fix: align agent data access policy checks

.github/policies/agent-data-access/banned_patterns.json

@@ -0,0 +1,10 @@
+{
+  "version": 1,
+  "patterns": [
+    "bypass",
+    "credential stuffing",
+    "paywall circumvention",
+    "scrape behind login",
+    "exploit"
+  ]
+}

.github/policies/agent-data-access/banned_patterns.schema.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://summit.example.com/schemas/agent-data-access/banned_patterns.schema.json",
+  "title": "Agent Data Access Banned Patterns",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["version", "patterns"],
+  "properties": {
+    "version": {
+      "type": "integer",
+      "minimum": 1
+    },
+    "patterns": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "string",
+        "minLength": 1
+      }
+    }
+  }
+}

.github/policies/agent-data-access/source_registry.json

@@ -0,0 +1,39 @@
+{
+  "version": 1,
+  "sources": {
+    "public-web": {
+      "id": "public-web",
+      "name": "Public Web Sources",
+      "description": "Allowlisted public sources collected without authentication.",
+      "classification": "PUBLIC",
+      "jurisdiction": ["GLOBAL"],
+      "lawful_basis": "public_interest",
+      "retention_days": 30,
+      "collection_methods": ["api", "secure_browser"],
+      "enabled": true
+    },
+    "internal-summit-store": {
+      "id": "internal-summit-store",
+      "name": "Summit Internal Intel Store",
+      "description": "Summit-controlled internal intelligence datastore.",
+      "classification": "INTERNAL",
+      "jurisdiction": ["US"],
+      "lawful_basis": "contract",
+      "retention_days": 365,
+      "collection_methods": ["etl", "api"],
+      "enabled": true
+    },
+    "restricted-provider-example": {
+      "id": "restricted-provider-example",
+      "name": "Restricted Provider Example",
+      "description": "Restricted provider data requiring explicit approval.",
+      "classification": "RESTRICTED",
+      "jurisdiction": ["US"],
+      "lawful_basis": "consent",
+      "retention_days": 90,
+      "collection_methods": ["api"],
+      "requires_approval": true,
+      "enabled": false
+    }
+  }
+}

.github/policies/agent-data-access/source_registry.schema.json

@@ -0,0 +1,61 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://summit.example.com/schemas/agent-data-access/source_registry.schema.json",
+  "title": "Agent Data Access Source Registry",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["version", "sources"],
+  "properties": {
+    "version": {
+      "type": "integer",
+      "minimum": 1
+    },
+    "sources": {
+      "type": "object",
+      "additionalProperties": { "$ref": "#/definitions/source" }
+    }
+  },
+  "definitions": {
+    "source": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "id",
+        "name",
+        "description",
+        "classification",
+        "jurisdiction",
+        "lawful_basis",
+        "retention_days",
+        "collection_methods",
+        "enabled"
+      ],
+      "properties": {
+        "id": { "type": "string" },
+        "name": { "type": "string" },
+        "description": { "type": "string" },
+        "classification": {
+          "type": "string",
+          "enum": ["PUBLIC", "INTERNAL", "CONFIDENTIAL", "RESTRICTED"]
+        },
+        "jurisdiction": {
+          "type": "array",
+          "minItems": 1,
+          "items": { "type": "string" }
+        },
+        "lawful_basis": { "type": "string" },
+        "retention_days": {
+          "type": "integer",
+          "minimum": 1
+        },
+        "collection_methods": {
+          "type": "array",
+          "minItems": 1,
+          "items": { "type": "string" }
+        },
+        "requires_approval": { "type": "boolean" },
+        "enabled": { "type": "boolean" }
+      }
+    }
+  }
+}

.github/policies/agent-data-access/tool_registry.json

@@ -0,0 +1,32 @@
+{
+  "version": 1,
+  "tools": {
+    "SearchOSINT": {
+      "id": "SearchOSINT",
+      "description": "Public-only OSINT search across allowlisted sources.",
+      "capabilities": ["search", "osint"],
+      "scopes": ["public.read"],
+      "rateLimitPerMin": 60,
+      "enabled": true,
+      "classification": "PUBLIC"
+    },
+    "SearchInternalIntel": {
+      "id": "SearchInternalIntel",
+      "description": "Query Summit-controlled internal intelligence stores only.",
+      "capabilities": ["search", "internal"],
+      "scopes": ["internal.read"],
+      "rateLimitPerMin": 30,
+      "enabled": true,
+      "classification": "INTERNAL"
+    },
+    "FetchProviderIntel::Example": {
+      "id": "FetchProviderIntel::Example",
+      "description": "Account-backed provider API wrapper with least-privilege scopes.",
+      "capabilities": ["fetch", "provider"],
+      "scopes": ["provider.read"],
+      "rateLimitPerMin": 10,
+      "enabled": false,
+      "classification": "CONFIDENTIAL"
+    }
+  }
+}

.github/policies/agent-data-access/tool_registry.schema.json

@@ -0,0 +1,55 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://summit.example.com/schemas/agent-data-access/tool_registry.schema.json",
+  "title": "Agent Data Access Tool Registry",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["version", "tools"],
+  "properties": {
+    "version": {
+      "type": "integer",
+      "minimum": 1
+    },
+    "tools": {
+      "type": "object",
+      "additionalProperties": { "$ref": "#/definitions/tool" }
+    }
+  },
+  "definitions": {
+    "tool": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "id",
+        "description",
+        "capabilities",
+        "scopes",
+        "rateLimitPerMin",
+        "enabled"
+      ],
+      "properties": {
+        "id": { "type": "string" },
+        "description": { "type": "string" },
+        "capabilities": {
+          "type": "array",
+          "minItems": 1,
+          "items": { "type": "string" }
+        },
+        "scopes": {
+          "type": "array",
+          "minItems": 1,
+          "items": { "type": "string" }
+        },
+        "rateLimitPerMin": {
+          "type": "integer",
+          "minimum": 1
+        },
+        "enabled": { "type": "boolean" },
+        "classification": {
+          "type": "string",
+          "enum": ["PUBLIC", "INTERNAL", "CONFIDENTIAL", "RESTRICTED"]
+        }
+      }
+    }
+  }
+}

agents/examples/AGENT_DATA_ACCESS_PR1.json

@@ -0,0 +1,47 @@
+{
+  "task_id": "AGENT_DATA_ACCESS_PR1",
+  "agent_id": "codex",
+  "prompt_ref": {
+    "id": "agent-data-access-policy-foundation",
+    "version": "v1",
+    "sha256": "184ac6696fe11f2eee35d0450d8dd23fb1891589f066b00eaa1da3eeb02d5126",
+    "path": "prompts/agent-data-access/policy-foundation@v1.md"
+  },
+  "declared_scope": {
+    "paths": [
+      ".github/policies/agent-data-access/",
+      "src/agents/policy/",
+      "tests/agents/policy/",
+      "evidence/index.json",
+      "evidence/EVD-OSINTLEGAL-DATAACCESS-001/",
+      "evidence/EVD-OSINTLEGAL-DATAACCESS-002/",
+      "docs/roadmap/STATUS.json",
+      "agents/examples/AGENT_DATA_ACCESS_PR1.json"
+    ],
+    "domains": ["governance", "policy", "evidence", "testing"]
+  },
+  "allowed_operations": ["create", "edit"],
+  "verification_requirements": {
+    "tier": "C",
+    "artifacts": [
+      "tests/agents/policy/policyEval.check.mjs",
+      "evidence/EVD-OSINTLEGAL-DATAACCESS-001",
+      "evidence/EVD-OSINTLEGAL-DATAACCESS-002"
+    ]
+  },
+  "debt_budget": {
+    "permitted": 0,
+    "retirement_target": 0
+  },
+  "success_criteria": [
+    "Policy registries validate against schemas, including banned patterns.",
+    "Deny-by-default evaluator rejects unknown tools and restricted sources without approval.",
+    "Evidence index updated with EVD-OSINTLEGAL-DATAACCESS-001 and EVD-OSINTLEGAL-DATAACCESS-002.",
+    "Roadmap status updated with PR-1 foundation entry."
+  ],
+  "stop_conditions": [
+    "Schema validation fails for policy registries.",
+    "Evidence index update would remove existing entries.",
+    "Policy evaluator allows unknown tools."
+  ]
+}

docs/roadmap/STATUS.json

@@ -1,13 +1,19 @@
 {
-  "last_updated": "2026-02-07T00:00:00Z",
-  "revision_note": "Added Summit PR Stack Sequencer skill scaffolding.",
+  "last_updated": "2026-02-08T02:27:22Z",
+  "revision_note": "Moved policy evaluator checks to ESM runner and validated banned pattern schema.",
   "initiatives": [
     {
       "id": "adenhq-hive-subsumption-lane1",
       "status": "in_progress",
       "owner": "codex",
       "notes": "Scaffold adenhq/hive subsumption bundle, required check mapping, and evidence-first lane-1 posture."
     },
+    {
+      "id": "agent-data-access-policy-pr1",
+      "status": "in_progress",
+      "owner": "codex",
+      "notes": "Policy registries, schemas, evaluator, and evidence-first tests for deny-by-default tool access."
+    },
     {
       "id": "B",
       "name": "Federation + Ingestion Mesh",
@@ -200,7 +206,7 @@
     "partial": 2,
     "incomplete": 0,
     "not_started": 5,
-    "total": 17,
+    "total": 18,
     "ga_blockers": []
   }
 }

evidence/EVD-OSINTLEGAL-DATAACCESS-001/metrics.json

@@ -0,0 +1,4 @@
+{
+  "denied_invocations": 1,
+  "allowed_invocations": 0
+}

evidence/EVD-OSINTLEGAL-DATAACCESS-001/report.json

@@ -0,0 +1,7 @@
+{
+  "evidence_id": "EVD-OSINTLEGAL-DATAACCESS-001",
+  "summary": "Deny-by-default policy evaluator rejects unknown tool identifiers.",
+  "references": [
+    "tests/agents/policy/policyEval.check.mjs#deny-unknown-tool"
+  ]
+}

evidence/EVD-OSINTLEGAL-DATAACCESS-001/stamp.json

@@ -0,0 +1,3 @@
+{
+  "created_at": "2026-02-08T01:11:51Z"
+}

evidence/EVD-OSINTLEGAL-DATAACCESS-002/metrics.json

@@ -0,0 +1,4 @@
+{
+  "denied_invocations": 1,
+  "allowed_invocations": 1
+}

evidence/EVD-OSINTLEGAL-DATAACCESS-002/report.json

@@ -0,0 +1,7 @@
+{
+  "evidence_id": "EVD-OSINTLEGAL-DATAACCESS-002",
+  "summary": "Restricted sources require explicit approval before access is allowed.",
+  "references": [
+    "tests/agents/policy/policyEval.check.mjs#requires-approval-for-restricted-sources"
+  ]
+}

evidence/EVD-OSINTLEGAL-DATAACCESS-002/stamp.json

@@ -0,0 +1,3 @@
+{
+  "created_at": "2026-02-08T01:11:51Z"
+}

evidence/index.json

@@ -25,6 +25,22 @@
         "stamp": "evidence/stamp.json"
       }
     },
+    {
+      "evidence_id": "EVD-OSINTLEGAL-DATAACCESS-001",
+      "files": {
+        "report": "evidence/EVD-OSINTLEGAL-DATAACCESS-001/report.json",
+        "metrics": "evidence/EVD-OSINTLEGAL-DATAACCESS-001/metrics.json",
+        "stamp": "evidence/EVD-OSINTLEGAL-DATAACCESS-001/stamp.json"
+      }
+    },
+    {
+      "evidence_id": "EVD-OSINTLEGAL-DATAACCESS-002",
+      "files": {
+        "report": "evidence/EVD-OSINTLEGAL-DATAACCESS-002/report.json",
+        "metrics": "evidence/EVD-OSINTLEGAL-DATAACCESS-002/metrics.json",
+        "stamp": "evidence/EVD-OSINTLEGAL-DATAACCESS-002/stamp.json"
+      }
+    },
     {
       "evidence_id": "EVD-MITTR-AGENTIC-WORKFORCE-001",
       "files": {
@@ -402,4 +418,4 @@
       }
     }
   ]
-}
+}

prompts/agent-data-access/policy-foundation@v1.md

@@ -0,0 +1,23 @@
+# Agent Data Access Policy Foundation (PR-1)
+
+## Objective
+Establish deny-by-default policy foundations for agent data access, including registries, schemas, evaluator, tests, and evidence updates.
+
+## Required Changes
+- Add policy registries under `.github/policies/agent-data-access/` with JSON schemas (including banned patterns).
+- Implement TypeScript policy types, loader, and evaluator under `src/agents/policy/`.
+- Add unit tests covering deny-by-default and approval-required scenarios under `tests/agents/policy/`.
+- Update `evidence/index.json` and add evidence artifacts for new EVD entries.
+- Update `docs/roadmap/STATUS.json` with initiative status.
+
+## Constraints
+- Deny-by-default for unknown tools/sources.
+- Ensure banned operation patterns are enforced.
+- Keep changes scoped to policy foundations (no runtime enforcement or connector behavior changes).
+
+## Verification
+- Run unit tests covering policy evaluation.
+- Validate policy registries against schemas.
+
+## Evidence
+- Add evidence IDs `EVD-OSINTLEGAL-DATAACCESS-001` and `EVD-OSINTLEGAL-DATAACCESS-002` with report/metrics/stamp entries.