feat(desktop): pin persona config to agent record at create#945
Merged
wpfleger96 merged 1 commit intoJun 18, 2026
Merged
Conversation
wpfleger96
force-pushed
the
wpfleger/persona-instantiation
branch
from
b7475b7 to
45b0782
Compare
wpfleger96
added a commit
that referenced
this pull request
Jun 11, 2026
…Body PersonaEventContent is the public struct serialized in kind:30175 events. PR #939 removed env_vars from it (secrets must not travel in plaintext events). This commit removes the re-addition from #945 and instead carries env_vars in PersonaEngramBody, which is NIP-44 encrypted inside the agent's mem/persona engram. Co-authored-by: Will Pfleger <wpfleger@block.xyz> Signed-off-by: Will Pfleger <wpfleger@block.xyz>
wpfleger96
added a commit
that referenced
this pull request
Jun 11, 2026
…Body PersonaEventContent is the public struct serialized in kind:30175 events. PR #939 removed env_vars from it (secrets must not travel in plaintext events). This commit removes the re-addition from #945 and instead carries env_vars in PersonaEngramBody, which is NIP-44 encrypted inside the agent's mem/persona engram. Co-authored-by: Will Pfleger <wpfleger@block.xyz> Signed-off-by: Will Pfleger <wpfleger@block.xyz>
wpfleger96
force-pushed
the
wpfleger/persona-instantiation
branch
from
4ef566d to
aa4c16b
Compare
wpfleger96
force-pushed
the
wpfleger/persona-events
branch
from
817e596 to
5952ae5
Compare
wpfleger96
force-pushed
the
wpfleger/persona-instantiation
branch
3 times, most recently
from
adb48c0 to
82be04e
Compare
wpfleger96
force-pushed
the
wpfleger/persona-events
branch
from
9b8924a to
6c2e650
Compare
wpfleger96
force-pushed
the
wpfleger/persona-instantiation
branch
from
82be04e to
0d573c2
Compare
wpfleger96
changed the title
wpfleger96
force-pushed
the
wpfleger/persona-instantiation
branch
2 times, most recently
from
e3fd35e to
e031707
Compare
wpfleger96
force-pushed
the
wpfleger/persona-events
branch
2 times, most recently
from
289bfc2 to
2fb370f
Compare
wpfleger96
force-pushed
the
wpfleger/persona-instantiation
branch
2 times, most recently
from
d750cce to
58f60d2
Compare
wpfleger96
force-pushed
the
wpfleger/persona-events
branch
from
e6a44d7 to
7c98207
Compare
wpfleger96
force-pushed
the
wpfleger/persona-instantiation
branch
from
58f60d2 to
46d50c5
Compare
Persona-created agents previously re-read the live persona catalog at every spawn, so a template edit silently changed running agents on restart. Snapshot the persona's system_prompt/model/provider/env_vars plus its content hash onto ManagedAgentRecord at create, and switch the spawn and provider-deploy call sites to read that snapshot. Restart reuses the record so it stays pinned; delete+respawn re-runs create and rewrites the snapshot. env_vars are pinned too — without that, persona credential edits would leak into a running agent on restart. The shared resolve_effective_prompt_model_provider body is left intact: its summary and ModelPicker callers intentionally read the live persona, so only the spawn/deploy call sites move to the snapshot. The Agents menu gets a drift indicator: build_managed_agent_summary compares the record's pinned source_version against the persona's current hash. A deleted persona is orphaned (never out-of-date, since there is nothing to respawn into). The summary now displays the pinned snapshot — what the agent actually runs — so the badge never contradicts the fields beside it. The mem/persona engram and fleet-update subsystem are removed: with the record authoritative, fleet-update became a self-referential write loop nothing read at spawn. Deletes fleet_update.rs, its launch and persona-save triggers, the engram-at-creation write, and the engram-only helpers in persona_events. The public persona catalog primitives (#939) are untouched — they remain the source the record snapshots from. Pre-existing agents are backfilled from the live persona once at launch, logging loudly if the linked persona is gone. Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
wpfleger96
force-pushed
the
wpfleger/persona-instantiation
branch
from
46d50c5 to
72513e9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Persona-created agents previously re-read the live persona catalog at every spawn, so editing a persona template silently changed running agents on restart. This makes the agent record the authoritative source for spawn config: the persona's
system_prompt,model,provider, andenv_vars(plus its content hash) are snapshotted ontoManagedAgentRecordat create time, and the spawn and provider-deploy paths read that snapshot instead of the live catalog.The result is the semantics Will specified:
env_varsare pinned alongside the other fields — without that, a persona credential edit (e.g.ANTHROPIC_API_KEY) would leak into a running agent on restart.Spawn read-path
The shared
resolve_effective_prompt_model_providerbody is left intact — itsbuild_managed_agent_summaryandModelPickercallers intentionally read the live persona. Only thespawn_agent_childandbuild_deploy_payloadcall sites move to the record snapshot. ModelPicker model-discovery stays live-read; it enumerates available models for the dropdown, not the running agent's config.Drift indicator
build_managed_agent_summarycompares the record's pinnedpersona_source_versionagainst the linked persona's currentpersona_content_hash:The summary displays the pinned snapshot (what the agent actually runs), so the badge never contradicts the fields beside it.
Dead-code removal
With the record authoritative, the
mem/personaengram and fleet-update subsystem became a self-referential write loop nothing read at spawn. Removed:fleet_update.rs, its launch and persona-save triggers, the engram-at-creation write, and the engram-only helpers inpersona_events. The public persona catalog primitives (build_persona_event,persona_from_event,PersonaEventContent) from #939 are untouched — they remain the source the record snapshots from.Migration
Pre-existing persona agents are backfilled from the live persona once at launch (before restore), logging loudly if the linked persona is gone so an agent never silently spawns from an empty snapshot.
Stack: #939 → this PR