docs: add standalone architecture document and harness-derived goals

[frits-v]

Summary

• Create docs/architecture.md with layer diagram, module map, dependency direction rules, forbidden dependencies, cross-cutting concerns, and key invariants (directive 21)
• Add 7 new harness-derived directives (21-27) to GOALS.md based on .agents/research/harness.md analysis
• Mark directive 21 as complete

New Directives

#	Title	Harness Pillar
21	Standalone architecture document	Phase 0d
22	Hook error messages with WHAT/FIX/REF remediation	Pillar 2c
23	Path-based change risk classification	Pillar 3a
24	Scheduled entropy cleanup	Pillar 4b
25	Harness observability	Pillar 4f
26	Bug-category-to-gate coverage analysis	Pillar 4g
27	CLAUDE.md pruning discipline	Pillar 1b

Test plan

• cargo build passes
• cargo clippy passes
• Docs-only change — no code modifications
• CI green

🤖 Generated with Claude Code

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d2568fad-94ae-40d4-87b5-af9768a8f01d

📥 Commits

Reviewing files that changed from the base of the PR and between 7d6ae44 and e214d9a.

📒 Files selected for processing (1)

• docs/architecture.md

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/architecture.md

---

📝 Walkthrough

Walkthrough

New documentation and metadata were added: a cycle-history entry for cycle 17, seven new goals (21–27) in GOALS.md, and a new architecture document at docs/architecture.md defining workspace structure, dependency rules, invariants, and module maps.

Changes

Cohort / File(s)	Summary
Cycle History Tracking .agents/evolve/cycle-history.jsonl	Appended one entry for cycle: 17 targeting directive-21-architecture-doc with result: "improved", goals_passing: 12, goals_total: 19, and a timestamp; the added line omits canonical\_sha.
Development Goals GOALS.md	Added goals 21–27: new architecture doc requirement, standardized deny/block remediation format, path-based PR risk tiers with CI gates and second-agent review for High-risk paths, scheduled entropy cleanup rules (auto-merge limited to doc/dead-code removals), harness observability metrics, bug-category-to-gate coverage analysis, and CLAUDE.md pruning discipline.
Architecture Documentation docs/architecture.md	New file describing workspace layout (two crates: muzzle-hooks, muzzle-memory), module/dependency maps, a three-layer dependency model and forbidden dependency rules (crate independence, infrastructure must not import core/binaries), execution constraints (no async, no network, limited proc-macros), cross-cutting concerns (structured JSON logging, panic-as-deny behavior, audit-trail Markdown), state/storage locations, and operational invariants (fail-closed, read-only permission hook, lazy worktree creation, no shared mutable state).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly matches the main changes: adding a standalone architecture document (docs/architecture.md) and harness-derived goals (21-27 to GOALS.md).
Description check	✅ Passed	The description clearly relates to the changeset, detailing the three main changes: architecture.md creation, new directives 21-27, and marking directive 21 complete.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch wt/30ba2ccc

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR is a docs-only change that creates docs/architecture.md (a standalone architecture reference for the Muzzle workspace) and adds seven new harness-derived directives (21–27) to GOALS.md, marking directive 21 as complete.\n\nKey changes:\n- docs/architecture.md: New document covering the 3-tier layer model (binaries → core → infra), a full module map for both crates, dependency direction rules, five forbidden dependencies, cross-cutting concerns, key invariants, and an external dependency inventory. Both the serde_derive naming and the missing binaries → infra diagram edge flagged in earlier review rounds are now correctly handled.\n- GOALS.md: Seven new directives (22–27) capture future harness improvements: hook error remediation messages, path-based change risk classification, scheduled entropy cleanup, harness observability metrics, bug-category-to-gate coverage mapping, and CLAUDE.md pruning discipline.\n- .agents/evolve/cycle-history.jsonl: New cycle 17 record appended, though it is the only entry across all 17 cycles that omits canonical_sha, breaking schema consistency.

Confidence Score: 5/5

Safe to merge — docs-only change with no code modifications; prior review concerns are fully resolved.

Both previously identified issues (serde_derive naming error and missing diagram edge) are confirmed fixed. The only remaining item is a trivial P2 schema inconsistency in the cycle history log (missing canonical_sha), which does not block functionality. Convergence across review rounds is good.

.agents/evolve/cycle-history.jsonl — missing canonical_sha in cycle 17 entry.

Important Files Changed

Filename	Overview
.agents/evolve/cycle-history.jsonl	New cycle 17 entry added, but omits the canonical_sha field that all prior 16 entries include, breaking schema consistency.
GOALS.md	Adds directives 21–27 covering architecture docs, hook error formatting, change risk classification, entropy cleanup, observability, coverage analysis, and CLAUDE.md pruning. Well-structured and consistent with existing style.
docs/architecture.md	New standalone architecture document with layer diagram, module map, dependency direction rules, forbidden dependencies, and external dependency inventory. Content is accurate and consistent with CLAUDE.md and codebase structure; previous review issues (serde_derive naming, diagram edge) have been fixed.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    subgraph hooks["muzzle-hooks"]
        B["Binaries\nsession-start · permissions\nchangelog · session-end\nensure-worktree"]
        C["Core Modules\nsandbox · gitcheck\nsession · worktree/"]
        I["Infrastructure\nconfig · output · changelog\nlog · mcp"]
        B -->|imports| C
        B -->|imports| I
        C -->|imports| I
    end
    subgraph memory["muzzle-memory (independent)"]
        M["store · capture · inject · main"]
    end

Loading

_{Reviews (4): Last reviewed commit: "fix(docs): label storage paths as defaul..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

docs/architecture.md (1)

9-9: Add language identifiers to fenced code blocks (markdownlint MD040).

Please add a language hint to each code fence at Line 9, Line 24, and Line 45 to keep docs lint-clean.

Suggested markdown cleanup

-```
+```text
 muzzle (workspace)
 ├── hooks/    muzzle-hooks   5 binaries   Session isolation + sandbox enforcement
 └── memory/   muzzle-memory  1 binary     Persistent cross-project memory (SQLite + FTS5)

- +text
┌─────────────────────────────────────────────────┐
│ Binaries (bin/) │
...
└─────────────────────────────────────────────────┘

-```
+```text
binaries ──→ core modules ──→ infrastructure
              │                    ▲
              └────────────────────┘

</details>


Also applies to: 24-24, 45-45

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @docs/architecture.md at line 9, The fenced code blocks in
docs/architecture.md are missing language identifiers which triggers
markdownlint MD040; update each triple-backtick fence (the three code blocks
that render the ASCII tree and diagrams) to include a language hint such as
"text" (e.g., change totext) so the linter recognizes them; locate the
three fenced blocks that contain the ASCII diagrams and add the language
identifier to each opening fence (maintain the existing contents and closing
fences unchanged).

</details>

</blockquote></details>
<details>
<summary>GOALS.md (1)</summary><blockquote>

`237-241`: **Add a language identifier to the WHAT/FIX/REF code fence (MD040).**

Line 237 should use a fenced language (for example `text`) to satisfy markdown linting.


<details>
<summary>Suggested markdown fix</summary>

```diff
-```
+```text
 WHAT: <what was violated>
 FIX: <specific instruction the agent can execute>
 REF: <pointer to relevant doc or config>
 ```
```
</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @GOALS.md around lines 237 - 241, The fenced code block containing the
WHAT/FIX/REF template uses a plain triple-backtick fence without a language tag;
update that fence to include a language identifier (e.g., change the opening
"" to "text") so the block is recognized by Markdown linters (MD040) —
modify the fenced block shown with the lines "WHAT: FIX:
REF: " to start with a language like "text".

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>🤖 Prompt for all review comments with AI agents</summary>

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @docs/architecture.md:

• Around line 122-132: The runtime dependency summary string "5 runtime crates
  total (hooks: 5, memory: 1 additional)" is inconsistent with the table that
  lists six crates (serde, serde_json, regex, flate2, libc, rusqlite);
  update that summary to reflect the actual counts (e.g., "6 runtime crates total
  (hooks: 5, memory: 1 additional)") so the header matches the table entries.
• Around line 96-97: The doc line stating "No proc macros — serde derive is
  via serde_core (no proc-macro crate)" is inaccurate; update the "No proc
  macros" section to reflect that the workspace uses serde = { version = "1", features = ["derive"] } which pulls in the serde_derive proc-macro crate
  (confirmed in Cargo.lock). Replace the incorrect claim about serde_core/no
  proc-macro with a corrected statement that serde derive uses serde_derive (a
  proc-macro) or remove the absolute "No proc macros" constraint and note the
  exception for serde derive.

---

Nitpick comments:
In @docs/architecture.md:

• Line 9: The fenced code blocks in docs/architecture.md are missing language
  identifiers which triggers markdownlint MD040; update each triple-backtick fence
  (the three code blocks that render the ASCII tree and diagrams) to include a
  language hint such as "text" (e.g., change totext) so the linter
  recognizes them; locate the three fenced blocks that contain the ASCII diagrams
  and add the language identifier to each opening fence (maintain the existing
  contents and closing fences unchanged).

In @GOALS.md:

• Around line 237-241: The fenced code block containing the WHAT/FIX/REF
  template uses a plain triple-backtick fence without a language tag; update that
  fence to include a language identifier (e.g., change the opening "" to "text") so the block is recognized by Markdown linters (MD040) — modify the
  fenced block shown with the lines "WHAT: FIX: REF: " to
  start with a language like "text".

</details>

<details>
<summary>🪄 Autofix (Beta)</summary>

Fix all unresolved CodeRabbit comments on this PR:

- [ ] <!-- {"checkboxId": "4b0d0e0a-96d7-4f10-b296-3a18ea78f0b9"} --> Push a commit to this branch (recommended)
- [ ] <!-- {"checkboxId": "ff5b1114-7d8c-49e6-8ac1-43f82af23a33"} --> Create a new PR with the fixes

</details>

---

<details>
<summary>ℹ️ Review info</summary>

<details>
<summary>⚙️ Run configuration</summary>

**Configuration used**: Organization UI

**Review profile**: CHILL

**Plan**: Pro

**Run ID**: `5dadc003-b71a-47e4-a63e-7346f7959e39`

</details>

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between 13120716ff56ee99ed187190acee280b4eac5613 and f7f61f1de201d185c6e7b8e6a86e543063125694.

</details>

<details>
<summary>📒 Files selected for processing (3)</summary>

* `.agents/evolve/cycle-history.jsonl`
* `GOALS.md`
* `docs/architecture.md`

</details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

docs/architecture.md (2)

9-13: Consider adding language identifier to fenced code block.

The ASCII tree diagram could specify a language identifier (e.g., text or ascii) for better rendering and accessibility.

♻️ Proposed fix

-```
+```text
 muzzle (workspace)
 ├── hooks/    muzzle-hooks   5 binaries   Session isolation + sandbox enforcement
 └── memory/   muzzle-memory  1 binary     Persistent cross-project memory (SQLite + FTS5)

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @docs/architecture.md around lines 9 - 13, Update the fenced code block
containing the ASCII tree (the block that begins with and the lines starting "muzzle (workspace)" and "├── hooks/" / "└── memory/") to include a language identifier such as "text" or "ascii" (e.g., change the opening fence from to

block contents unchanged aside from the fence header.

---

24-49: Consider adding language identifiers to ASCII diagrams.

Both the layer diagram and dependency direction diagram use fenced code blocks without language specifiers. Adding text or ascii identifiers would improve rendering consistency.

♻️ Proposed fix

-```
+```text
 ┌─────────────────────────────────────────────────┐
 │  Binaries (bin/)                                │

And for the dependency diagram:

-```
+```text
 binaries ──→ core modules ──→ infrastructure

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/architecture.md` around lines 24 - 49, Update the two fenced code blocks
containing the ASCII diagrams by adding a language identifier (e.g., `text`)
after the opening backticks so they render consistently; specifically modify the
block that starts with "┌─────────────────────────────────────────────────┐"
(the layer diagram) and the block that starts with "binaries ──→ core modules
──→ infrastructure" (the Dependency Direction diagram) to use ```text as the
fence opener for each.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/architecture.md`:
- Line 80: The table row describing the `inject` option currently uses lowercase
"markdown"; update the description for `inject` (the "Format memories as
markdown for SessionStart injection" cell) to capitalize "Markdown" as a proper
noun so it reads "Format memories as Markdown for SessionStart injection",
ensuring the `inject` and `SessionStart` identifiers remain unchanged.

---

Nitpick comments:
In `@docs/architecture.md`:
- Around line 9-13: Update the fenced code block containing the ASCII tree (the
block that begins with ``` and the lines starting "muzzle (workspace)" and "├──
hooks/" / "└── memory/") to include a language identifier such as "text" or
"ascii" (e.g., change the opening fence from ``` to ```text) so the diagram
renders/accessibility metadata is explicit; leave the block contents unchanged
aside from the fence header.
- Around line 24-49: Update the two fenced code blocks containing the ASCII
diagrams by adding a language identifier (e.g., `text`) after the opening
backticks so they render consistently; specifically modify the block that starts
with "┌─────────────────────────────────────────────────┐" (the layer diagram)
and the block that starts with "binaries ──→ core modules ──→ infrastructure"
(the Dependency Direction diagram) to use ```text as the fence opener for each.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e01a52db-91ec-4c12-a1bb-090416604296

📥 Commits

Reviewing files that changed from the base of the PR and between f7f61f1 and 604bbd4.

📒 Files selected for processing (1)

• docs/architecture.md

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/architecture.md`:
- Around line 9-13: The three fenced code blocks that contain the ASCII diagrams
(the block starting with "muzzle (workspace) ...", the large box beginning
"┌─────────────────────────────────────────────────┐", and the flow diagram
"binaries ──→ core modules ──→ infrastructure") are missing language identifiers
and trigger markdownlint MD040; add the language tag (e.g., ```text) to the
opening fence of each of those blocks and do the same for the other ASCII/code
fences mentioned in the review (the additional diagram blocks later in the file)
so all fenced blocks include a language identifier.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 195fe74d-4504-4c0a-af8c-34b2bea60c38

📥 Commits

Reviewing files that changed from the base of the PR and between 604bbd4 and ea11676.

📒 Files selected for processing (1)

• docs/architecture.md

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/architecture.md`:
- Around line 107-108: Update the "State storage" and "Memory storage" rows in
the table so the paths are shown as defaults/examples rather than fixed
locations: change the entries for "State storage" (`~/.local/state/muzzle/`) and
"Memory storage" (`~/.muzzle/memory.db`) to explicitly label them as "default"
or "example" paths and mention that actual locations are XDG-configurable (or
overridden via configuration), so readers know these are not invariant across
environments.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 33cea5ee-904d-48d0-9fc0-f9f8e4fbdcf3

📥 Commits

Reviewing files that changed from the base of the PR and between ea11676 and 7d6ae44.

📒 Files selected for processing (1)

• docs/architecture.md