feat(ocap): crew_runner applies caveats.meet() at dispatch + honest docstrings (#750)#751
Merged
Merged
Conversation
…ocstrings (#750) OCAP enforcement-floor stack (#749, PR 2/8). Wires the .meet() attenuation seam: LocalCrewRunner::dispatch now computes child_caveats = session.meet(crew_clamp) via a pure dispatch_caveats helper and passes it to run_team/run_crew, instead of the session caveats unmodified. crew_clamp is config-sourced ([crew] CrewPolicyConfig, default Caveats::top() so today's behavior is unchanged — meet is identity by default) and is the tightening point for the per-subtask team_clamp (#749 step 8). The crew_tool.rs docstrings now claim only what meet guarantees (<= session), replacing the false "never the session's full grant." TDD: dispatch_caveats_meets_the_clamp_and_stays_le_session (red on today's code — a crew with a net-denying clamp still permitted net; green after) + default-is-top identity + the config wiring. just check green (2663 tests). The agent-mesh meet algebra is sound + unchanged. Fixes #750. Part of #749. Refs #739, #741. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
hartsock
added
the
ocap
This was referenced Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OCAP enforcement-floor stack — PR 2 of 8 · epic #749
Review/merge order (full ordered list + rationale in #749): a docs PR (
docs/ocap-authority-review, the design review + paper — opens at the end of the stack) is the "read-first" rationale; this is step 2; step 3 (crewfs_read) branches off this. Merge bottom-up.What this does
Wires the
.meet()attenuation seam:LocalCrewRunner::dispatchnow passeschild = session.meet(crew_clamp)(puredispatch_caveatshelper) torun_team/run_crewinstead of the session caveats unmodified.crew_clampis config-sourced ([crew], defaultCaveats::top()⇒ meet is identity ⇒ today's behavior unchanged) and is the tightening point for the per-subtaskteam_clamp(#749 step 8). Thecrew_tool.rsdocstrings now claim only whatmeetguarantees (≤ session), replacing the false "never the session's full grant."Test plan
dispatch_caveats_meets_the_clamp_and_stays_le_session— red on today's code (a crew with a net-denying clamp still permitted net), green after; + default-is-top identity + the config wiring.just checkgreen (2663 tests). The agent-meshmeetalgebra is sound + unchanged.Fixes #750. Part of #749. Refs #739, #741.
🤖 Generated with Claude Code