Design policy-gated rollback restore for governed-runner v0.2

[mdheller]

Purpose

Define the first policy-gated rollback restore surface for governed-runner v0.2.

This is a design issue only. Do not implement rollback restoration in this issue.

Context

Governed-runner v0.1 records rollback evidence through RollbackBoundary and RollbackResult, but it does not mutate or restore workspace state.

Rollback restore is a mutating operation and must be designed as a separate policy-gated capability.

Proposed v0.2 scope

A future restore surface should require:

• existing RollbackBoundary
• admitted restore request
• authority state permitting restore
• safe-root enforcement
• file/path allowlist enforcement
• explicit restore action receipt
• before/after digest evidence

Acceptance criteria

• Define RollbackRestoreRequest v0.1 schema.
• Define RollbackRestoreReceipt v0.1 schema.
• Add positive fixture for a synthetic restore inside an allowed temp workspace.
• Add negative fixture for missing rollback boundary.
• Add negative fixture for missing restore admission.
• Add negative fixture for path escape.
• Add negative fixture for missing before digest.
• Add negative fixture for digest mismatch.
• Add negative fixture for suspended/revoked authority.
• Add validator and Makefile target.
• Add docs describing exactly what restore can mutate and under what evidence conditions.

Non-goals

• no restore implementation in this design issue
• no arbitrary file mutation
• no cross-repo restore
• no restore outside safe root
• no authority update
• no budget settlement
• no live agent execution

Boundary

Rollback restore must remain unavailable until the design, schemas, fixtures, validator, and docs are accepted. Implementation must occur in a separate PR.

[mdheller]

Evidence-boundary portion completed by #211.

Merged commit: 273a1d087e8c2127f072eb86f7ffac411634e1a4

Delivered:

• schemas/receipts/integrity-evidence-request.v0.1.schema.json
• schemas/receipts/integrity-evidence-result.v0.1.schema.json
• valid request/result fixtures
• invalid request fixtures for missing boundary, path outside root, and suspended authority
• tools/check_integrity_evidence.py
• tools/tests/test_integrity_evidence.py
• docs/runtime-governance/integrity-evidence-contract-v0.md

Boundary preserved: evidence-only. No filesystem mutation, recovery implementation, verifier execution, provider calls, network access, authority update, or budget settlement integration.

This issue should remain open if we still want a later explicit implementation design for an actual recovery action path. The evidence contract is complete; runtime behavior remains intentionally out of scope.

[mdheller]

Status update after v0.2 contract work.

Completed evidence-boundary work:

• agentplane#211 merged IntegrityEvidenceRequest v0.1 and IntegrityEvidenceResult v0.1.
• Merged commit: 273a1d087e8c2127f072eb86f7ffac411634e1a4
• agentplane#212 added the v0.2 boundary map.
• Merged commit: 8f8411c31d52bb20ed854bf6b1bc903cabe39704

This issue remains open intentionally. The evidence contract is complete, but the original implementation path is still blocked until a separate policy-gated design and implementation issue exists.

Current boundary:

• safe-root and digest evidence are represented;
• admission and authority references are represented;
• suspended/revoked authority is rejected by the evidence checker;
• no workspace mutation, recovery implementation, verifier execution, provider calls, network access, authority update, or budget settlement integration has been added.