Agentic-agency runtime topology — compile personas from the OKF graph and activate the reserved BoardWorker over the deterministic spine
0053-agentic-agency-runtime-topology
- Reversibility
- two-way door
DEC-0053 — Agentic-agency runtime topology
Reversibility: two-way door — on persona-compile internals, dispatch, and the concurrency strategy; the durable commitment is the seam discipline (depend on the BoardWorker interface) and the seven pinned invariants.
Ratifies the architecture mapping One loop, three faces — ship an agentic Digital Experience Agency "in a box" (the Agency) plus an adoption-ladder readout product (the Ladder) over the OKF Company Brain, dogfood-first deliberately left PROPOSED, turning it into a runtime topology over Dossier's already-shipped deterministic spine. This is the topology DEC that decision named as an expected follow-on, and it closes Author the agentic-agency runtime topology DEC + spec (OKF→persona/runbook/team; coordinator/dispatch; per-tenant fleet isolation; Atrium+board+reconcile+MCP composition). status: active, confidence: verified (SCOPED to the implemented core): authored as a ratified DESIGN decision, verified OFFLINE 2026-06-19, and promoted to verified by the principal-architect on 2026-06-20 after the three formerly-reserved seams were proven LIVE — a real, bounded, multi-turn claude session compounded one unit of work through act→emit→cap→reconcile→review with all seven invariants enforced (incl. Inv 4 drain serialization + Inv 5 budget envelope). The promotion is scoped, not whole-blanket: three things are explicitly carried forward as reserved (named in the §Promotion subsection under ## Review, and in the description) — the human-merge→done→git hop is an inherent human act (Inv 3) no run can ever close, intra-tenant parallelism + per-team budget split are scale work, and only the subscription-CLI transport ran live (the @anthropic-ai/claude-agent-sdk transport is wired but not exercised live). DEC-0052 inherits this scoped verified.
Context
One loop, three faces — ship an agentic Digital Experience Agency "in a box" (the Agency) plus an adoption-ladder readout product (the Ladder) over the OKF Company Brain, dogfood-first committed the product bet — an agentic Digital Experience Agency "in a box" grounded in the client's own OKF — and framed its OKF concept → agentic-agency role table as proposed, to be ratified here. The spine the topology rides is shipped and green (verified this session against the real files):
- the agentic board work-ledger + the reserved
BoardWorkerseam —packages/runtime/src/board.ts; - the curation membrane —
packages/okf/src/reconcile.ts; - tenant-scoped explainable GraphRAG —
packages/mcp/src/server/server.ts(MCP agentic foundation — tenant-scoped GraphRAG over the OKF KB); - the per-tenant control plane + injectable runtime seam —
packages/runtime/src/auth.ts,packages/runtime/src/isolation.ts(Runtime orchestration & per-tenant control plane — the learning loop becomes a runnable system).
So this decision is activation, not a build: the only new component is the persona compiler.
Options considered
- Hand-author personas per client. Rejected: it doesn't use the client's owned graph, so it doesn't compound, and it's the commodity approach DEC-0052's moat thesis explicitly rejects.
- A bespoke fleet orchestrator beside the board. Rejected: violates Claude-primitives-first build strategy and re-implements the proven deterministic spine (Agentic "sprint board" architecture — a git-resident OKF task board worked by bounded, hook-governed Agent SDK loops, Runtime orchestration & per-tenant control plane — the learning loop becomes a runnable system).
- Chosen — compile personas from the client's own OKF and activate the reserved
BoardWorkerseam. The client's scraped org chart is the agency's config; activation rides primitives we already ship.
Decision
Ratify the OKF-atoms → agent-fleet topology over the existing spine:
| OKF concept | Agentic-agency runtime role | Binding |
|---|---|---|
role |
agent persona | COMPILED from the graph, not hand-written (compilePersona) |
process / workflow |
agent runbook / skill | the documented procedure the agent enacts |
capability |
a team | grouping by tag |
policy (governed_by) |
ADVISORY guardrails in the brief | guidance, not a hard gate |
system (uses) |
INFORMATIONAL integration context | NOT an enforced tool grant (see Invariant 2) |
| GraphRAG via MCP | shared context | tenant-scoped retrieval (MCP agentic foundation — tenant-scoped GraphRAG over the OKF KB) |
board task |
dispatched work | Agentic "sprint board" architecture — a git-resident OKF task board worked by bounded, hook-governed Agent SDK loops |
reconcile() |
the compounding return | The compounding merge — the per-tenant learning loop accumulates by id + confidence instead of overwriting (okf reconcile() + opt-in reconcile in extraction/runtime) |
Activate AgentSdkBoardWorker by:
- delegating
claim()toDefaultBoardWorker—AgentSdkBoardWorker.claim()also throws today (packages/runtime/src/board.ts:702), so this is composition, not "no change"; and - implementing
execute()as a bounded Agent SDK session (maxTurns+maxBudgetUsd, both already onBoardOptions—board.ts:472–473) that emits atoms →reconcile()→ writes theadded|updateddiff → transitions the task toreview.
Add one new component: compilePersona(roleId, kb) — the persona compiler. Governance = the review gate + the reconcile() curation guard (packages/okf/src/reconcile.ts:139–143).
Rationale
- The client's own scraped org chart IS the agency's config. Compiling personas from the owned graph is what makes the fleet compound; hand-authoring them is the commodity path DEC-0052 rejects.
- The moat is act-and-learn: every action compounds back via
reconcile()(The compounding merge — the per-tenant learning loop accumulates by id + confidence instead of overwriting (okf reconcile() + opt-in reconcile in extraction/runtime)) into git-owned memory. - This is activation, not a build. The spine — selection / lease / pause / isolation / MCP / reconcile / injectable
ClaudeClient— is shipped and green (verified:packages/runtime/src/board.ts,packages/okf/src/reconcile.ts,packages/mcp/src/server/server.ts,packages/runtime/src/auth.ts). - Authored
asserted; promotedverified(scoped). At authoring time every claim was reasoned over green code with no agenticexecute()run end-to-end — design-level conviction, not field evidence. Two build passes then closed the gate's machine-provable portion (offline 2026-06-19, then LIVE 2026-06-20); the principal-architect ratified the scoped promotion 2026-06-20 (see Review §Promotion). The reserved items that a machine cannot prove (the human-merge hop) or that are not yet built (scale, the SDK transport) are carried forward, not papered over.
Consequences — INVARIANTS pinned (non-negotiable)
These seven are the heart of the record; they are the rails the activation MUST stay on.
- Confidence cap. Agent-emitted atoms are capped at
inferred(at mostasserted);verifiedis human-only. This closes a real escape hatch:reconcile()only guardsincomingRank < priorRank(packages/okf/src/reconcile.ts:143), so a machine pass that mislabels its outputverifiedwould clobber human-curated atoms. The cap must be enforced at emit time, before reconcile sees the atom. - Single write surface. The executor's only write path is emit-atoms →
reconcile()→ write theadded|updateddiff. Out-of-band file writes (non-atom files, config, code) bypass the curation guard and are out of policy. The Agent SDK session's tool allow-list is default-deny, scoped to the confined repo path (confineToTenant,packages/runtime/src/isolation.ts:93), with no arbitrary shell/egress.system/usesstays informational until asystem→grantable-tool mapping exists — named future work, not part of this ratification. - The human gate is non-bypassable. An agentic executor may transition a task only to
revieworblocked; only a human merge moves a task todone. Today this is convention, not type-enforced — this record pins it as an invariant (a follow-on may make it type-enforced). - Intra-tenant concurrency. Cross-tenant isolation is by construction (one MCP server per tenant +
confineToTenant); intra-tenant concurrency is NOT — two sessions on one tenant share a git working tree → conflicting PRs / interleavedgit add -A. Resolution: serialize drains per tenant NOW (one active drain per tenant via the GitHub Actions concurrency group / a tenant lease), and design toward per-task git worktrees for true intra-tenant parallelism. - Budget — mandatory two-tier envelope. Per-session
maxBudgetUsd(exists —packages/runtime/src/board.ts:473) + a per-tenant budget in thedossier.tenant.jsonmanifest ({ monthlyUsd, hardStopUsd, alertAtPct }), enforced via the existing board-pause kill switch (setboard_pausedwhen exhausted). Per-team split is deferred. - Persona floor. Refuse to dispatch (escalate to a human) a role whose traversed subgraph is below a minimum. Every DXA template role is
status: draftand would compile to a weak, near-empty agent — so the floor is load-bearing from day one. - Real edges only — there is NO
ownsedge.compilePersonatraverses the actual OKF edge vocabulary (packages/okf/src/schema.ts:98–112—owner/uses/governed_by/produces/relates_to/supersedes/superseded_by; noowns). Role→process is reverse-encoded: theprocesscarriesowner: <roleId>and therolecarries the process id inrelates_to. MCPexpand()is undirected by default (packages/mcp/src/graph/expand.ts:67—undirected = options.undirected ?? true), soget_related(roleId)reaches owning processes; thenprocess —uses→ system,—governed_by→ policy,—produces→ artifact. Theget_relatededgeTypeenum (packages/mcp/src/server/server.ts:38–49) acceptsowner|reports_to|uses|governed_by|produces|stages|decided_by|relates_to|supersedes|superseded_by— and crucially NOTowns.
Further consequence: the board and reconcile() gain a second, larger consumer (the fleet), exactly as DEC-0052 anticipated — the same primitives under a bigger load, with no new orchestrator.
Relation to DEC-0052
This DEC ratifies and PROMOTES the proposed architecture mapping in One loop, three faces — ship an agentic Digital Experience Agency "in a box" (the Agency) plus an adoption-ladder readout product (the Ladder) over the OKF Company Brain, dogfood-first (its "Proposed architecture mapping" table) from proposed → ratified. DEC-0052's body is left unchanged (historical record); this is the ratifying sibling it named. DEC-0052's own confidence tracks this DEC's status: it inherits the scoped verified promoted here (the Agency face is now field-proven for the implemented core; scale + the SDK transport remain forward work).
Review
The gate that promotes asserted → verified: Phase-0 implementation lands — compilePersona is built, AgentSdkBoardWorker.execute() runs a bounded SDK session against Dossier's own OKF, emits atoms capped at inferred, reconciles them, writes the added|updated diff, and transitions a real task to review for human merge — with all seven invariants demonstrably enforced (the confidence cap, the single write surface, the human-only done, per-tenant drain serialization, the two-tier budget kill switch, the persona floor, and owns-free real-edge traversal). One real unit of work dispatched, executed, human-approved, and compounded back via reconcile() into git history promotes both this record and DEC-0052.
Phase-0 verification (2026-06-19) — IMPLEMENTED & verified OFFLINE; promotion SCOPED, not whole-DEC
Phase-0 was implemented and verified offline this session (FDE build; independently re-run by the log-auditor). The ratified topology now runs as code on the green spine:
compilePersona(roleId, kb)is built (packages/runtime/src/persona.ts) andAgentSdkBoardWorkeris activated (packages/runtime/src/board.ts):claim()delegates toDefaultBoardWorker(composition);execute()compiles a graph-grounded persona, runs a bounded session (injectableBoundedSessionseam — defaultclaudeEmitSessionover the offline-mockableClaudeClient), caps emitted atoms atinferred,reconcile()s, writes theadded|updateddiff, and transitions the task toreview.- Proven with +16 offline tests (
packages/runtime/test/agentic-worker.test.ts) inside a full green gate — typecheck rc=0, lint 0 errors, 436 tests pass / 1 skipped (re-run by the auditor) — plus an offline dogfood run against the realknowledge/graph (scripts/agency-phase0-dogfood.mjs, exit 0, re-run by the auditor): one real task dispatched asforward-deployed-engineer→ persona compiled from real atoms via real edges (owner,relates_to; noowns— Inv 7) → floor cleared (Inv 6) → session output forced fromverifieddown toinferred(Inv 1) → single write surface emit→reconcile→diff (Inv 2) → task →review, human merge still required fordone(Inv 3). - Now proven (offline): Inv 1 / 2 / 3 / 6 / 7 + the act-and-learn loop end to end.
- Still RESERVED (NOT proven — why this stays
asserted, notverified):- the LIVE multi-turn
@anthropic-ai/claude-agent-sdksession (behind the injectableBoundedSession; today's offline wiring runs throughClaudeClient); - Inv 4 — per-tenant drain serialization (operational; one active drain per tenant);
- Inv 5 — the per-tenant budget envelope in the
dossier.tenant.jsonmanifest (operational/manifest).
- the LIVE multi-turn
Confidence call (scoped, per the no-overclaim rule): the implemented core is verified offline, but the frontmatter confidence stays asserted so no downstream reader treats the three reserved seams as proven — they are not. The promotion to verified for the whole record is held until a LIVE bounded SDK session compounds one real unit of work through review → human merge → git, with Inv 4 + Inv 5 demonstrably enforced. (DEC-0052 inherits the same scoped status.)
Live-run verification (2026-06-20) — the THREE reserved seams now PROVEN; whole-DEC flip is the architect's gate
The three seams held back as asserted above are now built and proven LIVE (FDE build; owner-authorized, frugal). The reserved boundary moved from "offline wiring" to "runs live":
- The LIVE multi-turn session is built —
packages/runtime/src/live-session.ts(createLiveSession): a real, bounded, multi-turn agent loop that drops into the EXACT injectableBoundedSessionseam onAgentSdkBoardWorker, so the reconcile→review spine (Inv 1/2/3/6/7) is untouched. The transport is itself a swappable seam (LiveTurnRunner): the Claude subscription via theclaudeCLI (multi-turn through--resume <session_id>, NOANTHROPIC_API_KEY— the same primitivescripts/log-audit.mjs/ClaudeCodeClientuse, keeping auth swappable per the postponed re-metering) or the lazily-imported optional@anthropic-ai/claude-agent-sdk(added topackages/runtime/package.jsonoptionalDependencies^0.3; from v0.2.113 the SDK spawns the native Claude Code binary, so it shares the subscription auth path).maxTurnsbounds the loop;maxBudgetUsdis a HARD per-session cap checked before every turn (Inv 5, tier one). Atom parsing reuses@dossier/okfvalidate()— never trusted raw. - Inv 4 — per-tenant drain serialization is built —
packages/runtime/src/drain-lock.ts: an atomic, lease-based.drain-lockat the tenant subtree root (confined; never an OKF atom).acquireDrainLock/withDrainLockrefuse a concurrent drain on the same tenant and self-heal an expired (crashed-drain) lock — the "serialize now" half of DEC-0053 §4 (the GitHub Actions concurrency group is the CI-side equivalent). - Inv 5 — the per-tenant budget envelope is built —
packages/runtime/src/budget.ts+ the newTenantBudget{ monthlyUsd, hardStopUsd, alertAtPct }on thedossier.tenant.jsonmanifest (provision.ts, preserved across re-provision).decideBudgetis the pure policy;enforceBudgettrips the existing board-pause kill switch (writes the.board-pausesentinel) on the hard stop so the next wake is halted.drainBoardSerializedcomposes Inv 4 + Inv 5 arounddrainBoard, accruing each session's reportedcostUsd. - Proven LIVE end-to-end —
scripts/agency-phase0-live.mjs(re-runnable): a tenant provisioned WITH a budget envelope, onep0task dispatched as theeditorpersona (grounded by real edgesowner/relates_to/uses— noowns), a live multi-turnclaudesession (haiku,maxTurns=2,maxBudgetUsd=$0.40) that emitted a realtermatom → capped toinferred(Inv 1; the model had written its ownconfidence) →reconcile()(1 added) → task transitioned toreview(Inv 3 — left awaiting human merge, NOT auto-merged) → all under the drain lock (Inv 4) with spend accrued against the budget (Inv 5). Real spend ≈ $0.016 for the proven run. - Offline-by-construction held — the live session, budget, and lock are all proven OFFLINE with +24 new tests (
live-session.test.ts,budget-and-serialization.test.ts) inside a full green gate with NO key: typecheck rc=0, lint 0 errors, 460 tests pass / 2 skipped,kb:checkclean. The live smoke test (agentic-live.test.ts) is opt-in only (DOSSIER_LIVE=1) so a plainpnpm testnever spends credits and CI stays offline (DEC-0008 §6). The optional@anthropic-ai/claude-agent-sdkis declared but not installed — the lazy import keeps the offline path independent of it.
Confidence call (still scoped — flagged for the principal-architect, NOT unilaterally flipped): the three reserved seams are now proven, AND a live unit of work compounded through review. What remains genuinely reserved: (a) the human merge → done → git step is an INHERENT human act (Inv 3), so no automated run can ever close that last hop by design; (b) scale — true intra-tenant parallelism (per-task git worktrees, DEC-0053 §4) and the per-team budget split (§5) are still future work; (c) the @anthropic-ai/claude-agent-sdk transport adapter is wired + type-safe but only the subscription-CLI transport has been exercised live in this environment. Because the whole-DEC asserted → verified flip is the principal-architect's gate, the frontmatter confidence stays asserted: this subsection is the live evidence proposing the promotion, for the architect to ratify. (DEC-0052 inherits the same scoped status.)
Persona-fidelity caveat surfaced by the dogfood (does NOT block Phase-0): the live
knowledge/tree has 41 KB load errors — including Claude-primitives-first build strategy and Add a Forward Deployed Engineer function (subagent) + the first slash command (/fde) failing on areversibilityenum mismatch — so 11 of 34 reachable targets for thefderole did not resolve to a loaded atom. The persona degrades gracefully (the floor still clears on 23 real atoms), but fidelity is reduced. Tracked by Fix the 41 KB load errors degrading Phase-0 persona grounding (dangling persona-grounding targets) (owner Principal Knowledge-Format Architect); the root-cause schema adjudication is Resolve the decision `reversibility` schema conformance gap / Reconcile the decision reversibility field — free-text prose vs. the @dossier/okf enum.
Promotion (2026-06-20) — principal-architect ratifies a SCOPED asserted → verified
The principal-architect (gate owner per this DEC) independently re-verified the live evidence against the code — not the prose — before flipping the frontmatter. Re-confirmed this session: live-session.ts (real bounded multi-turn loop, budget cap checked before every turn, atoms validated via @dossier/okf validate()), drain-lock.ts (Inv 4, atomic lease + crash self-heal), budget.ts (Inv 5, two-tier, trips the existing board-pause sentinel), the worker's cap→single-write→review/blocked spine (board.ts — capConfidence, #reconcileAndWrite, #transition), drainBoardSerialized composing Inv 4 + Inv 5, TenantBudget persisted on the manifest (provision.ts), the ^0.3 optionalDependency, and the on-disk assertions in agency-phase0-live.mjs. The green gate was reproduced: root pnpm test → 460 pass / 2 gated-skip, pnpm --filter @dossier/runtime typecheck rc=0, lint 0 errors (only inherent no-await-in-loop warnings on sequential turn loops), pnpm kb:check clean. The 2 skips are the opt-in live tests — CI stays offline-by-construction.
Verdict — promote the IMPLEMENTED CORE to verified; carry the reserved items forward explicitly. Frontmatter flipped asserted → verified (scoped). Justification against this DEC's own stated gate: the gate names "one real unit of work dispatched, executed, human-approved, and compounded back via reconcile() into git history." One inherent fact makes the gate as-literally-written unattainable by any automated run: the human-approve / merge→done→git hop is, by Inv 3, a human act — a machine can carry work to review but can never close that last hop. The honest reading of the gate is therefore: the machine-provable portion is everything up to and including review with all seven invariants enforced live — and that portion is now field-proven (act→emit→cap-at-inferred→reconcile→review, under the drain lock and the budget envelope, ≈$0.016 real spend). That earns verified for the implemented core. It does not earn a bare whole-blanket verified, because three things would mislead a downstream reader if folded in silently, so they are named and carried forward, not promoted:
- The human-merge →
done→ git hop is inherent and unautomatable (Inv 3). It is not "unfinished work" — it is the governance design.verifiedhere means the loop is proven up to the human gate, which is exactly where an autonomous loop is supposed to stop. - Scale is not built — true intra-tenant parallelism (per-task git worktrees, §4) and the per-team budget split (§5). What IS proven is serialization (Inv 4) and the two-tier envelope (Inv 5); parallelism and the team split are forward work and remain so.
verifieddoes not extend to them. - Only the subscription-CLI transport ran live. The
@anthropic-ai/claude-agent-sdktransport is wired, type-safe, lazy, and contract-identical, but not exercised live in this environment.verifiedcovers the CLI transport path; the SDK transport stays asserted-by-wiring until a live run exercises it.
Why scoped-verified, not whole-verified and not staying asserted: staying asserted would now understate reality — the core loop demonstrably runs live with every invariant enforced, which is field evidence, not conviction. A bare whole-verified would overstate it — folding in scale and the SDK transport that have not run. The scoped flip is the only honest call: the confidence field and the description both state the scope, so no reader treats parallelism, the per-team split, or the SDK transport as proven. Reversibility: two-way door — this is a confidence re-grade backed by reproduced evidence, not an architectural commitment; if a later run surfaces a defect in the core loop the grade drops back with the same discipline. Promotion of the carried-forward items is gated on their own future runs (a parallel intra-tenant drain proving worktree isolation; a live SDK-transport run), each of which extends — never silently widens — this verified scope.
Carried-forward seams advanced (2026-06-20) — three reserved items moved, none promoted
A follow-on FDE build advanced three of the items the §Promotion subsection above explicitly carried forward as reserved — none of which the scoped verified covers. This subsection records that incremental build evidence as audit trail; it does not re-grade the frontmatter (the work is mechanism-built / built / adapter-built, not a new whole-DEC promotion). The FDE process crashed (terminal API error) before its own record+route step, so this was reconciled by the log-auditor from ground truth (git diff + read of the new modules + reproduced gates). Gates reproduced green this session: pnpm typecheck rc=0, pnpm lint rc=0 (0 errors), pnpm test 482 pass / 2 gated-skip (484) (460 → 484, +24 for this work), pnpm kb:check clean. The 2 skips remain the opt-in live blocks.
The human-merge →
done→ git hop now has a built TOOL — the act stays human. §Promotion item 1 named this hop as "inherent and unautomatable (Inv 3) … not unfinished work — it is the governance design." That remains true. What is new is a mechanism the human invokes to perform the act:packages/runtime/src/dispose.ts(new) —approveTask(review →done+ a real commit into the tenant repo, carrying the disposition + the work it blesses),rejectTask(review →backlogwith a recorded reason), andlistReviewQueue.doneis reachable ONLY via this human-invoked path — the agentic worker's#transitionwrites onlyreview/blocked, so Inv 3 is now enforced by construction, not just by convention (the §Consequences Inv 3 anticipated "a follow-on may make it type-enforced" — this is structurally that). A task not inreviewis refused. Every write isconfineToTenant-gated (sovereignty, Extraction runtime architecture — the moat §5); provenance via namespacedapproved-by:/approved-on:tags. New CLI subcommandsapprove/reject/review-queue. BUILT + offline-test-proven (packages/runtime/test/dispose.test.ts, real commit into a temp tenant repo, zero credits). Honest framing: the human-merge mechanism is built; the act is still a human act. This does NOT make the hop "automated" — it gives the human a built, governed tool to close the loop's last hop.Per-team budget split — BUILT (§5 deferral closed). §Promotion item 2 carried the per-team budget split forward as scale work.
packages/runtime/src/budget.ts(+provision.ts) now apportions the Inv 5 per-tenant envelope across teams. BUILT + test-proven (packages/runtime/test/team-budget.test.ts). This is the apportionment key the worktree-parallelism activation (below) will need to sum accrual across concurrent drains — but the split itself is a clean, proven addition to the existing two-tier envelope, not a topology change.Per-task git worktrees — MECHANISM built + offline-proven, NOT activated. §Promotion item 2 also carried true intra-tenant parallelism (per-task worktrees, §4) forward.
packages/runtime/src/worktree.ts(new) builds the isolation mechanism —git worktree addper task, each on its own branch over the shared.gitobject store, every pathconfineToTenant-gated — and proves it offline (packages/runtime/test/worktree.test.ts, realgit worktree addin a temp repo). It is NOT activated:drainBoardSerializedstill serializes per tenant — Inv 4 holds. Activating parallel intra-tenant drains (relaxing the per-tenant drain lock to a per-task lock) is a genuine one-way-door topology decision the FDE deliberately did NOT make; the module header surfaces it to the Principal Platform Architect. Because the crash killed the route step, the log-auditor filed that decision as Activate parallel intra-tenant drains via per-task git worktrees, or stay serialize-only? (one-way-door topology call) (the module's three open sub-questions captured there). Activation is a flag, not a rewrite — the mechanism is already built and proven.@anthropic-ai/claude-agent-sdktransport — adapter BUILT + offline-proven, NOT run live. §Promotion item 3 covered only the subscription-CLI transport as live-proven. TherunAgentSdkTurnadapter inpackages/runtime/src/live-session.tsis now fully fleshed out (one boundedqueryper turn, multi-turn resume bysession_id, default-deny tools per Inv 2, subscription-auth-aware — SDK v0.3.x spawns the nativeclaudebinary so no API key is needed) and offline-proven to contract parity behind the lazy import (gated test). It is declared as anoptionalDependency(^0.3.183) but NOT installed — the lazyimportthrowsMODULE_NOT_FOUNDand surfaces the exact unblock command:pnpm --filter @dossier/runtime add @anthropic-ai/claude-agent-sdk. Honest reserved state: the SDK transport has NOT been exercised live in this environment — only the subscription-CLI transport has. This subsection does not claim otherwise.
Net effect on the frontmatter confidence: unchanged (verified, scoped exactly as the §Promotion subsection states). This is incremental build evidence on three carried-forward seams, not a new whole-DEC promotion: the human-merge act is still human (a tool now exists), worktree parallelism is built-but-not-activated (a topology gate, Activate parallel intra-tenant drains via per-task git worktrees, or stay serialize-only? (one-way-door topology call)), and the SDK transport is adapter-built-but-not-run-live (a dep-install away). Each will extend — never silently widen — the verified scope on its own future event (a human approval through the new tool landing in git; the architect ratifying parallel drains; a live SDK-transport run).
SDK transport now run LIVE (2026-06-20) — the last carried-forward transport reservation closed
The third reserved seam from §Promotion (item 3) and item 4 of the subsection above — only the subscription-CLI transport had run live — is now closed. The @anthropic-ai/claude-agent-sdk transport was exercised LIVE end-to-end and proved parity with the CLI path. This is precisely the "extends on its own future event (a live SDK-transport run)" mechanism the §Promotion pre-authorized — not a new architectural call.
- Run:
node scripts/agency-phase0-live.mjs --transport=sdk— the existing live harness, now transport-swappable via a--transport=sdk|cliflag (defaultcli). The optional dep resolves from the runtime context (packages/runtime/node_modules/@anthropic-ai/claude-agent-sdk@0.3.183,sdk.mjsESM); the earlierMODULE_NOT_FOUNDwas a false negative from resolving at the repo root rather than inside the runtime package, where the lazyimport()actually runs. - Result (~$0.024, haiku, 1 turn): the live SDK session emitted a real OKF
termatom → capped atinferred(Inv 1) →reconcile()(1 added) → task →review(Inv 3, not auto-merged), under Inv 4 (.drain-lock) + Inv 5 (budget envelope, $0.0242 of monthly $1.00). The SAME loop the subscription-CLI path runs — transport parity proven: swappingagentSdkTurnRunner()forcliTurnRunner()changes the transport ONLY; bounding/budget/atom-parsing are shared. - Offline-by-construction held WITH the dep installed:
pnpm test(no key) → 482 pass / 2 gated-skip, typecheck rc=0, lint 0 errors,kb:checkclean. The lazy import keeps the offline path independent of the dep; the gated live test stays opt-in (DOSSIER_LIVE=1).
Net effect on confidence: still verified (scoped), now extended to cover BOTH transports. The ONLY carried-forward reservation that remains is scale (intra-tenant parallelism via per-task worktrees + per-team budget split — Activate parallel intra-tenant drains via per-task git worktrees, or stay serialize-only? (one-way-door topology call)); the human-merge hop's tool is built (the act stays human by design). Reversibility: two-way door — a confidence-scope extension backed by a reproduced live run, not an architectural commitment.