---
phase: 02-safety-sandboxing
plan: 04
type: execute
wave: 3
depends_on: [02-01, 02-02, 02-03]
files_modified: [src/safety/__init__.py, src/safety/coordinator.py, src/safety/api.py, tests/test_safety_integration.py]
autonomous: true

must_haves:
  truths:
    - "Security assessment, sandbox execution, and audit logging work together"
    - "User can override BLOCKED decisions with explanation"
    - "Resource limits adapt to available system resources"
    - "Complete safety flow is testable and verified"
  artifacts:
    - path: "src/safety/coordinator.py"
      provides: "Main safety coordination logic"
      min_lines: 50
    - path: "src/safety/api.py"
      provides: "Public safety interface"
      min_lines: 30
    - path: "tests/test_safety_integration.py"
      provides: "Integration tests for safety systems"
      min_lines: 40
  key_links:
    - from: "src/safety/coordinator.py"
      to: "src/security/assessor.py"
      via: "security assessment"
      pattern: "SecurityAssessor.*assess"
    - from: "src/safety/coordinator.py"
      to: "src/sandbox/executor.py"
      via: "sandbox execution"
      pattern: "SandboxExecutor.*execute"
    - from: "src/safety/coordinator.py"
      to: "src/audit/logger.py"
      via: "audit logging"
      pattern: "AuditLogger.*log"
    - from: "src/safety/coordinator.py"
      to: "config files"
      via: "policy loading"
      pattern: "yaml.*safe_load"
---

<objective>
Integrate all safety components into unified system with user override capability.

Purpose: Combine security assessment, sandbox execution, and audit logging into coordinated safety system with user override for BLOCKED decisions and adaptive resource management per CONTEXT.md specifications.
Output: Complete safety infrastructure that assesses, executes, and logs code securely with user oversight.
</objective>

<execution_context>
@~/.opencode/get-shit-done/workflows/execute-plan.md
@~/.opencode/get-shit-done/templates/summary.md
</execution_context>

<context>
@.planning/PROJECT.md
@.planning/ROADMAP.md
@.planning/STATE.md

# Research references
@.planning/phases/02-safety-sandboxing/02-RESEARCH.md
</context>

<tasks>

<task type="auto">
  <name>Task 1: Create safety coordinator</name>
  <files>src/safety/__init__.py, src/safety/coordinator.py</files>
  <action>Create SafetyCoordinator class that orchestrates security assessment, sandbox execution, and audit logging. Implement execute_code_safely(code, user_override=False) method that: 1) runs security assessment, 2) if BLOCKED and no override, requests user confirmation, 3) executes in sandbox with resource limits, 4) logs all events, 5) returns result with security metadata. Handle adaptive resource allocation based on code complexity and available system resources.</action>
  <verify>python -c "from src.safety.coordinator import SafetyCoordinator; print('SafetyCoordinator imported successfully')"</verify>
  <done>SafetyCoordinator coordinates all safety components with proper user override handling</done>
</task>

<task type="auto">
  <name>Task 2: Implement safety API interface</name>
  <files>src/safety/api.py</files>
  <action>Create public API for safety system. Implement SafetyAPI class with methods: assess_and_execute(code), get_execution_history(limit), get_security_status(), configure_policies(policies). Provide clean interface for other system components to use safety functionality. Include proper error handling, input validation, and response formatting.</action>
  <verify>python -c "from src.safety.api import SafetyAPI; print('SafetyAPI imported successfully')"</verify>
  <done>SafetyAPI provides clean interface to all safety functionality</done>
</task>

<task type="auto">
  <name>Task 3: Create integration tests</name>
  <files>tests/test_safety_integration.py</files>
  <action>Create comprehensive integration tests for safety system. Test cases: 1) LOW risk code executes successfully, 2) MEDIUM risk executes with warnings, 3) HIGH risk requires user confirmation, 4) BLOCKED code blocked without override, 5) BLOCKED code executes with user override, 6) Resource limits enforced, 7) Audit logs created for all operations, 8) Hash chain tampering detected. Use pytest framework with fixtures for sandbox and mock components.</action>
  <verify>cd tests && python -m pytest test_safety_integration.py -v</verify>
  <done>All integration tests pass, safety system works end-to-end</done>
</task>

</tasks>

<verification>
- SafetyCoordinator successfully orchestrates all components
- User override mechanism works for BLOCKED decisions
- Resource limits adapt to system availability
- All security event types are logged
- Integration tests cover all scenarios
- Hash chain tampering detection works
- API provides clean interface to safety functionality

</verification>

<success_criteria>
Complete safety infrastructure integrated and tested, providing secure code execution with user oversight, adaptive resource management, and comprehensive audit logging.
</success_criteria>

<output>
After completion, create `.planning/phases/02-safety-sandboxing/02-04-SUMMARY.md`
</output>