Conversation
…vent 78) CP-AUDIT-ACK-01 (v1.0.1 polish mini-batch CP #4 — last main piece). The SessionStart audit-drift banner has pointed at `episteme profile audit ack <audit-id>` since v0.11.0, but the subcommand did not exist. Operator (Event 68, 2026-04-27) closed the asymmetry_posture audit loop via direct profile re-elicit because no structured ack pathway existed. This Event ships the missing CLI + the hash-chained ack-store the banner has been promising all along. What ships: 1. New CLI subcommand `episteme profile audit ack`: - `<audit-id> --rationale "..."` writes an ack - `--list` enumerates outstanding (un-acked) drift records - `--revoke <audit-id> --rationale "..."` revokes a prior ack - `--evidence-refs Event65 Event66 ...` optional supporting refs 2. New module src/episteme/_profile_audit_ack.py: - validate_rationale: lazy-token + min-15-char rejection (mirrors Reasoning Surface validator discipline) - write_ack / write_revoke: append cp7-chained-v1 envelopes to ~/.episteme/state/profile_audit_acks.jsonl - is_acked / acked_ids: latest-state-per-id walk - list_outstanding_audits: filter profile_audit.jsonl by ack-store - verify_chain: integration with episteme chain verify 3. Audit-loop integration (suppression): - core/hooks/session_context.py: inline _is_acked_in_store check suppresses the SessionStart banner for acked run_ids. Inlined per the hooks-stay-self-contained convention (no sys.path setup of src/episteme/ in standalone hook invocation). - src/episteme/_profile_audit.py:surface_drift_line: imports _profile_audit_ack and runs is_acked check; degrades gracefully if the module is unavailable (test isolation). 4. Chain integration: - episteme chain verify now enumerates profile_audit_acks alongside protocols / deferred_discoveries / pending_contracts. - Stream uses the same SHA-256 cp7-chained-v1 envelope schema — no new chain primitives needed. Audit-trail discipline: - Revoke is NEVER a delete. Revoke appends a new chain entry whose type is profile_audit_ack_revoke; the latest-state-per-id walk treats the latest entry as authoritative. The full ack/revoke trajectory is preserved in the chain (Pillar 2 ethos: nothing changes silently; nothing is silently undone). Validation discipline: - Rationale must be >= 15 chars, NOT match the lazy-token list ('n/a', 'tbd', 'ack', 'ok', 'okay', 'later', 'wip', ' 해당 없음', '없음', etc. — English + Korean; mirrors agent_feedback.md no-AI-co-author-trailer style of explicit-list discipline). - Lazy-token check fires BEFORE min-char check so 'n/a' returns the lazy-token error message (more diagnostic) rather than the min-char message. Tests at tests/test_profile_audit_ack.py — 20/20 pass: - ValidateRationaleTests (8 cases): min-char, lazy-token English, lazy-token Korean, ack/ok/tbd, substantive accepted, non-string rejected - AckStoreWriteTests (3 cases): ack envelope shape, revoke entry, invalid audit-id rejected - IsAckedReadPathTests (5 cases): no-store, ack-then-acked, revoke-after-ack, re-ack-after-revoke (latest wins), acked_ids-set-correctness - ChainIntegrityTests (1 case): 4-entry chain stays intact across ack+ack+revoke+ack - ListOutstandingAuditsTests (3 cases): excludes-acked, excludes-no-drift, empty-when-no-records Full test suite green: 144/144 (124 baseline + 20 new). Soak-protected surfaces touched: - core/hooks/session_context.py (post-soak; allowed) - src/episteme/_profile_audit.py (library; not soak-protected) - src/episteme/_profile_audit_ack.py (NEW) - src/episteme/cli.py (CLI; not soak-protected) - tests/test_profile_audit_ack.py (NEW; not soak-protected)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fourth (and last main) v1.0.1 polish CP. The SessionStart audit-drift banner has pointed at
episteme profile audit ack <audit-id>since v0.11.0, but the subcommand did not exist. Operator (Event 68, 2026-04-27) had to close theasymmetry_postureaudit loop via direct profile re-elicit because there was no structured ack pathway. This PR ships the missing CLI + the hash-chained ack-store the banner has been promising all along.What ships
1. New CLI subcommand
episteme profile audit ack2. New module
src/episteme/_profile_audit_ack.pyvalidate_rationale(text)write_ack(audit_id, rationale, ...)cp7-chained-v1envelope to~/.episteme/state/profile_audit_acks.jsonlwrite_revoke(audit_id, rationale, ...)is_acked(audit_id)acked_ids()list_outstanding_audits()profile_audit.jsonlrecords by ack-store stateverify_chain()episteme chain verify3. Audit-loop integration (suppression)
core/hooks/session_context.py: inline_is_acked_in_store(run_id)check suppresses SessionStart banner for acked run_ids. Inlined per the hooks-stay-self-contained convention (nosys.pathsetup ofsrc/episteme/in standalone hook invocation).src/episteme/_profile_audit.py:surface_drift_line(): imports_profile_audit_ackand runsis_ackedcheck. Library-tier; degrades gracefully if module unavailable (test isolation).4. Chain integration
episteme chain verifynow enumeratesprofile_audit_acksalongsideprotocols/deferred_discoveries/pending_contracts. Stream uses the same SHA-256cp7-chained-v1envelope schema — no new chain primitives needed.Audit-trail discipline
Revoke is NEVER a delete. A revoke appends a new chain entry whose type is
profile_audit_ack_revoke; the latest-state-per-id walk treats the latest entry as authoritative. The full ack/revoke trajectory is preserved in the chain (Pillar 2 ethos: nothing changes silently; nothing is silently undone).Validation discipline
Rationale must be ≥ 15 chars AND must NOT match the lazy-token list:
n/a,na,tbd,todo,none,nothing,nil,null,ack,acked,acknowledged,ok,okay,fine,later,fix later,do later,address later,wip,in progress해당 없음,없음,없다,추후,나중에Lazy-token check fires BEFORE min-char check so
'n/a'returns the lazy-token error message (more diagnostic) rather than the min-char message.Tests
tests/test_profile_audit_ack.py— 20/20 pass:ValidateRationaleTests해당 없음),ack/ok/tbd, substantive accepted, non-string rejectedAckStoreWriteTestsIsAckedReadPathTestsacked_idsset correctnessChainIntegrityTestsListOutstandingAuditsTestsFull test suite green: 144/144 (124 baseline + 20 new).
Smoke test (live, post-merge — operator should run)
Soak-invariant
core/hooks/session_context.pysrc/episteme/_profile_audit.pysrc/episteme/_profile_audit_ack.pysrc/episteme/cli.pytests/test_profile_audit_ack.pykernel/*/core/blueprints/*/templates/*/labs/*v1.0.1 polish queue post-Event-78
episteme verify-examplesCLI; deferred-by-design)4 of 4 main v1.0.1 polish CPs shipped. Both remaining items are explicitly deferred-by-design optional enhancements (Part B integrates the symlink-restore script into a hook for auto-run; Component 5 adds a machine-checkable schema-parity validator). v1.0.1 polish track is effectively complete.
Cross-references
~/episteme-private/docs/cp-v1.0.1-polish.md§ CP-AUDIT-ACK-01docs/PROGRESS.mdEvent 68 entry — operator closed asymmetry_posture audit loop via direct re-elicit because no CLI existed)core/hooks/_chain.py§ cp7-chained-v1src/episteme/_profile_audit.py~/episteme-private/docs/PROGRESS.mdEvent 78 entry (private)