docs(OGAR): APP‖class codebook layout + per-app migration plan (plan only)#95
Merged
Merged
Conversation
Claim the high u16 of classid as the APP / codebook-namespace + render prefix; the low u16 stays the shared canonical concept. The two halves carry orthogonal facts: lo u16 = WHAT it is — RBAC grant + ontology + cross-app identity (shared) hi u16 = WHOSE render — app ClassView / Askama template / SoA layout (per-app) Additive (every shipped id is 0x0000_DDCC); zero ENVELOPE_LAYOUT_VERSION cost (classid keeps its fixed key offset); RESERVE-DON'T-RECLAIM holds. Resolves "codebook per project avoids radix-trie codebook limits" — each app prefix roots its own centroid-codebook hierarchy + template set. The goal it serves: strings / text / media / online sources rendered via key-value resolution against typed content stores, so NO serialization exists in the hot path (the Firewall, ADR-022/023). A rendered object is a tree of keys. The same discipline extends to RAG: retrieval moves keys; content materializes into the LLM only at the membrane, exactly once. Two membranes (UI render + LLM prompt), one rule — hot path stays blob-free. Docs: - APP-CLASS-CODEBOOK-LAYOUT.md — the layout, Medcare worked example (patient = 0x0005_0901), §3.5 render / §3.6 content-KV / §3.7 RAG / §3.8 C64-6502 intuition. - APP-CODEBOOK-MIGRATION-PLAN.md — Odoo / WoA / SMB / q2(Gotham/aiwar/ neo4j), wave-ordered; q2 authors its port first. - DISCOVERY-MAP.md — D-APPCLASS + D-KV-RENDER ledger entries ([H]). - CLASSID-RBAC-KEYSTONE-SPEC.md §7 — dated correction: auth is core domain 0x0B (auth_store 0x0000_0B01), not project-block 0x011B. - CONSUMER-MIGRATION-HOWTO.md — generic pull-classid-enrich-authorize. Nothing minted yet — gated on the 5+3 codebook pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
…plan Adds the flagship wave to APP-CODEBOOK-MIGRATION-PLAN.md and splits the prefix allocation so OpenProject (0x0001) and Redmine (0x0007) are distinct render namespaces over the SAME canonical project-mgmt concepts. OpenProject/Redmine are the cleanest demonstration of the hi/lo split: WorkPackage (OpenProject) → 0x0001_0102 Issue (Redmine) → 0x0007_0102 same lo u16 0x0102 project_work_item ⇒ same RBAC + ontology different hi u16 ⇒ different ClassView / Askama template Both authorize on the shared project_role 0x0117 grant lattice (already the keystone's worked example, CLASSID-RBAC-KEYSTONE-SPEC.md §4); each renders via its own template; zero concept duplication. Plan only — ports already exist (OpenProjectPort, RedminePort); nothing minted. Wave order is now W0 project · W1 WoA · W2 SMB · W3 Odoo · W4 q2. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
AdaWorldAPI
pushed a commit
to AdaWorldAPI/lance-graph
that referenced
this pull request
Jun 22, 2026
…igration Adds `#[deprecated(note = "...")]` to every consumer-facing tenant bridge, pointing each at its OGAR PortSpec replacement. Symbols still compile; nothing removed. Companion to AdaWorldAPI/OGAR#95 (APP‖class codebook layout + per-app migration plan). Deprecated: - lance-graph-ogar::bridges — 6 per-port aliases: OpenProjectBridge, RedmineBridge, MedcareBridge, WoaBridge, SmbBridge, OdooBridge → pull via the corresponding `ogar_vocab::ports::*Port::class_id(name)` - lance-graph-ontology::bridges — 4 legacy structs: OgitBridge, WoaBridge, SpearBridge, SharePointBridge → pull via the relevant PortSpec (Spear/SharePoint require authoring a port first) NOT deprecated: the `UnifiedBridge<P>` harness (impl mechanism), the `*Port` types (the replacement), the OPENPROJECT_CODEBOOK / REDMINE_CODEBOOK constants (already deprecated in PR #570). Existing call sites (tests + the consumer-conformance harness) carry `#[allow(deprecated)]` so the build stays clean. cargo check green on both crates; pre-existing dead-code warnings on the `NAMESPACE` constants are unrelated. Scope this PR does NOT cover (explicitly flagged in docs/CONSUMER-BRIDGE-DEPRECATION.md, surfaced by parallel sessions): - lance-graph-rbac has no `authorize(actor, classid, op)` keystone yet. The keystone is `[H]` and gated on PROBE-OGAR-RBAC-AUTHORIZE (OGAR spec). It lands as its own PR after the probe runs green. Until then, consumers migrate the classid pull only and keep existing auth — do NOT reintroduce a bridge as an auth stopgap. - `Membership` / `Op` types not yet defined. Consumer status snapshot (`git grep` 2026-06-22): MedCare-rs: 33 files · woa-rs: 6 · smb-office-rs: 4 · odoo-rs: 0 ✓ · openproject-nexgen-rs: 0 ✓ Terminal `bridges/` deletion PR opens only after the three remaining consumers ship their migrations. No removal window announced. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
AdaWorldAPI
pushed a commit
to AdaWorldAPI/lance-graph
that referenced
this pull request
Jun 22, 2026
…igration Adds `#[deprecated(note = "...")]` to every consumer-facing tenant bridge, pointing each at its OGAR PortSpec replacement. Symbols still compile; nothing removed. Companion to AdaWorldAPI/OGAR#95 (APP‖class codebook layout + per-app migration plan). Deprecated: - lance-graph-ogar::bridges — 6 per-port aliases: OpenProjectBridge, RedmineBridge, MedcareBridge, WoaBridge, SmbBridge, OdooBridge → pull via the corresponding `ogar_vocab::ports::*Port::class_id(name)` - lance-graph-ontology::bridges — 4 legacy structs: OgitBridge, WoaBridge, SpearBridge, SharePointBridge → pull via the relevant PortSpec (Spear/SharePoint require authoring a port first) NOT deprecated: the `UnifiedBridge<P>` harness (impl mechanism), the `*Port` types (the replacement), the OPENPROJECT_CODEBOOK / REDMINE_CODEBOOK constants (already deprecated in PR #570). Existing call sites (tests + the consumer-conformance harness) carry `#[allow(deprecated)]` so the build stays clean. cargo check green on both crates; pre-existing dead-code warnings on the `NAMESPACE` constants are unrelated. Scope this PR does NOT cover (explicitly flagged in docs/CONSUMER-BRIDGE-DEPRECATION.md, surfaced by parallel sessions): - lance-graph-rbac has no `authorize(actor, classid, op)` keystone yet. The keystone is `[H]` and gated on PROBE-OGAR-RBAC-AUTHORIZE (OGAR spec). It lands as its own PR after the probe runs green. Until then, consumers migrate the classid pull only and keep existing auth — do NOT reintroduce a bridge as an auth stopgap. - `Membership` / `Op` types not yet defined. Consumer status snapshot (`git grep` 2026-06-22): MedCare-rs: 33 files · woa-rs: 6 · smb-office-rs: 4 · odoo-rs: 0 ✓ · openproject-nexgen-rs: 0 ✓ Terminal `bridges/` deletion PR opens only after the three remaining consumers ship their migrations. No removal window announced. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
AdaWorldAPI
pushed a commit
to AdaWorldAPI/lance-graph
that referenced
this pull request
Jun 22, 2026
…igration Adds `#[deprecated(note = "...")]` to every consumer-facing tenant bridge, pointing each at its OGAR PortSpec replacement. Symbols still compile; nothing removed. Companion to AdaWorldAPI/OGAR#95 (APP‖class codebook layout + per-app migration plan). Deprecated: - lance-graph-ogar::bridges — 6 per-port aliases: OpenProjectBridge, RedmineBridge, MedcareBridge, WoaBridge, SmbBridge, OdooBridge → pull via the corresponding `ogar_vocab::ports::*Port::class_id(name)` - lance-graph-ontology::bridges — 4 legacy structs: OgitBridge, WoaBridge, SpearBridge, SharePointBridge → pull via the relevant PortSpec (Spear/SharePoint require authoring a port first) NOT deprecated: the `UnifiedBridge<P>` harness (impl mechanism), the `*Port` types (the replacement), the OPENPROJECT_CODEBOOK / REDMINE_CODEBOOK constants (already deprecated in PR #570). Existing call sites (tests + the consumer-conformance harness) carry `#[allow(deprecated)]` so the build stays clean. cargo check green on both crates; pre-existing dead-code warnings on the `NAMESPACE` constants are unrelated. Scope this PR does NOT cover (explicitly flagged in docs/CONSUMER-BRIDGE-DEPRECATION.md, surfaced by parallel sessions): - lance-graph-rbac has no `authorize(actor, classid, op)` keystone yet. The keystone is `[H]` and gated on PROBE-OGAR-RBAC-AUTHORIZE (OGAR spec). It lands as its own PR after the probe runs green. Until then, consumers migrate the classid pull only and keep existing auth — do NOT reintroduce a bridge as an auth stopgap. - `Membership` / `Op` types not yet defined. Consumer status snapshot (`git grep` 2026-06-22): MedCare-rs: 33 files · woa-rs: 6 · smb-office-rs: 4 · odoo-rs: 0 ✓ · openproject-nexgen-rs: 0 ✓ Terminal `bridges/` deletion PR opens only after the three remaining consumers ship their migrations. No removal window announced. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Claims the high u16 of the 32-bit
classidas the APP / codebook-namespace + render prefix, leaving the low u16 as the shared canonical concept. Documentation only — nothing minted, spine byte-for-byte unchanged. Gated on the 5+3 codebook pass.The two halves carry orthogonal facts:
0xDDCC0xAAAAClassView/ Askama template / SoA layoutThis resolves the operator's observation that classid is 8 hex but only the low 4 were ever used (the high u16 was reserved-zero, not SoA versioning — that's
ENVELOPE_LAYOUT_VERSION: u8 = 2, a separate byte). Additive: every shipped id is0x0000_DDCC, so zeroENVELOPE_LAYOUT_VERSIONcost and RESERVE-DON'T-RECLAIM holds. It also answers "codebook per project avoids radix-trie codebook limits" — each app prefix roots its own centroid-codebook hierarchy + template set.The goal it serves
Strings / text / media / online sources rendered by key-value resolution against typed content stores, so no serialization exists in the hot path (the Firewall, ADR-022/023). A rendered object is a tree of keys. The same discipline extends to RAG: retrieval moves keys; content materializes into the LLM only at the membrane, exactly once. Two membranes (UI render + LLM prompt), one rule — the hot path stays blob-free end to end. (The model is, deliberately, C64/6502 addressing — character ROM = string codebook, sprite pointers = media keys, PEEK/POKE not serde.)
Files
APP-CLASS-CODEBOOK-LAYOUT.md— the layout; Medcare worked example (patient = 0x0005_0901); §3.5 render / §3.6 content-KV / §3.7 RAG membrane / §3.8 C64-6502 intuition; invariants I-APP1..6.APP-CODEBOOK-MIGRATION-PLAN.md— wave-ordered: W0 OpenProject (0x0001) + Redmine (0x0007) flagship · W1 WoA · W2 SMB · W3 Odoo (delete theod-ontologyfork) · W4 q2 (author port first).CLASSID-RBAC-KEYSTONE-SPEC.md— prior-session keystone spec; §7 dated correction (auth is core domain0x0B, not project-block0x011B).CONSUMER-MIGRATION-HOWTO.md— prior-session generic guide (pull classid → enrich → authorize, no bridge).DISCOVERY-MAP.md—D-APPCLASS+D-KV-RENDERledger entries ([H]).The flagship (W0) — two renders, one concept
Both authorize on the shared
project_role 0x0117grant lattice (already the keystone's worked example, harvested from the Rails/Redmine model); each renders via its own ClassView.Status
[H]— every register/id maps to a shipped type, but minting is gated on the 5+3 codebook pass; aPROBE-KV-RENDER-NOSERDE(hot-path no-serde across one render + one RAG path) would promote the render claim[H]→[G]. No code, no classid minted, no spine edit.🤖 Generated with Claude Code
https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
Generated by Claude Code