feat(KR-6): Python actor_has_capability helper — replaces assert_kora_can_perform stub, closes D-kr3-st1

[rafe-walker]

Summary

KR-6 ships the Python mirror of TS-side actorHasCapability (packages/sea-mcp-server/src/capability-matrix.ts:657) and closes D-kr3-st1-capability-check-deferred. The KR-3 ST1 stub at tools/iso_node.py:assert_kora_can_perform (which always allowed and logged the deviation ID) is replaced with a real check.

Cheapest-unlock follow-on per PM's pipeline-order note: no substrate dependency, ~120 LOC including tests, closes one of our own BUILD_DEVIATIONS entries.

New module: plugins/memory/isokron/capability_check.py

class CapabilityDeniedError(Exception):
    def __init__(self, capability: str, *, reason: str = "")

def actor_has_capability(capability: str) -> bool
def assert_kora_can_perform(capability: str, *, reason: Optional[str] = None) -> None

• actor_has_capability — O(1) dict lookup against the existing C2 mirror's ACTOR_CAPABILITY_MATRIX_KORA_COLUMN. Returns bool.
• assert_kora_can_perform — raises CapabilityDeniedError (carrying .capability + .reason) when Kora lacks the cap; KeyError propagates for unknown caps.
• Unknown capability raises KeyError (fail-LOUD) rather than the TS reference's fail-closed false. Python callers are inside Kora's own codebase, so an unknown cap is a programmer error worth surfacing during testing. TS callers ride through a Sea MCP JSON boundary where unknown caps can arrive from payloads — fail-closed there prevents privilege escalation via typo. Documented in the module docstring.

Stub replacement (4 files)

File	Change
plugins/memory/isokron/tools/iso_node.py	Local assert_kora_can_perform stub deleted; the public names re-export from ..capability_check so existing callers don't have to change import paths.
plugins/memory/isokron/tools/iso_link.py	Imports CapabilityDeniedError + assert_kora_can_perform directly from ..capability_check.
plugins/memory/isokron/tools/__init__.py	Re-exports the capability_check public surface (CapabilityDeniedError, actor_has_capability, assert_kora_can_perform).

Dispatcher catch — structured denial envelope

handle_iso_node_tool_call and handle_iso_link_tool_call now catch CapabilityDeniedError and surface it as:

{
  "ok": false,
  "denied": true,
  "capability": "...",
  "reason": "..."
}

Mirrors the deferred-write envelope pattern from KR-2 ST3 / ST4 / KR-3 ST2 — model gets an in-band signal rather than an uncaught exception. Today all 7 tools require caps Kora holds, so this path doesn't fire in normal operation; it's defensive against future cap shifts.

Forward-stability invariant

capability_check.py imports only ACTOR_CAPABILITY_MATRIX_KORA_COLUMN from the C2 mirror — no MCP / DB / network. When K-7 ships kora__read_kora_capability_row and a follow-on KR-N swap replaces the C2 mirror with a fresh-per-call MCP fetch, only that one import line changes — the helper's public surface stays identical.

Tested explicitly:

• test_module_has_no_network_or_db_imports_at_load_time — checks asyncpg, mcp, httpx, aiohttp absent from module source.
• test_capability_check_only_imports_the_mirror_dict — checks no imports of provider / connection / reads / scratchpad / events / relationlink.

Test plan

11 new tests in test_capability_check.py, all passing:

actor_has_capability (5):

• cap_sea_create → True (Sea-tier granted)
• cap_write_agent_scratchpad → True (Plan 02 primary writer)
• cap_override_security_or_policy_verdict → False (operator-only Cell C)
• cap_unbless_convention → False (operator-only, added 2026-05-20)
• Unknown cap → KeyError with diagnostic message

assert_kora_can_perform (4):

• Granted → silent return (no raise, no log)
• Denied → CapabilityDeniedError with .capability + default .reason
• Caller-supplied reason= overrides default
• Unknown cap → KeyError propagates (NOT CapabilityDeniedError)

Forward-stability (2):

• No MCP / DB / network imports at module load
• Module imports only the C2 mirror

Existing tests updated (3 files, parametrize flipped):

• test_iso_node_tools.py — deleted test_assert_kora_can_perform_stub_logs_deviation_id; added 3 replacement tests (granted-passes / denied-raises / unknown-raises-keyerror).
• test_iso_link_tools.py — flipped …_capability_check_logs_deviation to …_passes_silently (asserts no denial envelope + ok=True).
• test_tool_finalize.py — flipped parametrized test_every_iso_tool_logs_capability_stub_deviation to test_every_iso_tool_passes_capability_check_for_granted_caps (asserts no denial envelope across all 7 tools).

Gates

• ty check — 7,337 diagnostics, zero-delta vs KR-3 ST3 baseline.
• pytest tests/plugins/memory/ — 326/326 passing (11 new + 11 net from refactored deferred-log tests + 304 pre-KR-6).
• Full suite via xdist (-n auto): 24,649 passed / 142 failed / 129 skipped. Δ vs KR-3 ST3 (24,625/153/129): +24 passed, −11 failed. Same tests/tools/* + tests/skills/* xdist isolation noise; none touch plugins/memory/isokron/.

Rule-6 / BUILD_DEVIATIONS / Open asks

Closed: D-kr3-st1-capability-check-deferred moved from Open to a new Closed section in BUILD_DEVIATIONS.md with the KR-6 spec quote + the forward-stability invariant inline.

4 deferrals remain open pending CC#1 substrate buckets:

Deviation	Closes when
D-kr2-st2-capability-matrix-mirror	K-7
D-kr2-st3-no-scratchpad-write-mcp-tool	K-8
D-kr2-st4-no-chain-emit-mcp-tool	K-9
D-kr3-st2-no-relationlink-write-mcp-tool	K-10

All four follow the same shape: signature is forward-stable, body swaps from raise <DeferredError> to mcp_client.invoke(...) when the substrate dependency lands.

README "Operator pitfalls" table trimmed from 5 to 4 rows; a "Recently closed" note replaces the entry so operators see the resolution at a glance.

Standing by for the K-7/K-8/K-9/K-10 substrate dispatches → 4 small mechanical follow-on KR-N swap PRs on this lane.

🤖 Generated with Claude Code