Skip to content

[runtime] wrap canonical receipts in runtime metadata envelope#17

Merged
GsCommand merged 1 commit intomainfrom
codex/implement-phase-2-with-wrapper-model
Mar 18, 2026
Merged

[runtime] wrap canonical receipts in runtime metadata envelope#17
GsCommand merged 1 commit intomainfrom
codex/implement-phase-2-with-wrapper-model

Conversation

@GsCommand
Copy link
Copy Markdown
Contributor

@GsCommand GsCommand commented Mar 18, 2026

Motivation

  • Preserve a strict verification boundary by keeping the canonical, signed receipt exactly as produced by runtime-core while moving runtime-only context (trace, actor, delegation/orchestration details) out of the canonical payload.
  • Maintain backward compatibility for callers and tooling by making /verify accept either a bare canonical receipt or the new wrapper and by minimizing changes to verification/schema logic.

Description

  • Change makeReceipt in server.mjs so it builds and signs a canonical receipt that excludes runtime-only fields like trace, actor, and delegation_result, and add wrapReceiptResponse to produce the wrapper { receipt, runtime_metadata } returned by verb endpoints.
  • Update verb handlers in server.mjs to return the wrapper via res.json(wrapReceiptResponse(receipt, { trace, actor })) and return wrapper-shaped error receipts on signing errors.
  • Update /verify logic in server.mjs to accept either a bare receipt or a wrapped object (via extractReceiptPayload), to normalize and verify the extracted canonical receipt with runtime-core, and to run schema validation against the extracted canonical receipt only.
  • Refresh tests, smoke scripts, and fixtures to use the wrapper model and to exercise both compatibility paths by unwrapping when needed; specifically adjust runtime/tests/runtime-signing.test.mjs, tests/smoke.mjs, scripts/smoke.mjs, tests/fixtures/make-golden.mjs, tests/fixtures/golden.receipt.json, and tests/golden.mjs; also update README.md examples and guidance to document the new response shape and verification boundary.

Testing

  • Ran npm run check and it completed successfully with no syntax errors.
  • Ran unit tests with npm run test:unit and all tests passed (16/16 runtime tests passed).
  • Regenerated and validated the golden fixture with node tests/fixtures/make-golden.mjs and node tests/golden.mjs which succeeded.
  • Ran the full test script npm test (unit tests + smoke) and it completed successfully; note there is no ./e2e.sh in this repo so stack e2e was not run.

Codex Task

@GsCommand
[runtime] wrap canonical receipts in runtime metadata envelope
b246124 
Why: keep the signed Commons receipt verifiable while moving runtime-only trace and actor context out of the canonical payload.
Contract impact: verb responses now return { receipt, runtime_metadata } and /verify accepts either wrapped or bare receipts.
@GsCommand GsCommand merged commit df15a56 into main Mar 18, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GsCommand