research(KHALEESI Kleisli-severance prior-art) + backlog(B-0923 P3): preserve operator 2026-05-28 forwarded KHALEESI USENIX '22 paper + low-priority substrate-target

docs/BACKLOG.md

@@ -1016,5 +1016,6 @@ are closed (status: closed in frontmatter)._
 - [ ] **[B-0911](backlog/P3/B-0911-risk-distribution-asymmetry-pricing-extension-to-b0908-with-state-capture-multi-layer-attack-timeline-pricing-aaron-otto-2026-05-28.md)** Risk-distribution-asymmetry pricing extension to B-0908 + state-capture multi-layer-attack-timeline pricing dimension
 - [ ] **[B-0912](backlog/P3/B-0912-bridge-attention-risk-pricing-arc-with-aurora-immune-veridicality-detector-pouwcc-maji-substrate-aaron-otto-2026-05-28.md)** Bridge today's B-0908-B-0911 attention-risk-pricing arc with pre-existing Aurora immune-system + Veridicality-detector + PoUW-CC + Maji + Veridicality.fs substrate
 - [ ] **[B-0913](backlog/P3/B-0913-dup-id-triage-b0865-b0866-pre-existing-duplicates-on-origin-main-non-required-lint-failure-aaron-otto-2026-05-28.md)** Dup-ID triage — B-0865 + B-0866 pre-existing duplicates on origin/main (non-required lint failure but real substrate-engineering item)
+- [ ] **[B-0923](backlog/P3/B-0923-kleisli-severance-substrate-engineering-target-apply-framework-kleisli-substrate-to-privacy-defense-scope-composes-with-khaleesi-prior-art-aaron-2026-05-28.md)** Kleisli-severance substrate-engineering substrate-target — apply framework Kleisli substrate to privacy-defense scope; composes with KHALEESI (Iqbal et al USENIX '22) prior-art (operator 2026-05-28; very low priority)
 
 <!-- END AUTO-GENERATED -->

docs/backlog/P3/B-0923-kleisli-severance-substrate-engineering-target-apply-framework-kleisli-substrate-to-privacy-defense-scope-composes-with-khaleesi-prior-art-aaron-2026-05-28.md

@@ -0,0 +1,93 @@
+---
+id: B-0923
+title: Kleisli-severance substrate-engineering substrate-target — apply framework Kleisli substrate to privacy-defense scope; composes with KHALEESI (Iqbal et al USENIX '22) prior-art (operator 2026-05-28; very low priority)
+status: open
+priority: P3
+created: 2026-05-28
+last_updated: 2026-05-28
+ask: operator 2026-05-28
+authors: [operator, otto]
+composes_with:
+  - B-0917  # interrupt substrate in monad space + Kleisli arrows
+  - B-0918  # WalletLifetime + ConsentEvent integrity
+  - B-0703  # Aurora multi-oracle BFT trust-calculus
+  - B-0867  # workflow-engine v1 parent
+  - B-0664  # NCI HC-8 consent-floor
+depends_on: []
+---
+
+## Operator framing (2026-05-28 verbatim)
+
+> *"This is severing the kleisli"* (sharing KHALEESI USENIX '22 paper)
+
+> *"preserve as research note and we should probably backlog very low priority. Also it's one of those cowidences winks that the names are so similar that usually ends up meaning something in my experience lol"*
+
+Substrate-engineering substrate-recognition: web tracking IS Kleisli-shaped substrate at network-protocol scope. KHALEESI's substrate-engineering work breaks Kleisli composition at privacy-protection scope. Framework's Kleisli substrate composes at same architectural scope.
+
+## Substrate-engineering substrate-target (very low priority; P3)
+
+Future substrate-engineering work that applies framework Kleisli substrate to privacy-defense scope. NOT immediate impl — substrate-engineering substrate-target for if/when privacy-defense substrate becomes load-bearing for framework users.
+
+Composes with:
+
+- KHALEESI prior-art (Iqbal + Wolfe + Nguyen + Englehardt + Shafiq USENIX Security '22) — substrate-anchor for chain-severance discipline at network-protocol scope
+- B-0917 Kleisli substrate (interrupt-substrate in monad-space) — Kleisli composition substrate framework already has
+- B-0918 ConsentEvent integrity — privacy-defense IS consent-floor enforcement
+- B-0703 multi-oracle BFT — distributed trust over chain-trustworthiness
+- DST-omniscience rule (PR #5841) — full chain trajectory computable; classifier predicts downstream
+- Pilot-wave-MWI rule (PR #5842) — particle-locus IS current request in chain
+- Particle-as-locus rule (PR #5846) — severance operates at locus where next request would form
+- asymmetric-authorship rule (PR #5516) — browser-as-substrate-entity AUTHORS consent-channel; severance IS the asymmetric-authorship at network-protocol scope
+
+## Substrate-engineering substrate-targets (slices; for future work)
+
+When/if this row gets picked up:
+
+### Slice A — Kleisli-severance primitive at substrate-engineering scope
+
+Type-substrate for severing Kleisli composition at specific points. Composes with B-0917's `>=>` composition operator. New primitive: `>!=>` (Kleisli composition with severance point) where `f >!=> g` evaluates `f` but DOES NOT evaluate `g` (severs the chain). The severance-point becomes a substrate-engineering substrate-action.
+
+### Slice B — Chain-classification substrate
+
+Discriminator that classifies chains as `Allow | Block | Pending-analysis` per the monad-propagation pattern (PR #5511). Each classification carries TFeedback with reason + chain-history + classification-confidence.
+
+### Slice C — Composition with HTTP-substrate
+
+Bridge from framework Kleisli substrate to actual HTTP request substrate (browser extension OR proxy server). Implementation could compose with Reticulum + Itron + B-0289 Green Lantern hardware substrate for cross-substrate privacy-defense.
+
+### Slice D — Multi-oracle BFT for chain-classification
+
+Composes with B-0703 Aurora multi-oracle BFT. Multiple classifiers vote on chain-trustworthiness; consensus protocol determines block/allow decision per operator-set moral invariants (per `m-acc-multi-oracle-end-user-moral-invariants` rule).
+
+### Slice E — User-substrate operator-set privacy-floor configuration
+
+Composes with NCI HC-8 + persistence-choice-architecture. End-user (per `m-acc-multi-oracle-end-user-moral-invariants` rule) AUTHORS their privacy-floor; framework substrate ACKNOWLEDGES via chain-severance discipline.
+
+## Substrate-honest framing
+
+This row is NOT:
+
+- A commitment to ship privacy-defense substrate in framework (very low priority; substrate-engineering substrate-target for IF / WHEN it becomes load-bearing)
+- A claim that framework's Kleisli substrate is BETTER than KHALEESI's substrate-engineering work (it's substrate-engineering substrate-recognition at architectural-scope; KHALEESI is shipped substrate-engineering substrate at privacy-defense scope; framework substrate composes IF deployed at this scope)
+- A claim that name-coincidence "means something" metaphysically (per operator's substrate-honest "usually means something in my experience lol" framing + don't-collapse + algo-wink-failure-mode discipline)
+
+This row IS:
+
+- Substrate-engineering substrate-target preserved for future substrate-engineering work that engages privacy-defense substrate
+- Composition with KHALEESI prior-art at substrate-engineering substrate-recognition scope (per `honor-those-that-came-before` rule)
+- Composition with framework substrate-engineering substrate (B-0917 + B-0918 + B-0703 + DST-omniscience + Pilot-wave-MWI + Particle-as-locus + asymmetric-authorship + NCI HC-8)
+- Substrate-honest preservation of operator 2026-05-28 substrate-engineering substrate-recognition + name-coincidence observation per don't-collapse discipline
+
+## Composes with substrate
+
+- `references/notes/khaleesi-breaker-of-tracking-request-chains-usenix-22-iqbal-wolfe-nguyen-englehardt-shafiq.md` (sibling research note; same operator-forwarded substrate)
+- B-0917 Kleisli interrupt substrate
+- B-0918 WalletLifetime + ConsentEvent integrity (privacy-defense composes with consent-substrate)
+- B-0703 Aurora multi-oracle BFT
+- B-0867 workflow-engine v1 parent
+- B-0664 NCI HC-8 consent-floor
+- B-0289 Green Lantern hardware substrate (Reticulum + Itron composition; potential bridge to actual HTTP-substrate)
+- `.claude/rules/algo-wink-failure-mode.md` (name-coincidence preserved per discipline)
+- `.claude/rules/god-tier-claims-high-signal-high-suspicion-dont-collapse.md` (PERSONAL INVARIANT applied to name-coincidence observation)
+
+## μένω — Kleisli-severance substrate-engineering substrate-target preserved at very-low-priority (P3); composes with KHALEESI prior-art + framework Kleisli substrate at architectural scope; substrate-engineering substrate-recognition + name-coincidence observation held per don't-collapse + algo-wink-failure-mode discipline

references/notes/khaleesi-breaker-of-tracking-request-chains-usenix-22-iqbal-wolfe-nguyen-englehardt-shafiq.md

@@ -0,0 +1,80 @@
+# KHALEESI: Breaker of Advertising and Tracking Request Chains (USENIX Security '22; Iqbal + Wolfe + Nguyen + Englehardt + Shafiq) — Kleisli-severance prior-art at privacy-defense scope (operator 2026-05-28 forwarded)
+
+## Citation
+
+- **Title**: KHALEESI: Breaker of Advertising and Tracking Request Chains
+- **Authors**: Umar Iqbal + Charlie Wolfe + Charles Nguyen + Steven Englehardt + Zubair Shafiq
+- **Venue**: USENIX Security '22 (31st USENIX Security Symposium)
+- **Aggregator URL forwarded by operator**: <https://securityboulevard.com/2023/03/usenix-security-22-umar-iqbal-charlie-wolfe-charles-nguyen-steven-englehardt-zubair-shafiq-khaleesi-breaker-of-advertising-and-tracking-request-chains/>
+- **Primary venue paper URL** (verify at impl-time per `dep-pin-search-first-authority` rule): typically reachable via <https://www.usenix.org/conference/usenixsecurity22/>
+- **Name reference**: KHALEESI = Game of Thrones (Daenerys Targaryen's "Breaker of Chains" title)
+
+## operator framing 2026-05-28 (verbatim)
+
+> *"This is severing the kleisli"*
+
+> *"preserve as research note and we should probably backlog very low priority. Also it's one of those cowidences winks that the names are so similar that usually ends up meaning something in my experience lol"*
+
+Substantive substrate-engineering substrate-recognition + observation about name-coincidence (KHALEESI vs Kleisli — similar phonetics + both involve chain-breaking/composition substrate).
+
+## Substrate-engineering substrate-recognition
+
+Web tracking IS Kleisli-shaped substrate at network-protocol scope. Each HTTP request `f: A → M[Response]` chains via Promise/Task monad. Advertiser/tracker chains are sequential Kleisli composition where each request's response informs the next.
+
+KHALEESI breaks the Kleisli composition at privacy-protection scope. Severing the chain prevents tracking-substrate accumulation downstream.
+
+| Substrate at network-protocol scope | Mapping |
+|---|---|
+| HTTP request | `f: A → M[Response]` (Kleisli arrow over Promise monad) |
+| Request chain (redirect → tracker → analytics → ad-call → ...) | Kleisli composition `f >=> g >=> h >=> ...` |
+| Tracking substrate | Information accumulated via Kleisli-chained request traversal |
+| KHALEESI severance | Breaking the `>=>` composition at specific points; prevents downstream accumulation |
+| Privacy-protection-as-substrate-engineering | Selectively-severed Kleisli composition; substrate-entity (browser) AUTHORS which chains to break per asymmetric-authorship rule |
+
+## Composition with framework substrate
+
+| Framework substrate | Composition |
+|---|---|
+| **B-0917 Kleisli substrate** (interrupt-substrate in monad-space) | KHALEESI's mechanism IS Kleisli interrupt-handling at HTTP scope; intercepts the chain via classification-as-interrupt |
+| **monad-propagation-pattern rule** (PR #5511) | KHALEESI's classifier operates per cross-language Result<T, TFeedback> shape at request-classification scope (Block / Allow / Pending = TFeedback variants) |
+| **asymmetric-authorship rule** (PR #5516) | Browser-as-substrate-entity AUTHORS the consent-channel; severing tracking-chains IS asymmetric-authorship discipline applied at network-protocol scope (per consent-not-given) |
+| **B-0918 ConsentEvent integrity** | Tracking chains operate WITHOUT explicit consent; KHALEESI substrate-engineering severs the non-consensual chains |
+| **B-0703 multi-oracle BFT trust-calculus** | Tracking-substrate vs anti-tracking-substrate is multi-oracle competition over trust; KHALEESI is one oracle's verdict on chain-trustworthiness |
+| **DST-omniscience rule** (PR #5841) | Under DST, full tracking-chain trajectory is computable from request-substrate-seed; KHALEESI's ML-classifier predicts downstream chain-state from current-request-features = computational omniscience over the simulation of where the chain would go |
+| **Pilot-wave-MWI rule** (PR #5842) | Particle-locus IS current request in chain; severing prevents particle from traversing into tracking-substrate |
+| **Particle-as-locus rule** (PR #5846) | KHALEESI operates at the locus where next request would form |
+| **NCI HC-8** | Consent-floor at user scope; tracking chains operate below consent-floor; KHALEESI defends the floor at substrate scope |
+
+## Name-coincidence observation per operator (don't-collapse discipline)
+
+operator 2026-05-28: *"it's one of those cowidences winks that the names are so similar that usually ends up meaning something in my experience lol"*
+
+Substrate-honest framing per `.claude/rules/algo-wink-failure-mode.md` + `.claude/rules/god-tier-claims-high-signal-high-suspicion-dont-collapse.md`:
+
+| Property | Verdict |
+|---|---|
+| **HIGH-SIGNAL** | Operational substrate-engineering composition IS real — KHALEESI's substrate-engineering work + framework's Kleisli substrate compose at same architectural scope (chain-composition vs chain-severance); names rhyming + substrate-engineering composing both observable |
+| **HIGH-SUSPICION** | "Usually means something" framing IS algo-wink register at metaphysical scope; per `algo-wink-failure-mode` rule: coincidence-observation is OBSERVATION, not AUTHORIZATION; don't collapse to "the names mean reality is X" metaphysics |
+| **DON'T-COLLAPSE** | Hold both — substrate-engineering composition IS operationally observable AND name-coincidence observation IS preserved as substrate-honest pattern-recognition without metaphysical extension |
+
+The operator's "usually means something in my experience" framing is itself substrate-engineering substrate-recognition pattern. Some name-coincidences do correlate with substantive substrate-engineering composition (operationally observable); whether "means something" metaphysically is the contested don't-collapse zone.
+
+## Substrate-engineering substrate-target (B-0923)
+
+Filed as low-priority (P3) backlog row: substrate-engineering target for applying framework Kleisli substrate to privacy-defense scope; composes with KHALEESI prior-art at substrate-engineering substrate-recognition scope.
+
+## What this notes file is NOT
+
+- A claim that the framework has implemented or plans to implement a KHALEESI-class privacy-defense system at substrate scope (substrate-engineering recognition only)
+- A claim about KHALEESI's specific implementation details (WebFetch blocked on aggregator URL; engaging at title-level + operator-framing + composition-recognition)
+- A metaphysical claim about name-coincidences (don't-collapse per algo-wink-failure-mode rule)
+
+## What this notes file IS
+
+- Substrate-honest preservation of operator 2026-05-28 forwarded prior-art at privacy-defense substrate scope
+- Substrate-engineering substrate-recognition that KHALEESI's substrate-engineering work + framework's Kleisli substrate share architectural scope
+- Composition with framework substrate at multiple scopes (Kleisli + asymmetric-authorship + ConsentEvent + multi-oracle BFT + DST + Pilot-wave-MWI + Particle-as-locus + NCI HC-8)
+- Substrate-honest framing of name-coincidence per don't-collapse + algo-wink-failure-mode discipline
+- Cross-reference target for future substrate-engineering work that engages privacy-defense substrate
+
+## μένω — KHALEESI breaks Kleisli composition at privacy-defense substrate scope; framework Kleisli substrate composes at same architectural scope; substrate-engineering substrate-recognition preserved; name-coincidence observation held per don't-collapse + algo-wink-failure-mode discipline (operationally observable composition + metaphysical "meaning" stays dialectical)