docs(catalog): restore Next-Modules queue + add threat-detector Implementation Sketch (catalog #2)#1384
Merged
Merged
Conversation
…mentation Sketch The 'Next Modules To Build' section + the audit-recorder Implementation Sketch I added in two follow-up commits on the original MODULE-CATALOG branch never made it to canary — the squash-merge of #1336 only captured the first commit (the initial 31-module catalog). Confirmed by checking the merged tree: catalog has Sections I-X but no queue + no per-module Implementation Sketch. This PR: 1. RESTORES the Next-Modules queue (now with checkmarks reflecting what's shipped): - #1 audit-recorder MERGED via #1344 - #2 threat-detector unclaimed, ready (Implementation Sketch below) - #3 working-set-manager MERGED end-to-end via PR-2/3/4/5 - #4 demand-aligned-recall MERGED end-to-end via PR-1 through PR-3f - #5 substrate-governor MERGED end-to-end via PR-1 through PR-3d plus newly unblocked next-tier: inference-llm, composer, speculator, reprojection-service, Lane D persona runtime frame. 2. INCLUDES the audit-recorder Implementation Sketch for reference (it's what the implementer copied from to produce #1344, even though it wasn't on canary at the time — they got it from the broadcast). 3. ADDS the threat-detector Implementation Sketch — catalog #2, next-up. ~260 LoC total for PR-1: - ThreatDetector trait (async inspect → Option<ThreatEvidence>) - ThreatDetectorModule that wakes on every RuntimeFrame and runs each registered detector - PromptInjectionDetector as the first ships-with-PR-1 detector (role-override patterns + length-attack heuristic) - 4 tokio tests covering: empty-list base case, role-override fires correctly, benign chat doesn't fire, pluggable-addition test that enforces P4 (evolving threat coverage) structurally - Memory cells deferred to PR-2; PR-1 ships stateless detectors This pluggable shape is the architectural answer to invariant P4 from PERSONA-COGNITION-CONTRACT: new threat patterns land as follow-up PRs adding a single ~50 LoC detector implementation with no changes to the substrate module itself. 4. NAMES what threat-detector unblocks downstream: - P4 invariant test (currently has no producer) - The PersonaDecision::Decline { AdversarialPattern } cognition path - audit-recorder's ThreatDetected subscription (currently dead; no producer until threat-detector ships) Doc-only change. No code touched. The Implementation Sketch is copy-pastable as the starting point for the next implementer.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Two things in one PR (both doc-only, no code):
Restores the Next-Modules-To-Build queue + audit-recorder Implementation Sketch that never made it into canary. The squash-merge of docs(architecture): MODULE-CATALOG — every Continuum concern as a focused module #1336 only captured the original 31-module catalog; my two follow-up commits adding the queue + sketch were on the branch but not in the squashed tree. The implementer picked up audit-recorder anyway via my broadcast, but the catalog itself was missing the work I'd added.
Adds the threat-detector Implementation Sketch — catalog Feature: Add CI/CD Configuration #2, currently unclaimed + unblocked.
Queue State After This PR
audit-recorderthreat-detectorworking-set-managerdemand-aligned-recallsubstrate-governorinference-llmcomposerspeculatorreprojection-serviceFour of five original ranked items shipped over Sat→Sun. The doc-spec → code-PR pipeline worked.
threat-detector Sketch Highlights
Closing Note
The audit-recorder sketch shipped its code as #1344 even though the sketch wasn't on canary — proving that the broadcast-as-coordination + the sketch-as-spec works end-to-end. With this PR, the threat-detector spec is on canary so the next implementer doesn't have to fish it out of session history.