Skip to content

Add cross-agent policy federation#16

Merged
nagasatish007 merged 2 commits into
agentguard-ai:mainfrom
lleonardo-franco:feature/policy-federation
May 26, 2026
Merged

Add cross-agent policy federation#16
nagasatish007 merged 2 commits into
agentguard-ai:mainfrom
lleonardo-franco:feature/policy-federation

Conversation

@lleonardo-franco
Copy link
Copy Markdown
Contributor

@lleonardo-franco lleonardo-franco commented May 24, 2026

Resolves agentguard-ai/tealtiger#123.

Summary:

  • Adds a signed, transport-agnostic PolicyFederation token and child context helper for propagating parent constraints.
  • Merges inherited budget ceilings, tool allowlists, data classification ceilings, and revocations into local TealEngine policy with the most restrictive rule winning.
  • Adds federation-aware evaluation metadata plus unit and integration coverage for budget, tool, revocation, and cross-SDK token compatibility.

Validation:

  • npx tsc --noEmit
  • npm run build:types
  • npm test -- --runTestsByPath src/core/engine/tests/PolicyFederation.test.ts src/core/engine/tests/TealEngine.test.ts src/core/engine/tests/TealEngine.properties.test.ts --runInBand --no-watchman
  • npm test -- --runInBand --no-watchman

Note:

  • The full Jest suite passes; it still prints the existing open-handle warning after reporting success.

@lleonardo-franco lleonardo-franco mentioned this pull request May 24, 2026
Closed
5 tasks
nagasatish007
nagasatish007 requested changes May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@nagasatish007 nagasatish007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @lleonardo-franco — this has merge conflicts with main (from the hot-reload PR #15 that just merged). Could you rebase your branch on main and resolve the conflicts? Both features touch TealEngine.ts in the same areas.

Key merge point: updatePolicies() should use your federation merge + the new applyPolicyReload() from hot-reload. Something like:

public updatePolicies(policies: TealPolicy): void {
const nextPolicies = this.federationConstraints
? PolicyFederation.mergePolicies(policies, this.federationConstraints)
: policies;
const result = this.applyPolicyReload(nextPolicies);
if (!result.success) {
throw new Error(TealEngine: Invalid policy configuration: ${result.error});
}
this.localPolicies = policies;
}
Once rebased and tests pass, this is approved to merge. Thanks!

@lleonardo-franco lleonardo-franco force-pushed the feature/policy-federation branch from 366032c to 652a36f Compare May 25, 2026 14:05
@lleonardo-franco
Copy link
Copy Markdown
Contributor Author

lleonardo-franco commented May 25, 2026

Rebased this branch onto main and integrated policy federation with the newly merged hot-reload path. updatePolicies() and federated constraint updates now run through applyPolicyReload(), so inherited constraints remain enforced while policy versioning and cache invalidation are preserved. I also added coverage for local policy reloads under inherited parent limits.

Validated with:

  • npx tsc --noEmit
  • npm run build:types
  • npm test -- --runTestsByPath src/core/engine/__tests__/PolicyFederation.test.ts src/core/engine/__tests__/PolicyWatcher.test.ts src/core/engine/__tests__/TealEngine.test.ts src/core/engine/__tests__/TealEngine.properties.test.ts --runInBand --no-watchman
  • npm test -- --runInBand --no-watchman

Could you please take another look?

@nagasatish007 nagasatish007 merged commit f97372c into agentguard-ai:main May 26, 2026
0 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nagasatish007 nagasatish007 nagasatish007 requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement cross-agent policy federation for multi-agent systems

2 participants

@lleonardo-franco @nagasatish007