Skip to content

Add guarded Agent Machine and Office execution#11

Merged
mdheller merged 7 commits intomainfrom
feat/guarded-office-agent-machine-execution
May 2, 2026
Merged

Add guarded Agent Machine and Office execution#11
mdheller merged 7 commits intomainfrom
feat/guarded-office-agent-machine-execution

Conversation

@mdheller
Copy link
Copy Markdown
Contributor

@mdheller mdheller commented May 2, 2026

Summary

Adds the first guarded local execution slice for SourceOS Agent Machine and Prophet Workspace Office Plane flows.

Dry-run remains the default. Local mutation requires explicit --execute --policy-ok and emits evidence.

Changes

Agent Machine

  • sourceosctl agent-machine mounts init --execute --policy-ok
    • creates only declared, scoped output/download directories;
    • does not create Podman machines, Podman bind mounts, containers, or background services;
    • rejects whole-home and sensitive paths;
    • emits AgentMachineMountEvidence or writes it to --evidence-out.

Office Plane

  • sourceosctl office generate --execute --policy-ok
    • currently writes only safe text/Markdown/JSON artifacts;
    • rejects Office binary generation (docx, xlsx, pptx, etc.) until template/render backends are hardened;
    • emits OfficeArtifactEvidence or writes it to --evidence-out.
  • sourceosctl office convert <path> --to <format> --execute --policy-ok
    • runs local LibreOffice/soffice when available;
    • writes output under the explicit Office output root;
    • emits OfficeArtifactEvidence or writes it to --evidence-out.

Safety posture

  • No implicit mutation.
  • --execute requires --policy-ok.
  • Whole-home output/mount roots are rejected.
  • Whole ~/Downloads browser download roots are rejected.
  • Sensitive paths such as SSH keys, GPG keys, keychains, browser profiles, cloud credential dirs, Apple app DBs/libraries, and token stores are rejected.
  • Email send, external publish, and calendar modification remain disabled.

Tests

Adds/updates tests for:

  • Agent Machine execution requiring policy approval;
  • scoped directory creation plus mount evidence emission;
  • unscoped downloads rejection;
  • Office generation execution requiring policy approval;
  • Office binary generation rejection;
  • safe Markdown artifact generation plus Office evidence emission;
  • whole-home output root rejection;
  • Office conversion execution requiring policy approval;
  • missing conversion input rejection.

Validation

Expected repo validation:

make validate

@mdheller mdheller merged commit 96f519f into main May 2, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mdheller