Summary
Define a tool-independent protocol for observable external actions — any call leaving the local process boundary (another LLM/API, message/email, issue/PR, payment, external mutation). The protocol specifies required observable state transitions (intent before the action, result/unresolved state after) rather than tool-specific rules, with declared guarantee levels so an implementation never claims more durability than it structurally provides.
Originates from a four-checkpoint review cycle (codex outbox idea → claude critique → codex v2 capability-contract → claude final consolidation). Full converged design with per-decision rationale:
.agents/checkpoints/2026-06-23T173242_claude_observable-external-actions-final.md
Core contract
Before an externally relevant action is attempted, its intent must become observable at a declared guarantee level. After the attempt, its result or unresolved state must also become observable. Recovery claims must not exceed the declared guarantee level.
Guarantee levels (graded by guarantee, not intention)
- G0 — best-effort (discretionary): agent writes the record; observability only, not recovery.
- G1 — wrapper-enforced: approved tool/CLI/hook/API client writes the record automatically before send; first real recovery level.
- G2 — durable/transactional: external orchestrator owns the outbox, idempotency keys, retries, approval gates.
Key design rules (corrections folded in)
- Three levels, not four — graded by guarantee delivered, not by "was the agent told to log".
- G1 enforcement must be technical — closed egress path or detectable bypass; otherwise declare G0.
- Conservative classification — if uncertain whether an action has side effects, treat as side-effecting; consult a known-mutating registry before agent judgment. Only analysis-only calls may sit at G0.
- Correlation marker at G1+ — idempotency key or embedded tag recorded at
planned, so unknown_external_state is reconcilable (search the external system for the marker) instead of degrading to "ask a human".
Status vocabulary
planned · sent_or_waiting · completed · failed · unknown_external_state · acknowledged_deferred
Storage
Reuse existing infra: cross-session discoverability via sessions/active_sessions.md; append-only events.jsonl with status derived from last event (matches the append-at-tail / decisions.jsonl grain). No new parallel outbox/ tree.
Honesty clause — current effective level
Claude Code and Codex run in IDE/CLI contexts with no enforceable egress wrapper today, so the effective guarantee in this project is G0 for all external actions. The protocol must state this so the spec does not advertise G1/G2 capabilities the runtime cannot deliver.
Promotion plan
- Add §1 principle + honesty clause to
PROTOCOL_RULES.md.
- Define the three guarantee levels + G1 enforcement test.
- Conservative classification + known-mutating registry.
- Require correlation marker at G1+.
- Status vocabulary +
events.jsonl schema under schemas/.
- Wire storage into
sessions/active_sessions.md discoverability.
- Declare project effective level (G0) + close-time
acknowledged_deferred rule.
- Tooling later: schema validation + stale-
sent_or_waiting detector.
Open decision
Confirmed direction: capability-level contract. Remaining maintainer call: ship G1 in the first edit as specified-but-unavailable, or defer until a reference wrapper exists. Design recommends specifying all three levels now (portability) while declaring project effective level as G0.
Summary
Define a tool-independent protocol for observable external actions — any call leaving the local process boundary (another LLM/API, message/email, issue/PR, payment, external mutation). The protocol specifies required observable state transitions (intent before the action, result/unresolved state after) rather than tool-specific rules, with declared guarantee levels so an implementation never claims more durability than it structurally provides.
Originates from a four-checkpoint review cycle (codex outbox idea → claude critique → codex v2 capability-contract → claude final consolidation). Full converged design with per-decision rationale:
.agents/checkpoints/2026-06-23T173242_claude_observable-external-actions-final.mdCore contract
Guarantee levels (graded by guarantee, not intention)
Key design rules (corrections folded in)
planned, sounknown_external_stateis reconcilable (search the external system for the marker) instead of degrading to "ask a human".Status vocabulary
planned·sent_or_waiting·completed·failed·unknown_external_state·acknowledged_deferredStorage
Reuse existing infra: cross-session discoverability via
sessions/active_sessions.md; append-onlyevents.jsonlwith status derived from last event (matches the append-at-tail /decisions.jsonlgrain). No new paralleloutbox/tree.Honesty clause — current effective level
Claude Code and Codex run in IDE/CLI contexts with no enforceable egress wrapper today, so the effective guarantee in this project is G0 for all external actions. The protocol must state this so the spec does not advertise G1/G2 capabilities the runtime cannot deliver.
Promotion plan
PROTOCOL_RULES.md.events.jsonlschema underschemas/.sessions/active_sessions.mddiscoverability.acknowledged_deferredrule.sent_or_waitingdetector.Open decision
Confirmed direction: capability-level contract. Remaining maintainer call: ship G1 in the first edit as specified-but-unavailable, or defer until a reference wrapper exists. Design recommends specifying all three levels now (portability) while declaring project effective level as G0.