Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.gitignore:
- Line 24: Remove the .gitignore exception for .vscode/settings.json or replace
the hardcoded Unix path in that settings file (/tmp/echo-rust-analyzer-target)
with a cross-platform solution: either use a relative path (e.g.,
target/rust-analyzer) or reference an environment-variable fallback (e.g.,
${RA_TARGET_DIR}) so Windows users aren’t broken; then update CONTRIBUTING.md to
document the chosen approach and any editor setup steps and expected optional vs
committed settings so contributors know whether to commit their .vscode settings
or keep local overrides.

In @.vscode/settings.json:
- Around line 2-4: Replace the absolute /tmp path in the rust-analyzer config so
it is repository-relative and portable: update the
"rust-analyzer.cargo.extraEnv" entry to set CARGO_TARGET_DIR to a repo-local
directory name (e.g. "target-ra") instead of "/tmp/echo-rust-analyzer-target" to
avoid platform, collision and permission issues; also add the chosen directory
(e.g. target-ra/) to .gitignore near the existing target-* entries so build
artifacts are not committed.

In `@crates/echo-runtime-schema/src/lib.rs`:
- Around line 75-89: WorldlineId exposes as_bytes() but lacks a symmetric
constructor like HeadId::from_bytes, forcing callers to construct it via the
public tuple field; add a const constructor WorldlineId::from_bytes(bytes:
RuntimeIdBytes) -> Self to provide a stable API surface matching HeadId and make
construction explicit and ergonomic alongside the existing as_bytes() method.

In `@crates/echo-wasm-abi/Cargo.toml`:
- Line 21: The Cargo.toml for echo-wasm-abi is forwarding the crate feature
"std" to serde, ciborium and half but not to echo-runtime-schema, so when
building with --features std the schema crate still compiles no-std; fix this by
updating the echo-runtime-schema dependency entry in Cargo.toml to enable its
std feature (mirror how serde/ciborium/half are forwarded) — e.g. change the
echo-runtime-schema declaration to include features = ["std"] (and workspace =
true as already present) so the schema types compile with std when the crate's
std feature is enabled.

In `@schemas/runtime/artifact-b-routing-and-admission.graphql`:
- Around line 111-114: The schema's InboxPolicyBudgeted.maxPerTick field is
documented to be positive but uses plain Int, so enforce the positivity either
by introducing/using a PositiveInt custom scalar in the schema and replacing
maxPerTick: Int! with maxPerTick: PositiveInt! (and add its implementation), or
add explicit runtime validation in the resolver/input handling for the
InboxPolicyBudgeted type that throws a GraphQLError when maxPerTick <= 0;
reference the type name InboxPolicyBudgeted and the field name maxPerTick when
making the change so callers/validators are updated accordingly.

In `@scripts/generate-dependency-dags.js`:
- Around line 562-565: The fallback never runs because parseArgs sets
args.tasksDagPath to the string "TASKS-DAG.md"; update the parseArgs option for
--tasks-dag (the default value for tasksDagPath) to undefined (or remove the
default) so args.tasksDagPath is nullish when the flag is not provided, and keep
the existing tasksDagPath resolution using: const tasksDagPath =
path.resolve(process.cwd(), args.tasksDagPath ??
path.join("docs","archive","tasks","TASKS-DAG.md")); this ensures the fallback
to docs/archive/tasks/TASKS-DAG.md is used.

In `@scripts/verify-local.sh`:
- Around line 710-717: The loop variable name md_file is misleading because the
loop iterates CHANGED_FILES looking for .graphql/.mjs files; rename md_file to a
clearer identifier like changed_file or file_in_changes inside the while loop
and update all references (the case pattern matching and any uses that set
should_validate_runtime_schema) so the logic remains identical but the variable
name accurately reflects it (look for occurrences of CHANGED_FILES, md_file, and
should_validate_runtime_schema to update).
- Around line 732-735: The script calls "node
scripts/validate-runtime-schema-fragments.mjs" when the variable
should_validate_runtime_schema is set but does not verify Node is installed;
update the if-block that checks should_validate_runtime_schema to first verify
Node is available (e.g., use a command existence check against "node"), and if
missing print a clear error and exit non‑zero before attempting to run
validate-runtime-schema-fragments.mjs; reference the existing
should_validate_runtime_schema check and the node invocation so you modify that
branch only.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/echo-runtime-schema/src/lib.rs`:
- Around line 76-89: Make WorldlineId's inner field private (remove pub from the
tuple field) and add a constructor method
WorldlineId::from_bytes(RuntimeIdBytes) -> Self (preferably const fn) that
constructs the new opaque id; keep the existing as_bytes(&self) returning
&RuntimeIdBytes. This mirrors HeadId's opacity and provides a canonical factory
to replace direct tuple construction (update tests and call sites from
WorldlineId([...]) to WorldlineId::from_bytes([...])). Ensure all references use
the new constructor and that RuntimeIdBytes remains the parameter/return type.

In `@scripts/generate-dependency-dags.js`:
- Around line 173-175: The fallback date label uses local-time formatting via
formatDateYYYYMMDD(new Date()), causing non-deterministic labels across
timezones; change this to produce a UTC-based date string instead—either update
formatDateYYYYMMDD to use getUTCFullYear/getUTCMonth/getUTCDate or call a new
UTC-aware helper (e.g., formatDateYYYYMMDDUTC) from the fallback assignment that
uses new Date() but formats with UTC methods; ensure the code referencing
generatedAt and the fallback const still returns { mode: "date", label:
<UTC-formatted-string> } so snapshot labels are consistent across environments.

In `@tests/hooks/test_dependency_dags.sh`:
- Line 92: The test's grep is brittle because it looks for the exact attribute
ordering 'i1 -> i2 \[color="red"' in tests/hooks/test_dependency_dags.sh; change
the check that uses that literal grep to a more flexible pattern that matches an
edge line for "i1 -> i2" with a bracketed attribute list that contains
color="red" anywhere (e.g., use a regex like i1 -> i2 \[[^]]*color="red"[^]]*\]
or equivalent POSIX/egrep form) so the assertion no longer depends on attribute
ordering while still verifying the color attribute is present.
- Around line 88-91: Before invoking node on scripts/generate-dependency-dags.js
in the temp workspace ($tmpdir), create a package.json that sets the module type
so Node treats files as ESM; add a step to write a package.json with
{"type":"module"} into $tmpdir (i.e., create the file in the same block that cds
into "$tmpdir" before running node scripts/generate-dependency-dags.js
>"$output_file" 2>&1) so the import-based script runs under ESM semantics.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CONTRIBUTING.md`:
- Line 106: Replace the machine-specific absolute path
"/Users/james/git/echo/.vscode/settings.json" in the CONTRIBUTING.md sentence
with a repo-relative link to the tracked config, e.g. use
[.vscode/settings.json] (or ./ .vscode/settings.json) so the link works for all
users and does not expose a local filesystem path.

In `@crates/ttd-browser/src/lib.rs`:
- Around line 1206-1210: Update the wasm32 test accessors to match the new
WorldlineId API: replace any use of tuple-field access like wl.0 with the new
method call *wl.as_bytes(). Specifically, change occurrences in
wasm_tests::test_parse_helpers (and related wasm32 tests) that read wl.0 to use
*wl.as_bytes(), and adjust test_parse_worldline_id_inner_valid expectations to
remain consistent with that API.

In `@crates/warp-core/src/provenance_store.rs`:
- Line 2564: Multiple fork tests repeat the literal [99u8; 32] when constructing
WorldlineId via WorldlineId::from_bytes([99u8; 32]); introduce a single test
fixture (either a const like TEST_WORLDLINE_BYTES: [u8; 32] = [99u8; 32] or a
helper fn like test_worldline_id() -> WorldlineId that calls
WorldlineId::from_bytes(TEST_WORLDLINE_BYTES)) and replace each occurrence of
WorldlineId::from_bytes([99u8; 32]) (seen in the file where
WorldlineId::from_bytes is used around the fork tests) with the shared
constant/helper to avoid duplication and reduce drift risk.

In `@schemas/runtime/artifact-a-identifiers.graphql`:
- Around line 49-55: The PositiveInt scalar currently only guarantees "greater
than zero" but must be documented to map to Rust's u32 range; update the
mapping/docs for PositiveInt to explicitly state it represents the full u32
range (1–4,294,967,295) and note that cycle_limit (Option<u32>) and fields
cycleLimit / maxPerTick consume this scalar, so generators that treat GraphQL
Int as 32-bit signed need the explicit u32 upper-bound to accept values above
2,147,483,647; reference PositiveInt, cycle_limit, cycleLimit, maxPerTick and
Option<u32> in the doc update.

In `@schemas/runtime/artifact-b-routing-and-admission.graphql`:
- Around line 67-69: Unify the field name for the exact-head coordinate across
the schema by renaming ExactHeadTarget.key to match IngressTargetInput.headKey
(or vice versa) before the schema freeze; update the GraphQL type definitions
(e.g., ExactHeadTarget and IngressTargetInput) so both use the identical field
name (headKey or key), adjust any associated input/output types and usages in
the same file (including the occurrences around lines 84-89), and ensure all
references, resolvers, and generated DTO/mapper expectations are updated
accordingly so the schema is consistent.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/echo-runtime-schema/README.md`:
- Around line 18-19: Update the README sentence about serde feature gating to
reflect the crate's default behavior: state that serde derives are feature-gated
and consumers must enable the crate's `serde` feature unless they are using the
crate with default features enabled (or unless they compile with
`default-features = false` to force explicit opt-in); reference the `serde`
feature name and the `default-features = false` flag so readers know when
explicit enabling is required.

In `@crates/echo-runtime-schema/src/lib.rs`:
- Around line 79-80: WorldlineId and HeadId newtypes currently use
#[serde(transparent)] which serializes the inner [u8;32] as a 32-element integer
array instead of a byte string; implement explicit serde::Serialize and
serde::Deserialize for WorldlineId and HeadId to serialize/deserialze as
canonical bytes(32) (e.g., as a 32-byte byte string for CBOR/JSON) and update
WriterHeadKey usage to rely on those impls; add a unit test that serializes and
deserializes WorldlineId and HeadId (and a WriterHeadKey instance) to verify
round-trip produces the spec-compliant bytes(32) representation.

In `@crates/echo-wasm-abi/src/lib.rs`:
- Around line 519-535: The test test_worldline_id_rejects_non_32_byte_payloads
only checks a 31-byte underflow; add a symmetric overlong case to ensure
deserialization rejects >32 bytes too by constructing a CBOR map with "id" set
to 33 bytes and asserting decode_cbor::<Wrapper>(&bytes).unwrap_err() contains
"32 bytes"; modify the test (which uses WorldlineId and Wrapper and calls
decode_cbor) to include both the 31-byte and 33-byte failure assertions to pin
strict 32-byte enforcement from both sides.

In `@crates/warp-wasm/src/warp_kernel.rs`:
- Around line 170-176: The helpers parse_worldline_id and parse_head_id are not
parsers and should be renamed to to_core_worldline_id and to_core_head_id (or
similar) to reflect direct conversion; change their signatures to return
WorldlineId and HeadId directly (no Result) by returning
WorldlineId::from_bytes(*worldline_id.as_bytes()) and
HeadId::from_bytes(*head_id.as_bytes()); likewise rename and change
parse_head_key (and the similar function referenced around lines 460-464) to
to_core_head_key and return the HeadKey directly instead of Result, and update
all call sites (including the call at the former line 439) to remove dead error
handling/unwraps accordingly.

In `@docs/dependency-dags.md`:
- Line 89: The docs line referencing the scheduled workflow uses incorrect
platform casing; update the sentence that mentions
`.github/workflows/refresh-dependency-dags.yml` so the platform name reads
"GitHub" instead of "GITHUB" (search for the Generator line mentioning
`scripts/generate-tasks-dag.js` and
`.github/workflows/refresh-dependency-dags.yml` in docs/dependency-dags.md and
replace the uppercase token with the proper "GitHub" casing).

In `@docs/plans/phase-8-runtime-schema-conformance.md`:
- Around line 127-133: Update the blocker paragraph to reflect the current
typed-id migration: remove or reword the claim that `HeadId`, `WorldlineId`, and
`WriterHeadKey` are still exposed as raw `Vec<u8>` and instead list only the
actual runtime schema types that remain as raw byte vectors (if any); reference
the typed ABI wrappers for `HeadId`, `WorldlineId`, and `WriterHeadKey` so the
note is narrowed to the true remaining raw-byte ids and mark the previous
statement as stale/updated to avoid misleading the audit.

In `@docs/plans/phase-8-schema-freeze-inventory.md`:
- Around line 97-105: Artifact A's identifier list omits WorldlineId, causing
inconsistency with the Phase 8 freeze candidates and downstream artifacts;
update the Artifact A identifier enumeration (the block listing HeadId,
WriterHeadKey, IntentKind, WorldlineTick, GlobalTick) to include WorldlineId so
the artifact definition matches the freeze candidate set and downstream
dependencies that reference WorldlineId.

In `@scripts/validate-runtime-schema-fragments.mjs`:
- Around line 70-88: The script currently hard-codes spawning "npx" (see the
spawnSync call that runs prettier) which breaks pnpm-only environments; change
the launcher resolution to try a cascade: first "npx", then "pnpm exec", and
finally fall back to the local node_modules/.bin prettier executable if present,
using the same args and input so pnpm users can run the check. Also fix
extractTypeNames (the function that parses GraphQL field type expressions) so it
stops parsing when it encounters directive markers (@) and ignores text inside
string literals (respecting quoted boundaries), ensuring identifiers inside
directives or strings aren't collected as type names; update the
tokenization/state machine in extractTypeNames to exit on '@' and to treat
quoted strings as atomic tokens.
- Around line 112-147: The current sanitizeLines and extractTypeNames
implementations are brittle string-based heuristics; replace them by parsing the
SDL with a GraphQL parser (e.g., graphql-js parse/visit) and derive the
information from the AST: use parse(source, { noLocation: false }) to get
DocumentNode, iterate DocumentNode.definitions to collect type/operation
definitions (replacing sanitizeLines' role) and use a visitor to collect
NamedType nodes (replacing extractTypeNames) while ignoring descriptions,
comments and directive argument content; ensure you import and use graphql's
parse/visit functions, return the same shape expected by downstream code, and
remove the fragile line-based logic in sanitizeLines and extractTypeNames.

In `@tests/hooks/test_dependency_dags.sh`:
- Around line 98-103: The test currently calls fail and then immediately cats
"$tmpdir/docs/assets/dags/issue-deps.dot", which under set -e can hide the
original assertion if the DOT file is missing; change the branch so that after
the grep condition fails you first call fail with a clear message and only
attempt to dump the DOT file conditionally (e.g. check for existence or make the
cat a non-failing operation) to avoid a secondary “file not found” error; target
the block that references "$tmpdir/docs/assets/dags/issue-deps.dot" and the grep
check (the if grep -Eq ... then ... else ... fi) and ensure the fail() call runs
before any optional diagnostic dump or that the dump is guarded so it cannot
cause the test to exit with a different error.

---

Duplicate comments:
In `@crates/echo-runtime-schema/src/lib.rs`:
- Around line 19-27: The public tuple field on counters created by the
logical_counter! macro exposes the u64 representation and bypasses helpers;
change the macro so the generated pub struct $name has a private field (e.g.,
struct $name(u64)) and expose a documented public API: a checked constructor
from_raw(...) and an accessor as_u64() (or similar) and ensure both functions
have rustdoc comments describing invariants/usage; update any existing impls or
derives inside logical_counter! to use the private field and refer to these
helpers so external crates must use from_raw/as_u64 rather than accessing the
raw u64 directly.

In `@crates/ttd-browser/src/lib.rs`:
- Around line 1206-1209: Update the wasm32 test in
wasm_tests::test_parse_helpers to stop using the old private-field accessor on
WorldlineId (wl.0) and use the public accessor instead: call
parse_worldline_id_inner (or reuse the existing test variable wl) and assert
against *wl.as_bytes() similarly to the native test; replace any occurrence of
wl.0 with *wl.as_bytes() so the opaque WorldlineId is accessed via its
as_bytes() method.

In `@docs/plans/phase-8-runtime-schema-conformance.md`:
- Around line 85-87: The doc incorrectly states that InboxPolicy::Budgeted {
max_per_tick: u32 } maps cleanly to GraphQL maxPerTick: Int! — GraphQL Int is a
signed 32-bit value with range -2,147,483,648 to 2,147,483,647, so update the
text to either (a) explicitly call out the 2,147,483,647 positive ceiling and
note the semantic validation required for u32 values above that, or (b) change
the schema to use a constrained/custom scalar or validation rule that limits
maxPerTick to <= 2,147,483,647 (and document that constraint) so the mapping is
accurate; reference InboxPolicy::Budgeted, max_per_tick and maxPerTick in the
update.

In `@schemas/runtime/artifact-b-routing-and-admission.graphql`:
- Around line 67-69: The ExactHeadTarget GraphQL type uses inconsistent field
names for the same coordinate (field "key" on ExactHeadTarget vs "headKey"
elsewhere); pick one canonical name (e.g., headKey) and update all schema
definitions and related input/output types so the field name is identical across
ExactHeadTarget and every related type (including the other occurrence at lines
84–89 referenced in the review), then regenerate DTOs/mappers/docs so the symbol
ExactHeadTarget and any usages reference the chosen field name uniformly.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/echo-runtime-schema/src/lib.rs`:
- Around line 214-228: Add serde sequence-path regression tests exercising
RuntimeIdVisitor::visit_seq: add one acceptance test that deserializes a
32-element sequence of u8 values into the expected [u8; 32] (round-trip or
direct deserialization asserting Ok) and one rejection test that attempts to
deserialize a 33-element sequence and asserts an Err with invalid_length; target
the same module that defines RuntimeIdVisitor (the code around fn visit_seq and
the RuntimeIdVisitor type) so the sequence-based path is exercised in addition
to the existing CBOR byte-string tests.

In `@crates/echo-wasm-abi/src/lib.rs`:
- Around line 484-545: Add tests mirroring the WorldlineId CBOR checks for
HeadId to prevent drift: create a round-trip CBOR test (e.g.,
test_head_id_round_trip_uses_cbor_bytes) that encodes a small Wrapper struct
containing HeadId::from_bytes([7u8;32]) and asserts the CBOR map stores
Value::Bytes(32) and that decoding yields the same HeadId, and create a
rejection test (e.g., test_head_id_rejects_non_32_byte_payloads) that tries to
decode 31- and 33-byte Value::Bytes payloads into a Wrapper and asserts the
errors mention "32 bytes"; also add equivalent tests for the types that embed
HeadId (WriterHeadKey and ControlIntentV1::SetHeadEligibility) following the
same round-trip and 31/33-byte rejection patterns so all wrappers enforce the
exact-32-byte invariant.

In `@docs/plans/phase-8-schema-freeze-inventory.md`:
- Around line 44-46: The docs omitted the scalar PositiveInt from the frozen
supporting-types list and affected artifacts; add PositiveInt to the list of
supporting types alongside WorldlineId/InboxAddress/etc., include it in the
candidate table of frozen types, and ensure Artifact A (the identifiers
artifact) explicitly declares the PositiveInt scalar so Artifact B (the
routing/admission artifact) that references InboxPolicyBudgeted.maxPerTick and
InboxPolicyInput.maxPerTick is fully specified; update the three affected
sections (supporting-type summary, candidate table, and Artifact A description)
to mention PositiveInt.

In `@package.json`:
- Line 13: The project has duplicated invocation paths for the runtime schema
validator: the npm script "schema:runtime:check" and the shell wrapper in
scripts/verify-local.sh; consolidate by having scripts/verify-local.sh call the
npm script instead of invoking the validator directly (or remove the
package.json script if you prefer the shell wrapper), e.g., update
verify-local.sh to run npm run schema:runtime:check (or yarn run
schema:runtime:check) where it currently shells into
scripts/validate-runtime-schema-fragments.mjs so there is a single canonical
entrypoint named "schema:runtime:check".

In `@schemas/runtime/artifact-a-identifiers.graphql`:
- Around line 17-23: Update the WorldlineId scalar documentation to specify it
is a fixed-width, 32-byte (256-bit) hash-backed opaque identifier (similar to
HeadId): state that implementations MUST produce and accept exactly 32 bytes and
that generators should treat it as a 32-byte hash value; update the semantic
rule paragraph for WorldlineId to explicitly require the 32-byte invariant and
mention any canonical encoding (e.g., raw bytes or hex) expected by the
runtime/ABI so consumers like generators have an unambiguous contract.

---

Duplicate comments:
In `@docs/plans/phase-8-runtime-schema-conformance.md`:
- Around line 56-59: The table entry for `HeadId` is stale and contradicts the
blocker section; update the table row(s) so they state that the ABI now carries
typed wrappers for `HeadId`, `WorldlineId`, and `WriterHeadKey` (remove any
claim that the ABI keeps a byte DTO) to match the later text and current code in
`crates/echo-wasm-abi/src/lib.rs` and `crates/warp-wasm/src/warp_kernel.rs`;
ensure both the `HeadId` and `WorldlineId` rows (and the similar rows at
127-132) reflect the "Aligned" status with typed ABI wrappers and adjust the
Notes column to reference consumption by the listed crates.

In `@scripts/validate-runtime-schema-fragments.mjs`:
- Around line 75-79: Change the Prettier resolution order to prefer the
workspace-pinned binary first: put the entry that uses localPrettier
(requireExists: true) at the front of the candidates array, followed by the pnpm
exec entry, and leave the npx entry last (use npx with --no-install as a safe
fallback). Update every place where the candidates array is defined (the
instances around the current candidates declaration and the other occurrences
referenced in the review: the blocks covering lines ~85-97 and ~111-119) so they
all use the same ordering (localPrettier, pnpm exec, then npx) to ensure
deterministic formatter resolution.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/ROADMAP/backlog/tooling-misc.md`:
- Around line 397-445: Update the "T-10-8-10: Feature-Gate Contract
Verification" task spec to mandate the maintenance entrypoint be a cargo xtask
command (e.g., "cargo xtask feature-gate-verify") by adding that shape to the
Requirements (R2) and Acceptance Criteria (AC1) so the verification is
implemented under the repo's xtask surface; apply the same change to the other
backlog item in this document so both tasks explicitly require a cargo xtask
entrypoint and mention xtask/ and .cargo/config.toml as the expected
location/configuration.

In `@scripts/generate-tasks-dag.js`:
- Line 10: INPUT_FILE is currently used both for reading the filesystem and for
emitting DOT labels, which causes Windows backslashes to be escaped and produce
non-deterministic output; fix by separating the two concerns: keep a
filesystem-native path (e.g., INPUT_FILE_FS = path.join(...)) for fs operations
and create a POSIX-normalized display path (e.g., INPUT_FILE_DISPLAY =
path.posix.join(...) or use path.posix.normalize) for any DOT label emission
passed into escapeDotString(), and update all places that emit file paths to use
INPUT_FILE_DISPLAY (including the similar uses around the escapeDotString()
calls referenced in the 175-185 area).

In `@scripts/validate-runtime-schema-fragments.mjs`:
- Around line 11-17: DEFINITION_KIND_NAMES currently omits GraphQL interfaces so
nodes with kind "InterfaceTypeDefinition" won't be recognized; update the
DEFINITION_KIND_NAMES Map (the constant named DEFINITION_KIND_NAMES in
scripts/validate-runtime-schema-fragments.mjs) to include
["InterfaceTypeDefinition", "interface"] so interface definitions are collected
like other types and won't trigger false missing-type errors.

---

Duplicate comments:
In `@crates/echo-runtime-schema/src/lib.rs`:
- Around line 214-228: Add unit tests that cover the sequence-path in visit_seq
by deserializing array forms into WorldlineId and HeadId: construct a
serde_cbor/serde Value::Array (or equivalent CBOR array bytes) containing
exactly 32 u8 elements, call the crate's Deserialize (e.g.,
deserialize/from_slice) for WorldlineId and HeadId and assert success and
equality to the expected 32-byte value; then construct a 33-element u8 array and
assert deserialization fails with de::Error::invalid_length (or results in an
Err matching invalid_length). Reference the visit_seq implementation and
exercise WorldlineId and HeadId deserialization to ensure both the valid-32 and
invalid-33 paths are covered.

In `@crates/echo-wasm-abi/src/lib.rs`:
- Around line 441-545: Add direct tests for HeadId (and WriterHeadKey if
desired) mirroring the WorldlineId tests: create a Wrapper struct containing a
HeadId, assert CBOR round-trip serializes as Value::Bytes(32 bytes) and decodes
back to the same HeadId (like test_worldline_id_round_trip_uses_cbor_bytes), and
add negative cases that feed 31- and 33-byte Value::Bytes payloads and assert
decoding fails with an error mentioning "32 bytes" (like
test_worldline_id_rejects_non_32_byte_payloads). Locate the test additions near
the existing WorldlineId tests and reference HeadId::from_bytes, WriterHeadKey
(for nested tests), and any existing SetHeadEligibility assertions to ensure
symmetric coverage.

In `@crates/ttd-browser/src/lib.rs`:
- Around line 1206-1209: The wasm32 test helper wasm_tests::test_parse_helpers
still accesses the old tuple field (wl.0) of WorldlineId; update it to use the
current API (call as_bytes() on the WorldlineId result) consistent with the
native test changes: locate parse_worldline_id_inner and the
wasm_tests::test_parse_helpers reference to wl.0, change the access to use
wl.unwrap().as_bytes() (or call as_bytes() on the unwrapped WorldlineId) so the
wasm test uses the new WorldlineId API.

In `@docs/plans/phase-8-schema-freeze-inventory.md`:
- Around line 97-106: The docs list for "Artifact A: Runtime identifiers and
logical counters" forgot to include the PositiveInt scalar defined alongside
other identifiers in artifact-a-identifiers.graphql; update the enumeration
under Artifact A to include `PositiveInt` (alongside `HeadId`, `WorldlineId`,
`WriterHeadKey`, `IntentKind`, `WorldlineTick`, `GlobalTick`) and ensure the
source reference to artifact-a-identifiers.graphql explicitly mentions
PositiveInt so the schema and docs remain in sync.
- Around line 44-46: The supporting-type list omitted the PositiveInt scalar
used by InboxPolicyBudgeted.maxPerTick; update the supporting types to include
PositiveInt so the runtime freeze plan accounts for the scalar referenced in
artifact-a-identifiers.graphql (used by
artifact-b-routing-and-admission.graphql) and ensure any mention of
InboxPolicyBudgeted.maxPerTick is covered by the added PositiveInt entry.

In `@package.json`:
- Line 13: Consolidate the runtime schema validation by changing calls in
verify-local.sh to invoke the new package script instead of the validator file
directly: replace any direct invocation of
scripts/validate-runtime-schema-fragments.mjs (e.g., node
scripts/validate-runtime-schema-fragments.mjs) with a call to the package script
"pnpm run schema:runtime:check" so the canonical entrypoint is
schema:runtime:check and the validator path is not duplicated.

In `@schemas/runtime/artifact-a-identifiers.graphql`:
- Around line 8-15: Update the scalar docs to explicitly freeze the ABI width:
change the HeadId and WorldlineId docblocks to state they are exact 32-byte
(256-bit) opaque identifiers and must be encoded/handled as fixed 32-byte values
(not variable-length strings or byte arrays). Locate the scalar definitions for
HeadId and WorldlineId in this file (symbols HeadId and WorldlineId) and replace
the current vague "fixed-width hash-backed identifier" wording with a precise
sentence such as "This is an opaque, ABI-fixed 32-byte identifier; consumers
must preserve opacity and treat it as exactly 32 bytes." Apply the same precise
wording to both docblocks so generators cannot model them as variable-length.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/echo-runtime-schema/src/lib.rs`:
- Line 35: The struct currently exposes its inner counter as pub (pub struct
$name(pub u64)), allowing callers to bypass checked arithmetic; change the inner
field to private (e.g., pub struct $name(u64)) and ensure all external access
uses the existing from_raw and as_u64 functions (or associated methods) as the
documented escape hatches; update any constructors or direct field accesses in
code to call $name::from_raw(...) and use .as_u64() instead of referencing .0 so
all arithmetic goes through the checked-arithmetic API boundary.

In `@docs/guide/cargo-features.md`:
- Around line 80-90: The documentation snapshot metadata at the top still reads
"generated as of 2026-03-07" and is now stale; update that generated-snapshot
date string to the current correct date to match the new `echo-runtime-schema`
section content (search for the literal "generated as of 2026-03-07" in
docs/guide/cargo-features.md and replace it with the updated date), ensuring the
snapshot date reflects when the file was regenerated.

In `@docs/plans/phase-8-schema-freeze-inventory.md`:
- Around line 97-106: The Artifact A documentation list is missing the
scalar/type PositiveInt; update the Artifact A inventory to include
`PositiveInt` alongside HeadId, WorldlineId, WriterHeadKey, IntentKind,
WorldlineTick, and GlobalTick so that the listing matches the definition in
artifact-a-identifiers.graphql (where PositiveInt is declared) and reflects its
use (PositiveInt!) in artifact-b and artifact-d.

In `@schemas/runtime/artifact-d-scheduler-results.graphql`:
- Around line 91-100: The SchedulerStatus type lacks in-schema documentation of
nullability semantics for fields clients branch on; update the SchedulerStatus
definition (fields: activeMode, runId, latestCycleGlobalTick,
latestCommitGlobalTick, lastQuiescentGlobalTick, lastRunCompletion) to include
short GraphQL field descriptions that state what a null vs non-null value means
(e.g., null = scheduler inactive, null = pre-first-run, null = impossible given
current state), and if any field should be non-null by invariant, make its type
non-nullable (or explicitly document why it can be null) so the SDL itself
encodes the state-coupled behavior alongside the field (use GraphQL description
strings or comments directly above each field in the SchedulerStatus type).

---

Duplicate comments:
In `@crates/echo-runtime-schema/src/lib.rs`:
- Around line 164-170: Add unit tests that assert decoding rejects non-canonical
lengths: add cases that attempt to deserialize 31-byte and 33-byte byte strings
and 32-element and 33-element u8 sequences to ensure decode_runtime_id() and
visit_seq() enforce exact 32-byte length; specifically, create tests that call
the deserializer on CBOR/serde inputs representing a 31-byte bytes, a 33-byte
bytes, a seq of 32 u8s (valid) and a seq of 33 u8s (invalid) and assert success
only for the 32-byte cases and errors for others, which will exercise
decode_runtime_id() and the visitor implementation (visit_seq) to prevent
regressions.

In `@crates/echo-wasm-abi/src/lib.rs`:
- Around line 440-482: The test_control_intent_round_trip needs to explicitly
pin HeadId's CBOR wire shape like WorldlineId does: update the
SetHeadEligibility branch to (1) assert that packing/unpacking preserves a
HeadId constructed from exactly 32 bytes (e.g. HeadId::from_bytes([2u8;32])) and
(2) add negative-case assertions that decoding/reconstruction rejects 31-byte
and 33-byte inputs for HeadId (mirror the WorldlineId byte-length checks), using
the same helpers pack_control_intent_v1/unpack_control_intent_v1 and the
WriterHeadKey type so the test fails if HeadId’s serde wire shape drifts.

In `@docs/ROADMAP/backlog/tooling-misc.md`:
- Around line 405-419: Update the roadmap entries (the "R1-R4" checklist and the
corresponding Acceptance Criteria) to require invoking both new tooling tasks
via the repository xtask entrypoint (i.e., prepend "cargo xtask ..." to the
one-command/local-and-CI-visible paths), and update AC items (AC1–AC4 and the
similar block later in the file) to explicitly state "run via cargo xtask" and
reference the repo xtask surface (xtask/ and .cargo/config.toml) so implementers
know where the command lives; ensure both task specs and acceptance checks are
changed consistently wherever the tasks are described in the document.

In `@schemas/runtime/artifact-a-identifiers.graphql`:
- Around line 17-23: The WorldlineId scalar is underspecified: update the scalar
documentation for scalar WorldlineId to state it is an opaque, fixed-width
32-byte identifier (exactly 32 bytes), with no ordering semantics, to guarantee
frozen ABI/schema parity for Phase 8; modify the comment block above scalar
WorldlineId to explicitly document "exactly 32 bytes (opaque, no ordering
semantics)" and include any expected external encoding note (e.g., raw 32 bytes
or canonical hex/base64) so generators and adapters have a clear payload width.

In `@scripts/generate-tasks-dag.js`:
- Line 10: INPUT_FILE is currently used both for filesystem reads and as the
label text, causing backslashes on Windows to leak into DOT labels; change the
code to keep a native path for I/O (leave INPUT_FILE = path.join(...)) and
create a separate POSIX-normalized label path (e.g., use path.posix.join or
replace backslashes via path.resolve(...).split(path.sep).join("/")) for any
text passed to escapeDotString()/DOT generation (update all usages where
INPUT_FILE is passed into escapeDotString or label creation, including the later
block around the previous 175-185 region) so labels always use forward slashes
while file I/O still uses the platform-native path.

In `@scripts/validate-runtime-schema-fragments.mjs`:
- Around line 11-17: DEFINITION_KIND_NAMES map is missing
"InterfaceTypeDefinition" which causes GraphQL interfaces to be uncollected and
trigger false "missing referenced type" errors; add an entry mapping
"InterfaceTypeDefinition" to "interface" in the DEFINITION_KIND_NAMES Map so
interface definitions are recognized (update the constant DEFINITION_KIND_NAMES
where the other kind-name pairs are defined).