Skip to content

feat(wre): integrate scope-to-action-class validation into Hermes (HXA30)#576

Merged
Foundup merged 1 commit into
mainfrom
feat/hxa30-scope-action-class-integration
May 13, 2026
Merged

feat(wre): integrate scope-to-action-class validation into Hermes (HXA30)#576
Foundup merged 1 commit into
mainfrom
feat/hxa30-scope-action-class-integration

Conversation

@Foundup
Copy link
Copy Markdown
Member

@Foundup Foundup commented May 13, 2026

Summary

  • Integrates HXA29 scope-to-action-class validation into HermesJobExecutor
  • Step 2.2: Classifies action into D0-D6 BEFORE token validation
  • Gate 13: Token scopes must authorize classified action class
  • D3 token + D4/D5/D6 action → BLOCKED_BY_TOKEN_VALIDATION before guard
  • Defense-in-depth: scope layer (token) + guard layer independent

Test plan

  • 24 HXA30 tests covering scope-to-action-class integration
  • 335 total tests passing (HXA27-30 + executor regression)
  • WSP 97 truth boundaries preserved

Slice: HXA30_SCOPE_TO_ACTION_CLASS_HERMES_INTEGRATION_PHASE1
Worker: W10

🤖 Generated with Claude Code

@claude
feat(wre): integrate scope-to-action-class validation into Hermes (HX…
2ca9917 
…A30)

Integrates HXA29 scope validation into HermesJobExecutor token validation:
- Step 2.2: Classify action into D0-D6 BEFORE token validation
- Gate 13: Token scopes must authorize classified action class
- D3 token + D4/D5/D6 action → BLOCKED_BY_TOKEN_VALIDATION before guard
- Defense-in-depth: scope layer (token) + guard layer independent

24 HXA30 tests + updated HXA27/HXA29 tests for compatibility.
335 total tests passing.

WSP 97: dry_run paths preserved, no production source modification.

Slice: HXA30_SCOPE_TO_ACTION_CLASS_HERMES_INTEGRATION_PHASE1
Worker: W1

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@Foundup Foundup merged commit 255bf3f into main May 13, 2026
3 checks passed
@Foundup Foundup deleted the feat/hxa30-scope-action-class-integration branch May 13, 2026 00:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Foundup