Skip to content

feat(wiki): headless authoring delegates to the full zetetic agent roster#72

Merged
cdeust merged 1 commit into
mainfrom
feat/headless-authoring-zetetic-agents
Jun 30, 2026
Merged

feat(wiki): headless authoring delegates to the full zetetic agent roster#72
cdeust merged 1 commit into
mainfrom
feat/headless-authoring-zetetic-agents

Conversation

@cdeust

@cdeust cdeust commented Jun 30, 2026

Copy link
Copy Markdown
Owner

What

Lets the headless wiki-authoring drain load the user's full zetetic specialist roster (architect, engineer, code-reviewer, test-engineer, security-auditor, refactorer, devops-engineer, dba, …) and delegate read-only codebase analysis to it — instead of a single confined generalist claude -p pass. Follows up #70/#71.

How

  • Two-mode argv (claude_cli._build_argv, gated on CORTEX_HEADLESS_AGENTS, default 1):
    • Agents mode: --setting-sources user (loads the user roster only — project/local sources excluded, so a malicious repo can't inject settings/hooks) + --tools Read,Glob,Grep,Task + hard --disallowedTools Write,Edit,Bash,NotebookEdit.
    • Solo mode (=0): the hardened --safe-mode path, no roster, no Task.
  • Hook neutralisation (hooks/_headless_guard): --setting-sources user also loads the user's hooks, which would recurse (SessionEnd → consolidation → authoring → SessionEnd …) and pollute memory. The worker stamps CORTEX_HEADLESS_AUTHORING_CHILD=1 into the child env; every Cortex hook now no-ops there.
  • Delegation hint: per-page-kind paragraph added to the section/page/anchor prompt builders, gated on the knob (omitted in solo mode where Task is absent). Untrusted-source guard preserved.
  • Refactor: argv/env construction extracted to claude_cli (keeps headless_authoring < 500 lines; carries the full audit-B-1 security argument).

Root-cause fix (surfaced while verifying)

The variadic --add-dir <directories...> was swallowing the trailing positional prompt → CLI errored Input must be provided, so every drain with a source_root had been failing silently since #70 (mocked subprocess hid it from tests). The prompt now travels via STDIN — no argv-ordering fragility.

Verification (zetetic)

Live probe, claude CLI 2.1.197, subscription, production argv:

  • ✅ Roster loads (engineer, architect, code-reviewer, test-engineer, security-auditor, refactorer, devops-engineer, dba via Task).
  • ✅ Hard ceiling propagates to subagents: a delegated engineer had no Write tool and created no file.
  • ✅ No file written to disk.
  • ✅ Hook short-circuit proven by integration test (python -m invocation exits 0 before any work when the flag is set).

Note: agents mode costs more per page (delegation spawns subagents) — bounded by the existing CORTEX_HEADLESS_USD_BUDGET / wall-clock caps.

Tests

672 hooks+handlers tests green; ruff clean. New coverage: agents/solo argv, child-flag env, stdin-not-argv regression, guard short-circuit subprocess, delegation-hint splicing across all three builders.

🤖 Generated with Claude Code

https://claude.ai/code/session_019o58McF4LRfvGNNXaqG2Au

…ster

Lets the headless wiki-authoring drain load the user's full specialist
roster (architect, engineer, code-reviewer, …) and delegate read-only
codebase analysis to it, instead of a single confined generalist pass.

Agents mode (CORTEX_HEADLESS_AGENTS=1, default) builds the ``claude -p``
argv with ``--setting-sources user`` (loads the user roster only —
project/local sources stay excluded, so a malicious repo cannot inject
settings/hooks) + ``--tools Read,Glob,Grep,Task`` + a hard
``--disallowedTools Write,Edit,Bash,NotebookEdit`` ceiling. Solo mode
(=0) keeps the hardened ``--safe-mode`` path. Verified live against
claude CLI 2.1.197 (subscription): the roster loads; a delegated
``engineer`` subagent has NO Write tool and creates no file (the deny
ceiling propagates to subagents); no file is written to disk.

Hooks: ``--setting-sources user`` also loads the user's hooks, which
would recurse (SessionEnd → consolidation → authoring → SessionEnd …)
and pollute memory. New ``hooks/_headless_guard`` makes every Cortex
hook no-op when the worker stamps ``CORTEX_HEADLESS_AUTHORING_CHILD=1``
into the child env.

Prompts: per-page-kind delegation hint added to the section/page/anchor
builders, gated on the agents knob (omitted in solo mode where Task is
absent); the untrusted-source guard is preserved.

Root-cause fix surfaced while verifying: the variadic ``--add-dir``
swallowed the trailing positional prompt ("Input must be provided"),
so every drain with a source_root had been failing silently since #70.
The prompt now travels via STDIN — no argv-ordering fragility.

Refactor: argv/env construction extracted to ``claude_cli`` (keeps
headless_authoring < 500 lines; carries the full audit-B-1 argument).

Tests: agents/solo argv, hard-ceiling env flag, stdin-not-argv
regression, guard short-circuit (subprocess), delegation-hint splicing.
672 hooks+handlers tests green; ruff clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019o58McF4LRfvGNNXaqG2Au
@cdeust cdeust merged commit ab4df13 into main Jun 30, 2026
13 checks passed
@cdeust cdeust deleted the feat/headless-authoring-zetetic-agents branch June 30, 2026 22:17
@cdeust cdeust mentioned this pull request Jun 30, 2026
cdeust added a commit that referenced this pull request Jun 30, 2026
…forgetting (#73)

Bumps version across pyproject/server/manifest/marketplace/plugin manifests and
records the 3.25.0 CHANGELOG section covering #67#72:
- feat: active forgetting module (#69), safe headless drain (#70), full zetetic
  agent roster for wiki authoring (#72)
- fix: Windows portability (#68), subscription-default billing (#71),
  variadic --add-dir prompt-swallow root cause (#72)
- deps: pydantic-settings 2.14.0→2.14.2 security patch (#67)


Claude-Session: https://claude.ai/code/session_019o58McF4LRfvGNNXaqG2Au

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant