unity-ctx can now carry reviewed spatial evidence from Unity into deterministic, agent-readable contracts without granting an AI approval or write authority.
Reviewed spatial geometry
- Spatial Manifest v2 adds Collider-first compound local OBBs, semantic axes, pivot offsets, named contact frames, and reviewed planar floor/wall/ceiling surfaces.
scene scan --mode editor --geometry detailedrecords Unity-imported geometry while preserving manifest v1 read compatibility.scene checkadds rotated compound-OBB SAT plus contact gap, penetration, direction, and support checks.scene suggest --align wall --surface-id ...returns deterministic, read-only wall alignment candidates from reviewed evidence.- Missing v2 geometry fails as
UNKNOWN NEED_GEOMETRY_V2; it never guesses from AABB data.
Human-reviewed Spatial Contracts
- Strict, stable Asset and Interaction contract schemas with geometry, dependency, capture, proposal, and interaction hashes.
- Lifecycle states for draft, technical pass/failure, human review, revision requests, approval, and stale evidence.
- New
spatial validate,verify-approved,diff,review, and dry-run-firstapplycommands. - A local Ed25519 review bridge binds approval to the exact action, draft, current-file baseline, destination, capture, reviewer, and dependency geometry.
- Approved receipts live in the OS account's application-data ledger and are cryptographically re-verified before later consumption.
- MCP remains read-only: it exposes spatial checks and suggestions, never human approval or mutation.
Surface Arrangement contracts
- New
arrangement validateandarrangement hashcommands for deterministic multi-prop surface composition specs. - Cross-language normalization matches Unity
System.Single, UTF-16 ordinal ordering, stable JSON escaping, and fixed numeric formatting.
Approval and recovery hardening
- Signed raw-file CAS publication with no-replace hard links and structured committed/recovery states.
- Trusted-root path guards reject symlink/junction escapes and retain Windows handles or Linux file descriptors through receipt completion.
- Destination locks retain their file identity for the full lease, preventing inode/file-ID reuse from removing a successor lock.
- Security-sensitive files use bounded stable reads; Spatial Contracts are capped at 4 MiB.
- Approval writes are supported on Windows and Linux. Other OSes fail before verifier or nonce consumption while existing receipts remain read-only verifiable.
Compatibility
- Spatial Manifest v1 remains readable.
- Existing mutation commands remain dry-run-first and safety-kernel gated.
- Raw FBX parsing, AI approval, and MCP mutation are intentionally not included.
Install from source:
go install github.com/Kubonsang/unity-ctx/cmd/unity-ctx@v0.9.1Implemented and hardened in PR #41.