Skip to content

Build Layers 5-8 Safety, Execution, and Governance Rail#100

Merged
d3v07 merged 4 commits into
mainfrom
feature/d3v07-layers-5-8-safety-execution-governance
Jun 7, 2026
Merged

Build Layers 5-8 Safety, Execution, and Governance Rail#100
d3v07 merged 4 commits into
mainfrom
feature/d3v07-layers-5-8-safety-execution-governance

Conversation

@d3v07

@d3v07 d3v07 commented Jun 7, 2026

Copy link
Copy Markdown
Owner

Summary

Research-first pass on Layers 5–8 (#95–98). An assessment found the runtime is ~80% already implemented, so this PR delivers the genuine gaps rather than rebuilding shipped code:

  • Layer 7 — Deterministic decision + execution rail (Layer 7: Deterministic Decision + Execution Rail #97): ported the three-check verification rail (_verification_checks = sort_removed AND selected_index_used AND metric_improved; VERIFIED iff all pass, else APPROVED) and added lock-in tests. Previously main gated VERIFIED on sort-removal alone.
  • Layer 8 — Data + governance + live demo (Layer 8: Data + Governance #98):
    • Live-run navigation: Ask the agent triggers a real diagnosis when the backend is configured and navigates to /runs/{run_id}; Overview/History reflect it via the existing GET /packs.
    • Clearly-labeled local simulation when no backend is configured: a read-only DIAGNOSED sim-001 pack (simulated: true) with a distinct SIMULATION badge — never fake "live".
    • Audit approver sourced from approval_gate.approver (fixes a blank approver without changing the contract).
  • Already implemented (verified, unchanged): Layer 5 specialist agents (3 phase-gated read-only roles, deterministic winner recomputation, no creds to agents) and Layer 6's four read-only MVP tools.
  • Deferred + documented (docs/safety-boundary-decisions.md): policy-check records and Decision.approved_by/at — both require EvidencePack v1 changes (a hard-stop); plus the optional read-only inspection tools (low priority; history_lookup needs its own ledger-access review).

Safety boundaries preserved

  • Agents recommend · deterministic code decides · humans approve · verification proves.
  • EvidencePack v1 unchanged. No new API routes. MVP tool names intact. RUN_API_TOKEN stays server-only (now sourced from Secret Manager — see deployment note). Agents stay read-only; the simulation only produces a read-only DIAGNOSED pack and never applies anything. VERIFIED is never derived in the client.

Test output

  • uv run pytest: green (exit 0). Adds tests/unit/test_verification_rail.py — VERIFIED conjunction; failure path → APPROVED + FAILED verify trace + ledger outcome=failed; recommended index evidenced in the after-plan; metric improved; deterministic ESR wins over a conflicting agent proposal; write-tools phase-gated (diagnose/approve blocked, verify allowed); stale-ticket guard (no apply_index on hash mismatch). Aligns test_orchestrator + test_ledger_store with the rail.
  • Dashboard: tsc --noEmit clean · npm run lint clean · npm run build success (/, /audit, /history, /run-review, /runs/[run_id], /system-map dynamic; /intake static).

Browser QA (headless, fallback/simulation mode)

  • POST /api/run (no backend) → sim-001, status diagnosed, simulated: true.
  • Ask the agent on /run-review → navigates to /runs/sim-001; source pill renders simulation (data-source="simulation"), not live.
  • /runs/sim-001 renders the labeled SIMULATION run (pending approval, full evidence hash, 5-stage indicator, 3-roles/4-tools grouped trace); no horizontal overflow at 1440px.
  • Overview lists sim-001; /audit?run_id=fixture-verified shows approver dashboard-operator sourced from the gate.

Live vs simulation

The deployed site is live-capable (API_URL + RUN_API_TOKEN configured), so Ask the agent runs a real diagnosis there. The simulation path exists only for local / credential-less contexts and is always labeled SIMULATION — it never claims to be live.

Deployment note

No separate deploy from this branch. The recent RUN_API_TOKEN rotation was config-only (moved to Secret Manager, dedicated dashboard SA, verified healthy). Per plan, production gets one combined deploy of main after this PR is reviewed and merged — which also makes PR #99's multipage console + verification-failed fix live, instead of two partial deploys.

Not claimed

Agents do not mutate the database and do not mark runs VERIFIED. Winner selection and verification are deterministic / controller-only; mutation is backend-only after a hash-bound human approval.

Closes #97
Closes #98

Note: #95 (specialist agents) and #96 (read-only tools) are already implemented and verified in the deployed runtime (see the assessment summary above); close them once you've confirmed.

d3v07 added 4 commits June 7, 2026 12:50
@d3v07
feat(controller): three-check verification rail + Layer 7 lock-in tes…
d50be34 
…ts (#97)

- port _verification_checks: VERIFIED iff sort_removed AND selected_index_used AND metric_improved, else APPROVED; richer verify-trace summary
- add tests/unit/test_verification_rail.py: VERIFIED conjunction, failure path (APPROVED + FAILED trace + ledger outcome=failed), index-evidenced-in-plan, metric-improved, deterministic ESR wins over a conflicting agent proposal, write-tools phase-gated (diagnose/approve blocked, verify allowed), stale-ticket guard (no apply on hash mismatch)
- align test_orchestrator + test_ledger_store with the three-check rail
@d3v07
feat(dashboard): live-run navigation + labeled simulation, gate-sourc…
488c08c 
…ed audit approver (#98)

- Ask the agent navigates to /runs/{run_id} for the produced run; real /run when the backend is configured, clearly-labeled local SIMULATION fallback (sim-001, read-only diagnosed pack) when not — never fake-live
- PackSource gains "simulation"; /api/run returns the sim pack with simulated:true and the token untouched on that path; fixtures add FIXTURE_SIMULATION
- audit page sources the approver from approval_gate.approver, no EvidencePack v1 change
- docs/safety-boundary-decisions.md records the deferred v1 items (policy-check records, Decision approver/timestamp) and the optional read-only tools, with the safe interim taken for each
@d3v07
fix(dashboard): clear run spinner when Ask the agent targets the curr…
134dc12 
…ent route

Re-running on /runs/{id} where the produced run_id equals the current route made router.push a no-op, leaving the spinner stuck. When the target path matches the current path, refresh in place and clear the running state. Scoped to AgentRunView.onAsk.
@d3v07
docs: track safety-boundary-decisions.md (deferred v1 governance) in …
a1611a7 
…the PR

docs/ is gitignored as internal/local, which silently dropped the safety-boundary decisions log from the branch. Un-ignore just that one governance artifact so the deferred-EvidencePack-v1 record (policy-check records, Decision approver/timestamp, optional read-only tools) ships with the Layers 5-8 PR.
@d3v07 d3v07 merged commit ad1f713 into main Jun 7, 2026
4 checks passed
@d3v07 d3v07 deleted the feature/d3v07-layers-5-8-safety-execution-governance branch June 7, 2026 18:51
This was referenced Jun 7, 2026
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Layer 8: Data + Governance Layer 7: Deterministic Decision + Execution Rail

1 participant

@d3v07