Skip to content

SPDD: close spec drift gaps across Effective Tokens, Forecast, Frontmatter Hash, Fuzzy Schedule, and MCP Scripts#34719

Merged
pelikhan merged 2 commits into
mainfrom
copilot/spdd-add-sync-notes-and-structure-safeguards
May 25, 2026
Merged

SPDD: close spec drift gaps across Effective Tokens, Forecast, Frontmatter Hash, Fuzzy Schedule, and MCP Scripts#34719
pelikhan merged 2 commits into
mainfrom
copilot/spdd-add-sync-notes-and-structure-safeguards

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 25, 2026
edited
Loading

This SPDD cycle identified recurring spec-maintenance gaps: missing/insufficient spec↔implementation sync mapping, safeguard sections that were hard to cross-reference, and a few ambiguous or underspecified norms. This PR tightens those areas across five reference specs with targeted, non-behavioral documentation updates.

  • Effective Tokens spec (effective-tokens-specification.md)

    • Added structured safeguard entries (S-1..S-3) with explicit threat/mitigation mapping for overflow/capping, non-finite numeric rejection, and registry-validation failure handling.
    • Added an ET test-vectors appendix with labeled baseline and multi-node graph cases plus expected ET totals.
    • Expanded Sync Notes with a §7.1 OTel attribute row-to-code mapping table (attribute key → implementation field/function path).

  • Forecast spec (forecast-specification.md)

    • Clarified §3.9 Yield with an explicit formula walkthrough and numeric example.
    • Moved safeguard content from Appendix F into main-body §10.7 (Threat Model, Required Mitigations, Residual Risk), and left Appendix F as a forward reference.
    • Added command-interface cross-reference to safeguards and strengthened Sync Notes mapping for §4.5/§6/§7 implementation ownership.

  • Frontmatter Hash spec (frontmatter-hash-specification.md)

    • Added Caller Operations under Implementation Notes describing normative invocation flow for pkg/cli/hash_command.go.
    • Made S-6 concrete by specifying a hard max cumulative normalized frontmatter size: 1,048,576 bytes (1 MiB), with explicit rejection behavior.
    • Added negative vector FH-TV-NEG-001 for oversized-input rejection expectations.

  • MCP Scripts spec (mcp-scripts-specification.md)

    • Added a §4.7 sync note documenting current SM-IS-01 enforcement status: required-field validation exists, but explicit per-string 10KB enforcement is not yet implemented in the cited runtime path.
    • Added a Security Marker Sync Map for SM-JS-01, SM-IS-01, and SM-03 linking each marker to implementation files/functions.

  • Fuzzy Schedule spec (fuzzy-schedule-specification.md)

    • Extended Sync Notes to explicitly map §3.1 grammar and §6 scattering algorithm to concrete parser/scatter implementation targets.

Example (new style used across updates):

#### S-1: Overflow and Capping
**Threat**: Unbounded multi-invocation ET aggregation can exceed numeric interoperability limits.
**Mitigation**: Enforce JS-safe ceiling, cap deterministically, and emit overflow flag/error metadata.
Normative requirements: **R-SAFE-002**, **R-SAFE-003**, **R-SAFE-003A**, **R-SAFE-004**

Copilot AI linked an issue May 25, 2026 that may be closed by this pull request
[spdd] Daily spec work plan - 2026-05-25 #34718
Closed
13 tasks
@gh-aw-bot
docs: complete SPDD spec alignment updates
fabc29f 
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Copilot AI changed the title [WIP] Add Sync Notes section and improve safeguard structure for specs SPDD: close spec drift gaps across Effective Tokens, Forecast, Frontmatter Hash, Fuzzy Schedule, and MCP Scripts May 25, 2026
Copilot AI requested a review from gh-aw-bot May 25, 2026 16:57
@pelikhan pelikhan marked this pull request as ready for review May 25, 2026 16:57
Copilot AI review requested due to automatic review settings May 25, 2026 16:57
@pelikhan pelikhan merged commit cd692d1 into main May 25, 2026
@pelikhan pelikhan deleted the copilot/spdd-add-sync-notes-and-structure-safeguards branch May 25, 2026 16:57
Copilot AI reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Documentation-only SPDD update that tightens spec↔implementation synchronization by adding clearer safeguard sections, concrete test vectors, and explicit “sync notes” mappings across several reference specifications.

Changes:

  • Expanded safeguards/threat-model sections and clarified formulas/examples (ET + Forecast).
  • Added/extended sync maps from spec sections/markers to concrete implementation files/functions (ET, Forecast, MCP Scripts, Fuzzy Schedule).
  • Made Frontmatter Hash limits and negative test vectors more concrete (1 MiB cap, oversized-input rejection vector).
Show a summary per file
File Description
docs/src/content/docs/reference/mcp-scripts-specification.md Adds sync note on SM-IS-01 enforcement status and a security marker sync map.
docs/src/content/docs/reference/fuzzy-schedule-specification.md Adds explicit sync-note mappings for grammar and scattering algorithm.
docs/src/content/docs/reference/frontmatter-hash-specification.md Adds caller-operation requirements plus a concrete 1 MiB limit and oversized-input negative vector.
docs/src/content/docs/reference/forecast-specification.md Adds yield example, moves safeguards into main body, and strengthens sync notes mapping.
docs/src/content/docs/reference/effective-tokens-specification.md Adds structured safeguards, ET test vectors appendix, and an OTel attribute→code mapping table.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 5/5 changed files
  • Comments generated: 3

Comment thread docs/src/content/docs/reference/fuzzy-schedule-specification.md
Comment on lines +1248 to +1249
| §3.1 Grammar (`schedule: daily around HH[:MM][am/pm][ timezone]`) | `pkg/parser/schedule_parser.go` (`parseFuzzyScheduleExpression`, tokenizer/grammar helpers) |
| §6 Scattering algorithm | `pkg/parser/schedule_fuzzy_scatter.go` (`scatterDailyTime`, weighted slot selection and deterministic hashing) |
Comment thread docs/src/content/docs/reference/frontmatter-hash-specification.md
Comment on lines +245 to +251
`pkg/cli/hash_command.go` MUST invoke the hash API with the following operational sequence:

1. The caller MUST resolve the target workflow markdown file path and fail with a descriptive error
when the file cannot be read.
2. The caller MUST pass workflow content and repository path context to the frontmatter hash
implementation so imports can be traversed deterministically.
3. The caller MUST return the computed 64-character lowercase SHA-256 hash string on success.
Comment thread docs/src/content/docs/reference/frontmatter-hash-specification.md
Expected result:

- Hash computation is rejected before digest generation.
- Error text includes: `frontmatter input exceeds 1048576-byte limit`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@gh-aw-bot gh-aw-bot Awaiting requested review from gh-aw-bot

Assignees

Copilot code review Copilot

@gh-aw-bot gh-aw-bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[spdd] Daily spec work plan - 2026-05-25

4 participants

@pelikhan @gh-aw-bot