gstack

Commit Graph

Author	SHA1	Message	Date
Garry Tan	5373bc32ae	feat(brain): gstack-config brain integration helpers (T5+T10+T16) Extends bin/gstack-config to support the brain-aware planning layer: KEY VALIDATION (T5): Plain alphanumeric/underscore now extended to allow @<hex-hash> suffix. Required for per-endpoint namespaced keys (brain_trust_policy@<sha8>, user_slug_at_<sha8>). Keys without the suffix still validate as before. VALUE WHITELISTING (D4 / D11): brain_trust_policy@* values gated to personal \| shared \| unset. Unknown values warn + default to unset (defense against typos). NEW DEFAULTS (lookup_default): brain_trust_policy@* -> unset salience_allowlist -> '' (resolver uses SALIENCE_DEFAULT_ALLOWLIST) user_slug_at_* -> '' (resolve-user-slug fills + persists on demand) NEW SUBCOMMANDS: endpoint-hash — print sha8 of active gbrain MCP URL from ~/.claude.json. Collision check escalates to sha16 when a prior endpoint stored at the same sha8 would conflict (T10 defensive default). resolve-user-slug — walks D4 A3 identity chain: 1. mcp__gbrain__whoami.client_name 2. $USER env var 3. sha8(git config user.email) 4. anonymous-<sha8(hostname)> Persists result on first call so subsequent calls are stable across sessions. test/user-slug-fallback.test.ts: 14 tests covering endpoint-hash output shape, fallback chain ordering, persistence, brain_trust_policy namespace value validation + per-endpoint isolation, and key validator extension for @-suffixed keys. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-26 23:10:27 -07:00

Author

SHA1

Message

Date

Garry Tan

5373bc32ae

feat(brain): gstack-config brain integration helpers (T5+T10+T16)

Extends bin/gstack-config to support the brain-aware planning layer:

KEY VALIDATION (T5):
  Plain alphanumeric/underscore now extended to allow @<hex-hash> suffix.
  Required for per-endpoint namespaced keys (brain_trust_policy@<sha8>,
  user_slug_at_<sha8>). Keys without the suffix still validate as before.

VALUE WHITELISTING (D4 / D11):
  brain_trust_policy@* values gated to personal | shared | unset.
  Unknown values warn + default to unset (defense against typos).

NEW DEFAULTS (lookup_default):
  brain_trust_policy@*  -> unset
  salience_allowlist    -> '' (resolver uses SALIENCE_DEFAULT_ALLOWLIST)
  user_slug_at_*        -> '' (resolve-user-slug fills + persists on demand)

NEW SUBCOMMANDS:
  endpoint-hash      — print sha8 of active gbrain MCP URL from
                       ~/.claude.json. Collision check escalates to sha16
                       when a prior endpoint stored at the same sha8
                       would conflict (T10 defensive default).
  resolve-user-slug  — walks D4 A3 identity chain:
                         1. mcp__gbrain__whoami.client_name
                         2. $USER env var
                         3. sha8(git config user.email)
                         4. anonymous-<sha8(hostname)>
                       Persists result on first call so subsequent
                       calls are stable across sessions.

test/user-slug-fallback.test.ts: 14 tests covering endpoint-hash output
shape, fallback chain ordering, persistence, brain_trust_policy
namespace value validation + per-endpoint isolation, and key validator
extension for @-suffixed keys.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-26 23:10:27 -07:00

1 Commits