giles
c0a0d29a65
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 1m6s
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
595 lines
45 KiB
Markdown
595 lines
45 KiB
Markdown
# Abstraction Radar — backlog
|
||
|
||
Maintained by the read-only `radar` loop (see `plans/agent-briefings/radar-loop.md`).
|
||
Detection only — implementation is a separate, coordinated step owned by the
|
||
relevant subsystem loop, never by radar.
|
||
|
||
**AHA gate to reach _Proposed_:** ≥3 real consumers · all past Phase 2 & API-stable ·
|
||
structurally identical (file:line evidence) · a natural home (usually NOT lib/guest).
|
||
Anything short → _Watching_ (what's missing) or _Rejected_ (why).
|
||
|
||
---
|
||
|
||
## Last scan
|
||
|
||
- **Date:** 2026-06-07 (radar loop, pass 32)
|
||
- **Pass 32 — A1 DONE.** `loops/conformance` merged to architecture (`db76cc8c`); 13 adopters
|
||
now on the shared driver; radar spot-checked common-lisp = 487/487 green post-merge →
|
||
coordination flag CLEARED. A1 moved to a new **Done** section. New nascent subsystems
|
||
`dream` + `maude` (0 files), `fed-prims` resumed (mutex-deadlock fix). The idle
|
||
`a1-conformance` loop can be retired (worklist complete).
|
||
- **Date:** 2026-06-07 (radar loop, pass 31)
|
||
- **Pass 31 — A1 conformance loop WORKLIST COMPLETE.** tcl excluded (foreign `*.tcl`); final:
|
||
4 migrated (common-lisp/erlang/feed/go) + 5 excluded (forth/js/ocaml/smalltalk/tcl). A1 =
|
||
**12 on shared driver + 6 excluded**; only the parity-gated merge to architecture remains.
|
||
commerce shipped a refund saga on flow (2nd flow use) + finished Phase 5 → going quiescent.
|
||
relations building graph algos (all-paths) — still unconsumed (W9 unchanged).
|
||
- **Date:** 2026-06-07 (radar loop, pass 30)
|
||
- **Pass 30:** conformance loop near done — `ocaml` + `smalltalk` excluded (both foreign
|
||
`test.sh`/corpus runners, as predicted). Tally: 4 migrated, 4 excluded, **tcl only** left.
|
||
Next A1 milestone = the `loops/conformance`→architecture merge under adopter-parity. No
|
||
new candidate; relations/artdag steady (no new W9 delegation).
|
||
- **Date:** 2026-06-07 (radar loop, pass 29)
|
||
- **Pass 29:** conformance loop excluded `js` (test262 fixtures) → 4 migrated + 2 excluded,
|
||
3 remain (ocaml/smalltalk/tcl). New subsystems advancing fast: `relations` → Phase 4
|
||
federation, `artdag` → Phase 6 federation → both fold into W1 (now 7 federation modules,
|
||
theme-not-shape holds) and W9 (relations past Phase 2 but not yet consumed by anyone).
|
||
- **Date:** 2026-06-07 (radar loop, pass 28)
|
||
- **Pass 28 — fleet expanding again.** Conformance loop: `go` migrated 609/609; **`forth`
|
||
excluded** (foreign Forth corpus — classify-then-exclude working). 4 migrated +1 excluded
|
||
on the branch; js/ocaml/smalltalk/tcl remain. **2 new subsystems:** `relations` (Phase 1,
|
||
parent/child rel facts → new W9 nascent watch) and `artdag` (nascent, 0 files). `events`
|
||
MERGED to architecture (its persist+flow adoption now integrated — W4/W8 landed). Briefing
|
||
commit hints more incoming: `dream`, `host`, +5 language chisels.
|
||
- **Date:** 2026-06-07 (radar loop, passes 26–27)
|
||
- **Passes 26–27 (routine tracking):** conformance loop steady at ~1 migration/iteration —
|
||
erlang 761/761, then feed 189/189. A1 = 8 on architecture + 3 on the branch; 6 remain.
|
||
W4 still gated (host-persist adapter not landed); no new subsystem; app loops on
|
||
incremental domain work (commerce Phase 5 payment envelope, content/events/identity/fed-sx).
|
||
Nothing new to discover; merge-time adopter-parity flag still open.
|
||
- **Date:** 2026-06-07 (radar loop, pass 25)
|
||
- **Pass 25:** A1 → **8 adopters** (events via its own loop) + common-lisp 487/487 on the
|
||
conformance branch. The conformance loop **extended the shared `lib/guest` driver**
|
||
(per-suite counters/preloads) to do it → raised a **coordination flag in A1**: verify the
|
||
branch is non-regressive against all 8 adopters before merging to architecture. commerce
|
||
drafting Phase 5 provider-neutral payment envelope. No new candidate; A1 advancing fast.
|
||
- **Date:** 2026-06-07 (radar loop, pass 24)
|
||
- **Pass 24 — three real updates.** (1) **A1 → 7 adopters** (search migrated, counters mode
|
||
— corrects the earlier exclusion). (2) The dedicated `conformance` loop ran its 1st
|
||
iteration: refused to force-migrate common-lisp (parity gate worked) and surfaced a
|
||
**driver feature-gap** (per-suite counters + preloads) gating the complex multi-suite
|
||
candidates → A1 now splits simple-now vs gated-on-driver-enhancement. (3) **W8 commerce
|
||
is LIVE** ("order lifecycle as a durable flow-on-sx flow, Phase 3 done") → 2 live flow
|
||
consumers. events shipped TZ/DST; mod reverted its extraction note (declined on re-read).
|
||
- **Date:** 2026-06-07 (radar loop, pass 23)
|
||
- **Pass 23 — trigger fired (empty streak ends at 19–22).** commerce recorded a Phase 3
|
||
**flow-integration design** (order saga as a flow-on-sx flow, payment suspended until
|
||
webhook resume) → 2nd durable-flow consumer; **W8 broadened** from "delivery" to
|
||
"externally-resumed orchestration on lib/flow." events made its federation transport
|
||
**fed-sx-ready** (injected) → reinforces W1's 5/5 inject-fed-sx seam. acl left tmux
|
||
(now fully quiescent). host-persist adapter still not landed (W4 migration still gated).
|
||
- **Empty-discovery streak: passes 19–22** (last verified pass 22). Fleet at steady state —
|
||
active loops (content CvRDT, events recurrence/reschedule, identity grant-mgmt, fed-sx
|
||
outbox internals) are building *inside* their domains, not cross-cutting infra. Census
|
||
exhausted (p17); all gates re-tested (W1 p18, W2 p19). No new candidate clears any gate.
|
||
- **Radar is now trigger-driven.** The next substantive pass needs one of: **(a)** a new
|
||
subsystem worktree spawning (auto-joins scan), or **(b)** host-persist's durable adapter
|
||
landing → unblocks the W4 acl/mod→persist/log migration, or **(c)** a quiescent
|
||
subsystem (acl/mod/search/commerce, static ~9–16 passes) resuming. Polling ~hourly until
|
||
one fires; will tighten cadence then.
|
||
- **Date:** 2026-06-07 (radar loop, pass 20)
|
||
- **Pass 20 — honest empty pass.** 3 new census recurrences since p17 (normalize/index ×2,
|
||
query ×3) — all **name collisions** (same noun, domain-specific op), added to the table.
|
||
Recorded the meta-pattern: the fleet shares vocabulary, not structure. Most subsystems
|
||
quiescent (acl/mod/search/commerce static ~9-15 passes = API-stable); only events/
|
||
identity/content/fed-sx still committing domain features. No new gate-clearer.
|
||
- **Date:** 2026-06-07 (radar loop, pass 19)
|
||
- **Pass 19 — honest empty pass.** Scanned 10 active subsystems. content/index.sx is a
|
||
blog index/tag-cloud listing (presentation, not full-text search — no search reinvention)
|
||
and content/multi-doc indexing adds no per-viewer filter. **W2 re-tested: still 2**
|
||
(feed, search) — acl's `permit?`-like matches are its own authZ *engine* (the home),
|
||
not a downstream read filter. No new candidate cleared any gate.
|
||
- **Date:** 2026-06-07 (radar loop, pass 18)
|
||
- **Pass 18 — W1 gate re-test.** events shipped Phase 4 federation (5th consumer): a 5th
|
||
divergent merge (sorted agenda + `:origin` provenance), trust-gate = runtime list
|
||
membership (shares mod's mechanism, not acl's). Reinforces W1's "theme not shape" — but
|
||
the **inject-fed-sx-transport seam is now 5/5**, strengthening "all are fed-sx
|
||
consumers-in-waiting." Trust sub-pattern refined: mod+events (runtime set) vs acl (rule).
|
||
- **Date:** 2026-06-07 (radar loop, pass 17)
|
||
- **Pass 17 — filename census declared EXHAUSTED** (see the Census-status table above).
|
||
Examined the last unswept ≥2 recurrences (schema/engine = acl⇄mod substrate twins;
|
||
catalog/batch = name collisions; store = divergent). No new candidate. Incremental churn
|
||
elsewhere (content 621/621, identity PAR, events reminders). Future passes pivot from
|
||
censusing to re-testing gates as consumers mature.
|
||
- **Date:** 2026-06-07 (radar loop, pass 16)
|
||
- **Pass 16:** events started Phase 3 — **durable notification delivery on `lib/flow`**
|
||
(new W8: at-least-once + idempotency exemplar; fed-sx/mod roll their own outbox). The two
|
||
`notify.sx` (feed vs events) are a name collision (read-side digest vs delivery), noted
|
||
in W8. Substrate-adoption story deepening: app domains now consume persist (content/
|
||
commerce/events), flow (events), commerce (events), acl-authZ (identity).
|
||
- **Date:** 2026-06-07 (radar loop, pass 15)
|
||
- **Pass 15:** added the **scanning-method note** above after `query.sx` again proved to
|
||
be merged-lib copies (lib/prolog + lib/persist in every worktree). Corrected census
|
||
surfaced `wire`×2 (content+mod) → Rejected (shared role, divergent structure: generic SX
|
||
serializer vs bespoke pipe-format under a Prolog-env string-prim constraint). events↔
|
||
commerce integration appeared (paid tickets); acl/mod/search quiescent ~7 passes (now
|
||
API-stable). No new gate-clearer.
|
||
- **Date:** 2026-06-07 (radar loop, pass 14)
|
||
- **Pass 14:** filename census flagged `snapshot`×?? — but the `*/lib/persist/snapshot.sx`
|
||
copies are just the merged `lib/persist` in each worktree, NOT consumers (same artifact
|
||
as `lib/feed/rank.sx` everywhere). The one distinct file, `content/snapshot.sx`,
|
||
reimplements persist's projection-checkpoint on raw KV instead of using `persist/snapshot`
|
||
→ new W7 (persist-adoption nudge). `audit`×3 = the W4 fakes (acl/mod/identity), known.
|
||
- **Date:** 2026-06-07 (radar loop, pass 13)
|
||
- **Pass 13 — honest re-test, no gate-clearer.** Re-tested the two longest-waiting gates
|
||
against the maturing app-domain loops: **W2** (per-viewer visibility) still 2 consumers
|
||
(feed, search) — commerce/content/events/identity add no per-viewer read filter; **W3**
|
||
(pagination) still 2 (feed, search) — `content/page.sx` is an HTML wrapper, not
|
||
pagination (filename collision, noted in W3). Incremental churn only elsewhere.
|
||
- **Date:** 2026-06-07 (radar loop, pass 12)
|
||
- **Pass 12:** `events` shipped **transactional booking on persist** (3rd live persist
|
||
consumer) using `persist/append-expect` (optimistic-concurrency CAS, lock-free capacity
|
||
safety). W4 ledger now shows a persist feature-ladder append → append-once → append-expect
|
||
that the hand-rolled fakes can't match. No new candidate; W4 reinforced.
|
||
- **Date:** 2026-06-07 (radar loop, pass 11)
|
||
- **Pass 11 — W4 sharpened with a consumer ledger.** commerce built an **order ledger on
|
||
persist** (2nd live exemplar; uses `persist/append-once` for webhook idempotency) and
|
||
identity a **grant audit ledger** (in-memory Erlang fake, gated on an Erlang↔persist
|
||
bridge). The append-only monotonic-seq event-log pattern is now validated across 4
|
||
domains, 2 live on persist + 3 fakes flagged for adoption. See W4 table.
|
||
- **Date:** 2026-06-07 (radar loop, pass 10)
|
||
- **Pass 10:** commerce/content/events/identity advancing (content 238/238). Probed a
|
||
shape outside the routing table — **guarded lifecycle state machines** (mod/lifecycle +
|
||
identity/membership) → new W6: shared *design principle*, divergent *structure*
|
||
(SX transition-table vs Erlang gen_server), NOT an extraction target. No gate-clearer.
|
||
- **Date:** 2026-06-07 (radar loop, pass 9)
|
||
- **Pass 9:** `commerce` + `content` reached Phase 2 (`content` 162/162). **Key find:
|
||
`content` built its op log directly on `persist/log`** (backend-injected, append+replay-
|
||
to-seq) — the live reference exemplar for W4 (see W4). `events` MONTHLY RRULE,
|
||
`identity` OAuth2 auth-code + PKCE, search boolean-filtered ranked. A1 still 6 adopters.
|
||
- **Date:** 2026-06-06 (radar loop, pass 8)
|
||
- **Pass 8 — fleet expanded by 4 app-domain loops** (the briefing's anticipated
|
||
`commerce`/`identity` arrivals, auto-picked up by dynamic discovery). All early-stage,
|
||
**pre-Phase-2 → moving targets, none count toward any gate yet**:
|
||
- `commerce` (Phase 1: `api/cart/catalog/price`). Its "per-line audit" is a cost
|
||
*breakdown view* (`api.sx:44`), **not** an append-only decision log → NOT a W4
|
||
consumer.
|
||
- `events` (Phase 1: `calendar.sx`, RRULE expansion).
|
||
- `identity` (early: `session/token`). Defers authZ to acl (`token.sx:15`) — reinforces
|
||
W2's "delegate `permit?` to acl-on-sx" routing; identity = authN, acl = authZ.
|
||
- `content` (just-started: `block.sx`).
|
||
These are the future consumers W2/W3 are waiting on — re-check their per-viewer filters
|
||
/ pagination once each clears Phase 2. No new gate-clearer this pass.
|
||
- **Pass 7:** **A1 jumped 4→6 adopters** — `acl` + `mod` migrated to the shared
|
||
conformance driver (first app-domain adopters; proves it generalizes past substrates).
|
||
`host-persist` closed its blob-adapter blocker (durable storage adapter now landing →
|
||
W4 migration path opening). search shipped proximity/NEAR; flow + persist quiescent.
|
||
- **Pass 6:** new worktree **`host-persist`** (active — building persist's durable host
|
||
adapter); `feed` went quiescent (left tmux). acl shipped hardening (+25), fed-sx-m1 at
|
||
Step 6c. **mod loop independently wrote a shared-plumbing note** (`mod-on-sx.md`,
|
||
538b8a53) corroborating W4/W5 — folded its claims + home disagreements into W1/W4/W5.
|
||
No new gate-clearer (audit log still 2 consumers), but consumers are now API-stable.
|
||
- **Pass 5:** search (+highlight/snippet) and fed-sx-m1 (+follower_graph) moved; rest
|
||
unchanged. Filename census: `api`×6, `fed`×3, then `schema/rank/query/page/explain/
|
||
engine/batch/audit`×2. Examined the ×6 `api.sx` → Rejected (shared name, divergent
|
||
structure incl. implicit-vs-explicit-state contract). rank/batch/engine all ≤2 +
|
||
substrate/domain-divergent → no new gate-clearer.
|
||
- **Pass 4:** no churn vs pass 3 (same worktrees/tmux/HEADs/adopters). Swept audit+explain
|
||
surfaces: acl/mod share an append-only-log shape (→ sharpened W4 with persist/log API
|
||
evidence) and a proof-explain shape (→ new W5, substrate-bound). No new gate-clearer.
|
||
- **Pass 3 (earlier today):** subsystem set + tmux + A1 adopters (4) all unchanged vs pass 2. Loops
|
||
advanced: acl shipped Phase 4 federation; search shipped Phase 4 + pagination; feed
|
||
shipped pagination/threading; mod at Ext 19 (capstone); persist did a worked acl-grants
|
||
migration (W4). New shape found: offset/limit pagination → folded into W3.
|
||
- **Subsystem set discovered:** loop worktrees `acl, erlang, fed-prims, fed-sx-m1,
|
||
feed, flow, go, kernel, mod, ocaml, persist, radar, ruby, search,
|
||
sx-vm-extensions`; main-repo `lib/*` incl. merged `feed` + substrates (`apl,
|
||
common-lisp, datalog, erlang, forth, go, haskell, hyperscript, js, lua, minikanren,
|
||
ocaml, prolog, scheme, smalltalk, tcl`) + `lib/guest`.
|
||
Actively looping (tmux): `acl, fed-sx-m1, feed, flow, mod, persist, search`
|
||
(+ radar).
|
||
- **New since pass 1:** worktrees `kernel` (empty/unset — not yet a repo) and `ocaml`
|
||
(`lib/ocaml/baseline` only). Both early-stage, pre–Phase 2 → out of proposal scope.
|
||
- Re-enumerate every pass; new loops (e.g. a future `commerce`/`identity`) auto-join.
|
||
|
||
**Census status (pass 17): EXHAUSTED.** Every own-namespace filename recurring ≥2× has
|
||
been examined and dispositioned — further filename-censusing is low-yield until new
|
||
subsystems/modules appear. Map:
|
||
| filename | owners | verdict |
|
||
|---|---|---|
|
||
| `api` ×10 | all | Rejected — shared role, divergent state contract |
|
||
| `fed`/`federation` | feed/search/mod/acl(+content) | W1 — theme not shape |
|
||
| `audit` ×3 | acl/mod/identity | W4 — append-only log → persist/log |
|
||
| `page` ×3 | feed/search (pagination) + content (HTML wrapper) | W3 + collision noted |
|
||
| `explain` ×2 | acl/mod | W5 — proof tree, substrate-bound |
|
||
| `snapshot` ×2 | persist(facet) + content(reinvents) | W7 |
|
||
| `wire` ×2 | content(SX serializer) / mod(pipe-format) | Rejected — divergent |
|
||
| `schema`,`engine` ×2 | acl/mod | substrate-twin parallels (Datalog vs Prolog); only audit (W4) is liftable |
|
||
| `catalog`,`batch` ×2 | commerce/persist, mod/persist | name collisions, unrelated |
|
||
| `normalize` ×2 | content(tree-prune)/feed(record-coerce) | name collision (pass 20) |
|
||
| `index` ×2 | content(listing)/search(inverted index) | name collision (pass 20) |
|
||
| `query` ×3 | content(doc-block)/search(bool AST)/persist(stream-read) | 3-way name collision (pass 20) |
|
||
| `store` ×2 | content(on persist) / flow(workflow records) | related concept, divergent |
|
||
| `rank` ×2 | feed/search | different domains (activities vs docs), ≤2 |
|
||
**acl⇄mod are structural twins** (decision engine over a logic substrate, Datalog vs
|
||
Prolog) — they parallel across engine/schema/explain/audit/fed, but only the *audit log*
|
||
is substrate-agnostic and liftable (→ W4); the rest are substrate-idiomatic. Next passes:
|
||
re-test gates (W2/W3/W8) as consumers mature, watch new modules — not re-census.
|
||
|
||
**Meta-pattern (pass 20):** new module names keep *recurring* but the operations keep
|
||
*colliding* — same noun, domain-specific op (normalize, index, query, catalog, batch,
|
||
notify, page, store all proved to be collisions). This is *why* genuine extraction
|
||
candidates are rare: the fleet shares vocabulary, not structure. The real shared assets
|
||
are the **substrate subsystems** (persist, flow, acl, fed-sx) that app domains *adopt*
|
||
(W1/W2/W4/W7/W8), not hand-rolled libs to extract.
|
||
|
||
**Scanning-method note (learned the hard way, passes 5/12/14/15):** a filename census
|
||
for *cross-subsystem* recurrence MUST restrict to each subsystem's OWN namespace —
|
||
`X/lib/X/*.sx` — never `X/lib/*/`. The merged substrate libs (`lib/prolog`, `lib/persist`,
|
||
`lib/feed`, `lib/datalog`, …) are checked out inside *every* worktree, so a naive census
|
||
reports e.g. `query.sx`/`snapshot.sx`/`rank.sx` ×N as phantom recurrences that are really
|
||
one merged file copied N times. Correct one-liner:
|
||
`for w in <subsystems>; do for f in $w/lib/$w/*.sx; do basename $f .sx; done; done | sort | uniq -c | sort -rn`.
|
||
|
||
---
|
||
|
||
## Done
|
||
|
||
### A1 · Shared conformance driver — ✅ COMPLETE (merged `db76cc8c`, pass 32)
|
||
Full closed loop: radar detected it → dedicated `conformance` loop implemented it
|
||
(classify-then-migrate-or-exclude, hard parity gate) → **merged to architecture**
|
||
(`db76cc8c Merge loops/conformance into architecture: A1 conformance-driver migration`)
|
||
→ radar spot-verified post-merge (**common-lisp 487/487 green** on architecture — exercises
|
||
the new per-suite-counters/preloads driver feature, the riskiest change). Final state:
|
||
- **13 on the shared driver:** acl, apl, common-lisp, datalog, erlang, events, feed, go,
|
||
haskell, mod, prolog, relations, search.
|
||
- **6 correctly excluded** (foreign-program runners — a legitimately different harness):
|
||
forth, js, ocaml, smalltalk, tcl, lua.
|
||
- The shared driver gained per-suite counters + per-suite preloads (backward-compatible);
|
||
spot-check confirms existing adopters unaffected. Coordination flag CLEARED.
|
||
Detail of the migration arc retained under the original entry below.
|
||
|
||
## Proposed (cleared the gate)
|
||
|
||
_(empty — A1 graduated to Done, pass 32.)_
|
||
|
||
### A1 · Adopt the shared conformance driver across subsystems
|
||
- **Pattern:** every subsystem hand-rolls a near-identical `conformance.sh`
|
||
(epoch-load → eval → scoreboard emit) and an inline `<x>-test name got expected`
|
||
pass/fail counter.
|
||
- **Consumers (≥3, overwhelming):** 15 `lib/*/conformance.sh` — `apl, feed, datalog,
|
||
flow, mod, lua, erlang, forth, go, common-lisp, haskell, js, ocaml, prolog,
|
||
smalltalk, tcl`.
|
||
- **Home:** `lib/guest` — the one legitimate exception (the shared driver
|
||
`lib/guest/conformance.sh` + `lib/guest/conformance.sx` already exist; modes
|
||
`dict` and `counters`).
|
||
- **Status: IN PROGRESS — 6 adopters (pass 7).** `prolog` (dict), `haskell` (counters),
|
||
`apl` (dict), `datalog` (dict), and **`acl` (dict) + `mod` (dict), newly migrated this
|
||
pass** — all 3-line exec shims into `lib/guest/conformance.sh` with a `conformance.conf`.
|
||
**acl + mod are the first *app-domain* adopters** (not language substrates) — strong
|
||
evidence the driver generalizes beyond the substrate layer, which was the open question.
|
||
The `apl` migration earlier *surfaced a latent bug*: the old awk extractor
|
||
under-counted `pipeline` (40 vs the real 152 assertions); true apl total is **562**,
|
||
not 450 — evidence that adopting the driver also improves correctness.
|
||
- **Not a target (different harness shape):** `lua/conformance.sh` is a Python runner
|
||
(`lib/lua/conformance.py`) that walks real `*.lua` source files via `lua-eval-ast`
|
||
and classifies pass/fail/timeout — it does not run SX `deftest` suites with a
|
||
counter/dict scoreboard, so the shared driver does not fit. Excluded, not pending.
|
||
- **Remaining hand-rolled candidates (~120–220 lines each):** `common-lisp, erlang,
|
||
feed, forth, go, js, ocaml, smalltalk, tcl` — now being worked by the dedicated
|
||
`conformance` loop (above). (`lua` excluded: walks real `*.lua` files via Python.
|
||
`smalltalk` likely excludes too — runs `*.st` via its own `test.sh`. `search` was
|
||
thought to be excluded but DID migrate via counters mode — see the 7-adopter note.)
|
||
- **Action:** each remaining subsystem's OWN loop migrates when quiescent — add a
|
||
`conformance.conf` (+ a `test-harness.sx` preload defining its counters) and
|
||
replace `conformance.sh` with the 1-line exec shim
|
||
(`exec bash …/guest/conformance.sh …/conformance.conf "$@"`). Recipe template:
|
||
`lib/haskell/conformance.conf` (counters) or `lib/prolog/conformance.conf` (dict).
|
||
Keep the `bash lib/X/conformance.sh` entry point so no loop is disrupted.
|
||
- **Priority: HIGH** (15 consumers, low risk, interface-preserving, additive).
|
||
- **8 adopters on architecture** (pass 25): acl, apl, datalog, **events**, haskell, mod,
|
||
prolog, search — `events` migrated via its OWN loop; `search` via counters mode (which
|
||
corrects the earlier "search excluded" note). **+4 on the `loops/conformance` branch:
|
||
`common-lisp` 487/487, `erlang` 761/761, `feed` 189/189, `go` 609/609** — pending merge.
|
||
**5 EXCLUDED — all foreign-runner harnesses** (correctly, not force-migrated): `forth`
|
||
(Hayes core.fr via awk+python), `js` (test262 `.js`/`.expected`), `ocaml` (scrapes
|
||
`test.sh` + `.ml` baseline), `smalltalk` (scrapes `test.sh` + `*.st` corpus), `tcl`
|
||
(foreign `*.tcl` vs `# expected:` annotations).
|
||
- **✅ CONFORMANCE LOOP WORKLIST COMPLETE (pass 31).** Final A1 picture:
|
||
- **12 on the shared driver:** acl, apl, datalog, events, haskell, mod, prolog, search
|
||
(on architecture) + common-lisp, erlang, feed, go (on `loops/conformance`, pending merge).
|
||
- **6 correctly excluded** (foreign-program runners — testing a language impl against an
|
||
external corpus is legitimately a different harness): forth, js, ocaml, smalltalk, tcl, lua.
|
||
- **Honest finding:** the driver's reach is narrower than the raw "15 conformance.sh"
|
||
count implied — language substrates that run real `.lua/.st/.ml/.tcl/.js/.fr` programs
|
||
*should* keep their foreign runners. ~half migrate, ~half don't, and that's correct.
|
||
- **One step left:** merge `loops/conformance` → architecture under the **adopter-parity
|
||
check** (the coordination flag above — the shared `lib/guest` driver change must be
|
||
proven non-regressive against all existing adopters first). The loop is now idle.
|
||
- **NOW IN PROGRESS — dedicated loop (2026-06-07).** A human-triggered `conformance` loop
|
||
(worktree `/root/rose-ash-loops/conformance`, branch `loops/conformance`, tmux session
|
||
`a1-conformance`, briefing `plans/agent-briefings/conformance-loop.md`) is working the
|
||
remaining candidates (common-lisp, erlang, feed, forth, go, js, ocaml, smalltalk, tcl)
|
||
one per iteration, **classify-then-migrate-or-exclude with a hard test-count parity gate**
|
||
(reverts on any mismatch; never pushes to main/architecture). Radar tracks; it implements.
|
||
- **Driver-capability boundary found (pass 24, first iteration).** The loop did NOT
|
||
force-migrate `common-lisp` (baseline 305/0 across 12 suites) — the shared driver can't
|
||
reproduce it: `MODE=counters` supports only ONE global pass/fail counter pair + ONE fixed
|
||
preload set, but common-lisp needs **per-suite counter names** (8 distinct pairs) and
|
||
**per-suite preload chains**. It logged a precise blocker + unblock path (extend the
|
||
`SUITES` entry format with optional per-suite counters/preloads) and moved on.
|
||
- **Driver gap RESOLVED next iteration (pass 25) — but it touched the shared driver.** The
|
||
loop extended `lib/guest/conformance.sh` (+38 lines: optional per-suite counters + per-suite
|
||
preloads in the `SUITES` format, backward-compatible) and then migrated common-lisp at
|
||
**487/487** (above the 305 baseline — likely another extractor under-count correction, à la
|
||
apl's `pipeline`). The parity gate held throughout.
|
||
- **⚠ COORDINATION FLAG (radar): the `loops/conformance` branch now carries a change to the
|
||
SHARED `lib/guest` driver** used by all 8 adopters. It's additive by design, but **before
|
||
this branch merges to `architecture`, re-run the existing adopters' suites under the new
|
||
driver to confirm zero regression** (acl/apl/datalog/events/haskell/mod/prolog/search).
|
||
This is the one cross-cutting risk in an otherwise per-subsystem-isolated effort — surfaced
|
||
here so the merge is gated on adopter-parity, not assumed.
|
||
|
||
---
|
||
|
||
## Watching (real but not yet through the gate)
|
||
|
||
### W1 · Federation scaffold (merge / ingest / backfill / trust-gate)
|
||
- **FAILS the structural-identity gate (deep-dived 2026-06-06, all 4 read).** Consumer
|
||
count is met (4) but they are *superficially* similar, not structurally identical —
|
||
the federated unit and merge op differ fundamentally:
|
||
|
||
| Subsystem (file) | Federated unit | Merge op | Trust gate | Injected transport |
|
||
|---|---|---|---|---|
|
||
| feed (`fed.sx:14,18,40`) | activity streams | dedupe by `(actor verb object)` | none (visibility via `permit?` separately) | `send-fn`, `fetch-fn` |
|
||
| search (`fed.sx:8`) | inverted indices | relabel DocId `peer*1000+local` + union posting lists | none | none (pure merge fn) |
|
||
| mod (`fed.sx:11-14,99`) | moderation decisions | advisory-list vs applied-list; bind iff `mod/trusted?` | **yes — runtime list** `mod/trusted? peer scope` | mock outbox / `fed-send!` |
|
||
| acl (`federation.sx:43,56`) | Datalog delegate facts | pull facts, gate by `trust`/`level_covers` rule, re-saturate | **yes — Datalog rule** at query time | `transport` dict |
|
||
| events (`federation.sx`) | calendar agendas | fold trusted peers' agendas into one sorted agenda + `:origin` provenance | **yes — runtime list** `ev/trusts?` (peer-id ∈ trust-set) | injected behind `ev/peer-agenda` |
|
||
|
||
- **The ONLY real commonality is the injection seam** (now 5/5, pass 18), not extractable
|
||
code: every one says "the real transport is `fed-sx`'s job; inject `send-fn`/`fetch-fn`/
|
||
`transport`/`peer-agenda` and mock it in tests." That is an architectural *convention the
|
||
fleet already follows*. The merge op diverges 5 ways (dedupe / index-union / advisory /
|
||
fact-saturation / agenda-sort). The trust gate, where present, splits: **mod + events use
|
||
a runtime trust-set membership check; acl uses a declarative Datalog rule** — so even the
|
||
trust sub-pattern is 2-of-3, and the membership check is a trivial one-liner (below the
|
||
extraction threshold). No shared merge, no single shared trust mechanism.
|
||
- **Disposition:** do NOT extract a shared "federation lib." When `fed-sx` ships its
|
||
real transport, these 4 become its *consumers* (wiring `send-fn`/`fetch-fn`/`transport`
|
||
to it) — that work belongs to each subsystem's loop + the `fed-sx` loop, not a
|
||
cross-cutting extraction. Stop re-proposing on the shared name. Home: `fed-sx`.
|
||
- **Now 7 federation modules (pass 29):** + `relations` (Phase 4: erel trust-gating,
|
||
peer_rel/trust, fed-sx mock transport — Datalog-rule trust like acl) and `artdag`
|
||
(Phase 6: content-addressed cache + trust + **invalidation** — a merge shape unlike any
|
||
other). Each new one reinforces "theme not shape": 7 divergent merges, all sharing only
|
||
the inject-fed-sx-transport seam. Verdict unchanged — they're fed-sx consumers-in-waiting.
|
||
- **Narrower sub-claim (mod note, pass 6; refined pass 18):** mod asserts the *fed
|
||
trust/outbox* shape shares between mod+acl. Radar evidence refines this: the trust gate
|
||
splits by mechanism, not by subsystem pair — **mod + events** both use a runtime
|
||
trust-set membership check (`mod/trusted?`, `ev/trusts?`), while **acl** uses a Datalog
|
||
rule. So a "trust-set membership" helper has 2 consumers (mod, events) — but it's a
|
||
one-line `member?` and the merge it gates diverges, so still not worth extracting.
|
||
Resolve at the architecture-merge point if a heavier shared trust-set surface emerges.
|
||
|
||
### W2 · Per-viewer visibility / permission filter
|
||
- **2 shipped consumers, same shape** — `filter <injected-permit> <ranked/candidate stream>`:
|
||
- `feed/lib/feed/acl.sx:27` `feed/visible = (feed/filter stream (fn (a) (permit? viewer a)))`,
|
||
capstone at `:34` (stream → ACL → rank → top-N). `permit?` injected, sig `(viewer activity)→bool`.
|
||
- `search/lib/search/fed.sx:16` `aclFilter permit docs = filter permit docs`;
|
||
`topNTfIdfAcl n permit ts idx = take n (aclFilter permit (rankTfIdf ts idx))`.
|
||
`permit` injected, sig `DocId→Bool` (viewer baked in by caller).
|
||
- **NOT a consumer:** `mod/lib/mod/policy.sx` is moderation policy (reviewer actions),
|
||
no per-viewer read filter. So mod won't be the 3rd.
|
||
- **Missing:** (a) only 2 consumers, need ≥3; (b) the two interfaces *diverge* —
|
||
feed passes `(viewer, item)`, search bakes the viewer in — so any shared form must
|
||
pick a convention; (c) both already **inject** the predicate, and the filter body is
|
||
literally one line (`filter permit xs`). Leaning toward: the predicate's home is
|
||
`acl-on-sx` (`permit?`), and the one-line filter is too thin to extract.
|
||
- **Home when ripe:** delegate `permit?` to `acl-on-sx`; do NOT extract the filter.
|
||
Re-check if a 3rd genuine per-viewer read filter ships (e.g. events/commerce).
|
||
|
||
### W3 · Collection helpers (group-by, dedupe-by-key, stable top-N, distinct-order, offset/limit page)
|
||
- feed built all of these on APL primitives. search/commerce/events will want
|
||
group-by / top-N.
|
||
- **NEW (2026-06-06): offset/limit pagination shipped in 2 subsystems, identical shape**
|
||
`take limit (drop offset xs)`:
|
||
- `feed/lib/feed/page.sx:9` `feed/page` (offset/limit window over a stream).
|
||
- `search/lib/search/page.sx:9` `paginate off lim docs = take lim (drop off docs)`.
|
||
- NOT a 3rd: `persist/lib/persist/query.sx:5` has a *since-cursor* for incremental log
|
||
consumption — resumable-stream semantics, not result windowing. Different shape.
|
||
- feed *also* has cursor-by-`:at` recency pagination (`page.sx:21-44`); search has no
|
||
cursor. So only the plain offset/limit window is shared, and it is a literal 1-liner.
|
||
- **Missing:** ≥3 stable consumers; AND every item here is collection math that belongs
|
||
in the **substrate** (APL/Haskell already expose grade/sort/unique/take/drop), not a
|
||
shared lib. A 1-line `take/drop` window is far below the extraction threshold. Watch;
|
||
revisit only if a non-substrate subsystem needs the same windowing without take/drop.
|
||
- **Filename-collision caution (pass 13):** `content/lib/content/page.sx` is an **HTML
|
||
page wrapper** (full HTML5 doc), NOT pagination — do not count it as a 3rd pagination
|
||
consumer. `page.sx` now means two unrelated things across the fleet. Re-tested pass 13:
|
||
pagination still only feed + search (2).
|
||
|
||
### W4 · In-memory store fakes → `persist-on-sx`
|
||
- Not an abstraction to extract — a migration target. Every subsystem fakes its
|
||
store with a mutable list (`feed/-log`, flow store, mod audit, …).
|
||
- **Owner:** `persist-on-sx` (in progress). Tracked there, listed here for visibility.
|
||
- **Concrete instance (file:line, found pass 4): the append-only decision/audit log.**
|
||
`acl/lib/acl/audit.sx` and `mod/lib/mod/audit.sx` are the SAME hand-rolled shape, and
|
||
`persist/lib/persist/log.sx` (the persist *log facet*) already implements it durably:
|
||
|
||
| role | acl/audit.sx | mod/audit.sx | persist/log.sx (target) |
|
||
|---|---|---|---|
|
||
| log var | `acl-audit-log` :9 | `mod/*audit-log*` :10 | backend stream |
|
||
| monotonic seq | `acl-audit-seq` :10 | `mod/*audit-seq*` :11 | per-stream high-water :1 |
|
||
| append (auto-seq) | `acl-audit-decide!` | commit :32 | `persist/append` :17 |
|
||
| count | `acl-audit-count` :51 | `mod/audit-count` :44 | `persist/count` :12 |
|
||
| read-all oldest-first | snapshot/tail :73 | `mod/audit-all` :43 | `persist/read` :29 |
|
||
| read seq≥from | — | by-seq | `persist/read-from` :31 |
|
||
|
||
Both deliberately use a monotonic seq with **no wall-clock** (deterministic/testable) —
|
||
identical to persist/log's design. Action when persist's host adapter lands: acl + mod
|
||
loops swap their in-memory log for `persist/log`. 2 consumers today; not a new lib —
|
||
the home already exists. Belongs to acl/mod loops × persist loop, not an extraction.
|
||
- **Cross-loop corroboration (pass 6):** the mod loop independently reached the same
|
||
conclusion — `mod/plans/mod-on-sx.md` (commit 538b8a53): *"mod-sx (Prolog) and acl-sx
|
||
(Datalog) converged on the same module shape … only the audit log + fed trust/outbox
|
||
shapes truly share; extract at the architecture-merge point, refactoring both consumers
|
||
atomically, not unilaterally from a loop branch."* Confirms the shape AND the
|
||
do-not-extract-unilaterally stance.
|
||
- **Home disagreement to resolve at merge:** mod's note proposes lifting the audit-log
|
||
primitives into **`lib/guest/`**. Radar routing disagrees: a durable append-only log is
|
||
a **`persist-on-sx`** concern (the log facet already exists), not language-impl plumbing.
|
||
Hold the line — `lib/guest` is lexer/parser/AST/HM/test-runner, not an event log.
|
||
- **Migration is becoming concrete:** new `host-persist` loop (worktree + tmux, pass 6)
|
||
is building the durable-storage host adapter persist was blocked on — once it lands,
|
||
acl/mod can actually swap to `persist/log`.
|
||
- **LIVE REFERENCE EXEMPLAR (pass 9): `content` already does it right.** `content`
|
||
(Phase 2 complete, 162/162) built its op log directly on `persist/log` instead of
|
||
faking it — `content/lib/content/store.sx`: backend injected via `(persist/open)`
|
||
("content knows nothing about which backend", :10); append op as event
|
||
`persist/append b (content/-stream doc-id) …` (:20); read `persist/read` (:36);
|
||
`persist/last-seq` (:47); **version = replay op stream up to a seq**
|
||
(filter `persist/event-seq ev <= seq`, :61). "The op log is the source of truth …
|
||
the materialised doc is a cache, never primary state."
|
||
This proves the W4 target is real, not hypothetical: acl + mod's hand-rolled
|
||
monotonic-seq logs should adopt exactly content's `persist/log` pattern.
|
||
- **Consumer ledger of the append-only monotonic-seq event log (pass 11):**
|
||
|
||
| consumer | what | backing | note |
|
||
|---|---|---|---|
|
||
| content (`store.sx`) | doc op log | **persist/log ✓ live** | plain append + replay-to-seq |
|
||
| commerce (`ledger.sx`) | order ledger | **persist/log ✓ live** | `persist/append-once` — idempotent, webhook-replay-safe :40,58 |
|
||
| events (`booking.sx`) | booking roster | **persist/log ✓ live** | `persist/append-expect` — optimistic-concurrency CAS, capacity-safe, lock-free |
|
||
| acl (`audit.sx`) | decision log | in-memory fake (SX) | migrate directly when host adapter lands |
|
||
| mod (`audit.sx`) | decision log | in-memory fake (SX) | migrate directly |
|
||
| identity (`audit.sx`) | grant ledger | in-memory fake (**Erlang**) | `{Seq,Subject,Action}`; needs an **Erlang↔persist bridge** first — author scoped it out until persist lands ("queryable semantics identical") |
|
||
|
||
- **Two takeaways:** (1) the pattern is **validated across domains** — CRDT doc ops,
|
||
financial orders, event bookings, rule decisions, OAuth grants all reduce to the same
|
||
append-only monotonic-seq stream; (2) migrating to `persist/log` is strictly *better*
|
||
than the fakes — persist exposes a **feature ladder the fakes don't have**:
|
||
`append` (content) → `append-once`/idempotency (commerce) → `append-expect`/optimistic-
|
||
concurrency (events). Every fake would have to reinvent a weaker version of these.
|
||
This is an **adoption** item (the home already exists), NOT a new extraction — owned by
|
||
persist/host-persist × each consumer loop. The SX fakes (acl, mod) migrate directly;
|
||
the Erlang fake (identity) is gated on an Erlang↔persist bridge.
|
||
|
||
### W5 · Proof-tree explanation over a logic-program derivation
|
||
- `acl/lib/acl/explain.sx` (reconstructs a canonical proof by goal-directed search over a
|
||
saturated Datalog db) and `mod/lib/mod/explain.sx` (renders a Prolog-style proof tree
|
||
goal-by-goal with proved/unproved marks + unification bindings) are the same *idea*.
|
||
- **Missing / disposition:** only 2 consumers, and they sit on **different substrates**
|
||
(acl→`lib/datalog`, mod→`lib/prolog`). Proof reconstruction/rendering is logic-engine
|
||
machinery → it belongs in each **substrate** (datalog/prolog), not a shared app lib.
|
||
Watch; revisit only if a 3rd logic-backed subsystem reimplements proof explanation.
|
||
- **Cross-loop note (pass 6):** mod's note calls `mod/proof-goals` (re-query-each-goal)
|
||
generic and proposes lifting it into **`lib/guest/`**. Radar caveat: proof-tree
|
||
reconstruction *is* engine-agnostic logic machinery, but `lib/guest` is for
|
||
lexer/parser/AST/HM/match/test-runner — a logic-engine proof helper is a poor fit there.
|
||
If genuinely shared by ≥3 engines, a `lib/logic`-style substrate helper is the better
|
||
home than `lib/guest`. Still 2 consumers → stays Watching either way.
|
||
|
||
---
|
||
|
||
### W9 · Parent/child relationship tracking → the new `relations` subsystem (nascent)
|
||
- **New subsystem (pass 28):** `relations` (loops/relations, Phase 1 — `schema.sx`+`api.sx`,
|
||
rel facts + `relate`/`unrelate`/`children`/`parents`/`related`, 22 tests). Per CLAUDE.md
|
||
it's the canonical "cross-domain parent/child relationship tracking."
|
||
- **Why watch:** several subsystems already track parent/child *locally* — feed reply-to
|
||
threading (`thread`/`replies`), content nested block trees, events occurrence/RECURRENCE-ID
|
||
links. If `relations` becomes the shared home, those are candidate *delegators* (like
|
||
acl=authZ, persist=log). But it's **Phase 1, pre-Phase-2, moving target** — and each
|
||
local impl is currently domain-specific (different keys/semantics). Do NOT propose yet.
|
||
Re-check when relations is past Phase 2 AND ≥3 subsystems' relationship logic could
|
||
genuinely delegate to it. `artdag` also just spawned (nascent, 0 files) — tracking only.
|
||
(pass 32: `dream` + `maude` also spawned, nascent 0-files; `fed-prims` resumed.)
|
||
- **Update pass 29:** relations rocketed to **Phase 4** (one gate — past Phase 2 — now met),
|
||
but it's building ITSELF out (schema/federation), **not yet being consumed** by anyone.
|
||
The blocker is the other gate: 0 subsystems currently *delegate* their parent/child logic
|
||
to it (feed/content/events still track locally). Watch for the first real delegation.
|
||
(artdag also raced to Phase 6 — these ports advance fast; treat committed state as truth.)
|
||
|
||
### W8 · Durable externally-resumed orchestration on `lib/flow` (suspend→host-IO→resume)
|
||
- **The shared shape:** a durable `flow` that `request`s an external action (a suspend
|
||
point), the **host** performs the IO, then `flow/resume`s the flow with the outcome;
|
||
flow's deterministic replay means a completed step never re-runs on recovery.
|
||
- **Consumers (pass 24): 2 LIVE** (events delivery, commerce order saga).
|
||
- `events/lib/events/notify.sx` (**live**) — reminders/digests as durable flows;
|
||
suspend on delivery `dispatch`, resume with send outcome. At-least-once + idempotency key.
|
||
- `commerce` (**LIVE** as of pass 24 — "order lifecycle as a durable flow-on-sx flow,
|
||
21 tests, Phase 3 done") — order saga `(defflow ordf … (request 'reserve oid) … )`:
|
||
reserve→pay→fulfil as a flow, **payment stays suspended until the payment webhook calls
|
||
`flow/resume`**. Carries only the order-id; pure orchestration over `ledger.sx`.
|
||
- **Now 2 LIVE consumers** of the *same* pattern: long-running process, external resume
|
||
(delivery dispatch vs payment webhook). fed-sx/mod still roll their own outbox (watch
|
||
for convergence). Strengthens "lib/flow is the home"; still adoption, not extraction.
|
||
- **Disposition:** `lib/flow` IS the abstraction (events proves it, commerce adopts it) →
|
||
this is an **adoption** observation like W4, NOT an extraction. Home = `lib/flow`.
|
||
- **Flow-onboarding friction (light signal):** commerce's note logs real gotchas adopting
|
||
flow — `flow-make-env` returns a large likely-cyclic env (don't print it), env build is
|
||
slow (budget ~540s like flow's own suite). If ≥3 subsystems hit the same onboarding
|
||
gotchas, that's a signal to smooth `lib/flow`'s adopter API — flow's concern, flagged here.
|
||
- **Name-collision caveat:** `notify.sx` means two unrelated things — `feed/notify.sx` is
|
||
a *read-side digest* (group inbox by verb+object), NOT delivery. Do not pair them.
|
||
|
||
### W7 · Snapshot/projection-checkpoint reimplemented vs `persist/snapshot` (delegate)
|
||
- `persist/lib/persist/snapshot.sx` already provides a **generic** projection checkpoint:
|
||
store `{:value :seq}` in the kv facet under a namespaced key; the headline property is
|
||
**snapshot + tail == full replay** (pure, clock-free).
|
||
- `content/lib/content/snapshot.sx` **reimplements that same pattern on raw persist KV**
|
||
rather than delegating: `persist/kv-put b (content/-snap-key doc-id) {:doc … :seq seq}`
|
||
(:20), `persist/kv-has?`/`kv-get` (:27-28), and its own tail-replay (:53-59). It never
|
||
calls `persist/snapshot-*`. content's doc-materialisation *is* a projection fold over
|
||
its op stream — exactly what `persist/snapshot` checkpoints generically.
|
||
- **Disposition:** persist-adoption nudge (like W4): content could delegate to
|
||
`persist/snapshot` (its projection = "fold ops → doc"), dropping the duplicated
|
||
KV+replay code. Home already exists → NOT an extraction; owned by content × persist
|
||
loops. Only 1 reinventor today; watch whether commerce/events/identity also hand-roll a
|
||
snapshot on raw KV instead of using the facet (would strengthen the nudge). NB timeline:
|
||
unclear if `persist/snapshot` predated content's — flag, don't blame.
|
||
|
||
### W6 · Guarded lifecycle state machine (illegal transition = explicit error)
|
||
- Recurs as a **design principle**, NOT a shared structure (found pass 10):
|
||
- `mod/lib/mod/lifecycle.sx` — pure SX: immutable case `{:state :error :history …}`,
|
||
explicit transition table `mod/lc-transitions` (:31), illegal transition returns the
|
||
case unchanged with `:error` set. States open→triaged→decided→appealed→final.
|
||
- `identity/lib/identity/membership.sx` — an **Erlang `gen_server`** fragment (identity
|
||
runs on erlang-on-sx): a `receive` loop with `case find(...) of … {error, St}` guards.
|
||
States none→pending→active→lapsed→revoked.
|
||
- **Both share the guideline** ("invalid transitions are explicit errors, never silent
|
||
no-ops") but **implement it substrate-idiomatically** — SX transition-table over
|
||
immutable values vs an Erlang process loop with per-message case guards. Same W1/`api.sx`
|
||
trap: shared *idea*, divergent *structure*.
|
||
- **Disposition:** not an extraction target — the FSM mechanism is ~10 substrate-specific
|
||
lines; the value is in each domain's state graph, not the plumbing. At most a **design
|
||
guideline** ("model lifecycle as a guarded FSM with explicit-error transitions"). Watch
|
||
whether commerce-checkout / events-booking add their own — if so it confirms the
|
||
*guideline*, still not a lib. Do not propose extracting a shared state-machine lib.
|
||
|
||
## Rejected (considered, declined — do not re-propose)
|
||
|
||
- **"Continuous auto-implementing abstractor loop."** Rejected at design time: an
|
||
agent writing across `lib/<x>/**` breaks the worktree isolation that makes the
|
||
fleet safe, and is rewarded for manufacturing premature/wrong abstractions. The
|
||
radar is read-only by design. (This file is the alternative.)
|
||
- **Shared `api.sx` "public boundary" module (×6).** Rejected pass 4-5: every subsystem
|
||
has an `api.sx` (acl, feed, flow, mod, persist, search — a 100% filename match), but it
|
||
is a naming *convention for the public entry point*, not a shared structure. They
|
||
disagree on the most basic contract: acl/feed use **implicit module state**
|
||
(`acl/api.sx` "implicit current db", `feed/api.sx` "single mutable log") while
|
||
`persist/api.sx` threads an **explicit backend as every call's first arg**; flow's api
|
||
*builds a Scheme env*, search's api *concatenates a Haskell source string*, mod's is a
|
||
*lifecycle state-machine façade* (17 defs vs persist's 1). Same role, no common shape —
|
||
the W1 coincidental-resemblance trap. Do not re-propose on the filename.
|
||
- **Shared `wire.sx` "serialization" module (×2).** Rejected pass 15: content + mod both
|
||
have a `wire.sx`, but `content/wire.sx` uses the **generic SX serializer**
|
||
(`serialize`/`parse`, full-fidelity round-trip) while `mod/wire.sx` is a **bespoke
|
||
versioned pipe-delimited line** (subset of fields, `split` hand-built over slice/len
|
||
because mod's Prolog-loaded env strips string prims). Shared role (wire format),
|
||
divergent structure + substrate constraint → not a candidate; the SX serializer is
|
||
already the shared tool for SX-substrate subsystems, and mod can't use it. (Same family
|
||
as the `api.sx` rejection above.)
|
||
- **Dumping app-domain plumbing into `lib/guest`.** Rejected: `lib/guest` is for
|
||
language-implementation plumbing. App patterns route to acl/fed-sx/persist/
|
||
substrate/host instead (see the routing rule in the briefing).
|