Add pre-dispatch boundary decision for Agent Registry and Policy Fabric gates

[mdheller]

Purpose

Apply the SourceOS/SocioProphet lifecycle-boundary discipline to AgentTerm runtime dispatch.

AgentTerm already has the right doctrine: it is the terminal-native operator console and event surface, not the authority for non-human identity, grants, policy, or side-effecting execution. Issues #8, #18, and #43 all point at the same seam: before any non-human participant or high-risk action dispatches, AgentTerm needs an explicit pre-dispatch decision object that proves Agent Registry and Policy Fabric gates were checked.

Existing related issues

• Implement registered agent participants: Hermes, Codex, Claude Code, OpenCLAW, GitHub, CI, MCP #8 — registered non-human participants and pre-dispatch Agent Registry / Policy Fabric checks.
• Integrate AgentTerm with SourceOS Agent Machine workspaces #18 — Agent Machine workspace integration and governed execution handoff to AgentPlane.
• Ingest and render SourceOSInteractionEvent governance traces #43 — SourceOSInteractionEvent governance trace ingestion/rendering.

Required discipline

Preserve this chain:

operator / interaction event = evidence input
Agent Registry lookup = identity / session / grant / revocation evidence
Policy Fabric decision = action/context policy evaluation
AgentTerm pre-dispatch decision = local runtime admission/readiness decision
AgentPlane / shell / Matrix adapter = downstream execution surface
OpsHistory / SourceOSInteractionEvent = record/render path only

AgentTerm must not collapse those into a generic success flag or dispatch from local config alone.

Proposed contract

Add AgentTermPreDispatchDecision v0.1 or equivalent with fields such as:

• decision_id
• requested_action
• participant_ref
• participant_kind
• agent_registry_ref
• grant_refs
• session_ref
• revocation_state
• policy_decision_refs
• policy_status
• dispatch_decision = allow | require-review | deny | fail-closed
• dispatch_target
• side_effecting
• sensitive_context_requested
• context_pack_refs
• evidence_refs
• performed_dispatch = false for decision-only records

Negative fixtures required

• non-human participant enabled from local config alone;
• revoked or expired grant still dispatches;
• side-effecting shell/tool action dispatches without Policy Fabric decision refs;
• sensitive context hydrated without policy admission;
• pre-dispatch decision claims execution already occurred;
• event/render path stores raw secrets or unrestricted shell output.

Acceptance criteria

• Schema/contract or Python dataclass lands.
• Validator or unit tests reject the negative cases above.
• Docs tie the object to Implement registered agent participants: Hermes, Codex, Claude Code, OpenCLAW, GitHub, CI, MCP #8, Integrate AgentTerm with SourceOS Agent Machine workspaces #18, and Ingest and render SourceOSInteractionEvent governance traces #43.
• No live provider/CLI/Matrix/AgentPlane call is introduced in the first tranche.

Boundary

This is not the full adapter implementation. It is the pre-dispatch decision seam so later Hermes/Codex/Claude/OpenCLAW/GitHub/CI/MCP adapters cannot bypass Agent Registry and Policy Fabric.