﻿2026-06-10T22:49:44.8567636Z ##[group]Run ./traceable-reqs lint || true
2026-06-10T22:49:44.8567792Z [36;1m./traceable-reqs lint || true[0m
2026-06-10T22:49:44.8580759Z shell: /usr/bin/bash -e {0}
2026-06-10T22:49:44.8580859Z ##[endgroup]
2026-06-10T22:49:44.8756364Z Requirement quality findings (82); 181 requirements queued for agent review:
2026-06-10T22:49:44.8757104Z   [must] requirement_quality REQ-API-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8757647Z   [must] requirement_quality REQ-CLI-1 criterion=length — title is 47 words; want 3..=25
2026-06-10T22:49:44.8758160Z   [must] requirement_quality REQ-CLI-2 criterion=length — title is 37 words; want 3..=25
2026-06-10T22:49:44.8758630Z   [must] requirement_quality REQ-CLI-3 criterion=length — title is 37 words; want 3..=25
2026-06-10T22:49:44.8759264Z   [must] requirement_quality REQ-CONSENT-1 criterion=length — title is 41 words; want 3..=25
2026-06-10T22:49:44.8759752Z   [must] requirement_quality REQ-CONSENT-2 criterion=length — title is 37 words; want 3..=25
2026-06-10T22:49:44.8760514Z   [must] requirement_quality REQ-CONV-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8761070Z   [must] requirement_quality REQ-CONV-1 criterion=length — title is 73 words; want 3..=25
2026-06-10T22:49:44.8761431Z   [must] requirement_quality REQ-CONV-2 criterion=length — title is 47 words; want 3..=25
2026-06-10T22:49:44.8761894Z   [must] requirement_quality REQ-DAEMON-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8762184Z   [must] requirement_quality REQ-DAEMON-5 criterion=length — title is 64 words; want 3..=25
2026-06-10T22:49:44.8762638Z   [must] requirement_quality REQ-DAEMON-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8763071Z   [must] requirement_quality REQ-DAEMON-6 criterion=length — title is 84 words; want 3..=25
2026-06-10T22:49:44.8763490Z   [must] requirement_quality REQ-DAEMON-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8763807Z   [must] requirement_quality REQ-DAEMON-7 criterion=length — title is 62 words; want 3..=25
2026-06-10T22:49:44.8764097Z   [must] requirement_quality REQ-DAEMON-8 criterion=length — title is 44 words; want 3..=25
2026-06-10T22:49:44.8764465Z   [must] requirement_quality REQ-DAEMON-9 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8764722Z   [must] requirement_quality REQ-DAEMON-9 criterion=length — title is 114 words; want 3..=25
2026-06-10T22:49:44.8765176Z   [must] requirement_quality REQ-HAZARD-BROKER-PROCESS-ISOLATION criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8765715Z   [must] requirement_quality REQ-HAZARD-BROKER-PROCESS-ISOLATION criterion=length — title is 114 words; want 3..=25
2026-06-10T22:49:44.8766059Z   [must] requirement_quality REQ-HAZARD-CONFLICT-BOTH-PRESERVED criterion=length — title is 29 words; want 3..=25
2026-06-10T22:49:44.8766405Z   [must] requirement_quality REQ-HAZARD-DAEMON-SCHED-NONBLOCKING criterion=length — title is 32 words; want 3..=25
2026-06-10T22:49:44.8766739Z   [must] requirement_quality REQ-HAZARD-DETACHED-PIPE-INHERIT criterion=length — title is 52 words; want 3..=25
2026-06-10T22:49:44.8767173Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8767502Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=length — title is 58 words; want 3..=25
2026-06-10T22:49:44.8767921Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8768250Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=length — title is 73 words; want 3..=25
2026-06-10T22:49:44.8768669Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-PARSER-SAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8769238Z   [must] requirement_quality REQ-HAZARD-EPOCH-RESET criterion=length — title is 60 words; want 3..=25
2026-06-10T22:49:44.8769640Z   [must] requirement_quality REQ-HAZARD-GEN-START-NOW criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8769964Z   [must] requirement_quality REQ-HAZARD-INSTANT-UNDERFLOW criterion=length — title is 30 words; want 3..=25
2026-06-10T22:49:44.8770264Z   [must] requirement_quality REQ-HAZARD-PAIR-RATE-LIMIT criterion=length — title is 37 words; want 3..=25
2026-06-10T22:49:44.8770579Z   [must] requirement_quality REQ-HAZARD-PAIR-SEED-ROTATION criterion=length — title is 33 words; want 3..=25
2026-06-10T22:49:44.8771017Z   [must] requirement_quality REQ-HAZARD-PAIR-TRANSCRIPT-BIND criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8771672Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8772020Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=length — title is 27 words; want 3..=25
2026-06-10T22:49:44.8772444Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8772768Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=length — title is 66 words; want 3..=25
2026-06-10T22:49:44.8773088Z   [must] requirement_quality REQ-HAZARD-ROLLBACK-STATE-COMPAT criterion=length — title is 72 words; want 3..=25
2026-06-10T22:49:44.8773403Z   [must] requirement_quality REQ-HAZARD-SUDO-SECURE-PATH criterion=length — title is 43 words; want 3..=25
2026-06-10T22:49:44.8773699Z   [must] requirement_quality REQ-HAZARD-WAN-ORIGIN-AUTH criterion=length — title is 37 words; want 3..=25
2026-06-10T22:49:44.8773959Z   [must] requirement_quality REQ-INST-15 criterion=length — title is 32 words; want 3..=25
2026-06-10T22:49:44.8774229Z   [must] requirement_quality REQ-INSTALL-2 criterion=length — title is 2 word(s); want 3..=25
2026-06-10T22:49:44.8774600Z   [must] requirement_quality REQ-INSTALL-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8774868Z   [must] requirement_quality REQ-INSTALL-6 criterion=length — title is 56 words; want 3..=25
2026-06-10T22:49:44.8775230Z   [must] requirement_quality REQ-INSTALL-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8775487Z   [must] requirement_quality REQ-INSTALL-7 criterion=length — title is 50 words; want 3..=25
2026-06-10T22:49:44.8775869Z   [must] requirement_quality REQ-INSTALL-8 criterion=length — title is 55 words; want 3..=25
2026-06-10T22:49:44.8776227Z   [must] requirement_quality REQ-MANIFEST-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8776479Z   [must] requirement_quality REQ-MESH-1 criterion=length — title is 86 words; want 3..=25
2026-06-10T22:49:44.8776827Z   [must] requirement_quality REQ-MESH-2 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8777075Z   [must] requirement_quality REQ-MESH-2 criterion=length — title is 120 words; want 3..=25
2026-06-10T22:49:44.8777418Z   [must] requirement_quality REQ-MESH-3 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8777666Z   [must] requirement_quality REQ-MESH-3 criterion=length — title is 86 words; want 3..=25
2026-06-10T22:49:44.8778024Z   [must] requirement_quality REQ-MESH-4 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8778268Z   [must] requirement_quality REQ-MESH-4 criterion=length — title is 99 words; want 3..=25
2026-06-10T22:49:44.8778738Z   [must] requirement_quality REQ-MESH-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8779076Z   [must] requirement_quality REQ-MESH-5 criterion=length — title is 72 words; want 3..=25
2026-06-10T22:49:44.8779440Z   [must] requirement_quality REQ-MESH-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8779684Z   [must] requirement_quality REQ-MESH-6 criterion=length — title is 56 words; want 3..=25
2026-06-10T22:49:44.8780051Z   [must] requirement_quality REQ-MIGRATE-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8780299Z   [must] requirement_quality REQ-MSG-4 criterion=length — title is 31 words; want 3..=25
2026-06-10T22:49:44.8780657Z   [must] requirement_quality REQ-PAIR-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8780910Z   [must] requirement_quality REQ-PAIR-8 criterion=length — title is 67 words; want 3..=25
2026-06-10T22:49:44.8781257Z   [must] requirement_quality REQ-PRES-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8781502Z   [must] requirement_quality REQ-PRES-1 criterion=length — title is 48 words; want 3..=25
2026-06-10T22:49:44.8781770Z   [must] requirement_quality REQ-SEAM-SPAWN criterion=length — title is 2 word(s); want 3..=25
2026-06-10T22:49:44.8782024Z   [must] requirement_quality REQ-SHELL-1 criterion=length — title is 36 words; want 3..=25
2026-06-10T22:49:44.8782270Z   [must] requirement_quality REQ-SHELL-2 criterion=length — title is 49 words; want 3..=25
2026-06-10T22:49:44.8782514Z   [must] requirement_quality REQ-STORE-1 criterion=length — title is 34 words; want 3..=25
2026-06-10T22:49:44.8782781Z   [must] requirement_quality REQ-SUBNET-5 criterion=length — title is 52 words; want 3..=25
2026-06-10T22:49:44.8783134Z   [must] requirement_quality REQ-SUBNET-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8783401Z   [must] requirement_quality REQ-SUBNET-6 criterion=length — title is 38 words; want 3..=25
2026-06-10T22:49:44.8783749Z   [must] requirement_quality REQ-SUBNET-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8784002Z   [must] requirement_quality REQ-SUBNET-7 criterion=length — title is 75 words; want 3..=25
2026-06-10T22:49:44.8784259Z   [must] requirement_quality REQ-SUBNET-8 criterion=length — title is 53 words; want 3..=25
2026-06-10T22:49:44.8784605Z   [must] requirement_quality REQ-UPD-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8784970Z   [must] requirement_quality REQ-UPD-6 criterion=length — title is 32 words; want 3..=25
2026-06-10T22:49:44.8785319Z   [must] requirement_quality REQ-UPD-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8785571Z   [must] requirement_quality REQ-UPD-7 criterion=length — title is 88 words; want 3..=25
2026-06-10T22:49:44.8786043Z   [must] requirement_quality REQ-UPD-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-10T22:49:44.8786306Z   [must] requirement_quality REQ-UPD-8 criterion=length — title is 115 words; want 3..=25
2026-06-10T22:49:44.8786339Z 
2026-06-10T22:49:44.8786448Z # Requirement quality review
2026-06-10T22:49:44.8786482Z 
2026-06-10T22:49:44.8786686Z You are reviewing 181 requirement(s) from `traceable-reqs.toml` against a quality
2026-06-10T22:49:44.8786883Z rubric. Deterministic checks (length, contains-and, tbd-todo, duplicate-titles,
2026-06-10T22:49:44.8787087Z trailing-etc) have already run and surfaced as `requirement_quality` findings on
2026-06-10T22:49:44.8787251Z this command's output. Your task is the rubric items below.
2026-06-10T22:49:44.8787284Z 
2026-06-10T22:49:44.8787382Z ## Rubric
2026-06-10T22:49:44.8787411Z 
2026-06-10T22:49:44.8787816Z - **singular** — describes one capability; no smuggled "and"/"or" across distinct actions.
2026-06-10T22:49:44.8788059Z - **verifiable** — states an observable behavior a test or reviewer could confirm.
2026-06-10T22:49:44.8788279Z - **atomic** — cannot be split into two requirements without losing meaning.
2026-06-10T22:49:44.8788455Z - **active-voice** — clear subject and active verb.
2026-06-10T22:49:44.8788484Z 
2026-06-10T22:49:44.8788712Z If a criterion is borderline or doesn't apply, abstain — only emit findings for
2026-06-10T22:49:44.8788818Z clear concerns.
2026-06-10T22:49:44.8788852Z 
2026-06-10T22:49:44.8789022Z ## Requirements
2026-06-10T22:49:44.8789085Z 
2026-06-10T22:49:44.8789185Z ### REQ-ARCH-1
2026-06-10T22:49:44.8789327Z - Title: Many small acyclically-layered crates
2026-06-10T22:49:44.8789428Z - Required stages: impl
2026-06-10T22:49:44.8789462Z 
2026-06-10T22:49:44.8789565Z ### REQ-ARCH-2
2026-06-10T22:49:44.8789722Z - Title: Public SDK surface is spt-proto, spt-runtime, spt-msg
2026-06-10T22:49:44.8789831Z - Required stages: impl
2026-06-10T22:49:44.8789869Z 
2026-06-10T22:49:44.8789963Z ### REQ-ARCH-3
2026-06-10T22:49:44.8790150Z - Title: Wire-protocol version independent of crate semver, N-1 compat window
2026-06-10T22:49:44.8790259Z - Required stages: impl, unit
2026-06-10T22:49:44.8790292Z 
2026-06-10T22:49:44.8790383Z ### REQ-ARCH-4
2026-06-10T22:49:44.8790549Z - Title: Copy-verbatim the commodity layer from the sister project
2026-06-10T22:49:44.8790658Z - Required stages: impl, unit
2026-06-10T22:49:44.8790688Z 
2026-06-10T22:49:44.8790784Z ### REQ-DAEMON-1
2026-06-10T22:49:44.8790940Z - Title: One per-machine spt-daemon owning all per-machine state
2026-06-10T22:49:44.8791051Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8791089Z 
2026-06-10T22:49:44.8791189Z ### REQ-DAEMON-2
2026-06-10T22:49:44.8791327Z - Title: Broker/brain split for seamless self-update
2026-06-10T22:49:44.8791436Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8791470Z 
2026-06-10T22:49:44.8791579Z ### REQ-DAEMON-3
2026-06-10T22:49:44.8791728Z - Title: Any api invocation auto-starts the daemon if absent
2026-06-10T22:49:44.8791837Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8791870Z 
2026-06-10T22:49:44.8791967Z ### REQ-DAEMON-4
2026-06-10T22:49:44.8792085Z - Title: Honor every KNOWN-HAZARDS invariant
2026-06-10T22:49:44.8792199Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8792233Z 
2026-06-10T22:49:44.8792325Z ### REQ-STORE-1
2026-06-10T22:49:44.8793140Z - Title: spt-store::BranchStore (git branch as versioned KV; commit=checkpoint/tip=resume, atomic multi-key, merge-native sync) is the substrate for coarse/durable/audited state (context, registry snapshot+distribution, daemon checkpoint); hot paths (B5 fsync journal) + indexed queries (SQLite spool) excluded (ADR-0011)
2026-06-10T22:49:44.8793502Z - Required stages: impl, unit
2026-06-10T22:49:44.8793535Z 
2026-06-10T22:49:44.8793623Z ### REQ-MANIFEST-1
2026-06-10T22:49:44.8793798Z - Title: Per-adapter manifest with adapter_name and min_spt_core_version
2026-06-10T22:49:44.8793898Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8793938Z 
2026-06-10T22:49:44.8794027Z ### REQ-SEAM-SPAWN
2026-06-10T22:49:44.8794127Z - Title: spawn-session seam
2026-06-10T22:49:44.8794233Z - Required stages: impl, unit
2026-06-10T22:49:44.8794262Z 
2026-06-10T22:49:44.8794361Z ### REQ-SEAM-POSTSPAWN
2026-06-10T22:49:44.8794480Z - Title: post-spawn / api bind seam with boot nonce
2026-06-10T22:49:44.8794577Z - Required stages: impl, unit
2026-06-10T22:49:44.8794614Z 
2026-06-10T22:49:44.8794713Z ### REQ-SEAM-PSYCHE
2026-06-10T22:49:44.8794843Z - Title: spawn-psyche seam (fresh + resume templates)
2026-06-10T22:49:44.8794953Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8794986Z 
2026-06-10T22:49:44.8795079Z ### REQ-SEAM-HISTORY
2026-06-10T22:49:44.8795256Z - Title: History subsystem (fetcher / locate-normalize / native store)
2026-06-10T22:49:44.8795354Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8795387Z 
2026-06-10T22:49:44.8795589Z ### REQ-SEAM-ACTIVITY
2026-06-10T22:49:44.8795763Z - Title: Activity/idle reported via api sentinels, not PTY quiescence
2026-06-10T22:49:44.8795865Z - Required stages: impl, unit
2026-06-10T22:49:44.8795894Z 
2026-06-10T22:49:44.8795993Z ### REQ-SEAM-INJECT
2026-06-10T22:49:44.8796146Z - Title: inject-input methods configurable per activity-state
2026-06-10T22:49:44.8796260Z - Required stages: impl, unit
2026-06-10T22:49:44.8796294Z 
2026-06-10T22:49:44.8796388Z ### REQ-SEAM-RESUME
2026-06-10T22:49:44.8796556Z - Title: resume-session seam (fresh-with-preload / continue-existing)
2026-06-10T22:49:44.8796670Z - Required stages: impl, unit
2026-06-10T22:49:44.8796703Z 
2026-06-10T22:49:44.8796800Z ### REQ-SEAM-CAPABILITY
2026-06-10T22:49:44.8796947Z - Title: Hostable endpoint-types capability declaration
2026-06-10T22:49:44.8797056Z - Required stages: impl, unit
2026-06-10T22:49:44.8797080Z 
2026-06-10T22:49:44.8797176Z ### REQ-SEAM-UPDATE
2026-06-10T22:49:44.8797323Z - Title: Adapter-update avenue (file-pull / delegated command)
2026-06-10T22:49:44.8797420Z - Required stages: impl, unit
2026-06-10T22:49:44.8797453Z 
2026-06-10T22:49:44.8797547Z ### REQ-API-1
2026-06-10T22:49:44.8797701Z - Title: api prefix and adapter_name on every machinery invocation
2026-06-10T22:49:44.8797796Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8797830Z 
2026-06-10T22:49:44.8797923Z ### REQ-API-2
2026-06-10T22:49:44.8798119Z - Title: The api subcommand surface (bind/listen/poll/state/worker/boundary/...)
2026-06-10T22:49:44.8798233Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8798261Z 
2026-06-10T22:49:44.8798352Z ### REQ-API-3
2026-06-10T22:49:44.8798481Z - Title: commune/signoff are file-drops, not commands
2026-06-10T22:49:44.8798595Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8798628Z 
2026-06-10T22:49:44.8798720Z ### REQ-START-1
2026-06-10T22:49:44.8798910Z - Title: Adapters never resolve SPT_HOME; binary on PATH; api bridging only
2026-06-10T22:49:44.8799111Z - Required stages: impl, unit
2026-06-10T22:49:44.8799153Z 
2026-06-10T22:49:44.8799248Z ### REQ-START-2
2026-06-10T22:49:44.8799378Z - Title: Harness-hosted startup: api seed then listen
2026-06-10T22:49:44.8799487Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8799516Z 
2026-06-10T22:49:44.8799606Z ### REQ-START-3
2026-06-10T22:49:44.8799755Z - Title: spt-hosted startup: spawn-session then api bind (no file)
2026-06-10T22:49:44.8799873Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8799906Z 
2026-06-10T22:49:44.8799994Z ### REQ-START-4
2026-06-10T22:49:44.8800126Z - Title: Adapter-injected env aliases (SPT/OWL/LIVE)
2026-06-10T22:49:44.8800230Z - Required stages: impl, unit
2026-06-10T22:49:44.8800267Z 
2026-06-10T22:49:44.8800457Z ### REQ-EP-1
2026-06-10T22:49:44.8800589Z - Title: Day-one endpoint types; open type system
2026-06-10T22:49:44.8800695Z - Required stages: impl, unit
2026-06-10T22:49:44.8800724Z 
2026-06-10T22:49:44.8800819Z ### REQ-EP-2
2026-06-10T22:49:44.8800971Z - Title: Agent endpoints vs Shells distinction in the type model
2026-06-10T22:49:44.8801072Z - Required stages: impl, unit
2026-06-10T22:49:44.8801105Z 
2026-06-10T22:49:44.8801205Z ### REQ-EP-3
2026-06-10T22:49:44.8801382Z - Title: Messaging payloads carry typed operation commands + file blobs
2026-06-10T22:49:44.8801481Z - Required stages: impl, unit
2026-06-10T22:49:44.8801515Z 
2026-06-10T22:49:44.8801606Z ### REQ-EP-4
2026-06-10T22:49:44.8801735Z - Title: PresenceChannel broker endpoint (seam day-one)
2026-06-10T22:49:44.8801844Z - Required stages: impl, unit
2026-06-10T22:49:44.8801877Z 
2026-06-10T22:49:44.8801969Z ### REQ-EP-5
2026-06-10T22:49:44.8802580Z - Title: Concrete shell instantiation model: spawn-mints-instance (vs relink/online), registered-on-node permission + broadcast-is-discovery, per-shell require_approval gate, max_instances_per_owner + over_cap, instance aliasing, discovery scope
2026-06-10T22:49:44.8802726Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8802759Z 
2026-06-10T22:49:44.8802856Z ### REQ-INST-1
2026-06-10T22:49:44.8803102Z - Title: endpoint ID vs instance split (adapter-agnostic ID)
2026-06-10T22:49:44.8803197Z - Required stages: 
2026-06-10T22:49:44.8803226Z 
2026-06-10T22:49:44.8803315Z ### REQ-INST-2
2026-06-10T22:49:44.8803428Z - Title: Per-node files, synced Psyche mind
2026-06-10T22:49:44.8803524Z - Required stages: impl, unit
2026-06-10T22:49:44.8803558Z 
2026-06-10T22:49:44.8803657Z ### REQ-INST-3
2026-06-10T22:49:44.8803800Z - Title: Dormant (warm) / suspended (cold) resting states
2026-06-10T22:49:44.8803901Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8803934Z 
2026-06-10T22:49:44.8804029Z ### REQ-INST-4
2026-06-10T22:49:44.8804183Z - Title: active to dormant/suspended fires a transition echo commune
2026-06-10T22:49:44.8804292Z - Required stages: impl, unit
2026-06-10T22:49:44.8804320Z 
2026-06-10T22:49:44.8804405Z ### REQ-INST-5
2026-06-10T22:49:44.8804563Z - Title: Two-tier context sync (live to all, project to same-project)
2026-06-10T22:49:44.8810899Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8810980Z 
2026-06-10T22:49:44.8811098Z ### REQ-INST-6
2026-06-10T22:49:44.8811304Z - Title: Deferred messages not delivered to dormant/suspended instances
2026-06-10T22:49:44.8811426Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8811460Z 
2026-06-10T22:49:44.8811556Z ### REQ-INST-7
2026-06-10T22:49:44.8811703Z - Title: Subnet registry + bare-id resolution policy
2026-06-10T22:49:44.8811808Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8811847Z 
2026-06-10T22:49:44.8811942Z ### REQ-INST-8
2026-06-10T22:49:44.8812099Z - Title: Remote-control mode distinct from local operation
2026-06-10T22:49:44.8812200Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8812233Z 
2026-06-10T22:49:44.8812333Z ### REQ-INST-9
2026-06-10T22:49:44.8812505Z - Title: Multi-subnet membership (same-user N subnets; cross-user seam)
2026-06-10T22:49:44.8812619Z - Required stages: impl, unit
2026-06-10T22:49:44.8812652Z 
2026-06-10T22:49:44.8812747Z ### REQ-INST-10
2026-06-10T22:49:44.8812952Z - Title: Qualified addressing [subnet:]id[@node] + ambiguity forces qualification
2026-06-10T22:49:44.8813058Z - Required stages: impl, unit
2026-06-10T22:49:44.8813092Z 
2026-06-10T22:49:44.8813187Z ### REQ-INST-11
2026-06-10T22:49:44.8813392Z - Title: spt rename <id> rippled to all instances (collision-checked, 6.5-reconciled)
2026-06-10T22:49:44.8813502Z - Required stages: impl, unit
2026-06-10T22:49:44.8813535Z 
2026-06-10T22:49:44.8813624Z ### REQ-INST-12
2026-06-10T22:49:44.8813898Z - Title: Endpoint visibility per-(endpoint,subnet): excluded semantics, OR-of-defaults + override, gates sync
2026-06-10T22:49:44.8814003Z - Required stages: impl, unit
2026-06-10T22:49:44.8814036Z 
2026-06-10T22:49:44.8814128Z ### REQ-INST-13
2026-06-10T22:49:44.8814447Z - Title: Subnet-exclusive sync + per-endpoint subnet-membership list
2026-06-10T22:49:44.8814551Z - Required stages: impl, unit
2026-06-10T22:49:44.8814584Z 
2026-06-10T22:49:44.8814680Z ### REQ-INST-14
2026-06-10T22:49:44.8815024Z - Title: Resource advertisement (subnet resource registry): free-text blurb, both-authored, registry projection, visibility/whitelist-gated
2026-06-10T22:49:44.8815142Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8815176Z 
2026-06-10T22:49:44.8815276Z ### REQ-INST-15
2026-06-10T22:49:44.8815939Z - Title: Immutable home subnet (assigned at creation: auto-if-one/ask-if-many) + spt fork (cross-subnet clone to a new identity, copy-then-diverge, not re-home); adapter chosen at creation from registered hostable adapters, changed only via launch/resume-under-new (ADR-0010)
2026-06-10T22:49:44.8816054Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8816087Z 
2026-06-10T22:49:44.8816181Z ### REQ-REACH-1
2026-06-10T22:49:44.8816343Z - Title: Off-node remote-drive detection + file transfer
2026-06-10T22:49:44.8816451Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8816489Z 
2026-06-10T22:49:44.8816578Z ### REQ-REACH-2
2026-06-10T22:49:44.8816728Z - Title: Remote command execution (deferred, consent-gated)
2026-06-10T22:49:44.8816927Z - Required stages: 
2026-06-10T22:49:44.8816956Z 
2026-06-10T22:49:44.8817052Z ### REQ-MSG-1
2026-06-10T22:49:44.8817470Z - Title: Local message delivery: TCP-first to a registered address, spool fallback when offline; id->address via registry (stale-clean first); reply routing (__REPLY_TO__)
2026-06-10T22:49:44.8817581Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8817610Z 
2026-06-10T22:49:44.8817704Z ### REQ-MSG-2
2026-06-10T22:49:44.8817958Z - Title: spt binary CLI surface: send/ring/ready(+--once)/list/stop/whoami, stable arg shapes + exit codes
2026-06-10T22:49:44.8818067Z - Required stages: impl, unit
2026-06-10T22:49:44.8818100Z 
2026-06-10T22:49:44.8818191Z ### REQ-MSG-3
2026-06-10T22:49:44.8818545Z - Title: Ready-agent lifecycle: register perch (info.json + listener + registry address) on ready, drain spooled backlog on startup, clean teardown
2026-06-10T22:49:44.8818658Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8818691Z 
2026-06-10T22:49:44.8818787Z ### REQ-MSG-4
2026-06-10T22:49:44.8819725Z - Title: Listener stream stdout emits EVENT envelope lines (sister-format, ADR-0001): parse the __REPLY_TO__ frame, pass pre-formed typed envelopes through verbatim (no double-wrap), compose <EVENT type="msg" from=…> otherwise, chunk oversized lines into EVENT-PART
2026-06-10T22:49:44.8819836Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8819874Z 
2026-06-10T22:49:44.8819974Z ### REQ-NODE-IDENTITY
2026-06-10T22:49:44.8820184Z - Title: Ed25519 identity primitive: keypair, detached sign/verify, stable pubkey<->hex
2026-06-10T22:49:44.8820288Z - Required stages: impl, unit
2026-06-10T22:49:44.8820322Z 
2026-06-10T22:49:44.8820407Z ### REQ-NET-1
2026-06-10T22:49:44.8820574Z - Title: WAN messaging first-class, behind default-on net feature flag
2026-06-10T22:49:44.8820689Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8820721Z 
2026-06-10T22:49:44.8820809Z ### REQ-NET-2
2026-06-10T22:49:44.8820979Z - Title: n0 relay default + self-host knob + plain-language disclosure
2026-06-10T22:49:44.8821075Z - Required stages: impl
2026-06-10T22:49:44.8821109Z 
2026-06-10T22:49:44.8821204Z ### REQ-NET-3
2026-06-10T22:49:44.8821369Z - Title: Cross-node Psyche sync over P2P replaces gh-repo-sync
2026-06-10T22:49:44.8821469Z - Required stages: impl, unit
2026-06-10T22:49:44.8821498Z 
2026-06-10T22:49:44.8821582Z ### REQ-PAIR-1
2026-06-10T22:49:44.8821686Z - Title: TOTP-seeded SPAKE2 pairing
2026-06-10T22:49:44.8821791Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8821830Z 
2026-06-10T22:49:44.8821920Z ### REQ-PAIR-2
2026-06-10T22:49:44.8822063Z - Title: Local trust store with TOFU + warn-on-change
2026-06-10T22:49:44.8822159Z - Required stages: 
2026-06-10T22:49:44.8822192Z 
2026-06-10T22:49:44.8822407Z ### REQ-PAIR-3
2026-06-10T22:49:44.8822559Z - Title: Fetch current pairing code from any paired node
2026-06-10T22:49:44.8822659Z - Required stages: impl, unit
2026-06-10T22:49:44.8822693Z 
2026-06-10T22:49:44.8822788Z ### REQ-PAIR-4
2026-06-10T22:49:44.8822903Z - Title: Subnet naming on first pairing
2026-06-10T22:49:44.8823002Z - Required stages: impl, unit
2026-06-10T22:49:44.8823037Z 
2026-06-10T22:49:44.8823136Z ### REQ-PAIR-5
2026-06-10T22:49:44.8823428Z - Title: Multi-subnet pairing: subnet-name discovery input, create-new-names-up-front, rendezvous-token hashing
2026-06-10T22:49:44.8823546Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8823574Z 
2026-06-10T22:49:44.8823667Z ### REQ-PAIR-6
2026-06-10T22:49:44.8823913Z - Title: Elevation-gated per-subnet code fetch (UAC/root or elevated agent; else authenticator app)
2026-06-10T22:49:44.8824024Z - Required stages: impl, unit
2026-06-10T22:49:44.8824058Z 
2026-06-10T22:49:44.8824146Z ### REQ-PAIR-7
2026-06-10T22:49:44.8824308Z - Title: Subnet icon (inline image metadata, GUI-only consumer)
2026-06-10T22:49:44.8824407Z - Required stages: 
2026-06-10T22:49:44.8824435Z 
2026-06-10T22:49:44.8824534Z ### REQ-SUBNET-1
2026-06-10T22:49:44.8824829Z - Title: spt subnet noun namespace: status view (bare + status [NAME] [--nodes]), create (QR/otpauth), show-code; spt pair deleted
2026-06-10T22:49:44.8825035Z - Required stages: impl, unit
2026-06-10T22:49:44.8825074Z 
2026-06-10T22:49:44.8825168Z ### REQ-SUBNET-2
2026-06-10T22:49:44.8825383Z - Title: Guided join e2e: spt subnet join CLI initiator + always-on daemon pairing responder
2026-06-10T22:49:44.8825492Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8825526Z 
2026-06-10T22:49:44.8825622Z ### REQ-SUBNET-3
2026-06-10T22:49:44.8825879Z - Title: Node labels: hostname-default, gossiped, addressable in @node qualifiers (refuse-on-ambiguity)
2026-06-10T22:49:44.8825985Z - Required stages: impl, unit
2026-06-10T22:49:44.8826017Z 
2026-06-10T22:49:44.8826108Z ### REQ-SUBNET-4
2026-06-10T22:49:44.8826384Z - Title: Subnet membership mutations elevation-gated (create = seed reveal; join = trust-boundary enrollment)
2026-06-10T22:49:44.8826490Z - Required stages: impl, unit
2026-06-10T22:49:44.8826519Z 
2026-06-10T22:49:44.8826615Z ### REQ-DOCS-6
2026-06-10T22:49:44.8826922Z - Title: spt how-to <topic>: in-binary task-oriented agent instructions (anti-drift; quickstart prompts point agents at it)
2026-06-10T22:49:44.8827025Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8827058Z 
2026-06-10T22:49:44.8827158Z ### REQ-SEC-1
2026-06-10T22:49:44.8827516Z - Title: Per-endpoint access whitelist: origin-node gate, stateful-firewall (reply/outbound exempt), node-now/user-later, outer gate before grants
2026-06-10T22:49:44.8827616Z - Required stages: impl, unit
2026-06-10T22:49:44.8827650Z 
2026-06-10T22:49:44.8827745Z ### REQ-NOTIF-1
2026-06-10T22:49:44.8828069Z - Title: Notification primitive: per-subnet replicated spool, seen/dismissed, resurface-at-boundary, subsumes update+consent prompts
2026-06-10T22:49:44.8828180Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8828213Z 
2026-06-10T22:49:44.8828308Z ### REQ-NOTIF-2
2026-06-10T22:49:44.8828551Z - Title: spt notify (agent-issued subnet notif) + notif_command manifest seam (harness + shell adapters)
2026-06-10T22:49:44.8828670Z - Required stages: doc, impl, unit, int
2026-06-10T22:49:44.8828703Z 
2026-06-10T22:49:44.8828800Z ### REQ-UPD-1
2026-06-10T22:49:44.8828918Z - Title: Peer-propagated update over P2P
2026-06-10T22:49:44.8829139Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8829172Z 
2026-06-10T22:49:44.8829261Z ### REQ-UPD-2
2026-06-10T22:49:44.8829406Z - Title: All binaries signature-verified before handoff
2026-06-10T22:49:44.8829510Z - Required stages: impl, unit
2026-06-10T22:49:44.8829542Z 
2026-06-10T22:49:44.8829632Z ### REQ-UPD-3
2026-06-10T22:49:44.8829795Z - Title: No endpoint process terminates/suspends during self-update
2026-06-10T22:49:44.8829899Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8830037Z 
2026-06-10T22:49:44.8830138Z ### REQ-UPD-4
2026-06-10T22:49:44.8830309Z - Title: Update gated on user confirmation by default; opt-in full-auto
2026-06-10T22:49:44.8830420Z - Required stages: impl, unit
2026-06-10T22:49:44.8830453Z 
2026-06-10T22:49:44.8830553Z ### REQ-UPD-5
2026-06-10T22:49:44.8830691Z - Title: spt-core ripple-updates registered adapters
2026-06-10T22:49:44.8830796Z - Required stages: impl, unit
2026-06-10T22:49:44.8830829Z 
2026-06-10T22:49:44.8830924Z ### REQ-UPD-6
2026-06-10T22:49:44.8831689Z - Title: Platform-targeted update sets and debug rollout: signed multi-platform update metadata, recipient platform selection, channel-scoped monotonic counters, debug-channel opt-in via release-key overlay, local staging plus pull-based peer propagation, and maintainer-only convergence tooling (ADR-0016)
2026-06-10T22:49:44.8831806Z - Required stages: doc, impl, unit, int
2026-06-10T22:49:44.8831835Z 
2026-06-10T22:49:44.8831925Z ### REQ-UPD-7
2026-06-10T22:49:44.8833843Z - Title: Origin-source update bootstrap (`spt update fetch`): pull the latest signed release directly from the GitHub release origin (`SaberMage/spt-releases`) — the per-platform artifact + its `<asset>.release.json` SignedRelease metadata — and stage it through the EXISTING verify→stage pipeline (the same `plan_verified` gate: two-key signature + channel + monotonic rollback floor + SHA-256), after which the normal consent-notif / `spt update apply` flow is unchanged. Closes the peer-only-discovery gap (REQ-UPD-1): a first-in-fleet / isolated node can update with no peer to pull from. The signed-release anchor keeps the GitHub transport untrusted-but-verified.
2026-06-10T22:49:44.8834058Z - Required stages: impl, unit
2026-06-10T22:49:44.8834092Z 
2026-06-10T22:49:44.8834183Z ### REQ-UPD-8
2026-06-10T22:49:44.8836521Z - Title: Platform-safe `spt update fetch` + apply platform-guard (v0.3.1 cross-OS brick fix): `spt update fetch` stages the signed multi-platform `SignedUpdateSet` (`update-set.json` + every platform artifact it names), never a platform-blind single `SignedRelease`, so local apply selects `current_platform()` and P2P re-serve lets each peer select ITS own platform. Defense-in-depth: `apply_staged` REFUSES a staged single-release artifact unless it is platform-stamped for THIS node (an unstamped pre-v0.3.2 single, or a single stamped for another OS, fail-safe refuses — the guard that alone prevents the v0.3.1 brick where a Linux ELF was applied as `spt.exe`). UX: a friendly post-apply message (`Updated spt-core to vX.Y.Z.` + changelog URL) driven by an additive `product_version` metadata field, with a release-counter fallback when absent.
2026-06-10T22:49:44.8836639Z - Required stages: impl, unit
2026-06-10T22:49:44.8836673Z 
2026-06-10T22:49:44.8836764Z ### REQ-TERM-1
2026-06-10T22:49:44.8836930Z - Title: Process-supervisor terminal wrapper hosting broker PTYs
2026-06-10T22:49:44.8837035Z - Required stages: impl, unit
2026-06-10T22:49:44.8837064Z 
2026-06-10T22:49:44.8837156Z ### REQ-TERM-2
2026-06-10T22:49:44.8837340Z - Title: session-surface abstraction; send-keys + send-line injection
2026-06-10T22:49:44.8837430Z - Required stages: impl, unit
2026-06-10T22:49:44.8837454Z 
2026-06-10T22:49:44.8837544Z ### REQ-TERM-3
2026-06-10T22:49:44.8837675Z - Title: Byte-stream remote terminal streaming for v1
2026-06-10T22:49:44.8837771Z - Required stages: impl, unit
2026-06-10T22:49:44.8837805Z 
2026-06-10T22:49:44.8837896Z ### REQ-TERM-4
2026-06-10T22:49:44.8838215Z - Title: Live activity buffer (PTY digest): adapter-supplied patterns over broker PTY, spt digest pull + delta-stream, opt-in Path-B log
2026-06-10T22:49:44.8838329Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8838362Z 
2026-06-10T22:49:44.8838463Z ### REQ-FRONT-1
2026-06-10T22:49:44.8838619Z - Title: Day-one launcher/manager frontend (list/launch/attach/init)
2026-06-10T22:49:44.8838706Z - Required stages: 
2026-06-10T22:49:44.8838735Z 
2026-06-10T22:49:44.8838824Z ### REQ-INSTALL-1
2026-06-10T22:49:44.8839112Z - Title: Two install paths; signed one-line script; OS-service registration
2026-06-10T22:49:44.8839331Z - Required stages: doc, impl, int
2026-06-10T22:49:44.8839374Z 
2026-06-10T22:49:44.8839468Z ### REQ-INSTALL-2
2026-06-10T22:49:44.8839607Z - Title: Marketplace-repackaging-friendly install
2026-06-10T22:49:44.8839708Z - Required stages: doc
2026-06-10T22:49:44.8839741Z 
2026-06-10T22:49:44.8839840Z ### REQ-INSTALL-3
2026-06-10T22:49:44.8839971Z - Title: Idempotent + interactive-optional first run
2026-06-10T22:49:44.8840080Z - Required stages: impl, int
2026-06-10T22:49:44.8840112Z 
2026-06-10T22:49:44.8840207Z ### REQ-INSTALL-4
2026-06-10T22:49:44.8840793Z - Title: Adapter registration lifecycle: spt adapter add (--github, manifest-first, install-is-first-update) + soft-deregister remove + optional manifest uninstall template; node-local registered-adapter set self-update ripples over
2026-06-10T22:49:44.8840907Z - Required stages: impl, unit
2026-06-10T22:49:44.8840936Z 
2026-06-10T22:49:44.8841027Z ### REQ-MIGRATE-1
2026-06-10T22:49:44.8841198Z - Title: Auto-detect and migrate a legacy claude_skill_owl install
2026-06-10T22:49:44.8841295Z - Required stages: 
2026-06-10T22:49:44.8841328Z 
2026-06-10T22:49:44.8841418Z ### REQ-INFRA-1
2026-06-10T22:49:44.8841590Z - Title: GitHub issue tracking for v1; tangled.org as migration target
2026-06-10T22:49:44.8841939Z - Required stages: 
2026-06-10T22:49:44.8841972Z 
2026-06-10T22:49:44.8842075Z ### REQ-INSTALL-5
2026-06-10T22:49:44.8842518Z - Title: Non-interactive install path: the canonical one-liner doubles as every adapter's pack-in on-demand install (no second mechanism); sha256-verified fetch; user-PATH registration
2026-06-10T22:49:44.8842623Z - Required stages: impl, int
2026-06-10T22:49:44.8842655Z 
2026-06-10T22:49:44.8842754Z ### REQ-REL-1
2026-06-10T22:49:44.8843102Z - Title: spt-releases publish-target repo: README public face, licensing split, Pages docs at the permanent lapse-proof canonical URL (ADR-0014)
2026-06-10T22:49:44.8843212Z - Required stages: doc, impl
2026-06-10T22:49:44.8843251Z 
2026-06-10T22:49:44.8843350Z ### REQ-REL-2
2026-06-10T22:49:44.8843789Z - Title: Release asset set consumable by the self-updater: platform binaries, SHA256SUMS, SignedRelease metadata, manifest schema, mock-adapter zip; tag-triggered cross-repo pipeline
2026-06-10T22:49:44.8843908Z - Required stages: impl, int
2026-06-10T22:49:44.8843942Z 
2026-06-10T22:49:44.8844037Z ### REQ-REL-3
2026-06-10T22:49:44.8844433Z - Title: Two-key release-signing trust anchor: primary + offline never-used recovery, both pubkeys embedded in the binary's trusted set, manual local signing (ADR-0015)
2026-06-10T22:49:44.8844548Z - Required stages: impl, unit
2026-06-10T22:49:44.8844580Z 
2026-06-10T22:49:44.8844671Z ### REQ-DOCS-1
2026-06-10T22:49:44.8844863Z - Title: Dual-audience docs (human + AI dev-agent), markdown once / two depths
2026-06-10T22:49:44.8844966Z - Required stages: doc, impl
2026-06-10T22:49:44.8845005Z 
2026-06-10T22:49:44.8845101Z ### REQ-DOCS-2
2026-06-10T22:49:44.8845252Z - Title: Sub-10-minute runnable killer quickstart per audience
2026-06-10T22:49:44.8845361Z - Required stages: doc, int
2026-06-10T22:49:44.8845395Z 
2026-06-10T22:49:44.8845490Z ### REQ-DOCS-3
2026-06-10T22:49:44.8845673Z - Title: Diátaxis structure; one canonical way to do X
2026-06-10T22:49:44.8845779Z - Required stages: doc
2026-06-10T22:49:44.8845818Z 
2026-06-10T22:49:44.8845917Z ### REQ-DOCS-4
2026-06-10T22:49:44.8846137Z - Title: Agent-consumable layer (llms.txt, manifest schema, MCP, CLI help)
2026-06-10T22:49:44.8846246Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8846275Z 
2026-06-10T22:49:44.8846365Z ### REQ-DOCS-5
2026-06-10T22:49:44.8846547Z - Title: Anti-drift: rustdoc/schema/exports/CLI-help generated + CI-checked
2026-06-10T22:49:44.8846646Z - Required stages: impl, int
2026-06-10T22:49:44.8846671Z 
2026-06-10T22:49:44.8846776Z ### REQ-HAZARD-GRACE-BEFORE-SIGNOFF
2026-06-10T22:49:44.8846956Z - Title: Grace-period wait completes before composing INIT_SIGNOFF (1.1)
2026-06-10T22:49:44.8847057Z - Required stages: impl, unit
2026-06-10T22:49:44.8847157Z 
2026-06-10T22:49:44.8847271Z ### REQ-HAZARD-INFO-JSON-TORN-READ
2026-06-10T22:49:44.8847434Z - Title: State-file reads tolerate concurrent writes (1.2)
2026-06-10T22:49:44.8847558Z - Required stages: impl, unit
2026-06-10T22:49:44.8847620Z 
2026-06-10T22:49:44.8847730Z ### REQ-HAZARD-STALE-INDEX-LOCK
2026-06-10T22:49:44.8847852Z - Title: Sweep stale lockfiles on daemon boot (1.3)
2026-06-10T22:49:44.8847956Z - Required stages: impl, unit
2026-06-10T22:49:44.8847990Z 
2026-06-10T22:49:44.8848099Z ### REQ-HAZARD-DEFERRED-DRAIN
2026-06-10T22:49:44.8848264Z - Title: Deferred spool rows excluded from the event-stream drain (1.4)
2026-06-10T22:49:44.8848375Z - Required stages: impl, unit
2026-06-10T22:49:44.8848408Z 
2026-06-10T22:49:44.8848516Z ### REQ-HAZARD-WORKER-PATH
2026-06-10T22:49:44.8848690Z - Title: Single source of truth for Worker/Psyche perch location (1.5)
2026-06-10T22:49:44.8848799Z - Required stages: impl, unit
2026-06-10T22:49:44.8848831Z 
2026-06-10T22:49:44.8849051Z ### REQ-HAZARD-PARENT-PID-PREFER
2026-06-10T22:49:44.8849232Z - Title: Prefer stable parent PID / broker handle over ephemeral PID (2.1)
2026-06-10T22:49:44.8849333Z - Required stages: 
2026-06-10T22:49:44.8849362Z 
2026-06-10T22:49:44.8849475Z ### REQ-HAZARD-STDIN-SESSION-ID
2026-06-10T22:49:44.8849723Z - Title: Stdin session_id precedence over env (2.2)
2026-06-10T22:49:44.8849823Z - Required stages: 
2026-06-10T22:49:44.8849857Z 
2026-06-10T22:49:44.8849968Z ### REQ-HAZARD-HANDOFF-ARGV-COMPAT
2026-06-10T22:49:44.8850124Z - Title: Broker/brain IPC + handoff argv version-tolerant (2.3)
2026-06-10T22:49:44.8850230Z - Required stages: impl, unit
2026-06-10T22:49:44.8850264Z 
2026-06-10T22:49:44.8850367Z ### REQ-HAZARD-GEN-START-NOW
2026-06-10T22:49:44.8850511Z - Title: gen_start = now() on cold-start and handoff (2.4)
2026-06-10T22:49:44.8850617Z - Required stages: impl, int
2026-06-10T22:49:44.8850649Z 
2026-06-10T22:49:44.8850757Z ### REQ-HAZARD-EPHEMERAL-CLEANUP
2026-06-10T22:49:44.8850915Z - Title: Ephemeral perch cleanup on every ring exit path (3.1)
2026-06-10T22:49:44.8851020Z - Required stages: impl, unit
2026-06-10T22:49:44.8851053Z 
2026-06-10T22:49:44.8851172Z ### REQ-HAZARD-STALE-SIGNOFF-SENTINEL
2026-06-10T22:49:44.8851335Z - Title: Stale signoff sentinel does not kill a fresh start (3.2)
2026-06-10T22:49:44.8851439Z - Required stages: impl, unit
2026-06-10T22:49:44.8851472Z 
2026-06-10T22:49:44.8851583Z ### REQ-HAZARD-ECHO-BEFORE-SIGNOFF
2026-06-10T22:49:44.8851758Z - Title: Echo-commune fires before INIT_SIGNOFF on orphan teardown (3.3)
2026-06-10T22:49:44.8851864Z - Required stages: impl, unit
2026-06-10T22:49:44.8851898Z 
2026-06-10T22:49:44.8852011Z ### REQ-HAZARD-ENVELOPE-DECODE-ORDER
2026-06-10T22:49:44.8852160Z - Title: Envelope decode order, ampersand decoded last (4.1)
2026-06-10T22:49:44.8852264Z - Required stages: impl, unit
2026-06-10T22:49:44.8852297Z 
2026-06-10T22:49:44.8852407Z ### REQ-HAZARD-ENVELOPE-CR-LINESAFE
2026-06-10T22:49:44.8854112Z - Title: Envelope CR-linesafety (4.1): the line-framed EVENT codec must neutralize raw carriage returns — `event_body_escape` folds CRLF/lone-CR to the codec's representable linebreak (`\n`→`<br>`) BEFORE framing, so a body carrying `\r` (Windows `echo`/CRLF text crossing nodes) cannot survive into the single-line envelope and trigger a receiver terminal CR→col0 overwrite that corrupts the frame. Robustness on unrepresentable input, NOT a wire-format change (decoder untouched, amp-last invariant held). Belt-and-suspenders: `spt send`/`ring` also trim stdin (parity with `notify`).
2026-06-10T22:49:44.8854234Z - Required stages: impl, unit
2026-06-10T22:49:44.8854263Z 
2026-06-10T22:49:44.8854373Z ### REQ-HAZARD-ENVELOPE-PARSER-SAFE
2026-06-10T22:49:44.8854545Z - Title: Two-slice envelope parser is panic-free and tolerant (4.2)
2026-06-10T22:49:44.8854659Z - Required stages: impl, unit
2026-06-10T22:49:44.8854693Z 
2026-06-10T22:49:44.8854797Z ### REQ-HAZARD-EVENTPART-REASSEMBLY
2026-06-10T22:49:44.8855008Z - Title: EVENT-PART split/reassembly is byte-exact; orphan parts dropped silently
2026-06-10T22:49:44.8855212Z - Required stages: impl, unit
2026-06-10T22:49:44.8855245Z 
2026-06-10T22:49:44.8855361Z ### REQ-HAZARD-ID-CHARSET
2026-06-10T22:49:44.8855598Z - Title: Addressable-id charset reserves :/@ delimiters; validated at every creation seam (4.6)
2026-06-10T22:49:44.8855710Z - Required stages: impl, unit
2026-06-10T22:49:44.8855742Z 
2026-06-10T22:49:44.8855860Z ### REQ-HAZARD-REGISTRY-STALE-CLEAN
2026-06-10T22:49:44.8856036Z - Title: Stale registry entries degrade to fallback, never hard-fail (4.3)
2026-06-10T22:49:44.8856143Z - Required stages: impl, unit
2026-06-10T22:49:44.8856177Z 
2026-06-10T22:49:44.8856286Z ### REQ-HAZARD-REGISTRY-CONCURRENT
2026-06-10T22:49:44.8856520Z - Title: Concurrent SQLite openers (registry/spool) must not fail with 'database is locked' (4.7)
2026-06-10T22:49:44.8856630Z - Required stages: impl, unit
2026-06-10T22:49:44.8856664Z 
2026-06-10T22:49:44.8856769Z ### REQ-HAZARD-REGISTRY-DIR-CREATE
2026-06-10T22:49:44.8857135Z - Title: SQLite store opens create their parent dir themselves — a fresh-home registry op must not SQLITE_CANTOPEN (4.9)
2026-06-10T22:49:44.8857254Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8857289Z 
2026-06-10T22:49:44.8857398Z ### REQ-HAZARD-REGISTRY-EPOCH-LEASE
2026-06-10T22:49:44.8857899Z - Title: Registry merge ordered by per-node monotonic epoch, never wall-clock — a stale Active can't clobber a newer Offline (4.8, red-team #8)
2026-06-10T22:49:44.8858004Z - Required stages: impl, unit
2026-06-10T22:49:44.8858046Z 
2026-06-10T22:49:44.8858160Z ### REQ-HAZARD-DEFERRED-SURVIVE-DRAIN
2026-06-10T22:49:44.8858290Z - Title: Deferred rows survive poll drain (4.4)
2026-06-10T22:49:44.8858394Z - Required stages: impl, unit
2026-06-10T22:49:44.8858417Z 
2026-06-10T22:49:44.8858512Z ### REQ-HAZARD-INBOX-NO-DOUBLE
2026-06-10T22:49:44.8858645Z - Title: No double-delivery via legacy inbox (4.5)
2026-06-10T22:49:44.8858743Z - Required stages: impl, unit
2026-06-10T22:49:44.8858781Z 
2026-06-10T22:49:44.8858892Z ### REQ-HAZARD-WINDOWS-PID-RECYCLE
2026-06-10T22:49:44.8859144Z - Title: Windows PID-recycling false positives guarded (5.1)
2026-06-10T22:49:44.8859259Z - Required stages: impl, unit
2026-06-10T22:49:44.8859283Z 
2026-06-10T22:49:44.8859387Z ### REQ-HAZARD-EBUSY-RENAME
2026-06-10T22:49:44.8859555Z - Title: tmp-write + atomic-rename + retry on Windows EBUSY (5.2)
2026-06-10T22:49:44.8859664Z - Required stages: impl, unit
2026-06-10T22:49:44.8859693Z 
2026-06-10T22:49:44.8859797Z ### REQ-HAZARD-SUBPROCESS-TIMEOUT
2026-06-10T22:49:44.8859941Z - Title: Every harness/git subprocess has a timeout (5.3)
2026-06-10T22:49:44.8860040Z - Required stages: impl, unit
2026-06-10T22:49:44.8860069Z 
2026-06-10T22:49:44.8860175Z ### REQ-HAZARD-UNC-PATH-STRIP
2026-06-10T22:49:44.8860327Z - Title: Strip Windows UNC prefix on serialized paths (5.4)
2026-06-10T22:49:44.8860432Z - Required stages: impl, unit
2026-06-10T22:49:44.8860461Z 
2026-06-10T22:49:44.8860570Z ### REQ-HAZARD-SINGLE-PATH-SOURCE
2026-06-10T22:49:44.8860742Z - Title: Single path/registry source of truth; no layout ambiguity (6.1)
2026-06-10T22:49:44.8860852Z - Required stages: impl, unit
2026-06-10T22:49:44.8860885Z 
2026-06-10T22:49:44.8860994Z ### REQ-HAZARD-SOFT-CLEANUP
2026-06-10T22:49:44.8861181Z - Title: Soft-cleanup preserves state, removes only the ready marker (6.2)
2026-06-10T22:49:44.8861293Z - Required stages: impl, unit
2026-06-10T22:49:44.8861327Z 
2026-06-10T22:49:44.8861432Z ### REQ-HAZARD-CASCADE-WIPE-GUARD
2026-06-10T22:49:44.8861604Z - Title: No hard-delete of a parent hosting non-empty children (6.3)
2026-06-10T22:49:44.8861712Z - Required stages: impl, unit
2026-06-10T22:49:44.8861747Z 
2026-06-10T22:49:44.8861861Z ### REQ-HAZARD-DROP-FILE-SINGLE-WRITER
2026-06-10T22:49:44.8862008Z - Title: Drop files are daemon-owned single-writer (6.4)
2026-06-10T22:49:44.8862110Z - Required stages: impl, unit
2026-06-10T22:49:44.8862143Z 
2026-06-10T22:49:44.8862261Z ### REQ-HAZARD-DIRECT-WRITE-PRECEDENCE
2026-06-10T22:49:44.8862477Z - Title: Direct-write precedence marker (with node id) guards stale overwrite (6.5)
2026-06-10T22:49:44.8862691Z - Required stages: impl, unit
2026-06-10T22:49:44.8862720Z 
2026-06-10T22:49:44.8862838Z ### REQ-HAZARD-CONFLICT-BOTH-PRESERVED
2026-06-10T22:49:44.8863354Z - Title: A surfaced concurrent context pair is durably preserved (both versions, tracked artifacts) until a strictly dominating write clears it; no reconcile failure path discards an unmerged version (6.6, ADR-0013)
2026-06-10T22:49:44.8863468Z - Required stages: impl, unit
2026-06-10T22:49:44.8863500Z 
2026-06-10T22:49:44.8863619Z ### REQ-HAZARD-DETACHED-PIPE-INHERIT
2026-06-10T22:49:44.8864719Z - Title: Windows detached long-lived children must not inherit a captured caller's pipe: every detach-spawn of an immortal child (daemon, shell binary) runs bInheritHandles=FALSE, or a caller capturing output anywhere up the process chain hangs forever on a pipe that never EOFs — std-handle flag stripping is NOT sufficient (grandparent strays still flow) (5.6)
2026-06-10T22:49:44.8864837Z - Required stages: impl, unit
2026-06-10T22:49:44.8864866Z 
2026-06-10T22:49:44.8864972Z ### REQ-HAZARD-CONPTY-DSR
2026-06-10T22:49:44.8865171Z - Title: ConPTY reader must auto-answer DSR (ESC[6n) or all child output stalls (5.5)
2026-06-10T22:49:44.8865381Z - Required stages: impl, unit
2026-06-10T22:49:44.8865415Z 
2026-06-10T22:49:44.8865520Z ### REQ-HAZARD-CHILD-CONSOLE-FLASH
2026-06-10T22:49:44.8865916Z - Title: Console-subsystem children of the console-less daemon spawn with CREATE_NO_WINDOW, or each spawn flashes a visible blank window on the user's desktop (5.8)
2026-06-10T22:49:44.8866025Z - Required stages: impl, unit
2026-06-10T22:49:44.8866058Z 
2026-06-10T22:49:44.8866168Z ### REQ-HAZARD-INSTANT-UNDERFLOW
2026-06-10T22:49:44.8866703Z - Title: Scheduling never subtracts a Duration from Instant::now() (underflow-panics on a host booted more recently than the offset); 'due now / never run' is Option<Instant>=None gated on forward duration_since only (5.9)
2026-06-10T22:49:44.8866812Z - Required stages: impl, unit
2026-06-10T22:49:44.8866847Z 
2026-06-10T22:49:44.8866962Z ### REQ-HAZARD-SUDO-SECURE-PATH
2026-06-10T22:49:44.8867771Z - Title: Elevation guidance on Unix names the binary's ABSOLUTE path under sudo (a user-local install ~/.local/bin · ~/.cargo/bin is not on sudo's secure_path, so bare `sudo spt` dies 'command not found'); gated commands auto-elevate on an interactive TTY, else print the runnable hint (5.10)
2026-06-10T22:49:44.8867887Z - Required stages: impl, unit
2026-06-10T22:49:44.8867920Z 
2026-06-10T22:49:44.8868029Z ### REQ-HAZARD-LOCAL-API-AUTH
2026-06-10T22:49:44.8868225Z - Title: Every local `api` mutation authenticated to an endpoint/session (codex #13)
2026-06-10T22:49:44.8868334Z - Required stages: impl, unit
2026-06-10T22:49:44.8868368Z 
2026-06-10T22:49:44.8868483Z ### REQ-HAZARD-RESTART-IDEMPOTENT
2026-06-10T22:49:44.8868725Z - Title: Idempotent/exactly-once delivery across brain restart at every broker boundary (codex #14)
2026-06-10T22:49:44.8868841Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8868874Z 
2026-06-10T22:49:44.8869105Z ### REQ-HAZARD-UPDATE-ROLLBACK
2026-06-10T22:49:44.8869341Z - Title: Self-update rejects version rollback; metadata expiry + adapter content signing (codex #5)
2026-06-10T22:49:44.8869457Z - Required stages: impl, unit
2026-06-10T22:49:44.8869490Z 
2026-06-10T22:49:44.8869604Z ### REQ-HAZARD-DAEMON-HOSTED-LIVENESS
2026-06-10T22:49:44.8869994Z - Title: Daemon-hosted perches (Psyche, spt-hosted Self) derive liveness from the daemon endpoint table + info.json status, never is_process_alive(info.pid) (2.5)
2026-06-10T22:49:44.8870101Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8870129Z 
2026-06-10T22:49:44.8870239Z ### REQ-HAZARD-BROKER-PROCESS-ISOLATION
2026-06-10T22:49:44.8872717Z - Title: Broker and brain are separate processes: the broker runs as its own long-lived per-machine process that survives every brain restart, so a routine (brain-only) self-update restarts the brain onto the swapped binary while every hosted endpoint (PTY child, live QUIC conn, listening socket) stays untouched at the PROCESS level. The in-process-thread broker (daemon.rs:165-170) is a regression that silently unrealizes REQ-UPD-3 — apply degrades to an in-process Brain::handoff no-op and new code does not run until an unrelated restart (KNOWN-HAZARDS 6.7). Evidence must prove process-level survival (SPIKE-01/03 productionized as int: PTY child + live QUIC survive a brain-PROCESS restart onto a swapped binary), re-pointing the regression-masked in-process int tags currently on REQ-DAEMON-2 / REQ-UPD-3 (ADR-0018).
2026-06-10T22:49:44.8872975Z - Required stages: doc, impl, unit, int
2026-06-10T22:49:44.8873013Z 
2026-06-10T22:49:44.8873127Z ### REQ-HAZARD-ROLLBACK-STATE-COMPAT
2026-06-10T22:49:44.8874716Z - Title: A brain must not irreversibly migrate durable state before update ready-promotion: the readiness-gated auto-rollback (ADR-0018 Q7) spawns the N-1 binary against durable state the new brain may have written, so every pre-ready write must stay N-1-readable (schema migrations gated behind ready-promotion, or written N-1-tolerant/additive). Else the first in-place schema migration silently bricks rollback (KNOWN-HAZARDS 6.8). Free now — a 2026-06-09 audit confirmed zero state-migration code exists; unmintable retroactively once a migration ships.
2026-06-10T22:49:44.8874941Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8874974Z 
2026-06-10T22:49:44.8875083Z ### REQ-HAZARD-PSYCHE-OUTBOUND-PROXY
2026-06-10T22:49:44.8875828Z - Title: Psyche outbound captured + sanitized: the live-Psyche turn driver captures stdout (never Stdio::null), and the daemon strips/re-stamps Psyche-supplied from=/target and constrains routing (reply→__REPLY_TO__ sender, notify→own user/subnet) (7.3)
2026-06-10T22:49:44.8875941Z - Required stages: impl, unit
2026-06-10T22:49:44.8875975Z 
2026-06-10T22:49:44.8876094Z ### REQ-HAZARD-DAEMON-SCHED-NONBLOCKING
2026-06-10T22:49:44.8876695Z - Title: Per-agent pulse/psyche/echo-commune scheduling must not serialize across agents: each agent's bounded LLM call (echo-commune summarizer, Psyche turn) runs off the shared scheduler so one slow/hung call cannot stall another agent's tick (7.4)
2026-06-10T22:49:44.8876806Z - Required stages: impl, unit
2026-06-10T22:49:44.8876849Z 
2026-06-10T22:49:44.8876961Z ### REQ-HAZARD-PAIR-TRANSCRIPT-BIND
2026-06-10T22:49:44.8877579Z - Title: Pairing transcript binds roles, both node pubkeys, subnet ID, seed epoch, TOTP time-step, and confirmation MACs — or unknown-key-share/reflection/wrong-subnet/replay pairing remain possible (ADR-0005 #12)
2026-06-10T22:49:44.8877687Z - Required stages: impl, unit
2026-06-10T22:49:44.8877721Z 
2026-06-10T22:49:44.8877832Z ### REQ-HAZARD-PAIR-SEED-ROTATION
2026-06-10T22:49:44.8878336Z - Title: Removing a node rotates the subnet seed (epoch bump) so an old node/old seed cannot rejoin; trust-store delete alone is NOT revocation because the seed is replicated to every trusted node (ADR-0005 #10)
2026-06-10T22:49:44.8878442Z - Required stages: impl, unit
2026-06-10T22:49:44.8878480Z 
2026-06-10T22:49:44.8878594Z ### REQ-HAZARD-PAIR-RATE-LIMIT
2026-06-10T22:49:44.8879542Z - Title: Subnet-global pairing rate limit: one active ceremony per subnet, shared attempt counter, exponential backoff — a public pre-trust relay + multiple seed-holders otherwise enables distributed SPAKE2 guessing (and ±1 TOTP window triples the valid-password space) (ADR-0005 #11)
2026-06-10T22:49:44.8879665Z - Required stages: impl, unit
2026-06-10T22:49:44.8879699Z 
2026-06-10T22:49:44.8879816Z ### REQ-HAZARD-WAN-ORIGIN-AUTH
2026-06-10T22:49:44.8880559Z - Title: WAN-inbound origin is transport truth, never payload: the access gate's subject (ADR-0009 origin-node whitelist) is the QUIC handshake-proven remote node id from the broker's conn/stream table — a forged origin/node field inside record bytes is inert (7.5)
2026-06-10T22:49:44.8880670Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8880703Z 
2026-06-10T22:49:44.8880799Z ### REQ-CONSENT-1
2026-06-10T22:49:44.8881742Z - Title: Consent grant store: capability x subject-agent x target-node rows, enforced at the target node, subnet-settable (replicates as security material near the trust store), revocable; gated-capability ids (remote-exec, instantiate-anywhere) reserved-but-refusing; v1 consumers are the shell spawn gates (CONTEXT Consent & security gates)
2026-06-10T22:49:44.8881867Z - Required stages: impl, unit
2026-06-10T22:49:44.8881896Z 
2026-06-10T22:49:44.8881996Z ### REQ-CONSENT-2
2026-06-10T22:49:44.8882757Z - Title: Interactive consent escalation: an ungated high-risk action routes a consent prompt to the user's most-recently-active session; allow-once / allow-always (writes a grant) / deny; pre-consent flags (can_shutdown, shell_wake_spawn_anywhere) author grants via manifest/settings (CONTEXT Consent & security gates)
2026-06-10T22:49:44.8882867Z - Required stages: impl, unit
2026-06-10T22:49:44.8882901Z 
2026-06-10T22:49:44.8882996Z ### REQ-PRES-1
2026-06-10T22:49:44.8884311Z - Title: Presence resolution: the presence datum (last_active_node, last_active_endpoint, ts) gossiped subnet-wide via the agent-interaction heartbeat (rides registry distribution, visibility-gated) + one first-class most-recently-active resolution API consumed by notif first-fire, update-consent delivery, consent escalation, and shell wake resolution (M5 scope decision 1: resolution only — the PresenceChannel endpoint stays deferred)
2026-06-10T22:49:44.8884532Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8884565Z 
2026-06-10T22:49:44.8884658Z ### REQ-SHELL-1
2026-06-10T22:49:44.8885467Z - Title: Shell hosting machinery: shell perch under the owner (type/owner/adapter_name/status/alias), broker-launched binary + api bind local-link handshake, the three channels (command durable, text+file durable + progress-queryable, sensory REST-only never spooled + dropped-unless-owner-live), owner exclusivity (CONTEXT Shell model)
2026-06-10T22:49:44.8885572Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8885610Z 
2026-06-10T22:49:44.8885710Z ### REQ-SHELL-2
2026-06-10T22:49:44.8887075Z - Title: Shell sleep/wake: link-break always closes the binary (pre-close instruction + termination timeout), ephemeral teardown vs persistent offline/relink, wake_command wake-watcher (offline-only, exit-opcode supervision, exponential backoff + give-up), state-keyed wake resolution (dormant/suspended/active-elsewhere; no-reachable refuses — spawn-anywhere branch deferred), spt shutdown owner cascade + api owner-shutdown gated by can_shutdown (CONTEXT Shell sleep/wake)
2026-06-10T22:49:44.8887192Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8887227Z 
2026-06-10T22:49:44.8887337Z ### REQ-HAZARD-ELEVATED-DAEMON-SPAWN
2026-06-10T22:49:44.8888534Z - Title: The daemon always runs unelevated in the invoking user's universe, regardless of which command spawns it: an elevated spawner de-elevates (Windows: UAC linked token via CreateProcessWithTokenW; Linux: drop to SUDO_UID/SUDO_GID + the invoker's HOME) — an elevated daemon's pipes deny unelevated clients (every later spt reads not-running→spawn→bind Access-denied) and a sudo'd daemon roots the user's state universe (5.7)
2026-06-10T22:49:44.8888650Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8888688Z 
2026-06-10T22:49:44.8888792Z ### REQ-HAZARD-REGISTRY-GHOST-ROWS
2026-06-10T22:49:44.8890126Z - Title: A dead node identity's registry rows must decay: only the per-(endpoint,node) epoch lease supersedes rows, so without eviction a vanished node's rows are immortal and poison bare-id resolution with phantom AcrossNodes ambiguity — evict rows whose author node has not been heard (admitted inbound feed) within the eviction window; own rows never decay; a revived node re-inserts from its durable epoch within one pump cadence (4.10)
2026-06-10T22:49:44.8890245Z - Required stages: doc, impl, unit
2026-06-10T22:49:44.8890279Z 
2026-06-10T22:49:44.8890367Z ### REQ-CLI-1
2026-06-10T22:49:44.8891349Z - Title: spt endpoint noun namespace: absorbs fork/suspend/wake/shutdown/rename/stop/digest + access (ported 1:1: allow|revoke|open|list, decision 21) + description (ex-resources blurb; bare=show, set=author); merged endpoint list [--local|--subnet <name>] grouped by subnet with SELF pinned, --detail adding the ex-resources yellow-pages blurb projection; bare spt endpoint = the list (M8 decisions 1-2, 25)
2026-06-10T22:49:44.8891560Z - Required stages: impl, unit
2026-06-10T22:49:44.8891592Z 
2026-06-10T22:49:44.8891678Z ### REQ-CLI-2
2026-06-10T22:49:44.8892322Z - Title: spt daemon noun: run|stop|status (hidden daemon verb becomes daemon run; agent-endpoint shutdown keeps its name under endpoint); daemon status renders the pump heartbeat (last-tick recency) so a half-dead daemon is never rendered implied-healthy (M8 decisions 5, 23)
2026-06-10T22:49:44.8892422Z - Required stages: impl, unit
2026-06-10T22:49:44.8892456Z 
2026-06-10T22:49:44.8892551Z ### REQ-CLI-3
2026-06-10T22:49:44.8893232Z - Title: Agent hot path stays flat across the M8 reorg: send/ring/ready/whoami/how-to unchanged; notify moves to subnet notify while notif stays top-level; breaking renames land clean with no deprecation shims (zero external CLI consumers pre-spt-claude-code) (M8 decisions 3-4, 9)
2026-06-10T22:49:44.8893331Z - Required stages: impl, unit
2026-06-10T22:49:44.8893359Z 
2026-06-10T22:49:44.8893547Z ### REQ-SUBNET-5
2026-06-10T22:49:44.8894600Z - Title: Per-subnet serve-state: spt subnet detach <NAME> [--save] / attach <NAME> [--save] — daemon keeps running, stops/starts advertising + connecting for that subnet (peer pump + responder selective); --save persists the startup default in daemon config; the all-attached banner gains per-subnet states (M8 decision 6, --save renamed from --auto per decision 25 session)
2026-06-10T22:49:44.8894706Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8894744Z 
2026-06-10T22:49:44.8894838Z ### REQ-SUBNET-6
2026-06-10T22:49:44.8895480Z - Title: Trust lifecycle verbs, elevation-gated: spt subnet leave <NAME> (membership exit) and spt subnet prune <node> (removes a dead identity's trust + registry rows, killing its dead dials; trust mutation = security surface, REQ-PAIR-6 gate machinery) (M8 decisions 6-7)
2026-06-10T22:49:44.8895593Z - Required stages: impl, unit
2026-06-10T22:49:44.8895621Z 
2026-06-10T22:49:44.8895722Z ### REQ-SUBNET-7
2026-06-10T22:49:44.8897253Z - Title: Per-machine re-pair trust overwrite: registry rows carry a hashed stable machine identifier (OS machine id /etc/machine-id|MachineGuid, domain-separated SHA-256 before gossip, spt-minted persisted UUID fallback; additive serde-default field — old rows parse clean); a COMPLETED pairing ceremony presenting the same node label AND machine id as an existing trusted row evicts the superseded identity's trust + registry rows on the seed-holder and replicates the eviction; a gossiped claim alone never evicts trust (M8 decisions 13, 22)
2026-06-10T22:49:44.8897367Z - Required stages: impl, unit
2026-06-10T22:49:44.8897400Z 
2026-06-10T22:49:44.8897491Z ### REQ-SUBNET-8
2026-06-10T22:49:44.8898517Z - Title: Status render honesty: zero-subnet text is daemon-aware ('No subnets registered — this node is standalone.' + daemon-running-dependent blurb, never implying messaging works while the daemon is down); hint footer prints on bare spt subnet only (status drops it); a stalled pump is surfaced in subnet status, never rendered implied-healthy (M8 decisions 11-12, 23)
2026-06-10T22:49:44.8898632Z - Required stages: impl, unit
2026-06-10T22:49:44.8898666Z 
2026-06-10T22:49:44.8898755Z ### REQ-INSTALL-6
2026-06-10T22:49:44.8900000Z - Title: Linux elevation install leg: install.sh symlinks the binary into a sudo-reachable path (/usr/local/bin; graceful print-the-one-liner when unelevated) so sudo spt resolves; first sudo spt detects elevation and prompts ONCE for the default user account — thereafter any elevated daemon launch runs daemon + state under that account, never root (KH 5.7 interplay verified) (M8 decision 8)
2026-06-10T22:49:44.8900115Z - Required stages: impl, unit
2026-06-10T22:49:44.8900149Z 
2026-06-10T22:49:44.8900353Z ### REQ-INSTALL-7
2026-06-10T22:49:44.8901394Z - Title: Windows inbound reachability: the elevated install leg registers the inbound-UDP firewall rule (New-NetFirewallRule); the daemon self-detects blocked inbound and renders it as the no-connection state in subnet status + the coming-online banner (covers user-scope installs that skip the elevated leg — never a silent NO_SEED_HOLDER dead-end) (M8 root cause 3)
2026-06-10T22:49:44.8901509Z - Required stages: impl
2026-06-10T22:49:44.8901542Z 
2026-06-10T22:49:44.8901637Z ### REQ-INSTALL-8
2026-06-10T22:49:44.8902615Z - Title: OS-service registration (REQ-INSTALL-1's deferred third leg): Linux systemd USER service + loginctl enable-linger (linger rides the elevated install leg; daemon starts at boot pre-login, user universe per KH 5.7, systemctl --user managed); Windows scheduled task at-logon (interactive session, no stored credentials); a node is reachable after reboot without any manual spt invocation (M8 decision 17)
2026-06-10T22:49:44.8902726Z - Required stages: impl
2026-06-10T22:49:44.8902759Z 
2026-06-10T22:49:44.8902853Z ### REQ-CONV-1
2026-06-10T22:49:44.8904173Z - Title: Peer address seeding, both cold starts: durable peer-addrs.json (identity dir) maps peer pubkey → last-known dialable address; the pump's resolver consults it FIRST with id-only discovery fallback on miss or dial failure (a stale addr never strands a peer); written by the pairing ceremony (both sides, from the live connection) and by the pump on successful connect; post-join first sync and post-restart resync converge in seconds, not ~1 min (M8 decisions 14, 20)
2026-06-10T22:49:44.8904388Z - Required stages: impl, unit
2026-06-10T22:49:44.8904421Z 
2026-06-10T22:49:44.8904511Z ### REQ-CONV-2
2026-06-10T22:49:44.8905615Z - Title: Event-driven advertisement: endpoint online/offline transitions (ready-listener start/stop, rest-state transition, perch death) trigger an immediate advertise_local + peer push as a WAKE of the existing pump loop (no second advertisement path — epoch lease + visibility gates ride unchanged); the cadence stays the steady-state floor (M8 decision 15)
2026-06-10T22:49:44.8905732Z - Required stages: impl, unit
2026-06-10T22:49:44.8905765Z 
2026-06-10T22:49:44.8905860Z ### REQ-PAIR-8
2026-06-10T22:49:44.8907092Z - Title: NTP TOTP offset: the pairing ceremony queries NTP at ceremony time (both sides) and applies the derived offset to the TOTP calculation in-process only; system-clock fallback when NTP is unreachable (offline LAN pairing unaffected — NTP failure never blocks a pairing that succeeds today); never sets the OS clock; no background sync loop (M8 decision 18; field trigger: enlyzeam clock >1 min off exceeds the ±1 window)
2026-06-10T22:49:44.8907208Z - Required stages: impl, unit
2026-06-10T22:49:44.8907241Z 
2026-06-10T22:49:44.8907341Z ### REQ-DAEMON-5
2026-06-10T22:49:44.8908595Z - Title: Pump liveness: the peer pump writes a last-tick heartbeat consumed by daemon status / subnet status (decision 23 render legs in REQ-CLI-2/REQ-SUBNET-8); the daemon supervises the pump task — a panic is caught, logged loudly, and the pump restarts with capped backoff (≤5 min), so a 5.9-class death self-heals visibly instead of silently halving the daemon (M8 decision 23; field motivation: hfenduleam 2026-06-07 half-death)
2026-06-10T22:49:44.8908717Z - Required stages: impl, unit
2026-06-10T22:49:44.8908751Z 
2026-06-10T22:49:44.8908846Z ### REQ-DAEMON-6
2026-06-10T22:49:44.8910828Z - Title: Service-aware `daemon start`/`stop`: when an OS service manager has a registered spt-daemon for this user, `spt daemon start` and `spt daemon stop` drive THAT service (so stop doesn't IPC-kill a unit that auto-restart-fights for the broker socket — the kitsubito 2026-06-08 loop). `start` graduates from a `run` alias to a first-class background verb (ensure-up, idempotent, non-blocking); stop routes managed→manager, manual→IPC. Linux=systemd user unit (`systemctl --user start|stop|is-active spt-daemon`, detected by unit-file presence); Windows=no controllable manager (the logon task is boot-only), so start=detached spawn / stop=IPC.
2026-06-10T22:49:44.8911077Z - Required stages: impl, unit
2026-06-10T22:49:44.8911110Z 
2026-06-10T22:49:44.8911203Z ### REQ-DAEMON-7
2026-06-10T22:49:44.8912564Z - Title: `daemon run` is foreground-consistent on every platform: the invoking process IS the daemon, blocks until signalled, never auto-detaches or respawns into an invisible background task. The detached/de-elevated background behavior lives ONLY in `start`. Windows: an ELEVATED `daemon run` refuses with guidance (use `start`, or an unelevated shell) instead of respawning detached/de-elevated and vanishing (KH 5.7 preserved — it still never serves elevated).
2026-06-10T22:49:44.8912690Z - Required stages: impl, unit
2026-06-10T22:49:44.8912722Z 
2026-06-10T22:49:44.8912817Z ### REQ-DAEMON-8
2026-06-10T22:49:44.8913714Z - Title: Internal auto-start prefers the service: `ensure_running` (any spt command's implicit daemon start, REQ-DAEMON-3) routes through the service-aware start path — when a manager has a registered service it starts THAT, never a competing manual `spawn_detached` daemon that would fight the service for the socket.
2026-06-10T22:49:44.8913833Z - Required stages: impl, unit
2026-06-10T22:49:44.8913867Z 
2026-06-10T22:49:44.8913958Z ### REQ-DAEMON-9
2026-06-10T22:49:44.8916255Z - Title: Net-bind boot-race resilience: a daemon that comes up net-less (NetHost::start failed — e.g. the systemd unit autostarted before the network/DNS stack was ready, `Failed to create an address lookup service`) must SELF-HEAL — retry the net bring-up in the background with capped backoff and, on success, attach net to the broker + spawn the dispatcher/peer-pump (which today are gated on `net_up` at boot and so never start, leaving the node silently unreachable until a manual restart — kitsubito 2026-06-08). Status surfaces the net-less state honestly (a net-less broker renders as 'no connection', not only a pump-STALLED line with a bogus pre-boot heartbeat age). The installer's autostart unit waits for the network (`Wants=/After=network-online.target`) as belt-and-suspenders.
2026-06-10T22:49:44.8916372Z - Required stages: impl, unit
2026-06-10T22:49:44.8916406Z 
2026-06-10T22:49:44.8916501Z ### REQ-HAZARD-EPOCH-RESET
2026-06-10T22:49:44.8917744Z - Title: Advertisement-epoch reset strands a node: peers' higher last-seen epoch drops the reset node's fresh advertisements as Stale until the counter outruns history. Common case (full reinstall/re-pair) is mitigated by REQ-SUBNET-7's ceremony eviction (peer-side epoch memory dies with the deleted row — acceptance-verified); the residual narrow slice (epoch file lost, identity kept) is documented, guard deferred to a field hit (4.11)
2026-06-10T22:49:44.8917839Z - Required stages: 
2026-06-10T22:49:44.8917877Z 
2026-06-10T22:49:44.8917967Z ### REQ-MESH-1
2026-06-10T22:49:44.8920039Z - Title: Membership proof (seed-proof): symmetric current-epoch seed-knowledge replaces is_trusted at EVERY inbound gate (registry apply, WAN receive, sync, notif, connection accept). MK = HKDF(seed, domain ‖ subnet_id ‖ seed_epoch); mutual channel-bound challenge-response at connect (transcript binds both handshake-proven node pubkeys, both nonces, subnet_id, seed_epoch, role); verified once per connection, cached on the broker ConnEntry, kept warm via QUIC keep-alive so re-proof is restart/partition/rotation-only. Exact-epoch match (re-seed is the sole N-1 exception). SECURITY INVARIANTS: channel-bound (no cross-connection replay), mutual, accepts a member it never paired (the mesh property).
2026-06-10T22:49:44.8920158Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8920196Z 
2026-06-10T22:49:44.8920286Z ### REQ-MESH-2
2026-06-10T22:49:44.8922725Z - Title: Member roster: node-level union-merge grow-set (per member: pubkey, label, machine_id, last-known address, last-seen — NOT the seed), the discovery directory the mesh dials by. Seeded IN FULL at pairing (seed-holder hands joiner the whole current roster, incl. offline members — folds in deferred pairing-time hostname capture + post-join address seeding); each node authors its own entry stamped with its lease_epoch, merged strictly-greater-wins (the node_label lease); exchanged only over seed-proof'd member connections; forgery-inert (a fake entry names a pubkey that still can't seed-proof). Removal needs a TOMBSTONE — a per-pubkey revoked marker that propagates, dominates the entry, gates admission (seed-proof ∧ ¬tombstoned), and prevents reinsert; cleared by a completed re-pair of that pubkey. Persists through silence (offline member keeps its entry).
2026-06-10T22:49:44.8922939Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8922973Z 
2026-06-10T22:49:44.8923068Z ### REQ-MESH-3
2026-06-10T22:49:44.8924622Z - Title: Mesh row fan-out: registry rows stay OWN-AUTHORED; the only change is the push target widens from directly-paired peers to ALL roster members (a wider DIRECT fan-out, never a third-party relay). Every row/message still arrives from its author over a handshake → KNOWN-HAZARDS 7.5 (origin = handshake node) and 4.10 (eviction lease: any future update comes from that node itself, alive) PRESERVED VERBATIM. Closes the staggered A→B→C repro: C (roster-seeded with A at pairing) initiates to A, seed-proof admits C unpaired, A learns C, both push directly.
2026-06-10T22:49:44.8924740Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8924865Z 
2026-06-10T22:49:44.8924964Z ### REQ-MESH-4
2026-06-10T22:49:44.8927066Z - Title: Revoke + timeboxed seed rotation + re-seed grace: `spt subnet revoke <node>...` (list, elevation-gated, revoke-only) writes roster tombstones immediately, then schedules ONE seed rotation (re-mint seed, bump seed_epoch, push new seed CONFIDENTIALLY over member-auth'd TLS connections — never in roster/registry gossip — force-drop revokees) at the close of a coalescing window (default 1h); further revokes in the window join the same rotation (one epoch bump). `--force-rotate-seed` rotates immediately (compromised-node path). RE-SEED GRACE: a node proving the immediately-prior epoch (N-1) AND still on the roster gets a re-seed-only restricted connection (auto-heals a benign offliner); revoked/off-roster denied; ≥2 stale → re-pair.
2026-06-10T22:49:44.8927231Z - Required stages: impl, unit, int
2026-06-10T22:49:44.8927264Z 
2026-06-10T22:49:44.8927354Z ### REQ-MESH-5
2026-06-10T22:49:44.8928667Z - Title: Hard cutover from pairwise trust: delete peers.json + the is_trusted authorization path (no migration — expendable test fleet, re-pairs fresh under the new model, user decision 2026-06-08). Warn-on-change DEMOTED from a gate to an awareness notice anchored on machine_id (not label): 'machine M, last seen as K1, now presents K2' — fires the same event as the REQ-SUBNET-7 re-pair overwrite. The TrustStore/peers.json code and its call sites are removed, not left dead.
2026-06-10T22:49:44.8928776Z - Required stages: impl, unit
2026-06-10T22:49:44.8928809Z 
2026-06-10T22:49:44.8928899Z ### REQ-MESH-6
2026-06-10T22:49:44.8930150Z - Title: Concurrent liveness probes: `spt subnet status --nodes` fans out its offline/serve-probes (REQ-SUBNET-5) CONCURRENTLY — total wall-time bounded by the single-probe ceiling (~3s), never k×ceiling. The mesh makes a node see ALL members (many possibly offline), so a serial probe loop would be offline_count×3s. (Planning verifies the current REQ-SUBNET-5 probe loop's behavior and fixes it if serial.)
2026-06-10T22:49:44.8930270Z - Required stages: impl, unit
2026-06-10T22:49:44.8930304Z 
2026-06-10T22:49:44.8930403Z ## How to report back
2026-06-10T22:49:44.8930436Z 
2026-06-10T22:49:44.8930599Z For every (requirement, failing criterion) pair, emit one finding:
2026-06-10T22:49:44.8930637Z 
2026-06-10T22:49:44.8930722Z     {
2026-06-10T22:49:44.8930827Z       "code": "requirement_quality",
2026-06-10T22:49:44.8930938Z       "requirementId": "REQ-...",
2026-06-10T22:49:44.8931113Z       "criterion": "singular" | "verifiable" | "atomic" | "active-voice",
2026-06-10T22:49:44.8931215Z       "message": "<short reason>",
2026-06-10T22:49:44.8931342Z       "suggestedRevision": "<optional rewrite>"
2026-06-10T22:49:44.8931596Z     }
2026-06-10T22:49:44.8931628Z 
2026-06-10T22:49:44.8931810Z Wrap your response as { "findings": [ ... ] } listing only your concerns; the
2026-06-10T22:49:44.8931957Z deterministic findings above don't need to be repeated.
