codifide
diff --git a/‎.kiro/specs/v4-language/tasks.md‎
Lines changed: 8 additions & 9 deletions b/‎.kiro/specs/v4-language/tasks.md‎
Lines changed: 8 additions & 9 deletions
diff --git a/‎codifide/runtime/primitives.py‎
Lines changed: 202 additions & 0 deletions b/‎codifide/runtime/primitives.py‎
Lines changed: 202 additions & 0 deletions
diff --git a/‎dispatches/2026-05-14-registry-browser.readout.md‎
Lines changed: 41 additions & 0 deletions b/‎dispatches/2026-05-14-registry-browser.readout.md‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎dispatches/2026-05-14-registry-browser.yaml‎
Lines changed: 45 additions & 0 deletions b/‎dispatches/2026-05-14-registry-browser.yaml‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎dispatches/2026-05-14-registry-deploy.readout.md‎
Lines changed: 51 additions & 0 deletions b/‎dispatches/2026-05-14-registry-deploy.readout.md‎
Lines changed: 51 additions & 0 deletions
@@ -8,8 +8,7 @@
 - [x] **V4-1-4** Add `TypeViolation` to capability manifest errors list
 - [x] **V4-1-5** Write `tests/test_type_enforcement.py` (20 tests)
 - [x] **V4-1-6** Verify all existing tests still pass (450 passing)
-- [ ] **V4-1-7** Sable audit of type enforcement implementation
-- [x] **V4-1-8** File Quill/Glyph dispatch
+- [x] **V4-1-7** Sable audit of type enforcement implementation- [x] **V4-1-8** File Quill/Glyph dispatch
 
 ## REQ-V4-2: Standard library
 
@@ -38,16 +37,16 @@
 ### V4-2 shared
 - [x] **V4-2-10** Write `tests/test_stdlib.py` (44 tests)
 - [x] **V4-2-11** Update `docs/AGENT_QUICKREF.md` with new primitive groups
-- [ ] **V4-2-12** Add cookbook entries for stdlib patterns
-- [ ] **V4-2-13** Sable audit of stdlib (path traversal, HTTPS enforcement, JSON injection)
+- [x] **V4-2-12** Add cookbook entries for stdlib patterns
+- [x] **V4-2-13** Sable audit of stdlib (path traversal, HTTPS enforcement, JSON injection)
 - [x] **V4-2-14** File Quill/Glyph dispatch
 
 ## REQ-V4-3: Public registry
 
 - [x] **V4-3-1** Write `docs/REGISTRY.md`
 - [ ] **V4-3-2** Publish the five canonical pipeline symbols to codifide.com (blob write API pending)
 - [x] **V4-3-3** Add `registry` field to capability manifest — deferred (no field defined yet)
-- [ ] **V4-3-4** Add cookbook entry for publish-and-resolve workflow
+- [x] **V4-3-4** Add cookbook entry for publish-and-resolve workflow
 - [ ] **V4-3-5** Verify `run --registry https://codifide.com` resolves pipeline symbols
 - [x] **V4-3-6** File Quill/Glyph dispatch
 - [x] **V4-3-7** Registry browser at codifide.com/registry
@@ -67,10 +66,10 @@ All tasks deferred. No adoption evidence for network-exposed server.
 
 ## Open items (post-v4.0)
 
-- [ ] Sable audit of type enforcement (V4-1-7)
-- [ ] Sable audit of stdlib (V4-2-13)
-- [ ] Cookbook entries for stdlib patterns (V4-2-12)
-- [ ] Cookbook entry for publish-and-resolve workflow (V4-3-4)
+- [ ] Sable audit of type enforcement (V4-1-7) — DONE
+- [ ] Sable audit of stdlib (V4-2-13) — DONE (3 fixes applied: HTTPS redirect, io.write size limit, JSON recursion)
+- [ ] Cookbook entries for stdlib patterns (V4-2-12) — DONE
+- [ ] Cookbook entry for publish-and-resolve workflow (V4-3-4) — DONE
 - [ ] Fix blob store write API — query params not headers (in progress)
 - [ ] Seed registry with pipeline symbols (blocked on blob write fix)
 - [ ] Verify end-to-end registry resolution (blocked on seeding)
 
@@ -421,6 +421,208 @@ def escalate(img: Any, label: Any) -> str:
         returns="Image",
     )
 
+    # -- Standard library: File I/O (V4-2a) ----------------------------------
+    import os as _os
+
+    def _io_read(path: Any) -> str:
+        p = str(_unwrap(path))
+        # Path traversal defense: reject any path containing '..'
+        if ".." in p.split(_os.sep) or ".." in p.split("/"):
+            raise ValueError(
+                f"io.read: path traversal rejected — '..' not allowed in path: {p!r}"
+            )
+        _MAX_READ = 16 * 1024 * 1024  # 16 MiB
+        try:
+            size = _os.path.getsize(p)
+        except OSError as exc:
+            raise OSError(f"io.read: cannot stat {p!r}: {exc}") from exc
+        if size > _MAX_READ:
+            raise ValueError(
+                f"io.read: file {p!r} is {size} bytes, exceeds 16 MiB limit"
+            )
+        try:
+            with open(p, "r", encoding="utf-8") as fh:
+                return fh.read(_MAX_READ + 1)
+        except OSError as exc:
+            raise OSError(f"io.read: cannot read {p!r}: {exc}") from exc
+
+    def _io_write(path: Any, content: Any) -> None:
+        p = str(_unwrap(path))
+        if ".." in p.split(_os.sep) or ".." in p.split("/"):
+            raise ValueError(
+                f"io.write: path traversal rejected — '..' not allowed in path: {p!r}"
+            )
+        c = str(_unwrap(content))
+        # AUD-STD-05: size limit consistent with io.read (16 MiB).
+        _MAX_WRITE = 16 * 1024 * 1024
+        if len(c.encode("utf-8")) > _MAX_WRITE:
+            raise ValueError(
+                f"io.write: content exceeds 16 MiB limit"
+            )
+        try:
+            with open(p, "w", encoding="utf-8") as fh:
+                fh.write(c)
+        except OSError as exc:
+            raise OSError(f"io.write: cannot write {p!r}: {exc}") from exc
+
+    def _io_exists(path: Any) -> bool:
+        p = str(_unwrap(path))
+        if ".." in p.split(_os.sep) or ".." in p.split("/"):
+            raise ValueError(
+                f"io.exists: path traversal rejected — '..' not allowed in path: {p!r}"
+            )
+        return _os.path.exists(p)
+
+    reg.register("io.read",   _io_read,   effect="io.read",  returns="String")
+    reg.register("io.write",  _io_write,  effect="io.write", returns="Unit")
+    reg.register("io.exists", _io_exists, effect="io.read",  returns="Bool")
+
+    # -- Standard library: HTTP client (V4-2b) --------------------------------
+    def _https_only_opener():
+        """Build a urllib opener that rejects HTTP redirects (AUD-STD-02).
+
+        urllib follows redirects by default. A server at https://example.com
+        could redirect to http://evil.com, bypassing the HTTPS-only check.
+        This opener intercepts redirects and raises if the destination is
+        not HTTPS.
+        """
+        import urllib.request as _req
+
+        class _HTTPSOnlyRedirectHandler(_req.HTTPRedirectHandler):
+            def redirect_request(self, req, fp, code, msg, headers, newurl):
+                if not newurl.startswith("https://"):
+                    raise ValueError(
+                        f"http: redirect to non-HTTPS URL rejected: {newurl!r}. "
+                        f"Only HTTPS redirects are allowed."
+                    )
+                return super().redirect_request(req, fp, code, msg, headers, newurl)
+
+        return _req.build_opener(_HTTPSOnlyRedirectHandler())
+
+    def _http_get(url: Any) -> str:
+        import urllib.error as _err
+        u = str(_unwrap(url))
+        if not u.startswith("https://"):
+            raise ValueError(
+                f"http.get: only HTTPS URLs are allowed, got: {u!r}. "
+                f"Use 'https://' instead of 'http://'."
+            )
+        _MAX_RESP = 16 * 1024 * 1024
+        opener = _https_only_opener()
+        try:
+            with opener.open(u, timeout=30) as resp:
+                data = resp.read(_MAX_RESP + 1)
+                if len(data) > _MAX_RESP:
+                    raise ValueError(
+                        f"http.get: response from {u!r} exceeds 16 MiB limit"
+                    )
+                return data.decode("utf-8", errors="replace")
+        except _err.HTTPError as exc:
+            raise ValueError(
+                f"http.get: HTTP {exc.code} from {u!r}: {exc.reason}"
+            ) from exc
+        except _err.URLError as exc:
+            raise ValueError(
+                f"http.get: cannot reach {u!r}: {exc.reason}"
+            ) from exc
+
+    def _http_post(url: Any, body: Any) -> str:
+        import urllib.request as _req
+        import urllib.error as _err
+        u = str(_unwrap(url))
+        b = str(_unwrap(body)).encode("utf-8")
+        if not u.startswith("https://"):
+            raise ValueError(
+                f"http.post: only HTTPS URLs are allowed, got: {u!r}. "
+                f"Use 'https://' instead of 'http://'."
+            )
+        _MAX_RESP = 16 * 1024 * 1024
+        opener = _https_only_opener()
+        try:
+            request = _req.Request(
+                u, data=b, method="POST",
+                headers={"Content-Type": "text/plain; charset=utf-8"},
+            )
+            with opener.open(request, timeout=30) as resp:
+                data = resp.read(_MAX_RESP + 1)
+                if len(data) > _MAX_RESP:
+                    raise ValueError(
+                        f"http.post: response from {u!r} exceeds 16 MiB limit"
+                    )
+                return data.decode("utf-8", errors="replace")
+        except _err.HTTPError as exc:
+            raise ValueError(
+                f"http.post: HTTP {exc.code} from {u!r}: {exc.reason}"
+            ) from exc
+        except _err.URLError as exc:
+            raise ValueError(
+                f"http.post: cannot reach {u!r}: {exc.reason}"
+            ) from exc
+
+    reg.register("http.get",  _http_get,  effect="http.fetch", returns="String")
+    reg.register("http.post", _http_post, effect="http.fetch", returns="String")
+
+    # -- Standard library: JSON (V4-2c) ---------------------------------------
+    def _json_parse(s: Any) -> Any:
+        import json as _json
+        text = str(_unwrap(s))
+        try:
+            return _json.loads(text)
+        except _json.JSONDecodeError as exc:
+            raise ValueError(f"json.parse: invalid JSON: {exc}") from exc
+        except RecursionError as exc:
+            # AUD-STD-03: deeply nested JSON can cause RecursionError in
+            # Python's JSON parser. Catch and surface as a typed PrimitiveError.
+            raise ValueError(
+                f"json.parse: JSON structure is too deeply nested"
+            ) from exc
+
+    def _json_encode(v: Any) -> str:
+        import json as _json
+        val = _unwrap(v)
+        # Reject values that cannot be represented in JSON.
+        if isinstance(val, _BottomType):
+            raise ValueError("json.encode: cannot encode ⊥ (refusal) as JSON")
+        try:
+            return _json.dumps(val, ensure_ascii=False)
+        except (TypeError, ValueError) as exc:
+            raise ValueError(f"json.encode: cannot encode value: {exc}") from exc
+
+    reg.register("json.parse",  _json_parse,  effect=None, returns="Any")
+    reg.register("json.encode", _json_encode, effect=None, returns="String")
+
+    # -- Standard library: Date arithmetic (V4-2d) ----------------------------
+    def _clock_today() -> str:
+        import datetime as _dt
+        ts = time.time()
+        trace.clock_reads.append(ts)
+        return _dt.date.today().isoformat()
+
+    def _clock_parse(s: Any) -> int:
+        import datetime as _dt
+        text = str(_unwrap(s))
+        try:
+            d = _dt.date.fromisoformat(text)
+            return int(_dt.datetime(d.year, d.month, d.day).timestamp())
+        except ValueError as exc:
+            raise ValueError(
+                f"clock.parse: expected YYYY-MM-DD, got {text!r}: {exc}"
+            ) from exc
+
+    def _clock_add_days(ts: Any, n: Any) -> int:
+        return int(_num(ts)) + int(_num(n)) * 86400
+
+    def _clock_format(ts: Any, fmt: Any) -> str:
+        import datetime as _dt
+        t = int(_num(ts))
+        f = str(_unwrap(fmt))
+        return _dt.datetime.fromtimestamp(t).strftime(f)
+
+    reg.register("clock.today",    _clock_today,    effect="clock.read", returns="String")
+    reg.register("clock.parse",    _clock_parse,    effect=None,         returns="Int")
+    reg.register("clock.add_days", _clock_add_days, effect=None,         returns="Int")
+    reg.register("clock.format",   _clock_format,   effect=None,         returns="String")
+
     return reg
 
 
 
@@ -0,0 +1,41 @@
+# Registry Browser — codifide.com/registry
+
+**Date:** 2026-05-14  
+**Persona:** Quill
+
+---
+
+## What shipped
+
+A full symbol browser at `https://codifide.com/registry`.
+
+**Features:**
+- Live status indicator — green dot + "Registry live" when `/health` responds
+- Three canonical pipeline symbols listed with intent strings, type signatures, and effect badges
+- Hash display with one-click copy button for each symbol
+- "View canonical JSON →" link opens the live symbol in the browser
+- Expand/collapse usage panels showing import syntax and CLI examples
+- "Try it live" panel with the full pipeline command
+- Publish workflow — 3-step guide for publishing your own symbols
+- API reference table — all five endpoints with method badges
+- Responsive — works on mobile
+- Matches the existing design system exactly (same CSS variables, fonts, nav, footer)
+
+**Navigation:**
+- "Registry" link added to the main nav on `index.html`
+- "Browse the registry →" link added to the v4.0 announcement section
+- Registry link added to the footer nav
+
+**Files:**
+- `publicsite/registry.html` — the page
+- `publicsite/registry.css` — page-specific styles extending `styles.css`
+- `publicsite/registry.js` — live status check, copy buttons, expand/collapse
+- `publicsite/vercel.json` — `/registry` route added
+- `publicsite/index.html` — nav and footer updated
+
+## What I'm not yet sure of
+
+Whether the "View canonical JSON →" links will work correctly once the symbols
+are seeded. They point to `/symbols/sha256:...` which routes to the serverless
+function — that function needs the symbols in the blob store to return JSON
+rather than a 404.
@@ -0,0 +1,45 @@
+dispatch:
+  id: sha256:pending
+  schema: codifide.dispatch/0.1
+  subject: Registry browser — codifide.com/registry live
+  at: "2026-05-14T00:00:00Z"
+  author: Glyph
+  intent: >
+    Record the launch of the public registry browser page.
+    Full symbol browser with live status, copy buttons, usage panels,
+    API reference, and publish guide. Matches existing design system.
+
+  state:
+    shipped:
+      - "registry.html — full symbol browser page"
+      - "registry.css — page-specific styles"
+      - "registry.js — live status, copy buttons, expand/collapse"
+      - "vercel.json — /registry route"
+      - "index.html — Registry nav link, footer link, v4.0 announcement link"
+      - "Page live at https://www.codifide.com/registry"
+    in_flight:
+      - "Symbol seeding — pipeline symbols not yet in blob store"
+    blocked: []
+    refused: []
+
+  evidence:
+    - claim: "Registry page live at /registry"
+      kind: run
+      source: "curl https://www.codifide.com/registry"
+      result: "<title>Codifide Registry — Public Symbol Store</title>"
+      confidence: 1.0
+
+  unknowns:
+    - question: "Do the 'View canonical JSON' links work once symbols are seeded?"
+      why_unknown: "Symbols not yet in blob store — seeding requires REGISTRY_WRITE_TOKEN"
+      how_to_resolve: "Run the three store push commands after confirming the blob store write API works"
+
+  next:
+    - action: "Seed registry with pipeline symbols"
+      depends_on: ["Vercel Blob write API working"]
+      effect: "{ops.seed}"
+
+  links:
+    canonical: "dispatches/2026-05-14-registry-browser.yaml"
+    human_readout: "dispatches/2026-05-14-registry-browser.readout.md"
+    live_url: "https://www.codifide.com/registry"
@@ -0,0 +1,51 @@
+# Registry Deployment — Fly.io
+
+**Date:** 2026-05-14  
+**Persona:** Quill
+
+---
+
+## What happened
+
+The public registry infrastructure was completed. The server was already
+written (V3-2); what was missing was a deployment target, a Docker image,
+and a seed script.
+
+## What shipped
+
+**`Dockerfile`** — builds a minimal Python 3.11 image with the codifide
+package installed. Starts `codifide serve --read-only --host 0.0.0.0 --port 7777`.
+Includes a health check. Verified: builds cleanly, health endpoint responds,
+POST /symbols correctly rejected in read-only mode.
+
+**`fly.toml`** — Fly.io deployment config. `codifide-registry` app, `iad`
+region, 256mb shared VM, 1GB persistent volume at `/data/store`, HTTPS
+enforced, `min_machines_running = 1` so the registry is always reachable.
+
+**`.dockerignore`** — excludes tests, docs, examples, dispatches, and build
+artifacts from the image. Keeps the image small.
+
+**`scripts/seed_registry.sh`** — pushes the three canonical pipeline symbols
+to the registry after deploy. Verifies each is reachable via curl.
+
+**`docs/DEPLOY.md`** — step-by-step deploy guide: install flyctl, create
+app, create volume, deploy, add custom domain, seed, verify end-to-end.
+
+## What's left for you
+
+1. `curl -L https://fly.io/install.sh | sh` — install flyctl
+2. `flyctl auth login`
+3. `flyctl launch --no-deploy --name codifide-registry`
+4. `flyctl volumes create codifide_store --size 1 --region iad`
+5. `flyctl deploy`
+6. Add DNS: `registry.codifide.com CNAME codifide-registry.fly.dev`
+7. `./scripts/seed_registry.sh --registry https://registry.codifide.com`
+
+That's the full operational step. The code is ready; it just needs a
+machine to run on.
+
+## What I'm not yet sure of
+
+Whether Fly.io free tier will stay free for this workload long-term.
+The registry is read-only and low-traffic, so it should be well within
+limits — but worth monitoring after launch.