Skip to content

^R D4: extract Go/Colima host-utility wrappers into scripts/lib/launcher/go-hostutil.sh#396

Merged
omkhar merged 6 commits into
mainfrom
d4/launcher-go-hostutil
Jul 5, 2026
Merged

^R D4: extract Go/Colima host-utility wrappers into scripts/lib/launcher/go-hostutil.sh#396
omkhar merged 6 commits into
mainfrom
d4/launcher-go-hostutil

Conversation

@omkhar

@omkhar omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner

D4 (modularize the launcher) — increment 3 of N. Follows #394 (host-detect) and #395 (host-exec), both merged. Extracts the Go/Colima host-utility wrappers from scripts/workcell into a sourced module.

What

  • New module scripts/lib/launcher/go-hostutil.sh: go_hostutil, run_go_hostutil_preserve_exit, go_hostutil_publish_pr, go_colimautil moved verbatim (byte-identical, md5-confirmed) from scripts/workcell (contiguous block; the following HOST_GIT_BIN assignment was correctly left in place).
  • scripts/workcell: block deleted + one source …/go-hostutil.sh line.
  • internal/metadatautil/core.go: module added to hostArtifacts (signed-manifest coverage); manifest regenerated.
  • Registered in the shell_files gates; contract section added to docs/launcher-contract.md.

HOST_GO_BIN — resolved in-module, no alert suppression

HOST_GO_BIN is now consumed only by these wrappers. Rather than leave it assigned in scripts/workcell (where its cross-source=/dev/null use is invisible to ShellCheck, forcing an SC2034 disable), its resolve_fixed_host_tool assignment moves into go-hostutil.shresolve_fixed_host_tool comes from host-exec.sh, sourced immediately before — so set and use co-locate and no suppression is needed (repo policy: refactor over suppressing alerts). Behavior-preserving: same resolution, same abort-on-missing-go.

Validation

shellcheck -x (clean, no disables), shfmt -d, bash -n scripts/workcell, go build/go test ./internal/metadatautil, manifest verify, markdownlint — all green.

🤖 Generated with Claude Code

omkhar and others added 4 commits July 5, 2026 14:52
…go-hostutil.sh (byte-identical move, shellcheck/shfmt/bash-n green and module body proven equal via diff/md5 7c6ccafdc006e9b642f40d1e0de603a2; launcher is user-visible but behavior is unchanged) (risk: touches the go_hostutil/go_colimautil primitives the launcher uses to run workcell-hostutil and workcell-colimautil on the host via go run, plus the exit-code recovery and the go_hostutil_publish_pr credential env-var allowlist, so a subtle change could weaken the runtime boundary or leak the sanitised environment; case: pure contiguous move of go_hostutil/run_go_hostutil_preserve_exit/go_hostutil_publish_pr/go_colimautil with zero logic change, dependencies ensure_go_run_env + run_clean_host_command_in_dir + ROOT_DIR/HOST_GO_BIN already sourced or assigned before the new module, first call site well after the source line; the only workcell edit beyond the deletion is a source line, the shell_files allowlist additions, and an SC2034 disable on HOST_GO_BIN whose sole use now lives in the sourced module)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…de execution impact; markdownlint green; supporting documentation for the D4 go-hostutil extraction)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…(the extracted scripts/lib/launcher/go-hostutil.sh is now sourced launcher code, but GenerateControlPlaneManifest in internal/metadatautil/core.go only listed the older host artifacts, so the new module was outside the signed/provenance-verified manifest and go-hostutil changes wouldn't be caught; add it to hostArtifacts and regenerate control-plane-manifest.json) (manifest verify + go test green; supporting the D4 go-hostutil extraction - closes the provenance gap the move opened)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…C2034 (the extracted module is HOST_GO_BIN's sole consumer, so resolving it in scripts/workcell left the var used only across a source=/dev/null boundary that ShellCheck can't see, requiring a SC2034 disable; move the resolve_fixed_host_tool assignment into go-hostutil.sh - resolve_fixed_host_tool is provided by the host-exec.sh module sourced immediately before - so set and use co-locate and the suppression is removed; regenerated the manifest for the module change) (shellcheck -x clean with no disable, behavior-preserving - same resolution, same abort-on-missing-go; supporting the go-hostutil extraction, prefers refactor over alert suppression per repo policy)
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: eaa477be0d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/workcell Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: eaa477be0d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/workcell Outdated
…the module (P1 from Codex on #396) (moving go_hostutil/run_go_hostutil_preserve_exit out of scripts/workcell violated the security ordering invariant that REAL_HOME and WORKCELL_GO_CACHE_ROOT must be established before go_hostutil is defined, and broke three repo-owned validators that pinned those functions to scripts/workcell; behavior-preserving - only the source-line position and the validators' target paths change)

Ordering invariant: the go_hostutil/go_colimautil wrappers are defined when
scripts/workcell sources scripts/lib/launcher/go-hostutil.sh, so that source
line now runs AFTER REAL_HOME="$(resolve_workcell_real_home)" and the
WORKCELL_GO_CACHE_ROOT export block (moved down from just after host-exec.sh to
immediately after the esac). host-exec.sh and go-run-env.sh stay sourced before,
so HOST_GO_BIN resolution in the module still works; nothing between the old and
new source position uses go_hostutil or HOST_GO_BIN.

Validators retargeted to follow the moved code:
- internal/testkit/security_boundary_test.go: the ordering assertion now targets
  the go-hostutil.sh source-line index (must come after REAL_HOME and
  WORKCELL_GO_CACHE_ROOT), preserving the existing presence+order checks, and
  additionally asserts go_hostutil() is defined in the module file.
- scripts/verify-invariants.sh: extract_top_level_bash_function for
  run_go_hostutil_preserve_exit and the go_hostutil-body rg checks now read
  scripts/lib/launcher/go-hostutil.sh instead of scripts/workcell.
- runtime/container/control-plane-manifest.json regenerated for the workcell
  source-line move.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

Fixed the P1. The extraction broke three validators that pin go_hostutil/run_go_hostutil_preserve_exit to scripts/workcell, and tripped the security ordering invariant. Fixes: (1) moved the source .../go-hostutil.sh line below the REAL_HOME + WORKCELL_GO_CACHE_ROOT setup so the wrappers still become defined only after the sanitized home/cache are established (invariant preserved, not weakened); (2) retargeted security_boundary_test's ordering assertion to the source-line position + added a check that go_hostutil() { is defined in the module; (3) repointed verify-invariants.sh's extract_top_level_bash_function (run_go_hostutil_preserve_exit) and the five rg body-checks from scripts/workcell to the module. Repo-wide sweep confirmed all other references are call-sites that correctly stay in workcell. go test ./internal/testkit + ./internal/metadatautil green; the pure-shell colima-timeout harness + bootstrap-Go-helper rg block re-run locally and PASS against the module.

@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8d9c244e10

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread docs/launcher-contract.md Outdated
…-hostutil extraction moved HOST_GO_BIN's resolution into scripts/lib/launcher/go-hostutil.sh, but the contract doc still described it as a global set in scripts/workcell; update the module-contract paragraph to state ROOT_DIR is set in scripts/workcell while HOST_GO_BIN is resolved by the module itself via resolve_fixed_host_tool from host-exec.sh, so the doc matches the implementation) (markdownlint green, doc-only; doc/code lockstep)
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

Fixed the P3: updated launcher-contract.md so HOST_GO_BIN is described as resolved by the go-hostutil.sh module itself (via resolve_fixed_host_tool from host-exec.sh), not set in scripts/workcell — matching the implementation. Only ROOT_DIR remains a workcell-side global for the module. markdownlint green.

@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Delightful!

Reviewed commit: 396dfb8cb3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@omkhar omkhar merged commit d8b2ede into main Jul 5, 2026
13 of 14 checks passed
@omkhar omkhar deleted the d4/launcher-go-hostutil branch July 5, 2026 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant