docs + refactor: fix audit inconsistencies, decouple product from research packages#26
Conversation
The effect model makes crash-safe side effects a runtime primitive. IntentState machine: Recorded → InFlight → Confirmed, with the "resume rule" (InFlight → Unresolved on Unmarshal) for safe crash recovery. Treasury sentinel agent demonstrates the pattern end-to-end. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix tick timeout 100ms → 15s across 4 files (matches config.TickTimeout) - Fix igord resume CLI syntax (positional → --checkpoint/--wasm flags) - Add HTTP hostcall documentation to HOSTCALL_ABI.md - Fix IMPLEMENTATION_STATUS.md: flag attribution (igord-lab not igord), add HTTP/effects/pricewatcher/sentinel entries, fix stale claims - Update ROADMAP.md Phase 2 with completed items and current status - Fix stale phase references and lease version (v0x03 → v0x04) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7a85fbc14d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
agents/sentinel/main.go
Outdated
| igor.Logf("[sentinel] Intent RECORDED: refill $%d.%02d (key=%x...)", | ||
| refillAmount/100, refillAmount%100, key[:4]) | ||
| igor.Logf("[sentinel] Waiting for checkpoint before execution...") | ||
| return true // request fast tick so we proceed quickly |
There was a problem hiding this comment.
recordRefillIntent asks for a fast follow-up tick (return true), but in cmd/igord/main.go the fast interval is 10ms while checkpoints are only persisted every 5s; this means executeRefill will usually run before any checkpoint captures the newly Recorded intent. If the process crashes during that execution window, resume can roll back to a checkpoint that never contained the intent, so the transfer cannot become Unresolved and may be retried/omitted incorrectly.
Useful? React with 👍 / 👎.
| state := IntentState(d.data[d.pos]) | ||
| d.pos++ |
There was a problem hiding this comment.
EffectLog.Unmarshal reads d.data[d.pos] directly without checking bounds, so a truncated effect-log payload with count > 0 but no remaining state byte will panic with an index-out-of-range during resume. This bypasses the decoder's normal short-read error path and can crash recovery instead of failing gracefully.
Useful? React with 👍 / 👎.
Break the transitive dependency chain that pulled authority and config packages into the product igord binary: - Extract DefaultTickTimeout (15s) into internal/agent, replacing config.TickTimeout usage in the product path - Define EpochData struct in internal/agent to replace authority.Epoch in checkpoint headers; Instance.Lease becomes `any` with LeaseInfo interface for checkpoint building - Extract duplicated loadOrGenerateIdentity into pkg/identity/loader.go with a minimal Store interface - Move research agents (example, reconciliation) under agents/research/ - Move cmd/demo-reconciliation into agents/research/reconciliation/cmd/demo/ - Update Makefile, CLAUDE.md, and all doc references for new paths Verified: `go list -deps ./cmd/igord/ | grep -E 'authority|config'` returns nothing — product binary is fully decoupled. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
simonovic86
changed the title
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…al bounds check - Sentinel: return false (standard 1s tick) after recording a refill intent so the runtime persists a checkpoint before executeRefill runs. Previously returned true (10ms fast tick), risking intent loss on crash. - EffectLog.Unmarshal: add bounds check before reading state byte to prevent panic on truncated effect-log payloads during resume. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 participant
Summary
Documentation fixes
Refactoring: decouple product from research packages
igordno longer pulls inauthorityorconfigpackagesDefaultTickTimeoutintointernal/agent,EpochDatastruct replacesauthority.Epochin checkpoint headers,Instance.LeasebecomesanywithLeaseInfointerfaceloadOrGenerateIdentityintopkg/identity/loader.goexample,reconciliation) underagents/research/; relocatecmd/demo-reconciliationintoagents/research/reconciliation/cmd/demo/Test plan
go build ./...— clean compilationgo test ./...— all 28 packages passgo list -deps ./cmd/igord/ | grep -E 'authority|config'— returns nothing🤖 Generated with Claude Code