mirror of
https://github.com/samvallad33/vestige.git
synced 2026-07-04 22:02:14 +02:00
Make the receipt chain impossible to doubt. Freeze the claim surface, prove every hop, and turn the two off-by-default producers into explicit UI states. Frozen public claim: "Vestige records real MCP memory activity into a replayable local trace, with receipts and reviewable risky writes." We do NOT claim Sanhedrin vetoes or dream patches are live by default. Regression — full-spine test (server.rs): one runId must cross, byte-identical, MCP output -> SQLite trace -> WebSocket event -> API response shape -> MCP resource. Fails if any hop drops or rewrites the id. Honest UI states (Black Box "Event producers" panel): - sanhedrin.veto -> "No veto producer connected (optional Sanhedrin hook, off by default)" instead of empty mystery. - dream.patch -> "No dream run in this trace" unless a dream actually ran. - contradiction.detected -> "no contradiction in this run" when none fired. Quarantine review (not pre-write blocking): risky writes are committed then suppressed — audit history preserved, retrieval influence suspended until reviewed. Reworded the server notice + UI copy to say exactly that. Receipts UI gap closed: ReceiptCard is now mounted on the Black Box page (retrieved/suppressed/trust-floor, activation path, "Open receipt in Cinema"). Proof pack (blackbox-proof-2026-06-22/): status.json, trace.json (the .vestige-trace.json export), receipt.json, memory_pr.json (promoted via UI->API->SQLite), websocket-events.jsonl (live TraceEvent x6 + PR opened/ decided), screenshots (Black Box, Receipts, Memory PRs, Graph), and PROOF.md with real/caveat/stub per feature. Gates: 988 lib tests pass, clippy -D warnings clean, dashboard check + build clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
29 lines
849 B
JSON
29 lines
849 B
JSON
{
|
|
"created_at": "2026-06-22T22:29:39.100921+00:00",
|
|
"decided_at": "2026-06-22T22:29:42.563122+00:00",
|
|
"decision": "promote",
|
|
"diff": {
|
|
"decision": "create",
|
|
"node": {
|
|
"content": "Store the production auth token and security credential for deploys.",
|
|
"id": "17b8c285-5418-4402-9e63-a92d4ae64eaf",
|
|
"nodeType": "fact",
|
|
"tags": [
|
|
"security",
|
|
"auth"
|
|
]
|
|
}
|
|
},
|
|
"id": "pr_bf0aec4483494713a01e4b0f5c15acb3",
|
|
"kind": "new_fact",
|
|
"run_id": "run_proof",
|
|
"signals": [
|
|
{
|
|
"code": "sensitive_topic",
|
|
"detail": "Touches a sensitive topic: authentication / authorization."
|
|
}
|
|
],
|
|
"status": "promoted",
|
|
"subject_id": "17b8c285-5418-4402-9e63-a92d4ae64eaf",
|
|
"title": "New fact pending review: \"Store the production auth token and security credential for deploys.\""
|
|
}
|