Generated: 2026-06-02 | Reviewed: 2026-06-04 | 28 modules | 103 files in this directory
Supersession note, 2026-06-04: this file remains the module documentation front door, but its risk summary is a generated risk inventory, not current closure truth. For current user-facing status, use Daily-Driver Current Status. For the current documentation-state review and consolidation plan, use Documentation State Review and Documentation Optimization Master Plan.
┌─────────────────────────────────────┐
│ cli │
│ (entry point for all user commands) │
└──────────┬──────────────────────────┘
│
┌────────────────────┼────────────────────┐
▼ ▼ ▼
┌─────────┐ ┌──────────┐ ┌──────────┐
│ runner │ │ tui │ │ chat_ │
│ (agent │ │(terminal │ │ session_ │
│ loop) │ │ UI) │ │controller│
└────┬────┘ └────┬─────┘ └────┬─────┘
│ │ │
└──────────────────┼─────────────────────┘
│ uses
┌──────────────────────┼────────────────────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ tools │ │ llm │ │ audit │
│(registry)│ │(adapters)│ │(logging) │
└────┬─────┘ └────┬─────┘ └────┬─────┘
│ │ │
▼ ▼ ▼
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│workspace_ │ │ streaming │ │ governance │
│ tools │ │ (events) │ │(plan gate, │
└──────────────┘ └──────────────┘ │ policy) │
└──────────────┘
│ │
▼ ▼
┌──────────┐ ┌──────────┐
│ hooks │ │ approval │
│(lifecycle│ │ manager │
│ gates) │ │ │
└──────────┘ └──────────┘
│ │
▼ ▼
┌──────────┐ ┌──────────┐
│ context │ │ budget │
│(compaction│ │ monitor │
│ /session) │ │ │
└──────────┘ └──────────┘
│
├──────────────┬──────────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ subagents│ │ skills │ │ mcp │
│(parallel │ │(executor │ │(client & │
│ runs) │ │ /router) │ │ server) │
└──────────┘ └──────────┘ └──────────┘
│ │
▼ ▼
┌──────────┐ ┌──────────┐
│ sandbox │ │ memory │
│ (git/OS/ │ │(catalog/ │
│ VFS) │ │ catalog) │
└──────────┘ └──────────┘
| Module | Layer | Purpose | Files |
|---|---|---|---|
| runner | Core | Agent execution loop, approval, plan validation | spec · inspection · risks · api |
| llm | Core | Provider-agnostic LLM adapters (Claude, OpenAI, Gemini) | spec · inspection · risks · api |
| tools | Core | Tool registry, schema validation, hook dispatch | spec · inspection · risks · api |
| hooks | Core | 8-event hook lifecycle, veto mechanism | spec · inspection · risks · api |
| audit | Core | Tamper-evident JSONL audit log with SHA-256 hash chain | spec · inspection · risks · api |
| governance | Core | Plan gate, policy enforcement, tool linting | spec · inspection · risks · api |
| approval_manager | Core | JIT approvals, presets, multi-sig quorum | spec · inspection · risks · api |
| policy | Core | Permission mode policy definitions, write gates | spec |
| context | Core | Context compaction, session state, pub/sub bus | spec · inspection · risks · api |
| streaming | Core | Audit-to-stream event mapping, progress display | spec · inspection · risks · api |
| budget | Core | Cost tracking, budget enforcement | spec · inspection · risks · api |
| config | Core | Configuration loading, schema, env resolution | spec |
| errors | Core | Error hierarchy, ErrorCategory enum, exception types | spec |
| cli | Interface | CLI entry point, argparse dispatch, all commands | spec · inspection · risks · api |
| tui | Interface | Textual TUI for interactive chat | spec · inspection · risks · api |
| chat_agent | Interface | Chat agent state machine and LLM dispatch | spec · inspection · risks · api |
| chat_session_controller | Interface | Stateful chat session: history, cost, tools | spec · inspection · risks · api |
| workspace_tools | Tools | File, git, shell tools for workspace | spec · inspection · risks · api |
| subagents | Execution | Sub-agent lifecycle, isolation, approval queue | spec · inspection · risks · api |
| sandbox | Execution | Git branch, OS, VFS, Docker isolation | spec · inspection · risks · api |
| skills | Extension | Skill discovery, routing, sandboxed execution | spec · inspection · risks · api |
| mcp | Extension | MCP client/server, trust management | spec · inspection · risks · api |
| external_backends | Extension | External backend adapters (GraphQL, OAuth, WASM) | spec |
| memory | Storage | Memory catalog, pinned files, failure cards | spec · inspection · risks · api |
| context_pack | Core | Context packing and semantic compression | spec · risks |
| pinned_file | Storage | Pinned file watching, path validation | spec · risks |
| git_sandbox | Execution | Git branch sandboxing, stash, rollback | spec · risks |
| run_store | Core | Persistent run storage, replay, audit | spec · inspection · risks |
| Layer | Description |
|---|---|
| Core | Foundational — all other modules depend on these |
| Interface | User-facing — CLI, TUI, chat sessions |
| Tools | Workspace interaction — filesystem, git, shell |
| Execution | Run isolation — subagents, sandboxing |
| Extension | Plugin points — skills, MCP |
| Storage | Persistence — memory, audit, session |
| Risk ID | Module | Severity | Description |
|---|---|---|---|
| AUD-R-001 | audit | High | L3 stores plaintext credentials |
| AUD-R-002 | audit | Medium | Regex redaction incomplete |
| AUD-R-004 | audit | Medium | hmac.new() deprecated in Python 3.14 |
| HOOK-R-001 | hooks | High | Hook registration not thread-safe |
| HOOK-R-003 | hooks | Medium | run_tests_hook raises HookError as post-hook |
| MCP-R-001 | mcp | Critical | MCP tool injection from untrusted server |
| APR-R-003 | approval_manager | Critical | DANGER_FULL_ACCESS bypasses all approval |
| SAN-R-001 | sandbox | High | Git sandbox unavailable in detached HEAD |
| WST-R-003 | workspace_tools | High | Shell command injection if shell=True |
| GOV-R-001 | governance | Critical | DANGER_FULL_ACCESS bypasses plan gate |
| SKL-R-001 | skills | High | Native skill runs in same process (no isolation) |
| LLM-R-008 | llm | Medium | No timeout on streaming connections |
| RUN-R-001 | runner | High | Policy override in auto mode — approval policy mutated in-place and never restored after auto mode exits |
| RUN-R-002 | runner | Medium | Bare exception swallowing in run loop — programming errors silently become failed:SYSTEM |
| SBA-R-001 | subagents | High | Path traversal in isolation session keys — no length cap on def_name segment |
| SBA-R-002 | subagents | High | Directory-snapshot workspace copy exposes .env/secrets if not gitignored |
| SBA-R-006 | subagents | High | Deadlock risk from nested asyncio._lock inside threading._sync_lock |
| MEM-R-001 | memory | Closed | Historical duplicate MemoryCatalog implementation; memory_legacy.py now re-exports memory.catalog |
| MEM-R-002 | memory | Medium | Windows data corruption — no cross-process locking, concurrent writes can corrupt memory.jsonl |
| MEM-R-003 | memory | Closed | Historical non-atomic rewrites; delete_by_branch/delete_by_run_id now use atomic replacement |
| BUD-R-002 | budget | Medium | Over-budget execution — on_prompt returning False does not halt run if caller ignores return value |
The older memory-derived bug list has been superseded by later status and project-state reviews. Use these current front doors instead of this generated index when deciding whether an issue is still active:
- Daily-Driver Current Status
- Daily-Driver Review Package Index
- Total Review Index
- Ticket Execution Plans
Each module directory contains:
spec.md— Behavior contract, invariants, state machinesinspection.md— Purpose, dependencies, call graph, entry pointsrisks.md— Risk vectors, failure modes, file:line referencesapi.md— Public API with pre/post conditions, data models
Generated by multi-agent documentation sweep, 2026-06-02. Verify against source before acting on specific line references.