Skip to content

feat: aegis workflow prereqs (constitution + swe role)#23

Merged
electronicBlacksmith merged 8 commits intomainfrom
feat/aegis-workflow-prereqs
Apr 12, 2026
Merged

feat: aegis workflow prereqs (constitution + swe role)#23
electronicBlacksmith merged 8 commits intomainfrom
feat/aegis-workflow-prereqs

Conversation

@electronicBlacksmith
Copy link
Copy Markdown
Owner

@electronicBlacksmith electronicBlacksmith commented Apr 12, 2026

Summary

  • Add principle 9 (workflow compliance) to phantom-config/constitution.md
  • Inject constitution.md as a top-level prompt section after security boundaries (Layer 1)
  • Remove duplicate constitution injection from buildEvolvedSections (was reading the same file twice)
  • Add workflow_spec field to role config schema (z.string().default(""))
  • Write the full AEGIS GitHub workflow spec into the SWE role template (Layer 2)
  • Wire configDir through AgentRuntime so constitution injection uses the correct path with non-default config directories

Why

Layers 1 and 2 of the AEGIS four-layer enforcement wall live in the Phantom repo. Phantom can't deliver code to AEGIS under the strict workflow until it carries those rules in its system prompt every session. Design doc: docs/plans/2026-04-11-aegis-github-workflow-design.md.

What changed

  • phantom-config/constitution.md - principle 9 added
  • src/agent/prompt-assembler.ts - configDir param, buildConstitution() helper, removed evolved duplicate
  • src/agent/runtime.ts - setConfigDir() method, passes configDir to assemblePrompt
  • src/index.ts - wires evolution config_dir to runtime
  • src/roles/types.ts - workflow_spec field on RoleConfigSchema
  • src/roles/loader.ts - buildSystemPromptSection appends # Workflow heading
  • config/roles/swe.yaml - full AEGIS workflow spec (cardinal git rules, branch model, label taxonomy, hard limits, sensitive paths, promotion model, hotfix path, issues workflow)
  • .gitignore - ignore docs/plans/

Test plan

  • bun test - 1067 tests pass (5 new tests added)
  • bun run lint - clean
  • bun run typecheck - clean
  • End-to-end test: real SWE role through assembler confirms constitution + workflow spec present and correctly ordered
  • Dual independent review for bugs/regressions - no issues found

@electronicBlacksmith
feat(constitution): add principle 9 (workflow compliance)
318464e
@electronicBlacksmith
feat(prompt-assembler): inject constitution.md as a top-level prompt …
bc82054 
…section
@electronicBlacksmith
fix(prompt-assembler): remove duplicate constitution from buildEvolve…
23416c2 
…dSections

buildEvolvedSections() was emitting a # Constitution heading from
evolved.constitution, which reads the same phantom-config/constitution.md
file. Now that buildConstitution() handles injection unconditionally,
the evolved path would duplicate the content. Removed to avoid double
injection and wasted context tokens.
@electronicBlacksmith
feat(roles): add workflow_spec field to role config schema
f22f822
@electronicBlacksmith
feat(roles): add AEGIS GitHub workflow spec to swe role
9b0c5d9
@electronicBlacksmith
test(prompt-assembler): end-to-end coverage for SWE role + constituti…
641f74b 
…on wiring
@electronicBlacksmith
fix(prompt-assembler): wire configDir through runtime and tighten tes…
eb749a0 
…t assertion

Pass evolution config_dir through AgentRuntime to assemblePrompt so
constitution injection uses the correct path even with non-default
config directories. Strengthen the "omits when missing" test to
assert on the heading itself rather than a specific content substring.
@electronicBlacksmith
chore: gitignore docs/plans directory
fbf4d13
@electronicBlacksmith electronicBlacksmith merged commit 859ca3f into main Apr 12, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@electronicBlacksmith