Docs: initial draft delegation invariants (Confirm/Stop-Takeover/Receipts)

[wicky-AntX]

Docs-only PR (no code changes).

Summary

• Problem: Delegated execution makes Confirm / Stop(Takeover) / Receipts cross-ecosystem invariants; without a thin waist, ecosystems drift to semantic divergence or core creep (runtime bloat).
• Why it matters: Helps keep OpenClaw agent-light while scaling as shared infrastructure; improves governance consistency without pulling more policy/adapters into core.
• What changed: Added a docs-only initial draft spec describing minimal delegation invariants + stable hook points.
• What did NOT change (scope boundary): No runtime behavior changes, no security logic changes, no integrations changed.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Related: [Feature]: Keep OpenClaw “agent-light” via a minimal delegation-invariants layer (Confirm / Stop / Receipts + hooks) #48629

User-visible / Behavior Changes

None (docs-only).

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

If any Yes, explain risk + mitigation: N/A (docs-only)

Repro + Verification

Environment

• OS: N/A (docs-only)
• Runtime/container: N/A
• Model/provider: N/A
• Integration/channel (if any): N/A
• Relevant config (redacted): N/A

Steps

N/A (docs-only)

Expected

N/A

Actual

N/A

Evidence (attach at least one)

• Docs-only: docs/delegation-invariants.md (no behavior changes).

Human Verification (required)

• What you personally verified: Doc renders correctly in GitHub preview; headings/links look correct.
• Verified scenarios: N/A (docs-only)
• Edge cases checked: N/A
• What you did not verify: No runtime/security behavior verified (docs-only).

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No

If yes, exact upgrade steps: N/A

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: Revert this PR (docs-only).
• Files/config to restore: docs/delegation-invariants.md
• Known bad symptoms reviewers should watch for: N/A

Risks and Mitigations

• Risk: Misinterpretation as an implementation commitment.
  • Mitigation: Document is explicitly labeled “initial draft for discussion”; no code changes included.

[greptile-apps]

Greptile Summary

This docs-only PR adds docs/delegation-invariants.md, an initial draft spec describing minimal "thin waist" invariants for delegated execution (Confirm, Stop/Takeover, Receipts) to keep OpenClaw agent-light as shared infrastructure. No runtime or security changes are included.

Two issues need to be resolved before this can merge:

• Unclosed code fence (docs/delegation-invariants.md, line 47): The ```json block that opens the Confirm example JSON is never closed with a matching ```. This breaks Markdown rendering in GitHub preview and Mintlify — everything after the opening fence is treated as raw code.
• Incomplete spec body (docs/delegation-invariants.md, lines 28–55): The document title, PR description, and introductory section all promise three invariant primitives (Confirm, Stop/Takeover, Receipts), but only the Confirm section is present. The Stop(Takeover) and Receipts sections — including their required fields and minimal JSON examples — are entirely absent. Without them, reviewers have no basis for evaluating the completeness of the proposed thin-waist contract.

Confidence Score: 2/5

• Not ready to merge: the document is structurally incomplete and has a rendering-breaking syntax error.
• The PR is docs-only with no runtime risk, but the document itself has two blocking problems: an unclosed Markdown code fence that breaks rendering, and two of the three promised invariant sections (Stop/Takeover and Receipts) are missing entirely. As written, the spec cannot fulfill its stated goal of defining all three thin-waist primitives.
• docs/delegation-invariants.md — unclosed code fence and missing Stop/Takeover + Receipts sections.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: docs/delegation-invariants.md
Line: 47-55

Comment:
**Unclosed JSON code fence**

The code block opened with ` ```json ` on line 47 is never closed — there is no closing ` ``` ` before the file ends. This causes the Markdown renderer (and Mintlify) to treat everything after the opening fence as raw code, breaking the document's visual formatting.

Add a closing fence after the closing `}`:

```suggestion
**Example (minimal JSON):**
```json
{
  "type": "confirm",
  "scope": "purchase",
  "limits": { "max_amount_usd": 200, "merchant_allowlist": ["United Airlines"] },
  "ttl_seconds": 900,
  "revocable": true,
  "risk_level": "high"
}
```
```

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: docs/delegation-invariants.md
Line: 28-55

Comment:
**Stop(Takeover) and Receipts sections are missing**

The PR title, description, and the document's own header all promise three invariant primitives — **Confirm**, **Stop/Takeover**, and **Receipts** — but the file ends after the Confirm section. The `### 2) STOP/TAKEOVER` and `### 3) RECEIPTS` sections (with their MUST/SHOULD fields and minimal JSON examples) are completely absent.

Shipping an explicitly incomplete spec risks reviewers or downstream contributors treating the Confirm-only content as the finalized "thin waist", leaving Stop/Takeover halt semantics and Receipt accountability fields undefined. Please add the two missing sections (or, if intentional, call them out clearly as `TODO` stubs so readers know they are forthcoming).

How can I resolve this? If you propose a fix, please make it concise.

_{Last reviewed commit: "Create delegation-in..."}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 105dc4d926

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Complete the Stop/Takeover and Receipt sections

If this draft is meant to define the three primitives named in the title and in the “three primitives” claim above, the file currently stops immediately after the first CONFIRM example, with no STOP/TAKEOVER or RECEIPT sections at all. That leaves the spec internally inconsistent and makes it unclear whether those two invariants were intentionally omitted or accidentally dropped from the commit.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 326918d508

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 754f5de5e8

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Record who granted each confirm

If this invariant is used outside a single-user session, the CONFIRM schema never records who granted the authority. A later RECEIPT can point to confirm_id, but auditors and policy hooks still cannot tell whether the approval came from the end user, an admin, or another delegate without falling back to runtime-specific session state. That undermines the document's goal of making execution authority portable across runtimes, so the minimal fields need a grantor/principal reference.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5184475aff

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Provide a conforming CONFIRM example

The current draft never shows a CONFIRM payload that actually satisfies the required field list: the first JSON block is truncated after capabilities, and the follow-on block omits the required confirm_id and timestamp. Anyone copying the advertised “minimal JSON” example will produce confirms that cannot be correlated to receipts or anchored to a TTL start time.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Keep scope structured in the CONFIRM example

Above this example, scope is defined as an object containing at least workflow_id, plus optional step_ids/targets/capabilities. Here it becomes the bare string "purchase", which creates two incompatible wire shapes for the same field and drops the workflow/step binding the rest of the spec relies on.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Use one canonical type value for CONFIRM

This example uses "type": "confirm", while the earlier block and the other primitives use uppercase names (CONFIRM, STOP, RECEIPT). If runtimes dispatch on literal event-type strings, the doc now defines two non-interoperable values for the same primitive and readers copying this block will serialize a different protocol variant.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 062c75783c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9bce050c8b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cb62f06097

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[wicky-AntX]

@steipete @vincentkoc @obviyus @gumadeiras

CI failure is unrelated to this docs-only change.
The workflow fails during pnpm install because it tries to git clone git@github.com:tloncorp/api-beta.git, and forks don’t have SSH access to that private dependency.
Could a maintainer please rerun CI from an internal branch (or advise the preferred way to validate docs-only PRs)? Happy to adjust anything on the docs side.

[openclaw-barnacle]

Please don’t spam-ping multiple maintainers at once. Be patient, or join our community Discord for help: https://discord.gg/clawd

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2a617a34d8

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[wicky-AntX]

Checks are green now ✅
This is still a docs-only initial draft for discussion.
If maintainers are open to it, I’d love feedback on:
1. Where should a “delegation invariants” draft live (docs/ vs. RFC folder vs. wiki)?
2. Is it better to iterate via PR comments, or move to an issue/RFC thread once there’s alignment?
Happy to revise based on maintainers’ preferred process.

If there’s interest, I can help coordinate a short, time-boxed discussion thread to collect input on the minimal fields + hook points.

[wicky-AntX]

I added a hard TL;DR + Chromebook analogy + cloud fast-path rationale in the issue: #48629