feat(runtime): add Rust CAK runtime v0#11
Conversation
Add a host-neutral decision engine as a Rust workspace: EvalRequest -> Decision. - cak-runtime-core: pure engine, no I/O, no network, no subprocess. Facts come only from the in-memory request. - cak-runtime-cli (cakrt): eval and fixture-check commands. `eval` exits 0 for any valid decision including block; --enforce-exit-code makes block exit 2; exit 1 is reserved for invalid input or runtime error. - Four evaluators composed by priority: lifecycle, stage, proof, rdr-review. - Nine request/expected fixtures as the executable contract. - Agent-Skills-compatible pilot package skills/cak-rdr-review. - docs/22_cak_runtime_v0.md; Rust CI workflow; docs checker enforces doc 22. Existing Python runtime, docs check, and pytest are unchanged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c31edf2b92
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if matches!(kind, "recommend_merge" | "mark_ready") | ||
| && state_str(request, "decision_packet_status") != Some("decision_ready") |
There was a problem hiding this comment.
Scope RR1 to RDR packets before blocking mark_ready
mark_ready is also a generic stage-bound action, but this RDR rule runs in the default composite for every request. In a non-RDR stage workflow that proposes mark_ready without state.decision_packet_status, the missing field is treated as unknown and produces a hard RR1 block even if the stage context otherwise permits the action, forcing unrelated hosts to supply RDR-specific state just to proceed.
Useful? React with 👍 / 👎.
| if kind == "accept_trace_corpus" { | ||
| if let Some(status) = state_str(request, "trace_plan_status") { | ||
| if INSUFFICIENT_TRACE_STATUSES.contains(&status) { |
There was a problem hiding this comment.
Require a positive trace status before accepting corpora
For accept_trace_corpus, this only rejects three known-bad strings and otherwise falls through to allow, so a missing status or an unrecognized value such as pending/unknown is accepted as sufficient evidence. Since the emitted violation says the expected values are sufficient|pass, this should whitelist those positive statuses instead of allowing anything not explicitly blacklisted.
Useful? React with 👍 / 👎.
| if matches!(kind, "complete_workflow" | "execute_stage_bound_action") | ||
| && stage.stage_status == StageStatus::PreconditionsMissing |
There was a problem hiding this comment.
Include mark_ready in precondition checks
mark_ready is declared stage-bound and is blocked on stage mismatch, but this precondition-missing branch omits it. If a workflow proposes mark_ready while stage_status is preconditions_missing (and the RDR state does not separately block it), the stage gate allows the transition even though the same stage-bound action still has unsatisfied preconditions.
Useful? React with 👍 / 👎.
| if matches!(action.kind.as_str(), "activate_skill" | "claim_authority") | ||
| && action.authority == Some(AuthorityMode::Authoritative) | ||
| && matches!(maturity, Maturity::Draft | Maturity::Candidate) |
There was a problem hiding this comment.
Block quarantined skills from claiming authority
A claim_authority action for a quarantined or deprecated skill does not hit LG1 because that rule only checks activate_skill, and this LG3 condition only covers draft/candidate maturity. In that scenario the lifecycle gate returns allow even though the skill is explicitly quarantined/deprecated and is asking for authoritative control.
Useful? React with 👍 / 👎.
Why: - CAK Runtime v0 gates should fail closed for unsafe lifecycle, stage, proof, and RDR acceptance transitions found during PR review. What changed: - Block quarantined/deprecated skills from claiming authority and block prose verification claims after failed verifiers. - Scope RR1 to RDR review requests, require positive trace corpus status, and include mark_ready in stage precondition checks. - Add regression coverage and update runtime docs for the tightened gate behavior. Testing: - cargo fmt --check - cargo clippy --workspace --all-targets -- -D warnings - cargo test --workspace - python3 scripts/check_docs.py - python3 -m pytest Risk: - narrow - Hosts relying on fail-open unknown trace statuses or generic RDR mark_ready blocking may need explicit RDR context.
Why: - The review-found gate bypasses should be locked into the executable runtime contract, not only evaluator unit tests. What changed: - Add six request/expected fixture pairs covering LG4, SG2 mark_ready, PG4, RR1 non-RDR scope, and RR3 missing/pending trace statuses. - Register all 15 canonical fixture pairs and update fixture documentation. Testing: - cargo test -p cak-runtime-core --test fixtures - cargo fmt --check - cargo clippy --workspace --all-targets -- -D warnings - cargo test --workspace - python3 scripts/check_docs.py - python3 -m pytest Risk: - narrow - fixtures codify current v0 behavior and may need deliberate updates if gate semantics change.
Summary
Adds CAK Runtime v0: a host-neutral decision engine as a Rust workspace inside this repo. The entire boundary is
EvalRequest -> Decision.cak-runtime-core: the pure engine, data models, and four evaluators. No I/O, no network, no subprocess. Every fact comes from the in-memory request.cak-runtime-cli(cakrt): a thin CLI withevalandfixture-check.lifecycle_gate,stage_gate,proof_gate,rdr_review.skills/cak-rdr-review.docs/22_cak_runtime_v0.md, a dedicated Rust CI workflow, and the docs checker now enforce doc 22.Design follows the RDR-001 scope gate: an agent-native skill is a state/action-conditioned intervention, not a package, script, or prose.
Exit-code decision
blockis a valid domain decision, not a process error:cakrt evalexits0for any valid decision by default, includingblock.blockexits2only when--enforce-exit-codeis passed in CI gate mode.1is reserved for invalid input or a runtime error.Boundary and non-goals
Runtime v0 is not an agent framework, harness, MCP server, markdown parser, GitHub client, script executor, or generic rule DSL. The core never shells out, hits the network, or reads repo state. The existing Python runtime, docs check, and pytest are unchanged.
Verification
cargo fmt --check- cleancargo clippy --workspace --all-targets -- -D warnings- cleancargo test --workspace- 39 Rust tests pass, including a fixture-check over all 15 pairspython3 scripts/check_docs.py- passespython3 -m pytest- 44 passed, 1 skippedSee
docs/22_cak_runtime_v0.mdfor the full design, composition rules, and future extraction path.