Skip to content

Commit d741c6f

Browse files
authored
Merge pull request #545 from flyingrobots/refactor/braid-shell-member
refactor: align Strand with static typestates and close gap analysis specs
2 parents cfccf67 + 0a61307 commit d741c6f

29 files changed

Lines changed: 3508 additions & 147 deletions

CHANGELOG.md

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,14 @@
77

88
### Added
99

10+
- `warp-core` casting a dynamically postured strand to statically shared now returns a semantically precise `PostureObstruction::PostureMismatch` instead of `PostureObstruction::NarrowingRefused`.
11+
- `warp-core` renamed `ProofEnvelope::verify` to `validate_shape` and updated error variants to `ProofShapeValidationFailed` to accurately reflect shape/input checks rather than full cryptographic proof verification.
12+
- `warp-core` strand creation now carries explicit `RetentionPosture` through
13+
`ForkStrandRequest`, `ForkStrandReceipt`, and `Strand`. Session-default and
14+
debugger fork constructors choose posture policy explicitly, session-default
15+
work always records `PostureDerivation::SessionDefault`, debugger forks never
16+
silently become `Shared`, and `StrandRegistry` rejects incoherent retained
17+
posture such as `Shared` without an admission scope.
1018
- `warp-core` import admission receipts now bind local source-shared import
1119
admission to an explicit imported artifact identity. A receipt minted for one
1220
imported artifact cannot admit another import into a local shared admission
@@ -545,6 +553,22 @@ Applied, Rejected, Obstructed}` with receipt evidence and typed contract
545553

546554
### Changed
547555

556+
- `warp-core` renamed the generated contract package host API from
557+
`install_contract_package(...)` to `register_contract_package(...)` so the
558+
trusted-runtime boundary reads as explicit runtime-owned registration instead
559+
of process-global installation.
560+
- `warp-core` sealed braid member lookup now requires authority-bound sealed
561+
query material, redacts non-public blinding material from debug output, and
562+
keeps hidden-member commitments stable across parent frontier movement.
563+
- `warp-core` settlement planning now rejects non-`Shared` strands before
564+
producing import candidates. Author-only/debugger strand suffixes can remain
565+
real causal work, but they cannot enter base shared history without an
566+
explicit shared admission posture. Settlement compare remains local
567+
revelation/inspection only: it can inspect a locally held strand suffix
568+
without promoting, planning, admitting, or settling it.
569+
- `warp-core` settlement plural artifacts and retained braid shells now carry
570+
the source strand posture instead of hard-coding author-only posture for
571+
shared settlement records.
548572
- Local determinism tooling now fails closed around
549573
`scripts/check-warp-core-serialization-boundaries.sh`. The serialization
550574
boundary guard is mandatory, runs through `bash` rather than executable mode,
@@ -617,6 +641,38 @@ Applied, Rejected, Obstructed}` with receipt evidence and typed contract
617641

618642
### Fixed
619643

644+
- `warp-core` evolving braid logs now reject unchecked incremental mutations:
645+
`Braid::apply` returns typed lifecycle errors, rejects duplicate member
646+
weaving and mixed revealed/sealed membership, refuses empty-frontier
647+
settlement finalization, detects member sequence overflow with checked
648+
arithmetic, rejects empty collapse witnesses, and exposes folded state through
649+
read-only accessors instead of public mutable fields. Duplicate checks now use
650+
a deterministic member index instead of scanning the append-ordered frontier.
651+
- `warp-core` braid-shell digests now bind optional proof-shaped envelopes:
652+
proof-bearing shells have distinct content identity from proof-less shells,
653+
mutating proof bytes after assembly is caught by shell validation, and
654+
`BRAID_SHELL_VERSION` is now `2` for the proof-digest marker shape.
655+
Shape-only proof envelope admission is limited to replay-trace evidence;
656+
cryptographic proof kinds require a verifier backend before admission.
657+
- `warp-core` sealed braid members now require caller-supplied blinding material,
658+
preserve hidden shared source disclosure in settlement shells, mix a
659+
settlement-local `MemberBlindingSalt` into hidden settlement member
660+
commitments, reject mixed revealed/sealed shell member sets, and treat sealed
661+
member authority as part of duplicate-member identity.
662+
- `warp-core` retained braid shell queries now distinguish revealed member
663+
lookup from sealed member lookup: `has_revealed_member_strand` and
664+
`BraidShellQuery::revealed_member_strand` only match revealed references,
665+
while `BraidShellMemberQuery` carries blinding material for sealed matches.
666+
- `warp-core` crate-root braid exports now include `BraidError`, `BraidStatus`,
667+
and `BraidMemberRef` so external consumers can handle public braid results.
668+
- `warp-core` shared-strand settlement handles now re-enter the live registry
669+
path before planning or settling, and crate-internal settlement helpers reject
670+
stale handles that no longer match registered strand state. `CausalPostureState`
671+
is sealed to Echo's marker types so external crates cannot add typestate
672+
implementations outside the runtime posture gate.
673+
- `warp-wasm` settlement publication now maps non-`Shared` strand admission
674+
rejection to the stable `INVALID_STRAND` ABI error code instead of
675+
collapsing the lawful posture denial into `ENGINE_ERROR`.
620676
- `echo-file-aperture` now normalizes `HostFileSnapshot` material at the
621677
aperture boundary so caller-forged snapshot metadata or fingerprints cannot
622678
bind a basis, observation receipt, or materialization verification to bytes
Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
<!-- SPDX-License-Identifier: Apache-2.0 OR LicenseRef-MIND-UCAL-1.0 -->
2+
<!-- © James Ross Ω FLYING•ROBOTS <https://github.com/flyingrobots> -->
3+
4+
# CI-003 — Append-Only Braid Membership
5+
6+
Legend: [WARP — Causal History]
7+
8+
## Idea
9+
10+
Model braids as append-only witnessed relationships over strand intervals,
11+
not as binary pairings and not as permanent strand merges.
12+
13+
A braid can begin with multiple members and later weave additional strands
14+
into the relation without pretending those strands were present from the
15+
beginning:
16+
17+
```text
18+
t0: braid B includes s0 and s1
19+
t1: braid B weaves in s2
20+
```
21+
22+
The source of truth should be a braid event log:
23+
24+
```text
25+
BraidCreated { members: [s0, s1], ... }
26+
BraidMemberWovenIn { member: s2, ... }
27+
```
28+
29+
Materialized braid views can report current membership, but historical views
30+
must preserve membership as of the requested coordinate.
31+
32+
## Why
33+
34+
1. **Doctrine:** Braided does not mean settled. Related does not mean admitted.
35+
2. **Causality:** Weaving in `s2` at `t1` must not rewrite `t0` membership.
36+
3. **Scale:** Real review/conflict/proposal workflows can involve more than
37+
two strands.
38+
4. **Posture:** A braid may reveal a shared projection or relationship summary
39+
while sealed member source chains remain AuthorOnly.
40+
41+
## Acceptance Sketch
42+
43+
- Create braid `B` with `s0` and `s1` at `t0`.
44+
- Weave `s2` into `B` at `t1`.
45+
- Current braid view after `t1` includes `s0`, `s1`, and `s2`.
46+
- Historical braid view before `t1` excludes `s2`.
47+
- Braid membership changes are append-only events, not mutable list rewrites.
48+
- A shared braid projection can reveal the relationship without revealing a
49+
sealed member source chain.
50+
- Settlement can admit a braid projection without collapsing member strands.
51+
- Weaving in an AuthorOnly member requires authority or records a sealed
52+
member reference.
53+
54+
## Effort
55+
56+
Medium-Large — requires braid event types, interval/member views, revelation
57+
policy around sealed members, and settlement/projection integration.

0 commit comments

Comments
 (0)