Owlibou/gnoma
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c7eb14ee31c22aed52c6d5e763fc4cf5eb95ce1e
gnoma/TODO.md
T
vikingowl d6614545a9 feat(security): wrap engine.Config.Provider + SetProvider doc (W1 follow-up) 
Advisor flagged that engine.Config.Provider stayed raw, so the safety
property was 'every call goes through buildRequest' instead of the
stronger 'every Stream call routes through a SafeProvider.' Wrap it
even though buildRequest still scans inline — at worst this costs one
extra idempotent scan pass; it removes the 'someone adds a fifth engine
Stream site that skips buildRequest' failure mode.

Engine.SetProvider gets a doc comment establishing the wrap contract
for callers. No active callers today, but documenting it now prevents
the future bypass.

Confirmed elf engines inherit the wrap automatically:
  - elf.Manager.Spawn passes arm.Provider (already *SafeProvider after
    W1-3a)
  - elf.Manager.SpawnWithProvider has no callers — dead code path

Added the Wave 1 plan to TODO.md under active plans.
2026-05-19 22:37:24 +02:00

2.3 KiB
Raw Blame History

Gnoma — TODO

Active plans, newest first:

  • docs/superpowers/plans/2026-05-19-security-wave1-safeprovider.md — post-audit hardening, Wave 1. Closes the four firewall-bypass call sites (SLM classifier, summarizer, prompt hook, routerStreamer) by introducing security.SafeProvider at the provider boundary. In progress on feat/security-wave1-safeprovider — implementation complete; ADR and merge pending. Waves 2 (incognito coherence) and 3 (scanner + path hygiene) are scoped but not yet drafted.
  • docs/superpowers/plans/2026-05-19-post-slm-unlock.md — outstanding work after the SLM unlock session. Phases A (two-stage tool routing), B (CLI agent binary override), C (user profiles), and D (per-arm capability tags) are complete. Phase E (compound tools) is held until ≥50 SLM observations inform which primitives are worth adding.
  • docs/superpowers/plans/2026-05-07-gnoma-roadmap.md — broader roadmap (PTY shell, USP integration, ELF, distribution). Phase 4 ("Router Revisit") is superseded by the post-SLM plan above.

Phases (2026-05-07 roadmap):

  1. M8 Cleanup (wiring gaps)
  2. PTY Interactive Shell (tea.ExecProcess)
  3. SLM Task Classifier (Ollama HTTP, opt-in) — complete
  4. Router Revisit — superseded by post-SLM plan
  5. USP Security Integration
  6. ELF Binary Support (deferred/opportunistic)
  7. Distribution (CI trigger for goreleaser)

Stable Backlog (not in active phases)

  • Thinking mode (disabled / budget / adaptive) — M12 in milestones
  • Structured output with JSON schema validation — M12
  • SQLite session persistence + serve mode — M10
  • Task learning (pattern recognition, persistent tasks) — M11
  • Web UI (gnoma web) — M15
  • OAuth / keyring — M13
  • Observability (feature flags, cost dashboards) — M14
  • PE / Mach-O support — future, after ELF Phase 6

Architecture References

  • Milestones: docs/essentials/milestones.md
  • Decisions: docs/essentials/decisions/
  • ADR-013 (SLM routing, supersedes ADR-009): docs/essentials/decisions/002-slm-routing.md
Reference in New Issue View Git Blame Copy Permalink