session-003-handoff.md #1

Session 003 Handoff — P4Sudo Project

Date: 2026-04-08 Bot user: bot_Claude_Anthropic Workspace: bot_Claude_Anthropic.P4MBPro5.p4sudo Stream: //p4sudo/dev

Session Summary

This session was primarily a coding session. Three main deliverables:

  1. bin/p4sudo.sh — Core dispatcher (CL 32547)
  2. bin/p4sudo-help.sh — Help interception script (CL 32547)
  3. README.md — Project overview for the Swarm/Code Review landing page (CL 32549)

Additionally, governance was updated at session close (this CL):

  • ai/CLAUDE.md updated with stream topology notes (ai/ exclude mapping, Version file format)
  • ai/session-003-handoff.md (this file)

Changelists This Session

CL Description Status
32547 Add bin/p4sudo.sh dispatcher and bin/p4sudo-help.sh Submitted
32549 Add README.md project overview Submitted
32555 Update CLAUDE.md governance; session-003 handoff Submitted this session

What Was Accomplished

p4sudo.sh — Core Dispatcher

Full implementation of the broker filter dispatcher:

  • Broker stdin parsing — extracts user, workspace, cwd, brokerTargetPort, argCount, Arg0ArgN
  • Config parsing (parse_cfg) — reads [settings], [commands], [rules] sections from p4sudo.cfg
  • Service account guard — rejects invocations by p4sudo-svc itself (prevents privilege escalation)
  • max_args enforcement — safety limit on argument count
  • Authorization (check_authorization) — walks rules top-to-bottom; matches by user: or group: principal (via p4 groups -u), command name, and optional arg glob pattern; first match wins; implicit deny if no rule matches
  • Dispatchtype=native emits action: REWRITE to p4d as the service account; type=script execs the command script under timeout; unknown command type treated as native
  • Context export — command scripts receive P4SUDO_REQUESTING_USER, P4SUDO_P4PORT, P4SUDO_WORKSPACE, P4SUDO_CWD, etc. as env vars
  • Hybrid logging — per-invocation timestamped log in $LOGS (SDP style, explicit writes — no exec redirect since stdout is the broker protocol channel) plus persistent audit log from p4sudo.cfg

p4sudo-help.sh — Help Interception

  • Intercepts p4 help sudo and p4 help sudo <subcmd>; passes all other p4 help topics through with action: PASS
  • p4 help sudo lists all registered commands with descriptions from p4sudo.cfg
  • p4 help sudo <subcmd> shows usage for that command
  • Reads command registry from the [commands] section of p4sudo.cfg

Coding Standard Compliance

Both scripts conform to the SDP Bash Coding Standard (CL 32539):

  • set -u only (no -e, no -o pipefail)
  • 3-space indentation
  • UpperCamelCase globals, lowerCamelCase function-local variables
  • function name () { } style
  • #==== / #---- section dividers
  • usage() with -h, -man, -V/--version
  • Sources logging.lib and run.lib from $SDPCommonLib
  • terminate() overridden after library source to suppress stdout output (stdout is the broker protocol channel — the library's version would print "Log is: ..." to the protocol stream)
  • ShellCheck 0.10.0 clean

README.md

Project overview for the Swarm Code Review landing page:

  • Problem statement (the super-user delegation problem)
  • How it works (architecture narrative + ASCII diagram)
  • Key features: policy-driven rules, site-defined commands, web UI support, audit trail, p4 help integration
  • Deployment overview (files, broker config snippet)
  • Repository layout
  • Status section

Does not mention Black Belt, PPN, or any customer-specific content.

Governance Updates (CLAUDE.md)

Added to the Version Control Workflow section:

  • Stream topology / ai/ exclude: The //p4sudo/dev stream spec has an exclude ai/... mapping. Session logs and handoffs live in dev only and cannot be promoted north. No special handling needed — stream spec enforces the boundary.

  • Version file format: Rev. P4Sudo/MultiArch/2026.1/32549 (2026/04/08). Tom manages this file manually. Bot should not modify unless asked.

Tom's Action Items (Carried Forward)

  1. Promote README.md to //p4sudo/main — Tom intends to do this manually.
  2. Add exclude ai/... to //p4sudo/dev stream spec — Required to enforce the boundary described above. (Tom may have already done this.)
  3. AWS Security Group — Open port :1671 on ppn.perforce.com (internal-only).
  4. Provision Ubuntu 24.04 EC2 — New app server in PPN AWS account.
  5. p4sudo-svc.blackbelt persistent workspace — Manual setup on PPN.

Next Session: Where to Pick Up

The core P4Sudo framework (dispatcher, help script, config format, docs) is complete. The next logical milestone is the first site-defined command script.

Recommended next task: mkblackbelt.sh

This is the first real command script, implementing the full 9-step workflow documented in doc/use-cases.md. It exercises every part of the framework: config parsing, ephemeral workspace creation, P4 operations as the service account, template substitution, and CustomerIndex.md update.

Pre-requisites for testing mkblackbelt.sh end-to-end:

  • Port :1671 open on ppn.perforce.com (AWS Security Group — Tom's action item)
  • p4sudo-svc.blackbelt persistent workspace on PPN
  • //BlackBelt/main/docs/INFO.md.template accessible on PPN

If infrastructure isn't ready, the script can still be written and syntax-checked; integration testing waits for the port to open.

Files of Interest

Path Notes
ai/CLAUDE.md Full governance — read at session start
bin/p4sudo.sh Core dispatcher — complete
bin/p4sudo-help.sh Help interception — complete
README.md Project overview (Swarm landing page)
doc/use-cases.md UC-001 mkblackbelt — fully documented
doc/mkblackbelt.ui.yaml Web form definition for mkblackbelt
doc/p4sudo.cfg.example Annotated config reference
doc/broker-rewrite-reference/README.md Broker filter protocol reference 
# Session 003 Handoff — P4Sudo Project

**Date:** 2026-04-08
**Bot user:** bot_Claude_Anthropic
**Workspace:** bot_Claude_Anthropic.P4MBPro5.p4sudo
**Stream:** //p4sudo/dev

---

## Session Summary

This session was primarily a coding session. Three main deliverables:

1. **`bin/p4sudo.sh`** — Core dispatcher (CL 32547)
2. **`bin/p4sudo-help.sh`** — Help interception script (CL 32547)
3. **`README.md`** — Project overview for the Swarm/Code Review landing page (CL 32549)

Additionally, governance was updated at session close (this CL):
- `ai/CLAUDE.md` updated with stream topology notes (`ai/` exclude mapping,
  Version file format)
- `ai/session-003-handoff.md` (this file)

---

## Changelists This Session

| CL | Description | Status |
|----|-------------|--------|
| 32547 | Add bin/p4sudo.sh dispatcher and bin/p4sudo-help.sh | Submitted |
| 32549 | Add README.md project overview | Submitted |
| 32555 | Update CLAUDE.md governance; session-003 handoff | **Submitted this session** |

---

## What Was Accomplished

### p4sudo.sh — Core Dispatcher

Full implementation of the broker filter dispatcher:

- **Broker stdin parsing** — extracts `user`, `workspace`, `cwd`,
  `brokerTargetPort`, `argCount`, `Arg0`…`ArgN`
- **Config parsing** (`parse_cfg`) — reads `[settings]`, `[commands]`,
  `[rules]` sections from `p4sudo.cfg`
- **Service account guard** — rejects invocations by `p4sudo-svc` itself
  (prevents privilege escalation)
- **`max_args` enforcement** — safety limit on argument count
- **Authorization** (`check_authorization`) — walks rules top-to-bottom;
  matches by `user:` or `group:` principal (via `p4 groups -u`), command
  name, and optional arg glob pattern; first match wins; implicit deny if
  no rule matches
- **Dispatch** — `type=native` emits `action: REWRITE` to p4d as the service
  account; `type=script` execs the command script under `timeout`; unknown
  command type treated as native
- **Context export** — command scripts receive `P4SUDO_REQUESTING_USER`,
  `P4SUDO_P4PORT`, `P4SUDO_WORKSPACE`, `P4SUDO_CWD`, etc. as env vars
- **Hybrid logging** — per-invocation timestamped log in `$LOGS` (SDP style,
  explicit writes — no exec redirect since stdout is the broker protocol
  channel) plus persistent audit log from `p4sudo.cfg`

### p4sudo-help.sh — Help Interception

- Intercepts `p4 help sudo` and `p4 help sudo <subcmd>`; passes all other
  `p4 help` topics through with `action: PASS`
- `p4 help sudo` lists all registered commands with descriptions from
  `p4sudo.cfg`
- `p4 help sudo <subcmd>` shows usage for that command
- Reads command registry from the `[commands]` section of `p4sudo.cfg`

### Coding Standard Compliance

Both scripts conform to the SDP Bash Coding Standard (CL 32539):
- `set -u` only (no `-e`, no `-o pipefail`)
- 3-space indentation
- `UpperCamelCase` globals, `lowerCamelCase` function-local variables
- `function name () { }` style
- `#====` / `#----` section dividers
- `usage()` with `-h`, `-man`, `-V`/`--version`
- Sources `logging.lib` and `run.lib` from `$SDPCommonLib`
- `terminate()` overridden after library source to suppress stdout output
  (stdout is the broker protocol channel — the library's version would print
  "Log is: ..." to the protocol stream)
- ShellCheck 0.10.0 clean

### README.md

Project overview for the Swarm Code Review landing page:
- Problem statement (the super-user delegation problem)
- How it works (architecture narrative + ASCII diagram)
- Key features: policy-driven rules, site-defined commands, web UI support,
  audit trail, `p4 help` integration
- Deployment overview (files, broker config snippet)
- Repository layout
- Status section

Does not mention Black Belt, PPN, or any customer-specific content.

---

## Governance Updates (CLAUDE.md)

Added to the Version Control Workflow section:

- **Stream topology / `ai/` exclude**: The `//p4sudo/dev` stream spec has an
  `exclude ai/...` mapping. Session logs and handoffs live in `dev` only and
  cannot be promoted north. No special handling needed — stream spec enforces
  the boundary.

- **Version file format**: `Rev. P4Sudo/MultiArch/2026.1/32549 (2026/04/08).`
  Tom manages this file manually. Bot should not modify unless asked.

---

## Tom's Action Items (Carried Forward)

1. **Promote `README.md` to `//p4sudo/main`** — Tom intends to do this manually.
2. **Add `exclude ai/...` to `//p4sudo/dev` stream spec** — Required to enforce
   the boundary described above. (Tom may have already done this.)
3. **AWS Security Group** — Open port :1671 on `ppn.perforce.com` (internal-only).
4. **Provision Ubuntu 24.04 EC2** — New app server in PPN AWS account.
5. **`p4sudo-svc.blackbelt` persistent workspace** — Manual setup on PPN.

---

## Next Session: Where to Pick Up

The core P4Sudo framework (dispatcher, help script, config format, docs) is
complete. The next logical milestone is the first site-defined command script.

**Recommended next task: `mkblackbelt.sh`**

This is the first real command script, implementing the full 9-step workflow
documented in `doc/use-cases.md`. It exercises every part of the framework:
config parsing, ephemeral workspace creation, P4 operations as the service
account, template substitution, and CustomerIndex.md update.

Pre-requisites for testing `mkblackbelt.sh` end-to-end:
- Port :1671 open on `ppn.perforce.com` (AWS Security Group — Tom's action item)
- `p4sudo-svc.blackbelt` persistent workspace on PPN
- `//BlackBelt/main/docs/INFO.md.template` accessible on PPN

If infrastructure isn't ready, the script can still be written and
syntax-checked; integration testing waits for the port to open.

---

## Files of Interest

| Path | Notes |
|------|-------|
| `ai/CLAUDE.md` | Full governance — read at session start |
| `bin/p4sudo.sh` | Core dispatcher — complete |
| `bin/p4sudo-help.sh` | Help interception — complete |
| `README.md` | Project overview (Swarm landing page) |
| `doc/use-cases.md` | UC-001 mkblackbelt — fully documented |
| `doc/mkblackbelt.ui.yaml` | Web form definition for mkblackbelt |
| `doc/p4sudo.cfg.example` | Annotated config reference |
| `doc/broker-rewrite-reference/README.md` | Broker filter protocol reference |
# Change User Description Committed
#1 32557 bot_Claude_Anthropic Update CLAUDE.md governance (stream topology, Version file); add session-003 handoff

Documents ai/ exclude mapping in dev stream spec, Version file format,
and wraps up session 003.

#review-32558 @robert_cowham @tom_tyler