Skip to content

Meta-hardening: legibility, security, invariant tests (zero runtime change)#7

Merged
LalaSkye merged 8 commits intomainfrom
meta-hardening
Feb 24, 2026
Merged

Meta-hardening: legibility, security, invariant tests (zero runtime change)#7
LalaSkye merged 8 commits intomainfrom
meta-hardening

Conversation

@LalaSkye
Copy link
Owner

@LalaSkye LalaSkye commented Feb 24, 2026

Scope

Meta-hardening pass: legibility, security policy, and invariant test coverage.

Constraint: ZERO runtime semantic change. No edits to stop_machine.py, gate.py, rules.py, envelope_parser.py, or primitives/*.

Changes

A) New files

File Purpose
SECURITY.md Security disclosure policy
docs/runtime-trace.md Runtime trace walkthrough
docs/architecture-diagram.md ASCII architecture diagram
tests/__init__.py Package init for test discovery
tests/test_invariant_enforcement.py Structural invariant tests

B) Modified files

File Change
CHANGELOG.md Added meta-hardening entry
.github/workflows/ci.yml Added Run invariant tests step (python -m pytest tests/ -v)

Invariant tests cover

  • No StopMachine class in primitives/
  • No Gate class in v0 primitive folders
  • No runtime imports from analysis/, docs/, artifacts/, examples/
  • stop_machine.py defines exactly {ALLOW, HOLD, DENY} states
  • Gate file contains SILENCE exit
  • Primitive folders exist and are non-empty
  • LICENSE and README.md exist at repo root

Verification

  • All 7 commits verified
  • 572 additions, 0 deletions
  • CI triggers on PR open (will run matrix tests + invariant suite)
  • Branch is able to merge cleanly into main

@LalaSkye
docs: add SECURITY.md
487b711 
Added a security policy document outlining the scope, threat model, invariants, and reporting vulnerabilities for the stop-machine project.
@LalaSkye
docs: add runtime-trace.md
197d19f 
This document outlines the decision flow for envelope evaluation by the conformance gate, including exit decision mapping, rule evaluation order, evaluation policies, and GateResult fields.
@LalaSkye
docs: add architecture-diagram.md
2f64945 
Document the architecture and data flow of the stop-machine.
@LalaSkye
tests: add __init__.py
b18e0e6
@LalaSkye
tests: add complete test_invariant_enforcement.py
e84ce5d 
This file contains cross-cutting invariant enforcement tests for the stop-machine, verifying structural invariants related to EXIT_ENUM consistency, StopMachine terminal-state enforcement, and gate boundary validations.
@LalaSkye
docs: update CHANGELOG.md with meta-hardening entry
284f7d2 
Added security policy, documentation, and tests. Updated CI workflow.
@LalaSkye
ci: add invariant tests step to CI workflow
5f02f2f
@LalaSkye
fix: align parsed envelope test with upstream gate behavior
f1b2f4a
@LalaSkye LalaSkye merged commit fe2e455 into main Feb 24, 2026
4 checks passed
@LalaSkye LalaSkye deleted the meta-hardening branch February 24, 2026 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LalaSkye