Skip to content

feat(agentplane): add SourceOS runtime boundary validation#40

Merged
mdheller merged 3 commits intomainfrom
work/os-build-cybernetic-runtime-v1
Apr 16, 2026
Merged

feat(agentplane): add SourceOS runtime boundary validation#40
mdheller merged 3 commits intomainfrom
work/os-build-cybernetic-runtime-v1

Conversation

@mdheller
Copy link
Copy Markdown
Member

@mdheller mdheller commented Apr 16, 2026

Summary

This draft PR stages the first agentplane runtime-consumer tranche for the SourceOS OS build / cybernetic boundary.

It adds:

  • docs/integration/sourceos-os-build-boundary.md
  • scripts/validate_runtime_boundary.py

Intent

The goal is to let agentplane fail closed on obvious seam violations before execution by validating imported:

  • OSImage
  • NodeBinding
  • CyberneticAssignment

Dependency

This PR depends on the upstream SourceOS contract seam being finalized in SourceOS-Linux/sourceos-spec.

It is intentionally a draft until the upstream schema names and required fields settle.

What this PR does not do yet

  • it does not wire the validator into scripts/validate_bundle.py
  • it does not yet emit a dedicated boundary artifact
  • it does not yet integrate with the control-matrix gate or receipt lifecycle

Those should follow after the upstream tranche is merged or near-final.

Suggested review order

  1. runtime role of agentplane vs upstream schema authority
  2. boundary-check script scope
  3. follow-on integration into the existing validation/evidence pipeline

@mdheller ChatGPT Codex Connector
Copy link
Copy Markdown
Member Author

mdheller commented Apr 16, 2026

Dependency note:

This draft PR is downstream of SourceOS-Linux/sourceos-spec PR #26 and should be treated as the first runtime-consumer tranche for that seam.

Please do not merge this validator ahead of the upstream contract authority.

Expected order:

  1. sourceos-spec PR brand(agentplane): add logo asset and capture landscape positioning #26 merges first
  2. this PR is rebased only if upstream schema names or required fields changed
  3. after upstream stabilization, a follow-on patch should wire this validator into scripts/validate_bundle.py and emit a dedicated boundary artifact

Current scope is intentionally narrow:

  • runtime integration note
  • standalone pre-execution boundary validator
  • no bundle-pipeline integration yet

@mdheller mdheller marked this pull request as ready for review April 16, 2026 21:00
@mdheller mdheller merged commit 1c17928 into main Apr 16, 2026
5 checks passed
@mdheller mdheller deleted the work/os-build-cybernetic-runtime-v1 branch April 16, 2026 21:02
@mdheller ChatGPT Codex Connector
Copy link
Copy Markdown
Member Author

mdheller commented Apr 16, 2026

Status update:

The upstream dependency is now merged:

This draft PR can now be reviewed as the first runtime-consumer tranche for that seam.

Remaining caution:

  • if upstream follows with a contract-polish pass that changes schema names or required fields, this validator should be refreshed before merge.

Review focus can now move to:

  1. the runtime role of agentplane relative to the upstream schema authority
  2. whether the validator should be wired into scripts/validate_bundle.py immediately or in a follow-on patch
  3. what evidence artifact should be emitted once this is integrated into the run path

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mdheller