feat(core): add runtime support v0 boundary

[flyingrobots]

Summary

• add RuntimeSupport v0 as the next optic admission ladder gate after resolved basis, aperture, and budget
• record Echo-owned runtime support fixture facts by registered requirements digest
• add InvocationAdmissionUnavailable as the terminal obstruction after runtime support resolves
• update checkpoint docs and changelog to keep the ladder obstruction-only and caller-support-free

Tests

• cargo test -p warp-core --test causal_fact_publication_tests
• cargo test -p warp-core --test optic_invocation_admission_tests
• cargo test -p warp-core
• cargo check
• cargo fmt --check
• git diff --check
• pnpm exec markdownlint-cli2 CHANGELOG.md docs/design/optic-admission-ladder-checkpoint.md
• pre-push gate: fmt, guards, clippy-core, tests-warp-core, rustdoc

Summary by CodeRabbit

Release Notes

• New Features

  • Runtime support v0 fixture validation is now enforced during invocation admission.
  • Added obstruction types for diagnostics when runtime support is unavailable or invocation admission fails.

• Documentation

  • Updated design documentation to reflect the new runtime support admission checkpoint and resolution ordering.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a RuntimeSupport v0 boundary for optic invocation admission in the warp-core crate. After budget resolution, the admission pipeline now checks for Echo-owned runtime-support facts keyed by requirements digest, obstructing at RuntimeSupportUnavailable if missing and at InvocationAdmissionUnavailable if present but not authoritative. New GraphFact::RuntimeSupportRecorded events are published when support is recorded through artifact handles, with comprehensive tests and design documentation covering the new obstruction sequencing and fact publication guarantees.

Changes

RuntimeSupport v0 Boundary Implementation

Layer / File(s)	Summary
Core type and fact definitions crates/warp-core/src/causal_facts.rs	InvocationObstructionKind gains InvocationAdmissionUnavailable variant with digest label. GraphFact adds RuntimeSupportRecorded variant carrying requirements_digest and support_digest with deterministic digest computation using variant = "runtime-support-recorded".
Registry infrastructure for runtime support tracking crates/warp-core/src/optic_artifact.rs	Registry adds v0 runtime-support fixture constants and runtime_support_v0_fixture_digest() helper. OpticArtifactRegistry stores recorded support digests in runtime_support_v0_by_requirements map. Public method record_runtime_support_v0_fixture_for_artifact() captures evidence and emits RuntimeSupportRecorded facts via internal publish_runtime_support_recorded_fact().
Optic invocation obstruction variant and admission integration crates/warp-core/src/optic_artifact.rs	OpticInvocationObstruction adds InvocationAdmissionUnavailable variant. admit_optic_invocation_with_capability_validator consults runtime-support evidence after budget resolution via resolve_runtime_support_v0_for_requirements helper, selecting between RuntimeSupportUnavailable and InvocationAdmissionUnavailable. invocation_obstruction_kind() mapping extended to handle new obstruction variant.
Graph fact publication regression tests crates/warp-core/tests/causal_fact_publication_tests.rs	Imports extended with runtime-support types. New tests verify RuntimeSupportRecorded publication on successful artifact recording and rejection with UnknownHandle on unknown handles. Digest determinism test extended to validate runtime-support fact digest uniqueness and cloning stability.
Admission pipeline behavior tests crates/warp-core/tests/optic_invocation_admission_tests.rs	Two tests renamed to clarify runtime-support expectations relative to basis/budget resolution. Large new test block validates runtime-support checking occurs only post-budget, echo-owned fixtures are enforced, caller-supplied testimony is rejected, and invocations obstruct despite resolved runtime support. Published graph facts limited to registered artifacts, runtime-support recorded events, and obstruction facts.
Design documentation and changelog update CHANGELOG.md, docs/design/optic-admission-ladder-checkpoint.md	CHANGELOG documents RuntimeSupport v0 boundary with obstruction outcomes and Echo-owned evidence scoping. Design doc repositions runtime boundary from budget framing to explicit RuntimeSupport v0 checks, expands obstruction reachability table with new variants and sequencing, adds dedicated RuntimeSupport v0 section describing Echo-owned evidence, and updates tripwire to require runtime-support facts before InvocationAdmissionUnavailable reachability.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• flyingrobots/echo#351: Modifies the same optic invocation admission pathway by adding basis v0 fixture-driven obstruction gates, directly connected to the admission-resolution code path being extended here.
• flyingrobots/echo#346: Introduces the admit_optic_invocation_with_capability_validator method that this PR extends with runtime-support checking after budget resolution.
• flyingrobots/echo#331: Establishes the foundational OpticInvocationObstruction enum and admission skeleton that this PR builds upon by adding new obstruction variants and enforcement logic.

Poem

🎮 Runtime support stands its ground,
A guardian fact, Echo-bound,
Obstructing all who knock at the gate—
Not even fixtures change their fate.
The ladder climbs, but cannot pass. 🚫

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change: adding RuntimeSupport v0 as a new boundary in the optic admission ladder, which is the core objective across all modified files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch stack/runtime-support-v0-boundary

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[flyingrobots]

@codex please confirm these self-review findings before merge.

Severity	File / Lines	Type	Finding	Recommended mitigation prompt
P2	crates/warp-core/src/optic_artifact.rs:1097-1111; crates/warp-core/src/lib.rs:256-265; crates/warp-core/tests/causal_fact_publication_tests.rs:116-139	Authority boundary / API truth	OpticArtifactRegistry::record_runtime_support_v0_fixture_for_requirements(...) is public through the re-exported registry and accepts any String digest. The docs call this evidence for a registered requirements digest, but the method does not prove the digest belongs to a registered artifact/handle and cannot fail. This leaves RuntimeSupport v0 fact authority at convention level and lets arbitrary code with a mutable registry mint RuntimeSupportRecorded facts for unknown or future digests.	"Tighten RuntimeSupport v0 fact recording so support is recorded only for Echo-registered requirements. Prefer a handle/registered-artifact based API, e.g. record_runtime_support_v0_fixture_for_artifact(&OpticArtifactHandle) -> Result<..., OpticArtifactRegistrationError>, and add a regression proving unknown/unregistered requirements cannot publish RuntimeSupportRecorded or satisfy admission."
P4	docs/design/optic-admission-ladder-checkpoint.md:159-162	Documentation consistency	The BudgetResolution v0 section still says the only lawful next refusal in this slice is RuntimeSupportUnavailable. After this PR, that is false when Echo-owned RuntimeSupport v0 resolves; the current terminal refusal is then InvocationAdmissionUnavailable.	"Update the BudgetResolution v0 paragraph to say the next boundary is RuntimeSupport v0: absent support obstructs at RuntimeSupportUnavailable; resolved support advances to InvocationAdmissionUnavailable."

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 19895005bf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Require registered artifact when recording runtime support

record_runtime_support_v0_fixture_for_requirements accepts any caller-provided digest and always publishes GraphFact::RuntimeSupportRecorded without checking that the digest belongs to a currently registered artifact. In this commit that makes RuntimeSupport v0 authority depend on convention: code with &mut OpticArtifactRegistry can mint support facts for nonexistent (or not-yet-registered) requirements, and those facts are later consumed by admission once an artifact with that digest appears. This contradicts the method’s “registered requirements digest” contract and weakens provenance integrity for runtime-owned evidence.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Correct BudgetResolution terminal-refusal wording

The BudgetResolution v0 section still states that the only lawful next refusal is RuntimeSupportUnavailable, but this same change introduces a second lawful outcome after budget resolution when runtime support is present: InvocationAdmissionUnavailable. Leaving this sentence unchanged makes the design checkpoint inconsistent with implemented admission behavior and can mislead follow-on tests/docs that treat this file as the spec.

Useful? React with 👍 / 👎.

[flyingrobots]

Resolved the self-review findings.

Finding	Severity	Resolution	Commit
Stale BudgetResolution checkpoint sentence said the only next refusal was RuntimeSupportUnavailable.	P4	Updated the checkpoint to name RuntimeSupport v0 as the next boundary and to distinguish absent support from resolved support advancing to InvocationAdmissionUnavailable.	aba27f3
RuntimeSupport v0 fixture recording accepted a free-form requirements digest.	P2	Replaced the public free-form recorder with handle-scoped record_runtime_support_v0_fixture_for_artifact(...), which resolves Echo-issued artifact handles before recording support. Added regression coverage that an unknown handle cannot publish RuntimeSupportRecorded.	e87d891

Validation:

• RED: cargo test -p warp-core --test causal_fact_publication_tests runtime_support_v0_fixture_does_not_publish_for_unregistered_requirements failed before the fix with left: 2, right: 1.
• GREEN: cargo test -p warp-core --test causal_fact_publication_tests runtime_support_v0_fixture_rejects_unknown_handle_without_graph_fact
• GREEN: cargo test -p warp-core --test causal_fact_publication_tests
• GREEN: cargo test -p warp-core --test optic_invocation_admission_tests
• GREEN: cargo test -p warp-core
• GREEN: cargo check
• GREEN: cargo fmt --check
• GREEN: pnpm exec markdownlint-cli2 CHANGELOG.md docs/design/optic-admission-ladder-checkpoint.md
• GREEN: git diff --check
• Push gate passed: fmt, guards, clippy-core, tests-warp-core, rustdoc.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/warp-core/src/optic_artifact.rs`:
- Around line 1097-1128: The current flow validates handles in
record_runtime_support_v0_fixture_for_artifact then unconditionally calls
record_runtime_support_v0_fixture_for_requirements_digest which inserts into
runtime_support_v0_by_requirements and always calls
publish_runtime_support_recorded_fact, causing duplicate RuntimeSupportRecorded
facts when multiple artifacts share a requirements_digest; to fix, make
record_runtime_support_v0_fixture_for_requirements_digest check whether
runtime_support_v0_by_requirements already contains the requirements_digest (or
the same support_digest) and only call publish_runtime_support_recorded_fact
when inserting a new mapping, leaving
record_runtime_support_v0_fixture_for_artifact and
runtime_support_v0_fixture_digest unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: ffaf3ad5-f37f-4371-9d1c-8a6cb4616017

📥 Commits

Reviewing files that changed from the base of the PR and between 4b663dd and e87d891.

📒 Files selected for processing (6)

• CHANGELOG.md
• crates/warp-core/src/causal_facts.rs
• crates/warp-core/src/optic_artifact.rs
• crates/warp-core/tests/causal_fact_publication_tests.rs
• crates/warp-core/tests/optic_invocation_admission_tests.rs
• docs/design/optic-admission-ladder-checkpoint.md

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | 💤 Low value

Handle-scoped API addresses the P2 authority boundary concern.

The method correctly validates the handle via resolve_optic_artifact_handle before recording support, rejecting unknown handles with UnknownHandle error. This ensures RuntimeSupportRecorded facts can only reference registered artifacts.

One consideration: repeated calls for artifacts sharing the same requirements_digest will publish duplicate RuntimeSupportRecorded facts. The map entry is idempotent, but published_graph_facts accumulates duplicates. If callers expect idempotent recording, consider guarding the publish with an existence check.

Optional: Add idempotency guard

 fn record_runtime_support_v0_fixture_for_requirements_digest(
     &mut self,
     requirements_digest: String,
 ) {
     let support_digest = runtime_support_v0_fixture_digest();
+    if self.runtime_support_v0_by_requirements.contains_key(&requirements_digest) {
+        return;
+    }
     self.runtime_support_v0_by_requirements
         .insert(requirements_digest.clone(), support_digest);
     self.publish_runtime_support_recorded_fact(requirements_digest, support_digest);
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	/// Records Echo-owned RuntimeSupport v0 fixture evidence for a registered
	/// artifact's requirements digest.
	///
	/// This is runtime context, not invocation context. Callers cannot provide
	/// a support request through [`OpticInvocation`]; the admission ladder only
	/// consults facts recorded on this registry.
	///
	/// # Errors
	///
	/// Returns [`OpticArtifactRegistrationError::UnknownHandle`] if Echo did not
	/// issue the handle in this registry instance.
	pub fn record_runtime_support_v0_fixture_for_artifact(
	&mut self,
	handle: &OpticArtifactHandle,
	) -> Result<(), OpticArtifactRegistrationError> {
	let requirements_digest = self
	.resolve_optic_artifact_handle(handle)?
	.requirements_digest
	.clone();
	self.record_runtime_support_v0_fixture_for_requirements_digest(requirements_digest);
	Ok(())
	}
	fn record_runtime_support_v0_fixture_for_requirements_digest(
	&mut self,
	requirements_digest: String,
	) {
	let support_digest = runtime_support_v0_fixture_digest();
	self.runtime_support_v0_by_requirements
	.insert(requirements_digest.clone(), support_digest);
	self.publish_runtime_support_recorded_fact(requirements_digest, support_digest);
	}
	/// Records Echo-owned RuntimeSupport v0 fixture evidence for a registered
	/// artifact's requirements digest.
	///
	/// This is runtime context, not invocation context. Callers cannot provide
	/// a support request through [`OpticInvocation`]; the admission ladder only
	/// consults facts recorded on this registry.
	///
	/// # Errors
	///
	/// Returns [`OpticArtifactRegistrationError::UnknownHandle`] if Echo did not
	/// issue the handle in this registry instance.
	pub fn record_runtime_support_v0_fixture_for_artifact(
	&mut self,
	handle: &OpticArtifactHandle,
	) -> Result<(), OpticArtifactRegistrationError> {
	let requirements_digest = self
	.resolve_optic_artifact_handle(handle)?
	.requirements_digest
	.clone();
	self.record_runtime_support_v0_fixture_for_requirements_digest(requirements_digest);
	Ok(())
	}
	fn record_runtime_support_v0_fixture_for_requirements_digest(
	&mut self,
	requirements_digest: String,
	) {
	let support_digest = runtime_support_v0_fixture_digest();
	if self.runtime_support_v0_by_requirements.contains_key(&requirements_digest) {
	return;
	}
	self.runtime_support_v0_by_requirements
	.insert(requirements_digest.clone(), support_digest);
	self.publish_runtime_support_recorded_fact(requirements_digest, support_digest);
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/warp-core/src/optic_artifact.rs` around lines 1097 - 1128, The current
flow validates handles in record_runtime_support_v0_fixture_for_artifact then
unconditionally calls record_runtime_support_v0_fixture_for_requirements_digest
which inserts into runtime_support_v0_by_requirements and always calls
publish_runtime_support_recorded_fact, causing duplicate RuntimeSupportRecorded
facts when multiple artifacts share a requirements_digest; to fix, make
record_runtime_support_v0_fixture_for_requirements_digest check whether
runtime_support_v0_by_requirements already contains the requirements_digest (or
the same support_digest) and only call publish_runtime_support_recorded_fact
when inserting a new mapping, leaving
record_runtime_support_v0_fixture_for_artifact and
runtime_support_v0_fixture_digest unchanged.