P1 (part 1): move skilltools core -> tool/ (clean, verbatim)
executus CI / test (push) Successful in 36s

The tool registry core (registry, permission model, Invocation, gated-tool
wrapper, ssrf guard, hmac, encryption, argcoerce, helpers, rootrun,
session_tools, webhook_rate_limit) had zero mort coupling — it imports only
majordomo/llm + x/crypto/hkdf — so it moves verbatim with a package rename
(skilltools -> tool). All same-package tests came along and pass; the SSRF,
gated-wrapper, encryption and output-pattern invariants are re-anchored here.

majordomo re-enters the module graph (now pinned to the latest, incl. the
front-loaded-output fix). model/ + llmmeta + structured follow next.

Docs: CLAUDE.md now requires README/examples to stay in sync with changes in
the same commit; CI skips docs/example-only pushes via paths-ignore.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-26 19:31:47 -04:00
parent d2c18ad5bb
commit dc28b63ad8
24 changed files with 3461 additions and 1 deletions
+18
View File
@@ -0,0 +1,18 @@
package tool
// RootRunKVPartition is the sentinel skill_id partition under which all
// `root_run:<id>` KV rows are stored.
//
// Why a sentinel: skill KV rows are keyed (skill_id, scope, key), so
// two sibling workers with different IDs (e.g. agent_spawn ephemeral
// workers under one fan-out) could never share state through a scope
// string alone — each would read/write its own partition. Routing every
// root_run scope into one shared partition makes the scope string the
// real boundary: it embeds the root run id, which the validator checks
// against Invocation.RootRunID, so per-tree isolation holds even though
// the partition is global.
//
// Declared in the root skilltools package (not tools/) because both the
// tool handlers (pkg/skilltools/tools) and the storage sweeper
// (pkg/logic/skills) need it without importing each other.
const RootRunKVPartition = "__root_run__"