feat(intelligence): capability-delivery manifest — composeCertifiedProfile + resolver + ladder#298
Merged
Merged
Conversation
…ofile + resolver + ladder
Add the unified, future-proof delivery structure: one certified unit of agent
power = { interface, binding }. Interfaces are CLOSED (tool / mcp / context /
retrieval / hook / subagent); bindings are OPEN (inline / file / http /
sandbox-code / mcp-stdio / mcp-remote / process-on-infra / rag-index /
memory-store / wasm / a2a). A single resolver lowers any binding into one uniform
ResolvedSurface consumed identically by the host seam (RouterToolsSeam tools +
executeToolCall) and the sandbox seam (AgentProfile).
- src/intelligence/capability.ts: the manifest types + CapabilityNotAdmittedError
+ manifestFromProfile (lowers today's CertifiedProfile wire into capabilities[]
with best-effort binding inference, so the spine delivers value before the
plane changes).
- src/intelligence/resolver.ts: composeCertifiedProfile — the spine resolves
inline/file (byte-identical to composeCertifiedPrompt, the regression lock),
mcp-stdio/mcp-remote (strict union widens to the SDK's flat
AgentProfileMcpServer — an always-valid lowering), and http tools (the host
seam). Ladder rungs that need infra (sandbox-code, process-on-infra) are
injected ResolveCtx providers; rag-index/memory-store/wasm/a2a throw
CapabilityNotAdmittedError (memory gated on the E3 admission bar). Fail-closed:
null manifest -> base surface, per-capability failure -> drop (diagnostic via
onDrop), post-resolve drift drops any tool/mcp whose live names diverge.
- src/mcp/delegation-profile.ts: composeProductionAgentProfile now also merges
tools box-flags, hooks, subagents, and injects ResolvedSurface.mcpConnections
into AgentProfile.mcp (the sandbox-seam mapping).
- exports + export gate + the two spec corrections (mcp lowers via always-valid
widening; tools lower two ways since AgentProfile.tools is box flags).
tangletools
approved these changes
Jun 14, 2026
tangletools
left a comment
tangletools
left a comment
Contributor
There was a problem hiding this comment.
✅ Auto-approved PR — f8d91370
Blanket team auto-approval is enabled for this reviewer service.
The full PR reviewer audit still runs separately and will publish findings if it detects issues.
tangletools · auto-approval · reason: blanket_auto_approve · 2026-06-14T15:18:58Z
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The unified, future-proof delivery structure for the intelligence plane: one certified unit of agent power =
{ interface, binding }.tool / mcp / context / retrieval / hook / subagent) — they map slot-for-slot ontoAgentProfile+RouterToolsSeam.inline / file / http / sandbox-code / mcp-stdio / mcp-remote / process-on-infra / rag-index / memory-store / wasm / a2a) — the extension point.ResolvedSurface, consumed identically by the host seam (in-processToolSpec+executeToolCall) and the sandbox seam (AgentProfile).This upgrades delivery from prompt-only (
composeCertifiedPromptfolds onlyprompt-surface+skillinto the system prompt) to the entire profile.Changes
src/intelligence/capability.ts— manifest types +CapabilityNotAdmittedError+manifestFromProfile(lowers today'sCertifiedProfilewire intocapabilities[], so the spine ships value before the plane changes).src/intelligence/resolver.ts—composeCertifiedProfile: resolves inline/file (byte-identical tocomposeCertifiedPrompt— the regression lock), mcp-stdio/mcp-remote (strict union widens to the SDK's flatAgentProfileMcpServer, an always-valid lowering), http tools (host seam). Ladder rungs that need infra (sandbox-code, process-on-infra) are injected providers; rag-index/memory-store/wasm/a2a throwCapabilityNotAdmittedError(memory gated on the E3 admission bar). Fail-closed: null manifest → base surface; per-capability failure → drop; post-resolve drift drops any tool/mcp whose live names diverge.src/mcp/delegation-profile.ts—composeProductionAgentProfilenow also merges tool box-flags, hooks, subagents, and injectsmcpConnections(the sandbox-seam mapping).composeCertifiedPromptis kept unchanged (export gate + migration window);composeCertifiedProfileis additive.verify-package-exports.mjsgate +docs/capability-delivery-manifest.md.Tests / gates
src/intelligence/capability.test.ts(byte-stable fold, mcp lowering, http exec, drift-drop, fail-closed,manifestFromProfileround-trip, ladder throw-gating). CI is the verification gate on this PR.Release coupling
Merging this is step 1 of the e2e: publish
0.53.0, then the agent-dev-container plane (feat/capability-manifest-delivery) and the agent-app consumer repin and consume the new surface.