agent-governance/docs/PHASE_DEPENDENCY_ANALYSIS.md

Phase Dependency Analysis

Overview

This document analyzes the dependencies between Phase 8 (Production Hardening) test results and earlier phase components, identifying gaps and required backfills.

Analysis Date: 2026-01-24 Checkpoint: ckpt-20260124-023706-11d689d4

---

Phase 8 Test Results Summary

Test Suite	Tests	Result	Dependencies
GitHub Integration	10/10	PASS	Phase 3 (Pipeline scaffolding)
Slack Integration	17/17	PASS	Phase 3 (Pipeline scaffolding)
Error Recovery	10/10	PASS	Phase 4 (Revocation Engine)
E2E Workflow	16/16	PASS	Phases 1-5 (Full stack)

---

Dependency Map

1. Integration Tests → Phase 3 (Pipeline)

Files Tested:

• /opt/agent-governance/integrations/github/github.py
• /opt/agent-governance/integrations/slack/slack.py
• /opt/agent-governance/integrations/common/base.py

Dependencies:

• BaseIntegration class with rate limiting, retry logic, audit logging
• IntegrationEvent dataclass with event_type routing
• IntegrationManager for multi-integration coordination

Event Types Used (not in pipeline/core.py):

plan_created        → Maps to AgentPhase.PLAN completion
execution_started   → Maps to AgentPhase.EXECUTE start
execution_complete  → Maps to AgentPhase.EXECUTE completion
violation_detected  → Maps to RevocationType events
promotion_requested → Maps to tier promotion workflow
promotion_approved  → Maps to tier promotion completion
agent_revoked       → Maps to RevocationType.* terminal events
approval_required   → Maps to StageType.GATE
heartbeat           → Maps to agent health monitoring

Gap Identified: Integration event types should be formally defined in pipeline/core.py as IntegrationEventType enum.

---

2. Error Recovery Tests → Phase 4 (Revocation)

Files Tested:

• /opt/agent-governance/runtime/revocation.py

Dependencies:

• ViolationType enum (14 types) - More comprehensive than core.py
• Severity enum (4 levels) - Not in core.py
• RevocationEngine class
• DragonflyDB keys: agent:{id}:revoke_signal, revocations:ledger, alerts:queue

Type Comparison:

Location	Enum	Count	Coverage
pipeline/core.py	RevocationType	6	Basic revocation triggers
runtime/revocation.py	ViolationType	14	Full violation taxonomy
runtime/revocation.py	Severity	4	Severity classification

Gap Identified: pipeline/core.py should import or re-export the full ViolationType and Severity from runtime/revocation.py to maintain single source of truth.

---

3. E2E Tests → Phases 1-5 (Full Stack)

Files Tested:

• /opt/agent-governance/tests/real_e2e_test.py

Phase 1 (Foundation) Dependencies:

• SQLite Ledger schema: agent_actions, agent_metrics, violations, promotions
• File structure: /opt/agent-governance/ledger/governance.db

Phase 2 (Vault) Dependencies:

• Vault health check: GET /v1/sys/health
• AppRole authentication: auth/approle/role/tier1-agent/role-id
• Policy files: t0-observer.hcl through t4-architect.hcl
• Secret paths: secret/data/agents/{agent_id}, secret/data/inventory/*

Phase 3 (Pipeline) Dependencies:

• DragonflyDB key patterns from RedisKeys class
• Instruction packet structure
• Agent state management

Phase 5 (Agent Bootstrap) Dependencies:

• Execution lock acquisition/release
• Heartbeat management
• Error budget tracking

Gap Identified: E2E test uses hardcoded Redis password (governance2026) instead of fetching from Vault.

---

STATUS.md File Inconsistencies

Several STATUS.md files show "Current Phase: NOT STARTED" in the header but "COMPLETE" or "IN_PROGRESS" in the Activity Log:

Directory	Header Says	Activity Log Says
runtime/	NOT STARTED	COMPLETE
preflight/	NOT STARTED	COMPLETE
pipeline/	NOT STARTED	COMPLETE
integrations/	NOT STARTED	IN_PROGRESS
integrations/github/	NOT STARTED	(needs update)
integrations/slack/	NOT STARTED	(needs update)

Action Required: Update STATUS.md files to reflect actual completion state.

---

Backfill Requirements

Priority 1: Type Synchronization ✅ COMPLETE

1. Updated pipeline/core.py to include:

   • ✅ ViolationSeverity enum (4 levels)
   • ✅ Full ViolationType enum (14 types with severity mapping)
   • ✅ IntegrationEventType enum (9 event types)
   • ✅ VIOLATION_SEVERITY_MAP for severity lookups
   • ✅ INTEGRATION_EVENT_PHASE_MAP for lifecycle mapping
   • ✅ RevocationType alias for backwards compatibility

2. Import flow established:

   pipeline/core.py (authoritative source)
       ↓
   runtime/revocation.py (can now import from core)
       ↓
   integrations/*.py (uses IntegrationEventType)
   

Priority 2: STATUS.md Corrections ✅ COMPLETE

Updated files to show correct Current Phase:

• ✅ /opt/agent-governance/runtime/STATUS.md → COMPLETE
• ✅ /opt/agent-governance/preflight/STATUS.md → COMPLETE
• ✅ /opt/agent-governance/pipeline/STATUS.md → COMPLETE
• ✅ /opt/agent-governance/integrations/STATUS.md → IN_PROGRESS (with test results)
• ✅ /opt/agent-governance/integrations/github/STATUS.md → COMPLETE (10/10 tests)
• ✅ /opt/agent-governance/integrations/slack/STATUS.md → COMPLETE (17/17 tests)

Priority 3: Credential Hardening (Deferred)

Replace hardcoded credentials in test files with Vault lookups:

• /opt/agent-governance/tests/real_e2e_test.py:28 - REDIS_PASSWORD
• Status: Low priority - test files only, not production code

---

Summary

Category	Items	Status
Type definitions in sync	3 gaps	✅ COMPLETE
STATUS.md files accurate	6 files	✅ COMPLETE
Credentials secure	1 hardcoded	Deferred (test-only)
Tests passing	53/53	✅ COMPLETE

Result: All critical backfill requirements addressed. Phase 8 Production Hardening can proceed with confidence that earlier phases are consistent.