0%

Section 04: Attestation Schema + Read-Time Rejection

Status: Not Started Goal: The read-time backstop. A raw edit can land bytes on disk; this section makes an un-attested status: complete INERT — the validator errors and every gate refuses to honor it, before the orchestrator acts.

Success Criteria:

  • independent_review: attestation block schema (content-hash-bound) in scripts/plan_corpus.
  • plan_corpus checkOutcome.ERROR on un-attested or stale-hash complete.
  • Orchestrator gates refuse to honor un-attested complete (surface, not advance).
  • Tests: valid accepted; absent rejected; stale-hash rejected.

Context: A raw Edit cannot be physically un-written; the achievable enforcement is “rejected the instant anything reads it.” The attestation is content-hash-bound so editing the body after attestation invalidates it (catches “attest a stub, then fill garbage” and “fabricate complete with a copied attestation”).

Depends on: Section 03 (completion-authority.md defines what the attestation asserts).

Intelligence Reconnaissance

Queries run 2026-05-26:

  • scripts/intel-query.sh file-symbols scripts/plan_corpus/ --repo ori — N/A (Python; Rust-only symbol index). Recorded per plan-schema non-Rust allowance.
  • Direct grounding (this session): scripts/plan_corpus/schemas.py:PlanSectionSchema carries reviewed, third_party_review, review_pipeline; scripts/plan_corpus/content_hash.py:compute_full_section_hash is the content-hash SSOT; scripts/plan_corpus/schema.py emits findings with Outcome.ERROR/severity; orchestrator gates live in scripts/plan_orchestrator/ (gates.py, roadmap.py) + /review-plan precheck.

Results summary [ori]: attestation binds via compute_full_section_hash (or a body-scoped variant); validator extends PlanSectionSchema + schema.py; gate consumers are plan_orchestrator precheck/scan paths. UNVERIFIED: exact Outcome/severity enum names + the precise gate hook points — confirm at execution.

04.1 independent_review attestation block schema

File(s): scripts/plan_corpus/schemas.py; scripts/plan_corpus/content_hash.py (binding helper)

  • Define the independent_review: frontmatter block: verifier (must be independent-review), verified_at (date), content_hash (binds the attested body via compute_full_section_hash or a body-scoped hash), deliverables_checked (list of touches: paths / criteria verified present).
  • Add it to PlanSectionSchema (optional block; required-when status: complete).
  • Subsection close-out (04.1) — MANDATORY before 04.2:
    • Tasks [x]; schema parses; update subsection statuscomplete.
    • Repo hygiene checkcompiler_repo/diagnostics/repo-hygiene.sh --check.

04.2 Schema validator Outcome.ERROR on un-attested complete

File(s): scripts/plan_corpus/schema.py

  • Validator: when status: complete (or reviewed: true representing a completed close-out), REQUIRE a valid independent_review block whose content_hash matches the current body. Absent OR mismatched → Outcome.ERROR finding (COMPLETION_UNATTESTED / COMPLETION_ATTESTATION_STALE).
  • Tests in scripts/plan_corpus/tests/: (a) valid attestation accepted; (b) absent → ERROR; (c) body mutated after attestation (hash mismatch) → ERROR.
  • Subsection close-out (04.2) — MANDATORY before 04.3:
    • Tasks [x]; python3 -m pytest scripts/plan_corpus/tests/ -q green for the new cases.
    • Update subsection statuscomplete.
    • Repo hygiene checkcompiler_repo/diagnostics/repo-hygiene.sh --check.

04.3 Orchestrator-gate read-time rejection wiring

File(s): scripts/plan_orchestrator/gates.py / roadmap.py; /review-plan precheck; drift scanner

  • Wire the gates: a section presenting status: complete without a valid attestation is NOT honored — the gate surfaces it (halt/finding) rather than advancing the orchestrator. This is the layer that would have stopped §08.
  • Confirm /continue-roadmap precheck + /review-plan precheck + the stale-state/drift scanner all consult the validator verdict.
  • Subsection close-out (04.3) — MANDATORY before 04.N:
    • Tasks [x]; a fabricated un-attested complete (scratch fixture) is surfaced, not advanced past.
    • Update subsection statuscomplete.
    • Repo hygiene checkcompiler_repo/diagnostics/repo-hygiene.sh --check.

04.N Completion Checklist

  • 04.1–04.3 [x] and status complete.
  • python -m scripts.plan_corpus check ERRORs on un-attested + stale-hash complete; accepts valid attestation.
  • python3 -m pytest scripts/plan_corpus/tests/ -q green.
  • Orchestrator gates refuse to honor un-attested complete (manual fixture proof).
  • Plan sync — close via §06 /independent-review (bootstrap caveat); update 00-overview.md + index.md.
  • Repo hygiene checkcompiler_repo/diagnostics/repo-hygiene.sh --check.

Exit Criteria: plan_corpus check reports Outcome.ERROR on any status: complete lacking a valid content-hash-bound independent_review attestation; orchestrator gates surface rather than honor it; pytest green.