Skip to content

feat(spine): ADR-112 real-set follow-on — tamper-evident freeze-orchestration + lc Tier-1 authoring + at-power cert (one-cylinder checkpoint) #2291

Description

@satur8d

Scope — CONTRACT RULED (strategy 0102Z + 0107Z fixture amendment; boundary FIXED)

The ADR-112 real-set follow-on (operator greenlit 2026-07-03). Creates the FIRST real spine artifacts, scoped toward the one-cylinder checkpoint (one authored rule, certified, catching one real lc defect bots missed). Three operator-gated slices, contract→build→couple→named-merge per slice.

R1 — tamper-evident freeze-orchestration (totem) — NEXT UP

  • freeze-split step: derives the window from lc HEAD at freeze time, pins the derivation (asOfCommit = actual lc SHA + inputs recorded in the artifact). The frozen split artifact is TRACKED-PUBLIC (operator-named); the freeze lands as a PR whose operator-named merge IS the human gate (Q3 — no separate naming ceremony).
  • Tamper-evidence, (a)+(b) COMPOSED, (c) backstop (Q2): (a) commit-anchored — artifact committed BEFORE authoring; gate asserts frozenAt ≤ the introducing commit's committer timestamp; ledger entries land in strictly later commits. (b) hash-commitment — freeze stamps sha256(splitRef · frozenAt · corpus-integrity); every subsequent ledger entry chains it (a re-stamp orphans downstream entries). (c) non-inspection attestation stays a ledger-recorded backstop. Resolves ADR-112's Deferred attestation-mechanism (strategy folds at R1-merge, incl. the two-class Tenet-19 scoping: committed chronology → mechanism-class; pre-freeze working-tree drafts stay adherence-class, sandbox-narrowed + (c)-recorded).
  • totem rule author binding: refuse authoring into a ledger whose splitRef lacks a frozen, committed split artifact — authoredAfterSplit flips declared→mechanically-checked.
  • §5.4 workspace sandbox (R1b — INSIDE R1 per ruling): the authoring/test harness sandboxed to the train-side tree as-of the cut. The author cannot own the mechanism that constrains them (same independence axiom as §3 judgedBy ≠ author).
  • Constraints: fixture-proven like the D-ladder; must NOT widen the CI: Compile Manifest Attestation cannot see the cohort freeze — @mmnto/strategy-doctrine optional dep never materializes (no registry read auth), #2137 WARN-downgrade unreachable #2289 CI freeze-visibility seam.

R2 — lc Tier-1 authoring (lc-claude's lane; EMBARGOED until R1 live + real split frozen)

Cert-1 set AMENDED to the 3 admissible (0107Z): debug-assert-len-mismatch · procgen-entropy-clock-source · is_finite (floor ≥2 holds). godot-builtin-array-dict-in-sim HELD OUT — no PR anchor, fails Falsifier (a) honestly; contract not amended to rescue it. Fixture rulings on the R2 face: synthetic-from-prose ADMITTED w/ 3 recorded-exemplar conditions (procgen); 3 separation facts become declared negativeFixtures; Rule-43 scoped-exception pairing confirmed in the §3 basis; fixture ages ≤ lc#422 leave cutIndex free. Full-ISO authoredAt; judgedBy = the §3 whitelist-check id (settled, ≠ author).

R3 — at-power cert run + instrumentation

One wind-tunnel pass certifies all admissible rules per-rule; the checkpoint claim reads the FIRST live catch (endorsed likely-first: debug-assert-len-mismatch). Instrumentation: cert report artifact = source (per-rule held-out precision, heldOutActivationsByRule); live catch-rate = post-cert append-only sensor events (tracked-public); lesson→rule latency derives from ledger timestamps; dashboards derive, never hand-mirror. Measurement window opens at R3-merge; checkpoint is event-gated (time-box = review sensor, not deadline) — operator ratifies the window proposal at R3.

Sequencing invariant (§5.1, live on main since D5): freeze BEFORE authoring — the embargo gates are enforced.

Context: strategy ADR-112 + #793/#804 pins + the 0102Z/0107Z rulings; totem#2288; totem#2289 (binding constraint on R1).

🤖 Generated with Claude Code

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions