@a5c-ai/krate 5.0.1-staging.f672fe79b

package/docs/agents/shared-memory-company-brain-spec.md

@@ -0,0 +1,358 @@
+# Shared memory company brain spec
+
+## Purpose
+
+Krate should manage repo-based shared agent memory as an org-level company brain. The company brain is an internal Git repository managed by Krate behind the scenes, but still inspectable, exportable, reviewable, and recoverable like any other repository. Agents can read it, query it, cite it in context, and propose updates to it through governed workflows.
+
+This is docs-only product scope.
+
+## Goals
+
+- Make shared agent memory explicit, durable, reviewable, versioned, and auditable.
+- Use Git, Markdown, YAML frontmatter, YAML graph records, and grep-searchable Markdown as the source of truth.
+- Treat the memory repository as a private Atlas-style graph layer, not as an opaque vector store.
+- Let context assembly pin memory to a commit, tag, branch, or timestamp-derived historical ref.
+- Let agents propose memory updates as PRs or patch artifacts by default, not direct writes.
+- Connect memory to repositories, agent stacks, tools, skills, subagents, triggers, CI runs, issues, PRs, and workspaces.
+
+## Non-goals
+
+- Do not replace repository code, `AGENTS.md`, issue history, PR discussions, CI artifacts, or run transcripts.
+- Do not require every useful note to be promoted into a graph node before it can be searched.
+- Do not let memory records grant tools, secrets, config, approval bypasses, or runner privileges.
+- Do not store raw secrets, private keys, OAuth tokens, kubeconfigs, or unredacted credential material.
+
+## Atlas alignment
+
+Local Atlas research shows a useful shape for Krate memory:
+
+- YAML graph records use `nodeKind`, `id`, `attributes`, and `edges`.
+- Markdown pages can be indexed from YAML frontmatter plus body content.
+- Edge extraction supports object maps and list forms.
+- Context engineering already models `MemoryStore`, `ContextBundle`, memory hierarchy, compaction, and background consolidation.
+- Private overlays are separate from public graph data and can reuse the same graph/index vocabulary with stricter RBAC.
+
+Krate should model company brain as an org-private Atlas overlay with Kubernetes/RBAC-backed access control and Git-backed history.
+
+## Memory repository layout
+
+Recommended default layout:
+
+```text
+.company-brain/
+  README.md
+  ontology/
+    node-kinds.yaml
+    edge-kinds.yaml
+    controlled-vocabulary.yaml
+    validation-rules.yaml
+  graph/
+    teams/
+    repositories/
+    services/
+    products/
+    runbooks/
+    decisions/
+    incidents/
+    agent-practices/
+  pages/
+  runbooks/
+  decisions/
+  incidents/
+  repositories/
+  agents/
+    stacks/
+    skills/
+    tools/
+    subagents/
+  notes/
+    meetings/
+    investigations/
+    scratch/
+  indexes/
+    graph-index.json
+    search-manifest.json
+    ontology-report.json
+```
+
+`graph/` contains canonical typed YAML records. `runbooks/`, `decisions/`, `incidents/`, `repositories/`, and `pages/` contain Markdown records with YAML frontmatter. `notes/` contains free-form Markdown that can be searched with grep and later promoted into canonical records. `indexes/` is generated and reproducible from source files.
+
+## Knowledge forms
+
+| Form | Source of truth | Use |
+| --- | --- | --- |
+| Graph YAML | `graph/**/*.yaml` | typed nodes, edges, ownership, dependencies, repository associations. |
+| Markdown records | `**/*.md` with frontmatter | human-readable knowledge that is also graph-addressable. |
+| Free-form Markdown | `notes/**/*.md`, `meetings/**/*.md`, `scratch/**/*.md` | broad grep search and raw institutional notes. |
+| Ontology YAML | `ontology/**/*.yaml` | node kinds, edge kinds, controlled vocabulary, validation. |
+| Derived indexes | `indexes/**/*` | fast lookup, search manifests, validation summaries; never authoritative. |
+
+## Core resources
+
+### `AgentMemoryRepository`
+
+Declarative config for the org memory Git repository.
+
+```yaml
+kind: AgentMemoryRepository
+spec:
+  organization: a5c
+  visibility: internal
+  provider: github
+  repositoryRef:
+    owner: a5c-ai
+    name: company-brain
+  defaultBranch: main
+  managedByKrate: true
+  layoutProfile: atlas-md-yaml-v1
+  indexPolicy:
+    buildGraphIndex: true
+    buildSearchManifest: true
+    buildOntologyReport: true
+status:
+  phase: Ready
+  currentCommit: abcdef1234567890
+  indexDigest: sha256:...
+  ontologyDigest: sha256:...
+```
+
+### `AgentMemorySource`
+
+Read policy for repositories, teams, stacks, triggers, or users.
+
+```yaml
+kind: AgentMemorySource
+spec:
+  repositoryRef: org-company-brain
+  appliesTo:
+    repositories: [krate]
+    teams: [platform]
+  include:
+    graphKinds: [Repository, Service, Runbook, Decision, Incident, AgentPractice]
+    paths:
+      - graph/orgs/[org]/repositories/krate/**
+      - runbooks/ci/**
+      - decisions/platform/**
+  exclude:
+    paths:
+      - incidents/security/**
+  defaultQueryMode: graph-and-grep
+  maxContextBytes: 128000
+```
+
+### `AgentMemorySnapshot`
+
+Immutable execution-time record of the memory ref and selected material.
+
+```yaml
+kind: AgentMemorySnapshot
+spec:
+  memoryRepository: org-company-brain
+  requestedRef: main
+  resolvedCommit: abcdef1234567890
+  refResolution:
+    mode: current
+  queryManifestDigest: sha256:...
+  selectedRecordsDigest: sha256:...
+  selectedDocumentsDigest: sha256:...
+  ontologyDigest: sha256:...
+  indexDigest: sha256:...
+```
+
+### `AgentMemoryQuery`
+
+Aggregated query record for graph and grep retrieval.
+
+```yaml
+kind: AgentMemoryQuery
+spec:
+  snapshotRef: memory-snapshot-01hx
+  requester:
+    kind: AgentDispatchRun
+    name: adr-01hx
+  query:
+    text: flaky playwright failures in krate pipelines
+    modes: [graph, grep]
+    graph:
+      kinds: [Runbook, Decision, Incident, AgentPractice]
+      edgeDepth: 2
+    grep:
+      paths: [runbooks/**, incidents/**, notes/**]
+      maxMatches: 25
+```
+
+### `AgentMemoryUpdate`
+
+Reviewable proposed mutation to the memory repository.
+
+```yaml
+kind: AgentMemoryUpdate
+spec:
+  memoryRepository: org-company-brain
+  sourceRun: adr-01hx
+  updateKind: proposed-pr
+  baseCommit: abcdef1234567890
+  branchName: krate/agent-memory/adr-01hx
+  changes:
+    - path: runbooks/ci/playwright-flake.md
+      action: upsert
+      reason: Capture verified remediation from dispatch adr-01hx.
+  validationPolicy:
+    requireOntologyValid: true
+    requireFrontmatterValid: true
+    requireHumanApproval: true
+status:
+  phase: AwaitingApproval
+  diffDigest: sha256:...
+  pullRequestRef: a5c-ai/company-brain/123
+```
+
+### `AgentMemoryOntology`
+
+Pointer to ontology policy and validation status.
+
+```yaml
+kind: AgentMemoryOntology
+spec:
+  memoryRepository: org-company-brain
+  ontologyPath: ontology
+  requiredFields: [id, kind, title, owners, status]
+  allowedEdgeKindsRef: ontology/edge-kinds.yaml
+  controlledVocabularyRef: ontology/controlled-vocabulary.yaml
+```
+
+### `AgentMemoryAssociation`
+
+Bridge between memory records and Krate resources.
+
+```yaml
+kind: AgentMemoryAssociation
+spec:
+  memoryRepository: org-company-brain
+  memoryRef:
+    id: runbook:ci-playwright-flake
+    path: runbooks/ci/playwright-flake.md
+  targetRef:
+    kind: Repository
+    name: krate
+  relationship: applies_to_repo
+```
+
+## Git-backed versioning
+
+- Every memory read resolves to a commit SHA before context assembly.
+- The default branch represents current approved memory.
+- Dispatch snapshots store requested ref, resolved commit, ontology digest, index digest, query manifest, selected records, and selected excerpts.
+- Time-travel memory resolves by finding the latest approved commit at or before the requested timestamp.
+- Retrying a run uses the original memory snapshot unless the user explicitly refreshes memory.
+- Updating memory from a historical run targets current `main` unless policy explicitly allows a different branch.
+
+## Time-travel examples
+
+Current memory:
+
+```yaml
+memory:
+  repositoryRef: org-company-brain
+  ref: main
+  queryMode: graph-and-grep
+```
+
+Memory from two days ago:
+
+```yaml
+memory:
+  repositoryRef: org-company-brain
+  refAt: 2026-05-08T00:00:00Z
+  resolutionPolicy: latest-commit-before-or-at
+  queryMode: graph-and-grep
+```
+
+Named snapshot:
+
+```yaml
+memory:
+  repositoryRef: org-company-brain
+  ref: refs/tags/memory/snapshots/2026-05-08T000000Z
+  queryMode: graph-only
+```
+
+## Required user flows
+
+- Configure or adopt an org-level memory repository from `/agents/memory`.
+- Associate memory paths and graph kinds with a repository from `/orgs/[org]/repositories/[repo]/settings/agents`.
+- Preview selected memory records and grep excerpts in the dispatch composer.
+- Run an agent with current memory, explicit ref, snapshot tag, or memory from a timestamp.
+- Open run detail and inspect memory commit, query manifest, selected records, excerpts, redaction status, and stale-memory warning.
+- Let an agent propose a memory update from a run and route it through validation plus PR review.
+- Browse graph records and grep-search free-form docs from `/agents/memory` subject to permissions.
+
+## Acceptance criteria
+
+- Repository dispatch can include graph records and grep excerpts from allowed memory paths with visible provenance.
+- Historical memory dispatches are commit-pinned and never silently refresh on retry.
+- Agents can propose memory updates as reviewable PRs with ontology validation.
+- UI warns when a stack, tool, or skill needs memory permissions it does not have.
+- Past runs remain explainable even after the memory repository changes.
+
+## Babysitter run memory artifacts
+
+The company brain must also support durable Babysitter run memory for org-scoped orchestration. Krate should treat Babysitter's `MEMORY.md`, session summaries, journals, task results, and selected `.a5c` run artifacts as first-class memory sources when they are admitted into the org memory repository.
+
+Recommended layout:
+
+```text
+.company-brain/
+  babysitter/
+    MEMORY.md
+    sessions/
+      2026/05/10/<session-id>.md
+    runs/
+      <run-id>/
+        run.yaml
+        journal/
+          000001.yaml
+        tasks/
+          <task-id>.yaml
+        artifacts/
+          manifest.yaml
+    retrospectives/
+    process-notes/
+```
+
+Requirements:
+
+- `MEMORY.md` is the org-level agent memory entrypoint for orchestration conventions, stable lessons, and runbooks.
+- Raw `.a5c` files are not copied wholesale by default; Krate imports curated manifests, journals, session summaries, task results, and artifact digests according to retention and sensitivity policy.
+- Run journals preserve event order, task IDs, source repository, agent stack, session IDs, artifacts, and final status.
+- Session summaries and retrospectives can be promoted into canonical graph or Markdown memory records.
+- Imported run memory is org-scoped and cannot be queried by agents in another org.
+- Secret scans and prompt-injection checks run before `.a5c` artifacts become searchable memory.
+
+### Babysitter memory resources
+
+```yaml
+kind: AgentRunMemoryImport
+spec:
+  organizationRef: a5c
+  memoryRepository: org-company-brain
+  source:
+    kind: babysitter-run
+    a5cRunPath: .a5c/runs/01KR...
+  include:
+    memoryMd: true
+    sessionSummary: true
+    journal: curated
+    taskResults: true
+    artifactManifests: true
+  targetPath: babysitter/runs/01KR...
+  validationPolicy:
+    redactSecrets: true
+    requireReview: true
+```
+
+The memory repo stores durable knowledge and replayable context, not arbitrary private workspace dumps.
+
+## Run memory import boundary
+
+`AgentRunMemoryImport` is the only supported path for moving Babysitter operational state into the company brain. The import controller normalizes and redacts `MEMORY.md`, sessions, `.a5c` journals, task outputs, and artifact manifests before proposing changes to the org memory repo. Direct writes from a runner workspace into the memory repo are not allowed unless an org policy explicitly grants a trusted maintenance workflow.

package/docs/agents/storage-migration-spec.md

@@ -0,0 +1,168 @@
+# Agent storage and migration spec
+
+## Purpose
+
+This document defines how agent resources should be stored, indexed, migrated, and retained. It follows the current Krate split in `src/resource-model.js`: declarative configuration resources live in etcd/CRDs, while high-cardinality forge activity is served by the aggregated API/Postgres boundary.
+
+## Storage classes
+
+| Class | Resources | Backing store | Reason |
+| --- | --- | --- | --- |
+| Declarative config | stacks, tools, MCP servers, skills, triggers, context labels, ServiceAccounts, role bindings, grants | CRDs/etcd | GitOps-friendly, low-cardinality, reviewable. |
+| Execution metadata | dispatch runs, attempts, sessions, workspaces, approvals, trigger executions, capability requirements | aggregated API/Postgres | high-cardinality, frequently updated, query-heavy. |
+| Blob/artifact data | context bundles, logs, patches, transcripts, subagent outputs, review artifacts | object storage + metadata in Postgres | potentially large, immutable or append-heavy. |
+| Native Kubernetes objects | ServiceAccounts, Roles, RoleBindings, Secrets, ConfigMaps | Kubernetes API | authoritative enforcement objects. |
+| External runtime state | Agent Mux sessions/runs/events | Agent Mux storage/gateway | adapter-specific execution details. |
+
+## Resource lifecycle
+
+### Config resources
+
+- Created through generic controller resources API or typed agent routes.
+- Reconciled into status by controllers.
+- Can be managed by GitOps through Helm/Argo CD.
+- Should use `metadata.generation` and `status.observedGeneration`.
+- Deleting a config resource must show dependent stacks/rules/runs before finalization.
+
+### Execution resources
+
+- Created by controllers or admitted API actions, not by GitOps by default.
+- Must keep source breadcrumbs and immutable snapshots.
+- Status updates are frequent and should not be CRD-heavy if volume grows.
+- Retention policies should prune or archive old execution records while preserving audit summaries.
+
+### Artifact resources
+
+- Metadata stored in `AgentArtifact`, `AgentContextBundle`, or `AgentReviewArtifact`.
+- Bytes stored in object storage.
+- Digest and retention metadata are mandatory.
+- Secret values and raw credentials are never stored as artifacts.
+
+## Postgres tables for aggregated resources
+
+Suggested logical tables:
+
+| Table | Primary key | Important indexes |
+| --- | --- | --- |
+| `agent_dispatch_runs` | `uid` | repository, status, stack, trigger, source kind/name, branch, created_at |
+| `agent_dispatch_attempts` | `uid` | dispatch_run_uid, phase, agent_mux_run_id, agent_mux_session_id |
+| `agent_sessions` | `uid` | agent_mux_session_id, dispatch_run_uid, workspace_uid |
+| `agent_workspaces` | `uid` | repository, workspace_path, branch, status, ownership kind/name |
+| `agent_approvals` | `uid` | dispatch_run_uid, phase, action_type, requested_by, approver |
+| `agent_trigger_executions` | `uid` | trigger_rule, source_event_uid, dedupe_key, decision, created_at |
+| `agent_capability_requirements` | `uid` | owner kind/name, stack, missing grant kind |
+| `agent_artifacts` | `uid` | dispatch_run_uid, kind, digest, created_at |
+| `agent_context_bundles` | `uid` | digest, dispatch_run_uid, source digest |
+| `work_item_session_links` | `uid` | work_item_ref, agent_session_uid |
+| `work_item_workspace_links` | `uid` | work_item_ref, workspace_uid |
+
+## Immutable snapshots
+
+Every `AgentDispatchAttempt` must snapshot:
+
+- stack name and generation;
+- expanded tool/MCP/skill/subagent refs;
+- prompt/context labels and rendered prompt digest;
+- context bundle digest and source manifest;
+- permission review digest;
+- runtime ServiceAccount and runner ServiceAccount;
+- Secret/ConfigMap grant names, key names, and metadata versions;
+- runner pool and workspace policy;
+- Agent Mux launch options after redaction.
+
+Snapshots protect retries from silently changing due to later stack or secret edits. Retry/resume may intentionally create a new snapshot.
+
+## Retention policy
+
+Default retention knobs should be chart values later:
+
+| Data | Default | Notes |
+| --- | --- | --- |
+| dispatch runs | 90 days | keep longer summaries for audit. |
+| attempts/events | 90 days | compact old event streams into summaries. |
+| transcripts | 30 days | configurable by repository/org. |
+| context bundles | 30 days | shorter for large/log-heavy bundles. |
+| patch/review artifacts | 180 days | linked to PR lifecycle. |
+| approvals/audit summaries | 1 year | no secret values. |
+| workspaces | policy-driven | cleanup after merge/close unless pinned. |
+
+## Migration plan
+
+### Phase 1: resource definitions
+
+- Add agent kinds to `src/resource-model.js`.
+- Add `KRATE_RESOURCES` entries in `src/kubernetes-controller.js`.
+- Add CRDs under `charts/krate/crds/`.
+- Validate generic list/apply/watch still works.
+
+### Phase 2: aggregated schema
+
+- Add tables for dispatches, attempts, approvals, workspaces, trigger executions, artifacts, and links.
+- Backfill no data; first version starts empty.
+- Ensure every table has repository/source/status/time indexes.
+
+### Phase 3: snapshots and artifacts
+
+- Add immutable context/permission snapshot metadata.
+- Add object-storage references and digest validation.
+- Add retention jobs but keep deletion disabled by default in dev/demo.
+
+### Phase 4: migration hardening
+
+- Add schema version resource or table.
+- Migrations must be idempotent.
+- Failed migrations block controller start but keep web read-only where possible.
+
+## Consistency model
+
+- Config resources are eventually reconciled into readiness conditions.
+- Dispatch creation requires current permission review and stack status, but final launch uses immutable attempt snapshot.
+- Agent Mux session state may lag; Krate run status should expose `AgentMuxSessionBound` and stream cursor.
+- Watch reconnect should resume from current list state if event cursor is unavailable.
+
+## Query requirements for UI
+
+The storage layer must support:
+
+- repository-scoped run list;
+- source PR/issue/pipeline run list;
+- global pending approvals;
+- missing permission warnings by stack and repository;
+- active sessions by workspace;
+- Secret/ConfigMap consumer graph;
+- trigger execution history and coalescing decisions;
+- stale/drifted ServiceAccount/RoleBinding/grant summaries.
+
+## Company brain storage class
+
+The company brain uses Git as the source of truth and Krate resources as the control plane.
+
+| Data | Backing store | Notes |
+| --- | --- | --- |
+| memory source files | internal Git repository | Markdown, YAML frontmatter, graph YAML, ontology YAML. |
+| generated indexes | Git, object storage, or controller cache | reproducible from source commit. |
+| memory config | CRDs/etcd | repository, source policy, ontology, associations. |
+| memory snapshots and queries | Postgres/object storage | high-cardinality run-bound records and selected excerpts. |
+| memory update artifacts | object storage + memory repo PR | proposed patches, validation reports, approvals. |
+
+Dispatch snapshots must store the resolved memory commit so future retries and audits do not depend on mutable branch state.
+
+## Babysitter memory storage
+
+`.a5c` directories remain run-local operational state. The company brain stores admitted org memory derived from them:
+
+| Source | Stored in memory repo | Notes |
+| --- | --- | --- |
+| `MEMORY.md` | `babysitter/MEMORY.md` | org-level orchestration entrypoint. |
+| `.a5c/runs/*/run.json` | `babysitter/runs/<run>/run.yaml` | normalized metadata, org, repo, process, status. |
+| `.a5c/runs/*/journal/*.json` | `babysitter/runs/<run>/journal/*.yaml` | curated/redacted ordered events. |
+| `.a5c/runs/*/tasks/*/result.json` | `babysitter/runs/<run>/tasks/*.yaml` | task result summary and evidence refs. |
+| `.a5c/artifacts/*` | artifact manifest/digest only by default | raw artifacts require explicit retention policy. |
+
+Imports must preserve source digests and never mutate historical dispatch snapshots.
+
+## Org-scoped backup and restore
+
+Org backup must include declarative resources from the org namespace, aggregated API rows filtered by org, repository storage, deployment metadata, object artifacts, and the org company brain memory repository. Restore order is namespace and org binding first, then config resources, repositories, memory repo, Postgres rows, object artifacts, controllers, and finally watch/index rebuild.
+
+`AgentMemorySnapshot` records must remain readable even if the current company brain repository has moved; snapshots store resolved commit and selected digests for this reason.

package/docs/agents/subagent-orchestration-spec.md

@@ -0,0 +1,152 @@
+# Agent subagent orchestration spec
+
+## Purpose
+
+Krate should support parent agents that delegate to subagents for research, implementation, validation, review, and release checks. Subagents must be visible, policy-admitted, auditable, and linked to parent dispatch attempts.
+
+## Model
+
+`AgentSubagent` defines a reusable child-agent role. A parent `AgentStack` references subagents and sets concurrency/permission boundaries.
+
+Subagents may run in two modes:
+
+| Mode | Description | Owner |
+| --- | --- | --- |
+| native Agent Mux subagent | adapter supports child-agent dispatch inside one session | Agent Mux executes; Krate projects telemetry |
+| Krate-emulated child attempt | Krate creates child `AgentDispatchAttempt` or linked run | Krate schedules and links child execution |
+
+Krate chooses mode based on adapter capabilities and stack policy.
+
+## `AgentSubagent` fields
+
+Important fields:
+
+- `spec.name`;
+- `spec.description`;
+- `spec.rolePrompt`;
+- `spec.taskKinds`;
+- `spec.modelOverride`;
+- `spec.toolRefs`;
+- `spec.mcpServerRefs`;
+- `spec.skillRefs`;
+- `spec.runtimeIdentityOverride`;
+- `spec.workspaceScope`: no-workspace, read-only, branch-local, isolated-worktree;
+- `spec.maxParallelTasks`;
+- `spec.contextPolicy`;
+- `spec.outputContract`;
+- `spec.approvalPolicy`.
+
+## Context slicing
+
+Subagents should not automatically receive full parent context.
+
+Context policies:
+
+- `summary-only`: parent sends task summary and source breadcrumbs;
+- `selected-sources`: parent sends selected files/logs/artifacts;
+- `full-redacted`: parent sends full redacted context bundle;
+- `artifact-only`: parent sends specific artifacts;
+- `no-context`: parent sends only role prompt and task.
+
+Every child context slice gets a digest and provenance entry.
+
+## Output contracts
+
+Common contracts:
+
+- markdown summary;
+- checklist;
+- JSON finding list;
+- patch artifact;
+- review comments;
+- test report;
+- release readiness report;
+- risk assessment.
+
+The parent run should record whether each subagent fulfilled its contract.
+
+## Telemetry projection
+
+Run detail should show a subagent tree/lane view with:
+
+- subagent name and role;
+- mode: native or Krate-emulated;
+- status;
+- context slice digest;
+- tools/MCP/skills enabled;
+- workspace scope;
+- started/completed timestamps;
+- output artifact links;
+- parent decision impact.
+
+## Permission model
+
+Subagents inherit the parent stack by default but can only reduce permissions unless policy explicitly allows override.
+
+Rules:
+
+- tool set must be subset of parent admitted tools unless override is approved;
+- Secret/ConfigMap grants must match child subject or parent stack policy;
+- runtime ServiceAccount override requires `AgentRoleBinding` and permission review;
+- untrusted source remains untrusted for every child;
+- subagent output cannot directly write back without parent/approval gate.
+
+## Scheduling and concurrency
+
+Concurrency limits:
+
+- per parent run;
+- per subagent definition;
+- per stack;
+- per runner pool;
+- per repository.
+
+When limits are reached, child work is queued and visible in the subagent tree.
+
+## Failure behavior
+
+| Failure | Parent behavior |
+| --- | --- |
+| subagent unavailable | parent continues only if subagent optional; otherwise blocked/failed |
+| output contract invalid | parent sees failed child and artifact validation error |
+| child permission denied | parent gets permission warning and suggested fix |
+| child timeout | parent can retry child or continue with partial results |
+| child produces unsafe write-back | converted to `AgentApproval`, never auto-applied |
+
+## UI flows
+
+### Stack builder
+
+- add/remove subagents;
+- select task kinds;
+- choose context policy;
+- select tool/MCP/skill subset;
+- show adapter support;
+- show permission review for each child.
+
+### Run detail
+
+- show parent timeline and child lanes;
+- allow expanding each child transcript/summary;
+- show artifacts per child;
+- show child failures with retry/ignore controls when supported.
+
+## Audit requirements
+
+Audit records must include:
+
+- parent dispatch run and attempt;
+- subagent definition generation;
+- context slice digest;
+- runtime identity;
+- tools/MCP/skills/secrets/configs admitted;
+- output artifact digest;
+- parent decision that consumed child output.
+
+## Acceptance criteria
+
+- Parent run shows which subagents were invoked and why.
+- Subagents cannot silently receive broader permissions than parent.
+- Each child context slice and output artifact is digest-addressed.
+- Failed or partial child work is visible in run detail.
+- Native Agent Mux subagents and Krate-emulated child attempts project into the same UI model.