AI Factory Pipeline — Gate Matrix & Dispatch Flow

ALAI AI Factory Pipeline — Gate Matrix & Dispatch Flow

Status: Spec for MC #10536 (parent #10612 system-uvezivanje master), Step 2.5a Author: anthropic-chief-architect (subagent, dispatched by John under [CEO_APPROVED] B→C transition) Date: 2026-05-03 Source-of-truth basis: Read-only derivation from the following files (absolute paths, last-modified mtimes UTC-local mixed; sha256 of head listed in Section 7):

• /Users/makinja/.claude/settings.json (mtime 2026-05-03 00:25:50)
• /Users/makinja/.claude/hooks/pre-dispatch-gate.sh (mtime 2026-05-03 00:15:00)
• /Users/makinja/.claude/hooks/postflight-gate.sh (mtime 2026-04-30 16:14:41)
• /Users/makinja/.claude/hooks/lock-john-dispatch-cap.sh (mtime 2026-04-30 22:48:51)
• /Users/makinja/.claude/hooks/john-max-depth-gate.sh (mtime 2026-05-03 00:14:03)
• /Users/makinja/.claude/hooks/one-ceo-turn-mc-cap.sh (mtime 2026-05-02 23:41:44)
• /Users/makinja/.claude/hooks/one-ceo-turn-dispatch-cap.sh (mtime 2026-05-03 00:25:39)
• /Users/makinja/.claude/hooks/pre-mc-add-gate.sh (mtime 2026-05-03 00:24:14)
• /Users/makinja/.claude/hooks/ceo-token-origin-gate.sh (mtime 2026-05-03 00:11:23)
• /Users/makinja/.claude/hooks/README-evidence-quality-gate.md (mtime 2026-02-20 10:55:28)
• /Users/makinja/system/kernel/pi-orchestrator.js lines 3380–3454 (mtime 2026-05-02 23:39:21)

The Kotlin binary /Users/makinja/.claude/hooks/alai-hooks (16,476,240 bytes, mtime 2026-05-02 23:28) is opaque — it exits silently on --help/help invocation and on bare invocation. Subcommand semantics for it are derived solely from (a) the README at ~/.claude/hooks/README-evidence-quality-gate.md and (b) the dispatch-pattern in settings.json, and are marked OPAQUE where source cannot be confirmed. The branch feat/blueprint-check-stack-aware does NOT contain tools/blueprint-check.js (verified via git ls-tree); only tools/blueprint-registry.js and tools/blueprint-runner.js exist there. Blueprint enforcement therefore runs in pre-dispatch-gate.sh Check 9 advisory mode (fail-open).

1. Pipeline Overview

The ALAI AI factory pipeline is a deterministic gate sandwich wrapped around a non-deterministic LLM core. Every CEO turn enters a UserPromptSubmit cascade that classifies intent, refreshes counters, and primes Mehanik state. John then routes the request: H/BLOCKER → /prompt-forge → /mehanik (writes /tmp/mehanik-cleared-<id> marker with 13 mandatory fields) → Task dispatch → specialist agent work under PreToolUse(Bash|Write|Edit) gates → /task-postflight (writes ~/system/state/postflight-cleared-<id>.json) → mc.js done. M/L/trivial tasks skip /prompt-forge per ZAKON #25. Hard Constraint #3 — "Builder cannot say done" — is structurally enforced via Plan #10264's 5+1-layer gate stack; the Bash hook layer is postflight-gate.sh (priority cache + session_id + 4h TTL). The dispatch flow is gated at THREE failure-modes: (a) too-deep recursion (john-max-depth-gate.sh trip-wire 1 cuts at depth 3+), (b) too-wide CEO-turn fan-out (one-ceo-turn-{mc,dispatch}-cap.sh), (c) self-issued override tokens (ceo-token-origin-gate.sh reads /tmp/ceo-turn-<session>.txt).

Two gates are deactivated or absent: pi-orchestrator.js (the database-backed scheduler at lines 3380–3454) is currently OFF per session-state.md ACTIVE_THREAD context; blueprint-check.js does not exist on main and does not exist on feat/blueprint-check-stack-aware, so Check 9 of pre-dispatch-gate.sh is advisory-only and fails open with the message blueprint_check_unavailable. An active-thread-lock hook is referenced in session-state.md ("4. structural layer") as PENDING and does not exist on disk. ZAKON #25, #27, #28 and Hard Constraints #1/#2/#3 form the policy layer that the gates instantiate.

2. Gate Matrix

3. Dispatch Flow (Mermaid)

flowchart TD
    CEO[CEO message] --> UPS[UserPromptSubmit cascade]
    UPS --> IRM[incident-response-mode.sh]
    IRM --> BE[boot-enforcer.sh]
    BE --> UML[user-message-logger.sh]
    UML --> AAV[alai-hooks auto-verify]
    AAV --> AIC[alem-instruction-checker.sh]
    AIC --> FCA[feasibility-check-advisory.sh]
    FCA --> VSI[validation-state-injector.sh]
    VSI --> CIC[ceo-intent-classifier.sh writes /tmp/ceo-intent-SESSION.json]
    CIC --> MTR[mc-turn-reset.sh resets MC and dispatch counters]
    MTR --> CTL[ceo-token-log-userpromptsubmit.sh writes /tmp/ceo-turn-SESSION.txt]
    CTL --> John[John classify priority]
    John -->|H or BLOCKER| PF[/prompt-forge/]
    John -->|M or L or trivial| Mehanik[/mehanik/]
    PF --> Mehanik
    Mehanik --> Marker[Mehanik writes /tmp/mehanik-cleared-ID with 13 fields]
    Marker --> Disp[John dispatches Task or Agent]
    Disp --> LJDC{lock-john-dispatch-cap count under 9}
    LJDC -->|no and no CEO_APPROVED| BLK1[BLOCK exit 2]
    LJDC -->|yes| CHpre[claude-hooks pre]
    CHpre --> PADA[pre-action-da-gate]
    PADA --> PDG{pre-dispatch-gate marker valid}
    PDG -->|no| BLK2[BLOCK exit 2]
    PDG -->|yes| JMD1{john-max-depth TW1 depth under 3}
    JMD1 -->|no and no CEO_APPROVED| BLK3[BLOCK exit 2]
    JMD1 -->|yes| OCTD{one-ceo-turn-dispatch-cap under Mehanik approved}
    OCTD -->|no and no CEO_APPROVED| BLK4[BLOCK exit 2]
    OCTD -->|yes| Spec[Specialist agent runs]
    Spec --> ToolUse{Tool used}
    ToolUse -->|Bash| BashGates[postflight + caddyfile + delegation + alai bash + evidence + pipeline + deploy + bash-danger + JMD23 + pre-mc-add + ceo-token-origin + provenance + claim-blocker + alai-pre-mc + alai-octmc]
    ToolUse -->|Write or Edit| WriteGates[hook-change-val + tier1-cap + delegation-write + plan-completeness + claude-pre + project-path + spawn-gate + alai-write + tech-stack + lead-guard + backend-guard + hallucination + caddyfile]
    BashGates --> PostUse[PostToolUse async logs and traces]
    WriteGates --> PostUse
    PostUse --> SpecDone{Specialist returns}
    SpecDone --> Postflight[/task-postflight writes ~/system/state/postflight-cleared-ID.json/]
    Postflight --> McDone[mc.js done ID]
    McDone --> PFG{postflight-gate marker valid and TTL under 4h and session matches}
    PFG -->|no and not force-with-reason| BLK5[BLOCK exit 2]
    PFG -->|yes| McClose[task closed]
    McClose --> Stop[Stop hooks]
    Stop --> SOV[session-output-validator]
    Stop --> SCleanup[session-cleanup.sh]
    Stop --> SLedger[session-ledger.sh]
    Stop --> ASV[alai-hooks stop-verify]
    Stop --> CCH[claude-cli-cost-hook]

4. Where the pipeline currently leaks (audit, not opinion)

Observations grounded strictly in source read this session:

1. blueprint-check.js does not exist. Verified by ls -la /Users/makinja/system/tools/blueprint-check.js (No such file or directory) and git ls-tree feat/blueprint-check-stack-aware tools/ (only blueprint-registry.js and blueprint-runner.js). pre-dispatch-gate.sh:135-160 therefore runs in fail-open advisory mode, and any blueprint_score is whatever Mehanik wrote — without a checker tool, that field is essentially trust-the-author.

2. alai-hooks binary is opaque from disk. No source files in ~/.claude/hooks/ for the Kotlin enforcement; alai-hooks --help prints nothing. Behavior must be inferred from the README (README-evidence-quality-gate.md describes only the evidence-gate subcommand) and from cross-references in bash hooks (e.g. ceo-token-origin-gate.sh:91-93 cites PipelineGate.kt line 29). 13 of 64 gate rows above are OPAQUE for this reason. This is a single point of trust for ~20% of the gate stack.

3. Duplicate enforcement paths for the same policy. Both ~/.claude/hooks/pre-mc-add-gate.sh (settings.json:93) AND ~/.claude/hooks/alai-hooks pre-mc-add-gate (settings.json:113) are wired into PreToolUse Bash. Same for one-ceo-turn-mc-cap.sh (settings.json:118 wires the alai-hooks twin). Two hooks evaluating the same input is fine for redundancy, but if the Kotlin twin's logic drifts from the bash, semantics become non-deterministic.

4. active-thread-lock hook is referenced but absent. ls /Users/makinja/.claude/hooks/active-thread-lock* returns no matches. ~/.claude/session-state.md line 21 lists it as "Pending children #1" of system-uvezivanje-master. ZAKON #27 (one product per session) currently has no machine enforcement at hook level.

5. pi-orchestrator.js delegation loop is OFF. Confirmed by ~/.claude/session-state.md ACTIVE_THREAD context (ACTIVE_THREAD = system-uvezivanje-master, no mention of pi-orch running). The DLQ + circuit-breaker + lease infrastructure at lines 3382-3447 is dormant; no daemon is consuming delegated_to = 'pi-orchestrator' tasks. session-state.md feedback log entry under "Pending children" does not list pi-orch reactivation.

6. one-ceo-turn-mc-cap.sh Section 2 token-counter design flaw. Per ~/.claude/session-state.md:27-29: /tmp/ceo-approved-token-uses-default.count increments on BLOCKED attempts (script increments before the limit check at line 94-104). Counter inflates on rejected commands → legitimate next CEO turn can fail. Documented as "separate workstream, NOT drift" in session-state.

7. Postflight session_id whitespace bug (per session-state.md:49). "postflight-gate Bash hook strips whitespace from session-state.md header but mc.js parser preserves it → marker session_id mismatch on every flow. All 5 closures used --force." This is a live, recurring failure-mode. The postflight-gate.sh:144 reads head -1 ~/.claude/session-state.md | tr -d '[:space:]' while mc.js does not normalize identically. Mismatch path: line 167 BLOCK.

8. MEMORY.md auto-write absent. Cross-referenced from feedback_sentinel_v3 family in MEMORY.md but no hook in settings.json writes back to memory. The Read PostToolUse hooks (memo-citation-gate × 2) only validate, do not append.

9. TOOL_CONTRACT block enforcement is keyword-fragile. pre-dispatch-gate.sh:101 regex matches phrases like "research the/find partners/contact list" but exempts any prompt mentioning discover.js|lightrag.js|mc.js|web-search.sh — meaning a research-intent dispatch that name-drops mc.js in passing slips the gate.

10. No WORKTREE_PATH enforcement at dispatch time. worktree-create.sh fires on WorktreeCreate (settings.json:427, OPAQUE), but no PreToolUse gate verifies a dispatched specialist actually inherits a project worktree path. The /Users/makinja/CLAUDE.md cwd guardrails ("ANY file write to /Users/makinja/* outside ... → STOP") are policy text, not a hook. project-path-gate.sh (settings.json:198) on Write/Edit might cover this — OPAQUE, not verified in this spec.

5. Three sub-MC proposals for Step 2.5b

Proposal 1: task_gate_events schema

Title: Add deterministic gate-event logging table to mission-control.db Why: 13 of 64 gates write to per-gate ad-hoc log files (/tmp/pre-mc-add-gate.log, ~/.claude/hooks/john-max-depth-gate.log, /tmp/ceo-token-gate.log, etc.). No unified store means we cannot answer "how often does gate X block in a week?", "which gate blocks most often per session?", or "did gate X regress after settings.json change Y?". Per Hard Constraint #2 ("No claim without evidence"), the platform itself violates this for its own gates. Acceptance:

1. New table task_gate_events(id INTEGER PK, ts TEXT, session_id TEXT, gate_name TEXT, decision TEXT CHECK IN ('allow','block','warn','soft'), tool_name TEXT, mc_id INTEGER NULL, reason TEXT, raw_input_sha256 TEXT) created via migration in ~/system/databases/migrations/ and applied to mission-control.db.
2. Each of the 16 gate-rows in Section 2 with non-OPAQUE source (rows 1, 9-14, 15-18, 23-26, 29, 30) appends one row per invocation via shared helper ~/.claude/hooks/_lib/log-gate-event.sh.
3. mc.js gate-events --tail 50 --gate <name> subcommand reads the table.
4. Daily summary daemon com.alai.gate-events-summary writes top-10 blockers to ~/system/state/gate-events-daily-<date>.json.
5. Proveo verification: 5 known-block scenarios produce 5 rows; 5 known-allow scenarios produce 5 rows; replay matches expected.

Owner: flowforge (database + bash plumbing) Estimate: 6h

Proposal 2: WORKTREE_PATH gate + worktree-enforcer

Title: Block specialist Task/Agent dispatches without explicit WORKTREE_PATH: block in prompt Why: /Users/makinja/CLAUDE.md cwd guardrails are policy text, not enforced. The dispatch-from-home-dir failure mode shipped real damage (genesis: feedback_drop_split_brain_root_cause.md). project-path-gate.sh covers Write/Edit only; a specialist that runs only Bash (npm install, flyway migrate) at a wrong cwd leaks just as much. Mehanik already records project_path: in the marker — the dispatch prompt should propagate it as a WORKTREE_PATH: directive that a new gate verifies matches. Acceptance:

1. ~/.claude/hooks/worktree-path-gate.sh added to settings.json PreToolUse Task|Agent matcher (after pre-dispatch-gate.sh).
2. Hook reads project_path: from /tmp/mehanik-cleared-<id> and WORKTREE_PATH: from prompt; mismatch or absence → exit 2 (with [CEO_APPROVED] bypass).
3. ~/system/tools/wrap-with-worktree-path.js helper auto-injects the directive given a Mehanik-cleared MC id.
4. Specialist agent definitions updated (5 high-traffic: codecraft, flowforge, securion, skillforge, proveo) to refuse work if first instruction is not cd <WORKTREE_PATH>.
5. Proveo: 3 negative cases (no path, wrong path, path outside ~/projects//~/companies/) all block.

Owner: codecraft (hook + helper) + skillforge (agent .md updates) Estimate: 5h

Proposal 3: blueprint Phase 3 promote OR pi-orch stays OFF (binary CEO decision)

Title: CEO decision — invest in finishing blueprint-check.js + pi-orchestrator reactivation, OR formally retire both Why: Two large pieces of pipeline infrastructure are currently dead: (a) blueprint-check.js is referenced from pre-dispatch-gate.sh:142-160 but doesn't exist on disk or on the named feature branch — Phase 3 enforcement is "deferred to separate MC per Petter Graff plan Section 1" with no MC opened; (b) pi-orchestrator.js (lines 3380-3454 implements a real DLQ + circuit-breaker scheduler) is OFF and not in any system-uvezivanje sequence. Carrying dead infrastructure costs context tokens (every John session reads settings.json with these references) and creates phantom-feature drift risk. Frame to CEO as binary:

• Option A — Promote both: Open MC for blueprint-check.js implementation (estimate 12h codecraft); separate MC for pi-orch reactivation (estimate 4h flowforge to wire daemon + 2h proveo soak). Total cost ~18h.
• Option B — Retire both: Remove Check 9 from pre-dispatch-gate.sh; comment out delegated_to = 'pi-orchestrator' query in pi-orchestrator.js; delete feat/blueprint-check-stack-aware branch; document in ADR. Cost ~2h.

Acceptance (for the CEO-decision MC, regardless of option):

1. CEO writes one of A/B in MC comment.
2. Selected sub-plan opened as separate MC by John under [CEO_APPROVED].
3. ~/system/specs/ai-factory-pipeline.md (this spec) updated with chosen direction.
4. MEMORY.md index entry added.

Owner: John (decision-routing only — does not build) Estimate: 0.5h CEO time + 18h or 2h follow-on depending on choice

6. Open questions for CEO

1. Blueprint-check tool: build or kill? Option A (build, 18h) vs Option B (retire, 2h) per Proposal 3. Yes/no on Option A?

2. alai-hooks source-readability: Should the Kotlin sources for the alai-hooks binary be checked into a readable repo path (e.g. ~/system/kernel/alai-hooks-src/)? Currently 13 of 64 gates are OPAQUE — auditability impossible. Yes/no?

3. active-thread-lock hook scheduling: session-state.md lists this as Pending child #1 — should a sub-MC be opened in the system-uvezivanje thread for this gate, or deferred to separate thread? Yes/no on opening sub-MC now?

4. one-ceo-turn-mc-cap.sh Section 2 counter design flaw: Documented in session-state.md as "separate workstream, NOT drift". Approve fix MC now (10 min flowforge patch), or hold? Yes/no on opening fix MC?

5. Duplicate bash + Kotlin gates (pre-mc-add-gate, one-ceo-turn-mc-cap): keep both for redundancy, or pick one and remove the other to avoid drift? Choice = keep-both or bash-canonical or kotlin-canonical?

7. Source verification log

Snapshot regenerated 2026-05-03 (post MC #99014/#99015/#99016 patches + MC #10313 B10 fix + MC #10611 TTL-aware Mehanik clearance).

Branch verification:

• feat/blueprint-check-stack-aware HEAD = 9ea69679f docs(specs): FILESTRUCTURE-BLUEPRINT §3 stack-aware allowlists update [MC #10260] — tools/ contains blueprint-registry.js and blueprint-runner.js, NO blueprint-check.js.
• git -C ~/system show feat/blueprint-check-stack-aware:blueprint-check.js → fatal: path 'blueprint-check.js' does not exist in 'feat/blueprint-check-stack-aware'.

Opaque-binary inventory:

• ~/.claude/hooks/alai-hooks — 16,476,240 bytes, mtime 2026-05-02 23:28, no --help output.
• ~/.claude/hooks/claude-hooks — 24,188,592 bytes, mtime 2026-04-10 21:19, not probed.

Evidence transcript: /tmp/evidence-10536/sources-read.txt (written alongside this spec).

settings.json caveat: Hash changed 2026-05-03 (MC #99014/#99015/#99016 patches). Hook wiring line refs in gate-matrix rows 2-65 (e.g., settings.json:53, settings.json:233) were NOT re-verified in this update — if hook matcher order changed, line refs may be stale. Verify on-demand via Read ~/.claude/settings.json.

8. Update history

• 2026-05-02 — Initial spec (CEO MC #10536)
• 2026-05-03 — Section 7 regenerated (post MC #99014/#99015/#99016 patches + MC #10313 B10 fix + MC #10611 TTL-aware Mehanik clearance). Gate-matrix rows 1, 10, 11, 15, 16, 17, 18, 23, 24 updated with new line refs and patch notes. See /tmp/evidence-10536-skillforge/affected-rows-audit.txt for full audit trail.