Release 1.3.0 — Wardline NG-25 descriptor consumption (asterisk 2 retired)#39
Merged
Conversation
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.1 to 4.1.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@398d4b0...6f9f177) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.2 to 3.0.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@3bb1273...b430933) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
By borrowing string slices (`&str`) instead of eagerly deep cloning `String` module IDs inside the `neighbors` map, `seen` set, and traversal `stack`, we avoid hundreds of unnecessary allocations during the graph fallback clustering algorithm. Final ownership (`.to_owned()`) is now only assumed exactly when a module is confirmed and assigned to its returned partition. Co-authored-by: tachyon-beep <544926+tachyon-beep@users.noreply.github.com>
By borrowing string slices (`&str`) instead of eagerly deep cloning `String` module IDs inside the `neighbors` map, `seen` set, and traversal `stack`, we avoid hundreds of unnecessary allocations during the graph fallback clustering algorithm. Final ownership (`.to_owned()`) is now only assumed exactly when a module is confirmed and assigned to its returned partition. Co-authored-by: tachyon-beep <544926+tachyon-beep@users.noreply.github.com>
Address code-review findings on the dogfood-integration commits. Issue #1 (federation-axiom leak): `clarion doctor` mapped BindingState::MissingOrStale to a `problem`, the only severity that fails the gate (exit 1). Since binding_state() reports MissingOrStale whenever the full three-way Clarion+Filigree+Wardline config is absent — including a legitimate Clarion-solo or Clarion+Filigree-only project — this made an enrich-only sibling effectively required, contradicting loom.md §5. Both the JSON and text doctor paths now report a `warning` for missing/stale bindings; Unparseable and --fix repair failures remain `problem`. Adds a Tally{problems,warnings} type + warn() helper so the text summary no longer claims "All orientation surfaces healthy" alongside a warning. Tests updated: bare doctor on a no-bindings project now exits 0 with the warning surfaced; the skill-only project reports "2 problems found". Issue #2 (doc accuracy): contracts.md oversold a per-row locator fallback. Clarified that Clarion sends one key per entity (SEI xor locator), with no per-row fallback — a legacy locator-keyed row for a SEI-bearing entity is not resolved until the SEI migration re-keys it. Minors: removed an unreachable duplicate `issue_cap_truncated` break in graph.rs; documented the dual-key association_aliases map in lib.rs. Verified: fmt, clippy -D warnings (clarion-cli + clarion-mcp), nextest doctor (7/7) and storage_tools (97/97). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…assumptions) Follow-up to 1076753: refresh the ADR README index line for ADR-018 Revision 3 (descriptor read; direct REGISTRY import retired) and document the two Clarion-side descriptor assumptions pending Wardline 'Pre-Rust core hardening' Task B (project-local path + descriptor-version/schema semantics) in wardline_descriptor.py. Tracked/closed under clarion-881e9834bc. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- CHANGELOG: promote [Unreleased] → [1.3.0] (2026-06-05); headline the Wardline NG-25 descriptor consumption (asterisk 2 fully retired), plus SEI-keyed Filigree issue lookups (Changed) and the clarion doctor enrich-only binding severity fix (Fixed). Add v1.2.0...v1.3.0 compare link. - README: status/scope → 1.3.0; add the Wardline-descriptor scope bullet; install snippet TAG + plugin artifact → 1.3.0. - docs/operator/getting-started.md: install snippet → 1.3.0. - CLAUDE.md: repo-state → 1.3.0; Python-plugin line (descriptor read, not L8 probe); asterisk 2 marked retired, asterisk 1 still live. Stacks 1.3.0 on the changelog-cut (untagged) 1.2.0 line. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A running filigree process rewrites managed instruction blocks in these files every session, producing constant diff noise. Untrack them (kept on disk) and ignore them so the regeneration no longer churns the repo: - CLAUDE.md - AGENTS.md - .agents/skills/filigree-workflow/SKILL.md Current contents remain in history at 0a5c9d1. CLAUDE.md/AGENTS.md also carry hand-authored doctrine; future hand-edits will be untracked, and a clone relies on filigree to regenerate them. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Move .clarion/clarion.lock into the Clarion runtime-artifacts group (was orphaned under the site-build comment) and gather the filigree-managed docs (CLAUDE.md, AGENTS.md, filigree-workflow SKILL.md) under an explanatory comment. No change to which paths are ignored. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Release 1.3.0 updates Clarion’s Rust workspace, CLI, and Python plugin to retire the last “asterisk 2” Wardline initialization coupling by switching the Python plugin from importing Wardline internals to consuming Wardline’s on-disk NG-25 trust-vocabulary descriptor, alongside release-line version bumps and a small clarion doctor severity correction.
Changes:
- Python plugin now reads the Wardline NG-25 descriptor (
.wardline/vocabulary.yamlor packagedwardline/core/vocabulary.yaml) without importing Wardline, and emits descriptor-backed Wardline decorator metadata/tags. clarion doctortreats missing enrich-only integration bindings as a warning (non-gating) instead of a gate-failing problem, in both text and JSON output.- Release housekeeping: bump versions to 1.3.0, update docs/changelog, and stop tracking filigree-regenerated guidance docs to avoid churn.
Reviewed changes
Copilot reviewed 33 out of 36 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/check-wardline-version-bounds.py | Updates the manifest guard from Wardline package semver bounds to the descriptor-version pin contract. |
| README.md | Bumps release line to v1.3.0 and documents descriptor-backed Wardline behavior and install artifact names. |
| plugins/python/uv.lock | Updates plugin version to 1.3.0 and adds pyyaml + types-pyyaml dependencies. |
| plugins/python/tests/test_wardline_descriptor.py | Adds unit tests for descriptor resolution, no-import behavior, invalid descriptors, and version skew. |
| plugins/python/tests/test_server.py | Updates initialization expectations and adds tests for capabilities + vocabulary threading into analyze_file. |
| plugins/python/tests/test_package.py | Updates version assertions and validates manifest Wardline capability + descriptor pin. |
| plugins/python/tests/test_extractor.py | Adds extractor coverage for attaching Wardline decorator metadata/tags and handling absent/skewed vocabularies. |
| plugins/python/src/clarion_plugin_python/wardline_descriptor.py | New descriptor reader: resolves project/package descriptor, parses YAML, and produces capability + vocabulary state. |
| plugins/python/src/clarion_plugin_python/server.py | Loads descriptor at initialize, advertises capabilities.wardline, and threads vocabulary into extraction. |
| plugins/python/src/clarion_plugin_python/extractor.py | Adds optional Wardline vocabulary plumbing and emits wardline entity metadata + wardline:* tags for matched decorators. |
| plugins/python/src/clarion_plugin_python/init.py | Bumps plugin module version to 1.3.0. |
| plugins/python/README.md | Updates plugin status blurb to describe descriptor-backed Wardline metadata emission. |
| plugins/python/pyproject.toml | Bumps plugin version and adds pyyaml (+ types-PyYAML for dev). |
| plugins/python/plugin.toml | Bumps version/ontology, sets wardline_aware=true, and adds [integrations.wardline].expected_descriptor_version. |
| docs/superpowers/specs/2026-06-05-descriptor-backed-wardline-annotation-metadata-design.md | New design spec describing descriptor resolution and emitted metadata/tag shapes. |
| docs/suite/loom.md | Marks the Wardline direct-import asterisk as retired and documents the descriptor-based replacement. |
| docs/operator/getting-started.md | Updates install instructions to v1.3.0 artifact names. |
| docs/federation/contracts.md | Clarifies Filigree association lookup semantics: one key per entity (SEI xor locator), no per-row fallback. |
| docs/clarion/adr/README.md | Updates ADR-018 index entry to reflect Revision 3 and descriptor read retirement. |
| docs/clarion/adr/ADR-018-identity-reconciliation.md | Adds Revision 3 note documenting descriptor consumption and removal of Wardline import coupling. |
| crates/clarion-storage/Cargo.toml | Bumps internal dependency versions to 1.3.0. |
| crates/clarion-plugin-fixture/Cargo.toml | Bumps internal dependency versions to 1.3.0. |
| crates/clarion-mcp/src/tools/graph.rs | Tightens issue-cap truncation loop control (removes redundant check). |
| crates/clarion-mcp/src/lib.rs | Adds clarifying comments around SEI/locator alias mapping during Filigree association handling. |
| crates/clarion-mcp/Cargo.toml | Bumps internal dependency versions to 1.3.0. |
| crates/clarion-federation/Cargo.toml | Bumps internal dependency versions to 1.3.0. |
| crates/clarion-cli/tests/doctor.rs | Updates doctor tests for warning-vs-problem behavior and updated summaries. |
| crates/clarion-cli/src/doctor.rs | Introduces Tally{problems,warnings} and downgrades missing/stale enrich-only bindings to warnings (non-gating). |
| crates/clarion-cli/Cargo.toml | Bumps internal dependency versions to 1.3.0. |
| CHANGELOG.md | Cuts 1.3.0 section and updates comparison links. |
| Cargo.toml | Bumps workspace version to 1.3.0. |
| Cargo.lock | Updates workspace crate versions to 1.3.0. |
| .gitignore | Regroups runtime artifacts and ignores filigree-regenerated docs to avoid churn. |
| CLAUDE.md | Removed from tracking to prevent filigree-managed regeneration churn (now ignored). |
| AGENTS.md | Removed from tracking to prevent filigree-managed regeneration churn (now ignored). |
| .agents/skills/filigree-workflow/SKILL.md | Removed from tracking to prevent per-session regeneration churn (now ignored). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
30
to
35
| from clarion_plugin_python import __version__ | ||
| from clarion_plugin_python.extractor import extract_with_stats | ||
| from clarion_plugin_python.pyright_session import PyrightRunState, PyrightSession | ||
| from clarion_plugin_python.stdout_guard import install_stdio | ||
| from clarion_plugin_python.wardline_descriptor import WardlineVocabulary, load_wardline_descriptor | ||
|
|
Comment on lines
+45
to
+48
| assert manifest["capabilities"]["runtime"]["wardline_aware"] is True | ||
| assert manifest["integrations"]["wardline"]["expected_descriptor_version"] == ( | ||
| "wardline-generic-2" | ||
| ) |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
The loom federation hub (~/loom) is now the single authoritative source for federation-wide interoperability. Repoint Clarion's federation-PATTERN content at the hub while preserving all Clarion-owned authoritative surface (ADRs, route/contract specs). - docs/suite/loom.md: founding doctrine promoted to ~/loom/doctrine.md; replace body with a pointer stub (section numbers preserved so `loom.md §N` refs still resolve). Note the roster is now 5 members + Shuttle thought-bubble, superseding the old three-member §1/§9 framing. Keep one Clarion-local note (HTTP read-API operator-trust pointer). - docs/suite/glossary.md: promoted to ~/loom/glossary.md; replace body with a pointer stub; keep title and the Clarion-ADR authority note. - docs/suite/briefing.md: keep as Clarion's intro; add a pointer to ~/loom/doctrine.md as the authoritative axiom/roster/composition-law source. - docs/suite/README.md: add a line pointing to ~/loom as the authoritative federation hub. - docs/federation/contracts.md: keep all Clarion-owned endpoint specs untouched; add a preamble pointer to ~/loom/doctrine.md (axiom) and ~/loom/contracts-index.md (contract index). No endpoint spec changed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
# Conflicts: # .github/workflows/release.yml
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Writer::spawn takes impl AsRef<Path> and db_path is already &Path, so the to_owned() allocates a throwaway PathBuf. clippy 1.95+ flags this under unnecessary_to_owned, failing the -D warnings gate (ADR-023 floor) and blocking PR #39's CI on release/1.3. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…terisk-2 - README: repoint deleted CLAUDE.md link to the tracked v1.0 docset README (CLAUDE.md/AGENTS.md are now intentionally untracked + gitignored). - docs/suite/*, docs/federation/contracts.md: strip machine-local file:///home/john/loom/* hrefs to plain ~/loom/* code spans (the loom hub is an external companion repo, not vendored — no valid in-repo target). - CHANGELOG [1.3.0]: add ### Removed section (governance script handed to Legis; CLAUDE.md/AGENTS.md; bundled filigree-workflow SKILL.md); repoint the asterisk-2 retirement reference from the now-stubbed loom.md §5 to the hub asterisk register. ADR-018 (Accepted, immutable) and historical CHANGELOG entries are left unchanged by design. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
…ce script - wardline_descriptor.py: reference filigree clarion-6ab5668d82 from the PO-confirm marker + module docstring, so the deferred Wardline descriptor contract confirmation (PROJECT_DESCRIPTOR_PATH + version semantics) is tracked rather than a bare inline note. - v1.0-cicd-readiness.md, v1.0-tag-cut/execution-plan.md: add dated superseded banners noting scripts/check-github-release-governance.py was removed post-v1.0 (governance handed to Legis) so nobody follows a dead step. Bodies left intact for v1.0 provenance; archive snapshots + the point-in-time audit doc untouched. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
…lpers (clarion-4b5a8aff54) `clarion analyze` (SEI git-rename signal) and `clarion serve` (index_diff_get freshness report) shelled `git` inside the analyzed repository with repo-local config and Git attributes enabled. A malicious repository could execute arbitrary commands as the local user during an ordinary analyze/serve via `core.fsmonitor`, an external diff/textconv driver, or a `filter.<name>.clean` selected by a `filter` attribute. This breaches the untrusted-corpus posture behind the plugin jail (ADR-021) and the pre-ingest secret scanner. Two layers, because no single config flag closes every vector: 1. A shared helper `clarion_core::hardened_git_command` routes every corpus-facing git call and neutralizes the config + attribute sources it can: ignores operator/global/system config (GIT_CONFIG_NOSYSTEM, GIT_CONFIG_GLOBAL/ SYSTEM -> null) and system attributes (GIT_ATTR_NOSYSTEM); strips config/exec-injecting env (GIT_CONFIG_COUNT, GIT_EXTERNAL_DIFF, GIT_DIFF_OPTS, GIT_ATTR_SOURCE, GIT_PAGER); overrides the program-naming repo-local keys via highest-precedence -c (core.fsmonitor=false, diff.external=, core.pager=cat, core.attributesFile=); and reads in-tree attributes from the empty tree (--attr-source) when the local git supports it. 2. `--attr-source` does NOT cover `$GIT_DIR/info/attributes`, and no config flag does — that source only triggers a filter when git hashes working-tree content. So the call sites no longer hash the worktree on an untrusted corpus: the rename diff uses `git diff --cached` (index vs HEAD; still catches staged `git mv` renames), and gather_git_facts replaces `git status` with `git diff --cached` plus the existing stat-based per-file drift check. `--cached` (not `--attr-source`) is the actual control, so `--attr-source` is gated on a one-time `git --version >= 2.40` probe: older git omits it and stays both safe and functional (no minimum-git floor introduced). Behavior change: index_diff `dirty_files` now lists staged changes only; unstaged working-tree modifications and untracked files are not enumerated there (unstaged edits to indexed files still surface in `modified_since_analyze`). Regression tests arm ALL exec sources at once — core.fsmonitor + filter.*.clean via in-tree .gitattributes, $GIT_DIR/info/attributes, and core.attributesFile — for both the rename `diff --cached` path and the index_diff facts path, asserting no helper executes and that staged rename / drift detection still works. Each vector was confirmed firing against the prior (config-only) approach before the --cached change. Full gate green (fmt, clippy -D warnings, build, 1145 nextest, doc -D warnings, deny, e2e walking skeleton). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Clarion 1.3.0
Release PR for the 1.3.0 line. Headline: Wardline NG-25 descriptor consumption — the Python plugin now reads Wardline's trust-vocabulary descriptor instead of importing
wardline.core.registry, fully retiringloom.md§5 asterisk 2 (ADR-018 Revision 3).Highlights
wardline_descriptor.pyparses Wardline's NG-25 descriptor to tag trust-decorated entities, with no import of Wardline. Extractor + server wired to emit the descriptor-derived metadata; new test coverage intest_wardline_descriptor.pyand expanded extractor/server tests.clarion-881e9834bc.clarion doctorpreviously mappedBindingState::MissingOrStaleto a gate-failingproblem, making an enrich-only sibling effectively required (contradictingloom.md§5). Both JSON and text doctor paths now report awarning;Unparseableand--fixrepair failures remainproblem. AddsTally{problems,warnings}.contracts.mdclarified to drop the oversold per-row locator fallback (one key per entity: SEI xor locator).[Unreleased]→[1.3.0](2026-06-05); README/getting-started/CLAUDE.md version + scope refs bumped to 1.3.0. Stacks on the changelog-cut (untagged) 1.2.0 line.CLAUDE.md,AGENTS.md, and the filigree-workflowSKILL.mdare untracked (kept on disk) to stop per-session regeneration churn;.gitignoreregrouped. Last tracked contents preserved in history at0a5c9d1.Verification
Per-commit verification recorded in commit bodies:
cargo fmt,clippy -D warnings(clarion-cli + clarion-mcp), nextestdoctor(7/7) andstorage_tools(97/97). CI (rust,python-plugin,walking-skeleton) gates this PR.🤖 Generated with Claude Code