Skip to content
9 changes: 8 additions & 1 deletion docs/architecture/session-application-coordinators/spec.md
Original file line number Diff line number Diff line change
Expand Up @@ -136,10 +136,15 @@ Owns executable assignment and runtime-setting policy:

- create/subagent/transfer assignment resolution;
- transfer impact, batch move/delete, and single-session transfer;
- model, project, permission, generation settings, disabled tools, and subagent-enabled settings;
- model, project, permission, generation settings, and disabled tools;
- ACP config options and commands;
- subagent Tape link finalization.

Subagent availability is not Session assignment state. The DeepChat runtime derives it from the
current Agent delegation policy, normalized slots, and `sessionKind`; the retained
`new_sessions.subagent_enabled` column is physical compatibility data and is not an authorization
input.

Session deletion remains a lifecycle transaction. Assignment may call a required narrow lifecycle
deletion port, but the composition graph must not use optional setters or circular construction.
Assignment resolution shared with lifecycle may be implemented as a focused pure policy module; it
Expand Down Expand Up @@ -253,6 +258,8 @@ defined as `Pick<IAgentSessionPresenter, ...>` and must not be grouped under a r
- Project updates retain their current non-transactional order; no rollback is introduced.
- ACP model lock, workdir requirement, permission modes, generation settings, disabled tools, and
config/command behavior remain unchanged.
- Create and transfer do not copy or reinterpret the legacy `subagent_enabled` value. Existing
Sessions observe their current Agent delegation policy on the next tool-profile resolution.
- Subagent parent/slot/agent validation, ACP forced runtime settings, and Tape link parent-child
checks remain explicit at finalization.

Expand Down
8 changes: 8 additions & 0 deletions docs/architecture/session-management.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@ sequenceDiagram
`new_sessions.agent_id` 对应的 strict `AgentDescriptor.kind`;unknown、disabled、malformed 或 cached identity
mismatch 失败关闭,不 fallback。

`new_sessions.subagent_enabled` 仅作为旧数据库兼容列保留,默认值仍为 `0`。当前 Session DTO、创建、
transfer、remote、cron 与 renderer draft 都不读写或解释该列。Subagent 可用性只由当前 Agent 的 delegation
policy、正规化 slots 与 `sessionKind` 推导;因此已有 Session 会在下一次 tool-profile 解析时读取最新 Agent
配置,不需要重建或迁移 Session row。

## Typed handle

共同 handle 保留双方真实共有的:
Expand Down Expand Up @@ -112,6 +117,9 @@ ACP-provider source 只清 compatibility binding,不被误判成 direct ACP。
- Subagent 与普通 session 共享 app/message schema,用 `sessionKind`、`parentSessionId`、`subagentMeta`
区分;child backend 仍由 manager 选择。子任务结算时父 session 记录 frozen-head Tape link;显式
cross-Tape View 只读 direct child,child entries 不复制进父 effective view。
- regular DeepChat parent 只有在 Agent policy 开启且至少存在一个有效 slot 时才获得
`subagent_orchestrator`;Subagent child 始终失败关闭,不能递归委派。模型是否实际调用由任务收益和用户
当轮指令决定,Agent Settings 是唯一持久化用户开关。
- Remote 通过四个 consumer-owned session ports 调用 coordinator;active-generation lookup/cancel 仍使用
`AgentManagerGenerationPort`,不扫描 presenter runtime maps。
- Cron 的 composition-owned starter 通过 Lifecycle 创建 detached app session、通过 Turn send/cancel;
Expand Down
108 changes: 108 additions & 0 deletions docs/architecture/subagent-capability-policy/plan.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
# Subagent Capability Policy - Implementation Plan

## Phase 1: Specify the policy boundary

- Record Agent configuration as the only persisted delegation policy.
- Define the closed capability, default-on migration matrix, Session compatibility, cache contract,
security boundary, and model delegation guidance.
- Keep run guardrails, host-policy isolation, and Tape lineage as unchanged dependencies.

## Phase 2: Migrate defaults and enforce Agent invariants

- Advance `unifiedAgentsMigrationVersion` to 3.
- Migrate only the built-in legacy disabled-empty state to default-on, seed defaults for enabled
empty configurations, and preserve custom disabled policies.
- Mark the version only after all writes succeed so retries are idempotent.
- Validate the merged Agent configuration at repository create/update boundaries.
- Make Settings restore defaults on enable, retain disabled slots, and prevent deletion of the last
enabled slot.
- Cover migration retry, explicit disable preservation, invalid direct writes, and UI behavior.

## Phase 3: Centralize runtime capability

- Add one pure capability resolver shared by tool-profile and execution paths.
- Carry the snapshot through the internal tool-definition context and include its canonical
`cacheKey` in the tool profile fingerprint.
- Build the model schema from that snapshot and re-resolve policy before run admission.
- Initially retain the legacy Session boolean as an additional compatibility gate so this phase is
independently correct before the Session surface is removed.
- Reserve and reclassify `subagent_orchestrator` so MCP and generic disabled-tool policy cannot
shadow or independently control it.

## Phase 4: Retire Session-level state

- Remove the Session route, application ports, assignment fields, create/transfer/cron/remote
propagation, renderer Session/Draft state, and composer item.
- Remove the compatibility gate from capability admission; Agent policy becomes the only user
policy.
- Keep the database column and legacy reader compatibility while leaving all new rows at the
existing default.
- Prove legacy `0` and `1` values are non-interfering and existing Sessions observe Agent changes on
the next turn.

## Phase 5: Guide model delegation

- Update the orchestrator description and default prompt with conservative delegation criteria,
user opt-out precedence, overlapping-write cautions, and cost/latency guidance.
- Update Agent Settings copy without adding another switch.
- Add request-level tool snapshot coverage and configuration-race/active-run integration tests.

## Phase 6: Validate and finalize contracts

- Run targeted and full main/renderer suites, native SQLite coverage, typecheck, format, i18n, lint,
and architecture guards.
- Review the complete branch for hidden writes, migration compatibility, cache correctness,
security boundaries, performance, naming, test depth, and maintenance cost.
- Update current session/application and tool-system architecture contracts only for validated
behavior.

## Commit Strategy

1. `docs(agent): specify subagent capability`
2. `fix(agent): migrate subagent defaults`
3. `fix(agent): centralize subagent capability`
4. `refactor(session): remove subagent toggle`
5. `fix(agent): guide subagent delegation`
6. `docs(agent): finalize subagent capability`

Any additional remediation commit must name its concrete behavior. Existing commits are not amended
or rebased.

## Review Gate

Before every commit:

1. Inspect status, the complete unstaged diff/stat/check, and run the smallest sufficient tests.
2. Review P0-P3 for hidden writes, compatibility, migration/retry boundaries, performance,
authorization, naming, test quality, and maintenance cost.
3. Fix every in-scope actionable finding and repeat the review.
4. Stage explicit task paths only; inspect the complete staged diff/stat/check and repeat the same
severity review.
5. Commit only when the staged change has no unrelated file and no actionable P0-P3 finding.

After implementation, repeat the review over `dev...HEAD`. If a finding requires a new global
policy, database-column removal, child permission change, or external protocol expansion, stop and
request authorization rather than expanding this goal.

## Compatibility and Rollback

- Agent config fields remain readable by older versions.
- The default migration changes only JSON config and is idempotent; rollback code can still read
the resulting policy and slots.
- The legacy Session column remains present with its original default, so older database readers do
not fail schema checks.
- Older Session values are ignored by new code and are not destructively rewritten.
- No provider/ACP registry refresh or full build is part of this change.

## Validation Strategy

- Repository/config tests: defaults, migration matrix, idempotency, failure retry, write invariant.
- Tool tests: capability reasons, slot schema, cache refresh, call-time revalidation, reserved name,
generic-disabled non-interference, child recursion prevention.
- Session tests: create/transfer/cron/remote inputs, legacy column compatibility, existing Session
Agent-policy refresh, ACP non-interference.
- Renderer tests: no composer/draft toggle, Settings default restoration and final-slot protection.
- Integration tests: actual provider tool snapshot appears/disappears without restart, active runs
retain their admitted snapshot, Tape finalization and child activity remain unchanged.
- Final commands: targeted Vitest suites, `test:main:native-sqlite`, full main and renderer suites,
typecheck, format/check, i18n, and lint.
Loading
Loading