feat(contract): promote ClassRbac trait + Operation to contract::rbac (keystone §11)

[AdaWorldAPI]

What & why — threading the contract ↔ rbac ↔ ogar ↔ callcenter chain

The four-crate RBAC chain had one structural gap. The keystone (CLASSID-RBAC-KEYSTONE-SPEC.md §11/Q5) prescribes impl ClassRbac for OgarClassView — but ClassRbac lived in lance-graph-rbac, and lance-graph-ogar doesn't depend on rbac (only contract). So ogar structurally could not implement the trait. §11 places it in contract.

            contract (zero-dep hub)
             ▲         ▲              ▲
   ┌─────────┘         │ deps         │ deps
  rbac ◄──────────── ogar          callcenter ──deps──► rbac
  authorize() kernel  OgarClassView  UnifiedBridge membrane
  ClassGrants/Policy  (can now impl   (Operation/Policy/
  AccessDecision/auth  ClassRbac)      AccessDecision)

Change (scoped to exactly the trait placement)

• NEW lance_graph_contract::rbac: ClassId / ActorId / RoleId, Operation<'a> (reads the contract's own property::PrefetchDepth — no rbac dep), and trait ClassRbac { actor_roles, grant_permits }. A contract-only impl ClassRbac test proves ogar can satisfy it with contract-only types.
• lance-graph-rbac re-exports them: policy::Operation and authorize::{ClassRbac, ClassId, ActorId, RoleId} paths are unchanged. authorize() + ClassGrants + Policy + AccessDecision + the 0x0B auth membrane stay in rbac (Q5: "rbac stays contract-tier").

Zero breakage (verified)

• lance-graph-callcenter (in-repo consumer of Operation/Policy) builds against the re-exports.
• The sibling smb-realtime / medcare-realtime gates consume AccessDecision (which did not move) — untouched.
• contract::rbac 2 tests + 723 contract tests; rbac 21 tests; clippy -D warnings + fmt clean.

Prior-art surfaced (deliberately NOT duplicated)

The "consult before you guess" rule caught two existing contract types this promotion sits alongside rather than re-inventing: contract::auth::ActorContext (the resolved actor triple rbac::auth::ResolvedIdentity mirrors — convergence tracked as follow-on) and contract::external_membrane::MembraneGate (the gate trait that consults ClassRbac; they compose, not duplicate).

Follow-on (not in this PR)

A meaningful impl ClassRbac for OgarClassView needs the §6 project_role.granted typed tenant (grant data the ClassView doesn't carry yet) — the §6-gated next step. This PR is the unblock.

Board: LATEST_STATE.md + EPIPHANIES.md (E-CLASSRBAC-PROMOTED-TO-CONTRACT) updated in-commit.

🤖 Generated with Claude Code

---

Generated by Claude Code

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Warning

Review limit reached

@AdaWorldAPI, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 22 minutes and 56 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e8300361-ede6-4b3a-ae99-afb7dcc2d847

📥 Commits

Reviewing files that changed from the base of the PR and between 927c668 and fce9840.

📒 Files selected for processing (6)

• .claude/board/EPIPHANIES.md
• .claude/board/LATEST_STATE.md
• crates/lance-graph-contract/src/lib.rs
• crates/lance-graph-contract/src/rbac.rs
• crates/lance-graph-rbac/src/authorize.rs
• crates/lance-graph-rbac/src/policy.rs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}