From 6b2a0f9bc13b73f3479d6d3d88edf097654a3a59 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Fri, 22 May 2026 16:23:07 -0400 Subject: [PATCH 1/2] Add governed-runner delegation map --- docs/governed-runner-delegation-map.md | 124 +++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 docs/governed-runner-delegation-map.md diff --git a/docs/governed-runner-delegation-map.md b/docs/governed-runner-delegation-map.md new file mode 100644 index 0000000..4dd9b9c --- /dev/null +++ b/docs/governed-runner-delegation-map.md @@ -0,0 +1,124 @@ +# Governed Runner Delegation Map + +Status: v0.1 facade boundary + +Owning repo for this document: `SocioProphet/prophet-cli` + +## Purpose + +This document records the cross-repo delegation boundary for the governed-runner product surface. + +`prophet-cli` owns the stable operator-facing command names. It does not own governed-runner implementation, safety semantics, authority state, evidence contracts, or install formulae. + +## Operator command path + +The product-facing command is: + +```bash +prophet governed-runner ... +``` + +The implementation delegate is: + +```bash +sp-run ... +``` + +Delegation rule: + +```text +prophet governed-runner -> sp-run +``` + +Plane-name alias: + +```text +prophet agentplane -> sp-run +``` + +## Cross-repo ownership + +| Concern | Owning repo | Notes | +|---|---|---| +| Product facade | `SocioProphet/prophet-cli` | Owns `prophet governed-runner ...` and `prophet agentplane ...` command names only | +| Governed-runner implementation | `SocioProphet/agentplane` | Owns `sp-run`, contracts, receipts, smoke, inspection, dossiers, local JSON tool adapter | +| Safety/preflight semantics | `SocioProphet/guardrail-fabric` | Owns TrustOps safety policy and runtime action mapping | +| Authority state | `SocioProphet/agent-registry` | Owns authority decisions, current authority state, and restoration decisions | +| Install path | `SocioProphet/homebrew-prophet` | Owns `prophet-cli` and `agentplane` formulae | + +## Current read-only surface + +`prophet-cli` forwards all of these to `sp-run`: + +```bash +prophet governed-runner doctor +prophet governed-runner smoke --output-dir ./.socioprophet/smoke/governed-runner +prophet governed-runner list --runs-root ./.socioprophet/smoke/governed-runner +prophet governed-runner status ./.socioprophet/smoke/governed-runner/run +prophet governed-runner inspect ./.socioprophet/smoke/governed-runner/run +prophet governed-runner tool list-tools +prophet governed-runner tool call governed_runner.doctor --args-json '{}' +prophet governed-runner preflight ./governed-run-contract.json +prophet governed-runner admit ./governed-run-contract.json --preflight ./preflight-receipt.json --authority-state ./agent-authority-current-state.json --projected-cost-usd 0.25 +prophet governed-runner dossier ./.socioprophet/smoke/governed-runner/run +prophet governed-runner validate-dossier ./run-dossier.json +``` + +## Install contract + +The expected install path is: + +```bash +brew tap SocioProphet/prophet +brew install prophet-cli agentplane +``` + +`prophet-cli` installs `prophet`. + +`agentplane` installs `sp-run`. + +If `sp-run` is missing, `prophet governed-runner ...` must fail clearly as a missing delegate. The facade must not emulate or reimplement AgentPlane behavior. + +## Non-ownership list for prophet-cli + +`prophet-cli` does not own: + +- `GovernedRunContract` schema; +- `PreflightReceipt` schema; +- `AttemptAdmissionReceipt` schema; +- rollback evidence schemas; +- `RunDossier` schema; +- `sp-run` implementation; +- governed-runner smoke evidence generation; +- run-store inspection logic; +- local JSON tool adapter logic; +- TrustOps safety semantics; +- Agent Registry authority state; +- Homebrew formulae. + +## Hard non-goals for the facade + +`prophet-cli` must not add: + +- live agent execution; +- verifier execution; +- governed workspace mutation; +- rollback restoration; +- Agent Registry authority update; +- budget settlement; +- provider invocation; +- network activity for a governed run; +- durable memory writeback; +- policy adjudication. + +If any future `prophet governed-runner ...` command appears to need one of those capabilities, the implementation belongs in the owning repo after a separate policy-gated design tranche. The facade may only delegate. + +## Regression rule + +Any change to `prophet governed-runner ...` should preserve this invariant: + +```text +prophet-cli parses command names and delegates argv; AgentPlane performs governed-runner logic. +``` + +Tests should assert forwarded argv, not duplicate AgentPlane behavior. From 60377ff826aa3abb9537c422e95a26cf8eba06d6 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Fri, 22 May 2026 16:23:58 -0400 Subject: [PATCH 2/2] Link governed-runner delegation map from README --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7a4e9f6..20d9301 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ Façade repo for Prophet command surface and SourceOS / AgentPlane bootstrap del | `prophet agentplane ...` | `sp-run ...` | `SocioProphet/agentplane` | | `prophet governed-runner ...` | `sp-run ...` | `SocioProphet/agentplane` | +The governed-runner cross-repo boundary is recorded in [`docs/governed-runner-delegation-map.md`](docs/governed-runner-delegation-map.md). + ## Examples ```bash