Skip to content

docs(governance): canon-align service-boundary contract + live verification#127

Open
chitcommit wants to merge 3 commits into
mainfrom
claude/contract-canon-align
Open

docs(governance): canon-align service-boundary contract + live verification#127
chitcommit wants to merge 3 commits into
mainfrom
claude/contract-canon-align

Conversation

@chitcommit

@chitcommit chitcommit commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Follow-up to the merged service-boundary contract (#123), driven by a live status sweep of the canon validator + ChittyOS service registry on 2026-06-28.

What changed

1. Canon-aligned the contract (it didn't validate before)

  • v0.1.0's URI chittycanon://docs/architecture/chittycommand/service-boundary-contract and type: contract both fail live canon validation (architecture isn't a valid docs domain; contract isn't in the frontmatter type enum).
  • Corrected to chittycanon://docs/ops/policy/chittycommand-service-boundary-contract + type: policyvalidated clean and registered with the canonical registry (canon_register_documentregistered: true, DRAFT, 2026-06-28T07:08:14Z).

2. Live verification overlay (new section) — registry ownership lookups:

System Registry ownership doc_ref Result
chittyid identity management, DID resolution core/services/identity ✅ confirms boundary
chittyconnect service connections, credential proxying core/services/connect ✅ confirms boundary
chittyauth authorization, access control core/services/auth ✅ confirms boundary
chittycanon canonical definitions, architectural specs core/services/canon ✅ confirms boundary
chittyrouter not found → confirms hold
  • Added registry_confirmed to the drift vocabulary (a live evidence layer distinct from repo files).
  • Honesty preserved: the repo-file repo_identity_drift claims (stale CHARTER.md/package.json on the other repos) are marked unverified — that check needs read access to those repos, which this session didn't have. They remain flags to confirm, not settled fact.
  • Logged a discovered drift: ADR-001 carries the same non-canonical docs/architecture URI domain (left unchanged; flagged for follow-up).
  • Recorded the canon availability blip (canon.chitty.cc /health down, aggregator 404) as orthogonal to ownership — so a future reader doesn't mistake it for a boundary change.

3. De-orphaned the contract — linked from CHARTER.md (related docs + discovery_refs) and ADR-001 (back-reference).

4. ChittyID re-mint trackerdocs/registration/CHITTYID_REMINT_STATUS.md: a single status anchor for the live in-repo T→P-Synthetic re-mint (the one boundary that can reach code_confirmed within this repo). Mint mechanics stay in SUBMISSION_RUNBOOK.md; this only tracks state, blockers, and cross-links.

Scope

  • Docs/governance only — no code, schema, deps, or runtime changes.
  • File stays at docs/architecture/service-boundary-contract.md (URI ≠ file path, per CHARTER precedent).

Still open (not in this PR)

  • Repo-file code_confirmed for connect/auth/id/router — needs those repos in scope.
  • ADR-001 URI correction — flagged as a canonical_drift_blocked candidate.

https://claude.ai/code/session_01886crB52Jw3LWiqPh33WUM


Generated by Claude Code

Summary by CodeRabbit

  • Documentation
    • Added the Service-Boundary Contract reference to the charter and related “Document Triad” section.
    • Updated the architecture ADR to include a “See also” link to the Canonical Service-Boundary Contract.
    • Refreshed the Service-Boundary Contract to v0.2.0 with revised verification details and ownership/routing clarifications, including new drift-status vocabulary.
    • Added an operator-focused ChittyID re-mint status tracker defining status and a “definition of done” checklist.

…cation

- Fix invalid canonical URI/type on the contract (v0.1.0 used the non-canonical
  `docs/architecture` domain and `type: contract`; both fail live canon validation).
  Correct to `chittycanon://docs/ops/policy/chittycommand-service-boundary-contract`
  + `type: policy` (validated clean) and register with the canonical registry.
- Overlay a 2026-06-28 live verification: ChittyOS service registry confirms
  ownership for chittyid/chittyconnect/chittyauth/chittycanon and returns
  "not found" for chittyrouter (confirms the routing hold). Add `registry_confirmed`
  to the drift vocabulary; keep repo-file identity drift marked unverified (no
  repo read access this session).
- Log discovered ADR-001 URI drift (same non-canonical domain) without changing it.
- Link the contract from CHARTER.md (related docs + discovery_refs) and ADR-001 so
  it is no longer orphaned.
- Add docs/registration/CHITTYID_REMINT_STATUS.md: a status anchor for the live
  in-repo T->P-Synthetic re-mint (mechanics stay in SUBMISSION_RUNBOOK.md).
@github-actions

Copy link
Copy Markdown
  1. @coderabbitai review
  2. @copilot review
  3. @codex review
  4. @claude review
    Adversarial review request: evaluate security, policy bypass paths, regression risk, and merge-gating bypass attempts.

@coderabbitai

coderabbitai Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Important

Review skipped

No new commits to review since the last review.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6d2c1422-b843-43a1-99aa-d6672319c530

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The service-boundary contract is promoted to v0.2.0 with corrected canon URI, type, and namespace metadata, plus a rewritten live verification section reflecting a 2026-06-28 registry sweep. A new registry_confirmed drift-status tag is added. CHARTER.md and ADR-001 gain contract cross-references. A new CHITTYID_REMINT_STATUS.md tracker documents the pending T→P-Synthetic re-mint.

Changes

Service-Boundary Contract v0.2.0 and Cross-references

Layer / File(s) Summary
Contract metadata and cross-references
docs/architecture/service-boundary-contract.md, CHARTER.md, docs/architecture/ADR-001-meta-orchestrator-extension.md
Frontmatter updated to v0.2.0 with canon-valid URI/namespace/type; live verification timestamp and v0.1.0 failure note added; registry_confirmed tag added to drift-status vocabulary; contract URI added to CHARTER.md discovery_refs and Document Triad; ADR-001 gains a "See also" cross-reference.
Live verification evidence and bottom-line status
docs/architecture/service-boundary-contract.md
Live verification section rewritten with 2026-06-28 registry sweep: repo_identity_drift marked unverified for connect/auth/id, chittyrouter set to registry "not found" hold, tasks naming clarified, bottom-line block replaced with updated consolidated statuses.
ChittyID re-mint status tracker
docs/registration/CHITTYID_REMINT_STATUS.md
New file tracking the PENDING re-mint from deprecated T to P-Synthetic actor-class, blocked compliance items, cross-artifact anchors, and operator definition-of-done checklist.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Hop hop, the contract grows,
From v0.1 to v0.2 it goes!
Registry confirmed, the canon shines bright,
Re-mint is PENDING — oh what a delight.
A tracker appears, the checklist is set,
The rabbit stamps docs without any regret! ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly captures the governance docs update to canon-align the service-boundary contract and the live verification sweep.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/contract-canon-align

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector

Copy link
Copy Markdown

To use Codex here, create a Codex account and connect to github.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 28, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
chittycommand 42e637c Jun 28 2026, 09:11 AM

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
docs/registration/CHITTYID_REMINT_STATUS.md (1)

58-59: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Clarify operator access controls for this tracker.

The file states "Operator action via the runbook is required" but does not specify who the authorized operator is or how they claim the action. Consider adding a note on which role/identity (e.g., chittycommand-operator, chittyid-mint-admin) is authorized to execute the runbook, aligning with the service-boundary contract's ownership and registry_confirmed semantics.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/registration/CHITTYID_REMINT_STATUS.md` around lines 58 - 59, Clarify
the operator authorization for this tracker by adding a note near the existing
“Operator action via the runbook” statement that names the allowed role/identity
and how it is claimed. Update the tracker language to align with the
service-boundary contract and registry_confirmed semantics, using the relevant
identities such as chittycommand-operator or chittyid-mint-admin so it is clear
who may advance the status.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/registration/CHITTYID_REMINT_STATUS.md`:
- Around line 55-56: Update the Service-Boundary Contract row for Person (P,
Synthetic) so it uses the canonical status tag code_confirmed only, and move the
“local, re-mint pending” wording into a separate local note or explanatory
field. Keep the DoD reference aligned with the contract status name in this
markdown section so the status label and local reminder are not combined.

---

Nitpick comments:
In `@docs/registration/CHITTYID_REMINT_STATUS.md`:
- Around line 58-59: Clarify the operator authorization for this tracker by
adding a note near the existing “Operator action via the runbook” statement that
names the allowed role/identity and how it is claimed. Update the tracker
language to align with the service-boundary contract and registry_confirmed
semantics, using the relevant identities such as chittycommand-operator or
chittyid-mint-admin so it is clear who may advance the status.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: edec233b-dc99-4d18-b48a-1136d713b266

📥 Commits

Reviewing files that changed from the base of the PR and between efeb9c2 and 4d37b6f.

📒 Files selected for processing (4)
  • CHARTER.md
  • docs/architecture/ADR-001-meta-orchestrator-extension.md
  • docs/architecture/service-boundary-contract.md
  • docs/registration/CHITTYID_REMINT_STATUS.md

Comment thread docs/registration/CHITTYID_REMINT_STATUS.md Outdated
…tion

- DoD item 5: reference the canonical `code_confirmed` tag cleanly; move the
  "re-mint pending" qualifier into an explanatory note (per CodeRabbit).
- Add an Authorization section: the re-mint is a sensitive intent (requires_human),
  authorized to the service owner/operator via the ch1tty->ChittyConnect->chittyid
  broker, fail-closed if the broker is unavailable. Anchors to real identities
  (ADR-001 operator, CHARTER ownership) rather than inventing role slugs.
@github-actions

Copy link
Copy Markdown
  1. @coderabbitai review
  2. @copilot review
  3. @codex review
  4. @claude review
    Adversarial review request: evaluate security, policy bypass paths, regression risk, and merge-gating bypass attempts.

@chatgpt-codex-connector

Copy link
Copy Markdown

To use Codex here, create a Codex account and connect to github.

@coderabbitai

coderabbitai Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

@github-actions[bot] I’m reviewing the PR now, focusing on security, policy bypass paths, regression risk, and potential merge-gating bypass attempts. I only have the latest comment in context, so this is based on that request rather than the full prior thread.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4d37b6f179

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread docs/architecture/service-boundary-contract.md Outdated
… absence

Per review (Codex P2): the live-verification text over-claimed the
helper_registry_lookup miss as proof routing is absent. ChittyRouter is in
fact integrated here (wrangler.jsonc CHITTYROUTER_URL=https://router.chitty.cc)
and declared an upstream gateway in CHARTER.md. Reword the ChittyRouter row,
the registry-sweep note, and the bottom-line block so the `hold` is scoped to
the absence of a canonical routing-ownership record in the registry — not the
absence of the service. Aligns with the contract's own anti-overclaiming rule.
@github-actions

Copy link
Copy Markdown
  1. @coderabbitai review
  2. @copilot review
  3. @codex review
  4. @claude review
    Adversarial review request: evaluate security, policy bypass paths, regression risk, and merge-gating bypass attempts.

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@chatgpt-codex-connector

Copy link
Copy Markdown

To use Codex here, create a Codex account and connect to github.

@coderabbitai

coderabbitai Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

@github-actions[bot] Understood — I’ll review the PR with an adversarial focus on security, policy bypass paths, regression risk, and potential merge-gating bypass attempts.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants