SECS Recovery + Host <-> SECS Boundary Refactor — Wave Log
Started: 2026-05-08 Status: Part A recovery COMPLETE (A0-A5 PASS). Part B boundary refactor COMPLETE (B0-B12 PASS). Final report in docs/RECOVERY_BOUNDARY_FINAL_REPORT.md (B13).
This document is the live wave log for the recovery + boundary refactor described
in the orchestration prompt. It exists alongside docs/WAVE_REFACTOR_AUDIT.md,
which remains the historical audit of the prior behavior-refactor wave's failure.
This file is mutable across waves. The audit is not.
Wave-execution routing and standing guard rules live in the current governance files. This log records source-of-truth state, evidence, and wave results.
Source-truth rules for this log
- "Committed current shape" means the runtime / Generated / docs already commit this and no source-syntax invention is involved.
- "Runtime / compiler-lowering shape" means C# runtime support that is NOT a
.secssource keyword (e.g. CandidateBuilderId, CandidateBuilderDelegate, SelectorSource.FromCollection). - "Generated stand-in with no source" means a Generated/*.cs file that has no
real
.secssource yet and uses (or should use) the canonical no-source marker// Hand-written stand-in: no .secs source yet - runtime-only surface. - "Proposed future source syntax" means something a future ADR may commit but is NOT live source today.
- "Rejected invented source syntax" means a source form that was created during
the bad wave and is not committed; it must not appear in live
Content/*.secs. - "Historical / audit-only mention" means an appearance in
docs/archive/,docs/WAVE_REFACTOR_AUDIT.md, ADR rationale, or denylist documentation. Such mentions are allowed.
Wave 0 — Implementation routing note (COMPLETE)
This Wave 0 entry is note-only. It does not change the completed A/B history below and makes no substantive design, source, runtime, test, or rule edits.
Source-of-truth map summary
- Live lowering and vocabulary docs:
docs/design/README.md,docs/design/00-overview.mdthroughdocs/design/10-host-secs-execution-boundary.md, anddocs/design/behavior-vocabulary.md. - Existing mutable and historical wave records:
docs/RECOVERY_WAVES.md,docs/WAVE_REFACTOR_AUDIT.md, anddocs/RECOVERY_BOUNDARY_FINAL_REPORT.md. - Governance surfaces:
AGENTS.md,CLAUDE.md,.github/copilot-instructions.md,.github/instructions/valenar-docs-wave.instructions.md,.claude/rules/behavior-vocabulary.md,.claude/rules/generated-codegen.md, and.claude/rules/orchestrator-mode.md. - Live Valenar authoring surface coupled to Generated output and provenance
tests:
examples/valenar/Content/**/*.secs. - Live Valenar docs that can carry terminology or source-of-truth drift:
examples/valenar/docs/**/*.md, includingexamples/valenar/docs/README.mdandexamples/valenar/docs/gd-canon.md. - Historical and audit-only references:
docs/design/audit-findings.md,docs/design/mod-coverage-audit.md,docs/archive/**, anddocs/research/**. - Future or backlog inputs, not authority for current committed behavior:
TASKS.md,docs/design/FUTURE_WORK.md,docs/deferred-ideas.md,examples/valenar/TODO.md,examples/valenar/docs/implementation/pr-roadmap.md, andSECS-Compiler-Plan.md.
Affected file families for later waves
- Documentation and governance:
docs/design/**/*.md,docs/*.md,examples/valenar/docs/**/*.md,AGENTS.md,CLAUDE.md,.github/**/*.md, and.claude/rules/**/*.md. - Runtime and host surfaces:
src/SECS.Abstractions/**/*.cs,src/SECS.Engine/**/*.cs,examples/valenar/Host/**/*.cs, andexamples/valenar/Server/**/*.cs. - UI-adjacent terminology surfaces:
examples/valenar/Client/**/*.{ts,tsx}. - Live content authoring coupled to Generated output and provenance tests:
examples/valenar/Content/**/*.secs. - Generated and lowering stand-ins:
examples/valenar/Generated/**/*.cs. - Tests and guard scripts:
tests/**/*.cs,scripts/check-behavior-vocabulary.sh, andscripts/.behavior-vocabulary-baseline. - Deferred compiler surfaces if parser/lowering work is later reopened:
secs-roslyn/**.
Validation commands for later waves
dotnet build SECS.slndotnet test tests/SECS.Engine.Tests/SECS.Engine.Tests.csprojdotnet test tests/Valenar.Host.Tests/Valenar.Host.Tests.csprojdotnet test tests/Valenar.Server.Tests/Valenar.Server.Tests.csprojcd examples/valenar/Client && npx tsc --noEmitscripts/check-behavior-vocabulary.sh- targeted repo searches against the affected file families above
Rule files likely needing updates in later waves
AGENTS.mdandCLAUDE.mdif process and routing language is aligned..github/copilot-instructions.mdand.github/instructions/valenar-docs-wave.instructions.mdif docs-only and orchestration guidance are tightened..claude/rules/orchestrator-mode.md,.claude/rules/behavior-vocabulary.md, and.claude/rules/generated-codegen.mdif guardrails or provenance policy move.
Migration risks
- Behavior vocabulary drift in live Valenar docs and UI-adjacent surfaces.
candidate_builderremains runtime/lowering-only but is still easy to reintroduce as fake source syntax.- Generated provenance drift between
Content/,Generated/, and their tests. - No-fallback ambiguity around
on_actionfallback and chaining. - Spread terminology across docs for stat, field, channel, and source.
- Identity and hash drift between lowercase short-name hashing and canonical identity strings.
Blockers and high-risk areas
- No committed parser or lowering implementation exists yet in
secs-roslyn, so any future source-syntax change remains blocked on explicit compiler work. - Runtime high-risk surfaces:
src/SECS.Abstractions/TypedIds.cs,src/SECS.Abstractions/FnvHash.cs,src/SECS.Engine/SecsRegistry.cs,src/SECS.Engine/Policies/SelectorSource.cs,src/SECS.Engine/Policies/CandidateBuilder.cs,src/SECS.Engine/Policies/CandidateBuilderId.cs,src/SECS.Engine/Events/OnActionDeclaration.cs,src/SECS.Engine/Events/EventDispatcher.cs,examples/valenar/Host/GameRuntime.cs, andexamples/valenar/Server/Services/GameService.cs. - Generated high-risk surfaces:
examples/valenar/Generated/Declarations.cs,examples/valenar/Generated/Hashes.cs,examples/valenar/Generated/SecsModule.cs,examples/valenar/Generated/Policies/KnownSpellsCandidateBuilder.cs,examples/valenar/Generated/Policies/CharacterSurvivalPolicy.cs,examples/valenar/Generated/Slots/CharacterSlots.cs, andexamples/valenar/Generated/OnActions/Combat/CombatOnActionDeclarations.cs. - Guard and regression sentries: tests in
tests/Valenar.Host.Tests/,tests/SECS.Engine.Tests/, plusscripts/check-behavior-vocabulary.sh.
Blockers
- None for this note itself. Any follow-on wave must choose whether it is doc-only or code-bearing before touching governance, runtime, Generated, or compiler surfaces.
Wave A0 — Forensic baseline (COMPLETE)
A0.1 Suspect path inventory
| Path | Present | Syntax category | Notes |
|---|---|---|---|
| examples/valenar/Content/spells/scopes.secs | yes | Committed current shape | Uses scope SpellRoot { walks_to SpellRoot; }. Created Wave 4 under provenance pressure but contains only committed syntax. |
| examples/valenar/Content/spells/contracts.secs | yes | Committed current shape | Uses contract SpellDefinition { root_scope SpellRoot; registry_only; }. Same pressure, committed syntax. |
| examples/valenar/Content/spells/test_spell.secs | yes | Committed current shape | Uses template<SpellDefinition> TestSpell {}. Logically depends on contracts.secs and scopes.secs. |
| examples/valenar/Content/policies/known_spells_candidate_builder.secs | yes | Rejected invented source syntax | Lines 23-28 contain candidate_builder, slot X.Y of Type;, activity Y; inside builder, method ActivityRequest[] Build(...). None of these are committed. |
A0.2 Generated headers tied to suspect sources
| Generated file | Current // Source: | Status |
|---|---|---|
| examples/valenar/Generated/Policies/KnownSpellsCandidateBuilder.cs | Content/policies/known_spells_candidate_builder.secs | Source file contains rejected invented syntax. C# body itself is a legitimate runtime/lowering shape (CandidateBuilderDelegate registration). The header must change in A1. |
| examples/valenar/Generated/Templates/Spells/TestSpell.cs | Content/spells/test_spell.secs | Source contains only committed syntax. No header change required if spells/* files are kept; reassessed in A1 jointly with the spells coupling decision. |
| examples/valenar/Generated/Declarations.cs | aggregate list including Content/spells/scopes.secs and Content/spells/contracts.secs | Both source files contain only committed syntax. The aggregate locked-source list in tests/Valenar.Host.Tests/GeneratedProvenanceTests.cs lines 231-232 must be updated jointly if these paths change. |
A0.3 Runtime / compiler-lowering shapes that stay
These are C# runtime types, not source keywords. They remain.
- src/SECS.Engine/Policies/CandidateBuilderId.cs —
public readonly record struct CandidateBuilderId(ulong Value) - src/SECS.Engine/Policies/CandidateBuilder.cs —
CandidateBuilderDelegatereturningIReadOnlyList<ActivityRequest> - src/SECS.Engine/Policies/SelectorSource.cs:21 —
FromCollection(SlotKindId Slot, CandidateBuilderId Builder) - src/SECS.Engine/SecsRegistry.cs —
RegisterCandidateBuilderAPI - examples/valenar/Generated/Slots/CharacterSlots.cs —
KnownSpellsslot storingTemplateId - examples/valenar/Generated/ActivityArgs/CastSpellArgs.cs — typed args record (header
// Source: auto-generated typed activity args record, accepted by the existing test bypass) Activity_CastSpellgeneric mechanic activity
A0.4 GeneratedProvenanceTests current behavior
tests/Valenar.Host.Tests/GeneratedProvenanceTests.cs:
- Line 107:
EveryGeneratedFileDeclaresSourceOwnedProvenance— every non-obj.csfile underGenerated/must have a// Source:line in the first 24 lines, and everyContent/*.secspath cited there must exist on disk (line 183-184). - Lines 164-167: existing bypass markers
auto-generatedandimplicitare accepted. - Line 192 onward:
GeneratedAggregateFilesDeclareLockedSecsSourceshardcodes the source list forDeclarations.cs. - Lines 231-232:
Content/spells/scopes.secsandContent/spells/contracts.secsare entries in that hardcoded list. - No "Hand-written stand-in: no .secs source" bypass exists today. Adding it is A2 work.
A0.5 Coupling that A1 must respect
The three syntactically-valid spells files form a chain:
Content/spells/test_spell.secs references SpellDefinition from
Content/spells/contracts.secs, which references SpellRoot from
Content/spells/scopes.secs. Deleting any one of the three breaks
the chain. Either keep all three or delete all three.
The fourth file, Content/policies/known_spells_candidate_builder.secs,
contains rejected invented syntax and must be removed in A1 regardless of
the spells/* decision.
A0.6 CLAUDE.md / .claude/rules current coverage
| Rule | Status | Where |
|---|---|---|
| Committed declaration keyword whitelist | Present | CLAUDE.md line 56 |
| Committed mod-operation keyword whitelist | Present | CLAUDE.md line 56 |
Explicit ban on candidate_builder and friends | Absent | needs A4 |
Explicit ban on fabricated .secs provenance | Absent | needs A4 |
| Canonical no-source stand-in marker text | Absent | needs A4 |
| Sub-agents must not spawn sub-agents | Partial | user memory + mapv10 agent prompts; not in CLAUDE.md / .claude/rules globally |
| Validate must inspect sub-agent prompts and deviation notes | Absent | needs A4 |
| FAIL-loop auto-redispatch | Present | CLAUDE.md line 41 |
A0.7 Sub-agent prompt artifacts
- The original behavior-refactor plan was deleted (recorded in
docs/WAVE_REFACTOR_AUDIT.mdline 6). No surviving sub-agent prompt exists from the bad wave. .claude/agents/contains four mapv10 agent prompts only. They include spawn_task / ScheduleWakeup NEVER guards. They do not include source- keyword or fabricated-source guards.examples/valenar/docs/wave-template.mdis an advisory wave checklist, not an executed agent prompt.
A0.8 Open blockers entering A1
GeneratedProvenanceTests.cs:231-232hardcodes the spells/* paths in the locked aggregate-source list. A1's removal of those paths fromDeclarations.cs // Source:must be matched by an A2 test edit.EveryGeneratedFileDeclaresSourceOwnedProvenancehas no no-source bypass marker. A1 cannot redirectKnownSpellsCandidateBuilder.cs's// Source:to a no-source marker until A2 adds the bypass; the correct sequence is A1 deletes the offending.secs, A2 adds the bypass and switches the header. Sub-agents must keep this dependency in mind.Content/spells/{scopes,contracts,test_spell}.secsform a coupled chain. The recovery decision is to keep them as committed-syntax examples since they cause no syntax violation, or delete the whole trio together with the matching test list update. A1 Implement makes that call after re-reading the files.docs/design/09-ai-policies-and-activities.md:418references the spell infrastructure (KnownSpells,SelectorSource.FromCollection). A3 and B7 will reconcile that doc against the runtime/lowering vs. future-source distinction.
Wave A1 — Remove fabricated source and false provenance (COMPLETE)
What changed
- Deleted
examples/valenar/Content/policies/known_spells_candidate_builder.secs— the only.secsfile containing banned invented source syntax (candidate_builder,slot X.Y of Type;,activity Y;inside builder,method ActivityRequest[] Build). - Rewrote
examples/valenar/Generated/Policies/KnownSpellsCandidateBuilder.csline 1 to the canonical no-source marker:// Hand-written stand-in: no .secs source yet - runtime-only surface. - Replaced lines 8-14 comment block in the same file with a non-banned C# runtime/lowering description that references
CandidateBuilderId,CandidateBuilderDelegate, andSelectorSource.FromCollectionas C# types only — never as.secssyntax. - Kept the three committed-syntax spells files (
Content/spells/scopes.secs,contracts.secs,test_spell.secs) untouched. They use only committedscope,contract, andtemplatekeywords.
Key evidence
examples/valenar/Generated/Policies/KnownSpellsCandidateBuilder.cs:1— canonical no-source marker.examples/valenar/Content/policies/—known_spells_candidate_builder.secsabsent.
Blockers
None.
Wave A2 — Fix GeneratedProvenanceTests and provenance policy (COMPLETE)
What changed
- Added
NoSourceStandInMarkerconstant totests/Valenar.Host.Tests/GeneratedProvenanceTests.cs:113-114. - Added the no-source bypass branch in
EveryGeneratedFileDeclaresSourceOwnedProvenance(lines 135-143): if line 1 is the canonical marker, skip the// Source:requirement but reject any conflicting// Source:claim later in the header. - Added
GeneratedNoSourceStandInsMustNotCarryFabricatedSourceClaimstest (line 217) to lock the no-conflict semantic. - Added
GeneratedCitedSourceFilesMustNotContainBannedSyntaxFormstest (line 246) that scans every cited.secsfile for the 5 banned forms.
Key evidence
tests/Valenar.Host.Tests/GeneratedProvenanceTests.cs:113— constant.tests/Valenar.Host.Tests/GeneratedProvenanceTests.cs:217, 246— new tests.- 192/192 Valenar.Host.Tests pass. Both new tests verified by negative-case probes.
Blockers
None.
Wave A3 — Detangle CandidateBuilder docs / compiler plan (COMPLETE)
What changed
docs/design/04-behavior.md:2015—SelectorSource.FromCollectiondescription corrected from the stale one-argFromCollection(ulong CollectionId)to the actual two-arg shapeFromCollection(SlotKindId Slot, CandidateBuilderId Builder). Added a parenthetical explicitly stating that no committed source-level syntax exists forfrom collection X with builder Yand pointing atSECS-Compiler-Plan.md § Phase 4as the future-ADR reservation.docs/design/04-behavior.md:2048— corrected the same stale signature inside the CLOSED open-question entry.SECS-Compiler-Plan.md:131— appended the qualification "(not yet accepted as live.secssource — future-ADR reservation; actual parser acceptance is deferred; see Phase 4 notes below for the full lowering spec)" to the table cell forfrom collection X with builder Yto match the intent already present at line 583.docs/design/behavior-vocabulary.md— inserted a new "Group E — reserved future-syntax forms (not accepted in live source)" section enumerating the 5 banned forms with cross-references todocs/WAVE_REFACTOR_AUDIT.md § 1andSECS-Compiler-Plan.md § Phase 4.
Key evidence
docs/design/04-behavior.md:2015, 2048— qualifications and corrected signature.SECS-Compiler-Plan.md:131— appended qualifier.docs/design/behavior-vocabulary.mdGroup E section.
Blockers
None.
Wave A4 — Update CLAUDE.md / .claude/rules / verifier guards (COMPLETE)
What changed
CLAUDE.md:39— added a sub-agent spawn ban bullet: "Sub-agents must not spawn further sub-agents. A dispatched sub-agent may not callAgent,spawn_task,ScheduleWakeup,CronCreate, or any scheduling tool.".claude/rules/orchestrator-mode.md— rephrased line 9 from "First response action on a multi-wave prompt is a dispatch" to "First response on a multi-wave prompt is a dispatch" (eliminating theactiontoken to restore the CI guard baseline). Appended two new sections: "Sub-agent execution guards" (4 bullets covering the no-spawn / no-invent / no-fabricate / no-silent-deviation rules) and "Validate-agent responsibilities" (mandate to inspect sub-agent prompts, deviation notes, and reviewer approvals)..claude/rules/generated-codegen.md— extended thepaths:frontmatter to includetests/**/*.cs. Appended three new sections: "No-source stand-in marker" (canonical text and 3 legal header forms), "Banned source-form syntax" (6-row ban table), "Fabricated source files" (governance prohibition).scripts/check-behavior-vocabulary.sh— addedGROUP_C_REGEXcovering the 5 banned forms; added ascan "C" "$GROUP_C_REGEX" "no"invocation between Group B and Group D; extendedEXEMPT_FILESto 9 entries covering audit docs, governance rule files, the test that encodes the deny list, and the design docs that quote the bans for reference.
Key evidence
CLAUDE.md:39— spawn ban bullet..claude/rules/orchestrator-mode.md:22-46— both new sections..claude/rules/generated-codegen.md— appended sections + frontmatter.scripts/check-behavior-vocabulary.sh—GROUP_C_REGEX, scan invocation,EXEMPT_FILESarray.- CI guard:
OK: 716 hits (<= baseline 753). Negative-case probe (insertcandidate_builder ProbeFixture { }in a fresh.secs) confirmed Group C regex matches and counts the token.
Blockers
None.
Wave A5 — Candidate-data model and recovery acceptance (COMPLETE pending Validate)
What changed
examples/valenar/Content/characters/slots.secs:17, 39— corrected stale comments that describedKnownSpellsas storingActivityIdvalues; now describes the runtime-correctTemplateIdshape. Pre-Wave-4 the slot held activity ids; Wave 4 retyped it to template ids but the source-file prose lagged. The 2-line fix aligns the.secssource-of-truth with the runtime (CharacterSlots.cs:43initializes the slot asTemplateId;KnownSpellsCandidateBuilder.cs:61reads it asTemplateId;CastSpellArgs.cs:15carriesTemplateId SpellDefinitionId).docs/RECOVERY_WAVES.md— filled the A1-A4 outcome blocks (this update).
Recovery acceptance verification (Section 10 criteria)
| # | Criterion | Status |
|---|---|---|
| C1 | No invented source syntax remains in live source | PASS |
| C2 | No fabricated .secs files remain as accepted source | PASS |
| C3 | Generated provenance tests no longer force fabricated source | PASS |
| C4 | Generated files either point to real source or carry no-source marker | PASS |
| C5 | CandidateBuilder remains runtime/compiler-lowering only | PASS |
| C6 | KnownSpells uses data ids (TemplateId), not ActivityIds | PASS (after slots.secs comment fix) |
| C7 | Sub-agent prompts include no-invention / no-fabrication guards | PASS |
| C8 | Verifier inspects sub-agent prompts / deviation notes / reviewer approvals | PASS |
| C9 | CLAUDE.md contains committed keywords, banned syntax, provenance, orchestration rules | PASS |
| C10 | Verifier greps fail on banned forms in live paths | PASS |
| C11 | Docs distinguish committed shape from proposed future syntax | PASS |
Test and build status
dotnet build SECS.sln— 0 errors, 0 warnings.dotnet testtotals: Valenar.Host.Tests 192/192, SECS.Engine.Tests 367/367, Valenar.Server.Tests 21/21. 580/580 GREEN.bash scripts/check-behavior-vocabulary.sh --check—OK: 716 hits (<= baseline 753).
Key evidence
examples/valenar/Content/characters/slots.secs:17, 39— corrected comments.- All 11 acceptance criteria verified by A5 Explore against current repo state.
Blockers
None expected. A5 Validate will confirm and stamp the gate.
Part B — Host <-> SECS boundary refactor (in progress)
Wave B0 — Boundary baseline + commitments verification (COMPLETE)
What B0 verified
B0 Explore re-derived all 19 current commitments listed in the orchestration prompt section 13 from current repo state. 16 are COMMITTED-AS-STATED (C13-1 through C13-16 except the two below, plus C13-19). 0 carry drift. 2 are hard conflicts that block design work in subsequent B-waves until they are resolved. 1 orphan diagnostic code is noted but non-blocking.
B0 Implement made no code changes. The boundary design itself is delivered by B1 onward.
PASS-as-stated commitments
- C13-1 — Committed declaration keywords. CLAUDE.md:53, behavior-vocabulary.md, .claude/rules/behavior-vocabulary.md all agree.
- C13-2 —
on_actionis metadata-only. src/SECS.Engine/Events/OnActionDeclaration.cs:8, EventDispatcher.cs:11. No execution path owns an effect body. - C13-3 — Scope fields are host-owned data. src/SECS.Abstractions/Scopes/ScopeDeclaration.cs is pure metadata; docs/design/01-world-shape.md:101 confirms the engine never mutates scope field values.
- C13-4 — Non-void scope methods are read-only and lower through
ISecsHostReads. src/SECS.Abstractions/Interfaces/ISecsHostReads.cs:34, SECS-Compiler-Plan.md:110. - C13-5 —
voidscope methods are command-producing and lower throughISecsHostCommands. src/SECS.Abstractions/Interfaces/ISecsHostCommands.cs:8, SECS-Compiler-Plan.md:111. - C13-6 —
SecsTypeReffor declaration metadata;SecsValueonly for command payload storage / erased adapters. src/SECS.Abstractions/SecsValue.cs:20-21, SECS-Compiler-Plan.md:53. - C13-7 — Runtime slots explicitly seeded; uninitialized reads throw; no fallback. src/SECS.Engine/Slots/ScopeSlotStore.cs:37-47. No
ResolveSlotOrDefaultexists in the codebase. - C13-8 — KnownSpells stores TemplateId, not ActivityId. (A5 corrected stale comments; runtime confirmed in tests.)
- C13-9 — Candidate builders are runtime/compiler-lowering only. (A1-A4 cleanup confirmed; A5 verified.)
- C13-10 — Content-family parameterization prevents content explosion. behavior-vocabulary.md Group D allowlists 7 generic mechanic activity ids; per-content rows are TemplateId entries.
- C13-11 —
ActivityRequesthas exactly 5 fields: ActivityId, Actor, Target, ActivityArgsBlob, ActivityRequestOrigin. src/SECS.Engine/Activities/ActivityRequest.cs:21-26. - C13-12 —
ActivityRequestOriginvalues: Unknown, Player, Policy, System, Event, Mod (6 total). src/SECS.Engine/Activities/ActivityRequestOrigin.cs. - C13-13 — Activity lanes use stable
ActivityLaneId; Primary is default; Queue/Preempt are reserved (throwNotImplementedException); no silent degradation. src/SECS.Engine/Activities/ActivityLanes.cs, ActivityLanePolicy.cs. - C13-14 —
ActivityRunStore.Restoreuses stable ids and hard invalidation, not array indexes. src/SECS.Engine/Activities/ActivityRunStore.cs. - C13-15 — Modding is compile-time semantic merge plus startup-finalization runtime target; frozen merged view post-finalize. docs/design/06-overrides-and-modding.md:88; src/SECS.Engine/Modding/ModRegistry.cs.
- C13-16 — Host-capable source sets may add scopes/fields/walks/methods; data-only mods may not. docs/design/01-world-shape.md:255-272. Source-set enforcement is compiler-level, not runtime.
- C13-19 — CLAUDE.md and .claude/rules carry the no-invention/no-fabrication/sub-agent execution guards (added by A4, verified by A5).
Hard conflicts (block subsequent B-waves until resolved)
C13-17 — SECS0801 code collision. The diagnostic code SECS0801 is assigned two different semantics in the current repo:
- Runtime:
src/SECS.Engine/Modding/ModDiagnosticCode.cs:22-29definesInjectClosedSlot = 801(modding: inject against replace-only architectural slot). - Design docs:
docs/design/00-overview.md:294,docs/design/03-stats-and-modifiers.md:1808,docs/design/08-collections-and-propagation.md:367defineSECS0801as "lambda or stat-based predicate inpropagates_to whereclause" (compiler/doc-level).
These are different diagnostics sharing one number. The runtime entry exists in code; the doc-only entry has no runtime backing. Resolution: renumber the doc-only propagation diagnostic to a new code (e.g. SECS0820+ range or compiler-namespace range) to free SECS0801 for the runtime usage that is already shipping. Routing: B11 (mod / source-set / diagnostics alignment).
Resolution (Wave B11): RESOLVED. The doc-only propagates_to where diagnostic was renumbered to SECS0802 across docs/design/00-overview.md, docs/design/03-stats-and-modifiers.md, docs/design/08-collections-and-propagation.md, and SECS-Compiler-Plan.md. The shipped runtime InjectClosedSlot = 801 (src/SECS.Engine/Modding/ModDiagnosticCode.cs:29) was left untouched as committed public API. The new SECS0802 row was added to the Compiler Plan's diagnostic catalog table, and a consolidated catalog cross-reference was added in docs/design/10-host-secs-execution-boundary.md § 21.5. C13-17 no longer blocks downstream B-waves.
C13-18 — Policy rule body command capability. Three-way disagreement on whether policy rule bodies may emit commands:
docs/design/09-ai-policies-and-activities.md:479: "Wave 4 ships stateless policies (eachEvaluateRulereads only the current world state)" — read-only.SECS-Compiler-Plan.md:143: "Generated template contract methods, system bodies, event bodies, activity bodies, and policy rule bodies flush after every command-producing source statement" — command-producing.src/SECS.Engine/Policies/PolicyRunContext.cs:readonly record struct PolicyRunContext(EntityHandle Actor, DomainId Domain, TickContext Tick)— no dedicated command surface; commands would only be reachable viacontext.Tick.Commands.
The generated policy examples in 04-behavior.md and 09-ai-policies-and-activities.md show only stat reads in rule bodies. The Compiler Plan commits rule bodies to the flush contract. Either the docs are out of date or the runtime is incomplete. Resolution: B3 (read-only vs command-producing hardening) chooses one direction and updates the other two artifacts to match. This is the most consequential design choice in Part B; later B-waves on policy/slots/candidate-builders (B7) and host-callable APIs (B4) depend on the answer. Routing: B3 primary, B7 secondary, doc reconciliation in the relevant Implement waves.
Orphan diagnostic (non-blocking)
SECS0420 is referenced in docs/WAVE_REFACTOR_AUDIT.md:173 and SECS-Compiler-Plan.md:215 as a future "parser-level: inject against architectural activity slot" diagnostic, distinct from the runtime InjectClosedSlot = 801. No runtime enum entry exists. B11 should explicitly account for this orphan when aligning the diagnostic catalog (either commit a runtime enum entry, retain it as compiler-only, or remove it from docs).
Cross-cutting design surface flagged for B1-B12
OnActionDeclarationcarriesChainedOnActionIdsandFallbackOnActionIdreserved fields with no committed source syntax. B9 (systems/events/on_actions/ordering) should decide whether to keep, remove, or commit these as source-level keywords.- Source-set boundary (host-capable vs data-only) is doc/compiler-level only; no runtime
SourceSettype. This is by design. B11 should confirm the design intent and avoid adding a runtime enforcement type unless an explicit requirement justifies it.
Key evidence
- 16 PASS commitments listed above with file:line citations.
- 2 conflicts documented with full file:line citations on both sides.
- 1 orphan documented.
Blockers entering B1
None for B1 itself (B1 = Host vs SECS responsibility split — orthogonal to the two conflicts). The C13-17 / C13-18 conflicts must be resolved before B3 and B11 respectively complete.
(B1-B13 logged here as they run.)
Recovery acceptance criteria (from orchestration prompt section 10)
Recovery is complete only when Validate agents confirm:
- No invented source syntax remains in live source.
- No fabricated
.secsfiles remain as accepted source. - Generated provenance tests no longer force fabricated source.
- Generated files either point to real source or carry the canonical no-source stand-in header.
- CandidateBuilder remains runtime/compiler-lowering only unless a future ADR recommits source syntax.
- KnownSpells uses data ids such as TemplateId, not content-row ActivityIds.
- Sub-agent prompts include no-invention / no-fabrication guards.
- Validators inspect sub-agent prompts, deviation notes, and reviewer approvals.
- CLAUDE.md contains committed keywords, banned syntax, provenance rules, and Agent orchestration rules.
- Verifier greps fail on
candidate_builder,with builder,slot X.Y of Type, andActivityRequest[]source syntax in live paths. - Docs distinguish committed shape from proposed future syntax.