Summary
Several important outputs — namespace_patterns.py, JSON schemas, and CSV files — are both generated from Python source and committed to the repository. Python source is authoritative, but downstream artifacts are also stored and consumed by docs and CI workflows, creating real drift risk.
Category
Severity
high
Evidence
src/ssvc/utils/namespace_patterns.pydata/json/data/schema/data/csv/data/csvs/
Impact if Ignored
Docs, API, and downstream consumers may silently consume stale generated artifacts. Drift between source and committed outputs can go undetected until a runtime or documentation error surfaces.
Suggested Action
Add a CI step that regenerates artifacts and fails if the diff is non-empty (i.e., treat committed artifacts as a cache that must stay in sync). Document clearly which files are generated and should not be edited by hand.
Summary
Several important outputs —
namespace_patterns.py, JSON schemas, and CSV files — are both generated from Python source and committed to the repository. Python source is authoritative, but downstream artifacts are also stored and consumed by docs and CI workflows, creating real drift risk.Category
Severity
high
Evidence
src/ssvc/utils/namespace_patterns.pydata/json/data/schema/data/csv/data/csvs/Impact if Ignored
Docs, API, and downstream consumers may silently consume stale generated artifacts. Drift between source and committed outputs can go undetected until a runtime or documentation error surfaces.
Suggested Action
Add a CI step that regenerates artifacts and fails if the diff is non-empty (i.e., treat committed artifacts as a cache that must stay in sync). Document clearly which files are generated and should not be edited by hand.