keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_roles/git-ops.toml
Parfii-bot dc83cb2117 feat(agent-substrate/phase-2): role matrix — 5 roles + AGENT-ROLES.md 
5 _roles/*.toml per locked §Initial role inventory:

- read-only     → tools::read-only + output::report-format + severity-grade
- explorer      → read-only caps + tools::cargo-only-bash
- edit-local    → no-git-ops + scope::files-{white,deny}list + quality::*
                  + safety::no-dep-bump + output::report-format
- edit-shared   → edit-local caps + relaxed SSoT whitelist (task-time param)
                  + escalation tightened to orchestrator-notify
- git-ops       → spawnable = false, documentation-only

All 11 capability names referenced match phase-1 deliverable path
_capabilities/<cat>/<slug>/ (cross-ref verified before commit).

docs/AGENT-ROLES.md (223 LOC) — human-readable matrix: per-role sections
+ cross-role capability matrix + explicit non-spawnable-git-ops block.

Drift note for orchestrator integration review: edit-local/edit-shared
use inline bash-patterns-allowed = ['^cargo( |$)', '^mkdir( |$)',
'^rm -rf /tmp/'] instead of composing with tools::cargo-only-bash
capability (extra patterns not in that atom). Agent footnoted —
resolution deferred to post-integration (either parameterize the cap
or introduce tools::cargo-plus-basic-bash variant).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 02:35:52 +08:00

20 lines
934 B
TOML
Raw Blame History

[role]
name = "git-ops"
display-name = "git operator (orchestrator-only, NOT spawnable)"
description = "Documented boundary of git authority. Per RULE 0.13, only the orchestrator (main session) holds git power: branch creation, commit, push, merge, rebase, reset, tag. This role is documented for completeness and is refused by kei-agent-runtime at spawn time."
spawnable = false
[capabilities]
# No capability restrictions declared here — this role is never composed into
# a prompt. The sole consumer is `kei-agent-runtime spawn`, which checks
# `spawnable = false` and refuses the invocation with a pointer to RULE 0.13.
required = []
[tools]
# Documented as "everything"; not enforced because role is non-spawnable.
allowed = ["Read", "Write", "Edit", "Glob", "Grep", "Bash", "WebFetch"]
bash-patterns-allowed = ['.*']
[escalation]
# Not reachable at runtime — orchestrator owns this context directly.
policy = "fail-fast"
Reference in a new issue View git blame Copy permalink