Scope
Implement SourceOS Shell consumption of the merged SocioProphet/prophet-platform ADR-035 transparent fault attribution contracts.
Canonical upstream dependency:
SocioProphet/prophet-platform squash commit 86b0fbc203b595fb7ef103ee06f845211ea46378- ADR:
adr/ADR-035-transparent-fault-attribution-and-embedded-engine-policy.md
- Contracts:
FaultEnvelope, EngineManifest, BoundaryTransition, RolloutReceipt, DiagnosticRedactionPolicy
Design intent
SourceOS Shell must not let document/PDF/browser/terminal/helper surfaces become a hidden engine soup. Optional panes must fail in degraded mode rather than killing the core shell/editor/document workflow.
Acceptance criteria
- Add SourceOS Shell
EngineManifest examples for PDF viewer, document derivation service, secure PDF validator, browser/preview surface, terminal bridge, search/indexing surface, diagnostic reporter, and future notebook/dashboard surfaces.
- Add
BoundaryTransition fixtures or emission stubs for document open, PDF render, PDF sign/validate, preview pane launch, terminal bridge launch, search/indexing invocation, diagnostic export, and policy gate transitions.
- Add
FaultEnvelope fixtures for preview/render failure, PDF validation failure, and optional-pane initialization failure.
- Add degraded-mode UX/design notes: optional panes fail closed; the main shell remains usable; user sees a local diagnostic banner with component attribution.
- Safe-mode reopen path must be documented for disabling optional engines.
- Shareable diagnostic export must use
DiagnosticRedactionPolicy tiers.
Non-goals
Do not expand this beyond the current PDF/document/runtime lane until the PDF-first slice is real. This issue defines the diagnostic boundary for the current shell runtime and future surfaces.
Scope
Implement SourceOS Shell consumption of the merged
SocioProphet/prophet-platformADR-035 transparent fault attribution contracts.Canonical upstream dependency:
SocioProphet/prophet-platformsquash commit86b0fbc203b595fb7ef103ee06f845211ea46378adr/ADR-035-transparent-fault-attribution-and-embedded-engine-policy.mdFaultEnvelope,EngineManifest,BoundaryTransition,RolloutReceipt,DiagnosticRedactionPolicyDesign intent
SourceOS Shell must not let document/PDF/browser/terminal/helper surfaces become a hidden engine soup. Optional panes must fail in degraded mode rather than killing the core shell/editor/document workflow.
Acceptance criteria
EngineManifestexamples for PDF viewer, document derivation service, secure PDF validator, browser/preview surface, terminal bridge, search/indexing surface, diagnostic reporter, and future notebook/dashboard surfaces.BoundaryTransitionfixtures or emission stubs for document open, PDF render, PDF sign/validate, preview pane launch, terminal bridge launch, search/indexing invocation, diagnostic export, and policy gate transitions.FaultEnvelopefixtures for preview/render failure, PDF validation failure, and optional-pane initialization failure.DiagnosticRedactionPolicytiers.Non-goals
Do not expand this beyond the current PDF/document/runtime lane until the PDF-first slice is real. This issue defines the diagnostic boundary for the current shell runtime and future surfaces.