feat(consent): add agent consent policy contracts

chubes4 · chubes4 · commit 1595419ed4c1 · 2026-05-04T09:41:18.000-04:00
diff --git a/README.md b/README.md
@@ -30,6 +30,7 @@ Agents API sits between tool/action discovery and product-specific automation. I
 - Iteration budget primitives for bounded execution across configurable dimensions.
 - Tool-call mediation contracts and runtime tool declaration value objects.
 - Conversation transcript store contracts.
+- Consent policy contracts for memory, transcripts, sharing, and escalation.
 - Tool source registration, parameter normalization, tool-call mediation, and execution result contracts.
 - Session and persistence contracts where they are provider-neutral.
 
@@ -42,6 +43,7 @@ Agents API sits between tool/action discovery and product-specific automation. I
 - Public REST controllers in v1 unless they are separately designed.
 - Product runner adapters that assemble prompts, choose concrete tools, materialize storage, or decide product policy.
 - Concrete tool execution adapters, prompt assembly policy, or product storage/materialization policy.
+- Product-specific consent UX, support routing, escalation targets, or transcript-sharing policy.
 
 Products can require Agents API because they build on the substrate. Agents API must not depend on any product plugin, import product classes, mirror a product source tree, or encode product vocabulary as generic runtime API.
 
@@ -107,6 +109,10 @@ wp_register_agent(
 - `AgentsAPI\AI\IterationBudget`
 - `AgentsAPI\AI\AgentConversationResult`
 - `AgentsAPI\AI\AgentConversationLoop`
+- `WP_Agent_Consent_Policy_Interface`
+- `WP_Agent_Default_Consent_Policy`
+- `AgentsAPI\AI\Consent\AgentConsentOperation`
+- `AgentsAPI\AI\Consent\AgentConsentDecision`
 - `AgentsAPI\AI\Tools\RuntimeToolDeclaration`
 - `AgentsAPI\AI\Tools\ToolCall`
 - `AgentsAPI\AI\Tools\ToolSourceRegistry`
@@ -142,6 +148,42 @@ add_filter(
 );
 ```
 
+## Consent Policy Boundary
+
+Agents API owns a generic consent contract for runtime operations that carry different user expectations:
+
+- `store_memory` — store consolidated agent memory.
+- `use_memory` — use existing agent memory during a run.
+- `store_transcript` — store a raw conversation transcript.
+- `share_transcript` — share a raw transcript outside its owning context.
+- `escalate_to_human` — escalate a run or transcript to a human/support adapter.
+
+Memory consent and transcript consent are intentionally separate. Allowing an agent to store or use consolidated memory does not imply consent to persist or share raw transcripts. Escalation is also separate so support-mode adapters can ask their own product questions without adding support-product logic to Agents API.
+
+Policies implement `WP_Agent_Consent_Policy_Interface` and return `AgentConsentDecision` values with `allowed`, `operation`, `reason`, and `audit_metadata` fields. Consumers should store those decision arrays alongside any memory write, transcript persistence/share event, or escalation event they apply.
+
+```php
+$policy = new WP_Agent_Default_Consent_Policy();
+
+$decision = $policy->can_store_transcript(
+	array(
+		'mode'    => 'chat',
+		'user_id' => get_current_user_id(),
+		'agent_id' => 'example-agent',
+		'consent' => array(
+			'store_transcript' => true,
+		),
+	)
+);
+
+if ( $decision->is_allowed() ) {
+	$transcript_id = $transcript_persister->persist( $messages, $request, $result );
+	$audit_store->record( $decision->to_array() + array( 'transcript_id' => $transcript_id ) );
+}
+```
+
+`WP_Agent_Default_Consent_Policy` is conservative: non-interactive modes are denied by default, and interactive modes still require explicit per-operation consent. Products can supply adapter-specific policies for their own UX, authorization ceilings, support routing, retention rules, and audit stores.
+
 ## Conversation Compaction
 
 Agents can declare support for runtime conversation compaction without tying Agents API to a provider or model executor:
diff --git a/agents-api.php b/agents-api.php
@@ -45,6 +45,10 @@
 require_once AGENTS_API_PATH . 'src/Approvals/ApprovalDecision.php';
 require_once AGENTS_API_PATH . 'src/Approvals/PendingActionHandlerInterface.php';
 require_once AGENTS_API_PATH . 'src/Approvals/PendingActionResolverInterface.php';
+require_once AGENTS_API_PATH . 'src/Consent/AgentConsentOperation.php';
+require_once AGENTS_API_PATH . 'src/Consent/AgentConsentDecision.php';
+require_once AGENTS_API_PATH . 'src/Consent/class-wp-agent-consent-policy-interface.php';
+require_once AGENTS_API_PATH . 'src/Consent/class-wp-agent-default-consent-policy.php';
 require_once AGENTS_API_PATH . 'src/Runtime/AgentMessageEnvelope.php';
 require_once AGENTS_API_PATH . 'src/Runtime/AgentExecutionPrincipal.php';
 require_once AGENTS_API_PATH . 'src/Runtime/AgentCompactionItem.php';
diff --git a/composer.json b/composer.json
@@ -18,6 +18,7 @@
       "php tests/registry-smoke.php",
       "php tests/execution-principal-smoke.php",
       "php tests/action-policy-values-smoke.php",
+      "php tests/consent-policy-smoke.php",
       "php tests/tool-runtime-smoke.php",
       "php tests/pending-action-store-contract-smoke.php",
       "php tests/approval-resolver-contract-smoke.php",
diff --git a/src/Consent/AgentConsentDecision.php b/src/Consent/AgentConsentDecision.php
@@ -0,0 +1,150 @@
+<?php
+/**
+ * Agent consent decision value object.
+ *
+ * @package AgentsAPI
+ */
+
+namespace AgentsAPI\AI\Consent;
+
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * Represents a consent policy result with audit-safe metadata.
+ */
+final class AgentConsentDecision {
+
+	/** @var bool */
+	private $allowed;
+
+	/** @var string */
+	private $operation;
+
+	/** @var string */
+	private $reason;
+
+	/** @var array */
+	private $audit_metadata;
+
+	/**
+	 * @param bool   $allowed        Whether the operation is allowed.
+	 * @param string $operation      Consent operation value.
+	 * @param string $reason         Stable reason code.
+	 * @param array  $audit_metadata JSON-friendly audit metadata.
+	 */
+	private function __construct( bool $allowed, string $operation, string $reason, array $audit_metadata = array() ) {
+		$normalized_operation = AgentConsentOperation::normalize( $operation );
+
+		$this->allowed        = $allowed;
+		$this->operation      = null === $normalized_operation ? '' : $normalized_operation;
+		$this->reason         = self::normalize_key( $reason );
+		$this->audit_metadata = self::normalize_metadata( $audit_metadata );
+	}
+
+	/**
+	 * Build an allowed decision.
+	 *
+	 * @param string $operation      Consent operation value.
+	 * @param string $reason         Stable reason code.
+	 * @param array  $audit_metadata JSON-friendly audit metadata.
+	 * @return self
+	 */
+	public static function allowed( string $operation, string $reason = 'allowed', array $audit_metadata = array() ): self {
+		return new self( true, $operation, $reason, $audit_metadata );
+	}
+
+	/**
+	 * Build a denied decision.
+	 *
+	 * @param string $operation      Consent operation value.
+	 * @param string $reason         Stable reason code.
+	 * @param array  $audit_metadata JSON-friendly audit metadata.
+	 * @return self
+	 */
+	public static function denied( string $operation, string $reason = 'denied', array $audit_metadata = array() ): self {
+		return new self( false, $operation, $reason, $audit_metadata );
+	}
+
+	/**
+	 * Whether the operation is allowed.
+	 *
+	 * @return bool
+	 */
+	public function is_allowed(): bool {
+		return $this->allowed;
+	}
+
+	/**
+	 * Consent operation value.
+	 *
+	 * @return string
+	 */
+	public function operation(): string {
+		return $this->operation;
+	}
+
+	/**
+	 * Stable reason code.
+	 *
+	 * @return string
+	 */
+	public function reason(): string {
+		return $this->reason;
+	}
+
+	/**
+	 * JSON-friendly audit metadata.
+	 *
+	 * @return array
+	 */
+	public function audit_metadata(): array {
+		return $this->audit_metadata;
+	}
+
+	/**
+	 * Return JSON-friendly shape.
+	 *
+	 * @return array
+	 */
+	public function to_array(): array {
+		return array(
+			'allowed'        => $this->allowed,
+			'operation'      => $this->operation,
+			'reason'         => $this->reason,
+			'audit_metadata' => $this->audit_metadata,
+		);
+	}
+
+	/**
+	 * Normalize arbitrary metadata to JSON-friendly scalar/array values.
+	 *
+	 * @param array $metadata Raw metadata.
+	 * @return array
+	 */
+	private static function normalize_metadata( array $metadata ): array {
+		$normalized = array();
+
+		foreach ( $metadata as $key => $value ) {
+			if ( is_scalar( $value ) || null === $value ) {
+				$normalized[ self::normalize_key( (string) $key ) ] = $value;
+			} elseif ( is_array( $value ) ) {
+				$normalized[ self::normalize_key( (string) $key ) ] = self::normalize_metadata( $value );
+			}
+		}
+
+		return $normalized;
+	}
+
+	/**
+	 * Normalize a string to a stable machine key without requiring WordPress helpers.
+	 *
+	 * @param string $value Raw key.
+	 * @return string
+	 */
+	private static function normalize_key( string $value ): string {
+		$value = strtolower( $value );
+		$value = preg_replace( '/[^a-z0-9_\-]+/', '_', $value );
+
+		return trim( is_string( $value ) ? $value : '', '_-' );
+	}
+}
diff --git a/src/Consent/AgentConsentOperation.php b/src/Consent/AgentConsentOperation.php
@@ -0,0 +1,78 @@
+<?php
+/**
+ * Agent consent operation vocabulary.
+ *
+ * @package AgentsAPI
+ */
+
+namespace AgentsAPI\AI\Consent;
+
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * Normalizes generic consent operation names.
+ */
+final class AgentConsentOperation {
+
+	/** Store consolidated agent memory. */
+	public const STORE_MEMORY = 'store_memory';
+
+	/** Use existing agent memory during a run. */
+	public const USE_MEMORY = 'use_memory';
+
+	/** Store a raw conversation transcript. */
+	public const STORE_TRANSCRIPT = 'store_transcript';
+
+	/** Share a raw conversation transcript outside its owning context. */
+	public const SHARE_TRANSCRIPT = 'share_transcript';
+
+	/** Escalate a run or transcript to a human/support adapter. */
+	public const ESCALATE_TO_HUMAN = 'escalate_to_human';
+
+	/**
+	 * Return all valid operation values.
+	 *
+	 * @return string[]
+	 */
+	public static function all(): array {
+		return array(
+			self::STORE_MEMORY,
+			self::USE_MEMORY,
+			self::STORE_TRANSCRIPT,
+			self::SHARE_TRANSCRIPT,
+			self::ESCALATE_TO_HUMAN,
+		);
+	}
+
+	/**
+	 * Determine whether a raw value is a recognized operation.
+	 *
+	 * @param mixed $value Raw operation value.
+	 * @return bool
+	 */
+	public static function isValid( $value ): bool {
+		return null !== self::normalize( $value );
+	}
+
+	/**
+	 * Normalize a raw operation value.
+	 *
+	 * @param mixed       $value    Raw operation value.
+	 * @param string|null $fallback Optional fallback used when value is invalid.
+	 * @return string|null One of the operation constants, or null when invalid.
+	 */
+	public static function normalize( $value, ?string $fallback = null ): ?string {
+		if ( is_string( $value ) ) {
+			$normalized = strtolower( trim( $value ) );
+			if ( in_array( $normalized, self::all(), true ) ) {
+				return $normalized;
+			}
+		}
+
+		if ( null === $fallback ) {
+			return null;
+		}
+
+		return self::normalize( $fallback );
+	}
+}
diff --git a/src/Consent/class-wp-agent-consent-policy-interface.php b/src/Consent/class-wp-agent-consent-policy-interface.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Agent consent policy interface.
+ *
+ * @package AgentsAPI
+ */
+
+use AgentsAPI\AI\Consent\AgentConsentDecision;
+
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * Generic consent policy contract for agent memory, transcripts, and escalation.
+ */
+interface WP_Agent_Consent_Policy_Interface {
+
+	/**
+	 * Whether consolidated agent memory may be stored.
+	 *
+	 * @param array $context JSON-friendly request, principal, adapter, and UX context.
+	 * @return AgentConsentDecision
+	 */
+	public function can_store_memory( array $context = array() ): AgentConsentDecision;
+
+	/**
+	 * Whether existing agent memory may be used for a run.
+	 *
+	 * @param array $context JSON-friendly request, principal, adapter, and UX context.
+	 * @return AgentConsentDecision
+	 */
+	public function can_use_memory( array $context = array() ): AgentConsentDecision;
+
+	/**
+	 * Whether a raw conversation transcript may be stored.
+	 *
+	 * @param array $context JSON-friendly request, principal, adapter, and UX context.
+	 * @return AgentConsentDecision
+	 */
+	public function can_store_transcript( array $context = array() ): AgentConsentDecision;
+
+	/**
+	 * Whether a raw conversation transcript may be shared outside its owning context.
+	 *
+	 * @param array $context JSON-friendly request, principal, adapter, and UX context.
+	 * @return AgentConsentDecision
+	 */
+	public function can_share_transcript( array $context = array() ): AgentConsentDecision;
+
+	/**
+	 * Whether a run or transcript may be escalated to a human/support adapter.
+	 *
+	 * @param array $context JSON-friendly request, principal, adapter, and UX context.
+	 * @return AgentConsentDecision
+	 */
+	public function can_escalate_to_human( array $context = array() ): AgentConsentDecision;
+}
diff --git a/src/Consent/class-wp-agent-default-consent-policy.php b/src/Consent/class-wp-agent-default-consent-policy.php
diff --git a/tests/bootstrap-smoke.php b/tests/bootstrap-smoke.php
diff --git a/tests/consent-policy-smoke.php b/tests/consent-policy-smoke.php
