Close FORGE cycle-002 ConstructAdmissionBundle producer#9
Merged
Conversation
Add producer-side ConstructAdmissionBundle shape constants for cycle-002 sprint S03-A. Includes five-member bundle layout constants, manifest field sets, closed enum values, versioning semantics, construct_source_ref, nullable publisher-authenticity field names, and MAX_ALLOWED_BUDGET. Scope is shape/constants only: no emitter, bundle output, validator, admission parser, signing, runtime import, ProposalEnvelope change, tests, fixtures, dependency change, or Echelon/backend path write. Reviewed-by: Loa review S03-A Audited-by: Loa audit S03-A Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add the S03-B ConstructAdmissionBundle producer skeleton. Includes guarded construct_slug handling before path construction, minimal 5-member bundle assembly, local disk-output helper for ignored build/construct-bundles/<construct_slug>/ targets, receipt member hashing/digest assembly using existing receipt primitives, calibration_ref:null, and nullable publisher-authenticity fields. Scope is an unsigned local skeleton only: no ProposalEnvelope change, runtime import, validation/admission/parser logic, signature production, signature verification, signer/keyring/revocation use, tests, fixtures, dependency change, or Echelon/backend path write. Carry-forward: S03-C must replace skeleton oracle/settlement placeholders with real source namespace and settlement_authority authoring; S03-D should whitelist receipt member names against BUNDLE_MEMBERS; S03-D/S03-F should pin emitted_at int-vs-datetime behavior. Reviewed-by: Loa review S03-B Audited-by: Loa audit S03-B Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add the S03-C ConstructAdmissionBundle oracle and settlement authoring path. Implements narrow BREATH worked-path authoring for forge-side oracle declarations, construct_source_ref provenance, TRUST_REGISTRY-key source_id canonicalization, registry-derived trust_tier, and required settlement_authority with T0/T1 settlement enforcement. Updates bundle assembly so final authored output replaces S03-B skeleton oracle/settlement placeholders while keeping skeleton mode clearly non-final. Scope remains producer authoring only: no trust registry mutation, selector/rules mutation, construct metadata mutation, ProposalEnvelope change, Echelon admission/validation/parser runtime, signature production, signature verification, tests, fixtures, dependency change, or backend path write. Carry-forward: S03-F/future hardening should guard getTrustTier prototype-key behavior with a string/enumeration check in authorOracleDeclaration and add regression coverage. S03-D/S03-F should continue carrying receipt member whitelist and emitted_at int-vs-datetime follow-ups. Reviewed-by: Loa review S03-C Audited-by: Loa audit S03-C Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add the S03-D ConstructAdmissionBundle receipt hardening path. Introduces receipt member whitelisting derived from BUNDLE_MEMBERS, rejects missing/extra/duplicate/path-traversal/receipt-in-members cases before digesting, preserves exactly the four non-receipt bundle members, and keeps deterministic sha256/canonicalize-based bundle_digest construction using existing receipt primitives. Updates bundle assembly and disk-write paths to delegate receipt construction and whitelist emitted member filenames while preserving S03-C authored oracle/settlement behavior. Scope remains receipt/digest hardening only: no signature production, signature verification, signer/keyring/revocation/trust-policy use, ProposalEnvelope change, Echelon admission/validation/parser runtime, tests, fixtures, dependency change, or backend path write. Carry-forward: S03-D′ signature production remains deferred. S03-D/S03-F should continue tracking emitted_at int-vs-datetime alignment. S03-F/future hardening should cover prototype-key getTrustTier behavior and receipt/member regression cases. Reviewed-by: Loa review S03-D Audited-by: Loa audit S03-D Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add the S03-E ConstructAdmissionBundle markdown member materialization path. Materializes SKILL.md, reality.md, and handoff.md for the narrow BREATH worked path while preserving the five-member bundle layout, S03-C oracle/settlement authoring, and S03-D hardened receipt/digest behavior. SKILL.md carries disabled skillopt_config, bounded edit budget, brier threshold surface, slow/protected update structure, and bundle_member_hash:null as a self-reference-safe deferred field. reality.md carries protected parameter provenance with provenance_manifest_signed:false. handoff.md carries bounded-editable theatre trigger structure with no payout terms. Scope remains producer markdown materialization only: no SkillOpt import/vendor/run, backend/skills write, payout surface, signature production, signature verification, ProposalEnvelope change, Echelon admission/validation/parser runtime, tests, fixtures, dependency change, or backend path write. Carry-forward: S03-F should cover the BREATH-only materializer gate, bundle_member_hash:null parser compatibility with Echelon, reality.md per-entry hash semantics, feed_id provenance, echelon/lattice identifier escaping before any such path is exercised, receipt whitelist regressions, and getTrustTier prototype-key hardening. Reviewed-by: Loa review S03-E Audited-by: Loa audit S03-E Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add the S03-F ConstructAdmissionBundle conformance and regression hardening slice. Adds bundle-focused tests for receipt member whitelist attacks, prototype-key trust-tier hardening, BREATH-only final materializer coherence, markdown/YAML identifier safety, bundle_member_hash:null posture, reality.md per-entry content_hash semantics, emitted_at determinism, and producer-boundary/no-runtime-leak checks. Hardens the producer surface by rejecting malformed/non-enum trust tiers in oracle authoring, guarding markdown/YAML identifier interpolation before future echelon/lattice use, and preventing final non-BREATH materialization from emitting BREATH content under another slug. Scope remains conformance/hardening only: no signature production, signature verification, S03-D′, SkillOpt runtime/import/vendor/run, backend/skills write, ProposalEnvelope change, Echelon admission/validation/parser runtime, dependency change, package/workflow change, or master merge. Carry-forward: boundary import tests should be strengthened for multi-line import syntax in a future hardening pass. The residual hand-built settlement literal with trust_tier:Object.prototype remains unreachable from current producer APIs and is a precondition to revisit before any future runtime/CLI wiring. Reviewed-by: Loa review S03-F Audited-by: Loa audit S03-F Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Close FORGE cycle-002 — ConstructAdmissionBundle producer (sprints 00–03)
Cycle scope: sprints 00–03. Sprint-03 is the final cycle-002 sprint.
Accepted integration tip:
9dddc958420a01074faf408325daec8318a9dfd9(S03-F).Delta: 17 files, +2505, confined to
src/bundle/(12) +test/unit/bundle-*.spec.js(5).master…cycle-002-integration=0/6(clean linear descendant of master).Claim ceiling (do not exceed)
FORGE can emit a local, content-addressed
ConstructAdmissionBundleproducer artifact for the narrow BREATH worked path matching the Cycle-113 receiving surface shape.Non-claims (explicit)
No Echelon admission · parser acceptance · certification · calibration improvement · optimization · signature production · signature verification · signature-based acceptance · SkillOpt execution · backend skill publication · L2 readiness · release readiness · broad multi-theatre · broad multi-construct · runtime/CLI readiness.
Delivered (S03-A…G)
255365febundle shape constantsd4dd6e0cunsigned-but-receivable emitter skeletondb5ad783BREATH oracle/settlement authoring (fail-closed settlement T0/T1)6724665ehardened receipt/digest layere9152da0SKILL.md / reality.md / handoff.md materialization9dddc958conformance/regression (47 tests) + no-runtime-leak checksValidation
src/ir/ProposalEnvelope change; no signer/keyring/revocation/verify; no SkillOpt (skillopt_config.enabled:false); nobackend/skills/; no payout terms; no dependency change (package.json0.3.0).Deferred (carry-forward — NOT in this cycle)
S03-D′ signature production (explicit future scope); multi-line import boundary-test hardening;
settlement.jsprototype-literal guard;bundle_member_hash:nullparser compat;emitted_atint-vs-datetime;reality.mdper-entrycontent_hashsemantics;feed_idgrounding; beyond-BREATH generalization;forge-ewafixture hygiene; FORGE-003 scope.⚠ Release / merge posture (operator-gated — read before merging)
mastermerge is operator-approved; do not auto-merge.cycle-002→ post-merge classifies ascycle→full-pipeline, which requiressecrets.ANTHROPIC_API_KEY(its shell-only fallback is documented-broken). Without the secret set, the post-merge run will fail. Rename to a non-cycle-NNNtitle to route tosimple-releaseinstead, or ensure the secret is set.v0.2.4; there is nov0.3.0tag despitepackage.json/CHANGELOG0.3.0.semver-bump.shalso detects[skip release]/[no-bump]markers in range → would skip tagging. No path cleanly cutsv0.4.0without an operator version/tag decision.--ff-onlypush before merging.🤖 Generated with Claude Code