foundryside-dev · tachyon-beep · Jun 5, 2026 · Jun 5, 2026 · Jun 5, 2026 · Jun 5, 2026
diff --git a/.agents/skills/loomweave-workflow/SKILL.md b/.agents/skills/loomweave-workflow/SKILL.md
@@ -26,7 +26,7 @@ calls this?" without reading a single file.
 - You need a function's neighborhood, execution paths, or which subsystem it belongs to.
 
 **Not for:** editing code, reading exact implementation bodies (use `summary` or
-read the file once you have its path), or codebases with no `.loomweave/` index.
+read the file once you have its path), or codebases with no `.weft/loomweave/` index.
 
 ## Entity IDs — the model
 
@@ -65,18 +65,27 @@ tell which case you're in.
 | `execution_paths_from` | bounded call paths out of an entity | `{"id": "<id>", "max_depth": 5}` |
 | `subsystem_members` | modules in a subsystem | `{"id": "core:subsystem:<hash>"}` |
 | `subsystem_of` | the subsystem an entity belongs to (reverse of `subsystem_members`) | `{"id": "<id>"}` |
-| `summary` | on-demand prose summary of one entity | `{"id": "<id>"}` |
+| `summary` † | on-demand prose summary of one entity | `{"id": "<id>"}` |
 | `summary_preview_cost` | preview a `summary` call's cache status / cost before spending | `{"id": "<id>"}` |
 | `issues_for` | Filigree issues attached to an entity | `{"id": "<id>"}` |
 | `source_for_entity` | an entity's exact indexed source span + bounded context | `{"id": "<id>", "context_lines": 10}` |
 | `call_sites` | the source line(s) behind a calls/references edge | `{"id": "<id>", "role": "caller"}` |
 | `orientation_pack` | one deterministic orientation packet for an entity or file:line (entity + context + neighbors + paths + issues + freshness) | `{"file": "rel/path.py", "line": 42}` |
 | `index_diff` | index freshness / drift vs. the current working tree | `{}` |
-| `analyze_start` | launch a background re-index, return its `run_id` | `{}` |
+| `analyze_start` † | launch a background re-index, return its `run_id` | `{}` |
 | `analyze_status` | poll a started analyze (queued/running/terminal + progress) | `{"run_id": "<id>"}` |
-| `analyze_cancel` | stop a running analyze (group-kills plugin + Pyright) | `{"run_id": "<id>"}` |
+| `analyze_cancel` † | stop a running analyze (group-kills plugin + Pyright) | `{"run_id": "<id>"}` |
 | `project_status` | index freshness, counts, LLM + Filigree status | `{}` |
 
+† **Write-gated.** `summary` (`entity_summary_get`), `analyze_start`,
+`analyze_cancel`, `propose_guidance`, and `promote_guidance` are registered only
+when `serve.mcp.enable_write_tools: true` is set in `loomweave.yaml` (default
+`false`). When the gate is off they do not appear in `tools/list` and a call
+returns a tool-disabled error — run `loomweave config check` to see the active
+policy. `summary` additionally requires the live LLM provider to be enabled
+(`llm_policy.enabled: true` + `allow_live_provider: true`), or it serves cache
+only.
+
 `callers_of` / `neighborhood` / `execution_paths_from` take a `confidence`
 tier — one of `"resolved"` (default; only high-confidence edges),
 `"ambiguous"`, or `"inferred"`. There is no `"all"` value. When you suspect an
@@ -152,7 +161,7 @@ honest-empty unless a plugin emits those tags. Likewise `high_churn` and
 
 `search_semantic` is also in the catalogue. It is opt-in under
 `semantic_search:`; when enabled, `loomweave analyze` populates the git-ignored
-`.loomweave/embeddings.db` sidecar and the query path filters stale vectors by
+`.weft/loomweave/embeddings.db` sidecar and the query path filters stale vectors by
 content hash.
 
 > Not in this catalogue: `emit_observation` as a general-purpose write surface.
@@ -163,6 +172,7 @@ for team sharing). Agents may call `propose_guidance` to create a Filigree
 observation, but that proposal is inert until an operator promotes it through
 `promote_guidance` or the CLI. Promoted sheets reach you through `guidance_for`
 and are composed into `summary` prompts with a real guidance fingerprint.
+(`propose_guidance` and `promote_guidance` are write-gated — see the † note above.)
 
 ## Workflow: orient, then navigate
 
@@ -192,7 +202,7 @@ and are composed into `summary` prompts with a real guidance fingerprint.
 
 ## Launch
 
-`loomweave serve --path <dir>` where `<dir>` contains `.loomweave/loomweave.db`
+`loomweave serve --path <dir>` where `<dir>` contains `.weft/loomweave/loomweave.db`
 (built by `loomweave analyze <dir>`). In an MCP client the tools appear as
 `mcp__loomweave__find_entity`, etc.
 

diff --git a/.agents/skills/wardline-gate/SKILL.md b/.agents/skills/wardline-gate/SKILL.md
@@ -0,0 +1,65 @@
+---
+name: wardline-gate
+description: >
+  Use when scanning for or fixing trust-boundary / taint findings, when a
+  `wardline scan` reports a defect, or when wiring wardline into an agent's
+  edit-verify loop. Explains the scan -> explain -> fix-at-the-boundary ->
+  rescan cycle and the baseline-vs-waiver discipline.
+---
+
+# Wardline: the trust-boundary gate
+
+Wardline is a deterministic, whole-program static taint analyzer. It marks trust
+boundaries with two decorators from `wardline.decorators`: `@external_boundary`
+(untrusted data arriving from outside) and `@trusted` (a producer that must only
+receive validated data). When untrusted data reaches a trusted producer it raises
+`PY-WL-101` at `ERROR`.
+
+## The loop
+
+1. **Scan.** Run `wardline scan . --fail-on ERROR` (or call the `scan` MCP tool).
+   Read the gate verdict and the active (non-suppressed) findings — `active` is
+   the population the gate enforces on.
+2. **Explain.** For each active defect, call `explain_taint` with the finding's
+   `fingerprint`, `path`+`line`, and its `qualname` as `sink_qualname`. Do this
+   right after the scan and before editing — a stale fingerprint returns an error.
+   With a Loomweave store configured, pass `chain: true` to walk the full taint
+   chain back to the originating boundary.
+3. **Fix at the BOUNDARY, not the sink.** Add validation or rejection at the hop
+   where untrusted data should have been checked — not a band-aid at the sink.
+4. **Re-scan.** Confirm the finding is gone.
+
+## Exit codes (CLI path)
+
+- `0` — clean (or gate not requested).
+- `1` — the gate tripped: a non-suppressed defect at/above `--fail-on`.
+- `2` — a wardline error (bad config, unreadable path). Not a finding.
+
+Branch on the code. On a trip, read the structured report wardline just wrote —
+the finding names the function, file, and lines, which is enough to locate the
+leak.
+
+## Suppression discipline
+
+Prefer FIXING a finding. Suppress only a finding you have judged a true
+non-issue, always with a reason:
+
+- MCP `baseline` — snapshot current defects so only NEW findings surface.
+  `overwrite: false` (default) refuses to clobber an existing baseline;
+  `overwrite: true` re-derives it. A coarse, whole-set tool; requires a reason.
+- `waiver_add` — waive ONE finding by fingerprint with a mandatory reason and an
+  expiry date. An audited, time-boxed exception.
+- `wardline judge` (opt-in, network) — an LLM pass that labels each defect
+  TRUE/FALSE positive. Never runs automatically, never folded into scan; fails
+  loud with no API key so "couldn't triage" is never mistaken for "nothing to
+  triage". Above-floor false positives can be recorded as audited suppressions.
+
+## CLI vs MCP
+
+- **CLI:** `wardline scan`, `wardline judge`, `wardline baseline create/update`.
+  Branch on the exit code; read the findings file it writes.
+- **MCP:** `wardline mcp` exposes `scan`, `explain_taint`, `fix`, `judge`
+  (network), `baseline`, `waiver_add`; resources
+  `wardline://vocab|rules|config|config-schema`; and the `wardline:loop` prompt.
+  The server is stateless — the read-only tools are pure functions of your code
+  on disk and your config.
diff --git a/.config/nextest.toml b/.config/nextest.toml
@@ -1,3 +1,18 @@
+# Bound every test's wall-clock so `cargo nextest run --workspace` always
+# *completes* (and reports) instead of hanging. The pre-existing emission tests
+# tracked by clarion-1d405be546 hang indefinitely; without a cap the literal CI
+# command (CLAUDE.md "Build, test, lint") can never run clean, forcing a
+# "green via family-exclusion" caveat. With the cap, a hung test is terminated
+# and reported as a timeout failure — honestly red, fast — and clarion-1d405be546
+# remains its owner's bug to fix (the cap does not fix it).
+#
+# `terminate-after` counts `period`s: a test slow past `period` is warned (SLOW),
+# and killed after `period * terminate-after`. The period sits well above the
+# slowest legitimate test (the single-threaded serve-http integration tests) with
+# CI-runner headroom, so only a genuine hang trips it.
+[profile.default]
+slow-timeout = { period = "60s", terminate-after = 3 }
+
 [test-groups]
 serve-http = { max-threads = 1 }
 

diff --git a/.filigree.conf b/.filigree.conf
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,219 +9,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-env:
-  CARGO_TERM_COLOR: always
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  RUSTFLAGS: "-D warnings"
-
 jobs:
-  rust:
-    name: Rust
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
-        with:
-          # Full history so the ADR-024 migration-retirement guard can resolve
-          # the published_build.txt ref via `git show <ref>:0001` (the marker
-          # names a commit SHA, which a shallow checkout can't read). Mirrors
-          # the release.yml verify job. clarion-12667da9f5 / clarion-0106a61480.
-          fetch-depth: 0
-
-      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8
-        with:
-          toolchain: stable
-          components: clippy, rustfmt, llvm-tools-preview
-
-      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32
-
-      # Python is used by the migration-retirement guard and lockstep guards
-      # below. Pin >= 3.11 explicitly so the stdlib `tomllib` is available
-      # regardless of which Python the runner image happens to preinstall.
-      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
-        with:
-          python-version: "3.11"
-
-      - name: fmt
-        run: cargo fmt --all -- --check
-
-      - name: migration retirement guard
-        run: |
-          python scripts/check-migration-retirement.py --self-test
-          python scripts/check-migration-retirement.py
-
-      - name: cross-workspace version lockstep
-        run: python scripts/check-workspace-version-lockstep.py
-
-      - name: pyright pin lockstep
-        run: |
-          python scripts/check-pyright-pin-lockstep.py --self-test
-          python scripts/check-pyright-pin-lockstep.py
-
-      - name: wardline version bounds
-        run: |
-          python scripts/check-wardline-version-bounds.py --self-test
-          python scripts/check-wardline-version-bounds.py
-
-      - name: entity-cap ADR/code lockstep
-        run: |
-          python scripts/check-entity-cap-lockstep.py --self-test
-          python scripts/check-entity-cap-lockstep.py
-
-      - name: clippy
-        run: cargo clippy --workspace --all-targets --all-features -- -D warnings
-
-      - name: install cargo-nextest
-        uses: taiki-e/install-action@e310bff3ef77234d477d6bb655da153a5c49d1db
-
-      # Ensure all workspace binaries (notably loomweave-plugin-fixture) are built
-      # before nextest runs. wp2_e2e tests need the fixture binary on disk and
-      # nextest's CARGO_BIN_EXE_* propagation is not reliably set for cross-package
-      # dev-dep binaries (deferred issue clarion-adeff0916d).
-      - name: build workspace bins
-        run: cargo build --workspace --bins
-
-      - name: test
-        run: cargo nextest run --workspace --all-features --no-tests=pass
-
-      - name: doc
-        run: cargo doc --workspace --no-deps --all-features
-        env:
-          RUSTDOCFLAGS: "-D warnings"
-
-      - name: install cargo-deny
-        uses: taiki-e/install-action@2e721ffcfc34740897fc3130e2dd782b1c136896
-
-      - name: deny
-        run: cargo deny check
-
-  # macOS build + lint parity. The release matrix was the first place macOS was
-  # ever compiled, so a macOS-only `-D warnings` regression stayed invisible
-  # until tag-cut (clarion-12667da9f5). This native runner job closes that gap.
-  # It mirrors only the Linux job's clippy + bin build — the Python guards are
-  # platform-independent and already covered by the `rust` job. No `--target`
-  # flag: native builds avoid the ring C-build-script failure seen when
-  # cross-compiling Linux -> macOS.
-  #
-  # Only aarch64-apple-darwin (macos-14) runs here: the x86_64 (macos-13) leg is
-  # temporarily dropped while those runners are offline/unreliable. Restore it
-  # when macos-13 runner health recovers (clarion-12667da9f5 follow-up). The
-  # unused-symbol class this gate guards is `target_os = "macos"`, i.e.
-  # arch-independent, so aarch64 coverage catches the same regressions.
-  rust-macos:
-    name: Rust (${{ matrix.target }})
-    runs-on: ${{ matrix.runner }}
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - target: aarch64-apple-darwin
-            runner: macos-14
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
-
-      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8
-        with:
-          toolchain: stable
-          components: clippy
-
-      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32
-        with:
-          key: ${{ matrix.target }}
-
-      - name: clippy
-        run: cargo clippy --workspace --all-targets --all-features -- -D warnings
-
-      - name: build workspace bins
-        run: cargo build --workspace --bins
-
-  python-plugin:
-    name: Python plugin
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
-
-      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
-        with:
-          python-version: "3.11"
-          cache: pip
-          cache-dependency-path: plugins/python/uv.lock
-
-      - name: cache pyright runtime
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae
-        with:
-          path: ~/.cache/pyright-python/
-          key: pyright-python-1.1.409-${{ runner.os }}
-
-      - name: check Python ontology version lockstep
-        run: |
-          python scripts/check-python-ontology-version.py --self-test
-          python scripts/check-python-ontology-version.py
-
-      - name: install uv
-        run: python -m pip install uv==0.10.2
-
-      - name: sync plugin (locked dev extras)
-        run: uv sync --project plugins/python --locked --extra dev
-
-      - name: audit locked Python dependencies
-        run: |
-          uv export --project plugins/python --locked --extra dev --no-emit-project \
-            --format requirements.txt \
-            --output-file /tmp/loomweave-python-dev-requirements.txt
-          uv run --project plugins/python --extra dev pip-audit \
-            -r /tmp/loomweave-python-dev-requirements.txt
-
-      - name: check B.4*/B.5 performance gates
-        run: uv run --project plugins/python --extra dev python scripts/check-b4-gate-result.py --run-b5-smoke
-
-      - name: ruff check
-        run: uv run --project plugins/python --extra dev ruff check plugins/python
-
-      - name: ruff format check
-        run: uv run --project plugins/python --extra dev ruff format --check plugins/python
-
-      - name: mypy
-        run: uv run --project plugins/python --extra dev mypy --strict plugins/python
-
-      - name: pytest
-        run: uv run --project plugins/python --extra dev pytest plugins/python
-
-  walking-skeleton:
-    name: Sprint 1 walking skeleton (end-to-end)
-    runs-on: ubuntu-latest
-    needs: [rust, python-plugin]
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
-
-      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8
-        with:
-          toolchain: stable
-
-      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32
-
-      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
-        with:
-          python-version: "3.11"
-          cache: pip
-          cache-dependency-path: plugins/python/pyproject.toml
-
-      - name: cache pyright runtime
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae
-        with:
-          path: ~/.cache/pyright-python/
-          key: pyright-python-1.1.409-${{ runner.os }}
-
-      - name: install sqlite3 cli
-        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends sqlite3
-
-      - name: run walking skeleton
-        run: bash tests/e2e/sprint_1_walking_skeleton.sh
-
-      - name: run WP5 secret scanner smoke
-        run: CARGO_BUILD=0 bash tests/e2e/wp5_secret_scan.sh
-
-      - name: Sprint 2 MCP surface
-        run: CARGO_BUILD=0 bash tests/e2e/sprint_2_mcp_surface.sh
-
-      - name: Phase 3 subsystems
-        run: CARGO_BUILD=0 bash tests/e2e/phase3_subsystems.sh
+  # Every gate lives in the reusable verify.yml so CI and the release pre-publish
+  # gate share one definition and cannot drift (V11-CI-01, clarion-c9f62eec7d).
+  verify:
+    name: Verify
+    uses: ./.github/workflows/verify.yml