v1.1.0-ga: cluster session self-healing + orchestration substrate#82
Merged
Conversation
…oss tenant-scoped CLI verbs
…claire/.claude scratch worktrees
The T5 lint walked sibling agents' scratch worktrees (.claire, .claude)
which contain placeholder content that fails Go parse. This wedged the
substrate's worktree merge test-gate so no further task could merge.
Resilience changes:
* SkipDir for .claire and .claude in addition to .castra/.git/vendor
* Parse errors are silently skipped rather than fatal — real syntax
errors are still caught by go build/vet which run before the gate.
Hotfix on main to unblock the rest of the NT1.* milestone merges; the
T7 worktree carries the same patch so a future rebase-merge will be a
no-op delta.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…ates on assigned_role only
… CompiledPersona() when iris.db
…ompiledPersona() in seed_pin_tes
…cheForTesting (called from produ
… token bytes not self
…sPersona / CompiledPersona / iri
…ssor tasks should not block succ
…own + CLI tests + zero-time hand
…is 0 when invoked from inside th
…ath + CI binary artifact
…ilent iris-context dump)
…d-by edges on dependents
…ar sanitizer for project update
…architect' fallback with session
…EIST gates in production path
…scoping to data.go raw SQL queri
…ack with audit-emitting warning
…-arg form) Pre-existing regression: tui_test.go was not updated when session.CreateSession gained the allowUnsigned bool parameter in a prior task. Fixing on main to unblock the merge gate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… verbs into signed audit chain
… and enroll commands
…ce (orphan-source fix)
… version + CONTRIBUTING for GA
…ration (launchd + systemd) for s
…ECHNICAL_SPEC + OPERATIONS + A
…fresh-checkout/CI compatibility
…er — HMAC key bootstrap missin
…unner — extend HMAC bootstrap
…-wiring deep dive Corrects prior architect's hive-mechanism survey (task o2nsrel653pwya3q) which flattened scaffolded-but-unwired subsystems into greenfield framing. Audit traces every hive RPC touch point, confirms Pa's claim that identity_core_update flows through identity_update_queue, and rescopes the three Zendesk-walkthrough requirements to ~25 LoC patch + 1 greenfield opcode instead of a multi-week build. Doc: docs/internal/hive-integration-audit.md (651 lines) Method: read-only file:line trace; no code edits. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
… post-bootstrap (cluster_init +
…locks mTLS handshake end-to-end
… cert CN when --listen changes b
…lient don't validate on parent (
…ultListenAddr, ignoring --listen
…d Iris identity to client's ~/.c
…m + identity (close write/read s
…m heartbeat threshold + heartb
…SAN URI on enrollment cert (hard
…/v1/cluster/session/refresh mTLS
…sserting_Code_State clause in al
…ona — craft-layer dispatch dis
…oss 7 public personas + BaseCLIR
… transparent refresh-retry + 'ca
… transparent refresh-retry + 'ca
…as substrate-callable workflow p
…lution: v44 taken by workflow tables) [DRIFT] Migration version bumped from v44 to v45: concurrent task n7r3m480of8n0x43 claimed v44 for workflow_run/workflow_stage/workflow_shape_note tables between plan-time and merge-time. Forward-only per EpistemicDisciplineBlock mandate.
…leware for Verify_In_Code_Before
…ceived ga.5-ga.8 via PR merge commits, local has equivalent content plus all v1.1.0-ga new work)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v1.1.0-ga Release
HEIST (ga.9 chain) — cluster session self-healing
xb25hjtiu9rq2s0rga.9 cert-fix: encode node_id in SPIFFE SAN URI on enrollment cert (hardened cluster mTLS identity)8hrjiw1c4ic006i3ga.9 server: session_stale error code + /v1/cluster/session/refresh mTLS endpoint + HATEOAS + iris.db migration 208fpj1myg3lihb2mbga.9 client: session_stale interceptor + transparent refresh-retry +castra cluster session refreshCLI verbrdajonf19td7l747ga.9 counter-check passedOrchestration substrate
sjnepim7hkskoqhxEpistemicDisciplineBlock: Verify_In_Code_Before_Asserting_Code_State clause in all 7 public personasoh0k0pgr4e21mhtkPublic Iris orchestrator persona upgrade: 6 craft-layer dispatch discipline clauses in §11hm1cy65c610a3331Per-persona CLI Reference DSL blocks: BaseCLIReferenceBlock + per-role CLI_Reference across all personaslob5vrqqmz879anw10-stage workflow primitive:castra workflow ten-stage start/view/list,stage graduate/harvest+ castra.db migration 44edu0gcjd2m2oji93Evidence-gate middleware Phase 1: --evidence flag + per-role policy + sentinelz4csfalw89aq42bhSupersede verb with auto-migrate + castra.db migration 45Migrations
Pipeline integrity
019e2c59-0671-7d5d-8c0e-a394ee92dba7)Follow-ups filed (non-blocking)
019e2c5c-0624-71cc-8b5d-a2b08c9bceb5)🤖 Generated with Claude Code