Skip to content

docs: add helper causal receipts architecture spec#13

Closed
mdheller wants to merge 13 commits into
mainfrom
hcr/helper-causal-receipts-v0-1
Closed

docs: add helper causal receipts architecture spec#13
mdheller wants to merge 13 commits into
mainfrom
hcr/helper-causal-receipts-v0-1

Conversation

@mdheller
Copy link
Copy Markdown
Contributor

@mdheller mdheller commented May 6, 2026
edited
Loading

Summary

Adds the Helper Causal Receipts v0.1 architecture contract plus the first reviewable implementation skeleton for SourceOS Shell.

This captures the design response from the macOS unified-log helper-cascade analysis:

  • root-intent-bound helper receipts
  • declared helper spawn reasons
  • capability request/decision receipts
  • denial classification
  • teardown normalization
  • local-only preview policy profiles
  • web-thumbnail hostile-content treatment
  • native file picker isolation
  • terminal preview secret isolation
  • user-facing “Why did this run?” inspector requirements

Included in this PR

  • Architecture contract:
    • docs/architecture/helper-causal-receipts-v0.1.md
  • Event schema:
    • schemas/helper-causal-receipts.schema.json
  • Taxonomies/policies:
    • policies/helper-receipts/service_taxonomy.v0.1.yaml
    • policies/helper-receipts/apple_service_family_taxonomy.v0.1.yaml
  • Tools:
    • tools/check_helper_receipts.py
    • tools/unified_log_helper_parser.py
    • tools/unified_log_helper_correlator.py
  • Tests/fixtures:
    • tests/test_unified_log_helper_parser.py
    • tests/test_unified_log_helper_correlator.py
    • tests/fixtures/helper-receipts/*.json

Why this belongs in sourceos-shell

SourceOS Shell is the right runtime/spec home because it is the user-facing shell and receipt/inspector boundary for helper activity across preview, PDF/document rendering, browser integration, terminal integration, and local-first observability.

Downstream repos should align to this contract:

  • SourceOS-Linux/BearBrowser: browser file picker, cache cleanup, preview, web thumbnail enforcement
  • SourceOS-Linux/TurtleTerm: terminal preview helper isolation and shell-secret denial
  • SocioProphet/ontogenesis: ontology + SHACL vocabulary
  • SocioProphet/prophet-platform: evidence envelope mapping and CI trust gates

Cross-repo implementation trace

  • SourceOS-Linux/BearBrowser#26
  • SourceOS-Linux/TurtleTerm#11
  • SocioProphet/ontogenesis#59
  • SocioProphet/prophet-platform#435

Validation commands

python -m pytest tests/test_unified_log_helper_parser.py tests/test_unified_log_helper_correlator.py
python tools/check_helper_receipts.py tests/fixtures/helper-receipts/preview_local_only_pass.json tests/fixtures/helper-receipts/web_thumbnail_pass_clipboard_denied.json
python tools/check_helper_receipts.py tests/fixtures/helper-receipts/preview_local_only_fail_network_allowed.json || true
python tools/check_helper_receipts.py tests/fixtures/helper-receipts/helper_spawn_missing_root_intent_fail.json || true

Notes

Generated evidence artifacts from the local analysis packet are intentionally not committed here. This PR lands the normative contract, lightweight parser/correlator tooling, policy taxonomies, CI gate, and fixtures only.

@mdheller ChatGPT Codex Connector
Copy link
Copy Markdown
Contributor Author

mdheller commented May 6, 2026

Cross-repo implementation trace

This PR is the source architecture contract for Helper Causal Receipts v0.1. Downstream implementation work is now opened across the relevant repos:

Implementation split

  • SourceOS Shell owns the canonical event model, parser/correlator tooling, receipt store, and user-facing “Why did this run?” inspector.
  • BearBrowser owns browser-side root intents, preview/cache/thumbnail policies, and session/credential isolation.
  • TurtleTerm owns terminal preview receipts and shell-secret denial enforcement.
  • Ontogenesis owns RDF/OWL/SHACL vocabulary and validation constraints.
  • Prophet Platform owns evidence envelopes, policy-regression CI gates, and evidence-console visualization.

Next sourceos-shell artifacts planned on this branch

  • JSON Schema for sourceos.helper_causal_receipt.v0.1.
  • Service taxonomy and Apple service-family taxonomy.
  • Parser/correlator tools for imported unified-log style evidence.
  • CI gate script and tests for local-only helper policy invariants.

@mdheller mdheller mentioned this pull request May 22, 2026
Merged
mdheller added a commit that referenced this pull request May 22, 2026
@mdheller
Replay helper causal receipts core gate on current main
86a21b0 
Replays the core Helper Causal Receipts validation gate from #13 onto current main.

Changes:
- add helper causal receipt schema
- add receipt checker
- add positive fixtures and negative local-only/missing-intent fixtures
- add focused Helper Causal Receipts workflow

Validation observed on head 39ccb3d:
- Helper Causal Receipts: success

The larger parser/correlator/docs tranche remains tracked on #13.
@mdheller ChatGPT Codex Connector
Copy link
Copy Markdown
Contributor Author

mdheller commented May 22, 2026

Partial capture update.

Merged #20 / 86a21b0d056ae5db88c55ffa50835d6d7c0e9a78 as a current-main replay of the core machine-checkable Helper Causal Receipts gate.

Captured in #20:

  • schemas/helper-causal-receipts.schema.json
  • tools/check_helper_receipts.py
  • positive helper receipt fixtures
  • negative local-only and missing-intent fixtures
  • focused Helper Causal Receipts workflow

Validation observed on #20 head 39ccb3d4d76050ac4167e6cf7cf5189c6e5e676f:

  • Helper Causal Receipts: success

Remaining from this PR and intentionally not closed yet:

  • docs/architecture/helper-causal-receipts-v0.1.md
  • policies/helper-receipts/service_taxonomy.v0.1.yaml
  • policies/helper-receipts/apple_service_family_taxonomy.v0.1.yaml
  • tools/unified_log_helper_parser.py
  • tools/unified_log_helper_correlator.py
  • parser/correlator unit tests

Reason: the raw parser/test payload includes unified-log pattern material that should be replayed separately and carefully; #20 captured the core schema/fixture gate without losing the remaining tranche.

@mdheller mdheller mentioned this pull request May 23, 2026
Merged
mdheller added a commit that referenced this pull request May 23, 2026
@mdheller
Replay helper causal receipts follow-up on current main
d4f30ff 
Replays the remaining helper-causal receipts tranche from #13 onto current main.

Captured:
- architecture note
- helper receipt policy taxonomies
- parser and correlator tools
- parser and correlator tests
- focused helper parser workflow

Validation on bde36c0:
- Helper Causal Parser: success
- PDF Runtime Scaffold: success

Completes #13 together with #20.
@mdheller ChatGPT Codex Connector
Copy link
Copy Markdown
Contributor Author

mdheller commented May 23, 2026

Final capture update.

Helper Causal Receipts v0.1 is now fully captured on current main across #20 and #21.

Merged #20 / 86a21b0d056ae5db88c55ffa50835d6d7c0e9a78:

  • schemas/helper-causal-receipts.schema.json
  • tools/check_helper_receipts.py
  • positive helper receipt fixtures
  • negative local-only and missing-intent fixtures
  • focused Helper Causal Receipts workflow

Merged #21 / d4f30ffb3b8157bc4cff425558007856fc50be5a:

  • docs/architecture/helper-causal-receipts-v0.1.md
  • policies/helper-receipts/service_taxonomy.v0.1.yaml
  • policies/helper-receipts/apple_service_family_taxonomy.v0.1.yaml
  • tools/unified_log_helper_parser.py
  • tools/unified_log_helper_correlator.py
  • parser/correlator tests
  • focused Helper Causal Parser workflow

Validation observed:

Content status: fully captured. This stale PR can be closed as superseded.

@mdheller mdheller closed this May 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mdheller