Skip to content

feat(core): populate passive capability baseline#1236

Open
joshuajbouw wants to merge 1 commit into
agent/control-foundationsfrom
agent/capability-registry-baseline
Open

feat(core): populate passive capability baseline#1236
joshuajbouw wants to merge 1 commit into
agent/control-foundationsfrom
agent/capability-registry-baseline

Conversation

@joshuajbouw

Copy link
Copy Markdown
Contributor

Linked Issue

Closes #1235

Refs #1228, #1233, #1234, and astrid-runtime/rfcs#36.

Summary

Populates the passive 51-entry authority migration baseline on top of #1234. Existing authorization, wildcard evaluation, persisted state, socket behavior, and wire contracts remain unchanged.

Changes

  • bind all 51 kernel entries to fixed scope, ordered target kinds, delegability, privileged status, source, and display danger
  • expose the passive baseline manifest
  • freeze all 51 entry digests and the aggregate manifest digest
  • preserve current catalog scope and danger metadata
  • require kernel and admin request mappings to resolve to a registered entry
  • complete kernel and admin request-variant inventories
  • classify every baseline ID as primary, secondary, token-authenticated, dormant, or mapping-only

Verification

  • cargo fmt --all -- --check
  • cargo metadata --locked --no-deps --format-version 1
  • git diff --check
  • canonical encoder verification for all 51 entry vectors and the aggregate manifest digest

Checklist

  • Linked to an issue
  • CHANGELOG.md updated under [Unreleased]
  • No evaluator activation or persisted-state migration

@joshuajbouw joshuajbouw marked this pull request as ready for review July 14, 2026 18:13
Copilot AI review requested due to automatic review settings July 14, 2026 18:13

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Populates Astrid’s passive, content-addressed capability registry with the full 51-entry migration baseline, binding each fixed capability ID to immutable authorization semantics and freezing the canonical entry/manifest digests, while keeping current runtime authorization behavior unchanged.

Changes:

  • Build and expose the 51-entry migration_baseline_registry() with fixed scope, target kinds, delegability, privilege, provenance, and display danger.
  • Add/extend drift tests to ensure every kernel/admin enforcement mapping resolves to a registered baseline entry and that baseline role classifications remain exhaustive/disjoint.
  • Freeze and verify golden entry digests and the aggregate manifest digest; update CHANGELOG.md under [Unreleased].

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
crates/astrid-kernel/src/kernel_router/capability_catalog_tests.rs Updates drift tests to require kernel/admin capability mappings to resolve to a migration-baseline registry entry and adds baseline classification assertions.
crates/astrid-kernel/src/kernel_router/admin/tests.rs Extends admin request-variant inventory in tests to cover newly added admin request variants.
crates/astrid-core/src/capability_registry/tests.rs Adds comprehensive tests ensuring the baseline registry definitions, catalog metadata preservation, and frozen digest vectors are stable and verified.
crates/astrid-core/src/capability_registry.rs Implements the 51-entry migration baseline registry generator, including fixed semantics, display-danger sourcing, and new baseline-definition error variants.
CHANGELOG.md Documents the new passive migration-baseline semantics and digest freezing under [Unreleased].

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants