Skip to content

Commit ce0d8e6

Browse files
committed
M2+M3: context health, scope budget, extension explain, MCP trust, subagent review+cost
Adds acceptance tests, CLI commands, lint fixes, and test fixes (4486 pass, 0 fail). Fixes JSON parsing fallback for providers without response_format support. Constraint: backward-compatible, existing tests unchanged Tested: 4486 tests pass, 6 skipped (legitimate), 0 failed, ruff lint+format clean Confidence: high
1 parent 6a0c472 commit ce0d8e6

45 files changed

Lines changed: 4229 additions & 243 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
---
2+
name: Roadmap Task
3+
about: Track a roadmap work item
4+
labels: roadmap
5+
---
6+
## Description
7+
8+
<!-- What is this task? Provide a brief summary of the work item. -->
9+
10+
## Rationale
11+
12+
<!-- Why is this task needed? What problem does it solve or what value does it add? -->
13+
14+
## Acceptance Criteria
15+
16+
<!-- What must be true for this task to be considered complete? Use checkboxes where possible. -->
17+
18+
- [ ] Criterion 1
19+
- [ ] Criterion 2
20+
- [ ] Criterion 3
21+
22+
## Dependencies
23+
24+
<!-- List any dependencies such as other roadmap items, ADRs, or external systems. -->
25+
26+
| Dependency | Status | Notes |
27+
|------------|--------|-------|
28+
| | | |
29+
30+
## Risk / Confidence
31+
32+
<!-- Assess the risk and confidence level for this task. -->
33+
34+
- **Risk:** Low / Medium / High
35+
- **Confidence:** Low / Medium / High
36+
- **Unknowns:** <!-- What is still unknown? -->
37+
38+
## Verification Steps
39+
40+
<!-- How will this task be verified as complete? Describe tests, checks, or evidence. -->
41+
42+
1.
43+
2.
44+
3.

docs/acceptance.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ acceptance flow writes the user TUI state file. In sandboxed environments, run
3030
them with permission to bind localhost ports and write the TeaAgent state
3131
directory.
3232

33-
**Current acceptance test count: `446 passed`** (P0+P1+P2 streams finalized)
33+
**Current acceptance test count: `574 passed`** (P0+P1+P2 streams finalized)
3434

3535
## Acceptance Flows
3636

@@ -88,6 +88,7 @@ directory.
8888
| `test_subagent_container_isolation_flow.py` | Subagent container isolation | `isolation=container` uses a gitignore-respecting workspace snapshot, records `container_path` in lineage, and cleans up after completion |
8989
| `test_context_pack_read_only_flow.py` | Read-only context pack | Preflight returns read-only `context_pack` with hybrid/knowledge/GraphQLite hits when indexed; read-only runs still block workspace writes |
9090
| `test_context_compaction_slo_flow.py` | Context compaction latency SLO | Traffic-light zoning (green 0-75%, yellow 75-92%, red 92%+), should_compact thresholds, CompactionResult preserves recent observations, compaction latency < 100ms SLO |
91+
| `test_context_health_score_flow.py` | Context-health score | ContextHealthScore model, signal helpers (token pressure, memory confidence), compute_context_health() integration with traffic-light overall and recommendations |
9192
| `test_skill_install_flow.py` | Skill discovery and injection | Skill discovery, prompt injection, multi-skill loading, project override precedence, model-decision prompt wiring |
9293
| `test_ultrawork_flow.py` | Long-running worker | Worker start, list, show, log tail, and stop lifecycle |
9394
| `test_vscode_extension_mcp_boot_flow.py` | VSCode MCP boot flow | Extension manifest command contribution, source command wiring for MCP HTTP server, permission mode enum parity |

docs/generated/docs-inventory.md

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ Do not edit this file manually — regenerate instead.
1010

1111
| Path | Bytes | SHA256 (12) |
1212
| --- | ---: | --- |
13-
| `acceptance.md` | 19475 | `79005f0f17e7` |
13+
| `acceptance.md` | 19702 | `fbd410e3dca5` |
1414
| `adr/0001-p0-framework.md` | 3225 | `d0666420a497` |
1515
| `adr/0002-p1-primitives.md` | 2877 | `d50c03f403a6` |
1616
| `adr/0003-p2-code-mode-sandbox.md` | 3153 | `594b44eb1569` |
@@ -36,7 +36,7 @@ Do not edit this file manually — regenerate instead.
3636
| `adr/0023-strict-plan-before-write-enforcement.md` | 10868 | `70ea111dbb4e` |
3737
| `adr/0024-automated-memory-invalidation.md` | 10756 | `51a354b37c7f` |
3838
| `adr/0025-chat-session-controller-unification.md` | 5376 | `d5c7fec428f1` |
39-
| `adr/README.md` | 7139 | `44c7b99563ff` |
39+
| `adr/README.md` | 6552 | `83d807309b2d` |
4040
| `agent-mode-operator-guide.md` | 2778 | `25b258ab7bfe` |
4141
| `analysis/active-findings-status-ledger-2026-06-06.md` | 4784 | `b3c1f63836b3` |
4242
| `analysis/agent-competitive-risks-2026-05-31.md` | 10235 | `6eff7629ff64` |
@@ -191,20 +191,20 @@ Do not edit this file manually — regenerate instead.
191191
| `governance/daily-driver-review-checklist-2026-06-02.md` | 960 | `107656b04f20` |
192192
| `governance/do-not-claim.md` | 5155 | `d1b45294a961` |
193193
| `governance/doc-maintenance-policy-2026-06-02.md` | 2315 | `08509c53c280` |
194-
| `governance/doc-taxonomy-and-ownership.md` | 8711 | `d51b385809c9` |
194+
| `governance/doc-taxonomy-and-ownership.md` | 6845 | `ea885921b5df` |
195195
| `governance/document-state-model.md` | 5707 | `a9ad3ae9a759` |
196196
| `governance/documentation-audit-cadence-2026-06-06.md` | 2238 | `606fa5e32f98` |
197197
| `governance/documentation-operating-model-2026-06-04.md` | 6724 | `6c6525cc9ed1` |
198198
| `governance/evidence-to-principle-policy.md` | 2848 | `097155e72cf6` |
199-
| `governance/guarded-claims-registry.md` | 7524 | `1a35fb1599c9` |
199+
| `governance/guarded-claims-registry.md` | 4598 | `5dd375f30589` |
200200
| `governance/integration-contracts.md` | 2516 | `9c09d10f0160` |
201201
| `governance/prompt-injection-trust-boundaries.md` | 1911 | `5ede3cd7d919` |
202-
| `governance/README.md` | 8561 | `8494d0e74e43` |
202+
| `governance/README.md` | 8198 | `11c5a13d3ca5` |
203203
| `governance/release-channel-sot.md` | 9458 | `60117f556e23` |
204-
| `governance/release-process.md` | 8512 | `7ac7ba534014` |
204+
| `governance/release-process.md` | 4635 | `6aacb0880e4b` |
205205
| `governance/risk-issue-roadmap-workflow.md` | 6183 | `4dee78c7a167` |
206206
| `governance/security-standards.md` | 7747 | `fcdf36df8285` |
207-
| `governance/standards.md` | 15267 | `f4b992dbd2c0` |
207+
| `governance/standards.md` | 9573 | `bbf0fa146cb2` |
208208
| `governance/testing-standards.md` | 5818 | `15a44e1078db` |
209209
| `governance/trust-and-audit-whitepaper.md` | 4920 | `641758c5382d` |
210210
| `graphqlite-production.md` | 5127 | `6426aec5caf9` |
@@ -233,7 +233,7 @@ Do not edit this file manually — regenerate instead.
233233
| `implementation/daily-driver-fix-log.md` | 978 | `474648b41793` |
234234
| `implementation/fix-log-2026-06-02.md` | 8520 | `21239812e63e` |
235235
| `INDEX.md` | 16749 | `de7c25233709` |
236-
| `maturity-matrix.md` | 7584 | `8b925574c609` |
236+
| `maturity-matrix.md` | 6020 | `46d130f96165` |
237237
| `migration-top-level-api.md` | 1505 | `2ba32dedee5a` |
238238
| `model-capability-matrix.md` | 4640 | `a5f83e814136` |
239239
| `modules/approval_manager/api.md` | 3901 | `4556a310e911` |
@@ -438,7 +438,7 @@ Do not edit this file manually — regenerate instead.
438438
| `reviews/project-state-critical-questioning-2026-06-04.md` | 7340 | `78b9b54c3a9c` |
439439
| `reviews/security-risk-assessment-2026-06-02.md` | 24112 | `4c9e2e00d001` |
440440
| `reviews/seven-control-loops-critical-questioning-2026-06-05.md` | 7531 | `ae1e34b8369d` |
441-
| `roadmap-status.md` | 19712 | `ada5accea615` |
441+
| `roadmap-status.md` | 19881 | `b0e8bb393908` |
442442
| `run-evidence-and-audit-guide.md` | 1980 | `97b527c850b1` |
443443
| `security-whitepaper.md` | 9691 | `d65a19a755cb` |
444444
| `security/approval-abuse-cases-2026-06-02.md` | 1281 | `4c43296d1c66` |

docs/governance/do-not-claim.md

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
# Do Not Claim
2+
# 2026-06-06
3+
4+
> **Claim class:** Current truth for what TeaAgent explicitly does not provide.
5+
>
6+
> **Purpose:** Prevent documentation, release notes, or public messaging from
7+
> claiming capabilities that are intentionally unsupported. Backlog items and
8+
> roadmap rows must not promise what this document lists as a non-claim.
9+
>
10+
> **Review trigger:** Any release note, README change, roadmap row addition, or
11+
> public-facing claim that might over-promise.
12+
>
13+
> **Related:** [When Not to Use TeaAgent](../guides/when-not-to-use-teaagent.md)
14+
> honest non-fit guidance for users choosing a tool.
15+
> [Remote multi-agent non-goals](../strategy/remote-multi-agent-non-goals-2026-06-06.md)
16+
> subagent and federation non-goals for Phase 0/1.
17+
18+
---
19+
20+
Each row is a **non-claim**: something TeaAgent does not do, is not, or
21+
intentionally does not support. If a new capability ships that reverses a
22+
non-claim, the row must be removed from this document and linked exit evidence
23+
must exist.
24+
25+
### Product Identity
26+
27+
| Non-claim | Rationale | Reference |
28+
|---|---|---|
29+
| **Generic IDE agent clone** | TeaAgent is a governance-first harness, not a feature-matched clone of Cursor, Copilot, or Windsurf. | [README](../../README.md), [When Not to Use](../guides/when-not-to-use-teaagent.md) |
30+
| **Hosted cloud delegate** | No multi-tenant SaaS offering. Users operate the runner, storage, and keys locally or in their CI. | [README](../../README.md), [When Not to Use](../guides/when-not-to-use-teaagent.md#hosted-cloud-delegation) |
31+
32+
### Execution Model
33+
34+
| Non-claim | Rationale | Reference |
35+
|---|---|---|
36+
| **Keystroke-level autocomplete** | TeaAgent orchestrates multi-step tool loops, not tab-complete suggestions. | [When Not to Use](../guides/when-not-to-use-teaagent.md#instant-autocomplete-only) |
37+
| **Zero-config / zero-permission tool** | Permission modes, audit paths, and approval queues are governance features. Setup expects deliberate choices. | [When Not to Use](../guides/when-not-to-use-teaagent.md#zero-config-beginners) |
38+
| **"Set issue and forget" product management** | Human approval, budgets, and audit are intentional brakes — not bugs to bypass. | [When Not to Use](../guides/when-not-to-use-teaagent.md#set-issue-and-forget-product-management) |
39+
| **CI/CD system** | TeaAgent can run in CI, but is not itself a pipeline orchestrator or build system. | [Architecture](../../README.md#architecture) |
40+
41+
### Enterprise Readiness
42+
43+
| Non-claim | Rationale | Reference |
44+
|---|---|---|
45+
| **SOC 2 / ISO 27001 certified** | Architecture supports evidence collection; certification and hosted enterprise packaging are organizational/roadmap items, not shipped OSS defaults. | [When Not to Use](../guides/when-not-to-use-teaagent.md#enterprise-procurement-without-engineering-evaluation) |
46+
| **Daemon or service** | TeaAgent is not a daemon. To expose it as a service, users supply their own process supervisor. | [Deployment Guide](../ops/deployment-guide.md) |
47+
48+
### Safety and Review
49+
50+
| Non-claim | Rationale | Reference |
51+
|---|---|---|
52+
| **Replacement for human code review** | The [code-review-checklist](code-review-checklist.md) defines required human review gates. Approval policies assist, not replace, operator judgment. | [Code Review Checklist](code-review-checklist.md), [Standards](standards.md) |
53+
| **Zero-risk operation** | TeaAgent makes agent actions **provable**, not risk-free. Trust model accepts residual risk with observable boundaries. | [Trust and Audit Whitepaper](trust-and-audit-whitepaper.md) |
54+
55+
### Multi-Agent and Federation
56+
57+
| Non-claim | Rationale | Reference |
58+
|---|---|---|
59+
| **Cryptographic peer identity** | `agent_id` is a string; forgeable. Ed25519 identity and signed approvals are future work (SEC-NEW1). | [Remote multi-agent non-goals](../strategy/remote-multi-agent-non-goals-2026-06-06.md) |
60+
| **Remote approval orchestration** | Approval queues are local/file-backed. Durable coordination abstraction is future work (WS2-005). | [Remote multi-agent non-goals](../strategy/remote-multi-agent-non-goals-2026-06-06.md) |
61+
| **Federated trust by URL/name alone** | MCP trust is anchored to operator config, not PKI. | [Remote multi-agent non-goals](../strategy/remote-multi-agent-non-goals-2026-06-06.md) |
62+
| **Unbounded subagent batches** | Batch timeout/cancel is incomplete. | [Remote multi-agent non-goals](../strategy/remote-multi-agent-non-goals-2026-06-06.md) |
63+
64+
### Vendor and Ecosystem
65+
66+
| Non-claim | Rationale | Reference |
67+
|---|---|---|
68+
| **Bound to one IDE or model family** | TeaAgent supports multiple providers (14 adapters), MCP, ACP, and CLI/TUI surfaces. It is not a single-IDE or single-model product. | [README](../../README.md), [Competitor comparison](../analysis/competitor-self-comparison-matrix-2026-06-06.md) |
69+
70+
---
71+
72+
## Supersession Rule
73+
74+
If a capability listed above ships with acceptance tests and stable docs,
75+
remove the row from this document. Do not move it to a "formerly not" section.
76+
The absence from this list is the claim.
77+
78+
## Verification
79+
80+
```bash
81+
# Check that no release note or README draft claims a non-claim
82+
python3 scripts/validate_docs_consistency.py
83+
```

0 commit comments

Comments
 (0)