Context
Follow-up to #865 / #1028 (shipped in #1029, v4.4.41). Tracks the one accepted residual from the dispatch-variety DENY arm: the "platform honors the exit-2 deny" leg is source-proven only, not exercised via a real-binary round-trip into live session-config.
This is an optional runtime-confidence check, NOT a blocker. The deny arm is opt-in (PACT_DISPATCH_VARIETY_MODE=deny; default warn), source-proven, and fail-safe (graceful warn-degrade if a deny is ever not honored).
What is already proven
- The gate emits the deny contract correctly —
test_dispatch_variety_deny_honor_probe.py is a non-mocked subprocess seam-integration: real subprocess.run([sys.executable, hook]) + real PACT_DISPATCH_VARIETY_MODE env read at import + isolated HOME with real on-disk session-context/team-config/task JSON. It asserts the exact contract the platform consumes: exit 2 + permissionDecision: deny + hookEventName: PreToolUse.
- The platform consumes that contract tool-agnostically — source-proven:
toolExecution.ts deny branch returns before tool.call(), no tool-name carve-out.
The residual (what this issue covers)
We have NOT run a real-binary round-trip: a live claude process, with a real session-config (CLAUDE_CONFIG_DIR) and PACT_DISPATCH_VARIETY_MODE=deny, attempting a genuinely-unstamped TaskUpdate dispatch-wiring write, and observing that the platform actually blocks the TaskUpdate.
Acceptance sketch
- Stand up an isolated
CLAUDE_CONFIG_DIR with a real team config + a Task B that is genuinely unstamped (metadata.variety absent) and linked via addBlockedBy.
- Launch a real
claude session with PACT_DISPATCH_VARIETY_MODE=deny.
- Drive the terminal dispatch-wiring
TaskUpdate (owner = a pact-specialist + addBlockedBy set).
- Assert: the TaskUpdate is blocked by the gate (not merely warned). Confirm the warn-default path is unaffected when the env-knob is unset.
Why optional
Bounded safe by: warn-default + opt-in deny + graceful warn-degrade. A consumer who never sets PACT_DISPATCH_VARIETY_MODE=deny sees no behavioral change. Closing #865/#1028 on the verified WARN-level enforcement is sound; this probe only upgrades the deny leg from source-proven to runtime-proven.
Context
Follow-up to #865 / #1028 (shipped in #1029, v4.4.41). Tracks the one accepted residual from the dispatch-variety DENY arm: the "platform honors the exit-2 deny" leg is source-proven only, not exercised via a real-binary round-trip into live session-config.
This is an optional runtime-confidence check, NOT a blocker. The deny arm is opt-in (
PACT_DISPATCH_VARIETY_MODE=deny; defaultwarn), source-proven, and fail-safe (graceful warn-degrade if a deny is ever not honored).What is already proven
test_dispatch_variety_deny_honor_probe.pyis a non-mocked subprocess seam-integration: realsubprocess.run([sys.executable, hook])+ realPACT_DISPATCH_VARIETY_MODEenv read at import + isolated HOME with real on-disk session-context/team-config/task JSON. It asserts the exact contract the platform consumes:exit 2+permissionDecision: deny+hookEventName: PreToolUse.toolExecution.tsdeny branch returns beforetool.call(), no tool-name carve-out.The residual (what this issue covers)
We have NOT run a real-binary round-trip: a live
claudeprocess, with a real session-config (CLAUDE_CONFIG_DIR) andPACT_DISPATCH_VARIETY_MODE=deny, attempting a genuinely-unstampedTaskUpdatedispatch-wiring write, and observing that the platform actually blocks the TaskUpdate.Acceptance sketch
CLAUDE_CONFIG_DIRwith a real team config + a Task B that is genuinely unstamped (metadata.varietyabsent) and linked viaaddBlockedBy.claudesession withPACT_DISPATCH_VARIETY_MODE=deny.TaskUpdate(owner = a pact-specialist +addBlockedByset).Why optional
Bounded safe by: warn-default + opt-in deny + graceful warn-degrade. A consumer who never sets
PACT_DISPATCH_VARIETY_MODE=denysees no behavioral change. Closing #865/#1028 on the verified WARN-level enforcement is sound; this probe only upgrades the deny leg from source-proven to runtime-proven.