fix: harden Zola export, hook paths, and filter store access#144
Merged
fix: harden Zola export, hook paths, and filter store access#144
Conversation
Fixes found during honest quality review: 1. Zola export filter now uses matches_filter_with_store (quantifiers work) 2. rivet init --hooks resolves binary via PATH (not hardcoded debug path) 3. Zola export generates fallback taxonomy templates when missing (zola build now works without a theme) 4. Verified: needs-json import works end-to-end (import → validate → PASS) 5. Verified: variant constraints handle (not feature), (and a b), (excludes a c) Tested: - Clean Zola roundtrip: export → zola build → 53 pages, zero errors - needs-json: 3 artifacts imported, IDs normalized, validates clean - Variant: complex constraints with implies/excludes/and/not Implements: REQ-007 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
STPA analysis treating rivet as a qualification tool (ISO 26262 §11.4.7, TCL 1). Covers hazards introduced by s-expression evaluator, variant solver, Zola export, needs-json import, MCP write tools, and git hooks. Safety (7 hazards, 7 constraints, 3 losses): - H-TQ-001: evaluator returns wrong boolean (→ false PASS) - H-TQ-002: variant solver unsound (accepts invalid config) - H-TQ-003: Zola export omits/stales artifacts - H-TQ-004: needs-json maps links incorrectly - H-TQ-005: MCP modifies without validation - H-TQ-006: git hooks bypassed - H-TQ-007: quantifier scope mismatch Security (5 losses, 3 hazards, 5 constraints): - SL-TQ-002: AI agent prompt injection via MCP (no auth/rate limit) - SL-TQ-004: --no-verify bypasses hooks (hooks are not security controls) - SSC-TQ-002: MCP mutations must produce tamper-evident audit log - SSC-TQ-005: CI must independently verify (hooks are convenience, not security) Implements: REQ-002 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Seven requirements addressing STPA tool qualification constraints: - REQ-047: MCP mutation audit logging (SSC-TQ-002) - REQ-048: Regex complexity bounds (SSC-TQ-001) - REQ-049: Export validation embedding + --clean (SC-TQ-003, SSC-TQ-004) - REQ-050: Import link-target verification (SC-TQ-004, SSC-TQ-003) - REQ-051: CI-enforced traceability, hooks are convenience only (SSC-TQ-005) - REQ-052: Variant solver fuzz testing (SC-TQ-002) - REQ-053: Quantifier scope correctness testing (SC-TQ-007) Implements: REQ-002 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…053 (quantifier scope tests) Three tool qualification requirements implemented: REQ-047 — MCP audit logging: Every mutation (modify, link, unlink, remove) writes a JSON log entry to .rivet/mcp-audit.jsonl with timestamp, tool name, and details. Enables forensic analysis of AI agent activity. REQ-048 — Regex complexity bounds: The matches predicate uses RegexBuilder::size_limit(1MB) to prevent ReDoS attacks via crafted filter expressions. REQ-053 — Quantifier scope correctness: Three new tests verify forall/exists iterate the store parameter: - forall_uses_store_parameter: different stores → different results - exists_uses_store_parameter: adding artifact changes exists result - quantifier_without_store_returns_false: safe default Implements: REQ-047, REQ-048, REQ-053 Verifies: REQ-041 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- --clean flag removes content/<prefix>/ and data/<prefix>/ before writing, preventing deleted artifacts from persisting as stale published pages - data/<prefix>/validation.json embeds PASS/FAIL, error/warning counts, artifact count, and export date for consumers to verify freshness - Addresses TOCTOU between export and publication (SSC-TQ-004) Implements: REQ-049 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Rivet Criterion Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.
| Benchmark suite | Current: 0e00f87 | Previous: 7588c3c | Ratio |
|---|---|---|---|
link_graph_build/10000 |
31957628 ns/iter (± 1255337) |
25885542 ns/iter (± 1621608) |
1.23 |
This comment was automatically generated by workflow using github-action-benchmark.
…curity docs) REQ-050: needs-json import now verifies all link targets exist within the imported artifact set. Unresolved targets produce warnings with artifact ID, link type, and target. Prevents crafted imports from creating links to non-existent artifacts. REQ-051: CLAUDE.md documents that git hooks are convenience only, not security controls. CI must independently enforce traceability. Implements: REQ-050, REQ-051 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Quality hardening based on honest review of what was actually broken:
matches_filter→matches_filter_with_store(quantifiers now work in export)rivet init --hooksuses PATH-based resolution instead of hardcoded debug binarytaxonomy_list.html/taxonomy_single.htmlwhen missingTest plan
zola build→ 53 pages, zero errors, no theme needed(implies a b),(excludes a c),(and a b)all work correctly/Users/r/.cargo/bin/rivet(installed) not/target/debug/rivet🤖 Generated with Claude Code