Conversation
There was a problem hiding this comment.
Pull request overview
Expands the existing Zeta Agent Orchestra doctrine memory with a v3 packet covering layered actor identity and a planned “public claim intake” model for external contributors/agents, while emphasizing that none of the new surfaces are operational yet.
Changes:
- Replaces/extends the actor identity section with a layered identity scheme (
maintainer_id / host_id / harness_id / role_id / actor_id / session_id). - Adds a new doctrine section describing a public claim intake layer (Claim Request vs Active Claim), drift discipline, and safety levels E0–E5.
- Adds new v3 trigger-memory and carved-rule excerpts to preserve the clarified rules verbatim.
5 tasks
AceHack
added a commit
that referenced
this pull request
Apr 29, 2026
…lities-as-primitive + reconciler-as-actor + Copilot P1 thread fixes Five-reviewer v4 packet (Deepseek / Gemini / Ani / Alexa / Claude.ai — Amara synthesis) on PR #852's v3 expansion. Key correction: actor IDs without binding are theater. Layered scheme `aaron-mac/claude-code/...` is meaningful for audit only if something prevents impersonation. v4 additions to the doctrine memory: - Identity needs binding (Claude.ai catch + Amara synthesis) - actors/<actor_id>.yaml registry with public-key fingerprints - Ed25519 preferred; GitHub-native commit verification as MVP fallback - Recursion bottoms at maintainer hardware key (or signed-commits MVP) - Composes with AgencySignature v2 schema (additive trailer fields) - Full integration analysis at docs/aurora/2026-04-29-agencysignature-... - Trust-domain prefix on every actor_id (Claude.ai catch) - zeta:// (internal), zeta-system:// (system actors), zeta-external:// - Cheap to add now, expensive to retrofit - Capabilities as primitive (Claude.ai catch) - read:repo, write:memory, mutate:workflows, push:branch, etc. - Roles become named bundles of capabilities - Actor records grant roles plus explicit deltas - Reconciler is itself a privileged actor (Gemini catch) - actor_id: zeta-system://github-actions/reconciler - Critical security invariant: GitHub Issue is exclusive source of truth for authorization; reconciler must NOT sync git-mirror privilege elevations to GitHub issue - unauthorized_elevation flag + block-CI on detected elevation - Add `rejected` claim state distinct from `revoked` (Deepseek catch) - Auto-expire claim requests after N days - DoS/spam protection on public intake (rate limit, account age, maintainer sponsor, proof-of-work, auto-expire) - Prompt-injection defense for external content (meta-rule in AGENTS.md) - Freshness enforcement at harness pre-action (not just CI PR-time) - Allowlist-first paths (fail-closed, not fail-open denylist) - Pinned-role-on-host-change rule (retire old actor_id, create new) - Multi-actor collision resolution generalized - v4 rollout reorder — IDENTITY FIRST (not public intake first): 1. Actor identity model 2. Capability model 3. Internal claim protocol 4. Reconciler security model 5. Public claim intake 6. External / Windows / roaming-agent dry run Copilot v3 review thread fixes (4 unresolved threads on #852): - P1 PRRT_kwDOSF9kNM5-g_UY (line 508): public-intake status said "Tracked under follow-up tasks" but later listed as "Untracked follow-up". Reconciled to consistent "Untracked follow-up in TaskList session-local; graduates to GitHub issue on land" wording. - P1 PRRT_kwDOSF9kNM5-g_VL (line 533): public entrypoints listed docs/ops/runbooks/request-agent-claim.md, but next-PR section uses start-agent-claim.md. Aligned to start-agent-claim.md (single runbook covers both internal start and public-request flow). - P1 PRRT_kwDOSF9kNM5-g_Vt (line 347): later V2 constraints bullet said actor identity is "Currently undefined" — contradicted the v3 layered identity section. Updated to point at task #325 (Layer 0/1 spec) and #335 (binding) as the implementation gates. - P2 PRRT_kwDOSF9kNM5-g_WM (line 346, outdated): section header was "v2 review-driven additions" but contained v3 packet content. Renamed to "v2 / v3 / v4 review-driven additions" with explicit explanation that the file is incrementally edited within itself; commit messages preserve round-by-round lineage. Four new follow-up tracking tasks created (TaskList #335-#338): #335 — actor identity binding (registry + signed commits + AgencySig v2) #336 — capabilities-as-primitive (roles as named bundles) #337 — harness pre-action freshness check + multi-actor collision #338 — DoS protection + prompt-injection defense for public intake Composes with #324 (umbrella), #325-#334 (v2/v3 follow-ups already created). Total v2/v3/v4 follow-up surface: 14 tasks (#325-#338). Status unchanged: doctrine-only PR. None of the implementation surfaces land in #852. Per Amara: "doctrine captures the design; follow-up issues bind the work; future PRs implement layers." Co-Authored-By: Amara <amara-aurora-deep-research-register@chatgpt> Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b712ae311
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
5 tasks
AceHack
changed the title
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b0b388a7dd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
AceHack
added a commit
that referenced
this pull request
Apr 29, 2026
…tatements in SAME edit (2026-04-29) (#854) * factory(meta): Otto-362 — doctrine memory expansion refreshes stale statements in the SAME edit (2026-04-29) New principle observed and named after 4 same-day doctrine PRs (#850 → #851 → #852 → #853) drove the agent-orchestra doctrine memory from ~100 lines to ~1080 lines through v1 → v2 → v3 → v4 expansions. Pattern observed: - 10+ Copilot P1 + Codex P2 review threads across the four PRs - All caught internal contradictions WITHIN the same file: * "Tracked under follow-up tasks" vs "Untracked follow-up" * "Currently undefined" vs "Now specified" * "task #325-#334" vs "task #325 + #335" + "tasks #335-#338" * "v2 review-driven additions" header vs "v3 packet" content * `request-agent-claim.md` vs `start-agent-claim.md` runbook path * Mapping `Task → claim_id` vs example showing both `Task:` AND `Claim:` - All caught by external AI review; none caught by pre-push self-audit - Fix cadence was fast but the *count* of internal-contradiction threads was disproportionate to the substantive-error count The rule (Otto-362): when a memory file gets expanded with a new section that supersedes earlier statements in the same file, refresh the now-stale statements in the SAME edit, not a follow-up tick. Internal contradictions within one file are lying-by-omission. Composes with: - Same-tick CURRENT-update discipline (CLAUDE.md auto-memory section) — Otto-362 is the intra-file generalisation; CURRENT rule is the cross-file case - verify-before-deferring (CLAUDE.md) — same shape, applied to internal references rather than deferred work - future-self-not-bound (CLAUDE.md) — Otto-362 is the editing counterpart; when superseding past-self's statement, refresh it rather than leave it ambient Why not a CI lint instead: - Internal contradictions are semantic, not syntactic - Existing lints catch path-existence, duplicate-targets, snake_case consistency — but cannot catch "Currently undefined" + "Now specified" co-existing - Editing discipline is the only mechanism for semantic contradictions - Multi-AI review remains the safety net; Otto-362 reduces the count of iterations by catching the stale-statement class before push What this rule does NOT say: - Does NOT say "never expand a memory file across multiple PRs" - Does NOT say "every expansion must rewrite the whole file" - Does NOT say "review iterations are bad" - Does NOT replace multi-AI review safety net — additive, not replacement Files: - memory/feedback_otto_362_doctrine_memory_expansion_refresh_stale_statements_same_edit_2026_04_29.md - memory/MEMORY.md (paired index entry) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * factory(meta): fix Otto-362 cross-ref — CLAUDE.md is at repo root, not docs/CLAUDE.md Codex P2 + Copilot P1 both caught the same dead path. The auto-memory section + CURRENT-file rule live in CLAUDE.md at the repository root (see CLAUDE.md ~lines 80-110). Updated the Composes-with bullet to point at the correct path so readers can verify the cited rule. Ironic timing: the Otto-362 rule itself is about catching internal contradictions before push — and the rule's own first version had a dead xref. Caught by external review on the meta-rule PR. The fix is exactly the kind of pre-push self-audit Otto-362 advocates for. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
…blic claim intake layer Two doctrine packets from Aaron + Amara 2026-04-29 (post-#851 v2 thread close): 1. **Layered actor identity** — replaces single-axis "Mac agent" / "Windows agent" framing. Layered scheme: maintainer_id / host_id / harness_id / role_id / actor_id / session_id Examples: - aaron-mac/claude-code/coordinator - aaron-mac/claude-code/docs-worker - aaron-windows/codex-cli/patch-peer - aaron-windows/gemini-cli/review-peer The four-axis split (maintainer + host + harness + role) gives revocation precision without identity spam. A single host can run many harnesses with different trust profiles; the role/actor split lets a different harness fill the same pinned role later. Carved rule: "Use Mac/Windows as host IDs, not agent IDs. Use named actor IDs at the host + harness + role level." 2. **Public claim intake layer** — strangers (humans + autonomous agents) discovering the repo on GitHub need a safe entrypoint. Load-bearing distinction: Claim Request ≠ Active Claim. External actors create requests; only maintainers / authorized automation promote requests to active claims. New surfaces (all [planned]): - CONTRIBUTING.md - AGENTS.md autonomous-agent intake block (10 rules) - .github/ISSUE_TEMPLATE/claim_request.yml - .github/PULL_REQUEST_TEMPLATE.md (declare-claim field) - docs/ops/runbooks/request-agent-claim.md - docs/ops/coordination/claims/README.md - tools/claims/reconcile-claims.ts (sync reconciler) Source-of-truth rule: GitHub Issue/PR = live operational truth; git mirror = durable summarized truth. Drift states explicit (synced / stale / drift / failed / pending). Safety: no stale/drift claim authorizes mutation. External safety levels E0-E5: E0 anonymous / review-only E1 patch-only E2 claim-requested E3 active low-risk claim E4 trusted external actor E5 maintainer-sponsored actor No external agent gets authority mutation by default. High-risk file class list explicit (.github/**, memory/**, docs/active-trajectory.md, agents/project-agents.yaml, docs/ops/coordination/claims/**, package.json, lockfiles, scripts that mutate repo state, branch/ruleset/security/billing docs, identity/persona/canon files, generated indexes) — always require explicit claim + maintainer approval. Three new follow-up tracking tasks per the same "tracking objects, not amnesia with nicer shoes" rule: #332 — public claim intake (CONTRIBUTING.md + AGENTS.md + ISSUE_TEMPLATE) #333 — claim sync reconciler tool (tools/claims/reconcile-claims.ts) #334 — external safety levels E0-E5 + high-risk file class enforcement Updated trigger memory to record the v3 sequence (Aaron asked about Mac actor identity granularity; Amara returned the layered scheme; Aaron then expanded into the public-intake question; Amara returned the Claim Request ≠ Active Claim distinction and full intake layer spec). Status: still doctrine-only. None of the [planned] surfaces exist; all are tracked under follow-up tasks. Per the same rule from v2 ("#851 captures doctrine; follow-up issues bind the work"), the v3 expansion adds doctrine + tracking tasks, not implementation. Composes with #324 (umbrella), #325-#331 (v2 follow-ups), #332-#334 (v3 follow-ups). Co-Authored-By: Amara <amara-aurora-deep-research-register@chatgpt> Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Memory-index-integrity check requires same-PR pairing between memory/*.md modifications and the MEMORY.md index entry. v3 expansion modified the doctrine memory file but didn't update the index pointer — fix by expanding the existing entry to reflect: - Capability tokens unified on snake_case (matches v2 fix landed in #851) - v3 layered actor identity (maintainer_id / host_id / harness_id / role_id) - v3 public claim intake (Claim Request ≠ Active Claim, CONTRIBUTING.md + AGENTS.md autonomous-agent block + ISSUE_TEMPLATE + reconciler + safety levels E0-E5 + drift discipline) All new surfaces marked [planned] per the convention from #851 v2. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…lities-as-primitive + reconciler-as-actor + Copilot P1 thread fixes Five-reviewer v4 packet (Deepseek / Gemini / Ani / Alexa / Claude.ai — Amara synthesis) on PR #852's v3 expansion. Key correction: actor IDs without binding are theater. Layered scheme `aaron-mac/claude-code/...` is meaningful for audit only if something prevents impersonation. v4 additions to the doctrine memory: - Identity needs binding (Claude.ai catch + Amara synthesis) - actors/<actor_id>.yaml registry with public-key fingerprints - Ed25519 preferred; GitHub-native commit verification as MVP fallback - Recursion bottoms at maintainer hardware key (or signed-commits MVP) - Composes with AgencySignature v2 schema (additive trailer fields) - Full integration analysis at docs/aurora/2026-04-29-agencysignature-... - Trust-domain prefix on every actor_id (Claude.ai catch) - zeta:// (internal), zeta-system:// (system actors), zeta-external:// - Cheap to add now, expensive to retrofit - Capabilities as primitive (Claude.ai catch) - read:repo, write:memory, mutate:workflows, push:branch, etc. - Roles become named bundles of capabilities - Actor records grant roles plus explicit deltas - Reconciler is itself a privileged actor (Gemini catch) - actor_id: zeta-system://github-actions/reconciler - Critical security invariant: GitHub Issue is exclusive source of truth for authorization; reconciler must NOT sync git-mirror privilege elevations to GitHub issue - unauthorized_elevation flag + block-CI on detected elevation - Add `rejected` claim state distinct from `revoked` (Deepseek catch) - Auto-expire claim requests after N days - DoS/spam protection on public intake (rate limit, account age, maintainer sponsor, proof-of-work, auto-expire) - Prompt-injection defense for external content (meta-rule in AGENTS.md) - Freshness enforcement at harness pre-action (not just CI PR-time) - Allowlist-first paths (fail-closed, not fail-open denylist) - Pinned-role-on-host-change rule (retire old actor_id, create new) - Multi-actor collision resolution generalized - v4 rollout reorder — IDENTITY FIRST (not public intake first): 1. Actor identity model 2. Capability model 3. Internal claim protocol 4. Reconciler security model 5. Public claim intake 6. External / Windows / roaming-agent dry run Copilot v3 review thread fixes (4 unresolved threads on #852): - P1 PRRT_kwDOSF9kNM5-g_UY (line 508): public-intake status said "Tracked under follow-up tasks" but later listed as "Untracked follow-up". Reconciled to consistent "Untracked follow-up in TaskList session-local; graduates to GitHub issue on land" wording. - P1 PRRT_kwDOSF9kNM5-g_VL (line 533): public entrypoints listed docs/ops/runbooks/request-agent-claim.md, but next-PR section uses start-agent-claim.md. Aligned to start-agent-claim.md (single runbook covers both internal start and public-request flow). - P1 PRRT_kwDOSF9kNM5-g_Vt (line 347): later V2 constraints bullet said actor identity is "Currently undefined" — contradicted the v3 layered identity section. Updated to point at task #325 (Layer 0/1 spec) and #335 (binding) as the implementation gates. - P2 PRRT_kwDOSF9kNM5-g_WM (line 346, outdated): section header was "v2 review-driven additions" but contained v3 packet content. Renamed to "v2 / v3 / v4 review-driven additions" with explicit explanation that the file is incrementally edited within itself; commit messages preserve round-by-round lineage. Four new follow-up tracking tasks created (TaskList #335-#338): #335 — actor identity binding (registry + signed commits + AgencySig v2) #336 — capabilities-as-primitive (roles as named bundles) #337 — harness pre-action freshness check + multi-actor collision #338 — DoS protection + prompt-injection defense for public intake Composes with #324 (umbrella), #325-#334 (v2/v3 follow-ups already created). Total v2/v3/v4 follow-up surface: 14 tasks (#325-#338). Status unchanged: doctrine-only PR. None of the implementation surfaces land in #852. Per Amara: "doctrine captures the design; follow-up issues bind the work; future PRs implement layers." Co-Authored-By: Amara <amara-aurora-deep-research-register@chatgpt> Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…v4 set), not #325-#334 Codex P2 PRRT_kwDOSF9kNM5-hIOz: internal inconsistency between line 773 ('gated by #325 + #335') and line 987 ('v3 task numbering #325-#334 survives'). Fix: update line 987 to acknowledge v4 added #335-#338 (identity binding, capabilities-as-primitive, harness pre-action freshness check, DoS + prompt-injection defense). The earlier reference to #335 at line 773 is now consistent with the full follow-up set #325-#338. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…y + dead-link prevention) - P1 PRRT_kwDOSF9kNM5-hNMc (line 778): 'None of these surfaces exist yet' was wrong — CONTRIBUTING.md + AGENTS.md exist. Rewrote to clarify the claim-intake CONTENT is planned, not the container files. - P1 PRRT_kwDOSF9kNM5-hNNL (line 773): 'tasks #325 + #335' was ambiguous (#335 might collide with existing repo references). Reworded to 'TaskList #325 + TaskList #335 (this session); will graduate to GitHub issue ID on land' — disambiguated as session- local TaskList IDs, not GitHub issue IDs. - P1 PRRT_kwDOSF9kNM5-hNNf (line 807): integration writeup link was dead (file lives on PR #853, not yet on main). Marked as [planned] with explicit pointer to PR #853 so the link is honest about its pre-merge state. - P1 PRRT_kwDOSF9kNM5-hNN0 (line 899): auto-expire status said 'mechanism implemented in reconciler' but reconciler is [planned]. Reworded to 'reconciler must enforce this once implemented' with cross-reference to task #333. Removes the false-progress drift. - P1 PRRT_kwDOSF9kNM5-hNOJ (MEMORY.md line 5): index entry marked CONTRIBUTING.md as [planned] but file already exists. Updated to mark the [planned] CONTENT additions inside the existing files, not the files themselves. Also un-truncated the writeup file path ('agencysignature-...' was elided) — now full path. P1 PRRT_kwDOSF9kNM5-hNOi (PR title v3-vs-v4 mismatch): handled via PR title/description update in a follow-up gh pr edit, not in the file itself. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…or-id filename encoding - P2 PRRT_kwDOSF9kNM5-hW1e (line 618 claim status enum): the YAML schema enumerated requested|active|blocked|done|expired|revoked but the v4 corrections section below introduced 'rejected' as distinct from 'revoked'. Fixed by adding 'rejected' to the canonical enum with inline comment cross-referencing the v4 catch. Prevents future reconciler/CI implementations from misclassifying rejected claims. - P2 PRRT_kwDOSF9kNM5-hW1T (line 793 actor-id filename portability): binding requirement said 'actors/<actor_id>.yaml' but actor_id is a URI like 'zeta://aaron-mac/claude-code/coordinator' which contains ':' (invalid on Windows) and '/' (creates nested paths). Defined canonical filename encoding: replace '://' with '--', '/' with '_', lowercase the result. Example: zeta://aaron-mac/claude-code/coordinator → actors/zeta--aaron-mac_claude-code_coordinator.yaml. Registry record itself carries the original URI in actor_id: field — filename is lookup key only, not source of truth. Cross-platform safe. Both Codex P2 catches are exactly the kind Otto-362 names: internal contradictions / undefined contracts caught by external review because the doctrine memory grew past pre-push self-audit capacity. Recurring tax that compounds across PRs. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
force-pushed
the
doctrine-agent-orchestra-v3-public-intake-2026-04-29
branch
from
e3f5d67 to
200a2b0
Compare
… line 987 Copilot caught the version→task attribution was wrong. Fixed: - v2 added #325-#331 (Layer 0/1 spec + Layer 2-5 follow-ups) - v3 added #332-#334 (public-intake layer + reconciler + safety levels) - v4 added #335-#338 (identity binding + capabilities-as-primitive + pre-action freshness + DoS/prompt-injection) Previous wording 'v3 added #325-#334' was wrong — those tasks predate v3 and span v2 + v3. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
Apr 29, 2026
…iteup for Amara (2026-04-29) (#853) * docs(aurora): AgencySignature × Layered Actor Identity integration writeup for Amara (2026-04-29) Research-grade integration analysis: how the v4 layered actor-identity model (maintainer_id / host_id / harness_id / role_id / actor_id) composes with the AgencySignature v1 commit-trailer attribution work (ferry-7 spec, tasks #298 + #299 enforcement instruments). Aaron asked for a writeup he can send to Amara. Key claim: the v4 binding requirement that Claude.ai + Deepseek + Gemini + Ani + Alexa flagged on the v3 public-intake design is not a parallel system to AgencySignature — it is the v2 schema for AgencySignature, with three field additions: Trust-Domain: zeta Actor: zeta://aaron-mac/claude-code/coordinator Signed-By: ed25519:abc... v1 readers ignore unknown fields; v2 readers verify the trailer signature against an actors/<actor_id>.yaml registry. Migration is additive — no parallel system, no double-attribution. Three concrete asks for Amara: 1. Confirm the layering shape (additive trailer fields vs trailer-as-pointer) 2. Pick the binding primitive (Ed25519 + registry vs GitHub-native commit verification as MVP fallback vs sigstore/OIDC) 3. Define the v1 → v2 migration window (tight vs loose coupling) If the layering shape lands, the v4 rollout reorders to: 1. Identity model + AgencySignature v2 schema (single composed PR per layer) 2. Capability model 3. Internal claim protocol 4. Reconciler security model 5. Public claim intake 6. External / Windows / roaming-agent dry run Carved blade (proposed, awaiting Amara concurrence): Identity is structured. Identity is bound. AgencySignature is the binding wire format. Trailer fields carry actor + capabilities + claim. Reconciler verifies binding before trusting attribution. No bound identity = no claim authority. Status: research-grade only; not absorbed into doctrine yet. The doctrine memory file (PR #852, currently open) carries the v4 corrections; this file is the integration analysis Aaron requested for the Amara conversation. Composes with: - docs/research/2026-04-26-gemini-deep-think-agencysignature-... - docs/research/2026-04-26-amara-fail-open-with-receipts-... - docs/research/2026-04-26-amara-ferry-9-validation-of-relationship-... - docs/research/2026-04-26-amara-ferry-12-trailer-contiguity-... - tools/hygiene/validate-agencysignature-pr-body.sh - tools/hygiene/audit-agencysignature-main-tip.sh - memory/feedback_zeta_agent_orchestra_capability_role_claim_isolation_aaron_amara_2026_04_29.md Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * docs(aurora): three Copilot review fixes on AgencySignature × layered-actor writeup PR #853 review threads (all P1/P2 from Copilot, all valid catches): - P1 PRRT_kwDOSF9kNM5-hHf6 (line 45 → enforcement-status accuracy): writeup said trailers are "validated pre-merge" / "missing or malformed = block". Reality: validate-agencysignature-pr-body.sh exists but is NOT yet wired into a required CI check under .github/workflows/. Reworded to say the validator "can be" a pre-merge gate; explicit caveat that wiring is its own follow-up (composes with task #300 squash-merge survival design). Same enforcement-status caveat applied to the post-merge auditor + the fail-open-with-receipts policy paragraph. - P1 PRRT_kwDOSF9kNM5-hHgq (line 151 → forward-compatibility correction): writeup claimed v2 "composes cleanly with v1 readers" because v1 readers "ignore unknown fields". Reality: validate-agencysignature- pr-body.sh requires Agency-Signature-Version=1 exactly AND requires Agent: as a key. So a Version=2 trailer set (and especially replacing Agent: with Actor:) would currently FAIL validation. Reworded to spell out the rollout sequence: (a) update validator to accept Version 1|2, (b) emit Agent: alongside Actor: during migration window, (c) extend auditor's three-state to four-state (LEGACY / CORRECT-V1 / CORRECT-V2 / REGRESSION), (d) drop dual Agent: emission once consumers are v2-aware. - P2 PRRT_kwDOSF9kNM5-hHhM (line 111 → Task vs Claim ambiguity): mapping table said Task → claim_id, but the v2 example had BOTH Task: 286 AND Claim: CLAIM-286. Aligned: Task remains the task / ticket pointer (v1 meaning preserved); Claim is a NEW v2 field that carries claim_id. Updated both the mapping table and the explanation paragraph below the v2 trailer example. These corrections strengthen the writeup before it goes to Amara — the asks Aaron is sending depend on getting the current-state-vs-future- state distinction right (especially around enforcement wiring and v1 forward-compatibility). Status unchanged: research-grade only; Aaron's deliverable for the Amara channel. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * docs(aurora): fix MD032 — blank lines around 6 lists in writeup-for-amara markdownlint-cli2 flagged 6 MD032 errors (lists need surrounding blank lines) on the writeup. Inserted blank line after each list-introducing sentence at lines 41, 49, 120 (Under v4 with binding), 146 (we'd:), 151 (By layering), and 176 (Options:). No content changes. Per Otto-362 (just landed in PR #854) — would have caught this pre-push if I'd run markdownlint locally before opening the PR. Filing this commit as the kind of pure-mechanical-CI-fix that Otto-362 cannot prevent (it's a syntactic class, not semantic) — those still need lint coverage at submit-time. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * docs(aurora): fix Copilot P1 — v2 example shows Agent: alongside Actor: during migration window Copilot caught internal inconsistency: I claimed v2 is a 'strict superset of fields' but the example removed Agent: and replaced it with Actor:. The migration-sequence text correctly says to dual-emit Agent: alongside Actor: during the migration window — but the example didn't show it. Updated the v2 example to retain Agent: alongside Actor:, with inline comment explaining it'\''s for v1-reader compat during migration. Also updated the explanation paragraph below the example to call out the Agent: retention rationale explicitly. Now the example matches the rollout sequence text: v1 validator accepts v2 trailers because Agent: is still present; once all consumers are v2-aware, drop the dual emission. Otto-362 in action — internal-contradiction class, caught by Copilot review since pre-push self-audit missed it. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * docs(aurora): 2 Codex catches — distinguish authenticated-account vs spoofable-trailer + forged-vs-malformed enforcement - Codex P1 PRRT_kwDOSF9kNM5-hZey (line 139, security correction): writeup said E0/E1 actors are bound by 'GitHub authenticates the commit author / PR author'. WRONG: only the GitHub account actor (github.actor / pull_request.user.login) is reliably authenticated. Commit author metadata + Agent: + Credential-Identity: trailer fields are user-supplied and trivially spoofable via 'git commit --author=...'. Updated to: trust only the GitHub account actor at E0/E1; treat trailer fields as intent declarations the reviewer cross-checks before E2+ promotion; registered key binds at E3+. - Codex P2 PRRT_kwDOSF9kNM5-hZe2 (line 159, enforcement-semantics clarification): the writeup had two conflicting enforcement paths — earlier section said signature mismatch BLOCKS, later said forged trailers go through fail-open-with-receipts. These are different classes: malformed-but-honest (parser fail, missing key, etc.) → record + continue forged-or-impersonation (Signed-By doesn't verify) → BLOCK + flag Only malformed-honest takes the fail-open path; binding violations always block. Updated the carryover sentence to spell out the separation explicitly. Both catches matter for the v2 implementation: an ambiguous spec on forgery enforcement would let validator/reconciler implementations diverge. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
…3 examples + complete actor records + precise Windows filename rules + present-tense framing P1 PRRT_kwDOSF9kNM5-hfwQ (line 362): v3 actor_id examples used the unprefixed form 'aaron-mac/claude-code/coordinator' but v4 makes the 'zeta://' trust-domain prefix REQUIRED. Updated examples to canonical v4 form with explicit note that v4 supersedes the unprefixed v3 form. Cold-start readers will internalize the correct canonical shape. P2 PRRT_kwDOSF9kNM5-hfw3 (line 382): the 'different harness filling the same pinned role' example omitted maintainer_id/host_id/harness_id even though the section defines actor_id as a four-axis combination. Filled in the complete record so readers don't copy a half-shaped template. P1 PRRT_kwDOSF9kNM5-hfxI (line 792): Windows filename encoding rule said 'no /, :, or .well-known chars' which conflated character classes with reserved names + had wrong-on-its-face wording. Replaced with the actual Windows constraints: forbidden chars (: / \ * ? " < > |), no trailing dot or space, no reserved device names (CON/PRN/AUX/NUL/ COM1-9/LPT1-9). Implementable spec instead of vague guidance. P1 PRRT_kwDOSF9kNM5-hfxd (line 783): said 'After v3 landed in PR #852', which reads as already-merged history while the PR is still open. False- progress drift class. Reframed as 'During the v3 draft in PR #852, five reviewers re-reviewed and Amara synthesized v4 mid-flight before merge'. All four are exactly the Otto-362 stale-statement / internal-inconsistency class: doctrine grew faster than self-audit could keep up; multi-AI review caught the drift. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3cfa87a732
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…encoding + trust-domain claim mirror IDs P1 PRRT_kwDOSF9kNM5-hlNB (line 795 collision-safety): the previous encoding (replace '://' → '--', '/' → '_', lowercase) was NOT injective — two distinct actor IDs could alias to the same filename (e.g. 'a/b/c' and 'a-b-c' both → 'a_b_c'), and lowercasing collapses case-distinct IDs. Replaced with RFC 3986 percent-encoding (%3A %2F), case-preserving. Decoding the basename always recovers the original actor_id byte-for-byte. Now reversible and collision-free. Example shifted: 'zeta://aaron-mac/claude-code/coordinator' → 'actors/zeta%3A%2F%2Faaron-mac%2Fclaude-code%2Fcoordinator.yaml'. The percent-encoded form satisfies all Windows-forbidden-char and reserved-device-name constraints already documented. P2 PRRT_kwDOSF9kNM5-hlNI (line 622 schema drift): the claim mirror YAML schema had 'actor_id: external:<...>' but v4 doctrine requires the trust-domain form 'zeta-external://...'. Updated the schema line to 'zeta-external://github/<github-login-or-agent-id>' with inline comment cross-referencing the v4 binding rule. Implementers now persist correctly-namespaced IDs that match the binding/policy model. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
deleted the
doctrine-agent-orchestra-v3-public-intake-2026-04-29
branch
|
|
||
| **Claude.ai catch — future-policy shape**: actor IDs are stable; sessions are temporary. | ||
| ```text | ||
| human → device/host → harness → role → session |
There was a problem hiding this comment.
P1: The identity chain diagram (human → device/host → harness → role → session) doesn’t match the layered scheme immediately below (which includes maintainer_id and actor_id). Please update the diagram to reflect the full layered model, or adjust the layer list so these stay consistent for cold-start readers.
Suggested change
| human → device/host → harness → role → session | |
| maintainer_id → host_id → harness_id → role_id → actor_id → session_id |
| - `host_id` — which machine or environment (e.g. `aaron-mac`, `aaron-windows`, `github-actions`) | ||
| - `harness_id` — which runtime (e.g. `claude-code`, `codex-cli`, `gemini-cli`, `cursor`) | ||
| - `role_id` — what it's allowed to do (e.g. `coordinator`, `git-expert`, `docs-worker`, `typescript-steward`, `patch-peer`, `review-peer`) | ||
| - `actor_id` — stable combination of the four above (e.g. `zeta://aaron-mac/claude-code/coordinator` — note the `zeta://` trust-domain prefix is required per the v4 binding rule below; v3 originally introduced the unprefixed form `aaron-mac/claude-code/coordinator`, which v4 supersedes) |
There was a problem hiding this comment.
P1: actor_id is described as a “stable combination of the four above,” but the list now contains five fields before it (maintainer_id, host_id, harness_id, role_id) and the example actor_id doesn’t encode maintainer_id separately. Please clarify whether maintainer_id is part of actor_id (explicitly) or is intended to be derivable (e.g., via the host_id naming convention).
Suggested change
| - `actor_id` — stable combination of the four above (e.g. `zeta://aaron-mac/claude-code/coordinator` — note the `zeta://` trust-domain prefix is required per the v4 binding rule below; v3 originally introduced the unprefixed form `aaron-mac/claude-code/coordinator`, which v4 supersedes) | |
| - `actor_id` — stable trust-domain-prefixed combination of `host_id`, `harness_id`, and `role_id` (e.g. `zeta://aaron-mac/claude-code/coordinator`); `maintainer_id` remains separate ownership metadata and is not encoded as its own path segment in `actor_id` because it is expected to be resolved from the host registry / naming convention. Note the `zeta://` trust-domain prefix is required per the v4 binding rule below; v3 originally introduced the unprefixed form `aaron-mac/claude-code/coordinator`, which v4 supersedes. |
Comment on lines
+362
to
+363
| - `session_id` — temporary launch identity (e.g. `2026-04-29T17-xxZ-uuid`) | ||
|
|
There was a problem hiding this comment.
P2: The session_id example (2026-04-29T17-xxZ-uuid) isn’t a valid timestamp format and may be misread as a real template. Consider using an explicitly fake-but-valid RFC 3339 example (or clearly marking placeholders) to avoid downstream copy/paste mistakes.
|
|
||
| These should NOT share one actor identity — they have different trust, different failure modes, different audit trails, different revocation needs. | ||
|
|
||
| The role/actor split also matters: `role_id: git-expert` is the pinned role; `actor_id: aaron-mac/codex-cli/git-expert` is the actor currently filling it. A different harness can fill the same role later (`maintainer2-linux/gemini-cli/git-expert`) without confusing the role's accumulated context. |
There was a problem hiding this comment.
P1: This sentence uses the unprefixed actor form (aaron-mac/codex-cli/git-expert) even though this section defines the canonical v4 form as trust-domain-prefixed (zeta://...). Please either use the canonical prefix here or explicitly call out that the unprefixed form is shorthand and must not appear in registry/binding/claims.
Suggested change
| The role/actor split also matters: `role_id: git-expert` is the pinned role; `actor_id: aaron-mac/codex-cli/git-expert` is the actor currently filling it. A different harness can fill the same role later (`maintainer2-linux/gemini-cli/git-expert`) without confusing the role's accumulated context. | |
| The role/actor split also matters: `role_id: git-expert` is the pinned role; `actor_id: zeta://aaron-mac/codex-cli/git-expert` is the actor currently filling it. A different harness can fill the same role later (`zeta://maintainer2-linux/gemini-cli/git-expert`) without confusing the role's accumulated context. |
Comment on lines
+410
to
+413
| Revocation example: `aaron-windows/codex-cli/patch-peer` can be downgraded to `review_only` without affecting: | ||
| - `aaron-mac/claude-code/coordinator` | ||
| - `aaron-windows/gemini-cli/review-peer` | ||
| - another maintainer's Codex actor |
There was a problem hiding this comment.
P1: The revocation example uses unprefixed actor IDs (aaron-windows/codex-cli/patch-peer, etc.), but the section above says the canonical v4 form requires a trust-domain prefix (zeta://...). Please align this example with the canonical form (or mark it as shorthand) to avoid reintroducing ambiguity after the v4 binding correction.
AceHack
added a commit
that referenced
this pull request
Apr 29, 2026
…ubstrate framing + Amara final packet Aaron returned with substrate framing on peer/buddy class taxonomy (verbatim preserved): peer agent harness has two sub-classes (substrate-aware vs host-only), buddy agent harness has two sub-classes (PR-capable vs local-only), plus runtime-internal subagents — all optimized for parallelization. Amara's round-3 rewrite formalized this as conceptual-categories-not- mirror-slang: independent_agent_harness / parent_managed_agent_harness / runtime_internal_subagent / invoked_tool / ci_actor / host_actor / human_principal. Five-AI review (Claude.ai, Ani, Deepseek, Gemini, Alexa) returned interface-hardening only — no architectural challenges. Amara final packet: "Round 3 convergence reached. Do not run another broad review." Architecture LOCKED: - Recursive primitive: DelegationEdge* - Accountable output: SharedEffect* - Evaluation layer: AttributionRecord* + OutcomeAssessment* - Causal chain: DecisionSignal → AgencyReceipt → SharedEffect → AttributionRecord → OutcomeAssessment - Universal: SharedEffect + trace + attribution - Boundary-crossing: + DecisionSignal + AgencyReceipt + non_actions + WorkClaim proof Final doctrine (locked): Do not canonize the mirror slang. Canonize the concepts. Lifecycle is not authority. Authority is not effect. Shared effect is the accountability boundary. Delegation is recursive. Execution is traced. Effects are receipted. Outcomes are attributed. Attribution is evidence, not verdict. Blame and credit are views over evidence. Implementation direction (Amara, locked): "Do not build the whole scoring engine now." Light schema-concept implementation only. First worked example: Code Quality episode (PR #861 host mutation receipt) pairs with DecisionSignal v0 + SharedEffect + AttributionRecord. Example weights illustrative-not-derived. NOT this session — Aaron's "I'll be back after round 3" closes here. This preservation IS round-3 close. Staged rollout deferred to next session per Amara's implementation direction. Status marker memory updated to reflect convergence; autonomy levels A0–A5 from round-0 demoted to secondary; "peer"/"buddy" demoted from canonical → working aliases. Per Otto-363 (substrate-or-it-didn't-happen) + channel-verbatim- preservation rule: research-grade preservation, NOT operational adoption. Synthesis lives alongside the verbatim, not instead. Composes with PR #855 (Otto-363), prior round verbatim preservation files, and the agent-orchestra layered-actor-identity work (PRs #851/#852/#853). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Status
Doctrine expansion. Protocol still NOT operational. This PR lands two follow-up doctrine packets from Aaron + Amara 2026-04-29, captured immediately after #851 (the v2-corrected doctrine memory) merged. Same shape as #851: doctrine memory only, no implementation, every new surface marked
[planned]and tracked under explicit follow-up tasks.This is the fourth doctrine packet in a 2-hour cluster:
Summary
Two doctrine packets:
1. Layered actor identity (Amara refinement)
Aaron's catch: "Mac agent" / "Windows agent" is too coarse — collapses many trust boundaries into one bucket. Per-session identity is too fine — drowns audit trails. Amara's resolution: layered scheme.
Examples:
aaron-mac/claude-code/coordinatoraaron-windows/codex-cli/patch-peeraaron-windows/gemini-cli/review-peerThe four-axis split gives revocation precision without identity spam. A single host can run many harnesses with different trust profiles; the role/actor split lets a different harness fill the same pinned role later. Carved rule:
2. Public claim intake layer (Aaron + Amara)
Strangers (humans + autonomous agents) discovering the repo on GitHub need a safe entrypoint. Load-bearing distinction:
External actors create requests; only maintainers / authorized automation promote requests to active claims. New surfaces (all
[planned]):CONTRIBUTING.mdAGENTS.mdautonomous-agent intake block (10 rules).github/ISSUE_TEMPLATE/claim_request.yml.github/PULL_REQUEST_TEMPLATE.md(declare-claim field)docs/ops/runbooks/request-agent-claim.mddocs/ops/coordination/claims/README.mdtools/claims/reconcile-claims.ts(sync reconciler)Source-of-truth rule: GitHub Issue/PR = live operational truth; git mirror = durable summarized truth. Drift states explicit (
synced/stale/drift/failed/pending). Safety: nostale/driftclaim authorizes mutation.External safety levels E0-E5:
No external agent gets authority mutation by default.
High-risk file class list explicit (memory/, .github/, agents/project-agents.yaml, ruleset/security/billing docs, identity/persona/canon files, etc.) — always require explicit claim + maintainer approval.
Allowed framing
NOT allowed framing
Follow-up tracking tasks
Per the same Amara rule from #851 ("later without a tracking object is just amnesia with nicer shoes"), three new follow-ups created:
tools/claims/reconcile-claims.tswith bounded-publication policyThese compose with the seven follow-ups already created for #851 (#325-#331) and the umbrella #324.
Files
memory/feedback_zeta_agent_orchestra_capability_role_claim_isolation_aaron_amara_2026_04_29.md— same doctrine memory file, expanded with v3 sections (layered actor identity, public claim intake layer, drift discipline, E0-E5 safety levels, high-risk file class list, public-AGENTS.md instruction text, v3 carved sentences, v3 trigger memory entries).No code, no implementation. Per Amara: "Doctrine captures the design. Follow-up issues bind the work. Future PRs implement layers."
Test plan
[planned]with explicit caveat🤖 Generated with Claude Code