Skip to content

feat(orggov): bind work orders to execution evidence and replay#297

Open
mdheller wants to merge 10 commits into
mainfrom
feat/orggov-work-order-evidence-binding
Open

feat(orggov): bind work orders to execution evidence and replay#297
mdheller wants to merge 10 commits into
mainfrom
feat/orggov-work-order-evidence-binding

Conversation

@mdheller

@mdheller mdheller commented Jun 12, 2026

Copy link
Copy Markdown
Member

Summary

  • OrgGovWorkOrderEvidenceBridge schema: bridges OrgGov v0 work order to full AgentPlane execution/evidence lifecycle — work_order_id + workroom_id carried through all artifacts, ExecutionLifecycle covering bundle_validation → placement → run (completed/failed/stand_in/pending) → replay (4 replay classes), output_hash (sha256 pattern), review_status, reversal_ref, score_ref, canonical_fields vs imported_fields registry
  • Golden dogfood fixture: GitHub issue → actor/role/authority check → policy gate → governed run → evidence → review (approved) → score signal

Test plan

  • make validate-orggov-work-order-evidence-bridge — PASS (2 valid, 1 reject)
  • Valid GitHub issue dogfood: full lifecycle completed, sha256 output_hash, replay_verified=true, score_ref
  • Valid stand_in run: evidence-only replay class, pending review
  • Reject: wrong kind const

Closes #104
Parent epic: prophet-platform#406

mdheller added 10 commits June 11, 2026 20:43
@mdheller
feat(civic-stack): emit OQL/OAC runtime evidence capsule for Seven-Mo…
e8d8e74 
…del civic architecture (#154)

- CivicStackRunCapsule schema: run_id, actor_ref, oql_plan_id, artifact_manifest_id,
  policy_decision_id, tool_grants, action_dispatch_records, oql_plan_acceptance,
  oac_compiler_invocation, subagent_delegations, attestation_events, rationalgrl_trace,
  hellgraph_evidence_refs, delivery_excellence_signal_ref, provenance_refs, timestamps
- RationalGRL trace: goals_addressed (goal/softgoal), tasks_executed, dependencies_blocked
  with defeater_reason on blocked tasks and denied goals
- OQL plan acceptance with OQL-to-agent-task mappings
- OAC compiler invocation with artifact emission refs
- Policy gates: deny outcome enforces empty tool_grants + all dispatches blocked;
  blocked dispatches require defeater_reason; oac failure forbids artifact_emission_refs
- 2 valid fixtures (allow + deny/policy-blocked) + 3 reject fixtures
- validate-civic-stack-runtime-evidence wired into Makefile aggregate validate target
- Upstream anchors: ontogenesis#80, #81, policy-fabric#72, sociosphere#323, delivery-excellence#28
@mdheller
feat(conversational): evidence and replay integration seam for conver…
5e0183c 
…sational services (#149)

- ConversationalActionEvidence schema: binds conversation session/turn to AgentPlane
  execution artifact — action_type (8-value enum), policy_decision_ref, execution_artifact_ref,
  replay_linkage (eligible/verified/divergence_detected/scope), hellgraph_evidence_refs
- ConversationalReplayRecord schema: replay artifact for conversational triggers — status
  (completed/failed/diverged/pending), replay_scope (turn/session/execution_artifact),
  divergence_record (conditional required when status=diverged) with divergence_type
  and resolution_status enums, non_claims required
- Policy gates: approval_denial forces deny/escalate outcome; replay_divergence_detected
  requires replay_divergence_ref; diverged status requires divergence_record
- 4 valid fixtures (trigger-execution, approval-denial, replay-completed, replay-diverged)
  + 2 reject fixtures
- validate-conversational-evidence wired into Makefile aggregate validate target
@mdheller
feat(systema): tensegrity runtime contract, capability radius R0-R5, …
796013f 
…cybernetic oversteer controls (#136)

- docs/doctrine/tensegrity-runtime-contract.md: compression members (agent/tool/service/model/repo/host)
  vs tension members (policy/identity/provenance/tests/signatures/audits/ledgers/capability_grants/replay/revocation)
  and five tensegrity invariants: policy always required, closed chain, revocation dissolves immediately,
  replay seals the loop, oversteer is a governance obligation
- docs/specs/agent-action-tension-members-v0.md: tension member obligations matrix by action type;
  structural rules (policy always required, replay for mutation actions, audit for blocked/intervention,
  revocation path at R2+, provenance must include upstream anchor)
- docs/specs/capability-radius-v0.md: R0 observe-local through R5 deployment-host-mutation;
  radius/tool-grant contract; rapid_radius_escalation oversteer indicator
- docs/specs/cybernetic-oversteer-v0.md: 10 oversteer indicators with tension member under strain mapping;
  detection contract (HellGraph emission, delivery_excellence degraded, escalate elevation, RationalGRL softgoal);
  oversteer vs. error distinction
- examples/tensegrity/agent-action-tension-members.example.json: full tension member declaration for R3 write
- examples/reachability/agent-capability-radius.example.json: R3 actor profile with conditional R4 gate
- examples/governance/oversteer-indicators.example.json: policy_flip_flops + repeated_failed_validations
  simultaneous firing → escalate elevation + delivery excellence degraded signal
@mdheller
feat(concept-lineage): Phase 4 concept-to-artifact evidence receipts …
ef1eda0 
…with replay semantics (#134)

- ConceptToArtifactLineageReceipt schema: concept_kind (10-value enum: term/definition/geometry_relation/
  projection_relation/scenario/prototype/artifact/commons_impact_claim/dymaxion_metric_claim/cross_reference),
  source_anchor (type/confidence/assumptions), geometry_projection with mandatory distortion_assumptions,
  artifact_linkage with lineage_chain_refs, commons_impact with evidence_basis enum,
  dymaxion_metric with required assumptions
- extraction_mode 4-value enum: deterministic_extraction → exact replay; model_assisted → near_equivalent;
  human_review → indicative_only; non_replayable_interpretive_judgment → not_replayable
- Policy gates: non_replayable mode forces is_replayable=false + non_replayable_reason required;
  distortion_assumptions and dymaxion_metric.assumptions must be non-empty; asserted_without_evidence
  commons claims cannot be peer_reviewed; non_claims required on all receipts
- 3 valid fixtures: Dymaxion artifact lineage (model_assisted), geodesic projection claim (human_review),
  interpretive judgment (non_replayable) + 2 reject fixtures
- validate-concept-to-artifact-lineage wired into Makefile aggregate validate target
- Integration targets: ontogenesis#61, gaia-world-model#21, sherlock-search#42, sociosphere#291
@mdheller
feat(model-routing): enforce model-routing lane decisions in agent ex…
02094f4 
…ecution artifacts (#119)

- ModelRoutingLaneDecisionReceipt schema: run_ref, chain_stage (planning/execution/verification/
  reflection/synthesis), task_class (8 values), requested_lane, selected_lane (5 lanes: no_model through pro),
  lane_decision_outcome (lane_selected/downgraded/escalated/denied/deferred), cost_class, prompt_evidence_policy
  (hash_only default — raw prompts never stored), context_tool_posture, verification_mode
- High-end/pro conditional: selected_lane=high_end or pro requires escalation_receipt_ref +
  de_escalation_required_after_stage (schema conditional allOf)
- Policy gates: denied outcome must de-escalate to no_model; verification stage must not use
  model_primary; high-end without escalation_receipt → denied; no raw prompts enforced
- 4 valid fixtures: standard lane_selected, escalated high_end with receipt+de-escalation, verification
  no_model mechanical_tools_only, denied high_end without escalation de-escalated to no_model
- 2 reject fixtures
- validate-model-routing-lane-receipts wired into Makefile aggregate validate target
- Consumers: model-router (AgentExecutionModelRoutingPolicy), guardrail-fabric integration
@mdheller
feat(shir): governed SHIR chain as AgentPlane job v0.1 (#112)
f126074 
- SHIRGovernedChainJob schema: job_type const (shir.governed_chain.v0.1), 4 required inputs
  (input_ref, schema_ref, ontology_profile_ref, out_ref), policy_mode (advisory/fail_closed/review_required),
  relation_strategy (default relation_node), all 4 stages (rdf_to_shir/shir_to_pyg/semantic_leakage/chain_receipt),
  full artifact manifest (11 artifact refs), 8 failure modes
- job_status conditional: requires_review/failed_closed require failure_mode + policy_outcome
- Policy gates: fail_closed + semantic_leakage_blocking → failed_closed; completed requires chain_receipt
  completed; shir_to_pyg completed requires projection_loss_report_ref
- 2 valid fixtures: clean TopoLVM run (allowed) + leakage review_required (semantic_leakage_blocking)
- 2 reject fixtures: wrong job_type const, requires_review without failure_mode
- validate-shir-governed-chain-job wired into Makefile aggregate validate target
- Non-goals enforced: no tensor materialization, no GNN training, no ontology promotion, no PyTorch/PyG/DGL
- Upstream: mlops-ts-suite#36-39, #45, #46
@mdheller
feat(device-actuation): capability-scoped agent actuation boundary fo…
d776cbf 
…r device orchestration (#111)

- DeviceActuationBoundaryReceipt schema: 14 action_class values (phone/home/browser/shell/device_generic
  + 8 high-risk: lock/alarm/camera/vehicle/payment/identity_token/health_relevant/os_mutation/irreversible_deletion),
  capability_class (low_risk/medium_risk/high_risk), 6 proposal_status values
  (proposed/denied/approved/executed/rolled_back/failed)
- Conditional: high_risk + approved/executed requires approval_ref + approval_authority_ref
- Policy gates: high-risk action_class forces capability_class=high_risk; denied requires denial_reason;
  rolled_back requires rollback_artifact_ref; high_risk proposed must not have policy_outcome=allow
  (no bypass from proposal to approval without explicit approval step)
- 3 valid fixtures: low-risk browser (executed/allow), high-risk payment (denied), high-risk lock (approved+executed with approval refs)
- 2 reject fixtures
- validate-device-actuation-boundary wired into Makefile
- Non-goals enforced: no direct ecosystem integration, no NL-to-actuation bypass path
@mdheller
feat(reasoning): integrate SourceOS ReasoningRun contracts into Agent…
9faa03c 
…Plane evidence and replay (#109)

- ReasoningRunEvidenceReceipt schema: seals SourceOS ReasoningReceipt/ReplayPlan import into
  AgentPlane evidence lifecycle — run_id, sourceos_receipt_ref, replay_class (4 values: exact/
  best-effort/evidence-only/non-replayable-side-effect preserved from ReasoningReplayPlan),
  safe_trace_posture (mode const=operational-trace-only, raw_private_reasoning const=not-collected),
  benchmark_passed (required for promotion), hellgraph_evidence_refs
- Invariants enforced: raw_private_reasoning=not-collected (const); operational-trace-only mode;
  benchmark_passed=false blocks reasoning_status=completed
- Authority boundaries preserved: cognition loop in Superconscious, schemas in sourceos-spec,
  evidence sealing and replay here in AgentPlane
- 2 valid fixtures: deterministic M1 receipt (exact replay, m1-smoke), best-effort replay
- 2 reject fixtures: raw_private_reasoning=collected (const violation), wrong kind
- validate-reasoning-run-evidence wired into Makefile
- Existing validate-superconscious-reasoning-import (import_superconscious_reasoning.py) unaffected
@mdheller
feat(graph-dispatch): graph-aware dispatch and PR impact work orders (#…
21fee33 
…106)

- GraphAwareWorkOrder schema: work_order_type (code_fix/documentation_update/policy_review/
  pr_impact_review), RepoGraphContext (repo, commit_ref, changed_paths, affected_node_ids,
  affected_edge_ids, source_anchor_refs, required_tests/docs/policies, provenance_receipt_refs,
  policy_status, prophet_understand_artifact_ref, graph_artifact_staleness)
- scope_warnings: missing_graph_artifact/stale_graph_artifact/unknown_affected_nodes/edges — stale
  or missing graph requires explicit warning rather than silent failure
- CitationRequirements: must_cite_affected_nodes/edges/source_anchors,
  architectural_impact_claim_requires_graph_evidence (when true, output must cite graph evidence)
- Policy gates: stale/missing staleness requires scope_warning; architectural impact claim with
  missing/unknown graph requires scope_warnings
- 2 valid fixtures: code_fix with full graph context, pr_impact_review with stale graph + warnings
- 1 reject fixture
- validate-graph-aware-work-orders wired into Makefile
- Non-goals enforced: AgentPlane does not own graph generation; graph facts ≠ mutation authority
@mdheller
feat(orggov): bind work orders to execution evidence and replay (#104)
5d2a795 
- OrgGovWorkOrderEvidenceBridge schema: work_order_id + workroom_id carried into all evidence artifacts,
  actor_ref/role_ref/authority_ref, policy_decision_ref, ExecutionLifecycle (bundle_validation/
  placement/run/replay with status enums), output_hash (sha256 pattern), review_status, reversal_ref,
  score_ref, canonical_fields vs imported_fields registry
- lifecycle.run.status: completed/failed/stand_in/pending (stand_in for fixture/dogfood runs)
- Policy gates: completed run requires run_artifact_ref; replay_verified=true requires
  replay_artifact_ref; output_hash validated as sha256 pattern
- 2 valid fixtures: GitHub issue → full lifecycle dogfood run (approved), stand_in run (evidence-only replay)
- 1 reject fixture
- validate-orggov-work-order-evidence-bridge wired into Makefile
- Non-goals enforced: AgentPlane is not the product UX or policy authority; no secrets or raw prompts stored
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[OrgGov v0] Bind work orders to execution evidence and replay

1 participant

@mdheller