ezer-mishpati/legal-ai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FU-8a: process→code guards (GAP-21/22) #16

Merged
chaim merged 6 commits from fix/fu8a-process-to-code-guards into main 2026-05-31 11:36:07 +00:00
Conversation 0 Commits 6 Files Changed 7 +645 -36
chaim commented 2026-05-31 11:36:06 +00:00
Owner
Copy Link

Summary

שני מחסומי-תהליך הופכים למחסומי-קוד (architectural fitness functions). מספק INV-MC1/INT1/INT3.

  • GAP-21sync_agents_across_companies.py: חולץ build_drift_report + _verify_exit_code טהורים; --verify יוצא exit≠0 על כל drift (needs-sync / adapter-mismatch / missing-in-mirror); adapter_type-mismatch מדווח רם כ-DRIFT (לא silent SKIPPING). --apply ללא שינוי. שמיש כ-gate ל-cron/CI.
  • GAP-22 — fitness-function (tests/test_paperclip_access_guard.py) שחוסם גישת-Paperclip לא-מאושרת: raw HTTP ל-Paperclip + INSERT INTO agent_wakeup_requests. כלל ה-INSERT אוניברסלי (לא allowlisted — invariant קשיח); כלל ה-HTTP מחריג את ה-helpers המאושרים + כלי-אופרטור standalone (קטגוריה נפרדת — מאומת מול fitness-function scope + DRY).

Verification

  • 122 passed (כולל 6 GAP-21 + 5 GAP-22).
  • smoke: --verify מול ה-Paperclip DB החי → IN SYNC, exit=0 (ה-gate עובד end-to-end).
  • ה-repo נסרק: 0 הפרות-גישה (כל כלי-האופרטור ב-allowlist מנומק; ארכיון מוחרג).

Scope

GAP-23 (חיווט ספ→סוכנים, משנה התנהגות-ייצור) הופרד ל-#69/FU-8b.

🤖 Generated with Claude Code

## Summary שני מחסומי-תהליך הופכים למחסומי-קוד (architectural fitness functions). מספק INV-MC1/INT1/INT3. - **GAP-21** — `sync_agents_across_companies.py`: חולץ `build_drift_report` + `_verify_exit_code` טהורים; **`--verify` יוצא exit≠0 על כל drift** (needs-sync / adapter-mismatch / missing-in-mirror); adapter_type-mismatch מדווח רם כ-DRIFT (לא silent SKIPPING). `--apply` ללא שינוי. שמיש כ-gate ל-cron/CI. - **GAP-22** — fitness-function (`tests/test_paperclip_access_guard.py`) שחוסם גישת-Paperclip לא-מאושרת: raw HTTP ל-Paperclip + `INSERT INTO agent_wakeup_requests`. כלל ה-INSERT **אוניברסלי** (לא allowlisted — invariant קשיח); כלל ה-HTTP מחריג את ה-helpers המאושרים + כלי-אופרטור standalone (קטגוריה נפרדת — מאומת מול fitness-function scope + DRY). ## Verification - 122 passed (כולל 6 GAP-21 + 5 GAP-22). - smoke: `--verify` מול ה-Paperclip DB החי → IN SYNC, exit=0 (ה-gate עובד end-to-end). - ה-repo נסרק: 0 הפרות-גישה (כל כלי-האופרטור ב-allowlist מנומק; ארכיון מוחרג). ## Scope GAP-23 (חיווט ספ→סוכנים, משנה התנהגות-ייצור) הופרד ל-#69/FU-8b. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
chaim added 6 commits 2026-05-31 11:36:07 +00:00
docs(spec): FU-8a process→code guards design (GAP-21/22) + split GAP-23 to #69 e8431a2adf 
GAP-21: sync_agents --verify exits non-zero on drift; adapter_type mismatch
counted as drift (loud), not silent skip — makes it an enforceable gate (INV-MC1).
GAP-22: fitness-function pytest guarding against raw Paperclip HTTP + direct
agent_wakeup_requests INSERT (INV-INT1/INT3). Repo pre-scanned: 0 existing
violations → clean forward-fence. Verified vs 3+ sources (architectural fitness
functions; drift-verify non-zero exit). GAP-23 (spec→agents) split to #69.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
docs(plan): FU-8a process→code guards implementation plan (3 tasks, TDD) adc196ac20 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
feat(sync): --verify exits non-zero on drift; adapter mismatch = loud drift (GAP-21, FU-8a) aac383acb7 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
feat(guard): fitness function blocking raw Paperclip access (GAP-22, FU-8a) a66ab3b3cd 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat(guard): fitness function blocking raw Paperclip access (GAP-22, FU-8a) 4d8422198a 
Wakeup-INSERT rule is universal (never allowlisted — hard invariant). Raw-HTTP
rule exempts the sanctioned helpers + standalone operator/admin scripts (a
distinct category per fitness-function scope differentiation + DRY: tooling
needn't reuse the FastAPI wrapper). Repo scanned clean under these rules.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
docs(scripts): note sync --verify drift-gate semantics (FU-8a) e5b34e01dc
chaim merged commit 9dbc1bafbf into main 2026-05-31 11:36:07 +00:00
chaim deleted branch fix/fu8a-process-to-code-guards 2026-05-31 11:36:07 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
chaim
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ezer-mishpati/legal-ai#16
Delete Branch "fix/fu8a-process-to-code-guards"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?