gates

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckScope added in v0.4.0

func CheckScope(changed, declared []string) error

func HasCriterion

func HasCriterion(requirementsDoc, id string) bool

HasCriterion reports whether id (e.g. "1.2") is a valid criterion address in the given requirements document.

func HasErrors

func HasErrors(findings []Finding) bool

Types

type CanaryVerdictResult added in v0.4.0

type CanaryVerdictResult struct {
	Healthy      bool
	EvidenceRefs []string
	Findings     []string
}

func CanaryVerdict added in v0.4.0

func CanaryVerdict(in DeliveryInput, allowedSources []string) CanaryVerdictResult

type CheckCtx

type CheckCtx struct {
	Root             string
	Slug             string
	Tasks            []core.TaskRow
	Status           map[string]core.TaskRunStatus // marker-derived (tasks.md truth)
	Evidence         map[string]core.EvidenceRecord
	MaxContextTokens int

	// W4 gate inputs. Gate bodies stay pure over CheckCtx: the caller reads
	// files and state, the gates never touch disk. Zero values disable the
	// gate (parity: an empty CheckCtx yields no findings).
	// TrivialVerify is the configured set of no-op verify commands (config
	// verify.trivial, default core.DefaultTrivialVerify). The verify gate rejects
	// a write task using one of these (spec 01 R4.2). Nil disables the check
	// (parity: an empty CheckCtx yields no findings).
	TrivialVerify []string

	StateLoaded          bool                          // caller loaded state.json for this spec
	StateTaskStatus      map[string]core.TaskRunStatus // machine truth from state.json
	ApprovedRequirements bool
	ApprovedDesign       bool
	ApproveTarget        string // the gate being approved ("design" arms the design-stub gate)
	RequirementsDoc      string // requirements.md bytes ("" = not provided)
	RequirementsStub     string // the scaffold stub to compare against (ADR-10 single source)
	DesignDoc            string
	DesignStub           string
	// DesignContractRequired arms the full decision-contract check (spec 01
	// R2.1): under the production design profile the design must declare every
	// decision-metadata field and a resolvable requirement reference. Zero ⇒
	// default profile, where the contract fields are optional (R7.1) and only
	// unknown references are refused. Unknown-reference resolution is always on.
	DesignContractRequired bool

	// Criteria gate inputs (spec 04 R6, opt-in). CriteriaRequired mirrors
	// config criteria.required; CriteriaUnmet lists acceptance-criterion ids
	// with no current passing record. Both zero ⇒ gate disabled.
	CriteriaRequired        bool
	CriteriaUnmet           []string
	CoverageGaps            []string
	IntegrationEvidenceGaps []string
	ProductionPolicy        bool

	// ProductionProfile mirrors the production lifecycle profile (spec 01 R7.2).
	// It arms the criterion and review ratchets on its own, so the production
	// profile requires current criterion evidence and a current-HEAD review even
	// when the individual criteria.required / review.required switches are off.
	ProductionProfile bool

	// Review gate inputs (spec 09 R3/R4/R5, opt-in). ReviewRequired mirrors
	// config review.required. The caller reads review_report.md, parses it, and
	// fills these — the gate never touches disk. ReviewParseErr non-empty means
	// the report is missing or malformed (fail closed). ReviewExpectedHead is the
	// current git HEAD the approval must be fresh against. All zero ⇒ disabled.
	ReviewRequired     bool
	ReviewParseErr     string
	ReviewVerdict      string
	ReviewHead         string
	ReviewFindings     string
	ReviewExpectedHead string

	// TaskTraceRequired arms the full task trace/risk contract (spec 01 R3.1):
	// under the production planning profile every task must declare its
	// references, work kind, risk tier, required context, evidence classes, and
	// edge checks. Zero ⇒ default profile, where those fields are optional
	// (R7.1); unknown references and unknown risk tiers are always refused.
	TaskTraceRequired bool

	// Quality-freshness gate inputs (spec 04 R3.3, opt-in). QualityContracts maps
	// a task id to its declared required evidence classes/checks; Evals is the
	// imported eval store; QualitySubject is the current subject revision/digests.
	// The evidence gate refuses a completed task whose required evidence is
	// missing or stale for the subject. All zero ⇒ no contracts ⇒ no new findings
	// (parity: an empty CheckCtx yields no quality findings).
	QualityContracts map[string]core.QualityContract
	Evals            []core.EvidenceEnvelopeV1
	QualitySubject   core.FreshnessSubject

	// QualityPolicyRequired arms Domain 04 production coverage enforcement.
	// Callers supply parsed policy/criterion registries; the gate stays pure and
	// offline. Zero values preserve compatibility with legacy/default projects.
	QualityPolicyRequired bool
	QualityPolicies       map[string]core.QualityPolicy
	KnownCriteria         map[string]bool

	// Program-link gate input (spec 12 R5). When the gate under approval is the
	// execution transition, the caller fills ProgramDepsIncomplete with the
	// cross-spec dependencies that are not yet complete; a non-empty list refuses
	// the approval. Empty ⇒ disabled (planning phases are never program-gated).
	ProgramDepsIncomplete []string
	StaleRecords          []string

	// Provenance is operator-recorded typed intake. A nil record or empty
	// RequiredFields leaves legacy/default projects unchanged. The gate is pure:
	// callers own disk reads and supply this immutable snapshot.
	Provenance      *core.ProvenanceV1
	ProvenanceError string

	// Governance snapshots are caller-loaded, immutable inputs. Zero value is
	// unconfigured and preserves legacy behavior.
	GovernanceRequired  bool
	GovernanceNow       time.Time
	RequiredDecisionIDs []string
	Decisions           []core.DecisionV1
	Exceptions          []core.ExceptionV1
	GovernanceError     string
	MemoryLintRequired  bool
	MemoryBlocks        []core.MemBlock
	MemoryAsOf          time.Time
	MemoryLintError     string
}

type CriterionID

type CriterionID struct {
	Req int
	Sub int
}

CriterionID names a single acceptance criterion of a requirement, addressed as "<req>.<sub>" (e.g. "1.2" = the second criterion of requirement R1).

func CriterionIDs

func CriterionIDs(requirementsDoc string) []CriterionID

CriterionIDs enumerates the acceptance-criterion ids declared in an EARS requirements document, in document order. It reuses the same bullet-oriented reading as the EARS gate so there is a single source of truth for what counts as a requirement (spec 04 R2, design note "one parser, no second source").

A requirement is a top-level bullet whose text begins with an "R<n>" id. Its acceptance criteria are the more-indented sub-bullets beneath it, numbered 1..k in order. A requirement with no sub-bullets is itself a single criterion "<r>.1", so the flat one-bullet-per-requirement style still yields addressable ids.

func (CriterionID) String

func (c CriterionID) String() string

String renders the "<req>.<sub>" address used on the command line and in evidence records.

type DeliveryInput added in v0.4.0

type DeliveryInput struct {
	Policy       core.EnvironmentV1
	Release      core.ReleaseCandidateV1
	Deployment   core.DeploymentV1
	Observations []core.HealthObservationV1
	Now          time.Time
}

DeliveryInput is the full on-disk evidence a delivery verdict is computed from: the closed environment policy, the immutable release candidate, the deployment record, its health observations, and an explicit clock. Now is a field (never time.Now()) so the verdict is a pure function of its inputs — same inputs always yield the same findings (spec 08 R7.1).

type Finding

type Finding struct {
	Gate     string   `json:"gate"`
	Severity Severity `json:"severity"`
	Message  string   `json:"message"`
}

type Gate

type Gate interface {
	Name() string
	Run(CheckCtx) []Finding
}

func QualityGate added in v0.4.0

func QualityGate() Gate

QualityGate returns the opt-in Domain 04 production policy gate. Callers append it with CoreRegistryWith, preserving existing core registry order.

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

func CoreRegistry

func CoreRegistry() Registry

func CoreRegistryWith added in v0.4.0

func CoreRegistryWith(required ...Gate) Registry

CoreRegistryWith appends profile-required gates after stable core order.

func NewRegistry

func NewRegistry() Registry

func (Registry) Append added in v0.4.0

func (r Registry) Append(gates ...Gate) Registry

Append returns a registry with gates appended in caller order. It makes profile composition explicit while preserving stable core gate order.

func (Registry) Names

func (r Registry) Names() []string

func (*Registry) Register

func (r *Registry) Register(gate Gate)

func (Registry) Run

func (r Registry) Run(ctx CheckCtx) []Finding

type Severity

type Severity string
const (
	Info  Severity = "info"
	Warn  Severity = "warn"
	Error Severity = "error"
)

Directories

Path Synopsis
Package security implements the opt-in deterministic security gate (spec 05).
Package security implements the opt-in deterministic security gate (spec 05).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL