DUNIN7 · LOOMWORKS · RECORD
record.dunin7.com
Status Current
Path change-requests/loomworks-signin-email-conformance-cr-v0_1.md

Loomworks — Sign-in Email Conformance — Change Request — v0.1

Version. 0.1 Date. 2026-06-12 Status. Landed. Both commits built, tested, and pushed — engine 5d7b291 and Operator Layer becf598. This change request records the conformance change as one unit and carries the standing note on the vestigial state it left. Render-type. Change request. Operator-facing — HTML primary, Markdown source alongside. Source. Seed v0.12 (Authentication framework — Identity and Sign-in clauses); the recovery-completeness session handoff (2026-06-12); the read-only inspection of the sign-in path across engine and Operator Layer (2026-06-12). Repos touched. loomworks-engine and loomworks (Operator Layer). No record-doc behaviour change.


Plain-language summary

Seed v0.12 says sign-in must never use email to find a user. The system was still allowing it: the engine's sign-in challenge accepted an optional email and, when given one, looked the person up by email to narrow which passkeys the browser offered — a forbidden email-keyed lookup. The Operator Layer fed it through an optional email field on the sign-in form.

This change removes both. Sign-in now runs the WebAuthn discoverable-credential flow only: the browser offers every passkey registered for Loomworks, the operator picks one, and identity is resolved from the chosen credential — never from email. The sign-in form is now a single "Sign in with passkey" action with no email field. The engine already resolved identity by credential at the completion step, so nothing about who can sign in changes — only the forbidden lookup is gone.


The conformance target

Seed v0.12, Authentication framework — the two clauses this change brings the system into line with:

The discoverable-credential flow was already the default and was test-covered on both sides (verified read-only, 2026-06-12). This change makes it the only path.


What changed

Engine — 5d7b291 (email-keyed lookup removed, discoverable-only)

Operator Layer — becf598 (email field removed, passkey-only)


What this conforms — confirmed


Verification


Standing note — vestigial state (retained deliberately)

> Vestigial state left by email removal — get_person_by_email orphaned, db unused in begin_login, LoginBeginRequest now empty. All retained deliberately, not dead-by-accident, pending a separate cleanup decision.

Detail, so a later reader does not mistake any of these for an oversight:

These three are one separate cleanup decision, to be taken on their own.


Out of scope


DUNIN7 — Done In Seven LLC — Miami, Florida Loomworks — Sign-in Email Conformance — Change Request — v0.1 — 2026-06-12