Skip to content

PENDING_DECISIONS.md

Latest commit

Β 

History

History
73 lines (52 loc) Β· 3.4 KB

PENDING_DECISIONS.md

File metadata and controls

73 lines (52 loc) Β· 3.4 KB

Pending Design Decisions β€” Phase 3-4 (v1.5.0)

Status: IMPLEMENTATION IN PROGRESS Updated: 2026-04-11

Phase 1-2 (v1.4.0): COMPLETED AND RELEASED

All decisions resolved, released as v1.4.0.

Phase 3-4 Decisions (to confirm after implementation)

Decision 7: Policy DSL Syntax

AgentSpec-style runtime constraint DSL. What syntax?

Option Pros Cons
A) YAML-based rules with predicates (Recommended) Consistent with existing policy.yaml, zero learning curve Less expressive than custom DSL
B) Custom DSL (Python-like syntax) Most expressive, AgentSpec paper uses this Parser complexity, new syntax to learn

Current plan: A (YAML-based, extends existing format with triggers/predicates/enforcement actions)

Decision 8: Cryptographic Signing for Audit Logs

Option Pros Cons
A) HMAC-SHA256 with hash chain (Recommended) stdlib only (hmac module), simple key management Shared secret β€” key compromise = forge all logs
B) Ed25519 asymmetric signatures Strongest guarantees, no shared secret Requires cryptography package (optional dep)

Current plan: A (HMAC-SHA256, stdlib only). Ed25519 as optional upgrade path.

Decision 9: Cross-Session Storage Backend

Option Pros Cons
A) JSON files (Recommended) Zero dependencies, consistent with project philosophy Slower queries on large datasets
B) SQLite Built into Python stdlib, better querying File locking issues on some platforms

Current plan: A (JSON files). SQLite as optional optimization.

Decision 10: Supply Chain Hash Pinning β€” Default Mode

Option Pros Cons
A) Opt-in (warn only by default) (Recommended) Low adoption friction Tools can change without notice if user doesn't enable
B) Mandatory (block unverified tools) Maximum security Breaks if tool definitions update legitimately

Current plan: A (opt-in with warnings)

Implementation Status β€” Phase 3-4

Module Status Agent
spec_lang/parser.py βœ… Done (YAML + fallback, Trigger/Predicate/Enforcement) Phase 3a agent
spec_lang/evaluator.py βœ… Done (RuleEvaluator, custom predicates) Phase 3a agent
spec_lang/stdlib.py + defaults.py βœ… Done (9 built-in predicates, 7 default rules) Phase 3a agent
audit/signed_log.py βœ… Done (HMAC-SHA256, auto key gen) Phase 3b agent
audit/chain.py βœ… Done (SHA-256 hash chain) Phase 3b agent
audit/verify.py βœ… Done (4 checks: sig/chain/seq/time) Phase 3b agent
supply_chain/hash_pin.py βœ… Done (SHA-256 pinning, thread-safe) Phase 4a agent
supply_chain/sbom.py βœ… Done (CycloneDX 1.5, 20 package prefixes) Phase 4a agent
supply_chain/verify.py βœ… Done (known vuln DB: litellm, ultralytics) Phase 4a agent
cross_session/store.py βœ… Done (JSON file-based, path traversal safe) Phase 4b agent
cross_session/correlator.py βœ… Done (4 correlation checks, z-score outlier) Phase 4b agent
cross_session/sleeper.py βœ… Done (3 detection methods, E2E test) Phase 4b agent
Integration + Tests ⏳ After agents complete β€”
Codex Deep Review ⏳ After integration tests pass β€”
Fix review findings ⏳ After Codex review β€”
CHANGELOG + Release ⏳ After review fixes β€”