Enforce resolved execution context for deterministic actor policy
This commit is contained in:
@@ -15,6 +15,7 @@
|
||||
- Coordinates DAG traversal and retry behavior.
|
||||
- Computes aggregate run status from executed terminal nodes plus critical-path failures.
|
||||
- Applies dedicated `SecurityViolationError` handling policy (`hard_abort` or `validation_fail` mapping).
|
||||
- Resolves per-attempt `ResolvedExecutionContext` (phase/model/tool/security contract) and injects it into actor executors.
|
||||
|
||||
## Aggregate status semantics
|
||||
|
||||
@@ -29,3 +30,9 @@ Otherwise status is `failure`.
|
||||
|
||||
State and project-context writes are now atomic via temp-file + rename.
|
||||
Project-context patch/write operations are serialized both in-process (promise queue) and cross-process (lock file).
|
||||
|
||||
## Tool enforcement guarantees
|
||||
|
||||
- Pipeline resolves a flat `allowedTools` list per node attempt.
|
||||
- MCP config exposed to executors is pre-filtered to `allowedTools`.
|
||||
- Claude tool callbacks are expected to use the provided policy handler so unsupported shared MCP tool filters cannot bypass enforcement.
|
||||
|
||||
Reference in New Issue
Block a user