Skip to content

Optional: live-config round-trip probe for the dispatch-variety DENY-honor leg (follow-up to #865/#1028) #1030

Description

@michael-wojcik

Context

Follow-up to #865 / #1028 (shipped in #1029, v4.4.41). Tracks the one accepted residual from the dispatch-variety DENY arm: the "platform honors the exit-2 deny" leg is source-proven only, not exercised via a real-binary round-trip into live session-config.

This is an optional runtime-confidence check, NOT a blocker. The deny arm is opt-in (PACT_DISPATCH_VARIETY_MODE=deny; default warn), source-proven, and fail-safe (graceful warn-degrade if a deny is ever not honored).

What is already proven

  • The gate emits the deny contract correctlytest_dispatch_variety_deny_honor_probe.py is a non-mocked subprocess seam-integration: real subprocess.run([sys.executable, hook]) + real PACT_DISPATCH_VARIETY_MODE env read at import + isolated HOME with real on-disk session-context/team-config/task JSON. It asserts the exact contract the platform consumes: exit 2 + permissionDecision: deny + hookEventName: PreToolUse.
  • The platform consumes that contract tool-agnostically — source-proven: toolExecution.ts deny branch returns before tool.call(), no tool-name carve-out.

The residual (what this issue covers)

We have NOT run a real-binary round-trip: a live claude process, with a real session-config (CLAUDE_CONFIG_DIR) and PACT_DISPATCH_VARIETY_MODE=deny, attempting a genuinely-unstamped TaskUpdate dispatch-wiring write, and observing that the platform actually blocks the TaskUpdate.

Acceptance sketch

  1. Stand up an isolated CLAUDE_CONFIG_DIR with a real team config + a Task B that is genuinely unstamped (metadata.variety absent) and linked via addBlockedBy.
  2. Launch a real claude session with PACT_DISPATCH_VARIETY_MODE=deny.
  3. Drive the terminal dispatch-wiring TaskUpdate (owner = a pact-specialist + addBlockedBy set).
  4. Assert: the TaskUpdate is blocked by the gate (not merely warned). Confirm the warn-default path is unaffected when the env-knob is unset.

Why optional

Bounded safe by: warn-default + opt-in deny + graceful warn-degrade. A consumer who never sets PACT_DISPATCH_VARIETY_MODE=deny sees no behavioral change. Closing #865/#1028 on the verified WARN-level enforcement is sound; this probe only upgrades the deny leg from source-proven to runtime-proven.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions