feat(core): add runtime support v0 boundary

[flyingrobots]

Summary

• add RuntimeSupport v0 as the next optic admission ladder gate after resolved basis, aperture, and budget
• record Echo-owned runtime support fixture facts by registered requirements digest
• add InvocationAdmissionUnavailable as the terminal obstruction after runtime support resolves
• update checkpoint docs and changelog to keep the ladder obstruction-only and caller-support-free

Tests

• cargo test -p warp-core --test causal_fact_publication_tests
• cargo test -p warp-core --test optic_invocation_admission_tests
• cargo test -p warp-core
• cargo check
• cargo fmt --check
• git diff --check
• pnpm exec markdownlint-cli2 CHANGELOG.md docs/design/optic-admission-ladder-checkpoint.md
• pre-push gate: fmt, guards, clippy-core, tests-warp-core, rustdoc

Summary by CodeRabbit

• New Features

  • Invocation admission now enforces a Runtime Support v0 checkpoint; invocations without required runtime support are refused.
  • Runtime-support evidence can be recorded only via trusted/owned artifact handles; mismatched artifact requirements are rejected.

• Bug Fixes

  • Fixed descriptor verification so artifact requirement digests are validated on registration.

• Tests

  • Added regression tests covering runtime-support recording, admission ordering, and rejection scenarios.

• Documentation

  • Updated design docs to reflect the Runtime Support v0 checkpoint and evaluation order.

[coderabbitai]

Warning

Rate limit exceeded

@flyingrobots has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 28 minutes and 32 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0403fe19-d166-4c1d-abac-130a5fae018a

📥 Commits

Reviewing files that changed from the base of the PR and between 6077a71 and bf55bbf.

📒 Files selected for processing (4)

• CHANGELOG.md
• crates/warp-core/src/optic_artifact.rs
• crates/warp-core/tests/causal_fact_publication_tests.rs
• docs/design/optic-admission-ladder-checkpoint.md

📝 Walkthrough

Walkthrough

This PR introduces a RuntimeSupport v0 boundary for optic invocation admission in warp-core: after basis/aperture/budget resolution the registry requires Echo-owned runtime-support facts keyed by artifact requirements digest, publishes RuntimeSupportRecorded facts when recorded, and maps missing vs recorded support to RuntimeSupportUnavailable or InvocationAdmissionUnavailable obstructions.

Changes

RuntimeSupport v0 Boundary Implementation

Layer / File(s)	Summary
Core type and fact definitions crates/warp-core/src/causal_facts.rs	Adds InvocationAdmissionUnavailable obstruction label and GraphFact::RuntimeSupportRecorded { requirements_digest, support_digest } with deterministic digest computation (variant = "runtime-support-recorded").
Registry constants and storage crates/warp-core/src/optic_artifact.rs	Adds v0 runtime-support fixture bytes/digest constants and runtime_support_v0_by_requirements map plus helper to compute expected fixture digest.
Recording API and fact publication crates/warp-core/src/optic_artifact.rs	Adds OpticArtifactRegistry::record_runtime_support_v0_fixture_for_artifact(handle) which resolves handle→requirements_digest, stores computed support digest keyed by requirements_digest, and publishes GraphFact::RuntimeSupportRecorded.
Admission integration and obstruction mapping crates/warp-core/src/optic_artifact.rs	After basis/aperture/budget v0 checks, admission consults recorded runtime support via resolve_runtime_support_v0_for_requirements; missing/mismatching evidence yields RuntimeSupportUnavailable or InvocationAdmissionUnavailable. invocation_obstruction_kind mapping extended accordingly.
Descriptor verification fix crates/warp-core/src/optic_artifact.rs	Corrects descriptor verification to compare artifact.requirements.digest against expected artifact.requirements_digest.
Graph fact publication regression tests crates/warp-core/tests/causal_fact_publication_tests.rs	Adds tests that recording runtime support publishes GraphFact::RuntimeSupportRecorded for registered artifacts, rejects unknown handles with UnknownHandle, and extends digest-determinism tests to include the new fact variant.
Admission pipeline behavior tests crates/warp-core/tests/optic_invocation_admission_tests.rs	Renames clarity tests and adds new tests ensuring runtime-support is checked after budget resolution, only Echo-issued fixtures resolve, caller-supplied runtime support is not accepted, and invocations remain obstructed with InvocationAdmissionUnavailable while published facts are limited to registered artifacts, runtime-support-recorded, and obstruction facts.
Artifact registry regression tests crates/warp-core/tests/optic_artifact_registry_tests.rs	Adds test that rejects artifacts when stored requirements digest mismatches declared requirements digest and asserts no artifacts/receipts/runtime-support facts are published.
Design documentation and changelog CHANGELOG.md, docs/design/optic-admission-ladder-checkpoint.md	Documents RuntimeSupport v0 as the runtime boundary after budget resolution, adds RuntimeSupportUnavailable and InvocationAdmissionUnavailable sequencing, clarifies Echo-owned evidence scoping and tripwire conditions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• flyingrobots/echo#344: Overlaps on requirements digest handling and how artifact requirements digests are imported/stored.
• flyingrobots/echo#331: Shares changes to the optic invocation admission flow and foundational obstruction enum used here.
• flyingrobots/echo#351: Modifies the same admission pipeline (admit_optic_invocation_with_capability_validator) that this PR further extends with runtime-support checks.

Poem

Runtime support, a guarded key,
Echo keeps the ledger tight,
After budgets, checks decree,
Facts recorded set the light.
Invocation waits at night.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(core): add runtime support v0 boundary' directly and clearly describes the main change: introducing RuntimeSupport v0 as the next optic admission ladder gate after basis, aperture, and budget resolution.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch stack/runtime-support-v0-boundary

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[flyingrobots]

@codex please confirm these self-review findings before merge.

Severity	File / Lines	Type	Finding	Recommended mitigation prompt
P2	crates/warp-core/src/optic_artifact.rs:1097-1111; crates/warp-core/src/lib.rs:256-265; crates/warp-core/tests/causal_fact_publication_tests.rs:116-139	Authority boundary / API truth	OpticArtifactRegistry::record_runtime_support_v0_fixture_for_requirements(...) is public through the re-exported registry and accepts any String digest. The docs call this evidence for a registered requirements digest, but the method does not prove the digest belongs to a registered artifact/handle and cannot fail. This leaves RuntimeSupport v0 fact authority at convention level and lets arbitrary code with a mutable registry mint RuntimeSupportRecorded facts for unknown or future digests.	"Tighten RuntimeSupport v0 fact recording so support is recorded only for Echo-registered requirements. Prefer a handle/registered-artifact based API, e.g. record_runtime_support_v0_fixture_for_artifact(&OpticArtifactHandle) -> Result<..., OpticArtifactRegistrationError>, and add a regression proving unknown/unregistered requirements cannot publish RuntimeSupportRecorded or satisfy admission."
P4	docs/design/optic-admission-ladder-checkpoint.md:159-162	Documentation consistency	The BudgetResolution v0 section still says the only lawful next refusal in this slice is RuntimeSupportUnavailable. After this PR, that is false when Echo-owned RuntimeSupport v0 resolves; the current terminal refusal is then InvocationAdmissionUnavailable.	"Update the BudgetResolution v0 paragraph to say the next boundary is RuntimeSupport v0: absent support obstructs at RuntimeSupportUnavailable; resolved support advances to InvocationAdmissionUnavailable."

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 19895005bf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[flyingrobots]

Resolved the self-review findings.

Finding	Severity	Resolution	Commit
Stale BudgetResolution checkpoint sentence said the only next refusal was RuntimeSupportUnavailable.	P4	Updated the checkpoint to name RuntimeSupport v0 as the next boundary and to distinguish absent support from resolved support advancing to InvocationAdmissionUnavailable.	aba27f3
RuntimeSupport v0 fixture recording accepted a free-form requirements digest.	P2	Replaced the public free-form recorder with handle-scoped record_runtime_support_v0_fixture_for_artifact(...), which resolves Echo-issued artifact handles before recording support. Added regression coverage that an unknown handle cannot publish RuntimeSupportRecorded.	e87d891

Validation:

• RED: cargo test -p warp-core --test causal_fact_publication_tests runtime_support_v0_fixture_does_not_publish_for_unregistered_requirements failed before the fix with left: 2, right: 1.
• GREEN: cargo test -p warp-core --test causal_fact_publication_tests runtime_support_v0_fixture_rejects_unknown_handle_without_graph_fact
• GREEN: cargo test -p warp-core --test causal_fact_publication_tests
• GREEN: cargo test -p warp-core --test optic_invocation_admission_tests
• GREEN: cargo test -p warp-core
• GREEN: cargo check
• GREEN: cargo fmt --check
• GREEN: pnpm exec markdownlint-cli2 CHANGELOG.md docs/design/optic-admission-ladder-checkpoint.md
• GREEN: git diff --check
• Push gate passed: fmt, guards, clippy-core, tests-warp-core, rustdoc.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/warp-core/src/optic_artifact.rs`:
- Around line 1097-1128: The current flow validates handles in
record_runtime_support_v0_fixture_for_artifact then unconditionally calls
record_runtime_support_v0_fixture_for_requirements_digest which inserts into
runtime_support_v0_by_requirements and always calls
publish_runtime_support_recorded_fact, causing duplicate RuntimeSupportRecorded
facts when multiple artifacts share a requirements_digest; to fix, make
record_runtime_support_v0_fixture_for_requirements_digest check whether
runtime_support_v0_by_requirements already contains the requirements_digest (or
the same support_digest) and only call publish_runtime_support_recorded_fact
when inserting a new mapping, leaving
record_runtime_support_v0_fixture_for_artifact and
runtime_support_v0_fixture_digest unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: ffaf3ad5-f37f-4371-9d1c-8a6cb4616017

📥 Commits

Reviewing files that changed from the base of the PR and between 4b663dd and e87d891.

📒 Files selected for processing (6)

• CHANGELOG.md
• crates/warp-core/src/causal_facts.rs
• crates/warp-core/src/optic_artifact.rs
• crates/warp-core/tests/causal_fact_publication_tests.rs
• crates/warp-core/tests/optic_invocation_admission_tests.rs
• docs/design/optic-admission-ladder-checkpoint.md

[flyingrobots]

@codex please confirm this remaining self-review finding before merge.

Severity	File / Lines	Type	Finding	Recommended mitigation prompt
P2	crates/warp-core/src/optic_artifact.rs:66-72; crates/warp-core/src/optic_artifact.rs:84-89; crates/warp-core/src/optic_artifact.rs:124-127; crates/warp-core/src/optic_artifact.rs:1097-1116; crates/warp-core/src/optic_artifact.rs:1403-1415	Digest consistency / runtime-support authority	RuntimeSupport v0 now records support against RegisteredOpticArtifact::requirements_digest, but artifact registration only verifies descriptor.requirements_digest == artifact.requirements_digest. It does not verify that the stored artifact.requirements.digest matches that same digest. That means Echo can register and later support an artifact whose advertised requirements digest is A while the stored opaque requirements material claims digest B. The new support fact then proves support for the registered label, not necessarily the actual stored requirements payload.	"Add a registration invariant that artifact.requirements.digest == artifact.requirements_digest and reject mismatches as RequirementsDigestMismatch. Add a RED test with matching descriptor/top-level artifact digest but mismatched inner OpticAdmissionRequirements::digest, then prove registration rejects and no RuntimeSupportRecorded fact can be published for that artifact."

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e87d891a4b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[flyingrobots]

Resolved the remaining self-review finding.

Finding	Severity	Resolution	Commit
Registration did not bind OpticAdmissionRequirements::digest to OpticArtifact::requirements_digest, while RuntimeSupport v0 records support by registered requirements digest.	P2	Added a registration invariant that rejects artifacts whose stored requirements digest disagrees with the artifact requirements digest, returning RequirementsDigestMismatch. Added regression coverage that the malformed artifact fails registration and cannot publish RuntimeSupportRecorded. Updated the checkpoint doc and changelog to record the invariant.	6077a71

Validation:

• RED: cargo test -p warp-core --test optic_artifact_registry_tests optic_artifact_registry_rejects_mismatched_stored_requirements_digest failed before the fix with expected registration error.
• GREEN: cargo test -p warp-core --test optic_artifact_registry_tests optic_artifact_registry_rejects_mismatched_stored_requirements_digest
• GREEN: cargo test -p warp-core --test optic_artifact_registry_tests
• GREEN: cargo test -p warp-core --test causal_fact_publication_tests
• GREEN: cargo test -p warp-core --test optic_invocation_admission_tests
• GREEN: cargo check
• GREEN: cargo fmt --check
• GREEN: pnpm exec markdownlint-cli2 CHANGELOG.md docs/design/optic-admission-ladder-checkpoint.md
• GREEN: git diff --check
• Push gate passed: fmt, guards, clippy-core, tests-warp-core, rustdoc.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/warp-core/src/optic_artifact.rs`:
- Around line 1299-1315: The equality branch in
resolve_runtime_support_v0_for_requirements is unreachable because
record_runtime_support_v0_fixture_for_requirements_digest only ever stores
runtime_support_v0_fixture_digest(); fix by simplifying the logic in
resolve_runtime_support_v0_for_requirements: if
self.runtime_support_v0_by_requirements.get(requirements_digest) returns
Some(_), return None immediately (remove the ==
runtime_support_v0_fixture_digest() check and the unreachable
RuntimeSupportUnavailable branch), or alternatively keep the check but add a
clear comment above the comparison explaining it is defensive for future
multi-version support and reference
record_runtime_support_v0_fixture_for_requirements_digest so reviewers
understand intent.

In `@crates/warp-core/tests/optic_artifact_registry_tests.rs`:
- Around line 148-151: The test currently only ensures no
GraphFact::RuntimeSupportRecorded was published; instead assert that
registry.published_graph_facts() is entirely empty to block any fact emission on
failed registration—replace the existing assertion using
published_graph_facts().iter().all(...) with a direct emptiness check (e.g.,
assert!(registry.published_graph_facts().is_empty())) so no other fact types can
be emitted; reference the registry variable and its published_graph_facts()
method and remove the GraphFact::RuntimeSupportRecorded pattern-based check.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 155f99ba-240c-442c-a67d-ed7f3976288b

📥 Commits

Reviewing files that changed from the base of the PR and between e87d891 and 6077a71.

📒 Files selected for processing (4)

• CHANGELOG.md
• crates/warp-core/src/optic_artifact.rs
• crates/warp-core/tests/optic_artifact_registry_tests.rs
• docs/design/optic-admission-ladder-checkpoint.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Strengthen side-effect assertion to block any fact publication on failed registration.

This currently only forbids GraphFact::RuntimeSupportRecorded. If another fact type is accidentally emitted on failure, the test still passes. Assert the publication log is empty to enforce the invariant.

Suggested diff

-    assert!(registry
-        .published_graph_facts()
-        .iter()
-        .all(|published| !matches!(published.fact, GraphFact::RuntimeSupportRecorded { .. })));
+    assert!(registry.published_graph_facts().is_empty());

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	assert!(registry
	.published_graph_facts()
	.iter()
	.all(|published| !matches!(published.fact, GraphFact::RuntimeSupportRecorded { .. })));
	assert!(registry.published_graph_facts().is_empty());

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/warp-core/tests/optic_artifact_registry_tests.rs` around lines 148 -
151, The test currently only ensures no GraphFact::RuntimeSupportRecorded was
published; instead assert that registry.published_graph_facts() is entirely
empty to block any fact emission on failed registration—replace the existing
assertion using published_graph_facts().iter().all(...) with a direct emptiness
check (e.g., assert!(registry.published_graph_facts().is_empty())) so no other
fact types can be emitted; reference the registry variable and its
published_graph_facts() method and remove the GraphFact::RuntimeSupportRecorded
pattern-based check.

[flyingrobots]

@coderabbitai Thanks! This appears to be a misalignment with the refusal-evidence invariant. Failed artifact registration is intentionally allowed to publish GraphFact::ArtifactRegistrationObstructed while issuing no registration receipt: see crates/warp-core/src/optic_artifact.rs:1465, and the existing regression artifact_registration_obstruction_publishes_graph_fact_without_receipt at crates/warp-core/tests/causal_fact_publication_tests.rs:83. The design checkpoint also states that refusal is causal evidence, not admission, at docs/design/optic-admission-ladder-checkpoint.md:30. The narrower invariant for this test is therefore correct: the malformed registration must not publish RuntimeSupportRecorded, but an obstruction fact remains lawful.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@flyingrobots: Confirmed — the distinction is clear. GraphFact::ArtifactRegistrationObstructed is refusal evidence and is lawful to publish on a failed registration path; GraphFact::RuntimeSupportRecorded is support evidence and is only lawful after a successful registration. The test's invariant is correctly scoped to the latter. The concern was a misalignment on my end.

---

✏️ Learnings added

Learnt from: flyingrobots
URL: https://github.com/flyingrobots/echo/pull/354

Timestamp: 2026-05-19T02:41:06.531Z
Learning: In `warp-core` (`crates/warp-core/src/optic_artifact.rs`), failed artifact registration is intentionally allowed to publish `GraphFact::ArtifactRegistrationObstructed` (line 1465) without issuing a registration receipt. The design invariant — stated at `docs/design/optic-admission-ladder-checkpoint.md:30` — is that refusal is causal evidence, not admission. The regression `artifact_registration_obstruction_publishes_graph_fact_without_receipt` (`crates/warp-core/tests/causal_fact_publication_tests.rs:83`) enforces this. When reviewing tests for malformed registrations, do not flag the publication of `ArtifactRegistrationObstructed` as incorrect; the narrower invariant is that support/admission facts (e.g. `GraphFact::RuntimeSupportRecorded`) must NOT be published for failed registrations.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[flyingrobots]

@coderabbitai review please 🥕

[flyingrobots]

Issue	Severity	First reported	Addressed by	Regression coverage	Outcome
Require registered artifact when recording RuntimeSupport v0.	P2	chatgpt-codex-connector in PRRC_kwDOQH8Wr87CInf2	e87d891	runtime_support_v0_fixture_rejects_unknown_handle_without_graph_fact; cargo test -p warp-core --test causal_fact_publication_tests	Resolved
Correct BudgetResolution terminal-refusal wording.	P3	chatgpt-codex-connector in PRRC_kwDOQH8Wr87CInf9	aba27f3	pnpm exec markdownlint-cli2 CHANGELOG.md docs/design/optic-admission-ladder-checkpoint.md	Resolved
Reject mismatched stored requirements digests.	P2	chatgpt-codex-connector in PRRC_kwDOQH8Wr87Cf21b	6077a71	optic_artifact_registry_rejects_mismatched_stored_requirements_digest; cargo test -p warp-core --test optic_artifact_registry_tests	Resolved
Avoid duplicate RuntimeSupportRecorded facts for the same requirements digest.	P4	coderabbitai in PRRC_kwDOQH8Wr87CJIJp	bf55bbf	runtime_support_v0_fixture_publishes_once_per_requirements_digest; cargo test -p warp-core --test causal_fact_publication_tests	Resolved
Remove unreachable RuntimeSupport v0 mismatch branch.	P5	coderabbitai in PRRC_kwDOQH8Wr87CgXg2	bf55bbf	runtime_support_v0_resolves_only_echo_owned_fixture; cargo test -p warp-core --test optic_invocation_admission_tests	Resolved
Require empty publication log on failed registration.	P4	coderabbitai in PRRC_kwDOQH8Wr87CgXg6	N/A	Existing invariant: artifact_registration_obstruction_publishes_graph_fact_without_receipt; cargo test -p warp-core --test causal_fact_publication_tests	Flagged False Positive

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read the key changed source files
echo "=== causal_facts.rs (RuntimeSupportRecorded + InvocationAdmissionUnavailable) ==="
rg -n "RuntimeSupportRecorded|InvocationAdmissionUnavailable|runtime-support-recorded|invocation-admission-unavailable" --type rust -A 4 -B 2

echo ""
echo "=== optic_artifact.rs: registration invariant (RequirementsDigestMismatch) ==="
rg -n "RequirementsDigestMismatch|requirements\.digest|requirements_digest" --type rust -A 3 -B 3 crates/warp-core/src/optic_artifact.rs | head -120

echo ""
echo "=== optic_artifact.rs: handle-scoped recorder ==="
rg -n "record_runtime_support_v0_fixture_for_artifact\|record_runtime_support_v0_fixture_for_requirements\|runtime_support_v0_by_requirements\|runtime_support_v0_fixture_digest\|publish_runtime_support_recorded_fact\|resolve_runtime_support_v0_for_requirements" --type rust -A 10 -B 2 crates/warp-core/src/optic_artifact.rs | head -200

echo ""
echo "=== optic_artifact.rs: admit_optic_invocation runtime support path ==="
rg -n "RuntimeSupportUnavailable\|InvocationAdmissionUnavailable\|resolve_runtime_support_v0" --type rust -A 5 -B 3 crates/warp-core/src/optic_artifact.rs | head -100

echo ""
echo "=== optic_artifact.rs: invocation_obstruction_kind mapping ==="
rg -n "invocation_obstruction_kind\|InvocationAdmissionUnavailable\|RuntimeSupportUnavailable" --type rust -A 3 -B 3 crates/warp-core/src/optic_artifact.rs | head -80

echo ""
echo "=== runtime_support_v0_fixture_digest helper ==="
rg -n "runtime_support_v0_fixture_digest\|RUNTIME_SUPPORT_V0\|runtime.support.fixture" --type rust -A 8 -B 2 crates/warp-core/src/optic_artifact.rs | head -60

echo ""
echo "=== GraphFact::digest for RuntimeSupportRecorded ==="
cat crates/warp-core/src/causal_facts.rs | head -200

Length of output: 26253

---

🏁 Script executed:

#!/bin/bash
echo "=== optic_artifact.rs: handle-scoped recorder and runtime support helpers ==="
rg -n "record_runtime_support|runtime_support_v0|publish_runtime_support|resolve_runtime_support" --type rust -A 15 -B 3 crates/warp-core/src/optic_artifact.rs | head -250

echo ""
echo "=== optic_artifact.rs: registration invariant — requirements.digest check ==="
# Look at the artifact registration function body
rg -n "register_optic_artifact\|fn register" --type rust -A 3 -B 1 crates/warp-core/src/optic_artifact.rs | head -60

echo ""
echo "=== optic_artifact.rs lines 1380-1430 (registration + invariant) ==="
sed -n '1380,1430p' crates/warp-core/src/optic_artifact.rs

echo ""
echo "=== optic_artifact.rs lines 1420-1510 (registration body + RuntimeSupportRecorded publisher) ==="
sed -n '1420,1510p' crates/warp-core/src/optic_artifact.rs

echo ""
echo "=== optic_artifact.rs admission ladder: runtime support gate ==="
sed -n '1210,1270p' crates/warp-core/src/optic_artifact.rs

echo ""
echo "=== causal_facts.rs: full RuntimeSupportRecorded digest block ==="
sed -n '255,295p' crates/warp-core/src/causal_facts.rs

echo ""
echo "=== optic_artifact.rs lines 60-135 (OpticArtifact / RegisteredOpticArtifact structs) ==="
sed -n '60,135p' crates/warp-core/src/optic_artifact.rs

Length of output: 18433

---

@flyingrobots: All three self-review findings are correctly addressed. The implementation is sound. Details below.

---

What's correct

Authority boundary (P2 — resolved)
record_runtime_support_v0_fixture_for_artifact resolves the Echo-issued handle before delegating to the private record_runtime_support_v0_fixture_for_requirements_digest. The free-form public path is gone. The idempotency guard (insert(...).is_none()) is clean — RuntimeSupportRecorded fires exactly once per requirements digest regardless of how many handles share it.

Digest invariant (P2 — resolved)
verify_descriptor now enforces both halves:

descriptor.requirements_digest != artifact.requirements_digest   → RequirementsDigestMismatch
artifact.requirements.digest   != artifact.requirements_digest   → RequirementsDigestMismatch

The stored requirements payload and the registered label are bound at registration time before any handle is issued, so no RuntimeSupportRecorded fact can be published for an artifact with a mismatched inner digest. ✓

Admission ladder (correct)
The resolve_runtime_support_v0_for_requirements → unwrap_or(InvocationAdmissionUnavailable) chain is correct: absent key → Some(RuntimeSupportUnavailable), present key → None → terminal InvocationAdmissionUnavailable. ✓

GraphFact::digest for RuntimeSupportRecorded
Hashes variant, requirements-digest, and support-digest — distinct from all existing variants, deterministic. ✓

---

Minor observations (non-blocking)

1. resolve_runtime_support_v0_for_requirements verifies presence, not the stored digest value

fn resolve_runtime_support_v0_for_requirements(&self, requirements_digest: &str)
    -> Option<OpticInvocationObstruction>
{
    if self.runtime_support_v0_by_requirements.contains_key(requirements_digest) {
        return None; // stored digest value not checked
    }
    Some(OpticInvocationObstruction::RuntimeSupportUnavailable)
}

Safe today — there is exactly one write path and it always writes runtime_support_v0_fixture_digest(). But the stored [u8; 32] value is published in the causal fact yet never verified at admission time. If a second fixture type is added later, this silently admits on presence alone. Worth a comment on the contains_key call naming the invariant.

2. RequirementsDigestMismatch is reused for two distinct invariant failures

Both descriptor.requirements_digest != artifact.requirements_digest and artifact.requirements.digest != artifact.requirements_digest surface as OpticArtifactRegistrationError::RequirementsDigestMismatch and publish ArtifactRegistrationObstructionKind::RequirementsDigestMismatch. The published fact cannot distinguish the outer (descriptor vs. artifact label) from the inner (stored payload vs. label) failure. Not blocking, but a separate variant like StoredRequirementsDigestMismatch would make the causal record more precise if that distinction ever matters for diagnostics.

3. Handle index saturation

next_handle_index.saturating_add(1) silently stalls at u64::MAX, producing duplicate handle IDs. Practically unreachable in a game engine, but the failure mode is silent collision rather than a visible error. Not blocking.

---

All correctness requirements are met. The two P2 findings and the P4 docs finding are properly closed. The test coverage (RED/GREEN regressions for unknown handle, mismatched inner digest, admission ordering, caller testimony exclusion) is sufficient for this slice.

[approve]