Skip to content

Comments

feat: add sub-agent orchestration with zero-trust permission model#735

Merged
bug-ops merged 1 commit intomainfrom
feat/709-sub-agent-orchestration
Feb 21, 2026
Merged

feat: add sub-agent orchestration with zero-trust permission model#735
bug-ops merged 1 commit intomainfrom
feat/709-sub-agent-orchestration

Conversation

@bug-ops
Copy link
Owner

@bug-ops bug-ops commented Feb 21, 2026

Summary

  • Sub-agent orchestration system enabling the main agent to delegate tasks to specialized child agents
  • Zero-trust security model: all permissions TTL-bounded, auto-revoked, secrets never persisted
  • In-process A2A channels (mpsc) reusing zeph-a2a types, upgradable to HTTP later
  • Tool filtering (AllowList/DenyList/InheritAll) and skill filtering with glob patterns
  • 55+ unit tests covering parsing, grants, filtering, manager lifecycle

New module: zeph-core::subagent

File Purpose
def.rs SubAgentDef, TOML frontmatter parser, definition loader
manager.rs SubAgentManager (spawn/cancel/collect/approve_secret)
channel.rs In-process A2A channels (OrchestratorHalf/AgentHalf)
grants.rs PermissionGrants with TTL, audit trail, Drop revocation
filter.rs FilteredToolExecutor, SkillFilter with glob matching
error.rs SubAgentError

Zero-trust security model

  • Sub-agents start with zero permissions
  • Secrets delivered via in-memory grants only (never serialized)
  • All grants have TTL with automatic expiry sweep
  • Drop impls revoke all grants on sub-agent termination
  • Audit trail via tracing for grant/revoke/expire events
  • Fenced-block tool calls blocked for sub-agents (SEC-03 fix)

Test plan

  • cargo +nightly fmt --check
  • cargo clippy --workspace -- -D warnings
  • cargo nextest run --workspace --lib --bins (2294 passed)
  • Security audit: 0 critical, 0 high remaining
  • Code review: APPROVED

Closes #709, #710, #711, #712, #713

@github-actions github-actions bot added documentation Improvements or additions to documentation rust core dependencies enhancement New feature or request size/XL labels Feb 21, 2026
@bug-ops
feat: add sub-agent orchestration with zero-trust permission model (#709
525dd20 
)

Implement sub-agent system enabling the main agent to delegate tasks
to specialized child agents with A2A protocol-based communication.

- SubAgentDef with TOML frontmatter parser and definition loader
- SubAgentManager with spawn/cancel/collect lifecycle
- In-process A2A channels (mpsc) reusing zeph-a2a types
- Zero-trust PermissionGrants with TTL-based grants and auto-revocation
- FilteredToolExecutor with AllowList/DenyList/InheritAll policies
- Skill filtering with glob pattern matching
- Audit trail for all grant/revoke/expire events via tracing
- Drop impls for defense-in-depth secret cleanup
@bug-ops bug-ops force-pushed the feat/709-sub-agent-orchestration branch from 0de1b6f to 525dd20 Compare February 21, 2026 15:53
This was linked to issues Feb 21, 2026
M28-A: Sub-agent definition format and parser #710
Closed
M28-B: SubAgentManager core with in-process A2A channels #711
Closed
M28-C: Tool and skill filtering for sub-agents #712
Closed
M28-D: Permission and secret delegation protocol #713
Closed
@bug-ops bug-ops enabled auto-merge (squash) February 21, 2026 15:58
@bug-ops bug-ops merged commit c254715 into main Feb 21, 2026
23 checks passed
@bug-ops bug-ops deleted the feat/709-sub-agent-orchestration branch February 21, 2026 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core dependencies documentation Improvements or additions to documentation enhancement New feature or request rust size/XL

Projects

None yet

Milestone

No milestone

1 participant

@bug-ops