controlled-execution-system 0.1.2__tar.gz

controlled_execution_system-0.1.2/.dockerignore

@@ -0,0 +1,16 @@
+.venv/
+.git/
+__pycache__/
+*.pyc
+*.pyo
+*.egg-info/
+tests/
+docs/
+.planning/
+.claude/
+.coverage
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.ces/
+tasks/

controlled_execution_system-0.1.2/.env.example

@@ -0,0 +1,28 @@
+# CES Environment Configuration
+#
+# CES is a local builder-first CLI. Most users do not need to set anything
+# here -- `ces init` generates the per-project audit-ledger HMAC secret and
+# Ed25519 signing keypair under `.ces/keys/` automatically.
+#
+# Copy to `.env` and override only if you need non-default behaviour.
+# NEVER commit `.env` to version control.
+#
+# See docs/Quickstart.md for the getting-started path.
+
+# Logging
+CES_LOG_LEVEL=INFO
+CES_LOG_FORMAT=json
+
+# Default local agent runtime when multiple CLIs are installed (codex | claude)
+CES_DEFAULT_RUNTIME=codex
+
+# Demo mode: serve canned helper responses when no CLI-backed provider is
+# available. Useful for evaluating the CLI flow without authenticating to
+# Anthropic or OpenAI. Defaults to 0 (off).
+CES_DEMO_MODE=0
+
+# Audit-ledger HMAC secret. Optional: `ces init` writes a random 32-byte
+# secret to `.ces/keys/audit.hmac` (mode 0600). Set this only to override
+# the file-based secret in CI or managed environments. Do not use the
+# hardcoded development default; the factory will refuse to start.
+# CES_AUDIT_HMAC_SECRET=

controlled_execution_system-0.1.2/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @chrisduvillard

controlled_execution_system-0.1.2/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,22 @@
+---
+name: Bug report
+about: Report a defect in CES behavior, docs, or packaging
+title: "[Bug] "
+labels: bug
+assignees: ""
+---
+
+## Summary
+
+Describe the problem clearly.
+
+## Reproduction
+
+1. Environment:
+2. Command or workflow:
+3. Actual result:
+4. Expected result:
+
+## Evidence
+
+Include logs, stack traces, screenshots, or failing commands when relevant.

controlled_execution_system-0.1.2/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature request
+about: Suggest a new CES capability or public workflow improvement
+title: "[Feature] "
+labels: enhancement
+assignees: ""
+---
+
+## Problem
+
+What is missing or hard to do today?
+
+## Proposed change
+
+Describe the behavior or workflow you want.
+
+## Context
+
+Explain who benefits, constraints, and any alternatives already considered.

controlled_execution_system-0.1.2/.github/pull_request_template.md

@@ -0,0 +1,16 @@
+## Summary
+
+Describe the user-facing or operational change in 2-4 sentences.
+
+## Verification
+
+- [ ] `uv run ruff check src/ tests/`
+- [ ] `uv run ruff format --check src/ tests/`
+- [ ] `uv run mypy src/ces/ --ignore-missing-imports`
+- [ ] `uv run pytest tests/unit/ -q -W error`
+
+## Deployment Notes
+
+- [ ] No special deployment changes
+- [ ] Docs updated if the public contract changed
+- [ ] Follow-up work tracked if anything was intentionally deferred

controlled_execution_system-0.1.2/.github/workflows/ci.yml

@@ -0,0 +1,76 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          version: ">=0.11.3"
+      - run: uv sync --frozen
+      - run: uv run ruff check src/ tests/
+      - run: uv run ruff format --check src/ tests/
+
+  typecheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          version: ">=0.11.3"
+      - run: uv sync --frozen
+      - run: uv run mypy src/ces/ --ignore-missing-imports
+
+  test:
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: postgres:17
+        env:
+          POSTGRES_USER: ces
+          POSTGRES_PASSWORD: ces_dev
+          POSTGRES_DB: ces_dev
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd "pg_isready -U ces"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+      redis:
+        image: redis:7.4-alpine
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          version: ">=0.11.3"
+      - run: uv sync --frozen
+      - name: Run Alembic migrations
+        env:
+          CES_DATABASE_URL: postgresql+asyncpg://ces:ces_dev@localhost:5432/ces_dev
+          CES_DATABASE_SYNC_URL: postgresql+psycopg://ces:ces_dev@localhost:5432/ces_dev
+        run: uv run alembic upgrade head
+      - name: Run tests with coverage
+        env:
+          CES_DATABASE_URL: postgresql+asyncpg://ces:ces_dev@localhost:5432/ces_dev
+          CES_DATABASE_SYNC_URL: postgresql+psycopg://ces:ces_dev@localhost:5432/ces_dev
+          CES_REDIS_URL: redis://localhost:6379/0
+        run: uv run pytest tests/ --cov=ces --cov-fail-under=88 -q -W error
+      - name: Build distributions
+        run: uv build
+      - name: Check distribution metadata
+        run: uvx twine check dist/*

controlled_execution_system-0.1.2/.github/workflows/publish.yml

@@ -0,0 +1,53 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write  # Required for trusted publishing
+      contents: read   # Required for actions/checkout (the permissions block replaces defaults, not merges)
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          version: ">=0.11.3"
+      - run: uv sync --frozen
+
+      - name: Run tests before publishing
+        env:
+          CES_DATABASE_URL: "sqlite+aiosqlite:///test.db"
+          CES_DATABASE_SYNC_URL: "sqlite:///test.db"
+        run: uv run pytest tests/unit/ -q -W error
+
+      - name: Run builder-first smoke tests
+        run: uv run pytest tests/integration/test_freshcart_e2e.py -q
+
+      - name: Build distributions
+        run: uv build
+
+      - name: Check distribution metadata
+        run: uvx twine check dist/*
+
+      - name: Smoke test installed CLI
+        shell: bash
+        run: |
+          wheel_path="$(python - <<'PY'
+          from pathlib import Path
+
+          wheels = sorted(Path("dist").glob("controlled_execution_system-*.whl"))
+          if len(wheels) != 1:
+              raise SystemExit(f"Expected exactly one wheel, found {len(wheels)}: {wheels}")
+          print(wheels[0])
+          PY
+          )"
+          uv tool run --from "$wheel_path" ces --help
+          uv tool run --from "$wheel_path" ces init --help
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

controlled_execution_system-0.1.2/.gitignore

@@ -0,0 +1,51 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+.venv/
+dist/
+build/
+*.egg-info/
+
+# Environment
+.env
+!.env.example
+
+# IDE
+.idea/
+.vscode/
+*.swp
+.claude/worktrees/
+.claude/settings.local.json
+.worktrees/
+
+# Reviewer-agent scratch artifacts (codex / claude CLI sub-agents create
+# these inside the working tree when exploring stateful code paths)
+scratch_*/
+tmp_test.cmd
+
+# Testing
+.coverage
+htmlcov/
+.pytest_cache/
+.ruff_cache/
+.mypy_cache/
+
+# CES project-level secrets
+*.private_key
+.controlled-execution/keys/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# UV
+.python-version
+
+# Local CES project state (created by ces init / ces build)
+.ces/
+
+# Internal development artifacts
+.planning/
+tasks/
+docs/superpowers/

controlled_execution_system-0.1.2/.mcp.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "firecrawl": {
+      "command": "npx",
+      "args": [
+        "-y",
+        "firecrawl-mcp"
+      ]
+    }
+  }
+}

controlled_execution_system-0.1.2/.pre-commit-config.yaml

@@ -0,0 +1,16 @@
+repos:
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.15.9
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  - repo: local
+    hooks:
+      - id: mypy
+        name: mypy (strict, via uv)
+        entry: uv run mypy src/ces/ --ignore-missing-imports
+        language: system
+        pass_filenames: false
+        types: [python]

controlled_execution_system-0.1.2/CHANGELOG.md

@@ -0,0 +1,202 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.1.2] - 2026-04-23
+
+Security + release-readiness hardening. Three critical release blockers
+identified in the 2026-04-23 release-readiness audit are resolved; no
+product-shape changes. Full remediation plan archived at
+`.planning/release-0.1.2-plan.md`.
+
+### Security
+- **Manifest signing is now actually enforced end-to-end.** The Ed25519
+  keypair used by `ManifestManager` is generated and persisted to
+  `.ces/keys/` (mode `0600`) on `ces init` and loaded by
+  `_factory.get_services()` on every CLI invocation. Before 0.1.2 the
+  keypair was regenerated per-process, so signatures produced in one
+  CLI command could not be verified in the next one — D-13 manifest
+  integrity was silently defeated. A new cross-invocation regression
+  test in `tests/unit/test_cli/test_factory_signing.py` locks in the
+  fixed behaviour.
+- **Audit-ledger HMAC secret is now project-scoped by default.**
+  `ces init` generates a random 32-byte secret and writes it to
+  `.ces/keys/audit.hmac` (mode `0600`). `load_audit_hmac_secret`
+  rejects the hardcoded development-default marker string so users
+  who forget to override `CES_AUDIT_HMAC_SECRET` no longer silently
+  ship with a publicly-known audit secret. `CES_AUDIT_HMAC_SECRET`
+  is still honoured as an explicit override for CI/ops.
+- **Claude builder runtime no longer runs with `acceptEdits`.**
+  `ClaudeRuntimeAdapter.run_task` now uses `--permission-mode default`
+  plus a `--allowedTools` allowlist. The default allowlist is
+  `Read Grep Glob Edit Write`; `Bash` and `WebFetch` require explicit
+  opt-in via `TaskManifest.allowed_tools`. A prompt-injected repo
+  (hostile README, issue body, code comment) can no longer steer the
+  model into executing arbitrary host commands via auto-approved tool
+  calls. Regression test: `tests/unit/test_execution/test_claude_adapter_hardening.py`.
+- **Subprocess stdout/stderr are secret-scrubbed** before being persisted
+  to `.ces/state.db` and included in evidence packets. An agent that
+  reads `.env`/`~/.aws/credentials` and echoes it no longer causes
+  that material to land in CES persistence. Scrubber extracted as
+  `scrub_secrets_from_text` in `src/ces/execution/sandbox.py`.
+- **`.ces/state.db` is created mode `0600`, parent dir `0700`.**
+  Matches the pattern already used for runtime transcripts.
+- **CLI provider subprocess env is now allowlist-filtered** (new
+  `src/ces/execution/_subprocess_env.py` shared between the runtime
+  adapters and the inline CLI provider). Previously the inline CLI
+  provider inherited the full process env, leaking `AWS_*`,
+  `DATABASE_URL`, `GITHUB_TOKEN`, etc. into every LLM subprocess.
+- **Kill-switch guards added to two `spec_cmd.py` LLM paths**
+  (`_polish_spec_document` and `_llm_section_mapping`) that previously
+  bypassed the `is_halted()` check that CLAUDE.md promises for every
+  LLM-dispatching service.
+- **`git diff {base_ref}` in the dogfood pipeline now `--`-delimits
+  the ref** so a user-supplied `--base` argument cannot be parsed as
+  git option flags.
+
+### Changed
+- **Server-era bytecode directories (`src/ces/api/`,
+  `src/ces/tasks/`, `src/ces/polyrepo/`)** have been fully removed.
+  The corresponding `.py` source was deleted in 0.1.1; this release
+  removes the stale `__pycache__` shells. Nothing in `src/` or
+  `tests/` imports from these paths.
+- **`docker-compose.yml` narrowed to `postgres` + `redis`.** The
+  `api` and `celery-worker` services (whose backing code was removed
+  in 0.1.1) have been deleted; running `docker compose up` no longer
+  fails with `ModuleNotFoundError` or a dead health-probe URL. The
+  file retains its purpose as integration-test infrastructure.
+- **`.env.example` trimmed** to variables actually consumed by
+  `CESSettings` (`CES_LOG_LEVEL`, `CES_LOG_FORMAT`,
+  `CES_DEFAULT_RUNTIME`, `CES_DEMO_MODE`, and an optional
+  `CES_AUDIT_HMAC_SECRET` override), resolving the contradiction
+  with the no-Postgres Quickstart.
+- **`AggregatedReview.degraded_model_diversity: bool`** new field.
+  Set to `True` when the dispatched triad resolves to fewer distinct
+  underlying models than assignments (e.g. only one CLI provider
+  installed against a Tier A triad). Surfaces an intentional signal
+  in evidence packets instead of the silent aliasing in `bootstrap.py`.
+- **Dependencies now pinned with upper bounds** (`<N`) to constrain
+  supply-chain blast radius.
+- **README Tech Stack** qualifies the mypy "strict mode" claim with
+  "targeted relaxations"; see `[tool.mypy]` in `pyproject.toml` for
+  the actual error codes disabled.
+- **CLAUDE.md** Constraints section clarifies that PostgreSQL is only
+  for the integration-test compatibility suite, not shipped product.
+- CES now ships as a local builder-first CLI only. The supported public
+  workflow is local `.ces/` state plus local `codex` / `claude` runtimes;
+  server/API/worker/control-plane deployment surfaces are no longer part of
+  the published product contract.
+- The public CLI surface is narrowed to the local workflow and governance
+  commands. Removed server-era command groups are no longer registered or
+  documented.
+- Fresh database migrations now prune obsolete server-era schemas and tables
+  (`observability`, `polyrepo`, `control.api_keys`, and
+  `control.project_members`) so a new PostgreSQL compatibility database
+  matches the current local-first product shape.
+- Sample builder prompts and spec fixtures now use framework-neutral HTTP
+  wording instead of `FastAPI`-specific examples, keeping the public repo
+  contract implementation-agnostic.
+
+### Deprecated
+- `TestCoverageSensor` is deprecated; use `CoverageSensor` instead. The
+  legacy name remains importable from `ces.harness.sensors` and continues to
+  function as a subclass of `CoverageSensor`, but instantiating it now emits
+  `DeprecationWarning`. The alias will be removed in 0.2.x. The rename
+  removes the `Test` prefix that previously collided with pytest's class
+  collection (the `__test__ = False` workaround now lives only on the
+  deprecated alias).
+
+### Fixed
+- Alembic migration bootstrap no longer imports deleted observability ORM
+  modules, so the retained PostgreSQL compatibility tests run again.
+- Audit-ledger hash continuation and integrity verification are now correctly
+  project-scoped across both PostgreSQL and local SQLite repositories.
+- PostgreSQL compatibility fixtures now wait for the containerized database to
+  accept connections before running Alembic, removing a startup timing race in
+  the Docker-backed integration suite.
+- `LocalProjectStore`: `review_findings` now uses a synthetic primary key
+  scoped to `(manifest_id, finding_id)` so findings from different manifests
+  no longer collide, and `.ces/state.db` startup recovers cleanly from an
+  interrupted migration left by a previous aborted process.
+- `ces status` no longer attempts telemetry/Postgres access for local-mode
+  builder-first projects, so the documented no-Docker/no-Postgres quickstart
+  path stays responsive.
+- Publishing now runs a maintained builder-first smoke test before PyPI
+  release, replacing the stale xfailed end-to-end coverage path with an
+  exercised local workflow gate.
+
+### Known follow-ups
+- Coverage gate remains at 88 % pending the `test_freshcart_e2e_pipeline`
+  fixture rewrite; target is to restore to 90 % in a subsequent 0.1.x
+  release.
+- `CoverageSensor` own-coverage is 47 % (the sensor that powers CES's
+  dogfooding is ironically under-tested); follow-up in 0.1.3.
+- Prompt-injection in reviewer prompts is not structurally mitigated
+  (inherent LLM limitation); `SECURITY.md` will be expanded with the
+  model-diversity mitigation path in a follow-up.
+- Consider a `ces doctor --security` subcommand that checks: HMAC
+  secret non-default, signing keys exist and are `0600`, state DB is
+  `0600`.
+
+## [0.1.1] - 2026-04-17
+
+Release-readiness hardening. No functional changes; hygiene, tooling, and
+OSS-release artifacts only.
+
+### Added
+- `CODE_OF_CONDUCT.md` adopting Contributor Covenant v2.1.
+- Pre-commit `mypy` hook so type errors are caught locally before CI.
+
+### Changed
+- Dockerfile runtime image now runs as an unprivileged user (`ces`, UID 1000).
+- Ruff configuration consolidated into `pyproject.toml` (removed `ruff.toml`).
+- README coverage badge set to `88%+` to match the enforced CI gate (temporary
+  relaxation from the PRD-mandated 90%; see known follow-ups for restore plan).
+- `CONTRIBUTING.md` links to `CODE_OF_CONDUCT.md` and `SECURITY.md`.
+- CHANGELOG test-count figure corrected (2,800+ → 3,000+).
+
+### Fixed
+- Auto-fixed 30 ruff lint issues and reformatted 6 files under `alembic/`
+  and `examples/` so `ruff check .` and `ruff format --check .` pass on a
+  fresh clone.
+- Silenced pytest collection warning on `TestCoverageSensor` via
+  `__test__ = False`.
+- `.gitignore` now includes `.ruff_cache/` and `.mypy_cache/`.
+- CI checkout on the publish workflow (missing `contents: read` permission).
+- Integration-test fixtures constructing `TaskManifest`, `DisclosureSet`, and
+  `VaultNote` with lists are now tuples, matching `frozen=True` strict typing.
+- `test_generate_formats_assistant_role`: silenced an AsyncMock/asyncio
+  interaction warning under `pytest -W error` on CPython 3.12.
+
+### Known follow-ups
+- Coverage gate temporarily lowered from 90% to 88% while
+  `test_freshcart_e2e_pipeline` is xfailed pending a fixture rewrite to match
+  the current `review_cmd.py` service graph. Target: restore to 90% in 0.1.x.
+
+## [0.1.0] - 2026-04-12
+
+Initial alpha release of the Controlled Execution System.
+
+### Added
+
+- **Control Plane**: Manifest manager, audit ledger (HMAC-SHA256 chain), classification engine (deterministic TF-IDF), kill switch, policy engine, workflow state machine, gate evaluator, merge controller
+- **Harness Plane**: Evidence synthesizer, review router (3-tier), sensor orchestrator (7 sensors), trust manager (4-state transitions), guide pack builder, hidden check engine
+- **Execution Plane**: Agent runner with sandbox, runtime registry (Codex CLI, Claude Code), LLM provider abstraction (Anthropic, OpenAI), chain-of-custody tracker, secret stripping
+- **CLI**: 25+ command groups including `ces build`, `ces init`, `ces continue`, `ces explain`, `ces status`, `ces manifest`, `ces classify`, `ces review`, `ces approve`, `ces audit`, and command groups for vault, emergency, brownfield, alerts, events, registry, release, admin, and project management
+- **Builder-first workflow**: `ces build` as default entrypoint with auto-bootstrap (creates `.ces/` on first run), interactive brief collection, local-mode SQLite persistence
+- **Demo mode**: `CES_DEMO_MODE=1` enables dry-run without LLM API keys
+- **Local-first architecture**: Full governance pipeline works with SQLite (`.ces/state.db`), no Postgres/Redis required for single-user local mode
+- **REST API**: FastAPI control plane with auth, SSE streaming, endpoints for manifests, reviews, evidence, audit, trust, agents, telemetry, alerts, events, dependencies, registry, and releases
+- **Database**: PostgreSQL 17 with 15 Alembic migrations for server-mode deployment
+- **Observability**: OpenTelemetry integration, Prometheus metrics, structured logging (structlog), alert rules, health dashboard TUI
+- **Cross-repo federation**: Polyrepo event bus, webhook delivery, federated bindings, dependency graph analysis
+- **Brownfield support**: Legacy behavior detection, registration, grouped review, disposition-to-PRL workflow
+- **Knowledge vault**: Zettelkasten-style notes with trust decay and ranking
+- **Security**: Ed25519 manifest signing, HMAC-SHA256 audit chain, no secrets in task packages, sandboxed agent commands
+- **Testing**: 3,000+ tests (3,066 unit + 21 integration), 90%+ branch coverage gate, CI with GitHub Actions (lint, typecheck, test, build)
+- **Documentation**: README, Getting Started guide, Operator Playbook, FreshCart worked example, Implementation Guide, Operations Runbook, Production Deployment Guide, Security doc, Quick Reference Card