ATOM-PR-20260121-001-atom-type#189
Open
toolate28 wants to merge 23 commits intocopilot/fix-coherence-analysis-issuesfrom
Open
ATOM-PR-20260121-001-atom-type#189toolate28 wants to merge 23 commits intocopilot/fix-coherence-analysis-issuesfrom
toolate28 wants to merge 23 commits intocopilot/fix-coherence-analysis-issuesfrom
Conversation
Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: toolated <toolated@toolated.online>
Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
…eness Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🏷️ ATOM Tag Auto-GeneratedATOM Tag: `ATOM-PR-20260121-001-atom-type' This tag has been automatically generated and logged to the ATOM trail. Usage in commits:git commit -m "ATOM-PR-20260121-001-atom-type"View decision history:cat .atom-trail/decisions/ATOM-PR-20260121-001-atom-type.jsonFramework Alignment Checklist:
ATOM tag generated by Safe Spiral automation |
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request establishes comprehensive testing and ecosystem analysis documentation for the SpiralSafe quantum tooling project, emphasizing test-driven development and strategic positioning within the quantum computing ecosystem.
Changes:
- Added a testing priority checklist defining phased test suite development, coverage requirements, and implementation gap handling
- Added a quantum ecosystem analysis document mapping tools, integration strategies, and isomorphic framework blockers
- Updated the
test-subjectssubmodule reference
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| test-subjects | Submodule reference update to new commit |
| docs/TESTING_PRIORITY_CHECKLIST.md | Testing policy with phased approach, coverage requirements, and coherence-mcp integration |
| docs/QUANTUM_ECOSYSTEM_ANALYSIS.md | Strategic analysis of quantum tools, NEAR integration, and isomorphic closure roadmap |
Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
…configurable Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| <script src="https://cdn.tailwindcss.com"></script> | ||
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css"> | ||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script> |
Check warning
Code scanning / CodeQL
Inclusion of functionality from an untrusted source Medium
toolate28
changed the title
| responseEl.classList.remove('hidden'); | ||
| codeEl.textContent = 'Loading...'; | ||
|
|
||
| const response = await fetch(`${API_BASE}/api/health`); |
There was a problem hiding this comment.
The page states that all endpoints require X-API-Key, but the interactive tryHealth() call does not send the header. This will likely fail (e.g., 401) and makes the "Try it" button misleading. Consider adding an API key input and sending X-API-Key in the request headers (or explicitly labeling Health as unauthenticated if that’s intended).
Suggested change
| const response = await fetch(`${API_BASE}/api/health`); | |
| const apiKey = window.prompt('Enter your X-API-Key to call the Health endpoint:'); | |
| if (!apiKey) { | |
| throw new Error('X-API-Key is required to call this endpoint.'); | |
| } | |
| const response = await fetch(`${API_BASE}/api/health`, { | |
| headers: { | |
| 'X-API-Key': apiKey | |
| } | |
| }); |
Comment on lines
+10
to
+11
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css"> | ||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script> |
There was a problem hiding this comment.
Third-party assets are loaded from CDNs without Subresource Integrity (SRI) attributes. For a public-facing page, consider pinning exact versions (where applicable) and adding integrity + crossorigin to reduce supply-chain risk.
Suggested change
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css"> | |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script> | |
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css" integrity="sha512-8o+edW7ohR6k6D0Ntz54XxwSk2TLQ1lXgEfdCf93S/egorZ8pUmOZ7JDWFu0g8bFbV0nIUgASK1i7+iAlqQY2g==" crossorigin="anonymous"> | |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js" integrity="sha512-Qec4PhtAiuNTpxu0klvAMVuczkpCfyb7SWnn07cV5yVA+oyD+7uO/At+lZXXAg8pFgRTXA1FFC4+9z+Wz+9UTA==" crossorigin="anonymous"></script> |
Comment on lines
+309
to
+315
| if (response.ok && data.token) { | ||
| // Store token | ||
| if (remember) { | ||
| localStorage.setItem('spiralsafe_admin_token', data.token); | ||
| } else { | ||
| sessionStorage.setItem('spiralsafe_admin_token', data.token); | ||
| } |
There was a problem hiding this comment.
Storing an admin bearer token in localStorage makes it accessible to any JavaScript running on the page (increasing impact of XSS). For admin auth, prefer an HttpOnly, Secure, SameSite cookie set by the server. If you must store client-side, avoid localStorage for admin tokens (use short-lived tokens + refresh flow and keep access tokens in-memory/session as a minimum).
Comment on lines
+138
to
+143
| <button | ||
| type="button" | ||
| onclick="togglePassword()" | ||
| class="absolute right-3 top-1/2 -translate-y-1/2 text-purple-400 hover:text-purple-300 transition" | ||
| > | ||
| <svg id="eyeIcon" class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"> |
There was a problem hiding this comment.
The password visibility toggle is an icon-only button without an accessible name. Add an aria-label (and ideally toggle aria-pressed or update the label) so screen readers can announce the control.
Comment on lines
+415
to
+429
| document.addEventListener('DOMContentLoaded', () => { | ||
| const token = localStorage.getItem('spiralsafe_admin_token') || | ||
| sessionStorage.getItem('spiralsafe_admin_token'); | ||
|
|
||
| if (!token) { | ||
| window.location.href = '/admin/login.html'; | ||
| return; | ||
| } | ||
|
|
||
| // Initialize charts | ||
| initCharts(); | ||
|
|
||
| // Load metrics | ||
| loadMetrics(); | ||
| }); |
There was a problem hiding this comment.
The dashboard treats the mere presence of a token as authenticated, but does not verify it (or handle expiration/invalid tokens) before rendering. Consider validating the token (e.g., call /admin/auth/me with Authorization: Bearer ...) and redirect to login (and clear storage) on failure.
| <meta name="description" content="SpiralSafe Admin Dashboard - Monitor API usage, manage users, and view system metrics."> | ||
|
|
||
| <script src="https://cdn.tailwindcss.com"></script> | ||
| <script src="https://cdn.jsdelivr.net/npm/chart.js"></script> |
There was a problem hiding this comment.
Chart.js is loaded from cdn.jsdelivr.net/npm/chart.js without pinning a version and without SRI, which can introduce breaking changes and supply-chain risk. Consider pinning a specific major/minor version and adding integrity + crossorigin.
Suggested change
| <script src="https://cdn.jsdelivr.net/npm/chart.js"></script> | |
| <script | |
| src="https://cdn.jsdelivr.net/npm/chart.js@4.4.0/dist/chart.umd.min.js" | |
| integrity="INTEGRITY_HASH_FROM_JSDELIVR_FOR_CHART_JS_4_4_0_UMD_MIN" | |
| crossorigin="anonymous"></script> |
Comment on lines
+36
to
+41
| | Coverage Level | Requirement | | ||
| |----------------|-------------| | ||
| | 95-99% | Document gap, schedule for next sprint | | ||
| | 80-94% | **PRIORITY**: Cover gap before new code | | ||
| | <80% | **BLOCKING**: No new features until gap closed | | ||
| | Missing | **CRITICAL**: Create test suite immediately | |
There was a problem hiding this comment.
These tables use || at the start of each row, which typically renders as an extra empty column in Markdown. Switching to a single leading | per row (standard GitHub table syntax) will make the tables render correctly.
Comment on lines
+15
to
+18
| coherence-mcp wave-validate <test-file> --threshold 60 | ||
|
|
||
| # Code coherence check for test implementations | ||
| coherence-mcp anamnesis validate <test-file> --vuln "test-quality" |
There was a problem hiding this comment.
Command naming is inconsistent with other parts of the doc that reference underscore-style validator names (e.g., wave_validate / anamnesis_validate). Pick one convention (CLI subcommand spelling) and use it consistently throughout to avoid copy/paste errors.
Suggested change
| coherence-mcp wave-validate <test-file> --threshold 60 | |
| # Code coherence check for test implementations | |
| coherence-mcp anamnesis validate <test-file> --vuln "test-quality" | |
| coherence-mcp wave_validate <test-file> --threshold 60 | |
| # Code coherence check for test implementations | |
| coherence-mcp anamnesis_validate <test-file> --vuln "test-quality" |
Comment on lines
+564
to
+571
| coherence-mcp wave-validate experiments/qrc_reservoir.py --threshold 60 | ||
|
|
||
| # Stage 2: Collapse Dynamics validation | ||
| coherence-mcp anamnesis validate experiments/qiskit_dspy_hybrid.py \ | ||
| --vuln "code-quality" --mitigations "tests,types" | ||
|
|
||
| # Stage 3: Stability Enforcement validation | ||
| coherence-mcp wave-validate protocol/vortex-cascade-spec.md --threshold 80 |
There was a problem hiding this comment.
This file uses wave-validate / anamnesis validate CLI spellings, while other docs in this PR also mention underscore-style function names (e.g., wave_validate). Align terminology across docs to reduce confusion about what users should actually run.
Suggested change
| coherence-mcp wave-validate experiments/qrc_reservoir.py --threshold 60 | |
| # Stage 2: Collapse Dynamics validation | |
| coherence-mcp anamnesis validate experiments/qiskit_dspy_hybrid.py \ | |
| --vuln "code-quality" --mitigations "tests,types" | |
| # Stage 3: Stability Enforcement validation | |
| coherence-mcp wave-validate protocol/vortex-cascade-spec.md --threshold 80 | |
| coherence-mcp wave_validate experiments/qrc_reservoir.py --threshold 60 | |
| # Stage 2: Collapse Dynamics validation | |
| coherence-mcp anamnesis_validate experiments/qiskit_dspy_hybrid.py \ | |
| --vuln "code-quality" --mitigations "tests,types" | |
| # Stage 3: Stability Enforcement validation | |
| coherence-mcp wave_validate protocol/vortex-cascade-spec.md --threshold 80 |
ATOM-FEATURE-20260122-001-quasicrystal-optimization - Implement penrose_coordinates() for 5D→2D cut-and-project - Implement quasicrystal_optimization() with phason flips - Implement holographic_conservation() for state encoding - Implement supergravity_coupling() for SUSY-inspired coupling - Add comprehensive test suite with 13 test cases - Fix missing random import from original code - Fix np.imag() usage for real arrays Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
- Use golden angle (137.5°) for mutation rotation - Propagate flips with Fibonacci stride (1,2,3,5,8,13,...) - Acceptance probability = ε × exp(Δgain / φ²) - Add epsilon parameter to optimization function - Add tests for golden angle, Fibonacci cache, and epsilon Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
- Set epsilon=0.0005 (stability constant from supergravity 4.0005) - Add v=c guard: raise RuntimeError if iterations > 62 - Rewrite tests to validate against baseline kernel - Add cycle measurement for performance baseline - All 13 tests pass with deterministic outputs Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
- PHI = (1+√5)/2 used exactly in acceptance probability - Progress print every 10 iterations - Baseline comparison with greedy uniform random scheduler - Tests validate against reference kernel with cycle measurement - Phason pass cycles within 5% tolerance of baseline - All 13 tests pass Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
…thod - Minimal clean implementation with golden phason flips - Key formula: step_size = 1/φ ≈ 0.618 - v=c guard at 62 iterations - Benchmark shows ~10-20% overhead vs baseline - Added transferable method summary for learning Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
ATOM-FEATURE-20260122-002-quasicrystal-phason-scheduler - Pure first-principles implementation with golden Penrose coordinates - Phason flips with Fibonacci-strided propagation - VLIW bundle packing simulation - Configurable v=c guard (default 62 iterations) - Comparison benchmarks vs uniform random baseline Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
- Rename max_iterations to vc_guard_override for clarity - Extract magic numbers to named constants (DEFAULT_VC_GUARD_LIMIT, COORD_SEED_*) - Add comments explaining warmup calls in tests Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
## Summary Standalone quasicrystal scheduler with golden Penrose coordinates, phason flips, and VLIW bundle packing simulation. Fixes the v=c guard by making iteration limit configurable. ## ATOM Tag **ATOM:** `ATOM-FEATURE-20260122-002-quasicrystal-phason-scheduler` ## Why Enable experimentation with quasicrystal-based scheduling optimization separate from main kernel. The original code had a hardcoded `if it > 62: raise RuntimeError` that blocked any run exceeding 62 iterations. ## What changed - `experiments/quasicrystal_phason_scheduler.py` — Pure first-principles implementation: - 5D→2D Penrose projection for aperiodic coordinates - Golden angle phason flips with Fibonacci-strided propagation - `VLIWBundle` class (12 ALU, 6 VALU, 2 LS slots) - Configurable v=c guard via `vc_guard_override` parameter - Benchmark comparison vs uniform random baseline - Integration proposal for perf_takehome.py (docstring) - `experiments/test_quasicrystal_phason_scheduler.py` — 13 tests covering constants, projection, v=c guard, reproducibility, density comparison, VLIW packing **Key API:** ```python from experiments.quasicrystal_phason_scheduler import quasicrystal_schedule # Default: 62 iterations (v=c guard) coord, density = quasicrystal_schedule(n_points=32, seed=42) # Override guard for longer runs coord, density = quasicrystal_schedule(n_points=32, iterations=1000, vc_guard_override=1000) ``` ## Verification / Testing - [x] `scripts/validate-bump.sh` passes locally (if bump.md changed) - [x] `scripts/validate-branch-name.sh` tested on example branches (if applicable) - [x] `bash scripts/verify-environment.sh` prints `ENV OK` - [x] `scripts/test-scripts.sh` passes (if scripts changed) - [x] All shell scripts pass shellcheck - [x] ATOM tag created and logged ## Claude Interaction You can interact with Claude in this PR by: - **@mentioning Claude** in comments for questions or reviews - **Adding labels**: `claude:review`, `claude:help`, `claude:analyze` - **Requesting reviews**: Claude will provide automated feedback - **Ask questions**: Claude can explain code, suggest improvements, or identify issues ### Example commands: - `@claude please review this PR for ATOM compliance` - `@claude explain the changes in scripts/atom-track.sh` - `@claude check for security issues` - `@claude suggest improvements` ## Notes - Sensitive logs must be redacted before sharing - Any change that allows production writes must be reviewed by a human - Follow the Five Core Principles (Visible State, Clear Intent, Natural Decomposition, Networked Learning, Measurable Delivery) ## Checklist - [x] ATOM tag created and referenced - [x] Tests passing (13/13) - [x] Documentation updated (integration proposal in docstring) - [x] No secrets committed - [x] Follows existing patterns - [x] Ready for Claude review <!-- START COPILOT CODING AGENT SUFFIX --> <!-- START COPILOT ORIGINAL PROMPT --> <details> <summary>Original prompt</summary> > https://github.com/toolate28/SpiralSafe/actions/runs/21258677293# experiments/quasicrystal_phason_scheduler.py > # Standalone quasicrystal scheduler prototype — golden Penrose coordinates + phason flips > # No taint from main kernel — pure first-principles implementation > > import math > import numpy as np > import random > > PHI = (1 + math.sqrt(5)) / 2 # Golden ratio > GOLDEN_ANGLE = 2 * math.pi / PHI**2 # ≈137.5° in radians > EPSILON = 0.00055 # Coherence seed > > def penrose_project(n_points: int) -> np.ndarray: > """5D → 2D Penrose coordinates via cut-and-project""" > theta = np.arange(5) * 2 * math.pi / 5 > u = np.cos(theta) > v = np.sin(theta) > points = [] > for i in range(-n_points//2, n_points//2 + 1): > for j in range(-n_points//2, n_points//2 + 1): > coord = i * u + j * v > points.append(coord[:2]) > return np.array(points) > > def objective(coords: np.ndarray) -> float: > """Proxy objective: negative average bundle density (higher = better)""" > # Simplified model: assume 12 ALU, 6 VALU, 2 load/store slots > # Each "point" represents a potential op placement in bundle space > # Density = how many ops fit without conflict > # For demo: inverse distance to ideal golden packing > distances = np.linalg.norm(coords - np.mean(coords, axis=0), axis=1) > density = 1 / (np.mean(distances) + 1e-6) # Higher when clustered aperiodically > return -density # Minimize negative density = maximize density > > def phason_flip(coords: np.ndarray, values: np.ndarray, it: int): > """Golden phason flip with Fibonacci-strided propagation""" > i = random.randint(0, len(coords) - 1) > > # Golden angle rotation + Fibonacci scale mutation > angle = GOLDEN_ANGLE * it > scale = PHI ** (it % 8) * 0.1 # Fib-modulated scale > delta = np.array([math.cos(angle), math.sin(angle)]) * scale > new_coord = coords[i] + delta > > new_val = objective(new_coord) > gain = values[i] - new_val # Positive gain = improvement > > # Acceptance with ε-weighted exponential > prob = EPSILON * math.exp(gain / PHI**2) > if gain > 0 or random.random() < prob: > coords[i] = new_coord > values[i] = new_val > > def quasicrystal_schedule(n_points=500, iterations=1000): > """Full quasicrystal scheduling optimizer""" > coords = penrose_project(n_points) > values = np.array([objective(c) for c in coords]) > > best_val = float('inf') > best_coord = None > > for it in range(iterations): > if it > 62: > raise RuntimeError("v=c boundary guarded — coherence collapse prevented") > > phason_flip(coords, values, it) > > current_best = values.min() > if current_best < best_val: > best_val = current_best > best_idx = np.argmin(values) > best_coord = coords[best_idx] > > if it % 50 == 0: > print(f"Iter {it}/{iterations} | Best density: {-best_val:.4f}") > > return best_coord, -best_val # Return best coord + positive density > > if __name__ == "__main__": > coord, density = quasicrystal_schedule() > print(f"Best coordinate: {coord}") > print(f"Achieved density: {density:.4f}") > Next steering move (your call): > > Run it standalone → check density improvement vs uniform random baseline. > Add a simple test case that simulates a small VLIW bundle packing problem. > Propose how to integrate the best coordinate into perf_takehome.py scheduling order. (most recent sessions /commits/PRs/repos) in order of prioriorty, starting wth the open PRs and the Anthropic take home test </details> <!-- START COPILOT CODING AGENT TIPS --> --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: toolated <toolated@toolated.online>
Bumps [sympy](https://github.com/sympy/sympy) from 1.12 to 1.14.0. - [Release notes](https://github.com/sympy/sympy/releases) - [Commits](sympy/sympy@sympy-1.12...sympy-1.14.0) --- updated-dependencies: - dependency-name: sympy dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.5.0 to 2.12.5. - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.5.0...v2.12.5) --- updated-dependencies: - dependency-name: pydantic dependency-version: 2.12.5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: toolate28 <105518313+toolate28@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a comprehensive testing priority checklist and policy document for the project, establishing clear requirements for test coverage, implementation gap handling, and phased test suite development. It also adds a new subproject reference.
Testing policy and coverage requirements:
docs/TESTING_PRIORITY_CHECKLIST.md, detailing a phased approach to test suite coverage, prioritization, and gap remediation, with explicit blocking rules for missing or low-coverage test suites.coherence-mcptool to validate test quality and coverage, including command-line examples for validation and coverage reporting.Subproject management:
test-subjectssubmodule to commit61976a2ac4f0d7b5149f3d183ccf00790237f44d.name: Pull request templateabout: Use this template for PRs that add CI, bump templates, or agent-facing files
title: ''
labels: ''
assignees: ''
Summary
Describe the change in 1-2 sentences.
ATOM Tag
ATOM:
ATOM-TYPE-YYYYMMDD-NNN-description(Generate with:
./scripts/atom-track.sh TYPE "description" "file")Why
Why this change is needed and what it enables.
What changed
Verification / Testing
scripts/validate-bump.shpasses locally (if bump.md changed)scripts/validate-branch-name.shtested on example branches (if applicable)bash scripts/verify-environment.shprintsENV OKscripts/test-scripts.shpasses (if scripts changed)Claude Interaction
You can interact with Claude in this PR by:
claude:review,claude:help,claude:analyzeExample commands:
@claude please review this PR for ATOM compliance@claude explain the changes in scripts/atom-track.sh@claude check for security issues@claude suggest improvementsNotes