[codex] Add Syrin Agent OS export kit

[rhein1]

Summary

• Adds a unified syrin_agent_os_export starter kit for self-hosted, platform-hosted, or hybrid Agoragentic x Syrin deployments.
• Builds an export manifest, no-spend platform preview payload, canonical deployment workflow, acceptance checklist, and Agent OS implementation prompt.
• Updates roadmap, sandbox/deployment guidance, workflow schemas, and starter-kit docs.
• Keeps syrin integrate agoragentic as a maintainer-gated future core integration, not implemented here.

Stack note

This PR is stacked on the still-open Agoragentic integration PRs:

• [codex] Add Micro ECF policy pack #17 Micro ECF policy pack
• [codex] Add Syrin v0.12 sandbox execute loop #18 Syrin v0.12 sandbox execute loop

Recommended merge order: #17, #18, then this PR. I can rebase this branch after #17/#18 land.

Validation

• python -m compileall -q agoragentic tests
• python -m ruff check agoragentic\starter_kits\syrin_agent_os_export tests\test_agoragentic_syrin_agent_os_export.py tests\test_agoragentic_starter_kits.py
• python -m unittest discover -s tests -v
• python agoragentic\starter_kits\syrin_agent_os_export\deployment_flow.py "Deploy a bounded growth swarm." --mode hybrid --agent-count 3 --max-budget-usd 0.25

Summary by CodeRabbit

• New Features

  • Micro ECF policy pack for portable governance
  • Syrin v0.12 preview-first native sandbox execution plan
  • Agent OS export starter kit for self-hosted, platform-hosted, and hybrid deployments (export manifest, deployment workflow, acceptance checklist, platform preview)

• Documentation

  • Expanded workflow schemas, sandbox/deployment guides, and starter kit docs
  • Updated READMEs and quick-start guidance to include sandbox, policy-pack, and export flow

• Examples

  • Added runnable examples for Micro ECF and Syrin sandbox execution

• Tests

  • New unit tests for sandbox plans, Micro ECF behavior, and Agent OS export validation

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 947efbfb-0863-472e-bbaf-e6072a46f8a0

📥 Commits

Reviewing files that changed from the base of the PR and between 383de6d and 45a464f.

📒 Files selected for processing (2)

• README.md
• agoragentic/README.md

✅ Files skipped from review due to trivial changes (2)

• README.md
• agoragentic/README.md

---

📝 Walkthrough

Walkthrough

This PR adds a Syrin Agent OS export starter kit (manifest/workflow/checklist/prompt), Syrin v0.12 sandbox execute-loop and Micro ECF policy pack examples, documentation and workflow-schema updates, and tests covering the new examples and starter kit builders.

Changes

Agent OS Export Integration

Layer / File(s)	Summary
Export manifest datatypes & builders agoragentic/starter_kits/syrin_agent_os_export/export_manifest.py	ExportComponent and SyrinAgentOSExport dataclasses, validation helpers, build_export_manifest, _export_dict, and build_platform_preview_payload are added.
Acceptance checklist & Agent OS prompt agoragentic/starter_kits/syrin_agent_os_export/acceptance_checklist.py, agoragentic/starter_kits/syrin_agent_os_export/agent_os_prompt.py	Checklist item builder, build_acceptance_checklist, summarize_acceptance_status, and build_agent_os_export_prompt with DEFAULT_GOAL are implemented.
Deployment workflow & CLI agoragentic/starter_kits/syrin_agent_os_export/deployment_flow.py	Adds build_deployment_workflow, _phase factory, CLI parser, and main() to emit workflow JSON integrating manifest, preview payload, checklist, and prompt.
Starter kit package surface agoragentic/starter_kits/syrin_agent_os_export/__init__.py, agoragentic/starter_kits/syrin_agent_os_export/README.md	Package initializer exports public builders/constants and README documents quick-starts, safety defaults, and deliverables.
Micro ECF example agoragentic/examples/micro_ecf_policy_pack.py	New example: immutable policy dataclasses, deterministic fingerprinting, action scanning (allow/review/deny), evidence mapping, execute-payload builder, mount instructions, and CLI.
Syrin sandbox example agoragentic/examples/syrin_sandbox_execute_loop.py	New example: Syrin v0.12 sandbox plan models, guardrail classification, workspace contract, sandbox steps, Syrin snippet, resource limits mapping, execute-payload builder, and CLI.
Documentation & schemas agoragentic/MICRO_ECF_POLICY_PACK.md, agoragentic/SANDBOX_AND_DEPLOYMENT.md, agoragentic/WORKFLOW_SCHEMAS.md, agoragentic/NATIVE_ROADMAP.md	Adds Micro ECF doc, Syrin v0.12 sandbox guidance, Agent OS export kit section, workflow schema entries for sandbox/export/micro-ECF, and a new roadmap phase for Agent OS export.
Examples index & READMEs agoragentic/examples/README.md, agoragentic/starter_kits/README.md, README.md, agoragentic/README.md	Updates examples and starter-kits indexes and quick-starts to include the new sandbox and Micro ECF examples and the Agent OS export starter kit.
Tests tests/test_agoragentic_autonomous_lifecycle.py, tests/test_agoragentic_starter_kits.py, tests/test_agoragentic_syrin_agent_os_export.py	Adds unit tests validating sandbox plans, Micro ECF behavior (classification, evidence, fingerprint), starter kit file presence, manifest/workflow/preview payload/checklist composition, prompt content, and input validation.

Sequence Diagrams

sequenceDiagram
  participant User
  participant MicroECF as Micro ECF
  participant Agoragentic
  participant Execution
  User->>MicroECF: Submit action (e.g., "transfer $100")
  MicroECF->>MicroECF: Scan for sensitive/prohibited terms
  MicroECF->>MicroECF: Match against execution boundary + review gates
  MicroECF->>Agoragentic: Return classification + required evidence + fingerprint
  alt Decision is DENY
    Agoragentic->>Execution: Embed policy in payload with preview_only=true, prefer_execute=false
  else Decision is REVIEW
    Agoragentic->>Execution: Flag requires approval + evidence gates, preview_only=true
  else Decision is ALLOW
    Agoragentic->>Execution: prefer_execute=true (if live enabled)
  end
  Execution-->>User: Execute or preview based on decision

Loading

sequenceDiagram
  participant Developer
  participant Sandbox as Syrin Sandbox
  participant Guardrails
  participant PlanGen as Plan Generator
  participant Agoragentic
  Developer->>Sandbox: Provide task + max_cost + requested action
  Sandbox->>Guardrails: Evaluate action for sensitive/prohibited terms
  Guardrails->>Sandbox: Return allow/review/deny decision
  Sandbox->>PlanGen: Build workspace contract + step sequence + Syrin snippet
  PlanGen->>Agoragentic: Build execute payload with constraints (max_cost, preview_only/prefer_execute)
  alt Guardrail decision is ALLOW and run_live true
    Agoragentic->>Execution: prefer_execute=true
  else
    Agoragentic->>Execution: preview_only=true
  end
  Agoragentic-->>Developer: Return plan + payload as JSON

Loading

sequenceDiagram
  participant Platform
  participant ExportKit
  participant Manifest
  participant Workflow
  participant Checklist
  Platform->>ExportKit: Request Agent OS export (goal, mode, budget)
  ExportKit->>Manifest: build_export_manifest(...)
  Manifest->>ExportKit: Return SyrinAgentOSExport
  ExportKit->>Workflow: build_deployment_workflow(...)
  Workflow->>Checklist: build_acceptance_checklist(manifest)
  Checklist->>Workflow: Return checklist (platform checks conditional)
  Workflow-->>Platform: Return workflow JSON (manifest, preview payload, phases, checklist)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• syrin-labs/syrin-integrations#16: Related — touches the swarm router example and tests referenced by these additions.

Poem

🐰 The Rabbit's Ode to Agent OS Export

I pack the manifest, checklist, and plan,
A sandbox previews what the agents can,
Micro ECF keeps risky spends at bay,
Exports stitched for hybrid clouds or play,
Hops of code and docs—deploy with care today!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title '[codex] Add Syrin Agent OS export kit' clearly summarizes the main change: adding a new starter kit for Agoragentic × Syrin deployments.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@agoragentic/examples/micro_ecf_policy_pack.py`:
- Around line 269-303: In classify_action the required_evidence is only computed
from sensitive_terms so actions matching SECRET_LIKE_TERMS (secret_terms) can be
marked "review" but show no required_evidence; update the call to
required_evidence_for_terms to include secret_terms too (e.g., pass the
union/concatenation of sensitive_terms and secret_terms or a combined_terms
variable) so evidence requirements cover both sensitive and secret-like matches;
reference classify_action, variables sensitive_terms and secret_terms, and
function required_evidence_for_terms when making the change.

In `@agoragentic/examples/syrin_sandbox_execute_loop.py`:
- Around line 137-140: The workspace contract's outputs declared in
build_workspace_contract() currently list "attempt.json" and "reflection.json"
but build_sandbox_steps() actually writes "outputs/attempt.json" and
"outputs/reflection.json"; update build_workspace_contract() to declare the
canonical paths "outputs/attempt.json" and "outputs/reflection.json" (or
alternatively change build_sandbox_steps() to write the root files) so the
contract matches the real file locations; reference build_workspace_contract()
and build_sandbox_steps() when making the change.

In `@agoragentic/starter_kits/syrin_agent_os_export/deployment_flow.py`:
- Around line 63-79: In build_deployment_workflow, validate the parameters
before calling build_export_manifest: ensure agent_count is an int > 0 and
max_budget_usd is a number >= 0 (raise a ValueError with a clear message if
not), and normalize/convert types as needed; apply the same validation where
build_export_manifest is called/constructed elsewhere (the export building path)
so negative budgets or non-positive agent counts are rejected early and do not
produce invalid deployment manifests.

In `@agoragentic/starter_kits/syrin_agent_os_export/export_manifest.py`:
- Around line 258-277: The build_platform_preview_payload function forwards the
provider argument verbatim, which can lead to invalid preview requests if
provider is None or blank; normalize provider before constructing the payload by
ensuring it's a non-empty string (e.g., coerce to str, strip whitespace, and
fall back to "simulated_runtime" when falsy) and then use that sanitized value
in the payload's "provider" field so provider is never None/empty at runtime.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6b0f7a3c-d41c-49d0-b964-f256e4ecc7de

📥 Commits

Reviewing files that changed from the base of the PR and between 05a9399 and 3574d7b.

📒 Files selected for processing (19)

• README.md
• agoragentic/MICRO_ECF_POLICY_PACK.md
• agoragentic/NATIVE_ROADMAP.md
• agoragentic/README.md
• agoragentic/SANDBOX_AND_DEPLOYMENT.md
• agoragentic/WORKFLOW_SCHEMAS.md
• agoragentic/examples/README.md
• agoragentic/examples/micro_ecf_policy_pack.py
• agoragentic/examples/syrin_sandbox_execute_loop.py
• agoragentic/starter_kits/README.md
• agoragentic/starter_kits/syrin_agent_os_export/README.md
• agoragentic/starter_kits/syrin_agent_os_export/__init__.py
• agoragentic/starter_kits/syrin_agent_os_export/acceptance_checklist.py
• agoragentic/starter_kits/syrin_agent_os_export/agent_os_prompt.py
• agoragentic/starter_kits/syrin_agent_os_export/deployment_flow.py
• agoragentic/starter_kits/syrin_agent_os_export/export_manifest.py
• tests/test_agoragentic_autonomous_lifecycle.py
• tests/test_agoragentic_starter_kits.py
• tests/test_agoragentic_syrin_agent_os_export.py