From ee0ab01fcb7481797b365c0de2f498ae8bf2e765 Mon Sep 17 00:00:00 2001
From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com>
Date: Thu, 14 May 2026 13:08:28 +0100
Subject: [PATCH] fix(validate-a2ml): exempt canonical typed manifests +
 *file.a2ml from identity check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The identity check (`agent-id`/`name`/`project`) is appropriate for
manifests that genuinely declare a subject, but two families of A2ML files
carry identity by convention rather than by in-file field:

1. **Canonical typed manifests under `.machine_readable/6a2/`** —
   `AGENTIC.a2ml`, `META.a2ml`, `NEUROSYM.a2ml`, `PLAYBOOK.a2ml`.
   These hold typed *aspects* of the enclosing project (agent permissions,
   metadata, neurosymbolic invariants, playbook recipes). Identity is the
   parent directory; the filename indicates the aspect. Sibling files
   `ECOSYSTEM.a2ml` and `STATE.a2ml` already declare `[project] name`
   or `[metadata] project` and continue to be validated normally.

2. **Dockerfile-style top-level typed manifests** — `Intentfile.a2ml`,
   `Trustfile.a2ml`, etc. These use markdown-flavoured A2ML
   (`@abstract:` blocks, `## headers`) rather than TOML-style fields,
   so the identity-field regex cannot match by construction. Identity is
   the parent repo, exactly as with a `Dockerfile` or `Makefile`.

Adds both patterns to the existing `*AI-MANIFEST*` exemption. The check
remains active for any other `*.a2ml` filename, so genuinely-missing-
identity bugs are still surfaced.

Without this, `Validate A2ML manifests` reports 40+ errors across every
estate consumer that ships a complete 6a2 manifest set.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
---
 validate-a2ml.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/validate-a2ml.sh b/validate-a2ml.sh
index 1a7cec0..45cdb83 100755
--- a/validate-a2ml.sh
+++ b/validate-a2ml.sh
@@ -121,6 +121,21 @@ validate_a2ml() {
     if [[ "$basename" == *"AI-MANIFEST"* ]]; then
         is_manifest=true
     fi
+    # Canonical typed manifests under .machine_readable/6a2/ — identity comes
+    # from the enclosing directory + filename, not an in-file field. Sibling
+    # files in the same directory (ECOSYSTEM.a2ml, STATE.a2ml) DO carry their
+    # own 
+ame/project and continue to be validated normally.
+    case "$basename" in
+        AGENTIC.a2ml|META.a2ml|NEUROSYM.a2ml|PLAYBOOK.a2ml)
+            is_manifest=true
+            ;;
+        # Dockerfile-style top-level typed manifests (Intentfile, Trustfile, …)
+        # use markdown-flavoured A2ML; identity is carried by the parent repo.
+        *file.a2ml)
+            is_manifest=true
+            ;;
+    esac
 
     if [[ "$has_identity" == "false" && "$is_manifest" == "false" ]]; then
         report_issue "error" "$file" 1 \