feat(wiki): headless authoring delegates to the full zetetic agent roster#72
Merged
Merged
Conversation
…ster
Lets the headless wiki-authoring drain load the user's full specialist
roster (architect, engineer, code-reviewer, …) and delegate read-only
codebase analysis to it, instead of a single confined generalist pass.
Agents mode (CORTEX_HEADLESS_AGENTS=1, default) builds the ``claude -p``
argv with ``--setting-sources user`` (loads the user roster only —
project/local sources stay excluded, so a malicious repo cannot inject
settings/hooks) + ``--tools Read,Glob,Grep,Task`` + a hard
``--disallowedTools Write,Edit,Bash,NotebookEdit`` ceiling. Solo mode
(=0) keeps the hardened ``--safe-mode`` path. Verified live against
claude CLI 2.1.197 (subscription): the roster loads; a delegated
``engineer`` subagent has NO Write tool and creates no file (the deny
ceiling propagates to subagents); no file is written to disk.
Hooks: ``--setting-sources user`` also loads the user's hooks, which
would recurse (SessionEnd → consolidation → authoring → SessionEnd …)
and pollute memory. New ``hooks/_headless_guard`` makes every Cortex
hook no-op when the worker stamps ``CORTEX_HEADLESS_AUTHORING_CHILD=1``
into the child env.
Prompts: per-page-kind delegation hint added to the section/page/anchor
builders, gated on the agents knob (omitted in solo mode where Task is
absent); the untrusted-source guard is preserved.
Root-cause fix surfaced while verifying: the variadic ``--add-dir``
swallowed the trailing positional prompt ("Input must be provided"),
so every drain with a source_root had been failing silently since #70.
The prompt now travels via STDIN — no argv-ordering fragility.
Refactor: argv/env construction extracted to ``claude_cli`` (keeps
headless_authoring < 500 lines; carries the full audit-B-1 argument).
Tests: agents/solo argv, hard-ceiling env flag, stdin-not-argv
regression, guard short-circuit (subprocess), delegation-hint splicing.
672 hooks+handlers tests green; ruff clean.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019o58McF4LRfvGNNXaqG2Au
Merged
cdeust
added a commit
that referenced
this pull request
Jun 30, 2026
…forgetting (#73) Bumps version across pyproject/server/manifest/marketplace/plugin manifests and records the 3.25.0 CHANGELOG section covering #67–#72: - feat: active forgetting module (#69), safe headless drain (#70), full zetetic agent roster for wiki authoring (#72) - fix: Windows portability (#68), subscription-default billing (#71), variadic --add-dir prompt-swallow root cause (#72) - deps: pydantic-settings 2.14.0→2.14.2 security patch (#67) Claude-Session: https://claude.ai/code/session_019o58McF4LRfvGNNXaqG2Au Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Lets the headless wiki-authoring drain load the user's full zetetic specialist roster (architect, engineer, code-reviewer, test-engineer, security-auditor, refactorer, devops-engineer, dba, …) and delegate read-only codebase analysis to it — instead of a single confined generalist
claude -ppass. Follows up #70/#71.How
claude_cli._build_argv, gated onCORTEX_HEADLESS_AGENTS, default1):--setting-sources user(loads the user roster only — project/local sources excluded, so a malicious repo can't inject settings/hooks) +--tools Read,Glob,Grep,Task+ hard--disallowedTools Write,Edit,Bash,NotebookEdit.=0): the hardened--safe-modepath, no roster, noTask.hooks/_headless_guard):--setting-sources useralso loads the user's hooks, which would recurse (SessionEnd → consolidation → authoring → SessionEnd …) and pollute memory. The worker stampsCORTEX_HEADLESS_AUTHORING_CHILD=1into the child env; every Cortex hook now no-ops there.Taskis absent). Untrusted-source guard preserved.claude_cli(keepsheadless_authoring< 500 lines; carries the full audit-B-1 security argument).Root-cause fix (surfaced while verifying)
The variadic
--add-dir <directories...>was swallowing the trailing positional prompt → CLI erroredInput must be provided, so every drain with asource_roothad been failing silently since #70 (mocked subprocess hid it from tests). The prompt now travels via STDIN — no argv-ordering fragility.Verification (zetetic)
Live probe, claude CLI 2.1.197, subscription, production argv:
Task).engineerhad no Write tool and created no file.python -minvocation exits 0 before any work when the flag is set).Note: agents mode costs more per page (delegation spawns subagents) — bounded by the existing
CORTEX_HEADLESS_USD_BUDGET/ wall-clock caps.Tests
672 hooks+handlers tests green; ruff clean. New coverage: agents/solo argv, child-flag env, stdin-not-argv regression, guard short-circuit subprocess, delegation-hint splicing across all three builders.
🤖 Generated with Claude Code
https://claude.ai/code/session_019o58McF4LRfvGNNXaqG2Au