Codex Mission Migration: Whilly v6.0 Hardening
Source Factory mission: /path/to/factory/mission
State at migration: paused, working directory /opt/develop/whilly-orchestrator, Factory id mis_b0836c2a, last updated 2026-05-06T07:44:23.977Z.
Mission Goal
Continue Whilly v6.0 Security & Rollback Hardening over the v4.6.1/v5.0 baseline. Scope is additive only:
- Block A: security and isolation.
- Block D: rollback and safety net.
- Preserve v5.0 backcompat, especially
bash workshop-demo.sh --cli stub.
Current v1.1 Operator UI Parity Evidence
The active operator UI contract is intentionally narrow and shared across WUI and TUI:
- Active surfaces: Overview, Compliance, Plans/Tasks, Workers, Events.
- Shared surface hotkey copy:
1-5=switch. - Worker controls:
/api/v1/admin/workers/*. - Human-review decisions:
/api/v1/tasks/*/human-review. _logs.html: routeable noncanonical fragment behind?fragment=logs, not visible canonical navigation._admin.htmland_prd.html: quarantined inactive WUI fragments until their backend routes and matching TUI capabilities are deliberately wired.
Focused verification for this contract lives in tests/unit/test_operator_views.py, tests/unit/test_tui.py, tests/unit/test_wui_contract_static.py, and tests/integration/test_htmx_dashboard.py.
Last Closed Feature
publish-whilly-worker-4-6-1-and-fix-dashboard-sse-401
Purpose:
- Keep
whilly_workerPyPI publishing in lockstep with the main package. - Fix dashboard live updates where anonymous
GET /rendered a page whose/events/streamconnection failed with 401/403.
Codex close-out:
- Release workflow side appears already committed in
2f64ad1. - Dashboard fix implemented with
whilly/api/dashboard_token.py,index.html.j2, package-data wiring, and dashboard-token auth for/events/streamand read-only/api/v1/tasks. whilly-worker==4.6.1manually published to PyPI on 2026-05-06 because the originalv4.6.1tag predated the lockstep worker publish workflow.bash workshop-demo.sh --cli stubpassed on 2026-05-06.
Current Active Feature
user-testing-validator-v6-baseline
Purpose:
- Re-run v6 baseline user testing against the hardened v4.6.1/v5.0 baseline.
- Treat the VPS doctor as the pre-flight gate before any cross-host validation.
Status:
- Unblocked on 2026-05-06 after stabilizing the doctor tunnel probe budget and wiring a private
WHILLY_METRICS_TOKENenv-file into the v6 VPS bringup. - Latest doctor evidence:
out/v6-baseline-vps-doctor/20260506T145946Z/state.json. - Latest live state: SSH ok, stack running,
/healthok,/metricsgated correctly (401without bearer,200with bearer), imagemshegolev/whilly:4.6.1,openclaw-gatewayrunning, and tunnel stability20/20probes with20/20TLS verifies. - Latest live smoke:
env LHR_SSH_KEY_PATH=/root/.ssh/lhr_paid_id_ed25519 bash scripts/v6-baseline-vps-up.shcompleted health + cross-host CLAIM/COMPLETE againsthttps://whilly-orchestrator.lhr.rocks. - Full non-compose integration was attempted twice on 2026-05-06 and hit the documented Colima/testcontainers port-forwarding setup flake in
test_skip_task.py; the targeted rerun of that file passed.
Pending Feature Queue
a3-a4-sandbox-and-secrets-lintd1-d3-backup-tag-and-auto-restored2-branch-protection-preflightd4-smart-rollback-climisc-v6-htmx-cdn-inline-or-route-stub
Completed baseline/support features include VPS topology bringup, v6 fixture harness, VPS doctor, paid localhost.run funnel migration, funnel resilience, tunnel-stability doctor gate, changelog breaking-section fix, frozen-file byte-equality follow-up, and the dashboard SSE / whilly-worker publish close-out.
Completed Block A features:
a1-prompt-injection-guard: prompt descriptions are wrapped inBEGIN-WHILLY-DESC-<nonce16>/END-WHILLY-DESC-<nonce16>, baseline plusWHILLY_PROMPT_DENY_PATTERNSmarkers are blocked before runner invocation, and blocked tasks emitprompt_injection_blockedimmediately beforeFAIL.a2-shell-deny-list: task-authored command surfaces are scanned before runner invocation with baseline plusWHILLY_SHELL_DENY_PATTERNSpatterns; blocked tasks emitshell_command_blockedimmediately beforeFAIL.a3-a4-sandbox-and-secrets-lint: secret linting, runner env allowlists, and auditable guard reasons are implemented for task, runner, verification, and worker failure paths; full per-task VM/container isolation remains future work.
Hard Boundaries
- Do not touch the off-limits VPS
openclaw-gatewayservice or port18789. - Tailscale remains removed; do not introduce
TAILSCALE_*paths. - Preserve Docker memory caps and worker import-path purity.
- Keep
DockerfileproductionCMD ["control-plane"]invariant. - Treat
docker-compose.demo.yml,workshop-demo.sh,Dockerfile.demo, v3 legacy CLI flags, HTMX/SSE/metrics surfaces, and migrations as backcompat-sensitive. - Do not clean or delete pre-existing untracked analysis artifacts unless explicitly requested.
Validation Gates
Prefer focused tests first, then broaden:
.venv/bin/python -m ruff check whilly/ tests/
.venv/bin/python -m ruff format --check whilly/ tests/
.venv/bin/lint-imports --config .importlinter
.venv/bin/python -m pytest -q tests/unit --maxfail=3
bash workshop-demo.sh --cli stub
For v6-baseline user-testing, run the VPS doctor first:
bash scripts/v6-baseline-vps-doctor.sh --require-stable
Abort cross-host validation if the doctor reports tunnel-flapping.