diff --git a/memory/MEMORY.md b/memory/MEMORY.md index 9cd3d7b..6e8c36d 100644 --- a/memory/MEMORY.md +++ b/memory/MEMORY.md @@ -8,6 +8,8 @@ its own session). See the org + per-repo `CLAUDE.md` for the coordination rules. - [Increment protocol](increment-protocol.md) — ORG RULE (`~/vista-cloud-dev/CLAUDE.md`): every verified increment auto-persists to memory + updates the tracker + commits/pushes to the working branch, across all repos. **Driver-effort exceptions** (m-driver-sdk/m-iris/m-ydb) carved in that file + per-repo CLAUDE.md + [[coordination-model]]. +- [Notional DBIA — never a blocker](notional-dbia-not-a-blocker.md) — HARD DIRECTIVE (user, 2026-06-16): the VistA DBIA/ICR registry is **notional** — a manually human-curated FORUM list, NOT in code, NOT in a FileMan DD, NOT enforced programmatically. `check-icr` requires a documented **Supported** API + **no-direct-global**, but **never** a numeric ICR; missing numbers (esp. the **FileMan DBS API** `GETS^DIQ`/`$$GET1^DIQ`/`UPDATE^DIE`/`FILE^DIE`/`$$FIND1^DIC`, none in the gold corpus) are **NOT** a blocker and emit **no warning** — use a notional `@icr DBS` marker + real `@status/@source`. Amended plan §5.4; coded into v-stdlib `gen-icr.py` at M3. Don't re-raise. + - [Engine access through the driver stack](engine-access-through-driver-stack.md) — HARD RULE: reach the VistA/M engines (`vehu`, `foia*`, test engines) ONLY through `m-driver-sdk` → `m-ydb`/`m-iris` via the `m` toolchain (`m test --docker`, `m vista exec`, `mdriver.Client`) — NEVER raw `docker exec … mumps`/`iris session`. Exercises the designated VSL-MSL stack at all times. **Enforced**: `PreToolUse` hook `engine-stack-guard.sh` (deny + `stack-exempt` escape) + `make check-engine-access` CI gate + org `CLAUDE.md` §waterline engine-access rule. - [CI gate hardening + waterline audit](ci-gate-hardening-waterline-audit.md) — 2026-06-14 org-wide CI audit: hardened reusable `go-ci.yml` (govulncheck/vet/gofmt, propagates to 12 repos) + wired arch gate to m-parse & m-dev-tools-mcp (added layer-m meta). Waterline validated CLEAN; latent gaps = G2–G5 unbuilt, SDK pin drift, m-stdlib stale meta org. 3 branches pushed, unmerged. diff --git a/memory/notional-dbia-not-a-blocker.md b/memory/notional-dbia-not-a-blocker.md new file mode 100644 index 0000000..f863cd2 --- /dev/null +++ b/memory/notional-dbia-not-a-blocker.md @@ -0,0 +1,50 @@ +--- +name: notional-dbia-not-a-blocker +description: HARD DIRECTIVE (user, 2026-06-16) — the VistA DBIA/ICR registry is NOTIONAL — a manually human-curated FORUM list, NOT in code, NOT in a FileMan DD, NOT enforced programmatically. The check-icr gate must require a documented Supported API + no-direct-global, but NEVER require a numeric ICR; missing ICR numbers (esp. FileMan DBS) are NOT a blocker and emit NO warning. Don't re-raise it. +metadata: + type: feedback +--- + +# The DBIA/ICR number is notional — never a blocker + +**User directive (2026-06-16, emphatic):** the VistA DBIA / ICR (Integration +Control Registration) registry is **notional**. It is a **manually +human-curated list that lives only in FORUM** — it is **not in the routine +code, not in a FileMan data dictionary on the running system, and not enforced +programmatically anywhere**. So an ICR *number* must **never** be treated as a +hard requirement or a blocker, and the absence of one must **not** produce a +warning. + +**Why:** the integration-agreement number is paperwork (a notional governance +list), not a machine-checkable fact. The load-bearing, machine-checkable +invariants are the ones that actually protect the system: (a) the L4 call is a +**documented `Supported` public API**, and (b) **no direct global access** +(every read/write/delete goes through the documented DBS/API call, never a raw +`SET`/`KILL`/`$ORDER` on a VistA file global). Those stay gated. The *number* +is optional enrichment. + +**How to apply (the `check-icr` gate — `tools/gen-icr.py` in v-stdlib, and the +§5.4 design in [[msl-vsl-coordination-plan]]):** +- A `@icr` declaration may carry a **notional marker** instead of a number + (`@icr DBS` or `@icr notional`) together with a real + `@status Supported @custodian @source #`. The gate + accepts it as **declared** and emits **no warning** about the missing number. +- Keep red-gating: an **undeclared** L4 call, a `Private`/retired status, or + **direct global access** to a VistA file. Those are the real violations. +- Pin a real number only if/when someone sources it from the live FileMan #9.8 + FORUM registry — never block, warn, or churn waiting for one. + +**Concrete trigger that prompted this (do NOT re-open):** the **FileMan DBS +API** — `GETS^DIQ` · `$$GET1^DIQ` · `UPDATE^DIE` · `FILE^DIE` · `$$FIND1^DIC` +(the S1 storage / S3 audit seams, custodian `DI`) — is the public DBS +programmer API documented in the FileMan Developer's Guide (`DI/fm22_2dg`), but +the vdocs gold corpus carries **no ICR number** for any of them (whole-corpus +scan confirmed). That is expected and fine: they are notionally Supported. +`VSLFS` (M3) and `VSLLOG` (M4) declare them with a notional marker; this is +**not** a gap, a risk, or a follow-up. (Related: the FileMan **record-delete** +path is an FDA `.01="@"` via `FILE^DIE`/`UPDATE^DIE` — there is no `DELETE^DIE`, +and `^DIK`/direct KILL are forbidden — see [[m3-vslfs]] when it lands.) + +§5.4 of the coordination plan was amended with this resolution. Encoded in code +in v-stdlib's `gen-icr.py` at M3. See also [[engine-access-through-driver-stack]] +(the sibling "real invariant, not paperwork" enforcement posture). diff --git a/prompts/m2-lane-b-vslio-kickoff.md b/prompts/m2-lane-b-vslio-kickoff.md new file mode 100644 index 0000000..f8d8435 --- /dev/null +++ b/prompts/m2-lane-b-vslio-kickoff.md @@ -0,0 +1,180 @@ +--- +title: "VSL/MSL M2 Lane B — the VSLIO adapter (bind STDNET to ^%ZIS / CALL^%ZISTCP)" +status: ready +created: 2026-06-16 +doc_type: [PROMPT] +for: a fresh implementation session (cwd v-stdlib; reads m-stdlib, edits neither m-stdlib nor vpng) +plan: docs/vsl-msl/vsl-implementation-plan.md +tracker: docs/vsl-msl/vsl-implementation-tracker.md +supersedes_for_lane_b: docs/prompts/m2-vslio-kickoff.md +--- + +# VSL/MSL M2 Lane B — the `VSLIO` socket/TLS adapter + +**Lane A is DONE and `v0.8.0` is tagged**, so the leaf-first sequencing is +satisfied and the immediate next step is **Lane B**: the `VSLIO` adapter in +**v-stdlib** that binds the new `STDNET` socket seam to VistA's device handler. + +This prompt is the active, focused Lane B kickoff. The full M2 design context +(the R1 TLS rationale, the engine-divergence map, the tiered acceptance) lives in +[`m2-vslio-kickoff.md`](m2-vslio-kickoff.md) — read it for depth; its **Lane A is +already complete**, so start from this file. + +## Where we are (snapshot, 2026-06-16) + +- **M1 COMPLETE** (the `STDENV→VSLCFG→VPNG` vertical, byte-identical both engines). +- **M2 Lane A DONE — MSL `v0.8.0` tagged** (`d51084b`, pushed; `v0.8.0:dist/ + seam-snapshot.json` carries `seams.STDNET`). `STDNET` (m-stdlib) is the portable + raw-TCP socket seam over each engine's native SOCKET device: **6 `@seam` verbs** + `listen`/`accept`/`connect`/`read`/`write`/`close` (+ `available`/`boundport`/ + `lastError`). YottaDB loopback echo GREEN 9/9 on m-test-engine; IRIS deferred + (`$$available^STDNET()`=0, soft-skip). +- **STDNET has LOUD TLS guards** (branch `stdnet-tls-gap`, pushed, unmerged): + `$$tlsAvailable^STDNET()`=0; `$$listenTls`/`$$connectTls` **raise + `,U-STDNET-NOTLS,`** (never silent plaintext); `$$tlsHelp`/`$$lastError` carry + the engine-TLS remediation. **TLS is a gating backlog item** + (m-stdlib `docs/tracking/discoveries.md`, 2026-06-16, P1 open GATING). +- **v-stdlib pins `msl_ref: v0.7.0`** today; this session re-pins to `v0.8.0`. +- **TLS infra is absent on both engines** (researched, gold-corpus): `DEFAULT TLS + SERVER CONFIG` is Kernel `XU*8.0*787` (IRIS-only, value = an IRIS + `Security.SSLConfigs` name); `vehu` is GT.M (no `$gtmtls`), `foia-t12` is IRIS + 2026.1 without `XU*8.0*787`. A **param-def-only stand-in** (`DEFAULT TLS SERVER + CONFIG` #8989.51, install name `ZTLSCFG*1.0*1`) **is provisioned on BOTH + engines** (docs repo `vsl-msl/testinfra/`, settable via XPAR) — config-read is + testable, but there is **no cert / no working TLS socket**. +- Both engines up: `vehu` (YDB), `foia-t12` (IRIS), reached over the driver stack only. + +## Decisions already made (do not re-litigate) + +1. **`VSLIO` lives in v-stdlib** — a `VSL*` module beside `VSLCFG`, layer `v`. + **Not** a new repo. This is a v-stdlib session: **one repo, one branch** (e.g. + `m2-vslio`). It READS m-stdlib (stage `STDNET` + `STDASSERT` via `--routines`, + re-pin the seam) but EDITS NEITHER m-stdlib nor vpng. +2. **Seam invariant (waterline):** `VSLIO` exposes the **same public signature as + `STDNET`** and contains **only** the VistA binding — `^%ZIS` open, + `CALL^%ZISTCP` outbound, `OPEN/USE/CLOSE^%ZISUTL` handles, named TLS config. + Any framing/buffering/timeout logic stays in `STDNET` and is *called* up + (`needs MSL: …` → add to STDNET, re-tag, re-pin — never a private copy). The + no-duplication lint (§9) enforces this. +3. **Tiered acceptance, lightest first** (§12.2 + the M2 prompt): + - **Tier 1** — outbound `CALL^%ZISTCP` to a reachable `host:port` returns + **`POP=0`** (the cheapest real 0/1). + - **Tier 2** — **plain-TCP loopback echo** of one byte via `^%ZIS`. + - **Tier 3** — the same over a **named TLS config** — **blocked-on-infra from + the start** (no cert / `XU*8.0*787`). Record it blocked; **do NOT fake TLS.** + `STDNET`'s `$$tlsAvailable`=0 + the `ZTLSCFG` param-def stand-in are the + markers; tier-3 is the gating cleanup the backlog already tracks. +4. **DBIA + citation gates apply** (unlike VPNG): every L4 call site carries + `; doc: @icr … @status Supported @source …` so `check-icr` + `check-citations` + go green with real content. `CALL^%ZISTCP` is **ICR #2118** (Supported, XU, + `XU/krn_8_0_dg_device_handler_ug#CALL^%ZISTCP`); the `^%ZIS`/`^%ZISUTL`/TLS-read + ICRs are a build-time deliverable — **ground each from the vdocs gold corpus + with the `corpus-researcher` agent**, do not trust the plan's prose (T1.2 found + the plan's XPAR citation wrong → actually Kernel #2263). +5. **No KIDS/packaging work** — adding `VSLIO` to a KIDS base + env-check is the + `VSLBLD` job at **M5**. M2's acceptance is the adapter **green dual-engine over + the driver**. + +## Resume prompt + +``` +Start VSL/MSL M2 Lane B — the VSLIO adapter in v-stdlib. Bind the STDNET socket +seam (MSL v0.8.0) to VistA's device handler: ^%ZIS open / CALL^%ZISTCP outbound / +OPEN-USE-CLOSE^%ZISUTL handles / named TLS config. Prove, in tiers, GREEN on BOTH +engines (vehu YDB, foia-t12 IRIS) over the driver stack: (1) CALL^%ZISTCP -> POP=0; +(2) plain-TCP loopback echo of one byte via ^%ZIS; (3) the same over a named TLS +config (BLOCKED-on-infra — record, do not fake). Single-engine first; dual-engine +is the exit criterion for tiers 1-2. + +ONE SESSION <-> ONE REPO (v-stdlib) <-> ONE BRANCH (e.g. m2-vslio). Reads m-stdlib +(stage STDNET + STDASSERT; re-pin the seam) but EDITS NEITHER m-stdlib nor vpng +(org CLAUDE.md). VSLIO is a VSL* module beside VSLCFG, layer v. + +START BY READING (in order): + 1. docs/prompts/m2-vslio-kickoff.md — the full M2 design context (Lane A done): + the R1 TLS rationale, the engine-divergence map, the tiered acceptance, and + the recorded TLS-infra-absent finding. + 2. m-stdlib/src/STDNET.m + m-stdlib/docs/modules/stdnet.md + + m-stdlib/docs/memory/m2-stdnet-socket-seam.md — the EXACT signature VSLIO + mirrors (listen/accept/connect/read/write/close) + the hard-won socket idiom + + the TLS gap (STDNET is plaintext; $$tlsAvailable=0; listenTls/connectTls + raise U-STDNET-NOTLS). + 3. v-stdlib/src/VSLCFG.m + v-stdlib/tests/VSLCFGTST.m + + v-stdlib/docs/memory/t1.2-vslcfg.md + t0b4-msl-seam-pin.md — the adapter + pattern, the @icr/@source/seam-pin gate wiring to mirror, the live driver + recipe, and how `make pin`/`check-msl-pin` works (re-pin v0.7.0 -> v0.8.0). + 4. docs/vsl-msl/msl-vsl-coordination-implementation-plan.md §5.1 (the S4 row), + §5.4 (the @icr gate; #2118 pinned), §5.5 (the @source gate), §12.2 (the + VSLIO acceptance row). + 5. docs/vsl-msl/https-stack-spec.md §9 (TLS configuration per engine) + + docs/vsl-msl/testinfra/README.md (the provisioned DEFAULT TLS SERVER CONFIG + param-def stand-in — config-only, no cert). + 6. v-stdlib/CLAUDE.md + ~/vista-cloud-dev/CLAUDE.md — layer-v rules, the m/v + waterline, the ENGINE-ACCESS HARD RULE (driver stack only; the PreToolUse + guard denies raw docker exec / iris session), and the Increment Protocol. + +THE WORK (TDD red-first, hard rule): + • Re-pin (boundary 1): `make pin` -> dist/msl-seam-pin.json msl_ref + v0.7.0 -> v0.8.0 (now carries seams.STDNET); `make check-msl-pin` green. This + is the first real exercise of T0b.4's fetch-the-MSL-contract-at-the-tag path. + • tests/VSLIOTST.m FIRST (red, safe-default stubs, never $ECODE): tier 1 + (CALL^%ZISTCP POP=0), tier 2 (loopback echo). A clean way to do the loopback: + open a listener (STDNET works on the GT.M VistA engine too, or ^%ZIS), then + VSLIO CALL^%ZISTCP connects to it and echoes one byte. Confirm RED. + • src/VSLIO.m (green): expose STDNET's signature, VistA binding ONLY. Tag every + L4 call `; doc: @icr @status Supported @custodian XU @source #` + (CALL^%ZISTCP = #2118; ground ^%ZIS/^%ZISUTL via corpus-researcher). + • Tier 3 (TLS): assert $$tlsAvailable^STDNET()=0 / that a TLS path is not yet + wired; record tier-3 blocked-on-infra (no cert / XU*8.0*787). Do NOT fake it. + +ENGINE RECIPES (from t1.2/t1.3/vpng memory): + Suites: m test --engine ydb --docker vehu --routines /src tests + m test --engine iris --docker foia-t12 --namespace VISTA --routines /src tests + Ad-hoc: m vista exec --engine ydb|iris --transport docker '' (+ M_YDB_*/M_IRIS_* env) + (Driver stack ONLY — never raw docker exec/iris session.) + +VERIFICATION (M2 Lane B "done"): + • VSLIOTST green YDB+IRIS for tier 1 (POP=0) and tier 2 (loopback echo); tier 3 + recorded blocked-on-TLS-infra. + • The three determinism boundaries green: (1) check-msl-pin@v0.8.0; (2) check-icr + (every VSLIO L4 call Supported/declared); (3) check-citations (each @source + anchor verified vs the gold corpus). make check-fast clean (fmt/lint/arch + + all gates incl. check-namespaces, check-engine-access). + • No regression: m-stdlib (v0.8.0) + vpng unchanged; v-stdlib's existing + VSLCFG/VSLCFGTST + gates still green. + +DO NOT (scope guards): + • Do NOT edit m-stdlib or vpng. Do NOT build a KIDS package/env-check (VSLBLD, M5). + • Do NOT put framing/buffering in VSLIO — it goes in STDNET, called up. + • Do NOT fake TLS — tier-3 stays infra-blocked until a cert + XU*8.0*787 (or + GT.M $gtmtls) land; that is the gating cleanup the backlog tracks. + • One repo (v-stdlib), one branch. Merges + any MSL re-tag stay user actions. + +INCREMENT PROTOCOL (v-stdlib, when green): + 1. Memory: v-stdlib/docs/memory/m2-vslio.md (the ^%ZIS/CALL^%ZISTCP binding, the + POP/IO contract, the @icr pins grounded, the tier-3 TLS-infra blocker) + index. + 2. Tracker: flip the M2 row in docs/vsl-msl/vsl-implementation-tracker.md (docs + repo — SEPARATE commit, stage only the tracker) to note Lane B done / tier-3 + blocked. + 3. Commit + push the v-stdlib branch (e.g. m2-vslio). Co-Authored-By trailer. + +GOAL: the VistA side of the socket seam — VSLIO binding STDNET (v0.8.0) to +^%ZIS/CALL^%ZISTCP, a byte echoing plaintext on BOTH engines (tiers 1-2), tier-3 +TLS recorded blocked-on-infra, all three determinism boundaries green. Then M3 +(VSLFS — the FileMan storage seam, §12.2). +``` + +## Notes for the operator (not part of the resume prompt) + +- **Why this is unblocked now.** Lane A tagged MSL `v0.8.0` carrying + `seams.STDNET`; v-stdlib's `check-msl-pin` compares against the **tag**, so the + re-pin to `v0.8.0` is the first real run of T0b.4's deferred fetch-at-tag path. +- **The TLS tier is expected to be blocked.** Don't treat tier-3 as a failure — + the absence of engine TLS is a researched, documented, *gating* backlog item + (m-stdlib `discoveries.md` 2026-06-16). A green tier-1+tier-2 with tier-3 + recorded blocked is a complete, honest Lane B increment. +- **Grounding the non-pinned ICRs.** Only `CALL^%ZISTCP` (#2118) is pre-pinned. + Confirm `^%ZIS` / `^%ZISUTL` / any TLS-config read against the vdocs gold corpus + via `corpus-researcher` — verify, don't trust the plan's prose. +- **If `foia-t12` is down**, recreate per the IRIS leg recipe in the t1.2/t1.3 + memories; confirm `docker ps` healthy before the IRIS run. diff --git a/prompts/m2-vslio-kickoff.md b/prompts/m2-vslio-kickoff.md new file mode 100644 index 0000000..59fd124 --- /dev/null +++ b/prompts/m2-vslio-kickoff.md @@ -0,0 +1,259 @@ +--- +title: "VSL/MSL M2 — VSLIO socket/TLS seam: the STDNET leaf + the VSLIO adapter (the R1 engine-sensitive spike)" +status: ready +created: 2026-06-16 +doc_type: [PROMPT] +for: a fresh implementation session (CROSS-REPO, leaf-first: m-stdlib STDNET, then v-stdlib VSLIO) +plan: docs/vsl-msl/vsl-implementation-plan.md +tracker: docs/vsl-msl/vsl-implementation-tracker.md +--- + +# VSL/MSL M2 — the `VSLIO` socket/TLS seam (S4): `STDNET` leaf → `VSLIO` adapter + +> **STATUS UPDATE (2026-06-16): Lane A is DONE — `STDNET` shipped, MSL `v0.8.0` +> tagged.** This prompt now serves as the **deep design context** for M2 (the R1 +> TLS rationale, the engine-divergence map, the tiered acceptance, the recorded +> TLS-infra-absent finding). For the **active next step (Lane B — the `VSLIO` +> adapter in v-stdlib)**, start from +> [`m2-lane-b-vslio-kickoff.md`](m2-lane-b-vslio-kickoff.md), which supersedes the +> Lane A half below. + +M1 is done — the first full vertical (`STDENV → VSLCFG → VPNG`) is proven +byte-identical on both engines. **M2 is the first horizontal seam build-out and +the single most engine-sensitive one (risk R1):** the **socket/TLS** seam. It +binds a new portable MSL network primitive (`STDNET`) to VistA's device handler +(`^%ZIS` / `CALL^%ZISTCP` / `^%ZISUTL` + named TLS) through a `VSLIO` adapter. + +Unlike M1 (whose MSL side was already shipped — `STDENV` + `STDJSON`, zero new +pure code), **M2 needs new MSL code**: `STDNET` does not exist yet. So M2 is +**cross-repo and leaf-first** — the m-stdlib `STDNET` leaf lands and **tags** +first, then v-stdlib's `VSLIO` pins that tag and binds it. This is the +coordination protocol's S4 row (§5.1) and the deliberately-deferred TLS risk +spike (§ "M2 — Socket/TLS spike"). + +## Why M2 is a spike, not a routine port (read this first) + +`STDNET` is **the most engine-sensitive code in the whole effort** (R1, C6). +Sockets and TLS are where YottaDB and IRIS diverge hardest — `$ZF`/libc vs IRIS +native socket devices, and named TLS-config semantics differ. **Treat M2 as a +de-risking spike: prove the mechanism on both engines before polishing the API.** +The acceptance is tiered (lightest binary first): + +1. **Outbound connect (the simplest 0/1):** `CALL^%ZISTCP` to a reachable + `host:port` returns **`POP=0`** (connection opened) on both engines. This is + the §12.2 VSLIO gate and the cheapest real proof. +2. **Plain-TCP loopback echo:** open a listening socket, accept, write one byte, + read it back — proves open/read/write end-to-end (no TLS yet). +3. **TLS echo (the full R1 de-risk):** the same loopback echo over a **named TLS + config** (`DEFAULT TLS SERVER CONFIG`, https-stack-spec §9) — a byte echoes + end-to-end over TLS on **both** engines. + +**Land them in that order.** If TLS-config infrastructure is not present on the +test engines (cert + `DEFAULT TLS SERVER CONFIG` #8989.51 entry), establishing it +**is part of the spike** — surface it early, don't fake it. A green tier-1+tier-2 +with tier-3 explicitly blocked-on-infra is a legitimate increment to commit, with +the blocker recorded in the tracker. + +## Decisions already made for this session (do not re-litigate) + +1. **Leaf-first, two repos, two lanes.** The `STDNET` MSL leaf is authored in + **m-stdlib** and **tagged** (a new minor — current MSL tag is `v0.7.0`, so + **`v0.8.0`**); only then does **v-stdlib**'s `VSLIO` re-pin `msl_ref` → + `v0.8.0` and bind it. **One writer per repo; never edit both in one session** + (org `CLAUDE.md` §"Cross-repo work" + coordination plan §4/§13). Cutting the + MSL tag is an explicit user action (same as the `v0.7.0` ceremony). +2. **`VSLIO` lives in v-stdlib** (a `VSL*` module beside `VSLCFG`), not a new + repo. M1's VPNG was a throwaway *consumer*; `VSLIO` is a real *adapter* — it + belongs in the VSL library. No new repo this milestone. +3. **The seam invariant holds (waterline):** `VSLIO` exposes the **same public + signature** as `STDNET` and contains **only** the VistA binding — `^%ZIS` + open, `CALL^%ZISTCP` outbound, `OPEN/USE/CLOSE^%ZISUTL` handles, named TLS. + Any framing/buffering/timeout-retry logic stays in `STDNET` and is *called* + by `VSLIO` (`needs MSL: $$readn^STDNET` → add to the leaf, tag, then bind — + never a private copy). The no-duplication lint (§9) enforces this. +4. **DBIA + citation gates apply to `VSLIO`** (unlike VPNG, which made no L4 + call): every L4 call site carries `; doc: @icr … @status Supported @source …` + so `make check-icr` + `make check-citations` go green with real content. + `CALL^%ZISTCP` is **ICR #2118** (Supported, custodian XU, + `XU/krn_8_0_dg_device_handler_ug#CALL^%ZISTCP`); the `^%ZIS`/`^%ZISUTL` ICRs + are a build-time deliverable to pin from the gold corpus (use the + `corpus-researcher` agent / vdocs to ground each, like T1.2 reconciled XPAR). +5. **No KIDS/packaging work this milestone.** Adding `VSLIO` to the VSL KIDS base + build and the env-check is the `VSLBLD` job at **M5**. M2's acceptance is the + adapter **green dual-engine over the driver**, not a new installable. + +## Where we are (snapshot, 2026-06-16) + +- **M1 COMPLETE.** `VSLCFG` (T1.2) binds `STDENV`→XPAR both engines; the VSL KIDS + base (T1.3) installs the `VPNG GREETING` def; `vpng` (T1.4/T1.5) returns the + golden `{"greeting":"hello"}` byte-identical on vehu (YDB) + foia-t12 (IRIS) on + the install-once `MSL→VSL→VPNG` base, test-in-place 3/3, uninstall-clean. +- **The seam machinery is proven** (T0b.3/T0b.4/T1.1): `@seam` → `seams` block + + `dist/seam-snapshot.json` + the git-HEAD bump-forcer (a NEW seam is green with + no version bump); v-stdlib's `check-msl-pin` asserts the pinned MSL contract at + the tag. `STDNET` is the **second** real seam to flow through it (`STDENV` was + first) — and the **first that requires a fresh MSL tag for the VSL side to + consume** (so the T0b.4 network-fetch-at-tag path gets its real workout). +- **MSL is at `v0.7.0`** (carries `seams.STDENV`); **v-stdlib pins `msl_ref: + v0.7.0`**. Both engines up: `vehu` (YDB), `foia-t12` (IRIS), reached over the + driver stack only. + +## Resume prompt + +``` +Start VSL/MSL M2 — the VSLIO socket/TLS seam (S4), the most engine-sensitive +spike (R1). Leaf-first across two repos: author + tag the STDNET MSL leaf in +m-stdlib FIRST, then bind it with a VSLIO adapter in v-stdlib. Prove, in tiers: +(1) outbound CALL^%ZISTCP -> POP=0; (2) plain-TCP loopback echo of one byte; +(3) the same echo over a named TLS config (DEFAULT TLS SERVER CONFIG) — a byte +echoes end-to-end over TLS — GREEN on BOTH engines (vehu YDB, foia-t12 IRIS) +over the driver stack. Land the tiers in order; if TLS-config infra is absent on +the test engines, establishing it is part of the spike (surface it, don't fake). + +ONE SESSION ↔ ONE REPO ↔ ONE BRANCH. M2 spans m-stdlib (STDNET leaf) and v-stdlib +(VSLIO adapter); they are SEPARATE lanes. Do the m-stdlib leaf lane to a tagged, +verified state FIRST (its own increment), then the v-stdlib lane. Never edit both +repos in one session (org CLAUDE.md §Cross-repo work; coordination plan §4/§13). + +START BY READING (in order): + 1. ~/vista-cloud-dev/docs/vsl-msl/msl-vsl-coordination-implementation-plan.md + §5.1 (the S4 seam row), §5.2 (the seam-contract artifact + bump-forcer), + §5.4 (the @icr ICR-registry gate — ICR #2118 is pinned), §5.5 (the @source + citation gate), and the "M2 — Socket/TLS spike (VSLIO)" acceptance row. + 2. ~/vista-cloud-dev/docs/vsl-msl/https-stack-spec.md §9 (TLS configuration per + engine) + the STDNET/VWEBIO socket-adapter rows (§ component table) — the + engine-divergence map this seam must straddle. + 3. ~/vista-cloud-dev/m-stdlib/docs/plans/future-modules-plan.md — the STDNET + row (Pri 1; "$ZF/libc POSIX sockets or YDB native, TBD") + the A1/B2 leaf + entries — the MSL design source for the leaf. + 4. ~/vista-cloud-dev/v-stdlib/src/VSLCFG.m + tests/VSLCFGTST.m + the v-stdlib + memories t1.2-vslcfg.md / t1.3-vsl-kids.md — the live-XPAR/driver recipe and + the @icr/@source/seam-pin gate wiring to mirror for VSLIO. + 5. ~/vista-cloud-dev/vpng/docs/memory/t1.4-t1.5-vpng-m1.md — the engine-access + gotchas (m test --routines staging vs test-in-place; --docker vs --transport + docker; verify-clean two-objects) you will reuse. + 6. ~/vista-cloud-dev/CLAUDE.md — org rules: Increment Protocol (per repo), + m/v waterline (STDNET = m, VSLIO = v; one-way v->m), "Registry-driven + everything", and the ENGINE-ACCESS HARD RULE (driver stack ONLY; the + PreToolUse guard denies raw docker exec / iris session / mumps -direct). + +LANE A — m-stdlib: the STDNET leaf (leaf-first; its own tagged increment) + • TDD red-first: tests/STDNETTST.m FIRST (portable socket open/read/write + + the byte-echo over loopback, engine-guarded $ZVERSION["IRIS" arms where the + socket device syntax diverges — mirror m-stdlib's existing IRIS-portability + arms). Confirm RED (safe-default stubs, never $ECODE). + • src/STDNET.m: the MINIMAL portable primitive M2 needs — open(host,port,opts), + write(handle,bytes), read(handle,n,timeout), close(handle), and a listen/ + accept pair for the loopback echo. Keep it the smallest surface VSLIO binds; + extra helpers arrive consumer-driven (needs-MSL). Tag the side-effecting + entry points `; doc: @seam STDNET` so make manifest/seams emit seams.STDNET + (contract_version 1; bump-forcer green for a NEW seam). + • Gates: make check (fmt+lint+STDNETTST both engines) + m arch check (layer m, + G1-G4+meta) + the 4 drift gates. STDNET is engine-neutral (no VistA symbols) + — it must pass G2. + • Increment + RELEASE: per-repo memory + module-tracker; commit/push the + m-stdlib branch. Then (USER ACTION) cut MSL tag v0.8.0 carrying seams.STDNET, + exactly as the v0.7.0 ceremony — so v-stdlib can pin it. + +LANE B — v-stdlib: the VSLIO adapter (after v0.8.0 exists) + • Re-pin: make pin -> dist/msl-seam-pin.json msl_ref v0.7.0 -> v0.8.0 (now + carries seams.STDNET); check-msl-pin green (boundary ①). This is the first + real exercise of the network-fetch-at-tag pin path (T0b.4 deferred it). + • TDD red-first: tests/VSLIOTST.m FIRST — tier 1 (CALL^%ZISTCP POP=0), tier 2 + (loopback echo via STDNET open/write/read), tier 3 (the same over named TLS). + Confirm RED. + • src/VSLIO.m: bind STDNET's signature to ^%ZIS open / CALL^%ZISTCP outbound / + OPEN-USE-CLOSE^%ZISUTL handles / the named TLS config. ONLY the VistA binding + — no framing/buffering (that's STDNET, called up; waterline). Tag every L4 + call site `; doc: @icr @status Supported @custodian XU @source #` + (CALL^%ZISTCP = ICR #2118; ground ^%ZIS/^%ZISUTL ICRs from the vdocs gold + corpus via the corpus-researcher agent, like T1.2 reconciled XPAR to #2263). + • Gates: make check-fast (fmt/lint/arch + check-icr now non-empty for VSLIO + + check-citations + check-namespaces + check-msl-pin@v0.8.0 + check-engine- + access) + make test ENGINE=ydb DOCKER=vehu / ENGINE=iris DOCKER=foia-t12. + +ENGINE RECIPES (from t1.2/t1.3/vpng memory): + Suites: m test --engine ydb --docker vehu --routines /src tests + m test --engine iris --docker foia-t12 --namespace VISTA --routines /src tests + Ad-hoc: m vista exec --engine ydb|iris --transport docker '' (+ M_YDB_*/M_IRIS_* env) + (Driver stack ONLY — never raw docker exec/iris session; the PreToolUse guard denies it.) + +VERIFICATION (M2 "done" — tiered, both engines): + • STDNET: STDNETTST green YDB+IRIS; seams.STDNET emitted; bump-forcer green; + arch layer m clean (G2 — no VistA symbols below the line); MSL tagged v0.8.0. + • VSLIO: VSLIOTST green YDB+IRIS for tier 1 (POP=0) and tier 2 (loopback echo); + tier 3 (TLS echo) green OR explicitly blocked-on-TLS-infra (recorded). The + three determinism boundaries green: ① check-msl-pin@v0.8.0, ② check-icr + (VSLIO L4 calls all Supported/declared), ③ check-citations (each @source + anchor verified vs the gold corpus). make check-fast clean. + • No regression: m-stdlib's and v-stdlib's existing suites + drift gates green. + +DO NOT (scope guards): + • Do NOT build a KIDS package / env-check for VSLIO — that is VSLBLD at M5. + • Do NOT put framing/buffering/HTTP logic in VSLIO — it goes in STDNET (or + STDHTTPMSG later), called up (waterline rule 1/2; no-duplication lint §9). + • Do NOT edit both repos in one session; do the STDNET leaf + tag first, then + VSLIO. Do NOT cut a tag yourself (user action) or merge branches to main. + • Do NOT fake TLS — if DEFAULT TLS SERVER CONFIG / certs are absent on the test + engines, record the blocker and land tiers 1-2; do not stub a "passing" TLS. + +INCREMENT PROTOCOL (per repo, when each lane is green): + Lane A (m-stdlib): memory m-stdlib/docs/memory/ + docs/tracking/module-tracker.md; + commit/push the m-stdlib branch; (user) tag v0.8.0. + Lane B (v-stdlib): memory v-stdlib/docs/memory/m2-vslio.md + flip the M2 row in + docs/vsl-msl/vsl-implementation-tracker.md (docs repo — SEPARATE commit, stage + only the tracker); commit/push the v-stdlib branch (e.g. m2-vslio). Merges + + the tag stay user actions. Co-Authored-By trailer. + +GOAL: the socket/TLS seam proven — STDNET (portable, tagged v0.8.0) bound by +VSLIO to ^%ZIS/CALL^%ZISTCP + named TLS, a byte echoing end-to-end on BOTH +engines, all three determinism boundaries green. The hardest engine-divergence +risk (R1) retired. Next is M3 (VSLFS — FileMan storage seam, §12.2). +``` + +## Notes for the operator (not part of the resume prompt) + +- **Why leaf-first matters here specifically.** M1's MSL side was already shipped, + so T1.2–T1.5 never had to cut an MSL tag mid-vertical. M2 is the **first** + milestone whose VSL adapter consumes a **new** MSL primitive, so it exercises + the full `needs-MSL → tag → re-pin` loop and the deferred network-fetch-at-tag + pin path (T0b.4). Get the STDNET leaf to a *tagged* state before touching + v-stdlib — a half-built leaf can't be pinned. +- **The TLS-infra unknown is the real risk — and it is CONFIRMED ABSENT (checked + 2026-06-16).** Tiers 1–2 (outbound POP=0, plain loopback echo) are testable with + no special setup. Tier 3 needs a server TLS config entry (`DEFAULT TLS SERVER + CONFIG`, #8989.51) + a cert. **Neither engine has it today:** on BOTH `vehu` + (YDB) and `foia-t12` (IRIS) the `DEFAULT TLS SERVER CONFIG` parameter + **definition does not even exist** in `#8989.51` (`$D(^XTV(8989.51,"B","DEFAULT + TLS SERVER CONFIG"))=0`), there is no SYS value, the only TLS/SSL-ish param is + the unrelated `YS MHA SECURE DESKTOP DISABLE`, and IRIS has **no native + `Security.SSLConfigs`** entry either. **Premise correction (researched 2026-06-16, + gold-corpus):** the param is **not** a Broker (XWB) patch — it is created by + **Kernel `XU*8.0*787`**, documented as an **IRIS-only** feature (requires IRIS + for Health ≥ 2024.1.2; the value names an IRIS `Security.SSLConfigs` cert + entry). `vehu` is GT.M V7.0-005, so `XU*8.0*787` does not apply to it, and the + corpus describes **no GT.M `$gtmtls` path**. `XU*8.0*787` is installed on + neither engine; the `XUSUDO` TLS API (`$$ISTLSSERVERCONF^XUSUDO`) is absent on + both. +- **The `DEFAULT TLS SERVER CONFIG` param DEF is now provisioned (2026-06-16, both + engines) — config-read is unblocked; real TLS sockets are NOT.** A reversible + **param-def-only** v-pkg build (`vsl-msl/testinfra/`, install name + `ZTLSCFG*1.0*1`, namespace `Z`) ships the `#8989.51` definition (free text, SYS) + on `vehu` + `foia-t12`; it is settable/readable via XPAR (round-trips + `tls_encrypt_server`). So `VSLIO` **can** `$$get`/`$$set^VSLCFG("DEFAULT TLS + SERVER CONFIG", …)` — the named-config read part of the seam is testable. But + this stand-in ships **no cert, no Kernel TLS API, no working socket** — **tier 3 + (an actual TLS handshake/echo) is still infra-blocked**: it needs real + `XU*8.0*787` + an IRIS `Security.SSLConfigs` cert (IRIS path), or GT.M `$gtmtls` + + OpenSSL (GT.M path, undocumented + OS-level/off-limits under the driver-only + rule). Land tiers 1–2; exercise the config-read against the provisioned def; + record the real-cert tier 3 as infra-blocked — do not fake it. See + `vsl-msl/testinfra/README.md` (install/uninstall recipe). Uninstall the stand-in + before any real `XU*8.0*787`. +- **Grounding the non-pinned ICRs.** Only `CALL^%ZISTCP` (#2118) is pre-pinned. + `^%ZIS`/`^%ZISUTL`/the TLS-config read each need their Supported ICR confirmed + from the vdocs gold corpus — use the `corpus-researcher` agent (it cites + sources) rather than guessing; T1.2 found the plan's XPAR citation was wrong + (`XT*7.3*26` → actually Kernel #2263), so verify, don't trust the plan's prose. +- **If `foia-t12` is down**, recreate per the IRIS leg recipe in the t1.2/t1.3 + memories; confirm `docker ps` healthy before the IRIS run. diff --git a/prompts/m3-vslfs-kickoff.md b/prompts/m3-vslfs-kickoff.md new file mode 100644 index 0000000..b15598b --- /dev/null +++ b/prompts/m3-vslfs-kickoff.md @@ -0,0 +1,193 @@ +--- +title: "VSL/MSL M3 — VSLFS: the FileMan storage seam (S1) over the DBS API" +status: ready +created: 2026-06-16 +doc_type: [PROMPT] +for: a fresh implementation session (cross-repo, leaf-first; the storage-seam MSL leaf, then VSLFS in v-stdlib) +plan: docs/vsl-msl/vsl-implementation-plan.md +tracker: docs/vsl-msl/vsl-implementation-tracker.md +--- + +# VSL/MSL M3 — `VSLFS`: the FileMan storage seam (S1) + +The next milestone in the horizontal seam build-out (§12.2): **storage / +persistence**. A `VSLFS` adapter binds a portable MSL storage seam to VistA's +**FileMan DBS API** (`GETS^DIQ` / `$$GET1^DIQ` / `UPDATE^DIE` / `FILE^DIE` / +`FIND1^DIC`). Risk **R4 — FileMan impedance**; it also introduces the **FileMan +DD install** (the next KIDS discovery beyond M1's `#8989.51` parameter component). + +M3 is **parallel-safe** with the owed M2 tail (it shares no code with the socket +seam), so it does not wait on them. + +## Where we are (snapshot, 2026-06-16) + +- **M1 COMPLETE** (`STDENV→VSLCFG→VPNG`, byte-identical both engines). +- **M2 functionally complete for tiers 1–2.** `STDNET` (MSL `v0.8.0`, the socket + seam, YDB loopback 9/9) + `VSLIO` (v-stdlib `m2-vslio`, binds it to + `CALL^%ZISTCP` #2118; vehu 10/10, foia-t12 6/6). **Owed M2 tail (tracked, + parallel, NOT blocking M3):** STDNET's IRIS leg (unblocks the IRIS loopback) + + tier-3 real TLS (the gating infra cleanup — m-stdlib `discoveries.md` + 2026-06-16). Both `VSLIO`/`STDNET` ship LOUD TLS guards already. +- **The seam machinery is well-worn** (T0b.3/T0b.4/T1.1/M2): `@seam` → manifest + + `seam-snapshot.json` + bump-forcer; v-stdlib `check-msl-pin` fetches MSL's + contract at the pinned tag (proven live at M2: v0.7.0→v0.8.0). +- **MSL is at `v0.8.0`** (STDENV + STDNET seams); v-stdlib pins `msl_ref: v0.8.0`. +- Both engines up: `vehu` (YDB), `foia-t12` (IRIS), driver stack only. + +## The two open design questions to resolve FIRST (then don't re-litigate) + +1. **Where does the storage seam live? (plan Q3.)** `STDFS` today is + **filesystem I/O only** (path-based `readFile`/`writeBytes`/…); it has no + record-store surface and no `@seam`. The M3 seam is a **record store** — + `$$get/$$set/$$exists/$$kill` over `(file, iens/key, field)`. **Decide early:** + a **new minimal MSL module** (e.g. `STDKV` / `STDSTORE`) carrying the storage + `@seam`, vs. a storage sub-API tagged on `STDFS`. **Recommendation: a new + small module** — the record-store contract is conceptually distinct from + filesystem I/O, and overloading `STDFS` muddies its seam. Keep the seam + **minimal** — only the four verbs the §12.2 acceptance needs. Ground the call + against `docs/vsl-msl/msl-vsl-architecture.md` (S1) before naming it. +2. **How is the test FileMan FILE provided?** The §12.2 test needs "a test + FileMan file" to `$$set`/`$$get`/`$$kill` records in. v-pkg installs routines + + `#8989.51` params (T1.3) but **NOT a FileMan FILE DD yet** (the DIFROM/`FIA` + data-dictionary path is unbuilt — see v-pkg `docs/memory/krn-param-def-component.md`). + **Two options:** + - **(a) First increment — use an EXISTING low-risk FileMan file** (the + VSLCFGTST probe pattern: find/restore a scratch field on a safe file), so + VSLFS goes green over real FileMan WITHOUT the DD-install dependency. + - **(b) The faithful "DD install" — a v-pkg ENABLER** (a separate v-pkg + session, mirroring T1.3's KRN-param enabler): teach `v-pkg build/install` the + FileMan FILE-DD component, then install a throwaway test file. R4 / the KIDS + DD-install discovery. + **Recommendation: (a) for the first VSLFS-green increment; (b) is the + follow-up v-pkg track** (the "DD install" the milestone calls out). Do NOT + block VSLFS-green on building the v-pkg DD installer. + +## Decisions already made (do not re-litigate) + +1. **Leaf-first, cross-repo, one writer per repo** (as M2): the **MSL storage + seam** is authored + **tagged** (`v0.9.0`) in m-stdlib FIRST; only then does + **v-stdlib**'s `VSLFS` re-pin `msl_ref` → `v0.9.0` and bind it. Never edit two + repos in one session. Cutting the MSL tag is an explicit user action. +2. **`VSLFS` lives in v-stdlib** (a `VSL*` module beside `VSLCFG`/`VSLIO`), layer + `v`. The adapter contains **only** the VistA binding (FileMan DBS); any + non-FileMan logic stays in the MSL seam, called up (waterline §9 no-dup). +3. **Every L4 call is `@icr`-tagged** (FileMan DBS = FM 22.2 DG, Supported): + `GETS^DIQ`/`$$GET1^DIQ`/`UPDATE^DIE`/`FILE^DIE`/`FIND1^DIC`. **Ground each ICR + number + `@source` anchor from the vdocs gold corpus with the + `corpus-researcher` agent** — do NOT trust the plan's prose (it was wrong for + XPAR at T1.2 and for `CALL^%ZISTCP` at M2; verify every one). +4. **Error contract:** a FileMan `DIERR` array maps to a clean `,U-VSL-FS-…,` + `$ECODE` (the §12.2 row), with `$$lastError^VSLFS()` carrying the `DIERR` + detail — loud, never a silent wrong value. (Same loud-failure posture as + STDNET/VSLIO's TLS guards.) +5. **Dual-engine is the exit criterion** (single-engine first). FileMan DBS is + VistA-portable, so VSLFS should need no `$ZVERSION` arm — but verify on both + `vehu` and `foia-t12`. + +## Resume prompt + +``` +Start VSL/MSL M3 — VSLFS, the FileMan storage seam (S1). Bind a portable MSL +record-store seam ($$get/$$set/$$exists/$$kill over (file,iens,field)) to VistA's +FileMan DBS API (GETS^DIQ / $$GET1^DIQ / UPDATE^DIE / FILE^DIE / FIND1^DIC). Prove +GREEN on BOTH engines (vehu YDB, foia-t12 IRIS) over the driver stack: $$set a +record into a test FileMan file, $$get it back byte-identical, $$exists is true, +$$kill removes it, and a DIERR maps to a clean ,U-VSL-FS-..., $ECODE (with +$$lastError carrying the detail). Single-engine first; dual-engine is the exit. + +RESOLVE TWO DESIGN QUESTIONS FIRST (see the kickoff): (Q3) the storage seam's home +— a new minimal MSL module (recommended) vs a STDFS sub-API; and (test file) use +an EXISTING low-risk FileMan file via the VSLCFGTST probe pattern for the first +green (recommended), deferring the v-pkg FileMan-DD-install enabler to a separate +v-pkg track. + +CROSS-REPO, LEAF-FIRST, ONE WRITER PER REPO (as M2): author + TAG the MSL storage +seam in m-stdlib FIRST (new tag v0.9.0), THEN bind it with VSLFS in v-stdlib +(re-pin msl_ref v0.8.0 -> v0.9.0). Never edit two repos in one session. The v-pkg +FileMan-DD-install enabler, if pursued, is its own v-pkg session. + +START BY READING (in order): + 1. docs/vsl-msl/msl-vsl-architecture.md (S1 storage) + + docs/vsl-msl/msl-vsl-coordination-implementation-plan.md §5.1 (S1 row), + §5.4 (the @icr gate), §5.5 (@source), §12.2 (the VSLFS acceptance row), + §"M3 — Storage (VSLFS)" (R4 + the DD install). + 2. v-stdlib/src/VSLCFG.m + VSLIO.m + their tests + docs/memory/{t1.2-vslcfg, + m2-vslio}.md — the adapter pattern, the @icr/@source/pin gate wiring, the + live-driver recipe, the DIERR/loud-error posture to mirror, and how + `make pin`/`check-msl-pin` re-pins to a new MSL tag. + 3. m-stdlib/src/STDFS.m (filesystem-only — confirm the record-store seam is NOT + here) + docs/plans/future-modules-plan.md (any storage/KV proposal) + + m-stdlib/docs/memory/m2-stdnet-socket-seam.md (the leaf-first + @seam + + tag-and-repin rhythm to copy). + 4. v-pkg/internal/buildspec (the `files`/FileComp slot) + + v-pkg/docs/memory/krn-param-def-component.md (why DD install is NEW work — + the KRN path is built, the FileMan FIA/DIFROM data-DD path is not) — for the + test-file decision + the (deferred) DD-install enabler scope. + 5. ~/vista-cloud-dev/CLAUDE.md + v-stdlib/CLAUDE.md — the m/v waterline, the + ENGINE-ACCESS HARD RULE (driver stack only), and the Increment Protocol. + +THE WORK (TDD red-first, hard rule; like M2): + LANE A (m-stdlib): the storage-seam leaf. Resolve Q3, author the minimal module + + tests (a global-backed reference impl is enough for the seam to be real and + testable on a bare engine), tag the side-effecting verbs `; doc: @seam `, + gates green (fmt/lint/test both engines, m arch check layer m / G2, the 4 drift + gates; bump-forcer green for a NEW seam). Increment + (user) tag MSL v0.9.0. + LANE B (v-stdlib, after v0.9.0): VSLFS. Re-pin msl_ref -> v0.9.0 (check-msl-pin + green). tests/VSLFSTST.m FIRST (red, safe defaults): set/get byte-identical, + exists, kill, DIERR->$ECODE (use raises^STDASSERT). src/VSLFS.m: the FileMan + DBS binding ONLY, each L4 call @icr/@source-tagged (grounded via + corpus-researcher). Use an existing test file (probe pattern) for green. + +ENGINE RECIPES (from t1.2/m2 memory): + m test --engine ydb --docker vehu --routines src --routines /src tests + m test --engine iris --docker foia-t12 --namespace VISTA --routines src --routines /src tests + m vista exec --engine ydb|iris --transport docker '' (+ M_YDB_*/M_IRIS_* env) + (Driver stack ONLY — never raw docker exec / iris session.) + +VERIFICATION (M3 "done"): + • VSLFSTST green on BOTH engines: set/get byte-identical, exists, kill clean, + DIERR -> ,U-VSL-FS-..., (lastError carries the FileMan detail). + • 3 boundaries green: check-msl-pin@v0.9.0 / check-icr (every FileMan DBS call + Supported + declared, no direct VistA-file global access) / check-citations. + make check-fast clean. + • No regression: m-stdlib (now v0.9.0) + v-stdlib's VSLCFG/VSLIO + vpng unchanged. + +DO NOT (scope guards): + • Do NOT edit two repos in one session; tag the MSL leaf first, then VSLFS. + • Do NOT directly set/$ORDER FileMan file globals — go through the DBS API + (check-icr's no-direct-global rule). Non-FileMan logic stays in the MSL seam. + • Do NOT block VSLFS-green on building the v-pkg FileMan-DD installer — use an + existing file first; the DD install is a separate, deferred v-pkg track. + • Merges + the MSL re-tag stay user actions. + +INCREMENT PROTOCOL (per repo, when green): + Lane A (m-stdlib): memory + docs/tracking/module-tracker.md (+ a docs/modules/ + .md); commit/push the branch; (user) tag v0.9.0. + Lane B (v-stdlib): memory v-stdlib/docs/memory/m3-vslfs.md; flip the M3 row in + docs/vsl-msl/vsl-implementation-tracker.md (docs repo — SEPARATE commit); + commit/push the v-stdlib branch (e.g. m3-vslfs). Co-Authored-By trailer. + +GOAL: the storage seam proven — a portable record-store contract bound by VSLFS to +FileMan DBS, set/get/exists/kill byte-identical on BOTH engines with DIERR mapped +to a clean $ECODE, all three determinism boundaries green. Then M4 (VSLSEC + +VSLLOG — security + audit seams, §12.2). +``` + +## Notes for the operator (not part of the resume prompt) + +- **Why a test file, not a DD install, first.** The §12.2 milestone bundles "the + FileMan DD install" with VSLFS, but the install is a *v-pkg capability* (new + code, R4) while VSLFS is the *adapter*. Decouple them: prove the adapter over an + existing FileMan file first (fast, like VSLCFGTST's probe), then build the + DD-install enabler in a v-pkg session and re-test with a throwaway file. This + mirrors how T1.3 needed a v-pkg KRN-param enabler before the VSL KIDS base. +- **Ground every FileMan ICR.** FM 22.2 DG documents the DBS API; each entry + point's Supported ICR + anchor must come from the vdocs gold corpus via + `corpus-researcher`, not the plan. The DBS calls are heavily used, so the ICRs + should be clean — but verify (the corpus has been wrong twice). +- **The owed M2 tail is a parallel option.** If you'd rather consolidate before + M3: STDNET's IRIS leg (the `|TCP|` device + a `JOB`'d connector — research notes + in `m2-vslio-kickoff.md`) closes M2 to full dual-engine, and tier-3 TLS is the + gating infra cleanup. Neither blocks M3. +- **If `foia-t12` is down**, recreate per the IRIS leg recipe in the t1.2/t1.3 + memories; confirm `docker ps` healthy before the IRIS run. diff --git a/prompts/t1.3-vsl-kids-base-kickoff-session2.md b/prompts/t1.3-vsl-kids-base-kickoff-session2.md new file mode 100644 index 0000000..b3c9781 --- /dev/null +++ b/prompts/t1.3-vsl-kids-base-kickoff-session2.md @@ -0,0 +1,167 @@ +--- +title: "VSL/MSL M1 — T1.3 kickoff SESSION 2 (VSL KIDS base — v-pkg enabler now DONE)" +status: ready +created: 2026-06-16 +supersedes: docs/prompts/t1.3-vsl-kids-base-kickoff.md +doc_type: [PROMPT] +for: a fresh implementation session (v-stdlib only) +plan: docs/vsl-msl/vsl-implementation-plan.md +tracker: docs/vsl-msl/vsl-implementation-tracker.md +--- + +# VSL/MSL M1 — T1.3 kickoff (session 2): VSL KIDS base + +Third task of **M1** (the walking-skeleton vertical `STDENV → VSLCFG → VPNG`). +T1.3 is **v-stdlib-only**. It packages the VSL layer as an installable KIDS build +and proves the install/uninstall lifecycle on both engines. + +## What changed since the first T1.3 attempt (READ THIS) + +The first T1.3 attempt discovered that **`v pkg` was routine-only** — it could not +package a `#8989.51` PARAMETER DEFINITION or a Required Build (the build-spec schema +accepted the fields but the emit + install/verify/uninstall ignored them). That gap +is now **CLOSED**: + +- **v-pkg `main`** (merged 2026-06-16, commit `2a3f273`) adds + the `#8989.51` PARAMETER DEFINITION as a **KIDS KRN component** + Required Builds + (`#9.611`). **Live-proven install→verify→uninstall→verify-clean on BOTH engines** + (vehu YDB + foia-t12 IRIS); the param lands in `#8989.51` (free text, SYS entity 4.2) + and backs out clean. Golden `.KID` + `v pkg roundtrip` clean; arch + contract gates green. +- **Read its memory FIRST — it is the build/run cheat-sheet for this session:** + `~/vista-cloud-dev/v-pkg/docs/memory/krn-param-def-component.md`. It has the exact + build-spec shape, the KRN transport structure, the one load-bearing fix (the + direct-populate install seeds `^XPD(9.7,XPDA,"KRN")` or `KRN^XPDIK` faults at status 2), + and the verbatim per-engine recipes. A working fixture is `v-pkg/testdata/zzparam/`. + +So T1.3 now sits cleanly on top: author `kids/vsl.build.json`, build the `.KID`, prove +the lifecycle on both engines. + +## Where we are (snapshot, 2026-06-16) + +- **M0 + T1.1 + T1.2 all DONE.** T1.1: MSL emits `seams.STDENV`, **tagged `v0.7.0`**. + T1.2: **`VSLCFG`** binds the STDENV config seam to XPAR at the SYS entity; all three + determinism boundaries green; **`VSLCFGTST` GREEN 3/3 on vehu (YDB) + foia-t12 (IRIS)**. +- **T1.3's v-pkg enabler DONE** (above). **Next = T1.3 itself** (this session). Then + T1.4 (VPNG consumer) + T1.5 (M1 exit gate) close M1. + +## Resume prompt + +``` +Start VSL/MSL task T1.3 — "VSL KIDS base" (SESSION 2; the v-pkg enabler is now DONE). +Package the VSL layer (VSLCFG + a #8989.51 PARAMETER DEFINITION + a Required Build on +the MSL base) as a KIDS build, and prove install → verify → uninstall → verify-clean +on BOTH engines (vehu YDB + foia-t12 IRIS) over the driver. T1.2's VSLCFG is done + +green; this makes the VSL layer installable. + +THIS IS A v-stdlib SESSION. One session ↔ one repo ↔ one branch: + cd ~/vista-cloud-dev/v-stdlib && git checkout main && git pull + git checkout -b t1.3-vsl-kids + +PREREQUISITE — use a KRN-CAPABLE v-pkg binary. The capability is now MERGED to v-pkg +`main` (2026-06-16, commit 2a3f273). Build the standalone binary from main: + cd ~/vista-cloud-dev/v-pkg && git checkout main && git pull && go build -o dist/v-pkg . +Use the `v-pkg` STANDALONE binary (`~/vista-cloud-dev/v-pkg/dist/v-pkg`), NOT the `v` +umbrella (which may pin an older v-pkg). Confirm it is current: `v-pkg build` on the +zzparam fixture should report `paramDefs: 1`. + +START BY READING (in order): + 1. ~/vista-cloud-dev/v-pkg/docs/memory/krn-param-def-component.md — THE cheat-sheet: + the working build-spec shape, the KRN transport structure, the #9.7-KRN-seed fix, + and the verbatim per-engine install/verify/uninstall recipes. + 2. ~/vista-cloud-dev/CLAUDE.md — org rules: Increment Protocol, m/v waterline, + "Registry-driven everything" (the normalized .KID is a drift-gated artifact). + 3. ~/vista-cloud-dev/v-stdlib/CLAUDE.md — repo rules (layer v; VistA vocab lives here). + 4. ~/vista-cloud-dev/docs/vsl-msl/vsl-implementation-plan.md (T1.3 row) + + msl-vsl-coordination-implementation-plan.md §12.1 (the walking-skeleton determinism + ledger — the KIDS build / install / test-in-place / uninstall rows). + 5. ~/vista-cloud-dev/v-stdlib/docs/memory/t1.2-vslcfg.md (VSLCFG + the param point: a + hand-built #8989.51 def does NOT file — a KIDS/FileMan-built def does) and + ~/vista-cloud-dev/docs/memory/engine-access-through-driver-stack.md (HARD RULE: + engine work via the driver stack ONLY; the PreToolUse guard denies raw docker exec). + +THE TASK (acceptance gate = "install→verify→uninstall→verify-clean GREEN both engines"; +§12.1 ledger rows KIDS build / install / uninstall / dual-engine): + • Create `kids/vsl.build.json` (v-stdlib has no kids/ yet). Proven shape (mirror + v-pkg/testdata/zzparam/kids/ZZPARAM.build.json): + { + "package": "VSL", "version": "1.0", "patch": "1", + "components": { + "routines": ["VSLCFG"], + "parameterDefinitions": [ + { "name": "VSL GREETING", + "displayText": "VSL greeting (read by VPNG)", + "dataType": "free text", + "entities": [ { "entity": "SYS", "precedence": 1 } ] } + ] + }, + "requiredBuilds": [ { "name": "MSL*0.1*1", "action": "DON'T INSTALL, LEAVE GLOBAL" } ] + } + - The PARAMETER DEFINITION is the greeting param VPNG/T1.4 will read at SYS via + $$get^VSLCFG. Install the DEFINITION ONLY (empty — no value; T1.4 seeds/reads it). + Confirm the param NAME matches what T1.4's VPNG plan reads. + - REQUIRED BUILD name: read the MSL base install name from + ~/vista-cloud-dev/m-stdlib/kids/std.build.json (package MSL, version 0.1, patch 1 → + "MSL*0.1*1"). Use that EXACT name. (Pin stays MSL v0.7.0 — do NOT cut a new tag.) + • `v-pkg build kids/vsl.build.json --src src --out /tmp/VSL.kids` → normalized `.KID`. + Commit the normalized export under v-stdlib — it is a drift-gated artifact: confirm + `v-pkg roundtrip /tmp/VSL.kids` is clean (decompose→assemble reproduces it), and wire + a deterministic+golden build check into the v-stdlib gates (model: + v-pkg/pkgcli/build_test.go TestBuild_ZZPARAM_Deterministic). Do NOT hand-edit the .KID. + • Install→verify→uninstall→verify-clean on BOTH engines OVER THE DRIVER (`v-pkg`, + mdriver.Client — NOT `m test`). Verbatim recipes: + YDB (vehu): + export M_YDB_CONTAINER=vehu M_YDB_GBLDIR=/home/vehu/g/vehu.gld \ + M_YDB_ROUTINES='/home/vehu/p/r2.02_x86_64*(/home/vehu/p) /home/vehu/s/r2.02_x86_64*(/home/vehu/s) /home/vehu/r/r2.02_x86_64*(/home/vehu/r) /home/vehu/lib/gtm/libgtmutil.so' + v-pkg install /tmp/VSL.kids --engine ydb --transport docker -o json # installed:true status:3 + v-pkg verify /tmp/VSL.kids --engine ydb --transport docker -o json # routines+params all true + v-pkg uninstall /tmp/VSL.kids --engine ydb --transport docker -o json # uninstalled:true + v-pkg verify /tmp/VSL.kids --engine ydb --transport docker -o json # installed:false (exit 3) + IRIS (foia-t12 — confirm it is up; recreate per v-stdlib/docs/plans/t1.2-vslcfg-design.md if not): + export M_IRIS_TRANSPORT=docker M_IRIS_CONTAINER=foia-t12 M_IRIS_NAMESPACE=VISTA M_IRIS_IRIS_INSTANCE=IRIS + v-pkg install /tmp/VSL.kids --engine iris --transport docker -o json + v-pkg verify / uninstall / verify … (same as YDB) + Verify = #9.7 status 3 + VSLCFG routine present + the param present in #8989.51. + Clean = routine + #9.7/#9.6 + the param def all gone (verify reports installed:false). + +REQUIRED-BUILD nuance (decide + record explicitly): v-pkg's direct-populate install +bypasses the interactive KIDS LOAD where the required-build prerequisite check normally +fires — so the Required Build is EMITTED into #9.6/MBREQ (the faithful, drift-gated +artifact) but may NOT be ENFORCED at install in this path. Two valid postures: + (a) Core T1.3 gate — prove the VSL base installs→uninstalls→clean both engines with the + Required Build DECLARED. Sufficient for the §12.1 ledger; note enforcement deferred. + (b) Faithful "install once base" ordering — build the MSL base KID from + m-stdlib/kids/std.build.json with the KRN-capable v-pkg, install it FIRST, then the + VSL KID, proving STD* (STDASSERT…) is present before VSL. Stronger, larger (17 STD* + routines; YDB-proven via streamed install, IRIS owed). Pick per time; record which. + +VERIFICATION (v-stdlib "green"): + • The literal §12.1 ledger: install → verify → uninstall → verify-clean, exit-0 path on + BOTH engines; the PARAMETER DEFINITION installs + backs out clean. + • Drift gate: `v-pkg build` reproduces the committed normalized `.KID` byte-identical + (registry discipline) + roundtrip clean. + • `m arch check .` (layer v) + `make check-fast` (engine-free gates incl. + check-engine-access) stay green. Don't regress T1.2's three determinism boundaries. + +DO NOT (scope guards): + • Do NOT change VSLCFG.m / VSLCFGTST.m (T1.2, done + green). + • Do NOT build VPNG (T1.4) or seed/read the parameter VALUE — T1.3 installs the empty + DEFINITION only. T1.3 ends at "VSL KIDS base installs + uninstalls clean both engines". + • Do NOT cut a new MSL tag or re-pin (the pin stays MSL v0.7.0 — correct). + • Do NOT edit v-pkg from this session beyond building its binary read-only (one repo ↔ + one branch). v-pkg's KRN capability is already merged to main (2026-06-16). + +INCREMENT PROTOCOL (per repo, when green): + 1. Memory: ~/vista-cloud-dev/v-stdlib/docs/memory/t1.3-vsl-kids.md — the build-spec shape + (VSLCFG + PARAMETER DEFINITION + Required-Build-on-MSL), the per-engine recipe, the + required-build-enforcement posture chosen, any gotchas; index in MEMORY.md. + 2. Tracker: flip the T1.3 row to 🟢 in + ~/vista-cloud-dev/docs/vsl-msl/vsl-implementation-tracker.md (docs repo — SEPARATE; + stage only the tracker) + a progress-log line. + 3. Commit + push the v-stdlib branch `t1.3-vsl-kids` (never onto main; merge stays a + user action). Co-Authored-By trailer. + +GOAL: the VSL layer (VSLCFG + the config PARAMETER DEFINITION, Requiring the MSL base) +installs → verifies → uninstalls → verifies-clean on BOTH engines. Then T1.4 (VPNG: +`$$ping^VPNG()` == golden `{"greeting":"hello"}`, KIDS Requires the VSL base) and T1.5 +(the M1 determinism-ledger exit gate, byte-identical both engines) close the first vertical. +``` diff --git a/prompts/t1.4-vpng-consumer-kickoff.md b/prompts/t1.4-vpng-consumer-kickoff.md new file mode 100644 index 0000000..216c09e --- /dev/null +++ b/prompts/t1.4-vpng-consumer-kickoff.md @@ -0,0 +1,222 @@ +--- +title: "VSL/MSL M1 — T1.4 + T1.5 kickoff: VPNG consumer + the M1 determinism-ledger exit gate" +status: ready +created: 2026-06-16 +doc_type: [PROMPT] +for: a fresh implementation session (NEW repo `vpng`; reads m-stdlib + v-stdlib, edits neither) +plan: docs/vsl-msl/vsl-implementation-plan.md +tracker: docs/vsl-msl/vsl-implementation-tracker.md +--- + +# VSL/MSL M1 — T1.4 + T1.5 kickoff: VPNG consumer + M1 exit gate + +The **final two tasks of M1** — the walking-skeleton vertical +`STDENV → VSLCFG → VPNG`. This session builds the throwaway consumer **VPNG** +(T1.4) **and** closes the **M1 determinism-ledger exit gate** (T1.5) — the two +are folded into one session because T1.5 is just "run the whole ledger and prove +byte-identical both engines," which only becomes possible once VPNG exists. + +When this session is done, the **first full vertical** is proven: a routine that +reads a VistA config value through the VSL adapter, serializes it with the MSL +JSON encoder, is **KIDS-installed on top of the VSL→MSL Required-Build chain**, +**tested in place**, and **uninstalled clean** — producing a single golden byte +string **identical on YottaDB and IRIS**. + +## Decisions already made for this session (do not re-litigate) + +1. **VPNG lives in its own NEW repo** `github.com/vista-cloud-dev/vpng` — faithful + to the plan's consumer-repo topology (coordination plan §4; architecture line + ~726 "VSL is its own track with its own repo," and consumers likewise). It is + **not** `VSL*` — its own `VPNG` namespace, layer `v` (it needs VistA: it calls + `$$get^VSLCFG` → XPAR). Creating the GitHub remote is a **user action** (see + "Repo creation" below) — scaffold + commit locally, push once the remote exists. +2. **Fold in T1.5.** After VPNG works, run the complete §12.1 determinism ledger + as the M1 exit gate in this same session. +3. **Prove the install-once base** (the faithful posture (b), the stronger one + T1.3 deferred): install **MSL base → VSL base → VPNG** in dependency order so + the Required-Build prerequisites are genuinely **present** at each install, + then uninstall in reverse to clean. This is what makes "install once, reuse + everywhere" (coordination plan §7, §8.4) real rather than declared. + +## Where we are (snapshot, 2026-06-16) + +- **M0 + T1.1 + T1.2 + T1.3 all DONE.** + - **T1.1** (m-stdlib): `$$get^STDENV` tagged `@seam STDENV`, **tagged `v0.7.0`**. + - **T1.2** (v-stdlib): **`VSLCFG`** binds the STDENV config seam to XPAR at the + SYS entity (`$$get^VSLCFG(key,default)`=`$$GET^XPAR("SYS",…)`, + `$$set^VSLCFG(key,value)`=`EN^XPAR("SYS",…)`); **`VSLCFGTST` GREEN 3/3 on vehu + (YDB) + foia-t12 (IRIS)**. + - **T1.3** (v-stdlib): the **VSL KIDS base** — `kids/vsl.build.json` = + `VSLCFG` + the **`VPNG GREETING` #8989.51 PARAMETER DEFINITION** (SYS, free + text) + a **Required Build on `MSL*0.1*1`**. Normalized export at + `v-stdlib/dist/kids/VSL.kids` (install name **`VSL*1.0*1`**); + install→verify→uninstall→verify-clean GREEN on both engines over the driver. +- **The param the skeleton turns on is already shipped by the VSL base:** + `VPNG GREETING` (free text, SYS). VPNG reads it with the default `"hello"` — + which is exactly the golden value. T1.3 installed the **empty DEFINITION**; + this session **seeds + reads** the value. +- **Both engines are up:** `vehu` (YDB) and `foia-t12` (IRIS), reached over the + driver stack only. + +## Resume prompt + +``` +Start VSL/MSL tasks T1.4 + T1.5 — build the VPNG walking-skeleton consumer in a +NEW repo `vpng`, then close the M1 determinism-ledger exit gate: prove the full +vertical STDENV→VSLCFG→VPNG installs (install-once base: MSL→VSL→VPNG), seeds, +returns the golden byte string `{"greeting":"hello"}` IDENTICAL on YDB and IRIS, +tests in place, and uninstalls clean — all four drift gates green. + +THIS IS A NEW-REPO (`vpng`) SESSION. One session ↔ one repo ↔ one branch. It +READS m-stdlib + v-stdlib (to stage STDJSON/STDASSERT/VSLCFG and to install the +MSL/VSL bases) but EDITS NEITHER. + +REPO CREATION (user action — do this first, or ask the user to): + The vpng GitHub remote must exist before push. Either the user runs: + gh repo create vista-cloud-dev/vpng --public -d "VPNG — M1 walking-skeleton VistA config-echo consumer (throwaway)" + …or you scaffold + commit locally and the user creates+pushes. Do NOT git init + the workspace root; create ~/vista-cloud-dev/vpng as its own repo. + +PREREQUISITES — binaries + bases: + • KRN-capable v-pkg standalone (built from v-pkg main 2a3f273): + cd ~/vista-cloud-dev/v-pkg && git checkout main && git pull && go build -o dist/v-pkg . + Use ~/vista-cloud-dev/v-pkg/dist/v-pkg (the STANDALONE binary, not the `v` umbrella). + • The `m` toolchain: ~/vista-cloud-dev/m-cli/dist/m (build if stale: cd m-cli && go build -o dist/m .). + • The MSL base KID: ~/vista-cloud-dev/m-stdlib/dist/kids/MSL.kids (install name MSL*0.1*1, + routine-only, 17 STD* modules). Rebuild byte-identical if you want: in m-stdlib, + `make kids VPKG=~/vista-cloud-dev/v-pkg/dist/v-pkg` (routine-only path is unchanged by KRN). + • The VSL base KID: ~/vista-cloud-dev/v-stdlib/dist/kids/VSL.kids (install name VSL*1.0*1, from T1.3). + +START BY READING (in order): + 1. ~/vista-cloud-dev/docs/vsl-msl/msl-vsl-coordination-implementation-plan.md §12.1 + — THE determinism ledger: every row is a 0/1 binary check; the literal exit-0 + command chain is at the end of §12.1. This is the T1.5 acceptance spec verbatim. + 2. ~/vista-cloud-dev/v-stdlib/docs/memory/t1.3-vsl-kids.md — the VSL base build/run + cheat-sheet (param name VPNG GREETING + default "hello"; per-engine recipes; + the install-once / required-build posture note) and + ~/vista-cloud-dev/v-pkg/docs/memory/krn-param-def-component.md (the #9.7-KRN-seed + fix + verbatim per-engine install/verify/uninstall recipes). + 3. ~/vista-cloud-dev/CLAUDE.md — org rules: Increment Protocol, m/v waterline + ("works on a bare M engine?" → VPNG touches XPAR via VSLCFG → layer v), + "Registry-driven everything" (the normalized .KID is a drift-gated artifact), + and the ENGINE-ACCESS HARD RULE (driver stack only; the PreToolUse guard + denies raw docker exec). + 4. ~/vista-cloud-dev/v-stdlib/CLAUDE.md (the layer-v sibling to model the scaffold on) + + ~/vista-cloud-dev/v-stdlib/docs/memory/t1.2-vslcfg.md (the live-XPAR driver recipe: + M_YDB_GBLDIR/M_YDB_ROUTINES for YDB; --namespace VISTA for IRIS; and the + "EN^XPAR needs a KIDS/FileMan-built param def to FILE a value" gotcha — which + is exactly why we install the VSL base BEFORE seeding). + 5. The m-stdlib `m-stdlib` skill / src/STDJSON.m header — the encode tree shape + (node="o" object, children at node(key); node="s:VALUE" string leaf; + $$encode^STDJSON(.root) → text). + +THE CODE (TDD red-first, hard rule): + • Scaffold ~/vista-cloud-dev/vpng modeled on v-stdlib but MINIMAL (throwaway): + - .m-cli.toml (rules = "modern", target-engine "any") + - repo.meta.json (root): "layer":"v", namespaces.routines/globals = ["VPNG"], + consumes ["tool:v-stdlib","tool:m-stdlib"], license AGPL-3.0 + - Makefile: fmt/fmt-check/lint/arch + test (stage VSLCFG + STDJSON + STDASSERT + via repeated --routines: v-stdlib/src, m-stdlib/src) + check-kids (mirror + v-stdlib's: deterministic + golden vs dist/kids/VPNG.kids, SKIP-green w/o v-pkg) + + check-namespaces (the one meaningful drift gate here — VPNG owns the VPNG + prefix). seams/icr/citations/msl-pin: VPNG declares no @seam and makes no + direct L4 call (it calls VSLCFG + STDJSON, both library calls, not ^XPAR + directly) — so those gates are green-empty / not-applicable; only wire what + has real content (namespaces + check-kids). Keep it light. + - CLAUDE.md + README.md (one paragraph: throwaway M1 skeleton; Requires VSL base). + • tests/VPNGTST.m FIRST (red): assert $$ping^VPNG() == `{"greeting":"hello"}` via + one eq^STDASSERT (the golden). ADD a robustness assertion so green ≠ "just the + default": in setup seed `VPNG GREETING`="world" at SYS via $$set^VSLCFG, assert + $$ping^VPNG()==`{"greeting":"world"}`, then restore/kill the value (touch only + this param; restore immediately — same discipline as VSLCFGTST). Confirm RED + (no VPNG yet). TDD-red stub returns a safe default, never $ECODE. + • src/VPNG.m (green): own namespace, not VSL*. + ping() ; → {"greeting":""} + new root,val + set val=$$get^VSLCFG("VPNG GREETING","hello") + set root="o" + set root("greeting")="s:"_val + quit $$encode^STDJSON(.root) + (waterline: VPNG is the consumer; it calls the VSL adapter + the MSL encoder — + it does NOT touch ^XPAR or build JSON by hand.) + • kids/vpng.build.json: package VPNG, version 1.0, patch 1; components.routines + ["VPNG"]; requiredBuilds [{ "name":"VSL*1.0*1", "action":"DON'T INSTALL, LEAVE GLOBAL" }]. + (VSL in turn Requires MSL*0.1*1 → the full chain VPNG→VSL→MSL.) Build the + normalized export to dist/kids/VPNG.kids; commit it (drift-gated artifact); + `v-pkg roundtrip dist/kids/VPNG.kids` clean; wire make kids/check-kids. + +T1.4 GREEN (per engine, over the driver — v-pkg + m vista exec, NEVER raw docker exec): + Prove $$ping^VPNG() == `{"greeting":"hello"}` against the INSTALLED routine. + +T1.5 — THE M1 EXIT GATE (the §12.1 ledger; INSTALL-ONCE BASE ordering, both engines): + For EACH engine (vehu YDB, then foia-t12 IRIS), run the full chain exit-0: + 1. install MSL base: v-pkg install m-stdlib/dist/kids/MSL.kids (→ status 3; 17 STD* present) + 2. install VSL base: v-pkg install v-stdlib/dist/kids/VSL.kids (Required Build MSL*0.1*1 now PRESENT) + 3. install VPNG: v-pkg install dist/kids/VPNG.kids (Required Build VSL*1.0*1 now PRESENT) + → v-pkg verify each: all components present (routines + the param def) + 4. seed: $$set^VSLCFG("VPNG GREETING","hello") at SYS (now files — the def is installed) + 5. GOLDEN assertion: m vista exec '$$ping^VPNG()' == {"greeting":"hello"} (BYTE-IDENTICAL both engines) + 6. test-in-place: run VPNGTST against the INSTALLED routines (not working-tree src) — both pass + 7. uninstall REVERSE: VPNG → VSL → MSL; v-pkg verify --clean each (installed:false, exit 3) + → engine back to pre-install (routines + ^VPNG/param globals absent) + ENGINE RECIPES (from t1.2/t1.3 memory): + YDB (vehu): --engine ydb --transport docker + export M_YDB_CONTAINER=vehu + M_YDB_GBLDIR=/home/vehu/g/vehu.gld + M_YDB_ROUTINES='/home/vehu/p/r2.02_x86_64*(/home/vehu/p) /home/vehu/s/r2.02_x86_64*(/home/vehu/s) /home/vehu/r/r2.02_x86_64*(/home/vehu/r) /home/vehu/lib/gtm/libgtmutil.so' + IRIS (foia-t12): --engine iris --transport docker + export M_IRIS_TRANSPORT=docker + M_IRIS_CONTAINER=foia-t12 M_IRIS_NAMESPACE=VISTA M_IRIS_IRIS_INSTANCE=IRIS + +VERIFICATION (M1 "done"): + • Every §12.1 ledger row 0/1 green BOTH engines: golden string, ①contract (VSL pin), + ②ICR (check-icr), ③citation (check-citations), KIDS build (deterministic+golden), + KIDS install (all components + Required-Build chain resolved), test-in-place, + uninstall (clean), dual-engine parity (BYTE-IDENTICAL golden YDB==IRIS). + • vpng `make check-fast` (fmt/lint/arch + namespaces + check-kids) green; the M test + suite green in place. + • The cross-repo gates upstream still green: re-running v-stdlib `make check-fast` + and m-stdlib's drift gates shows no regression (you did not edit them). + +DO NOT (scope guards): + • Do NOT edit m-stdlib or v-stdlib source/specs (read + install their committed + KIDs only). One session ↔ one repo (vpng). v-pkg is read-only (build its binary). + • Do NOT cut a new MSL or VSL tag / re-pin (MSL stays v0.7.0; VSL base VSL*1.0*1). + • Do NOT promote VPNG to VSL* or move logic into VSLCFG — VPNG is the consumer; + keep the binding in VSLCFG and the JSON in STDJSON (waterline). + • Do NOT hand-edit any .KID; regenerate via v-pkg. + +INCREMENT PROTOCOL (per repo, when green): + 1. Memory: ~/vista-cloud-dev/vpng/docs/memory/t1.4-t1.5-vpng-m1.md (the build shape, + the install-once-base ordering + the verbatim per-engine ledger run, the + byte-identical golden proof, any gotchas) + a vpng MEMORY.md index. (vpng is its + own session → per-repo memory in its own repo, per the org memory routing.) + 2. Tracker: flip T1.4 AND T1.5 rows to 🟢 in + ~/vista-cloud-dev/docs/vsl-msl/vsl-implementation-tracker.md (docs repo — SEPARATE + commit; stage only the tracker) + a progress-log line declaring M1 / the first + full vertical COMPLETE. Also update the docs cross-cutting M1 status if present. + 3. Commit + push vpng (after the remote exists) on a feature branch (e.g. + `t1.4-t1.5-vpng-m1`), never onto main directly; merge stays a user action. + Co-Authored-By trailer. + +GOAL: the first full vertical — STDENV→VSLCFG→VPNG, KIDS-installed on the +install-once MSL→VSL base, tested in place, uninstalled clean — returns the golden +`{"greeting":"hello"}` BYTE-IDENTICAL on YDB and IRIS, every §12.1 ledger row green. +**M1 done.** Next is M2+ (the per-seam horizontal build-out, §12.2). +``` + +## Notes for the operator (not part of the resume prompt) + +- **Why install-once-base matters here specifically.** T1.2 found that `EN^XPAR` + will not *file* a value against a hand-built `#8989.51` definition — it needs a + FileMan/KIDS-built def. The VSL base install (step 2) is what creates that def, + so step 4's seed (`$$set^VSLCFG`) only works *because* the base was installed + first. That dependency is the whole point of the ordering proof. +- **The golden vs the default.** `VSLCFG.get`'s default is `"hello"`, the same as + the golden value, so an unseeded read would still produce the golden — which is + why VPNGTST should also seed a *distinct* value (`"world"`) and assert, to prove + the XPAR read path is genuinely exercised and green ≠ "default fallback." +- **If `foia-t12` is down**, recreate per `v-stdlib/docs/plans/t1.2-vslcfg-design.md` + (the IRIS leg recipe); confirm `docker ps` shows it healthy before the IRIS run. +- **MSL base on IRIS:** T0b.2 proved all 17 STD* *install* on IRIS (test-in-place + was partial for unrelated suite reasons). T1.5 only needs the base *installed* + (so VPNG's STDJSON dependency resolves) — not the MSL suite re-run — so the IRIS + leg is unblocked. diff --git a/vsl-msl/msl-vsl-coordination-implementation-plan.md b/vsl-msl/msl-vsl-coordination-implementation-plan.md index 6cf3bd6..d55f993 100644 --- a/vsl-msl/msl-vsl-coordination-implementation-plan.md +++ b/vsl-msl/msl-vsl-coordination-implementation-plan.md @@ -372,12 +372,31 @@ hand-kept — one source feeds both the gate and the build manifest. walk the §9 no-duplication lint performs, inverted from "flag scope creep" to "flag unregistered DBIA"); 2. asserts **every** such call site is declared in `icr-registry.json` with a - non-retired `Supported` or `Controlled Subscription` ICR — undeclared, or a - `Private`/retired ICR, is **red**; + non-retired `Supported` or `Controlled Subscription` status — **undeclared**, + or a `Private`/retired one, is **red**; 3. asserts no set/kill/`$ORDER` against a VistA file global appears outside a declared FileMan-DBS call — the "no direct global access" rule (architecture §3.2), mechanized. +> **The ICR *number* is notional — never a blocker (resolved 2026-06-16).** The +> load-bearing invariants of this gate are (a) the call is a **documented, +> `Supported` public API**, and (b) **no direct global access**. The DBIA/ICR +> *number* itself is **notional**: the integration registry (FileMan file #9.8, +> the DBA agreements) is a **manually human-curated list that lives only in +> FORUM** — it is not in the routine code, not in a FileMan DD on the running +> system, and **not enforced programmatically anywhere**. So a *number* must +> **never** be a hard requirement of this gate. Concretely: the **FileMan DBS +> API** (`GETS^DIQ` · `$$GET1^DIQ` · `UPDATE^DIE` · `FILE^DIE` · `$$FIND1^DIC`, +> S1/S3) is grounded as the public DBS programmer API in the FileMan Developer's +> Guide (`DI/fm22_2dg`, custodian `DI`), but the vdocs gold corpus carries **no +> ICR number** for any of them (a whole-corpus scan confirms it). A declaration +> may therefore use a **notional ICR marker** (`@icr DBS` / `notional`) with a +> real `@status Supported @custodian DI @source #`; the gate +> accepts it as declared and **emits no warning** about the missing number. Pin a +> real number only if/when one is sourced from the live #9.8 FORUM registry — it +> is an optional enrichment, not a gate condition. Do **not** re-open this as a +> blocker. + This turns risk **C8** and the no-direct-global rule from audited conventions into a gate. Two calls are pinned today (#2118, #10063); the rest fill in as each adapter lands (M1–M4) — but the **gate exists from M0**, so no adapter can merge diff --git a/vsl-msl/testinfra/README.md b/vsl-msl/testinfra/README.md new file mode 100644 index 0000000..977a542 --- /dev/null +++ b/vsl-msl/testinfra/README.md @@ -0,0 +1,61 @@ +# M2 test infrastructure — `DEFAULT TLS SERVER CONFIG` param def + +`ZTLSCFG` is a **param-def-only** KIDS build that provisions the +`DEFAULT TLS SERVER CONFIG` XPAR parameter definition (`#8989.51`, free text, SYS +entity) on a test engine, so the **config-read half** of the M2 `VSLIO` socket/TLS +seam is exercisable. + +## Why this exists (and what it is NOT) + +The real `DEFAULT TLS SERVER CONFIG` parameter is created by **Kernel +`XU*8.0*787`**, which the VA gold corpus documents as an **IRIS-only** feature +(requires IRIS for Health ≥ 2024.1.2; the value names an IRIS +`Security.SSLConfigs` cert entry). Neither test engine had it +(`vehu` is GT.M V7.0-005; `foia-t12` is IRIS 2026.1 but without `XU*8.0*787`), and +the corpus describes **no GT.M / `$gtmtls` path** at all. + +So this build is a **reversible test-infra stand-in**, not the real patch: + +- It ships **only the parameter definition** (a `#8989.51` KRN component, built by + v-pkg exactly like the VSL base ships `VPNG GREETING`) — **no routines, no Kernel + TLS API, no cert, no working TLS socket.** +- It lets `VSLIO` (M2) `$$get`/`$$set^VSLCFG("DEFAULT TLS SERVER CONFIG", …)` — + i.e. read/write the named-config parameter — so the **config-read** part of the + seam can be tested without the real `XU*8.0*787` / IRIS-SSLConfigs / cert stack. +- **Actual TLS sockets (tier 3) still need real cert plumbing** that is out of + scope here (IRIS `Security.SSLConfigs` + `XU*8.0*787`, or GT.M `$gtmtls` + + OpenSSL — the latter undocumented in the corpus and OS-level inside the + container, off-limits under the driver-only engine-access rule). + +The package namespace is **`Z`** (the local/non-VA throwaway namespace) so it +never collides with a real Kernel build; if `XU*8.0*787` is ever installed, +uninstall this first. + +## Provision / deprovision (over the driver stack only) + +Built artifact: `ZTLSCFG.kids` (install name `ZTLSCFG*1.0*1`). Rebuild with: + +```sh +v-pkg build vsl-msl/testinfra/tls-server-config.build.json \ + --src vsl-msl/testinfra/src --out vsl-msl/testinfra/ZTLSCFG.kids +``` + +Install / uninstall (env per the t1.2/t1.3 memories): + +```sh +# YDB (vehu) — export M_YDB_CONTAINER=vehu M_YDB_GBLDIR=… M_YDB_ROUTINES=… +v-pkg install vsl-msl/testinfra/ZTLSCFG.kids --engine ydb --transport docker +v-pkg verify vsl-msl/testinfra/ZTLSCFG.kids --engine ydb --transport docker # params."DEFAULT TLS SERVER CONFIG":true +v-pkg uninstall vsl-msl/testinfra/ZTLSCFG.kids --engine ydb --transport docker # reverses clean + +# IRIS (foia-t12) — export M_IRIS_TRANSPORT=docker M_IRIS_CONTAINER=foia-t12 M_IRIS_NAMESPACE=VISTA M_IRIS_IRIS_INSTANCE=IRIS +v-pkg install vsl-msl/testinfra/ZTLSCFG.kids --engine iris --transport docker +``` + +## Status (provisioned 2026-06-16) + +Installed + verified on **both** engines (`status:3`, param def present); the def +is **settable via XPAR** — `EN^XPAR("SYS","DEFAULT TLS SERVER CONFIG",1,"tls_encrypt_server")` +then `$$GET^XPAR` round-trips `tls_encrypt_server` on both `vehu` and `foia-t12` +(KIDS-built def files correctly, unlike a hand-built one — the T1.2 gotcha). +Reversible via `v-pkg uninstall` above. diff --git a/vsl-msl/testinfra/ZTLSCFG.kids b/vsl-msl/testinfra/ZTLSCFG.kids new file mode 100644 index 0000000..a67ac88 --- /dev/null +++ b/vsl-msl/testinfra/ZTLSCFG.kids @@ -0,0 +1,42 @@ +KIDS Distribution saved by v-pkg +m-kids reassembled output +**KIDS**:ZTLSCFG*1.0*1^ + +**INSTALL NAME** +ZTLSCFG*1.0*1 +"BLD",1,0) +ZTLSCFG*1.0*1^ZTLSCFG^0^0 +"BLD",1,"KRN",0) +^9.67PA^8989.51^1 +"BLD",1,"KRN",8989.51,0) +8989.51 +"BLD",1,"KRN",8989.51,"NM",0) +^9.68A^1^1 +"BLD",1,"KRN",8989.51,"NM",1,0) +DEFAULT TLS SERVER CONFIG^^0 +"BLD",1,"KRN",8989.51,"NM","B","DEFAULT TLS SERVER CONFIG",1) + +"BLD",1,"KRN","B",8989.51,8989.51) + +"RTN") +0 +"ORD",1,8989.51) +8989.51;1;1;;;;;;; +"ORD",1,8989.51,0) +PARAMETER DEFINITION +"KRN",8989.51,1,-1) +0 +"KRN",8989.51,1,0) +DEFAULT TLS SERVER CONFIG^Default TLS server config name (M2 test-infra stand-in for XU*8.0*787; SYS)^ +"KRN",8989.51,1,1) +F^^ +"KRN",8989.51,1,30,0) +^8989.513I^1^1 +"KRN",8989.51,1,30,1,0) +1^4.2 +"KRN",8989.51,1,30,"B",1,1) + +"VER") +8.0^22.2 +**END** +**END** diff --git a/vsl-msl/testinfra/tls-server-config.build.json b/vsl-msl/testinfra/tls-server-config.build.json new file mode 100644 index 0000000..beaee84 --- /dev/null +++ b/vsl-msl/testinfra/tls-server-config.build.json @@ -0,0 +1,15 @@ +{ + "package": "ZTLSCFG", + "version": "1.0", + "patch": "1", + "components": { + "parameterDefinitions": [ + { + "name": "DEFAULT TLS SERVER CONFIG", + "displayText": "Default TLS server config name (M2 test-infra stand-in for XU*8.0*787; SYS)", + "dataType": "free text", + "entities": [ { "entity": "SYS", "precedence": 1 } ] + } + ] + } +} diff --git a/vsl-msl/vsl-implementation-tracker.md b/vsl-msl/vsl-implementation-tracker.md index 150fc7d..ad93821 100644 --- a/vsl-msl/vsl-implementation-tracker.md +++ b/vsl-msl/vsl-implementation-tracker.md @@ -1,6 +1,6 @@ --- title: VSL Effort — Implementation Tracker -status: in progress — M0a + M0b/T0b.1–T0b.2 done; Phase A complete; **Phase B BUILD complete (2026-06-14/15): gates G2/G3/G4 + item-1 meta-schema + meta-migration + Go-m CI spike + reusable m-ci.yml + meta-gate** — remainder is user/merge actions (merge .github + feature branches; green the meta-gate; item-5 tag/pin) → then T0b.3 +status: "in progress — M0a + M0b/T0b.1–T0b.2 done; Phase A complete; **Phase B BUILD complete (2026-06-14/15): gates G2/G3/G4 + item-1 meta-schema + meta-migration + Go-m CI spike + reusable m-ci.yml + meta-gate** — remainder is user/merge actions (merge .github + feature branches; green the meta-gate; item-5 tag/pin) → then T0b.3" created: 2026-06-11 last_modified: 2026-06-15 revisions: 4 @@ -35,7 +35,7 @@ below; see [`msl-vsl-orchestration-kickoff.md`](msl-vsl-orchestration-kickoff.md |---|---|---|---|---| | Phase A | **Stabilize** — get `main` canonical everywhere (land feature branches, tags, layer tag + `arch:` CI caller *on main*) | all 8 repos + `.github` | 🟢 | **COMPLETE (s12, 2026-06-14):** all 8 mains canonical; G1 waterline gate (`m arch check`) built in m-cli + `layer` tag (root `repo.meta.json`) on every repo; reusable `.github/workflows/arch-waterline.yml` wired + verified GREEN on real CI (v-stdlib + m-cli `arch/arch SUCCESS`). v-pkg tagged `v0.1.0`; v-cli pins it (G4 seam-pin). | | Phase B | **Standardize the substrate** — one root `repo.meta.json` everywhere + G2/G3/G4 gates + the scheduled meta-gate + reusable `m-ci.yml` + tag m-cli & pin `m-cli-ref` | m-cli (gates) · `.github` (workflows) · all repos (meta + caller) | 🟢 | **Gate suite (item 2) DONE (2026-06-14) — G2+G3+G4 all in `m arch check`, all 8 repos clean.** G2 (no VistA below the line; the only real ref, m-stdlib STDSEED `do FILE^DIE`, resolved **Option B**: STDSEED engine-neutral, filer required, FileMan filer re-homing to v-stdlib `fileViaDie^VSLSEED` — owed). G3 (transport-monopoly: non-SDK repo *exec*-ing `m-ydb`/`m-iris`; co-occurrence-with-`exec.Command` makes it self-hosting). G4 (seam-pin: go.mod `replace`/pseudo-version of m-driver-sdk). m-stdlib branch `stdseed-engine-neutral-g2`; m-cli branch `phase-b-arch-gates` (G2 `947afad` + G3/G4 `a71e26e`), unmerged. **Item 1 (meta-schema validation) DONE (2026-06-15):** `m arch check` reads the meta **root-first** + validates shape (`LoadMeta`/`ValidateMeta` require id/layer/language/verification_commands; `Gate:"META"`). **Meta-migration DONE (2026-06-15):** the only two repos with a `dist/`-located meta — m-stdlib + v-stdlib — moved to a **root `repo.meta.json`** (m-stdlib's `check-manifest` gate updated; v-stdlib clean). All 8 repos now on root meta; all clean under G1–G4 + meta. m-stdlib on branch `stdseed-engine-neutral-g2`; v-stdlib branch `meta-to-root`. **Prerequisite spike DONE (2026-06-15): m-stdlib CI standardized onto the Go `m`** — m-stdlib branch `mstdlib-ci-go-m`, **PR #12, proven GREEN on real CI** (run 27541967332: arch ✓, m-stdlib ✓; IRIS fail-soft 44/45). Engine provisioning settled = **ubuntu + `docker run m-test-engine` + `m … --docker m-test-engine --chset m`** (the locally-proven path; NOT yottadb-base+LocalEngine). Reconciliations baked into the m-stdlib Makefile (the template for `m-ci.yml`): build `m` in-workflow via clone+`go build` (`M_CLI_REF` default `main`); lint severity via `scripts/m-lint-gate.sh` (Go `m` has **no `--error-on`** → residual `needs: m-cli --error-on/--fail-on flag`); **aggregate** (not per-module) coverage `--min-percent=85` with optional modules excluded from `CORE_SRC`; `--lcov`/`-o json` replace `--format=lcov`/`--format=tap`; Python drift gates unchanged. Detail → m-stdlib memory `ci-go-m-toolchain`. **Item 4 reusable `m-ci.yml` DONE (2026-06-15):** `vista-cloud-dev/.github/.github/workflows/m-ci.yml` (branch `m-ci-reusable`) — M-library CI on the Go `m`; a **provisioner** (build `m` + start engine container) that runs the repo's **Makefile targets** (byte-mode/--routines/lint-gate/coverage stay in the repo). Inputs: `m-cli-ref`/`go-version`/`engine-free-targets`/`engine-targets`/`engine-image|container|flags`/`artifacts`/`codecov`/`run-iris`(+iris-*). **Proven GREEN via m-stdlib PR #12** (`arch ✓`, `ci / m-ci ✓`, IRIS fail-soft; run 27547831002) — m-stdlib's `ci.yml` is now a thin caller (pinned `@m-ci-reusable`; **flip → `@main` after the `.github` PR merges**). Detail → shared memory `m-ci-reusable-workflow`. **Item 3 scheduled meta-gate DONE (2026-06-15):** the keystone (ADR §3.3.4) built in `.github` (branch `meta-gate`, `88cb729`) — `ecosystem.json` (10 repos) + `scripts/meta-gate.sh` (gh + python3; per default-branch resolve layer via the `m arch check` candidate order + assert an arch-waterline caller + registry completeness) + `meta-gate.yml` (weekly cron + dispatch). **Verified locally** vs the live public repos: 8 repos pass; **m-parse + m-dev-tools-mcp correctly flagged** — their layer meta + arch caller are on unmerged branches, so their `main`s aren't compliant yet (gate red BY DESIGN → green when those merge). Detail → shared memory `meta-gate`. **All Phase B BUILD work is now done; the remainder is user/merge actions:** (1) ✅ **DONE 2026-06-15** — the `.github` PRs merged to main (`m-ci.yml` PR #4, `meta-gate` PR #5); the reusable CI + scheduled meta-gate are **live**, and the meta-gate is **CI-verified** (dispatch run 27548966438: default `GITHUB_TOKEN` suffices; flags exactly m-parse + m-dev-tools-mcp → red by design until they merge). (2) ✅ **DONE 2026-06-15** — m-stdlib's `m-ci` caller flipped `@m-ci-reusable`→`@main` and **PR #12 squash-merged to master** (commit `0514130`; Go-`m` CI live on m-stdlib `master`, green vs `m-ci.yml@main`); (3) ✅ **DONE 2026-06-15** — merged the m-parse (PR #4) + m-dev-tools-mcp (PR #2) `add-layer-meta-arch-gate` branches (root `repo.meta.json` `layer: m` + `arch:` caller); **meta-gate now fully GREEN** (all 10 repos), CI-verified (dispatch run 27564827659); (4) **item 5 ✅ DONE 2026-06-15** — **m-cli tagged `v0.1.0`** (`main` `e3a6537`: toolchain + `m arch check` G1–G4 + `--chset`); the two `m`-building reusable workflows (`arch-waterline.yml`, `m-ci.yml`) **pin `m-cli-ref` default `main`→`v0.1.0`** (`.github` **PR #6 ✅ merged `4727944`** — `v0.1.0` pin now LIVE on `.github` main; every repo's `arch:` gate + m-stdlib CI build `m` from the tag; `go-ci.yml` unaffected — it doesn't build `m`); (5) ✅ **DONE 2026-06-15** — Phase B feature branches merged: m-cli `phase-b-arch-gates` (**PR #7**), m-stdlib `stdseed-engine-neutral-g2` (**PR #13**), v-stdlib `meta-to-root` (**PR #2**). **Phase B COMPLETE + fully merged** (all 5 items landed on default branches). Item (3) m-parse/m-dev-tools-mcp compliance **also landed 2026-06-15 → meta-gate fully green org-wide**; the meta-gate additionally hardened with a **CI-trigger-reaches-default-branch** drift guard (`.github` PR #7, `ci-trigger-check.py`) after the m-stdlib trigger bug. **Next: Phase C / T0b.4.** Resume prompt: [`../prompts/resume-vsl-implementation-prompt.md`](../prompts/resume-vsl-implementation-prompt.md). | -| Phase C | **Implement MSL⟷VSL** — the milestone tasks below (T0b.3 onward) | per-task `Repo` column | 🟡 | M0a + T0b.1/T0b.2 done; **Phase A+B COMPLETE**; **T0b.3 DONE 2026-06-15** (the four drift gates + `seams` block, both repos — **merged to default branches**: m-stdlib `master` `f89c141`, v-stdlib `main` `930fba6`); **T0b.4 DONE 2026-06-15** (MSL seam contract frozen as the `v0.6.0` baseline + v-stdlib cross-repo pin gate; branches pushed, unmerged — owed: push the `v0.6.0` tag + merge both branches) **T1.1 DONE 2026-06-15** (m-stdlib emits real `seams.STDENV`; bump-forcer green — first M1 vertical step) → next **T1.2** (v-stdlib `VSLCFG` binds STDENV to XPAR, both engines). Kickoff prompt: [`../prompts/phase-c-t0b3-kickoff.md`](../prompts/phase-c-t0b3-kickoff.md). | +| Phase C | **Implement MSL⟷VSL** — the milestone tasks below (T0b.3 onward) | per-task `Repo` column | 🟡 | M0a + T0b.1/T0b.2 done; **Phase A+B COMPLETE**; **T0b.3 DONE 2026-06-15** (the four drift gates + `seams` block, both repos — **merged to default branches**: m-stdlib `master` `f89c141`, v-stdlib `main` `930fba6`); **T0b.4 DONE 2026-06-15** (MSL seam contract frozen as the `v0.6.0` baseline + v-stdlib cross-repo pin gate; branches pushed, unmerged — owed: push the `v0.6.0` tag + merge both branches) **T1.1–T1.5 ALL DONE (M1 COMPLETE 2026-06-16)** — the **first full vertical** `STDENV→VSLCFG→VPNG` is proven: `VSLCFG` binds STDENV→XPAR (T1.2, both engines), the VSL KIDS base installs the `VPNG GREETING` def (T1.3), and the throwaway `vpng` consumer (T1.4) returns the golden `{"greeting":"hello"}` **byte-identical on YDB+IRIS** on the install-once `MSL→VSL→VPNG` base, test-in-place 3/3, uninstall-clean (T1.5 = the §12.1 ledger). → next **M2** (VSLIO TLS echo, horizontal build-out). Kickoff prompts: [`../prompts/phase-c-t0b3-kickoff.md`](../prompts/phase-c-t0b3-kickoff.md), [`../prompts/t1.4-vpng-consumer-kickoff.md`](../prompts/t1.4-vpng-consumer-kickoff.md). | ## Summary (milestone tasks) @@ -54,11 +54,11 @@ below; see [`msl-vsl-orchestration-kickoff.md`](msl-vsl-orchestration-kickoff.md | T0b.4 | M0b | m-stdlib + v-stdlib | 🟢 | **DONE 2026-06-15 — seam contract v1 frozen + pinned.** m-stdlib leg (branch `t0b4-freeze-seam-contract`): `v0.6.0` changelog entry freezes the (empty) seam contract as the pinnable baseline; library SemVer (git tag) and seam-contract version (manifest integer) stay separate axes (§6). Tag = `v0.6.0` **not** `v0.5.0` (master is 106 commits past the stale changelog); created locally, **push owed (user action)**. v-stdlib leg (branch `t0b4-pin-msl-seam`): `dist/msl-seam-pin.json` pins `msl_ref: v0.6.0` + the frozen `seams` copy; `tools/msl_seam_pin.py` (`make check-msl-pin`) asserts the pin vs MSL's `seam-snapshot.json` AT the tag (sibling `git show`), **SKIP-green when unreachable** (so it SKIPs in CI today; asserts at dev-time) — the network fetch-at-tag path is **deferred to T1.1**. TDD red→green proven (planted bogus seam → RED; malformed → RED; unreachable → SKIP; synced → GREEN). Both branches pushed, unmerged. | T0b.3 | | T1.1 | M1 | m-stdlib | 🟢 | **DONE 2026-06-15 — first real `@seam`.** `$$get^STDENV(env,key,default)` tagged `; doc: @seam STDENV` (minimal config-READ seam; typed accessors/`has` excluded — only what VSLCFG/T1.2 binds to `$$GET^XPAR`). Doc-only → `seams.STDENV` (contract_version 1) in `stdlib-manifest.json` + `dist/seam-snapshot.json`; **bump-forcer green** (NEW seam, absent at HEAD → no bump). `make check` (fmt+lint+STDENVTST 46/46) + `m arch check` (G1–G4+meta) green. v-stdlib pin untouched at T1.1 time. **Merged to `master` (`341cafc`) + released as MSL tag `v0.7.0`** (2026-06-15, user-requested) — `v0.7.0:dist/seam-snapshot.json` carries `seams.STDENV`, so the T1.2 boundary-① re-pin (`msl_ref`→`v0.7.0`) is now unblocked. | T0b.4 | | T1.2 | M1 | v-stdlib | 🟢 | **DONE (2026-06-16) — VSLCFGTST GREEN 3/3 on BOTH engines + all 3 boundaries green.** The harness blocker was fixed in m-cli (`docker-routines-base` `d9ee76a`: DockerEngine falls back to `${ydb_routines:-$gtmroutines}`); VSLCFGTST `0/0→3/3` on vehu (YDB) + foia-t12 (IRIS `--namespace VISTA`). **Adapter:** `VSLCFG` (first VSL* module) binds the STDENV config seam to XPAR at the SYS entity (`$$get`=`$$GET^XPAR("SYS")`, `$$set`=`EN^XPAR("SYS")`), validated live on vehu via `m vista exec`. ① `check-msl-pin` re-pinned `msl_ref`→**v0.7.0** (real STDENV); ② `check-icr` ICR #2263; ③ `check-citations` vs gold corpus (`XU/krn_8_0_dg_toolkit_ug` — plan's `XT*7.3*26` was wrong). `make check-fast` clean. **Blocker:** `m test --docker` honors `M_YDB_GBLDIR` but not `M_YDB_ROUTINES` → vehu's XPAR routines absent from `$ZROUTINES`, VSLCFGTST aborts 0/0. Fix = layer the resident routine base in the m test/m-ydb path (m-cli/m-ydb) or test-in-place `--resident`. Branch `t1.2-vslcfg` (`c46739d`), pushed. | T1.1 | -| T1.3 | M1 | v-stdlib | ⬜ | VSL KIDS base install/uninstall clean both engines | T1.2 | -| T1.4 | M1 | consumer (VPNG) | ⬜ | golden `{"greeting":"hello"}` match | T1.3 | -| T1.5 | M1 | consumer | ⬜ | **determinism ledger green, both engines (1st vertical)** | T1.4 | -| M2 | M2 | v-stdlib | ⬜ | VSLIO TLS echo both engines (R1) | T1.5 | -| M3 | M3 | v-stdlib | ⬜ | VSLFS get/set/kill + DD install | M2 | +| T1.3 | M1 | v-stdlib | 🟢 | **DONE 2026-06-16 — VSL KIDS base installs/uninstalls clean both engines.** `kids/vsl.build.json` = `VSLCFG` routine + **`VPNG GREETING` #8989.51 PARAMETER DEFINITION** (SYS, free text) + **Required Build on `MSL*0.1*1`** (action LEAVE GLOBAL; pin stays MSL v0.7.0). Normalized export committed at `dist/kids/VSL.kids` + **`make check-kids`** deterministic/golden drift gate (in `gates`; SKIP-green w/o v-pkg; roundtrip clean). **install→verify→uninstall→verify-clean GREEN on BOTH engines** over the driver (`v-pkg` standalone, vehu YDB + foia-t12 IRIS): install status 3, routine+param present; clean = both absent (exit 3). Sits on the v-pkg KRN capability (v-pkg main `2a3f273`). Required-build **posture (a)**: emitted into #9.6/MBREQ (faithful) but not enforced (direct-populate install bypasses the interactive KIDS prereq check). Branch `t1.3-vsl-kids`. | T1.2 | +| T1.4 | M1 | consumer (VPNG) | 🟢 | **DONE 2026-06-16 — golden match against the INSTALLED routine, both engines.** New repo `vpng` (github.com/vista-cloud-dev/vpng, public, layer **v**, own `VPNG` namespace; reads m-stdlib+v-stdlib, edits neither). `$$ping^VPNG()` = `$$get^VSLCFG("VPNG GREETING","hello")` → `$$encode^STDJSON` → `{"greeting":"hello"}` (waterline-clean: never touches `^XPAR`/raw JSON). TDD red-first (safe-default stub → 0/2; green → golden passes); `VPNGTST` adds a seeded-`"world"` test so green≠default fallback (it files only test-in-place, the T1.2 def gotcha). Branch `t1.4-t1.5-vpng-m1` (`1ac6b59`, pushed). | T1.3 | +| T1.5 | M1 | consumer | 🟢 | **DONE 2026-06-16 — §12.1 determinism ledger GREEN, both engines (FIRST FULL VERTICAL).** Install-once base **MSL\*0.1\*1 → VSL\*1.0\*1 → VPNG\*1.0\*1** in dependency order (Required-Build chain genuinely present), each install status 3; verify all components present; **golden `{"greeting":"hello"}` BYTE-IDENTICAL on vehu (YDB) + foia-t12 (IRIS)**; test-in-place `VPNGTST` **3/3** against the installed routines (no `--routines`); uninstall reverse + verify-clean (`installed:false`, exit 3) → engine back to pre-install. All over the driver stack (no raw docker exec). vpng `make check-fast` green (fmt/lint/arch + namespaces + check-kids + engine-access; seam/icr/citation/msl-pin N/A — thin consumer); upstream m-stdlib/v-stdlib gates unregressed. **M1 DONE.** Memory: `vpng/docs/memory/t1.4-t1.5-vpng-m1.md`. | T1.4 | +| M2 | M2 | m-stdlib + v-stdlib | 🟡 | **Lane A DONE 2026-06-16 — `STDNET` socket leaf (S4), YDB loopback echo GREEN 9/9.** The MSL half: `STDNET` portable raw-TCP API (handle-based; `listen`/`accept`/`connect`/`read`/`write`/`close` + `available`/`boundport`) over the engine-native `SOCKET` device, `@seam STDNET` (6 verbs) emitted + bump-forcer green; `@tier optional`; `m arch check` layer m / G2 clean. YottaDB-only today (single-process loopback via the GT.M collection-of-sockets device; `/WAIT` auto-accepts); IRIS soft-skips (`$$available`=0, the owed `|TCP|`+`JOB` follow-up). m-stdlib branch `m2-stdnet` **merged to `master` (`f3e1f9c`) + released as MSL tag `v0.8.0`** (`d51084b`, 2026-06-16) — `v0.8.0:dist/seam-snapshot.json` carries `seams.STDNET`. **Lane B DONE 2026-06-16 — `VSLIO` binds STDNET to VistA's device handler (outbound TCP via `CALL^%ZISTCP`, ICR #2118).** v-stdlib branch `m2-vslio` (`db3c5e0`, pushed). Re-pinned `msl_ref` v0.7.0→**v0.8.0** (first real fetch-at-tag run; check-msl-pin green, 2 seams). VSLIO exposes the CLIENT subset of STDNET's signature (`connect`/`read`/`write`/`close`) — **VistA has NO Supported listen/accept API** (corpus-confirmed; inbound = the listener-JOB pattern), so the server side stays in portable STDNET (waterline, no dup). **Acceptance over the driver: vehu (YDB) 10/10** (tier-1 `CALL^%ZISTCP` POP=0 + tier-2 byte echo via a raw STDNET listener + VSLIO client) **· foia-t12 (IRIS) 6/6** (connect-failure proves `CALL^%ZISTCP` wired on IRIS; TLS-gap green; **loopback soft-skips** — STDNET's IRIS leg is the owed m-stdlib follow-up). 3 boundaries green (① check-msl-pin@v0.8.0 ② check-icr 4 [VSLCFG #2263 + VSLIO #2118] ③ check-citations 4); `make check-fast` clean. TLS gap **loud** (`$$tlsAvailable`=0, `$$connectTls` raises `U-VSLIO-NOTLS`); **tier-3 real TLS stays infra-blocked** (no cert / `XU*8.0*787`; the gating cleanup STDNET's discoveries row tracks). KEY: the gold doc's input-var convention for `CALL^%ZISTCP` is WRONG — it's argument-passed `CALL(IP,SOCK,TO)`. No KIDS/VSLBLD (M5). Memory: `v-stdlib/docs/memory/m2-vslio.md`. **M2 functionally complete for tiers 1–2; owed: STDNET IRIS leg + tier-3 TLS.** Kickoffs: [`../prompts/m2-vslio-kickoff.md`](../prompts/m2-vslio-kickoff.md), [`../prompts/m2-lane-b-vslio-kickoff.md`](../prompts/m2-lane-b-vslio-kickoff.md). | T1.5 | +| M3 | M3 | m-stdlib + v-stdlib | 🟡 | **DONE (adapter) 2026-06-16 — the storage seam (S1) proven dual-engine.** **Lane A — `STDKV` (MSL storage leaf):** resolved design Q3 — the storage seam is a **NEW minimal MSL module** (a record store over `(coll,key,field)`), **not** a `STDFS` sub-API (STDFS stays filesystem-only). Four `$$` verbs (`set`/`get`/`exists`/`kill`), `@seam STDKV` (4 entry points, bump-forcer green), global-backed reference impl, **dual-engine GREEN 12/12** (YDB + IRIS, no `$ZVERSION` arm, byte-exact). m-stdlib branch `m3-stdkv` (`d22ff1b`) **released as MSL tag `v0.9.0`** (`497c678`) — `v0.9.0:dist/seam-snapshot.json` carries `seams.STDKV`. **Lane B — `VSLFS` binds STDKV→FileMan DBS:** `$$set`=`UPDATE^DIE` (returns resolved IENS; `"+1,"` adds), `$$get`/`$$exists`=`$$GET1^DIQ`, `$$kill`=`FILE^DIE` with FDA **`.01="@"`** (**corpus-confirmed: NO `DELETE^DIE`**; `^DIK`/direct KILL forbidden). v-stdlib branch `m3-vslfs` (`8b5839a`, pushed; **stacked on `m2-vslio`** — merge order m2→m3). Re-pinned `msl_ref` v0.8.0→**v0.9.0** (check-msl-pin green, 3 seams). **Acceptance over the driver: vehu (YDB) 7/7 · foia-t12 (IRIS) 7/7** — create→get byte-identical, exists, kill, and a **`DIERR`→`,U-VSL-FS-DIERR,` `$ECODE`** with detail in `$$lastError` (MSG_ROOT="ERR" keeps errors private). Test file = an **existing low-risk file (#8989.51**, free-text `.01`, no other required fields → safe ZZ throwaway record) — **the FileMan DD-install is decoupled and deferred to a v-pkg track**. Full v-stdlib suite **22/22**, no VSLCFG/VSLIO regression. 3 boundaries green (① check-msl-pin@v0.9.0 ② **check-icr 8** ③ **check-citations 8** vs gold corpus); `make check-fast` clean. **ICR is notional:** the FileMan DBS API has no ICR number in the gold corpus and the DBIA registry is a human-curated FORUM list, not enforced programmatically → `gen-icr.py` now accepts a notional `@icr DBS` marker (plan §5.4 amended; the gate's real invariants — Supported + no-direct-global — stay). No KIDS/VSLBLD (M5). Memory: m-stdlib `m3-stdkv-storage-seam.md`, v-stdlib `m3-vslfs.md`, shared `notional-dbia-not-a-blocker.md`. **Owed: the v-pkg FileMan-DD-install enabler (re-test with a dedicated throwaway file) + merge m2/m3.** Kickoff: [`../prompts/m3-vslfs-kickoff.md`](../prompts/m3-vslfs-kickoff.md). | M2 | | M4 | M4 | v-stdlib | ⬜ | VSLSEC bind + VSLLOG audit | M3 | | M5 | M5 | v-stdlib | ⬜ | VSLTASK self-restart + VSLBLD full install/back-out | M4 | | M6 | M6 | consumer + v-stdlib | ⬜ | VWEB FHIR GET /Patient over HTTPS, both engines | M5 | @@ -131,6 +131,8 @@ in that file. - 2026-06-16 — **T1.2 VSLCFG adapter DONE + all 3 boundaries GREEN; engine suite blocked on a harness gap (M1 vertical's first VSL* module).** v-stdlib branch `t1.2-vslcfg` (`c46739d`, pushed). **VSLCFG** (first `VSL*` routine) binds the STDENV config-read seam to VistA **XPAR** at the SYS entity — `$$get^VSLCFG(key,default)`=`$$GET^XPAR("SYS",key,1)`, `$$set^VSLCFG(key,value)`=`EN^XPAR("SYS",…)`; only the VistA binding (waterline). Round-trip + restore **validated live on vehu** via `m vista exec`. **The three determinism-ledger boundaries are GREEN (engine-free):** ① `check-msl-pin` re-pinned `dist/msl-seam-pin.json` `msl_ref` v0.6.0→**v0.7.0** (pin now carries real `seams.STDENV`, matches MSL@v0.7.0); ② `check-icr` — `$$GET^XPAR`/`EN^XPAR` declared with **ICR #2263** (Supported, custodian XU); ③ `check-citations` — both `@source XU/krn_8_0_dg_toolkit_ug#…` anchors verified vs the vdocs gold corpus. **Citation reconciled (plan was wrong):** XPAR is documented under Kernel `XU/krn_8_0_dg_toolkit_ug` / ICR #2263, NOT `XT/ktk7_3p26sp` / `XT*7.3*26`. `make check-fast` clean (fmt/lint/arch + 6 gates). **KEYSTONE UNBLOCK:** the m-ydb docker transport reaches vehu but with an empty `$ZGBLDIR` by default → VistA globals invisible; fixed via `M_YDB_GBLDIR=/home/vehu/g/vehu.gld` + `M_YDB_ROUTINES=` (the `v pkg` knobs; see m-ydb memory `m-ydb-docker-gbldir`) → `m vista exec` sees 1211 XPAR defs and resolves `$$GET^XPAR`. **REMAINING BLOCKER (engine-bound green):** `m test --docker vehu` honors `M_YDB_GBLDIR` (globals visible) but **NOT `M_YDB_ROUTINES`** — it stages routines into a clean `$ZROUTINES` that drops vehu's resident VistA routines, so `$$GET^XPAR`/`EN^XPAR` don't resolve and `VSLCFGTST` aborts **0/0** (the driver *exec* path layers the base; the *test* staging path doesn't). **Next = a small m-cli/m-ydb fix** to layer `$ZROUTINES = ` for the test path (mirrors the m-ydb `$ZGBLDIR` fix; unblocks ALL VistA-dependent VSL testing), or test-in-place via `m test --resident` against KIDS-installed routines (§12.1). VSLCFGTST is written + correct; it goes red→green unchanged once XPAR resolves under the harness. Per-repo memory: `v-stdlib/docs/memory/t1.2-vslcfg.md`; detail in `v-stdlib/docs/plans/t1.2-vslcfg-design.md`. - 2026-06-16 — **T1.2 DONE — VSLCFGTST GREEN 3/3 on BOTH engines (the harness blocker fixed in m-cli); M1 vertical's first VSL* module complete.** The spike ([`../prompts/t1.2-harness-routine-base-spike.md`](../prompts/t1.2-harness-routine-base-spike.md)) found the routine-base drop was in **m-cli's internal DockerEngine** (`m test --docker`), NOT the m-ydb driver: `DockerRunner` exported `ydb_routines=" $ydb_routines"`, but a GT.M VistA (`vehu`) sets `gtmroutines` not `ydb_routines`, so the export went stageDir-only and (GT.M honors `ydb_routines` over `gtmroutines`) vehu's resident XPAR/FileMan routines vanished → suite aborted **0/0**. **Fix (m-cli `docker-routines-base` `d9ee76a`, pushed):** extract `dockerEnvPrefix` + fall back to `${ydb_routines:-$gtmroutines}`; TDD red→green table test; m-test-engine regression green; `make lint`+`go test ./...` clean. **Acceptance gate met: `VSLCFGTST` `0/0→3/3` GREEN on `vehu` (YDB) AND `foia-t12` (IRIS `--namespace VISTA`)** via the driver stack — no `M_YDB_*` host vars needed (the container `bash -l` env supplies `gtmgbldir`+`gtmroutines`; IRIS needed no change — namespace-resident routines). The three determinism boundaries stay green (re-pin MSL v0.7.0 / `check-icr` #2263 / `check-citations`). v-stdlib `t1.2-vslcfg` `e1f1aa8`; m-cli `docker-routines-base` `d9ee76a`; both pushed, unmerged. **Unblocks ALL VistA-dependent `VSL*TST` testing over `m test --docker`** (T1.3 VSL KIDS base, T1.4 VPNG, …). Memories: m-cli `docker-routines-gtmroutines-fallback`, v-stdlib `t1.2-vslcfg`. **Next: T1.3** (VSL KIDS base — `VSL*` + the PARAMETER DEFINITION component, install/uninstall clean both engines). +- 2026-06-16 — **T1.3 DONE — VSL KIDS base installs/uninstalls clean on BOTH engines (M1 vertical's installable VSL layer).** v-stdlib branch `t1.3-vsl-kids`. Packaged the VSL layer as `kids/vsl.build.json` = **`VSLCFG` routine + a `VPNG GREETING` #8989.51 PARAMETER DEFINITION** (SYS entity 4.2, free text) **+ a Required Build on `MSL*0.1*1`** (action `DON'T INSTALL, LEAVE GLOBAL`; MSL base name read from `m-stdlib/kids/std.build.json`; **pin stays MSL v0.7.0**, no new tag). Built the **normalized export** with the **KRN-capable v-pkg standalone** (built from v-pkg `main` `2a3f273`, which merged the #8989.51 KRN-component + Required-Build capability) → `routines:1 paramDefs:1 requiredBuilds:1`, committed at `dist/kids/VSL.kids`; wired **`make kids`/`make check-kids`** (deterministic build twice → byte-identical + golden diff vs committed; SKIP-green when v-pkg absent, mirroring `check-citations`) into the `gates` aggregate; `v-pkg roundtrip` clean (54 pairs). **Acceptance gate met: install→verify→uninstall→verify-clean GREEN on BOTH engines OVER THE DRIVER** (`v-pkg`, not `m test`): **vehu** (YDB, `--engine ydb --transport docker` + `M_YDB_GBLDIR`/`M_YDB_ROUTINES`) and **foia-t12** (IRIS, `--engine iris --transport docker` + `M_IRIS_CONTAINER=foia-t12 M_IRIS_NAMESPACE=VISTA M_IRIS_IRIS_INSTANCE=IRIS`) — install reports `installed:true status:3`, verify reports `routines.VSLCFG:true` + `params."VPNG GREETING":true`, uninstall `uninstalled:true`, verify-clean `installed:false` (routine+param both false, exit 3). **Decisions:** (1) param NAME = **`VPNG GREETING`** (the consumer's name; matches VSLCFG.m's committed doc example + its default `"hello"` → T1.4's golden `{"greeting":"hello"}`), NOT the kickoff's illustrative "VSL GREETING"; T1.3 installs the **empty DEFINITION only** (T1.4 seeds/reads the value). (2) Required-build **posture (a)** — the Required Build is **emitted** into #9.6/MBREQ (faithful drift-gated artifact) but **NOT enforced** at install: v-pkg's direct-populate install bypasses the interactive KIDS LOAD where the prereq check fires; the faithful "install-once base" ordering (posture (b), install MSL base first) is deferred (relevant to T1.4/T1.5 test-in-place). `make check-fast` green (fmt/lint/arch + all 7 drift gates incl. check-kids); T1.2's three determinism boundaries unregressed; VSLCFG.m/VSLCFGTST.m untouched. Memory: `v-stdlib/docs/memory/t1.3-vsl-kids.md`. **Next: T1.4** (`VPNG` consumer — `$$ping^VPNG()`==`{"greeting":"hello"}`, KIDS Requires the VSL base) → T1.5 (M1 exit gate, determinism ledger byte-identical both engines). +- 2026-06-16 — **T1.4 + T1.5 DONE — M1 COMPLETE: the first full vertical `STDENV→VSLCFG→VPNG` is proven byte-identical on both engines.** New repo **`vpng`** (github.com/vista-cloud-dev/vpng, public, layer **v**, own `VPNG` namespace; branch `t1.4-t1.5-vpng-m1` `1ac6b59`, pushed). Reads m-stdlib + v-stdlib (stages src / installs their KIDS bases), **edits neither**. **VPNG** (one routine): `$$ping^VPNG()` = `$$get^VSLCFG("VPNG GREETING","hello")` → `$$encode^STDJSON(.root)` → `{"greeting":"hello"}` — waterline-clean (it calls the VSL adapter + the MSL encoder; never touches `^XPAR` or hand-builds JSON). TDD red-first (safe-default stub → `0/2`; green → golden passes). **`VPNGTST` seeds a distinct `"world"`** (not just the default) so green≠default fallback — and that seeded read only **files test-in-place** (the VSL base installs the `#8989.51` def; a hand-built def won't FILE — the T1.2 gotcha). **T1.5 = the §12.1 determinism ledger, install-once base, both engines:** install **`MSL*0.1*1` → `VSL*1.0*1` → `VPNG*1.0*1`** in dependency order (Required-Build chain genuinely present), each `status:3`; verify all components present; **golden `{"greeting":"hello"}` BYTE-IDENTICAL on vehu (YDB) + foia-t12 (IRIS)** via `m vista exec`; **test-in-place `VPNGTST` 3/3** against the installed routines (NO `--routines` staging) both engines; **uninstall reverse VPNG→VSL→MSL + verify-clean** (`installed:false`, exit 3) → engine back to pre-install. All over the driver stack (`v-pkg` + `m vista exec` + `m test --docker`; no raw docker exec). **Gates (thin consumer):** `make check-fast` = fmt/lint + `m arch check` (layer v) + `check-namespaces` (VPNG prefix) + `check-kids` (`dist/kids/VPNG.kids` deterministic + golden; `v-pkg roundtrip` clean, 29 pairs) + `check-engine-access`; seam/icr/citation/msl-pin gates **N/A** (no `@seam`, no direct L4 call). Upstream v-stdlib/m-stdlib gates re-run green (unregressed). **Gotchas captured** (vpng memory): `m test` needs explicit `--routines src` (no auto-stage) but test-in-place uses **none**; `m test` uses `--docker`/`--namespace` (internal DockerEngine) while `v-pkg`/`m vista exec` use `--transport docker` + `M_*` driver env (two engine paths — don't cross flags); `v-pkg verify` on a clean engine prints two JSON objects (data + exit-3 envelope). Memory: `vpng/docs/memory/t1.4-t1.5-vpng-m1.md`. **M1 DONE — next is M2** (VSLIO TLS echo; the per-seam horizontal build-out, §12.2). Kickoff: [`../prompts/t1.4-vpng-consumer-kickoff.md`](../prompts/t1.4-vpng-consumer-kickoff.md). ---