<feed xmlns='http://www.w3.org/2005/Atom'>
<title>pantograph.git/src/glob.zig, branch main</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.
</subtitle>
<id>https://code.tjp.lol/pantograph.git/atom?h=main</id>
<link rel='self' href='https://code.tjp.lol/pantograph.git/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://code.tjp.lol/pantograph.git/'/>
<updated>2026-07-01T21:37:04Z</updated>
<entry>
<title>Load extensions via unified policy, entry/activate, rocks and paths</title>
<updated>2026-07-01T21:37:04Z</updated>
<author>
<name>t</name>
<email>t@tjp.lol</email>
</author>
<published>2026-07-01T21:36:20Z</published>
<link rel='alternate' type='text/html' href='https://code.tjp.lol/pantograph.git/commit/?id=800b2c4b6115845f6bf15d90484b3e80e81a606f'/>
<id>urn:sha1:800b2c4b6115845f6bf15d90484b3e80e81a606f</id>
<content type='text'>
Replace the split [tools]/[extensions] config sections and the two-stage
load gate with a single model:

- [extensions] is now one policy resolved across all layers. Rules from
  every layer are kept (not clobbered) and resolved by last-match-wins
  after sorting by (layer, glob specificity, deny-last), so a base layer
  can carve one name out of an otherwise-denied group and a higher layer's
  broad rule still wins. Default is allow; whitelist via deny=["**"].
- Registration is deferred: a source returns an entry {name, activate}
  (or a list, or the sugar tool table), is always eval'd side-effect-free,
  and only permitted names get activate()d. Identity is the declared name,
  not the filename. Collapses the old pre/post-load two-stage gate.
- The loader runs two passes (eval -&gt; shadow -&gt; filter -&gt; activate) with
  precedence project&gt;user&gt;base and, within a layer, rocks&lt;paths&lt;dir.
- extensions.paths adds extra scan dirs; extensions.rocks loads luarocks
  packages as extension sources (require-as-entries). Startup installs
  only missing rocks (no per-launch network hit); panto update force-
  (re)installs every configured rock.

deny is a feature toggle, not a security boundary: rocks is where registry
code enters, so the pin list is the trust boundary. Rock integrity
(first-party GPG signing + --verify) is designed but not yet wired; until
then rocks pins which version, not which bytes.

Breaking: [tools] is removed; extensions must return entries. Built-in
tools and the wc example keep working via the sugar tool form.
</content>
</entry>
<entry>
<title>Rename system extension layer to base for clarity</title>
<updated>2026-06-01T17:20:56Z</updated>
<author>
<name>t</name>
<email>t@tjp.lol</email>
</author>
<published>2026-06-01T14:21:00Z</published>
<link rel='alternate' type='text/html' href='https://code.tjp.lol/pantograph.git/commit/?id=1beefefc69beee214430eb5bd2528a4f5692d2a8'/>
<id>urn:sha1:1beefefc69beee214430eb5bd2528a4f5692d2a8</id>
<content type='text'>
Replace all references to the "system" layer with "base" to better reflect
its role as the foundational extension/tool layer in panto's hierarchy.
The layer hierarchy now consistently uses: project &gt; user &gt; base.

Includes:
- Update agent README and build.zig documentation
- Refactor tool registry and config module to support layered lookups
- Add TestHarness abstraction for cleaner test setup
- Improve JSON serialization with wire-encoded tool names
- Add glob pattern matching for tool/extension discovery
</content>
</entry>
</feed>
