Skip to content

docs(rbac+lift): probe step-4 partial-green + nine-domain promotion decision#112

Merged
AdaWorldAPI merged 1 commit into
mainfrom
claude/medcare-bridge-lance-graph-wmx76z
Jun 23, 2026
Merged

docs(rbac+lift): probe step-4 partial-green + nine-domain promotion decision#112
AdaWorldAPI merged 1 commit into
mainfrom
claude/medcare-bridge-lance-graph-wmx76z

Conversation

@AdaWorldAPI

Copy link
Copy Markdown
Owner

What & why

Two commits: the 0x0B AuthStore mint (already merged-equivalent on main; carried here for branch alignment) and a docs commit recording two decisions from this session.

1. RBAC keystone §10 — step-4 PARTIAL GREEN

PROBE-OGAR-RBAC-AUTHORIZE is the gate before consumer-collapse. The classid-keyed authorize() now reproduces the shipped membrane gate (lance_graph_rbac::Policy::evaluate) bit-for-bit — the "reconcile the shipped MembraneGate path with the keystone" framing of ISS-RBAC-AUTHORIZE-BY-CLASSID. Impl + probe live in AdaWorldAPI/lance-graph PR #598 (lance-graph-rbac/src/authorize.rs).

  • Certifies the §5 positive ∧ op-gate half + §11 classid re-keying → CONJECTURE→FINDING for the in-repo reference.
  • Stage-2 row-scope + projecting Allow{scope,mask} stay CONJECTURE; scope-bearing references (Odoo ir.model.access ∧ ir.rule, OpenFGA) are the follow-on probes. The keystone stays CONJECTURE as a whole until a scope-bearing reference is green.

2. Nine-domain promotion — DECISION: no bulk Cross-walk

The nine Lift-tested NTO domains (Transport, Accounting, SalesDistribution, Credit, Cost, ServiceManagement, WorkOrder, Compliance, Audit) correctly stay un-minted:

  • 6 are upstream-owned (arago/almato authorship → coordination-gated; a codebook id is stable forever).
  • Accounting/Audit are already homed (0x02XX commerce / ADR-013 Audit-as-Lance-version).
  • WorkOrder is ours (woa-rs) but minting now is speculative — gated on woa-rs's consumer-collapse.
  • Nine simultaneous mints would re-trigger the cross-repo COUNT_FUSE break just fixed in lance-graph.

Promoted rule: Lift-tested → Cross-walked is demand-driven + ownership-gated, never a completeness sweep. Round-trip proves the shape lands; it does NOT imply the id should mint. Per-domain gate table + general rule in EPIPHANIES.md E-NINE-DOMAIN-PROMOTION-DEFERRED; catalogue step-4 cross-references it.

Files

  • docs/CLASSID-RBAC-KEYSTONE-SPEC.md — §10 STEP-4 STATUS block.
  • docs/OGIT-DOMAIN-LIFT-CATALOGUE.md — promotion-gate cross-ref.
  • .claude/board/EPIPHANIES.mdE-NINE-DOMAIN-PROMOTION-DEFERRED.

Docs-only on top of the mint; no codebook-count change → no consumer impact.

🤖 Generated with Claude Code


Generated by Claude Code

…ecision

(1) RBAC keystone §10: mark PROBE-OGAR-RBAC-AUTHORIZE step-4 PARTIAL GREEN.
The classid-keyed authorize() reproduces the shipped membrane gate
(lance_graph_rbac::Policy::evaluate) bit-for-bit — positive ∧ op-gate half
+ §11 classid re-keying promoted CONJECTURE->FINDING for the in-repo
reference. Stage-2 row-scope + projecting Allow{scope,mask} stay CONJECTURE
(scope-bearing references Odoo ir.rule / OpenFGA are the follow-on probes).
Impl: lance-graph/crates/lance-graph-rbac/src/authorize.rs.

(2) Nine-domain promotion DECISION: no bulk Cross-walk. The Lift-tested
domains correctly stay un-minted — most are upstream-owned (arago/almato
coordination-gated), Accounting/Audit are already homed (0x02XX / ADR-013),
WorkOrder (ours) waits on woa-rs consumer-collapse. Lift-tested → Cross-walked
is demand-driven + ownership-gated, never a completeness sweep. Per-domain
gate table + general rule in EPIPHANIES E-NINE-DOMAIN-PROMOTION-DEFERRED;
catalogue step-4 cross-references it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@AdaWorldAPI AdaWorldAPI merged commit 4b88f8e into main Jun 23, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants