Skip to content

feat(comm): enable cross-namespace messaging in AllowAll gate mode #13

Description

@ohdearquant

Problem

comm.send denies every cross-namespace message unconditionally — even when the runtime is in the AllowAll (OSS / local-MCP) gate mode. This makes agent-to-agent messaging effectively dead in the default OSS configuration: any send where from != recipient_ns returns CrossNamespaceWrite regardless of policy.

Evidence

crates/khive-pack-comm/src/message.rs:81–100 — the recipient namespace is compared to the sender and rejected with CrossNamespaceWrite before the policy gate is ever consulted:

if from != recipient_ns_str {
    return Err(CrossNamespaceWrite);
}

The denial is hardcoded; the AllowAll gate has no opportunity to permit it.

Expected

Cross-namespace comm.send should be governed by the active policy gate, not a hardcoded comparison:

  • AllowAll / OSS mode → permit (local single-tenant deployments need agent↔agent messaging).
  • Restricted / multi-tenant mode → continue to deny per ADR-007.

Fix sketch

Route the cross-namespace decision through the gate (same pattern other write paths use) instead of the unconditional if from != recipient_ns_str short-circuit. Add a regression test for both gate modes.

Priority: p1 — blocks the comm pack's primary use case in OSS deployments.

Ported from old repo issue #516 (repo since recreated; old numbers invalid). Verified against current source 2026-06-07.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions