Category: spec-conformance Severity: blocker
Location: src/Arcp.Runtime/JobContext.fs:97-97
Spec: ARCP v1.1 §9.4
What
The runtime accepts any DelegateBody and emits it verbatim. Spec §9.4 says delegated lease MUST be a strict subset of the delegating lease and that violations MUST be rejected with LEASE_SUBSET_VIOLATION. Lease.isSubset exists in Arcp.Core/Lease.fs but is never invoked here.
Evidence
member _.EmitDelegateAsync(body: DelegateBody, _ct: CancellationToken) : Task = emit (JobEventBody.Delegate body)
Proposed fix
Before emitting, call Lease.isSubset body.Lease record.Lease record.Budgets.Snapshot() (record.Constraints |> Option.map _.ExpiresAt) (body.LeaseConstraints |> Option.map _.ExpiresAt); on Error raise ArcpException with the returned LeaseSubsetViolation.
Acceptance criteria
Category: spec-conformance Severity: blocker
Location:
src/Arcp.Runtime/JobContext.fs:97-97Spec: ARCP v1.1 §9.4
What
The runtime accepts any DelegateBody and emits it verbatim. Spec §9.4 says delegated lease MUST be a strict subset of the delegating lease and that violations MUST be rejected with LEASE_SUBSET_VIOLATION. Lease.isSubset exists in Arcp.Core/Lease.fs but is never invoked here.
Evidence
Proposed fix
Before emitting, call Lease.isSubset body.Lease record.Lease record.Budgets.Snapshot() (record.Constraints |> Option.map _.ExpiresAt) (body.LeaseConstraints |> Option.map _.ExpiresAt); on Error raise ArcpException with the returned LeaseSubsetViolation.
Acceptance criteria