Conversation
There was a problem hiding this comment.
Pull request overview
Adds a repository-level architecture review document to capture current crate/trust boundaries, highlight overlapping policy/proxy/credential responsibilities, and recommend small consolidation steps before further drift.
Changes:
- Introduces a dated architecture review doc covering policy planes,
zeroclawedresponsibility boundaries, credential materialization direction, wrapper-first host-agent hardening, and model gateway RFC sequencing.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| The repository has six Rust crates: | ||
|
|
||
| | Crate | Current role | | ||
| |---|---| |
There was a problem hiding this comment.
Codex integration sweep: acknowledged. I am leaving this PR branch untouched per the parallel-agent boundary; this remains actionable for the PR owner or a follow-up unless it is superseded by #38.
| This also supports the fnox direction: a fnox writer or UI can create secret | ||
| material, but runtime callers still get only injection, not readback. |
There was a problem hiding this comment.
Codex integration sweep: acknowledged. I am leaving this PR branch untouched per the parallel-agent boundary; this remains actionable for the PR owner or a follow-up unless it is superseded by #38.
|
Acknowledged. The architecture review document is helpful as a reference — no merge conflicts expected since it's docs-only. Will keep visible during follow-up work on the gateway / MCP integration. |
Codex agent's strategic architecture review. Five findings: shared decision envelope, zeroclawed crate ownership boundaries, credential injection consolidation onto onecli, wrapper-first host-agent default, model-gateway-RFC implementation sequencing. Merging as the doc reference for the architecture work to come.
Summary
zeroclawedinternal domains, OneCLI-only secret materialization, wrapper-first host-agent architecture, and RFC-aligned model gateway work.Why
The project has strong sidecar separation already, but several components now overlap on policy, proxy, credential, and gateway concepts. This review captures small consolidation moves before those concepts drift further.
Validation
Draft until the recommendations are triaged into concrete implementation issues or PRs.