feat: Phase 12e -- 8 new kernel primitives (dissent, recall, swarm, validator)

- canon.py: dissent_hash, dissent_resolution_chain_hash, context_reconstruction_hash,
  recall_scope_hash, local_dominance_hash, consensus_record_hash,
  swarm_inclusion_proof, validator_record_hash
- canon.py: run_self_test() extended with primitive smoke-tests (order-independence,
  position-tamper-evidence)
- standalone_verify.py: VECTOR_PACK_VERSION bumped 1.0.0 -> 1.1.0
- standalone_verify.py: 5 new standalone implementations (_sv_*) and 3 new
  suite handlers (dissent-hash, recall, swarm) added to _SUITE_RUNNERS
- generate_vectors.py: imports extended; VECTOR_PACK_VERSION 1.0.0 -> 1.1.0
- generate_vectors.py: 5 new conformance vectors (DIS-002, RECALL-001, RECALL-002,
  SWARM-001, SWARM-002) -- all extended profile
- AIEP-VECTORS v1.1.0: 9 core + 6 extended = 15 total -- 15/15 PASS AIEP-COMPLIANT

Author: Phatfella

scripts/generate_vectors.py

@@ -8,14 +8,14 @@
 Usage (from genome-sdk root, venv active):
     python scripts/generate_vectors.py [--output DIR]
 
-Default output: ../AIEP-VECTORS/v1.0.0/
+Default output: ../AIEP-VECTORS/v1.1.0/
 
 Generates:
-    9 core vectors + 1 extended vector (dissent-preservation)
+    9 core vectors + 6 extended vectors (dissent-preservation + Phase 12e primitives)
     MANIFEST.json, SHA256SUMS.txt, CANON_SPEC.md copy (with provenance header)
 
 Cross-check:
-    aiep-verify --vectors <OUTPUT>/v1.0.0/     # must report AIEP-COMPLIANT v1.0.0
+    aiep-verify --vectors <OUTPUT>/v1.1.0/     # must report AIEP-COMPLIANT v1.1.0
 """
 from __future__ import annotations
 
@@ -36,6 +36,11 @@
         concat_hash,
         pack_hash,
         negative_proof_hash,
+        dissent_hash,
+        context_reconstruction_hash,
+        recall_scope_hash,
+        consensus_record_hash,
+        swarm_inclusion_proof,
     )
 except ImportError as exc:
     print(f"ERROR: Cannot import kernel: {exc}", file=sys.stderr)
@@ -45,7 +50,7 @@
 KERNEL_VERSION      = "1.0.0"
 LOCKFILE_VERSION    = "1.0.0"
 CANON_SPEC_VERSION  = "1.0.0"
-VECTOR_PACK_VERSION = "1.0.0"
+VECTOR_PACK_VERSION = "1.1.0"
 SCHEMA_VERSION_ID   = "aiep.canonical.v2.0.0"
 CANON_BLOBSHA       = "3b100b43bf59ce6f6d35397e8c8c173a4447de5d"
 
@@ -357,7 +362,139 @@ def build_vectors() -> list:
                 "pack_hash_branch_LOW":  ph_low,
             },
         }),
-    ]
+        # ── Phase 12e: New kernel primitives ─────────────────────────────────────────
+        # These vectors verify the Phase 12e kernel primitives.
+        # profile=extended: verified by standalone_verify but not required for
+        # the AIEP-COMPLIANT verdict (which is a minimum bar for record verification).
+
+        ("dis-002.json", {
+            **_meta("dis-002", "dissent-hash",
+                    "P27: dissent_hash -- position field is tamper-evident "
+                    "(\"reject\" neq \"archive\" over same inputs)",
+                    profile="extended"),
+            "input": {
+                "branch_id":           "branch-001",
+                "conclusion_hash":     sha256_hex("conclusion-for-dis-002"),
+                "dissenting_evidence": EV_1,
+                "schema_version_id":   sv,
+            },
+            "expected": {
+                "hash_position_reject":  dissent_hash(
+                    "branch-001", sha256_hex("conclusion-for-dis-002"),
+                    "reject", EV_1, sv),
+                "hash_position_archive": dissent_hash(
+                    "branch-001", sha256_hex("conclusion-for-dis-002"),
+                    "archive", EV_1, sv),
+                "must_differ": True,
+            },
+        }),
+
+        ("recall-001.json", {
+            **_meta("recall-001", "recall",
+                    "P22: context_reconstruction_hash is order-independent "
+                    "-- same artefacts in any order produce the same hash",
+                    profile="extended"),
+            "input": {
+                "artefact_hashes_order_a": [
+                    sha256_hex("artefact-A"),
+                    sha256_hex("artefact-B"),
+                    sha256_hex("artefact-C"),
+                ],
+                "artefact_hashes_order_b": [
+                    sha256_hex("artefact-C"),
+                    sha256_hex("artefact-A"),
+                    sha256_hex("artefact-B"),
+                ],
+                "canonical_ordering_rule": "sorted-asc",
+                "schema_version_id":       sv,
+            },
+            "expected": {
+                "context_reconstruction_hash": context_reconstruction_hash(
+                    [sha256_hex("artefact-A"), sha256_hex("artefact-B"), sha256_hex("artefact-C")],
+                    "sorted-asc", sv),
+                "both_must_equal": True,
+            },
+        }),
+
+        ("recall-002.json", {
+            **_meta("recall-002", "recall",
+                    "P83: recall_scope_hash is committed at archival time -- deterministic",
+                    profile="extended"),
+            "input": {
+                "archived_dissent_hash":    sha256_hex("archived-dissent-for-recall-002"),
+                "eligible_trigger_domains": ["sensor.telemetry", "control.actuator"],
+                "plausibility_threshold_str": "0.7",
+                "schema_version_id":       sv,
+            },
+            "expected": {
+                "recall_scope_hash": recall_scope_hash(
+                    sha256_hex("archived-dissent-for-recall-002"),
+                    ["sensor.telemetry", "control.actuator"],
+                    "0.7", sv),
+            },
+        }),
+
+        ("swarm-001.json", {
+            **_meta("swarm-001", "swarm",
+                    "P90: consensus_record_hash is order-independent "
+                    "-- contributing_hashes in any order produce the same hash",
+                    profile="extended"),
+            "input": {
+                "branch_id":              "branch-001",
+                "global_dominance_state": "HIGH",
+                "contributing_hashes_order_a": [
+                    sha256_hex("node-A-dominance"),
+                    sha256_hex("node-B-dominance"),
+                ],
+                "contributing_hashes_order_b": [
+                    sha256_hex("node-B-dominance"),
+                    sha256_hex("node-A-dominance"),
+                ],
+                "schema_version_id": sv,
+            },
+            "expected": {
+                "consensus_record_hash": consensus_record_hash(
+                    "branch-001", "HIGH",
+                    [sha256_hex("node-A-dominance"), sha256_hex("node-B-dominance")],
+                    sv),
+                "both_must_equal": True,
+            },
+        }),
+
+        ("swarm-002.json", {
+            **_meta("swarm-002", "swarm",
+                    "P90: swarm_inclusion_proof -- exclusion of a dissenting node "
+                    "is cryptographically committed and detectable",
+                    profile="extended"),
+            "input": {
+                "consensus_record_hash": consensus_record_hash(
+                    "branch-001", "HIGH",
+                    [sha256_hex("node-A-dominance"), sha256_hex("node-B-dominance")],
+                    sv),
+                "contributing_hashes": [
+                    sha256_hex("node-A-dominance"),
+                    sha256_hex("node-B-dominance"),
+                ],
+                "excluded_hashes": [
+                    sha256_hex("node-C-dissent"),
+                ],
+                "exclusion_reasons": {
+                    sha256_hex("node-C-dissent"): "plausibility below threshold",
+                },
+                "schema_version_id": sv,
+            },
+            "expected": {
+                "swarm_inclusion_proof": swarm_inclusion_proof(
+                    consensus_record_hash(
+                        "branch-001", "HIGH",
+                        [sha256_hex("node-A-dominance"), sha256_hex("node-B-dominance")],
+                        sv),
+                    [sha256_hex("node-A-dominance"), sha256_hex("node-B-dominance")],
+                    [sha256_hex("node-C-dissent")],
+                    {sha256_hex("node-C-dissent"): "plausibility below threshold"},
+                    sv),
+            },
+        }),    ]
 
 
 # ── File writing helpers ──────────────────────────────────────────────────────

src/aiep_genome/kernel/canon.py

@@ -188,6 +188,133 @@ def is_genesis(digest: str) -> bool:
     return digest == _GENESIS_SENTINEL
 
 
+# ── Phase 12e: New kernel primitives ─────────────────────────────────────────
+# Added after Phase 12d conformance hardening. All functions use concat_hash
+# (R7 length-prefixed) for collision resistance. All are kernel-level primitives
+# with conformance vectors in AIEP-VECTORS.
+
+def dissent_hash(branch_id: str, conclusion_hash: str, position: str,
+                  dissenting_evidence: list, schema_version_id: str) -> str:
+    """
+    P27: Cryptographic commitment of a dissent record.
+    position must be one of: "reject" | "escalate" | "archive"
+    Different positions over the same evidence produce different hashes —
+    the dissent position is itself tamper-evident.
+    """
+    return concat_hash(
+        branch_id, conclusion_hash, position,
+        canonical_json(dissenting_evidence), schema_version_id
+    )
+
+
+def dissent_resolution_chain_hash(original_dissent_hash: str, resolution_hash: str,
+                                   counter_resolution_hash: str,
+                                   schema_version_id: str) -> str:
+    """
+    P27: Resolution of dissent is itself subject to dissent.
+    counter_resolution_hash is "NONE" if the resolution was not challenged.
+    The chain terminates — and the termination is a NegativeProofRecord —
+    when no counter-resolution arrives within the declared temporal window.
+    """
+    return concat_hash(
+        original_dissent_hash, resolution_hash,
+        counter_resolution_hash or "NONE",
+        schema_version_id
+    )
+
+
+def context_reconstruction_hash(artefact_hashes: list, canonical_ordering_rule: str,
+                                  schema_version_id: str) -> str:
+    """
+    P22: Deterministic context reconstruction.
+    Same artefacts + same ordering rule = same hash on any node, everywhere.
+    Artefacts are sorted before hashing — insertion order does not matter.
+    """
+    ordered = sorted(artefact_hashes)
+    return concat_hash(canonical_json(ordered), canonical_ordering_rule, schema_version_id)
+
+
+def recall_scope_hash(archived_dissent_hash: str, eligible_trigger_domains: list,
+                       plausibility_threshold_str: str, schema_version_id: str) -> str:
+    """
+    P83: The RecallScope is itself a cryptographic commitment.
+    Two nodes must agree on this hash before either can initiate recall.
+    plausibility_threshold_str: canonical string form of the threshold
+      (use _canon_number() or str(Decimal) — do NOT pass a raw float).
+    The conditions for recall are committed at the moment of archival, not at recall time.
+    """
+    return concat_hash(
+        archived_dissent_hash,
+        canonical_json(sorted(eligible_trigger_domains)),
+        plausibility_threshold_str,
+        schema_version_id
+    )
+
+
+def local_dominance_hash(evidence_weight_vector: dict, node_id: str,
+                          schema_version_id: str) -> str:
+    """
+    P90: Each node's evidence-weighted contribution to swarm consensus.
+    evidence_weight_vector: {evidence_id: weight_str} — values as canonical strings.
+    """
+    return concat_hash(
+        canonical_json(evidence_weight_vector),
+        node_id, schema_version_id
+    )
+
+
+def consensus_record_hash(branch_id: str, global_dominance_state: str,
+                           contributing_hashes: list, schema_version_id: str) -> str:
+    """
+    P90: Verifiable swarm consensus commitment.
+    contributing_hashes is sorted before hashing — the order in which nodes
+    responded does not affect the consensus hash. Two nodes that receive the
+    same set of local_dominance_hash values in any order must agree.
+    """
+    return concat_hash(
+        branch_id, global_dominance_state,
+        canonical_json(sorted(contributing_hashes)),
+        schema_version_id
+    )
+
+
+def swarm_inclusion_proof(consensus_hash: str, contributing_hashes: list,
+                           excluded_hashes: list, exclusion_reasons: dict,
+                           schema_version_id: str) -> str:
+    """
+    P90: The swarm must declare what it excluded, not just what it included.
+    A swarm that silently excludes a dissenting node produces a different
+    swarm_inclusion_proof than one that declared the exclusion.
+    Suppression of dissent within a swarm is cryptographically detectable.
+    excluded_hashes: list of local_dominance_hash values not included.
+    exclusion_reasons: {hash: reason_string} for each excluded hash.
+    """
+    return concat_hash(
+        consensus_hash,
+        canonical_json(sorted(contributing_hashes)),
+        canonical_json(sorted(excluded_hashes)),
+        canonical_json(exclusion_reasons),
+        schema_version_id
+    )
+
+
+def validator_record_hash(monitored_record_hash: str, rule_violated: str,
+                           violation_evidence: str, validator_version: str,
+                           schema_version_id: str) -> str:
+    """
+    P01R: The validator's own verdict is an AIEP-committed record.
+    The monitoring operates under the protocol it enforces — recursive closure.
+    A validator that suppresses violations produces a different hash than one
+    that reports them. Suppression is detectable.
+    rule_violated: e.g. "CC-005", "R5", "R1" — or "NONE" for a clean record.
+    """
+    return concat_hash(
+        monitored_record_hash, rule_violated,
+        violation_evidence, validator_version,
+        schema_version_id
+    )
+
+
 def run_self_test() -> bool:
     """Run built-in determinism self-test. Returns True if all pass."""
     # R1 key ordering
@@ -206,6 +333,19 @@ def run_self_test() -> bool:
     # Known SHA-256 vector
     empty_hash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
     assert sha256_hex("") == empty_hash, "known vector FAIL"
-    # Known deterministic trace vectors from README
-    assert sha256_hex(canonical_json({"b": 2, "a": 1})) == sha256_hex(canonical_json({"a": 1, "b": 2}))
+    # Phase 12e — new primitives smoke-test
+    _sv = "aiep.canonical.v2.0.0"
+    _dh = dissent_hash("branch-001", "a" * 64, "reject", [], _sv)
+    assert len(_dh) == 64, "dissent_hash length FAIL"
+    assert dissent_hash("branch-001", "a" * 64, "reject", [], _sv) == _dh, "dissent_hash non-deterministic"
+    assert dissent_hash("branch-001", "a" * 64, "archive", [], _sv) != _dh, "dissent_hash position insensitive"
+    _crh = context_reconstruction_hash(["h1", "h2", "h3"], "sorted-asc", _sv)
+    assert _crh == context_reconstruction_hash(["h3", "h1", "h2"], "sorted-asc", _sv), "context_reconstruction_hash order FAIL"
+    _ldh_a = local_dominance_hash({"ev-001": "0.8"}, "node-A", _sv)
+    _ldh_b = local_dominance_hash({"ev-001": "0.8"}, "node-B", _sv)
+    assert _ldh_a != _ldh_b, "local_dominance_hash node collision"
+    _crec = consensus_record_hash("branch-001", "HIGH", [_ldh_a, _ldh_b], _sv)
+    _crec2 = consensus_record_hash("branch-001", "HIGH", [_ldh_b, _ldh_a], _sv)
+    assert _crec == _crec2, "consensus_record_hash order-dependent FAIL"
     return True
+