Struct SpawnContext 

pub struct SpawnContext {
    pub parent_messages: Vec<Message>,
    pub parent_cancel: Option<CancellationToken>,
    pub parent_provider_name: Option<String>,
    pub spawn_depth: u32,
    pub mcp_tool_names: Vec<String>,
    pub seed_trajectory_score: Option<f32>,
    pub content_isolation: ContentIsolationConfig,
    pub orchestrator_name: Option<String>,
    pub orchestrator_role: Option<String>,
    pub session_mcp_servers: Vec<McpServerConfig>,
    pub max_trust_level: Option<SkillTrustLevel>,
    pub inherited_tool_allowlist: Option<HashSet<String>>,
}

Parent-derived state propagated to a spawned sub-agent at spawn time.

All fields default to empty/None, preserving existing behavior when callers pass SpawnContext::default().

Constraint propagation

max_trust_level and inherited_tool_allowlist implement transitive constraint propagation: safety constraints set at orchestration time are enforced on every sub-agent in the spawn chain, regardless of nesting depth.

When a sub-agent spawns its own sub-agents it must forward these fields downward so that grandchild agents cannot silently receive more privileges than the original orchestration policy allowed.

Examples

use zeph_subagent::manager::SpawnContext;

// Minimal context — all fields use their defaults.
let ctx = SpawnContext::default();
assert!(ctx.parent_messages.is_empty());
assert_eq!(ctx.spawn_depth, 0);
assert!(ctx.max_trust_level.is_none());
assert!(ctx.inherited_tool_allowlist.is_none());

Fields

parent_messages: Vec<Message>

Recent parent conversation messages (last N turns).

parent_cancel: Option<CancellationToken>

Parent’s cancellation token for linked cancellation (foreground spawns).

parent_provider_name: Option<String>

Parent’s active provider name (for context propagation).

spawn_depth: u32

Current spawn depth (0 = top-level agent).

mcp_tool_names: Vec<String>

MCP tool names available in the parent’s tool executor (for diagnostics).

seed_trajectory_score: Option<f32>

Seeded trajectory risk score from the parent sentinel (spec 050 §4).

When Some, the subagent’s TrajectorySentinel starts with this pre-seeded score rather than 0.0, preventing a subagent spawn from acting as a free risk reset. The subagent loop applies this via TrajectorySentinel::seed_score after build.

content_isolation: ContentIsolationConfig

Parent’s content isolation config, propagated so the subagent loop can run the same sanitizer settings on hook-replaced tool output.

orchestrator_name: Option<String>

Name of the orchestrator that spawned this subagent.

When set, the subagent’s system prompt includes an identity header naming the orchestrator, so the subagent can validate that instructions are consistent with the expected authority.

orchestrator_role: Option<String>

Role or task label of the orchestrating agent (e.g., "planner", "tool-router").

Injected alongside orchestrator_name when both are set. Omitted from the identity header when only orchestrator_name is provided.

session_mcp_servers: Vec<McpServerConfig>

Per-session MCP servers to inject into this subagent’s tool name annotations.

The parent is responsible for connecting these servers and including them in the tool_executor passed to SubAgentManager::spawn. This field only carries the server metadata so the subagent’s system prompt lists the additional tool names.

max_trust_level: Option<SkillTrustLevel>

Maximum trust level cap inherited from the parent agent or orchestration policy.

When Some(cap), the spawned sub-agent’s effective trust level is clamped to min(own_trust, cap) so that sub-agents can never receive higher privileges than the orchestration policy originally allowed.

Caller responsibility for nested spawns

This field does not propagate automatically. When a sub-agent itself spawns a grandchild, it must copy this field from its own received SpawnContext into the grandchild’s SpawnContext. Passing None (the default) at that point means the grandchild receives no cap, which is a privilege escalation if the parent was constrained. Only the top-level session (spawned by build_spawn_context) correctly leaves this None — that represents an unconstrained top-level entry point.

None means no cap is imposed by the parent (the sub-agent’s own definition determines its trust level).

inherited_tool_allowlist: Option<HashSet<String>>

Tool names that this sub-agent is allowed to invoke, inherited from the parent.

When Some(set), the effective tool allowlist for the spawned agent is the intersection of set and the agent’s own definition policy. This prevents a sub-agent from accessing tools that the parent is itself not allowed to use.

Caller responsibility for nested spawns

Like max_trust_level, this field does not propagate automatically. When a constrained sub-agent spawns its own children, it must copy this field from its received SpawnContext into the child’s SpawnContext. Passing None at that point would grant the grandchild unrestricted tool access, defeating the original orchestration policy.

None means no additional allowlist restriction is imposed by the parent (the agent’s definition policy applies without narrowing).

Trait Implementations

impl Default for SpawnContext

fn default() -> SpawnContext

Returns the “default value” for a type.