Merge Orchestration · k9 lease validator (LeaseValidator + mix hypatia.validate_leases)

[hyperpolymath]

k9 lease validator — audit the persisted lease store

The a5 follow-on you asked for. KinGate.decide_acquire prevents bad acquires at mint time; this validates the persisted lease store after the fact, catching coordination drift a live gate can't see across files.

• LeaseValidator.validate/2 (pure) over a list of a5 lease records → violations:
  • {:le1_no_ttl, id} — a held lease with no expires_at (LE1)
  • {:le2_meta_unauthorized, id} — a held meta-territory lease without owner_authorized (LE2)
  • {:stale, id} — a held lease past its TTL (should have released/expired)
  • {:overlap, repo, [id]} — ≥2 live held leases on one repo (the "one bot per repo" rule broken in the store)
• validate_store/2 — reads the lease dir via KinGate.FileStore (decoder injectable).
• mix hypatia.validate_leases [--store PATH] — the runnable gate; exits non-zero on any violation. This is exactly what the a5 standards INTENT probe I drafted points at (.machine_readable/contractiles/trust/lease-validator.ncl).

Testing (actual, not looks-right)

71 ExUnit, 0 failures (was 64), mix-format-clean, scanner-clean:

71 tests, 0 failures

The +7 LeaseValidator tests: clean store, LE1 (no TTL), LE2 (meta unauthorized) + authorized-is-clean, stale (past TTL), overlap (two live held on one repo), different-repos/released-don't-overlap, and validate_store reading a real lease dir (injected codec).

Scope / safety

• Not auto-armed — core-tier lib/ + a Mix task, your review.
• Additive: one module + the task + its test. Complements KinGate (mint-time) with store-time auditing.

Where this leaves the four items

• Manifest-shape adapter → merged (farm chore(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 #80) — the loop is connected end-to-end.
• k9 lease validator → this PR.
• BoA substrate design → merged (Merge Orchestration · Bag-of-Actions execution-substrate design doc #498); real integration still gated on bag-of-actions being added to scope.
• a5 standards adoption → drafted, awaiting your sign-off (I won't push to standards); the INTENT probe references this validator, so once you approve, the two click together.

LEDGER is at v0.9.0 with the full state.

---

Generated by Claude Code

[github-actions]

🔍 Hypatia Security Scan

Findings: 42 issues detected

Severity	Count
🔴 Critical	0
🟠 High	0
🟡 Medium	42

View findings

[
  {
    "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
    "type": "GS007",
    "file": ".",
    "action": "delete_remote_branches",
    "rule_module": "git_state",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "src/ui/gossamer/README.adoc",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "scripts/ci-tools/Cargo.toml",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "scripts/bench-tools/Cargo.toml",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "ffi/zig/README.adoc",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/reports/audit/audit-2026-04-15-post.md",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/integration/github-registry.adoc",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/integration/github-registry.adoc",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/integration/a2ml-k9.md",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
    "type": "CSA001",
    "file": "docs/architecture/system-integration.md",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence