feat: doctrine alignment + ChittyAdvocate cross-model bootstrap

[chitcommit]

Summary

• Context Resolver v2.0: 4-tier resolution cascade (explicit→anchor→multi-signal→create). DB failure returns error, never mints. createContext() requires coordinationNeed justification. 9 doctrine-compliance tests added (260/260 pass).
• Lifecycle alignment: supernova/fission now set retired not archived. Migration 014 widens D1 CHECK constraint to fresh/active/dormant/stale/retired.
• ChittyAdvocate bootstrap endpoints: GET /api/v1/doctrine/seed (machine-readable governance), GET /api/v1/signal/bootstrap (3-prompt payload to hydrate any AI substrate), GET /api/v1/signal/articles + /article/:id (narrative archetype articles). Base class design for future org/client tuning.

Endpoints Added

Endpoint	Purpose
GET /api/v1/doctrine/seed	Full doctrine seed (ontology, lifecycle, trust model)
GET /api/v1/signal/bootstrap	3-prompt bootstrap — any model, any platform, 3 prompts to alignment
GET /api/v1/signal/articles	Narrative article catalog (6 archetypes)
GET /api/v1/signal/article/:id	Individual article content

Test plan

• 260/260 tests pass (no regressions)
• Deploy to staging and test bootstrap endpoint
• Inject 3 prompts into a fresh ChatGPT session — verify doctrine alignment
• Inject 3 prompts into a fresh Claude Desktop session — verify
• Run curl /api/v1/signal/bootstrap and validate JSON structure
• Run curl /api/v1/doctrine/seed and validate against bootstrap JSON schema

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Command dashboard: connection monitoring, health checks, autopilot scheduling, sweep action, insights, logs, and settings.
  • API key management: create, copy, revoke.
  • Connection self‑healing with retry/backoff, pattern learning, and prioritized attention/healthy views.
  • Public endpoints for doctrine seed, bootstrap prompts, and curated articles; health endpoint now advertises these routes.

• Documentation

  • ChittyAdvocate design doc describing narrative lifecycle, curation/distribution flow, and phased rollout.

• Bug Fixes / Data

  • Standardized doctrine lifecycle statuses (fresh/active/dormant/stale/retired/dissolved) with data migration.

• Tests

  • Expanded context resolution tests covering error paths and coordination-need requirements.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	chittyconnect	3e76be2	Mar 24 2026, 02:44 AM

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5d0cd8be-96c9-4266-8551-cc84822c69aa

📥 Commits

Reviewing files that changed from the base of the PR and between e2beb38 and 3e76be2.

📒 Files selected for processing (11)

• README.md
• docs/CHITTYADVOCATE_DESIGN.md
• migrations/014_doctrine_lifecycle_states.sql
• src/index.js
• src/intelligence/__tests__/context-resolver.test.js
• src/intelligence/context-intelligence.js
• src/intelligence/context-resolver.js
• src/middleware/oauth-provider.js
• ui/src/App.jsx
• ui/src/pages/Command.jsx
• ui/src/stores/commandStore.js

---

📝 Walkthrough

Walkthrough

Adds ChittyAdvocate design doc, a DB migration for doctrine lifecycle states, new public API endpoints for doctrine/bootstrap/articles, refactors context resolution to a synthetic-continuity model, introduces a Command UI with a Command store for health/autopilot/healing, and minor OAuth clientId sanitization and README badges.

Changes

Cohort / File(s)	Summary
Design Documentation docs/CHITTYADVOCATE_DESIGN.md	New design doc defining ChittyAdvocate service, CRAFT/CURATE/DISTRIBUTE stages, Cloudflare Worker routes, cron jobs, 3‑prompt bootstrap payload, dependencies, and phased rollout.
Database Migration migrations/014_doctrine_lifecycle_states.sql	Rebuilds context_entities to enforce synthetic-continuity lifecycle status CHECK (values include fresh,active,dormant,stale,retired,dissolved), remaps legacy states, migrates rows, and recreates indexes.
Server API Routes src/index.js	Adds unauthenticated GET routes: /api/v1/doctrine/seed, /api/v1/signal/bootstrap, /api/v1/signal/articles, /api/v1/signal/article/:id; updates /health JSON to advertise new endpoints and returns 404 JSON for missing articles.
Context Intelligence (logic + tests) src/intelligence/context-resolver.js, src/intelligence/context-intelligence.js, src/intelligence/__tests__/context-resolver.test.js	Refactors resolution to reconstitute-or-propose model: explicit ID reconstitution, anchor-hash reconstitution with metadata, multi-signal candidate search (findBestCandidate), DB error short-circuiting (action: "error", resolution: "db_error"), createContext() now requires coordinationNeed; tests updated to cover new flows and error cases.
OAuth sanitization src/middleware/oauth-provider.js	handleAuthorize now replaces : with - in clientId when constructing per-actor userId to satisfy downstream auth-code parsing constraints.
Command UI & Store ui/src/App.jsx, ui/src/pages/Command.jsx, ui/src/stores/commandStore.js	Adds Command page and Zustand store providing connection fetching, testOne/testAll, autopilot scheduling, heal queue with exponential backoff, pattern learning/co-fail tracking, API-key CRUD, activity logs, and UI integration (route/sidebar).
README README.md	Added two shields.io badges at top of README.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant Browser as Browser (Command Page)
    participant Store as Command Store
    participant API as Backend API
    participant DB as Database

    User->>Browser: Open /command
    activate Browser
    Browser->>Store: init()
    activate Store

    Store->>API: GET /api/connections (fetchAll)
    API->>DB: SELECT connections
    DB-->>API: rows
    API-->>Store: connections array

    Store->>API: POST /api/connections/:id/test (testOne) / POST /api/sweep (testAll)
    API->>DB: update health state
    DB-->>API: ack
    API-->>Store: test results

    Store->>Store: enqueueHeal / processHealQueue (exponential backoff)
    Store->>API: healing attempts (retries)
    API->>DB: persist updates
    DB-->>API: ack

    Store-->>Browser: emit state updates (connections, logs, insights)
    deactivate Store
    Browser->>Browser: render UI (connections, keys, logs)
    deactivate Browser

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: implement credential provisioner, queue dispatch, CODEOWNERS stubs #83: Also modifies src/middleware/oauth-provider.js clientId/userId handling; closely related to the colon‑sanitization change here.
• fix: remove colon from actorId to prevent OAuth code parse failure #77: Alters OAuth handleAuthorize client identifier sanitization; directly overlaps with this PR's sanitization logic.
• feat: connections hardening — SSRF, cron health, search/sort, OAuth fix #59: Touches per-actor userId construction in the OAuth provider; relevant to the same code path changed here.

Poem

🐰 I hopped through seeds and bootstrap prompts tonight,

Crafted narratives by flickering worker light,
I tended connections with an autopilot hum,
Healed and logged each hiccup till morning come,
Hooray — doctrines flow, and rabbit drums go thrum.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 23.53% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: doctrine alignment via the ChittyAdvocate cross-model bootstrap system, matching the substantial changes across resolver logic, lifecycle states, and new advocate endpoints.
Description check	✅ Passed	The description covers purpose/scope (resolver v2.0, lifecycle alignment, ChittyAdvocate endpoints), impacted services (context resolver, database schema, API), includes an endpoints table, and lists test plan items; however, it lacks explicit security & access review, docs update confirmation, and onboarding/scopes.yml updates as required by template.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/doctrine-alignment-advocate

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds doctrine-aligned context resolution + lifecycle updates in the worker, introduces public “ChittyAdvocate” bootstrap/seed endpoints, and ships a new “Command” UI for connection health/autopilot + key management.

Changes:

• ContextResolver v2 cascade (explicit → anchor → multi-signal → propose new) with stricter “never mint on DB failure” posture and coordination-need requirement for minting.
• Lifecycle alignment: supernova/fission now mark contexts as retired (vs archived) and a new migration attempts to widen the allowed lifecycle states.
• New public bootstrap endpoints (/api/v1/doctrine/seed, /api/v1/signal/*) and a new dashboard page (/command) with autopilot/healing + API key CRUD.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
ui/src/stores/commandStore.js	New Zustand store backing “Command” UI (connections health, autopilot/heal queue, API key CRUD).
ui/src/pages/Command.jsx	New “Command” page UI (connections view, insights, autopilot settings, keys table, activity log).
ui/src/App.jsx	Adds sidebar nav + route for /command.
src/middleware/oauth-provider.js	Sanitizes OAuth userId construction to avoid : delimiter issues.
src/intelligence/context-resolver.js	Implements resolver v2 cascade + coordinationNeed requirement + multi-signal matching.
src/intelligence/context-intelligence.js	Uses retired status for supernova/fission source contexts.
src/intelligence/tests/context-resolver.test.js	Adds doctrine-related tests around resolver behavior.
src/index.js	Adds public doctrine seed + signal bootstrap/articles endpoints.
migrations/014_doctrine_lifecycle_states.sql	New migration attempting lifecycle status expansion via table rebuild.
docs/CHITTYADVOCATE_DESIGN.md	Design doc for ChittyAdvocate narrative/bootstrap distribution concept.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

src/intelligence/context-intelligence.js (1)

1036-1045: ⚠️ Potential issue | 🔴 Critical

CHECK constraint violation: 'dissolved' is not an allowed status.

The migration 014_doctrine_lifecycle_states.sql enforces a CHECK constraint allowing only ('fresh','active','dormant','stale','retired'), but dissolveSuspension writes status = 'dissolved'. This will cause a runtime constraint violation when this method executes.

Either:

1. Add 'dissolved' to the allowed states in the migration, or
2. Map dissolved suspensions to 'retired' like supernova/fission

Option 2: Map to 'retired' for consistency

   async dissolveSuspension(suspensionChittyId, rollbackMetrics = true) {
-    // Archive the suspension
+    // Retire the suspension
     await this.db
       .prepare(
         `
-      UPDATE context_entities SET status = 'dissolved' WHERE chitty_id = ? AND issuer = 'suspension'
+      UPDATE context_entities SET status = 'retired' WHERE chitty_id = ? AND issuer = 'suspension'
     `,
       )
       .bind(suspensionChittyId)
       .run();

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/intelligence/context-intelligence.js` around lines 1036 - 1045, The
dissolveSuspension method currently writes status = 'dissolved', which violates
the CHECK constraint from migration 014_doctrine_lifecycle_states.sql; update
dissolveSuspension to set status = 'retired' instead (consistent with
supernova/fission handling) by changing the UPDATE in the dissolveSuspension
function to use 'retired' for issuer = 'suspension' and ensure any related
logic/metrics rollbacks still refer to the same retirement semantics.

src/intelligence/context-resolver.js (1)

436-489: ⚠️ Potential issue | 🟠 Major

The new justification is not durable across partial failures.

coordinationNeed only reaches durable storage in the ledger payload, but mintChittyId() and both inserts happen first. If logToLedger() fails, you keep a valid context with no recorded justification, and a retry can mint a second ChittyID for the same request. Please make this flow atomic/idempotent across mint + DB writes.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/intelligence/context-resolver.js` around lines 436 - 489, The flow mints
a ChittyID (mintChittyId) and inserts context_entities/context_dna before
calling logToLedger, so if ledger logging fails you can be left with a context
lacking coordinationNeed and a retry may mint a second chitty; fix by making the
DB writes durable and idempotent: (1) include coordinationNeed as a column/field
on context_entities (or a JSON metadata column) and perform the INSERTs inside a
single DB transaction so coordinationNeed is persisted atomically with
contextId/chittyId (use the same transaction for context_entities and
context_dna inserts); (2) add a uniqueness check/constraint keyed on the anchors
(projectPath, workspace, supportType, organization) and/or contextId so retries
first query the DB for an existing context and reuse its chittyId instead of
calling mintChittyId again; and (3) only call logToLedger after the transaction
commits (so ledger is the last step) and make logToLedger retriable against the
stored context (using contextId/chittyId) without reminting; update functions
referenced: mintChittyId, logToLedger and the context_entities/context_dna
insert logic to implement this transaction, uniqueness check, and durable
coordinationNeed persistence.

🧹 Nitpick comments (3)

ui/src/pages/Command.jsx (2)

484-496: Consider adding user feedback after copying.

The copy button calls navigator.clipboard.writeText() but provides no visual confirmation. A brief "Copied!" state or toast would improve UX.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ui/src/pages/Command.jsx` around lines 484 - 496, Add visual feedback when
the Copy button succeeds or fails: after calling
navigator.clipboard.writeText(newKeyValue) in the onClick handler of the Copy
button, set a transient UI state (e.g., show "Copied!" text or a toast) and
clear it after a short timeout; handle rejections by showing an error message.
Use the existing clearNewKeyValue function for Dismiss behavior and add a local
state variable (e.g., copied or copyError) in the component that the button's
onClick updates so the UI near the Copy button displays the confirmation or
error.

---

71-74: Consider adding init and cleanup to the dependency array or adding a suppression comment.

While Zustand store functions are typically stable and the empty dependency array works, this pattern may trigger ESLint exhaustive-deps warnings. Adding a comment clarifies the intentional omission.

Add suppression comment for clarity

   useEffect(() => {
     init();
     return cleanup;
+    // eslint-disable-next-line react-hooks/exhaustive-deps -- store functions are stable
   }, []);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ui/src/pages/Command.jsx` around lines 71 - 74, The useEffect call in
Command.jsx currently calls init() and returns cleanup with an empty dependency
array, which can trigger ESLint exhaustive-deps; either add init and cleanup to
the dependency array of the useEffect or explicitly silence the rule with a
focused suppression comment above the effect (e.g. // eslint-disable-next-line
react-hooks/exhaustive-deps) and include a short comment explaining why init and
cleanup are intentionally stable (Zustand store functions), referencing the
useEffect, init, and cleanup symbols so reviewers understand the rationale.

ui/src/stores/commandStore.js (1)

610-617: Potential for duplicate timers if init() is called multiple times.

If init() is invoked before cleanup() (e.g., React strict mode double-mounting), startAutopilot() may create duplicate interval timers since init() doesn't clear existing timers first.

Clear existing timers in init

 init: async () => {
+  get().cleanup(); // Clear any existing timers first
   await get().fetchAll();
   await get().fetchApiKeys();
   // Resume autopilot if it was on
   if (get().prefs.autopilotEnabled) {
     get().startAutopilot();
   }
 },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ui/src/stores/commandStore.js` around lines 610 - 617, init() can create
duplicate autopilot intervals if called multiple times; before calling
get().startAutopilot() check for and clear any existing timers by invoking the
store's cleanup logic (e.g., call get().cleanup() or explicitly
clearInterval/clearTimeout on the same timer IDs used by startAutopilot()) so
startAutopilot() only creates a new interval when no existing timer is running;
update init() to clear existing timers first (reference init(),
startAutopilot(), and cleanup()).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@migrations/014_doctrine_lifecycle_states.sql`:
- Around line 45-51: The CHECK constraint in the migrations definition for the
lifecycle status omits the 'dissolved' state, causing runtime constraint
violations when dissolveSuspension() in src/intelligence/context-intelligence.js
sets status = 'dissolved'; update the SQL CHECK clause (the status TEXT DEFAULT
'fresh' CHECK (...) in the migration diff) to include 'dissolved' among the
allowed values, and then audit related places (dissolveSuspension(), doctrine
docs, and bootstrap payloads in src/index.js) to ensure 'dissolved' is listed
where lifecycle states are enumerated.

In `@src/intelligence/context-resolver.js`:
- Around line 424-432: The current guard "if (!coordinationNeed)" allows
whitespace or non-string truthy values; tighten it by validating that
coordinationNeed is a string with non-whitespace content (e.g., typeof
coordinationNeed === 'string' && coordinationNeed.trim().length > 0) and
otherwise throw the same Error; update the check around the coordinationNeed
parameter in the function (the existing if block referencing coordinationNeed)
to enforce this stricter validation.
- Around line 118-137: The catch block in ContextResolver's multi-signal step
swallows errors from findBestCandidate and falls through to the create_new path;
change the catch in the try/catch around this.findBestCandidate(hints) to
surface the failure by returning an error response (or rethrowing) instead of
just console.warn so callers do not proceed to mint; update the handler to
return a structure consistent with other error cases (e.g., action: "error" with
an error message/reason and resolution: "multi_signal_failure") or rethrow the
caught error from the method, and add a regression test that simulates
findBestCandidate throwing to assert the resolver returns an error (and does not
return a create_new proposal).

In `@src/middleware/oauth-provider.js`:
- Around line 129-130: The actor identity creation uses a lossy replacement
(safeClientId and actorId) that can map distinct oauthReqInfo.clientId values to
the same actor; change the normalization to a collision-free encoding (e.g.,
Base64 URL-safe or encodeURIComponent) of oauthReqInfo.clientId instead of
replacing ":" with "-" so actorId = `mcp-client-<encodedClientId>`; update the
safeClientId creation and any consumers of actorId (safeClientId, actorId) to
use the new encoding function to preserve uniqueness and avoid subject/grant
aliasing.

In `@ui/src/pages/Command.jsx`:
- Around line 538-546: The revoke button is passing a malformed key by doing
k.key.replace("...", ""); change it to pass the API key prefix returned by the
backend (use k.prefix) when invoking revokeApiKey (in Command.jsx where the
onClick calls revokeApiKey), and optionally fall back to k.key only if k.prefix
is undefined to avoid breaking older objects; update the invocation so
revokeApiKey receives the actual prefix string the DELETE endpoint expects.

In `@ui/src/stores/commandStore.js`:
- Around line 21-26: apiJson currently throws data.error which can be an object
and will stringify as [object Object]; update apiJson (which calls apiFetch and
res.json()) to extract a human-readable message when data.success is false by
checking if data.error is an object and using data.error.message (or combining
data.error.code and data.error.message) and fall back to a stringified JSON or a
default "API error" if neither is present; ensure the thrown Error includes that
extracted message so consumers get a useful error string.

---

Outside diff comments:
In `@src/intelligence/context-intelligence.js`:
- Around line 1036-1045: The dissolveSuspension method currently writes status =
'dissolved', which violates the CHECK constraint from migration
014_doctrine_lifecycle_states.sql; update dissolveSuspension to set status =
'retired' instead (consistent with supernova/fission handling) by changing the
UPDATE in the dissolveSuspension function to use 'retired' for issuer =
'suspension' and ensure any related logic/metrics rollbacks still refer to the
same retirement semantics.

In `@src/intelligence/context-resolver.js`:
- Around line 436-489: The flow mints a ChittyID (mintChittyId) and inserts
context_entities/context_dna before calling logToLedger, so if ledger logging
fails you can be left with a context lacking coordinationNeed and a retry may
mint a second chitty; fix by making the DB writes durable and idempotent: (1)
include coordinationNeed as a column/field on context_entities (or a JSON
metadata column) and perform the INSERTs inside a single DB transaction so
coordinationNeed is persisted atomically with contextId/chittyId (use the same
transaction for context_entities and context_dna inserts); (2) add a uniqueness
check/constraint keyed on the anchors (projectPath, workspace, supportType,
organization) and/or contextId so retries first query the DB for an existing
context and reuse its chittyId instead of calling mintChittyId again; and (3)
only call logToLedger after the transaction commits (so ledger is the last step)
and make logToLedger retriable against the stored context (using
contextId/chittyId) without reminting; update functions referenced:
mintChittyId, logToLedger and the context_entities/context_dna insert logic to
implement this transaction, uniqueness check, and durable coordinationNeed
persistence.

---

Nitpick comments:
In `@ui/src/pages/Command.jsx`:
- Around line 484-496: Add visual feedback when the Copy button succeeds or
fails: after calling navigator.clipboard.writeText(newKeyValue) in the onClick
handler of the Copy button, set a transient UI state (e.g., show "Copied!" text
or a toast) and clear it after a short timeout; handle rejections by showing an
error message. Use the existing clearNewKeyValue function for Dismiss behavior
and add a local state variable (e.g., copied or copyError) in the component that
the button's onClick updates so the UI near the Copy button displays the
confirmation or error.
- Around line 71-74: The useEffect call in Command.jsx currently calls init()
and returns cleanup with an empty dependency array, which can trigger ESLint
exhaustive-deps; either add init and cleanup to the dependency array of the
useEffect or explicitly silence the rule with a focused suppression comment
above the effect (e.g. // eslint-disable-next-line react-hooks/exhaustive-deps)
and include a short comment explaining why init and cleanup are intentionally
stable (Zustand store functions), referencing the useEffect, init, and cleanup
symbols so reviewers understand the rationale.

In `@ui/src/stores/commandStore.js`:
- Around line 610-617: init() can create duplicate autopilot intervals if called
multiple times; before calling get().startAutopilot() check for and clear any
existing timers by invoking the store's cleanup logic (e.g., call
get().cleanup() or explicitly clearInterval/clearTimeout on the same timer IDs
used by startAutopilot()) so startAutopilot() only creates a new interval when
no existing timer is running; update init() to clear existing timers first
(reference init(), startAutopilot(), and cleanup()).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7d060c43-9eeb-4218-996f-9350c0a111b5

📥 Commits

Reviewing files that changed from the base of the PR and between 7893b35 and e2beb38.

📒 Files selected for processing (10)

• docs/CHITTYADVOCATE_DESIGN.md
• migrations/014_doctrine_lifecycle_states.sql
• src/index.js
• src/intelligence/__tests__/context-resolver.test.js
• src/intelligence/context-intelligence.js
• src/intelligence/context-resolver.js
• src/middleware/oauth-provider.js
• ui/src/App.jsx
• ui/src/pages/Command.jsx
• ui/src/stores/commandStore.js