Formal contract definition between three substrate layers:
- ABDF: data substrate (typed container)
- BCIB: execution substrate (intent)
- Phase-11: verification substrate (kernel reality)

Critical matrices:
- Layer responsibilities
- Data flow boundaries
- Hash production rules
- Replay dependencies
- Type system compatibility
- Evidence export format
- Multicore coordination
- Proof composition
- CI gate validation
- Evolution policy

Status: NORMATIVE
Authority: Architecture Board

This document is binding for Phase-11 implementation.

Critical improvements:

1. Data Flow Matrix
   - Add BCIB → Phase-11 indirect flow (via kernel events)
   - Clarify ABDF → Phase-11 indirect flow (via Replay Engine)
   - Add Replay Engine as explicit intermediary

2. Hash Production Matrix
   - Add execution_trace_hash for replay verification

3. Replay Flow
   - Add explicit replay flow diagram
   - Add execution trace replay invariant

4. Type System Compatibility
   - Mark as NON-NORMATIVE EXAMPLES
   - Add normative rule: kernel MUST NOT know ABDF types
   - Add normative rule: kernel MUST NOT know BCIB semantics

5. Multicore Coordination
   - Separate DLT (ordering) from GCP (finalization)
   - Add explicit multicore architecture diagram
   - Clarify DLT assigns ltick, GCP ensures commit

Rationale:
- Kernel must remain agnostic to high-level semantics
- Replay engine is critical intermediary, not direct ABDF→Phase-11
- DLT and GCP serve distinct roles in multicore determinism

Authority: Architecture Board review
Status: NORMATIVE (except Type System examples)

Formal state machine for execution flow:
BCIB Instruction → Syscall → Kernel Event → Phase-11 Entry

Key sections:
1. State machine overview (Ring3 → Ring0 → Phase-11)
2. BCIB → Syscall mapping (DataCreate, DataQuery, UiRender, AiAsk)
3. Syscall → Kernel event mapping (all 11 syscalls)
4. Kernel event → Phase-11 entry mapping (ledger + transcript)
5. State transition rules (normal, context switch, interrupt)
6. Error handling (capability violation, ordering violation)
7. Multicore coordination (DLT + GCP)
8. Replay state machine (init, execution, verification)
9. Implementation checklist (kernel, userspace, CI)
10. Critical invariants (monotonicity, hash chain, completeness)

Purpose:
- Canonical reference for Phase-11 implementation
- Defines exact mapping between layers
- Specifies state transitions and error handling
- Provides implementation checklist

Status: NORMATIVE
Authority: Architecture Board
Prerequisite: ABDF_BCIB_PHASE11_CONTRACT_MATRIX.md

1. Contract Matrix Refinements:
   - Add ledger_root_hash to hash production matrix
   - Add Replay Engine → BCIB Runtime data flow
   - Add ledger append-only invariant
   - Add ledger_root_hash invariant

2. Phase-11 Event Taxonomy (NEW):
   - Complete event type enumeration (30+ events)
   - Event recording rules (MUST/SHOULD/MAY/MUST NOT)
   - Event specification by category (9 core events)
   - Event payload specifications
   - Event ordering rules (global, logical time, per-CPU)
   - Event filtering rules (high-frequency, syscall)
   - Event validation rules (ledger, transcript)
   - Event serialization format (binary, JSON lines)
   - CI gate validation (completeness, integrity)
   - Implementation checklist
   - Critical invariants

Purpose:
- Canonical event specification for Phase-11
- Defines which kernel events produce ledger/transcript
- Specifies exact event payload formats
- Provides validation and serialization rules

Status: NORMATIVE
Authority: Architecture Board

This completes the Phase-11 architectural foundation:
- Contract Matrix: layer boundaries
- State Machine: execution flow
- Event Taxonomy: event specification

Comprehensive requirements for Phase-11 verification substrate.

Core Components:
- Decision Ledger (P11-02): kernel decision record
- Execution Transcript (P11-13): kernel reality record
- Event Ordering (P11-10): deterministic sequencing
- Replay Engine (P11-04): verification system
- DLT (P11-14): multicore logical time
- GCP (P11-15): multicore commit protocol
- Proof Manifest (P11-11): cryptographic sealing

12 Requirements with 115 acceptance criteria covering:
- Ledger/transcript recording
- Hash chain integrity
- Deterministic ordering
- Replay verification
- Multicore coordination
- Proof generation
- Evidence export
- CI gate integration
- Constitutional compliance
- Backward compatibility

Prerequisites:
- ABDF_BCIB_PHASE11_CONTRACT_MATRIX.md
- RUNTIME_STATE_MACHINE.md
- Phase 10-A2 (Ring3 execution proof)

Status: Draft (awaiting design document)

- Normalize event naming to AY_EVT_* across taxonomy/contract/spec docs
- Add AY_EVT_MAX bound to taxonomy enum
- Resolve taxonomy contradiction: record requirements are per event class
- Canonicalize ledger hashing:
  payload_hash = H(normalized_payload)
  entry_hash = H(prev_hash || payload_hash)
- Align evidence policy with repo behavior:
  CI artifact export required, git commit optional
- Clarify requirements scope:
  BCIB plan identity is in-scope; BCIB runtime redesign out-of-scope
- Update requirements issue range to P11-01..P11-18

- Add design.md with normative event pipeline, data model, replay identity binding,
  CI gate mapping, implementation order, and closure criteria
- Add tasks.md with issue-aligned workstreams, branch names, gate mapping,
  evidence outputs, dependency order, and per-PR validation checklist
- Enforce 1 PR = 1 invariant execution policy

- Add Created/Maintained/Edited metadata with Kenan AY to spec docs
- Add mandatory documentation synchronization policy and PR Documentation Delta rule
- Add language selection policy (C/Rust/Bash/Python) by subsystem suitability
- Add explicit security and performance verification controls
- Add owner assignment (Kenan AY) to Phase-11 task entries
- Extend requirements with Security/Performance and Documentation Sync requirements

…ive gate

- add normative MAILBOX_PROTOCOL_V2_CAPABILITIES contract
- add fail-closed capability envelope checks in Ring0 mailbox validation
- standardize reject aliases: REJ_BAD_SIG/REJ_CAP_MISSING/REJ_BUDGET_EXCEEDED/REJ_INVALID_PID
- add ci-gate-mailbox-capability-negative with negative_matrix evidence
- wire freeze/local-freeze gate chain and evidence/report exports
- sync phase11 requirements/design/tasks + taxonomy/contract-matrix updates

Validation:
- python3 -m unittest tools/ci/test_validate_mailbox_capability_negative.py (PASS)
- make ci-gate-mailbox-capability-negative RUN_ID=local-p11-34-clean (PASS)
- make ci-gate-scheduler-mailbox-phase10c RUN_ID=local-p11-34-regression (PASS)

Notes:
- v1 mailbox ABI layout freeze preserved (size/offset/alignment unchanged)
- local performance gate remains host-baseline mismatch (Darwin arm64 vs CI baseline)

…es (#43)

Bootstrap ETI layer for Phase-11 verification substrate.

Introduces CI-side ETI materialization and validation gates:
- ci-gate-eti-sequence
- ci-gate-ledger-eti-binding
- ci-gate-transcript-integrity

Artifacts:
- eti_transcript.jsonl/.bin
- binding_report.json
- violations.txt
- eti_diff.txt (bootstrap placeholder)

Scope:
ETI is materialized deterministically from Phase10-A2 evidence.
Kernel hot-path ETI emission is intentionally deferred.

Documentation:
tasks.md, design.md, requirements.md updated to reflect bootstrap semantics.

…gates

Add explicit missing_or_empty checks before validator execution:
- gate_ledger_eti_binding.sh: decision_ledger.jsonl, eti_transcript.jsonl
- gate_transcript_integrity.sh: eti_transcript.jsonl, eti_transcript.bin

This prevents validator-level crashes and keeps gate semantics fail-closed (exit 3 on usage/input errors).

#44)

…boundary

…tes, proofd observability