Skip to content

Reconcile AUTH plan with merged lifecycle boundaries#140

Merged
abiorh-claw merged 15 commits into
mainfrom
codex/ws-auth-001-xint-reconciliation
Jul 17, 2026
Merged

Reconcile AUTH plan with merged lifecycle boundaries#140
abiorh-claw merged 15 commits into
mainfrom
codex/ws-auth-001-xint-reconciliation

Conversation

@Abiorh001

@Abiorh001 Abiorh001 commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator

Chunk

WS-AUTH-001-XINT - Lifecycle Boundary Plan Reconciliation

Goal And Intent

Reconcile the remaining AUTH initiative with merged PR #139 and the canonical AUTH/ART/REV/CON handoffs before AUTH-09A or any affected runtime work continues. The change removes stale combined-role, feature-owned activation, transaction, and service-admission assumptions without activating product behavior.

What Changed

  • adopted independent submitter, reviewer, and adjudicator project grants, with exact-role invalidation and dormant adjudicator lifecycle behavior
  • preserved the uninterrupted AUTH-09A through 09E sequence, followed by availability-neutral ART/REV custody transfer and PREP
  • mapped all 25 current ART and 19 current REV actions to canonical future AUTH activation custody while preserving the eight merged ART owner groups
  • defined exact PREP authority/database lock order and an internal non-Pydantic PreparedAuthorizationHandle bound to session, action, actor, idempotency key, and request digest
  • made future registrations delta-based, feature-manifest-gated, and downgrade-safe
  • repaired AUTH-10 through AUTH-16 action, migration, role, service, and conformance contracts
  • preserved PR Add fixed service identity foundation #132 migration packaging, wheel replay, same-event-loop cleanup, and exception-precedence guarantees for later convergence

Why And Design

Merged XINT makes AUTH the sole grant, evaluator-integration, decision-evidence, and action-availability authority while feature modules retain resource facts, guards, hidden behavior, and product state. Sensitive mutations use one caller-owned transaction: AUTH locks authority first, the feature locks and recomposes facts, AUTH evaluates and stages evidence once, participants flush, and the route or command commits once.

The existing Pydantic AuthorityClaimHandle remains the separate internal idempotency-reservation proof. PREP will use a distinct server-side PreparedAuthorizationHandle; this planning PR does not rewrite runtime.

Scope Control

Planning, loop memory, and authorization documentation only. No backend runtime, schema, migration, test, ActionId, PermissionId, action availability, service provisioning, workflow, dependency, package, or coverage configuration changes.

Acceptance Proof

  • exact typed comparison proves all 25 ART and 19 REV mappings and the canonical eight ART custody owners
  • fixed-service actions require exact approved static-matrix membership; human-only actions require no service membership
  • migration 0024 refuses obsolete combined/replacement evidence without conversion or deletion
  • blocked cross-initiative migrations reserve no number until their complete contract becomes executable
  • schema-v2 merge intent validates with a null successor because trusted main has no exact AUTH-09A contract

Deterministic Evidence

  • loop-memory and internal-review evidence gates passed before external repair; evidence will be rebound on the final repair head
  • stale Workstream wording and stale authorization documentation checks passed
  • Markdown links and diff integrity passed
  • all 80 agent-gate tests passed locally
  • replacement GitHub Agent Gates run 29558216518 passed
  • GitHub Backend runs 29557932993 and 29558216526 passed, including repository-wide coverage and real API checks

Reviewer Results

Senior engineering, QA/test, security/auth, product/ops, architecture, CI integrity, docs, and reuse/dedup passed the repaired exact head. All valid CodeRabbit findings were addressed; the requested runtime claim-handle rewrite was not applied because it conflated two contracts and violated the planning-only scope.

Remaining Risks

  • PR Add fixed service identity foundation #132 remains unmerged/conflicting and must converge from trusted main only after this reconciliation merges
  • feature activation contracts remain intentionally unmaterialized until immutable manifests and real behavior tests exist
  • PREP remains proposed; no sensitive consumer may start before its implementation and crossed-concurrency proof merge

Human Review Focus

Review the AUTH-09A through 09E sequence, exact custody mappings, PREP binding and lock order, dormant adjudicator behavior, migration refusal semantics, PR #132 preservation list, and absence of runtime activation.

Merge Ownership

Only explicit human approval authorizes merge. This PR and its merge intent start no runtime successor.

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@Abiorh001, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 54 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 10490b58-cfa6-47b0-a5c1-0cbd3ef64d28

📥 Commits

Reviewing files that changed from the base of the PR and between 1cdddbe and b80e898.

📒 Files selected for processing (15)
  • .agent-loop/LOOP_STATE.md
  • .agent-loop/REVIEW_LOG.md
  • .agent-loop/WORK_QUEUE.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/DECISIONS.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/PLAN.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/STATUS.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-10-project-role-grants.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-16-evidence-live-proof.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-PREP-prepared-mutation-protocol.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/reviews/WS-AUTH-001-XINT-external-review-response.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/reviews/WS-AUTH-001-XINT-internal-review-evidence.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/reviews/WS-AUTH-001-XINT-pr-trust-bundle.md
  • .agent-loop/merge-intents/WS-AUTH-001-XINT.json
  • docs/operations_authorization_service.md
  • docs/spec_authorization_service.md
📝 Walkthrough

Walkthrough

This documentation-only change reconciles WS-AUTH-001 with merged XINT planning, defines activation custody and prepared-mutation boundaries, expands rollout sequencing and service-gating rules, and updates proposed AUTH-10 through AUTH-16 cutover contracts and evidence requirements.

Changes

AUTH XINT reconciliation

Layer / File(s) Summary
Planning state and XINT reconciliation
.agent-loop/LOOP_STATE.md, .agent-loop/WORK_QUEUE.md, .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/{STATUS.md,CHUNK_MAP.md,DISCOVERY.md}, .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/{chunks,reviews}/*, .agent-loop/REVIEW_LOG.md, .agent-loop/merge-intents/*
Planning state now treats XINT as the active AUTH reconciliation chunk, records the merged PR #139 basis, and requires PR #132 convergence and re-review.
Activation custody and prepared mutation contracts
.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/ACTIVATION_CUSTODY.md, .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-{ART-CUSTODY,REV-CUSTODY,PREP}-*
ART and REV owner transfers, activation gates, non-executable registrations, and AUTH-first single-use mutation handles are specified with unchanged availability and caller-owned commits.
Authorization decisions and operational contracts
.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/{DECISIONS,INTENT,PLAN,RISKS}.md, docs/{operations_authorization_service,spec_authorization_service}.md
Role-specific grant behavior, migration custody, fixed-service admission, transaction boundaries, invalidation routing, and prepared-mutation runbooks are tightened.
AUTH-10 through AUTH-16 cutover contracts
.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-{10,11,12,13,14,15,16}-*, .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-05A-*
Proposed inactive cutovers now require exact ActionId inventories, migration parity, AUTH-PREP use, role-specific behavior, migration cycle checks, service manifests, and final conformance proof.

Estimated code review effort: 3 (Moderate) | ~30 minutes

Possibly related PRs

Suggested reviewers: abiorh-claw

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title is concise and accurately summarizes the PR’s main reconciliation work.
Description check ✅ Passed The description covers the main template sections and required context, with a few non-critical headings omitted.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/ws-auth-001-xint-reconciliation

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 9

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
@.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-16-evidence-live-proof.md:
- Around line 84-89: Update the final conformance proof to scope service-matrix
requirements by action type: require exact matrix membership for
fixed-service/service-principal actions, and explicitly prove that human-only
actions have no service-matrix membership. Revise the surrounding ActionId
mapping and static service-matrix assertions without broadening service
authority.

In
@.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-PREP-prepared-mutation-protocol.md:
- Around line 64-86: The prepared-handle protocol must require exact matching of
actor_ref_kind, actor_ref, idempotency_key, and request_digest from
AuthorityClaimHandle before any feature mutation. Update the handle validation
flow to reject mismatches, including same-session and same-action substitutions,
and add concurrency/replay coverage for cross-actor and cross-request reuse
while preserving single-use behavior.

In
@.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/DECISIONS.md:
- Around line 504-518: Replace the serializable AuthorityClaimHandle BaseModel
with an internal opaque server-side handle bound to session, action, and request
digest; update AuthorityClaimHandle, reserve(), and complete() across
backend/app/modules/authorization/schemas.py#L312-L330,
backend/app/modules/authorization/repository.py#L2-L69, and
backend/app/modules/authorization/service.py#L12-L71 so only the committed
response remains serializable. Update the corresponding contract descriptions in
.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/DECISIONS.md#L504-L518,
docs/operations_authorization_service.md#L547-L559, and
.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-16-evidence-live-proof.md#L98-L101
to describe the server-side opaque handle.

In
@.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/PLAN.md:
- Around line 89-90: Update the cross-initiative addition guidance in the plan
so the next trusted-main migration head is allocated only when the complete
feature contract is executable, not merely when it exists. Explicitly state that
no migration number may be reserved or allocated while the work remains blocked,
matching the custody rule in DECISIONS.md.
- Around line 187-189: Update the wording in the plan item around qualification
snapshots to replace “exact-project independent contributor grants” with clear
language such as “independent contributor grants scoped to the exact project,”
preserving the rest of the item unchanged.

In
@.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/STATUS.md:
- Around line 169-172: Update the AUTH-10 ownership statement in the status
document to replace the ambiguous “both” reference with the names of the two
concrete source contracts or evidence artifacts that define the typed/PostgreSQL
clean cut. Preserve the existing migration ownership and replacement-evidence
requirements while making the parity sources explicit.
- Around line 88-90: Update the prose in STATUS.md so “PR `#131`” remains on the
preceding line rather than beginning the next line with “#131”. Preserve the
existing authorization history and wording while ensuring the continuation line
does not start with Markdown heading syntax.

In @.agent-loop/WORK_QUEUE.md:
- Around line 85-88: Prevent wrapped PR references from being parsed as Markdown
headings: in .agent-loop/WORK_QUEUE.md lines 85-88, keep PR `#139` on the
preceding prose line; in
.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/STATUS.md
lines 87-90, keep PR `#131` on the preceding prose line. Preserve the existing
wording and content while ensuring neither continuation line begins with a PR
number.

In `@docs/spec_authorization_service.md`:
- Around line 113-120: Update migration 0024 wording in
docs/spec_authorization_service.md lines 113-120 to normatively state that it
refuses the upgrade when obsolete combined or replacement evidence exists and
never converts or deletes those rows. In
.agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-10-project-role-grants.md
lines 143-149, retain the canonical acceptance criterion and make its wording
identical to the specification.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: ff838419-d445-459a-9daa-6aff59369e19

📥 Commits

Reviewing files that changed from the base of the PR and between 5d353b6 and 1cdddbe.

📒 Files selected for processing (28)
  • .agent-loop/LOOP_STATE.md
  • .agent-loop/REVIEW_LOG.md
  • .agent-loop/WORK_QUEUE.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/ACTIVATION_CUSTODY.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/CHUNK_MAP.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/DECISIONS.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/DISCOVERY.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/INTENT.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/PLAN.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/RISKS.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/STATUS.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-05A-shared-audit-authority-evidence.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-10-project-role-grants.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-11-project-read-cutover.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-12-project-mutation-cutover.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-13-task-assignment-cutover.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-14-submission-checker-cutover.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-15-worker-authority-removal.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-16-evidence-live-proof.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-ART-CUSTODY-activation-custody-transfer.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-PREP-prepared-mutation-protocol.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-REV-CUSTODY-activation-custody-transfer.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/chunks/WS-AUTH-001-XINT-boundary-plan-reconciliation.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/reviews/WS-AUTH-001-XINT-internal-review-evidence.md
  • .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/reviews/WS-AUTH-001-XINT-pr-trust-bundle.md
  • .agent-loop/merge-intents/WS-AUTH-001-XINT.json
  • docs/operations_authorization_service.md
  • docs/spec_authorization_service.md

Comment thread .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/DECISIONS.md Outdated
Comment thread .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/PLAN.md Outdated
Comment thread .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/PLAN.md Outdated
Comment thread .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/STATUS.md Outdated
Comment thread .agent-loop/initiatives/WS-AUTH-001-workstream-authorization-service/STATUS.md Outdated
Comment thread .agent-loop/WORK_QUEUE.md Outdated
Comment thread docs/spec_authorization_service.md
@abiorh-claw
abiorh-claw self-requested a review July 17, 2026 08:36
@abiorh-claw
abiorh-claw merged commit d541521 into main Jul 17, 2026
3 checks passed
github-actions Bot pushed a commit that referenced this pull request Jul 17, 2026
@Abiorh001
Abiorh001 deleted the codex/ws-auth-001-xint-reconciliation branch July 18, 2026 04:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants