[codex] Plan submission artifact policy foundation

.agent-loop/LOOP_STATE.md

@@ -2,14 +2,14 @@
 
 ## Current State
 
-- Active initiative: none
-- Active chunk: none
-- Branch: `main`
-- Status: `WS-ENG-001-01` merged through PR #23 on 2026-06-20; memory updated; no active chunk
-- Merge commit: `b9fe19b96109e9786e1d6d89488abfbe68a05d4a`
-- Reviewed code SHA: `b22b940ee50956c9c7bfd0e681ffac727b6ff82c`
-- Current gate: stopped after merge memory update
-- Next chunk: inactive
+- Active initiative: `WS-POL-001` - Submission Artifact Policy Foundation
+- Active planning chunk: `WS-POL-001-01` - Submission Artifact Policy Foundation
+- Branch: `codex/submission-artifact-policy-loop-plan`
+- Status: intent, discovery, plan, chunk map, and first chunk contract drafted; implementation has not started
+- Merge commit: none for this initiative
+- Reviewed code SHA: pending
+- Current gate: awaiting human review of plan and first chunk contract; backend implementation is not approved
+- Next chunk: inactive until `WS-POL-001-01` is approved and completed
 
 ## Operating Rule
 
@@ -19,14 +19,15 @@ Workstream engineering chunks move through:
 Intent -> Discovery -> Plan -> Chunk Map -> Chunk Contract -> Implementation -> Evidence -> Internal Review -> PR -> Human Checkpoint -> Memory Update -> Stop
 ```
 
-The current chunk is process infrastructure only. It does not change Workstream
-product behavior, database schema, API behavior, or frontend behavior.
+The current initiative is Workstream product planning for submission intake
+policy. The current branch changes loop planning artifacts only; it does not
+change Workstream product behavior, database schema, API behavior, or frontend
+behavior.
 
 ## Last Review State
 
-- Internal reviewer tracks complete.
-- Valid findings addressed.
-- Open sub-agent sessions: none.
-- Internal review evidence: `.agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-01-internal-review-evidence.md`
-- External review response: `.agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-01-external-review-response.md`
+- Last completed initiative: `WS-ENG-001` Codex zero-trust engineering loop bootstrap.
 - PR #23 merged into `main` on 2026-06-20.
+- PR #24 updated post-merge loop memory on `main`.
+- PR #25 added Terminal Benchmark example material under `examples/`.
+- Current planning branch has no internal review evidence yet.

.agent-loop/WORK_QUEUE.md

@@ -1,22 +1,23 @@
 # Work Queue
 
-## Active
+## Active Planning
 
 | Chunk | Title | Risk | Status |
 |---|---|---:|---|
-| None | No active chunk | - | Inactive |
+| `WS-POL-001-01` | Submission Artifact Policy Foundation | L1 | Draft contract; awaiting human approval before implementation |
 
 ## Completed
 
 | Chunk | Title | Risk | Status |
 |---|---|---:|---|
 | `WS-ENG-001-01` | Codex-native zero-trust loop bootstrap | L1 | Merged through PR #23 on 2026-06-20 |
+| `EXAMPLE-TERMINAL-BENCHMARK` | Terminal Benchmark example drill | L3 | Merged through PR #25 on 2026-06-21 |
 
 ## Proposed Next
 
-No next chunk is active. After this bootstrap has landed, the next Workstream product
-chunk must be planned through the loop and approved by the user before code
-starts.
+`WS-POL-001-01` is the proposed next Workstream product implementation chunk.
+Only planning is active. Backend implementation must not start until the user
+approves the chunk contract.
 
 ## Blocked
 

.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md

@@ -0,0 +1,280 @@
+# Chunk Map: WS-POL-001 - Submission Artifact Policy Foundation
+
+## Rules
+
+- One chunk fits in one reviewable PR.
+- No chunk mixes policy modeling, pre-submit runtime rewiring, and post-submit
+  checker splitting unless explicitly approved.
+- Every implementation chunk must use Postgres-backed tests.
+- Worker-facing outcomes remain simple; internal route names stay internal.
+- Project owners provide setup material in plain language; Workstream derives
+  machine-readable submission artifact policy and actors with the `admin` or
+  `project_manager` role approve it.
+
+## Chunks
+
+### WS-POL-001-01: Submission Artifact Policy Foundation
+
+Goal:
+
+Add first-class `SubmissionArtifactPolicy` backend records and schemas, define
+Workstream default submission artifact rules in code, and validate that project
+policy cannot weaken defaults.
+
+Risk:
+
+L1
+
+Depends on:
+
+Approved intent, discovery, plan, and this chunk contract.
+
+Allowed files:
+
+```text
+backend/alembic/versions/**
+backend/app/modules/projects/**
+backend/tests/test_projects.py
+docs/spec_chunk_3_project_guide_foundation.md
+docs/template_submission_artifact_policy.md
+.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/**
+```
+
+Not allowed:
+
+```text
+backend/app/modules/tasks/**
+backend/app/modules/checkers/**
+backend/app/modules/submissions/**
+.github/workflows/**
+frontend or demos
+payment/reputation/blockchain code
+```
+
+Acceptance criteria:
+
+- Dedicated submission artifact policy model/table exists.
+- Project policy is scoped to project id + guide version.
+- Project policy records are Workstream-derived and approved by `admin` or
+  `project_manager`, not direct project owner-authored schema.
+- Workstream default policy is represented in code.
+- Effective policy merge rejects attempts to weaken defaults.
+- Guide activation requires valid submission artifact policy.
+- Existing `evidence_policy` transitional behavior is not silently broken.
+
+Required reviewers:
+
+senior engineering, QA/test, security/auth, product/ops, architecture, docs,
+reuse/dedup, test delta.
+
+Human review focus:
+
+Policy ownership, project-owner intake checklist, policy field names, default
+rule set, migration strategy, and whether `evidence_policy` remains a temporary
+compatibility alias.
+
+### WS-POL-001-02: Generated PreSubmitCheckerPolicy
+
+Goal:
+
+Generate pre-submit checker policy from effective submission artifact policy and
+expose it only as server-owned policy context.
+
+Risk:
+
+L1
+
+Depends on:
+
+`WS-POL-001-01`
+
+Allowed files:
+
+```text
+backend/app/modules/projects/**
+backend/app/modules/checkers/**
+backend/tests/test_projects.py
+backend/tests/test_checkers.py
+docs/spec_chunk_8_submission_artifact_policy_checkers.md
+```
+
+Not allowed:
+
+```text
+submission creation runtime rewiring
+post-submit lifecycle changes
+payment/reputation/blockchain code
+```
+
+Acceptance criteria:
+
+- Pre-submit checker policy is generated, not client-supplied.
+- Generated policy contains Workstream defaults plus project additions.
+- Generated policy names match registered pre-submit checker behavior.
+- Workers cannot provide checker names, severities, versions, or outcomes.
+
+Required reviewers:
+
+senior engineering, QA/test, security/auth, product/ops, architecture, docs,
+reuse/dedup, test delta.
+
+Human review focus:
+
+Generated policy persistence/derivation choice and exact naming.
+
+### WS-POL-001-03: Submission Creation Uses Effective Policy
+
+Goal:
+
+Move submission creation pre-submit gate from transitional task fields to the
+effective submission artifact policy and generated pre-submit checker policy.
+
+Risk:
+
+L1
+
+Depends on:
+
+`WS-POL-001-02`
+
+Allowed files:
+
+```text
+backend/app/modules/tasks/**
+backend/app/modules/checkers/**
+backend/tests/test_submissions.py
+backend/tests/test_checkers.py
+backend/scripts/week2_api_e2e.py
+docs/spec_chunk_5_submission_packet_foundation.md
+```
+
+Not allowed:
+
+```text
+human review implementation
+payment/reputation/blockchain code
+frontend
+```
+
+Acceptance criteria:
+
+- Blocking pre-submit failure creates no submission row, submission version,
+  submitted transition, or durable checker run.
+- Blocking pre-submit failure returns `pre_submission_checker_failed` with
+  structured pass/fail/warning details, not review decision values.
+- Passing pre-submit creates a submission stamped with locked policy context.
+
+Required reviewers:
+
+senior engineering, QA/test, security/auth, product/ops, architecture, docs,
+reuse/dedup, test delta.
+
+Human review focus:
+
+No-row/no-version/no-transition guarantee and `pre_submission_checker_failed`
+feedback shape.
+
+### WS-POL-001-04: PostSubmitCheckerPolicy Split
+
+Goal:
+
+Separate post-submit checker policy naming/provenance from generated pre-submit
+policy and transitional `locked_checker_policy_version`.
+
+Risk:
+
+L1
+
+Depends on:
+
+`WS-POL-001-03`
+
+Allowed files:
+
+```text
+backend/alembic/versions/**
+backend/app/modules/projects/**
+backend/app/modules/tasks/**
+backend/app/modules/checkers/**
+backend/tests/**
+docs/spec_chunk_8_submission_artifact_policy_checkers.md
+docs/spec_chunk_9_pre_review_gate.md
+```
+
+Not allowed:
+
+```text
+human review decisions
+payment/reputation/blockchain code
+frontend
+```
+
+Acceptance criteria:
+
+- Pre-submit policy provenance and post-submit policy provenance are distinct.
+- Durable checker runs use locked post-submit checker policy.
+- Pre-submit feedback does not create durable checker records.
+- API responses do not expose internal-only routes to workers.
+
+Required reviewers:
+
+senior engineering, QA/test, security/auth, product/ops, architecture, docs,
+reuse/dedup, test delta.
+
+Human review focus:
+
+Field naming and migration safety.
+
+### WS-POL-001-05: Revision Resubmission And Real API Drill
+
+Goal:
+
+Prove a worker can receive `needs_revision`, run pre-submit feedback again, and
+submit a new version using the same policy-driven path.
+
+Risk:
+
+L1
+
+Depends on:
+
+`WS-POL-001-04`
+
+Allowed files:
+
+```text
+backend/app/modules/tasks/**
+backend/app/modules/checkers/**
+backend/tests/**
+backend/scripts/week2_api_e2e.py
+examples/terminal_benchmark/**
+docs/spec_chunk_9_pre_review_gate.md
+```
+
+Not allowed:
+
+```text
+human review decision implementation
+payment/reputation/blockchain code
+frontend
+```
+
+Acceptance criteria:
+
+- Worker pre-submit feedback is allowed for `in_progress` and `needs_revision`
+  where the worker owns the task.
+- Replacement submission creates a new version.
+- Older submission versions remain immutable.
+- Internal checker-caused `needs_revision` remains distinguishable from future
+  human-review-caused `needs_revision`.
+- Real API drill covers clean pass, blocking pre-submit, post-submit
+  `needs_revision`, and fixed resubmission.
+
+Required reviewers:
+
+senior engineering, QA/test, security/auth, product/ops, architecture, docs,
+reuse/dedup, test delta.
+
+Human review focus:
+
+Fair worker experience during revision and audit clarity.

.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DECISIONS.md

@@ -0,0 +1,31 @@
+# Decisions: WS-POL-001 - Submission Artifact Policy Foundation
+
+## Accepted
+
+- `ProjectGuide` remains human-facing instruction.
+- `SubmissionArtifactPolicy` is the machine-readable intake contract.
+- Project owners provide project setup material in plain language;
+  they do not author `SubmissionArtifactPolicy` directly.
+- Workstream derives `ProjectSubmissionArtifactPolicy` from project material,
+  with internal agent assistance allowed, then requires approval by `admin` or
+  `project_manager` before guide activation.
+- Workstream default submission artifact rules are non-bypassable.
+- `EffectiveSubmissionArtifactPolicy` is default plus project policy.
+- `PreSubmitCheckerPolicy` is generated from effective policy.
+- Pre-submit checks block before submission creation.
+- Blocking pre-submit feedback is `pre_submission_checker_failed` with
+  structured pass/fail/warning details; it is not `accept`, `needs_revision`,
+  or `reject`.
+- Post-submit/internal checks remain separate from pre-submit checks.
+- Worker-facing task outcomes remain simple; internal routes stay internal.
+- Stored review decision values remain exactly `accept`, `needs_revision`, and
+  `reject`. Display wording must not create new persisted tokens.
+
+## Pending Human Decisions
+
+- Exact default Workstream submission artifact policy fields.
+- Exact v0.1 project-owner intake checklist for deriving project policy.
+- Whether generated pre-submit policy is persisted or derived on demand.
+- Exact names for locked submission artifact policy version/hash fields.
+- Compatibility plan for `ProjectGuide.evidence_policy`.
+- Compatibility plan for task `required_files` and `required_evidence`.