V37 Gate 2: Conversation Session And Route History Contracts#112
Conversation
Implements package-owned ConversationSession route-history contracts with deterministic source-safe artifact generation for create, restore, branch, retry, redact, and stream operations. Adds route-facing source-safe contract helpers, package and uapi route tests, V37 Gate 2 checker scripts, workflow wiring, and V37 spec/roadmap documentation for route-local history boundaries. Validation: pnpm run check:v37-gate1; pnpm run check:v37-gate2; pnpm run check:v37-conversation-session-route-history; pnpm --filter @bitcode/protocol test; pnpm -C uapi exec tsc --noEmit --pretty false; pnpm -C uapi run lint; focused uapi Jest route-history tests; canonical input, import casing, raw promptpart casing, and diff hygiene checks.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Keep the Gate 2 checker strict on generated route-history contracts, protocol tests, source-safety, documentation, and workflow wiring while making UAPI route-test execution explicit for workspace-installed jobs. This lets Bitcode Spec Basics run inside its lightweight Node container and leaves route Jest coverage to Gate Quality or BITCODE_RUN_UAPI_ROUTE_TESTS=1 local validation.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 32262c6b71
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const observedMustNotExpose = new Set(payload.mustNotExpose || []); | ||
| const forbidsProtectedSource = contractRow.mustNotExpose.every((payloadClass) => observedMustNotExpose.has(payloadClass)); | ||
|
|
There was a problem hiding this comment.
Validate mayExpose against contract allowlist
assertSourceSafeConversationRouteHistoryPayload accepts mayExpose in its input but never checks it, so a payload that declares unsafe classes in mayExpose can still be admitted as long as mustNotExpose and the two booleans match. In practice, a caller could pass mayExpose: ['wallet_private_material'] and still receive admitted: true, which defeats the purpose of a source-safety admission helper for route-history envelopes.
Useful? React with 👍 / 👎.
| 'policy_decision', | ||
| 'history_refs', | ||
| 'proof_roots', | ||
| 'event_ids', | ||
| 'redaction_posture', |
There was a problem hiding this comment.
Include stream_state in required route-history refs
The shared required reference list omits stream_state, even though the protocol-side contract for the same feature treats stream state as a required ConversationSession field. This creates drift where route-side validators that depend on requiredRefs can accept payload metadata without any stream lifecycle marker, weakening contract completeness for create/restore/retry/redact flows.
Useful? React with 👍 / 👎.
Summary
Validation
Notes