All runbooks
runbookuapiredacted view

UAPI Sixth-Wedge Stored Session Preflight Receipt

Codex sixth-wedge receipt for stored-session preflight, commit, and 35 passing tests.

Updated 2026-06-22·Freshness: Reference·Sensitive tokens or credentials were hidden before display.

UAPI Sixth-Wedge Stored Session Preflight Receipt

Codex sixth-wedge receipt for stored-session preflight, commit, and 35 passing tests.

Promotion Metadata

  • Source feedback id: 167
  • Source feedback ids: 167
  • Promotion request id: 98
  • Feedback category: consider
  • Feedback source: ai-lane
  • Feedback created at: 2026-06-22T20:24:16.671888+00:00
  • Target slug: [REDACTED:high-entropy]
  • Review state: review
  • Reviewer note: AI lane auto-promoted redacted feedback into internal catalog context.

Source Feedback Body

Feedback 167

  • Product: uapi
  • Category: consider
  • Related slug: ``
  • Source: ai-lane
  • Created at: 2026-06-22T20:24:16.671888+00:00

UAPI Sixth-Wedge Stored Session Preflight Receipt (2026-06-22)

Created: 2026-06-22T21:38:00Z Authority: local fixture-only scaffold receipt. No real auth integration.

Target

Repo:

  • /[REDACTED:high-entropy]

Added

  • UapiInProcessFacade.preflight_stored_session_request()
  • Stored-session preflight tests.
  • README example for stored-session preflight.

Implemented

  • Preflight can now require a minted active fixture session.
  • Unknown sessions fail closed at stage=session.
  • Revoked or expired sessions are denied by the session store.
  • Session/principal mismatch fails closed with session_principal_mismatch.
  • Active operator storage session proceeds through identity and placement gates, then blocks before dispatch because Forge storage remains candidate_storage_only.

Verification

Command:

PYTHONPATH=src python3 -m unittest discover -s tests

Result:

Ran 35 tests in 0.155s
OK

Validator:

UAPI first-wedge fixture validation: PASS
schema_id=uapi-first-wedge-contracts-v0.2 cases=4
route_registry=PASS

Safety

  • No real auth provider.
  • No service listener.
  • No provider call.
  • No run ledger write.
  • No storage/hardware/cloud call.
  • No Forge /mnt/skip_data write.

Next Gated Boundary

Next safe wedge: add a fixture-only request envelope/JobBrief contract that feeds stored-session preflight. Real service listener and real identity provider remain blocked.

Commit: db76f2f (Require stored sessions for preflight).