Agentic-agency runtime topology — compile personas from the OKF graph and activate the reserved BoardWorker over the deterministic spine

0053-agentic-agency-runtime-topology

decision read as Explain confidence verified status active 2026-06-18 owner principal-architect
Reversibility
two-way door

DEC-0053 — Agentic-agency runtime topology

Reversibility: two-way door — on persona-compile internals, dispatch, and the concurrency strategy; the durable commitment is the seam discipline (depend on the BoardWorker interface) and the seven pinned invariants.

Ratifies the architecture mapping One loop, three faces — ship an agentic Digital Experience Agency "in a box" (the Agency) plus an adoption-ladder readout product (the Ladder) over the OKF Company Brain, dogfood-first deliberately left PROPOSED, turning it into a runtime topology over Dossier's already-shipped deterministic spine. This is the topology DEC that decision named as an expected follow-on, and it closes Author the agentic-agency runtime topology DEC + spec (OKF→persona/runbook/team; coordinator/dispatch; per-tenant fleet isolation; Atrium+board+reconcile+MCP composition). status: active, confidence: verified (SCOPED to the implemented core): authored as a ratified DESIGN decision, verified OFFLINE 2026-06-19, and promoted to verified by the principal-architect on 2026-06-20 after the three formerly-reserved seams were proven LIVE — a real, bounded, multi-turn claude session compounded one unit of work through act→emit→cap→reconcile→review with all seven invariants enforced (incl. Inv 4 drain serialization + Inv 5 budget envelope). The promotion is scoped, not whole-blanket: three things are explicitly carried forward as reserved (named in the §Promotion subsection under ## Review, and in the description) — the human-merge→done→git hop is an inherent human act (Inv 3) no run can ever close, intra-tenant parallelism + per-team budget split are scale work, and only the subscription-CLI transport ran live (the @anthropic-ai/claude-agent-sdk transport is wired but not exercised live). DEC-0052 inherits this scoped verified.

Context

One loop, three faces — ship an agentic Digital Experience Agency "in a box" (the Agency) plus an adoption-ladder readout product (the Ladder) over the OKF Company Brain, dogfood-first committed the product bet — an agentic Digital Experience Agency "in a box" grounded in the client's own OKF — and framed its OKF concept → agentic-agency role table as proposed, to be ratified here. The spine the topology rides is shipped and green (verified this session against the real files):

So this decision is activation, not a build: the only new component is the persona compiler.

Options considered

  1. Hand-author personas per client. Rejected: it doesn't use the client's owned graph, so it doesn't compound, and it's the commodity approach DEC-0052's moat thesis explicitly rejects.
  2. A bespoke fleet orchestrator beside the board. Rejected: violates Claude-primitives-first build strategy and re-implements the proven deterministic spine (Agentic "sprint board" architecture — a git-resident OKF task board worked by bounded, hook-governed Agent SDK loops, Runtime orchestration & per-tenant control plane — the learning loop becomes a runnable system).
  3. Chosen — compile personas from the client's own OKF and activate the reserved BoardWorker seam. The client's scraped org chart is the agency's config; activation rides primitives we already ship.

Decision

Ratify the OKF-atoms → agent-fleet topology over the existing spine:

OKF concept Agentic-agency runtime role Binding
role agent persona COMPILED from the graph, not hand-written (compilePersona)
process / workflow agent runbook / skill the documented procedure the agent enacts
capability a team grouping by tag
policy (governed_by) ADVISORY guardrails in the brief guidance, not a hard gate
system (uses) INFORMATIONAL integration context NOT an enforced tool grant (see Invariant 2)
GraphRAG via MCP shared context tenant-scoped retrieval (MCP agentic foundation — tenant-scoped GraphRAG over the OKF KB)
board task dispatched work Agentic "sprint board" architecture — a git-resident OKF task board worked by bounded, hook-governed Agent SDK loops
reconcile() the compounding return The compounding merge — the per-tenant learning loop accumulates by id + confidence instead of overwriting (okf reconcile() + opt-in reconcile in extraction/runtime)

Activate AgentSdkBoardWorker by:

  1. delegating claim() to DefaultBoardWorkerAgentSdkBoardWorker.claim() also throws today (packages/runtime/src/board.ts:702), so this is composition, not "no change"; and
  2. implementing execute() as a bounded Agent SDK session (maxTurns + maxBudgetUsd, both already on BoardOptionsboard.ts:472–473) that emits atoms → reconcile() → writes the added|updated diff → transitions the task to review.

Add one new component: compilePersona(roleId, kb) — the persona compiler. Governance = the review gate + the reconcile() curation guard (packages/okf/src/reconcile.ts:139–143).

Rationale

  • The client's own scraped org chart IS the agency's config. Compiling personas from the owned graph is what makes the fleet compound; hand-authoring them is the commodity path DEC-0052 rejects.
  • The moat is act-and-learn: every action compounds back via reconcile() (The compounding merge — the per-tenant learning loop accumulates by id + confidence instead of overwriting (okf reconcile() + opt-in reconcile in extraction/runtime)) into git-owned memory.
  • This is activation, not a build. The spine — selection / lease / pause / isolation / MCP / reconcile / injectable ClaudeClient — is shipped and green (verified: packages/runtime/src/board.ts, packages/okf/src/reconcile.ts, packages/mcp/src/server/server.ts, packages/runtime/src/auth.ts).
  • Authored asserted; promoted verified (scoped). At authoring time every claim was reasoned over green code with no agentic execute() run end-to-end — design-level conviction, not field evidence. Two build passes then closed the gate's machine-provable portion (offline 2026-06-19, then LIVE 2026-06-20); the principal-architect ratified the scoped promotion 2026-06-20 (see Review §Promotion). The reserved items that a machine cannot prove (the human-merge hop) or that are not yet built (scale, the SDK transport) are carried forward, not papered over.

Consequences — INVARIANTS pinned (non-negotiable)

These seven are the heart of the record; they are the rails the activation MUST stay on.

  1. Confidence cap. Agent-emitted atoms are capped at inferred (at most asserted); verified is human-only. This closes a real escape hatch: reconcile() only guards incomingRank < priorRank (packages/okf/src/reconcile.ts:143), so a machine pass that mislabels its output verified would clobber human-curated atoms. The cap must be enforced at emit time, before reconcile sees the atom.
  2. Single write surface. The executor's only write path is emit-atoms → reconcile() → write the added|updated diff. Out-of-band file writes (non-atom files, config, code) bypass the curation guard and are out of policy. The Agent SDK session's tool allow-list is default-deny, scoped to the confined repo path (confineToTenant, packages/runtime/src/isolation.ts:93), with no arbitrary shell/egress. system/uses stays informational until a system→grantable-tool mapping exists — named future work, not part of this ratification.
  3. The human gate is non-bypassable. An agentic executor may transition a task only to review or blocked; only a human merge moves a task to done. Today this is convention, not type-enforced — this record pins it as an invariant (a follow-on may make it type-enforced).
  4. Intra-tenant concurrency. Cross-tenant isolation is by construction (one MCP server per tenant + confineToTenant); intra-tenant concurrency is NOT — two sessions on one tenant share a git working tree → conflicting PRs / interleaved git add -A. Resolution: serialize drains per tenant NOW (one active drain per tenant via the GitHub Actions concurrency group / a tenant lease), and design toward per-task git worktrees for true intra-tenant parallelism.
  5. Budget — mandatory two-tier envelope. Per-session maxBudgetUsd (exists — packages/runtime/src/board.ts:473) + a per-tenant budget in the dossier.tenant.json manifest ({ monthlyUsd, hardStopUsd, alertAtPct }), enforced via the existing board-pause kill switch (set board_paused when exhausted). Per-team split is deferred.
  6. Persona floor. Refuse to dispatch (escalate to a human) a role whose traversed subgraph is below a minimum. Every DXA template role is status: draft and would compile to a weak, near-empty agent — so the floor is load-bearing from day one.
  7. Real edges only — there is NO owns edge. compilePersona traverses the actual OKF edge vocabulary (packages/okf/src/schema.ts:98–112owner/uses/governed_by/produces/relates_to/supersedes/superseded_by; no owns). Role→process is reverse-encoded: the process carries owner: <roleId> and the role carries the process id in relates_to. MCP expand() is undirected by default (packages/mcp/src/graph/expand.ts:67undirected = options.undirected ?? true), so get_related(roleId) reaches owning processes; then process —uses→ system, —governed_by→ policy, —produces→ artifact. The get_related edgeType enum (packages/mcp/src/server/server.ts:38–49) accepts owner|reports_to|uses|governed_by|produces|stages|decided_by|relates_to|supersedes|superseded_byand crucially NOT owns.

Further consequence: the board and reconcile() gain a second, larger consumer (the fleet), exactly as DEC-0052 anticipated — the same primitives under a bigger load, with no new orchestrator.

Relation to DEC-0052

This DEC ratifies and PROMOTES the proposed architecture mapping in One loop, three faces — ship an agentic Digital Experience Agency "in a box" (the Agency) plus an adoption-ladder readout product (the Ladder) over the OKF Company Brain, dogfood-first (its "Proposed architecture mapping" table) from proposed → ratified. DEC-0052's body is left unchanged (historical record); this is the ratifying sibling it named. DEC-0052's own confidence tracks this DEC's status: it inherits the scoped verified promoted here (the Agency face is now field-proven for the implemented core; scale + the SDK transport remain forward work).

Review

The gate that promotes asserted → verified: Phase-0 implementation landscompilePersona is built, AgentSdkBoardWorker.execute() runs a bounded SDK session against Dossier's own OKF, emits atoms capped at inferred, reconciles them, writes the added|updated diff, and transitions a real task to review for human merge — with all seven invariants demonstrably enforced (the confidence cap, the single write surface, the human-only done, per-tenant drain serialization, the two-tier budget kill switch, the persona floor, and owns-free real-edge traversal). One real unit of work dispatched, executed, human-approved, and compounded back via reconcile() into git history promotes both this record and DEC-0052.

Phase-0 verification (2026-06-19) — IMPLEMENTED & verified OFFLINE; promotion SCOPED, not whole-DEC

Phase-0 was implemented and verified offline this session (FDE build; independently re-run by the log-auditor). The ratified topology now runs as code on the green spine:

  • compilePersona(roleId, kb) is built (packages/runtime/src/persona.ts) and AgentSdkBoardWorker is activated (packages/runtime/src/board.ts): claim() delegates to DefaultBoardWorker (composition); execute() compiles a graph-grounded persona, runs a bounded session (injectable BoundedSession seam — default claudeEmitSession over the offline-mockable ClaudeClient), caps emitted atoms at inferred, reconcile()s, writes the added|updated diff, and transitions the task to review.
  • Proven with +16 offline tests (packages/runtime/test/agentic-worker.test.ts) inside a full green gate — typecheck rc=0, lint 0 errors, 436 tests pass / 1 skipped (re-run by the auditor) — plus an offline dogfood run against the real knowledge/ graph (scripts/agency-phase0-dogfood.mjs, exit 0, re-run by the auditor): one real task dispatched as forward-deployed-engineer → persona compiled from real atoms via real edges (owner, relates_to; no owns — Inv 7) → floor cleared (Inv 6) → session output forced from verified down to inferred (Inv 1) → single write surface emit→reconcile→diff (Inv 2) → task → review, human merge still required for done (Inv 3).
  • Now proven (offline): Inv 1 / 2 / 3 / 6 / 7 + the act-and-learn loop end to end.
  • Still RESERVED (NOT proven — why this stays asserted, not verified):
    • the LIVE multi-turn @anthropic-ai/claude-agent-sdk session (behind the injectable BoundedSession; today's offline wiring runs through ClaudeClient);
    • Inv 4 — per-tenant drain serialization (operational; one active drain per tenant);
    • Inv 5 — the per-tenant budget envelope in the dossier.tenant.json manifest (operational/manifest).

Confidence call (scoped, per the no-overclaim rule): the implemented core is verified offline, but the frontmatter confidence stays asserted so no downstream reader treats the three reserved seams as proven — they are not. The promotion to verified for the whole record is held until a LIVE bounded SDK session compounds one real unit of work through review → human merge → git, with Inv 4 + Inv 5 demonstrably enforced. (DEC-0052 inherits the same scoped status.)

Live-run verification (2026-06-20) — the THREE reserved seams now PROVEN; whole-DEC flip is the architect's gate

The three seams held back as asserted above are now built and proven LIVE (FDE build; owner-authorized, frugal). The reserved boundary moved from "offline wiring" to "runs live":

  • The LIVE multi-turn session is builtpackages/runtime/src/live-session.ts (createLiveSession): a real, bounded, multi-turn agent loop that drops into the EXACT injectable BoundedSession seam on AgentSdkBoardWorker, so the reconcile→review spine (Inv 1/2/3/6/7) is untouched. The transport is itself a swappable seam (LiveTurnRunner): the Claude subscription via the claude CLI (multi-turn through --resume <session_id>, NO ANTHROPIC_API_KEY — the same primitive scripts/log-audit.mjs/ClaudeCodeClient use, keeping auth swappable per the postponed re-metering) or the lazily-imported optional @anthropic-ai/claude-agent-sdk (added to packages/runtime/package.json optionalDependencies ^0.3; from v0.2.113 the SDK spawns the native Claude Code binary, so it shares the subscription auth path). maxTurns bounds the loop; maxBudgetUsd is a HARD per-session cap checked before every turn (Inv 5, tier one). Atom parsing reuses @dossier/okf validate() — never trusted raw.
  • Inv 4 — per-tenant drain serialization is builtpackages/runtime/src/drain-lock.ts: an atomic, lease-based .drain-lock at the tenant subtree root (confined; never an OKF atom). acquireDrainLock/withDrainLock refuse a concurrent drain on the same tenant and self-heal an expired (crashed-drain) lock — the "serialize now" half of DEC-0053 §4 (the GitHub Actions concurrency group is the CI-side equivalent).
  • Inv 5 — the per-tenant budget envelope is builtpackages/runtime/src/budget.ts + the new TenantBudget { monthlyUsd, hardStopUsd, alertAtPct } on the dossier.tenant.json manifest (provision.ts, preserved across re-provision). decideBudget is the pure policy; enforceBudget trips the existing board-pause kill switch (writes the .board-pause sentinel) on the hard stop so the next wake is halted. drainBoardSerialized composes Inv 4 + Inv 5 around drainBoard, accruing each session's reported costUsd.
  • Proven LIVE end-to-endscripts/agency-phase0-live.mjs (re-runnable): a tenant provisioned WITH a budget envelope, one p0 task dispatched as the editor persona (grounded by real edges owner/relates_to/usesno owns), a live multi-turn claude session (haiku, maxTurns=2, maxBudgetUsd=$0.40) that emitted a real term atom → capped to inferred (Inv 1; the model had written its own confidence) → reconcile() (1 added) → task transitioned to review (Inv 3 — left awaiting human merge, NOT auto-merged) → all under the drain lock (Inv 4) with spend accrued against the budget (Inv 5). Real spend ≈ $0.016 for the proven run.
  • Offline-by-construction held — the live session, budget, and lock are all proven OFFLINE with +24 new tests (live-session.test.ts, budget-and-serialization.test.ts) inside a full green gate with NO key: typecheck rc=0, lint 0 errors, 460 tests pass / 2 skipped, kb:check clean. The live smoke test (agentic-live.test.ts) is opt-in only (DOSSIER_LIVE=1) so a plain pnpm test never spends credits and CI stays offline (DEC-0008 §6). The optional @anthropic-ai/claude-agent-sdk is declared but not installed — the lazy import keeps the offline path independent of it.

Confidence call (still scoped — flagged for the principal-architect, NOT unilaterally flipped): the three reserved seams are now proven, AND a live unit of work compounded through review. What remains genuinely reserved: (a) the human merge → done → git step is an INHERENT human act (Inv 3), so no automated run can ever close that last hop by design; (b) scale — true intra-tenant parallelism (per-task git worktrees, DEC-0053 §4) and the per-team budget split (§5) are still future work; (c) the @anthropic-ai/claude-agent-sdk transport adapter is wired + type-safe but only the subscription-CLI transport has been exercised live in this environment. Because the whole-DEC asserted → verified flip is the principal-architect's gate, the frontmatter confidence stays asserted: this subsection is the live evidence proposing the promotion, for the architect to ratify. (DEC-0052 inherits the same scoped status.)

Persona-fidelity caveat surfaced by the dogfood (does NOT block Phase-0): the live knowledge/ tree has 41 KB load errors — including Claude-primitives-first build strategy and Add a Forward Deployed Engineer function (subagent) + the first slash command (/fde) failing on a reversibility enum mismatch — so 11 of 34 reachable targets for the fde role did not resolve to a loaded atom. The persona degrades gracefully (the floor still clears on 23 real atoms), but fidelity is reduced. Tracked by Fix the 41 KB load errors degrading Phase-0 persona grounding (dangling persona-grounding targets) (owner Principal Knowledge-Format Architect); the root-cause schema adjudication is Resolve the decision `reversibility` schema conformance gap / Reconcile the decision reversibility field — free-text prose vs. the @dossier/okf enum.

Promotion (2026-06-20) — principal-architect ratifies a SCOPED asserted → verified

The principal-architect (gate owner per this DEC) independently re-verified the live evidence against the code — not the prose — before flipping the frontmatter. Re-confirmed this session: live-session.ts (real bounded multi-turn loop, budget cap checked before every turn, atoms validated via @dossier/okf validate()), drain-lock.ts (Inv 4, atomic lease + crash self-heal), budget.ts (Inv 5, two-tier, trips the existing board-pause sentinel), the worker's cap→single-write→review/blocked spine (board.tscapConfidence, #reconcileAndWrite, #transition), drainBoardSerialized composing Inv 4 + Inv 5, TenantBudget persisted on the manifest (provision.ts), the ^0.3 optionalDependency, and the on-disk assertions in agency-phase0-live.mjs. The green gate was reproduced: root pnpm test460 pass / 2 gated-skip, pnpm --filter @dossier/runtime typecheck rc=0, lint 0 errors (only inherent no-await-in-loop warnings on sequential turn loops), pnpm kb:check clean. The 2 skips are the opt-in live tests — CI stays offline-by-construction.

Verdict — promote the IMPLEMENTED CORE to verified; carry the reserved items forward explicitly. Frontmatter flipped asserted → verified (scoped). Justification against this DEC's own stated gate: the gate names "one real unit of work dispatched, executed, human-approved, and compounded back via reconcile() into git history." One inherent fact makes the gate as-literally-written unattainable by any automated run: the human-approve / merge→done→git hop is, by Inv 3, a human act — a machine can carry work to review but can never close that last hop. The honest reading of the gate is therefore: the machine-provable portion is everything up to and including review with all seven invariants enforced live — and that portion is now field-proven (act→emit→cap-at-inferred→reconcile→review, under the drain lock and the budget envelope, ≈$0.016 real spend). That earns verified for the implemented core. It does not earn a bare whole-blanket verified, because three things would mislead a downstream reader if folded in silently, so they are named and carried forward, not promoted:

  1. The human-merge → done → git hop is inherent and unautomatable (Inv 3). It is not "unfinished work" — it is the governance design. verified here means the loop is proven up to the human gate, which is exactly where an autonomous loop is supposed to stop.
  2. Scale is not built — true intra-tenant parallelism (per-task git worktrees, §4) and the per-team budget split (§5). What IS proven is serialization (Inv 4) and the two-tier envelope (Inv 5); parallelism and the team split are forward work and remain so. verified does not extend to them.
  3. Only the subscription-CLI transport ran live. The @anthropic-ai/claude-agent-sdk transport is wired, type-safe, lazy, and contract-identical, but not exercised live in this environment. verified covers the CLI transport path; the SDK transport stays asserted-by-wiring until a live run exercises it.

Why scoped-verified, not whole-verified and not staying asserted: staying asserted would now understate reality — the core loop demonstrably runs live with every invariant enforced, which is field evidence, not conviction. A bare whole-verified would overstate it — folding in scale and the SDK transport that have not run. The scoped flip is the only honest call: the confidence field and the description both state the scope, so no reader treats parallelism, the per-team split, or the SDK transport as proven. Reversibility: two-way door — this is a confidence re-grade backed by reproduced evidence, not an architectural commitment; if a later run surfaces a defect in the core loop the grade drops back with the same discipline. Promotion of the carried-forward items is gated on their own future runs (a parallel intra-tenant drain proving worktree isolation; a live SDK-transport run), each of which extends — never silently widens — this verified scope.

Carried-forward seams advanced (2026-06-20) — three reserved items moved, none promoted

A follow-on FDE build advanced three of the items the §Promotion subsection above explicitly carried forward as reserved — none of which the scoped verified covers. This subsection records that incremental build evidence as audit trail; it does not re-grade the frontmatter (the work is mechanism-built / built / adapter-built, not a new whole-DEC promotion). The FDE process crashed (terminal API error) before its own record+route step, so this was reconciled by the log-auditor from ground truth (git diff + read of the new modules + reproduced gates). Gates reproduced green this session: pnpm typecheck rc=0, pnpm lint rc=0 (0 errors), pnpm test 482 pass / 2 gated-skip (484) (460 → 484, +24 for this work), pnpm kb:check clean. The 2 skips remain the opt-in live blocks.

  1. The human-merge → done → git hop now has a built TOOL — the act stays human. §Promotion item 1 named this hop as "inherent and unautomatable (Inv 3) … not unfinished work — it is the governance design." That remains true. What is new is a mechanism the human invokes to perform the act: packages/runtime/src/dispose.ts (new) — approveTask (review → done + a real commit into the tenant repo, carrying the disposition + the work it blesses), rejectTask (review → backlog with a recorded reason), and listReviewQueue. done is reachable ONLY via this human-invoked path — the agentic worker's #transition writes only review/blocked, so Inv 3 is now enforced by construction, not just by convention (the §Consequences Inv 3 anticipated "a follow-on may make it type-enforced" — this is structurally that). A task not in review is refused. Every write is confineToTenant-gated (sovereignty, Extraction runtime architecture — the moat §5); provenance via namespaced approved-by:/approved-on: tags. New CLI subcommands approve/reject/review-queue. BUILT + offline-test-proven (packages/runtime/test/dispose.test.ts, real commit into a temp tenant repo, zero credits). Honest framing: the human-merge mechanism is built; the act is still a human act. This does NOT make the hop "automated" — it gives the human a built, governed tool to close the loop's last hop.

  2. Per-team budget split — BUILT (§5 deferral closed). §Promotion item 2 carried the per-team budget split forward as scale work. packages/runtime/src/budget.ts (+ provision.ts) now apportions the Inv 5 per-tenant envelope across teams. BUILT + test-proven (packages/runtime/test/team-budget.test.ts). This is the apportionment key the worktree-parallelism activation (below) will need to sum accrual across concurrent drains — but the split itself is a clean, proven addition to the existing two-tier envelope, not a topology change.

  3. Per-task git worktrees — MECHANISM built + offline-proven, NOT activated. §Promotion item 2 also carried true intra-tenant parallelism (per-task worktrees, §4) forward. packages/runtime/src/worktree.ts (new) builds the isolation mechanismgit worktree add per task, each on its own branch over the shared .git object store, every path confineToTenant-gated — and proves it offline (packages/runtime/test/worktree.test.ts, real git worktree add in a temp repo). It is NOT activated: drainBoardSerialized still serializes per tenant — Inv 4 holds. Activating parallel intra-tenant drains (relaxing the per-tenant drain lock to a per-task lock) is a genuine one-way-door topology decision the FDE deliberately did NOT make; the module header surfaces it to the Principal Platform Architect. Because the crash killed the route step, the log-auditor filed that decision as Activate parallel intra-tenant drains via per-task git worktrees, or stay serialize-only? (one-way-door topology call) (the module's three open sub-questions captured there). Activation is a flag, not a rewrite — the mechanism is already built and proven.

  4. @anthropic-ai/claude-agent-sdk transport — adapter BUILT + offline-proven, NOT run live. §Promotion item 3 covered only the subscription-CLI transport as live-proven. The runAgentSdkTurn adapter in packages/runtime/src/live-session.ts is now fully fleshed out (one bounded query per turn, multi-turn resume by session_id, default-deny tools per Inv 2, subscription-auth-aware — SDK v0.3.x spawns the native claude binary so no API key is needed) and offline-proven to contract parity behind the lazy import (gated test). It is declared as an optionalDependency (^0.3.183) but NOT installed — the lazy import throws MODULE_NOT_FOUND and surfaces the exact unblock command: pnpm --filter @dossier/runtime add @anthropic-ai/claude-agent-sdk. Honest reserved state: the SDK transport has NOT been exercised live in this environment — only the subscription-CLI transport has. This subsection does not claim otherwise.

Net effect on the frontmatter confidence: unchanged (verified, scoped exactly as the §Promotion subsection states). This is incremental build evidence on three carried-forward seams, not a new whole-DEC promotion: the human-merge act is still human (a tool now exists), worktree parallelism is built-but-not-activated (a topology gate, Activate parallel intra-tenant drains via per-task git worktrees, or stay serialize-only? (one-way-door topology call)), and the SDK transport is adapter-built-but-not-run-live (a dep-install away). Each will extend — never silently widen — the verified scope on its own future event (a human approval through the new tool landing in git; the architect ratifying parallel drains; a live SDK-transport run).

SDK transport now run LIVE (2026-06-20) — the last carried-forward transport reservation closed

The third reserved seam from §Promotion (item 3) and item 4 of the subsection above — only the subscription-CLI transport had run live — is now closed. The @anthropic-ai/claude-agent-sdk transport was exercised LIVE end-to-end and proved parity with the CLI path. This is precisely the "extends on its own future event (a live SDK-transport run)" mechanism the §Promotion pre-authorized — not a new architectural call.

  • Run: node scripts/agency-phase0-live.mjs --transport=sdk — the existing live harness, now transport-swappable via a --transport=sdk|cli flag (default cli). The optional dep resolves from the runtime context (packages/runtime/node_modules/@anthropic-ai/claude-agent-sdk@0.3.183, sdk.mjs ESM); the earlier MODULE_NOT_FOUND was a false negative from resolving at the repo root rather than inside the runtime package, where the lazy import() actually runs.
  • Result (~$0.024, haiku, 1 turn): the live SDK session emitted a real OKF term atom → capped at inferred (Inv 1) → reconcile() (1 added) → task → review (Inv 3, not auto-merged), under Inv 4 (.drain-lock) + Inv 5 (budget envelope, $0.0242 of monthly $1.00). The SAME loop the subscription-CLI path runs — transport parity proven: swapping agentSdkTurnRunner() for cliTurnRunner() changes the transport ONLY; bounding/budget/atom-parsing are shared.
  • Offline-by-construction held WITH the dep installed: pnpm test (no key) → 482 pass / 2 gated-skip, typecheck rc=0, lint 0 errors, kb:check clean. The lazy import keeps the offline path independent of the dep; the gated live test stays opt-in (DOSSIER_LIVE=1).

Net effect on confidence: still verified (scoped), now extended to cover BOTH transports. The ONLY carried-forward reservation that remains is scale (intra-tenant parallelism via per-task worktrees + per-team budget split — Activate parallel intra-tenant drains via per-task git worktrees, or stay serialize-only? (one-way-door topology call)); the human-merge hop's tool is built (the act stays human by design). Reversibility: two-way door — a confidence-scope extension backed by a reproduced live run, not an architectural commitment.