Problem
comm.send denies every cross-namespace message unconditionally — even when the runtime is in the AllowAll (OSS / local-MCP) gate mode. This makes agent-to-agent messaging effectively dead in the default OSS configuration: any send where from != recipient_ns returns CrossNamespaceWrite regardless of policy.
Evidence
crates/khive-pack-comm/src/message.rs:81–100 — the recipient namespace is compared to the sender and rejected with CrossNamespaceWrite before the policy gate is ever consulted:
if from != recipient_ns_str {
return Err(CrossNamespaceWrite);
}
The denial is hardcoded; the AllowAll gate has no opportunity to permit it.
Expected
Cross-namespace comm.send should be governed by the active policy gate, not a hardcoded comparison:
- AllowAll / OSS mode → permit (local single-tenant deployments need agent↔agent messaging).
- Restricted / multi-tenant mode → continue to deny per ADR-007.
Fix sketch
Route the cross-namespace decision through the gate (same pattern other write paths use) instead of the unconditional if from != recipient_ns_str short-circuit. Add a regression test for both gate modes.
Priority: p1 — blocks the comm pack's primary use case in OSS deployments.
Ported from old repo issue #516 (repo since recreated; old numbers invalid). Verified against current source 2026-06-07.
Problem
comm.senddenies every cross-namespace message unconditionally — even when the runtime is in the AllowAll (OSS / local-MCP) gate mode. This makes agent-to-agent messaging effectively dead in the default OSS configuration: anysendwherefrom != recipient_nsreturnsCrossNamespaceWriteregardless of policy.Evidence
crates/khive-pack-comm/src/message.rs:81–100— the recipient namespace is compared to the sender and rejected withCrossNamespaceWritebefore the policy gate is ever consulted:The denial is hardcoded; the AllowAll gate has no opportunity to permit it.
Expected
Cross-namespace
comm.sendshould be governed by the active policy gate, not a hardcoded comparison:Fix sketch
Route the cross-namespace decision through the gate (same pattern other write paths use) instead of the unconditional
if from != recipient_ns_strshort-circuit. Add a regression test for both gate modes.Priority: p1 — blocks the comm pack's primary use case in OSS deployments.
Ported from old repo issue #516 (repo since recreated; old numbers invalid). Verified against current source 2026-06-07.