^R D4: extract trusted host-command execution into scripts/lib/launcher/host-exec.sh#395
Merged
Conversation
…ost-exec.sh (byte-identical move, shellcheck/shfmt/bash-n green and module body proven equal via diff/md5; launcher is user-visible but behavior is unchanged) (risk: touches the trusted host-exec primitives the launcher uses to run host tools under env -i, so a subtle change could weaken the runtime boundary; case: pure contiguous move of resolve_fixed_host_tool/run_clean_host_command/run_clean_host_command_in_dir with zero logic change, dependencies TRUSTED_HOST_PATH + resolve_workcell_real_home already sourced before the new module, first call site after the source line) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… execution impact; markdownlint green; supporting documentation for the D4 host-exec extraction) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…he extracted scripts/lib/launcher/host-exec.sh is now sourced launcher code, but GenerateControlPlaneManifest in internal/metadatautil/core.go only listed the older host artifacts, so the new module was outside the signed/provenance-verified manifest and host-exec changes wouldn't be caught; add it to hostArtifacts and regenerate control-plane-manifest.json) (manifest verify + go test green; supporting the D4 host-exec extraction - closes the provenance gap the move opened) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Owner
Author
|
@codex review |
|
Codex Review: Didn't find any major issues. Swish! Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
D4 (modularize the launcher) — increment 2 of N. Follows #394 (host-detection module, merged). Extracts the trusted-host-command-execution primitives from the 9k-line
scripts/workcellinto a sourced module.What
scripts/lib/launcher/host-exec.sh:resolve_fixed_host_tool,run_clean_host_command,run_clean_host_command_in_dirmoved verbatim (byte-identical, md5-confirmed) fromscripts/workcell. Contiguous block; nothing left behind. Dependencies (TRUSTED_HOST_PATH,resolve_workcell_real_homefrom the already-sourcedtrusted-docker-client.sh) resolve before the source line; first call site is after it.scripts/workcell: block deleted + onesource …/host-exec.shline.internal/metadatautil/core.go: added the module tohostArtifactsso it's inside the signed control-plane manifest (the provenance step Codex flagged on ^R D4: extract host-detection into scripts/lib/launcher/host-detect.sh + launcher-contract.md #394); manifest regenerated.shell_filesgates (validate-repo.sh,dev-quick-check.sh); added its contract section todocs/launcher-contract.md.Behavior-preserving
Pure move, zero logic change — the extracted functions are byte-identical (md5 match) and sourcing + calling returns identical results.
Validation
shellcheck -x,shfmt -d,bash -n scripts/workcell,go build/go test ./internal/metadatautil, control-plane manifest verify, markdownlint — all green. 197 lines / 7 files.🤖 Generated with Claude Code