doc(knowledge): substrate-b consumer integration — NEW-stack capability shape + plans#465
Merged
Merged
Conversation
…spondence Companion to lab-vs-canonical-surface.md (the rule) + hollow-wire-failure-modes.md (the failure mode). Captures the confirmed substrate-b ↔ OLD HIRO/Bardioc stack correspondence from three ground-truth sources: - Almato's own published OSS manifest (bitbucket.org/almatoag/opensource, the list r7.1 Product Description §5.5 cites) - OGIT closed-PR harvest (~493 PRs 2017-2026) - Almato Bardioc r7.1 Product Description (Oct 2025, 33 pages) 20-row correspondence table covers every confirmed OLD component → substrate-b primitive: Zitadel-stays + Security-Mesh bit-ops = palette256+Hamming + signed- audit = Lance-version-log + Kafka 0.8.2.2+ZooKeeper 3.4.6 = LanceVersionWatcher (in-proc) + Titan 0.4.4 → lance-graph + Gremlin 2.4 → lance-graph-planner + Cassandra → TiKV/surrealdb kv-lance + ES 1.7+Lucene 4.10 → Tantivy + ClickHouse+ Spark → DataFusion + InfluxDB → Lance versions + S3 → Lance fragments + swarm/ libcluster → ractor + sbroker/pobox → bounded mailbox + lru_cache/con_cache → dn_redis + rafted_value → openraft + gen_statem → Rubicon-as-ractor-actor (shape-exact) + expr → planner thinking + Jetty WS → substrate-b WS + Jena → OGIT compile-time check. Three load-bearing structural findings: 1. Three OLD components (Historisation + TSDB + audit) collapse to one NEW primitive (Lance versions) 2. Security Mesh bit-ops = palette256+Hamming (shape-exact) 3. gen_statem is the confirmed OLD-stack precedent for the Rubicon model (rafted_value uses it; state_enter/postpone/timeouts ARE Rubicon semantics) Boundary collapse documented: OLD 8 boundaries + 4 concurrency models → NEW 0 in-binary application boundaries + 1 retained external Go IAM + 1 concurrency model + honest Raft consensus tax. OGIT data model captured: 10 production workloads (BGFS, Auth/Device, three- layer identity Person/Account/DataScope, Documents, Automation, Knowledge, Tickets, OSINT, Org-lifecycle, Trust, Forms, MARS-survives-within-OGIT).
… NEW (Lance versions); Security Mesh = palette256+Hamming; gen_statem = Rubicon precedent PREPEND-only per board-hygiene rule. Records the three load-bearing structural findings from the substrate-b ↔ OLD HIRO/Bardioc capability correspondence, grounded in Almato's own published OSS manifest + the OGIT closed-PR harvest.
…ility-parity.md (companion to lab-vs-canonical-surface + hollow-wire) PREPEND-only per board-hygiene rule.
…ty shape + plans
REWRITE focusing on substrate-b NEW-stack capabilities only — no consumer-
internal specifications cross the upstream boundary. Captures: seven-capability
composition (lance-graph + surrealdb kv-lance + Tantivy + DataFusion + ractor +
LanceVersionWatcher + external Zitadel); three load-bearing primitives (Lance
versions multi-purpose / palette256+Hamming per-element auth / ractor Actor +
Lance-version-as-state-machine = Rubicon); built-today capability roadmap honest
accounting; the migration endpoint contract as substrate-b's dual-stack ground-
truth surface (POST /v1/{entity,edge,traverse,query,graphql,audit} + WS /v1/
stream + POST /v1/dispatch); five consumer integration patterns that fall out
of the primitives (3-in-1 collapse / ACL changes immediate-by-construction /
state history IS the version log / in-proc events are std::sync per I-2 /
OGAR is the data-model entry point); process rule for substrate-b consumers.
…ack primitives codified; consumer integration shape documented
…integration shape (companion to lab-vs-canonical-surface + hollow-wire-failure-modes)
|
Caution Review failedPull request was closed or merged during review 📝 WalkthroughWalkthroughThree documentation files create a unified reference for the substrate-b integration architecture: a comprehensive knowledge document specifying the capability shape, load-bearing primitives (Lance versioning, per-element authorization, Rubicon ractor state machine), capability roadmap, and migration endpoint contract; an epiphanies entry codifying the key discoveries; and an agent log recording the shipment. ChangesSubstrate-b Integration Documentation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 03149d7a4e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| - **Point-in-time query** = `dataset.checkout_version(V_ref)` — pin an immutable snapshot at any version | ||
| - **Time-series** = the version log itself — every commit is a versioned event with a timestamp | ||
| - **Immutable audit** = append-only by construction — versions never disappear; the log IS the audit trail |
There was a problem hiding this comment.
For deployments that run Lance version cleanup, this premise is unsafe: Lance 7.0.0 exposes Dataset::cleanup_old_versions and lance.auto_cleanup.* settings that can remove old versions, so the version log is not guaranteed to be an immutable audit trail unless consumers explicitly disable cleanup/tag retained versions. Because this doc later tells substrate-b consumers not to introduce separate audit storage, following it can make historical audit reads disappear after cleanup.
Useful? React with 👍 / 👎.
AdaWorldAPI
added a commit
that referenced
this pull request
Jun 4, 2026
…-policy-gated, not by-construction-immutable (codex P1 on #465) §2.1 audit bullet: renamed from 'Immutable audit' to 'Audit (retention-policy- gated)'; explicit retention guidance (disable auto-cleanup OR tag versions OR route to separate sink); regulatory-grade audit requires external signed write-once sink — Lance versions alone NOT a substitute. §5.1 collapse pattern: renamed from 'Three OLD components collapse to one' to 'Two-and-a-half OLD components collapse to one'; non-regulatory audit (with retention configured) shares Lance versions; regulatory audit remains a separate concern. The three-primitives codification (E-SUBSTRATE-B-CAPABILITY-ROADMAP) survives. Multi-purpose-Lance-versions claim still load-bearing — what changes is the audit guarantee + the consumer-default guidance. Codex P1 finding on #465: Lance 7.0+ exposes Dataset::cleanup_old_versions + lance.auto_cleanup.*; following the original 'introduce no separate store' guidance could make historical audit reads disappear after cleanup.
AdaWorldAPI
added a commit
that referenced
this pull request
Jun 4, 2026
…rsions-as-audit claim corrected to retention-policy-gated (codex P1 on #465)
AdaWorldAPI
added a commit
that referenced
this pull request
Jun 4, 2026
…bility-parity-fix fix(knowledge): audit retention caveat — Lance versions are retention-policy-gated, not by-construction-immutable (codex P1 on #465)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a knowledge doc capturing the substrate-b consumer integration shape: which lance-graph + ractor + surrealdb capabilities compose, the three load-bearing primitives consumers must understand, and an honest capability roadmap (built / partial / not-yet) so consumer integration sequencing isn't guessed.
This is the lance-graph-side complement to
lab-vs-canonical-surface.md(the rule) +hollow-wire-failure-modes.md(the failure mode) — adding "the capability shape this rule + failure mode protect."What the doc captures
§1 The seven-capability composition
A substrate-b integration of lance-graph composes:
lance-graph+ Lance versions as temporal axis)surrealdbkv-lancevia docs: mark Phase 2 DONE, add integration status and progress tracker Phase 2 (bgz17 container/semiring) verified complete — 121 tests passing. Added cross-repo integration status section to FINAL_STACK.md. Created PROGRESS.md tracking Plateaus 0-3 against master integration plan. https://claude.ai/code/session_01CdqyUTUfjKZuk8YGJzv6LB #35/docs: update FalkorCompat shim status in architecture map Documents that FalkorCompat currently only has blasgraph backend wired; DataFusion and palette backends not yet connected. https://claude.ai/code/session_01CdqyUTUfjKZuk8YGJzv6LB #36, or external TiKV)MessagingErr::SaturatedviaAdaWorldAPI/ractor#1)LanceVersionWatcher, std::sync, never tokio per I-2)auth-plugJWT validation)§2 Three load-bearing NEW-stack primitives
checkout_version(V)= point-in-time; the version log = time-series; append-only immutability = audit. Consumers should NOT introduce separate stores.Binary16K. Per-vertex bitmap materialised on write; check on read via bit-intersection; uncached / immediate-effect by construction. ACL changes at version V are in effect at every read at version ≥ V — no auth-cache to invalidate.§3 Honest capability roadmap
Built today: Lance versions,
LanceVersionWatcher(std::sync),MessagingErr::Saturated, surrealdb kv-lance, planner 16 strategies + 12 thinking styles + NARS,auth-plug, palette256+Hamming primitives, cognitive-shader-driver,EpisodicEdges64Phase A, OGAR Sprint 5/6 (#5/#6/#7/#8).Partial: lance-graph consumer surface, DataFusion OLAP surface, distributed actor topology, OGIT data-model coverage.
Not yet: Tantivy wiring, OGAR Sprint 7 (gated on protoc-build access), peer-Raft consensus pick (openraft / surreal-cluster / TiKV), the migration endpoint router (consumer-side), WS/gRPC Layer-3 outbound.
Gated:
DemotionSinkPhase C cold-tier impl (OQ-11.6),EpisodicWitness64Phase D SoA column (needsMailboxSoA<N>).§4 The migration endpoint contract
The substrate-b dual-stack ground-truth surface — same workload replayed against substrate-b AND the system being replaced, per-endpoint §14 verdict. The contract (minimal shape consumers extend per workload):
POST /v1/{entity,edge,traverse,query,graphql,audit}+ version-pinnable reads via?at=VWS /v1/streamproxiesLanceVersionWatcher::subscribe()(Layer-3 tokio outbound)POST /v1/dispatchis substrate-b-specific (no comparison)§5 Five integration patterns that fall out of the primitives
hollow-wire-failure-modes.mdfailure-mode magnet.ClassIR →MappingProposal→OntologyRegistry→ planner dispatch →LanceMembraneprojection →LanceVersionWatcherfan-out).§6 OGAR carrier integration sequence
5-step pattern for wiring new domain models through OGAR → lance-graph-ontology → lance-graph-planner → lance-graph-callcenter's
LanceMembrane.§7 Process rule
4-step strip-back check before proposing a new lance-graph integration trait / contract / coordination surface (capability roadmap → encoding ecosystem → lab-vs-canonical → hollow-wire).
Why it lives here (not in consumer repos)
Any substrate-b consumer integrating lance-graph + ractor + surrealdb hits the same correspondence questions: what's built, what's partial, which primitive serves which design pattern. Documenting it once upstream — alongside the rule (
lab-vs-canonical-surface.md) and the failure mode (hollow-wire-failure-modes.md) — lets every consumer reuse the answer without re-deriving.What's NOT in this doc
This is the substrate-b shape doc — capability composition + integration patterns + roadmap honesty. It does NOT cross consumer-internal boundaries: no specifications, versions, or shapes from any specific consumer system are referenced. Every cross-reference is to a lance-graph / surrealdb / ractor / OGAR PR or knowledge doc.
Board hygiene (per CLAUDE.md mandatory rule)
Same PR includes:
.claude/board/EPIPHANIES.mdPREPEND:E-SUBSTRATE-B-CAPABILITY-ROADMAP— codifies the three load-bearing NEW-stack primitives..claude/board/AGENT_LOG.mdPREPEND:D-SUBSTRATE-B-CONSUMER-DOC SHIPPED.Asks
.claude/knowledge/) — happy to relocate.substrate-b-capability-shape.mdor similar if that lands better given the rewrite's NEW-stack focus.Severity
P2 — preventive documentation. The capability roadmap + integration patterns are the natural reference any substrate-b consumer needs; this codifies them upstream so consumers don't have to re-derive them. Companion to existing
lab-vs-canonical-surface.md+hollow-wire-failure-modes.md.Summary by CodeRabbit