feat: φ-coherence optimization — Sacred Laws compliance#65
Open
feat: φ-coherence optimization — Sacred Laws compliance#65
Conversation
* feat: standardize HeadyKey as public auth product, update HeadyVault to coming-soon - Update HeadyKey branding (meta, hero, features, site content) to position as the public-facing auth product powered by HeadyAuth v5.0 - Update HeadyKey site (index.html) with auth-specific capabilities (login/SSO, API keys, RBAC, audit) - Update HeadyVault to coming-soon/waitlist mode (no backend service yet) - Add heady-key entry in service-catalog.yaml with internal service mappings to auth-service (port 3309) and auth-session-server (port 3310) - Add docs/auth-service-boundaries.md documenting the service boundary between auth-service and auth-session-server - Add headykey.com, headyvault.com, headysecure.com to auth-session-server CORS config and Cloudflare Worker ALLOWED_ORIGINS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: register HeadyKey/HeadyVault in site generator, edge worker, and deploy pipeline Rollout blockers found in PR #68 review: 1. generate-all-sites.js: HeadyKey and HeadyVault were categorized as internal "tool" sites with stale taglines. Promoted to "product" with correct branding and dir mappings. Re-running the generator would have overwritten the hand-crafted HTML from the previous commit. 2. cloudflare-worker.js: Neither domain was in HOSTNAME_VERTICAL_MAP or VERTICAL_EDGE_CONFIGS. Requests to headykey.com/headyvault.com would fall through to the default vertical (headyme). Added hostname entries and edge configs with correct OG metadata and violet accent. 3. vertical-registry.json: HeadyKey and HeadyVault were completely missing. Added both with correct status (active vs planned), aliases, and infra config. 4. deploy-sites.sh: Neither domain was in the SITES deploy array. Added headykey and headyvault entries with Cloud Run service names. 5. stats.json: Both domains had generic placeholder stats. Updated HeadyKey with auth-specific stats (27 OAuth providers, 4 RBAC levels, 60+ domains, 0 CORS wildcards) and HeadyVault with vault-specific planned capabilities. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ci): resolve CI failures — remove corrupted lockfile, standardize pnpm Root causes of all 4 failing CI jobs: 1. package-lock.json had 200+ unresolved merge conflict markers (pre-existing on main), causing npm ci to fail in hcfullpipeline-ci.yml jobs 2. hcfullpipeline-ci.yml used npm instead of pnpm (repo uses pnpm) 3. setup-heady action's pnpm self-installer fetched Node 20, ignoring the Node 22 set by actions/setup-node (engines.node requires >=22) 4. frontend/vite.config.ts had unresolved merge conflict markers (pre-existing) Fixes: - Delete corrupted package-lock.json (repo is pnpm-based, uses pnpm-lock.yaml) - Remove !package-lock.json override from .gitignore - Migrate hcfullpipeline-ci.yml from npm to pnpm via setup-heady action - Add standalone: true to pnpm/action-setup to use system Node - Drop Node 20 from CI matrix (incompatible with engines.node >=22) - Resolve frontend/vite.config.ts merge conflict (keep HEAD version) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ci): resolve all fixable CI failures — Node version, workspace refs, tests Root causes and fixes: 1. .npmrc use-node-version=20.18.0 → 22.22.1 pnpm enforced Node 20 despite setup-node installing Node 22, causing ERR_PNPM_UNSUPPORTED_ENGINE on all CI jobs. 2. Workspace package name mismatches (@heady/ vs @heady-ai/) - phi-math, phi-math-foundation, heady-guard renamed to @heady-ai/ - 15 cross-references updated to match - @heady-ai/heady-memory → @heady-ai/memory (actual name) - @heady/platform → @heady-ai/platform, @heady/structured-logger → @heady-ai/structured-logger 3. Frontend added to pnpm workspace - Added 'frontend' to pnpm-workspace.yaml so vite gets installed - Updated build script to use pnpm --filter 4. Test fixes - Removed @jest/globals imports (10 files) — vitest globals are available - Fixed ESM/CJS mixed-mode in env-schema, vector-memory, hypervector tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ci): add frontend entry point, fix test assertions and import paths - Add frontend/index.html for Vite 8 build (resolves UNRESOLVED_ENTRY error) - Fix Fibonacci array index off-by-one in vector-memory and pipeline tests - Fix hypervector.test.js import path (../src → ../../src) - Convert phi-math.test.js require() to await import() for ESM compat - Fix tool-registry.test.js: remove explicit vitest import, use await import - Fix package-ci.yml: use pnpm -r --filter instead of passing --filter to vite Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(frontend): add missing lucide-react dependency App.jsx, ActivityBar, and StatusBar import icons from lucide-react but it was not declared in frontend/package.json. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Agent <claude-agent@headysystems.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
auth.headysystems.com/login was rendering the HeadyMe marketing page because the worker-heady-router fell through to the Cloud Run origin (which serves marketing content as a catch-all). The origin proxy succeeded with 200, so the branded fallback never triggered. Fix: embed self-contained auth login and relay pages directly in the worker-heady-router for the auth-portal module. Requests to / and /login get the HeadyKey login form; /relay gets the cross-domain auth relay. API routes (/api/auth/*, /oauth/*) still proxy to origin. Also updates the auth-portal brand from "Heady Auth" to "HeadyKey" with CTA pointing to the login page instead of headyme.com. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ER 0-4 - Law 3 (Sovereignty): Remove localhost fallbacks from connection-pool.js, http-helpers.js → use db.headysystems.com / api.headysystems.com - Law 4 (Zero Placeholders): Replace TODOs in auth-manager.js with real OAuth2 code exchange; implement tier lookup in cross-site-auth.js - Law 4 (Structured Logging): Replace console.log with Pino structured logger in env-validator.js, session-server.js, trust-receipt-signer.js, heady-auto-context.js (6 files, 12+ occurrences) - φ-Constants Dedup: hc-brain, hc-checkpoint, feature-flags now import from shared/phi-math.js instead of redeclaring PHI/PSI/FIB - core-sdk: Implement @heady-ai/core-sdk with φ-coherence validator, Sacred Laws validator, and isPhiAligned utility Target: φ-coherence ≥ 0.809 across all registered components https://claude.ai/code/session_01UGS6H9sEfhnLKCke8emuVM
…telist Removes '*' CORS defaults in heady-vector, heady-embed, heady-guard servers and heady-main.js. Defaults to Heady domain whitelist when env vars not set. https://claude.ai/code/session_01UGS6H9sEfhnLKCke8emuVM
…ents Eliminates localhost defaults in hcfp-runner, headybee-swarm, and auto-success-engine. Uses cloud endpoints as defaults. https://claude.ai/code/session_01UGS6H9sEfhnLKCke8emuVM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
localhostfallbacks inconnection-pool.jsandhttp-helpers.js— replaced withdb.headysystems.com/api.headysystems.comauth-manager.js, Neon tier lookup incross-site-auth.jsconsole.logcalls acrossenv-validator.js,session-server.js,trust-receipt-signer.js,heady-auto-context.jswith Pino structured loggerhc-brain,hc-checkpoint,feature-flags.jsnow import fromshared/phi-math.jsinstead of redeclaring PHI/PSI/FIB@heady-ai/core-sdkwithvalidatePhiCoherence(),systemPhiCoherence(),isPhiAligned(), andvalidateSacredLaws()utilitiesFiles Changed (17)
shared/connection-pool.jsshared/js/connection-pool.jsshared/http-helpers.jsshared/auth-manager.jsshared/source-reference/auth-manager.jsshared/cross-site-auth.jsshared/env-validator.jsshared/config/env-validator.jsshared/session-server.jsshared/auth/session-server.jsshared/trust-receipt-signer.jsshared/heady-auto-context.jsshared/source-reference/heady-auto-context.jsshared/feature-flags.jspackages/hc-brain/src/index.jspackages/hc-checkpoint/src/index.jspackages/core-sdk/src/index.jsTest plan
shared/phi-math.jsimports resolve correctly from packagesnpm testin monorepo roothttps://claude.ai/code/session_01UGS6H9sEfhnLKCke8emuVM