cli-guard grew an ops-orchestration engine (stepflow health/canary/rollback) it should not own; eco-server spec reaches infra by hardcoded host path #190
Labels
No labels
burndown-2026-06
sunday-sprint
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/cli-guard#190
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
cli-guard is a security-boundary framework: it sits between a semi-trusted agent and the host and decides what may run. It has quietly grown an ops-orchestration engine that does not belong at that layer, and the Eco pipeline that consumes it reaches the host by hardcoded absolute filesystem path. Both ends are wrong. Kai wants this recorded and redesigned so the Eco ops surface can be rebuilt sturdy.
The two problems
1. cli-guard owns primitives a guard should never own.
pkg/stepflow(pkg/stepflow/stepflow.go) is a full sequencing-plus-rollback-plus-health-watch engine:Steps with aCompensation(reverse-order rollback on failure),Canarythat re-samples a "health" leaf everyEveryup toWindow, judgingDegradedWhen/HealthyWhenvia JMESPath and driving the rollback path mid-window.That is a deploy/ops-pipeline concern (snapshot, promote, canary, roll back), not a security-gate concern. A framework whose job is "should this argv be allowed to touch the host" has no business also being the thing that decides a service is healthy or that a rollout should be reverted. The
http/specverb/action_rollback.go+ exec-dialect actions are the same accretion on the HTTP side. cli-guard is meant to be the engine external contributors clone with no upstream knowledge (lowest layer of the gradient), so a healthcheck/canary primitive living here is a layering inversion.2. The eco-server spec reaches the host by hardcoded path.
The consuming guardfile (
ward/cmd/ward-kdl/ward-kdl.eco-server.guardfile.kdl) wires every step to an absolute path on kai-server:So the "guarded" contract is really "run whatever bytes currently sit at this filesystem path on the box." There is no versioned or content-addressed contract between the spec and the infra scripts it fires. Move the scripts, rename a repo dir, or drift the box, and the guarantee silently changes.
Why it matters now
Kai is rebuilding the Eco ops surface (revive of the read-only observe capability in ward#547, plus the full-clone-URL dep work) and wants it sturdy. That rebuild should not sit on top of an orchestration engine mislocated in the security boundary, nor on host-path coupling. Get the layering right first.
Ask (design, then land)
ward ops eco server promote) or the read-only observe verbs being added in ward#547.Refs
cli-guard/pkg/stepflow/stepflow.go,cli-guard/http/specverb/action_rollback.go.ward/cmd/ward-kdl/ward-kdl.eco-server.guardfile.kdl,ward/docs/ops-eco.md(records the "landed in cli-guard as pkg/stepflow + exec-dialect actions" decision this issue reverses).Design steer from Kai (2026-07-05)
Some orchestration IS valuable - do not throw the sequencing baby out with the bathwater. The problem is first-class health-check and rollback primitives, not orchestration as such.
So the target is not "delete stepflow." It is: keep a generic step-sequencing capability (ordered steps, threading data between them) available to whatever layer owns pipelines, but do not bake domain concepts like "healthcheck" and "rollback" in as first-class engine primitives. A canary that judges service health and a compensating rollback are domain/ops policy, expressed in the pipeline definition, not verbs the guard engine itself understands.
Concretely for the recommendation:
Canary,DegradedWhen/HealthyWhen) and compensating rollback: not first-class. Express them as ordinary steps / config the pipeline author writes, or push them down into the infra scripts that already know how to probe and restore. The engine should not have ahealthorrollbackconcept.Recommend the split accordingly, and show how the eco-server promote pipeline re-expresses its canary + rollback as pipeline-author policy rather than engine primitives.