@agfpd/iapeer 0.2.29 → 0.2.30

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agfpd/iapeer",
-  "version": "0.2.29",
+  "version": "0.2.30",
   "description": "Foundation core for the iapeer multi-agent ecosystem: identity, registry, storage, codec.",
   "type": "module",
   "bin": {

package/src/cli/index.ts

@@ -280,6 +280,10 @@ export interface RemoveOutcome {
   /** v1.2: per-runtime unprovision outcomes (`<rt>:<state>`), present when the
    *  slot declares an unprovision command (occasion=remove ran before the purge). */
   unprovision?: string[]
+  /** Codex pre-trust cleanup outcome: 'removed' when the peer's cwd trust entry
+   *  was dropped from the host codex config; a failure detail otherwise. Absent
+   *  for non-codex peers and when no entry existed. */
+  codexTrust?: string
   /** Identity-keyed lifecycle artifacts purged with the record (state/lifecycle/
    *  `<identity>.*` per runtime). Without this purge a NEWBORN peer reusing the
    *  personality inherits the dead namesake's parking (live defect, boris 10.06:
@@ -355,6 +359,21 @@ export async function removePeerCli(
   } catch (e) {
     unprovisionOutcomes.push(`failed: ${e instanceof Error ? e.message : String(e)}`)
   }
+  // Codex pre-trust cleanup (reap-side counterpart of the birth-time
+  // preTrustCodexCwd; backlog made live by D4 11.06): a removed codex peer must
+  // not leave its cwd trusted in the host ~/.codex/config.toml forever. After
+  // unprovision (the provider sees the peer's last consistent state first),
+  // best-effort like everything else on this path.
+  let trustCleaned: string | undefined
+  if (peer.runtimes.includes('codex')) {
+    try {
+      const { removeCodexCwdTrust } = await import('../launch/nativeMemory.ts')
+      const t = removeCodexCwdTrust(peer.cwd, env)
+      trustCleaned = t.state === 'written' ? 'removed' : t.state === 'already' ? undefined : `${t.state}${t.detail ? ` (${t.detail})` : ''}`
+    } catch (e) {
+      trustCleaned = `failed (${e instanceof Error ? e.message : String(e)})`
+    }
+  }
   // Purge identity-keyed lifecycle state WITH the record (per runtime): stale
   // .stopped/.idle-reaped/... must never outlive the peer and ambush a future
   // namesake (purgeIdentityState doc). After the registry write, so a failed
@@ -367,6 +386,7 @@ export async function removePeerCli(
     cwd: peer.cwd,
     purgedState,
     ...(unprovisionOutcomes.length ? { unprovision: unprovisionOutcomes } : {}),
+    ...(trustCleaned ? { codexTrust: trustCleaned } : {}),
   }
 }
 
@@ -826,6 +846,10 @@ export async function runCli(argv: string[], env: NodeJS.ProcessEnv = process.en
           if (o.unprovision?.length) {
             out(`memory unprovision: ${o.unprovision.join(', ')}\n`)
           }
+          // Codex pre-trust cleanup — the cwd's trust entry must die with the peer.
+          if (o.codexTrust) {
+            out(`codex trust entry: ${o.codexTrust}\n`)
+          }
           // Stale identity-keyed markers must die with the record (boris 10.06: a
           // namesake newborn inherited a dead peer's .stopped → refused to wake).
           if (o.purgedState?.length) {

package/src/launch/nativeMemory.test.ts

@@ -13,6 +13,7 @@ import {
   codexProjectConfigPath,
   codexGlobalConfigPath,
   preTrustCodexCwd,
+  removeCodexCwdTrust,
 } from './nativeMemory.ts'
 
 const dirs: string[] = []
@@ -127,6 +128,13 @@ describe('applyNativeMemory runtime dispatch', () => {
 })
 
 describe('preTrustCodexCwd (birth-time trust, codex global config)', () => {
+  test('codexGlobalConfigPath honors $CODEX_HOME first (same override set as init codexConfigPath — sandbox seam, live-caught by D4 11.06)', () => {
+    expect(codexGlobalConfigPath({ CODEX_HOME: '/sandbox/codex', HOME: '/real/home' } as NodeJS.ProcessEnv)).toBe(
+      '/sandbox/codex/config.toml',
+    )
+    expect(codexGlobalConfigPath({ HOME: '/real/home' } as NodeJS.ProcessEnv)).toBe('/real/home/.codex/config.toml')
+  })
+
   test('appends a [projects] block once; NO-CLOBBER of existing content; idempotent', () => {
     const home = mkTmp()
     const env = { HOME: home } as NodeJS.ProcessEnv
@@ -141,6 +149,41 @@ describe('preTrustCodexCwd (birth-time trust, codex global config)', () => {
     expect(preTrustCodexCwd('/peers/newborn', env).state).toBe('already')
   })
 
+  test('removeCodexCwdTrust: drops EXACTLY the peer cwd section (header+body), keeps neighbors; idempotent; handles deleted cwd via literal match', () => {
+    const home = mkTmp()
+    const env = { HOME: home } as NodeJS.ProcessEnv
+    mkdirSync(join(home, '.codex'), { recursive: true })
+    const cfg =
+      '[mcp_servers.iapeer]\nurl = "http://x"\n\n' +
+      '[projects."/keep/me"]\ntrust_level = "trusted"\n\n' +
+      '[projects."/peers/doomed"]\ntrust_level = "trusted"\n\n' +
+      '[features]\nmemories = false\n'
+    writeFileSync(codexGlobalConfigPath(env), cfg)
+    // cwd "/peers/doomed" does not exist on disk → realpath fails → literal match
+    const first = removeCodexCwdTrust('/peers/doomed', env)
+    expect(first.state).toBe('written')
+    const text = readFileSync(codexGlobalConfigPath(env), 'utf8')
+    expect(text).not.toContain('/peers/doomed')
+    expect(text).toContain('[projects."/keep/me"]\ntrust_level = "trusted"') // neighbor intact
+    expect(text).toContain('[mcp_servers.iapeer]') // foreign sections intact
+    expect(text).toContain('[features]\nmemories = false')
+    expect(removeCodexCwdTrust('/peers/doomed', env).state).toBe('already') // idempotent
+    expect(removeCodexCwdTrust('/never/was', env).state).toBe('already') // absent entry → no-op
+  })
+
+  test('removeCodexCwdTrust matches the RESOLVED path of a live symlinked cwd (writer stores realpath)', () => {
+    const home = mkTmp()
+    const env = { HOME: home } as NodeJS.ProcessEnv
+    mkdirSync(join(home, '.codex'), { recursive: true })
+    const cwd = mkTmp() // /var/folders/... on macOS — realpath differs from literal /tmp form
+    // write the entry the way preTrustCodexCwd does (by realpath)
+    preTrustCodexCwd(cwd, env)
+    expect(readFileSync(codexGlobalConfigPath(env), 'utf8')).toContain('[projects."')
+    // remove by the LITERAL cwd — must hit the resolved-form entry
+    expect(removeCodexCwdTrust(cwd, env).state).toBe('written')
+    expect(readFileSync(codexGlobalConfigPath(env), 'utf8')).not.toContain('trust_level')
+  })
+
   test('absent global config → created with just the block', () => {
     const home = mkTmp()
     const env = { HOME: home } as NodeJS.ProcessEnv

package/src/launch/nativeMemory.ts

@@ -127,8 +127,14 @@ function applyCodexLever(cwd: string, state: NativeMemoryState): LeverOutcome {
 // ─── codex trust (birth-time only) ───────────────────────────────────────────
 
 /** The codex GLOBAL config (`~/.codex/config.toml`) — where trust lives as
- *  `[projects."<path>"] trust_level = "trusted"` blocks. */
+ *  `[projects."<path>"] trust_level = "trusted"` blocks. Honors $CODEX_HOME
+ *  first, SAME as init's codexConfigPath — the two writers of this shared prod
+ *  file must respect one override set, or a sandbox isolating one path still
+ *  leaks through the other (live-caught by iapeer-memory's D4 11.06: an
+ *  IAPEER_ROOT sandbox pre-trusted a throwaway cwd into the PROD config). */
 export function codexGlobalConfigPath(env: NodeJS.ProcessEnv = process.env): string {
+  const codexHome = env.CODEX_HOME?.trim()
+  if (codexHome) return join(codexHome, 'config.toml')
   const home = env.HOME?.trim() || homedir()
   return join(home, '.codex', 'config.toml')
 }
@@ -166,6 +172,52 @@ export function preTrustCodexCwd(cwd: string, env: NodeJS.ProcessEnv = process.e
   }
 }
 
+/**
+ * Remove a peer's pre-trust entry from the codex GLOBAL config — the reap-side
+ * counterpart of preTrustCodexCwd (backlog «remove не чистит pre-trust», made
+ * live by iapeer-memory's D4 11.06: every sandboxed/throwaway codex birth left
+ * a stale `[projects."<cwd>"]` block in the PROD config forever). Removes the
+ * section for BOTH the resolved and the literal path form (the writer stores
+ * realpath, but a since-deleted cwd cannot be resolved anymore — match either),
+ * strictly section-scoped: from the `[projects."<p>"]` header up to the next
+ * `[` header, other sections untouched. Idempotent: no entry → 'already'.
+ */
+export function removeCodexCwdTrust(cwd: string, env: NodeJS.ProcessEnv = process.env): LeverOutcome {
+  const path = codexGlobalConfigPath(env)
+  try {
+    if (!existsSync(path)) return { runtime: 'codex', path, state: 'already' }
+    let real = cwd
+    try {
+      real = realpathSync(cwd)
+    } catch {
+      /* cwd already deleted → only the literal form can match */
+    }
+    const candidates = new Set([real, cwd])
+    const lines = readFileSync(path, 'utf8').split('\n')
+    const kept: string[] = []
+    let inDoomed = false
+    let removed = false
+    for (const line of lines) {
+      const header = line.match(/^\s*\[projects\."(.+)"\]\s*$/)
+      if (header) {
+        inDoomed = candidates.has(header[1]!)
+        if (inDoomed) {
+          removed = true
+          continue
+        }
+      } else if (inDoomed && /^\s*\[/.test(line)) {
+        inDoomed = false // next section starts — stop dropping
+      }
+      if (!inDoomed) kept.push(line)
+    }
+    if (!removed) return { runtime: 'codex', path, state: 'already' }
+    writeFileAtomic(path, kept.join('\n').replace(/\n{3,}/g, '\n\n'))
+    return { runtime: 'codex', path, state: 'written' }
+  } catch (e) {
+    return { runtime: 'codex', path, state: 'failed', detail: e instanceof Error ? e.message : String(e) }
+  }
+}
+
 // ─── public entry ────────────────────────────────────────────────────────────
 
 /**