﻿2026-06-13T11:05:53.0205122Z ##[group]Run ./traceable-reqs lint || true
2026-06-13T11:05:53.0205327Z [36;1m./traceable-reqs lint || true[0m
2026-06-13T11:05:53.0217753Z shell: /usr/bin/bash -e {0}
2026-06-13T11:05:53.0217876Z ##[endgroup]
2026-06-13T11:05:53.0403324Z Requirement quality findings (93); 190 requirements queued for agent review:
2026-06-13T11:05:53.0404339Z   [must] requirement_quality REQ-API-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0404911Z   [must] requirement_quality REQ-CLI-1 criterion=length — title is 47 words; want 3..=25
2026-06-13T11:05:53.0405273Z   [must] requirement_quality REQ-CLI-2 criterion=length — title is 37 words; want 3..=25
2026-06-13T11:05:53.0405622Z   [must] requirement_quality REQ-CLI-3 criterion=length — title is 37 words; want 3..=25
2026-06-13T11:05:53.0406360Z   [must] requirement_quality REQ-CONSENT-1 criterion=length — title is 41 words; want 3..=25
2026-06-13T11:05:53.0406757Z   [must] requirement_quality REQ-CONSENT-2 criterion=length — title is 37 words; want 3..=25
2026-06-13T11:05:53.0407329Z   [must] requirement_quality REQ-CONV-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0407687Z   [must] requirement_quality REQ-CONV-1 criterion=length — title is 73 words; want 3..=25
2026-06-13T11:05:53.0408035Z   [must] requirement_quality REQ-CONV-2 criterion=length — title is 47 words; want 3..=25
2026-06-13T11:05:53.0408517Z   [must] requirement_quality REQ-DAEMON-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0408874Z   [must] requirement_quality REQ-DAEMON-5 criterion=length — title is 64 words; want 3..=25
2026-06-13T11:05:53.0409785Z   [must] requirement_quality REQ-DAEMON-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0410393Z   [must] requirement_quality REQ-DAEMON-6 criterion=length — title is 84 words; want 3..=25
2026-06-13T11:05:53.0410898Z   [must] requirement_quality REQ-DAEMON-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0411284Z   [must] requirement_quality REQ-DAEMON-7 criterion=length — title is 62 words; want 3..=25
2026-06-13T11:05:53.0411680Z   [must] requirement_quality REQ-DAEMON-8 criterion=length — title is 44 words; want 3..=25
2026-06-13T11:05:53.0412427Z   [must] requirement_quality REQ-DAEMON-9 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0412787Z   [must] requirement_quality REQ-DAEMON-9 criterion=length — title is 114 words; want 3..=25
2026-06-13T11:05:53.0413241Z   [must] requirement_quality REQ-EP-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0413560Z   [must] requirement_quality REQ-EP-6 criterion=length — title is 58 words; want 3..=25
2026-06-13T11:05:53.0413884Z   [must] requirement_quality REQ-EP-7 criterion=length — title is 68 words; want 3..=25
2026-06-13T11:05:53.0414452Z   [must] requirement_quality REQ-HAZARD-BRAIN-RESPAWN-PATH criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0414890Z   [must] requirement_quality REQ-HAZARD-BRAIN-RESPAWN-PATH criterion=length — title is 119 words; want 3..=25
2026-06-13T11:05:53.0415485Z   [must] requirement_quality REQ-HAZARD-BROKER-PROCESS-ISOLATION criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0415957Z   [must] requirement_quality REQ-HAZARD-BROKER-PROCESS-ISOLATION criterion=length — title is 114 words; want 3..=25
2026-06-13T11:05:53.0416397Z   [must] requirement_quality REQ-HAZARD-CONFLICT-BOTH-PRESERVED criterion=length — title is 29 words; want 3..=25
2026-06-13T11:05:53.0416849Z   [must] requirement_quality REQ-HAZARD-DAEMON-SCHED-NONBLOCKING criterion=length — title is 32 words; want 3..=25
2026-06-13T11:05:53.0417482Z   [must] requirement_quality REQ-HAZARD-DETACHED-PIPE-INHERIT criterion=length — title is 52 words; want 3..=25
2026-06-13T11:05:53.0418314Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0418744Z   [must] requirement_quality REQ-HAZARD-ELEVATED-DAEMON-SPAWN criterion=length — title is 58 words; want 3..=25
2026-06-13T11:05:53.0419420Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0419869Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-CR-LINESAFE criterion=length — title is 73 words; want 3..=25
2026-06-13T11:05:53.0420416Z   [must] requirement_quality REQ-HAZARD-ENVELOPE-PARSER-SAFE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0420819Z   [must] requirement_quality REQ-HAZARD-EPOCH-RESET criterion=length — title is 60 words; want 3..=25
2026-06-13T11:05:53.0421352Z   [must] requirement_quality REQ-HAZARD-GEN-START-NOW criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0421773Z   [must] requirement_quality REQ-HAZARD-INSTANT-UNDERFLOW criterion=length — title is 30 words; want 3..=25
2026-06-13T11:05:53.0422183Z   [must] requirement_quality REQ-HAZARD-PAIR-RATE-LIMIT criterion=length — title is 37 words; want 3..=25
2026-06-13T11:05:53.0422555Z   [must] requirement_quality REQ-HAZARD-PAIR-SEED-ROTATION criterion=length — title is 33 words; want 3..=25
2026-06-13T11:05:53.0423020Z   [must] requirement_quality REQ-HAZARD-PAIR-TRANSCRIPT-BIND criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0423482Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0423829Z   [must] requirement_quality REQ-HAZARD-PSYCHE-OUTBOUND-PROXY criterion=length — title is 27 words; want 3..=25
2026-06-13T11:05:53.0424276Z   [must] requirement_quality REQ-HAZARD-PUMP-IPC-DEADLINE criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0424620Z   [must] requirement_quality REQ-HAZARD-PUMP-IPC-DEADLINE criterion=length — title is 38 words; want 3..=25
2026-06-13T11:05:53.0425050Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0425522Z   [must] requirement_quality REQ-HAZARD-REGISTRY-GHOST-ROWS criterion=length — title is 66 words; want 3..=25
2026-06-13T11:05:53.0425869Z   [must] requirement_quality REQ-HAZARD-ROLLBACK-STATE-COMPAT criterion=length — title is 72 words; want 3..=25
2026-06-13T11:05:53.0426216Z   [must] requirement_quality REQ-HAZARD-SUDO-SECURE-PATH criterion=length — title is 43 words; want 3..=25
2026-06-13T11:05:53.0426550Z   [must] requirement_quality REQ-HAZARD-WAN-ORIGIN-AUTH criterion=length — title is 37 words; want 3..=25
2026-06-13T11:05:53.0426841Z   [must] requirement_quality REQ-INST-15 criterion=length — title is 32 words; want 3..=25
2026-06-13T11:05:53.0427137Z   [must] requirement_quality REQ-INSTALL-2 criterion=length — title is 2 word(s); want 3..=25
2026-06-13T11:05:53.0427523Z   [must] requirement_quality REQ-INSTALL-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0427814Z   [must] requirement_quality REQ-INSTALL-6 criterion=length — title is 56 words; want 3..=25
2026-06-13T11:05:53.0428190Z   [must] requirement_quality REQ-INSTALL-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0428468Z   [must] requirement_quality REQ-INSTALL-7 criterion=length — title is 50 words; want 3..=25
2026-06-13T11:05:53.0428745Z   [must] requirement_quality REQ-INSTALL-8 criterion=length — title is 55 words; want 3..=25
2026-06-13T11:05:53.0429318Z   [must] requirement_quality REQ-MANIFEST-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0429747Z   [must] requirement_quality REQ-MANIFEST-3 criterion=length — title is 26 words; want 3..=25
2026-06-13T11:05:53.0430037Z   [must] requirement_quality REQ-MANIFEST-4 criterion=length — title is 31 words; want 3..=25
2026-06-13T11:05:53.0430300Z   [must] requirement_quality REQ-MESH-1 criterion=length — title is 86 words; want 3..=25
2026-06-13T11:05:53.0430686Z   [must] requirement_quality REQ-MESH-2 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0430962Z   [must] requirement_quality REQ-MESH-2 criterion=length — title is 120 words; want 3..=25
2026-06-13T11:05:53.0431326Z   [must] requirement_quality REQ-MESH-3 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0431598Z   [must] requirement_quality REQ-MESH-3 criterion=length — title is 86 words; want 3..=25
2026-06-13T11:05:53.0431956Z   [must] requirement_quality REQ-MESH-4 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0432232Z   [must] requirement_quality REQ-MESH-4 criterion=length — title is 99 words; want 3..=25
2026-06-13T11:05:53.0432600Z   [must] requirement_quality REQ-MESH-5 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0432871Z   [must] requirement_quality REQ-MESH-5 criterion=length — title is 72 words; want 3..=25
2026-06-13T11:05:53.0433239Z   [must] requirement_quality REQ-MESH-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0433510Z   [must] requirement_quality REQ-MESH-6 criterion=length — title is 56 words; want 3..=25
2026-06-13T11:05:53.0433888Z   [must] requirement_quality REQ-MIGRATE-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0434165Z   [must] requirement_quality REQ-MSG-4 criterion=length — title is 31 words; want 3..=25
2026-06-13T11:05:53.0434428Z   [must] requirement_quality REQ-MSG-5 criterion=length — title is 38 words; want 3..=25
2026-06-13T11:05:53.0434690Z   [must] requirement_quality REQ-MSG-6 criterion=length — title is 65 words; want 3..=25
2026-06-13T11:05:53.0435066Z   [must] requirement_quality REQ-PAIR-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0435481Z   [must] requirement_quality REQ-PAIR-8 criterion=length — title is 67 words; want 3..=25
2026-06-13T11:05:53.0435858Z   [must] requirement_quality REQ-PRES-1 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0436129Z   [must] requirement_quality REQ-PRES-1 criterion=length — title is 48 words; want 3..=25
2026-06-13T11:05:53.0436419Z   [must] requirement_quality REQ-SEAM-SPAWN criterion=length — title is 2 word(s); want 3..=25
2026-06-13T11:05:53.0436696Z   [must] requirement_quality REQ-SHELL-1 criterion=length — title is 36 words; want 3..=25
2026-06-13T11:05:53.0436973Z   [must] requirement_quality REQ-SHELL-2 criterion=length — title is 49 words; want 3..=25
2026-06-13T11:05:53.0437245Z   [must] requirement_quality REQ-STORE-1 criterion=length — title is 34 words; want 3..=25
2026-06-13T11:05:53.0437531Z   [must] requirement_quality REQ-SUBNET-5 criterion=length — title is 52 words; want 3..=25
2026-06-13T11:05:53.0437917Z   [must] requirement_quality REQ-SUBNET-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0438194Z   [must] requirement_quality REQ-SUBNET-6 criterion=length — title is 38 words; want 3..=25
2026-06-13T11:05:53.0438565Z   [must] requirement_quality REQ-SUBNET-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0438845Z   [must] requirement_quality REQ-SUBNET-7 criterion=length — title is 75 words; want 3..=25
2026-06-13T11:05:53.0439291Z   [must] requirement_quality REQ-SUBNET-8 criterion=length — title is 53 words; want 3..=25
2026-06-13T11:05:53.0439807Z   [must] requirement_quality REQ-UPD-6 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0440084Z   [must] requirement_quality REQ-UPD-6 criterion=length — title is 32 words; want 3..=25
2026-06-13T11:05:53.0440437Z   [must] requirement_quality REQ-UPD-7 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0440718Z   [must] requirement_quality REQ-UPD-7 criterion=length — title is 88 words; want 3..=25
2026-06-13T11:05:53.0441085Z   [must] requirement_quality REQ-UPD-8 criterion=contains-and — title contains ' and ' — may smuggle multiple capabilities
2026-06-13T11:05:53.0441343Z   [must] requirement_quality REQ-UPD-8 criterion=length — title is 115 words; want 3..=25
2026-06-13T11:05:53.0441381Z 
2026-06-13T11:05:53.0441512Z # Requirement quality review
2026-06-13T11:05:53.0441551Z 
2026-06-13T11:05:53.0441759Z You are reviewing 190 requirement(s) from `traceable-reqs.toml` against a quality
2026-06-13T11:05:53.0441987Z rubric. Deterministic checks (length, contains-and, tbd-todo, duplicate-titles,
2026-06-13T11:05:53.0442206Z trailing-etc) have already run and surfaced as `requirement_quality` findings on
2026-06-13T11:05:53.0442373Z this command's output. Your task is the rubric items below.
2026-06-13T11:05:53.0442412Z 
2026-06-13T11:05:53.0442520Z ## Rubric
2026-06-13T11:05:53.0442553Z 
2026-06-13T11:05:53.0442821Z - **singular** — describes one capability; no smuggled "and"/"or" across distinct actions.
2026-06-13T11:05:53.0443079Z - **verifiable** — states an observable behavior a test or reviewer could confirm.
2026-06-13T11:05:53.0443318Z - **atomic** — cannot be split into two requirements without losing meaning.
2026-06-13T11:05:53.0443503Z - **active-voice** — clear subject and active verb.
2026-06-13T11:05:53.0443537Z 
2026-06-13T11:05:53.0444041Z If a criterion is borderline or doesn't apply, abstain — only emit findings for
2026-06-13T11:05:53.0444155Z clear concerns.
2026-06-13T11:05:53.0444202Z 
2026-06-13T11:05:53.0444311Z ## Requirements
2026-06-13T11:05:53.0444339Z 
2026-06-13T11:05:53.0444452Z ### REQ-ARCH-1
2026-06-13T11:05:53.0444597Z - Title: Many small acyclically-layered crates
2026-06-13T11:05:53.0444725Z - Required stages: impl
2026-06-13T11:05:53.0444758Z 
2026-06-13T11:05:53.0444859Z ### REQ-ARCH-2
2026-06-13T11:05:53.0445149Z - Title: Public SDK surface is spt-proto, spt-runtime, spt-msg
2026-06-13T11:05:53.0445274Z - Required stages: impl
2026-06-13T11:05:53.0445302Z 
2026-06-13T11:05:53.0445407Z ### REQ-ARCH-3
2026-06-13T11:05:53.0445626Z - Title: Wire-protocol version independent of crate semver, N-1 compat window
2026-06-13T11:05:53.0445745Z - Required stages: impl, unit
2026-06-13T11:05:53.0445774Z 
2026-06-13T11:05:53.0445884Z ### REQ-ARCH-4
2026-06-13T11:05:53.0446074Z - Title: Copy-verbatim the commodity layer from the sister project
2026-06-13T11:05:53.0446190Z - Required stages: impl, unit
2026-06-13T11:05:53.0446222Z 
2026-06-13T11:05:53.0446341Z ### REQ-DAEMON-1
2026-06-13T11:05:53.0446514Z - Title: One per-machine spt-daemon owning all per-machine state
2026-06-13T11:05:53.0446642Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0446676Z 
2026-06-13T11:05:53.0446787Z ### REQ-DAEMON-2
2026-06-13T11:05:53.0446942Z - Title: Broker/brain split for seamless self-update
2026-06-13T11:05:53.0447074Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0447109Z 
2026-06-13T11:05:53.0447219Z ### REQ-DAEMON-3
2026-06-13T11:05:53.0447389Z - Title: Any api invocation auto-starts the daemon if absent
2026-06-13T11:05:53.0447519Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0447552Z 
2026-06-13T11:05:53.0447656Z ### REQ-DAEMON-4
2026-06-13T11:05:53.0447796Z - Title: Honor every KNOWN-HAZARDS invariant
2026-06-13T11:05:53.0447914Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0447942Z 
2026-06-13T11:05:53.0448053Z ### REQ-STORE-1
2026-06-13T11:05:53.0448939Z - Title: spt-store::BranchStore (git branch as versioned KV; commit=checkpoint/tip=resume, atomic multi-key, merge-native sync) is the substrate for coarse/durable/audited state (context, registry snapshot+distribution, daemon checkpoint); hot paths (B5 fsync journal) + indexed queries (SQLite spool) excluded (ADR-0011)
2026-06-13T11:05:53.0449680Z - Required stages: impl, unit
2026-06-13T11:05:53.0449719Z 
2026-06-13T11:05:53.0449855Z ### REQ-MANIFEST-1
2026-06-13T11:05:53.0450085Z - Title: Per-adapter manifest with adapter_name and min_spt_core_version
2026-06-13T11:05:53.0450213Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0450247Z 
2026-06-13T11:05:53.0450363Z ### REQ-MANIFEST-2
2026-06-13T11:05:53.0450915Z - Title: Adapter profiles — sparse leaf-replace overlays (shipped + local), composite <adapter>:<profile> addressing, shadow-refusal, tighten-only consent floors
2026-06-13T11:05:53.0451053Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0451087Z 
2026-06-13T11:05:53.0451196Z ### REQ-MANIFEST-3
2026-06-13T11:05:53.0451835Z - Title: Adapter strings — [strings] KV tree, dot-path get-string resolving through the profile leaf-replace overlay, set-string editing a local profile's [strings] only; data-only (nothing executes a string)
2026-06-13T11:05:53.0451974Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0452007Z 
2026-06-13T11:05:53.0452120Z ### REQ-MANIFEST-4
2026-06-13T11:05:53.0452867Z - Title: Keyword hints — [[hints]] {keywords (literal/regex), text}; spt api hint --session emits at most one matched hint per message, once per session (seen-set), declaration-order first match; profiles overlay [[hints]] by leaf-replace
2026-06-13T11:05:53.0453005Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0453037Z 
2026-06-13T11:05:53.0453133Z ### REQ-SEAM-SPAWN
2026-06-13T11:05:53.0453248Z - Title: spawn-session seam
2026-06-13T11:05:53.0453366Z - Required stages: impl, unit
2026-06-13T11:05:53.0453405Z 
2026-06-13T11:05:53.0453525Z ### REQ-SEAM-POSTSPAWN
2026-06-13T11:05:53.0453677Z - Title: post-spawn / api bind seam with boot nonce
2026-06-13T11:05:53.0453802Z - Required stages: impl, unit
2026-06-13T11:05:53.0453840Z 
2026-06-13T11:05:53.0453944Z ### REQ-SEAM-PSYCHE
2026-06-13T11:05:53.0454102Z - Title: spawn-psyche seam (fresh + resume templates)
2026-06-13T11:05:53.0454221Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0454253Z 
2026-06-13T11:05:53.0454354Z ### REQ-SEAM-HISTORY
2026-06-13T11:05:53.0454876Z - Title: History subsystem (fetcher / locate-normalize / native store)
2026-06-13T11:05:53.0455008Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0455041Z 
2026-06-13T11:05:53.0455152Z ### REQ-SEAM-ACTIVITY
2026-06-13T11:05:53.0455356Z - Title: Activity/idle reported via api sentinels, not PTY quiescence
2026-06-13T11:05:53.0455472Z - Required stages: impl, unit
2026-06-13T11:05:53.0455505Z 
2026-06-13T11:05:53.0455619Z ### REQ-SEAM-INJECT
2026-06-13T11:05:53.0455800Z - Title: inject-input methods configurable per activity-state
2026-06-13T11:05:53.0455924Z - Required stages: impl, unit
2026-06-13T11:05:53.0455952Z 
2026-06-13T11:05:53.0456078Z ### REQ-SEAM-RESUME
2026-06-13T11:05:53.0456272Z - Title: resume-session seam (fresh-with-preload / continue-existing)
2026-06-13T11:05:53.0456393Z - Required stages: impl, unit
2026-06-13T11:05:53.0456426Z 
2026-06-13T11:05:53.0456549Z ### REQ-SEAM-CAPABILITY
2026-06-13T11:05:53.0456712Z - Title: Hostable endpoint-types capability declaration
2026-06-13T11:05:53.0456844Z - Required stages: impl, unit
2026-06-13T11:05:53.0456873Z 
2026-06-13T11:05:53.0456984Z ### REQ-SEAM-UPDATE
2026-06-13T11:05:53.0457168Z - Title: Adapter-update avenue (file-pull / delegated command)
2026-06-13T11:05:53.0457294Z - Required stages: impl, unit
2026-06-13T11:05:53.0457327Z 
2026-06-13T11:05:53.0457431Z ### REQ-API-1
2026-06-13T11:05:53.0457621Z - Title: api prefix and adapter_name on every machinery invocation
2026-06-13T11:05:53.0457746Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0457774Z 
2026-06-13T11:05:53.0457887Z ### REQ-API-2
2026-06-13T11:05:53.0458112Z - Title: The api subcommand surface (bind/listen/poll/state/worker/boundary/...)
2026-06-13T11:05:53.0458322Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0458356Z 
2026-06-13T11:05:53.0458469Z ### REQ-API-3
2026-06-13T11:05:53.0458618Z - Title: commune/signoff are file-drops, not commands
2026-06-13T11:05:53.0458741Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0458780Z 
2026-06-13T11:05:53.0458884Z ### REQ-START-1
2026-06-13T11:05:53.0459179Z - Title: Adapters never resolve SPT_HOME; binary on PATH; api bridging only
2026-06-13T11:05:53.0459328Z - Required stages: impl, unit
2026-06-13T11:05:53.0459366Z 
2026-06-13T11:05:53.0459476Z ### REQ-START-2
2026-06-13T11:05:53.0459634Z - Title: Harness-hosted startup: api seed then listen
2026-06-13T11:05:53.0459770Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0459803Z 
2026-06-13T11:05:53.0459918Z ### REQ-START-3
2026-06-13T11:05:53.0460096Z - Title: spt-hosted startup: spawn-session then api bind (no file)
2026-06-13T11:05:53.0460226Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0460264Z 
2026-06-13T11:05:53.0460416Z ### REQ-START-4
2026-06-13T11:05:53.0460589Z - Title: Adapter-injected env aliases (SPT/OWL/LIVE)
2026-06-13T11:05:53.0460717Z - Required stages: impl, unit
2026-06-13T11:05:53.0460749Z 
2026-06-13T11:05:53.0460856Z ### REQ-EP-1
2026-06-13T11:05:53.0461008Z - Title: Day-one endpoint types; open type system
2026-06-13T11:05:53.0461131Z - Required stages: impl, unit
2026-06-13T11:05:53.0461161Z 
2026-06-13T11:05:53.0461275Z ### REQ-EP-2
2026-06-13T11:05:53.0461456Z - Title: Agent endpoints vs Shells distinction in the type model
2026-06-13T11:05:53.0461575Z - Required stages: impl, unit
2026-06-13T11:05:53.0461608Z 
2026-06-13T11:05:53.0461722Z ### REQ-EP-3
2026-06-13T11:05:53.0461914Z - Title: Messaging payloads carry typed operation commands + file blobs
2026-06-13T11:05:53.0462042Z - Required stages: impl, unit
2026-06-13T11:05:53.0462071Z 
2026-06-13T11:05:53.0462186Z ### REQ-EP-4
2026-06-13T11:05:53.0462347Z - Title: PresenceChannel broker endpoint (seam day-one)
2026-06-13T11:05:53.0462477Z - Required stages: impl, unit
2026-06-13T11:05:53.0462511Z 
2026-06-13T11:05:53.0462614Z ### REQ-EP-5
2026-06-13T11:05:53.0463292Z - Title: Concrete shell instantiation model: spawn-mints-instance (vs relink/online), registered-on-node permission + broadcast-is-discovery, per-shell require_approval gate, max_instances_per_owner + over_cap, instance aliasing, discovery scope
2026-06-13T11:05:53.0463537Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0463570Z 
2026-06-13T11:05:53.0463674Z ### REQ-EP-6
2026-06-13T11:05:53.0465161Z - Title: Gateway type acceptance: a Gateway-typed perch binds (api bind --type, open type system — un-hardcode the live_agent default), advertises/addressable like any endpoint, owns shells (owner validation not agent-family-gated), subscribes to digests, and is the user-msg identity gate's user-backed origin (REQ-MSG-5); in-tree mock-gateway fixture (R-DOCS-2 pattern, no downstream adapter code). Cross-node WAN Gateway-origin (registry endpoint_type trust) tracked by REQ-MSG-6
2026-06-13T11:05:53.0465299Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0465332Z 
2026-06-13T11:05:53.0465441Z ### REQ-EP-7
2026-06-13T11:05:53.0467128Z - Title: Durable live-role.md: a per-agent broad-purpose statement in tracked/agents/<id>/ beside live-context.md (replicates with the mind on the same a-<id> branch); renders FIRST at start-transition context injection (role -> live-context -> project-context); SOLE writer `spt endpoint role --overwrite <file>` — mechanical no-automated-writer guarantee (echo-commune ingest / signoff / Psyche reconcile structurally exclude it). The user-backed-origin hard gate on the writer is a deferred later tightening (rides the user-msg identity plumbing)
2026-06-13T11:05:53.0467263Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0467296Z 
2026-06-13T11:05:53.0467404Z ### REQ-INST-1
2026-06-13T11:05:53.0467587Z - Title: endpoint ID vs instance split (adapter-agnostic ID)
2026-06-13T11:05:53.0467800Z - Required stages: 
2026-06-13T11:05:53.0467834Z 
2026-06-13T11:05:53.0467945Z ### REQ-INST-2
2026-06-13T11:05:53.0468081Z - Title: Per-node files, synced Psyche mind
2026-06-13T11:05:53.0468204Z - Required stages: impl, unit
2026-06-13T11:05:53.0468238Z 
2026-06-13T11:05:53.0468353Z ### REQ-INST-3
2026-06-13T11:05:53.0468510Z - Title: Dormant (warm) / suspended (cold) resting states
2026-06-13T11:05:53.0468644Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0468677Z 
2026-06-13T11:05:53.0468781Z ### REQ-INST-4
2026-06-13T11:05:53.0469100Z - Title: active to dormant/suspended fires a transition echo commune
2026-06-13T11:05:53.0469239Z - Required stages: impl, unit
2026-06-13T11:05:53.0469287Z 
2026-06-13T11:05:53.0469396Z ### REQ-INST-5
2026-06-13T11:05:53.0469592Z - Title: Two-tier context sync (live to all, project to same-project)
2026-06-13T11:05:53.0469711Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0469744Z 
2026-06-13T11:05:53.0469855Z ### REQ-INST-6
2026-06-13T11:05:53.0470064Z - Title: Deferred messages not delivered to dormant/suspended instances
2026-06-13T11:05:53.0470184Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0470217Z 
2026-06-13T11:05:53.0470330Z ### REQ-INST-7
2026-06-13T11:05:53.0470483Z - Title: Subnet registry + bare-id resolution policy
2026-06-13T11:05:53.0470605Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0470643Z 
2026-06-13T11:05:53.0470757Z ### REQ-INST-8
2026-06-13T11:05:53.0470919Z - Title: Remote-control mode distinct from local operation
2026-06-13T11:05:53.0471038Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0471071Z 
2026-06-13T11:05:53.0471173Z ### REQ-INST-9
2026-06-13T11:05:53.0471372Z - Title: Multi-subnet membership (same-user N subnets; cross-user seam)
2026-06-13T11:05:53.0471492Z - Required stages: impl, unit
2026-06-13T11:05:53.0471525Z 
2026-06-13T11:05:53.0471634Z ### REQ-INST-10
2026-06-13T11:05:53.0471854Z - Title: Qualified addressing [subnet:]id[@node] + ambiguity forces qualification
2026-06-13T11:05:53.0471982Z - Required stages: impl, unit
2026-06-13T11:05:53.0472011Z 
2026-06-13T11:05:53.0472121Z ### REQ-INST-11
2026-06-13T11:05:53.0472340Z - Title: spt rename <id> rippled to all instances (collision-checked, 6.5-reconciled)
2026-06-13T11:05:53.0472474Z - Required stages: impl, unit
2026-06-13T11:05:53.0472507Z 
2026-06-13T11:05:53.0472611Z ### REQ-INST-12
2026-06-13T11:05:53.0473014Z - Title: Endpoint visibility per-(endpoint,subnet): excluded semantics, OR-of-defaults + override, gates sync
2026-06-13T11:05:53.0473141Z - Required stages: impl, unit
2026-06-13T11:05:53.0473169Z 
2026-06-13T11:05:53.0473283Z ### REQ-INST-13
2026-06-13T11:05:53.0473467Z - Title: Subnet-exclusive sync + per-endpoint subnet-membership list
2026-06-13T11:05:53.0473590Z - Required stages: impl, unit
2026-06-13T11:05:53.0473619Z 
2026-06-13T11:05:53.0473730Z ### REQ-INST-14
2026-06-13T11:05:53.0474111Z - Title: Resource advertisement (subnet resource registry): free-text blurb, both-authored, registry projection, visibility/whitelist-gated
2026-06-13T11:05:53.0474234Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0474278Z 
2026-06-13T11:05:53.0474383Z ### REQ-INST-15
2026-06-13T11:05:53.0475092Z - Title: Immutable home subnet (assigned at creation: auto-if-one/ask-if-many) + spt fork (cross-subnet clone to a new identity, copy-then-diverge, not re-home); adapter chosen at creation from registered hostable adapters, changed only via launch/resume-under-new (ADR-0010)
2026-06-13T11:05:53.0475222Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0475256Z 
2026-06-13T11:05:53.0475369Z ### REQ-REACH-1
2026-06-13T11:05:53.0475532Z - Title: Off-node remote-drive detection + file transfer
2026-06-13T11:05:53.0475647Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0475680Z 
2026-06-13T11:05:53.0475793Z ### REQ-REACH-2
2026-06-13T11:05:53.0475960Z - Title: Remote command execution (deferred, consent-gated)
2026-06-13T11:05:53.0476076Z - Required stages: 
2026-06-13T11:05:53.0476109Z 
2026-06-13T11:05:53.0476248Z ### REQ-MSG-1
2026-06-13T11:05:53.0476801Z - Title: Local message delivery: TCP-first to a registered address, spool fallback when offline; id->address via registry (stale-clean first); reply routing (__REPLY_TO__)
2026-06-13T11:05:53.0476930Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0476959Z 
2026-06-13T11:05:53.0477068Z ### REQ-MSG-2
2026-06-13T11:05:53.0477354Z - Title: spt binary CLI surface: send/ring/ready(+--once)/list/stop/whoami, stable arg shapes + exit codes
2026-06-13T11:05:53.0477479Z - Required stages: impl, unit
2026-06-13T11:05:53.0477513Z 
2026-06-13T11:05:53.0477616Z ### REQ-MSG-3
2026-06-13T11:05:53.0478003Z - Title: Ready-agent lifecycle: register perch (info.json + listener + registry address) on ready, drain spooled backlog on startup, clean teardown
2026-06-13T11:05:53.0478109Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0478142Z 
2026-06-13T11:05:53.0478246Z ### REQ-MSG-4
2026-06-13T11:05:53.0479223Z - Title: Listener stream stdout emits EVENT envelope lines (sister-format, ADR-0001): parse the __REPLY_TO__ frame, pass pre-formed typed envelopes through verbatim (no double-wrap), compose <EVENT type="msg" from=…> otherwise, chunk oversized lines into EVENT-PART
2026-06-13T11:05:53.0479394Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0479424Z 
2026-06-13T11:05:53.0479528Z ### REQ-MSG-5
2026-06-13T11:05:53.0480257Z - Title: user-msg envelope kind + daemon identity gate: a Gateway endpoint / the local user's CLI author user-msg (the user's authority); agent-family senders re-stamped to plain msg; identity-gated never payload-trusted (KH 7.3/7.5); wire-additive (N-1 receivers tolerate the new type)
2026-06-13T11:05:53.0480382Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0480416Z 
2026-06-13T11:05:53.0480514Z ### REQ-MSG-6
2026-06-13T11:05:53.0482081Z - Title: cross-node Gateway user-msg honored via advertised endpoint_type: a user-msg from a Gateway-typed origin survives the receive_wan funnel as user-msg (vs the fail-closed re-stamp), keyed on the QUIC-handshake-proven origin node (never wire `from`). Trust boundary = subnet membership (operator-ratified 2026-06-13); no defense against an in-subnet member forging the type. Instance.endpoint_type is an additive serde-default field extending REQ-INST-7's data model. Absent/unknown type → re-stamp (N-1 rollout grace)
2026-06-13T11:05:53.0482218Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0482366Z 
2026-06-13T11:05:53.0482485Z ### REQ-NODE-IDENTITY
2026-06-13T11:05:53.0482724Z - Title: Ed25519 identity primitive: keypair, detached sign/verify, stable pubkey<->hex
2026-06-13T11:05:53.0482843Z - Required stages: impl, unit
2026-06-13T11:05:53.0482876Z 
2026-06-13T11:05:53.0482982Z ### REQ-NET-1
2026-06-13T11:05:53.0483167Z - Title: WAN messaging first-class, behind default-on net feature flag
2026-06-13T11:05:53.0483278Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0483316Z 
2026-06-13T11:05:53.0483419Z ### REQ-NET-2
2026-06-13T11:05:53.0483602Z - Title: n0 relay default + self-host knob + plain-language disclosure
2026-06-13T11:05:53.0483710Z - Required stages: impl
2026-06-13T11:05:53.0483739Z 
2026-06-13T11:05:53.0483843Z ### REQ-NET-3
2026-06-13T11:05:53.0484023Z - Title: Cross-node Psyche sync over P2P replaces gh-repo-sync
2026-06-13T11:05:53.0484131Z - Required stages: impl, unit
2026-06-13T11:05:53.0484165Z 
2026-06-13T11:05:53.0484271Z ### REQ-PAIR-1
2026-06-13T11:05:53.0484394Z - Title: TOTP-seeded SPAKE2 pairing
2026-06-13T11:05:53.0484518Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0484547Z 
2026-06-13T11:05:53.0484657Z ### REQ-PAIR-2
2026-06-13T11:05:53.0484804Z - Title: Local trust store with TOFU + warn-on-change
2026-06-13T11:05:53.0484919Z - Required stages: 
2026-06-13T11:05:53.0484948Z 
2026-06-13T11:05:53.0485052Z ### REQ-PAIR-3
2026-06-13T11:05:53.0485215Z - Title: Fetch current pairing code from any paired node
2026-06-13T11:05:53.0485334Z - Required stages: impl, unit
2026-06-13T11:05:53.0485372Z 
2026-06-13T11:05:53.0485477Z ### REQ-PAIR-4
2026-06-13T11:05:53.0485701Z - Title: Subnet naming on first pairing
2026-06-13T11:05:53.0485826Z - Required stages: impl, unit
2026-06-13T11:05:53.0485864Z 
2026-06-13T11:05:53.0485986Z ### REQ-PAIR-5
2026-06-13T11:05:53.0486305Z - Title: Multi-subnet pairing: subnet-name discovery input, create-new-names-up-front, rendezvous-token hashing
2026-06-13T11:05:53.0486424Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0486467Z 
2026-06-13T11:05:53.0486576Z ### REQ-PAIR-6
2026-06-13T11:05:53.0486842Z - Title: Elevation-gated per-subnet code fetch (UAC/root or elevated agent; else authenticator app)
2026-06-13T11:05:53.0486970Z - Required stages: impl, unit
2026-06-13T11:05:53.0486998Z 
2026-06-13T11:05:53.0487109Z ### REQ-PAIR-7
2026-06-13T11:05:53.0487280Z - Title: Subnet icon (inline image metadata, GUI-only consumer)
2026-06-13T11:05:53.0487395Z - Required stages: 
2026-06-13T11:05:53.0487424Z 
2026-06-13T11:05:53.0487528Z ### REQ-SUBNET-1
2026-06-13T11:05:53.0487862Z - Title: spt subnet noun namespace: status view (bare + status [NAME] [--nodes]), create (QR/otpauth), show-code; spt pair deleted
2026-06-13T11:05:53.0487991Z - Required stages: impl, unit
2026-06-13T11:05:53.0488019Z 
2026-06-13T11:05:53.0488130Z ### REQ-SUBNET-2
2026-06-13T11:05:53.0488369Z - Title: Guided join e2e: spt subnet join CLI initiator + always-on daemon pairing responder
2026-06-13T11:05:53.0488496Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0488524Z 
2026-06-13T11:05:53.0488639Z ### REQ-SUBNET-3
2026-06-13T11:05:53.0488916Z - Title: Node labels: hostname-default, gossiped, addressable in @node qualifiers (refuse-on-ambiguity)
2026-06-13T11:05:53.0489144Z - Required stages: impl, unit
2026-06-13T11:05:53.0489186Z 
2026-06-13T11:05:53.0489306Z ### REQ-SUBNET-4
2026-06-13T11:05:53.0489610Z - Title: Subnet membership mutations elevation-gated (create = seed reveal; join = trust-boundary enrollment)
2026-06-13T11:05:53.0489731Z - Required stages: impl, unit
2026-06-13T11:05:53.0489764Z 
2026-06-13T11:05:53.0489868Z ### REQ-DOCS-6
2026-06-13T11:05:53.0490202Z - Title: spt how-to <topic>: in-binary task-oriented agent instructions (anti-drift; quickstart prompts point agents at it)
2026-06-13T11:05:53.0490332Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0490365Z 
2026-06-13T11:05:53.0490469Z ### REQ-SEC-1
2026-06-13T11:05:53.0490865Z - Title: Per-endpoint access whitelist: origin-node gate, stateful-firewall (reply/outbound exempt), node-now/user-later, outer gate before grants
2026-06-13T11:05:53.0491098Z - Required stages: impl, unit
2026-06-13T11:05:53.0491132Z 
2026-06-13T11:05:53.0491238Z ### REQ-NOTIF-1
2026-06-13T11:05:53.0491608Z - Title: Notification primitive: per-subnet replicated spool, seen/dismissed, resurface-at-boundary, subsumes update+consent prompts
2026-06-13T11:05:53.0491729Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0491763Z 
2026-06-13T11:05:53.0491868Z ### REQ-NOTIF-2
2026-06-13T11:05:53.0492148Z - Title: spt notify (agent-issued subnet notif) + notif_command manifest seam (harness + shell adapters)
2026-06-13T11:05:53.0492274Z - Required stages: doc, impl, unit, int
2026-06-13T11:05:53.0492307Z 
2026-06-13T11:05:53.0492416Z ### REQ-UPD-1
2026-06-13T11:05:53.0492541Z - Title: Peer-propagated update over P2P
2026-06-13T11:05:53.0492674Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0492706Z 
2026-06-13T11:05:53.0492817Z ### REQ-UPD-2
2026-06-13T11:05:53.0492984Z - Title: All binaries signature-verified before handoff
2026-06-13T11:05:53.0493107Z - Required stages: impl, unit
2026-06-13T11:05:53.0493141Z 
2026-06-13T11:05:53.0493251Z ### REQ-UPD-3
2026-06-13T11:05:53.0493446Z - Title: No endpoint process terminates/suspends during self-update
2026-06-13T11:05:53.0493561Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0493598Z 
2026-06-13T11:05:53.0493703Z ### REQ-UPD-4
2026-06-13T11:05:53.0493899Z - Title: Update gated on user confirmation by default; opt-in full-auto
2026-06-13T11:05:53.0494018Z - Required stages: impl, unit
2026-06-13T11:05:53.0494047Z 
2026-06-13T11:05:53.0494158Z ### REQ-UPD-5
2026-06-13T11:05:53.0494413Z - Title: spt-core ripple-updates registered adapters
2026-06-13T11:05:53.0494536Z - Required stages: impl, unit
2026-06-13T11:05:53.0494569Z 
2026-06-13T11:05:53.0494682Z ### REQ-UPD-6
2026-06-13T11:05:53.0495503Z - Title: Platform-targeted update sets and debug rollout: signed multi-platform update metadata, recipient platform selection, channel-scoped monotonic counters, debug-channel opt-in via release-key overlay, local staging plus pull-based peer propagation, and maintainer-only convergence tooling (ADR-0016)
2026-06-13T11:05:53.0495640Z - Required stages: doc, impl, unit, int
2026-06-13T11:05:53.0495674Z 
2026-06-13T11:05:53.0495789Z ### REQ-UPD-7
2026-06-13T11:05:53.0497769Z - Title: Origin-source update bootstrap (`spt update fetch`): pull the latest signed release directly from the GitHub release origin (`SaberMage/spt-releases`) — the per-platform artifact + its `<asset>.release.json` SignedRelease metadata — and stage it through the EXISTING verify→stage pipeline (the same `plan_verified` gate: two-key signature + channel + monotonic rollback floor + SHA-256), after which the normal consent-notif / `spt update apply` flow is unchanged. Closes the peer-only-discovery gap (REQ-UPD-1): a first-in-fleet / isolated node can update with no peer to pull from. The signed-release anchor keeps the GitHub transport untrusted-but-verified.
2026-06-13T11:05:53.0497902Z - Required stages: impl, unit
2026-06-13T11:05:53.0497940Z 
2026-06-13T11:05:53.0498051Z ### REQ-UPD-8
2026-06-13T11:05:53.0500620Z - Title: Platform-safe `spt update fetch` + apply platform-guard (v0.3.1 cross-OS brick fix): `spt update fetch` stages the signed multi-platform `SignedUpdateSet` (`update-set.json` + every platform artifact it names), never a platform-blind single `SignedRelease`, so local apply selects `current_platform()` and P2P re-serve lets each peer select ITS own platform. Defense-in-depth: `apply_staged` REFUSES a staged single-release artifact unless it is platform-stamped for THIS node (an unstamped pre-v0.3.2 single, or a single stamped for another OS, fail-safe refuses — the guard that alone prevents the v0.3.1 brick where a Linux ELF was applied as `spt.exe`). UX: a friendly post-apply message (`Updated spt-core to vX.Y.Z.` + changelog URL) driven by an additive `product_version` metadata field, with a release-counter fallback when absent.
2026-06-13T11:05:53.0500858Z - Required stages: impl, unit
2026-06-13T11:05:53.0500892Z 
2026-06-13T11:05:53.0501006Z ### REQ-TERM-1
2026-06-13T11:05:53.0501188Z - Title: Process-supervisor terminal wrapper hosting broker PTYs
2026-06-13T11:05:53.0501310Z - Required stages: impl, unit
2026-06-13T11:05:53.0501344Z 
2026-06-13T11:05:53.0501454Z ### REQ-TERM-2
2026-06-13T11:05:53.0501639Z - Title: session-surface abstraction; send-keys + send-line injection
2026-06-13T11:05:53.0501764Z - Required stages: impl, unit
2026-06-13T11:05:53.0501793Z 
2026-06-13T11:05:53.0501889Z ### REQ-TERM-3
2026-06-13T11:05:53.0502044Z - Title: Byte-stream remote terminal streaming for v1
2026-06-13T11:05:53.0502158Z - Required stages: impl, unit
2026-06-13T11:05:53.0502197Z 
2026-06-13T11:05:53.0502294Z ### REQ-TERM-4
2026-06-13T11:05:53.0502656Z - Title: Live activity buffer (PTY digest): adapter-supplied patterns over broker PTY, spt digest pull + delta-stream, opt-in Path-B log
2026-06-13T11:05:53.0502771Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0502810Z 
2026-06-13T11:05:53.0502915Z ### REQ-FRONT-1
2026-06-13T11:05:53.0503091Z - Title: Day-one launcher/manager frontend (list/launch/attach/init)
2026-06-13T11:05:53.0503205Z - Required stages: 
2026-06-13T11:05:53.0503234Z 
2026-06-13T11:05:53.0503338Z ### REQ-INSTALL-1
2026-06-13T11:05:53.0503544Z - Title: Two install paths; signed one-line script; OS-service registration
2026-06-13T11:05:53.0503663Z - Required stages: doc, impl, int
2026-06-13T11:05:53.0503686Z 
2026-06-13T11:05:53.0503792Z ### REQ-INSTALL-2
2026-06-13T11:05:53.0503944Z - Title: Marketplace-repackaging-friendly install
2026-06-13T11:05:53.0504158Z - Required stages: doc
2026-06-13T11:05:53.0504196Z 
2026-06-13T11:05:53.0504297Z ### REQ-INSTALL-3
2026-06-13T11:05:53.0504445Z - Title: Idempotent + interactive-optional first run
2026-06-13T11:05:53.0504564Z - Required stages: impl, int
2026-06-13T11:05:53.0504593Z 
2026-06-13T11:05:53.0504704Z ### REQ-INSTALL-4
2026-06-13T11:05:53.0505333Z - Title: Adapter registration lifecycle: spt adapter add (--github, manifest-first, install-is-first-update) + soft-deregister remove + optional manifest uninstall template; node-local registered-adapter set self-update ripples over
2026-06-13T11:05:53.0505453Z - Required stages: impl, unit
2026-06-13T11:05:53.0505486Z 
2026-06-13T11:05:53.0505600Z ### REQ-MIGRATE-1
2026-06-13T11:05:53.0505772Z - Title: Auto-detect and migrate a legacy claude_skill_owl install
2026-06-13T11:05:53.0505891Z - Required stages: 
2026-06-13T11:05:53.0505919Z 
2026-06-13T11:05:53.0506030Z ### REQ-INFRA-1
2026-06-13T11:05:53.0506205Z - Title: GitHub issue tracking for v1; tangled.org as migration target
2026-06-13T11:05:53.0506317Z - Required stages: 
2026-06-13T11:05:53.0506349Z 
2026-06-13T11:05:53.0506449Z ### REQ-INSTALL-5
2026-06-13T11:05:53.0506941Z - Title: Non-interactive install path: the canonical one-liner doubles as every adapter's pack-in on-demand install (no second mechanism); sha256-verified fetch; user-PATH registration
2026-06-13T11:05:53.0507073Z - Required stages: impl, int
2026-06-13T11:05:53.0507106Z 
2026-06-13T11:05:53.0507203Z ### REQ-REL-1
2026-06-13T11:05:53.0507593Z - Title: spt-releases publish-target repo: README public face, licensing split, Pages docs at the permanent lapse-proof canonical URL (ADR-0014)
2026-06-13T11:05:53.0507710Z - Required stages: doc, impl
2026-06-13T11:05:53.0507748Z 
2026-06-13T11:05:53.0507857Z ### REQ-REL-2
2026-06-13T11:05:53.0508344Z - Title: Release asset set consumable by the self-updater: platform binaries, SHA256SUMS, SignedRelease metadata, manifest schema, mock-adapter zip; tag-triggered cross-repo pipeline
2026-06-13T11:05:53.0508462Z - Required stages: impl, int
2026-06-13T11:05:53.0508496Z 
2026-06-13T11:05:53.0508601Z ### REQ-REL-3
2026-06-13T11:05:53.0509125Z - Title: Two-key release-signing trust anchor: primary + offline never-used recovery, both pubkeys embedded in the binary's trusted set, manual local signing (ADR-0015)
2026-06-13T11:05:53.0509250Z - Required stages: impl, unit
2026-06-13T11:05:53.0509373Z 
2026-06-13T11:05:53.0509484Z ### REQ-DOCS-1
2026-06-13T11:05:53.0509688Z - Title: Dual-audience docs (human + AI dev-agent), markdown once / two depths
2026-06-13T11:05:53.0509813Z - Required stages: doc, impl
2026-06-13T11:05:53.0509846Z 
2026-06-13T11:05:53.0509955Z ### REQ-DOCS-2
2026-06-13T11:05:53.0510114Z - Title: Sub-10-minute runnable killer quickstart per audience
2026-06-13T11:05:53.0510232Z - Required stages: doc, int
2026-06-13T11:05:53.0510260Z 
2026-06-13T11:05:53.0510364Z ### REQ-DOCS-3
2026-06-13T11:05:53.0510570Z - Title: Diátaxis structure; one canonical way to do X
2026-06-13T11:05:53.0510683Z - Required stages: doc
2026-06-13T11:05:53.0510721Z 
2026-06-13T11:05:53.0510828Z ### REQ-DOCS-4
2026-06-13T11:05:53.0511036Z - Title: Agent-consumable layer (llms.txt, manifest schema, MCP, CLI help)
2026-06-13T11:05:53.0511157Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0511189Z 
2026-06-13T11:05:53.0511298Z ### REQ-DOCS-5
2026-06-13T11:05:53.0511509Z - Title: Anti-drift: rustdoc/schema/exports/CLI-help generated + CI-checked
2026-06-13T11:05:53.0511627Z - Required stages: impl, int
2026-06-13T11:05:53.0511661Z 
2026-06-13T11:05:53.0511795Z ### REQ-HAZARD-GRACE-BEFORE-SIGNOFF
2026-06-13T11:05:53.0511985Z - Title: Grace-period wait completes before composing INIT_SIGNOFF (1.1)
2026-06-13T11:05:53.0512110Z - Required stages: impl, unit
2026-06-13T11:05:53.0512143Z 
2026-06-13T11:05:53.0512262Z ### REQ-HAZARD-INFO-JSON-TORN-READ
2026-06-13T11:05:53.0512425Z - Title: State-file reads tolerate concurrent writes (1.2)
2026-06-13T11:05:53.0512547Z - Required stages: impl, unit
2026-06-13T11:05:53.0512580Z 
2026-06-13T11:05:53.0512803Z ### REQ-HAZARD-STALE-INDEX-LOCK
2026-06-13T11:05:53.0512959Z - Title: Sweep stale lockfiles on daemon boot (1.3)
2026-06-13T11:05:53.0513074Z - Required stages: impl, unit
2026-06-13T11:05:53.0513108Z 
2026-06-13T11:05:53.0513236Z ### REQ-HAZARD-DEFERRED-DRAIN
2026-06-13T11:05:53.0513432Z - Title: Deferred spool rows excluded from the event-stream drain (1.4)
2026-06-13T11:05:53.0513555Z - Required stages: impl, unit
2026-06-13T11:05:53.0513589Z 
2026-06-13T11:05:53.0513709Z ### REQ-HAZARD-WORKER-PATH
2026-06-13T11:05:53.0513889Z - Title: Single source of truth for Worker/Psyche perch location (1.5)
2026-06-13T11:05:53.0514009Z - Required stages: impl, unit
2026-06-13T11:05:53.0514042Z 
2026-06-13T11:05:53.0514170Z ### REQ-HAZARD-PARENT-PID-PREFER
2026-06-13T11:05:53.0514367Z - Title: Prefer stable parent PID / broker handle over ephemeral PID (2.1)
2026-06-13T11:05:53.0514480Z - Required stages: 
2026-06-13T11:05:53.0514509Z 
2026-06-13T11:05:53.0514629Z ### REQ-HAZARD-STDIN-SESSION-ID
2026-06-13T11:05:53.0514790Z - Title: Stdin session_id precedence over env (2.2)
2026-06-13T11:05:53.0514901Z - Required stages: 
2026-06-13T11:05:53.0514939Z 
2026-06-13T11:05:53.0515066Z ### REQ-HAZARD-HANDOFF-ARGV-COMPAT
2026-06-13T11:05:53.0515240Z - Title: Broker/brain IPC + handoff argv version-tolerant (2.3)
2026-06-13T11:05:53.0515353Z - Required stages: impl, unit
2026-06-13T11:05:53.0515390Z 
2026-06-13T11:05:53.0515513Z ### REQ-HAZARD-GEN-START-NOW
2026-06-13T11:05:53.0515666Z - Title: gen_start = now() on cold-start and handoff (2.4)
2026-06-13T11:05:53.0515788Z - Required stages: impl, int
2026-06-13T11:05:53.0515821Z 
2026-06-13T11:05:53.0515946Z ### REQ-HAZARD-EPHEMERAL-CLEANUP
2026-06-13T11:05:53.0516117Z - Title: Ephemeral perch cleanup on every ring exit path (3.1)
2026-06-13T11:05:53.0516238Z - Required stages: impl, unit
2026-06-13T11:05:53.0516270Z 
2026-06-13T11:05:53.0516393Z ### REQ-HAZARD-STALE-SIGNOFF-SENTINEL
2026-06-13T11:05:53.0516581Z - Title: Stale signoff sentinel does not kill a fresh start (3.2)
2026-06-13T11:05:53.0516713Z - Required stages: impl, unit
2026-06-13T11:05:53.0516737Z 
2026-06-13T11:05:53.0516862Z ### REQ-HAZARD-ECHO-BEFORE-SIGNOFF
2026-06-13T11:05:53.0517052Z - Title: Echo-commune fires before INIT_SIGNOFF on orphan teardown (3.3)
2026-06-13T11:05:53.0517167Z - Required stages: impl, unit
2026-06-13T11:05:53.0517295Z 
2026-06-13T11:05:53.0517428Z ### REQ-HAZARD-ENVELOPE-DECODE-ORDER
2026-06-13T11:05:53.0517600Z - Title: Envelope decode order, ampersand decoded last (4.1)
2026-06-13T11:05:53.0517720Z - Required stages: impl, unit
2026-06-13T11:05:53.0517748Z 
2026-06-13T11:05:53.0517882Z ### REQ-HAZARD-ENVELOPE-CR-LINESAFE
2026-06-13T11:05:53.0519661Z - Title: Envelope CR-linesafety (4.1): the line-framed EVENT codec must neutralize raw carriage returns — `event_body_escape` folds CRLF/lone-CR to the codec's representable linebreak (`\n`→`<br>`) BEFORE framing, so a body carrying `\r` (Windows `echo`/CRLF text crossing nodes) cannot survive into the single-line envelope and trigger a receiver terminal CR→col0 overwrite that corrupts the frame. Robustness on unrepresentable input, NOT a wire-format change (decoder untouched, amp-last invariant held). Belt-and-suspenders: `spt send`/`ring` also trim stdin (parity with `notify`).
2026-06-13T11:05:53.0519786Z - Required stages: impl, unit
2026-06-13T11:05:53.0519824Z 
2026-06-13T11:05:53.0519953Z ### REQ-HAZARD-ENVELOPE-PARSER-SAFE
2026-06-13T11:05:53.0520129Z - Title: Two-slice envelope parser is panic-free and tolerant (4.2)
2026-06-13T11:05:53.0520248Z - Required stages: impl, unit
2026-06-13T11:05:53.0520281Z 
2026-06-13T11:05:53.0520411Z ### REQ-HAZARD-EVENTPART-REASSEMBLY
2026-06-13T11:05:53.0520625Z - Title: EVENT-PART split/reassembly is byte-exact; orphan parts dropped silently
2026-06-13T11:05:53.0520745Z - Required stages: impl, unit
2026-06-13T11:05:53.0520783Z 
2026-06-13T11:05:53.0520886Z ### REQ-HAZARD-ID-CHARSET
2026-06-13T11:05:53.0521149Z - Title: Addressable-id charset reserves :/@ delimiters; validated at every creation seam (4.6)
2026-06-13T11:05:53.0521368Z - Required stages: impl, unit
2026-06-13T11:05:53.0521402Z 
2026-06-13T11:05:53.0521515Z ### REQ-HAZARD-REGISTRY-STALE-CLEAN
2026-06-13T11:05:53.0521707Z - Title: Stale registry entries degrade to fallback, never hard-fail (4.3)
2026-06-13T11:05:53.0521821Z - Required stages: impl, unit
2026-06-13T11:05:53.0521859Z 
2026-06-13T11:05:53.0521988Z ### REQ-HAZARD-REGISTRY-CONCURRENT
2026-06-13T11:05:53.0522250Z - Title: Concurrent SQLite openers (registry/spool) must not fail with 'database is locked' (4.7)
2026-06-13T11:05:53.0522360Z - Required stages: impl, unit
2026-06-13T11:05:53.0522393Z 
2026-06-13T11:05:53.0522516Z ### REQ-HAZARD-REGISTRY-DIR-CREATE
2026-06-13T11:05:53.0522894Z - Title: SQLite store opens create their parent dir themselves — a fresh-home registry op must not SQLITE_CANTOPEN (4.9)
2026-06-13T11:05:53.0523013Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0523046Z 
2026-06-13T11:05:53.0523179Z ### REQ-HAZARD-REGISTRY-EPOCH-LEASE
2026-06-13T11:05:53.0523615Z - Title: Registry merge ordered by per-node monotonic epoch, never wall-clock — a stale Active can't clobber a newer Offline (4.8, red-team #8)
2026-06-13T11:05:53.0523730Z - Required stages: impl, unit
2026-06-13T11:05:53.0523762Z 
2026-06-13T11:05:53.0523892Z ### REQ-HAZARD-DEFERRED-SURVIVE-DRAIN
2026-06-13T11:05:53.0524040Z - Title: Deferred rows survive poll drain (4.4)
2026-06-13T11:05:53.0524153Z - Required stages: impl, unit
2026-06-13T11:05:53.0524187Z 
2026-06-13T11:05:53.0524306Z ### REQ-HAZARD-INBOX-NO-DOUBLE
2026-06-13T11:05:53.0524449Z - Title: No double-delivery via legacy inbox (4.5)
2026-06-13T11:05:53.0524560Z - Required stages: impl, unit
2026-06-13T11:05:53.0524593Z 
2026-06-13T11:05:53.0524726Z ### REQ-HAZARD-WINDOWS-PID-RECYCLE
2026-06-13T11:05:53.0524903Z - Title: Windows PID-recycling false positives guarded (5.1)
2026-06-13T11:05:53.0525022Z - Required stages: impl, unit
2026-06-13T11:05:53.0525059Z 
2026-06-13T11:05:53.0525175Z ### REQ-HAZARD-EBUSY-RENAME
2026-06-13T11:05:53.0525356Z - Title: tmp-write + atomic-rename + retry on Windows EBUSY (5.2)
2026-06-13T11:05:53.0525476Z - Required stages: impl, unit
2026-06-13T11:05:53.0525509Z 
2026-06-13T11:05:53.0525641Z ### REQ-HAZARD-SUBPROCESS-TIMEOUT
2026-06-13T11:05:53.0525800Z - Title: Every harness/git subprocess has a timeout (5.3)
2026-06-13T11:05:53.0526027Z - Required stages: impl, unit
2026-06-13T11:05:53.0526064Z 
2026-06-13T11:05:53.0526184Z ### REQ-HAZARD-UNC-PATH-STRIP
2026-06-13T11:05:53.0526353Z - Title: Strip Windows UNC prefix on serialized paths (5.4)
2026-06-13T11:05:53.0532220Z - Required stages: impl, unit
2026-06-13T11:05:53.0532272Z 
2026-06-13T11:05:53.0532424Z ### REQ-HAZARD-SINGLE-PATH-SOURCE
2026-06-13T11:05:53.0532653Z - Title: Single path/registry source of truth; no layout ambiguity (6.1)
2026-06-13T11:05:53.0532790Z - Required stages: impl, unit
2026-06-13T11:05:53.0532824Z 
2026-06-13T11:05:53.0532944Z ### REQ-HAZARD-SOFT-CLEANUP
2026-06-13T11:05:53.0533149Z - Title: Soft-cleanup preserves state, removes only the ready marker (6.2)
2026-06-13T11:05:53.0533287Z - Required stages: impl, unit
2026-06-13T11:05:53.0533324Z 
2026-06-13T11:05:53.0533463Z ### REQ-HAZARD-CASCADE-WIPE-GUARD
2026-06-13T11:05:53.0533639Z - Title: No hard-delete of a parent hosting non-empty children (6.3)
2026-06-13T11:05:53.0533762Z - Required stages: impl, unit
2026-06-13T11:05:53.0533801Z 
2026-06-13T11:05:53.0533928Z ### REQ-HAZARD-DROP-FILE-SINGLE-WRITER
2026-06-13T11:05:53.0534093Z - Title: Drop files are daemon-owned single-writer (6.4)
2026-06-13T11:05:53.0534214Z - Required stages: impl, unit
2026-06-13T11:05:53.0534248Z 
2026-06-13T11:05:53.0534375Z ### REQ-HAZARD-DIRECT-WRITE-PRECEDENCE
2026-06-13T11:05:53.0534609Z - Title: Direct-write precedence marker (with node id) guards stale overwrite (6.5)
2026-06-13T11:05:53.0534728Z - Required stages: impl, unit
2026-06-13T11:05:53.0534762Z 
2026-06-13T11:05:53.0534881Z ### REQ-HAZARD-CONFLICT-BOTH-PRESERVED
2026-06-13T11:05:53.0535458Z - Title: A surfaced concurrent context pair is durably preserved (both versions, tracked artifacts) until a strictly dominating write clears it; no reconcile failure path discards an unmerged version (6.6, ADR-0013)
2026-06-13T11:05:53.0535701Z - Required stages: impl, unit
2026-06-13T11:05:53.0535735Z 
2026-06-13T11:05:53.0535867Z ### REQ-HAZARD-DETACHED-PIPE-INHERIT
2026-06-13T11:05:53.0537004Z - Title: Windows detached long-lived children must not inherit a captured caller's pipe: every detach-spawn of an immortal child (daemon, shell binary) runs bInheritHandles=FALSE, or a caller capturing output anywhere up the process chain hangs forever on a pipe that never EOFs — std-handle flag stripping is NOT sufficient (grandparent strays still flow) (5.6)
2026-06-13T11:05:53.0537119Z - Required stages: impl, unit
2026-06-13T11:05:53.0537157Z 
2026-06-13T11:05:53.0537275Z ### REQ-HAZARD-CONPTY-DSR
2026-06-13T11:05:53.0537500Z - Title: ConPTY reader must auto-answer DSR (ESC[6n) or all child output stalls (5.5)
2026-06-13T11:05:53.0537619Z - Required stages: impl, unit
2026-06-13T11:05:53.0537658Z 
2026-06-13T11:05:53.0537792Z ### REQ-HAZARD-CHILD-CONSOLE-FLASH
2026-06-13T11:05:53.0538225Z - Title: Console-subsystem children of the console-less daemon spawn with CREATE_NO_WINDOW, or each spawn flashes a visible blank window on the user's desktop (5.8)
2026-06-13T11:05:53.0538345Z - Required stages: impl, unit
2026-06-13T11:05:53.0538378Z 
2026-06-13T11:05:53.0538501Z ### REQ-HAZARD-INSTANT-UNDERFLOW
2026-06-13T11:05:53.0539181Z - Title: Scheduling never subtracts a Duration from Instant::now() (underflow-panics on a host booted more recently than the offset); 'due now / never run' is Option<Instant>=None gated on forward duration_since only (5.9)
2026-06-13T11:05:53.0539297Z - Required stages: impl, unit
2026-06-13T11:05:53.0539330Z 
2026-06-13T11:05:53.0539452Z ### REQ-HAZARD-PUMP-IPC-DEADLINE
2026-06-13T11:05:53.0540277Z - Title: The single-threaded peer pump's brain-IPC reads are deadline-bounded (PUMP_PEER_IO_TIMEOUT, total-wait per call); a TimedOut read POISONS the client and escalates to a SUPERVISED RESTART, never a per-peer retry — a black-holed peer must never wedge the whole pump
2026-06-13T11:05:53.0540409Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0540448Z 
2026-06-13T11:05:53.0540564Z ### REQ-HAZARD-SUDO-SECURE-PATH
2026-06-13T11:05:53.0541402Z - Title: Elevation guidance on Unix names the binary's ABSOLUTE path under sudo (a user-local install ~/.local/bin · ~/.cargo/bin is not on sudo's secure_path, so bare `sudo spt` dies 'command not found'); gated commands auto-elevate on an interactive TTY, else print the runnable hint (5.10)
2026-06-13T11:05:53.0541630Z - Required stages: impl, unit
2026-06-13T11:05:53.0541664Z 
2026-06-13T11:05:53.0541784Z ### REQ-HAZARD-LOCAL-API-AUTH
2026-06-13T11:05:53.0542002Z - Title: Every local `api` mutation authenticated to an endpoint/session (codex #13)
2026-06-13T11:05:53.0542116Z - Required stages: impl, unit
2026-06-13T11:05:53.0542150Z 
2026-06-13T11:05:53.0542274Z ### REQ-HAZARD-RESTART-IDEMPOTENT
2026-06-13T11:05:53.0542550Z - Title: Idempotent/exactly-once delivery across brain restart at every broker boundary (codex #14)
2026-06-13T11:05:53.0542669Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0542702Z 
2026-06-13T11:05:53.0542822Z ### REQ-HAZARD-UPDATE-ROLLBACK
2026-06-13T11:05:53.0543084Z - Title: Self-update rejects version rollback; metadata expiry + adapter content signing (codex #5)
2026-06-13T11:05:53.0543208Z - Required stages: impl, unit
2026-06-13T11:05:53.0543246Z 
2026-06-13T11:05:53.0543380Z ### REQ-HAZARD-DAEMON-HOSTED-LIVENESS
2026-06-13T11:05:53.0543809Z - Title: Daemon-hosted perches (Psyche, spt-hosted Self) derive liveness from the daemon endpoint table + info.json status, never is_process_alive(info.pid) (2.5)
2026-06-13T11:05:53.0543942Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0543975Z 
2026-06-13T11:05:53.0544105Z ### REQ-HAZARD-BROKER-PROCESS-ISOLATION
2026-06-13T11:05:53.0546705Z - Title: Broker and brain are separate processes: the broker runs as its own long-lived per-machine process that survives every brain restart, so a routine (brain-only) self-update restarts the brain onto the swapped binary while every hosted endpoint (PTY child, live QUIC conn, listening socket) stays untouched at the PROCESS level. The in-process-thread broker (daemon.rs:165-170) is a regression that silently unrealizes REQ-UPD-3 — apply degrades to an in-process Brain::handoff no-op and new code does not run until an unrelated restart (KNOWN-HAZARDS 6.7). Evidence must prove process-level survival (SPIKE-01/03 productionized as int: PTY child + live QUIC survive a brain-PROCESS restart onto a swapped binary), re-pointing the regression-masked in-process int tags currently on REQ-DAEMON-2 / REQ-UPD-3 (ADR-0018).
2026-06-13T11:05:53.0546949Z - Required stages: doc, impl, unit, int
2026-06-13T11:05:53.0546987Z 
2026-06-13T11:05:53.0547118Z ### REQ-HAZARD-ROLLBACK-STATE-COMPAT
2026-06-13T11:05:53.0548770Z - Title: A brain must not irreversibly migrate durable state before update ready-promotion: the readiness-gated auto-rollback (ADR-0018 Q7) spawns the N-1 binary against durable state the new brain may have written, so every pre-ready write must stay N-1-readable (schema migrations gated behind ready-promotion, or written N-1-tolerant/additive). Else the first in-place schema migration silently bricks rollback (KNOWN-HAZARDS 6.8). Free now — a 2026-06-09 audit confirmed zero state-migration code exists; unmintable retroactively once a migration ships.
2026-06-13T11:05:53.0548905Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0548938Z 
2026-06-13T11:05:53.0549138Z ### REQ-HAZARD-BRAIN-RESPAWN-PATH
2026-06-13T11:05:53.0551537Z - Title: The broker respawns the brain onto the APPLIED bytes, not the renamed old binary: the candidate-binary default is the canonical exe path captured ONCE at broker start, never a per-spawn std::env::current_exe() — on Linux current_exe (readlink /proc/self/exe) is inode-tracking and follows the `apply` rename (spt -> spt.old-N), so a resident broker would respawn the brain onto OLD bytes while recording `applied` (Windows GetModuleFileName is path-at-start, so Windows was green; ADR-0018 Q3 silently assumed path-string semantics). Backstop: promotion gates on bytes — a trial promotes only if brain.ready exe_hash == the staged artifact hash for this platform, else auto-rollback + loud notif (readiness != new-bytes was the false-success that recorded applied:8 over a v0.4.0 brain on kitsubito, 2026-06-11). KNOWN-HAZARDS 6.11.
2026-06-13T11:05:53.0551801Z - Required stages: doc, impl, unit, int
2026-06-13T11:05:53.0551828Z 
2026-06-13T11:05:53.0551952Z ### REQ-HAZARD-PSYCHE-OUTBOUND-PROXY
2026-06-13T11:05:53.0552767Z - Title: Psyche outbound captured + sanitized: the live-Psyche turn driver captures stdout (never Stdio::null), and the daemon strips/re-stamps Psyche-supplied from=/target and constrains routing (reply→__REPLY_TO__ sender, notify→own user/subnet) (7.3)
2026-06-13T11:05:53.0552890Z - Required stages: impl, unit
2026-06-13T11:05:53.0552924Z 
2026-06-13T11:05:53.0553058Z ### REQ-HAZARD-DAEMON-SCHED-NONBLOCKING
2026-06-13T11:05:53.0553716Z - Title: Per-agent pulse/psyche/echo-commune scheduling must not serialize across agents: each agent's bounded LLM call (echo-commune summarizer, Psyche turn) runs off the shared scheduler so one slow/hung call cannot stall another agent's tick (7.4)
2026-06-13T11:05:53.0553849Z - Required stages: impl, unit
2026-06-13T11:05:53.0553882Z 
2026-06-13T11:05:53.0554022Z ### REQ-HAZARD-PAIR-TRANSCRIPT-BIND
2026-06-13T11:05:53.0554665Z - Title: Pairing transcript binds roles, both node pubkeys, subnet ID, seed epoch, TOTP time-step, and confirmation MACs — or unknown-key-share/reflection/wrong-subnet/replay pairing remain possible (ADR-0005 #12)
2026-06-13T11:05:53.0554788Z - Required stages: impl, unit
2026-06-13T11:05:53.0554821Z 
2026-06-13T11:05:53.0554945Z ### REQ-HAZARD-PAIR-SEED-ROTATION
2026-06-13T11:05:53.0555481Z - Title: Removing a node rotates the subnet seed (epoch bump) so an old node/old seed cannot rejoin; trust-store delete alone is NOT revocation because the seed is replicated to every trusted node (ADR-0005 #10)
2026-06-13T11:05:53.0555706Z - Required stages: impl, unit
2026-06-13T11:05:53.0555739Z 
2026-06-13T11:05:53.0555858Z ### REQ-HAZARD-PAIR-RATE-LIMIT
2026-06-13T11:05:53.0556731Z - Title: Subnet-global pairing rate limit: one active ceremony per subnet, shared attempt counter, exponential backoff — a public pre-trust relay + multiple seed-holders otherwise enables distributed SPAKE2 guessing (and ±1 TOTP window triples the valid-password space) (ADR-0005 #11)
2026-06-13T11:05:53.0556861Z - Required stages: impl, unit
2026-06-13T11:05:53.0556893Z 
2026-06-13T11:05:53.0557011Z ### REQ-HAZARD-WAN-ORIGIN-AUTH
2026-06-13T11:05:53.0557807Z - Title: WAN-inbound origin is transport truth, never payload: the access gate's subject (ADR-0009 origin-node whitelist) is the QUIC handshake-proven remote node id from the broker's conn/stream table — a forged origin/node field inside record bytes is inert (7.5)
2026-06-13T11:05:53.0557944Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0557982Z 
2026-06-13T11:05:53.0558105Z ### REQ-CONSENT-1
2026-06-13T11:05:53.0559112Z - Title: Consent grant store: capability x subject-agent x target-node rows, enforced at the target node, subnet-settable (replicates as security material near the trust store), revocable; gated-capability ids (remote-exec, instantiate-anywhere) reserved-but-refusing; v1 consumers are the shell spawn gates (CONTEXT Consent & security gates)
2026-06-13T11:05:53.0559235Z - Required stages: impl, unit
2026-06-13T11:05:53.0559269Z 
2026-06-13T11:05:53.0559383Z ### REQ-CONSENT-2
2026-06-13T11:05:53.0560217Z - Title: Interactive consent escalation: an ungated high-risk action routes a consent prompt to the user's most-recently-active session; allow-once / allow-always (writes a grant) / deny; pre-consent flags (can_shutdown, shell_wake_spawn_anywhere) author grants via manifest/settings (CONTEXT Consent & security gates)
2026-06-13T11:05:53.0560340Z - Required stages: impl, unit
2026-06-13T11:05:53.0560369Z 
2026-06-13T11:05:53.0560520Z ### REQ-PRES-1
2026-06-13T11:05:53.0561902Z - Title: Presence resolution: the presence datum (last_active_node, last_active_endpoint, ts) gossiped subnet-wide via the agent-interaction heartbeat (rides registry distribution, visibility-gated) + one first-class most-recently-active resolution API consumed by notif first-fire, update-consent delivery, consent escalation, and shell wake resolution (M5 scope decision 1: resolution only — the PresenceChannel endpoint stays deferred)
2026-06-13T11:05:53.0562141Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0562173Z 
2026-06-13T11:05:53.0562285Z ### REQ-SHELL-1
2026-06-13T11:05:53.0563169Z - Title: Shell hosting machinery: shell perch under the owner (type/owner/adapter_name/status/alias), broker-launched binary + api bind local-link handshake, the three channels (command durable, text+file durable + progress-queryable, sensory REST-only never spooled + dropped-unless-owner-live), owner exclusivity (CONTEXT Shell model)
2026-06-13T11:05:53.0563279Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0563313Z 
2026-06-13T11:05:53.0563427Z ### REQ-SHELL-2
2026-06-13T11:05:53.0564863Z - Title: Shell sleep/wake: link-break always closes the binary (pre-close instruction + termination timeout), ephemeral teardown vs persistent offline/relink, wake_command wake-watcher (offline-only, exit-opcode supervision, exponential backoff + give-up), state-keyed wake resolution (dormant/suspended/active-elsewhere; no-reachable refuses — spawn-anywhere branch deferred), spt shutdown owner cascade + api owner-shutdown gated by can_shutdown (CONTEXT Shell sleep/wake)
2026-06-13T11:05:53.0565000Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0565034Z 
2026-06-13T11:05:53.0565163Z ### REQ-HAZARD-ELEVATED-DAEMON-SPAWN
2026-06-13T11:05:53.0566486Z - Title: The daemon always runs unelevated in the invoking user's universe, regardless of which command spawns it: an elevated spawner de-elevates (Windows: UAC linked token via CreateProcessWithTokenW; Linux: drop to SUDO_UID/SUDO_GID + the invoker's HOME) — an elevated daemon's pipes deny unelevated clients (every later spt reads not-running→spawn→bind Access-denied) and a sudo'd daemon roots the user's state universe (5.7)
2026-06-13T11:05:53.0566728Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0566767Z 
2026-06-13T11:05:53.0566895Z ### REQ-HAZARD-REGISTRY-GHOST-ROWS
2026-06-13T11:05:53.0568177Z - Title: A dead node identity's registry rows must decay: only the per-(endpoint,node) epoch lease supersedes rows, so without eviction a vanished node's rows are immortal and poison bare-id resolution with phantom AcrossNodes ambiguity — evict rows whose author node has not been heard (admitted inbound feed) within the eviction window; own rows never decay; a revived node re-inserts from its durable epoch within one pump cadence (4.10)
2026-06-13T11:05:53.0568305Z - Required stages: doc, impl, unit
2026-06-13T11:05:53.0568343Z 
2026-06-13T11:05:53.0568448Z ### REQ-CLI-1
2026-06-13T11:05:53.0569595Z - Title: spt endpoint noun namespace: absorbs fork/suspend/wake/shutdown/rename/stop/digest + access (ported 1:1: allow|revoke|open|list, decision 21) + description (ex-resources blurb; bare=show, set=author); merged endpoint list [--local|--subnet <name>] grouped by subnet with SELF pinned, --detail adding the ex-resources yellow-pages blurb projection; bare spt endpoint = the list (M8 decisions 1-2, 25)
2026-06-13T11:05:53.0569725Z - Required stages: impl, unit
2026-06-13T11:05:53.0569757Z 
2026-06-13T11:05:53.0569867Z ### REQ-CLI-2
2026-06-13T11:05:53.0570578Z - Title: spt daemon noun: run|stop|status (hidden daemon verb becomes daemon run; agent-endpoint shutdown keeps its name under endpoint); daemon status renders the pump heartbeat (last-tick recency) so a half-dead daemon is never rendered implied-healthy (M8 decisions 5, 23)
2026-06-13T11:05:53.0570702Z - Required stages: impl, unit
2026-06-13T11:05:53.0570740Z 
2026-06-13T11:05:53.0570843Z ### REQ-CLI-3
2026-06-13T11:05:53.0571576Z - Title: Agent hot path stays flat across the M8 reorg: send/ring/ready/whoami/how-to unchanged; notify moves to subnet notify while notif stays top-level; breaking renames land clean with no deprecation shims (zero external CLI consumers pre-spt-claude-code) (M8 decisions 3-4, 9)
2026-06-13T11:05:53.0571799Z - Required stages: impl, unit
2026-06-13T11:05:53.0571833Z 
2026-06-13T11:05:53.0571943Z ### REQ-SUBNET-5
2026-06-13T11:05:53.0573072Z - Title: Per-subnet serve-state: spt subnet detach <NAME> [--save] / attach <NAME> [--save] — daemon keeps running, stops/starts advertising + connecting for that subnet (peer pump + responder selective); --save persists the startup default in daemon config; the all-attached banner gains per-subnet states (M8 decision 6, --save renamed from --auto per decision 25 session)
2026-06-13T11:05:53.0573203Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0573236Z 
2026-06-13T11:05:53.0573339Z ### REQ-SUBNET-6
2026-06-13T11:05:53.0574044Z - Title: Trust lifecycle verbs, elevation-gated: spt subnet leave <NAME> (membership exit) and spt subnet prune <node> (removes a dead identity's trust + registry rows, killing its dead dials; trust mutation = security surface, REQ-PAIR-6 gate machinery) (M8 decisions 6-7)
2026-06-13T11:05:53.0574169Z - Required stages: impl, unit
2026-06-13T11:05:53.0574212Z 
2026-06-13T11:05:53.0574316Z ### REQ-SUBNET-7
2026-06-13T11:05:53.0575908Z - Title: Per-machine re-pair trust overwrite: registry rows carry a hashed stable machine identifier (OS machine id /etc/machine-id|MachineGuid, domain-separated SHA-256 before gossip, spt-minted persisted UUID fallback; additive serde-default field — old rows parse clean); a COMPLETED pairing ceremony presenting the same node label AND machine id as an existing trusted row evicts the superseded identity's trust + registry rows on the seed-holder and replicates the eviction; a gossiped claim alone never evicts trust (M8 decisions 13, 22)
2026-06-13T11:05:53.0576117Z - Required stages: impl, unit
2026-06-13T11:05:53.0576154Z 
2026-06-13T11:05:53.0576254Z ### REQ-SUBNET-8
2026-06-13T11:05:53.0577317Z - Title: Status render honesty: zero-subnet text is daemon-aware ('No subnets registered — this node is standalone.' + daemon-running-dependent blurb, never implying messaging works while the daemon is down); hint footer prints on bare spt subnet only (status drops it); a stalled pump is surfaced in subnet status, never rendered implied-healthy (M8 decisions 11-12, 23)
2026-06-13T11:05:53.0577441Z - Required stages: impl, unit
2026-06-13T11:05:53.0577470Z 
2026-06-13T11:05:53.0577569Z ### REQ-INSTALL-6
2026-06-13T11:05:53.0578827Z - Title: Linux elevation install leg: install.sh symlinks the binary into a sudo-reachable path (/usr/local/bin; graceful print-the-one-liner when unelevated) so sudo spt resolves; first sudo spt detects elevation and prompts ONCE for the default user account — thereafter any elevated daemon launch runs daemon + state under that account, never root (KH 5.7 interplay verified) (M8 decision 8)
2026-06-13T11:05:53.0579026Z - Required stages: impl, unit
2026-06-13T11:05:53.0579050Z 
2026-06-13T11:05:53.0579154Z ### REQ-INSTALL-7
2026-06-13T11:05:53.0580261Z - Title: Windows inbound reachability: the elevated install leg registers the inbound-UDP firewall rule (New-NetFirewallRule); the daemon self-detects blocked inbound and renders it as the no-connection state in subnet status + the coming-online banner (covers user-scope installs that skip the elevated leg — never a silent NO_SEED_HOLDER dead-end) (M8 root cause 3)
2026-06-13T11:05:53.0580384Z - Required stages: impl
2026-06-13T11:05:53.0580418Z 
2026-06-13T11:05:53.0580533Z ### REQ-INSTALL-8
2026-06-13T11:05:53.0581584Z - Title: OS-service registration (REQ-INSTALL-1's deferred third leg): Linux systemd USER service + loginctl enable-linger (linger rides the elevated install leg; daemon starts at boot pre-login, user universe per KH 5.7, systemctl --user managed); Windows scheduled task at-logon (interactive session, no stored credentials); a node is reachable after reboot without any manual spt invocation (M8 decision 17)
2026-06-13T11:05:53.0581706Z - Required stages: impl
2026-06-13T11:05:53.0581739Z 
2026-06-13T11:05:53.0581845Z ### REQ-CONV-1
2026-06-13T11:05:53.0583227Z - Title: Peer address seeding, both cold starts: durable peer-addrs.json (identity dir) maps peer pubkey → last-known dialable address; the pump's resolver consults it FIRST with id-only discovery fallback on miss or dial failure (a stale addr never strands a peer); written by the pairing ceremony (both sides, from the live connection) and by the pump on successful connect; post-join first sync and post-restart resync converge in seconds, not ~1 min (M8 decisions 14, 20)
2026-06-13T11:05:53.0583462Z - Required stages: impl, unit
2026-06-13T11:05:53.0583495Z 
2026-06-13T11:05:53.0583600Z ### REQ-CONV-2
2026-06-13T11:05:53.0584714Z - Title: Event-driven advertisement: endpoint online/offline transitions (ready-listener start/stop, rest-state transition, perch death) trigger an immediate advertise_local + peer push as a WAKE of the existing pump loop (no second advertisement path — epoch lease + visibility gates ride unchanged); the cadence stays the steady-state floor (M8 decision 15)
2026-06-13T11:05:53.0584839Z - Required stages: impl, unit
2026-06-13T11:05:53.0584876Z 
2026-06-13T11:05:53.0584986Z ### REQ-PAIR-8
2026-06-13T11:05:53.0586259Z - Title: NTP TOTP offset: the pairing ceremony queries NTP at ceremony time (both sides) and applies the derived offset to the TOTP calculation in-process only; system-clock fallback when NTP is unreachable (offline LAN pairing unaffected — NTP failure never blocks a pairing that succeeds today); never sets the OS clock; no background sync loop (M8 decision 18; field trigger: enlyzeam clock >1 min off exceeds the ±1 window)
2026-06-13T11:05:53.0586384Z - Required stages: impl, unit
2026-06-13T11:05:53.0586416Z 
2026-06-13T11:05:53.0586525Z ### REQ-DAEMON-5
2026-06-13T11:05:53.0587887Z - Title: Pump liveness: the peer pump writes a last-tick heartbeat consumed by daemon status / subnet status (decision 23 render legs in REQ-CLI-2/REQ-SUBNET-8); the daemon supervises the pump task — a panic is caught, logged loudly, and the pump restarts with capped backoff (≤5 min), so a 5.9-class death self-heals visibly instead of silently halving the daemon (M8 decision 23; field motivation: hfenduleam 2026-06-07 half-death)
2026-06-13T11:05:53.0588015Z - Required stages: impl, unit
2026-06-13T11:05:53.0588049Z 
2026-06-13T11:05:53.0588153Z ### REQ-DAEMON-6
2026-06-13T11:05:53.0590095Z - Title: Service-aware `daemon start`/`stop`: when an OS service manager has a registered spt-daemon for this user, `spt daemon start` and `spt daemon stop` drive THAT service (so stop doesn't IPC-kill a unit that auto-restart-fights for the broker socket — the kitsubito 2026-06-08 loop). `start` graduates from a `run` alias to a first-class background verb (ensure-up, idempotent, non-blocking); stop routes managed→manager, manual→IPC. Linux=systemd user unit (`systemctl --user start|stop|is-active spt-daemon`, detected by unit-file presence); Windows=no controllable manager (the logon task is boot-only), so start=detached spawn / stop=IPC.
2026-06-13T11:05:53.0590225Z - Required stages: impl, unit
2026-06-13T11:05:53.0590258Z 
2026-06-13T11:05:53.0590358Z ### REQ-DAEMON-7
2026-06-13T11:05:53.0591737Z - Title: `daemon run` is foreground-consistent on every platform: the invoking process IS the daemon, blocks until signalled, never auto-detaches or respawns into an invisible background task. The detached/de-elevated background behavior lives ONLY in `start`. Windows: an ELEVATED `daemon run` refuses with guidance (use `start`, or an unelevated shell) instead of respawning detached/de-elevated and vanishing (KH 5.7 preserved — it still never serves elevated).
2026-06-13T11:05:53.0591864Z - Required stages: impl, unit
2026-06-13T11:05:53.0591898Z 
2026-06-13T11:05:53.0592001Z ### REQ-DAEMON-8
2026-06-13T11:05:53.0592933Z - Title: Internal auto-start prefers the service: `ensure_running` (any spt command's implicit daemon start, REQ-DAEMON-3) routes through the service-aware start path — when a manager has a registered service it starts THAT, never a competing manual `spawn_detached` daemon that would fight the service for the socket.
2026-06-13T11:05:53.0593059Z - Required stages: impl, unit
2026-06-13T11:05:53.0593201Z 
2026-06-13T11:05:53.0593306Z ### REQ-DAEMON-9
2026-06-13T11:05:53.0595551Z - Title: Net-bind boot-race resilience: a daemon that comes up net-less (NetHost::start failed — e.g. the systemd unit autostarted before the network/DNS stack was ready, `Failed to create an address lookup service`) must SELF-HEAL — retry the net bring-up in the background with capped backoff and, on success, attach net to the broker + spawn the dispatcher/peer-pump (which today are gated on `net_up` at boot and so never start, leaving the node silently unreachable until a manual restart — kitsubito 2026-06-08). Status surfaces the net-less state honestly (a net-less broker renders as 'no connection', not only a pump-STALLED line with a bogus pre-boot heartbeat age). The installer's autostart unit waits for the network (`Wants=/After=network-online.target`) as belt-and-suspenders.
2026-06-13T11:05:53.0595670Z - Required stages: impl, unit
2026-06-13T11:05:53.0595704Z 
2026-06-13T11:05:53.0595832Z ### REQ-HAZARD-EPOCH-RESET
2026-06-13T11:05:53.0597137Z - Title: Advertisement-epoch reset strands a node: peers' higher last-seen epoch drops the reset node's fresh advertisements as Stale until the counter outruns history. Common case (full reinstall/re-pair) is mitigated by REQ-SUBNET-7's ceremony eviction (peer-side epoch memory dies with the deleted row — acceptance-verified); the residual narrow slice (epoch file lost, identity kept) is documented, guard deferred to a field hit (4.11)
2026-06-13T11:05:53.0597257Z - Required stages: 
2026-06-13T11:05:53.0597289Z 
2026-06-13T11:05:53.0597398Z ### REQ-MESH-1
2026-06-13T11:05:53.0599566Z - Title: Membership proof (seed-proof): symmetric current-epoch seed-knowledge replaces is_trusted at EVERY inbound gate (registry apply, WAN receive, sync, notif, connection accept). MK = HKDF(seed, domain ‖ subnet_id ‖ seed_epoch); mutual channel-bound challenge-response at connect (transcript binds both handshake-proven node pubkeys, both nonces, subnet_id, seed_epoch, role); verified once per connection, cached on the broker ConnEntry, kept warm via QUIC keep-alive so re-proof is restart/partition/rotation-only. Exact-epoch match (re-seed is the sole N-1 exception). SECURITY INVARIANTS: channel-bound (no cross-connection replay), mutual, accepts a member it never paired (the mesh property).
2026-06-13T11:05:53.0599820Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0599853Z 
2026-06-13T11:05:53.0599962Z ### REQ-MESH-2
2026-06-13T11:05:53.0602495Z - Title: Member roster: node-level union-merge grow-set (per member: pubkey, label, machine_id, last-known address, last-seen — NOT the seed), the discovery directory the mesh dials by. Seeded IN FULL at pairing (seed-holder hands joiner the whole current roster, incl. offline members — folds in deferred pairing-time hostname capture + post-join address seeding); each node authors its own entry stamped with its lease_epoch, merged strictly-greater-wins (the node_label lease); exchanged only over seed-proof'd member connections; forgery-inert (a fake entry names a pubkey that still can't seed-proof). Removal needs a TOMBSTONE — a per-pubkey revoked marker that propagates, dominates the entry, gates admission (seed-proof ∧ ¬tombstoned), and prevents reinsert; cleared by a completed re-pair of that pubkey. Persists through silence (offline member keeps its entry).
2026-06-13T11:05:53.0602634Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0602667Z 
2026-06-13T11:05:53.0602774Z ### REQ-MESH-3
2026-06-13T11:05:53.0604443Z - Title: Mesh row fan-out: registry rows stay OWN-AUTHORED; the only change is the push target widens from directly-paired peers to ALL roster members (a wider DIRECT fan-out, never a third-party relay). Every row/message still arrives from its author over a handshake → KNOWN-HAZARDS 7.5 (origin = handshake node) and 4.10 (eviction lease: any future update comes from that node itself, alive) PRESERVED VERBATIM. Closes the staggered A→B→C repro: C (roster-seeded with A at pairing) initiates to A, seed-proof admits C unpaired, A learns C, both push directly.
2026-06-13T11:05:53.0604676Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0604705Z 
2026-06-13T11:05:53.0604816Z ### REQ-MESH-4
2026-06-13T11:05:53.0607026Z - Title: Revoke + timeboxed seed rotation + re-seed grace: `spt subnet revoke <node>...` (list, elevation-gated, revoke-only) writes roster tombstones immediately, then schedules ONE seed rotation (re-mint seed, bump seed_epoch, push new seed CONFIDENTIALLY over member-auth'd TLS connections — never in roster/registry gossip — force-drop revokees) at the close of a coalescing window (default 1h); further revokes in the window join the same rotation (one epoch bump). `--force-rotate-seed` rotates immediately (compromised-node path). RE-SEED GRACE: a node proving the immediately-prior epoch (N-1) AND still on the roster gets a re-seed-only restricted connection (auto-heals a benign offliner); revoked/off-roster denied; ≥2 stale → re-pair.
2026-06-13T11:05:53.0607165Z - Required stages: impl, unit, int
2026-06-13T11:05:53.0607208Z 
2026-06-13T11:05:53.0607308Z ### REQ-MESH-5
2026-06-13T11:05:53.0608673Z - Title: Hard cutover from pairwise trust: delete peers.json + the is_trusted authorization path (no migration — expendable test fleet, re-pairs fresh under the new model, user decision 2026-06-08). Warn-on-change DEMOTED from a gate to an awareness notice anchored on machine_id (not label): 'machine M, last seen as K1, now presents K2' — fires the same event as the REQ-SUBNET-7 re-pair overwrite. The TrustStore/peers.json code and its call sites are removed, not left dead.
2026-06-13T11:05:53.0608797Z - Required stages: impl, unit
2026-06-13T11:05:53.0608906Z 
2026-06-13T11:05:53.0609079Z ### REQ-MESH-6
2026-06-13T11:05:53.0610295Z - Title: Concurrent liveness probes: `spt subnet status --nodes` fans out its offline/serve-probes (REQ-SUBNET-5) CONCURRENTLY — total wall-time bounded by the single-probe ceiling (~3s), never k×ceiling. The mesh makes a node see ALL members (many possibly offline), so a serial probe loop would be offline_count×3s. (Planning verifies the current REQ-SUBNET-5 probe loop's behavior and fixes it if serial.)
2026-06-13T11:05:53.0610413Z - Required stages: impl, unit
2026-06-13T11:05:53.0610451Z 
2026-06-13T11:05:53.0610564Z ## How to report back
2026-06-13T11:05:53.0610598Z 
2026-06-13T11:05:53.0610791Z For every (requirement, failing criterion) pair, emit one finding:
2026-06-13T11:05:53.0610824Z 
2026-06-13T11:05:53.0610916Z     {
2026-06-13T11:05:53.0611040Z       "code": "requirement_quality",
2026-06-13T11:05:53.0611158Z       "requirementId": "REQ-...",
2026-06-13T11:05:53.0611335Z       "criterion": "singular" | "verifiable" | "atomic" | "active-voice",
2026-06-13T11:05:53.0611454Z       "message": "<short reason>",
2026-06-13T11:05:53.0611584Z       "suggestedRevision": "<optional rewrite>"
2026-06-13T11:05:53.0611683Z     }
2026-06-13T11:05:53.0611722Z 
2026-06-13T11:05:53.0611913Z Wrap your response as { "findings": [ ... ] } listing only your concerns; the
2026-06-13T11:05:53.0612088Z deterministic findings above don't need to be repeated.
