Skip to content

feat: compile and enforce declared model policy#89

Merged
mostlydev merged 11 commits intomasterfrom
feat/cllama-model-policy-enforcement
Mar 28, 2026
Merged

feat: compile and enforce declared model policy#89
mostlydev merged 11 commits intomasterfrom
feat/cllama-model-policy-enforcement

Conversation

@mostlydev
Copy link
Copy Markdown
Owner

@mostlydev mostlydev commented Mar 27, 2026
edited
Loading

Problem

This change moves model/provider authority to the infrastructure layer instead of leaving it to individual runners.

The immediate driver was cllama model-policy work, but the merged branch also carried adjacent CLI and spike-harness changes that were needed to make the behavior testable and usable end to end.

What Changed

Compile model policy during claw up

  • added policy compilation in internal/cllama/modelpolicy.go
  • claw up now emits per-agent model_policy metadata into cllama context from the Clawfile MODEL directives
  • this gives cllama a compiled allowlist/failover view of what each agent is allowed to use

Document the trust-boundary decision

  • added ADR 019 to make the model-authority decision explicit
  • added a detailed implementation plan covering policy compilation, enforcement, failover boundaries, and testing expectations

Wire in the proxy enforcement change

Improve rollcall spike coverage

  • rollcall spike now builds the local cllama/ under test instead of accidentally reusing a stale cached image
  • PicoClaw now runs through its native path in the spike image instead of a background responder shortcut, so the spike exercises real proxy/session-history behavior
  • added xAI seed support in the rollcall fixture so the spike can validate that path too

Improve update UX while this branch was open

These changes also landed on the same merged branch:

  • added claw update
  • changed release checks back to an hourly interval during active development
  • updated user-facing guidance so the notice tells users to run claw update

Files of Interest

  • internal/cllama/modelpolicy.go
  • cmd/claw/compose_up.go
  • cmd/claw/compose_up_test.go
  • cmd/claw/spike_test.go
  • cmd/claw/spike_rollcall_test.go
  • examples/rollcall/Dockerfile.picoclaw-base
  • cmd/claw/update.go
  • cmd/claw/update_check.go
  • docs/decisions/019-model-policy-authority-and-declared-failover.md

Testing

  • go test ./...
  • go test ./... in cllama/
  • go test -tags spike -v -run TestSpikeRollCall -timeout 45m ./cmd/claw/...

Depends On

mostlydev added 11 commits March 27, 2026 18:18
@mostlydev
fix(pod): support REPO_ROOT in surface placeholders
d2bf8d9
@mostlydev
docs(readme): document x-claw placeholder variables
96d9319
@mostlydev
feat(cli): add daily update check and README update instructions
d6e730b 
claw now checks GitHub releases once per 24h and prints a notice at
the end of any command when a newer version is available. Skipped for
dev builds. Cache lives at ~/.claw/.claw-update-check. Added ## Update
section to README documenting the install.sh update path.
@mostlydev
feat(cli): add claw update subcommand
b30d4fc 
Adds `claw update` which pipes install.sh through sh — same verified
install path as the initial install. Update notices now say
"run: claw update" instead of the raw curl.
@mostlydev
chore(cli): reduce update check interval to 1h during active development
5ab003d
@mostlydev
docs(agents-md): note goreleaser and claw update already exist
e019d0a
@mostlydev
feat(cllama): compile and document model policy
4a030f2
@mostlydev
feat(cllama): add xai seed support and spike coverage
26c754d
@mostlydev
test(spike): use local cllama and native picoclaw
0f79c54
@mostlydev
Merge origin/master into feat/cllama-model-policy-enforcement
98d264b
@mostlydev
docs(update): restore hourly claw update guidance
5628e74
@mostlydev mostlydev merged commit 361be4c into master Mar 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mostlydev