Implement the Echo Target IR semantic verifier#673
Conversation
📝 WalkthroughWalkthroughAdds the ChangesVerifier implementation
Estimated code review effort: 5 (Critical) | ~120 minutes Possibly related issues
Possibly related PRs
Suggested labels: 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 8
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 216-218: Update the actions/checkout@v4 step to explicitly disable
credential persistence by setting persist-credentials to false in its with
configuration, while preserving the existing submodules setting.
In `@crates/echo-edict-provider-verifier/src/lib.rs`:
- Around line 689-713: Update preflight_expr and validate_target_expr_shape to
fully validate the structure and nesting depth of known Target IR variants,
including variant, match, list, map, and if, before classifying unsupported
semantics as Err(Unsupported). Reuse the same validation for requirement
predicates and onFailure handlers instead of accepting arbitrary maps, so
malformed expressions such as an if without required fields return
InvalidSemanticArtifact rather than a successful rejected report.
In `@crates/echo-edict-provider-verifier/src/semantic_resources.rs`:
- Around line 178-247: Update validate_references to validate the profile’s
diagnosticAbi reference against the same shared report-diagnostic ABI identity
used by emitted reports, rather than leaving it unchecked. Reuse the existing
diagnostic ABI resource/identity symbols and add a verifier contract test
covering a profile/report ABI mismatch, ensuring packaged admission rejects
inconsistent bindings.
In `@crates/echo-edict-provider-verifier/tests/verifier_contract.rs`:
- Around line 918-936: Update the deep-recursion test to submit the valid
72-level field chain in deep_child as the verified core result, rather than
wrapping it in malicious_outer with an unknown discriminator. Preserve the
existing refusal assertions, but assert the depth-limit diagnostic produced
after traversing the chain so the recursion bound is exercised.
- Around line 744-765: The string-bound coverage only tests acceptance at the
limit and must also verify rejection above it. Add a test case in string bound
validation using 17 Unicode scalar values, run it through verify, and assert the
expected typed refusal rather than acceptance, reusing the existing setup and
assertion helpers.
- Around line 331-375: The verifier report contract in assert_report_common must
require canonical references for the verified Core, target profile, and semantic
closure, either directly in the report or through a mandatory attestation
envelope, including the required causal-basis/site and witnessed-hologram
bindings. Update the corresponding report construction and assertions while
preserving existing fields. In crates/echo-edict-provider-verifier/README.md
lines 42-46, document these bindings as part of the shipped contract rather than
deferring them to a future package.
In `@det-policy.yaml`:
- Around line 50-53: The echo-edict-provider-lowerer ownership path overlaps the
verifier component claim through its broad schema wildcard. Update the lowerer
entry’s paths to target only
schemas/edict-provider/components/v1/lowerer.echo-dpo.component.wasm, while
preserving its existing ownership for the lowerer source and tests.
In `@xtask/src/main.rs`:
- Around line 544-549: Update require_checked_identity for Self::Verifier to
retain the verifier component returned by require_verifier_checked_identity(),
compare component.sha256_hex() against the approved checked-verifier SHA-256,
and return an error on mismatch before allowing promotion; ensure the Check flow
uses this validation rather than only comparing rebuilt bytes with --output, and
add a test covering a stale or malformed
APPROVED_CHECKED_VERIFIER_COMPONENT_SHA256.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 7f11fb82-42b6-410a-80a4-5ab8515a6c9d
⛔ Files ignored due to path filters (2)
Cargo.lockis excluded by!**/*.lockschemas/edict-provider/components/v1/verifier.echo-dpo.component.wasmis excluded by!**/*.wasm
📒 Files selected for processing (42)
.github/workflows/ci.yml.github/workflows/det-gates.ymlCHANGELOG.mdCargo.tomlcrates/echo-edict-provider-verifier/Cargo.tomlcrates/echo-edict-provider-verifier/README.mdcrates/echo-edict-provider-verifier/resources/authority-facts.echo-dpo.cborcrates/echo-edict-provider-verifier/resources/authority-facts.echo-lawpack.cborcrates/echo-edict-provider-verifier/resources/generated-artifact-profile.echo-dpo-registration.cborcrates/echo-edict-provider-verifier/resources/lawpack.echo-dpo.cborcrates/echo-edict-provider-verifier/resources/resource.lawpack-exports.cborcrates/echo-edict-provider-verifier/resources/resource.lawpack-target-adapter.cborcrates/echo-edict-provider-verifier/resources/resource.lawpack-verifier.cborcrates/echo-edict-provider-verifier/resources/resource.target-cost-algebra.cborcrates/echo-edict-provider-verifier/resources/resource.target-footprint-algebra.cborcrates/echo-edict-provider-verifier/resources/resource.target-intrinsics.cborcrates/echo-edict-provider-verifier/resources/resource.target-ir.cborcrates/echo-edict-provider-verifier/resources/resource.target-obstruction-taxonomy.cborcrates/echo-edict-provider-verifier/resources/resource.target-operation-profiles.cborcrates/echo-edict-provider-verifier/resources/resource.target-verifier-contract.cborcrates/echo-edict-provider-verifier/resources/target-profile.echo-dpo.cborcrates/echo-edict-provider-verifier/src/component.rscrates/echo-edict-provider-verifier/src/lib.rscrates/echo-edict-provider-verifier/src/semantic_resources.rscrates/echo-edict-provider-verifier/tests/fixtures/edict-core.hexcrates/echo-edict-provider-verifier/tests/fixtures/edict-target-ir.hexcrates/echo-edict-provider-verifier/tests/verifier_contract.rscrates/echo-edict-provider-verifier/wit/edict-target-provider.witdet-policy.yamldocs/architecture/application-contract-hosting.mdschemas/edict-provider/README.mdschemas/edict-provider/components/v1/README.mdscripts/ban-globals.shscripts/ban-nondeterminism.shscripts/tests/classify_changes.test.cjsscripts/verify-edict-provider-host-v1.shscripts/verify-local.shtests/edict-provider-host-v1/tests/host_contract.rstests/edict-provider-host-v1/tests/verifier_resource_sync.rstests/hooks/test_verify_local.shxtask/src/main.rsxtask/src/provider_lowerer_component.rs
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: false |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Disable credential persistence for workflow security.
The actions/checkout step persists the GitHub token in the local Git configuration by default. Explicitly disable this to limit credential exposure during subsequent run steps.
🛡️ Proposed fix
- uses: actions/checkout@v4
with:
submodules: false
+ persist-credentials: false📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: false | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: false | |
| persist-credentials: false |
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 216-218: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[error] 216-216: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/ci.yml around lines 216 - 218, Update the
actions/checkout@v4 step to explicitly disable credential persistence by setting
persist-credentials to false in its with configuration, while preserving the
existing submodules setting.
Source: Linters/SAST tools
| || !array_field(value, "requirements") | ||
| .is_some_and(|requirements| requirements.iter().all(validate_requirement_shape)) | ||
| || !array_field(value, "steps").is_some_and(|steps| steps.iter().all(validate_step_shape)) | ||
| { | ||
| return false; | ||
| } | ||
| map_field(value, "result").is_some_and(validate_target_expr_shape) | ||
| } | ||
|
|
||
| fn validate_budget_shape(value: &CanonicalValueV1) -> bool { | ||
| has_exact_fields( | ||
| value, | ||
| &["maxSteps", "maxAllocatedBytes", "maxOutputBytes"], | ||
| ) && ["maxSteps", "maxAllocatedBytes", "maxOutputBytes"] | ||
| .into_iter() | ||
| .all(|field| { | ||
| matches!(map_field(value, field), Some(CanonicalValueV1::Integer(value)) if *value >= 0) | ||
| }) | ||
| } | ||
|
|
||
| fn validate_requirement_shape(value: &CanonicalValueV1) -> bool { | ||
| has_exact_fields(value, &["id", "predicate", "onFailure"]) | ||
| && text_field(value, "id").is_some_and(|id| !id.is_empty()) | ||
| && map_field(value, "predicate").and_then(as_map).is_some() | ||
| && map_field(value, "onFailure").and_then(as_map).is_some() |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | 🏗️ Heavy lift
Separate structural validity from unsupported Target IR semantics.
Err(Unsupported) is treated as a valid expression shape, but preflight_expr does not validate any fields for variant, match, list, map, or if; requirement predicates and failure handlers likewise accept arbitrary maps. Consequently, malformed Target IR such as {"kind":"if"} reaches relation_failure and returns a successful rejected report instead of InvalidSemanticArtifact. Fully validate known shapes and depth before classifying semantic support.
Also applies to: 753-757
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@crates/echo-edict-provider-verifier/src/lib.rs` around lines 689 - 713,
Update preflight_expr and validate_target_expr_shape to fully validate the
structure and nesting depth of known Target IR variants, including variant,
match, list, map, and if, before classifying unsupported semantics as
Err(Unsupported). Reuse the same validation for requirement predicates and
onFailure handlers instead of accepting arbitrary maps, so malformed expressions
such as an if without required fields return InvalidSemanticArtifact rather than
a successful rejected report.
| fn validate_references(&self) -> Result<(), SemanticResourceError> { | ||
| assert_ref( | ||
| field(&self.profile, "targetIr", "target-profile.targetIr")?, | ||
| TARGET_IR, | ||
| &self.target_ir, | ||
| "target-profile.targetIr", | ||
| )?; | ||
| assert_ref( | ||
| field(&self.profile, "intrinsics", "target-profile.intrinsics")?, | ||
| INTRINSICS, | ||
| &self.intrinsics, | ||
| "target-profile.intrinsics", | ||
| )?; | ||
| assert_ref( | ||
| field( | ||
| &self.profile, | ||
| "footprintAlgebra", | ||
| "target-profile.footprintAlgebra", | ||
| )?, | ||
| FOOTPRINT, | ||
| &self.footprint, | ||
| "target-profile.footprintAlgebra", | ||
| )?; | ||
| assert_ref( | ||
| field(&self.profile, "costAlgebra", "target-profile.costAlgebra")?, | ||
| COST, | ||
| &self.cost, | ||
| "target-profile.costAlgebra", | ||
| )?; | ||
| assert_ref( | ||
| field( | ||
| &self.profile, | ||
| "obstructionTaxonomy", | ||
| "target-profile.obstructionTaxonomy", | ||
| )?, | ||
| OBSTRUCTIONS, | ||
| &self.obstructions, | ||
| "target-profile.obstructionTaxonomy", | ||
| )?; | ||
| assert_ref( | ||
| field( | ||
| &self.profile, | ||
| "operationProfiles", | ||
| "target-profile.operationProfiles", | ||
| )?, | ||
| OPERATION_PROFILES, | ||
| &self.operation_profiles, | ||
| "target-profile.operationProfiles", | ||
| )?; | ||
| assert_ref( | ||
| field(&self.profile, "verifier", "target-profile.verifier")?, | ||
| VERIFIER, | ||
| &self.verifier, | ||
| "target-profile.verifier", | ||
| )?; | ||
| let generated = exact_array( | ||
| field( | ||
| &self.profile, | ||
| "generatedArtifactProfiles", | ||
| "target-profile.generatedArtifactProfiles", | ||
| )?, | ||
| 1, | ||
| "target-profile.generatedArtifactProfiles", | ||
| )?; | ||
| assert_ref( | ||
| &generated[0], | ||
| GENERATED_PROFILE, | ||
| &self.generated_profile, | ||
| "target-profile.generatedArtifactProfiles[0]", | ||
| )?; |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Bind the report diagnostic ABI through the profile crossing.
The profile's diagnosticAbi reference is skipped here, while crates/echo-edict-provider-verifier/tests/verifier_contract.rs, Lines 358-370 independently hard-code the report ABI. A resource update could therefore leave the profile and emitted report bound to different diagnostic schemas while packaged admission still succeeds. Validate both through one shared identity and add a mismatch test.
The PR objective requires exact semantic-resource and artifact identity binding.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@crates/echo-edict-provider-verifier/src/semantic_resources.rs` around lines
178 - 247, Update validate_references to validate the profile’s diagnosticAbi
reference against the same shared report-diagnostic ABI identity used by emitted
reports, rather than leaving it unchecked. Reuse the existing diagnostic ABI
resource/identity symbols and add a verifier contract test covering a
profile/report ABI mismatch, ensuring packaged admission rejects inconsistent
bindings.
| fn assert_report_common( | ||
| report: &CanonicalValueV1, | ||
| target_ir_reference: &ResourceRef, | ||
| expected_outcome: &str, | ||
| ) { | ||
| let CanonicalValueV1::Map(fields) = report else { | ||
| panic!("report is not a map"); | ||
| }; | ||
| assert_eq!(fields.len(), 5); | ||
| assert_eq!( | ||
| text_value(map_field(report, "apiVersion")), | ||
| "echo.verifier-report/v1" | ||
| ); | ||
| assert_eq!( | ||
| map_field(report, "targetIr"), | ||
| &map([ | ||
| ("id", text(&target_ir_reference.coordinate)), | ||
| ( | ||
| "digest", | ||
| CanonicalValueV1::Array(vec![ | ||
| text("sha256"), | ||
| CanonicalValueV1::Bytes(target_ir_reference.digest.bytes.clone()), | ||
| ]), | ||
| ), | ||
| ]) | ||
| ); | ||
| assert_eq!(text_value(map_field(report, "outcome")), expected_outcome); | ||
| let diagnostic_abi = map_field(report, "diagnosticAbi"); | ||
| assert_eq!( | ||
| text_value(map_field(diagnostic_abi, "id")), | ||
| "edict.diagnostics/v1" | ||
| ); | ||
| assert_eq!( | ||
| map_field(diagnostic_abi, "digest"), | ||
| &CanonicalValueV1::Array(vec![ | ||
| text("sha256"), | ||
| CanonicalValueV1::Bytes( | ||
| hex::decode(DIAGNOSTIC_ABI_DIGEST).expect("diagnostic digest is valid") | ||
| ), | ||
| ]) | ||
| ); | ||
| assert_eq!( | ||
| map_field(report, "diagnosticBytes"), | ||
| &CanonicalValueV1::Bytes(Vec::new()) | ||
| ); |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | 🏗️ Heavy lift
Bind the verifier report to its complete causal basis.
The executable contract and documentation both define a report that identifies Target IR but not the exact Core, target profile, or semantic closure used to reach the decision.
crates/echo-edict-provider-verifier/tests/verifier_contract.rs#L331-L375: require canonical references for the verified Core, target profile, and semantic closure in the report or mandatory attestation envelope.crates/echo-edict-provider-verifier/README.md#L42-L46: document those bindings as part of this shipped contract instead of deferring them to a future package.
As per coding guidelines, public Echo surfaces require an explicit causal basis/site and witnessed hologram.
📍 Affects 2 files
crates/echo-edict-provider-verifier/tests/verifier_contract.rs#L331-L375(this comment)crates/echo-edict-provider-verifier/README.md#L42-L46
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@crates/echo-edict-provider-verifier/tests/verifier_contract.rs` around lines
331 - 375, The verifier report contract in assert_report_common must require
canonical references for the verified Core, target profile, and semantic
closure, either directly in the report or through a mandatory attestation
envelope, including the required causal-basis/site and witnessed-hologram
bindings. Update the corresponding report construction and assertions while
preserving existing fields. In crates/echo-edict-provider-verifier/README.md
lines 42-46, document these bindings as part of the shipped contract rather than
deferring them to a future package.
Source: Coding guidelines
| #[test] | ||
| fn string_bound_counts_unicode_scalar_values() { | ||
| let authored = "🦀".repeat(16); | ||
| let bounded_input = map([ | ||
| ("kind", text("const")), | ||
| ( | ||
| "value", | ||
| map([("kind", text("string")), ("value", text(&authored))]), | ||
| ), | ||
| ]); | ||
| let mut core = core_value(); | ||
| *map_field_mut(core_effect_mut(&mut core), "input") = bounded_input.clone(); | ||
| let mut target_ir = target_ir_value(); | ||
| *map_field_mut(target_step_mut(&mut target_ir), "input") = bounded_input; | ||
| let mut case = request(); | ||
| bind_core(&mut case, &core); | ||
| bind_target_ir(&mut case, &target_ir); | ||
| let target_ir_reference = case.target_ir.reference.clone(); | ||
|
|
||
| let success = verify(case).expect("sixteen Unicode scalar values remain within the bound"); | ||
| assert_accepted(&success, &target_ir_reference); | ||
| } |
There was a problem hiding this comment.
🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win
Test rejection above the Unicode scalar limit.
Accepting 16 non-ASCII scalars proves byte length is not used, but an implementation that omits the upper bound entirely also passes. Add a 17-scalar case and assert the required typed refusal.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@crates/echo-edict-provider-verifier/tests/verifier_contract.rs` around lines
744 - 765, The string-bound coverage only tests acceptance at the limit and must
also verify rejection above it. Add a test case in string bound validation using
17 Unicode scalar values, run it through verify, and assert the expected typed
refusal rather than acceptance, reusing the existing setup and assertion
helpers.
| let mut deep_child = map([("kind", text("unknown"))]); | ||
| for _ in 0..72 { | ||
| deep_child = map([ | ||
| ("kind", text("field")), | ||
| ("base", deep_child), | ||
| ("field", text("x")), | ||
| ]); | ||
| } | ||
| let malicious_outer = map([("kind", text("unknown")), ("base", deep_child)]); | ||
| let mut malicious_core = core_value(); | ||
| *core_result_mut(&mut malicious_core) = malicious_outer; | ||
| let mut request = request(); | ||
| bind_core(&mut request, &malicious_core); | ||
| let refusal = verify(request).expect_err("the outer discriminator must fail closed"); | ||
| assert_eq!(refusal.kind, ProviderRefusalKind::InvalidSemanticArtifact); | ||
| assert_eq!( | ||
| refusal.diagnostics[0].code, | ||
| "echo.verifier.invalid-expression-discriminator" | ||
| ); |
There was a problem hiding this comment.
🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win
Exercise the recursion bound instead of short-circuiting at the root.
malicious_outer has an unknown discriminator, so verification rejects before traversing its 72-level base. Submit the valid field chain itself and assert the depth-limit refusal; otherwise this test cannot detect unbounded recursion.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@crates/echo-edict-provider-verifier/tests/verifier_contract.rs` around lines
918 - 936, Update the deep-recursion test to submit the valid 72-level field
chain in deep_child as the verified core result, rather than wrapping it in
malicious_outer with an unknown discriminator. Preserve the existing refusal
assertions, but assert the depth-limit diagnostic produced after traversing the
chain so the recursion bound is exercised.
| echo-edict-provider-verifier: | ||
| class: DET_CRITICAL | ||
| owner_role: "Tooling Engineer" | ||
| paths: ["crates/echo-edict-provider-verifier/**", "schemas/edict-provider/components/v1/verifier.echo-dpo.component.wasm", "tests/edict-provider-host-v1/**"] |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value
Tighten path globs to prevent overlapping ownership.
This entry explicitly claims schemas/edict-provider/components/v1/verifier.echo-dpo.component.wasm. However, the echo-edict-provider-lowerer entry at line 49 already claims the broad schemas/edict-provider/components/v1/** glob, which inadvertently includes this new verifier component. Consider updating the lowerer's path to explicitly target lowerer.echo-dpo.component.wasm instead of using a blanket wildcard to maintain strict, non-overlapping ownership boundaries.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@det-policy.yaml` around lines 50 - 53, The echo-edict-provider-lowerer
ownership path overlaps the verifier component claim through its broad schema
wildcard. Update the lowerer entry’s paths to target only
schemas/edict-provider/components/v1/lowerer.echo-dpo.component.wasm, while
preserving its existing ownership for the lowerer source and tests.
| fn require_checked_identity(self) -> provider_lowerer_component::Result<()> { | ||
| match self { | ||
| Self::Lowerer => Ok(()), | ||
| Self::Verifier => { | ||
| provider_lowerer_component::require_verifier_checked_identity().map(|_| ()) | ||
| } |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Bind check to the approved SHA-256, not just the checked file.
require_checked_identity() discards the verifier digest, while Check only compares rebuilt bytes with --output. A source plus checked-WASM change can therefore pass with a stale or malformed APPROVED_CHECKED_VERIFIER_COMPONENT_SHA256, bypassing the promotion identity gate. Compare component.sha256_hex() with the approved digest and add a mismatch test.
Also applies to: 655-664
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@xtask/src/main.rs` around lines 544 - 549, Update require_checked_identity
for Self::Verifier to retain the verifier component returned by
require_verifier_checked_identity(), compare component.sha256_hex() against the
approved checked-verifier SHA-256, and return an error on mismatch before
allowing promotion; ensure the Check flow uses this validation rather than only
comparing rebuilt bytes with --output, and add a test covering a stale or
malformed APPROVED_CHECKED_VERIFIER_COMPONENT_SHA256.
Summary
Closes #654.
Refs #650.
Plain-English architecture walkthrough
Bounded closure and refusal posture
This PR verifies one exact effectful closure, not arbitrary future Target IR:
Checked component identity
The AMD64 builder is intentional. The component target is portable Wasm; the host architecture pin establishes one reproducible compiler environment and does not make the component AMD64-only.
Dependency rationale
RED / GREEN evidence
Native semantic verifier:
The focused REDs began with the absent verifier implementation and then exercised unsupported intrinsic, changed budget, obstruction disagreement, introduced claims, silent loss, malformed-but-decodable Target IR, recursive discriminator handling, semantic-resource contradictions, and output overclaim. GREEN is 6 unit tests plus 19 verifier contract tests.
Actual Edict host crossing:
The first RED failed because echo_verifier_harness did not exist. The next admission RED exposed an out-of-order schema domain and was fixed without weakening Edict's ordering law. GREEN is 18 passed and 2 intentional ignored child entrypoints, including accepted, semantic-rejected, typed-refusal, fresh-store replay, and separate-process equality.
Cross-process review finding:
RED was E0425 for the absent echo_verifier_observation witness. GREEN is 1 passed, with accepted, rejected, and refused observations produced in two independent OS processes.
Local route review findings:
Component and policy witnesses:
Results: 129 xtask tests passed; component audit matched the approved SHA and no-import topology; both targeted policy scans passed.
Final branch gate under the supported Node line:
All seven preflight checks passed. The full local verifier ran eight fresh lanes, including strict native and wasm Clippy plus the complete pinned Edict-host witness.
Compatibility notes
Documentation impact
Updated:
These documents separate component identity, semantic verification, Edict-host admission/replay, package identity, and Echo runtime authority as distinct propositions.
Review
Summary by CodeRabbit
New Features
Documentation
Tests