Client attach on join: auto-attach clients when the daemon binds (LLP 0044/0045/0046)

[philcunliffe]

Implements client attach on join — when a joined machine confirms a central config that enables a client adapter (claude/codex), the daemon performs that client's attach machine-effect and reverses it on leave. Closes the silent-gap failure (#126): daemon healthy + gateway bound but nothing recorded until a manual hyp attach.

First change set built via design-first intake (LLP 0016): the design (LLP 0045) was authored by hand and merged to master at Status: Accepted; neutral planned (LLP 0046) and implemented it, flipping the design to Active as the shipped marker.

What landed (10 tasks, T1–T10):

• Self-describing undo record in the claude _hypaware marker + codex marked block (T1)
• Attach policy reader attach_policy.js, tri-state attach.on_join (T2)
• Reconcile-context seam: clientDescriptors/clients/endpoint (T3)
• Per-plugin attach config validation (T8)
• Core format-aware undo client_detach_disk.js; adapters' detach() retired (T4/T5)
• Attach handler action_attach.js (desired/perform/reverse) (T6)
• Daemon wiring in runtime.js: register [attachHandler, backfillHandler] (T7) + client_attach_on_join smoke
• Status declared-attach-targets surface (T9)
• LLP 0045 Accepted → Active (T10)

Open question carried from LLP 0045 for review: undo-record completeness (per-format replay vs declarative manifest) — settled across T1/T4/T5; check for orphaned hook-entry risk on fleet-drop.

🤖 Generated with Claude Code

Change-Set: client-attach

[philcunliffe]

Dual-agent review — request_changes

• Verdict: request_changes
• Risk class: medium
• Head reviewed: f77ed3f
• Auto-merge advisory: 👎 thumbs down — verdict is request_changes; needs human-gated follow-up

Advisory only: no merge was attempted. Two reviewers (Codex + a parallel Claude review across 6 lanes) plus a blast-radius pass.

Risk capstone

Disk-mutating config writes on two user-facing AI clients (Claude settings.json, Codex config.toml) plus daemon join-edge wiring give a medium blast radius; the heavy green suite (1522 pass / 0 fail) and atomic, mtime-guarded writes hold it below high. The dominant live risk is a backward-compatibility gap, not the new happy path.

Cross-reference (reviewer agreement)

Finding	Codex	Claude	Verified	Severity
Legacy Claude _hypaware marker (port-only, written by master) -> core undo deletes marker but orphans ANTHROPIC_BASE_URL + hooks, non-retryable	#7 (cat 7, high)	lanes 2/3/6 (84)	yes -- git show origin/master + traced	major
Manual hyp detach gated on live gateway.getClient() -- cannot detach a dropped/unloaded adapter despite the disk-driven design	#1 (cat 1, high)	--	yes (core_commands.js:3277)	major
Detach descriptor map bundled-only vs boot/status bundled+installed -- installed client adapters attachable but not detachable	#2 (cat 2, med)	--	yes, latent (claude/codex are bundled)	major
@typedef DetachFromDiskResult violates the repo "no @typedef" rule	--	lane 1 (88)	yes	minor
Prose Part 7 cites a non-existent LLP 0045 section	--	lane 5 (80)	yes	nit

Codex TOML undo is symmetric/complete (writer emits # previous_model_provider, core reads the same key). Idempotency, both-format byte-for-byte round-trips, and attach-before-backfill ordering are all asserted in tests.

Codex review

Fix Validations

Silent gap: joined daemon did not auto-attach clients

• Status: correct
• Evidence: src/core/daemon/runtime.js:317, src/core/daemon/runtime.js:327, src/core/daemon/runtime.js:820, src/core/config/action_attach.js:73, src/core/config/action_attach.js:151
• Assessment: The daemon now registers the attach handler ahead of backfill, threads descriptors/gateway/endpoint into reconciliation, and perform() invokes the adapter attach() with the resolved endpoint.

Findings

1) Behavioral Correctness

• Severity: major
• Confidence: high
• Evidence: src/core/cli/core_commands.js:3260, src/core/cli/core_commands.js:3277, src/core/cli/core_commands.js:3314, src/core/cli/core_commands.js:3350
• Why it matters: Manual hyp detach <client> still requires the client to be live in the gateway registry, so it cannot use the new disk-driven undo for an attached client whose adapter was dropped or unloaded.
• Suggested fix: For action === 'detach', expand and validate targets from the descriptor map instead of gateway.listClients() / gateway.getClient(). Keep the gateway registry requirement only for attach.

2) Contract & Interface Fidelity

• Severity: major
• Confidence: medium
• Evidence: src/core/runtime/boot.js:148, src/core/daemon/status.js:153, src/core/daemon/status.js:156, src/core/cli/core_commands.js:3677
• Why it matters: Boot/status build client descriptors from bundled plus installed plugins, but manual detach builds descriptors from bundled plugins only, so installed client adapters can attach but cannot be detached through the new core undo.
• Suggested fix: Build the CLI detach descriptor map with the same bundled + installed catalog inputs used by boot/status, using the command's resolved state root.

7) Resource Lifecycle & Cleanup

• Severity: major
• Confidence: high
• Evidence: src/core/config/client_detach_disk.js:128, src/core/config/client_detach_disk.js:133, src/core/config/client_detach_disk.js:145, hypaware-core/plugins-workspace/claude/src/settings.js:144, hypaware-core/plugins-workspace/claude/src/settings.js:146, hypaware-core/plugins-workspace/claude/src/settings.js:155
• Why it matters: Legacy Claude _hypaware markers without managed.env/hooks will have the marker deleted while the gateway ANTHROPIC_BASE_URL and hooks remain, making cleanup non-retryable.
• Suggested fix: Add a compatibility branch for old Claude markers: when managed is absent but marker.port exists, remove the matching ANTHROPIC_BASE_URL and strip the legacy session-context hooks before deleting the marker, or leave the marker intact and report an unsupported legacy undo.

No Finding

3. Change Impact / Blast Radius
4. Concurrency, Ordering & State Safety
5. Error Handling & Resilience
6. Security Surface
7. Release Safety
8. Test Evidence Quality
9. Architectural Consistency
10. Debuggability & Operability

Claude review

Claude review

Core disk-driven undo leaves a pre-upgrade (master-era) Claude _hypaware marker half-reversed — orphans ANTHROPIC_BASE_URL + hooks

• Severity: major
• Confidence: 84
• Evidence: src/core/config/client_detach_disk.js:128-163 (esp. 128-130, 133, 145)
• Why it matters: origin/master ships hyp attach writing a Claude marker of shape { attached_at, version, port, state_file } — no managed, no prev_base_url (confirmed via git show origin/master:.../claude/src/settings.js). This PR's single undo detachJsonMarker derives everything it reverses from marker.managed.env / marker.managed.hooks / marker.prev_base_url; against a legacy marker those are all absent, so managedEnv={} and hookEntries=[] — the env loop never runs and stripManagedHooks strips nothing — yet line 133 deletes the marker unconditionally and reports changed:true ("✓ Detached"). Net: env.ANTHROPIC_BASE_URL stays pointed at a now-dead http://127.0.0.1:<oldport> (Claude Code is bricked), the four hyp claude-hook session-context entries remain orphaned, and because the marker is gone a re-run hyp detach/hyp status reports "nothing to do" — unrecoverable without hand-editing. The retired adapter detach() (still dead-present at claude/settings.js:135-160, 311-328) handled exactly this via marker.port + the claude-hook session-context pattern. Reached via manual hyp detach after upgrade (and single-user/non-joined installs); the daemon auto-reverse path is shielded because the client-actions.json store is new so the daemon has no master-era attach to reverse, and a fresh auto-attach rewrites the marker to new format. Three independent review lanes and Codex (cat 7) converged on this. (Codex is unaffected: its # BEGIN/END hypaware block + # previous_model_provider format is unchanged by this PR, so the core undo parses old and new identically.)
• Suggested fix: In detachJsonMarker, when marker.managed is absent, fall back to the legacy reversal: remove env.ANTHROPIC_BASE_URL when it equals http://127.0.0.1:${marker.port} and strip session-context hooks by the claude-hook session-context command pattern (the logic still present in the now-dead detach()); add a client-detach-disk.test.js case seeding a managed-less { attached_at, version, port, state_file } marker asserting the env key and hooks are gone.

Shared type DetachFromDiskResult defined via forbidden @typedef instead of an interface in a .d.ts

• Severity: minor
• Confidence: 88
• Evidence: src/core/config/client_detach_disk.js:72 (@typedef {object} DetachFromDiskResult); imported cross-file at src/core/config/types.d.ts (import type { DetachFromDiskResult } from './client_detach_disk.js')
• Why it matters: The repo Code Style rule is explicit — "Do not use @typedef in JSDoc. Define shared types as interfaces in .d.ts files and import them via @import." DetachFromDiskResult is a cross-file shared type (it backs the exported ClientDetachFromDisk type), yet it is the lone @typedef in the PR while its siblings (ClientDetachFromDisk, CreateAttachHandlerOptions) are correctly interfaces in types.d.ts.
• Suggested fix: Move DetachFromDiskResult into src/core/config/types.d.ts as export interface DetachFromDiskResult {...}, delete the @typedef block, and reference it via @import in client_detach_disk.js.

Comments/test cite a non-existent "§Part 7" of LLP 0045

• Severity: nit
• Confidence: 80
• Evidence: src/core/config/action_attach.js:233 ("(LLP 0045 §Part 7)"); test/core/daemon-reconcile.test.js:359 and test title :362
• Why it matters: LLP 0045 has no Part 6/7 — its sections are Parts 1-5 plus "Module / seam breakdown"; the attach-first/live-capture-leads-backfill rationale these comments cite lives in "Module / seam breakdown", which the adjacent machine-checked @ref annotations correctly target. The prose label is internally inconsistent and points a reader at a section that does not exist.
• Suggested fix: Replace "§Part 7" with "§Module / seam breakdown" (or "task T7" of LLP 0046) in those three spots so the prose matches the neighboring @ref.

---

Lanes that cleared (no >=80 findings): contract & callers (full suite 1522 pass / 0 fail; every changed/removed symbol's call sites consistent; AiGatewayClientRegistration.detach fully retired with zero remaining call sites). Coverage confirmed for the new-format undo: byte-for-byte attach→detach round-trips for both claude _hypaware (hooks fully stripped, no orphans) and codex # BEGIN/END hypaware blocks, exactly-once idempotency (no_reattach marker+settings stability), and attach-before-backfill ordering asserted as a unit invariant. Daemon reinstall race (#147) and OTEL self-loop guard untouched and uninvolved.

---

Reviewed at head f77ed3f0c34f90943ad858df4f70953427e75be7. Generated by the dual-review skill (Codex gpt-5.5 + parallel Claude lanes).

[philcunliffe]

Dual-agent review (round 2 — re-review) — request_changes

• Verdict: request_changes
• Risk class: medium
• Head reviewed: 7432284a1da605093f71de362be7d3af4eeab2eb
• Auto-merge advisory: 👎 thumbs down — verdict is request_changes; needs human-gated follow-up

Advisory only: no merge was attempted. Re-review of the round-1 findings (head f77ed3f) on the new head 7432284. Codex + a parallel 3-lane Claude review + blast-radius pass.

Round-1 findings — all five resolved

Round-1 finding	Sev	Fix in this head	Test
Legacy Claude _hypaware marker (no managed) orphaned ANTHROPIC_BASE_URL + hooks	major	detachLegacyJsonMarker/stripLegacyClaudeHooks (client_detach_disk.js:278/318) — removes base URL only when == http://127.0.0.1:${port}, warn+leave on external override, strips claude-hook session-context hooks; faithful to the retired adapter detach()	client-detach-disk.test.js:4439, :4483
Manual hyp detach resolved targets from live gateway	major	runClientLifecycle detach branch → buildClientDescriptorMap + expandDetachClientNames + clientDescriptors.get (core_commands.js:3266-3322); no gateway.getClient on detach	integration.test.js:4937 (dropped adapter)
Detach descriptor map bundled-only vs boot/status bundled+installed	major	buildClientDescriptorMap now buildPluginCatalog(bundled, installed) (core_commands.js:3709), byte-identical inputs to boot/status	integration.test.js:4961 (INSTALLED adapter)
@typedef DetachFromDiskResult violates no-@typedef rule	minor	moved to interface in src/core/config/types.d.ts:582; @import-ed	—
Prose §Part 7 cites non-existent LLP 0045 section	nit	replaced with §Module / seam breakdown item 7 (action_attach.js:233 + test title); zero Part 7/Part 6 remain	—

No regressions introduced by the fixes: the removed claude/src/settings.js#detach has zero remaining callers; the legacy-fallback hardcoding matches the retired adapter byte-for-byte and legacy JSON markers were Claude-only.

Why request_changes despite the round-1 fixes being clean

The mechanical verdict is driven entirely by 3 Codex majors, none of which is a regression from the round-1 fixes — all are false-positive or pre-existing:

• Codex [codex] Add durable cache spool #1 (desired() reverses all markers if ctx.clients is transiently unavailable): false positive — the daemon resolves the client seam once at boot (runtime.js:343, after the gateway source binds) and closes it over every pass, so ctx.clients is stable for the daemon’s life; there is no transient-empty window.
• Codex [codex] Remove OpenTelemetry npm dependencies #2 (manual detach gated on the @hypaware/ai-gateway capability): the capability gate (core_commands.js:3223) is pre-existing (commit 946e0bf, outside every changed hunk) and unchanged by this PR. The round-1 bug — detaching a dropped/unloaded adapter while the gateway is present — is fixed. A gateway-less disk undo is a separate optional enhancement.
• Codex [codex] add PR checks #4 (readText captures mtime after the content read — TOCTOU): the readFile-then-stat ordering is inherited verbatim from the retired adapter readSettings (origin/master settings.js:153/163); not introduced here. Tiny window, requires a concurrent settings.json edit.

Risk capstone

Cross-reference: reviewer findings vs high-risk surfaces

Source	Finding (severity, evidence)	Intersects
Codex #1	major — desired() reverses all markers if ctx.clients transiently unavailable (action_attach.js:72)	Concurrency surface — FALSE POSITIVE: seam resolved once at boot, stable for daemon life
Codex #2	major — manual detach gated on ai-gateway capability (core_commands.js:3223)	Risks bullet 2 — pre-existing gate, unchanged by PR; round-1 target-resolution bug fixed
Codex #4	major — readText stat-after-read TOCTOU (client_detach_disk.js:685/692)	Concurrency surface — pre-existing pattern inherited from retired adapter readSettings
Claude	minor — orphaned ClaudeDetach* types (claude/src/types.d.ts:84,88)	Cross-package usage — dead types, harmless
Claude	minor — new inline import() types (core_commands.js:3712,3714)	follows file's pre-existing convention

Codex review

Fix Validations

Silent-gap auto attach on join

• Status: correct
• Evidence: src/core/daemon/runtime.js:66, src/core/daemon/runtime.js:327, src/core/daemon/runtime.js:377, src/core/config/action_attach.js:151, hypaware-core/smoke/flows/client_attach_on_join.js:110
• Assessment: The daemon now registers attach before backfill, threads the client seam into reconciliation, and the smoke verifies the attach marker reaches done and client settings are written.

Disk-driven reverse after adapter drop

• Status: correct
• Evidence: src/core/config/action_attach.js:187, src/core/config/action_attach.js:205, hypaware-core/smoke/flows/client_attach_on_join.js:200, hypaware-core/smoke/flows/client_attach_on_join.js:207
• Assessment: The daemon reverse path no longer calls adapter detach; it uses the descriptor-backed disk undo and the smoke covers post-restart reverse after @hypaware/claude is dropped.

Findings

1) Behavioral Correctness

• Severity: major
• Confidence: high
• Evidence: src/core/config/action_attach.js:72, src/core/config/action_attach.js:96, src/core/config/action_reconciler.js:200, src/core/config/action_reconciler.js:211, test/core/action-attach.test.js:221
• Why it matters: For a reversible handler, desired() === [] means “reverse every existing marker”; the attach handler treats missing ctx.clients as inert, but the reconciler will detach previously attached clients if the gateway registry is transiently unavailable.
• Suggested fix: Do not gate desired() on the live client registry; derive desired targets from descriptors + config + policy, and let perform() fail/retry when ctx.clients or endpoint is missing.

2) Contract & Interface Fidelity

• Severity: major
• Confidence: high
• Evidence: src/core/cli/core_commands.js:3223, src/core/cli/core_commands.js:3258, src/core/cli/core_commands.js:3266, test/core/integration.test.js:133
• Why it matters: Manual hyp detach is documented as descriptor/disk-driven, but it still refuses to run unless @hypaware/ai-gateway is activated, blocking recovery when the gateway plugin itself is removed or unavailable.
• Suggested fix: Branch detach before the gateway capability check: build the descriptor map and call detachClientViaCore; keep the gateway requirement only for attach.

4) Concurrency, Ordering & State Safety

• Severity: major
• Confidence: medium
• Evidence: src/core/config/client_detach_disk.js:685, src/core/config/client_detach_disk.js:692, src/core/config/client_detach_disk.js:723, src/core/config/client_detach_disk.js:733
• Why it matters: The disk undo reads file contents before taking the mtime snapshot, so an edit between readFile and stat becomes the expected mtime and can be overwritten by stale transformed content.
• Suggested fix: Capture stat before and after read, or open/read/fstat the same handle and only accept a stable mtime/inode snapshot; add an injected-fs regression test for the interleaving.

No Finding

• 3. Change Impact / Blast Radius
• 5. Error Handling & Resilience
• 6. Security Surface
• 7. Resource Lifecycle & Cleanup
• 8. Release Safety
• 9. Test Evidence Quality
• 10. Architectural Consistency
• 11. Debuggability & Operability

Evidence Bundle

• Changed hot paths: runClientLifecycle, createAttachHandler, createActionReconciler, detachClientFromDisk, daemon DEFAULT_ACTION_HANDLERS, status client-action reporting.
• Impacted callers: hyp attach/detach/unattach via src/core/cli/core_commands.js:3216; daemon reconcile via src/core/daemon/runtime.js:327; attach reverse via src/core/config/action_attach.js:187; status via src/core/daemon/status.js:576.
• Impacted tests: test/core/action-attach.test.js:221, test/core/integration.test.js:113, test/core/daemon-reconcile.test.js:362, test/core/client-detach-disk.test.js:435, hypaware-core/smoke/flows/client_attach_on_join.js:110.
• Unresolved uncertainty: I did not run the suite; review is based on the supplied diff plus targeted caller/contract traces.

Claude review

Claude review

Round-2 re-review of the five round-1 findings (all confirmed resolved with tests) plus a regression sweep of the fixes. Three parallel lanes (guidance / shallow-bug / contracts-callers). Round-1 majors verified fixed: legacy-marker detach fallback (detachLegacyJsonMarker/stripLegacyClaudeHooks, faithful to the retired adapter detach()), descriptor-map manual detach (expandDetachClientNames + clientDescriptors.get, no live-gateway read), bundled+installed descriptor map (buildClientDescriptorMap via buildPluginCatalog(bundled, installed)), DetachFromDiskResult moved to an interface, and the §Part 7 → §Module / seam breakdown label fix.

Orphaned ClaudeDetachOptions / ClaudeDetachResult left after the adapter detach() removal

• Severity: minor
• Confidence: 85
• Evidence: hypaware-core/plugins-workspace/claude/src/types.d.ts:84,88
• Why it matters: The PR deletes the only consumer of these types (the dead detach() in claude/src/settings.js and its @import), so both are now dead exported types — grep finds only their definitions, zero references; this is the round-1 cleanup that was started (the @import was trimmed) but not completed in the unmodified types.d.ts. Harmless (a dead .d.ts type has no runtime effect; no dangling import), but stale.
• Suggested fix: Delete the ClaudeDetachOptions interface and ClaudeDetachResult type alias from claude/src/types.d.ts.

New inline import('...') type annotations violate the "no inline import types" house rule

• Severity: minor
• Confidence: 80
• Evidence: src/core/cli/core_commands.js:3712,3714 (/** @type {import('../manifest.js').LoadedManifest[]} */ in buildClientDescriptorMap)
• Why it matters: CLAUDE.md is explicit — "Never use inline import('...') types. Declare type imports at the top of the file with @import JSDoc comments, then reference the bare names." These are added by this PR. Caveat lowering confidence: core_commands.js already carries ~23 pre-existing inline import('...') usages, so the new lines follow the file's existing (rule-violating) local convention rather than introducing a new pattern.
• Suggested fix: Add @import { LoadedManifest } from '../manifest.js' to the top-of-file @import block and change the two annotations to /** @type {LoadedManifest[]} */.

---

Reviewed at head 7432284a1da605093f71de362be7d3af4eeab2eb. Round-2 re-review by the dual-review skill (Codex gpt-5.5 + parallel Claude lanes).

[philcunliffe]

🤖 neutral: neutral:stuck — human gate on a reviewer disagreement

Round-2 re-review (head 7432284) returned a mechanical request_changes, but it is not from unresolved work — all five round-1 findings are fixed, tested, and CI-green. The verdict is driven entirely by 3 Codex majors, and the round-2 reviewer + all Claude lanes (0 majors) assessed each one as a false-positive or pre-existing condition, not a regression:

1. Codex [codex] Add durable cache spool #1 — transient ctx.clients unavailability → over-reverse. Rebuttal: the daemon resolves the client seam once at boot (runtime.js:343) and closes over it for every reconcile pass — there is no transient window. (Corroborated by the shallow-bug lane.)
2. Codex [codex] Remove OpenTelemetry npm dependencies #2 — manual hyp detach gated on the ai-gateway capability. Rebuttal: that gate is pre-existing (commit 946e0bf, outside every changed hunk); the actual round-1 bug (dropped/unloaded adapter while the gateway is present) is fixed.
3. Codex [codex] add PR checks #4 — read-then-stat TOCTOU in readText. Rebuttal: pattern inherited verbatim from the retired adapter readSettings on master; not introduced here.

Two optional nits remain (non-blocking): orphaned dead types ClaudeDetachOptions/ClaudeDetachResult in claude/src/types.d.ts, and new inline import('…') type annotations in core_commands.js (which follow ~23 pre-existing usages in that file).

Why stuck: this is at the N=2 review bound and the only thing standing between this PR and held is whether you agree the 3 Codex majors are false-positive/pre-existing. neutral won't override a request_changes verdict on its own judgement. Your call: if you concur, drop neutral:stuck and the PR is review-clean (optionally clean the 2 nits first); if any Codex major is real, it re-enters the fix flow. Full detail in the dual-review comment above.

[philcunliffe]

Dual-agent review — request_changes

• Verdict: request_changes
• Risk class: high
• Auto-merge advisory: 👎 thumbs down — verdict is request_changes; needs human-gated follow-up
• Head reviewed: e32353e586fd7568d8d7bd2fd8c5c03bca74f64b (round-3 re-review)

Advisory only: no merge was attempted.

Round-3 re-review note

This is a fresh dual-review on the new round-3 head. The mechanical verdict is
request_changes because Codex raised 3 majors — but on inspection all three are
re-raises of pre-existing / by-design properties, not round-3 regressions, and
the round-3 fixes themselves are correct (suite green, 1528 pass / 0 fail):

• Gate-move (C) — runClientLifecycle runs the disk-driven hyp detach ahead of
  the hypaware.ai-gateway gate; attach stays gated. Both new tests use a real
  gateway-less kernel: detach asserts the disk undo ran (status:ok, changed:false),
  attach asserts it still fails cap_missing (exit 1). Settles round-2 capability gate.
• TOCTOU (D) — readText now stats-before-read; the write-time mtime guard errs
  toward CONCURRENT_EDIT rather than a silent clobber. Settles round-2 TOCTOU.
• Seam (E) — clientSeam is resolved once and closed over by runReconcilePass;
  reverse() is disk-driven and never reads ctx.clients. Comment matches code. The
  Codex [codex] add PR checks #4 "transient registration → reverse gap" is round-2 [codex] Add durable cache spool #1 re-raised: mitigated by
  seam-resolved-once + daemon lifecycle (registry only empties on a config-driven staged
  restart — exactly when reverse should fire). Pre-existing design property, not a regression.
• A/B — dropped dead types (AiGatewayClientDetachContext, registration detach())
  have zero surviving refs; import hoist removed all inline import(...) types; no
  semicolons added; LLP refs resolve.

Codex #1 (localEndpoint→configured-listen fallback) and #2 (detach output contract drift)
are likewise pre-existing/documented (LLP 0045), not introduced this round; #7 (tmp-file
cleanup on partial write) is a pre-existing minor. None block the round-3 deltas.

Risk capstone

Cross-reference: reviewer findings vs high-risk surfaces

Source	Finding (severity, evidence)	Intersects
Codex #1	major — localEndpoint fallback to configured listen (runtime.js:837/842, action_attach.js:133/150)	Config field chain (gateway listen); pre-existing, not round-3
Codex #4	major — transient registration → reverse gap (action_attach.js:90/96, action_reconciler.js:127/200/212)	Reverse-gap over-fire risk; round-2 #1 re-raise, moot per seam-stable design
Codex #2	major — detach output contract drift (core_commands.js:3442/3472/3481)	Detach output contract risk; intentional/documented
Codex #7	minor — tmp-file cleanup on partial write (client_detach_disk.js:748-758)	Temp-file cleanup risk; pre-existing
Claude	none (4 subagents clear; suite green)	—

Codex review

Fix Validations

Silent-gap attach on join (#126)

• Status: incomplete
• Evidence: src/core/daemon/runtime.js:317, src/core/daemon/runtime.js:373, src/core/config/action_attach.js:72, src/core/config/action_attach.js:150
• Assessment: The happy path is wired: daemon registers attach before backfill and threads client registry/endpoint into the reconciler. The edge cases below still violate the “attach when daemon binds” contract and can reverse a still-desired attach.

Findings

1) Behavioral Correctness

• Severity: major
• Confidence: high
• Evidence: src/core/daemon/runtime.js:837, src/core/daemon/runtime.js:842, src/core/config/action_attach.js:133, src/core/config/action_attach.js:150
• Why it matters: If clients.localEndpoint() throws because the gateway did not bind, the daemon still falls back to the configured listen URL and writes client settings to a potentially dead or occupied port.
• Suggested fix: For daemon auto-attach, require the live localEndpoint() result or a proven started gateway source; keep configuredGatewayEndpoint() fallback for manual hyp attach/init only.

4) Concurrency, Ordering & State Safety

• Severity: major
• Confidence: high
• Evidence: src/core/config/action_attach.js:90, src/core/config/action_attach.js:96, src/core/config/action_reconciler.js:127, src/core/config/action_reconciler.js:200, src/core/config/action_reconciler.js:212
• Why it matters: A transient missing adapter registration makes desired() omit a client even when config still enables its plugin, so an existing marker becomes a reverse gap and the reconciler detaches the client.
• Suggested fix: Make attach desired-state depend on config policy/descriptors only; let perform() fail when the live registration is unavailable, or add a non-reversing “unavailable” path.

2) Contract & Interface Fidelity

• Severity: major
• Confidence: medium
• Evidence: src/core/cli/core_commands.js:3442, src/core/cli/core_commands.js:3472, src/core/cli/core_commands.js:3481, src/core/cli/core_commands.js:3482
• Why it matters: The new core detach output emits only generic settings_path and value-only prose, which changes the retired Codex JSON/human contract that exposed config_path, base_url=..., and model_provider=....
• Suggested fix: Preserve adapter-compatible aliases/labels from the descriptor or client name, especially config_path for Codex JSON, or explicitly version/document the CLI JSON contract and update coverage.

7) Resource Lifecycle & Cleanup

• Severity: minor
• Confidence: high
• Evidence: src/core/config/client_detach_disk.js:748, src/core/config/client_detach_disk.js:752, src/core/config/client_detach_disk.js:753, src/core/config/client_detach_disk.js:758
• Why it matters: If temp-file open/write/sync succeeds partially and then fails before rename, cleanup is skipped because rm(tmpPath) only runs in the rename catch.
• Suggested fix: Wrap the whole temp-file write/sync/close/rename sequence in a catch that removes tmpPath when it was created, preserving the original error.

No Finding

3. Change Impact / Blast Radius
4. Error Handling & Resilience
5. Security Surface
6. Release Safety
7. Test Evidence Quality
8. Architectural Consistency
9. Debuggability & Operability

Evidence Bundle

• Changed hot paths: src/core/config/action_attach.js:72, src/core/config/action_attach.js:119, src/core/config/action_attach.js:187, src/core/config/client_detach_disk.js:85, src/core/daemon/runtime.js:317, src/core/cli/core_commands.js:3230, src/core/daemon/status.js:576
• Impacted callers: daemon reconcile pass src/core/daemon/runtime.js:373; manual detach src/core/cli/core_commands.js:3230; status report src/core/daemon/status.js:492
• Impacted tests: hypaware-core/smoke/flows/client_attach_on_join.js:20; test/core/action-attach.test.js:239; test/core/action-attach.test.js:362; test/core/client-detach-disk.test.js:76; test/core/daemon-reconcile.test.js:362; test/core/integration.test.js:126; test/core/status-client-actions.test.js:307
• Unresolved uncertainty: I did not run the test suite; I also did not see coverage for gateway bind failure before auto-attach or “marker exists + plugin still configured + runtime registration missing.”

Claude review

Claude review

No issues found.

Four parallel review subagents (guidance-compliance, shallow bug scan,
contract & callers, tests & comments) each cleared the round-3 change set;
no candidate finding scored at/above the >=80 reporting bar. Highlights:

• Gate-move (C) is safe. runClientLifecycle runs the disk-driven
  detach branch ahead of the hypaware.ai-gateway capability gate; attach
  stays gated. Both new tests use a real gateway-less kernel
  (fakeKernelWithoutGateway()): the detach test asserts the disk undo ran
  (status:ok, changed:false) with the capability absent; the attach test
  asserts it still fails cap_missing (exit 1). Not vacuous.
• TOCTOU (D) correct. readText now stats before reading, so the
  captured mtime never post-dates the bytes; the write-time guard errs
  toward CONCURRENT_EDIT rather than a silent clobber.
• Seam (E) accurate. clientSeam is resolved once and closed over by
  runReconcilePass; never re-derived per pass. reverse() is disk-driven
  and never reads ctx.clients. The added comment matches the code.
• Dead types (A) / hoisted imports (B) clean. AiGatewayClientDetachContext
  and AiGatewayClientRegistration.detach() have zero surviving references;
  hoisting removed all inline import('...') types with no dangling refs; no
  semicolons added; LLP refs all resolve.
• Suite green: 1528 pass / 0 fail / 1 skip.

---

Reports: /Users/phil/workspace/hypaware/.git/worktrees/neutral-rereview3-179-XXXXXX.IhUxyenLoK/dual-review/pr-179

[philcunliffe]

Dual-agent review — request_changes

• Verdict: request_changes
• Risk class: medium
• Auto-merge advisory: 👎 thumbs down — verdict is request_changes; needs human-gated follow-up

Advisory only: no merge was attempted. Round-4 re-review (head cdab0e5).

Note: the lone request_changes driver is Codex finding #2 (missing attach_probe), which is outside the round-4 delta (it lives in action_attach.js desired/reverse + the probe contract, untouched by cdab0e5) and is not reachable by the shipped claude/codex adapters (both ship an attach_probe). The two round-4 hardening items (temp-file cleanup; proven-bound daemon endpoint) are correct, tested, and green (npm test 1532/0, client_attach_on_join smoke ok).

Risk capstone

Cross-reference (reviewer findings vs round-4 surface)

Finding	Reviewer	Severity	In round-4 surface?	Disposition
Missing attach_probe -> reverse no-op drops marker, orphaning client settings	Codex	major	NO — action_attach.js desired/reverse + probe contract untouched by cdab0e5	Pre-existing risk-class / latent contract gap. Not triggerable by shipped adapters (claude+codex both ship attach_probe). Valid follow-up; not a round-4 regression.
client_attach_missing diagnostic still warns under attach.on_join:false	Codex	minor	NO — status.js untouched by cdab0e5	Pre-existing diagnostic polish; not a round-4 regression.
Stale endpoint JSDoc in types.d.ts contradicts round-4 contract	Claude	minor	ADJACENT — behavior changed in round-4, parallel JSDoc not updated	Real round-4 completeness gap (stale comment on .d.ts contract surface). Doc-only; non-blocking.
"inert this pass" overstates the failed-marker-each-pass behavior	Claude	minor	YES — wording in round-4 runtime.js / new test	Real precision/operability nuance; safe + self-heals. Non-blocking.

Codex review

Fix Validations

#126 silent-gap: joined daemon did not auto-attach enabled clients

• Status: correct
• Evidence: src/core/daemon/runtime.js:65, src/core/daemon/runtime.js:326, src/core/daemon/runtime.js:373, src/core/daemon/runtime.js:384, src/core/config/action_attach.js:89, src/core/config/action_attach.js:151
• Assessment: The daemon now registers attach before backfill, passes clientDescriptors/clients/endpoint into the reconciler, and perform() calls the live adapter attach with JSON output. Existing handling was only a status warning (src/core/daemon/status.js:453), so it would not have closed the silent capture gap by itself.

Config-drop reverse after adapter unload

• Status: correct
• Evidence: src/core/config/action_reconciler.js:198, src/core/config/action_reconciler.js:210, src/core/config/action_reconciler.js:212, src/core/config/action_attach.js:203, src/core/config/client_detach_disk.js:85
• Assessment: The reverse path is disk-driven and does not require the dropped adapter to stay registered. This is correct for descriptors with a valid attachProbe; see the first finding for the missing-probe hole.

Findings

2) Contract & Interface Fidelity

• Severity: major
• Confidence: high
• Evidence: src/core/plugin_catalog.js:23, src/core/plugin_catalog.js:97, src/core/config/action_attach.js:89, src/core/config/action_attach.js:96, src/core/config/client_detach_disk.js:85, src/core/config/client_detach_disk.js:87, src/core/config/action_attach.js:222
• Why it matters: A client contribution without attach_probe can be auto-attached and marked done, but reverse will treat the missing probe as a successful no-op and drop the marker, leaving client settings orphaned.
• Suggested fix: Make attach_probe required for any contributes.client that can participate in attach-on-join, or filter/fail desired() when descriptor.attachProbe is absent; also make reverse treat “missing attachProbe for an applied marker” as a failed reverse, not done.

11) Debuggability & Operability

• Severity: minor
• Confidence: high
• Evidence: src/core/daemon/status.js:453, src/core/daemon/status.js:457, src/core/daemon/status.js:638, src/core/daemon/status.js:641, src/core/daemon/status.js:643
• Why it matters: attach.on_join:false correctly renders the attach action as n/a, but the older client-attach diagnostic still warns that the client is missing and tells the operator to run hyp attach.
• Suggested fix: Gate client_attach_missing on the same attach policy used by the declared attach report, and suppress the warning when the enabled plugin has attach.on_join:false.

No Finding

• 1. Behavioral Correctness
• 3. Change Impact / Blast Radius
• 4. Concurrency, Ordering & State Safety
• 5. Error Handling & Resilience
• 6. Security Surface
• 7. Resource Lifecycle & Cleanup
• 8. Release Safety
• 9. Test Evidence Quality
• 10. Architectural Consistency

Evidence Bundle

• Changed hot paths: action_attach, action_reconciler, client_detach_disk, daemon runtime reconcile wiring, manual hyp attach/detach, status client-action reporting, ai-gateway registerClient.
• Impacted callers: daemon reconcile pass src/core/daemon/runtime.js:373; manual detach src/core/cli/core_commands.js:3230; manual attach src/core/cli/core_commands.js:3305; status report src/core/daemon/status.js:499; gateway registration hypaware-core/plugins-workspace/ai-gateway/src/api.js:53.
• Impacted tests: test/core/action-attach.test.js:146; test/core/action-attach.test.js:387; test/core/client-detach-disk.test.js:435; test/core/daemon-reconcile.test.js:362; test/core/status-client-actions.test.js:307; test/core/integration.test.js:169; hypaware-core/smoke/flows/client_attach_on_join.js:48.
• Unresolved uncertainty: I did not run the test suite; review is based on the supplied diff plus targeted caller/contract tracing.

Claude review

Claude review

Four parallel review lanes (guidance/compliance, shallow-bug, contract-&-callers,
tests-&-comments) ran on head cdab0e5. The two headline round-4 items are correct
and genuinely tested; npm test is green (1532 pass / 0 fail / 1 skip) and the
client_attach_on_join smoke passes. ITEM-1's new test was mutation-verified
(disabling the fs.rm cleanup fails exactly that test). Two minor doc/contract
items survived the >=80 filter — neither blocks merge.

Stale endpoint JSDoc on the .d.ts contract surface contradicts the round-4 behavior

• Severity: minor
• Confidence: 90
• Evidence: src/core/config/types.d.ts:396-401 (ActionContext.endpoint) and :454-458 (ReconcileInput.endpoint)
• Why it matters: Both blocks (added earlier in this PR) still say endpoint is "resolved from gateway.localEndpoint() with the configured-listen fallback the CLI uses. Set whenever clients is." Round-4 made both clauses false (daemon seam omits the fallback; endpoint is now deliberately undefined while clients is set — daemon-attach-seam.test.js:85-88, action_attach.js:133-136). A maintainer trusting "set whenever clients is" could delete the perform() endpoint guard as dead code, reintroducing the dead-port-URL failure round-4 closed.
• Suggested fix: Update both JSDoc blocks to "resolved from localEndpoint() only — no configured-listen fallback (that is the manual CLI path); may be undefined even when clients is set (gateway never bound), in which case the attach handler records a retryable failure."

"stays inert this pass" wording overstates the unbound-gateway path

• Severity: minor
• Confidence: 82
• Evidence: src/core/daemon/runtime.js:822-824 and test/core/daemon-attach-seam.test.js:84
• Why it matters: desired() does not gate on endpoint, so when the gateway is enabled-but-never-bound (a non-fatal source bind failure; runtime.js:947-960) the client is still named and perform() returns {status:'failed', reason:'attach action missing gateway endpoint'} (action_attach.js:133-136), which the reconciler records as a failed marker + a client_action.failed ERROR each pass until the gateway binds (action-attach.test.js:340-348 pins this). It is safe (no crash, no bad URL) and self-heals, but it is "records a retryable failure," not literally "inert" — a recurring ERROR signal while the gateway is merely waiting to bind, which may feed the daemon's aggregate-state health derivation.
• Suggested fix: Either make it genuinely inert (have desired() omit the client when clients && !ctx.endpoint, or return a non-failed "deferred" outcome) or soften the "inert this pass" wording in runtime.js and the test name to "records a retryable failure until the gateway is proven-bound."

---

Reports: /Users/phil/workspace/hypaware/.git/worktrees/neutral-rereview4-179-XXXXXX.XXvzvfDRhl/dual-review/pr-179

[philcunliffe]

🤖 neutral: converged after 4 review rounds — human merge gate

Driven through 4 fix↔review rounds (heads f77ed3f → 7432284 → e32353e → cdab0e5). Every actionable finding raised by either reviewer in rounds 1–4 is resolved, tested, and CI-green (1532 pass / 0 fail; client_attach_on_join + cross-format detach smokes green). The round-1 undo-record gap, the legacy-marker half-reversal, the gateway-gated manual detach, the bundled-only descriptor map, the TOCTOU, the temp-file leak, and the dead-port auto-attach URL are all fixed.

The residual mechanical request_changes is not a defect in this change set:

• It is forced by one pre-existing Codex major — a contributes.client with no attach_probe can attach but reverse() silently no-ops, orphaning settings. This is outside the diff and not reachable by the shipped claude/codex adapters (both ship a probe). Valid follow-up: make attach_probe required for attach-eligible clients, or fail reverse() on a missing probe.
• The round-1/round-2 Codex "transient seam over-reverse" phantom is gone (the seam is resolved-once-and-stable; documented + code-confirmed).

Two non-blocking doc-precision minors from round 4 (worth a quick cleanup before or after merge):

1. src/core/config/types.d.ts — ActionContext.endpoint / ReconcileInput.endpoint JSDoc still describes the old localEndpoint()+fallback contract; round-4 made it localEndpoint()-only (may be undefined → retryable failure). Update the prose so no one deletes the perform() endpoint guard as "dead code."
2. runtime.js:822 / daemon-attach-seam.test.js — "stays inert this pass" overstates it (an enabled-but-unbound gateway logs a retryable client_action.failed each pass until bound). Soften wording or skip in desired() when clients && !endpoint.

Process note: 0045 §Part 1 was edited in place this round (an Active doc). Acceptable here as living-docs within an unmerged PR, but the cleaner pattern is to keep design docs Accepted through review and flip to Active at merge — and drop the inline "(Hardening, #179 round-3)" changelog parenthetical for settled prose.

Recommendation: this is as clean as the change set will get — merge-quality, Claude-clean, residual is pre-existing/latent. Merge is a human act (neutral never merges); held for your call. Drop neutral:stuck to proceed.