diff --git a/crates/punk-eval/src/lib.rs b/crates/punk-eval/src/lib.rs index 44ed8a7..4956984 100644 --- a/crates/punk-eval/src/lib.rs +++ b/crates/punk-eval/src/lib.rs @@ -663,10 +663,10 @@ pub fn run_smoke_suite() -> SmokeEvalReport { SmokeEvalStatus::Fail }; let assessment = if smoke_result == SmokeEvalStatus::Pass { - "local deterministic smoke harness passed over current contract, contract schema blueprint model, user intent-to-contract draft model, contract draft confirmation boundary model, hard clause mapping model, contract receipt requirements model, contract gate input policy model, contract proof requirements model, flow, receipt, event, local event writer, local receipt/evidence event handoff, instruction page-index model, publishing locate resolver, PubPunk inventory reader model, PubPunk inventory input packet, PubPunk inventory assessment model, PubPunk connector profile resolution model, PubPunk publish request packet with resolved connector refs, PubPunk publish receipt preflight packet with resolved connector refs, PubPunk publish receipt write handoff packet, PubPunk publish operation evidence handoff packet, PubPunk publish receipt/evidence event handoff packet, PubPunk host handoff chain, module-host invocation envelope, module-host receipt proposal model, module-host side-effect request proposal model, module-host policy gate preflight model, module-host side-effect receipt writer preflight model, module-host side-effect receipt writer active behavior model, module-host side-effect receipt writer file IO plan model, module-host side-effect receipt writer target/storage policy model, module-host side-effect receipt writer host path observation model, module-host side-effect receipt writer concrete path/storage policy model, module-host side-effect receipt writer operation-evidence persistence model, module-host side-effect receipt writer first active write slice, module-host side-effect receipt writer operation-evidence write slice, greenfield and brownfield project init scaffolds, brownfield source corpus manifest side-effect-free model, brownfield source corpus manifest writer preflight model, brownfield source corpus manifest writer first slice, gate, proof, proofpack manifest renderer, proofpack manifest digest helper, proofpack writer canonical artifact model, proofpack writer target artifact ref policy model, proofpack writer operation evidence model, proofpack writer preflight plan model, proofpack writer file IO plan model, proofpack writer file IO outcome model, proofpack writer file IO error reason model, proofpack writer target path policy model, proofpack writer preflight integration model, proofpack writer active behavior model, proofpack writer host path resolution model, proofpack writer concrete path/storage policy model, proofpack writer first active write slice, proofpack writer hash/reference integration model, artifact hash policy, exact-byte hash computation helper, file IO artifact hashing helper, and referenced artifact verification helper kernels" + "local deterministic smoke harness passed over current contract, contract schema blueprint model, user intent-to-contract draft model, contract draft confirmation boundary model, hard clause mapping model, contract receipt requirements model, contract gate input policy model, contract proof requirements model, flow, receipt, event, local event writer, local receipt/evidence event handoff, instruction page-index model, publishing locate resolver, PubPunk inventory reader model, PubPunk inventory input packet, PubPunk inventory assessment model, PubPunk connector profile resolution model, PubPunk publish request packet with resolved connector refs, PubPunk publish receipt preflight packet with resolved connector refs, PubPunk publish receipt write handoff packet with resolved connector refs, PubPunk publish operation evidence handoff packet, PubPunk publish receipt/evidence event handoff packet, PubPunk host handoff chain, module-host invocation envelope, module-host receipt proposal model, module-host side-effect request proposal model, module-host policy gate preflight model, module-host side-effect receipt writer preflight model, module-host side-effect receipt writer active behavior model, module-host side-effect receipt writer file IO plan model, module-host side-effect receipt writer target/storage policy model, module-host side-effect receipt writer host path observation model, module-host side-effect receipt writer concrete path/storage policy model, module-host side-effect receipt writer operation-evidence persistence model, module-host side-effect receipt writer first active write slice, module-host side-effect receipt writer operation-evidence write slice, greenfield and brownfield project init scaffolds, brownfield source corpus manifest side-effect-free model, brownfield source corpus manifest writer preflight model, brownfield source corpus manifest writer first slice, gate, proof, proofpack manifest renderer, proofpack manifest digest helper, proofpack writer canonical artifact model, proofpack writer target artifact ref policy model, proofpack writer operation evidence model, proofpack writer preflight plan model, proofpack writer file IO plan model, proofpack writer file IO outcome model, proofpack writer file IO error reason model, proofpack writer target path policy model, proofpack writer preflight integration model, proofpack writer active behavior model, proofpack writer host path resolution model, proofpack writer concrete path/storage policy model, proofpack writer first active write slice, proofpack writer hash/reference integration model, artifact hash policy, exact-byte hash computation helper, file IO artifact hashing helper, and referenced artifact verification helper kernels" .to_owned() } else { - "local deterministic smoke harness found one or more failing cases over current contract, contract schema blueprint model, user intent-to-contract draft model, contract draft confirmation boundary model, hard clause mapping model, contract receipt requirements model, contract gate input policy model, contract proof requirements model, flow, receipt, event, local event writer, local receipt/evidence event handoff, instruction page-index model, publishing locate resolver, PubPunk inventory reader model, PubPunk inventory input packet, PubPunk inventory assessment model, PubPunk connector profile resolution model, PubPunk publish request packet with resolved connector refs, PubPunk publish receipt preflight packet with resolved connector refs, PubPunk publish receipt write handoff packet, PubPunk publish operation evidence handoff packet, PubPunk publish receipt/evidence event handoff packet, PubPunk host handoff chain, module-host invocation envelope, module-host receipt proposal model, module-host side-effect request proposal model, module-host policy gate preflight model, module-host side-effect receipt writer preflight model, module-host side-effect receipt writer active behavior model, module-host side-effect receipt writer file IO plan model, module-host side-effect receipt writer target/storage policy model, module-host side-effect receipt writer host path observation model, module-host side-effect receipt writer concrete path/storage policy model, module-host side-effect receipt writer operation-evidence persistence model, module-host side-effect receipt writer first active write slice, module-host side-effect receipt writer operation-evidence write slice, greenfield and brownfield project init scaffolds, brownfield source corpus manifest side-effect-free model, brownfield source corpus manifest writer preflight model, brownfield source corpus manifest writer first slice, gate, proof, proofpack manifest renderer, proofpack manifest digest helper, proofpack writer canonical artifact model, proofpack writer target artifact ref policy model, proofpack writer operation evidence model, proofpack writer preflight plan model, proofpack writer file IO plan model, proofpack writer file IO outcome model, proofpack writer file IO error reason model, proofpack writer target path policy model, proofpack writer preflight integration model, proofpack writer active behavior model, proofpack writer host path resolution model, proofpack writer concrete path/storage policy model, proofpack writer first active write slice, proofpack writer hash/reference integration model, artifact hash policy, exact-byte hash computation helper, file IO artifact hashing helper, and referenced artifact verification helper kernels" + "local deterministic smoke harness found one or more failing cases over current contract, contract schema blueprint model, user intent-to-contract draft model, contract draft confirmation boundary model, hard clause mapping model, contract receipt requirements model, contract gate input policy model, contract proof requirements model, flow, receipt, event, local event writer, local receipt/evidence event handoff, instruction page-index model, publishing locate resolver, PubPunk inventory reader model, PubPunk inventory input packet, PubPunk inventory assessment model, PubPunk connector profile resolution model, PubPunk publish request packet with resolved connector refs, PubPunk publish receipt preflight packet with resolved connector refs, PubPunk publish receipt write handoff packet with resolved connector refs, PubPunk publish operation evidence handoff packet, PubPunk publish receipt/evidence event handoff packet, PubPunk host handoff chain, module-host invocation envelope, module-host receipt proposal model, module-host side-effect request proposal model, module-host policy gate preflight model, module-host side-effect receipt writer preflight model, module-host side-effect receipt writer active behavior model, module-host side-effect receipt writer file IO plan model, module-host side-effect receipt writer target/storage policy model, module-host side-effect receipt writer host path observation model, module-host side-effect receipt writer concrete path/storage policy model, module-host side-effect receipt writer operation-evidence persistence model, module-host side-effect receipt writer first active write slice, module-host side-effect receipt writer operation-evidence write slice, greenfield and brownfield project init scaffolds, brownfield source corpus manifest side-effect-free model, brownfield source corpus manifest writer preflight model, brownfield source corpus manifest writer first slice, gate, proof, proofpack manifest renderer, proofpack manifest digest helper, proofpack writer canonical artifact model, proofpack writer target artifact ref policy model, proofpack writer operation evidence model, proofpack writer preflight plan model, proofpack writer file IO plan model, proofpack writer file IO outcome model, proofpack writer file IO error reason model, proofpack writer target path policy model, proofpack writer preflight integration model, proofpack writer active behavior model, proofpack writer host path resolution model, proofpack writer concrete path/storage policy model, proofpack writer first active write slice, proofpack writer hash/reference integration model, artifact hash policy, exact-byte hash computation helper, file IO artifact hashing helper, and referenced artifact verification helper kernels" .to_owned() }; @@ -694,7 +694,7 @@ pub fn run_smoke_suite() -> SmokeEvalReport { "PubPunk host handoff smoke case chains input packet readiness, inventory assessment, module-host preflight, advisory envelope, and receipt proposal without invoking modules, reading files, writing receipts, publishing, collecting metrics, invoking adapters, or writing gate/proof authority", "PubPunk publish request packet smoke case consumes resolved connector refs before chaining explicit candidate, channel, policy, adapter, payload, and receipt refs into existing Module Host side-effect request and policy-gate models without publishing, invoking adapters, reading draft bodies, writing receipts, or activating runtime", "PubPunk publish receipt preflight smoke case consumes resolved connector refs before chaining explicit receipt target, storage, operation-evidence, idempotency, rollback, error, adapter invocation receipt, connector, channel, and payload refs into existing Module Host side-effect receipt writer preflight without writing receipts, invoking adapters, publishing, reading credentials, or activating runtime", - "PubPunk publish receipt write handoff smoke case chains explicit preflight, policy, target-path, receipt-bytes, operation-evidence, adapter invocation receipt, connector, channel, and payload refs into the existing Module Host receipt writer, which writes exact bytes only to a temporary .punk/runs target without invoking adapters, publishing, mutating event logs, writing gate/proof authority, or claiming acceptance", + "PubPunk publish receipt write handoff smoke case consumes resolved connector refs before chaining explicit preflight, policy, target-path, receipt-bytes, operation-evidence, adapter invocation receipt, connector, channel, and payload refs into the existing Module Host receipt writer, which writes exact bytes only to a temporary .punk/runs target without invoking adapters, publishing, mutating event logs, writing gate/proof authority, or claiming acceptance", "PubPunk publish operation evidence handoff smoke case chains explicit receipt writer result, operation-evidence target-path, operation-evidence bytes, adapter invocation receipt, connector, channel, and payload refs into the existing Module Host operation-evidence writer, which writes exact evidence bytes only to a temporary .punk/runs target after a successful receipt write without invoking adapters, publishing, mutating event logs, writing gate/proof authority, or claiming acceptance", "PubPunk publish receipt/evidence event handoff smoke case chains explicit receipt, operation-evidence, writer-result, event source, event correlation, connector, channel, and payload refs into the existing local receipt/evidence event writer, which appends one event only to a temporary .punk/events log without creating .punk/runs artifacts, invoking adapters, publishing, writing gate/proof authority, or claiming acceptance", "module-host invocation envelope smoke case wraps advisory module output only and does not load plugins, invoke modules, expose CLI behavior, read or write files, create receipts, mutate event logs, call APIs, read credentials, invoke adapters, publish, or write gate/proof authority", @@ -2594,9 +2594,12 @@ fn eval_pubpunk_publish_receipt_write_handoff_chains_to_host_receipt_writer_writ ) .with_input_refs(vec![ "evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md", + "evals/specs/pubpunk-channel-connector-profile-resolution.v0.1.md", + "work/module-assessments/pubpunk-connector-profile-resolution.md", "publishing/posts/community-lab.md", "publishing/channels/github-discussions-community-lab.md", "publishing/connectors/github-discussions-community-lab.md", + "work/module-assessments/pubpunk-selected-connector-strategy.md", ]) .with_granted_capabilities(vec![ModuleCapabilityGrant::AssessProvidedInput]) .with_expected_receipt_fields(vec![ @@ -2694,12 +2697,20 @@ fn eval_pubpunk_publish_receipt_write_handoff_chains_to_host_receipt_writer_writ ) .with_payload_ref("publishing/posts/community-lab.md") .with_channel_ref("publishing/channels/github-discussions-community-lab.md") + .with_connector_profile_resolution_ref( + "work/module-assessments/pubpunk-connector-profile-resolution.md", + ) .with_connector_profile_ref("publishing/connectors/github-discussions-community-lab.md") + .with_selected_connector_strategy_ref( + "work/module-assessments/pubpunk-selected-connector-strategy.md", + ) .with_instruction_refs(PUBPUNK_REQUIRED_INSTRUCTION_REFS.to_vec()) .with_allowed_source_refs(vec![ "publishing/posts/community-lab.md", "publishing/channels/github-discussions-community-lab.md", + "work/module-assessments/pubpunk-connector-profile-resolution.md", "publishing/connectors/github-discussions-community-lab.md", + "work/module-assessments/pubpunk-selected-connector-strategy.md", "work/module-receipts/github-discussions-invocation.md", "work/module-receipt-bytes/pubpunk-publish-community-lab.json", ]) @@ -2707,6 +2718,9 @@ fn eval_pubpunk_publish_receipt_write_handoff_chains_to_host_receipt_writer_writ .with_expected_receipt_fields(vec![ "side_effects", "host_validation", + "connector_profile_resolution", + "connector_profile_ref", + "selected_connector_strategy", "adapter_invocation_receipt", "operation_evidence", "publication_receipt", @@ -2839,8 +2853,21 @@ fn eval_pubpunk_publish_receipt_write_handoff_chains_to_host_receipt_writer_writ == ".punk/runs/pubpunk-publish-request/receipt.json" && handoff_assessment.refs.receipt_bytes_ref == "work/module-receipt-bytes/pubpunk-publish-community-lab.json" + && handoff_assessment.refs.connector_profile_resolution_ref + == "work/module-assessments/pubpunk-connector-profile-resolution.md" + && handoff_assessment.refs.connector_profile_ref + == "publishing/connectors/github-discussions-community-lab.md" + && handoff_assessment.refs.selected_connector_strategy_ref + == "work/module-assessments/pubpunk-selected-connector-strategy.md" && handoff_refs.operation_evidence_persistence_ref == "work/module-receipt-writer-operation-evidence-persistence/pubpunk-publish-community-lab.md" + && handoff_refs.channel_ref == "publishing/channels/github-discussions-community-lab.md" + && handoff_refs.connector_profile_resolution_ref + == "work/module-assessments/pubpunk-connector-profile-resolution.md" + && handoff_refs.connector_profile_ref + == "publishing/connectors/github-discussions-community-lab.md" + && handoff_refs.selected_connector_strategy_ref + == "work/module-assessments/pubpunk-selected-connector-strategy.md" && receipt_writer_preflight.status == ModuleHostStatus::Ready && ready_persistence.is_ready() && setup_ok @@ -2879,7 +2906,7 @@ fn eval_pubpunk_publish_receipt_write_handoff_chains_to_host_receipt_writer_writ SmokeEvalCaseResult::pass( "eval_pubpunk_publish_receipt_write_handoff_chains_to_host_receipt_writer_write", "PubPunk publish receipt write handoff chains to host receipt writer write", - "PubPunk publish receipt write handoff projected explicit preflight, policy, path, receipt-bytes, and evidence refs into the existing Module Host receipt writer, which wrote exact bytes only to a temporary .punk/runs target without invoking adapters, publishing, mutating event logs, writing gate/proof authority, or claiming acceptance", + "PubPunk publish receipt write handoff consumed resolved connector refs and projected explicit preflight, policy, path, receipt-bytes, and evidence refs into the existing Module Host receipt writer, which wrote exact bytes only to a temporary .punk/runs target without invoking adapters, publishing, mutating event logs, writing gate/proof authority, or claiming acceptance", ) } else { SmokeEvalCaseResult::fail( @@ -3008,12 +3035,20 @@ fn eval_pubpunk_publish_operation_evidence_handoff_chains_to_host_operation_evid ) .with_payload_ref("publishing/posts/community-lab.md") .with_channel_ref("publishing/channels/github-discussions-community-lab.md") + .with_connector_profile_resolution_ref( + "work/module-assessments/pubpunk-connector-profile-resolution.md", + ) .with_connector_profile_ref("publishing/connectors/github-discussions-community-lab.md") + .with_selected_connector_strategy_ref( + "work/module-assessments/pubpunk-selected-connector-strategy.md", + ) .with_instruction_refs(PUBPUNK_REQUIRED_INSTRUCTION_REFS.to_vec()) .with_allowed_source_refs(vec![ "publishing/posts/community-lab.md", "publishing/channels/github-discussions-community-lab.md", + "work/module-assessments/pubpunk-connector-profile-resolution.md", "publishing/connectors/github-discussions-community-lab.md", + "work/module-assessments/pubpunk-selected-connector-strategy.md", "work/module-receipts/github-discussions-invocation.md", "work/module-receipt-bytes/pubpunk-publish-community-lab.json", ]) @@ -3021,6 +3056,9 @@ fn eval_pubpunk_publish_operation_evidence_handoff_chains_to_host_operation_evid .with_expected_receipt_fields(vec![ "side_effects", "host_validation", + "connector_profile_resolution", + "connector_profile_ref", + "selected_connector_strategy", "adapter_invocation_receipt", "operation_evidence", "publication_receipt", @@ -13730,7 +13768,7 @@ mod tests { "module-host side-effect receipt writer operation-evidence write slice smoke case writes exact operation-evidence bytes only to an explicit temporary .punk/runs target after a successful receipt write" )); assert!(rendered.contains( - "PubPunk publish receipt write handoff smoke case chains explicit preflight, policy, target-path, receipt-bytes" + "PubPunk publish receipt write handoff smoke case consumes resolved connector refs before chaining explicit preflight, policy, target-path, receipt-bytes" )); assert!(rendered.contains( "PubPunk publish operation evidence handoff smoke case chains explicit receipt writer result, operation-evidence target-path, operation-evidence bytes" diff --git a/crates/punk-mod-pubpunk/src/lib.rs b/crates/punk-mod-pubpunk/src/lib.rs index 934b339..25fae94 100644 --- a/crates/punk-mod-pubpunk/src/lib.rs +++ b/crates/punk-mod-pubpunk/src/lib.rs @@ -4215,7 +4215,9 @@ pub struct PubPunkPublishReceiptWriteHandoffPacket { pub adapter_invocation_receipt_ref: String, pub payload_ref: String, pub channel_ref: String, + pub connector_profile_resolution_ref: String, pub connector_profile_ref: String, + pub selected_connector_strategy_ref: String, pub allowed_source_refs: Vec, pub instruction_refs: Vec, pub granted_capabilities: Vec, @@ -4259,7 +4261,9 @@ impl PubPunkPublishReceiptWriteHandoffPacket { adapter_invocation_receipt_ref: String::new(), payload_ref: String::new(), channel_ref: String::new(), + connector_profile_resolution_ref: String::new(), connector_profile_ref: String::new(), + selected_connector_strategy_ref: String::new(), allowed_source_refs: Vec::new(), instruction_refs: Vec::new(), granted_capabilities: Vec::new(), @@ -4405,11 +4409,27 @@ impl PubPunkPublishReceiptWriteHandoffPacket { self } + pub fn with_connector_profile_resolution_ref( + mut self, + connector_profile_resolution_ref: impl Into, + ) -> Self { + self.connector_profile_resolution_ref = connector_profile_resolution_ref.into(); + self + } + pub fn with_connector_profile_ref(mut self, connector_profile_ref: impl Into) -> Self { self.connector_profile_ref = connector_profile_ref.into(); self } + pub fn with_selected_connector_strategy_ref( + mut self, + selected_connector_strategy_ref: impl Into, + ) -> Self { + self.selected_connector_strategy_ref = selected_connector_strategy_ref.into(); + self + } + pub fn with_allowed_source_refs(mut self, allowed_source_refs: Vec>) -> Self { self.allowed_source_refs = allowed_source_refs.into_iter().map(Into::into).collect(); self @@ -4485,6 +4505,10 @@ impl PubPunkPublishReceiptWriteHandoffPacket { error_ref: self.error_ref.clone(), adapter_invocation_receipt_ref: self.adapter_invocation_receipt_ref.clone(), payload_ref: self.payload_ref.clone(), + channel_ref: self.channel_ref.clone(), + connector_profile_resolution_ref: self.connector_profile_resolution_ref.clone(), + connector_profile_ref: self.connector_profile_ref.clone(), + selected_connector_strategy_ref: self.selected_connector_strategy_ref.clone(), }) } } @@ -4509,6 +4533,10 @@ pub struct PubPunkPublishReceiptWriteHandoffRefs { pub error_ref: String, pub adapter_invocation_receipt_ref: String, pub payload_ref: String, + pub channel_ref: String, + pub connector_profile_resolution_ref: String, + pub connector_profile_ref: String, + pub selected_connector_strategy_ref: String, } #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] @@ -4565,9 +4593,15 @@ pub enum PubPunkPublishReceiptWriteHandoffPacketFindingCode { MissingChannelRef, UnsafeChannelRef, ChannelRefNotAllowed, + MissingConnectorProfileResolutionRef, + UnsafeConnectorProfileResolutionRef, + ConnectorProfileResolutionRefNotAllowed, MissingConnectorProfileRef, UnsafeConnectorProfileRef, ConnectorProfileRefNotAllowed, + MissingSelectedConnectorStrategyRef, + UnsafeSelectedConnectorStrategyRef, + SelectedConnectorStrategyRefNotAllowed, MissingInstructionRefs, MissingRequiredInstructionRef, UnsafeInstructionRef, @@ -4657,9 +4691,21 @@ impl PubPunkPublishReceiptWriteHandoffPacketFindingCode { Self::MissingChannelRef => "missing_channel_ref", Self::UnsafeChannelRef => "unsafe_channel_ref", Self::ChannelRefNotAllowed => "channel_ref_not_allowed", + Self::MissingConnectorProfileResolutionRef => { + "missing_connector_profile_resolution_ref" + } + Self::UnsafeConnectorProfileResolutionRef => "unsafe_connector_profile_resolution_ref", + Self::ConnectorProfileResolutionRefNotAllowed => { + "connector_profile_resolution_ref_not_allowed" + } Self::MissingConnectorProfileRef => "missing_connector_profile_ref", Self::UnsafeConnectorProfileRef => "unsafe_connector_profile_ref", Self::ConnectorProfileRefNotAllowed => "connector_profile_ref_not_allowed", + Self::MissingSelectedConnectorStrategyRef => "missing_selected_connector_strategy_ref", + Self::UnsafeSelectedConnectorStrategyRef => "unsafe_selected_connector_strategy_ref", + Self::SelectedConnectorStrategyRefNotAllowed => { + "selected_connector_strategy_ref_not_allowed" + } Self::MissingInstructionRefs => "missing_instruction_refs", Self::MissingRequiredInstructionRef => "missing_required_instruction_ref", Self::UnsafeInstructionRef => "unsafe_instruction_ref", @@ -4752,7 +4798,9 @@ pub struct PubPunkPublishReceiptWriteHandoffPacketRefs { pub adapter_invocation_receipt_ref: String, pub payload_ref: String, pub channel_ref: String, + pub connector_profile_resolution_ref: String, pub connector_profile_ref: String, + pub selected_connector_strategy_ref: String, pub token_cost_ref: Option, } @@ -5012,6 +5060,14 @@ pub fn assess_pubpunk_publish_receipt_write_handoff_packet( "channel ref is required", "channel ref must be an explicit repo-relative ref", ); + validate_publish_receipt_write_handoff_ref( + &mut findings, + packet.connector_profile_resolution_ref.as_str(), + PubPunkPublishReceiptWriteHandoffPacketFindingCode::MissingConnectorProfileResolutionRef, + PubPunkPublishReceiptWriteHandoffPacketFindingCode::UnsafeConnectorProfileResolutionRef, + "connector profile resolution ref is required", + "connector profile resolution ref must be an explicit repo-relative ref", + ); validate_publish_receipt_write_handoff_ref( &mut findings, packet.connector_profile_ref.as_str(), @@ -5020,6 +5076,14 @@ pub fn assess_pubpunk_publish_receipt_write_handoff_packet( "connector profile ref is required", "connector profile ref must be an explicit repo-relative ref", ); + validate_publish_receipt_write_handoff_ref( + &mut findings, + packet.selected_connector_strategy_ref.as_str(), + PubPunkPublishReceiptWriteHandoffPacketFindingCode::MissingSelectedConnectorStrategyRef, + PubPunkPublishReceiptWriteHandoffPacketFindingCode::UnsafeSelectedConnectorStrategyRef, + "selected connector strategy ref is required", + "selected connector strategy ref must be an explicit repo-relative ref", + ); if packet.instruction_refs.is_empty() { findings.push(PubPunkPublishReceiptWriteHandoffPacketFinding::new( @@ -5080,6 +5144,17 @@ pub fn assess_pubpunk_publish_receipt_write_handoff_packet( "channel ref must be included in allowed source refs", )); } + if !packet.connector_profile_resolution_ref.trim().is_empty() + && !packet + .allowed_source_refs + .contains(&packet.connector_profile_resolution_ref) + { + findings.push(PubPunkPublishReceiptWriteHandoffPacketFinding::for_ref( + PubPunkPublishReceiptWriteHandoffPacketFindingCode::ConnectorProfileResolutionRefNotAllowed, + packet.connector_profile_resolution_ref.clone(), + "connector profile resolution ref must be included in allowed source refs", + )); + } if !packet.connector_profile_ref.trim().is_empty() && !packet .allowed_source_refs @@ -5091,6 +5166,17 @@ pub fn assess_pubpunk_publish_receipt_write_handoff_packet( "connector profile ref must be included in allowed source refs", )); } + if !packet.selected_connector_strategy_ref.trim().is_empty() + && !packet + .allowed_source_refs + .contains(&packet.selected_connector_strategy_ref) + { + findings.push(PubPunkPublishReceiptWriteHandoffPacketFinding::for_ref( + PubPunkPublishReceiptWriteHandoffPacketFindingCode::SelectedConnectorStrategyRefNotAllowed, + packet.selected_connector_strategy_ref.clone(), + "selected connector strategy ref must be included in allowed source refs", + )); + } if !packet.adapter_invocation_receipt_ref.trim().is_empty() && !packet .allowed_source_refs @@ -5139,6 +5225,9 @@ pub fn assess_pubpunk_publish_receipt_write_handoff_packet( for required_field in [ "side_effects", "host_validation", + "connector_profile_resolution", + "connector_profile_ref", + "selected_connector_strategy", "adapter_invocation_receipt", "operation_evidence", "publication_receipt", @@ -5223,7 +5312,9 @@ pub fn assess_pubpunk_publish_receipt_write_handoff_packet( adapter_invocation_receipt_ref: packet.adapter_invocation_receipt_ref.clone(), payload_ref: packet.payload_ref.clone(), channel_ref: packet.channel_ref.clone(), + connector_profile_resolution_ref: packet.connector_profile_resolution_ref.clone(), connector_profile_ref: packet.connector_profile_ref.clone(), + selected_connector_strategy_ref: packet.selected_connector_strategy_ref.clone(), token_cost_ref: packet.token_cost_ref.clone(), }, } @@ -7770,12 +7861,20 @@ mod tests { .with_adapter_invocation_receipt_ref("work/module-receipts/github-discussions-invocation.md") .with_payload_ref("publishing/posts/example.md") .with_channel_ref("publishing/channels/github-discussions.md") + .with_connector_profile_resolution_ref( + "work/module-assessments/pubpunk-connector-profile-resolution.md", + ) .with_connector_profile_ref("publishing/connectors/github-discussions.md") + .with_selected_connector_strategy_ref( + "work/module-assessments/pubpunk-selected-connector-strategy.md", + ) .with_instruction_refs(PUBPUNK_REQUIRED_INSTRUCTION_REFS.to_vec()) .with_allowed_source_refs(vec![ "publishing/posts/example.md", "publishing/channels/github-discussions.md", + "work/module-assessments/pubpunk-connector-profile-resolution.md", "publishing/connectors/github-discussions.md", + "work/module-assessments/pubpunk-selected-connector-strategy.md", "work/module-receipts/github-discussions-invocation.md", "work/module-receipt-bytes/pubpunk-publish-example.json", ]) @@ -7783,6 +7882,9 @@ mod tests { .with_expected_receipt_fields(vec![ "side_effects", "host_validation", + "connector_profile_resolution", + "connector_profile_ref", + "selected_connector_strategy", "adapter_invocation_receipt", "operation_evidence", "publication_receipt", @@ -8763,6 +8865,18 @@ mod tests { assessment.refs.receipt_bytes_ref, "work/module-receipt-bytes/pubpunk-publish-example.json" ); + assert_eq!( + assessment.refs.connector_profile_resolution_ref, + "work/module-assessments/pubpunk-connector-profile-resolution.md" + ); + assert_eq!( + assessment.refs.connector_profile_ref, + "publishing/connectors/github-discussions.md" + ); + assert_eq!( + assessment.refs.selected_connector_strategy_ref, + "work/module-assessments/pubpunk-selected-connector-strategy.md" + ); assert_eq!( assessment.refs.token_cost_ref.as_deref(), Some("work/reports/pubpunk-publish-receipt-write-handoff-token-cost.md") @@ -8780,6 +8894,22 @@ mod tests { handoff_refs.receipt_bytes_ref, "work/module-receipt-bytes/pubpunk-publish-example.json" ); + assert_eq!( + handoff_refs.channel_ref, + "publishing/channels/github-discussions.md" + ); + assert_eq!( + handoff_refs.connector_profile_resolution_ref, + "work/module-assessments/pubpunk-connector-profile-resolution.md" + ); + assert_eq!( + handoff_refs.connector_profile_ref, + "publishing/connectors/github-discussions.md" + ); + assert_eq!( + handoff_refs.selected_connector_strategy_ref, + "work/module-assessments/pubpunk-selected-connector-strategy.md" + ); assert_eq!(handoff_refs.payload_ref, "publishing/posts/example.md"); } @@ -8802,6 +8932,9 @@ mod tests { assert!(assessment.findings.iter().any(|finding| finding.code == PubPunkPublishReceiptWriteHandoffPacketFindingCode::MissingRequiredExpectedReceiptField && finding.ref_value.as_deref() == Some("receipt_bytes"))); + assert!(assessment.findings.iter().any(|finding| finding.code + == PubPunkPublishReceiptWriteHandoffPacketFindingCode::MissingRequiredExpectedReceiptField + && finding.ref_value.as_deref() == Some("connector_profile_resolution"))); assert!(assessment.findings.iter().any(|finding| finding.code == PubPunkPublishReceiptWriteHandoffPacketFindingCode::MissingRequiredExpectedReceiptField && finding.ref_value.as_deref() == Some("receipt_write_result"))); @@ -8813,7 +8946,13 @@ mod tests { let packet = valid_publish_receipt_write_handoff_packet() .with_allowed_source_refs(vec!["publishing/posts/other.md"]) .with_channel_ref("publishing/channels/not-allowed.md") + .with_connector_profile_resolution_ref( + "work/module-assessments/pubpunk-connector-profile-resolution-not-allowed.md", + ) .with_connector_profile_ref("publishing/connectors/not-allowed.md") + .with_selected_connector_strategy_ref( + "work/module-assessments/pubpunk-selected-connector-strategy-not-allowed.md", + ) .with_adapter_invocation_receipt_ref("work/module-receipts/not-allowed-invocation.md") .with_receipt_bytes_ref("work/module-receipt-bytes/not-allowed.json"); @@ -8824,8 +8963,12 @@ mod tests { == PubPunkPublishReceiptWriteHandoffPacketFindingCode::PayloadRefNotAllowed)); assert!(assessment.findings.iter().any(|finding| finding.code == PubPunkPublishReceiptWriteHandoffPacketFindingCode::ChannelRefNotAllowed)); + assert!(assessment.findings.iter().any(|finding| finding.code + == PubPunkPublishReceiptWriteHandoffPacketFindingCode::ConnectorProfileResolutionRefNotAllowed)); assert!(assessment.findings.iter().any(|finding| finding.code == PubPunkPublishReceiptWriteHandoffPacketFindingCode::ConnectorProfileRefNotAllowed)); + assert!(assessment.findings.iter().any(|finding| finding.code + == PubPunkPublishReceiptWriteHandoffPacketFindingCode::SelectedConnectorStrategyRefNotAllowed)); assert!(assessment.findings.iter().any(|finding| finding.code == PubPunkPublishReceiptWriteHandoffPacketFindingCode::AdapterInvocationReceiptRefNotAllowed)); assert!(assessment.findings.iter().any(|finding| finding.code @@ -8860,7 +9003,13 @@ mod tests { .with_operation_evidence_ref("../.punk/runs/evidence.md") .with_payload_ref("../publishing/posts/example.md") .with_channel_ref("/tmp/channel.md") + .with_connector_profile_resolution_ref( + "../work/module-assessments/pubpunk-connector-profile-resolution.md", + ) .with_connector_profile_ref("https://example.com/connector") + .with_selected_connector_strategy_ref( + "../work/module-assessments/pubpunk-selected-connector-strategy.md", + ) .with_allowed_source_refs(vec!["../publishing/posts/example.md"]) .with_privacy_policy(PubPunkPrivacyPolicy { raw_external_payloads: true, @@ -8914,8 +9063,16 @@ mod tests { == PubPunkPublishReceiptWriteHandoffPacketFindingCode::UnsafePayloadRef)); assert!(assessment.findings.iter().any(|finding| finding.code == PubPunkPublishReceiptWriteHandoffPacketFindingCode::UnsafeChannelRef)); + assert!(assessment.findings.iter().any(|finding| { + finding.code + == PubPunkPublishReceiptWriteHandoffPacketFindingCode::UnsafeConnectorProfileResolutionRef + })); assert!(assessment.findings.iter().any(|finding| finding.code == PubPunkPublishReceiptWriteHandoffPacketFindingCode::UnsafeConnectorProfileRef)); + assert!(assessment.findings.iter().any(|finding| { + finding.code + == PubPunkPublishReceiptWriteHandoffPacketFindingCode::UnsafeSelectedConnectorStrategyRef + })); assert!(assessment.findings.iter().any(|finding| finding.code == PubPunkPublishReceiptWriteHandoffPacketFindingCode::UnsafePrivacyPolicy)); assert!(assessment.findings.iter().any(|finding| finding.code diff --git a/docs/modules/pubpunk-workspace-instructions.md b/docs/modules/pubpunk-workspace-instructions.md index 486b9be..2d6e19f 100644 --- a/docs/modules/pubpunk-workspace-instructions.md +++ b/docs/modules/pubpunk-workspace-instructions.md @@ -131,21 +131,22 @@ Host runtime. The current publish receipt preflight packet can then carry explicit receipt target, storage, operation-evidence, idempotency, rollback, error, adapter -invocation receipt, connector profile, channel, and payload refs into the -existing Module Host side-effect receipt writer preflight model. This remains a -preflight chain only. It does not write receipts, persist operation evidence, -publish, invoke adapters, run policy engines, invoke gate, read draft bodies, -collect metrics, or activate PubPunk or Module Host runtime. +invocation receipt, connector profile resolution, connector profile, selected +connector strategy, channel, and payload refs into the existing Module Host +side-effect receipt writer preflight model. This remains a preflight chain +only. It does not write receipts, persist operation evidence, publish, invoke +adapters, run policy engines, invoke gate, read draft bodies, collect metrics, +or activate PubPunk or Module Host runtime. The current publish receipt write handoff packet can then carry explicit preflight, receipt writer, target-path, receipt-bytes, operation-evidence, -adapter invocation receipt, connector profile, channel, and payload refs into -the existing Module Host first active local receipt writer. PubPunk still does -not read files or write receipts itself. The smoke evidence writes exact -caller-provided bytes only to an explicit temporary `.punk/runs` target through -the already-existing host writer, and does not invoke adapters, publish, mutate -event logs, persist operation evidence, write gate/proof authority, or claim -acceptance. +adapter invocation receipt, connector profile resolution, connector profile, +selected connector strategy, channel, and payload refs into the existing Module +Host first active local receipt writer. PubPunk still does not read files or +write receipts itself. The smoke evidence writes exact caller-provided bytes +only to an explicit temporary `.punk/runs` target through the already-existing +host writer, and does not invoke adapters, publish, mutate event logs, persist +operation evidence, write gate/proof authority, or claim acceptance. The current publish operation evidence handoff packet can then carry explicit publish receipt write handoff, receipt writer result, operation-evidence target @@ -411,10 +412,12 @@ For the current code slice, the publish receipt write handoff packet blocks: path/storage policy, or operation-evidence persistence refs; - missing receipt target, storage, target path, receipt bytes, operation-evidence, idempotency, rollback, error, adapter invocation receipt, - payload, channel, or connector profile refs; + payload, channel, connector profile resolution, connector profile, or + selected connector strategy refs; - receipt target path refs outside `.punk/runs`; -- payload, channel, connector profile, adapter invocation receipt, or receipt - bytes refs not present in the allowed source refs; +- payload, channel, connector profile resolution, connector profile, selected + connector strategy, adapter invocation receipt, or receipt bytes refs not + present in the allowed source refs; - missing required instruction refs; - unsafe instruction, allowed-source, workspace, packet, path, or token-cost refs; @@ -424,9 +427,10 @@ For the current code slice, the publish receipt write handoff packet blocks: or acceptance claims; - raw post bodies or privacy policy that allows raw/private payloads; - missing expected receipt fields, especially `side_effects`, - `host_validation`, `adapter_invocation_receipt`, `operation_evidence`, - `publication_receipt`, `receipt_bytes`, `receipt_target_path`, and - `receipt_write_result`. + `host_validation`, `connector_profile_resolution`, + `connector_profile_ref`, `selected_connector_strategy`, + `adapter_invocation_receipt`, `operation_evidence`, `publication_receipt`, + `receipt_bytes`, `receipt_target_path`, and `receipt_write_result`. These checks are advisory readiness checks only. They prepare refs for the existing Module Host first active local receipt writer. PubPunk does not read diff --git a/docs/modules/pubpunk.md b/docs/modules/pubpunk.md index a944c75..44a94b7 100644 --- a/docs/modules/pubpunk.md +++ b/docs/modules/pubpunk.md @@ -71,9 +71,10 @@ and expected-receipt refs before it can project host receipt-writer preflight refs. The publish receipt write handoff packet requires explicit preflight, receipt writer model, target path, receipt bytes, operation-evidence, adapter -invocation receipt, connector profile, channel, payload, and expected-receipt -refs before it can project handoff refs for the existing Module Host first -active local receipt writer. The publish operation evidence handoff packet +invocation receipt, connector profile resolution, connector profile, selected +connector strategy, channel, payload, and expected-receipt refs before it can +project handoff refs for the existing Module Host first active local receipt +writer. The publish operation evidence handoff packet requires explicit receipt write handoff, receipt writer result, receipt storage, receipt target, receipt path, receipt bytes, operation-evidence target path, operation-evidence bytes, operation-evidence write result, idempotency, @@ -117,13 +118,14 @@ or activate runtime behavior. The current smoke evidence also proves the first publish receipt write handoff: a ready PubPunk packet projects explicit preflight, receipt writer, target path, -receipt bytes, operation-evidence, adapter invocation receipt, connector, -channel, and payload refs into the existing Module Host first active local -receipt writer. The writer writes exact caller-provided bytes only to an -explicit temporary `.punk/runs` target. This evidence does not invoke adapters, -publish, run policy engines, invoke gate, mutate event logs, persist operation -evidence, write proofpacks, claim acceptance, or activate PubPunk or Module Host -runtime behavior. +receipt bytes, operation-evidence, adapter invocation receipt, connector +profile resolution, connector profile, selected connector strategy, channel, +and payload refs into the existing Module Host first active local receipt +writer. The writer writes exact caller-provided bytes only to an explicit +temporary `.punk/runs` target. This evidence does not invoke adapters, publish, +run policy engines, invoke gate, mutate event logs, persist operation evidence, +write proofpacks, claim acceptance, or activate PubPunk or Module Host runtime +behavior. The current smoke evidence also proves the first publish operation evidence handoff: a ready PubPunk packet projects explicit receipt writer result, @@ -424,15 +426,20 @@ It must provide: - adapter invocation receipt ref; - payload ref; - channel ref; +- connector profile resolution ref; - connector profile ref; -- allowed source refs covering payload, channel, connector profile, adapter - invocation receipt, and receipt bytes refs; +- selected connector strategy ref; +- allowed source refs covering payload, channel, connector profile resolution, + connector profile, selected connector strategy, adapter invocation receipt, + and receipt bytes refs; - instruction refs; - `request_publication_receipt_write` capability; - metadata-only privacy policy; - expected receipt fields including `side_effects`, `host_validation`, - `adapter_invocation_receipt`, `operation_evidence`, `publication_receipt`, - `receipt_bytes`, `receipt_target_path`, and `receipt_write_result`; + `connector_profile_resolution`, `connector_profile_ref`, + `selected_connector_strategy`, `adapter_invocation_receipt`, + `operation_evidence`, `publication_receipt`, `receipt_bytes`, + `receipt_target_path`, and `receipt_write_result`; - optional token-cost ref. When ready, the packet can project only @@ -440,9 +447,11 @@ When ready, the packet can project only active local side-effect receipt writer. The PubPunk packet does not write a receipt, read receipt bytes, persist operation evidence, invoke an adapter, publish externally, call a policy engine, invoke gate, read draft bodies, -collect metrics, or activate PubPunk or Module Host runtime behavior. The -current smoke case uses the projected refs to call the already-existing Module -Host writer against an explicit temporary `.punk/runs` target only. +collect metrics, or activate PubPunk or Module Host runtime behavior. Direct +adapter, channel, payload, or connector profile refs are not enough to bypass +connector profile resolution. The current smoke case uses the projected refs to +call the already-existing Module Host writer against an explicit temporary +`.punk/runs` target only. ## Current publish operation evidence handoff packet diff --git a/docs/product/CRATE-STATUS.md b/docs/product/CRATE-STATUS.md index 74d1792..78c84a1 100644 --- a/docs/product/CRATE-STATUS.md +++ b/docs/product/CRATE-STATUS.md @@ -50,7 +50,7 @@ superseded_by: null | `punk-module-host` | incubating | pure module invocation envelope, receipt proposal, side-effect request proposal, policy gate preflight, side-effect receipt writer preflight, side-effect receipt writer active behavior, side-effect receipt writer file IO plan, target/storage policy readiness, host path observation, concrete path/storage policy readiness, operation-evidence persistence readiness models, and first active local side-effect receipt write slice | | `punk-adapters` | parked | provider/tool wrappers | | `punk-mod-dev` | parked | software-development module | -| `punk-mod-pubpunk` | incubating | content/publishing reader, input packet, channel connector profile resolution packet, publish request packet with resolved connector refs, publish receipt preflight packet with resolved connector refs, publish receipt write handoff packet, publish operation evidence handoff packet, publish receipt/evidence event handoff packet, and assessment models | +| `punk-mod-pubpunk` | incubating | content/publishing reader, input packet, channel connector profile resolution packet, publish request packet with resolved connector refs, publish receipt preflight packet with resolved connector refs, publish receipt write handoff packet with resolved connector refs, publish operation evidence handoff packet, publish receipt/evidence event handoff packet, and assessment models | ## Current implemented subset boundary @@ -65,13 +65,13 @@ Current implemented behavior remains narrower: - `punk-rules` is still a minimal skeleton crate. - `punk-project` provides greenfield and brownfield Level 0 compact manual project-memory init scaffolds that require a slug-safe `project_id`, preflight the full scaffold before writes, write `.punk/README.md`, `.punk/project.toml`, repo-tracked `.punk/memory/` files, and thin source instruction entrypoints under `.punk/instructions/` with create-new/no-overwrite behavior, report conflicts fail-closed without creating planned missing artifacts, and render normal human output with `target_root: .` instead of an absolute host path. Greenfield records `entry_mode = greenfield` and writes the initial setup goal plus reports, adr, and knowledge starter directories. Brownfield records `entry_mode = brownfield`, `reconstruction_status = not_started`, and `authority = advisory_candidates_only`, then writes only an empty advisory `.punk/memory/reconstruction/` workspace plus the brownfield baseline goal. The crate also provides a deterministic advisory instruction page-index model for source instruction refs; `.punk/views/instructions/page-index.json` is a future rebuildable view path and is not written by init. It also provides a local-only publishing workspace resolver model for `.punk/publishing.toml` plus `.punk/publishing.local.toml`; it validates the logical `punk-publishing://` workspace ref, rejects committed host workspace roots, resolves only local absolute or home-relative pointer paths, reports blockers fail-closed, and does not create files, publish, open browsers, call APIs, read credentials, activate adapters, or make external surfaces truth. The crate also provides a side-effect-free Brownfield Source Corpus Manifest model with advisory `observed_structure` authority, repo-relative path validation, no-content defaults, deferred hash/size policy, source/caution classes, and explicit no-scan/no-writer/no-claim capabilities, plus a side-effect-free Source Corpus Manifest writer preflight model that represents target, path escape, symlink ancestor, conflict, manifest authority, content, absolute-path, claim-field, runtime-storage, and operation-evidence checks from explicit caller-provided inputs. It now includes the first narrow Source Corpus Manifest writer slice: it renders deterministic canonical bytes from an already-constructed `SourceCorpusManifest`, requires a matching successful preflight result, writes one explicit safe target under `.punk/memory/reconstruction/` through a same-directory temporary file plus no-overwrite link, treats preflight-identical existing targets as idempotent only after rechecking target bytes against the canonical render, blocks conflicts, and returns in-memory non-authoritative operation evidence. It does not implement source inventory generation, repo scanning, file walking, manifest generation from repository state, source file content reads, source filesystem hash computation, AI summaries, claim extraction, generated instruction view writing, project-truth authority, persisted operation evidence, runtime storage, publishing execution, browser/API/credential behavior, CLI behavior beyond the bounded `publishing locate` renderer, gate/proof runtime, Punk `Writer` behavior, or authority promotion. Neither init mode creates root-level `work/`, `knowledge/`, `docs/adr/`, `publishing/`, grayfield reconciliation, repo scanning, code summaries, contracts/specs, network behavior, `.punk/runtime`, `.punk/events`, `.punk/contracts`, `.punk/runs`, `.punk/evals`, `.punk/decisions`, `.punk/proofs`, `.punk/views`, flow persistence, contracts, run receipts, gate artifacts, proofpacks, or acceptance claims. - `punk-module-host` provides incubating Module Host library models: a pure invocation envelope preflight, advisory module assessment wrapper, local-only module assessment receipt proposal model, local-only side-effect request proposal model, local-only policy gate preflight model, local-only side-effect receipt writer preflight model, local-only side-effect receipt writer active behavior model, local-only side-effect receipt writer file IO plan model, local-only side-effect receipt writer target/storage policy readiness model, local-only side-effect receipt writer host path observation model, local-only side-effect receipt writer concrete path/storage policy readiness model, local-only side-effect receipt writer operation-evidence persistence readiness model, a first active local side-effect receipt write slice, and a first active local operation-evidence write slice for receipt-writer results. It requires module, contract, run, project, operation, input refs, and expected receipt fields; keeps capabilities denied except pure assessment of provided input; blocks raw/private payload policy, unsafe input refs, unsupported capabilities, non-advisory module output, missing assessment refs, output side-effect flags, blocked assessment envelopes, mismatched envelope refs, unknown expected receipt fields, blocked or mismatched receipt proposals, missing side-effect receipt coverage, unsafe side-effect request refs, missing side-effect policy/receipt/adapter/payload refs, side-effect request proposals that report performed side effects, blocked side-effect request proposals, missing policy gate preflight refs, mismatched policy/receipt/payload refs, missing side-effect request precondition coverage, policy gate preflight drafts that report performed side effects, blocked policy gate preflight inputs, missing or unsafe receipt writer refs, mismatched policy-gate/receipt-target/adapter/payload refs, missing policy gate precondition coverage, receipt writer preflight drafts that report side effects, blocked receipt writer preflight inputs, missing receipt writer preflight coverage before active behavior modeling, blocked or non-planned active behavior before file IO planning, missing receipt write selection, missing or unsafe target path refs, missing file IO failure visibility, missing target/storage policy refs, unsafe policy refs, missing storage/target/path/idempotency/temp/operation-evidence policies, missing target/storage boundary notes, blocked target/storage policy before host path observation, missing/unsafe host path refs, unredacted sensitive host path observations, ambiguous host path observations, parent/symlink/canonicalization/traversal/storage-root-escape blockers, missing host path observation boundary notes, blocked target/storage policy or host path observation before concrete path/storage policy readiness, mismatched concrete policy refs, unselected policy refs, unavailable or unsafe concrete host path refs, unredacted sensitive host path refs, host path observations that imply receipt availability, missing concrete path/storage boundary notes, blocked concrete path/storage policy before operation-evidence persistence readiness, missing or unsafe operation-evidence/idempotency/rollback/error refs, missing operation-evidence persistence policy, non-separated operation-evidence refs, concrete path policies that imply receipt availability, missing operation-evidence persistence boundary notes, unsuccessful receipt-writer results before operation-evidence writes, operation-evidence target mismatches, and unsafe operation-evidence write targets. The pre-write models expose boundary flags proving no public CLI, plugin loading, module invocation, filesystem IO, host path resolution or canonicalization, receipt creation or writing, operation evidence persistence, event-log mutation, policy engine invocation, gate invocation, external API/browser behavior, credential read, adapter invocation, external publishing/comment/PR behavior, gate decision writing, proofpack writing, or acceptance claim creation. The receipt proposal model only parses and reports future receipt field coverage for already-wrapped advisory output. The side-effect request proposal model only reports preconditions for future external actions. The policy gate preflight model only reports future policy evidence readiness and does not approve work. The side-effect receipt writer preflight model only reports future local receipt writer readiness and does not write receipts. The side-effect receipt writer active behavior model only reports future receipt writer outcomes and does not write receipts or persist operation evidence. The side-effect receipt writer file IO plan model only reports future storage refs, receipt target refs, target path refs, write/idempotency/temp policies, rollback/error visibility, and operation-evidence persistence visibility without touching the filesystem. The target/storage policy model only reports future storage root, receipt target, target path, policy refs, failure visibility, and fail-closed blockers without resolving host paths or touching the filesystem. The host path observation model only reports future redacted host path observations, host path kind, redaction state, parent/symlink/canonicalization/traversal/storage-root-escape blockers, and fail-closed diagnostics without resolving or canonicalizing host paths or touching the filesystem. The concrete path/storage policy model only composes ready target/storage policy evidence with ready host path observation evidence, selected policy refs, separated refs, redaction state, and fail-closed blockers before any local receipt write can be considered; it does not resolve or canonicalize host paths, touch the filesystem, write receipts, persist operation evidence, invoke policy engines, invoke gate, invoke adapters, publish, comment, or create pull requests. The operation-evidence persistence model only reports future persistence readiness for explicit operation-evidence, idempotency, rollback, and error refs plus a selected persistence policy; it does not persist operation evidence, write receipts, mutate event logs, invoke adapters, publish, comment, or create pull requests. The first active receipt write slice writes exact caller-provided side-effect receipt bytes only to an explicit `.punk/runs` target under an explicit storage root, uses create-new/no-overwrite behavior, reports idempotent matching and conflicting existing targets, and returns in-memory non-authoritative operation evidence; it does not create parent directories, persist operation evidence, mutate event logs, invoke adapters, invoke policy engines, invoke gate, call APIs, read credentials, publish, comment, create pull requests, write gate decisions, write proofpacks, or claim acceptance. The first active operation-evidence write slice consumes a successful receipt-writer result and writes exact caller-provided operation-evidence bytes only to an explicit `.punk/runs` target under an explicit storage root, uses create-new/no-overwrite behavior, reports idempotent matching and conflicting existing targets, and records non-authoritative operation evidence; it does not create parent directories, mutate event logs, invoke adapters, invoke policy engines, invoke gate, call APIs, read credentials, publish, comment, create pull requests, write gate decisions, write proofpacks, or claim acceptance. It does not implement Module Host runtime, plugin loading, module execution, module manifests, dynamic dispatch, Wasm/Extism runtime, module installation, public CLI, adapter invocation, external side effects, project-truth authority, or gate/proof authority. -- `punk-mod-pubpunk` provides the first incubating PubPunk library models: a side-effect-free inventory reader model, a side-effect-free inventory input packet, a side-effect-free inventory assessment from explicit caller-provided publishing metadata, a side-effect-free publish request packet with resolved connector refs, a side-effect-free publish receipt preflight packet with resolved connector refs, a side-effect-free publish receipt write handoff packet, a side-effect-free publish operation evidence handoff packet, and a side-effect-free publish receipt/evidence event handoff packet. The reader model requires canonical `pubpunk` identity, `split_explicit_refs` workspace policy, a safe publishing workspace ref, required instruction refs, allowed source refs, `read_workspace_metadata` capability, expected receipt fields, safe optional token-cost refs, metadata-only privacy policy, and observed item refs that stay inside the allowed source set before building the input packet; it also allows an empty observed inventory for new projects. The input packet requires canonical `pubpunk` identity, `split_explicit_refs` workspace policy, explicit workspace refs, required instruction refs, allowed source refs, `assess_provided_inventory` capability, expected receipt fields, safe optional token-cost refs, metadata-only privacy policy, and item refs that stay inside the allowed source set before converting to the assessment input. The assessment counts candidate post/draft refs and publication receipt gaps, records advisory findings, requires expected receipt fields, blocks unsupported capability grants, unsafe/private/raw payload policy, raw body inputs, and unsafe source refs, and exposes boundary flags proving no public CLI, filesystem IO, publication receipt writing, external API/browser behavior, credential read, adapter invocation, gate decision writing, proofpack writing, or acceptance claim creation. The publish request packet requires explicit inventory assessment, candidate, channel, connector profile resolution, connector profile, selected connector strategy, side-effect request, intent, policy, adapter, payload, receipt proposal, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting side-effect request refs for existing Module Host side-effect request and policy-gate preflight models. The publish receipt preflight packet requires explicit publish request, receipt writer preflight, policy gate preflight, receipt target, storage, operation-evidence, idempotency, rollback, error, adapter invocation receipt, payload, channel, connector profile resolution, connector profile, selected connector strategy, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting receipt-writer preflight refs for the existing Module Host side-effect receipt writer preflight model. The publish receipt write handoff packet requires explicit publish receipt preflight, receipt writer preflight, active-behavior, file-IO plan, target/storage policy, host-path observation, concrete path/storage policy, operation-evidence persistence, receipt target, storage, target path, receipt bytes, operation-evidence, idempotency, rollback, error, adapter invocation receipt, payload, channel, connector profile, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting handoff refs for the existing Module Host first active local receipt writer. The publish operation evidence handoff packet requires explicit publish receipt write handoff, receipt writer result, receipt storage, receipt target, receipt target path, receipt bytes, operation-evidence target path, operation-evidence bytes, operation-evidence write result, idempotency, rollback, error, adapter invocation receipt, payload, channel, connector profile, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting handoff refs for the existing Module Host operation-evidence writer. The publish receipt/evidence event handoff packet requires explicit publish operation evidence handoff, receipt writer result, operation evidence write result, receipt, operation evidence, event log, event source, event correlation, adapter invocation receipt, payload, channel, connector profile, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting handoff refs for the existing local receipt/evidence event writer. `punk-eval` now contains smoke evidence that the reader can build a packet from explicit observed refs, that the packet, inventory assessment, Module Host preflight, advisory envelope, and receipt proposal can chain without invoking a module or activating runtime behavior, that the publish request packet consumes resolved connector refs before chaining into existing host side-effect request and policy-gate preflight models without publishing or invoking adapters, that the publish receipt preflight packet consumes resolved connector refs before chaining into the existing host side-effect receipt writer preflight model without writing receipts, publishing, or invoking adapters, that the publish receipt write handoff packet can chain into the existing host first active local receipt writer for exact-byte writes only to an explicit temporary `.punk/runs` target, that the publish operation evidence handoff packet can chain into the existing host operation-evidence writer for exact-byte writes only to an explicit temporary `.punk/runs` target after a successful receipt write, and that the publish receipt/evidence event handoff packet can chain into the existing local receipt/evidence event writer for one bounded event append only to an explicit temporary `.punk/events/flow.jsonl` log without creating `.punk/runs` artifacts. The crate does not implement PubPunk runtime, Module Host runtime, publishing workspace scanning, file reads, draft generation, publication planning, PubPunk-owned receipt writing, PubPunk-owned operation-evidence writing, PubPunk-owned event-log writing, external publishing, metrics collection, token collection, adapters, bots, issue/PR automation, CLI behavior, runtime storage, project-truth authority, or gate/proof authority. +- `punk-mod-pubpunk` provides the first incubating PubPunk library models: a side-effect-free inventory reader model, a side-effect-free inventory input packet, a side-effect-free inventory assessment from explicit caller-provided publishing metadata, a side-effect-free publish request packet with resolved connector refs, a side-effect-free publish receipt preflight packet with resolved connector refs, a side-effect-free publish receipt write handoff packet with resolved connector refs, a side-effect-free publish operation evidence handoff packet, and a side-effect-free publish receipt/evidence event handoff packet. The reader model requires canonical `pubpunk` identity, `split_explicit_refs` workspace policy, a safe publishing workspace ref, required instruction refs, allowed source refs, `read_workspace_metadata` capability, expected receipt fields, safe optional token-cost refs, metadata-only privacy policy, and observed item refs that stay inside the allowed source set before building the input packet; it also allows an empty observed inventory for new projects. The input packet requires canonical `pubpunk` identity, `split_explicit_refs` workspace policy, explicit workspace refs, required instruction refs, allowed source refs, `assess_provided_inventory` capability, expected receipt fields, safe optional token-cost refs, metadata-only privacy policy, and item refs that stay inside the allowed source set before converting to the assessment input. The assessment counts candidate post/draft refs and publication receipt gaps, records advisory findings, requires expected receipt fields, blocks unsupported capability grants, unsafe/private/raw payload policy, raw body inputs, and unsafe source refs, and exposes boundary flags proving no public CLI, filesystem IO, publication receipt writing, external API/browser behavior, credential read, adapter invocation, gate decision writing, proofpack writing, or acceptance claim creation. The publish request packet requires explicit inventory assessment, candidate, channel, connector profile resolution, connector profile, selected connector strategy, side-effect request, intent, policy, adapter, payload, receipt proposal, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting side-effect request refs for existing Module Host side-effect request and policy-gate preflight models. The publish receipt preflight packet requires explicit publish request, receipt writer preflight, policy gate preflight, receipt target, storage, operation-evidence, idempotency, rollback, error, adapter invocation receipt, payload, channel, connector profile resolution, connector profile, selected connector strategy, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting receipt-writer preflight refs for the existing Module Host side-effect receipt writer preflight model. The publish receipt write handoff packet requires explicit publish receipt preflight, receipt writer preflight, active-behavior, file-IO plan, target/storage policy, host-path observation, concrete path/storage policy, operation-evidence persistence, receipt target, storage, target path, receipt bytes, operation-evidence, idempotency, rollback, error, adapter invocation receipt, payload, channel, connector profile resolution, connector profile, selected connector strategy, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting handoff refs for the existing Module Host first active local receipt writer. The publish operation evidence handoff packet requires explicit publish receipt write handoff, receipt writer result, receipt storage, receipt target, receipt target path, receipt bytes, operation-evidence target path, operation-evidence bytes, operation-evidence write result, idempotency, rollback, error, adapter invocation receipt, payload, channel, connector profile, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting handoff refs for the existing Module Host operation-evidence writer. The publish receipt/evidence event handoff packet requires explicit publish operation evidence handoff, receipt writer result, operation evidence write result, receipt, operation evidence, event log, event source, event correlation, adapter invocation receipt, payload, channel, connector profile, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs before projecting handoff refs for the existing local receipt/evidence event writer. `punk-eval` now contains smoke evidence that the reader can build a packet from explicit observed refs, that the packet, inventory assessment, Module Host preflight, advisory envelope, and receipt proposal can chain without invoking a module or activating runtime behavior, that the publish request packet consumes resolved connector refs before chaining into existing host side-effect request and policy-gate preflight models without publishing or invoking adapters, that the publish receipt preflight packet consumes resolved connector refs before chaining into the existing host side-effect receipt writer preflight model without writing receipts, publishing, or invoking adapters, that the publish receipt write handoff packet consumes resolved connector refs before chaining into the existing host first active local receipt writer for exact-byte writes only to an explicit temporary `.punk/runs` target, that the publish operation evidence handoff packet can chain into the existing host operation-evidence writer for exact-byte writes only to an explicit temporary `.punk/runs` target after a successful receipt write, and that the publish receipt/evidence event handoff packet can chain into the existing local receipt/evidence event writer for one bounded event append only to an explicit temporary `.punk/events/flow.jsonl` log without creating `.punk/runs` artifacts. The crate does not implement PubPunk runtime, Module Host runtime, publishing workspace scanning, file reads, draft generation, publication planning, PubPunk-owned receipt writing, PubPunk-owned operation-evidence writing, PubPunk-owned event-log writing, external publishing, metrics collection, token collection, adapters, bots, issue/PR automation, CLI behavior, runtime storage, project-truth authority, or gate/proof authority. - `punk-mod-pubpunk` also provides a side-effect-free channel connector profile resolution packet. It requires explicit inventory assessment, candidate, channel, connector profile, API availability, browser automation policy, manual handoff, credential signal, payload, allowed-source, instruction, expected-receipt, privacy, and optional token-cost refs plus the narrow `resolve_connector_profile` grant. It selects API first when available, falls back to browser automation only when API is unavailable and explicit browser policy allows it, and falls back to manual handoff when automated paths are unavailable but manual fallback is allowed. It projects only resolved connector refs and does not call APIs, open browsers, read credentials, invoke adapters, publish, collect metrics, write receipts, or activate PubPunk or Module Host runtime behavior. `punk-eval` includes smoke evidence for this API/browser/manual selection path. - `punk-events` provides an append-only event-log kernel, deterministic JSONL behavior, a narrow local flow-event writer slice, and a local receipt/evidence handoff helper for Runtime Automation Spine work. The active writer appends caller-provided flow event drafts to `.punk/events/flow.jsonl` only under an explicit absolute project root with a `.punk/project.toml` marker, creates `.punk/events/` when needed, preserves monotonic local sequences across existing log lines, rejects unsafe artifact refs and event path conflicts fail-closed, and writes event evidence only. The receipt/evidence handoff helper appends a `receipt_evidence_handoff` event with safe distinct receipt and operation-evidence refs, but does not write receipt or operation-evidence artifacts. It does not provide CLI transition behavior, persisted flow state, event replay, raw transcript storage, run receipts, gate decisions, proofpacks, acceptance claims, external side effects, provider adapters, publishing, GitHub API behavior, or bot behavior. - `punk-flow` provides state-machine and guard evidence kernels, but no persisted runtime flow state. - `punk-contract` provides a side-effect-free contract lifecycle kernel, side-effect-free Contract Context Pack boundary model/validation helpers, a side-effect-free user intent-to-contract draft model that classifies raw request, intent, scope, acceptance criteria, evidence plan, research refs, downstream closure expectations, clarification/refusal, and readiness for user confirmation before execution, a side-effect-free Contract Schema Blueprint v0.1 model that preserves identity, authority, lifecycle, work, boundaries, clauses, validation, evidence, receipt requirements, gate policy, proof requirements, change control, memory links, and the `required_now`/`deferred`/`parked`/`future` field split, a side-effect-free contract draft confirmation boundary that requires explicit user confirmation before producing approved-for-run model state from a ready draft while blocking clarification-required, refused/deferred, blocked, or unresolved-unknown drafts, a side-effect-free hard-clause mapping model that requires hard clauses to map to validator refs, required receipt fields, proof requirement refs, or explicit human gate review with reason before approved-for-run model state while unsupported or invalid hard clauses block approval, a side-effect-free contract receipt requirements model that connects hard-clause required receipt fields to declared future run receipt fields and blocks approved-for-run model state when required fields are missing or unsupported, a side-effect-free contract gate input policy model that declares future gate inputs and separates `approved_for_run` from `ready_for_gate` without requiring an existing proofpack, and a side-effect-free contract proof requirements model that declares future proofpack links and hashes after gate outcome without creating proofpacks, computing artifact hashes, writing gate outcomes, or creating acceptance claims. It has no `.punk/contracts` storage, `.punk/runs` storage, `.punk/decisions` storage, `.punk/proofs` storage, runtime contract writer, runtime receipt writer, runtime gate writer, runtime proofpack writer, artifact hash computation from filesystem, context-pack writer, retrieval integration, executor brief generator, CLI behavior, Writer activation, runtime validator execution, gate decision writer, proofpack writer, acceptance claim writer, or gate/proof authority. - `punk-domain` provides run receipt and validation evidence data models, but no `.punk/runs` writer. -- `punk-eval` provides the local smoke eval harness, including opt-in JSON output, local event writer `.punk/events/flow.jsonl` smoke coverage under an explicit temporary project root, local receipt/evidence event handoff coverage that appends safe refs without writing `.punk/runs` artifacts, deterministic advisory instruction page-index model coverage, local-only publishing workspace resolver coverage, PubPunk inventory reader coverage, PubPunk inventory input packet coverage, PubPunk inventory assessment model coverage, PubPunk host handoff chain coverage from input packet through Module Host preflight, advisory envelope, and receipt proposal, PubPunk publish request packet coverage from resolved connector refs plus explicit candidate/channel/policy/adapter/payload/receipt refs through Module Host side-effect request proposal and policy-gate preflight models, PubPunk publish receipt preflight packet coverage from resolved connector refs plus explicit receipt target/storage/operation-evidence/idempotency/rollback/error/adapter-invocation-receipt/channel/payload refs through Module Host side-effect receipt writer preflight, PubPunk publish receipt write handoff coverage from explicit preflight/policy/target-path/receipt-bytes/evidence refs through the existing Module Host first active local receipt writer under an explicit temporary `.punk/runs` target, PubPunk publish operation evidence handoff coverage from explicit receipt-writer-result/operation-evidence-target/operation-evidence-bytes refs through the existing Module Host operation-evidence writer under an explicit temporary `.punk/runs` target after a successful receipt write, module-host invocation envelope coverage, module-host receipt proposal coverage, module-host side-effect request proposal coverage, module-host policy gate preflight coverage, module-host side-effect receipt writer preflight coverage, module-host side-effect receipt writer active behavior coverage, module-host side-effect receipt writer file IO plan coverage, module-host side-effect receipt writer target/storage policy coverage, module-host side-effect receipt writer host path observation coverage, module-host side-effect receipt writer concrete path/storage policy coverage, module-host side-effect receipt writer operation-evidence persistence coverage, module-host side-effect receipt writer first active write slice exact-receipt-byte coverage under an explicit temporary `.punk/runs` target, module-host side-effect receipt writer operation-evidence write slice exact-evidence-byte coverage under an explicit temporary `.punk/runs` target after a successful receipt write, greenfield and brownfield Level 0 project init scaffold coverage including `.punk/instructions/` source entrypoints and absent `.punk/views/`, Brownfield Source Corpus Manifest side-effect-free model coverage, Brownfield Source Corpus Manifest writer preflight model coverage, Brownfield Source Corpus Manifest writer first-slice exact-byte safe-target coverage, artifact hash policy helper behavior coverage, exact-byte artifact hash computation helper coverage, file IO artifact hashing helper coverage, referenced artifact verification helper coverage, proofpack manifest digest helper coverage, proofpack writer operation evidence model coverage, proofpack writer preflight plan model coverage, proofpack writer file IO plan model coverage, proofpack writer file IO outcome model coverage, proofpack writer file IO error reason model coverage, proofpack writer target path policy model coverage, proofpack writer canonical artifact model coverage, proofpack writer target artifact ref policy model coverage, proofpack writer preflight integration model coverage, proofpack writer active behavior model coverage, proofpack writer host path resolution model coverage, proofpack writer concrete path/storage policy model coverage, proofpack writer first active write slice exact-byte smoke coverage, proofpack writer hash/reference integration model coverage, user intent-to-contract draft model smoke coverage, Contract Schema Blueprint v0.1 boundary coverage, contract draft confirmation boundary smoke coverage, hard-clause mapping smoke coverage, contract receipt requirements smoke coverage, contract gate input policy smoke coverage, contract proof requirements smoke coverage, and target-ref alignment coverage for logical artifact refs versus path-policy refs, but no `.punk/evals` report storage, baseline, waiver system, runtime eval report writer, generated instruction view writer, publishing execution, source inventory implementation, repo scan, file walker, manifest generation from repository state, source content reader, source filesystem hash computation, AI summary, claim extraction, CLI manifest writer, runtime manifest writer, PubPunk runtime, Module Host runtime, plugin loading, module invocation, persisted publication receipt writer, external publishing, policy engine invocation, gate invocation, adapter invocation, credential reads, or PubPunk CLI. +- `punk-eval` provides the local smoke eval harness, including opt-in JSON output, local event writer `.punk/events/flow.jsonl` smoke coverage under an explicit temporary project root, local receipt/evidence event handoff coverage that appends safe refs without writing `.punk/runs` artifacts, deterministic advisory instruction page-index model coverage, local-only publishing workspace resolver coverage, PubPunk inventory reader coverage, PubPunk inventory input packet coverage, PubPunk inventory assessment model coverage, PubPunk host handoff chain coverage from input packet through Module Host preflight, advisory envelope, and receipt proposal, PubPunk publish request packet coverage from resolved connector refs plus explicit candidate/channel/policy/adapter/payload/receipt refs through Module Host side-effect request proposal and policy-gate preflight models, PubPunk publish receipt preflight packet coverage from resolved connector refs plus explicit receipt target/storage/operation-evidence/idempotency/rollback/error/adapter-invocation-receipt/channel/payload refs through Module Host side-effect receipt writer preflight, PubPunk publish receipt write handoff coverage from resolved connector refs plus explicit preflight/policy/target-path/receipt-bytes/evidence refs through the existing Module Host first active local receipt writer under an explicit temporary `.punk/runs` target, PubPunk publish operation evidence handoff coverage from explicit receipt-writer-result/operation-evidence-target/operation-evidence-bytes refs through the existing Module Host operation-evidence writer under an explicit temporary `.punk/runs` target after a successful receipt write, module-host invocation envelope coverage, module-host receipt proposal coverage, module-host side-effect request proposal coverage, module-host policy gate preflight coverage, module-host side-effect receipt writer preflight coverage, module-host side-effect receipt writer active behavior coverage, module-host side-effect receipt writer file IO plan coverage, module-host side-effect receipt writer target/storage policy coverage, module-host side-effect receipt writer host path observation coverage, module-host side-effect receipt writer concrete path/storage policy coverage, module-host side-effect receipt writer operation-evidence persistence coverage, module-host side-effect receipt writer first active write slice exact-receipt-byte coverage under an explicit temporary `.punk/runs` target, module-host side-effect receipt writer operation-evidence write slice exact-evidence-byte coverage under an explicit temporary `.punk/runs` target after a successful receipt write, greenfield and brownfield Level 0 project init scaffold coverage including `.punk/instructions/` source entrypoints and absent `.punk/views/`, Brownfield Source Corpus Manifest side-effect-free model coverage, Brownfield Source Corpus Manifest writer preflight model coverage, Brownfield Source Corpus Manifest writer first-slice exact-byte safe-target coverage, artifact hash policy helper behavior coverage, exact-byte artifact hash computation helper coverage, file IO artifact hashing helper coverage, referenced artifact verification helper coverage, proofpack manifest digest helper coverage, proofpack writer operation evidence model coverage, proofpack writer preflight plan model coverage, proofpack writer file IO plan model coverage, proofpack writer file IO outcome model coverage, proofpack writer file IO error reason model coverage, proofpack writer target path policy model coverage, proofpack writer canonical artifact model coverage, proofpack writer target artifact ref policy model coverage, proofpack writer preflight integration model coverage, proofpack writer active behavior model coverage, proofpack writer host path resolution model coverage, proofpack writer concrete path/storage policy model coverage, proofpack writer first active write slice exact-byte smoke coverage, proofpack writer hash/reference integration model coverage, user intent-to-contract draft model smoke coverage, Contract Schema Blueprint v0.1 boundary coverage, contract draft confirmation boundary smoke coverage, hard-clause mapping smoke coverage, contract receipt requirements smoke coverage, contract gate input policy smoke coverage, contract proof requirements smoke coverage, and target-ref alignment coverage for logical artifact refs versus path-policy refs, but no `.punk/evals` report storage, baseline, waiver system, runtime eval report writer, generated instruction view writer, publishing execution, source inventory implementation, repo scan, file walker, manifest generation from repository state, source content reader, source filesystem hash computation, AI summary, claim extraction, CLI manifest writer, runtime manifest writer, PubPunk runtime, Module Host runtime, plugin loading, module invocation, persisted publication receipt writer, external publishing, policy engine invocation, gate invocation, adapter invocation, credential reads, or PubPunk CLI. - `punk-gate` provides a side-effect-free gate decision kernel, but no `.punk/decisions` writer, CLI behavior, runtime storage, or acceptance claim writer. - `punk-proof` provides side-effect-free proofpack provenance, deterministic manifest rendering, proofpack manifest self-digest computation from in-memory renderer bytes through `punk-core` exact-byte hashing, digest metadata, structural link/hash integrity checks, proof readiness helpers, proof artifact hash string-shape validation through `punk-core` artifact hash policy helpers, a side-effect-free proofpack writer operation evidence model for planned, written, idempotent, conflict, preflight-failed, write-failed, partial-write, index-failed, latest-failed, and aborted outcomes, a side-effect-free proofpack writer preflight plan model for logical target artifact refs derived from the target artifact ref policy model, manifest self-digests, planned side effects, and missing preconditions, a side-effect-free proofpack writer file IO plan model for explicit storage-root refs, logical target artifact refs, target path refs, write policy, idempotency basis, temp/atomic policy, planned side effects, and error/rollback visibility, a side-effect-free proofpack writer file IO outcome model that maps explicit target, idempotency, temp/write, partial/cleanup, index/latest, and abort observations to operation evidence without claiming acceptance, a side-effect-free proofpack writer file IO error reason model for stable diagnostics over storage-root, target-path, existing-target, temp/write, flush/sync, atomic move, cleanup, index/latest, operation-evidence persistence, and abort failures, a side-effect-free proofpack writer target path policy model that classifies explicit target path refs and keeps storage-root refs, logical target artifact refs, target path refs, path injection, traversal, and storage-root escape diagnostics non-authoritative, a side-effect-free proofpack writer canonical artifact model that represents exact deterministic manifest renderer bytes, manifest self-digest coverage, and non-canonical metadata separation without writer side effects, a side-effect-free proofpack writer target artifact ref policy model that requires `(proofpack_id, manifest_self_digest)` identity, renders `proofpack:@` as logical non-path metadata, lets writer target refs be derived from accepted policy-model inputs, and keeps target artifact refs separate from canonical bytes, target paths, storage roots, indexes, `latest` pointers, service mirrors, executor claims, and acceptance authority, and a side-effect-free proofpack writer preflight integration model that composes explicit proofpack, canonical artifact, target artifact ref policy, preflight plan, file IO plan, and target path policy inputs into ready/blocked/not-selected evidence while keeping blockers fail-closed and storage root refs, logical target artifact refs, and target path refs distinct, and a side-effect-free proofpack writer active behavior model that requires explicit writer-ready preflight, consumes explicit observation data, tracks selected/attempted/completed/failed side effects, models planned-only, preflight-failed, written, idempotent, conflict, write-failed, partial-write, index-failed, latest-failed, and aborted outcomes, and keeps operation-evidence persistence failure visible without persisting evidence, a side-effect-free proofpack writer host path resolution model that requires explicit storage root refs, logical target artifact refs, target path refs, selected path policy refs, redacted host path observations, separated refs, and fail-closed blockers without filesystem resolution, a side-effect-free proofpack writer concrete path/storage policy model that requires explicit storage root refs, logical target artifact refs, target path refs, selected storage/path policy refs, host path observations, redaction state, idempotency/conflict policy, temp/atomic policy, and index/latest non-authority policy before reporting writer-ready policy evidence, a minimal first active proofpack writer write slice that writes exact canonical artifact bytes only to one explicit caller-provided storage root path plus explicit target-relative path when writer preflight and concrete path/storage policy are ready, uses create-new/no-overwrite behavior, reports in-memory non-authoritative outcome evidence for written, already-existing matching, conflict, preflight-failed, write-failed, and partial/ambiguous outcomes, and fails closed for unsafe or unready inputs, and a side-effect-free proofpack writer hash/reference integration model that composes explicit proofpack refs, declared artifact digest evidence, structural link/hash integrity, optional referenced artifact verification outcomes, and manifest self-digest readiness while keeping blockers fail-closed and evidence surfaces separate without reading files or writing artifacts. It still has no broader active proofpack writer orchestration, `.punk/proofs` writer, referenced artifact hash computation, active proofpack referenced artifact file verification, broad file IO hashing, host filesystem path resolution/canonicalization, byte/hash normalization, runtime storage, CLI behavior, schema writer, persisted operation-evidence writer, gate decision writer, or acceptance claim writer. diff --git a/evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md b/evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md index ef77ff9..495c651 100644 --- a/evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md +++ b/evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md @@ -7,14 +7,14 @@ Authority: advisory/design ## Purpose Define deterministic expectations for the first PubPunk publish receipt write -handoff packet. +handoff packet after channel connector profile resolution. -The packet is the boundary between PubPunk's publish receipt preflight model -and the existing Module Host first active local side-effect receipt writer. It -carries explicit refs for a host-owned exact-byte receipt write without making -PubPunk a receipt writer, reading receipt bytes, persisting operation evidence, -publishing, invoking adapters, mutating event logs, or activating runtime -behavior. +The packet is the boundary between PubPunk's publish receipt preflight model, +resolved connector evidence, and the existing Module Host first active local +side-effect receipt writer. It carries explicit refs for a host-owned +exact-byte receipt write without making PubPunk a receipt writer, reading +receipt bytes, persisting operation evidence, publishing, invoking adapters, +mutating event logs, or activating runtime behavior. This spec does not activate PubPunk runtime, Module Host runtime, module loading, filesystem reads by PubPunk, workspace initialization, external @@ -30,7 +30,8 @@ receipt writer preflight, active behavior, file-IO plan, target/storage policy, host-path observation, concrete path/storage policy, operation-evidence persistence, receipt target, storage, target path, receipt bytes, operation evidence, idempotency, rollback, error, adapter invocation receipt, payload, -channel, and connector profile. +channel, connector profile resolution, connector profile, and selected +connector strategy. ### PUBPUNK-PUBLISH-RECEIPT-WRITE-HANDOFF-002: receipt target stays under `.punk/runs` @@ -40,9 +41,13 @@ handoff can project refs. ### PUBPUNK-PUBLISH-RECEIPT-WRITE-HANDOFF-003: source refs stay allowed -The payload, channel, connector profile, adapter invocation receipt, and receipt -bytes refs must be present in the packet's allowed source refs. These are -evidence refs only; PubPunk does not read the referenced files in this slice. +The payload, channel, connector profile resolution, connector profile, selected +connector strategy, adapter invocation receipt, and receipt bytes refs must be +present in the packet's allowed source refs. These are evidence refs only; +PubPunk does not read the referenced files in this slice. + +The packet must not treat direct adapter, channel, payload, or connector profile +refs as enough to bypass channel connector profile resolution. ### PUBPUNK-PUBLISH-RECEIPT-WRITE-HANDOFF-004: write handoff grant is narrow @@ -54,9 +59,10 @@ writes, and acceptance claims, must block readiness. ### PUBPUNK-PUBLISH-RECEIPT-WRITE-HANDOFF-005: receipt expectations include write coverage The packet must require expected receipt fields and must include `side_effects`, -`host_validation`, `adapter_invocation_receipt`, `operation_evidence`, -`publication_receipt`, `receipt_bytes`, `receipt_target_path`, and -`receipt_write_result`. +`host_validation`, `connector_profile_resolution`, `connector_profile_ref`, +`selected_connector_strategy`, `adapter_invocation_receipt`, +`operation_evidence`, `publication_receipt`, `receipt_bytes`, +`receipt_target_path`, and `receipt_write_result`. ### PUBPUNK-PUBLISH-RECEIPT-WRITE-HANDOFF-006: privacy remains metadata-only @@ -111,6 +117,10 @@ pubpunk_publish_receipt_write_handoff_result: operation_evidence_persistence_ref_explicit: true receipt_target_path_ref_under_punk_runs: true receipt_bytes_ref_explicit: true + connector_profile_resolution_ref_explicit: true + connector_profile_ref_explicit: true + selected_connector_strategy_ref_explicit: true + allowed_source_refs_cover_payload_channel_resolved_connector: true request_publication_receipt_write_grant_required: true receipt_write_handoff_refs_ready: true module_host_receipt_writer_write_ready: true diff --git a/work/STATUS.md b/work/STATUS.md index bceccba..2e97f82 100644 --- a/work/STATUS.md +++ b/work/STATUS.md @@ -20,6 +20,7 @@ last_validated_commit: "0f013f6" - Current stage: v0.1-prep Current Truth Baseline / Truth Alignment. - Current focus: pause after brownfield manifest writer first slice v0.1. - Selected next: `work/goals/goal_pause_after_brownfield_manifest_writer_first_slice_v0_1.md` +- Side-track completion note: `work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md` is now recorded as done with a side-effect-free PubPunk publish receipt write handoff packet that requires explicit connector profile resolution, connector profile, and selected connector strategy refs before it can project Module Host receipt-write handoff refs. The slice keeps the existing host receipt writer path bounded to exact bytes under an explicit temporary `.punk/runs` target in smoke evidence and adds no PubPunk runtime, Module Host runtime, public CLI behavior, workspace initialization, filesystem scanning, draft body reads, provider orchestration, API calls, browser automation, credential reads, adapter invocation, external publishing, metrics collection, token collection, PubPunk-owned receipt writing, operation-evidence persistence, event-log mutation, gate writer, proofpack writer, or acceptance claim. Selected next remains `work/goals/goal_pause_after_brownfield_manifest_writer_first_slice_v0_1.md`. - Side-track completion note: `work/goals/goal_add_pubpunk_publish_receipt_preflight_resolved_connector_refs_v0_1.md` is now recorded as done with a side-effect-free PubPunk publish receipt preflight packet that requires explicit connector profile resolution, connector profile, and selected connector strategy refs before it can project Module Host receipt-writer preflight refs. The slice keeps the existing receipt writer chain preflight-only and adds no PubPunk runtime, Module Host runtime, public CLI behavior, workspace initialization, filesystem scanning, draft body reads, provider orchestration, API calls, browser automation, credential reads, adapter invocation, external publishing, metrics collection, token collection, receipt writing, operation-evidence persistence, event-log mutation, gate writer, proofpack writer, or acceptance claim. Selected next remains `work/goals/goal_pause_after_brownfield_manifest_writer_first_slice_v0_1.md`. - Side-track completion note: `work/goals/goal_add_pubpunk_publish_request_resolved_connector_refs_v0_1.md` is now recorded as done with a side-effect-free PubPunk publish request packet that requires explicit connector profile resolution, connector profile, and selected connector strategy refs before it can project Module Host side-effect request refs. The slice keeps the existing publish request and policy-gate chain preflight-only and adds no PubPunk runtime, Module Host runtime, public CLI behavior, workspace initialization, filesystem scanning, draft body reads, provider orchestration, API calls, browser automation, credential reads, adapter invocation, external publishing, metrics collection, token collection, receipt writing, event-log mutation, gate writer, proofpack writer, or acceptance claim. Selected next remains `work/goals/goal_pause_after_brownfield_manifest_writer_first_slice_v0_1.md`. - Side-track completion note: `work/goals/goal_add_pubpunk_channel_connector_profile_resolution_v0_1.md` is now recorded as done with a side-effect-free PubPunk channel connector profile resolution packet model. The slice requires explicit inventory assessment, candidate, channel, connector profile, API availability, browser automation policy, manual handoff, credential signal, payload, instruction, allowed-source, expected-receipt, privacy, and optional token-cost refs plus the narrow `resolve_connector_profile` grant, then selects API first, browser only when API is unavailable and policy allows it, or manual fallback when automation is unavailable. It adds no PubPunk runtime, Module Host runtime, public CLI behavior, workspace initialization, filesystem scanning, draft body reads, provider orchestration, token collection, API calls, browser automation, credential reads, adapter invocation, external publishing, metrics collection, receipt writing, event-log mutation, gate writer, proofpack writer, or acceptance claim. Selected next remains `work/goals/goal_pause_after_brownfield_manifest_writer_first_slice_v0_1.md`. @@ -188,6 +189,7 @@ last_validated_commit: "0f013f6" | Date | Item | Evidence | |---|---|---| +| 2026-05-20 | Added PubPunk publish receipt write handoff resolved connector refs v0.1 | `work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md`, `work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md`, `crates/punk-mod-pubpunk/src/lib.rs`, `crates/punk-eval/src/lib.rs`, `evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md` | | 2026-05-20 | Added PubPunk publish receipt preflight resolved connector refs v0.1 | `work/goals/goal_add_pubpunk_publish_receipt_preflight_resolved_connector_refs_v0_1.md`, `work/reports/2026-05-20-pubpunk-publish-receipt-preflight-resolved-connector-refs-v0-1.md`, `crates/punk-mod-pubpunk/src/lib.rs`, `crates/punk-eval/src/lib.rs`, `evals/specs/pubpunk-publish-receipt-preflight.v0.1.md` | | 2026-05-20 | Added PubPunk publish receipt preflight v0.1 | `work/goals/goal_add_pubpunk_publish_receipt_preflight_v0_1.md`, `work/reports/2026-05-20-pubpunk-publish-receipt-preflight-v0-1.md`, `crates/punk-mod-pubpunk/src/lib.rs`, `crates/punk-eval/src/lib.rs`, `evals/specs/pubpunk-publish-receipt-preflight.v0.1.md` | | 2026-05-20 | Documented PubPunk channel connector strategy v0.1 | `work/goals/goal_document_pubpunk_channel_connector_strategy_v0_1.md`, `work/reports/2026-05-20-pubpunk-channel-connector-strategy-v0-1.md`, `docs/modules/pubpunk.md`, `docs/modules/pubpunk-workspace-instructions.md` | diff --git a/work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md b/work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md new file mode 100644 index 0000000..6fac6b6 --- /dev/null +++ b/work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md @@ -0,0 +1,129 @@ +--- +id: goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1 +title: "Add PubPunk Publish Receipt Write Handoff Resolved Connector Refs v0.1" +status: done +owner: "vitaly" +module: "product" +priority: P1 +authority: canonical +created_at: 2026-05-20 +updated_at: 2026-05-20 +selected_at: 2026-05-20 +started_at: 2026-05-20 +completed_at: 2026-05-20 +blocked_by: [] +scope: + include: + - "crates/punk-mod-pubpunk/src/lib.rs" + - "crates/punk-eval/src/lib.rs" + - "docs/modules/pubpunk.md" + - "docs/modules/pubpunk-workspace-instructions.md" + - "docs/product/CRATE-STATUS.md" + - "evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md" + - "work/STATUS.md" + - "work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md" + - "work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md" + exclude: + - ".punk/**" + - ".github/**" + - "crates/punk-cli/**" + - "crates/punk-project/**" + - "crates/punk-module-host/**" + - "crates/punk-events/**" + - "publishing/**" + - "external publishing behavior" + - "browser automation" + - "API calls" + - "adapter invocation" + - "module runtime behavior" +acceptance: + - "Extends the side-effect-free PubPunk publish receipt write handoff packet so readiness requires explicit connector profile resolution, connector profile, and selected connector strategy refs." + - "Requires those connector refs in allowed source refs before projecting receipt-write handoff refs." + - "Requires expected receipt fields for connector profile resolution, connector profile ref, and selected connector strategy." + - "Projects channel and resolved connector refs through `PubPunkPublishReceiptWriteHandoffRefs`." + - "Keeps the existing Module Host receipt writer path bounded to exact bytes under explicit temporary `.punk/runs` targets in smoke evidence." + - "Keeps PubPunk advisory and side-effect-free: no PubPunk runtime, CLI, module invocation, filesystem reads, API calls, browser opens, credential reads, publishing, metrics collection, PubPunk-owned receipt writing, operation-evidence persistence, adapter invocation, gate/proof writing, or acceptance claims." + - "Updates the eval spec, PubPunk docs, crate status, report, and work status." + - "Preserves selected_next in work/STATUS.md." +knowledge_refs: + - "docs/modules/pubpunk.md" + - "docs/modules/pubpunk-workspace-instructions.md" + - "docs/product/MODULE-AUTHORING.md" + - "docs/product/MODULE-CONFORMANCE.md" + - "docs/product/MODULE-HOST-CONTRACT.md" + - "evals/specs/pubpunk-channel-connector-profile-resolution.v0.1.md" + - "evals/specs/pubpunk-publish-receipt-preflight.v0.1.md" + - "evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md" + - "work/reports/2026-05-20-pubpunk-publish-receipt-preflight-resolved-connector-refs-v0-1.md" + - "work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md" +contract_refs: [] +report_refs: + - "work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md" +decision_refs: [] +proof_refs: [] +latest_proof_ref: null +supersedes: [] +superseded_by: null +research_gate: + classification: R2 + required: true + rationale: "This changes an incubating PubPunk receipt-write handoff boundary before runtime publishing. It is satisfied by existing module authoring/conformance/host docs, PubPunk module docs, the connector profile resolution spec, and the prior resolved-connector receipt preflight slice." + research_refs: + - "docs/product/MODULE-AUTHORING.md" + - "docs/product/MODULE-CONFORMANCE.md" + - "docs/product/MODULE-HOST-CONTRACT.md" + - "docs/modules/pubpunk.md" + - "docs/modules/pubpunk-workspace-instructions.md" + - "evals/specs/pubpunk-channel-connector-profile-resolution.v0.1.md" + - "evals/specs/pubpunk-publish-receipt-preflight.v0.1.md" + - "evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md" + - "work/reports/2026-05-20-pubpunk-publish-receipt-preflight-resolved-connector-refs-v0-1.md" + external_research_refs: [] + blocked_reason: null +doc_impact: + classification: code-doc + required_updates: + - "docs/modules/**" + - "docs/product/CRATE-STATUS.md" + - "evals/specs/**" + - "work/STATUS.md" + - "work/reports/**" + rationale: "Extends PubPunk publish receipt write handoff readiness to require resolved connector refs without PubPunk runtime activation, browser/API calls, adapter invocation, metrics collection, PubPunk-owned receipt writing, or external publishing." +--- + +# Add PubPunk Publish Receipt Write Handoff Resolved Connector Refs v0.1 + +## Context + +PubPunk publish receipt preflight now requires resolved connector refs. The next +safe step is to carry that same connector-resolution evidence into the receipt +write handoff boundary so the host write path cannot lose how the connector was +selected. + +## Selected slice + +Extend one pure PubPunk model plus the existing smoke eval case: + +- require explicit connector profile resolution, connector profile, and + selected connector strategy refs; +- require those refs in allowed source refs; +- require connector evidence fields in expected receipt fields; +- project channel and resolved connector refs through + `PubPunkPublishReceiptWriteHandoffRefs`; +- keep the existing Module Host writer path bounded to exact bytes under an + explicit temporary `.punk/runs` target in smoke evidence. + +## Boundary + +This slice changes no PubPunk runtime, Module Host runtime, public CLI, +workspace initialization, filesystem scanning, draft body reads, provider +orchestration, adapter invocation, browser automation, API calls, external +publishing, metrics collection, token collection, PubPunk-owned receipt writing, +operation-evidence persistence, event-log mutation, gate writing, proofpack +writing, or acceptance claims. + +## Outcome + +Done when the packet model, unit tests, smoke eval case, eval spec, docs, +report, and work status are updated, checks pass, and `selected_next` remains +unchanged. diff --git a/work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md b/work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md new file mode 100644 index 0000000..995789e --- /dev/null +++ b/work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md @@ -0,0 +1,167 @@ +--- +id: report_2026_05_20_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1 +kind: work-report +status: done +authority: canonical +owner: vitaly +created_at: 2026-05-20 +updated_at: 2026-05-20 +related_goal: work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md +--- + +# PubPunk Publish Receipt Write Handoff Resolved Connector Refs v0.1 + +## Summary + +Extended the side-effect-free PubPunk publish receipt write handoff packet so it +requires resolved connector refs before projecting Module Host receipt-write +handoff refs. + +## Verdict + +The PubPunk publish receipt write handoff boundary now consumes the earlier +channel connector profile resolution evidence. Direct adapter, channel, payload, +or connector profile refs are not enough to make the receipt write handoff +ready. + +```yaml +pubpunk_publish_receipt_write_handoff_resolved_connector_refs_result: + status: done + connector_profile_resolution_ref_required: true + connector_profile_ref_required: true + selected_connector_strategy_ref_required: true + connector_refs_must_be_allowed_sources: true + connector_receipt_fields_required: true + receipt_write_handoff_refs_include_connector_refs: true + module_host_writer_path_bounded_to_temp_punk_runs: true + pubpunk_calls_api: false + pubpunk_opens_browser: false + pubpunk_reads_credentials: false + adapter_invocation_active: false + external_publish_active: false + metrics_collection_active: false + pubpunk_receipt_writer_active: false + operation_evidence_persistence_active: false + side_effects_in_pubpunk_model: false + non_authority: true +``` + +## What changed + +- Added `connector_profile_resolution_ref` and + `selected_connector_strategy_ref` to + `PubPunkPublishReceiptWriteHandoffPacket`, assessment refs, and + `PubPunkPublishReceiptWriteHandoffRefs`. +- Receipt write handoff readiness now blocks missing, unsafe, or unallowed + connector resolution/profile/strategy refs. +- Expected receipt fields now require `connector_profile_resolution`, + `connector_profile_ref`, and `selected_connector_strategy`. +- The write handoff smoke case now consumes resolved connector refs before + entering the existing Module Host exact-byte receipt writer chain. +- Updated PubPunk docs, workspace instructions, crate status, and the write + handoff eval spec. + +## Boundary confirmation + +- No PubPunk runtime was activated. +- No Module Host runtime was activated. +- No module invocation, plugin loading, or dynamic dispatch was added. +- No public CLI behavior was added. +- No workspace initialization, filesystem scanning, draft body read behavior, + publishing behavior, metrics collection, PubPunk-owned receipt writing, + operation-evidence persistence, or event-log mutation was added. +- No provider orchestration or automatic token collection was added. +- No API call, browser automation, credential read, adapter invocation, + external publishing, gate writer, proofpack writer, or acceptance claim was + added. +- `selected_next` remains + `work/goals/goal_pause_after_brownfield_manifest_writer_first_slice_v0_1.md`. + +## Provider review + +```yaml +provider_review: + status: not_run_for_this_slice + rationale: "This slice is a narrow continuation of the resolved-connector receipt preflight path and uses existing local checks as acceptance evidence." +``` + +## Cost accounting + +```yaml +cost_accounting: + status: unavailable + total_tokens: null + accepted_tokens: null + rejected_tokens: null + discarded_tokens: null + unknown_tokens: null + pass_costs: + - pass_id: pass_codex_pubpunk_publish_receipt_write_handoff_resolved_connector_refs + token_source: unavailable + total_tokens: null + outcome: selected_implementation +``` + +## Doc impact + +```yaml +doc_impact: + classification: code-doc + reason: "Extends PubPunk publish receipt write handoff readiness to require resolved connector refs without PubPunk runtime activation, browser/API calls, adapter invocation, metrics collection, PubPunk-owned receipt writing, or external publishing." + touched_surfaces: + - crates/punk-mod-pubpunk/src/lib.rs + - crates/punk-eval/src/lib.rs + - docs/modules/pubpunk.md + - docs/modules/pubpunk-workspace-instructions.md + - docs/product/CRATE-STATUS.md + - evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md + - work/STATUS.md + - work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md + - work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md + required_updates: + - docs/modules/pubpunk.md + - docs/modules/pubpunk-workspace-instructions.md + - docs/product/CRATE-STATUS.md + - evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md + - work/STATUS.md +``` + +## Validation + +```text +cargo fmt +PASS + +cargo test -p punk-mod-pubpunk +42 passed; 0 failed + +cargo test -p punk-eval +6 passed; 0 failed + +python3 scripts/check_research_gate.py +Research Gate check: PASS +Selected next: work/goals/goal_pause_after_brownfield_manifest_writer_first_slice_v0_1.md + +python3 scripts/check_work_ledger.py +Work ledger check: PASS +Selected next: work/goals/goal_pause_after_brownfield_manifest_writer_first_slice_v0_1.md +Goals checked: 283 + +python3 scripts/check_docs_governance.py --files crates/punk-mod-pubpunk/src/lib.rs crates/punk-eval/src/lib.rs docs/modules/pubpunk.md docs/modules/pubpunk-workspace-instructions.md docs/product/CRATE-STATUS.md evals/specs/pubpunk-publish-receipt-write-handoff.v0.1.md work/STATUS.md work/goals/goal_add_pubpunk_publish_receipt_write_handoff_resolved_connector_refs_v0_1.md work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md --report work/reports/2026-05-20-pubpunk-publish-receipt-write-handoff-resolved-connector-refs-v0-1.md +Docs governance check: PASS +Changed files: 9 +Canonical docs checked: 1 +Reports checked: 1 +Failures: 0 +Warnings: 0 + +cargo check --workspace +Finished `dev` profile [unoptimized + debuginfo] target(s) + +cargo run -p punk-cli -- eval run smoke +smoke_result: pass +Case `eval_pubpunk_publish_receipt_write_handoff_chains_to_host_receipt_writer_write`: pass + +git diff --check +PASS +```