Skip to content

Commit d736a1b

Browse files
johnteeeclaude
andcommitted
fix: enforce explicit permission-mode precedence (V8) and land 2026-06-12 governance batch
Permission-mode precedence (V8, P0): - Explicit --permission-mode is never overridden by workspace config: demotion (config read-only over explicit prompt) and escalation (config allow over explicit prompt) both blocked, repro-verified - Shared _UNSET sentinel across all 11 parser sites (9 converted to sentinel; 2 intentional read-only defaults kept); sentinel-aware merges in apply_config_defaults and apply_workspace_defaults_to_namespace; _finalize_permission_mode() in main() prevents sentinel leaks - Precedence now: explicit CLI > workspace config > built-in default - Bidirectional integration tests in tests/integration/test_config_loader.py Governance hardening: - Agent contribution contract (V4-a/c/d): docs/agent-contribution-contract.md plus CI gate via scripts/check_agent_contribution_contract.py; no self-service bypass (bypass attempts are critical errors), fixture-tested - ADR 0031: shadow-mode exit criteria with expiry 2026-09-12 (V3-a) - Fix half-finished rename in runner/_core.py that raised NameError on the destructive-tool approval path (failed:system instead of pending_approval) - Correct acceptance count to pytest-collected truth: 646 (was 648/643 drift) - Roadmap/compliance/ADR-index doc updates; regenerated docs inventory Review record: - docs/analysis/intent-verification-delta-2026-06-12.md records the six-pass verification delta (intent re-derivation, ledger verification, findings V1-V9, work list) Constraint: explicit CLI permission mode must always win over workspace config; config still applies when the flag is not given; no behavior change for non-permission config keys Tested: acceptance tier 646/646, smoke 200/200, first-hour e2e + config-loader + governance-compliance 68 passed, docs validator 0 errors, ruff check+format clean, mypy clean (1004 files), escalation/demotion repro both blocked Not-tested: full unit suite (historically resource-limited here; smoke+acceptance tiers used per WDG-002), CI execution of the new contract gate on GitHub Confidence: high Agent: Claude Code (parallel-agent contributions reviewed and integrated) Agent-Session: six-pass reflective review, 2026-06-12 Roadmap-Status: updated Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
1 parent e2e8317 commit d736a1b

19 files changed

Lines changed: 1126 additions & 32 deletions

.github/workflows/ci.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -216,6 +216,12 @@ jobs:
216216
echo "Comparing test assertions against base: $BASE"
217217
python3 scripts/check_test_assertion_regression.py --base "$BASE"
218218
219+
- name: Agent contribution contract gate (V4-a)
220+
# Validates agent-authored commits comply with contribution contract.
221+
# NO SELF-SERVICE BYPASS: Agents cannot bypass their own governance gate (V4-c fix).
222+
# Manual bypass requires human intervention via GitHub UI only.
223+
run: python3 scripts/check_agent_contribution_contract.py --commit HEAD
224+
219225
governance-gate:
220226
runs-on: ubuntu-latest
221227
# Run after lint passes, before package build

docs/acceptance.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ acceptance flow writes the user TUI state file. In sandboxed environments, run
4242
them with permission to bind localhost ports and write the TeaAgent state
4343
directory.
4444

45-
**Current acceptance test count: `648 passed`** (pytest-collected guard target; suite summary at `docs/generated/suite-summary.json`, 2026-06-12)
45+
**Current acceptance test count: `646 passed`** (pytest-collected guard target)
4646

4747
Keep historical acceptance-count snapshots in dated analysis or roadmap docs.
4848
This file only owns the live guard target.
Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
# ADR 0031: Shadow Mode Exit Criteria
2+
3+
## Status
4+
5+
Proposed — 2026-06-12
6+
7+
**Expiry review:** 2026-09-12 (re-score whether policy/RBAC shadow mode should promote to enforce)
8+
9+
## Context
10+
11+
Sprint 2 wired policy engine and RBAC in shadow mode (log, don't enforce) as documented in:
12+
- `teaagent/governance/h4_integration.py` (policy shadow code)
13+
- `teaagent/runner/_approval_manager.py` (RBAC shadow code)
14+
- Roadmap H4 rows cite WDA-002/003
15+
16+
Shadow mode allows production observation without enforcement risk, but lacks clear exit criteria. Without defined evidence requirements and an expiry date, "wired" quietly becomes the new "implemented but unwired" — the exact failure mode WDA-006 was designed to prevent.
17+
18+
## Decision
19+
20+
**Define** the evidence required to promote policy/RBAC from shadow to enforce mode, with an expiry date for shadow status.
21+
22+
### Exit Criteria
23+
24+
Policy/RBAC may be promoted from shadow to enforce mode only when **all** of the following evidence is satisfied:
25+
26+
1. **Audit trail validation**: Shadow-mode logs show zero false positives over a 30-day production window
27+
- Evidence: Automated analysis of audit logs showing no blocked actions that should have been allowed
28+
- Test: `tests/acceptance/test_policy_as_code_flow.py` with enforce-mode fixture passes
29+
30+
2. **Coverage completeness**: All policy rules have corresponding acceptance tests
31+
- Evidence: Claim-to-test traceability matrix shows 100% coverage for policy/RBAC claims
32+
- Test: `tests/acceptance/test_claim_traceability.py` passes for policy/RBAC section
33+
34+
3. **Performance impact**: Enforcement overhead stays within SLO
35+
- Evidence: Benchmark shows <50ms median latency for policy checks
36+
- Test: Performance regression gate passes with policy enforcement enabled
37+
38+
4. **Human review**: Security and governance owners sign off on promotion
39+
- Evidence: ADR acceptance with owner signatures
40+
- Process: PR review with explicit "Approve shadow→enforce promotion" sign-off
41+
42+
5. **Rollback plan**: Documented rollback path to shadow mode if issues arise
43+
- Evidence: Runbook entry for disabling enforcement without data loss
44+
- Test: Rollback procedure validated in staging environment
45+
46+
### Expiry
47+
48+
Shadow status for policy/RBAC enforcement **expires on 2026-09-12**. On expiry:
49+
50+
- If exit criteria are met: Promote to enforce mode via this ADR acceptance
51+
- If exit criteria are not met: Either (a) extend shadow status with new ADR citing blocking evidence, or (b) revert shadow wiring and document gaps
52+
53+
### Implementation Steps for Promotion
54+
55+
When exit criteria are satisfied and expiry date is reached:
56+
57+
1. Update `teaagent/governance/h4_integration.py` to remove `shadow_mode=True` flag
58+
2. Update `teaagent/runner/_approval_manager.py` to enable RBAC enforcement
59+
3. Add acceptance test for enforce-mode behavior
60+
4. Update roadmap H4 rows to mark policy/RBAC as "enforce" status
61+
5. Accept this ADR with expiry date achieved
62+
63+
## Consequences
64+
65+
- Positive: Clear, evidence-based promotion path prevents "permanent shadow" anti-pattern
66+
- Positive: Expiry date forces explicit decision-making (promote, extend, or revert)
67+
- Negative: Requires additional validation work before enforcement can ship
68+
- Negative: May delay enforcement if exit criteria are difficult to satisfy
69+
70+
## References
71+
72+
- [Work Direction Decomposition (WDA-002/003)](../plans/work-direction-decomposition-2026-06-10.md)
73+
- [Intent Verification Delta (V3)](../analysis/intent-verification-delta-2026-06-12.md)
74+
- ADR 0029 (consensus validation deferral precedent)
75+
- `docs/architecture/control-loop-ownership-map-2026-06-11.md`

docs/adr/README.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ This directory contains all Architecture Decision Records (ADRs) for the TeaAgen
3232
| 0024 | Automated Memory Invalidation | Accepted and Implemented | 2026-05-29 | - |
3333
| 0025 | Shared ChatSessionController for Chat Surfaces | Accepted and Implemented | 2026-06-01 | 2026-06-04 13:18:00 +0800 |
3434
| 0029 | Consensus Validation Deferred Behind Approval Queue | Accepted | 2026-06-10 | 2026-12-10 (expiry review) |
35+
| 0031 | Shadow Mode Exit Criteria | Proposed | 2026-06-12 | 2026-09-12 (expiry review) |
3536

3637
## ADR Categories
3738

@@ -47,11 +48,13 @@ This directory contains all Architecture Decision Records (ADRs) for the TeaAgen
4748
- **0007**: ANP Adapter Boundary - External federation boundary
4849
- **0008**: P4 Strategic Posture - Storage, TLS, P2P auth posture
4950

50-
### Governance Hardening (0009, 0022-0024)
51+
### Governance Hardening (0009, 0022-0024, 0029, 0031)
5152
- **0009**: 5-Loop Governance System - Comprehensive governance loops
5253
- **0022**: Centralized Approval Queue for Subagents - Batch approval management
5354
- **0023**: Strict Plan-Before-Write Enforcement - Plan validation
5455
- **0024**: Automated Memory Invalidation - Memory hygiene
56+
- **0029**: Consensus Validation Deferred Behind Approval Queue - Consensus gate deferral
57+
- **0031**: Shadow Mode Exit Criteria - Policy/RBAC shadow→enforce promotion path
5558

5659
### Multi-Agent & Swarm (0019)
5760
- **0019**: Phase 4 - Federated Swarm Consensus & Peer Attestations - Swarm coordination
Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
# Agent Contribution Contract
2+
3+
> **Purpose:** Define the required gates and validation steps that any AI agent (Claude Code, Devin, subagent, or other harness) must pass before contributing to the TeaAgent repository.
4+
>
5+
> **Scope:** All automated commits to the TeaAgent repository, regardless of which agent harness authored them.
6+
>
7+
> **Status:** Active (V4-a, 2026-06-12)
8+
9+
## Problem Statement
10+
11+
The TeaAgent repository is now edited by multiple agent harnesses (Claude Code sessions, subagent lanes, Devin, plus the human owner). TeaAgent's product is agent governance, but its own contribution path had no agent-facing contract. This led to V1 (drift gate failure on main) where a false "verified" claim landed via a second AI agent.
12+
13+
## Required Pre-Commit Gates
14+
15+
Before any agent-authored commit can be made, the following validations must pass:
16+
17+
### 1. Docs Consistency Gate
18+
19+
**Command:** `python3 scripts/validate_docs_consistency.py --test-quality-mode off`
20+
21+
**Purpose:** Ensures documentation claims match runtime state and prevents drift.
22+
23+
**What it checks:**
24+
- Acceptance test count in `docs/acceptance.md` matches pytest collection
25+
- Provider counts are consistent across README, architecture.md, and runtime
26+
- Docs inventory is up to date
27+
- Suite summary freshness (WDB-004) if test counts are cited
28+
- Roadmap required fields are present
29+
- Risk register and ticket index evidence coverage
30+
31+
**Failure mode:** Gate exits non-zero; commit must not proceed.
32+
33+
### 2. Test Collection Gate
34+
35+
**Command:** `python3 -m pytest tests/acceptance --collect-only -q`
36+
37+
**Purpose:** Ensures the test suite is collectible (no import errors, missing dependencies).
38+
39+
**Failure mode:** Collection fails with import errors (e.g., missing `hypothesis` in system Python).
40+
41+
**Note:** The repo venv (`.venv/bin/python`) is preferred for consistency with docs gate.
42+
43+
### 3. Lint and Format Gate
44+
45+
**Commands:**
46+
```bash
47+
ruff check .
48+
ruff format --check .
49+
```
50+
51+
**Purpose:** Ensures code style consistency and catches common errors.
52+
53+
**Failure mode:** Non-zero exit from either command.
54+
55+
### 4. Type Check Gate
56+
57+
**Command:** `mypy teaagent/ tests/ --explicit-package-bases`
58+
59+
**Purpose:** Ensures type annotations are correct and complete.
60+
61+
**Failure mode:** Non-zero exit from mypy.
62+
63+
## Claim-Bearing Files Requiring Passing Gates
64+
65+
The following files contain governance-relevant claims and require a passing gate in the same commit that modifies them:
66+
67+
| File | Claim Type | Required Gate |
68+
|------|------------|---------------|
69+
| `docs/acceptance.md` | Acceptance test count | `test_docs_acceptance_count_accuracy.py` must pass |
70+
| `README.md` | Provider count, feature claims | Provider consistency validation must pass |
71+
| `docs/architecture.md` | Architecture claims, provider counts | Provider consistency validation must pass |
72+
| `docs/roadmap-status.md` | Roadmap claims, status values | Roadmap validation must pass |
73+
| `docs/governance-compliance.md` | Governance gate mappings | Docs consistency validation must pass |
74+
| `docs/generated/suite-summary.json` | Test suite results | Must be regenerated with current commit |
75+
76+
## Commit Trailer Requirements
77+
78+
Agent-authored commits should include the following trailers for traceability:
79+
80+
```
81+
Agent: <agent-name> (e.g., "Claude Code", "Devin", "subagent")
82+
Agent-Session: <session-id-or-context>
83+
Reviewed-by: <human-optional>
84+
```
85+
86+
Example:
87+
```
88+
fix: update acceptance test count to 646
89+
90+
Agent: Devin
91+
Agent-Session: cli-2026-06-12-001
92+
```
93+
94+
## CI Enforcement
95+
96+
The `use-case-matrix` job in `.github/workflows/ci.yml` runs the docs consistency gate as a required check. Branch protection rules must require this check to pass before merging to main.
97+
98+
## Emergency Override
99+
100+
**NO SELF-SERVICE BYPASS ALLOWED** (V4-c fix): Agents cannot bypass their own governance gate via trailers or environment variables. This prevents the exact failure mode the contract is designed to prevent.
101+
102+
In rare cases where a gate must be bypassed (e.g., fixing the gate itself):
103+
1. Human must temporarily disable the CI check via GitHub UI
104+
2. Commit with trailer: `Manual-bypass: <reason> <ticket-id>`
105+
3. Open a PR referencing the bypass
106+
4. Human review required before merge
107+
5. Re-enable CI check after merge
108+
109+
## Implementation Status
110+
111+
- ✅ Docs consistency gate exists and runs in CI
112+
- ✅ Test collection gate exists as acceptance count accuracy test
113+
- ✅ Lint/format/type check gates exist in CI
114+
- ✅ Agent contribution contract gate exists in CI (V4-a)
115+
- ✅ Anti-bypass enforcement implemented (V4-c) - no self-service bypass allowed
116+
- ✅ Fixture tests for contract gate (V4-d) - `tests/test_governance_compliance.py::TestAgentContributionContract`
117+
- ✅ Python interpreter preference (venv over system) for consistency (third-pass fix)
118+
- ✅ Auto-regenerate docs inventory to avoid staleness from multi-agent concurrent edits (third-pass fix)
119+
- ⚠️ Branch protection enforcement requires manual GitHub configuration (see V1-b)
120+
121+
## References
122+
123+
- V1 finding: Drift gate failed open on commit `e2e8317`
124+
- V4 finding: Multi-agent contribution surface ungoverned
125+
- `docs/governance-compliance.md` for full gate mapping
126+
- `scripts/validate_docs_consistency.py` for gate implementation

0 commit comments

Comments
 (0)