planning: decompose mission request epics

• [MSN] 2 missions driving 2 epics forward
• [EXC] 2 stories queued, none actively executing
• [HLT] 1 warnings, no structural errors detected

Author: rupurt

.keel/README.md

@@ -439,7 +439,15 @@
 |--------|--------|
 | [Define Keeper Trust Boundaries And Audit Checkpoints](epics/VDupml7OG/voyages/VG73OljA2/) | done |
 
-### [Mission Request Command Surface](epics/VG6ggE3ud/) (draft)
+### [Mission Request Command Surface](epics/VG6ggE3ud/) (active)
 
-### [Keeper Provider Mission Request Ingress](epics/VG6ggSPFR/) (draft)
+| Voyage | Status |
+|--------|--------|
+| [Stabilize Mission Request Command Semantics](epics/VG6ggE3ud/voyages/VG7sBGWN6/) | planned |
+
+### [Keeper Provider Mission Request Ingress](epics/VG6ggSPFR/) (active)
+
+| Voyage | Status |
+|--------|--------|
+| [Define Mission Request Ingress Replay And Acknowledgement](epics/VG6ggSPFR/voyages/VG7sCmWrK/) | planned |
 

.keel/epics/VG6ggE3ud/README.md

@@ -23,7 +23,8 @@ mission: VG6d7gjkx
 ## Voyages
 
 <!-- BEGIN GENERATED -->
-**Progress:** 0/0 voyages complete, 0/0 stories done
+**Progress:** 0/1 voyages complete, 0/1 stories done
 | Voyage | Status | Stories |
 |--------|--------|---------|
+| [Stabilize Mission Request Command Semantics](voyages/VG7sBGWN6/) | planned | 0/1 |
 <!-- END GENERATED -->

.keel/epics/VG6ggE3ud/voyages/VG7sBGWN6/README.md

@@ -0,0 +1,34 @@
+---
+# system-managed
+id: VG7sBGWN6
+status: planned
+epic: VG6ggE3ud
+created_at: 2026-04-07T10:09:35
+# authored
+title: Stabilize Mission Request Command Semantics
+index: 1
+updated_at: 2026-04-07T10:11:18
+---
+
+# Stabilize Mission Request Command Semantics
+
+> Stabilize the mission request command contract for automation callers
+
+## Documents
+
+<!-- BEGIN DOCUMENTS -->
+| Document | Description |
+|----------|-------------|
+| [SRS.md](SRS.md) | Requirements and verification criteria |
+| [SDD.md](SDD.md) | Architecture and implementation details |
+<!-- END DOCUMENTS -->
+
+## Stories
+
+<!-- BEGIN GENERATED -->
+**Progress:** 0/1 stories complete
+
+| Title | Type | Status |
+|-------|------|--------|
+| [Specify Mission Request IO And Failure Semantics](../../../../stories/VG7sCeakR/README.md) | feat | backlog |
+<!-- END GENERATED -->

.keel/epics/VG6ggE3ud/voyages/VG7sBGWN6/SDD.md

@@ -0,0 +1,88 @@
+# Stabilize Mission Request Command Semantics - Software Design Description
+
+> Stabilize the mission request command contract for automation callers
+
+**SRS:** [SRS.md](SRS.md)
+
+## Overview
+
+This voyage defines the machine-facing contract for the `keel mission request`
+command family. The design treats the request envelope as the stable interface
+and keeps provider transport details outside the command surface so Keeper and
+non-Keeper automation can invoke the same semantics.
+
+## Context & Boundaries
+
+### In Scope
+
+- the request envelope shape
+- stdin/file loading behavior
+- validation semantics
+- output/result contract
+
+### Out of Scope
+
+- provider polling
+- GitHub issue revision rules
+- Keeper runtime scheduling
+
+### External Actors
+
+- Keeper workers
+- local automation or scripts
+- future provider adapters that emit canonical envelopes
+
+## Dependencies
+
+| Dependency | Type | Purpose | Version/API |
+|------------|------|---------|-------------|
+| Mission request envelope | Internal contract | Shared request payload across commands | CLI contract |
+| Keel planning commands | Internal surface | Apply validated requests into board mutations | Existing CLI |
+
+## Key Decisions
+
+| Decision | Choice | Rationale |
+|----------|--------|-----------|
+| Provider neutrality | Keep provider-specific transport metadata optional and non-authoritative | Prevents GitHub-first behavior from becoming the core API |
+| Single envelope | Use one canonical request envelope across all mission-request subcommands | Keeps piping and replay behavior stable |
+| Explicit result modes | Separate success, validation failure, and execution failure semantics | Lets automation decide retry, repair, or escalate behavior deterministically |
+
+## Architecture
+
+The command family is modeled in three layers:
+- input normalization: read stdin/file payloads into the canonical envelope
+- validation and drafting semantics: determine whether the request is structurally and operationally ready
+- execution surface: expose `apply` and `ack` contracts without embedding provider adapters
+
+## Components
+
+- Envelope parser: accepts stdin/file input and produces the canonical request model.
+- Validator: checks required fields, derivable fields, and readiness constraints.
+- Result renderer: emits stable human and machine outcomes for success and failure cases.
+- Apply bridge: translates validated requests into native planning mutations.
+
+## Interfaces
+
+- `template`: emits a canonical request scaffold.
+- `parse`: loads raw input and returns normalized request content.
+- `validate`: returns readiness plus actionable errors.
+- `draft`: returns a proposed planning slice without mutating the board.
+- `apply`: performs native Keel mutations from a valid request.
+- `ack`: emits canonical acknowledgement content for upstream transport owners.
+
+## Data Flow
+
+1. Caller submits a mission request payload.
+2. The parser normalizes the payload into the canonical envelope.
+3. Validation checks required fields, derivations, and readiness state.
+4. `draft` or `apply` consumes the validated envelope.
+5. The result renderer returns deterministic success or failure output.
+
+## Error Handling
+
+| Error Condition | Detection | Response | Recovery |
+|-----------------|-----------|----------|----------|
+| Missing required mission fields | Envelope validation | Return structured validation failure | Caller repairs payload and retries |
+| Provider-only data supplied without canonical fields | Parse/validate mismatch | Return actionable normalization error | Provider adapter supplies canonical fields or derivations |
+| Request is structurally valid but not execution-ready | Draft/apply readiness check | Return non-terminal validation failure | Caller uses `draft` or requests more detail |
+| Native mutation fails after validation | Apply execution path | Return execution failure separate from validation | Caller can retry or escalate without redefining the contract |

.keel/epics/VG6ggE3ud/voyages/VG7sBGWN6/SRS.md

@@ -0,0 +1,37 @@
+# Stabilize Mission Request Command Semantics - SRS
+
+## Summary
+
+Epic: VG6ggE3ud
+Goal: Stabilize the mission request command contract for automation callers
+
+## Scope
+
+### In Scope
+
+- [SCOPE-01] Define the canonical stdin/stdout request envelope for `template`, `parse`, `validate`, `draft`, `apply`, and `ack`.
+- [SCOPE-02] Define deterministic machine-facing success, validation-failure, and execution-failure semantics for the command family.
+- [SCOPE-03] Define the minimum provider metadata and mission fields automation callers must supply or can derive.
+
+### Out of Scope
+
+- [SCOPE-90] Keeper-side polling or provider webhook execution.
+- [SCOPE-91] GitHub-specific revision tracking and acknowledgement policy.
+
+## Functional Requirements
+
+<!-- BEGIN FUNCTIONAL_REQUIREMENTS -->
+| ID | Requirement | Scope | Source | Verification |
+|----|-------------|-------|--------|--------------|
+| SRS-01 | `keel mission request parse` and `validate` must consume a canonical mission request envelope that can be passed over stdin or loaded from a file without provider-specific fields becoming required. | SCOPE-01 | FR-01 | manual |
+| SRS-02 | The command family must define stable machine-facing results for success, validation failure, and command failure, including which conditions are recoverable by the caller. | SCOPE-02 | FR-01 | manual |
+| SRS-03 | The contract must define which fields are required from callers, which can be derived from provider metadata, and which are optional hints for downstream planning behavior. | SCOPE-03 | FR-01 | manual |
+<!-- END FUNCTIONAL_REQUIREMENTS -->
+
+## Non-Functional Requirements
+
+<!-- BEGIN NON_FUNCTIONAL_REQUIREMENTS -->
+| ID | Requirement | Scope | Source | Verification |
+|----|-------------|-------|--------|--------------|
+| SRS-NFR-01 | The command contract must be deterministic and replayable so the same mission request payload produces the same semantic result across automation callers. | SCOPE-02 | NFR-01 | manual |
+<!-- END NON_FUNCTIONAL_REQUIREMENTS -->

.keel/epics/VG6ggSPFR/README.md

@@ -23,7 +23,8 @@ mission: VG6d7m4m9
 ## Voyages
 
 <!-- BEGIN GENERATED -->
-**Progress:** 0/0 voyages complete, 0/0 stories done
+**Progress:** 0/1 voyages complete, 0/1 stories done
 | Voyage | Status | Stories |
 |--------|--------|---------|
+| [Define Mission Request Ingress Replay And Acknowledgement](voyages/VG7sCmWrK/) | planned | 0/1 |
 <!-- END GENERATED -->

.keel/epics/VG6ggSPFR/voyages/VG7sCmWrK/README.md

@@ -0,0 +1,34 @@
+---
+# system-managed
+id: VG7sCmWrK
+status: planned
+epic: VG6ggSPFR
+created_at: 2026-04-07T10:09:41
+# authored
+title: Define Mission Request Ingress Replay And Acknowledgement
+index: 1
+updated_at: 2026-04-07T10:11:19
+---
+
+# Define Mission Request Ingress Replay And Acknowledgement
+
+> Define Keeper replayable ingress and acknowledgement behavior for formal mission requests
+
+## Documents
+
+<!-- BEGIN DOCUMENTS -->
+| Document | Description |
+|----------|-------------|
+| [SRS.md](SRS.md) | Requirements and verification criteria |
+| [SDD.md](SDD.md) | Architecture and implementation details |
+<!-- END DOCUMENTS -->
+
+## Stories
+
+<!-- BEGIN GENERATED -->
+**Progress:** 0/1 stories complete
+
+| Title | Type | Status |
+|-------|------|--------|
+| [Specify GitHub Request Revision And Acknowledgement Rules](../../../../stories/VG7sFBnRR/README.md) | feat | backlog |
+<!-- END GENERATED -->

.keel/epics/VG6ggSPFR/voyages/VG7sCmWrK/SDD.md

@@ -0,0 +1,86 @@
+# Define Mission Request Ingress Replay And Acknowledgement - Software Design Description
+
+> Define Keeper replayable ingress and acknowledgement behavior for formal mission requests
+
+**SRS:** [SRS.md](SRS.md)
+
+## Overview
+
+This voyage defines Keeper’s first provider-ingress lifecycle for formal mission
+requests. The design makes GitHub issue activation the first provider path while
+keeping the normalized ingress model replayable and cleanly separated from the
+native Keel command surface.
+
+## Context & Boundaries
+
+### In Scope
+
+- GitHub issue activation detection
+- normalized ingress record and revision behavior
+- retry and acknowledgement ownership boundaries
+
+### Out of Scope
+
+- non-GitHub providers
+- cryptographic transport hardening
+- direct mutation of planning state by provider adapters
+
+### External Actors
+
+- GitHub issues as provider artifacts
+- Keeper ingress worker
+- native `keel mission request` commands
+
+## Dependencies
+
+| Dependency | Type | Purpose | Version/API |
+|------------|------|---------|-------------|
+| GitHub issue activation format | External contract | First provider activation signal | Title/body schema |
+| Canonical mission request commands | Internal contract | Native Keel mutation and validation surface | CLI contract |
+| Keeper ingress runtime | Internal service | Polling, normalization, retry, and acknowledgement orchestration | Keeper architecture |
+
+## Key Decisions
+
+| Decision | Choice | Rationale |
+|----------|--------|-----------|
+| Versioned ingress records | Represent provider edits and retries as canonical revisions | Keeps replay and deduplication explicit |
+| Provider-owned acknowledgements | Keeper owns transport-facing comments/status updates | Preserves the Keel/Keeper split |
+| GitHub-first, not GitHub-only | Use GitHub issue activation as the first adapter on top of a generic ingress model | Avoids locking the model to one provider |
+
+## Architecture
+
+The ingress design has three layers:
+- provider detection: recognize formal GitHub mission request activations
+- normalization and revisioning: convert provider payloads into canonical request revisions
+- acknowledgement orchestration: decide when Keeper emits provider-facing acknowledgements versus calling native Keel commands
+
+## Components
+
+- Activation detector: matches the formal title prefix and required body sections.
+- Revision normalizer: produces canonical request revisions and deduplicates retries.
+- Keel command bridge: calls native mission-request commands for validation, draft, and apply behavior.
+- Acknowledgement renderer: prepares provider-facing acknowledgement content from canonical outcomes.
+
+## Interfaces
+
+- Provider input: GitHub issue title, body, metadata, and edit history.
+- Normalized ingress record: canonical request plus revision metadata and replay identity.
+- Command bridge output: success, validation failure, or execution failure from native Keel commands.
+- Provider acknowledgement output: comment/status payloads owned by Keeper.
+
+## Data Flow
+
+1. Keeper reads a GitHub issue candidate.
+2. Activation detection validates the formal mission request prefix and body shape.
+3. The normalizer emits a canonical request revision and deduplicates retries.
+4. Keeper invokes native mission-request commands with the canonical payload.
+5. Keeper renders a provider-facing acknowledgement from the canonical result.
+
+## Error Handling
+
+| Error Condition | Detection | Response | Recovery |
+|-----------------|-----------|----------|----------|
+| Issue title/body do not satisfy activation format | Activation detector | Ignore or mark as invalid request candidate | Provider edits request into valid form |
+| Provider edit changes a previously ingested request | Revision normalizer | Emit a new canonical revision | Keeper re-runs validation/draft/apply as configured |
+| Duplicate delivery or retry arrives | Replay identity check | Reuse the existing canonical revision outcome | No duplicate planning mutation |
+| Provider acknowledgement fails after Keel processing | Transport response failure | Preserve canonical command outcome and surface retryable provider error | Keeper retries acknowledgement without replaying planning mutation |

.keel/epics/VG6ggSPFR/voyages/VG7sCmWrK/SRS.md

@@ -0,0 +1,37 @@
+# Define Mission Request Ingress Replay And Acknowledgement - SRS
+
+## Summary
+
+Epic: VG6ggSPFR
+Goal: Define Keeper replayable ingress and acknowledgement behavior for formal mission requests
+
+## Scope
+
+### In Scope
+
+- [SCOPE-01] Define how Keeper detects and versions formal GitHub mission requests as canonical ingress events.
+- [SCOPE-02] Define how normalized request revisions, retries, and acknowledgements remain replayable.
+- [SCOPE-03] Define the split between provider-side acknowledgement behavior and native Keel mission-request command invocation.
+
+### Out of Scope
+
+- [SCOPE-90] Non-GitHub provider adapters.
+- [SCOPE-91] Low-level cryptographic attestation or backend audit proofs.
+
+## Functional Requirements
+
+<!-- BEGIN FUNCTIONAL_REQUIREMENTS -->
+| ID | Requirement | Scope | Source | Verification |
+|----|-------------|-------|--------|--------------|
+| SRS-01 | Keeper must define a canonical rule for recognizing an activated GitHub mission request and lowering the title/body plus provider metadata into a versioned canonical request record. | SCOPE-01 | FR-01 | manual |
+| SRS-02 | The ingress contract must define how edits, retries, and duplicate deliveries are represented so replay does not create ambiguous planning mutations. | SCOPE-02 | FR-01 | manual |
+| SRS-03 | The ingress contract must define which acknowledgement outputs belong to Keeper as provider-facing transport behavior and which belong to native Keel mission-request commands. | SCOPE-03 | FR-01 | manual |
+<!-- END FUNCTIONAL_REQUIREMENTS -->
+
+## Non-Functional Requirements
+
+<!-- BEGIN NON_FUNCTIONAL_REQUIREMENTS -->
+| ID | Requirement | Scope | Source | Verification |
+|----|-------------|-------|--------|--------------|
+| SRS-NFR-01 | Ingress normalization and acknowledgement behavior must remain deterministic enough to support audit, replay, and operator reasoning across repeated deliveries. | SCOPE-02 | NFR-01 | manual |
+<!-- END NON_FUNCTIONAL_REQUIREMENTS -->

.keel/stories/VG7sCeakR/README.md

@@ -0,0 +1,28 @@
+---
+# system-managed
+id: VG7sCeakR
+status: backlog
+created_at: 2026-04-07T10:09:41
+updated_at: 2026-04-07T10:11:18
+# authored
+title: Specify Mission Request IO And Failure Semantics
+type: feat
+operator-signal:
+scope: VG6ggE3ud/VG7sBGWN6
+index: 1
+---
+
+# Specify Mission Request IO And Failure Semantics
+
+## Summary
+
+Author the first executable slice of the mission-request command contract by
+defining the canonical request envelope, caller input rules, and the stable
+success and failure semantics automation depends on.
+
+## Acceptance Criteria
+
+- [ ] [SRS-01/AC-01] Canonical request envelope fields and transport-neutral caller inputs are specified for `template`, `parse`, and `validate`. <!-- verify: manual, SRS-01:start:end -->
+- [ ] [SRS-02/AC-01] Stable caller-visible success, validation-failure, and execution-failure semantics are specified for the command family. <!-- verify: manual, SRS-02:start:end -->
+- [ ] [SRS-03/AC-01] Required, derivable, and optional mission request fields are explicitly defined for automation callers. <!-- verify: manual, SRS-03:start:end -->
+- [ ] [SRS-NFR-01/AC-01] The contract preserves deterministic and replayable semantics for identical request payloads. <!-- verify: manual, SRS-NFR-01:start:end -->