Problem
Atrium/Centaur currently materialize harness config/auth at sandbox boot, but changes made inside a session do not become durable profile changes. That is the right default for safety, but we need an explicit UX for useful config changes the user wants to keep for future sessions.
This applies to both Codex and Claude Code. It should not become .codex / .claude directory mirroring.
Current behavior
- Centaur routes
.codex / .claude through the harness-state lane, with auth/credential paths denied.
- The harness transcript JSONL is captured/restored for exact resume.
auth.json, .credentials.json, key material, and credential-shaped paths are denied and should never be synced as artifacts or profile bundles.
- Codex
config.toml and Claude settings.json are copied/overlaid fresh at startup from harness config/env.
- Atrium has provider credential storage for Codex and Claude Code, but not a durable Agent Profile/profile-bundle model with writeback.
Desired direction
Add profile/config writeback as an explicit Atrium GUI/API workflow, not agent self-management and not directory mirroring.
Proposed UX:
- Sandbox/session may produce allowlisted profile-relevant config changes.
- Atrium detects or imports a redacted diff against the session profile snapshot.
- User chooses one of:
- discard
- apply only to this session / resume lineage
- save to current profile
- save as a new profile
- Future sessions can select that profile.
Constraints
- Never write back credentials, refresh tokens, auth files, private keys,
.netrc, .git-credentials, or raw provider login caches.
- Keep credentials in the encrypted credential/broker path.
- Keep harness transcript exact-resume separate from profile bundles.
- Support both Codex and Claude Code formats.
- Prefer structured adapters for each provider instead of opaque whole-directory snapshots.
Open questions
- What is the initial allowlist for Codex? Likely
config.toml sections for model defaults, sandbox/approval defaults, MCP server declarations, plugin enablement, and feature flags; exclude auth and volatile app state.
- What is the initial allowlist for Claude? Likely
settings.json, commands/agents/skills/plugin manifests, and MCP/tool permissions; exclude auth, telemetry, caches, history, projects, tasks, session-env, and file-history unless separately classified.
- Should writeback be diff-from-snapshot at session end, an explicit "Save config changes" action, or both?
- Do profile bundles live in Atrium DB rows, object-store entries, or both?
Related context
notes/adr-typed-sync-roots.md: accepted lane boundary says future Agent Profiles and credential refresh-writeback should plug into typed lanes.
notes/session-record-projection-build-plan.md: references adjacent Agent Profile / Credentials / Memory lanes as future work.
- Existing provider credential table/routes cover Codex + Claude Code auth status, but not profile config persistence.
Problem
Atrium/Centaur currently materialize harness config/auth at sandbox boot, but changes made inside a session do not become durable profile changes. That is the right default for safety, but we need an explicit UX for useful config changes the user wants to keep for future sessions.
This applies to both Codex and Claude Code. It should not become
.codex/.claudedirectory mirroring.Current behavior
.codex/.claudethrough the harness-state lane, with auth/credential paths denied.auth.json,.credentials.json, key material, and credential-shaped paths are denied and should never be synced as artifacts or profile bundles.config.tomland Claudesettings.jsonare copied/overlaid fresh at startup from harness config/env.Desired direction
Add profile/config writeback as an explicit Atrium GUI/API workflow, not agent self-management and not directory mirroring.
Proposed UX:
Constraints
.netrc,.git-credentials, or raw provider login caches.Open questions
config.tomlsections for model defaults, sandbox/approval defaults, MCP server declarations, plugin enablement, and feature flags; exclude auth and volatile app state.settings.json, commands/agents/skills/plugin manifests, and MCP/tool permissions; exclude auth, telemetry, caches, history, projects, tasks, session-env, and file-history unless separately classified.Related context
notes/adr-typed-sync-roots.md: accepted lane boundary says future Agent Profiles and credential refresh-writeback should plug into typed lanes.notes/session-record-projection-build-plan.md: references adjacent Agent Profile / Credentials / Memory lanes as future work.