df4033f42e
executus CI / test (pull_request) Successful in 48s
Second-pass findings on the security fix: - Mime sanitized ONCE and passed to BOTH StageInputFile and the descriptor (was passing raw f.MimeType to the host store while only the descriptor sanitized) — 3 models. - sanitizeField now also strips Unicode format chars (category Cf, incl. the bidi overrides U+202A–U+202E that can reorder how the descriptor renders); IsControl already covers \n\r\t so the explicit checks are dropped. - fileID is sanitized before inlining + an empty file_id drops the file (defense vs a misbehaving stager). - humanizeBytes clamps the prefix index so an absurd size (≥1024^6) can't index past "KMGTPE" and panic — a no-panic guarantee independent of the per-file cap. - Docs sync: README Ports list gains InputFiles; tool.InputFile.Name doc now says the executor reduces an untrusted name to a safe base name (was claiming the field is already safe). Tests: bidi/control stripping; mime sanitized in staged value + descriptor; empty file_id drop; humanizeBytes no-panic across sizes up to 1<<62. Suite green (-race). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
73 lines
3.5 KiB
Markdown
73 lines
3.5 KiB
Markdown
# executus
|
||
|
||
> ⚠️ **This project is vibe-coded.**
|
||
> executus is written almost entirely by an AI coding agent (Claude), with a
|
||
> human steering at the design and review level rather than typing the code.
|
||
> That's a deliberate choice, stated up front — the same way [gadfly] is. Read
|
||
> the code before you depend on it, pin a version, and file issues if something
|
||
> looks off. It is offered as-is.
|
||
|
||
[gadfly]: https://gitea.stevedudenhoeffer.com/steve/gadfly
|
||
|
||
A **batteries-included base for building LLM agent harnesses in Go.** Import it,
|
||
do a little wiring, and you have agentic capabilities: a bounded run loop, a tool
|
||
registry with a suite of common tools, context compaction, config-driven model
|
||
tiering and failover, structured output, and parallel fan-out — with sensible
|
||
defaults so a brand-new project is agentic with almost no setup, and pluggable
|
||
seams so a serious host can swap in its own storage, config, delivery, and tools.
|
||
|
||
executus sits **strictly above** [majordomo] — the lean LLM substrate (agent
|
||
loop, canonical `llm` types, providers, media normalization, model parsing /
|
||
failover / tiering). majordomo stays the substrate; executus is the opinionated,
|
||
batteries-included layer on top. executus requires **no changes to majordomo**.
|
||
|
||
[majordomo]: https://gitea.stevedudenhoeffer.com/steve/majordomo
|
||
|
||
## Status
|
||
|
||
Early. Being extracted, phase by phase, from the agent layer of [mort] (a Discord
|
||
bot) — mort and gadfly are the first two consumers (heavy and light). See
|
||
`CLAUDE.md` for the architecture and the extraction roadmap (P0–P6).
|
||
|
||
[mort]: https://gitea.stevedudenhoeffer.com/steve/mort
|
||
|
||
**Available today:**
|
||
|
||
- `run/` — **executus is runnable.** `run.Executor` ties model resolution, the
|
||
tool registry, majordomo's agent loop, context compaction, run-bounding, and
|
||
step/audit instrumentation into one `Run(ctx, RunnableAgent, inv) Result`, with
|
||
every host concern behind a nil-safe `run.Ports` (Audit/Budget/Critic/
|
||
Checkpointer/PaletteSource/Delivery/InputFiles). See `examples/minimal`.
|
||
- `model/` — config-driven tier resolution + failover over majordomo, with
|
||
pluggable `UsageSink`/`TraceSink` and `GenerateWith[T]` structured output.
|
||
- `tool/` — the tool registry + 3-stage permission model + SSRF guard.
|
||
- `compact/` — the per-run context compactor.
|
||
- `lane/` — bounded worker pool with fair-share queueing (run- and
|
||
provider-concurrency).
|
||
- `fanout/` — programmatic N×M swarm with bounded global + per-key concurrency.
|
||
- `config/`, `deliver/`, `identity/` — host seams (config / output / identity),
|
||
each with a shipped default.
|
||
- `dispatchguard/`, `pendingattach/` — run-safety primitives.
|
||
- `examples/reviewer` — a **gadfly-shaped PR reviewer on the core only** (env-config
|
||
model fleet → `fanout` N×M swarm → `model.GenerateWith[T]` structured findings →
|
||
consolidation), the light-tier canary; CI asserts it pulls in no battery.
|
||
|
||
## Design
|
||
|
||
Two tiers in one module (`go.mod` = majordomo + stdlib only):
|
||
|
||
- **Core** — everything a light host needs to be agentic: run loop, tool
|
||
registry + common tools, model resolution, compaction, lanes, fan-out,
|
||
structured output. No persistence, no scheduling.
|
||
- **Batteries** (opt-in sibling packages) — persona/agent nouns, saved skills,
|
||
audit, run-critic, scheduling, budgets, checkpointing. Each is nil-safe and
|
||
ships a default, so you add only what you use.
|
||
|
||
Persistence that needs a real database lives in a **separate** nested module
|
||
(`contrib/store`, pure-Go SQLite) so the core never drags in a DB driver — a
|
||
static-binary host (gadfly) stays static.
|
||
|
||
## License
|
||
|
||
TBD.
|