From c354cc4bb07058c9a59e1c4358acb86fbafefdce Mon Sep 17 00:00:00 2001 From: Chris Huber Date: Sun, 21 Jun 2026 18:48:53 -0400 Subject: [PATCH] Remove Codebox host tool policy alias --- inc/Engine/AI/Tools/HostToolPolicy.php | 10 ++------- tests/boundary-forbidden-names-smoke.php | 16 ++++++++++++-- tests/pipeline-tool-policy-snapshot-smoke.php | 21 ++++++++----------- 3 files changed, 25 insertions(+), 22 deletions(-) diff --git a/inc/Engine/AI/Tools/HostToolPolicy.php b/inc/Engine/AI/Tools/HostToolPolicy.php index e324fc1ce..232ad781b 100644 --- a/inc/Engine/AI/Tools/HostToolPolicy.php +++ b/inc/Engine/AI/Tools/HostToolPolicy.php @@ -15,9 +15,7 @@ final class HostToolPolicy { private const ENV_POLICY_JSON = 'DATAMACHINE_HOST_TOOL_POLICY_JSON'; - private const SCHEMA_RUNTIME_TOOL_POLICY = 'datamachine/runtime-tool-policy/v1'; - // Deprecated transport alias retained for older sandbox hosts. - private const SCHEMA_LEGACY_SANDBOX_TOOL_POLICY = 'wp-codebox/sandbox-tool-policy/v1'; + private const SCHEMA_RUNTIME_TOOL_POLICY = 'agents-api/runtime-tool-policy/v1'; /** @var array */ private array $policy; @@ -166,11 +164,7 @@ private static function normalizePolicy( $policy ): ?array { */ private static function normalizeTransportPolicy( array $policy ): array { $schema = is_string( $policy['schema'] ?? null ) ? (string) $policy['schema'] : ''; - $supported_schemas = array( - self::SCHEMA_RUNTIME_TOOL_POLICY, - self::SCHEMA_LEGACY_SANDBOX_TOOL_POLICY, - ); - if ( ! in_array( $schema, $supported_schemas, true ) ) { + if ( self::SCHEMA_RUNTIME_TOOL_POLICY !== $schema ) { return $policy; } diff --git a/tests/boundary-forbidden-names-smoke.php b/tests/boundary-forbidden-names-smoke.php index 8a27f9665..583c76317 100644 --- a/tests/boundary-forbidden-names-smoke.php +++ b/tests/boundary-forbidden-names-smoke.php @@ -80,8 +80,9 @@ function datamachine_boundary_is_allowed_file( string $relative_path ): bool { 'homeboy' => '/homeboy/i', ); -$violations = array(); -$iterator = new RecursiveIteratorIterator( +$violations = array(); +$production_inc_violations = array(); +$iterator = new RecursiveIteratorIterator( new RecursiveCallbackFilterIterator( new RecursiveDirectoryIterator( $root, FilesystemIterator::SKIP_DOTS ), function ( SplFileInfo $file ) use ( $root ): bool { @@ -111,12 +112,23 @@ function ( SplFileInfo $file ) use ( $root ): bool { foreach ( $forbidden_patterns as $label => $pattern ) { if ( preg_match( $pattern, $contents ) ) { $violations[] = "{$relative_path} contains {$label}"; + if ( 'codebox' === $label && str_starts_with( $relative_path, 'inc/' ) ) { + $production_inc_violations[] = "{$relative_path} contains {$label}"; + } } } } +datamachine_boundary_assert( array() === $production_inc_violations, 'production inc files have no Codebox vocabulary', $failures, $passes ); datamachine_boundary_assert( array() === $violations, 'first-party source has no downstream runtime names outside explicit harness/generated allowlists', $failures, $passes ); +if ( ! empty( $production_inc_violations ) ) { + echo "\nProduction inc boundary mentions:\n"; + foreach ( $production_inc_violations as $violation ) { + echo " - {$violation}\n"; + } +} + if ( ! empty( $violations ) ) { echo "\nForbidden boundary mentions:\n"; foreach ( $violations as $violation ) { diff --git a/tests/pipeline-tool-policy-snapshot-smoke.php b/tests/pipeline-tool-policy-snapshot-smoke.php index c70f04746..71d0fda78 100644 --- a/tests/pipeline-tool-policy-snapshot-smoke.php +++ b/tests/pipeline-tool-policy-snapshot-smoke.php @@ -586,7 +586,7 @@ function resolve_policy_tools_with_evidence_for_test( array $flow_step_config, a echo "\n[14] host tool policy accepts generic list-shaped runtime policy payloads:\n"; $transport_policy = array( - 'schema' => 'datamachine/runtime-tool-policy/v1', + 'schema' => 'agents-api/runtime-tool-policy/v1', 'default_location' => 'runner', 'tools' => array( array( @@ -609,18 +609,15 @@ function resolve_policy_tools_with_evidence_for_test( array $flow_step_config, a assert_policy_equals( 'client', $resolution['alpha_tool']['executor'] ?? null, 'generic runtime policy delegates explicit control-plane tool', $failures, $passes ); assert_policy_equals( null, $resolution['beta_tool']['executor'] ?? null, 'generic runtime policy leaves runner-default tool local', $failures, $passes ); -echo "\n[15] host tool policy accepts legacy sandbox runtime policy payloads:\n"; -$legacy_transport_policy = array( - 'schema' => 'wp-codebox/sandbox-tool-policy/v1', +echo "\n[15] host tool policy accepts neutral host policy payloads:\n"; +$host_policy = array( + 'schema' => 'datamachine/host-tool-policy/v1', 'default_location' => 'runner', 'tools' => array( - array( - 'id' => 'alpha_tool', - 'execution_location' => 'control_plane', - ), + 'alpha_tool' => array( 'execution_location' => 'control_plane' ), ), ); -$resolution = ( new ToolPolicyResolver( new SnapshotPolicyToolManager() ) )->resolve( +$resolution = ( new ToolPolicyResolver( new SnapshotPolicyToolManager() ) )->resolve( array( 'mode' => ToolPolicyResolver::MODE_PIPELINE, 'pipeline_step_id' => 'ephemeral_pipeline_0', @@ -628,11 +625,11 @@ function resolve_policy_tools_with_evidence_for_test( array $flow_step_config, a 'categories' => array(), 'allow_only_explicit' => true, 'allow_only' => array( 'alpha_tool', 'beta_tool' ), - 'host_tool_policy' => $legacy_transport_policy, + 'host_tool_policy' => $host_policy, ) ); -assert_policy_equals( 'client', $resolution['alpha_tool']['executor'] ?? null, 'legacy sandbox policy delegates explicit control-plane tool', $failures, $passes ); -assert_policy_equals( null, $resolution['beta_tool']['executor'] ?? null, 'legacy sandbox policy leaves runner-default tool local', $failures, $passes ); +assert_policy_equals( 'client', $resolution['alpha_tool']['executor'] ?? null, 'neutral host policy delegates explicit control-plane tool', $failures, $passes ); +assert_policy_equals( null, $resolution['beta_tool']['executor'] ?? null, 'neutral host policy leaves runner-default tool local', $failures, $passes ); echo "\n[16] host tool policy ignores unrecognized list-shaped transport payloads:\n"; $transport_policy = array(