Step 0+1 ground-clearing: ADRs, deletions, test fix, lint cleanup, README/ROADMAP, CI concurrency#24
Open
hyperpolymath wants to merge 7 commits into
Open
Step 0+1 ground-clearing: ADRs, deletions, test fix, lint cleanup, README/ROADMAP, CI concurrency#24hyperpolymath wants to merge 7 commits into
hyperpolymath wants to merge 7 commits into
Conversation
…trees Adds three ADRs for verisimiser and one for verisimdb-data, plus the mechanical file deletions they authorise. - ADR-0001 (octad-ontology): concerns octad is canonical; modalities become Tier 2 overlays. Closes #19; sets up #20; closes #21 wontfix. - ADR-0002 (verification-tree): strip the empty 8-subdirectory tree; Idris2 stubs in src/interface/abi/ are unaffected. Closes #15. - ADR-0003 (justfile-aspirational-recipes): delete recipes that name non-existent clap subcommands. Closes #11 (#10 is the mechanical follow-up). - ADR-0001 (verisimdb-data, repo-purpose): repo carries two explicit purposes (scan store + ABI dogfood). Lands in the data repo commit. Deletes: - examples/SafeDOMExample.res, examples/web-project-deno.json (unrelated template flotsam — closes #12) - root SECURITY.md, root CODE_OF_CONDUCT.md (duplicate; .github/ versions are canonical — closes #13, #14) - verification/ subtree (closes #15 via ADR-0002) Closes #11, #12, #13, #14, #15, #19, #21 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…scaping Two bugs in tests/integration_test.rs caused 2 of 9 integration tests to fail (the unit tests were unaffected). 1. Prefix mismatch — codegen emits identifiers prefixed `verisimdb_` (see src/codegen/overlay.rs). The integration tests asserted substring presence of `verisim_…` which is not a substring of `verisimdb_…`. Replaced 11 occurrences in tests/integration_test.rs. 2. Windows path escaping — test_end_to_end_file_workflow interpolates `schema_path.display()` into a TOML basic string with `"…"`. On Windows the path contains backslashes which TOML treats as escapes, producing a malformed manifest and an unwrap-on-Err. Switched the embedded path to a TOML literal string (single quotes) which suppresses escape interpretation. Verified: cargo test now reports 26 + 26 + 9 = 61 tests, 0 failed. Closes #8 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Per ADR-0003. The previous recipe block contained literal `\n` characters where newlines were intended, collapsing three recipes into one syntactically broken rule whose target name embedded `\n`. Even with newlines restored the recipes pointed at clap subcommands that don't exist in src/main.rs. Replaced the block with a comment placeholder noting why it was removed and what to do when the subcommands ship. Closes #10 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The 13-lint allow block in both lib.rs and main.rs silenced clippy across
the codebase, making `just lint` (`cargo clippy -- -D warnings`) a hollow
signal. Removed both blocks and fixed every lint clippy surfaced.
Fixes:
- codegen/query.rs:124 — nested format!() flagged by
`clippy::format_in_format_args`. Combined `format!("{}::text",
format!("{}.ctid", t))` into `format!("{}.ctid::text", t)`.
- manifest/mod.rs:309 — `init_manifest` had a dead ternary returning
"false" on both branches (flagged by `clippy::if_same_then_else`).
Replaced with a single binding plus a comment explaining where the
per-backend toggle would go if/when it becomes real.
- main.rs — was re-declaring `mod abi; mod codegen; mod intercept;
mod manifest; mod tier1; mod tier2;` already declared in `lib.rs`,
so each module compiled twice. From the bin's perspective most of
the ABI types (ProvenanceEntry, LineageEdge, TemporalVersion,
AccessPolicy, SidecarConfig, DriftCategory, …) appeared as dead
code. Replaced the six `mod …;` lines with `use verisimiser::{abi,
codegen, manifest};` so the bin consumes the library properly.
This also halves redundant test runs (35 unique tests instead of
61 with duplicates).
Verified:
- `cargo clippy --all-targets -- -D warnings` exits clean
- `cargo test` reports 26 lib + 9 integration tests, 0 failed
Closes #16, #17
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Per ADR-0001 the canonical octad is concerns (Data/Metadata/Provenance/Lineage/Constraints/AccessControl/Temporal/ Simulation), not modalities. The previous README led with a modalities table the codebase no longer supported. README.adoc rewrites: - Replace the "Eight Modalities" table with an "Eight Concerns" table whose rows match `OctadDimension` enum, OctadConfig fields, and the emitted sidecar tables. - Reframe the eight cross-modal drift categories under Constraints (they are symptoms observed by Constraints when Data, Metadata, and active Tier 2 overlays disagree). Note explicitly that each category still needs a computable definition. - Tier 1 narrative reorganised around the five Tier 1 concerns (Provenance, Temporal, Constraints, Lineage, AccessControl). - Tier 2 retains modalities but as overlay representations, not as "the octad". - Add a "Related repos" section linking verisimdb-data. - Add an "ABI" section pointing at src/interface/abi/ and src/interface/ffi/ where the Idris2 and Zig stubs actually live. - Cite ADR-0001 and ADR-0002 inline. ROADMAP.adoc rewrites: - Phase 0 marked complete with accurate evidence (ABI types exist in three languages; codegen scaffolding ships). - Phases reordered to match the bottom-up plan: SQLite Tier 1 MVP first (cheapest end-to-end), then PostgreSQL, then multi-backend, then Constraints/Drift, then AccessControl/Lineage, then Tier 2 modality overlays, then Simulation, then VCL-total integration, then production hardening, then ecosystem. - Each phase phrased in concerns/modality terms consistent with ADR-0001. Closes #20 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…r commit The `rust-ci.yml` lane already runs `cargo check + clippy + fmt` (job `check`) and `cargo test --all-targets` (job `test`, depends on `check`). That is exactly what V-L3-A2 asked for — the previous mega-list incorrectly claimed no cargo-test gate existed. Real improvement this commit lands: - Add a `concurrency` block at workflow level so push storms cancel older queued runs instead of queueing for minutes. Group keyed on `github.ref` so concurrent PR pushes serialize per-PR but parallel to main. Verified locally: - `cargo fmt --all -- --check` clean - `cargo clippy --all-targets -- -D warnings` clean - `cargo test` reports 35 tests (26 lib + 9 integration), 0 failed The cargo-test gate becomes a required check when branch protection is configured to require Rust CI / Cargo test — that is a repo settings change, not a workflow change. Closes #9 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This was referenced May 13, 2026
…-L2-L1..L2 (#33) Step 2 of the bottom-up plan. Brings the Provenance octad concern up to the claim made in the README: tampering with any audit-relevant field in a logged entry breaks `verify()`. V-L1-B1 — docs/theory/provenance-threat-model.adoc: Four-adversary model (R / SW / SR / SR+CK), per-adversary protection matrix, the field-coverage and canonical-encoding requirements that bind V-L2-C1 + V-L2-C2, the append-serialisation requirement that binds V-L2-L1 + V-L2-L2, anchor/notary future work, open questions (None vs Some(""), chain_id). Each Step 2 issue cites a section. V-L2-N1 — deduplicate ProvenanceRecord vs ProvenanceEntry: Delete src/tier1/provenance.rs::ProvenanceRecord (orphan duplicate of abi::ProvenanceEntry with its own compute_hash that risked drifting). tier1/provenance.rs now re-exports the canonical type; the file is the future home of V-L1-C1's write-path helpers (sqlite3_update_hook → append_provenance). TOPOLOGY.md updated. V-L2-C1 — full-field, domain-separated hash: compute_hash signature changes from (4 strs) to (5 strs + DateTime + 2 Options). New preimage = domain tag b"verisim-prov-v1\0" || length-prefixed (previous_hash, entity_id, operation, actor) || canonical timestamp (V-L2-C2) || length-prefixed (before_snapshot, transformation). All seven fields participate. PROV_DOMAIN_TAG versioning is reserved for a future SHA-256→? migration. verify(), genesis(), chain() all pass the full field set. V-L2-C2 — canonical timestamp: Replace timestamp.to_rfc3339() (multiple valid forms per instant) with i64_le(timestamp()) || u32_le(timestamp_subsec_nanos()), 12 bytes total. Round-trip unit test asserts two construction paths that yield the same instant produce the same hash. V-L2-C3 — positive tamper-detection tests: Eight new unit tests in abi::tests covering each hash-covered field (entity_id, actor, before_snapshot, transformation, operation, previous_hash, timestamp) plus the canonical-encoding property test plus a 4-entry chain mutation-matrix that asserts every field mutation on every entry breaks verify(). 9 new test cases (26 → 35 lib tests). V-L2-C4 — flip the wontfix test: tests/integration_test.rs::test_provenance_chain_integrity_multi_step previously codified the bug ("Actor is not part of hash — tamper to actor alone is invisible"). Replaced with assertions that tampering with actor and with before_snapshot both break verify(). V-L2-L1 — chain_head table + write-path serialisation spec: codegen/overlay.rs emits a new verisimdb_provenance_chain_head (entity_id PK, head_hash, updated_at) alongside the provenance log. The write-path lock (SELECT … FOR UPDATE / BEGIN IMMEDIATE on the head row, INSERT into log, UPDATE head, COMMIT) is specified in the threat-model doc and the table-generator docstring. The library function that performs the transaction is V-L1-C1's job; V-L2-L1 only lands the schema. V-L2-L2 — UNIQUE INDEX makes forks unrepresentable: CREATE UNIQUE INDEX IF NOT EXISTS ux_provenance_chain ON verisimdb_provenance_log(entity_id, previous_hash). Genesis rows all carry previous_hash='' so the same constraint enforces exactly one genesis per entity. Two new DDL tests assert presence of both the UNIQUE INDEX and the chain_head table. Verified locally: - cargo fmt --all -- --check clean - cargo clippy --all-targets -- -D warnings clean - cargo test reports 35 + 9 = 44 tests, 0 failed Closes #25, #26, #27, #28, #29, #30, #31, #32 Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ground-clearing pass that resolves 11 of the 14 issues filed against this repo (V-L3-A1/A2/B1/B2/C1/C2/D1/E1/Q1/R1 + V-L1-A1/A2/D1; #21 closed as wontfix in a follow-up note).
7 commits, each scoped to one logical change so review and rollback are clean.
What changes
Decisions (3 verisimiser ADRs)
docs/decisions/ADR-0001-octad-ontology.adoc— picks concerns as the canonical octad (Data/Metadata/Provenance/Lineage/Constraints/AccessControl/Temporal/Simulation). Modalities become Tier 2 overlay representations, not "the octad". Closes V-L1-A1: pick canonical octad — modalities vs concerns (ADR-0001) #19, sets up V-L1-A2: rewrite README around concerns octad (blocked by V-L1-A1) #20, closes V-L1-A3: epic — rewrite code around modalities octad (blocked by V-L1-A1) #21 wontfix.docs/decisions/ADR-0002-verification-tree.adoc— strip the emptyverification/8-subdirectory scaffolding. Idris2 stubs insrc/interface/abi/are unaffected. Closes V-L3-D1: verification/ tree is empty scaffolding — populate or strip #15.docs/decisions/ADR-0003-justfile-aspirational-recipes.adoc— deleteaugment/check-octad/migraterecipes (no matching clap subcommands). Closes V-L3-C2: decide fate of augment/check-octad/migrate (no clap subcommands) #11.File deletions
examples/SafeDOMExample.res,examples/web-project-deno.json(template flotsam) — closes V-L3-E1: remove unrelated examples (SafeDOMExample.res, web-project-deno.json) #12SECURITY.md, rootCODE_OF_CONDUCT.md(duplicates;.github/versions are canonical) — closes V-L3-Q1: SECURITY.md duplicated at root and .github/ with conflicting SLAs #13, V-L3-R1: CODE_OF_CONDUCT.md duplicated at root and .github/ #14verification/subtree (8 empty subdirectories) — closes V-L3-D1: verification/ tree is empty scaffolding — populate or strip #15Code fixes
tests/integration_test.rs: replace 11 occurrences ofverisim_*withverisimdb_*(the actual codegen prefix). Also fixes a Windows-path TOML escaping bug intest_end_to_end_file_workflowby emitting the path as a TOML literal string instead of a basic string. Closes V-L3-A1: integration tests assert wrong table-name prefix (verisim_ vs verisimdb_) #8.Justfile: remove the literal-\n-collapsed broken recipe block per ADR-0003. Closes V-L3-C1: Justfile line 55 collapses three recipes via literal \n #10.src/lib.rs,src/main.rs: remove blanket 13-lint#![allow(...)]blocks that were silencing clippy. Two real lints surfaced and were fixed at site:codegen/query.rs: combined a nestedformat!()call (clippy::format_in_format_args)manifest/mod.rs::init_manifest: removed a dead ternary returning"false"on both branches (clippy::if_same_then_else)main.rs: was re-declaringmod abi; mod codegen; ...already declared inlib.rs, causing duplicate compilation and spuriousdead_codeerrors in the bin. Replaced withuse verisimiser::{abi, codegen, manifest};. Halves redundant test runs.Closes V-L3-B1: remove blanket #![allow(...)] in src/lib.rs — restores clippy signal #16, V-L3-B2: remove blanket #![allow(...)] in src/main.rs #17.
Docs
README.adocrewritten around the concerns octad (per ADR-0001). The eight cross-modal drift categories become symptoms observed by the Constraints concern; modalities are framed as Tier 2 overlay representations; added a Related repos cross-link toverisimdb-data; added an ABI section pointing atsrc/interface/abi/(Idris2) andsrc/interface/ffi/(Zig). Closes V-L1-A2: rewrite README around concerns octad (blocked by V-L1-A1) #20.ROADMAP.adocrewritten with the bottom-up sequencing (SQLite Tier 1 MVP first, then PostgreSQL, then multi-backend, then Constraints/Drift, …) and phrased consistently in concerns terms.README.adoc. The reciprocal link inverisimdb-datais in its companion PR (hyperpolymath/verisimdb-data#…). Closes V-L1-D1: add Related repos cross-link to verisimdb-data #22.CI
.github/workflows/rust-ci.yml: addconcurrency: { group: rust-ci-${{ github.ref }}, cancel-in-progress: true }so push storms don't queue duplicated runs. The fmt/clippy/test gate itself already existed in this workflow — the previous mega-list incorrectly claimed there was no cargo-test lane. Closes V-L3-A2: add CI lane that blocks on cargo test #9.Test plan
cargo fmt --all -- --checkcleancargo clippy --all-targets -- -D warningscleancargo testreports 35 tests (26 lib + 9 integration), 0 failedRust CI / checkjob greenRust CI / testjob green🤖 Generated with Claude Code