Skip to content

Plan immutable artifact storage and Flow Node integration#97

Merged
abiorh-claw merged 13 commits into
mainfrom
codex/ws-art-001-artifact-storage-planning
Jul 12, 2026
Merged

Plan immutable artifact storage and Flow Node integration#97
abiorh-claw merged 13 commits into
mainfrom
codex/ws-art-001-artifact-storage-planning

Conversation

@Abiorh001

@Abiorh001 Abiorh001 commented Jul 11, 2026

Copy link
Copy Markdown
Collaborator

PR Trust Bundle

Chunk

WS-ART-001-PLAN - Immutable Artifact Storage And Flow Node Integration
Planning

Goal

Lock the cross-repository architecture and bounded chunk sequence required for
Workstream to own exact artifact bytes through a local adapter and focused Flow
Node provider before pre-submit/post-submit checker expansion resumes.

Human-Approved Intent

  • Intent: ../INTENT.md
  • Decisions: ../DECISIONS.md
  • Plan: ../PLAN.md
  • Chunk map: ../CHUNK_MAP.md

What Changed

  • Added ADR 0013 and the canonical artifact storage target specification.
  • Added discovery, intent, decisions, risks, plan, status, chunk map, and ten
    implementation chunk contracts across Workstream and Flow Node.
  • Updated README/glossary and active loop memory for the planning initiative.
  • Added exact failure, migration, concurrency, authorization, retention,
    recovery, provider-contract, and clean-cutover requirements.

Why It Changed

Current Workstream submissions and guides can record declarations without
owning the referenced bytes. Checkers therefore cannot prove that pre-submit,
post-submit, and later review use the same immutable content. Flow Node has
useful low-level storage primitives, but its current REST path is not yet a
private byte-storage provider boundary.

Design Chosen

Workstream owns authorization, lifecycle meaning, content identity, immutable
resource bindings, operation intent, and audit. Storage providers own bytes and
provider operation facts. A provider-neutral port supports both private local
development storage and a focused authenticated Flow Node runtime.

Alternatives Rejected

  • Caller URI/hash declarations as truth.
  • Artifact bytes in PostgreSQL/Redis/outbox.
  • Direct client access to Flow Node in v0.1.
  • Flow Node ownership of Workstream product provenance or decisions.
  • Receipt-only crash recovery.
  • Per-task artifact policy/checker generation.
  • Legacy compatibility aliases or fake verified backfills.

Scope Control

Planning/docs/loop-memory files only. No backend runtime, migration, API,
Celery, Docker, checker, or Flow Node source was implemented in this PR.

Product Behavior

  • No Workstream product runtime behavior changed.
  • No Flow Node runtime behavior changed.

Acceptance Criteria Proof

  • Canonical ownership and storage boundary documented.
  • Local and Flow Node adapter contracts defined.
  • Exact-byte upload, sealing, admission, binding, and recovery defined.
  • Security, privacy, retention, release, and failure semantics defined.
  • Legacy removal and migration refusal ownership assigned.
  • Every implementation chunk has allowed files, exclusions, acceptance
    criteria, verification commands, reviewers, human focus, and stop condition.
  • All nine internal reviewer tracks passed the reviewed SHA.

Tests And Checks Run

git diff --check main...HEAD
python3 scripts/check_stale_authorization_docs.py
python3 scripts/check_stale_workstream_wording.py
python3 scripts/check_markdown_links.py
python3 scripts/check_loop_memory_state.py
python3 scripts/test_agent_gates.py

All passed; the agent-gate regression suite reported 31 passing tests.

Test Delta

No product tests were added, changed, removed, skipped, or weakened. This PR is
planning-only. Future chunk contracts explicitly own focused and full-regression
proof.

CI Integrity

No workflow, dependency, coverage, lint, typecheck, package-script, or checkout
credential setting changed. Future Workstream chunks require CI-equivalent
backend and Agent Gates commands; Flow Node chunks require non-empty dedicated
test targets and live focused-runtime conformance.

Reviewer Results

Reviewed code SHA: f7fbc33

All required internal tracks passed: senior engineering, QA/test,
security/auth, product/ops, architecture, docs, CI integrity, reuse/dedup, and
test delta.

Internal evidence:

  • WS-ART-001-PLAN-internal-review-evidence.md

External Review

PR #97 received seven actionable CodeRabbit comments. All were fixed and
recorded separately in WS-ART-001-PLAN-external-review-response.md; external
review is not internal review evidence. Fresh checks must pass on the pushed
fix/evidence head.

Remaining Risks

  • Runtime behavior is not implemented or proven by this planning PR.
  • Production retention/legal-hold, issuer, encryption/backup, and quota values
    still require implementation and deployment approval.
  • Cross-repository delivery requires coordinated but independently reviewed
    Workstream and Flow Node PRs.

Follow-Up Work

After explicit planning merge and a separate start signal, execute only
WS-ART-001-01. Do not begin Flow Node or product cutover chunks automatically.

Human Review Focus

  • Workstream versus Flow Node ownership.
  • Crash recovery and exact-byte commitment.
  • Artifact binding immutability and manifest identity.
  • Service authentication, release authority, and private runtime scope.
  • Policy/compiler clean cutover and WS-AUTH/WS-REV dependencies.
  • Whether each L1 chunk remains independently reviewable.

Human Merge Ownership

  • I can explain what changed.
  • I can explain why it changed.
  • I know what could break during implementation.
  • I accept the remaining planning risks.
  • The user explicitly approved this specific PR for merge.

@Abiorh001

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR establishes the WS-ART-001 immutable artifact storage planning package. It adds discovery, decisions, architecture, service contracts, implementation chunk specifications, Flow Node runtime specifications, review evidence, and agent-loop tracking updates. No runtime implementation changes are included.

Changes

WS-ART-001 planning package

Layer / File(s) Summary
Planning governance and review state
.agent-loop/LOOP_STATE.md, .agent-loop/REVIEW_LOG.md, .agent-loop/WORK_QUEUE.md, .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/*
Updates initiative state, queue entries, chunk dependencies, risks, status, and internal planning review evidence.
Discovery and boundary decisions
.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/{DISCOVERY,INTENT,DECISIONS}.md, docs/decision_0013_immutable_artifact_storage_boundary.md, docs/glossary.md, README.md
Documents current gaps, ownership boundaries, immutable artifact concepts, security and retention rules, migration constraints, and glossary/index references.
Canonical storage architecture and service contract
.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/PLAN.md, docs/spec_artifact_storage_service.md
Defines upload/recovery flows, sealed artifact-set admission, provider APIs, state ownership, authentication, limits, migrations, checker binding, and proof requirements.
Workstream implementation checkpoints
.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-*.md
Specifies the planned local adapter, reconciliation, guide, upload, submission, checker, and recovery chunks.
Flow Node runtime checkpoints
.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/FN-ART-001-*.md
Specifies streaming DAG primitives, authenticated artifact HTTP operations, and focused verification/retention runtime behavior.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Possibly related PRs

Suggested reviewers: abiorh-claw

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly summarizes the main change: planning immutable artifact storage and Flow Node integration.
Description check ✅ Passed The description follows the trust-bundle template closely and includes the required sections, evidence, checks, risks, and reviewer results.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/ws-art-001-artifact-storage-planning

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/CHUNK_MAP.md:
- Around line 19-31: Update the Dependency Order section to begin with the
WS-ART-001-PLAN planning gate, followed by WS-ART-001-01 and the existing
dependency chain. Preserve all subsequent ordering and prerequisites unchanged.

In
@.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/FN-ART-001-01-streaming-dag-primitives.md:
- Around line 37-42: Update the verification command block in FN-ART-001-01 to
use checkout-relative paths, replacing the hard-coded Flow-Node directory with
cd back-end from the repository root or a git rev-parse-derived root. Apply the
same correction to the corresponding verification commands in FN-ART-001-02 and
FN-ART-001-03 while preserving the existing checks.

In
@.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-02-flow-node-adapter-reconciliation.md:
- Line 43: Update the Flow Node image requirement in the v1 vector validation
criteria to use an exact immutable image digest, including the registry and
provenance verification requirements when applicable; do not accept mutable tags
or version-only references, and preserve the existing LocalStorageAdapter parity
and recovery-test coverage.
- Around line 48-60: Update the “Compose health proves authenticated
ingest/retrieve/status” criterion and its Verification commands so they actually
start the Workstream API plus all required authentication and worker services
before running authenticated artifact proof. Alternatively, narrow the criterion
to adapter-level validation and add a separate command that starts the complete
required Compose stack and verifies authenticated ingest, retrieve, and status
behavior.

In
@.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-05-submission-artifact-cutover.md:
- Around line 84-85: Extend the populated-legacy migration test or acceptance
criteria to assert that refusal preserves all existing rows and leaves the
schema unchanged, while still emitting the rebuild guidance. Keep the existing
fresh, downgrade-empty, and re-upgrade coverage intact, and anchor the new
assertions to the populated-legacy migration path.

In `@docs/decision_0013_immutable_artifact_storage_boundary.md`:
- Line 64: Update the requirement sentence in the immutable artifact storage
boundary document to explicitly state that production requires encrypted storage
and encrypted backups, while retaining redacted logs, quotas, and an approved
retention-policy version.

In `@docs/spec_artifact_storage_service.md`:
- Around line 103-110: Update the “Service Authentication” section to explicitly
state that production pins the issuer and uses an explicit allowlist of
permitted asymmetric algorithms, replacing the ambiguous “pinned
issuer/asymmetric algorithms” wording. Preserve the remaining authentication
requirements unchanged.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 59fdeb37-d69f-4aa0-b116-d604a8b6b6bf

📥 Commits

Reviewing files that changed from the base of the PR and between 1d3e487 and 5ccc5a6.

📒 Files selected for processing (26)
  • .agent-loop/LOOP_STATE.md
  • .agent-loop/REVIEW_LOG.md
  • .agent-loop/WORK_QUEUE.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/CHUNK_MAP.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/DECISIONS.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/DISCOVERY.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/INTENT.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/PLAN.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/RISKS.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/STATUS.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/FN-ART-001-01-streaming-dag-primitives.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/FN-ART-001-02-authenticated-artifact-http.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/FN-ART-001-03-verify-retain-focused-runtime.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-01-artifact-domain-local-adapter.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-02-flow-node-adapter-reconciliation.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-03-guide-source-cutover.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-04-upload-session-admission.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-05-submission-artifact-cutover.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-06-checker-artifact-cutover.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-07-recovery-live-proof.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/reviews/WS-ART-001-PLAN-internal-review-evidence.md
  • .agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/reviews/WS-ART-001-PLAN-pr-trust-bundle.md
  • README.md
  • docs/decision_0013_immutable_artifact_storage_boundary.md
  • docs/glossary.md
  • docs/spec_artifact_storage_service.md

Comment on lines +37 to +42
```bash
cd /home/abiorh/flow/Flow-Node/back-end && cargo fmt --check
cd /home/abiorh/flow/Flow-Node/back-end && cargo clippy --all-targets --all-features -- -D warnings
cd /home/abiorh/flow/Flow-Node/back-end && ./scripts/run_nonempty_cargo_test_target.sh artifact_streaming_contract
cd /home/abiorh/flow/Flow-Node/back-end && cargo test
git -C /home/abiorh/flow/Flow-Node diff --check

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Make the Flow Node verification commands checkout-relative.

The hard-coded /home/abiorh/flow/Flow-Node path makes these checks unusable from other checkouts or CI runners. Apply the same correction to FN-ART-001-02 and FN-ART-001-03.

Use cd back-end from the Flow Node repository root, or derive the root with git rev-parse.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
@.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/FN-ART-001-01-streaming-dag-primitives.md
around lines 37 - 42, Update the verification command block in FN-ART-001-01 to
use checkout-relative paths, replacing the hard-coded Flow-Node directory with
cd back-end from the repository root or a git rev-parse-derived root. Apply the
same correction to the corresponding verification commands in FN-ART-001-02 and
FN-ART-001-03 while preserving the existing checks.

Comment on lines +48 to +60
- Compose health proves authenticated ingest/retrieve/status without product
module changes.

## Verification

```bash
(cd backend && .venv/bin/ruff check app tests scripts)
(cd backend && .venv/bin/docstr-coverage --config .docstr.yaml)
(cd backend && WORKSTREAM_TEST_DATABASE_URL=postgresql+asyncpg://workstream:workstream@localhost:5433/workstream_test .venv/bin/pytest -q tests/test_artifacts.py tests/test_alembic.py)
(cd backend && WORKSTREAM_TEST_DATABASE_URL=postgresql+asyncpg://workstream:workstream@localhost:5433/workstream_test .venv/bin/pytest -q)
(cd backend && WORKSTREAM_DATABASE_URL=postgresql+asyncpg://workstream:workstream@localhost:5433/workstream_test .venv/bin/python scripts/api_contract_e2e.py)
docker compose up -d --build --wait --wait-timeout 120 postgres redis flow-node
(cd backend && WORKSTREAM_DATABASE_URL=postgresql+asyncpg://workstream:workstream@localhost:5433/workstream_test .venv/bin/python scripts/artifact_store_contract_e2e.py)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | 🏗️ Heavy lift

Start the Workstream API before claiming authenticated API proof.

The verification command starts only postgres, redis, and flow-node, but this criterion requires authenticated ingest/retrieve/status through Compose. Add the api and required authentication/worker services, or narrow the criterion to adapter-level testing and add a separate API proof command.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
@.agent-loop/initiatives/WS-ART-001-immutable-artifact-storage/chunks/WS-ART-001-02-flow-node-adapter-reconciliation.md
around lines 48 - 60, Update the “Compose health proves authenticated
ingest/retrieve/status” criterion and its Verification commands so they actually
start the Workstream API plus all required authentication and worker services
before running authenticated artifact proof. Alternatively, narrow the criterion
to adapter-level validation and add a separate command that starts the complete
required Compose stack and verifies authenticated ingest, retrieve, and status
behavior.

Comment thread docs/decision_0013_immutable_artifact_storage_boundary.md Outdated
Comment thread docs/spec_artifact_storage_service.md
@abiorh-claw abiorh-claw self-requested a review July 12, 2026 00:17
@abiorh-claw abiorh-claw merged commit 8644a43 into main Jul 12, 2026
9 checks passed
@abiorh-claw abiorh-claw deleted the codex/ws-art-001-artifact-storage-planning branch July 12, 2026 00:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants