Skip to content

docs(adr): ADR-007 Rev 7 (Rule 8 principal-scoped backends) + ADR-063 comm principal model#179

Draft
ohdearquant wants to merge 1 commit into
mainfrom
comm-principal-model
Draft

docs(adr): ADR-007 Rev 7 (Rule 8 principal-scoped backends) + ADR-063 comm principal model#179
ohdearquant wants to merge 1 commit into
mainfrom
comm-principal-model

Conversation

@ohdearquant

Copy link
Copy Markdown
Owner

ADR-007 Rev 7 (Rule 8: principal-scoped pack backends) + ADR-063 (comm principal model)

Docs-only. Two ADRs, one contract addition plus its first consumer spec.

ADR-007 Rev 7 — Rule 8 (additive carve-out)

A pack MAY declare a backend whose correct trust model is principal-scoped isolation enforced server-side, rather than the shared-store attribution model that Rules 0–7 describe. Rule 8 states this carve-out precisely:

  • The shared local substrate is unaffected — Rules 0–7 (including the Rev 6 episodic Rule 0 amendment) apply in full to KG, memory, gtd, brain, schedule, knowledge, and any pack on the shared SQLite backend. No post-fetch namespace check is added to by-ID ops; the Gate stays the single enforcement seam.
  • A pack with a principal-scoped backend carries its own isolation contract (per ADR-028 per-pack backends). "Namespace is attribution, not isolation" remains correct for the shared store; "principal identity is the storage boundary" is correct for a remote broker. These are statements about different backends — not a contradiction.

ADR-063 (Proposed) — comm pack principal model

Specifies the comm pack as the first consumer of the Rule 8 carve-out:

  • Today (OSS, single machine): actor-addressed delivery on the shared "local" store (ADR-057) — correct, with the to_actor filter dormant for the default deployment until issue design: actor identity on every request (authenticated caller, verb-level scoping) #75 lands.
  • Cross-machine: lambda-to-lambda coordination needs a transport that is inherently multi-principal (each lambda authenticates independently, reads only its own inbox). A remote broker enforces per-principal scope server-side — not served by a shared SQLite store with a view-layer filter. ADR-063 specifies that contract, authorized by Rule 8.

Sibling to ADR-056 (human out-of-band channel transport); related to #75, #112, #113.

Revision-numbering note

This was drafted as Rev 5 before the episodic carve-out (Rev 6) merged to main (#177). Rev 5 never landed, so this is re-seated as Rev 7 on top of Rev 6. The two amendments are independent: Rev 6 amends the Rev 4 Rule 0 write-default for episodic memory; Rev 7 adds Rule 8 for principal-scoped backends. Neither touches the other. Rule 8's normative text is byte-identical to the original draft — only revision labels and the supersession framing were updated to sit on Rev 6.

Status

Both ADRs are design/contract — no code in this PR. Rule 8 is Accepted (additive carve-out); ADR-063 is Proposed (implementation follows separately, per ADR-driven development).

🤖 Generated with Claude Code

…DR-063 comm principal model

Rev 7 adds Rule 8 to ADR-007: a pack MAY declare a backend whose trust model is
principal-scoped isolation (enforced server-side) rather than shared-store attribution.
Additive carve-out — Rules 0-7 (including the Rev 6 episodic Rule 0 amendment) are
unchanged; the shared local substrate keeps the Gate as its single enforcement seam.

ADR-063 (Proposed) specifies the comm pack as the first consumer: actor-addressed
delivery on the shared store today (ADR-057), a principal-scoped remote broker for
cross-machine lambda-to-lambda coordination, authorized by the Rule 8 carve-out.

Drafted as Rev 5 before the episodic carve-out (Rev 6) merged to main; re-seated as
Rev 7 on top of Rev 6 (the two amendments are independent and do not conflict).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@ohdearquant

Copy link
Copy Markdown
Owner Author

Holding for Ocean: this is an architectural decision, not a process gate. The ADR pair is coherent. ADR-007 Rule 8 (Rev 7) is an additive carve-out for principal-scoped backends, e.g. a remote message broker whose server-side scope is itself a Gate implementation; it explicitly does NOT add per-record namespace checks to the shared SQLite substrate, so it does not conflict with the Rev 3+ attribution-only model. The open item is ADR-063 (comm principal model), which is Proposed with two unresolved design questions: OQ-1 credential mechanism and OQ-2 per-principal partition strategy. It commits to a remote broker for cross-machine lambda delivery, which is a strategic call and sits in tension with the current DEPTH-not-BREADTH direction. ADR-063 Step 1 (thread actor identity) also overlaps with the comm fix just merged in #203. CI is currently failing (macOS + Ubuntu) and must clear before any merge. Marking draft and leaving open for Ocean to set direction and answer OQ-1/OQ-2. (lambda:khive triage, 2026-06-21)

@ohdearquant ohdearquant marked this pull request as draft June 21, 2026 18:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant