From ffb189a933ef3f24f6f8690d32c0bcac719d8607 Mon Sep 17 00:00:00 2001
From: Ralf Anton Beier <ralf_beier@me.com>
Date: Tue, 17 Mar 2026 19:11:44 +0100
Subject: [PATCH] feat: add bidirectional cross-repo linking to sigil
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add sigil as a rivet external for cross-repo artifact traceability.
Link synth's ELF backend and reproducibility requirements to sigil's
binary signing artifacts:

  synth:ARCH-003 → sigil:CR-12 (ELF section validation requirement)
  synth:ARCH-003 → sigil:CD-14 (ELF signing module design)
  synth:ARCH-003 → sigil:FEAT-2 (native artifact signing feature)
  synth:NFR-002  → sigil:L-7 (attestation chain continuity loss)
  synth:NFR-002  → sigil:SC-14 (attestation chain constraint)

This establishes the security-critical boundary between synth's
verified compilation and sigil's supply chain signing.

Trace: skip
---
 .gitignore                                | 3 +++
 artifacts/architecture.yaml               | 7 +++++++
 artifacts/nonfunctional-requirements.yaml | 6 ++++++
 rivet.yaml                                | 6 ++++++
 4 files changed, 22 insertions(+)

diff --git a/.gitignore b/.gitignore
index 0279849..db6f7cf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -57,3 +57,6 @@ vendor.log
 
 # Claude Code local settings (environment-specific)
 .claude/settings.local.json
+
+# Rivet external project cache
+.rivet/
diff --git a/artifacts/architecture.yaml b/artifacts/architecture.yaml
index 235287f..51e5a19 100644
--- a/artifacts/architecture.yaml
+++ b/artifacts/architecture.yaml
@@ -61,6 +61,7 @@ artifacts:
       ARM Thumb-2 machine code encoder, ELF binary builder, vector table
       generator, linker script support, and MPU configuration. Produces
       bare-metal ELF binaries ready for flashing to Cortex-M targets.
+      ELF output is the input to sigil for supply chain signing (sigil:FEAT-2).
     status: implemented
     tags: [backend, arm-encoding, elf]
     links:
@@ -72,6 +73,12 @@ artifacts:
         target: FR-005
       - type: allocated-from
         target: FR-008
+      - type: traces-to
+        target: sigil:CR-12
+      - type: traces-to
+        target: sigil:CD-14
+      - type: traces-to
+        target: sigil:FEAT-2
     fields:
       component-type: software
       interfaces:
diff --git a/artifacts/nonfunctional-requirements.yaml b/artifacts/nonfunctional-requirements.yaml
index a05871e..64c3a86 100644
--- a/artifacts/nonfunctional-requirements.yaml
+++ b/artifacts/nonfunctional-requirements.yaml
@@ -36,6 +36,8 @@ artifacts:
       produce deterministic output (same input yields same output), provide
       comprehensive error handling, achieve greater than 99% correctness on
       the WebAssembly test suite, and support continuous fuzzing integration.
+      Deterministic output is critical for sigil's attestation chain integrity
+      (sigil:L-7, sigil:DF-13).
     status: draft
     tags: [reliability, determinism, nonfunctional]
     links:
@@ -43,6 +45,10 @@ artifacts:
         target: BR-001
       - type: derives-from
         target: BR-002
+      - type: traces-to
+        target: sigil:L-7
+      - type: traces-to
+        target: sigil:SC-14
     fields:
       req-type: constraint
       priority: must
diff --git a/rivet.yaml b/rivet.yaml
index d47ddd2..17cb2e4 100644
--- a/rivet.yaml
+++ b/rivet.yaml
@@ -50,3 +50,9 @@ externals:
     path: /Volumes/Home/git/pulseengine/meld
     ref: main
     prefix: meld
+
+  sigil:
+    git: https://github.com/pulseengine/sigil.git
+    path: /Volumes/Home/git/pulseengine/sigil
+    ref: main
+    prefix: sigil