Agent Architecture Review, Validation snapshot

The workflow is designed around delegated intent and constraints rather than step-by-step manual manipulation: `GovernedPolicy`, frozen `ApprovalGateRule`, `build_governed_tools`, `SUBMISSION_CAPABLE_ACTIONS`, and `start_governed_run` establish scoped authority before execution. Approval-sensitive actions are routed through the governed dispatcher rather than left as free-form prompt behavior. Delta: this maintains the prior aligned delegation verdict.

Background work has durable perceptibility primitives: `create_run` persists an `INITIALISED` row with `lease_expires_at = now + DEFAULT_QUEUE_TIMEOUT_SECONDS`, workers take ownership through `claim_lease`, liveness is refreshed through `heartbeat`, and `reap_stale_leases` is documented to transition both expired worker leases and never-claimed queue entries to `TIMED_OUT`. `status`, `timeline`, and the CLI `reap` verb provide return-and-inspect continuity. Delta: this improves the prior P2 blocker by giving unclaimed INITIALISED runs a terminal timeout path.

Feedback is calibrated by attention level: routine progress is represented through persisted state, heartbeat, and timeline events, while intervention points surface as explicit `AWAITING_APPROVAL` events. The CLI stream deduplicates by `(kind, seq)`, so repeated approval-required states are not collapsed incorrectly and user attention is requested when materially needed. Delta: this maintains the prior aligned feedback verdict.

The system separates default summary from deeper inspection: `RunStatus`/`status` expose operational status and digests, `timeline` exposes event history, `evidence` exposes raw sidecar material when authorized, and `verify_audit` provides a certification path. The Iter3 digest-only `runs` row also supports progressive disclosure by avoiding raw policy exposure in the canonical status surface. Delta: this maintains the prior aligned progressive-disclosure verdict.

The code replaces implicit agent magic with explicit operating rules: `RunState` is a closed enum with `VALID_TRANSITIONS`, policy is frozen through `ConfigDict(frozen=True)` plus a runtime policy digest check, externally visible actions are governed by `ApprovalGateRule`, and violations are represented as `ApprovalBindingMismatch` or `scope_violation` events. The documented correction model is abort-and-restart for policy changes rather than silent mid-run mutation. Delta: this maintains the prior aligned mental-model verdict.

Operational state is exposed in user-relevant terms rather than raw scheduler mechanics: states such as `INITIALISED`, `IN_PROGRESS`, `AWAITING_APPROVAL`, `COMPLETE`, `FAILED`, `TIMED_OUT`, and `ABORTED_BY_USER` describe what the user can act on. Technical details such as hash chains, `worker_id`, and leases are retained for diagnostics through timeline/evidence surfaces instead of being the only status model. Delta: this maintains the prior aligned operational-state verdict.

Approvals, hand-offs, and blockers are explicit primitives rather than implicit chat turns: `wait_for_decision` blocks on approval with heartbeat and `worker_id`, `ApprovalGateRule` defines approval requirements, `ApprovalBindingMismatch` and `scope_violation` are recorded, and `on_handoff` rejects unsupported handoffs. `AWAITING_APPROVAL`, `FAILED`, `TIMED_OUT`, and `ABORTED_BY_USER` distinguish interruption, gating, and failure. Delta: this maintains the prior aligned blocker/approval verdict.

Delegated work is represented as a structured system: persistent `runs`, append-only `events`, segregated `evidence`, `steering_commands`, `run_lease_history`, lease ownership, and state transitions separate execution state from conversational output. `load_timeline`, `status`, and `evidence` provide system views over the run rather than reducing the workflow to a message transcript. Delta: this maintains the prior aligned system-representation verdict.

The workflow supports steering during execution through durable `pause`, `resume`, and `abort` verbs, `queue_steering_command`, `claim_next_steering_command`, and `GovernedRunHooks` that drain steering at checkpoints. The pause path continues heartbeating, aborts transition cleanly, and policy changes are handled through an explicit abort/restart model rather than unsafe mutable authority. Delta: this maintains the prior aligned steering verdict.