Fixes B-4. Incremental delta is not additive: a change processes bucket
exits (retract unsupported edges) + entries (add) + propagation across
equivalence neighbours, not just new candidates. Adds an I-2 verification
mechanism: per-partition Merkle-style digest + background consistency-checker
vs sampled fold → scoped self-healing recompute on drift. I-2 now
eventually-verified, not asserted.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fixes B-2. Capability profiles are verified, not self-asserted: the contract
ships a versioned conformance suite that exercises each declared verb/position
against observed behaviour; passing is an admissibility precondition (lying
profiles rejected at registration); mismatch reported as a capability diff.
Makes I-3 / §6.5 sound rather than aspirational.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Resolves B-1+B-3. Coordination-canonical state = an append-only decision log
in the git journal (events: overlay/binding/alias/merge); queryable current
state = a derived fold (tier-3, indexed). Concurrency: one append authority
per space (lease/leader) → totally-ordered per-space log, read-your-writes
across instances, HA via re-grantable lease, partition yields to log integrity.
Updates §1, §4, §8.1, §8.6, §11. I-6 strengthened (coordination state is now
git-addressable history/patch/review), not bypassed.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fixes B-3/C-3. §9.1 structural per-tenant partitioning of the derived tier
(no shared cross-tenant cache; read-time filtering as defence-in-depth;
reconciles I-2+L5 per partition); new invariant I-13. §8.1 history stays
recoverable AND bounded (gc/repack, squash-compaction of churn preserving
recoverable endpoints, per-shard offload, anti-abuse hooks).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fixes D-2/D-3/D-4. §7.3 effective-vs-own provenance (page envelope + span
deltas, near-zero per-span cost). §8.4 projection trivial-by-default
(plain lazy replication), derivation/liveness/view-registry as extension
points only for the computational/typed tail. §11 adds policy/ + provenance/
as dependency-free leaf rails (mechanism never in a rail), tightened import rules.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fixes D-1. ~6 independent core axes (substrate, write-granularity, opacity,
envelope, access, liveness) with the rest implied via published rules that
forbid impossible profiles; a small named axis-interaction table is the
degradation contract (proof obligation behind 'core logic written once').
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fixes C-1/C-2. Incremental change-driven maintenance (notify->delta) is
primary; full rebuild is a rare, envelope-respecting, concurrent fallback
(not required cheap). Equivalence via blocking/LSH candidate-gen + verify +
incremental maintenance, replacing O(N^2). Index is derived, per-tenant.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fixes bug B-2. States the guarantee (read-your-writes for journal-owned
coordination-canonical state; causal across the derived tier; eventual+
freshness-labelled for sharded inputs). Conflict detection+representation =
core mechanism, resolution = policy. Overlay-apply-under-drift semantics
(fast-forward / three-way / refuse+re-present) and journal ordering.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fixes bug B-1: page identity is a stable assigned handle (survives edits),
not a content fingerprint; fingerprints identify versions/content for the
equivalence mechanism. Chain: identity -> placements -> equivalence. (§7.2)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The optimal architecture synthesised from INTENT + the full research arc:
- Thesis: canonical at the edges, derived in the middle (orchestrator not engine)
- Dual narrow waist: adapter contract (15 capability spectra) + page model
- 6 layers + provenance/capability rails; L4 union/projection is a rebuildable cache
- Federation-model taxonomy (plural/composable); two-axis projection model;
moldable view registry; identity != placement; computational content in scope
as page-model+projection, out as execution platform
- Concrete src/ module layout with downward-only dependency rule
- Canonical data flows; policy surface; tradeoffs; full traceability to INTENT/UCs
References ArchitectureBlueprint.md as the L5 authorization sub-blueprint.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
