Category: spec-conformance Severity: major
Location: arcp-core/src/main/java/dev/arcp/core/lease/Lease.java:72-106
Spec: ARCP v1.1 §9.4 (also §10)
What
Lease.contains() is never called anywhere in the runtime, and LeaseSubsetViolationException / ErrorCode.LEASE_SUBSET_VIOLATION are never thrown. An agent can emit a DelegateEvent but the runtime derives no child lease and performs no subset enforcement. §9.4/§10 require a delegated lease be a strict subset of the parent: cost.budget must not exceed the parent's remaining budget, expires_at must not exceed the parent's, model.use must resolve to a subset, with violations rejected as LEASE_SUBSET_VIOLATION. Additionally Lease.contains treats cost.budget amount strings as globs via covers(), so even if wired it would not enforce the numeric budget bound.
Evidence
/** §9.4 subset check: every child pattern is covered by a parent pattern. */
public boolean contains(Lease child) {
return child.capabilities.entrySet().stream()
.allMatch(
e -> {
List<String> parent = capabilities.get(e.getKey());
return parent != null
&& e.getValue().stream()
.allMatch(
childPattern ->
parent.stream()
.anyMatch(parentPattern -> covers(parentPattern, childPattern)));
});
}Proposed fix
Implement delegation: on a delegate request derive the child lease, verify it is a strict subset (pattern coverage plus numeric cost.budget <= parent remaining, expires_at <= parent expires_at, and model.use subset), and reject violations with LEASE_SUBSET_VIOLATION. Replace the glob-based budget comparison in covers() with numeric/temporal comparison for cost.budget and expires_at.
Acceptance criteria
Category: spec-conformance Severity: major
Location:
arcp-core/src/main/java/dev/arcp/core/lease/Lease.java:72-106Spec: ARCP v1.1 §9.4 (also §10)
What
Lease.contains()is never called anywhere in the runtime, andLeaseSubsetViolationException/ErrorCode.LEASE_SUBSET_VIOLATIONare never thrown. An agent can emit aDelegateEventbut the runtime derives no child lease and performs no subset enforcement. §9.4/§10 require a delegated lease be a strict subset of the parent:cost.budgetmust not exceed the parent's remaining budget,expires_atmust not exceed the parent's,model.usemust resolve to a subset, with violations rejected asLEASE_SUBSET_VIOLATION. AdditionallyLease.containstreatscost.budgetamount strings as globs viacovers(), so even if wired it would not enforce the numeric budget bound.Evidence
Proposed fix
Implement delegation: on a delegate request derive the child lease, verify it is a strict subset (pattern coverage plus numeric
cost.budget<= parent remaining,expires_at<= parentexpires_at, andmodel.usesubset), and reject violations withLEASE_SUBSET_VIOLATION. Replace the glob-based budget comparison incovers()with numeric/temporal comparison forcost.budgetandexpires_at.Acceptance criteria
LEASE_SUBSET_VIOLATION; a valid strict subset is accepted and enforced on the child job.