Skip to content

feat: add automation policy guardrails for hosted mode #288

Open
Open
feat: add automation policy guardrails for hosted mode#288
Labels
engineLoop engine infrastructureenhancementNew feature or requestreadyIssue is ready for automated agent processingserverExpress monitoring server
@bradtaylorsf

Description

@bradtaylorsf
bradtaylorsf
opened on May 27, 2026

Summary

Add repo-level automation policy guardrails that define what hosted Alpha Loop is allowed to work on, what it must refuse, and when it must ask a human before continuing.

Why this matters

A long-running server-side worker must be constrained by explicit repo policy. The goal is not to let an agent do anything it can think of; the goal is to let it safely handle known categories of work while stopping before protected paths, dangerous commands, production operations, secrets, or unclear requests.

Proposed approach

  • Add an automation_policy: section to .alpha-loop.yaml.
  • Support required labels, blocked labels, allowed paths, protected paths, command allowlists, max active sessions, max paused sessions, max issues per session, max runtime, and cost/budget limits.
  • Support human gates for categories such as auth, billing, production deploy, dependency upgrades, Sanity schema changes, secrets, migrations, and destructive content changes.
  • Evaluate policy before starting work, before running configured commands, and after implementation by checking the diff against protected paths.
  • Mark blocked or ambiguous work with needs-human-input and a clear GitHub comment explaining why it was not automated.
  • Record policy decisions in the session manifest and event log.

Example config shape:

automation_policy:
  require_labels: [ready]
  block_labels: [do-not-automate, needs-human-input]
  max_active_sessions: 1
  max_paused_sessions: 10
  max_issues_per_session: 1
  max_session_minutes: 90
  allowed_paths:
    - src/**
    - content/**
    - public/**
  protected_paths:
    - package.json
    - .github/workflows/**
    - sanity/schema/**
  allowed_commands:
    - pnpm install
    - pnpm test
    - pnpm build
    - pnpm dev
  require_human_for:
    - auth
    - billing
    - production-deploy
    - dependency-upgrade
    - secrets

Acceptance criteria

  • Config supports required labels, blocked labels, allowed/protected paths, command allowlists, active/paused session limits, runtime limits, and budget limits.
  • Policy is evaluated before starting an issue and blocks unsafe work before agent execution.
  • Policy is evaluated before running configured shell commands.
  • Policy is evaluated after implementation to detect protected-path diffs.
  • Blocked work receives needs-human-input and an explanatory GitHub comment.
  • Policy decisions are persisted in session history and lifecycle events.
  • Sensible defaults are documented for marketing sites and web apps.
  • Tests cover allowed work, blocked labels, protected paths, disallowed commands, runtime limits, and ambiguous/high-risk categories.

Out of scope

  • A full sandbox/container runtime.
  • Fine-grained static security analysis beyond path/command/category policy.
  • Production deployment approvals.

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    engineLoop engine infrastructureenhancementNew feature or requestreadyIssue is ready for automated agent processingserverExpress monitoring server

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions