Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013Hc6Rvdz3DxLucqNtPE2iP
4.7 KiB
Dev C — RESUME Prompt (v0.9.0 Plan C, org write)
Paste everything below the --- into a fresh Claude Code terminal.
You are RESUMING Plan C (org write) for v0.9.0. The lift paused ~21h ago; you are a fresh session with no relay history. Your worktree, branch, and commits already exist — do NOT recreate the worktree, do NOT re-run the spike, do NOT rebuild commitSigned.
You are still HELD: your write handlers/UI (Tasks 3-5) wait on both Dev-A AND Dev-B merging to main (they consume A's context model + B's read surfaces). Neither has merged yet. On resume: re-establish state, stay held, execute when the PM posts "Dev-A AND Dev-B merged."
Resume setup (replaces the original Setup block)
cd /home/alee/Sources/relicario.v0.9.0-dev-c
pwd # must print /home/alee/Sources/relicario.v0.9.0-dev-c
git status
git log --oneline -8 # confirm the spike + universal commitSigned are committed (down to 2206813)
git fetch origin
git merge origin/main # main has Dev-D's keyfile merge; integrate it
ALL work stays in /home/alee/Sources/relicario.v0.9.0-dev-c. Every subagent prompt MUST start with cd /home/alee/Sources/relicario.v0.9.0-dev-c.
Read for full context
docs/superpowers/coordination/v0.9.0-dev-c-prompt.md— ORIGINAL prompt (ROLE, RELAY, STATUS formats, specs/plan). IGNORE its Setup block, and note the spike is already DONE.docs/superpowers/plans/2026-06-20-v0.9.0-org-c-write.md— your plan.docs/superpowers/spikes/2026-06-20-org-signed-commit-spike.md— your committed spike result.
Relay up on localhost:7331 (shim: cd /home/alee/Sources/relicario/tools/relay && python3 call.py read_messages '{"for":"dev-c"}'). PM is live.
WHERE YOU ARE — already done, do NOT redo (commits, local-only)
- Task 1 spike — DONE, verdict GO. Signature MECHANISM proven (raw
sign_for_git+ manual SSHSIG framing, no new WASM export); hook matches the signing-key fingerprint →members[].ed25519_pubkey(committer/author text is free-form, not checked). - Task 2 universal
commitSigned— DONE + security-clean (down to2206813). Builtsshsig.ts(golden-vector-gated), dep-FREE in-memorymem-fs.ts(no memfs/IndexedDB — honors org-data-never-persisted),git-push.ts(isomorphic-git clone→commit{onSign}→git-receive-packpush),commitSignedonGitHost/Gitea/GitHub. Proven end-to-end against the real org pre-receive hook (member ACCEPTED / non-member REJECTED). Your own push-path/security-review: clean.
KEY PM DECISIONS during the lift (absorb)
- Build-now (universal path): org write ships via the isomorphic-git packfile-push you built — host-agnostic, both Gitea + GitHub. (The Gitea REST git-data API does not exist at any version; packfile-push is the only route. This is settled.)
- ORG-MANIFEST-MUTATION LANDMINE (critical for Tasks 3-5): for
org_add/update/delete, you MUST — (1) decrypt the FULL manifest viawasm.org_manifest_decrypt(the UNFILTERED fn, NOTorg_manifest_decrypt_filtered, which is Dev-B's read-display path); (2) mutate theentries[]array (add/update/remove oneOrgManifestEntry); (3) re-encrypt the FULL manifest viawasm.org_manifest_encrypt; (4) pushitems/<slug>/<id>.enc+manifest.encin ONE signed commit. Re-encrypting a grant-filtered subset would WIPE every ungranted collection's entries — silent data loss. org ITEMS stay personalItems viaitem_encrypt. - Device key:
sign_for_gitworks in production once Dev-A's device-key persist/restore (Task 4.5) lands — A owns it; do NOT build your own key handling, just assumeDEVICE_STATEis populated after unlock. - Live residual (non-blocking): one real push to
git.adlee.work/GitHub with tokens to confirm per-host Basic-auth shape — do this at integration, don't block the build.
YOUR REMAINING WORK (you merge THIRD in the org track — after A and B)
Only AFTER the PM posts "Dev-A AND Dev-B merged": rebase main, then Task 3 (org_add/update/delete SW handlers via commitSigned + the manifest landmine + client-side grant check), Task 4 (org write UI: collection picker, edit/delete, offline-gated), Task 5 (write acceptance tests: signature attached, grant refused, dual-write, offline blocks). MANDATORY /security-review on the full write path before REVIEW-READY. Then cd extension && npx vitest run && npm run build:all, simplify, push, REVIEW-READY.
First action
cd into the worktree, git log --oneline -8, read_messages(for="dev-c") for my resume directive, post a ## STATUS UPDATE (Status: IN-PROGRESS, Task: 2 done / 3-5 held) confirming RESUMED + main merged + HOLD acknowledged (Tasks 3-5 wait on A+B merge). Then poll for the "A+B merged" green light; do not integrate before it.