feat(compliance): add comply_controller_mode_gate universal storyboard#4385
Draft
bokelley wants to merge 2 commits into
Draft
feat(compliance): add comply_controller_mode_gate universal storyboard#4385bokelley wants to merge 2 commits into
bokelley wants to merge 2 commits into
Conversation
Adds a new universal storyboard that verifies comply_test_controller returns FORBIDDEN when called by a live-mode authenticated account, closing the fail-open gap where all existing storyboards use sandbox principals only. Also adds: - test-kits/acme-outdoor-live.yaml (sandbox: false live-mode fixture) - doc parity rows in conformance.mdx and compliance-catalog.mdx - patch changeset Refs #4028 https://claude.ai/code/session_01CKfKuDGVRc3Kibaj7DQc8q
…validation - category: compliance_testing → core (compliance_testing is not a valid storyboard category enum; deterministic-testing and idempotency both use core) - Add inline comment on the field_value error check clarifying it targets ControllerError.error (not adcp_error.code), so check: error_code does not apply https://claude.ai/code/session_01CKfKuDGVRc3Kibaj7DQc8q
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #4028
Summary
comply_controller_mode_gate(static/compliance/source/universal/comply-controller-mode-gate.yaml) — verifies that sellers refusecomply_test_controllerdispatch when the resolved account is in live mode, closing the fail-open gap where every prior storyboard uses sandbox-only principals.acme-outdoor-live.yaml— mirrorsacme-outdoor.yamlwithsandbox: false; bearer prefixdemo-acme-outdoor-live-for per-prefix matching per thedemo-<kit>-convention.docs/building/conformance.mdxanddocs/building/compliance-catalog.mdx(required bylint-universal-storyboard-doc-parity).patchper playbook (new universal storyboard = additive harness change, patch-eligible).How it skips non-controller agents
The storyboard carries
requires: [controller](documented instoryboard-schema.yaml§132–166). Sellers that don't exposecomply_test_controllerreceiverequirement_unmetand the storyboard is skipped — no impact on agents that correctly declarecapabilities.compliance_testing.supported: false.Patch eligibility
New universal storyboard — additive harness change. Per playbook: "new universal storyboards … are patch-eligible." No new normative requirements on the wire; denial of live-mode controller calls was already required by the narrative in
deterministic-testing.yaml. This adds machine-readable enforcement.Pre-PR review
Two expert reviews completed before this PR was opened:
category: compliance_testingas invalid enum → fixed tocategory: core. Suggested inline comment oncheck: field_value, path: errorto clarify ControllerError scope → added.requires: [controller]confirmed valid per schema documentation.requires: [controller]is the correct gate mechanism per schema spec (reviewer incorrectly flagged it as unrecognized — schema lines 132–166 document it explicitly).Follow-up
After merge to
main, cherry-pick to3.0.xper playbook convention:Build
npm run build:compliancepasses clean (24 universal, 6 protocols, 20 specialisms). All storyboard lints pass.https://claude.ai/code/session_01CKfKuDGVRc3Kibaj7DQc8q
Generated by Claude Code