instar 1.3.4 → 1.3.6

package/upgrades/side-effects/framework-issue-capture.md

@@ -0,0 +1,68 @@
+# Side-Effects Review — Stage-B auto-capture + funnel (Mentor System §19.2)
+
+**Spec:** `docs/specs/FRAMEWORK-ONBOARDING-MENTOR-SPEC.md` (converged 5 iters, approved by Justin)
+**Change:** Adds the Stage-B auto-capture entry point `FrameworkIssueLedger.captureRun()` + a
+`framework_capture_runs` funnel table + `captureStats()` + a read-only route
+`GET /framework-issues/capture-stats`. Builds on §19.1 (the ledger foundation, PR #405).
+**Files:** `src/monitoring/FrameworkIssueLedger.ts`, `src/server/routes.ts`,
+`src/server/CapabilityIndex.ts`, `tests/unit/FrameworkIssueLedger.test.ts`,
+`tests/integration/framework-issues-routes.test.ts`,
+`tests/e2e/framework-issue-ledger-lifecycle.test.ts`, `upgrades/NEXT.md`.
+
+## Principle check (Phase 1)
+
+Does this involve a decision point that gates info flow / blocks actions / constrains behavior?
+**No.** `captureRun()` is the write-path the mentor tick will call after forensics — it records
+findings and logs the run. It holds no blocking authority. The capture-stats route is read-only
+observability. Signal-only. The decision-bearing components (Stage A, the job, graduation) are
+§19.3–5.
+
+## The seven questions
+
+1. **Over-block.** None. `captureRun` writes whatever findings it's given (validated against the
+   same enum allowlists as `recordObservation`); it rejects only structurally-invalid findings
+   (bad bucket/severity), which is correct.
+
+2. **Under-block.** The funnel is the explicit guard against the under-detection failure mode it
+   exists for: a run that writes nothing is still logged, so an inert/broken writer (runs climbing,
+   observations flat) is visible. It does not *interpret* that signal (no alerting yet) — surfacing
+   is via the read-only route; an alert/threshold is a later concern (§19.5 observability surface),
+   not under-blocking here. There is still no public write route, so no untrusted-write surface.
+
+3. **Level-of-abstraction fit.** `captureRun` lives ON the ledger (not a separate DI component)
+   because better-sqlite3 has no nested transactions and the capture is a thin orchestration over
+   `recordObservation` + `suggestRegressions` + a run-log insert. One atomic entry point for the
+   tick to call is the right seam; a separate service would add wiring with no benefit.
+
+4. **Signal vs authority.** Compliant. `captureRun` writes signal; regression candidates are
+   *surfaced, never auto-linked* (the writer doesn't get to decide a regression — §13.5). Promotion
+   and graduation authority stay with the human (§6/§8).
+
+5. **Interactions.** `captureRun` calls `recordObservation` per finding (each its own txn — no
+   nested-transaction violation), then writes one `framework_capture_runs` row. Episode-collapsing
+   in `recordObservation` already prevents double-counting across runs, so re-observing the same
+   open issue next tick does not inflate `observationsWritten`. The funnel table is independent of
+   the issues/observations tables — no shadowing.
+
+6. **External surfaces.** One new read-only route (`/framework-issues/capture-stats`) behind the
+   standard Bearer middleware, added to the existing `frameworkIssues` CapabilityIndex entry (no
+   new prefix → no discoverability-classification gap). No agent-facing template change needed
+   beyond §19.1's. No timing/conversation-state dependence.
+
+7. **Rollback cost.** Low. Still dormant — no production caller until the mentor job (§19.4). The
+   `framework_capture_runs` table auto-creates at startup (idempotent `CREATE TABLE IF NOT EXISTS`)
+   and is harmless read-only data. Back-out = revert; the table can stay or be dropped.
+
+## Phase 5 — second-pass
+
+**Not required.** Read-only observability + a signal-only write-path; no block/allow, no
+session-lifecycle, nothing named sentinel/guard/gate/watchdog. The spec passed full convergence.
+
+## Testing
+
+- Tier 1 (unit, +6 = 28 total): captureRun writes findings + reports summary; **every run logged
+  to the funnel including a zero-finding run** (inert-writer guard); no double-count across runs;
+  regression candidates surfaced not auto-linked; per-framework funnel breakdown; enum guard.
+- Tier 2 (integration, +2 = 11 total): `/framework-issues/capture-stats` 503 + 200-with-funnel.
+- Tier 3 (e2e, +1 = 7 total): a real capture run surfaces in the funnel route on the live server.
+- Affected push-config suite (vs JKHeadley/main): 842 + 299 capability tests green, no regressions.

package/upgrades/side-effects/framework-issue-ledger.md

@@ -0,0 +1,102 @@
+# Side-Effects Review — FrameworkIssueLedger (Mentor System §19.1 foundation)
+
+**Spec:** `docs/specs/FRAMEWORK-ONBOARDING-MENTOR-SPEC.md` (converged 5 iters, approved by Justin)
+**Change:** New SQLite two-table issue ledger (`framework_issues` + `framework_observations`),
+two read-only HTTP routes (`/framework-issues`, `/framework-issues/playbook`), AgentServer
+startup instantiation, RouteContext wiring, CLAUDE.md template row + migrator section, NEXT.md.
+**Files:** `src/monitoring/FrameworkIssueLedger.ts` (new), `src/server/routes.ts`,
+`src/server/AgentServer.ts`, `src/scaffold/templates.ts`, `src/core/PostUpdateMigrator.ts`,
+`tests/unit/FrameworkIssueLedger.test.ts` (new), `tests/integration/framework-issues-routes.test.ts` (new),
+`tests/e2e/framework-issue-ledger-lifecycle.test.ts` (new), `tests/unit/feature-delivery-completeness.test.ts`,
+`upgrades/NEXT.md`.
+
+## Principle check (Phase 1)
+
+Does this involve a decision point that gates info flow / blocks actions / filters messages /
+constrains agent behavior? **No.** The ledger is a data store + read-only routes — it records
+observations (signal) and serves queries. It holds zero blocking authority. The decision-bearing
+parts of the mentor system (two-hats enforcement, assignment admission, graduation authority)
+are §19.3–5 and ship later. This PR is a data-model + observability change → **signal-only**,
+the correct posture per `docs/signal-vs-authority.md`.
+
+## The seven questions
+
+1. **Over-block — what legitimate inputs does this reject that it shouldn't?**
+   The routes reject unknown `framework` values (returns empty list, not an error) and invalid
+   `bucket`/`status` enums (400). An unknown framework returning empty is intentional (allowlist,
+   §17); it could surprise a caller who mistypes, but the response includes `knownFrameworks` so
+   the caller can self-correct. No legitimate data is rejected on write — `recordObservation`
+   accepts any framework string and creates the issue.
+
+2. **Under-block — what failure modes does this still miss?**
+   The ledger does not yet have a *writer* (Stage B auto-capture is §19.2), so today it only
+   accepts observations from in-process callers (the e2e test writes directly). There is no public
+   write route, so there is no untrusted-write surface to under-block. Secret-scanning of evidence
+   is pattern-based (api-key/JWT/Slack/GitHub/PEM shapes) — a novel secret format could slip
+   through; mitigated by the hard rule that evidence is an opaque reference, not log content, and
+   the length cap. The probable-loop flag is a heuristic (12 obs/hr) — a slow loop under that rate
+   won't trip it, but episode-collapsing already bounds recurrence inflation structurally.
+
+3. **Level-of-abstraction fit — right layer? smarter gate exists?**
+   Yes. It mirrors the established `TokenLedger` (read-only SQLite observability in
+   `src/monitoring/`) and reuses `CommitmentTracker`'s transactional-mutate discipline. It does
+   NOT duplicate FrameworkParitySentinel (renderings) — it records *behavior*, and §10 has the
+   sentinel feed it as an upstream signal in a later PR. No smarter gate exists for this data.
+
+4. **Signal vs authority compliance.**
+   Compliant. The ledger produces/serves signal; it never gates. `recordObservation` writes a
+   row; `listIssues`/`playbook` read. No method blocks, throttles, kills, or constrains. All
+   authority over what to do with an entry (ship a fix, promote to playbook `extracted`, advance
+   graduation) is reserved for the human per spec §6/§8 and lands in later PRs.
+
+5. **Interactions — shadow / double-fire / race with cleanup?**
+   - DB isolation: a dedicated `framework-issue-ledger.db` under `server-data/`, separate from
+     `token-ledger.db` — no shadowing of TokenLedger or its BurnDetector reads.
+   - Concurrency: WAL + `busy_timeout=5000` + a single SQLite transaction per write, with a
+     `UNIQUE(issue_id, episode_key)` index as the race guard (a concurrent duplicate episode insert
+     loses cleanly and is counted as already-recorded). Retention pruning runs inside the same txn.
+   - Startup: instantiated in the same `stateDir` guard block as TokenLedger; its own try/catch
+     means a ledger failure can't take down TokenLedger or server start.
+
+6. **External surfaces — visible to other agents/users/systems? timing/runtime deps?**
+   Two new read-only HTTP routes behind the standard Bearer middleware (verified by e2e: a
+   bearer-less request gets 401). New agents get one Registry-First row in CLAUDE.md; existing
+   agents get a migrator section (content-sniffed, idempotent). No Codex/Gemini shadow-marker
+   (developer-layer observability, not an end-user capability — tracked as a legacyMigratorSection
+   so the parity test stays green). No timing/conversation-state dependence.
+
+7. **Rollback cost — if wrong in production, what's the back-out?**
+   Low. The feature is dormant (no writer wired yet) and signal-only. Back-out = revert the PR;
+   the `framework-issue-ledger.db` file is harmless read-only observability data that can be left
+   on disk or deleted (nothing reads it except these routes). No data migration, no agent-state
+   repair. The routes fail-soft to 503 if the ledger is unavailable, so even a construction
+   failure degrades cleanly rather than breaking server start.
+
+## Phase 5 — second-pass
+
+**Not required.** The Phase-5 trigger list is block/allow decisions, session lifecycle,
+compaction, coherence/idempotency/trust gates, and anything named sentinel/guard/gate/watchdog.
+This change is none of those — it is a read-only observability ledger with no blocking authority.
+The decision-bearing components of the mentor system (which WILL trigger Phase 5) ship in §19.3–5.
+The spec itself already passed a 5-iteration adversarial/security/scalability/integration/lessons
+convergence before this build.
+
+## Testing
+
+All three tiers, shipped in this PR (no "routes now, migration later"):
+- Tier 1 (unit): 22 tests — CRUD, dedup false-merge resistance, episode collapsing, materialized
+  recurrence, impactScore + decay, regression auto-suggest, enum + SQL-injection-literal guard,
+  secret-scan redaction, retention pruning, playbook cross-framework semantics, clampLimit.
+- Tier 2 (integration): 9 tests — routes over the HTTP pipeline (503, 200, limit clamp, framework
+  allowlist, invalid-enum 400, playbook).
+- Tier 3 (e2e "feature is alive"): 5 tests — real AgentServer boot, DB auto-creates on production
+  init path, routes 200-not-503, written observation surfaces end-to-end, 401 without auth.
+- Full push-config suite (vs JKHeadley/main): 3362 tests green, no regressions.
+
+## Post-push CI fix
+
+CI shard 1/4 caught `capabilities-discoverability.test.ts`: every registered route prefix must be
+classified in `src/server/CapabilityIndex.ts` (the test reads routes.ts via regex, not import, so
+vitest's `--changed` graph didn't link it locally). Classified `/framework-issues` as a read-only
+observability capability (mirrors the `tokens` entry, `enabled: !!ctx.frameworkIssueLedger`). No
+behavioral change — surfaces the read-only routes in `/capabilities`. 322 capability tests green.