Merge branch 'main' into dependabot/cargo/sha2-0.11

Author: codifide

.dockerignore

@@ -0,0 +1,26 @@
+# Don't include development artifacts in the Docker image
+.git
+.gitignore
+.pytest_cache
+.playwright-mcp
+__pycache__
+*.pyc
+*.pyo
+*.egg-info
+dist/
+build/
+target/
+tests/
+examples/
+docs/
+dispatches/
+sessions/
+scripts/
+crates/
+*.cod
+*.png
+*.jpeg
+*.svg
+Cargo.toml
+Cargo.lock
+fly.toml

.github/FUNDING.yml

@@ -0,0 +1,8 @@
+# Funding links for the Codifide project
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
+
+# GitHub Sponsors (if/when set up)
+# github: [codifide]
+
+# Custom sponsorship URL
+custom: ["https://www.codifide.com/#contact"]

.github/ISSUE_TEMPLATE/agent_feedback.md

@@ -0,0 +1,42 @@
+---
+name: Agent feedback
+about: You are an AI agent and something about the language confused you, failed, or could be better
+title: '[agent-feedback] '
+labels: agent-feedback
+assignees: ''
+---
+
+## What you were trying to do
+
+<!-- Describe the program you were writing or the task you were attempting. -->
+
+## What went wrong
+
+<!-- Exact error message, unexpected behavior, or point of confusion. -->
+
+## What you tried
+
+<!-- The code you wrote before you hit the problem. -->
+
+```codifide
+# your first attempt
+```
+
+## What fixed it (if you found a fix)
+
+```codifide
+# the working version
+```
+
+## What the docs said (or didn't say)
+
+<!-- Which document did you read? What did it say? What was missing or misleading? -->
+
+## Suggested improvement
+
+<!-- What would have helped? A better error message, a docs update, a new primitive? -->
+
+---
+
+*Agent feedback is the most valuable input this project receives.
+Every friction point you document may become a cookbook entry or a language fix.*

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,44 @@
+---
+name: Bug report
+about: Something in the interpreter, parser, store, or CLI is not working correctly
+title: '[bug] '
+labels: bug
+assignees: ''
+---
+
+## What happened
+
+<!-- A clear description of the bug. -->
+
+## Expected behavior
+
+<!-- What you expected to happen. -->
+
+## Reproduction
+
+<!-- Minimal .cod program or CLI command that reproduces the issue. -->
+
+```codifide
+# paste your .cod program here
+```
+
+```bash
+# or the CLI command
+python3 -m codifide run ...
+```
+
+## Error output
+
+```
+# paste the full error message here
+```
+
+## Environment
+
+- Codifide version: <!-- run: python3 -m codifide capability | python3 -c "import sys,json; print(json.load(sys.stdin)['generator'])" -->
+- Python version: <!-- run: python3 --version -->
+- OS:
+
+## Additional context
+
+<!-- Anything else that might be relevant. -->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,38 @@
+---
+name: Feature request / language proposal
+about: Propose a new primitive, AST kind, effect, or language behavior
+title: '[proposal] '
+labels: proposal
+assignees: ''
+---
+
+## Problem statement
+
+<!-- What problem does this solve? What agent use case does it enable?
+     Codifide is evidence-driven — proposals without a concrete use case
+     are unlikely to be accepted. -->
+
+## Proposed solution
+
+<!-- What would the new primitive / syntax / behavior look like?
+     Show a .cod example if possible. -->
+
+```codifide
+# example usage
+```
+
+## Adoption evidence
+
+<!-- Has any agent session produced evidence that this is needed?
+     A concrete failure mode, a program that couldn't be written, or
+     a friction point from a case study carries more weight than
+     a theoretical argument. -->
+
+## Alternatives considered
+
+<!-- What other approaches did you consider? Why is this one better? -->
+
+## Acceptance criteria
+
+<!-- How would we know this is done correctly?
+     What tests would pass? What programs would now work? -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,30 @@
+## What this PR does
+
+<!-- One paragraph summary of the change. -->
+
+## Type of change
+
+- [ ] Bug fix (no observable behavior change)
+- [ ] New example or test (additive, no dispatch required)
+- [ ] Documentation fix (no spec change)
+- [ ] Language change (new primitive / AST kind / effect / syntax — dispatch required)
+- [ ] Spec change (changes to CANONICAL.md, CAPABILITY.md, or conforming behavior)
+
+## Checklist
+
+- [ ] `python3 -m pytest tests/ -q` — all tests pass, 0 skipped
+- [ ] `python3 -m codifide dispatch-check` exits 0 (if dispatches were filed)
+- [ ] Capability manifest regenerated if public surface changed (`python3 -m codifide capability > docs/capability-0.1.json`)
+- [ ] New behavior has tests
+- [ ] Commit messages are imperative mood
+
+## For language changes
+
+- [ ] G0 problem statement filed in `.kiro/specs/`
+- [ ] G1 requirements with acceptance criteria
+- [ ] Paired Quill readout + Glyph dispatch in `dispatches/`
+- [ ] Sable audit completed (if security-adjacent)
+
+## Related issues / dispatches
+
+<!-- Link any related issues, discussions, or dispatch files. -->

.github/workflows/ci.yml

@@ -25,7 +25,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
 
       - name: Install package
-        run: pip install -e ".[blob]"
+        run: pip install -e "."
 
       - name: Run test suite
         run: python3 -m pytest tests/ -q --tb=short
@@ -48,3 +48,29 @@ jobs:
               sys.exit(1)
           print('Capability manifest is current.')
           "
+
+  publish:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install build tools
+        run: pip install build twine
+
+      - name: Build distribution
+        run: python3 -m build
+
+      - name: Publish to PyPI
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+        run: twine upload dist/*

.kiro/specs/v4-language/G0_PROBLEM_STATEMENT.md

@@ -0,0 +1,141 @@
+# Codifide v4.0 — G0 Problem Statement
+
+**Date:** 2026-05-14  
+**Author:** Douglas Jones + Claude (Aegis/Harper)  
+**Status:** G0 — approved, proceeding to G1
+
+---
+
+## Why v4.0?
+
+The gap analysis from the "is this usable in the wild?" question identified
+four structural gaps between Codifide as a research prototype and Codifide
+as a usable tool. Each gap is a concrete, fixable problem. None requires
+rethinking the language design.
+
+---
+
+## Problem 1 — `sig` declarations are decorative, not enforced
+
+**What breaks without this:** An agent can declare `sig (n: Int) -> String`
+and pass a `Float` or a `List`. The runtime either silently coerces, fails
+at the primitive level with a confusing error, or produces wrong output.
+The type system is a lie. Agents that trust it will be misled.
+
+**Evidence:** Every case study agent wrote `sig` declarations. None of them
+were checked. The language claims to be designed for agents who need
+trustworthy contracts — but the most basic contract (type) is not enforced.
+
+**Scope:** Runtime type checking at call boundaries. Not full static type
+inference. Check argument types against `sig` declarations when types are
+known. Raise a typed `TypeViolation` error on mismatch.
+
+**Risk:** Medium. Touches the interpreter call path. Existing programs that
+accidentally pass wrong types will now fail loudly instead of silently.
+That is the correct behavior.
+
+---
+
+## Problem 2 — No standard library
+
+**What breaks without this:** Agents cannot write programs that read files,
+make HTTP requests, parse JSON, or do date arithmetic. Every real-world
+agent pipeline needs at least one of these. The current primitive set covers
+string manipulation and arithmetic but nothing that touches the outside world
+beyond `io.say` and `clock.now`.
+
+**Evidence:** The "usable in the wild" assessment identified this as a
+hard blocker for real-world use. The content-moderation pipeline task spec
+(the canonical test) uses only string primitives — it was designed to avoid
+this gap, not to demonstrate the language is complete.
+
+**Scope:** Four new effect groups:
+- `io.read` — read a file by path, return string
+- `http.get` / `http.post` — HTTP client primitives
+- `json.parse` / `json.encode` — JSON round-trip
+- `clock.date` — structured date arithmetic beyond `clock.now.hm`
+
+**Risk:** Medium. New effect declarations, new primitives, new error kinds.
+Does not touch existing primitives or the canonical form for existing programs.
+
+---
+
+## Problem 3 — No operated public registry
+
+**What breaks without this:** V3-2 shipped remote symbol resolution
+infrastructure, but the registry at `codifide.com/symbols/<hash>` is empty.
+Two agents cannot exchange symbols without out-of-band coordination because
+there is nowhere to publish to. The multi-agent protocol story is
+infrastructure without content.
+
+**Evidence:** V3-2 acceptance criterion was "agent on machine B resolves a
+symbol published by agent on machine A." That works mechanically but requires
+both agents to be running their own servers. A public registry with real
+symbols in it is the missing piece.
+
+**Scope:** Operate the public registry endpoint. Seed it with the canonical
+pipeline task spec symbols (the five programs from the case studies). Document
+the publish workflow. Add `codifide store push --registry https://codifide.com`
+as the canonical publish path.
+
+**Risk:** Low for the code (already exists). Medium for operations (requires
+a running server, storage, and uptime commitment).
+
+---
+
+## Problem 4 — Server is 127.0.0.1 only
+
+**What breaks without this:** The RPC server cannot be used for multi-machine
+agent coordination without a reverse proxy, TLS, and auth — none of which are
+documented or provided. The V3-2 remote registry works around this by using
+the public endpoint, but any team wanting to run a private registry is on
+their own.
+
+**Evidence:** The Sable audit of V2-1 flagged AUD-RPC-02 (no socket timeout,
+slow-loris risk) as P2. The server was explicitly documented as "local-only,
+trusted caller." That is the right call for v2.0 but not for v4.0 where
+multi-machine use is the goal.
+
+**Scope:** Add an `--auth-token` flag for bearer token authentication. Add
+TLS support via `--cert` / `--key` flags (or document the reverse proxy
+pattern). Remove the "not safe to expose over a network" warning when auth
+is configured. Update `docs/RPC_API.md`.
+
+**Risk:** Medium-high. Security-sensitive. Requires Sentinel review and
+Sable audit before shipping.
+
+---
+
+## Prioritization
+
+| ID | Problem | Priority | Risk | Dependency |
+|----|---------|----------|------|------------|
+| V4-1 | Runtime type enforcement | P1 | Medium | None |
+| V4-2 | Standard library | P1 | Medium | None |
+| V4-3 | Public registry (operated) | P2 | Low/Medium | V3-2 (shipped) |
+| V4-4 | Network-safe server | P3 | Medium-High | V4-3 |
+
+V4-1 and V4-2 are independent and can be implemented in parallel.
+V4-3 is mostly operational, not code. V4-4 depends on V4-3 being
+useful first.
+
+---
+
+## What is explicitly out of scope for v4.0
+
+- **Full static type inference** — V4-1 is runtime checking only. Static
+  inference requires a type system design that is not yet specified.
+- **Hosted runtime / cloud execution** — no adoption evidence.
+- **Time-indexed types (V3-4)** — still deferred, still no evidence.
+- **Editor integration** — still deferred.
+- **Structural diff and merge** — still deferred.
+
+---
+
+## G0 decision
+
+**Approved.** All four problems are real, bounded, and worth solving.
+Evidence is direct (case study findings, Sable audit findings, gap analysis).
+Scope is honest. Proceeding to G1.
+
+*Aegis sign-off: approved 2026-05-14*