refactor: remove orphaned directories and overclaiming stub files#3244
refactor: remove orphaned directories and overclaiming stub files#3244liamcrumm wants to merge 5 commits into
Conversation
PR Review Summary
Verdict: AI review comments are untrusted advisory output. The summary reports workflow-generated completion status only, not model-authored pass/fail claims. |
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned Files
|
📦 Dependency diff (SBOM)Comparing main → liamcrumm/hypervisor-remove-stub-features. ✅ No dependency changes detected. |
Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
Wires the previously-inert action/governance-attestation composite action into a pull_request workflow so the repo runs its own attestation gate instead of only publishing it for downstream consumers. Pins the published toolkit to 4.1.0 and passes the PR body as an input (read via env inside the action, never shell-interpolated). Least-privilege contents:read, SHA-pinned checkout. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
Removes governance tooling that is unused in-repo and non-functional for external consumers: the governance-attestation composite action (encoded Microsoft-internal CELA/RAI/launch-gate checks, unusable as a generic action), the security-scan composite action (redundant with native scanners, referenced by no workflow), and the agent-governance-gate reusable workflow plus scripts/governance_gate.py and examples/github-actions-governance (the workflow calls a script the caller repo does not have, so it cannot run externally). Also removes agent_compliance/governance (validate_attestation), the orphaned validator that only backed the removed attestation action, and the PR workflow that dogfooded it. Keeps action/action.yml (Agent Governance Verify, wraps the real agt verify) and agent_compliance/security/scanner.py (used by promotion/supply_chain). Updates the A2 regression test and de-references the removed artifacts in docs. Validated: tests/ci 73 pass; docs link checker introduces 0 new broken links. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
core.py verify_behavior: restore the _get_session/get_participant guard that was dropped together with slashing.slash(), so a drift signal on an unknown session or a non-participant agent raises (as before) instead of silently reporting to the external Nexus trust backend. Removes vestigial dead surfaces left by the stub removal: the enable_blockchain_commitment SessionConfig field and the liability/checkpoint/fan-out/gc EventType members (no emitters). Fixes stale docs: terminate_session docstring, AUDIT-COMPLIANCE section 14 (drop the Level-3 MUST for the not-implemented Commitment Engine and the intro mention), exec-control intro (drop quarantine and the blockchain_commitment field row), and the agent-os conformance test comment. Validated: the verify_behavior repro no longer reproduces (non-participant raises, participant still reported); hypervisor+runtime 753 pass, agent-os conformance 152 pass; ruff clean; 0 new broken doc links. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
4633a7c to
23295d6
Compare
The stub-removal cleanup over-deleted still-valid reference content. This restores it while keeping the genuine feature removals and the de-claiming intact. Docs restored (verified against the live code, no removed symbols reintroduced): - api-reference.md back to the real 18-route surface with the Table of Contents, response-body examples, query/request tables and 404s, plus the requires_consensus, requires_sre_witness and actions fields that still exist - README.md and packages/agent-hypervisor.md back to full configuration, architecture and feature docs, with the benchmarks link and standard badges restored (PyPI version badge stays out since the standalone package is a deprecation stub) - 11-saga-orchestration and 06-execution-sandboxing back to teaching SagaOrchestrator and execution rings; broken classify_action_id samples rewritten to the real classify(ActionDescriptor) API and verified runnable - 13-observability event counts corrected to 30 total (Saga 7, Audit 2) CI gate fixes: - add the MIT header to scripts/verify_tutorials_01_34.py - fix the CODEOWNERS relative link in docs/reference/contributing.md - add pandas/plotly and ASCII-diagram terms to the cspell dictionary - normalize licence to license in tutorial 45 - drop the unused CausalViolationError import flagged by code-quality Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
23295d6 to
9f471a3
Compare
MohammadHaroonAbuomar
left a comment
There was a problem hiding this comment.
Deletions verified safe: every removed module, script, tutorial, example, and package stub has zero remaining imports, __all__ entries, nav links, or workspace references on this branch. agt-{core,cli,integrations,protocols} are not on PyPI (all 404). scripts/check_dependency_confusion.py change is comment-only. CI is green.
Four items to close before this is approvable.
-
docs/specs/AUDIT-COMPLIANCE-1.0.md:131(introduced by this PR): the ASCII diagram now listsDeltaEngineon both L130 and L131. L131 should be the blank-cell padding row that was there before. -
.cspell.json:21: drop"tion"(and"reputa","Orchestr") from the global word list. These were added to silence truncated words inside ASCII boxes atdocs/tutorials/45-shift-left-governance.md:51andagent-governance-python/agent-os/README.md:440. Adding"tion"to the repo-wide dictionary will mask real typos everywhere. Use<!-- cspell:disable-line -->(or a file-scopedcspell:disableblock) at the two sites instead. -
agent-governance-python/agent-hypervisor/src/hypervisor/session/isolation.py:34-36:IsolationLevel.requires_intent_locksis now dead. Its only consumer wassession/intent_locks.py, which this PR deletes; the remaining references are three value-assertion tests attests/unit/test_session_security.py:73,80,87. Delete the property and those three assertions in this PR. -
BREAKING_CHANGES.md: the only edit is subtractive (drops two actions from an existing entry's affected list). Add a new entry logging the removed public symbols fromhypervisorand theiragent_runtimere-exports:VouchingEngine,SlashingEngine,LiabilityLedger,LiabilityMatrix,QuarantineManager,QuarantineReason,CausalAttributor,IntentLockManager,LockIntent,FanOutOrchestrator,FanOutPolicy,SagaDSLParser,SagaDefinition,CheckpointManager,SemanticCheckpoint,CommitmentEngine,EphemeralGC,VectorClockManager. Public Preview status permits the removal; it should still be recorded.
Minor (non-blocking): docs/adr/0023-*.md:48 has a stale path link to hypervisor/audit/commitment.py; historical ADR content, fine to leave.
Description
This PR is intended to clean up the directory structure and overclaimed dead capabilities. Several capabilities in agent hypervisor were stubbed but claimed as working, and several of the directories were as empty redirects for backward compatibility during a past migration. This is intended to bring the repo closer to a logical state where code sits in intuitive spots and claimed capabilities are fully implemented.
I also removed the agent-governance-gate.ym, governance-attestation and security-scan ci flows since they were dead code and not being run on PR.
Type of Change
Package(s) Affected
Checklist
Attribution & Prior Art
Prior art / related projects (if any):
AI Assistance
If AI tools materially shaped this change, briefly note what was used:
Worked with Github Copilot on some refactoring parts
IP, Patents, and Licensing
Related Issues