84319efcb6
Layer E + G. Role TOML gains extends/relaxes for parent-role composition; agent spawn gets self-describing DNA identity alongside UUID. Role expression: - _roles/*.toml gain optional `extends = "<parent>"` + `relaxes = [...]` - compose.rs + verify.rs delegate to new role::resolve_role() with recursive extends-chain resolution + cycle detection - explorer.toml: 28→18 LOC (extends read-only) - edit-shared.toml: 31→23 LOC (extends edit-local, relaxes scope::files-whitelist for task-param override) DNA identity: - new dna.rs (159 LOC) — compose/render/parse round-trip - AgentInvocation carries dna field (prepare.rs) - Format: <role>::<caps-bitmap>::<sha4-scope>::<sha4-body>-<hex4-nonce> - ≤ 80 chars total, greppable, parseable - 11 capability codes in CAP_CODES table: NG, FW, FD, CP, CG, TG, ND, RF, SG, DT, BA kei-ledger schema v2: - ADD COLUMN dna TEXT + prefix index - `kei-ledger fork --dna <string>` optional flag - AgentRow.dna: Option<String> - Backward compat: schema migration detects + applies on open Docs: AGENT-SUBSTRATE-SCHEMA.md Layer E + Layer G sections + CAP_CODES table. New deps: sha2 (workspace), rand 0.8. Tests: kei-agent-runtime 50 (was 41, +9: 4 role + 5 DNA), kei-ledger 10 (was 9, +1 DNA roundtrip). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
18 lines
596 B
TOML
18 lines
596 B
TOML
[role]
|
|
name = "explorer"
|
|
display-name = "explorer + cargo-check (read-only analyst with build probe)"
|
|
description = "Read-only analyst that may run cargo-family commands for build/test introspection. No edits, no git, no non-cargo shell."
|
|
spawnable = true
|
|
claude-subagent-type = "Explore"
|
|
|
|
[capabilities]
|
|
# Layer E — inherits read-only capability set, adds bash-allowlist for cargo probing.
|
|
extends = "read-only"
|
|
required = ["tools::bash-allowlist"]
|
|
|
|
[tools]
|
|
allowed = ["Read", "Glob", "Grep", "WebFetch", "Bash"]
|
|
bash-patterns-allowed = ['^cargo( |$)']
|
|
|
|
[escalation]
|
|
policy = "ask-via-return"
|