Plan snapshot/export contract for Request.Intent and Request.Context (auditability + safety)

[blindzero]

Problem Statement

IdLE produces plans that may be executed later. Operators and automated hosts need plan artifacts to be auditable and safe to store/share.

With the introduction of Request.Intent and Request.Context, we must define a deterministic plan snapshot/export contract:

• What request data is captured in the exported plan
• How secrets are prevented from leaking into artifacts
• How size and serialization stability are enforced

Without explicit rules, plan artifacts become:

• non-reproducible (planning depended on data not captured),
• unsafe (secrets included),
• unbounded in size,
• inconsistent across hosts.

Proposed Solution

1) Define a deterministic RequestSnapshot contract

Plan export MUST include a RequestSnapshot containing at minimum:

• CorrelationId
• Actor
• IdentityKeys
• LifecycleEvent
• Request.Intent (canonical intent/action inputs)
• Request.Context (canonical associated context)

2) Enforce safety rules

The snapshot/export pipeline MUST enforce:

• Secret prevention (reject or redact; decision must be explicit and documented):
  • passwords, tokens, refresh tokens, client secrets, session keys, private keys, etc.
• Executable / unsafe type prevention:
  • reject ScriptBlocks, delegates, non-serializable objects, provider runtime handles
• Size limits:
  • define a maximum total snapshot size and/or per-field limits
  • define deterministic truncation/redaction behavior

3) Stable serialization requirements

• Exported snapshot must be stable and predictable (order-insensitive where possible).
• Use safe serialization; avoid embedding raw .NET object graphs.

Alternatives Considered

1. Export only minimal metadata (no intent/context)
   • Hurts auditability and troubleshooting.
2. Export the full original request object
   • Too risky (secrets, non-serializable objects, host-specific payloads).

Impact

• Plan artifacts become more informative but may increase in size (bounded by limits).
• Hosts/tools consuming plan exports may need to tolerate the updated snapshot structure.

Dependencies

• Requires Issue 1 (schema: Request.Intent and Request.Context).

Definition of Done (Step-0-Ready / Agent-Safe)

Design / Contracts

• Specify exact RequestSnapshot shape (fields, nesting, naming).
• Specify the secret-handling policy:
  • reject vs redact (and for which categories)
• Specify snapshot size limits and deterministic truncation/redaction rules.
• Specify stable serialization requirements and prohibited types.

Implementation

• Implement RequestSnapshot generation including Request.Intent and Request.Context.
• Implement safety enforcement (secret prevention, type checks, size limits).
• Ensure plan export uses the canonical paths introduced by Issue 1.

Tests (Pester)

• Snapshot includes Request.Intent and Request.Context.
• Secret-like fields are rejected/redacted according to spec.
• Non-serializable/executable types are rejected.
• Size limit behavior is deterministic and testable.

Docs / Examples

• Document snapshot content and safety rules.
• Provide an example plan export showing the snapshot structure.

Non-Goals

• No planning-time context resolver feature in this issue.
• No runtime execution guard feature in this issue.