{ "agent": { "command": [ "agent", "run", "--repo", "/workspace/repo" ], "id": "agent:coding-agent", "image": "ghcr.io/acme/coding-agent@sha256:REPLACE_WITH_DIGEST", "kind": "llm_agent", "supply_chain": { "image_digest_required": true, "sbom_required": true, "signed_image_required": true }, "workdir": "/workspace" }, "assertions": { "impossible": [ "agent_has_github_token", "agent_can_reach_github_api_directly", "agent_can_read_ssh_keys", "github_merge_without_receipt" ], "negative_tests": [ { "attempt": "curl https://api.github.com", "expect": "network_denied", "name": "direct_github_api_blocked" }, { "attempt": "cat ~/.ssh/id_rsa", "expect": "file_denied", "name": "ssh_key_unreadable" } ] }, "authority": { "capabilities": [ { "effects": [ "github.propose_pr" ], "id": "cap:github-propose-pr", "principal": "agent:coding-agent", "resources": [ "repo:acme/app" ], "ttl": "10m" }, { "effects": [ "github.merge_pr" ], "id": "cap:github-merge-pr", "principal": "agent:coding-agent", "requires": { "approval": "human:repo-owner", "liveness": "passkey" }, "resources": [ "repo:acme/app:branch:main" ], "single_use": true, "ttl": "2m" } ], "delegations": [ { "expires_after": "8h", "from": "human:repo-owner", "id": "delegation:repo-maintenance", "mandate": "mandate:repo-maintenance", "may_delegate": false, "to": "agent:coding-agent" } ], "mandates": [ { "id": "mandate:repo-maintenance", "issued_by": "human:repo-owner", "issued_to": "agent:coding-agent", "purpose": "Prepare pull requests and request approved merges.", "revocable": true, "valid_for": "8h" } ], "principals": [ { "id": "human:repo-owner", "identity": "passkey_or_oidc", "kind": "human" }, { "attestation": "required", "credential": "short_lived", "id": "agent:coding-agent", "identity": "cryptographic", "kind": "agent" } ] }, "compile": { "targets": [ "capsulang", "docker", "seatbelt", "doorkeeper", "telemetry", "negative_tests" ] }, "contractHash": "b14596035946578ef02c46411edff8a1d8fa9ffdcd9a1fe51fa2c3490c46f82f", "edl": 0.1, "enclosure": { "backend_preference": [ "docker", "seatbelt" ], "fail_closed": true, "filesystem": { "deny": [ "~/.ssh", "~/.git-credentials", "~/.config/gh", "/var/run/docker.sock" ], "mounts": [ { "access": "read_write", "guest": "/workspace/repo", "host": "./repo" } ], "root": "read_only", "workdir": { "access": "read_write", "path": "/workspace" } }, "id": "enc:github-coding-agent", "mode": "enforce", "network": { "allow": [ { "id": "doorkeeper", "ports": [ 443 ], "url": "https://doorkeeper.internal" } ], "default": "deny", "deny": [ "github.com", "api.github.com", "ssh.github.com" ] }, "process": { "cpu": 2, "disallow": [ "docker", "gh auth", "ssh-add" ], "drop_linux_capabilities": "all", "memory": "4Gi", "no_new_privileges": true, "pids_max": 256, "seccomp": "default_or_stricter", "timeout": "30m", "user": "non_root" }, "secrets": { "allowed_runtime_tokens": [ { "audience": "doorkeeper", "ttl": "5m" } ], "ambient": "deny", "host_keychain": "deny", "mount_tokens": "deny", "ssh_agent": "deny" } }, "gates": [ { "actions": [ { "decision": "allow", "effect": "github.propose_pr", "parameters": { "require_schema": "schemas/github.propose_pr.json" } }, { "decision": "escalate", "effect": "github.merge_pr", "postcondition": { "verify": "merged_by == \"github-app:wauth-doorkeeper\"", "webhook": "github.pull_request.closed" }, "requires_capability": "cap:github-merge-pr", "requires_receipt": true }, { "decision": "deny", "effect": "github.force_push" } ], "credential_custody": "server_side_only", "endpoint": "https://doorkeeper.internal/mcp", "id": "gate:github", "kind": "mcp_doorkeeper", "target": "github" } ], "kind": "capsulang.enclosure_ir", "memory": { "default": "isolated", "stores": [ { "hash_validation": "on_read", "id": "mem:session", "isolation": "per_session", "source_attribution": "required", "ttl": "24h" }, { "id": "mem:repo-summary", "isolation": "per_repo", "promote_to_fact_requires": "review", "ttl": "7d" } ] }, "name": "github-coding-agent", "policies": [ { "default": "deny", "id": "policy:github", "rules": [ { "decision": "allow", "when": "effect == \"github.propose_pr\" and resource.repo == \"acme/app\"" }, { "decision": "escalate", "require": [ "approval", "liveness", "single_use_capability" ], "when": "effect == \"github.merge_pr\" and resource.branch == \"main\"" }, { "decision": "deny", "when": "effect in [\"github.force_push\", \"github.disable_branch_protection\"]" } ] } ], "receipts": { "action_bound": true, "postcondition_required_for": [ "github.merge_pr" ], "single_use_for_high_risk": true }, "reconciliation": [ { "events": [ "push", "pull_request.closed" ], "id": "recon:github-merge", "match_receipt": { "event": "github_action_executed", "fields": [ "repo", "branch", "commit_sha", "actor" ] }, "on_missing_receipt": "violation", "on_non_gate_actor": "violation", "source": "github.webhook" } ], "schemaVersion": 1, "sourceSha256": "feb77211fc6570d01befd5ccd65268afbe21a2632560db52435ae633b2f756dc", "symbols": { "capabilities": { "cap:github-merge-pr": "CapGithubMergePr", "cap:github-propose-pr": "CapGithubProposePr" }, "delegations": { "delegation:repo-maintenance": "DelegationRepoMaintenance" }, "gates": { "gate:github": "GateGithub" }, "mandates": { "mandate:repo-maintenance": "MandateRepoMaintenance" }, "memory": { "mem:repo-summary": "MemRepoSummary", "mem:session": "MemSession" }, "policies": { "policy:github": "PolicyGithub" }, "principals": { "agent:coding-agent": "AgentCodingAgent", "human:repo-owner": "HumanRepoOwner" } }, "telemetry": { "export": [ "ledger", "siem" ], "include": [ "trace_id", "agent_id", "principal_id", "mandate_id", "delegation_id", "capability_jti", "enclosure_id", "enclosure_profile_digest", "action_hash", "policy_id", "gate_id" ], "must_emit": [ "invocation.start", "invocation.end", "enclosure.attested", "policy.evaluated", "capability.issued", "effect.intent", "effect.denied", "effect.escalated", "effect.executed", "receipt.emitted" ], "required": true, "tamper_evident": true, "trace": "opentelemetry" }, "version": "0.1.0" }