Summary
The STPA schema's yaml-sections list for the uca artifact type hardcodes section names that are specific to rivet's own STPA analysis (e.g., core-ucas, cli-ucas, lsp-ucas, mcp-ucas). Projects using custom section names have their UCAs silently dropped.
Reproduction
In the pulseengine/loom project, ucas.yaml defines 25 UCAs across 7 grouped sections:
parser-ucas (3 UCAs) — matched (coincidentally in the list)isle-rewriter-ucas (5 UCAs) — silently droppedpipeline-ucas (8 UCAs) — silently droppedstack-validator-ucas (2 UCAs) — silently droppedz3-verifier-ucas (2 UCAs) — silently droppedencoder-ucas (2 UCAs) — silently droppedcomponent-optimizer-ucas (2 UCAs) — silently dropped
Result: rivet list --type uca shows 3 artifacts instead of 25.
This causes 33 broken links (controller constraints and loss scenarios referencing the missing UCAs) and drops validation coverage from ~99% to ~58%.
Root Cause
In the STPA schema (schema/stpa), the UCA type definition:
- name: uca
yaml-section: ucas
yaml-sections:
- core-ucas
- oslc-ucas
- reqif-ucas
- cli-ucas
- ci-ucas
- dashboard-ucas
- incremental-ucas
- parser-ucas # ← only one that matches LOOM's sections
- dashboard-rendering-ucas
- commit-ucas
- cross-repo-ucas
- wasm-ucas
- lifecycle-ucas
- document-validation-ucas
- external-sync-ucas
- lsp-ucas
- mcp-ucasThese section names are rivet's own project sections. Any project with different controller decompositions will use different section names.
Expected Behavior
Projects should be able to use arbitrary section names for grouped STPA UCAs. Options:
- Wildcard/pattern matching: Accept any section matching
*-ucas as UCA sections
- Project-level override: Allow
rivet.yaml to declare custom yaml-sections per type
- Automatic detection: Infer section type from the artifacts'
id prefix or internal structure (presence of uca-type, hazards, controller fields)
- No hardcoded sections: Remove the hardcoded list and rely solely on
yaml-section: ucas (flat format) plus pattern-based discovery
Option 1 or 3 would be the most user-friendly. The current silent dropping with no warning is particularly dangerous for safety-critical traceability.
Impact
- Affects any project using
stpa-yaml format with custom controller decomposition
- Silent data loss — no warning that sections are being ignored
- Cascading validation failures (broken links to missing UCAs)
- Misleading coverage metrics
Environment
- rivet 0.3.0 (f43c442 feat/parallel-improvements 2026-04-07)
- Project: pulseengine/loom
Summary
The STPA schema's
yaml-sectionslist for theucaartifact type hardcodes section names that are specific to rivet's own STPA analysis (e.g.,core-ucas,cli-ucas,lsp-ucas,mcp-ucas). Projects using custom section names have their UCAs silently dropped.Reproduction
In the
pulseengine/loomproject,ucas.yamldefines 25 UCAs across 7 grouped sections:parser-ucas(3 UCAs) — matched (coincidentally in the list)isle-rewriter-ucas(5 UCAs) — silently droppedpipeline-ucas(8 UCAs) — silently droppedstack-validator-ucas(2 UCAs) — silently droppedz3-verifier-ucas(2 UCAs) — silently droppedencoder-ucas(2 UCAs) — silently droppedcomponent-optimizer-ucas(2 UCAs) — silently droppedResult:
rivet list --type ucashows 3 artifacts instead of 25.This causes 33 broken links (controller constraints and loss scenarios referencing the missing UCAs) and drops validation coverage from ~99% to ~58%.
Root Cause
In the STPA schema (
schema/stpa), the UCA type definition:These section names are rivet's own project sections. Any project with different controller decompositions will use different section names.
Expected Behavior
Projects should be able to use arbitrary section names for grouped STPA UCAs. Options:
*-ucasas UCA sectionsrivet.yamlto declare customyaml-sectionsper typeidprefix or internal structure (presence ofuca-type,hazards,controllerfields)yaml-section: ucas(flat format) plus pattern-based discoveryOption 1 or 3 would be the most user-friendly. The current silent dropping with no warning is particularly dangerous for safety-critical traceability.
Impact
stpa-yamlformat with custom controller decompositionEnvironment