﻿2026-06-13T10:36:10.8600144Z ##[group]Run ./traceable-reqs lint || true
2026-06-13T10:36:10.8600344Z [36;1m./traceable-reqs lint || true[0m
2026-06-13T10:36:10.8616093Z shell: /usr/bin/bash -e {0}
2026-06-13T10:36:10.8616226Z ##[endgroup]
2026-06-13T10:36:10.8809943Z Requirement quality findings (92); 189 requirements queued for agent review:
2026-06-13T10:36:10.8810971Z   [must] requirement_quality REQ-API-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8811512Z   [must] requirement_quality REQ-CLI-1 criterion=length — title is 47 words; want 3..=25
2026-06-13T10:36:10.8811980Z   [must] requirement_quality REQ-CLI-2 criterion=length — title is 37 words; want 3..=25
2026-06-13T10:36:10.8812409Z   [must] requirement_quality REQ-CLI-3 criterion=length — title is 37 words; want 3..=25
2026-06-13T10:36:10.8812762Z   [must] requirement_quality REQ-CONSENT-1 criterion=length — title is 41 words; want 3..=25
2026-06-13T10:36:10.8813130Z   [must] requirement_quality REQ-CONSENT-2 criterion=length — title is 37 words; want 3..=25
2026-06-13T10:36:10.8813994Z   [must] requirement_quality REQ-CONV-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8814356Z   [must] requirement_quality REQ-CONV-1 criterion=length — title is 73 words; want 3..=25
2026-06-13T10:36:10.8814752Z   [must] requirement_quality REQ-CONV-2 criterion=length — title is 47 words; want 3..=25
2026-06-13T10:36:10.8815272Z   [must] requirement_quality REQ-DAEMON-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8815634Z   [must] requirement_quality REQ-DAEMON-5 criterion=length — title is 64 words; want 3..=25
2026-06-13T10:36:10.8816140Z   [must] requirement_quality REQ-DAEMON-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8816492Z   [must] requirement_quality REQ-DAEMON-6 criterion=length — title is 84 words; want 3..=25
2026-06-13T10:36:10.8816987Z   [must] requirement_quality REQ-DAEMON-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8817345Z   [must] requirement_quality REQ-DAEMON-7 criterion=length — title is 62 words; want 3..=25
2026-06-13T10:36:10.8817971Z   [must] requirement_quality REQ-DAEMON-8 criterion=length — title is 44 words; want 3..=25
2026-06-13T10:36:10.8818464Z   [must] requirement_quality REQ-DAEMON-9 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8818810Z   [must] requirement_quality REQ-DAEMON-9 criterion=length — title is 114 words; want 3..=25
2026-06-13T10:36:10.8819392Z   [must] requirement_quality REQ-EP-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8819721Z   [must] requirement_quality REQ-EP-6 criterion=length — title is 66 words; want 3..=25
2026-06-13T10:36:10.8820041Z   [must] requirement_quality REQ-EP-7 criterion=length — title is 68 words; want 3..=25
2026-06-13T10:36:10.8820585Z   [must] requirement_quality REQ-HAZARD-BRAIN-RESPAWN-PATH criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8820923Z   [must] requirement_quality REQ-HAZARD-BRAIN-RESPAWN-PATH criterion=length — title is 119 words; want 3..=25
2026-06-13T10:36:10.8821417Z   [must] requirement_quality REQ-HAZARD-BROKER-PROCESS-ISOLATION criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8821782Z   [must] requirement_quality REQ-HAZARD-BROKER-PROCESS-ISOLATION criterion=length — title is 114 words; want 3..=25
2026-06-13T10:36:10.8822130Z   [must] requirement_quality REQ-HAZARD-CONFLICT-BOTH-PRESERVED criterion=length — title is 29 words; want 3..=25
2026-06-13T10:36:10.8822489Z   [must] requirement_quality REQ-HAZARD-DAEMON-SCHED-NONBLOCKING criterion=length — title is 32 words; want 3..=25
2026-06-13T10:36:10.8822832Z   [must] requirement_quality REQ-HAZARD-DETACHED-PIPE-INHERIT criterion=length — title is 52 words; want 3..=25
2026-06-13T10:36:10.8823517Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8823865Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=length — title is 58 words; want 3..=25
2026-06-13T10:36:10.8824300Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8824644Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=length — title is 73 words; want 3..=25
2026-06-13T10:36:10.8825088Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-PARSER-SAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8825384Z   [must] requirement_quality REQ-HAZARD-EPOCH-RESET criterion=length — title is 60 words; want 3..=25
2026-06-13T10:36:10.8825798Z   [must] requirement_quality REQ-HAZARD-GEN-START-NOW criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8826132Z   [must] requirement_quality REQ-HAZARD-INSTANT-UNDERFLOW criterion=length — title is 30 words; want 3..=25
2026-06-13T10:36:10.8826461Z   [must] requirement_quality REQ-HAZARD-PAIR-RATE-LIMIT criterion=length — title is 37 words; want 3..=25
2026-06-13T10:36:10.8826789Z   [must] requirement_quality REQ-HAZARD-PAIR-SEED-ROTATION criterion=length — title is 33 words; want 3..=25
2026-06-13T10:36:10.8827227Z   [must] requirement_quality REQ-HAZARD-PAIR-TRANSCRIPT-BIND criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8827667Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8828010Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=length — title is 27 words; want 3..=25
2026-06-13T10:36:10.8828434Z   [must] requirement_quality REQ-HAZARD-PUMP-IPC-DEADLINE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8828758Z   [must] requirement_quality REQ-HAZARD-PUMP-IPC-DEADLINE criterion=length — title is 38 words; want 3..=25
2026-06-13T10:36:10.8829408Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8829737Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=length — title is 66 words; want 3..=25
2026-06-13T10:36:10.8830080Z   [must] requirement_quality REQ-HAZARD-ROLLBACK-STATE-COMPAT criterion=length — title is 72 words; want 3..=25
2026-06-13T10:36:10.8830395Z   [must] requirement_quality REQ-HAZARD-SUDO-SECURE-PATH criterion=length — title is 43 words; want 3..=25
2026-06-13T10:36:10.8830710Z   [must] requirement_quality REQ-HAZARD-WAN-ORIGIN-AUTH criterion=length — title is 37 words; want 3..=25
2026-06-13T10:36:10.8830981Z   [must] requirement_quality REQ-INST-15 criterion=length — title is 32 words; want 3..=25
2026-06-13T10:36:10.8831243Z   [must] requirement_quality REQ-INSTALL-2 criterion=length — title is 2 word(s); want 3..=25
2026-06-13T10:36:10.8831630Z   [must] requirement_quality REQ-INSTALL-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8831887Z   [must] requirement_quality REQ-INSTALL-6 criterion=length — title is 56 words; want 3..=25
2026-06-13T10:36:10.8832260Z   [must] requirement_quality REQ-INSTALL-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8832528Z   [must] requirement_quality REQ-INSTALL-7 criterion=length — title is 50 words; want 3..=25
2026-06-13T10:36:10.8832776Z   [must] requirement_quality REQ-INSTALL-8 criterion=length — title is 55 words; want 3..=25
2026-06-13T10:36:10.8833149Z   [must] requirement_quality REQ-MANIFEST-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8833553Z   [must] requirement_quality REQ-MANIFEST-3 criterion=length — title is 26 words; want 3..=25
2026-06-13T10:36:10.8833815Z   [must] requirement_quality REQ-MANIFEST-4 criterion=length — title is 31 words; want 3..=25
2026-06-13T10:36:10.8834082Z   [must] requirement_quality REQ-MESH-1 criterion=length — title is 86 words; want 3..=25
2026-06-13T10:36:10.8834434Z   [must] requirement_quality REQ-MESH-2 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8834691Z   [must] requirement_quality REQ-MESH-2 criterion=length — title is 120 words; want 3..=25
2026-06-13T10:36:10.8835034Z   [must] requirement_quality REQ-MESH-3 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8835277Z   [must] requirement_quality REQ-MESH-3 criterion=length — title is 86 words; want 3..=25
2026-06-13T10:36:10.8835629Z   [must] requirement_quality REQ-MESH-4 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8835882Z   [must] requirement_quality REQ-MESH-4 criterion=length — title is 99 words; want 3..=25
2026-06-13T10:36:10.8836240Z   [must] requirement_quality REQ-MESH-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8836492Z   [must] requirement_quality REQ-MESH-5 criterion=length — title is 72 words; want 3..=25
2026-06-13T10:36:10.8836831Z   [must] requirement_quality REQ-MESH-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8837083Z   [must] requirement_quality REQ-MESH-6 criterion=length — title is 56 words; want 3..=25
2026-06-13T10:36:10.8837439Z   [must] requirement_quality REQ-MIGRATE-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8837697Z   [must] requirement_quality REQ-MSG-4 criterion=length — title is 31 words; want 3..=25
2026-06-13T10:36:10.8837955Z   [must] requirement_quality REQ-MSG-5 criterion=length — title is 38 words; want 3..=25
2026-06-13T10:36:10.8838303Z   [must] requirement_quality REQ-PAIR-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8838674Z   [must] requirement_quality REQ-PAIR-8 criterion=length — title is 67 words; want 3..=25
2026-06-13T10:36:10.8839091Z   [must] requirement_quality REQ-PRES-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8839352Z   [must] requirement_quality REQ-PRES-1 criterion=length — title is 48 words; want 3..=25
2026-06-13T10:36:10.8839632Z   [must] requirement_quality REQ-SEAM-SPAWN criterion=length — title is 2 word(s); want 3..=25
2026-06-13T10:36:10.8839883Z   [must] requirement_quality REQ-SHELL-1 criterion=length — title is 36 words; want 3..=25
2026-06-13T10:36:10.8840131Z   [must] requirement_quality REQ-SHELL-2 criterion=length — title is 49 words; want 3..=25
2026-06-13T10:36:10.8840393Z   [must] requirement_quality REQ-STORE-1 criterion=length — title is 34 words; want 3..=25
2026-06-13T10:36:10.8840645Z   [must] requirement_quality REQ-SUBNET-5 criterion=length — title is 52 words; want 3..=25
2026-06-13T10:36:10.8841027Z   [must] requirement_quality REQ-SUBNET-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8841280Z   [must] requirement_quality REQ-SUBNET-6 criterion=length — title is 38 words; want 3..=25
2026-06-13T10:36:10.8841638Z   [must] requirement_quality REQ-SUBNET-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8841899Z   [must] requirement_quality REQ-SUBNET-7 criterion=length — title is 75 words; want 3..=25
2026-06-13T10:36:10.8842142Z   [must] requirement_quality REQ-SUBNET-8 criterion=length — title is 53 words; want 3..=25
2026-06-13T10:36:10.8842499Z   [must] requirement_quality REQ-UPD-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8842887Z   [must] requirement_quality REQ-UPD-6 criterion=length — title is 32 words; want 3..=25
2026-06-13T10:36:10.8843241Z   [must] requirement_quality REQ-UPD-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8843507Z   [must] requirement_quality REQ-UPD-7 criterion=length — title is 88 words; want 3..=25
2026-06-13T10:36:10.8843856Z   [must] requirement_quality REQ-UPD-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T10:36:10.8844108Z   [must] requirement_quality REQ-UPD-8 criterion=length — title is 115 words; want 3..=25
2026-06-13T10:36:10.8844147Z 
2026-06-13T10:36:10.8844257Z # Requirement quality review
2026-06-13T10:36:10.8844300Z 
2026-06-13T10:36:10.8844495Z You are reviewing 189 requirement(s) from `traceable-reqs.toml` against a quality
2026-06-13T10:36:10.8844699Z rubric. Deterministic checks (length, contains-and, tbd-todo, duplicate-titles,
2026-06-13T10:36:10.8844901Z trailing-etc) have already run and surfaced as `requirement_quality` findings on
2026-06-13T10:36:10.8845056Z this command's output. Your task is the rubric items below.
2026-06-13T10:36:10.8845089Z 
2026-06-13T10:36:10.8845190Z ## Rubric
2026-06-13T10:36:10.8845223Z 
2026-06-13T10:36:10.8845479Z - **singular** — describes one capability; no smuggled "and"/"or" across distinct actions.
2026-06-13T10:36:10.8845707Z - **verifiable** — states an observable behavior a test or reviewer could confirm.
2026-06-13T10:36:10.8845922Z - **atomic** — cannot be split into two requirements without losing meaning.
2026-06-13T10:36:10.8846088Z - **active-voice** — clear subject and active verb.
2026-06-13T10:36:10.8846127Z 
2026-06-13T10:36:10.8846360Z If a criterion is borderline or doesn't apply, abstain — only emit findings for
2026-06-13T10:36:10.8846452Z clear concerns.
2026-06-13T10:36:10.8846481Z 
2026-06-13T10:36:10.8846575Z ## Requirements
2026-06-13T10:36:10.8846613Z 
2026-06-13T10:36:10.8846704Z ### REQ-ARCH-1
2026-06-13T10:36:10.8846833Z - Title: Many small acyclically-layered crates
2026-06-13T10:36:10.8846938Z - Required stages: impl
2026-06-13T10:36:10.8846970Z 
2026-06-13T10:36:10.8847181Z ### REQ-ARCH-2
2026-06-13T10:36:10.8847343Z - Title: Public SDK surface is spt-proto, spt-runtime, spt-msg
2026-06-13T10:36:10.8847444Z - Required stages: impl
2026-06-13T10:36:10.8847482Z 
2026-06-13T10:36:10.8847576Z ### REQ-ARCH-3
2026-06-13T10:36:10.8847769Z - Title: Wire-protocol version independent of crate semver, N-1 compat window
2026-06-13T10:36:10.8847876Z - Required stages: impl, unit
2026-06-13T10:36:10.8847904Z 
2026-06-13T10:36:10.8847999Z ### REQ-ARCH-4
2026-06-13T10:36:10.8848158Z - Title: Copy-verbatim the commodity layer from the sister project
2026-06-13T10:36:10.8848276Z - Required stages: impl, unit
2026-06-13T10:36:10.8848319Z 
2026-06-13T10:36:10.8848406Z ### REQ-DAEMON-1
2026-06-13T10:36:10.8848591Z - Title: One per-machine spt-daemon owning all per-machine state
2026-06-13T10:36:10.8848702Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8848735Z 
2026-06-13T10:36:10.8848830Z ### REQ-DAEMON-2
2026-06-13T10:36:10.8849045Z - Title: Broker/brain split for seamless self-update
2026-06-13T10:36:10.8849154Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8849201Z 
2026-06-13T10:36:10.8849287Z ### REQ-DAEMON-3
2026-06-13T10:36:10.8849440Z - Title: Any api invocation auto-starts the daemon if absent
2026-06-13T10:36:10.8849530Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8849559Z 
2026-06-13T10:36:10.8849651Z ### REQ-DAEMON-4
2026-06-13T10:36:10.8849769Z - Title: Honor every KNOWN-HAZARDS invariant
2026-06-13T10:36:10.8849869Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8849902Z 
2026-06-13T10:36:10.8849999Z ### REQ-STORE-1
2026-06-13T10:36:10.8850824Z - Title: spt-store::BranchStore (git branch as versioned KV; commit=checkpoint/tip=resume, atomic multi-key, merge-native sync) is the substrate for coarse/durable/audited state (context, registry snapshot+distribution, daemon checkpoint); hot paths (B5 fsync journal) + indexed queries (SQLite spool) excluded (ADR-0011)
2026-06-13T10:36:10.8851034Z - Required stages: impl, unit
2026-06-13T10:36:10.8851072Z 
2026-06-13T10:36:10.8851166Z ### REQ-MANIFEST-1
2026-06-13T10:36:10.8851349Z - Title: Per-adapter manifest with adapter_name and min_spt_core_version
2026-06-13T10:36:10.8851448Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8851486Z 
2026-06-13T10:36:10.8851579Z ### REQ-MANIFEST-2
2026-06-13T10:36:10.8852068Z - Title: Adapter profiles — sparse leaf-replace overlays (shipped + local), composite <adapter>:<profile> addressing, shadow-refusal, tighten-only consent floors
2026-06-13T10:36:10.8852174Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8852213Z 
2026-06-13T10:36:10.8852302Z ### REQ-MANIFEST-3
2026-06-13T10:36:10.8852904Z - Title: Adapter strings — [strings] KV tree, dot-path get-string resolving through the profile leaf-replace overlay, set-string editing a local profile's [strings] only; data-only (nothing executes a string)
2026-06-13T10:36:10.8853017Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8853049Z 
2026-06-13T10:36:10.8853150Z ### REQ-MANIFEST-4
2026-06-13T10:36:10.8853840Z - Title: Keyword hints — [[hints]] {keywords (literal/regex), text}; spt api hint --session emits at most one matched hint per message, once per session (seen-set), declaration-order first match; profiles overlay [[hints]] by leaf-replace
2026-06-13T10:36:10.8853940Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8853977Z 
2026-06-13T10:36:10.8854135Z ### REQ-SEAM-SPAWN
2026-06-13T10:36:10.8854239Z - Title: spawn-session seam
2026-06-13T10:36:10.8854339Z - Required stages: impl, unit
2026-06-13T10:36:10.8854377Z 
2026-06-13T10:36:10.8854474Z ### REQ-SEAM-POSTSPAWN
2026-06-13T10:36:10.8854597Z - Title: post-spawn / api bind seam with boot nonce
2026-06-13T10:36:10.8854707Z - Required stages: impl, unit
2026-06-13T10:36:10.8854735Z 
2026-06-13T10:36:10.8854827Z ### REQ-SEAM-PSYCHE
2026-06-13T10:36:10.8854978Z - Title: spawn-psyche seam (fresh + resume templates)
2026-06-13T10:36:10.8855080Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8855118Z 
2026-06-13T10:36:10.8855322Z ### REQ-SEAM-HISTORY
2026-06-13T10:36:10.8855504Z - Title: History subsystem (fetcher / locate-normalize / native store)
2026-06-13T10:36:10.8855616Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8855650Z 
2026-06-13T10:36:10.8855745Z ### REQ-SEAM-ACTIVITY
2026-06-13T10:36:10.8855909Z - Title: Activity/idle reported via api sentinels, not PTY quiescence
2026-06-13T10:36:10.8856009Z - Required stages: impl, unit
2026-06-13T10:36:10.8856039Z 
2026-06-13T10:36:10.8856139Z ### REQ-SEAM-INJECT
2026-06-13T10:36:10.8856296Z - Title: inject-input methods configurable per activity-state
2026-06-13T10:36:10.8856402Z - Required stages: impl, unit
2026-06-13T10:36:10.8856435Z 
2026-06-13T10:36:10.8856525Z ### REQ-SEAM-RESUME
2026-06-13T10:36:10.8856697Z - Title: resume-session seam (fresh-with-preload / continue-existing)
2026-06-13T10:36:10.8856831Z - Required stages: impl, unit
2026-06-13T10:36:10.8856877Z 
2026-06-13T10:36:10.8857002Z ### REQ-SEAM-CAPABILITY
2026-06-13T10:36:10.8857149Z - Title: Hostable endpoint-types capability declaration
2026-06-13T10:36:10.8857259Z - Required stages: impl, unit
2026-06-13T10:36:10.8857292Z 
2026-06-13T10:36:10.8857394Z ### REQ-SEAM-UPDATE
2026-06-13T10:36:10.8857550Z - Title: Adapter-update avenue (file-pull / delegated command)
2026-06-13T10:36:10.8857651Z - Required stages: impl, unit
2026-06-13T10:36:10.8857685Z 
2026-06-13T10:36:10.8857778Z ### REQ-API-1
2026-06-13T10:36:10.8857942Z - Title: api prefix and adapter_name on every machinery invocation
2026-06-13T10:36:10.8858047Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8858079Z 
2026-06-13T10:36:10.8858174Z ### REQ-API-2
2026-06-13T10:36:10.8858366Z - Title: The api subcommand surface (bind/listen/poll/state/worker/boundary/...)
2026-06-13T10:36:10.8858474Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8858593Z 
2026-06-13T10:36:10.8858684Z ### REQ-API-3
2026-06-13T10:36:10.8858822Z - Title: commune/signoff are file-drops, not commands
2026-06-13T10:36:10.8858932Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8859052Z 
2026-06-13T10:36:10.8859141Z ### REQ-START-1
2026-06-13T10:36:10.8859347Z - Title: Adapters never resolve SPT_HOME; binary on PATH; api bridging only
2026-06-13T10:36:10.8859446Z - Required stages: impl, unit
2026-06-13T10:36:10.8859480Z 
2026-06-13T10:36:10.8859576Z ### REQ-START-2
2026-06-13T10:36:10.8859709Z - Title: Harness-hosted startup: api seed then listen
2026-06-13T10:36:10.8859814Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8859842Z 
2026-06-13T10:36:10.8859943Z ### REQ-START-3
2026-06-13T10:36:10.8860100Z - Title: spt-hosted startup: spawn-session then api bind (no file)
2026-06-13T10:36:10.8860206Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8860240Z 
2026-06-13T10:36:10.8860324Z ### REQ-START-4
2026-06-13T10:36:10.8860462Z - Title: Adapter-injected env aliases (SPT/OWL/LIVE)
2026-06-13T10:36:10.8860573Z - Required stages: impl, unit
2026-06-13T10:36:10.8860606Z 
2026-06-13T10:36:10.8860696Z ### REQ-EP-1
2026-06-13T10:36:10.8860823Z - Title: Day-one endpoint types; open type system
2026-06-13T10:36:10.8860928Z - Required stages: impl, unit
2026-06-13T10:36:10.8860961Z 
2026-06-13T10:36:10.8861060Z ### REQ-EP-2
2026-06-13T10:36:10.8861222Z - Title: Agent endpoints vs Shells distinction in the type model
2026-06-13T10:36:10.8861322Z - Required stages: impl, unit
2026-06-13T10:36:10.8861356Z 
2026-06-13T10:36:10.8861451Z ### REQ-EP-3
2026-06-13T10:36:10.8861627Z - Title: Messaging payloads carry typed operation commands + file blobs
2026-06-13T10:36:10.8861736Z - Required stages: impl, unit
2026-06-13T10:36:10.8861770Z 
2026-06-13T10:36:10.8861861Z ### REQ-EP-4
2026-06-13T10:36:10.8861999Z - Title: PresenceChannel broker endpoint (seam day-one)
2026-06-13T10:36:10.8862104Z - Required stages: impl, unit
2026-06-13T10:36:10.8862139Z 
2026-06-13T10:36:10.8862233Z ### REQ-EP-5
2026-06-13T10:36:10.8862867Z - Title: Concrete shell instantiation model: spawn-mints-instance (vs relink/online), registered-on-node permission + broadcast-is-discovery, per-shell require_approval gate, max_instances_per_owner + over_cap, instance aliasing, discovery scope
2026-06-13T10:36:10.8863102Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8863135Z 
2026-06-13T10:36:10.8863224Z ### REQ-EP-6
2026-06-13T10:36:10.8864923Z - Title: Gateway type acceptance: a Gateway-typed perch binds (api bind --type, open type system — un-hardcode the live_agent default), advertises/addressable like any endpoint, owns shells (owner validation not agent-family-gated), subscribes to digests, and is the user-msg identity gate's user-backed origin (REQ-MSG-5); in-tree mock-gateway fixture (R-DOCS-2 pattern, no downstream adapter code). Cross-node WAN Gateway-origin (registry endpoint_type trust) = documented fail-closed residual, deferred past M9 (doyle G2 ruling 2026-06-13)
2026-06-13T10:36:10.8865048Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8865082Z 
2026-06-13T10:36:10.8865167Z ### REQ-EP-7
2026-06-13T10:36:10.8866771Z - Title: Durable live-role.md: a per-agent broad-purpose statement in tracked/agents/<id>/ beside live-context.md (replicates with the mind on the same a-<id> branch); renders FIRST at start-transition context injection (role -> live-context -> project-context); SOLE writer `spt endpoint role --overwrite <file>` — mechanical no-automated-writer guarantee (echo-commune ingest / signoff / Psyche reconcile structurally exclude it). The user-backed-origin hard gate on the writer is a deferred later tightening (rides the user-msg identity plumbing)
2026-06-13T10:36:10.8866908Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8866942Z 
2026-06-13T10:36:10.8867032Z ### REQ-INST-1
2026-06-13T10:36:10.8867194Z - Title: endpoint ID vs instance split (adapter-agnostic ID)
2026-06-13T10:36:10.8867281Z - Required stages: 
2026-06-13T10:36:10.8867305Z 
2026-06-13T10:36:10.8867519Z ### REQ-INST-2
2026-06-13T10:36:10.8867639Z - Title: Per-node files, synced Psyche mind
2026-06-13T10:36:10.8867743Z - Required stages: impl, unit
2026-06-13T10:36:10.8867776Z 
2026-06-13T10:36:10.8867872Z ### REQ-INST-3
2026-06-13T10:36:10.8868014Z - Title: Dormant (warm) / suspended (cold) resting states
2026-06-13T10:36:10.8868119Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8868153Z 
2026-06-13T10:36:10.8868249Z ### REQ-INST-4
2026-06-13T10:36:10.8868415Z - Title: active to dormant/suspended fires a transition echo commune
2026-06-13T10:36:10.8868531Z - Required stages: impl, unit
2026-06-13T10:36:10.8868560Z 
2026-06-13T10:36:10.8868644Z ### REQ-INST-5
2026-06-13T10:36:10.8868817Z - Title: Two-tier context sync (live to all, project to same-project)
2026-06-13T10:36:10.8868927Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8869029Z 
2026-06-13T10:36:10.8869119Z ### REQ-INST-6
2026-06-13T10:36:10.8869283Z - Title: Deferred messages not delivered to dormant/suspended instances
2026-06-13T10:36:10.8869420Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8869453Z 
2026-06-13T10:36:10.8869554Z ### REQ-INST-7
2026-06-13T10:36:10.8869687Z - Title: Subnet registry + bare-id resolution policy
2026-06-13T10:36:10.8869812Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8869841Z 
2026-06-13T10:36:10.8869936Z ### REQ-INST-8
2026-06-13T10:36:10.8870098Z - Title: Remote-control mode distinct from local operation
2026-06-13T10:36:10.8870207Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8870241Z 
2026-06-13T10:36:10.8870335Z ### REQ-INST-9
2026-06-13T10:36:10.8870522Z - Title: Multi-subnet membership (same-user N subnets; cross-user seam)
2026-06-13T10:36:10.8870622Z - Required stages: impl, unit
2026-06-13T10:36:10.8870660Z 
2026-06-13T10:36:10.8870742Z ### REQ-INST-10
2026-06-13T10:36:10.8870946Z - Title: Qualified addressing [subnet:]id[@node] + ambiguity forces qualification
2026-06-13T10:36:10.8871051Z - Required stages: impl, unit
2026-06-13T10:36:10.8871095Z 
2026-06-13T10:36:10.8871198Z ### REQ-INST-11
2026-06-13T10:36:10.8871398Z - Title: spt rename <id> rippled to all instances (collision-checked, 6.5-reconciled)
2026-06-13T10:36:10.8871502Z - Required stages: impl, unit
2026-06-13T10:36:10.8871676Z 
2026-06-13T10:36:10.8871773Z ### REQ-INST-12
2026-06-13T10:36:10.8872044Z - Title: Endpoint visibility per-(endpoint,subnet): excluded semantics, OR-of-defaults + override, gates sync
2026-06-13T10:36:10.8872154Z - Required stages: impl, unit
2026-06-13T10:36:10.8872187Z 
2026-06-13T10:36:10.8872282Z ### REQ-INST-13
2026-06-13T10:36:10.8872455Z - Title: Subnet-exclusive sync + per-endpoint subnet-membership list
2026-06-13T10:36:10.8872559Z - Required stages: impl, unit
2026-06-13T10:36:10.8872592Z 
2026-06-13T10:36:10.8872674Z ### REQ-INST-14
2026-06-13T10:36:10.8873042Z - Title: Resource advertisement (subnet resource registry): free-text blurb, both-authored, registry projection, visibility/whitelist-gated
2026-06-13T10:36:10.8873165Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8873193Z 
2026-06-13T10:36:10.8873279Z ### REQ-INST-15
2026-06-13T10:36:10.8873967Z - Title: Immutable home subnet (assigned at creation: auto-if-one/ask-if-many) + spt fork (cross-subnet clone to a new identity, copy-then-diverge, not re-home); adapter chosen at creation from registered hostable adapters, changed only via launch/resume-under-new (ADR-0010)
2026-06-13T10:36:10.8874076Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8874123Z 
2026-06-13T10:36:10.8874207Z ### REQ-REACH-1
2026-06-13T10:36:10.8874346Z - Title: Off-node remote-drive detection + file transfer
2026-06-13T10:36:10.8874449Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8874487Z 
2026-06-13T10:36:10.8874573Z ### REQ-REACH-2
2026-06-13T10:36:10.8874716Z - Title: Remote command execution (deferred, consent-gated)
2026-06-13T10:36:10.8874806Z - Required stages: 
2026-06-13T10:36:10.8874839Z 
2026-06-13T10:36:10.8874926Z ### REQ-MSG-1
2026-06-13T10:36:10.8875346Z - Title: Local message delivery: TCP-first to a registered address, spool fallback when offline; id->address via registry (stale-clean first); reply routing (__REPLY_TO__)
2026-06-13T10:36:10.8875555Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8875599Z 
2026-06-13T10:36:10.8875689Z ### REQ-MSG-2
2026-06-13T10:36:10.8875951Z - Title: spt binary CLI surface: send/ring/ready(+--once)/list/stop/whoami, stable arg shapes + exit codes
2026-06-13T10:36:10.8876055Z - Required stages: impl, unit
2026-06-13T10:36:10.8876094Z 
2026-06-13T10:36:10.8876175Z ### REQ-MSG-3
2026-06-13T10:36:10.8876534Z - Title: Ready-agent lifecycle: register perch (info.json + listener + registry address) on ready, drain spooled backlog on startup, clean teardown
2026-06-13T10:36:10.8876643Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8876685Z 
2026-06-13T10:36:10.8876770Z ### REQ-MSG-4
2026-06-13T10:36:10.8877565Z - Title: Listener stream stdout emits EVENT envelope lines (sister-format, ADR-0001): parse the __REPLY_TO__ frame, pass pre-formed typed envelopes through verbatim (no double-wrap), compose <EVENT type="msg" from=…> otherwise, chunk oversized lines into EVENT-PART
2026-06-13T10:36:10.8877678Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8877716Z 
2026-06-13T10:36:10.8877813Z ### REQ-MSG-5
2026-06-13T10:36:10.8878514Z - Title: user-msg envelope kind + daemon identity gate: a Gateway endpoint / the local user's CLI author user-msg (the user's authority); agent-family senders re-stamped to plain msg; identity-gated never payload-trusted (KH 7.3/7.5); wire-additive (N-1 receivers tolerate the new type)
2026-06-13T10:36:10.8878623Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8878656Z 
2026-06-13T10:36:10.8878757Z ### REQ-NODE-IDENTITY
2026-06-13T10:36:10.8879047Z - Title: Ed25519 identity primitive: keypair, detached sign/verify, stable pubkey<->hex
2026-06-13T10:36:10.8879158Z - Required stages: impl, unit
2026-06-13T10:36:10.8879186Z 
2026-06-13T10:36:10.8879281Z ### REQ-NET-1
2026-06-13T10:36:10.8879444Z - Title: WAN messaging first-class, behind default-on net feature flag
2026-06-13T10:36:10.8879561Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8879594Z 
2026-06-13T10:36:10.8879679Z ### REQ-NET-2
2026-06-13T10:36:10.8879961Z - Title: n0 relay default + self-host knob + plain-language disclosure
2026-06-13T10:36:10.8880052Z - Required stages: impl
2026-06-13T10:36:10.8880086Z 
2026-06-13T10:36:10.8880172Z ### REQ-NET-3
2026-06-13T10:36:10.8880338Z - Title: Cross-node Psyche sync over P2P replaces gh-repo-sync
2026-06-13T10:36:10.8880439Z - Required stages: impl, unit
2026-06-13T10:36:10.8880467Z 
2026-06-13T10:36:10.8880562Z ### REQ-PAIR-1
2026-06-13T10:36:10.8880677Z - Title: TOTP-seeded SPAKE2 pairing
2026-06-13T10:36:10.8880782Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8880810Z 
2026-06-13T10:36:10.8880914Z ### REQ-PAIR-2
2026-06-13T10:36:10.8881040Z - Title: Local trust store with TOFU + warn-on-change
2026-06-13T10:36:10.8881144Z - Required stages: 
2026-06-13T10:36:10.8881178Z 
2026-06-13T10:36:10.8881282Z ### REQ-PAIR-3
2026-06-13T10:36:10.8881425Z - Title: Fetch current pairing code from any paired node
2026-06-13T10:36:10.8881530Z - Required stages: impl, unit
2026-06-13T10:36:10.8881568Z 
2026-06-13T10:36:10.8881670Z ### REQ-PAIR-4
2026-06-13T10:36:10.8881777Z - Title: Subnet naming on first pairing
2026-06-13T10:36:10.8881877Z - Required stages: impl, unit
2026-06-13T10:36:10.8881915Z 
2026-06-13T10:36:10.8882006Z ### REQ-PAIR-5
2026-06-13T10:36:10.8882905Z - Title: Multi-subnet pairing: subnet-name discovery input, create-new-names-up-front, rendezvous-token hashing
2026-06-13T10:36:10.8883024Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8883053Z 
2026-06-13T10:36:10.8883162Z ### REQ-PAIR-6
2026-06-13T10:36:10.8883415Z - Title: Elevation-gated per-subnet code fetch (UAC/root or elevated agent; else authenticator app)
2026-06-13T10:36:10.8883529Z - Required stages: impl, unit
2026-06-13T10:36:10.8883573Z 
2026-06-13T10:36:10.8883682Z ### REQ-PAIR-7
2026-06-13T10:36:10.8884193Z - Title: Subnet icon (inline image metadata, GUI-only consumer)
2026-06-13T10:36:10.8884307Z - Required stages: 
2026-06-13T10:36:10.8884344Z 
2026-06-13T10:36:10.8884436Z ### REQ-SUBNET-1
2026-06-13T10:36:10.8884820Z - Title: spt subnet noun namespace: status view (bare + status [NAME] [--nodes]), create (QR/otpauth), show-code; spt pair deleted
2026-06-13T10:36:10.8884929Z - Required stages: impl, unit
2026-06-13T10:36:10.8884962Z 
2026-06-13T10:36:10.8885057Z ### REQ-SUBNET-2
2026-06-13T10:36:10.8885286Z - Title: Guided join e2e: spt subnet join CLI initiator + always-on daemon pairing responder
2026-06-13T10:36:10.8885399Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8885433Z 
2026-06-13T10:36:10.8885539Z ### REQ-SUBNET-3
2026-06-13T10:36:10.8885811Z - Title: Node labels: hostname-default, gossiped, addressable in @node qualifiers (refuse-on-ambiguity)
2026-06-13T10:36:10.8885915Z - Required stages: impl, unit
2026-06-13T10:36:10.8885944Z 
2026-06-13T10:36:10.8886048Z ### REQ-SUBNET-4
2026-06-13T10:36:10.8886325Z - Title: Subnet membership mutations elevation-gated (create = seed reveal; join = trust-boundary enrollment)
2026-06-13T10:36:10.8886435Z - Required stages: impl, unit
2026-06-13T10:36:10.8886465Z 
2026-06-13T10:36:10.8886573Z ### REQ-DOCS-6
2026-06-13T10:36:10.8886883Z - Title: spt how-to <topic>: in-binary task-oriented agent instructions (anti-drift; quickstart prompts point agents at it)
2026-06-13T10:36:10.8887002Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8887031Z 
2026-06-13T10:36:10.8887122Z ### REQ-SEC-1
2026-06-13T10:36:10.8887510Z - Title: Per-endpoint access whitelist: origin-node gate, stateful-firewall (reply/outbound exempt), node-now/user-later, outer gate before grants
2026-06-13T10:36:10.8887613Z - Required stages: impl, unit
2026-06-13T10:36:10.8887651Z 
2026-06-13T10:36:10.8887743Z ### REQ-NOTIF-1
2026-06-13T10:36:10.8888082Z - Title: Notification primitive: per-subnet replicated spool, seen/dismissed, resurface-at-boundary, subsumes update+consent prompts
2026-06-13T10:36:10.8888187Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8888229Z 
2026-06-13T10:36:10.8888310Z ### REQ-NOTIF-2
2026-06-13T10:36:10.8888567Z - Title: spt notify (agent-issued subnet notif) + notif_command manifest seam (harness + shell adapters)
2026-06-13T10:36:10.8888768Z - Required stages: doc, impl, unit, int
2026-06-13T10:36:10.8888806Z 
2026-06-13T10:36:10.8888901Z ### REQ-UPD-1
2026-06-13T10:36:10.8889116Z - Title: Peer-propagated update over P2P
2026-06-13T10:36:10.8889225Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8889259Z 
2026-06-13T10:36:10.8889369Z ### REQ-UPD-2
2026-06-13T10:36:10.8889507Z - Title: All binaries signature-verified before handoff
2026-06-13T10:36:10.8889612Z - Required stages: impl, unit
2026-06-13T10:36:10.8889647Z 
2026-06-13T10:36:10.8889727Z ### REQ-UPD-3
2026-06-13T10:36:10.8889898Z - Title: No endpoint process terminates/suspends during self-update
2026-06-13T10:36:10.8890009Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8890037Z 
2026-06-13T10:36:10.8890131Z ### REQ-UPD-4
2026-06-13T10:36:10.8890312Z - Title: Update gated on user confirmation by default; opt-in full-auto
2026-06-13T10:36:10.8890418Z - Required stages: impl, unit
2026-06-13T10:36:10.8890459Z 
2026-06-13T10:36:10.8890554Z ### REQ-UPD-5
2026-06-13T10:36:10.8890698Z - Title: spt-core ripple-updates registered adapters
2026-06-13T10:36:10.8890788Z - Required stages: impl, unit
2026-06-13T10:36:10.8890821Z 
2026-06-13T10:36:10.8890918Z ### REQ-UPD-6
2026-06-13T10:36:10.8891708Z - Title: Platform-targeted update sets and debug rollout: signed multi-platform update metadata, recipient platform selection, channel-scoped monotonic counters, debug-channel opt-in via release-key overlay, local staging plus pull-based peer propagation, and maintainer-only convergence tooling (ADR-0016)
2026-06-13T10:36:10.8891823Z - Required stages: doc, impl, unit, int
2026-06-13T10:36:10.8891852Z 
2026-06-13T10:36:10.8891953Z ### REQ-UPD-7
2026-06-13T10:36:10.8893975Z - Title: Origin-source update bootstrap (`spt update fetch`): pull the latest signed release directly from the GitHub release origin (`SaberMage/spt-releases`) — the per-platform artifact + its `<asset>.release.json` SignedRelease metadata — and stage it through the EXISTING verify→stage pipeline (the same `plan_verified` gate: two-key signature + channel + monotonic rollback floor + SHA-256), after which the normal consent-notif / `spt update apply` flow is unchanged. Closes the peer-only-discovery gap (REQ-UPD-1): a first-in-fleet / isolated node can update with no peer to pull from. The signed-release anchor keeps the GitHub transport untrusted-but-verified.
2026-06-13T10:36:10.8894227Z - Required stages: impl, unit
2026-06-13T10:36:10.8894261Z 
2026-06-13T10:36:10.8894361Z ### REQ-UPD-8
2026-06-13T10:36:10.8896861Z - Title: Platform-safe `spt update fetch` + apply platform-guard (v0.3.1 cross-OS brick fix): `spt update fetch` stages the signed multi-platform `SignedUpdateSet` (`update-set.json` + every platform artifact it names), never a platform-blind single `SignedRelease`, so local apply selects `current_platform()` and P2P re-serve lets each peer select ITS own platform. Defense-in-depth: `apply_staged` REFUSES a staged single-release artifact unless it is platform-stamped for THIS node (an unstamped pre-v0.3.2 single, or a single stamped for another OS, fail-safe refuses — the guard that alone prevents the v0.3.1 brick where a Linux ELF was applied as `spt.exe`). UX: a friendly post-apply message (`Updated spt-core to vX.Y.Z.` + changelog URL) driven by an additive `product_version` metadata field, with a release-counter fallback when absent.
2026-06-13T10:36:10.8896990Z - Required stages: impl, unit
2026-06-13T10:36:10.8897025Z 
2026-06-13T10:36:10.8897123Z ### REQ-TERM-1
2026-06-13T10:36:10.8897291Z - Title: Process-supervisor terminal wrapper hosting broker PTYs
2026-06-13T10:36:10.8897396Z - Required stages: impl, unit
2026-06-13T10:36:10.8897429Z 
2026-06-13T10:36:10.8897519Z ### REQ-TERM-2
2026-06-13T10:36:10.8897701Z - Title: session-surface abstraction; send-keys + send-line injection
2026-06-13T10:36:10.8897810Z - Required stages: impl, unit
2026-06-13T10:36:10.8897838Z 
2026-06-13T10:36:10.8897928Z ### REQ-TERM-3
2026-06-13T10:36:10.8898250Z - Title: Byte-stream remote terminal streaming for v1
2026-06-13T10:36:10.8898380Z - Required stages: impl, unit
2026-06-13T10:36:10.8898413Z 
2026-06-13T10:36:10.8898502Z ### REQ-TERM-4
2026-06-13T10:36:10.8898850Z - Title: Live activity buffer (PTY digest): adapter-supplied patterns over broker PTY, spt digest pull + delta-stream, opt-in Path-B log
2026-06-13T10:36:10.8899028Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8899051Z 
2026-06-13T10:36:10.8899156Z ### REQ-FRONT-1
2026-06-13T10:36:10.8899333Z - Title: Day-one launcher/manager frontend (list/launch/attach/init)
2026-06-13T10:36:10.8899428Z - Required stages: 
2026-06-13T10:36:10.8899461Z 
2026-06-13T10:36:10.8899562Z ### REQ-INSTALL-1
2026-06-13T10:36:10.8899743Z - Title: Two install paths; signed one-line script; OS-service registration
2026-06-13T10:36:10.8899867Z - Required stages: doc, impl, int
2026-06-13T10:36:10.8899906Z 
2026-06-13T10:36:10.8900000Z ### REQ-INSTALL-2
2026-06-13T10:36:10.8900133Z - Title: Marketplace-repackaging-friendly install
2026-06-13T10:36:10.8900249Z - Required stages: doc
2026-06-13T10:36:10.8900282Z 
2026-06-13T10:36:10.8900376Z ### REQ-INSTALL-3
2026-06-13T10:36:10.8900516Z - Title: Idempotent + interactive-optional first run
2026-06-13T10:36:10.8900621Z - Required stages: impl, int
2026-06-13T10:36:10.8900663Z 
2026-06-13T10:36:10.8900752Z ### REQ-INSTALL-4
2026-06-13T10:36:10.8901367Z - Title: Adapter registration lifecycle: spt adapter add (--github, manifest-first, install-is-first-update) + soft-deregister remove + optional manifest uninstall template; node-local registered-adapter set self-update ripples over
2026-06-13T10:36:10.8901473Z - Required stages: impl, unit
2026-06-13T10:36:10.8901502Z 
2026-06-13T10:36:10.8901606Z ### REQ-MIGRATE-1
2026-06-13T10:36:10.8901898Z - Title: Auto-detect and migrate a legacy claude_skill_owl install
2026-06-13T10:36:10.8901997Z - Required stages: 
2026-06-13T10:36:10.8902030Z 
2026-06-13T10:36:10.8902127Z ### REQ-INFRA-1
2026-06-13T10:36:10.8902303Z - Title: GitHub issue tracking for v1; tangled.org as migration target
2026-06-13T10:36:10.8902412Z - Required stages: 
2026-06-13T10:36:10.8902446Z 
2026-06-13T10:36:10.8902546Z ### REQ-INSTALL-5
2026-06-13T10:36:10.8903002Z - Title: Non-interactive install path: the canonical one-liner doubles as every adapter's pack-in on-demand install (no second mechanism); sha256-verified fetch; user-PATH registration
2026-06-13T10:36:10.8903121Z - Required stages: impl, int
2026-06-13T10:36:10.8903150Z 
2026-06-13T10:36:10.8903238Z ### REQ-REL-1
2026-06-13T10:36:10.8903610Z - Title: spt-releases publish-target repo: README public face, licensing split, Pages docs at the permanent lapse-proof canonical URL (ADR-0014)
2026-06-13T10:36:10.8903725Z - Required stages: doc, impl
2026-06-13T10:36:10.8903768Z 
2026-06-13T10:36:10.8903844Z ### REQ-REL-2
2026-06-13T10:36:10.8904320Z - Title: Release asset set consumable by the self-updater: platform binaries, SHA256SUMS, SignedRelease metadata, manifest schema, mock-adapter zip; tag-triggered cross-repo pipeline
2026-06-13T10:36:10.8904426Z - Required stages: impl, int
2026-06-13T10:36:10.8904459Z 
2026-06-13T10:36:10.8904549Z ### REQ-REL-3
2026-06-13T10:36:10.8904989Z - Title: Two-key release-signing trust anchor: primary + offline never-used recovery, both pubkeys embedded in the binary's trusted set, manual local signing (ADR-0015)
2026-06-13T10:36:10.8905098Z - Required stages: impl, unit
2026-06-13T10:36:10.8905121Z 
2026-06-13T10:36:10.8905245Z ### REQ-DOCS-1
2026-06-13T10:36:10.8905436Z - Title: Dual-audience docs (human + AI dev-agent), markdown once / two depths
2026-06-13T10:36:10.8905546Z - Required stages: doc, impl
2026-06-13T10:36:10.8905575Z 
2026-06-13T10:36:10.8905686Z ### REQ-DOCS-2
2026-06-13T10:36:10.8905855Z - Title: Sub-10-minute runnable killer quickstart per audience
2026-06-13T10:36:10.8905984Z - Required stages: doc, int
2026-06-13T10:36:10.8906017Z 
2026-06-13T10:36:10.8906110Z ### REQ-DOCS-3
2026-06-13T10:36:10.8906315Z - Title: Diátaxis structure; one canonical way to do X
2026-06-13T10:36:10.8906664Z - Required stages: doc
2026-06-13T10:36:10.8906697Z 
2026-06-13T10:36:10.8906791Z ### REQ-DOCS-4
2026-06-13T10:36:10.8906979Z - Title: Agent-consumable layer (llms.txt, manifest schema, MCP, CLI help)
2026-06-13T10:36:10.8907088Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8907120Z 
2026-06-13T10:36:10.8907217Z ### REQ-DOCS-5
2026-06-13T10:36:10.8907402Z - Title: Anti-drift: rustdoc/schema/exports/CLI-help generated + CI-checked
2026-06-13T10:36:10.8907507Z - Required stages: impl, int
2026-06-13T10:36:10.8907541Z 
2026-06-13T10:36:10.8907655Z ### REQ-HAZARD-GRACE-BEFORE-SIGNOFF
2026-06-13T10:36:10.8907831Z - Title: Grace-period wait completes before composing INIT_SIGNOFF (1.1)
2026-06-13T10:36:10.8907947Z - Required stages: impl, unit
2026-06-13T10:36:10.8907989Z 
2026-06-13T10:36:10.8908108Z ### REQ-HAZARD-INFO-JSON-TORN-READ
2026-06-13T10:36:10.8908257Z - Title: State-file reads tolerate concurrent writes (1.2)
2026-06-13T10:36:10.8908370Z - Required stages: impl, unit
2026-06-13T10:36:10.8908412Z 
2026-06-13T10:36:10.8908521Z ### REQ-HAZARD-STALE-INDEX-LOCK
2026-06-13T10:36:10.8908654Z - Title: Sweep stale lockfiles on daemon boot (1.3)
2026-06-13T10:36:10.8908752Z - Required stages: impl, unit
2026-06-13T10:36:10.8908795Z 
2026-06-13T10:36:10.8908896Z ### REQ-HAZARD-DEFERRED-DRAIN
2026-06-13T10:36:10.8909135Z - Title: Deferred spool rows excluded from the event-stream drain (1.4)
2026-06-13T10:36:10.8909240Z - Required stages: impl, unit
2026-06-13T10:36:10.8909273Z 
2026-06-13T10:36:10.8909382Z ### REQ-HAZARD-WORKER-PATH
2026-06-13T10:36:10.8909550Z - Title: Single source of truth for Worker/Psyche perch location (1.5)
2026-06-13T10:36:10.8909664Z - Required stages: impl, unit
2026-06-13T10:36:10.8909697Z 
2026-06-13T10:36:10.8909926Z ### REQ-HAZARD-PARENT-PID-PREFER
2026-06-13T10:36:10.8910107Z - Title: Prefer stable parent PID / broker handle over ephemeral PID (2.1)
2026-06-13T10:36:10.8910208Z - Required stages: 
2026-06-13T10:36:10.8910250Z 
2026-06-13T10:36:10.8910355Z ### REQ-HAZARD-STDIN-SESSION-ID
2026-06-13T10:36:10.8910494Z - Title: Stdin session_id precedence over env (2.2)
2026-06-13T10:36:10.8910589Z - Required stages: 
2026-06-13T10:36:10.8910622Z 
2026-06-13T10:36:10.8910737Z ### REQ-HAZARD-HANDOFF-ARGV-COMPAT
2026-06-13T10:36:10.8910898Z - Title: Broker/brain IPC + handoff argv version-tolerant (2.3)
2026-06-13T10:36:10.8910999Z - Required stages: impl, unit
2026-06-13T10:36:10.8911028Z 
2026-06-13T10:36:10.8911138Z ### REQ-HAZARD-GEN-START-NOW
2026-06-13T10:36:10.8911284Z - Title: gen_start = now() on cold-start and handoff (2.4)
2026-06-13T10:36:10.8911384Z - Required stages: impl, int
2026-06-13T10:36:10.8911418Z 
2026-06-13T10:36:10.8911533Z ### REQ-HAZARD-EPHEMERAL-CLEANUP
2026-06-13T10:36:10.8911689Z - Title: Ephemeral perch cleanup on every ring exit path (3.1)
2026-06-13T10:36:10.8911819Z - Required stages: impl, unit
2026-06-13T10:36:10.8911852Z 
2026-06-13T10:36:10.8911970Z ### REQ-HAZARD-STALE-SIGNOFF-SENTINEL
2026-06-13T10:36:10.8912138Z - Title: Stale signoff sentinel does not kill a fresh start (3.2)
2026-06-13T10:36:10.8912247Z - Required stages: impl, unit
2026-06-13T10:36:10.8912280Z 
2026-06-13T10:36:10.8912386Z ### REQ-HAZARD-ECHO-BEFORE-SIGNOFF
2026-06-13T10:36:10.8912571Z - Title: Echo-commune fires before INIT_SIGNOFF on orphan teardown (3.3)
2026-06-13T10:36:10.8912692Z - Required stages: impl, unit
2026-06-13T10:36:10.8912725Z 
2026-06-13T10:36:10.8912833Z ### REQ-HAZARD-ENVELOPE-DECODE-ORDER
2026-06-13T10:36:10.8912987Z - Title: Envelope decode order, ampersand decoded last (4.1)
2026-06-13T10:36:10.8913092Z - Required stages: impl, unit
2026-06-13T10:36:10.8913125Z 
2026-06-13T10:36:10.8913238Z ### REQ-HAZARD-ENVELOPE-CR-LINESAFE
2026-06-13T10:36:10.8915005Z - Title: Envelope CR-linesafety (4.1): the line-framed EVENT codec must neutralize raw carriage returns — `event_body_escape` folds CRLF/lone-CR to the codec's representable linebreak (`\n`→`<br>`) BEFORE framing, so a body carrying `\r` (Windows `echo`/CRLF text crossing nodes) cannot survive into the single-line envelope and trigger a receiver terminal CR→col0 overwrite that corrupts the frame. Robustness on unrepresentable input, NOT a wire-format change (decoder untouched, amp-last invariant held). Belt-and-suspenders: `spt send`/`ring` also trim stdin (parity with `notify`).
2026-06-13T10:36:10.8915263Z - Required stages: impl, unit
2026-06-13T10:36:10.8915296Z 
2026-06-13T10:36:10.8915415Z ### REQ-HAZARD-ENVELOPE-PARSER-SAFE
2026-06-13T10:36:10.8915587Z - Title: Two-slice envelope parser is panic-free and tolerant (4.2)
2026-06-13T10:36:10.8915686Z - Required stages: impl, unit
2026-06-13T10:36:10.8915710Z 
2026-06-13T10:36:10.8915830Z ### REQ-HAZARD-EVENTPART-REASSEMBLY
2026-06-13T10:36:10.8916034Z - Title: EVENT-PART split/reassembly is byte-exact; orphan parts dropped silently
2026-06-13T10:36:10.8916154Z - Required stages: impl, unit
2026-06-13T10:36:10.8916188Z 
2026-06-13T10:36:10.8916302Z ### REQ-HAZARD-ID-CHARSET
2026-06-13T10:36:10.8916534Z - Title: Addressable-id charset reserves :/@ delimiters; validated at every creation seam (4.6)
2026-06-13T10:36:10.8916652Z - Required stages: impl, unit
2026-06-13T10:36:10.8916684Z 
2026-06-13T10:36:10.8916793Z ### REQ-HAZARD-REGISTRY-STALE-CLEAN
2026-06-13T10:36:10.8916976Z - Title: Stale registry entries degrade to fallback, never hard-fail (4.3)
2026-06-13T10:36:10.8917099Z - Required stages: impl, unit
2026-06-13T10:36:10.8917132Z 
2026-06-13T10:36:10.8917233Z ### REQ-HAZARD-REGISTRY-CONCURRENT
2026-06-13T10:36:10.8917472Z - Title: Concurrent SQLite openers (registry/spool) must not fail with 'database is locked' (4.7)
2026-06-13T10:36:10.8917567Z - Required stages: impl, unit
2026-06-13T10:36:10.8917600Z 
2026-06-13T10:36:10.8917714Z ### REQ-HAZARD-REGISTRY-DIR-CREATE
2026-06-13T10:36:10.8918215Z - Title: SQLite store opens create their parent dir themselves — a fresh-home registry op must not SQLITE_CANTOPEN (4.9)
2026-06-13T10:36:10.8918348Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8918382Z 
2026-06-13T10:36:10.8918507Z ### REQ-HAZARD-REGISTRY-EPOCH-LEASE
2026-06-13T10:36:10.8918935Z - Title: Registry merge ordered by per-node monotonic epoch, never wall-clock — a stale Active can't clobber a newer Offline (4.8, red-team #8)
2026-06-13T10:36:10.8919125Z - Required stages: impl, unit
2026-06-13T10:36:10.8919153Z 
2026-06-13T10:36:10.8919275Z ### REQ-HAZARD-DEFERRED-SURVIVE-DRAIN
2026-06-13T10:36:10.8919408Z - Title: Deferred rows survive poll drain (4.4)
2026-06-13T10:36:10.8919514Z - Required stages: impl, unit
2026-06-13T10:36:10.8919552Z 
2026-06-13T10:36:10.8919651Z ### REQ-HAZARD-INBOX-NO-DOUBLE
2026-06-13T10:36:10.8919781Z - Title: No double-delivery via legacy inbox (4.5)
2026-06-13T10:36:10.8919886Z - Required stages: impl, unit
2026-06-13T10:36:10.8919923Z 
2026-06-13T10:36:10.8920033Z ### REQ-HAZARD-WINDOWS-PID-RECYCLE
2026-06-13T10:36:10.8920200Z - Title: Windows PID-recycling false positives guarded (5.1)
2026-06-13T10:36:10.8920304Z - Required stages: impl, unit
2026-06-13T10:36:10.8920343Z 
2026-06-13T10:36:10.8920443Z ### REQ-HAZARD-EBUSY-RENAME
2026-06-13T10:36:10.8920605Z - Title: tmp-write + atomic-rename + retry on Windows EBUSY (5.2)
2026-06-13T10:36:10.8920712Z - Required stages: impl, unit
2026-06-13T10:36:10.8920744Z 
2026-06-13T10:36:10.8920853Z ### REQ-HAZARD-SUBPROCESS-TIMEOUT
2026-06-13T10:36:10.8920992Z - Title: Every harness/git subprocess has a timeout (5.3)
2026-06-13T10:36:10.8921101Z - Required stages: impl, unit
2026-06-13T10:36:10.8921139Z 
2026-06-13T10:36:10.8921240Z ### REQ-HAZARD-UNC-PATH-STRIP
2026-06-13T10:36:10.8921384Z - Title: Strip Windows UNC prefix on serialized paths (5.4)
2026-06-13T10:36:10.8921492Z - Required stages: impl, unit
2026-06-13T10:36:10.8921516Z 
2026-06-13T10:36:10.8921622Z ### REQ-HAZARD-SINGLE-PATH-SOURCE
2026-06-13T10:36:10.8921816Z - Title: Single path/registry source of truth; no layout ambiguity (6.1)
2026-06-13T10:36:10.8921920Z - Required stages: impl, unit
2026-06-13T10:36:10.8921963Z 
2026-06-13T10:36:10.8922064Z ### REQ-HAZARD-SOFT-CLEANUP
2026-06-13T10:36:10.8922384Z - Title: Soft-cleanup preserves state, removes only the ready marker (6.2)
2026-06-13T10:36:10.8922488Z - Required stages: impl, unit
2026-06-13T10:36:10.8922520Z 
2026-06-13T10:36:10.8922627Z ### REQ-HAZARD-CASCADE-WIPE-GUARD
2026-06-13T10:36:10.8922793Z - Title: No hard-delete of a parent hosting non-empty children (6.3)
2026-06-13T10:36:10.8922902Z - Required stages: impl, unit
2026-06-13T10:36:10.8922937Z 
2026-06-13T10:36:10.8923069Z ### REQ-HAZARD-DROP-FILE-SINGLE-WRITER
2026-06-13T10:36:10.8923203Z - Title: Drop files are daemon-owned single-writer (6.4)
2026-06-13T10:36:10.8923299Z - Required stages: impl, unit
2026-06-13T10:36:10.8923328Z 
2026-06-13T10:36:10.8923437Z ### REQ-HAZARD-DIRECT-WRITE-PRECEDENCE
2026-06-13T10:36:10.8923642Z - Title: Direct-write precedence marker (with node id) guards stale overwrite (6.5)
2026-06-13T10:36:10.8923752Z - Required stages: impl, unit
2026-06-13T10:36:10.8923789Z 
2026-06-13T10:36:10.8923900Z ### REQ-HAZARD-CONFLICT-BOTH-PRESERVED
2026-06-13T10:36:10.8924453Z - Title: A surfaced concurrent context pair is durably preserved (both versions, tracked artifacts) until a strictly dominating write clears it; no reconcile failure path discards an unmerged version (6.6, ADR-0013)
2026-06-13T10:36:10.8924559Z - Required stages: impl, unit
2026-06-13T10:36:10.8924598Z 
2026-06-13T10:36:10.8924711Z ### REQ-HAZARD-DETACHED-PIPE-INHERIT
2026-06-13T10:36:10.8925784Z - Title: Windows detached long-lived children must not inherit a captured caller's pipe: every detach-spawn of an immortal child (daemon, shell binary) runs bInheritHandles=FALSE, or a caller capturing output anywhere up the process chain hangs forever on a pipe that never EOFs — std-handle flag stripping is NOT sufficient (grandparent strays still flow) (5.6)
2026-06-13T10:36:10.8926003Z - Required stages: impl, unit
2026-06-13T10:36:10.8926036Z 
2026-06-13T10:36:10.8926147Z ### REQ-HAZARD-CONPTY-DSR
2026-06-13T10:36:10.8926365Z - Title: ConPTY reader must auto-answer DSR (ESC[6n) or all child output stalls (5.5)
2026-06-13T10:36:10.8926472Z - Required stages: impl, unit
2026-06-13T10:36:10.8926505Z 
2026-06-13T10:36:10.8926623Z ### REQ-HAZARD-CHILD-CONSOLE-FLASH
2026-06-13T10:36:10.8927036Z - Title: Console-subsystem children of the console-less daemon spawn with CREATE_NO_WINDOW, or each spawn flashes a visible blank window on the user's desktop (5.8)
2026-06-13T10:36:10.8927156Z - Required stages: impl, unit
2026-06-13T10:36:10.8927189Z 
2026-06-13T10:36:10.8927311Z ### REQ-HAZARD-INSTANT-UNDERFLOW
2026-06-13T10:36:10.8927879Z - Title: Scheduling never subtracts a Duration from Instant::now() (underflow-panics on a host booted more recently than the offset); 'due now / never run' is Option<Instant>=None gated on forward duration_since only (5.9)
2026-06-13T10:36:10.8927997Z - Required stages: impl, unit
2026-06-13T10:36:10.8928032Z 
2026-06-13T10:36:10.8928151Z ### REQ-HAZARD-PUMP-IPC-DEADLINE
2026-06-13T10:36:10.8929019Z - Title: The single-threaded peer pump's brain-IPC reads are deadline-bounded (PUMP_PEER_IO_TIMEOUT, total-wait per call); a TimedOut read POISONS the client and escalates to a SUPERVISED RESTART, never a per-peer retry — a black-holed peer must never wedge the whole pump
2026-06-13T10:36:10.8929142Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8929180Z 
2026-06-13T10:36:10.8929286Z ### REQ-HAZARD-SUDO-SECURE-PATH
2026-06-13T10:36:10.8930140Z - Title: Elevation guidance on Unix names the binary's ABSOLUTE path under sudo (a user-local install ~/.local/bin · ~/.cargo/bin is not on sudo's secure_path, so bare `sudo spt` dies 'command not found'); gated commands auto-elevate on an interactive TTY, else print the runnable hint (5.10)
2026-06-13T10:36:10.8930250Z - Required stages: impl, unit
2026-06-13T10:36:10.8930283Z 
2026-06-13T10:36:10.8930393Z ### REQ-HAZARD-LOCAL-API-AUTH
2026-06-13T10:36:10.8930603Z - Title: Every local `api` mutation authenticated to an endpoint/session (codex #13)
2026-06-13T10:36:10.8930708Z - Required stages: impl, unit
2026-06-13T10:36:10.8930869Z 
2026-06-13T10:36:10.8930980Z ### REQ-HAZARD-RESTART-IDEMPOTENT
2026-06-13T10:36:10.8931233Z - Title: Idempotent/exactly-once delivery across brain restart at every broker boundary (codex #14)
2026-06-13T10:36:10.8931337Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8931370Z 
2026-06-13T10:36:10.8931485Z ### REQ-HAZARD-UPDATE-ROLLBACK
2026-06-13T10:36:10.8931723Z - Title: Self-update rejects version rollback; metadata expiry + adapter content signing (codex #5)
2026-06-13T10:36:10.8931838Z - Required stages: impl, unit
2026-06-13T10:36:10.8931867Z 
2026-06-13T10:36:10.8931990Z ### REQ-HAZARD-DAEMON-HOSTED-LIVENESS
2026-06-13T10:36:10.8932385Z - Title: Daemon-hosted perches (Psyche, spt-hosted Self) derive liveness from the daemon endpoint table + info.json status, never is_process_alive(info.pid) (2.5)
2026-06-13T10:36:10.8932509Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8932543Z 
2026-06-13T10:36:10.8932662Z ### REQ-HAZARD-BROKER-PROCESS-ISOLATION
2026-06-13T10:36:10.8935362Z - Title: Broker and brain are separate processes: the broker runs as its own long-lived per-machine process that survives every brain restart, so a routine (brain-only) self-update restarts the brain onto the swapped binary while every hosted endpoint (PTY child, live QUIC conn, listening socket) stays untouched at the PROCESS level. The in-process-thread broker (daemon.rs:165-170) is a regression that silently unrealizes REQ-UPD-3 — apply degrades to an in-process Brain::handoff no-op and new code does not run until an unrelated restart (KNOWN-HAZARDS 6.7). Evidence must prove process-level survival (SPIKE-01/03 productionized as int: PTY child + live QUIC survive a brain-PROCESS restart onto a swapped binary), re-pointing the regression-masked in-process int tags currently on REQ-DAEMON-2 / REQ-UPD-3 (ADR-0018).
2026-06-13T10:36:10.8935633Z - Required stages: doc, impl, unit, int
2026-06-13T10:36:10.8935667Z 
2026-06-13T10:36:10.8935787Z ### REQ-HAZARD-ROLLBACK-STATE-COMPAT
2026-06-13T10:36:10.8945626Z - Title: A brain must not irreversibly migrate durable state before update ready-promotion: the readiness-gated auto-rollback (ADR-0018 Q7) spawns the N-1 binary against durable state the new brain may have written, so every pre-ready write must stay N-1-readable (schema migrations gated behind ready-promotion, or written N-1-tolerant/additive). Else the first in-place schema migration silently bricks rollback (KNOWN-HAZARDS 6.8). Free now — a 2026-06-09 audit confirmed zero state-migration code exists; unmintable retroactively once a migration ships.
2026-06-13T10:36:10.8945850Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8945888Z 
2026-06-13T10:36:10.8946037Z ### REQ-HAZARD-BRAIN-RESPAWN-PATH
2026-06-13T10:36:10.8948537Z - Title: The broker respawns the brain onto the APPLIED bytes, not the renamed old binary: the candidate-binary default is the canonical exe path captured ONCE at broker start, never a per-spawn std::env::current_exe() — on Linux current_exe (readlink /proc/self/exe) is inode-tracking and follows the `apply` rename (spt -> spt.old-N), so a resident broker would respawn the brain onto OLD bytes while recording `applied` (Windows GetModuleFileName is path-at-start, so Windows was green; ADR-0018 Q3 silently assumed path-string semantics). Backstop: promotion gates on bytes — a trial promotes only if brain.ready exe_hash == the staged artifact hash for this platform, else auto-rollback + loud notif (readiness != new-bytes was the false-success that recorded applied:8 over a v0.4.0 brain on kitsubito, 2026-06-11). KNOWN-HAZARDS 6.11.
2026-06-13T10:36:10.8948694Z - Required stages: doc, impl, unit, int
2026-06-13T10:36:10.8948731Z 
2026-06-13T10:36:10.8948856Z ### REQ-HAZARD-PSYCHE-OUTBOUND-PROXY
2026-06-13T10:36:10.8949699Z - Title: Psyche outbound captured + sanitized: the live-Psyche turn driver captures stdout (never Stdio::null), and the daemon strips/re-stamps Psyche-supplied from=/target and constrains routing (reply→__REPLY_TO__ sender, notify→own user/subnet) (7.3)
2026-06-13T10:36:10.8949981Z - Required stages: impl, unit
2026-06-13T10:36:10.8950019Z 
2026-06-13T10:36:10.8950144Z ### REQ-HAZARD-DAEMON-SCHED-NONBLOCKING
2026-06-13T10:36:10.8950771Z - Title: Per-agent pulse/psyche/echo-commune scheduling must not serialize across agents: each agent's bounded LLM call (echo-commune summarizer, Psyche turn) runs off the shared scheduler so one slow/hung call cannot stall another agent's tick (7.4)
2026-06-13T10:36:10.8950890Z - Required stages: impl, unit
2026-06-13T10:36:10.8950917Z 
2026-06-13T10:36:10.8951035Z ### REQ-HAZARD-PAIR-TRANSCRIPT-BIND
2026-06-13T10:36:10.8951694Z - Title: Pairing transcript binds roles, both node pubkeys, subnet ID, seed epoch, TOTP time-step, and confirmation MACs — or unknown-key-share/reflection/wrong-subnet/replay pairing remain possible (ADR-0005 #12)
2026-06-13T10:36:10.8951818Z - Required stages: impl, unit
2026-06-13T10:36:10.8951852Z 
2026-06-13T10:36:10.8951961Z ### REQ-HAZARD-PAIR-SEED-ROTATION
2026-06-13T10:36:10.8952481Z - Title: Removing a node rotates the subnet seed (epoch bump) so an old node/old seed cannot rejoin; trust-store delete alone is NOT revocation because the seed is replicated to every trusted node (ADR-0005 #10)
2026-06-13T10:36:10.8952600Z - Required stages: impl, unit
2026-06-13T10:36:10.8952638Z 
2026-06-13T10:36:10.8952745Z ### REQ-HAZARD-PAIR-RATE-LIMIT
2026-06-13T10:36:10.8953595Z - Title: Subnet-global pairing rate limit: one active ceremony per subnet, shared attempt counter, exponential backoff — a public pre-trust relay + multiple seed-holders otherwise enables distributed SPAKE2 guessing (and ±1 TOTP window triples the valid-password space) (ADR-0005 #11)
2026-06-13T10:36:10.8953696Z - Required stages: impl, unit
2026-06-13T10:36:10.8953730Z 
2026-06-13T10:36:10.8953830Z ### REQ-HAZARD-WAN-ORIGIN-AUTH
2026-06-13T10:36:10.8954731Z - Title: WAN-inbound origin is transport truth, never payload: the access gate's subject (ADR-0009 origin-node whitelist) is the QUIC handshake-proven remote node id from the broker's conn/stream table — a forged origin/node field inside record bytes is inert (7.5)
2026-06-13T10:36:10.8954845Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8954878Z 
2026-06-13T10:36:10.8954961Z ### REQ-CONSENT-1
2026-06-13T10:36:10.8955836Z - Title: Consent grant store: capability x subject-agent x target-node rows, enforced at the target node, subnet-settable (replicates as security material near the trust store), revocable; gated-capability ids (remote-exec, instantiate-anywhere) reserved-but-refusing; v1 consumers are the shell spawn gates (CONTEXT Consent & security gates)
2026-06-13T10:36:10.8955940Z - Required stages: impl, unit
2026-06-13T10:36:10.8955978Z 
2026-06-13T10:36:10.8956068Z ### REQ-CONSENT-2
2026-06-13T10:36:10.8956869Z - Title: Interactive consent escalation: an ungated high-risk action routes a consent prompt to the user's most-recently-active session; allow-once / allow-always (writes a grant) / deny; pre-consent flags (can_shutdown, shell_wake_spawn_anywhere) author grants via manifest/settings (CONTEXT Consent & security gates)
2026-06-13T10:36:10.8956983Z - Required stages: impl, unit
2026-06-13T10:36:10.8957016Z 
2026-06-13T10:36:10.8957111Z ### REQ-PRES-1
2026-06-13T10:36:10.8958424Z - Title: Presence resolution: the presence datum (last_active_node, last_active_endpoint, ts) gossiped subnet-wide via the agent-interaction heartbeat (rides registry distribution, visibility-gated) + one first-class most-recently-active resolution API consumed by notif first-fire, update-consent delivery, consent escalation, and shell wake resolution (M5 scope decision 1: resolution only — the PresenceChannel endpoint stays deferred)
2026-06-13T10:36:10.8958533Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8958571Z 
2026-06-13T10:36:10.8958665Z ### REQ-SHELL-1
2026-06-13T10:36:10.8959635Z - Title: Shell hosting machinery: shell perch under the owner (type/owner/adapter_name/status/alias), broker-launched binary + api bind local-link handshake, the three channels (command durable, text+file durable + progress-queryable, sensory REST-only never spooled + dropped-unless-owner-live), owner exclusivity (CONTEXT Shell model)
2026-06-13T10:36:10.8959884Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8959921Z 
2026-06-13T10:36:10.8960017Z ### REQ-SHELL-2
2026-06-13T10:36:10.8961436Z - Title: Shell sleep/wake: link-break always closes the binary (pre-close instruction + termination timeout), ephemeral teardown vs persistent offline/relink, wake_command wake-watcher (offline-only, exit-opcode supervision, exponential backoff + give-up), state-keyed wake resolution (dormant/suspended/active-elsewhere; no-reachable refuses — spawn-anywhere branch deferred), spt shutdown owner cascade + api owner-shutdown gated by can_shutdown (CONTEXT Shell sleep/wake)
2026-06-13T10:36:10.8961548Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8961586Z 
2026-06-13T10:36:10.8961702Z ### REQ-HAZARD-ELEVATED-DAEMON-SPAWN
2026-06-13T10:36:10.8962961Z - Title: The daemon always runs unelevated in the invoking user's universe, regardless of which command spawns it: an elevated spawner de-elevates (Windows: UAC linked token via CreateProcessWithTokenW; Linux: drop to SUDO_UID/SUDO_GID + the invoker's HOME) — an elevated daemon's pipes deny unelevated clients (every later spt reads not-running→spawn→bind Access-denied) and a sudo'd daemon roots the user's state universe (5.7)
2026-06-13T10:36:10.8963075Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8963108Z 
2026-06-13T10:36:10.8963213Z ### REQ-HAZARD-REGISTRY-GHOST-ROWS
2026-06-13T10:36:10.8964470Z - Title: A dead node identity's registry rows must decay: only the per-(endpoint,node) epoch lease supersedes rows, so without eviction a vanished node's rows are immortal and poison bare-id resolution with phantom AcrossNodes ambiguity — evict rows whose author node has not been heard (admitted inbound feed) within the eviction window; own rows never decay; a revived node re-inserts from its durable epoch within one pump cadence (4.10)
2026-06-13T10:36:10.8964690Z - Required stages: doc, impl, unit
2026-06-13T10:36:10.8964728Z 
2026-06-13T10:36:10.8964814Z ### REQ-CLI-1
2026-06-13T10:36:10.8965821Z - Title: spt endpoint noun namespace: absorbs fork/suspend/wake/shutdown/rename/stop/digest + access (ported 1:1: allow|revoke|open|list, decision 21) + description (ex-resources blurb; bare=show, set=author); merged endpoint list [--local|--subnet <name>] grouped by subnet with SELF pinned, --detail adding the ex-resources yellow-pages blurb projection; bare spt endpoint = the list (M8 decisions 1-2, 25)
2026-06-13T10:36:10.8965925Z - Required stages: impl, unit
2026-06-13T10:36:10.8965958Z 
2026-06-13T10:36:10.8966063Z ### REQ-CLI-2
2026-06-13T10:36:10.8966732Z - Title: spt daemon noun: run|stop|status (hidden daemon verb becomes daemon run; agent-endpoint shutdown keeps its name under endpoint); daemon status renders the pump heartbeat (last-tick recency) so a half-dead daemon is never rendered implied-healthy (M8 decisions 5, 23)
2026-06-13T10:36:10.8966848Z - Required stages: impl, unit
2026-06-13T10:36:10.8966886Z 
2026-06-13T10:36:10.8966980Z ### REQ-CLI-3
2026-06-13T10:36:10.8967666Z - Title: Agent hot path stays flat across the M8 reorg: send/ring/ready/whoami/how-to unchanged; notify moves to subnet notify while notif stays top-level; breaking renames land clean with no deprecation shims (zero external CLI consumers pre-spt-claude-code) (M8 decisions 3-4, 9)
2026-06-13T10:36:10.8967777Z - Required stages: impl, unit
2026-06-13T10:36:10.8967810Z 
2026-06-13T10:36:10.8967900Z ### REQ-SUBNET-5
2026-06-13T10:36:10.8969089Z - Title: Per-subnet serve-state: spt subnet detach <NAME> [--save] / attach <NAME> [--save] — daemon keeps running, stops/starts advertising + connecting for that subnet (peer pump + responder selective); --save persists the startup default in daemon config; the all-attached banner gains per-subnet states (M8 decision 6, --save renamed from --auto per decision 25 session)
2026-06-13T10:36:10.8969215Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8969368Z 
2026-06-13T10:36:10.8969452Z ### REQ-SUBNET-6
2026-06-13T10:36:10.8970129Z - Title: Trust lifecycle verbs, elevation-gated: spt subnet leave <NAME> (membership exit) and spt subnet prune <node> (removes a dead identity's trust + registry rows, killing its dead dials; trust mutation = security surface, REQ-PAIR-6 gate machinery) (M8 decisions 6-7)
2026-06-13T10:36:10.8970233Z - Required stages: impl, unit
2026-06-13T10:36:10.8970262Z 
2026-06-13T10:36:10.8970344Z ### REQ-SUBNET-7
2026-06-13T10:36:10.8971939Z - Title: Per-machine re-pair trust overwrite: registry rows carry a hashed stable machine identifier (OS machine id /etc/machine-id|MachineGuid, domain-separated SHA-256 before gossip, spt-minted persisted UUID fallback; additive serde-default field — old rows parse clean); a COMPLETED pairing ceremony presenting the same node label AND machine id as an existing trusted row evicts the superseded identity's trust + registry rows on the seed-holder and replicates the eviction; a gossiped claim alone never evicts trust (M8 decisions 13, 22)
2026-06-13T10:36:10.8972061Z - Required stages: impl, unit
2026-06-13T10:36:10.8972090Z 
2026-06-13T10:36:10.8972180Z ### REQ-SUBNET-8
2026-06-13T10:36:10.8973249Z - Title: Status render honesty: zero-subnet text is daemon-aware ('No subnets registered — this node is standalone.' + daemon-running-dependent blurb, never implying messaging works while the daemon is down); hint footer prints on bare spt subnet only (status drops it); a stalled pump is surfaced in subnet status, never rendered implied-healthy (M8 decisions 11-12, 23)
2026-06-13T10:36:10.8973358Z - Required stages: impl, unit
2026-06-13T10:36:10.8973391Z 
2026-06-13T10:36:10.8973478Z ### REQ-INSTALL-6
2026-06-13T10:36:10.8974625Z - Title: Linux elevation install leg: install.sh symlinks the binary into a sudo-reachable path (/usr/local/bin; graceful print-the-one-liner when unelevated) so sudo spt resolves; first sudo spt detects elevation and prompts ONCE for the default user account — thereafter any elevated daemon launch runs daemon + state under that account, never root (KH 5.7 interplay verified) (M8 decision 8)
2026-06-13T10:36:10.8974855Z - Required stages: impl, unit
2026-06-13T10:36:10.8974880Z 
2026-06-13T10:36:10.8974964Z ### REQ-INSTALL-7
2026-06-13T10:36:10.8976047Z - Title: Windows inbound reachability: the elevated install leg registers the inbound-UDP firewall rule (New-NetFirewallRule); the daemon self-detects blocked inbound and renders it as the no-connection state in subnet status + the coming-online banner (covers user-scope installs that skip the elevated leg — never a silent NO_SEED_HOLDER dead-end) (M8 root cause 3)
2026-06-13T10:36:10.8976151Z - Required stages: impl
2026-06-13T10:36:10.8976194Z 
2026-06-13T10:36:10.8976285Z ### REQ-INSTALL-8
2026-06-13T10:36:10.8977398Z - Title: OS-service registration (REQ-INSTALL-1's deferred third leg): Linux systemd USER service + loginctl enable-linger (linger rides the elevated install leg; daemon starts at boot pre-login, user universe per KH 5.7, systemctl --user managed); Windows scheduled task at-logon (interactive session, no stored credentials); a node is reachable after reboot without any manual spt invocation (M8 decision 17)
2026-06-13T10:36:10.8977507Z - Required stages: impl
2026-06-13T10:36:10.8977540Z 
2026-06-13T10:36:10.8977635Z ### REQ-CONV-1
2026-06-13T10:36:10.8979138Z - Title: Peer address seeding, both cold starts: durable peer-addrs.json (identity dir) maps peer pubkey → last-known dialable address; the pump's resolver consults it FIRST with id-only discovery fallback on miss or dial failure (a stale addr never strands a peer); written by the pairing ceremony (both sides, from the live connection) and by the pump on successful connect; post-join first sync and post-restart resync converge in seconds, not ~1 min (M8 decisions 14, 20)
2026-06-13T10:36:10.8979611Z - Required stages: impl, unit
2026-06-13T10:36:10.8979653Z 
2026-06-13T10:36:10.8979775Z ### REQ-CONV-2
2026-06-13T10:36:10.8981176Z - Title: Event-driven advertisement: endpoint online/offline transitions (ready-listener start/stop, rest-state transition, perch death) trigger an immediate advertise_local + peer push as a WAKE of the existing pump loop (no second advertisement path — epoch lease + visibility gates ride unchanged); the cadence stays the steady-state floor (M8 decision 15)
2026-06-13T10:36:10.8981557Z - Required stages: impl, unit
2026-06-13T10:36:10.8981590Z 
2026-06-13T10:36:10.8981709Z ### REQ-PAIR-8
2026-06-13T10:36:10.8983218Z - Title: NTP TOTP offset: the pairing ceremony queries NTP at ceremony time (both sides) and applies the derived offset to the TOTP calculation in-process only; system-clock fallback when NTP is unreachable (offline LAN pairing unaffected — NTP failure never blocks a pairing that succeeds today); never sets the OS clock; no background sync loop (M8 decision 18; field trigger: enlyzeam clock >1 min off exceeds the ±1 window)
2026-06-13T10:36:10.8983360Z - Required stages: impl, unit
2026-06-13T10:36:10.8983394Z 
2026-06-13T10:36:10.8983522Z ### REQ-DAEMON-5
2026-06-13T10:36:10.8985106Z - Title: Pump liveness: the peer pump writes a last-tick heartbeat consumed by daemon status / subnet status (decision 23 render legs in REQ-CLI-2/REQ-SUBNET-8); the daemon supervises the pump task — a panic is caught, logged loudly, and the pump restarts with capped backoff (≤5 min), so a 5.9-class death self-heals visibly instead of silently halving the daemon (M8 decision 23; field motivation: hfenduleam 2026-06-07 half-death)
2026-06-13T10:36:10.8985238Z - Required stages: impl, unit
2026-06-13T10:36:10.8985275Z 
2026-06-13T10:36:10.8985387Z ### REQ-DAEMON-6
2026-06-13T10:36:10.8987823Z - Title: Service-aware `daemon start`/`stop`: when an OS service manager has a registered spt-daemon for this user, `spt daemon start` and `spt daemon stop` drive THAT service (so stop doesn't IPC-kill a unit that auto-restart-fights for the broker socket — the kitsubito 2026-06-08 loop). `start` graduates from a `run` alias to a first-class background verb (ensure-up, idempotent, non-blocking); stop routes managed→manager, manual→IPC. Linux=systemd user unit (`systemctl --user start|stop|is-active spt-daemon`, detected by unit-file presence); Windows=no controllable manager (the logon task is boot-only), so start=detached spawn / stop=IPC.
2026-06-13T10:36:10.8988157Z - Required stages: impl, unit
2026-06-13T10:36:10.8988196Z 
2026-06-13T10:36:10.8988330Z ### REQ-DAEMON-7
2026-06-13T10:36:10.8990171Z - Title: `daemon run` is foreground-consistent on every platform: the invoking process IS the daemon, blocks until signalled, never auto-detaches or respawns into an invisible background task. The detached/de-elevated background behavior lives ONLY in `start`. Windows: an ELEVATED `daemon run` refuses with guidance (use `start`, or an unelevated shell) instead of respawning detached/de-elevated and vanishing (KH 5.7 preserved — it still never serves elevated).
2026-06-13T10:36:10.8990317Z - Required stages: impl, unit
2026-06-13T10:36:10.8990350Z 
2026-06-13T10:36:10.8990484Z ### REQ-DAEMON-8
2026-06-13T10:36:10.8991751Z - Title: Internal auto-start prefers the service: `ensure_running` (any spt command's implicit daemon start, REQ-DAEMON-3) routes through the service-aware start path — when a manager has a registered service it starts THAT, never a competing manual `spawn_detached` daemon that would fight the service for the socket.
2026-06-13T10:36:10.8991869Z - Required stages: impl, unit
2026-06-13T10:36:10.8991902Z 
2026-06-13T10:36:10.8992007Z ### REQ-DAEMON-9
2026-06-13T10:36:10.8994369Z - Title: Net-bind boot-race resilience: a daemon that comes up net-less (NetHost::start failed — e.g. the systemd unit autostarted before the network/DNS stack was ready, `Failed to create an address lookup service`) must SELF-HEAL — retry the net bring-up in the background with capped backoff and, on success, attach net to the broker + spawn the dispatcher/peer-pump (which today are gated on `net_up` at boot and so never start, leaving the node silently unreachable until a manual restart — kitsubito 2026-06-08). Status surfaces the net-less state honestly (a net-less broker renders as 'no connection', not only a pump-STALLED line with a bogus pre-boot heartbeat age). The installer's autostart unit waits for the network (`Wants=/After=network-online.target`) as belt-and-suspenders.
2026-06-13T10:36:10.8994637Z - Required stages: impl, unit
2026-06-13T10:36:10.8994675Z 
2026-06-13T10:36:10.8994789Z ### REQ-HAZARD-EPOCH-RESET
2026-06-13T10:36:10.8996108Z - Title: Advertisement-epoch reset strands a node: peers' higher last-seen epoch drops the reset node's fresh advertisements as Stale until the counter outruns history. Common case (full reinstall/re-pair) is mitigated by REQ-SUBNET-7's ceremony eviction (peer-side epoch memory dies with the deleted row — acceptance-verified); the residual narrow slice (epoch file lost, identity kept) is documented, guard deferred to a field hit (4.11)
2026-06-13T10:36:10.8996232Z - Required stages: 
2026-06-13T10:36:10.8996262Z 
2026-06-13T10:36:10.8996543Z ### REQ-MESH-1
2026-06-13T10:36:10.8998670Z - Title: Membership proof (seed-proof): symmetric current-epoch seed-knowledge replaces is_trusted at EVERY inbound gate (registry apply, WAN receive, sync, notif, connection accept). MK = HKDF(seed, domain ‖ subnet_id ‖ seed_epoch); mutual channel-bound challenge-response at connect (transcript binds both handshake-proven node pubkeys, both nonces, subnet_id, seed_epoch, role); verified once per connection, cached on the broker ConnEntry, kept warm via QUIC keep-alive so re-proof is restart/partition/rotation-only. Exact-epoch match (re-seed is the sole N-1 exception). SECURITY INVARIANTS: channel-bound (no cross-connection replay), mutual, accepts a member it never paired (the mesh property).
2026-06-13T10:36:10.8998785Z - Required stages: impl, unit, int
2026-06-13T10:36:10.8999032Z 
2026-06-13T10:36:10.8999152Z ### REQ-MESH-2
2026-06-13T10:36:10.9001800Z - Title: Member roster: node-level union-merge grow-set (per member: pubkey, label, machine_id, last-known address, last-seen — NOT the seed), the discovery directory the mesh dials by. Seeded IN FULL at pairing (seed-holder hands joiner the whole current roster, incl. offline members — folds in deferred pairing-time hostname capture + post-join address seeding); each node authors its own entry stamped with its lease_epoch, merged strictly-greater-wins (the node_label lease); exchanged only over seed-proof'd member connections; forgery-inert (a fake entry names a pubkey that still can't seed-proof). Removal needs a TOMBSTONE — a per-pubkey revoked marker that propagates, dominates the entry, gates admission (seed-proof ∧ ¬tombstoned), and prevents reinsert; cleared by a completed re-pair of that pubkey. Persists through silence (offline member keeps its entry).
2026-06-13T10:36:10.9001938Z - Required stages: impl, unit, int
2026-06-13T10:36:10.9001982Z 
2026-06-13T10:36:10.9002086Z ### REQ-MESH-3
2026-06-13T10:36:10.9003737Z - Title: Mesh row fan-out: registry rows stay OWN-AUTHORED; the only change is the push target widens from directly-paired peers to ALL roster members (a wider DIRECT fan-out, never a third-party relay). Every row/message still arrives from its author over a handshake → KNOWN-HAZARDS 7.5 (origin = handshake node) and 4.10 (eviction lease: any future update comes from that node itself, alive) PRESERVED VERBATIM. Closes the staggered A→B→C repro: C (roster-seeded with A at pairing) initiates to A, seed-proof admits C unpaired, A learns C, both push directly.
2026-06-13T10:36:10.9003875Z - Required stages: impl, unit, int
2026-06-13T10:36:10.9003899Z 
2026-06-13T10:36:10.9003990Z ### REQ-MESH-4
2026-06-13T10:36:10.9006165Z - Title: Revoke + timeboxed seed rotation + re-seed grace: `spt subnet revoke <node>...` (list, elevation-gated, revoke-only) writes roster tombstones immediately, then schedules ONE seed rotation (re-mint seed, bump seed_epoch, push new seed CONFIDENTIALLY over member-auth'd TLS connections — never in roster/registry gossip — force-drop revokees) at the close of a coalescing window (default 1h); further revokes in the window join the same rotation (one epoch bump). `--force-rotate-seed` rotates immediately (compromised-node path). RE-SEED GRACE: a node proving the immediately-prior epoch (N-1) AND still on the roster gets a re-seed-only restricted connection (auto-heals a benign offliner); revoked/off-roster denied; ≥2 stale → re-pair.
2026-06-13T10:36:10.9006410Z - Required stages: impl, unit, int
2026-06-13T10:36:10.9006434Z 
2026-06-13T10:36:10.9006526Z ### REQ-MESH-5
2026-06-13T10:36:10.9007884Z - Title: Hard cutover from pairwise trust: delete peers.json + the is_trusted authorization path (no migration — expendable test fleet, re-pairs fresh under the new model, user decision 2026-06-08). Warn-on-change DEMOTED from a gate to an awareness notice anchored on machine_id (not label): 'machine M, last seen as K1, now presents K2' — fires the same event as the REQ-SUBNET-7 re-pair overwrite. The TrustStore/peers.json code and its call sites are removed, not left dead.
2026-06-13T10:36:10.9008013Z - Required stages: impl, unit
2026-06-13T10:36:10.9008047Z 
2026-06-13T10:36:10.9008123Z ### REQ-MESH-6
2026-06-13T10:36:10.9009421Z - Title: Concurrent liveness probes: `spt subnet status --nodes` fans out its offline/serve-probes (REQ-SUBNET-5) CONCURRENTLY — total wall-time bounded by the single-probe ceiling (~3s), never k×ceiling. The mesh makes a node see ALL members (many possibly offline), so a serial probe loop would be offline_count×3s. (Planning verifies the current REQ-SUBNET-5 probe loop's behavior and fixes it if serial.)
2026-06-13T10:36:10.9009530Z - Required stages: impl, unit
2026-06-13T10:36:10.9009559Z 
2026-06-13T10:36:10.9009655Z ## How to report back
2026-06-13T10:36:10.9009689Z 
2026-06-13T10:36:10.9009864Z For every (requirement, failing criterion) pair, emit one finding:
2026-06-13T10:36:10.9010013Z 
2026-06-13T10:36:10.9010103Z     {
2026-06-13T10:36:10.9010207Z       "code": "requirement_quality",
2026-06-13T10:36:10.9010313Z       "requirementId": "REQ-...",
2026-06-13T10:36:10.9010474Z       "criterion": "singular" | "verifiable" | "atomic" | "active-voice",
2026-06-13T10:36:10.9010580Z       "message": "<short reason>",
2026-06-13T10:36:10.9010704Z       "suggestedRevision": "<optional rewrite>"
2026-06-13T10:36:10.9010799Z     }
2026-06-13T10:36:10.9010827Z 
2026-06-13T10:36:10.9011005Z Wrap your response as { "findings": [ ... ] } listing only your concerns; the
2026-06-13T10:36:10.9011142Z deterministic findings above don't need to be repeated.
