llm-multiverse/implementation-plans/issue-055.md

Implementation Plan — Issue #55: Enforcement layer 3: Lineage constraint enforcement

Metadata

Field	Value
Issue	#55
Title	Enforcement layer 3: Lineage constraint enforcement
Milestone	Phase 7: Tool Broker
Labels	—
Status	COMPLETED
Language	Rust
Related Plans	issue-054.md, issue-053.md, issue-052.md
Blocked by	#54

Acceptance Criteria

• Parse agent lineage from session context
• Verify each ancestor in the lineage had permission to delegate this capability
• Deny if any ancestor in the chain lacks delegation rights
• Pass/fail result with reason for next layer

Design

The lineage constraint layer walks the AgentLineage chain (a list of AgentIdentifier entries) and for each consecutive parent→child pair verifies:

1. The parent has a known manifest (deny if missing).
2. The child's spawn_depth does not exceed the parent manifest's max_spawn_depth.
3. The parent's can_spawn list includes the child's agent type name.

Top-level agents (no lineage or empty lineage) are allowed by default. Single-agent lineages are allowed (no parent→child pair to check).

Files to Create/Modify

File	Action	Purpose
services/tool-broker/src/enforcement/lineage_constraint.rs	Create	Layer 3 check function
services/tool-broker/src/enforcement/mod.rs	Modify	Export lineage_constraint module

Tests

9 unit tests covering:

• No lineage → allowed
• Empty lineage → allowed
• Single agent lineage → allowed
• Valid two-level lineage (orchestrator→researcher) → allowed
• Valid three-level lineage (orchestrator→coder→researcher) → allowed
• Denied: parent cannot spawn child type
• Denied: spawn depth exceeded
• Denied: unknown parent type (no manifest)
• Denied: mid-chain violation

Deviation Log

Deviation	Reason
Checks spawn permission (can_spawn) rather than tool delegation	The lineage layer enforces structural spawn constraints; tool-level delegation is handled by layers 1-2