S209: root docs + wateringHole handoff — align all hubs to S209/7,842 tests

Made-with: Cursor

Author: westgate

CONTEXT.md

@@ -29,7 +29,7 @@ ToadStool is the **Layer 0** hardware substrate that other primals and springs d
   - Override: `TOADSTOOL_SOCKET` / `TOADSTOOL_TARPC_SOCKET` env vars
   - Family: `compute-{family_id}.sock` / `compute-{family_id}-tarpc.sock`
 - **Peer primals**: Resolved at runtime via capability IDs and Unix-socket discovery (e.g. `capability.discover`, `resolve_capability_socket_fallback`) — not hardcoded URLs or legacy per-primal env manifests.
-- **Tests**: 20,000+ (7,842 lib-only S208, 0 failures, unlimited parallelism)
+- **Tests**: 20,000+ (7,842 lib-only S209, 0 failures, unlimited parallelism)
 - **Unsafe**: 49 blocks (all in hw-safe/GPU/VFIO/display/plugin containment, all SAFETY-documented); workspace `unsafe_code = "deny"`, 41 crates `forbid` + 5 hw crates with narrow `#[allow(unsafe_code, reason)]`; all ~40 production `#[allow]` have `reason =` (S206)
 - **async-trait**: DEPRECATED — fully removed and banned in `deny.toml` (S203r); transitive only via axum/config/wiggle
 - **deny.toml**: `ring` + `async-trait` + `zstd-sys` bans active (ecoBin v3 compliant)

DOCUMENTATION.md

@@ -1,6 +1,6 @@
 # ToadStool Documentation Hub
 
-**Last Updated**: April 2026 — S208
+**Last Updated**: April 2026 — S209
 
 ---
 
@@ -34,7 +34,7 @@ These root documents were **fully resolved** and **fossilized** in wateringHole
 
 **Post-budding, dependency-sovereign, IPC-first, fully concurrent, capability-based.** barraCuda is a separate primal at `ecoPrimals/barraCuda/`. ToadStool is the hardware infrastructure layer — GPU/NPU/CPU discovery, capability probing, workload orchestration, and shader dispatch.
 
-- **20,000+ tests** (7,842 lib-only S208), 0 failures, 0 clippy warnings, 0 fmt diffs. Full workspace concurrent test suite.
+- **20,000+ tests** (7,842 lib-only S209), 0 failures, 0 clippy warnings, 0 fmt diffs. Full workspace concurrent test suite.
 - **65 JSON-RPC methods** (incl. `compute.execute` direct route S203f). Wire Standard L3 (partial): `cost_estimates`, `operation_dependencies`. IPC compliant (`health.liveness` → `{"status":"alive"}`, `health.readiness` → ready+version, `health.check` full envelope, `capabilities.list`, `identity.get`).
 - **Dual-socket IPC** — `compute.sock` (JSON-RPC primary, biomeOS routes here) + `compute-tarpc.sock` (tarpc hot-path). Override: `TOADSTOOL_SOCKET` / `TOADSTOOL_TARPC_SOCKET`. Family: `compute-{fid}.sock` / `compute-{fid}-tarpc.sock`.
 - **Pipeline dispatch** — `compute.dispatch.pipeline.submit` + `.status` for ordered multi-stage workloads (DAG, topological sort, result forwarding). Resolves neuralSpring PG-05.

README.md

@@ -42,7 +42,7 @@ Nest    = Tower  + Storage            <- storage
 | `cargo fmt --all -- --check` | 0 diffs |
 | `cargo clippy --workspace --all-targets -- -D warnings` | 0 warnings |
 | `cargo doc --workspace --no-deps` (RUSTDOCFLAGS="-D warnings") | 0 warnings |
-| `cargo test --workspace` | **20,000+ tests, 0 failures** (7,842 lib-only verified S208), **~93** ignored (hardware-gated); full workspace ~3m30s |
+| `cargo test --workspace` | **20,000+ tests, 0 failures** (7,842 lib-only verified S209), **~93** ignored (hardware-gated); full workspace ~3m30s |
 | Doctests | All passing (common, core, server, cli, testing, display) |
 | Standalone clone test | Pull to any machine, `cargo test` works (GPU-optional, CPU fallback, device-lost resilient) |
 | `unsafe` blocks | **49 actual** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented (S204); workspace `unsafe_code = "deny"`, **41 crates `forbid`** + 5 hw crates with narrow `#[allow(unsafe_code, reason)]`; **all ~40 production `#[allow]` have `reason =`** (S206) |
@@ -247,7 +247,7 @@ toadStool/
 | Clippy pedantic warnings | 0 (workspace-wide `clippy::pedantic` clean; `#[expect]` evolution S131+) |
 | Doc warnings | 0 |
 | Build warnings | 0 |
-| Workspace tests | **20,000+**, 0 failures (7,842 lib-only S208) |
+| Workspace tests | **20,000+**, 0 failures (7,842 lib-only S209) |
 | Lib-only line coverage | ~83.6% |
 | Full workspace test time | ~3m30s (unlimited parallelism, `cfg!(test)` fast timeouts; GPU crates have NVK resilience wrappers) |
 | `unsafe` blocks | **49 actual** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented (S204); workspace `unsafe_code = "deny"`, **41 crates `forbid`** + 5 hw crates with narrow `#[allow(unsafe_code, reason)]` |
@@ -384,7 +384,7 @@ See [DEBT.md](DEBT.md) for full register and evolution paths.
 
 ---
 
-**Last Updated**: April 2026 — S208 (Deep Debt — Unsafe Allow + Feature Hygiene + Expect→Result). **20,000+** workspace tests, 0 failures (7,842 lib-only). ~83.6% lib-only line coverage (target 90%). **65 JSON-RPC methods** (direct) + semantic registry with **Wire Standard L3** (cost_estimates + operation_dependencies). AGPL-3.0-or-later. Zero C FFI deps (ecoBin v3.0). **49 unsafe blocks** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented; workspace `unsafe_code = "deny"`, **41 crates `forbid`** + 5 hw crates with narrow `#[allow(unsafe_code, reason)]`. **Zero production panics/expects** (S208). IPC-first JSON-RPC (dual-socket: `compute.sock` + `compute-tarpc.sock`). Rust 1.85+ (edition 2024, MSRV). **async-trait DEPRECATED** — fully removed, banned in `deny.toml`. **Self-registration** with Songbird via `DISCOVERY_SOCKET` (S207). **Encrypted compute dispatch** (Phase 55). **Display Phase 2** (petalTongue IPC). **BTSP Phase 2 + JSON-line relay**. **All lint attrs with `reason =`** (S206). **`test-mocks` off default** (S206). **Capability-based discovery compliant** per `CAPABILITY_BASED_DISCOVERY_STANDARD.md` v1.2.
+**Last Updated**: April 2026 — S209 (Deep Debt — Lint Reason + Dep Unification + Auth Capability). **20,000+** workspace tests, 0 failures (7,842 lib-only). ~83.6% lib-only line coverage (target 90%). **65 JSON-RPC methods** (direct) + semantic registry with **Wire Standard L3** (cost_estimates + operation_dependencies). AGPL-3.0-or-later. Zero C FFI deps (ecoBin v3.0). **49 unsafe blocks** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented; workspace `unsafe_code = "deny"`, **41 crates `forbid`** + 5 hw crates with narrow `#[allow(unsafe_code, reason)]`. **Zero production panics/expects**. IPC-first JSON-RPC (dual-socket: `compute.sock` + `compute-tarpc.sock`). Rust 1.85+ (edition 2024, MSRV). **async-trait DEPRECATED** — fully removed, banned in `deny.toml`. **Auth issuer capability-based** (`capabilities::CRYPTO`, S209). **All lint attrs with `reason =`** (S209). **23 Cargo.toml dep versions unified to workspace** (S209). **Self-registration** with Songbird via `DISCOVERY_SOCKET` (S207). **Encrypted compute dispatch** (Phase 55). **Display Phase 2** (petalTongue IPC). **BTSP Phase 2 + JSON-line relay**. **`test-mocks` off default** (S206). **Capability-based discovery compliant** per `CAPABILITY_BASED_DISCOVERY_STANDARD.md` v1.2.
 
 ---
 

docs/README.md

@@ -1,6 +1,6 @@
 # ToadStool Documentation
 
-**Updated**: April 2026 — S208
+**Updated**: April 2026 — S209
 
 Primary documentation lives at the repository root. See [../DOCUMENTATION.md](../DOCUMENTATION.md) for the navigation hub. Session trackers archived to `ecoPrimals/infra/wateringHole/fossilRecord/toadstool/`.
 

docs/guides/TESTING.md

@@ -1,12 +1,12 @@
 # Testing Guide
 
-**Last Updated**: April 28, 2026 — S208
+**Last Updated**: April 29, 2026 — S209
 
 ## Quick Status
 
 | Metric | Status | Details |
 |--------|--------|---------|
-| **Lib-Only Tests** | **7,842 (S208)** | 0 failures, unlimited parallelism |
+| **Lib-Only Tests** | **7,842 (S209)** | 0 failures, unlimited parallelism |
 | **Workspace Tests** | **20,000+ (default features)** | ~93 intentional GPU/hardware ignores |
 | **Line Coverage** | **~83.6% (lib-only)** | ~185K production lines. Gap: hardware-dependent code (V4L2/VFIO/neuromorphic) |
 | **Clippy Pedantic** | **0 warnings** | Full workspace (`-D warnings`), in CI |

infra/wateringHole/handoffs/TOADSTOOL_S209_LINT_DEP_AUTH_CAPABILITY_HANDOFF_APR29_2026.md

@@ -0,0 +1,80 @@
+# ToadStool S209 — Deep Debt: Lint Reason + Dep Unification + Auth Capability
+
+**Date**: April 29, 2026
+**Session**: S209
+**Scope**: Codebase-wide lint evolution, dependency hygiene, auth capability evolution
+
+---
+
+## Changes
+
+### 1. Lint Evolution — `reason =` on all remaining attrs
+
+All crate-level `#![allow]` without `reason =` upgraded (7 crates):
+- `specialty/embedded/protocol_engine.rs` — `missing_docs`
+- `specialty/embedded/chip_database.rs` — `missing_docs`
+- `specialty/embedded/cpu6502/mod.rs` — `missing_docs` + cast/names
+- `specialty/embedded/cpuz80.rs` — `missing_docs` + cast
+- `neuromorphic/akida-models/src/lib.rs` — `clippy::must_use_candidate`
+- `runtime/native/src/lib.rs` — `clippy::no_effect_underscore_binding`
+- `testing/src/lib.rs` — `refining_impl_trait`
+
+~30 production `#[expect(deprecated)]`/`#[allow(deprecated)]` upgraded with
+`reason =` across: config, auth, ecosystem, storage, GPU backends, CLI,
+distributed, server/mocks.
+
+### 2. Workspace Dependency Unification (23 Cargo.toml files)
+
+| Dependency | Crates unified |
+|-----------|----------------|
+| `sha2` | cli, security/policies, runtime/wasm, integration/storage, runtime/edge |
+| `serde_json` | integration-tests, runtime/edge, toadstool-core, management/monitoring |
+| `tracing-subscriber` | runtime/gpu, integration-tests, runtime/display, neuromorphic/akida-driver |
+| `tokio-test` | testing, server, integration/protocols, runtime/display, distributed, client, integration/primals, integration/storage, runtime/specialty, runtime/orchestration |
+| `tracing` + `thiserror` | runtime/edge |
+
+All converted from pinned versions to `{ workspace = true }`.
+
+### 3. Stale Feature Flag Cleanup
+
+Removed unused placeholder features from excluded `runtime/python`:
+- `ai-ml = []` — no `cfg(feature)` gate anywhere
+- `squirrel-preparation = []` — no `cfg(feature)` gate anywhere
+
+### 4. Auth Backend — Capability-Based Issuer Evolution
+
+**Before**: `validate_token()` fallback issuer was `well_known::BEARDOG`
+(hardcoded primal name).
+
+**After**: Fallback issuer is `capabilities::CRYPTO` (capability domain).
+Auth backend no longer imports `well_known` module. Crate-level
+`#![expect(deprecated)]` removed (no deprecated items used in production).
+
+Test fixtures updated: mock token issuers use `capabilities::CRYPTO`,
+audience targets use `capabilities::COORDINATION`.
+
+---
+
+## Files Changed (69)
+
+Major categories:
+- 7 crate-level `#![allow]` attrs (specialty, neuromorphic, native, testing)
+- ~20 production `#[expect(deprecated)]` sites (config, auth, ecosystem, CLI)
+- 23 `Cargo.toml` dep unification files
+- `auth_backend.rs` + `auth/tests.rs` (capability evolution)
+- `DEBT.md`, `NEXT_STEPS.md` (session documentation)
+- Edge crate formatting (rustfmt wrapping long attrs)
+
+## Tests
+
+- **7,842 lib-only**, 0 failures, clippy clean (`-D warnings`), fmt clean
+- No test count change — all existing tests pass
+
+## For primalSpring / guideStone
+
+- **Auth issuer change**: Token validation now expects `"crypto"` as default
+  issuer (was `"beardog"`). If your tokens use `"beardog"` as issuer, either:
+  - Set `TOADSTOOL_AUTH_ISSUER=beardog` env var, or
+  - Update token issuer to `"crypto"` (capability-based)
+- No wire protocol changes
+- No IPC surface changes

specs/README.md

@@ -115,7 +115,7 @@ toadStool picks the row. coralReef compiles for it. Springs never see the table.
 | Test coverage | Target 90%, current ~83.6% (llvm-cov) | D-COV |
 | Mocks in production | 0 (all `#[cfg(test)]` gated) | ✅ |
 
-### Key Numbers (S208)
+### Key Numbers (S209)
 
 - **20,000+ workspace / 7,842 lib-only** tests (0 failures), **~65 JSON-RPC methods**
 - **3 hardware transports** — Display (DRM), Capture (V4L2), Serial