feat: harden standards spine to M3 readiness

[Copilot]

Advances SocioProphet/functional-model-surfaces from M2 to M3 by adding CI-enforced negative fixtures, a negative fixture runner, and the two standards documents required by the M3 gate.

Negative fixtures (fixtures/invalid/)

Four invalid documents — two per schema — each rejected for a distinct schema reason:

• functional-service.missing-schema-version.json → missing required schemaVersion
• functional-service.invalid-status.json → status: "published" not in enum
• maturity.invalid-level.yaml → level: M6 not in enum
• maturity.empty-owners.yaml → owners: [] violates minItems: 1

Negative fixture runner (tools/run_negative_fixtures.py)

Iterates all four fixtures, asserts each raises jsonschema.ValidationError, prints the rejection reason, and exits non-zero if any fixture unexpectedly passes.

Makefile

Added negatives target wired into validate:

validate: lint examples maturity negatives
negatives:
    python3 tools/run_negative_fixtures.py

Documentation

• docs/MATURITY_MODEL.md — Full M0–M5 gate definitions with evidence requirements per level, the repo.maturity.yaml evidence format, Sociosphere/workspace-inventory ingestion contract (pull model, scorecard fields, registration steps), and a plane taxonomy table distinguishing standards, lab, runtime, governance, SourceOS-carry, and workspace-governance concerns.
• docs/LAB_TEMPLATE.md — Required SociOS-Linux/*lab skeleton, annotated functional-service.v1 manifest with field-level guidance, promotion chain diagram, prohibited content table (weights, secrets, SourceOS image state), minimum Makefile and CI snippet, and a pre-promotion checklist.

repo.maturity.yaml

Promoted maturity.level M2 → M3, targetLevel M3 → M4, lastKnownStatus unknown → passing, evidence list updated to name all new artifacts, nextActions updated to M4 targets.

[Copilot]

Pull request overview

This PR advances the repository’s maturity posture toward the M3 gate by adding CI-enforced negative fixtures, a runner to assert invalid documents are rejected by the schemas, and updated maturity/documentation artifacts describing the standards and lab expectations.

Changes:

• Add a negative fixture runner (tools/run_negative_fixtures.py) and wire it into make validate.
• Introduce invalid fixtures under fixtures/invalid/ to ensure schemas reject malformed records for distinct reasons.
• Promote repo.maturity.yaml from M2→M3 (and target M3→M4) and add M3 gate documentation (docs/MATURITY_MODEL.md, docs/LAB_TEMPLATE.md).

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
tools/run_negative_fixtures.py	Adds a CLI runner that validates the repo’s schemas reject known-bad fixtures.
Makefile	Adds negatives target and includes it in validate.
fixtures/invalid/functional-service.missing-schema-version.json	Negative fixture to assert required schemaVersion is enforced.
fixtures/invalid/functional-service.invalid-status.json	Negative fixture to assert service status enum is enforced.
fixtures/invalid/maturity.invalid-level.yaml	Negative fixture to assert maturity level enum is enforced.
fixtures/invalid/maturity.empty-owners.yaml	Negative fixture to assert owners minItems: 1 is enforced.
repo.maturity.yaml	Updates maturity level/targets and evidence/nextActions for M3 readiness.
docs/MATURITY_MODEL.md	Documents M0–M5 gates and workspace-inventory ingestion expectations.
docs/LAB_TEMPLATE.md	Documents required lab repo skeleton and functional-service manifest guidance.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The negative fixture runner calls jsonschema.validate(...) directly but does not run Draft202012Validator.check_schema(schema) like the other validation helpers in tools/. Adding a schema check would make failures clearer (schema errors vs. fixture validation errors) and keep validation behavior consistent across scripts.

[Copilot]

The guidance for service.status is internally inconsistent: the field table says to use draft or experimental in the lab, but the pre-promotion checklist later says status must be experimental or candidate (not draft). Please clarify the intended rule (e.g., allow draft during development but require experimental/candidate for promotion PRs) so readers don’t follow conflicting instructions.

[Copilot]

run_negative_fixtures.py assumes it is executed from the repo root (all schema/fixture paths are relative to the current working directory). This is brittle when the script is run directly from another directory or invoked by tooling; consider resolving paths relative to the repository root (e.g., based on __file__) before reading schemas/fixtures.

[mdheller]

@codex Please review this PR in the SocioProphet/functional-model-surfaces Codex environment. Do not broaden scope. Inspect the live repo and determine whether the M3 readiness changes, negative fixtures, maturity docs, and validation wiring satisfy the PR claims. Return a merge/no-merge recommendation with concrete blockers, or open one small follow-up PR only if there is a real defect. Include validation reasoning.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Hooray!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mdheller]

Reviewed scope and validation. Codex review found no major issues. Changed files are bounded to M3 readiness docs, negative fixtures, repo maturity metadata, Makefile, and the negative fixture runner. Validation workflow is green.