Skip to content

Add SQLite daemon migrations and reentrant session test#27

Merged
Aaronontheweb merged 2 commits into
devfrom
feature/sqlite-persistence-migrations
Feb 24, 2026
Merged

Add SQLite daemon migrations and reentrant session test#27
Aaronontheweb merged 2 commits into
devfrom
feature/sqlite-persistence-migrations

Conversation

@Aaronontheweb

@Aaronontheweb Aaronontheweb commented Feb 24, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • add daemon-side SQLite persistence configuration with startup schema migration support and versioned SQL scripts for Akka persistence tables plus data migration tracking
  • add ~/.netclaw/netclaw.db path support and document host/docker upgrade workflow in a new daemon upgrade runbook
  • add an integration test that verifies reattaching an existing session after transport disconnect using in-memory state

Validation

  • dotnet build Netclaw.slnx
  • dotnet test Netclaw.slnx
  • dotnet slopwatch analyze
  • daemon start/stop manual check with SQLite migration creation

@Aaronontheweb
Add SQLite persistence migrations and reconnect session test
4bc426b 
Introduce a lightweight startup schema migrator for daemon SQLite persistence, include initial Akka.Persistence.Sql table DDL, and add upgrade runbook guidance for host and Docker deployments. Add an in-memory reconnect integration test that verifies session reattachment after transport disconnects.
@Aaronontheweb
Use validated typed persistence options for daemon config
7878287 
Replace string-based persistence provider selection with a strongly typed enum and add startup options validation using IValidateOptions with ValidateOnStart. Document that persistence configuration belongs in netclaw.json and not secrets.json.
@Aaronontheweb Aaronontheweb enabled auto-merge (squash) February 24, 2026 22:05
@Aaronontheweb Aaronontheweb merged commit 4c74e74 into dev Feb 24, 2026
4 checks passed
@Aaronontheweb Aaronontheweb deleted the feature/sqlite-persistence-migrations branch February 24, 2026 22:08
Aaronontheweb added a commit to Aaronontheweb/netclaw that referenced this pull request May 12, 2026
@Aaronontheweb
chore(deps): bump ShellSyntaxTree to 0.1.4-alpha (greedy verb-chain)
fd51f94 
0.1.4-alpha lands the issue netclaw-dev#27 fix: the parser extends the verb chain
greedily through every "verb-like" token until it hits a flag (-x) or a
path (anything containing / or .). Production hit on `git worktree list`
(extracted as `git worktree`, mismatching at retry time) is fixed —
multi-token CLI subcommands now extract cleanly without per-CLI tables.

Side effects:
- Auto-proposed verb patterns are narrower. `git push origin main` now
  proposes `git push origin main *` instead of `git push *`. This is
  intentionally tighter — approving the specific argument set is safer
  than approving the whole verb family.
- Test expectations updated for the new shape. Three new integration
  cases cover stop-at-flag, stop-at-path, and the multi-token CLI
  subcommand regression directly.
- TrustState xmldoc updated: verb-pattern matching is exact verb-chain
  equality + arg-glob suffix, so a stale `git push *` no longer matches
  a `git push origin main` invocation. Operators with persisted
  `git push *` from older runs will be re-prompted on the new shape.

557 Security tests + 314 Configuration tests + 1528 Actors tests pass.
Aaronontheweb added a commit to Aaronontheweb/netclaw that referenced this pull request May 12, 2026
@Aaronontheweb
fix(security): use ShellSyntaxTree for v2 verb-chain extraction
c69ea0a 
The v2 approval matcher's `ExtractVerbChain` was capping at depth 2,
truncating multi-token CLI subcommands like `freshdesk ticket list` and
`git worktree list` to two tokens (`freshdesk ticket`, `git worktree`).
The truncation surfaced two ways in production:

- Approval prompts displayed misleading verb names ("Approve `freshdesk
  ticket` in this session?" for what is really `freshdesk ticket list`).
- Verb-chain mismatch between approval-prompt time and retry time
  threw `ToolApprovalRequiredException` mid-flight, surfacing as
  "I encountered an error executing a tool" with a correlation ID.

The 0.1.4-alpha ShellSyntaxTree bump shipped a greedy verb-chain
extractor (issue netclaw-dev#27), but it was only wired into the new
GateEvaluator/TrustStateComposer code path — which isn't on the live
runtime approval flow yet (trust-zones milestones B-N pending). This
puts it on the v2 path so the live prompt benefits immediately.

`ShellApprovalSemanticsBase.ExtractVerbChain` now delegates to
`BashParser.Parse(...).Clauses[0].Verb.Joined` for greedy extraction.
The path-aware/side-effect short-circuit (cap at depth 1 for cat, grep,
find, ls, echo, printf, etc.) is preserved as a post-check so positional
search patterns and target paths don't bake into persisted approval
keys (`grep secret /var/log/syslog` still extracts as `grep` alone).

`maxDepth` is now an upper bound rather than a default cap; the
default is `int.MaxValue` so callers get greedy extraction unless
they explicitly request a tighter chain.

Tests:
- ShellTokenizerTests: existing depth-2 expectations updated to greedy
  shape (`git push origin main`, `kubectl delete pod my-pod`,
  `docker compose up`). Path-aware verbs unchanged (cat, grep, ls
  still cap at 1).
- New regression theory `ExtractVerbChain_extracts_multi_token_cli_subcommands`
  pins the production hits: freshdesk ticket list, git worktree list,
  gh pr view, kubectl get pods.
- ToolApprovalGateTests: gate test renamed and re-asserted to expect
  the greedy chain on `git push origin main`.

561 Security + 1530 Actors + 314 Configuration tests pass.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aaronontheweb