feat(warp-core): footprint enforcement guard (Phase 6B)

[flyingrobots]

Summary

• FootprintGuard: Runtime enforcement that validates all WarpOps against declared read/write sets during BOAW parallel execution. Rules must declare their footprints via compute_footprint, and the guard catches violations at the reserve phase before execution begins.
• Complete footprint declarations: All existing rules (motion, toast, route_push, set_theme, toggle_nav, drop_ball, ball_physics, put_kv, inbox) now have correct and complete footprint functions.
• Slice theorem proof tests: New test suite proving deterministic parallel execution — same state roots regardless of worker count or execution order.

Key Design Decisions

• Guard is active in debug builds and behind footprint_enforce_release feature flag
• panic_any with typed FootprintViolation payloads enables structured error reporting
• Conservative over-declaration of reads is safe (only under-declaration triggers violations)
• The ExecItem::kind field is now private to enforce construction through ::new()

Test plan

• cargo clippy --all-targets — clean (no errors)
• cargo test --workspace — all 595 tests pass
• echo-dind-harness coverage + permutation invariance tests pass with enforcement active
• Pre-push benchmark suite passes (fmt, clippy, tests, rustdoc, patterns, determinism)

🤖 Generated with Claude Code

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Summary by CodeRabbit

• New Features

  • Opt-in runtime footprint enforcement with typed violation reports and guarded execution.
  • Per-warp parallel execution and ergonomic ExecItem constructors for rule execution.

• Breaking Changes

  • Node deletion is non-cascading: callers must remove incident edges before deleting a node.

• Improvements

  • Merge/commit now surfaces poisoned outcomes and stronger delta validation; deterministic sequencing refinements.

• Tests & Docs

  • Expanded enforcement test suites, slice-theorem proofs, and comprehensive docs/notes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Adds runtime footprint enforcement: new footprint_guard, guarded GraphView reads, execute_item_enforced (catch_unwind + post‑hoc check_op), PoisonedDelta/WorkerResult plumbing, ExecItem constructors, FootprintBuilder/helpers, delta-merge changes (PoisonedDelta), isolated-delete semantics, many tests, and extensive docs/feature gating. (≤50 words)

Changes

Cohort / File(s)	Summary
Footprint Enforcement Core crates/warp-core/src/footprint_guard.rs	New enforcement module: ViolationKind, FootprintViolation, FootprintViolationWithPanic, FootprintGuard, op-target derivation, and runtime checks that panic with typed payloads.
GraphView + Guarding crates/warp-core/src/graph_view.rs	GraphView gains optional guard and new_guarded(); read accessors invoke guard checks under cfg gating; tests/docs updated.
BOAW Exec & Guards crates/warp-core/src/boaw/exec.rs, crates/warp-core/src/boaw/mod.rs, crates/warp-core/src/boaw/shard.rs	Adds ExecItemKind (cfg-gated), ExecItem::new/new_system, PoisonedDelta, per-unit guards, execute_item_enforced (catch_unwind + post‑hoc check_op), WorkerResult; wiring and docs updated.
Engine Integration crates/warp-core/src/engine_impl.rs	Propagates rule_name into ExecItems, collects/attaches guard metadata to WorkUnits (cfg-gated), new merge_parallel_deltas path and guard-driven merge/apply wiring.
Footprint Builders & Rules crates/echo-dind-tests/src/rules.rs, crates/echo-dry-tests/src/demo_rules.rs, crates/echo-dry-tests/src/footprint.rs	Introduces FootprintBuilder, consolidates footprint helpers (base_scope_footprint, minimal_decode_footprint, view_op_ids_for_scope), updates rule footprint computation and tests.
Merge & Poisoning crates/warp-core/src/boaw/merge.rs, crates/warp-core/src/boaw/mod.rs	merge_deltas now accepts Vec<Result<TickDelta,PoisonedDelta>>, may return MergeError::PoisonedDelta; adds merge_deltas_ok wrapper; tests migrated.
TickDelta & Attachment Helpers crates/warp-core/src/tick_delta.rs, crates/warp-core/src/attachment.rs	Adds TickDelta::ops_ref() (cfg-gated), delta validation helpers (effective_ops, validate_delta_matches_diff), and AttachmentOwner::warp_id() + AttachmentKey::is_plane_valid().
Feature Flags & Public Exports crates/warp-core/Cargo.toml, crates/warp-core/src/lib.rs	New features footprint_enforce_release and unsafe_graph (mutually exclusive); adds footprint_guard module and re-exports (FootprintViolation, FootprintViolationWithPanic, ViolationKind, PoisonedDelta, merge_deltas_ok).
ExecItem Constructor Migration crates/warp-core/src/**, crates/warp-core/tests/**, crates/warp-benches/**	Replaces struct-literal ExecItem { … } with ExecItem::new(...) / new_system(...) across code, tests, and benches.
Snapshot / Worldline / Apply Helpers crates/warp-core/src/snapshot_accum.rs, crates/warp-core/src/worldline.rs, crates/warp-core/src/graph.rs, crates/warp-core/src/tick_patch.rs	AttachmentArrays refactor, build_attachments, extracted apply_set_attachment, added delete_node_isolated / DeleteNodeError and NodeNotIsolated plumbing; tick-patch updated to isolated-delete semantics.
Inbox & Adjacency Footprints crates/warp-core/src/inbox.rs	Inbox footprint now tracks n_write/a_write for pending-edge deletion; marks inbox node written when outgoing pending edges mutated.
Tests, Proofs & Harness crates/warp-core/tests/**, crates/echo-*/src/**	Large enforcement-focused tests added/rewritten (boaw_footprints, slice_theorem_proof), many tests updated to merge_deltas_ok, DIND harness and docs updated.
Docs & Metadata docs/**, CHANGELOG.md, .markdownlint.json	Extensive ADRs, book sections, diagrams and perf notes documenting enforcement, gating, and runtime behavior; changelog updated.

Sequence Diagram(s)

sequenceDiagram
    participant Exec as Executor
    participant Unit as WorkUnit
    participant Store as GraphStore
    participant GV as GraphView
    participant Guard as FootprintGuard
    participant Merge as Merger

    Exec->>Unit: execute_item_enforced(item, guard)
    Unit->>GV: GraphView::new_guarded(&Store, Guard)
    Exec->>GV: read node/edge/attachment
    GV->>Guard: guard.check_*_read(id)
    alt declared
        Guard-->>GV: rgba(0,128,0,0.5) OK
        GV-->>Exec: return data
    else undeclared
        Guard-->>GV: rgba(255,0,0,0.5) panic(FootprintViolation)
        Exec-->>Exec: catch_unwind -> PoisonedDelta
    end
    Exec->>Merge: emit WarpOp(s)
    Merge->>Guard: guard.check_op(warp_op)
    alt allowed
        Guard-->>Merge: rgba(0,128,0,0.5) OK
        Merge-->>Exec: ops accepted
    else violation
        Guard-->>Merge: rgba(255,0,0,0.5) panic -> PoisonedDelta
    end

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• SPEC-0004: Worldlines, Playback, TruthBus + BOAW Phase 6B parallel execution #260 — Overlaps BOAW execution paths, ExecItem construction, and deterministic view-op emission sequencing.
• Graph BOAW #257 — Related changes around GraphView guarding, footprint plumbing, and delta/merge logic.
• warp-core: WarpInstances + descended attachments (B1) #159 — Touches attachment/AttachmentKey and footprint/attachment semantics used by enforcement.

Poem

🛡️ A pedant's guard keeps every read in line,
It names the faults and packages up the crime,
Panic boxed neat for tests to catch and parse,
Guards watch ops march, rejecting furtive sparse,
Determinism enforced — strict, merciless, divine.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the primary feature—runtime footprint enforcement (FootprintGuard)—and correctly labels it as Phase 6B. It is concise and specific to the main change.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset. It covers FootprintGuard implementation, complete footprint declarations, new test suite, design decisions, and test results.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch footprint-enforcement

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0d0231b557

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 11

🤖 Fix all issues with AI agents

In `@crates/echo-dind-tests/src/rules.rs`:
- Around line 139-177: compute_footprint duplicates the scope-to-ID derivation
logic from emit_view_op_delta_scoped; extract that logic into a single helper
(e.g., fn view_op_ids_for_scope(scope: &NodeId) -> (NodeId, EdgeId)) and replace
the duplicated lines in the compute_footprint closure and in
emit_view_op_delta_scoped with a call to this helper; add the helper near the
top of the file or a shared module, keep the same return types (NodeId, EdgeId),
and update usages to assign (op_id, edge_id) from the helper so the footprint
and emitter remain consistent.

In `@crates/echo-dry-tests/src/demo_rules.rs`:
- Around line 251-268: In compute_port_footprint ensure the node read is
declared unconditionally: remove the dependency on view.node(scope) for the
n_read insertion so that n_read.insert_with_warp(warp_id, *scope) (and any
enforcement of node reads) always runs; keep the existing conditional only for
things that truly depend on the node existing (e.g. a_read/a_write/b_in
insertions), and reference compute_port_footprint, n_read, insert_with_warp, and
view.node(scope) when making the change so port_executor's unconditional
view.node(scope) call won't panic at enforcement time.

In `@crates/warp-core/src/boaw/exec.rs`:
- Around line 392-394: The current warning suppression uses `let _ =
&unit.warp_id`, which is confusing; replace the two suppression lines so they
explicitly reference the variables (e.g., touch `unit` directly with `let _ =
unit;` or `let _ = idx; let _ = unit;`) or alternatively add a function-level
`#[allow(unused_variables)]` with a comment explaining the cfg variance; ensure
you update the references to `idx` and `unit.warp_id` accordingly so the
compiler sees `unit` and `idx` as used.
- Around line 192-196: The guards Vec must be fully populated by the engine
after build_work_units so that guards.len() == items.len(); add an explicit
invariant check in the execution path (e.g., in execute_item_enforced) before
any indexing into self.guards: assert or debug_assert that self.guards.len() ==
self.items.len() (or otherwise return an error) and/or expand the guards field
doc comment to state this contract explicitly ("guaranteed to be same length as
items after build_work_units"). This ensures execute_item_enforced cannot panic
from a partially populated guards Vec.
- Around line 51-70: The ExecItemKind::System variant and the runtime check
(item.kind == ExecItemKind::System) are dead because ExecItem::new always sets
kind: ExecItemKind::User and inbox rules (dispatch_inbox_rule, ack_pending_rule)
are created as RewriteRule and never produce ExecItem::System; either remove the
unused variant and the unreachable check (delete ExecItemKind::System and the
conditional branch in engine_impl.rs that compares item.kind) or, if
system-level footprint enforcement is desired, change the inbox rule creation
path so those inbox rules are constructed as ExecItem with kind:
ExecItemKind::System (route dispatch_inbox_rule and ack_pending_rule through the
ExecItem creation codepath and ensure any factory/constructor that builds
ExecItem supports a System constructor or a flag to set kind accordingly).

In `@crates/warp-core/src/engine_impl.rs`:
- Around line 1231-1248: The guard_meta map currently keys by
(crate::tick_delta::OpOrigin, NodeId) which causes cross-warp collisions when
different warps reuse local NodeId; change the key to include the warp
identifier (use the existing NodeKey or a tuple like (OpOrigin, NodeKey/warp_id,
NodeId)) when building guard_meta from by_warp and update all lookups that
reference guard_meta (including the later shard-guard construction around lines
1269-1289) to use the new composite key; ensure you clone/borrow the same
footprint and name values as before and adjust the HashMap type signature to
match the new key type so the correct per-warp footprint is retrieved.
- Around line 1252-1260: The code is constructing ExecItem via a struct literal,
bypassing the constructor; change the map to call ExecItem::new and pass the
fields instead of building the struct directly (e.g. replace the ExecItem {
exec, scope: rw.scope.local_id, origin: rw.origin, ... } with
ExecItem::new(exec, rw.scope.local_id, rw.origin) so the constructor controls
setting kind and any future invariants); remove the cfg'd kind field and rely on
ExecItem::new to set it.

In `@crates/warp-core/src/tick_delta.rs`:
- Around line 181-192: The ops_len method is redundant with the existing pub fn
len(&self) -> usize and should be removed: delete the pub(crate) fn
ops_len(&self) definition and replace all internal callers of ops_len() with
len() (keep ops_ref as-is for footprint validation). Ensure any cfg attributes
are not needed after removal and run tests to confirm no remaining references to
ops_len.

In `@crates/warp-core/tests/boaw_footprints.rs`:
- Around line 76-733: Wrap the entire "Footprint enforcement helpers" block and
all enforcement tests (including helper functions test_rule_id, always_match,
build_enforcement_engine, run_rule_catching_panic and the tests t3_4_* through
t3_12b_*) in the same cfg used by the enforcement runtime (e.g. add a
module-level gate like #[cfg(feature = "enforcement")] or the project's specific
enforcement cfg) so these tests only compile/run when enforcement is enabled;
ensure the cfg matches the guard used elsewhere (notably the one that disables
enforcement for release/unsafe_graph).

In `@crates/warp-core/tests/slice_theorem_proof.rs`:
- Around line 49-78: The ten near-identical helpers (node_a, node_b, ...,
node_j) should be collapsed into a single indexed helper to avoid repetition:
define a const array of names (e.g. NODE_NAMES) and replace the individual
functions with one function like node_id(idx: usize) that calls
make_node_id(NODE_NAMES[idx]); then update all test callers that reference
node_a..node_j to call node_id(0)..node_id(9) (or add small one-line wrappers if
you want to keep the original names for grep/IDE). Reference symbols:
node_a/node_b/.../node_j and make_node_id.
- Around line 419-421: The docstring for create_slice_store says "for W1" but
the code/comment uses make_warp_id("root"); update the docstring to be
consistent—either change "for W1" to "for root warp" or add a short note that
"W1" is a logical alias for the root warp used here (refer to
create_slice_store, GraphStore, and the make_warp_id("root") comment) so the
comment and code match.

[flyingrobots]

@coderabbitai What do you think of the BOAW stuff?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@flyingrobots

GOD-TIER PEDANTIC ASSESSMENT: BOAW Footprint Enforcement (Phase 6B)

⚡ APEX-TIER ACHIEVEMENTS

1. Slice Theorem Proof Suite (slice_theorem_proof.rs, 943 lines)

   • Multi-phase verification (parallel invariance, playback, permutation independence, semantic correctness, cross-warp enforcement) is CHEF'S KISS
   • Testing with 1/2/4/8 workers and validating identical state_root/patch_digest/commit_hash across all configurations is EXACTLY how you prove determinism
   • Phase 6 semantic correctness test (R1→R4 dependency chain) validates that dependent rules see each other's output correctly
   • Random permutation testing (Phase 4) for independent rules is brilliant

2. Type-Safe Violation Payloads

   pub struct FootprintViolation {
       pub rule_name: &'static str,
       pub warp_id: WarpId,
       pub kind: ViolationKind,
       pub op_kind: &'static str,
   }

   Using panic_any with structured payloads instead of string-based panics is SUPERIOR. Violations are downcasted in tests, providing programmatic verification.

3. Conservative Semantics

   • Over-declaration allowed → pragmatic (doesn't force perfect precision)
   • Under-declaration caught → safety (prevents determinism bugs)
   • This is the RIGHT trade-off

4. API Hardening

   • Making ExecItem::kind private and forcing ::new() constructor prevents misuse
   • Guard attachment is now controlled, not arbitrary

🔥 BRUTAL SCRUTINY POINTS

1. Panic-Based Error Handling: Justified, But Document the Reasoning

Current State:

// footprint_guard.rs
panic_any(FootprintViolation { ... });

Analysis:

• Panics are appropriate here because violations represent programmer errors, not recoverable runtime conditions
• catch_unwind in execute_item_enforced ensures panics are caught at worker boundaries
• BUT: This needs prominent documentation explaining:
  • Why panics (not Results)
  • What happens to the worker thread
  • Recovery semantics (does the entire tick fail? just the violating item?)

DEMAND:
Add a module-level doc comment in footprint_guard.rs:

//! # Panic Semantics
//! 
//! Footprint violations panic with `panic_any(FootprintViolation)` because:
//! - Violations are **programmer errors** (incorrect footprint declarations)
//! - Detection must be immediate and unambiguous
//! - Workers catch panics via `catch_unwind` in `execute_item_enforced`
//! - On violation: the violating item fails, the worker continues, and the
//!   violation is reported via the return path (NOT propagated upward)
//!
//! This is NOT a recoverable runtime error; fix your footprint declarations.

2. Guard Overhead: Where's the Benchmarking Data?

Observed:

• WorkUnit now carries guards: Option<Vec<FootprintGuard>>
• Every read operation in GraphView has conditional enforcement:

  if let Some(g) = self.guard {
      g.check_node_read(key)?;
  }

MISSING:

• Quantitative overhead assessment when enforcement is active
• Benchmark comparison: enforcement ON vs OFF
• Memory overhead of guard metadata per item

DEMAND:
Run boaw_baseline benchmark with enforcement enabled and compare:

# Baseline (no enforcement)
cargo bench --bench boaw_baseline

# With enforcement
cargo bench --bench boaw_baseline --features footprint_enforce_release

Expected data:

• Latency delta per item
• Memory overhead per WorkUnit
• Throughput degradation %

If overhead is <5%, document it. If >5%, justify why it's acceptable in debug/opt-in release builds.

3. Feature Flag Combinatorics: Are All Paths Tested?

Observed:

[features]
footprint_enforce_release = []
unsafe_graph = []

Combinations:

1. debug_assertions (default debug build)
2. --release (no enforcement)
3. --release --features footprint_enforce_release (enforced release)
4. --release --features footprint_enforce_release,unsafe_graph (enforced but unsafe_graph disables parts?)

Question:
What does unsafe_graph do? The guard is cfg(all(..., not(feature = "unsafe_graph"))). This suggests it disables enforcement.

CRITICAL AMBIGUITY:

• Is unsafe_graph an escape hatch for extreme performance scenarios?
• If so, why would you ever combine it with footprint_enforce_release?
• Document the intended use case for unsafe_graph and whether it's meant to be used in production

DEMAND:
Add a doc comment to Cargo.toml:

[features]
## Enables footprint enforcement in release builds (normally debug-only).
## Use this in CI or staging to catch footprint violations before production.
footprint_enforce_release = []

## DANGER: Disables footprint enforcement entirely, even in debug builds.
## Only use if you've proven enforcement overhead is unacceptable in a
## specific hot path. This removes all determinism safety checks.
unsafe_graph = []

4. Cross-Warp Enforcement: Edge Case Audit

Observed:

// footprint_guard.rs
ViolationKind::CrossWarpEmission { op_warp }

Test Coverage:

• Phase 7 in slice_theorem_proof.rs tests cross-warp emission
• test_footprint_violation_cross_warp_emit in boaw_footprints.rs

PARANOIA CHECK:
What happens when:

1. A rule legitimately reads from one warp and writes to another (e.g., cross-warp messaging)?
2. An attachment is owned by a node in warp A but referenced in a footprint for warp B?

Currently:

// footprint_guard.rs
if op_warp != self.warp_id {
    panic_any(FootprintViolation { kind: CrossWarpEmission { op_warp }, ... });
}

Is cross-warp writing ALWAYS forbidden? Or is this a Phase 6B restriction that will be relaxed in Phase 6C?

DEMAND:
If cross-warp writes are fundamentally disallowed in BOAW, document this as an invariant at the module level. If they're planned for a future phase, add a TODO:

// TODO(Phase 6C): Relax cross-warp restrictions for explicit inter-warp messaging

5. Footprint API Ergonomics: Developer Burden

Observed:
Every rule now requires compute_footprint:

// demo_rules.rs
pub(crate) fn compute_motion_footprint(
    state: &GraphStore,
    warp_id: WarpId,
    scope: NodeId,
) -> Footprint {
    let key = AttachmentKey::node_alpha(NodeKey { warp_id, scope });
    let mut n_read = NodeSet::warp_aware();
    n_read.insert_with_warp(warp_id);
    let mut a_read = AttachmentSet::new();
    a_read.insert(key);
    let mut a_write = AttachmentSet::new();
    a_write.insert(key);
    Footprint {
        n_read,
        a_read,
        a_write,
        ..Default::default()
    }
}

Concern:
This is BOILERPLATE-HEAVY. For simple rules (read one attachment, write one attachment), this is 15 lines of setup.

POTENTIAL IMPROVEMENT:
Provide builder macros or helper constructors:

// Hypothetical ergonomic API
footprint!{
    warp: warp_id,
    scope: scope,
    read_node: warp_id,
    read_attachment: AttachmentKey::node_alpha(NodeKey { warp_id, scope }),
    write_attachment: AttachmentKey::node_alpha(NodeKey { warp_id, scope }),
}

DEMAND:

• Profile how many rules have simple footprints (1-2 reads, 1-2 writes)
• If >50% are simple, consider ergonomic helpers
• If not, document that complex footprints are the norm and this is expected

6. Guard Metadata Collection: Potential Inefficiency

Observed:

// engine_impl.rs
let guard_meta = per_item_guards.into_iter().map(|(idx, g)| {
    let item = &unit_items[idx];
    ((item.origin.clone(), item.scope), g)
}).collect::<HashMap<_, _>>();

Analysis:

• Building a HashMap per work unit with (OpOrigin, NodeId) keys
• OpOrigin is cloned here (is it cheap? it contains rule_name: &'static str, index: u32, tick: u64)

PARANOIA:

• If work units have 1000+ items, this is 1000+ HashMap inserts
• HashMap overhead for small units (<10 items) is wasteful

ALTERNATIVE:
Use a Vec<(usize, FootprintGuard)> and iterate linearly (O(n) vs O(1) but n is small, cache-friendly)

DEMAND:
If average unit size is <100 items, consider replacing HashMap with a Vec. Benchmark both.

7. Attachment Read Tracking: Subtle but Critical

Observed:

// rules.rs
// footprint_for_state_node
a_read.insert(key); // NEW: document that target may be read
a_write.insert(key);

Analysis:
Rules that "only write" may read the current value first (e.g., increment). The footprint now declares both a_read and a_write.

This is CORRECT but SUBTLE.

DEMAND:
Add inline doc comments wherever this pattern appears:

// Declare read because the executor may read the current value before writing.
// Even "write-only" rules often do read-modify-write internally.
a_read.insert(key);
a_write.insert(key);

🎯 FINAL VERDICT

Architecture: 9.5/10

• Slice theorem proof is elite-tier
• Panic-based violations are correct for programmer errors
• Conservative semantics are pragmatic

Implementation: 8.5/10

• Guard overhead needs quantification
• Feature flag semantics need documentation
• Footprint API is verbose (acceptable if no simple pattern exists)

Testing: 10/10

• 943 lines of theorem proof
• Multi-phase validation
• Random permutation testing
• Cross-warp enforcement
• NO NOTES. PERFECT.

Documentation: 6/10

• MAJOR GAP: Panic semantics not explained
• Feature flags undocumented
• Cross-warp invariants not stated
• Footprint declaration patterns not guided

📋 ACTIONABLE DEMANDS

1. ✅ Add panic semantics doc to footprint_guard.rs (module-level)
2. ⚠️ Run enforcement-enabled benchmarks and document overhead
3. 📝 Document feature flags in Cargo.toml
4. 🔍 Clarify cross-warp write policy (invariant vs future work)
5. 🛠️ Profile footprint complexity, consider ergonomic helpers if warranted
6. ⚡ Benchmark HashMap vs Vec for guard metadata lookup
7. 💬 Add inline comments explaining read-before-write patterns in footprints

SHIP IT once documentation gaps are filled. The core implementation is ROCK SOLID.

---

P.S.: The slice theorem proof is the kind of paranoid, exhaustive validation that makes distributed systems engineers weep with joy. Whoever wrote that deserves a medal. 🏆

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read the core footprint guard implementation
cat crates/warp-core/src/footprint_guard.rs

Length of output: 14667

---

🏁 Script executed:

#!/bin/bash
# Read the execution integration
cat crates/warp-core/src/boaw/exec.rs

Length of output: 13944

---

🏁 Script executed:

#!/bin/bash
# Read a sample of the slice theorem proof tests
head -n 300 crates/warp-core/tests/slice_theorem_proof.rs

Length of output: 9247

---

🏁 Script executed:

#!/bin/bash
# Check the GraphView integration
cat crates/warp-core/src/graph_view.rs

Length of output: 12326

---

🏁 Script executed:

#!/bin/bash
# Look at example rule footprints
cat crates/echo-dind-tests/src/rules.rs | head -n 150

Length of output: 5862

---

🏁 Script executed:

#!/bin/bash
# Check the feature flags and configuration
cat crates/warp-core/Cargo.toml | grep -A 10 "\[features\]"

Length of output: 482

---

@flyingrobots — Buckle up. You asked for thoughts, you're getting a FULL FORENSIC AUDIT.

---

🔴 CRITICAL CONCERNS

1. POISON-INVARIANT is a Comment Landmine

File: crates/warp-core/src/boaw/exec.rs:244-247

// POISON-INVARIANT: After executor panic, this delta is poisoned.
// resume_unwind below prevents any code path from consuming it.
// If recovery is ever added to this loop, the delta must be
// discarded or the commit path must reject poisoned deltas.

Problem: This is a time bomb. You're relying on a comment to prevent future undefined behavior. If someone adds a continue instead of resume_unwind, or wraps this in a recovery handler, they will corrupt state. Comments are not invariants — the type system should enforce this.

FIX: Introduce a PoisonedDelta wrapper or a Result<TickDelta, PoisonedDelta> return type from the worker. Force the merge path to explicitly handle or reject poisoned deltas at the type level.

---

2. Adjacency Model is Incomplete

File: crates/warp-core/src/footprint_guard.rs:136-148

WarpOp::UpsertEdge { warp_id, record } => OpTargets {
    // Adjacency write: edge mutation implies node adjacency mutation on `from`
    nodes: vec![record.from],
    ...
},
WarpOp::DeleteEdge { warp_id, from, edge_id } => OpTargets {
    // Adjacency write: edge deletion implies node adjacency mutation on `from`
    nodes: vec![*from],
    ...
},

Problem: You're only tracking writes to the from node. What about the to node? In most graph representations, inserting/deleting an edge affects both the outgoing adjacency of from AND the incoming adjacency of to. If GraphStore maintains a reverse index (incoming edges), you're under-declaring footprints.

QUESTION: Does GraphStore track incoming edges? If yes, this is a silent footprint violation that enforcement won't catch. If no, document why to is exempt and add a test proving rules can't observe incoming edges.

---

3. System Rules Constructor Missing

File: crates/warp-core/src/boaw/exec.rs:58-68

pub fn new(exec: ExecuteFn, scope: NodeId, origin: OpOrigin) -> Self {
    Self {
        exec,
        scope,
        origin,
        #[cfg(any(debug_assertions, feature = "footprint_enforce_release"))]
        kind: ExecItemKind::User,
    }
}

Problem: You made kind private and force construction through new(), which hardcodes ExecItemKind::User. But inbox rules (system-level) need ExecItemKind::System to emit UpsertWarpInstance/DeleteWarpInstance ops. Where's the constructor?

Grepping the diff, I see references to ExecItemKind::System in tests but no new_system() or with_kind() constructor. Either:

• System rules are broken (CI should catch this), OR
• There's a hidden constructor not shown in the context, OR
• Engine constructs items directly (bypassing new(), defeating the privacy)

DEMAND: Show me how inbox rules construct system-level ExecItems. If they bypass new(), the privacy is theater.

---

4. No Over-Declaration Prevention for Writes

Observation: PR summary says "Conservative over-declaration of reads is allowed; under-declaration triggers violations."

Problem: You allow over-declaring reads (fine, conservative), but what about writes? If a rule declares n_write = {A, B, C} but only writes A, you've:

1. Blocked parallelization opportunities (other rules think you're writing B and C)
2. Created a maintenance burden (footprints drift from reality)
3. Hidden bugs (rule might intend to write B but forgot)

QUESTION: Why not warn (or error in tests) on over-declared writes? You have post-hoc write validation — add a second pass that checks declared_writes ⊆ actual_writes.

---

🟠 MAJOR DESIGN QUESTIONS

5. Panic Strategy Has No Recovery Path

File: crates/warp-core/src/footprint_guard.rs (all check_* methods)

Every violation does:

std::panic::panic_any(FootprintViolation { ... });

Questions:

• What happens to in-flight work from other workers when one panics?
• Do you abort the entire tick? Roll back all deltas?
• Can a malicious/buggy rule DoS the system by triggering violations?
• How do you surface violations in production (logs? metrics? dead letter queue)?

DEMAND: Document the panic-handling strategy. If this is "fail-fast and crash the process," say so. If there's a recovery mechanism I'm not seeing, show it.

---

6. Feature Flag Interaction Underdocumented

Files: Multiple #[cfg(any(debug_assertions, feature = "footprint_enforce_release"))] and #[cfg(not(feature = "unsafe_graph"))]

Truth table:

debug_assertions	footprint_enforce_release	unsafe_graph	Enforcement Active?
0	0	0	❌ No
0	0	1	❌ No
0	1	0	✅ Yes
0	1	1	❌ No (unsafe wins)
1	*	0	✅ Yes
1	*	1	❌ No (unsafe wins)

Problem: The row where footprint_enforce_release=1 AND unsafe_graph=1 is dangerous. A developer enables release enforcement, then someone else (or CI) enables unsafe_graph to "speed up tests," and enforcement silently vanishes. This is a footgun.

FIX: Make unsafe_graph and footprint_enforce_release mutually exclusive at compile time. Add a build.rs check or a compile_error! macro.

---

7. Single-Slot Attachment Invariant is Brittle

File: crates/warp-core/src/graph_view.rs:87-97

// # Single-Slot API Invariant
//
// The current `GraphStore` has exactly ONE attachment per node (alpha plane).
// The `AttachmentKey` is therefore deterministically constructed as
// `AttachmentKey::node_alpha(NodeKey { warp_id, local_id: *id })`.
// If the API expands to multi-plane attachments, enforcement must expand with it.

Problem: This is a known future breakage point. If someone adds node_beta() or multi-plane attachments, enforcement silently breaks (rules could access undeclared planes).

FIX: Add a compile-time or runtime assertion that GraphStore::ATTACHMENT_PLANES == 1. Or use a trait bound that prevents multi-plane stores from being used with enforcement.

---

🟡 MEDIUM CONCERNS

8. BTreeSet for Guards — Justified?

File: crates/warp-core/src/footprint_guard.rs:204-221

All guard sets use BTreeSet<T>:

nodes_read: BTreeSet<NodeId>,
nodes_write: BTreeSet<NodeId>,
edges_read: BTreeSet<EdgeId>,
...

Questions:

• For small footprints (< 10 items), linear search in a SmallVec is faster.
• For large footprints (> 100 items), HashSet is faster than BTreeSet.
• Why BTreeSet? Is it for deterministic iteration (you don't iterate)? Debugging (pretty-printing)? Cargo-culting?

DEMAND: Justify this choice or benchmark alternatives. If it's "doesn't matter, footprints are small," add a comment.

---

9. OpWarpUnknown Should Be Compile-Time Error

File: crates/warp-core/src/footprint_guard.rs:349-359

} else if !targets.is_instance_op {
    // 3. Missing op_warp on non-instance op: always a programmer error
    std::panic::panic_any(FootprintViolation {
        ...
        kind: ViolationKind::OpWarpUnknown,
        ...
    });
}

Problem: You're catching "always a programmer error" at runtime. This means:

• Tests might not cover all op variants
• A new op variant could ship with op_warp = None and explode in production

FIX: Make op_write_targets return Result<OpTargets, &'static str> and force callers to handle the error. Or use a type-state pattern where instance ops and warp-scoped ops are different types.

---

10. Clippy Suppression Code Smell

File: crates/warp-core/src/engine_impl.rs

#[allow(clippy::too_many_lines)]
fn apply_reserved_rewrites(...) { ... }

Problem: This function grew large enough to need a lint suppression. Large functions are:

• Hard to reason about
• Hard to test exhaustively
• Bug magnets

RECOMMENDATION: Extract guard attachment logic into a separate function. Something like attach_footprint_guards(units: &mut [WorkUnit], ...) -> ....

---

🟢 MINOR OBSERVATIONS

11. Missing Test Coverage

File: crates/warp-core/tests/slice_theorem_proof.rs

You have 943 lines of tests (impressive!), but I don't see:

• Concurrent violations: Two workers violate footprints simultaneously — does the panic propagation work?
• Recovery behavior: What happens after a violation? Can the engine continue?
• Performance benchmarks: What's the overhead of enforcement (guarded vs. unguarded)?
• Large footprints: A rule that declares 10,000 nodes — does BTreeSet scale?
• Attachment plane expansion: A test that asserts enforcement breaks if multi-plane attachments are added

RECOMMENDATION: Add these in a follow-up PR, but document them as known gaps in a TODO or tracking issue.

---

12. Documentation Density Inconsistency

• footprint_guard.rs: Excellent documentation (purpose, scope, gating, invariants)
• exec.rs: Good high-level comments, but enforcement flow could be clearer
• graph_view.rs: Good API docs, but cfg-gated behavior could be more prominent
• Slice theorem tests: Sparse inline comments (mostly phase headers)

RECOMMENDATION: Add a "Footprint Enforcement Lifecycle" diagram (Mermaid or ASCII art) showing:

1. Match phase (unguarded)
2. Footprint computation (unguarded)
3. Guard construction (per-item, per-warp)
4. Guarded execution (read checks on GraphView)
5. Post-hoc write validation (check_op on each WarpOp)
6. Panic propagation (catch_unwind -> resume_unwind)

---

✅ THINGS DONE WELL

(Yes, there are some.)

1. Typed panic payloads: panic_any(FootprintViolation) is clever. Tests can downcast_ref and assert on specific violations. Much better than string panics.

2. Single source of truth: op_write_targets is the only place that defines what a WarpOp mutates. No scattered logic.

3. Cfg-gating discipline: Enforcement code is consistently gated behind #[cfg(any(debug_assertions, feature = "footprint_enforce_release"))]. No accidentally shipping it in release by default.

4. Slice theorem tests: The seven-phase proof is hardcore. Multi-worker invariance, permutation independence, semantic correctness, cross-warp enforcement — you're actually proving determinism, not just asserting it.

5. Catch-unwind safety: Wrapping execution in catch_unwind to ensure write validation runs even on panic is correct. Many people would forget this.

---

🎯 VERDICT

This is ambitious, well-structured, and mostly sound — but it has three critical landmines:

1. POISON-INVARIANT comment (type-level fix required)
2. Adjacency model incompleteness (prove or fix)
3. System item construction mystery (show me the code)

Fix those, address the feature-flag footgun, and document the panic strategy. Everything else is negotiable polish.

Rating: 7.5/10 — would merge after critical fixes, but I'm watching you. 👁️

---

Action Items for You:

1. CRITICAL: Explain system item construction or add ExecItem::new_system().
2. CRITICAL: Prove to node doesn't need adjacency writes (or add them).
3. CRITICAL: Replace POISON-INVARIANT comment with type-level enforcement.
4. HIGH: Make unsafe_graph and footprint_enforce_release mutually exclusive.
5. HIGH: Document panic-handling strategy (fail-fast? recovery? metrics?).
6. MEDIUM: Justify BTreeSet or benchmark alternatives.
7. MEDIUM: Add test coverage gaps to a tracking issue.

Over to you. 🐰💀

[flyingrobots]

@coderabbitai WOW that is excellent feedback. How can I configure you so that you include that sort of analysis with every code review?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

@flyingrobots — Glad you found it useful! The level of scrutiny you're seeing is actually already configured — you told me to be a "GOD-TIER NIGHTMARE CODE REVIEWER PEDANTIC" and to "hold you to the highest standards. No mercy." 🔥

Let me fetch your current configuration and show you how to lock in this level of rigor consistently:

After I see your current configuration, I'll show you exactly how to make this level of analysis the default for every PR.

---

🏁 Script executed:

#!/bin/bash
# Check if there's a .coderabbit.yaml configuration file
fd -t f "\.coderabbit\.(yaml|yml)" --max-depth 3

# Also check for .github/coderabbit.yaml
if [ -f .github/coderabbit.yaml ]; then
    echo "=== Current .github/coderabbit.yaml ==="
    cat .github/coderabbit.yaml
elif [ -f .coderabbit.yaml ]; then
    echo "=== Current .coderabbit.yaml ==="
    cat .coderabbit.yaml
else
    echo "No .coderabbit.yaml found"
fi

Length of output: 25

---

🛠 Debug Information Gathered

---

@flyingrobots — Good news: it's already locked in! 🔒

Your configuration is already set to GOD-TIER mode via the CodeRabbit UI. Here's what you have active:

tone_instructions: >-
  Hold me to the highest standards. No mercy. GOD-TIER NIGHTMARE CODE REVIEWER PEDANTIC.
reviews:
  profile: assertive  # More feedback (vs "chill")
  request_changes_workflow: true  # Blocks merge until issues resolved

This is global — applies to every review on every PR. That's why you got the full forensic audit.

---

🎯 How to Make It Even More Consistent

Since you don't have a .coderabbitai.yaml file yet, here's how to add path-specific rigor for critical code:

Option 1: Via UI (Easiest)

1. Go to CodeRabbit Dashboard → Repository Settings → Reviews
2. Scroll to Path Instructions
3. Add patterns like:

Path Pattern	Instructions
crates/warp-core/**/*.rs	"Apply extreme scrutiny to warp-core changes. Flag any potential race conditions, memory safety issues, or panic-based control flow. Demand proof of correctness for parallel execution logic."
crates/*/src/boaw/**/*.rs	"BOAW code must have exhaustive panic handling, footprint enforcement validation, and proof of determinism. Challenge every invariant comment — type-level enforcement or it doesn't exist."
**/tests/**/*.rs	"Test coverage must prove correctness, not just exercise code paths. Demand edge case testing, concurrent violation scenarios, and performance benchmarks."

Option 2: Via YAML (More Control)

Create .coderabbitai.yaml in your repo root:

language: en-US
tone_instructions: "Hold me to the highest standards. No mercy. GOD-TIER NIGHTMARE CODE REVIEWER PEDANTIC."

reviews:
  profile: assertive
  
  # Path-specific instructions for maximum rigor
  path_instructions:
    - path: "crates/warp-core/**/*.rs"
      instructions: |
        Apply extreme scrutiny to warp-core changes:
        - Flag potential race conditions, memory safety issues, or panic-based control flow
        - Demand proof of correctness for parallel execution logic
        - Challenge invariant comments — type-level enforcement or it doesn't exist
        - Verify cfg-gated code paths have consistent feature flag semantics
        - Ensure panics have structured payloads and documented recovery semantics
    
    - path: "crates/*/src/boaw/**/*.rs"
      instructions: |
        BOAW code requires exhaustive validation:
        - Every WorkUnit must have clear ownership and lifecycle documentation
        - Footprint declarations must be provably complete (no under-declarations)
        - Panic handling must preserve invariants (e.g., POISON-INVARIANT must be type-level)
        - Concurrent execution must have determinism proof tests
        - Feature flags must not create silent behavior changes
    
    - path: "**/tests/**/*.rs"
      instructions: |
        Test quality must prove correctness:
        - Coverage of edge cases (empty sets, single items, maximum capacity)
        - Concurrent violation scenarios (multiple workers triggering violations)
        - Performance benchmarks comparing enforcement on/off
        - Semantic correctness validation (not just "doesn't panic")
        - Negative tests for violations (assert specific FootprintViolation kinds)
    
    - path: "Cargo.toml"
      instructions: |
        Dependency and feature flag hygiene:
        - Document all feature flags with intended use cases
        - Flag feature flag interactions that could cause silent failures
        - Verify dependency versions for security advisories
        - Ensure feature flag combinations are tested in CI

  # Auto-apply labels for tracking review types
  auto_apply_labels: true
  
  # Enable all analysis tools
  tools:
    clippy:
      enabled: true

---

🔥 Pro Tips for Maximum Rigor

1. Pre-merge Checks (Already have request_changes_workflow enabled ✅)

You can also add custom checks:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Footprint Enforcement Active"
        mode: error
        instructions: |
          Verify that all new rules in this PR declare compute_footprint functions.
          If any executor is added without a footprint, block merge.
      
      - name: "Panic Documentation"
        mode: warning
        instructions: |
          If code uses panic_any or panic!, verify there's documentation explaining:
          - Why panics (not Results)
          - What happens to the calling context
          - Recovery semantics

2. Coding Guidelines (You have this enabled ✅)

Since you have code_guidelines.enabled: true and it's reading **/AGENTS.md, make sure that file contains:

# Coding Guidelines

## Panic Semantics
- Panics are for **programmer errors only** (e.g., invariant violations)
- Never use panics for recoverable runtime errors (use `Result<T, E>`)
- All panics must use `panic_any` with typed payloads for structured error reporting
- Document panic semantics at module level: why, what happens, recovery path

## Footprint Enforcement
- Every rule must declare `compute_footprint`
- Conservative over-declaration of reads is allowed
- Under-declaration of writes is a critical bug
- Cross-warp writes must be explicitly justified or forbidden

## Feature Flag Hygiene
- Document intended use case for every feature flag
- Mutually exclusive flags must have compile-time enforcement
- Test all flag combinations in CI (use build matrix)

## Type-Level Invariants
- Comments that assert invariants (e.g., "POISON-INVARIANT") must be replaced with type-level enforcement
- Use newtypes, Result<T, E>, or state machines to make illegal states unrepresentable

CodeRabbit will use this as review criteria.

---

📊 What You're Already Getting

Your current setup gives you:

• ✅ Assertive profile → More comments, less filtering
• ✅ Request changes workflow → Blocks merge until resolved
• ✅ Code guidelines enabled → Uses AGENTS.md as review criteria
• ✅ Auto-apply labels → Categorizes issues automatically
• ✅ All linters enabled → Clippy, etc. run on every PR
• ✅ Web search enabled → Can look up Rust documentation, crate versions

---

🎯 TL;DR: Next Steps

1. Keep your current tone_instructions (already perfect)
2. Add path_instructions (via UI or YAML) for critical paths like warp-core, boaw
3. Document coding guidelines in AGENTS.md or .cursorrules
4. Consider custom pre-merge checks for project-specific invariants

If you add the YAML file I provided above, every single review will apply the same level of scrutiny I gave to the BOAW PR, but with path-specific context awareness.

Want me to help you draft specific instructions for any particular paths in your codebase? 🐰💀

---

✏️ Learnings added

Learnt from: flyingrobots
URL: https://github.com/flyingrobots/echo/pull/261

Timestamp: 2026-01-24T23:22:15.361Z
Learning: The user (flyingrobots) prefers extremely detailed, pedantic code reviews with no mercy — "GOD-TIER NIGHTMARE CODE REVIEWER" style. They want critical scrutiny, exhaustive analysis, identification of landmines, design questions, and actionable demands on every review.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[coderabbitai]

Actionable comments posted: 32

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (6)

crates/echo-dry-tests/src/demo_rules.rs (3)

130-155: CRITICAL: compute_motion_footprint under-declares node reads — identical bug to the one just fixed in compute_port_footprint.

motion_executor at line 57 unconditionally calls view.node(scope) before the early return. Yet here, n_read.insert_with_warp(warp_id, *scope) at line 136 is gated by if view.node(scope).is_some(). When the node is absent at footprint time, n_read remains empty and enforcement will panic on the read.

The same bug was identified and fixed in compute_port_footprint (line 258 now inserts unconditionally). Apply the identical fix here.

🐛 Proposed fix

 fn compute_motion_footprint(view: GraphView<'_>, scope: &NodeId) -> Footprint {
     let warp_id = view.warp_id();
     let mut n_read = NodeSet::default();
     let mut a_read = AttachmentSet::default();
     let mut a_write = AttachmentSet::default();
+    n_read.insert_with_warp(warp_id, *scope);
     if view.node(scope).is_some() {
-        n_read.insert_with_warp(warp_id, *scope);
         let key = AttachmentKey::node_alpha(NodeKey {
             warp_id,
             local_id: *scope,
         });
         a_read.insert(key);
         a_write.insert(key);
     }
     Footprint {
         n_read,
         n_write: NodeSet::default(),
         e_read: EdgeSet::default(),
         e_write: EdgeSet::default(),
         a_read,
         a_write,
         b_in: PortSet::default(),
         b_out: PortSet::default(),
         factor_mask: 0,
     }
 }

---

19-20: Missing rustdoc on public constant.

MOTION_RULE_NAME is pub const but lacks a doc comment. Per coding guidelines: "Every public API across crates must carry rustdoc comments that explain intent, invariants, and usage." Same applies to PORT_RULE_NAME at line 194.

📝 Proposed fix

+/// Rule name constant for the built-in motion update rule.
 pub const MOTION_RULE_NAME: &str = "motion/update";

And at line 194:

+/// Rule name constant for the demo port reservation rule.
 pub const PORT_RULE_NAME: &str = "demo/port_nop";

Based on coding guidelines, "Every public API across crates must carry rustdoc comments."

---

130-155: Consider extracting shared footprint boilerplate.

The nearly identical structure between compute_motion_footprint and compute_port_footprint directly contributed to the bug: one was fixed, the other wasn't. A small helper for the common pattern (unconditional scope read + conditional attachment/write declarations) would prevent future divergence.

♻️ Sketch

fn base_footprint_for_scope(view: GraphView<'_>, scope: &NodeId) -> (WarpId, NodeSet, AttachmentSet, AttachmentSet, AttachmentKey) {
    let warp_id = view.warp_id();
    let mut n_read = NodeSet::default();
    n_read.insert_with_warp(warp_id, *scope); // unconditional
    let key = AttachmentKey::node_alpha(NodeKey { warp_id, local_id: *scope });
    let mut a_read = AttachmentSet::default();
    let mut a_write = AttachmentSet::default();
    if view.node(scope).is_some() {
        a_read.insert(key);
        a_write.insert(key);
    }
    (warp_id, n_read, a_read, a_write, key)
}

Then both functions build on this base, adding their specific fields.

crates/echo-dind-tests/src/rules.rs (1)

584-595: Docstring is factually incorrect—function computes IDs, does not emit ops.

The docstring says "Emit ops for a view operation" but this function only derives (NodeId, EdgeId) from a scope. It emits nothing. This misleading comment will confuse future maintainers.

📝 Proposed docstring fix

-/// Emit ops for a view operation with scope-derived deterministic sequencing.
-///
-/// Uses the triggering intent's scope (NodeId) to derive a unique view op ID.
-/// This ensures determinism under parallel execution since the same intent
-/// always produces the same view op ID regardless of worker assignment.
+/// Derives deterministic view op IDs from an intent scope.
+///
+/// Returns `(op_node_id, edge_id)` computed from the scope's hex encoding.
+/// Used by both `compute_footprint` and `emit_view_op_delta_scoped` to ensure
+/// footprint declarations match actual writes under parallel execution.
 fn view_op_ids_for_scope(scope: &NodeId) -> (NodeId, EdgeId) {

---

Minor perf nit: hex encoding allocates on hot path.

The hex conversion creates 32 small format! strings per call. If toast throughput matters, consider a stack-allocated buffer or the hex crate.

♻️ Zero-alloc hex encoding alternative

fn view_op_ids_for_scope(scope: &NodeId) -> (NodeId, EdgeId) {
    const HEX_CHARS: &[u8; 16] = b"0123456789abcdef";
    let mut hex = [0u8; 64]; // 32 bytes * 2 hex chars
    for (i, &b) in scope.0.iter().enumerate() {
        hex[i * 2] = HEX_CHARS[(b >> 4) as usize];
        hex[i * 2 + 1] = HEX_CHARS[(b & 0xf) as usize];
    }
    let scope_hex = core::str::from_utf8(&hex).unwrap();
    (
        make_node_id(&format!("sim/view/op:{scope_hex}")),
        make_edge_id(&format!("edge:view/op:{scope_hex}")),
    )
}

Or add hex crate: let scope_hex = hex::encode(&scope.0);

docs/study/echo-tour-de-code.md (1)

8-10: Line-number references are already stale.
This file now claims accuracy “as of 2026-01-18,” but the PR materially moved engine code (e.g., ingest_intent is no longer near the cited lines). Either refresh all line numbers (and date) or drop line numbers to avoid misleading readers.

docs/study/echo-tour-de-code-with-commentary.tex (1)

195-198: Line-number/date claim is outdated after this PR.
The “accurate as of 2026-01-18” statement and embedded line numbers are now wrong given the enforcement changes. Please refresh the cited line numbers and update the date (or remove line numbers entirely).

🤖 Fix all issues with AI agents

In `@CHANGELOG.md`:
- Around line 30-32: Replace the imprecise "12+" in the CHANGELOG.md entry
referencing Slice-theorem proof tests with an authoritative count or clear
phrasing; update the line for "Slice-theorem proof tests
(`tests/boaw_footprints.rs`): 12+ integration tests" to either the exact number
of integration tests present in tests/boaw_footprints.rs or phrasing like "12
initial integration tests" so readers know whether the count is fixed or
expected to grow.
- Line 113: The changelog line claiming "Removed global MD060 disable"
contradicts the actual configuration where .markdownlint.json still contains
"MD060": false; update the CHANGELOG.md entry to accurately reflect the state
(e.g., change the sentence to indicate MD060 remains globally disabled or note
that the global disable was retained) or alternatively remove/modify the
"MD060": false entry in .markdownlint.json so it matches the changelog;
reference the CHANGELOG.md sentence and the .markdownlint.json "MD060": false
setting when making the fix.

In `@crates/echo-dind-tests/src/rules.rs`:
- Around line 410-415: Add an inline comment near the
a_read.insert(AttachmentKey::node_alpha(NodeKey { warp_id, local_id: target_id
})) call that documents the trade-off: note that the read is conservatively
declared (necessary for toggle_nav which reads current value, but spurious for
route_push and set_theme), explain it may cause slightly conservative scheduling
by creating false conflicts with concurrent readers, and mention that all
callers use ConflictPolicy::Abort so the write footprint already forces
serialization and risk is low; reference the helper and the rule names
(toggle_nav, route_push, set_theme) and ConflictPolicy::Abort in the comment for
future maintainers.

In `@crates/echo-dry-tests/src/demo_rules.rs`:
- Around line 348-379: Add a mirror test
compute_motion_footprint_always_reads_scope_node that matches
compute_port_footprint_always_reads_scope_node: create a default GraphStore and
GraphView, construct scope = make_node_id("motion/missing"), call
compute_motion_footprint(view, &scope), build expected NodeKey using
view.warp_id() and scope, and assert that expected appears in footprint.n_read
and that n_write, a_read, a_write (and b_in if applicable) are empty; if
compute_motion_footprint currently omits declaring a read for a missing scope
node, update the function (the same logic used to ensure the port version always
declares the scope read) so it always inserts the scope NodeKey into the
returned footprint.n_read even when the node is absent.

In `@crates/warp-core/src/boaw/exec.rs`:
- Around line 22-33: ExecItemKind is missing the unsafe_graph exclusion which
makes the `kind` field live when FootprintGuard/imports and the `guards` field
are conditionally omitted; to fix, add the same cfg gate used for FootprintGuard
and the `guards` field (i.e., #[cfg(not(feature = "unsafe_graph"))] combined
with the existing #[cfg(any(debug_assertions, feature =
"footprint_enforce_release"))]) to the ExecItemKind definition so its presence
matches the FootprintGuard import and the `guards` field and prevents dead/
surprising code under unsafe_graph; update the ExecItemKind enum's attributes to
mirror those on FootprintGuard and `guards`.
- Around line 400-403: The post-hoc write-enforcement loop currently calls
guard.check_op(op) blindly and can panic with a FootprintViolation, which masks
any prior executor panic (exec_result) and prevents resume_unwind from running;
modify the logic around delta.ops_ref()[ops_before..] and guard.check_op(op) so
that if exec_result is Err(original_panic) you preserve it by either (a)
wrapping the FootprintViolation with the original panic (e.g., construct a
FootprintViolationWithPanic containing violation and original_panic and re-panic
via panic_any) or (b) at minimum logging the original_panic before running
check_op, ensuring resume_unwind still has access to original_panic; update
handling where exec_result, resume_unwind, and panic_any are used to propagate
both pieces of information.
- Around line 51-54: The `kind` field in `ExecItem` is cfg-gated only by
debug_assertions || footprint_enforce_release but `guards` (the only consumer
during enforcement) is additionally gated with not(feature = "unsafe_graph"),
leaving `kind` allocated but unused when unsafe_graph is enabled; update the
`kind` field's attribute to match the consumer by adding the same cfg exclusion
(i.e., include not(feature = "unsafe_graph")) so `kind` is compiled out in the
same configurations as `guards` and `ExecItemKind`.
- Around line 71-84: The function new_system references ExecItemKind::System and
the ExecItem.kind field but is not gated against the unsafe_graph feature; add a
cfg gate that excludes this function when unsafe_graph is enabled (e.g., require
not(feature = "unsafe_graph") in the same conditional that currently controls
new_system) so the constructor is only compiled when System kind is present;
update the attribute on the new_system function to mirror the ExecItemKind/kind
gating (reference symbols: new_system, ExecItemKind::System, kind) to prevent
compile errors and ensure it is omitted when unsafe_graph is active.
- Around line 61-69: The public constructor ExecItem::new initializes the
cfg-gated field kind (set to ExecItemKind::User) but is not itself cfg-gated; if
you add the unsafe_graph cfg gate to the kind field you must also gate the
initializer. Update ExecItem::new so the assignment to kind is wrapped with the
same cfg attribute as the kind field (e.g., #[cfg(any(debug_assertions, feature
= "footprint_enforce_release", feature = "unsafe_graph"))]) or alternatively
apply the same cfg to the entire new() function to ensure the kind field is only
referenced when its cfg is enabled.
- Around line 395-398: Introduce a type-level poison marker and propagate it
from the executor: define a new PoisonedDelta (e.g., a distinct unit/newtype
wrapper that does NOT expose merge/commit APIs) and change
execute_item_enforced() to return Result<TickDelta, PoisonedDelta> instead of
always yielding a TickDelta; then change merge_deltas() to accept a collection
of Result<TickDelta, PoisonedDelta> (or Vec<TickDelta> + explicit filtering) and
make it early-return or propagate an Err when any PoisonedDelta is present so
poisoned deltas can never be merged/committed; ensure no methods are added to
PoisonedDelta that allow bypassing this check and update callers to handle the
Err path explicitly.

In `@crates/warp-core/src/engine_impl.rs`:
- Around line 1294-1304: The current fallback in the map closure masks wiring
bugs by substituting crate::footprint::Footprint::default() and "unknown" when
guard_meta lookup fails; change this to fail fast instead: detect missing guard
metadata for the NodeKey built from item.origin, NodeKey { warp_id:
unit.warp_id, local_id: item.scope } and return or propagate an error (or panic
with a clear message) rather than using the default footprint and "unknown"
rule_name so the wiring bug surfaces immediately; update the surrounding
function to propagate the error (or include a clear panic message) when
guard_meta.get(...).cloned() is None.

In `@crates/warp-core/tests/boaw_footprints.rs`:
- Around line 123-149: Tests t3_4–t3_12b repeat the same RewriteRule/struct
literal fields which is error-prone; add a helper function (e.g., make_rule or
make_rewrite_rule) that accepts the varying bits (name like T3_4_NAME, executor
fn like t3_4_executor, footprint fn like t3_4_footprint, and any small
overrides) and returns the fully-populated rule with sane defaults for all other
fields, then replace each test's explicit struct literal with a call to that
helper to reduce boilerplate and ensure consistency across tests.

In `@crates/warp-core/tests/slice_theorem_proof.rs`:
- Around line 562-589: The test hard-codes policy_id and a zeroed rule_pack_id
when constructing the tick header and when calling compute_commit_hash_v2;
update the header.policy_id and the compute_commit_hash_v2 call to use
snapshot.policy_id, and use the actual rule_pack_id from the patch (e.g.,
patch.rule_pack_id or wl_patch.header.rule_pack_id as exposed) instead of
[0u8;32], and add an assertion that the computed commit_hash equals
snapshot.hash to ensure the test mirrors the real engine commit chain.

In `@docs/adr/PLAN-PHASE-6B-VIRTUAL-SHARDS.md`:
- Around line 152-157: The "Files Changed in Commit 2" table omits
enforcement-related additions; update the ADR to either add a separate "Files
Changed in Enforcement Commits" table listing footprint_guard.rs (defines
FootprintGuard, FootprintViolation, ViolationKind), graph_view.rs (new_guarded()
constructor and guard field), boaw/exec.rs (ExecItemKind, enforcement path,
check_op()), and enforcement test files (boaw_footprints.rs, slice theorem
tests), or rename the section to clarify it only covers engine integration and
does not include enforcement commits; ensure the chosen fix clearly lists the
enforcement files and references the symbols above so future readers can find
the enforcement implementation.

In `@docs/adr/TECH-DEBT-BOAW.md`:
- Around line 186-194: The Location entry in the ADR incorrectly points to a
nested module path; update the Location field to reference the actual crate-root
module file (the footprint_guard.rs at the warp-core crate root as declared in
lib.rs and imported via crate::footprint_guard::*), replacing the current
`crates/warp-core/src/boaw/footprint_guard.rs` text with the correct module file
path/name so cross-references and the commits note (44aebb0, 0d0231b) align with
the implemented guard.

In `@docs/book/echo/sections/15-boaw-storage.tex`:
- Around line 105-113: The doc text incorrectly says the guard ensures a "tight"
bound; change the wording to state that FootprintGuard (used by
GraphView::new_guarded() when footprint_enforce_release or debug builds are
enabled) enforces that actual accesses are a subset of the declared read sets
(actual accesses ⊆ declared reads) and will panic with FootprintViolation for
undeclared accesses, but does not prevent or detect over-declarations — it does
not guarantee equality/tightness; update the paragraph to reflect this subset
guarantee and mention footprint_enforce_release and FootprintViolation for
context.

In `@docs/book/echo/sections/18-tour-boaw-execution.tex`:
- Around line 152-166: Update the paragraph to qualify the "zero overhead" claim
and add adjacency violations: state that write-enforcement (via check_op()) and
ExecItemKind gating are active in debug builds or when the
footprint_enforce_release feature is enabled, and can be bypassed by the
unsafe_graph escape hatch, so there is zero runtime overhead only when those
checks are disabled; also explicitly list that adjacency violations are enforced
as part of the checks (in addition to undeclared writes, cross-warp emissions,
and unauthorized instance ops), and reference ExecItemKind,
UpsertWarpInstance/DeleteWarpInstance/OpenPortal, footprint_enforce_release,
unsafe_graph, and check_op() so readers can find the relevant code paths.

In `@docs/dind-harness.md`:
- Around line 46-55: Update the documentation to point to the correct test
location and to accurately describe FootprintGuard behavior: change the
hardcoded test path from "crates/warp-core/src/boaw/slice_theorem_proof.rs" to
"crates/warp-core/tests/slice_theorem_proof.rs", and revise the statement that
the FootprintGuard is "always active" to note that it is disabled when the
unsafe_graph feature is enabled (see footprint_guard.rs) so readers know the
escape hatch exists; reference the test name slice theorem proof and the guard
type FootprintGuard in the text so the changes are clear.

In `@docs/guide/course/glossary.md`:
- Line 37: Update the ExecItemKind glossary entry to clarify the operational
consequence: state that ExecItemKind has two variants, System and User, and only
System items are permitted to emit warp-instance-level operations (create/delete
instances, open portals); attempts by User items to perform these ops result in
an UnauthorizedInstanceOp error. Reference the ExecItemKind symbol and the
UnauthorizedInstanceOp error so readers can locate related checks in the
codebase and understand enforcement.

In `@docs/notes/boaw-perf-baseline.md`:
- Around line 120-122: The doc incorrectly states that the unsafe_graph feature
removes the ExecItemKind field; instead update the note to clarify that
unsafe_graph disables footprint guard enforcement checks (runtime validation)
while the ExecItem struct and its ExecItemKind field remain gated by
#[cfg(any(debug_assertions, feature = "footprint_enforce_release"))]; replace
the sentence to something like: "The unsafe_graph feature disables all footprint
guard enforcement checks; when absent, runtime validation for declared footprint
access is active." and ensure mentions of ExecItem, ExecItemKind,
footprint_enforce_release, and debug_assertions reflect this separation.
- Around line 103-118: Update the docs to accurately reflect that FootprintGuard
uses BTreeSet (not HashSet) for its read/write sets—replace references to
`HashSet::contains()` with `BTreeSet::contains()` and mention the specific
guarded types (`BTreeSet<NodeId>`, `BTreeSet<EdgeId>`,
`BTreeSet<AttachmentKey>`) and the related symbols `GraphView`, `check_op`, and
`ExecItem`; also remove the hardcoded percentage overhead claims and instead
state that "debug benchmarks using a trivial executor observed modest overhead
(dependent on footprint size and read-access frequency)" or include concrete
benchmark parameters (workload config, iteration count, runner) if you can
supply measured values.

In `@docs/study/echo-tour-de-code-directors-cut.tex`:
- Around line 936-944: The doc currently states violations are returned as
Err(FootprintViolation) when check_op fails; update the wording to reflect
runtime behavior that violations are raised via panic_any(FootprintViolation)
(not returned), and clarify that write violations thus override executor panics
by being raised with panic_any; also adjust the branch that says
"std::panic::resume_unwind(payload)" to contrast that when the footprint is
clean the original executor panic is resumed via
std::panic::resume_unwind(payload) while when check_op fails the code invokes
panic_any(FootprintViolation) so the violation panic takes precedence.

In `@docs/study/echo-tour-de-code.tex`:
- Around line 863-904: Docs describe a triple cfg-gate for the ExecItem.kind
field but the actual implementation in exec.rs only has the debug/footprint
gate; add the missing cfg not(feature = "unsafe_graph") to the kind field
declaration (the pub(crate) kind: ExecItemKind field) so it is wrapped by both
#[cfg(any(debug_assertions, feature = "footprint_enforce_release"))] and
#[cfg(not(feature = "unsafe_graph"))], matching the guards logic and avoiding
dead field allocation; after change, run cargo build/test with and without the
unsafe_graph feature to verify compilation.
- Around line 818-845: Update the pseudocode to match the real function
signature and guard usage: change the header to use the actual parameters (fn
execute_item_enforced(store, item, idx, unit, delta)) and replace the standalone
check_op(op, footprint, item.kind) call with the guard method
(guard.check_op(op)) while noting that the guard is constructed earlier and
encapsulates footprint and is_system/item.kind; make sure the op-count snapshot,
panic-catching, op-iteration and outcome precedence text refer to these actual
symbols (execute_item_enforced, guard.check_op, and the constructor that creates
the guard) so readers can map the doc to exec.rs.

In `@docs/study/echo-visual-atlas.md`:
- Around line 191-196: The shard value shown for the `0xDEADBEEFCAFEBABE` input
is wrong because using `u64::from_le_bytes(...)` then `& 0xFF` yields the low
byte (0xDE = 222), not 0xBE; update the table row for the `0xDEADBEEFCAFEBABE`
vector to show the correct shard value `222 (0xDE)` and ensure any explanatory
text referencing this example reflects the low-byte calculation from
`u64::from_le_bytes` and `& 0xFF`.
- Line 647: Update the hardcoded date stamp "Visual Atlas generated 2026-01-18"
in the document: locate the exact text string "Visual Atlas generated
2026-01-18" and replace it with the actual regeneration date (e.g., current
date) or prepend/append a clear note such as "(historical)" to indicate it is
not current; ensure the updated line remains consistent with the surrounding
sentence "_Visual Atlas generated ..._".
- Around line 474-505: The diagram currently labels the violation path as
"Err(FootprintViolation)" which mixes Result semantics with the documented
panic_any(FootprintViolation); update the flowchart and the Key to reflect a
panic-based outcome: change the ERR node label from Err(FootprintViolation) to
panic_any(FootprintViolation) (or "panic(FootprintViolation)") and adjust the
Key text around execute_item_enforced() / FootprintViolation to state that
violations trigger a panic rather than returning a Result, ensuring consistency
with the panic semantics described elsewhere.

In `@docs/study/what-makes-echo-tick-with-diagrams.tex`:
- Around line 527-538: Update the paragraph about runtime enforcement to
explicitly state that FootprintGuard is only active when the release
feature/unsafe_graph gate is enabled and that instance lifecycle operations are
not authorized via footprint coverage but are instead blocked/allowed by
ExecItemKind; revise the bullet about "Unauthorized instance ops" to say
"Instance ops blocked by ExecItemKind (not footprint coverage)" and add a short
note that the runtime enforcement requires the unsafe_graph gating so readers
know when FootprintGuard is effective.

In `@docs/study/what-makes-echo-tick.md`:
- Around line 306-314: The runtime-enforcement paragraph for FootprintGuard is
misleading about gating; update the text around FootprintGuard (and references
to n_read/e_read/a_read, n_write/e_write/a_write) to state that enforcement is
not strictly debug-only by mentioning the configuration flags: enforcement can
be enabled in release builds via footprint_enforce_release and can be globally
disabled via unsafe_graph; also clarify that these flags control whether
FootprintGuard's checks (undeclared reads/writes, cross-warp emissions,
unauthorized instance ops like UpsertWarpInstance/DeleteWarpInstance, and
adjacency violations) are active.
- Around line 85-88: Tighten the four LanguageTool callouts flagged as wordy by
trimming redundant phrases and adverbs while preserving tone and meaning—locate
the callouts (including the one titled "Claude's Take") and shorten sentences
like "is the sleeper here," "just... works," and similar verbose fragments to
more concise equivalents; apply the same concise edits to the three other
flagged callouts so cadence improves without changing intent.

In `@docs/study/what-makes-echo-tick.tex`:
- Around line 1061-1068: Reword the paragraph to separate the roles of
catch_unwind and post-hoc write validation: state that write enforcement is
performed by validating every op in the TickDelta via check_op() after the
executor completes, and that catch_unwind is a surrounding boundary used to
catch immediate panics from GraphView accessors (read violations) so that, even
if the executor is unwound by a panic, any ops already emitted into the
TickDelta can still be validated; reference the executor, catch_unwind,
check_op(), TickDelta, GraphView, and n_write when describing what violations
are caught (undeclared writes, cross-warp emissions, unauthorized instance ops,
and adjacency violations where an edge op's from node is absent from n_write).

[coderabbitai]

Actionable comments posted: 19

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docs/study/echo-tour-de-code-with-commentary.tex (1)

633-639: Strip the stale "8 bytes" claim from the documentation.

The GraphView struct does carry an optional guard in enforcement builds (debug_assertions or feature = "footprint_enforce_release"), making it 16 bytes instead of 8. The current doc claims it's "only 8 bytes"—this is dead wrong in debug builds and any enforcement-enabled release. The struct remains Copy even with the guard present (since it's just an Option<&'a FootprintGuard>), but don't advertise a fixed byte size unless you're willing to keep it synchronized with the conditional layout. Remove the precise size claim and describe it generically as a lightweight, copyable handle.

The test at line 310 even gates graph_view_is_pointer_sized() to run only in unguarded configurations—proof that the maintainers knew the size claim doesn't hold universally.

Suggested fix

- Step [4] creates a \texttt{GraphView}---and note it's only \textbf{8 bytes} and \texttt{Copy}! This is just a pointer to the underlying \texttt{GraphStore}, but wrapped in a type that only exposes read methods.
+ Step [4] creates a \texttt{GraphView}---a lightweight, copyable handle to the underlying \texttt{GraphStore}. In enforcement builds, it optionally carries a guard reference. The type itself enforces read-only access at compile time; the compiler permits no mutations through \texttt{GraphView}.

🤖 Fix all issues with AI agents

In `@CHANGELOG.md`:
- Around line 10-13: Update the CHANGELOG.md entry about FootprintGuard
(boaw/exec.rs) to add a "Feature Flag Semantics" subsection that explicitly
documents the interaction of the three gates: state that Debug builds enable
enforcement by default, Release builds disable it unless
footprint_enforce_release is enabled, and unsafe_graph unconditionally disables
enforcement (or state the actual override/mutual-exclusion behavior if
different); clarify what happens when footprint_enforce_release and unsafe_graph
are both enabled (compile error, override to disabled, or undefined), and note
whether any combinations are rejected at compile time and the intended use-case
for unsafe_graph so readers know expected behavior and failure modes.
- Around line 10-13: Augment the CHANGELOG entry for the FootprintGuard in
boaw/exec.rs to include a "Panic Recovery Semantics" subsection that documents
what happens when the catch_unwind-based guard triggers: state whether
catch_unwind recovers the violating worker thread or aborts the whole tick,
specify whether other workers in the same tick are allowed to complete or are
short-circuited, describe the engine-level observable effect (tick fails,
partial application, or rule skipped), explain how the panic is propagated to
callers (Result::Err, re-panic after cleanup, or other), and add a brief
rationale for using panic_any/catch_unwind rather than a Result-based API;
reference the FootprintGuard type and the footprint_enforce_release /
unsafe_graph feature flags so readers can find the implementing code in
boaw/exec.rs.
- Around line 8-33: Add a "Known Limitations (Phase 6B)" subsection to the
CHANGELOG immediately after the Phase 6B summary that lists the reviewer-raised
risks and future work: explicitly state current cross-warp enforcement behavior,
note Footprint API ergonomics (verbose NodeSet/EdgeSet construction and need for
builders/derive macros), warn that over-declared writes can degrade parallelism
and currently have no validation/warnings, call out guard metadata tradeoffs
(Vec vs HashMap not benchmarked), and surface the POISON-INVARIANT concern as an
outstanding item; reference ADR-0007 and relevant symbols (FootprintGuard,
GraphView::new_guarded, ExecItem::new, FootprintViolation, check_op,
tests/boaw_footprints.rs) so readers can find the implementation and planned
Phase 6C+ work.
- Around line 8-33: The CHANGELOG entry for "Phase 6B: Footprint Enforcement
(ADR-0007)" omits performance details; add a "Performance Impact" subsection
under that entry that references docs/notes/boaw-perf-baseline.md, summarizes
the measured overhead numbers (e.g., <5% small footprints, ~15% larger in debug,
zero in release when cfg-gated), and notes enforcement is opt-in for release;
also mention that FootprintGuard (boaw/exec.rs) and GraphView::new_guarded
read-side checks were the subjects of the baseline, and optionally update
boaw_baseline.rs to include explicit ON/OFF benchmark tables for workloads 10,
100, 1000 items and link those results from the CHANGELOG subsection.
- Line 111: Update the CHANGELOG entry to clarify the impact and detection of
the Guard metadata scoping fix: explain that "guard metadata" refers to
enforcement tracking of read/write footprints and violation markers used by
engine_impl.rs during runtime safety checks, state the failure mode (e.g.,
cross-warp collisions caused false positives/false negatives when nodes in
different warps shared the same local node ID), note how it was detected (e.g.,
failing multi-warp unit test like slice_theorem_proof or a production incident
that reproduced cross-warp enforcement errors), and describe that "warp-scoped
NodeKey" means the NodeKey used by engine_impl.rs was changed to include the
warp identifier (making it a composite key of WarpId + NodeId) to prevent
collisions; make these four points concise in the single changelog line
replacing the current vague entry.
- Around line 27-28: Update the CHANGELOG entry for the "check_op() post-hoc
write validation" to explicitly state that edge mutations
(UpsertEdge/DeleteEdge) are validated by op_write_targets() in
footprint_guard.rs to require only the `from` node be present in `n_write`, and
add a brief note explaining the architectural rationale: GraphStore maintains
bidirectional adjacency via `edges_from` and `edges_to`, but adjacency mutation
attribution is intentionally recorded against the source node (`from`) only;
reference `check_op()`, `op_write_targets()`, `UpsertEdge`/`DeleteEdge`,
`n_write`, `GraphStore`, `edges_from`, and `edges_to` so readers understand why
`to` is not required.

In `@crates/echo-dind-tests/src/rules.rs`:
- Around line 584-601: The helper view_op_ids_for_scope currently uses a fixed
64-byte buffer which assumes NodeId is 32 bytes; change it to build the hex
string from the actual byte length of scope.0 (e.g., allocate a String or
Vec<u8> with capacity scope.0.len()*2 and push two hex chars per byte) instead
of the fixed HEX array, then call make_node_id and make_edge_id with the
resulting hex string; this removes the hard-coded size dependency on NodeId
while preserving the same "sim/view/op:{scope_hex}" and
"edge:view/op:{scope_hex}" formatting.

In `@crates/echo-dry-tests/src/demo_rules.rs`:
- Around line 388-415: The test compute_motion_footprint_always_reads_scope_node
currently checks n_read/n_write and a_read/a_write but omits edge and blob
footprint fields; update the test to also assert that footprint.e_read,
footprint.e_write, footprint.b_read, and footprint.b_write are empty (with clear
assertion messages) so the shape of the missing-node motion footprint is fully
locked down when calling compute_motion_footprint.

In `@docs/study/echo-tour-de-code-with-commentary.tex`:
- Around line 1090-1109: The enforcement trace only shows post-hoc write
validation; update the prose around execute_item_enforced to also state that
read accesses are enforced during execution via GraphView/FootprintGuard (i.e.,
GraphView provides read-guards that prevent or record unauthorized reads while
the item.exec runs inside std::panic::catch_unwind), and mention that these
read-guard checks occur in-line during execution and will surface errors (or be
reflected in the footprint) in addition to the post-hoc check_op write
validation; reference execute_item_enforced, GraphView, FootprintGuard,
catch_unwind, and check_op in the text so readers know where each enforcement
happens.
- Around line 1182-1199: The doc currently omits that the cfg gates are
asymmetric: the kind field is behind #[cfg(any(debug_assertions, feature =
"footprint_enforce_release"))] while the enforcement machinery (the guards
vector and validation code) also requires #[cfg(not(feature = "unsafe_graph"))],
so enabling feature = "unsafe_graph" will disable enforcement even if
footprint_enforce_release is set; update the paragraph about the "triple
cfg-gate pattern" to explicitly state that unsafe_graph takes precedence and
will turn off all enforcement (guards/validation) regardless of
footprint_enforce_release, and clarify the practical effect on the struct layout
and runtime checks for the named symbols kind, guards vector, and validation
code under each cfg combination.
- Around line 1111-1118: The docs incorrectly state that violations return
Err(FootprintViolation); update the wording to reflect the actual panic-based
semantics used by execute_item_enforced(): guard.check_op() does not return a
Result but calls std::panic::panic_any(FootprintViolation { ... }) inside the
post‑hoc validation loop, so describe that violations are surfaced by panicking
(panic_any) and therefore abort the executor and take precedence over any
executor panic that would otherwise be re‑thrown by std::panic::resume_unwind;
mention the exact symbols execute_item_enforced, guard.check_op,
std::panic::panic_any, and FootprintViolation to make locating the behavior
clear.

In `@docs/study/echo-tour-de-code.md`:
- Around line 667-676: Add module-level documentation that fully specifies panic
recovery and observable tick semantics: state that worker threads run inside
std::thread::scope and that a panic from execute_item_enforced unwinds the
worker thread and is propagated by the scope join in execute_parallel (so the
caller observes the panic and the tick does not continue), explain that any
worker panic (whether footprint violation or executor panic) causes
execute_parallel to abort and the transaction to be rolled back via
Engine::abort (no partial commits), and clarify that poisoned TickDelta
instances are not merged — they remain on the worker stack and are dropped when
the thread unwinds; include these exact symbols (std::thread::scope,
execute_item_enforced, execute_parallel, Engine::abort, TickDelta) in the docs
so readers can locate the behavior.
- Line 9: The tour doc must include stable anchors so readers can locate
enforcement-critical code; update sections referencing execute_item_enforced,
check_op, and ExecItemKind to include either (a) line numbers with a "last
verified" date header per section, or (b) exact function signatures / unique
code snippets (e.g., fn execute_item_enforced(...), fn check_op(...), enum
ExecItemKind { ... }) or (c) add source annotations (// TOUR: ...) and supply a
small validation script that maps those annotations to current line ranges and
flags drift; implement one of these options for each referenced symbol so
grep/rg can reliably find the sites and add the validation script entrypoint
mentioned in the doc.
- Around line 660-664: Add a concise definition and cross-reference for
"warp-instance-level ops" next to the existing mention (around check_op /
footprint / ExecItemKind::System) clarifying that warp-instance-level ops are
operations that modify multiverse topology (e.g., OpenPortal,
UpsertWarpInstance, DeleteWarpInstance from Section 6.2) and are therefore
restricted to ExecItemKind::System; explicitly state that ExecItemKind::User
cannot emit these due to the enforcement boundary, describe the error type
produced if a User item emits one (treat as a footprint violation or other
enforcement error—specify which), and note whether any other op categories exist
beyond "warp-instance-level" and "normal" or add a pointer to a taxonomy
section.
- Around line 679-681: Replace the prose-only "poison invariant" with a
type-level guarantee: make the execution API produce and accept a poison-safe
type so partially-written deltas cannot be merged; for example, introduce a new
wrapper/newtype (e.g., ValidDelta) or typestate (e.g.,
TickDelta<Clean>/TickDelta<Poisoned>) and update execute_item_enforced to
construct/return only the safe type and change merge_deltas to accept
Vec<ValidDelta> or Vec<TickDelta<Clean>> (or, if you must do the minimal change,
add an internal poisoned flag on TickDelta and have merge_deltas assert the flag
is false), ensuring TickDelta::new() no longer exposes an unsafe public
constructor that lets callers create a delta that could bypass the safety model.
- Around line 708-713: Add a compile-time guard that prevents both features
being enabled at once: detect the configuration combination feature =
"footprint_enforce_release" AND feature = "unsafe_graph" using #[cfg(all(feature
= "footprint_enforce_release", feature = "unsafe_graph"))] and emit a
compile_error! with a short message explaining they are mutually exclusive;
place this check in the crate root (e.g., lib.rs or main.rs) so the build fails
early and unambiguously when both features are enabled.
- Around line 716-722: The table's safety entries should explicitly handle
TickDelta's poisoned state and clarify ExecItem's cfg-gated Copy behavior:
update the TickDelta row (TickDelta -> Per-worker exclusive) to mention that
poisoned deltas must be discarded and not merged (e.g., "No shared mutation;
poisoned deltas must be discarded without merging"), and add a short note under
the table stating that ExecItem is Copy only because ExecItemKind (when present)
is Copy and that the cfg-gated kind field does not change Sync/Send
bounds—verify or document that ExecItemKind implements Copy so the claim is
accurate (referencing TickDelta, ExecItem, ExecItemKind).
- Around line 643-714: Add a new subsection "5.3.1 Cross-Warp Enforcement
Policy" under the Enforced Execution Path describing that
execute_item_enforced/check_op currently forbids cross-warp writes: state that
any op's warp id must equal the executor's scope.warp_id and that check_op
performs this check and returns FootprintViolation::CrossWarpWrite on mismatch;
document the exception that ExecItemKind::System may emit warp-instance-level
ops (e.g., OpenPortal, UpsertWarpInstance) only for allowed child-instance
actions, and include a short TODO noting a future Phase 7 relaxation
(portal-based cross-warp reads with explicit footprint flags/allowlist).
- Around line 701-706: Update Section 5.4 to accurately describe how System
ExecItems are constructed: mention the existence and signature of the
constructor ExecItem::new_system(exec: ExecuteFn, scope: NodeId, origin:
OpOrigin), document the cfg-gating requirement that new_system() is only
compiled when debug_assertions OR the footprint_enforce_release feature is
enabled (and thus absent in plain release builds where the call site falls back
to ExecItem::new()), and clarify the control flow that System items are created
conditionally during rule registration only when the rule's is_system flag is
true (as invoked from the engine registration path), so readers can trace inbox
execution to System item construction.

♻️ Duplicate comments (3)

CHANGELOG.md (2)

30-32: Imprecise test count "12+" remains unfixed from prior review.

This is a duplicate of an existing review comment. The "12+" phrasing was already flagged as insufficiently authoritative for a changelog. Either provide the exact count or use phrasing like "12 initial integration tests" to clarify whether the count is stable or expected to grow.

---

---

113-113: MD060 claim contradicts .markdownlint.json—still unfixed from prior review.

This is a duplicate of an existing review comment. Line 113 claims "Removed global MD060 disable" but .markdownlint.json line 11 still contains "MD060": false. Either update the CHANGELOG to reflect reality or remove the MD060 disable from the config.

---

crates/echo-dind-tests/src/rules.rs (1)

410-415: Document the over‑serialization trade‑off explicitly.
The new note says “conservatively safe” but still omits the concrete impact (spurious conflicts for write‑only rules) and why it’s acceptable here.

📝 Suggested comment expansion

 // Target node may also be read (e.g. toggle_nav reads current value).
 // Declaring the read is conservatively safe for rules that only write.
+// Trade-off: route_push/set_theme over-declare reads and may slightly
+// over-serialize; all callers use ConflictPolicy::Abort so writes already serialize.

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

crates/warp-core/src/worldline.rs (1)

792-827: Critical test coverage gap — only the node happy-path is exercised.

The new apply_set_attachment helper has four error returns and two owner variants, but the test suite only covers:

Scenario	Covered?
Node attachment set (happy path)	✅
Edge attachment set (happy path)	❌
Node with non-Alpha plane (InvalidAttachmentKey)	❌
Edge with non-Beta plane (InvalidAttachmentKey)	❌
WarpMismatch on SetAttachment	❌
MissingNode on SetAttachment	❌
MissingEdge on SetAttachment	❌

Six of seven scenarios are untested. Given the PR's emphasis on footprint enforcement and deterministic replay, leaving these paths unverified is unacceptable.

🧪 Minimal test stubs to add

#[test]
fn apply_to_store_set_edge_attachment() {
    use crate::attachment::{AtomPayload, AttachmentKey};

    let warp_id = make_warp_id("test-warp");
    let mut store = GraphStore::new(warp_id);
    let from_id = make_node_id("from");
    let to_id = make_node_id("to");
    let edge_id = make_edge_id("edge-1");
    let ty = make_type_id("EdgeType");

    store.insert_node(from_id, NodeRecord { ty });
    store.insert_node(to_id, NodeRecord { ty });
    store.upsert_edge_record(from_id, EdgeRecord { id: edge_id, from: from_id, to: to_id, ty });

    let attachment_key = AttachmentKey::edge_beta(EdgeKey { warp_id, local_id: edge_id });
    let payload = AtomPayload::new(ty, bytes::Bytes::from_static(b"edge-data"));
    let value = Some(AttachmentValue::Atom(payload));

    let patch = WorldlineTickPatchV1 {
        header: test_header(),
        warp_id,
        ops: vec![WarpOp::SetAttachment { key: attachment_key, value }],
        in_slots: vec![],
        out_slots: vec![],
        patch_digest: [0u8; 32],
    };

    patch.apply_to_store(&mut store).expect("apply failed");
    assert!(store.edge_attachment(&edge_id).is_some());
}

#[test]
fn apply_to_store_set_attachment_invalid_plane_node() {
    use crate::attachment::AttachmentKey;

    let warp_id = make_warp_id("test-warp");
    let mut store = GraphStore::new(warp_id);
    let node_id = make_node_id("node-1");
    store.insert_node(node_id, NodeRecord { ty: make_type_id("T") });

    // Node owner with Beta plane — invalid
    let key = AttachmentKey {
        owner: AttachmentOwner::Node(NodeKey { warp_id, local_id: node_id }),
        plane: AttachmentPlane::Beta,
    };
    let patch = WorldlineTickPatchV1 {
        header: test_header(),
        warp_id,
        ops: vec![WarpOp::SetAttachment { key, value: None }],
        in_slots: vec![],
        out_slots: vec![],
        patch_digest: [0u8; 32],
    };

    let result = patch.apply_to_store(&mut store);
    assert!(matches!(result, Err(ApplyError::InvalidAttachmentKey)));
}

#[test]
fn apply_to_store_set_attachment_missing_edge() {
    use crate::attachment::AttachmentKey;

    let warp_id = make_warp_id("test-warp");
    let mut store = GraphStore::new(warp_id);
    let edge_id = make_edge_id("nonexistent");

    let key = AttachmentKey::edge_beta(EdgeKey { warp_id, local_id: edge_id });
    let patch = WorldlineTickPatchV1 {
        header: test_header(),
        warp_id,
        ops: vec![WarpOp::SetAttachment { key, value: None }],
        in_slots: vec![],
        out_slots: vec![],
        patch_digest: [0u8; 32],
    };

    let result = patch.apply_to_store(&mut store);
    assert!(matches!(result, Err(ApplyError::MissingEdge(_))));
}

crates/warp-core/src/snapshot_accum.rs (2)

4-4: Module-level #![allow(dead_code)] is a blanket suppression that hides real issues.

This suppresses dead code warnings for the entire module. If there's legitimate WIP code, use targeted #[allow(dead_code)] on specific items with a // TODO: explaining why. Otherwise, you're silently accumulating cruft and losing signal from the compiler.

Remove this and address each dead code warning individually, or at minimum document exactly which items are intentionally unused and why.

---

841-854: Missing test coverage for build_attachments with actual attachment data.

The existing tests exercise node/edge creation and reachability, but none set AttachmentValue::Atom or AttachmentValue::Descend and verify that build_attachments produces correct index arrays and blob data. This is a gap — the refactored method is untested with non-empty attachment payloads.

Add at least one test that:

1. Sets node and edge attachments via WarpOp::SetAttachment
2. Calls build() and verifies wsc_bytes contains expected attachment data
3. Verifies state_root changes when attachments change

Do you want me to generate a test case that exercises attachment serialization through build_attachments?

🤖 Fix all issues with AI agents

In `@crates/warp-core/src/footprint_guard.rs`:
- Around line 205-229: The match arm currently groups WarpOp::SetAttachment and
WarpOp::OpenPortal so both produce OpTargets with is_instance_op = false; split
these into separate arms so WarpOp::SetAttachment keeps is_instance_op = false
(and attachments as before) while WarpOp::OpenPortal produces an OpTargets with
is_instance_op = true (preserving op_warp and any attachment handling you need).
Update the match on WarpOp in footprint_guard.rs (the arms constructing
OpTargets) so OpenPortal is handled independently and sets is_instance_op = true
to enforce instance-level semantics.

In `@crates/warp-core/src/snapshot_accum.rs`:
- Around line 34-36: The current type alias AttachmentArrays = (Vec<Range>,
Vec<AttRow>, Vec<Range>, Vec<AttRow>, Vec<u8>) is error-prone; replace it with a
named struct (e.g. AttachmentArrays { ranges_left: Vec<Range>, rows_left:
Vec<AttRow>, ranges_right: Vec<Range>, rows_right: Vec<AttRow>, meta: Vec<u8>
}), change SnapshotAccumulator::build_attachments to return that struct instead
of the 5-tuple, and update build_one_warp_input (and any other call sites) to
destructure or access the new struct fields by name (AttachmentArrays {
ranges_left, rows_left, ranges_right, rows_right, meta } or using dot access) so
positions cannot be transposed. Ensure all type signatures and pattern matches
are updated to use the new struct.
- Around line 595-601: Update the doc comment for fn build_attachments to
explicitly state the contract for the edges parameter and the blob-sharing/order
dependency: note that edges must be the pre-filtered reachable edges for the
given warp_id and must be in the exact same order used to construct
OneWarpInput::edges (mismatched or differently-ordered edges will produce
invalid attachment indices), and document that the blobs vector inside
AttachmentArrays is shared/accumulated across both node and edge attachments and
therefore its order is significant for consumers; reference AttachmentArrays,
OneWarpInput::edges, and build_attachments in the comment so callers know the
expectations.

In `@crates/warp-core/src/worldline.rs`:
- Around line 293-334: Expand the rustdoc for the private function
apply_set_attachment to document all error paths and caller contracts: state
that it applies a SetAttachment to a GraphStore and can return
ApplyError::InvalidAttachmentKey when the AttachmentKey.plane doesn't match the
AttachmentOwner (Alpha ↔ Node, Beta ↔ Edge), ApplyError::WarpMismatch when
key.owner (node_key.warp_id or edge_key.warp_id) differs from the provided
store_warp, and ApplyError::MissingNode / ApplyError::MissingEdge when the
referenced node or edge is not present in the store; also document the invariant
that store_warp must equal the store's warp id (i.e., callers must pass
store.warp_id()), and note the effect (calls set_node_attachment or
set_edge_attachment with the given value) so callers know the side effects
performed by apply_set_attachment.

♻️ Duplicate comments (2)

docs/study/echo-tour-de-code-directors-cut.tex (1)

921-947: Update execute_item_enforced pseudocode to match the current API.
Line 921 still shows the old signature and Line 947 returns Ok(()), but the current function returns the delta (Result<TickDelta, PoisonedDelta>) and takes the new parameter set.

🛠️ Suggested doc fix

-execute_item_enforced(view, item, delta, footprint)
+execute_item_enforced(store, item, idx, unit, delta)
...
-      └─ IF both clean:
-            return Ok(())
+      └─ IF both clean:
+            return Ok(delta)

crates/warp-core/src/engine_impl.rs (1)

1239-1254: Name-based system-rule detection is brittle—prefer an explicit flag.
Hardcoding rule names means any new system rule can silently misclassify. Consider RewriteRule { is_system: bool } or a dedicated registration path.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

crates/warp-core/tests/boaw_merge_tripwire.rs (2)

3-7: Inner attribute interleaves with module documentation — reorder for clarity.

The #![cfg(feature = "delta_validate")] on line 4 bisects your module-level doc comments. While Rust accepts this, it's visually jarring and unconventional. Standard practice is to place inner attributes either before all //! doc comments or after the complete doc block.

♻️ Suggested reorder

 // SPDX-License-Identifier: Apache-2.0
 // © James Ross Ω FLYING•ROBOTS <https://github.com/flyingrobots>
+#![cfg(feature = "delta_validate")]
 //! Merge tripwire tests for BOAW Phase 6.
-#![cfg(feature = "delta_validate")]
 //!
 //! These tests verify that footprint model violations are caught at merge time,
 //! proving the safety net exists.

---

176-219: Missing edge case: single origin emitting conflicting values for the same key.

All conflict tests involve different origins. What happens if a single buggy rule emits two ops with the same key but different values within one delta? This pathological case would indicate a non-deterministic or buggy rule. Does TickDelta::push_with_origin allow this? Does merge detect it?

Add a test to verify behavior when a single origin produces self-conflicting ops:

🧪 Suggested additional test

/// Single origin emits conflicting values for the same key.
///
/// This is a pathological case: a buggy or non-deterministic rule that
/// emits two different values for the same key within a single tick.
#[test]
fn single_origin_self_conflict() {
    let warp_id = make_warp_id("self-conflict-warp");
    let node_id = make_node_id("self-conflict-node");
    let key = AttachmentKey::node_alpha(NodeKey {
        warp_id,
        local_id: node_id,
    });

    let origin = make_origin(1, 1);
    let mut delta = TickDelta::new();

    // Same origin, same key, DIFFERENT values — a rule bug
    delta.push_with_origin(make_set_attachment(key, b"value-a"), origin);
    delta.push_with_origin(make_set_attachment(key, b"value-b"), origin);

    let result = merge_deltas_ok(vec![delta]);

    // Document expected behavior: conflict? last-write-wins? panic?
    // Adjust assertion based on intended semantics.
    assert!(
        result.is_err(),
        "Single origin emitting conflicting values should be detected as error"
    );
}

crates/echo-dind-tests/src/rules.rs (1)

65-65: Same executor/footprint mismatch in route_push_rule and set_theme_rule.

While toast_rule gets the spotlight, route_push_rule (line 65) and set_theme_rule (line 88) exhibit identical patterns:

// route_push_rule executor (lines 58-64):
if let Some(args) = decode_op_args::<ops::route_push::Args>(...) {
    emit_route_push(...);  // conditional emission
}
// route_push_rule footprint (line 65):
compute_footprint: |s, scope| footprint_for_state_node(...)  // unconditional declaration

Both rules over-declare footprints when decode fails. If you're fixing toast_rule, apply the same fix here for consistency—or document explicitly that this over-declaration is intentional for these rules and why.

With footprint enforcement now active (Phase 6B), these spurious reservations affect parallel scheduling in debug builds.

Also applies to: 88-88

🤖 Fix all issues with AI agents

In `@crates/echo-dry-tests/src/demo_rules.rs`:
- Around line 217-218: There is a duplicated rustdoc line above the rule name
constant for the demo port reservation rule; remove the repeated /// comment so
only a single doc comment remains for the rule name constant (the demo port
reservation rule constant) to avoid redundant documentation.

In `@docs/book/echo/sections/15-boaw-storage.tex`:
- Around line 107-114: The paragraph only describes read-side footprint checks
via GraphView::new_guarded(), so update the text to also document write-side
(reserve-time) enforcement: explain that when footprint_enforce_release is
enabled (and unsafe_graph is not set) the system validates both read and write
footprints and that write footprint violations are detected and flagged at
reserve time (not on actual write access), producing the same
FootprintViolation-style errors; keep the existing note that read guards enforce
safety not tightness and mention GraphView::new_guarded() as the read guard
while explicitly stating reserve-time checks validate declared write sets before
mutation occurs.

♻️ Duplicate comments (1)

crates/echo-dind-tests/src/rules.rs (1)

139-175: Executor/footprint control-flow mismatch remains unresolved.

The executor (lines 123-137) wraps emission in if let Some(args) = decode_op_args(...). When decoding fails, zero writes occur. Yet compute_footprint unconditionally declares the full write set—view_id, op_id, edge_id, and attachments.

Contrast with put_kv_rule (lines 331-339), which correctly mirrors executor control flow:

compute_footprint: |s, scope| {
    if let Some(args) = decode_op_args::<ops::put_kv::Args>(...) {
        footprint_for_state_node(...)
    } else {
        Footprint::default()  // ← decode failure = no writes = minimal footprint
    }
}

Consequences of current implementation:

1. Spurious conflicts: Reserving sim/view + derived op nodes when this rule won't write them blocks unrelated concurrent work.
2. Invariant violation: PR objectives state footprints "match actual writes"—this violates that contract.
3. Inconsistency: Same file, same decode pattern, different footprint handling.

🔧 Proposed fix: mirror executor control flow

         compute_footprint: |s, scope| {
+            // Only declare full footprint if args decode succeeds (mirrors executor).
+            if decode_op_args::<ops::toast::Args>(s, scope, ops::toast::decode_vars).is_none() {
+                // Minimal read footprint for the decode attempt itself.
+                let warp_id = s.warp_id();
+                let mut n_read = NodeSet::default();
+                let mut a_read = AttachmentSet::default();
+                n_read.insert_with_warp(warp_id, *scope);
+                a_read.insert(AttachmentKey::node_alpha(NodeKey {
+                    warp_id,
+                    local_id: *scope,
+                }));
+                return Footprint { n_read, a_read, ..Default::default() };
+            }
             let warp_id = s.warp_id();
             let mut n_read = NodeSet::default();
             // ... rest unchanged

Note: This introduces double-decode like put_kv_rule. If that's acceptable there (and it is, per the TODO at line 312), it's acceptable here. If not, both need refactoring to cache decode results—but that's a separate issue.

[coderabbitai]

Actionable comments posted: 10

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

crates/echo-dry-tests/src/lib.rs (1)

23-36: Add rustdoc for the new public footprint module and re-export.
pub mod footprint and pub use footprint::FootprintBuilder are public API and need rustdoc describing intent/usage/invariants.

📌 Suggested docs

-pub mod footprint;
+/// Ergonomic footprint construction helpers for tests.
+pub mod footprint;
@@
-pub use footprint::FootprintBuilder;
+/// Builder for assembling `Footprint` instances in tests.
+pub use footprint::FootprintBuilder;

As per coding guidelines, public APIs must be documented.

crates/warp-core/src/boaw/exec.rs (1)

329-397: Documentation/implementation mismatch: worker abandons all remaining work on poison.

footprint_guard.rs line 30-31 states: "the worker continues with remaining items." But here (lines 374-376), when execute_item_enforced returns Err(poisoned), the worker returns immediately via return Ok(Err(poisoned)), abandoning:

1. Remaining items in the current unit
2. All subsequent units this worker would have claimed

This is likely the correct behavior (the accumulated delta is tainted, continuing would be unsound), but the documentation in footprint_guard.rs is misleading.

📝 Suggested documentation fix in footprint_guard.rs

-/// On violation: the violating item's execution is aborted, its delta becomes a
-/// `PoisonedDelta`, and the worker continues with remaining items.
+/// On violation: the violating item's execution is aborted, its delta becomes a
+/// `PoisonedDelta`, and the worker returns immediately (remaining items in that
+/// worker's queue are abandoned; other workers continue independently).

🤖 Fix all issues with AI agents

In `@CHANGELOG.md`:
- Around line 48-58: Fix the incorrect wording about worker behavior after a
FootprintViolation: update the changelog text so it states that
FootprintViolation (triggered via panic_any producing a PoisonedDelta) aborts
only the violating item's execution while the worker continues processing
remaining items in its queue; reference footprint_guard.rs and the symbol
PoisonedDelta to clarify this behavior, but keep the rest of the description
about engine merge paths (merge_deltas/delta_validate vs non-delta_validate),
resume_unwind(), into_panic(), and immediate abort semantics unchanged.

In `@crates/echo-dry-tests/src/footprint.rs`:
- Around line 171-229: The API is asymmetric: you have
reads_node_alpha/writes_node_alpha but no edge equivalents even though
AttachmentOwner::Edge and edge (β) plane exist; either add mirroring methods
reads_edge_alpha, reads_edge_beta, writes_edge_alpha, writes_edge_beta that
insert AttachmentKey::edge_alpha/edge_beta with EdgeKey { warp_id: self.warp_id,
local_id: edge_id } (use EdgeId/EdgeKey analogously to NodeId/NodeKey and follow
the pattern in reads_nodes_alpha/writes_nodes_alpha and
reads_attachment_key/writes_attachment_key), or if edges are intentionally
unsupported add a module-level doc comment explaining the omission and rationale
so callers aren’t confused.
- Around line 133-169: reads_edge and reads_edges manually construct EdgeKey
while writes_edge/writes_edges use EdgeSet::insert_with_warp; change the read
methods to call self.e_read.insert_with_warp(self.warp_id, id) (and in
reads_edges iterate ids and call insert_with_warp for each) so both e_read and
e_write delegate key construction to insert_with_warp; update reads_edge,
reads_edges to remove direct EdgeKey construction and use warp_id and EdgeId
with insert_with_warp to maintain API symmetry with NodeSet and future EdgeKey
changes.

In `@crates/warp-core/src/boaw/exec.rs`:
- Around line 352-384: The nested return type Result<Result<TickDelta,
PoisonedDelta>, WarpId> is awkward; introduce a flat enum (e.g. WorkerResult
with variants Success(TickDelta), Poisoned(PoisonedDelta), MissingStore(WarpId))
and change the s.spawn closure and its callers to return WorkerResult instead of
the nested Result; update the closure body (the resolve_store(&unit.warp_id)
error path should return MissingStore(unit.warp_id), the poisoned path should
return Poisoned(poisoned) and the success path should return Success(delta)),
and adjust downstream code that currently matches nested Results to match the
new WorkerResult variants (symbols to update: the s.spawn closure,
execute_item_enforced call handling, resolve_store error handling, and any
collector Vec<Result<Result<TickDelta,PoisonedDelta>,WarpId>> usages).
- Around line 278-280: The guards field is initialized with Vec::new() creating
a construction hole if the engine forgets to call attach_footprint_guards; add a
clear doc comment on the guards field in the struct (the guards: Vec<...> member
in exec.rs) stating the invariant/contract that the engine MUST call
attach_footprint_guards (or equivalent) to populate guards before any execution,
mention that runtime assertions check this (see attach_footprint_guards usage
and the assertions around guards), and include guidance about intended
ownership/usage so future maintainers know not to rely on an empty Vec as a
valid state.

In `@crates/warp-core/src/footprint_guard.rs`:
- Around line 105-114: The struct FootprintViolationWithPanic is missing a Debug
impl which makes panic logs less informative; add a manual impl Debug for
FootprintViolationWithPanic that formats the contained violation using its
derived Debug and represents exec_panic in a readable way (e.g., show its TypeId
or a placeholder string like "<non-debuggable panic payload>" and/or attempt
downcasting to &str/String for richer output). Implement fmt::Debug for
FootprintViolationWithPanic, reference the fields violation and exec_panic in
the implementation, and ensure the implementation is robust to non-downcastable
panic payloads so it never panics while formatting.
- Around line 161-170: The doc-only invariant that GraphView must not expose
incoming-edge accessors (edges_to) should be enforced at compile time: add a
private/sealed trait (e.g., GraphViewSealed) in the same module and make the
public trait GraphView require GraphViewSealed as a supertrait, then implement
GraphViewSealed for the concrete implementor(s) (e.g., GraphStore) so any
attempt to add a new public accessor like edges_to() to GraphView will require
consciously unsealing the trait; optionally complement this by adding a unit
test that asserts only edges_from() exists on GraphView (fail-fast if new
adjacency accessors are added). Ensure you update the trait declarations and
implementations (GraphView, GraphViewSealed, GraphStore impls) accordingly so
the invariant is enforced by the type system.

In `@crates/warp-core/src/lib.rs`:
- Around line 103-106: Update the documentation comment around
ExecItem/FootprintGuard/WorkUnit/GraphView::new_guarded() to make it explicit
that write validation via check_op() runs both after normal executor completion
and also during unwind (e.g., when the executor panics), so emitted ops are
validated even on panic; locate the block that currently says “after the
executor completes” and change it to mention “after the executor completes or
unwinds (panics), with check_op() running on unwind” and keep references to
ExecItem, FootprintGuard, WorkUnit, GraphView::new_guarded(), and check_op() for
clarity.

In `@docs/study/echo-tour-de-code.tex`:
- Around line 855-860: The wording implies merge_deltas() was removed; update
the sentence that currently reads "replacing merge_deltas()" to indicate
merge_deltas_ok() is a preferred/higher-level wrapper rather than a replacement
(e.g., "preferred wrapper around merge_deltas()" or "higher-level wrapper;
merge_deltas() remains available (feature‑gated)"). Reference the types and
functions in the paragraph (PoisonedDelta, TickDelta, execute_item_enforced(),
merge_deltas_ok(), merge_deltas()) so readers understand merge_deltas() still
exists as the lower‑level API.

In `@docs/study/what-makes-echo-tick.tex`:
- Around line 1076-1080: Update the sentence describing violation payloads to
include the FootprintViolationWithPanic variant: note that while basic
violations are represented as FootprintViolation payloads, executor panics
combined with violations are surfaced as FootprintViolationWithPanic; reference
the per-ExecItem guard within a WorkUnit and clarify that each rule invocation
receives its own guard scoped to that item's footprint and may produce either
FootprintViolation or FootprintViolationWithPanic payloads to avoid the current
simplification.

♻️ Duplicate comments (2)

docs/study/echo-visual-atlas.md (1)

506-508: Document unsafe_graph precedence in the enforcement key.
The key still reads as if enforcement always applies; unsafe_graph disables it. Please make this explicit to avoid misreading.

🛠️ Suggested doc tweak

-**Key:** When footprint enforcement is active (`cfg(debug_assertions)` or
-`footprint_enforce_release` feature), every `ExecItem` execution is wrapped
+**Key:** When footprint enforcement is active (`cfg(debug_assertions)` or
+`footprint_enforce_release` feature, and *not* `unsafe_graph`), every `ExecItem` execution is wrapped
 by `execute_item_enforced()`. Two independent `catch_unwind` boundaries run:

crates/warp-core/src/snapshot_accum.rs (1)

34-36: Avoid the 5‑tuple AttachmentArrays; it’s a silent transposition hazard.
Two Vec<AttRow> positions make accidental swaps compile and corrupt output.

♻️ Proposed struct replacement

-/// Attachment arrays output from [`SnapshotAccumulator::build_attachments`].
-type AttachmentArrays = (Vec<Range>, Vec<AttRow>, Vec<Range>, Vec<AttRow>, Vec<u8>);
+/// Attachment arrays output from [`SnapshotAccumulator::build_attachments`].
+///
+/// Contains index ranges and row data for node/edge attachments, plus shared blob storage.
+struct AttachmentArrays {
+    node_atts_index: Vec<Range>,
+    node_atts: Vec<AttRow>,
+    edge_atts_index: Vec<Range>,
+    edge_atts: Vec<AttRow>,
+    blobs: Vec<u8>,
+}

[coderabbitai]

Actionable comments posted: 11

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

docs/study/what-makes-echo-tick-processed.md (1)

878-896: Footprint example contradicts executor reads—this would panic under enforcement.
The example declares no attachment reads, yet the executor reads intent.attachment("target") and viewer.attachment("current"). With FootprintGuard, this is an immediate violation. Update a_read and the commentary to match the executor. If this file is derived from the .tex, fix the source and re‑generate to keep them in sync.

🛠️ Proposed fix

 fn navigate_footprint(view: GraphView, scope: &NodeId) -> Footprint {
     Footprint {
         n_read: btreeset![scope.clone(), viewer_node],
         n_write: btreeset![],
-        a_read: btreeset![],
+        a_read: btreeset![
+            AttachmentKey::new(scope.clone(), "target"),
+            AttachmentKey::new(viewer_node, "current"),
+        ],
         a_write: btreeset![AttachmentKey::new(viewer_node, "current")],
         ..default()
     }
 }
@@
-We're _not_ reading any attachments (we just need the node records), and we're _not_ writing any nodes (the viewer node already exists).
+We **do** read attachments (`intent.target`, `viewer.current`), so they must be declared in `a_read`. We’re not writing any nodes (the viewer node already exists).

crates/warp-core/src/worldline.rs (1)

232-245: Docs must reflect non‑cascading DeleteNode semantics.
delete_node_isolated now fails on incident edges, but the Supported Operations doc still says DeleteNode cascades. Also add a regression test for the NodeNotIsolated error path so this behavior can’t silently regress. As per coding guidelines, public APIs must document invariants accurately.

📝 Suggested doc fix

-/// - `DeleteNode`: Delete a node and cascade to edges/attachments
+/// - `DeleteNode`: Delete an isolated node; errors if incident edges exist (no cascade)

docs/study/echo-tour-de-code.md (1)

154-216: Dangling -NNN suffixes make file paths invalid.

Examples like engine_impl.rs-719 read as filename typos. Either restore :start-end or drop the suffix entirely; the issue repeats in later sections too (scheduler/BOAW entries).

✏️ Example fix

-**File:** `crates/warp-core/src/engine_impl.rs-719`
+**File:** `crates/warp-core/src/engine_impl.rs`

Also applies to: 329-350

🤖 Fix all issues with AI agents

In `@crates/echo-dry-tests/src/footprint.rs`:
- Around line 299-306: The doc for reads_writes_node_alpha claims a node write
but the method only calls reads_node, reads_node_alpha and writes_node_alpha;
either update the doc to remove the "node write" claim or make the
implementation match the doc by adding .writes_node(node_id) to the chain in
reads_writes_node_alpha so it declares a node write; refer to the
reads_writes_node_alpha function and the writes_node(node_id) method when
applying the change.

In `@crates/warp-benches/benches/boaw_baseline.rs`:
- Around line 147-153: The benchmark currently only panics on
WorkerResult::MissingStore and ignores WorkerResult::Poisoned, which can hide
corrupted runs; update the result-checking loop in the execute_work_queue
handling (where results are iterated after execute_work_queue(&units, 4, |wid|
stores.get(wid))) to also explicitly match WorkerResult::Poisoned(wid) and panic
(or return Err) with a clear message like "bench: poisoned worker {wid:?}",
mirroring the MissingStore handling; apply the same change to the other
identical result-checking block later in the file.

In `@crates/warp-core/src/engine_impl.rs`:
- Around line 1847-1875: The non-delta_validate branch in this block mirrors
merge_deltas' flatten/sort but omits the "write-to-new-warp" validation; extract
the validation that merge_deltas uses (the helper that checks same-tick writes
targeting warps created by OpenPortal(PortalInit::Empty)) into a shared function
and call it here after producing and sorting flat (i.e., after
flat.sort_unstable_by(...) and before dedup/Ok(...)); ensure the helper takes
the ops (from TickDelta::into_ops_unsorted / items with .sort_key()) and returns
the same error type used by merge_deltas on failure so behavior is identical
across both paths.

In `@crates/warp-core/src/footprint_guard.rs`:
- Around line 118-126: The fallback currently returns the string literal
"<non-debuggable panic payload>" while the comment says it should show the
TypeId; change the fallback to capture and display the actual TypeId from
self.exec_panic. Concretely, after the downcast_ref checks for &str and String,
compute let type_id = self.exec_panic.type_id(); format it into a temporary
String (e.g. format!("panic TypeId({:?})", type_id)) and assign a reference to
that formatted String to panic_desc (ensuring the temporary lives long enough in
the surrounding scope). Use the same symbols shown (panic_desc,
self.exec_panic.downcast_ref::<&str>(),
self.exec_panic.downcast_ref::<String>(), and self.exec_panic.type_id()) so the
Debug output shows the TypeId instead of the placeholder.

In `@crates/warp-core/src/lib.rs`:
- Around line 86-126: The doc claim "Tests: enforcement is always active" is
inaccurate; update the module doc comment in crates/warp-core/src/lib.rs (the
Footprint enforcement guard / "Recommended Usage" section) to qualify that
enforcement is active by default in normal test builds but can be disabled in
release-mode tests (e.g., `cargo test --release`) or when `unsafe_graph` is
used, and that it must be explicitly enabled in release via the
`footprint_enforce_release` feature; replace the single unqualified sentence
with a brief, precise statement covering these three cases (default test builds,
release tests requiring feature, and `unsafe_graph` opt-out).

In `@crates/warp-core/src/snapshot_accum.rs`:
- Around line 262-274: SnapshotAccumulator::apply_op currently handles
WarpOp::DeleteNode by unconditionally removing self.nodes and the alpha
AttachmentKey (node_attachments), which lets non‑isolated nodes be deleted even
though GraphStore::delete_node_isolated would reject them; add a validation
guard before mutating state: check for incident edges (or call an existing
helper used by GraphStore::delete_node_isolated) and either return an error or
assert/debug-fail (use delta_validate or cfg!(debug_assertions) path) when the
node has incident edges, so DeleteNode only proceeds for isolated nodes and the
accumulator's behavior matches GraphStore semantics.

In `@crates/warp-core/src/worldline.rs`:
- Around line 293-360: apply_set_attachment duplicates validation logic already
present in tick_patch::apply_set_attachment; extract the common checks (plane vs
owner, warp_id vs store_warp, existence checks for node/edge) into a shared
helper (e.g., validate_attachment or reuse validate_attachment_plane) and call
it from both apply_set_attachment and tick_patch::apply_set_attachment so both
paths return the same ApplyError variants and behavior; ensure the helper
accepts AttachmentKey, store_warp and a reference to GraphStore (or callbacks
for existence checks) and that apply_set_attachment still calls
store.set_node_attachment / store.set_edge_attachment after validation.

In `@docs/study/echo-tour-de-code.md`:
- Around line 677-682: The pseudocode around executor invocation is missing
origin tracking: before calling (item.exec)(...) the real code wraps the delta
with delta.scoped(item.origin). Update the snippet so ops_before = delta.len()
remains, but replace the raw delta passed to (item.exec)(view, &item.scope,
delta) with a scoped wrapper (e.g., delta.scoped(item.origin)) so origin
tracking is preserved when calling item.exec; ensure the catch_unwind block and
variable names (ops_before, result, item.exec, item.origin) remain consistent
with the existing pseudocode.

In `@docs/study/echo-tour-de-code.tex`:
- Around line 831-833: The pseudocode uses delta.ops() but the real API is
delta.ops_ref(); update the snippet so the loop iterates over
delta.ops_ref()[ops_before..] instead of delta.ops()[ops_before..], keeping the
guard.check_op(op) → panic_any(FootprintViolation) and the ops_before slice
semantics unchanged; ensure any explanatory text or examples in the same section
reference delta.ops_ref() consistently.

In `@docs/study/what-makes-echo-tick.md`:
- Around line 306-315: The bullet about "Undeclared reads" is misleading:
clarify that GraphView::edges_from() is covered by n_read (reading adjacency
from a node) while direct edge-by-ID accesses like has_edge and edge_attachment
require e_read; update the wording to state that node-based edge traversal
checks n_read and edge-specific operations check e_read, and mention
FootprintGuard, n_read, e_read, GraphView::edges_from(), has_edge, and
edge_attachment so authors know which permission each access pattern requires.

In `@docs/WARP-GRAPH.md`:
- Around line 580-583: Update the docs to reflect that hashing/snapshots already
migrated to u64 in V2: change the section that discusses future work to state
that V2 uses u64 lengths/counts (remove or mark the u32 plan as historical),
note that NodeId/EdgeId/TypeId/WarpId are #[repr(transparent)] and have
as_bytes() where applicable (add mention of as_bytes() for EdgeId/TypeId if
implemented or note it's only on NodeId/WarpId), and reference the *_V2 hash
variant as the current implementation rather than a future suggestion.

♻️ Duplicate comments (2)

docs/study/what-makes-echo-tick.md (1)

85-88: Trim a few wordy phrases for tighter cadence.
(LanguageTool still flags these; same suggestion as prior review.)

✂️ Suggested edits

-I've read a lot of engine architectures.
+I've read many engine architectures.

-That discipline is hard to maintain, and I respect it.
+That discipline is difficult to maintain, and I respect it.

-...separates "deterministic by accident" from "deterministic by design."
+...separates "deterministic accidentally" from "deterministic by design."

-...replay them later, get the exact same state hash
+...replay them later, get the same state hash

Also applies to: 103-106, 440-446, 1116-1124

docs/study/echo-tour-de-code.md (1)

9-10: Line‑number policy still contradicts itself.

Top note says line numbers are intentionally omitted, yet the File Index lists line ranges and the footer reiterates omission. Pick one policy or explicitly scope line numbers to the index only.

✏️ Possible wording fix

-File paths are accurate as of 2026-01-25; line numbers are intentionally omitted to avoid drift.
+File paths are accurate as of 2026-01-25. Line numbers appear only in the File Index and may drift.

-_Document generated 2026-01-25. File paths are accurate as of this date; line numbers are intentionally omitted._
+_Document generated 2026-01-25. File paths are accurate as of this date; line numbers appear only in the File Index and may drift._

Also applies to: 1285-1307, 1351-1351

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Avoid divergent attachment validation logic.
apply_set_attachment now mirrors validation in tick_patch::apply_set_attachment. Consider extracting a shared helper (or reusing validate_attachment_plane) to prevent subtle drift between replay and tick‑patch paths.

🤖 Prompt for AI Agents

In `@crates/warp-core/src/worldline.rs` around lines 293 - 360,
apply_set_attachment duplicates validation logic already present in
tick_patch::apply_set_attachment; extract the common checks (plane vs owner,
warp_id vs store_warp, existence checks for node/edge) into a shared helper
(e.g., validate_attachment or reuse validate_attachment_plane) and call it from
both apply_set_attachment and tick_patch::apply_set_attachment so both paths
return the same ApplyError variants and behavior; ensure the helper accepts
AttachmentKey, store_warp and a reference to GraphStore (or callbacks for
existence checks) and that apply_set_attachment still calls
store.set_node_attachment / store.set_edge_attachment after validation.

[coderabbitai]

Actionable comments posted: 12

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/warp-core/src/snapshot_accum.rs (1)

338-362: Dead code in remove_incident_edges requires cleanup.

Verified: this method has exactly zero call sites across the entire crate—it exists only as a definition at line 341. The module-level #![allow(dead_code)] at line 4 masks what should not be silently ignored. With new non-cascading DeleteNode semantics, this cascading delete implementation is now orphaned.

Choose one:

1. Delete it outright.
2. Mark it #[allow(dead_code)] locally with a comment explaining the future intent if it's conditionally needed.
3. Add a test that exercises it if the path is still required.

Leaving it masked indefinitely rots the codebase.

🤖 Fix all issues with AI agents

In `@crates/warp-benches/benches/boaw_baseline.rs`:
- Around line 147-160: The panic message for WorkerResult::Poisoned is
misleading because the payload is a PoisonedDelta, not a WarpId; update the
match arm in the execute_work_queue results loop to bind a descriptive name
(e.g., PoisonedDelta or pd) instead of `wid` and change the panic to include the
poisoned delta debug info (for example: panic!("bench: poisoned worker delta
{pd:?}");) or, if PoisonedDelta contains a warp id field, extract and display
that field explicitly; ensure you only modify the WorkerResult::Poisoned match
arm (and any binding names) so WorkerResult::MissingStore continues to reference
the actual warp id.
- Around line 237-251: The panic for the WorkerResult::Poisoned arm uses a
misleading binding name; update the match arm in the loop over results (after
execute_work_queue) to bind Poisoned to a descriptive name (e.g., poisoned)
instead of wid and change the panic message to reference that binding (for
example "bench: poisoned worker {poisoned:?}") so it parallels the MissingStore
arm and clearly indicates the poisoned worker id.

In `@crates/warp-core/src/boaw/merge.rs`:
- Around line 187-219: check_write_to_new_warp duplicates the new-warp
collection + validation logic from merge_deltas; extract the shared logic into
helpers and call them from both places to avoid DRY. Add a helper like
collect_new_warps(ops: &[WarpOp]) -> BTreeSet<WarpId> that encapsulates the
OpenPortal/PortalInit::Empty detection, and a helper like
find_write_to_new_warp(ops: impl Iterator<Item=&WarpOp>, new_warps:
&BTreeSet<WarpId>) -> Option<(WarpId, &'static str)> that runs the
extract_target_warp check; then replace the duplicated code in merge_deltas and
in check_write_to_new_warp with calls to these helpers (keeping
extract_target_warp as-is). Ensure signature visibility (pub(crate) or private)
matches usage and update any callers accordingly.
- Line 194: The function check_write_to_new_warp is missing rustdoc describing
its intent, invariants, and when callers should use it instead of calling
merge_deltas directly; add a concise doc comment above pub(crate) fn
check_write_to_new_warp explaining: what the function does, the preconditions
for its inputs, the postconditions it guarantees, the scenarios in which callers
should prefer check_write_to_new_warp over merge_deltas (e.g., special
validation or state assumptions), and any panics/errors it may produce;
reference the function name check_write_to_new_warp and the related merge_deltas
in the doc to clarify usage and expected invariants.

In `@crates/warp-core/src/footprint_guard.rs`:
- Around line 143-271: The DeleteEdge arm in op_write_targets doesn't include
edge attachment write targets, so add the edge attachment key there: in the
WarpOp::DeleteEdge match arm (op_write_targets), set attachments:
vec![AttachmentKey::edge(*edge_id)] (similar to how DeleteNode adds
AttachmentKey::node_alpha), leaving nodes, edges, is_instance_op, op_warp, and
kind_str unchanged so GraphStore::delete_edge_exact's attachment removals are
declared for enforcement.

In `@crates/warp-core/src/snapshot_accum.rs`:
- Line 198: The apply_op function in SnapshotAccum is still large and relies on
#[allow(clippy::too_many_lines)]; refactor by extracting per-variant helper
functions (e.g., create apply_open_portal, apply_delete_node, apply_create_node,
etc.) that contain the logic for each match arm, move the corresponding code
into those helpers, and have apply_op become a thin dispatcher that matches the
op variant and calls the appropriate helper; remove or reduce the clippy allow
attribute, keep helper functions private to the module, and update/add unit
tests targeting the new helpers to preserve behavior.
- Around line 263-284: The debug-only incident-edge check inside the
WarpOp::DeleteNode arm scans all edges via self.edges.iter(), yielding O(D×E)
cost for D deletes over E edges; add a short comment above the #[cfg(...)] block
documenting this debug-only quadratic behavior (or, if you expect bulk deletes
in debug/delta_validate builds, replace the check with a temporary
adjacency/index build before processing multiple deletes). Reference the
existing symbols in your comment: WarpOp::DeleteNode, self.edges, debug_assert!,
and the node local_id/warp_id checks so future maintainers know why the check is
only guarded by cfg and what alternative (build reverse adjacency) to use if
optimizing.

In `@crates/warp-core/src/tick_patch.rs`:
- Around line 755-759: Expand the doc comment on the NodeNotIsolated error
variant to include the rationale: explain that DeleteNode must not cascade to
enforce explicit footprint management for resource/accounting, that callers
should emit explicit DeleteEdge ops before DeleteNode to avoid violating
footprint enforcement, and reference the relevant operations (DeleteNode,
DeleteEdge) and the NodeKey type so developers can find the variant easily when
debugging.
- Around line 520-521: Move the local import use crate::graph::DeleteNodeError;
out of the body of apply_op_to_state and add it to the module-level use/imports
near the top of the file so the type is imported once for discoverability and to
avoid a function-local use; then remove the redundant local import inside
apply_op_to_state to keep imports consistent and idiomatic.
- Around line 641-646: Add comprehensive rustdoc to the public method
AttachmentKey::is_plane_valid explaining its intent, the invariant it checks
(plane-owner pairing rules), expected return semantics (true when invariant
holds, false otherwise), any edge cases, and recommended usage (when callers
should validate vs assume). Locate the pub fn is_plane_valid on the
AttachmentKey type and prepend a /** ... */ or /// doc comment covering purpose,
invariants, examples of correct/incorrect input, and stability/visibility notes
so the public API across crates is documented per guidelines.

In `@crates/warp-core/src/worldline.rs`:
- Around line 194-195: The scoped import use crate::graph::DeleteNodeError is
declared inside a function body; move this import to the module-level use list
so it's visible with other imports and avoids unexpected scoped dependency.
Remove the in-function use line and add use crate::graph::DeleteNodeError;
alongside the other top-level uses in worldline.rs (so references to
DeleteNodeError in functions remain unchanged).

In `@docs/study/echo-tour-de-code.md`:
- Around line 677-685: Pseudocode incorrectly passes the scoped wrapper to the
executor; update it to match execute_item_enforced by calling
delta.scoped(item.origin) into a mutable scoped variable and passing
scoped.inner_mut() to (item.exec) so the executor receives the mutable inner
accessor. Locate the delta.scoped usage (delta.scoped and scoped) and change the
call site to create a mutable scoped binding and invoke scoped.inner_mut() when
calling (item.exec), mirroring the real implementation in execute_item_enforced.

♻️ Duplicate comments (4)

crates/warp-core/src/worldline.rs (1)

321-360: Divergent validation logic still exists between worldline and tick_patch.

This apply_set_attachment duplicates the plane/warp/existence validation in tick_patch::apply_set_attachment. The implementations use slightly different approaches:

• Here: key.is_plane_valid() then match on owner
• tick_patch: validate_attachment_plane(key)? then match on owner

If either evolves independently, subtle behavioral drift is inevitable. Extract a shared validate_and_apply_attachment helper or at minimum document this coupling explicitly.

docs/study/what-makes-echo-tick.md (1)

85-88: Minor: LanguageTool flags "a lot of" as wordy.

Consider: "I've read many engine architectures" for tighter prose.

docs/WARP-GRAPH.md (1)

580-582: Hashing section still contains misleading "Done" claims — verify implementation.

The text claims V2 uses u64 and ID types have #[repr(transparent)], but the V1 code block below still shows u32 truncation. This creates confusion about which version is actually current.

#!/bin/bash
# Verify V2 hash uses u64 and repr(transparent) is on ID types
rg -n 'DIND_STATE_HASH_V2' --type rust -A 10
rg -n '#\[repr\(transparent\)\]' crates/warp-core/src/ident.rs -A 2

docs/study/echo-tour-de-code.md (1)

1286-1311: File index still contains line numbers — contradicts header policy.

Line 9 states "line numbers are intentionally omitted," yet the File Index table (lines 1289-1310) contains explicit line ranges. This is the same inconsistency flagged in past reviews. Either remove line numbers from the table or update the header to say "line numbers provided with last-verified date."

📝 Suggested fix: remove line numbers from table

-| Component           | Primary File     | Key Lines        |
-| ------------------- | ---------------- | ---------------- |
-| Intent Ingestion    | `engine_impl.rs` | 1216-1281        |
+| Component           | Primary File     |
+| ------------------- | ---------------- |
+| Intent Ingestion    | `engine_impl.rs` |

Or update line 9:

-> File paths are accurate as of 2026-01-25; line numbers are intentionally omitted to avoid drift.
+> File paths are accurate as of 2026-01-25; line numbers in the File Index are approximate and may drift.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Same misleading panic message for Poisoned variant.

Apply the same fix as above — rename wid to poisoned and adjust the message.

🛠️ Suggested fix

-                                WorkerResult::Poisoned(wid) => {
-                                    panic!("bench: poisoned worker {wid:?}");
+                                WorkerResult::Poisoned(poisoned) => {
+                                    panic!("bench: worker poisoned with violation: {poisoned:?}");
                                 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	let results =
	execute_work_queue(&units, workers, |warp_id| stores.get(warp_id));
	// Bench assumes all stores exist; panic on MissingStore/Poisoned for debugging
	for r in &results {
	match r {
	WorkerResult::MissingStore(wid) => {
	panic!("bench: missing store for warp {wid:?}");
	}
	WorkerResult::Poisoned(wid) => {
	panic!("bench: poisoned worker {wid:?}");
	}
	WorkerResult::Success(_) => {}
	}
	}
	criterion::black_box(results)
	let results =
	execute_work_queue(&units, workers, |warp_id| stores.get(warp_id));
	// Bench assumes all stores exist; panic on MissingStore/Poisoned for debugging
	for r in &results {
	match r {
	WorkerResult::MissingStore(wid) => {
	panic!("bench: missing store for warp {wid:?}");
	}
	WorkerResult::Poisoned(poisoned) => {
	panic!("bench: worker poisoned with violation: {poisoned:?}");
	}
	WorkerResult::Success(_) => {}
	}
	}
	criterion::black_box(results)

🤖 Prompt for AI Agents

In `@crates/warp-benches/benches/boaw_baseline.rs` around lines 237 - 251, The
panic for the WorkerResult::Poisoned arm uses a misleading binding name; update
the match arm in the loop over results (after execute_work_queue) to bind
Poisoned to a descriptive name (e.g., poisoned) instead of wid and change the
panic message to reference that binding (for example "bench: poisoned worker
{poisoned:?}") so it parallels the MissingStore arm and clearly indicates the
poisoned worker id.

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

crates/warp-benches/benches/boaw_baseline.rs (1)

7-22: Consider adding benchmarks that isolate enforcement overhead.

The benchmarks measure baseline performance for serial/parallel execution and worker scaling, but they don't quantify the cost of FootprintGuard metadata collection and validation. Since footprint enforcement is a runtime change and the benchmark harness exists, measuring its overhead—with enforcement enabled vs. disabled—would be valuable for detecting regressions and justifying the cost in future phases.

To implement this, enable feature-gated conditional compilation in the benchmark: run the existing benchmarks twice by compiling warp-core with and without footprint_enforce_release, or use conditional benchmark groups to measure both configurations in a single run.

crates/warp-core/src/inbox.rs (1)

141-148: Under-declared edge reads in inbox_footprint.

You read every edge to check e.ty, but you only record reads for pending edges. That’s an under-declared read set, which can both hide conflicts and trigger guard violations when non-pending edges exist. Record e_read for all edges you inspect.

🧩 Proposed fix

     for e in view.edges_from(scope) {
-        if e.ty != pending_ty {
-            continue;
-        }
-        // Record edge read for conflict detection before writing
-        e_read.insert_with_warp(warp_id, e.id);
+        // Record edge read for conflict detection before filtering
+        e_read.insert_with_warp(warp_id, e.id);
+        if e.ty != pending_ty {
+            continue;
+        }
         e_write.insert_with_warp(warp_id, e.id);
         // DeleteEdge also removes edge attachment (mini-cascade)
         a_write.insert(AttachmentKey::edge_beta(EdgeKey {
             warp_id,
             local_id: e.id,
         }));
     }

docs/study/echo-tour-de-code.md (1)

553-565: Doc has a type-flow contradiction in the enforcement path.

Section 5.2 states execute_parallel(...) -> Vec<TickDelta>, yet Section 5.3 says merge_deltas consumes Vec<Result<TickDelta, PoisonedDelta>>. Those cannot both be true without a cfg‑gated split or a conversion step you didn’t document. Fix the signature or add a clear conditional note.

Also applies to: 707-709

🤖 Fix all issues with AI agents

In `@crates/warp-core/src/footprint_guard.rs`:
- Around line 315-357: In FootprintGuard::new, detect and surface any cross-warp
entries that are being silently filtered out by the .filter(|k| k.warp_id ==
warp_id) (and owner.warp_id() for attachments) calls: before you collect, check
each original collection (Footprint::n_read, n_write, e_read, e_write, a_read,
a_write) with .iter().any(...) to see if any entry belongs to a different warp
than the provided warp_id, and emit a debug-only diagnostic (e.g. debug_assert!
or debug_assert!(..., "message")) naming the constructor FootprintGuard::new and
the offending category (node/edge/attachment) so developers get a clear hint
when a rule declared the wrong warp; keep the existing filtered .collect()
behavior for runtime but ensure the debug assertion triggers when any cross-warp
item is present.
- Around line 371-480: The panic sites inside the footprint guard should report
the caller location; add the #[track_caller] attribute to each public(crate)
check function so panics point to user code. Specifically, annotate
check_node_read, check_edge_read, check_attachment_read, and check_op with
#[track_caller] (and any other similar check_* helpers in the same module) so
the std::panic::panic_any calls report the original caller instead of
footprint_guard.rs.

In `@crates/warp-core/src/snapshot_accum.rs`:
- Around line 287-319: The function apply_delete_node currently uses a
debug-only debug_assert to check for incident edges, which lets release builds
silently remove non-isolated nodes; change this to an unconditional runtime
check (use assert! or explicit if has_incident { panic!(...) }) before calling
self.nodes.remove so non-isolated DeleteNode ops hard-fail in all builds. Reuse
the same scan over self.edges.iter().any(|((w, _), e)| *w == node.warp_id &&
(e.from == node.local_id || e.to == node.local_id)) and include the node in the
panic message; keep the existing
AttachmentKey/AttachmentOwner::Node/AttachmentPlane::Alpha removal logic after
the check.

♻️ Duplicate comments (4)

crates/warp-benches/benches/boaw_baseline.rs (1)

245-247: Inconsistent panic message and binding name with the other result-handling block.

Lines 154–156 use pd with message "bench: poisoned worker delta {pd:?}", but this block uses poisoned with "bench: poisoned worker {poisoned:?}". The PoisonedDelta payload is the same type in both cases. Pick one convention and stick to it.

This was flagged in past reviews. You fixed one but not the other.

🔧 Proposed fix for consistency

-                                WorkerResult::Poisoned(poisoned) => {
-                                    panic!("bench: poisoned worker {poisoned:?}");
+                                WorkerResult::Poisoned(pd) => {
+                                    panic!("bench: poisoned worker delta {pd:?}");
                                 }

crates/warp-core/src/tick_patch.rs (1)

549-555: Potential orphaned attachments if delete_node_isolated doesn’t clear them.

Same concern as in worldline replay—please verify GraphStore handles attachment cleanup.

crates/warp-core/src/worldline.rs (1)

296-357: Deduplicate attachment validation to avoid drift.

This helper still mirrors tick_patch::apply_set_attachment. Extract a shared validator or helper to ensure both paths stay in lockstep.

docs/study/echo-tour-de-code.md (1)

9-10: Line‑number policy contradicts the document content.

You say “line numbers are intentionally omitted” (Line 9), but the file index still publishes “Key Lines” (Lines 1289‑1311) and many sections embed line numbers. Pick one policy and make it consistent, or this “tour” is not navigable.

✏️ Minimal consistency fix (update policy text)

-File paths are accurate as of 2026-01-25; line numbers are intentionally omitted to avoid drift.
+File paths and line numbers are accurate as of 2026-01-25 and may drift; re-verify before deep debugging.
...
-_Document generated 2026-01-25. File paths are accurate as of this date; line numbers are intentionally omitted._
+_Document generated 2026-01-25. File paths and line numbers may drift; re-verify before deep debugging._

Also applies to: 1289-1311

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

crates/warp-core/src/snapshot_accum.rs (4)

366-390: remove_incident_edges is dead code — unused private method.

This method is not called anywhere in this file. The file-level #![allow(dead_code)] suppresses the warning, but dead code is:

1. A maintenance burden (must be kept in sync with evolving types).
2. Untested (no test exercises this path).
3. A trap — someone might assume it works and call it.

Since DeleteNode now requires pre-isolation (lines 295-309), cascade delete is explicitly not the contract. Either:

• Remove this dead code, or
• If it's intended for future use, add a #[cfg(test)] helper or document the planned usage.

#!/bin/bash
# Verify remove_incident_edges is never called in the crate
echo "=== Searching for remove_incident_edges usage ==="
rg -n 'remove_incident_edges' crates/warp-core/

---

1258-1326: Misleading test name — rename to reflect enforced semantics.

test_delete_node_does_not_cascade_edges implies the test verifies that DeleteNode leaves edges untouched when called on a connected node. But the test actually demonstrates the required workflow: delete edges first, then delete the now-isolated node.

The name is a relic of pre-enforcement semantics.

♻️ Suggested rename

-    fn test_delete_node_does_not_cascade_edges() {
+    fn test_delete_node_requires_explicit_edge_deletion() {

Or test_delete_node_after_explicit_edge_removal, test_delete_connected_node_workflow, etc.

---

914-927: Missing test coverage for PortalInit::RequireExisting.

The tests cover UpsertNode, DeleteNode, UpsertEdge, DeleteEdge, UpsertWarpInstance, DeleteWarpInstance, and reachability — but no test exercises OpenPortal with RequireExisting. This code path is untested, which is why the bug at lines 220-253 wasn't caught.

Once apply_open_portal is fixed, add tests for:

1. RequireExisting with valid existing instance → success.
2. RequireExisting with missing instance → panic.
3. RequireExisting with mismatched root_node or parent → panic.

Do you want me to generate the test cases for OpenPortal::RequireExisting?

---

4-4: File-level #![allow(dead_code)] masks real issues.

This blanket allow hides genuinely dead code like remove_incident_edges. If specific items need the allow (e.g., wsc_bytes field at line 77), use item-level #[allow(dead_code)] on those specific items. Don't suppress warnings for the entire file.

-#![allow(dead_code)]

Then add targeted #[allow(dead_code)] only where actually needed (e.g., the wsc_bytes field already has one at line 76).

🤖 Fix all issues with AI agents

In `@crates/warp-core/src/footprint_guard.rs`:
- Around line 143-162: The struct doc for OpTargets is outdated: update the
comment for the is_instance_op field to reflect that instance-level ops now
include OpenPortal in addition to UpsertWarpInstance/DeleteWarpInstance, and
remove the restrictive language implying only those two variants; also clarify
op_warp semantics (None still allowed for instance-level ops without a specific
target warp) and keep kind_str note—edit the OpTargets doc block and the
is_instance_op field comment to state current behavior (e.g., "Whether this is
an instance-level op (e.g., UpsertWarpInstance, DeleteWarpInstance,
OpenPortal)") and avoid asserting old invariants.
- Around line 312-346: The debug-only cross-warp checks in FootprintGuard::new
(the six debug_assert! calls over footprint.n_read, n_write, e_read, e_write,
a_read, a_write) are disabled in release builds; change them to run when either
debug assertions are enabled OR the footprint_enforce_release feature is set by
wrapping each check with a cfg!(any(debug_assertions, feature =
"footprint_enforce_release")) gate and using assert! (not debug_assert!) inside
that conditional so the diagnostic message remains active when enforcement is
explicitly enabled in release builds.
- Around line 258-265: The UpsertWarpInstance arm leaves OpTargets.op_warp as
None, bypassing the cross-warp enforcement; update the
WarpOp::UpsertWarpInstance match arm to destructure the instance (e.g.,
UpsertWarpInstance { instance, .. }) and set op_warp: Some(instance.warp_id)
when constructing OpTargets so the footprint guard's cross-warp checks (which
rely on op_warp being Some) are executed for instance upserts.

In `@crates/warp-core/src/snapshot_accum.rs`:
- Around line 260-274: The cascade delete in apply_delete_warp_instance uses
exhaustive matches on AttachmentOwner for both node_attachments and
edge_attachments but set_attachment_internal only inserts Node keys into
node_attachments and Edge keys into edge_attachments, so those counter-variant
arms are dead/unreachable; either remove the unreachable match arms and simplify
node_attachments.retain to only match AttachmentOwner::Node (and
edge_attachments.retain to only match AttachmentOwner::Edge), or if the
invariant is incorrect, fix set_attachment_internal so it inserts the correct
AttachmentOwner variant into the appropriate map; update the code comments to
document the chosen invariant and ensure tests cover both insert and delete
paths (refer to apply_delete_warp_instance, node_attachments, edge_attachments,
and set_attachment_internal).
- Around line 220-253: The apply_open_portal implementation currently always
creates/inserts a WarpInstance and may overwrite nodes regardless of the
PortalInit variant; change apply_open_portal to match on init and enforce
RequireExisting semantics: for crate::tick_patch::PortalInit::RequireExisting,
do NOT call self.instances.insert or overwrite nodes — instead lookup
self.instances.get(&child_warp) and verify it exists with matching parent ==
Some(key) and root_node == child_root (and verify node row matches if needed);
if the checks fail, do not mutate state (fail/return/skip applying) and avoid
calling set_attachment_internal; for crate::tick_patch::PortalInit::Empty {
root_record } keep the current behavior of creating the WarpInstance and
inserting the root node, then call set_attachment_internal as before. Ensure
references to WarpInstance, self.instances.insert, nodes.insert,
apply_open_portal, PortalInit::RequireExisting, and set_attachment_internal are
used to locate and implement the checks.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/warp-core/src/snapshot_accum.rs (1)

220-287: Missing parent/root validation in apply_open_portal (diverges from tick_patch).
tick_patch::apply_open_portal rejects missing attachment owners and ensures the child root exists; the accumulator currently accepts invalid ops and can silently emit WSC/state_root that no longer matches canonical state. Add explicit checks before mutating.

🩹 Suggested fix (mirror tick_patch validation)

 fn apply_open_portal(
     &mut self,
     key: AttachmentKey,
     child_warp: WarpId,
     child_root: NodeId,
     init: crate::tick_patch::PortalInit,
 ) {
+    // Validate parent attachment owner exists (mirror tick_patch::apply_open_portal).
+    let owner_exists = match &key.owner {
+        AttachmentOwner::Node(node) => self.nodes.contains_key(node),
+        AttachmentOwner::Edge(edge) => self.edges.contains_key(&(edge.warp_id, edge.local_id)),
+    };
+    assert!(
+        owner_exists,
+        "OpenPortal: attachment owner {key:?} does not exist"
+    );
+
     match init {
         crate::tick_patch::PortalInit::Empty { root_record } => {
             // Create the child instance
             let instance = WarpInstance {
                 warp_id: child_warp,
                 root_node: child_root,
                 parent: Some(key),
             };
             self.instances.insert(child_warp, instance);

             // Create the root node
             let node_key = NodeKey {
                 warp_id: child_warp,
                 local_id: child_root,
             };
             self.nodes.insert(
                 node_key,
                 NodeRowParts {
                     node_id: child_root,
                     node_type: root_record.ty,
                 },
             );

             // Set the parent attachment to Descend
             self.set_attachment_internal(key, Some(AttachmentValue::Descend(child_warp)));
         }
         crate::tick_patch::PortalInit::RequireExisting => {
             // Verify the instance exists with expected properties.
             // Do NOT create or overwrite - just validate and set attachment.
             let Some(existing) = self.instances.get(&child_warp) else {
                 panic!("OpenPortal RequireExisting: instance {child_warp:?} does not exist");
             };
             assert!(
                 existing.parent == Some(key),
                 "OpenPortal RequireExisting: instance {child_warp:?} has wrong parent \
                  (expected {key:?}, got {:?})",
                 existing.parent
             );
             assert!(
                 existing.root_node == child_root,
                 "OpenPortal RequireExisting: instance {child_warp:?} has wrong root_node \
                  (expected {child_root:?}, got {:?})",
                 existing.root_node
             );
+            let child_root_key = NodeKey {
+                warp_id: child_warp,
+                local_id: child_root,
+            };
+            assert!(
+                self.nodes.contains_key(&child_root_key),
+                "OpenPortal RequireExisting: root node {child_root_key:?} missing"
+            );

             // Set the parent attachment to Descend (this is still required)
             self.set_attachment_internal(key, Some(AttachmentValue::Descend(child_warp)));
         }
     }
 }

🤖 Fix all issues with AI agents

In `@crates/warp-core/src/footprint_guard.rs`:
- Around line 3-34: The documentation incorrectly states that violations always
panic with only FootprintViolation; update the module docs to mention the
composite payload FootprintViolationWithPanic as an additional panic payload
used when executors themselves panic (e.g., from execute_item_enforced), specify
that panic_any may carry either FootprintViolation or
FootprintViolationWithPanic, and clarify how tests should downcast_ref against
both types to detect violations or wrapped executor panics.

♻️ Duplicate comments (1)

crates/warp-core/src/snapshot_accum.rs (1)

294-320: Invariant-violation path currently retains deleted-warp attachments.
If the invariant is ever broken, this leaves stale attachments for a deleted warp. Prefer a debug_assert plus removing by warp_id for both variants.

🩹 Safer retain logic

         // node_attachments only contains Node owners (per set_attachment_internal invariant)
-        self.node_attachments.retain(|k, _| match k.owner {
-            AttachmentOwner::Node(nk) => nk.warp_id != warp_id,
-            AttachmentOwner::Edge(_) => true, // unreachable per invariant, but keep for safety
-        });
+        self.node_attachments.retain(|k, _| {
+            debug_assert!(
+                matches!(k.owner, AttachmentOwner::Node(_)),
+                "node_attachments contains Edge owner: {k:?}"
+            );
+            match &k.owner {
+                AttachmentOwner::Node(nk) => nk.warp_id != warp_id,
+                AttachmentOwner::Edge(ek) => ek.warp_id != warp_id,
+            }
+        });
         // edge_attachments only contains Edge owners (per set_attachment_internal invariant)
-        self.edge_attachments.retain(|k, _| match k.owner {
-            AttachmentOwner::Node(_) => true, // unreachable per invariant, but keep for safety
-            AttachmentOwner::Edge(ek) => ek.warp_id != warp_id,
-        });
+        self.edge_attachments.retain(|k, _| {
+            debug_assert!(
+                matches!(k.owner, AttachmentOwner::Edge(_)),
+                "edge_attachments contains Node owner: {k:?}"
+            );
+            match &k.owner {
+                AttachmentOwner::Node(nk) => nk.warp_id != warp_id,
+                AttachmentOwner::Edge(ek) => ek.warp_id != warp_id,
+            }
+        });

[coderabbitai]

Actionable comments posted: 8

🤖 Fix all issues with AI agents

In `@crates/warp-core/src/footprint_guard.rs`:
- Around line 105-120: Add a Display impl and implement std::error::Error for
FootprintViolation so it can be used with anyhow/eyre and Result-based APIs:
implement std::fmt::Display for the FootprintViolation struct (formatting
rule_name, warp_id, kind, and op_kind in a concise message) and then add an
empty impl std::error::Error for FootprintViolation; update the impls near the
FootprintViolation definition to ensure the type derives
Debug/Clone/PartialEq/Eq and now also implements Display and Error.
- Around line 505-535: The current loops panic on the first missing target
(nodes/edges/attachments) via std::panic::panic_any(FootprintViolation { ... }),
making iterative debugging slow; modify the checks to, under debug builds only
(cfg(debug_assertions)), collect all missing items from targets.nodes,
targets.edges, and targets.attachments by checking against self.nodes_write,
self.edges_write, and self.attachments_write, log or eprintln a summary of all
missing nodes/edges/attachments (including self.rule_name and self.warp_id) for
batch diagnostics, and then proceed to keep the existing fail-fast behavior
(panic with the original FootprintViolation and ViolationKind for the first
missing item) so release behavior is unchanged.
- Around line 314-318: Add a debug-only sanity check at the end of
FootprintGuard::new to validate the "typically small" assumption: compute the
total cardinality by summing lengths of nodes_read, nodes_write, edges_read,
edges_write, attachments_read, attachments_write and, under
#[cfg(debug_assertions)], emit a warning (eprintln! or a logger) if the total
exceeds a chosen threshold (e.g., 1000) while including the rule name
(rule_name) and the total; this will surface accidental large footprints (e.g.,
from compute_footprint) without affecting release performance.
- Around line 97-103: The OpWarpUnknown enum variant is effectively unreachable
today because op_write_targets sets op_warp: Some(...) for all current WarpOp
variants; update the doc comment on OpWarpUnknown to explicitly state that it is
intentionally unreachable for existing WarpOp variants and retained solely as a
defensive future-proofing/safety-net for newly added WarpOp variants (reference
OpWarpUnknown, op_write_targets, and WarpOp in the comment) so future readers
won't waste time investigating why it never appears.
- Around line 319-331: The FootprintGuard struct lacks a Clone derive and
compile-time assertions that it is Send + Sync; update the struct declaration
for FootprintGuard to derive Clone (in addition to Debug) and add static
assertions (e.g., const _: () = { fn assert<T: Send + Sync>() {} let _ =
assert::<FootprintGuard>; }; or equivalent) to ensure FootprintGuard is Send +
Sync so regressions are caught early; reference the FootprintGuard type and its
fields (warp_id, nodes_read, nodes_write, edges_read, edges_write,
attachments_read, attachments_write, rule_name, is_system) when making these
changes.
- Around line 160-183: The OpTargets struct is missing a Debug implementation
which prevents easy inspection; add a derive(Debug) annotation to the OpTargets
definition (i.e., annotate the pub(crate) struct OpTargets with
#[derive(Debug)]) so callers can dbg!() or log instances; ensure the derive is
placed above the struct declaration and coexists with any existing attributes.
- Around line 464-483: The check_op flow currently raises UnauthorizedInstanceOp
before CrossWarpEmission for user rules when an instance-level op (e.g.,
UpsertWarpInstance) targets a different warp, which can hide the "wrong warp"
error during debugging; update the doc comment on check_op (or add a short
inline comment above the instance-level check in check_op) to explicitly state
that instance-level ops are prioritized and thus UnauthorizedInstanceOp is
emitted before CrossWarpEmission for non-system rules (mention is_system,
UnauthorizedInstanceOp, CrossWarpEmission, and UpsertWarpInstance by name) so
readers understand this prioritization and its debugging implications.
- Around line 333-334: Remove the #[allow(clippy::panic)] attribute from the
impl block for FootprintGuard and instead add #[allow(clippy::panic)] only to
the specific methods that intentionally call panic_any (e.g., the method(s)
within impl FootprintGuard that invoke panic_any). Update the impl by deleting
the block-level attribute and annotating each offending function (identify them
by name inside the FootprintGuard impl) so the lint remains enabled for new
methods while allowing the known, intentional panics.

♻️ Duplicate comments (1)

crates/warp-core/src/footprint_guard.rs (1)

255-258: Inline crate::ident::EdgeKey — consider importing at module top for consistency.

Lines 67 imports EdgeId and NodeId from crate::ident, but EdgeKey is referenced inline here. For consistency and readability:

♻️ Suggested fix

-use crate::ident::{EdgeId, NodeId, WarpId};
+use crate::ident::{EdgeId, EdgeKey, NodeId, WarpId};

 // ... later in op_write_targets ...

-            attachments: vec![AttachmentKey::edge_beta(crate::ident::EdgeKey {
+            attachments: vec![AttachmentKey::edge_beta(EdgeKey {
                 warp_id: *warp_id,
                 local_id: *edge_id,
             })],

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

OpWarpUnknown is currently unreachable — document this explicitly.

Inspection of op_write_targets shows ALL arms set op_warp: Some(...). The only path to OpWarpUnknown requires is_instance_op == false && op_warp.is_none(), which no existing WarpOp variant produces.

This is intentional defensive code for future WarpOp additions, but the comment at lines 99-102 doesn't make this crystal clear. A developer might waste time debugging why this variant never appears in logs.

♻️ Suggested doc clarification

     /// Safety net: an op was emitted with no warp scope and it's not
-    /// an instance op. This is always a programmer error (system or user).
-    /// Catches future match-arm omissions in `op_write_targets`.
+    /// an instance op. This is always a programmer error (system or user).
+    ///
+    /// **Currently unreachable** with existing `WarpOp` variants — all arms in
+    /// `op_write_targets` set `op_warp: Some(...)`. Retained as a safety net
+    /// to catch future match-arm omissions when new `WarpOp` variants are added.
     OpWarpUnknown,

🤖 Prompt for AI Agents

In `@crates/warp-core/src/footprint_guard.rs` around lines 97 - 103, The
OpWarpUnknown enum variant is effectively unreachable today because
op_write_targets sets op_warp: Some(...) for all current WarpOp variants; update
the doc comment on OpWarpUnknown to explicitly state that it is intentionally
unreachable for existing WarpOp variants and retained solely as a defensive
future-proofing/safety-net for newly added WarpOp variants (reference
OpWarpUnknown, op_write_targets, and WarpOp in the comment) so future readers
won't waste time investigating why it never appears.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider implementing std::error::Error for FootprintViolation.

While panic_any is the current reporting mechanism, implementing Error would future-proof this type for:

• Integration with anyhow/eyre in test harnesses
• Potential migration to Result-based enforcement in sandboxed contexts (WASM/FFI)
• Better ergonomics with ? operator if enforcement ever becomes fallible

Since FootprintViolation already derives Debug and has a natural Display representation, the impl is trivial:

♻️ Suggested addition

impl std::fmt::Display for FootprintViolation {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(
            f,
            "footprint violation in rule '{}' (warp {:?}): {:?} during {}",
            self.rule_name, self.warp_id, self.kind, self.op_kind
        )
    }
}

impl std::error::Error for FootprintViolation {}

🤖 Prompt for AI Agents

In `@crates/warp-core/src/footprint_guard.rs` around lines 105 - 120, Add a
Display impl and implement std::error::Error for FootprintViolation so it can be
used with anyhow/eyre and Result-based APIs: implement std::fmt::Display for the
FootprintViolation struct (formatting rule_name, warp_id, kind, and op_kind in a
concise message) and then add an empty impl std::error::Error for
FootprintViolation; update the impls near the FootprintViolation definition to
ensure the type derives Debug/Clone/PartialEq/Eq and now also implements Display
and Error.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

OpTargets lacks #[derive(Debug)] — hampers debugging.

When chasing enforcement bugs, developers will want to inspect the derived targets. Without Debug, you can't dbg!(targets) or log them.

♻️ Proposed fix

+#[derive(Debug)]
 pub(crate) struct OpTargets {

🤖 Prompt for AI Agents

In `@crates/warp-core/src/footprint_guard.rs` around lines 160 - 183, The
OpTargets struct is missing a Debug implementation which prevents easy
inspection; add a derive(Debug) annotation to the OpTargets definition (i.e.,
annotate the pub(crate) struct OpTargets with #[derive(Debug)]) so callers can
dbg!() or log instances; ensure the derive is placed above the struct
declaration and coexists with any existing attributes.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

"Typically small (< 100 items)" assumption is unvalidated — consider a debug-mode sanity check.

The BTreeSet choice depends on footprints being small. If a rule accidentally declares 50,000 nodes (e.g., loop bug in compute_footprint), every read check becomes O(log 50000) ≈ 16 comparisons instead of O(1). This could silently tank performance.

Consider adding a debug-mode warning or assertion when footprint cardinality exceeds a threshold:

♻️ Suggested diagnostic (at end of FootprintGuard::new)

#[cfg(debug_assertions)]
{
    let total = nodes_read.len() + nodes_write.len()
              + edges_read.len() + edges_write.len()
              + attachments_read.len() + attachments_write.len();
    if total > 1000 {
        eprintln!(
            "WARN: FootprintGuard for rule '{}' has {} items — consider profiling",
            rule_name, total
        );
    }
}

🤖 Prompt for AI Agents

In `@crates/warp-core/src/footprint_guard.rs` around lines 314 - 318, Add a
debug-only sanity check at the end of FootprintGuard::new to validate the
"typically small" assumption: compute the total cardinality by summing lengths
of nodes_read, nodes_write, edges_read, edges_write, attachments_read,
attachments_write and, under #[cfg(debug_assertions)], emit a warning (eprintln!
or a logger) if the total exceeds a chosen threshold (e.g., 1000) while
including the rule name (rule_name) and the total; this will surface accidental
large footprints (e.g., from compute_footprint) without affecting release
performance.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Missing Clone derive and Send/Sync static assertions.

1. Clone: All fields are trivially Clone-able. If enforcement ever needs to share guards across workers (e.g., read-only broadcast), Clone would be required. Add it now to avoid future churn.

2. Send + Sync: BOAW implies multi-threaded execution. If a FootprintGuard is captured in a closure sent to a thread pool, it must be Send. The struct contains no interior mutability and all fields are Send + Sync, so it should auto-derive — but this should be asserted to catch regressions.

♻️ Proposed fix

-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub(crate) struct FootprintGuard {
     // ... fields ...
 }

+// Static assertions: FootprintGuard must be thread-safe for BOAW worker pools.
+const _: () = {
+    const fn assert_send_sync<T: Send + Sync>() {}
+    assert_send_sync::<FootprintGuard>();
+};

🤖 Prompt for AI Agents

In `@crates/warp-core/src/footprint_guard.rs` around lines 319 - 331, The
FootprintGuard struct lacks a Clone derive and compile-time assertions that it
is Send + Sync; update the struct declaration for FootprintGuard to derive Clone
(in addition to Debug) and add static assertions (e.g., const _: () = { fn
assert<T: Send + Sync>() {} let _ = assert::<FootprintGuard>; }; or equivalent)
to ensure FootprintGuard is Send + Sync so regressions are caught early;
reference the FootprintGuard type and its fields (warp_id, nodes_read,
nodes_write, edges_read, edges_write, attachments_read, attachments_write,
rule_name, is_system) when making these changes.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

#[allow(clippy::panic)] is overbroad — scope it to individual methods.

This suppresses the lint for the entire impl block, including any future methods added. If someone adds a method that shouldn't panic, the lint won't catch it.

Move the allow to each method that intentionally uses panic_any:

♻️ Proposed refactor

-#[allow(clippy::panic)]
 impl FootprintGuard {
     /// Constructs a guard from a footprint...
     pub(crate) fn new(/* ... */) -> Self {
         // new() uses assert! which is already allowed by default
         // ...
     }

+    #[allow(clippy::panic)] // Intentional: typed panic payload for violation reporting
     #[track_caller]
     pub(crate) fn check_node_read(&self, id: &NodeId) {
         // ...
     }

+    #[allow(clippy::panic)]
     #[track_caller]
     pub(crate) fn check_edge_read(&self, id: &EdgeId) {
         // ...
     }

     // ... etc for check_attachment_read and check_op
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	#[allow(clippy::panic)]
	impl FootprintGuard {
	impl FootprintGuard {
	/// Constructs a guard from a footprint and enforces cross-warp invariants.
	#[track_caller]
	pub(crate) fn new(
	footprint: &Footprint,
	warp_id: WarpId,
	rule_name: &'static str,
	is_system: bool,
	) -> Self {
	if cfg!(any(debug_assertions, feature = "footprint_enforce_release")) {
	assert!(
	!footprint.n_read.iter().any(|k| k.warp_id != warp_id),
	"FootprintGuard::new: rule '{rule_name}' has cross-warp entries in n_read (expected warp {warp_id:?})"
	);
	assert!(
	!footprint.n_write.iter().any(|k| k.warp_id != warp_id),
	"FootprintGuard::new: rule '{rule_name}' has cross-warp entries in n_write (expected warp {warp_id:?})"
	);
	assert!(
	!footprint.e_read.iter().any(|k| k.warp_id != warp_id),
	"FootprintGuard::new: rule '{rule_name}' has cross-warp entries in e_read (expected warp {warp_id:?})"
	);
	assert!(
	!footprint.e_write.iter().any(|k| k.warp_id != warp_id),
	"FootprintGuard::new: rule '{rule_name}' has cross-warp entries in e_write (expected warp {warp_id:?})"
	);
	assert!(
	!footprint.a_read.iter().any(|k| k.owner.warp_id() != warp_id),
	"FootprintGuard::new: rule '{rule_name}' has cross-warp entries in a_read (expected warp {warp_id:?})"
	);
	assert!(
	!footprint.a_write.iter().any(|k| k.owner.warp_id() != warp_id),
	"FootprintGuard::new: rule '{rule_name}' has cross-warp entries in a_write (expected warp {warp_id:?})"
	);
	}
	Self {
	n_read: footprint
	.n_read
	.iter()
	.filter(|k| k.warp_id == warp_id)
	.copied()
	.collect(),
	n_write: footprint
	.n_write
	.iter()
	.filter(|k| k.warp_id == warp_id)
	.copied()
	.collect(),
	e_read: footprint
	.e_read
	.iter()
	.filter(|k| k.warp_id == warp_id)
	.copied()
	.collect(),
	e_write: footprint
	.e_write
	.iter()
	.filter(|k| k.warp_id == warp_id)
	.copied()
	.collect(),
	a_read: footprint
	.a_read
	.iter()
	.filter(|k| k.owner.warp_id() == warp_id)
	.copied()
	.collect(),
	a_write: footprint
	.a_write
	.iter()
	.filter(|k| k.owner.warp_id() == warp_id)
	.copied()
	.collect(),
	warp_id,
	rule_name,
	is_system,
	}
	}
	#[allow(clippy::panic)] // Intentional: typed panic payload for violation reporting
	#[track_caller]
	pub(crate) fn check_node_read(&self, id: &NodeId) {
	if !self.n_read.contains(id) {
	let violation = FootprintViolation {
	rule_name: self.rule_name,
	kind: ViolationKind::UnauthorizedNodeRead,
	entity: format!("{id:?}"),
	};
	std::panic::panic_any(violation);
	}
	}
	#[allow(clippy::panic)] // Intentional: typed panic payload for violation reporting
	#[track_caller]
	pub(crate) fn check_edge_read(&self, id: &EdgeId) {
	if !self.e_read.contains(id) {
	let violation = FootprintViolation {
	rule_name: self.rule_name,
	kind: ViolationKind::UnauthorizedEdgeRead,
	entity: format!("{id:?}"),
	};
	std::panic::panic_any(violation);
	}
	}
	#[allow(clippy::panic)] // Intentional: typed panic payload for violation reporting
	#[track_caller]
	pub(crate) fn check_attachment_read(&self, key: &AttachmentKey) {
	if !self.a_read.contains(key) {
	let violation = FootprintViolation {
	rule_name: self.rule_name,
	kind: ViolationKind::UnauthorizedAttachmentRead,
	entity: format!("{key:?}"),
	};
	std::panic::panic_any(violation);
	}
	}
	#[allow(clippy::panic)] // Intentional: typed panic payload for violation reporting
	#[track_caller]
	pub(crate) fn check_op(&self, op: &WarpOp) {
	let targets = op_write_targets(op);
	if let Some(target_warp) = targets.op_warp {
	if target_warp != self.warp_id {
	let violation = FootprintViolation {
	rule_name: self.rule_name,
	kind: ViolationKind::CrossWarpOperation,
	entity: format!("{target_warp:?} (declared for warp {warp:?})", warp = self.warp_id),
	};
	std::panic::panic_any(violation);
	}
	}
	for node in &targets.nodes {
	if !self.n_write.contains(node) {
	let violation = FootprintViolation {
	rule_name: self.rule_name,
	kind: ViolationKind::UnauthorizedNodeWrite,
	entity: format!("{node:?}"),
	};
	std::panic::panic_any(violation);
	}
	}
	for edge in &targets.edges {
	if !self.e_write.contains(edge) {
	let violation = FootprintViolation {
	rule_name: self.rule_name,
	kind: ViolationKind::UnauthorizedEdgeWrite,
	entity: format!("{edge:?}"),
	};
	std::panic::panic_any(violation);
	}
	}
	for attachment in &targets.attachments {
	if !self.a_write.contains(attachment) {
	let violation = FootprintViolation {
	rule_name: self.rule_name,
	kind: ViolationKind::UnauthorizedAttachmentWrite,
	entity: format!("{attachment:?}"),
	};
	std::panic::panic_any(violation);
	}
	}
	}
	}

🤖 Prompt for AI Agents

In `@crates/warp-core/src/footprint_guard.rs` around lines 333 - 334, Remove the
#[allow(clippy::panic)] attribute from the impl block for FootprintGuard and
instead add #[allow(clippy::panic)] only to the specific methods that
intentionally call panic_any (e.g., the method(s) within impl FootprintGuard
that invoke panic_any). Update the impl by deleting the block-level attribute
and annotating each offending function (identify them by name inside the
FootprintGuard impl) so the lint remains enabled for new methods while allowing
the known, intentional panics.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Error prioritization nuance: UnauthorizedInstanceOp shadows CrossWarpEmission for user-rule instance ops.

If a user rule emits UpsertWarpInstance targeting a different warp, check (1) triggers UnauthorizedInstanceOp before check (2) can emit CrossWarpEmission. The user sees "you can't emit instance ops" rather than "you emitted to wrong warp."

This is probably fine (instance ops are forbidden regardless of target warp), but the prioritization could mask the "wrong warp" mistake during debugging. Consider adding a doc note:

✏️ Suggested doc clarification

     /// Checks (in order):
     /// 1. Instance-level ops require `is_system`
     /// 2. Op warp must match guard's warp (cross-warp rejection)
     /// 3. Missing `op_warp` on non-instance ops is always an error
     /// 4. Node/edge/attachment targets must be in the write sets
+    ///
+    /// Note: Check order determines error priority. A user rule emitting an instance
+    /// op to a foreign warp will see `UnauthorizedInstanceOp`, not `CrossWarpEmission`.

🤖 Prompt for AI Agents

In `@crates/warp-core/src/footprint_guard.rs` around lines 464 - 483, The check_op
flow currently raises UnauthorizedInstanceOp before CrossWarpEmission for user
rules when an instance-level op (e.g., UpsertWarpInstance) targets a different
warp, which can hide the "wrong warp" error during debugging; update the doc
comment on check_op (or add a short inline comment above the instance-level
check in check_op) to explicitly state that instance-level ops are prioritized
and thus UnauthorizedInstanceOp is emitted before CrossWarpEmission for
non-system rules (mention is_system, UnauthorizedInstanceOp, CrossWarpEmission,
and UpsertWarpInstance by name) so readers understand this prioritization and
its debugging implications.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Fail-fast on first missing target — consider batch diagnostics for debug builds.

The loops at lines 506-535 panic on the first missing node/edge/attachment. If a rule violates multiple targets, the developer must fix-and-retry iteratively.

For debug builds, consider collecting all violations and reporting them together:

♻️ Optional: batch violation reporting (debug only)

#[cfg(debug_assertions)]
{
    let missing_nodes: Vec<_> = targets.nodes.iter()
        .filter(|n| !self.nodes_write.contains(n))
        .collect();
    let missing_edges: Vec<_> = targets.edges.iter()
        .filter(|e| !self.edges_write.contains(e))
        .collect();
    let missing_attachments: Vec<_> = targets.attachments.iter()
        .filter(|a| !self.attachments_write.contains(a))
        .collect();

    if !missing_nodes.is_empty() || !missing_edges.is_empty() || !missing_attachments.is_empty() {
        // Log all, then panic with the first
        eprintln!(
            "Multiple write violations in rule '{}': nodes={:?}, edges={:?}, attachments={:?}",
            self.rule_name, missing_nodes, missing_edges, missing_attachments
        );
    }
}
// ... then original fail-fast panic ...

This is optional but improves DX during iterative footprint debugging.

🤖 Prompt for AI Agents

In `@crates/warp-core/src/footprint_guard.rs` around lines 505 - 535, The current
loops panic on the first missing target (nodes/edges/attachments) via
std::panic::panic_any(FootprintViolation { ... }), making iterative debugging
slow; modify the checks to, under debug builds only (cfg(debug_assertions)),
collect all missing items from targets.nodes, targets.edges, and
targets.attachments by checking against self.nodes_write, self.edges_write, and
self.attachments_write, log or eprintln a summary of all missing
nodes/edges/attachments (including self.rule_name and self.warp_id) for batch
diagnostics, and then proceed to keep the existing fail-fast behavior (panic
with the original FootprintViolation and ViolationKind for the first missing
item) so release behavior is unchanged.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/warp-core/src/snapshot_accum.rs (1)

220-309: OpenPortal::Empty can silently clobber existing warps.
PortalInit::Empty always inserts the instance/root node, even if the child warp already exists. That can overwrite live metadata and leave prior nodes/edges/attachments dangling. Guard against pre-existing state (or explicitly treat as RequireExisting).

🛠️ Suggested guard to prevent overwrites

         match init {
             crate::tick_patch::PortalInit::Empty { root_record } => {
+                assert!(
+                    !self.instances.contains_key(&child_warp),
+                    "OpenPortal Empty: instance {child_warp:?} already exists"
+                );
+
+                let node_key = NodeKey {
+                    warp_id: child_warp,
+                    local_id: child_root,
+                };
+                assert!(
+                    !self.nodes.contains_key(&node_key),
+                    "OpenPortal Empty: root node {node_key:?} already exists"
+                );
                 // Create the child instance
                 let instance = WarpInstance {
                     warp_id: child_warp,
                     root_node: child_root,
                     parent: Some(key),
                 };
                 self.instances.insert(child_warp, instance);

-                // Create the root node
-                let node_key = NodeKey {
-                    warp_id: child_warp,
-                    local_id: child_root,
-                };
+                // Create the root node
                 self.nodes.insert(
                     node_key,
                     NodeRowParts {
                         node_id: child_root,
                         node_type: root_record.ty,
                     },
                 );

🤖 Fix all issues with AI agents

In `@crates/warp-core/src/snapshot_accum.rs`:
- Around line 316-342: apply_delete_warp_instance currently removes the
instance, nodes, edges and attachments owned by that warp but leaves
AttachmentValue::Descend portal references in OTHER warps which will become
dangling and still affect state_root; update apply_delete_warp_instance to also
scan node_attachments and edge_attachments values and either (a) remove/scrub
any AttachmentValue::Descend entries that point to the deleted warp_id or (b)
assert there are none before deleting (choose scrub for safety), ensuring you
check both maps' values for AttachmentValue::Descend(target_warp_id, ...) and
remove or replace those attachments so no stale portals remain (use the existing
node_attachments, edge_attachments, AttachmentValue::Descend symbol names to
locate code).
- Around line 355-386: apply_delete_node currently calls
self.nodes.remove(&node) which silently no-ops for missing keys; add an
existence check and assert similarly to apply_open_portal so missing-node delete
fails loudly. Before removing attachments, verify that
self.nodes.contains_key(&node) (or attempt to remove and assert the returned
Option is Some) and panic with a clear message like "DeleteNode applied to
missing node {node:?}" if absent; then proceed to remove the node and its alpha
AttachmentKey (AttachmentOwner::Node(node), AttachmentPlane::Alpha).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

DeleteWarpInstance leaves dangling portal references.
You delete the warp’s own data, but attachments in other warps can still point to it via AttachmentValue::Descend. Those stale portals survive and are still hashed into state_root. Either assert none exist or scrub them.

🧹 Defensive scrub of Descend references

     fn apply_delete_warp_instance(&mut self, warp_id: WarpId) {
         self.instances.remove(&warp_id);
         // Cascade: remove all nodes, edges, and attachments for this instance
         self.nodes.retain(|k, _| k.warp_id != warp_id);
         self.edges.retain(|(w, _), _| *w != warp_id);
         // node_attachments only contains Node owners (per set_attachment_internal invariant)
         self.node_attachments.retain(|k, _| match k.owner {
             AttachmentOwner::Node(nk) => nk.warp_id != warp_id,
             AttachmentOwner::Edge(_) => true, // unreachable per invariant, but keep for safety
         });
         // edge_attachments only contains Edge owners (per set_attachment_internal invariant)
         self.edge_attachments.retain(|k, _| match k.owner {
             AttachmentOwner::Node(_) => true, // unreachable per invariant, but keep for safety
             AttachmentOwner::Edge(ek) => ek.warp_id != warp_id,
         });
+
+        // Also purge portals pointing to the deleted warp (avoid dangling Descend refs).
+        self.node_attachments
+            .retain(|_, v| !matches!(v, AttachmentValue::Descend(w) if *w == warp_id));
+        self.edge_attachments
+            .retain(|_, v| !matches!(v, AttachmentValue::Descend(w) if *w == warp_id));
     }

🤖 Prompt for AI Agents

In `@crates/warp-core/src/snapshot_accum.rs` around lines 316 - 342,
apply_delete_warp_instance currently removes the instance, nodes, edges and
attachments owned by that warp but leaves AttachmentValue::Descend portal
references in OTHER warps which will become dangling and still affect
state_root; update apply_delete_warp_instance to also scan node_attachments and
edge_attachments values and either (a) remove/scrub any AttachmentValue::Descend
entries that point to the deleted warp_id or (b) assert there are none before
deleting (choose scrub for safety), ensuring you check both maps' values for
AttachmentValue::Descend(target_warp_id, ...) and remove or replace those
attachments so no stale portals remain (use the existing node_attachments,
edge_attachments, AttachmentValue::Descend symbol names to locate code).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

rg -n "apply_delete_node" crates -g '*.rs' -B 2 -A 5

Repository: flyingrobots/echo

Length of output: 1716

---

🏁 Script executed:

rg -n "DeleteNode" crates -g '*.rs' | head -30

Repository: flyingrobots/echo

Length of output: 3272

---

🏁 Script executed:

# Examine the actual file to confirm the code matches the review
sed -n '355,386p' crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 1494

---

🏁 Script executed:

# Look for tests related to DeleteNode behavior
rg -n "delete_node\|DeleteNode" crates -g '*.rs' -B 3 -A 3 | grep -E "(test|#\[|fn )" | head -40

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Look at worldline.rs DeleteNode handling
sed -n '225,245p' crates/warp-core/src/worldline.rs

Repository: flyingrobots/echo

Length of output: 809

---

🏁 Script executed:

# Read the test case that checks NodeNotFound
sed -n '120,140p' crates/warp-core/tests/delete_node_isolation.rs

Repository: flyingrobots/echo

Length of output: 677

---

🏁 Script executed:

# Check if there's a public delete_node API that wraps apply_delete_node
rg -n "pub.*delete_node\|pub.*DeleteNode" crates -g '*.rs' -A 3

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Look for GraphStore trait/impl to understand the API contract
rg -n "trait GraphStore\|impl GraphStore" crates/warp-core/src -g '*.rs' -A 10 | head -60

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Find GraphStore::delete_node_isolated implementation
rg -n "fn delete_node_isolated" crates -g '*.rs' -A 15

Repository: flyingrobots/echo

Length of output: 7611

---

🏁 Script executed:

# Check if snapshot_accum is public or private
rg -n "mod snapshot_accum\|pub.*snapshot_accum" crates -g '*.rs'

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Look at snapshot_accum.rs module structure and visibility
head -50 crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 2045

---

🏁 Script executed:

# Understand the relationship: is apply_delete_node called from public API?
rg -n "apply_delete_node\|SnapshotAccumulator" crates -g '*.rs' | grep -v test

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Check if apply_delete_node is actually called or used
rg -n "apply_delete_node" crates -g '*.rs'

Repository: flyingrobots/echo

Length of output: 272

---

🏁 Script executed:

# Check snapshot_accum.rs visibility and usage
rg -n "snapshot_accum\|SnapshotAccumulator" crates -g '*.rs' | head -20

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Verify the module's dead_code attribute
sed -n '1,10p' crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 352

---

🏁 Script executed:

# Look at the broader context of apply_op to see if there's pre-validation
sed -n '190,215p' crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 1201

---

🏁 Script executed:

# Check if there's validation before apply_delete_node is called
sed -n '190,250p' crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 2538

---

🏁 Script executed:

# Check SnapshotAccumulator's public methods to understand the API contract
rg -n "pub fn\|pub async fn" crates/warp-core/src/snapshot_accum.rs -A 3 | head -40

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Look for documentation or comments about expected preconditions
sed -n '160,210p' crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 2067

---

🏁 Script executed:

# Check if SnapshotAccumulator is tested and how
rg -n "SnapshotAccumulator\|snapshot_accum" crates/warp-core/tests -g '*.rs' | head -20

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Look at apply_open_portal to see validation pattern in same file
sed -n '222,260p' crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 1623

---

🏁 Script executed:

# Check if there are any other apply_* methods and their validation patterns
rg -n "fn apply_" crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 655

---

🏁 Script executed:

# Look at apply_delete_edge to see if it validates
sed -n '420,450p' crates/warp-core/src/snapshot_accum.rs

Repository: flyingrobots/echo

Length of output: 1108

---

Missing-node DeleteNode is silently idempotent; add existence check for consistency.

The apply_delete_node method allows double-deletes and other missing-node scenarios to proceed silently since HashMap::remove() is a no-op for absent keys. This deviates from the defensive validation pattern used elsewhere in the file (e.g., apply_open_portal asserts owner existence). While the broader GraphStore::delete_node_isolated() API correctly rejects missing nodes with DeleteNodeError::NodeNotFound, this accumulator lacks equivalent safeguards. Suggested fix mirrors the existing pattern:

fn apply_delete_node(&mut self, node: NodeKey) {
+    assert!(
+        self.nodes.contains_key(&node),
+        "DeleteNode applied to missing node {node:?}"
+    );
     // Validate: DeleteNode must only be applied to isolated nodes.

🤖 Prompt for AI Agents

In `@crates/warp-core/src/snapshot_accum.rs` around lines 355 - 386,
apply_delete_node currently calls self.nodes.remove(&node) which silently no-ops
for missing keys; add an existence check and assert similarly to
apply_open_portal so missing-node delete fails loudly. Before removing
attachments, verify that self.nodes.contains_key(&node) (or attempt to remove
and assert the returned Option is Some) and panic with a clear message like
"DeleteNode applied to missing node {node:?}" if absent; then proceed to remove
the node and its alpha AttachmentKey (AttachmentOwner::Node(node),
AttachmentPlane::Alpha).