Claude/review scm security cn f lt #9
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add missing flake.nix (Nix fallback per RSR policy) - Update guix.scm version from 0.1.0 to 0.6.0 - Update STATE.scm with current project state (294 proofs, 6 systems) - Update SECURITY.md version and theorem count - Update .well-known files with accurate v0.6.0 metadata - Fix provenance.json with correct proof statistics All versions now consistent at 0.6.0 across SCM and security files.
This commit recovers the actual Valence Shell project vision after it was overwritten by AI with RSR compliance documentation. What changed: - README.adoc: Now explains what Valence Shell IS (thermodynamic shell, Saga pattern, reversible transactions) instead of listing proof counts - CLAUDE.md: Focused on sacred file protection and project identity - STATE.adoc: NEW - cross-conversation context tracking - HANDOVER.md: NEW - complete context for AI assistants - META.scm: Machine-readable project metadata - ECOSYSTEM.scm: Layer structure and ecosystem position - justfile: Elixir-focused task automation - hooks/pre-commit: Protect sacred files from AI modification The core insight: Valence Shell treats commands as Sagas with compensation. Every operation has an inverse. F⁻¹(F(s)) = s. Phase 1 (current): Hypervisor supervising /bin/sh Phase 2: LD_PRELOAD syscall interception Phase 3: Shell → Elixir AST transpilation
Phase 1 foundation - the Hypervisor pattern:
Core modules:
- Valence.Command - 4-callback behaviour for reversible operations
- describe/1 → :safe | :warn | :danger
- execute/2 → {:ok, result, compensation}
- compensate/2 → undo the operation
- verify/1 → detect drift (Two Generals)
- Valence.History.Zipper - O(1) undo/redo without state copying
- push/back/forward in constant time
- Functional, immutable structure
- Valence.Journal - Idempotency for crash recovery
- Track pending/completed/compensated states
- Same key = cached result (no re-execution)
- Valence.Saga - Compensating transaction coordinator
- Multi-step operations as atomic units
- Automatic rollback on failure
Sample commands:
- Directory.Mkdir / Directory.Rmdir
- FileOps.Touch / FileOps.Rm / FileOps.Write
Proofs:
- proofs/coq/rmr.v - Reversibility axiom F⁻¹(F(s)) = s
Tests:
- Zipper unit tests
- Property-based tests with StreamData
New standards for Valence Shell operations: PLAYBOOK.scm - Operational playbooks: - Recovery procedures (crash recovery, undo cascade, drift) - Operational patterns (command execution, batch, interactive) - Danger zone handling - Maintenance playbooks (journal compaction, history pruning) AGENTIC.scm - AI agent integration: - Capability tiers (0-4: read-only → forbidden) - Delegation policies and escalation - Human-in-the-loop requirements - Conative Gating integration - Agent session lifecycle NEUROSYM.scm - Neurosymbolic integration: - Neural-symbolic architecture (LLM proposes, proofs verify) - Verification pipeline - ECHIDNA multi-solver integration - Trust hierarchy - Bridge layer for neural ↔ symbolic translation These integrate with META.scm, ECOSYSTEM.scm, and STATE.scm.
Config: - config/config.exs - Main configuration - config/dev.exs, test.exs, prod.exs - Environment configs - config/runtime.exs - Runtime configuration Quality: - .credo.exs - Strict Credo linting rules - Improved elixir.yml CI - formatting, credo, dialyzer Hooks: - scripts/install-hooks.sh - Automated hook installation - justfile: Added setup, install-hooks recipes Templates: - .github/PULL_REQUEST_TEMPLATE.md - .github/ISSUE_TEMPLATE/bug_report.md (updated) - .github/ISSUE_TEMPLATE/feature_request.md (updated) - .github/ISSUE_TEMPLATE/proof_request.md (new) Documentation: - ARCHITECTURE.md - System design, phases, ADRs This completes the production-quality infrastructure for Valence Shell.
- Resolved conflicts in .github/workflows/elixir.yml - Resolved conflicts in justfile - Resolved conflicts in hooks/pre-commit - Incorporates updates from main branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.