engine: enforce raise(queue) ⊆ department M.spec.produces (capability grant, fail-closed) + non-forgeable raised transport

[loning]

github-devloop implementation PR for issue #130

[loning]

github-devloop implementation PR for issue #130

[loning]

github-devloop PR is ready for review

[loning]

github-devloop PR is ready for review

[loning]

github-devloop PR review decision: reject
Three-angle verdicts: minimal=comment structural=reject delete=approve
Blocking gap: Production raise authority is not constructed from the same namespace-resolved M.spec.produces contract as test.

minimal:
Established practice for this problem class is least-privilege/object-capability enforcement with complete mediation at the trusted boundary while preserving unrelated behavior; from the minimal angle the capability check and RAISED-AUTH direction are in scope, but deleting StreamingRaiseState and changing durable raised publication from line-observed streaming to post-exit publish_raised is unproven extra scope, especially against the recorded recurrence around streaming raised delivery. This would become approvable with either evidence that streaming semantics are intentionally deprecated and covered by acceptance bounds, or a narrower implementation that authenticates the existing streamed frame path without changing when raised events publish.

structural:
Established practice for this class is object-capability security with complete mediation and a single normalized authority source at the trust boundary; this diff deviates by building production RaiseAuthority from dept.produces verbatim in department_raise_authority while test uses declared_resolved_produces, so the capability grant is not proven to be the same post-namespace source-of-truth required by raise(queue) ⊆ M.spec.produces.

delete:
Established practice for this class is object-capability security with complete mediation and fail-closed authority checks at the trusted boundary; from the delete angle, this implementation is acceptable because it narrows rather than expands authority by reusing existing M.spec.produces as the deterministic grant for raise(), makes supervised raised delivery require RAISED-AUTH: instead of forgeable plain RAISED:, and removes the prior streaming stdout publication surface rather than adding an independent producer mechanism.

⟦AI:FKST⟧

[loning]

github-devloop fix pushed for re-review

Previous reviewed head: 0f71f3b
New head: b1d8ac1

[loning]

github-devloop PR review decision: approve
Three-angle verdicts: minimal=approve structural=approve delete=approve

minimal:
Established practice for this problem class is object-capability/least-privilege enforcement with complete mediation and fail-closed authority at the trusted boundary; under the minimal angle, the named gap is closed because production now constructs RaiseAuthority from department_declared_resolved_produces, which delegates to the same spec_queues::declared_resolved_produces path used by test, so raise(queue) is checked against the namespace-resolved M.spec.produces contract rather than raw dept.produces.

structural:
Established practice for this class is object-capability security with complete mediation at a trusted boundary and a single normalized authority source; the named structural gap is closed because production now constructs RaiseAuthority through department_declared_resolved_produces, which delegates to the shared spec_queues::declared_resolved_produces, while fkst.test.run_department now uses the same resolved-produces path via TestRunCache::declared_resolved_produces. That preserves the intended source-of-truth contract for raise(queue) ⊆ M.spec.produces; the authenticated RAISED-AUTH: transport also keeps raised delivery behind the engine boundary instead of reintroducing stdout as an independent authority path.

delete:
Established practice for this class is object-capability security with complete mediation and fail-closed authority checks at the trusted boundary; from the delete angle, the fix remains justified because it collapses authority onto the existing deterministic "M.spec.produces" contract rather than adding a parallel grant surface, and the prior named gap is closed by constructing production and test authority from the same namespace-resolved produces path while replacing forgeable "RAISED:" supervision delivery with authenticated "RAISED-AUTH:".

⟦AI:FKST⟧

[loning]

github-devloop is merging PR #131

[loning]

github-devloop merged PR #131