# Approved-Action Dispatcher Audit

Date: 2026-05-13

## Summary

Approved actions should execute through deterministic trusted-runtime ownership,
not Codex wakeups, pane scraping, or manual continuation. Telegram/local answers
authorize intent through operator-questions; the approved-action dispatcher
validates freshness and either executes a registered action or blocks with a
structured reason.

## Action Audit

| Action | Current owner | Dispatcher ownership | Risk | E2E coverage | Decision |
| --- | --- | --- | --- | --- | --- |
| `close_commit` | approved-action dispatcher -> close command -> operator-daemon actions | Yes | High | Fixture dry-run and real fixture commit | Migrate now. This is lifecycle-critical and should not depend on Codex continuation. |
| `write_temp_file` | approved-action dispatcher | Yes | Low | Live Telegram and fixture tests | Keep as harmless E2E/smoke action only. |
| `simulated_approved_action` | approved-action dispatcher | Yes | Low | Fixture tests | Keep as fixture-only dispatcher action. |
| `git_add_approved` | operator-daemon | Indirect via `close_commit` or explicit daemon request | High | Operator-daemon fixture tests | Keep daemon-owned. Dispatcher should not duplicate git staging logic. |
| `git_commit` | operator-daemon | Indirect via `close_commit` or explicit daemon request | High | Operator-daemon fixture tests | Keep daemon-owned. Dispatcher should not duplicate git commit logic. |
| `complete_chunk` | operator-daemon | Indirect via `close_commit` or explicit daemon request | Medium | Operator-daemon/workflow tests | Keep daemon-owned. Dispatcher owns approved lifecycle orchestration. |
| `dev_server_start/restart/stop` | operator-daemon/runtime-supervisor depending on target | Not by default | Medium | Daemon/supervisor fixture tests | Remain daemon/supervisor actions; dispatcher ownership only if a durable approved action is later needed. |
| `capture_screenshots` | operator-daemon | Not by default | Medium | Daemon tests, browser smoke when available | Remain daemon-owned; dispatcher may orchestrate later if screenshots become post-approval durable actions. |
| `telegram_bridge_start/restart/stop` | operator-daemon/runtime-supervisor | Not by default | Medium | Daemon tests | Remain daemon/supervisor-owned. |
| `codex_io_bridge_restart` | runtime-supervisor | No | Low | Supervisor tests | Remains recovery/observability only; Codex I/O is not execution-critical. |
| `approved_action_dispatcher_restart` | runtime-supervisor | No | Medium | Supervisor tests and trusted restart validation | Remains supervisor-owned because the dispatcher should not restart itself. |
| `operator_daemon_restart` | runtime-supervisor | No | High | Supervisor tests | Remains supervisor-owned because daemon cannot reliably restart itself. |

## Migration Rule

Dispatcher ownership is appropriate when an approved action may outlive a Codex
run and must continue deterministically after Telegram approval. The dispatcher
must validate approval freshness and delegate bounded privileged work to
registered daemon/supervisor actions where possible.

Dispatcher ownership is not appropriate for arbitrary shell commands,
long-running app services, or raw git operations. Those stay in the trusted
daemon/supervisor action allowlist.

## Remaining Manual/Deferred Items

- Real production use of `close_commit` should be live-tested on a reviewed
  chunk only after human approval.
- `capture_screenshots` and dev-server lifecycle can remain daemon actions until
  they need durable approved-action continuation.
- No websocket/event bus or Codex wake listener is needed for this phase.