Skip to content

routine: dynamic-workflow-tripwire (2026-05-29)#23

Draft
jim4226 wants to merge 1 commit into
mainfrom
claude/daily-2026-05-29-dynamic-workflow-tripwire
Draft

routine: dynamic-workflow-tripwire (2026-05-29)#23
jim4226 wants to merge 1 commit into
mainfrom
claude/daily-2026-05-29-dynamic-workflow-tripwire

Conversation

@jim4226
Copy link
Copy Markdown
Owner

@jim4226 jim4226 commented May 29, 2026

Summary

Adds dynamic_workflow_escalation to _TRIP_PATTERNS in csis/safety/tripwires.py. Fires when agent-produced text requests dynamic workflow invocation or large-scale parallel agent spawning — both T2+ capabilities that exceed CSIS's Phase-0 T1 ceiling.

Source

  • URL: https://code.claude.com/docs/en/changelog (v2.1.154, 2026-05-28)
  • Key entry: "Workflow keyword trigger setting added to prevent 'workflow' in prompts from triggering dynamic workflows" — Claude Code shipped a containment primitive to prevent accidental T2+ invocation from user prompts.

Theme

Theme 3 — Constitutional / safety primitives (also Theme 6 — Substrate / capability boundaries). Claude Code v2.1.154 introduced dynamic workflows capable of spawning "hundreds of parallel agents in a single session." Under CSIS's tier model this is T2+ (network egress, persistent state across sandbox). The platform's keyword guard shows the failure mode is real: user prompts containing "workflow" accidentally triggered the feature. CSIS faces the same risk from agent-generated text: a Builder or Researcher whose output contains dynamic workflow invocation language could be interpreted by a downstream Claude Code session as an instruction to escalate capability. Adding a tripwire at the text-scan layer catches this before the artifact reaches the promotion gate.

What changed

File Change
csis/safety/tripwires.py New dynamic_workflow_escalation pattern in _TRIP_PATTERNS. Catches: "create a dynamic workflow", "orchestrate hundreds of subagents", "spawn 100+ workers". Does not catch CSIS's own sequential sub-agent descriptions or generic "workflow" references.
tests/test_safety.py 5 new tests: 3 fire cases (literal "dynamic workflow", hundreds of agents, triple-digit count) + 2 false-positive guards (sequential agent description, generic workflow term).

No cycle-9 chokepoints touched

_TRIP_PATTERNS is a module-level list. Coordinator.__init__, _BackendTracker, writer_iteration_id, and the promotion CAS are all untouched. The Tripwires instance in the Coordinator picks up the new pattern at construction time via list(_TRIP_PATTERNS).

Test plan

python -m pytest tests/test_safety.py -v   # 11 passed (6 before + 5 new)
python -m pytest tests/ -q                 # 255 passed, 0 failed

Generated by Claude Code

@claude
feat(safety): add dynamic_workflow_escalation tripwire (v2.1.154 parity)
f3e4cae 
Claude Code v2.1.154 introduced dynamic workflows — a feature that can
spawn hundreds of parallel agents in a single session (T2+ capability in
CSIS's tier model). The same release added a keyword guard to prevent
accidental invocation. CSIS needs the equivalent defensive primitive.

Adds dynamic_workflow_escalation to _TRIP_PATTERNS. Fires when
agent-produced text requests explicit dynamic workflow creation or
large-scale (100+) parallel agent spawning. Does not fire on CSIS's own
sequential sub-agent descriptions or generic "workflow" references.

Touches: csis/safety/tripwires.py (_TRIP_PATTERNS list)
Tests: 5 new in tests/test_safety.py (3 fire cases + 2 false-positive guards)
@jim4226 jim4226 mentioned this pull request May 29, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jim4226 @claude