﻿2026-06-10T07:08:01.4301209Z ##[group]Run ./traceable-reqs lint || true
2026-06-10T07:08:01.4301585Z [36;1m./traceable-reqs lint || true[0m
2026-06-10T07:08:01.4315135Z shell: /usr/bin/bash -e {0}
2026-06-10T07:08:01.4315428Z ##[endgroup]
2026-06-10T07:08:01.4490857Z Requirement quality findings (82); 181 requirements queued for agent review:
2026-06-10T07:08:01.4492696Z   [must] requirement_quality REQ-API-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4494047Z   [must] requirement_quality REQ-CLI-1 criterion=length — title is 47 words; want 3..=25
2026-06-10T07:08:01.4495563Z   [must] requirement_quality REQ-CLI-2 criterion=length — title is 37 words; want 3..=25
2026-06-10T07:08:01.4496459Z   [must] requirement_quality REQ-CLI-3 criterion=length — title is 37 words; want 3..=25
2026-06-10T07:08:01.4497271Z   [must] requirement_quality REQ-CONSENT-1 criterion=length — title is 41 words; want 3..=25
2026-06-10T07:08:01.4498086Z   [must] requirement_quality REQ-CONSENT-2 criterion=length — title is 37 words; want 3..=25
2026-06-10T07:08:01.4499322Z   [must] requirement_quality REQ-CONV-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4500096Z   [must] requirement_quality REQ-CONV-1 criterion=length — title is 73 words; want 3..=25
2026-06-10T07:08:01.4500869Z   [must] requirement_quality REQ-CONV-2 criterion=length — title is 47 words; want 3..=25
2026-06-10T07:08:01.4501994Z   [must] requirement_quality REQ-DAEMON-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4502813Z   [must] requirement_quality REQ-DAEMON-5 criterion=length — title is 64 words; want 3..=25
2026-06-10T07:08:01.4504348Z   [must] requirement_quality REQ-DAEMON-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4505144Z   [must] requirement_quality REQ-DAEMON-6 criterion=length — title is 84 words; want 3..=25
2026-06-10T07:08:01.4506271Z   [must] requirement_quality REQ-DAEMON-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4507057Z   [must] requirement_quality REQ-DAEMON-7 criterion=length — title is 62 words; want 3..=25
2026-06-10T07:08:01.4507760Z   [must] requirement_quality REQ-DAEMON-8 criterion=length — title is 44 words; want 3..=25
2026-06-10T07:08:01.4508766Z   [must] requirement_quality REQ-DAEMON-9 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4509906Z   [must] requirement_quality REQ-DAEMON-9 criterion=length — title is 114 words; want 3..=25
2026-06-10T07:08:01.4511237Z   [must] requirement_quality REQ-HAZARD-BROKER-PROCESS-ISOLATION criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4512215Z   [must] requirement_quality REQ-HAZARD-BROKER-PROCESS-ISOLATION criterion=length — title is 114 words; want 3..=25
2026-06-10T07:08:01.4513174Z   [must] requirement_quality REQ-HAZARD-CONFLICT-BOTH-PRESERVED criterion=length — title is 29 words; want 3..=25
2026-06-10T07:08:01.4514183Z   [must] requirement_quality REQ-HAZARD-DAEMON-SCHED-NONBLOCKING criterion=length — title is 32 words; want 3..=25
2026-06-10T07:08:01.4515119Z   [must] requirement_quality REQ-HAZARD-DETACHED-PIPE-INHERIT criterion=length — title is 52 words; want 3..=25
2026-06-10T07:08:01.4516393Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4517380Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=length — title is 58 words; want 3..=25
2026-06-10T07:08:01.4518630Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4519632Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=length — title is 73 words; want 3..=25
2026-06-10T07:08:01.4520877Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-PARSER-SAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4521918Z   [must] requirement_quality REQ-HAZARD-EPOCH-RESET criterion=length — title is 60 words; want 3..=25
2026-06-10T07:08:01.4523095Z   [must] requirement_quality REQ-HAZARD-GEN-START-NOW criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4523982Z   [must] requirement_quality REQ-HAZARD-INSTANT-UNDERFLOW criterion=length — title is 30 words; want 3..=25
2026-06-10T07:08:01.4524887Z   [must] requirement_quality REQ-HAZARD-PAIR-RATE-LIMIT criterion=length — title is 37 words; want 3..=25
2026-06-10T07:08:01.4525774Z   [must] requirement_quality REQ-HAZARD-PAIR-SEED-ROTATION criterion=length — title is 33 words; want 3..=25
2026-06-10T07:08:01.4527029Z   [must] requirement_quality REQ-HAZARD-PAIR-TRANSCRIPT-BIND criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4528279Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4529280Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=length — title is 27 words; want 3..=25
2026-06-10T07:08:01.4530468Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4531355Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=length — title is 66 words; want 3..=25
2026-06-10T07:08:01.4532305Z   [must] requirement_quality REQ-HAZARD-ROLLBACK-STATE-COMPAT criterion=length — title is 72 words; want 3..=25
2026-06-10T07:08:01.4533178Z   [must] requirement_quality REQ-HAZARD-SUDO-SECURE-PATH criterion=length — title is 43 words; want 3..=25
2026-06-10T07:08:01.4534037Z   [must] requirement_quality REQ-HAZARD-WAN-ORIGIN-AUTH criterion=length — title is 37 words; want 3..=25
2026-06-10T07:08:01.4534761Z   [must] requirement_quality REQ-INST-15 criterion=length — title is 32 words; want 3..=25
2026-06-10T07:08:01.4535503Z   [must] requirement_quality REQ-INSTALL-2 criterion=length — title is 2 word(s); want 3..=25
2026-06-10T07:08:01.4536601Z   [must] requirement_quality REQ-INSTALL-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4537337Z   [must] requirement_quality REQ-INSTALL-6 criterion=length — title is 56 words; want 3..=25
2026-06-10T07:08:01.4538544Z   [must] requirement_quality REQ-INSTALL-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4539353Z   [must] requirement_quality REQ-INSTALL-7 criterion=length — title is 50 words; want 3..=25
2026-06-10T07:08:01.4540096Z   [must] requirement_quality REQ-INSTALL-8 criterion=length — title is 55 words; want 3..=25
2026-06-10T07:08:01.4541196Z   [must] requirement_quality REQ-MANIFEST-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4541925Z   [must] requirement_quality REQ-MESH-1 criterion=length — title is 86 words; want 3..=25
2026-06-10T07:08:01.4542903Z   [must] requirement_quality REQ-MESH-2 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4543615Z   [must] requirement_quality REQ-MESH-2 criterion=length — title is 120 words; want 3..=25
2026-06-10T07:08:01.4544607Z   [must] requirement_quality REQ-MESH-3 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4545321Z   [must] requirement_quality REQ-MESH-3 criterion=length — title is 86 words; want 3..=25
2026-06-10T07:08:01.4546303Z   [must] requirement_quality REQ-MESH-4 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4546999Z   [must] requirement_quality REQ-MESH-4 criterion=length — title is 99 words; want 3..=25
2026-06-10T07:08:01.4548120Z   [must] requirement_quality REQ-MESH-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4548812Z   [must] requirement_quality REQ-MESH-5 criterion=length — title is 72 words; want 3..=25
2026-06-10T07:08:01.4549851Z   [must] requirement_quality REQ-MESH-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4550532Z   [must] requirement_quality REQ-MESH-6 criterion=length — title is 56 words; want 3..=25
2026-06-10T07:08:01.4551569Z   [must] requirement_quality REQ-MIGRATE-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4552233Z   [must] requirement_quality REQ-MSG-4 criterion=length — title is 31 words; want 3..=25
2026-06-10T07:08:01.4553213Z   [must] requirement_quality REQ-PAIR-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4553898Z   [must] requirement_quality REQ-PAIR-8 criterion=length — title is 67 words; want 3..=25
2026-06-10T07:08:01.4554904Z   [must] requirement_quality REQ-PRES-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4555763Z   [must] requirement_quality REQ-PRES-1 criterion=length — title is 48 words; want 3..=25
2026-06-10T07:08:01.4556553Z   [must] requirement_quality REQ-SEAM-SPAWN criterion=length — title is 2 word(s); want 3..=25
2026-06-10T07:08:01.4557253Z   [must] requirement_quality REQ-SHELL-1 criterion=length — title is 36 words; want 3..=25
2026-06-10T07:08:01.4557974Z   [must] requirement_quality REQ-SHELL-2 criterion=length — title is 49 words; want 3..=25
2026-06-10T07:08:01.4558680Z   [must] requirement_quality REQ-STORE-1 criterion=length — title is 34 words; want 3..=25
2026-06-10T07:08:01.4559482Z   [must] requirement_quality REQ-SUBNET-5 criterion=length — title is 52 words; want 3..=25
2026-06-10T07:08:01.4560487Z   [must] requirement_quality REQ-SUBNET-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4561235Z   [must] requirement_quality REQ-SUBNET-6 criterion=length — title is 38 words; want 3..=25
2026-06-10T07:08:01.4562254Z   [must] requirement_quality REQ-SUBNET-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4562968Z   [must] requirement_quality REQ-SUBNET-7 criterion=length — title is 75 words; want 3..=25
2026-06-10T07:08:01.4563692Z   [must] requirement_quality REQ-SUBNET-8 criterion=length — title is 53 words; want 3..=25
2026-06-10T07:08:01.4564868Z   [must] requirement_quality REQ-UPD-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4565850Z   [must] requirement_quality REQ-UPD-6 criterion=length — title is 32 words; want 3..=25
2026-06-10T07:08:01.4566907Z   [must] requirement_quality REQ-UPD-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4567619Z   [must] requirement_quality REQ-UPD-7 criterion=length — title is 88 words; want 3..=25
2026-06-10T07:08:01.4568597Z   [must] requirement_quality REQ-UPD-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T07:08:01.4569360Z   [must] requirement_quality REQ-UPD-8 criterion=length — title is 115 words; want 3..=25
2026-06-10T07:08:01.4569403Z 
2026-06-10T07:08:01.4569722Z # Requirement quality review
2026-06-10T07:08:01.4569760Z 
2026-06-10T07:08:01.4570366Z You are reviewing 181 requirement(s) from `traceable-reqs.toml` against a quality
2026-06-10T07:08:01.4571005Z rubric. Deterministic checks (length, contains-and, tbd-todo, duplicate-titles,
2026-06-10T07:08:01.4571610Z trailing-etc) have already run and surfaced as `requirement_quality` findings on
2026-06-10T07:08:01.4572055Z this command's output. Your task is the rubric items below.
2026-06-10T07:08:01.4572094Z 
2026-06-10T07:08:01.4572374Z ## Rubric
2026-06-10T07:08:01.4572409Z 
2026-06-10T07:08:01.4573252Z - **singular** — describes one capability; no smuggled "and"/"or" across distinct actions.
2026-06-10T07:08:01.4573882Z - **verifiable** — states an observable behavior a test or reviewer could confirm.
2026-06-10T07:08:01.4574456Z - **atomic** — cannot be split into two requirements without losing meaning.
2026-06-10T07:08:01.4574870Z - **active-voice** — clear subject and active verb.
2026-06-10T07:08:01.4574903Z 
2026-06-10T07:08:01.4575528Z If a criterion is borderline or doesn't apply, abstain — only emit findings for
2026-06-10T07:08:01.4575847Z clear concerns.
2026-06-10T07:08:01.4575880Z 
2026-06-10T07:08:01.4576172Z ## Requirements
2026-06-10T07:08:01.4576205Z 
2026-06-10T07:08:01.4576496Z ### REQ-ARCH-1
2026-06-10T07:08:01.4576874Z - Title: Many small acyclically-layered crates
2026-06-10T07:08:01.4577172Z - Required stages: impl
2026-06-10T07:08:01.4577205Z 
2026-06-10T07:08:01.4577501Z ### REQ-ARCH-2
2026-06-10T07:08:01.4577954Z - Title: Public SDK surface is spt-proto, spt-runtime, spt-msg
2026-06-10T07:08:01.4578274Z - Required stages: impl
2026-06-10T07:08:01.4578312Z 
2026-06-10T07:08:01.4578584Z ### REQ-ARCH-3
2026-06-10T07:08:01.4579228Z - Title: Wire-protocol version independent of crate semver, N-1 compat window
2026-06-10T07:08:01.4579545Z - Required stages: impl, unit
2026-06-10T07:08:01.4579582Z 
2026-06-10T07:08:01.4579873Z ### REQ-ARCH-4
2026-06-10T07:08:01.4580363Z - Title: Copy-verbatim the commodity layer from the sister project
2026-06-10T07:08:01.4580678Z - Required stages: impl, unit
2026-06-10T07:08:01.4580737Z 
2026-06-10T07:08:01.4581031Z ### REQ-DAEMON-1
2026-06-10T07:08:01.4581508Z - Title: One per-machine spt-daemon owning all per-machine state
2026-06-10T07:08:01.4581832Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4581865Z 
2026-06-10T07:08:01.4582156Z ### REQ-DAEMON-2
2026-06-10T07:08:01.4582548Z - Title: Broker/brain split for seamless self-update
2026-06-10T07:08:01.4582877Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4582916Z 
2026-06-10T07:08:01.4583211Z ### REQ-DAEMON-3
2026-06-10T07:08:01.4583656Z - Title: Any api invocation auto-starts the daemon if absent
2026-06-10T07:08:01.4583975Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4584004Z 
2026-06-10T07:08:01.4584280Z ### REQ-DAEMON-4
2026-06-10T07:08:01.4584643Z - Title: Honor every KNOWN-HAZARDS invariant
2026-06-10T07:08:01.4584960Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4584993Z 
2026-06-10T07:08:01.4585278Z ### REQ-STORE-1
2026-06-10T07:08:01.4587847Z - Title: spt-store::BranchStore (git branch as versioned KV; commit=checkpoint/tip=resume, atomic multi-key, merge-native sync) is the substrate for coarse/durable/audited state (context, registry snapshot+distribution, daemon checkpoint); hot paths (B5 fsync journal) + indexed queries (SQLite spool) excluded (ADR-0011)
2026-06-10T07:08:01.4588290Z - Required stages: impl, unit
2026-06-10T07:08:01.4588328Z 
2026-06-10T07:08:01.4588628Z ### REQ-MANIFEST-1
2026-06-10T07:08:01.4589210Z - Title: Per-adapter manifest with adapter_name and min_spt_core_version
2026-06-10T07:08:01.4589558Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4589592Z 
2026-06-10T07:08:01.4589887Z ### REQ-SEAM-SPAWN
2026-06-10T07:08:01.4590194Z - Title: spawn-session seam
2026-06-10T07:08:01.4590509Z - Required stages: impl, unit
2026-06-10T07:08:01.4590542Z 
2026-06-10T07:08:01.4590837Z ### REQ-SEAM-POSTSPAWN
2026-06-10T07:08:01.4591228Z - Title: post-spawn / api bind seam with boot nonce
2026-06-10T07:08:01.4591553Z - Required stages: impl, unit
2026-06-10T07:08:01.4591596Z 
2026-06-10T07:08:01.4591892Z ### REQ-SEAM-PSYCHE
2026-06-10T07:08:01.4592298Z - Title: spawn-psyche seam (fresh + resume templates)
2026-06-10T07:08:01.4592617Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4592650Z 
2026-06-10T07:08:01.4592949Z ### REQ-SEAM-HISTORY
2026-06-10T07:08:01.4593466Z - Title: History subsystem (fetcher / locate-normalize / native store)
2026-06-10T07:08:01.4593795Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4593824Z 
2026-06-10T07:08:01.4594244Z ### REQ-SEAM-ACTIVITY
2026-06-10T07:08:01.4594764Z - Title: Activity/idle reported via api sentinels, not PTY quiescence
2026-06-10T07:08:01.4595084Z - Required stages: impl, unit
2026-06-10T07:08:01.4595118Z 
2026-06-10T07:08:01.4595410Z ### REQ-SEAM-INJECT
2026-06-10T07:08:01.4595882Z - Title: inject-input methods configurable per activity-state
2026-06-10T07:08:01.4596205Z - Required stages: impl, unit
2026-06-10T07:08:01.4596239Z 
2026-06-10T07:08:01.4596524Z ### REQ-SEAM-RESUME
2026-06-10T07:08:01.4597059Z - Title: resume-session seam (fresh-with-preload / continue-existing)
2026-06-10T07:08:01.4597369Z - Required stages: impl, unit
2026-06-10T07:08:01.4597403Z 
2026-06-10T07:08:01.4597708Z ### REQ-SEAM-CAPABILITY
2026-06-10T07:08:01.4598122Z - Title: Hostable endpoint-types capability declaration
2026-06-10T07:08:01.4598437Z - Required stages: impl, unit
2026-06-10T07:08:01.4598469Z 
2026-06-10T07:08:01.4598760Z ### REQ-SEAM-UPDATE
2026-06-10T07:08:01.4599294Z - Title: Adapter-update avenue (file-pull / delegated command)
2026-06-10T07:08:01.4599623Z - Required stages: impl, unit
2026-06-10T07:08:01.4599657Z 
2026-06-10T07:08:01.4599962Z ### REQ-API-1
2026-06-10T07:08:01.4600437Z - Title: api prefix and adapter_name on every machinery invocation
2026-06-10T07:08:01.4600759Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4600797Z 
2026-06-10T07:08:01.4601074Z ### REQ-API-2
2026-06-10T07:08:01.4601665Z - Title: The api subcommand surface (bind/listen/poll/state/worker/boundary/...)
2026-06-10T07:08:01.4601999Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4602037Z 
2026-06-10T07:08:01.4602304Z ### REQ-API-3
2026-06-10T07:08:01.4602704Z - Title: commune/signoff are file-drops, not commands
2026-06-10T07:08:01.4603014Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4603052Z 
2026-06-10T07:08:01.4603337Z ### REQ-START-1
2026-06-10T07:08:01.4603894Z - Title: Adapters never resolve SPT_HOME; binary on PATH; api bridging only
2026-06-10T07:08:01.4604208Z - Required stages: impl, unit
2026-06-10T07:08:01.4604255Z 
2026-06-10T07:08:01.4604547Z ### REQ-START-2
2026-06-10T07:08:01.4604942Z - Title: Harness-hosted startup: api seed then listen
2026-06-10T07:08:01.4605271Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4605299Z 
2026-06-10T07:08:01.4605591Z ### REQ-START-3
2026-06-10T07:08:01.4606076Z - Title: spt-hosted startup: spawn-session then api bind (no file)
2026-06-10T07:08:01.4606399Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4606432Z 
2026-06-10T07:08:01.4606822Z ### REQ-START-4
2026-06-10T07:08:01.4607217Z - Title: Adapter-injected env aliases (SPT/OWL/LIVE)
2026-06-10T07:08:01.4607532Z - Required stages: impl, unit
2026-06-10T07:08:01.4607566Z 
2026-06-10T07:08:01.4607852Z ### REQ-EP-1
2026-06-10T07:08:01.4608230Z - Title: Day-one endpoint types; open type system
2026-06-10T07:08:01.4608540Z - Required stages: impl, unit
2026-06-10T07:08:01.4608578Z 
2026-06-10T07:08:01.4608867Z ### REQ-EP-2
2026-06-10T07:08:01.4609410Z - Title: Agent endpoints vs Shells distinction in the type model
2026-06-10T07:08:01.4609743Z - Required stages: impl, unit
2026-06-10T07:08:01.4609777Z 
2026-06-10T07:08:01.4610063Z ### REQ-EP-3
2026-06-10T07:08:01.4610593Z - Title: Messaging payloads carry typed operation commands + file blobs
2026-06-10T07:08:01.4610912Z - Required stages: impl, unit
2026-06-10T07:08:01.4610945Z 
2026-06-10T07:08:01.4611221Z ### REQ-EP-4
2026-06-10T07:08:01.4611648Z - Title: PresenceChannel broker endpoint (seam day-one)
2026-06-10T07:08:01.4611962Z - Required stages: impl, unit
2026-06-10T07:08:01.4612010Z 
2026-06-10T07:08:01.4612286Z ### REQ-EP-5
2026-06-10T07:08:01.4614247Z - Title: Concrete shell instantiation model: spawn-mints-instance (vs relink/online), registered-on-node permission + broadcast-is-discovery, per-shell require_approval gate, max_instances_per_owner + over_cap, instance aliasing, discovery scope
2026-06-10T07:08:01.4614567Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4614601Z 
2026-06-10T07:08:01.4614887Z ### REQ-INST-1
2026-06-10T07:08:01.4615488Z - Title: endpoint ID vs instance split (adapter-agnostic ID)
2026-06-10T07:08:01.4615783Z - Required stages: 
2026-06-10T07:08:01.4615817Z 
2026-06-10T07:08:01.4616088Z ### REQ-INST-2
2026-06-10T07:08:01.4616436Z - Title: Per-node files, synced Psyche mind
2026-06-10T07:08:01.4616748Z - Required stages: impl, unit
2026-06-10T07:08:01.4616786Z 
2026-06-10T07:08:01.4617068Z ### REQ-INST-3
2026-06-10T07:08:01.4617487Z - Title: Dormant (warm) / suspended (cold) resting states
2026-06-10T07:08:01.4617816Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4617855Z 
2026-06-10T07:08:01.4618131Z ### REQ-INST-4
2026-06-10T07:08:01.4618631Z - Title: active to dormant/suspended fires a transition echo commune
2026-06-10T07:08:01.4618946Z - Required stages: impl, unit
2026-06-10T07:08:01.4619027Z 
2026-06-10T07:08:01.4619298Z ### REQ-INST-5
2026-06-10T07:08:01.4619804Z - Title: Two-tier context sync (live to all, project to same-project)
2026-06-10T07:08:01.4620129Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4620167Z 
2026-06-10T07:08:01.4620458Z ### REQ-INST-6
2026-06-10T07:08:01.4620981Z - Title: Deferred messages not delivered to dormant/suspended instances
2026-06-10T07:08:01.4621311Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4621344Z 
2026-06-10T07:08:01.4621623Z ### REQ-INST-7
2026-06-10T07:08:01.4622012Z - Title: Subnet registry + bare-id resolution policy
2026-06-10T07:08:01.4622337Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4622371Z 
2026-06-10T07:08:01.4622652Z ### REQ-INST-8
2026-06-10T07:08:01.4623090Z - Title: Remote-control mode distinct from local operation
2026-06-10T07:08:01.4623414Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4623448Z 
2026-06-10T07:08:01.4623724Z ### REQ-INST-9
2026-06-10T07:08:01.4624255Z - Title: Multi-subnet membership (same-user N subnets; cross-user seam)
2026-06-10T07:08:01.4624610Z - Required stages: impl, unit
2026-06-10T07:08:01.4624643Z 
2026-06-10T07:08:01.4624933Z ### REQ-INST-10
2026-06-10T07:08:01.4625567Z - Title: Qualified addressing [subnet:]id[@node] + ambiguity forces qualification
2026-06-10T07:08:01.4625877Z - Required stages: impl, unit
2026-06-10T07:08:01.4625910Z 
2026-06-10T07:08:01.4626197Z ### REQ-INST-11
2026-06-10T07:08:01.4626798Z - Title: spt rename <id> rippled to all instances (collision-checked, 6.5-reconciled)
2026-06-10T07:08:01.4627119Z - Required stages: impl, unit
2026-06-10T07:08:01.4627153Z 
2026-06-10T07:08:01.4627437Z ### REQ-INST-12
2026-06-10T07:08:01.4628271Z - Title: Endpoint visibility per-(endpoint,subnet): excluded semantics, OR-of-defaults + override, gates sync
2026-06-10T07:08:01.4628701Z - Required stages: impl, unit
2026-06-10T07:08:01.4628735Z 
2026-06-10T07:08:01.4629097Z ### REQ-INST-13
2026-06-10T07:08:01.4629631Z - Title: Subnet-exclusive sync + per-endpoint subnet-membership list
2026-06-10T07:08:01.4629953Z - Required stages: impl, unit
2026-06-10T07:08:01.4629982Z 
2026-06-10T07:08:01.4630263Z ### REQ-INST-14
2026-06-10T07:08:01.4631394Z - Title: Resource advertisement (subnet resource registry): free-text blurb, both-authored, registry projection, visibility/whitelist-gated
2026-06-10T07:08:01.4631728Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4631760Z 
2026-06-10T07:08:01.4632051Z ### REQ-INST-15
2026-06-10T07:08:01.4634176Z - Title: Immutable home subnet (assigned at creation: auto-if-one/ask-if-many) + spt fork (cross-subnet clone to a new identity, copy-then-diverge, not re-home); adapter chosen at creation from registered hostable adapters, changed only via launch/resume-under-new (ADR-0010)
2026-06-10T07:08:01.4634510Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4634543Z 
2026-06-10T07:08:01.4634825Z ### REQ-REACH-1
2026-06-10T07:08:01.4635245Z - Title: Off-node remote-drive detection + file transfer
2026-06-10T07:08:01.4635570Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4635607Z 
2026-06-10T07:08:01.4635894Z ### REQ-REACH-2
2026-06-10T07:08:01.4636331Z - Title: Remote command execution (deferred, consent-gated)
2026-06-10T07:08:01.4636752Z - Required stages: 
2026-06-10T07:08:01.4636790Z 
2026-06-10T07:08:01.4637067Z ### REQ-MSG-1
2026-06-10T07:08:01.4638408Z - Title: Local message delivery: TCP-first to a registered address, spool fallback when offline; id->address via registry (stale-clean first); reply routing (__REPLY_TO__)
2026-06-10T07:08:01.4638736Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4638770Z 
2026-06-10T07:08:01.4639189Z ### REQ-MSG-2
2026-06-10T07:08:01.4639963Z - Title: spt binary CLI surface: send/ring/ready(+--once)/list/stop/whoami, stable arg shapes + exit codes
2026-06-10T07:08:01.4640287Z - Required stages: impl, unit
2026-06-10T07:08:01.4640325Z 
2026-06-10T07:08:01.4640609Z ### REQ-MSG-3
2026-06-10T07:08:01.4641715Z - Title: Ready-agent lifecycle: register perch (info.json + listener + registry address) on ready, drain spooled backlog on startup, clean teardown
2026-06-10T07:08:01.4642026Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4642063Z 
2026-06-10T07:08:01.4642354Z ### REQ-MSG-4
2026-06-10T07:08:01.4644497Z - Title: Listener stream stdout emits EVENT envelope lines (sister-format, ADR-0001): parse the __REPLY_TO__ frame, pass pre-formed typed envelopes through verbatim (no double-wrap), compose <EVENT type="msg" from=…> otherwise, chunk oversized lines into EVENT-PART
2026-06-10T07:08:01.4644845Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4644877Z 
2026-06-10T07:08:01.4645178Z ### REQ-NODE-IDENTITY
2026-06-10T07:08:01.4645810Z - Title: Ed25519 identity primitive: keypair, detached sign/verify, stable pubkey<->hex
2026-06-10T07:08:01.4646148Z - Required stages: impl, unit
2026-06-10T07:08:01.4646186Z 
2026-06-10T07:08:01.4646473Z ### REQ-NET-1
2026-06-10T07:08:01.4646988Z - Title: WAN messaging first-class, behind default-on net feature flag
2026-06-10T07:08:01.4647317Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4647350Z 
2026-06-10T07:08:01.4647627Z ### REQ-NET-2
2026-06-10T07:08:01.4648140Z - Title: n0 relay default + self-host knob + plain-language disclosure
2026-06-10T07:08:01.4648462Z - Required stages: impl
2026-06-10T07:08:01.4648499Z 
2026-06-10T07:08:01.4648786Z ### REQ-NET-3
2026-06-10T07:08:01.4649330Z - Title: Cross-node Psyche sync over P2P replaces gh-repo-sync
2026-06-10T07:08:01.4649639Z - Required stages: impl, unit
2026-06-10T07:08:01.4649673Z 
2026-06-10T07:08:01.4649968Z ### REQ-PAIR-1
2026-06-10T07:08:01.4650297Z - Title: TOTP-seeded SPAKE2 pairing
2026-06-10T07:08:01.4650621Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4650766Z 
2026-06-10T07:08:01.4651064Z ### REQ-PAIR-2
2026-06-10T07:08:01.4651446Z - Title: Local trust store with TOFU + warn-on-change
2026-06-10T07:08:01.4651756Z - Required stages: 
2026-06-10T07:08:01.4651790Z 
2026-06-10T07:08:01.4652070Z ### REQ-PAIR-3
2026-06-10T07:08:01.4652486Z - Title: Fetch current pairing code from any paired node
2026-06-10T07:08:01.4652815Z - Required stages: impl, unit
2026-06-10T07:08:01.4652852Z 
2026-06-10T07:08:01.4653134Z ### REQ-PAIR-4
2026-06-10T07:08:01.4653470Z - Title: Subnet naming on first pairing
2026-06-10T07:08:01.4653775Z - Required stages: impl, unit
2026-06-10T07:08:01.4653804Z 
2026-06-10T07:08:01.4654090Z ### REQ-PAIR-5
2026-06-10T07:08:01.4654957Z - Title: Multi-subnet pairing: subnet-name discovery input, create-new-names-up-front, rendezvous-token hashing
2026-06-10T07:08:01.4655305Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4655339Z 
2026-06-10T07:08:01.4655630Z ### REQ-PAIR-6
2026-06-10T07:08:01.4656356Z - Title: Elevation-gated per-subnet code fetch (UAC/root or elevated agent; else authenticator app)
2026-06-10T07:08:01.4656690Z - Required stages: impl, unit
2026-06-10T07:08:01.4656723Z 
2026-06-10T07:08:01.4657009Z ### REQ-PAIR-7
2026-06-10T07:08:01.4657471Z - Title: Subnet icon (inline image metadata, GUI-only consumer)
2026-06-10T07:08:01.4657771Z - Required stages: 
2026-06-10T07:08:01.4657809Z 
2026-06-10T07:08:01.4658091Z ### REQ-SUBNET-1
2026-06-10T07:08:01.4659098Z - Title: spt subnet noun namespace: status view (bare + status [NAME] [--nodes]), create (QR/otpauth), show-code; spt pair deleted
2026-06-10T07:08:01.4659528Z - Required stages: impl, unit
2026-06-10T07:08:01.4659566Z 
2026-06-10T07:08:01.4659852Z ### REQ-SUBNET-2
2026-06-10T07:08:01.4660514Z - Title: Guided join e2e: spt subnet join CLI initiator + always-on daemon pairing responder
2026-06-10T07:08:01.4660833Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4660867Z 
2026-06-10T07:08:01.4661158Z ### REQ-SUBNET-3
2026-06-10T07:08:01.4661938Z - Title: Node labels: hostname-default, gossiped, addressable in @node qualifiers (refuse-on-ambiguity)
2026-06-10T07:08:01.4662262Z - Required stages: impl, unit
2026-06-10T07:08:01.4662297Z 
2026-06-10T07:08:01.4662592Z ### REQ-SUBNET-4
2026-06-10T07:08:01.4663426Z - Title: Subnet membership mutations elevation-gated (create = seed reveal; join = trust-boundary enrollment)
2026-06-10T07:08:01.4663751Z - Required stages: impl, unit
2026-06-10T07:08:01.4663784Z 
2026-06-10T07:08:01.4664068Z ### REQ-DOCS-6
2026-06-10T07:08:01.4665002Z - Title: spt how-to <topic>: in-binary task-oriented agent instructions (anti-drift; quickstart prompts point agents at it)
2026-06-10T07:08:01.4665360Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4665407Z 
2026-06-10T07:08:01.4665707Z ### REQ-SEC-1
2026-06-10T07:08:01.4666841Z - Title: Per-endpoint access whitelist: origin-node gate, stateful-firewall (reply/outbound exempt), node-now/user-later, outer gate before grants
2026-06-10T07:08:01.4667149Z - Required stages: impl, unit
2026-06-10T07:08:01.4667178Z 
2026-06-10T07:08:01.4667464Z ### REQ-NOTIF-1
2026-06-10T07:08:01.4668527Z - Title: Notification primitive: per-subnet replicated spool, seen/dismissed, resurface-at-boundary, subsumes update+consent prompts
2026-06-10T07:08:01.4668851Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4668879Z 
2026-06-10T07:08:01.4669217Z ### REQ-NOTIF-2
2026-06-10T07:08:01.4669978Z - Title: spt notify (agent-issued subnet notif) + notif_command manifest seam (harness + shell adapters)
2026-06-10T07:08:01.4670312Z - Required stages: doc, impl, unit, int
2026-06-10T07:08:01.4670351Z 
2026-06-10T07:08:01.4670636Z ### REQ-UPD-1
2026-06-10T07:08:01.4670975Z - Title: Peer-propagated update over P2P
2026-06-10T07:08:01.4671300Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4671338Z 
2026-06-10T07:08:01.4671614Z ### REQ-UPD-2
2026-06-10T07:08:01.4672033Z - Title: All binaries signature-verified before handoff
2026-06-10T07:08:01.4672348Z - Required stages: impl, unit
2026-06-10T07:08:01.4672380Z 
2026-06-10T07:08:01.4672761Z ### REQ-UPD-3
2026-06-10T07:08:01.4673258Z - Title: No endpoint process terminates/suspends during self-update
2026-06-10T07:08:01.4673582Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4673615Z 
2026-06-10T07:08:01.4673897Z ### REQ-UPD-4
2026-06-10T07:08:01.4674410Z - Title: Update gated on user confirmation by default; opt-in full-auto
2026-06-10T07:08:01.4674722Z - Required stages: impl, unit
2026-06-10T07:08:01.4674760Z 
2026-06-10T07:08:01.4675046Z ### REQ-UPD-5
2026-06-10T07:08:01.4675443Z - Title: spt-core ripple-updates registered adapters
2026-06-10T07:08:01.4675753Z - Required stages: impl, unit
2026-06-10T07:08:01.4675792Z 
2026-06-10T07:08:01.4676077Z ### REQ-UPD-6
2026-06-10T07:08:01.4678529Z - Title: Platform-targeted update sets and debug rollout: signed multi-platform update metadata, recipient platform selection, channel-scoped monotonic counters, debug-channel opt-in via release-key overlay, local staging plus pull-based peer propagation, and maintainer-only convergence tooling (ADR-0016)
2026-06-10T07:08:01.4678877Z - Required stages: doc, impl, unit, int
2026-06-10T07:08:01.4678901Z 
2026-06-10T07:08:01.4679240Z ### REQ-UPD-7
2026-06-10T07:08:01.4684782Z - Title: Origin-source update bootstrap (`spt update fetch`): pull the latest signed release directly from the GitHub release origin (`SaberMage/spt-releases`) — the per-platform artifact + its `<asset>.release.json` SignedRelease metadata — and stage it through the EXISTING verify→stage pipeline (the same `plan_verified` gate: two-key signature + channel + monotonic rollback floor + SHA-256), after which the normal consent-notif / `spt update apply` flow is unchanged. Closes the peer-only-discovery gap (REQ-UPD-1): a first-in-fleet / isolated node can update with no peer to pull from. The signed-release anchor keeps the GitHub transport untrusted-but-verified.
2026-06-10T07:08:01.4685250Z - Required stages: impl, unit
2026-06-10T07:08:01.4685282Z 
2026-06-10T07:08:01.4685573Z ### REQ-UPD-8
2026-06-10T07:08:01.4692448Z - Title: Platform-safe `spt update fetch` + apply platform-guard (v0.3.1 cross-OS brick fix): `spt update fetch` stages the signed multi-platform `SignedUpdateSet` (`update-set.json` + every platform artifact it names), never a platform-blind single `SignedRelease`, so local apply selects `current_platform()` and P2P re-serve lets each peer select ITS own platform. Defense-in-depth: `apply_staged` REFUSES a staged single-release artifact unless it is platform-stamped for THIS node (an unstamped pre-v0.3.2 single, or a single stamped for another OS, fail-safe refuses — the guard that alone prevents the v0.3.1 brick where a Linux ELF was applied as `spt.exe`). UX: a friendly post-apply message (`Updated spt-core to vX.Y.Z.` + changelog URL) driven by an additive `product_version` metadata field, with a release-counter fallback when absent.
2026-06-10T07:08:01.4692815Z - Required stages: impl, unit
2026-06-10T07:08:01.4692848Z 
2026-06-10T07:08:01.4693135Z ### REQ-TERM-1
2026-06-10T07:08:01.4693624Z - Title: Process-supervisor terminal wrapper hosting broker PTYs
2026-06-10T07:08:01.4693953Z - Required stages: impl, unit
2026-06-10T07:08:01.4693987Z 
2026-06-10T07:08:01.4694272Z ### REQ-TERM-2
2026-06-10T07:08:01.4694787Z - Title: session-surface abstraction; send-keys + send-line injection
2026-06-10T07:08:01.4695116Z - Required stages: impl, unit
2026-06-10T07:08:01.4695150Z 
2026-06-10T07:08:01.4695431Z ### REQ-TERM-3
2026-06-10T07:08:01.4695833Z - Title: Byte-stream remote terminal streaming for v1
2026-06-10T07:08:01.4696167Z - Required stages: impl, unit
2026-06-10T07:08:01.4696205Z 
2026-06-10T07:08:01.4696491Z ### REQ-TERM-4
2026-06-10T07:08:01.4697736Z - Title: Live activity buffer (PTY digest): adapter-supplied patterns over broker PTY, spt digest pull + delta-stream, opt-in Path-B log
2026-06-10T07:08:01.4698070Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4698113Z 
2026-06-10T07:08:01.4698440Z ### REQ-FRONT-1
2026-06-10T07:08:01.4699034Z - Title: Day-one launcher/manager frontend (list/launch/attach/init)
2026-06-10T07:08:01.4699464Z - Required stages: 
2026-06-10T07:08:01.4699502Z 
2026-06-10T07:08:01.4699798Z ### REQ-INSTALL-1
2026-06-10T07:08:01.4700350Z - Title: Two install paths; signed one-line script; OS-service registration
2026-06-10T07:08:01.4700670Z - Required stages: doc, impl, int
2026-06-10T07:08:01.4700704Z 
2026-06-10T07:08:01.4700988Z ### REQ-INSTALL-2
2026-06-10T07:08:01.4701391Z - Title: Marketplace-repackaging-friendly install
2026-06-10T07:08:01.4701702Z - Required stages: doc
2026-06-10T07:08:01.4701735Z 
2026-06-10T07:08:01.4702021Z ### REQ-INSTALL-3
2026-06-10T07:08:01.4702431Z - Title: Idempotent + interactive-optional first run
2026-06-10T07:08:01.4702751Z - Required stages: impl, int
2026-06-10T07:08:01.4702783Z 
2026-06-10T07:08:01.4703074Z ### REQ-INSTALL-4
2026-06-10T07:08:01.4704915Z - Title: Adapter registration lifecycle: spt adapter add (--github, manifest-first, install-is-first-update) + soft-deregister remove + optional manifest uninstall template; node-local registered-adapter set self-update ripples over
2026-06-10T07:08:01.4705254Z - Required stages: impl, unit
2026-06-10T07:08:01.4705287Z 
2026-06-10T07:08:01.4705583Z ### REQ-MIGRATE-1
2026-06-10T07:08:01.4706057Z - Title: Auto-detect and migrate a legacy claude_skill_owl install
2026-06-10T07:08:01.4706365Z - Required stages: 
2026-06-10T07:08:01.4706398Z 
2026-06-10T07:08:01.4706693Z ### REQ-INFRA-1
2026-06-10T07:08:01.4707200Z - Title: GitHub issue tracking for v1; tangled.org as migration target
2026-06-10T07:08:01.4707605Z - Required stages: 
2026-06-10T07:08:01.4707638Z 
2026-06-10T07:08:01.4707920Z ### REQ-INSTALL-5
2026-06-10T07:08:01.4709447Z - Title: Non-interactive install path: the canonical one-liner doubles as every adapter's pack-in on-demand install (no second mechanism); sha256-verified fetch; user-PATH registration
2026-06-10T07:08:01.4709767Z - Required stages: impl, int
2026-06-10T07:08:01.4709805Z 
2026-06-10T07:08:01.4710081Z ### REQ-REL-1
2026-06-10T07:08:01.4711230Z - Title: spt-releases publish-target repo: README public face, licensing split, Pages docs at the permanent lapse-proof canonical URL (ADR-0014)
2026-06-10T07:08:01.4711553Z - Required stages: doc, impl
2026-06-10T07:08:01.4711586Z 
2026-06-10T07:08:01.4711879Z ### REQ-REL-2
2026-06-10T07:08:01.4713291Z - Title: Release asset set consumable by the self-updater: platform binaries, SHA256SUMS, SignedRelease metadata, manifest schema, mock-adapter zip; tag-triggered cross-repo pipeline
2026-06-10T07:08:01.4713602Z - Required stages: impl, int
2026-06-10T07:08:01.4713634Z 
2026-06-10T07:08:01.4713907Z ### REQ-REL-3
2026-06-10T07:08:01.4715174Z - Title: Two-key release-signing trust anchor: primary + offline never-used recovery, both pubkeys embedded in the binary's trusted set, manual local signing (ADR-0015)
2026-06-10T07:08:01.4715494Z - Required stages: impl, unit
2026-06-10T07:08:01.4715527Z 
2026-06-10T07:08:01.4715804Z ### REQ-DOCS-1
2026-06-10T07:08:01.4716370Z - Title: Dual-audience docs (human + AI dev-agent), markdown once / two depths
2026-06-10T07:08:01.4716703Z - Required stages: doc, impl
2026-06-10T07:08:01.4716732Z 
2026-06-10T07:08:01.4717015Z ### REQ-DOCS-2
2026-06-10T07:08:01.4717507Z - Title: Sub-10-minute runnable killer quickstart per audience
2026-06-10T07:08:01.4717812Z - Required stages: doc, int
2026-06-10T07:08:01.4717850Z 
2026-06-10T07:08:01.4718136Z ### REQ-DOCS-3
2026-06-10T07:08:01.4718598Z - Title: Diátaxis structure; one canonical way to do X
2026-06-10T07:08:01.4718889Z - Required stages: doc
2026-06-10T07:08:01.4719029Z 
2026-06-10T07:08:01.4719325Z ### REQ-DOCS-4
2026-06-10T07:08:01.4719887Z - Title: Agent-consumable layer (llms.txt, manifest schema, MCP, CLI help)
2026-06-10T07:08:01.4720211Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4720245Z 
2026-06-10T07:08:01.4720531Z ### REQ-DOCS-5
2026-06-10T07:08:01.4721084Z - Title: Anti-drift: rustdoc/schema/exports/CLI-help generated + CI-checked
2026-06-10T07:08:01.4721399Z - Required stages: impl, int
2026-06-10T07:08:01.4721432Z 
2026-06-10T07:08:01.4721910Z ### REQ-HAZARD-GRACE-BEFORE-SIGNOFF
2026-06-10T07:08:01.4722449Z - Title: Grace-period wait completes before composing INIT_SIGNOFF (1.1)
2026-06-10T07:08:01.4722764Z - Required stages: impl, unit
2026-06-10T07:08:01.4722802Z 
2026-06-10T07:08:01.4723122Z ### REQ-HAZARD-INFO-JSON-TORN-READ
2026-06-10T07:08:01.4723598Z - Title: State-file reads tolerate concurrent writes (1.2)
2026-06-10T07:08:01.4723918Z - Required stages: impl, unit
2026-06-10T07:08:01.4723956Z 
2026-06-10T07:08:01.4724271Z ### REQ-HAZARD-STALE-INDEX-LOCK
2026-06-10T07:08:01.4724652Z - Title: Sweep stale lockfiles on daemon boot (1.3)
2026-06-10T07:08:01.4724961Z - Required stages: impl, unit
2026-06-10T07:08:01.4724999Z 
2026-06-10T07:08:01.4725314Z ### REQ-HAZARD-DEFERRED-DRAIN
2026-06-10T07:08:01.4725886Z - Title: Deferred spool rows excluded from the event-stream drain (1.4)
2026-06-10T07:08:01.4726336Z - Required stages: impl, unit
2026-06-10T07:08:01.4726364Z 
2026-06-10T07:08:01.4726679Z ### REQ-HAZARD-WORKER-PATH
2026-06-10T07:08:01.4727211Z - Title: Single source of truth for Worker/Psyche perch location (1.5)
2026-06-10T07:08:01.4727528Z - Required stages: impl, unit
2026-06-10T07:08:01.4727561Z 
2026-06-10T07:08:01.4727914Z ### REQ-HAZARD-PARENT-PID-PREFER
2026-06-10T07:08:01.4728448Z - Title: Prefer stable parent PID / broker handle over ephemeral PID (2.1)
2026-06-10T07:08:01.4728744Z - Required stages: 
2026-06-10T07:08:01.4728776Z 
2026-06-10T07:08:01.4729173Z ### REQ-HAZARD-STDIN-SESSION-ID
2026-06-10T07:08:01.4729750Z - Title: Stdin session_id precedence over env (2.2)
2026-06-10T07:08:01.4730092Z - Required stages: 
2026-06-10T07:08:01.4730125Z 
2026-06-10T07:08:01.4730442Z ### REQ-HAZARD-HANDOFF-ARGV-COMPAT
2026-06-10T07:08:01.4730925Z - Title: Broker/brain IPC + handoff argv version-tolerant (2.3)
2026-06-10T07:08:01.4731254Z - Required stages: impl, unit
2026-06-10T07:08:01.4731287Z 
2026-06-10T07:08:01.4731592Z ### REQ-HAZARD-GEN-START-NOW
2026-06-10T07:08:01.4732012Z - Title: gen_start = now() on cold-start and handoff (2.4)
2026-06-10T07:08:01.4732341Z - Required stages: impl, int
2026-06-10T07:08:01.4732375Z 
2026-06-10T07:08:01.4732702Z ### REQ-HAZARD-EPHEMERAL-CLEANUP
2026-06-10T07:08:01.4733158Z - Title: Ephemeral perch cleanup on every ring exit path (3.1)
2026-06-10T07:08:01.4733477Z - Required stages: impl, unit
2026-06-10T07:08:01.4733511Z 
2026-06-10T07:08:01.4733844Z ### REQ-HAZARD-STALE-SIGNOFF-SENTINEL
2026-06-10T07:08:01.4742419Z - Title: Stale signoff sentinel does not kill a fresh start (3.2)
2026-06-10T07:08:01.4742906Z - Required stages: impl, unit
2026-06-10T07:08:01.4742940Z 
2026-06-10T07:08:01.4743271Z ### REQ-HAZARD-ECHO-BEFORE-SIGNOFF
2026-06-10T07:08:01.4743832Z - Title: Echo-commune fires before INIT_SIGNOFF on orphan teardown (3.3)
2026-06-10T07:08:01.4744156Z - Required stages: impl, unit
2026-06-10T07:08:01.4744189Z 
2026-06-10T07:08:01.4744533Z ### REQ-HAZARD-ENVELOPE-DECODE-ORDER
2026-06-10T07:08:01.4744986Z - Title: Envelope decode order, ampersand decoded last (4.1)
2026-06-10T07:08:01.4745310Z - Required stages: impl, unit
2026-06-10T07:08:01.4745348Z 
2026-06-10T07:08:01.4745696Z ### REQ-HAZARD-ENVELOPE-CR-LINESAFE
2026-06-10T07:08:01.4750714Z - Title: Envelope CR-linesafety (4.1): the line-framed EVENT codec must neutralize raw carriage returns — `event_body_escape` folds CRLF/lone-CR to the codec's representable linebreak (`\n`→`<br>`) BEFORE framing, so a body carrying `\r` (Windows `echo`/CRLF text crossing nodes) cannot survive into the single-line envelope and trigger a receiver terminal CR→col0 overwrite that corrupts the frame. Robustness on unrepresentable input, NOT a wire-format change (decoder untouched, amp-last invariant held). Belt-and-suspenders: `spt send`/`ring` also trim stdin (parity with `notify`).
2026-06-10T07:08:01.4751080Z - Required stages: impl, unit
2026-06-10T07:08:01.4751118Z 
2026-06-10T07:08:01.4751458Z ### REQ-HAZARD-ENVELOPE-PARSER-SAFE
2026-06-10T07:08:01.4751950Z - Title: Two-slice envelope parser is panic-free and tolerant (4.2)
2026-06-10T07:08:01.4752449Z - Required stages: impl, unit
2026-06-10T07:08:01.4752483Z 
2026-06-10T07:08:01.4752817Z ### REQ-HAZARD-EVENTPART-REASSEMBLY
2026-06-10T07:08:01.4753427Z - Title: EVENT-PART split/reassembly is byte-exact; orphan parts dropped silently
2026-06-10T07:08:01.4753746Z - Required stages: impl, unit
2026-06-10T07:08:01.4753779Z 
2026-06-10T07:08:01.4754082Z ### REQ-HAZARD-ID-CHARSET
2026-06-10T07:08:01.4754783Z - Title: Addressable-id charset reserves :/@ delimiters; validated at every creation seam (4.6)
2026-06-10T07:08:01.4755122Z - Required stages: impl, unit
2026-06-10T07:08:01.4755156Z 
2026-06-10T07:08:01.4755480Z ### REQ-HAZARD-REGISTRY-STALE-CLEAN
2026-06-10T07:08:01.4756027Z - Title: Stale registry entries degrade to fallback, never hard-fail (4.3)
2026-06-10T07:08:01.4756338Z - Required stages: impl, unit
2026-06-10T07:08:01.4756372Z 
2026-06-10T07:08:01.4756694Z ### REQ-HAZARD-REGISTRY-CONCURRENT
2026-06-10T07:08:01.4757434Z - Title: Concurrent SQLite openers (registry/spool) must not fail with 'database is locked' (4.7)
2026-06-10T07:08:01.4757762Z - Required stages: impl, unit
2026-06-10T07:08:01.4757796Z 
2026-06-10T07:08:01.4758124Z ### REQ-HAZARD-REGISTRY-DIR-CREATE
2026-06-10T07:08:01.4759179Z - Title: SQLite store opens create their parent dir themselves — a fresh-home registry op must not SQLITE_CANTOPEN (4.9)
2026-06-10T07:08:01.4759522Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4759556Z 
2026-06-10T07:08:01.4759885Z ### REQ-HAZARD-REGISTRY-EPOCH-LEASE
2026-06-10T07:08:01.4761302Z - Title: Registry merge ordered by per-node monotonic epoch, never wall-clock — a stale Active can't clobber a newer Offline (4.8, red-team #8)
2026-06-10T07:08:01.4761631Z - Required stages: impl, unit
2026-06-10T07:08:01.4761664Z 
2026-06-10T07:08:01.4762004Z ### REQ-HAZARD-DEFERRED-SURVIVE-DRAIN
2026-06-10T07:08:01.4762385Z - Title: Deferred rows survive poll drain (4.4)
2026-06-10T07:08:01.4762718Z - Required stages: impl, unit
2026-06-10T07:08:01.4762752Z 
2026-06-10T07:08:01.4763100Z ### REQ-HAZARD-INBOX-NO-DOUBLE
2026-06-10T07:08:01.4763483Z - Title: No double-delivery via legacy inbox (4.5)
2026-06-10T07:08:01.4763793Z - Required stages: impl, unit
2026-06-10T07:08:01.4763831Z 
2026-06-10T07:08:01.4764165Z ### REQ-HAZARD-WINDOWS-PID-RECYCLE
2026-06-10T07:08:01.4764613Z - Title: Windows PID-recycling false positives guarded (5.1)
2026-06-10T07:08:01.4764923Z - Required stages: impl, unit
2026-06-10T07:08:01.4764961Z 
2026-06-10T07:08:01.4765271Z ### REQ-HAZARD-EBUSY-RENAME
2026-06-10T07:08:01.4765810Z - Title: tmp-write + atomic-rename + retry on Windows EBUSY (5.2)
2026-06-10T07:08:01.4766134Z - Required stages: impl, unit
2026-06-10T07:08:01.4766168Z 
2026-06-10T07:08:01.4766492Z ### REQ-HAZARD-SUBPROCESS-TIMEOUT
2026-06-10T07:08:01.4766903Z - Title: Every harness/git subprocess has a timeout (5.3)
2026-06-10T07:08:01.4767225Z - Required stages: impl, unit
2026-06-10T07:08:01.4767259Z 
2026-06-10T07:08:01.4767573Z ### REQ-HAZARD-UNC-PATH-STRIP
2026-06-10T07:08:01.4768017Z - Title: Strip Windows UNC prefix on serialized paths (5.4)
2026-06-10T07:08:01.4768332Z - Required stages: impl, unit
2026-06-10T07:08:01.4768375Z 
2026-06-10T07:08:01.4768699Z ### REQ-HAZARD-SINGLE-PATH-SOURCE
2026-06-10T07:08:01.4769328Z - Title: Single path/registry source of truth; no layout ambiguity (6.1)
2026-06-10T07:08:01.4769673Z - Required stages: impl, unit
2026-06-10T07:08:01.4769707Z 
2026-06-10T07:08:01.4770016Z ### REQ-HAZARD-SOFT-CLEANUP
2026-06-10T07:08:01.4770570Z - Title: Soft-cleanup preserves state, removes only the ready marker (6.2)
2026-06-10T07:08:01.4770899Z - Required stages: impl, unit
2026-06-10T07:08:01.4770932Z 
2026-06-10T07:08:01.4771266Z ### REQ-HAZARD-CASCADE-WIPE-GUARD
2026-06-10T07:08:01.4771743Z - Title: No hard-delete of a parent hosting non-empty children (6.3)
2026-06-10T07:08:01.4772053Z - Required stages: impl, unit
2026-06-10T07:08:01.4772092Z 
2026-06-10T07:08:01.4772433Z ### REQ-HAZARD-DROP-FILE-SINGLE-WRITER
2026-06-10T07:08:01.4772856Z - Title: Drop files are daemon-owned single-writer (6.4)
2026-06-10T07:08:01.4773307Z - Required stages: impl, unit
2026-06-10T07:08:01.4773341Z 
2026-06-10T07:08:01.4773680Z ### REQ-HAZARD-DIRECT-WRITE-PRECEDENCE
2026-06-10T07:08:01.4774305Z - Title: Direct-write precedence marker (with node id) guards stale overwrite (6.5)
2026-06-10T07:08:01.4774620Z - Required stages: impl, unit
2026-06-10T07:08:01.4774654Z 
2026-06-10T07:08:01.4775004Z ### REQ-HAZARD-CONFLICT-BOTH-PRESERVED
2026-06-10T07:08:01.4776847Z - Title: A surfaced concurrent context pair is durably preserved (both versions, tracked artifacts) until a strictly dominating write clears it; no reconcile failure path discards an unmerged version (6.6, ADR-0013)
2026-06-10T07:08:01.4777197Z - Required stages: impl, unit
2026-06-10T07:08:01.4777225Z 
2026-06-10T07:08:01.4777569Z ### REQ-HAZARD-DETACHED-PIPE-INHERIT
2026-06-10T07:08:01.4780596Z - Title: Windows detached long-lived children must not inherit a captured caller's pipe: every detach-spawn of an immortal child (daemon, shell binary) runs bInheritHandles=FALSE, or a caller capturing output anywhere up the process chain hangs forever on a pipe that never EOFs — std-handle flag stripping is NOT sufficient (grandparent strays still flow) (5.6)
2026-06-10T07:08:01.4780934Z - Required stages: impl, unit
2026-06-10T07:08:01.4780962Z 
2026-06-10T07:08:01.4781272Z ### REQ-HAZARD-CONPTY-DSR
2026-06-10T07:08:01.4781873Z - Title: ConPTY reader must auto-answer DSR (ESC[6n) or all child output stalls (5.5)
2026-06-10T07:08:01.4782313Z - Required stages: impl, unit
2026-06-10T07:08:01.4782347Z 
2026-06-10T07:08:01.4782671Z ### REQ-HAZARD-CHILD-CONSOLE-FLASH
2026-06-10T07:08:01.4783896Z - Title: Console-subsystem children of the console-less daemon spawn with CREATE_NO_WINDOW, or each spawn flashes a visible blank window on the user's desktop (5.8)
2026-06-10T07:08:01.4784221Z - Required stages: impl, unit
2026-06-10T07:08:01.4784255Z 
2026-06-10T07:08:01.4784570Z ### REQ-HAZARD-INSTANT-UNDERFLOW
2026-06-10T07:08:01.4786231Z - Title: Scheduling never subtracts a Duration from Instant::now() (underflow-panics on a host booted more recently than the offset); 'due now / never run' is Option<Instant>=None gated on forward duration_since only (5.9)
2026-06-10T07:08:01.4786569Z - Required stages: impl, unit
2026-06-10T07:08:01.4786606Z 
2026-06-10T07:08:01.4786921Z ### REQ-HAZARD-SUDO-SECURE-PATH
2026-06-10T07:08:01.4789270Z - Title: Elevation guidance on Unix names the binary's ABSOLUTE path under sudo (a user-local install ~/.local/bin · ~/.cargo/bin is not on sudo's secure_path, so bare `sudo spt` dies 'command not found'); gated commands auto-elevate on an interactive TTY, else print the runnable hint (5.10)
2026-06-10T07:08:01.4789642Z - Required stages: impl, unit
2026-06-10T07:08:01.4789677Z 
2026-06-10T07:08:01.4789982Z ### REQ-HAZARD-LOCAL-API-AUTH
2026-06-10T07:08:01.4790590Z - Title: Every local `api` mutation authenticated to an endpoint/session (codex #13)
2026-06-10T07:08:01.4790883Z - Required stages: impl, unit
2026-06-10T07:08:01.4790931Z 
2026-06-10T07:08:01.4791261Z ### REQ-HAZARD-RESTART-IDEMPOTENT
2026-06-10T07:08:01.4792019Z - Title: Idempotent/exactly-once delivery across brain restart at every broker boundary (codex #14)
2026-06-10T07:08:01.4792338Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4792376Z 
2026-06-10T07:08:01.4792696Z ### REQ-HAZARD-UPDATE-ROLLBACK
2026-06-10T07:08:01.4793438Z - Title: Self-update rejects version rollback; metadata expiry + adapter content signing (codex #5)
2026-06-10T07:08:01.4793779Z - Required stages: impl, unit
2026-06-10T07:08:01.4793813Z 
2026-06-10T07:08:01.4794151Z ### REQ-HAZARD-DAEMON-HOSTED-LIVENESS
2026-06-10T07:08:01.4795416Z - Title: Daemon-hosted perches (Psyche, spt-hosted Self) derive liveness from the daemon endpoint table + info.json status, never is_process_alive(info.pid) (2.5)
2026-06-10T07:08:01.4795755Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4795802Z 
2026-06-10T07:08:01.4796148Z ### REQ-HAZARD-BROKER-PROCESS-ISOLATION
2026-06-10T07:08:01.4803118Z - Title: Broker and brain are separate processes: the broker runs as its own long-lived per-machine process that survives every brain restart, so a routine (brain-only) self-update restarts the brain onto the swapped binary while every hosted endpoint (PTY child, live QUIC conn, listening socket) stays untouched at the PROCESS level. The in-process-thread broker (daemon.rs:165-170) is a regression that silently unrealizes REQ-UPD-3 — apply degrades to an in-process Brain::handoff no-op and new code does not run until an unrelated restart (KNOWN-HAZARDS 6.7). Evidence must prove process-level survival (SPIKE-01/03 productionized as int: PTY child + live QUIC survive a brain-PROCESS restart onto a swapped binary), re-pointing the regression-masked in-process int tags currently on REQ-DAEMON-2 / REQ-UPD-3 (ADR-0018).
2026-06-10T07:08:01.4803579Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4803608Z 
2026-06-10T07:08:01.4803951Z ### REQ-HAZARD-ROLLBACK-STATE-COMPAT
2026-06-10T07:08:01.4808572Z - Title: A brain must not irreversibly migrate durable state before update ready-promotion: the readiness-gated auto-rollback (ADR-0018 Q7) spawns the N-1 binary against durable state the new brain may have written, so every pre-ready write must stay N-1-readable (schema migrations gated behind ready-promotion, or written N-1-tolerant/additive). Else the first in-place schema migration silently bricks rollback (KNOWN-HAZARDS 6.8). Free now — a 2026-06-09 audit confirmed zero state-migration code exists; unmintable retroactively once a migration ships.
2026-06-10T07:08:01.4809076Z - Required stages: doc
2026-06-10T07:08:01.4809114Z 
2026-06-10T07:08:01.4809451Z ### REQ-HAZARD-PSYCHE-OUTBOUND-PROXY
2026-06-10T07:08:01.4811569Z - Title: Psyche outbound captured + sanitized: the live-Psyche turn driver captures stdout (never Stdio::null), and the daemon strips/re-stamps Psyche-supplied from=/target and constrains routing (reply→__REPLY_TO__ sender, notify→own user/subnet) (7.3)
2026-06-10T07:08:01.4811891Z - Required stages: impl, unit
2026-06-10T07:08:01.4811942Z 
2026-06-10T07:08:01.4812285Z ### REQ-HAZARD-DAEMON-SCHED-NONBLOCKING
2026-06-10T07:08:01.4814231Z - Title: Per-agent pulse/psyche/echo-commune scheduling must not serialize across agents: each agent's bounded LLM call (echo-commune summarizer, Psyche turn) runs off the shared scheduler so one slow/hung call cannot stall another agent's tick (7.4)
2026-06-10T07:08:01.4814635Z - Required stages: impl, unit
2026-06-10T07:08:01.4814664Z 
2026-06-10T07:08:01.4815010Z ### REQ-HAZARD-PAIR-TRANSCRIPT-BIND
2026-06-10T07:08:01.4816817Z - Title: Pairing transcript binds roles, both node pubkeys, subnet ID, seed epoch, TOTP time-step, and confirmation MACs — or unknown-key-share/reflection/wrong-subnet/replay pairing remain possible (ADR-0005 #12)
2026-06-10T07:08:01.4817139Z - Required stages: impl, unit
2026-06-10T07:08:01.4817178Z 
2026-06-10T07:08:01.4817495Z ### REQ-HAZARD-PAIR-SEED-ROTATION
2026-06-10T07:08:01.4819203Z - Title: Removing a node rotates the subnet seed (epoch bump) so an old node/old seed cannot rejoin; trust-store delete alone is NOT revocation because the seed is replicated to every trusted node (ADR-0005 #10)
2026-06-10T07:08:01.4819536Z - Required stages: impl, unit
2026-06-10T07:08:01.4819574Z 
2026-06-10T07:08:01.4819893Z ### REQ-HAZARD-PAIR-RATE-LIMIT
2026-06-10T07:08:01.4822228Z - Title: Subnet-global pairing rate limit: one active ceremony per subnet, shared attempt counter, exponential backoff — a public pre-trust relay + multiple seed-holders otherwise enables distributed SPAKE2 guessing (and ±1 TOTP window triples the valid-password space) (ADR-0005 #11)
2026-06-10T07:08:01.4822573Z - Required stages: impl, unit
2026-06-10T07:08:01.4822606Z 
2026-06-10T07:08:01.4822926Z ### REQ-HAZARD-WAN-ORIGIN-AUTH
2026-06-10T07:08:01.4825095Z - Title: WAN-inbound origin is transport truth, never payload: the access gate's subject (ADR-0009 origin-node whitelist) is the QUIC handshake-proven remote node id from the broker's conn/stream table — a forged origin/node field inside record bytes is inert (7.5)
2026-06-10T07:08:01.4825580Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4825618Z 
2026-06-10T07:08:01.4825909Z ### REQ-CONSENT-1
2026-06-10T07:08:01.4828622Z - Title: Consent grant store: capability x subject-agent x target-node rows, enforced at the target node, subnet-settable (replicates as security material near the trust store), revocable; gated-capability ids (remote-exec, instantiate-anywhere) reserved-but-refusing; v1 consumers are the shell spawn gates (CONTEXT Consent & security gates)
2026-06-10T07:08:01.4829038Z - Required stages: impl, unit
2026-06-10T07:08:01.4829062Z 
2026-06-10T07:08:01.4829352Z ### REQ-CONSENT-2
2026-06-10T07:08:01.4831854Z - Title: Interactive consent escalation: an ungated high-risk action routes a consent prompt to the user's most-recently-active session; allow-once / allow-always (writes a grant) / deny; pre-consent flags (can_shutdown, shell_wake_spawn_anywhere) author grants via manifest/settings (CONTEXT Consent & security gates)
2026-06-10T07:08:01.4832203Z - Required stages: impl, unit
2026-06-10T07:08:01.4832232Z 
2026-06-10T07:08:01.4832532Z ### REQ-PRES-1
2026-06-10T07:08:01.4836168Z - Title: Presence resolution: the presence datum (last_active_node, last_active_endpoint, ts) gossiped subnet-wide via the agent-interaction heartbeat (rides registry distribution, visibility-gated) + one first-class most-recently-active resolution API consumed by notif first-fire, update-consent delivery, consent escalation, and shell wake resolution (M5 scope decision 1: resolution only — the PresenceChannel endpoint stays deferred)
2026-06-10T07:08:01.4836611Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4836644Z 
2026-06-10T07:08:01.4836935Z ### REQ-SHELL-1
2026-06-10T07:08:01.4839646Z - Title: Shell hosting machinery: shell perch under the owner (type/owner/adapter_name/status/alias), broker-launched binary + api bind local-link handshake, the three channels (command durable, text+file durable + progress-queryable, sensory REST-only never spooled + dropped-unless-owner-live), owner exclusivity (CONTEXT Shell model)
2026-06-10T07:08:01.4839994Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4840027Z 
2026-06-10T07:08:01.4840318Z ### REQ-SHELL-2
2026-06-10T07:08:01.4844327Z - Title: Shell sleep/wake: link-break always closes the binary (pre-close instruction + termination timeout), ephemeral teardown vs persistent offline/relink, wake_command wake-watcher (offline-only, exit-opcode supervision, exponential backoff + give-up), state-keyed wake resolution (dormant/suspended/active-elsewhere; no-reachable refuses — spawn-anywhere branch deferred), spt shutdown owner cascade + api owner-shutdown gated by can_shutdown (CONTEXT Shell sleep/wake)
2026-06-10T07:08:01.4844686Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4844720Z 
2026-06-10T07:08:01.4845059Z ### REQ-HAZARD-ELEVATED-DAEMON-SPAWN
2026-06-10T07:08:01.4848551Z - Title: The daemon always runs unelevated in the invoking user's universe, regardless of which command spawns it: an elevated spawner de-elevates (Windows: UAC linked token via CreateProcessWithTokenW; Linux: drop to SUDO_UID/SUDO_GID + the invoker's HOME) — an elevated daemon's pipes deny unelevated clients (every later spt reads not-running→spawn→bind Access-denied) and a sudo'd daemon roots the user's state universe (5.7)
2026-06-10T07:08:01.4848906Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4849028Z 
2026-06-10T07:08:01.4849362Z ### REQ-HAZARD-REGISTRY-GHOST-ROWS
2026-06-10T07:08:01.4852951Z - Title: A dead node identity's registry rows must decay: only the per-(endpoint,node) epoch lease supersedes rows, so without eviction a vanished node's rows are immortal and poison bare-id resolution with phantom AcrossNodes ambiguity — evict rows whose author node has not been heard (admitted inbound feed) within the eviction window; own rows never decay; a revived node re-inserts from its durable epoch within one pump cadence (4.10)
2026-06-10T07:08:01.4853285Z - Required stages: doc, impl, unit
2026-06-10T07:08:01.4853442Z 
2026-06-10T07:08:01.4853734Z ### REQ-CLI-1
2026-06-10T07:08:01.4856890Z - Title: spt endpoint noun namespace: absorbs fork/suspend/wake/shutdown/rename/stop/digest + access (ported 1:1: allow|revoke|open|list, decision 21) + description (ex-resources blurb; bare=show, set=author); merged endpoint list [--local|--subnet <name>] grouped by subnet with SELF pinned, --detail adding the ex-resources yellow-pages blurb projection; bare spt endpoint = the list (M8 decisions 1-2, 25)
2026-06-10T07:08:01.4857270Z - Required stages: impl, unit
2026-06-10T07:08:01.4857303Z 
2026-06-10T07:08:01.4857585Z ### REQ-CLI-2
2026-06-10T07:08:01.4859798Z - Title: spt daemon noun: run|stop|status (hidden daemon verb becomes daemon run; agent-endpoint shutdown keeps its name under endpoint); daemon status renders the pump heartbeat (last-tick recency) so a half-dead daemon is never rendered implied-healthy (M8 decisions 5, 23)
2026-06-10T07:08:01.4860118Z - Required stages: impl, unit
2026-06-10T07:08:01.4860160Z 
2026-06-10T07:08:01.4860437Z ### REQ-CLI-3
2026-06-10T07:08:01.4862624Z - Title: Agent hot path stays flat across the M8 reorg: send/ring/ready/whoami/how-to unchanged; notify moves to subnet notify while notif stays top-level; breaking renames land clean with no deprecation shims (zero external CLI consumers pre-spt-claude-code) (M8 decisions 3-4, 9)
2026-06-10T07:08:01.4862949Z - Required stages: impl, unit
2026-06-10T07:08:01.4862983Z 
2026-06-10T07:08:01.4863263Z ### REQ-SUBNET-5
2026-06-10T07:08:01.4866345Z - Title: Per-subnet serve-state: spt subnet detach <NAME> [--save] / attach <NAME> [--save] — daemon keeps running, stops/starts advertising + connecting for that subnet (peer pump + responder selective); --save persists the startup default in daemon config; the all-attached banner gains per-subnet states (M8 decision 6, --save renamed from --auto per decision 25 session)
2026-06-10T07:08:01.4866740Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4866775Z 
2026-06-10T07:08:01.4867070Z ### REQ-SUBNET-6
2026-06-10T07:08:01.4869188Z - Title: Trust lifecycle verbs, elevation-gated: spt subnet leave <NAME> (membership exit) and spt subnet prune <node> (removes a dead identity's trust + registry rows, killing its dead dials; trust mutation = security surface, REQ-PAIR-6 gate machinery) (M8 decisions 6-7)
2026-06-10T07:08:01.4869517Z - Required stages: impl, unit
2026-06-10T07:08:01.4869555Z 
2026-06-10T07:08:01.4869845Z ### REQ-SUBNET-7
2026-06-10T07:08:01.4874271Z - Title: Per-machine re-pair trust overwrite: registry rows carry a hashed stable machine identifier (OS machine id /etc/machine-id|MachineGuid, domain-separated SHA-256 before gossip, spt-minted persisted UUID fallback; additive serde-default field — old rows parse clean); a COMPLETED pairing ceremony presenting the same node label AND machine id as an existing trusted row evicts the superseded identity's trust + registry rows on the seed-holder and replicates the eviction; a gossiped claim alone never evicts trust (M8 decisions 13, 22)
2026-06-10T07:08:01.4874624Z - Required stages: impl, unit
2026-06-10T07:08:01.4874662Z 
2026-06-10T07:08:01.4874948Z ### REQ-SUBNET-8
2026-06-10T07:08:01.4878255Z - Title: Status render honesty: zero-subnet text is daemon-aware ('No subnets registered — this node is standalone.' + daemon-running-dependent blurb, never implying messaging works while the daemon is down); hint footer prints on bare spt subnet only (status drops it); a stalled pump is surfaced in subnet status, never rendered implied-healthy (M8 decisions 11-12, 23)
2026-06-10T07:08:01.4878662Z - Required stages: impl, unit
2026-06-10T07:08:01.4878695Z 
2026-06-10T07:08:01.4879072Z ### REQ-INSTALL-6
2026-06-10T07:08:01.4882315Z - Title: Linux elevation install leg: install.sh symlinks the binary into a sudo-reachable path (/usr/local/bin; graceful print-the-one-liner when unelevated) so sudo spt resolves; first sudo spt detects elevation and prompts ONCE for the default user account — thereafter any elevated daemon launch runs daemon + state under that account, never root (KH 5.7 interplay verified) (M8 decision 8)
2026-06-10T07:08:01.4882788Z - Required stages: impl, unit
2026-06-10T07:08:01.4882821Z 
2026-06-10T07:08:01.4883113Z ### REQ-INSTALL-7
2026-06-10T07:08:01.4886135Z - Title: Windows inbound reachability: the elevated install leg registers the inbound-UDP firewall rule (New-NetFirewallRule); the daemon self-detects blocked inbound and renders it as the no-connection state in subnet status + the coming-online banner (covers user-scope installs that skip the elevated leg — never a silent NO_SEED_HOLDER dead-end) (M8 root cause 3)
2026-06-10T07:08:01.4886469Z - Required stages: impl
2026-06-10T07:08:01.4886502Z 
2026-06-10T07:08:01.4886798Z ### REQ-INSTALL-8
2026-06-10T07:08:01.4890008Z - Title: OS-service registration (REQ-INSTALL-1's deferred third leg): Linux systemd USER service + loginctl enable-linger (linger rides the elevated install leg; daemon starts at boot pre-login, user universe per KH 5.7, systemctl --user managed); Windows scheduled task at-logon (interactive session, no stored credentials); a node is reachable after reboot without any manual spt invocation (M8 decision 17)
2026-06-10T07:08:01.4890336Z - Required stages: impl
2026-06-10T07:08:01.4890370Z 
2026-06-10T07:08:01.4890665Z ### REQ-CONV-1
2026-06-10T07:08:01.4894438Z - Title: Peer address seeding, both cold starts: durable peer-addrs.json (identity dir) maps peer pubkey → last-known dialable address; the pump's resolver consults it FIRST with id-only discovery fallback on miss or dial failure (a stale addr never strands a peer); written by the pairing ceremony (both sides, from the live connection) and by the pump on successful connect; post-join first sync and post-restart resync converge in seconds, not ~1 min (M8 decisions 14, 20)
2026-06-10T07:08:01.4894886Z - Required stages: impl, unit
2026-06-10T07:08:01.4894910Z 
2026-06-10T07:08:01.4895205Z ### REQ-CONV-2
2026-06-10T07:08:01.4898135Z - Title: Event-driven advertisement: endpoint online/offline transitions (ready-listener start/stop, rest-state transition, perch death) trigger an immediate advertise_local + peer push as a WAKE of the existing pump loop (no second advertisement path — epoch lease + visibility gates ride unchanged); the cadence stays the steady-state floor (M8 decision 15)
2026-06-10T07:08:01.4898474Z - Required stages: impl, unit
2026-06-10T07:08:01.4898513Z 
2026-06-10T07:08:01.4898794Z ### REQ-PAIR-8
2026-06-10T07:08:01.4902266Z - Title: NTP TOTP offset: the pairing ceremony queries NTP at ceremony time (both sides) and applies the derived offset to the TOTP calculation in-process only; system-clock fallback when NTP is unreachable (offline LAN pairing unaffected — NTP failure never blocks a pairing that succeeds today); never sets the OS clock; no background sync loop (M8 decision 18; field trigger: enlyzeam clock >1 min off exceeds the ±1 window)
2026-06-10T07:08:01.4902634Z - Required stages: impl, unit
2026-06-10T07:08:01.4902668Z 
2026-06-10T07:08:01.4902959Z ### REQ-DAEMON-5
2026-06-10T07:08:01.4906624Z - Title: Pump liveness: the peer pump writes a last-tick heartbeat consumed by daemon status / subnet status (decision 23 render legs in REQ-CLI-2/REQ-SUBNET-8); the daemon supervises the pump task — a panic is caught, logged loudly, and the pump restarts with capped backoff (≤5 min), so a 5.9-class death self-heals visibly instead of silently halving the daemon (M8 decision 23; field motivation: hfenduleam 2026-06-07 half-death)
2026-06-10T07:08:01.4906969Z - Required stages: impl, unit
2026-06-10T07:08:01.4907026Z 
2026-06-10T07:08:01.4907312Z ### REQ-DAEMON-6
2026-06-10T07:08:01.4912627Z - Title: Service-aware `daemon start`/`stop`: when an OS service manager has a registered spt-daemon for this user, `spt daemon start` and `spt daemon stop` drive THAT service (so stop doesn't IPC-kill a unit that auto-restart-fights for the broker socket — the kitsubito 2026-06-08 loop). `start` graduates from a `run` alias to a first-class background verb (ensure-up, idempotent, non-blocking); stop routes managed→manager, manual→IPC. Linux=systemd user unit (`systemctl --user start|stop|is-active spt-daemon`, detected by unit-file presence); Windows=no controllable manager (the logon task is boot-only), so start=detached spawn / stop=IPC.
2026-06-10T07:08:01.4913089Z - Required stages: impl, unit
2026-06-10T07:08:01.4913122Z 
2026-06-10T07:08:01.4913408Z ### REQ-DAEMON-7
2026-06-10T07:08:01.4917198Z - Title: `daemon run` is foreground-consistent on every platform: the invoking process IS the daemon, blocks until signalled, never auto-detaches or respawns into an invisible background task. The detached/de-elevated background behavior lives ONLY in `start`. Windows: an ELEVATED `daemon run` refuses with guidance (use `start`, or an unelevated shell) instead of respawning detached/de-elevated and vanishing (KH 5.7 preserved — it still never serves elevated).
2026-06-10T07:08:01.4917548Z - Required stages: impl, unit
2026-06-10T07:08:01.4917581Z 
2026-06-10T07:08:01.4917877Z ### REQ-DAEMON-8
2026-06-10T07:08:01.4920630Z - Title: Internal auto-start prefers the service: `ensure_running` (any spt command's implicit daemon start, REQ-DAEMON-3) routes through the service-aware start path — when a manager has a registered service it starts THAT, never a competing manual `spawn_detached` daemon that would fight the service for the socket.
2026-06-10T07:08:01.4920959Z - Required stages: impl, unit
2026-06-10T07:08:01.4920997Z 
2026-06-10T07:08:01.4921283Z ### REQ-DAEMON-9
2026-06-10T07:08:01.4927716Z - Title: Net-bind boot-race resilience: a daemon that comes up net-less (NetHost::start failed — e.g. the systemd unit autostarted before the network/DNS stack was ready, `Failed to create an address lookup service`) must SELF-HEAL — retry the net bring-up in the background with capped backoff and, on success, attach net to the broker + spawn the dispatcher/peer-pump (which today are gated on `net_up` at boot and so never start, leaving the node silently unreachable until a manual restart — kitsubito 2026-06-08). Status surfaces the net-less state honestly (a net-less broker renders as 'no connection', not only a pump-STALLED line with a bogus pre-boot heartbeat age). The installer's autostart unit waits for the network (`Wants=/After=network-online.target`) as belt-and-suspenders.
2026-06-10T07:08:01.4928080Z - Required stages: impl, unit
2026-06-10T07:08:01.4928117Z 
2026-06-10T07:08:01.4928428Z ### REQ-HAZARD-EPOCH-RESET
2026-06-10T07:08:01.4932120Z - Title: Advertisement-epoch reset strands a node: peers' higher last-seen epoch drops the reset node's fresh advertisements as Stale until the counter outruns history. Common case (full reinstall/re-pair) is mitigated by REQ-SUBNET-7's ceremony eviction (peer-side epoch memory dies with the deleted row — acceptance-verified); the residual narrow slice (epoch file lost, identity kept) is documented, guard deferred to a field hit (4.11)
2026-06-10T07:08:01.4932440Z - Required stages: 
2026-06-10T07:08:01.4932473Z 
2026-06-10T07:08:01.4932750Z ### REQ-MESH-1
2026-06-10T07:08:01.4938484Z - Title: Membership proof (seed-proof): symmetric current-epoch seed-knowledge replaces is_trusted at EVERY inbound gate (registry apply, WAN receive, sync, notif, connection accept). MK = HKDF(seed, domain ‖ subnet_id ‖ seed_epoch); mutual channel-bound challenge-response at connect (transcript binds both handshake-proven node pubkeys, both nonces, subnet_id, seed_epoch, role); verified once per connection, cached on the broker ConnEntry, kept warm via QUIC keep-alive so re-proof is restart/partition/rotation-only. Exact-epoch match (re-seed is the sole N-1 exception). SECURITY INVARIANTS: channel-bound (no cross-connection replay), mutual, accepts a member it never paired (the mesh property).
2026-06-10T07:08:01.4938840Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4938874Z 
2026-06-10T07:08:01.4939236Z ### REQ-MESH-2
2026-06-10T07:08:01.4946424Z - Title: Member roster: node-level union-merge grow-set (per member: pubkey, label, machine_id, last-known address, last-seen — NOT the seed), the discovery directory the mesh dials by. Seeded IN FULL at pairing (seed-holder hands joiner the whole current roster, incl. offline members — folds in deferred pairing-time hostname capture + post-join address seeding); each node authors its own entry stamped with its lease_epoch, merged strictly-greater-wins (the node_label lease); exchanged only over seed-proof'd member connections; forgery-inert (a fake entry names a pubkey that still can't seed-proof). Removal needs a TOMBSTONE — a per-pubkey revoked marker that propagates, dominates the entry, gates admission (seed-proof ∧ ¬tombstoned), and prevents reinsert; cleared by a completed re-pair of that pubkey. Persists through silence (offline member keeps its entry).
2026-06-10T07:08:01.4946971Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4947009Z 
2026-06-10T07:08:01.4947305Z ### REQ-MESH-3
2026-06-10T07:08:01.4951883Z - Title: Mesh row fan-out: registry rows stay OWN-AUTHORED; the only change is the push target widens from directly-paired peers to ALL roster members (a wider DIRECT fan-out, never a third-party relay). Every row/message still arrives from its author over a handshake → KNOWN-HAZARDS 7.5 (origin = handshake node) and 4.10 (eviction lease: any future update comes from that node itself, alive) PRESERVED VERBATIM. Closes the staggered A→B→C repro: C (roster-seeded with A at pairing) initiates to A, seed-proof admits C unpaired, A learns C, both push directly.
2026-06-10T07:08:01.4952258Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4952406Z 
2026-06-10T07:08:01.4952697Z ### REQ-MESH-4
2026-06-10T07:08:01.4958743Z - Title: Revoke + timeboxed seed rotation + re-seed grace: `spt subnet revoke <node>...` (list, elevation-gated, revoke-only) writes roster tombstones immediately, then schedules ONE seed rotation (re-mint seed, bump seed_epoch, push new seed CONFIDENTIALLY over member-auth'd TLS connections — never in roster/registry gossip — force-drop revokees) at the close of a coalescing window (default 1h); further revokes in the window join the same rotation (one epoch bump). `--force-rotate-seed` rotates immediately (compromised-node path). RE-SEED GRACE: a node proving the immediately-prior epoch (N-1) AND still on the roster gets a re-seed-only restricted connection (auto-heals a benign offliner); revoked/off-roster denied; ≥2 stale → re-pair.
2026-06-10T07:08:01.4959191Z - Required stages: impl, unit, int
2026-06-10T07:08:01.4959229Z 
2026-06-10T07:08:01.4959514Z ### REQ-MESH-5
2026-06-10T07:08:01.4963313Z - Title: Hard cutover from pairwise trust: delete peers.json + the is_trusted authorization path (no migration — expendable test fleet, re-pairs fresh under the new model, user decision 2026-06-08). Warn-on-change DEMOTED from a gate to an awareness notice anchored on machine_id (not label): 'machine M, last seen as K1, now presents K2' — fires the same event as the REQ-SUBNET-7 re-pair overwrite. The TrustStore/peers.json code and its call sites are removed, not left dead.
2026-06-10T07:08:01.4963661Z - Required stages: impl, unit
2026-06-10T07:08:01.4963714Z 
2026-06-10T07:08:01.4964004Z ### REQ-MESH-6
2026-06-10T07:08:01.4967302Z - Title: Concurrent liveness probes: `spt subnet status --nodes` fans out its offline/serve-probes (REQ-SUBNET-5) CONCURRENTLY — total wall-time bounded by the single-probe ceiling (~3s), never k×ceiling. The mesh makes a node see ALL members (many possibly offline), so a serial probe loop would be offline_count×3s. (Planning verifies the current REQ-SUBNET-5 probe loop's behavior and fixes it if serial.)
2026-06-10T07:08:01.4967651Z - Required stages: impl, unit
2026-06-10T07:08:01.4967684Z 
2026-06-10T07:08:01.4967973Z ## How to report back
2026-06-10T07:08:01.4968006Z 
2026-06-10T07:08:01.4968501Z For every (requirement, failing criterion) pair, emit one finding:
2026-06-10T07:08:01.4968535Z 
2026-06-10T07:08:01.4968807Z     {
2026-06-10T07:08:01.4969203Z       "code": "requirement_quality",
2026-06-10T07:08:01.4969518Z       "requirementId": "REQ-...",
2026-06-10T07:08:01.4970013Z       "criterion": "singular" | "verifiable" | "atomic" | "active-voice",
2026-06-10T07:08:01.4970458Z       "message": "<short reason>",
2026-06-10T07:08:01.4970816Z       "suggestedRevision": "<optional rewrite>"
2026-06-10T07:08:01.4971102Z     }
2026-06-10T07:08:01.4971136Z 
2026-06-10T07:08:01.4971683Z Wrap your response as { "findings": [ ... ] } listing only your concerns; the
2026-06-10T07:08:01.4972114Z deterministic findings above don't need to be repeated.
