proto: add identity-unit binding seam

[laynepenney]

Summary

• add a premium-owned identity -> workspace unit binding prototype
• show how one persistent agent can bind to different owner units across workspaces
• show how org reassignment compiles into a changed workspace-scoped unit view without moving identity logic into gr2
• document the seam in the prototype README

Boundary

• Premium owns persistent identity, org membership, workspace assignment, and reassignment
• gr2 consumes only the compiled workspace-scoped unit view
• agent_id is treated as an opaque identifier for attribution, not org resolution logic

Verification

• python3 -m py_compile gr2/prototypes/identity_unit_binding.py
• python3 gr2/prototypes/identity_unit_binding.py demo --json
• python3 gr2/prototypes/identity_unit_binding.py resolve-binding ws_synapt_core opus --json
• python3 gr2/prototypes/identity_unit_binding.py compile-workspace ws_synapt_core --scenario reassigned --json

[laynepenney]

Added seam 2 on top of the identity binding work.

What this prototype covers:

• org config + roles + entitlements compile into workspace-scoped constraints
• gr2 only sees compiled WorkspaceSpec fragments and unit constraints
• role-based repo access
• global edit lease cap
• policy update when a new repo is added mid-sprint
• entitlement downgrade that degrades one unit to OSS defaults without moving org logic into gr2

Verification:

• python3 -m py_compile gr2/prototypes/org_policy_compiler.py
• python3 gr2/prototypes/org_policy_compiler.py demo --json
• python3 gr2/prototypes/org_policy_compiler.py compile --scenario repo-update --json
• python3 gr2/prototypes/org_policy_compiler.py compile --scenario downgrade --json

[laynepenney]

Added seam 3 on top of the identity + compiler work.

What this prototype covers:

• indexes lane_events.jsonl into recall-friendly views
• query by lane, actor, repo, and time range
• self-contained demo-data generator so the seam can be exercised without external setup

Verification:

• python3 -m py_compile gr2/prototypes/recall_lane_history.py
• python3 gr2/prototypes/recall_lane_history.py demo-data /tmp/gr2-recall-demo
• python3 gr2/prototypes/recall_lane_history.py query /tmp/gr2-recall-demo --lane auth-refactor --json
• python3 gr2/prototypes/recall_lane_history.py query /tmp/gr2-recall-demo --actor agent:atlas --json
• python3 gr2/prototypes/recall_lane_history.py query /tmp/gr2-recall-demo --repo grip --json

[laynepenney]

Added the synthesis doc at gr2/docs/SYNAPT-INTEGRATION.md.

It covers:

• architecture overview for premium -> compile -> OSS data flow
• identity binding contract
• org/policy -> WorkspaceSpec compilation contract
• lane event -> recall pipeline
• channel bridge watcher model and outbox format
• explicit premium boundary rules

The doc references the prototype files as living examples and keeps the Premium/OSS boundary hard.

[laynepenney]

Added GAP 1 lane handoff prototype and stress result.

What changed:

• share-lane and plan-handoff --mode shared
• create-continuation-lane and plan-handoff --mode continuation
• new cross-mode stress scenario for agent-to-agent relay

Result:

• cross-unit shared-lane relay fails the unit-scoping invariant
• continuation lane holds the invariant cleanly
• conclusion: handoff should use continuation lanes with source linkage, not cross-unit shared working lanes

Verification:

• python3 -m py_compile gr2/prototypes/lane_workspace_prototype.py gr2/prototypes/cross_mode_lane_stress.py
• python3 gr2/prototypes/cross_mode_lane_stress.py --json

[laynepenney]

Added GAP 2 identity rebinding prototype and stress result.

What changed:

• rebind-unit command in the lane prototype
• old-unit rebind state recorded under .grip/state/rebindings/<old_unit>.json
• old lanes become frozen and old-unit exec planning is blocked
• active leases are force-released and logged during rebind
• new recovery path is continuation under the replacement unit

Result:

• active lanes do not migrate silently
• leases do not transfer; they are force-released
• lane event history records unit_rebind plus forced lease releases
• minimal safe contract from premium is explicit:
  • same agent_id continuity
  • explicit old -> new unit mapping
  • pending-reassignment hint recommended

Verification:

• python3 -m py_compile gr2/prototypes/lane_workspace_prototype.py gr2/prototypes/cross_mode_lane_stress.py
• python3 gr2/prototypes/cross_mode_lane_stress.py --json

[laynepenney]

GAP 3 is complete on atlas/gr2-identity-org.

What changed:

• workspace-wide max_concurrent_edit_leases_global enforcement in the lane prototype
• check-review-requirements command for repo/PR reviewer satisfaction
• cross_mode_lane_stress.py scenarios for:
  • global edit-lease cap across 3 units
  • required reviewer count at 0 / 1 / 2 review lanes
  • stale local force-break not bypassing the global cap
• gr2/docs/SYNAPT-INTEGRATION.md updated with the final invariants from:
  • GAP 1 handoff (continuation lanes, not cross-unit shared lanes)
  • GAP 2 identity rebind (freeze-and-continue)
  • GAP 3 workspace constraint enforcement (compiled policy enforced locally)

Verification:

• python3 -m py_compile gr2/prototypes/lane_workspace_prototype.py gr2/prototypes/cross_mode_lane_stress.py
• focused GAP 3 scenarios both returned holds
• full python3 gr2/prototypes/cross_mode_lane_stress.py --json returned holds for all scenarios, including:
  • global-edit-lease-cap
  • required-reviewers

Current GAP 3 conclusions:

• the workspace-wide edit cap must be enforced across all units, not just the requesting unit
• stale local leases can be broken, but that does not bypass workspace policy
• required reviewer counts can be enforced in OSS from compiled workspace constraints without importing premium org logic

Latest push: 0741f03 docs: codify gr2 lane invariants