Skip to content

Commit c4b87e9

Browse files
authored
Replay runtime diagnostic contracts on current main
Replays runtime diagnostic contracts from #100 onto current main. Captured: - RetryLoopFingerprint - SecurityVerdictState - NetworkTruthState - BrowserLaunchTransaction - DesktopServiceBrokerState - MaintenanceEpoch - RuntimeRegistryIntegrityRecord - BootSessionPhaseState - DiagnosticStormRecord - matching synthetic examples - runtime diagnostic validator and workflow Validation on 2344c25: - Runtime Diagnostics: success - validate-ops-history: success Partial capture of #100; RuntimeIdentityGraph remains deferred.
1 parent 9d9884b commit c4b87e9

20 files changed

Lines changed: 918 additions & 0 deletions
Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
name: Runtime Diagnostics
2+
3+
on:
4+
pull_request:
5+
branches: ["main"]
6+
paths:
7+
- "schemas/RetryLoopFingerprint.json"
8+
- "schemas/SecurityVerdictState.json"
9+
- "schemas/NetworkTruthState.json"
10+
- "schemas/BrowserLaunchTransaction.json"
11+
- "schemas/DesktopServiceBrokerState.json"
12+
- "schemas/MaintenanceEpoch.json"
13+
- "schemas/RuntimeRegistryIntegrityRecord.json"
14+
- "schemas/BootSessionPhaseState.json"
15+
- "schemas/DiagnosticStormRecord.json"
16+
- "examples/retry_loop_fingerprint.json"
17+
- "examples/security_verdict_state.json"
18+
- "examples/network_truth_state.json"
19+
- "examples/browser_launch_transaction.json"
20+
- "examples/desktop_service_broker_state.json"
21+
- "examples/maintenance_epoch.json"
22+
- "examples/runtime_registry_integrity_record.json"
23+
- "examples/boot_session_phase_state.json"
24+
- "examples/diagnostic_storm_record.json"
25+
- "tools/validate_runtime_causality_examples.py"
26+
- ".github/workflows/runtime-diagnostics.yml"
27+
push:
28+
branches: ["main", "replay/s100-current"]
29+
paths:
30+
- "schemas/RetryLoopFingerprint.json"
31+
- "schemas/SecurityVerdictState.json"
32+
- "schemas/NetworkTruthState.json"
33+
- "schemas/BrowserLaunchTransaction.json"
34+
- "schemas/DesktopServiceBrokerState.json"
35+
- "schemas/MaintenanceEpoch.json"
36+
- "schemas/RuntimeRegistryIntegrityRecord.json"
37+
- "schemas/BootSessionPhaseState.json"
38+
- "schemas/DiagnosticStormRecord.json"
39+
- "examples/retry_loop_fingerprint.json"
40+
- "examples/security_verdict_state.json"
41+
- "examples/network_truth_state.json"
42+
- "examples/browser_launch_transaction.json"
43+
- "examples/desktop_service_broker_state.json"
44+
- "examples/maintenance_epoch.json"
45+
- "examples/runtime_registry_integrity_record.json"
46+
- "examples/boot_session_phase_state.json"
47+
- "examples/diagnostic_storm_record.json"
48+
- "tools/validate_runtime_causality_examples.py"
49+
- ".github/workflows/runtime-diagnostics.yml"
50+
51+
permissions:
52+
contents: read
53+
54+
jobs:
55+
validate-runtime-diagnostics:
56+
runs-on: ubuntu-latest
57+
steps:
58+
- uses: actions/checkout@v4
59+
- name: Set up Python
60+
uses: actions/setup-python@v5
61+
with:
62+
python-version: "3.12"
63+
- name: Install validator dependencies
64+
run: python -m pip install --upgrade pip jsonschema
65+
- name: Validate runtime diagnostic examples
66+
run: python tools/validate_runtime_causality_examples.py
Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"id": "urn:srcos:boot-session-phase:synthetic-locked-001",
3+
"type": "BootSessionPhaseState",
4+
"specVersion": "2.0.0",
5+
"observedAt": "2026-05-06T22:36:15Z",
6+
"bootId": "boot-synthetic-001",
7+
"sessionId": "session-synthetic-locked",
8+
"phase": "post-login-locked",
9+
"phaseVerdict": "not-ready",
10+
"availableKeyrings": [],
11+
"availablePortals": ["notification"],
12+
"allowedComponents": [
13+
{
14+
"componentRef": "urn:srcos:component:synthetic-observer",
15+
"state": "allowed-degraded",
16+
"reason": "May observe coarse transitions while user stores remain unavailable."
17+
}
18+
],
19+
"blockedComponents": [
20+
{
21+
"componentRef": "urn:srcos:component:synthetic-registry-sweep",
22+
"requiredPhase": "unlocked-user-session",
23+
"state": "deferred",
24+
"reason": "Registry maintenance requires unlocked stores and should not run during locked post-login state.",
25+
"remediationHint": "Queue maintenance until unlock or recovery session."
26+
}
27+
],
28+
"evidenceRefs": [
29+
"urn:srcos:telemetry:synthetic-session-locked",
30+
"urn:srcos:telemetry:synthetic-key-store-locked"
31+
],
32+
"userVisibleSummary": "The session is post-login but still locked; components requiring unlocked state must be deferred.",
33+
"remediationHint": "Transition to unlocked-user-session before running preflight checks that require user stores."
34+
}
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
{
2+
"id": "urn:srcos:browser-launch-transaction:synthetic-001",
3+
"type": "BrowserLaunchTransaction",
4+
"specVersion": "2.0.0",
5+
"componentRef": "urn:srcos:component:synthetic-browser-surface",
6+
"phaseStatus": "preflight",
7+
"capabilityPreflightPassed": false,
8+
"identityGraphValid": true,
9+
"desktopBrokerValid": false,
10+
"profileStoreValid": true,
11+
"extensionRegistryValid": false,
12+
"networkTruthSnapshotCaptured": true,
13+
"childProcessSpawnAllowed": false,
14+
"childProcessAttested": false,
15+
"pageLoadStarted": false,
16+
"observedAt": "2026-05-06T22:37:03Z",
17+
"evidenceRefs": [
18+
"urn:srcos:telemetry:synthetic-child-preflight",
19+
"urn:srcos:telemetry:synthetic-broker-state",
20+
"urn:srcos:telemetry:synthetic-extension-state"
21+
],
22+
"userVisibleImpact": "Preflight blocked browser launch because required broker and extension checks are not ready.",
23+
"remediationHint": "Verify desktop broker availability and extension registry integrity before retrying launch."
24+
}
Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"id": "urn:srcos:desktop-service-broker-state:synthetic-browser-001",
3+
"type": "DesktopServiceBrokerState",
4+
"specVersion": "2.0.0",
5+
"observedAt": "2026-05-06T22:37:03Z",
6+
"componentRef": "urn:srcos:component:synthetic-browser-surface",
7+
"overallState": "degraded",
8+
"brokers": [
9+
{
10+
"brokerKind": "pasteboard",
11+
"state": "policy-blocked",
12+
"fallback": "disable clipboard integration for the synthetic content surface",
13+
"userVisibleImpact": "Copy and paste may be unavailable inside the sandboxed surface.",
14+
"remediationHint": "Route pasteboard access through the desktop broker and require user gesture gating."
15+
},
16+
{
17+
"brokerKind": "core-services",
18+
"state": "policy-blocked",
19+
"fallback": "prevent direct host desktop-service lookup",
20+
"userVisibleImpact": "The child surface cannot directly register with host desktop services.",
21+
"remediationHint": "Move host desktop-service calls into a parent-process broker."
22+
},
23+
{
24+
"brokerKind": "extension-registry",
25+
"state": "degraded",
26+
"fallback": "quarantine extension discovery for this launch transaction",
27+
"userVisibleImpact": "Extensions are disabled until registry integrity is verified.",
28+
"remediationHint": "Refresh the extension registry before enabling extension discovery."
29+
}
30+
],
31+
"evidenceRefs": [
32+
"urn:srcos:telemetry:synthetic-pasteboard-denial",
33+
"urn:srcos:telemetry:synthetic-desktop-service-denial",
34+
"urn:srcos:telemetry:synthetic-extension-query"
35+
],
36+
"userVisibleSummary": "Desktop service brokers are degraded, so child-surface desktop access remains brokered or disabled.",
37+
"remediationHint": "Verify pasteboard, desktop-service, and extension-registry brokers before launch."
38+
}
Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
{
2+
"id": "urn:srcos:diagnostic-storm:synthetic-registry-miss-001",
3+
"type": "DiagnosticStormRecord",
4+
"specVersion": "2.0.0",
5+
"signature": "synthetic_registry_lookup_miss",
6+
"sourceComponent": "synthetic-runtime-observer",
7+
"normalizedFailureClass": "registry-integrity-failure",
8+
"firstSeen": "2026-05-06T22:37:00Z",
9+
"lastSeen": "2026-05-06T22:37:18Z",
10+
"repeatCount": 492,
11+
"medianIntervalMs": 4.5,
12+
"maxEventsPerSecond": 136,
13+
"severity": "error",
14+
"sampleEvents": [
15+
{
16+
"eventRef": "urn:srcos:telemetry:synthetic-registry-miss-001",
17+
"messageTemplate": "Requested synthetic registry descriptor is unavailable",
18+
"observedAt": "2026-05-06T22:37:00Z"
19+
}
20+
],
21+
"suppressionPolicy": "summarize",
22+
"terminalState": "still-active",
23+
"linkedIncidentRef": "urn:srcos:incident:synthetic-runtime-registry-degraded-001",
24+
"evidenceRefs": [
25+
"urn:srcos:telemetry:synthetic-registry-miss",
26+
"urn:srcos:retry-loop:synthetic-registry-miss-001"
27+
],
28+
"userVisibleSummary": "Synthetic registry lookup misses repeated during a maintenance sweep.",
29+
"remediationHint": "Summarize repeated misses and defer further lookups until the registry epoch changes."
30+
}

examples/maintenance_epoch.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"id": "urn:srcos:maintenance-epoch:synthetic-registry-sweep-001",
3+
"type": "MaintenanceEpoch",
4+
"specVersion": "2.0.0",
5+
"startedAt": "2026-05-06T22:37:00Z",
6+
"endedAt": "2026-05-06T22:37:21Z",
7+
"epochKind": "registry-sweep",
8+
"state": "degraded",
9+
"sourceComponent": "synthetic-registry-maintenance",
10+
"allowedDuringInteractiveLaunch": false,
11+
"bootPhaseRequirement": "unlocked-user-session",
12+
"lockRequirements": [
13+
"runtime-registry",
14+
"launch-index",
15+
"namespace-cache"
16+
],
17+
"emissionBudget": {
18+
"maxEventsPerMinute": 60,
19+
"onBudgetExceeded": "summarize"
20+
},
21+
"observedStormRefs": [
22+
"urn:srcos:diagnostic-storm:synthetic-registry-miss-001"
23+
],
24+
"evidenceRefs": [
25+
"urn:srcos:telemetry:synthetic-registry-miss"
26+
],
27+
"userVisibleSummary": "Background registry maintenance emitted repeated synthetic misses during an interactive launch window.",
28+
"remediationHint": "Defer registry sweeps during interactive launches and summarize repeated missing descriptors."
29+
}

examples/network_truth_state.json

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
{
2+
"id": "urn:srcos:network-truth:synthetic-epoch-001",
3+
"type": "NetworkTruthState",
4+
"specVersion": "2.0.0",
5+
"observedAt": "2026-05-06T22:36:20Z",
6+
"networkEpoch": "synthetic-network-epoch-001",
7+
"interfaceRef": "synthetic-interface",
8+
"deviceIdentityState": "unknown",
9+
"radioState": "on",
10+
"associationState": "not-associated",
11+
"authenticationState": "unknown",
12+
"dhcpState": "observer-failed",
13+
"dnsState": "observer-failed",
14+
"routeState": "route-failed",
15+
"captivePortalState": "credential-missing",
16+
"internetReachability": "unreachable",
17+
"localMeshReachability": "unknown",
18+
"vpnOrPrivacyOverlayState": "unknown",
19+
"trustedPeerPathState": "not-evaluated",
20+
"evidenceRefs": [
21+
"urn:srcos:telemetry:synthetic-dns-observer",
22+
"urn:srcos:telemetry:synthetic-route-observer",
23+
"urn:srcos:telemetry:synthetic-radio-state"
24+
],
25+
"userVisibleSummary": "Radio state is available, but association and route observers are degraded.",
26+
"remediationHint": "Re-evaluate association, DHCP, DNS, and route state before remote synchronization or browser launch."
27+
}
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
{
2+
"id": "urn:srcos:retry-loop:synthetic-denial-loop-001",
3+
"type": "RetryLoopFingerprint",
4+
"specVersion": "2.0.0",
5+
"signature": "synthetic_denial_loop",
6+
"sourceComponent": "synthetic-runtime-observer",
7+
"firstSeen": "2026-05-06T22:35:44Z",
8+
"lastSeen": "2026-05-06T22:37:54Z",
9+
"count": 176,
10+
"medianIntervalMs": 556,
11+
"maxEventsPerSecond": 2,
12+
"retryClass": "polling",
13+
"terminalState": "still-looping",
14+
"policyValidity": "denied-but-noisy",
15+
"severity": "warn",
16+
"sampleEventRefs": ["urn:srcos:telemetry:synthetic-001"],
17+
"suppressionPolicy": "deduplicate_and_summarize",
18+
"userVisibleImpact": "Repeated denial is being summarized for the operator.",
19+
"remediationHint": "Review the policy boundary and reduce retry cadence."
20+
}
Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
{
2+
"id": "urn:srcos:runtime-registry-integrity:synthetic-registry-001",
3+
"type": "RuntimeRegistryIntegrityRecord",
4+
"specVersion": "2.0.0",
5+
"observedAt": "2026-05-06T22:37:00Z",
6+
"componentRef": "urn:srcos:component:synthetic-registry",
7+
"bundleOrPackageIdentity": "synthetic.package.identifier",
8+
"verificationVerdict": "degraded",
9+
"registryRecords": [
10+
{
11+
"recordKind": "extension-record",
12+
"recordRef": "synthetic-extension-record",
13+
"state": "missing",
14+
"errorCode": "SYNTHETIC_MISSING_RECORD",
15+
"userVisibleImpact": "The runtime could not construct an extension record from the synthetic registry.",
16+
"remediationHint": "Refresh or rebuild the runtime extension registry before enabling extension discovery."
17+
},
18+
{
19+
"recordKind": "namespace-descriptor",
20+
"recordRef": "synthetic-namespace-descriptor",
21+
"state": "missing",
22+
"userVisibleImpact": "Synthetic namespace metadata could not be resolved during maintenance.",
23+
"remediationHint": "Suppress repeated namespace lookups and emit a DiagnosticStormRecord until the namespace cache changes."
24+
}
25+
],
26+
"evidenceRefs": [
27+
"urn:srcos:telemetry:synthetic-extension-record-missing",
28+
"urn:srcos:telemetry:synthetic-namespace-descriptor-missing"
29+
],
30+
"userVisibleSummary": "Registry integrity is degraded because synthetic records are missing.",
31+
"remediationHint": "Run bounded registry repair or defer registry-dependent launch work until integrity is restored."
32+
}
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
{
2+
"id": "urn:srcos:security-verdict:synthetic-flow-001",
3+
"type": "SecurityVerdictState",
4+
"specVersion": "2.0.0",
5+
"subjectRef": "urn:srcos:component:synthetic-extension",
6+
"decision": "no-verdict",
7+
"verdictProviderState": "no-verdict-provider",
8+
"observedAt": "2026-05-06T22:36:00Z",
9+
"policyRef": "urn:srcos:policy:synthetic-flow-policy",
10+
"providerRef": "urn:srcos:verdict-provider:synthetic",
11+
"evidenceRefs": ["urn:srcos:telemetry:synthetic-002"],
12+
"userVisibleImpact": "Flow observation exists but no provider verdict is available.",
13+
"remediationHint": "Verify provider availability and continue with fail-closed review posture."
14+
}

0 commit comments

Comments
 (0)