Skip to content

Commit 0aff6e5

Browse files
wip v28
1 parent affb324 commit 0aff6e5

24 files changed

Lines changed: 2356 additions & 40 deletions

BITCODE_SPEC_V28.md

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -359,6 +359,69 @@ Acceptance criteria:
359359
`frontier/*` or mock repository leakage, and no ledger/database drift for any
360360
finality that Terminal claims.
361361

362+
#### Pipeline host runtime environment for Read/Fit QA
363+
364+
V28 now admits a lightweight deployment harness because the first commercial
365+
Read/Fit result cannot be reviewed from local posture rows alone.
366+
The harness is not the full V34 distributed deployment program; it is the
367+
minimum real host contract needed to prove that AssetPack pipeline execution,
368+
agent/prompt/tool context, artifact export, and telemetry readback are running
369+
before Terminal may classify a Read as `worthy_fit` or `no_worthy_fit`.
370+
371+
The V28 QA host is Vercel Sandbox.
372+
The active host capability contract is:
373+
374+
- isolated Firecracker microVM execution on Amazon Linux 2023;
375+
- default working directory `/vercel/sandbox`;
376+
- stable documented runtimes `node24`, `node22`, and `python3.13`, with
377+
`node24` as the default Bitcode harness runtime;
378+
- `vercel-sandbox` user with sudo available for setup;
379+
- ephemeral filesystem, requiring evidence export before sandbox stop;
380+
- command execution, command log collection, file upload/download, exposed
381+
ports when explicitly requested, snapshots, and egress network policies;
382+
- authentication through Vercel OIDC tokens from a linked project or through
383+
explicit access-token variables for non-Vercel environments.
384+
385+
The V28 pipeline harness must write a manifest before execution containing:
386+
387+
- Read id and Read text;
388+
- Deposit id and optional deposited AssetPack id;
389+
- repository full name, branch, and commit;
390+
- host capability summary;
391+
- expected stages: deposit search, candidate ranking, Read comprehension,
392+
AssetPack synthesis, validation, Finish, and telemetry readback;
393+
- expected SQL evidence surfaces: `executions`, `execution_events`,
394+
`pipeline_runs`, `run_jobs`, `stream_logs`, `phase_executions`,
395+
`deliverable_pipeline_runs`, `deliverable_pipeline_phase_delegations`,
396+
`deliverable_pipeline_agent_steps`, `deliverable_pipeline_generations`, and
397+
`deliverable_pipeline_tool_executions`;
398+
- admissible result states `worthy_fit`, `no_worthy_fit`, and
399+
`blocked_readiness`;
400+
- redacted command-environment names only, never secret values.
401+
402+
The harness has two admissible modes:
403+
404+
- `host_smoke`: proves Vercel Sandbox creation, command execution, artifact
405+
export, and stop/cleanup. This mode always produces `blocked_readiness`
406+
because it does not invoke the AssetPack pipeline.
407+
- `asset_pack_pipeline`: clones or mounts the selected repository revision,
408+
installs workspace dependencies, invokes the AssetPack pipeline entrypoint,
409+
exports evidence and telemetry artifacts, and relies on SQL readback before
410+
any commercial result is accepted.
411+
412+
Read/Fit result review remains fail-closed:
413+
414+
- `worthy_fit` requires source-bound pipeline output plus event, phase, agent,
415+
generation/tool, proof/readiness, and ledger/database readback evidence.
416+
- `no_worthy_fit` requires source-bound rejection reasons from the pipeline,
417+
not absence of UI posture alone.
418+
- `blocked_readiness` is mandatory when source materialization, model/tool
419+
credentials, telemetry persistence, BTC fee, ledger anchor, settlement,
420+
AssetPack range projection, or finality readback is unavailable.
421+
- secrets for wallets, GitHub, model providers, Supabase service roles, or
422+
other systems may be passed into a sandbox only by explicit allowlist or
423+
brokered network policy; routine QA artifacts must show only redacted names.
424+
362425
### Gate 4: Terminal AssetPack Range Detail
363426

364427
Purpose:

BITCODE_V28_QA.md

Lines changed: 119 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -896,6 +896,18 @@ repository already deposited, but Terminal code and operator flow must remain
896896
fully generic across repository owner, repository, branch, commit, signer, and
897897
source type.
898898
899+
First-run execution boundary:
900+
901+
- A recorded Fit posture is not yet a commercial worthy Fit unless the deployed
902+
pipeline has actually executed and written its evidence.
903+
- Until real pipeline execution exists, the honest positive-control result is
904+
`blocked_readiness`: Deposit, Read admission, source binding, and Fit posture
905+
are reviewable, but AssetPack range, ledger anchor, BTC fee, settlement, and
906+
finality readback must not be claimed.
907+
- `worthy_fit` and `no_worthy_fit` become commercially admissible only when the
908+
result is derived from pipeline execution evidence rather than local posture
909+
rows alone.
910+
899911
Starting condition:
900912
901913
- Pass 2A Deposit submission has succeeded.
@@ -971,7 +983,9 @@ Manual steps:
971983
enabled, inspect the preview first. Only click it if the preview names source
972984
revision, proof/finality posture, wallet authorization, and expected database
973985
readback.
974-
9. Run saved query `v28_qa_terminal_06_read_fit_quality_after_read`.
986+
9. Run saved query `v28_qa_terminal_06_read_fit_quality_after_read`. Before the
987+
first deployed pipeline execution, expect `latest_fit_result_state` to be
988+
`blocked_readiness`, not `worthy_fit`.
975989
10. Rerun `v28_qa_terminal_02_activity_after_write` and
976990
`v28_qa_terminal_03_btd_ledger_after_terminal`.
977991
11. Paste screenshots, Network payload summaries, Vercel logs for the same
@@ -982,12 +996,17 @@ Pass criteria:
982996
- `v28_qa_terminal_06_read_fit_quality_after_read` reports
983997
`critical_read_gate_state='critical_read_fit_sequence_ready_for_result_review'`
984998
for the positive-control run.
999+
- Query 06 also reports `latest_fit_result_state` as one of `worthy_fit`,
1000+
`no_worthy_fit`, or `blocked_readiness`. Before deployed pipeline execution is
1001+
wired, the accepted result is `blocked_readiness`.
9851002
- The observed repository matches the latest deposited repository.
9861003
- Branch and commit are present on Deposit, Read, and Fit activity.
9871004
- Deposit precedes Read, and Read precedes Fit.
9881005
- No `frontier/*` repository or mock repository appears in staging-testnet
9891006
activity.
9901007
- Fit evidence is source-bound and quality-explained, not just a summary.
1008+
- Real `worthy_fit` or `no_worthy_fit` classification is backed by deployed
1009+
pipeline execution rows, events, logs, and result evidence.
9911010
- Settlement, finality, BTC fee, BTD range, or ledger anchor claims appear only
9921011
when query 03 shows matching projection rows; otherwise the Terminal result
9931012
labels the exact blocked-readiness state.
@@ -1005,6 +1024,105 @@ Commercial blockers:
10051024
- Any staging-testnet Read/Fit row contains `frontier/*`, mock provider, or
10061025
protocol-demo source as if it were live deposited source.
10071026
1027+
### Pass 2C: Vercel Sandbox Pipeline Harness QA
1028+
1029+
Purpose:
1030+
Prove that the Read/Fit path can run inside the first lightweight deployment
1031+
host before QA treats a Fit result as commercially meaningful. This pass checks
1032+
the harness itself: sandbox creation, command execution, manifest binding,
1033+
artifact export, telemetry, database persistence, and cleanup.
1034+
1035+
Prerequisites:
1036+
1037+
- Vercel project is linked and local OIDC credentials are current:
1038+
`vercel link && vercel env pull`.
1039+
- `@vercel/sandbox` is installed in the workspace running the harness.
1040+
- Pass 2B has produced a Deposit, Read, and Fit posture for the same repository,
1041+
branch, and commit.
1042+
- No wallet, GitHub, Supabase, model, or provider secret is passed into the
1043+
sandbox unless it is explicitly named in `BITCODE_SANDBOX_ENV_KEYS` for this
1044+
run and the network policy is understood.
1045+
1046+
Host smoke command:
1047+
1048+
```bash
1049+
BITCODE_RUN_VERCEL_SANDBOX_HARNESS=1 \
1050+
BITCODE_SANDBOX_MODE=host_smoke \
1051+
BITCODE_SANDBOX_REPOSITORY=engineeredsoftware/ENGI \
1052+
BITCODE_SANDBOX_SOURCE_BRANCH=main \
1053+
BITCODE_SANDBOX_SOURCE_COMMIT=31bbc0c5227b6b3aed5d107fd8507d35ec22970a \
1054+
pnpm run qa:pipeline-harness:sandbox
1055+
```
1056+
1057+
Expected host smoke result:
1058+
1059+
- The script creates a Vercel Sandbox, runs `node --version`, writes a harness
1060+
manifest, writes `evidence.json` and `telemetry.jsonl`, reads both artifacts
1061+
back, and stops the sandbox unless `BITCODE_SANDBOX_LEAVE_RUNNING=1`.
1062+
- The returned result state is `blocked_readiness`; this is correct because
1063+
host smoke proves only the host lifecycle.
1064+
1065+
Repository pipeline command:
1066+
1067+
```bash
1068+
BITCODE_RUN_VERCEL_SANDBOX_HARNESS=1 \
1069+
BITCODE_SANDBOX_MODE=asset_pack_pipeline \
1070+
BITCODE_SANDBOX_SOURCE_GIT_URL=https://github.com/engineeredsoftware/ENGI.git \
1071+
BITCODE_SANDBOX_SOURCE_BRANCH=main \
1072+
BITCODE_SANDBOX_SOURCE_COMMIT=31bbc0c5227b6b3aed5d107fd8507d35ec22970a \
1073+
BITCODE_SANDBOX_SOURCE_REVISION=31bbc0c5227b6b3aed5d107fd8507d35ec22970a \
1074+
pnpm run qa:pipeline-harness:sandbox
1075+
```
1076+
1077+
If database streaming is intentionally being tested, pass only the required
1078+
keys by name:
1079+
1080+
```bash
1081+
BITCODE_PIPELINE_STREAM_TO_DATABASE=1 \
1082+
BITCODE_PIPELINE_STRUCTURED_DB=1 \
1083+
BITCODE_SANDBOX_ENV_KEYS=SUPABASE_URL,SUPABASE_SERVICE_ROLE_KEY,OPENAI_API_KEY
1084+
```
1085+
1086+
After either harness run:
1087+
1088+
1. Save the command JSON summary, sandbox id, command exit codes, and artifact
1089+
presence fields.
1090+
2. Run saved query
1091+
`supabase/queries/v28_qa_terminal_07_pipeline_harness_after_fit.sql`.
1092+
3. Rerun `v28_qa_terminal_06_read_fit_quality_after_read` and
1093+
`v28_qa_terminal_03_btd_ledger_after_terminal`.
1094+
4. Capture Vercel Sandbox dashboard/log evidence for the same timestamps.
1095+
1096+
Pass criteria:
1097+
1098+
- Host smoke returns exported evidence and telemetry artifacts and stops the
1099+
sandbox cleanly.
1100+
- The repository pipeline run either produces source-bound AssetPack pipeline
1101+
evidence or an explicit `blocked_readiness` error artifact.
1102+
- Query 07 reports `pipeline_harness_ready_for_result_review`, or reports a
1103+
precise blocker/warning that Terminal also shows as blocked-readiness.
1104+
- Query 07 shows recent pipeline runtime evidence in at least the base runtime
1105+
surfaces (`pipeline_runs` or `deliverable_pipeline_runs`) plus event/log
1106+
telemetry (`execution_events` or `stream_logs`).
1107+
- Phase and agent-step telemetry appear before any result can be promoted past
1108+
blocked-readiness.
1109+
- Generation/tool rows appear before any model/tool-mediated Fit quality claim
1110+
can be accepted.
1111+
- Query 03 still shows no AssetPack range, BTC fee, ledger anchor, settlement,
1112+
or finality claim without matching projection rows.
1113+
1114+
Commercial blockers:
1115+
1116+
- The harness cannot create a sandbox or authenticate with Vercel.
1117+
- The harness runs but cannot export evidence artifacts before sandbox stop.
1118+
- A `worthy_fit` or `no_worthy_fit` result is claimed without query 07 runtime
1119+
evidence.
1120+
- Provider tokens, wallet signatures, GitHub credentials, model keys, or
1121+
Supabase service-role secrets appear unredacted in command output, artifacts,
1122+
browser telemetry, or routine QA query rows.
1123+
- Terminal enables settlement, minting, branch materialization, BTC fee
1124+
broadcast, or ledger finality from a host smoke result.
1125+
10081126
## 2026-05-13 Staging Deployment Readiness Gate
10091127
10101128
Purpose:

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@
4747
"audit:stories": "node scripts/audit_stories.js",
4848
"check:prompts": "node scripts/generate_prompt_inventory.js --ci",
4949
"lint": "eslint packages --ext .ts,.tsx",
50-
"typecheck:core": "pnpm -C packages/execution-generics run typecheck && pnpm -C packages/pipelines-generics run typecheck && pnpm -C packages/agent-generics run typecheck && pnpm -C packages/streams run typecheck",
50+
"typecheck:core": "pnpm -C packages/execution-generics run typecheck && pnpm -C packages/pipelines-generics run typecheck && pnpm -C packages/pipeline-hosts run typecheck && pnpm -C packages/agent-generics run typecheck && pnpm -C packages/streams run typecheck",
5151
"lint:core": "pnpm exec eslint packages/execution-generics packages/pipelines-generics packages/agent-generics/src packages/streams/src --ext .ts,.tsx",
5252
"lint:agents": "eslint packages/generic-agents packages/pipelines/asset-pack/src/agents --ext .ts",
5353
"prelint:agents": "pnpm run build:eslint-plugin",
@@ -73,6 +73,7 @@
7373
"db:squash": "bash scripts/db-squash.sh",
7474
"render:prompts": "pnpm -C packages/pipelines/asset-pack exec ts-node --transpile-only scripts/render-prompts.ts",
7575
"render:prompts:all": "pnpm -C packages/pipelines/asset-pack exec ts-node --transpile-only scripts/render-prompts.ts --scope=all",
76+
"qa:pipeline-harness:sandbox": "pnpm -C packages/pipeline-hosts run qa:asset-pack:sandbox",
7677
"mcp:inspect": "pnpm exec mcp-inspector --stdio-command ./scripts/start-bitcode-mcp.sh"
7778
},
7879
"dependencies": {

packages/pipeline-hosts/README.md

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
# `@bitcode/pipeline-hosts`
2+
3+
This package owns host-runtime adapters for Bitcode pipeline QA. The first
4+
adapter is the Vercel Sandbox harness used to prove that Read/Fit and
5+
AssetPack pipeline work is running in an isolated host, emitting artifacts, and
6+
leaving enough telemetry for SQL readback.
7+
8+
## Vercel Sandbox Host Capabilities
9+
10+
- Firecracker microVM isolation on Amazon Linux 2023.
11+
- Default working directory: `/vercel/sandbox`.
12+
- Default runtime: `node24`; stable documented runtime options are `node24`,
13+
`node22`, and `python3.13`.
14+
- The sandbox user is `vercel-sandbox` and can use `sudo`.
15+
- Filesystem state is ephemeral. Evidence must be exported before stop, then
16+
persisted to Bitcode storage or database projections.
17+
- Command output, file upload/download, exposed ports, network policies, and
18+
snapshots are part of the host contract.
19+
- Auth is through Vercel OIDC tokens from `vercel link && vercel env pull`, or
20+
through access-token variables for non-Vercel hosts.
21+
22+
## Harness Modes
23+
24+
`host_smoke` verifies the host lifecycle only. It creates a sandbox, writes a
25+
manifest and runner, executes Node, writes `evidence.json` and
26+
`telemetry.jsonl`, exports them, then stops the sandbox. The result is always
27+
`blocked_readiness` because the AssetPack pipeline was not invoked.
28+
29+
`asset_pack_pipeline` clones or mounts a repository source, installs workspace
30+
dependencies, and runs the AssetPack pipeline runner in the sandbox. It still
31+
requires SQL readback before any `worthy_fit`, settlement, range, BTC fee, or
32+
ledger finality claim is commercially admissible.
33+
34+
## Live QA
35+
36+
Link a Vercel project and pull local OIDC credentials:
37+
38+
```bash
39+
vercel link
40+
vercel env pull
41+
```
42+
43+
Run the low-cost host smoke:
44+
45+
```bash
46+
BITCODE_RUN_VERCEL_SANDBOX_HARNESS=1 \
47+
BITCODE_SANDBOX_MODE=host_smoke \
48+
BITCODE_SANDBOX_REPOSITORY=engineeredsoftware/ENGI \
49+
BITCODE_SANDBOX_SOURCE_BRANCH=main \
50+
BITCODE_SANDBOX_SOURCE_COMMIT=31bbc0c5227b6b3aed5d107fd8507d35ec22970a \
51+
pnpm -C packages/pipeline-hosts run qa:asset-pack:sandbox
52+
```
53+
54+
Run the repository pipeline path after source access and credentials are ready:
55+
56+
```bash
57+
BITCODE_RUN_VERCEL_SANDBOX_HARNESS=1 \
58+
BITCODE_SANDBOX_MODE=asset_pack_pipeline \
59+
BITCODE_SANDBOX_SOURCE_GIT_URL=https://github.com/engineeredsoftware/ENGI.git \
60+
BITCODE_SANDBOX_SOURCE_BRANCH=main \
61+
BITCODE_SANDBOX_SOURCE_COMMIT=31bbc0c5227b6b3aed5d107fd8507d35ec22970a \
62+
BITCODE_SANDBOX_SOURCE_REVISION=31bbc0c5227b6b3aed5d107fd8507d35ec22970a \
63+
pnpm -C packages/pipeline-hosts run qa:asset-pack:sandbox
64+
```
65+
66+
Only pass secrets through `BITCODE_SANDBOX_ENV_KEYS` when the sandbox code path
67+
is trusted and its network policy is understood. Prefer credential brokering or
68+
strict allowlists before running untrusted generated code.
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
module.exports = {
2+
preset: 'ts-jest/presets/js-with-ts',
3+
testEnvironment: 'node',
4+
testMatch: ['**/__tests__/**/*.test.ts'],
5+
testPathIgnorePatterns: ['/node_modules/', '/dist/'],
6+
roots: ['<rootDir>'],
7+
moduleFileExtensions: ['ts', 'js', 'json', 'node'],
8+
globals: {
9+
'ts-jest': {
10+
tsconfig: '<rootDir>/../../tsconfig.json',
11+
diagnostics: false,
12+
},
13+
},
14+
};
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{
2+
"name": "@bitcode/pipeline-hosts",
3+
"version": "0.1.0",
4+
"private": true,
5+
"description": "Bitcode pipeline host adapters and Vercel Sandbox harnesses.",
6+
"main": "src/index.ts",
7+
"types": "src/index.ts",
8+
"exports": {
9+
".": {
10+
"types": "./src/index.ts",
11+
"default": "./src/index.ts"
12+
},
13+
"./src/*": "./src/*",
14+
"./package.json": "./package.json"
15+
},
16+
"files": [
17+
"src"
18+
],
19+
"scripts": {
20+
"test": "pnpm exec jest --config jest.config.cjs --passWithNoTests",
21+
"typecheck": "tsc --noEmit",
22+
"qa:asset-pack:sandbox": "ts-node --transpile-only src/dev/run-asset-pack-sandbox-harness.ts"
23+
},
24+
"dependencies": {
25+
"@vercel/sandbox": "^1.10.2"
26+
},
27+
"devDependencies": {
28+
"@types/jest": "^29.5.12",
29+
"@types/node": "^25.0.0",
30+
"jest": "^29.7.0",
31+
"ts-jest": "^29.1.1",
32+
"ts-node": "10.9.2",
33+
"typescript": "^5.0.0"
34+
}
35+
}

0 commit comments

Comments
 (0)