feat(route): make ReadyRouteCandidate immutable with sourced limit overrides#4562
Conversation
…errides Seal ReadyRouteCandidate behind private fields and read-only getters so post-resolution limit mutation is impossible outside the resolver. Callers request limit changes through RouteRequest::limit_overrides; the resolver applies them in order before minting and records exact provenance. Auth is reported as Unresolved at resolution time (credentials are never inspected by the resolver). Route runtime plans Codex strip/roster, user context, provider-reported Kimi context, and membership-plan floor overrides as sourced requests instead of mutating a live candidate. Verification: cargo fmt --check; cargo test -p codewhale-config route (76); cargo test -p codewhale-config --doc (1); cargo test -p codewhale-tui --bin codewhale-tui route_runtime::tests (12); cargo check/clippy -D warnings for config, tui, and app-server; git diff --check. Signed-off-by: Hunter B <hmbown@gmail.com>
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
|
Claude finished @Hmbown's task in 2m 38s —— View job Review:
|
Summary
ReadyRouteCandidatebehind private fields and read-only getters so a resolved route cannot be mutated after constructionRouteLimitOverriderequests applied by the resolver before the ready candidate is mintedResolvedAuthSource::Unresolvedduring pure resolution; credential preflight remains outside the resolverThis is the bounded P1 route-authority slice from the v0.9.1 cutover plan. It changes construction/ownership, not provider selection policy.
Verification
cargo fmt --all -- --checkcargo test -p codewhale-config route --locked(76 passed)cargo test -p codewhale-config --doc --locked(1 passed)cargo test -p codewhale-tui --bin codewhale-tui --locked route_runtime::tests(12 passed)cargo check -p codewhale-app-server --lockedcargo clippy -p codewhale-config -p codewhale-tui -p codewhale-app-server --all-targets --all-features --locked -- -D warningsgit diff --check origin/main...HEADFocused coverage includes unresolved auth JSON compatibility, all three limit fields, ordered repeated overrides, exact applied provenance, and existing auth variant wire spellings.
Current exact head:
4698f8b78c451a0e5cbabe73e0d46e13698cdefd.