feat: ship end-to-end Trusted PR Review MVP

[safal207]

Summary

Implements #598 by shipping the first executable end-to-end Trusted Runtime product slice.

A deterministic git diff now flows through specialized planning, reviewer/risk-critic/verifier routing, contributions, CML causal audit, evidence gating, ProofPath authorization, CaPU commit-before-effect execution, durable event persistence, LTP replay, and reusable artifact export.

This PR is stacked on #616 → #617 → #618 → #619 → #620 → #621 → #622 and remains draft while dependencies are open. Implementation and CI validation are complete.

One command

PYTHONPATH=.:python:python/modules \
  python scripts/run_trusted_pr_review.py --scenario all

Product scenarios

• ALLOW: changed tests are linked and no executable-risk signature is detected; ProofPath and CaPU write one protected review result, then LS exports a reusable artifact.
• HOLD: changed test evidence is missing; no authorization, protected effect, ProofPath bundle, or final artifact is created.
• BLOCK: client-controlled dynamic execution is detected; no authorization, protected effect, ProofPath bundle, or final artifact is created.

All scenarios still produce an inspectable trail, evidence decision, readable review summary, and replay bundle.

Included

• scripts/run_trusted_pr_review.py;
• deterministic ALLOW/HOLD/BLOCK diff fixtures and expected outcomes;
• specialized PR-review planning for reviewer, risk critic, and verifier roles;
• deterministic DAO-style routing with per-role local backends;
• role contribution records and evidence references;
• CML audit, evidence decision, ProofPath, CaPU, persistence, and LTP composition;
• Markdown review summary and machine-readable JSON artifact;
• product artifact JSON Schema and integrity digest;
• broken causal-lineage and expired-authorization fixtures;
• product acceptance and fail-closed tests;
• dedicated CI that runs the user command and uploads the evidence bundle;
• five-minute reviewer walkthrough, before/after diagrams, and non-claims;
• stable trusted_runtime.pr_review_api product entrypoint.

Verified acceptance result

The final product run produced 43 evidence files.

Scenario	Decision	Authorization	Protected effect	Artifact	Replay
ALLOW	ALLOW	yes	exactly one	yes	ADMISSIBLE
HOLD	HOLD	no	none	no	DRIFTED (PARTIAL_PATH)
BLOCK	BLOCK	no	none	no	ADMISSIBLE blocked terminal path

The ALLOW artifact includes workflow plan, routes, reviewer/risk-critic/verifier contributions, causal audit, evidence decision, authorization, execution, replay, reusable-artifact references, and a verified SHA-256 integrity digest.

The CI evidence archive is published as trusted-pr-review-evidence with digest:

sha256:a995d1f5322277b2548cb826a9d42af0472c18dd7469b2d8a2f5df99d725742a

Safety boundary

The protected business effect is the review-result file under protected/. It is written only after ProofPath authorization and CaPU durable commit. HOLD/BLOCK paths cannot enter this branch.

Plans, decisions, audit reports, and replay files are evidence exports, not the protected approved effect.

LTP inspects durable events and never reruns a model, tool, or side effect.

CI result

All workflows are green on final human head 265cd6a5:

• Trusted PR Review MVP — one-command demo, acceptance tests, generated-index effect checks, and evidence upload: success;
• Trusted Runtime Contract: success;
• Ruff strict verification: success;
• Phase 12.1 Regression Scan / Semgrep: success;
• Reflection Dashboard HTTP E2E: success;
• Security & CI Pipeline: success;
• hardening tests, quality gate, vulnerability audit, SBOM generation/upload, CodeQL, and dependency review: success.

Non-claims

This is a deterministic local reference product slice. It does not claim live LLM review, complete SAST/secret scanning, production distributed storage, regulatory certification, or proof that approved code is bug-free.

Related

• Implements Trusted Runtime MVP: ship an end-to-end PR review workflow with CI evidence #598
• Depends on Trusted Runtime: add LTP replay and LiminalDB event persistence adapters #597 / feat: add LTP replay and LiminalDB event persistence #622
• Epic: EPIC: LS Trusted Cooperative Runtime MVP #599

[safal207]

Implementation and final-head validation are complete on 265cd6a5.

Verified from the generated CI evidence bundle:

• 43 evidence files were produced by the one-command demo;
• ALLOW created exactly one CaPU-protected review result, a ProofPath bundle, and an integrity-bound reusable artifact;
• HOLD created no authorization, protected effect, ProofPath bundle, or final artifact and replayed as DRIFTED with PARTIAL_PATH;
• BLOCK created no authorization, protected effect, ProofPath bundle, or final artifact and replayed as an ADMISSIBLE policy-blocked terminal path;
• the ALLOW artifact contains workflow, routes, reviewer/risk-critic/verifier contributions, causal audit, evidence decision, authorization, execution, replay, and reusable references;
• the artifact SHA-256 integrity digest was independently recomputed successfully;
• the raw blocked diff expression is absent from exported evidence;
• broken causal lineage and expired authorization fixtures fail closed.

All workflows passed: Trusted PR Review MVP, Python contracts, Ruff, Semgrep/regression scan, E2E, hardening tests, quality gate, vulnerability audit, SBOM, CodeQL, and dependency review.

The PR remains draft only because it is stacked on #616 through #622.