feat(CC-264b): executor-agnostic Phase 3 post-verify pipeline#164
Merged
Conversation
Add dispatch-post-verify.sh to validate any executor's .agent-trace output after dispatch — checks trace existence, symlink path containment, renders latest.last/stderr/git diff/git status, and enforces explicit 'cmd: pass' evidence for each self_verify command. Key design: FOUND only when latest.last contains literal '<cmd>: pass' substring; any other status (skipped, fail, absent, ambiguous prose) is MISSING and exits 1. Symlink targets for latest.last and latest.stderr are validated with readlink -f to reject path traversal outside .agent-trace/. Includes 16 regression tests (case_fail_selfverify_skipped, case_symlink_stderr_outofdir_rejected added in R3 to cover gate findings). Also: tighten claude-executor.md lifecycle ordering (trace write before final response), update executor-contract.md with self_verify result format and symlink-or-regular-file clarification, register suite in run-all-tests.sh and lint.yml CI, update BACKLOG/MILESTONES for CC-264/265/266. Gate: full tier GO (qa-tester pass, security-reviewer pass, risk-reviewer pass, critic+architecture-reviewer advise only — no blockers). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
scripts/dispatch-post-verify.sh— Phase 3 executor-agnostic verifier: checks.agent-traceexistence, symlink path containment (prevents path traversal), renders latest.last/stderr/git diff/git status, and enforces explicitcmd: passevidence for eachself_verifycommandscripts/test-dispatch-post-verify.sh— 16 regression tests covering happy path, boundary cases, symlink escape rejection, and all self_verify evidence variants (pass, fail-prefix, colon-fail, skipped, absent)agents/claude-executor.mdlifecycle ordering: trace write (step 6) must complete before final text responsedocs/executor-contract.md: self_verify result format documented (cmd: pass/cmd: fail: <reason>), table clarified to "symlink or regular file"scripts/run-all-tests.sh(32 suites) and.github/workflows/lint.ymlCI⚠️ partial, CC-265 (remove caveman) added, CC-266 (adapters/claude dispatch path) added, CC-262 status correctedKey design decisions
FOUND requires explicit
cmd: pass(not just command presence, not rejection of known failure tokens):grep -qF "${cmd}: pass" "$LATEST_LAST". Any other status — skipped, fail, absent — is MISSING and exits 1. This closed-world approach prevents ambiguous executor prose from passing as verified.Symlink path containment:
readlink -fvalidation for bothlatest.lastandlatest.stderrrejects targets outside.agent-trace/before reading.Gate result
Full tier —
Final: GO(gate-20260526-121852.md)Test plan
bash scripts/test-dispatch-post-verify.sh→ 16 passed, 0 failedbash scripts/run-all-tests.sh→ 32 suites, 0 failedgit diff --check origin/main→ exit 0🤖 Generated with Claude Code