Skip to content

docs: OGAR as a semantic transpiler (v3 sink) + ClassView Askama bitmask field-view#139

Merged
AdaWorldAPI merged 7 commits into
mainfrom
claude/classview-fieldview-bitmask-doc
Jun 29, 2026
Merged

docs: OGAR as a semantic transpiler (v3 sink) + ClassView Askama bitmask field-view#139
AdaWorldAPI merged 7 commits into
mainfrom
claude/classview-fieldview-bitmask-doc

Conversation

@AdaWorldAPI

Copy link
Copy Markdown
Owner

What

Two related docs capturing an architecture synthesis before it diluted, then hardened by the 5+3 pass (5 research savants + 3 brutally-honest reviewers) and corrected by operator review.

  1. docs/CLASSVIEW-FIELDVIEW-ASKAMA-BITMASK.md — the render-side pattern: render a ClassView as an HTML field view the Redmine-ERB way, but compiled, type-safe, JSON-free, and driven by a presence FieldMask instead of per-field ifs. One generic Askama loop over a mask-filtered, generated FieldDesc[]; selected()/unselected(); the render-mask is the read-mask.
  2. docs/OGAR-SEMANTIC-TRANSPILER-CAPSTONE.md — the capstone: OGAR is a semantic transpiler; the v3 substrate is its sink. Tagged CODED-today vs LANDING-ZONE (a destination is not weaker for being unbuilt).

Headline

An Odoo ERP at the cost of an import — in the same substrate as the anatomy and the genome. Whole-app transpilation into a compiled, living substrate (THINK arm and DO arm), not data-integration-into-an-ontology. Past Palantir Foundry, not chasing it.

What the 5+3 hardening + operator review changed

  • ractor = compile-time ownership (the safety); the Lance BatchWriter overlap = the throughput (while one SoA batch lowers, the next already thinks — cost ≈ max(compute, write)). ractor is not the straw puppet carrying concurrency.
  • DO arm = ActionDefStateMachine realized as an rs-graph-llm workflow graph → behaviour maps node-for-node, so DO is lossless; gate F1 becomes a graph-equivalence check. New §6 Orchestration & cognition: rs-graph-llm (action handler) → ractor (compile-time execution) → Lance (overlap); rig = RAG + LLM boundary + thinking-replay; LLM API = removable training wheels whose replay distils into offline DeepNSM cognition.
  • The universal selector, told straight: the N3 presence FieldMask genuinely does three jobs (read + render + auth-field-projection, shipped/tested), not fivequery rides a second physical-tenant basis, version is a radix lookup, auth verdict/scope are RBAC keystone I-K8 folds. The two FieldMask bases must be type-separated (FieldMask<Logical/Physical>) — a real latent defect surfaced by the pass.
  • Field count widens, it does not block[u64; N] (256+), not a wall.
  • Cut/downgraded: cross-domain renderer-by-signature (StructuralSignature is a group-by key, no renderer exists; coordinate-free graphs need address assignment) → LANDING-ZONE; "holy grail / genomics simply lowers in" → roadmap.
  • Firewall (ADR-022/023) not violated: Arrow/HTML egress is the outer crossing (paid once); the inner path moves keys (D-KV-RENDER).

Status / follow-ups (not in this PR)

These are PROPOSAL / landing-zone docs, not yet canon-pinned. If accepted, the mirror duty (separate change): new D-ids for the transpiler/selector/front-end framings; a render-egress row in INTEGRATION-MAP + THE-FIREWALL §4; and the first brick — render an existing OpenProject WorkPackage / medcare Patient row through ClassView::render_rows(class, FieldMask), proving one N3 mask drives projection and render (~60 LOC; coded surface, not genomics).

Doc-only. No code, no canon-ledger edits, no PII labels, no model identifiers.

🤖 Generated with Claude Code

https://claude.ai/code/session_01RhpwkHGgia2TuDFvdnuQdE


Generated by Claude Code

claude Bot and others added 5 commits June 29, 2026 19:10
… compiled)

Capture the consumer-side pattern: render a ClassView as an HTML field view
the way Redmine renders model fields with ERB, but compiled, type-safe,
JSON-free, and driven by a u64 field mask instead of per-field conditionals.
One generic Askama loop over a mask-filtered, generated FieldDesc[] table
(no if-noise). The render-mask = the read-mask: the same selector that
chooses which facets to decode chooses which fields to show (the render-side
twin of the compiled-ClassView spine). Discipline: field/idx/bit from ONE
generated source (I-LEGACY-API-FEATURE-GATED). Residual novel fields ->
generic Vec view or build.rs codegen.

Co-Authored-By: Claude <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RhpwkHGgia2TuDFvdnuQdE
…bstrate

Capture the synthesis before it dilutes (PROPOSAL, pending 5+3 hardening):
- OGAR = semantic transpiler; v3 substrate = the sink (s1.5 'sinks into OGAR').
- Two front-ends: serialization (syntax incidental) vs semantic-application
  (Odoo/Redmine/OpenProject) where syntax is PRESERVED (semantic->semantic).
- Three arms: THINK/Class+fieldview structure-preserving; DO/ActionDef
  re-imagined as classid-keyed adapters = the God-object/SoC dividend;
  membrane/KausalSpec.
- The universal selector: one generated bitmask = read=query=render=version=auth.
- classid/HHTL cascade = the semantic zoom + renderer dispatch by signature.
- living ractor mailbox-owned SoA; JSON-free end to end.
- Honest edges flagged for grading (generated-bits iron rule, Biolink upper
  layer, renderer scale ceiling). All claims [G]/[H]/[S]-gradable.

Co-Authored-By: Claude <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RhpwkHGgia2TuDFvdnuQdE
- ractor = RUNTIME ownership guarantee (mailbox serializes at runtime); NOT
  a compile-time borrow proof. n actors x up-to-64k partitions run
  concurrently, race-free by single-owner-per-partition.
- field count is a representation parameter ([u64;N] -> 256+), NOT a blocker.
- transpile is a landing zone (a destination, ahead of code): claims tagged
  CODED-today vs LANDING-ZONE rather than downgraded for being unbuilt.
- payoff stated: Odoo ERP at the cost of an import; past Palantir Foundry
  (whole-app transpile incl. DO arm -> ractor StateMachines, not rebuilt).
- factual fixes kept: DO arm = ractor StateMachine (not thin adapter);
  selector = N3 presence FieldMask doing 3 jobs (read/render/auth-projection);
  query rides a 2nd physical-tenant basis; version = radix lookup; auth
  verdict/scope = I-K8 folds. Two FieldMask bases must be type-separated.
- Firewall: Arrow/HTML egress is the OUTER crossing (ADR-022 s5 + D-KV-RENDER),
  inner path moves keys; no inner serialization.

Co-Authored-By: Claude <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RhpwkHGgia2TuDFvdnuQdE
…Writer = throughput

Correct the concurrency framing into two distinct mechanisms:
- ractor: compile-time ownership guarantee (mailbox-as-owner, Rust move
  semantics, UB becomes a compile error; E-CE64-MB-4). The SAFETY. n
  compile-time-owned partitions update in parallel, race-free by construction.
- Lance BatchWriter: the THROUGHPUT, and where cognition hides. On
  initiation, while one SoA batch lowers (persists to Lance), the next batch
  already thinks (computes) -- compute/persist overlap on a double-buffered
  SoA; cost ~ max(compute, write), not compute + write.

ractor is no longer the straw puppet carrying the concurrency story; it is
the compile-time safety, the BatchWriter overlap is the latency-hidden throughput.

Co-Authored-By: Claude <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RhpwkHGgia2TuDFvdnuQdE
…aph-llm / rig)

- DO arm: ActionDef -> StateMachine REALIZED AS an rs-graph-llm workflow graph;
  control-flow maps node-for-node => DO is lossless; F1 becomes a
  graph-equivalence check.
- New section 6 Orchestration & cognition: ActionDef -> rs-graph-llm graph ->
  ractor (compile-time execution ownership) -> Lance BatchWriter (overlap);
  rig = RAG + LLM boundary + thinking-replay; LLM API = removable training
  wheels; replay distils LLM traces into offline DeepNSM cognition.
- Edges: pin the lifecycle owner; use the REAL rs-graph-llm (not the
  graph-flow stub); offline-replay fidelity is LANDING-ZONE.

Co-Authored-By: Claude <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RhpwkHGgia2TuDFvdnuQdE

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7bdb0583f3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

|---|---|---|---|
| **read** (facet decode) | N3 presence `FieldMask` | compiled reader | **CODED** (`class_view.rs`) |
| **render** (field view) | same N3 `FieldMask`, bit-gated loop | compiled template | **CODED** (`render_rows`) |
| **auth field-projection** | same N3 `FieldMask`, OR-folded | role × lo-u16 grant lattice | **CODED** (`lance-graph-rbac::authorize_scoped`, `permission.rs::projection`) |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Do not mark RBAC field projection as shipped

In this repo's current canon, the mask-bearing auth path is still not shipped: README.md:76 says lance-graph-rbac::authorize is [H]/gated, and docs/CLASSID-RBAC-KEYSTONE-SPEC.md:197-203 says the projecting Allow { scope, mask } return remains CONJECTURE; a repo-wide rg authorize_scoped only finds this new doc. Marking auth field-projection as CODED here will lead consumers to depend on a scope/projection API that the existing contract still says is pending.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed. Downgraded auth-field-projection from CODED to [H] cross-repo lag: the authorize_scoped/field_mask code lives in the sibling lance-graph-rbac, but OGAR canon (CLASSID-RBAC-KEYSTONE-SPEC I-K8, README [H]) still grades the projecting Allow{scope,mask} CONJECTURE, so the doc no longer claims it as shipped-from-OGAR. Also added the part that is real and shippable today — verb × class action authorization (I-K8 axis-1) — as the DO handler's link to the existing lance-graph-rbac gate, with field-projection (axis-4) named as the separate pending leg.


Generated by Claude Code

Comment on lines +103 to +105
1. **Field count is a representation parameter, not a ceiling.** A presence mask
is `[u64; N]` — `[u64; 4]` = 256 fields, wider as needed; Odoo's 109-field
`account.move` is a `[u64; 2]`, not a wall. Widen the basis; the algebra is

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep the FieldMask width blocker visible

The current implementation and integration plan still enforce a single-u64 mask: crates/ogar-class-view/src/lib.rs:353-364 has field_basis_fits_in_one_u64_mask, and docs/INTEGRATION-MAP.md:111 / :345-346 call the 109-field Odoo case a real >64-field blocker until X7/F14. Saying the presence mask "is [u64; N]" and that account.move is not a wall hides the failure mode where fields beyond 64 are silently dropped in today's render path.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed — kept both truths. The doc now states the widening to [u64; N] is a cheap ClassView-index change (no architectural wall), and that shipped code is still single-u64 (field_basis_fits_in_one_u64_mask guard; INTEGRATION-MAP X7/F14), so fields beyond 64 silently drop in the current render path until the widening lands. Framed as a tracked limitation (X7/F14), not hidden and not an architectural ceiling.


Generated by Claude Code

claude Bot and others added 2 commits June 29, 2026 20:19
- auth field-projection: downgrade from CODED to [H] cross-repo lag (coded in
  sibling lance-graph-rbac, but OGAR canon/CLASSID-RBAC-KEYSTONE-SPEC still
  grades the projecting Allow{scope,mask} CONJECTURE). Don't depend on it as
  shipped-from-OGAR. (codex P2 #1)
- field-count: keep both truths — widening to [u64;N] is a cheap ClassView
  index (no architectural wall), but shipped code is single-u64
  (field_basis_fits_in_one_u64_mask guard; X7/F14), so fields >64 drop TODAY
  until the widening lands. Tracked limitation, not hidden. (codex P2 #2)
- action authorization (verb x class) rides the existing lance-graph-rbac
  gate (I-K8 axis-1) = the easiest real link; field-projection (axis-4) is the
  separate pending leg. Added to the s3 table and s6 orchestration layer.

Co-Authored-By: Claude <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RhpwkHGgia2TuDFvdnuQdE
…st rbac reuse; add Tuersteher AGI-gatekeeper payoff

- §3 action-auth row + prose: required_role is a compile-time const on the ActionDef in lance-graph-ogar/src/actions.rs ([G]-tested), most-shipped of the auth jobs; lance-graph-rbac supplies only the runtime grant map.
- §6 Authorization bullet: RBAC hardcoded on the class = the Tuersteher floor (def-match -> RBAC -> Libet -> MUL in commit); cognition decides above it, never lowers it.
- §6 punchline: capability-bounding not alignment-bounding -> thinking can upgrade to AGI, OGAR still gatekeeps every action structurally (closed DO surface + unforgeable commit gate). The legible pitch for compliance buyers.
- cross-ref ACTIONHANDLER-TURSTEHER.md + actions.rs receipt.
@AdaWorldAPI AdaWorldAPI merged commit b4b2fe7 into main Jun 29, 2026
1 check passed
AdaWorldAPI pushed a commit that referenced this pull request Jun 29, 2026
Extend the Redmine-ERB ClassView bitmask doc (PR #139) with the operator's
2026-06-29 refinements, now tested in ruff:

- 'Wide classes — the quadruplet and bucket chaining': the u64 mask is ONE
  bucket (64 fields); a wide class (Odoo account.move ~109 fields) chains up to
  4 buckets = the [u64; 4] quadruplet = 256, and the selected() loop is
  bucket-agnostic (idx/64, idx%64). Clean separation overflow automation; > 256
  is a god object that splits into a second ClassView, never a wider mask.
  Pinned + tested in ruff_spo_address::soc (FIELD_MASK_CAP = 256,
  field_mask_buckets, 109-field -> Duplication). lance-graph FieldMask is the
  eventual matching expansion.
- 'Simple rules': if it's a template it's probably a ClassView; deduplicate
  routes (N field-subset routes = one templated render with N masks); < 256 is
  clean, >= 256 is the god-object SoC split signal.
- Cross-refs to ruff_spo_address::soc and canonical_node::GUIDS_PER_NODE (the
  node-level twin of the same clean/SoC-over-packed doctrine).

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant