Skip to content

docs(adr): 0020 addenda — ratify JEF-263 TOFU baseline eviction + 24h established#138

Merged
thejefflarson merged 1 commit into
mainfrom
docs/adr-0020-jef263-addenda
Jul 1, 2026
Merged

docs(adr): 0020 addenda — ratify JEF-263 TOFU baseline eviction + 24h established#138
thejefflarson merged 1 commit into
mainfrom
docs/adr-0020-jef263-addenda

Conversation

@thejefflarson

Copy link
Copy Markdown
Owner

Ratifies and records the two ADR-0020 implementation addenda from #136 (JEF-263, durable per-repo TOFU signing baseline), which the engineer documented in-code and flagged for architect ratification during INTEGRATE.

  1. Eviction = per-pass full-state journal compaction (a live baseline never ages out of the rotation window) + a bounded in-memory store (DEFAULT_MAX_REPOS) that evicts non-established entries first. Full (not change-only) compaction is load-bearing — the negative-control test proves a write-once line ages out.
  2. established = 24h wall-clock age from first_seen, not a digest/observation count an attacker could inflate by burst-pushing. Monotonic; needs no extra durable state.

Also records the monitor-only follow-up: per-pass full compaction shares the single journal with breach/admission lines and raises their rotation pressure — bounded and acceptable now, revisit change-only/segmented journal at large scale.

Docs-only; no code change.

🤖 Generated with Claude Code

https://claude.ai/code/session_01VtjoJttCvBY4dzCoE4f9vP

… established

Records the two implementation decisions the durable per-repo signing baseline
(#136) required: (1) eviction = per-pass full-state journal compaction + a bounded
in-memory store that evicts non-established entries first; (2) `established` = 24h
wall-clock age from first_seen, not a digest count an attacker could inflate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01VtjoJttCvBY4dzCoE4f9vP
@thejefflarson thejefflarson merged commit 88acaf8 into main Jul 1, 2026
1 of 2 checks passed
@thejefflarson thejefflarson deleted the docs/adr-0020-jef263-addenda branch July 1, 2026 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant