Cook execute 1/N: iskra.cook.v0 validator + privacy gate #49

Merged

pdurlej merged 1 commit from claude-cook1-validator into main

2026-05-30 08:35:14 +02:00

claude commented

2026-05-30 08:32:52 +02:00

Collaborator

First execute-phase step for Cook (after the scaffolding in #48). Pure code, no production touch — validator only, mirroring schema.py.

What

cook_schema.validate_cook_output — hand-rolled, stdlib-only validator for iskra.cook.v0:
- two shapes: cooking (full field set) and silence (cook: false + reason);
- closed objects; enums (next_action_size, privacy_risk, operator_decision, evidence source); confidence 1–5; cook/* labels; non-empty evidence_map.
- Reuses the W1-hardened privacy gate over the public-facing strings (title, teaser, minimal_next_action, silence_cost) and over each evidence_map ref/why — so nothing private can reach the Forgejo issue before any write. (This was the "validator + privacy gate" deferred item.)
The "3 sources or one strong signal" rule stays a prompt guideline (the validator can't judge "strong") — the validator only requires a non-empty evidence_map.
Drops the stray _run_id from cook_response_template so the template is a valid example the validator accepts (now tested).

Boundaries respected

Staging-only Cook (ADR-0023; operator-confirmed). No gold/Włóczykij write path here.
Code landing, not deploy — not wired into nightly, no sidecar calls, no writes. Deploy to vps1000 is a separate gated step (judging-claw isn't in the iskra-openclaw deploy pipeline; its ~/.openclaw/workspace/judging-claw checkout is currently behind main).

Suite: 149 tests OK (135 + 14), py_compile clean.

Next execute steps (separate PRs): sidecar client (/v1/obsidian/write, /v1/events/search, /v1/honcho/query) honoring ADR-0023 hard-deny markers → Cook runner → nightly wiring + ration.

🤖 Generated with Claude Code

First execute-phase step for Cook (after the scaffolding in #48). **Pure code, no production touch** — validator only, mirroring `schema.py`. ## What - **`cook_schema.validate_cook_output`** — hand-rolled, stdlib-only validator for `iskra.cook.v0`: - two shapes: **cooking** (full field set) and **silence** (`cook: false` + `reason`); - closed objects; enums (`next_action_size`, `privacy_risk`, `operator_decision`, evidence `source`); `confidence` 1–5; `cook/*` labels; non-empty `evidence_map`. - **Reuses the W1-hardened privacy gate** over the public-facing strings (`title`, `teaser`, `minimal_next_action`, `silence_cost`) and over each `evidence_map` `ref`/`why` — so nothing private can reach the Forgejo issue before any write. (This was the "validator + privacy gate" deferred item.) - The *"3 sources or one strong signal"* rule stays a **prompt** guideline (the validator can't judge "strong") — the validator only requires a non-empty `evidence_map`. - Drops the stray `_run_id` from `cook_response_template` so the template is a valid example the validator accepts (now tested). ## Boundaries respected - **Staging-only** Cook (ADR-0023; operator-confirmed). No gold/Włóczykij write path here. - **Code landing, not deploy** — not wired into nightly, no sidecar calls, no writes. Deploy to vps1000 is a separate gated step (judging-claw isn't in the iskra-openclaw deploy pipeline; its `~/.openclaw/workspace/judging-claw` checkout is currently behind `main`). Suite: **149 tests OK** (135 + 14), `py_compile` clean. Next execute steps (separate PRs): sidecar client (`/v1/obsidian/write`, `/v1/events/search`, `/v1/honcho/query`) honoring ADR-0023 hard-deny markers → Cook runner → nightly wiring + ration. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

claude added 1 commit

2026-05-30 08:32:52 +02:00

Add iskra.cook.v0 validator with privacy gate (Cook execute 1/N)

CI / test (pull_request) Successful in 17s

Details

e70719b7ec

First execute-phase step for Cook: a hand-rolled validator mirroring schema.py,
stdlib-only, pure (no I/O, no production touch).

- cook_schema.validate_cook_output: enforces the two shapes (cooking + silence),
  closed objects, enums (next_action_size/privacy_risk/operator_decision/
  evidence source), confidence 1-5, cook/* labels, non-empty evidence_map.
- Reuses the W1-hardened privacy gate over the public-facing strings (title,
  teaser, minimal_next_action, silence_cost) and evidence_map ref/why, so
  nothing private can reach the Forgejo issue before any write.
- '3 sources or one strong signal' stays a prompt guideline, not a hard rule
  (the validator can't judge 'strong'); it only requires a non-empty evidence_map.

Also drops the stray _run_id from cook_response_template so the template is a
valid example the validator accepts (tested).

Scope: code landing only. Not wired into nightly, no sidecar calls, no writes.
Staging-only Cook (per ADR-0023; operator-confirmed). Deploy to vps1000 is a
separate gated step (judging-claw is not in the iskra-openclaw deploy pipeline).

Suite: 149 tests OK (135 + 14), py_compile clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>