hyf

Context-aware query service for Radroots
git clone https://radroots.dev/git/hyf.git
Log | Files | Refs | README | LICENSE
commit 71723e9e399b804ab66fed332a61b825b1ee4646
parent 05630274f1df46cbf0cc273364f51a44e41708e0
Author: triesap <tyson@radroots.org>
Date:   Thu,  9 Apr 2026 22:33:03 +0000

runtime: report hyf custody status truthfully

- align the hyf secret and protected-local-data status strings to the approved reserved posture
- expose configured and implemented custody signals without loading or creating identity material
- keep startup non-ambient while reporting configured-but-deferred state from canonical runtime paths
- extend stdio contract tests to prove unconfigured and configured deferred custody behavior

Diffstat:

Msrc/hyf_runtime/secrets.mojo | 20++++++++++++++++++--


Msrc/hyf_runtime/status.mojo | 14++++++++++++++


Mtests/test_stdio_contract.mojo | 99+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--


3 files changed, 129 insertions(+), 4 deletions(-)

diff --git a/src/hyf_runtime/secrets.mojo b/src/hyf_runtime/secrets.mojo
@@ -1,10 +1,12 @@
+from std.os.path import exists
+
 from hyf_runtime.paths import RuntimePaths, join_runtime_path
 
 
 # Runtime status posture only: do not load, create, wrap, or persist secrets here.
 comptime _DEFAULT_SECRET_BACKEND = "encrypted_file"
-comptime _SECRET_STORAGE_STATUS = "reserved_pending_shared_secret_storage"
-comptime _PROTECTED_LOCAL_DATA_STATUS = "reserved_pending_protected_store"
+comptime _SECRET_STORAGE_STATUS = "reserved"
+comptime _PROTECTED_LOCAL_DATA_STATUS = "reserved"
 
 
 def default_secret_backend_name() -> String:
@@ -27,14 +29,28 @@ def identity_material_created_by_startup() -> Bool:
     return False
 
 
+def identity_material_configured_for_runtime_paths(paths: RuntimePaths) -> Bool:
+    return exists(paths.identity_path)
+
+
 def protected_local_data_status_name() -> String:
     return _PROTECTED_LOCAL_DATA_STATUS
 
 
+def protected_local_data_support_implemented() -> Bool:
+    return False
+
+
 def protected_local_data_store_open() -> Bool:
     return False
 
 
+def protected_local_data_configured_for_runtime_paths(
+    paths: RuntimePaths,
+) raises -> Bool:
+    return exists(protected_local_data_dir_for_runtime_paths(paths))
+
+
 def protected_local_data_dir_for_runtime_paths(
     paths: RuntimePaths,
 ) raises -> String:
diff --git a/src/hyf_runtime/status.mojo b/src/hyf_runtime/status.mojo
@@ -6,9 +6,12 @@ from hyf_runtime.diagnostics import (
 )
 from hyf_runtime.secrets import (
     default_secret_backend_name,
+    identity_material_configured_for_runtime_paths,
     identity_material_created_by_startup,
     identity_material_loaded,
+    protected_local_data_configured_for_runtime_paths,
     protected_local_data_dir_for_runtime_paths,
+    protected_local_data_support_implemented,
     protected_local_data_status_name,
     protected_local_data_store_open,
     secret_storage_backend_implemented,
@@ -73,6 +76,10 @@ def _secret_storage_status_value(
         "identity_path", Value(String(context.paths.identity_path))
     )
     secret_storage.set(
+        "identity_material_configured",
+        Value(identity_material_configured_for_runtime_paths(context.paths)),
+    )
+    secret_storage.set(
         "identity_material_loaded", Value(identity_material_loaded())
     )
     secret_storage.set(
@@ -106,5 +113,12 @@ def _protected_local_data_status_value(
         "default_dir",
         Value(protected_local_data_dir_for_runtime_paths(context.paths)),
     )
+    protected_data.set(
+        "configured",
+        Value(protected_local_data_configured_for_runtime_paths(context.paths)),
+    )
+    protected_data.set(
+        "support_implemented", Value(protected_local_data_support_implemented())
+    )
     protected_data.set("store_open", Value(protected_local_data_store_open()))
     return protected_data^
diff --git a/tests/test_stdio_contract.mojo b/tests/test_stdio_contract.mojo
@@ -129,7 +129,7 @@ def test_status_reports_repo_local_runtime_truth() raises:
                     response["output"]["runtime"]["secret_storage"][
                         "status"
                     ].string_value(),
-                    "reserved_pending_shared_secret_storage",
+                    "reserved",
                 )
                 assert_equal(
                     response["output"]["runtime"]["secret_storage"][
@@ -139,6 +139,12 @@ def test_status_reports_repo_local_runtime_truth() raises:
                 )
                 assert_equal(
                     response["output"]["runtime"]["secret_storage"][
+                        "identity_material_configured"
+                    ].bool_value(),
+                    False,
+                )
+                assert_equal(
+                    response["output"]["runtime"]["secret_storage"][
                         "backend_implemented"
                     ].bool_value(),
                     False,
@@ -165,7 +171,7 @@ def test_status_reports_repo_local_runtime_truth() raises:
                     response["output"]["runtime"]["protected_local_data"][
                         "status"
                     ].string_value(),
-                    "reserved_pending_protected_store",
+                    "reserved",
                 )
                 assert_equal(
                     response["output"]["runtime"]["protected_local_data"][
@@ -175,6 +181,18 @@ def test_status_reports_repo_local_runtime_truth() raises:
                 )
                 assert_equal(
                     response["output"]["runtime"]["protected_local_data"][
+                        "configured"
+                    ].bool_value(),
+                    False,
+                )
+                assert_equal(
+                    response["output"]["runtime"]["protected_local_data"][
+                        "support_implemented"
+                    ].bool_value(),
+                    False,
+                )
+                assert_equal(
+                    response["output"]["runtime"]["protected_local_data"][
                         "store_open"
                     ].bool_value(),
                     False,
@@ -199,6 +217,83 @@ def test_status_reports_repo_local_runtime_truth() raises:
                 )
 
 
+def test_status_reports_configured_but_deferred_custody_truthfully() raises:
+    with TemporaryDirectory() as temp_dir:
+        var identity_dir = Path(temp_dir) / "secrets" / "services" / "hyf"
+        _ = std.os.makedirs(identity_dir.__fspath__(), exist_ok=True)
+        (identity_dir / "identity.secret.json").write_text(
+            "{\"configured\":\"test-only-placeholder\"}"
+        )
+
+        var protected_dir = (
+            Path(temp_dir) / "data" / "services" / "hyf" / "protected"
+        )
+        _ = std.os.makedirs(protected_dir.__fspath__(), exist_ok=True)
+
+        with ScopedEnvVar(HYF_PATHS_PROFILE_ENV, "repo_local"):
+            with ScopedEnvVar(HYF_PATHS_REPO_LOCAL_ROOT_ENV, temp_dir):
+                var response = run_stdio_entrypoint(
+                    "src/main.mojo",
+                    load_scenario_request_json("scenarios/status_ok.json"),
+                )
+
+                assert_equal(
+                    response["output"]["runtime"]["secret_storage"][
+                        "status"
+                    ].string_value(),
+                    "reserved",
+                )
+                assert_equal(
+                    response["output"]["runtime"]["secret_storage"][
+                        "backend_implemented"
+                    ].bool_value(),
+                    False,
+                )
+                assert_equal(
+                    response["output"]["runtime"]["secret_storage"][
+                        "identity_material_configured"
+                    ].bool_value(),
+                    True,
+                )
+                assert_equal(
+                    response["output"]["runtime"]["secret_storage"][
+                        "identity_material_loaded"
+                    ].bool_value(),
+                    False,
+                )
+                assert_equal(
+                    response["output"]["runtime"]["secret_storage"][
+                        "identity_material_created_by_startup"
+                    ].bool_value(),
+                    False,
+                )
+
+                assert_equal(
+                    response["output"]["runtime"]["protected_local_data"][
+                        "status"
+                    ].string_value(),
+                    "reserved",
+                )
+                assert_equal(
+                    response["output"]["runtime"]["protected_local_data"][
+                        "configured"
+                    ].bool_value(),
+                    True,
+                )
+                assert_equal(
+                    response["output"]["runtime"]["protected_local_data"][
+                        "support_implemented"
+                    ].bool_value(),
+                    False,
+                )
+                assert_equal(
+                    response["output"]["runtime"]["protected_local_data"][
+                        "store_open"
+                    ].bool_value(),
+                    False,
+                )
+
+
 def test_status_clears_repo_local_root_outside_repo_local_profile() raises:
     with TemporaryDirectory() as temp_dir:
         with ScopedEnvVar(HYF_PATHS_PROFILE_ENV, "interactive_user"):