Agent work order
@copilot @codex please implement this after PR #1 lands or by branching from seed/agentterm-chatops-core if instructed.
Goal
Add a Policy Fabric admission layer before AgentTerm dispatches side-effecting commands or releases sensitive context.
Context
AgentTerm is the operator surface. Policy Fabric remains the decision/evidence authority for side effects and sensitive context release.
Required scope
- Add a policy admission interface behind the adapter boundary.
- Evaluate at least these event classes: shell session, workspace materialization, workroom context hydration, memory recall/writeback, semantic membrane, Holmes investigation request, Sherlock Search hydration, MeshRush graph operation, AgentPlane run, GitHub mutation, CI retry.
- Emit explicit
policy_check, decision, and denial events into EventStore.
- Add tests for allow/deny/pending states using a fake policy backend.
- Keep the initial implementation local/stubbed; do not require a live Policy Fabric service in CI.
Non-goals
- Do not move Policy Fabric schemas into this repo.
- Do not silently execute side effects when admission fails or is unknown.
Validation
Agent work order
@copilot @codex please implement this after PR #1 lands or by branching from
seed/agentterm-chatops-coreif instructed.Goal
Add a Policy Fabric admission layer before AgentTerm dispatches side-effecting commands or releases sensitive context.
Context
AgentTerm is the operator surface. Policy Fabric remains the decision/evidence authority for side effects and sensitive context release.
Required scope
policy_check,decision, and denial events intoEventStore.Non-goals
Validation
ruff check . pytest