@jaguilar87/gaia 5.0.7 → 5.0.9

package/hooks/elicitation_result.py

@@ -82,93 +82,38 @@ def _activate_grants(session_id: str, response: str = "") -> None:
     """Activate approval grants for this session.
 
     When *response* contains a ``[P-<nonce>]`` tag (nonce-labeled approval),
-    only the specific grant identified by that nonce is activated.  When no
-    nonce is present (legacy approvals that predate nonce labeling) the
-    function falls back to session-wide activation for backward compatibility.
-
-    Since M2, REQUESTED writes go to DB only (no filesystem pending file).
-    When ``load_pending_by_nonce_prefix()`` returns None (filesystem miss),
-    ``activate_db_pending_by_prefix()`` is tried as a DB fallback.  This
-    bridges the M2 partial migration: REQUESTED in DB, SHOWN+APPROVED written
-    to DB, filesystem grant created for ``check_approval_grant()`` to find.
+    only the specific grant identified by that nonce is activated.
+
+    DB-only since the grant-lifecycle FS retirement: REQUESTED writes go to
+    the DB (insert_requested), so activation resolves the pending by nonce
+    prefix straight from the DB via ``activate_db_pending_by_prefix()``.  No
+    filesystem pending file is ever written, so there is no filesystem path
+    to consult and no session-wide filesystem sweep to fall back to.
     """
     from modules.security.approval_grants import (
-        activate_grants_for_session,
-        activate_pending_approval,
-        activate_cross_session_pending,
         activate_db_pending_by_prefix,
         extract_nonce_from_label,
-        load_pending_by_nonce_prefix,
-        get_pending_approvals_for_session,
     )
 
-    # Try nonce-targeted activation first
     nonce_prefix = extract_nonce_from_label(response) if response else None
-    if nonce_prefix:
+    if not nonce_prefix:
         logger.info(
-            "ElicitationResult: nonce prefix found in response: %s", nonce_prefix,
+            "ElicitationResult: no nonce prefix in response -- nothing to activate",
         )
-        pending_data = load_pending_by_nonce_prefix(nonce_prefix)
-        if pending_data:
-            full_nonce = pending_data.get("nonce", "")
-            pending_session = pending_data.get("session_id", "")
-            if pending_session == session_id:
-                # Same session -- standard targeted activation
-                result = activate_pending_approval(
-                    nonce=full_nonce, session_id=session_id,
-                )
-            else:
-                # Cross-session pending -- approval came from a prior session
-                result = activate_cross_session_pending(
-                    pending_data, session_id=session_id,
-                )
-            logger.info(
-                "ElicitationResult nonce-targeted activation: "
-                "nonce=%s success=%s status=%s",
-                full_nonce[:12] if full_nonce else nonce_prefix,
-                result.success,
-                result.status,
-            )
-            return
-        else:
-            # Filesystem pending not found -- try DB lookup (M2 bridge).
-            # Since M2, REQUESTED writes go to DB only; no pending-{nonce}.json
-            # is written to the filesystem any more.
-            logger.info(
-                "ElicitationResult: nonce prefix %s not found in pending files, "
-                "trying DB lookup (M2 bridge)",
-                nonce_prefix,
-            )
-            result = activate_db_pending_by_prefix(
-                nonce_prefix, current_session_id=session_id,
-            )
-            if result.success:
-                logger.info(
-                    "ElicitationResult DB-bridge activation: prefix=%s status=%s",
-                    nonce_prefix,
-                    getattr(result.status, "value", str(result.status)),
-                )
-                return
-            else:
-                logger.warning(
-                    "ElicitationResult DB-bridge activation failed: "
-                    "prefix=%s status=%s reason=%s -- falling back to session-wide",
-                    nonce_prefix,
-                    getattr(result.status, "value", str(result.status)),
-                    result.reason,
-                )
-
-    # Fallback: session-wide activation (backward compat for unlabeled approvals)
-    pending = get_pending_approvals_for_session(session_id)
-    if not pending:
-        logger.info("No pending approvals to activate for session %s", session_id)
         return
 
-    results = activate_grants_for_session(session_id)
-    activated = sum(1 for r in results if r.success)
     logger.info(
-        "ElicitationResult activated %d/%d pending approvals for session %s",
-        activated, len(results), session_id,
+        "ElicitationResult: nonce prefix found in response: %s", nonce_prefix,
+    )
+    result = activate_db_pending_by_prefix(
+        nonce_prefix, current_session_id=session_id,
+    )
+    logger.info(
+        "ElicitationResult DB activation: prefix=%s success=%s status=%s reason=%s",
+        nonce_prefix,
+        result.success,
+        getattr(result.status, "value", str(result.status)),
+        result.reason,
     )
 
 

package/hooks/modules/agents/handoff_persister.py

@@ -170,19 +170,30 @@ def _intake_command_set_pending(
     }
 
     try:
-        from gaia.approvals.store import insert_requested
+        from gaia.approvals.store import derive_command_set_id, insert_requested
     except ImportError:
         import pathlib as _pl
         import sys as _sys
 
         _repo_root = _pl.Path(__file__).resolve().parent.parent.parent.parent
         _sys.path.insert(0, str(_repo_root))
-        from gaia.approvals.store import insert_requested
+        from gaia.approvals.store import derive_command_set_id, insert_requested
+
+    # Derive the PUBLIC approval_id deterministically from the post-filter
+    # mutative command strings. Because the id is content-derived (not uuid4),
+    # the orchestrator reproduces the SAME id from the command_set it reads in
+    # the contract via `gaia approvals derive-id` -- no DB search, no
+    # cross-session miss. The list passed here is the SAME list the CLI helper
+    # derives over (post-mutative-filter), so both sides agree.
+    derived_id = derive_command_set_id(
+        [it["command"] for it in command_set_items]
+    )
 
     approval_id = insert_requested(
         sealed_payload,
         agent_id=agent_id,
         session_id=session_id or None,
+        approval_id=derived_id,
     )
     logger.info(
         "INTAKE: plan-first COMMAND_SET pending created approval_id=%s items=%d",

package/hooks/modules/context/context_injector.py

@@ -450,17 +450,33 @@ def build_project_context(
         if critical_summary:
             context_string += critical_summary
 
-        # Inject recent operational events (non-blocking)
+        # Inject recent operational events (non-blocking).
+        # Brief 54 / Task 2.2: read from the harness_events DB table via
+        # gaia.store.reader.cross_surface_query instead of the legacy
+        # events.jsonl reader. The reader returns rows shaped as
+        # {surface, timestamp, type, agent, summary, raw} -- NOT the old
+        # {ts, type, agent, result} JSONL shape -- so the formatting loop
+        # below is remapped to those keys (audit Risk 4: without the remap
+        # the "Recent Events" block silently goes blank).
         try:
-            from ..events.event_writer import read_events
-            recent = read_events(hours=24, limit=20)
+            import sys as _sys
+            from pathlib import Path as _Path
+            try:
+                from gaia.store import reader as _reader
+            except ImportError:
+                _repo_root = _Path(__file__).resolve().parents[3]
+                _sys.path.insert(0, str(_repo_root))
+                from gaia.store import reader as _reader
+            recent = _reader.cross_surface_query(
+                surface="harness_events", since="24h", last=20,
+            )
             if recent:
                 lines = ["\n# Recent Events (last 24h)"]
                 for evt in recent:
-                    ts_short = evt.get("ts", "")[:16]
-                    etype = evt.get("type", "")
-                    agent_name = evt.get("agent", "")
-                    result_str = evt.get("result", "")
+                    ts_short = (evt.get("timestamp") or "")[:16]
+                    etype = evt.get("type") or ""
+                    agent_name = evt.get("agent") or ""
+                    result_str = evt.get("summary") or ""
                     label = f"{agent_name}: " if agent_name else ""
                     lines.append(f"- [{ts_short}] {etype}: {label}{result_str}")
                 context_string += "\n".join(lines) + "\n"

package/hooks/modules/events/event_writer.py

@@ -1,16 +1,27 @@
-"""Event writer and reader for the GAIA Event Context system.
+"""Event writer for the GAIA Event Context system.
+
+As of Brief 54 / Task 2.2 the event pipeline writes to the ``harness_events``
+table in the Gaia SQLite substrate (``~/.gaia/gaia.db``) instead of the legacy
+``events.jsonl`` file. This is an ATOMIC cutover: ``write_event`` no longer
+touches ``events.jsonl`` in any code path -- there is NO dual-write.
 
 Provides:
-    - EventWriter: append-only JSONL writer with file locking
-    - read_events(): read events from last N hours with optional filtering
-    - cleanup_old_events(): remove events older than N days
+    - EventWriter: non-blocking, silent-on-failure DB event writer
+    - read_events(): legacy JSONL reader (read-only; retained until Task 2.3
+      removes events.jsonl entirely -- no longer the canonical read path)
     - Event type constants
+
+The DB write delegates to ``gaia.store.writer.write_harness_event``, which
+resolves the DB path the same way every other gaia DB writer does (via
+``gaia.paths.db_path()`` -> ``GAIA_DATA_DIR`` / ``gaia.db``, falling back to
+``~/.gaia/gaia.db``). The hook subprocess imports the ``gaia`` package via the
+repo-root fallback already established by handoff_persister.
 """
 
-import fcntl
 import json
 import logging
 import os
+import sys
 from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from typing import Any, Dict, List, Optional
@@ -32,17 +43,36 @@ HEARTBEAT = "heartbeat"
 USER_NOTE = "user.note"
 
 
+def _import_store_writer():
+    """Import gaia.store.writer, falling back to the repo layout.
+
+    Mirrors the import contract used by
+    hooks/modules/agents/handoff_persister.py: prefer a sibling ``gaia``
+    package if installed; otherwise add the repo root (two levels above
+    ``hooks/``) to ``sys.path`` and import from there.
+    """
+    try:
+        from gaia.store import writer as _writer
+    except ImportError:
+        _repo_root = Path(__file__).resolve().parents[3]
+        sys.path.insert(0, str(_repo_root))
+        from gaia.store import writer as _writer
+    return _writer
+
+
 class EventWriter:
-    """Append-only JSONL event writer with file locking.
+    """Non-blocking DB event writer.
 
-    All writes are wrapped in try/except -- events are non-critical and
-    must never block the hook pipeline.
+    All writes are wrapped in try/except -- events are non-critical and must
+    never block the hook pipeline. The ``events_dir`` argument is retained for
+    backward compatibility (legacy JSONL reads still resolve it) but is no
+    longer used for writes, which target the ``harness_events`` DB table.
     """
 
     def __init__(self, events_dir: Optional[Path] = None):
+        # Retained for compatibility with the legacy reader; not used for
+        # writes. Resolved lazily-safe (never raises here).
         self.events_dir = events_dir or get_events_dir()
-        self.events_file = self.events_dir / "events.jsonl"
-        self.lock_file = self.events_dir / "events.jsonl.lock"
 
     def write_event(
         self,
@@ -53,10 +83,10 @@ class EventWriter:
         severity: str = "info",
         meta: Optional[Dict[str, Any]] = None,
     ) -> None:
-        """Append a single event to the JSONL log.
+        """Append a single event to the ``harness_events`` DB table.
 
-        Thread-safe via exclusive file lock.  Fails silently on any error
-        to avoid disrupting the hook pipeline.
+        Fails silently on any error to avoid disrupting the hook pipeline --
+        same contract as the historical file writer.
 
         Args:
             event_type: Dotted event category (e.g. "agent.dispatch").
@@ -64,30 +94,21 @@ class EventWriter:
             agent: Agent involved, or empty string for non-agent events.
             result: Outcome summary string.
             severity: info | warning | error.
-            meta: Optional type-specific structured data.
+            meta: Optional type-specific structured data (stored as JSON in
+                the ``payload`` column).
         """
         try:
-            self.events_dir.mkdir(parents=True, exist_ok=True)
-
-            record: Dict[str, Any] = {
-                "ts": datetime.now(timezone.utc).isoformat(),
-                "type": event_type,
-                "source": source,
-                "agent": agent,
-                "result": result,
-                "severity": severity,
-            }
-            if meta:
-                record["meta"] = meta
-
-            with open(self.lock_file, "w") as lf:
-                fcntl.flock(lf.fileno(), fcntl.LOCK_EX)
-                try:
-                    with open(self.events_file, "a") as f:
-                        f.write(json.dumps(record, separators=(",", ":")) + "\n")
-                finally:
-                    fcntl.flock(lf.fileno(), fcntl.LOCK_UN)
-
+            writer = _import_store_writer()
+            workspace = os.environ.get("GAIA_WORKSPACE") or None
+            writer.write_harness_event(
+                event_type=event_type,
+                source=source,
+                agent=agent,
+                result=result,
+                severity=severity,
+                meta=meta,
+                workspace=workspace,
+            )
         except Exception as exc:
             logger.debug("Event write failed (non-fatal): %s", exc)
 
@@ -98,7 +119,13 @@ def read_events(
     limit: int = 50,
     events_dir: Optional[Path] = None,
 ) -> List[Dict[str, Any]]:
-    """Read recent events from the JSONL log.
+    """Read recent events from the legacy JSONL log.
+
+    NOTE: As of Task 2.2 this is no longer the canonical read path -- new
+    events are written to the ``harness_events`` DB table. This reader is
+    retained read-only until Task 2.3 removes ``events.jsonl`` entirely, so
+    historical pre-cutover events remain consultable. New callers should use
+    ``gaia.store.reader.cross_surface_query(surface="harness_events")``.
 
     Args:
         hours: How far back to look (default 24h).
@@ -148,63 +175,3 @@ def read_events(
     except Exception as exc:
         logger.debug("Event read failed (non-fatal): %s", exc)
         return []
-
-
-def cleanup_old_events(
-    days: int = 7,
-    events_dir: Optional[Path] = None,
-) -> int:
-    """Remove events older than *days* from the JSONL log.
-
-    Uses file locking to avoid conflicts with concurrent writers.
-    Retains lines that cannot be parsed (conservative).
-
-    Args:
-        days: Retention window in days (default 7).
-        events_dir: Override events directory (for testing).
-
-    Returns:
-        Number of events removed.
-    """
-    try:
-        edir = events_dir or get_events_dir()
-        events_file = edir / "events.jsonl"
-        lock_file = edir / "events.jsonl.lock"
-
-        if not events_file.exists():
-            return 0
-
-        retention_days = int(os.environ.get("GAIA_EVENT_RETENTION_DAYS", str(days)))
-        cutoff = datetime.now(timezone.utc) - timedelta(days=retention_days)
-        kept: List[str] = []
-        removed = 0
-
-        with open(lock_file, "w") as lf:
-            fcntl.flock(lf.fileno(), fcntl.LOCK_EX)
-            try:
-                with open(events_file, "r") as f:
-                    for line in f:
-                        line = line.strip()
-                        if not line:
-                            continue
-                        try:
-                            evt = json.loads(line)
-                            ts = datetime.fromisoformat(evt["ts"])
-                            if ts < cutoff:
-                                removed += 1
-                                continue
-                        except (json.JSONDecodeError, KeyError, ValueError):
-                            pass  # Keep unparseable lines
-                        kept.append(line)
-
-                with open(events_file, "w") as f:
-                    for line in kept:
-                        f.write(line + "\n")
-            finally:
-                fcntl.flock(lf.fileno(), fcntl.LOCK_UN)
-
-        return removed
-
-    except Exception as exc:
-        logger.debug("Event cleanup failed (non-fatal): %s", exc)
-        return 0

package/hooks/modules/security/__init__.py

@@ -45,7 +45,6 @@ from .approval_scopes import (
 from .approval_grants import (
     check_approval_grant,
     cleanup_expired_grants,
-    get_latest_pending_approval,
     last_check_found_expired,
     ApprovalGrant,
 )
@@ -93,7 +92,6 @@ __all__ = [
     # Approval Grants
     "check_approval_grant",
     "cleanup_expired_grants",
-    "get_latest_pending_approval",
     "last_check_found_expired",
     "ApprovalGrant",
     # Shell unwrapper