P3 cross-component stream-pair detection foundation + a fully
operational Mythos delta-pass auto-runner. 12 commits since v0.8.1.

Headline changes:

- Cross-component stream<T> pairing detection (#141, ADR-3). The
  StreamPairGraph foundation for the in-module stream adapter: meld
  now inventories at resolve time which fused components form
  producer -> consumer stream pairings. The ring-buffer / copy-chain
  emitter is a runtime-verified follow-up (ADR-3 Path N).

- Mythos delta-pass auto-runner (#162, #164, #170, #173, #175). The
  AI-driven discover protocol now runs automatically on every
  Tier-5 PR by the maintainer, via claude-code-action on a Max-plan
  OAuth token. Five plumbing fixes brought it to a working
  end-to-end state: scan -> NO_FINDINGS verdict -> sticky comment ->
  mythos-pass-done label.

- LS-N verification gate (#161, #165). Every approved loss-scenario
  in safety/stpa/loss-scenarios.yaml is now enforced to have a
  matching ls_<letter>_<num>_* regression test; 19/19 verified.

- DWARF / witness-mapping discovery (#131) — Phase 1 of the #130
  epic; pins today's lossy passthrough as the green-to-red oracle
  for the Phase 2 remap work.

- Regression coverage for LS-A-8/9/19 and LS-CP-4 (#163/165/166/169)
  — closed every missing-test entry the LS-N gate surfaced.

- CI footprint reduction (#171) — bench/fuzz/ci skip on docs- and
  safety-only PRs; meld is a leaner consumer of the shared fleet.

- fuzz.yml musl-target drop (#170, closes #168) — fixes the
  recurring "sanitizer incompatible with statically linked libc"
  fuzz failures.

Co-authored-by: Claude Opus 4.7 <[email protected]>

… file (#181)

The whole-file scan that landed with v0.9.0 (#162, #164, #170, #173,
#175) caused a treadmill across v0.10.0's #178 and #179: every
parser.rs / fact.rs / resolver.rs PR re-triggered every latent
canonical-ABI bug in the touched file, regardless of whether the PR
went near that code. PR #179 surfaced 4+ findings in successive
re-scans of parser.rs alone; each fix exposed the next, and one
finding (the auto-runner's claimed inversion of LS-P-8 against
canonical-abi.py::record_size) was an outright false positive.

This commit moves the scan to a diff-scoped model:

  1. The scan job's actions/checkout step now uses fetch-depth=0
     so both base.sha and head.sha are reachable.

  2. A new "Extract PR diff for ${matrix.file}" step writes
     `git diff --no-color BASE...HEAD -- $F` to a workspace file
     under mythos-diffs/. Triple-dot uses the merge-base so commits
     the base branch advanced past after PR open do not show up.

  3. The discover prompt now references the diff file by path
     (diff_path / diff_size step outputs) and tells the AI to
     report only findings *introduced* by the diff. Pre-existing
     bugs in unchanged regions are explicitly out of scope —
     they can be filed against main in their own dedicated PR.
     Full-file context remains readable for caller/callee
     understanding.

An empty diff (rename / mode / pure delete) is allowed — the AI
sees no introduced changes and reports NO_FINDINGS by construction;
no skip logic required at the workflow level.

Unblocks future Tier-5 PRs from being judged on bugs they did not
introduce. Latent bugs in the unchanged file body remain the
project's problem to fix proactively (the LS-N gate continues to
pin every approved scenario), but they no longer block unrelated
PRs from merging.

Co-authored-by: Claude Opus 4.7 <[email protected]>