Skip to content

fix(core): wire ShadowMemory into agent loop#4443

Merged
bug-ops merged 4 commits into
mainfrom
4439-shadow-memory-agent-loop
May 18, 2026
Merged

fix(core): wire ShadowMemory into agent loop#4443
bug-ops merged 4 commits into
mainfrom
4439-shadow-memory-agent-loop

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented May 18, 2026

Summary

  • Add shadow_memory: Option<ShadowMemory> field to SecurityState
  • Add with_shadow_memory_config builder method in AgentBuilder; wire into agent_setup.rs
  • Add record_shadow_event in tier_loop.rs: called after each tool batch, emits SecurityEventCategory::GoalDrift when drift.should_alert is true
  • 6 regression tests covering builder config, noop path, event recording, and GoalDrift emission

Closes #4439

Notes

  • FR-002 (pre-action probe) deferred to v2; current wiring fires post-batch (FR-001, FR-003, FR-004 met)
  • deviation_score hardcoded to 0.0; FR-007 coherence rating deferred (TODO comment left in code)

Test plan

  • cargo nextest run --workspace --lib --bins — 1491 tests in zeph-core pass
  • cargo clippy --workspace -- -D warnings — clean
  • cargo +nightly fmt --check — clean

@github-actions github-actions Bot added bug Something isn't working size/L Large PR (201-500 lines) documentation Improvements or additions to documentation rust Rust code changes core zeph-core crate and removed size/L Large PR (201-500 lines) labels May 18, 2026
@bug-ops bug-ops enabled auto-merge (squash) May 18, 2026 21:54
@bug-ops bug-ops force-pushed the 4439-shadow-memory-agent-loop branch from cbe09e0 to 0eb1333 Compare May 18, 2026 21:54
@github-actions github-actions Bot added the size/L Large PR (201-500 lines) label May 18, 2026
bug-ops added 4 commits May 19, 2026 00:02
@bug-ops
fix(core): wire ShadowMemory into agent loop (#4439)
09224bb 
Add `shadow_memory: Option<ShadowMemory>` to `SecurityState`. The field
is instantiated from `security.causal_ipi.shadow_memory` config at startup
via a new `with_shadow_memory_config` builder method, independently of
whether causal IPI itself is enabled.

After every tool batch, `process_tool_result_batch` calls
`record_shadow_event` which appends a `ShadowEvent` (turn index, tool
names, max permission class, goal summary from the causal pre-probe) and
checks `goal_drift_score()`. When `should_alert = true` a WARN log is
emitted and a `GoalDrift` security event is pushed to the metrics sink.

Spec 010-7 FR-001–FR-004 are now met.
@bug-ops
test(core): add shadow_memory_tests module for ShadowMemory wiring
e69cacd 
Three builder-level tests verify that with_shadow_memory_config correctly
leaves the field as None when disabled and sets it to Some when enabled,
and that the memory starts empty after construction.
@bug-ops
style(core): apply nightly fmt to shadow memory tests
1bc4614
@bug-ops
fix(core): fix clippy lints in shadow memory tests
c41248d
@bug-ops bug-ops force-pushed the 4439-shadow-memory-agent-loop branch from 00995a0 to c41248d Compare May 18, 2026 22:02
@bug-ops bug-ops merged commit 99a2002 into main May 18, 2026
32 checks passed
@bug-ops bug-ops deleted the 4439-shadow-memory-agent-loop branch May 18, 2026 22:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working core zeph-core crate documentation Improvements or additions to documentation rust Rust code changes size/L Large PR (201-500 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ShadowMemory never instantiated in agent loop — spec FR-001 through FR-004 inactive

1 participant

@bug-ops