alter-runtime 0.3.1__tar.gz → 0.3.2__tar.gz

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: alter-runtime
-Version: 0.3.1
+Version: 0.3.2
 Summary: ~Alter Identity Runtime - local sovereign daemon for the continuous identity field. Subscribes to per-~handle Cloudflare Durable Objects, exposes Unix socket + D-Bus + CLI surfaces, falls back gracefully to direct MCP polling.
 Project-URL: Homepage, https://truealter.com
 Project-URL: Documentation, https://truealter.com/docs/alter-runtime
@@ -116,7 +116,7 @@ filing a public issue. Non-security bugs and feature requests: email
 | 2 | 2b - Subscribers, Unix socket, D-Bus, git watcher | Shipped |
 | 2 | 2c - systemd + launchd service units | Shipped |
 | 2 | 2d - First pixel: CC hook + scripts upgrade | Shipped |
-| 2 | 2e - eBPF subscriber (Patent M, reference impl in `alter-ebpf`) | Shipped |
+| 2 | 2e - eBPF subscriber (reference impl in `alter-ebpf`) | Shipped |
 | 3 | 3a - Cross-platform tray surfaces | Planned |
 | 3 | 3b - Windows Service + `pam_alter` stub | Planned |
 | 3 | 3c - PyPI release CI + signed binaries | Planned |
@@ -183,7 +183,7 @@ alter-runtime stop
    - Git commits, branch switches, pushes (via `watchdog` on `.git/refs/heads/`)
    - CC hook events (forwarded from `.claude/hooks/*.sh`)
    - Shell command invocations (opt-in)
-   - eBPF kernel attestations (shipped; reference impl in `alter-ebpf`, Patent M)
+   - eBPF kernel attestations (shipped; reference impl in `alter-ebpf`)
 
 5. **Maintains a local cache** of your last-known-good field state so the first-paint
    tilde warmth renders in <1 second, even offline. Per IFA's Five OS-Native Properties,
@@ -203,7 +203,7 @@ alter-runtime/
 │   ├── cli.py                    # argparse entrypoint: init|start|stop|status|query|ingest|daemon
 │   ├── sdk/
 │   │   ├── __init__.py
-│   │   └── client.py             # AlterClient (lifted from backend/openclaw-skill)
+│   │   └── client.py             # AlterClient (async identity MCP client)
 │   ├── subscribers/              # (Wave 2)
 │   │   ├── do_sse.py             # primary - subscribes to handle-alter DO SSE
 │   │   └── mcp_fallback.py       # fallback - polls api.truealter.com/api/v1/mcp

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/README.md

@@ -48,7 +48,7 @@ filing a public issue. Non-security bugs and feature requests: email
 | 2 | 2b - Subscribers, Unix socket, D-Bus, git watcher | Shipped |
 | 2 | 2c - systemd + launchd service units | Shipped |
 | 2 | 2d - First pixel: CC hook + scripts upgrade | Shipped |
-| 2 | 2e - eBPF subscriber (Patent M, reference impl in `alter-ebpf`) | Shipped |
+| 2 | 2e - eBPF subscriber (reference impl in `alter-ebpf`) | Shipped |
 | 3 | 3a - Cross-platform tray surfaces | Planned |
 | 3 | 3b - Windows Service + `pam_alter` stub | Planned |
 | 3 | 3c - PyPI release CI + signed binaries | Planned |
@@ -115,7 +115,7 @@ alter-runtime stop
    - Git commits, branch switches, pushes (via `watchdog` on `.git/refs/heads/`)
    - CC hook events (forwarded from `.claude/hooks/*.sh`)
    - Shell command invocations (opt-in)
-   - eBPF kernel attestations (shipped; reference impl in `alter-ebpf`, Patent M)
+   - eBPF kernel attestations (shipped; reference impl in `alter-ebpf`)
 
 5. **Maintains a local cache** of your last-known-good field state so the first-paint
    tilde warmth renders in <1 second, even offline. Per IFA's Five OS-Native Properties,
@@ -135,7 +135,7 @@ alter-runtime/
 │   ├── cli.py                    # argparse entrypoint: init|start|stop|status|query|ingest|daemon
 │   ├── sdk/
 │   │   ├── __init__.py
-│   │   └── client.py             # AlterClient (lifted from backend/openclaw-skill)
+│   │   └── client.py             # AlterClient (async identity MCP client)
 │   ├── subscribers/              # (Wave 2)
 │   │   ├── do_sse.py             # primary - subscribes to handle-alter DO SSE
 │   │   └── mcp_fallback.py       # fallback - polls api.truealter.com/api/v1/mcp

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/alter_runtime/atlas/ledger.py

@@ -11,7 +11,7 @@ Honesty clause - this ledger is a SOFT SIGNAL, not a cryptographic audit.
 Per substrate spec §4.3: the egress-capable parent daemon writes this ledger.
 When the parent daemon is the attacker, the ledger is an honest-witness weakness
 - the daemon can simply omit or rewrite entries. Meaningful external auditing
-arrives when ``alter-ebpf`` (Patent M) ships on-user-device and can witness
+arrives when ``alter-ebpf`` ships on-user-device and can witness
 ``bprm_check_security`` + network syscalls sourced from the daemon UID from
 outside the daemon's control boundary.
 

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/alter_runtime/daemon.py

@@ -373,7 +373,7 @@ async def run_daemon(config: DaemonConfig | None = None) -> None:
         # state" file with a 72 h expiry. Shell-greeting consumers
         # (alter-cli `alter room`, future menu greeting) read that
         # file and render the echo iff still within the window.
-        # Per proposed-D-CUST-1 surface 21 (alter-internal #140).
+        # Per proposed-D-CUST-1 surface 21.
         ceremony = CeremonyEchoWriter(config, session)
         supervisor.register(ceremony)
         event_bus.subscribe("identity.frame", ceremony.handle_raw_frame)
@@ -484,7 +484,7 @@ async def run_daemon(config: DaemonConfig | None = None) -> None:
 
             supervisor.register(ClaudeJsonlWatcher(config, event_bus))
 
-        # --- Kernel attestation (Wave 5b, Patent M) -----------------------
+        # --- Kernel attestation (Wave 5b) ---------------------------------
         # The eBPF subscriber spawns the Rust ``alter-ebpf`` loader and
         # republishes its exec stream onto ``kernel.attest.exec`` and
         # ``local.signal``. It silently disables itself on hosts where the

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/alter_runtime/sdk/__init__.py

@@ -1,8 +1,8 @@
 """alter_runtime.sdk - Python SDK for ALTER's identity MCP server.
 
-Exports ``AlterClient``, the async HTTP client lifted from
-``backend/openclaw-skill/alter_bot/mcp_client.py`` and renamed for the
-distribution layer (D-RT5 - the PyPI package is ``alter-runtime``, not
+Exports ``AlterClient``, the async HTTP client for ALTER's identity MCP
+server, packaged for the distribution layer (D-RT5 - the PyPI package is
+``alter-runtime``, not
 ``alter-identity``, because the TypeScript npm package ``@alter/identity``
 already claims that name).
 """

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/alter_runtime/sdk/client.py

@@ -1,10 +1,9 @@
 """AlterClient - async JSON-RPC 2.0 client for ALTER's identity MCP server.
 
-Ported from ``backend/openclaw-skill/alter_bot/mcp_client.py`` with two changes:
+Adapted from ALTER's internal MCP client with two changes:
 
-1. **Class renamed** from ``AlterMCPClient`` to ``AlterClient`` to match the
-   public SDK surface described in the plan and D-RT5. The original class
-   remains in the backend for internal tooling.
+1. **Class renamed** to ``AlterClient`` to match the public SDK surface
+   described in the plan and D-RT5.
 
 2. **Dual-source discovery** - ``AlterClient.auto_discover()`` first tries
    to reach the local daemon's Unix socket (once Wave 2 ships it) and falls

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/alter_runtime/services/launchd/com.alter.runtime.plist.in

@@ -65,14 +65,10 @@
          and LowPriorityIO further drops disk-IO priority so the daemon never
          starves a foreground IDE / build that the operator is actively using.
 
-         Pentest 2026-04-26 (MEDIUM) follow-up: ship a sandbox-exec profile
-         next to this template that constrains filesystem writes to
-         ~/Library/Application Support/alter, ~/Library/Caches/alter and
-         ~/Library/Logs/alter-runtime, denies all network listening sockets
-         except the Unix socket under Application Support, and uses
-         ``allow-with-prompt`` for outbound HTTPS to api.truealter.com only.
-         Tracked at alter-runtime#sandbox-profile (TODO; out of scope for
-         this PR — the plist itself is the security floor pre-sandbox). -->
+         TODO(sandbox-profile): ship a sandbox-exec profile alongside this
+         template to further constrain the daemon's runtime surface. Tracked
+         at alter-runtime#sandbox-profile — out of scope here; the plist is
+         the pre-sandbox security floor. -->
     <key>ProcessType</key>
     <string>Background</string>
     <key>LowPriorityIO</key>

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/alter_runtime/subscribers/ceremony_echo.py

@@ -28,7 +28,7 @@ daemon supervisor. Like InboxWriter, the supervisor will restart on
 :meth:`run` exceptions but :meth:`handle_event` only ever logs and returns.
 
 Refs:
-   * proposed-D-CUST-1 (alter-internal #140) - surface 21 (ceremony echo)
+   * proposed-D-CUST-1 - surface 21 (ceremony echo)
    * embedded-messenger/05-design-synthesis.md - content_type taxonomy
 """
 

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/alter_runtime/subscribers/ebpf.py

@@ -3,8 +3,7 @@
 The Rust ``alter-ebpf`` binary (subcrate ``packages/alter-ebpf``) is the
 userspace half of a BPF LSM program that observes ``bprm_check_security``
 and emits one ``alter1``-shaped JSON envelope per line to stdout for every
-exec on a uid the operator opted in to. Patent M (filed 2026) covers this
-kernel-adjacent attestation surface.
+exec on a uid the operator opted in to.
 
 This subscriber is the bridge between that binary and the in-process
 :class:`EventBus`. It:

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/docs/schemas/README.md

@@ -19,7 +19,7 @@ Canonical schemas for files the daemon writes under `~/.local/share/alter-runtim
 - **Field naming** - `snake_case` throughout.
 - **Timestamps** - ISO 8601 UTC with `Z` suffix (e.g. `2026-05-12T14:23:00Z`).
 - **Identity** - `handle` matches `^~[a-z0-9_-]+$`.
-- **Provenance** - every record carries `provenance_class` from the canonical 6-value enum in `backend/app/services/consent/provenance.py`. D-OBS-1 / D-ATLAS-1 stream classes (e.g. `passive_local_document`) are valid where the StreamProvenanceClass enum at `backend/app/services/consent/gateway.py` permits.
+- **Provenance** - every record carries `provenance_class` from the canonical 6-value provenance enum. D-OBS-1 / D-ATLAS-1 stream classes (e.g. `passive_local_document`) are valid where the StreamProvenanceClass enum at `the consent gateway` permits.
 - **Consent** - every record carries `consent_tier` ∈ {1, 2, 3, 4} per D109 (`L1_MANUAL` / `L2_CATEGORY` / `L3_MANAGED` / `L4_AUTONOMOUS`).
 - **Append-only** - never edit or delete records. Amend forward via `supersedes_id` chain when supported.
 - **Versioning** - `version` is the producer-assigned monotonic dedup key; readers ignore older `version` values for the same `id`.
@@ -29,15 +29,15 @@ Canonical schemas for files the daemon writes under `~/.local/share/alter-runtim
 
 ## Wire envelope alignment
 
-JSONL records mirror what arrives on the per-handle Durable Object SSE stream (`mcp.truealter.com/events/{handle}/stream`). The DO event envelope is defined at `cloudflare/workers/shared/src/types.ts`; the backend ingest envelope is at `backend/app/services/identity_events/producer.py:96–146`. When local clients (alter-cli, widget, Android) originate a state change, they emit an `IngestEnvelope` to `/api/v1/org-alter/ingest`; the DO fans it back out on the SSE stream; the daemon writes it to the appropriate JSONL.
+JSONL records mirror what arrives on the per-handle Durable Object SSE stream (`mcp.truealter.com/events/{handle}/stream`). The DO event envelope is defined at `the DO worker shared types`; the backend ingest envelope is defined by the identity-events producer. When local clients (alter-cli, widget, Android) originate a state change, they emit an `IngestEnvelope` to `/api/v1/org-alter/ingest`; the DO fans it back out on the SSE stream; the daemon writes it to the appropriate JSONL.
 
 ## SignalKind extensions
 
-`cloudflare/workers/shared/src/types.ts` `SignalKind` union must include `presence_set`, `session_started`, `session_heartbeat`, `session_ended`, `adapter_status` for the DO to route these events.
+`the DO worker shared types` `SignalKind` union must include `presence_set`, `session_started`, `session_heartbeat`, `session_ended`, `adapter_status` for the DO to route these events.
 
 ## Identity-as-Inference compliance
 
-Every record passes the consent gateway at `backend/app/services/consent/gateway.py` against its `(QueryCategory × StreamProvenanceClass)` tuple. The five AGAINST-clauses (Session 51, 2026-04-13) apply:
+Every record passes the consent gateway at `the consent gateway` against its `(QueryCategory × StreamProvenanceClass)` tuple. The five AGAINST-clauses (Session 51, 2026-04-13) apply:
 
 1. Active state changes (`presence.jsonl`, `session_started`) → `provenance_class=active_declaration` or `active_composition`; server-side projection OK.
 2. Per-record `provenance_class` declared. No record lands without it.

{alter_runtime-0.3.1 → alter_runtime-0.3.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "alter-runtime"
-version = "0.3.1"
+version = "0.3.2"
 description = "~Alter Identity Runtime - local sovereign daemon for the continuous identity field. Subscribes to per-~handle Cloudflare Durable Objects, exposes Unix socket + D-Bus + CLI surfaces, falls back gracefully to direct MCP polling."
 readme = "README.md"
 license = { text = "Apache-2.0" }
@@ -85,7 +85,7 @@ slack = [
   "slack-bolt>=1.18.0",
 ]
 ebpf = [
-  # Wave 5+ - kernel-adjacent attestation per Patent M. The Rust subcrate
+  # Wave 5+ - kernel-adjacent attestation. The Rust subcrate
   # will be called out to from the Python core when this extra is installed.
   "bcc>=0.29.0; sys_platform == 'linux'",
 ]