Owlibou/gnoma
2
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
Files
d5958203cb262e155dcccc285cef45de0965c9ff
gnoma/internal/tool
T
History
vikingowl 34f6f1c786 feat(security): incognito coherence across firewall/router/persist (Wave 2) 
Closes the cluster of audit findings where gnoma's incognito promise
('no persistence, no learning, local-only routing') silently broke
because state was duplicated across the CLI flag, the firewall's
IncognitoMode, the router's localOnly flag, and the TUI's local
m.incognito field. Wave 2 makes security.IncognitoMode the canonical
source of truth.

W2-1 Router.Select rejects forced non-local arms when localOnly is on
  rather than short-circuiting and silently routing to cloud. Main
  fails fast when --incognito + --provider <cloud> are combined; the
  TUI toggle (Ctrl+X, /incognito, config panel) refuses with an
  actionable message when a non-local arm is pinned. Factored the
  three duplicated toggle sites into Model.attemptIncognitoToggle.

W2-2 persist.Store.Save consults an IncognitoGate (local interface,
  *security.IncognitoMode satisfies it). nil gate = always persist
  (legacy behaviour for tests); non-nil gate is consulted on every
  Save so TUI runtime toggles take effect without reconstructing the
  store. File mode 0o600, dir mode 0o700.

W2-3 tui.New seeds m.incognito from cfg.Firewall.Incognito().Active().
  Fixes the Ctrl+X-on-launch-with-incognito case where the first
  toggle silently turned the firewall OFF because the local flag
  started false out of sync with the firewall.

W2-4 saveQuality gates on both *incognito (defensive, covers the
  window before fwRef.Set fires) and fw.Incognito().ShouldLearn() (so
  TUI Ctrl+X suppresses the snapshot on exit). Quality restore skipped
  under --incognito. Quality file written 0o600 in dir 0o700.
  engine.reportOutcome and elf.Manager.ReportResult both gate on
  fw.Incognito().ShouldLearn() — bandit signal no longer leaks out of
  incognito sessions.

W2-5 session files written 0o600 in dirs 0o700 (was 0o644 / 0o755).

W2-6 IncognitoMode.LocalOnly dropped — dead field with no readers;
  routing local-only state lives on the router, not the firewall.

Also wires rtr.SetLocalOnly(true) when --incognito at launch — main
previously activated the firewall's flag but never told the router to
filter, so even without the forced-arm bug, launching with
--incognito alone gave you 'incognito badge but full arm pool'.
2026-05-19 22:57:36 +02:00
..
agent
feat(security): incognito coherence across firewall/router/persist (Wave 2)
2026-05-19 22:57:36 +02:00
bash
feat(engine): two-stage tool routing for small local arms
2026-05-19 20:53:21 +02:00
fs
feat(engine): two-stage tool routing for small local arms
2026-05-19 20:53:21 +02:00
persist
feat(security): incognito coherence across firewall/router/persist (Wave 2)
2026-05-19 22:57:36 +02:00
sysinfo
feat: compact system inventory with queryable system_info tool
2026-04-03 14:50:33 +02:00
category_test.go
feat(engine): two-stage tool routing for small local arms
2026-05-19 20:53:21 +02:00
category.go
feat(engine): two-stage tool routing for small local arms
2026-05-19 20:53:21 +02:00
registry_test.go
chore(lint): clear remaining errcheck and staticcheck findings
2026-05-19 17:53:42 +02:00
registry.go
feat: Ollama/gemma4 compat — /init flow, stream filter, safety fixes
2026-04-05 19:24:51 +02:00
result.go
feat: complete M1 — core engine with Mistral provider
2026-04-03 12:01:55 +02:00
tool.go
feat(engine): M8 cleanup — Wave B skill enforcement
2026-05-07 15:29:33 +02:00