session-relay Rust port (steps 1-6) + knowledge-format lint & citations#4
Merged
Conversation
…nt checklist Fold a maintenance Lint checklist into the context-tree audit and skill-maintenance skills, and cite OKF (Apache-2.0) + Karpathy LLM-Wiki as prior art — citation-not-adoption (license + architecture mismatch). No vendoring, no OKF schema, no new skill. Self-reviewed 89/100 (draft red-team, all 10 holes fixed). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
Replace session-relay's five store-touching Node .mjs with one static Rust `relay` binary (4 committed arches + sh launcher) so a Codex-only host needs no Node, and upgrade the store lock mkdir-mutex → kernel flock. Full port, commit binaries in-tree (maintainer scope choice). Darwin binaries produced by a native-runner build matrix (build-binaries.yml), committed before the tag; ci.yml gains Rust provisioning so ci.mjs builds the host leg. 7 steps, planned against main 7ee6a0d. Self-reviewed 66 → 88/100 (fresh-context draft red-team; its 9 findings — 3 blocking build/CI/delete gaps + a false-passing grep + a step/goal conflict — applied pre-start). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…l + Mac fallback Answer the "how do binaries ship for multiple plugins" question in the plan: - Binaries committed in-tree (git-clone delivery), NOT Release assets — the reason "every consumer just installs it" works; make the rationale explicit. - Chicken-and-egg: build pre-tag → commit → release.mjs asserts + tags. - Producer decision: GitHub Actions native matrix canonical (decouples release from having a Mac) + rust/build-all.sh local Apple-Silicon fallback. Linux host can only make the 2 musl arches — darwin needs Apple. - build-binaries.yml is workflow_dispatch-only (fixed the tag-trigger contradiction); validate is the tag gate. Windows-native marked out of scope. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
Research pass (2026-07-01) grounding both plans in fetched sources, not memory:
session-relay-rust-port:
- GitHub runner labels were STALE — macos-13 (Intel) is retired; switch to one
arm64 macos-latest runner cross-building both darwin arches + one ubuntu for
musl (4 binaries, 2 free runners). Source: GitHub-hosted runners reference.
- Drop the build-all.sh Mac "fallback" — speculative second build path; CI makes
all four, Mac dev needs only the host leg. (Answers "why the Mac fallback?".)
- Codex substitution clarified: native ${PLUGIN_ROOT} + ${CLAUDE_PLUGIN_ROOT}
compat; issue #19372 = residual risk; STOP retained. Claude binary-command
flip confirmed documented-supported. Rust 1.85/edition-2024, rustix::fs::flock,
cross-can't-ship-darwin all confirmed. Added a cited External-research block.
knowledge-format-lint-and-citations:
- Fixed a MIS-SOURCED claim: OKF Apache-2.0 was cited to the Google Cloud blog,
which doesn't state a license — real source is the knowledge-catalog repo
LICENSE (claim itself true). Format + Karpathy Lint items verified verbatim.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…pass
Fresh-context re-review (rust 75/100, knowledge 87/100) merged with a
practices research pass (MCP spec, Claude hooks/plugins docs, min-sized-rust,
Cargo book, git-lfs):
session-relay-rust-port:
- BLOCKING: the "Codex uses native ${PLUGIN_ROOT}" decision had not propagated
to Goal/Interfaces/Step 6 — added a per-manifest flip table (Claude MCP +
exec-form hooks on ${CLAUDE_PLUGIN_ROOT}; Codex bus.mcp.json on native
${PLUGIN_ROOT}) + a dedicated Codex-var acceptance grep.
- Practices: forbid Git LFS for bin/ (pointer files = broken consumer clone);
concrete [profile.release] block; rust-toolchain.toml exact pin (makes the
reproducible-rebuild criterion achievable); fmt/clippy/--locked gating;
exec-bit 100755 + .gitattributes for committed binaries; bus.rs stdout
purity as a normative MCP-stdio MUST; state never under the plugin root.
- Structure: ci.mjs checksum-verify now skips-with-notice until binaries land;
split overloaded step 6 into 6 (tests+docs) / 7 (atomic flip) — 8 steps;
enumerated all 8 SKILL.md path strings + residual grep; fixed step-3 dep,
selftest ~L390 source imprecision; named the register seeding path.
knowledge-format-lint-and-citations:
- Lint acceptance was gameable (summed >=5) and silently omitted the
"missing cross-references" check — now five per-check greps, each required.
- Step 2 over-declared dependency corrected; capability-tuning :24/:181
anchors re-verified.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…y prior-art citations Executes plan knowledge-format-lint-and-citations (4/4 steps): - context-tree audit gains the cross-node graph Lint (contradictions between nodes, orphan nodes with no inbound link, concepts lacking a node, missing cross-references, web-fillable data gaps) — op row, workflow bullet, and a Graph Lint procedure table in references/conflict-resolution.md (+ Contents TOC, required once the file crossed 100 lines). Audit stays read-only. - skill-maintenance Drift Detection gains the two per-skill checks: intra-skill contradiction and claim-superseded-by-newer-source. - Prior-art citations: Google OKF (Apache-2.0, markdown+YAML frontmatter) and Karpathy's LLM-Wiki (Ingest-Query-Lint) in write-skill attribution + context-tree framing. Citation only — no vendoring, no schema adoption. - metadata.updated bumped + content_hash backfilled on all three skills. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
… in_review Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
Goal met: yes. All 5 acceptance criteria re-run green by fresh-context plan-review; scope clean (work commit 4303561 touches only the three named skills); descriptions untouched; nothing vendored; CI green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…onsumer projects Preserves the OKF evaluation idea (knowledge/ bundles wired into context-tree, NOT a skills/AGENTS.md retrofit — already decided against) with sources and the untrusted-third-party note on okf-skills. Parked; rust port takes priority. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…*--v* session-relay tags (session-relay--v*) never triggered the validate workflow, so release.mjs's tag-CI wait found no run and session-relay releases were un-gated. One general glob replaces the plugin-specific one; trigger-model doc updated in the same change. (rust-port plan, step 1/8) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…e gate build-binaries.yml: 2-runner matrix (macos-latest arm64 → both darwin arches; ubuntu-latest → both musl arches, aarch64 via gcc-aarch64-linux-gnu), --locked builds, per-runner checksum parts, workflow_dispatch ONLY (binaries are committed pre-tag; the tag push is the gate and can only verify in-tree content). No third-party toolchain action — both runner images preinstall rustup (verified against runner-images readmes); the one new pin is upload-artifact@043fb46d # v7.0.1. ci.yml validate job gains a guarded Rust step (musl-tools + host musl target), a no-op until rust-toolchain.toml lands. .github/AGENTS.md documents both. (rust-port plan, step 2/8) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…flock Port of lib/store.mjs, every semantic preserved: field-preserving register upsert + renamed-alias drop, atomic tmp+rename writes, sanitize/encodeDir traversal defense, drain-under-lock, JS-spread override in enqueue, ISO-ms timestamps (hand-rolled civil-date math — no chrono). The mkdir-mutex becomes a kernel flock(2) on a .lock FILE (rustix, auto-released on crash; 3s fail-fast contract kept) with a first-run migration that removes the v1 mkdir-mutex .lock DIRECTORY. Deps stay lean per plan budget: tinyjson 2.5 + rustix 1.1 (fs only — rustix::rand is Linux-only, so UUIDs come from /dev/urandom via std). Toolchain pinned via rust-toolchain.toml (1.85.0 + rustfmt/clippy). cargo test: 7/7 — incl. an 8-worker x 10-op cross-process race (80 untorn unique mailbox lines, 88 registry entries = zero lost RMW) and the .lock dir->file migration test. fmt --check clean; clippy -D warnings clean. (rust-port plan, step 3/8) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…or parity
Every tested invariant carried over:
- discover.rs: stat-then-content (READ_CAP=65536 bounded head-read), UUID
gate, Claude cwd-from-content + Codex session_meta parsing, newest-first
dedupe, cwd tie-break, root env resolution (RELAY_* overrides +
CLAUDE_CONFIG_DIR/CODEX_HOME). Read-only.
- cli.rs: the doorbell with BOTH UUID gates (--id and resolved-name), `--`
end-of-options fencing on parse AND spawn sides (claude -p --resume ... --
<msg> / codex exec resume ... -- <msg>), refuse-if-dir-missing, --dry.
- hook.rs: <session-relay-mail> fence + defuse() — rewritten byte-wise
eq_ignore_ascii_case after catching a to_lowercase() offset-misalignment
panic risk on untrusted non-ASCII input (self-caught pre-compile).
- bus.rs: 6 tool schemas embedded as a verbatim JSON literal (wire-identical
surface), JSON-RPC lifecycle w/ client protocolVersion echo, stdout purity
(spec MUST — logs only via stderr), RELAY_PROJECT_DIR ${...}-unsubstituted
fallback, hint strings now point at <plugin>/bin/relay wake.
New black-box bus_smoke test drives the real stdio lifecycle (initialize
echo, unanswered notification, 6 tools, whoami, -32602). cargo test 10/10;
fmt + clippy -D warnings clean; repo gate green. (rust-port plan, step 4/8)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…e.mjs 4-target assert (rust-port plan, step 5/8)
session-relay descriptor gains rust: { dir, bin, binName, targets }.
ci.mjs gateRust: cargo fmt --check + clippy -D warnings + --locked musl
host-leg build into bin/, committed-SHA256SUMS verify before the
self-test (warn-skip until step 7 lands binaries; cargo-absent machines
warn-skip — tag-CI enforces). release.mjs refuses to tag unless all 4
target binaries + launcher are committed executable with verifying
checksums (proven: dry-run errs listing the 3 non-host legs + launcher).
Shared helpers in scripts/lib/rust-bin.mjs; Linux host maps to the
static musl leg (builds with rustup target add alone — no musl-gcc).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…ommand + SKILL.md paths (rust-port plan, step 6/8) selftest.mjs no longer imports store.mjs — every store touch goes through the binary (flock is all-or-nothing): markers seeded by piping synthesized SessionStart events into 'relay hook', names via 'relay register', read-only assertions via new 'relay peek <who>'. 39 checks pass; skip-with-notice when bin/ holds no binary (cargo-less machine pre-step-7). 8x10 stress + lock liveness + fence-defuse matrix stay in cargo tests. SKILL.md: every relay.mjs / mcp/bus.mjs mention flips to <plugin>/bin/relay (incl. codex mcp add example; list awk field $3->$4 for the [tool] column); content_hash backfilled. Manifests still on Node — consumer-facing flip is step 7. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
…ain for build-binaries dispatch Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What's in here
Three plans on one exploration branch, two of them executed:
session-relay Rust port — steps 1–6 of 8 (plan:
docs/plans/active/session-relay-rust-port.md)plugins/session-relay/rust/: full behavioral port of the five Node store-touchers into one multi-callrelaybinary (bus/hook/CLI), kernelflockreplacing the mkdir-mutex, pinned toolchain 1.85.0, min-size release profile. 10 cargo tests incl. an 8×10 cross-process lock race and a black-box MCP lifecycle smoke.*--v*; guarded Rust provisioning in the validate job; newbuild-binaries.yml(workflow_dispatch only, 2 runners → 4 arches).rustcapability —ci.mjsgates fmt/clippy + a--lockedmusl host-leg build + committed-checksum verify;release.mjsrefuses to tag without all 4 committed binaries.selftest.mjsrewritten black-box (39 checks, every store touch through the binary), new read-onlyrelay peek, SKILL.md paths flipped to<plugin>/bin/relay.build-binaries.ymldispatched frommain(workflow_dispatch only lists default-branch workflows). Binaries land in a follow-up PR; the Node payload is deleted there too (step 8).knowledge-format lint & citations — executed + review passed (plan being shipped on this branch)
Karpathy LLM-Wiki Lint checks folded into context-tree audit + skill-maintenance drift tables; OKF/Karpathy cited as convergent prior art. No vendoring.
okf-knowledge-bundle — parked stub plan (
status: planned), untouched until picked up.Verification
node scripts/ci.mjsgreen locally (2 plugins + repo-wide, incl. the new Rust leg: fmt/clippy clean, musl host build, 39-check selftest).cargo test10/10;cargo clippy --all-targets -- -D warningsclean.release.mjs --dry-run --plugin session-relaycorrectly REFUSES to tag while binaries are uncommitted.🤖 Generated with Claude Code
https://claude.ai/code/session_01UyDDEDsq6yGeJKzNAwW3ZQ