Skip to content

fix(permissions): pop committed sandbox.enabled instead of clearing it in place#408

Merged
aleskalfas merged 2 commits into
mainfrom
fix/406-sandbox-disable-leaves-committed-enabled
Jun 30, 2026
Merged

fix(permissions): pop committed sandbox.enabled instead of clearing it in place#408
aleskalfas merged 2 commits into
mainfrom
fix/406-sandbox-disable-leaves-committed-enabled

Conversation

@aleskalfas

Copy link
Copy Markdown
Owner

What

sandbox_disable and the ADR-032 relocation pass cleared a drifted committed sandbox.enabled by setting it to false in place, leaving redundant tracked residue in repos that commit settings.json. Both now pop the key via a shared _strip_committed_sandbox_enabled helper (also removing a then-empty sandbox block), completing the ADR-032 per-machine relocation. The authoritative enabled write to settings.local.json is unchanged.

Why

Per ADR-029/ADR-032 the enabled scalar is per-machine and belongs only in the gitignored settings.local.json. Setting committed enabled to false (rather than removing it) left tracked drift that made it look like the sandbox switch lived in the committed file. Runtime was already correct (local wins the scalar); this removes the confusing committed residue. Surfaced investigating why setup autonomy appeared to disable the sandbox in settings.json.

Doc impact

None — behaviour brought into line with the existing ADR-029/ADR-032 contract.

Surface / version

Patch — the committed settings.json artifact changes (the enabled key is removed rather than left false), observable to adopters who track it. .pkit/VERSION bumped 1.131.0 -> 1.131.1 per PRJ-002. No migration owed: the relocation pass self-heals drifted state idempotently on next setup.

Verification

  • pytest tests/test_permissions_cli.py -> 248 passed; other 5 permission modules -> 264 passed.
  • pkit migrations check-diff --include-working-tree --base main -> no migration-triggering changes.
  • Zero new ruff findings.
  • convention-compliance-reviewer: clean (patch bump was the sole action, now applied).

Closes #406.

aleskalfas and others added 2 commits June 30, 2026 23:21
…t in place

sandbox_disable and the ADR-032 relocation pass cleared a drifted committed
sandbox.enabled by setting it to false in place, leaving redundant tracked
residue in repos that commit settings.json. Both now pop the key via a shared
helper (also removing a then-empty sandbox block), completing the ADR-032
per-machine relocation; the authoritative enabled write to settings.local.json
is unchanged. Closes #406.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ed residue fix

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@aleskalfas

Copy link
Copy Markdown
Owner Author

Reviewer agent (local, reviewer): APPROVED

Findings (criteria grounded in the pm capability schemas / decisions):

  • Branch shape — pass ([project-management:DEC-013-branch-and-pr-conventions], git-conventions.yaml branch-name). fix/406-sandbox-disable-leaves-committed-enabled matches ^(fix|…)/[0-9]+-<slug>$.
  • Branch-type ↔ issue-type — pass (classification.yaml pr_type_mapping). Issue [Bug] sandbox_disable leaves committed enabled:false residue instead of removing the key #406 is type:bugfix; branch segment is fix. Aligned.
  • PR title Conventional Commits — pass ([COR-008] + DEC-013). fix(permissions): pop committed sandbox.enabled instead of clearing it in place parses as <type>(<scope>): <desc> with an accepted type.
  • PR title type ↔ issue type — pass (pr_type_mapping). bugfix; title type is fix.
  • Issue classification complete — pass ([project-management:DEC-012-classification-axes]). [Bug] sandbox_disable leaves committed enabled:false residue instead of removing the key #406 carries type:bug, priority:Low, and workstream:permissions (workstream label substrate).
  • PR body links closing issue — pass (DEC-013 pr-body). Closes #406. present and closingIssuesReferences populated.
  • ## Doc impact section — pass (pr-body hard-reject rule). Section present with a one-line justification ("None — behaviour brought into line with the existing ADR-029/ADR-032 contract").
  • Surface-change discipline — pass ([COR-010]). Diff touches permissions.py, tests/…, and .pkit/VERSION only — no renames/removals in kit-owned trees, no schema_version bump, no subtree restructure. PR reports pkit migrations check-diff --include-working-tree --base main clean; the committed-settings.json artifact change self-heals idempotently via the relocation pass, so no migration is owed.
  • No-shared-files invariant — pass ([COR-001]). No edits to core-owned files; changes are to project source (src/project_kit/permissions.py), tests, and .pkit/VERSION.

Warnings (non-blocking):

  • The PR uses a ## Verification heading rather than the template's recommended ## Test plan (PR.md, DEC-013). Test plan is recommended-not-required and the section carries real verification evidence (pytest counts, ruff, check-diff), so this is informational only — no empty-skeleton hard-reject is triggered.

Verdict follows mechanically from the severity model (validation-severity.yaml): every criterion is pass, no bypassable-with-audit finding outstanding → APPROVED.

@aleskalfas aleskalfas merged commit 158511d into main Jun 30, 2026
1 check passed
@aleskalfas aleskalfas deleted the fix/406-sandbox-disable-leaves-committed-enabled branch June 30, 2026 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug] sandbox_disable leaves committed enabled:false residue instead of removing the key

1 participant