Agentic AI Atlasby a5c.ai
/
GitHubDocsDiscord
iiRecord
Agentic AI Atlas · GAP-SEC-001: Governance Policy Layer
page:docs-harness-features-backlog-gaps-security-gap-sec-001a5c.ai
II.
Page overview

page:docs-harness-features-backlog-gaps-security-gap-sec-001

Reference · live

GAP-SEC-001: Governance Policy Layer overview

Inspect the raw attributes, linked wiki pages, and inbound or outbound graph edges for page:docs-harness-features-backlog-gaps-security-gap-sec-001.

PageOutgoing · 0Incoming · 1

Attributes

nodeKind
Page
sourcePath
docs/harness-features-backlog/gaps/security/GAP-SEC-001.md
sourceKind
repo-docs
title
GAP-SEC-001: Governance Policy Layer
displayName
GAP-SEC-001: Governance Policy Layer
slug
docs/harness-features-backlog/gaps/security/gap-sec-001
articlePath
wiki/docs/harness-features-backlog/gaps/security/GAP-SEC-001.md
article
# GAP-SEC-001: Governance Policy Layer | Field | Value | |-------|-------| | Category | security | | Priority | Critical | | Effort | L | | Status | Missing | ## Description Centralized policy engine for evaluating security rules at effect dispatch and task execution. Unified policy model replacing fragmented policy across breakpoint rules, env vars, and advisory hints. ## Current State Security policy fragmented: breakpoint rules in ~/.a5c/breakpoint-approvals/rules.json, advisory execution.permissions in task definitions, env var limits (BABYSITTER_MAX_ITERATIONS, BABYSITTER_HOOK_TIMEOUT). No unified evaluation point. ## Target State PolicyEngine evaluates declarative rules at effect dispatch and task execution. Policy types: rate-limit, permission, resource-limit, trust-level. Policy decisions persisted for audit trail. Existing breakpoint rules integrated as policy source. ## Dependencies - None (foundation gap) ## Key Files | Component | Path | |-----------|------| | Breakpoint types | `packages/sdk/src/breakpoints/types.ts` | | Breakpoint evaluator | `packages/sdk/src/breakpoints/evaluator.ts` | | Config module | `packages/sdk/src/config/` | | Process context | `packages/sdk/src/runtime/processContext.ts` | ## Recommendation Phase 1 implementation. Create packages/sdk/src/governance/ module. Define PolicyRule type with evaluation logic. Evaluate at effect dispatch in processContext.ts. Log decisions to structured JSONL.
documents
[]

Outgoing edges

None.

Incoming edges

contains_page1