docs(architecture): reframe OQ-17 and OQ-18 as protocol-level concerns, not agent-specific
The abort cascade and privilege model are call protocol semantics that every consumer inherits — NAPI adapter, Python adapter, agent service, and any future service speaking the EventEnvelope wire format. Framing them as 'needs agent crate in view' let a single consumer's timeline gate a protocol-level decision. The agent use case is a useful test case for edge cases, but the decisions belong to the call protocol.
This commit is contained in:
@@ -311,7 +311,7 @@ See [open-questions.md](../../open-questions.md) for full details.
|
||||
- **OQ-15** (open): Call protocol client and adapter contract. ADR-014 constrains the adapter contract: adapters take credential sources from the assembly layer, not static tokens.
|
||||
- **OQ-16** (resolved by ADR-014): No vault operations are exposed over the call protocol for now.
|
||||
- **OQ-17** (open): Abort cascade semantics — `call.aborted` cascades to descendants, default `abort-dependents`, `continue-running` opt-in. One-way door on the event schema; mechanism is a two-way door.
|
||||
- **OQ-18** (open): Privilege model and authority context — `internal` flag switches authority to handler identity, not blanket ACL skip. Operations have External/Internal visibility. Scoped composition env + handler identity. Needs agent crate in view.
|
||||
- **OQ-18** (open): Privilege model and authority context — `internal` flag switches authority to handler identity, not blanket ACL skip. Operations have External/Internal visibility. Scoped composition env + handler identity. Protocol-level concern — every consumer inherits this model.
|
||||
|
||||
## References
|
||||
|
||||
|
||||
Reference in New Issue
Block a user