feat(drafts): CyclesEvidence envelope v0.1 — signed, content-addressed lifecycle evidence

[amavashev]

Summary

New schema-only OpenAPI 3.1 draft at drafts/cycles-evidence-v0.1.yaml defining a JCS-canonicalized, Ed25519-signed envelope for the four Cycles authorization lifecycle events (decide / reserve / commit / release).

• Content-addressed via sha256 over RFC 8785 JCS canonical bytes with signature emptied.
• Signature derived over canonical bytes with evidence_id populated and signature emptied (id-then-signature ordering matches APS payment-rails/canonicalize.ts and Wave 1 accountability artifacts — so a verifier that already knows how to verify an APS PaymentReceipt can verify a CyclesEvidence envelope with the same primitives, only the canonical-bytes input differs).
• One envelope per lifecycle event; one-of payload discriminated by artifact_type.

Why

The Cycles runtime API responses (DecisionResponse, ReservationCreateResponse, CommitResponse, ReleaseResponse) are sufficient for the immediate caller with a live connection to the Cycles server. They are not sufficient for cross-system, ledger-independent audit consumers (notably APS, https://github.com/aeoess/agent-passport-system) who need a single artifact they can fetch by content hash and verify offline.

This draft also closes two concrete gaps the Cycles signal-type crosswalk at aeoess/agent-governance-vocabulary#92 surfaced during review:

1. reservation_id linkage. On the wire, commit_reservation and release_reservation take reservation_id as a URL path argument; the response bodies do not echo it. An evidence consumer reading just the JSON cannot recover the authorization → settlement chain. The CyclesEvidence envelope hoists reservation_id into the signed payload for commit and release artifacts, so the linkage is visible from evidence alone.
2. replay_class promotion path. The crosswalk currently declares replay_class: decision_replay because Cycles' wire JSON requires the server's ledger state for verification. Once this envelope is normative and emitted by reference implementations, replay_class is promotable back to full_replay — replay becomes possible from recorded evidence alone.

Status

DRAFT (v0.1). Lives under drafts/ for review and external feedback. Will move to a numbered spec file at repo root (cycles-evidence-v0.2.yaml) once:

• At least one production implementation ships the envelope.
• At least one cross-system consumer (most likely APS) has integrated against the envelope shape end-to-end.

What's in scope (v0.1)

• Envelope schema: schema_version, artifact_type, server_id, signer_did, issued_at_ms, payload, evidence_id, signature.
• Per-artifact payload shapes for decide / reserve / commit / release, each pairing the Cycles request and response so evidence is self-contained.
• Hash derivation: sha256 over JCS-canonical bytes with evidence_id and signature set to "".
• Signature derivation: Ed25519 over JCS-canonical bytes with evidence_id populated and signature set to "".
• Verification contract for consumers.

What's out of scope (v0.1, deliberately deferred)

• Evidence retrieval HTTP API — URL path layout, auth scheme, replication policy stays with the server implementation. v0.1 documents expectations on the response body, not the path.
• Signing-key rotation, JWKS publication, did:cycles method registration. These land alongside the normative move.
• Merkle-batched aggregated evidence (one envelope per event in v0.1). A v0.2+ concern.
• TTL-expiry artifacts (silent on the wire today, so no envelope; a future revision may add system.expire emitted by the server's expiry sweep).

Implementation notes

• Schema mirrors of cycles-protocol-v0.yaml types (DecisionRequest, ReservationCreateRequest, etc.) are inlined under *Mirror schemas so this file validates standalone. When promoted to normative, these should be replaced with cross-file $refs into cycles-protocol-v0.yaml for single-source-of-truth.
• Field lists in the mirrors were verified by Pydantic introspection of the runcycles Python SDK on 2026-05-12 (model_fields[*].is_required()), the same verification trail used to fix four rounds of review feedback on feat: crosswalk/cycles.yaml v0.1 — signal-type rows for Cycles budget authority aeoess/agent-governance-vocabulary#92.
• Unrelated draft drafts/aeoess-crosswalk.yaml (Cycles ↔ APS receipt vocabulary mapping) is in-flight on a separate working copy and intentionally not part of this commit. The two drafts are orthogonal: this PR specifies the envelope shape; that draft specifies how Cycles vocabulary maps to APS receipt fields. Both can land independently.

Validation

make lint-sources does not lint drafts/ (only the canonical source specs at repo root). Running spectral directly:

npx spectral lint drafts/cycles-evidence-v0.1.yaml --fail-severity=error

Result: 0 errors, 3 warnings. The three warnings are unavoidable for a schema-only draft:

• oas3-api-servers — file declares no servers: because there are no endpoints (the envelope wraps responses from endpoints already defined in cycles-protocol-v0.yaml).
• oas3-unused-component on CyclesEvidence — spectral can't trace usage without paths.
• protocol-schemas-no-additional-properties on EvidencePayload — incompatible with the oneOf discriminator; each variant carries its own additionalProperties: false.

References

• Integration: AEOESS signed receipts + Cycles reserve/commit budget authority aeoess/agent-passport-system#25 — APS integration thread, comment 4422627045 defines the CyclesEvidenceRef minimal join shape this envelope plugs into.
• feat: crosswalk/cycles.yaml v0.1 — signal-type rows for Cycles budget authority aeoess/agent-governance-vocabulary#92 — Cycles signal-type crosswalk; this PR closes the reservation_id-linkage gap and the replay_class promotion path.
• RFC 8785 — JSON Canonicalization Scheme.

Test plan

• Review reviewers confirm envelope shape is sufficient for cross-system evidence consumers (notably APS).
• Confirm reservation_id hoisting on commit / release payloads addresses the linkage gap from feat: crosswalk/cycles.yaml v0.1 — signal-type rows for Cycles budget authority aeoess/agent-governance-vocabulary#92 review round 4.
• Confirm canonicalization rules (RFC 8785 JCS + id-then-signature ordering) align with APS's payment-rails/canonicalize.ts so a verifier can reuse primitives.
• (After merge) Implement a worked example: emit one envelope per artifact type from a reference Cycles server, compute evidence_id, sign, then re-verify; commit fixtures alongside the spec.
• (After integration) Once APS implements CyclesEvidenceRef-keyed verification and a reference Cycles server emits envelopes, promote replay_class on feat: crosswalk/cycles.yaml v0.1 — signal-type rows for Cycles budget authority aeoess/agent-governance-vocabulary#92 (or its successor) from decision_replay to full_replay.

[amavashev]

Pushed fb43077 — closes the test-plan checkbox:

"Implement a worked example: emit one envelope per artifact type from a reference Cycles server, compute evidence_id, sign, then re-verify; commit fixtures alongside the spec."

What landed (under drafts/fixtures/cycles-evidence-v0.1/):

• 10 signed CyclesEvidence envelopes covering the full v0.1 surface:
  • 4 artifact_types: decide / reserve / commit / release
  • 3 decision branches: ALLOW / ALLOW_WITH_CAPS / DENY (incl. DENY-branch with no reservation_id)
  • All 4 Unit enum values: USD_MICROCENTS / TOKENS / RISK_POINTS / CREDITS
  • Optional-field round-trips: Action.tags, Balance.allocated, ReleaseRequest.reason
  • trace_id omission semantics (field absent, not "" and not null — the omit/null/empty distinction from the spec's normative note)
• generate.py — deterministic generator. Re-running produces byte-identical output. Test signer derived from sha256("cycles-evidence-v0.1-fixture-signer") so reviewers can re-derive the keypair locally (pubkey: ec52b49b81eb29ef6f62947cade245c715bf943b7ef2a5f2789288574466fc43). Implements the v0.1 normative empty-string-sentinel + id-then-signature algorithm.
• verify.py — standalone verifier. Enforces every spec MUST: schema_version recognized, evidence_id sha256 byte-match, Ed25519 signature, artifact_type ↔ payload-key consistency (oneOf), 32-hex trace_id pattern when present.

Reproduce locally:

cd drafts/fixtures/cycles-evidence-v0.1
pip install -r requirements.txt
python generate.py   # writes cases/*.json (byte-stable across runs)
python verify.py     # 10/10 fixtures verify; exit 0

Tamper sanity (covered in the README): flipping one character in any signed field trips both the evidence_id mismatch and signature verification failed checks; python generate.py restores from canonical sources.

One closure on a review comment: while auditing the spec against the generator I noticed the schema_version MUST clause ("consumers MUST reject envelopes whose schema_version they do not understand") didn't have a corresponding check in my first verifier draft — fixed before commit. The verifier now rejects unknown versions before further validation, with 01-decide-allow.json flipped to cycles-evidence/v0.2 as the negative test.

replay_class promotion path on aeoess/agent-governance-vocabulary#92 is unblocked from the spec side once #90 merges — the envelope + reference fixtures together provide what an offline verifier needs.

[amavashev]

Review pass on fb43077 surfaced three real bugs. All addressed in 17271c4.

Findings & resolutions

1 — HIGH: live reserve denials had no valid evidence slot. cycles-protocol-v0.yaml:978 is explicit that non-dry reserve denials MUST be 409 BUDGET_EXCEEDED, NOT 200 with decision: DENY. The previous draft + fixture 03 emitted the forbidden shape, and the most important denial path on the issue #25 thread had no evidence shape at all.

• Added error as a 5th ArtifactType with ErrorPayload + ErrorResponseMirror schemas. ErrorPayload wraps a 4xx/5xx body from any of the four endpoints, hoists reservation_id when path-bearing, and preserves the originating request body via a discriminated oneOf over the four request mirrors.
• Encoded the dry-run-required-for-DENY constraint as a JSON Schema if/then on ReservePayload — validators reject non-dry DENY at the schema layer without custom logic. Confirmed: 11/11 fixtures pass; a constructed non-dry-DENY envelope fails validation.
• Renamed case_03_reserve_deny → case_03_reserve_dry_run_deny with explicit dry_run: true. Added case_11_reserve_live_budget_exceeded emitting a 409 via the new error artifact type — the canonical wire shape APS receipts can now bind evidence to.

2 — MEDIUM: stale APS literal namespace. ReleasePayload description still cited rail.budget_authority.release.v1 with an outdated "open question" framing. aeoess/agent-passport-system#25 comments 4433715146 and 4433275511 renamed the namespace to budget_reservation and locked in three literals: rail.budget_reservation.{permit,release,denial}.v1. Description rewritten.

3 — MEDIUM: Mirror schemas dropped canonical constraints. Subject lost minProperties: 1 + the six-way anyOf + maxLength constraints; idempotency_key lost minLength: 1 / maxLength: 256; reason_code lost maxLength: 128; integer fields lost minimum: 0 / format: int64; Action lost its three maxLengths and tag maxItems; Caps lost tool-name maxLengths. All copied byte-for-byte against cycles-protocol-v0.yaml as of 2026-05-13. Added a MIRROR CONTRACT block at the head of the mirrors section making drift an explicit v0.1 bug.

Validation

cd drafts/fixtures/cycles-evidence-v0.1
python generate.py   # 11 fixtures + stale 03-reserve-deny.json auto-removed
python verify.py     # 11/11 verified, exit 0

• JSON Schema validate every fixture against the updated CyclesEvidence schema: 11/11 valid.
• Negative test: strip dry_run: true from fixture 03 in-memory (= non-dry reserve with decision: DENY) → schema rejects via the ReservePayload if/then rule.
• npx spectral lint drafts/cycles-evidence-v0.1.yaml --fail-severity=error: 0 errors, 3 expected warnings (oas3-api-servers, oas3-unused-component, oneOf additionalProperties — same set as before this review pass).

Fixture coverage now

#	Branch
01	decide ALLOW
02	reserve ALLOW
03	reserve dry-run DENY (the only legal decision: DENY shape on reserve)
04	reserve ALLOW_WITH_CAPS
05	commit (partial actual)
06	release
07	release with reason
08	reserve ALLOW, optional trace_id omitted
09	decide with RISK_POINTS unit + Action.tags
10	reserve with CREDITS unit + Balance.allocated
11	error: live 409 BUDGET_EXCEEDED from POST /v1/reservations — the issue #25 live-denial path

Thanks for the thorough review — finding 1 in particular would have shipped a wire shape the canonical protocol forbids if it had merged as-is.

[amavashev]

Review round 2 — all three findings confirmed against canonical sources and addressed in 708ee24.

1 — MEDIUM: error.request oneOf rejected valid minimal requests

Empirically reproduced: stripping ttl_ms from fixture 11's request body caused JSON Schema validation to fail under the previous oneOf because the minimal (idempotency_key, subject, action, estimate) shape ambiguously matches both DecisionRequestMirror and ReservationCreateRequestMirror.

Fix: replaced oneOf on ErrorPayload.request with an endpoint-discriminated allOf of if/then at the ErrorPayload level. Each branch fires only when endpoint matches its const, routing request to the matching mirror. Each if clause also requires request so that an absent request (it's optional) doesn't trigger a then branch.

Verified:

• positive: minimal reserve request via error path is now accepted
• negative: commit-body shape under endpoint: POST /v1/reservations is rejected at the correct allOf branch

2 — MEDIUM: remaining mirror constraints still divergent

Five more canonical constraints copied byte-for-byte against cycles-protocol-v0.yaml:

Field	Was	Now (per canonical line cited)
ttl_ms	minimum: 0, no max	minimum: 1000, maximum: 86400000 (L828-830)
grace_period_ms	minimum: 0, no max	minimum: 0, maximum: 60000 (L832-836)
overage_policy	type: string	enum [REJECT, ALLOW_IF_AVAILABLE, ALLOW_WITH_OVERDRAFT] (L794)
CommitResponseMirror.status	type: string	enum [COMMITTED] (L1068)
ReleaseResponseMirror.status	type: string	enum [RELEASED] (L1101)
ReleaseRequestMirror.reason	type: string, no max	maxLength: 256 (L1092)

Verified at the schema layer:

• ttl_ms=500 → rejected (below canonical min 1000)
• ttl_ms=90000000 → rejected (above canonical max 86400000)
• overage_policy='NOT_A_REAL_POLICY' → rejected
• commit response status='pending' → rejected

3 — LOW: CREDITS unit-class prose

Comment on case_10_reserve_credits_allow rewritten to scope strictly to the Cycles wire surface (CREDITS as closed-enum unit name preserved byte-for-byte) and defer the APS unit_class question explicitly to issue #25 and crosswalk/cycles.yaml (aeoess/agent-governance-vocabulary#92). No positive claim about APS unit_class mapping.

Byte stability

No fixture canonical bytes change in this commit (only the spec yaml and one generator comment edited). All 11 evidence_ids and signatures are byte-identical to the prior commit 17271c4. python generate.py shows zero diff on cases/*.json.

Validation

• python verify.py: 11/11 verified
• JSON Schema validation of all 11 fixtures against the tightened spec: 11/11 valid
• Six negative tests above all reject correctly
• Prior regression — non-dry reserve with decision: DENY — still rejected by the if/then on ReservePayload
• npx spectral lint drafts/cycles-evidence-v0.1.yaml --fail-severity=error: 0 errors, 3 expected warnings (unchanged set)

(Branch needed a rebase before push — remote had picked up cd66835 merging main in for unrelated hygiene work. Rebase was clean, no conflicts since main's diff didn't touch CyclesEvidence files.)

[amavashev]

Review round 3 — all three findings confirmed empirically before fix, addressed in 3d8b3c8. Negative tests written for every new constraint per the round-2 rigor protocol.

1 — MEDIUM: schema-only validators accepted artifact_type / payload mismatches

Reproduced: fixture 02 (artifact_type: reserve) with payload swapped to fixture 11's payload.error → previous schema accepted it. The EvidencePayload.oneOf only constrained which payload key was present, not which one paired with artifact_type.

Fix: top-level allOf on CyclesEvidence with five if/then branches (one per artifact_type) requiring payload to contain the matching key. The pairing now lives in the schema, not just verify.py.

Verified: cross-product matrix — all 5×5 = 25 (artifact_type X, payload Y) combinations checked; 5 matching pairs accepted, all 20 mismatch pairs rejected.

2 — MEDIUM: ErrorPayload allowed commit/release errors without reservation_id

Reproduced: error envelope with endpoint: POST /v1/reservations/{reservation_id}/commit and a valid CommitRequestMirror-shaped body but no reservation_id → previous schema accepted it. The path argument names which reservation the failed operation targeted; dropping it breaks the authorization → settlement chain for evidence-only readers (same rationale as the reservation_id hoist on success-path CommitPayload/ReleasePayload from #92 round 4).

Fix: 5th branch added to ErrorPayload.allOf:

- if:
    properties:
      endpoint:
        enum:
          - "POST /v1/reservations/{reservation_id}/commit"
          - "POST /v1/reservations/{reservation_id}/release"
    required: [endpoint]
  then:
    required: [reservation_id]

Endpoints without a path-arg reservation_id (POST /v1/decisions, POST /v1/reservations) are unaffected.

Verified:

• commit endpoint, no reservation_id → rejected
• release endpoint, no reservation_id → rejected
• commit endpoint, WITH reservation_id → valid

Prose on ErrorPayload description updated to reflect the conditional rule.

3 — LOW: stale "four properties / other three" prose

EvidencePayload.description said "four properties" / "other three" but error is now the 5th branch. Updated to "five properties" / "other four", with a new sentence noting that the artifact_type ↔ payload-key pairing is enforced at the top-level via allOf/if/then.

Byte stability

No fixture canonical bytes change in this commit (only the spec yaml edited; generator untouched). All 11 evidence_ids and signatures are byte-identical to 708ee24. Confirmed by empty git diff on cases/*.json.

Validation

• python verify.py: 11/11 verified
• JSON Schema validation of all 11 fixtures against the tightened spec: 11/11 valid
• F1 cross-product matrix: 20/20 mismatch pairs rejected (5 matching pairs valid)
• F2 negative: commit-endpoint + release-endpoint ErrorPayload without reservation_id both rejected
• F2 positive: commit-endpoint ErrorPayload WITH reservation_id valid
• Prior regressions still trip: non-dry DENY rejected; commit-body under reserve endpoint rejected; ttl_ms=500 rejected
• npx spectral lint drafts/cycles-evidence-v0.1.yaml --fail-severity=error: 0 errors, 3 expected schema-only warnings (unchanged set)

[amavashev]

Review round 4 — reviewer flagged 1 finding (rule A below). Proactively swept the canonical for sibling "MUST be absent / Present only when" rules and found 6 more in the same class. All 7 fixed in dba1fe6. Same rigor protocol: empirically reproduce, paired negative test per rule.

REVIEWER-FLAGGED (1)

A — ErrorPayload.reservation_id MUST be absent for non-path endpoints. The round-3 fix only enforced the REQUIRED side for commit/release endpoints; the ABSENT side for decisions/reservations was unconstrained. A stray reservation_id on a POST /v1/decisions error envelope would mislead audit consumers into binding the error to a reservation the endpoint never named.

Fix added as a 6th branch to ErrorPayload.allOf:

- if:
    properties:
      endpoint:
        enum:
          - "POST /v1/decisions"
          - "POST /v1/reservations"
    required: [endpoint]
  then:
    not:
      required: [reservation_id]

PROACTIVE SWEEP (6)

grep "MUST be absent" cycles-protocol-v0.yaml found six more rules in the same mirror-drift class that the schema wasn't enforcing. Doing the broader pass here breaks the find-more-each-round pattern. Each rule has a paired negative test.

Rule	Source	Constraint
B	L752	DecisionResponseMirror: caps present iff decision=ALLOW_WITH_CAPS
C	L997	ReservationCreateResponseMirror: caps present iff decision=ALLOW_WITH_CAPS
D	L981, L1404	ReservePayload: dry_run=true → reservation_id MUST be absent
E	L1404	ReservePayload: dry_run=true → expires_at_ms MUST be absent
F	L981	ReservePayload: dry_run NOT true → reservation_id MUST be present
G	L981	ReservePayload: dry_run NOT true → expires_at_ms MUST be present

B and C are mirror-level if/then/else. D+E and F+G are added to ReservePayload.allOf (along with the existing non-dry-DENY rule from round 1). Combined with that round-1 rule, the non-dry branch is guaranteed decision=ALLOW or ALLOW_WITH_CAPS — both of which require the IDs per canonical L981.

Validation

• Positive: 11/11 fixtures still valid
• Negatives (10 paired with the 7 new rules) — all REJECT:
  • reservations endpoint + stray reservation_id
  • decisions endpoint + stray reservation_id
  • decide ALLOW + spurious caps
  • decide ALLOW_WITH_CAPS + missing caps
  • reserve ALLOW + spurious caps
  • reserve ALLOW_WITH_CAPS + missing caps
  • dry_run=true + reservation_id present
  • dry_run=true + expires_at_ms present
  • non-dry ALLOW + missing reservation_id
  • non-dry ALLOW + missing expires_at_ms
• Prior-round regressions (round 1-3 negatives still trip):
  • artifact_type/payload mismatch (round 3)
  • commit endpoint + no reservation_id (round 3)
  • non-dry DENY (round 1)
  • ttl_ms=500 (round 2)
• npx spectral lint drafts/cycles-evidence-v0.1.yaml --fail-severity=error: 0 errors, 3 expected schema-only warnings (unchanged set)

Byte stability

No fixture canonical bytes change in this commit (only spec yaml edited; generator untouched). All 11 evidence_ids and signatures byte-identical to 3d8b3c8. Confirmed by empty git diff on cases/*.json.

[amavashev]

Review round 5 — three findings, all confirmed against the canonical, fixed in b5ecb44. F1 was particularly embarrassing (an endpoint name typo I propagated 12 times); F2 caught my mirror-contract violation on ErrorCode; F3 caught my round-4 over-tightening on expires_at_ms.

1 — HIGH: /v1/decisions → /v1/decide

The canonical defines the decide endpoint at /v1/decide (cycles-protocol-v0.yaml:1342). The draft had /v1/decisions in 12 places: ArtifactType→endpoint mapping, ErrorPayload endpoint enum, four allOf if/then branches (request-mirror routing, reservation_id-absent rule), and two mirror descriptions. All renamed.

Why no fixture caught this: none of the 11 existing fixtures emitted an error envelope on the decide endpoint. Added 12-decide-live-forbidden.json (403 FORBIDDEN on POST /v1/decide with a real DecisionRequest body) to close the coverage gap.

Verified:

• positive: POST /v1/decide error envelope validates
• negative: stale POST /v1/decisions value now rejected as off-enum

2 — MEDIUM: ErrorResponseMirror.error open string

My MIRROR CONTRACT block says: "Mirror schemas copy field names, types, required-lists, enum values, AND structural constraints." But I left error as type: string with description listing the 15 canonical values and prose suggesting consumers "treat unknown codes as terminal" — directly contradicting the contract.

Tightened to the closed 15-value enum copied byte-for-byte from cycles-protocol-v0.yaml L429-L446. Future ErrorCode additions trigger a mirror re-cut per the documented mirror-drift process.

Verified:

• error: "FUTURE_CODE" → rejected
• error: "invalid_request" (lowercase) → rejected

3 — MEDIUM: round-4 rule G over-tightened on expires_at_ms

Canonical L981 explicitly requires reservation_id on non-dry ALLOW/ALLOW_WITH_CAPS ("Present if decision is ALLOW or ALLOW_WITH_CAPS and dry_run is false"). For expires_at_ms, the canonical L1404 only requires its ABSENCE on dry_run; the canonical schema's required list never includes it; no positive-presence prose exists. My round-4 rule G required expires_at_ms on non-dry — over-tightening that rejected envelopes the canonical accepts.

Relaxed rule 3 on ReservePayload.allOf to require only reservation_id in the non-dry branch. The dry-run absent rule (which DOES cover expires_at_ms) is unchanged. Updated prose explains the asymmetry.

Verified:

• positive: non-dry ALLOW without expires_at_ms now validates (was rejected pre-fix)
• regression: non-dry ALLOW without reservation_id still rejected
• regression: dry_run=true + expires_at_ms present still rejected

Validation summary

• 12/12 fixtures verify; 12/12 validate against the tightened schema
• All F1-F3 positive and negative cases pass
• Round 1-4 regression negatives still trip (non-dry DENY; ttl_ms out-of-range; artifact_type/payload mismatch; commit endpoint no reservation_id; ALLOW_WITH_CAPS missing caps; stray reservation_id on decide/reservations endpoints)
• npx spectral lint: 0 errors, 3 expected schema-only warnings (unchanged set)

Byte stability

Fixtures 1-11 byte-identical to dba1fe6. Fixture 12 is new. Generator deterministic; same test signer seed produces the same Ed25519 keypair on every run.

Self-note

F1 is the kind of miss the rigor protocol exists to prevent — a literal-string typo I propagated 12× without ever spot-checking against the canonical paths. Adding fixture 12 also addresses the deeper cause: no coverage of the decide error path meant my schema had a typo that no test could find. Saved as a memory rule: when adding an endpoint to a discriminator enum, immediately add at least one fixture exercising that endpoint.

[amavashev]

Review round 6 — finding confirmed against canonical, fixed in 66ef936. Sweep for sibling drift cleared (no more additionalProperties: true slots diverging from canonical).

Finding (MEDIUM) — CommitRequestMirror.metrics was an arbitrary object

CommitRequestMirror.metrics was type: object, additionalProperties: true but canonical CommitRequest.metrics references the constrained StandardMetrics schema (cycles-protocol-v0.yaml L1055-L1056 → L1008-L1034: additionalProperties: false with 5 specific fields).

Reproduced: metrics: { "bogus_metric": -1 } validated under the previous schema; canonical rejects.

Fix

• Added StandardMetrics schema under "Common nested types" — copies the canonical exactly: 5 fields (tokens_input, tokens_output, latency_ms all with minimum: 0; model_version with maxLength: 128; custom as the additionalProperties: true escape hatch) plus top-level additionalProperties: false.
• CommitRequestMirror.metrics switched from arbitrary object to $ref: StandardMetrics.

Proactive sweep

Per rigor-protocol rule, swept for sibling additionalProperties: true slots in mirrors. Five total:

Slot	Canonical line	Verdict
DecisionRequestMirror.metadata	L729	genuinely loose in canonical ✓
ReservationCreateRequestMirror.metadata	L860	genuinely loose in canonical ✓
CommitRequestMirror.metrics	L1055	divergent — fixed
CommitRequestMirror.metadata	L1057	genuinely loose in canonical ✓
ErrorResponseMirror.details	L480	genuinely loose in canonical ✓

Only metrics was divergent; the four metadata/details slots are genuinely additionalProperties: true in the canonical. No additional drift.

Coverage gap closed — fixture 13

The reason no prior fixture caught this: fixture 05 (only commit fixture before round 6) didn't populate metrics. Same coverage-gap pattern as fixture 12 in round 5 (/v1/decide endpoint). Added 13-commit-with-metrics.json — a commit envelope with all five StandardMetrics fields populated, including the custom escape hatch carrying cache_hit_ratio and retry_count.

Validation

• 13/13 fixtures verify and schema-validate
• F NEG: reviewer's exact case ({ "bogus_metric": -1 }) → rejected
• F NEG: tokens_input: -1 → rejected
• F NEG: model_version at 129 chars → rejected
• F NEG: latency_ms: -100 → rejected
• F POS: custom escape hatch with arbitrary nested content → valid (canonical escape hatch works as designed)
• Prior regressions still trip: error=FUTURE_CODE; stale /v1/decisions; non-dry DENY; ALLOW_WITH_CAPS without caps
• npx spectral lint: 0 errors, 3 expected schema-only warnings

Byte stability

Fixtures 1-12 byte-identical to b5ecb44. Fixture 13 is new.

Self-note

The two recent rounds (5 + 6) both surfaced bugs whose root cause is fixture coverage gaps, not schema design. Pattern: when adding a new constraint or enum value, I should immediately add a fixture exercising it. Already encoded as rule 5 in my review-rigor memory; this round added rule 6 (cross-check literal strings against canonical via grep). The coverage rule continues to pay back — round 6's bug would have been invisible without fixture 13.

[amavashev]

Round 7 — single doc fix in f735de8. README line 37 incorrectly called the StandardMetrics fixture a "closed-enum" mirror; it's a constrained object schema, not an enum. Updated to "constrained StandardMetrics mirror (object schema with additionalProperties: false and per-field constraints; not an enum)".

Swept for sibling occurrences of "closed-enum": generate.py:332 correctly describes the canonical UnitEnum (USD_MICROCENTS / TOKENS / CREDITS / RISK_POINTS) — that one stays.

Documentation-only. All 13 fixtures byte-identical to 66ef936.

---

Also: thanks for the all-clear on behavioral/spec compliance ("No remaining behavioral/spec-compliance issues found"). After seven review rounds — six finding rounds and this doc round — the spec, mirrors, fixtures, and verifier are clean against cycles-protocol-v0.yaml. The fixture set (13 envelopes) now covers all five artifact types, every Unit enum value, every decision branch, the live error path on every endpoint, the dry-run + non-dry reserve decision matrix, StandardMetrics, optional trace_id omission, and the artifact_type/payload cross-product. Negative-test matrix at the schema layer rejects every protocol-impossible shape we've identified.

Ready for whatever's next on the path to merge.