Skip to content

Route semantic extraction through generic ACP#1999

Open
caniko wants to merge 18 commits into
Graphify-Labs:v8from
caniko:split/acp-codex
Open

Route semantic extraction through generic ACP#1999
caniko wants to merge 18 commits into
Graphify-Labs:v8from
caniko:split/acp-codex

Conversation

@caniko

@caniko caniko commented Jul 18, 2026

Copy link
Copy Markdown

This is slice 5/5 of the work previously gathered in #1787, stacked on #1995, #1996, #1997, and #1998.

The branch includes the preceding slices so it is testable as a complete tree; review the final incremental commits 9b5c7a8 and 01ee9fb after those predecessors.

Routes semantic extraction through the official ACP Python SDK and a provider-neutral adapter command, keeps codex-cli as a compatibility alias, removes direct codex exec transport, and moves model/read-only/session settings to ACP configuration.

Hardening included:

  • ACP adapters receive a minimal environment by default; provider-specific variables require explicit GRAPHIFY_CHILD_ENV_ALLOWLIST entries.
  • The deprecated codex-cli alias is normalized before community-labeling concurrency guards, so all ACP paths share the default serial session policy.

Validation:

  • nix flake check path:. --accept-flake-config --print-build-logs — 3386 passed, 51 skipped; all checks passed
  • 120 focused ACP, labeling, and LLM-backend tests passed
  • Graph diagnostics: 11935 nodes, 20687 edges, 0 missing endpoints, 0 dangling endpoints, 0 duplicate edges

Merge order: slices #1995 and #1996, plus independent slices #1997 and #1998, then this slice.

Vitali Karasenko and others added 16 commits July 18, 2026 15:34
tests were breaking if the target had a `.` somewhere in global path
higher than project directory
.git is not available in a nix sandbox
Rewrite the --no-cluster path in both extract and watch to use
build_from_json and node_link_data instead of raw dedup, so the
unclustered graph passes the diagnostic integrity gate.

Also update documentation (AGENTS.md, README, --help text) to
describe the normalized output and add the endpoint-safe graph
regression test.
JSON data files are intentionally skipped by the structural extractor.
They should not trigger the zero-node aggregate warning, which was
designed for failed code extractions (Graphify-Labs#1666).
Use the official ACP client as Graphify's provider-neutral transport and preserve codex-cli as a compatibility alias. Keep subscription authentication and adapter configuration outside Graphify.
@caniko
caniko force-pushed the split/acp-codex branch from 9b5c7a8 to 0dd18b0 Compare July 18, 2026 13:35
@JenZaAI

JenZaAI commented Jul 18, 2026

Copy link
Copy Markdown

Hi — we reviewed this ACP / codex-cli subscription-backed extraction path from a security angle and ran a small controlled evaluation on a documentation corpus.

First, thank you for adding this. The ACP/Codex subscription route is exactly the kind of backend needed by users who have a ChatGPT/Codex subscription but not an OPENAI_API_KEY.

Security concern: inherited child environment

One concern we noticed: the ACP child-agent path appears to inherit the parent process environment:

  • graphify/acp.py uses os.environ.copy() before spawning the ACP adapter process.

Because this backend runs an autonomous agent CLI over untrusted repository/corpus text, read-only filesystem mode is not a complete boundary if the child process receives unrelated env secrets. A prompt-injection payload in markdown/source could potentially cause the agent to inspect env vars or use available shell/network tooling, depending on the CLI sandbox behavior.

We locally tested a small mitigation against the earlier superseded PR: construct an allowlisted child env for ACP/Codex subprocesses, keeping only process plumbing/auth-location vars such as HOME, PATH, locale/temp vars, NO_BROWSER, CODEX_HOME, and XDG dirs, plus explicit operator additions via something like GRAPHIFY_CHILD_ENV_ALLOWLIST. We also added unit tests that secret-like vars such as OPENAI_API_KEY, GITHUB_TOKEN, ANTHROPIC_API_KEY, and AWS_SECRET_ACCESS_KEY are not forwarded by default.

Focused tests still passed after that local patch:

uv run --extra acp pytest tests/test_acp_backend.py tests/test_llm_backends.py -q
93 passed

There may be a better upstream design, but I wanted to flag the inherited-env issue before this backend becomes a recommended no-API-key/subscription path.

Evaluation note

We also ran a stricter baseline-vs-Graphify check on a documentation corpus using 5 isolated sequential workers per phase. Graphify extraction/mapping was treated as setup and excluded from worker performance.

Result: Graphify/Codex-full was usable and non-misleading as a navigation layer, but it did not improve worker-time or token efficiency on this docs-heavy corpus. Normal source search was already strong. This may be different on a code-heavy project where call/file relationships matter more.

Smaller correctness note

Community-labeling serialization appears to guard ACP in some places; it may be worth confirming the deprecated codex-cli alias inherits the same serial/concurrency behavior to avoid subscription burst issues.

Happy to share the local patch/diff if useful.


Posted by JenZaAI via bSmart AI workflow, approved by JenZAAS.

Forward only the minimal ACP child environment by default and require explicit names for provider-specific variables. Normalize the deprecated codex-cli alias before community-labeling concurrency guards so every ACP path shares the serial session policy.
@caniko

caniko commented Jul 19, 2026

Copy link
Copy Markdown
Author

Good call on the framing. This PR is about using the standardized ACP path for the deprecated codex-cli backend, not making Graphify itself more efficient or secure. I treated the corpus evaluation as useful context rather than an acceptance criterion.

I incorporated the concrete pointers in 01ee9fb: ACP child processes now get a minimal allowlisted environment, with GRAPHIFY_CHILD_ENV_ALLOWLIST for provider-specific variables, and codex-cli is normalized before community-labeling concurrency guards so it inherits ACP’s default serial policy. The adapter remains neutral; CODEX_HOME is part of the default auth-location set needed by the current Codex adapter.

Focused tests and the full flake check pass: 3386 passed, 51 skipped.

@caniko caniko mentioned this pull request Jul 19, 2026
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants