedded cmd patterns, validation-candidate refresh, and an e2e-style regression for scaffold→real-target failure drift.
  • Ran pytest -q tests/test_state_runtime.py tests/test_state_tooling_mutation_policy.py tests/test_shell_command_guard.py and observed all tests passing: 83 passed.

Codex Task

@mmprotest mmprotest merged commit d3272e1 into mmprotest/implement-shell-normalization-for-command-execution Apr 11, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant