Context
Agent Machine renderers can now produce typed plans, deployment receipts, Quadlet skeletons, and Kubernetes skeletons. These artifacts are evidence only. Sensitive activation must fail closed without Policy Fabric admission.
Required outcome
Define a Policy Fabric admission stub for AgentPod activation.
Acceptance criteria
- Add a documented admission request/response shape.
- Admission request includes AgentPod object, deployment plan, manifest/artifact digest, AgentMachine profile, provider facts, storage/cache facts, requested network exposure, requested storage classes, and side-effect scope.
- Admission response includes decision reference, decision digest, allowed scope, denied scope, obligations, expiration, and revocation hook reference.
- Activation semantics state: if
policyFabricRequired=true and no admission decision exists, activation fails closed.
- No secret values, raw prompts, raw KV-cache contents, or private memory contents are included in admission payloads.
Related docs
docs/architecture/world-class-release-gate.mddocs/architecture/receipt-chain.mddocs/architecture/deployment-safety.md
Context
Agent Machine renderers can now produce typed plans, deployment receipts, Quadlet skeletons, and Kubernetes skeletons. These artifacts are evidence only. Sensitive activation must fail closed without Policy Fabric admission.
Required outcome
Define a Policy Fabric admission stub for AgentPod activation.
Acceptance criteria
policyFabricRequired=trueand no admission decision exists, activation fails closed.Related docs
docs/architecture/world-class-release-gate.mddocs/architecture/receipt-chain.mddocs/architecture/deployment-safety.md