Phase 20.8 — Call for Review (Boundaries & Contracts)
=====================================================

Purpose
- Fix boundaries/invariants before implementation to keep Phase‑20.8 small, explicit, and deterministic.

Agenda

1) Boundary/Scope (Rust layer)
- Final responsibilities: Boot (Lock/Capsule→BootPlan), HostBridge publish, CLI flags, PluginHost init (LockOnly order)
- No discovery fallback; propagate non‑OK status to exit code

2) C‑ABI Surface (HostBridge)
- 7 functions: open/close/last_error/list_types/type_id/method_id/call
- Versioning: abi_major/minor + struct_size; caps; optional allocator pointer
- Error policy: OK/NOT_FOUND/BAD_LOCK/INCOMPATIBLE/OOM/UNSUPPORTED/VALIDATION/PANIC

3) GC v0 (Mark & Sweep)
- Roots: stack frames, global static boxes, HostBridge handles
- Safepoints: call boundaries, loop back‑edges, pre‑I/O waits
- Triggers: live_bytes growth (>80% since last sweep) or +4MB
- Metrics: pause_ms/live_bytes/num_objects/alloc_rate; HAKO_GC_TRACE format

4) Allocator/HakMem (research only)
- Not adopted in 20.8; keep docs only. MVP metrics: determinism, latency distribution, fragmentation.

5) VM Semantics/Parity
- 16 ops + Call unified; Gate‑C Strict ban list finalized
- Eq/Ne: primitive=Compare, box=op_eq, enum=.equals (Rewrite + Verifier)

6) Published Names / SSOT
- Box.method/Arity only; alias TTL→remove (2 minor releases)
- Tail fallback OFF; CallAttrs.tail_ok marks explicit cases

7) Router/Rewrite/Intern
- Known/Rewrite default ON (Enum/Callable)
- Intern: published names only; name→id JSON dump for CI
- CallAttrs: effect/may_throw/tail_ok/inline_hint consumed by VM/LLVM only

8) Determinism / Capsule / Lock
- LockOnly: fixed order; sha256 verify (plugins + optional AOT)
- Frozen: verify required; no fallback

9) WASM/Embedded
- Built‑in plugin preset via LTO/inline; Capsule “baked‑in” artifacts when dynamic load is restricted

10) AOT/FFI
- AOT: bytes_len parity; skip when AOT_PRESENT cap is absent
- FFI‑C: allow‑list only; signatures normalized via Box/Value

11) Error/Fail‑Fast
- Three guards: Verifier (Boot), Router (E_NOT_FOUND), Runner (exit code)

12) Migration/Rollback
- `--backend vm-rust` as last escape hatch with deprecation schedule; path‑shim deprecation→removal plan

13) KPIs/Observability/CI
- VM ≥ 70% of LLVM (representative ops); 30‑run p95 geometric means
- Determinism: Frozen runs produce identical logs/hashes (10×)
- CI: SSOT diffs (published names set, intern table), negative cases (Strict/Gate‑C), determinism checks

Expected Outcome
- Sign‑off on boundaries/contracts. Green‑light to implement GC v0 and backend deprecation with minimal risk.