Skip to content

feat(runtime): invoke installed Edict provider mutations#678

Merged
flyingrobots merged 6 commits into
mainfrom
runtime/583-provider-proposal-admission
Jul 17, 2026
Merged

feat(runtime): invoke installed Edict provider mutations#678
flyingrobots merged 6 commits into
mainfrom
runtime/583-provider-proposal-admission

Conversation

@flyingrobots

Copy link
Copy Markdown
Owner

Summary

This PR carries the Echo/Edict provider path across four explicit runtime boundaries without collapsing their authority:

  1. admit an exact provider-package proposal against an independently constructed Echo policy;
  2. corroborate the exact package occurrence against independently admitted contract material;
  3. install that corroborated package into Echo-owned provider, operation, package-root, and scheduler-rule indexes; and
  4. admit, schedule, execute, receipt, persist, and recover an exact installed provider mutation.

Echo now retains provider-native invocation evidence binding the package identity and exact package reference, semantic operation, Target IR identity, and scheduler rule. An outcome is reported as applied only when the exact installed provider rule appears in the scheduler receipt; the same-scope system acknowledgement cannot masquerade as provider execution.

Advances #583.
Related to #589.

This deliberately does not close either issue. The generic provider-native path is present, but the designated Jim operation, caller/session authentication, target authorization, codec-owned input validation, provider-native reads, and the broader authority/security ramp remain downstream.

Scope

  • Tests only
  • Docs only
  • Runtime code

Architectural walkthrough

Proposal admission

TrustedRuntimeHost accepts an opaque provider proposal only when its complete registry, semantic/release identities, package occurrence, operations, codecs, Target IR, profiles, obstruction declarations, and footprint claims equal a host-owned ProviderContractAdmissionPolicyV1. This crossing does not hash package bytes, install anything, execute callbacks, or grant application authority.

Exact occurrence corroboration

echo-wesley-gen consumes the digest-admitted package and Echo-admitted contract material, requires the exact echo.edict-provider@1 coordinate and lowercase sha256: package-root agreement, and returns an opaque corroboration proof. This crossing proves occurrence agreement only; it does not infer registry semantics from bytes.

Installation

A sealed proof-consuming adapter installs a corroborated package through the trusted runtime-owner port. Installation atomically occupies provider-package, package-root, operation, and scheduler-rule indexes, retains the exact occurrence and complete provider registry, and refuses legacy/provider or rule conflicts without partial mutation. It creates no Wesley/GraphQL surrogate metadata and invokes no callbacks.

Invocation and recovery

The installed-contract ingress path now carries InstalledInvocationEvidence, with distinct legacy and provider variants. Provider mutation admission requires:

  • the exact canonical EINT v1 outer kind;
  • an installed provider operation;
  • the exact installed provider scheduler rule; and
  • a successful provider matcher.

Unknown operations, malformed or relabeled EINT, matcher refusal, missing exact rule execution, and unsupported provider inverse targets fail closed through typed errors or obstructions. Provider receipts do not fabricate a legacy contract coordinate.

WAL state-delta evidence remains explicitly tagged:

  • tag 1: the byte-identical legacy encoding;
  • tag 2: validated provider evidence binding package, operation, Target IR, and rule.

Fresh-host recovery independently reinstalls the same package as host configuration, recovers the exact prior outcome from the filesystem WAL, treats resubmission as a duplicate, schedules no extra work, and executes no callbacks.

Each crossing proves only its own proposition. Generated authority-facts material is not treated as Echo runtime authority.

RED / GREEN evidence

Focused RED witnesses were introduced before each boundary existed or before the reviewed soundness rule was enforced:

  • exact proposal-policy mismatch and atomic conflict refusal;
  • exact package-occurrence/root corroboration;
  • proof-owned installation and duplicate/conflict behavior;
  • provider mutation evidence through receipt and WAL;
  • wrong EINT outer-kind rejection;
  • prevention of same-scope system acknowledgement masquerading as provider execution;
  • matcher-false fail-closed behavior;
  • validated tag-2 truncation, UTF-8, digest, coordinate, operation-id, and unknown-tag failures;
  • byte-stable tag-1 golden evidence;
  • fresh-host idempotent recovery without callbacks; and
  • pre-push feature preservation for feature-gated provider tests.

The corresponding GREEN commands include:

cargo +1.90.0 test -p warp-core --features native_rule_bootstrap,trusted_runtime --test provider_contract_admission_tests
cargo +1.90.0 test -p warp-core --features native_rule_bootstrap,host_test --test installed_contract_intent_pipeline_tests
cargo +1.90.0 test -p warp-core --features native_rule_bootstrap,trusted_runtime,host_test --test trusted_runtime_host_loop_tests
cargo +1.90.0 test -p warp-core --test provenance_retention_codec_tests
cargo +1.90.0 test -p echo-wesley-gen --test provider_package
cargo +1.90.0 xtask test-slice contract-path-release
bash tests/hooks/test_verify_local.sh

Validation

The exact committed tree passed:

cargo +1.90.0 test -p warp-core --all-targets --features native_rule_bootstrap,trusted_runtime,host_test --quiet
cargo +1.90.0 test -p echo-wesley-gen --all-targets
cargo +1.90.0 clippy -p warp-core --lib --features native_rule_bootstrap,trusted_runtime,host_test -- -D warnings -D missing-docs
cargo +1.90.0 clippy -p warp-core --features native_rule_bootstrap,trusted_runtime,host_test --test contract_obstruction_taxonomy_tests --test external_consumer_contract_fixture_tests --test installed_contract_intent_pipeline_tests --test provenance_retention_codec_tests --test provider_contract_admission_tests --test retained_evidence_ref_tests --test trusted_runtime_host_loop_tests -- -D warnings -D missing-docs
cargo +1.90.0 clippy -p echo-wesley-gen --all-targets -- -D warnings -D missing-docs
cargo +1.90.0 xtask test-slice contract-path-release
cargo +1.90.0 xtask pr-preflight --full
pnpm exec markdownlint-cli2 CHANGELOG.md README.md crates/warp-core/README.md docs/architecture/application-contract-hosting.md docs/case-studies/JimAndEcho.md docs/topics/ContractInverseAdmission.md docs/topics/GeneratedRules.md docs/topics/WAL.md docs/topics/security/ThreatModel.md
DETERMINISM_FORCE_NO_RG=1 scripts/ban-nondeterminism.sh
bash tests/hooks/test_verify_local.sh
git diff --check

The repository no longer exposes an xtask verify subcommand; xtask pr-preflight --full is the current documented full branch gate. It passed all seven preflight checks. The final push hook also passed all 17 selected Rust slices.

Dependency rationale

This PR adds no new external runtime dependency. echo-wesley-gen continues to use the already-pinned published wesley-core = 0.3.0-alpha.1 contract and owns the proof-consuming adapter so warp-core does not rediscover, regenerate, or reinterpret provider semantics. The trusted lower installation primitive intentionally does not reauthenticate package bytes; it accepts only the opaque proof from the corroboration crossing.

Compatibility

This is an intentional pre-1.0 source evolution:

  • public installed-contract carrier fields now use Option<InstalledInvocationEvidence> rather than Option<ContractEvidenceIdentity>;
  • InstalledInvocationEvidence is non-exhaustive, so downstream direct matches require a wildcard arm;
  • legacy callers can use LegacyContract, .into(), or legacy_contract();
  • provider callers can use provider_v1();
  • RuntimeError gains InstalledContractIntentKindMismatch and UnsupportedInstalledProviderContractMutation;
  • ContractInverseObstruction gains ProviderTargetUnsupported; and
  • the legacy tag-1 WAL bytes remain unchanged while provider evidence uses validated tag 2.

Documentation impact

Updated:

  • root and warp-core READMEs;
  • application-contract hosting architecture;
  • generated-rules, WAL, inverse-admission, and threat-model topics;
  • the Jim/Echo case study; and
  • CHANGELOG.md.

The docs explicitly distinguish proposal, admission, corroboration, installation, invocation, receipt, and WAL evidence, and state the remaining authentication, authorization, schema-validation, and bounded-read limitations.

Review

Two independent read-only reviews were completed. Review findings around exact rule selection, EINT kind enforcement, WAL structural validation, fresh-host recovery, public enum extensibility, and compatibility documentation were addressed with focused witnesses. The final seam review found no remaining blocking, high, or medium correctness/soundness issue.

Checklist

  • Local fmt, strict Clippy, focused tests, full feature tests, release slice, docs checks, hook regressions, and full PR preflight are green
  • Changes are split into focused commits; no commit was amended
  • Documentation and compatibility notes reflect the implemented behavior
  • GitHub CI green
  • Review threads resolved and approved review posture reached

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@flyingrobots, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 15 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2688036a-94fc-4c05-bd32-daecf0225ae6

📥 Commits

Reviewing files that changed from the base of the PR and between fef8dc3 and 612b47e.

⛔ Files ignored due to path filters (7)
  • Cargo.lock is excluded by !**/*.lock
  • crates/echo-wesley-gen/assets/v1/edict-provider/package/v1/generated/evidence/provenance.provider-generation.json is excluded by !**/generated/**
  • crates/echo-wesley-gen/assets/v1/edict-provider/package/v1/generated/evidence/review.provider-generation.json is excluded by !**/generated/**
  • schemas/edict-provider/generated/v1/evidence/provenance.provider-generation.json is excluded by !**/generated/**
  • schemas/edict-provider/generated/v1/evidence/review.provider-generation.json is excluded by !**/generated/**
  • schemas/edict-provider/package/v1/generated/evidence/provenance.provider-generation.json is excluded by !**/generated/**
  • schemas/edict-provider/package/v1/generated/evidence/review.provider-generation.json is excluded by !**/generated/**
📒 Files selected for processing (42)
  • .ban-nondeterminism-allowlist
  • .github/workflows/ci.yml
  • CHANGELOG.md
  • README.md
  • crates/echo-wesley-gen/Cargo.toml
  • crates/echo-wesley-gen/README.md
  • crates/echo-wesley-gen/assets/v1/edict-provider/package/v1/provider-manifest.echo.json
  • crates/echo-wesley-gen/assets/v1/repository/Cargo.lock.source
  • crates/echo-wesley-gen/assets/v1/repository/crates/echo-wesley-gen/Cargo.toml.source
  • crates/echo-wesley-gen/src/provider_package.rs
  • crates/echo-wesley-gen/tests/provider_package.rs
  • crates/echo-wesley-gen/tests/provider_package_corpus.rs
  • crates/warp-core/Cargo.toml
  • crates/warp-core/README.md
  • crates/warp-core/src/causal_wal.rs
  • crates/warp-core/src/contract_inverse.rs
  • crates/warp-core/src/contract_obstruction.rs
  • crates/warp-core/src/contract_registry.rs
  • crates/warp-core/src/coordinator.rs
  • crates/warp-core/src/engine_impl.rs
  • crates/warp-core/src/lib.rs
  • crates/warp-core/src/provider_contract.rs
  • crates/warp-core/src/trusted_runtime_host.rs
  • crates/warp-core/tests/contract_obstruction_taxonomy_tests.rs
  • crates/warp-core/tests/external_consumer_contract_fixture_tests.rs
  • crates/warp-core/tests/installed_contract_intent_pipeline_tests.rs
  • crates/warp-core/tests/provenance_retention_codec_tests.rs
  • crates/warp-core/tests/provider_contract_admission_tests.rs
  • crates/warp-core/tests/retained_evidence_ref_tests.rs
  • crates/warp-core/tests/trusted_runtime_host_loop_tests.rs
  • docs/architecture/application-contract-hosting.md
  • docs/case-studies/JimAndEcho.md
  • docs/topics/ContractInverseAdmission.md
  • docs/topics/GeneratedRules.md
  • docs/topics/WAL.md
  • docs/topics/security/ThreatModel.md
  • schemas/edict-provider/README.md
  • schemas/edict-provider/package/v1/provider-manifest.echo.json
  • scripts/verify-local.sh
  • tests/docs/test_generated_rule_truth.sh
  • tests/hooks/test_verify_local.sh
  • xtask/src/main.rs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch runtime/583-provider-proposal-admission

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@flyingrobots
flyingrobots merged commit 3fa8b4f into main Jul 17, 2026
40 checks passed
@flyingrobots
flyingrobots deleted the runtime/583-provider-proposal-admission branch July 17, 2026 16:46

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c4023a975d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/warp-core/src/provider_contract.rs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant