2026-05-14: A-Team governance review — 8 findings applied

Axiom (agent ergonomics):
- RPC_API.md Program 5 workflow: show all 3 symbols (transitive dep gap)
- Add jq alternative for environments without it
- AGENT_QUICKREF: add default store path to --store note

Lumen (spec consistency):
- RPC_API.md footer: update from draft to implemented
- 409 ambiguity: clarify idempotent write behavior
- /imports: add field-name scope note

Sable (new surfaces):
- invoke_defn_owned: add safety comment on drop order
- Parallel evaluator: document import limitation with fix path
- resolve_imports_from_store: fail fast on missing symbols
- Socket timeout: document limitation honestly

341 tests passing. dispatch-check exits 0.
B-Team package prepared for external review.

Author: Douglas Jones

codifide/server.py

@@ -341,8 +341,12 @@ def make_server(store: SymbolStore, host: str = "127.0.0.1", port: int = 7777):
     handler_class = type("_BoundHandler", (_Handler,), {"store": store})
 
     server = http.server.ThreadingHTTPServer((host, port), handler_class)
-    # 30-second timeout per connection. Prevents a slow client from
-    # holding a thread indefinitely.
+    # Note: settimeout on the listening socket does NOT bound per-request
+    # read time on accepted connections (AUD-OVERNIGHT-04). This provides
+    # partial protection only. A full fix requires setting the timeout on
+    # each accepted socket, which http.server does not expose cleanly.
+    # For local-only use this is acceptable; do not expose over a network
+    # without a reverse proxy that enforces request timeouts.
     server.socket.settimeout(30)
     return server
 

crates/codifide-interpreter/src/bin/codifide_run.rs

@@ -149,16 +149,33 @@ fn resolve_imports_from_store(
                 std::fs::read(&cbor_path).ok()
                     .and_then(|d| codifide_canonical::decode_canonical_cbor(&d).ok())
             } else {
-                None
+                eprintln!("error: import {:?} = {} not found in store at {}",
+                    local_name, identity, store_root.display());
+                process::exit(1);
             }
         };
 
-        if let Some(obj) = obj {
-            if let Ok(imported_module) = codifide_canonical::from_canonical_json(&obj) {
-                if let Some((_, defn)) = imported_module.symbols.into_iter().next() {
-                    out.insert(local_name.clone(), defn);
+        match obj {
+            Some(obj) => {
+                match codifide_canonical::from_canonical_json(&obj) {
+                    Ok(imported_module) => {
+                        if let Some((_, defn)) = imported_module.symbols.into_iter().next() {
+                            out.insert(local_name.clone(), defn);
+                        } else {
+                            eprintln!("error: import {:?} = {} has no symbols", local_name, identity);
+                            process::exit(1);
+                        }
+                    }
+                    Err(e) => {
+                        eprintln!("error: cannot decode import {:?} = {}: {}", local_name, identity, e);
+                        process::exit(1);
+                    }
                 }
             }
+            None => {
+                eprintln!("error: cannot read import {:?} = {} from store", local_name, identity);
+                process::exit(1);
+            }
         }
     }
     out

crates/codifide-interpreter/src/interpreter.rs

@@ -224,17 +224,26 @@ impl<'m> Interpreter<'m> {
 
     /// Invoke an owned Definition (from resolved imports).
     /// We box it to get a stable address, then use the same unsafe lifetime
-    /// extension as the borrowed path. The box lives for the duration of the call.
+    /// extension as the borrowed path.
+    ///
+    /// Safety: `boxed` must remain live for the entire duration of
+    /// `invoke_defn_inner`, including any recursive calls it makes.
+    /// We achieve this by calling `drop(boxed)` explicitly AFTER
+    /// `invoke_defn_inner` returns — never before. Do not reorder these
+    /// statements. The Rust drop order for locals would drop `boxed` before
+    /// `result` is returned if we relied on implicit drop, which would be UB.
     fn invoke_defn_owned(&mut self, defn: Definition, args: Vec<Value>) -> Result<Value, Error> {
         let boxed = Box::new(defn);
         let defn_ref: &Definition = &*boxed;
-        // Safety: boxed lives until end of this function; invoke_defn_inner
-        // does not store the reference beyond the call.
+        // Safety: boxed is kept alive (not dropped) until after invoke_defn_inner
+        // returns. The explicit drop(boxed) below enforces this. Do not move
+        // drop(boxed) before the result assignment.
         let defn_ref: &'m Definition = unsafe { &*(defn_ref as *const Definition) };
         self.push_depth()?;
         let result = self.invoke_defn_inner(defn_ref, args);
         self.pop_depth();
-        // Keep boxed alive until after the call.
+        // IMPORTANT: drop(boxed) must come after invoke_defn_inner returns.
+        // Moving this before the call would invalidate defn_ref mid-execution.
         drop(boxed);
         result
     }
@@ -517,6 +526,12 @@ impl<'m> Interpreter<'m> {
                         depth: current_depth,
                         prims: build_default_registry(),
                         trace: EffectTrace::fresh(),
+                        // Note: resolved_imports is not passed to branch interpreters.
+                        // Imported symbols are not available in parallel branches.
+                        // This is a known limitation (AUD-OVERNIGHT-02). If a parallel
+                        // branch calls an imported symbol, it will fail with
+                        // unknown_callable. Fix: pass resolved_imports here when the
+                        // parallel evaluator gains full import support.
                         resolved_imports: HashMap::new(),
                     };
                     let branch_frame = Frame { defn, locals, effect_budget: budget };

dispatches/2026-05-14-v2-ateam-review.readout.md

@@ -0,0 +1,91 @@
+# v2.0 A-Team Governance Review
+
+**Date:** 2026-05-14  
+**Persona:** Quill  
+**Scope:** Post-overnight governance review — Axiom, Lumen, Relay, Sable passes on v2.0 work
+
+---
+
+## What happened
+
+The overnight session shipped all four v2.0 requirements but skipped the
+governance review steps. This dispatch records the A-Team review and the
+fixes applied before the B-Team package is sent.
+
+---
+
+## Axiom findings (agent ergonomics)
+
+**AX-01 (applied):** The Program 5 HTTP workflow in `docs/RPC_API.md` only
+showed two symbols (`classify_content`, `route_message`) but the pipeline
+requires three (`moderate` too). An agent following the example literally
+would hit `unknown callable: 'moderate'`. Fixed: workflow now shows all
+three symbols with a note on the transitive dependency pattern.
+
+**AX-02 (applied):** The workflow assumed `jq` is installed. Added a Python
+alternative for environments without it.
+
+**AX-03 (applied):** The `--store` flag note in AGENT_QUICKREF didn't mention
+the default store path (`~/.codifide/store`). Fixed.
+
+**AX-04 (observation):** The bind-before-when error message is clear.
+First-attempt success — no friction.
+
+---
+
+## Lumen findings (spec consistency)
+
+**LU-01 (applied):** `docs/RPC_API.md` footer still said "Next: V2-1-3
+(implement POST /symbols)" — stale. Updated to "Implemented v0.1 — May 2026".
+
+**LU-02 (applied):** The 409 entry in the endpoint section was inconsistent
+with the error table (409 not listed there). Clarified: 409 never occurs due
+to idempotent writes; removed the ambiguity.
+
+**LU-03 (applied):** The `/imports` endpoint field named `imports` but the
+scope is one level only. Added explicit note: "The field is named `imports`
+(not `direct_imports`) for brevity, but the scope is always one level."
+
+**LU-04 (observation):** CAPABILITY.md docs field key order is alphabetical
+in the manifest but not specified in the schema. Not a bug — JSON object
+key order is not semantically significant. No fix needed.
+
+---
+
+## Relay findings (onboarding funnel)
+
+**RE-01 (deferred):** `docs/AGENT_COOKBOOK.md` failure mode #1
+(content-addressed composition) still describes the old CLI workflow. Needs
+updating to show the HTTP workflow. Deferred — cookbook update is a separate
+task, not a gate blocker.
+
+**RE-02 (observation):** Time-to-first-working-program estimate: Programs 1–4
+unchanged (~8 min). Program 5 via HTTP: ~15 min if agent reads RPC_API.md
+carefully. Better than before but not yet under 5 minutes for Program 5.
+
+---
+
+## Sable findings (new surfaces)
+
+**AUD-OVERNIGHT-01 (applied):** `invoke_defn_owned` unsafe lifetime extension
+lacked a safety comment explaining why `drop(boxed)` must come after
+`invoke_defn_inner`. Added explicit comment.
+
+**AUD-OVERNIGHT-02 (applied):** Parallel evaluator branch interpreters don't
+carry resolved imports. Added a comment documenting this as a known limitation
+with a clear fix path.
+
+**AUD-OVERNIGHT-03 (applied):** `resolve_imports_from_store` silently skipped
+missing symbols. Now fails fast with a clear error message and `process::exit(1)`.
+
+**AUD-OVERNIGHT-04 (applied):** `settimeout` on the listening socket doesn't
+bound per-request read time. Added a comment documenting this limitation
+honestly rather than giving false confidence.
+
+---
+
+## What I'm not yet sure of
+
+Whether the B-Team will find anything the A-Team missed. The transitive
+dependency gap (AX-01) is the most likely target — it's a real usability
+hole that an adversarial reviewer would probe.

dispatches/2026-05-14-v2-ateam-review.yaml

@@ -0,0 +1,59 @@
+dispatch:
+  id: sha256:pending
+  schema: codifide.dispatch/0.1
+  subject: v2.0 A-Team governance review
+  at: "2026-05-14T00:00:00Z"
+  author: Glyph
+  intent: >
+    Record A-Team governance review of v2.0 work. Axiom, Lumen, Relay, and
+    Sable passes completed. 8 findings: 7 applied, 1 deferred. 341 tests
+    passing. B-Team package prepared for external review.
+
+  state:
+    shipped:
+      - "AX-01: RPC_API.md Program 5 workflow updated to show all 3 symbols"
+      - "AX-02: jq alternative documented in workflow"
+      - "AX-03: default store path added to AGENT_QUICKREF"
+      - "LU-01: RPC_API.md footer updated to implemented status"
+      - "LU-02: 409 ambiguity resolved"
+      - "LU-03: /imports one-level scope clarified in field name note"
+      - "AUD-OVERNIGHT-01: invoke_defn_owned safety comment added"
+      - "AUD-OVERNIGHT-02: parallel evaluator import limitation documented"
+      - "AUD-OVERNIGHT-03: resolve_imports_from_store fails fast on missing symbols"
+      - "AUD-OVERNIGHT-04: socket timeout limitation documented honestly"
+    in_flight:
+      - "B-Team review (external model — package prepared)"
+    blocked: []
+    refused: []
+
+  evidence:
+    - claim: "341 tests passing after A-Team fixes"
+      kind: run
+      source: "python3 -m pytest --tb=short -q"
+      result: "341 passed in 21.25s"
+      confidence: 1.0
+    - claim: "Rust builds cleanly after safety comment additions"
+      kind: run
+      source: "cargo build --release -p codifide-interpreter"
+      result: "Finished release profile — 1 pre-existing dead_code warning"
+      confidence: 1.0
+
+  unknowns:
+    - question: "What will the B-Team find that the A-Team missed?"
+      why_unknown: "B-Team review not yet run"
+      how_to_resolve: "Paste B-Team package into GPT-4o or Gemini; bring findings back"
+    - question: "When will AGENT_COOKBOOK.md be updated for the HTTP workflow?"
+      why_unknown: "Deferred — Relay owns this, not yet scheduled"
+      how_to_resolve: "Schedule as a separate task before next agent case study"
+
+  next:
+    - action: "Run B-Team review on external model; bring findings back"
+      depends_on: ["B-Team package prepared"]
+      effect: "{external.review}"
+    - action: "Update AGENT_COOKBOOK.md for HTTP workflow (RE-01)"
+      depends_on: []
+      effect: "{io.write, repo.commit}"
+
+  links:
+    canonical: "dispatches/2026-05-14-v2-ateam-review.yaml"
+    human_readout: "dispatches/2026-05-14-v2-ateam-review.readout.md"

dispatches/INDEX.md

@@ -21,6 +21,7 @@ Filename convention:
 | `v2-2-bind-before-when` | Static bind-before-when detection — V2-2 complete | [md](./2026-05-14-v2-2-bind-before-when.readout.md) | [yaml](./2026-05-14-v2-2-bind-before-when.yaml) |  |
 | `v2-3-from-import-rust` | from-import in Rust parser — V2-3 complete | [md](./2026-05-14-v2-3-from-import-rust.readout.md) | [yaml](./2026-05-14-v2-3-from-import-rust.yaml) |  |
 | `v2-4-manifest-docs` | Manifest docs field — V2-4 complete | [md](./2026-05-14-v2-4-manifest-docs.readout.md) | [yaml](./2026-05-14-v2-4-manifest-docs.yaml) |  |
+| `v2-ateam-review` | v2.0 A-Team governance review | [md](./2026-05-14-v2-ateam-review.readout.md) | [yaml](./2026-05-14-v2-ateam-review.yaml) |  |
 | `v2-complete-session-close` | v2.0 roadmap complete — session close | [md](./2026-05-14-v2-complete-session-close.readout.md) | [yaml](./2026-05-14-v2-complete-session-close.yaml) |  |
 
 ## 2026-05-13

docs/AGENT_QUICKREF.md

@@ -303,8 +303,9 @@ from sha256:<index-hash> import symbol_a, symbol_b
 ```
 
 **Runtime note:** `from`-imports require a store to be available at parse time.
-Pass `--store <path>` to the Rust runtime, or use `CODIFIDE_RUNTIME=python` for
-the Python reference runtime. Both runtimes support `from`-import as of v2.0.
+Pass `--store <path>` to the Rust runtime (default store: `~/.codifide/store`),
+or use `CODIFIDE_RUNTIME=python` for the Python reference runtime. Both runtimes
+support `from`-import as of v2.0.
 
 ## Surface rules that surprised other agents
 

docs/RPC_API.md

@@ -109,10 +109,10 @@ multiple symbols.
 }
 ```
 
-**Response 409** — symbol already exists (idempotent write — this is not an
-error; the existing identity is returned with status 200). The store's
-idempotent-write property means a 409 never occurs; this entry is here for
-documentation completeness.
+**Response 409** — symbol already exists. The store's idempotent-write
+property means a 409 never occurs in practice; a second POST of the same
+symbol returns 200 with the existing identity. This entry is omitted from
+the error table below for that reason.
 
 **Example (curl)**
 
@@ -168,9 +168,10 @@ curl -s http://localhost:7777/symbols/sha256:<hash> \
 Resolve the **direct** imports of a stored module. Returns the entries in
 the module's imports table and whether each is present in the store.
 
-Note: this endpoint resolves one level only — it does not walk the
-transitive closure. To resolve the full dependency graph, call this
-endpoint recursively on each returned identity.
+**Note: one level only.** This endpoint does not walk the transitive closure.
+To resolve the full dependency graph, call this endpoint recursively on each
+returned identity. The field is named `imports` (not `direct_imports`) for
+brevity, but the scope is always one level.
 
 **Request**
 
@@ -213,28 +214,60 @@ Liveness check. Returns 200 with `{"status": "ok"}`. No store access.
 
 This replaces the CLI-based Program 5 workflow entirely.
 
+**Important:** The dependency chain for the content-moderation pipeline is:
+`route_message` → `moderate` → `classify_content`. All three symbols must
+be published and imported individually — the store holds single-symbol units
+and does not carry transitive dependencies automatically.
+
 ```bash
 # 1. Start the server (once per session)
 python3 -m codifide serve &
 
-# 2. Publish classify_content
+# 2. Publish all three symbols in the dependency chain
 CLASSIFY_HASH=$(python3 -m codifide canonical --cbor content_classifier.cod | \
   curl -s -X POST http://localhost:7777/symbols \
     -H 'Content-Type: application/cbor' --data-binary @- | \
   jq -r .identity)
 
-# 3. Publish route_message
-ROUTE_HASH=$(python3 -m codifide canonical --cbor escalation_router.cod | \
+MODERATE_HASH=$(python3 -m codifide canonical --cbor escalation_router.cod | \
   curl -s -X POST http://localhost:7777/symbols \
     -H 'Content-Type: application/cbor' --data-binary @- | \
-  jq -r .identity)
+  jq -r .identity)   # publishes moderate (and classify_content again — idempotent)
 
-# 4. Write pipeline_composed.cod using the hashes
-# (no CODIFIDE_RUNTIME=python needed — imports resolve via the server)
+ROUTE_HASH=$(python3 -m codifide canonical --cbor escalation_router.cod | \
+  curl -s -X POST http://localhost:7777/symbols \
+    -H 'Content-Type: application/cbor' --data-binary @- | \
+  jq -r .identity)   # publishes route_message
+
+# 3. Write pipeline_composed.cod importing all three by hash
+cat > pipeline_composed.cod << EOF
+module pipeline_composed
+
+import classify_content = $CLASSIFY_HASH
+import moderate         = $MODERATE_HASH
+import route_message    = $ROUTE_HASH
+
+def composed_pipeline
+  intent "run the full moderation pipeline using content-addressed imports"
+  sig    (message: String) -> Decision
+  effects {}
+  cand
+    route_message(message)
+
+def main
+  intent "test the composed pipeline"
+  sig    () -> Decision
+  effects {}
+  cand
+    composed_pipeline("this message contains spam")
+EOF
+
+# 4. Run it — no CODIFIDE_RUNTIME=python needed
+python3 -m codifide run pipeline_composed.cod
 ```
 
-An agent that speaks HTTP can complete this workflow without touching the
-CLI store subcommands or the runtime flag.
+Note: `jq` is required for the hash extraction step. If unavailable, use
+`python3 -c "import sys,json; print(json.load(sys.stdin)['identity'])"` instead.
 
 ---
 
@@ -291,6 +324,5 @@ The `serve` CLI subcommand is added to `codifide/__main__.py`.
 
 ---
 
-*Draft v0.1 — May 2026*  
-*Governed by: GOVERNANCE.md*  
-*Next: V2-1-3 (implement POST /symbols)*
+*Implemented v0.1 — May 2026*  
+*Governed by: GOVERNANCE.md*