Skip to content

Rectify: Session Type Boundary Contract Immunity#3359

Merged
Trecek merged 4 commits into
developfrom
order-session-sets-invalid-sessiontype-autoskillit-session-t/3338
May 31, 2026
Merged

Rectify: Session Type Boundary Contract Immunity#3359
Trecek merged 4 commits into
developfrom
order-session-sets-invalid-sessiontype-autoskillit-session-t/3338

Conversation

@Trecek
Copy link
Copy Markdown
Collaborator

@Trecek Trecek commented May 31, 2026
edited
Loading

Summary

CLI session launch functions (_write_order_entry() and _cook.py:cook()) set AUTOSKILLIT_SESSION_TYPE to display labels ("order", "cook") instead of valid SessionType enum values ("orchestrator", "skill"). The server's session_type() resolver silently falls back to SessionType.SKILL via a DeprecationWarning, masking the invalid value. This causes order sessions (L2 orchestrators) to be misidentified as L1 skill sessions by all downstream infrastructure: visibility dispatch, lifespan boot, guard functions, and hook exemptions.

The architectural weakness is the absence of a write-boundary contract — the env var value is validated at the read point (server) but never at the write point (CLI). The fix decouples the two naming systems (CLI display labels vs. SessionType enum values) by introducing a typed boundary spec and a validation assertion at the env-assembly point.

Closes #3338

Implementation Plan

Plan file: /home/talon/projects/autoskillit-runs/remediation-20260530-161415-545091/.autoskillit/temp/rectify/rectify_session_type_boundary_contract_2026-05-30_170000.md

🤖 Generated with Claude Code via AutoSkillit

Token Usage Summary

Step Model count uncached output cache_read peak_ctx turns cache_write time
rectify* opus[1m] 1 2.8k 24.3k 3.5M 154.9k 301 148.2k 23m 1s
review_approach* sonnet 1 52 5.6k 183.6k 42.1k 35 31.2k 3m 4s
dry_walkthrough* opus 1 47 9.3k 451.1k 56.1k 110 67.1k 5m 9s
implement* sonnet 1 1.2k 21.9k 2.2M 88.5k 123 88.7k 7m 17s
audit_impl* sonnet 1 427 11.4k 246.4k 43.7k 49 41.1k 5m 29s
prepare_pr* sonnet 1 81.2k 4.0k 213.8k 30.9k 21 15.7k 1m 21s
compose_pr* sonnet 1 38.4k 1.3k 182.8k 30.9k 13 15.5k 37s
review_pr* sonnet 1 142 31.2k 848.9k 82.9k 87 67.3k 8m 7s
resolve_review* opus 1 71 13.4k 1.5M 74.4k 77 58.8k 10m 5s
Total 124.5k 122.4k 9.4M 154.9k 533.5k 1h 4m

* Step used a non-Anthropic provider; caching behavior may differ.

Token Efficiency

Step LoC Changed cache_read/LoC cache_write/LoC output/LoC
rectify 0
review_approach 0
dry_walkthrough 0
implement 145 15113.3 611.9 151.2
audit_impl 0
prepare_pr 0
compose_pr 0
review_pr 0
resolve_review 22 70443.9 2672.1 608.0
Total 167 56208.4 3194.8 733.1

Model Usage Breakdown

Model steps uncached output cache_read cache_write time
opus[1m] 1 2.8k 24.3k 3.5M 148.2k 23m 1s
sonnet 6 121.5k 75.4k 3.9M 259.5k 25m 56s
opus 2 118 22.7k 2.0M 125.9k 15m 14s

Trecek and others added 4 commits May 30, 2026 17:32
@Trecek @claude
Rectify: Session Type Boundary Contract Immunity — PART A
695bed7 
- Fix _write_order_entry() to use SessionType.ORCHESTRATOR.value instead of
  SESSION_TYPE_ORDER ("order") for AUTOSKILLIT_SESSION_TYPE env var
- Fix _cook.py cook() to use SessionType.SKILL.value instead of
  SESSION_TYPE_COOK ("cook") for AUTOSKILLIT_SESSION_TYPE env var
- Add FleetSessionEnv.__post_init__ to validate session_type is a valid
  SessionType member at construction time (mirrors CaptureEntrySpec pattern)
- Add domain validation in build_agent_env() for AUTOSKILLIT_SESSION_TYPE
  before the required-keys check, closing the write-side boundary universally
- Harden session_type() to raise ValueError on invalid values instead of
  silently falling back to SKILL via DeprecationWarning
- Wrap session_type() calls in _guards.py with try/except ValueError so MCP
  requests never propagate an unhandled exception from an invalid session type
- Update tests: remove tautological "order"/"cook" assertions, add boundary
  contract tests, replace DeprecationWarning test with ValueError test, remove
  unused suppress_deprecation parameter from test_session_type_resolver

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Trecek @claude
fix(review): tighten pytest.raises with match= in test_cli_display_la…
e8cff96 
…bels

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Trecek @claude
fix(review): add from None to ValueError re-raise in build_agent_env
041c75e 
Consistent with parallel validation sites in _type_session_env.py and
_type_helpers.py that already suppress the original traceback context.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Trecek @claude
fix(review): surface ValueError detail in session_type guard handlers
856e9bf 
Bind the ValueError as `e` and pass str(e) to headless_error_result so
the invalid value and valid-members list reach the caller, instead of a
generic "invalid AUTOSKILLIT_SESSION_TYPE" message.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Trecek Trecek force-pushed the order-session-sets-invalid-sessiontype-autoskillit-session-t/3338 branch from 5819105 to 856e9bf Compare May 31, 2026 00:32
@Trecek Trecek added this pull request to the merge queue May 31, 2026
Merged via the queue into develop with commit 58be44e May 31, 2026
3 checks passed
@Trecek Trecek deleted the order-session-sets-invalid-sessiontype-autoskillit-session-t/3338 branch May 31, 2026 00:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Trecek