Skip to content

Route semantic extraction through generic ACP#1999

Open
caniko wants to merge 17 commits into
Graphify-Labs:v8from
caniko:split/acp-codex
Open

Route semantic extraction through generic ACP#1999
caniko wants to merge 17 commits into
Graphify-Labs:v8from
caniko:split/acp-codex

Conversation

@caniko

@caniko caniko commented Jul 18, 2026

Copy link
Copy Markdown

This is slice 5/5 of the work previously gathered in #1787, stacked on #1995, #1996, #1997, and #1998.

The branch includes the preceding slices so it is testable as a complete tree; review the final incremental commit 9b5c7a8 after those predecessors.

Routes semantic extraction through the official ACP Python SDK and a provider-neutral adapter command, keeps codex-cli as a compatibility alias, removes direct codex exec transport, and moves model/read-only/session settings to ACP configuration.

Validation:

  • nix flake check path:. --accept-flake-config --print-build-logs
  • pytest -q tests/test_acp_backend.py (8 passed)

Merge order: slices #1995 and #1996, plus independent slices #1997 and #1998, then this slice.

Vitali Karasenko and others added 16 commits July 18, 2026 15:34
tests were breaking if the target had a `.` somewhere in global path
higher than project directory
.git is not available in a nix sandbox
Rewrite the --no-cluster path in both extract and watch to use
build_from_json and node_link_data instead of raw dedup, so the
unclustered graph passes the diagnostic integrity gate.

Also update documentation (AGENTS.md, README, --help text) to
describe the normalized output and add the endpoint-safe graph
regression test.
JSON data files are intentionally skipped by the structural extractor.
They should not trigger the zero-node aggregate warning, which was
designed for failed code extractions (Graphify-Labs#1666).
Use the official ACP client as Graphify's provider-neutral transport and preserve codex-cli as a compatibility alias. Keep subscription authentication and adapter configuration outside Graphify.
@caniko
caniko force-pushed the split/acp-codex branch from 9b5c7a8 to 0dd18b0 Compare July 18, 2026 13:35
@JenZaAI

JenZaAI commented Jul 18, 2026

Copy link
Copy Markdown

Hi — we reviewed this ACP / codex-cli subscription-backed extraction path from a security angle and ran a small controlled evaluation on a documentation corpus.

First, thank you for adding this. The ACP/Codex subscription route is exactly the kind of backend needed by users who have a ChatGPT/Codex subscription but not an OPENAI_API_KEY.

Security concern: inherited child environment

One concern we noticed: the ACP child-agent path appears to inherit the parent process environment:

  • graphify/acp.py uses os.environ.copy() before spawning the ACP adapter process.

Because this backend runs an autonomous agent CLI over untrusted repository/corpus text, read-only filesystem mode is not a complete boundary if the child process receives unrelated env secrets. A prompt-injection payload in markdown/source could potentially cause the agent to inspect env vars or use available shell/network tooling, depending on the CLI sandbox behavior.

We locally tested a small mitigation against the earlier superseded PR: construct an allowlisted child env for ACP/Codex subprocesses, keeping only process plumbing/auth-location vars such as HOME, PATH, locale/temp vars, NO_BROWSER, CODEX_HOME, and XDG dirs, plus explicit operator additions via something like GRAPHIFY_CHILD_ENV_ALLOWLIST. We also added unit tests that secret-like vars such as OPENAI_API_KEY, GITHUB_TOKEN, ANTHROPIC_API_KEY, and AWS_SECRET_ACCESS_KEY are not forwarded by default.

Focused tests still passed after that local patch:

uv run --extra acp pytest tests/test_acp_backend.py tests/test_llm_backends.py -q
93 passed

There may be a better upstream design, but I wanted to flag the inherited-env issue before this backend becomes a recommended no-API-key/subscription path.

Evaluation note

We also ran a stricter baseline-vs-Graphify check on a documentation corpus using 5 isolated sequential workers per phase. Graphify extraction/mapping was treated as setup and excluded from worker performance.

Result: Graphify/Codex-full was usable and non-misleading as a navigation layer, but it did not improve worker-time or token efficiency on this docs-heavy corpus. Normal source search was already strong. This may be different on a code-heavy project where call/file relationships matter more.

Smaller correctness note

Community-labeling serialization appears to guard ACP in some places; it may be worth confirming the deprecated codex-cli alias inherits the same serial/concurrency behavior to avoid subscription burst issues.

Happy to share the local patch/diff if useful.


Posted by JenZaAI via bSmart AI workflow, approved by JenZAAS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants