Purpose. Assert the row-by-row mapping from the canonical μ surface
(s14 + integrity.md) to the slice IDs the staging prompt will define.
Step 5 (verification) re-derives this mapping and asserts no spec orphan
6-month sliding window over parameter_changes(domain); 8% WARN at 800bps cumulative, 10% HARD BLOCK at 1000bps; per-AX-invariant regression check against AX-01–AX-07
P4.2.3
1.2 Advisory record envelope
Spec source
Surface
Slice
s14 §Output line 32–34 + integrity.md §Advisory record schema lines 133–144
integrity.md §Phase 0 posture line 168 (“Schema for mcp_advisories table exists as a stub but is never written”) + §Phase 4 scope line 174 (“writing to an integrity_advisories table”)
SQLite migration; mcp_advisories table with full envelope columns; append-only (AX-01); dedup by decision_hash; index on (role, check, severity, timestamp_logical)
P4.5.1
1.6 MCP tool surface
Spec source
Surface
Slice
integrity.md §Phase 4 scope line 174 (“Three detection jobs … writing to an integrity_advisories table”) + s14 §Output ({check, result, severity, ...} envelope IS the tool return shape)
At least 4 MCP tools: integrity_check_now, integrity_status, integrity_history, integrity_invariants_list; Zod v3.23 schemas matching the envelope; MCP surface 23 → 27+
Multi-state simulation harness; default corpus with ≥4 scenarios (1 known cycle, 1 coercion trap, 1 drift-at-8%, 1 drift-at-10%); determinism over seed
P4.7.1
1.8 Fork hook subscriber
Spec source
Surface
Slice
θ P3.9.1 ForkHookRegistry (src/domains/consensus/fork-hook.ts, #245) + integrity.md §Phase 4 scope line 174 + concept reference to §Interaction with ι
Subscribe μ to θ’s ForkHookRegistry; on fork-trigger event, run a post-fork invariant sweep (D3 axiom-regression over the divergent merkle_roots); fire advisory at HIGH if any invariant regresses
Lamport timestamp_logical instead of wall-clock; canonical-serialize-then-hash (κ P1.5.4 reuse); bigint arithmetic; no RNG except VRF (μ never uses RNG, even VRF — μ is observational)
All slices (enforced via design-invariant list in §intro)
2. Surface-orphan check (preliminary)
Every line of the μ surface above is mapped to one of P4.1.1, P4.2.1, P4.2.2,
P4.2.3, P4.3.1, P4.4.1, P4.5.1, P4.6.1, P4.7.1, P4.8.1 — 10 slices total.
Slice-without-spec check: every slice ID above cites at least one of:
{s14 §X, integrity.md §Y, task-breakdown.md §P4.Z, roadmap.md §Phase 4,
κ/λ/θ precedent}. Zero free-floating slices.
3. Wave structure assertion
The 10 slices form a 4-wave DAG:
Wave
Slices
Parallelism
Gate
1
P4.1.1
solo (gates everything)
T0 confirms Phase 4 dispatch
2
P4.2.1, P4.2.2, P4.2.3
3-parallel (detectors are independent)
post-P4.1.1
3
P4.3.1, P4.4.1, P4.5.1
3-parallel (role adapters + escalation + persistence are independent)
post-Wave 2
4
P4.6.1, P4.7.1, P4.8.1
3-parallel (tools + parity + fork-hook all consume Wave 1+2+3)
post-Wave 3
P4.1.1 (envelope) gates everything: every detector returns an envelope;
every escalation consumes one; every MCP tool serializes one. The 3 detectors
fan out in Wave 2 (independent file targets — circular-logic.ts,
coercion-trap.ts, axiom-drift.ts). Wave 3 fans out the role+escalation+
persistence (independent files: advisory-roles.ts, escalation.ts,
migration NN + repository.ts). Wave 4 is the close wave.
4. Design invariants (every slice MUST preserve)
No src/ mutation in R91 itself — this is the staging meta PR; first
src/ mutation lands when P4.1.1 dispatches in some R94+ post-T0
confirmation.
Pure functions only — detectors are observational; no I/O, no clock,
no RNG. Same arithmetic discipline as κ (bigint) + λ (BPS) + θ (canonical).
Lamport timestamp_logical — never Date.now() in detector or
advisory output. Inherits θ design invariant 2.
Canonical serialization for hash — reuse κ P1.5.4 canonical for any
decision_hash input; matches θ’s pattern (reuse, not duplicate).
Append-only persistence — mcp_advisories schema is INSERT-only per
AX-01; dedup by decision_hash (NOT by UPDATE).
Read-only roles — Translator/Sentinel/Guide may NEVER mutate state;
only emit advisories. Enforced via TypeScript readonly modifiers + no
db.run in the role adapter.
Advisory ≠ enforcement — μ records advisories; it never executes
denials directly. The escalation FSM emits a typed event; α (tool-lock)
and π (proposal intake) consume the event and execute denial. μ
produces signals; other axes act on them.
HARD BLOCK is owned by α — μ flags + records an HIGH-severity
advisory; the tool-lock middleware reads the advisory and denies.
tool-lock itself is in src/domains/rules/tool-lock-adapter.ts (P1.4.4,
shipped #220). The Phase 4 work is to flag via an event the adapter
already reads.
AX-invariant regression check is per-AX, not aggregate — D3 must
distinguish “cumulative drift” (sliding window) from “would-regress-AX-N”
(per-axiom semantics check). These are two different code paths.
No new npm deps — μ ships in TypeScript only; no integrity-specific
libraries.
5. Staging-specific contract (this PR, not Phase 4 itself)
Status frontmatter on the prompt file: status: staged (NOT ready).
Dispatch is gated on T0 confirmation. The κ/λ/θ frontmatter graduations
in their respective concept docs and task-breakdown.md numbers are
NOT touched. The μ concept doc stays colibri_code: none.