Mint protocol catalog v1.6.4 (PEP extension-only: PPP + CCP)#516
Merged
Conversation
Catalogs two new draft extension protocols: - pattern-predicate-protocol (PPP): editorial pattern -> content-addressed substrate query -> result-set delta -> FRP receipt. - contract-composition-protocol (CCP): canonical compose primitive in libprovekit, exposed via FFI / CLI / direct-link, called identically by every lifter and verifier across every language. Plus implementation extensions that ship alongside (libprovekit compose.rs + ffi.rs, provekit-cli compose subcommand, C lifter effects + composition pass, BZ-COMPOSITION-001 specimen). All extension-only: no core verifier behavior change, no ProofIR grammar change, no canonicalization change. Existing v1.6.3 mementos / fixtures / .proof bundles remain valid. Catalog v1.6.4 CID: blake3-512:09ccf7b1464622eceb4ac0e9bae3b435ba92d87c19e89f93724e6be75f4afce9eb3dedb7b8ebe2536de054143efefcb3cb622e6e5b4140bb26e6156a9bc9adf3 PEP body CID: blake3-512:604608dddd23db1c9ac3b593b1a4c7612b4c3d5cb1432976d38c0c935ce0fc2f6babff8d410e13ca44227b40ad1cbb29657633e5e5184afb7825653767289fa9 PEP witness CID: blake3-512:fa6e7f3861c9ed443a7eaac486a5d091e09a566384f2314dc45c8b7c3301e31104a31076f0a48bc177a1108d4a3d5245a4a8bdfacd1a99ba4d9caffeddd06102 CICP C-kit refreshed for n_arity additive schema extension from ts-ccp-followup-formal-idx; 1 new accepted witness staged. PEP policy admits, build green, 77/77 CLI tests pass, 2/2 protocol evolve integration tests pass. T Savo
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (17)
WalkthroughThis PR releases ProvekIt protocol v1.6.4, introducing two new draft extension protocols (Pattern Predicate Protocol and Contract Composition Protocol) as extension-only changes. It updates protocol catalogs with new properties, creates evolution attestation artifacts with bootstrap policy and verifier, updates CLI constants, and provides release documentation and tooling. ChangesProvekIt v1.6.4 Protocol Release
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a98231f2f3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| -DPK_C_ENABLE_FFI_COMPOSE | ||
| -I../provekit-lift-core/include | ||
| -I../../rust/libprovekit/include | ||
| -I/usr/local/Cellar/llvm/22.1.4/include |
There was a problem hiding this comment.
The new compile_flags.txt hardcodes -I/usr/local/Cellar/llvm/22.1.4/include, which only exists on one specific Homebrew install layout/version; on Linux, CI images, or even macOS machines with a different LLVM formula version, clang-based tooling that consumes this file will miss LLVM headers and fail or degrade analysis for this target. Since the C Makefiles already resolve LLVM headers via llvm-config --includedir, this checked-in fixed path introduces an avoidable portability regression.
Useful? React with 👍 / 👎.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
tools/foundation-keygen/src/lib.rs (1)
720-755:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winUpdate test to include the new V1_6_4_DECLARED_AT constant.
The
declared_at_constants_are_pinned_iso8601test guards against accidental use of live timestamps by validating alldeclaredAtconstants. The test array doesn't include the newly addedV1_6_4_DECLARED_ATconstant, leaving it unvalidated.🧪 Proposed fix: add V1_6_4_DECLARED_AT to test array
let pinned = [ V1_1_0_DECLARED_AT, V1_2_0_DECLARED_AT, V1_3_0_DECLARED_AT, V1_3_1_DECLARED_AT, V1_4_0_DECLARED_AT, V1_4_1_DECLARED_AT, V1_5_0_DECLARED_AT, V1_6_0_DECLARED_AT, V1_6_1_DECLARED_AT, V1_6_2_DECLARED_AT, V1_6_3_DECLARED_AT, + V1_6_4_DECLARED_AT, SELF_CONTRACTS_DECLARED_AT_V1_3_1, SELF_CONTRACTS_DECLARED_AT_V1_6_0, ];🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tools/foundation-keygen/src/lib.rs` around lines 720 - 755, The test declared_at_constants_are_pinned_iso8601 is missing the new constant V1_6_4_DECLARED_AT from the pinned array; update the pinned array inside that function to include V1_6_4_DECLARED_AT so the new constant is validated by the ISO‑8601 length/format assertions (retain the existing YYYY-MM-DDTHH:MM:SSZ checks).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/launch/release-notes-v1.6.4.md`:
- Around line 44-53: The fenced historical catalog chain block (the
triple-backtick block containing lines starting with "v1.4.0 blake3-512:..."
through "v1.6.4 blake3-512:09ccf7b14646...") is missing a language tag and
triggers MD040; update the opening fence to include the text language (use
```text) so the block becomes a ```text fenced code block to satisfy
markdownlint.
In `@implementations/c/provekit-lift-c-kernel-doc/compile_flags.txt`:
- Line 9: The file compile_flags.txt contains a hardcoded macOS Homebrew path
"/usr/local/Cellar/llvm/22.1.4/include" which breaks portability; replace that
literal entry by resolving the include path at build time—either reference an
environment variable like LLVM_INCLUDE_DIR (use ${LLVM_INCLUDE_DIR} in your
build generation and document setting LLVM_INCLUDE_DIR per-developer) or
integrate pkg-config (use the output of `pkg-config --cflags llvm`) so the
include is discovered automatically across platforms; update any build scripts
that consume compile_flags.txt to support the chosen approach.
In `@protocol/evolution/v1.6.4/README.md`:
- Around line 36-41: Replace the `<filled by ...>` placeholders in the README
entries for `catalog-diff.json`, `bootstrap-policy.json`,
`bootstrap-verifier.json`, the "v1.6.4 catalog attestation" entry,
`protocol-evolution.body.json`, and `protocol-evolution.witness.json` with the
actual pinned artifact CIDs produced by running `provekit protocol evolve` (and
`sign-catalog-v1-6-4` for the catalog attestation); use the exact CID strings
returned by those commands so each listed file references a concrete, pinned
artifact CID.
---
Outside diff comments:
In `@tools/foundation-keygen/src/lib.rs`:
- Around line 720-755: The test declared_at_constants_are_pinned_iso8601 is
missing the new constant V1_6_4_DECLARED_AT from the pinned array; update the
pinned array inside that function to include V1_6_4_DECLARED_AT so the new
constant is validated by the ISO‑8601 length/format assertions (retain the
existing YYYY-MM-DDTHH:MM:SSZ checks).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: a01f9577-db31-4922-82c8-34a40094707a
📒 Files selected for processing (22)
.provekit/catalog-signatures/v1.6.4.json.provekit/ci/accepted/c/blake3-512:0adec9c21ed7a322e905742cd74d4037b4cbf34206a6643b493e0f6b46030ebfbb5e185652a0e87338c3a4af28dd0246ef28006832968cae403d8c029ebec9bb.job-result.jsondocs/launch/release-notes-v1.6.4.mdimplementations/c/provekit-lift-c-kernel-doc/compile_flags.txtimplementations/rust/provekit-cli/assets/catalog-signature-v1.6.4.jsonimplementations/rust/provekit-cli/assets/protocol-catalog.jsonimplementations/rust/provekit-cli/src/protocol.rsprotocol/evolution/v1.6.4/README.mdprotocol/evolution/v1.6.4/bootstrap-policy.jsonprotocol/evolution/v1.6.4/bootstrap-verifier.jsonprotocol/evolution/v1.6.4/catalog-diff.jsonprotocol/evolution/v1.6.4/from-catalog-v1.6.3.jsonprotocol/evolution/v1.6.4/protocol-evolution.body.cid.txtprotocol/evolution/v1.6.4/protocol-evolution.body.jsonprotocol/evolution/v1.6.4/protocol-evolution.witness.cid.txtprotocol/evolution/v1.6.4/protocol-evolution.witness.jsonprotocol/evolution/v1.6.4/to-catalog-v1.6.4.jsonprotocol/specs/2026-04-30-protocol-catalog.jsontools/foundation-keygen/Cargo.tomltools/foundation-keygen/src/bin/sign_catalog_v1_6_4.rstools/foundation-keygen/src/lib.rstools/recompute-spec-cids/src/main.rs
Hardcoded macOS Cellar include path slipped in alongside the v1.6.4 catalog mint. CodeRabbit flagged it as non-portable. It was an IDE diagnostics nudge, not a substrate change, and does not belong in a protocol catalog mint. T Savo
The v1.6.4 mint added V1_6_4_DECLARED_AT but did not extend the foundation-keygen pinned-constants test array. Without it the new constant is not guarded against accidentally being switched to a runtime clock call, which would re-introduce the byte-nondeterminism the test exists to prevent. Adds the constant to the pinned array, preserving the closes-#300-item-6 invariant. T Savo
The PEP evolution README shipped with <filled by ...> placeholders for catalog-diff, bootstrap-policy, bootstrap-verifier, the v1.6.4 catalog attestation, and the protocol-evolution body + witness. These CIDs are all known from the mint commit's body; CodeRabbit flagged the unfilled placeholders. Replaces them with the actual blake3-512 CIDs so the table matches the on-disk artifacts. T Savo
Markdownlint MD040 fires on the catalog-chain fence because it has no language tag. The block is plain ASCII showing the historical catalog CID chain, so 'text' is the right tag. T Savo
Three callsites still pinned to the v1.6.3 catalog after the v1.6.4 mint, causing the cross-language conformance gate to abort with 'expected v1.6.3-2026-05-09'. Patch-level extension-only mint, so the per-fixture hashes stay byte-identical; only the catalog header pins move: - tools/cross-kit-conformance/src/lib.rs: EXPECTED_CATALOG_VERSION and EXPECTED_CATALOG_CID. - conformance/fixtures.toml: catalog_version + catalog_cid header. - docs/reference/protocol-extensions.md: 'Current Catalog' table, signed-attestation link to v1.6.4.json, evolution README link to v1.6.4, and the Draft Companion Specs framing line. T Savo
The v1.6.4 mint shifted EXPECTED_CATALOG_CID, which is embedded in every kit's blast-radius CID via the protocol_catalog_cid input. All eleven kit witnesses (rust, go, cpp, ts, csharp, java, python, ruby, zig, c, swift) needed regeneration. Refreshed via make ci-accept-refresh on the [self-hosted, Linux, X64] runner so witness file naming matches the host the CICP smoke job runs on. Lift output is not byte-identical between Mac and Linux for the C kit's path closure, which the prior mint-time refresh on Mac did not account for. T Savo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Mints protocol catalog v1.6.4 via PEP (extension-only patch bump). Catalogs two new draft extension protocols introduced in #514:
Under v1.6.3 bootstrap-policy.json's
versionLabelRule: extensionOnlyWithoutCrossKitSemanticObligation: patch, v1.6.4 is the correct version label. No core verifier behavior change, no ProofIR grammar change, no canonicalization change. Existing v1.6.3 mementos / fixtures / .proof bundles remain valid.Pinned CIDs
blake3-512:09ccf7b1464622eceb4ac0e9bae3b435ba92d87c19e89f93724e6be75f4afce9eb3dedb7b8ebe2536de054143efefcb3cb622e6e5b4140bb26e6156a9bc9adf3blake3-512:604608dddd23db1c9ac3b593b1a4c7612b4c3d5cb1432976d38c0c935ce0fc2f6babff8d410e13ca44227b40ad1cbb29657633e5e5184afb7825653767289fa9blake3-512:fa6e7f3861c9ed443a7eaac486a5d091e09a566384f2314dc45c8b7c3301e31104a31076f0a48bc177a1108d4a3d5245a4a8bdfacd1a99ba4d9caffeddd06102blake3-512:5187838f00dc2e5d8192eee0c33b901e4b8e9a3e809637d965533ac334486ad6276c7fea31574be581eb51fc7a37c5cb21ad8168a0ec3dd8d676c6c383bb3a0eU1ElkXPN4SMFr9oMmoOlPBz5Cl1oiUYeV/WkCNlUgpc5LisGeYaMxjM5C/VlLXc8y1zve6mlYmxnirmMy6J5DQ==What this contains
protocol/specs/2026-04-30-protocol-catalog.jsonbumped to v1.6.4 with PPP + CCP entriesprotocol/evolution/v1.6.4/PEP bundle (from-, to-, policy, verifier, body, witness, catalog-diff, README).provekit/catalog-signatures/v1.6.4.jsonEd25519 attestation under foundation v0 keyimplementations/rust/provekit-cli/assets/catalog-signature-v1.6.4.json+assets/protocol-catalog.json+src/protocol.rstools/foundation-keygen/src/bin/sign_catalog_v1_6_4.rssign binarytools/recompute-spec-cids/src/main.rsSPEC_MAP +2 entries; freeze target bumped to v1.6.4docs/launch/release-notes-v1.6.4.md.provekit/ci/accepted/c/...0adec9c2....jsonCICP C-kit refreshTest plan
cargo build --release --workspace— pass (warnings only, all pre-existing)recompute-spec-cids --verify— pass (no drift)provekit-cli --binstest suite — 77 / 77 pass, includingembedded_catalog_recomputes_to_expected_cid,embedded_signature_verifies_against_embedded_pubkey,verify_protocol_signed_passes_with_embedded_assets,expected_cid_has_correct_shapeprotocol_evolveintegration tests — 2 / 2 passprovekit protocol check-evolutionagainst v1.6.4 PEP bundle — status: admittedprovekit ci accept --kit c --clean --assume-pass— 1 added, 1 verified, 0 errorsT Savo
Summary by CodeRabbit
New Features
Documentation