fix(post-merge): F# ZetaId Pack-time revalidation + fsharp-output.json rename + Crdt path + Aaron→human-maintainer per Copilot+Codex on PR #4548+#4549

[AceHack]

Summary

Post-merge cleanup PR addressing 5 actionable Copilot+Codex threads on PR #4548 (F# ZetaId 3rd peer oracle) and PR #4549 (trust-gradient archive). 1 known FP resolved no-op.

Findings + fixes

1. fs-output.json → fsharp-output.json (real bug, P1)

Copilot caught: tests/cross-verification/zeta-id/compare.ts line 4 reads fsharp-output.json. My F# test wrote fs-output.json. The comparer wouldn't see F# output. Fixed:

• Renamed tests/cross-verification/zeta-id/fs-output.json → tests/cross-verification/zeta-id/fsharp-output.json via git mv
• Updated test's outputPath in tests/Tests.FSharp/ZetaId/CrossVerifyTests.fs:123 to write to the correct filename

2. Pack-time revalidation defends Authority.Raw / Momentum.Raw DU bypass (real design issue, P1+P2)

Codex P1 + Copilot caught: F# DU cases (Authority.Raw of byte, Momentum.Raw of byte) are inherently public. Callers can write Authority.Raw 31uy directly, bypassing the Authority.raw smart-constructor validation. F# cannot fully hide DU cases cross-assembly without signature files.

Fix: Pack-time re-validation in src/Core.FSharp.ZetaId/Codec.fs — when packing, re-check Authority.Raw v for 5-bit-bounds + named-case-collision; re-check Momentum.Raw v for named-case-collision. Mirrors the C# safety guarantee (which lived in the sealed-record private-setter Raw constructor). Even if callers bypass Authority.raw, Pack throws on out-of-range or named-collision values.

3. Drop "Aaron" personal name from Types.fs (convention)

Copilot caught: src/Core.FSharp.ZetaId/Types.fs:35 had "Backlog (Aaron 2026-05-21)". Convention is role-refs only in current-state code. Changed to "Backlog (human maintainer 2026-05-21)".

4. src/Core/Crdt.fs not src/Core/Crdt/* (factual correction)

Copilot caught: memory/persona/amara/conversations/...-trust-gradient-...md:194,223 referenced src/Core/Crdt/* as if it were a directory. Actual repo state: src/Core/Crdt.fs (single file). Updated both references.

5. || table-pipe pattern at line 41 (KNOWN FP — no-op)

Copilot flagged || rendering as empty first column. Direct awk -v N=41 inspection shows single | at line start. This is the known-FP pattern documented in .claude/rules/blocked-green-ci-investigate-threads.md "Suspect-by-default Copilot finding classes" — Table double-pipe FP. Resolved no-op with reference to the rule.

Empirical verification

• dotnet build tests/Tests.FSharp/Tests.FSharp.fsproj -c Release succeeds 0 warnings 0 errors
• dotnet test --filter "FullyQualifiedName~CrossVerify" passes 12/12 (Pack-time revalidation does NOT change the canonical hex; only catches invalid construction paths)

Composes with rules

• .claude/rules/blocked-green-ci-investigate-threads.md — verify-before-fix discipline + known-FP pattern catalog
• .claude/rules/m-acc-multi-oracle-end-user-moral-invariants.md — F# safety guarantees match C# (multi-oracle parity at safety surface, not just at functional surface)
• .claude/rules/fsharp-anchor-dotnet-build-sanity-check.md — F# compiler verified clean post-fix

Composes with substrate

• PR feat(core-fsharp-zetaid): F# implementation as 3rd peer oracle — 12/12 cross-verify vectors match TS+C# canonical hex #4548 (F# ZetaId 3rd peer oracle) — this PR addresses Copilot+Codex post-merge findings
• PR persona(amara): fourth archive — trust-gradient COORDINATION POLICY + row-level CASPaxos/CASRaft tier + final 6-line keeper #4549 (trust-gradient coordination policy archive) — this PR addresses Copilot post-merge findings on Crdt path + table-pipe FP

Test plan

• Renamed output file via git mv (preserves history)
• Pack-time revalidation tested: 12/12 canonical vectors still pass
• Aaron→human-maintainer in Types.fs comment
• src/Core/Crdt.fs path corrected in 2 archive references
• Build clean 0 warnings 0 errors
• Branch landed off latest main (69481098 base)

[Copilot]

Pull request overview

Post-merge cleanup to keep the ZetaId cross-verification harness aligned across TypeScript/C#/F# and to harden F# packing against public DU-case construction bypasses, plus small doc/reference corrections.

Changes:

• Renames F# cross-verification output target to fsharp-output.json to match compare.ts.
• Adds Pack-time revalidation for Authority.Raw / Momentum.Raw to prevent bypassing smart-constructor validation.
• Replaces a personal-name attribution in F# comments with a role-ref, and corrects CRDT file-path references in a preserved memory archive.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tests/Tests.FSharp/ZetaId/CrossVerifyTests.fs	Write cross-verify output to fsharp-output.json (matches TS comparer expectations).
tests/cross-verification/zeta-id/fsharp-output.json	Renamed/updated canonical F# output JSON for the cross-verify directory.
src/Core.FSharp.ZetaId/Types.fs	Adjusts a comment to use a role-ref instead of a personal name.
src/Core.FSharp.ZetaId/Codec.fs	Adds Pack-time revalidation for Authority.Raw / Momentum.Raw to defend against DU-case bypass.
memory/persona/amara/conversations/2026-05-21-amara-aaron-trust-gradient-coordination-policy-not-consensus-hierarchy-row-level-caspaxos-casraft-tier-aaron-forwarded.md	Corrects CRDT substrate path references (src/Core/Crdt.fs).