feat: add segregation of duties schema, types, and spec#11
Merged
shreyas-lyzr merged 1 commit intoopen-gitagent:mainfrom Feb 27, 2026
Merged
Conversation
This was referenced Feb 27, 2026
Add the `segregation_of_duties` subsection to the compliance schema with support for roles, conflict matrix, assignments, isolation levels, handoff workflows, and enforcement modes. - JSON Schema definition in agent-yaml.schema.json - TypeScript types in loader.ts ComplianceConfig interface - Spec documentation including DUTIES.md convention, validation rules, and regulatory reference table Closes open-gitagent#10 (part 1 of 4)
patel-lyzr
force-pushed
the
feat/sod-1-spec-schema
branch
from
d9f5ce7 to
217c92b
Compare
shreyas-lyzr
approved these changes
Feb 27, 2026
Contributor
shreyas-lyzr
left a comment
shreyas-lyzr
left a comment
There was a problem hiding this comment.
Nice work splitting this into a proper PR stack — much easier to review.
This PR (spec + schema + types) looks solid:
- Schema design is clean — roles, conflicts, assignments, isolation, handoffs, enforcement all make sense as separate concerns
- The
permissionsenum (create,submit,review,approve,reject,execute,audit,report) covers the maker-checker-executor-auditor pattern well - DUTIES.md at two levels (root policy + per-agent declaration) is a smart design choice — mirrors how RULES.md works
- Validation rule #8 in the spec is well-defined with clear constraints
- Regulatory reference table (FINOS, SOC 2, SR 11-7, FINRA 3110) adds credibility
One minor thing: the DUTIES.md line in the directory structure tree has extra spaces vs the other entries — cosmetic but worth fixing:
├── DUTIES.md # (3 extra spaces vs other lines)
Approving — this is ready to merge. The rest of the stack depends on it so let's get this in.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the
segregation_of_dutiessubsection to the gitagent compliance schema — a new spec-level concept for enforcing that no single agent controls a critical process end-to-end.agent-yaml.schema.json): Fullsegregation_of_duties_configdefinition with roles (id, description, permissions), conflicts (2-tuples), assignments (agent→roles mapping), isolation (state/credentials enums), handoffs (action + required_roles + approval), and enforcement (strict/advisory)loader.ts):segregation_of_dutiesadded toComplianceConfiginterfaceSPECIFICATION.md): DUTIES.md convention (root + per-agent levels), SOD YAML documentation, validation rule Welcome to gitagent — introduce yourself and your use case #8, regulatory reference table (FINOS, SOC 2, SR 11-7, FINRA 3110)Context
Inspired by Salient AI's purpose-built agent architecture (each agent scoped to one duty in the lending lifecycle) and the FINOS AI Governance Framework's multi-agent isolation controls.
Closes #10 (part 1 of 4)
Test plan
npm run buildpasses cleanlyPR Stack
This is PR 1 of 4 for the SOD feature:
🤖 Generated with Claude Code