Skip to content

Commit fd195d2

Browse files
V31 Gate 7: Add interface admission catalog (#50)
Deepens AuxillariesInterfaceAdmission with supported actions, current admitted actions, policy requirements, source-safety classes, blockers, deferred-product depth, and required proof roots across Terminal, API, MCP, ChatGPT App, Exchange, Conversations, and future hooks. Renders the package-owned catalog in the Interfaces pane, carries interfaceAdmissions through user data, documents the source-safe boundaries, and adds the Gate 7 checker plus workflow coverage. Validation: pnpm run check:v31-gate1 && pnpm run check:v31-gate2 && pnpm run check:v31-gate3 && pnpm run check:v31-gate4; pnpm run check:v31-gate5 && pnpm run check:v31-gate6 && pnpm run check:v31-gate7; pnpm --filter @bitcode/api build; pnpm -C uapi exec tsc --noEmit --pretty false; pnpm --filter @bitcode/api exec jest --config jest.config.cjs --runTestsByPath src/routes/__tests__/auxillaries-contract.test.ts --runInBand; pnpm -C uapi exec jest --runTestsByPath tests/orbitalsInterfacesPane.test.tsx tests/userDataRoute.test.ts --runInBand; git diff --check; strict changed-file secret sweep.
1 parent 0c75d49 commit fd195d2

16 files changed

Lines changed: 782 additions & 35 deletions

.github/workflows/bitcode-gate-quality.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ jobs:
101101
node scripts/check-v31-gate4-connects-provider-readiness.mjs --skip-branch-check
102102
node scripts/check-v31-gate5-wallet-btd-pane-readiness.mjs --skip-branch-check
103103
node scripts/check-v31-gate6-organization-team-role-policy-authority.mjs --skip-branch-check
104+
node scripts/check-v31-gate7-interfaces-pane-admission-cross-surface-contracts.mjs --skip-branch-check
104105
else
105106
echo "Unexpected BITCODE_SPEC.txt pointer: $POINTER" >&2
106107
exit 1

BITCODE_SPEC_V31.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -268,6 +268,10 @@ Gate 7 Interfaces precision:
268268

269269
- Interface admission records enumerate surface id, auth mode, supported actions, required policy, source-safety class, and current readiness.
270270
- Interfaces may point to Terminal, API, MCP, ChatGPT App, Exchange, or future hooks, but V31 does not implement deferred Exchange market law or Conversations product depth.
271+
- `AuxillariesInterfaceAdmission` now distinguishes `supportedActions` from the currently admitted `allowedActions`, so a surface can advertise the product action family it understands while remaining blocked or degraded for the current user/account posture.
272+
- Each admission record carries `policyRequirements`, legacy-compatible `policyConstraints`, blockers, `deferredProductDepth`, source-safety class, and `interfaceAdmissionRoot`.
273+
- The required V31 admission catalog contains `terminal`, `api`, `mcp`, `chatgpt-app`, `exchange-hook`, `conversations-hook`, and `future-interface-hooks`.
274+
- Exchange and Conversations records are present as source-safe hooks only; they remain blocked with explicit deferred-product blockers until later versions implement market law or Conversations product depth.
271275

272276
Gate 8 UX precision:
273277

@@ -359,6 +363,7 @@ V31 adds a package-owned proof that interface surfaces consume admitted Auxillar
359363
- Terminal, API, MCP, and ChatGPT App may read interface admission to gate source-safe actions and protected actions.
360364
- Exchange and Conversations remain deferred product-depth hooks, not admitted market or conversation implementation.
361365
- The proof fails closed on missing auth mode, unsupported action, protected source, secrets, route-local policy copies, stale readiness, or missing policy root.
366+
- The Auxillaries Interfaces pane renders the same admission records as a catalog: surface, auth mode, readiness, source-safety class, supported actions, currently admitted actions, policy requirements, blockers, and proof root. It does not recalculate policy locally.
362367

363368
## V31 local and staging promotion readiness canon
364369

BITCODE_SPEC_V31_DELTA.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,14 @@ Closure acceptance:
179179
- each record names auth mode, supported actions, source-safety class, policy requirements, blockers, and readiness;
180180
- V31 does not implement deferred Exchange market law or Conversations product depth.
181181

182+
Gate 7 implementation centers:
183+
184+
- `packages/api/src/routes/auxillaries-contract.ts` deepens `AuxillariesInterfaceAdmission` with `policyRequirements`, legacy-compatible `policyConstraints`, `supportedActions`, current `allowedActions`, `sourceSafetyClass`, `deferredProductDepth`, blockers, readiness, and proof roots;
185+
- `buildAuxillariesInterfaceAdmissions` emits the required catalog for Terminal, API, MCP, ChatGPT App, Exchange hook, Conversations hook, and future interface hooks, keeping Exchange and Conversations blocked as deferred product-depth hooks;
186+
- `validateAuxillariesContractSnapshot` now fails malformed snapshots that omit required interface ids or the required admission fields;
187+
- `uapi/hooks/useUserData.ts` and `.js` carry `interfaceAdmissions` into UI read models, and `AuxillariesInterfacesPane.tsx` renders the source-safe catalog without deriving policy locally;
188+
- focused API and Interfaces pane tests assert supported actions, admitted actions, policy requirements, source-safety classes, deferred blockers, proof roots, and autosaved interface defaults.
189+
182190
### Gate 8: Auxillaries UX Accessibility And Responsive Proof
183191

184192
Gate 8 proves the user experience.

BITCODE_SPEC_V31_NOTES.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ V31 owns deeper Auxillaries:
5757

5858
- Profile and account completeness become typed, persisted, projected, and recoverable.
5959
- Connects show provider readiness, credential posture without secrets, repair actions, retry semantics, and readback evidence.
60-
- Interfaces enumerate admitted commercial surfaces with auth modes, action boundaries, readiness, and source-safety posture.
60+
- Interfaces enumerate admitted commercial surfaces with auth modes, supported actions, currently admitted actions, policy requirements, blockers, readiness, source-safety posture, deferred-product boundaries, and proof roots. The V31 catalog includes Terminal, API, MCP, ChatGPT App, Exchange hook, Conversations hook, and future interface hooks; Exchange market law and Conversations product depth remain explicitly blocked.
6161
- Wallet and BTD panes consume V30 wallet, signer, BTD range, read-right, treasury, settlement, and no-custody primitives.
6262
- Organization, team, member role, multi-sig readiness, explicit grants, policy decisions, denial reasons, and recovery routes become package-owned and UI-visible.
6363
- Readiness diagnostics and recovery runs are executions with source-safe before/after evidence.

BITCODE_SPEC_V31_PARITY_MATRIX.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -129,18 +129,18 @@ No `_legacy/` source is active source truth.
129129

130130
| Requirement | Source evidence | Current V31 judgment |
131131
| --- | --- | --- |
132-
| Organization authority is package-owned | `BtdOrganizationPolicyAuthority` and `buildBtdOrganizationPolicyAuthority` in `packages/btd/src/authority.ts`; `OrganizationPolicyAuthority` aliases that object in `packages/api/src/routes/auxillaries-contract.ts` | drafted |
133-
| Role, grants, policy, wallet binding, and denial reasons are typed | BTD tests cover allowed settlement-adjacent policy authority and protected-source denial; API tests assert organization/team/member/grant/policy/multi-sig route emission; Profile pane tests render the shared authority object | drafted |
134-
| Protected actions fail closed unless all authority inputs admit them | `packages/btd/__tests__/btd.test.ts` covers missing grant, wallet, policy, interface admission, multi-sig, settlement, read access, and confirmation denial reasons with blocked source visibility | drafted |
135-
| Terminal and Auxillaries consume one authority object | `uapi/hooks/useUserData.ts`, `uapi/app/auxillaries/components/AuxillariesSurface.tsx`, `uapi/app/auxillaries/components/AuxillariesProfilePane.tsx`, and `uapi/app/terminal/terminal-organization-authority.ts` consume/project `organizationAuthority` without route-local policy rederivation | drafted |
132+
| Organization authority is package-owned | `BtdOrganizationPolicyAuthority` and `buildBtdOrganizationPolicyAuthority` in `packages/btd/src/authority.ts`; `OrganizationPolicyAuthority` aliases that object in `packages/api/src/routes/auxillaries-contract.ts` | closed |
133+
| Role, grants, policy, wallet binding, and denial reasons are typed | BTD tests cover allowed settlement-adjacent policy authority and protected-source denial; API tests assert organization/team/member/grant/policy/multi-sig route emission; Profile pane tests render the shared authority object | closed |
134+
| Protected actions fail closed unless all authority inputs admit them | `packages/btd/__tests__/btd.test.ts` covers missing grant, wallet, policy, interface admission, multi-sig, settlement, read access, and confirmation denial reasons with blocked source visibility | closed |
135+
| Terminal and Auxillaries consume one authority object | `uapi/hooks/useUserData.ts`, `uapi/app/auxillaries/components/AuxillariesSurface.tsx`, `uapi/app/auxillaries/components/AuxillariesProfilePane.tsx`, and `uapi/app/terminal/terminal-organization-authority.ts` consume/project `organizationAuthority` without route-local policy rederivation | closed |
136136

137137
## Gate 7 Parity
138138

139139
| Requirement | Source evidence | Current V31 judgment |
140140
| --- | --- | --- |
141-
| Interfaces pane exposes admitted surfaces | Interfaces pane records and tests | pending |
142-
| Each surface names auth, actions, policy, source-safety, blockers, and readiness | package/API/MCP/ChatGPT App contract tests | pending |
143-
| Deferred Exchange and Conversations remain explicitly out of scope | specs, checker, and UI labels | pending |
141+
| Interfaces pane exposes admitted surfaces | `AuxillariesInterfaceAdmission` records in `packages/api/src/routes/auxillaries-contract.ts` enumerate Terminal, API, MCP, ChatGPT App, Exchange hook, Conversations hook, and future interface hooks; `uapi/app/auxillaries/components/AuxillariesInterfacesPane.tsx` renders the catalog | drafted |
142+
| Each surface names auth, actions, policy, source-safety, blockers, and readiness | `packages/api/src/routes/__tests__/auxillaries-contract.test.ts` asserts auth mode, `supportedActions`, current `allowedActions`, `policyRequirements`, `sourceSafetyClass`, blockers, readiness, and roots | drafted |
143+
| Deferred Exchange and Conversations remain explicitly out of scope | Exchange and Conversations hook records are blocked with `deferredProductDepth` values and deferred blockers; `uapi/tests/orbitalsInterfacesPane.test.tsx` reads those blockers in the catalog | drafted |
144144

145145
## Gate 8 Parity
146146

SPECIFICATIONS_ROADMAP.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
- Current active canonical pointer: `BITCODE_SPEC.txt` -> `V30`
66
- Current active canon: `BITCODE_SPEC_V30.md`
77
- Current draft target: `BITCODE_SPEC_V31.md`
8-
- Current working gate: V31 Gate 6 Organization Team Role Policy Authority, which binds account, organization, team, member, role, explicit grants, wallet binding, policy id/hash, multi-sig readiness, policy decision, denial reason, and recovery route into one package-owned authority object consumed by Auxillaries and Terminal.
8+
- Current working gate: V31 Gate 7 Interfaces Pane Admission And Cross-Surface Contracts, which turns the Interfaces pane into the source-safe admission catalog for Terminal, API, MCP, ChatGPT App, Exchange, Conversations, and future hooks with auth mode, supported actions, current admitted actions, policy requirements, source-safety class, blockers, readiness, deferred-product boundaries, and proof roots.
99
- Purpose: concise running index of Bitcode/ENGI specification history, current work, and planned work.
1010

1111
This roadmap is not an active system specification.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@
7070
"check:v31-gate4": "node scripts/check-v31-gate4-connects-provider-readiness.mjs",
7171
"check:v31-gate5": "node scripts/check-v31-gate5-wallet-btd-pane-readiness.mjs",
7272
"check:v31-gate6": "node scripts/check-v31-gate6-organization-team-role-policy-authority.mjs",
73+
"check:v31-gate7": "node scripts/check-v31-gate7-interfaces-pane-admission-cross-surface-contracts.mjs",
7374
"check:spec-quality": "node scripts/run-bitcode-spec-quality.mjs --mode basic",
7475
"check:spec-quality:title": "node scripts/run-bitcode-spec-quality.mjs --mode strict-from-title",
7576
"check:spec-quality:v24": "node scripts/run-bitcode-spec-quality.mjs --mode strict-version --version V24",

packages/api/README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,16 @@ denial reasons, source visibility, recovery route, and proof root. API
5858
responses must expose only the source-safe authority object shared by
5959
Auxillaries and Terminal.
6060

61+
Interface admission state is package-owned in `AuxillariesInterfaceAdmission`.
62+
The catalog emitted by `buildAuxillariesInterfaceAdmissions` covers Terminal,
63+
API, MCP, ChatGPT App, Exchange hook, Conversations hook, and future interface
64+
hooks. Each record carries auth mode, `supportedActions`, current
65+
`allowedActions`, policy requirements, legacy-compatible policy constraints,
66+
source-safety class, blockers, readiness, deferred-product depth, and an
67+
interface-admission root. Exchange market law and Conversations product depth
68+
remain blocked/deferred in V31; route and UI code may display the source-safe
69+
record but must not implement those product laws locally.
70+
6171
In V26 fourth-gate this package is where merged-world Bitcode becomes concrete:
6272
- `/conversations` continuity
6373
- `/executions` compatibility and pipeline-run APIs

packages/api/src/routes/__tests__/auxillaries-contract.test.ts

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -223,6 +223,105 @@ describe('Auxillaries package route contracts', () => {
223223
expect(payload.organizationAuthority.policy.policyHash).toMatch(/^[0-9a-f]{64}$/);
224224
expect(payload.organizationAuthority.actionDecision?.decision).toBe('allowed');
225225
expect(payload.organizationAuthority.authorityRoot).toMatch(/^btd-proof-root:organization-policy-authority:/);
226+
expect(payload.interfaceAdmissions.map((admission) => admission.interfaceId)).toEqual([
227+
'terminal',
228+
'api',
229+
'mcp',
230+
'chatgpt-app',
231+
'exchange-hook',
232+
'conversations-hook',
233+
'future-interface-hooks',
234+
]);
235+
expect(payload.interfaceAdmissions).toEqual(
236+
expect.arrayContaining([
237+
expect.objectContaining({
238+
interfaceId: 'terminal',
239+
surface: 'terminal',
240+
authMode: 'session',
241+
readiness: 'ready',
242+
policyRequirements: expect.arrayContaining([
243+
'session_required',
244+
'organization_policy_required_for_protected_actions',
245+
]),
246+
supportedActions: expect.arrayContaining([
247+
'request_read',
248+
'review_need',
249+
'request_finding_fits',
250+
'pay_btc_fee',
251+
'deliver_asset_pack',
252+
]),
253+
allowedActions: expect.arrayContaining([
254+
'request_read',
255+
'review_need',
256+
'request_finding_fits',
257+
]),
258+
sourceSafetyClass: 'source_safe',
259+
deferredProductDepth: 'none',
260+
}),
261+
expect.objectContaining({
262+
interfaceId: 'api',
263+
surface: 'api',
264+
authMode: 'api_key',
265+
readiness: 'ready',
266+
sourceSafetyClass: 'secret_free_summary',
267+
policyRequirements: expect.arrayContaining(['api_key_required', 'provider_scope_required']),
268+
supportedActions: expect.arrayContaining(['read_support_state', 'deliver_asset_pack']),
269+
}),
270+
expect.objectContaining({
271+
interfaceId: 'mcp',
272+
surface: 'mcp',
273+
authMode: 'provider_oauth',
274+
readiness: 'ready',
275+
sourceSafetyClass: 'secret_free_summary',
276+
policyRequirements: expect.arrayContaining([
277+
'provider_oauth_required',
278+
'wallet_binding_required_for_delivery',
279+
'organization_policy_required_for_protected_actions',
280+
]),
281+
}),
282+
expect.objectContaining({
283+
interfaceId: 'chatgpt-app',
284+
surface: 'chatgpt_app',
285+
authMode: 'session',
286+
readiness: 'ready',
287+
sourceSafetyClass: 'protected_source_redacted',
288+
policyRequirements: expect.arrayContaining([
289+
'protected_source_never_embedded_before_paid_unlock',
290+
]),
291+
}),
292+
expect.objectContaining({
293+
interfaceId: 'exchange-hook',
294+
surface: 'exchange',
295+
authMode: 'wallet_signature',
296+
readiness: 'blocked',
297+
allowedActions: [],
298+
blockers: ['exchange.market_depth_deferred_to_future_version'],
299+
deferredProductDepth: 'exchange_market_law',
300+
}),
301+
expect.objectContaining({
302+
interfaceId: 'conversations-hook',
303+
surface: 'future_hook',
304+
authMode: 'not_admitted',
305+
readiness: 'blocked',
306+
allowedActions: [],
307+
blockers: ['conversations.product_depth_deferred_to_future_version'],
308+
deferredProductDepth: 'conversations_product_depth',
309+
}),
310+
expect.objectContaining({
311+
interfaceId: 'future-interface-hooks',
312+
surface: 'future_hook',
313+
authMode: 'not_admitted',
314+
readiness: 'blocked',
315+
allowedActions: [],
316+
blockers: ['future_hooks.interface_contract_unregistered'],
317+
deferredProductDepth: 'future_interface_contract',
318+
}),
319+
]),
320+
);
321+
for (const admission of payload.interfaceAdmissions) {
322+
expect(admission.interfaceAdmissionRoot).toMatch(/^[0-9a-f]{64}$/);
323+
expect(admission.policyConstraints).toEqual(admission.policyRequirements);
324+
}
226325
expect(payload.auxillariesContract.contractVersion).toBe(AUXILLARIES_CONTRACT_VERSION);
227326
expect(validateAuxillariesContractSnapshot(payload.auxillariesContract)).toEqual({
228327
valid: true,

0 commit comments

Comments
 (0)