Plan contribution and compensation boundary#142
Conversation
…to codex/ws-con-001-plan
📝 WalkthroughWalkthroughThis documentation-only PR establishes WS-CON-001’s contribution and compensation boundary, introduces REV-owned immutable ChangesWS-CON-001 planning and contracts
Lifecycle and validation documentation
Estimated code review effort: 4 (Complex) | ~60 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…to codex/ws-con-001-plan # Conflicts: # scripts/check_stale_authorization_docs.py # scripts/test_agent_gates.py
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
@.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-01-canonical-contract-adoption.md:
- Around line 75-80: The affected chunk contracts lack executable verification
gates. Update the Verification sections in
.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-01-canonical-contract-adoption.md:75-80
with stale/link/SHA/inventory/diff commands and expected pass criteria;
WS-CON-001-02A-shared-outbox-persistence.md:38-43 with migration, race-proof,
idempotency, and coverage commands;
WS-CON-001-02B-shared-outbox-dispatcher.md:66-70 with dispatcher, authorization,
recovery, and coverage commands;
WS-CON-001-02C-shared-lifecycle-audit-participant.md:38-43 with rollback,
payload-boundary, idempotency, and coverage commands;
WS-CON-001-10A-contribution-award-product-reads.md:46-49 with API, concealment,
authorization-negative, and coverage commands;
WS-CON-001-10B-operations-reconciliation-rebuild.md:58-61 with race-order,
drain, provider-isolation, and coverage commands;
WS-CON-001-10C-operations-executors.md:68-71 with executor, fence, retry,
concurrency, and coverage commands; and
WS-CON-001-11-hidden-release-readiness.md:89-93 with manifest, OpenAPI,
isolation, fence-race, and coverage commands, including deterministic expected
pass criteria for each gate.
In
@.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-02B-shared-outbox-dispatcher.md:
- Around line 25-45: Move AUTH registration, provisioning, prepared-protocol,
action, custodian, and typed-context requirements out of chunk-owned acceptance
criteria and into explicit approved-AUTH prerequisites/handoff inputs. In
.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-02B-shared-outbox-dispatcher.md
lines 25-45, retain only dispatcher behavior owned by the allowed surface; in
.../WS-CON-001-10A-contribution-award-product-reads.md lines 21-33, make
contribution/award AUTH actions and typed contexts prerequisites; in
.../WS-CON-001-10B-operations-reconciliation-rebuild.md lines 23-38, make
operations AUTH actions, custodians, and prepared protocol prerequisites.
In
@.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-04B-hidden-contribution-policy-service.md:
- Around line 31-45: Reword the AUTH registration requirement in this
hidden-service chunk as a prerequisite or deferred gate rather than work
performed here. Keep the chunk’s scope excluding AUTH catalogue, grant, kernel,
and static-matrix edits, and state that activation depends on later AUTH
registration of the contribution.policy.* actions.
- Around line 47-51: Expand the verification sections at all listed sites to
include exact runnable commands, coverage targets, and explicit pass criteria:
WS-CON-001-04B for CON-04B; 05A for migration, lifecycle, rollback, and
coverage; 05B for upgrade, downgrade, fresh-install, and schema scans; 06 for
lock-order, freeze, and authorization; 07 for transaction fault injection,
replay, uniqueness, and no-ART-call behavior; 08A for pre-I/O fencing, retry,
adapter, and concurrency; 08B for callback replay, fencing, rate limiting, and
authorization; and 08R for atomic-window, isolation, migration, and fail-closed
behavior. Preserve each chunk’s required allowed files, prohibited changes,
acceptance criteria, risk class, and reviewer declarations.
In
@.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-09B-authorized-contribution-evidence-read.md:
- Around line 1-27: Complete the WS-CON-001-09B chunk contract by adding its
mandatory risk class, explicitly allowed files, prohibited changes, acceptance
criteria, executable verification commands, and required reviewers. Preserve the
deferred, independently approved successor scope and ensure the contract keeps
routes hidden and does not affect CON-10A or existing contribution/award truth.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 26a5debe-60e5-445a-840c-f7155725fd90
⛔ Files ignored due to path filters (1)
docs/reference_specs/WS-CON-001-contribution-record-and-compensation-boundary-specification(2).pdfis excluded by!**/*.pdf
📒 Files selected for processing (66)
.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/ARTIFACT_STORAGE_HANDOFF.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/AUTHORIZATION_HANDOFF.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/CHUNK_MAP.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/CONFORMANCE_MATRIX.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/DECISIONS.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/DISCOVERY.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/INTENT.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/JOINT_RELEASE_HANDOFF.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/PLAN.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/RISKS.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/RUNTIME_VERIFICATION.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/SOURCE_MANIFEST.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/STATUS.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-01-canonical-contract-adoption.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-02A-shared-outbox-persistence.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-02B-shared-outbox-dispatcher.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-02C-shared-lifecycle-audit-participant.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-03A-adapter-binding-persistence.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-03B-contribution-policy-persistence.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-03C-contribution-award-persistence.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-03D-delivery-receipt-status-persistence.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-04A-hidden-adapter-binding-service.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-04B-hidden-contribution-policy-service.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-05A-legacy-economic-terms-cutover-and-task-freeze.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-05B-legacy-economic-schema-removal.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-06-review-lease-contribution-policy-freeze.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-07-atomic-review-contribution-award-participant.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-08A-outbound-compensation-delivery.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-08B-inbound-fulfillment-callback.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-08R-bound-service-rate-control.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-09A-contribution-evidence-write.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-09B-authorized-contribution-evidence-read.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-10A-contribution-award-product-reads.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-10B-operations-reconciliation-rebuild.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-10C-operations-executors.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-11-hidden-release-readiness.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-PLAN-contribution-compensation-planning.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-PLAN2-final-acceptance-reconciliation.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-PLAN3-auth-pr140-reconciliation.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/reviews/WS-CON-001-PLAN-internal-review-evidence.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/reviews/WS-CON-001-PLAN2-internal-review-evidence.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/reviews/WS-CON-001-PLAN3-internal-review-evidence.md.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/reviews/WS-CON-001-PLAN3-pr-trust-bundle.md.agent-loop/merge-intents/WS-CON-001-PLAN3.jsonREADME.mddocs/architecture_brief/workstream_architecture_brief.mddocs/architecture_data_model.mddocs/architecture_lifecycle_state_machine.mddocs/architecture_lockdown.mddocs/architecture_system_architecture.mddocs/current_system_data_flow.htmldocs/glossary.mddocs/operations_operator_workflow.mddocs/operations_payment_reputation.mddocs/operations_queue_policy.mddocs/operations_reviewer_workflow.mddocs/product_first_user_flows.mddocs/reference_specs/WS-CON-001-contribution-record-and-compensation-boundary-specification.mddocs/risk_register.mddocs/template_project_guide.mddocs/template_review_packet.mdscripts/check_internal_review_evidence.pyscripts/check_stale_artifact_contracts.pyscripts/check_stale_authorization_docs.pyscripts/check_stale_workstream_wording.pyscripts/test_agent_gates.py
Workstream PR Trust Bundle: WS-CON-001-PLAN3
Chunk
WS-CON-001-PLAN3- AUTH And REV Current-Main Reconciliation.Merge intent:
.agent-loop/merge-intents/WS-CON-001-PLAN3.jsonGoal
Reconcile the contribution and compensation plan with trusted
mainat mergedREV PR #128 (
0302bcf), which contains AUTH-09A after AUTH PR #140, before anyCON runtime implementation begins.
Human-Approved Intent
Intent:
.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/INTENT.mdChunk contract:
.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/chunks/WS-CON-001-PLAN3-auth-pr140-reconciliation.mdThe current compensation-policy model completely supersedes the retired
policy model; no compatibility path returns.
The v0.1 accept path is
Review(accept) -> FinalAcceptance -> accepted_submissionwith no adjudication lifecycle.REV owns Review and FinalAcceptance orchestration and the single transaction;
CON is a mandatory flush-only contribution/award participant.
AUTH owns identifiers, grants, evaluator integration, ActionOwner custody,
evidence, and activation. CON must validate upstream planning rather than
copy speculative identifiers.
Pull and reconcile merged AUTH work before publishing this plan; do not start
CON runtime work automatically.
Consume merged REV's exact FinalAcceptance shape, two-operation CON
participant, initiative interleaving, and sole joint release-control contract.
What Changed
runtime catalogue while preserving PR Reconcile AUTH ART REV and CON lifecycle boundaries #139 as the underlying boundary.
single-use handle binding and authority-first lock protocol.
task.claim: only its stable PermissionId exists; no task-claimActionId is registered.
policy freeze plus task composition, then AUTH-13 enumeration, registration,
evaluator integration, and activation.
review.claimandreview.decisionactions and theirdependency on hidden CON participants, REV composition, and later AUTH
activation.
accept-only submitter operations at REV's exact lifecycle points.
interleaving.
root-ordinal, maximum-ordinal, drain, dispatch, callback, and writer hooks.
AUTH_CON_*ActionOwner candidates. The 22 CON surfacemappings remain unregistered, non-final proposals.
WS-CON-001-01as the same-initiative successor with an explicit start gate.Why It Changed
Treating a PermissionId as an existing ActionId would invert the safe rollout:
AUTH could activate task claim before the assignment captured its immutable
contribution-policy version. The corrected order keeps the feature unavailable
until hidden behavior and rollback proof are merged.
Design Chosen
AUTH locks current actor/link/exact-grant authority first and prepares one
opaque handle bound to session, ActionId, actor-reference kind/reference,
idempotency key, and canonical request digest. The feature then locks product
rows and recomposes final facts. AUTH consumes the handle, evaluates once, and
stages evidence. Participants flush only and the owning request/command commits
once. A failed substitution attempt does not consume an otherwise valid handle.
ServiceIdentity, static-matrix membership, and action availability are
code-owned validations, not database lock targets. No AUTH persistence, grant
query, evaluator, identifier registration, or availability writer moves into
CON.
FinalAcceptance remains an internal REV-derived fact with canonical
submission_id,recorded_by, andpolicy_context_ref, no public API, and noseparate authorization action. The mandatory CON participant receives a
reviewer operation before the branch and, only for accept, a submitter operation
after FinalAcceptance and accepted Task/Assignment effects. No adjudication
policy, state, action, queue, lease, contribution, or release dependency is
added.
REV owns the sole
JointLifecycleReleaseControlandJointLifecycleMutationFence. CON fences every fulfillment-obligation rootcreation/requeue/successor/repair writer before immutable monotonic ordinal
allocation. Delivery-draining completion is limited to same-generation roots
at or below the persisted cutoff; provider I/O occurs outside the transaction
and fence.
Alternatives Rejected
lineage would not be guaranteed.
task.claimas an existing ActionId: rejected by runtime catalogueevidence.
AUTH_CON_*planning labels: rejected because PR Reconcile AUTH plan with merged lifecycle boundaries #140 approves nosuch ActionOwner values.
responsibilities remain AUTH- and request-owned.
approved v0.1 lifecycle.
Scope Control
Allowed Files Changed
chunks/todeferred/as one non-executable proposal.response under the WS-CON initiative.
.agent-loop/REVIEW_LOG.mdfor the required durable external-reviewrecord.
existing PLAN3 schema-v2 merge intent.
Files Outside Contract
The current-main reconciliation changes 22 planning/merge-intent files with 429
insertions and 178 deletions. It changes no backend, migration, test, workflow,
script, dependency, runtime catalogue, or active product document. Before the
final evidence rebind, the full planning branch is 69 files with 8,874
insertions and 90 deletions against
origin/main; most of that delta is the original referencetranscription and durable planning/review record.
The circuit-breaker passed with a documentation-only size exception: the branch
is one coherent specification initiative, its runtime boundary is empty, and
the earlier planning snapshots retain their own review evidence. The user-owned
deletion of the archival CON PDF is unstaged and excluded.
The PR #142 external-review repair has 24 changed-path entries relative to the
pre-review head: 16 active chunk contracts; the old/new paths for one CON-09B
move; PLAN3, STATUS, RUNTIME_VERIFICATION, trust bundle, external-response log,
and root REVIEW_LOG. It adds no runtime, AUTH/REV/ART-owned, workflow,
dependency, migration, test, or merge-intent content change. The repair makes
verification executable and preserves upstream AUTH ownership rather than
changing product behavior.
Product Behavior
This PR changes planning, lifecycle wording, future chunk contracts, and review
evidence only. It adds no runtime route, model, migration, action, permission,
grant, worker, provider call, or activation.
Evidence
Commands Run
Result Summary
Acceptance Criteria Proof
56 planned, no CON-specific ActionId, and no task-claim ActionId.
behavior before AUTH-only activation.
FinalAcceptance respectively, inside the REV-owned transaction.
and same-generation at-or-below-cutoff completion match REV-12A.
proposed service PermissionIds remain identified as proposals.
WS-CON-001-01.registration, evaluation, or activation into CON.
selection, repository coverage 78, focused coverage 90, and explicit pass
criteria.
replacement contract closes then-current ART/AUTH disclosure scope.
Test Delta
Tests Added
Tests Modified
Tests Removed Or Skipped
Internal Reviewer Results
Reviewed code SHA: a69fad3
Reviewed at: 2026-07-17T18:14:54Z
Reviewer run IDs: auth08_arch_review/final-a69fad3, auth08_qa_product_review/final-a69fad3, auth08_security_review/final-a69fad3
The final repair results are rebound in
WS-CON-001-PLAN3-internal-review-evidence.mdwithout changing reviewedplanning content after exact-SHA review.
External Review
External review response file:
.agent-loop/initiatives/WS-CON-001-contribution-compensation-boundary/reviews/WS-CON-001-PLAN3-external-review-response.mdCI And Gate Integrity
Integrity Detail
PLAN3 changes no test or CI file, removes no assertion, skips no test, changes
no threshold, and adds no bypass. Existing agent-gate coverage remains intact.
Remaining Risks
placeholders must be replaced by exact reviewed filenames.
ART/AUTH/human approval gate.
Follow-Up Work
manifest before task-claim registration or activation.
registration/activation contracts; the proposed table is not a registry.
review.claimandreview.decisionremain unavailable until their completeREV/CON composition and AUTH gates merge.
Human Review Focus
Confirm the corrected task-claim ordering, exact prepared-handle contract,
two-operation Review/FinalAcceptance/contribution transaction, canonical
FinalAcceptance names, sole REV-12A release controller/fence, executable future
chunk gates, and upstream-only AUTH registration/activation ownership. Also
confirm that optional CON-09B remains non-executable until fresh approval and
that the cumulative planning PR is acceptable as one coherent specification
record.
Human Merge Ownership
This bundle authorizes refreshing PR #142, not merging it. The user must
explicitly approve PR #142 for merge. No successor chunk starts automatically.