feat(reporting-governance): add minimal runtime integrated slice
This commit is contained in:
Eve
@@ -11,6 +11,7 @@ Current purpose:
|
||||
- provide a minimal package-level policy evaluator and decision runner skeleton that can be verified in isolation
|
||||
- add one minimal package-owned deployment profile artifact / loader / binding contract slice that is executable in tests
|
||||
- let profile artifacts drive one real orchestrator adapter entrypoint instead of staying test-only
|
||||
- add one minimal runtime-integrated slice wiring contract planning into real orchestrator execution
|
||||
|
||||
## Package skeleton
|
||||
|
||||
@@ -28,6 +29,7 @@ plugins/reporting-governance/
|
||||
policy-evaluator.mjs
|
||||
decision-runner.mjs
|
||||
execute-governance-contract.mjs
|
||||
runtime-integrated.mjs
|
||||
adapters/
|
||||
storage/
|
||||
reference/
|
||||
@@ -92,6 +94,7 @@ What is currently exposed from the root export:
|
||||
- `evaluatePolicies(...)`
|
||||
- `planDecisionExecution(...)`
|
||||
- `executeGovernanceContract(...)`
|
||||
- `executeRuntimeIntegratedGovernance(...)`
|
||||
- package metadata helpers such as `packageName`
|
||||
- package-owned adapter entrypoints and `runWatchdogChain(...)`
|
||||
|
||||
@@ -161,6 +164,7 @@ What this slice does:
|
||||
5. validator rejects `artifact_roots` absolute paths, lexical escapes, and symlink escapes that resolve outside repo realpath boundary
|
||||
6. adapter runtime binding can be instantiated from that contract in tests
|
||||
7. orchestrator adapter can now bootstrap from package profile artifact input directly
|
||||
8. `queueItems` now has two checks: load-time artifact validation and orchestrator use-time realpath recheck before runtime consumption
|
||||
|
||||
What this slice does **not** claim yet:
|
||||
|
||||
@@ -178,6 +182,7 @@ The current package now includes a small but runnable `core/` implementation:
|
||||
- `src/core/policy-evaluator.mjs`
|
||||
- `src/core/decision-runner.mjs`
|
||||
- `src/core/execute-governance-contract.mjs`
|
||||
- `src/core/runtime-integrated.mjs`
|
||||
- `src/core/index.mjs`
|
||||
|
||||
Current package-core responsibilities:
|
||||
@@ -190,6 +195,7 @@ Current package-core responsibilities:
|
||||
- truthfully degrade unsupported enforcement paths based on the capability descriptor
|
||||
- provide one minimal contract path from `capability descriptor -> policy decision -> execution planning`
|
||||
- surface deployment binding metadata when caller passes a validated profile artifact
|
||||
- optionally hand that deployment binding into the orchestrator adapter when caller explicitly supplies runtime execution inputs
|
||||
|
||||
Still **runtime-adapter responsibility** at this stage:
|
||||
|
||||
@@ -209,12 +215,14 @@ This slice now has one small but testable contract path:
|
||||
2. policy evaluator emits a canonical decision from event/evidence/context
|
||||
3. decision runner converts that decision into execution planning
|
||||
4. validated profile artifact can supply deployment binding metadata
|
||||
5. orchestrator adapter can consume profile artifact bindings and run one real runtime layer
|
||||
6. the result declares:
|
||||
5. runtime-integrated helper can take that binding and route it into the orchestrator adapter
|
||||
6. orchestrator adapter consumes the same binding and runs one real runtime layer
|
||||
7. the result declares:
|
||||
- adapter-dispatch actions required
|
||||
- package-core actions possible locally
|
||||
- blocked mandatory actions when capability support is missing
|
||||
- truthful delivery / receipt state
|
||||
- runtime execution result when explicitly requested
|
||||
|
||||
This is intentionally **planning-level end-to-end plus one adapter bootstrap layer**, not full live inline interception.
|
||||
It proves contract alignment without pretending all runtime enforcement is already extracted.
|
||||
|
||||
Reference in New Issue
Block a user