Skip to content

feat: Phase 1 advisory leases and structured safety evaluator#144

Merged
toasterbook88 merged 2 commits into
mainfrom
feat/advisory-leases-and-safety
May 31, 2026
Merged

feat: Phase 1 advisory leases and structured safety evaluator#144
toasterbook88 merged 2 commits into
mainfrom
feat/advisory-leases-and-safety

Conversation

@toasterbook88
Copy link
Copy Markdown
Owner

@toasterbook88 toasterbook88 commented May 30, 2026

This PR unifies the Phase 1 advisory resource leases (Triangle spec) and the structured safety evaluator into a single robust security layer.

Changes Implemented

  1. Advisory Resource Leases (Triangle):

    • Added triangle_request_lease, triangle_release_lease, and triangle_heartbeat_lease MCP tools.
    • Wired syscall.Flock exclusive file locking on ~/.axis/ledger.json.lock in internal/reservation/persist.go with a 500ms timeout retry loop to ensure concurrency safety.
    • Propagated call context (context.Context) through the locking path to ensure retries are gracefully cancellable.
    • Standardized lease ID structure (lease-<UnixNano>) and enforced duration_seconds > 0.
    • Integrated automatic reservation ledger reloading in internal/daemon/daemon.go.

  2. Structured Safety Evaluator:

    • De-gated the structured safety evaluator by deleting the compile-gating stubs in structured_default.go and removing the //go:build safety_scaffolded tag from structured.go.
    • Unified safety gates by delegating VerdictDeny commands in safety.Check (blocker.go) directly to the structured ruleset, preserving existing cluster-resource fallbacks.
    • Added TestCheckDelegatesToStructuredEvaluator in blocker_test.go and imported strings.

  3. Hygiene & Documentation:

    • Resolved 8 linter warnings regarding unused parameters in mcp_client.go, explain.go, and triangle.go.
    • Added comprehensive design documentation including docs-evaluation.md, future/triangle-orchestration.md, and the hybrid spec.

Verification Results

  • All unit and integration test suites compile and pass successfully (go test ./... -> PASS).
  • Executions of blocked commands (e.g. sudo rm -rf) and prompted commands behave correctly under the unified gate.

feat: Phase 1 advisory resource leases (Triangle) + cross-process safety
f885dbf 
- Add triangle_request_lease / release / heartbeat MCP tools (internal/mcp/triangle.go)
- Exclusive 500ms flock-based ledger locking with ctx propagation (reservation/persist.go + ledger.go)
- Daemon refresh now loads reservation ledger (internal/daemon/daemon.go)
- Snapshot staleness + duration > 0 guards + auto-ID collision note
- Hygiene cleanups (8 unused param warnings removed)
- Design docs: docs-evaluation.md + future/triangle-orchestration.md + hybrid-orchestration-spec + annotated variant
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces the 'Triangle' multi-agent orchestration substrate, adding advisory resource lease tools (triangle_request_lease, triangle_release_lease, triangle_heartbeat_lease) to the MCP server and integrating cross-process file locking in the reservation ledger. It also wires the structured safety evaluator into the execution blocker and removes obsolete compile-gated stubs. Feedback on these changes suggests making the lease duration parameter truly optional by applying a default value, and optimizing the safety check path by reusing a package-level evaluator instance instead of recreating it on every call.

Comment thread internal/mcp/triangle.go
Comment thread internal/safety/blocker.go Outdated
feat: wire structured safety evaluator and deprecate stubs
a90438d 
- Remove //go:build safety_scaffolded tag from structured.go
- Delete structured_default.go compile-gating stubs
- Unify safety.Check by delegating VerdictDeny commands to the structured evaluator
- Add TestCheckDelegatesToStructuredEvaluator test to blocker_test.go
- Optimize safety evaluator by reusing package-level defaultEvaluator (review feedback)
- Make lease duration optional with 120s default (review feedback)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@toasterbook88 toasterbook88 force-pushed the feat/advisory-leases-and-safety branch from 16ef917 to a90438d Compare May 30, 2026 00:53
@toasterbook88
Copy link
Copy Markdown
Owner Author

toasterbook88 commented May 30, 2026

I have addressed the review feedback and updated the PR:

  1. Optional Lease Duration: Updated triangleRequestLeaseTool in internal/mcp/triangle.go so that if duration_seconds is <= 0, it defaults to 120 seconds (2 minutes). Also updated the corresponding test suite in internal/mcp/triangle_test.go (TestTriangleTools_DefaultDuration) to verify this fallback behavior.
  2. Safety Evaluator Optimization: Declared a package-level defaultEvaluator in internal/safety/blocker.go and reused it inside Check(), preventing the overhead of re-allocating the ruleset and evaluator on every call.

All local quality checks pass. Pushed updates to trigger CI validation.

@toasterbook88 toasterbook88 merged commit b7ccc74 into main May 31, 2026
8 checks passed
@toasterbook88 toasterbook88 deleted the feat/advisory-leases-and-safety branch May 31, 2026 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@toasterbook88