Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/workflows/bitcode-gate-quality.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ jobs:
node scripts/check-v29-gate4-reading-pipeline-observability.mjs --skip-branch-check
node scripts/check-v29-gate5-assetpack-disclosure-rights.mjs --skip-branch-check
node scripts/check-v29-gate6-settlement-reconciliation-repair.mjs --skip-branch-check
node scripts/check-v29-gate7-organization-permission-authority.mjs --skip-branch-check

- name: Validate source casing and imports
run: |
Expand All @@ -78,6 +79,8 @@ jobs:
run: |
pnpm --filter @bitcode/btd typecheck
pnpm --filter @bitcode/api build
pnpm --dir packages/executions-mcp/src/mcp-server run type-check
pnpm --dir packages/chatgptapp exec tsc --noEmit --pretty false
pnpm --filter @bitcode/pipeline-asset-pack typecheck
pnpm --filter @bitcode/pipeline-hosts typecheck

Expand All @@ -87,6 +90,8 @@ jobs:
pnpm --filter @bitcode/btd test -- --runTestsByPath __tests__/btc-fee-operation.test.ts
pnpm --filter @bitcode/btd test -- --runTestsByPath __tests__/btd.test.ts
pnpm --filter @bitcode/api exec jest --config jest.config.cjs --runTestsByPath src/routes/__tests__/btd-crypto.test.ts --runInBand
pnpm --dir packages/executions-mcp/src/mcp-server run test:mcp -- --runTestsByPath src/__tests__/unit/auth.test.ts --runInBand
pnpm --dir packages/chatgptapp exec jest --runTestsByPath src/__tests__/tools.test.ts --runInBand
pnpm --filter @bitcode/pipeline-hosts exec jest --config jest.config.cjs --runTestsByPath src/__tests__/asset-pack-harness.test.ts --runInBand
pnpm --filter @bitcode/pipeline-asset-pack exec jest --config jest.config.cjs --passWithNoTests --forceExit
pnpm --filter @bitcode/pipeline-asset-pack exec jest --config jest.config.cjs --runTestsByPath src/__tests__/reading-pipeline-observability.test.ts src/__tests__/reading-pipeline-contract.test.ts --runInBand
Expand All @@ -104,7 +109,9 @@ jobs:
tests/terminalTransactionReadModel.test.ts \
tests/terminalWalletBtcOperation.test.ts \
tests/terminalJournalReconciliation.test.ts \
tests/terminalOrganizationAuthority.test.ts \
tests/terminalTransactionDetailCards.test.tsx \
tests/terminalTransactionDetailSnapshot.test.ts \
tests/pipelineExecutionLogHeader.test.tsx \
--runInBand

Expand Down
34 changes: 34 additions & 0 deletions BITCODE_SPEC_V29.md
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,40 @@ Gate PRs into version branches must begin with the uppercase version and gate pr
- Current validating commands and parity basis: wallet tests, access tests, API route tests, Terminal permission tests, and staging auth readback.
- Current accepted boundaries: broad enterprise RBAC depth can expand inside V29 only when tied to Terminal transaction operation.

#### V29 organization interface authority canon

Organization permission authority is a BTD primitive, not a per-interface convention.
The canonical decision is `BtdOrganizationInterfaceAuthorityDecision`.
It binds actor id, organization id, organization role, organization permission grants, interface surface, action, wallet binding, registry read-access decision, settlement state, explicit confirmation state, repair approval state, target anchor, source visibility, and proof roots.

Gate 7 defines the current action set:

- `read_transaction`
- `request_read`
- `review_need`
- `request_finding_fits`
- `review_asset_pack_preview`
- `pay_btc_fee`
- `unlock_asset_pack_source`
- `deliver_asset_pack`
- `repair_projection`
- `administer_organization`

Each action has a minimum organization role, optional explicit permission grants, wallet-binding requirement, registry read-access requirement, settled-payment requirement, explicit-confirmation requirement, repair-approval requirement, and source-visibility result.
Protected-source actions fail closed unless role/grant, wallet binding, owner-read or licensed-read registry access, settlement, and interface admission all agree.
Source-safe preview actions may remain visible without protected source.

The same authority primitive must be used by:

- Terminal, as the ordinary permission explainer for selected activity detail;
- API routes, as the JSON-safe route decision for interface owners;
- MCP, as organization-scoped action authority over read-license and delivery operations;
- ChatGPT App, as connected-interface write admission over confirmed delivery writes;
- the sandbox harness, as emitted evidence for live Reading/AssetPack completion readback.

Authority proof roots include role root, permission root, read-access root, interface root, and aggregate authority root.
Terminal renders those roots with blockers and decision rows so operators can understand why a transaction can or cannot pay, unlock, deliver, repair, or administer without opening network logs.

### Disclosure and projection

- Current canonical objects and emitted artifacts: disclosure policy, projection policy, redaction decision, preview metadata, owner-read/licensed-read/denied state.
Expand Down
11 changes: 11 additions & 0 deletions BITCODE_SPEC_V29_DELTA.md
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,17 @@ Closure acceptance:

Gate 7 owns organization holdings, roles, read-license usage, registry-derived permission decisions, MCP/ChatGPT action authority alignment, and Terminal permission explainers.

Closure acceptance:

- `packages/btd/src/authority.ts` defines the shared organization/interface authority primitive, action requirements, registry holdings/read-license summary, source visibility, and proof roots.
- BTD tests prove organization holdings, active/expired/revoked read-license usage, paid delivery admission, unpaid unlock denial, and unsupported ChatGPT administration denial.
- `packages/api/src/routes/btd-crypto.ts` exposes JSON-safe organization authority decisions and `uapi/app/api/btd/organization-interface-authority/route.ts` binds the route.
- MCP auth can require interface authority after registry-derived owner-read or licensed-read evidence.
- ChatGPT App connected-interface write carriers require explicit confirmation, registry read-access evidence, and organization authority evidence before write execution.
- The sandbox harness emits `organizationAuthority` evidence alongside settlement unlock and ledger/database reconciliation.
- Terminal adds an Authority detail section rendering decision rows, blockers, and proof roots from the same payload.
- `pnpm run check:v29-gate7` passes with focused BTD, API, MCP, ChatGPT App, pipeline-hosts, and UAPI tests.

### Gate 8: Demonstration-Origin Commercial Formalization

Gate 8 owns cleanup of freshly ported demonstration-origin internals into package-native APIs, no demonstration runtime imports, durable package tests, and updated internal/public documentation.
Expand Down
20 changes: 20 additions & 0 deletions BITCODE_SPEC_V29_NOTES.md
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,26 @@ Operator notes:
- Terminal journal detail is the ordinary repair cockpit for this gate: drift classes, blockers, repair actions, proof roots, journal entries, and repair receipts must be visible without opening network logs.
- Raw payload remains audit material, not the primary operator interface.

## Gate 7 working notes

Gate 7 makes organization authority package-owned and interface-shared.

Accepted Gate 7 posture:

- BTD authority evaluates Terminal, API, MCP, and ChatGPT App surfaces against the same action requirement table.
- Registry-derived organization holdings and read-license usage are summarized as authority evidence, not aggregate spendable balance.
- Protected-source actions require owner-read or licensed-read access plus settled payment where the action crosses the source boundary.
- ChatGPT App writes remain impossible without explicit user confirmation, read-access evidence, and organization authority evidence.
- MCP can request interface authority after its existing permission and read-access checks.
- Terminal exposes authority as a normal selected-activity detail section with collapsed metrics, blockers, decision rows, proof roots, and raw payload.
- Sandbox harness output carries `organizationAuthority` so staging-testnet Reading runs can be debugged from Terminal.

Gate 7 completion condition:

- `pnpm run check:v29-gate7` passes.
- Focused BTD, API, MCP, ChatGPT App, pipeline-hosts, and UAPI tests cover the authority primitive and interface surfaces.
- Spec, delta, notes, parity, Terminal README, package scripts, and gate-quality workflow name the Gate 7 closure surface.

## Later-version boundaries

- V30 remains reserved for Protocol/BTD hardening that is not necessary to close Terminal transaction depth.
Expand Down
38 changes: 33 additions & 5 deletions BITCODE_SPEC_V29_PARITY_MATRIX.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ No `_legacy/` source is active source truth.
| Reading pipeline observability | Gate 4 | `packages/pipelines/asset-pack/src/reading-pipeline-observability.ts`, `packages/pipeline-hosts/src/asset-pack-harness.ts`, Terminal stream components, Gate 4 checker | drafted | Pipeline/phase/PTRR/ThricifiedGeneration/tool/prompt/raw-output/parsed-output telemetry is contract-projected, complete, and readable. |
| AssetPack disclosure rights | Gate 5 | `asset-pack-disclosure.ts`, AssetPack postprocess, sandbox harness, BTD access tests, Terminal disclosure review UI, Gate 5 checker | drafted | Source-safe preview and paid unlock are proven without protected-source leakage. |
| Settlement reconciliation repair | Gate 6 | BTD journal/reconciliation, Supabase readback, sandbox harness settlement evidence, Terminal repair UI, Gate 6 checker | drafted | Ledger, database, and metaphysical state drift is classified, proof-rooted, repair-actioned, and visible. |
| Organization permission authority | Gate 7 | access policy, org holdings, MCP/ChatGPT gates, Terminal permission UI | pending | Registry-derived roles, holdings, and read-license authority govern actions. |
| Organization permission authority | Gate 7 | `packages/btd/src/authority.ts`, BTD/API/MCP/ChatGPT App tests, sandbox harness authority evidence, Terminal Authority section, Gate 7 checker | drafted | Registry-derived roles, holdings, read-license authority, settlement, confirmation, and interface admission govern actions. |
| Commercial formalization | Gate 8 | packages/protocol, package tests, import scans, docs | pending | Demonstration-origin commercial internals are package-native and no runtime demo imports remain. |
| Terminal UX quality | Gate 9 | Playwright/Jest/a11y/responsive/browser QA | pending | Complete transaction cockpit is usable by default and inspectable in detail. |
| Promotion readiness | Gate 10 | promotion workflow, `.bitcode/v29-*`, `BITCODE_SPEC_V29_PROVEN.md` | pending | `version/v29` can promote to `main` only after all V29 checks pass. |
Expand All @@ -71,7 +71,8 @@ No `_legacy/` source is active source truth.
| Gate 3 wallet/BTC operation | `pnpm run check:v29-gate3` proves quote lifecycle, signer recovery, blocked readiness, API posture, and Terminal Wallet/BTC detail | drafted |
| Gate 4 Reading observability | `pnpm run check:v29-gate4` proves contract-aware Reading stream telemetry and Terminal rendering | drafted |
| Gate 5 AssetPack disclosure | `pnpm run check:v29-gate5` proves source-safe disclosure review, leakage detection, Terminal preview rendering, and PR title enforcement | drafted |
| Product implementation gates | Gates 6-9 close remaining Terminal transaction depth with tests and docs | pending |
| Gate 7 organization authority | `pnpm run check:v29-gate7` proves shared org/interface authority across BTD, API, MCP, ChatGPT App, harness, and Terminal | drafted |
| Product implementation gates | Gates 8-9 close remaining Terminal transaction depth with tests and docs | pending |
| Promotion gate | Gate 10 closes generated proof and promotion automation | pending |

## Gate 1 Parity
Expand Down Expand Up @@ -207,10 +208,37 @@ Gate 6 completion condition:

- `pnpm run check:v29-gate6` passes.
- Focused BTD, API, pipeline-hosts, and UAPI tests prove repair classification, conservation drift, proof roots, and Terminal repair visibility.
- Gate 5 does not implement organization authority beyond read-right state distinctions; Gate 7 owns registry-derived roles and holdings.
- Gate 5 does not add browser proof or full UX polish; Gate 9 owns that surface.
- Gate 5 does not add versioned API routes or source identifiers.

## Gate 5 completion condition

Gate 5 is complete when AssetPack disclosure review is package-owned, postprocess and sandbox harness evidence include source-safe disclosure review roots, protected-source leakage tests fail closed, Terminal renders the disclosure review through the Reading preview surface, gate PR title enforcement is active, focused package and UAPI tests pass, `check:v29-gate5` passes, CI invokes the checker and tests, docs name the implemented source surfaces, and the gate branch is committed and pushed for review into `version/v29`.

## Gate 7 Parity

Gate 7 closes the organization authority slice by making action permission a shared BTD decision instead of interface-local convention.

Accepted surfaces:

- `packages/btd/src/authority.ts` is the canonical organization/interface authority primitive for role checks, explicit grants, wallet binding, registry read access, settlement, explicit confirmation, repair approval, source visibility, and authority proof roots.
- `packages/api/src/routes/btd-crypto.ts` and `uapi/app/api/btd/organization-interface-authority/route.ts` expose JSON-safe authority decisions for application routes.
- `packages/executions-mcp/src/mcp-server/src/auth/middleware.ts` can require interface authority after existing permission and BTD read-access checks.
- `packages/chatgptapp/src/tools.ts` requires explicit confirmation, registry read-access evidence, and organization authority evidence before connected-interface writes.
- `packages/pipeline-hosts/src/asset-pack-harness.ts` stores and emits `organizationAuthority` beside settlement unlock and reconciliation evidence.
- `uapi/app/terminal/terminal-organization-authority.ts` and `TerminalTransactionOrganizationAuthorityCard.tsx` project the selected transaction into authority metrics, blockers, decision rows, proof roots, and raw payload.

Accepted failure states:

- Missing role, insufficient role, or missing explicit grant blocks authority.
- Missing wallet binding blocks fee payment, source unlock, and delivery when those actions require Reader wallet proof.
- Missing or denied registry read access blocks protected-source unlock and delivery.
- Pending settlement blocks protected-source visibility even when role evidence exists.
- Missing explicit confirmation blocks payment, delivery, repair, and administration actions that cross sensitive boundaries.
- Interfaces may deny actions even when the organization role could authorize them elsewhere.

Gate 7 completion condition:

- `pnpm run check:v29-gate7` passes.
- Focused BTD, API, MCP, ChatGPT App, pipeline-hosts, and UAPI tests prove organization holdings, active/expired/revoked license usage, paid delivery admission, unpaid denial, interface denial, connected-interface write gating, harness evidence, and Terminal visibility.
- Gate-quality CI invokes the Gate 7 checker and focused tests.
- Gate 7 does not add broad enterprise RBAC administration beyond Terminal transaction authority; later versions may deepen team policy authoring.
- Gate 7 does not reveal protected source before settlement and does not add versioned API routes or source identifiers.
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
"check:v29-gate4": "node scripts/check-v29-gate4-reading-pipeline-observability.mjs",
"check:v29-gate5": "node scripts/check-v29-gate5-assetpack-disclosure-rights.mjs",
"check:v29-gate6": "node scripts/check-v29-gate6-settlement-reconciliation-repair.mjs",
"check:v29-gate7": "node scripts/check-v29-gate7-organization-permission-authority.mjs",
"check:spec-quality": "node scripts/run-bitcode-spec-quality.mjs --mode basic",
"check:spec-quality:title": "node scripts/run-bitcode-spec-quality.mjs --mode strict-from-title",
"check:spec-quality:v24": "node scripts/run-bitcode-spec-quality.mjs --mode strict-version --version V24",
Expand Down
Loading
Loading