feat(device-actuation): capability-scoped agent actuation boundary for device orchestration

Makefile

@@ -1,6 +1,6 @@
-.PHONY: validate test validate-agent-cycle-health validate-authority-dependency-evidence validate-prometheus-sr validate-reasoning-failure-traces validate-governance-context validate-lattice-data-governai-execution-refs validate-lattice-runtime-profile-refs validate-network-native-assistant-evidence validate-guardrail-evidence-artifacts validate-stop-gate-evaluator validate-guarded-workcell-artifact validate-guarded-workcell-executor validate-guarded-invocation-artifact validate-guarded-invocation validate-agentic-pr-work-order validate-semantic-enterprise-agent-boundary validate-ops-history-contracts validate-action-contracts validate-agent-operation-contract validate-superconscious-reasoning-import validate-agent-harness-runtime-contracts validate-bounded-action-loop agentplane-evidence-receipt-composition-tier2-binding-ci lawful-learning-phase9-contract-ci validate-evidence-receipt-binding validate-semantic-activation-receipt validate-governed-run-contract validate-preflight-receipt validate-attempt-admission-receipt validate-verification-execution-receipt validate-synthetic-verification-receipt validate-governed-runner-v0-2-contract-chain validate-budget-settlement-receipt validate-rollback-receipts validate-run-dossier validate-governed-runner-readonly validate-workroom-context-evidence validate-wallguard-collaboration-admission validate-prophet-mesh-agentplane-adapter
+.PHONY: validate test validate-agent-cycle-health validate-authority-dependency-evidence validate-prometheus-sr validate-reasoning-failure-traces validate-governance-context validate-lattice-data-governai-execution-refs validate-lattice-runtime-profile-refs validate-network-native-assistant-evidence validate-guardrail-evidence-artifacts validate-stop-gate-evaluator validate-guarded-workcell-artifact validate-guarded-workcell-executor validate-guarded-invocation-artifact validate-guarded-invocation validate-agentic-pr-work-order validate-semantic-enterprise-agent-boundary validate-ops-history-contracts validate-action-contracts validate-agent-operation-contract validate-superconscious-reasoning-import validate-agent-harness-runtime-contracts validate-bounded-action-loop agentplane-evidence-receipt-composition-tier2-binding-ci lawful-learning-phase9-contract-ci validate-evidence-receipt-binding validate-semantic-activation-receipt validate-governed-run-contract validate-preflight-receipt validate-attempt-admission-receipt validate-verification-execution-receipt validate-synthetic-verification-receipt validate-governed-runner-v0-2-contract-chain validate-budget-settlement-receipt validate-rollback-receipts validate-run-dossier validate-governed-runner-readonly validate-workroom-context-evidence validate-wallguard-collaboration-admission validate-prophet-mesh-agentplane-adapter validate-civic-stack-runtime-evidence validate-conversational-evidence validate-concept-to-artifact-lineage validate-model-routing-lane-receipts validate-shir-governed-chain-job validate-device-actuation-boundary
 
-validate: validate-agent-cycle-health validate-authority-dependency-evidence validate-prometheus-sr validate-reasoning-failure-traces validate-governance-context validate-lattice-data-governai-execution-refs validate-lattice-runtime-profile-refs validate-network-native-assistant-evidence validate-guardrail-evidence-artifacts validate-stop-gate-evaluator validate-guarded-workcell-artifact validate-guarded-workcell-executor validate-guarded-invocation-artifact validate-guarded-invocation validate-agentic-pr-work-order validate-semantic-enterprise-agent-boundary validate-ops-history-contracts validate-action-contracts validate-agent-operation-contract validate-superconscious-reasoning-import validate-agent-harness-runtime-contracts validate-bounded-action-loop agentplane-evidence-receipt-composition-tier2-binding-ci lawful-learning-phase9-contract-ci validate-evidence-receipt-binding validate-semantic-activation-receipt validate-governed-run-contract validate-preflight-receipt validate-attempt-admission-receipt validate-verification-execution-receipt validate-synthetic-verification-receipt validate-governed-runner-v0-2-contract-chain validate-budget-settlement-receipt validate-rollback-receipts validate-run-dossier validate-governed-runner-readonly validate-workroom-context-evidence validate-wallguard-collaboration-admission validate-prophet-mesh-agentplane-adapter
+validate: validate-agent-cycle-health validate-authority-dependency-evidence validate-prometheus-sr validate-reasoning-failure-traces validate-governance-context validate-lattice-data-governai-execution-refs validate-lattice-runtime-profile-refs validate-network-native-assistant-evidence validate-guardrail-evidence-artifacts validate-stop-gate-evaluator validate-guarded-workcell-artifact validate-guarded-workcell-executor validate-guarded-invocation-artifact validate-guarded-invocation validate-agentic-pr-work-order validate-semantic-enterprise-agent-boundary validate-ops-history-contracts validate-action-contracts validate-agent-operation-contract validate-superconscious-reasoning-import validate-agent-harness-runtime-contracts validate-bounded-action-loop agentplane-evidence-receipt-composition-tier2-binding-ci lawful-learning-phase9-contract-ci validate-evidence-receipt-binding validate-semantic-activation-receipt validate-governed-run-contract validate-preflight-receipt validate-attempt-admission-receipt validate-verification-execution-receipt validate-synthetic-verification-receipt validate-governed-runner-v0-2-contract-chain validate-budget-settlement-receipt validate-rollback-receipts validate-run-dossier validate-governed-runner-readonly validate-workroom-context-evidence validate-wallguard-collaboration-admission validate-prophet-mesh-agentplane-adapter validate-civic-stack-runtime-evidence validate-conversational-evidence validate-concept-to-artifact-lineage validate-model-routing-lane-receipts validate-shir-governed-chain-job validate-device-actuation-boundary
 	python3 tools/validate_execution_timing.py
 
 validate-governance-context:
@@ -248,6 +248,31 @@ validate-prophet-mesh-agentplane-adapter:
 	python3 -m json.tool contracts/prophet-mesh/prophet-mesh-agentplane-adapter.v0.1.json >/dev/null
 	python3 tools/validate_prophet_mesh_agentplane_adapter.py
 
+validate-civic-stack-runtime-evidence:
+	python3 -m json.tool schemas/civic-stack-run-capsule.schema.v0.1.json >/dev/null
+	python3 tools/validate_civic_stack_runtime_evidence.py
+
+validate-conversational-evidence:
+	python3 -m json.tool schemas/conversational-action-evidence.schema.v0.1.json >/dev/null
+	python3 -m json.tool schemas/conversational-replay-record.schema.v0.1.json >/dev/null
+	python3 tools/validate_conversational_evidence.py
+
+validate-concept-to-artifact-lineage:
+	python3 -m json.tool schemas/concept-to-artifact-lineage-receipt.schema.v0.1.json >/dev/null
+	python3 tools/validate_concept_to_artifact_lineage.py
+
+validate-model-routing-lane-receipts:
+	python3 -m json.tool schemas/model-routing-lane-decision-receipt.schema.v0.1.json >/dev/null
+	python3 tools/validate_model_routing_lane_receipts.py
+
+validate-shir-governed-chain-job:
+	python3 -m json.tool schemas/shir-governed-chain-job.schema.v0.1.json >/dev/null
+	python3 tools/validate_shir_governed_chain_job.py
+
+validate-device-actuation-boundary:
+	python3 -m json.tool schemas/device-actuation-boundary-receipt.schema.v0.1.json >/dev/null
+	python3 tools/validate_device_actuation_boundary.py
+
 validate-agent-cycle-health:
 	python3 tools/validate_agent_cycle_health.py
 

docs/doctrine/tensegrity-runtime-contract.md

@@ -0,0 +1,55 @@
+# Tensegrity Runtime Contract
+
+## Purpose
+
+AgentPlane's execution model is a **tensegrity structure**: agents, tools, services, models, repos, and hosts are **compression members** — structural elements that do work. They are stabilized by continuous **tension members**: policy, identity, provenance, tests, signatures, audits, ledgers, capability grants, replay, and revocation.
+
+Neither class functions alone. A compression member without tension yields ungoverned execution. A tension member without a compression member yields policy theater with no work done.
+
+This contract defines how AgentPlane enforces tensegrity at runtime.
+
+## Compression Members
+
+| Compression Member | Description |
+|--------------------|-------------|
+| Agent | Execution actor with bounded capability radius |
+| Tool | Callable surface scoped by tool grant and CGRM decision |
+| Service | External or internal service endpoint with policy gate |
+| Model | Inference engine with model-routing lane decision |
+| Repo | Source repository with branch and GitOps audit chain |
+| Host | Execution environment with resource scope and capability radius R5 guard |
+
+## Tension Members
+
+| Tension Member | Description |
+|----------------|-------------|
+| Policy | Policy decision ref from PolicyFabric; required on every execution artifact |
+| Identity | Actor ref and post/authority binding; required for all dispatches |
+| Provenance | Hash-chain of inputs, prior artifacts, and upstream anchors |
+| Tests | Validation receipts and verification execution receipts |
+| Signatures | Attestation events and cryptographic seals on receipts |
+| Audits | Audit trail refs on intervention outcomes and blocked dispatches |
+| Ledgers | Evidence ledger refs and budget settlement receipts |
+| Capability Grants | Tool grants scoped by CGRM and capability radius level |
+| Replay | Replay artifact ref required on all governed runs |
+| Revocation | Revocation path declared at compression member registration |
+
+## Tensegrity Invariants
+
+1. **No compression member executes without a policy tension member.** Every agent action, tool invocation, service call, and model routing decision must carry a `policy_decision_ref`.
+
+2. **Tension members must form a closed chain.** Policy → Identity → Provenance → Evidence → Replay → Revocation must each reference the same run or be transitively linkable through `upstream_anchors`.
+
+3. **Revocation dissolves a tension member's grip immediately.** A revoked capability grant, expired policy decision, or invalidated identity ref causes the dependent compression member to transition to `blocked` or `deferred` — not to `completed`.
+
+4. **Replay seals the tensegrity loop.** A governed run without a `replay_artifact_ref` is structurally incomplete. Replay verifies that the compression-plus-tension envelope produces the same result under rerun, or surfaces a `divergence_record` for escalation.
+
+5. **Oversteer detection is a governance obligation, not an optimization.** See `cybernetic-oversteer-v0.md`.
+
+## Integration Points
+
+- `ConversationalActionEvidence` — tension: policy, identity, replay_linkage
+- `CivicStackRunCapsule` — tension: policy, provenance_refs, rationalgrl_trace, hellgraph_evidence_refs
+- `BoundaryCalculusEvidenceEnvelope` — tension: promotion_gate, policy_result, attribution_discriminating_evidence_refs
+- `GovernedRunContract` — tension: policy, budget, verifier chain, replay_artifact_ref
+- `CapabilityRadiusProfile` — defines tension member scope per compression member level (R0–R5)

docs/specs/agent-action-tension-members-v0.md

@@ -0,0 +1,47 @@
+# Agent Action Tension Members v0
+
+## Purpose
+
+Defines how a single agent action declares its compression role and the tension members that stabilize it.
+
+## Structure
+
+Every agent action artifact in AgentPlane should carry the following tension member declarations:
+
+```
+action_id            — unique identifier for this action
+compression_member   — agent | tool | service | model | repo | host
+policy_ref           — policy decision ref (PolicyFabric)
+identity_ref         — actor or post/authority ref
+provenance_refs      — hash chain: prior action, run capsule, upstream anchors
+evidence_refs        — evidence artifacts emitted by or consumed for this action
+replay_ref           — replay artifact ref (required for governed runs)
+revocation_path      — revocation URI; if revoked, action transitions to blocked
+audit_ref            — audit trail ref (required on interventions and blocked outcomes)
+```
+
+## Tension Member Obligations by Action Type
+
+| Action Type          | Policy | Identity | Provenance | Evidence | Replay | Revocation | Audit |
+|----------------------|--------|----------|------------|----------|--------|------------|-------|
+| observe              | ✓      | ✓        | ✓          | ✓        | —      | optional   | —     |
+| query                | ✓      | ✓        | ✓          | ✓        | —      | optional   | —     |
+| transform            | ✓      | ✓        | ✓          | ✓        | ✓      | ✓          | —     |
+| write                | ✓      | ✓        | ✓          | ✓        | ✓      | ✓          | —     |
+| deploy               | ✓      | ✓        | ✓          | ✓        | ✓      | ✓          | ✓     |
+| revoke               | ✓      | ✓        | ✓          | ✓        | ✓      | ✓          | ✓     |
+| escalate             | ✓      | ✓        | ✓          | ✓        | ✓      | ✓          | ✓     |
+| trigger_execution    | ✓      | ✓        | ✓          | ✓        | ✓      | ✓          | —     |
+| approval_denial      | ✓      | ✓        | ✓          | ✓        | ✓      | optional   | ✓     |
+
+## Structural Rules
+
+1. **`policy_ref` is always required.** No action without a PolicyFabric decision ref is structurally valid.
+2. **`replay_ref` is required for actions that mutate state.** transform, write, deploy, revoke, escalate, trigger_execution, approval_denial.
+3. **`audit_ref` is required for denied or blocked outcomes** and for any intervention (modified, blocked, escalated) per the bounded-action-loop contract.
+4. **`revocation_path` is required for actions at R2 or above** (capability radius). See `capability-radius-v0.md`.
+5. **`provenance_refs` must include at least one upstream anchor** linking this action to a run capsule, governed run, or admission artifact.
+
+## Example
+
+See `examples/tensegrity/agent-action-tension-members.example.json`.

docs/specs/capability-radius-v0.md

@@ -0,0 +1,28 @@
+# Capability Radius v0
+
+## Purpose
+
+Defines the six capability radius levels (R0–R5) that bound what an agent, tool, or service can do within the tensegrity runtime. Radius is a tension member: it scopes tool grants, CGRM decisions, and revocation paths.
+
+## Radius Levels
+
+| Level | Name                   | Scope                                                                                   | Tension Members Required                    |
+|-------|------------------------|-----------------------------------------------------------------------------------------|---------------------------------------------|
+| R0    | observe-local          | Read from in-process or local context; no side effects outside the execution envelope   | policy, identity                            |
+| R1    | query-bounded          | Query services or data stores with read-only scope; results stay in-process             | policy, identity, provenance                |
+| R2    | transform-scoped       | Produce or modify artifacts within a governed workspace; no direct writes to shared state | policy, identity, provenance, evidence, replay |
+| R3    | write-governed         | Write to governed repositories, ledgers, or evidence stores; requires signed receipt    | policy, identity, provenance, evidence, replay, revocation |
+| R4    | deploy-staged          | Deploy to staged or sandboxed environments; Signadot or equivalent runtime gate required | policy, identity, provenance, evidence, replay, revocation, audit |
+| R5    | deployment-host-mutation | Mutate production hosts, release branches, or live infrastructure; requires explicit admission gate and senior authority ref | policy, identity, provenance, evidence, replay, revocation, audit, post_authority_ref |
+
+## Radius and Tool Grants
+
+A tool grant may not exceed the actor's declared capability radius. Attempting to invoke a tool with a radius higher than the actor's current grant level causes the dispatch to transition to `blocked` with a RationalGRL defeater.
+
+## Radius and Oversteer
+
+Rapid radius escalation (R0 → R3 in a single session without intermediate evidence) is an oversteer indicator. See `cybernetic-oversteer-v0.md`.
+
+## Radius Profile
+
+The live capability radius profile for an actor or service is declared in `examples/reachability/agent-capability-radius.example.json`.

docs/specs/cybernetic-oversteer-v0.md

@@ -0,0 +1,40 @@
+# Cybernetic Oversteer v0
+
+## Purpose
+
+Defines oversteer as a first-class governance condition in the tensegrity runtime. Oversteer occurs when the execution system is self-correcting faster than evidence-gathering can validate. It signals that tension members are under strain: policy is reversing, evidence is not accumulating, or the actor is outrunning its capability radius.
+
+## Oversteer Indicators
+
+Each indicator maps to a pattern in the execution record or governance signal stream.
+
+| Indicator                     | Description                                                                                      | Tension Member Under Strain    |
+|-------------------------------|--------------------------------------------------------------------------------------------------|-------------------------------|
+| repeated_reversals            | The same decision (approve/deny, dispatch/block) is reversed three or more times in a session   | Policy                        |
+| patch_churn                   | More than N patches to the same artifact within a bounded time window without advancing the evidence chain | Provenance, Evidence |
+| issue_churn                   | Issues are opened and closed on the same scope without resolution propagating to execution artifacts | Evidence, Audit |
+| branch_churn                  | More than N branch create/delete cycles on the same base without a merged artifact              | Repo, Provenance              |
+| oscillating_decisions         | Policy decisions flip between allow and deny on the same request profile without new evidence   | Policy                        |
+| policy_flip_flops             | A policy decision is overridden, reinstated, and overridden again within one run capsule        | Policy                        |
+| repeated_failed_validations   | The same validation check fails three or more consecutive times without a new evidence artifact | Tests, Evidence               |
+| excessive_retry_no_evidence   | Retries exceed threshold with no new evidence_refs added to the run capsule                     | Evidence, Replay              |
+| rapid_radius_escalation       | Actor capability radius jumps two or more levels without intermediate evidence and policy gates | Capability Grants             |
+| tension_member_gap            | A required tension member (e.g., replay_ref) is absent from a mutation-class action            | Varies                        |
+
+## Detection Contract
+
+Oversteer indicators are emitted as `OvensteerIndicator` fields in the `OversteerGovernanceSignal` artifact (see `examples/governance/oversteer-indicators.example.json`). They do not block execution directly but:
+
+1. Are emitted to HellGraph/Prophet Core as evidence.
+2. Trigger a `delivery_excellence_signal_ref` with a degraded score.
+3. Elevate the next policy decision request to `escalate` if two or more indicators fire simultaneously.
+4. Are included in the RationalGRL trace as softgoal degradation events.
+
+## Oversteer vs. Error
+
+An error is a single-point failure with a clear revocation path. Oversteer is a systemic pattern. Errors resolve through repair and evidence. Oversteer resolves through tension member reinforcement: adding evidence, slowing radius expansion, or requiring human authority at R4/R5.
+
+## Non-Claims
+
+- This spec does not define the thresholds N for churn indicators; those are set by PolicyFabric configuration per org and repo.
+- This spec does not prescribe automatic execution halt; that is a policy gate decision.