[codex] Plan submission artifact policy foundation

[Abiorh001]

Summary

This PR adds the zero-trust planning package for WS-POL-001 - Submission Artifact Policy Foundation.

It does not implement product runtime changes yet. It locks the intent, discovery, plan, chunk map, first chunk contract, and internal review evidence before backend work begins.

What Changed

• Added initiative artifacts under .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/.
• Added first chunk contract: WS-POL-001-01 - Submission Artifact Policy Foundation.
• Updated loop state and work queue to show the active approval checkpoint.
• Recorded internal review evidence with reviewer run IDs and reviewed SHA binding.

Product Direction Locked By This Plan

• ProjectGuide is human-facing instruction.
• SubmissionArtifactPolicy is the machine-readable intake contract.
• WorkstreamDefaultSubmissionArtifactPolicy + ProjectSubmissionArtifactPolicy = EffectiveSubmissionArtifactPolicy.
• PreSubmitCheckerPolicy is generated from the effective policy.
• Blocking pre-submit failures do not create a submission row, submission version, durable checker run, or submission-created audit event.
• Post-submit/internal checker policy remains separate.
• Worker-facing review outcomes remain accept, needs_revision, and reject.

Validation

• python3 scripts/check_internal_review_evidence.py
• python3 scripts/check_loop_memory_state.py
• python3 scripts/workstream_agent_gate.py --base origin/main --head HEAD --format json returned REVIEW_REQUIRED as expected for .agent-loop risk-sensitive planning changes.
• python3 scripts/check_markdown_links.py
• python3 scripts/check_stale_workstream_wording.py
• git diff --check HEAD~2..HEAD

Internal Review

• senior engineering: PASS WITH LOW RISKS
• QA/test: PASS AFTER FIXES
• security/auth: PASS WITH LOW RISKS
• product/ops: PASS WITH LOW RISKS
• architecture: PASS WITH LOW RISKS
• docs: PASS WITH LOW RISKS

Evidence file: .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-internal-review-evidence.md.

Human Review Focus

• Approve or revise the first chunk contract before backend implementation starts.
• Confirm the exact Workstream default submission artifact rules.
• Confirm whether evidence_policy stays as a compatibility alias during migration.
• Confirm whether generated pre-submit policy should be persisted in chunk 2 or derived on read.

Stop Condition

No backend implementation should begin from this PR until the chunk contract is approved.

Summary by CodeRabbit

Release Notes

• Documentation
  • Updated internal work-queue and loop state to shift the active initiative to the submission artifact policy effort, including the next planning chunk and current approval gating.
  • Added and refreshed initiative planning materials covering chunk mapping, decisions, discovery scope, intent, plan, risks, and current status.
  • Recorded internal review evidence and an external review response documenting what was addressed and what remains pending.

No end-user visible features, bug fixes, or functionality changes are included.

[coderabbitai]

Warning

Review limit reached

@Abiorh001, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 35 minutes and 31 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 2e3f2503-c365-49dd-8953-824e8a6afc2d

📥 Commits

Reviewing files that changed from the base of the PR and between fc48d23 and ef3bf0c.

📒 Files selected for processing (1)

• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-external-review-response.md

📝 Walkthrough

Walkthrough

This PR advances the agent loop from the completed WS-ENG-001 initiative to WS-POL-001 (Submission Artifact Policy Foundation) by updating loop state and work queue files, and introducing a complete set of planning documents: INTENT, DISCOVERY, DECISIONS, PLAN, RISKS, CHUNK_MAP, STATUS, a first chunk contract, and internal and external review evidence for that chunk.

Changes

WS-POL-001 Initiative Planning

Layer / File(s)	Summary
Loop state and work queue advancement .agent-loop/LOOP_STATE.md, .agent-loop/WORK_QUEUE.md	LOOP_STATE.md switches the active initiative from WS-ENG-001 to WS-POL-001 with a new branch, status, and gate. WORK_QUEUE.md restructures active/completed/proposed-next sections, listing WS-POL-001-01 as the proposed chunk awaiting approval and adding EXAMPLE-TERMINAL-BENCHMARK to completed.
Initiative intent, discovery, and decisions .agent-loop/initiatives/WS-POL-001-.../INTENT.md, DISCOVERY.md, DECISIONS.md	INTENT.md defines the problem, EffectiveSubmissionArtifactPolicy/PreSubmitCheckerPolicy contract model, success state, non-goals, and human judgment required. DISCOVERY.md maps current transitional architecture, relevant modules, test gaps, and open questions. DECISIONS.md records finalized contract boundaries, the pre/post-submit check separation, the invariant decision token set, and pending human decisions.
Implementation plan and risk register .agent-loop/initiatives/WS-POL-001-.../PLAN.md, RISKS.md	PLAN.md describes the phased approach, checker lifecycle contract (pre-submit without durable records vs. post-submit with durable records), rejected alternatives, preserved boundaries, rollout/migration steps, verification strategy, and required reviewer categories. RISKS.md enumerates six risk/impact/mitigation entries.
Five-chunk implementation breakdown .agent-loop/initiatives/WS-POL-001-.../CHUNK_MAP.md	Defines global chunking rules and five ordered chunks (WS-POL-001-01 through WS-POL-001-05) covering policy model foundation, pre-submit checker policy generation, submission creation gating migration, post-submit checker policy split, and revision resubmission validation. Each chunk includes allowed/not-allowed paths, acceptance criteria, and reviewer focus.
Initiative status .agent-loop/initiatives/WS-POL-001-.../STATUS.md	Records current planning state, active chunk, chunk-status table, blockers requiring human approval, and follow-up items for future field/provenance changes.
WS-POL-001-01 chunk contract .agent-loop/initiatives/WS-POL-001-.../chunks/WS-POL-001-01-....md	Defines goal to introduce first-class SubmissionArtifactPolicy backend support, allowed/not-allowed file areas, layer responsibilities (router/service/repository/schema), acceptance criteria for policy model and table, verification commands, required reviewer categories with PASS expectations, human review focus questions, and stop/escalation conditions.
Internal review evidence for WS-POL-001-01 .agent-loop/initiatives/WS-POL-001-.../reviews/WS-POL-001-01-internal-review-evidence.md	Records reviewed SHA, reviewer run IDs, per-category PASS results, valid findings addressed across test safety/security/naming/responsibility boundaries, commands run, and remaining risks noting backend implementation is not yet approved pending specific default policy field and persistence decisions.
External review response for WS-POL-001-01 .agent-loop/initiatives/WS-POL-001-.../reviews/WS-POL-001-01-external-review-response.md	Documents external findings (CodeRabbit readability issue fixed via consolidating acceptance criteria wording, GitHub checks requirement to pass), specifies fix plan preserving artifact separation, and lists verification commands.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Flow-Research/workstream#24: Main PR updates .agent-loop/LOOP_STATE.md and .agent-loop/WORK_QUEUE.md with new loop-state/status wording for WS-POL-001, which is exactly the kind of loop-memory content that the retrieved PR's new check_loop_memory_state.py/CI guard workflow validates.

Poem

🐇 Hippity-hop, the plan is laid,
In markdown files where contracts are made.
Pre-submit gates and policies clear,
Five chunky slices for the engineer.
The rabbit stamps the queue with care—
No backend starts without review there! ✅

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title '[codex] Plan submission artifact policy foundation' directly summarizes the main change: adding a comprehensive planning package for the WS-POL-001 initiative without implementing runtime changes.
Description check	✅ Passed	The PR description includes most key sections: Summary, What Changed, Product Direction Locked, Validation, Internal Review, Human Review Focus, and Stop Condition. However, it lacks formal structure matching the template's sections like 'Goal,' 'Design Chosen,' 'Alternatives Rejected,' 'Scope Control,' and 'External Review' with proper fields.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/submission-artifact-policy-loop-plan

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md (1)

155-158: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Refactor repetitive acceptance criteria wording for clarity.

Three successive acceptance criteria sentences in WS-POL-001-03 begin with "Blocking pre-submit failure creates no...". While the criteria are correct and verifiable, restructuring would improve readability without losing meaning.

🔧 Proposed restructuring

 Acceptance criteria:

-- Blocking pre-submit failure creates no submission row.
-- Blocking pre-submit failure creates no submission version.
-- Blocking pre-submit failure creates no submitted transition.
-- Blocking pre-submit failure creates no durable checker run.
+- Blocking pre-submit failure creates no submission row, version, submitted transition, or durable checker run.
 - Passing pre-submit creates a submission stamped with locked policy context.

Alternatively, if preserving line-item structure is preferred:

 Acceptance criteria:

 - Blocking pre-submit failure creates no submission row.
 - Blocking pre-submit failure creates no submission version.
-- Blocking pre-submit failure creates no submitted transition.
-- Blocking pre-submit failure creates no durable checker run.
+- Pre-submit failure also creates no submitted transition or durable checker run.
 - Passing pre-submit creates a submission stamped with locked policy context.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
@.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md
around lines 155 - 158, The acceptance criteria in the WS-POL-001-03 section
contains three consecutive lines that repetitively begin with "Blocking
pre-submit failure creates no...", which impacts readability. Restructure these
four acceptance criteria by consolidating the common phrase into a single
introductory statement followed by a bulleted or enumerated list of the distinct
outcomes (submission row, submission version, submitted transition, and durable
checker run) to eliminate the repetition while preserving all the meaning and
verifiability of the criteria.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
@.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md:
- Around line 155-158: The acceptance criteria in the WS-POL-001-03 section
contains three consecutive lines that repetitively begin with "Blocking
pre-submit failure creates no...", which impacts readability. Restructure these
four acceptance criteria by consolidating the common phrase into a single
introductory statement followed by a bulleted or enumerated list of the distinct
outcomes (submission row, submission version, submitted transition, and durable
checker run) to eliminate the repetition while preserving all the meaning and
verifiability of the criteria.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 2a3b8fb4-fdba-4243-9f76-339677bd94e5

📥 Commits

Reviewing files that changed from the base of the PR and between e36a5fe and 1c90508.

📒 Files selected for processing (11)

• .agent-loop/LOOP_STATE.md
• .agent-loop/WORK_QUEUE.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DECISIONS.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DISCOVERY.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/INTENT.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/PLAN.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/RISKS.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-01-submission-artifact-policy-foundation.md
• .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-internal-review-evidence.md

[Abiorh001]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.