Purpose
Define the first policy-gated verifier execution surface for governed-runner v0.2.
This is a design issue only. Do not implement runtime execution in this issue.
Context
Governed-runner v0.1 is read-only. It supports contracts, preflight projection, authority-state input, attempt admission receipts, rollback evidence, run dossiers, smoke evidence, inspection, and local JSON tool adapter surfaces.
The next phase may allow a tightly scoped verifier execution path, but only after a new design boundary is recorded.
Proposed v0.2 scope
The first execution tranche should be verifier-only and synthetic-first:
- input:
GovernedRunContract
- input:
PreflightReceipt
- input: Agent Registry
AgentAuthorityCurrentState
- input:
AttemptAdmissionReceipt
- allowed action: execute one allowlisted verifier command from a governed fixture
- network mode: off unless explicitly modeled and denied by default
- mutation mode: none
- output: new
VerificationExecutionReceipt
Acceptance criteria
- Define
VerificationExecutionReceipt v0.1 schema.
- Add positive fixture for an admitted, network-off, no-mutation verifier command.
- Add negative fixture for missing admission receipt.
- Add negative fixture for rejected admission.
- Add negative fixture for require-review admission.
- Add negative fixture for non-allowlisted verifier command.
- Add negative fixture for network use when network mode is off.
- Add negative fixture for workspace mutation attempt.
- Add validator and Makefile target.
- Add docs describing exactly what verifier execution does and does not authorize.
- Preserve
sp-run read-only commands unless and until an explicit execution command is added in a separate implementation PR.
Non-goals
- no arbitrary agent execution
- no free-form shell execution
- no provider invocation
- no network activity by default
- no governed workspace mutation
- no rollback restoration
- no authority update
- no budget settlement
Boundary
This issue is complete when the design, schema, fixtures, validator, and documentation are defined. Actual execution implementation must be a separate PR after this design is accepted.
Purpose
Define the first policy-gated verifier execution surface for governed-runner v0.2.
This is a design issue only. Do not implement runtime execution in this issue.
Context
Governed-runner v0.1 is read-only. It supports contracts, preflight projection, authority-state input, attempt admission receipts, rollback evidence, run dossiers, smoke evidence, inspection, and local JSON tool adapter surfaces.
The next phase may allow a tightly scoped verifier execution path, but only after a new design boundary is recorded.
Proposed v0.2 scope
The first execution tranche should be verifier-only and synthetic-first:
GovernedRunContractPreflightReceiptAgentAuthorityCurrentStateAttemptAdmissionReceiptVerificationExecutionReceiptAcceptance criteria
VerificationExecutionReceipt v0.1schema.sp-runread-only commands unless and until an explicit execution command is added in a separate implementation PR.Non-goals
Boundary
This issue is complete when the design, schema, fixtures, validator, and documentation are defined. Actual execution implementation must be a separate PR after this design is accepted.