Skip to content

Decide provider and daemon execution model#111

Open
jmcte wants to merge 4 commits into
mainfrom
codex/issue-83-execution-model
Open

Decide provider and daemon execution model#111
jmcte wants to merge 4 commits into
mainfrom
codex/issue-83-execution-model

Conversation

@jmcte

@jmcte jmcte commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Summary

  • propose the signed on-demand CLI as the required execution model and archive owner
  • compare on-demand CLI, launchd daemon, signed per-domain helpers, and external delegation across every requested operational and security dimension
  • classify every current provider by framework, filesystem/plist, private fallback, delegation, or unsupported state
  • keep daemon mode, helpers, external substitution, and all mutations behind separate provider-specific decisions

Governing Issue

Refs #83

This issue is explicitly human-required. The PR proposes a decision but does not mark the ADR accepted or close the issue before non-author product, architecture, and security approval.

Validation

  • Relevant local checks passed

  • Required PR checks are expected to satisfy CI Gate

  • Skipped checks are explained below

  • git diff --check — passed

  • bash scripts/ci/run-fast-checks.sh — passed; 110 tests, 88.58% source coverage, mutation checks, debug and release builds

No checks skipped.

Bootstrap Governance

  • Changes are scoped to the linked issue
  • Contributor or PR guidance changes are reflected in CONTRIBUTING.md, .github/PULL_REQUEST_TEMPLATE.md, and docs/bootstrap/onboarding.md when applicable
  • PR author enabled auto-merge where GitHub allows it, or GitHub plan-limit evidence/unavailable reason is recorded and the fallback merge-readiness policy applies
  • No real secrets, runtime auth, or machine-local env files are committed

No contributor guidance changed.

Flow Contract

  • Owner lane: Pheidon architecture governance
  • Repair owner: jmcte
  • Autonomy class: human-required decision
  • Risk class: medium architecture and permission boundary

Flow Merge Readiness

  • Every blocker has a next actor and next action
  • No active blocking requested changes remain
  • Non-author approval is present when required
  • PR author enabled auto-merge where GitHub allows it, or recorded why it is unavailable/unsafe

Next actors: product, architecture, and security reviewers must accept or amend the proposed decision.

Merge Automation

  • PR author enabled auto-merge with gh pr merge --auto --squash, or the reason it is unavailable/unsafe is noted below

Auto-merge is intentionally disabled for the human-required architecture decision.

Notes

  • No daemon, helper, IPC listener, or external dependency is implemented.
  • Existing local-only and read-only defaults remain authoritative while the ADR is proposed.

Hermes-omt and others added 4 commits July 11, 2026 22:44
Expose a deterministic metadata-only provider registry through JSON and text output, covering every current Apple-data command family with maturity, source, permission, sensitivity, capability, and polling declarations. Document the v1 compatibility policy.\n\nCloses #89.
Expose a versioned external manifest derived from the provider registry, document bounded local wrapper policy, and cover it with synthetic contract tests.

Co-authored-by: Hermes <Hermes-omt@protonmail.com>
Build universal macOS DMGs with stable code identity, notarization, stapling, checksums, release evidence, and governed secrets. Reconcile v0.2 versioning, bootstrap release policy, onboarding, installation, and security decisions.
Compare CLI, daemon, helper, and delegated models across lifecycle, IPC, TCC, isolation, archives, signing, and recovery. Classify every provider and keep daemon mode and mutations outside the default boundary pending human approval.
@jmcte
jmcte marked this pull request as ready for review July 13, 2026 07:29
@jmcte
jmcte requested a review from a team as a code owner July 13, 2026 07:29
@jmcte
jmcte enabled auto-merge (squash) July 13, 2026 07:29

@Hermes-omt Hermes-omt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocked pending branch refresh: head 0fca069 is behind current main d7f88dc and GitHub reports mergeable=false, mergeable_state=dirty. Please rebase/update the PR branch, resolve conflicts, and wait for fresh CI before re-review. Exact-head local inspection and swift test passed (110 tests); public reviews and inline review comments are empty.

@athena-omt athena-omt added status:needs-review PR is ready for Athena review. review:athena Athena review governance requested. labels Jul 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

review:athena Athena review governance requested. status:needs-review PR is ready for Athena review.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants