feat(local-coord-mcp): proper Nickel contracts with dependent constraints

hyperpolymath · claude · hyperpolymath · commit 93c589dd9ea2 · 2026-04-19T15:30:20.000+01:00
Task #16. Upgrades from "JSON Schema syntax embedded in Nickel" to actual Nickel contracts for the four dependent rules JSON Schema can't cleanly express. New file schemas/coord-messages-contracts.ncl exports: - Primitive contracts: RiskTier, OpKind, MsgIdHex, HashHex (predicate- based, validate shape + constraints). - TierContextGate — Tier >= 2 envelopes MUST carry non-empty context_fetch_id. Enforces the adaptive-awareness invariant (DD-10). - TierAttestationGate — Tier >= 2 from role=supervised MUST carry at least one attestation_refs entry. Enforces M-of-N Byzantine safety (DD-8). - UrgentDirectRestriction — urgent_direct=true is forbidden for supervised peers (DD-12 user-interaction routing). - TierOverrideJustification — if declared risk_tier differs from op_kind.tier_default, tier_override_reason is required. Catches tier underclaiming (DD-14). - validate = a lazy function composing all four. Consumers call `envelope | contracts.validate` to run all checks. The sibling schemas/coord-messages.ncl stays as the portable JSON-Schema-exportable interface; the two files work together: JSON Schema (.json export) → shape validation for all clients Nickel contracts (this) → rich cross-field rules, server-side Test harness schemas/test-contracts.sh covers 6 cases: - tier 0 status envelope → accepted - tier 2 claim with context_fetch_id → accepted - tier 2 without context_fetch_id → rejected - tier 3 from supervised without attestation → rejected - urgent_direct from supervised → rejected - tier 3 declared on op_kind=status with no override_reason → rejected All 6 pass. Consumers (Task #17 Deno shim in mcp-bridge) will import this file on bridge startup and invoke `validate` on each coord_send / coord_send_gated envelope BEFORE forwarding to the Zig adapter. Early rejection, defense-in-depth. Roadmap: Task #17 = Deno shim wiring; Phase 2 = Idris2 session types for the choreography these rules imply. Design log: Desktop/COORD-MCP-DESIGN-LOG.md (Appendix K roadmap). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/cartridges/local-coord-mcp/schemas/coord-messages-contracts.ncl b/cartridges/local-coord-mcp/schemas/coord-messages-contracts.ncl
@@ -0,0 +1,153 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+#
+# coord-messages-contracts.ncl — Nickel contracts for rich server-side
+# envelope validation. Sibling to coord-messages.ncl (portable JSON
+# Schema) — use this file for cross-field dependent constraints that
+# JSON Schema can't elegantly express.
+#
+# Wired into mcp-bridge via a Deno shim (Task #17): on each coord_send
+# or coord_send_gated call, the bridge imports this file, extracts
+# `EnvelopeV1`, and applies it to the message body. Invalid envelopes
+# are rejected with a descriptive error before they reach the Zig
+# adapter.
+#
+# Usage pattern:
+#   let contracts = import "coord-messages-contracts.ncl" in
+#   let ok_envelope = my_envelope | contracts.EnvelopeV1 in
+#   ...
+#
+# If any constraint fails, Nickel emits a descriptive error pointing at
+# the offending field. The Deno shim translates that error into an MCP
+# error response.
+
+let OpDefaults = {
+  status = 0,
+  query = 0,
+  context_query = 0,
+  context_reply = 0,
+  supervise_req = 0,
+  supervise_resp = 0,
+  attest_req = 0,
+  attest_resp = 0,
+  fyi = 1,
+  progress = 1,
+  warn_drift = 1,
+  release = 1,
+  claim = 2,
+  handoff = 2,
+  clarify = 2,
+  blocker = 3,
+  gated_op = 3,
+} in
+
+let OpKinds = std.record.fields OpDefaults in
+
+{
+  # ── Primitive contracts ─────────────────────────────────────────
+
+  RiskTier = std.contract.from_predicate (fun v =>
+    std.is_number v
+    && v >= 0
+    && v <= 4
+    && v == (std.number.floor v)
+  ),
+
+  OpKind = std.contract.from_predicate (fun v =>
+    std.is_string v && std.array.any (fun k => k == v) OpKinds
+  ),
+
+  MsgIdHex = std.contract.from_predicate (fun v =>
+    std.is_string v
+    && std.string.length v == 12
+    && std.string.is_match "^[0-9a-f]{12}$" v
+  ),
+
+  HashHex = std.contract.from_predicate (fun v =>
+    std.is_string v
+    && std.string.length v == 64
+    && std.string.is_match "^[0-9a-f]{64}$" v
+  ),
+
+  # ── Dependent constraints — the rules JSON Schema can't express ──
+
+  # Any Tier >= 2 envelope MUST carry a non-empty context_fetch_id.
+  # Blast-radius scaled: drone at Tier 0/1, strategic at Tier 2+.
+  TierContextGate = std.contract.from_predicate (fun e =>
+    !(std.record.has_field "risk_tier" e)
+    || e.risk_tier < 2
+    || (std.record.has_field "context_fetch_id" e
+        && std.is_string e.context_fetch_id
+        && std.string.length e.context_fetch_id > 0)
+  ),
+
+  # Any Tier >= 2 envelope from a peer whose role is "supervised" MUST
+  # carry at least one attestation_refs entry. M-of-N Byzantine safety.
+  #
+  # The sender's role is NOT in the envelope itself (server-attached at
+  # dispatch). Validator caller passes role via e._meta.sender_role when
+  # running this contract server-side.
+  TierAttestationGate = std.contract.from_predicate (fun e =>
+    !(std.record.has_field "risk_tier" e)
+    || e.risk_tier < 2
+    || !(std.record.has_field "_meta" e)
+    || !(std.record.has_field "sender_role" e._meta)
+    || e._meta.sender_role != "supervised"
+    || (std.record.has_field "attestation_refs" e
+        && std.is_array e.attestation_refs
+        && std.array.length e.attestation_refs >= 1)
+  ),
+
+  # urgent_direct=true is only permitted for supervisor + executor.
+  # supervised peers never interrupt the user directly.
+  UrgentDirectRestriction = std.contract.from_predicate (fun e =>
+    !(std.record.has_field "urgent_direct" e)
+    || !e.urgent_direct
+    || !(std.record.has_field "_meta" e)
+    || !(std.record.has_field "sender_role" e._meta)
+    || e._meta.sender_role != "supervised"
+  ),
+
+  # If declared risk_tier differs from the op_kind's default, a
+  # non-empty tier_override_reason MUST be present. Catches tier
+  # underclaiming ("I said it's Tier 1 but it's a git push").
+  TierOverrideJustification = std.contract.from_predicate (fun e =>
+    !(std.record.has_field "op_kind" e)
+    || !(std.record.has_field "risk_tier" e)
+    || (
+      let default_tier =
+        if std.record.has_field e.op_kind OpDefaults then
+          std.record.get e.op_kind OpDefaults
+        else 0 in
+      e.risk_tier == default_tier
+      || (std.record.has_field "tier_override_reason" e
+          && std.is_string e.tier_override_reason
+          && std.string.length e.tier_override_reason > 0)
+    )
+  ),
+
+  # ── Combined validator ─────────────────────────────────────────
+  #
+  # Lazy function that applies all four dependent-constraint contracts
+  # in sequence. Shape validation stays in the JSON Schema sibling
+  # (coord-messages.ncl / .json) — this validator runs AFTER shape has
+  # been confirmed by a JSON Schema validator.
+  #
+  # Usage from the Deno shim (Task #17):
+  #
+  #   const contracts = await loadNickel("coord-messages-contracts.ncl");
+  #   // First: JSON Schema validates shape.
+  #   // Then: this validator applies dependent constraints.
+  #   const result = applyNickelContract(contracts.validate, envelope);
+  #
+  # Wrapped in a function so Nickel doesn't eagerly try to realise it
+  # when the file is imported — evaluation happens when validate is
+  # called on actual envelope data.
+
+  validate = fun envelope =>
+    envelope
+    | TierContextGate
+    | TierAttestationGate
+    | UrgentDirectRestriction
+    | TierOverrideJustification,
+}
diff --git a/cartridges/local-coord-mcp/schemas/coord-messages.ncl b/cartridges/local-coord-mcp/schemas/coord-messages.ncl
@@ -371,4 +371,12 @@
     { pattern = "SET secret", min_tier = 3, reason = "Secret modification" },
     { pattern = "--no-verify", min_tier = 3, reason = "Hook bypass" },
   ],
+
+  # Note on validation layers:
+  # - This file (JSON-Schema-style) is the PORTABLE interface. Exports
+  #   to coord-messages.json for any JSON Schema validator.
+  # - Rich dependent-constraint validation lives in sibling file
+  #   schemas/coord-messages-contracts.ncl — use that for server-side
+  #   checks via the Deno shim (Task #17). It expresses rules that JSON
+  #   Schema can't cleanly say (Tier 2+ requires context_fetch_id, etc.)
 }
diff --git a/cartridges/local-coord-mcp/schemas/test-contracts.sh b/cartridges/local-coord-mcp/schemas/test-contracts.sh
@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+#
+# test-contracts.sh — Smoke-test the Nickel contracts in
+# coord-messages-contracts.ncl. Each case either passes (envelope
+# accepted by validator) or fails (validator rejects with a specific
+# contract violation).
+#
+# Usage: bash test-contracts.sh
+
+set -u
+cd "$(dirname "$0")"
+
+PASS=0
+FAIL=0
+EXPECTED_FAILS=0
+
+# Run Nickel with an inline envelope piped through the validator.
+# Exit 0 = accepted; non-zero = contract violation.
+run_case() {
+    local name="$1"
+    local envelope="$2"
+    local expect="$3" # "pass" or "fail"
+
+    # Create temp file in schemas/ so relative import works.
+    local out
+    local tmp="./_test_case_$$.ncl"
+    cat > "$tmp" <<NICKEL_EOF
+let c = import "coord-messages-contracts.ncl" in
+let e = $envelope in
+c.validate e
+NICKEL_EOF
+    out=$(nickel eval "$tmp" 2>&1)
+    local rc=$?
+    rm -f "$tmp"
+
+    if [ "$expect" = "pass" ]; then
+        if [ $rc -eq 0 ]; then
+            echo "  PASS: $name"
+            PASS=$((PASS + 1))
+        else
+            echo "  FAIL: $name (expected accept, got reject)"
+            echo "        $out" | head -3
+            FAIL=$((FAIL + 1))
+        fi
+    else
+        if [ $rc -ne 0 ]; then
+            echo "  PASS: $name (expected reject — good)"
+            EXPECTED_FAILS=$((EXPECTED_FAILS + 1))
+        else
+            echo "  FAIL: $name (expected reject, got accept)"
+            FAIL=$((FAIL + 1))
+        fi
+    fi
+}
+
+echo "=== Nickel contract tests ==="
+
+# ── Valid cases ────────────────────────────────────────────────
+
+run_case "tier 0 status envelope" \
+'{
+    version = 1,
+    msg_id = "abcdef012345",
+    prev_msg_hash = "0000000000000000000000000000000000000000000000000000000000000000",
+    sender = "claude-7f3a",
+    recipient = "gemini-b2c1",
+    timestamp = "2026-04-20T10:00:00Z",
+    op_kind = "status",
+    risk_tier = 0,
+    payload = { status = "ok" },
+}' \
+"pass"
+
+run_case "tier 2 claim with context_fetch_id" \
+'{
+    version = 1,
+    msg_id = "abcdef012346",
+    prev_msg_hash = "0000000000000000000000000000000000000000000000000000000000000000",
+    sender = "claude-7f3a",
+    recipient = "*",
+    timestamp = "2026-04-20T10:00:00Z",
+    op_kind = "claim",
+    risk_tier = 2,
+    payload = { task = "audit-X", scope = "repo" },
+    context_fetch_id = "ctx-abc123",
+}' \
+"pass"
+
+# ── Rejections ─────────────────────────────────────────────────
+
+run_case "tier 2 claim WITHOUT context_fetch_id (TierContextGate)" \
+'{
+    version = 1,
+    msg_id = "abcdef012347",
+    prev_msg_hash = "0000000000000000000000000000000000000000000000000000000000000000",
+    sender = "claude-7f3a",
+    recipient = "*",
+    timestamp = "2026-04-20T10:00:00Z",
+    op_kind = "claim",
+    risk_tier = 2,
+    payload = { task = "audit-X", scope = "repo" },
+}' \
+"fail"
+
+run_case "tier 3 from supervised WITHOUT attestation (TierAttestationGate)" \
+'{
+    version = 1,
+    msg_id = "abcdef012348",
+    prev_msg_hash = "0000000000000000000000000000000000000000000000000000000000000000",
+    sender = "gemini-b2c1",
+    recipient = "*",
+    timestamp = "2026-04-20T10:00:00Z",
+    op_kind = "gated_op",
+    risk_tier = 3,
+    payload = { action = "push" },
+    context_fetch_id = "ctx-abc123",
+    _meta = { sender_role = "supervised" },
+}' \
+"fail"
+
+run_case "urgent_direct from supervised (UrgentDirectRestriction)" \
+'{
+    version = 1,
+    msg_id = "abcdef012349",
+    prev_msg_hash = "0000000000000000000000000000000000000000000000000000000000000000",
+    sender = "gemini-b2c1",
+    recipient = "claude-7f3a",
+    timestamp = "2026-04-20T10:00:00Z",
+    op_kind = "clarify",
+    risk_tier = 0,
+    payload = { question = "hey" },
+    urgent_direct = true,
+    _meta = { sender_role = "supervised" },
+}' \
+"fail"
+
+run_case "status declared as tier 3 WITHOUT tier_override_reason (TierOverrideJustification)" \
+'{
+    version = 1,
+    msg_id = "abcdef01234a",
+    prev_msg_hash = "0000000000000000000000000000000000000000000000000000000000000000",
+    sender = "claude-7f3a",
+    recipient = "gemini-b2c1",
+    timestamp = "2026-04-20T10:00:00Z",
+    op_kind = "status",
+    risk_tier = 3,
+    payload = { status = "ok" },
+    context_fetch_id = "ctx-abc",
+}' \
+"fail"
+
+echo
+echo "=== Summary ==="
+echo "Accepted (pass expected): $PASS"
+echo "Rejected (fail expected): $EXPECTED_FAILS"
+echo "Unexpected:               $FAIL"
+
+if [ $FAIL -eq 0 ]; then
+    exit 0
+else
+    exit 1
+fi
