Skip to content

Merge Orchestration runtime · Kin.Gate lease storage + competence-weighted council#494

Merged
hyperpolymath merged 1 commit into
mainfrom
claude/peaceful-pascal-IRlgq
Jun 14, 2026
Merged

Merge Orchestration runtime · Kin.Gate lease storage + competence-weighted council#494
hyperpolymath merged 1 commit into
mainfrom
claude/peaceful-pascal-IRlgq

Conversation

@hyperpolymath

@hyperpolymath hyperpolymath commented Jun 14, 2026

Copy link
Copy Markdown
Owner

Two brain-side operationalisation pieces (owner order: items 2 then 3)

The runtime spine is on main; this adds the coordination tier it was missing and makes the council competence-aware. Both are pure-core + thin-I/O, in the established style.

Item 2 — Kin.Gate lease storage (the runtime tier)

.machine_readable/ was declarative (contractiles) + validating (k9) but had no record of who is acting right now. A lease (a5 CoordinationLease) fills it; KinGate is the atomic-acquire authority.

  • KinGate.decide_acquire/3 (pure) — "one bot per repo at a time". Same-holder re-acquire renews; a different holder on a live lease conflicts; an expired lease is taken over. It enforces the schema invariants in code, not just after the fact:
    • LE1 — a held lease always carries an expires_at (TTL), by construction. A crashed agent's claim self-expires; no immortal locks.
    • LE2 — a meta territory claim (would edit CI / hypatia rules / bot_directives / contractiles / standards) is refused without owner_authorized. The reflexivity guard at lease level — an agent can't self-authorise a meta claim.
  • KinGate.FileStore — one JSON per repo is the per-repo lock. The contended first-acquire goes through a real O_EXCL create (File.open(_, [:write, :exclusive])) so two racers can't both win; the loser re-evaluates against the winner and gets :conflict. Jason codec injectable so the logic tests run dependency-free.

Item 3 — competence-weighted Kin Council

The council was uniform (every approving bot counted 1.0). KinCompetence grounds the weight in two signals the estate already computes:

  • KinCompetence.weight_fnweight = GoT trust(bot) × domain competence, where the specialist (the route authority for the change-class: echidnabot⇄proof, patch-bridge⇄bump, panicbot⇄security, …) counts in full and a generalist is discounted (0.5). A zero-trust bot gets weight 0.0, which KinCouncil reads as recuse: its approval stops counting, while its veto stays monotone (vetoes are never weighted). Pure over a trust snapshot, so Strategist/KinCouncil stay I/O-free.
  • Strategist.route_authority/1 made public — a single source of truth for "who is the specialist", shared by routing and weighting.

Testing (actual, not looks-right)

54 ExUnit, 0 failures (was 39) under Elixir 1.14, mix-format-clean:

54 tests, 0 failures
  • +9 KinGate: fresh-mint-with-TTL, cross-holder conflict, same-holder renew, expired-takeover, LE2 refuse, LE2 grant-with-auth, different-repo-no-block, release/live?/expired?, and a FileStore round-trip (acquire → rival conflicts → release frees → rival takes it). Plus a Jason-guarded pass over the real a5 valid-held.json fixture.
  • +6 KinCompetence: specialist-full / generalist-discounted / unknown-neutral, zero-trust recuse, the competence-weighted-mean math ((0.9·0.6 + 0.5·1.0)/1.4), an end-to-end demote (a proof PR whose only approval is a zero-trust bot → confidence 0.0:flag), authority-derived-from-change-class, and the GoT snapshot reader.

I verified scanner-cleanliness against Hypatia's own code_safety rules before pushing (the one flagged pattern, :erlang.binary_to_term, is in the dep-free test codec only, and test/ is code_safety-exempt per scanner_suppression.ex).

Scope / safety

  • Not auto-armed — core-tier lib/, your review.
  • Additive: 3 new modules + 2 tests; the only edit to existing code is exposing route_authority (was private cond, now a public function used by both routing and weighting).

Where this leaves it

Items 2 + 3 of the 2 → 1 → 3 operationalisation. Item 1 (the token-bearing observation producer) lands separately in .git-private-farm — it holds the PAT; the brain doesn't. The remaining work is wiring FileStore + KinCompetence into the live operational loop (producer → store → sense → decide → gate → actuate).

Generated by Claude Code

@claude
feat(merge-orchestration): Kin.Gate lease storage + competence-weight…
9012c93 
…ed council

Two operationalisation pieces for the merge-orchestration runtime (brain-side).

Kin.Gate (the runtime tier .machine_readable lacked -- who is ACTING now):
  * KinGate.decide_acquire/3 -- per-repo atomic acquire authority. Same-holder
    re-acquire renews; a different holder on a live lease conflicts; an expired
    lease is taken over. Enforces the a5 invariants in code, not just after the
    fact: LE1 (a held lease always carries a TTL) by construction, LE2 (a meta
    territory claim is refused without owner_authorized -- the reflexivity guard
    at lease level).
  * KinGate.FileStore -- one JSON per repo IS the per-repo lock; the contended
    first-acquire goes through a real O_EXCL create so two racers cannot both
    win. Jason codec injectable (tests run dep-free).

Kin.Competence (make the council competence-aware; it was uniform):
  * KinCompetence.weight_fn -- weight = GoT trust(bot) x domain competence,
    where the specialist (the route authority for the change-class) counts in
    full and a generalist is discounted. A zero-trust bot gets weight 0.0, which
    KinCouncil reads as recuse: its APPROVAL stops counting while its VETO stays
    monotone. Pure over a trust snapshot, so Strategist/KinCouncil stay I/O-free.
  * Strategist.route_authority/1 made public -- single source of truth for 'who
    is the specialist', shared by routing and weighting.

54 ExUnit (was 39): +9 KinGate (mint/conflict/renew/expiry/LE1/LE2/FileStore),
+6 KinCompetence (specialist/generalist/recuse/weighted-mean/end-to-end-demote/
GoT-snapshot). 0 failures, local elixir 1.14, mix-format-clean.
@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown

🔍 Hypatia Security Scan

Findings: 42 issues detected

Severity Count
🔴 Critical 0
🟠 High 0
🟡 Medium 42
View findings 
[
  {
    "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
    "type": "GS007",
    "file": ".",
    "action": "delete_remote_branches",
    "rule_module": "git_state",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "src/ui/gossamer/README.adoc",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "scripts/ci-tools/Cargo.toml",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "scripts/bench-tools/Cargo.toml",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "ffi/zig/README.adoc",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/reports/audit/audit-2026-04-15-post.md",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/integration/github-registry.adoc",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/integration/github-registry.adoc",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/integration/a2ml-k9.md",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/architecture/system-integration.md",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath merged commit 37c241d into main Jun 14, 2026
40 checks passed
@hyperpolymath hyperpolymath deleted the claude/peaceful-pascal-IRlgq branch June 14, 2026 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyperpolymath @claude