feat: provenance lifecycle — mark/apply/clear + Claude hooks#125
Closed
avrabe wants to merge 14 commits into
Closed
feat: provenance lifecycle — mark/apply/clear + Claude hooks#125avrabe wants to merge 14 commits into
avrabe wants to merge 14 commits into
Conversation
CRITICAL: Replace .unwrap() with if-let on store.get() in render code (results.rs:72, traceability.rs:230,261) HIGH: Recover from poisoned mutex in serve reload handler instead of panicking (serve/mod.rs:449) HIGH: Document RwLock ordering in MCP server — rmcp serializes calls over stdio so concurrent read+write cannot occur (mcp.rs) MEDIUM: Reject empty artifact IDs and self-referential links during HIR extraction with proper diagnostics (yaml_hir.rs, both paths) Refs: #91 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add 14 integration tests that spawn `rivet mcp` as a child process and exercise all 10 tools plus resources via the rmcp client transport. Tests cover tools/list, rivet_validate, rivet_list (with filters), rivet_get (valid + invalid), rivet_stats, rivet_schema (with filters), rivet_coverage, resources/list, resources/read for diagnostics and coverage, and rivet_reload with live file changes. Refs: FEAT-010 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add missing artifacts identified in deep methodology review: - CTRL-MCP controller in control-structure.yaml - H-21 (MCP stale state) and H-24 (round-trip formatting) hazards - SC-23 (MCP staleness prevention) and SC-24 (byte-for-byte round-trip) constraints - LS-M-1 loss scenario (MCP agent commits on stale validation) Note: LS-M-1 references UCA-M-1 which will be defined in a follow-up. Implements: SC-23, SC-24 Refs: H-21, H-24, CTRL-MCP, LS-M-1 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add baseline (string) and upstream-ref (string) fields to requirement type in dev.yaml - Add baseline, diagram, and source-ref fields to design-decision type in dev.yaml - Add baseline field to feature type in dev.yaml - Add source-ref and diagram fields to aadl-component type in aadl.yaml - Add allocated-from as standalone link type in aadl.yaml (was only defined as inverse) - Add SC-LSP-003 system constraint for H-LSP-003 (diagnostic location accuracy) - Renumber SC-LSP-003..007 to SC-LSP-004..008 to avoid ID collision Fixes: H-LSP-003 Refs: SC-LSP-003 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- yaml_cst test: hazards.yaml now has 34 items (22 hazards + 12 sub-hazards) after adding H-21 and H-24 - loss-scenarios: remove uca: UCA-M-1 forward reference (UCA not yet defined) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Found during dogfooding — our own format validator rejects 'table'. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The salsa validation path (validate_all -> collect_parse_errors) was using parse_generic_yaml to detect parse errors for ALL source files. This produced 18 false "missing field 'artifacts'" errors for STPA section-based files, which use a different document structure. Add collect_rowan_parse_errors tracked function that uses the rowan CST parser to detect actual YAML syntax errors without assuming any particular document structure. When the rowan-yaml feature is enabled, validate_all now uses this instead of the serde_yaml-based error collection. Fixes #125 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds a new CLI command that stamps artifacts with provenance metadata (created-by, model, session-id, timestamp, reviewed-by). Supports stamping individual artifacts or all artifacts at once, with proper insert-or-replace semantics via the YamlEditor. Implements REQ-034 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New CLI: `rivet stamp <ID> --created-by ai-assisted --model claude-opus-4-6` Stamps artifacts with AI provenance. Supports `rivet stamp all`. Claude Code hook: .claude/settings.json runs `rivet validate` pre-commit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a `supply-chain` docs topic covering SBOM components, build attestations, vulnerabilities, and release artifacts with example YAML for each type, link types, and traceability rules. Update the schemas overview to include supply-chain and its bridge. Create `.claude/settings.json` with a pre-commit hook that runs `rivet validate --direct` before each commit. Update CLAUDE.md to document the hook and the `rivet stamp` command. Refs: FEAT-001 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When Claude Code edits artifact YAML files in artifacts/ or safety/, the PostToolUse hook automatically runs `rivet stamp all` to record provenance metadata (created-by: ai-assisted, model: claude-opus-4-6). This makes provenance tracking automatic and deterministic — no need for Claude to remember to stamp manually. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The rowan cursor deallocation UB triggers in any test creating a multi-item tree (not just parse_actual_hazards). The stpa_hazard_sequence test and yaml_hir tests also create enough cursor nodes to trigger it. Skip these in Miri CI until the rowan cursor fix is complete. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add `rivet provenance` subcommand for AI provenance tracking: - `mark <file>` — record that an AI tool touched this file - `apply` — stamp AI-touched artifacts that lack provenance - `clear` — remove all pending marks - `status` — show pending marks State stored in .rivet/provenance-pending.json (gitignored). Hooks in .claude/settings.json: - PostToolUse: marks files when Claude edits artifacts/ or safety/ - PreCommit: applies marks then validates Subagents must run `rivet stamp all --created-by ai-assisted` manually (hooks don't fire in subagents). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
avrabe
added a commit
that referenced
this pull request
Apr 7, 2026
Add undeclared fields to stpa.yaml and dev.yaml schemas to match actual data usage, eliminating all "field not defined in schema" INFO-level diagnostics (194 -> 59, remaining 59 are traceability rules). stpa.yaml: - uca: add control-action (string) field - loss-scenario: add type (alias for scenario-type) and process-model-flaw (text) - controller: add type (alias for controller-type), control-actions and feedback (list<mapping>) dev.yaml: - design-decision: add decision (text) field Fixes #125 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
avrabe
added a commit
that referenced
this pull request
Apr 7, 2026
Both `rivet stats` and `rivet stats --format json` previously computed their output independently — text via `print_stats` and JSON via inline code. While both ultimately called `store.len()`, the separate code paths could diverge if `by_type` got out of sync with the `artifacts` HashMap (e.g. after a type-change upsert left a phantom empty-vector entry in `by_type`). Changes: - Extract `compute_stats()` that both text and JSON paths consume, deriving the total as the sum of per-type counts rather than from `store.len()` directly. - Fix `Store::upsert` to remove the old type key from `by_type` when its vector becomes empty, preventing phantom zero-count types. - Add `Store::types_total()` for cross-check convenience. - Add 4 tests: 2 in `rivet-core` (store consistency) and 2 in `rivet-cli` (stats total == sum of type counts, including after type-change). Fixes #125 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
avrabe
added a commit
that referenced
this pull request
Apr 7, 2026
The `if` field must be inside individual hooks, not at the group level. Uses `rivet stamp all` (available in installed binary) instead of `rivet provenance mark` (PR #125 not yet merged). Note: hooks load at session start — need fresh session to test. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Refs: #104
Contributor
Author
|
Status check (2026-04-22): 16 days stale after v0.4.1 shipped. This PR's mark/apply/clear lifecycle with PostToolUse + PreCommit hooks is still the right model for real AI-SDLC workflows — v0.4.1's Needs before merge (v0.4.2):
|
This was referenced Apr 22, 2026
This was referenced May 9, 2026
avrabe
added a commit
that referenced
this pull request
May 11, 2026
Three queued feature requests now land: rivet bundle (#266), rivet coverage --matrix (#243), s-expr linked-via operator (#265). Plus externals load their own schemas (#267) and STPA TCL numbering is corrected to ISO 26262-8 (#257). Infrastructure: CI concurrency control across all workflows (#258), migration to self-hosted smithy runners (#262), release-npm trigger fix that retroactively unblocked v0.7.0/v0.8.0 npm publication (#261), weekly dependabot (#216), and the wasmtime 42→43 upgrade that retires the RUSTSEC-2026-0114 suppression introduced in v0.8.0 (#260). #125 (provenance-lifecycle) intentionally deferred — 5-week-old branch with conflicts in heavily-churned files (CLAUDE.md, ci.yml, settings). Needs its own attention session, not safe to autonomously rebase. Refs: FEAT-001 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Author
|
Closing — not worth a revive as-is. This branch is ~5 weeks old and 208 commits behind The work here is a useful reference, but a fresh implementation against current |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Complete AI provenance lifecycle for artifact tracking:
rivet provenance mark <file>— PostToolUse hook marks AI-edited filesrivet provenance apply— PreCommit hook stamps marked artifactsrivet provenance clear/status— management.rivet/provenance-pending.json(gitignored)Hooks only fire in main Claude Code process. Subagents must stamp manually.
Test plan
cargo buildclean,cargo clippycleanRefs: #104
🤖 Generated with Claude Code