Event 79 · v1.0.1 polish cleanup · audit_id auto-prefix + regex validation

[junjslee]

Summary

v1.0.1 polish cleanup — closes the UX gap surfaced on first dogfood of CP-AUDIT-ACK-01 (Event 78 / PR #35).

Bug story. Operator copy-pasted the audit-id stem 20260424-155444-14e5 without the audit- prefix; the permissive CLI accepted it and silently wrote a malformed entry to the ack-store. Suppression then failed because the run_id in profile_audit.jsonl carries the prefix — the IDs didn't match and the SessionStart banner kept firing.

Local state was fixed by revoke + re-ack with the correct full id. This PR ships the code-level fix so it can't happen again.

What this changes

src/episteme/_profile_audit_ack.py gets a new normalize_audit_id() helper that:

1. Auto-prepends audit- if the input is the bare stem (YYYYMMDD-HHMMSS-NNNN).
2. Regex-validates the result against ^audit-\d{8}-\d{6}-[0-9a-f]{4}$ — strict on lowercase hex per uuid4().hex[:4] generation convention.
3. Returns the normalized id, OR raises ValueError with a diagnostic message pointing the operator at episteme profile audit ack --list for valid IDs.

Integrated into write_ack + write_revoke so the chain only ever stores well-formed IDs going forward.

Behavior matrix:

Input	Behavior
audit-20260427-063251-9131	unchanged
20260427-063251-9131 (bare stem)	auto-prefixed → audit-20260427-063251-9131
audit-20260427-063251-91FF (uppercase hex)	rejected (must be lowercase)
audit-2026-04-27-063251-9131 (wrong date format)	rejected
abracadabra	rejected
"" / " " / None	rejected

The legacy malformed entry from the dogfood discovery (already revoked + re-acked correctly via the local-state fix) remains in the chain per Pillar 2 append-only ethos — historical record preserved, but no longer findable via well-formed lookup.

Tests

tests/test_profile_audit_ack.py — 29/29 pass (20 from Event 78 + 9 new).

New NormalizeAuditIdTests class:

• test_already_prefixed_audit_id_returned_unchanged
• test_bare_stem_gets_audit_prefix_auto_prepended
• test_malformed_format_rejected
• test_uppercase_hex_in_suffix_rejected
• test_wrong_date_length_rejected
• test_empty_audit_id_rejected
• test_non_string_rejected
• test_write_ack_with_bare_stem_normalizes_in_chain (functional)
• test_write_ack_with_malformed_id_rejected

Existing tests updated to use well-formed test ids (audit-20260427-NNNNNN-XXXX) so they pass the new regex.

CLI behavior unchanged

The CLI handler in cli.py doesn't need direct changes — write_ack / write_revoke handle normalization internally. The success message echoes the normalized id from the envelope, so an operator who types the bare stem sees the prefixed id in the confirmation output.

Soak-invariant

ZERO touches to kernel/* / core/hooks/* / core/blueprints/* / cli.py / templates/* / labs/*. Module-internal validator update + test extension only.

v1.0.1 polish queue post-Event-79

• ✅ CP-RELEASE-PLEASE-CHKPT-FILTER-01 (Event 75)
• ✅ CP-SYMLINK-RESTORE-01 Part A (Event 76)
• ✅ CP-EXAMPLES-SCHEMA-PARITY-01 Components 1-4 (Event 77)
• ✅ CP-AUDIT-ACK-01 (Event 78)
• ✅ CP-AUDIT-ACK-01 cleanup (this PR — UX gap closed)
• ⏳ CP-SYMLINK-RESTORE-01 Part B (deferred-by-design)
• ⏳ CP-EXAMPLES-SCHEMA-PARITY-01 Component 5 (deferred-by-design)

v1.0.1 polish track effectively complete after this merges. Next major: v1.1 cycle with CP-CHAIN-RECOVERY-PROTOCOL-01.

Cross-references

• Bug surface: Event 78 dogfood (immediately post-merge)
• Local state fix: revoke 20260424-155444-14e5 + re-ack audit-20260424-155444-14e5 with substantive rationale + evidence_refs ["Event 65", "Event 66", "Event 67"]
• Audit-id format source of truth: src/episteme/_profile_audit.py:run_audit line 157 — f"audit-{now.strftime('%Y%m%d-%H%M%S')}-{uuid.uuid4().hex[:4]}"
• Audit trail: ~/episteme-private/docs/PROGRESS.md Event 79 entry (private)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
episteme	Ready	Preview, Comment	Apr 29, 2026 5:44am