config.lua header gains a Phase 9 paragraph documenting the
project-overlay feature + the R7 shallow-merge warning ("if your
.aish.lua sets a top-level block, it REPLACES the user's entire
block — list every entry OR omit the block"). Inspect at runtime
via `:config show`.
docs/PHASE9.md status header bumped: "Plan + review fold-in" ->
"Implement". Lists the 4 implement commits inline:
e525063 history: trust file helpers
34b465d main: project-overlay loader
5b6ee55 repl: :config show meta + HELP
this config template comment + status bump
Phase 9 implementation complete. Next inner-loop step: verify
(file TCs, run autonomous, close) + memory-update.
Regression: test_safety 87/87, test_router_model 31/31, repl loads.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sonnet review of PHASE9 (formulate + analyze + baseline + plan at
31e5de5). No BLOCKERs (manifest design sound); seven real CONCERNs
including a path-prefix bug + a piped-stdin interaction that would
have surfaced at implement time.
CONCERNs (FOLDED):
R1. HOME-prefix walk-up false positive — dir:sub(1, #home) ~= home
matches /home/user2 when HOME=/home/user. Real bug. Fix:
`dir ~= home and dir:sub(1, #home + 1) ~= home .. "/"`.
R2. A8's io.read("*l") fallback for trust prompt would consume the
first line of piped stdin in aish -p mode. Fix: SKIP trust
prompt in one-shot mode (load only pre-trusted overlays).
If rl.readline misbehaves interactively, emit status + skip
overlay (no fallback to stdin in either mode).
R3. Sources-map delivery decided: cfg-embedded as config._sources.
Globals across module boundaries explicitly avoided. Backward-
compat: if absent, :config show reports "(sources unknown)".
R4. _prompt_trust signature fixed — takes pre-computed sha; single
sha256 call per startup per project file.
R5. _check_trusted no longer reimplements trust-file read logic;
routes through history.is_trusted / history.add_trusted with
AISH_TRUST_FILE env override (single resolution site).
R6. :config show `full` mode masking now spec'd: same heuristic
applied RECURSIVELY to nested values (mcp.servers.X.auth_token
is the actual leak vector).
R7. Shallow-merge UX trap reframed — was "documented as predictable";
now an explicit conspicuous warning in done-when + UX surface +
config.lua template that "if your .aish.lua sets a top-level
block, it REPLACES the user's entire block". Deep-merge with
explicit-replace-syntax v2 polish.
NITs (APPLIED):
N1. (no doc change — review-prompt clarification only)
N2. key_env / auth_env over-masking documented as known cosmetic
false-positive (env-var names, not secrets).
N3. Sources-map decision added to open-at-plan-time before
falling-into-commit-2 surprise.
N4. Trust-file first-write atomicity edge case documented (manual
delete to recover); temp-file+rename = v2.
N5. Stale "stat" mention in §3 module table removed (A2: io.open
is sufficient; no new FFI).
Code sketches in §4 + §5 + §6 + §13 commits 2+3 all updated to
reflect the fixes. Manifest is internally consistent + matches the
history.lua API to be added in commit 1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bundled the three doc steps since the surface is small (4-commit
impl, no major redesigns from formulate).
Analyze findings (12, A1-A12):
A1-A2 — main.lua surface clean; no new FFI needed
A3 — Q-P2 RESOLVED via baseline: sha256sum (GNU coreutils)
A4 — Q-P1: trust prompt AFTER user-config status line
A5 — Q-P3: don't log walk-up by default; :config show on demand
A6 — Q-P5: :cfg show top-level by default; `full` for deep
A7 — Q-P6: project may set secrets.vault (covered by trust prompt)
A8 — Q-P4 DEFERRED: rl.readline early-startup smoke at impl time
A9 — walk-up perf <1ms even pessimistic
A10 — trust-file race: JSONL append-only handles concurrent writes
A11 — sandboxed dofile out of scope (trust prompt IS the gate)
A12 — bootstrap order is correct: user→project→secrets_session
Baseline:
B1 — sha256sum + openssl agree byte-for-byte on noether;
sha256sum chosen (universal + simpler parse).
§10 Open Qs table now shows resolutions inline (5/6 done; Q-P4
deferred to implement-time smoke).
§13 Implementation Plan added — 4 commits:
1. history.lua: trust file helpers (read/add/is_trusted + _sha256_file)
2. main.lua: walk-up + load_config_with_overlay + trust prompt
3. repl.lua: :config show meta + startup status line
4. config.lua header note + status -> Implement
Per-commit risk index covers sha256sum-missing case, JSONL partial
write, A8 rl.readline early-startup, symlink-loop walk-up,
:config show token leakage via conservative masking heuristic.
Open at plan-time (resolve at impl):
- A8 rl.readline behavior; fall back to io.read if broken
- $AISH_TRUST_FILE env override for CI isolation
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
marfrit