You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: simplify M2 to taxonomy-only; defer emit-site migration (§16)
The M6 fold reads evidence events via the M2-T001 reader, which maps from the
audit JSONL — so a mapper entry (M2-T002) is sufficient to surface each event,
regardless of how it was written. Routing emission through the spine (old
M2-T003) is unnecessary for the fold and is the cross-component step that
produced the double-write (§15). M2 is now M2-T001 (done) + M2-T002
(taxonomy/mapper, additive); emit migration deferred to the component
milestones (M4/M5/M7) as M1-style replaces.
Constraint: docs only; narrows M2 scope to remove the double-write surface; no code change
Tested: docs validator 0 errors
Confidence: high
Roadmap-Status: unchanged
-> M4 approval gate then budget gate (parity-first)
97
98
-> M5 HookRegistry on spine
@@ -159,7 +160,7 @@ consumers by M6.
159
160
| Milestone | Exit criteria |
160
161
| --- | --- |
161
162
| ADR-0032-M1 | AuditLogger can consume RunEvents and produce byte-equivalent JSONL for golden proof runs; legacy call sites delegate instead of directly owning serialization decisions. |
162
-
| ADR-0032-M2 (REDEFINED) | Every audit event the evidence bundle reads is typed in `RunEventType`, mapped both directions, and its call site **migrated**from `audit.record` to a single spine `emit` (replace, not dual-write — §15) so the consumer writes it exactly once; verified by M1-style byte-equivalence and per-event-type count parity. Covers routes, git-sandbox, skills, tests, undo, provenance, the approval/tool-call decision events, and the cancelled/pending lifecycle. Read side (`read_run_events_from_*`) surfaces them. Zero behavior change. (Old M2 "evidence/receipt fold" moved to M6 — see §14.) |
163
+
| ADR-0032-M2 (REDEFINED, taxonomy-only §16) | Every audit event the evidence bundle reads is typed in `RunEventType` and mapped both directions, so the M2-T001 reader surfaces it **from the audit JSONL** (mapper is sufficient; emit-site migration is NOT in M2 — it is deferred to the component milestones, §16). Covers routes, git-sandbox, skills, tests, undo, provenance, approval/tool-call decision events, cancelled/pending lifecycle. Pure additive; zero behavior change. (Old M2 "evidence/receipt fold" moved to M6 — §14.) |
163
164
| ADR-0032-M3 | Plan gate is an interceptor using `PlanValidator`, landed parity-first (§13.3): a shadow-parity test asserting interceptor==inline per reason code went green before the inline branch was deleted in a separate commit. Denials and reason codes match current behavior; adversarial and first-hour tests remain green. |
164
165
| ADR-0032-M4 | Approval gate then budget gate are interceptors, each landed parity-first in two commits (shadow parity green → enforce+delete); budget done last and alone. `pending_approval`, resume, scoped approvals, budget warnings, and budget-exhausted behavior remain unchanged. Decision events keep the contract typed in M2. |
165
166
| ADR-0032-M5 | HookRegistry subscribes through the spine; Claude-Code-compatible hook names remain aliases; public hook API docs and tests pass. |
0 commit comments