Context
A community/community feature request was drafted today asking GitHub for a REST + GraphQL surface to create and seed repository wikis (re-file of #196186). The proposal's anti-abuse considerations section names five mechanisms that any new write-API for an agent-collaborative world should bake in from day one.
Internal audit (2026-05-28) confirmed http-capability-gateway already implements a 1:1 mapping of every one of those mechanisms in shipping code.
The mapping
| Proposal mechanism |
Gateway implementation |
| Per-author rate limits |
RateLimiter — token-bucket keyed by {client_ip, trust_level} |
| Token scope gating |
SafeTrust — three-level capability lattice (untrusted < authenticated < internal), formally verified in Idris2 |
| Human-attestation header |
A2ML — tamper-evident JSON envelopes with SHA-256 hashes, issuer + policy_hash, parameter redaction (see docs/A2ML-EXPLAINED.adoc) |
| Audit metadata surface |
VeriSimDB — durable append-only audit trail (capgw:audit) with structured forensic replay |
| Org-level opt-in |
YAML Verb Governance Spec (DSL v1) compiled to ETS |
| Per-page review queue |
K9-SVC contracts — SLA + breach policies (see docs/K9-SVC-EXPLAINED.adoc) |
| (Bonus, beyond proposal) |
mTLS client cert → X.509 OU → capability grant; stealth mode (404 not 403); policy versioning; atom-exhaustion DoS defence |
What this issue tracks
This is NOT a scope-expansion proposal. The MVP scope remains narrow per ROADMAP.adoc — the gateway is a verb-governance prefilter, not a GitHub-API drop-in.
This issue exists as a reference anchor for two scenarios:
-
If a Hubber engages on the discussion thread asking "do you have prior art for this design?" — the gateway is the answer. The mapping above documents that answer in advance so it doesn't have to be re-derived.
-
Confidence anchor for the narrow MVP — knowing the design maps cleanly onto an externally-recognised problem (agent-safe write APIs in a documentation-as-code world) strengthens the argument that the narrow scope is on the right axis.
Project-board intent
To be added to the http-capability-gateway project board under a status like "External validation / Reference" — not "Now" or "Next". It's evidence the design is well-grounded, not work-to-do.
Related artefacts
Snapshot pin
This relationship is pinned at 2026-05-28. Future divergence between the discussion thread and the gateway scope is documented at the point it arises, not here.
🤖 Generated with Claude Code
Context
A community/community feature request was drafted today asking GitHub for a REST + GraphQL surface to create and seed repository wikis (re-file of #196186). The proposal's anti-abuse considerations section names five mechanisms that any new write-API for an agent-collaborative world should bake in from day one.
Internal audit (2026-05-28) confirmed http-capability-gateway already implements a 1:1 mapping of every one of those mechanisms in shipping code.
The mapping
RateLimiter— token-bucket keyed by{client_ip, trust_level}SafeTrust— three-level capability lattice (untrusted < authenticated < internal), formally verified in Idris2docs/A2ML-EXPLAINED.adoc)capgw:audit) with structured forensic replaydocs/K9-SVC-EXPLAINED.adoc)What this issue tracks
This is NOT a scope-expansion proposal. The MVP scope remains narrow per ROADMAP.adoc — the gateway is a verb-governance prefilter, not a GitHub-API drop-in.
This issue exists as a reference anchor for two scenarios:
If a Hubber engages on the discussion thread asking "do you have prior art for this design?" — the gateway is the answer. The mapping above documents that answer in advance so it doesn't have to be re-derived.
Confidence anchor for the narrow MVP — knowing the design maps cleanly onto an externally-recognised problem (agent-safe write APIs in a documentation-as-code world) strengthens the argument that the narrow scope is on the right axis.
Project-board intent
To be added to the http-capability-gateway project board under a status like "External validation / Reference" — not "Now" or "Next". It's evidence the design is well-grounded, not work-to-do.
Related artefacts
Snapshot pin
This relationship is pinned at 2026-05-28. Future divergence between the discussion thread and the gateway scope is documented at the point it arises, not here.
🤖 Generated with Claude Code