Skip to content

feat(policies): add decision tokens for transparent agent routing#88

Merged
Destynova2 merged 5 commits intodevelopfrom
feat/hit-decision-tokens
Apr 6, 2026
Merged

feat(policies): add decision tokens for transparent agent routing#88
Destynova2 merged 5 commits intodevelopfrom
feat/hit-decision-tokens

Conversation

@Destynova2
Copy link
Copy Markdown
Contributor

@Destynova2 Destynova2 commented Apr 6, 2026

Summary

  • Add DecisionToken type, DecisionMode enum, and BackendTarget for transparent agent routing in the policy engine
  • Decision tokens are MCP tokens emitted by a boss agent, invisible to the target agent — grob reads the mode claim (training/live) to route to paper or real backend
  • Agent receives an opaque AgentVisibleToken with no access to decision claims (mode, issuer, audience)

Changes

  • src/features/policies/decision_token.rs — full implementation with types, routing, integrity (SHA-256), audience matching
  • src/features/policies/mod.rs — module registration
  • tests/cucumber/features/decision_token.feature — 5 Gherkin scenarios

Tests

  • 11 unit tests covering: routing (training→paper, live→real), token invisibility, mode switch transparency, integrity verification, tamper detection, serialization roundtrip, audience matching
  • CQI audit score: 8.7/10 (Excellent)
  • Drift audit: new code clean, 0 new loupers

Test plan

  • cargo test — 200 passed, 0 failed
  • cargo clippy — clean
  • Pre-push hooks (fmt, clippy, test, deny, audit, gitleaks) — all passed
  • CQI audit ≥ baseline
  • Drift audit — no new drifts

🤖 Generated with Claude Code

Destynova2 and others added 5 commits April 6, 2026 01:36
@Destynova2 @claude
fix(test): make wizard E2E tests pass locally
57f5acb 
Fix run_test shell function (filter args, set -e arithmetic trap),
use GROB_HOME correctly, foreground start instead of detached mode,
add pass_through for mock provider routing.

All 10 tests pass with a Python mock on :8100.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Destynova2 @claude
fix(test): fix wizard W6 proxy test — use /v1 base_url for vidaimock
65ed195 
grob's OpenAI provider appends /chat/completions to base_url (without
/v1 prefix). VidaiMock expects the full /v1/chat/completions path.
Set base_url to include /v1 to match.

All 10 tests pass with vidaimock in podman container.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Destynova2 @claude
fix(setup,cli,security): overhaul wizard flow and fix audit issues
437f92c 
Refactor setup wizard to collect-then-recap-then-write architecture:
- All choices collected in Choices struct before any disk write
- Recap screen with confirmation before writing config atomically
- Add --yes (accept defaults) and --dry-run (preview) flags
- Detect existing config and offer edit/replace/cancel
- Store API keys as $ENV_VAR references, never raw keys
- Simplify compliance screen from 7 to 5 options (GDPR+EU AI Act merged)
- Read provider list from preset TOML dynamically instead of hardcoded table

Additional fixes from wizard audit:
- Doctor returns meaningful exit codes (0=ok, 1=warnings, 2=errors)
- Web API config update creates backup before writing
- auto_flow.rs stops replacing $ENV_VAR with raw keys in config
- Preset apply supports --dry-run via preview_preset()

Add wizard Gherkin tests (6 scenarios, 21 steps):
- Unattended setup, dry-run, backup, env var refs, doctor, preset dry-run

setup.rs reduced from 800 to 620 lines (-22%).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Destynova2 @claude
chore(docs): remove competitive intel from public docs
84a1ce9 
- Remove strategic positioning phrase from ADR-0006
- Remove broken link to deleted ADR-0007 in policies.md
- ROADMAP.md, ADR-0007, hit-quorum.md moved to private docs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Destynova2 @claude
feat(policies): add decision token type for transparent agent routing
6fd52fc 
Decision tokens are MCP tokens emitted by a boss agent, invisible to
the target agent. Grob reads the "mode" claim (training/live) to route
toward paper or real backends. Includes integrity verification via
SHA-256 hash, audience glob matching, and agent-visible view stripping.

11 unit tests cover routing, invisibility, mode switching, tampering
detection, serialization roundtrip, and audience matching.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Destynova2 Destynova2 merged commit 8905da0 into develop Apr 6, 2026
38 checks passed
@Destynova2 Destynova2 deleted the feat/hit-decision-tokens branch April 6, 2026 10:47
@Destynova2 Destynova2 mentioned this pull request Apr 9, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Destynova2