refactor: remove orphaned directories and overclaiming stub files#3244
Conversation
PR Review Summary
Verdict: AI review comments are untrusted advisory output. The summary reports workflow-generated completion status only, not model-authored pass/fail claims. |
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned Files
|
📦 Dependency diff (SBOM)Comparing main → liamcrumm/hypervisor-remove-stub-features. ✅ No dependency changes detected. |
Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
Wires the previously-inert action/governance-attestation composite action into a pull_request workflow so the repo runs its own attestation gate instead of only publishing it for downstream consumers. Pins the published toolkit to 4.1.0 and passes the PR body as an input (read via env inside the action, never shell-interpolated). Least-privilege contents:read, SHA-pinned checkout. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
Removes governance tooling that is unused in-repo and non-functional for external consumers: the governance-attestation composite action (encoded Microsoft-internal CELA/RAI/launch-gate checks, unusable as a generic action), the security-scan composite action (redundant with native scanners, referenced by no workflow), and the agent-governance-gate reusable workflow plus scripts/governance_gate.py and examples/github-actions-governance (the workflow calls a script the caller repo does not have, so it cannot run externally). Also removes agent_compliance/governance (validate_attestation), the orphaned validator that only backed the removed attestation action, and the PR workflow that dogfooded it. Keeps action/action.yml (Agent Governance Verify, wraps the real agt verify) and agent_compliance/security/scanner.py (used by promotion/supply_chain). Updates the A2 regression test and de-references the removed artifacts in docs. Validated: tests/ci 73 pass; docs link checker introduces 0 new broken links. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
core.py verify_behavior: restore the _get_session/get_participant guard that was dropped together with slashing.slash(), so a drift signal on an unknown session or a non-participant agent raises (as before) instead of silently reporting to the external Nexus trust backend. Removes vestigial dead surfaces left by the stub removal: the enable_blockchain_commitment SessionConfig field and the liability/checkpoint/fan-out/gc EventType members (no emitters). Fixes stale docs: terminate_session docstring, AUDIT-COMPLIANCE section 14 (drop the Level-3 MUST for the not-implemented Commitment Engine and the intro mention), exec-control intro (drop quarantine and the blockchain_commitment field row), and the agent-os conformance test comment. Validated: the verify_behavior repro no longer reproduces (non-participant raises, participant still reported); hypervisor+runtime 753 pass, agent-os conformance 152 pass; ruff clean; 0 new broken doc links. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
4633a7c to
23295d6
Compare
The stub-removal cleanup over-deleted still-valid reference content. This restores it while keeping the genuine feature removals and the de-claiming intact. Docs restored (verified against the live code, no removed symbols reintroduced): - api-reference.md back to the real 18-route surface with the Table of Contents, response-body examples, query/request tables and 404s, plus the requires_consensus, requires_sre_witness and actions fields that still exist - README.md and packages/agent-hypervisor.md back to full configuration, architecture and feature docs, with the benchmarks link and standard badges restored (PyPI version badge stays out since the standalone package is a deprecation stub) - 11-saga-orchestration and 06-execution-sandboxing back to teaching SagaOrchestrator and execution rings; broken classify_action_id samples rewritten to the real classify(ActionDescriptor) API and verified runnable - 13-observability event counts corrected to 30 total (Saga 7, Audit 2) CI gate fixes: - add the MIT header to scripts/verify_tutorials_01_34.py - fix the CODEOWNERS relative link in docs/reference/contributing.md - add pandas/plotly and ASCII-diagram terms to the cspell dictionary - normalize licence to license in tutorial 45 - drop the unused CausalViolationError import flagged by code-quality Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
23295d6 to
9f471a3
Compare
MohammadHaroonAbuomar
left a comment
There was a problem hiding this comment.
Deletions verified safe: every removed module, script, tutorial, example, and package stub has zero remaining imports, __all__ entries, nav links, or workspace references on this branch. agt-{core,cli,integrations,protocols} are not on PyPI (all 404). scripts/check_dependency_confusion.py change is comment-only. CI is green.
Four items to close before this is approvable.
-
docs/specs/AUDIT-COMPLIANCE-1.0.md:131(introduced by this PR): the ASCII diagram now listsDeltaEngineon both L130 and L131. L131 should be the blank-cell padding row that was there before. -
.cspell.json:21: drop"tion"(and"reputa","Orchestr") from the global word list. These were added to silence truncated words inside ASCII boxes atdocs/tutorials/45-shift-left-governance.md:51andagent-governance-python/agent-os/README.md:440. Adding"tion"to the repo-wide dictionary will mask real typos everywhere. Use<!-- cspell:disable-line -->(or a file-scopedcspell:disableblock) at the two sites instead. -
agent-governance-python/agent-hypervisor/src/hypervisor/session/isolation.py:34-36:IsolationLevel.requires_intent_locksis now dead. Its only consumer wassession/intent_locks.py, which this PR deletes; the remaining references are three value-assertion tests attests/unit/test_session_security.py:73,80,87. Delete the property and those three assertions in this PR. -
BREAKING_CHANGES.md: the only edit is subtractive (drops two actions from an existing entry's affected list). Add a new entry logging the removed public symbols fromhypervisorand theiragent_runtimere-exports:VouchingEngine,SlashingEngine,LiabilityLedger,LiabilityMatrix,QuarantineManager,QuarantineReason,CausalAttributor,IntentLockManager,LockIntent,FanOutOrchestrator,FanOutPolicy,SagaDSLParser,SagaDefinition,CheckpointManager,SemanticCheckpoint,CommitmentEngine,EphemeralGC,VectorClockManager. Public Preview status permits the removal; it should still be recorded.
Minor (non-blocking): docs/adr/0023-*.md:48 has a stale path link to hypervisor/audit/commitment.py; historical ADR content, fine to leave.
1. AUDIT-COMPLIANCE-1.0.md: restore the blank padding row in the audit diagram (the de-claim had duplicated DeltaEngine where CommitmentEngine used to be). 2. cspell: drop the global "tion", "reputa" and "Orchestr" entries that would mask real typos; instead reword the two ASCII boxes so no word is truncated (reputa/tion to author/screen, Orchestr. to the full Orchestrator). 3. isolation.py: delete the dead IsolationLevel.requires_intent_locks property (its only consumer, session/intent_locks.py, was removed) and its three value assertions in tests/unit/test_session_security.py. 4. BREAKING_CHANGES.md: add an entry recording the 18 removed public hypervisor symbols and their agent_runtime re-exports. Verified: hypervisor suite 640 passed 23 skipped; cspell clean without the dropped dictionary entries; ruff clean; 0 new broken links. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
🤖 AI Agent: docs-sync-checker — Docs Sync
Docs Sync
Documentation is in sync. |
🤖 AI Agent: test-generator — View details
Test coverage looks good. No gaps identified. |
🤖 AI Agent: security-scanner — Security Review
Security Review
|
🤖 AI Agent: code-reviewer — Action items:
TL;DR: 1 blocker, 1 warning. The PR removes critical governance and security-related CI workflows without justification, which could weaken the repository's security posture.
Action items:
Warnings (fine as follow-up PRs):
|
🤖 AI Agent: breaking-change-detector — API Compatibility
API Compatibility
|
Consequence/obligation + correctness re-review of the current head surfaced these, all now fixed and verified: - BREAKING_CHANGES.md: the removed public export set is 23, not 18. Add the 5 companion types that were also removed from hypervisor and agent_runtime __all__: VouchRecord, AttributionResult, LedgerEntryType, LockContentionError, DeadlockError. - constants.py: remove 4 dead VOUCHING_* constants whose only consumer was the deleted liability/vouching.py (same orphan class as the already-removed enable_blockchain_commitment and requires_intent_locks). Zero consumers remain. - api-reference.md: fix 3 restored code samples that imported from the wrong sub-package and would ImportError on copy-paste (SagaOrchestrator and ActionClassifier are top-level; KillReason lives in hypervisor.security.kill_switch). Also correct 3 stale event-type values to match EventType: ring.breach_detected, security.agent_killed, audit.committed. - acp-cli.py: benchmark/ to benchmarks/ in a print string left over from the directory rename. - test_spec_audit_compliance_conformance.py: drop "and commitment" from a docstring after the commitment sub-tests were removed. Verified: hypervisor suite 640 passed 23 skipped; agent-os conformance 152 passed; constants.py ruff clean; cspell clean; 0 new broken links; every hypervisor import across all changed docs resolves (AST sweep of 108). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Liam Crumm <liamcrumm@gmail.com>
Great feedback, thank you. I have addressed these. |
Description
This PR is intended to clean up the directory structure and overclaimed dead capabilities. Several capabilities in agent hypervisor were stubbed but claimed as working, and several of the directories were as empty redirects for backward compatibility during a past migration. This is intended to bring the repo closer to a logical state where code sits in intuitive spots and claimed capabilities are fully implemented.
I also removed the agent-governance-gate.ym, governance-attestation and security-scan ci flows since they were dead code and not being run on PR.
Type of Change
Package(s) Affected
Checklist
Attribution & Prior Art
Prior art / related projects (if any):
AI Assistance
If AI tools materially shaped this change, briefly note what was used:
Worked with Github Copilot on some refactoring parts
IP, Patents, and Licensing
Related Issues