Skip to content
This repository was archived by the owner on Apr 12, 2026. It is now read-only.
This repository was archived by the owner on Apr 12, 2026. It is now read-only.

feat: policy composition — is_stricter_than + tenant inheritance #1523

Closed
Closed
feat: policy composition — is_stricter_than + tenant inheritance#1523
Labels
agent:claimedAgent dispatched — do not re-dispatchenhancementNew feature or requestsprintCurrent sprint priority
@jpleva91

Description

@jpleva91
jpleva91
opened on Apr 5, 2026

Context

Harvested from Microsoft AGT. Child policies should never loosen parent constraints. Essential for multi-tenant governance.

Proposal

  • Add is_stricter_than(parent Policy) bool method to policy engine
  • Support policy inheritance: base → tenant → project → session
  • Validate at load time that child policies only tighten, never loosen

Harvest source

Microsoft AGT trust_policy.pyis_stricter_than() pattern

Metadata

Metadata

Assignees

No one assigned

    Labels

    agent:claimedAgent dispatched — do not re-dispatchenhancementNew feature or requestsprintCurrent sprint priority

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions