Conversation
…Phase 3) Verify that rivet get works and that every command accepting --format json produces valid JSON output. Adds individual tests for coverage, matrix, next-id, schema show/links/rules/info, and get --format yaml, plus a sweep test that validates all JSON-producing commands in a single pass. Implements: REQ-001 Refs: #93 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add missing security analysis artifacts identified in the STPA-Sec review of the MCP server attack surface: two security UCAs covering unauthenticated tool invocation and path disclosure in errors, one loss scenario for malicious VS Code extension exploitation, and one security constraint requiring path sanitization. Implements: SUCA-MCP-1, SUCA-MCP-2, SLS-IMPL-001, SSC-IMPL-006 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e 4) Add EU AI Act compliance page to the multi-page HTML export and the single-page renderer. When the eu-ai-act schema is loaded, the page shows per-section coverage, missing artifact types, and an artifact inventory grouped by Annex IV section. When the schema is not loaded, a brief "not configured" message is shown instead. The sidebar nav conditionally includes the EU AI Act link (like STPA). Implements: #99 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mount an MCP-over-HTTP endpoint at /mcp on the dashboard server using rmcp's StreamableHttpService. The endpoint runs in stateless mode with JSON responses so a simple POST suffices — no SSE framing needed for request/response tools. Each request snapshots the dashboard's current store/schema/graph into a fresh RivetServer, so dashboard reloads are picked up automatically. Implements: FEAT-049 Refs: #98 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e coverage Add constraint-satisfies links from requirements to all 35 system constraints and 62 controller constraints, fixing the two stpa-dev bridge rules that were at 0% coverage. Add 3 MCP server UCAs (UCA-M-1..3) and 3 corresponding controller constraints (CC-M-1..3) covering stale state, partial loads, and pre-validation coverage. Register mcp-ucas in stpa.yaml yaml-sections. Update rivet.yaml trace-exempt-artifacts for new STPA IDs. Overall coverage: 83.7% -> 99.8% (596/597 rules covered). Satisfies: SC-1, SC-2, SC-3, SC-4, SC-5, SC-6, SC-7, SC-8, SC-9, SC-10 Satisfies: SC-11, SC-12, SC-13, SC-14, SC-15, SC-16, SC-17, SC-18, SC-19 Refs: SC-IMPL-003, H-IMPL-003 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Rivet Criterion Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.
| Benchmark suite | Current: 0d07558 | Previous: 6f781be | Ratio |
|---|---|---|---|
link_graph_build/10000 |
30763491 ns/iter (± 3466090) |
24486177 ns/iter (± 2956363) |
1.26 |
This comment was automatically generated by workflow using github-action-benchmark.
… map Expand AGENTS.md commit traceability section with a trailer reference table, artifact selection guide, and a retroactive traceability map covering 18 orphan commits (PRs #28 through #124) that predate strict trailer enforcement. Restructure CLAUDE.md to prominently feature commit trailer requirements as mandatory, with a quick-reference lookup for common artifact IDs by work area. This addresses the 41 orphan commits (36% of total) by documenting their artifact relationships for audit purposes without rewriting git history, and ensures future commits follow the trailer convention. Refs: REQ-017 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add undeclared fields to stpa.yaml and dev.yaml schemas to match actual data usage, eliminating all "field not defined in schema" INFO-level diagnostics (194 -> 59, remaining 59 are traceability rules). stpa.yaml: - uca: add control-action (string) field - loss-scenario: add type (alias for scenario-type) and process-model-flaw (text) - controller: add type (alias for controller-type), control-actions and feedback (list<mapping>) dev.yaml: - design-decision: add decision (text) field Fixes #125 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ests Add spar as a cross-repo external dependency in rivet.yaml, with both a git URL (matching the Cargo.toml rev) and a local path fixture for development/testing. Fix a bug where internal link targets within external projects were not being prefixed when loaded into the store, causing false broken-cross-ref validation failures. - Add spar external config to rivet.yaml (git + local path) - Create test fixture at tests/fixtures/spar-external/ with 4 artifacts - Add 6 integration tests in externals_sync.rs covering sync, load, cross-repo link resolution, backlinks, and dogfood config parsing - Fix ProjectContext::load to prefix external-internal link targets Implements: FEAT-020 Refs: REQ-020 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both `rivet stats` and `rivet stats --format json` previously computed their output independently — text via `print_stats` and JSON via inline code. While both ultimately called `store.len()`, the separate code paths could diverge if `by_type` got out of sync with the `artifacts` HashMap (e.g. after a type-change upsert left a phantom empty-vector entry in `by_type`). Changes: - Extract `compute_stats()` that both text and JSON paths consume, deriving the total as the sum of per-type counts rather than from `store.len()` directly. - Fix `Store::upsert` to remove the old type key from `by_type` when its vector becomes empty, preventing phantom zero-count types. - Add `Store::types_total()` for cross-check convenience. - Add 4 tests: 2 in `rivet-core` (store consistency) and 2 in `rivet-cli` (stats total == sum of type counts, including after type-change). Fixes #125 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add --list flag to `rivet docs` command so both `rivet docs` and `rivet docs --list` list available topics. Fix LSP server shutdown deadlock where io_threads.join() blocked because the connection sender channel was never closed. Add 5 LSP integration tests that spawn `rivet lsp` as a subprocess, communicate via JSON-RPC over stdio, and verify: initialize handshake with capabilities, diagnostics on didOpen with broken links, documentSymbol response, clean shutdown, and error diagnostics for unknown artifact types. Refs: FEAT-022 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The salsa validation path manually collected schema contents without calling load_schema_contents(), skipping bridge auto-discovery. This caused 98 warnings about constraint-satisfies link type not being defined. Now uses the same path as --direct. Result: PASS, 3 warnings (new draft constraints without requirements) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The `if` field must be inside individual hooks, not at the group level. Uses `rivet stamp all` (available in installed binary) instead of `rivet provenance mark` (PR #125 not yet merged). Note: hooks load at session start — need fresh session to test. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Refs: #104
Add a complete s-expression filter/constraint language for artifact querying. Rowan-based lossless CST parser with error recovery, typed AST evaluator supporting 20 predicates (logical connectives, comparisons, collection membership, link traversal, regex matching), and CLI --filter integration on list, stats, and coverage commands. New artifacts for v0.4.0 variant/PLE system: 6 requirements (REQ-041..046), 4 design decisions (DD-048..051), 9 features (FEAT-106..114), and full STPA analysis with 7 hazards, 7 system constraints, 5 UCAs, 5 controller constraints, and 4 loss scenarios in safety/stpa/variant-hazards.yaml. Examples: rivet list --filter '(= type "requirement")' rivet list --filter '(and (has-tag "stpa") (= status "approved"))' rivet stats --filter '(= type "feature")' rivet coverage --filter '(has-tag "safety")' Implements: REQ-041 Refs: FEAT-106, FEAT-107, FEAT-108 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add s-expression filter support to the /api/v1/artifacts endpoint via ?filter= query parameter. Parsed once before iterating, composes with existing ?type=, ?status=, ?q= parameters. Add runtime-evidence artifact type to eu-ai-act.yaml addressing Art. 12(2) tamper-evident runtime logging requirements (per #99 feedback from @jagmarques). Includes hash-chain integrity via previous-digest, cosign/sigstore signature support, and new monitoring-has-evidence traceability rule. Implements: REQ-041 Refs: FEAT-108 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…R-004) Property-based tests verifying 7 logical equivalences with 200 randomized cases each across random artifacts and expression trees: - De Morgan's law (both directions) - Double negation elimination - Commutativity of and/or - Implies expansion: (implies A B) === (or (not A) B) - Excludes expansion: (excludes A B) === (not (and A B)) - Parser round-trip preservation Satisfies STPA controller constraint CC-VAR-004 which requires property-based verification of evaluator correctness. Verifies: REQ-041 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MCP server now exposes full CRUD: rivet_add (existing), rivet_modify (change status/title/tags/fields), rivet_link/rivet_unlink (manage links between artifacts), and rivet_remove (delete artifacts). All tools wrap the existing rivet-core::mutate module with schema validation. Add scripts/install-hooks.sh that installs commit-msg (trailer validation) and pre-commit (rivet validate) git hooks. Implements: REQ-007 Refs: FEAT-010 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add FilterInput salsa input, parse_filter_expr tracked function (caches the s-expression parse), and filter_artifact_ids tracked function that returns matching artifact IDs. Returns Vec<String> instead of Store to satisfy salsa's PartialEq requirement on tracked return types. The parse result is memoized — the same filter string across multiple validation cycles only parses once. When source files change, salsa recomputes the filtered set incrementally. Implements: REQ-029 Refs: FEAT-109 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add --hooks flag to rivet init that installs git hooks (commit-msg for trailer validation, pre-commit for rivet validate). Hooks chain with existing hooks via .prev backup files for coexistence with husky, pre-commit, lefthook, etc. Add rivet_query MCP tool that accepts an s-expression filter and returns matching artifacts with full details. MCP server now exposes 15 tools. Implements: REQ-007 Refs: FEAT-010, FEAT-108 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- cargo fmt across all modified files - Remove identity SK::from() conversions (clippy::useless_conversion) - Use Vec::contains() instead of iter().any() (clippy::manual_contains) - Remove unused CompOp import in proptest Trace: skip Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Format lsp_integration.rs and externals_sync.rs (CI nightly rustfmt). Include all provenance-stamped artifact files that were auto-modified by the PostToolUse hook during this session. Trace: skip Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
avrabe
added a commit
that referenced
this pull request
Apr 21, 2026
Addresses three gaps found in the post-v0.4.0 dogfooding audit. **v0.4.0 shipped-work artifacts** — `artifacts/v040-features.yaml` was last touched 2026-04-12 and describes variant/PLE work (FEAT-106..114), not the verification pyramid that actually shipped on 2026-04-19. New file `artifacts/v040-verification.yaml` authors 4 design decisions (DD-052 four-layer verification pyramid, DD-053 suffix-based yaml-section matching, DD-054 non-blocking framing for formal CI jobs, DD-055 cfg-gate platform syscalls), 8 features (FEAT-115..122 covering Kani 27-harness expansion, differential YAML tests, operation-sequence proptest, STPA-Sec suite, suffix-based UCA extraction, nested control-action extraction, Zola export, Windows support), and 1 requirement (REQ-060 cross-platform binaries). Counts were verified against the actual codebase — 27 `#[kani::proof]` attrs in proofs.rs, 6 differential tests, 16 STPA-Sec tests. **Retroactive trailer map** — extended `AGENTS.md` with three more legacy orphans (51f2054 #126, f958a7e, 75521b8 #44), a new v0.4.0 PR-level section for #150/#151/#152/#153, and an honest "genuinely-unmappable" section calling out `ca97dd9f` (#95) whose `SC-EMBED-*` trailers point to artifacts that were never authored. **Verus Proofs → hard gate** — rules_verus PR #21 (merged as 5bc96f39) fixes the hub-repo's ambiguous `:all` alias by emitting proper `toolchain()` wrappers per platform. Updates the git_override pin from e2c1600a (Feb 2026, broken) to 5bc96f39 and removes `continue-on-error: true` from the Verus job. Implements: REQ-030, REQ-060 Refs: DD-052, DD-053, DD-054, DD-055, FEAT-115, FEAT-116, FEAT-117, FEAT-118, FEAT-119, FEAT-120, FEAT-121, FEAT-122 Verifies: REQ-030
avrabe
added a commit
that referenced
this pull request
Apr 21, 2026
Addresses three gaps found in the post-v0.4.0 dogfooding audit. **v0.4.0 shipped-work artifacts** — `artifacts/v040-features.yaml` was last touched 2026-04-12 and describes variant/PLE work (FEAT-106..114), not the verification pyramid that actually shipped on 2026-04-19. New file `artifacts/v040-verification.yaml` authors 4 design decisions (DD-052 four-layer verification pyramid, DD-053 suffix-based yaml-section matching, DD-054 non-blocking framing for formal CI jobs, DD-055 cfg-gate platform syscalls), 8 features (FEAT-115..122 covering Kani 27-harness expansion, differential YAML tests, operation-sequence proptest, STPA-Sec suite, suffix-based UCA extraction, nested control-action extraction, Zola export, Windows support), and 1 requirement (REQ-060 cross-platform binaries). Counts were verified against the actual codebase — 27 `#[kani::proof]` attrs in proofs.rs, 6 differential tests, 16 STPA-Sec tests. **Retroactive trailer map** — extended `AGENTS.md` with three more legacy orphans (51f2054 #126, f958a7e, 75521b8 #44), a new v0.4.0 PR-level section for #150/#151/#152/#153, and an honest "genuinely-unmappable" section calling out `ca97dd9f` (#95) whose `SC-EMBED-*` trailers point to artifacts that were never authored. **Verus Proofs → hard gate** — rules_verus PR #21 (merged as 5bc96f39) fixes the hub-repo's ambiguous `:all` alias by emitting proper `toolchain()` wrappers per platform. Updates the git_override pin from e2c1600a (Feb 2026, broken) to 5bc96f39 and removes `continue-on-error: true` from the Verus job. Implements: REQ-030, REQ-060 Refs: DD-052, DD-053, DD-054, DD-055, FEAT-115, FEAT-116, FEAT-117, FEAT-118, FEAT-119, FEAT-120, FEAT-121, FEAT-122 Verifies: REQ-030
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bug fixes:
Features:
/mcpendpointrivet docs --listflagData quality:
Test plan
rivet validate— PASS, 3 warnings (draft constraints)cargo buildclean,cargo clippycleanRefs: #91, #93, #98, #99
🤖 Generated with Claude Code