-
Notifications
You must be signed in to change notification settings - Fork 0
release: v1.4.0 (Loop Guard + Governance Foundation) #28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| # dorian v1.4.0 — Governance Foundation | ||
|
|
||
| A feature release: the deterministic spine of a **governance layer** for long-running AI coding loops — | ||
| a human-authored goal record, a path-derived coverage check, a host-mappable preflight **gate**, and | ||
| one concrete **Claude Code governance adapter** — plus the **Dorian Loop Guard** steering layer. | ||
| **No breaking changes** — purely additive. The warrant format, checker grammar, exit codes, fold | ||
| policy, and security posture are unchanged; the core stays zero-dependency; and **no model is added to | ||
| the verification path** (a build-time import firewall now proves it). | ||
|
|
||
| ## Summary | ||
|
|
||
| dorian is growing from *"deterministically verify AI claims about code"* into a **deterministic | ||
| governance kernel** for agentic engineering. The guiding thesis: *dorian does not train agents to be | ||
| good — it makes bad actions non-continuable, non-mergeable, or human-reviewable.* "Crime" means an | ||
| observable contract violation; "punishment" means a mechanical loss of affordance (a blocked tool | ||
| call, a forced repair, a failed gate, a revoked warrant, a human escalation). dorian is the court; | ||
| host adapters and CI/branch-protection are the enforcement. | ||
|
|
||
| ## What shipped | ||
|
|
||
| ### Dorian Loop Guard (`dorian loop`) | ||
| - **`dorian loop preflight`** — re-checks the claim warrants a change touched and emits a | ||
| **CONTINUE / REPAIR / ESCALATE** decision packet (`--format json|md|text|prompt`). A pure function | ||
| of the `revalidate` result, `--policy` (`cautious|assist|unattended`), the repair-attempt cap, and | ||
| the `--scope`/`--deny-path` lane. Exits **0** by default; `--fail-on repair|escalate` opts into a | ||
| hard exit-4 gate. | ||
| - **`dorian loop prompt`** renders the packet as a next-iteration instruction. | ||
| - **`dorian loop install`** scaffolds the `/dorian-loop-guard` Claude Code skill (+ example | ||
| `LOOP.md`/`STATE.md`, `--with-action`). | ||
|
|
||
| ### Governance foundation | ||
| - **`dorian goal add` / `show` / `check`** — a **human-authored goal record** (`.dorian/goals/<id>.goal.json`, | ||
| `schema_version: 1`) plus a deterministic, **path-derived coverage diff** (`goals.coverage_diff` → | ||
| `{covered, uncovered}` over git-changed, in-scope paths vs. warranted paths). `goal check | ||
| --fail-on-uncovered` exits **4**. The goal's `statement` is **human context only** — never fed to a | ||
| model, never used to decide a verdict or "completion". | ||
| - **`dorian gate`** — a host-mappable preflight body: reads a tool-call JSON on stdin, runs the same | ||
| pure loop preflight, and prints the `continue`/`repair`/`escalate` packet. Emits only contract codes | ||
| (`0`/`4`, plus `2` for malformed stdin); **never** uses exit 2 as a veto, reads a clock, or reads a | ||
| nonce. | ||
| - **Claude Code governance adapter** via **`dorian governance install`** — one concrete adapter: a | ||
| `SubagentStop` hook that shells `dorian gate` and writes an ephemeral | ||
| `.dorian/local/last-decision.json`, and a **fail-closed** `PreToolUse` veto (the exit-2 tool-block | ||
| lives in the host hook; fails closed under `unattended`/`godmode`, fails open when attended; | ||
| `FRESH_SECONDS = 900`), plus a settings example and bundle docs. | ||
| - **Safe sidecar writer** (`src/dorian/sidecars.py`) — atomic (temp + `os.replace`), deterministic | ||
| (sorted-key JSON), path-safe (`ensure_within`). | ||
| - **Deterministic core import firewall** (`tests/test_firewall_import_closure.py`) — an AST | ||
| import-closure guard proving no model/network import sits on the verdict path (covers the new | ||
| `sidecars`, `goals`, `governance` modules). | ||
| - **Release hardening** — functional PreToolUse-veto subprocess tests (identity mismatch, godmode, | ||
| freshness boundary, empty-path escalate, malformed-stdin open/closed) and an installed-wheel | ||
| `dorian governance install` scaffold test. | ||
| - **Docs** — [`GOVERNANCE_DATA_MODEL.md`](../GOVERNANCE_DATA_MODEL.md), | ||
| [`DORIAN_PANE.md`](../DORIAN_PANE.md) (pane vision — deferred), [`DORIAN_LOOP_GUARD.md`](../DORIAN_LOOP_GUARD.md), | ||
| and gate/C4-flakiness notes in [`SECURITY_BOUNDARY.md`](../SECURITY_BOUNDARY.md) / | ||
| [`VALIDATION_HONESTY.md`](../VALIDATION_HONESTY.md). | ||
|
|
||
| ## Deterministic boundary (unchanged invariants) | ||
|
|
||
| No model on the verdict path (firewall-enforced); the core stays **zero-dependency**; the exit-code | ||
| contract, warrant schema, checker grammar, and fold policy are all **unchanged**. Every governance | ||
| detector is a pure function of observable artifacts (git diffs, paths, scope/deny globs, warrants, | ||
| `revalidate`/fold results, coverage diff, decision packets). | ||
|
|
||
| ## Adapter boundary | ||
|
|
||
| `dorian gate` / core emit only `0`/`4`. The **exit-2 tool-block veto lives only in the Claude Code | ||
| `PreToolUse` host hook**; wall-clock and nonce are stamped only by the `SubagentStop` hook into | ||
| `.dorian/local/last-decision.json`. The adapter is **one concrete Claude Code adapter** — no generic | ||
| provider abstraction is introduced. | ||
|
|
||
| ## Validation | ||
|
|
||
| - Full `uv run pytest` (incl. slow) green on CI across Python 3.11 / 3.12 / 3.13; `ruff check` and | ||
| `ruff format --check` clean. | ||
| - New tests cover the sidecar writer, the goal record + coverage diff, `dorian gate` (0/4, 2 only on | ||
| malformed), the firewall, and — as a real `pip install` path — a built wheel installed into a clean | ||
| venv that scaffolds the governance adapter and carries the exit-2 fail-closed veto. | ||
| - Landed via three merged PRs (#25 Loop Guard, #26 Governance Foundation, #27 hardening), each rebased | ||
| clean and CI-green before merge. | ||
|
|
||
| ## Deferred / cut (not in v1.4) | ||
|
|
||
| - Claim **provenance** sidecars → **v1.5** (only if a deterministic consumer appears). | ||
| - **Effort presets** → **cut from core** (the binding-floor/breadth mapping lives in adapter docs). | ||
| - The **pane / TUI** → **deferred** (see Claude Design boundary below). | ||
| - A **generic provider abstraction** → **deferred** until a second concrete adapter exists. | ||
| - An authoritative ledger / hash-chain / off-repo signing → deferred (only meaningful with an external | ||
| trust root). | ||
|
|
||
| ## Upgrade notes | ||
|
|
||
| Purely additive; **no migration required.** New subcommands are inert unless invoked; new sidecars are | ||
| written only by the new commands. Existing warrants, `verify`/`revalidate`, and the claim-warrants | ||
| integration are untouched. To adopt governance in a repo: `dorian governance install`, then merge the | ||
| `.claude/settings.dorian-governance.example.json` hooks into `.claude/settings.json`. Removing the | ||
| feature = delete `.claude/hooks/dorian_*.py` and the settings entries; the core is unaffected. | ||
|
|
||
| ## Security & honesty notes | ||
|
|
||
| - **Not a sandbox.** C4 (`pytest:`) / C5 (`shell:`) checkers execute code; governance is policy and | ||
| steering, not isolation. | ||
| - **Host hooks enforce, but a repo-controlling actor can disable them.** The `PreToolUse` veto is a | ||
| Claude Code host hook — an agent that controls the repository can delete it, edit | ||
| `.claude/settings.json`, or rewrite its own goals/warrants. dorian's real strength is transparency | ||
| and auditability, not containment. | ||
| - **CI / GitHub branch protection is the real merge boundary.** Governance repos should branch-protect | ||
| `.dorian/` and `.claude/` and require the `dorian gate` status check. (Branch protection is not a | ||
| hard gate against administrators — human/admin bypass is a live surface to log.) | ||
| - **`.dorian/local/` is ephemeral and gitignored** — a transient steering signal, never an | ||
| authoritative ledger, and never read back into a verdict. | ||
| - **Coverage is a structural floor**, not a judgment of correctness; goal completion is **not** | ||
| model-evaluated. Weak binding or weak checker strength means low confidence, **not** a false claim. | ||
|
|
||
| ## Claude Design boundary | ||
|
|
||
| The **pane / TUI / brand** are **deferred**. `docs/DORIAN_PANE.md` is a future-facing vision and data | ||
| contract, **not** an implementation — no UI/TUI code ships in this release. **Claude Design owns the | ||
| final TUI/pane/brand design** (layout, typography, color, interaction, README polish, banner, logo); | ||
| dorian/Opus owns the deterministic data contracts and governance invariants. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Escape the raw pipes in the benchmark table.
The
|separators indorian loop preflight|prompt|installbreak this Markdown table and trigger the lint warning. Rewrite that fragment or move the release-history narrative out of the table.Suggested fix
📝 Committable suggestion
🧰 Tools
🪛 LanguageTool
[grammar] ~15-~15: Ensure spelling is correct
Context: ...fix. The 1.0.1 changes (C4 leading-dash nodeid rejection, C5 reconcile per-query timeo...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🪛 markdownlint-cli2 (0.22.1)
[warning] 15-15: Table column count
Expected: 2; Actual: 4; Too many cells, extra data will be missing
(MD056, table-column-count)
🤖 Prompt for AI Agents
Source: Linters/SAST tools