yoi/work-items/closed/20260604-234844-feature-api-authority-separation/resolution.md

Feature API authority separation is complete and merged.

Implementation:

- `4fc361f refactor: name feature host authorities explicitly`
- merge commit: `b46ea65 merge: clarify feature host authorities`

Summary:

- Renamed the generic feature authority API surface to explicit host-authority terminology:
  - `AuthorityRequest` -> `HostAuthorityRequest`
  - `AuthorityGrantSet` -> `HostAuthorityGrantSet`
  - `AuthorityDenial` -> `HostAuthorityDenial`
  - `requested_authorities` -> `requested_host_authorities`
  - `required_authorities` -> `required_host_authorities`
  - `granted_authorities` -> `host_authority_grants`
  - `grants()` -> `host_authority_grants()`
  - `FeatureInstallError::AuthorityDenied` -> `HostAuthorityDenied`
- Preserved descriptor-first validation, duplicate tool rejection, undeclared contribution rejection, missing host-authority install failure, and built-in Task feature behavior.
- Added/updated tests/comments to make contribution declarations separate from host authority grants.
- Did not implement Ticket tools, external plugin loading, approval/resume protocol, MCP, WASM/sandbox runtime, feature crate extraction, Hook behavior changes, or Task behavior changes.

Review:

- External sibling reviewer approved with no blockers and no required non-blockers.
- Residual note: `HostAuthorityGrantSet::grant_all(&descriptor.requested_host_authorities)` remains the existing builtin-only scaffold, not a real external-plugin approval resolver. This is unchanged and remains future work.

Post-merge validation passed:

- `cargo test -p pod feature --lib`
- `cargo test -p pod task --lib`
- `cargo test -p pod --lib`
- `cargo test -p llm-worker --lib`
- `cargo fmt --check`
- `git diff --check`
- `./tickets.sh doctor`
- `cargo check --workspace --all-targets`
- `nix build .#yoi --no-link`

This clears the API naming prerequisite for `ticket-built-in-feature-tools`.