Subagents must inherit task gates and be blocked for deterministic write workflows #266

Closed
opened 2026-07-06 12:49:34 -05:00 by jcwalker3 · 1 comment
Owner

Subagents can bypass or lose context for worktree, capability, mutation, retry, and reporting rules. Deterministic write tasks should run inline unless the parent session proves subagent use is necessary and safe.

Acceptance criteria:

  1. Subagents are blocked for issue claim, branch creation, code edits, commits, PR creation, review, merge, and cleanup unless explicitly allowed.
  2. Parent session must record why a subagent is needed.
  3. Subagent must inherit:
    • issue lock
    • branch/worktree path
    • identity/profile
    • allowed tool class
    • command deny list
    • validation ledger requirements
    • final report schema
  4. Subagent output cannot be accepted unless it includes the same proof fields as the parent workflow.
  5. Tests cover blocked write delegation, allowed read-only delegation, missing inherited context, and invalid subagent final reports.
Subagents can bypass or lose context for worktree, capability, mutation, retry, and reporting rules. Deterministic write tasks should run inline unless the parent session proves subagent use is necessary and safe. Acceptance criteria: 1. Subagents are blocked for issue claim, branch creation, code edits, commits, PR creation, review, merge, and cleanup unless explicitly allowed. 2. Parent session must record why a subagent is needed. 3. Subagent must inherit: - issue lock - branch/worktree path - identity/profile - allowed tool class - command deny list - validation ledger requirements - final report schema 4. Subagent output cannot be accepted unless it includes the same proof fields as the parent workflow. 5. Tests cover blocked write delegation, allowed read-only delegation, missing inherited context, and invalid subagent final reports.
jcwalker3 added the status:in-progress label 2026-07-06 23:23:21 -05:00
Author
Owner

Claimed. Branch: feat/issue-266-subagent-gate-inheritance. Worktree: branches/feat-issue-266-subagent-gate-inheritance. Lock taken via gitea_lock_issue (fail-closed check passed).

Planned slice (per acceptance criteria 1–5):

  • New policy module subagent_gate.py following the review_proofs/author_proofs pattern:
    • deterministic-write task deny list (issue claim, branch creation, code edits, commits, PR creation, review, merge, cleanup) — blocked unless explicitly allowed with a recorded justification (AC1/AC2)
    • required inherited-context fields (issue lock, branch/worktree path, identity/profile, allowed tool class, command deny list, validation ledger requirement, final report schema) with fail-closed validation (AC3)
    • subagent final-report validation requiring the same proof fields as the parent workflow (AC4)
  • Tests covering: blocked write delegation, allowed read-only delegation, missing inherited context, invalid subagent final report (AC5)
  • Operator guide rule key so MCP clients discover the policy

Note: #271's validation-ledger work is in progress in another session; this module references the ledger requirement as an inherited-context field name only, no dependency on that implementation.

Claimed. Branch: `feat/issue-266-subagent-gate-inheritance`. Worktree: `branches/feat-issue-266-subagent-gate-inheritance`. Lock taken via `gitea_lock_issue` (fail-closed check passed). Planned slice (per acceptance criteria 1–5): - New policy module `subagent_gate.py` following the `review_proofs`/`author_proofs` pattern: - deterministic-write task deny list (issue claim, branch creation, code edits, commits, PR creation, review, merge, cleanup) — blocked unless explicitly allowed with a recorded justification (AC1/AC2) - required inherited-context fields (issue lock, branch/worktree path, identity/profile, allowed tool class, command deny list, validation ledger requirement, final report schema) with fail-closed validation (AC3) - subagent final-report validation requiring the same proof fields as the parent workflow (AC4) - Tests covering: blocked write delegation, allowed read-only delegation, missing inherited context, invalid subagent final report (AC5) - Operator guide rule key so MCP clients discover the policy Note: #271's validation-ledger work is in progress in another session; this module references the ledger requirement as an inherited-context field name only, no dependency on that implementation.
sysadmin removed the status:in-progress label 2026-07-07 02:56:02 -05:00
Sign in to join this conversation.
No labels
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#266