feat: agent source trust-on-first-use model by donbeave · Pull Request #41 · jackin-project/jackin

donbeave · 2026-04-11T13:23:16Z

Summary

Implement trust-on-first-use model for third-party agent sources — untrusted agents require explicit operator confirmation before their Dockerfile is built
Built-in agents (agent-smith, the-architect) are always trusted; new namespaced agents default to untrusted
Trust state persists in config.toml so subsequent loads proceed without prompts
Non-interactive environments get a clear error with instructions to pre-trust via trusted = true in config
Sync roadmap with TODO items (add missing completed/planned entries)
Mark security review findings fix: resolve relative paths in workspace CLI arguments #2 (git source trust) and fix: address pre-launch env review findings #9 (mount guardrails) as resolved

Changes

Core (src/config.rs, src/runtime.rs)

Add trusted: bool field to AgentSource with skip_serializing_if for clean config output
Add trust_agent() method and confirm_agent_trust() interactive prompt
Trust gate runs after repo clone but before Docker build
7 new unit tests covering trust lifecycle, serialization, upgrade path, and non-interactive rejection

Docs (docs/pages/)

commands/load.mdx — trust is step 3 in "What happens", plus warning callout for CI pre-trust
guides/security-model.mdx — new "Agent source trust" section with prompt example, config.toml syntax, threat model row, and best practices update
reference/roadmap.mdx — sync completed/planned items with TODO.md

Bookkeeping

todo/agent-source-trust.md — marked Resolved
TODO.md — moved to Resolved section
SECURITY_REVIEW_FINDINGS.md — findings fix: resolve relative paths in workspace CLI arguments #2 and fix: address pre-launch env review findings #9 marked resolved

Test plan

All 291 tests pass (cargo test)
Zero clippy warnings (cargo clippy)
Formatting clean (cargo fmt -- --check)
Manual test: jackin load chainargos/some-agent shows trust prompt on first use
Manual test: second load of same agent skips prompt
Manual test: non-interactive context (piped stdin) produces clear error

https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

Add a trust gate that prompts operators before building untrusted third-party agents. Built-in agents are always trusted. New namespaced agents default to untrusted and require explicit confirmation on first use. The trusted flag is persisted in config.toml so subsequent runs proceed without prompts. Non-interactive sessions bail with a clear error for untrusted sources. Also syncs the roadmap with TODO items: adds missing completed item (JACKIN_DIND_HOSTNAME), adds missing planned items (Bollard migration), and marks the agent source trust security finding as resolved. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

…lved Rewrite the trust confirmation message to clearly explain what trusting an agent means: Dockerfile execution, arbitrary commands on the host, and workspace file access. The non-interactive error now tells the user how to pre-trust via config.toml. The decline message explains how to retry. Also mark security finding #9 (mount policy guardrails) as resolved since sensitive mount warnings were already implemented. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

Review fixes for the agent source trust model: - Fix duplicate doc comment on trust_agent() (copy-paste from sync_builtin_agents) - Replace confusing `!source.trusted` save condition with explicit `newly_trusted` flag for readability - Add unit test for non-interactive trust gate (verifies the error includes agent name and git URL) - Skip serializing `trusted = false` to keep config.toml clean (only `trusted = true` appears) - Document trust in load.mdx (step 3 in "What happens", warning callout for CI) and security-model.mdx (new section 4 with config.toml example, threat model row, best practices update) https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

- Fix cross-reference link in load.mdx: use #4-agent-source-trust (matching the numbered heading in security-model.mdx) - Rename test to `load_trusted_namespaced_agent_builds_and_runs` since it no longer exercises auto-registration (that's covered by the config test `resolve_agent_source_adds_owner_repo_on_first_use`) https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

Address all follow-up items from the maintainer review: - Extract load_agent_with() with injected trust callback, following the resolve_agent_repo_with() pattern. Tests can now exercise accept and decline paths without mocking dialoguer. - Restore auto-registration test coverage: the accept test uses load_agent_with(auto_trust) so resolve_agent_source's is_new path is exercised again. Add decline test verifying no config persistence and no Docker commands when trust is refused. - Add `jackin trust <selector>` and `jackin untrust <selector>` CLI commands so operators can manage trust without editing config.toml. - Add untrust_agent() to AppConfig with tests. - Document trust/untrust CLI in security-model.mdx and load.mdx. - Document that trust is keyed by selector (not URL) with a note about remote-mismatch protection. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

Follow mise's pattern: `jackin trust` is one command with flags instead of separate trust/untrust subcommands. jackin trust <selector> # grant trust jackin trust <selector> --untrust # revoke trust jackin trust <selector> --show # check status The --show and --untrust flags conflict with each other (enforced by clap). https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

Follow the same pattern as `jackin config mount {add,remove,list}`: jackin config trust grant chainargos/the-architect jackin config trust revoke chainargos/the-architect jackin config trust list This keeps all config mutations under `jackin config` and uses the subcommand pattern consistently throughout the CLI. The `list` subcommand shows all currently trusted agents. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

- is_builtin_agent() check prevents revoking trust on built-in agents (agent-smith, the-architect) which would be silently re-granted by sync_builtin_agents on next load - Add 3 CLI parsing tests for config trust {grant, revoke, list}, matching the existing coverage for config mount {add, remove, list} - Tighten TrustCommand::List doc comment to "List all currently trusted agent sources" https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT

* feat: implement trust-on-first-use model for third-party agent sources Add a trust gate that prompts operators before building untrusted third-party agents. Built-in agents are always trusted. New namespaced agents default to untrusted and require explicit confirmation on first use. The trusted flag is persisted in config.toml so subsequent runs proceed without prompts. Non-interactive sessions bail with a clear error for untrusted sources. Also syncs the roadmap with TODO items: adds missing completed item (JACKIN_DIND_HOSTNAME), adds missing planned items (Bollard migration), and marks the agent source trust security finding as resolved. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * improve trust prompt with clear risk details and mark finding #9 resolved Rewrite the trust confirmation message to clearly explain what trusting an agent means: Dockerfile execution, arbitrary commands on the host, and workspace file access. The non-interactive error now tells the user how to pre-trust via config.toml. The decline message explains how to retry. Also mark security finding #9 (mount policy guardrails) as resolved since sensitive mount warnings were already implemented. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: address PR review — docs, stale comment, save clarity, test, serde Review fixes for the agent source trust model: - Fix duplicate doc comment on trust_agent() (copy-paste from sync_builtin_agents) - Replace confusing `!source.trusted` save condition with explicit `newly_trusted` flag for readability - Add unit test for non-interactive trust gate (verifies the error includes agent name and git URL) - Skip serializing `trusted = false` to keep config.toml clean (only `trusted = true` appears) - Document trust in load.mdx (step 3 in "What happens", warning callout for CI) and security-model.mdx (new section 4 with config.toml example, threat model row, best practices update) https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: broken docs anchor link and misleading test name - Fix cross-reference link in load.mdx: use #4-agent-source-trust (matching the numbered heading in security-model.mdx) - Rename test to `load_trusted_namespaced_agent_builds_and_runs` since it no longer exercises auto-registration (that's covered by the config test `resolve_agent_source_adds_owner_repo_on_first_use`) https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * feat: add jackin trust/untrust CLI, testable trust gate, revocation Address all follow-up items from the maintainer review: - Extract load_agent_with() with injected trust callback, following the resolve_agent_repo_with() pattern. Tests can now exercise accept and decline paths without mocking dialoguer. - Restore auto-registration test coverage: the accept test uses load_agent_with(auto_trust) so resolve_agent_source's is_new path is exercised again. Add decline test verifying no config persistence and no Docker commands when trust is refused. - Add `jackin trust <selector>` and `jackin untrust <selector>` CLI commands so operators can manage trust without editing config.toml. - Add untrust_agent() to AppConfig with tests. - Document trust/untrust CLI in security-model.mdx and load.mdx. - Document that trust is keyed by selector (not URL) with a note about remote-mismatch protection. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * refactor: consolidate trust/untrust into single CLI command Follow mise's pattern: `jackin trust` is one command with flags instead of separate trust/untrust subcommands. jackin trust <selector> # grant trust jackin trust <selector> --untrust # revoke trust jackin trust <selector> --show # check status The --show and --untrust flags conflict with each other (enforced by clap). https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * refactor: move trust CLI under config with grant/revoke/list subcommands Follow the same pattern as `jackin config mount {add,remove,list}`: jackin config trust grant chainargos/the-architect jackin config trust revoke chainargos/the-architect jackin config trust list This keeps all config mutations under `jackin config` and uses the subcommand pattern consistently throughout the CLI. The `list` subcommand shows all currently trusted agents. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: refuse to revoke trust on builtins, add CLI parsing tests - is_builtin_agent() check prevents revoking trust on built-in agents (agent-smith, the-architect) which would be silently re-granted by sync_builtin_agents on next load - Add 3 CLI parsing tests for config trust {grant, revoke, list}, matching the existing coverage for config mount {add, remove, list} - Tighten TrustCommand::List doc comment to "List all currently trusted agent sources" https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT --------- Co-authored-by: Claude <noreply@anthropic.com>

* feat: implement trust-on-first-use model for third-party agent sources Add a trust gate that prompts operators before building untrusted third-party agents. Built-in agents are always trusted. New namespaced agents default to untrusted and require explicit confirmation on first use. The trusted flag is persisted in config.toml so subsequent runs proceed without prompts. Non-interactive sessions bail with a clear error for untrusted sources. Also syncs the roadmap with TODO items: adds missing completed item (JACKIN_DIND_HOSTNAME), adds missing planned items (Bollard migration), and marks the agent source trust security finding as resolved. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * improve trust prompt with clear risk details and mark finding #9 resolved Rewrite the trust confirmation message to clearly explain what trusting an agent means: Dockerfile execution, arbitrary commands on the host, and workspace file access. The non-interactive error now tells the user how to pre-trust via config.toml. The decline message explains how to retry. Also mark security finding #9 (mount policy guardrails) as resolved since sensitive mount warnings were already implemented. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: address PR review — docs, stale comment, save clarity, test, serde Review fixes for the agent source trust model: - Fix duplicate doc comment on trust_agent() (copy-paste from sync_builtin_agents) - Replace confusing `!source.trusted` save condition with explicit `newly_trusted` flag for readability - Add unit test for non-interactive trust gate (verifies the error includes agent name and git URL) - Skip serializing `trusted = false` to keep config.toml clean (only `trusted = true` appears) - Document trust in load.mdx (step 3 in "What happens", warning callout for CI) and security-model.mdx (new section 4 with config.toml example, threat model row, best practices update) https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: broken docs anchor link and misleading test name - Fix cross-reference link in load.mdx: use #4-agent-source-trust (matching the numbered heading in security-model.mdx) - Rename test to `load_trusted_namespaced_agent_builds_and_runs` since it no longer exercises auto-registration (that's covered by the config test `resolve_agent_source_adds_owner_repo_on_first_use`) https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * feat: add jackin trust/untrust CLI, testable trust gate, revocation Address all follow-up items from the maintainer review: - Extract load_agent_with() with injected trust callback, following the resolve_agent_repo_with() pattern. Tests can now exercise accept and decline paths without mocking dialoguer. - Restore auto-registration test coverage: the accept test uses load_agent_with(auto_trust) so resolve_agent_source's is_new path is exercised again. Add decline test verifying no config persistence and no Docker commands when trust is refused. - Add `jackin trust <selector>` and `jackin untrust <selector>` CLI commands so operators can manage trust without editing config.toml. - Add untrust_agent() to AppConfig with tests. - Document trust/untrust CLI in security-model.mdx and load.mdx. - Document that trust is keyed by selector (not URL) with a note about remote-mismatch protection. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * refactor: consolidate trust/untrust into single CLI command Follow mise's pattern: `jackin trust` is one command with flags instead of separate trust/untrust subcommands. jackin trust <selector> # grant trust jackin trust <selector> --untrust # revoke trust jackin trust <selector> --show # check status The --show and --untrust flags conflict with each other (enforced by clap). https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * refactor: move trust CLI under config with grant/revoke/list subcommands Follow the same pattern as `jackin config mount {add,remove,list}`: jackin config trust grant chainargos/the-architect jackin config trust revoke chainargos/the-architect jackin config trust list This keeps all config mutations under `jackin config` and uses the subcommand pattern consistently throughout the CLI. The `list` subcommand shows all currently trusted agents. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: refuse to revoke trust on builtins, add CLI parsing tests - is_builtin_agent() check prevents revoking trust on built-in agents (agent-smith, the-architect) which would be silently re-granted by sync_builtin_agents on next load - Add 3 CLI parsing tests for config trust {grant, revoke, list}, matching the existing coverage for config mount {add, remove, list} - Tighten TrustCommand::List doc comment to "List all currently trusted agent sources" https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT --------- Co-authored-by: Claude <noreply@anthropic.com> Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Codex <codex@openai.com>

* feat: implement trust-on-first-use model for third-party agent sources Add a trust gate that prompts operators before building untrusted third-party agents. Built-in agents are always trusted. New namespaced agents default to untrusted and require explicit confirmation on first use. The trusted flag is persisted in config.toml so subsequent runs proceed without prompts. Non-interactive sessions bail with a clear error for untrusted sources. Also syncs the roadmap with TODO items: adds missing completed item (JACKIN_DIND_HOSTNAME), adds missing planned items (Bollard migration), and marks the agent source trust security finding as resolved. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * improve trust prompt with clear risk details and mark finding #9 resolved Rewrite the trust confirmation message to clearly explain what trusting an agent means: Dockerfile execution, arbitrary commands on the host, and workspace file access. The non-interactive error now tells the user how to pre-trust via config.toml. The decline message explains how to retry. Also mark security finding #9 (mount policy guardrails) as resolved since sensitive mount warnings were already implemented. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: address PR review — docs, stale comment, save clarity, test, serde Review fixes for the agent source trust model: - Fix duplicate doc comment on trust_agent() (copy-paste from sync_builtin_agents) - Replace confusing `!source.trusted` save condition with explicit `newly_trusted` flag for readability - Add unit test for non-interactive trust gate (verifies the error includes agent name and git URL) - Skip serializing `trusted = false` to keep config.toml clean (only `trusted = true` appears) - Document trust in load.mdx (step 3 in "What happens", warning callout for CI) and security-model.mdx (new section 4 with config.toml example, threat model row, best practices update) https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: broken docs anchor link and misleading test name - Fix cross-reference link in load.mdx: use #4-agent-source-trust (matching the numbered heading in security-model.mdx) - Rename test to `load_trusted_namespaced_agent_builds_and_runs` since it no longer exercises auto-registration (that's covered by the config test `resolve_agent_source_adds_owner_repo_on_first_use`) https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * feat: add jackin trust/untrust CLI, testable trust gate, revocation Address all follow-up items from the maintainer review: - Extract load_agent_with() with injected trust callback, following the resolve_agent_repo_with() pattern. Tests can now exercise accept and decline paths without mocking dialoguer. - Restore auto-registration test coverage: the accept test uses load_agent_with(auto_trust) so resolve_agent_source's is_new path is exercised again. Add decline test verifying no config persistence and no Docker commands when trust is refused. - Add `jackin trust <selector>` and `jackin untrust <selector>` CLI commands so operators can manage trust without editing config.toml. - Add untrust_agent() to AppConfig with tests. - Document trust/untrust CLI in security-model.mdx and load.mdx. - Document that trust is keyed by selector (not URL) with a note about remote-mismatch protection. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * refactor: consolidate trust/untrust into single CLI command Follow mise's pattern: `jackin trust` is one command with flags instead of separate trust/untrust subcommands. jackin trust <selector> # grant trust jackin trust <selector> --untrust # revoke trust jackin trust <selector> --show # check status The --show and --untrust flags conflict with each other (enforced by clap). https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * refactor: move trust CLI under config with grant/revoke/list subcommands Follow the same pattern as `jackin config mount {add,remove,list}`: jackin config trust grant chainargos/the-architect jackin config trust revoke chainargos/the-architect jackin config trust list This keeps all config mutations under `jackin config` and uses the subcommand pattern consistently throughout the CLI. The `list` subcommand shows all currently trusted agents. https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT * fix: refuse to revoke trust on builtins, add CLI parsing tests - is_builtin_agent() check prevents revoking trust on built-in agents (agent-smith, the-architect) which would be silently re-granted by sync_builtin_agents on next load - Add 3 CLI parsing tests for config trust {grant, revoke, list}, matching the existing coverage for config mount {add, remove, list} - Tighten TrustCommand::List doc comment to "List all currently trusted agent sources" https://claude.ai/code/session_01SkHoAne5Q5EpUybYk6ghUT --------- Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Codex <codex@openai.com>

Address review findings for stale comments, the `instance_action_accepts_status` negative-match idiom, and two workflow rough edges. Comments - `crates/jackin-container/src/daemon.rs:12` module doc: replace the stale "daemon is persistent: does not exit when the last session dies" line with the actual behavior (exits when sessions empty so the container reaps cleanly), matching memory file `container-lifecycle-policy.md`. - `daemon.rs::ClientFrame::Command`: drop "Phase 3 has no senders yet" transitional reference. - `daemon.rs::handle_attach_client` / `drain_and_exit`: move the "Per-client connection handler..." docstring onto `handle_attach_client` where it actually applies, and leave the Shutdown-and-pause description on `drain_and_exit`. - `dialog.rs::PALETTE_ITEMS`: drop the "the New agent session entry was removed" PR-history sentence; keep the "Next/Previous tab not in palette" rationale because that *describes current design*, not history. - `runtime/attach.rs::reconnect_or_create_session`: delete the fossilised `TMUX= prevents nested-session warnings` docstring (function never set TMUX=, and tmux is gone from the runtime entirely) and collapse the redundant `has_sessions`/`let _` pair. - `src/console/manager/render/list.rs::compute_sidebar_layout`: rewrite the misleading "Global mounts header still renders alone" comment to describe the actual `show_global`/`show_role_global` truth table. `instance_action_accepts_status` exhaustive grid (#25) - Convert to a 2D `match (action, status)` with positive matches per arm. The previous `!matches!(status, Purged)` shape silently flipped half the action × status grid whenever a new `InstanceStatus` variant was added — exactly the kind of regression the project's single-reviewer staffing rule says compile-time exhaustiveness should catch. Workflow polish (#41) - `preview.yml`: `gh release delete preview` previously masked all errors via `2>/dev/null || true`, so auth / rate-limit failures surfaced as a confusing "tag already exists" error from the next step. Branch on "release not found" (legit on fresh repo) vs any other failure (error out with the captured stderr). - Same job: add `set -euo pipefail` to both the publish-binary block and the release-publish block so a mid-pipeline failure doesn't silently continue. Co-authored-by: Claude <noreply@anthropic.com> Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com>

Address review findings for stale comments, the `instance_action_accepts_status` negative-match idiom, and two workflow rough edges. Comments - `crates/jackin-container/src/daemon.rs:12` module doc: replace the stale "daemon is persistent: does not exit when the last session dies" line with the actual behavior (exits when sessions empty so the container reaps cleanly), matching memory file `container-lifecycle-policy.md`. - `daemon.rs::ClientFrame::Command`: drop "Phase 3 has no senders yet" transitional reference. - `daemon.rs::handle_attach_client` / `drain_and_exit`: move the "Per-client connection handler..." docstring onto `handle_attach_client` where it actually applies, and leave the Shutdown-and-pause description on `drain_and_exit`. - `dialog.rs::PALETTE_ITEMS`: drop the "the New agent session entry was removed" PR-history sentence; keep the "Next/Previous tab not in palette" rationale because that *describes current design*, not history. - `runtime/attach.rs::reconnect_or_create_session`: delete the fossilised `TMUX= prevents nested-session warnings` docstring (function never set TMUX=, and tmux is gone from the runtime entirely) and collapse the redundant `has_sessions`/`let _` pair. - `src/console/manager/render/list.rs::compute_sidebar_layout`: rewrite the misleading "Global mounts header still renders alone" comment to describe the actual `show_global`/`show_role_global` truth table. `instance_action_accepts_status` exhaustive grid (#25) - Convert to a 2D `match (action, status)` with positive matches per arm. The previous `!matches!(status, Purged)` shape silently flipped half the action × status grid whenever a new `InstanceStatus` variant was added — exactly the kind of regression the project's single-reviewer staffing rule says compile-time exhaustiveness should catch. Workflow polish (#41) - `preview.yml`: `gh release delete preview` previously masked all errors via `2>/dev/null || true`, so auth / rate-limit failures surfaced as a confusing "tag already exists" error from the next step. Branch on "release not found" (legit on fresh repo) vs any other failure (error out with the captured stderr). - Same job: add `set -euo pipefail` to both the publish-binary block and the release-publish block so a mid-pipeline failure doesn't silently continue. Co-authored-by: Codex <codex@openai.com> Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com>

Address review findings for stale comments, the `instance_action_accepts_status` negative-match idiom, and two workflow rough edges. Comments - `crates/jackin-container/src/daemon.rs:12` module doc: replace the stale "daemon is persistent: does not exit when the last session dies" line with the actual behavior (exits when sessions empty so the container reaps cleanly), matching memory file `container-lifecycle-policy.md`. - `daemon.rs::ClientFrame::Command`: drop "Phase 3 has no senders yet" transitional reference. - `daemon.rs::handle_attach_client` / `drain_and_exit`: move the "Per-client connection handler..." docstring onto `handle_attach_client` where it actually applies, and leave the Shutdown-and-pause description on `drain_and_exit`. - `dialog.rs::PALETTE_ITEMS`: drop the "the New agent session entry was removed" PR-history sentence; keep the "Next/Previous tab not in palette" rationale because that *describes current design*, not history. - `runtime/attach.rs::reconnect_or_create_session`: delete the fossilised `TMUX= prevents nested-session warnings` docstring (function never set TMUX=, and tmux is gone from the runtime entirely) and collapse the redundant `has_sessions`/`let _` pair. - `src/console/manager/render/list.rs::compute_sidebar_layout`: rewrite the misleading "Global mounts header still renders alone" comment to describe the actual `show_global`/`show_role_global` truth table. `instance_action_accepts_status` exhaustive grid (#25) - Convert to a 2D `match (action, status)` with positive matches per arm. The previous `!matches!(status, Purged)` shape silently flipped half the action × status grid whenever a new `InstanceStatus` variant was added — exactly the kind of regression the project's single-reviewer staffing rule says compile-time exhaustiveness should catch. Workflow polish (#41) - `preview.yml`: `gh release delete preview` previously masked all errors via `2>/dev/null || true`, so auth / rate-limit failures surfaced as a confusing "tag already exists" error from the next step. Branch on "release not found" (legit on fresh repo) vs any other failure (error out with the captured stderr). - Same job: add `set -euo pipefail` to both the publish-binary block and the release-publish block so a mid-pipeline failure doesn't silently continue. Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Codex <codex@openai.com>

claude added 8 commits April 11, 2026 12:59

donbeave merged commit 43d079f into main Apr 11, 2026
3 checks passed

donbeave deleted the claude/review-project-todos-EhQka branch April 11, 2026 16:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: agent source trust-on-first-use model#41

feat: agent source trust-on-first-use model#41
donbeave merged 8 commits into
mainfrom
claude/review-project-todos-EhQka

donbeave commented Apr 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

donbeave commented Apr 11, 2026

Summary

Changes

Test plan

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants