Skip to content

WallGuard agent identity, session scope, and recusal metadata #44

Description

@mdheller

Parent: SocioProphet/sociosphere#392
Depends on: SocioProphet/policy-fabric#86
Related: SocioProphet/agentplane#249

Purpose

Extend agent registry semantics for WallGuard-aware identity, session scope, membership, recusal, and revocation.

Agents must carry explicit wall context when operating inside professional workrooms. An agent's identity, session, tool grants, memory scope, and collaboration eligibility must be policy-checkable.

Required metadata

  • agent id / DID if applicable
  • current workroom/client/matter scope
  • permitted wall memberships
  • revoked or expired memberships
  • recusal state
  • acknowledgment state if required
  • allowed memory compartments
  • allowed tool/connector classes
  • session contamination / taint markers
  • receipt references for sensitive grants/revocations

Enforcement relationships

  • AgentPlane consumes this metadata for collaboration and execution.
  • Policy Fabric evaluates wall decisions using this metadata.
  • Memory Mesh and Sherlock Search use session/wall scope for read/write/retrieval checks.

Fixtures

  • agent with valid same-wall membership
  • agent with expired membership denied
  • agent with revoked membership denied
  • recused agent denied collaboration
  • contaminated session blocked from unrelated matter

Acceptance criteria

  • Agent Registry records wall context without becoming policy authority.
  • Wall membership and revocation are machine-readable.
  • Agent sessions can be scoped to workroom/client/matter.
  • No dependency on noncanonical or unlicensed repos.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions