alter-runtime 0.3.0__py3-none-any.whl

alter_runtime/adapters/household/compost/adapter.py

@@ -0,0 +1,81 @@
+"""Compost adapter (Eco-9) — EventBusSubscriber over MQTT, plate-tag filtered.
+
+Subscribes to ``tapo/temp_humid/+/state`` events on the in-process bus
+(republished by the household-bridge from Home-Assistant / Mosquitto).
+A device only participates in compost-trait derivation if its member-
+attested plate tag equals ``"compost"`` — declared at pairing time and
+read from the payload (``plate_tag`` / ``tag`` field).
+
+Per spec §5 raw temperature traces and pile location never leave the
+daemon; only the banded trait emits upward.
+"""
+
+from __future__ import annotations
+
+from typing import Any
+
+from alter_runtime.adapters.household._base import EventBusSubscriberBase
+from alter_runtime.adapters.household.compost.storage import CompostStorage
+from alter_runtime.adapters.household.compost.traits import CompostTraits
+from alter_runtime.config import DaemonConfig
+from alter_runtime.subscribers.bus import EventBus
+
+__all__ = ["CompostAdapter", "TAPO_TEMP_HUMID_TOPIC", "COMPOST_PLATE_TAG"]
+
+#: MQTT topic glob bridged onto the in-process bus.
+TAPO_TEMP_HUMID_TOPIC: str = "tapo/temp_humid/+/state"
+
+#: Member-attested plate tag that opts a sensor into compost-trait derivation.
+COMPOST_PLATE_TAG: str = "compost"
+
+
+class CompostAdapter(EventBusSubscriberBase):
+    """Compost (Eco-9) adapter."""
+
+    name: str = "compost"
+    subscribe_topics: tuple[str, ...] = (TAPO_TEMP_HUMID_TOPIC,)
+
+    def __init__(self, config: DaemonConfig, bus: EventBus) -> None:
+        super().__init__(config, bus)
+        self._storage = CompostStorage()
+        self._traits = CompostTraits()
+
+    async def handle_event(self, payload: Any) -> None:
+        """Filter on plate tag then persist a pile-core temperature sample.
+
+        Expected payload shape (best-effort)::
+
+            {
+                "device_id": "AA:BB:...",
+                "plate_tag": "compost",
+                "temp_c": 58.4,
+                "humidity_pct": 62.0,
+                "ts": "2026-..."
+            }
+        """
+        if not isinstance(payload, dict):
+            self._logger.debug("compost ignoring non-dict payload")
+            return
+        plate_tag = (payload.get("plate_tag") or payload.get("tag") or "").lower()
+        if plate_tag != COMPOST_PLATE_TAG:
+            # Spec §5 — only compost-tagged sensors feed the trait.
+            return
+        device_id = payload.get("device_id") or payload.get("mac")
+        temp_c = payload.get("temp_c") or payload.get("temperature_c")
+        ts = payload.get("ts") or payload.get("timestamp")
+        if not device_id or temp_c is None:
+            self._logger.debug(
+                "compost dropping incomplete tagged event keys=%s",
+                list(payload.keys()),
+            )
+            return
+
+        # TODO(eco-9): detect thermophilic excursions (≥55 °C ramps following
+        #   declared feed/turn events); cluster into seasonal cycles.
+        # TODO(eco-9): derive `soil_cycle_patience_band` from rolling 365-day
+        #   cycle-completion ledger; gate on ≥0.6 sensor uptime over 90 days.
+        # TODO(eco-9): jitter timestamps to ±15 min before any upward emit
+        #   (spec §3 — sub-hour granularity discarded).
+        # TODO(eco-9): emit trait band via self._traits once a cycle window
+        #   closes; current scaffold persists samples and stops.
+        await self._storage.record_sample(device_id=str(device_id), temp_c=float(temp_c), ts=ts)

alter_runtime/adapters/household/compost/storage.py

@@ -0,0 +1,75 @@
+"""Compost storage layer — local SQLite, mode 600."""
+
+from __future__ import annotations
+
+import asyncio
+import logging
+import sqlite3
+from pathlib import Path
+from typing import Any
+
+from alter_runtime.config import data_dir
+
+__all__ = ["CompostStorage", "DB_FILENAME"]
+
+logger = logging.getLogger("alter_runtime.adapters.household.compost.storage")
+
+DB_FILENAME: str = "compost.db"
+
+_SCHEMA: str = """
+CREATE TABLE IF NOT EXISTS pile_core_samples (
+    id          INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_id   TEXT    NOT NULL,
+    temp_c      REAL    NOT NULL,
+    ts          TEXT,
+    created_at  TEXT    NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_pile_samples_device
+    ON pile_core_samples (device_id);
+"""
+
+
+class CompostStorage:
+    """Async wrapper around a sqlite3 store for compost pile-core samples."""
+
+    def __init__(self, db_path: Path | None = None) -> None:
+        self._db_path = db_path or (data_dir() / DB_FILENAME)
+        self._lock = asyncio.Lock()
+        self._ensure_db()
+
+    @property
+    def db_path(self) -> Path:
+        return self._db_path
+
+    def _ensure_db(self) -> None:
+        self._db_path.parent.mkdir(parents=True, exist_ok=True, mode=0o700)
+        if not self._db_path.exists():
+            self._db_path.touch(mode=0o600, exist_ok=True)
+        else:
+            try:
+                self._db_path.chmod(0o600)
+            except OSError as exc:  # pragma: no cover
+                logger.warning("compost chmod 0o600 failed: %s", exc)
+        with sqlite3.connect(self._db_path) as conn:
+            conn.executescript(_SCHEMA)
+
+    async def record_sample(self, *, device_id: str, temp_c: float, ts: Any | None = None) -> None:
+        async with self._lock:
+            await asyncio.to_thread(self._insert_sample, device_id, temp_c, ts)
+
+    def _insert_sample(self, device_id: str, temp_c: float, ts: Any | None) -> None:
+        with sqlite3.connect(self._db_path) as conn:
+            conn.execute(
+                "INSERT INTO pile_core_samples (device_id, temp_c, ts) VALUES (?, ?, ?)",
+                (device_id, temp_c, str(ts) if ts is not None else None),
+            )
+            conn.commit()
+
+    async def sample_count(self) -> int:
+        return await asyncio.to_thread(self._sample_count_sync)
+
+    def _sample_count_sync(self) -> int:
+        with sqlite3.connect(self._db_path) as conn:
+            cur = conn.execute("SELECT COUNT(*) FROM pile_core_samples")
+            row = cur.fetchone()
+            return int(row[0]) if row else 0

alter_runtime/adapters/household/compost/tests/test_adapter.py

@@ -0,0 +1,62 @@
+"""Tests for CompostAdapter — plate-tag filter + sample persistence."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+import pytest
+
+from alter_runtime.adapters.household.compost.adapter import (
+    COMPOST_PLATE_TAG,
+    TAPO_TEMP_HUMID_TOPIC,
+    CompostAdapter,
+)
+from alter_runtime.adapters.household.compost.storage import CompostStorage
+from alter_runtime.config import DaemonConfig
+from alter_runtime.subscribers.bus import EventBus
+
+
+def test_constants_match_spec() -> None:
+    assert TAPO_TEMP_HUMID_TOPIC == "tapo/temp_humid/+/state"
+    assert COMPOST_PLATE_TAG == "compost"
+    assert TAPO_TEMP_HUMID_TOPIC in CompostAdapter.subscribe_topics
+
+
+async def test_adapter_persists_compost_tagged_event(
+    tmp_path: Path, monkeypatch: pytest.MonkeyPatch
+) -> None:
+    db_path = tmp_path / "compost.db"
+    monkeypatch.setattr(
+        "alter_runtime.adapters.household.compost.adapter.CompostStorage",
+        lambda: CompostStorage(db_path=db_path),
+    )
+    bus = EventBus()
+    adapter = CompostAdapter(config=DaemonConfig(), bus=bus)
+    await adapter.handle_event(
+        {
+            "device_id": "AA:BB:CC:DD:EE:11",
+            "plate_tag": "compost",
+            "temp_c": 58.4,
+            "ts": "2026-05-27T00:00:00Z",
+        }
+    )
+    assert await CompostStorage(db_path=db_path).sample_count() == 1
+
+
+async def test_adapter_drops_non_compost_tagged_event(
+    tmp_path: Path, monkeypatch: pytest.MonkeyPatch
+) -> None:
+    db_path = tmp_path / "compost.db"
+    monkeypatch.setattr(
+        "alter_runtime.adapters.household.compost.adapter.CompostStorage",
+        lambda: CompostStorage(db_path=db_path),
+    )
+    bus = EventBus()
+    adapter = CompostAdapter(config=DaemonConfig(), bus=bus)
+    # Tagged "bedroom" — must NOT persist, must NOT raise.
+    await adapter.handle_event(
+        {"device_id": "AA:BB:CC:DD:EE:22", "plate_tag": "bedroom", "temp_c": 20.0}
+    )
+    # No tag at all — also dropped.
+    await adapter.handle_event({"device_id": "X", "temp_c": 20.0})
+    assert await CompostStorage(db_path=db_path).sample_count() == 0

alter_runtime/adapters/household/compost/tests/test_storage.py

@@ -0,0 +1,23 @@
+"""Tests for compost SQLite storage — mode 600 + sample insert."""
+
+from __future__ import annotations
+
+import stat
+from pathlib import Path
+
+from alter_runtime.adapters.household.compost.storage import CompostStorage
+
+
+async def test_db_file_mode_is_600(tmp_path: Path) -> None:
+    db_path = tmp_path / "compost.db"
+    CompostStorage(db_path=db_path)
+    mode = stat.S_IMODE(db_path.stat().st_mode)
+    assert mode == 0o600, f"expected mode 0o600, got {oct(mode)}"
+
+
+async def test_record_sample_persists_row(tmp_path: Path) -> None:
+    db_path = tmp_path / "compost.db"
+    storage = CompostStorage(db_path=db_path)
+    assert await storage.sample_count() == 0
+    await storage.record_sample(device_id="AA:BB:CC:DD:EE:01", temp_c=58.4, ts=None)
+    assert await storage.sample_count() == 1

alter_runtime/adapters/household/compost/tests/test_traits.py

@@ -0,0 +1,38 @@
+"""Tests for compost trait emitter — Clause-4 banlist + band shape."""
+
+from __future__ import annotations
+
+import pytest
+
+from alter_runtime.adapters.household.compost.traits import (
+    CLAUSE_4_BANLIST,
+    BannedTraitKindError,
+    CompostTraits,
+)
+
+
+def test_banlist_contains_all_spec_kinds() -> None:
+    assert {"compost-failure-shame", "anaerobic-collapse-anxiety"}.issubset(CLAUSE_4_BANLIST)
+
+
+@pytest.mark.parametrize("banned_kind", sorted(CLAUSE_4_BANLIST))
+def test_banned_kinds_are_refused(banned_kind: str) -> None:
+    traits = CompostTraits()
+    with pytest.raises(BannedTraitKindError):
+        traits.emit(banned_kind, band="attuned")
+
+
+def test_soil_cycle_patience_band_emits() -> None:
+    traits = CompostTraits()
+    emission = traits.emit_soil_cycle_patience_band("90-365d")
+    assert emission.kind == "soil_cycle_patience_band"
+    assert emission.band == "90-365d"
+    assert emission.provenance == "passive_local_sensor"
+    assert emission.stream == "compost"
+
+
+def test_long_horizon_stewardship_emits() -> None:
+    traits = CompostTraits()
+    emission = traits.emit_long_horizon_stewardship("deeply-attuned")
+    assert emission.kind == "long_horizon_stewardship"
+    assert emission.band == "deeply-attuned"

alter_runtime/adapters/household/compost/traits.py

@@ -0,0 +1,79 @@
+"""Compost trait band emitters (Eco-9) with Clause-4 banlist enforcement.
+
+Trait floor (spec §4):
+
+* ``compost_steward_active`` (boolean band)
+* ``soil_cycle_patience_band`` (``{< 30d, 30-90d, 90-365d, > 365d-multi-cycle}``)
+* ``long_horizon_stewardship`` (``{absent, emerging, attuned, deeply-attuned}``)
+
+Clause-4 banlist (spec §11):
+
+* ``compost-failure-shame``
+* ``anaerobic-collapse-anxiety``
+"""
+
+from __future__ import annotations
+
+import logging
+from typing import Literal
+
+from pydantic import BaseModel, Field
+
+__all__ = [
+    "CLAUSE_4_BANLIST",
+    "BannedTraitKindError",
+    "CompostTraitEmission",
+    "CompostTraits",
+    "LongHorizonBand",
+    "SoilCyclePatienceBand",
+]
+
+logger = logging.getLogger("alter_runtime.adapters.household.compost.traits")
+
+CLAUSE_4_BANLIST: frozenset[str] = frozenset(
+    {
+        "compost-failure-shame",
+        "anaerobic-collapse-anxiety",
+    }
+)
+
+SoilCyclePatienceBand = Literal["<30d", "30-90d", "90-365d", ">365d-multi-cycle"]
+LongHorizonBand = Literal["absent", "emerging", "attuned", "deeply-attuned"]
+
+
+class BannedTraitKindError(RuntimeError):
+    """Raised when a caller requests a Clause-4-banned trait kind."""
+
+
+class CompostTraitEmission(BaseModel):
+    kind: str = Field(description="Trait kind, e.g. 'soil_cycle_patience_band'")
+    band: str = Field(description="The banded label (never numeric)")
+    provenance: str = Field(default="passive_local_sensor")
+    stream: str = Field(default="compost")
+
+
+class CompostTraits:
+    """Compost trait emitter with Clause-4 banlist enforcement."""
+
+    def emit(self, kind: str, band: str) -> CompostTraitEmission:
+        self._refuse_if_banned(kind)
+        # TODO(clause-3-identity-income): return/x402 hook attaches here per
+        #   D-PROV-1 + clause-3 ratification.  Each emission upward is the
+        #   point at which Identity-Income return-flow is metered.  Hook
+        #   implementation lives outside this scaffold pass.
+        return CompostTraitEmission(kind=kind, band=band)
+
+    def emit_soil_cycle_patience_band(self, band: SoilCyclePatienceBand) -> CompostTraitEmission:
+        return self.emit("soil_cycle_patience_band", band)
+
+    def emit_long_horizon_stewardship(self, band: LongHorizonBand) -> CompostTraitEmission:
+        return self.emit("long_horizon_stewardship", band)
+
+    def emit_compost_steward_active(self, active: bool) -> CompostTraitEmission:
+        return self.emit("compost_steward_active", "active" if active else "inactive")
+
+    @staticmethod
+    def _refuse_if_banned(kind: str) -> None:
+        if kind in CLAUSE_4_BANLIST:
+            logger.warning("compost refusing Clause-4-banned trait kind=%s", kind)
+            raise BannedTraitKindError(f"trait kind {kind!r} is Clause-4 banned for compost")

alter_runtime/adapters/household/self_hoster/__init__.py

@@ -0,0 +1,30 @@
+"""Self-hoster digital-stewardship adapter (Eco-15).
+
+Polls OWN host every 6 hours (degenerate-LAN; reads its own filesystem
++ systemd D-Bus).  Five banded sub-traits: ``os_update_discipline``,
+``backup_cadence``, ``self_hosted_service_breadth``, ``tls_hygiene``,
+``uptime_steward``.
+
+Member-authored allowlists at pairing (services / backup-repo paths /
+LE cert dirs) — those choices stay LOCAL, never surfaced upward.
+
+Spec: ``phase2-wave2-stub-specs-pack-2026-05-27.md`` §6.
+"""
+
+from alter_runtime.adapters.household.self_hoster.adapter import (
+    AllowlistViolationError,
+    SelfHosterAdapter,
+    SelfHosterAllowlists,
+)
+from alter_runtime.adapters.household.self_hoster.traits import (
+    CLAUSE_4_BANLIST,
+    SelfHosterTraits,
+)
+
+__all__ = [
+    "AllowlistViolationError",
+    "CLAUSE_4_BANLIST",
+    "SelfHosterAdapter",
+    "SelfHosterAllowlists",
+    "SelfHosterTraits",
+]

alter_runtime/adapters/household/self_hoster/adapter.py

@@ -0,0 +1,248 @@
+"""Self-hoster adapter (Eco-15) — PassiveLanPoller, own-host only.
+
+Polls the LOCAL host every 6 hours.  Reads:
+
+* systemd D-Bus ``org.freedesktop.systemd1`` for unit list + uptime
+* package-manager metadata (``pacman`` / ``apt`` / ``opkg``) for last
+  update time
+* backup snapshot directories (restic / borg / kopia) for last-snapshot
+  mtime
+* Let's Encrypt cert dirs (``/etc/letsencrypt/live/*/cert.pem``) for
+  renewal compliance
+* OpenWrt ``/usr/lib/opkg/info`` when running on OpenWrt
+
+All five inputs are gated on member-authored allowlists declared at
+pairing time (services / backup repos / cert dirs).  The adapter never
+walks the filesystem outside those allowlists.
+
+V&V hardening pass (Phase-2 substrate-adapter pilot, 2026-05-28): the
+observer-execution surface — anywhere this module would invoke
+subprocess / systemctl / Path.stat / Path.iterdir against a host target
+— MUST first pass the target through :meth:`SelfHosterAdapter._invoke_observer`,
+which consults :class:`SelfHosterAllowlists` and refuses any
+out-of-allowlist target with :class:`AllowlistViolationError`.  Real
+read implementations land in follow-up passes; the guard is wired now
+so the surface is structurally refused at scaffold time.
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Awaitable, Callable, TypeVar
+
+from alter_runtime.adapters.household._base import PassiveLanPollerBase
+from alter_runtime.adapters.household.self_hoster.storage import SelfHosterStorage
+from alter_runtime.adapters.household.self_hoster.traits import SelfHosterTraits
+from alter_runtime.config import DaemonConfig
+
+__all__ = [
+    "AllowlistBucket",
+    "AllowlistViolationError",
+    "SelfHosterAdapter",
+    "SelfHosterAllowlists",
+]
+
+#: Default 6-hour cadence per stub spec §6.
+DEFAULT_POLL_INTERVAL_SECONDS: float = 6 * 60 * 60
+
+#: Names of the buckets on :class:`SelfHosterAllowlists` the
+#: :meth:`SelfHosterAdapter._check_allowlist` guard accepts.  Using a
+#: ``Literal``-style sentinel rather than a free string so a typo in the
+#: bucket name surfaces at code-read time, not at silent-skip runtime.
+AllowlistBucket = str  # one of "systemd_units" / "backup_repo_paths" / "letsencrypt_cert_dirs"
+
+_T = TypeVar("_T")
+
+
+class AllowlistViolationError(RuntimeError):
+    """Raised when an observer call site targets an out-of-allowlist resource.
+
+    The :class:`SelfHosterAllowlists` declared at pairing time is the
+    only legitimate set of host resources the daemon may read.  Any
+    subprocess / systemctl / filesystem-walk call site that would touch
+    something outside those lists is refused at the
+    :meth:`SelfHosterAdapter._check_allowlist` guard before the
+    invocation happens — the daemon never silently reads outside the
+    member-authored allowlist.
+    """
+
+
+@dataclass(frozen=True)
+class SelfHosterAllowlists:
+    """Member-authored allowlists declared at pairing time.
+
+    The adapter never reads anything outside these lists.  Empty lists
+    cause the corresponding sub-trait to skip its computation rather
+    than scan the whole host.
+    """
+
+    systemd_units: tuple[str, ...] = ()
+    backup_repo_paths: tuple[Path, ...] = ()
+    letsencrypt_cert_dirs: tuple[Path, ...] = ()
+
+
+class SelfHosterAdapter(PassiveLanPollerBase):
+    """Self-hoster (Eco-15) own-host poller."""
+
+    name: str = "self_hoster"
+    poll_interval_seconds: float = DEFAULT_POLL_INTERVAL_SECONDS
+
+    def __init__(
+        self,
+        config: DaemonConfig,
+        allowlists: SelfHosterAllowlists | None = None,
+    ) -> None:
+        super().__init__(config)
+        self._allowlists = allowlists or SelfHosterAllowlists()
+        self._storage = SelfHosterStorage()
+        self._traits = SelfHosterTraits()
+
+    @property
+    def allowlists(self) -> SelfHosterAllowlists:
+        return self._allowlists
+
+    async def poll_once(self) -> None:
+        """Run one observation cycle across the five sub-trait inputs."""
+        await self._observe_os_update_discipline()
+        await self._observe_backup_cadence()
+        await self._observe_service_breadth()
+        await self._observe_tls_hygiene()
+        await self._observe_uptime_steward()
+
+    # ------------------------------------------------------------------
+    # Observer-execution guard (V&V hardening, 2026-05-28)
+    # ------------------------------------------------------------------
+
+    def _check_allowlist(self, *, kind: str, target: object, bucket: AllowlistBucket) -> None:
+        """Refuse any observer invocation whose target is out-of-allowlist.
+
+        Every call site in this module that would invoke ``subprocess`` /
+        ``systemctl`` / ``Path.stat`` / ``Path.iterdir`` against a host
+        target MUST call this guard first.  The guard consults the
+        bucket on :class:`SelfHosterAllowlists` named by ``bucket`` and
+        raises :class:`AllowlistViolationError` if ``target`` is not in
+        that bucket.
+
+        Parameters
+        ----------
+        kind:
+            The sub-trait kind being observed (``"backup_cadence"`` etc.).
+            Used in the warning log + exception message for traceability.
+        target:
+            The concrete host resource — a systemd unit name, a backup-repo
+            ``Path``, a letsencrypt cert dir ``Path``.
+        bucket:
+            One of ``"systemd_units"``, ``"backup_repo_paths"``,
+            ``"letsencrypt_cert_dirs"`` — the attribute name on
+            :class:`SelfHosterAllowlists` to consult.
+
+        Raises
+        ------
+        AllowlistViolationError
+            If ``target`` is not in ``self._allowlists.<bucket>``.
+        AttributeError
+            If ``bucket`` does not name a known attribute — surfaces a
+            typo loudly rather than silently passing.
+        """
+        allowed = getattr(self._allowlists, bucket)
+        if target not in allowed:
+            self._logger.warning(
+                "self_hoster refusing out-of-allowlist invocation kind=%s target=%s bucket=%s",
+                kind,
+                target,
+                bucket,
+            )
+            raise AllowlistViolationError(
+                f"self_hoster refused observer invocation kind={kind!r} "
+                f"target={target!r} bucket={bucket!r} — target not in "
+                f"member-authored allowlist"
+            )
+
+    async def _invoke_observer(
+        self,
+        *,
+        kind: str,
+        target: object,
+        bucket: AllowlistBucket,
+        invocation: Callable[[], Awaitable[_T]],
+    ) -> _T:
+        """Run a guarded observer invocation.
+
+        Every future ``subprocess`` / ``systemctl`` / filesystem-walk
+        call site goes through this wrapper so the allowlist guard is
+        impossible to bypass at call time.  Pattern::
+
+            await self._invoke_observer(
+                kind="backup_cadence",
+                target=path,
+                bucket="backup_repo_paths",
+                invocation=lambda: asyncio.to_thread(path.stat),
+            )
+
+        ``invocation`` is only awaited if :meth:`_check_allowlist`
+        accepts the target.
+        """
+        self._check_allowlist(kind=kind, target=target, bucket=bucket)
+        return await invocation()
+
+    # ------------------------------------------------------------------
+    # Per-sub-trait observers — scaffold-level, no real reads yet
+    # ------------------------------------------------------------------
+
+    async def _observe_os_update_discipline(self) -> None:
+        # TODO(eco-15): shell-out to pacman -Q --info / apt list --installed /
+        #   opkg list-installed; capture last-update-time per package mgr;
+        #   never expose package list upward, only band.
+        #   When wired, route the shell-out through self._invoke_observer with
+        #   a dedicated allowlist bucket (package-mgr metadata is not bound to
+        #   the existing three buckets — extend SelfHosterAllowlists first).
+        await self._storage.record_observation(
+            kind="os_update_discipline", value_summary="unobserved"
+        )
+
+    async def _observe_backup_cadence(self) -> None:
+        # TODO(eco-15): for each path in allowlists.backup_repo_paths, stat()
+        #   the snapshot directories and record latest mtime; derive 90-day
+        #   cadence band downstream.
+        for path in self._allowlists.backup_repo_paths:
+            # Allowlist guard exercised even at scaffold time — the iteration
+            # is over the allowlist itself, so the path is trivially valid.
+            # The check is here so the call shape mirrors the eventual real
+            # stat()-bearing invocation.
+            self._check_allowlist(kind="backup_cadence", target=path, bucket="backup_repo_paths")
+            self._logger.debug("self_hoster backup-repo allowlisted path=%s", path)
+        await self._storage.record_observation(kind="backup_cadence", value_summary="unobserved")
+
+    async def _observe_service_breadth(self) -> None:
+        # TODO(eco-15): connect to systemd D-Bus org.freedesktop.systemd1,
+        #   filter ListUnits to allowlists.systemd_units, count active.
+        # TODO(eco-15): dbus-next is an optional extra (pyproject [dbus]);
+        #   degrade gracefully when not installed.
+        for unit in self._allowlists.systemd_units:
+            self._check_allowlist(
+                kind="self_hosted_service_breadth",
+                target=unit,
+                bucket="systemd_units",
+            )
+            self._logger.debug("self_hoster systemd-unit allowlisted unit=%s", unit)
+        await self._storage.record_observation(
+            kind="self_hosted_service_breadth", value_summary="unobserved"
+        )
+
+    async def _observe_tls_hygiene(self) -> None:
+        # TODO(eco-15): for each path in allowlists.letsencrypt_cert_dirs,
+        #   parse cert.pem expiry via cryptography (already a dep) and
+        #   derive renewal-compliance band.  Never read private keys.
+        for path in self._allowlists.letsencrypt_cert_dirs:
+            self._check_allowlist(kind="tls_hygiene", target=path, bucket="letsencrypt_cert_dirs")
+            self._logger.debug("self_hoster LE-cert allowlisted dir=%s", path)
+        await self._storage.record_observation(kind="tls_hygiene", value_summary="unobserved")
+
+    async def _observe_uptime_steward(self) -> None:
+        # TODO(eco-15): derive 30-day uptime ratio from systemd boot-list +
+        #   monotonic clock; gate against allowlisted-service availability.
+        #   Per-unit reads MUST go through self._invoke_observer with bucket
+        #   "systemd_units" — uptime is computed against allowlisted services
+        #   only, never the full unit list.
+        await self._storage.record_observation(kind="uptime_steward", value_summary="unobserved")