Merge Orchestration — Wave 0 · artifact 5: pool/lease spec (pools↔TRUST + Kin lease)#487
Merged
Merged
Conversation
…se (Wave-0 artifact 5) The runtime tier (build step 3): - 04-pool-lease-spec.adoc: pools P0-P3 + mass_squash mapped to standards TRUST levels; the clamp law (pool caps the decision, monotone); the central Kin.Gate-backed coordination lease (vs the per-repo-file bootstrap race); the proposed (owner-applied) standards adoption. - schemas/pool-policy.schema.json: PL1 (core repo cannot be P3), PL2 (mass_squash needs a campaign_ref). - schemas/lease.schema.json: LE1 (held lease needs a TTL), LE2 (meta-territory claim needs owner authorization -- reflexivity guard at lease level). - 2 positive + 4 negative fixtures; ajv-validated, all four invariants reject correctly. - LEDGER: a4 LANDED + wired into 5 repos; a5 added; next = owner follow-ons. Spec only; the standards-side TRUST/INTENT edits are owner-applied per standards' own ask-before-touching guardrail. https://claude.ai/code/session_011GXPoh6pB6rm3jfeLHWMtc
🔍 Hypatia Security ScanFindings: 42 issues detected
View findings[
{
"reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
"type": "GS007",
"file": ".",
"action": "delete_remote_branches",
"rule_module": "git_state",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "src/ui/gossamer/README.adoc",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "scripts/ci-tools/Cargo.toml",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "scripts/bench-tools/Cargo.toml",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "ffi/zig/README.adoc",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/reports/audit/audit-2026-04-15-post.md",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/integration/github-registry.adoc",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/integration/github-registry.adoc",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/integration/a2ml-k9.md",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/architecture/system-integration.md",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Wave-0 artifact 5 — build step 3: the runtime tier. Pools + TRUST mapping + the Kin-backed coordination lease. Spec + schemas + fixtures; no runtime. The
standards-sideTRUST/INTENTedits are an owner-applied follow-on (perstandards' own ask-before-touching guardrail), not made here.mass_squash, mapped ontostandardsTRUST levels (maximal | standard | restricted | minimal);pool ⊗ decision = clamp, monotone.Kin.Gate-backed (not per-repo lock files, which have a bootstrap race). This is the runtime tier.machine_readable/was missing (it's otherwise declarative + validating only) — and the answer to the coordination problem this whole effort kept hitting.mass_squashneedscampaign_refowner_authorized(the reflexivity guard, at lease level)With this, Wave-0 design is complete (a1–a5). What's left is owner-side (add
bridge-gateto required checks; apply the standards adoption) and then the implementation build (the Elixir MergeStrategist + Kin.Council + the.git-private-farmactuator).Generated by Claude Code