Skip to content

feat: read-only Explore subagent with inherited policy + linked audit chain #54

Description

@arthurpanhku

Why (roadmap: Next)

Complex tasks benefit from parallel read-only exploration. Full autonomous subagents multiply the governance surface, so v1 is deliberately read-only.

Sketch

  • A task-style tool that spawns a child run restricted to read tools (read_file, search_text, list_files, git_*, memory read).
  • Child inherits the parent's resolved policy automatically (never re-resolves wider).
  • Child gets its own audit chain whose run_start carries the parent runId — same linking pattern as the session journal anchor (docs/DURABLE-SESSION.md).
  • Results merge back as a tool result in the parent turn.

Constraints

  • Registry allowlist enforced at the chokepoint, not by prompt.
  • No recursion in v1 (a child cannot spawn children).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is needed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions