From e51704cd254be7c6bf2c431174525a56130165cc Mon Sep 17 00:00:00 2001
From: ruv <ruv@ruv.net>
Date: Fri, 12 Jun 2026 00:55:51 -0400
Subject: [PATCH] docs(homecore-plugins): label sig/hash fields '(P4 - not yet
 enforced)' (ADR-161 B5)

manifest.rs documented wasm_module_hash as 'verified before execution' but
wasm_module_hash/wasm_module_sig/publisher_key are never read for verification
(only set to None in tests). Re-doc'd the three fields as P4-not-yet-enforced
so the doc matches the code. No verification code added (that is P4); no false
capability claimed.

Co-Authored-By: claude-flow <ruv@ruv.net>
---
 v2/crates/homecore-plugins/src/manifest.rs | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/v2/crates/homecore-plugins/src/manifest.rs b/v2/crates/homecore-plugins/src/manifest.rs
index d1082a7d..4480fc4d 100644
--- a/v2/crates/homecore-plugins/src/manifest.rs
+++ b/v2/crates/homecore-plugins/src/manifest.rs
@@ -83,15 +83,26 @@ pub struct PluginManifest {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub wasm_module: Option<String>,
 
-    /// [HOMECORE] `sha256:<hex>` hash of the wasm binary; verified before execution.
+    /// [HOMECORE] `sha256:<hex>` hash of the wasm binary.
+    ///
+    /// **(P4 — not yet enforced, ADR-161/B5):** this field is parsed and
+    /// round-tripped but is NOT verified before execution. The hash/sig
+    /// gate lands in P4; until then the presence of this field implies no
+    /// integrity guarantee.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub wasm_module_hash: Option<String>,
 
     /// [HOMECORE] Ed25519 signature of the wasm binary hash (`ed25519:<base64>`).
+    ///
+    /// **(P4 — not yet enforced, ADR-161/B5):** parsed but never checked.
+    /// No signature verification happens before a plugin runs.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub wasm_module_sig: Option<String>,
 
     /// [HOMECORE] Ed25519 public key of the plugin publisher.
+    ///
+    /// **(P4 — not yet enforced, ADR-161/B5):** parsed but never used to
+    /// verify `wasm_module_sig`.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub publisher_key: Option<String>,