RubyGems - textus - Versions diffs - 0.26.0 → 0.30.0 - Mend

textus 0.26.0 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

checksums.yaml +4 -4
data/ARCHITECTURE.md +118 -68
data/CHANGELOG.md +132 -0
data/README.md +61 -19
data/SPEC.md +107 -46
data/docs/conventions.md +4 -4
data/lib/textus/boot.rb +18 -12
data/lib/textus/builder/pipeline.rb +13 -12
data/lib/textus/call.rb +28 -0
data/lib/textus/cli/verb/audit.rb +1 -1
data/lib/textus/cli/verb/boot.rb +1 -1
data/lib/textus/cli/verb/build.rb +2 -2
data/lib/textus/cli/verb/doctor.rb +1 -1
data/lib/textus/cli/verb/hook_run.rb +2 -6
data/lib/textus/cli/verb/put.rb +5 -14
data/lib/textus/cli/verb/retain.rb +19 -0
data/lib/textus/cli/verb/rule_list.rb +1 -1
data/lib/textus/cli/verb.rb +6 -6
data/lib/textus/cli.rb +19 -23
data/lib/textus/container.rb +23 -0
data/lib/textus/dispatcher.rb +57 -0
data/lib/textus/doctor/check/audit_log.rb +1 -1
data/lib/textus/doctor/check/schema_violations.rb +1 -1
data/lib/textus/doctor/check/sentinels.rb +10 -8
data/lib/textus/doctor/check.rb +15 -5
data/lib/textus/doctor.rb +7 -7
data/lib/textus/domain/authorizer.rb +2 -2
data/lib/textus/domain/duration.rb +22 -0
data/lib/textus/domain/policy/refresh.rb +1 -15
data/lib/textus/domain/policy/retention.rb +26 -0
data/lib/textus/domain/retention.rb +44 -0
data/lib/textus/domain/sentinel.rb +9 -65
data/lib/textus/domain/staleness/generator_check.rb +46 -26
data/lib/textus/domain/staleness/intake_check.rb +18 -10
data/lib/textus/domain/staleness.rb +3 -3
data/lib/textus/{application/envelope → envelope/io}/reader.rb +6 -2
data/lib/textus/{application/envelope → envelope/io}/writer.rb +19 -11
data/lib/textus/hooks/context.rb +30 -13
data/lib/textus/hooks/event_bus.rb +8 -20
data/lib/textus/hooks/rpc_registry.rb +9 -35
data/lib/textus/hooks/signature.rb +31 -0
data/lib/textus/init.rb +7 -6
data/lib/textus/maintenance/key_delete_prefix.rb +36 -0
data/lib/textus/maintenance/key_mv_prefix.rb +46 -0
data/lib/textus/maintenance/migrate.rb +51 -0
data/lib/textus/maintenance/rule_lint.rb +56 -0
data/lib/textus/maintenance/zone_mv.rb +51 -0
data/lib/textus/maintenance.rb +15 -0
data/lib/textus/manifest/data.rb +9 -4
data/lib/textus/manifest/entry/base.rb +38 -18
data/lib/textus/manifest/entry/derived.rb +6 -6
data/lib/textus/manifest/entry/nested.rb +7 -9
data/lib/textus/manifest/entry/parser.rb +2 -2
data/lib/textus/manifest/entry/validators/events.rb +1 -1
data/lib/textus/manifest/entry/validators/format_matrix.rb +2 -2
data/lib/textus/manifest/entry/validators/index_filename.rb +1 -1
data/lib/textus/manifest/entry/validators/inject_boot.rb +4 -2
data/lib/textus/manifest/entry/validators/publish_each.rb +1 -1
data/lib/textus/manifest/entry/validators.rb +2 -2
data/lib/textus/manifest/entry.rb +0 -5
data/lib/textus/manifest/policy.rb +34 -7
data/lib/textus/manifest/rules.rb +10 -1
data/lib/textus/manifest/schema.rb +54 -4
data/lib/textus/manifest.rb +4 -8
data/lib/textus/mcp/server.rb +2 -11
data/lib/textus/mcp/session.rb +13 -20
data/lib/textus/mcp/tools.rb +2 -2
data/lib/textus/mcp.rb +1 -1
data/lib/textus/{infra → ports}/audit_log.rb +1 -1
data/lib/textus/{infra → ports}/audit_subscriber.rb +2 -2
data/lib/textus/{infra → ports}/build_lock.rb +1 -1
data/lib/textus/{infra → ports}/clock.rb +1 -1
data/lib/textus/{infra → ports}/publisher.rb +6 -6
data/lib/textus/{infra → ports}/refresh/detached.rb +3 -3
data/lib/textus/{infra → ports}/refresh/lock.rb +1 -1
data/lib/textus/ports/sentinel_store.rb +67 -0
data/lib/textus/ports/storage/file_stat.rb +19 -0
data/lib/textus/{infra → ports}/storage/file_store.rb +1 -1
data/lib/textus/projection.rb +91 -0
data/lib/textus/read/audit.rb +111 -0
data/lib/textus/read/blame.rb +81 -0
data/lib/textus/read/boot.rb +18 -0
data/lib/textus/read/deps.rb +24 -0
data/lib/textus/read/doctor.rb +19 -0
data/lib/textus/read/freshness.rb +101 -0
data/lib/textus/read/get.rb +66 -0
data/lib/textus/read/get_or_refresh.rb +69 -0
data/lib/textus/read/list.rb +15 -0
data/lib/textus/read/policy_explain.rb +42 -0
data/lib/textus/read/published.rb +15 -0
data/lib/textus/read/pulse.rb +89 -0
data/lib/textus/read/rdeps.rb +25 -0
data/lib/textus/read/retainable.rb +17 -0
data/lib/textus/read/schema_envelope.rb +16 -0
data/lib/textus/read/stale.rb +17 -0
data/lib/textus/read/uid.rb +20 -0
data/lib/textus/read/validate_all.rb +22 -0
data/lib/textus/read/validator.rb +84 -0
data/lib/textus/read/where.rb +16 -0
data/lib/textus/role_scope.rb +50 -0
data/lib/textus/schema/tools.rb +3 -3
data/lib/textus/store.rb +16 -7
data/lib/textus/version.rb +1 -1
data/lib/textus/write/accept.rb +86 -0
data/lib/textus/write/authority_gate.rb +24 -0
data/lib/textus/write/delete.rb +40 -0
data/lib/textus/write/intake_fetch.rb +23 -0
data/lib/textus/write/materializer.rb +48 -0
data/lib/textus/write/mv.rb +113 -0
data/lib/textus/write/publish.rb +66 -0
data/lib/textus/write/put.rb +45 -0
data/lib/textus/write/refresh_all.rb +44 -0
data/lib/textus/write/refresh_orchestrator.rb +102 -0
data/lib/textus/write/refresh_worker.rb +124 -0
data/lib/textus/write/reject.rb +54 -0
data/lib/textus/write/retention_sweep.rb +55 -0
data/lib/textus.rb +1 -2
metadata +62 -50
data/lib/textus/application/caps.rb +0 -49
data/lib/textus/application/context.rb +0 -34
data/lib/textus/application/maintenance/key_delete_prefix.rb +0 -44
data/lib/textus/application/maintenance/key_mv_prefix.rb +0 -57
data/lib/textus/application/maintenance/migrate.rb +0 -59
data/lib/textus/application/maintenance/rule_lint.rb +0 -65
data/lib/textus/application/maintenance/zone_mv.rb +0 -60
data/lib/textus/application/maintenance.rb +0 -17
data/lib/textus/application/projection.rb +0 -93
data/lib/textus/application/read/audit.rb +0 -106
data/lib/textus/application/read/blame.rb +0 -91
data/lib/textus/application/read/deps.rb +0 -34
data/lib/textus/application/read/freshness.rb +0 -110
data/lib/textus/application/read/get.rb +0 -75
data/lib/textus/application/read/get_or_refresh.rb +0 -63
data/lib/textus/application/read/list.rb +0 -25
data/lib/textus/application/read/policy_explain.rb +0 -47
data/lib/textus/application/read/published.rb +0 -25
data/lib/textus/application/read/pulse.rb +0 -101
data/lib/textus/application/read/rdeps.rb +0 -35
data/lib/textus/application/read/schema_envelope.rb +0 -26
data/lib/textus/application/read/stale.rb +0 -23
data/lib/textus/application/read/uid.rb +0 -30
data/lib/textus/application/read/validate_all.rb +0 -32
data/lib/textus/application/read/validator.rb +0 -86
data/lib/textus/application/read/where.rb +0 -26
data/lib/textus/application/use_case.rb +0 -22
data/lib/textus/application/write/accept.rb +0 -102
data/lib/textus/application/write/authority_gate.rb +0 -26
data/lib/textus/application/write/delete.rb +0 -45
data/lib/textus/application/write/materializer.rb +0 -49
data/lib/textus/application/write/mv.rb +0 -118
data/lib/textus/application/write/publish.rb +0 -96
data/lib/textus/application/write/put.rb +0 -49
data/lib/textus/application/write/refresh_all.rb +0 -63
data/lib/textus/application/write/refresh_orchestrator.rb +0 -102
data/lib/textus/application/write/refresh_worker.rb +0 -134
data/lib/textus/application/write/reject.rb +0 -62
data/lib/textus/session.rb +0 -84

data/lib/textus/manifest/entry/base.rb CHANGED Viewed

@@ -2,11 +2,10 @@ module Textus
   class Manifest
     class Entry
       class Base < Entry
-        attr_reader :raw, :key, :path, :zone, :schema, :owner, :format, :manifest, :publish_to
+        attr_reader :raw, :key, :path, :zone, :schema, :owner, :format, :publish_to
         # rubocop:disable Metrics/ParameterLists, Lint/MissingSuper
-        def initialize(manifest:, raw:, key:, path:, zone:, schema:, owner:, format:, publish_to: [])
-          @manifest = manifest
+        def initialize(raw:, key:, path:, zone:, schema:, owner:, format:, publish_to: [])
           @raw = raw
           @key = key
           @path = path
@@ -18,14 +17,14 @@ module Textus
         end
         # rubocop:enable Metrics/ParameterLists, Lint/MissingSuper
-        def zone_writers
-          @manifest.policy.zone_writers(@zone)
+        def zone_writers(policy)
+          policy.zone_writers(@zone)
         rescue UsageError => e
           raise UsageError.new("entry '#{@key}': #{e.message}")
         end
-        def in_generator_zone? = @manifest.policy.zone_kinds(@zone).include?(:generator)
-        def in_proposal_zone?  = @manifest.policy.zone_kinds(@zone).include?(:proposer)
+        def in_generator_zone?(policy) = policy.derived_zone?(@zone)
+        def in_proposal_zone?(policy)  = policy.queue_zone?(@zone)
         def nested?  = false
         def derived? = false
@@ -41,11 +40,32 @@ module Textus
         def publish_each   = nil
         def index_filename = nil
-        PublishContext = Struct.new(
-          :repo_root, :manifest, :file_store, :root, :caps, :rpc, :session, :ctx, :bus, :hook_context,
-          :reader, :emit, # callables: reader.call(key) → envelope; emit.call(event, **payload)
-          keyword_init: true
-        )
+        # Minimal context object passed into entry `publish_via` hooks.
+        # Everything beyond the three primitives is derived. Data.define
+        # instances are frozen, so we recompute per-call rather than
+        # memoizing — RoleScope/Hooks::Context construction is cheap.
+        PublishContext = ::Data.define(:container, :call, :reader) do
+          def manifest   = container.manifest
+          def root       = container.root
+          def repo_root  = File.dirname(container.root)
+          def events     = container.events
+          def hook_context
+            Textus::Hooks::Context.new(scope: scope_for_hooks)
+          end
+          def emit(event, **payload)
+            events.publish(event, ctx: hook_context, **payload)
+          end
+          private
+          def scope_for_hooks
+            Textus::RoleScope.new(
+              container: container, role: call.role, dry_run: call.dry_run,
+            )
+          end
+        end
         # Subclasses override to customize publish behavior.
         # Default: copy the stored file to each publish_to target.
@@ -59,12 +79,12 @@ module Textus
           publish_to.each do |rel|
             target_abs = File.join(pctx.repo_root, rel)
-            Textus::Infra::Publisher.publish(source: source_path, target: target_abs, store_root: pctx.root)
-            pctx.emit.call(:file_published,
-                           key: @key,
-                           envelope: envelope,
-                           source: source_path,
-                           target: target_abs)
+            Textus::Ports::Publisher.publish(source: source_path, target: target_abs, store_root: pctx.root)
+            pctx.emit(:file_published,
+                      key: @key,
+                      envelope: envelope,
+                      source: source_path,
+                      target: target_abs)
           end
           { kind: :built, value: { "key" => @key, "path" => source_path, "published_to" => publish_to } }

data/lib/textus/manifest/entry/derived.rb CHANGED Viewed

@@ -20,22 +20,22 @@ module Textus
         def external?   = @source.is_a?(External)
         def publish_via(pctx, prefix: nil) # rubocop:disable Lint/UnusedMethodArgument
-          return nil unless in_generator_zone?
+          return nil unless in_generator_zone?(pctx.manifest.policy)
-          target_path = Textus::Application::Write::Materializer.new(
-            ctx: pctx.ctx, caps: pctx.caps, rpc: pctx.rpc, session: pctx.session,
+          target_path = Textus::Write::Materializer.new(
+            container: pctx.container, call: pctx.call,
           ).run(self)
           envelope = pctx.reader.call(@key)
           Array(publish_to).each do |rel|
             target_abs = File.join(pctx.repo_root, rel)
-            Textus::Infra::Publisher.publish(source: target_path, target: target_abs, store_root: pctx.root)
-            pctx.emit.call(:file_published, key: @key, envelope: envelope, source: target_path, target: target_abs)
+            Textus::Ports::Publisher.publish(source: target_path, target: target_abs, store_root: pctx.root)
+            pctx.emit(:file_published, key: @key, envelope: envelope, source: target_path, target: target_abs)
           end
           src = @source
           selects = src.is_a?(Projection) ? Array(src.select).compact : []
-          pctx.emit.call(:build_completed, key: @key, envelope: envelope, sources: selects)
+          pctx.emit(:build_completed, key: @key, envelope: envelope, sources: selects)
           { kind: :built, value: { "key" => @key, "path" => target_path, "published_to" => publish_to } }
         end

data/lib/textus/manifest/entry/nested.rb CHANGED Viewed

@@ -1,5 +1,3 @@
-require_relative "validators/publish_each"
 module Textus
   class Manifest
     class Entry
@@ -37,7 +35,7 @@ module Textus
           return nil if @publish_each.nil?
           leaves = []
-          @manifest.resolver.enumerate(prefix: @key).each do |row|
+          pctx.manifest.resolver.enumerate(prefix: @key).each do |row|
             next unless row[:manifest_entry].equal?(self)
             next if prefix && !row[:key].start_with?(prefix) && row[:key] != prefix
@@ -49,12 +47,12 @@ module Textus
               )
             end
-            Textus::Infra::Publisher.publish(source: row[:path], target: target_abs, store_root: pctx.root)
-            pctx.emit.call(:file_published,
-                           key: row[:key],
-                           envelope: pctx.reader.call(row[:key]),
-                           source: row[:path],
-                           target: target_abs)
+            Textus::Ports::Publisher.publish(source: row[:path], target: target_abs, store_root: pctx.root)
+            pctx.emit(:file_published,
+                      key: row[:key],
+                      envelope: pctx.reader.call(row[:key]),
+                      source: row[:path],
+                      target: target_abs)
             leaves << { "key" => row[:key], "source" => row[:path], "target" => target_abs }
           end

data/lib/textus/manifest/entry/parser.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Textus
       module Parser
         COMPUTE_KINDS = %w[projection external].freeze
-        def self.call(manifest, raw)
+        def self.call(raw)
           key = raw["key"] or raise UsageError.new("manifest entry missing key")
           path = raw["path"] or raise UsageError.new("manifest entry '#{key}' missing path")
           zone = raw["zone"] or raise UsageError.new("manifest entry '#{key}' missing zone")
@@ -14,7 +14,7 @@ module Textus
           format = resolve_format(raw, path)
           common = {
-            manifest: manifest, raw: raw,
+            raw: raw,
             key: key, path: path, zone: zone,
             schema: raw["schema"], owner: raw["owner"],
             format: format,

data/lib/textus/manifest/entry/validators/events.rb CHANGED Viewed

@@ -3,7 +3,7 @@ module Textus
     class Entry
       module Validators
         module Events
-          def self.call(entry)
+          def self.call(entry, policy: nil) # rubocop:disable Lint/UnusedMethodArgument
             pubsub_events = Textus::Hooks::EventBus::EVENTS.keys
             events = entry.events
             events.each_key do |evt|

data/lib/textus/manifest/entry/validators/format_matrix.rb CHANGED Viewed

@@ -3,7 +3,7 @@ module Textus
     class Entry
       module Validators
         module FormatMatrix
-          def self.call(entry)
+          def self.call(entry, policy:)
             begin
               Textus::Entry.for_format(entry.format).validate_path_extension(entry.path, entry.nested?)
             rescue UsageError => e
@@ -17,7 +17,7 @@ module Textus
             has_template = !entry.template.nil?
             is_external  = entry.derived? && entry.external?
             is_intake    = entry.intake?
-            return unless entry.in_generator_zone? && !has_template && !is_external && !is_intake &&
+            return unless entry.in_generator_zone?(policy) && !has_template && !is_external && !is_intake &&
                           %w[markdown text].include?(entry.format) && !entry.nested?
             raise UsageError.new("entry '#{entry.key}': #{entry.format} entries in a generator zone require a template")

data/lib/textus/manifest/entry/validators/index_filename.rb CHANGED Viewed

@@ -3,7 +3,7 @@ module Textus
     class Entry
       module Validators
         module IndexFilename
-          def self.call(entry)
+          def self.call(entry, policy: nil) # rubocop:disable Lint/UnusedMethodArgument
             # Use raw to detect misuse on non-nested entries (typed attr stubs nil on Base).
             index_filename = entry.nested? ? entry.index_filename : entry.raw["index_filename"]
             return if index_filename.nil?

data/lib/textus/manifest/entry/validators/inject_boot.rb CHANGED Viewed

@@ -3,10 +3,12 @@ module Textus
     class Entry
       module Validators
         module InjectBoot
-          def self.call(entry)
+          def self.call(entry, policy:)
             return unless entry.inject_boot
-            raise UsageError.new("entry '#{entry.key}': inject_boot: is only valid on derived entries") unless entry.in_generator_zone?
+            unless entry.in_generator_zone?(policy)
+              raise UsageError.new("entry '#{entry.key}': inject_boot: is only valid on derived entries")
+            end
             return unless entry.template.nil?

data/lib/textus/manifest/entry/validators/publish_each.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Textus
           VAR_RE = /\{([a-z]+)\}/
           REQUIRED_DISCRIMINATOR_VARS = %w[leaf basename key].freeze
-          def self.call(entry)
+          def self.call(entry, policy: nil) # rubocop:disable Lint/UnusedMethodArgument
             # Use raw to detect misuse on non-nested entries (typed attr stubs nil on Base).
             publish_each = entry.nested? ? entry.publish_each : entry.raw["publish_each"]
             return if publish_each.nil?

data/lib/textus/manifest/entry/validators.rb CHANGED Viewed

@@ -10,8 +10,8 @@ module Textus
           FormatMatrix,
         ].freeze
-        def self.run_all(entry)
-          REGISTERED.each { |v| v.call(entry) }
+        def self.run_all(entry, policy:)
+          REGISTERED.each { |v| v.call(entry, policy: policy) }
           nil
         end
       end

data/lib/textus/manifest/entry.rb CHANGED Viewed

@@ -1,11 +1,6 @@
 module Textus
   class Manifest
     class Entry
-      # Re-exported for backward compatibility with callers that referenced these
-      # constants on Entry. Canonical source is the PublishEach validator.
-      PUBLISH_EACH_VARS = Validators::PublishEach::KNOWN_VARS
-      PUBLISH_EACH_VAR_RE = Validators::PublishEach::VAR_RE
       # Populated by each Entry::* subclass at load time.
       REGISTRY = {}
     end

data/lib/textus/manifest/policy.rb CHANGED Viewed

@@ -2,11 +2,13 @@ module Textus
   class Manifest
     # Authority over zones and roles derived from a Manifest::Data snapshot.
     # Encapsulates the lookups previously living on Manifest itself
-    # (zone_writers, zone_kinds, permission_for, role_kind, roles_with_kind).
+    # (zone_writers, permission_for, role_kind, roles_with_kind). Derived /
+    # proposal-queue status is authoritative via the declared-kind family
+    # (declared_kind, derived_zone?, queue_zone?, queue_zone), not inferred
+    # from writers.
     class Policy
       def initialize(data)
         @data = data
-        @zone_kinds_cache = {}
       end
       def zone_writers(zone_name)
@@ -25,11 +27,24 @@ module Textus
         )
       end
-      def zone_kinds(zone_name)
-        @zone_kinds_cache[zone_name] ||= zone_writers(zone_name).each_with_object(Set.new) do |w, acc|
-          k = role_kind(w)
-          acc << k if k
-        end.freeze
+      # The kind declared on a zone in the manifest, or nil if undeclared.
+      def declared_kind(zone_name)
+        @data.declared_zone_kinds[zone_name]
+      end
+      # The single zone declaring `kind: queue`, or nil. Schema guarantees <=1.
+      def queue_zone
+        @data.declared_zone_kinds.key(:queue)
+      end
+      # A zone is derived iff it declares kind: derived.
+      def derived_zone?(zone_name)
+        declared_kind(zone_name) == :derived
+      end
+      # A zone is a proposal queue iff it declares kind: queue.
+      def queue_zone?(zone_name)
+        declared_kind(zone_name) == :queue
       end
       def role_mapping
@@ -43,6 +58,18 @@ module Textus
       def roles_with_kind(kind)
         @data.role_mapping.each_with_object([]) { |(name, k), acc| acc << name if k == kind }
       end
+      # The zone a proposer role writes proposals into: the single zone that
+      # declares kind: queue, when the role can write it. Returns nil if there
+      # is no queue zone or the role cannot write it.
+      def propose_zone_for(role)
+        return nil if role.nil?
+        q = queue_zone
+        return nil unless q && zone_writers(q).include?(role)
+        q
+      end
     end
   end
 end

data/lib/textus/manifest/rules.rb CHANGED Viewed

@@ -51,7 +51,7 @@ module Textus
           @refresh = parse_refresh(raw["refresh"])
           @handler_allowlist = parse_handler_allowlist(raw["intake_handler_allowlist"])
           @promote = parse_promotion(raw["promotion"])
-          @retention = raw["retention"] # reserved — passthrough only
+          @retention = parse_retention(raw["retention"])
         end
         private
@@ -80,6 +80,15 @@ module Textus
           Textus::Domain::Policy::Promote.new(requires: Array(h["requires"]))
         end
+        def parse_retention(h)
+          return nil if h.nil?
+          Textus::Domain::Policy::Retention.new(
+            expire_after: h["expire_after"],
+            archive_after: h["archive_after"],
+          )
+        end
       end
     end
   end

data/lib/textus/manifest/schema.rb CHANGED Viewed

@@ -4,8 +4,14 @@ module Textus
       ROOT_KEYS    = %w[version roles zones entries rules audit].freeze
       ROLE_KEYS    = %w[name kind].freeze
       ROLE_KINDS   = %w[accept_authority generator proposer runner].freeze
-      ZONE_KEYS    = %w[name write_policy read_policy].freeze
-      ENTRY_KEYS   = %w[
+      ZONE_KEYS    = %w[name kind write_policy read_policy].freeze
+      ZONE_KINDS   = %w[origin quarantine queue derived].freeze
+      KIND_REQUIRES_ROLE_KIND = {
+        "derived" => "generator",
+        "queue" => "proposer",
+        "quarantine" => "runner",
+      }.freeze
+      ENTRY_KEYS = %w[
         key path zone kind schema owner nested format
         compute template publish_to publish_each
         intake events inject_boot index_filename
@@ -15,8 +21,9 @@ module Textus
       RULE_KEYS    = %w[match refresh intake_handler_allowlist promotion retention].freeze
       REFRESH_KEYS = %w[ttl on_stale sync_budget_ms fetch_timeout_seconds].freeze
       FETCH_TIMEOUT_SECONDS_CEILING = 3600
-      PROMOTION_KEYS = %w[requires].freeze
-      AUDIT_KEYS     = %w[max_size keep].freeze
+      PROMOTION_KEYS  = %w[requires].freeze
+      RETENTION_KEYS  = %w[expire_after archive_after].freeze
+      AUDIT_KEYS = %w[max_size keep].freeze
       def self.validate!(raw)
         raise BadManifest.new("manifest must be a hash") unless raw.is_a?(Hash)
@@ -28,11 +35,21 @@ module Textus
         validate_rules!(raw["rules"])
         walk(raw["audit"], AUDIT_KEYS, "$.audit") if raw["audit"].is_a?(Hash)
         validate_zone_writers_declared!(raw)
+        validate_single_queue!(raw)
+        validate_zone_kind_consistency!(raw)
       end
       def self.validate_zones!(zones)
         Array(zones).each_with_index do |z, i|
           walk(z, ZONE_KEYS, "$.zones[#{i}]")
+          if z["kind"].nil?
+            raise BadManifest.new("zone '#{z["name"]}' at '$.zones[#{i}]' must declare a kind (one of: #{ZONE_KINDS.join(", ")})")
+          end
+          next if ZONE_KINDS.include?(z["kind"])
+          raise BadManifest.new(
+            "unknown zone kind '#{z["kind"]}' at '$.zones[#{i}]' (known: #{ZONE_KINDS.join(", ")})",
+          )
         end
       end
@@ -54,6 +71,7 @@ module Textus
             validate_fetch_timeout!(r["refresh"]["fetch_timeout_seconds"], "#{path}.refresh.fetch_timeout_seconds")
           end
           walk(r["promotion"], PROMOTION_KEYS, "#{path}.promotion") if r["promotion"].is_a?(Hash)
+          walk(r["retention"], RETENTION_KEYS, "#{path}.retention") if r["retention"].is_a?(Hash)
         end
       end
@@ -115,6 +133,38 @@ module Textus
           raise BadManifest.new("unknown key '#{k}' at '#{path}'")
         end
       end
+      def self.validate_single_queue!(raw)
+        queues = Array(raw["zones"]).select { |z| z["kind"] == "queue" }.map { |z| z["name"] }
+        return if queues.size <= 1
+        raise BadManifest.new(
+          "at most one zone may declare kind: queue (found: #{queues.join(", ")})",
+        )
+      end
+      def self.validate_zone_kind_consistency!(raw)
+        mapping = role_kind_mapping(raw)
+        Array(raw["zones"]).each do |z|
+          required = KIND_REQUIRES_ROLE_KIND[z["kind"]] or next
+          writers  = Array(z["write_policy"])
+          next if writers.any? { |w| mapping[w] == required }
+          raise BadManifest.new(
+            "zone '#{z["name"]}' declares kind: #{z["kind"]} but no writer is a #{required} " \
+            "(writers: #{writers.join(", ")})",
+          )
+        end
+      end
+      # name => kind string, honouring an explicit roles: block or the default mapping.
+      def self.role_kind_mapping(raw)
+        if raw["roles"].nil?
+          RoleKinds::DEFAULT_MAPPING.transform_values(&:to_s)
+        else
+          Array(raw["roles"]).to_h { |r| [r["name"], r["kind"]] }
+        end
+      end
     end
   end
 end

data/lib/textus/manifest.rb CHANGED Viewed

@@ -6,10 +6,11 @@ module Textus
   #
   #   * data     — frozen value: raw, root, zones, entries, audit_config, role_mapping
   #   * resolver — resolves keys → entry + path
-  #   * policy   — zone/role authority (zone_writers, zone_kinds, permission_for, …)
+  #   * policy   — zone/role authority (zone_writers, declared_kind/derived_zone?/
+  #     queue_zone?, permission_for, …)
   #   * rules    — match-block rule engine (refresh, handler allowlist, promotion, …)
   #
-  # Use `manifest.data.entries`, `manifest.policy.zone_kinds(z)`, etc.
+  # Use `manifest.data.entries`, `manifest.policy.declared_kind(z)`, etc.
   Manifest = Data.define(:data, :resolver, :policy, :rules)
 end
@@ -43,17 +44,12 @@ module Textus # rubocop:disable Style/OneClassPerFile
       def build(raw, root)
         data = Manifest::Data.parse(raw, root: root)
-        composition = new(
+        new(
           data: data,
           resolver: Manifest::Resolver.new(data),
           policy: data.policy,
           rules: Manifest::Rules.parse(raw["rules"] || []),
         )
-        # Re-point entries' back-reference from Data to the composition
-        # record. Entries call `@manifest.policy.*` / `@manifest.resolver.*`
-        # at use time (see Entry::Base, Entry::Nested).
-        data.entries.each { |e| e.instance_variable_set(:@manifest, composition) }
-        composition
       end
       def check_version!(raw, source)

data/lib/textus/mcp/server.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 require "json"
-require "digest"
 module Textus
   module MCP
@@ -51,15 +50,7 @@ module Textus
       def handle_initialize(rid, _params)
         proposer = @store.manifest.policy.roles_with_kind(:proposer).first
-        propose_zone = nil
-        if proposer
-          @store.manifest.data.zones.each do |zname, writers|
-            if writers.include?(proposer) && zname.include?("review")
-              propose_zone = zname
-              break
-            end
-          end
-        end
+        propose_zone = @store.manifest.policy.propose_zone_for(proposer)
         @session = Session.new(
           role: @role,
@@ -107,7 +98,7 @@ module Textus
       end
       def manifest_etag
-        Digest::SHA256.hexdigest(File.read(File.join(@store.root, "manifest.yaml")))
+        @store.file_store.etag(File.join(@store.root, "manifest.yaml"))
       end
       def emit_result(rid, result)

data/lib/textus/mcp/session.rb CHANGED Viewed

@@ -1,31 +1,24 @@
 module Textus
   module MCP
-    # Per-connection state held by the server. Immutable; advance_cursor
-    # returns a new instance.
-    class Session
-      attr_reader :role, :cursor, :propose_zone, :manifest_etag
-      def initialize(role:, cursor:, propose_zone:, manifest_etag:)
-        @role = role
-        @cursor = cursor
-        @propose_zone = propose_zone
-        @manifest_etag = manifest_etag
-      end
-      def advance_cursor(new_cursor)
-        self.class.new(
-          role: @role, cursor: new_cursor,
-          propose_zone: @propose_zone, manifest_etag: @manifest_etag
-        )
-      end
+    # Per-connection state held by the server. Immutable Data value;
+    # advance_cursor returns a new instance via #with.
+    Session = Data.define(:role, :cursor, :propose_zone, :manifest_etag) do
+      def advance_cursor(new_cursor) = with(cursor: new_cursor)
       def check_etag!(observed_etag)
-        return if observed_etag == @manifest_etag
+        return if observed_etag == manifest_etag
         raise ContractDrift.new(
-          "manifest changed (was #{@manifest_etag[0, 8]}, now #{observed_etag[0, 8]}); re-run boot",
+          "manifest changed (was #{short_etag(manifest_etag)}, now #{short_etag(observed_etag)}); re-run boot",
         )
       end
+      private
+      # First 8 hex chars after the "sha256:" prefix — a stable short id for
+      # the drift diagnostic. Tolerates non-prefixed values (delete_prefix is
+      # a no-op when the prefix is absent).
+      def short_etag(etag) = etag.to_s.delete_prefix("sha256:")[0, 8]
     end
   end
 end

data/lib/textus/mcp/tools.rb CHANGED Viewed

@@ -17,11 +17,11 @@ module Textus
       end
       def ops_for(session, store)
-        store.session(role: session.role)
+        store.as(session.role)
       end
       REGISTRY = {
-        "boot" => ->(_s, store, _a) { Textus::Boot.run(Textus::Session.for(store)) },
+        "boot" => ->(_s, store, _a) { store.boot },
         "find" => lambda do |s, store, args|
           ops_for(s, store).list(zone: args["zone"], prefix: args["prefix"])

data/lib/textus/mcp.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 module Textus
   # The agent gate. Stdio JSON-RPC 2.0 server speaking MCP draft 2024-11-05.
-  # Wraps Textus::Session as auto-derived tools. See ADR 0015.
+  # Wraps Textus::RoleScope as auto-derived tools. See ADR 0015.
   module MCP
   end
 end

data/lib/textus/{infra → ports}/audit_log.rb RENAMED Viewed

@@ -3,7 +3,7 @@ require "json"
 require "time"
 module Textus
-  module Infra
+  module Ports
     class AuditLog
       DEFAULT_MAX_SIZE = 10_485_760
       DEFAULT_KEEP = 5

data/lib/textus/{infra → ports}/audit_subscriber.rb RENAMED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 module Textus
-  module Infra
+  module Ports
     # Writes an "event_error" audit row when a user hook raises during
     # Hooks::EventBus publish. Attached at Store boot.
     #
@@ -11,7 +11,7 @@ module Textus
     # event subscribers should be able to filter by key glob).
     #
     # Lifecycle audit rows for verb: "put" / "delete" / "rename" are written
-    # by Application::Envelope::Writer directly (it owns the
+    # by Envelope::IO::Writer directly (it owns the
     # audit-append-as-final-step invariant); this subscriber covers the
     # hook-failure case the writer never sees.
     class AuditSubscriber

data/lib/textus/{infra → ports}/build_lock.rb RENAMED Viewed

@@ -3,7 +3,7 @@ require "socket"
 require "time"
 module Textus
-  module Infra
+  module Ports
     class BuildLock
       LOCK_FILENAME = ".build.lock"
       MAX_HOLDER_BYTES = 512

data/lib/textus/{infra → ports}/clock.rb RENAMED Viewed

@@ -1,5 +1,5 @@
 module Textus
-  module Infra
+  module Ports
     module Clock
       module_function