feat(rfc-008): P3c — classifier runtime-sources taxonomy.json (R4/F4/F6)#392
Merged
lantiscooperdev merged 1 commit intoJun 16, 2026
Merged
Conversation
command-classifier.sh now sources its label vocabulary from patterns/taxonomy.json at runtime via a zero-dep node helper and fails closed if the resolved set drifts from the _priority() case-arms (the single bash label authority CI already pins == taxonomy). Eliminates the hand-maintained label list "by construction" (F4/OQ-2). - _ensure_taxonomy_synced guard fronts BOTH public emitters (classify_command + classify_path); never overrides the non-overridable marker_write (deadlock escape) or unsafe_complex labels. - Resolution: $HOME/.episodic-memory/patterns/taxonomy.json (== install GLOBAL_DIR), then a CONDITIONAL in-repo climb gated on repo sentinels + a classifier realpath round-trip — the installed layout can never read an ambient parent taxonomy. - install.mjs co-deploys taxonomy.json to the same global root; WARNs (split pre-P3c-no-helper vs post-P3c) when a divergent classifier is kept. - validate-bp-contract.mjs assertion 7c: robust parser asserts the guard is defined + called from both entry points + emit-site label literals subset of taxonomy. extractPriorityArms allowlists `declare -f _priority` (inert read). - Tests: test-classifier-taxonomy-sync.sh (18/0) + 5 new 7c cases + 4 install T20 cases; wired command-classifier + taxonomy-sync suites into CI. Plan reviewed by negative-scenario-planner + 3 codex rounds (ACCEPT). Defers (per workplan v125): override interface + F3 alert -> P3b-2; TSV->NDJSON -> P4; em-recall purification -> P3d. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
lantiscooperdev
left a comment
lantiscooperdev
left a comment
Collaborator
There was a problem hiding this comment.
Bot review — RFC-008 P3c (classifier runtime-sourcing)
Automated multi-layer review summary (agent-run; user approval still required to merge).
Verification (artifacts)
test-command-classifier.sh430/0 (regression — existing classifications unaffected)test-classifier-taxonomy-sync.sh18/0 (drift / unresolved / malformed / empty / marker escape / classify_path / symlink / ambient-reject / candidate-2 proof / non-exported guard)test-validate-bp-contract.mjs103/0 (assertion 7c +declare -fallowlist FP control)test-install-hooks.sh92/0 (co-deploy byte-equal, both WARN branches, no-hooks coupling regression)- live E2E 8/0 (real install → deployed classify → tampered-taxonomy fail-closed)
validate-bp-contract --project .= OK
Review layers
- Plan —
negative-scenario-plannerHOLD (3 P1) + codex 3 rounds → ACCEPT. - Code —
negative-scenario-reviewerACCEPT; 4 adversarial axes fail-closed with shell repros (authority-root fail-OPEN, fail-OPEN under error,marker_writeexemption, validator allowlist bypass). - PR-level — codex R1 caught a real BLOCKER (no-hooks install advanced the global taxonomy unwarned → silent
taxonomy_drift); fixed by coupling the taxonomy deploy to the classifier deploy + aT20a2regression test; R2 ACCEPT (consensus).
Key safety properties confirmed
- Fail-closed never overrides
marker_write(deadlock escape) orunsafe_complex. - Installed-layout classifier cannot read an ambient parent
taxonomy.json(sentinels + realpath round-trip). - Install write-root == runtime read-root (
$HOME/.episodic-memory/patterns); taxonomy + classifier advance together.
Residual (no action)
- F6 (theoretical): taxonomy deploy is
existsSync-guarded while the classifier deploys unconditionally — repo-corruption-only path, covered by the committedtaxonomy.json+ CI assertion 7.
Recommending the changes are sound; leaving final approval to the maintainer.
lantiscooperdev
approved these changes
Jun 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
RFC-008 P3c — classifier runtime-sources
taxonomy.json(R4 / F4 / F6)Part of RFC-008. The classifier-runtime-sourcing slice of P3 (independent of the P3b-2 tier layer and P3d em-recall purification, per workplan v125).
What changes
command-classifier.shnow sources its label vocabulary frompatterns/taxonomy.jsonat runtime via a zero-dep node helper and fails closed if the resolved set drifts from the_priority()case-arms — the single bash label authority CI already pins== taxonomy(assertion 7b). This eliminates the hand-maintained label list by construction (F4 / OQ-2-closed)._ensure_taxonomy_syncedguard fronts both public emitters (classify_command+classify_path); it never overrides the two non-overridable labels —marker_write(deadlock-class-1 escape hatch) andunsafe_complex(already maximally blocking).$HOME/.episodic-memory/patterns/taxonomy.json(== installGLOBAL_DIR); candidate 2 = a conditional in-repo climb gated on repo sentinels and a classifier realpath round-trip — the installed layout can never read an ambient parenttaxonomy.json(authority-root containment;cd -Prealpath handles the/var→/private/varclass).install.mjsco-deploystaxonomy.jsonto the same global root, coupled to the classifier deploy (inside--install-hooks) so a no-hooks install never advances the taxonomy while the classifier stays stale. Emits a divergent-classifier WARN (pre-P3c-no-helper vs post-P3c split).validate-bp-contract.mjsassertion 7c (robust parser, not grep): the guard is defined + called from both entry points, and emit-site label literals ⊆ taxonomy.extractPriorityArmsallowlistsdeclare -f _priority(an inert read).Tests
test-command-classifier.sh(regression)test-classifier-taxonomy-sync.sh(new)test-validate-bp-contract.mjs(7c + allowlist)test-install-hooks.sh(T20 co-deploy/WARN + BLOCKER regression)test-command-classifier.sh+test-classifier-taxonomy-sync.shwired into CI (plugin-validate.yml).Review trail
negative-scenario-plannerHOLD (3 P1) + codex R1 HOLD(5) → R2 HOLD(2) → R3 ACCEPT.negative-scenario-reviewerACCEPT — 4 adversarial axes (authority-root fail-OPEN, fail-OPEN under error, marker_write exemption, validator allowlist bypass) all fail-closed with shell repros.taxonomy_drift). Fixed (taxonomy deploy coupled to classifier +T20a2regression). claude-subagent R2 ACCEPT (consensus converged).Defers (per workplan v125)
Plugin override interface + F3 runtime alert → P3b-2; TSV→NDJSON → P4; em-recall purification → P3d.
🤖 Generated with Claude Code