v0.4 — Introduce Agent Action Boundary before Execution Boundary

This merge introduces an **Agent Action Boundary**, expanding the DevWedge from a mutation gate into a **two-stage interpretive execution boundary**.

Previously the system interpreted **repository mutations** (pull request diffs).  
This change adds a **pre-execution interpretation stage** that evaluates whether an action itself is legitimate before mutation analysis occurs.

The system now performs deterministic interpretation across two boundaries:

Signal  
   ↓  
Agent Action Boundary  
   ↓  
Action Decision Artifact  
   ↓  
Execution Boundary  
   ↓  
Mutation Classification  
   ↓  
Meaning Artifact  
   ↓  
CI Enforcement

## New Capabilities

**Action Classification**

Deterministic classification of automation actions including:

* `package.publish`
    
* `release.create`
    
* `workflow.modify`
    
* `dependency.modify`
    

* * *

**Signal Surface Trust Evaluation**

Signals are interpreted using a registry that assigns trust tiers.

Examples:

| Surface | Trust Tier |
| --- | --- |
| `github.issue.title` | untrusted |
| `github.issue.comment` | untrusted |
| `github.release.metadata` | constrained |
| `github.repo_file.protected` | trusted |

* * *

**Actor Authority Envelopes**

Actor profiles define:

* actor identity
    
* actor type
    
* maximum authority
    
* allowed intents
    
* forbidden actions
    

* * *

**Action Legitimacy Decisions**

Actions are evaluated against:

* actor authority envelope
    
* signal trust tier
    
* declared intent
    
* required authority
    

Possible outcomes:

allow  
deny  
escalate  
advisory

* * *

**Action Decision Artifact**

The action boundary emits:

action_decision_artifact.json

This artifact records:

* actor identity
    
* signal surface
    
* requested action
    
* decision outcome
    
* evaluation reasons
    

* * *

## Canon Updates

Adds canonical schemas supporting the action boundary:

sp.action_decision_artifact.v1  
sp.actor_profile.v1  
sp.agent_action_request.v1  
sp.signal_surface_catalog.v1

* * *

## Why This Matters

Automation and AI agents increasingly propose actions such as:

* publishing packages
    
* triggering releases
    
* modifying CI workflows
    

We typically inspect **what changed**.

We rarely evaluate **whether the action itself was legitimate**.

This change introduces a deterministic interpretive boundary between **signals and execution**.

* * *

This release represents the first DevWedge prototype demonstrating deterministic interpretation of both automation actions and repository mutations within CI.

**Interpret before execution.**

* * *

Author: mattgallant001

.github/workflows/prism-gate.yml

@@ -37,6 +37,8 @@ jobs:
           BOOTSTRAP_LOCK_PATH: ".prism/bootstrap.lock"
           MEANING_OUT_PATH: "out/meaning.json"
           MUTATION_REPORT_OUT_PATH: "out/mutation_report.json"
+          ACTOR_CATALOG_PATH: "boundary/github-action/catalogs/actor-profiles.default.v1.json"
+          SIGNAL_CATALOG_PATH: "boundary/github-action/catalogs/signal-surfaces.default.v1.json"
 
       - name: Upload meaning artifact
         if: always()