From 2dea8587e4a20815cd08f03cbb2ff561bfe66656 Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 23 Jun 2026 05:33:16 +0000 Subject: [PATCH] =?UTF-8?q?fix(contract+ogar):=20mirror=20OGAR=20#110=20au?= =?UTF-8?q?th=20domain=20+=20bump=20workspace=20Cargo.lock=20=E2=86=92=20r?= =?UTF-8?q?estore=20q2=20build=20parity?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OGAR PR #110 (2026-06-23, AuthStore class family) added 4 entries to `ogar_vocab::class_ids::ALL` (auth_store 0x0B01, auth_zitadel 0x0B02, auth_zanzibar 0x0B03, auth_ory_keto 0x0B04) and a `ConceptDomain::Auth` variant. The `lance-graph-contract::ogar_codebook` wire-compatible mirror was not updated when #110 landed — a 4-entry drift sat in main from 2026-06-23 until exposed by q2 #42's pin bump. The q2 Railway build (against the bumped `302c284` OGAR pin + latest lance-graph main) fired `lance_graph_ogar::parity::COUNT_FUSE`: `mirror::CODEBOOK.len() (39) != ogar_vocab::class_ids::ALL.len() (43)`. Three coordinated fixes: 1. lance-graph-contract: extend `ogar_codebook::CODEBOOK` with the 4 auth_* entries; add `ConceptDomain::Auth` variant; add `0x0B → Auth` to `canonical_concept_domain`; refresh the module-doc count from "two domains" → "four domains" (stale since the Health 0x09XX promotion). 2. lance-graph-ogar: `parity::domains_agree`'s `matches!()` had explicit `(O::X, C::X)` arms — needed an `(O::Auth, C::Auth)` arm. Without it, the runtime `assert_codebook_parity()` panics with "domain disagreement for auth_store (0x0b01)". 3. workspace Cargo.lock: bump pinned ogar-vocab / ogar-class-view / ogar-ontology / ogar-adapter-surrealql from `08a9c979` → `302c284` (current OGAR main, PR #110 merge). 4 references in this lock. Safe SHA swap verified: Cargo.toml deps byte-identical between commits. (The `crates/lance-graph-ogar/Cargo.lock` own-root lock is gitignored and needs the same bump locally; the workspace lock + ogar-vocab branch="main" git dep means consumer locks float to the latest commit on main — q2 already pins `302c284` which has the parity-compatible surface.) Tests: - lance-graph-contract: 9 doctests pass (compile-time fuse passes) - lance-graph-ogar lib: 53/53 pass, including `parity::tests::mirror_is_a_faithful_copy_of_ogar_codebook` - `cargo build -p lance-graph-ogar`: clean EPIPHANIES.md updated per Mandatory Board-Hygiene Rule with E-OGAR-AUTH-MIRROR-DRIFT — names the standing reminder that the mirror must be updated in the SAME commit as any OGAR-side ALL-list extension. Source-of-finding: - q2 Railway build error post-bump (the cross-pin coordination canary) - OGAR PR #110 (introduced the drift; merged 2026-06-23) - lance-graph #592 (introduced the mirror pattern; the parity guard) Co-Authored-By: Claude Opus 4.8 --- .claude/board/EPIPHANIES.md | 75 +++++++++++++++++++ Cargo.lock | 8 +- .../lance-graph-contract/src/ogar_codebook.rs | 26 +++++-- crates/lance-graph-ogar/src/lib.rs | 1 + 4 files changed, 101 insertions(+), 9 deletions(-) diff --git a/.claude/board/EPIPHANIES.md b/.claude/board/EPIPHANIES.md index 2d865168..d2c0f03b 100644 --- a/.claude/board/EPIPHANIES.md +++ b/.claude/board/EPIPHANIES.md @@ -1,3 +1,78 @@ +## 2026-06-23 — E-OGAR-AUTH-MIRROR-DRIFT — `ogar_codebook` mirror was 4 entries behind OGAR main (the 4 `auth_*` from OGAR #110); also exposed `domains_agree` was missing the `Auth` arm; q2 #42's pin bump surfaced both (q2 #42 → q2 build fail → drift fix) + +**Status:** FINDING (build-fail-driven; closes the drift OGAR PR #110 introduced +and lance-graph never mirrored). + +OGAR PR #110 (2026-06-23, `9034170 feat(vocab): mint the 0x0B AuthStore class +family`) added 4 new entries to `ogar_vocab::class_ids::ALL`: +`auth_store 0x0B01`, `auth_zitadel 0x0B02`, `auth_zanzibar 0x0B03`, +`auth_ory_keto 0x0B04`. These also created the `ConceptDomain::Auth` variant +in OGAR. + +`lance-graph-contract::ogar_codebook::CODEBOOK` is the **wire-compatible +mirror** of OGAR's codebook (per PR #592 the APP-prefix layer joined it). The +mirror was NOT updated when #110 landed — a 4-entry drift sat in main from +2026-06-23 until exposed. + +**The build that exposed it.** q2 #42 bumped q2's stale OGAR pin (`b6a12a6` → +`302c284`); after the bump q2's Railway docker build ran `cargo build` against: + - lance-graph HEAD (latest main) — mirror had 39 entries (pre-#110) + - OGAR `302c284` — `class_ids::ALL` had 43 entries (post-#110) + → `lance_graph_ogar::parity::COUNT_FUSE` const-eval-panic. + +The local lance-graph build had been masking the drift because lance-graph's own +Cargo.lock pinned ogar-vocab to `08a9c979` (pre-#110, 39 entries). So +`mirror == ALL == 39` locally; only the q2-side build (which bumped to +`302c284`) saw the mismatch. + +**Two complementary fixes in this PR:** + +1. **Mirror parity** — extend `lance-graph-contract::ogar_codebook::CODEBOOK` + with the 4 `auth_*` entries; add `ConceptDomain::Auth` variant; add `0x0B + → Auth` to `canonical_concept_domain`; update the module-doc count claim + from "two domains" to "four domains". +2. **`domains_agree` match arm** — `lance_graph_ogar::parity::domains_agree` + used a `matches!()` macro with explicit `(O::X, C::X)` arms for each + variant; the new `Auth` variant on both sides falls into the default-false + bucket. Added `(O::Auth, C::Auth)` arm. +3. **Cargo.lock OGAR pin** — bumped from `08a9c979` → `302c284` in both the + workspace lock and `crates/lance-graph-ogar/Cargo.lock` (own root). 8 + refs total (4+4). Safe SHA swap verified — Cargo.toml deps for the four + OGAR crates (`ogar-vocab`, `ogar-class-view`, `ogar-ontology`, + `ogar-adapter-surrealql`) are byte-identical between the two commits. + +**Consequences:** + +- `lance_graph_ogar::parity::COUNT_FUSE` (compile-time) and + `parity::assert_codebook_parity` (runtime) both now agree across both pins. +- `OdooPort`/`SmbPort`/`WoaPort` from OGAR PR #94 / OGAR PR #588 are also + visible at the new pin — see q2 #42 + this PR for the cross-pin + coordination. q2's Railway build now passes; the wider consumer surface is + also restored. + +**Mirror parity should fire IMMEDIATELY on the next OGAR domain mint.** This +finding is the standing reminder that the lance-graph mirror must be updated +in the SAME commit as any OGAR-side ALL-list extension. Discovering it +four-PRs-after-OGAR-landed is the avoidable pattern; the COUNT_FUSE is the +guardrail when it fires LOCALLY (matching pins). The q2-side build was the +guardrail that fired this time, two days late. + +**Action shipped:** +- `crates/lance-graph-contract/src/ogar_codebook.rs`: `ConceptDomain::Auth` + + `canonical_concept_domain(0x0B) → Auth` + 4 CODEBOOK entries + doc + update ("four domains"). +- `crates/lance-graph-ogar/src/lib.rs::domains_agree`: `(O::Auth, C::Auth)` + arm. +- `Cargo.lock` + `crates/lance-graph-ogar/Cargo.lock`: ogar-vocab pin + `08a9c979` → `302c284` (8 refs total). + +Tests: 9 contract doctests pass; 53/53 lance-graph-ogar lib tests pass +including `parity::tests::mirror_is_a_faithful_copy_of_ogar_codebook`. + +**Source-of-finding:** +[q2 build error](https://github.com/AdaWorldAPI/q2) (Railway docker run, +post-q2-#42-bump). Related: OGAR #110, lance-graph #592. + ## 2026-06-21 — E-EQUIVALENCE-IS-THE-CRUX — template-equivalence is the load-bearing verifier of the whole loop; it MUST fail closed, and it rides on transparent Lance versioning (surrealdb #50) **Status:** FINDING (cross-session feedback, 2026-06-21). Reframing that diff --git a/Cargo.lock b/Cargo.lock index 2b75eb2b..2f0a4fd5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6042,7 +6042,7 @@ dependencies = [ [[package]] name = "ogar-adapter-surrealql" version = "0.1.0" -source = "git+https://github.com/AdaWorldAPI/OGAR?branch=main#08a9c979d8939e1303770ea32aa2010928e79318" +source = "git+https://github.com/AdaWorldAPI/OGAR?branch=main#302c28437c7621957acfd414b80925d9ebccee84" dependencies = [ "ogar-vocab", ] @@ -6050,7 +6050,7 @@ dependencies = [ [[package]] name = "ogar-class-view" version = "0.1.0" -source = "git+https://github.com/AdaWorldAPI/OGAR?branch=main#08a9c979d8939e1303770ea32aa2010928e79318" +source = "git+https://github.com/AdaWorldAPI/OGAR?branch=main#302c28437c7621957acfd414b80925d9ebccee84" dependencies = [ "lance-graph-contract 0.1.0 (git+https://github.com/AdaWorldAPI/lance-graph?branch=main)", "ogar-vocab", @@ -6059,12 +6059,12 @@ dependencies = [ [[package]] name = "ogar-ontology" version = "0.1.0" -source = "git+https://github.com/AdaWorldAPI/OGAR?branch=main#08a9c979d8939e1303770ea32aa2010928e79318" +source = "git+https://github.com/AdaWorldAPI/OGAR?branch=main#302c28437c7621957acfd414b80925d9ebccee84" [[package]] name = "ogar-vocab" version = "0.1.0" -source = "git+https://github.com/AdaWorldAPI/OGAR?branch=main#08a9c979d8939e1303770ea32aa2010928e79318" +source = "git+https://github.com/AdaWorldAPI/OGAR?branch=main#302c28437c7621957acfd414b80925d9ebccee84" [[package]] name = "once_cell" diff --git a/crates/lance-graph-contract/src/ogar_codebook.rs b/crates/lance-graph-contract/src/ogar_codebook.rs index 5682bd38..ad19e29f 100644 --- a/crates/lance-graph-contract/src/ogar_codebook.rs +++ b/crates/lance-graph-contract/src/ogar_codebook.rs @@ -54,6 +54,9 @@ pub enum ConceptDomain { Ocr, /// `0x09XX` — Health (clinical / patient / care; FMA anatomy lives here). Health, + /// `0x0BXX` — Auth (provider-agnostic IAM; the AuthStore class family). + /// Mirrors OGAR `ConceptDomain::Auth` (added in OGAR PR #110). + Auth, /// Any high-byte slot not yet assigned a domain (`0x03XX`–`0x06XX`, `0x0AXX`+). Unassigned, } @@ -71,6 +74,7 @@ pub fn canonical_concept_domain(id: u16) -> ConceptDomain { 0x07 => ConceptDomain::Osint, 0x08 => ConceptDomain::Ocr, 0x09 => ConceptDomain::Health, + 0x0B => ConceptDomain::Auth, _ => ConceptDomain::Unassigned, } } @@ -244,11 +248,13 @@ pub const fn classid_concept(classid: u32) -> u16 { /// The curated `(canonical_concept, u16)` codebook — wire-compatible mirror of /// OGAR `ogar_vocab::CODEBOOK`. Ids are stable forever (once shipped, never -/// re-assigned); domain-encoded `0xDDCC`. Carries the two domains the contract -/// graph surfaces realize today (project-mgmt `0x01XX`, commerce/ERP `0x02XX`); -/// OSINT (`0x07XX`) and Health/anatomy (`0x09XX`) are represented by their -/// [`NodeGuid`](crate::NodeGuid) classid roots, not yet by promoted concept slots here. Drift is -/// guarded by [`tests::codebook_ids_match_ogar_vocab`]. +/// re-assigned); domain-encoded `0xDDCC`. Carries the four domains the contract +/// graph surfaces realize today (project-mgmt `0x01XX`, commerce/ERP `0x02XX`, +/// health `0x09XX`, auth `0x0BXX`); OSINT (`0x07XX`) and OCR (`0x08XX`) are +/// represented by their [`NodeGuid`](crate::NodeGuid) classid roots, not yet +/// by promoted concept slots here. Drift is guarded by +/// [`tests::codebook_ids_match_ogar_vocab`] and the **compile-time** +/// `lance_graph_ogar::parity::COUNT_FUSE`. pub const CODEBOOK: &[(&str, u16)] = &[ // ── 0x01XX — project-mgmt domain (OpenProject ↔ Redmine) ── ("project", 0x0101), @@ -292,6 +298,16 @@ pub const CODEBOOK: &[(&str, u16)] = &[ ("treatment", 0x0905), ("visit", 0x0906), ("vital_sign", 0x0907), + // ── 0x0BXX — Auth domain (the AuthStore class family, OGAR keystone §7) ── + // Mirrored from OGAR PR #110 (`9034170 feat(vocab): mint the 0x0B AuthStore + // class family`). Provider-agnostic IAM: `auth_store` is the base; the + // three provider profiles are `is-a` AuthStore + a `claim_grammar` + // attribute. Reserved at the codebook layer — enforcement (authorize() + // semantics) stays gated on `PROBE-OGAR-RBAC-AUTHORIZE` upstream. + ("auth_store", 0x0B01), + ("auth_zitadel", 0x0B02), + ("auth_zanzibar", 0x0B03), + ("auth_ory_keto", 0x0B04), ]; /// Resolve a **canonical-concept** string to its stable `u16` codebook id via diff --git a/crates/lance-graph-ogar/src/lib.rs b/crates/lance-graph-ogar/src/lib.rs index 45a78802..0a3f3735 100644 --- a/crates/lance-graph-ogar/src/lib.rs +++ b/crates/lance-graph-ogar/src/lib.rs @@ -134,6 +134,7 @@ pub mod parity { | (O::Osint, C::Osint) | (O::Ocr, C::Ocr) | (O::Health, C::Health) + | (O::Auth, C::Auth) | (O::Unassigned, C::Unassigned) ) }