fix(dinn): wire DINN reasoner to live routes + DSSE-signed receipts (additive, no v11 bump)#106
Open
stephenlutar2-hash wants to merge 1 commit into
Open
fix(dinn): wire DINN reasoner to live routes + DSSE-signed receipts (additive, no v11 bump)#106stephenlutar2-hash wants to merge 1 commit into
stephenlutar2-hash wants to merge 1 commit into
Conversation
…additive)
Scope: pinns-dinn-finish — ADDITIVE, NOT a v11 doctrine bump.
This completes the existing DINN code already in amaru (no new repo created;
the PINN/DINN home is amaru + uds-mesh per founder redirect). Changes:
* serve.py — ROUTE-ORDER FIX (the central wiring bug). The SPA catch-all
"/{path:path}" was registered BEFORE app.mount("/api/amaru", ...) and the
16 explicit /api/amaru/v1/* routes. Starlette matches in registration order,
so the catch-all SHADOWED the mounted DINN sub-app and every /v1/* route —
they returned SPA HTML instead of JSON, breaking the DINN web panel's
runDinn() res.json() call. The catch-all is now registered LAST (behavior
byte-identical; only its position moved). No route removed.
* sidecar/src/amaru/app.py — corrected the DINN monitor's stale "v9
(456/14/6)" doctrine string to the canonical v11 numbers
(749/14/163, replay c7c0ba17) served by /api/amaru/v3/doctrine; added
doctrine_replay_hash, lambda_status (Conjecture 1 — NOT a theorem),
slsa (L1 honest). Added two ADDITIVE endpoints:
- GET /chakra/dinn/v1/healthz (reachability + signing availability)
- GET /chakra/dinn/receipt (final_state_hash, ledger_digest,
stop_reason convergence|max_iter, residual_loss, DSSE envelope)
* sidecar/src/amaru/dinn_dsse.py — NEW inline DSSE signer mirroring root
szl_dsse.py: keyid szlholdings-cosign, ECDSA P-256 over DSSEv1 PAE, private
key from env SZL_COSIGN_PRIVATE_PEM, embedded public key for offline verify,
honest UNSIGNED fallback (NO fabricated signatures).
* sidecar/tests/test_dinn_receipt.py — NEW, 5 tests (v11 monitor, healthz,
receipt shape, unsigned fallback, signed ECDSA round-trip). All pass.
* web/index.html — added an "Emit DSSE-signed receipt" button + runDinnReceipt()
and a verbatim Bekenstein ANALOGY-ONLY disclaimer.
HONESTY (preserved verbatim): every DINN ships its Lean obligation as a `sorry`
placeholder — none is claimed proven. The DSSE signature attests the receipt
bytes, NOT any physics or governance guarantee. Bekenstein-DINN is ANALOGY ONLY.
Lambda uniqueness remains Conjecture 1 (never a theorem). SLSA L1 (honest).
Note: Doctrine v12 (781/14/194) was declared 2026-06-01 as a monotone superset;
v11 citations remain valid, so this DINN response keeps the v11 numbers that the
live /v3/doctrine endpoint currently serves. A v12 bump (if desired) is a
separate doctrine-agent change, intentionally NOT made here to avoid scope creep.
Co-Authored-By: Perplexity Computer Agent <agent@szlholdings.com>
Signed-off-by: Yachay <yachay@szlholdings.dev>
stephenlutar2-hash
added a commit
that referenced
this pull request
Jun 1, 2026
…en PRs (Doctrine v11) (#109) ## Foundational fix — unblocks all open amaru PRs ### Problem `tests/test_telemetry_and_health.py::test_healthz_includes_git_sha_and_otel_flag` fails on `main`. This is the single failing required check ("Python sidecar — existing chakra tests") that blocks **every** open amaru PR (#105, #106, #107, and others). The `sidecar/src/amaru/version.py` module already resolves `GIT_SHA`, `GIT_SHA_SHORT`, `BOOT_TS`, and `telemetry.otel_active()` already exists — but the `/healthz` handler in `app.py` never surfaced them. The test expects `gitSha`, `gitShaShort`, `bootTs`, and `otel` in the body. ### Fix Adds 4 keys to the `/healthz` JSON body, reusing the already-resolved values. **Additive, zero-bandaid** — no behavior change to chakras / scheduler / receipts. ```diff +from . import telemetry as _telemetry +from . import version as _version ... "version": __version__, + "gitSha": _version.GIT_SHA, + "gitShaShort": _version.GIT_SHA_SHORT, + "bootTs": _version.BOOT_TS, + "otel": _telemetry.otel_active(), ``` ### Verification Reproduced the exact CI env (`pip install -e ".[dev]"`, no opentelemetry) in a clean venv: - Before: `test_healthz_includes_git_sha_and_otel_flag` FAILED - After: **53 passed, 1 skipped** — full `tests/` suite green ### Doctrine Doctrine v11 (749/14/163 LOCKED). SLSA L1 (honest). No doctrine bump. Sign: Yachay. Perplexity Computer Agent. Signed-off-by: stephenlutar2-hash <yachay@szlholdings.dev> Co-authored-by: stephenlutar2-hash <yachay@szlholdings.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
scope: pinns-dinn-finish — ADDITIVE, NOT a v11 doctrine bump
Completes the existing DINN code already in amaru (per founder redirect: no new
pinns-corerepo — the PINN/DINN home is amaru + uds-mesh). Every change is additive; no route was removed and no doctrine number was bumped.What this fixes
The central wiring bug.
serve.pyregistered the SPA catch-all@app.get("/{path:path}")beforeapp.mount("/api/amaru", ...)and the 16 explicit/api/amaru/v1/*routes. Starlette matches in registration order, so the catch-all shadowed the mounted DINN sub-app and every/v1/*route — they returned SPA HTML instead of JSON, which broke the DINN web panel'srunDinn()res.json()call.Verified live before fix:
GET /api/amaru/v3/doctrine→ 200 JSON (registered before the catch-all)GET /api/amaru/chakra/dinn,/v1/honest,/v1/brainz→ 200 HTML (shadowed)Changes (all additive)
"v9 (456/14/6)"string to canonical v11 (749/14/163, replay c7c0ba17); addeddoctrine_replay_hash,lambda_status(Conjecture 1 — NOT a theorem),slsa(L1 honest). Added two endpoints:GET /chakra/dinn/v1/healthz— reachability + DSSE signing availabilityGET /chakra/dinn/receipt—final_state_hash,ledger_digest,stop_reason(convergence|max_iter),residual_loss, DSSE envelopeszl_dsse.py: keyidszlholdings-cosign, ECDSA P-256 over DSSEv1 PAE, private key from envSZL_COSIGN_PRIVATE_PEM, embedded public key for offline verify, honest UNSIGNED fallback (no fabricated signatures).runDinnReceipt()+ verbatim Bekenstein ANALOGY-ONLY disclaimer.Honesty (preserved verbatim)
The DSSE signature attests the receipt bytes, not any physics/governance guarantee. Bekenstein-DINN is ANALOGY ONLY. Λ uniqueness remains Conjecture 1 (never a theorem). SLSA L1 (honest).
Doctrine version note
Doctrine v12 (781/14/194) was declared 2026-06-01 as a monotone superset (axiom set identical, replay hash unchanged); v11 citations remain valid. This DINN response intentionally keeps the v11 numbers the live
/v3/doctrineendpoint currently serves. A v12 bump is a separate doctrine-agent change — deliberately not made here to avoid scope creep. Coordinated withdoctrine_drift_resolver.Verification
Founder UI actions required (do NOT merge without founder)
serve.pyroute-order fix.SZL_COSIGN_PRIVATE_PEMsecret in the amaru Space runtime so receipts are SIGNED; otherwise the endpoint returns the honest UNSIGNED envelope.Do not merge — additive PR for founder review. Coordinated with doctrine-drift and platform-CI agents.
Author: Yachay yachay@szlholdings.dev · Co-Authored-By: Perplexity Computer Agent