Skip to content

Ophamin status — 2026-05-19

Audience: the owner + any future Claude session picking up autonomous work on Ophamin. Pinned at the close of the 0.16.0 → 0.49.2 autonomous-loop campaign (full evening + extended late- evening session 2026-05-19, 34-release sweep including the sequentialthinking-driven 4-step sequential plan and the 4-lead-pick lead-mode arc that closed the supply-chain trilogy).

Read this first if you're a Claude session resuming work on this repo — it explains what was just plugged, what each piece is for, and what's still open in concrete terms.

In one paragraph

Ophamin lets Kimera-SWM publish empirical claims as signed proof records that any external reviewer can verify in under a minute, regardless of their tech stack. The 0.16.0 → 0.49.2 arc closed every framework-internal piece needed for academic publication AND extended Ophamin's reach across the research-engineering ecosystem: eight interop layers ship (wire-format Rust + JS + MCP + HTTP + CloudEvents + OTel + in-toto/DSSE + RO-Crate 1.2 + OpenLineage 2.0), a JOSS-ready methods paper with CI-validated build, 6 per-proof-family reproducer docs covering all 17 shipped Kimera-side proofs, the substrate-side §7-staleness fix, Tier-4 dev-tooling (pre-commit hygiene + Windows CI matrix + Docker GHCR with cosign + Helm chart on GHCR with cosign + Pod Disruption Budget + NetworkPolicy + helm test hooks), the full supply-chain trilogy (image signature + CycloneDX SBOM attestation + SLSA v1.0 build-provenance attestation, all Sigstore-keyless + in Rekor), a live benchmark dashboard on GitHub Pages, and a Tier-2 design proposal for a slim verify-only ophamin-client install path awaiting owner pick. 400+ new hardening pins added this session, 0 substrate regressions, every signing pipeline self-verifies in the same CI run as the publish. What's left is real-world activation — owner-physical steps: ORCID iD, Zenodo deposit, JOSS submission, PyPI trusted-publisher activation. The framework is ready; the public footprint isn't yet activated.

What Ophamin is for

Ophamin is the observatory around Kimera-SWM. The substrate (Kimera) does cognition; Ophamin envelops it, senses what's happening, and returns signed, content-addressed, falsifiable artefacts that survive review, replay, and cross-machine verification.

The framework's value proposition is the seam between "what was run" and "what was claimed". Without Ophamin, Kimera's empirical findings are paragraphs of prose backed by tarballs of logs. With Ophamin, every finding is a 9-section signed proof record that:

  • Pre-registers the falsifiable claim as a five-tuple before the run starts.
  • Computes the verdict mechanically (Threshold.decide(observed)), not by experimenter discretion.
  • HMAC-SHA256-signs the canonical body so the artefact is tamper-evident.
  • Verifies byte-identically across Python, Rust, and JavaScript ports per the normative wire-format spec in SCHEMAS.md.

The discipline produces VALIDATED, REFUTED, and INCONCLUSIVE records honestly — REFUTED proofs ship alongside VALIDATED ones because both are real empirical outcomes.

What we plugged (chronological, since 0.16.0)

The owner's directive was "it's an interoperable platform" + "Lead" + (later) "Proceed with caution on everything" + "Lead for the best of Ophamin". The arc that landed:

1. Five interop layers (0.16.0 → 0.21.0)

Layer Shipped at Purpose
Wire-format Rust port (read) 0.16.0 Non-Python systems verify byte-identically
MCP server 0.17.0 AI agents (Claude Code / Cursor / Cline) drive Ophamin
HTTP REST API 0.18.0 Service-style consumers (K8s, curl, browsers)
CloudEvents 1.0 wrapper 0.19.0 Event-stream routing (Kafka, EventBridge, NATS, Knative)
OpenTelemetry instrumentation 0.20.0 Any OTel backend (Jaeger / Datadog / Prometheus / etc.)
Wire-format ports (write side) 0.21.0 Rust + JS can EMIT records, not just verify

All five layers wrap the same ophamin.interfaces._impls implementations — behavioural drift between transports is structurally impossible.

2. Publication scaffolding (0.22.0 → 0.27.1)

Release Closure
0.22.0 Owner-prep refresh: CITATION.cff, .zenodo.json, docs/REPRODUCING.md
0.23.0 Paper update + consolidated docs/INTEROP_OVERVIEW.md
0.24.0 Fixture corpus extended 3 → 5; end-to-end multi-layer test (test_interop_endtoend.py)
0.24.1 mkdocs strict-mode link rewrites
0.24.2 Elevation roadmap absorbed 0.17.0 → 0.24.1
0.24.3 Stale-fact-class cleanup (scenario count 19 → 32, wheel count 3 → 6)
0.25.0 4 Python interop walkthroughs (examples/walkthrough_*.py)
0.25.1 STABILITY.md interop-layer absorption
0.25.2 getting-started/{install,reading-a-proof}.md updated for non-Python paths
0.25.3 CHANGELOG include-path link fix
0.26.0 Cross-language port examples (Rust cargo run --example + JS npm run example:*)
0.26.1 Clippy fix + INTEROP_OVERVIEW runnable-examples table
0.27.0 Zenodo deposit workflow (docs/ZENODO_DEPOSIT_WORKFLOW.md) + paper submission-readiness scaffolding
0.27.1 paper-build CI smoke test (paper.yml via Open Journals inara)

3. Reproducer infrastructure for Kimera proofs (0.28.0 → 0.31.0)

Release Closure
0.28.0 First per-family reproducer doc: proofs/REPRODUCERS/immune_siege.md + Tier-2 §7-staleness proposal
0.29.0 Partial Option-C: Scenario.runner_path opt-in (6 hand-rolled-runner scenarios). CI failed on a corpus-dep test.
0.30.0 Full R1 refactor: _build_reproduction_command() helper + 26-site refactor → §7 staleness CLOSED across all 32 scenarios. 0.29.0 CI-fail recovery.
0.31.0 5 more reproducer docs (throughput, organizational, logic_topology, rosetta, philosophical) → RFC 0002 E3 closes 6/6

4. Session handoff + research grounding (0.32.0)

Release Closure
0.32.0 docs/STATUS_2026_05_19.md durable session-state pin + docs/TOOL_LANDSCAPE_2026_05_19.md (377-line OSS research across 8 categories, criticality tiers 1-4, 18 cited 2026 web sources). Triggered by owner directive "pin what remain for future sessions ... search the best tools for different scenarios from multiple fields ... including critical mission environments, civil, professional and military grade"

5. Tier-4 dev-tooling (0.33.0 → 0.35.1) — evening session 2026-05-19

Release Closure
0.33.0 Tier-4 dev-tool #1: .pre-commit-config.yaml with 13 file-shape hygiene hooks. Comprehensive exclude: block protects byte-precise files (tests/canonical_form/*.canonical.bytes, proofs/, audits/, sbom/). Ruff deliberately omitted (213-lint baseline preserved).
0.33.1 Tier-4 dev-tool #2: Windows CI matrix entry, experimental: true + continue-on-error: true advisory mode. First run: macOS + Ubuntu 3.12/3.13 green; Windows fails at pip install -e .[dev] (known followup; advisory).
0.34.0 Tier-4 dev-tool #3: .github/workflows/docker.yml multi-arch (linux/amd64 + linux/arm64) GHCR publishing on v* tag push + main push. First run FAILED on ghcr.io/IdirBenSlama/Ophamin:buildcache — Docker registry refs must be lowercase.
0.35.1 Docker workflow lowercase fix — new "Compute lowercase image name" step using bash ${VAR,,} parameter expansion. Validates via concurrency-permitted next run.

6. Tier-1 strategic interop trilogy (0.35.0 → 0.37.0) — evening session 2026-05-19

The headline ships of the evening. Each layer multiplies Ophamin's footprint into a different downstream ecosystem.

Release Layer What it unlocks
0.35.0 Tier-1 #1: in-toto Attestation Framework v1 (ITE-6) + DSSE envelope Sigstore / SLSA / Rekor / cosign / policy-controller / slsa-verifier — the entire supply-chain attestation ecosystem. Statement subject digest IS proof_id; predicate carries the full proof body + HMAC signature. DSSE envelope = two-layer trust (outer DSSE key + inner Ophamin key may differ). 44 hardening pins.
0.36.0 Tier-1 #2: RO-Crate 1.2 (Research Object Crate, JSON-LD + schema.org) Zenodo (DOI minting) / Galaxy / WorkflowHub / Apache Jena / any FAIR-data-aware infrastructure. Maps 9 Ophamin sections into schema.org vocabulary (Dataset, File, SoftwareApplication, AssessAction, SoftwareSourceCode). 48 hardening pins.
0.37.0 Tier-1 #3: OpenLineage 2.0 RunEvent emitter Apache Airflow / dbt / Apache Spark / Apache Flink / Marquez / Astronomer — the CNCF-incubating data-pipeline lineage ecosystem. Deterministic UUIDv5 runId from proof_id; REFUTED→COMPLETE (NOT FAIL — load-bearing distinction); ophamin_claim + ophamin_verdict custom facets. 42 hardening pins.

Tier-1 trilogy total: 134 hardening pins across 3 new modules (~970 LOC of substrate code), 8 interop layers total, zero behavioural drift between layers (all wrap ophamin.interfaces._impls).

7. Tier-1 + Tier-4 follow-ons (0.38.0 → 0.41.0) — evening session 2026-05-19

After the Tier-1 trilogy landed, the natural follow-ons shipped in the same session:

Release Closure
0.38.0 Tier-1 #2 follow-on: write_ro_crate(proof, output_dir, …) — convenience wrapper that writes a complete self-describing crate directory to disk in one call. Caller gets proof.json + ro-crate-metadata.json ready for Zenodo upload. Safety: refuses to overwrite without explicit overwrite=True; refuses to replace a FILE with a directory; validates filename BEFORE filesystem mutation. 19 new hardening pins (67 total RO-Crate).
0.39.0 Tier-1 #3 follow-on: OpenLineage START + RUNNING + COMPLETE / FAIL streaming events. New 5-function API (new_run_id, to_openlineage_start_event, to_openlineage_running_event, to_openlineage_complete_event, to_openlineage_fail_event) for long-running Ophamin campaigns. Caller-managed run_id (UUIDv4) ties events together. REFUTED → COMPLETE (NOT FAIL) preserved across both paths. 38 new hardening pins (80 total OpenLineage).
0.40.0 Tier-4 follow-on: Helm chart at charts/ophamin/ for K8s deployment. Renders both HTTP REST + (optional) MCP surfaces. helm install oci://ghcr.io/idirbenslama/ophamin after 0.41.0's chart-publish workflow runs. Safety: runAsNonRoot, allowPrivilegeEscalation:false, drop ALL caps; probes at /health. 46 new hardening pins validate chart structure without requiring the helm binary in CI (parses YAML, checks template files present, pins image repo + selectors + probe paths).
0.41.0 Tier-4 follow-on: chart.yml workflow publishes the Helm chart to GHCR as an OCI artifact. helm lint + 3 helm template smoke-test runs catch schema-level chart errors per-PR (the structural Python tests don't see these). Empirically validated on first push: both jobs landed green — chart now installable from oci://ghcr.io/idirbenslama/ophamin.

0.38.0 → 0.41.0 stats: 4 releases, 103 new hardening pins, 275/275 total tests passing, both Docker GHCR and Helm chart GHCR publish chains validated end-to-end. No substrate regressions.

Cumulative session arc (0.33.0 → 0.41.0, evening of 2026-05-19): 11 releases, ~280 new hardening pins, ~1700 LOC of substrate + chart + test code added, 8 interop layers in production, 2 published GHCR artifacts (Docker image + Helm chart), 0 substrate regressions.

8. Sequential plan (0.42.0 → 0.45.0) — sequentialthinking-driven cosign + slim-client + bench dashboard + chart polish

Owner directive "proceed systematically in sequence, sequentialthinking" produced a 4-step plan executed in order, each step fully validated before the next:

Release Closure
0.42.0 Sequential step 1: cosign + Sigstore keyless signing for BOTH Docker image AND Helm chart. docs/SUPPLY_CHAIN.md (~250 lines) ships with verify recipes + K8s policy-controller example. Both first runs green.
0.43.0 Sequential step 2: Tier-2 proposal docs/proposals/SLIM_OPHAMIN_CLIENT.md (~280 lines) documenting 4 design options (A/B/C/D) for a slim verify-only ophamin-client install path. Empirical finding: every slim-target module imports ZERO heavy deps. Owner pick needed before implementation.
0.44.00.44.1 Sequential step 3: public bench dashboard at https://idirbenslama.github.io/Ophamin/bench/. Pure-stdlib renderer + cross-workflow gh run download flow + 27 hardening pins. 0.44.0 first run found pytest-benchmark 5.x file: URI parser issue (silent empty bench-results artifact for past releases); 0.44.1 fix validated end-to-end.
0.45.0 Sequential step 4: Helm chart polish — NetworkPolicy (opt-in, for strict-default-deny clusters) + helm test Pod that curls /health post-install. +13 new hardening pins (59 total). Chart workflow on 0.45.0 green on first try.

9. Lead-mode picks (0.46.0 → 0.49.2) — supply-chain trilogy

Owner directive "Lead" — agent picks highest-leverage open items. Four picks closed sequentially; each empirically validated end-to-end:

Release Closure
0.46.00.46.1 Lead pick 1: cosign self-verify steps in both publish workflows. After every cosign sign, immediately runs cosign verify with the same identity-regex consumers would use externally. CI fails LOUD on signing-pipeline drift in the same run. 0.46.0 first run caught my own jq syntax bug (docker-reference hyphen quirk); 0.46.1 fixed via bracket-string access. Both workflows then validated.
0.47.0 Lead pick 2: Pod Disruption Budget chart templates (HTTP + MCP, separate per Deployment). policy/v1 apiVersion (not deprecated v1beta1); minAvailable XOR maxUnavailable enforced at template time via helm fail; safe-default minAvailable: 1. +12 new hardening pins (71 total). chart.yml workflow extended with 3 PDB opt-in smoke tests — all green on first try.
0.48.0 Lead pick 3: CycloneDX SBOM cosign attestation for every published Docker image. Three new steps in docker.yml: anchore/sbom-action@v0 (syft scans the published multi-arch image) → cosign attest --type cyclonedx (in-toto Statement v1 with CycloneDX predicate) → cosign verify-attestation --type cyclonedx (self-verify). SUPPLY_CHAIN.md gets the verify recipe + K8s admission policy example. Docker workflow green on first try.
0.49.00.49.10.49.2 Lead pick 4: SLSA v1.0 build-provenance attestation. Uses GitHub's native actions/attest-build-provenance@v2. Closes the supply-chain trilogy: signature + SBOM + SLSA. Three iterations on the self-verify (each iteration's failure was caught by the mechanism it was building, exactly as the 0.46.0 self-verify pattern was designed to do): 0.49.0 tried cosign verify-attestation --type slsaprovenance1 → wrong-tool for the bundle format → 0.49.1 switched to gh attestation verify → TTY-detection silent-success caught → 0.49.2 added --format jsonchain validated end-to-end.

Supply-chain trilogy fully operational — every published Docker image at ghcr.io/idirbenslama/ophamin now carries:

  1. Image signature (0.42.0) — "this digest was published by our workflow"
  2. CycloneDX SBOM attestation (0.48.0) — "this is what's inside" (200+ packages, base layer + pip deps, image-level syft scan)
  3. SLSA v1.0 provenance attestation (0.49.x) — "this is how it was built" (workflow URL + commit SHA + builder ID + invocation metadata)

All three are independent Sigstore-keyless attestations, all in Rekor, all verifiable via cosign verify / cosign verify-attestation / gh attestation verify. Full consumer recipes in docs/SUPPLY_CHAIN.md.

10. Mandatory SonarQube stack for Kimera-SWM (0.50.0) — owner directive

Owner: "add to Ophamin, a proper SonarQube instance, running for kimera swm. Make it mandatory. Docker available and running properly."

Release Closure
0.50.0 sonar/docker-compose.yml (SonarQube CE 26.5.0.122743 + PostgreSQL 16-alpine, 4 named ophamin_-prefixed volumes), sonar/sonar-project.kimera-swm.properties (scanner template targeting kimera_swm/ source tree + tests/, with extensive exclusions), scripts/sonar_{up,scan,down}.sh (3 executable helpers with idempotent up + scan via Dockerized scanner + safe-by-default down preserving volumes). docs/SONARQUBE.md (~250 lines documenting the mandatory integration). 44 new hardening pins in tests/test_sonar_setup.py. Empirically validated end-to-end on the dev machine: SonarQube reaches healthy in ~30s after fixes; curl /api/system/status returns {"status":"UP","version":"26.5.0.122743"}. 4 empirical bugs fixed during the ship (image tag drift; ES bootstrap-check Xms==Xmx; healthcheck tool wget→curl; shell-precedence in REPO_ROOT fallback).

Why "mandatory": SonarQube fills the gap between Ophamin's Tier-1 interop layers (which carry empirical-measurement signed claims) and the auditing wheel's per-PR linters (ruff / bandit / mypy / pip-audit). It surfaces project-level code-quality history + SAST trend tracking + quality-gate enforcement that the per-PR linters can't provide. It's the 9th observability surface Ophamin ships, alongside the 8 interop layers.

Cumulative session-wide stats (0.16.0 → 0.50.0 — final pin)

  • 35 releases shipped (incl. patch releases for empirical fixes)
  • 8 interop layers in production (Rust + JS wire-format + MCP + HTTP + CloudEvents + OTel + in-toto + RO-Crate + OpenLineage)
  • 3 GHCR artifacts all with cosign signatures + 1 with SBOM + 1 with SLSA provenance attestation
  • 1 mandatory SonarQube Docker stack — empirically validated, ready for Kimera-SWM analysis
  • 1 live benchmark dashboard at https://idirbenslama.github.io/Ophamin/bench/
  • 1 Tier-2 design proposal queued for owner pick (slim ophamin-client)
  • 440+ new hardening pins added this session
  • 0 substrate regressions
  • Every published artifact's signing pipeline is self-verifying — CI failures catch drift in the same run as the publish, not later when an external consumer hits it
  • Every Docker-based deliverable empirically validated — SonarQube stack reached healthy on the dev machine, all four bugs caught + fixed in the same session

What this is for, in plain terms

The 32 registered scenarios in Ophamin's measuring/scenarios/ each binds one falsifiable claim about a substrate to one real corpus. Kimera is the substrate the framework was built to observe; Mock is a stand-in for tests + dev.

So far, Ophamin has produced 17 signed proofs against Kimera-SWM across 6 scientific-tier scenario families. Six load-bearing empirical findings these proofs surface:

  1. GWF FP rate ≤ 10 % — VALIDATED (immune_siege entity-target, 3 commits). Kimera's full defense stack stays under the architectural false-positive ceiling.
  2. GWF in isolation is over-aggressive — REFUTED (immune_siege gwf-direct, 4 commits). Bypassing Takwin's pipeline, GWF blocks 100 % of everything. The Takwin pipeline does real cognitive calibration.
  3. Dissonance fires reliably on benign email — VALIDATED (organizational_dissonance, 2 commits, 96-97 %). Kimera's dissonance machinery is on under load.
  4. Walker collapses on technical text — REFUTED (logic_topology_siege, 2 commits, ~40 % vs 60 % threshold). amplitude_death fires on ~28 % of Linux-kernel-commit cycles. Real engineering signal.
  5. Rosetta universal-semantic-address fails at K=10 languages — REFUTED (rosetta_scaling, 0/20 groups all-agree). The most load-bearing single REFUTATION in the corpus; directly contradicts a flagship Kimera cognitive property.
  6. Substrate does NOT differentiate self-referential content — REFUTED (philosophical_self_reference, Cohen's d = −0.359 — wrong direction). Kimera processes neutral Enron email with more dissonance than text describing its own primitives.

Plus engineering claims: p95 cycle wall-time ≤ 4 s VALIDATED; 50K-cycle projection completes in ≤ 4 h VALIDATED.

Without the framework's discipline, several of these would have been quietly missed. The Rosetta REFUTATION especially — it requires an honest 80 %-at-K=10 threshold pinned before the run, not a post-hoc reframing.

The 6 per-family reproducer docs under proofs/REPRODUCERS/ walk an external reviewer through verify / re-run / spot-check / cross-proof-diff for each scenario family. That makes the Kimera empirical record independently checkable by anyone who can clone the repo and run pytest, not just by the owner.

What's pinned for future sessions

Owner-physical (cannot proceed without owner action)

  1. ORCID iD (~5 min) — register at https://orcid.org/register. Then update placeholder in three files: CITATION.cff line 10, paper/paper.md line 12, and .zenodo.json (add to creator block).
  2. Zenodo deposit + DOI — follow docs/ZENODO_DEPOSIT_WORKFLOW.md. Four-step concrete sequence; .zenodo.json metadata already complete. Total ~10 min.
  3. Paper submission — pick JOSS / SoftwareX / JMLR-OSS, then submit at https://joss.theoj.org/papers/new. Paper draft is at paper/paper.md (JOSS-ready, paper-build CI passes).
  4. PyPI Trusted Publisher activation — owner step at https://pypi.org/manage/account/publishing/ per release.yml's embedded instructions.
  5. crates.io + npmjs publish — wire-format ports both ship in source-tree only today; not on package registries. Would need owner credentials.
  6. conda-forge — needs a conda-forge maintainer account for the recipe submission.

Autonomous-doable (a future Claude session can land these)

The full elevation roadmap is in ELEVATION_ROADMAP_2026_05_16.md §8.5. Items shipped in the evening-of-2026-05-19 session are marked ✅; items still open are unchecked.

Item Effort Status Why useful
Windows CI matrix small ✅ shipped 0.33.1 (advisory experimental: true) Catches platform-specific Python issues
Docker image GHCR publish workflow ~30 LOC ✅ shipped 0.34.0 + lowercase fix 0.35.1 Operators wanting ophamin http serve in K8s don't have to build locally
.pre-commit-config.yaml ~50 LOC ✅ shipped 0.33.0 (13 hygiene hooks; exclude block protects byte-precise files) pymc / scikit-learn / mlflow all ship one; dev-experience parity
in-toto Attestation wrapper (Tier-1 #1) ~370 LOC + 44 tests ✅ shipped 0.35.0 Sigstore / SLSA / Rekor / cosign / policy-controller ecosystem
RO-Crate 1.2 wrapper (Tier-1 #2) ~310 LOC + 48 tests ✅ shipped 0.36.0 Zenodo (DOI minting) / Galaxy / WorkflowHub / FAIR-data infra
OpenLineage 2.0 emitter (Tier-1 #3) ~290 LOC + 42 tests ✅ shipped 0.37.0 Airflow / dbt / Spark / Flink / Marquez (CNCF data-pipeline lineage)
Slim ophamin-client package ~100 LOC + new package layout proposal at docs/proposals/SLIM_OPHAMIN_CLIENT.md (0.43.0) — needs owner pick of options A/B/C/D Downstream consumers don't need full statsmodels / pymc / numpyro to call HTTP API. Empirical finding: every slim-target module already imports ZERO heavy deps; 500 MB install is entirely from declared deps, not actual imports
Round-trip cross-language walkthrough ~150 LOC open Demonstrates Rust emit → JS verify → CloudEvents → Python consume end-to-end
Helm chart / K8s manifests ~100 LOC YAML open For deploying ophamin http serve + ophamin mcp serve
RO-Crate physical directory writer ~50 LOC open Convenience: takes proof + output dir → physical crate dir ready for Zenodo upload
OpenLineage START + RUNNING + COMPLETE event sequencing ~100 LOC open For live integration with long-running Ophamin campaigns
R port ophamin-proof multi-week open R is the lingua franca of stat methodology; would dramatically widen reach
Streaming proof writes (checkpointable records) architectural open Kimera's 4-hour autonomous campaigns lose all data on crash today; addressable but big design call
Public benchmark dashboard small open bench.yml runs every push but results don't persist anywhere visible

Mid-flight at session close (evening 2026-05-19, extended)

  • Docker GHCR multi-arch publish empirically validated (0.37.0 + 0.40.0 runs both completed all 13 steps green). The image ghcr.io/idirbenslama/ophamin:main is published for both linux/amd64 and linux/arm64, cosign-signed via Sigstore keyless (0.42.0).
  • Helm chart GHCR publish empirically validated (0.41.0 chart workflow ran helm-lint + publish jobs, both green on first run). The chart at oci://ghcr.io/idirbenslama/ophamin is now installable AND cosign-signed via Sigstore keyless (0.42.0).
  • Bench dashboard empirically validated (0.44.1 fixed the pytest-benchmark 5.x URI parser issue; cross-workflow artifact flow now works end-to-end — bench.yml produces the bench-dashboard artifact, docs.yml fetches it via gh run download, mkdocs publishes it under https://idirbenslama.github.io/Ophamin/bench/).
  • Helm chart polish landed: NetworkPolicy (opt-in) + helm test Pod for post-install health check (0.45.0).
  • Session cumulative stats: 16 releases pushed (0.33.0 → 0.45.0); ~390 new hardening pins; 8 interop layers + 2 published GHCR artifacts (both cosign-signed) + 1 live benchmark dashboard on GitHub Pages; 0 substrate regressions.
  • All four "Tier" backlogs CLOSED:
  • Tier-1 trilogy + follow-ons (in-toto + RO-Crate + writer + OpenLineage + streaming events)
  • Tier-4 dev-tools (pre-commit + Windows CI + Docker + lowercase fix + Helm + chart-publish + cosign + chart polish)
  • Supply-chain (cosign keyless for both artifacts + docs/SUPPLY_CHAIN.md)
  • Visibility (bench dashboard at /bench/)
  • Open backlog tracked as Tier-2 proposal: slim ophamin-client design — docs/proposals/SLIM_OPHAMIN_CLIENT.md awaits owner pick of options A/B/C/D. Empirical finding: every slim-target module imports zero heavy deps.

How to bootstrap a new Claude session here

  1. Read this file first (you're already here).
  2. Then read docs/INTEROP_OVERVIEW.md for the 8-layer interop catalogue (what's reachable from outside Python).
  3. Then read paper/paper.md §Summary + §Statement of Need for what the framework is making a claim about.
  4. Skim proofs/REPRODUCERS/immune_siege.md for the template shape of the per-proof-family reproducer docs.
  5. Check git status + gh run list --limit 5 for in-flight state.

The 0.16.0 → 0.31.0 campaign was doc-rich + substrate-light. The only substrate change in that arc was the _build_reproduction_command() helper + 32 scenario-class updates (0.29.0 + 0.30.0).

The evening-of-2026-05-19 extension (0.33.0 → 0.37.0) was substrate-extending — three new ~300-LOC modules under src/ophamin/interop/ (in_toto.py, ro_crate.py, openlineage.py), each with 40+ hardening pins, all wrapping the existing signed EmpiricalProofRecord shape without modifying it. The pattern is "add layer, not change core" — every new interop module is a one-way export that returns a structured dict; the proof itself is unchanged.

See also