Skip to content

docs(OGAR): APP‖class codebook layout + per-app migration plan (plan only)#95

Merged
AdaWorldAPI merged 2 commits into
mainfrom
claude/medcare-bridge-lance-graph-wmx76z
Jun 22, 2026
Merged

docs(OGAR): APP‖class codebook layout + per-app migration plan (plan only)#95
AdaWorldAPI merged 2 commits into
mainfrom
claude/medcare-bridge-lance-graph-wmx76z

Conversation

@AdaWorldAPI

Copy link
Copy Markdown
Owner

What

Claims the high u16 of the 32-bit classid as the APP / codebook-namespace + render prefix, leaving the low u16 as the shared canonical concept. Documentation only — nothing minted, spine byte-for-byte unchanged. Gated on the 5+3 codebook pass.

classid : u32  =  [ hi u16 : APP / render ]  [ lo u16 : concept ]
                    0xAAAA                       0xDDCC

The two halves carry orthogonal facts:

half answers keyed by shared?
lo u16 0xDDCC WHAT it is RBAC grant + ontology + cross-app identity shared across apps
hi u16 0xAAAA WHOSE rendering app ClassView / Askama template / SoA layout per-app

This resolves the operator's observation that classid is 8 hex but only the low 4 were ever used (the high u16 was reserved-zero, not SoA versioning — that's ENVELOPE_LAYOUT_VERSION: u8 = 2, a separate byte). Additive: every shipped id is 0x0000_DDCC, so zero ENVELOPE_LAYOUT_VERSION cost and RESERVE-DON'T-RECLAIM holds. It also answers "codebook per project avoids radix-trie codebook limits" — each app prefix roots its own centroid-codebook hierarchy + template set.

The goal it serves

Strings / text / media / online sources rendered by key-value resolution against typed content stores, so no serialization exists in the hot path (the Firewall, ADR-022/023). A rendered object is a tree of keys. The same discipline extends to RAG: retrieval moves keys; content materializes into the LLM only at the membrane, exactly once. Two membranes (UI render + LLM prompt), one rule — the hot path stays blob-free end to end. (The model is, deliberately, C64/6502 addressing — character ROM = string codebook, sprite pointers = media keys, PEEK/POKE not serde.)

Files

  • APP-CLASS-CODEBOOK-LAYOUT.md — the layout; Medcare worked example (patient = 0x0005_0901); §3.5 render / §3.6 content-KV / §3.7 RAG membrane / §3.8 C64-6502 intuition; invariants I-APP1..6.
  • APP-CODEBOOK-MIGRATION-PLAN.md — wave-ordered: W0 OpenProject (0x0001) + Redmine (0x0007) flagship · W1 WoA · W2 SMB · W3 Odoo (delete the od-ontology fork) · W4 q2 (author port first).
  • CLASSID-RBAC-KEYSTONE-SPEC.md — prior-session keystone spec; §7 dated correction (auth is core domain 0x0B, not project-block 0x011B).
  • CONSUMER-MIGRATION-HOWTO.md — prior-session generic guide (pull classid → enrich → authorize, no bridge).
  • DISCOVERY-MAP.mdD-APPCLASS + D-KV-RENDER ledger entries ([H]).

The flagship (W0) — two renders, one concept

WorkPackage (OpenProject) → 0x0001_0102 ┐ lo 0x0102 project_work_item ⇒ ONE RBAC + ontology
Issue       (Redmine)     → 0x0007_0102 ┘ hi 0x0001/0x0007 ⇒ TWO templates, zero concept dup

Both authorize on the shared project_role 0x0117 grant lattice (already the keystone's worked example, harvested from the Rails/Redmine model); each renders via its own ClassView.

Status

[H] — every register/id maps to a shipped type, but minting is gated on the 5+3 codebook pass; a PROBE-KV-RENDER-NOSERDE (hot-path no-serde across one render + one RAG path) would promote the render claim [H]→[G]. No code, no classid minted, no spine edit.

🤖 Generated with Claude Code

https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP


Generated by Claude Code

claude added 2 commits June 22, 2026 16:39
Claim the high u16 of classid as the APP / codebook-namespace + render
prefix; the low u16 stays the shared canonical concept. The two halves
carry orthogonal facts:
  lo u16 = WHAT it is  — RBAC grant + ontology + cross-app identity (shared)
  hi u16 = WHOSE render — app ClassView / Askama template / SoA layout (per-app)

Additive (every shipped id is 0x0000_DDCC); zero ENVELOPE_LAYOUT_VERSION
cost (classid keeps its fixed key offset); RESERVE-DON'T-RECLAIM holds.
Resolves "codebook per project avoids radix-trie codebook limits" — each
app prefix roots its own centroid-codebook hierarchy + template set.

The goal it serves: strings / text / media / online sources rendered via
key-value resolution against typed content stores, so NO serialization
exists in the hot path (the Firewall, ADR-022/023). A rendered object is
a tree of keys. The same discipline extends to RAG: retrieval moves keys;
content materializes into the LLM only at the membrane, exactly once. Two
membranes (UI render + LLM prompt), one rule — hot path stays blob-free.

Docs:
- APP-CLASS-CODEBOOK-LAYOUT.md — the layout, Medcare worked example
  (patient = 0x0005_0901), §3.5 render / §3.6 content-KV / §3.7 RAG /
  §3.8 C64-6502 intuition.
- APP-CODEBOOK-MIGRATION-PLAN.md — Odoo / WoA / SMB / q2(Gotham/aiwar/
  neo4j), wave-ordered; q2 authors its port first.
- DISCOVERY-MAP.md — D-APPCLASS + D-KV-RENDER ledger entries ([H]).
- CLASSID-RBAC-KEYSTONE-SPEC.md §7 — dated correction: auth is core
  domain 0x0B (auth_store 0x0000_0B01), not project-block 0x011B.
- CONSUMER-MIGRATION-HOWTO.md — generic pull-classid-enrich-authorize.

Nothing minted yet — gated on the 5+3 codebook pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
…plan

Adds the flagship wave to APP-CODEBOOK-MIGRATION-PLAN.md and splits the
prefix allocation so OpenProject (0x0001) and Redmine (0x0007) are
distinct render namespaces over the SAME canonical project-mgmt concepts.

OpenProject/Redmine are the cleanest demonstration of the hi/lo split:
  WorkPackage (OpenProject) → 0x0001_0102
  Issue       (Redmine)     → 0x0007_0102
  same lo u16 0x0102 project_work_item ⇒ same RBAC + ontology
  different hi u16          ⇒ different ClassView / Askama template

Both authorize on the shared project_role 0x0117 grant lattice (already
the keystone's worked example, CLASSID-RBAC-KEYSTONE-SPEC.md §4); each
renders via its own template; zero concept duplication.

Plan only — ports already exist (OpenProjectPort, RedminePort); nothing
minted. Wave order is now W0 project · W1 WoA · W2 SMB · W3 Odoo · W4 q2.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@AdaWorldAPI AdaWorldAPI merged commit 75266e3 into main Jun 22, 2026
1 check passed
AdaWorldAPI pushed a commit to AdaWorldAPI/lance-graph that referenced this pull request Jun 22, 2026
…igration

Adds `#[deprecated(note = "...")]` to every consumer-facing tenant bridge,
pointing each at its OGAR PortSpec replacement. Symbols still compile;
nothing removed. Companion to AdaWorldAPI/OGAR#95 (APP‖class codebook
layout + per-app migration plan).

Deprecated:
- lance-graph-ogar::bridges — 6 per-port aliases:
  OpenProjectBridge, RedmineBridge, MedcareBridge, WoaBridge, SmbBridge,
  OdooBridge → pull via the corresponding `ogar_vocab::ports::*Port::class_id(name)`
- lance-graph-ontology::bridges — 4 legacy structs:
  OgitBridge, WoaBridge, SpearBridge, SharePointBridge → pull via the
  relevant PortSpec (Spear/SharePoint require authoring a port first)

NOT deprecated: the `UnifiedBridge<P>` harness (impl mechanism), the
`*Port` types (the replacement), the OPENPROJECT_CODEBOOK / REDMINE_CODEBOOK
constants (already deprecated in PR #570).

Existing call sites (tests + the consumer-conformance harness) carry
`#[allow(deprecated)]` so the build stays clean. cargo check green on
both crates; pre-existing dead-code warnings on the `NAMESPACE` constants
are unrelated.

Scope this PR does NOT cover (explicitly flagged in
docs/CONSUMER-BRIDGE-DEPRECATION.md, surfaced by parallel sessions):
  - lance-graph-rbac has no `authorize(actor, classid, op)` keystone yet.
    The keystone is `[H]` and gated on PROBE-OGAR-RBAC-AUTHORIZE (OGAR
    spec). It lands as its own PR after the probe runs green. Until
    then, consumers migrate the classid pull only and keep existing
    auth — do NOT reintroduce a bridge as an auth stopgap.
  - `Membership` / `Op` types not yet defined.

Consumer status snapshot (`git grep` 2026-06-22):
  MedCare-rs: 33 files · woa-rs: 6 · smb-office-rs: 4 · odoo-rs: 0 ✓ ·
  openproject-nexgen-rs: 0 ✓

Terminal `bridges/` deletion PR opens only after the three remaining
consumers ship their migrations. No removal window announced.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
AdaWorldAPI pushed a commit to AdaWorldAPI/lance-graph that referenced this pull request Jun 22, 2026
…igration

Adds `#[deprecated(note = "...")]` to every consumer-facing tenant bridge,
pointing each at its OGAR PortSpec replacement. Symbols still compile;
nothing removed. Companion to AdaWorldAPI/OGAR#95 (APP‖class codebook
layout + per-app migration plan).

Deprecated:
- lance-graph-ogar::bridges — 6 per-port aliases:
  OpenProjectBridge, RedmineBridge, MedcareBridge, WoaBridge, SmbBridge,
  OdooBridge → pull via the corresponding `ogar_vocab::ports::*Port::class_id(name)`
- lance-graph-ontology::bridges — 4 legacy structs:
  OgitBridge, WoaBridge, SpearBridge, SharePointBridge → pull via the
  relevant PortSpec (Spear/SharePoint require authoring a port first)

NOT deprecated: the `UnifiedBridge<P>` harness (impl mechanism), the
`*Port` types (the replacement), the OPENPROJECT_CODEBOOK / REDMINE_CODEBOOK
constants (already deprecated in PR #570).

Existing call sites (tests + the consumer-conformance harness) carry
`#[allow(deprecated)]` so the build stays clean. cargo check green on
both crates; pre-existing dead-code warnings on the `NAMESPACE` constants
are unrelated.

Scope this PR does NOT cover (explicitly flagged in
docs/CONSUMER-BRIDGE-DEPRECATION.md, surfaced by parallel sessions):
  - lance-graph-rbac has no `authorize(actor, classid, op)` keystone yet.
    The keystone is `[H]` and gated on PROBE-OGAR-RBAC-AUTHORIZE (OGAR
    spec). It lands as its own PR after the probe runs green. Until
    then, consumers migrate the classid pull only and keep existing
    auth — do NOT reintroduce a bridge as an auth stopgap.
  - `Membership` / `Op` types not yet defined.

Consumer status snapshot (`git grep` 2026-06-22):
  MedCare-rs: 33 files · woa-rs: 6 · smb-office-rs: 4 · odoo-rs: 0 ✓ ·
  openproject-nexgen-rs: 0 ✓

Terminal `bridges/` deletion PR opens only after the three remaining
consumers ship their migrations. No removal window announced.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
AdaWorldAPI pushed a commit to AdaWorldAPI/lance-graph that referenced this pull request Jun 22, 2026
…igration

Adds `#[deprecated(note = "...")]` to every consumer-facing tenant bridge,
pointing each at its OGAR PortSpec replacement. Symbols still compile;
nothing removed. Companion to AdaWorldAPI/OGAR#95 (APP‖class codebook
layout + per-app migration plan).

Deprecated:
- lance-graph-ogar::bridges — 6 per-port aliases:
  OpenProjectBridge, RedmineBridge, MedcareBridge, WoaBridge, SmbBridge,
  OdooBridge → pull via the corresponding `ogar_vocab::ports::*Port::class_id(name)`
- lance-graph-ontology::bridges — 4 legacy structs:
  OgitBridge, WoaBridge, SpearBridge, SharePointBridge → pull via the
  relevant PortSpec (Spear/SharePoint require authoring a port first)

NOT deprecated: the `UnifiedBridge<P>` harness (impl mechanism), the
`*Port` types (the replacement), the OPENPROJECT_CODEBOOK / REDMINE_CODEBOOK
constants (already deprecated in PR #570).

Existing call sites (tests + the consumer-conformance harness) carry
`#[allow(deprecated)]` so the build stays clean. cargo check green on
both crates; pre-existing dead-code warnings on the `NAMESPACE` constants
are unrelated.

Scope this PR does NOT cover (explicitly flagged in
docs/CONSUMER-BRIDGE-DEPRECATION.md, surfaced by parallel sessions):
  - lance-graph-rbac has no `authorize(actor, classid, op)` keystone yet.
    The keystone is `[H]` and gated on PROBE-OGAR-RBAC-AUTHORIZE (OGAR
    spec). It lands as its own PR after the probe runs green. Until
    then, consumers migrate the classid pull only and keep existing
    auth — do NOT reintroduce a bridge as an auth stopgap.
  - `Membership` / `Op` types not yet defined.

Consumer status snapshot (`git grep` 2026-06-22):
  MedCare-rs: 33 files · woa-rs: 6 · smb-office-rs: 4 · odoo-rs: 0 ✓ ·
  openproject-nexgen-rs: 0 ✓

Terminal `bridges/` deletion PR opens only after the three remaining
consumers ship their migrations. No removal window announced.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01EYvNjD8M8LMNYbRy3gq2FP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants