feat: letter-envelope TS_CID + CSHARP_CID (retire last self-reference pins)

[TSavo]

Summary

Extends PR #30's letter-envelope refactor to the last two peer kits that still carried machine-local truth about their own bytes inside the source tree (TS_CID / CSHARP_CID). Closes task #212.

After this change, all five peer kits (rust, go, cpp, ts, csharp) verify their self-contracts bundles against externally signed attestation envelopes. The source tree carries no _CID := pin for any peer.

New attestation envelopes

Both signed under foundation-v0 (ed25519:IVL40Zt5HSRFMkLhXy6rbLfP+ntqXtMAl5YOBpiB2xI=), pinned declaredAt: 2026-05-02T17:00:00Z:

• .provekit/self-contracts-attestations/ts.json -> blake3-512:449339930add6457bf25542f2117a025daada4a4bd1de704737750ad6d1c1be814c284d31bb97159ca0b2d2c52f8c043a64533d3432195f5a0f338c5d4904d44 (no drift from prior TS_CID)
• .provekit/self-contracts-attestations/csharp.json -> blake3-512:cec85197e5bc394cb97fa3b96c076eca5ace3eeda819f8a2b8b7001f85336dbfadc7e28be3a38676f81387f908b327f0fffeae7d6d04fe76a8c754e5db38c61e (matches CI value from PR fix(ci): bump CSHARP_CID after kit drift #36)

Both files were generated by sign-self-contracts and re-verified end-to-end via verify-self-contracts and make conformance.

sign-self-contracts now accepts ts / csharp

The binary previously hard-rejected anything outside [rust, go, cpp]. Two changes in tools/foundation-keygen:

• src/lib.rs: SELF_CONTRACTS_LANGS extended to ["rust", "go", "cpp", "ts", "csharp"]. Doc comment for self_contracts_attestation_path_for updated to drop the "deferred to a follow-up" note.
• src/bin/sign_self_contracts.rs: usage strings extended; gating logic unchanged (it consults SELF_CONTRACTS_LANGS).

Tests added in src/lib.rs:

• self_contracts_ts_round_trip_verifies
• self_contracts_csharp_round_trip_verifies
• self_contracts_lang_set_is_five_peers (guards the canonical kit suite)

cargo test --release --manifest-path tools/foundation-keygen/Cargo.toml: 10/10 passing.

Makefile diff summary

• Deleted: TS_CID := blake3-512:... and CSHARP_CID := blake3-512:... (two lines plus their explanatory comment block).
• mint-ts: now captures the CID from pnpm vitest run --reporter=verbose ... stdout and runs verify-self-contracts <ts.json> "$out". Default vitest reporter swallowed the console.log("catalog CID: ...") line; verbose preserves it.
• mint-csharp: same shape as mint-rust -- captures the CID from dotnet run stdout and runs verify-self-contracts <csharp.json> "$out". Bump-dance error message follows the rust/go/cpp pattern.
• make help footer: ts and csharp now print as (envelope) .provekit/self-contracts-attestations/<lang>.json instead of literal CIDs.
• all-mint footer: same envelope format for consistency.
• Bump-dance comment block at the top of the Makefile generalized over all five peers.

grep -E '(TS|CSHARP)_CID :=' Makefile returns no matches; CATALOG_CID := is the only remaining _CID := constant (preserved per scope; documented as separate follow-up).

Spec note

protocol/specs/2026-05-02-bundle-attestation-protocol.md already describes the per-language artifactName set generically ("rust", "go", "cpp", etc. -- the §6.3 wording explicitly anticipates additions). 2026-05-02-provekit-migrate-protocol.md covers catalog-version mechanics, not self-contracts. No spec edits were required.

Smoke test

make conformance passes locally:

==== all 5 self-contract CIDs match pinned values ====
  rust      (envelope: .provekit/self-contracts-attestations/rust.json)
  go        (envelope: .provekit/self-contracts-attestations/go.json)
  cpp       (envelope: .provekit/self-contracts-attestations/cpp.json)
  ts        (envelope: .provekit/self-contracts-attestations/ts.json)
  csharp    (envelope: .provekit/self-contracts-attestations/csharp.json)

==== conformance: PASS ====

References

• PR feat: letter-envelope self-contracts CIDs (retire Makefile constants) #30 (rust / go / cpp letter-envelope cut)
• protocol/specs/2026-05-02-bundle-attestation-protocol.md
• protocol/specs/2026-05-02-binary-attestation-protocol.md

What this closes

The structural pattern Sir flagged in the PR #30 body: the source tree no longer carries machine-local truth about its own bytes for any peer kit. Bumping any of the five self-contracts CIDs is now a single explicit sign-self-contracts <lang> <new-cid> event, gated by the foundation key.

Test plan

• cargo test --release --manifest-path tools/foundation-keygen/Cargo.toml (10/10 passing including 3 new self-contracts tests)
• make mint-ts verifies ts.json envelope
• make mint-csharp verifies csharp.json envelope
• make conformance passes end-to-end with all 5 envelope verifications
• No em-dashes / en-dashes; no stale TS_CID / CSHARP_CID references anywhere in the repo

Generated with Claude Code

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

Warning

Rate limit exceeded

@TSavo has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 35 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e8551e0e-65f4-4c6c-9f34-5b146c208e61

📥 Commits

Reviewing files that changed from the base of the PR and between e43e49c and 256abc0.

📒 Files selected for processing (5)

• .provekit/self-contracts-attestations/csharp.json
• .provekit/self-contracts-attestations/ts.json
• Makefile
• tools/foundation-keygen/src/bin/sign_self_contracts.rs
• tools/foundation-keygen/src/lib.rs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/letter-envelope-ts-csharp

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 11 minutes and 35 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}