From 90114f4bcfda9105602682acda1fb8041763885a Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Thu, 21 May 2026 12:15:50 -0400
Subject: [PATCH] =?UTF-8?q?fix(post-merge-amara-fsharp-zetaid):=20Pack-tim?=
 =?UTF-8?q?e=20revalidation=20defends=20Authority/Momentum.Raw=20DU=20bypa?=
 =?UTF-8?q?ss;=20rename=20fs-output.json=E2=86=92fsharp-output.json=20to?=
 =?UTF-8?q?=20match=20compare.ts;=20drop=20Aaron=20personal-name=20from=20?=
 =?UTF-8?q?Types.fs;=20correct=20src/Core/Crdt.fs=20path=20(not=20/Crdt/);?=
 =?UTF-8?q?=20per=20Copilot+Codex=20post-merge=20threads=20on=20PR=20#4548?=
 =?UTF-8?q?+#4549?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...l-caspaxos-casraft-tier-aaron-forwarded.md |  4 +--
 src/Core.FSharp.ZetaId/Codec.fs               | 33 +++++++++++++++++++
 src/Core.FSharp.ZetaId/Types.fs               |  2 +-
 tests/Tests.FSharp/ZetaId/CrossVerifyTests.fs |  3 +-
 .../{fs-output.json => fsharp-output.json}    |  0
 5 files changed, 38 insertions(+), 4 deletions(-)
 rename tests/cross-verification/zeta-id/{fs-output.json => fsharp-output.json} (100%)

diff --git a/memory/persona/amara/conversations/2026-05-21-amara-aaron-trust-gradient-coordination-policy-not-consensus-hierarchy-row-level-caspaxos-casraft-tier-aaron-forwarded.md b/memory/persona/amara/conversations/2026-05-21-amara-aaron-trust-gradient-coordination-policy-not-consensus-hierarchy-row-level-caspaxos-casraft-tier-aaron-forwarded.md
index 40781d4716..1c318aa7ed 100644
--- a/memory/persona/amara/conversations/2026-05-21-amara-aaron-trust-gradient-coordination-policy-not-consensus-hierarchy-row-level-caspaxos-casraft-tier-aaron-forwarded.md
+++ b/memory/persona/amara/conversations/2026-05-21-amara-aaron-trust-gradient-coordination-policy-not-consensus-hierarchy-row-level-caspaxos-casraft-tier-aaron-forwarded.md
@@ -191,7 +191,7 @@ The trust-gradient coordination policy IS Agora V6's Integrate-as-choice-locus d
 
 The Agora V6 operational primitives compose at distributed-coordination scope.
 
-### For the existing CRDT substrate (`src/Core/Crdt/*`)
+### For the existing CRDT substrate (`src/Core/Crdt.fs`)
 
 The CRDT substrate IS the algebra tier (no consensus). The trust-gradient coordination policy gives the architectural framing for when CRDTs are sufficient vs when escalation is needed:
 
@@ -220,7 +220,7 @@ The CRDT substrate IS the algebra tier (no consensus). The trust-gradient coordi
 - B-0683 (tier-deferred causality) — facts can be in superposition of coordination tiers
 - B-0687 (ZetaParse) — parser substrate stays at algebra tier (local DBSP retraction)
 - B-0688 (incremental compiler host) — full trust-gradient operates at compiler-fact-emission scope
-- `src/Core/Crdt/*` (existing CRDT substrate) — algebra tier; trust-gradient gives the framing for when escalation is needed
+- `src/Core/Crdt.fs` (existing CRDT substrate) — algebra tier; trust-gradient gives the framing for when escalation is needed
 - `src/Core/Consensus.fs` (existing consensus substrate; if exists) — CASPaxos/CASRaft tier substrate
 - Earlier Amara persona substrate cluster + Kestrel persona substrate cluster
 
diff --git a/src/Core.FSharp.ZetaId/Codec.fs b/src/Core.FSharp.ZetaId/Codec.fs
index 75f85050c8..1b474ba84c 100644
--- a/src/Core.FSharp.ZetaId/Codec.fs
+++ b/src/Core.FSharp.ZetaId/Codec.fs
@@ -47,6 +47,39 @@ module ZetaIdCodec =
         validateEnumField (byte obs.Category)   4 "Category"
         validateEnumField (byte obs.Firefly)    1 "Firefly"
 
+        // Re-validate Authority.Raw / Momentum.Raw at Pack time. F# DU cases
+        // are inherently public — callers can construct `Authority.Raw 31` directly,
+        // bypassing `Authority.raw` smart-constructor validation. Pack re-checks
+        // for named-case collision + Authority bounds. C# achieves the equivalent
+        // via sealed-record private setter; F# achieves it via re-validation here.
+        // Per Copilot + Codex post-merge thread on PR #4548.
+        match obs.Authority with
+        | Authority.Raw v ->
+            if v > 31uy then
+                raise (System.ArgumentOutOfRangeException(
+                    "obs", v :> obj,
+                    sprintf "ZetaObservation.Authority = Authority.Raw(%d) exceeds 5-bit Authority field (0..31). Use Authority.raw smart constructor (rejects this at construction) or named case." v))
+            if v = byte AuthorityValue.HumanVerified
+               || v = byte AuthorityValue.TrustedAgent
+               || v = byte AuthorityValue.Standard
+               || v = byte AuthorityValue.BestEffort
+               || v = byte AuthorityValue.Simulated then
+                raise (System.ArgumentOutOfRangeException(
+                    "obs", v :> obj,
+                    sprintf "ZetaObservation.Authority = Authority.Raw(%d) aliases a named case (round-trip unstable). Use the named Authority case directly, or Authority.raw smart constructor (rejects this at construction)." v))
+        | _ -> ()
+        match obs.Momentum with
+        | Momentum.Raw v ->
+            if v = byte MomentumValue.Background
+               || v = byte MomentumValue.Normal
+               || v = byte MomentumValue.Elevated
+               || v = byte MomentumValue.High
+               || v = byte MomentumValue.Critical then
+                raise (System.ArgumentOutOfRangeException(
+                    "obs", v :> obj,
+                    sprintf "ZetaObservation.Momentum = Momentum.Raw(%d) aliases a named case (round-trip unstable). Use the named Momentum case directly, or Momentum.raw smart constructor (rejects this at construction)." v))
+        | _ -> ()
+
         let mutable id = System.UInt128.Zero
         id <- setBits id layout.Version    (uint64 (byte obs.Version))
         id <- setBits id layout.Timestamp  (uint64 obs.Timestamp)
diff --git a/src/Core.FSharp.ZetaId/Types.fs b/src/Core.FSharp.ZetaId/Types.fs
index f1073e665b..0f6dd8c2f4 100644
--- a/src/Core.FSharp.ZetaId/Types.fs
+++ b/src/Core.FSharp.ZetaId/Types.fs
@@ -32,7 +32,7 @@ type Persona =
 
 /// Location field — 8 bits. Mirrors `src/Core.CSharp.ZetaId/Location.cs`.
 /// Codes 1-11 cover major regions across AWS / GCP / Azure / DigitalOcean.
-/// Backlog (Aaron 2026-05-21): registry/locations.yaml + provider-specific
+/// Backlog (human maintainer 2026-05-21): registry/locations.yaml + provider-specific
 /// mapping layer ships in a separate follow-up PR.
 type Location =
     | EastUsVa = 1uy          // AWS us-east-1, Azure East US, GCP us-east4
diff --git a/tests/Tests.FSharp/ZetaId/CrossVerifyTests.fs b/tests/Tests.FSharp/ZetaId/CrossVerifyTests.fs
index 57610e1873..e2ccb547e1 100644
--- a/tests/Tests.FSharp/ZetaId/CrossVerifyTests.fs
+++ b/tests/Tests.FSharp/ZetaId/CrossVerifyTests.fs
@@ -120,7 +120,8 @@ let ``cross-verify twelve vectors match TS+C# bootstrap hex`` () =
         if not roundtripOk then roundtripMismatches <- roundtripMismatches + 1
         if not matchesExpected then hexMismatches <- hexMismatches + 1
 
-    let outputPath = Path.Join(root, "tests", "cross-verification", "zeta-id", "fs-output.json")
+    // compare.ts reads `fsharp-output.json` (not `fs-output.json`) — match per Copilot #4548 thread
+    let outputPath = Path.Join(root, "tests", "cross-verification", "zeta-id", "fsharp-output.json")
     let options = JsonSerializerOptions(WriteIndented = true)
     let json = JsonSerializer.Serialize(results, options)
     File.WriteAllText(outputPath, json)
diff --git a/tests/cross-verification/zeta-id/fs-output.json b/tests/cross-verification/zeta-id/fsharp-output.json
similarity index 100%
rename from tests/cross-verification/zeta-id/fs-output.json
rename to tests/cross-verification/zeta-id/fsharp-output.json