Skip to content

feat: harden operator-controlled agent commands#1985

Open
mhseo93 wants to merge 1 commit intomultica-ai:mainfrom
mhseo93:mhs-18-agent-command-policy-hardening
Open

feat: harden operator-controlled agent commands#1985
mhseo93 wants to merge 1 commit intomultica-ai:mainfrom
mhseo93:mhs-18-agent-command-policy-hardening

Conversation

@mhseo93
Copy link
Copy Markdown

@mhseo93 mhseo93 commented May 1, 2026

Summary

MHS-18 hardens operator-controlled Multica agent behavior with server-side policy enforcement and daemon prompt alignment.

This is a dev/local hardening patch only. It does not activate production runtime changes.

Changes

  • Add internal/agentpolicy for parsing agent.runtime_config.multica_policy.
  • Deny operator-controlled agent-originated issue creation.
  • Deny operator-controlled agent status and assignee updates before mutation.
  • Deny batch status/assignee updates before mutation.
  • Deny agent-authored comments containing mention://agent/ before comment creation/enqueue.
  • Deny synthesized task-completion fallback comments that would contain agent mentions.
  • Carry agent runtime_config through claim response → daemon task → execenv.
  • Update daemon assignment/comment-trigger instructions so operator-controlled agents are not told to change lifecycle/handoff state.
  • Add focused policy and runtime-config regression tests.

Validation

PASS go test ./internal/agentpolicy ./internal/daemon/execenv ./internal/handler ./internal/service -count=1
PASS git diff --check

Additional local validation performed before commit:

PASS go test ./internal/handler -run '^TestResolveActor$' -count=1 -v
PASS go test ./internal/handler -run 'TestAgentCommandPolicy' -count=1 -v

Safety / rollout boundary

prod deploy: 0
runtime activation/update: 0
daemon restart/stop: 0
Cloud agent rerun: 0

Production rollout should be handled by a separate activation gate.

Related

feat: harden operator-controlled agent commands
ca430c5 
MHS-18 adds server-side policy enforcement for operator-controlled agents, daemon prompt alignment, and regression tests for issue create/update, batch update, agent mentions, fallback comments, and actor resolution.
@vercel
Copy link
Copy Markdown

vercel Bot commented May 1, 2026

Someone is attempting to deploy a commit to the IndexLabs Team on Vercel.

A member of the Team first needs to authorize it.

@mhseo93
Copy link
Copy Markdown
Author

mhseo93 commented May 1, 2026

Hi! Could someone review this PR when available?

Summary:

  • Adds server-side hard blocks for operator-controlled agent commands.
  • Prevents operator-controlled agents from creating issues, changing status/assignee, or mentioning other agents.
  • Adds focused tests for the policy behavior.
  • Backend/frontend CI are passing.

This is dev/local hardening only. No prod/runtime change is included.

Context issue: MHS-18

@mhseo93 mhseo93 mentioned this pull request May 1, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mhseo93