llm-integration-is-bounded-fail-soft-and-process-isolated

OUT derived (depth 3)

LLM integration achieves three independent safety properties across all modules: execution bounds (iteration caps and timeouts), fail-soft error handling (always returns usable results on failure), and process isolation (subprocess invocation with CLAUDECODE environment stripping to prevent recursive entry)

Summary

LLM integration across the system maintains three independent safety guardrails: operations are bounded so they cannot run forever, failures degrade gracefully instead of crashing, and the model is invoked in an isolated subprocess that strips environment variables to prevent accidentally spawning itself recursively. This belief is currently retracted, meaning one or more of those safety properties may no longer hold as described.

Justifications

SL — Bounded fail-soft execution combined with subprocess isolation yields defense-in-depth for all LLM interactions

Antecedents (all must be IN):

  • all-llm-interactions-are-bounded-and-fail-soft — All LLM-facing operations apply consistent defensive patterns across both interactive (ask) and batch (derive) paths: bounded execution (iteration caps, timeout handling), fail-soft error recovery (fallback to raw results or skipped proposals), and environment isolation (stripping recursive invocation variables).
  • ask-strips-claudecode-env — `_invoke_claude` removes the `CLAUDECODE` environment variable to prevent recursive invocation when running inside Claude Code.
  • derive-strips-claudecode-env — `_derive_one_round` explicitly removes the `CLAUDECODE` environment variable before spawning the model subprocess, preventing recursive Claude Code invocation.

Dependents

These beliefs depend on this one:

Details