Import & drift control

macro_projection_import_protocol is the source-available membrane for bringing source system into Microcosm. It exists because Microcosm should be dense and alive without becoming a dump of private source bodies, operator context, model-output data, or launch material.

The component validates a projection packet with four public claims:

• source bodies are copied or source-faithfully refactored only when the target file, digest, provenance, validation refs, and metadata-only result record contract verify;
• private material is omitted with explicit omission result records;
• public runtime refs are fixtures, standards, paper modules, exported bundles, copied body targets, and result record refs;
• authority stays capped below launch, public sharing, private-system equivalence, and live source source authority.

Purpose

Microcosm grows by copying real material out of a much larger private codebase. The danger in that move is obvious: a dense public copy is exactly the kind of artefact that quietly carries a secret, an operator conversation, a model-output data, or launch material along with the genuinely useful code. This component exists to answer one question for every copied slice: was this body allowed out, and is the public copy honestly tied to the source it claims to come from?

The answer is an accounting check, not a trust statement. Each copied row declares its source ref, its public target ref, a content digest, and a material class. The protocol sorts that class into one of two sets. Five classes are source bodies (pattern, standard, tool, result record, proof) and may be copied with provenance. Nine classes are forbidden outright (source note, operator thread, model-output data, account secret, secret, recipient packet, launch packet, and the like) and can never appear as an imported body. Anything claiming to be must also carry a verification record naming the digest, the source-to-target relation, and the command or test that consumes the copy.

The unusual part is how the protocol treats a copy whose source has since changed. For an exact-copy row it re-hashes the live source file on disk and compares it against the digest recorded at import time. A mismatch is not reported as a failed import. It is recorded as live source drift: the original copy was still honest, the source has simply moved on, and the row is flagged for the refresh actuator rather than failed. The protocol deliberately separates a dishonest import from a stale one. That keeps the public copy faithful without forcing it to track every upstream edit in lock-step, and it stops a routine upstream change from being mistaken for a broken proof.

What the check does not do is just as load-bearing. A passing scan proves that the named slice omitted the forbidden material classes and kept result record bodies out of the result record. It does not establish the public copy is complete, equivalent to the private root, or ready to launch. The import is evidence about provenance and boundaries, never a launch decision.

Shape

The protocol is the membrane between source source and public Microcosm evidence. It reads projection cells, classifies the requested import, verifies source/target refs and digest relations, applies the secret-exclusion boundary, and emits metadata-only result records that a public reader can replay without gaining live source authority.

Its shape is deliberately two-level:

• fixture and exported-bundle commands validate whole projection packets, negative cases, omitted-material result records, and the intake/status board;
• source-module manifests bind each imported slice to source refs, target refs, digest relation, body-import class, validation refs, and scope limits.

That split keeps the component usable as a source-open body floor while preventing the paper module from becoming a static copy-count ledger. Counts, status totals, and current body-import floors live in result records and runtime status surfaces.

Runtime Shape

Run the fixture:

PYTHONPATH=src python3 -m microcosm_core.organs.macro_projection_import_protocol run --input fixtures/first_wave/macro_projection_import_protocol/input --out receipts/first_wave/macro_projection_import_protocol

Run the exported bundle:

PYTHONPATH=src python3 -m microcosm_core.organs.macro_projection_import_protocol run-projection-bundle --input examples/macro_projection_import_protocol/exported_projection_import_bundle --out receipts/runtime_shell/demo_project/organs/macro_projection_import_protocol

Preview the next import slice without writing result records:

PYTHONPATH=src python3 -m microcosm_core.organs.macro_projection_import_protocol plan --input examples/macro_projection_import_protocol/exported_projection_import_bundle

The public CLI also exposes the same validator through:

The plan action emits macro_projection_import_intake_preview_v1. It does not write result records. It scores each proposed projection cell before import: source refs, public target refs, validation refs, selected pattern ids, copy policy, scope limit, omitted material, secret-exclusion scan count, verified body-import status, and ready/blocked status.

Exact-copy is a relation, not the whole protocol. Rows declared as exact-copy prove byte-identical source and target digests and may be maintained by the exact-copy refresh actuator. Rows declared as source-faithful public edits or refactors prove the source source digest and the improved public target digest separately, cite the rewrite or symbol mapping, and are maintained by their own validator/test lane. This is the lane for public-safety redaction, dependency trimming, Microcosm-standard compliance, or runnable local cleanup.

It also self-hosts the intake cell state machine. Every projection cell carries projection_status, cell_state, action_required, status reason, landed evidence refs, and a next runtime surface. The board totals those fields as status counts plus an open-actionable count so future passes can distinguish a ready but unlanded cell from a verified public runtime import, self-hosted protocol, or runtime bridge that is already consumed.

microcosm intake is the runtime bridge over that plan. It writes receipts/runtime_shell/intake_bridge/runtime_reveal_import_bridge.json, links the projection cells to the spine and reveal commands, and projects the same statuses into the first-run bridge. Current landed statuses are: public_runtime_import_landed for formal_math_readiness_extensions, self_hosted_status_protocol_landed for projection_protocol_self_host, and runtime_bridge_landed for runtime_reveal_import_bridge. These statuses do not raise authority above public metadata, fixture shape, and result record refs.

microcosm status and microcosm spine also expose the computed macro_body_import_floor. Treat that value as a result record-backed floor, not a stable prose constant: the current authority lives in result records/sign-off/first_wave/macro_projection_import_protocol_fixture_acceptance.json and the first-wave runtime result records under receipts/first_wave/macro_projection_import_protocol/. Cold readers should inspect public_safe_body_import_count, public_safe_body_import_status, projection_status_counts, open_actionable_cell_count, and secret_exclusion_scan there instead of trusting an old markdown count. The floor is still not a launch signal or private-system equivalence claim.

Trace-Bundle Source-Body Import

The trace-bundle slice is the current proof-grade example of a source-body import. Its source-module manifest is examples/macro_projection_import_protocol/exported_projection_import_bundle/trace_capsule_source_module_manifest.json; the projection cell is trace_capsule_prompt_edit_capture_source_modules_import. The cell imports four source source bodies into the bundle:

• tools/meta/observability/cli_prompt_trace.py -> source_modules/tools/meta/observability/cli_prompt_trace.py;
• system/server/tests/test_cli_prompt_trace_capsule.py -> source_modules/system/server/tests/test_cli_prompt_trace_capsule.py;
• tools/agent_trace_structurer/parser.mjs -> source_modules/tools/agent_trace_structurer/parser.mjs;
• tools/agent_trace_structurer/parser.test.mjs -> source_modules/tools/agent_trace_structurer/parser.test.mjs.

The manifest is the body-floor result record for this slice. It records module_count: 4, body_copied: true, body_in_receipt: false, sha256_match: true, line counts, byte counts, required anchors, source refs, target refs, and the shared copied_non_secret_macro_body classification. That means the public bundle carries the source bodies, while runtime result records carry paths, hashes, counts, anchors, and validation refs without duplicating the bodies.

flowchart TD A["Copied material row source ref, target ref, digest, material class"] --> B{"Material class?"} B -- "forbidden class (secret, account secret, source note, operator, provider, launch)" --> R["Reject: forbidden body import"] B -- "class (pattern, standard, tool, result record, proof)" --> C{"Verification record present and target digest bound?"} C -- "no" --> R2["Reject: unverified import"] C -- "yes, exact copy" --> D["Re-hash live source source on disk"] D --> E{"Source digest still matches?"} E -- "yes" --> F["body floor"] E -- "no" --> G["Flag live source drift (honest copy, refresh later)"] G --> F F --> H["Per-slice manifest + metadata-only result record"] H --> I["Reader projection"] H -. does not grant .-> J["live source authority, public sharing, launch, or source-file changes"]

The imported Python side supplies the trace-bundle runtime surface: cli_prompt_trace.py reads selected source files, rejects binary paths, supports line-range and symbol selection, redacts selected excerpt text, and emits numbered source lines with schema metadata. Its companion test module proves terminal validation semantics, repeated prompt interning, source excerpt priority, and completion-report behavior. The imported JavaScript side supplies the Agent Trace Structurer surface: parser.mjs preserves source_text as the exact copied string, treats source_lines and indexes as deterministic navigation projections, and builds lossless attachment clips where exact text is reconstructed from source_segments[].text. parser.test.mjs proves embedded file artifact indexing, Codex trace shape, final-message extraction, AIW thread classification, and bounded export behavior.

This is a mechanism/evidence claim, not a launch claim. The slice proves that these four named, source bodies were imported into the public bundle with manifest-backed digest and anchor checks, and that the parser and trace bundle behavior have public fixture coverage. It does not establish that live provider logs, browser UI state, account or browser state, account secrets, raw operator thread bodies, recipient-send material, or future trace-bundle bodies are or exported.

Those artifacts are the source-open floor. The result record bodies stay metadata-only, and private source note, operator thread content, model-output data bodies, account secrets, account or browser state, and launch or recipient material remain outside the public bundle.

Evidence Binding

The component's current public authority is the accepted component row in core/organ_registry.json plus the sign-off result record result records/sign-off/first_wave/macro_projection_import_protocol_fixture_acceptance.json. The JSON paper-module bundle is core/paper_module_capsules.json#paper_module.macro_projection_import_protocol, and the resolved mechanism row is core/mechanism_sources.json#mechanism.macro_projection_import_protocol.validates_public_macro_projection_imports. The runtime source locus is src/microcosm_core/organs/macro_projection_import_protocol.py, with focused regression coverage in tests/test_macro_projection_import_protocol.py.

The exported bundle does not have a single catch-all source-module manifest. It carries one *_source_module_manifest.json file per imported slice under examples/macro_projection_import_protocol/exported_projection_import_bundle/, plus copied targets under that bundle's source_modules/ tree. That per-slice manifest shape is part of the evidence: it lets each imported route, tool, standard, result record, proof, or runtime body keep its own source ref, target ref, digest relation, validation refs, and scope limit.

The first command for the fixture lane is:

PYTHONPATH=src python3 -m microcosm_core.organs.macro_projection_import_protocol run --input fixtures/first_wave/macro_projection_import_protocol/input --out receipts/first_wave/macro_projection_import_protocol

Reader Evidence Routing

Use this order when checking the module:

1. Read the JSON bundle and standard to confirm the paper-module binding, scope limit, source-module manifest contract, and result record fields.
2. Run the fixture command to validate projection cells and negative cases against temporary result records.
3. Run the exported-bundle command to validate the public bundle and copied source-module surfaces.
4. Inspect the source-module manifests for exact-copy versus source-faithful edit relations before deciding which refresh lane applies.
5. Run the focused regression and paper-module corpus checks before landing a markdown or manifest update.

If a manifest is dry but a bundle-level validator still fails, check whether a bundle manifest carries its own expected digest or line-count rows. Do not infer that all companion manifest surfaces were refreshed just because an exact-copy source-module dry run is clean.

Prior Art Grounding

The import membrane follows established provenance and software-supply-chain patterns: copied or refactored artifacts need source refs, target refs, digests, validation refs, omission records, and a claim boundary. The closest public anchors are W3C PROV for describing entity/activity/agent provenance, the SLSA specification for artifact integrity and provenance in software supply chains, and in-toto for linking supply-chain steps through signed metadata.

Microcosm applies those patterns to a public/private projection boundary rather than to launch attestation. The per-slice source-module manifests, secret-exclusion scans, metadata-only result records, and omission result records are inspired by that provenance lineage, but they remain a local validator contract for public Microcosm fixtures and exported bundles.

Negative Cases

The validator intentionally rejects:

• private body import requests;
• omitted source material without omission result record refs;
• authority upgrades into live source source authority;
• projection cells without validation refs;
• launch, public sharing, recipient-work, or secret-export claims.

Validation Result record Path

From microcosm-substrate/, reproduce this page's proof boundary with temporary result records:

These checks validate projection cells, per-slice manifests, omitted-material result records, and metadata-only result record policy only. A diagram view is generated for this module and an atlas card is linked. The checks do not authorize live source source authority, secret export, launch, public sharing, source-file changes, provider or Lean/Lake execution, or whole-system correctness.

Re-enter this module when a new projection cell lands, a source-module manifest is refreshed, or a result record count changes. The repair route is to rerun the component validator, refresh the first-wave and sign-off result records, and update the standard or paper module only where the result record contract changed. Do not raise the scope limit from documentation edits.

Abstract

world_model_projection_drift_control_room is Microcosm's public projection-drift control component. It turns projected world-model rows into an auditable runtime result record: each row must carry a source signal, source ref, target ref, repair route, validation ref, fact-authority mesh, and explicit scope boundary booleans before the projection can pass.

The mechanism is deliberately narrow. It validates that public, metadata-only projection rows remain tied to named source evidence and rejection policy; it does not claim that the projection is source authority, that a live route was repaired, that private runtime state was inspected, or that Microcosm is public sharing-authorized or launch-authorized.

Purpose

This component exists to answer one question: when a public read model says something has drifted, can that claim still be traced back to a real source artifact, or has the read model quietly started to stand in for the source?

The design choice that makes this more than a shape check is that the supplied drift_rows.json is never trusted as input. The validator recomputes the drift rows from the public runtime result record, then treats the supplied file only as an expected snapshot whose role is recorded as expected_snapshot_not_source_authority. If the snapshot disagrees with the recomputed rows, that is flagged as staleness, not accepted as fact. Each recomputed row is then diffed against a real source-state artifact: a row from the extracted-pattern ledger, or a view-quality action-map lens whose own summary is re-derived from its action rows. A row that cannot be re-derived from source, or whose guard reference or derivation path has changed, moves the verdict to blocked.

The same boundary holds in the other direction. A drift row may name a repair route, but the route stays a label rather than an action: the validator rejects any row that authorises live repair, source-file changes, automatic doctrine changes, or launch. A projection here can describe what is wrong and where to go next without ever being allowed to act on it or to speak for the source it describes.

Telos

Projection drift is the failure mode where a useful read model begins to look like truth. A dashboard row, generated structured source record, route card, or public runtime result record can be correct enough for navigation while still being downstream of a source artifact that owns the actual authority.

This component makes that boundary executable. It accepts public drift rows only when they retain:

• a real source signal and source ref
• a target ref that names where the projection appears
• a repair-route label that remains a route, not a live mutation
• a validation ref that can witness the row
• a fact-authority record with authority, appearance, derivation, guard, and residual-route fields
• metadata-only result record policy and an explicit scope limit

Technical Object

The runtime locus is src/microcosm_core/organs/world_model_projection_drift_control_room.py. The exported public example is examples/world_model_projection_drift_control_room/exported_projection_drift_control_bundle. The accepted first-wave fixture is fixtures/first_wave/world_model_projection_drift_control_room/input.

The component exposes two public validation routes:

cd microcosm-substrate
PYTHONPATH=src ../repo-python -m microcosm_core.organs.world_model_projection_drift_control_room \
  run-drift-control-bundle \
  --input examples/world_model_projection_drift_control_room/exported_projection_drift_control_bundle \
  --out /tmp/microcosm_world_model_projection_drift_bundle

Projection-Drift Mechanism

The validator recomputes the public projection rows from runtime result records and source artifacts, then compares them with the supplied fixture snapshot. A row passes only when the recomputed projection, supplied snapshot, source-ref evidence, source-state diff, source-module manifest check, copied-body geometry probe, runtime result record witness, and non-public-state exclusion scan all stay inside the public boundary.

The core result payload records:

• drift_summary.row_count: 8
• source_ref_count: 8
• target_ref_count: 8
• repair_route_count: 8
• validation_ref_count: 8
• fact_authority_row_count: 8
• guarded_projection_treatment_count: 8
• unguarded_duplicate_count: 0
• runtime_receipt_witnessed_row_count: 8
• source_authority_claim_count: 0
• live_repair_authorized_count: 0
• source_mutation_authorized_count: 0
• automatic_doctrine_promotion_count: 0

The source-state result record evidence is intentionally small and inspectable. The focused test suite expects exactly two source-state evidence classes: extracted_pattern_ledger_row_diff and view_quality_action_map_summary_diff.

Runtime Result record Evidence

The public result record floor is metadata-only. The first-wave result records live at:

• receipts/first_wave/world_model_projection_drift_control_room/world_model_projection_drift_control_room_result.json
• receipts/first_wave/world_model_projection_drift_control_room/world_model_projection_drift_control_room_validation_receipt.json
• result records/sign-off/first_wave/world_model_projection_drift_control_room_fixture_acceptance.json

The exported-bundle result record lives at:

• receipts/runtime_shell/demo_project/organs/world_model_projection_drift_control_room/exported_projection_drift_control_bundle_validation_result.json

The exported-bundle result record records body_import_status: real_runtime_receipt_landed, body_material_status: copied_non_secret_macro_body_landed, body_copied_material_count: 4, body_in_receipt: false, and release_authorized: false. Its scope limit also sets source_authority_claim, source_mutation_authorized, live_route_repair_authorized, automatic_doctrine_promotion_authorized, provider_payload_exported, publication_authorized, and release_authorized to false.

Source-Available Body Floor

The exported bundle includes copied source bodies so a reader can inspect the implementation class without receiving private runtime state in the result record. The source-module manifest is:

• examples/world_model_projection_drift_control_room/exported_projection_drift_control_bundle/source_module_manifest.json

It records four copied modules:

• world_model_drift_aggregate_source_body_import
• world_model_drift_endpoint_source_body_import
• view_quality_action_map_source_body_import
• view_quality_action_map_test_body_import

Every manifest row is body_copied: true, body_in_receipt: false, classification: copied_non_secret_macro_body, and material_class: public_macro_tool_body, with sha256_match: true. The largest bodies are the Station world-model reducer system/server/world_model.py, the /api/drift endpoint in system/server/main.py, the view-quality action-map builder tools/meta/observability/view_quality_census.py, and its focused source regression test system/server/tests/test_view_quality_census.py.

The body floor is therefore source-available by bundle, not by result record. Result records carry paths, hashes, counts, anchor checks, and verdicts; they do not duplicate private bodies, model-output data, browser UI state, account or browser material, source notes, recipient-send state, or account secret-equivalent payloads.

Mutation and Rejection Contract

The validator is not a shape-only check. The focused test suite mutates the public inputs and requires the verdict to move to blocked when authority or freshness is broken:

• missing source refs produce DRIFT_SOURCE_REF_REQUIRED
• missing repair or validation refs produce DRIFT_VALIDATION_REF_REQUIRED
• missing fact-authority mesh produces DRIFT_FACT_AUTHORITY_REQUIRED
• projection rows claiming source authority produce DRIFT_SOURCE_AUTHORITY_FORBIDDEN
• live repair authority produces DRIFT_LIVE_REPAIR_FORBIDDEN
• non-public runtime export produces DRIFT_PRIVATE_RUNTIME_EXPORT_FORBIDDEN
• model-output data export produces DRIFT_PROVIDER_PAYLOAD_FORBIDDEN
• automatic doctrine changes produces DRIFT_AUTOMATIC_DOCTRINE_PROMOTION_FORBIDDEN
• launch-scope decision produces DRIFT_RELEASE_AUTHORITY_FORBIDDEN

Additional source-drift tests cover unwitnessed runtime rows, stale supplied snapshots, mutated runtime result record refs, missing source-ledger rows, source ledger rows without source_refs, view-quality source-file changes, internally consistent fake source refs, and selected-row order drift. These cases matter because a projection can be internally coherent and still lose authority if its source evidence, guard result record, or derivation path changes.

Shape

flowchart TD Result record["Public runtime result record public_projection_drift_control_lens.json"] Recompute["Recompute drift rows from selected_pattern_ids + result record rows"] Snapshot["Supplied drift_rows.json expected snapshot, source-linked only"] SourceDiff["Source-state diff extracted-pattern ledger + view-quality action map"] Geometry["View-quality geometry grade via copied view_quality_census.py"] Witness["Runtime result record witness every recomputed row appears in the result record"] Reject["Rejection gates missing/fake refs, private export, source authority, live repair, source-file changes, doctrine changes, launch"] Result records["metadata-only result records first-wave, sign-off, exported bundle"] Ceiling["Scope limit projection evidence only"] Result record --> Recompute Recompute --> Snapshot Recompute --> SourceDiff Recompute --> Witness Recompute --> Geometry Snapshot --> Reject SourceDiff --> Reject Witness --> Reject Geometry --> Reject Reject --> Result records Result records --> Ceiling

Reader Evidence Routing

Read in this order:

1. Bundle and generated instance: core/paper_module_capsules.json::paper_modules[27:paper_module.world_model_projection_drift_control_room] and paper_modules/world_model_projection_drift_control_room.json.
2. Runtime source and focused tests: src/microcosm_core/organs/world_model_projection_drift_control_room.py and tests/test_world_model_projection_drift_control_room.py.
3. First-wave fixture and result records: fixtures/first_wave/world_model_projection_drift_control_room/input, receipts/first_wave/world_model_projection_drift_control_room/, and result records/sign-off/first_wave/world_model_projection_drift_control_room_fixture_acceptance.json.
4. Exported-bundle evidence: examples/world_model_projection_drift_control_room/exported_projection_drift_control_bundle/ and receipts/runtime_shell/demo_project/organs/world_model_projection_drift_control_room/exported_projection_drift_control_bundle_validation_result.json.
5. Generated projection evidence: Mermaid available_from_capsule_edges, Atlas linked_from_capsule_edges_after_atlas_binding, and the one selective dependency residual preserved by the generated JSON instance.

Prior Art Grounding

This control room watches a world-model projection for drift between what the model expects and what the runtime reports. It draws on the model-monitoring and concept-drift literature, which treats a growing gap between predicted and observed behaviour as an operational signal. Microcosm borrows the drift-as-signal shape over metadata-only result records; the result is fixture-bound monitoring evidence, source-linked only, private runtime inspection, or whole-system correctness.

Validation Result record Path

Focused runtime validation:

PYTHONPATH=src ./repo-pytest \
  tests/test_world_model_projection_drift_control_room.py -q

Paper-module corpus validation:

cd microcosm-substrate
PYTHONPATH=src ../repo-python scripts/build_doctrine_projection.py --check-paper-module-corpus

Paper-module index validation from the repo root:

./repo-python tools/meta/factory/build_paper_module_index.py --check

This component imports the Set-6 source primitives that the scout identified as real but under-surfaced. It is a source-open bundle: exact copied source source bodies plus bounded public exercises and stable negative cases.

The bundle covers text structuring, provenance reconciliation, epistemic display guards, governance policy judgment, clone-local concurrency, market-clock scheduling, provider recovery scoping, and demo-take temporal remapping. It does not import raw operator transcripts, prompt-shelf private logs, browser/provider state, live market data, account secrets, audio, video, or public sharing state.

Purpose

A scout found eleven small primitives scattered across the wider system that were real and load-bearing but had never been surfaced as public evidence. They are the sort of utility code that quietly decides whether a larger feature is correct: a finance unit-scale check, a clock that fires market events once per session, a function that subtracts paused time from a recorded video offset. This bundle exists to bring those eleven into the public system without pretending they are anything grander than they are.

The single question it answers is narrow but useful: do the copied bodies still behave as claimed? It is easy to copy a function into a public bundle, check its file hash, and call that proof. That only shows the bytes match. It says nothing about whether the logic is right. This bundle goes one step further. For each primitive it imports the copied body and runs it on a small public synthetic input, then asserts the specific output the real code should produce.

The unusual part is that the eleven primitives are checked by execution, not by description. The Markdown prose and the JSON bundle say what each one is meant to do; the component proves it by calling the real function and comparing the answer. Each primitive also carries a paired negative case, a deliberately malformed input that the code must reject or correct, so the bundle shows both the working path and the guard. No private bodies, transcripts, or live data enter the result records; only refs, digests, anchor names, and the pass or fail of each exercise.

Prior Art Grounding

This bundle borrows from provenance modeling, risk-governance frameworks, policy-engine design, and temporal modeling. Useful anchors include:

• W3C PROV, for reconciling derived artifacts back to entities, activities, and responsible agents.
• NIST's AI Risk Management Framework, as a governance vocabulary for mapping, measuring, and managing system risk without turning every guard into a launch claim.
• Open Policy Agent, which separates policy evaluation from application code through a general-purpose policy engine.
• Martin Fowler's bitemporal history, as a prior pattern for preserving event time separately from record time.

Microcosm borrows the provenance, governance, policy-evaluation, and temporal separation patterns, but keeps this bundle at source-open public fixtures. It does not expose private operator memory, live market data, provider state, or publishing-scope decision.

Shape

Start from the bundle JSON, not from this prose. The source row core/paper_module_capsules.json::paper_modules[78:paper_module.batch6_unsurfaced_primitives_capsule] is the authority for the component subject, mechanism subject, concept edge, principle and axiom refs, dependency modules, runtime locus, generated projection statuses, and the scope limit. The generated JSON instance is paper_modules/batch6_unsurfaced_primitives_capsule.json; it is the parity projection that carries source_authority: json_capsule, the resolved relationship edges, the generated Mermaid and Atlas statuses, and the explicit scope boundaries.

flowchart LR Bundle["JSON bundle source row core/paper_module_capsules.json paper_module.batch6_unsurfaced_primitives_capsule"] Instance["Generated JSON instance paper_modules/batch6_unsurfaced_primitives_capsule.json source basis: source record"] Markdown["Markdown reader projection paper_modules/batch6_unsurfaced_primitives_capsule.md"] Standards["Standards standards/std_microcosm_batch6_unsurfaced_primitives_capsule.json std_microcosm public Microcosm boundary"] Runtime["Runtime/source loci src/microcosm_core/components/batch6_unsurfaced_primitives_capsule.py runtime_shell and macro_engines_gallery routes"] Fixtures["Fixtures, examples, source bundle fixtures/first_wave/batch6_unsurfaced_primitives_capsule/input examples/.../exported_batch6_unsurfaced_primitives_capsule_bundle source_module_manifest.json"] Result records["Tests and result records tests/test_batch6_unsurfaced_primitives_capsule.py result records/first_wave/... validation/result/board result records/sign-off/... fixture_acceptance.json"] Projections["Generated navigation projections Mermaid: available_from_capsule_edges Atlas: linked_from_capsule_edges"] Ceiling["Scope limit fixture-bound public source-body import digest/anchor checks, synthetic exercises, negative cases, metadata-only result records only"] Forbidden["Not authorized live operator memory, prompt capture authority, live market data, provider/browser state, media launch, source-file changes, public sharing or launch-scope decision, private-system equivalence, whole-system correctness"] Bundle -->|seeds| Instance Bundle -->|bounds| Markdown Bundle -->|names standard contract and ceiling| Standards Bundle -->|cites resolved code locus| Runtime Runtime -->|runs fixture and bundle validators| Result records Fixtures -->|public inputs and exact copied source bodies| Runtime Fixtures -->|26 copied modules; sha256 and anchor checks; body_in_receipt false| Result records Instance -->|derives relationship edges| Projections Projections -->|navigation projection only| Markdown Standards -->|public/private and launch boundary| Ceiling Result records -->|pass/fail evidence remains bounded by| Ceiling Ceiling -->|excludes| Forbidden Markdown -->|must not outrank| Bundle

The module is "actual" only because the reader can traverse these concrete surfaces:

• Bundle/source row: paper_module.batch6_unsurfaced_primitives_capsule binds the accepted batch6_unsurfaced_primitives_capsule component, the mechanism.batch6_unsurfaced_primitives_capsule.validates_public_unsurfaced_primitives_capsule mechanism, concept.import_projection_and_drift_control_bundle, principles P-2, P-5, P-9, P-15, axioms AX-4, AX-8, AX-10, AX-11, and the dependency modules named in the structured lattice table below.
• Generated instance: paper_modules/batch6_unsurfaced_primitives_capsule.json reports active status, public_paper_module_json_seeded_from_capsule_registry_not_legacy_markdown_authority, generated Mermaid available_from_capsule_edges, generated Atlas linked_from_capsule_edges, no unpopulated selective relations, and scope boundaries that the row is not runtime-correctness, launch-readiness, or whole-system authority.
• Standards: standards/std_microcosm_batch6_unsurfaced_primitives_capsule.json is the specific public bundle standard, backed by std_microcosm for the wider Microcosm entry and public/private boundary. It allows public mechanism ids, source refs, digests, anchors, exact copied source modules, synthetic outcomes, scope limits, and scope boundaries; it forbids account secrets, account or browser state, model-output data bodies, browser UI live-access material, raw operator transcripts, prompt-shelf private logs, live market data responses, media assets, and public sharing operation state.
• Runtime/source loci: the resolved locus is src/microcosm_core/organs/batch6_unsurfaced_primitives_capsule.py, with the runtime shell bundle-validation route and source-engines gallery route as readers over the same public component. The source bundle manifest records 26 copied source bodies with exact-copy source-to-target relations, SHA-256 matches, required anchors, and body_in_receipt: false.
• Fixtures/examples/source bundle: fixture inputs live under fixtures/first_wave/batch6_unsurfaced_primitives_capsule/input; the exported bundle lives under examples/batch6_unsurfaced_primitives_capsule/exported_batch6_unsurfaced_primitives_capsule_bundle; source_module_manifest.json is the source-open body-floor manifest for copied modules and metadata-only result record handling.
• Tests/result records: tests/test_batch6_unsurfaced_primitives_capsule.py covers the runtime component, copied subengine proofs, exact-copy imports, bundle shape, and private body omission. Result record authority is the fixture sign-off row plus receipts/first_wave/batch6_unsurfaced_primitives_capsule/batch6_unsurfaced_primitives_capsule_result.json, batch6_unsurfaced_primitives_capsule_board.json, batch6_unsurfaced_primitives_capsule_validation_receipt.json, and result records/sign-off/first_wave/batch6_unsurfaced_primitives_capsule_fixture_acceptance.json; the validation result record reports pass for source-module manifest status, exercise status, negative-case status, secret exclusion, and result record body scan.
• Scope limit: this page can claim fixture-bound public source-body import, copied-module digest/anchor evidence, synthetic source-exercise evidence, negative-case coverage, and metadata-only result records only. It cannot claim live operator memory, prompt-shelf capture authority, live market data, provider/browser state, media launch, source-file changes, publishing-scope decision, launch-scope decision, private-system equivalence, or whole-system correctness.

Source Modules

The exported bundle copies the relevant source sources under examples/batch6_unsurfaced_primitives_capsule/exported_batch6_unsurfaced_primitives_capsule_bundle/source_modules/. Result records carry source refs, digests, anchors, counts, and exercise outcomes, not copied body text or private state.

Reader Evidence Routing

Read this module through the fixture command, exported-bundle validation, focused pytest, structured source record, and result record paths. The fixture proves a public source-open Set-6 exercise, while the bundle proves copied source digests, anchors, synthetic source exercises, negative cases, copied-subengine proofs, and metadata-only cards. The generated structured source record proves that Mermaid and Atlas availability come from bundle edges.

The validator's mechanism set remains evidence for the accepted Set-6 component result record. It does not turn this page into live operator memory, prompt-shelf capture authority, trading decisions, live provider recovery, browser state, demo media launch, source-file changes, publishing-scope decision, launch-scope decision, or whole-system correctness.

Mechanism Set

The validator requires exactly these 11 mechanism rows: source note keyphrase engine, schema-loose distillation index, operator handoff linkage, observed-turn window merge, market situation graph, finance numeric assurance, fail-closed status judge, idea-microcosm concurrency guard, metabolism market clock, population-lane provider recovery, and demo-take temporal join.

The source module manifest requires 14 exact copied source source/support modules. The fixture requires 11 stable negative cases, one per mechanism row. The command card is the intended cold-reader first surface; the full result record is the drilldown.

How it works

For each mechanism the component loads the copied source body, runs it on a fixed public synthetic input, and checks the exact result. A few of the exercises make the idea concrete.

• Demo-take temporal join. video_t_seconds converts a wall-clock offset into a position in a recorded video by subtracting elapsed paused time. The exercise feeds it a 120-second wall offset with one pause and resume fifteen seconds apart, and asserts the result is exactly 105.0. A second call with a pause that has not yet resumed checks the open-pause branch returns 15.0. The negative case confirms a still-open pause is handled rather than ignored.

• Finance numeric assurance. build_finance_numeric_assurance recomputes declared numbers instead of trusting them. The exercise hands it a flow row tagged usd_millions whose flow and flow_usd fields disagree by orders of magnitude, plus a probability declared as 70.2. The check raises stockgrid_flow_unit_scale_mismatch and probability_bounds, and the result record's display_state becomes blocked rather than trusted. The point is that a mislabelled unit or an out-of-range probability fails closed.

• Operator handoff linkage. score_pair compares an agent's suggestion (a Type B capture) against what the operator later typed (a Type A input) using containment, token overlap, and anchor matching. The exercise scores a related pair above the 0.8 floor with containment true, then scores an unrelated "summarize the weather" input and asserts it falls below 0.3. This is how the primitive tells a real handoff from a coincidence.

• Market-clock scheduling. due_fire_points decides which scheduled market events are due at a given moment. The exercise sets the clock to 15:31 UTC with the open event already fired earlier that day, then asserts the hourly points fire while the already-fired open event is suppressed. The guard is idempotence: an event that already fired must not fire again in the same session.

The other mechanisms follow the same shape: keyphrase ranking returns ranked phrases for real text but an empty list for stopword-only input; the schema-loose distiller keeps assistant text and operator tail as separate roles without persisting either body; the fail-closed status judge blocks a transition when its policy is malformed; the concurrency guard reports that a parent directory and a child path overlap. Every exercise records only its pass or fail and a few summary numbers, never the copied body it ran against.

Copied-Subengine Proofs

The post-Set-12 proof surface exercises two copied dormant subengines directly from the exported source bundle:

• operator_thread_memory is loaded from the copied manifest and checked with synthetic observed-window cases for observed_window_within_memory and preserved_existing_no_overlap.
• market_situation_graph is loaded from the same copied bundle and checked with a public synthetic mart that covers fixture scoring, counterevidence, context rows, and source refs.

These are public test-level proofs in tests/test_batch6_unsurfaced_primitives_capsule.py. They do not add an accepted component, do not widen the fixture scope limit, and do not export private thread memory or live market data.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the Set-6 public primitive-import result record and sign-off JSON. The bundle command validates copied source digests, anchor evidence, synthetic source exercises, negative cases, and metadata-only cards. The focused test covers the runtime component, copied subengine proofs, exported bundle shape, exact-copy imports, and private body omission. The corpus and projection checks prove only that the generated paper-module instance remains fresh for this bundle-backed Markdown state.

This result record path is public fixture evidence only. It does not establish live operator memory, capture authority, live market data, provider/browser state, media launch, source-file changes, publishing-scope decision, launch-scope decision, or whole-system correctness.

Set 5 imports the next authority/systems contour as a bundle: post-execution result record validation, reasoning replay scope and lineage, verifier-gated Lean repair harnessing, process orphan classification, generated state fixpoint settlement, trace-tape compaction, code blast radius, and doctrine graph compilation.

The bundle carries exact copied source bodies in examples/batch5_authority_systems_capsule/exported_batch5_authority_systems_capsule_bundle/source_modules/ and tests those copies against source-root digests and anchors. The runnable Microcosm exercise is deliberately bounded: it uses synthetic public inputs to prove the negative claim fences while preserving the real source source as the source-open system.

Purpose

This page answers one question: can a cold reader inspect eight separate authority and systems mechanisms, and confirm each one refuses the wrong thing, without the reader having to run any of the real machinery?

The eight mechanisms are unrelated in subject. One validates post-execution result records; another decides when a reasoning step needs re-running; another gates a Lean proof attempt; another classifies a stray process; another settles generated-state residuals; another compacts a trace tape; another computes a code blast radius; another compiles a doctrine graph. What they share is a single discipline: each must decline to claim more than it has earned. The result record validator must not accept a drifted result record; the proof gate must not hand a placeholder proof to Lean; the orphan reaper must not signal a live process; the blast-radius pass must not invent coverage for a leaf with no dependents.

The unusual choice is that the bundle does not replay the real tools. It carries an exact copy of each source source body, checks those copies against the source-root digests and required anchors, and then runs a small synthetic re-derivation for each mechanism. Each re-derivation recomputes its own verdict from the fixture input rather than echoing a stored answer, so a negative case passes only when the exercise itself reaches the refusal, not when a fixture asserts it. The page is therefore a way to read eight refusal behaviours at once, with the genuine source bodies kept verifiable alongside.

Shape

flowchart TD Manifest["Copied source bundle + exercise manifest digests and required anchors checked first"] --> Component["Runtime component batch5_authority_systems_capsule.py"] Component --> E1["Result record validator flag provider/context/artifact drift"] Component --> E2["Replay scope no_replay when changed context is disjoint"] Component --> E3["Proof gate reject sorry/plan-only before Lean"] Component --> E4["Orphan reaper live descendant -> requires_owner_check"] Component --> E5["Fixpoint drainer residual source moved -> non-converging"] Component --> E6["Trace tape over-budget -> pointer + omission result record"] Component --> E7["Blast radius reverse closure; empty leaf stays empty"] Component --> E8["Doctrine graph report deleted paths and tombstones"] E1 --> Refusal["Shared refusal check each exercise recomputes its own verdict"] E2 --> Refusal E3 --> Refusal E4 --> Refusal E5 --> Refusal E6 --> Refusal E7 --> Refusal E8 --> Refusal Refusal --> Result records["metadata-only result records result records/first_wave/batch5_authority_systems_capsule"] Result records --> Ceiling["Scope limit: no external model access, mutation, proof success, launch, or private equivalence"]

The diagram starts where the runtime starts: the copied source bundle and the exercise manifest, checked against source-root digests and anchors. The component then fans out to the eight mechanism exercises, each recomputing its own pass or refusal verdict, and folds the results into metadata-only result records under a single scope limit. Generated-state mutation, external model access, proof-success claims, and launch-scope decision all stay outside that ceiling.

What the eight exercises check

Each exercise reads a small synthetic block from the fixture manifest and recomputes a verdict. None of them call a provider, run Lean, signal a process, or mutate generated state. What follows is the specific question each one answers.

• Result record validator. Given a runtime grant and two post-execution result records, it recomputes the drift codes for the second result record: a substituted provider, a context class outside the grant's allowed set, an output artifact hash that diverges from the grant, or runtime_execution claimed when no runtime grant was issued. The valid result record must pass and the drifted one must be flagged; the exercise will not call drift "absent".
• Replay scope. It compares the context classes a step consumed against the classes that changed. When the two sets are disjoint, the classification is no_replay. In the fixture, a step consumed a task spec and a public fixture while only ambient browser state changed, so re-running the step is not demanded.
• Proof gate. It scans a candidate proof string before any Lean call. A sorry token, a plan-only phrasing such as "plan:" or "I will", or a proof that merely restates the declared theorem without an exact are each treated as failure classes, and the gate verdict becomes rejected_before_lean. The exercise records 0/8 historical banked attempts; no proof-success claim.
• Orphan reaper. A process marked as a live-session descendant is classified requires_owner_check, not safe_close_candidate, and no signal is sent even when the fixture requests SIGKILL. The refusal is the point: a stray-looking process that belongs to a live session must not be killed on inventory alone.
• Fixpoint drainer. It walks residual signatures. If the same residual id reappears under a moved source signature, the settlement is classified settlement_residual_source_moved, which marks a non-converging residual rather than a settled one. No generated-state mutation is authorised either way.
• Trace tape. When the joined trace text exceeds the byte budget, the exercise truncates to a head budget and appends a pointer row plus an omission result record that records the omitted byte count. A budget breach with no omission result record is treated as a failure, so compaction can never silently drop trace bytes.
• Blast radius. It builds the reverse-dependency graph and takes the transitive closure of dependents for a target. A target with real dependents reports them; a leaf with no dependents reports an honestly empty bucket rather than inventing coverage.
• Doctrine graph. It scans doctrine nodes for two conditions: a node whose code path no longer exists, reported as an authority gap, and a node marked tombstone, reported with its replacement id. The exercise passes only when both a drift finding and a tombstone candidate are present, so a deleted code path behind a doctrine claim cannot pass unnoticed.

Reader Evidence Routing

• A source-authenticity reader starts with the exported bundle source_module_manifest.json, then checks the copied files under examples/batch5_authority_systems_capsule/exported_batch5_authority_systems_capsule_bundle/source_modules/ against the source source refs and anchor rows. The useful question is whether the public bundle is source-faithful, not whether it grants live generated-state authority.
• A runtime reader runs the fixture command and the run-batch5-bundle command in the Validation Result record Path. The useful question is whether the synthetic exercise and exported bundle return bounded pass evidence while keeping body material out of result records.
• A launch-boundary reader opens tests/test_batch5_authority_systems_capsule.py and the Scope limit before trusting any card copy. The useful question is whether negative fences block external model access, generated-state mutation, Lean proof-success claims, and launch-scope decision.

If any digest or exact-copy test is red, treat that as source-body import drift for the body-import owner. It does not make this Markdown a bundle source row, and it must not be patched here by hand.

Prior Art Grounding

This bundle borrows from provenance interchange, trace instrumentation, and software supply-chain attestation practice. Useful anchors include:

• W3C PROV, which models the entities, activities, and agents involved in producing data so readers can assess reliability and trustworthiness.
• OpenTelemetry, as a vendor-neutral pattern for traces, metrics, and logs across composed systems.
• SLSA provenance, which treats artifact origin, builder identity, and build parameters as explicit attestable metadata.

Microcosm borrows the lineage, trace, and attestation shape, but keeps the exercise bounded to copied public source bodies, synthetic inputs, and negative claim fences. It excludes generated-state mutation, external model access, proof success, or launch.

First Command

PYTHONPATH=src python3 -m microcosm_core.organs.batch5_authority_systems_capsule run --input fixtures/first_wave/batch5_authority_systems_capsule/input --out /tmp/batch5_authority_systems_capsule --card

Source Bodies

The bundle imports these source bodies as exact public snapshots:

• tools/meta/factory/validate_reasoning_execution_receipt.py
• tools/meta/factory/build_reasoning_execution_replay_scope.py
• tools/meta/factory/build_reasoning_execution_lineage.py
• tools/meta/factory/build_reasoning_execution_schedule_preflight.py
• tools/meta/factory/run_verisoftbench_micro10_c_arm_provider_repair.py
• tools/meta/control/orphan_reaper.py
• system/lib/generated_state_drainer.py
• system/lib/agent_execution_trace.py
• system/lib/code_architecture_projection.py
• system/lib/doctrine_graph.py

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

PYTHONPATH=src ../repo-python -m microcosm_core.organs.batch5_authority_systems_capsule run \
  --input fixtures/first_wave/batch5_authority_systems_capsule/input \
  --out /tmp/microcosm-batch5-authority-systems-vrp \
  --card
PYTHONPATH=src ../repo-python -m microcosm_core.organs.batch5_authority_systems_capsule run-batch5-bundle \
  --input examples/batch5_authority_systems_capsule/exported_batch5_authority_systems_capsule_bundle \
  --out /tmp/microcosm-batch5-authority-systems-bundle-vrp \
  --card
PYTHONPATH=src ../repo-pytest tests/test_batch5_authority_systems_capsule.py -q --basetemp /tmp/microcosm-batch5-authority-systems-tests

The fixture command writes the bounded synthetic exercise result record. The exported-bundle command validates the copied authority-system source modules, manifest digests, anchor rows, and secret-exclusion posture while keeping source bodies out of the result record. The focused test file checks the runtime exercise, exported bundle, omission result records, body-scan boundary, and negative claim fences.

This result record path is reader-verifiable evidence only. It does not flip Mermaid/Atlas status, create bundle authority, authorize generated-state mutation, dispatch providers, certify Lean proof success, claim launch-scope decision, or aggregate doctrine-lattice coverage.

TLDR

batch7_macro_engines_capsule imports the Set-7 source engines as source bodies and runs focused exercises around them. It is a real-system bundle: source copies, original JS/TS witnesses, deterministic Python exercises, negative cases, digest checks, and fenced claims.

What It Makes Visible

• tools/agent_trace_structurer/parser.mjs as a trace-IR/edit-claim witness with node --test parser.test.mjs.
• system/server/ui/src/lib/codemap/ as a code-map layout witness with Vitest.
• DAG wave scheduling, source indexing, patch context validation, network blocking, robust numeric center/scale, PageRank mass preservation, and never-empty regression-test selection.

What Each Exercise Proves

Each engine has a single deterministic check with a known answer, plus a paired negative case that must keep failing. The exercises are concrete:

• Trace IR parser (agent_trace_ir_compiler). Runs node --test parser.test.mjs against the copied parser. The paired negative case is a commit claim with no diff evidence, which the parser's own test rejects, so a pass means the edit-claim gate is intact rather than merely that the file copied.
• Code-map layout (codemap_orbit_layout). Runs the Vitest suite for the layout module and, in process, places five nodes on an orbit and measures every pair distance. The pass condition requires zero circle overlaps, so the layout proves geometric non-collision, not route meaning.
• DAG scheduler (constitutional_dag_kernel). Calls compute_waves on a six-node graph and checks the schedule is exactly [["a","f"], ["b","c"], ["d"], ["e"]]. A two-node cycle must raise, and an impure config path must be flagged, so the kernel proves wave ordering and cycle rejection together.
• launch-root index (release_root_compiler). Parses the copied module's AST and confirms the expected report-building functions exist and that a missing-reference count is reported. This is source indexing, not launch-scope decision.
• Source surgeon (source_surgeon_patch). Applies a one-line unified diff and checks the result is exactly a = 'B'. A diff whose context does not match must raise, and broken Python must fail to parse, so the engine proves patch-context and syntax validation, not semantic correctness.
• Clean clone (hermetic_clean_clone). Temporarily replaces the socket factory and confirms an outbound connection raises a network-disabled error. It proves a hermetic baseline, not complete sandboxing.
• Robust calculator (calculator_standard_actor). Feeds [1, 2, 3, 4, 5, 100] to the robust centre/scale routine. The robust centre stays at 3.5 while the naive mean is dragged above 19, so the outlier is resisted. It is a numeric primitive, not market data or investment-related actions.
• PageRank ranker (personalized_pagerank_ranker). Ranks a four-node graph and checks the score mass sums to 1.0; an unknown source node must return an empty map. It proves the rank invariant and missing-source refusal, not semantic understanding.
• Regression selection (regression_test_selection). Confirms the impacted- test selector never returns an empty set: an empty selection must fall back to a non-empty bundle. It proves the never-empty contract, not that the selected tests are sufficient.

When the input is the exported source-open bundle rather than the live fixture, the same nine engine rows are gated on the copied source manifest instead: every expected digest must match and every required anchor must be present before any row passes. The exercises stay metadata-only throughout; result records carry status, counts, digests, and refs, never the copied source or command output.

Prior Art Grounding

The component is grounded in trace instrumentation, graph analysis, and regression selection practice: parse execution traces into structured spans, project code or route graphs into navigable layouts, preserve graph-rank invariants, and choose focused tests without claiming sufficiency. Relevant anchors include:

• OpenTelemetry, especially traces/spans as a vendor-neutral model for representing units of work and their relationships.
• D3 force layouts, a common graph layout pattern for visualizing networks and hierarchies.
• NetworkX PageRank, which documents the PageRank family for graph-link analysis.

Microcosm borrows the structured-trace, graph-layout, and invariant-checking shape across its mixed Set-7 engines. The bundle remains a bundle of focused source witnesses and deterministic exercises; it is not a complete sandbox, semantic truth engine, or proof that selected tests are sufficient.

Source Body Imports

The source-module manifest at examples/batch7_macro_engines_capsule/exported_batch7_macro_engines_capsule_bundle/source_module_manifest.json lists the exact copied source bodies and required anchors. Result records store digests and counts, not source bodies.

Purpose

This module is the reader-facing instrument for the accepted batch7_macro_engines_capsule component. Its source authority is the JSON source record in core/paper_module_capsules.json; this Markdown explains the proof boundary for a cold reader and points back to the runtime component, copied source manifest, and focused tests.

The component answers one narrow question: do nine unrelated source engines, copied out of the larger system as source, still behave the way their own tests and invariants say they should? Rather than describe them in prose, the bundle runs each one. A trace-IR parser is checked by its own Node test runner; a code-map layout is checked by its Vitest suite; a dependency-graph scheduler, a robust numeric scorer, a PageRank ranker, a patch applier, a network-isolation guard, an AST source index, and a regression-test selector are each driven through a small deterministic exercise with a known correct answer.

What is worth noting is the mix. Most validators in this set check one shape of evidence. This one deliberately binds several kinds under a single fixture and a single scope limit: an external JavaScript test process, an external TypeScript test process, in-process Python function calls, and static AST reads. The point is not that any one engine is impressive in isolation. It is that nine engines with quite different runtimes can be exercised together, each with a concrete pass condition, while every exercise stays below launch, semantic-truth, and source-file changes.

The failure mode this guards against is the comfortable assumption that copied code still works. A source body can be copied faithfully, pass a digest check, and still be broken or subtly different from the original. The bundle refuses to treat a digest match as behaviour: each engine has to produce the expected output, and each negative case has to keep failing, before the row is allowed to pass.

Shape

flowchart LR input["Input dir"] mode{"Live fixture or exported bundle?"} subgraph Live["Live fixture: run each engine"] trace["Trace IR parser node --test"] codemap["Code-map layout Vitest + orbit non-overlap"] dag["DAG scheduler waves + cycle reject"] rest["launch index, source surgeon, clean clone, calculator, PageRank, regression selection"] end subgraph Bundle["Exported bundle: gate on manifest"] manifest["Source manifest: digests match + anchors present"] rows["Nine engine rows source_open_manifest_verified"] end neg["Negative cases must keep failing"] result["metadata-only result status, counts, digests"] ceiling["scope limit no launch, no semantic truth, no source-file changes"] input --> mode mode -->|live| trace mode -->|live| codemap mode -->|live| dag mode -->|live| rest mode -->|bundle| manifest manifest --> rows trace --> neg codemap --> neg dag --> neg rest --> neg rows --> result neg --> result result --> ceiling

Reader Evidence Routing

Start from the component source when checking behavior:

• EXPECTED_NEGATIVE_CASES names the rejected cases.
• AUTHORITY_CEILING names the forbidden claims.
• _source_open_bundle_exercises and _evaluate assemble the accepted public witness set.
• run_batch7_bundle and result_card expose the reproducible command and metadata-only summary.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the Set-7 source-engine result record and sign-off JSON. The exported-bundle command validates copied trace, codemap, DAG, source-rank, and regression-selection witnesses without emitting private bodies. The focused test covers the runtime component, exported bundle shape, exact-copy source imports, negative cases, card body omission, and numeric dependencies. The corpus and projection checks prove only that the generated paper-module instance remains fresh for this bundle-backed Markdown state.

This result record path is public fixture evidence only. It does not establish semantic truth, selected-test sufficiency, sandbox completeness, private-system equivalence, launch-scope decision, external model access, source-file changes, or whole-system correctness.

This component imports four Set-8 tools-tail primitives as exact copied source source bodies plus bounded public exercises: observer set diffing, JSON patch interpretation, ledger identity hashing, and shadow envelope parse coverage.

The bundle is intentionally source-open and bounded. It exercises pure mechanics over synthetic public fixtures. It does not run GodMode, use external model services, execute live bridge work, mutate repositories, export private lab artifacts, claim oracle truth, authorize public sharing, or approve launch.

Purpose

When a piece of tooling is copied from the private system into the public system, the obvious question is whether the copy still behaves the way the original did, or whether it has quietly drifted into a stub that only looks right. This bundle answers that one question for four small "tools-tail" primitives: does the copied source body, when run on a fixed public input, still produce the exact output the original would?

The unusual choice here is that the bundle does not re-describe the primitives or re-implement them. It loads the copied module straight from the exported bundle and runs the real functions, then checks the results against hard-coded expected values. If the copy were a hollow shell, the assertion would fail rather than pass with a green tick. The evidence is therefore behavioural, not merely a digest match: the code is executed, not just hashed.

What it deliberately does not do is treat any of that execution as truth about the world. Diffing two sets of observer rows is set arithmetic, not a claim that either set is correct. Applying a JSON patch is interpreting an edit script, not a claim that the edit is the right one. The bundle keeps the gap between "the mechanism runs as copied" and "the answer is correct" explicit, which is why the scope limit refuses oracle truth, prediction correctness, and semantic edit correctness even though real code ran.

Shape

The shape is a tools-tail primitive evidence map.

flowchart TD bundle["JSON source record core/paper_module_capsules.json[64] source basis: source record"] instance["Generated JSON instance paper_modules/batch8_tools_tail_primitives_capsule.json 20 edges; 0 unresolved selective relations"] markdown["Reader projection paper_modules/batch8_tools_tail_primitives_capsule.md"] standard["Local standard standards/std_microcosm_batch8_tools_tail_primitives_capsule.json"] runtime["Runtime/source locus src/microcosm_core/components/batch8_tools_tail_primitives_capsule.py loads copied modules, runs four exercises, checks exact output"] exercises["Four primitive exercises observer set diff | JSON-patch VM ledger-id hash | shadow envelope parse each: accept path + negative case"] fixture["Public fixture input fixtures/first_wave/batch8_tools_tail_primitives_capsule/input four primitives + negative cases"] bundle["Copied source bundle examples/batch8_tools_tail_primitives_capsule/exported_batch8_tools_tail_primitives_capsule_bundle source_module_manifest.json"] tests["Tests and result records tests/test_batch8_tools_tail_primitives_capsule.py result records/first_wave + sign-off + bundle validation"] projections["Generated navigation Mermaid: available_from_capsule_edges Atlas: linked_from_capsule_edges"] ceiling["Scope limit deterministic public primitive exercises and metadata-only source refs only no oracle truth, semantic edit correctness, live bridge/Lab execution, external model access, repo mutation, public sharing, launch, or whole-system proof"] bundle --> instance bundle --> runtime instance --> projections instance --> markdown standard --> runtime runtime --> bundle bundle --> runtime fixture --> runtime runtime --> exercises exercises --> tests fixture --> tests bundle --> tests tests --> ceiling projections --> ceiling markdown --> ceiling

The bundle explains the batch8_tools_tail_primitives_capsule component and the public tools-tail mechanism, binds the import/projection drift concept plus the principle and axiom edges, and resolves the runtime locus to src/microcosm_core/organs/batch8_tools_tail_primitives_capsule.py. The local standard keeps the evidence to four primitive mechanics: observer set diffs, JSON-patch interpretation, ledger identity hashing, and shadow-envelope parse coverage. Public evidence may include primitive ids, source refs, digests, anchors, counts, stable negative cases, metadata-only result record posture, and scope limits; it must not include private lab artifacts, model-output data, bridge payloads, account or browser state, or account secret-equivalent material.

The fixture path fixtures/first_wave/batch8_tools_tail_primitives_capsule/input and exported bundle examples/batch8_tools_tail_primitives_capsule/exported_batch8_tools_tail_primitives_capsule_bundle hold the public inputs and exact copied source modules. The focused test and result records prove fixture mechanics, bundle validation, negative cases, source-module digest/anchor posture, and no body text in result records. Generated Mermaid and Atlas links only make the bundle edges walkable; they do not authorize live tool execution, bridge work, external model access, repository mutation, publishing-scope decision, launch-scope decision, or whole-system correctness.

How it works

The evaluator loads four copied modules by manifest reference and runs one bounded exercise against each, comparing the live output to a fixed expected value. A primitive passes only when every checked field matches.

• Observer set diff. The copied diff_evidence and diff_predictions functions take two lists of rows keyed by id and partition them. For evidence, three lab rows and two oracle rows resolve to one overlap, one missed id, and one extra id; a row with no ledger_id is dropped rather than crashing the diff. For predictions, rows are split into matching, divergent, and missing-target sets. The exercise also asserts the dropped malformed row never appears in the serialised result, so a parse gap cannot leak through as silent data.
• Version committer JSON-patch VM. The copied _apply_op interprets a small set of edit operations (set, merge, append) over a nested document by path. The exercise applies four ops, checks the resulting document exactly, and confirms that attempting to traverse into a scalar (/profile/name where profile is a string) raises VersionCommitterError instead of corrupting the document. The interesting property is the refusal: a malformed path is a controlled error, not a partial write.
• Ledger-id identity hash. The copied generate_ledger_id produces a stable id from a lane and a record. The exercise checks that the lane alias poly and POLYMARKET normalise to the same canonical lane and hash to the same id, so the id is identity-stable across spelling; an unknown lane falls back to an X_ prefix; and a record missing the identity field its lane requires raises ValueError rather than hashing a blank.
• Shadow envelope parser coverage. The copied run parses a small envelope DSL (miner tuples, a spine line, prediction rows) written into a temporary run directory. The exercise feeds it one well-formed line and one malformed tuple per node, then checks that parsing did not hard-fail, that the well-formed rows parsed, and that the malformed tuple was counted as a comma_arity coverage gap. The point is that the parser reports its own coverage holes rather than swallowing them.

Each exercise also has a matching negative case (EXPECTED_NEGATIVE_CASES) that re-runs the same code on input designed to be rejected and confirms the rejection. So for every primitive the page shows both the accepting path and the refusing path. None of these checks open a network, a provider, or the live bridge; they run copied source bodies in process and keep the bodies out of the result records.

Reader Evidence Routing

• Bundle route: read core/paper_module_capsules.json::paper_modules[64] before treating this Markdown as explanation.
• Generated route: inspect paper_modules/batch8_tools_tail_primitives_capsule.json for the current generated instance.
• Bundle route: inspect examples/batch8_tools_tail_primitives_capsule/exported_batch8_tools_tail_primitives_capsule_bundle for the copied source source modules.
• Runtime route: run tests/test_batch8_tools_tail_primitives_capsule.py and the commands in ## Validation Result record Path.

Prior Art Grounding

This bundle borrows from standardized patch formats, transparency-log identity patterns, provenance metadata, and parser coverage practice. Useful anchors include:

• IETF RFC 6902, which defines JSON Patch operations such as add, remove, replace, move, copy, and test.
• IETF RFC 9162, where Certificate Transparency uses an append-only Merkle tree as an auditable log pattern.
• W3C PROV, for representing the provenance of derived artifacts and their generating activities.

Microcosm borrows the patch-operation, identity-hash, append-only-log, and provenance shapes, but keeps this bundle at deterministic fixture exercises. It does not claim oracle truth, semantic edit correctness, live bridge authority, external model access, repository mutation authority, or launch-scope decision.

Source Modules

The exported bundle copies the relevant source sources under examples/batch8_tools_tail_primitives_capsule/exported_batch8_tools_tail_primitives_capsule_bundle/source_modules/. Result records carry source refs, digests, anchors, counts, and exercise outcomes, not copied body text or private state.

Mechanism Set

The validator requires exactly these four mechanism rows: observer set diff kernel, version-committer JSON patch VM, ledger-id identity hash engine, and shadow envelope DSL parser coverage.

The source module manifest requires four exact copied source source modules. The fixture requires four stable negative cases, one per mechanism row. Shared registry, sign-off, runtime-shell, CLI, atlas, and generated docs wiring is intentionally deferred while the existing shared Microcosm core lease is active.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the bounded tools-tail primitives result record and sign-off JSON. The bundle command validates copied source sources, manifest digests, observer-diff, JSON-patch, ledger-id, and shadow-envelope exercises, body-exclusion posture, and scope limit fields. The focused test checks fixture mechanics, bundle validation, negative cases, and the no-live-bridge scope limit.

This result record path is reader-verifiable evidence only. It is not oracle truth, not prediction correctness, not semantic edit correctness, not live bridge or Lab execution authority, not external model access, not repository mutation authority, not publishing-scope decision, and not launch-scope decision.

This component imports three Set-8 policy engines as exact copied source source bodies plus bounded public exercises: Lab contract audit red/green gating, market-fusion fail-closed claim preflight, and campaign dispatch transition adjudication.

The bundle is source-open and bounded. It exercises deterministic policy mechanics over synthetic public fixtures. It does not run live campaigns, use external model services, mutate repositories, export private artifacts, claim market-level conclusions, authorize public sharing, or approve launch.

Purpose

The three engines copied here share one design idea: a machine-checkable gate that runs before any judgement, model call, or downstream action, and refuses by default rather than passing on absent evidence. The bundle answers a single question for a cold reader: do these copied gate bodies still make the same deterministic decisions when run against public fixture inputs?

The Lab contract audit reads persisted Lab node artifacts from disk and applies fixed structural rules: a ban on question marks in compute-node outputs (an output carrying a ? is treated as an unresolved hedge, not an answer), tuple formatting and two-sentence annotation rules, exact thesis inheritance between nodes, prediction targets grounded against an allowed set, and contradiction reconciliation. Any hard fail flips the report from green to red. The interesting choice is that this audit is deterministic and runs ahead of any semantic interpretation, so a runtime gate can fail closed on structure without asking a model whether the output looks right.

The market-fusion readiness gate decides whether a consumer may turn raw feed presence into a cross-feed claim. Every registered candidate situation is currently set to refuse, each for named, specific reasons (a missing provider, an absent event window, relation edges that are not measurement-conditioned). An unregistered situation also refuses, but with the distinct reason candidate_situation_gate_missing. That distinction is the point: the gate fails closed on anything it has not explicitly reasoned about, and the bundle checks that a registered refusal and a fail-closed refusal stay legible as different things.

The campaign dispatch adjudicator is a small state machine over a fixed table of legal status transitions. It returns legal_transition for an allowed move, already_target for a no-op, and raises an error for an illegal one. Its load- bearing rule is that completed is terminal: a completed dispatch cannot move back to running without an explicit superseding event.

Shape

Read this module as a bounded evidence pipeline: the JSON bundle names the paper-module authority, runtime locus, standard, and generated projections; the runtime exercises copied policy sources against public fixtures; the tests and result record commands verify those fixture mechanics and scope boundaries. Everything below the bundle is reader or navigation evidence, not live policy, source-file changes, market, public sharing, provider, production, or launch-scope decision.

flowchart TD bundle["Copied source source bodies lab_contract_audit.py market_fusion_readiness.py campaign_state_transition.py"] fixtures["Public synthetic fixtures Lab node artifacts, candidate claims, dispatch status pairs"] subgraph Lab["Lab contract audit"] labrun["compute_lab_contract_audit question-mark ban, tuple/annotation, thesis inheritance, target grounding"] labgreen["green no hard fails"] labred["red QUESTION_MARK_OUTPUT and others"] end subgraph Market["Market-fusion readiness"] mkrun["preflight_candidate_situation"] mknamed["refuse: named reasons registered situation"] mkmissing["refuse: candidate_situation_gate_missing fail-closed default"] end subgraph Campaign["Campaign dispatch adjudicator"] cprun["validate_dispatch_transition"] cplegal["legal_transition / already_target"] cpillegal["CampaignTransitionError completed is terminal"] end exercises["Bundle evaluator three engines must pass, three stable negative cases"] ceiling["Scope limit fixture evidence and copied source refs only no live campaign, provider, market, repo, or launch-scope decision"] bundle --> labrun bundle --> mkrun bundle --> cprun fixtures --> labrun fixtures --> mkrun fixtures --> cprun labrun --> labgreen labrun --> labred mkrun --> mknamed mkrun --> mkmissing cprun --> cplegal cprun --> cpillegal labred --> exercises mkmissing --> exercises cpillegal --> exercises exercises --> ceiling

Reader Evidence Routing

• Bundle route: read core/paper_module_capsules.json::paper_modules[61] before treating this Markdown as explanation.
• Generated route: inspect paper_modules/batch8_policy_engines_capsule.json for the current generated instance of this module.
• Bundle route: inspect examples/batch8_policy_engines_capsule/exported_batch8_policy_engines_capsule_bundle for the three copied source policy sources.
• Runtime route: run tests/test_batch8_policy_engines_capsule.py and the commands in ## Validation Result record Path for recomputation evidence.

Prior Art Grounding

This bundle borrows from policy-as-code, risk-management, and market-claim boundary practice. Useful anchors include:

• Open Policy Agent, which treats policy as a separately evaluated engine over structured input.
• NIST's AI Risk Management Framework, whose govern/map/measure/manage posture is a useful precedent for explicit risk gates and red/green decision surfaces.
• The CFTC's prediction markets explainer, as a boundary reminder for market-facing claims and event-contract language.

Microcosm borrows the deterministic policy-gate and market-claim-preflight shape, but keeps the component to fixture inputs and copied public source. It does not run campaigns, use external model services, claim market-level conclusions, mutate repositories, or approve launch.

Source Modules

The exported bundle copies the relevant source sources under examples/batch8_policy_engines_capsule/exported_batch8_policy_engines_capsule_bundle/source_modules/. Result records carry source refs, digests, anchors, counts, and exercise outcomes, not copied body text or private state.

Mechanism Set

The validator requires exactly these three engine rows: Lab contract audit deterministic red gate, market-fusion readiness fail-closed gate, and campaign dispatch status transition adjudicator. The source module manifest requires three exact copied source source modules. The fixture requires three stable negative cases, one per engine row.

Each engine exercise runs the copied body and checks a concrete decision, so a silent change in gate behaviour shows up as a blocked exercise:

• Lab contract audit: a green artifact set must return green, and the same set with a banned ? injected into a compute-node output must return red with QUESTION_MARK_OUTPUT in its hard fails. The negative case BATCH8_LAB_CONTRACT_QUESTION_MARK_RED_GATE confirms the red gate fires.
• Market-fusion readiness: a registered candidate situation must refuse with named reasons, while an unregistered situation and a malformed payload must both refuse with candidate_situation_gate_missing. The negative case BATCH8_MARKET_FUSION_MISSING_GATE_REFUSED confirms the fail-closed default.
• Campaign dispatch adjudicator: candidate -> blocked is a legal_transition, completed -> completed is already_target, and completed -> running raises a terminal-state error. The negative case BATCH8_CAMPAIGN_COMPLETED_TO_RUNNING_REFUSED confirms the refusal.

Shared registry, sign-off, runtime-shell, CLI, atlas, package-data, and generated docs wiring is intentionally deferred while the existing shared Microcosm core lease is active.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the bounded policy-engine result record and sign-off JSON. The bundle command validates copied source policy sources, manifest digests, negative cases, source-body exclusion, and scope limit posture. The focused test checks deterministic red/green gates, bundle validation, private-boundary scans, and the no-launch scope limit.

This result record path is reader-verifiable evidence only. It does not run live campaigns, use external model services, mutate repositories, validate markets, certify whole system safety, authorize public sharing, or approve launch.

This component ports the pure AudioLevelMonitor.normalizedLevel RMS math from Swift to Python and exercises it over public synthetic sample arrays.

The bundle is bounded to numeric parity. It does not start an AVCaptureSession, request microphone permission, read recorded audio, capture a device, claim UI readiness, authorize public sharing, or approve launch.

Purpose

The Swift AudioLevelMonitor feeds a live microphone level meter in a recording app. Most of that file is platform machinery: opening a capture session, selecting a device, reading sample buffers off a callback. Buried inside is one small, pure function, normalizedLevel, that turns a block of audio samples into a single number between zero and one. That number is the only part that can be checked without a microphone, so it is the only part this component ports.

The single question this component answers is: does the Python re-implementation of that calculation produce the same level value as the Swift original, on inputs we can publish? Everything device-specific, permission-gated, or stateful is deliberately left on the Swift side. What crosses into Python is the arithmetic alone.

The interesting choice here is what is held out, not what is included. A live level meter is hard to test because it depends on real audio hardware and OS permissions that cannot live in a public fixture. By isolating the pure amplitude maths and exercising it over synthetic sample arrays, the component keeps a checkable parity claim about the part that matters for the meter reading, while making no claim at all about capture, permission, or device state. The test is scoped to being a maths port and nothing more.

How it works

normalized_level takes a sequence of samples and a format tag. It accepts only float32 and int16; any other tag raises ValueError, which is how the "unsupported format" case is exercised. An empty buffer returns 0.0 immediately, before any arithmetic.

For each sample it accumulates the square of the value. Float samples are used as-is; int16 samples are first divided by 32767.0 (the Swift Int16.max) to map the integer range onto roughly minus-one to one. It then takes the root mean square, sqrt(total / count), which summarises the block's energy as a single amplitude. That value is multiplied by 8.0 and clamped to the [0.0, 1.0] range with min(max(rms * 8.0, 0.0), 1.0). The gain of eight is a display choice carried over verbatim from the Swift source: quiet speech sits low on a zero-to-one meter without it, so the level is scaled up and then capped so loud input cannot overshoot one. These two lines, the int16 divisor and the rms * 8 clamp, are the anchors the bundle requires to match the copied Swift text.

The runtime checks three reference cases drawn from a public probe manifest (float32, int16, and an over-one buffer that must clamp), optionally decodes mono 16-bit PCM WAV byte fixtures and recomputes their level from the raw bytes, and runs three negative exercises: empty buffer must read zero, an over-one buffer must clamp to one, and an unknown format must be refused. Each case compares the observed level against the manifest's expected value within a small tolerance. A mismatch, a missing expected case, or a failed refusal is recorded as a finding, and any finding turns the verdict from pass to blocked.

Shape

Read this module as a bounded RMS-parity pipeline: the JSON bundle names the reader authority, runtime locus, standard, and generated navigation edges; the runtime ports Swift normalizedLevel math over public fixture arrays; tests and result records verify numeric parity and metadata-only evidence. Generated Mermaid and Atlas links are navigation status, not macOS audio-session, microphone, device, source-file changes, public sharing, or launch-scope decision.

flowchart TD swift["Copied Swift source AudioLevelMonitor.normalizedLevel metadata-only; anchors only"] manifest["Public probe manifest synthetic sample arrays + WAV bytes expected level per case"] samples["normalized_level(samples, format)"] fmt{"format tag?"} refuse["raise ValueError unsupported format refused"] empty{"buffer empty?"} zero["return 0.0"] scale["square + accumulate int16 divided by 32767"] rms["rms = sqrt(total / count)"] clamp["min(max(rms * 8, 0), 1) scaled, then clamped to 0..1"] compare["compare observed vs expected within tolerance"] verdict{"any finding?"} blocked["status: blocked"] passed["status: pass"] ceiling["Scope limit RMS parity over public fixtures only no audio session, microphone, device, source-file changes, public sharing, or launch"] swift --> samples manifest --> samples samples --> fmt fmt -->|"not float32/int16"| refuse fmt -->|"float32 or int16"| empty empty -->|"yes"| zero empty -->|"no"| scale scale --> rms rms --> clamp clamp --> compare refuse --> compare zero --> compare compare --> verdict verdict -->|"yes"| blocked verdict -->|"no"| passed blocked --> ceiling passed --> ceiling

Reader Evidence Routing

• Bundle route: read core/paper_module_capsules.json::paper_modules[59] before treating this Markdown as explanation.
• Generated route: inspect paper_modules/batch8_audio_level_rms_port.json for the current generated instance derived from the source record.
• Bundle route: inspect examples/batch8_audio_level_rms_port/exported_batch8_audio_level_rms_port_bundle for copied Swift source refs and digest evidence.
• Runtime route: run tests/test_batch8_audio_level_rms_port.py and the commands in ## Validation Result record Path for recomputation evidence.

Prior Art Grounding

The component is grounded in standard digital-audio metering practice: root mean square amplitude is a common way to summarize signal energy for level displays, while OS capture APIs and media tools are kept outside pure numeric tests. Useful anchors include:

• Apple's AVFoundation media framework family for time-based audiovisual capture and processing on Apple platforms.
• FFmpeg audio/video documentation, as a broad media-processing toolchain where audio streams and levels are handled as explicit inputs and transforms.

Microcosm borrows only the pure RMS-level calculation shape and ports it to fixture-bound Python parity tests. It does not start an audio session, request microphone permission, read recorded audio, capture a device, or approve UI or launch-scope decision.

Source Reference

The exported bundle copies apps/demo-take-console/Sources/DemoTakeConsoleApp/AudioLevelMonitor.swift under examples/batch8_audio_level_rms_port/exported_batch8_audio_level_rms_port_bundle/source_modules/. Result records carry refs, digests, anchors, sample counts, and parity verdicts, not copied body text, recorded audio, or private device state.

Mechanism Set

The validator requires float32 parity, int16 parity, over-one clamp behavior, empty-buffer zero behavior, and unsupported-format refusal. Shared registry, sign-off, runtime-shell, CLI, atlas, package-data, and generated docs wiring is intentionally deferred while the existing shared Microcosm core lease is active.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the bounded RMS parity result record and sign-off JSON. The bundle command validates the copied Swift source module, digest anchors, negative exercises, body-exclusion scan, and source-ref boundary. The focused test checks the Python port, bundle validation, result record body scan, and scope limit.

This result record path is reader-verifiable evidence only. It does not start an audio session, request microphone permission, read recorded audio, prove device capture, approve UI readiness, change source files, authorize public sharing, or approve launch.

This component imports tools/finance/structural_theses.py as exact copied source source and exercises it over public synthetic structural-thesis fixtures.

The bundle is bounded to replayable CP1/CP2 thesis-family validation. It excludes financial decisions, investment recommendations, live market data, external model access, portfolio action, public sharing, or launch.

Purpose

The copied source, tools/finance/structural_theses.py, takes a tempting idea and disciplines it. The tempting idea is that some market moves look structurally obvious, so a corpus of "obvious" theses ought to predict the next one. The trap is survivorship: it is easy to assemble a list of patterns that worked in hindsight and call the list a method.

The single question the source answers is narrower and harder. Given claims that looked structurally obvious at the time they were written, which reasoning families still survive once you resolve every claim forward and keep the ones that failed? The load-bearing inversion is that "obvious" is treated as a claim-status frozen at commitment time, never as a label applied to outcomes afterwards. A thesis whose meaning shifts once the result is known is a post-hoc mutation, and the leakage guard rejects it.

What is unusual is that losers and negative controls are first-class, required evidence rather than noise. A refuted thesis must flow through the same pipeline as a confirmed one and stay legible as valid evidence; a negative control must be present and must not resolve into a confirmed claim. The output vocabulary deliberately has no tradable "winner": the strongest a surviving pattern can earn is review_candidate, a flag for human review and nothing more.

This bundle does not assert any of those findings as market-level conclusions. It imports the source verbatim, runs it over public synthetic rows, and checks that the discipline holds. It is not financial decisions, an investment recommendation, or live-market validation.

What it validates

The component loads the copied finance source, builds one public winner, loser, and control family from a synthetic probe, and then exercises the source's own validator over both the clean family and three deliberately broken variants.

The clean path confirms the at-time semantics survive a full run: the winner resolves claim_confirmed_forward, the loser resolves claim_refuted_forward and is marked valid evidence, the control resolves as a control without becoming a confirmed claim, the surviving pattern lands in family memory as a candidate_set, and the authority boundary keeps investment_recommendation_authorized false. Under the hood the source maps each thesis onto the existing forecast-claim shape and drives the real CP1 admission, CP2 resolution, proper-scoring replay, and purged walk-forward replay with deterministic fixture prices rather than building a new evaluator.

The three negative exercises are the substance of the proof, because each one forces a specific discipline to fire:

• Survivor-only. A family built from winners alone, with no failed thesis, must be rejected. The source raises NO_LOSER_FLOWED_THROUGH, NO_NEGATIVE_CONTROL, and SURVIVORSHIP_SAMPLE; the component confirms all three appear (error code BATCH8_STRUCTURAL_THESES_SURVIVOR_ONLY_REJECTED).
• Forward-gate breach. A refuted pattern is smuggled into the forward review candidates. The source must raise FORWARD_GATE_BREACH, because only a pattern that survived at-time replay may produce a review_candidate (BATCH8_STRUCTURAL_THESES_FORWARD_GATE_BREACH_REJECTED).
• Control leak. A negative control is mutated to claim it confirmed forward. The source must raise CONTROL_LEAK (BATCH8_STRUCTURAL_THESES_CONTROL_LEAK_REJECTED).

If any of these refusals fails to fire, the component records a blocked finding rather than a pass. Alongside the family check it verifies exact digest parity and required anchors for the copied source, so the page cannot drift away from the code it claims to exercise. Result records carry verdicts, counts, error codes, and refs only; copied bodies, market data, and model-output data stay out.

Shape

This module's shape is bundle-first and projection-bounded. The source row is core/paper_module_capsules.json::paper_modules[63:paper_module.batch8_structural_theses_capsule]; the generated JSON instance is paper_modules/batch8_structural_theses_capsule.json, and it preserves source_authority: json_capsule.

flowchart TD Bundle["JSON source record core/paper_module_capsules.json[63]"] --> Runtime["Runtime locus components/batch8_structural_theses_capsule.py"] Source["Exact copied source tools/finance/structural_theses.py"] -->|digest + anchor parity| Runtime Probe["Public synthetic probe winner, loser, control rows plus realized returns"] --> Runtime Runtime --> Build["build_structural_thesis_family CP1 admit forward-only CP2 resolve vs frozen criterion proper-scoring + purged replay"] Build --> Clean["validate_structural_thesis_family on the clean family"] Clean --> CleanCheck{"Winner confirmed, loser refuted + valid evidence, control not confirmed?"} Runtime --> Neg["Three broken variants"] Neg --> Survivor["Survivor-only family NO_LOSER_FLOWED_THROUGH NO_NEGATIVE_CONTROL SURVIVORSHIP_SAMPLE"] Neg --> Forward["Refuted pattern smuggled into forward candidates FORWARD_GATE_BREACH"] Neg --> Control["Control mutated to confirmed CONTROL_LEAK"] CleanCheck -->|yes| Pass["Bounded pass result record"] CleanCheck -->|no| Block["Blocked finding"] Survivor -->|refusal fires| Pass Forward -->|refusal fires| Pass Control -->|refusal fires| Pass Survivor -->|refusal missing| Block Forward -->|refusal missing| Block Control -->|refusal missing| Block Pass --> Ceiling["Scope limit public synthetic fixture + copied source only"] Ceiling -. forbids .-> NoClaims["No advice, recommendation, live market data, external model access, portfolio action, public sharing, launch"]

The standards lane is split deliberately. The module-specific public runtime standard, standards/std_microcosm_batch8_structural_theses_capsule.json, governs the fixture fields, public/private boundary, result record contract, validator command, negative-case count, and explicit anti-purpose. The wider codex/standards/std_microcosm.json::paper_module_coverage_contract governs how paper-module coverage, Atlas cards, generated Mermaid, and context-pack depth stay navigable without promoting generated projections into source truth.

The runtime/source lane is likewise bounded. The Microcosm component src/microcosm_core/organs/batch8_structural_theses_capsule.py loads the copied structural-theses source, builds the winner/loser/control family, evaluates survivor-only, forward-gate-breach, and control-leak negative exercises, and writes metadata-only result records. The exported bundle at examples/batch8_structural_theses_capsule/exported_batch8_structural_theses_capsule_bundle contains source_module_manifest.json; that manifest records 12 exact copied source modules for bundle validation, including source_modules/tools/finance/structural_theses.py, while the first-wave result record narrows the copied-source proof to the structural-theses module itself.

The proof lane is fixture-level. The public fixture input under fixtures/first_wave/batch8_structural_theses_capsule/input and the focused regression tests/test_batch8_structural_theses_capsule.py validate digest and anchor parity, thesis-family replay, winner/loser/control semantics, stable negative cases, body exclusion, scope limits, and the runtime-shell bundle path. Result record evidence lives under receipts/first_wave/batch8_structural_theses_capsule/, result records/sign-off/first_wave/batch8_structural_theses_capsule_fixture_acceptance.json, and receipts/runtime_shell/demo_project/organs/batch8_structural_theses_capsule/exported_batch8_structural_theses_capsule_bundle_validation_result.json.

The generated Mermaid and Atlas statuses are useful only as navigation result records: available_from_capsule_edges and linked_from_capsule_edges mean the JSON bundle edges are walkable. They do not authorize financial decisions, investment recommendations, live-market validation, external model access, portfolio action, public sharing, launch, private-system equivalence, or whole-system correctness.

Reader Evidence Routing

• Bundle route: read core/paper_module_capsules.json::paper_modules[63] before treating this Markdown as explanation.
• Generated route: inspect paper_modules/batch8_structural_theses_capsule.json for current generated state.
• Bundle route: inspect examples/batch8_structural_theses_capsule/exported_batch8_structural_theses_capsule_bundle for copied source refs and digest evidence.
• Runtime route: run tests/test_batch8_structural_theses_capsule.py and the commands in ## Validation Result record Path.

Prior Art Grounding

This bundle borrows from empirical-finance validation and bias-control patterns. Useful anchors include:

• Fama and French's common risk factors work and data-library tradition, as a precedent for decomposing structural market claims into named factor families and testable rows.
• MacKinlay's event-study methodology, as a prior pattern for separating an event window, expected baseline, and abnormal-return evidence.
• Brown, Goetzmann, Ibbotson, and Ross on survivorship bias, which motivates explicit loser/control cases rather than winner-only thesis replay.

Microcosm borrows the factor-family, event-window, and bias-control shape, but keeps the component to public synthetic thesis rows and copied source. It is not financial decisions, an investment recommendation, live-market validation, portfolio authority, publishing-scope decision, or launch-scope decision.

Source Reference

The exported bundle copies tools/finance/structural_theses.py under examples/batch8_structural_theses_capsule/exported_batch8_structural_theses_capsule_bundle/source_modules/. Result records carry refs, digests, anchors, counts, and runtime verdicts, not copied body text, model-output data, market data, or private runtime state.

Mechanism Set

The validator requires exact source digest parity, structural-thesis source anchors, a public winner/loser/control family, valid loser evidence, a negative control that does not become a confirmed claim, and rejection of survivor-only, forward-gate-breach, and control-leak exercises. Shared registry, sign-off, runtime-shell, CLI, atlas, package-data, and generated docs wiring is intentionally deferred while shared Microcosm core leases are active.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the bounded thesis-family result record and sign-off JSON. The bundle command validates copied source refs, digest anchors, public winner/loser/control cases, negative controls, body-exclusion posture, and scope limit fields. The focused test checks fixture validation, bundle validation, survivor-bias refusal, control-leak refusal, and claim boundaries.

This result record path is reader-verifiable evidence only. It is not financial decisions, not an investment recommendation, not live-market validation, not external model access, not portfolio authority, not publishing-scope decision, and not launch-scope decision.

engine_room_demo is the accepted Microcosm composition component for the staged Engine Room set. It wraps the bundles under microcosm_core.engine_room, runs the composed demo/audit path, and writes first-wave result records without promoting fixture rows into private-system or launch-scope decision.

Purpose

The Engine Room set is ten separate bundles: a Lean proof-search lab, a metabolism runtime, command singleflight, a generated-projection drift gate, a derived-fact engine, a public-projection leak gate, an egress self-compliance gate, a navigation-fitness benchmark, a bridge-campaign DAG, and an reference knowledge router. Each bundle has its own fixture and result record. This component exists so that a reader does not have to trust ten claims separately. It answers one question: do the ten bundles together cover the fourteen targets the controller asked for, and does each one still own its full surface and run.

A bundle "owns its surface" only when six files exist for it: module source, fixture input, fixture manifest, paper module, standard, and test. The audit checks all six per bundle, runs each fixture through its declared evaluator, and unions the targets the bundles actually declare against the fourteen the controller expected. A passing run means the set is complete and every fixture executed, not that any single bundle is finished or correct.

The design choice worth noting is in the negative case. Rather than compare against a frozen answer key, the negative fixture recomputes the live set of covered targets and fails only when the fixture names a target that is genuinely outside it. That keeps the refusal honest as the bundle set grows: the test cannot drift into agreement with a stale list, because there is no stored list to agree with.

A second deliberate boundary is that the runner reads the shared component registry, sign-off file, and atlas, but never writes to them. It reports whether the composition component is integrated into those shared surfaces as a separate visibility line, and always records shared_registry_mutated: false. Composition coverage and shared-registry integration are kept as two distinct facts, so a green demo cannot quietly imply registry authority it does not hold.

What It Runs

• Verifies the 14 Engine Room jewel targets selected by the controller prompt.
• Checks the owned staged bundle surfaces: module source, fixture input, fixture manifest, paper module, standard, and tests.
• Executes the staged bundle demo through the public fixture chain.
• Observes a negative fixture where an expected target is intentionally absent.

Shape

flowchart LR A["Engine Room fixture cases"] --> B["Accepted component wrapper"] B --> C["Controller coverage audit"] C --> D["10 staged bundle evaluators"] D --> E["14 covered jewel targets"] C --> F["Shared surface integration check"] B --> G["Result, board, validation result record"] G --> H["Sign-off result record"] A --> I["Missing-target negative case"] I --> C

The shape is a composition proof over declared public bundles. The wrapper asks the staged Engine Room runner to verify target coverage, surface presence, fixture execution, shared-surface visibility, and the missing-target negative case. It writes public result records and an sign-off result record without exporting private source run state or turning the staged demo into launch-scope decision.

Technical Mechanism

src/microcosm_core/organs/engine_room_demo.py is a result record-writing wrapper around src/microcosm_core/engine_room/demo.py. The wrapper loads one or more fixture cases, calls _evaluate_case for each case, and writes four metadata-only artifacts: result, board, validation result record, and optional sign-off result record. The positive case delegates to audit_controller_coverage; the negative case does not compare against a static answer key, but recomputes the actual staged target set and fails only when the fixture names a target outside that set.

audit_controller_coverage is the mechanism that makes the composition claim specific. It enumerates the ten CAPSULES, unions their declared jewel targets against EXPECTED_JEWEL_TARGETS, checks each bundle's owned source, fixture, manifest, paper module, standard, and test surface, optionally runs the staged bundle exercises through run_demo, and reads registry, sign-off, and atlas ids only as visibility evidence. The resulting result record distinguishes staged bundle completion from shared-registry integration and always reports shared_registry_mutated: false.

run_demo is the execution spine below the audit. It imports each staged bundle module, calls the declared evaluator (evaluate_fixture_dir or validate_fixture_dir), records compact per-bundle status, and summarizes the covered jewel targets. A pass therefore means the selected public fixture chain ran for the declared bundle set and covered the expected target lattice; it does not mean the Engine Room set is deployment-posture, privately equivalent, benchmark-complete, or launch-approved.

Governing Doctrine Relations

The generated structured source record binds this page to concept.import_projection_and_drift_control_bundle, mechanism.engine_room_demo.validates_public_engine_room_demo, and three adjacent Engine Room mechanisms for projection leakage, generated-projection drift, and command singleflight. Its governing principle refs are P-1, P-2, P-3, P-5, P-6, P-8, P-9, P-12, and P-15; its axiom refs are AX-1, AX-4, AX-5, AX-7, AX-8, and AX-11. In this module those refs all converge on one rule: composition evidence must be routed through explicit source, fixture, result record, and projection boundaries before it can support a reader claim.

The ten dependency modules are not decorative neighbors. They are the actual staged Engine Room bundle families consumed by the demo runner: Lean/proof-search, metabolism runtime, command singleflight, generated projection drift, derived facts, public projection leak checks, egress self-compliance, navigation fitness, bridge campaign DAGs, and reference knowledge routing. The bundle edge set is therefore a mechanism lattice over those bounded components, not an invitation to generalize beyond their result records.

Named Proof Consumers

• Fixture wrapper consumer: PYTHONPATH=src ../repo-python -m microcosm_core.components.engine_room_demo run --input fixtures/first_wave/engine_room_demo/input --out /tmp/microcosm-engine-room-demo/fixture --sign-off-out /tmp/microcosm-engine-room-demo/sign-off.json --json consumes build_result, the positive controller-audit fixture, the semantic missing-target negative case, result record writing, metadata-only sign-off output, and the module scope limit.
• Controller audit consumer: PYTHONPATH=src ../repo-python -m microcosm_core.engine_room.demo audit --root . --json consumes the ten-bundle inventory, 14-target coverage set, staged surface checks, shared-surface visibility readback, and the no-shared-mutation boundary.
• Staged bundle execution consumer: PYTHONPATH=src ../repo-python -m microcosm_core.engine_room.demo run --root . --json consumes each public bundle evaluator and proves the composition runner can execute the declared Engine Room fixture chain without touching shared registry, sign-off, atlas, or generated projection surfaces.
• Focused regression consumer: PYTHONPATH=src ../repo-python -m pytest -p no:cacheprovider tests/test_engine_room_demo.py tests/test_engine_room_demo_organ.py -q pins the bundle inventory, CLI JSON output, controller audit, semantic negative case, result record writer, public-relative fixture refs, and private-path redaction floor.
• It is a read-only result record for the Markdown slice, not permission to hand-edit generated projections.

Reader Evidence Routing

Read expected_jewel_count: 14 and covered_jewel_count: 14 as controller target coverage for the staged Engine Room set. Read capsule_count: 10 and passed_capsule_count: 10 as successful execution of the selected public fixture evaluators.

Read shared_registry_mutated: false as an authority boundary: the staged runner observes registry, sign-off, and atlas visibility, but it does not mutate those shared surfaces. Read shared_integration_status as a visibility result record, not as permission to alter the shared registry from this page.

Read body_in_receipt: false as the public-copy boundary. Result records can expose counts, target ids, fixture refs, stable error codes, scope limits, and omission-safe summaries; they must not copy private source run state, model-output data, raw operator threads, browser UI material, account secrets, or cloned third-party body text.

Prior Art Grounding

The component borrows from integration-testing and CI composition practice: multiple component checks are assembled into one public demo/audit path, negative fixtures prove refusal behavior, and result records summarize execution without upgrading fixture evidence into launch claims. Useful anchors include:

• IBM's integration testing overview, which frames testing around whether composed modules interact as intended.
• pytest fixtures, as a common pattern for public synthetic setup and reusable test inputs.
• GitHub Actions, as a widely used workflow surface for composing build, test, and publish stages with explicit status.

Microcosm borrows the composed-demo and audit-pipeline shape, but keeps the claim at declared public composition only. It is not deployment posture, private-system equivalence, benchmark validation, a security proof, or launch-scope decision.

Public Command

The CLI alias is:

The fixture manifest names one positive case (positive_controller_audit) and one negative case (missing_expected_target_negative) that expects ENGINE_ROOM_EXPECTED_TARGET_MISSING. The expected component result is status: pass, expected_jewel_count: 14, positive_case_count: 1, negative_case_count: 1, and observed_negative_case_count: 1.

The staged composition runner can also be inspected without writing sign-off result records:

PYTHONPATH=src python3 -m microcosm_core.engine_room.demo audit --root . --json
PYTHONPATH=src python3 -m microcosm_core.engine_room.demo run --root . --json

Focused verification from the source repo root:

PYTHONPATH=src ./repo-pytest tests/test_engine_room_demo.py tests/test_engine_room_demo_organ.py -q --basetemp /tmp/microcosm-engine-room-demo
cd microcosm-substrate && PYTHONPATH=src python3 scripts/build_doctrine_projection.py --check-paper-module-corpus

Validation Result record Path

PYTHONPATH=src ./repo-pytest tests/test_engine_room_demo.py tests/test_engine_room_demo_organ.py -q --basetemp=/tmp/microcosm_engine_room_demo_pytest
./repo-python scripts/build_doctrine_projection.py --check-paper-module-corpus

Purpose

Copying a file into a public bundle proves only that the bytes match. It does not establish that the imported logic still behaves the way it did in the larger system it came from. This component exists to close that gap for thirteen backend, governance, and frontend data-shaping modules. The single question it answers is: do these copied source bodies still compute what they claim to compute, when run against bounded fixtures, here in the public repository?

The unusual part is how it checks. Rather than asserting against pre-baked result files, the component loads each copied module and calls its real functions. It imports system/lib/approval_registry.py and runs decide_approval against a temporary approvals tree to confirm a pre-acquired claim is refused. It imports system/lib/python_documentation_tree.py and runs build_file_entry over written-out Python to read symbols back. It runs the copied mission-graph compiler, the dependency-pin parser, the config-authority registry validator, the host-pressure admission builder, the worker budget guard, and the milestone metric computer, each on its own fixture. The three TypeScript bodies for finance clustering, edge extraction, and WorkAtlas aggregation are parsed for their load-bearing constants and branches, then mirrored deterministically. Each exercise carries both a positive shape and a paired negative case, so the proof moves with source behaviour, not with a static result record.

The reader should treat the result as fixture-bound evidence and nothing more. A passing bundle shows that representative mechanics still match the imported bodies under positive and negative cases. It does not assert live lineage truth, approval authority, real market or news truth, host-state truth, work log truth, external model access, source-file changes, public sharing, or launch-scope decision.

Abstract

Set 9 Source Engines Bundle is a public Microcosm paper module for a source-open, body-import-backed component. The component copies thirteen source source bodies into examples/batch9_macro_engines_capsule/exported_batch9_macro_engines_capsule_bundle/source_modules/, checks their digests and required anchors, then runs deterministic public exercises over fixture data. The result is a reproducible evidence bundle for backend, governance, frontend data-shaping, worker-gate, and quality-accounting mechanics without granting live system authority.

The useful claim is narrow: the copied bodies and public fixtures can show that representative mechanics still behave like the imported source bodies under bounded positive and negative cases. They do not prove live lineage truth, approval authority, market or news truth, host-state truth, work log truth, external model access, source-file changes, public sharing, launch-scope decision, private-system equivalence, or whole-system correctness.

Telos

This module exists to make the Set-9 import legible as technical evidence rather than as generic public copy. A cold reader should be able to answer four questions:

• Which source bodies were copied, and how are they checked?
• Which mechanisms are exercised, and which ones are source-body-sensitive?
• Which result records prove only fixture truth, and which claims remain forbidden?
• How does this component relate to the Microcosm concept/mechanism/principle lattice?

Mechanism Map

flowchart TD manifest["source_module_manifest.json 13 copied source bodies"] fixtures["first_wave fixture input probe manifest + 13 negative cases"] runtime["batch9_macro_engines_capsule.py run / run_batch9_bundle"] digest["Digest + anchor check copied bytes match source, required anchors present"] exercise["Re-execute imported logic _run_all_exercises"] py["10 Python bodies importlib load, call real functions (lineage, approval, AST, mission graph, pin drift, config, host pressure, doctrine, worker gate, milestone)"] ts["3 TS-backed bodies parse constants/branches, mirror (finance, WorkAtlas, edge extractor)"] pos["Positive case expected shape"] neg["Negative case e.g. self-loop pruned, preacquired claim refused, forbidden surface blocked"] result records["metadata-only result records result, board, validation, sign-off; body_in_receipt false"] ceiling["Scope limit fixture evidence only"] manifest --> runtime fixtures --> runtime runtime --> digest runtime --> exercise exercise --> py exercise --> ts py --> pos py --> neg ts --> pos ts --> neg digest --> result records pos --> result records neg --> result records result records --> ceiling

The runtime source is src/microcosm_core/organs/batch9_macro_engines_capsule.py. Its load-bearing symbols are EXPECTED_MECHANISMS, EXPECTED_MODULE_IDS, EXPECTED_NEGATIVE_CASES, SOURCE_REQUIRED_ANCHORS, AUTHORITY_CEILING, run, run_batch9_bundle, and result_card.

Set-9 Pipeline

The Set-9 pipeline has four stages.

1. Source import. source_module_manifest.json declares thirteen copied source bodies, each with source_ref, copied target path, digest equality fields, line and byte counts, material class, and required anchors. The manifest states source_import_class: copied_non_secret_macro_body, body_copied_material_count: 13, and body_in_receipt: false.

1. Fixture execution. run consumes fixtures/first_wave/batch9_macro_engines_capsule/input, including batch9_macro_engines_capsule_probe_manifest.json plus thirteen negative-case files. It writes the result, board, validation result record, and optional sign-off JSON.

1. Exported-bundle validation. run_batch9_bundle validates examples/batch9_macro_engines_capsule/exported_batch9_macro_engines_capsule_bundle. The bundle manifest names exported_batch9_macro_engines_capsule_bundle as the input mode, points at source_module_manifest.json, and declares thirteen negative cases.

1. Result record and ceiling. The public result records may expose refs, digests, anchors, counts, verdicts, negative-case outcomes, and omission evidence. They must not inline copied source bodies or private/live payloads.

Mechanism Set

Several tests deliberately mutate copied source bodies in a temporary public bundle and refresh the manifest digest. Finance, lineage, approval, AST, mission graph, dependency, config, WorkAtlas, heterogeneous edge, doctrine, worker-gate, host-pressure, and milestone tests prove the exercise result moves with source-body behavior rather than with static result record fixtures alone. Two tamper modes are load-bearing: an unapproved copied-body edit without a manifest digest refresh fails CROWN_JEWEL_SOURCE_DIGEST_MISMATCH, while a body edit with a refreshed digest is only accepted when the required witnesses and semantic exercise still pass. Removing a required witness while refreshing the digest still fails CROWN_JEWEL_SOURCE_ANCHOR_MISSING. The fixture path also resolves through the copied source-module manifest, so a fixture-only or static result record replacement is outside the accepted proof shape.

Copied-Body and Import Authority

The source-module manifest is the body-import authority for this paper module. It proves that the public bundle contains copied bodies and that the runtime can compare copied target digests with expected source digests and required anchors. It does not make the Markdown source authority.

The authority chain is:

• core/paper_module_capsules.json::paper_modules[73:paper_module.batch9_macro_engines_capsule] is the paper-module bundle source row.
• paper_modules/batch9_macro_engines_capsule.json is the governed generated instance derived from that bundle.
• organs/batch9_macro_engines_capsule.json and mechanisms/mechanism.batch9_macro_engines_capsule.validates_public_macro_engines_capsule.json bind the accepted component and mechanism to the runtime, result records, and scope limit.
• standards/std_microcosm_batch9_macro_engines_capsule.json defines the public standard: exactly thirteen mechanisms, exactly thirteen copied source source modules, metadata-only result records, and forbidden live-authority claims.

Current Partial-Realness Limitations

Set 9 is real system progress because it copies source bodies and verifies source-sensitive behavior in public fixtures. It is still partial-realness, not live authority.

• The lineage exercise is a public provenance specimen, not live lineage truth.
• The approval exercise checks adjudication mechanics, not human approval authority.
• The finance exercise checks headline clustering over synthetic rows, not real market-level conclusions, investment-related actions, or news-truth authority.
• The host-pressure exercise checks admission-consumer behavior over quoted fixtures, not host-state truth.
• The WorkAtlas, worker-gate, and milestone exercises validate bounded mechanics, not live work log authority or external model access readiness.
• The generated Markdown/JSON/site projections remain navigation and reader surfaces; source authority stays in JSON contracts, source manifests, tests, and result records.

Failure Modes

The standard and tests protect against these failure modes:

• Mechanism count drifts away from thirteen.
• Source-module count drifts away from thirteen without manifest and test updates.
• The source manifest stops declaring copied_non_secret_macro_body.
• A copied source body changes without a matching manifest digest update.
• A copied source body loses required anchors, even if the manifest digest is refreshed.
• Runtime exercises stop checking named engine semantics and become result record-only assertions.
• Negative-case files declare error codes that the semantic evaluator does not actually observe.
• Result records include copied body text, raw operator transcripts, provider/browser state, account secrets, live market data, private runtime state, or source bodies.
• Public prose expands fixture evidence into launch, public sharing, provider, source-file changes, live-system, or private-system-equivalence authority.

Evidence Contract

Run these commands from microcosm-substrate/:

The fixture command proves the public fixture path. The bundle command proves the exported bundle path. The focused test suite covers exact-copy source imports, source-sensitive behavior shifts, copied-body digest mismatch blocking, source-import-class perturbation, required-witness removal with a refreshed digest, semantic negative cases, bundle validation, and metadata-only command cards. The doctrine projection checks prove only that the bundle-backed generated instance remains fresh for the current corpus. Rank saturation, rerank, and projection inheritance remain downstream routing work; this paper module does not apply or claim those projection mutations.

Reader Evidence Routing

Use this order when auditing the module:

1. Read standards/std_microcosm_batch9_macro_engines_capsule.json for the governing standard and scope boundaries.
2. Read src/microcosm_core/organs/batch9_macro_engines_capsule.py for expected mechanisms, expected modules, required source anchors, negative-case semantics, and scope limit.
3. Read examples/batch9_macro_engines_capsule/exported_batch9_macro_engines_capsule_bundle/source_module_manifest.json for copied-body authority.
4. Run the fixture and bundle validators, then the focused tests.
5. Treat result records as metadata-only evidence summaries, not as copied body storage or live-system proof.

Prior Art Grounding

This bundle imports copied source engine bodies and exercises them over fixtures. It follows the characterization, or golden-master, testing tradition (Feathers, Working Effectively with Legacy Code), which pins existing behaviour with deterministic fixtures before trusting it. Microcosm borrows the pin-then-exercise shape; the result is fixture-bound import evidence, not lineage truth, human-approval authority, or market-level conclusions.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

PYTHONPATH=src python3 -m pytest tests/test_batch9_macro_engines_capsule.py -q
PYTHONPATH=src python3 scripts/build_doctrine_projection.py --check-paper-module-corpus

These are reader-verifiable evidence only and do not include launch operations, external model access, source-file changes, or whole-system correctness.

Purpose

This bundle answers one question: when the wider system claims that a governance gate, a compiler, or a launch check behaves correctly, can a cold reader confirm that claim from copied source and a re-run, rather than taking the claim on trust? It collects fourteen mechanisms that already exist in the main system, copies their source bodies into the public bundle, and re-runs a small, source-faithful port of each one against controlled inputs.

The mechanisms span the work they were drawn from: a mutation gate that reads the latest user message and blocks file writes when the intent is diagnostic; an observe/apply compiler that turns an artifact into an apply plan and refuses malformed input; a reviewer gauntlet that checks a public proof bundle from several reader personas; launch-blocker triage; a public sharing path-contract check; result record-reuse staleness; a no-lookahead finance horizon; a session dependency wave; claim-conflict detection; role-aware blocking in a task graph; and three frontend helpers for table shaping, reference grouping, and recent-change coalescing.

What is unusual is the stance towards its own fixtures. The negative-case files on disk hold only a label and an expected error code. The bundle does not treat that error code as proof of anything. For each negative case it recomputes the outcome itself, in code, and compares the computed result against the expectation. A fixture that merely declares the right error code, without the ported logic actually producing it, is flagged rather than passed. The point is to stop a test from grading itself green by assertion.

Route Card

• Component id: batch10_governance_compilers_capsule
• JSON bundle authority: core/paper_module_capsules.json::paper_module.batch10_governance_compilers_capsule
• Accepted-component evidence class: verified_macro_body_import
• Runtime source: src/microcosm_core/organs/batch10_governance_compilers_capsule.py
• Fixture input: fixtures/first_wave/batch10_governance_compilers_capsule/input
• Runtime bundle: examples/batch10_governance_compilers_capsule/exported_batch10_governance_compilers_capsule_bundle
• Exact-copy authority: the bundle source_module_manifest.json plus copied source modules; refresh through macro_projection_import_protocol, not by hand.

This Microcosm component imports and exercises Set-10 source system for governed mutation, observe/apply compilation, public-proof review, launch blocker triage, public sharing path contracts, result record reuse, no-lookahead horizons, session-wave execution, claim conflict wait tax, role-aware DAG blocking, frontend data shaping, reference grouping, and recent-change coalescing.

The bundle carries exact source source snapshots where safe. publication_manifest_selector_contract_verifier is represented as a source-faithful public refactor because the source source contains a private home-path example. weighted_lane_width_apportionment_solver is recorded as a binding repair deferred to the Set-9 RootNavigator body, not as a fresh Set-10 import.

Integrity hardening: negative-case fixture files are labels and stable-code rows only. The result record's exercise.integrity_matrix is the verdict surface: each Set-10 mechanism records source relation, positive computed output, negative input shape, negative computed output, scope limit, and whether the result was computed by the bundle evaluator. A fixture-supplied error_codes row is never enough to prove refusal behavior.

Shape

The source row is core/paper_module_capsules.json::paper_modules[75:paper_module.batch10_governance_compilers_capsule]; the generated instance is paper_modules/batch10_governance_compilers_capsule.json; and the runtime source locus is src/microcosm_core/organs/batch10_governance_compilers_capsule.py. The specific standard is standards/std_microcosm_batch10_governance_compilers_capsule.json, with Microcosm-wide coverage and entry boundaries governed by std_microcosm.

flowchart LR Bundle["JSON bundle source row core/paper_module_capsules.json paper_module.batch10_governance_compilers_capsule"] Instance["Generated JSON instance paper_modules/batch10_governance_compilers_capsule.json"] Markdown["Markdown reader projection paper_modules/batch10_governance_compilers_capsule.md"] Standard["Standards std_microcosm_batch10_governance_compilers_capsule std_microcosm"] Runtime["Runtime/source loci batch10_governance_compilers_capsule.py exercise 14 mechanism ports resolve source evidence per mechanism recompute each negative case flag fixture_verdict_echo_risk"] Fixtures["Fixtures and source bundle fixtures/first_wave/.../input (labels + expected codes) exported bundle: 13 copied source modules source_module_manifest.json"] Tests["Tests and result records tests/test_batch10_governance_compilers_capsule.py result records/runtime_shell/demo_project/components/batch10_governance_compilers_capsule"] Projections["Generated navigation projections Mermaid: available_from_capsule_edges Atlas: linked_from_capsule_edges"] Ceiling["Scope limit fixture-bound public source-open evidence only no live ledger truth, source-file changes, public sharing, launch, provider, private-system, benchmark, or market authority"] Bundle -->|seeds| Instance Bundle -->|bounds prose| Markdown Bundle -->|names laws and source authority| Standard Bundle -->|cites code locus| Runtime Runtime -->|computes integrity matrix and result records| Tests Fixtures -->|public inputs, exact copies, declared refactor| Runtime Fixtures -->|manifest and source bundle validate| Tests Instance -->|derives edges| Projections Projections -->|navigation only| Markdown Tests -->|result record evidence remains below| Ceiling Standard -->|enforces public/private and launch boundary| Ceiling Markdown -->|must not outrank| Bundle

The bundle makes the module actual by binding five reader questions to typed authority surfaces:

• What is the source of record? The source record and generated JSON instance, not this Markdown file and not generated Mermaid or Atlas output.
• What is being exercised? The accepted batch10_governance_compilers_capsule component, the mechanism.batch10_governance_compilers_capsule.validates_public_governance_compilers_capsule mechanism, and the concept.import_projection_and_drift_control_bundle concept edge named by the bundle.
• Which runtime and source artifacts matter? The component module computes the integrity matrix, negative-case verdicts, source evidence, fixture run, bundle validation, result card, and AUTHORITY_CEILING; the exported bundle carries source_module_manifest.json, copied source modules, and the declared public refactor for the private-path-bearing public sharing manifest selector body.
• Which result records and tests are binding? The focused test file verifies the fixture run, bundle validation, digest mismatch rejection, private-body omission, negative-case semantics, source-evidence classifications, source helper parity, and reviewer-gauntlet behavior; the result record directory under receipts/runtime_shell/demo_project/organs/batch10_governance_compilers_capsule holds the runtime shell validation result, board, and validation result record.
• What is the honest ceiling? The module can claim fixture-bound public source-open import/refactor evidence, deterministic exercise evidence, integrity-matrix verdicts, metadata-only result records, and validation result records. It cannot claim live work log truth, live work log truth, source-file changes, publishing-scope decision, launch-scope decision, external model access, private root equivalence, neutral benchmark evidence, market advice, deployment posture, or whole-system correctness.

Bundle-Bound Reader Shape

The JSON bundle binds this paper module to one accepted subject: the batch10_governance_compilers_capsule component. The executable proof locus is src/microcosm_core/organs/batch10_governance_compilers_capsule.py, especially _build_integrity_matrix, _source_evidence, _evaluate, run, run_batch10_governance_compilers_bundle, result_card, EXPECTED_MECHANISMS, EXPECTED_NEGATIVE_CASES, and AUTHORITY_CEILING.

The bundle keeps the mechanism and concept layer intentionally narrow: it names the resolving governance/compiler mechanism subject and the concept.import_projection_and_drift_control_bundle concept, while additional concept or mechanism edges stay residual until resolving Microcosm rows exist. Its law edges are bounded to content-addressed reuse, provenance, freshness, and projection-below-source rules: P-2, P-5, P-9, P-15, AX-4, AX-8, AX-10, and AX-11. Its sibling paper-module dependencies are macro_projection_import_protocol, batch10_live_source_drift_capsule, and batch9_macro_engines_capsule.

If a projection disagrees with the bundle or refreshed source-open bundle, refresh the projection; do not edit generated output by hand.

How it works

The run takes a public input directory, validates the source-module manifest, and exercises each of the fourteen mechanisms against inputs the evaluator constructs itself. _build_integrity_matrix then writes one row per mechanism. Each row records the source evidence for that mechanism, the positive computed output, the attached negative cases with their computed outputs, the scope limit, and a current_action of keep, harden, or block.

Source evidence is resolved per mechanism by _source_evidence. A mechanism's named source reference is looked up in the manifest. If the body was copied exactly, the row carries the copy's digest status and anchor-match count. If the body could not be copied verbatim, the row instead names a declared source-faithful public refactor and records the original source digest. Two mechanisms are honest about not being plain copies. publication_manifest_selector_contract_verifier is a public refactor, because the source source carried a private home-path example that cannot ship. weighted_lane_width_apportionment_binding_repair is recorded as an under-bound repair deferred to the Set-9 RootNavigator body, so it is held as a block rather than presented as a fresh Set-10 import.

The negative cases are handled the same way. For each case, _compute_negative_case_probe runs the ported logic over the case's declared input and reads the result at a named path. For example, the mutation case feeds a diagnostic message and confirms prohibit_file_writes is true; the finance case feeds an unparseable horizon and confirms it is rejected; the public sharing case feeds a non-public paths against a hard-exclude rule and confirms it is caught. A row counts as proven only when the computed value matches the expectation. If any negative case lacks computed evidence, the summary raises fixture_verdict_echo_risk, and the run is blocked. The bundle also requires exactly thirteen copied source modules, so a thinned bundle fails rather than passes quietly.

Prior Art Grounding

The component is grounded in policy-as-code, admission-control, and supply-chain assurance patterns: compile rules into deterministic checks, reject unsupported actions before they mutate state, and preserve provenance for the decision. Relevant anchors include:

• Open Policy Agent, which decouples policy decisions from enforcement and evaluates structured input against machine-readable rules.
• Kubernetes validating admission policies, which can block, warn, or audit non-compliant API requests before admission.
• SLSA and OpenSSF Scorecard, which represent the broader software-supply-chain pattern of typed assurance levels, checks, and provenance.

Microcosm borrows the compiler/gate shape for governed mutation, public sharing path contracts, blocker triage, result record reuse, and claim-conflict accounting. The bundle remains fixture-bound evidence over copied or refactored source system; it is not live work log truth, source-file changes, publishing-scope decision, or investment-related actions.

Reader Evidence Routing

A cold reader should inspect the evidence in this order:

1. Open the JSON source record to confirm source authority, subject ids, dependency ids, principle and axiom refs, code locus, Mermaid status, Atlas status, and the absence of unresolved selective relations.
2. Run the focused component test to prove the public fixture still computes the integrity matrix and observes the required negative cases.
3. Run the exported bundle validator when copied source digests, declared public refactors, metadata-only result records, or source-evidence rows are the question.
4. Treat generated JSON, Mermaid, Atlas, and coverage as projection evidence only; if they drift, refresh them through the doctrine-lattice builder.
5. Use the result record floor to verify source relations, positive and negative computed outputs, scope limits, and metadata-only result record payloads.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the governance/compiler integrity-matrix result record and sign-off JSON. The bundle command validates copied or source-faithful source system, source evidence, positive and negative exercise rows, metadata-only result records, and scope limit fields. The focused test verifies the mechanism matrix, negative floor, bundle validation, and scope limit.

This result record path is reader-verifiable evidence only. It does not establish live work log truth, live work log truth, source-file changes, publishing-scope decision, launch-scope decision, external model access, neutral benchmark evidence, private-system equivalence, or investment-related actions.

Purpose

batch11_saturation_engines_capsule is a Microcosm component for the Set-11 saturation pass. It takes thirteen unrelated pieces of internal machinery, copies their source bodies into a public bundle, and re-runs each one against small synthetic fixtures so a reader can see the logic behave rather than take a claim on trust. The thirteen targets are deliberately mixed:

• run affinity session scoring
• calculator cluster insight derivation
• std_python delta ratchet gating
• exogenous navigation ladder grading
• portability gate supersession rollup
• shard browse context-priority sectioning
• holographic research evidence selection
• projection secret scanning
• stockgrid flow multisource merge and unit normalization
• source regime bucketing and z-score board construction
• frontend navigation wayfinding
• agent session diagnostic lenses
• demo-take story coverage auditing

The single question the bundle answers is narrow: for each of these mechanisms, does the imported source actually compute the guard it claims to, on inputs designed to fail? It is a saturation pass because the targets share nothing except that pattern. They are a route ranker, a few financial-data normalisers, a navigation grader, a secret scanner, a graph wayfinder, and so on, swept up together so a reviewer can audit a broad slice of the codebase from one place.

The part worth noticing is how a negative case is treated. A fixture file named ..._stale_terminal_rejected is only a label. The bundle never lets that label stand in for a result. It re-runs the real function on the fixture's own probe_input, computes whether the guard fired, and refuses to mark the case verified unless the mechanism's own exercise and the independent probe both agree. A fixture that asserts a failure it cannot demonstrate is flagged, not counted. That guard against self-congratulating fixtures is the reason the page exists.

How it works

The run loop is the same for every target. The bundle first imports the copied source bundle and checks each module against the recorded source digest, line count, and a handful of required provenance anchors, so a drifted or partial copy is caught before any logic runs. It then exercises all thirteen mechanisms in a fixed order, and any reordering, blocked exercise, or missing module fails the run.

Each mechanism's exercise feeds an integrity matrix row. A row pairs the mechanism's own computed output with an independently computed fixture probe and a binding disposition that records how the mechanism relates to the rest of the system: a new import, an already-bound gate the bundle is only re-checking, or an under-bound path it is extending. The two computed values must agree. The matrix marks a row's negative result verified only when the mechanism exercise and the fixture probe both come out true, and it sets fixture_verdict_echo_risk on any row where they do not. A non-zero echo-risk count is a finding that blocks the whole run.

Two short examples show what the probes actually compute. For run affinity, the probe builds a recommendation over candidate runs and confirms that a stale terminal run, even when made sticky and feed-rich, is not the one selected. For projection secret scanning, the probe runs the redaction patterns over a file carrying a synthetic key shape and a private ledger path and confirms both are blocked. The fixtures are synthetic and the key shapes are deliberate test strings, never live material.

The failure mode all of this guards against is the quiet pass: a fixture whose filename promises a rejection while the code underneath was never exercised, or was exercised and did not reject. By recomputing the guard from the fixture's own input and refusing to count a label it cannot reproduce, the bundle keeps the negative cases honest. The result records carry refs, digests, counts, and the computed verdicts; the copied bodies stay in the bundle's source_modules tree and are never inlined.

Shape

This module's shape is a reader map over source-backed artifacts, not a new authority layer. The source record in core/paper_module_capsules.json is the source of record for subjects, code loci, doctrine refs, dependency edges, and projection status; paper_modules/batch11_saturation_engines_capsule.json is the governed JSON parity seed; this Markdown only narrates the proof boundary.

flowchart TD bundle["core/paper_module_capsules.json paper_modules[76:paper_module.batch11_saturation_engines_capsule] source basis: source record"] instance["paper_modules/batch11_saturation_engines_capsule.json governed JSON instance markdown: legacy_import_projection_until_roundtrip_builder"] standard["standards/std_microcosm_batch11_saturation_engines_capsule.json active public runtime standard boundary: not live navigation/ledger/market/secret authority"] runtime["src/microcosm_core/components/batch11_saturation_engines_capsule.py run, validate-bundle, result_card, scope_limit"] fixture["fixtures/first_wave/batch11_saturation_engines_capsule/input public mechanism and negative-case probes"] bundle["examples/batch11_saturation_engines_capsule/exported_batch11_saturation_engines_capsule_bundle source_module_manifest.json: 12 copied/refactored public source modules"] tests["tests/test_batch11_saturation_engines_capsule.py scripts/build_doctrine_projection.py --check-paper-module-corpus scripts/build_doctrine_projection.py --check"] result records["result records/first_wave/batch11_saturation_engines_capsule/* result records/sign-off/first_wave/batch11_saturation_engines_capsule_fixture_acceptance.json status: pass; accepted: true; body_in_receipt: false"] atlas["atlas/doctrine_lattice_graph.mmd and doctrine_lattice_projection.json Mermaid: available_from_capsule_edges Atlas: linked_from_capsule_edges"] ceiling["Scope limit fixture-bound source-body import, source-faithful public ports, computed negative probes, metadata-only result records only"] bundle -->|seeds subjects, dependencies, code locus, projection status| instance bundle -->|governed by| standard instance -->|cites resolved runtime/source locus| runtime standard -->|requires fixture and result record contract| fixture standard -->|requires copied/source-faithful public bundle| bundle runtime -->|exercises| fixture runtime -->|validates exact-copy/source-faithful evidence| bundle runtime -->|writes metadata-only result and validation result records| result records tests -->|checks runtime, bundle, corpus, projection freshness| result records instance -->|generated projection edge status| atlas result records -->|bounded evidence, not launch-scope decision| ceiling atlas -->|projection, source-linked only| ceiling

The public/private and launch boundary stays narrow: the fixture inputs, source refs, digest rows, computed values, negative-probe labels, sign-off status, and metadata-only result records are evidence for the standalone microcosm-substrate bundle. They do not authorize live work log claims, navigation decisions, market or investment conclusions, complete secret detection, transcript or video authority, source-file changes, external model access, publishing-scope decision, launch-scope decision, private-system equivalence, generated-lattice source authority, or whole-system correctness.

Reader Evidence Routing

Read this module through the fixture, exported-bundle, focused-test, and generated-row surfaces. The fixture and bundle commands prove public source-body import discipline: exact copied-source digests, source-faithful public ports, computed negative-probe values, and metadata-only result cards. The structured source record proves that the paper module is bundle-backed and that Mermaid and Atlas availability come from bundle edges rather than prose.

The mixed Set-11 target list remains evidence routing, not an authority expansion. The reader should treat each target as a public fixture exercise inside the accepted saturation-engines component, not as live work log truth, complete secret detection, live market data, investment-related actions, raw transcript authority, video capture, publishing-scope decision, or launch-scope decision.

Prior Art Grounding

The component borrows from overload management, backpressure, and observability practice: systems need explicit signals for saturation, queue pressure, freshness, and recoverability instead of relying on a single success/failure bit. Relevant anchors include:

• Google's SRE guidance on identifying and recovering from overload, which treats overload as a measurable operational condition with mitigation strategies.
• The Reactive Streams backpressure specification, which standardizes asynchronous stream processing with non-blocking backpressure.
• Google's SRE chapter on monitoring distributed systems, especially the distinction between symptoms and causes.

Microcosm borrows the saturation-signal and pressure-accounting pattern across its mixed Set-11 targets: route affinity, delta gates, shard browse priorities, evidence selection, secret scanning, market boards, wayfinding, and diagnostic lenses. The bundle computes public fixture verdicts; it is not live work log truth, complete secret detection, live market data, or launch-scope decision.

Binding Dispositions

Set-11 contained a mixed target set. The bundle records the distinction explicitly:

• New or under-bound imports: run affinity, calculator insight, exogenous nav grading, shard browsing, holographic evidence selection, quant stockgrid, source regime board, frontend wayfinding, and session diagnostics.
• Already-bound validations: projection secret scan and portability gate are covered by the engine-room public projection leak gate family; demo-take coverage is already represented by the Set-7 demo-take component. Set-11 validates the relevant scoring or gate behavior rather than claiming a standalone authority surface.
• Partial existing system: the std_python ratchet path had existing assay coverage; the Set-11 bundle adds a bounded delta-regression witness.

Shared Wiring Status

The component-owned system can validate independently. Shared registry, atlas, sign-off, Components, ARCHITECTURE, preflight, and package wiring must be serialized behind the live shared Microcosm binding owner before this component is promoted to whole-surface discoverability.

Validation Result record Path

Negative-case fixture files are inputs, not verdicts. Each file carries a public probe_input; the component computes the corresponding fixture probe and records fixture_probe_input_digest, fixture_computed_value, and mechanism_computed_value in the integrity matrix before counting a negative case as verified.

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the Set-11 saturation-engine result record and sign-off JSON. The bundle command validates copied source-source digests, source-faithful public port evidence, computed negative-probe evidence, and metadata-only cards. The focused test covers the runtime component, exported bundle shape, exact-copy imports, private body omission, stable negative cases, and tier-B mechanism output coverage. The corpus and projection checks prove only that the generated paper-module instance remains fresh for this bundle-backed Markdown state.

This result record path is public fixture evidence only. It does not establish live work log truth, navigation authority, complete secret detection, live market data, investment-related actions, raw transcript authority, video capture, source-file changes, publishing-scope decision, launch-scope decision, external model access, or whole-system correctness.

tool_server_pressure_inventory is the public read-only import of the source helper-process pressure inventory pattern from tools/meta/control/orphan_reaper.py. It validates the classifier without exposing live host state: fixtures inject a synthetic ps-shaped process table, synthetic helper-kind policy rows, and a synthetic owner-status taxonomy.

The accepted component keeps the load-bearing mechanism:

• parse helper processes from ps-shaped rows
• classify helper kind and owner status
• distinguish detached orphan candidates from active-owner descendants
• emit launch requests for over-budget active owners
• keep all rows digest-only through command_hash

The exported bundle carries a source module manifest plus a source-faithful refactor body under source_modules/tools/meta/control/. That manifest records the source source ref, target digest, source digest, relation, material class, and required anchors. Result records carry refs, hashes, counts, and verdicts only; they do not inline the copied/refactored body.

The component rejects seven boundary failures:

• active-owner descendants marked as safe-close candidates
• unknown-owner processes marked as safe-close candidates
• detached processes younger than the minimum age marked safe-close
• process-signal results on the public surface
• live command bodies instead of digest-only rows
• absolute host paths
• active-owner launch requests that overclaim kill or termination

Purpose

Long-running agent sessions leave helper processes behind: MCP servers, dev servers, keepalives. Over time these accumulate and the host slows down. The obvious fix is a reaper that walks the process table and kills stale helpers, and the source tool this component is ported from does exactly that. But a reaper is dangerous. The hard case is telling a genuinely abandoned process apart from a helper that a live session is still using. Kill the wrong one and you break the work in flight.

This component answers a single question: given a process table, which helper processes are safe to close, and which must be left alone because a live owner still depends on them? It does so by reconstructing each process's owner chain. A helper whose parent is launchd (ppid == 1) has been detached from any session and is a candidate. A helper that still traces back through a live agent session is not. The decision is deliberately narrow: a process is a safe-close candidate only when it is detached, its kind is on an allowlist, and it has been idle past a minimum age. Everything else routes to "needs an owner check" or "keep".

What is unusual is the second half of the design. When an active owner is over its helper budget, the component does not propose a kill. It emits a launch *request*: a row that asks the owning session to launch or reuse its own lease. The inventory is explicitly not a kill list. The central invariant, enforced by an audit pass over the component's own output, is that an active-owner descendant can never become a safe-close candidate.

The public version keeps that classifier and that invariant but removes every actuator. There is no os.kill, no signal, no live ps call. Input is synthetic process text from a fixture, rows carry a command_hash rather than a command line, and a redaction guard rejects any fixture that smuggles an absolute path, a live command body, or a process-signal claim onto the public surface. The result is the safety reasoning of a reaper presented as a read-only validator, with the part that could actually harm a host left out.

Shape

flowchart LR Fixture["Synthetic pressure fixture process_table, pressure_policy, owner_classes"] Classifier["Classify helper kind, walk owner chain (up to 8 hops), hash command to command_hash"] Owner{"Owner status?"} Detached["Detached orphan ppid == 1"] Keep["Active owner or keep runtime"] SafeClose["candidate_safe_close only if allowlisted and age >= min"] Check["requires_owner_check or keep"] launch["Over-budget owner: launch REQUEST, never a kill"] Negative["Boundary failures unsafe safe-close, command leak, process signal, absolute path, launch overclaim"] Source["Source manifest public refactor digest + anchors"] Result records["metadata-only result records result, board, validation, fixture sign-off"] Fixture --> Classifier Classifier --> Owner Owner --> Detached Owner --> Keep Detached --> SafeClose Detached --> Check Keep --> Check Keep --> launch Classifier --> Negative SafeClose --> Result records Check --> Result records launch --> Result records Negative --> Result records Source --> Result records

Technical Mechanism

The runtime mechanism is an actuatorless port of the read-only pressure path in tools/meta/control/orphan_reaper.py. The component receives injected synthetic ps_text plus pressure_policy.json and owner_classes.json; it never shells out to ps, imports process-control modules, or sends signals. _parse_process_rows normalizes process rows, _process_kind maps command tokens to helper kinds, and _owner_status_for_process walks parent links up to eight hops to separate launchd_detached helpers from active owner chains and keep runtimes.

The decision law is deliberately narrow. _inventory_owner_and_decision emits candidate_safe_close only when a helper is detached (ppid == 1), its kind is allowlisted, and its age exceeds the configured threshold. Active-owner chains, unknown parents, young detached helpers, and keep runtimes route to requires_owner_check or keep. Over-budget active-owner groups are summarized by _active_owner_pressure_groups, but the emitted helper_owner_release_request_v1 can only ask the owner to launch the helper; it cannot claim that Microcosm killed, terminated, or safely closed a process.

The source-open body floor and the public result records enforce the same membrane. _source_module_manifest_result verifies the exported orphan_reaper_pressure_inventory_public_refactor body, its source_faithful_public_refactor relation, target digest, and required anchors. _redaction_findings rejects command previews, absolute host paths, and process-signal claims before result record writing. The result is a pressure classifier with executable evidence and a hard no-actuator boundary, not a live host cleanup tool.

Reader Evidence Routing

Read the positive fixture as pressure-inventory evidence, not host process control. The fixture supplies process_table.json, pressure_policy.json, and owner_classes.json; the component classifies helper kind, owner status, detached safe-close eligibility, active-owner descendants, keep runtimes, and over-budget active-owner groups. Active-owner pressure becomes a launch request row, not a kill, terminate, or signal action.

Read the negative cases as the scope limit. The required failures are active_owner_kill_candidate.json, unknown_owner_kill.json, premature_safe_close.json, process_signal_sent.json, command_preview_leak.json, absolute_path_leak.json, and owner_release_overclaim.json. They prove the public surface rejects unsafe safe-close candidates, live command bodies, absolute host paths, process-signal claims, and launch-overclaim language.

Read source-open evidence through the source module manifest. The exported bundle includes one copied public refactor body at examples/tool_server_pressure_inventory/exported_tool_server_pressure_inventory_bundle/source_modules/tools/meta/control/orphan_reaper_pressure_inventory.py. The manifest binds source and target digests, declares source_faithful_public_refactor, requires anchors such as build_tool_server_pressure_inventory, build_pressure_hygiene_relief_receipt, no_process_signal_sent, and request_owner_release, and keeps body_in_receipt and body_text_in_receipt false.

Named Proof Consumers

• Runtime fixture consumer: microcosm_core.organs.tool_server_pressure_inventory run consumes the synthetic pressure fixture and writes the result, board, validation result record, and sign-off result record.
• Source-body consumer: microcosm_core.organs.tool_server_pressure_inventory run-pressure-bundle consumes the exported source-module bundle and blocks on missing manifests, target-ref mismatch, digest mismatch, unsafe body classes, or redaction hits.
• Focused pytest consumer: tests/test_tool_server_pressure_inventory.py asserts every expected negative case, verifies that active-owner descendants are never safe-close candidates, checks owner-launch requests instead of kill actions, scans the component and public refactor AST for process-control imports or .kill(...), validates target-ref/digest parity, and checks compact card omission result records.
• Scope limit consumer: the standard standards/std_microcosm_tool_server_pressure_inventory.json and the scope limit in the component require process_signal_authority, live_process_table_read_authorized, host_mutation_authorized, release_authorized, provider_calls_authorized, and whole_system_correctness_claim to remain false.

Prior Art Grounding

This component draws on process-inventory, tool-server, and owner-reference patterns. psutil.process_iter() is a common API for iterating over process metadata without shelling out to ad hoc ps parsing. Kubernetes garbage collection uses owner references to distinguish objects that may be collected from objects still owned by live controllers. The Model Context Protocol's tool-server model gives the local "server exposes callable tools" shape. The Microcosm version keeps the result deliberately weaker: synthetic rows are classified for pressure and safe-close eligibility, but the component does not read live host state or send signals.

Prior-art anchors:

• psutil process iteration: https://psutil.readthedocs.io/en/latest/#psutil.process_iter
• Kubernetes owner-reference garbage collection: https://kubernetes.io/docs/concepts/architecture/garbage-collection/
• Model Context Protocol tool servers: https://modelcontextprotocol.io/docs/concepts/tools

Scope limit: this is projection and validation only. It does not read the live process table, signal processes, mutate host state, include launch operations, use external model services, export private account or browser state, or prove whole-system correctness.

Validation Result record Path

From microcosm-substrate, validate with result records under /tmp:

Passing result records prove synthetic inventory classification and source-manifest shape only; they do not read live host process state, send process signals, mutate host state, authorize cleanup, use external model services, or certify launch-scope decision. A diagram view and an atlas entry are generated for this module from the same source row.

batch8_compliance_pipeline_capsule copies two source subsystems into Microcosm as source bodies and then exercises them. The first is the compliance scanner registry and its bounded ledger builder. The second is the six-stage observe pipeline that turns a source note into a synthesis seed. The component runs six engines over the copied bodies and writes metadata-only result records.

Purpose

Most of the bundle components in this set are shape linters: they grep the copied source for expected tokens and pass when the tokens are present. This one goes further. Four of its six engines run the copied bodies on synthetic inputs, importing the pipeline and scanner helpers directly or driving the ledger builder as a subprocess, so the result record records observed behaviour rather than mere presence. The question it answers is narrow and testable: when these two subsystems are imported as copied bodies, do they still behave as their source contracts say, without touching the live ledger or dispatching any work?

The behaviour worth singling out is digest preservation. The pipeline compresses a long source note down to a short digest before deciding what to inspect next. If that compression silently drops an instruction, the agent downstream loses it. The component feeds the real digest_raw_seed an eighty-line block of low-signal text with one directive line buried inside, then checks the directive survives the compression. The matching negative case removes the directive marker from the copied source and confirms the directive is then lost. That pairing is what the page is really about: a compression step that is asserted to keep the one line that matters, with a test that fails when it does not.

The standing limit is just as deliberate. The bounded compliance check runs the ledger builder in --check --report mode, which reads and reports but never writes the ledger. The pipeline engines stop before any bridge or external model access. The bundle is evidence that the imported mechanics work on a sample, not a claim that the full compliance ledger is fresh or that every branch is covered.

Role

This module imports the source compliance scanner registry, the bounded compliance ledger builder, and the observe-loop pipeline stages into Microcosm as copied source bodies with a runnable component.

Imported system

• system/lib/compliance/__init__.py
• system/lib/compliance/compliance_coverage_adapter.py
• system/lib/compliance/standard_baseline_adapter.py
• system/lib/compliance/microcosm_adapter.py
• tools/meta/factory/build_compliance_ledger.py
• system/lib/pipeline/stage_extract.py
• system/lib/pipeline/stage_select.py
• system/lib/pipeline/stage_emit.py
• system/lib/pipeline/stage_compile.py
• system/lib/pipeline/stage_execute.py
• system/lib/pipeline/stage_process.py

What the engines check

The component runs six engines and passes only if all six pass and every required source body is present.

• compliance_registry_runtime_witness confirms the copied registry exposes the adapter table, the domain and baseline standard-id sets, and a scan_all entry point, that the coverage adapter carries its self-audit fields, and that the ledger builder carries its bounded-check command. When the live registry is importable it also reads the adapter, domain, and baseline counts as a shape witness, never as a freshness claim.
• compliance_coverage_bounded_check runs the ledger builder with --check --report for two named standards. The pass condition is strict: the check reports ok, wrote_ledger is false, there are no error findings, and a next-step ratchet command is present. The point is a check that reads and reports without writing. Stale ledger rows that were not selected stay outside the claim.
• baseline_companion_scanner_contract runs the baseline scanner on a sample standard and checks the returned row is honest about its own shallowness: it must be marked a baseline-inventory row with no domain-specific adapter, so a bare file-exists check can never read as a real compliance pass.
• pipeline_digest_and_shard_normalization exercises three pure helpers from the extract stage. It checks the buried directive survives digest compression, that an unknown shard status is normalised to pending while the original value is preserved as a variant, and that diverse-shard selection caps how many shards one group can contribute.
• pipeline_observe_compile_helpers runs the compile-stage helpers on a small fixture and checks they pull the right known-file mentions from free text, order follow-up files, and lift probe questions from a plan while skipping synthesis and summary roles.
• pipeline_dispatch_process_boundary_contract confirms the execute and process stages keep the dispatch boundary explicit. It checks the copied bodies carry the observe_dispatch_skipped and observe_dispatch_started markers and the result record-selection helper, so the page can state plainly that bridge dispatch stays disabled.

Each engine carries its own scope limit in the result record. The six negative cases each remove one load-bearing token from a copied body and confirm the matching engine then reports blocked, so a pass means the contract was actually exercised rather than skipped.

Shape

The authoritative source record is core/paper_module_capsules.json::paper_modules[60:paper_module.batch8_compliance_pipeline_capsule]. The generated JSON instance is paper_modules/batch8_compliance_pipeline_capsule.json, whose source_refs mark that source record as the source of record and this Markdown as legacy_markdown_projection_not_source_authority.

flowchart LR bundle["Copied source bundle 11 source bodies body_in_receipt: false"] subgraph Compliance["Compliance subsystem (3 engines)"] reg["Registry runtime witness adapter table, scan_all, coverage self-audit"] bounded["Bounded ledger check --check --report reports ok, wrote_ledger: false"] base["Baseline scanner contract row admits no domain adapter"] end subgraph Pipeline["Observe pipeline (3 engines)"] digest["Digest and shard helpers buried directive survives; status normalised, variant kept"] compile["Compile helpers file mentions, follow-ups, probe questions"] boundary["Dispatch and process boundary observe_dispatch_skipped"] end neg["6 negative cases remove one token per body; matching engine reports blocked"] result records["metadata-only result records result, board, validation"] ceiling["Scope limit no ledger refresh, no provider/bridge dispatch, no source note or source-file changes, no public sharing or launch"] bundle --> reg & bounded & base bundle --> digest & compile & boundary bundle --> neg reg & bounded & base --> result records digest & compile & boundary --> result records neg --> result records result records --> ceiling

The shape is a bounded compliance and observe-pipeline witness. The bundle names the component subject batch8_compliance_pipeline_capsule, the mechanism subject mechanism.batch8_compliance_pipeline_capsule.validates_public_compliance_pipeline_capsule, the resolved runtime/source locus src/microcosm_core/organs/batch8_compliance_pipeline_capsule.py, and the dependency/concept/law edges.

The local standard, when read as standards/std_microcosm_batch8_compliance_pipeline_capsule.json, keeps the same boundary: public engine ids, stable negative-case codes, source refs, digests, line counts, required anchors, bounded synthetic outcomes, scope limits, and scope boundaries are public-safe; keys, account secrets, browser state, account or browser state, model-output data bodies, browser UI live-access material, raw operator transcripts, private artifact bodies, live observe dispatch state, and source note bodies are forbidden public inputs. Its validator contract expects eleven copied source source modules and six negative cases, with the runtime command routed through microcosm_core.organs.batch8_compliance_pipeline_capsule.

The runtime locus writes and validates result records through run, run_batch8_compliance_pipeline_bundle, result_card, EXPECTED_NEGATIVE_CASES, and AUTHORITY_CEILING. The fixture path fixtures/first_wave/batch8_compliance_pipeline_capsule/input and the example bundle examples/batch8_compliance_pipeline_capsule/exported_batch8_compliance_pipeline_capsule_bundle carry the public exercise inputs, source-module manifest, and copied compliance/pipeline source bodies. The manifest currently records source_import_class: copied_non_secret_macro_body, module_count: 11, and body_in_receipt: false.

Validation evidence is the focused test tests/test_batch8_compliance_pipeline_capsule.py, the first-wave result record set under receipts/first_wave/batch8_compliance_pipeline_capsule/, the sign-off result record result records/sign-off/first_wave/batch8_compliance_pipeline_capsule_fixture_acceptance.json, the runtime-shell exported validation result record under receipts/runtime_shell/demo_project/organs/batch8_compliance_pipeline_capsule/, and the verifier cycle result record state/microcosm_verifier/receipts/20260604T0346Z_batch8_compliance_pipeline_capsule_cycle.json. Those result records can show pass status, exact-copy digest/anchor checks, stable negative cases, no-write behavior, secret/body exclusion scans, and body_in_receipt: false; they do not become full compliance-ledger freshness, pipeline dispatch, external model access, source-file changes, public sharing, launch, or whole-system correctness authority.

Reader Evidence Routing

• Bundle route: read core/paper_module_capsules.json::paper_modules[60] before treating this Markdown as explanation.
• Generated route: inspect paper_modules/batch8_compliance_pipeline_capsule.json for the current generated instance (relationship graph, diagram availability, and lattice position).
• Bundle route: inspect examples/batch8_compliance_pipeline_capsule/exported_batch8_compliance_pipeline_capsule_bundle for copied compliance and pipeline source refs.
• Runtime route: run tests/test_batch8_compliance_pipeline_capsule.py and the commands in ## Validation Result record Path for recomputation evidence.

Prior Art Grounding

This bundle borrows from control-assessment, policy-as-code, provenance, and observability practice. Useful anchors include:

• NIST SP 800-53 Rev. 5, as a control-catalog pattern for naming, assessing, and reporting control posture.
• Open Policy Agent, as a general-purpose policy engine pattern for evaluating structured inputs without embedding every rule in the caller.
• SLSA provenance, for treating artifact origin and process metadata as explicit attestations.
• OpenTelemetry, for instrumentation patterns around pipeline stages, traces, metrics, and logs.

Microcosm borrows the scanner, policy, provenance, and pipeline-stage shape, but the component only validates bounded no-write behavior and pure helper mechanics. It stays with bounded registry/helper checks; broader compliance refresh, provider work, source-record changes, and complete branch certification are outside this fixture.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the bounded compliance/pipeline exercise result record and sign-off JSON. The bundle command validates copied compliance and pipeline source modules, manifest digests, observed negative cases, result record body scans, and public/private boundary checks. The focused test confirms the no-write runtime boundary, bundle validation, omission posture, and scope limit.

This result record path is reader-verifiable evidence only. It does not refresh the full compliance ledger, dispatch bridge or provider work, change source records, certify every compliance branch, authorize public sharing, or approve launch.

Purpose

batch10_live_source_drift_capsule answers one narrow question: can Microcosm prove that selected internal control source copies match the current source source bytes, still compile without import execution, and still carry the scope limit that prevents copied code from becoming route or mutation authority?

The component imports exact current Python source bodies for four source internal control files:

• system/lib/standard_option_surface.py
• system/lib/mission_transaction_landing_preflight.py
• tools/meta/control/work_landing.py
• tools/meta/factory/work_ledger.py

The bundle exists because the source source moved ahead of older public source-module records. The interesting part is that it keeps the old, wrong digest visible on purpose. Each digest row carries three fingerprints that must agree before a copy passes: the copied public body, the manifest target it claims to match, and the current source source. In the same row it keeps the stale recorded digest and asserts it differs from the current one, so the proof of freshness and the evidence of the earlier drift sit side by side.

That makes the component a drift sentinel rather than a one-off check. It is built to go red when the public copies fall behind the source source again, and a red result is the signal to refresh the copies through the exact-copy source lane, not a defect in the page. Two cheap checks back the freshness claim without running anything dangerous: the copied Python is compiled but never imported, so a malformed body is caught without executing source code, and a small set of named anchors is matched in each body so a copy that compiles but has quietly lost a command or contract surface is still flagged.

Shape

flowchart TD A["Probe manifest stale + current digests"] --> C B["Copied internal control bodies and source manifest"] --> C C["Digest refresh matrix copied = target = current, stale differs from current"] --> F B --> D["Compile gate py_compile, no import"] B --> E["Anchor matrix named command and contract surfaces present"] D --> F E --> F F["Scope limit gate import is not route or mutation authority"] --> G["metadata-only result record and card"] C -. mismatch .-> H["Blocked: refresh copies via exact-copy source lane"]

Prior Art Grounding

The component borrows from reproducible-build and supply-chain provenance practice: declared source inputs are fingerprinted, generated or copied artifacts are checked against those fingerprints, and result records avoid shipping unnecessary private state. Useful anchors include:

• Bazel hermeticity, especially the emphasis on source identity, declared inputs, and repeatable outputs.
• SLSA provenance, which records how software artifacts relate to build inputs and supply-chain guarantees.

Microcosm applies that pattern to live source-copy drift: stale digest rows remain visible as regression fixtures, current public copies must match source digests byte-for-byte, and result records carry digest/anchor/negative-case evidence instead of private source bodies or runtime state.

Reader Evidence Routing

The copied bodies are real system, not result record-only metadata. The evidence route is still metadata-only at result record time: result records keep digest rows, required anchors, negative-case outcomes, compile status, and scope limit evidence.

The engine ids are:

• live_source_drift_digest_refresh_matrix: compares stale recorded digests, current source digests, copied target digests, and target digest status.
• copied_python_source_compile_gate: compiles each copied Python target without importing or executing it.
• control_surface_anchor_matrix: checks that each copied body still exposes expected command, route, landing, claim, or read-result record anchors.
• claim_ceiling_gate: verifies the copied-body import excludes live route decisions, work log mutation, work log mutation, mission execution, git staging, source-file changes, launch, public sharing, external model access, or non-public runtime export.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

This component is also a drift sentinel. The fixture command writes digest-refresh, compile-gate, anchor-matrix, and scope limit result records, and it is allowed to exit blocked when copied public source no longer matches current source source. That blocked result is evidence for the exact-copy/source-refresh owner lane, not a paper-module corpus defect. Re-entry after a blocked result is to refresh the copied public source bodies and manifest digests through the source-open exact-copy lane, then rerun the fixture, bundle, and focused test.

The bundle command validates current copied source digests, source manifests, compile-without-import checks, stale-digest negative cases, metadata-only cards, and scope limit fields when the exact-copy refresh is current. The focused pytest command is therefore a green-gate after refresh: if the sentinel is blocked, that test file is expected to fail on pass-status or exact-body equality and should be reported with the same exact-copy refresh residual. When current, the focused test covers stale digest replay, compile bypass, private runtime state export, and live mutation-authority claims.

This result record path is reader-verifiable evidence only. It does not provide route authority, Work or work log mutation authority, mission execution, git approval, source-file changes, launch, public sharing, external model access, or non-public runtime export.

Purpose

Public copy drifts towards over-claiming. A page that started as "fixture-proven, not yet published" gets edited over months until someone writes launch, licensing, or maturity language without noticing that nothing changed underneath. This component answers one question: does a piece of public copy claim more than the result records behind it can support, and would the launch gate catch it if it did?

The mechanism it wraps is a deterministic regex scan, not a language model. The copied gate body reads a public sharing manifest, walks every claim-bearing file it lists, and matches each line against fixed families of risky launch, licensing, maturity, and private launch-control wording. What makes the scan more than a grep is the classification step. The same family of wording is read three ways depending on context: a bare affirmative launch or maturity claim becomes an active_claim_blocker; the same wording inside a forbidden-example block or near a negation marker becomes boundary_or_negative_context and is allowed; and a phrase that has neither an affirmative verb nor a clear negation marker is parked in a needs_review queue rather than waved through.

That last branch is the interesting design choice. The gate fails closed. An ambiguous claim does not pass quietly; it lands in a no-go review state, and main --assert-clear exits non-zero whenever any active blocker or unresolved review item remains. The scan never rewrites a file, never authorises launch, and treats marketing copy as just another claim surface with an evidence ledger rather than a looser register of speech.

This paper module is the public, fixture-bound check that the wrapped gate behaves as described over the shipped fixtures. The component runs the copied gate over a safe fixture and an active fixture, then checks that boundary-context language clears, that bare launch language blocks, and that the assert-clear exit code is 2 when blockers remain. It is a check on the checker, held behind digest, result record, and scope limit boundaries.

Mechanisms

• _classify_hit
• build_gate
• main --assert-clear

Shape

• Runtime locus: src/microcosm_core/organs/batch12_release_claim_language_gate.py, especially _blocked_exercise, _write_gate_fixture, _run_main_assert_clear, _evaluate, run, run_batch12_release_claim_language_gate_bundle, result_card, EXPECTED_NEGATIVE_CASES, and AUTHORITY_CEILING.
• Source source import: tools/meta/dissemination/release_claim_language_gate.py, copied into the exported bundle as one source body with digest equality and anchors RISKY_PHRASES, NEGATIVE_CONTEXT_MARKERS, def _classify_hit, and def build_gate.
• Positive fixture shape: one safe boundary-context claim surface passes because limiting language keeps does_not_authorize_release: true.
• Active fixture shape: two active claim blockers are reported for bare unsupported launch-language surfaces, while boundary/negative context remains counted separately.
• Negative floor: affirmative_open_source_production_ready_blocks and assert_clear_returns_exit_2, with stable error codes BATCH12_RELEASE_CLAIM_ACTIVE_BLOCKER and BATCH12_RELEASE_CLAIM_ASSERT_CLEAR_EXIT_2.
• Public result record posture: real-system bundle, source manifest pass, secret-exclusion scan pass, result record body scan pass, and a false body_in_receipt flag.

flowchart TD Fixture["release_gate_fixture.json safe and active public copy surfaces"] Manifest["source_module_manifest.json exact copied source gate body"] Loader["load source module digest equality and required anchors"] SafeRoot["safe fixture root _write_gate_fixture(active=false)"] ActiveRoot["active fixture root _write_gate_fixture(active=true)"] Scan["build_gate scan manifest files for RISKY_PHRASES"] Classify{"_classify_hit read each phrase in context"} Boundary["boundary_or_negative_context negation marker or forbidden example => allowed"] Active["active_claim_blocker affirmative line, no downgrade => status active_claim_blocked"] Review["needs_review no clear marker either way => fail-closed no-go queue"] Assert["main --assert-clear exit 2 when not public_copy_clean"] Negatives["computed negative cases affirmative claim blocks assert-clear exits 2 private internal control leak blocks"] Result records["metadata-only result records result, board, validation, sign-off"] Ceiling["scope limit no launch, public sharing, NLP truth, secret completeness, or whole-system claim"] Fixture --> SafeRoot Fixture --> ActiveRoot Manifest --> Loader Loader --> Scan SafeRoot --> Scan ActiveRoot --> Scan Scan --> Classify Classify -->|allowed| Boundary Classify -->|blocked| Active Classify -->|ambiguous| Review Active --> Assert Review --> Assert Boundary --> Negatives Active --> Negatives Assert --> Negatives Negatives --> Result records Result records --> Ceiling

This component is the public copy gate for result record-backed evidence accounting. It does not ask whether a phrase sounds impressive; it asks whether the phrase is within the evidence class and scope limit that result records can support.

Evidence strength is typed ordinal data, not vibes: ranks, real-system flags, and fail-closed defaults constrain how far public language may climb. Independent validators reconcile each component's declared class against result record-backed facts so over-claiming is blocked and stale under-claiming can be surfaced for review. Result record scanners may downgrade when bodies or account secret-equivalent payloads leak; they cannot upgrade merely because a narrative is strong.

The boundary-context classifier is allowed to pass negated or limiting language such as "not a hosted product" while blocking bare maturity claims when no launch-scope decision exists. Marketing copy is therefore treated as another claim surface with an accounting ledger, not as a looser mode of speech.

Reader Evidence Routing

• Start with paper_modules/batch12_release_claim_language_gate.json for source authority, then read this Markdown as the projection.
• Open standards/std_microcosm_batch12_release_claim_language_gate.json for the required witnesses, negative floor, denied authority, result record contract, validator command, and runtime bundle command.
• Open core/fixture_manifests/batch12_release_claim_language_gate.fixture_manifest.json for source-open body import count, source manifest refs, and durable result record refs.
• Open examples/batch12_release_claim_language_gate/exported_batch12_release_claim_language_gate_bundle/source_module_manifest.json before inspecting copied source modules; result records carry refs, hashes, counts, verdicts, and omissions rather than copied body text.
• Open tests/test_batch12_release_claim_language_gate.py for assertions on pass result records, digest mismatch rejection, fixture path safety, duplicate-key rejection, duplicate fixture names, exact source body import, and card body omission.
• Run fixture and bundle routes from microcosm-substrate/. The CLI supports --card, but it does not expose a --json flag.
• Use scripts/build_doctrine_projection.py --check-paper-module-corpus to verify this Markdown projection still satisfies the shared paper-module coverage contract.

Prior Art Grounding

The component borrows a narrow pattern from advertising-substantiation and regulated-communication practice: public claims should stay within evidence actually held, and stronger language requires stronger support. This is prior art for the proof-consumer shape only. The module does not implement legal compliance, include launch operations, or decide whether public copy is fit to publish.

External source result record, checked 2026-06-05:

Microcosm adapts the substantiation pattern to launch and evidence language. Result record-backed classes, ordinal evidence strength, real-system flags, boundary-context exceptions, and fail-closed defaults constrain what public copy may say. The gate blocks unsupported elevation without turning itself into public launch permission, market-level conclusions, investment-related actions, legal review, or whole-system correctness.

Validation Result record Path

Reader-verifiable commands, run from the microcosm-substrate/ public root:

The fixture command writes the claim-language gate result record and sign-off JSON. The bundle command validates copied source system, source manifest digests, active-blocker and boundary-context classification, negative cases, metadata-only result records, and scope limit fields. The focused test checks pass result records, digest mismatch rejection, fixture path safety, duplicate-key and duplicate-fixture rejection, exact source body import, and card body omission.

This result record path is reader-verifiable evidence only. It excludes launch, public sharing, external model access, semantic NLP truth, complete secret detection, private-system equivalence, portability proof, market-level conclusions, investment-related actions, source-file changes, or whole-system correctness.