V30 Gate 8: Protocol Telemetry And Proof Hooks#40
Conversation
Adds package-owned BTD protocol telemetry envelopes, source-safe telemetry records, and proof hooks for receipts, BTC fee states, ledger projections, source-to-shares proofs, and bridge-readiness posture. Exposes the JSON-safe /btd/protocol-telemetry boundary, documents Terminal consumption and V30 spec parity, wires the Gate 8 checker into gate quality, and covers the slice with focused BTD/API tests. Proof run: pnpm --filter @bitcode/btd typecheck; pnpm --filter @bitcode/btd test; pnpm --filter @bitcode/api build; pnpm --filter @bitcode/api exec jest --config jest.config.cjs --runTestsByPath src/routes/__tests__/btd-crypto.test.ts --runInBand; pnpm --dir uapi exec tsc --noEmit --pretty false; node scripts/check-v30-gate1-roadmap-and-gating.mjs --skip-branch-check through node scripts/check-v30-gate8-protocol-telemetry-proof-hooks.mjs; node scripts/check-bitcode-spec-family.mjs --version V30 --mode draft --current-target V29; node scripts/check-bitcode-canonical-inputs.mjs --current-target V29; node scripts/check-bitcode-canon-posture-drift.mjs --active-canon V29 --draft-target V30; git diff --check; git diff --cached --check.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0791894c1c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| for (const hook of proofHooks) { | ||
| if (!telemetryRoots.has(hook.telemetryRoot)) { | ||
| throw new Error('Protocol proof hook references a telemetryRoot not present in the envelope.'); |
There was a problem hiding this comment.
Validate proof hook subject against referenced telemetry record
The envelope validation only checks that each proofHook.telemetryRoot exists in the telemetry set, but it never verifies that the hook’s subjectKind/subjectId matches the referenced telemetry record. This allows constructing an admitted envelope where a hook claims one subject while binding to a different subject’s telemetry root, which breaks the typed replay/proof guarantees and can produce incorrect proof-admission journal data.
Useful? React with 👍 / 👎.
| if (SENSITIVE_METADATA_KEYS.has(key)) { | ||
| throw new Error(`Protocol telemetry metadata key is not source-safe: ${key}.`); |
There was a problem hiding this comment.
Reject sensitive metadata keys case-insensitively
Sensitive metadata key filtering is case-sensitive (SENSITIVE_METADATA_KEYS.has(key)), so keys like Secret, TOKEN, or PrivateKey bypass the blacklist. If their values do not match the regex patterns, these fields are accepted into source-safe telemetry even though they are semantically secret-bearing keys, which weakens the fail-closed source-safety contract.
Useful? React with 👍 / 👎.
Summary
Proof