Agent Architecture Review, Snapshot di validazione

Design for delegation rather than direct manipulation

The workflow delegates the post-approval validation task instead of making the founder manually execute every scan step: `post_approve()` runs `approve_cli.approve_account` and dispatches `_run_validate_background`, while `run_cohort_validate.run()` orchestrates clone → language detect → select → bundle → validate → persist. Scope is bounded by `application_id`, `repo_url`, `user_id`, `ValidationContext(repository=namespace, files=...)`, and explicit approve/reject/retry/abort actions.

Apply progressive disclosure to system agency

The API applies progressive disclosure: `list_applications()` returns compact `CohortApplicationSummaryOut` rows with latest status/id, while `get_application()` returns `CohortApplicationDetailOut` with full application fields and `jobs`. The job model separates summary status (`status`, `failure_kind`, `safe_display_message`, `retry_eligible`) from deeper diagnostic fields such as timestamps, `commit_sha`, `bundle_sha256`, and counts.

Expose meaningful operational state, not internal complexity

Operational state is represented in user/actionable terms rather than only internals: `onboarding_state` distinguishes `validation_queued`, `validation_complete`, and `validation_failed`; `CohortValidationJobOut` exposes `status`, `failure_kind`, `safe_display_message`, `retry_eligible`, `abort_requested`, and phase timestamps; `_JOB_FAILURE_TO_RUN_CODE` maps job failures to user-run failure codes. Deeper technical details such as hashes and commit SHA are reserved for admin/job detail and audit context.

Establish trust through inspectability

Inspectability is supported by concrete reproducibility primitives. `_build_implementation_context()` constructs a typed file envelope with per-file `path`, `byte_size`, `sha256`, and `content`; `wrap_bundle_with_boundary()` applies an explicit untrusted-code boundary; the persisted `audit_object` records `commit_sha`, selected/skipped files, bundle SHA-256, `BOUNDARY_CONTRACT_VERSION`, `ENVELOPE_SCHEMA`, `envelope_hash`, validator latency, and log-shape signals. This gives reviewers traceability from result back to selected source material without dumping opaque logs.

Make hand-offs, approvals, and blockers explicit

Handled hand-offs and blockers are explicit. CLI approval prompts unless `yes=True`; admin approval is behind `require_admin`; onboarding failures persist typed states such as `firebase_user_failed`, `sign_in_link_failed`, `approval_email_failed`, and `validation_failed`; validation blockers call `mark_blocked()` with specific `failure_kind` values like `invalid_repo_url`, `selector_rejected`, `no_supported_language`, and `read_failed`; unexpected paths call `mark_failed()` with `safe_display_message` and retry eligibility. The admin API exposes abort, retry validation, and retry onboarding endpoints.

Represent delegated work as a system, not merely as a conversation

Delegated work is modeled as a structured system, not a conversation. `CohortValidationJob` is the execution ledger, `UserValidationRun` is pre-created for user-facing continuity, `CohortApplication.validation_run_id` links the application to the result, and admin endpoints expose list/detail/action views over those structures. The orchestration function persists phase transitions and audit metadata instead of relying on a message transcript.