Mandate issuance + kernel escalation gate. The A2A enabler — and the only planned cross-repo change of the project (R10).
Verification (research.md, A6): confirmed — the orchestrator exposes no plugin pre-dispatch hook (turnHooks.ts has only post-hoc points), and harness-verifier is the precedent: its wrapper is kernel-side because "the Orchestrator class is ~1k LOC and not yet plugin-extractable" (actual file 3,691 LOC). A gate must therefore be a kernel PR.
Scope — proof repo (proof.identity@1)
Scope — kernel PR (byte5ai/omadia, area/kernel)
Note (R11): whether a kernel-side custody service is additionally needed (a second kernel PR) is decided by the Stage-A key-scale check. Clarify before this issue.
Done
Mandate issued/verified · over-threshold action pauses → human approve → resumes · kernel hook is generic.
ANP backflow
approve + mandate VC schema (with epic #11).
Blocked by: #6 (identity human), Stage A R11.
Refs: plan.md §4, §5.1, §5.2, R10.
Mandate issuance + kernel escalation gate. The A2A enabler — and the only planned cross-repo change of the project (R10).
Scope — proof repo (
proof.identity@1)issueMandate(principal, agent, constraints)→ mandate VCcheckAuthority(agentDid, action, value)— ANP §5.3 rules (scope, max_value, aggregate, allowed_counterparties, escalation_threshold)Scope — kernel PR (
byte5ai/omadia, area/kernel)≥ escalation_thresholduntil a humanapproveexists (the same ADR-0005 guarantee, triggered by mandate instead of write type).harness-verifierprecedent (A6 ✅).Done
Mandate issued/verified · over-threshold action pauses → human
approve→ resumes · kernel hook is generic.ANP backflow
approve+ mandate VC schema (with epic #11).Blocked by: #6 (identity human), Stage A R11.
Refs: plan.md §4, §5.1, §5.2, R10.