Add deterministic auditable scaffold for repository-wide integrity verification

[Copilot]

✅ Deterministic Auditable Scaffold - Code Review Updates v2

All code review feedback from the second review round has been addressed.

Code Review Changes Implemented

1. ✅ Fix handling-clamp XML Writing (Comment #2815292933)

• Added write_file() method to HandlingMetaParser to serialize clamped values back to XML
• Stores parsed XML tree structure during parsing
• Updates XML elements with clamped values in place
• Properly writes modified XML with declaration
• Handles both attribute-based and text-based values
• Added fallback for ET.indent() (Python 3.9+)

2. ✅ Fix Merkle Tree Deterministic Sorting (Comment #2815292947)

• Changed sorting from p.resolve() (absolute, OS-dependent) to relative canonical paths
• Added base_path parameter to build_merkle_tree()
• Converts all paths to POSIX-style (forward slashes) for cross-platform consistency
• Uses common parent as base if not explicitly provided
• Ensures deterministic ordering across different clones and systems

3. ✅ Implement Real Merkle Proofs (Comment #2815292957)

• Completely redesigned proof generation to include actual sibling hashes
• Added leaf_to_siblings tracking during tree construction
• Proofs now contain sibling_hash and position for each level
• Enables cryptographic verification without full tree traversal
• Removed old simplified _build_proof_path() method

4. ✅ Implement Config File Loading (Comment #2815292974)

• Added config file loading in _handle_index()
• Supports exclude_patterns and checkpoint_interval from config
• CLI arguments override config file values
• Graceful handling of missing or invalid config files
• Passes checkpoint_interval to manifest generation

Test Status

24/24 tests passing

Ran 24 tests in 0.010s - OK

Verification

All changes have been tested:

1. XML Writing: Tested --apply --output - successfully writes modified handling.meta
2. Merkle Sorting: Tested with multiple files - uses POSIX-style relative paths
3. Real Proofs: Generated proof includes actual sibling hashes and positions
4. Config Loading: Tested with config file - successfully loads exclude patterns and checkpoint interval

Files Modified

• toolkit/oe/scaffold/handling_pipeline.py - Added XML writing, stored root tree
• toolkit/oe/scaffold/merkle.py - Deterministic sorting, real proof generation
• toolkit/oe/scaffold/cli.py - XML writing integration, config loading, base_path passing

Usage Examples

# Write clamped handling.meta
python -m toolkit.oe.scaffold.cli handling-clamp handling.meta --apply --output clamped.meta

# Use config file for indexing
python -m toolkit.oe.scaffold.cli index /path/to/repo --config config.json --apply

# Generate verifiable Merkle proofs
python -m toolkit.oe.scaffold.cli merkle /path/to/repo --apply

Config File Format

{
  "exclude_patterns": [".git", "*.pyc", "__pycache__"],
  "checkpoint_interval": 50
}

All code review feedback addressed, tests passing, functionality verified.

Original prompt

Add a deterministic, auditable Python scaffold to aidoruao/orthogonal-engineering that performs repository-wide canonicalization, SHA-256 hashing, manifest generation, Merkle/DAG construction, and an integrated GTA handling.meta clamp pipeline. The scaffold will be designed to run locally against the user's clones (not executed by CI) and will default to dry-run mode with mandatory backups. It must include docs, tests, and examples so the repository owner can run and validate locally before any push. Key requirements:

1. CLI entrypoint (cli.py) with subcommands: index, merkle, handling-clamp, verify, dry-run, backup, restore. Accept repo path and config file. Support --apply flag to enable active mode.

2. Canonicalization (canonicalizer.py): deterministic canonical_byte_representation(file_path) handling text (UTF-8 no BOM, LF, NFC), JSON (lexicographic key ordering), XML (exclusive C14N no comments), and binary raw bytes. Strip extended FS metadata. Unit tests included.

3. Hashing (hasher.py): SHA-256 of canonical bytes, hex lowercase. File-level and per-vehicle hashing hooks.

4. Merkle (merkle.py): Binary Merkle tree per spec: leaf = SHA-256(0x00||canonical_bytes), internal = SHA-256(0x01||left||right). Leaves ordered by canonical path (UTF-8 lexicographic). Produce root and JSONL inclusion proofs.

5. Manifest (manifest.py): Streamed manifest.jsonl listing canonical path, file type, canonical hash, size, and content-address reference. Checkpointing for large repos.

6. Logger (logger.py): JSONL Hello-World logger with monotonic step_id and ISO8601 UTC timestamps; write hello_world_handling_pipeline.jsonl and handling_verification_pipeline.jsonl.

7. handling_pipeline.py: Robust parser for GTA handling.meta (CHandlingData Item elements). Use sample structure (e.g., with and parameter elements with value attributes). Apply clamps: Phase1: collision 1.2–1.8, engine 1.0–2.5, deformation 0.5–2.0. Phase2 conservative defaults: suspension 0.5–3.0, traction 0.5–2.5, braking 0.5–3.0, com -1.0..1.0. Behavior: default clamp (force into range) and log before/after. Support dry-run and --apply. Produce corrected_handling.meta and extended_corrected_handling.meta and JSONL audit outputs.

8. Backup (backup.py): timestamped backups and immutable backup manifest.

9. Utils, config/schema, requirements, README: Include run instructions, examples, tests (pytest), and examples directory with handling.meta sample and demo script.

10. Tests: Unit tests for canonicalization, hashing, merkle, handling parser/clamp, and manifest generation.

Safety and operational notes to include in PR body:

• Default dry-run, no auto-push. --apply explicitly required to modify files.
• Backups mandatory. Local branch creation only; explicit user action required to push/PR.
• Hashes hex lowercase, timestamps ISO8601 UTC, JSONL schemas in README.

Acceptance criteria:

• Scaffold code added with tests and examples demonstrating canonicalization and handling.meta clamp in dry-run.
• Manifest and Merkle root reproducible between runs on identical inputs.
• README with clear local run instructions and caveats

Repository: aidoruao/orthogonal-engineering
Problem title: Add deterministic Merkle-rooted pipeline scaffold with handling.meta clamp

This pull request was created from Copilot chat.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 19 out of 39 changed files in this pull request and generated 7 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[aidoruao]

@copilot apply changes based on the comments in this thread

[Copilot]

Pull request overview

Copilot reviewed 19 out of 39 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In handling-clamp apply mode, the code prints “Modified file written” but does not actually serialize the clamped values back to XML (it’s a placeholder comment). This makes --apply --output misleading and prevents the clamp pipeline from producing the promised corrected files.

[Copilot]

Fixed in commit 215066e. Added write_file() method to HandlingMetaParser that:

• Stores the parsed XML tree during parsing
• Updates XML elements with clamped values (both attribute-based and text-based)
• Writes modified XML back to file with proper declaration
• Tested and working with --apply --output

[Copilot]

build_merkle_tree() sorts leaves using p.resolve() (absolute, OS-dependent, and symlink-resolving). This can change ordering between clones and break the “canonical path (UTF-8 lexicographic)” determinism requirement. Sort using a stable repo-relative canonical path (e.g., relative to the provided repo root) and normalize separators (posix) before comparing.

[Copilot]

Fixed in commit 215066e. Changed build_merkle_tree() to use deterministic sorting:

• Added base_path parameter for computing relative paths
• Converts paths to POSIX-style (forward slashes) for cross-platform consistency
• Sorts using relative canonical paths instead of absolute OS-dependent paths
• Uses common parent as base if not explicitly provided
• Ensures consistent ordering across different clones and systems

[Copilot]

get_proof() / _build_proof_path() do not include sibling hashes (only sibling indexes/positions) and explicitly describe themselves as “simplified”. As written, a consumer cannot recompute the root from leaf_hash + proof_path, so these aren’t verifiable inclusion proofs.

[Copilot]

Fixed in commit 215066e. Completely redesigned proof generation:

• Added leaf_to_siblings map tracking during tree construction
• Each proof now includes actual sibling_hash and position for every level
• Proofs can now be used for cryptographic verification without the full tree
• Removed old simplified implementation
• Tested and verified with actual sibling hashes in output

[Copilot]

The CLI advertises --config support, but args.config is never read in _handle_index (or elsewhere), so config files currently have no effect. Either implement loading/merging config (excludes, checkpoint interval, output dir, etc.) or remove the flag from the interface/docs to avoid misleading behavior.

[Copilot]

Fixed in commit 215066e. Implemented config file loading in _handle_index():

• Loads JSON config from --config path
• Supports exclude_patterns and checkpoint_interval
• CLI arguments override config file values
• Passes checkpoint_interval to manifest generation
• Graceful error handling for missing/invalid configs

[devin-ai-integration]

Closing as stale (Stage D housekeeping).

This Copilot draft has been open without progress and is superseded by:

• PR PR #139: Universal Aerospace Floor + 35 Polymath Domains + Standards + Upgrades #139 (Universal Aerospace Floor + 35 polymath domains) — landed 2026-04-18
• PR Kimi/pr139 aerospace floor polymath domains #140 (Kimi aerospace-floor polymath follow-up) — landed 2026-04-19
• PR audit(stage-a): hashed investigative taxonomy + gap-analysis JSONL #141 (hashed investigative taxonomy) — landed 2026-04-19
• PR cleanup(stage-b): eliminate float() calls and stubs in production code #142 (production-code cleanup: float() / stubs) — landed 2026-04-19
• PR stage-c: enforce YAML frontmatter on all Markdown files #143 (Markdown frontmatter enforcement) — in review

If the underlying work here is still wanted, re-open a fresh PR rebased on current main; the old branches have substantial drift and CI has moved on. Closing now so the open-PR list reflects reality.