Agent Architecture Review, Validation snapshot

Design for delegation rather than direct manipulation

The workflow is designed around delegated validation rather than manual step execution: approve_cohort_application.approve() gates approval, then run_cohort_validate.run() creates a CohortValidationJob and _execute_with_job() performs clone, language detection, file selection, bundling, LLM validation, and persistence. ValidationRequest.context records the delegated task, repository namespace, and selected files.

Ensure that background work remains perceptible

Background work is made durable and perceptible through CohortValidationJob.status, queued_at, cloning_started_at, selecting_started_at, bundling_started_at, validating_started_at, terminal_at, failure_kind, safe_display_message, retry_eligible, and abort_requested. create_job() commits a queued row before bridge work starts, and mark_step_started(), mark_completed(), mark_blocked(), mark_failed(), and mark_aborted() persist state transitions.

Align feedback with the user’s level of attention

Feedback is calibrated by separating user/input blockers from internal/transient failures: mark_blocked() sets status='blocked' and retry_eligible=False for invalid_repo_url, no_supported_language, selector_rejected, and read_failed, while mark_failed() marks retryable validate_error/unexpected_error paths. _summarize_validate_log() captures only log shape rather than leaking noisy content, and onboarding_failure_reason is set only on approval-side failures requiring attention.

Apply progressive disclosure to system agency

The primary operational surface is concise status/failure state, while deeper inspection is available in the persisted audit object. audit_object separates source, selection, validate, and job sections; _collect_job_transitions() provides timeline detail; _summarize_validate_log() exposes top-level log shape without dumping raw validator internals.

Replace implied magic with clear mental models

The code exposes a clear mental model through explicit constants and state vocabularies: STEPS=('cloning','selecting','bundling','validating'), TERMINAL_STATUSES, FAILURE_KINDS, and onboarding_state values such as pending, approved, validation_queued, validation_complete, and validation_failed. The file boundary is also explicit via envelope_schema='bridge.files.v2', boundary_contract='untrusted_user_code', and BOUNDARY_CONTRACT_VERSION.

Expose meaningful operational state, not internal complexity

The workflow exposes meaningful operational states instead of raw internals: job.status uses queued/cloning/selecting/bundling/validating/completed/blocked/failed/aborted, while safe_display_message gives user-relevant explanations such as invalid repo URL, no supported language, clone failure, or validation error. Technical details like selected file hashes, latency_ms, and log_signals are reserved for the audit payload.

Represent delegated work as a system, not merely as a conversation

Delegated work is represented as a structured system rather than a conversation: CohortValidationJob stores lifecycle state and timestamps, _execute_with_job() advances explicit steps, and the persisted audit object separates source, selection, validate, and job transition data. The validator result is stored in UserValidationRun with repository, latency, score/grade/tier, and audit metadata rather than only a free-form message stream.