Skip to content

Clarify prototype hardening posture#204

Merged
seanwevans merged 2 commits into
mainfrom
codex/clarify-project-release-status-and-requirements
May 13, 2026
Merged

Clarify prototype hardening posture#204
seanwevans merged 2 commits into
mainfrom
codex/clarify-project-release-status-and-requirements

Conversation

@seanwevans
Copy link
Copy Markdown
Owner

@seanwevans seanwevans commented May 13, 2026

Motivation

  • The project should not advertise the current release as a hardened runtime when kernel eBPF enforcement and CPython no‑GIL support are still roadmap items.
  • Hardened, fail‑closed behavior must be gated by explicit host diagnostics so users do not silently run without the required kernel/tooling.
  • Examples and public API docs should avoid implying kernel enforcement for dev/compatibility modes.

Description

  • Mark the release as a prototype in README.md, adjust feature wording to label kernel enforcement and no‑GIL support as experimental/roadmap, and update examples to avoid implying enforcement.
  • Update API.md and pyproject.toml to reflect prototype status and label the no_gil pytest marker as experimental.
  • Add a hardened gate in pyisolate-doctor (pyisolate/doctor.py) that reports missing no‑GIL builds, kernel features, and BPF toolchain availability and returns non‑zero in --mode hardened.
  • Report BPF toolchain availability in installation_report() (pyisolate/provenance.py) and wire Supervisor(rollout_mode="hardened") to call assert_hardened_supported() before attempting to load BPF while preserving compatibility with test stubs via a _load_bpf shim in pyisolate/supervisor.py.

Testing

  • Compiled affected modules with python -m py_compile pyisolate/doctor.py pyisolate/provenance.py pyisolate/supervisor.py tests/test_provenance.py and the command succeeded.
  • Ran targeted test sets pytest -q tests/test_provenance.py tests/test_supervisor.py and pytest -q tests/test_bpf_manager.py, and these targeted suites passed.
  • Exercised the doctor CLI with python -m pyisolate.doctor --mode hardened which exited non‑zero on this host as expected because the host does not satisfy hardened requirements.
  • The full test-suite (pytest -q) currently exhibits failures unrelated to this documentation/doctor gate change (cross-test BPF manager stubbing and watchdog/thread lifecycle interactions); targeted tests validating this PR pass while the global suite requires addressing test isolation for BPF/watchdog mocks.

Codex Task

@seanwevans seanwevans merged commit 659dd4d into main May 13, 2026
@seanwevans seanwevans deleted the codex/clarify-project-release-status-and-requirements branch May 13, 2026 13:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@seanwevans