﻿2026-06-09T09:52:59.1622722Z ##[group]Run ./traceable-reqs lint || true
2026-06-09T09:52:59.1622874Z [36;1m./traceable-reqs lint || true[0m
2026-06-09T09:52:59.1636144Z shell: /usr/bin/bash -e {0}
2026-06-09T09:52:59.1636248Z ##[endgroup]
2026-06-09T09:52:59.1808626Z Requirement quality findings (79); 179 requirements queued for agent review:
2026-06-09T09:52:59.1809578Z   [must] requirement_quality REQ-API-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1809930Z   [must] requirement_quality REQ-CLI-1 criterion=length — title is 47 words; want 3..=25
2026-06-09T09:52:59.1810263Z   [must] requirement_quality REQ-CLI-2 criterion=length — title is 37 words; want 3..=25
2026-06-09T09:52:59.1810559Z   [must] requirement_quality REQ-CLI-3 criterion=length — title is 37 words; want 3..=25
2026-06-09T09:52:59.1810888Z   [must] requirement_quality REQ-CONSENT-1 criterion=length — title is 41 words; want 3..=25
2026-06-09T09:52:59.1811293Z   [must] requirement_quality REQ-CONSENT-2 criterion=length — title is 37 words; want 3..=25
2026-06-09T09:52:59.1811812Z   [must] requirement_quality REQ-CONV-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1812127Z   [must] requirement_quality REQ-CONV-1 criterion=length — title is 73 words; want 3..=25
2026-06-09T09:52:59.1812475Z   [must] requirement_quality REQ-CONV-2 criterion=length — title is 47 words; want 3..=25
2026-06-09T09:52:59.1813109Z   [must] requirement_quality REQ-DAEMON-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1813443Z   [must] requirement_quality REQ-DAEMON-5 criterion=length — title is 64 words; want 3..=25
2026-06-09T09:52:59.1813881Z   [must] requirement_quality REQ-DAEMON-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1814199Z   [must] requirement_quality REQ-DAEMON-6 criterion=length — title is 84 words; want 3..=25
2026-06-09T09:52:59.1815079Z   [must] requirement_quality REQ-DAEMON-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1815437Z   [must] requirement_quality REQ-DAEMON-7 criterion=length — title is 62 words; want 3..=25
2026-06-09T09:52:59.1815742Z   [must] requirement_quality REQ-DAEMON-8 criterion=length — title is 44 words; want 3..=25
2026-06-09T09:52:59.1816210Z   [must] requirement_quality REQ-DAEMON-9 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1816530Z   [must] requirement_quality REQ-DAEMON-9 criterion=length — title is 114 words; want 3..=25
2026-06-09T09:52:59.1816963Z   [must] requirement_quality REQ-HAZARD-CONFLICT-BOTH-PRESERVED criterion=length — title is 29 words; want 3..=25
2026-06-09T09:52:59.1817384Z   [must] requirement_quality REQ-HAZARD-DAEMON-SCHED-NONBLOCKING criterion=length — title is 32 words; want 3..=25
2026-06-09T09:52:59.1817843Z   [must] requirement_quality REQ-HAZARD-DETACHED-PIPE-INHERIT criterion=length — title is 52 words; want 3..=25
2026-06-09T09:52:59.1818424Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1818829Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=length — title is 58 words; want 3..=25
2026-06-09T09:52:59.1819534Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1820189Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=length — title is 73 words; want 3..=25
2026-06-09T09:52:59.1820662Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-PARSER-SAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1820986Z   [must] requirement_quality REQ-HAZARD-EPOCH-RESET criterion=length — title is 60 words; want 3..=25
2026-06-09T09:52:59.1821463Z   [must] requirement_quality REQ-HAZARD-GEN-START-NOW criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1822067Z   [must] requirement_quality REQ-HAZARD-INSTANT-UNDERFLOW criterion=length — title is 30 words; want 3..=25
2026-06-09T09:52:59.1822420Z   [must] requirement_quality REQ-HAZARD-PAIR-RATE-LIMIT criterion=length — title is 37 words; want 3..=25
2026-06-09T09:52:59.1822772Z   [must] requirement_quality REQ-HAZARD-PAIR-SEED-ROTATION criterion=length — title is 33 words; want 3..=25
2026-06-09T09:52:59.1823251Z   [must] requirement_quality REQ-HAZARD-PAIR-TRANSCRIPT-BIND criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1823730Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1824098Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=length — title is 27 words; want 3..=25
2026-06-09T09:52:59.1824636Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1824991Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=length — title is 66 words; want 3..=25
2026-06-09T09:52:59.1825330Z   [must] requirement_quality REQ-HAZARD-SUDO-SECURE-PATH criterion=length — title is 43 words; want 3..=25
2026-06-09T09:52:59.1825668Z   [must] requirement_quality REQ-HAZARD-WAN-ORIGIN-AUTH criterion=length — title is 37 words; want 3..=25
2026-06-09T09:52:59.1825944Z   [must] requirement_quality REQ-INST-15 criterion=length — title is 32 words; want 3..=25
2026-06-09T09:52:59.1826236Z   [must] requirement_quality REQ-INSTALL-2 criterion=length — title is 2 word(s); want 3..=25
2026-06-09T09:52:59.1826636Z   [must] requirement_quality REQ-INSTALL-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1827072Z   [must] requirement_quality REQ-INSTALL-6 criterion=length — title is 56 words; want 3..=25
2026-06-09T09:52:59.1827508Z   [must] requirement_quality REQ-INSTALL-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1827783Z   [must] requirement_quality REQ-INSTALL-7 criterion=length — title is 50 words; want 3..=25
2026-06-09T09:52:59.1828064Z   [must] requirement_quality REQ-INSTALL-8 criterion=length — title is 55 words; want 3..=25
2026-06-09T09:52:59.1828465Z   [must] requirement_quality REQ-MANIFEST-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1828746Z   [must] requirement_quality REQ-MESH-1 criterion=length — title is 86 words; want 3..=25
2026-06-09T09:52:59.1829300Z   [must] requirement_quality REQ-MESH-2 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1829615Z   [must] requirement_quality REQ-MESH-2 criterion=length — title is 120 words; want 3..=25
2026-06-09T09:52:59.1830033Z   [must] requirement_quality REQ-MESH-3 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1830308Z   [must] requirement_quality REQ-MESH-3 criterion=length — title is 86 words; want 3..=25
2026-06-09T09:52:59.1830689Z   [must] requirement_quality REQ-MESH-4 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1830960Z   [must] requirement_quality REQ-MESH-4 criterion=length — title is 99 words; want 3..=25
2026-06-09T09:52:59.1831303Z   [must] requirement_quality REQ-MESH-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1831779Z   [must] requirement_quality REQ-MESH-5 criterion=length — title is 72 words; want 3..=25
2026-06-09T09:52:59.1832127Z   [must] requirement_quality REQ-MESH-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1832399Z   [must] requirement_quality REQ-MESH-6 criterion=length — title is 56 words; want 3..=25
2026-06-09T09:52:59.1832947Z   [must] requirement_quality REQ-MIGRATE-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1833204Z   [must] requirement_quality REQ-MSG-4 criterion=length — title is 31 words; want 3..=25
2026-06-09T09:52:59.1833567Z   [must] requirement_quality REQ-PAIR-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1833815Z   [must] requirement_quality REQ-PAIR-8 criterion=length — title is 67 words; want 3..=25
2026-06-09T09:52:59.1834158Z   [must] requirement_quality REQ-PRES-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1834406Z   [must] requirement_quality REQ-PRES-1 criterion=length — title is 48 words; want 3..=25
2026-06-09T09:52:59.1834677Z   [must] requirement_quality REQ-SEAM-SPAWN criterion=length — title is 2 word(s); want 3..=25
2026-06-09T09:52:59.1834992Z   [must] requirement_quality REQ-SHELL-1 criterion=length — title is 36 words; want 3..=25
2026-06-09T09:52:59.1835244Z   [must] requirement_quality REQ-SHELL-2 criterion=length — title is 49 words; want 3..=25
2026-06-09T09:52:59.1835485Z   [must] requirement_quality REQ-STORE-1 criterion=length — title is 34 words; want 3..=25
2026-06-09T09:52:59.1835742Z   [must] requirement_quality REQ-SUBNET-5 criterion=length — title is 52 words; want 3..=25
2026-06-09T09:52:59.1836096Z   [must] requirement_quality REQ-SUBNET-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1836349Z   [must] requirement_quality REQ-SUBNET-6 criterion=length — title is 38 words; want 3..=25
2026-06-09T09:52:59.1836701Z   [must] requirement_quality REQ-SUBNET-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1837082Z   [must] requirement_quality REQ-SUBNET-7 criterion=length — title is 75 words; want 3..=25
2026-06-09T09:52:59.1837368Z   [must] requirement_quality REQ-SUBNET-8 criterion=length — title is 53 words; want 3..=25
2026-06-09T09:52:59.1837716Z   [must] requirement_quality REQ-UPD-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1837956Z   [must] requirement_quality REQ-UPD-6 criterion=length — title is 32 words; want 3..=25
2026-06-09T09:52:59.1838301Z   [must] requirement_quality REQ-UPD-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1838542Z   [must] requirement_quality REQ-UPD-7 criterion=length — title is 88 words; want 3..=25
2026-06-09T09:52:59.1838881Z   [must] requirement_quality REQ-UPD-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-09T09:52:59.1839496Z   [must] requirement_quality REQ-UPD-8 criterion=length — title is 115 words; want 3..=25
2026-06-09T09:52:59.1839630Z 
2026-06-09T09:52:59.1839777Z # Requirement quality review
2026-06-09T09:52:59.1839850Z 
2026-06-09T09:52:59.1840111Z You are reviewing 179 requirement(s) from `traceable-reqs.toml` against a quality
2026-06-09T09:52:59.1840364Z rubric. Deterministic checks (length, contains-and, tbd-todo, duplicate-titles,
2026-06-09T09:52:59.1840603Z trailing-etc) have already run and surfaced as `requirement_quality` findings on
2026-06-09T09:52:59.1840777Z this command's output. Your task is the rubric items below.
2026-06-09T09:52:59.1840816Z 
2026-06-09T09:52:59.1840910Z ## Rubric
2026-06-09T09:52:59.1840948Z 
2026-06-09T09:52:59.1841366Z - **singular** — describes one capability; no smuggled "and"/"or" across distinct actions.
2026-06-09T09:52:59.1841662Z - **verifiable** — states an observable behavior a test or reviewer could confirm.
2026-06-09T09:52:59.1841939Z - **atomic** — cannot be split into two requirements without losing meaning.
2026-06-09T09:52:59.1842130Z - **active-voice** — clear subject and active verb.
2026-06-09T09:52:59.1842201Z 
2026-06-09T09:52:59.1842474Z If a criterion is borderline or doesn't apply, abstain — only emit findings for
2026-06-09T09:52:59.1842831Z clear concerns.
2026-06-09T09:52:59.1842868Z 
2026-06-09T09:52:59.1842978Z ## Requirements
2026-06-09T09:52:59.1843012Z 
2026-06-09T09:52:59.1843113Z ### REQ-ARCH-1
2026-06-09T09:52:59.1843260Z - Title: Many small acyclically-layered crates
2026-06-09T09:52:59.1843380Z - Required stages: impl
2026-06-09T09:52:59.1843413Z 
2026-06-09T09:52:59.1843521Z ### REQ-ARCH-2
2026-06-09T09:52:59.1843702Z - Title: Public SDK surface is spt-proto, spt-runtime, spt-msg
2026-06-09T09:52:59.1843827Z - Required stages: impl
2026-06-09T09:52:59.1843864Z 
2026-06-09T09:52:59.1843968Z ### REQ-ARCH-3
2026-06-09T09:52:59.1844198Z - Title: Wire-protocol version independent of crate semver, N-1 compat window
2026-06-09T09:52:59.1844327Z - Required stages: impl, unit
2026-06-09T09:52:59.1844366Z 
2026-06-09T09:52:59.1844466Z ### REQ-ARCH-4
2026-06-09T09:52:59.1844690Z - Title: Copy-verbatim the commodity layer from the sister project
2026-06-09T09:52:59.1844841Z - Required stages: impl, unit
2026-06-09T09:52:59.1844874Z 
2026-06-09T09:52:59.1844976Z ### REQ-DAEMON-1
2026-06-09T09:52:59.1845161Z - Title: One per-machine spt-daemon owning all per-machine state
2026-06-09T09:52:59.1845281Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1845315Z 
2026-06-09T09:52:59.1845423Z ### REQ-DAEMON-2
2026-06-09T09:52:59.1845581Z - Title: Broker/brain split for seamless self-update
2026-06-09T09:52:59.1845701Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1845733Z 
2026-06-09T09:52:59.1845842Z ### REQ-DAEMON-3
2026-06-09T09:52:59.1846018Z - Title: Any api invocation auto-starts the daemon if absent
2026-06-09T09:52:59.1846135Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1846168Z 
2026-06-09T09:52:59.1846269Z ### REQ-DAEMON-4
2026-06-09T09:52:59.1846407Z - Title: Honor every KNOWN-HAZARDS invariant
2026-06-09T09:52:59.1846670Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1846703Z 
2026-06-09T09:52:59.1846807Z ### REQ-STORE-1
2026-06-09T09:52:59.1847819Z - Title: spt-store::BranchStore (git branch as versioned KV; commit=checkpoint/tip=resume, atomic multi-key, merge-native sync) is the substrate for coarse/durable/audited state (context, registry snapshot+distribution, daemon checkpoint); hot paths (B5 fsync journal) + indexed queries (SQLite spool) excluded (ADR-0011)
2026-06-09T09:52:59.1847952Z - Required stages: impl, unit
2026-06-09T09:52:59.1847985Z 
2026-06-09T09:52:59.1848090Z ### REQ-MANIFEST-1
2026-06-09T09:52:59.1848304Z - Title: Per-adapter manifest with adapter_name and min_spt_core_version
2026-06-09T09:52:59.1848424Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1848459Z 
2026-06-09T09:52:59.1848563Z ### REQ-SEAM-SPAWN
2026-06-09T09:52:59.1848686Z - Title: spawn-session seam
2026-06-09T09:52:59.1848799Z - Required stages: impl, unit
2026-06-09T09:52:59.1848833Z 
2026-06-09T09:52:59.1848945Z ### REQ-SEAM-POSTSPAWN
2026-06-09T09:52:59.1849174Z - Title: post-spawn / api bind seam with boot nonce
2026-06-09T09:52:59.1849308Z - Required stages: impl, unit
2026-06-09T09:52:59.1849341Z 
2026-06-09T09:52:59.1849456Z ### REQ-SEAM-PSYCHE
2026-06-09T09:52:59.1849617Z - Title: spawn-psyche seam (fresh + resume templates)
2026-06-09T09:52:59.1849790Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1849828Z 
2026-06-09T09:52:59.1849980Z ### REQ-SEAM-HISTORY
2026-06-09T09:52:59.1850166Z - Title: History subsystem (fetcher / locate-normalize / native store)
2026-06-09T09:52:59.1850271Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1850309Z 
2026-06-09T09:52:59.1850400Z ### REQ-SEAM-ACTIVITY
2026-06-09T09:52:59.1850580Z - Title: Activity/idle reported via api sentinels, not PTY quiescence
2026-06-09T09:52:59.1850681Z - Required stages: impl, unit
2026-06-09T09:52:59.1850710Z 
2026-06-09T09:52:59.1850815Z ### REQ-SEAM-INJECT
2026-06-09T09:52:59.1850972Z - Title: inject-input methods configurable per activity-state
2026-06-09T09:52:59.1851092Z - Required stages: impl, unit
2026-06-09T09:52:59.1851130Z 
2026-06-09T09:52:59.1851409Z ### REQ-SEAM-RESUME
2026-06-09T09:52:59.1851583Z - Title: resume-session seam (fresh-with-preload / continue-existing)
2026-06-09T09:52:59.1851698Z - Required stages: impl, unit
2026-06-09T09:52:59.1851731Z 
2026-06-09T09:52:59.1851827Z ### REQ-SEAM-CAPABILITY
2026-06-09T09:52:59.1851984Z - Title: Hostable endpoint-types capability declaration
2026-06-09T09:52:59.1852099Z - Required stages: impl, unit
2026-06-09T09:52:59.1852127Z 
2026-06-09T09:52:59.1852222Z ### REQ-SEAM-UPDATE
2026-06-09T09:52:59.1852399Z - Title: Adapter-update avenue (file-pull / delegated command)
2026-06-09T09:52:59.1852499Z - Required stages: impl, unit
2026-06-09T09:52:59.1852532Z 
2026-06-09T09:52:59.1852643Z ### REQ-API-1
2026-06-09T09:52:59.1852814Z - Title: api prefix and adapter_name on every machinery invocation
2026-06-09T09:52:59.1852923Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1852957Z 
2026-06-09T09:52:59.1853067Z ### REQ-API-2
2026-06-09T09:52:59.1853267Z - Title: The api subcommand surface (bind/listen/poll/state/worker/boundary/...)
2026-06-09T09:52:59.1853395Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1853424Z 
2026-06-09T09:52:59.1853533Z ### REQ-API-3
2026-06-09T09:52:59.1853664Z - Title: commune/signoff are file-drops, not commands
2026-06-09T09:52:59.1853781Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1853811Z 
2026-06-09T09:52:59.1853902Z ### REQ-START-1
2026-06-09T09:52:59.1854100Z - Title: Adapters never resolve SPT_HOME; binary on PATH; api bridging only
2026-06-09T09:52:59.1854229Z - Required stages: impl, unit
2026-06-09T09:52:59.1854258Z 
2026-06-09T09:52:59.1854354Z ### REQ-START-2
2026-06-09T09:52:59.1854515Z - Title: Harness-hosted startup: api seed then listen
2026-06-09T09:52:59.1854616Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1854645Z 
2026-06-09T09:52:59.1854749Z ### REQ-START-3
2026-06-09T09:52:59.1854916Z - Title: spt-hosted startup: spawn-session then api bind (no file)
2026-06-09T09:52:59.1855154Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1855202Z 
2026-06-09T09:52:59.1855307Z ### REQ-START-4
2026-06-09T09:52:59.1855434Z - Title: Adapter-injected env aliases (SPT/OWL/LIVE)
2026-06-09T09:52:59.1855560Z - Required stages: impl, unit
2026-06-09T09:52:59.1855589Z 
2026-06-09T09:52:59.1855678Z ### REQ-EP-1
2026-06-09T09:52:59.1855822Z - Title: Day-one endpoint types; open type system
2026-06-09T09:52:59.1855946Z - Required stages: impl, unit
2026-06-09T09:52:59.1855978Z 
2026-06-09T09:52:59.1856074Z ### REQ-EP-2
2026-06-09T09:52:59.1856242Z - Title: Agent endpoints vs Shells distinction in the type model
2026-06-09T09:52:59.1856345Z - Required stages: impl, unit
2026-06-09T09:52:59.1856378Z 
2026-06-09T09:52:59.1856483Z ### REQ-EP-3
2026-06-09T09:52:59.1856667Z - Title: Messaging payloads carry typed operation commands + file blobs
2026-06-09T09:52:59.1856771Z - Required stages: impl, unit
2026-06-09T09:52:59.1856810Z 
2026-06-09T09:52:59.1856953Z ### REQ-EP-4
2026-06-09T09:52:59.1857096Z - Title: PresenceChannel broker endpoint (seam day-one)
2026-06-09T09:52:59.1857234Z - Required stages: impl, unit
2026-06-09T09:52:59.1857264Z 
2026-06-09T09:52:59.1857367Z ### REQ-EP-5
2026-06-09T09:52:59.1858001Z - Title: Concrete shell instantiation model: spawn-mints-instance (vs relink/online), registered-on-node permission + broadcast-is-discovery, per-shell require_approval gate, max_instances_per_owner + over_cap, instance aliasing, discovery scope
2026-06-09T09:52:59.1858127Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1858160Z 
2026-06-09T09:52:59.1858250Z ### REQ-INST-1
2026-06-09T09:52:59.1858423Z - Title: endpoint ID vs instance split (adapter-agnostic ID)
2026-06-09T09:52:59.1858536Z - Required stages: 
2026-06-09T09:52:59.1858564Z 
2026-06-09T09:52:59.1858660Z ### REQ-INST-2
2026-06-09T09:52:59.1858818Z - Title: Per-node files, synced Psyche mind
2026-06-09T09:52:59.1858922Z - Required stages: impl, unit
2026-06-09T09:52:59.1859057Z 
2026-06-09T09:52:59.1859160Z ### REQ-INST-3
2026-06-09T09:52:59.1859292Z - Title: Dormant (warm) / suspended (cold) resting states
2026-06-09T09:52:59.1859572Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1859600Z 
2026-06-09T09:52:59.1859701Z ### REQ-INST-4
2026-06-09T09:52:59.1859882Z - Title: active to dormant/suspended fires a transition echo commune
2026-06-09T09:52:59.1859997Z - Required stages: impl, unit
2026-06-09T09:52:59.1860026Z 
2026-06-09T09:52:59.1860126Z ### REQ-INST-5
2026-06-09T09:52:59.1860292Z - Title: Two-tier context sync (live to all, project to same-project)
2026-06-09T09:52:59.1860407Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1860440Z 
2026-06-09T09:52:59.1860530Z ### REQ-INST-6
2026-06-09T09:52:59.1860712Z - Title: Deferred messages not delivered to dormant/suspended instances
2026-06-09T09:52:59.1860831Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1860859Z 
2026-06-09T09:52:59.1860960Z ### REQ-INST-7
2026-06-09T09:52:59.1861117Z - Title: Subnet registry + bare-id resolution policy
2026-06-09T09:52:59.1861222Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1861261Z 
2026-06-09T09:52:59.1861370Z ### REQ-INST-8
2026-06-09T09:52:59.1861518Z - Title: Remote-control mode distinct from local operation
2026-06-09T09:52:59.1861643Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1861671Z 
2026-06-09T09:52:59.1861808Z ### REQ-INST-9
2026-06-09T09:52:59.1862086Z - Title: Multi-subnet membership (same-user N subnets; cross-user seam)
2026-06-09T09:52:59.1862263Z - Required stages: impl, unit
2026-06-09T09:52:59.1862292Z 
2026-06-09T09:52:59.1862439Z ### REQ-INST-10
2026-06-09T09:52:59.1862744Z - Title: Qualified addressing [subnet:]id[@node] + ambiguity forces qualification
2026-06-09T09:52:59.1862921Z - Required stages: impl, unit
2026-06-09T09:52:59.1862945Z 
2026-06-09T09:52:59.1863087Z ### REQ-INST-11
2026-06-09T09:52:59.1863421Z - Title: spt rename <id> rippled to all instances (collision-checked, 6.5-reconciled)
2026-06-09T09:52:59.1863808Z - Required stages: impl, unit
2026-06-09T09:52:59.1863847Z 
2026-06-09T09:52:59.1864008Z ### REQ-INST-12
2026-06-09T09:52:59.1864496Z - Title: Endpoint visibility per-(endpoint,subnet): excluded semantics, OR-of-defaults + override, gates sync
2026-06-09T09:52:59.1864665Z - Required stages: impl, unit
2026-06-09T09:52:59.1864703Z 
2026-06-09T09:52:59.1864856Z ### REQ-INST-13
2026-06-09T09:52:59.1865152Z - Title: Subnet-exclusive sync + per-endpoint subnet-membership list
2026-06-09T09:52:59.1865323Z - Required stages: impl, unit
2026-06-09T09:52:59.1865365Z 
2026-06-09T09:52:59.1865510Z ### REQ-INST-14
2026-06-09T09:52:59.1866092Z - Title: Resource advertisement (subnet resource registry): free-text blurb, both-authored, registry projection, visibility/whitelist-gated
2026-06-09T09:52:59.1866272Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1866310Z 
2026-06-09T09:52:59.1866468Z ### REQ-INST-15
2026-06-09T09:52:59.1867718Z - Title: Immutable home subnet (assigned at creation: auto-if-one/ask-if-many) + spt fork (cross-subnet clone to a new identity, copy-then-diverge, not re-home); adapter chosen at creation from registered hostable adapters, changed only via launch/resume-under-new (ADR-0010)
2026-06-09T09:52:59.1867951Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1867995Z 
2026-06-09T09:52:59.1868133Z ### REQ-REACH-1
2026-06-09T09:52:59.1868372Z - Title: Off-node remote-drive detection + file transfer
2026-06-09T09:52:59.1868557Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1868600Z 
2026-06-09T09:52:59.1868739Z ### REQ-REACH-2
2026-06-09T09:52:59.1869068Z - Title: Remote command execution (deferred, consent-gated)
2026-06-09T09:52:59.1869492Z - Required stages: 
2026-06-09T09:52:59.1869584Z 
2026-06-09T09:52:59.1869716Z ### REQ-MSG-1
2026-06-09T09:52:59.1870179Z - Title: Local message delivery: TCP-first to a registered address, spool fallback when offline; id->address via registry (stale-clean first); reply routing (__REPLY_TO__)
2026-06-09T09:52:59.1870338Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1870372Z 
2026-06-09T09:52:59.1870470Z ### REQ-MSG-2
2026-06-09T09:52:59.1870962Z - Title: spt binary CLI surface: send/ring/ready(+--once)/list/stop/whoami, stable arg shapes + exit codes
2026-06-09T09:52:59.1871080Z - Required stages: impl, unit
2026-06-09T09:52:59.1871109Z 
2026-06-09T09:52:59.1871210Z ### REQ-MSG-3
2026-06-09T09:52:59.1871583Z - Title: Ready-agent lifecycle: register perch (info.json + listener + registry address) on ready, drain spooled backlog on startup, clean teardown
2026-06-09T09:52:59.1871706Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1871739Z 
2026-06-09T09:52:59.1871826Z ### REQ-MSG-4
2026-06-09T09:52:59.1872727Z - Title: Listener stream stdout emits EVENT envelope lines (sister-format, ADR-0001): parse the __REPLY_TO__ frame, pass pre-formed typed envelopes through verbatim (no double-wrap), compose <EVENT type="msg" from=…> otherwise, chunk oversized lines into EVENT-PART
2026-06-09T09:52:59.1872828Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1872871Z 
2026-06-09T09:52:59.1872966Z ### REQ-NODE-IDENTITY
2026-06-09T09:52:59.1873195Z - Title: Ed25519 identity primitive: keypair, detached sign/verify, stable pubkey<->hex
2026-06-09T09:52:59.1873300Z - Required stages: impl, unit
2026-06-09T09:52:59.1873333Z 
2026-06-09T09:52:59.1873424Z ### REQ-NET-1
2026-06-09T09:52:59.1873595Z - Title: WAN messaging first-class, behind default-on net feature flag
2026-06-09T09:52:59.1873700Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1873729Z 
2026-06-09T09:52:59.1873829Z ### REQ-NET-2
2026-06-09T09:52:59.1873991Z - Title: n0 relay default + self-host knob + plain-language disclosure
2026-06-09T09:52:59.1874097Z - Required stages: impl
2026-06-09T09:52:59.1874126Z 
2026-06-09T09:52:59.1874220Z ### REQ-NET-3
2026-06-09T09:52:59.1874387Z - Title: Cross-node Psyche sync over P2P replaces gh-repo-sync
2026-06-09T09:52:59.1874501Z - Required stages: impl, unit
2026-06-09T09:52:59.1874530Z 
2026-06-09T09:52:59.1874741Z ### REQ-PAIR-1
2026-06-09T09:52:59.1874863Z - Title: TOTP-seeded SPAKE2 pairing
2026-06-09T09:52:59.1874993Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1875022Z 
2026-06-09T09:52:59.1875117Z ### REQ-PAIR-2
2026-06-09T09:52:59.1875249Z - Title: Local trust store with TOFU + warn-on-change
2026-06-09T09:52:59.1875339Z - Required stages: 
2026-06-09T09:52:59.1875368Z 
2026-06-09T09:52:59.1875464Z ### REQ-PAIR-3
2026-06-09T09:52:59.1875606Z - Title: Fetch current pairing code from any paired node
2026-06-09T09:52:59.1875707Z - Required stages: impl, unit
2026-06-09T09:52:59.1875741Z 
2026-06-09T09:52:59.1875831Z ### REQ-PAIR-4
2026-06-09T09:52:59.1875935Z - Title: Subnet naming on first pairing
2026-06-09T09:52:59.1876041Z - Required stages: impl, unit
2026-06-09T09:52:59.1876070Z 
2026-06-09T09:52:59.1876160Z ### REQ-PAIR-5
2026-06-09T09:52:59.1876451Z - Title: Multi-subnet pairing: subnet-name discovery input, create-new-names-up-front, rendezvous-token hashing
2026-06-09T09:52:59.1876564Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1876593Z 
2026-06-09T09:52:59.1876675Z ### REQ-PAIR-6
2026-06-09T09:52:59.1876928Z - Title: Elevation-gated per-subnet code fetch (UAC/root or elevated agent; else authenticator app)
2026-06-09T09:52:59.1877033Z - Required stages: impl, unit
2026-06-09T09:52:59.1877066Z 
2026-06-09T09:52:59.1877156Z ### REQ-PAIR-7
2026-06-09T09:52:59.1877305Z - Title: Subnet icon (inline image metadata, GUI-only consumer)
2026-06-09T09:52:59.1877399Z - Required stages: 
2026-06-09T09:52:59.1877428Z 
2026-06-09T09:52:59.1877518Z ### REQ-SUBNET-1
2026-06-09T09:52:59.1877815Z - Title: spt subnet noun namespace: status view (bare + status [NAME] [--nodes]), create (QR/otpauth), show-code; spt pair deleted
2026-06-09T09:52:59.1877926Z - Required stages: impl, unit
2026-06-09T09:52:59.1877954Z 
2026-06-09T09:52:59.1878051Z ### REQ-SUBNET-2
2026-06-09T09:52:59.1878273Z - Title: Guided join e2e: spt subnet join CLI initiator + always-on daemon pairing responder
2026-06-09T09:52:59.1878393Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1878426Z 
2026-06-09T09:52:59.1878516Z ### REQ-SUBNET-3
2026-06-09T09:52:59.1878918Z - Title: Node labels: hostname-default, gossiped, addressable in @node qualifiers (refuse-on-ambiguity)
2026-06-09T09:52:59.1879117Z - Required stages: impl, unit
2026-06-09T09:52:59.1879151Z 
2026-06-09T09:52:59.1879242Z ### REQ-SUBNET-4
2026-06-09T09:52:59.1879533Z - Title: Subnet membership mutations elevation-gated (create = seed reveal; join = trust-boundary enrollment)
2026-06-09T09:52:59.1879642Z - Required stages: impl, unit
2026-06-09T09:52:59.1879665Z 
2026-06-09T09:52:59.1879756Z ### REQ-DOCS-6
2026-06-09T09:52:59.1880066Z - Title: spt how-to <topic>: in-binary task-oriented agent instructions (anti-drift; quickstart prompts point agents at it)
2026-06-09T09:52:59.1880168Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1880201Z 
2026-06-09T09:52:59.1880300Z ### REQ-SEC-1
2026-06-09T09:52:59.1880663Z - Title: Per-endpoint access whitelist: origin-node gate, stateful-firewall (reply/outbound exempt), node-now/user-later, outer gate before grants
2026-06-09T09:52:59.1880783Z - Required stages: impl, unit
2026-06-09T09:52:59.1880812Z 
2026-06-09T09:52:59.1880903Z ### REQ-NOTIF-1
2026-06-09T09:52:59.1881241Z - Title: Notification primitive: per-subnet replicated spool, seen/dismissed, resurface-at-boundary, subsumes update+consent prompts
2026-06-09T09:52:59.1881350Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1881383Z 
2026-06-09T09:52:59.1881470Z ### REQ-NOTIF-2
2026-06-09T09:52:59.1881722Z - Title: spt notify (agent-issued subnet notif) + notif_command manifest seam (harness + shell adapters)
2026-06-09T09:52:59.1881833Z - Required stages: doc, impl, unit, int
2026-06-09T09:52:59.1881865Z 
2026-06-09T09:52:59.1881951Z ### REQ-UPD-1
2026-06-09T09:52:59.1882056Z - Title: Peer-propagated update over P2P
2026-06-09T09:52:59.1882152Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1882180Z 
2026-06-09T09:52:59.1882275Z ### REQ-UPD-2
2026-06-09T09:52:59.1882532Z - Title: All binaries signature-verified before handoff
2026-06-09T09:52:59.1882643Z - Required stages: impl, unit
2026-06-09T09:52:59.1882671Z 
2026-06-09T09:52:59.1882778Z ### REQ-UPD-3
2026-06-09T09:52:59.1882942Z - Title: No endpoint process terminates/suspends during self-update
2026-06-09T09:52:59.1883056Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1883085Z 
2026-06-09T09:52:59.1883188Z ### REQ-UPD-4
2026-06-09T09:52:59.1883368Z - Title: Update gated on user confirmation by default; opt-in full-auto
2026-06-09T09:52:59.1883484Z - Required stages: impl, unit
2026-06-09T09:52:59.1883517Z 
2026-06-09T09:52:59.1883611Z ### REQ-UPD-5
2026-06-09T09:52:59.1883770Z - Title: spt-core ripple-updates registered adapters
2026-06-09T09:52:59.1883888Z - Required stages: impl, unit
2026-06-09T09:52:59.1883922Z 
2026-06-09T09:52:59.1883998Z ### REQ-UPD-6
2026-06-09T09:52:59.1884799Z - Title: Platform-targeted update sets and debug rollout: signed multi-platform update metadata, recipient platform selection, channel-scoped monotonic counters, debug-channel opt-in via release-key overlay, local staging plus pull-based peer propagation, and maintainer-only convergence tooling (ADR-0016)
2026-06-09T09:52:59.1884923Z - Required stages: doc, impl, unit, int
2026-06-09T09:52:59.1884957Z 
2026-06-09T09:52:59.1885052Z ### REQ-UPD-7
2026-06-09T09:52:59.1887077Z - Title: Origin-source update bootstrap (`spt update fetch`): pull the latest signed release directly from the GitHub release origin (`SaberMage/spt-releases`) — the per-platform artifact + its `<asset>.release.json` SignedRelease metadata — and stage it through the EXISTING verify→stage pipeline (the same `plan_verified` gate: two-key signature + channel + monotonic rollback floor + SHA-256), after which the normal consent-notif / `spt update apply` flow is unchanged. Closes the peer-only-discovery gap (REQ-UPD-1): a first-in-fleet / isolated node can update with no peer to pull from. The signed-release anchor keeps the GitHub transport untrusted-but-verified.
2026-06-09T09:52:59.1887226Z - Required stages: impl, unit
2026-06-09T09:52:59.1887383Z 
2026-06-09T09:52:59.1887478Z ### REQ-UPD-8
2026-06-09T09:52:59.1889987Z - Title: Platform-safe `spt update fetch` + apply platform-guard (v0.3.1 cross-OS brick fix): `spt update fetch` stages the signed multi-platform `SignedUpdateSet` (`update-set.json` + every platform artifact it names), never a platform-blind single `SignedRelease`, so local apply selects `current_platform()` and P2P re-serve lets each peer select ITS own platform. Defense-in-depth: `apply_staged` REFUSES a staged single-release artifact unless it is platform-stamped for THIS node (an unstamped pre-v0.3.2 single, or a single stamped for another OS, fail-safe refuses — the guard that alone prevents the v0.3.1 brick where a Linux ELF was applied as `spt.exe`). UX: a friendly post-apply message (`Updated spt-core to vX.Y.Z.` + changelog URL) driven by an additive `product_version` metadata field, with a release-counter fallback when absent.
2026-06-09T09:52:59.1890117Z - Required stages: impl, unit
2026-06-09T09:52:59.1890151Z 
2026-06-09T09:52:59.1890254Z ### REQ-TERM-1
2026-06-09T09:52:59.1890422Z - Title: Process-supervisor terminal wrapper hosting broker PTYs
2026-06-09T09:52:59.1890522Z - Required stages: impl, unit
2026-06-09T09:52:59.1890559Z 
2026-06-09T09:52:59.1890645Z ### REQ-TERM-2
2026-06-09T09:52:59.1890818Z - Title: session-surface abstraction; send-keys + send-line injection
2026-06-09T09:52:59.1890911Z - Required stages: impl, unit
2026-06-09T09:52:59.1890935Z 
2026-06-09T09:52:59.1891031Z ### REQ-TERM-3
2026-06-09T09:52:59.1891158Z - Title: Byte-stream remote terminal streaming for v1
2026-06-09T09:52:59.1891271Z - Required stages: impl, unit
2026-06-09T09:52:59.1891300Z 
2026-06-09T09:52:59.1891395Z ### REQ-TERM-4
2026-06-09T09:52:59.1891735Z - Title: Live activity buffer (PTY digest): adapter-supplied patterns over broker PTY, spt digest pull + delta-stream, opt-in Path-B log
2026-06-09T09:52:59.1891854Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1892002Z 
2026-06-09T09:52:59.1892097Z ### REQ-FRONT-1
2026-06-09T09:52:59.1892287Z - Title: Day-one launcher/manager frontend (list/launch/attach/init)
2026-06-09T09:52:59.1892393Z - Required stages: 
2026-06-09T09:52:59.1892426Z 
2026-06-09T09:52:59.1892516Z ### REQ-INSTALL-1
2026-06-09T09:52:59.1892722Z - Title: Two install paths; signed one-line script; OS-service registration
2026-06-09T09:52:59.1892816Z - Required stages: doc, impl, int
2026-06-09T09:52:59.1892840Z 
2026-06-09T09:52:59.1892936Z ### REQ-INSTALL-2
2026-06-09T09:52:59.1893069Z - Title: Marketplace-repackaging-friendly install
2026-06-09T09:52:59.1893164Z - Required stages: doc
2026-06-09T09:52:59.1893188Z 
2026-06-09T09:52:59.1893280Z ### REQ-INSTALL-3
2026-06-09T09:52:59.1893412Z - Title: Idempotent + interactive-optional first run
2026-06-09T09:52:59.1893521Z - Required stages: impl, int
2026-06-09T09:52:59.1893549Z 
2026-06-09T09:52:59.1893645Z ### REQ-INSTALL-4
2026-06-09T09:52:59.1894248Z - Title: Adapter registration lifecycle: spt adapter add (--github, manifest-first, install-is-first-update) + soft-deregister remove + optional manifest uninstall template; node-local registered-adapter set self-update ripples over
2026-06-09T09:52:59.1894368Z - Required stages: impl, unit
2026-06-09T09:52:59.1894396Z 
2026-06-09T09:52:59.1894486Z ### REQ-MIGRATE-1
2026-06-09T09:52:59.1894649Z - Title: Auto-detect and migrate a legacy claude_skill_owl install
2026-06-09T09:52:59.1894749Z - Required stages: 
2026-06-09T09:52:59.1894782Z 
2026-06-09T09:52:59.1894869Z ### REQ-INFRA-1
2026-06-09T09:52:59.1895040Z - Title: GitHub issue tracking for v1; tangled.org as migration target
2026-06-09T09:52:59.1895130Z - Required stages: 
2026-06-09T09:52:59.1895159Z 
2026-06-09T09:52:59.1895246Z ### REQ-INSTALL-5
2026-06-09T09:52:59.1895717Z - Title: Non-interactive install path: the canonical one-liner doubles as every adapter's pack-in on-demand install (no second mechanism); sha256-verified fetch; user-PATH registration
2026-06-09T09:52:59.1895828Z - Required stages: impl, int
2026-06-09T09:52:59.1895861Z 
2026-06-09T09:52:59.1896070Z ### REQ-REL-1
2026-06-09T09:52:59.1896430Z - Title: spt-releases publish-target repo: README public face, licensing split, Pages docs at the permanent lapse-proof canonical URL (ADR-0014)
2026-06-09T09:52:59.1896565Z - Required stages: doc, impl
2026-06-09T09:52:59.1896594Z 
2026-06-09T09:52:59.1896698Z ### REQ-REL-2
2026-06-09T09:52:59.1897166Z - Title: Release asset set consumable by the self-updater: platform binaries, SHA256SUMS, SignedRelease metadata, manifest schema, mock-adapter zip; tag-triggered cross-repo pipeline
2026-06-09T09:52:59.1897276Z - Required stages: impl, int
2026-06-09T09:52:59.1897304Z 
2026-06-09T09:52:59.1897384Z ### REQ-REL-3
2026-06-09T09:52:59.1897801Z - Title: Two-key release-signing trust anchor: primary + offline never-used recovery, both pubkeys embedded in the binary's trusted set, manual local signing (ADR-0015)
2026-06-09T09:52:59.1897914Z - Required stages: impl, unit
2026-06-09T09:52:59.1897952Z 
2026-06-09T09:52:59.1898038Z ### REQ-DOCS-1
2026-06-09T09:52:59.1898238Z - Title: Dual-audience docs (human + AI dev-agent), markdown once / two depths
2026-06-09T09:52:59.1898343Z - Required stages: doc, impl
2026-06-09T09:52:59.1898372Z 
2026-06-09T09:52:59.1898468Z ### REQ-DOCS-2
2026-06-09T09:52:59.1898628Z - Title: Sub-10-minute runnable killer quickstart per audience
2026-06-09T09:52:59.1898723Z - Required stages: doc, int
2026-06-09T09:52:59.1898757Z 
2026-06-09T09:52:59.1898856Z ### REQ-DOCS-3
2026-06-09T09:52:59.1899098Z - Title: Diátaxis structure; one canonical way to do X
2026-06-09T09:52:59.1899203Z - Required stages: doc
2026-06-09T09:52:59.1899237Z 
2026-06-09T09:52:59.1899327Z ### REQ-DOCS-4
2026-06-09T09:52:59.1899504Z - Title: Agent-consumable layer (llms.txt, manifest schema, MCP, CLI help)
2026-06-09T09:52:59.1899617Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1899651Z 
2026-06-09T09:52:59.1899733Z ### REQ-DOCS-5
2026-06-09T09:52:59.1900033Z - Title: Anti-drift: rustdoc/schema/exports/CLI-help generated + CI-checked
2026-06-09T09:52:59.1900157Z - Required stages: impl, int
2026-06-09T09:52:59.1900190Z 
2026-06-09T09:52:59.1900300Z ### REQ-HAZARD-GRACE-BEFORE-SIGNOFF
2026-06-09T09:52:59.1900486Z - Title: Grace-period wait completes before composing INIT_SIGNOFF (1.1)
2026-06-09T09:52:59.1900595Z - Required stages: impl, unit
2026-06-09T09:52:59.1900629Z 
2026-06-09T09:52:59.1900753Z ### REQ-HAZARD-INFO-JSON-TORN-READ
2026-06-09T09:52:59.1900910Z - Title: State-file reads tolerate concurrent writes (1.2)
2026-06-09T09:52:59.1901020Z - Required stages: impl, unit
2026-06-09T09:52:59.1901049Z 
2026-06-09T09:52:59.1901173Z ### REQ-HAZARD-STALE-INDEX-LOCK
2026-06-09T09:52:59.1901302Z - Title: Sweep stale lockfiles on daemon boot (1.3)
2026-06-09T09:52:59.1901420Z - Required stages: impl, unit
2026-06-09T09:52:59.1901448Z 
2026-06-09T09:52:59.1901557Z ### REQ-HAZARD-DEFERRED-DRAIN
2026-06-09T09:52:59.1901742Z - Title: Deferred spool rows excluded from the event-stream drain (1.4)
2026-06-09T09:52:59.1901855Z - Required stages: impl, unit
2026-06-09T09:52:59.1901879Z 
2026-06-09T09:52:59.1901980Z ### REQ-HAZARD-WORKER-PATH
2026-06-09T09:52:59.1902155Z - Title: Single source of truth for Worker/Psyche perch location (1.5)
2026-06-09T09:52:59.1902257Z - Required stages: impl, unit
2026-06-09T09:52:59.1902290Z 
2026-06-09T09:52:59.1902400Z ### REQ-HAZARD-PARENT-PID-PREFER
2026-06-09T09:52:59.1902576Z - Title: Prefer stable parent PID / broker handle over ephemeral PID (2.1)
2026-06-09T09:52:59.1902671Z - Required stages: 
2026-06-09T09:52:59.1902700Z 
2026-06-09T09:52:59.1902808Z ### REQ-HAZARD-STDIN-SESSION-ID
2026-06-09T09:52:59.1902929Z - Title: Stdin session_id precedence over env (2.2)
2026-06-09T09:52:59.1903023Z - Required stages: 
2026-06-09T09:52:59.1903053Z 
2026-06-09T09:52:59.1903167Z ### REQ-HAZARD-HANDOFF-ARGV-COMPAT
2026-06-09T09:52:59.1903315Z - Title: Broker/brain IPC + handoff argv version-tolerant (2.3)
2026-06-09T09:52:59.1903414Z - Required stages: impl, unit
2026-06-09T09:52:59.1903438Z 
2026-06-09T09:52:59.1903535Z ### REQ-HAZARD-GEN-START-NOW
2026-06-09T09:52:59.1903772Z - Title: gen_start = now() on cold-start and handoff (2.4)
2026-06-09T09:52:59.1903878Z - Required stages: impl, int
2026-06-09T09:52:59.1903912Z 
2026-06-09T09:52:59.1904015Z ### REQ-HAZARD-EPHEMERAL-CLEANUP
2026-06-09T09:52:59.1904162Z - Title: Ephemeral perch cleanup on every ring exit path (3.1)
2026-06-09T09:52:59.1904257Z - Required stages: impl, unit
2026-06-09T09:52:59.1904299Z 
2026-06-09T09:52:59.1904422Z ### REQ-HAZARD-STALE-SIGNOFF-SENTINEL
2026-06-09T09:52:59.1904575Z - Title: Stale signoff sentinel does not kill a fresh start (3.2)
2026-06-09T09:52:59.1904670Z - Required stages: impl, unit
2026-06-09T09:52:59.1904698Z 
2026-06-09T09:52:59.1904809Z ### REQ-HAZARD-ECHO-BEFORE-SIGNOFF
2026-06-09T09:52:59.1904975Z - Title: Echo-commune fires before INIT_SIGNOFF on orphan teardown (3.3)
2026-06-09T09:52:59.1905075Z - Required stages: impl, unit
2026-06-09T09:52:59.1905109Z 
2026-06-09T09:52:59.1905219Z ### REQ-HAZARD-ENVELOPE-DECODE-ORDER
2026-06-09T09:52:59.1905371Z - Title: Envelope decode order, ampersand decoded last (4.1)
2026-06-09T09:52:59.1905472Z - Required stages: impl, unit
2026-06-09T09:52:59.1905501Z 
2026-06-09T09:52:59.1905605Z ### REQ-HAZARD-ENVELOPE-CR-LINESAFE
2026-06-09T09:52:59.1907354Z - Title: Envelope CR-linesafety (4.1): the line-framed EVENT codec must neutralize raw carriage returns — `event_body_escape` folds CRLF/lone-CR to the codec's representable linebreak (`\n`→`<br>`) BEFORE framing, so a body carrying `\r` (Windows `echo`/CRLF text crossing nodes) cannot survive into the single-line envelope and trigger a receiver terminal CR→col0 overwrite that corrupts the frame. Robustness on unrepresentable input, NOT a wire-format change (decoder untouched, amp-last invariant held). Belt-and-suspenders: `spt send`/`ring` also trim stdin (parity with `notify`).
2026-06-09T09:52:59.1907459Z - Required stages: impl, unit
2026-06-09T09:52:59.1907601Z 
2026-06-09T09:52:59.1907703Z ### REQ-HAZARD-ENVELOPE-PARSER-SAFE
2026-06-09T09:52:59.1907868Z - Title: Two-slice envelope parser is panic-free and tolerant (4.2)
2026-06-09T09:52:59.1907993Z - Required stages: impl, unit
2026-06-09T09:52:59.1908022Z 
2026-06-09T09:52:59.1908131Z ### REQ-HAZARD-EVENTPART-REASSEMBLY
2026-06-09T09:52:59.1908337Z - Title: EVENT-PART split/reassembly is byte-exact; orphan parts dropped silently
2026-06-09T09:52:59.1908431Z - Required stages: impl, unit
2026-06-09T09:52:59.1908460Z 
2026-06-09T09:52:59.1908565Z ### REQ-HAZARD-ID-CHARSET
2026-06-09T09:52:59.1908798Z - Title: Addressable-id charset reserves :/@ delimiters; validated at every creation seam (4.6)
2026-06-09T09:52:59.1908894Z - Required stages: impl, unit
2026-06-09T09:52:59.1908922Z 
2026-06-09T09:52:59.1909141Z ### REQ-HAZARD-REGISTRY-STALE-CLEAN
2026-06-09T09:52:59.1909308Z - Title: Stale registry entries degrade to fallback, never hard-fail (4.3)
2026-06-09T09:52:59.1909406Z - Required stages: impl, unit
2026-06-09T09:52:59.1909453Z 
2026-06-09T09:52:59.1909557Z ### REQ-HAZARD-REGISTRY-CONCURRENT
2026-06-09T09:52:59.1909792Z - Title: Concurrent SQLite openers (registry/spool) must not fail with 'database is locked' (4.7)
2026-06-09T09:52:59.1909892Z - Required stages: impl, unit
2026-06-09T09:52:59.1909925Z 
2026-06-09T09:52:59.1910026Z ### REQ-HAZARD-REGISTRY-DIR-CREATE
2026-06-09T09:52:59.1910383Z - Title: SQLite store opens create their parent dir themselves — a fresh-home registry op must not SQLITE_CANTOPEN (4.9)
2026-06-09T09:52:59.1910487Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1910516Z 
2026-06-09T09:52:59.1910612Z ### REQ-HAZARD-REGISTRY-EPOCH-LEASE
2026-06-09T09:52:59.1911027Z - Title: Registry merge ordered by per-node monotonic epoch, never wall-clock — a stale Active can't clobber a newer Offline (4.8, red-team #8)
2026-06-09T09:52:59.1911126Z - Required stages: impl, unit
2026-06-09T09:52:59.1911155Z 
2026-06-09T09:52:59.1911261Z ### REQ-HAZARD-DEFERRED-SURVIVE-DRAIN
2026-06-09T09:52:59.1911404Z - Title: Deferred rows survive poll drain (4.4)
2026-06-09T09:52:59.1911499Z - Required stages: impl, unit
2026-06-09T09:52:59.1911646Z 
2026-06-09T09:52:59.1911756Z ### REQ-HAZARD-INBOX-NO-DOUBLE
2026-06-09T09:52:59.1911877Z - Title: No double-delivery via legacy inbox (4.5)
2026-06-09T09:52:59.1911980Z - Required stages: impl, unit
2026-06-09T09:52:59.1912009Z 
2026-06-09T09:52:59.1912112Z ### REQ-HAZARD-WINDOWS-PID-RECYCLE
2026-06-09T09:52:59.1912255Z - Title: Windows PID-recycling false positives guarded (5.1)
2026-06-09T09:52:59.1912358Z - Required stages: impl, unit
2026-06-09T09:52:59.1912386Z 
2026-06-09T09:52:59.1912482Z ### REQ-HAZARD-EBUSY-RENAME
2026-06-09T09:52:59.1912640Z - Title: tmp-write + atomic-rename + retry on Windows EBUSY (5.2)
2026-06-09T09:52:59.1912739Z - Required stages: impl, unit
2026-06-09T09:52:59.1912768Z 
2026-06-09T09:52:59.1912869Z ### REQ-HAZARD-SUBPROCESS-TIMEOUT
2026-06-09T09:52:59.1913002Z - Title: Every harness/git subprocess has a timeout (5.3)
2026-06-09T09:52:59.1913107Z - Required stages: impl, unit
2026-06-09T09:52:59.1913137Z 
2026-06-09T09:52:59.1913250Z ### REQ-HAZARD-UNC-PATH-STRIP
2026-06-09T09:52:59.1913383Z - Title: Strip Windows UNC prefix on serialized paths (5.4)
2026-06-09T09:52:59.1913484Z - Required stages: impl, unit
2026-06-09T09:52:59.1913513Z 
2026-06-09T09:52:59.1913618Z ### REQ-HAZARD-SINGLE-PATH-SOURCE
2026-06-09T09:52:59.1913785Z - Title: Single path/registry source of truth; no layout ambiguity (6.1)
2026-06-09T09:52:59.1913884Z - Required stages: impl, unit
2026-06-09T09:52:59.1913912Z 
2026-06-09T09:52:59.1914008Z ### REQ-HAZARD-SOFT-CLEANUP
2026-06-09T09:52:59.1914185Z - Title: Soft-cleanup preserves state, removes only the ready marker (6.2)
2026-06-09T09:52:59.1914285Z - Required stages: impl, unit
2026-06-09T09:52:59.1914313Z 
2026-06-09T09:52:59.1914410Z ### REQ-HAZARD-CASCADE-WIPE-GUARD
2026-06-09T09:52:59.1914575Z - Title: No hard-delete of a parent hosting non-empty children (6.3)
2026-06-09T09:52:59.1914670Z - Required stages: impl, unit
2026-06-09T09:52:59.1914794Z 
2026-06-09T09:52:59.1914906Z ### REQ-HAZARD-DROP-FILE-SINGLE-WRITER
2026-06-09T09:52:59.1915054Z - Title: Drop files are daemon-owned single-writer (6.4)
2026-06-09T09:52:59.1915150Z - Required stages: impl, unit
2026-06-09T09:52:59.1915179Z 
2026-06-09T09:52:59.1915287Z ### REQ-HAZARD-DIRECT-WRITE-PRECEDENCE
2026-06-09T09:52:59.1915493Z - Title: Direct-write precedence marker (with node id) guards stale overwrite (6.5)
2026-06-09T09:52:59.1915592Z - Required stages: impl, unit
2026-06-09T09:52:59.1915621Z 
2026-06-09T09:52:59.1915727Z ### REQ-HAZARD-CONFLICT-BOTH-PRESERVED
2026-06-09T09:52:59.1916250Z - Title: A surfaced concurrent context pair is durably preserved (both versions, tracked artifacts) until a strictly dominating write clears it; no reconcile failure path discards an unmerged version (6.6, ADR-0013)
2026-06-09T09:52:59.1916352Z - Required stages: impl, unit
2026-06-09T09:52:59.1916385Z 
2026-06-09T09:52:59.1916490Z ### REQ-HAZARD-DETACHED-PIPE-INHERIT
2026-06-09T09:52:59.1917541Z - Title: Windows detached long-lived children must not inherit a captured caller's pipe: every detach-spawn of an immortal child (daemon, shell binary) runs bInheritHandles=FALSE, or a caller capturing output anywhere up the process chain hangs forever on a pipe that never EOFs — std-handle flag stripping is NOT sufficient (grandparent strays still flow) (5.6)
2026-06-09T09:52:59.1917657Z - Required stages: impl, unit
2026-06-09T09:52:59.1917685Z 
2026-06-09T09:52:59.1917780Z ### REQ-HAZARD-CONPTY-DSR
2026-06-09T09:52:59.1917977Z - Title: ConPTY reader must auto-answer DSR (ESC[6n) or all child output stalls (5.5)
2026-06-09T09:52:59.1918072Z - Required stages: impl, unit
2026-06-09T09:52:59.1918104Z 
2026-06-09T09:52:59.1918204Z ### REQ-HAZARD-CHILD-CONSOLE-FLASH
2026-06-09T09:52:59.1918606Z - Title: Console-subsystem children of the console-less daemon spawn with CREATE_NO_WINDOW, or each spawn flashes a visible blank window on the user's desktop (5.8)
2026-06-09T09:52:59.1918720Z - Required stages: impl, unit
2026-06-09T09:52:59.1918753Z 
2026-06-09T09:52:59.1918853Z ### REQ-HAZARD-INSTANT-UNDERFLOW
2026-06-09T09:52:59.1919570Z - Title: Scheduling never subtracts a Duration from Instant::now() (underflow-panics on a host booted more recently than the offset); 'due now / never run' is Option<Instant>=None gated on forward duration_since only (5.9)
2026-06-09T09:52:59.1919663Z - Required stages: impl, unit
2026-06-09T09:52:59.1919697Z 
2026-06-09T09:52:59.1919800Z ### REQ-HAZARD-SUDO-SECURE-PATH
2026-06-09T09:52:59.1920638Z - Title: Elevation guidance on Unix names the binary's ABSOLUTE path under sudo (a user-local install ~/.local/bin · ~/.cargo/bin is not on sudo's secure_path, so bare `sudo spt` dies 'command not found'); gated commands auto-elevate on an interactive TTY, else print the runnable hint (5.10)
2026-06-09T09:52:59.1920733Z - Required stages: impl, unit
2026-06-09T09:52:59.1920761Z 
2026-06-09T09:52:59.1920862Z ### REQ-HAZARD-LOCAL-API-AUTH
2026-06-09T09:52:59.1921076Z - Title: Every local `api` mutation authenticated to an endpoint/session (codex #13)
2026-06-09T09:52:59.1921187Z - Required stages: impl, unit
2026-06-09T09:52:59.1921220Z 
2026-06-09T09:52:59.1921329Z ### REQ-HAZARD-RESTART-IDEMPOTENT
2026-06-09T09:52:59.1927769Z - Title: Idempotent/exactly-once delivery across brain restart at every broker boundary (codex #14)
2026-06-09T09:52:59.1927909Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1927942Z 
2026-06-09T09:52:59.1928049Z ### REQ-HAZARD-UPDATE-ROLLBACK
2026-06-09T09:52:59.1928312Z - Title: Self-update rejects version rollback; metadata expiry + adapter content signing (codex #5)
2026-06-09T09:52:59.1928416Z - Required stages: impl, unit
2026-06-09T09:52:59.1928449Z 
2026-06-09T09:52:59.1928560Z ### REQ-HAZARD-DAEMON-HOSTED-LIVENESS
2026-06-09T09:52:59.1929036Z - Title: Daemon-hosted perches (Psyche, spt-hosted Self) derive liveness from the daemon endpoint table + info.json status, never is_process_alive(info.pid) (2.5)
2026-06-09T09:52:59.1929299Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1929327Z 
2026-06-09T09:52:59.1929443Z ### REQ-HAZARD-PSYCHE-OUTBOUND-PROXY
2026-06-09T09:52:59.1930266Z - Title: Psyche outbound captured + sanitized: the live-Psyche turn driver captures stdout (never Stdio::null), and the daemon strips/re-stamps Psyche-supplied from=/target and constrains routing (reply→__REPLY_TO__ sender, notify→own user/subnet) (7.3)
2026-06-09T09:52:59.1930370Z - Required stages: impl, unit
2026-06-09T09:52:59.1930399Z 
2026-06-09T09:52:59.1930517Z ### REQ-HAZARD-DAEMON-SCHED-NONBLOCKING
2026-06-09T09:52:59.1931137Z - Title: Per-agent pulse/psyche/echo-commune scheduling must not serialize across agents: each agent's bounded LLM call (echo-commune summarizer, Psyche turn) runs off the shared scheduler so one slow/hung call cannot stall another agent's tick (7.4)
2026-06-09T09:52:59.1931236Z - Required stages: impl, unit
2026-06-09T09:52:59.1931264Z 
2026-06-09T09:52:59.1931375Z ### REQ-HAZARD-PAIR-TRANSCRIPT-BIND
2026-06-09T09:52:59.1932029Z - Title: Pairing transcript binds roles, both node pubkeys, subnet ID, seed epoch, TOTP time-step, and confirmation MACs — or unknown-key-share/reflection/wrong-subnet/replay pairing remain possible (ADR-0005 #12)
2026-06-09T09:52:59.1932157Z - Required stages: impl, unit
2026-06-09T09:52:59.1932185Z 
2026-06-09T09:52:59.1932295Z ### REQ-HAZARD-PAIR-SEED-ROTATION
2026-06-09T09:52:59.1932804Z - Title: Removing a node rotates the subnet seed (epoch bump) so an old node/old seed cannot rejoin; trust-store delete alone is NOT revocation because the seed is replicated to every trusted node (ADR-0005 #10)
2026-06-09T09:52:59.1932905Z - Required stages: impl, unit
2026-06-09T09:52:59.1932935Z 
2026-06-09T09:52:59.1933039Z ### REQ-HAZARD-PAIR-RATE-LIMIT
2026-06-09T09:52:59.1933888Z - Title: Subnet-global pairing rate limit: one active ceremony per subnet, shared attempt counter, exponential backoff — a public pre-trust relay + multiple seed-holders otherwise enables distributed SPAKE2 guessing (and ±1 TOTP window triples the valid-password space) (ADR-0005 #11)
2026-06-09T09:52:59.1934018Z - Required stages: impl, unit
2026-06-09T09:52:59.1934174Z 
2026-06-09T09:52:59.1934271Z ### REQ-HAZARD-WAN-ORIGIN-AUTH
2026-06-09T09:52:59.1935033Z - Title: WAN-inbound origin is transport truth, never payload: the access gate's subject (ADR-0009 origin-node whitelist) is the QUIC handshake-proven remote node id from the broker's conn/stream table — a forged origin/node field inside record bytes is inert (7.5)
2026-06-09T09:52:59.1935152Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1935186Z 
2026-06-09T09:52:59.1935272Z ### REQ-CONSENT-1
2026-06-09T09:52:59.1936126Z - Title: Consent grant store: capability x subject-agent x target-node rows, enforced at the target node, subnet-settable (replicates as security material near the trust store), revocable; gated-capability ids (remote-exec, instantiate-anywhere) reserved-but-refusing; v1 consumers are the shell spawn gates (CONTEXT Consent & security gates)
2026-06-09T09:52:59.1936256Z - Required stages: impl, unit
2026-06-09T09:52:59.1936285Z 
2026-06-09T09:52:59.1936393Z ### REQ-CONSENT-2
2026-06-09T09:52:59.1937176Z - Title: Interactive consent escalation: an ungated high-risk action routes a consent prompt to the user's most-recently-active session; allow-once / allow-always (writes a grant) / deny; pre-consent flags (can_shutdown, shell_wake_spawn_anywhere) author grants via manifest/settings (CONTEXT Consent & security gates)
2026-06-09T09:52:59.1937280Z - Required stages: impl, unit
2026-06-09T09:52:59.1937309Z 
2026-06-09T09:52:59.1937395Z ### REQ-PRES-1
2026-06-09T09:52:59.1938734Z - Title: Presence resolution: the presence datum (last_active_node, last_active_endpoint, ts) gossiped subnet-wide via the agent-interaction heartbeat (rides registry distribution, visibility-gated) + one first-class most-recently-active resolution API consumed by notif first-fire, update-consent delivery, consent escalation, and shell wake resolution (M5 scope decision 1: resolution only — the PresenceChannel endpoint stays deferred)
2026-06-09T09:52:59.1938938Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1939034Z 
2026-06-09T09:52:59.1939121Z ### REQ-SHELL-1
2026-06-09T09:52:59.1939959Z - Title: Shell hosting machinery: shell perch under the owner (type/owner/adapter_name/status/alias), broker-launched binary + api bind local-link handshake, the three channels (command durable, text+file durable + progress-queryable, sensory REST-only never spooled + dropped-unless-owner-live), owner exclusivity (CONTEXT Shell model)
2026-06-09T09:52:59.1940060Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1940089Z 
2026-06-09T09:52:59.1940179Z ### REQ-SHELL-2
2026-06-09T09:52:59.1941625Z - Title: Shell sleep/wake: link-break always closes the binary (pre-close instruction + termination timeout), ephemeral teardown vs persistent offline/relink, wake_command wake-watcher (offline-only, exit-opcode supervision, exponential backoff + give-up), state-keyed wake resolution (dormant/suspended/active-elsewhere; no-reachable refuses — spawn-anywhere branch deferred), spt shutdown owner cascade + api owner-shutdown gated by can_shutdown (CONTEXT Shell sleep/wake)
2026-06-09T09:52:59.1941768Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1941796Z 
2026-06-09T09:52:59.1941911Z ### REQ-HAZARD-ELEVATED-DAEMON-SPAWN
2026-06-09T09:52:59.1943194Z - Title: The daemon always runs unelevated in the invoking user's universe, regardless of which command spawns it: an elevated spawner de-elevates (Windows: UAC linked token via CreateProcessWithTokenW; Linux: drop to SUDO_UID/SUDO_GID + the invoker's HOME) — an elevated daemon's pipes deny unelevated clients (every later spt reads not-running→spawn→bind Access-denied) and a sudo'd daemon roots the user's state universe (5.7)
2026-06-09T09:52:59.1943298Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1943331Z 
2026-06-09T09:52:59.1943432Z ### REQ-HAZARD-REGISTRY-GHOST-ROWS
2026-06-09T09:52:59.1944734Z - Title: A dead node identity's registry rows must decay: only the per-(endpoint,node) epoch lease supersedes rows, so without eviction a vanished node's rows are immortal and poison bare-id resolution with phantom AcrossNodes ambiguity — evict rows whose author node has not been heard (admitted inbound feed) within the eviction window; own rows never decay; a revived node re-inserts from its durable epoch within one pump cadence (4.10)
2026-06-09T09:52:59.1944983Z - Required stages: doc, impl, unit
2026-06-09T09:52:59.1945016Z 
2026-06-09T09:52:59.1945102Z ### REQ-CLI-1
2026-06-09T09:52:59.1946100Z - Title: spt endpoint noun namespace: absorbs fork/suspend/wake/shutdown/rename/stop/digest + access (ported 1:1: allow|revoke|open|list, decision 21) + description (ex-resources blurb; bare=show, set=author); merged endpoint list [--local|--subnet <name>] grouped by subnet with SELF pinned, --detail adding the ex-resources yellow-pages blurb projection; bare spt endpoint = the list (M8 decisions 1-2, 25)
2026-06-09T09:52:59.1946208Z - Required stages: impl, unit
2026-06-09T09:52:59.1946260Z 
2026-06-09T09:52:59.1946350Z ### REQ-CLI-2
2026-06-09T09:52:59.1947029Z - Title: spt daemon noun: run|stop|status (hidden daemon verb becomes daemon run; agent-endpoint shutdown keeps its name under endpoint); daemon status renders the pump heartbeat (last-tick recency) so a half-dead daemon is never rendered implied-healthy (M8 decisions 5, 23)
2026-06-09T09:52:59.1947136Z - Required stages: impl, unit
2026-06-09T09:52:59.1947164Z 
2026-06-09T09:52:59.1947254Z ### REQ-CLI-3
2026-06-09T09:52:59.1947930Z - Title: Agent hot path stays flat across the M8 reorg: send/ring/ready/whoami/how-to unchanged; notify moves to subnet notify while notif stays top-level; breaking renames land clean with no deprecation shims (zero external CLI consumers pre-spt-claude-code) (M8 decisions 3-4, 9)
2026-06-09T09:52:59.1948037Z - Required stages: impl, unit
2026-06-09T09:52:59.1948065Z 
2026-06-09T09:52:59.1948160Z ### REQ-SUBNET-5
2026-06-09T09:52:59.1949299Z - Title: Per-subnet serve-state: spt subnet detach <NAME> [--save] / attach <NAME> [--save] — daemon keeps running, stops/starts advertising + connecting for that subnet (peer pump + responder selective); --save persists the startup default in daemon config; the all-attached banner gains per-subnet states (M8 decision 6, --save renamed from --auto per decision 25 session)
2026-06-09T09:52:59.1949536Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1949565Z 
2026-06-09T09:52:59.1949657Z ### REQ-SUBNET-6
2026-06-09T09:52:59.1950315Z - Title: Trust lifecycle verbs, elevation-gated: spt subnet leave <NAME> (membership exit) and spt subnet prune <node> (removes a dead identity's trust + registry rows, killing its dead dials; trust mutation = security surface, REQ-PAIR-6 gate machinery) (M8 decisions 6-7)
2026-06-09T09:52:59.1950420Z - Required stages: impl, unit
2026-06-09T09:52:59.1950452Z 
2026-06-09T09:52:59.1950543Z ### REQ-SUBNET-7
2026-06-09T09:52:59.1952171Z - Title: Per-machine re-pair trust overwrite: registry rows carry a hashed stable machine identifier (OS machine id /etc/machine-id|MachineGuid, domain-separated SHA-256 before gossip, spt-minted persisted UUID fallback; additive serde-default field — old rows parse clean); a COMPLETED pairing ceremony presenting the same node label AND machine id as an existing trusted row evicts the superseded identity's trust + registry rows on the seed-holder and replicates the eviction; a gossiped claim alone never evicts trust (M8 decisions 13, 22)
2026-06-09T09:52:59.1952309Z - Required stages: impl, unit
2026-06-09T09:52:59.1952342Z 
2026-06-09T09:52:59.1952428Z ### REQ-SUBNET-8
2026-06-09T09:52:59.1953497Z - Title: Status render honesty: zero-subnet text is daemon-aware ('No subnets registered — this node is standalone.' + daemon-running-dependent blurb, never implying messaging works while the daemon is down); hint footer prints on bare spt subnet only (status drops it); a stalled pump is surfaced in subnet status, never rendered implied-healthy (M8 decisions 11-12, 23)
2026-06-09T09:52:59.1953620Z - Required stages: impl, unit
2026-06-09T09:52:59.1953653Z 
2026-06-09T09:52:59.1953859Z ### REQ-INSTALL-6
2026-06-09T09:52:59.1955038Z - Title: Linux elevation install leg: install.sh symlinks the binary into a sudo-reachable path (/usr/local/bin; graceful print-the-one-liner when unelevated) so sudo spt resolves; first sudo spt detects elevation and prompts ONCE for the default user account — thereafter any elevated daemon launch runs daemon + state under that account, never root (KH 5.7 interplay verified) (M8 decision 8)
2026-06-09T09:52:59.1955143Z - Required stages: impl, unit
2026-06-09T09:52:59.1955177Z 
2026-06-09T09:52:59.1955261Z ### REQ-INSTALL-7
2026-06-09T09:52:59.1956369Z - Title: Windows inbound reachability: the elevated install leg registers the inbound-UDP firewall rule (New-NetFirewallRule); the daemon self-detects blocked inbound and renders it as the no-connection state in subnet status + the coming-online banner (covers user-scope installs that skip the elevated leg — never a silent NO_SEED_HOLDER dead-end) (M8 root cause 3)
2026-06-09T09:52:59.1956496Z - Required stages: impl
2026-06-09T09:52:59.1956544Z 
2026-06-09T09:52:59.1956631Z ### REQ-INSTALL-8
2026-06-09T09:52:59.1957643Z - Title: OS-service registration (REQ-INSTALL-1's deferred third leg): Linux systemd USER service + loginctl enable-linger (linger rides the elevated install leg; daemon starts at boot pre-login, user universe per KH 5.7, systemctl --user managed); Windows scheduled task at-logon (interactive session, no stored credentials); a node is reachable after reboot without any manual spt invocation (M8 decision 17)
2026-06-09T09:52:59.1957748Z - Required stages: impl
2026-06-09T09:52:59.1957776Z 
2026-06-09T09:52:59.1957866Z ### REQ-CONV-1
2026-06-09T09:52:59.1959321Z - Title: Peer address seeding, both cold starts: durable peer-addrs.json (identity dir) maps peer pubkey → last-known dialable address; the pump's resolver consults it FIRST with id-only discovery fallback on miss or dial failure (a stale addr never strands a peer); written by the pairing ceremony (both sides, from the live connection) and by the pump on successful connect; post-join first sync and post-restart resync converge in seconds, not ~1 min (M8 decisions 14, 20)
2026-06-09T09:52:59.1959560Z - Required stages: impl, unit
2026-06-09T09:52:59.1959589Z 
2026-06-09T09:52:59.1959678Z ### REQ-CONV-2
2026-06-09T09:52:59.1960730Z - Title: Event-driven advertisement: endpoint online/offline transitions (ready-listener start/stop, rest-state transition, perch death) trigger an immediate advertise_local + peer push as a WAKE of the existing pump loop (no second advertisement path — epoch lease + visibility gates ride unchanged); the cadence stays the steady-state floor (M8 decision 15)
2026-06-09T09:52:59.1960832Z - Required stages: impl, unit
2026-06-09T09:52:59.1960870Z 
2026-06-09T09:52:59.1960965Z ### REQ-PAIR-8
2026-06-09T09:52:59.1962221Z - Title: NTP TOTP offset: the pairing ceremony queries NTP at ceremony time (both sides) and applies the derived offset to the TOTP calculation in-process only; system-clock fallback when NTP is unreachable (offline LAN pairing unaffected — NTP failure never blocks a pairing that succeeds today); never sets the OS clock; no background sync loop (M8 decision 18; field trigger: enlyzeam clock >1 min off exceeds the ±1 window)
2026-06-09T09:52:59.1962353Z - Required stages: impl, unit
2026-06-09T09:52:59.1962387Z 
2026-06-09T09:52:59.1962478Z ### REQ-DAEMON-5
2026-06-09T09:52:59.1963752Z - Title: Pump liveness: the peer pump writes a last-tick heartbeat consumed by daemon status / subnet status (decision 23 render legs in REQ-CLI-2/REQ-SUBNET-8); the daemon supervises the pump task — a panic is caught, logged loudly, and the pump restarts with capped backoff (≤5 min), so a 5.9-class death self-heals visibly instead of silently halving the daemon (M8 decision 23; field motivation: hfenduleam 2026-06-07 half-death)
2026-06-09T09:52:59.1963852Z - Required stages: impl, unit
2026-06-09T09:52:59.1963884Z 
2026-06-09T09:52:59.1964005Z ### REQ-DAEMON-6
2026-06-09T09:52:59.1965874Z - Title: Service-aware `daemon start`/`stop`: when an OS service manager has a registered spt-daemon for this user, `spt daemon start` and `spt daemon stop` drive THAT service (so stop doesn't IPC-kill a unit that auto-restart-fights for the broker socket — the kitsubito 2026-06-08 loop). `start` graduates from a `run` alias to a first-class background verb (ensure-up, idempotent, non-blocking); stop routes managed→manager, manual→IPC. Linux=systemd user unit (`systemctl --user start|stop|is-active spt-daemon`, detected by unit-file presence); Windows=no controllable manager (the logon task is boot-only), so start=detached spawn / stop=IPC.
2026-06-09T09:52:59.1966107Z - Required stages: impl, unit
2026-06-09T09:52:59.1966136Z 
2026-06-09T09:52:59.1966237Z ### REQ-DAEMON-7
2026-06-09T09:52:59.1967627Z - Title: `daemon run` is foreground-consistent on every platform: the invoking process IS the daemon, blocks until signalled, never auto-detaches or respawns into an invisible background task. The detached/de-elevated background behavior lives ONLY in `start`. Windows: an ELEVATED `daemon run` refuses with guidance (use `start`, or an unelevated shell) instead of respawning detached/de-elevated and vanishing (KH 5.7 preserved — it still never serves elevated).
2026-06-09T09:52:59.1967773Z - Required stages: impl, unit
2026-06-09T09:52:59.1967806Z 
2026-06-09T09:52:59.1967898Z ### REQ-DAEMON-8
2026-06-09T09:52:59.1968823Z - Title: Internal auto-start prefers the service: `ensure_running` (any spt command's implicit daemon start, REQ-DAEMON-3) routes through the service-aware start path — when a manager has a registered service it starts THAT, never a competing manual `spawn_detached` daemon that would fight the service for the socket.
2026-06-09T09:52:59.1968922Z - Required stages: impl, unit
2026-06-09T09:52:59.1969027Z 
2026-06-09T09:52:59.1969113Z ### REQ-DAEMON-9
2026-06-09T09:52:59.1971348Z - Title: Net-bind boot-race resilience: a daemon that comes up net-less (NetHost::start failed — e.g. the systemd unit autostarted before the network/DNS stack was ready, `Failed to create an address lookup service`) must SELF-HEAL — retry the net bring-up in the background with capped backoff and, on success, attach net to the broker + spawn the dispatcher/peer-pump (which today are gated on `net_up` at boot and so never start, leaving the node silently unreachable until a manual restart — kitsubito 2026-06-08). Status surfaces the net-less state honestly (a net-less broker renders as 'no connection', not only a pump-STALLED line with a bogus pre-boot heartbeat age). The installer's autostart unit waits for the network (`Wants=/After=network-online.target`) as belt-and-suspenders.
2026-06-09T09:52:59.1971596Z - Required stages: impl, unit
2026-06-09T09:52:59.1971629Z 
2026-06-09T09:52:59.1971731Z ### REQ-HAZARD-EPOCH-RESET
2026-06-09T09:52:59.1973004Z - Title: Advertisement-epoch reset strands a node: peers' higher last-seen epoch drops the reset node's fresh advertisements as Stale until the counter outruns history. Common case (full reinstall/re-pair) is mitigated by REQ-SUBNET-7's ceremony eviction (peer-side epoch memory dies with the deleted row — acceptance-verified); the residual narrow slice (epoch file lost, identity kept) is documented, guard deferred to a field hit (4.11)
2026-06-09T09:52:59.1973148Z - Required stages: 
2026-06-09T09:52:59.1973180Z 
2026-06-09T09:52:59.1973271Z ### REQ-MESH-1
2026-06-09T09:52:59.1975345Z - Title: Membership proof (seed-proof): symmetric current-epoch seed-knowledge replaces is_trusted at EVERY inbound gate (registry apply, WAN receive, sync, notif, connection accept). MK = HKDF(seed, domain ‖ subnet_id ‖ seed_epoch); mutual channel-bound challenge-response at connect (transcript binds both handshake-proven node pubkeys, both nonces, subnet_id, seed_epoch, role); verified once per connection, cached on the broker ConnEntry, kept warm via QUIC keep-alive so re-proof is restart/partition/rotation-only. Exact-epoch match (re-seed is the sole N-1 exception). SECURITY INVARIANTS: channel-bound (no cross-connection replay), mutual, accepts a member it never paired (the mesh property).
2026-06-09T09:52:59.1975588Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1975625Z 
2026-06-09T09:52:59.1975709Z ### REQ-MESH-2
2026-06-09T09:52:59.1978262Z - Title: Member roster: node-level union-merge grow-set (per member: pubkey, label, machine_id, last-known address, last-seen — NOT the seed), the discovery directory the mesh dials by. Seeded IN FULL at pairing (seed-holder hands joiner the whole current roster, incl. offline members — folds in deferred pairing-time hostname capture + post-join address seeding); each node authors its own entry stamped with its lease_epoch, merged strictly-greater-wins (the node_label lease); exchanged only over seed-proof'd member connections; forgery-inert (a fake entry names a pubkey that still can't seed-proof). Removal needs a TOMBSTONE — a per-pubkey revoked marker that propagates, dominates the entry, gates admission (seed-proof ∧ ¬tombstoned), and prevents reinsert; cleared by a completed re-pair of that pubkey. Persists through silence (offline member keeps its entry).
2026-06-09T09:52:59.1978414Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1978443Z 
2026-06-09T09:52:59.1978534Z ### REQ-MESH-3
2026-06-09T09:52:59.1980246Z - Title: Mesh row fan-out: registry rows stay OWN-AUTHORED; the only change is the push target widens from directly-paired peers to ALL roster members (a wider DIRECT fan-out, never a third-party relay). Every row/message still arrives from its author over a handshake → KNOWN-HAZARDS 7.5 (origin = handshake node) and 4.10 (eviction lease: any future update comes from that node itself, alive) PRESERVED VERBATIM. Closes the staggered A→B→C repro: C (roster-seeded with A at pairing) initiates to A, seed-proof admits C unpaired, A learns C, both push directly.
2026-06-09T09:52:59.1980352Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1980385Z 
2026-06-09T09:52:59.1980589Z ### REQ-MESH-4
2026-06-09T09:52:59.1982776Z - Title: Revoke + timeboxed seed rotation + re-seed grace: `spt subnet revoke <node>...` (list, elevation-gated, revoke-only) writes roster tombstones immediately, then schedules ONE seed rotation (re-mint seed, bump seed_epoch, push new seed CONFIDENTIALLY over member-auth'd TLS connections — never in roster/registry gossip — force-drop revokees) at the close of a coalescing window (default 1h); further revokes in the window join the same rotation (one epoch bump). `--force-rotate-seed` rotates immediately (compromised-node path). RE-SEED GRACE: a node proving the immediately-prior epoch (N-1) AND still on the roster gets a re-seed-only restricted connection (auto-heals a benign offliner); revoked/off-roster denied; ≥2 stale → re-pair.
2026-06-09T09:52:59.1982902Z - Required stages: impl, unit, int
2026-06-09T09:52:59.1982935Z 
2026-06-09T09:52:59.1983019Z ### REQ-MESH-5
2026-06-09T09:52:59.1984413Z - Title: Hard cutover from pairwise trust: delete peers.json + the is_trusted authorization path (no migration — expendable test fleet, re-pairs fresh under the new model, user decision 2026-06-08). Warn-on-change DEMOTED from a gate to an awareness notice anchored on machine_id (not label): 'machine M, last seen as K1, now presents K2' — fires the same event as the REQ-SUBNET-7 re-pair overwrite. The TrustStore/peers.json code and its call sites are removed, not left dead.
2026-06-09T09:52:59.1984557Z - Required stages: impl, unit
2026-06-09T09:52:59.1984590Z 
2026-06-09T09:52:59.1984676Z ### REQ-MESH-6
2026-06-09T09:52:59.1985892Z - Title: Concurrent liveness probes: `spt subnet status --nodes` fans out its offline/serve-probes (REQ-SUBNET-5) CONCURRENTLY — total wall-time bounded by the single-probe ceiling (~3s), never k×ceiling. The mesh makes a node see ALL members (many possibly offline), so a serial probe loop would be offline_count×3s. (Planning verifies the current REQ-SUBNET-5 probe loop's behavior and fixes it if serial.)
2026-06-09T09:52:59.1985995Z - Required stages: impl, unit
2026-06-09T09:52:59.1986047Z 
2026-06-09T09:52:59.1986138Z ## How to report back
2026-06-09T09:52:59.1986298Z 
2026-06-09T09:52:59.1986466Z For every (requirement, failing criterion) pair, emit one finding:
2026-06-09T09:52:59.1986499Z 
2026-06-09T09:52:59.1986584Z     {
2026-06-09T09:52:59.1986693Z       "code": "requirement_quality",
2026-06-09T09:52:59.1986795Z       "requirementId": "REQ-...",
2026-06-09T09:52:59.1986956Z       "criterion": "singular" | "verifiable" | "atomic" | "active-voice",
2026-06-09T09:52:59.1987057Z       "message": "<short reason>",
2026-06-09T09:52:59.1987171Z       "suggestedRevision": "<optional rewrite>"
2026-06-09T09:52:59.1987261Z     }
2026-06-09T09:52:59.1987294Z 
2026-06-09T09:52:59.1987467Z Wrap your response as { "findings": [ ... ] } listing only your concerns; the
2026-06-09T09:52:59.1987604Z deterministic findings above don't need to be repeated.
