docs: scrub internal references from CHANGELOG Summary + migration guide

Follow-up to the previous commit (rename-only). Actually applies the
content scrub to:

- ``docs/MIGRATION-IO-BOUNDARIES.md``: removed internal plan / PR
  ordinal codenames, tracker IDs, and the agent-workspace plan-file
  path from the Reference section. The technical content (strict-
  stdlib rule, status declarations, stdlib_provenance shape, allowlist,
  external_potential bucket, JSON diff, per-consumer "what to do if
  you..." sections) is unchanged.

- ``CHANGELOG.md`` ``[Unreleased]`` Summary: removed the internal plan
  / PR-ordinal codenames and two stray tracker IDs that were
  distracting a reader scanning the release notes. The UX-delta
  bullets (chain-count drops, external_potential section, per-
  language reliability declaration, JSON shape change) and the
  reader-facing framing are unchanged. Updated the pointer to the
  renamed migration guide.

No impact on code or tests; docs-only change.

Signed-off-by: jgstern-agent <josh-agent@iterabloom.com>

Author: jgstern-agent

.ci/affected-tests.txt

@@ -1,5 +1,5 @@
 # Test selection manifest
-# Generated by smart-test at 2026-04-24T12:54:52-04:00
+# Generated by smart-test at 2026-04-24T13:13:15-04:00
 # Mode: targeted
 # Baseline: db497c028ce764d25808f87a205e8a01c315766e
 # Reason: no Python source files changed

CHANGELOG.md

@@ -12,16 +12,18 @@ This changelog tracks the **tool version** (package releases). The **schema vers
 
 ### Summary
 
-**`hypergumbo io-boundaries` reports differently than before.** Plan C — a three-PR refactor of the I/O catalog system — reshapes the output. When you re-run the tool on a repo you've analyzed before, expect:
+**`hypergumbo io-boundaries` reports differently than before.** The I/O catalog system has been refactored. When you re-run the tool on a repo you've analyzed before, expect:
 
 1. **`net_send` / `fs_read` / `fs_write` / `db_*` / `logging` chain counts drop** on any repo using third-party I/O wrappers (Python `requests` / `httpx` / `aiohttp`; Java OkHttp / Spring Web / Apache HttpClient / Hibernate / SLF4J / Log4j; JavaScript `axios` / `node-fetch` / `express` / Fastify / Koa; Rust `tokio::fs` / `hyper` / `reqwest` / `axum`; Scala fs2 / cats-effect / sttp / akka / ZIO / Play; Kotlin ktor / Exposed / `kotlin-logging`). Those wrappers were removed from the catalog under a strict-stdlib rule — adding one entry per popular wrapper was a maintenance treadmill with no principled stopping point.
 2. **A new `external_potential` boundary section appears** in both text and `--json` output, containing every first-party call that reaches into a tier-3 external boundary node not classified by any catalog. That covers the wrappers culled in (1) plus everything that was never in the catalog (HuggingFace Hub, sentence-transformers, any other third-party library you happen to use). The bucket is the structural answer to "the catalog can't enumerate every popular wrapper" — surface untrusted-territory reach as its own first-class signal instead of growing the catalog.
-3. **Per-language reliability is now declared.** Python's catalog declares `status: complete` with a `stdlib_provenance` citation pointing at `docs.python.org/3.13`. The other 12 catalogs (`c`, `elixir`, `erlang`, `go`, `haskell`, `java`, `javascript`, `kotlin`, `objc`, `rust`, `scala`, `swift`) declare `status: in_progress` until follow-up PRs audit them against their official stdlib documentation. For `external_potential` chains whose source language is `in_progress`, an `[unreliable]` marker (text) / `dst_classification_unreliable: true` field (JSON) flags the chain so consumers know absence-of-catalog-hit is not authoritative for that language yet.
-4. **JSON shape change.** `boundaries.external_potential` is a new top-level key, and every `boundaries.<type>.chains[]` dict gains a `dst_classification_unreliable` field. Catalogs declaring `status: complete` (explicit OR defaulted) without a valid `stdlib_provenance` URL now hard-error at load time; URLs must be `https://` and their hostname must suffix-match `ALLOWED_PROVENANCE_HOSTNAME_SUFFIXES` (an allowlist of official stdlib documentation hosts in `io_boundary.py`). See **`docs/MIGRATION-PLAN-C.md`** for the full migration guide.
+3. **Per-language reliability is now declared.** Python's catalog declares `status: complete` with a `stdlib_provenance` citation pointing at `docs.python.org/3.13`. The other 12 catalogs (`c`, `elixir`, `erlang`, `go`, `haskell`, `java`, `javascript`, `kotlin`, `objc`, `rust`, `scala`, `swift`) declare `status: in_progress` until follow-up work audits them against their official stdlib documentation. For `external_potential` chains whose source language is `in_progress`, an `[unreliable]` marker (text) / `dst_classification_unreliable: true` field (JSON) flags the chain so consumers know absence-of-catalog-hit is not authoritative for that language yet.
+4. **JSON shape change.** `boundaries.external_potential` is a new top-level key, and every `boundaries.<type>.chains[]` dict gains a `dst_classification_unreliable` field. Catalogs declaring `status: complete` (explicit OR defaulted) without a valid `stdlib_provenance` URL now hard-error at load time; URLs must be `https://` and their hostname must suffix-match an allowlist of official stdlib documentation hosts. See **`docs/MIGRATION-IO-BOUNDARIES.md`** for the full migration guide.
 
-For `verify-claims` users specifically: `IoChain.dst_tier` (PR2 of stop-stripping) plus `external_potential` (Plan C, PR C) together let you reason about untrusted-territory reach without per-library catalog growth. The original WI-jihuj concern that drove the audit — "can I `verify-claims` that hypergumbo doesn't make network calls if it uses HuggingFace Hub?" — is now structurally answered: HF Hub doesn't appear in `net_send`, but its calls surface in `external_potential` with `dst_tier=3`.
+For `verify-claims` users specifically: the destination supply-chain tier on each chain, plus the new `external_potential` bucket, together let you reason about untrusted-territory reach without per-library catalog growth. An earlier open question — "can I `verify-claims` that hypergumbo doesn't make network calls if it uses HuggingFace Hub?" — is now structurally answered: HF Hub doesn't appear in `net_send`, but its calls surface in `external_potential` with `dst_tier=3`.
 
-**Earlier in [Unreleased] (pre-Plan-C work):** External boundary nodes — synthetic `Symbol` records minted for every dangling edge endpoint (stdlib calls, third-party imports) — are now serialized into `behavior_map["nodes"]` with `kind="external_symbol"`, `path="<external>"`, `meta.external_boundary=True`, and `supply_chain.tier` populated. They were previously stripped before output, which silently re-introduced the dangling-reference problem WI-sikur was meant to fix for every disk-load consumer (`cmd_slice`, `cmd_test_coverage`, `cmd_verify_claims`, etc.). INV-miniz transitions to satisfied. Display surfaces (sketch, compact, search) continue to filter boundary nodes via the new `ir.is_external_boundary()` helper, so display-side output is unchanged. Schema bumped 0.2.2 → 0.2.3 (additive: `external_symbol` added to `Symbol.kind` enum; Span `start_line` / `end_line` minimum loosened from 1 to 0 for synthetic zero-span nodes).
+Separately in this release:
+
+External boundary nodes — synthetic `Symbol` records minted for every dangling edge endpoint (stdlib calls, third-party imports) — are now serialized into `behavior_map["nodes"]` with `kind="external_symbol"`, `path="<external>"`, `meta.external_boundary=True`, and `supply_chain.tier` populated. They were previously stripped before output, which silently re-introduced the dangling-reference problem for every disk-load consumer (`cmd_slice`, `cmd_test_coverage`, `cmd_verify_claims`, etc.). Display surfaces (sketch, compact, search) continue to filter boundary nodes via the new `ir.is_external_boundary()` helper, so display-side output is unchanged. Schema bumped 0.2.2 → 0.2.3 (additive: `external_symbol` added to `Symbol.kind` enum; Span `start_line` / `end_line` minimum loosened from 1 to 0 for synthetic zero-span nodes).
 
 `hypergumbo io-boundaries` also gained detection of attribute-style IO primitives — `os.environ`, `sys.argv`, `process.env`, `System.out`, `os.Stdout`, `std::env::consts::OS`, and bare `stdout` / `stderr` / `stdin` in C — across Python, Go, JavaScript/TypeScript, Java, Rust (tree-sitter), and C. These entries were declared in the YAML catalog but had no matching analyzer edges, so every chain through them was invisible. `verify-claims` also gains `--taint-sources`, `--taint-sinks`, `--taint-sanitizers` flags (and an `extra_catalogs:` key in the claims YAML) for project-local trust zones, sanitizers, and label maps. Browser-local reads (`localStorage.getItem`, `indexedDB.open`, `caches.*`) are no longer misreported as host-filesystem reads.
 

docs/MIGRATION-IO-BOUNDARIES.md

@@ -1,9 +1,8 @@
 <!-- SPDX-License-Identifier: AGPL-3.0-or-later -->
-# Migration Guide: Plan C (I/O catalog refactor)
+# Migration Guide: I/O catalog refactor
 
-Plan C is a three-PR refactor of hypergumbo's I/O catalog system that
-ships in the next release after the current `[Unreleased]` window. It
-changes what `hypergumbo io-boundaries` reports — and, indirectly, what
+This release refactors hypergumbo's I/O catalog system. It changes
+what `hypergumbo io-boundaries` reports — and, indirectly, what
 `hypergumbo verify-claims` will accept — for every repo that uses
 third-party I/O wrappers.
 
@@ -24,22 +23,23 @@ and what to do if you depend on the old behavior.
 
 ## Why the change
 
-Before Plan C, the I/O catalog grandfathered popular third-party
+Previously, the I/O catalog grandfathered popular third-party
 wrappers (`requests`, `axios`, `okhttp3.*`, `tokio::fs`, akka,
 `huggingface_hub`, ...) so they would show up under `net_send` /
 `fs_read` / etc. instead of being silently invisible. That carve-out
 was a slippery slope: every popular library wanted its own entry, and
 there was no principled stopping point.
 
-The structural answer is to stop trying to enumerate every wrapper and
-instead expose the **shape** of untrusted-territory reach as its own
-signal. That is what the new `external_potential` bucket is.
+The structural answer is to stop trying to enumerate every wrapper
+and instead expose the **shape** of untrusted-territory reach as its
+own signal. That is what the new `external_potential` bucket is.
 
-The catalog now enumerates **only** stdlib symbols, with a per-language
-`status` declaration (`complete` or `in_progress`) so absence-from-the-
-catalog has a clear meaning: for `status: complete` languages, "not in
-the catalog" = "not stdlib, probably third-party"; for `status:
-in_progress` languages, the absence is flagged as not-yet-authoritative.
+The catalog now enumerates **only** stdlib symbols, with a per-
+language `status` declaration (`complete` or `in_progress`) so
+absence-from-the-catalog has a clear meaning: for `status: complete`
+languages, "not in the catalog" = "not stdlib, probably third-party";
+for `status: in_progress` languages, the absence is flagged as
+not-yet-authoritative.
 
 ## What the output looks like now
 
@@ -70,10 +70,10 @@ chain in `external_potential` carries an `[unreliable]` marker:
 ```
 
 The `[unreliable]` marker means: "this language's stdlib catalog
-hasn't been audited end-to-end yet, so the absence-of-catalog-hit that
-caused this chain to land in `external_potential` isn't authoritative
-— after the catalog is promoted to `status: complete`, the chain may
-either stay here or move into a classical bucket."
+hasn't been audited end-to-end yet, so the absence-of-catalog-hit
+that caused this chain to land in `external_potential` isn't
+authoritative — after the catalog is promoted to `status: complete`,
+the chain may either stay here or move into a classical bucket."
 
 ### JSON mode
 
@@ -158,13 +158,13 @@ Two additive changes:
 Total chain counts will change. If you compute health metrics off
 chain counts, recalibrate against the post-cull numbers.
 
-### ...maintain a project-local taint catalog (WI-votan,  `--taint-sources` / `--taint-sinks` / `--taint-sanitizers`)
+### ...maintain a project-local taint catalog (`--taint-sources` / `--taint-sinks` / `--taint-sanitizers`)
 
 No change. Project-local catalogs continue to override the built-in
 catalog the same way they did before. If a third-party wrapper your
 project cares about is no longer in the global catalog, you can
-re-add it for your repo via a project-local catalog without affecting
-anyone else.
+re-add it for your repo via a project-local catalog without
+affecting anyone else.
 
 ### ...are a catalog contributor for a non-Python language
 
@@ -181,9 +181,9 @@ language: <lang>
 status: complete | in_progress
 
 # REQUIRED for status: complete. Optional for status: in_progress.
-# Cited at load time; URL hostname must suffix-match
-# ALLOWED_PROVENANCE_HOSTNAME_SUFFIXES (a curated allowlist of
-# official-stdlib documentation hosts).
+# Cited at load time; URL hostname must suffix-match an allowlist
+# of official-stdlib documentation hosts declared in
+# io_boundary.py.
 stdlib_provenance:
   source_url: https://docs.<authority>/<version>/library/index.html
   version: "<stdlib release>"
@@ -193,46 +193,37 @@ stdlib_provenance:
     a language's "list all modules" page, etc.).
 
 # OPTIONAL. Stdlib symbols that are NOT I/O primitives.
-# Used by the external_potential filter to drop "first-party calls a
-# stdlib non-IO symbol" — math.sqrt, collections.deque, etc. — from
-# the bucket. Empty until you populate it.
+# Used by the external_potential filter to drop "first-party calls
+# a stdlib non-IO symbol" — math.sqrt, collections.deque, etc. —
+# from the bucket. Empty until you populate it.
 stdlib_other:
   - module: math
     functions: [sqrt, sin, cos, ...]
 ```
 
 Promoting a language from `in_progress` to `complete` is a regular
-PR. Adding to `ALLOWED_PROVENANCE_HOSTNAME_SUFFIXES` is a governance
-change requiring PR review (same shape as `ALLOWED_WEBSITES.md`).
-
-The 12 follow-up tracker items (`WI-ganid` plus 11 siblings) track
-the catalog-completion backlog. Pick one, audit the catalog against
-the language's official docs, add `stdlib_provenance`, and flip
-`status` to `complete`.
+PR: audit the catalog against the language's official stdlib
+documentation, add `stdlib_provenance`, and flip `status` to
+`complete`. Adding a hostname to the provenance allowlist is a
+governance change requiring PR review (same shape as
+`ALLOWED_WEBSITES.md`).
 
 ### ...care about the strict-stdlib rule itself
 
 The catalog principle is now: **catalog membership = stdlib
 (language ships it); absence = probably third-party, not certain**.
-The validator (`_validate_catalog_dict` in `io_boundary.py`) hard-
-errors at load time on any catalog declaring `status: complete`
-without provenance, so completeness claims are auditable. The
-allowlist (`ALLOWED_PROVENANCE_HOSTNAME_SUFFIXES`) defends against
-typos and unofficial sources.
+A load-time validator hard-errors on any catalog declaring
+`status: complete` without provenance, so completeness claims are
+auditable. The hostname allowlist defends against typos and
+unofficial sources.
 
-Project-local catalogs (WI-votan) remain the escape hatch for
-"my project depends on a wrapper not in the global catalog and I
-want it classified" — they always take precedence over built-in
-entries.
+Project-local catalogs remain the escape hatch for "my project
+depends on a wrapper not in the global catalog and I want it
+classified" — they always take precedence over built-in entries.
 
 ## Reference
 
-- The original plan: `/home/jgstern_agent/.claude/plans/yeah-we-should-do-parallel-pnueli.md`
-  (in the agent workspace; not committed).
-- Per-PR detail: `[Unreleased]` section of `CHANGELOG.md`,
-  subsections for "IO catalog — strict-stdlib cull (Plan C, PR A)",
-  "IO catalog — `status` / `stdlib_provenance` / ... (Plan C, PR B)",
-  and "IO boundaries — `external_potential` bucket (Plan C, PR C)".
-- Tracker: `WI-koluz` (PR B), `WI-tanas` (PR C), `INV-pomir`
-  (provenance / allowlist invariant), `WI-ganid` + 11 siblings
-  (per-language promotion backlog).
+Per-change detail — down to the API-level and YAML-level shape of
+each subsystem covered above — lives in the `[Unreleased]` section
+of `CHANGELOG.md`, under the subsections for the strict-stdlib cull,
+the catalog schema additions, and the `external_potential` bucket.