Merge Orchestration · live BatonEmitter actuation backend (:manifest|:baton|:both)#501
Merged
Merged
Conversation
…kend
Wire bag-of-actions Batons into the live cycle alongside merge-decisions.jsonl.
- Loop.run/1 gains :actuation (:manifest default | :baton | :both); :baton
submits one Baton per armed entry via BatonEmitter.emit/2, late-bound to
Bag.Mesh.submit_planned(spec, budget) so :manifest runs never touch Bag.*.
- Threaded through Scheduler.cycle and `mix hypatia.merge_orchestrate --actuation`.
- BatonEmitter interop fixes, verified against bag-of-actions' real source:
* required_cap "secret-access" -> "secret_access" (the Zig bridge / Bag.Planner
tag; a hyphenated tag is unprovable and would route to no node).
* to_spec now carries a :verifier so a mutating merge passes the planner's
mutation gate instead of {:rejected, :mutation_requires_verifier}.
- Tests: +4 Loop/Scheduler :actuation tests; baton_emitter_test updated;
merge_orchestration suite 81/0.
The brain stays token-free: required_cap "secret_access" forces merges to
migrate to the token-bearing mesh-github-runner.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 42 issues detected
View findings[
{
"reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
"type": "GS007",
"file": ".",
"action": "delete_remote_branches",
"rule_module": "git_state",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "src/ui/gossamer/README.adoc",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "scripts/ci-tools/Cargo.toml",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "scripts/bench-tools/Cargo.toml",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "ffi/zig/README.adoc",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/reports/audit/audit-2026-04-15-post.md",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/integration/github-registry.adoc",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/integration/github-registry.adoc",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/integration/a2ml-k9.md",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
},
{
"reason": "Code scanning (Hypatia): hypatia/structural_drift/SD022 -- Hypatia structural_drift: SD022 -- 11 day(s) old",
"type": "CSA001",
"file": "docs/architecture/system-integration.md",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
added a commit
to hyperpolymath/bag-of-actions
that referenced
this pull request
Jun 14, 2026
… test (#5) Cross-repo counterpart to hyperpolymath/hypatia#501 — the bag-of-actions side of the live merge-orchestration actuation backend. ## What - Registers the hypatia **brain** node `mesh-hypatia-brain` (`linux`, `trusted-host`; **no** `secret-access`) in the estate manifest **in step** across `src/estate.zig`, `nodes.scm`, and `verification/proofs/Bag/Estate.idr`. A merge Baton requires `secret_access`, held only by `mesh-github-runner`, so the decision migrates off the token-free brain to the runner (token-free-brain invariant as a capability fact). - `bag/test/merge_orchestration_e2e_test.exs`: end-to-end proof that a hypatia merge spec (the exact `BatonEmitter.to_spec` shape) plans to `mesh-github-runner`, runs and returns `verdict=:pass`/`residue=:clean`, and **freezes-on-brain → thaws-on-runner** (attestation `hmac:verified`). The mutation gate (`{:rejected, :mutation_requires_verifier}` without a verifier) is covered too. ## Safety No real `gh pr merge` is ever executed — the merge command is a harmless `true` stand-in, so the routing / gate / freeze / thaw / verdict path is exercised without touching a PR (and the brain holds no token anyway). The real `gh pr merge` command shape is checked through `Planner.plan` only (selects the node, executes nothing). ## Tests - `zig build` + `zig build test` → OK. - bag suite: **24 tests** (the 5 new E2E pass). The 3 failures are **pre-existing and unrelated** — stale tests that assume `src/estate.zig` is a dirty `zig fmt` fixture, but it is clean both before and after this change. ## Note for review This branch is based on the latest local `main` and therefore also carries the previously-**unpushed** commit `5d820cb` (CheckBaton v2: WASI checks, tool_version, inline artifact). Only the top commit (`feat(estate): …`) is this work; `5d820cb` is your prior local work surfaced by the push. Core-tier → **draft for owner review** (not auto-armed). 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
hyperpolymath
added a commit
that referenced
this pull request
Jun 14, 2026
…501 follow-up) (#502) Re-lands the LEDGER doc bump dropped when PR #501's head didn't refresh before merge. Bumps the merge-orchestration workstream ledger to v0.11.0 and records the BoA actuation backend as WIRED LIVE. Doc-only. Owner-approved in the prior round. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Finishes the live bag-of-actions wiring for the merge-orchestration runtime (the BoA follow-on tracked in
.machine_readable/merge-orchestration/LEDGER.a2ml).What
Loop.run/1gains:actuation—:manifest(default) |:baton|:both.:batonsubmits one Baton per armed entry viaBatonEmitter.emit/2, late-bound toBag.Mesh.submit_planned(spec, budget)so a:manifest-only run never referencesBag.*(compile-decoupled; no new dep).Scheduler.cycleandmix hypatia.merge_orchestrate --actuation.BatonEmitter(Merge Orchestration · BatonEmitter (bag-of-actions mesh actuation backend) #500), verified against bag-of-actions' real source — each would otherwise make every merge Baton fail:required_cap "secret-access"→"secret_access"(the Zig bridge /Bag.Plannertag; a hyphenated tag is unprovable → routes to no node).to_specnow carries a:verifier, so a mutating merge passes the planner's mutation gate instead of{:rejected, :mutation_requires_verifier}.Token-free brain
The brain only emits/reads.
required_cap "secret_access"is held only by themesh-github-runnernode in bag-of-actions' estate, so every merge Baton migrates off the brain to the runner — the token-free-brain invariant as capability routing.Tests
+4Loop/Scheduler:actuationtests;baton_emitter_testupdated.mix test test/merge_orchestration/→ 81 tests, 0 failures.:proof_model_retrain_countmetric, watcher:already_startedisolation) — identical with this branch reverted.Cross-repo counterpart: hyperpolymath/bag-of-actions
claude/peaceful-pascal-IRlgq(brain node + end-to-end test).BatonEmitter.to_specoutput matches that PR's routed spec byte-for-byte.Core-tier → draft for owner review (not auto-armed).
🤖 Generated with Claude Code