disinto-admin/disinto-ops
2
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
disinto-ops/sprints/vault-blast-radius-tiers.md

4.2 KiB
Raw Blame History

Sprint: Vault blast-radius tiers

Vision issues

  • #419 — Vault: blast-radius based approval tiers

What this enables

After this sprint, vault operations are classified by blast radius — low-risk operations (docs, feature-branch edits) flow through without human gating; medium-risk operations (CI config, Dockerfile changes) queue for async review; high-risk operations (production deploys, secrets rotation, agent self-modification) hard-block as today.

The practical effect: the dev loop no longer stalls waiting for human approval of routine operations. Agents can move autonomously through 80%+ of vault requests while preserving the safety contract on irreversible operations.

What exists today

The vault redesign (#73-#77) is complete and all five issues are closed:

  • lib/vault.sh - idempotent vault PR creation via Forgejo API
  • docker/edge/dispatcher.sh - polls merged vault PRs, verifies admin approval, launches runners
  • vault/vault-env.sh - TOML validation for vault action files
  • vault/SCHEMA.md - vault action TOML schema
  • lib/branch-protection.sh - admin-only merge enforcement on ops repo

Currently every vault request goes through the same hard-block path regardless of risk. No classification layer exists. All formulas share the same single approval tier.

Note: prerequisites.md says vault redesign is incomplete - this is stale. All #73-#77 issues are closed as of the current state.

Complexity

Files touched: ~14 (7 new, 7 modified)

New files:

  • vault/classify.sh - classification engine, ~150 lines: path glob matching, secret risk scoring, formula risk lookup
  • vault/policy.toml - human-editable policy rules mapping path patterns to tier assignments
  • vault/formula-risks.toml - formula-to-risk-level mapping (release=high, gardener=low)
  • docs/BLAST-RADIUS.md - documentation
  • 2-3 test helpers

Modified files:

  • vault/SCHEMA.md - optional blast_radius override field
  • vault/vault-env.sh - call classify.sh, validate classification
  • lib/vault.sh - attach computed tier as PR label; skip PR creation for auto-approve tier
  • docker/edge/dispatcher.sh - enforce tier policy: auto-merge low, route medium, hard-block high
  • lib/branch-protection.sh - potentially vary required-approvals by tier

Gluecode vs greenfield: ~60% gluecode, ~40% greenfield (classification engine and policy format).

Estimated sub-issues: 4-5

Risks

  1. Classification errors on consequential operations. Classification is deterministic (pattern matching, not AI judgment), but a misconfigured policy.toml could auto-approve something that should hard-block. Mitigation: default-deny all unknown patterns; policy changes require human review.

  2. Dispatcher complexity. dispatcher.sh is already 1005 lines. Adding three code paths adds ~150 lines. Mitigation: extract classification to classify.sh so dispatcher delegates, not decides.

  3. Branch-protection interaction. Auto-approve tier means the dispatcher merges without human approval. branch-protection.sh currently requires 1 approval; the dispatcher must bypass this for auto-approve tier. Requires admin token in vault runner, or branch protection must become tier-aware. This is the primary design fork.

  4. Stale prerequisites.md. Should be updated as part of execution.

Cost - new infra to maintain

  • vault/policy.toml - operators must keep current as new formulas are added. Unknown formulas default to HIGH (safe, forces manual approval).
  • vault/classify.sh - one shell script, shellcheck-covered, no runtime daemon.
  • No new services, cron jobs, or agent roles.

Ongoing cost is low.

Recommendation

Worth it. The vault redesign is done; blast-radius tiers are the logical next step to make it usable in practice. The bottleneck today forces human approval on every vault action, which is the primary reason agents cannot operate continuously. This sprint has clear scope (~14 files, 4-5 sub-issues), low new maintenance cost, and directly unblocks autonomous operation in the Foundation phase.

The branch-protection and admin-token interaction (Risk 3) is the only design fork worth resolving before implementation. Everything else is straightforward.

Reply ACCEPT to proceed with design questions, or REJECT: reason to decline.