The reasoning_cid was computed via SHA-256 but immediately discarded
(`let _ = reasoning_cid`). Remove the dead hash computation and the
now-unused sha2 import.
Ref: cid-reconciliation-audit.md Site 5
Signed-off-by: Tyler King <tking@guildhouse.dev>
The governed playbook runner now:
1. Requests an AC from the GSAP broker before execution
2. Validates corpus CID + parameters CID + single-use
3. Executes the ansible playbook (unchanged)
4. Posts a Completion Receipt to the broker after execution
Environment variables:
GSAP_BROKER_URL — Capstone broker endpoint
GSAP_BEARER_TOKEN — JWT for broker auth
GSAP_DRIVER_ID — identity driver (default: keycloak-guildhouse)
GSAP_ACCORD_TEMPLATE — accord template (default: from GUILDHOUSE_ACCORD)
GSAP_SESSION_DIR — local session state directory
Self-authorized mode:
If GSAP_BROKER_URL not set, execution proceeds without AC/CR.
Valid for development (GSAP §1.3). Not for production.
Error handling:
ElevationRequired → shows activation instructions, aborts
Denied → shows reason, aborts
CorpusMismatch → shows CID diff, aborts
CR delivery failure → stores locally, warns, does not abort
4/4 gsap_client unit tests passing.
Build clean with zero errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implements the shell side of GCAP-SPEC-SHELLBOUND-BROKER-0001.
The broker (Capstone) issues ACs. This module consumes them.
GsapClient:
authorize() — request AC, validate R-20/R-22/R-23/R-24
complete() — post CR with 3x retry (R-29)
ConsumedContextRegistry:
Filesystem-based replay prevention (R-22)
4/4 unit tests passing:
test_corpus_mismatch, test_params_modified,
test_replay_rejected, test_valid_ac
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
