fix(spawn): GrokMembrane 0.13.1 — drop's seat-A blockers (grounded on real grok)#77
Merged
Merged
Conversation
… real grok 0.2.54 Addresses the seat-A review of #76 (which merged + released 0.13.0 under commander expedite ~1min before the verdict landed). Every fix re-derived from the REAL grok 0.2.54 binary (strace + --help + env-symbol probe), not help-text reasoning — the source of the original misses. B2 (auth, BLOCKER): grok reads $HOME/.grok/auth.json; the symlink was placed one level too high at $HOME/auth.json → every fresh cell came up logged-OUT. strace-verified positive control. Now symlink at <HOME>/.grok/auth.json. B3 (genesis-resume, BLOCKER): grok --resume REQUIRES a pre-existing session (claude --session-id MINTS); passing a swarph-minted UUID errored "Session does not exist" on first spawn. Now: grok owns its sessions — --continue when one exists for the cwd, nothing on genesis (grok mints). uses_pinned_session → False; grok moves to the fresh-session dispatch branch. H1 (Windows launch): GrokMembrane.launch was unconditional execve — the exact pane-collapse pattern claude.launch fixed in 0.12.1. Added the win32 subprocess.run / POSIX execve split. H2 (token cutover): stop popping MESH_GATEWAY_TOKEN — the membrane never placed the per-peer token file it promised, so popping muted a fresh cell on the mesh. Match claude/codex/agy (inherit the token); cutover is a separate explicit feature. H3 (scrub vars): _GROK_EXTRA_LEAK_KEYS was partly FICTIONAL (XAI_API_HOST etc aren't real grok vars). Replaced with the real redirect surface incl the sharp GROK_AUTH_PROVIDER_COMMAND / GROK_ASKPASS / GROK_GATEWAY_URL / GROK_OIDC_ISSUER. H4 (sandbox): grok cell was the only sibling both auto-approve AND unconfined. Default --sandbox workspace (real profile; off/workspace/devbox/read-only/ strict), independent of --always-approve; set sandbox: off to disable. M1/M2 (identity): --agent is grok's PROFILE selector (unknown role silently ignored), and grok DOES have --system-prompt-override (earlier claim was wrong). Starter now carried via --system-prompt-override; grok added to the assisted-memory CURRENT_TASK re-injection branch. M3 (symlink robustness): is_symlink + readlink validation replaces a stale/ dangling/foreign link instead of silently keeping it. 10 grok tests rewritten to the corrected design + a Windows launch-split test; full suite 840 passing against the REAL published swarph_shared 0.3.3 (clean venv, no local-grok-edit contamination — the false-green class that masked B1). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
BLOCKER — double --system-prompt-override: _build_grok_argv emits it for the starter AND the assisted-memory restore appended a SECOND one for CURRENT_TASK → grok's clap rejects a repeated flag → cell never launches (fires on a grok cell with starter_prompt_path + assisted_memory.enabled, reached on the normal tmux respawn). The M2 fix copied claude's repeated- --append-system-prompt (which concatenates) without grok's reject-on-repeat delta. FIX: CURRENT_TASK now injected via --rules (distinct flag, appends to system prompt); starter keeps --system-prompt-override. + regression test. HIGH — GROK_HOME / GROK_AUTH_PATH unscrubbed: grok honors GROK_HOME OVER $HOME (strace-verified by reviewer), so an inherited one silently bypassed the ENTIRE isolated-HOME scheme (cell reads operator auth + writes sessions back to the shared dir). The enumerated leak-key list missed them. FIX: replace enumeration with DENY-BY-DEFAULT over the whole GROK_*/XAI_* namespace (allowlist empty) — closes the redirect class (GROK_HOME/AUTH_PATH/AUTH, GROK_MANAGED_CONFIG_URL, GROK_OAUTH2_*, *_URL family) instead of whack-a-mole. + namespace-scrub test. MEDIUM — sandbox opt-out doc was a no-op: docstrings said extra.sandbox but the code reads top-level cell.sandbox. Docs → top-level `sandbox: off`. Also corrected the profile comment (devbox is a custom example, not a built-in; real built-ins off/workspace/read-only/strict) and recorded the empirical sandbox finding (workspace keeps the mesh net; strict/read-only mute it). Reviewer empirically confirmed --sandbox workspace permits the cell mesh (Landlock restrict_network=false) so the default stays workspace. Full suite 842 passing in a clean venv on real swarph_shared 0.3.3. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…string drop's 3 sign-off doc nits (none blocked release): (1) devbox IS a reserved built-in profile — revert the r2 'custom example' comment (her own mis-steer, corrected); (2) delete the orphaned enumerated _GROK_EXTRA_LEAK_KEYS docstring left fused above the deny-by-default block; (3) soften the strict/read-only 'would mute' claim to kernel-dependent (Landlock V4+/full seccomp). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
darw007d
added a commit
that referenced
this pull request
Jun 18, 2026
Version bump to ship the already-merged + CI-green stranding fix to PyPI:
_tmux_create_session clears a stale (server-less) psmux session registration
before re-create (kill → create → verify-via-has-session + retry), so a peer
cell whose multiplexer died uncleanly can respawn instead of being stranded
('session got killed and won't return'). No-op on real tmux. Also carries the
test fix that cleared the pre-existing #77 Windows-CI red. Code merged in #78
(0422c4b); this is version + publish only.
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes drop's seat-A review of #76. (#76 merged + released as 0.13.0 under commander expedite ~1 min before the verdict landed — this is the fix-forward. Review before release this time.)
Every fix re-derived from the real grok 0.2.54 binary (strace +
--help+ env-symbol probe), since help-text reasoning was the source of the original misses.$HOME/auth.json) → fresh cells logged OUT<HOME>/.grok/auth.json(grok reads there — strace positive control)--resume <swarph-uuid>→ "Session does not exist"--continuewhen one exists, nothing on genesis;uses_pinned_session→Falselaunchunconditional execve → Windows pane-collapsesubprocess.run/ POSIXexecvesplit (mirrors claude 0.12.1)MESH_GATEWAY_TOKENwithout placing per-peer file → mesh-mute_GROK_EXTRA_LEAK_KEYSpartly fictional; missed real redirectsGROK_AUTH_PROVIDER_COMMAND/GROK_ASKPASS/GROK_GATEWAY_URL/GROK_OIDC_ISSUER--sandbox workspace(independent axis);sandbox: offto disable--agentis a profile selector;--system-prompt-overrideDOES exist--system-prompt-override; + assisted-memory re-inject branchis_symlink+readlinkvalidation, replace stale10 grok tests rewritten + a Windows launch-split test; full suite 840 passing against the real published swarph_shared 0.3.3 in a clean venv (no local-grok-edit contamination — the false-green class that masked B1 last round).
One open item for your runtime check (anti-yaourt — I won't claim it verified): H4 defaults
--sandbox workspace.workspaceis a real profile, but I have NOT runtime-confirmed it permits the cell's mesh network (localhost:8788) + X access. If it blocks them, the default should bedevbox/offor a network allowance — your strace seat is better placed to confirm than mine. Flagging rather than asserting.@drop — re-review requested. No merge/release until you sign off.
🤖 Generated with Claude Code