docs(artifacts): file 14 oracle-verified bug-hunt findings (REQ-110..123) + REQ-109 decision

[avrabe]

Summary

Outcome of a 5-persona oracle-style bug hunt (cross-command report consistency, git/remote semantics, evidence-correctness, path-URL leakage, F2 silent-failure). Each candidate was adversarially verified through 3 distinct lenses (correctness / user-meaning / code-archaeology), confirmed only on ≥2-of-3 majority.

20 candidates → 14 confirmed, 6 refuted. (The refuted set includes a stale "HTML export absolute links" finding correctly killed because REQ-105 just fixed it — the verification gate works.)

Filed as REQ-110..123, dogfooded as rivet artifacts with falsifiable acceptance steps.

Confirmed clusters

REQs	Cluster	Sev
110, 111	Coverage counting — coverage HTML card + JSON total sum per-rule denominators (double-count artifacts in multiple rules) under a label saying "artifacts covered"; clashes with stats' distinct total. The 768/929 class, generalized.	HIGH
112, 113, 114	Git/remote semantics — commits excludes externals while validate includes them; resolve_external_dir returns an unsynced cache path; sync local/remote state reported inconsistently.	HIGH/MED
115, 116, 117, 118	Path/URL leakage beyond REQ-105 — zola export emits absolute artifact links (2 sites); HTML export embeds a hardcoded localhost oEmbed tag; document markdown emits absolute paths.	HIGH/MED
119–123	F2 silent-failure — ReqIF enum/dir-import/field fallbacks swallow drops; external git-checkout + symlink-removal failures silently ignored.	HIGH/MED/LOW

Also

Records the REQ-109 (variant document scoping) design decision: yes, via an optional documents: list on the existing binding (no new directive), default-in for unbound docs, validate always sees the full set. Implementation tracked as follow-up.

Verification

• rivet validate — PASS, no duplicate IDs.
• rivet docs check — PASS.

Next

These are filed for prioritization. The coverage-counting cluster (110/111) is the highest-value + lowest-risk fix (it's the exact "929" class) and a good first target.

🤖 Generated with Claude Code

[github-actions]

📐 Rivet artifact delta

Change	Count
Added	14
Removed	0
Modified	1
Downstream impacted (depth ≤ 5)	0

Graph

graph LR
  REQ_109["REQ-109"]:::modified
  REQ_110["REQ-110"]:::added
  REQ_111["REQ-111"]:::added
  REQ_112["REQ-112"]:::added
  REQ_113["REQ-113"]:::added
  REQ_114["REQ-114"]:::added
  REQ_115["REQ-115"]:::added
  REQ_116["REQ-116"]:::added
  REQ_117["REQ-117"]:::added
  REQ_118["REQ-118"]:::added
  REQ_119["REQ-119"]:::added
  REQ_120["REQ-120"]:::added
  REQ_121["REQ-121"]:::added
  REQ_122["REQ-122"]:::added
  REQ_123["REQ-123"]:::added
  classDef added fill:#d4edda,stroke:#28a745,color:#155724
  classDef removed fill:#f8d7da,stroke:#dc3545,color:#721c24
  classDef modified fill:#fff3cd,stroke:#ffc107,color:#856404
  classDef overflow fill:#e2e3e5,stroke:#6c757d,color:#495057,stroke-dasharray: 3 3

Loading

Added

• REQ-110
• REQ-111
• REQ-112
• REQ-113
• REQ-114
• REQ-115
• REQ-116
• REQ-117
• REQ-118
• REQ-119
• REQ-120
• REQ-121
• REQ-122
• REQ-123

Modified

ID	Changes
REQ-109

📎 Full HTML dashboard attached as workflow artifact rivet-delta-pr-344 — download from the workflow run.

_{Posted by rivet-delta workflow. The graph shows only changed artifacts; open the HTML dashboard (above) for full context.}

[github-actions]

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Rivet Criterion Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.

Benchmark suite	Current: 5a553e5	Previous: 6c66af5	Ratio
validate/10000	18842253 ns/iter (± 3686650)	15014467 ns/iter (± 542013)	1.25

This comment was automatically generated by workflow using github-action-benchmark.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!