Execute meta mega codex charter standard #1
Conversation
This commit introduces the core Meta Mega Codex framework, including: - Base governor implementation - Policy loading and validation - Resilience and retry mechanisms - Workflow automation for Activ8, LMA, and Personal governors - Evidence aggregation and watchdog functionalities Co-authored-by: codex <codex@activ8ai.app>
|
Cursor Agent can help with this pull request. Just |
There was a problem hiding this comment.
Pull request overview
This PR implements the "Meta Mega Codex" - a multi-agent governance framework with deterministic, resilient, and auditable execution. The framework establishes three domain-specific governors (Activ8, LMA, and Personal) that enforce policy controls, with supporting infrastructure for retry logic, watchdog monitoring, evidence aggregation, and routing.
Key Changes:
- Implemented a policy-based governance system with three domain governors (Activ8, LMA, Personal) that evaluate controls against runtime facts
- Added resilience mechanisms including backoff/retry logic with configurable strategies and watchdog-based stale detection
- Created evidence aggregation, MCP routing, and append-only logging for audit trails
Reviewed changes
Copilot reviewed 25 out of 25 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
meta_mega_codex/governor_base.py |
Core BaseGovernor implementation providing policy evaluation, runtime fact collection, and evidence persistence |
meta_mega_codex/policy_suite.py |
Policy document loading/validation with Control and PolicySuite dataclasses |
meta_mega_codex/resilience.py |
Retry controller with exponential backoff and failover state tracking |
meta_mega_codex/__init__.py |
Module exports for the meta_mega_codex package |
activ8_governor.py, lma_governor.py, personal_governor.py |
Domain-specific governor implementations extending BaseGovernor |
activ8_domain_policy.json, lma_domain_policy.json, personal_domain_policy.json |
Domain policy configurations defining controls and expectations |
activ8-ai-copilot.json, lma-copilot.json, personal-copilot.json |
Copilot policy configurations for agent-specific controls |
resilient_governor_runner.py |
Orchestrates all governors with retry logic and backoff |
mcp_governor_router.py |
Routes invocation phrases to appropriate governor executions |
watchdog.py |
Monitors trace logs for stale execution intervals and escalates alerts |
governor_evidence_aggregator.py |
Aggregates governor evidence into JSON and Markdown dashboards |
genesis_trace.py |
Append-only trace log for auditing governor lifecycles |
custodian_log_binder.py |
Append-only custodian log with metadata support |
.github/workflows/*.yml |
Scheduled and on-demand workflows for governor sweeps, watchdog checks, failover drills, and evidence aggregation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| severity="medium", | ||
| details=f"Dashboard located at {dashboard} :: exists={status}", | ||
| target="artifacts.meta_mega_codex.dashboard", | ||
| expectation={"operator": "truthy", "value": True}, |
There was a problem hiding this comment.
Control "ACT-DASH-001" has an expectation field with both "operator": "truthy" and "value": True. The truthy operator doesn't use the value field (see governor_base.py line 220-221), making the "value": True unnecessary and potentially confusing. Remove the value field from this expectation.
| expectation={"operator": "truthy", "value": True}, | |
| expectation={"operator": "truthy"}, |
| - name: Detect divergence for conflict-safe commit | ||
| id: divergence | ||
| run: | | ||
| git fetch origin "${GITHUB_REF}" |
There was a problem hiding this comment.
[nitpick] The shell variable ${GITHUB_REF} is used here, but it should be "$GITHUB_REF" (with quotes and without braces for this syntax) or "${GITHUB_REF}" if using brace expansion. While it may work in many shells, the current syntax is inconsistent with typical bash practices. For robustness, use git fetch origin "$GITHUB_REF" or git fetch origin "${GITHUB_REF}".
|
|
||
| def _backoff_delay(self, attempt_number: int) -> None: | ||
| interval = self.strategy.duration_for(attempt_number) | ||
| time.sleep(min(interval, 2.0)) |
There was a problem hiding this comment.
The backoff delay is capped at 2.0 seconds here, which overrides the max_interval setting from BackoffStrategy. This means if BackoffStrategy.max_interval is set to a value greater than 2.0 (like 30.0 in the default or 8.0 in resilient_governor_runner.py), it will be ignored. This inconsistency makes the configurable max_interval parameter misleading. Consider using self.strategy.max_interval instead of the hardcoded 2.0.
| time.sleep(min(interval, 2.0)) | |
| time.sleep(min(interval, self.strategy.max_interval)) |
| f"{governor} exhausted retries ({self.max_attempts})" | ||
| ) from exc | ||
| self._backoff_delay(state.attempts) | ||
| raise RetryExhaustedError(f"{governor} exhausted retries ({self.max_attempts})") |
There was a problem hiding this comment.
This line is unreachable. The while loop condition checks state.attempts < self.max_attempts, and when that becomes false, the code inside the loop at line 82 already raises RetryExhaustedError. After the loop exits naturally (which can never happen due to the raise), this line would raise the same exception again. This code should be removed as dead code.
| raise RetryExhaustedError(f"{governor} exhausted retries ({self.max_attempts})") |
| def run(self, targets: Iterable[str] | None = None) -> dict[str, str]: | ||
| active_targets = set(targets) if targets else set(self.registry.keys()) | ||
| status_map: dict[str, str] = {} | ||
| for name, governor_cls in self.registry.items(): | ||
| if name not in active_targets: | ||
| continue | ||
| def operation() -> str: | ||
| governor = governor_cls(self.log_binder, self.trace) | ||
| result = governor.run() | ||
| status_map[name] = result.status | ||
| return result.status | ||
| self.retry_controller.execute(name, operation) | ||
| return status_map |
There was a problem hiding this comment.
The status_map is updated inside the operation closure but is defined in the outer scope. If the retry fails and raises an exception before reaching line 39, the governor won't have an entry in status_map, which could lead to incomplete results being returned. Consider handling failed retries by adding entries to status_map or catching RetryExhaustedError to ensure all attempted governors are represented in the returned map.
| help="Optional subset of governors to run.", | ||
| ) | ||
| args = parser.parse_args() | ||
| return args.targets or [] |
There was a problem hiding this comment.
The function signature indicates it returns list[str], but line 61 returns either args.targets (which could be None) or an empty list []. If args.targets is None, returning it would violate the type signature. The function should consistently return a list. Consider: return args.targets if args.targets else [].
| return args.targets or [] | |
| return args.targets if args.targets is not None else [] |
| if not recent_entries: | ||
| return {"status": "alert", "reason": "no-trace", "age_minutes": None} | ||
|
|
||
| latest = recent_entries[-1] |
There was a problem hiding this comment.
[nitpick] When limit=1 is passed to recent(), the returned list will have at most 1 element. Accessing recent_entries[-1] works but is unnecessarily confusing - it would be clearer to use recent_entries[0] when the limit is 1. This makes the intent more obvious: we're getting the single most recent entry.
| latest = recent_entries[-1] | |
| latest = recent_entries[0] |
| "description": "Watchdog must receive events to detect stale executions.", | ||
| "severity": "medium", | ||
| "enforcement": "warn", | ||
| "target": "cache.pip", |
There was a problem hiding this comment.
The control "PER-DOM-002" is supposed to check for "Watchdog registration" (ensuring the watchdog receives events), but the target is cache.pip with a truthy operator. This appears to be a copy-paste error from the copilot policy and should instead target something related to watchdog functionality or trace logging, not the pip cache.
| "target": "cache.pip", | |
| "target": "watchdog.registered", |
| "operator": "contains", | ||
| "value": "/workspace" |
There was a problem hiding this comment.
The control "LMA-DOM-003" checks if the workspace root "contains" /workspace, but this is overly permissive. A path like /home/user/workspace-backup would pass this check even though it's not actually under /workspace. Consider using a more precise operator or checking if the path starts with /workspace/ to ensure proper boundary enforcement.
| "operator": "contains", | |
| "value": "/workspace" | |
| "operator": "startsWith", | |
| "value": "/workspace/" |
| "enforcement": "block", | ||
| "target": "sovereign_boundaries.workspace_root", | ||
| "expectation": { | ||
| "operator": "contains", |
There was a problem hiding this comment.
The control "ACT-DOM-001" uses contains to check if workspace root is within /workspace, but this check is too loose. A path like /home/workspace-copy would incorrectly pass validation. The same issue exists in "LMA-DOM-003". Consider implementing a more precise check that validates the path actually starts with /workspace/.
| "operator": "contains", | |
| "operator": "startsWith", |
Implement the Meta Mega Codex to establish a multi-agent charter standard execution framework with deterministic, resilient, and auditable governance.