eeymoo/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-05-19 22:11:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

harden report contract projection identity

Browse Source 
Add a runtime report schema v1 contract so downstream consumers can negotiate structured fields, verify canonical report identity, and audit projection redactions without reverse-engineering prose.\n\nConstraint: Task 2 scope was limited to report schema/projection/redaction modules/docs/tests and prohibited .omx/ultragoal mutation.\nRejected: Wiring into broader CLI report emitters | kept this slice focused on the reusable contract and deterministic fixtures.\nConfidence: high\nScope-risk: narrow\nDirective: Future report emitters should build canonical payloads through CanonicalReportV1 before projecting audience-specific views.\nTested: cargo test -p runtime report_schema -- --nocapture; cargo test -p runtime lane_events -- --nocapture; cargo check -p runtime\nNot-tested: cargo clippy -p runtime --all-targets -- -D warnings remains blocked by pre-existing non-task warnings in compact.rs, file_ops.rs, policy_engine.rs, sandbox.rs.
This commit is contained in:
bellman
2026-05-14 18:09:33 +09:00
parent f79ca989ba
commit dcf11f8190
3 changed files with 571 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rust/crates/runtime/src/lib.rs
View File

@@ -35,6 +35,7 @@ mod policy_engine;
mod prompt;
pub mod recovery_recipes;
mod remote;
mod report_schema;
pub mod sandbox;
mod session;
pub mod session_control;
@@ -150,6 +151,13 @@ pub use remote::{
RemoteSessionContext, UpstreamProxyBootstrap, UpstreamProxyState, DEFAULT_REMOTE_BASE_URL,
DEFAULT_SESSION_TOKEN_PATH, DEFAULT_SYSTEM_CA_BUNDLE, NO_PROXY_HOSTS, UPSTREAM_PROXY_ENV_KEYS,
};
pub use report_schema::{
canonicalize_report, project_report, report_content_hash, report_schema_v1_registry,
CanonicalReportV1, ClaimKind, ConsumerCapabilities, FieldDelta, FieldDeltaState,
NegativeEvidence, NegativeFindingStatus, ProjectionProvenance, RedactionProvenance,
ReportClaim, ReportConfidence, ReportIdentity, ReportProjectionV1, ReportSchemaField,
ReportSchemaRegistry, SensitivityClass, DEFAULT_PROJECTION_POLICY_V1, REPORT_SCHEMA_V1,
};
pub use sandbox::{
build_linux_sandbox_command, detect_container_environment, detect_container_environment_from,
resolve_sandbox_status, resolve_sandbox_status_for_request, ContainerEnvironment,