release/consolidation-2026-06-26: weft-seam conformance + project-root artifacts#69
Merged
Conversation
This ensures that the output of these potentially unsafe deserialization functions correctly sheds validation provenance (becomes `UNKNOWN_RAW`) in the taint propagation logic. Co-authored-by: tachyon-beep <544926+tachyon-beep@users.noreply.github.com>
Bumps the actions-minor-patch group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/configure-pages](https://github.com/actions/configure-pages) from 5 to 6. - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](actions/configure-pages@v5...v6) --- updated-dependencies: - dependency-name: actions/configure-pages dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 4 to 5. - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@v4...v5) --- updated-dependencies: - dependency-name: actions/deploy-pages dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.6.0 to 8.2.0. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@37802ad...fac544c) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
The waiver_add entity_symbol path resolves a qualname through Loomweave (SeiResolver.detect + resolve_locator) before writing the waiver — an outbound/loopback network side effect. But the tool declared only READ|WRITE and _effective_tool_capabilities had no waiver_add branch, so ToolPolicy never denied it under allow_network=false: any client allowed the write tools could trigger signed Loomweave requests despite the network being fenced off. Add a waiver_add branch that declares NETWORK under the exact predicate that fires the resolve — entity_symbol present, entity_id absent (entity_id wins and is carried opaque), and a Loomweave URL configured — mirroring the scan/explain_taint/dossier gates. Also align the handler so it only builds the Loomweave client when entity_symbol and not entity_id, matching the declared side effect. resolve_entity_binding_input is the sole network path in _waiver_add (add_waiver is a local FS write); the gate is a precise, fail-closed match. Regression tests: entity_symbol under no-network policy is denied before the handler runs; entity_id-only and entity_id-wins-over-symbol stay ungated. Closes wardline-14359d070b. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The Level-2 branch-join merges deduplicated candidates with a nested linear scan of the growing candidate list: `any(lam is seen for seen in bucket)` in _merge_branch_bindings and `if fqn not in bucket` in _merge_branch_types. That is O(bucket) per insert, O(bucket**2) per merge. Across a chain of N one-armed branches rebinding the same name (`if flagK: cb = lambda c: sinkK(c)`), the candidate set grows to N over N merges -> O(N**3). An attacker-authored file with ~1100 such branches drove a DEFAULT-gate scan to ~15s, exhausting CPU on every local and CI run (wardline-c797baf28b). Both merges now dedup via a per-name identity/equality set: O(1) per insert, O(bucket) per merge, O(N**2) cumulative. The change is behavior-identical -- same candidate set, same first-seen insertion order, same dedup semantics -- so no false negative is introduced. A cap was deliberately avoided: dropping candidates would be an FN, against this module's no-FN discipline; this mirrors the d7ecb90 precedent of eliminating the complexity soundly rather than capping. The 1100-branch PoC drops 4.388s -> 0.080s (55x); the var_types sibling 1.015s -> 0.037s (27x). Full scanner suite (1363 tests) stays green. Tests: - test_lambda_candidate_merge_is_not_cubic_on_chained_rebinds (DoS guard) - test_var_type_candidate_merge_is_not_cubic_on_chained_rebinds (sibling) - test_chained_one_armed_rebinds_keep_every_lambda_candidate (no-FN lock) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Passed `_SAFE_GIT_CONFIG = ("-c", "core.fsmonitor=false")` to all untrusted Git subprocess executions in delta and legis.
Co-authored-by: tachyon-beep <544926+tachyon-beep@users.noreply.github.com>
Passed `_SAFE_GIT_CONFIG = ("-c", "core.fsmonitor=false")` to all untrusted Git subprocess executions in delta and legis.
Co-authored-by: tachyon-beep <544926+tachyon-beep@users.noreply.github.com>
… consumer drift check Phase C of warpline integration. Publishes the versioned, drift-checked wardline.delta_scope.v1 producer artifact (the DeltaScopeReport.to_dict() shape, 13 fields incl. scope_source + producer_generated_at) with a drift test, and extends the warpline.reverify_worklist.v1 consumer conformance test to assert generated_at capture plus a WARPLINE_REPO-gated published-artifact drift marker (skips clean until warpline publishes its half). Closes the contract-integrity portion of wardline-c0563eee74. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…t whole-file Final-review Critical: the attest-2 boundary content_hash is EntityBinding.content_hash = Loomweave identity-resolve content_hash, which per the Accepted ADR 2026-06-02-wardline-hash-granularity-two-model is the ENTITY-BODY span hash (same granularity as Filigree content_hash_at_attach), NOT whole-file. The published artifacts had it inverted (whole-file / 'not entity-span' / 'do not key as entity-precise') — a fail-open instruction that contradicted a live conformance test and would make warpline cross-compare granularities (permanent false-STALE) or transfer a clean verdict across sibling entities. The data was always correct (entity-body is the right key for a SEI-scoped boundary); only the labels were wrong. Relabelled across contract doc, attest.py comment, MCP _ATTEST_OUTPUT_SCHEMA (+ golden re-frozen, VENDORED_BLOB_SHA cd08480), attestation.md, CHANGELOG, seam_registry. Also (Minor): noted verdict=='defect' as a proven-bad signal distinct from the non-exhaustive enrichment_reasons triple; marked the WARPLINE_REPO-gated test as an existence-only placeholder. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ness (D1) Replaces the phantom producer_generated_at (which read data.generated_at — a key warpline never emits) with producer_completeness: a VERBATIM, unverified echo of warpline's now-shipped data.impact_completeness object (self-assessed completeness + staleness of the change-impact analysis, in one object). Captured defensively (dict-or-None), namespaced, and never fed into mode/gate_authority/any verdict — wardline stays the trust authority. Threaded AffectedScope -> run_scan -> DeltaScopeReport.to_dict() (auto-propagates CLI/SARIF); MCP scope schema mirrors it as a loose object (wardline echoes verbatim, does not pin warpline's inner shape); key-parity test + wardline.delta_scope.v1 fields updated; golden re-frozen. Realigned the vendored warpline_delta fixtures to warpline's REAL published envelope (full reverify_worklist.v1 shape: completeness/impact_completeness/staleness/items/ resolved/unresolved) and made the WARPLINE_REPO-gated drift test REAL — it now validates every fixture against warpline's published contracts/reverify_worklist.v1.schema.json via jsonschema (was existence-only). Verified live: WARPLINE_REPO=/home/john/warpline -> 10/10 pass. Closes D1; the warpline<->wardline reverify seam is now two-sided drift-checked (wardline-c0563eee74). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ung-2) Agent-facing operational counterpart to the wardline-attest-2 contract: the prompt warpline's risk-as-verification step uses to turn a bundle into proven_good / proven_bad / risk=unavailable, with wardline as the sole trust authority. Aligned to the shipped contract: content_hash is ENTITY-BODY span (entity-precise; compare same-granularity only, never whole-file), defect is a distinct proven_bad signal, and the enrichment_reasons triple is non-exhaustive (+ content_drift). Cross-linked from wardline-attest-2.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Collaborator
Author
Added: warpline integration (item 4, P1) —
|
Pure formatting (no logic change) across 12 files flagged by `ruff format --check` on the release branch — whitespace/line-wrapping in tests + install/doctor.py. Brings the branch's Lint+Format CI check green so PR #69 is merge-ready. No warpline-p1 source files affected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A sibling's .weft/<sibling>/ephemeral.port advertises a live `serve` instance. When that process exits or wedges, the file lingers and every `wardline scan` dials a dead/hung origin, stalling the agent gate up to the federation 30s urlopen timeout per round-trip on a purely advisory emission — the reported ~90s `wardline scan .` hang in dogfood repos (~/elspeth). New `stale_sibling_ports` doctor check (CLI + MCP `doctor` tool): - Probes each advertised port (filigree, loomweave) at the host the scan dials — filigree→localhost (self-heals over IPv4/IPv6 so a ::1-only filigree is not falsely cleared), loomweave→127.0.0.1 — with a short 2s deadline, NOT the 30s federation default. - Unreachable (connection refused OR no HTTP reply within the deadline — a wedged server) is stale; --repair / fix:true deletes the file so resolve_*_url falls back to "no sibling" and the scan stops dialing it. - A live server (any HTTP status) is never touched; the delete is regular-file / no-follow confined (a symlinked ephemeral.port is never followed). Advisory like the stray-artifact sweep — never flips the aggregate doctor verdict. Verified end-to-end against ~/elspeth: a wedged filigree port that made `wardline scan .` take 1m47s clears in ~4s, and the subsequent scan completes in 24s (pure CPU) with the wedged trap still up. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Make durable the bet rotation a prior 2026-06-27 session decided but crashed before checkpointing. PDR-0002 records the within-grant Later→Now promotion (Codex hardening close-out paid off — both P1s closed, codex-security-2026-06-20 batch 0 open, G2 at target → ACCEPT). Commits the orphaned metrics.md (G2 + G2-seam readings) and PRD-0002; rotates roadmap.md Now; rewrites current-state.md; re-stamps the grant review date (re-confirmed unchanged). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…'t read my store"
Extend the MCP doctor tool with a READ-ONLY repo-binding probe so a stale-but-running
wardline (server starts, --root resolves, but it cannot read its repo-scoped baseline
store) reports honestly instead of looking healthy — the wardline analog of the
2026-06-26 loomweave silent-de-attach incident, and the producer half of lacuna's
MCP-attachment regression harness (weft-seam-conformance Now bet, PDR-0002 / G2-seam).
- inspect_baseline_store(root) -> BaselineStoreStatus (core/baseline.py, next to
BASELINE_VERSION; reuses require_yaml + _build_baseline; never writes/migrates/mkdirs).
The non-tautological signal is the schema version READ STRICTLY from inside the store —
null unless an int version was actually read (a degenerate empty store -> null + binding_ok
false, never the served constant), so "root == cwd" can never fake a pass.
- _check_repo_binding(root) (install/doctor.py) emits a top-level repo_binding block
{resolved_root, store{present,readable,schema_version,baseline_finding_count}, binding_ok}
+ a uniform doctor.repo_binding check. Fork-1 split (honors the not-noisy anti-goal):
present-but-unreadable (version mismatch/corrupt — the incident) is status=error and flips
doctor.ok; ABSENT (baseline is opt-in) stays status=ok and never nags a baseline-less repo.
- repo_binding declared in _DOCTOR_OUTPUT_SCHEMA so the structuredContent emission carries it;
golden re-frozen (mcp_output_schemas.golden.json + VENDORED_BLOB_SHA) per the re-freeze procedure.
- Trust-boundary: the unreadable diagnostic is content-free (names only the store filename +
served version) — a crafted store can no longer echo its content back through the seam.
Consumer contract (lacuna probe reads verbatim): repo_binding.binding_ok and
repo_binding.store.schema_version; predicate binding_ok==true AND schema_version not null.
Full suite green (4472 passed); ruff/mypy clean; wardline self-gate exit 0 / 0 active.
Built via ultracode workflow (1 TDD implementer + 5 adversarial verifiers + gate), all lenses pass.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…-0003 Record this session's delivery on the weft-seam-conformance Now bet: the wardline doctor.repo_binding store-read seam (commit c661286). PDR-0003 captures the load-bearing call — the Fork-1 split (absent baseline stays silent, only an unreadable/corrupt store errors) deviating from the literal lacuna prompt to honor the not-noisy anti-goal, contract-safe by construction and live-proven. Adds a dated G2-seam reading (new honesty surface landed + round-trip-proven; 6-set target unchanged); refreshes current-state.md. Roadmap untouched (no horizon change). Nothing escalated — the editable global-install reinstall was owner-confirmed in-session. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Formal ACCEPT of the Codex hardening bet, deferred across two sessions. Judged against all 5 PRD-0001 criteria with evidence re-run at HEAD: c797 DoS bound pinned O(N^2) (test_lambda_candidate_merge_is_not_cubic_on_chained_rebinds), d96b credential gate fail-closed (test_check_does_not_send_token_to_project_published_port), G1 precision held via the no-candidate-dropped soundness-lock family + full suite 4472 + dogfood 0-active. All met -> ACCEPT. PRD-0001 status -> ACCEPTED; dated G2 reading added; current-state ACCEPT item retired. Criterion-3 honesty note recorded (verified the no-finding-dropped property via durable soundness-lock tests, not a one-time pre/post byte-diff that would need risky pre-fix checkout on the shared tree). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…(crit-3b) Make the SEI-oracle and warpline reverify-worklist producer-SOURCE drift checks required & fail-closed in CI (PRD-0002 crit-3b; wardline-79ba05f464 / wardline-c0563eee74). TAXONOMY CHANGE (src semantic, not just a CI job): sei_drift + worklist_drift are added to wardline._live_oracle.LIVE_ORACLE_MARKERS, so an armed WARDLINE_LIVE_ORACLE_REQUIRED=1 run turns a missing-source SKIP into a FAILURE. Until now _drift markers were the skip-clean release-gate tier; they now fail closed because the new weekly source-drift job provisions their sibling source. - .github/workflows/ci.yml: new `source-drift` job (schedule/dispatch) checks out loomweave + warpline origin/main (read-only WARDLINE_SIBLING_SOURCE_TOKEN) and runs `pytest -m "sei_drift or worklist_drift"` fail-closed. - src/wardline/_live_oracle.py: add the two markers to LIVE_ORACLE_MARKERS. - tests/unit/test_live_oracle.py: lock the contract (the two are in; the four unrun _drift markers stay out, fail-closed-only-when-armed). - tests/conformance/test_warpline_delta_scope.py: normalize the published-schema check to the standard WARDLINE_WARPLINE_REPO (was a dead WARPLINE_REPO env var); kept OUT of the fail-closed job until warpline pushes its schema to origin/main. - tests/conformance/test_seam_registry.py: update the marker-taxonomy doc block. - docs/plans/2026-06-28-weft-seam-crit3-ci-drift.md: reality-validation + plan. crit-3a (wardline.delta_scope.v1 producer artifact + its in-CI drift check) was already shipped; this closes the consumer/producer source-drift CI leg. Full suite 4475 passed; ruff/mypy clean; vendored fixtures verified byte-synced to loomweave + warpline origin/main. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…3.12==3.13) Python 3.13's ast.dump (new default show_empty=False) OMITS empty-list fields (posonlyargs=[], decorator_list=[], type_params=[], ...) that <=3.12 emit. The entity-body discriminator hashed ast.dump output, so wardline under 3.12 vs 3.13 minted DIFFERENT fingerprints for the same source — and the fingerprint is the cross-tool JOIN KEY (baseline/waiver/judged stores + the Filigree wire). The identity parity corpus (frozen on 3.13) drifted on 3.12; 5 golden tests failed on the 3.12 CI matrix leg (test_identity_corpus_is_byte_identical x3, test_golden_matches_live_producer, test_builtin_findings_match_golden), all from this one root cause. Fix: _canonical_ast_dump reproduces the 3.13 show_empty=False canonical form on EVERY interpreter (verified node-for-node equal to 3.13's ast.dump across the fixtures), so the fingerprint is byte-identical 3.12==3.13. Done STRUCTURALLY, not by regex-stripping the dump string, because a string literal like "x=[]" renders as Constant(value='x=[]') and a text strip would corrupt the join key. 3.13 output is byte-unchanged (cdump==ast.dump there), so NO corpus re-freeze and NO fingerprint-scheme bump — only the broken 3.12 values converge to the 3.13 reference. - src/wardline/scanner/rules/_fingerprint.py: structural _canonical_ast_dump. - tests/unit/scanner/rules/test_entity_fingerprint_stability.py: pin the canonical form + the string-literal-preservation guard. Verified: full suite 3.12 4478 passed (was 5 failed), 3.13 unchanged; the 5 goldens green on both interpreters; ruff/mypy clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…oss-interpreter determinism fix; PDR-0005, PDR-0006 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Closes wardline-a0eaa7dd12 (and subsumes wardline-7971cbcf9e). The arch-analysis H1 finding framed ~102 deferred imports as "masking real cycles." Graph analysis showed the runtime module graph was already acyclic and only TWO latent runtime cycles remained, each closed by a tiny set of deferred edges; the other ~99 deferred imports are legitimate lazy loads (optional federation, CLI/MCP fast-start, narrow import surface). So the fix is cycle-elimination + enforced layering, not chasing the count to zero. Cycles broken (combined runtime graph now fully acyclic): - scanner.grammar <-> scanner.rules: extracted the boundary primitives (BoundaryType/LevelArg/BUILTIN_BOUNDARY_TYPES) into engine-floor scanner/boundary_types.py; grammar re-exports them as a facade; the 3 cycle members + doctor import the primitive directly. - run -> suppression -> finding_identity -> baseline -> run: relocated the scan-running orchestration (collect_and_write_baseline, generate_baseline) out of policy-tier core/baseline.py into surface-tier core/baseline_ops.py; hoisted two redundant deferred gate_breakdown imports in run.py. Deferred-import count 103 -> 92 (cycle fix + 8 redundant promotions where the target was already module-level imported); cycle-MASKING count driven to 0. Enforcement (the durable guard): - 2 enforcing import-linter contracts (engine-purity, policy-purity); CI `lint-imports || true` -> gating; stale "BROKEN" comment removed; added lint-imports to `make lint`. - tests/conformance/test_import_layering.py: combined-graph acyclicity (the intra-tier guard contracts can't express) + a Python tier-purity backstop over EVERY module + a contract-module-resolve drift guard + absolute-import check. make ci green (4486 tests, 92.40% cov), lint-imports 2 kept/0 broken. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ibility wardline fires only when untrusted data crosses a DECLARED trust boundary (@trusted / @external_boundary / @trust_boundary, builtin or pack). A codebase that declares none produces zero defects no matter what it does, so a `wardline scan . --fail-on ERROR` gate over it passes green while checking nothing. The elspeth FastAPI gate hit exactly this; the only prior hint was buried INFO-severity WLN-L3-LOW-RESOLUTION — the severity agents filter out. Adds a scan-level enforcement-posture verdict derived from the engine's existing WLN-ENGINE-METRICS finding (taint_source_counts.anchored/config = recognized boundaries; histogram sum = functions analyzed). A scan that recognized ZERO boundaries over a non-trivial codebase is flagged INERT — no engine change: - core/resolution_posture.py: compute_resolution_posture() (pure read of findings) - cli/scan.py: Python inert-gate stderr banner — the counterpart of the existing Rust empty-trust-surface anti-false-green warning - core/agent_summary.py: structured `resolution` block (the agent-facing surface) - mcp/server.py: `resolution` in the scan outputSchema (+ re-froze the MCP schema golden) Calibrated live: elspeth -> inert=True; wardline corpus (anchored=43) -> inert=False. Part A of wardline-bd9d1e65cb. blake3 was a red herring; FastAPI source coverage is moot without declared boundaries (pack-bridge tracked separately). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The elspeth gate is inert because wardline is annotation-driven and doesn't read elspeth's OWN trust vocabulary — elspeth annotates ~25 external-data boundaries with elspeth.contracts.trust_boundary.trust_boundary(tier=3, source_param=...), which wardline ignores, so it recognizes zero boundaries (blake3 and FastAPI source coverage are both irrelevant to this — proven in wardline-bd9d1e65cb). Rather than re-annotate elspeth in wardline's vocabulary, bind elspeth's existing vocabulary with a pack: a BoundaryType mapping the decorator to wardline's validating-boundary seed (EXTERNAL_RAW args -> ASSURED return). elspeth's tier/source/source_param kwargs are not trust LEVELS, so level_args=() and the matcher ignores them. Validated end-to-end on an elspeth-shaped target: - WITH the pack: both @trust_boundary functions recognized (scan non-inert, recognized_boundaries=2); a boundary that returns its untrusted source_param unvalidated fires PY-WL-119 ERROR. - WITHOUT the pack: zero boundaries recognized, no defect (the inert state). The pack (tests/grammar/fixtures/elspeth_trust_boundary_pack.py) is the copy-ready deliverable for elspeth: place on the import path + reference under [wardline] packs in weft.toml (or --trust-pack). Full elspeth-repo FP calibration over the 25 real boundaries is the remaining follow-on (tracked). Part of wardline-bd9d1e65cb. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ridge; PDR-0007, PDR-0008 Owner-directed investigation of the ~/elspeth/ report. Corrected diagnosis (wardline is annotation-driven; blake3 a red herring), shipped Part A inert-gate visibility (b3d0a81) and the elspeth-vocab pack-bridge (72bc9eb). Now bet (weft-seam-conformance) unchanged. Flags: PR #69 release scope grew; install pack in elspeth; auto-inference strategic question (vision tension) escalated; pack FP UNMEASURED (calibration follow-on).
…rust vocab
elspeth is an unrelated project; no elspeth-specific code belongs in wardline. The
committed pack-bridge fixtures embedded `elspeth.contracts.trust_boundary` into the
suite. Genericize to a fictional `acme.security.trust_boundary` vocab so the test still
proves the GENERIC pack-bridge mechanism (a third-party @trust_boundary decorator whose
kwargs are not trust levels maps to a validating-boundary seed; PY-WL-119 fires WITH the
pack, inert WITHOUT) without naming an unrelated project.
- tests/grammar/fixtures/{thirdparty_trust_boundary_pack,target_thirdparty_boundary}.py
+ tests/grammar/test_thirdparty_pack_bridge.py replace the three elspeth_* files.
- Scrub the two incidental elspeth mentions in src/ comments (resolution_posture.py,
judge.py) and the Part A test names/comments (test_resolution_posture, test_cli,
test_scan_inert_posture) to generic "framework app" phrasing.
`grep -rI elspeth src/ tests/ docs/reference --include='*.py'` is now empty.
Part of wardline-bd9d1e65cb.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… flag Part B of wardline-bd9d1e65cb. Two new doctor checks, wired into both the machine-readable surface (machine_readable_doctor → MCP `doctor` / `--fix`) and the CLI text path. - engine.selftest: runs the taint analyzer on a tiny BUILT-IN @trusted source→sink fixture (flask request multidict → os.system) in a throwaway tempdir and asserts PY-WL-108 fires → "taint analysis fires correctly". Proves the analysis pipeline is wired and FIRING in this install. Deliberately worded engine-not-target: a passing self-test does NOT mean the user's scans enforce (an annotation-free codebase is still inert by design — Part A's per-scan posture carries that). The fixture lives outside the source tree so it can never enter wardline's own corpus golden. - loomweave.dep: flags a configured-but-uninstalled Loomweave integration. VERIFICATION FINDING (the issue flagged "verify the config shape first"): there is NO [wardline.loomweave].url config key — resolve_loomweave_url reads only the --loomweave-url flag / WARDLINE_LOOMWEAVE_URL env / published port. "Configured" = explicit operator intent (launch flag, env, or .mcp.json --loomweave-url arg); ambient published-port auto-discovery is deliberately NOT flagged (the write is fail-soft, and flagging it would nag every base install near a Loomweave sibling). require_blake3() raises LoomweaveError when the [loomweave] extra is absent. _mcp_filigree_url generalized to _mcp_wardline_arg(root, flag) with a _mcp_loomweave_url sibling. MCP output golden unchanged (it is a schema; checks is a generic array). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Part C of wardline-bd9d1e65cb. wardline shipped Flask request coverage but none for FastAPI/starlette, so a FastAPI+pydantic app's request entry points were invisible and a `wardline scan --fail-on ERROR` gate over it was inert. Annotation-based source seeding via the typed-receiver + curated-member model (NOT whole-param tainting): a parameter whose annotation resolves (via the alias map, never the parameter NAME) to fastapi.Request / starlette.requests.Request is a request boundary, and curated DATA members read off it yield EXTERNAL_RAW — .query_params/.path_params/.headers/.cookies (property reads) and .json()/.body()/ .form()/.stream() (method calls). Framework objects (.app/.state/.url/.scope/.client/ .base_url) stay clean; a bare uncalled `req.json` (a coroutine-method object) stays clean. The mechanism is general (a request-type → member table); seeding is scoped to the two FQNs deliberately (precision over recall). - variable_level.py: `_REQUEST_SOURCE_TYPES` table + two seed points (Seed A = property read in _resolve_expr's Attribute handler; Seed B = method call in _resolve_call's typed-receiver block, after the project-summary dispatch so a real summary wins first). - project_resolver.py: _RESOLVER_VERSION sp1e→sp1f so warm/persisted summaries of request-handler modules recompute rather than serve stale-CLEAN results. Return-pass FN closure (adversarial review): _CURRENT_VAR_TYPES is reset before compute_return_taint, so a @trusted boundary that DIRECTLY returns a request source (`return req.query_params.get('x')`) was summarized clean and its PY-WL-101 boundary-leak went undetected — while the local-var form already fired. Re-establish the receiver-type map for the return VALUE pass, FILTERED to request FQNs (so the general typed-receiver dispatch stays inert in return-taint — zero blast radius on `return typed.method()`), scoped to compute_return_taint (not the explain-only compute_return_callee). Corpus byte-identical (wardline's own src imports no fastapi/starlette; both seeds are structurally dead on it). Tests: 14 must-fire + 12 must-not-fire + 3 return-leak + 1 freedom-zone-return. Annotation-driven throughout — an undecorated handler fires nothing; this makes the SOURCE visible, it does not declare the boundary. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ck shift The Part A inert-gate commit (b3d0a81) added lines to cli/scan.py and core/ agent_summary.py, shifting the summary-block and agent-summary-key line numbers the finding-lifecycle glossary cites — leaving tests/docs/test_glossary_vocabulary.py (the two-way doc↔code anchor lock) red on the branch. Re-point both the `_ANCHORS` table and the glossary citations to the current lines (scan.py suppressed/active/gate → 569/570/622; agent_summary.py keys +1, informational-display 165→172). No behavior change; restores the branch to green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…-gate prevalence; PDR-0009 Owner decision A+C: do not make the framework-auto-inference vision change; instrument inert-gate prevalence (within grant). Baseline 2026-06-29: of 9 armed-gate repos, 5 framework-shaped, 5/5 inert, but realized reliance-gated harm = 1. Option B (per-parameter engine change + vision change) parked, gated on a metric-bound non-self-sealing trigger (>=5; baseline 1). Reconciled drift: Part B/C now DONE+committed, dogfood ticket bd9d1e65cb CLOSED. Grant re-confirmed 2026-06-29 (date-only). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Cut [Unreleased] -> [1.1.0]. Headline: FastAPI/Starlette request-source coverage, inert-gate visibility, third-party trust-vocab pack-bridge, doctor engine self-test + repo-binding/stale-port/repair, delta-scope. Security: cross-interpreter fingerprint determinism (3.12==3.13 join-key) + the agent-surface hardening batch. Owner-authorized release (v1.1.0 minor). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…-bump-robust
CI red on the feature head: install/doctor.py (Part B) was never ruff-formatted,
and test_package asserted version startswith('1.0.') which the 1.1.0 bump broke.
Format the file; assert a 1.x semver shape (re.fullmatch r'1\.\d+\.\d+') so future
point/minor releases don't re-break it. Local: ruff format/check clean, test passes.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidation release of two bodies of work onto
main.1. Weft-seam conformance program (this cycle)
Brings every weft peer-to-peer interface to the SEI bar — a frozen contract + golden-vector oracle + fail-closed CI gate + two-layer drift alarm — enforced by a single lie-detector gate.
tests/conformance/test_seam_registry.py,seam_registry.json): a fail-closed, unmarked-default-suite gate that parses the 3 real marker sources;at_barrequires a real oracle + byte-pin + applied marker. Verdicts:at_bar12,peer_conformant4,gap20,deferred1,one_sided_na3.WeftHttptransport + federation-status envelope single-sourcing (dedup across MCP/CLI/scan-jobs), behaviour-preserving.at_barseams incl. G1 (the wardline→legis signed scan-artifact wire) reaching the bar via a single byte-identical shared vector — wardline's real signer reproduces legis's byte-exactexpected_signature, byte-pinned to legis's copy.peer_conformantverdict (gated to require peer repo + commit + test evidence, never baregap). Genuinely-incomplete seams (plainweave consumer unbuilt; two warpline obligations) staygapwith structured notes — no manufactured contracts.2. Project-root-anchored artifacts + doctor hygiene (from
…06-25)Default scan artifacts anchor to the weft-project root;
wardline doctor --repairgitignores the artifacts dir and sweeps stray managed artifacts (CLI + MCPdoctorwithdestructiveHint); thewlfp2move-stable fingerprint rekey (with fan-out). Already reviewed on thefeat/project-root-anchored-artifactsline.Merge integrity
The weft feature was merged clean (the 3 superseded artifacts-spec drafts dropped). All 5 conflicts were resolved by combining both sides (WeftHttp + URL redaction; federation_status imports ∪ redact; CHANGELOG
[Unreleased]+[1.0.7]; 37 glossary line-anchors recomputed against merged source — verified no doc content lost). 3 frozen goldens re-frozen, each root-caused as a legitimate…06-25feature and guard-verified to change only the expected fields.Verification
Full suite 4419 passed,
ruffclean,wardline scan --fail-on ERRORexit 0. Version: 1.0.7.🤖 Generated with Claude Code