meetLab/ Docs/ OPS · 10 — EDPIPE Operations Guide

EDPIPE Operations Guide.

The operator surface for the Editorial Pipeline. Six stages — segment, canonicalize, compress, bind, evaluate, seal — wired into a strict, deterministic chain that emits a Final Execution Envelope. Every command in this page is the exact form the harness will accept.

StatusStable
DocOPS · 10 / 12
SourceEDPIPE_
Operations_Guide.md
Guide versionv1.1.0
AuthorityEDPIPE Stages 1–6 ·
Phase 4.5 hardened
I.

Scope & preconditions

EDPIPE is the deterministic editorial pipeline that produces a Final Execution Envelope (FEE) consumed by Phase-6 Admission. It is fail-closed and hash-bound: every output is reproducible bit-for-bit, every authority claim is hashed, every timestamp is excluded from hash material.

EDPIPE runs downstream of Tier 2 materialization and upstream of NTA seal mint and Phase-6 Admission. It does not grant execution authority on its own — the Stage-6 FEE is an input to admission, not a verdict on it.

Runtime invariant

Every invocation appends ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11. Python 3.11 is the canonical interpreter; other versions are not compliant.

II.

Operator run-order

The canonical execution surface is make edpipe-run. Validators below are invoked directly when an operator is verifying or recovering a single stage.

Canonical run (Phase 4.5 hardened)

make edpipe-run ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11
make index ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11
make witness ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11

Stage 2 canonicalize (manual entry, full-pipeline re-run)

PY=python3.11 PYTHON=python3.11 python3.11 edpipe/scripts/edpipe_stage2_canonicalize.py \
  --stage1 AST_STAGE1.json \
  --glossary docs/edpipe/editorial_pipeline/glossary_v1.0.json \
  --dsdm docs/edpipe/editorial_pipeline/dsdm_v1.0.json \
  --actors docs/edpipe/editorial_pipeline/allowed_actors_v1.0.json \
  --manifest-stage1 MANIFEST_STAGE1.json \
  --out-stage2 AST_STAGE2.json \
  --out-delta STAGE2_DELTA.jsonl

Per-stage validators (single / determinism / stress)

PY=python3.11 PYTHON=python3.11 python3.11 edpipe/scripts/edpipe_validate_stage2.py [single|determinism|stress]
PY=python3.11 PYTHON=python3.11 python3.11 edpipe/scripts/edpipe_validate_stage3.py [single|determinism|stress]
PY=python3.11 PYTHON=python3.11 python3.11 edpipe/scripts/edpipe_validate_stage4.py [single|determinism|stress]
PY=python3.11 PYTHON=python3.11 python3.11 edpipe/scripts/edpipe_validate_stage5.py [single|determinism|stress]
PY=python3.11 PYTHON=python3.11 python3.11 edpipe/scripts/edpipe_validate_stage6.py [single|determinism|stress]
stage chain stage 1 segment stage 2 canonicalize stage 3 compress stage 4 bind stage 5 evaluate stage 6 seal · FEE
strict ordering
Stages run in sequence. Skipping or re-ordering a stage is a protocol violation. Each stage consumes the prior stage's hash and re-derives it; mismatch is fatal.
III.

Stage map

The six stages are stateless read-transform-write functions. Each one is safe to re-run with the same inputs; in the absence of an implementation defect the outputs are bit-identical.

StageImplementationHash producedSchema version
1 · Segmentedpipe/stage1/segmenter.pynode_<id> (16-char SHA-256)EDPIPE_AST_STAGE1_v1
2 · Canonicalizeedpipe/stage2/detect.pyast_stage2_hashEDPIPE_AST_STAGE2_v1
3 · Compressedpipe/stage3/compress.pyast_stage3_hashEDPIPE_AST_STAGE3_v1
4 · Bindedpipe/stage4/bind.pybinding_scope_hashEDPIPE_STAGE4_BINDING_v1
5 · Evaluateedpipe/stage5/evaluate.pystage5_hashEDPIPE_STAGE5_VERDICT_v1
6 · Sealedpipe/stage6/seal.pystage6_hash · FEEEDPIPE_STAGE6_ENVELOPE_v1

Stage dependencies

Stage n consumes the artifact and hash of stage n−1. A modified upstream artifact requires re-running every downstream stage. Stage 5 emits a verdict (PASS or HALT); Stage 6 binds that verdict, the Stage-3 commit anchor, and the run identity into the FEE.

IV.

Validation modes

Each per-stage validator accepts three modes. Exit code 0 = PASS, exit code 1 = DENIED. No other exit codes are emitted.

ModePurposePass criterion
singleOne pass on a contract fixture or active artifactSchema valid, hashes consistent, no error code raised
determinism5-run repeatability checkAll 5 runs produce bit-identical output
stressFull stress matrix from edpipe/tests/fixtures/edpipe_stage<N>_stress_matrix_v1.jsonAll cases match expected verdict and error code
determinism is non-negotiable
Stages 4, 5, and 6 all implement 5-run repeatability. Stage 6 runs its check internally during envelope construction. A divergence on any run is a fatal nondeterminism error: abort the session, diagnose the entropy source, fix the implementation, re-enter from the start of the affected stage.
V.

CBM & binding scope

The Cryptographic Binding Manifest (CBM) is Stage 4's output and Stage 5's input. It binds the Stage-3 hash, the locked error surface, the commit anchor, and the version into a single hashable scope.

ALLOWED_BINDING_CONDITIONS (frozen)

  • ast_stage3_hash
  • binding_scope_hash
  • error_surface_lock
  • stage3_commit_anchor
  • version

Fields outside this list represent undeclared authority surfaces. A HALT Matrix rule that names such a field is rejected at Stage-5 entry as EDPIPE5_020_SCOPE_VIOLATION, regardless of whether the CBM happens to contain the named field.

Auditable metadata

The binding_timestamp field is auditable metadata only. It does not participate in binding_scope_hash, stage5_hash, or stage6_hash derivation.

VI.

HALT Matrix

The HALT Matrix is the rule set Stage 5 evaluates against the CBM. Each rule names a HALT code, a trigger schema, a binding condition (a field from the frozen list), and a severity.

Canonical example rule

{
  "code": "HALT-101",
  "trigger": "EDPIPE_STAGE4_BINDING_v1",
  "binding_condition": "version",
  "severity": "BLOCK"
}

This rule triggers (status = TRIGGERED) when cbm.version == "EDPIPE_STAGE4_BINDING_v1". Because severity is BLOCK, the pipeline routes to HALT → BLOCK. This is the canonical test rule used in the Stage-5 stress matrix.

Evaluation order

Rules are evaluated in declaration order. The first BLOCK-severity triggered rule short-circuits evaluation and produces a HALT verdict. If no BLOCK rule triggers, the verdict is PASS.

Authority boundary

The HALT Matrix is rule structure only. Rules cannot reference fields outside ALLOWED_BINDING_CONDITIONS; rules cannot read external state; rules cannot mutate the CBM. The matrix is signed by version string HALT_MATRIX_v1.

VII.

Cryptographic invariants

Canonical JSON

All hash computations use this serialization without exception:

json.dumps(obj, sort_keys=True, separators=(",", ":"), ensure_ascii=False)
  • sort_keys=True — key ordering is deterministic across Python versions and platforms.
  • separators=(",", ":") — compact format eliminates whitespace variability.
  • ensure_ascii=False — Unicode preserved as-is; no escape expansion.

Cryptographic Amnesia Boundary

Timestamps are excluded from all hash material. Violations are caught and named:

  • EDPIPE5_050_NONDETERMINISM_DETECTED — timestamp in Stage-5 hash material.
  • EDPIPE6_040_NONDETERMINISM_DETECTED — any entropy in Stage-6 hash material.

Hash algorithm by layer

LayerAlgorithmLengthFields
EDPIPE operationalSHA-256, full hex64 charsast_stage2_hash, ast_stage3_hash, binding_scope_hash, stage5_hash, stage6_hash
Node ID (Stage 1)SHA-256, truncated16 charsnode_<id>

EDPIPE operational hashes are distinct from Layer 1 (16-char task queue correlation) and Layer 2 (BLAKE3 64-char SHCLNode authority). Do not cross-substitute identifiers between systems.

VIII.

Error namespaces

Each stage owns a frozen error namespace. Codes are stable and may be matched against in tooling. Schema-shape failures use the per-stage _091_SCHEMA_FAIL suffix.

Stage 3 — EDPIPE3_* (6 codes)

  • EDPIPE3_030, EDPIPE3_040, EDPIPE3_050, EDPIPE3_060, EDPIPE3_070, EDPIPE3_091_SCHEMA_FAIL

Stage 4 — EDPIPE4_* (5 codes)

  • EDPIPE4_010_HASH_MISMATCH
  • EDPIPE4_020_SCOPE_MUTATION
  • EDPIPE4_030_ERROR_SURFACE_DRIFT
  • EDPIPE4_040_VERSION_MISMATCH
  • EDPIPE4_091_SCHEMA_FAIL

Stage 5 — EDPIPE5_* (6 codes)

  • EDPIPE5_010_BINDING_HASH_MISMATCH
  • EDPIPE5_020_SCOPE_VIOLATION
  • EDPIPE5_030
  • EDPIPE5_040_HALT_MATRIX_INVALID
  • EDPIPE5_050_NONDETERMINISM_DETECTED
  • EDPIPE5_091_SCHEMA_FAIL

Stage 6 — EDPIPE6_* (5 codes)

  • EDPIPE6_010_STAGE5_HASH_MISMATCH
  • EDPIPE6_020_VERDICT_DRIFT
  • EDPIPE6_030_COMMIT_ANCHOR_INVALID
  • EDPIPE6_040_NONDETERMINISM_DETECTED
  • EDPIPE6_091_SCHEMA_FAIL
IX.

Reset & recovery

Stages are stateless. Re-runs with identical inputs are bit-identical. The matrix below names the recovery path for every frozen error code.

FailureRecovery path
EDPIPE3_* (any)Fix inputs or Stage-3 implementation; re-run Stage 3
EDPIPE4_010_HASH_MISMATCHRe-run Stage 3 → re-run Stage 4
EDPIPE4_020_SCOPE_MUTATIONRe-run Stage 3; verify no post-stage mutation
EDPIPE4_030_ERROR_SURFACE_DRIFTDo not modify LOCKED_ERROR_SURFACE; re-run Stage 4 with correct locked surface
EDPIPE4_040_VERSION_MISMATCHVerify correct Stage-3 artifacts are supplied to Stage 4
EDPIPE5_010_BINDING_HASH_MISMATCHRe-run Stage 4; verify CBM not modified post-generation
EDPIPE5_020_SCOPE_VIOLATIONFix HALT Matrix rule binding_condition; re-run Stage 5
EDPIPE5_040_HALT_MATRIX_INVALIDFix HALT Matrix structure; re-run Stage 5
EDPIPE5_050_NONDETERMINISM_DETECTEDRemove timestamp from evaluate.py hash paths; re-run from Stage 4
EDPIPE6_010_STAGE5_HASH_MISMATCHRe-run Stage 5; verify Stage-5 manifest not modified
EDPIPE6_020_VERDICT_DRIFTRe-run Stage 5 to produce valid verdict; re-run Stage 6
EDPIPE6_030_COMMIT_ANCHOR_INVALIDProvide valid anchor: git rev-parse HEAD; re-run Stage 6
EDPIPE6_040_NONDETERMINISM_DETECTEDAbort session. Fix entropy in seal.py; re-run from Stage 5
Any _091_SCHEMA_FAILInspect artifact keys; re-run producing stage to regenerate

EDPIPE6_040 abort protocol

EDPIPE6_040_NONDETERMINISM_DETECTED is the only EDPIPE error that mandates session abort. The Stage-6 sealing function has an implementation defect introducing entropy.

  1. Do not retry Stage 6.
  2. Do not use the partially-constructed FEE.
  3. Identify the entropy source in edpipe/stage6/seal.py.
  4. Fix the defect.
  5. Run PY=python3.11 PYTHON=python3.11 python3.11 edpipe/scripts/edpipe_validate_stage6.py determinism — must exit 0.
  6. Run PY=python3.11 PYTHON=python3.11 python3.11 edpipe/scripts/edpipe_validate_stage6.py stress — all cases must pass.
  7. Re-enter pipeline from Stage 5.
X.

Build integration

EDPIPE operates within the Tier 2 / Phase domain — downstream of Tier 2 materialization, upstream of NTA seal mint and Phase-6 Admission.

Tier 0 (drift)
  → Tier 1 (materialize)
    → Tier 2 (harden & seal)
      → EDPIPE Stage 3 → Stage 4 → Stage 5 → Stage 6
        → NTA seal mint
          → Phase-6 admission
            → Runtime execution

Canonical execution target

make edpipe-run ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11

The target enforces identical outputs across 5 runs before execution is considered valid. Post-run registry re-anchor remains mandatory:

make index ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11
make witness ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11

A non-zero make witness exit code indicates registry drift that must be resolved before proceeding.

Makefile wiring

EDPIPE registry targets live in orchestration/make/edpipe/registry.mk. No per-stage make targets are exposed beyond the canonical edpipe-run wrapper. Stage validators remain directly invokable via Python scripts.

Execution authority chain

The Stage-6 FEE is consumed by Phase-6 Admission, which verifies:

  1. Active seal from runtime/governance/session_state.json ("seal_path").
  2. FEE execution_route == ALLOW.
  3. Audit trail shows valid append for the stage sequence.
  4. Issues APPROVED verdict or DENIED (with HALT code) — fail-closed.

The FEE grants no execution authority on its own. Authority is only active once Phase-6 issues an APPROVED verdict and the ACK envelope is persisted to runtime/airlock/envelopes/.

XI.

File index

Stage implementations

  • edpipe/stage1/segmenter.py
  • edpipe/stage2/detect.py
  • edpipe/stage3/compress.py
  • edpipe/stage4/bind.py
  • edpipe/stage5/evaluate.py
  • edpipe/stage6/seal.py

Validation scripts

  • edpipe/scripts/edpipe_stage2_canonicalize.py
  • edpipe/scripts/edpipe_validate_stage2.py
  • edpipe/scripts/edpipe_validate_stage3.py
  • edpipe/scripts/edpipe_validate_stage4.py
  • edpipe/scripts/edpipe_validate_stage5.py
  • edpipe/scripts/edpipe_validate_stage6.py

Stress matrices

  • edpipe/tests/fixtures/edpipe_stage3_stress_matrix_v1.json
  • edpipe/tests/fixtures/edpipe_stage4_stress_matrix_v1.json
  • edpipe/tests/fixtures/edpipe_stage5_stress_matrix_v1.json
  • edpipe/tests/fixtures/edpipe_stage6_stress_matrix_v1.json

Editorial pipeline configuration

  • docs/edpipe/editorial_pipeline/glossary_v1.0.json — Stage-2 token substitution mappings
  • docs/edpipe/editorial_pipeline/dsdm_v1.0.json — Declarative Semantic Detection Matrix (invariant patterns)
  • docs/edpipe/editorial_pipeline/allowed_actors_v1.0.json — actor allowlist for governance

Contracts & anchors

  • edpipe/contracts/edpipe/stage2/v1/CONTRACT.txt — Stage-2 Option A constraints
  • edpipe/contracts/edpipe/stage2/v1/AST_STAGE1.json · MANIFEST_STAGE1.json — fixtures
  • .anchors/EDPIPE_STAGE3_FREEZE_v1.txt · EDPIPE_STAGE3_REGISTRY_v1.md
  • .anchors/EDPIPE_STAGE4_FREEZE_v1.txt · EDPIPE_STAGE4_REGISTRY_v1.md
  • .anchors/EDPIPE_STAGE5_FREEZE_v1.txt · EDPIPE_STAGE5_REGISTRY_v1.md
  • .anchors/EDPIPE_STAGE6_FREEZE_v1.txt · EDPIPE_STAGE6_REGISTRY_v1.md
  • docs/edpipe/EDPIPE_STAGE1_STAGE2_DETECT_REGISTRY_v1.md · EDPIPE_STAGE2_REGISTRY_v1.md · EDPIPE_STAGE2_FREEZE_v1.txt

Run artifacts & build wiring

  • artifacts/edpipe/stage2_runs/<date>/AST_STAGE2.json · MANIFEST_STAGE2.json · STAGE2_DELTA.jsonl
  • orchestration/make/edpipe/registry.mk
  • docs/01_governance/ — canonical governance authority path
XII.

Session closure

Complete every item in order before closing a development session that touched EDPIPE.

  • Stage completion. Last stage that ran produced valid artifacts (exit 0 from validation).
  • Strict ordering. Stages ran in sequence — Stage 3 → 4 → 5 → 6. None skipped or re-ordered.
  • Determinism verification. Run edpipe_validate_stage<N>.py determinism for any stage modified this session.
  • Stress pass. Run edpipe_validate_stage<N>.py stress for any stage whose implementation or fixtures were modified. All cases exit 0.
  • FEE integrity. If Stage 6 ran, FEE contains execution_route: "ALLOW", or BLOCK verdict explicitly acknowledged.
  • Registry hygiene. make index ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11 && make witness ORCHESTRATED=1 PY=python3.11 PYTHON=python3.11 — witness exits 0.
  • Anchor registration. If a new freeze or registry anchor was minted, anchor file committed and reflected in make witness.
  • Abort state. No EDPIPE6_040 session-aborted event left a partially constructed envelope.
  • Version control. All modified scripts, fixtures, and artifact outputs committed.

Locked at v1.1.0

  • Stage-3 namespace (EDPIPE3_*) — 6 codes · Stage-4 (EDPIPE4_*) — 5 codes · Stage-5 (EDPIPE5_*) — 6 codes · Stage-6 (EDPIPE6_*) — 5 codes.
  • Stage-2 Option A canonicalization contract (edpipe/contracts/edpipe/stage2/v1/CONTRACT.txt).
  • ALLOWED_BINDING_CONDITIONS set in Stage 5.
  • Canonical JSON serialization (sort_keys=True, separators=(",", ":"), ensure_ascii=False).
  • Schema version strings (EDPIPE_AST_STAGE*_v1, EDPIPE_STAGE*_MANIFEST_v1, HALT_MATRIX_v1, EDPIPE_PIPELINE_v1).
  • Makefile canonical execution target edpipe-run (Phase 4.5 hardened).
verdict path cbm halt matrix stage 5 verdict stage 6 seal FEE · ALLOW | any rule BLOCKs → HALT
doc · 10 · build 2026-04-25 event → enforce(event) → invariant → PASS | HALT meetLab · 2026