S266: sandbox working_dir production + upstream debt + doc cleanup

Wire data_dependencies pre-dispatch validation with BLAKE3 integrity
into execute_workload. Wire SandboxSpec.working_directory into sandbox
manager creation. Absorb upstream clippy errors from new cylinder
modules (ce_validate, sovereign_tiers, pmu_investigate, pushbuf,
kmod, module_patch, sovereign_handoff) and server API removals
(adopt_anchor_fds, skip_cold_memory_training).

Remove compute.fan_out from DIRECT_JSONRPC_METHODS (handler dropped
upstream). Fix crate count 64→46, method count 85→86 across all docs.
Archive 413 lines of completed session history from NEXT_STEPS.md.
Derive Default for ModuleSource. Align all root docs to S266 / 9,055
lib tests / 86 methods.

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: BiomeOS Developer

.env.example

@@ -1,5 +1,5 @@
 # ToadStool Environment Configuration
-# Updated: S265 (May 20, 2026)
+# Updated: S266 (May 20, 2026)
 #
 # All values have sensible defaults. Only override what you need.
 # Copy this file to .env and customize for your environment.

CHANGELOG.md

@@ -5,7 +5,24 @@ All notable changes to ToadStool will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased] - May 20, 2026 (Sessions 43-265)
+## [Unreleased] - May 20, 2026 (Sessions 43-266)
+
+### Session S266 (May 20, 2026) — Sandbox working_dir Production + Upstream Clippy
+
+primalSpring Wave 31 horizon resolution: data dependency staging + sandbox working_dir + upstream debt.
+
+- ADDED: Pre-dispatch `data_dependencies` validation in `execute_workload` — checks file existence, optional dep degradation, BLAKE3 integrity verification
+- ADDED: `blake3` dependency to CLI crate (pure Rust, no C/asm)
+- WIRED: `SandboxSpec.working_directory` into `CrossPlatformSandboxManager::create_sandbox` — creates directory inside sandbox, stores in metadata
+- FIXED: 90+ upstream clippy errors from new cylinder modules (`ce_validate`, `sovereign_tiers`, `pmu_investigate`, `pushbuf`)
+- FIXED: Upstream API removal — `adopt_anchor_fds` dropped from `ComputeDevice`, `skip_cold_memory_training` dropped from `SovereignInitOptions`
+- FIXED: Server dispatch `Default::default()` → `SovereignInitOptions::default()`, `_sysfs_bar` → `sysfs_bar`, `_cache` → `cache_guard`, collapsed `if let`, `map().unwrap_or()` → `map_or()` / `is_some_and()`
+- FIXED: `primal_announce` re-export lint (function pending handler dispatch wiring)
+- REMOVED: `compute.fan_out` tests (method dropped upstream from `DispatchHandler`)
+- TESTS: 7 new data dependency validation tests (existence, BLAKE3 match/mismatch, optional deps, remote skip)
+- REMOVED: `compute.fan_out` from DIRECT_JSONRPC_METHODS + wire_l3 cost estimates (handler dropped upstream)
+- FIXED: Crate count in sporeprint 64 → 46 (actual workspace members)
+- METRICS: 86 JSON-RPC methods, 9,055 lib tests, 0 clippy warnings, deny clean
 
 ### Session S265 (May 20, 2026) — sporePrint pappusCast Wave 28
 

CONTEXT.md

@@ -30,9 +30,9 @@ ToadStool is the **Layer 0** hardware substrate that other primals and springs d
   - Family: `compute-{family_id}.sock` / `compute-{family_id}-tarpc.sock`
 - **Peer primals**: Resolved at runtime via capability IDs and Unix-socket discovery (e.g. `capability.discover`, `resolve_capability_socket_fallback`) — not hardcoded URLs or legacy per-primal env manifests
 - **Discovery hierarchy** (primalSpring cross-cutting): Songbird `ipc.resolve` → biomeOS `capability.discover` → UDS filesystem convention → socket registry → TCP probing. toadStool implements tiers 1–4; TCP probing (tier 5) not used for local IPC
-- **Wave 8 Compute Trio** (S235–S263): `compute.dispatch.submit` trio-standard IPC contract. **Phase A: coral-ember absorbed** (S237). **Phase B: glowplug absorbed** (S239). **Phase C complete — all blocking items resolved** (S245–S253): toadstool-cylinder (153 .rs, 520 tests), DRM/MMIO/AMD/NVIDIA/VFIO, `OwnedFd` VFIO fd ownership (S253), SwapOrchestrator real quiesce/persist/restore (S253), `toadstool device` CLI (S253). **Phase D: dispatch live** (S254–S263) — `LocalDeviceFactory` wired at handler startup (S254), AMD DRM dispatch live, NV VFIO QMD-based dispatch wired via PBDMA (S258–S259). `CPUCTL_HALTED` bit fix + `probe_warm_fecs()` (S256). `device.vfio.open` + `device.vfio.roundtrip` JSON-RPC endpoints (S259). `health.version` + `health.drain` RPC endpoints (S260). Kepler dispatch wired (S260). `device.gr.init` / `compute.context.init` IPC exposed (S262). coralReef shader metadata aliases wired (S262). `compute.fan_out` DAG-aware dispatch (S263). `primal.announce` self-registration (S263). **85 JSON-RPC methods.**
-- **Deep Debt** (S240–S263): All Duration literals extracted to named constants (~100+ across 30+ files). Legacy primal env vars `#[deprecated]` with migration guidance (S250). All `#[allow(deprecated)]` evolved to `#[expect(deprecated, reason)]` (S252). `VfioResourceHandle` `Option<i32>` → `OwnedFd` (S253). Sentinel values evolved to idiomatic Rust (S250). Zero library `println!`/`eprintln!`. All production files <800 lines. Zero production mocks/TODO/FIXME/unreachable!(). All unsafe SAFETY-documented. All `#[allow]`/`#[expect]` have `reason` (S255+S259+S261+S263). `cargo deny check bans` passes clean. `aws-lc-sys` banned (S263).
-- **Tests**: 22,900+ (8,945+ lib-only, 0 failures, unlimited parallelism)
+- **Wave 8 Compute Trio** (S235–S263): `compute.dispatch.submit` trio-standard IPC contract. Phase A–D complete. NV VFIO e2e dispatch validated on Titan V (S263). **86 JSON-RPC methods.**
+- **Deep Debt** (S240–S266): All Duration literals → named constants. Zero production mocks/TODO/FIXME/unreachable!(). All unsafe SAFETY-documented. All `#[allow]`/`#[expect]` have `reason`. `cargo deny check bans` clean. Stale socket hygiene (S264). sporePrint Wave 28 (S265). Sandbox `working_dir` production + `data_dependencies` validation (S266).
+- **Tests**: 23,000+ (9,055+ lib-only, 0 failures, unlimited parallelism)
 - **Unsafe**: 46 blocks (all in hw-safe/GPU/VFIO/display/plugin containment, all SAFETY-documented; reconciled S221); workspace `unsafe_code = "deny"`, 41 crates `forbid` + 5 hw crates with narrow `#[allow(unsafe_code, reason)]`; all lint attrs have `reason =` (S211+S213)
 - **async-trait**: DEPRECATED — fully removed and banned in `deny.toml` (S203r); transitive only via axum/config/wiggle
 - **deny.toml**: `ring` + `async-trait` + `zstd-sys` + `aws-lc-sys` bans active (ecoBin v3 compliant, `SOVEREIGNTY_STANDARDS.md` dark forest gate). `ring` present only as conditional transitive dep via quinn-proto/rustls-webpki (not on default build path)

DEBT.md

@@ -1,13 +1,22 @@
 # Active Technical Debt Register
 
-**Date**: May 2026 — S265
+**Date**: May 2026 — S266
 **Philosophy**: Math is universal, precision is silicon. Workarounds are
 short-term solutions that increase debt. We aim to solve deep debt over
 iterations, evolving toward vendor-agnostic, capability-based solutions—
 with production stubs surfacing typed configuration errors and capability
 guidance, and auth policy driven by explicit environment configuration
 where applicable.
 
+**S266 (Sandbox working_dir Production + Upstream Clippy)**:
+`data_dependencies` validation wired into `execute_workload`: file existence
+check, optional dep degradation, BLAKE3 integrity verification (pure Rust).
+`SandboxSpec.working_directory` consumed in `CrossPlatformSandboxManager::create_sandbox`.
+90+ upstream clippy errors fixed across 4 new cylinder modules (ce_validate,
+sovereign_tiers, pmu_investigate, pushbuf). Upstream API removals absorbed
+(`adopt_anchor_fds`, `skip_cold_memory_training`). Server dispatch lint cleanup.
+9,055 lib tests, 0 clippy warnings, deny clean.
+
 **S253 (Phase C Complete + Deep Debt Sweep)**:
 `VfioResourceHandle` `Option<i32>` → `OwnedFd` (RAII fd ownership).
 SwapOrchestrator quiesce/persist/restore evolved from stubs to real impls.

DOCUMENTATION.md

@@ -1,6 +1,6 @@
 # ToadStool Documentation Hub
 
-**Last Updated**: May 2026 — S265
+**Last Updated**: May 2026 — S266
 
 ---
 
@@ -30,22 +30,24 @@ These root documents were **fully resolved** and **fossilized** in wateringHole
 
 ---
 
-## Current State (S263 — May 2026)
+## Current State (S266 — May 2026)
 
 **Post-budding, dependency-sovereign, IPC-first, fully concurrent, capability-based.** barraCuda is a separate primal at `ecoPrimals/barraCuda/`. ToadStool is the hardware infrastructure layer — GPU/NPU/CPU discovery, capability probing, workload orchestration, and shader dispatch.
 
-- **22,900+ tests** (8,849+ lib-only), 0 failures, 0 clippy warnings, 0 fmt diffs. Full workspace concurrent test suite.
-- **83 JSON-RPC methods** (incl. `device.vfio.open`, `device.vfio.roundtrip`, `device.gr.init`, `compute.context.init`, `device.swap`, `device.warm_catch`, `health.version`, `health.drain`, 6 MMIO/Falcon RPCs, `toadstool.validate`, `compute.execute` direct route, `auth.check`/`auth.mode`/`auth.peer_info`, `provenance.query`). Semantic aliases incl. `ember.vfio.*`, `ember.gr.init`, `sovereign.gr.init`, `ember.swap`, `sovereign.boot`. Wire Standard L3 (partial): `cost_estimates`, `operation_dependencies`. **Recommended caller timeout: ≥3 seconds** for health probes during startup.
+- **23,000+ tests** (9,055+ lib-only), 0 failures, 0 clippy warnings, 0 fmt diffs. Full workspace concurrent test suite.
+- **86 JSON-RPC methods** (direct) + semantic registry. Wire Standard L3 (partial): `cost_estimates`, `operation_dependencies`. **Recommended caller timeout: ≥3 seconds** for health probes during startup.
 - **Phase C complete** (S245–S253) — toadstool-cylinder (153 .rs, 520 tests), DRM/MMIO/AMD/NVIDIA/VFIO hardware modules absorbed from `coral-driver`. `OwnedFd` VFIO fd ownership (S253). SwapOrchestrator real quiesce/persist/restore (S253). `toadstool device` CLI with swap/list/status/warm subcommands (S253). GspBridge trait boundary.
-- **Phase D: Sovereign dispatch validated** (S250–S263) — `try_local_dispatch()` via `ComputeDevice` trait before `coral_client` IPC forward. Full buffer lifecycle. AMD DRM dispatch live. **NV VFIO e2e dispatch validated on Titan V** (S263): warm handoff → VFIO open → channel → DMA roundtrip → GR init. CPUCTL_ALIAS breakthrough (Volta HS security-lock resolved). GR context buffer + scheduler cycle. Current frontier: FECS PENDING_CTX_RELOAD.
-- **Diesel Engine Migration** (S252) — `device.swap` + `device.warm_catch` JSON-RPC handlers. 6 MMIO/Falcon RPCs. `SysfsBar0Rw` read-write BAR0. `TOADSTOOL_RUN_DIR` socket layout.
-- **Deep Debt** (S240–S263) — All Duration literals extracted to named constants. `CORALREEF_*` env vars deprecated with `TOADSTOOL_*` primaries + deprecation warnings (S253). Zero `#[allow(deprecated)]` remaining. `ember.swap` + `sovereign.boot` semantic aliases. All lint attrs have `reason`. Zero production mocks/TODO/FIXME/unreachable!(). All unsafe SAFETY-documented. `cargo deny check bans` passes clean.
+- **Phase D: Sovereign dispatch validated** (S250–S263) — `try_local_dispatch()` via `ComputeDevice` trait before `coral_client` IPC forward. Full buffer lifecycle. AMD DRM dispatch live. **NV VFIO e2e dispatch validated on Titan V** (S263): warm handoff → VFIO open → channel → DMA roundtrip → GR init. Current frontier: FECS PENDING_CTX_RELOAD.
+- **Stale socket hygiene** (S264) — CLI daemon SIGTERM + socket cleanup. Display IPC Drop impl. UDS unlink-before-bind audited.
+- **sporePrint Wave 28** (S265) — `sporeprint/validation-summary.md` + CI dispatch to sporePrint.
+- **Sandbox working_dir production** (S266) — `data_dependencies` pre-dispatch validation with BLAKE3 integrity. `SandboxSpec.working_directory` wired into sandbox manager. 90+ upstream clippy errors absorbed.
+- **Deep Debt** (S240–S266) — All Duration literals extracted to named constants. `CORALREEF_*` env vars deprecated with `TOADSTOOL_*` primaries + deprecation warnings (S253). Zero `#[allow(deprecated)]` remaining. All lint attrs have `reason`. Zero production mocks/TODO/FIXME/unreachable!(). All unsafe SAFETY-documented. `cargo deny check bans` passes clean.
 - **Capability-based everywhere**: 0 hardcoded primal names, 0 production mocks, all primal references use capability identifiers. All production logging via `tracing`.
 - **ecoBin v3.0** — Zero C FFI deps. `deny.toml` ring + async-trait + zstd-sys bans active.
 - **46 unsafe blocks** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented. Workspace `unsafe_code = "deny"`, **41 crates `forbid`**.
 - **Dual-socket IPC** — `compute.sock` (JSON-RPC primary) + `compute-tarpc.sock` (tarpc hot-path).
 
-See [CHANGELOG.md](CHANGELOG.md) for full session-by-session history (S43–S263).
+See [CHANGELOG.md](CHANGELOG.md) for full session-by-session history (S43–S266).
 
 ---