Greenfield proofs: eliminate ~177 Obj.magic escape hatches (auth/MCP/policy)

[hyperpolymath]

Context

Hand-off cargo from the stapeln proof-sweep thread (hyperpolymath/stapeln#89).
svalinn carries ~177 Obj.magic escape hatches across the auth / MCP /
policy layers — each is an unchecked type coercion that voids the safety the
type system would otherwise give.

Scope

• Replace Obj.magic with verified/typed alternatives in auth, MCP adapter,
  and policy code.
• This is gated on the AffineScript migration (the affine type system is the
  intended target surface; doing it in the deprecated ReScript first would be
  throwaway work).

Related

• svalinn PR docs(claude): reconcile agent language policy ReScript → AffineScript #32 is also red on pre-existing Type / Lint / Format checks —
  worth clearing as part of, or before, this effort.

Acceptance criteria

• Obj.magic count driven down (track a burndown).
• No new Obj.magic introduced (add a gate once at zero).
• PR docs(claude): reconcile agent language policy ReScript → AffineScript #32's Type/Lint/Format checks green.

Filed as hand-off from the proof-sweep work; see stapeln PROOF-BACKLOG.md →
"SIDE-PROJECTS TO HAND OFF" item 3.

[hyperpolymath]

Framing correction — estate Decision D3: svalinn's migration target is Ephapax, not AffineScript. This burndown stands, but it is gated on the Ephapax migration (PR #35 docs/ephapax-migration/HANDOFF.adoc, Stage 2), not an "AffineScript migration".

Under D3 (migrate-then-prove) the ~177 Obj.magic casts are discharged structurally by the ReScript→Ephapax port — typed boundary decoders make them impossible by type, and linear exactly-once tokens give true JWT/JTI revocation — rather than by patching ReScript. Caveat: Ephapax is pending a Stage-0 readiness spike; AffineScript is the documented fallback if it isn't application-ready.

---

Generated by Claude Code