From 26b63c9d8164f53d173ba31db985fe42fe5b6ff1 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Sun, 5 Apr 2026 14:02:02 -0400 Subject: [PATCH 1/5] feat: seed control matrix import manifest --- policy/imports/control-matrix/manifest.json | 24 +++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 policy/imports/control-matrix/manifest.json diff --git a/policy/imports/control-matrix/manifest.json b/policy/imports/control-matrix/manifest.json new file mode 100644 index 0000000..79e0d0f --- /dev/null +++ b/policy/imports/control-matrix/manifest.json @@ -0,0 +1,24 @@ +{ + "artifact": "agentic_control_matrix_v3_import", + "canonical_repository": "SocioProphet/socioprophet-standards-storage", + "canonical_pr": 10, + "canonical_package_path": "examples/control-matrix/v3", + "canonical_schema_path": "schemas/control-matrix", + "version": "v3", + "as_of_date": "2026-04-05", + "row_counts": { + "reachable_rows": 187, + "denied_rows": 16, + "tests": 1177, + "monitors": 686, + "exceptions": 8, + "incidents": 12 + }, + "expected_bundles": { + "policy": "policy/imports/control-matrix/compiled_policy_bundle_v3.json", + "monitor": "monitors/generated/control-matrix/compiled_monitor_bundle_v3.json", + "test": "tests/generated/control-matrix/compiled_test_bundle_v3.json" + }, + "status": "seeded-import-lane", + "next_step": "Pin the merged standards release and bind the policy bundle to the first runtime gate." +} From db46c5258ea38ce21e9ce640be88b5598cceb070 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Sun, 5 Apr 2026 14:03:12 -0400 Subject: [PATCH 2/5] docs: add control matrix import lane readme --- policy/imports/control-matrix/README.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 policy/imports/control-matrix/README.md diff --git a/policy/imports/control-matrix/README.md b/policy/imports/control-matrix/README.md new file mode 100644 index 0000000..06d4c41 --- /dev/null +++ b/policy/imports/control-matrix/README.md @@ -0,0 +1,23 @@ +# Control matrix import lane + +This directory holds imported Agentic Control Matrix bundles for `agentplane`. + +## Source of truth + +The canonical standards package lives in: + +- `SocioProphet/socioprophet-standards-storage` + +`agentplane` is the consumer/runtime lane. It should import and pin released bundle versions from the standards repository rather than redefining the ontology locally. + +## Seed state + +This PR adds the import manifest and expected bundle paths so the runtime lane has a stable place to bind: + +- policy bundle +- monitor bundle +- test bundle + +## Next step + +After the standards PR merges, pin the released package version and bind the imported policy bundle to the first runtime enforcement surface. From b8cfc0b69bf02ab99101549d3fbaf9c2111b7221 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Sun, 5 Apr 2026 14:04:27 -0400 Subject: [PATCH 3/5] docs: add runtime governance integration plan --- .../control-matrix-integration.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 docs/runtime-governance/control-matrix-integration.md diff --git a/docs/runtime-governance/control-matrix-integration.md b/docs/runtime-governance/control-matrix-integration.md new file mode 100644 index 0000000..9465086 --- /dev/null +++ b/docs/runtime-governance/control-matrix-integration.md @@ -0,0 +1,36 @@ +# Runtime governance integration plan + +This document defines the first expected binding points for the imported control bundle. + +## Initial enforcement surfaces + +1. Policy gate + - import the compiled policy bundle + - deny / warn / require approval according to row-derived blocker logic + - emit evidence for every evaluated control cell + +2. Monitor lane + - ingest generated monitor bundle definitions + - attach monitor health and stale-review checks + - reconcile incidents back to row IDs + +3. Generated test lane + - ingest generated test bundle definitions + - run high-risk row checks on integration and release paths + +## Evidence expectations + +Runtime actions should emit: + +- row id +- bundle version +- decision +- evidence references +- incident linkage when applicable +- exception linkage when applicable + +## Control loop + +The runtime lane should eventually close the loop: + +monitor breach -> incident -> change proposal -> bundle regeneration -> review -> redeploy From 5c6029a642b56ae0db63adfd2e894763c7bd0fd8 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Sun, 5 Apr 2026 14:06:34 -0400 Subject: [PATCH 4/5] docs: add generated control matrix test lane readme --- tests/generated/control-matrix/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 tests/generated/control-matrix/README.md diff --git a/tests/generated/control-matrix/README.md b/tests/generated/control-matrix/README.md new file mode 100644 index 0000000..26c9523 --- /dev/null +++ b/tests/generated/control-matrix/README.md @@ -0,0 +1,14 @@ +# Generated control matrix tests + +This directory is reserved for test bundles generated from the imported Agentic Control Matrix package. + +## Expected inputs + +- row-derived high-risk checks +- ship-blocker coverage tests +- approval and rollback path tests +- monitor/incident reconciliation tests + +## Source + +The canonical test definitions should be generated from the standards package and pinned via the import manifest. From daa91840eb56917b6cd0c5f48e4ee5ee2e73573e Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Sun, 5 Apr 2026 14:08:15 -0400 Subject: [PATCH 5/5] docs: add generated control matrix monitor lane readme --- monitors/generated/control-matrix/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 monitors/generated/control-matrix/README.md diff --git a/monitors/generated/control-matrix/README.md b/monitors/generated/control-matrix/README.md new file mode 100644 index 0000000..a395189 --- /dev/null +++ b/monitors/generated/control-matrix/README.md @@ -0,0 +1,14 @@ +# Generated control matrix monitors + +This directory is reserved for monitor bundles generated from the imported Agentic Control Matrix package. + +## Expected inputs + +- row-specific monitor definitions +- stale-review and blocker-state checks +- monitor-health controls +- incident linkage expectations + +## Source + +The canonical monitor definitions should be generated from the standards package and pinned via the import manifest.