# M03-RND-INTERNAL-ACCESS-GATE-001 — Streamer internal access gate ## Ownership - Target: M03 - Program: RND - Owner/Agent ID: sindo-main-codex - Branch: `work/sindo-main-codex/m03-streamer-internal-access-gate` - Lease expires UTC: 2026-07-18 - Integrator: M03 milestone integrator ## Outcome Add an automated repository boundary gate proving gameplay code and Godot `EditorPlugin` implementations do not access `StreamingWorldLoader` private queue, task, cache or tile-state fields. ## Non-goals - Change renderer behavior, queues, jobs, cache formats or facade contracts. - Ban scene composition references to the loader script or facade adapter path. - Migrate renderer-only diagnostic probes that inspect internal readiness/terrain; those require the later metrics/ground-query facade contract. - Mark M03 complete. ## Paths - Exclusive: `src/tools/verify_renderer_internal_access.gd`, this claim - Shared/hotspots: `docs/modules/world-renderer.md`, `RENDER.md`, `targets/03-renderer-facade.md` - Read-only scan scope: `src/gameplay/**/*.gd`, Godot `EditorPlugin` scripts under `src/**/*.gd` and `addons/**/*.gd`, and the streamer field declarations ## Contracts and data - Input: repository GDScript source and actual private streamer declarations - Output: deterministic pass/fail diagnostics with consumer path and symbol - Runtime, scene, cache, coordinate and asset contracts: unchanged ## Dependencies - Requires: integrated facade and scheduler master `a023d76` - Blocks: safe service extraction and M03 dependency regression acceptance - External state: none ## Verification - Commands: dedicated internal-access gate, facade regression, coordination, documentation and diff gates - Fixtures: gameplay source discovery, EditorPlugin discovery and synthetic forbidden symbol detection - Fidelity evidence: source-only enforcement; no runtime or visual code changes - Performance budget: one bounded repository source scan in a headless test process ## Documentation deliverables - World-renderer boundary/verification/known-gap/source-map updates - Renderer implementation note documenting diagnostic-tool exception - No new module spec because this package adds a verifier to the existing renderer module ## Simplicity and naming - Important name: `verify_renderer_internal_access.gd` - Simplest approach: derive forbidden fields from the current streamer instead of maintaining a second hand-written queue list - Rejected complexity: language plugin, custom linter framework or runtime proxy - Unavoidable complexity: recursive source discovery distinguishes actual `EditorPlugin` scripts from renderer/import addons ## Status - State: active - Done: scope and exception boundary defined - Next: implement gate, prove current consumers clean and document enforcement - Blocked by: