Strip all patent-related tooling from the generic kit so it can ship
publicly under MIT without leaking sensitive IP. restricted-scope agents,
blocks, and skill conditionals live in the private PROJECT-E.
Deleted (5 files):
- _manifests/kei-patent-compliance.toml
- _manifests/kei-patent-researcher.toml
- _blocks/domain-sensitive IP-aware.md
- _assembler/tests/fixtures/_manifests/kei-patent-compliance.toml
- _assembler/tests/snapshots/kei-patent-compliance.snap
Cross-reference cleanup:
- 6 manifests: remove kei-patent-* handoffs and "sensitive IP" forbidden lines
- _blocks/deploy-local-only.md: drop sensitive IP rationale, keep ML weights /
offensive / kernel / client-confidential banned-public triggers
- skills/research/SKILL.md: drop patent-angle-scanner + "Patent angles" section
- skills/new-agent/SKILL.md: drop Q5 (patent), renumber Q6→Q5 Q7→Q6
- README.md: drop 2 restricted agents rows, renumber wizard questions 5-7→5-6,
update counts 34→33 blocks / 14→12 agents
- _assembler/tests/golden.rs: remove golden_patent_compliance test
- _assembler/tests/roundtrip.rs: swap kei-patent-compliance fixture to
kei-cost-guardian for double-assembly determinism test
- _assembler/tests/fixtures/_manifests/kei-researcher.toml + snapshot:
remove kei-patent-researcher handoff
Tests: 21 → 20 integration tests, all passing. Grep for "patent" in
main tree returns zero hits outside .claude/worktrees.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Rename 4 fixture manifests under _assembler/tests/fixtures/_manifests/
({code-implementer,cost-guardian,patent-compliance,researcher}.toml
-> kei-<name>.toml) via git mv. Copy updated top-level manifests into
fixtures so they stay byte-identical (fixtures mirror real manifests).
- Rename 4 snapshot files under _assembler/tests/snapshots/ to match
the new insta snapshot keys.
- Update snapshot bodies to reflect the kei- prefix in:
* frontmatter name field (name: kei-<n>)
* GENERATED comment (_manifests/kei-<n>.toml)
* handoff target lines
* === HEADER === REPORT header (uppercased name in output_format)
- Update test code (golden.rs, roundtrip.rs, validator_negative.rs,
determinism.rs) to use the new manifest filenames + snapshot keys.
Rust function names (e.g. golden_researcher) untouched — they are
internal identifiers, not manifest refs, and the word-boundary rule
(no "_" preceding match) correctly skipped them.
Verify:
cd _assembler && cargo test
-> 17 tests passed (0 + 3 + 4 + 2 + 2 + 6 across 6 test files)
-> Re-run produces no *.snap.new files (snapshots stable)
Regeneration path: because cargo-insta CLI is not installed on the
build host, the .snap.new files produced by the first (failing) test
run were accepted by renaming .snap.new -> .snap. Second cargo test
run passed cleanly.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Regression test for the fix in 30cd08b (replaced
`root.parent().unwrap()` with `.unwrap_or(root.as_path())` at
main.rs:45). Two cases:
- `agent_root_slash_does_not_panic` — `AGENT_ROOT=/ assemble /dev/null`
must reach the "parse failed" error path without panicking. Guards
against the `relative_to()` call site specifically.
- `agent_root_slash_full_run_no_panic` — same env with a valid stub
manifest supplied explicitly. Even though the run fails at
`mkdir /_generated` (unprivileged), it must fail GRACEFULLY, not
with SIGABRT from an `.unwrap()` on a None parent.
Both assertions: no "panicked at" in stderr, and `status.code()` is
Some (signal-kill would return None on Unix).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
tests/determinism.rs (3 cases):
- same input across 2 isolated tempdirs → byte-identical output
- same input across 10 isolated tempdirs → all byte-identical
(catches HashMap iteration nondeterminism a 2-run check can miss)
- reordering blocks in the manifest changes output, but only in the
block region — frontmatter + role + trailing sections are stable
tests/roundtrip.rs (2 cases):
- every manifest string (name, model, tools list, all domain_in /
forbidden_domain / handoff.target / handoff.trigger entries)
appears verbatim in the generated output; no field silently dropped
- two consecutive runs in the SAME tempdir produce identical bytes
(defence against caching / mutable-global drift)
tests/validator_negative.rs (6 cases):
- unknown block ref → error mentions the bad name
- missing obligatory block (memory-protocol removed) → error names it
- empty handoff array → error mentions "handoff"
- whitespace-only role → error mentions "role"
- empty domain_in → error mentions "domain_in"
- --validate flag on a valid manifest: exit 0, no file written
Not covered: unsubstituted `{{placeholder}}` check — that validator
rule is being added in a parallel PR (fix/remaining-findings) and is
not yet on this base branch. Add a case for it when the check lands.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add tests/golden.rs with insta-backed snapshot assertions for:
- researcher (minimal — 3 obligatory blocks only)
- cost-guardian (minimal + output_extra_fields)
- patent-compliance (minimal + references.extra)
- code-implementer (obligatory + 4 implementer-specific blocks)
Coverage: all four frontmatter fields (name/description/tools/model),
role body, block concatenation order, domain_in / forbidden_domain /
handoffs / output format (including extra fields) / references (both
optional memory_project + project_claudemd and references.extra).
The snapshots in tests/snapshots/*.snap are the signed contract —
any change to assembler.rs output must be reviewed via
`cargo insta review` and committed alongside the code change.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Add insta + tempfile to _assembler/Cargo.toml [dev-dependencies].
- Create tests/common/mod.rs with helpers: seed_tempdir (copies
fixtures into an isolated AGENT_ROOT), run_assemble (invokes the
built binary via std::process::Command), and assemble_one
(end-to-end single-manifest helper).
- Seed tests/fixtures/ with the 4 manifests covered by the golden
snapshots (code-implementer, researcher, cost-guardian,
patent-compliance) and the 7 blocks they reference (baseline,
evidence-grading, memory-protocol, rule-pre-dev-gate,
rule-test-first, rule-error-budget, rule-double-audit).
Binary-only crate (no lib target), so integration tests invoke the
assemble binary in-process instead of calling internal functions.
This exercises the full main.rs I/O + validator + assembler pipeline
end-to-end, which is exactly what the determinism claim covers.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Walks every string-valued manifest field after load and rejects values
containing `{{...}}` (conservative: requires both `{{` and `}}`). Catches
wizard bugs that would emit literal `{{MEMORY_PROJECT}}` into the
generated agent .md. Four unit tests cover role/memory_project/single-brace
accept/empty-accept cases.
root.parent().unwrap() at main.rs:45 panicked if AGENT_ROOT pointed at a
filesystem root (e.g. AGENT_ROOT=/). Now falls back to root itself via
.unwrap_or(root.as_path()) so the 'OK <manifest> → <path>' line just
prints the absolute path in that edge case instead of aborting.
