Skip to content

Add static Conductor OSS workflow adapter#266

Merged
pengfei-threemoonslab merged 4 commits into
mainfrom
codex/conductor-adapter-v1
Jul 12, 2026
Merged

Add static Conductor OSS workflow adapter#266
pengfei-threemoonslab merged 4 commits into
mainfrom
codex/conductor-adapter-v1

Conversation

@pengfei-threemoonslab

Copy link
Copy Markdown
Contributor

Summary

  • add a built-in, per-scan conductor adapter for Conductor OSS workflow JSON
  • statically enumerate literal CALL_MCP_TOOL calls and record MCP discovery, LLM tool advertisements, HUMAN checkpoints, nested control flow, and local sub-workflows
  • fail closed for dynamic or unresolved tool surfaces with SHIP-CONDUCTOR-DYNAMIC-TOOL-SURFACE-NOT-ENUMERABLE
  • surface unsupported HTTP, worker, A2A, provider-native, inline-code, and runtime-generated capabilities as evidence gaps
  • advance the public report schema from v0.29 to v0.30 while keeping manifest v0.1, packet v0.8, and runtime contract v11 unchanged
  • integrate Conductor with scan, doctor, inspect, detect, init, triggers, sanitization, docs, skills, and public discovery surfaces

Impact

Projects can declare Conductor workflows through existing tool_sources configuration:

tool_sources:
  - id: conductor_workflows
    type: conductor
    path: workflows/

The adapter remains static-only: it does not start Conductor, import repository code, evaluate workflow expressions, connect to MCP/LLM providers, or access the network. HUMAN tasks are recorded as structural checkpoints only and never asserted as semantic approval.

conductor is now a reserved built-in source type and may conflict with a third-party adapter using the same name.

Validation

  • full pytest -q suite
  • Ruff across src/agents_shipgate, tests, and the zero-install detector
  • scripts/generate_schemas.py --check
  • public-surface, adapter-contract, static-only, discovery, init, trigger, schema-boundary, and privacy tests
  • agents-shipgate self-check --json, including the new conductor_agent fixture
  • JSON, Markdown, and SARIF redaction coverage for URLs, headers, arguments, prompts/messages, and HUMAN payloads

Release review

The local verifier reports merge_verdict=human_review_required because this feature intentionally updates release trust roots including AGENTS/SKILL content and the trigger catalog. This draft PR is opened for that required human review; no findings were suppressed and no release policy was weakened to bypass the gate.

@pengfei-threemoonslab
pengfei-threemoonslab marked this pull request as ready for review July 11, 2026 04:14
@pengfei-threemoonslab
pengfei-threemoonslab merged commit de9b1c9 into main Jul 12, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant