Skip to content

Require posture on strand creation#544

Open
flyingrobots wants to merge 7 commits into
mainfrom
cycle/538-strand-creation-posture
Open

Require posture on strand creation#544
flyingrobots wants to merge 7 commits into
mainfrom
cycle/538-strand-creation-posture

Conversation

@flyingrobots

@flyingrobots flyingrobots commented Jun 13, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Owner

Summary

  • Thread RetentionPosture through ForkStrandRequest, ForkStrandReceipt, and Strand so strand creation is posture-explicit.
  • Add named session/default and debugger fork constructors; debugger-created strands clamp to AuthorOnly and never silently enter Shared history.
  • Revalidate strand posture at StrandRegistry::insert and hash posture obstructions deterministically for scheduler fault evidence.
  • Update strand, neighborhood, observation, and settlement fixtures to construct explicit posture.

Refs #538.

Validation

  • cargo check -p warp-core
  • cargo test -p warp-core --lib
  • cargo test -p warp-core --test strand_contract_tests
  • cargo clippy -p warp-core --lib -- -D warnings -D missing_docs
  • cargo fmt --all -- --check
  • git diff --check
  • scripts/check-causal-posture-constructors.sh
  • scripts/ban-nondeterminism.sh
  • pnpm exec markdownlint-cli2 CHANGELOG.md
  • pre-push hook exact Rust slices passed on push

Summary by CodeRabbit

Release Notes

New Features

  • Strand forks and registrations now carry and validate explicit retention posture.

Changed

  • Settlement planning rejects non–shared-admitted strands before producing import candidates.
  • Settlement artifacts and braid-shell/plural artifacts now preserve the source strand’s posture.

Bug Fixes

  • Non-shared strand admission rejections now map to the stable INVALID_STRAND error code (with posture details).
  • Kernel settlement comparisons inspect author-only posture, while planning and settlement remain correctly rejected.

@coderabbitai

coderabbitai Bot commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

RetentionPosture is added as an explicit field on Strand with registry-level coherence validation producing StrandError::Posture. SessionContext gains retention_posture() and debugger_retention_posture() constructors that enforce posture derivation at construction time. ForkStrandRequest and ForkStrandReceipt carry explicit posture derived from the session or debugger context. Settlement planning gates on Shared posture via a new SettlementError::NonSharedStrand variant, rejecting non-shared strands before import candidate generation. Braid-shell and plural artifact construction thread the strand's actual causal posture instead of hard-coding AuthorOnly. The WASM layer maps NonSharedStrand to INVALID_STRAND ABI error code. Scheduler fault cause hashing is extended to deterministically hash all posture-related error variants.

Changes

RetentionPosture enforcement across strand lifecycle

Layer / File(s) Summary
RetentionPosture and Strand contracts with validation
crates/warp-core/src/revelation.rs, crates/warp-core/src/strand.rs		 RetentionPosture::validate() added for re-validation after direct field mutation; SessionContext gains retention_posture() (derives SessionDefault posture) and debugger_retention_posture() (forces AuthorOnly with DebuggerDefault derivation); Strand gains retention_posture field; StrandError::Posture(PostureObstruction) variant added; StrandRegistry::insert validates posture on insertion and rejects incoherent posture.
ForkStrandRequest/Receipt posture plumbing and fault hashing
crates/warp-core/src/coordinator.rs		 ForkStrandRequest and ForkStrandReceipt gain retention_posture field; from_session_default and debugger_default derive posture from provided SessionContext using new constructors; hash_strand_error extended with deterministic hashing helpers for causal posture, posture derivation, origin/authority-domain references, and full PostureObstruction variants.
Settlement planning gate and posture propagation into artifacts
crates/warp-core/src/settlement.rs		 SettlementError::NonSharedStrand { strand_id, posture } variant added; plan_with_policy gates with early NonShared rejection before producing import candidates; build_braid_shell and plural_draft accept strand_posture parameter and use source strand posture instead of hard-coded AuthorOnly for BraidShellMember, BraidShell::assemble, and PluralAlternativeDraft.
WASM ABI error mapping
crates/warp-wasm/src/warp_kernel.rs, crates/warp-wasm/src/lib.rs		 map_settlement_error maps SettlementError::NonSharedStrand to AbiError { code: INVALID_STRAND } with message including posture and "not shared-admitted for settlement" wording; StubKernel::settle_strand test stub extended with appended_plurals and braid_shell_digest fields.
Coordinator fork posture tests
crates/warp-core/src/coordinator.rs		 Test helpers test_session_context and test_retention_posture added to construct session and derived retention posture; existing fork tests supply retention_posture in ForkStrandRequest; new tests verify session-default and debugger-default posture propagation onto created strand work.
Settlement posture test helpers and assertions
crates/warp-core/src/settlement.rs		 Test helpers shared_retention_posture and author_only_retention_posture construct parameterized RetentionPosture values; setup_runtime_with_strand_posture(parent_drift, retention_posture) introduced as parameterized fixture signature; strand constructors wired to use provided posture; new test asserts AuthorOnly strands rejected during planning while settle enforces the planning gate; plural/braid-shell posture assertions updated to expect CausalPosture::Shared.
WASM ABI posture test helpers and regression test
crates/warp-wasm/src/warp_kernel.rs		 Test helpers shared_retention_posture and author_only_retention_posture construct deterministic posture values; setup_runtime_with_strand refactored to delegate to setup_runtime_with_strand_posture for parameterized posture testing; new regression test settlement_compare_inspects_author_only_while_plan_settle_reject asserts compare_settlement succeeds while both plan_settlement and settle_strand return INVALID_STRAND with error messages containing AuthorOnly and not shared-admitted.
Strand contract tests with posture validation
crates/warp-core/tests/strand_contract_tests.rs		 Imports expanded for authority/posture types; test_retention_posture helper added; retention_posture wired into all Strand struct literals across invariant and registry tests; new registry test asserts CausalPosture::Shared without admission_scope is rejected with StrandError::Posture(PostureObstruction::MissingAdmissionScope { ... }).
Neighborhood and observation test fixtures
crates/warp-core/src/neighborhood.rs, crates/warp-core/src/observation.rs		 test_retention_posture helper functions added to both test modules; retention_posture field wired into Strand struct literals in braided-site publication, invalid-support-pin publication, and strand-observation fixture tests.
CHANGELOG and backlog documentation
CHANGELOG.md, backlog/cool-ideas/CI-003-append-only-braid-membership.md		 Unreleased entries document explicit retention posture on strand creation, session-default/debugger-default derivation, StrandRegistry coherence rejection, settlement planning gate on Shared posture, artifact posture propagation, and INVALID_STRAND ABI fix. Backlog document CI-003 proposes append-only braid membership model with event-log source of truth.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant ForkStrandRequest
  participant WorldlineRuntime
  participant StrandRegistry
  participant SettlementService
  participant BraidShellAssembly

  Client->>ForkStrandRequest: from_session_default(session_ctx)
  ForkStrandRequest->>ForkStrandRequest: retention_posture = session_ctx.retention_posture()
  ForkStrandRequest-->>Client: ForkStrandRequest { retention_posture }
  
  Client->>WorldlineRuntime: fork_strand(request)
  WorldlineRuntime->>StrandRegistry: insert(Strand { retention_posture })
  StrandRegistry->>StrandRegistry: retention_posture.validate()
  alt posture is incoherent
    StrandRegistry-->>WorldlineRuntime: StrandError::Posture(PostureObstruction)
  else posture is valid
    StrandRegistry-->>WorldlineRuntime: Ok
    WorldlineRuntime-->>Client: ForkStrandReceipt { retention_posture }
  end

  Client->>SettlementService: plan_with_policy(strand)
  SettlementService->>SettlementService: check causal_posture == Shared
  alt posture is not Shared
    SettlementService-->>Client: SettlementError::NonSharedStrand
  else posture is Shared
    SettlementService->>SettlementService: plural_draft(strand_posture)
    SettlementService-->>Client: SettlementPlan
  end

  Client->>SettlementService: settle_with_policy(plan)
  SettlementService->>BraidShellAssembly: build_braid_shell(strand_posture)
  BraidShellAssembly->>BraidShellAssembly: BraidShellMember.posture := strand_posture
  BraidShellAssembly->>BraidShellAssembly: BraidShell::assemble(strand_posture)
  BraidShellAssembly-->>SettlementService: BraidShell
  SettlementService-->>Client: SettlementResult { braid_shell }
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related PRs

  • flyingrobots/echo#315: Introduced the Strand/StrandRegistry structures that this PR extends with the retention_posture field and registry-level posture validation.
  • flyingrobots/echo#539: Added plural settlement with retained θ_braid shells; this PR extends that work by gating planning on Shared posture and persisting the strand's actual causal posture into artifacts instead of forcing AuthorOnly.

Poem

The posture must be Shared to settle down,
No AuthorOnly sneaks past the registry crown.
Each fork now carries its derivation sealed,
DebuggerDefault stays author-only, revealed.
INVALID_STRAND returns where ENGINE_ERROR would hide —
Coherence enforced, no silent posture slide. 🔒

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the core objective: strand creation now explicitly requires a RetentionPosture field threaded through ForkStrandRequest, ForkStrandReceipt, and Strand structures.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch cycle/538-strand-creation-posture

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 13, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1eacd3876d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/warp-core/src/settlement.rs Outdated
Comment thread crates/warp-core/src/revelation.rs Outdated
Comment thread crates/warp-core/src/strand.rs
@flyingrobots

flyingrobots commented Jun 14, 2026

Copy link
Copy Markdown
Owner Author
Severity Source File Lines Issue Mitigation
P1 PR/Self crates/warp-core/src/settlement.rs 682-833 Settlement planning still imports non-Shared strand suffixes, so AuthorOnly debugger/session work can enter base shared history without admission. Add a regression proving AuthorOnly settlement is rejected; require Shared posture before planning imports; make import-settlement fixtures explicitly Shared.
P2 PR/Self crates/warp-core/src/revelation.rs 383-389 SessionContext::retention_posture accepts arbitrary PostureDerivation, allowing fresh session-created work to masquerade as debugger or legacy migration work. Remove the derivation parameter; stamp PostureDerivation::SessionDefault inside the helper; keep debugger/migration derivations in named paths only.
P2 PR/Self crates/warp-core/src/settlement.rs 927-1376 Settlement shell construction discards strand posture and hard-codes shell/member posture as AuthorOnly, corrupting retained shell posture for legitimately shared strands. Thread the settled strand posture into build_braid_shell; assert shared settlement shells record Shared.

@codex please confirm these are the complete actionable issues for this pass.

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 14, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1eacd3876d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/warp-core/src/settlement.rs Outdated
Comment thread crates/warp-core/src/revelation.rs Outdated
Comment thread crates/warp-core/src/coordinator.rs Outdated
Comment thread crates/warp-core/src/strand.rs
Comment thread crates/warp-core/src/strand.rs
@flyingrobots

flyingrobots commented Jun 14, 2026

Copy link
Copy Markdown
Owner Author

@codex Self-discovered issue during P1 warp-wasm RED verification.

Severity Source File Lines Issue Mitigation
P1 Self crates/warp-wasm/src/lib.rs ~1258 cargo test -p warp-wasm --features engine fails because the engine-feature test SettlementResult literal omits the now-required appended_plurals and braid_shell_digest fields. Update the test literal to include empty plural refs and no braid-shell digest, then verify cargo test -p warp-wasm --features engine.

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 14, 2026

Copy link
Copy Markdown

Summary

  • Added the missing SettlementResult fields for the warp-wasm settlement stub: empty appended_plurals and None for braid_shell_digest. crates/warp-wasm/src/lib.rsL1258-L1268
  • Added an explicit shared retention-posture helper for warp-wasm settlement fixtures, including authority, derivation, contract, and admission scope. crates/warp-wasm/src/warp_kernel.rsL1407-L1426
  • Updated both warp-wasm engine settlement Strand literals to use the shared posture helper, keeping import-settlement fixtures lawful after the non-Shared settlement gate. crates/warp-wasm/src/warp_kernel.rsL1494-L1504 crates/warp-wasm/src/warp_kernel.rsL1556-L1566
  • Committed the changes on the current branch with commit d66918a Fix warp-wasm settlement fixtures.
  • Created a PR via the make_pr tool titled Fix warp-wasm settlement fixture posture fields.
  • Left the pre-existing uncommitted pnpm-lock.yaml change untouched.

Testing

  • cargo test -p warp-wasm --features engine
  • cargo check -p warp-wasm --features engine
  • git diff --check

View task →

@flyingrobots

flyingrobots commented Jun 14, 2026

Copy link
Copy Markdown
Owner Author

Activity Summary

@codex Review repair pass completed for the posture-on-strand-creation PR.

Item Severity Source Files Commit Outcome
1 P1 PR crates/warp-core/src/settlement.rs 03a8f01c Non-Shared strands are rejected before settlement planning/import; AuthorOnly regression added.
2 P2 PR crates/warp-core/src/revelation.rs, crates/warp-core/src/coordinator.rs 2164cc4c SessionContext::retention_posture() stamps PostureDerivation::SessionDefault; callers cannot select migration/debugger derivations.
3 P2 PR crates/warp-core/src/settlement.rs dea53815 Settlement plural artifacts, braid-shell members, and retained shells carry the source strand posture instead of hard-coded AuthorOnly.
4 P1 PR + Self crates/warp-wasm/src/warp_kernel.rs, crates/warp-wasm/src/lib.rs 334648cd warp-wasm --features engine test fixtures include explicit Shared strand posture and updated ABI settlement-result fields.

Resolved review threads: PRRT_kwDOQH8Wr86JWgtl, PRRT_kwDOQH8Wr86JWgtm, PRRT_kwDOQH8Wr86JWgtn, PRRT_kwDOQH8Wr86JXZaa, PRRT_kwDOQH8Wr86JXZab, PRRT_kwDOQH8Wr86JXZac, PRRT_kwDOQH8Wr86JXZad, PRRT_kwDOQH8Wr86JXZae.

Local witnesses:

  • cargo test -p warp-core --lib → 541 passed
  • cargo test -p warp-core --test strand_contract_tests → 27 passed
  • cargo test -p warp-core --lib settlement::tests → 20 passed
  • cargo test -p warp-wasm → 4 passed
  • cargo test -p warp-wasm --features engine → 54 passed
  • cargo fmt --all -- --check
  • git diff --check
  • scripts/check-causal-posture-constructors.sh
  • scripts/ban-nondeterminism.sh
  • pnpm exec markdownlint-cli2 CHANGELOG.md

Pre-push witnesses passed on final head 334648cd, including default warp-wasm and engine-feature warp_kernel::tests. Remote CI is still in progress at the time of this comment; merge gate remains locked until checks finish and the approval requirement is satisfied.

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 14, 2026

Copy link
Copy Markdown

Summary

Testing / Checks

  • pwd && find .. -name AGENTS.md -print && git status --short && git log -n 5 --oneline
  • sed -n '1,220p' docs/BEARING.md
  • sed -n '1,220p' METHOD.md
  • ⚠️ find backlog/asap -maxdepth 2 -type f -print | sort | head -100 — warning only because backlog/asap does not exist in this checkout; METHOD.md says live backlog has moved to GitHub Issues.
  • rg -n "retention_posture|build_braid_shell|appended_plurals|braid_shell_digest|NonShared|Shared" crates/warp-core/src/settlement.rs crates/warp-core/src/revelation.rs crates/warp-core/src/coordinator.rs crates/warp-wasm/src/lib.rs crates/warp-wasm/src/warp_kernel.rs | head -120
  • nl -ba crates/warp-core/src/settlement.rs | sed -n '682,700p;965,985p'
  • nl -ba crates/warp-core/src/revelation.rs | sed -n '383,400p'
  • nl -ba crates/warp-wasm/src/warp_kernel.rs | sed -n '1214,1228p;1498,1506p;1560,1568p'
  • nl -ba crates/warp-wasm/src/lib.rs | sed -n '1260,1268p'
  • nl -ba crates/warp-core/src/settlement.rs | sed -n '930,958p;1270,1305p;1370,1385p'
  • nl -ba crates/warp-core/src/settlement.rs | sed -n '1306,1325p;1384,1398p'

View task →

@flyingrobots

flyingrobots commented Jun 14, 2026

Copy link
Copy Markdown
Owner Author

@codex please confirm this self-review finding.

Self-Code Review Findings

Severity File / Lines Type Issue Recommended mitigation
P2 crates/warp-core/src/settlement.rs:555, crates/warp-core/src/settlement.rs:696; crates/warp-wasm/src/warp_kernel.rs:420 Public ABI error classification The branch adds SettlementError::NonSharedStrand as a lawful posture/admission rejection for non-Shared strands, but the WASM boundary maps every settlement error except StrandNotFound to ENGINE_ERROR. KernelPort callers of plan_settlement / settle_strand would see a policy denial as an internal engine fault instead of a stable invalid/admission rejection. Add a regression test through WarpKernel::plan_settlement or settle_strand for an AuthorOnly strand and map SettlementError::NonSharedStrand to a stable non-engine ABI code, either INVALID_STRAND with a posture-specific message or a new posture/admission-specific code if the ABI is allowed to grow.

No P0/P1 findings were found in this self-review. Remote CI is green at the time of review, and the worktree was clean before fetch/review.

@flyingrobots

flyingrobots commented Jun 14, 2026

Copy link
Copy Markdown
Owner Author

Resolved the self-review P2 in 0c7ca74e (Fix: map non-shared settlement ABI errors).

What changed:

  • SettlementError::NonSharedStrand now maps to stable INVALID_STRAND at the WASM KernelPort boundary instead of falling through to ENGINE_ERROR.
  • Added an engine-feature regression for AuthorOnly settlement through WarpKernel::plan_settlement and settle_strand.
  • Recorded the public-boundary behavior fix in CHANGELOG.md.

Local witnesses:

  • cargo test -p warp-wasm --features engine settlement_publication_rejects_author_only_strand_as_invalid_strand
  • cargo test -p warp-wasm --features engine
  • cargo clippy -p warp-wasm --features engine -- -D warnings
  • scripts/check-causal-posture-constructors.sh
  • cargo fmt --all -- --check
  • git diff --check
  • pnpm exec markdownlint-cli2 CHANGELOG.md
  • pre-push exact slice: cargo test -p warp-wasm --features engine --lib warp_kernel::tests

@codex self-review finding is addressed; please confirm.

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 14, 2026

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Bravo.

Reviewed commit: 0c7ca74ef2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

coderabbitai[bot]
coderabbitai Bot reviewed Jun 14, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/warp-wasm/src/warp_kernel.rs`:
- Around line 426-431: The SettlementError::NonSharedStrand case in the
warp_kernel.rs file is incorrectly using the error_codes::INVALID_STRAND code,
which is documented as "requested strand is not registered" in the ABI contract.
However, this case represents a different error condition where the strand
exists but settlement is forbidden by its posture policy. Either create a new
dedicated error code constant for settlement-policy rejection and use it in the
NonSharedStrand match arm, or coordinate with the team to intentionally broaden
the ABI contract definition for code 14 and update all downstream callers and
documentation accordingly. Do not leave the meaning of the error code ambiguous
on the wire.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 61466ee0-086f-4459-b6c1-611aa718e135

📥 Commits

Reviewing files that changed from the base of the PR and between cfccf67 and 0c7ca74.

📒 Files selected for processing (10)
  • CHANGELOG.md
  • crates/warp-core/src/coordinator.rs
  • crates/warp-core/src/neighborhood.rs
  • crates/warp-core/src/observation.rs
  • crates/warp-core/src/revelation.rs
  • crates/warp-core/src/settlement.rs
  • crates/warp-core/src/strand.rs
  • crates/warp-core/tests/strand_contract_tests.rs
  • crates/warp-wasm/src/lib.rs
  • crates/warp-wasm/src/warp_kernel.rs

Comment thread crates/warp-wasm/src/warp_kernel.rs
Comment on lines +426 to +431
SettlementError::NonSharedStrand { strand_id, posture } => AbiError {
code: error_codes::INVALID_STRAND,
message: format!(
"strand {strand_id:?} with posture {posture:?} is not shared-admitted for settlement"
),
},

@coderabbitai coderabbitai Bot Jun 14, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Don’t overload INVALID_STRAND for admission-policy rejection.

INVALID_STRAND is still documented as “requested strand is not registered” in the ABI contract. Reusing code 14 for NonSharedStrand changes the machine-readable meaning on the wire and makes “strand missing” indistinguishable from “strand exists but settlement is forbidden by posture policy”. Either add a dedicated ABI code for settlement-policy rejection, or update the ABI/spec contract and downstream callers in the same change if code 14 is being broadened intentionally.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/warp-wasm/src/warp_kernel.rs` around lines 426 - 431, The
SettlementError::NonSharedStrand case in the warp_kernel.rs file is incorrectly
using the error_codes::INVALID_STRAND code, which is documented as "requested
strand is not registered" in the ABI contract. However, this case represents a
different error condition where the strand exists but settlement is forbidden by
its posture policy. Either create a new dedicated error code constant for
settlement-policy rejection and use it in the NonSharedStrand match arm, or
coordinate with the team to intentionally broaden the ABI contract definition
for code 14 and update all downstream callers and documentation accordingly. Do
not leave the meaning of the error code ambiguous on the wire.

@flyingrobots

flyingrobots commented Jun 14, 2026

Copy link
Copy Markdown
Owner Author

@codex please confirm this self-review finding.

Self-Code Review Findings

Severity File / Lines Type Issue Recommended mitigation
P1 crates/warp-core/src/settlement.rs:636, crates/warp-core/src/settlement.rs:696; crates/warp-wasm/src/warp_kernel.rs:1091; crates/warp-wasm/src/warp_kernel.rs:2362 Public boundary / posture admission bypass The branch gates SettlementService::plan/settle for non-Shared strands, but SettlementService::compare still accepts any strand posture and the public WASM compare_settlement method exposes the resulting SettlementDelta (source_entries, source worldline, basis report) without the shared-admission check. The new AuthorOnly regression only covers plan_settlement and settle_strand, so a caller can still inspect AuthorOnly/debugger strand suffix evidence through compare_settlement. That violates the branch invariant that non-Shared strands are not settlement inputs / shared-publication material unless explicitly admitted. Add the same non-Shared admission gate to SettlementService::compare (or otherwise make public compare_settlement enforce it before returning any delta), returning SettlementError::NonSharedStrand. Add RED tests for core SettlementService::compare and WASM WarpKernel::compare_settlement proving AuthorOnly strands return stable INVALID_STRAND instead of a SettlementDelta. If compare is meant to become a revelation-only operation, split that API explicitly and require observer/revelation context before exposing sealed suffix evidence.

No additional findings were identified in this pass. Pre-review lock passed: clean worktree, git fetch origin succeeded, and git diff --check origin/main...HEAD is clean.

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 14, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0c7ca74ef2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/warp-core/src/settlement.rs
Comment on lines +697 to +701
if strand.retention_posture.causal_posture != CausalPosture::Shared {
return Err(SettlementError::NonSharedStrand {
strand_id,
posture: strand.retention_posture.causal_posture,
});

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 14, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Gate settlement comparison for non-shared strands

When a strand is AuthorOnly or Scratch, this new guard rejects only plan/settle; the public WASM path compare_settlement still calls SettlementService::compare directly (crates/warp-wasm/src/warp_kernel.rs:1091-1098) and returns a SettlementDelta containing the source worldline, source entries, and basis report. Because this commit makes debugger/non-shared strands carry AuthorOnly posture, any caller that can name such a strand can still inspect suffix evidence that the new settlement invariant says is not shared-admitted, so the same posture check should live in compare or at that ABI boundary before any delta is built.

Useful? React with 👍 / 👎.

@flyingrobots

flyingrobots commented Jun 14, 2026

Copy link
Copy Markdown
Owner Author

Follow-up correction after discussion: the earlier P1 finding over-prescribed the mitigation. The doctrine we want is:

  • compare is local revelation/inspection, like inspecting a local branch. It may inspect an AuthorOnly strand already held under local authority.
  • plan and settle are shared-admission operations and must reject non-Shared strands unless promotion/admission exists.
  • Longer-lived, non-permanent strand relationships belong in braid/proposal objects, not in settlement compare.

Locked this into a5c45a70 (Fix: clarify settlement compare posture):

  • core test now proves AuthorOnly compare succeeds while plan/settle reject
  • WASM KernelPort test now proves compare_settlement returns a delta while plan_settlement/settle_strand return INVALID_STRAND
  • SettlementService::compare docs clarify it is local revelation only and does not promote/plan/admit/settle
  • CHANGELOG.md records the distinction
  • filed backlog/cool-ideas/CI-003-append-only-braid-membership.md for append-only braid membership / weave-in events

Local witnesses passed:

  • cargo test -p warp-core --lib settlement_compare_inspects_author_only_while_plan_settle_reject
  • cargo test -p warp-wasm --features engine settlement_compare_inspects_author_only_while_plan_settle_reject
  • cargo test -p warp-core --lib settlement::tests
  • cargo test -p warp-wasm --features engine
  • cargo clippy -p warp-core --lib -- -D warnings -D missing_docs
  • cargo clippy -p warp-wasm --features engine -- -D warnings
  • scripts/check-causal-posture-constructors.sh
  • cargo fmt --all -- --check
  • pnpm exec markdownlint-cli2 CHANGELOG.md backlog/cool-ideas/CI-003-append-only-braid-membership.md
  • pre-push exact slices for settlement::tests and warp_kernel::tests

@codex please treat the earlier P1 comment as superseded by this clarified invariant.

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 14, 2026

Copy link
Copy Markdown

Summary

Testing

  • cargo test -p warp-core --lib settlement_compare_inspects_author_only_while_plan_settle_reject
  • cargo test -p warp-wasm --features engine settlement_compare_inspects_author_only_while_plan_settle_reject
  • git status --short — confirmed no new tracked changes from this pass; only the pre-existing pnpm-lock.yaml modification remains.

View task →

coderabbitai[bot]
coderabbitai Bot reviewed Jun 14, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backlog/cool-ideas/CI-003-append-only-braid-membership.md`:
- Around line 48-52: The AuthorOnly bullet point is ambiguous about the contract
for unauthorized weaving attempts—it does not clarify whether an unauthorized
weave is rejected outright or admitted but recorded as a sealed reference.
Rewrite the AuthorOnly bullet to explicitly separate these two distinct paths:
clearly state what happens when weaving with authority (the allowed case) and
what happens when weaving without authority (the rejection or
sealed-audit-record case), so implementers understand these are different
guarantees and do not conflate a sealed audit record with actual membership.

In `@CHANGELOG.md`:
- Around line 554-559: The CHANGELOG entry uses the phrase "locally held strand
suffix" which is too broad and could be misinterpreted as referring to any
locally present strand. Replace "locally held strand suffix" with "held under
local authority" to more precisely reflect the compare doctrine's actual
boundary and clarify that the compare-vs-plan/settle split is stricter than the
current wording implies.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3fc5ce36-a0bc-4f49-bbe8-cfc7f3c35ca1

📥 Commits

Reviewing files that changed from the base of the PR and between 0c7ca74 and a5c45a7.

📒 Files selected for processing (4)
  • CHANGELOG.md
  • backlog/cool-ideas/CI-003-append-only-braid-membership.md
  • crates/warp-core/src/settlement.rs
  • crates/warp-wasm/src/warp_kernel.rs

Comment thread backlog/cool-ideas/CI-003-append-only-braid-membership.md
Comment on lines +48 to +52
- A shared braid projection can reveal the relationship without revealing a
sealed member source chain.
- Settlement can admit a braid projection without collapsing member strands.
- Weaving in an AuthorOnly member requires authority or records a sealed
member reference.

@coderabbitai coderabbitai Bot Jun 14, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Separate allowed weaving from sealed audit records.

The AuthorOnly bullet is ambiguous about whether an unauthorized weave is admitted or rejected and merely recorded. Those are different contracts; spell out the rejection path explicitly so implementers don’t treat a sealed reference as membership.

Suggested wording 
-  - Weaving in an AuthorOnly member requires authority or records a sealed
-    member reference.
+  - Weaving in an AuthorOnly member requires authority.
+  - Unauthorized weave attempts are rejected; any sealed member reference is
+    audit-only and does not change membership.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- A shared braid projection can reveal the relationship without revealing a
sealed member source chain.
- Settlement can admit a braid projection without collapsing member strands.
- Weaving in an AuthorOnly member requires authority or records a sealed
member reference.
- A shared braid projection can reveal the relationship without revealing a
sealed member source chain.
- Settlement can admit a braid projection without collapsing member strands.
- Weaving in an AuthorOnly member requires authority.
- Unauthorized weave attempts are rejected; any sealed member reference is
audit-only and does not change membership.
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backlog/cool-ideas/CI-003-append-only-braid-membership.md` around lines 48 -
52, The AuthorOnly bullet point is ambiguous about the contract for unauthorized
weaving attempts—it does not clarify whether an unauthorized weave is rejected
outright or admitted but recorded as a sealed reference. Rewrite the AuthorOnly
bullet to explicitly separate these two distinct paths: clearly state what
happens when weaving with authority (the allowed case) and what happens when
weaving without authority (the rejection or sealed-audit-record case), so
implementers understand these are different guarantees and do not conflate a
sealed audit record with actual membership.

Comment thread CHANGELOG.md
Comment on lines +554 to +559
- `warp-core` settlement planning now rejects non-`Shared` strands before
producing import candidates. Author-only/debugger strand suffixes can remain
real causal work, but they cannot enter base shared history without an
explicit shared admission posture. Settlement compare remains local
revelation/inspection only: it can inspect a locally held strand suffix
without promoting, planning, admitting, or settling it.

@coderabbitai coderabbitai Bot Jun 14, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Tighten the compare boundary to local authority.

“Locally held strand suffix” is broader than the finalized compare doctrine and can be read as any locally present strand being inspectable. Say “held under local authority” so this entry doesn’t drift from the compare-vs-plan/settle split.

Suggested wording 
-  revelation/inspection only: it can inspect a locally held strand suffix
+  revelation/inspection only: it can inspect a strand suffix held under local authority
   without promoting, planning, admitting, or settling it.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- `warp-core` settlement planning now rejects non-`Shared` strands before
producing import candidates. Author-only/debugger strand suffixes can remain
real causal work, but they cannot enter base shared history without an
explicit shared admission posture. Settlement compare remains local
revelation/inspection only: it can inspect a locally held strand suffix
without promoting, planning, admitting, or settling it.
- `warp-core` settlement planning now rejects non-`Shared` strands before
producing import candidates. Author-only/debugger strand suffixes can remain
real causal work, but they cannot enter base shared history without an
explicit shared admission posture. Settlement compare remains local
revelation/inspection only: it can inspect a strand suffix held under local authority
without promoting, planning, admitting, or settling it.
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CHANGELOG.md` around lines 554 - 559, The CHANGELOG entry uses the phrase
"locally held strand suffix" which is too broad and could be misinterpreted as
referring to any locally present strand. Replace "locally held strand suffix"
with "held under local authority" to more precisely reflect the compare
doctrine's actual boundary and clarify that the compare-vs-plan/settle split is
stricter than the current wording implies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@flyingrobots