Merge pull request 'docs: record Security Manager release handoff' (#63) from codex/handoff-security-manager-release into codex/production-intelligence-terminal
This commit was merged in pull request #63.
This commit is contained in:
@@ -24,10 +24,12 @@ Last updated: 2026-07-05
|
|||||||
- Current Telegram-chat implementation commit: `c86407d4f8bfb8a445bb7f4685ff545b479244a1`.
|
- Current Telegram-chat implementation commit: `c86407d4f8bfb8a445bb7f4685ff545b479244a1`.
|
||||||
- PR #60 / issue #59 added the controlled Telegram terminal agent with 13 allowlisted tools, bounded multi-step decisions, chat-bound confirmation for mutations, `/tools`, `/trace`, and proactive sweep analysis.
|
- PR #60 / issue #59 added the controlled Telegram terminal agent with 13 allowlisted tools, bounded multi-step decisions, chat-bound confirmation for mutations, `/tools`, `/trace`, and proactive sweep analysis.
|
||||||
- Tool-agent production commit: `d13652a70b77263f357b487d50bab3af5585a309`.
|
- Tool-agent production commit: `d13652a70b77263f357b487d50bab3af5585a309`.
|
||||||
- Issue #61 is implemented on `codex/issue-61-security-manager-onboarding` in PR #62.
|
- Issue #61 was completed and closed by merged PR #62.
|
||||||
- Security Manager implementation commit: `0c7ddc5a6cb85487274a8bdf754d48a967ba2c84`.
|
- Security Manager implementation commit: `0c7ddc5a6cb85487274a8bdf754d48a967ba2c84`.
|
||||||
- The Security Manager adds language-first Telegram onboarding, explicit consent/minimal setup, an AES-256-GCM encrypted profile under `runs/security-profile.enc`, profile commands, a read-only `get_security_profile` agent tool, location/personal relevance guidance, and deterministic alert-level/quiet-hours enforcement.
|
- The Security Manager adds language-first Telegram onboarding, explicit consent/minimal setup, an AES-256-GCM encrypted profile under `runs/security-profile.enc`, profile commands, a read-only `get_security_profile` agent tool, location/personal relevance guidance, and deterministic alert-level/quiet-hours enforcement.
|
||||||
- Gitea Actions runs 883 and 884 passed for PR #62 (`test-and-image` and `template-compliance`). The production merge and registry publication are still pending at the time of this handoff edit.
|
- PR validation runs 883-886 passed. Production merge commit `c0afc6d2e88b7602148d786dd249351323885ac2` passed build/publish run 887, release dry-run 888, and template compliance 889.
|
||||||
|
- Registry tags `latest`, `20260705`, and `c0afc6d2e88b7602148d786dd249351323885ac2` were verified through the Gitea Package API on 2026-07-05.
|
||||||
|
- The Dockge stack at `C:\docker\intelligence-terminal` was updated from the registry image. A cryptographically random `SECURITY_PROFILE_ENCRYPTION_KEY` was added without printing it. Live health reported the container healthy, LiteLLM configured, Telegram AI and the 14-tool agent enabled, and the encrypted profile store configured/available with no profile yet.
|
||||||
|
|
||||||
## Repository State
|
## Repository State
|
||||||
|
|
||||||
@@ -49,7 +51,7 @@ upstream https://github.com/calesthio/Crucix.git
|
|||||||
Current branch tip:
|
Current branch tip:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
Run `git rev-parse HEAD` after clone/pull. During PR #62 work, the current feature tip includes `0c7ddc5`; after merge, use the production branch tip reported by Gitea.
|
Run `git rev-parse HEAD` after clone/pull. The production branch contains Security Manager merge commit `c0afc6d2e88b7602148d786dd249351323885ac2` plus this release handoff update.
|
||||||
```
|
```
|
||||||
|
|
||||||
Production baseline before the current LiteLLM work:
|
Production baseline before the current LiteLLM work:
|
||||||
@@ -301,6 +303,16 @@ Release dry-run: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/ac
|
|||||||
Template compliance: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/235
|
Template compliance: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/235
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Security Manager release runs:
|
||||||
|
|
||||||
|
```text
|
||||||
|
PR build: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/885
|
||||||
|
PR template check: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/886
|
||||||
|
Production publish: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/887
|
||||||
|
Release dry-run: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/888
|
||||||
|
Template compliance: https://git.wilkensxl.de/Code-Inc/intelligence-terminal/actions/runs/889
|
||||||
|
```
|
||||||
|
|
||||||
## Gitea Actions
|
## Gitea Actions
|
||||||
|
|
||||||
Workflows present:
|
Workflows present:
|
||||||
@@ -524,7 +536,7 @@ docker pull git.wilkensxl.de/code-inc/intelligence-terminal:latest
|
|||||||
- The project still inherits the original Crucix broad source surface. Future work should prefer focused source-by-source tests over broad refactors.
|
- The project still inherits the original Crucix broad source surface. Future work should prefer focused source-by-source tests over broad refactors.
|
||||||
- If a new Codex environment sees non-fast-forward branch pushes, fetch first and preserve remote commits. Do not force-push without explicit approval.
|
- If a new Codex environment sees non-fast-forward branch pushes, fetch first and preserve remote commits. Do not force-push without explicit approval.
|
||||||
- A production deployment must add `SECURITY_PROFILE_ENCRYPTION_KEY` before expecting first-start onboarding. A changed or lost key intentionally fails closed and does not overwrite existing ciphertext.
|
- A production deployment must add `SECURITY_PROFILE_ENCRYPTION_KEY` before expecting first-start onboarding. A changed or lost key intentionally fails closed and does not overwrite existing ciphertext.
|
||||||
- PR #62 still needs merge, successful production publish runs, registry verification, and Dockge deployment verification if those steps are not recorded below by a later update.
|
- Security Manager first-start onboarding remains intentionally incomplete until the operator answers the language and consent prompts in Telegram; no personal profile is created automatically.
|
||||||
|
|
||||||
## Operator Pull Command
|
## Operator Pull Command
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user