Skip to content

WallGuard runtime wall-context lookup and subject authority state #47

Description

@mdheller

Parent: SocioProphet/sociosphere#443
Depends on: #45
Depends on: SocioProphet/policy-fabric#93

Purpose

Implement the Agent Registry runtime surface for WallGuard active wall context lookup.

Policy Fabric owns final WallGuard decisions. Agent Registry owns authoritative subject/session context required by that decision layer: wall memberships, acknowledgments, recusal/revocation state, session scope, and allowed memory/tool classes.

Runtime objective

Provide a deterministic runtime lookup path that can answer:

  • which wall(s) an agent or human subject is currently authorized for
  • whether membership is active, revoked, expired, or missing
  • whether the subject is recused
  • whether the session is clean, wall-scoped, contaminated, or unknown
  • which memory compartments and tool classes are allowed to be considered by downstream evaluators

Required behavior

  • Resolve agentRef / subjectRef to an active WallGuard context record.
  • Return fail-closed context for missing, revoked, expired, recused, contaminated, or unknown session state.
  • Preserve the landed AgentWallContext contract as the external shape or compatibility layer.
  • Produce receipt/evidence refs suitable for Policy Fabric and Core Ledger.
  • Do not perform final policy authorization locally; provide context to Policy Fabric.

Suggested files

  • tools/wallguard_context_lookup.py
  • contracts/wallguard/runtime/*.json
  • tools/validate_wallguard_context_lookup.py
  • Makefile target validate-wallguard-context-lookup

Acceptance criteria

  • Same-wall active agent context resolves as usable for Policy Fabric evaluation.
  • Revoked membership resolves fail-closed.
  • Recused subject resolves fail-closed.
  • Contaminated/unknown session does not expose global or firm-approved memory compartments.
  • Missing context returns an explicit missing-context state, not an implicit allow.
  • Runtime output is sufficient for Policy Fabric evaluator and downstream AgentPlane/Memory Mesh/Sherlock surfaces.
  • No dependency on cascade, presidio, OrchestraOS, or noncanonical/unlicensed code.

Non-goals

  • Do not implement Policy Fabric decisions in Agent Registry.
  • Do not implement AgentPlane collaboration checks here.
  • Do not implement Memory Mesh read/write behavior here.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions