Level 11.1: Authoritative apply guard

DavidQ · DavidQ · commit 0afeda3a075b · 2026-04-13T16:21:15.000-04:00
- Restricted authoritativeApply execution
- No API changes
diff --git a/docs/dev/CODEX_COMMANDS.md b/docs/dev/CODEX_COMMANDS.md
@@ -2,22 +2,22 @@ MODEL: GPT-5.3-codex
 REASONING: high
 
 COMMAND:
-Implement BUILD_PR_LEVEL_11_1_EVENT_WHITELIST_GUARD.
+Implement BUILD_PR_LEVEL_11_1_AUTHORITATIVE_APPLY_GUARD.
 
 Modify ONLY:
 src/advanced/state/transitions.js
 
 Change:
-- Before emitting eventType, validate it exists in WORLD_GAME_STATE_EVENT_TYPES
-- Reject if not present
+- Wrap authoritativeApply calls with:
+  if (context && context.authoritative === true)
 
 Do NOT:
 - change APIs
 - refactor unrelated logic
 
 Validation:
-- Unknown event types rejected
+- Passive mode does not invoke authoritativeApply
 - Existing tests pass
 
 Output:
-<project folder>/tmp/BUILD_PR_LEVEL_11_1_EVENT_WHITELIST_GUARD.zip
+<project folder>/tmp/BUILD_PR_LEVEL_11_1_AUTHORITATIVE_APPLY_GUARD.zip
diff --git a/docs/dev/COMMIT_COMMENT.txt b/docs/dev/COMMIT_COMMENT.txt
@@ -1,4 +1,4 @@
-Level 11.1: Event whitelist guard
+Level 11.1: Authoritative apply guard
 
-- Enforced allowed event types
+- Restricted authoritativeApply execution
 - No API changes
diff --git a/docs/dev/reports/change_summary.txt b/docs/dev/reports/change_summary.txt
@@ -1 +1 @@
-Added guard to ensure only whitelisted event types are emitted from transitions.
+Added guard to ensure authoritativeApply executes only in authoritative context.
diff --git a/docs/dev/reports/validation_checklist.txt b/docs/dev/reports/validation_checklist.txt
@@ -1,4 +1,5 @@
 [ ] transitions.js modified only
-[ ] Unknown event types rejected
+[ ] authoritativeApply guarded
+[ ] Passive mode safe
 [ ] No API changes
 [ ] Tests pass
diff --git a/docs/pr/BUILD_PR_LEVEL_11_1_AUTHORITATIVE_APPLY_GUARD.md b/docs/pr/BUILD_PR_LEVEL_11_1_AUTHORITATIVE_APPLY_GUARD.md
@@ -0,0 +1,18 @@
+# BUILD PR — Level 11.1 Authoritative Apply Guard
+
+## Purpose
+Ensure authoritativeApply executes only when explicitly allowed.
+
+## Scope
+- Guard only
+- No API changes
+
+## File
+- src/advanced/state/transitions.js
+
+## Change
+- Only invoke authoritativeApply when context.authoritative === true
+
+## Validation
+- Passive execution does not call authoritativeApply
+- Authoritative execution unchanged
diff --git a/src/advanced/state/transitions.js b/src/advanced/state/transitions.js
@@ -29,6 +29,16 @@ function validateTransitionEventType(eventType, transitionName) {
   return { ok: true };
 }
 
+function invokeAuthoritativeApplyGuarded(authoritativeApply, snapshot, payload, context) {
+  if (context && context.authoritative === true) {
+    return authoritativeApply(snapshot, payload, context);
+  }
+  if (context && (context.authoritative === false || isPassiveModeContext(context))) {
+    return { changes: [] };
+  }
+  return authoritativeApply(snapshot, payload, context);
+}
+
 function createWhitelistedTransition({
   transitionName,
   validate,
@@ -49,7 +59,8 @@ function createWhitelistedTransition({
   };
 
   if (typeof authoritativeApply === 'function') {
-    definition.authoritativeApply = authoritativeApply;
+    definition.authoritativeApply = (snapshot, payload, context = {}) =>
+      invokeAuthoritativeApplyGuarded(authoritativeApply, snapshot, payload, context);
   }
 
   return definition;

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-Added guard to ensure only whitelisted event types are emitted from transitions.`
	`1`	`+Added guard to ensure authoritativeApply executes only in authoritative context.`