diff --git a/docs/agent-handoff.md b/docs/agent-handoff.md index f60b707..bfd52c4 100644 --- a/docs/agent-handoff.md +++ b/docs/agent-handoff.md @@ -24,10 +24,12 @@ Last updated: 2026-07-05 - Current Telegram-chat implementation commit: `c86407d4f8bfb8a445bb7f4685ff545b479244a1`. - PR #60 / issue #59 added the controlled Telegram terminal agent with 13 allowlisted tools, bounded multi-step decisions, chat-bound confirmation for mutations, `/tools`, `/trace`, and proactive sweep analysis. - Tool-agent production commit: `d13652a70b77263f357b487d50bab3af5585a309`. -- Issue #61 is implemented on `codex/issue-61-security-manager-onboarding` in PR #62. +- Issue #61 was completed and closed by merged PR #62. - Security Manager implementation commit: `0c7ddc5a6cb85487274a8bdf754d48a967ba2c84`. - The Security Manager adds language-first Telegram onboarding, explicit consent/minimal setup, an AES-256-GCM encrypted profile under `runs/security-profile.enc`, profile commands, a read-only `get_security_profile` agent tool, location/personal relevance guidance, and deterministic alert-level/quiet-hours enforcement. -- Gitea Actions runs 883 and 884 passed for PR #62 (`test-and-image` and `template-compliance`). The production merge and registry publication are still pending at the time of this handoff edit. +- PR validation runs 883-886 passed. Production merge commit `c0afc6d2e88b7602148d786dd249351323885ac2` passed build/publish run 887, release dry-run 888, and template compliance 889. +- Registry tags `latest`, `20260705`, and `c0afc6d2e88b7602148d786dd249351323885ac2` were verified through the Gitea Package API on 2026-07-05. +- The Dockge stack at `C:\docker\intelligence-terminal` was updated from the registry image. A cryptographically random `SECURITY_PROFILE_ENCRYPTION_KEY` was added without printing it. Live health reported the container healthy, LiteLLM configured, Telegram AI and the 14-tool agent enabled, and the encrypted profile store configured/available with no profile yet. ## Repository State @@ -49,7 +51,7 @@ upstream https://github.com/calesthio/Crucix.git Current branch tip: ```text -Run `git rev-parse HEAD` after clone/pull. During PR #62 work, the current feature tip includes `0c7ddc5`; after merge, use the production branch tip reported by Gitea. +Run `git rev-parse HEAD` after clone/pull. The production branch contains Security Manager merge commit `c0afc6d2e88b7602148d786dd249351323885ac2` plus this release handoff update. ``` Production baseline before the current LiteLLM work: @@ -301,6 +303,16 @@ Release dry-run: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/ac Template compliance: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/235 ``` +Security Manager release runs: + +```text +PR build: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/885 +PR template check: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/886 +Production publish: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/887 +Release dry-run: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/888 +Template compliance: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/889 +``` + ## Gitea Actions Workflows present: @@ -524,7 +536,7 @@ docker pull git.wilkensxl.de/code-inc/intelligence-terminal:latest - The project still inherits the original Crucix broad source surface. Future work should prefer focused source-by-source tests over broad refactors. - If a new Codex environment sees non-fast-forward branch pushes, fetch first and preserve remote commits. Do not force-push without explicit approval. - A production deployment must add `SECURITY_PROFILE_ENCRYPTION_KEY` before expecting first-start onboarding. A changed or lost key intentionally fails closed and does not overwrite existing ciphertext. -- PR #62 still needs merge, successful production publish runs, registry verification, and Dockge deployment verification if those steps are not recorded below by a later update. +- Security Manager first-start onboarding remains intentionally incomplete until the operator answers the language and consent prompts in Telegram; no personal profile is created automatically. ## Operator Pull Command