assembly of ingest pipeline
This commit is contained in:
@@ -40,7 +40,7 @@
|
||||
|
||||
| Bounded Context | Workflow Slice | Slice Discovery | Core Sketch | Blueprint | Design Security | Assembly | Impl Security | Refactor | Notes |
|
||||
| :-------------- | :------------- | :-------------- | :---------- | :-------- | :-------------- | :------- | :------------ | :------- | :---- |
|
||||
| `ingest-snapshot` | `deterministic-bundle-ingest` | `Complete` | `Complete` | `Complete` | `Ready` | `Not Started` | `Not Started` | `Not Started` | `Foundational source-of-truth slice.` |
|
||||
| `ingest-snapshot` | `deterministic-bundle-ingest` | `Complete` | `Complete` | `Complete` | `Complete` | `Ready` | `Not Started` | `Not Started` | `Foundational source-of-truth slice.` |
|
||||
| `dependency-recovery` | `identify-vendored-packages` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Shrinks app-authored surface before later phases.` |
|
||||
| `dependency-recovery` | `externalize-accepted-dependencies` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Depends on package identification decisions.` |
|
||||
| `static-context-evidence` | `extract-segment-context` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Not Started` | `Produces deterministic evidence for downstream consumers.` |
|
||||
@@ -84,20 +84,20 @@
|
||||
|
||||
### Design Security Gate
|
||||
|
||||
- [ ] trust boundaries reviewed
|
||||
- [ ] authority and least privilege reviewed
|
||||
- [ ] sink and data-flow risks reviewed
|
||||
- [ ] blocking findings resolved or explicitly accepted
|
||||
- [ ] approved for assembly
|
||||
- [x] trust boundaries reviewed
|
||||
- [x] authority and least privilege reviewed
|
||||
- [x] sink and data-flow risks reviewed
|
||||
- [x] blocking findings resolved or explicitly accepted
|
||||
- [x] approved for assembly
|
||||
|
||||
### Assembly Gate
|
||||
|
||||
- [ ] tests added
|
||||
- [ ] implementation completed
|
||||
- [ ] types pass
|
||||
- [ ] tests passing
|
||||
- [ ] effect AST checks run for modified Effect files
|
||||
- [ ] approved for implementation security review or next slice
|
||||
- [x] tests added
|
||||
- [x] implementation completed
|
||||
- [x] types pass
|
||||
- [x] tests passing
|
||||
- [x] effect AST checks run for modified Effect files
|
||||
- [x] approved for implementation security review or next slice
|
||||
|
||||
### Implementation Security Gate
|
||||
|
||||
|
||||
@@ -6,6 +6,12 @@ _Avoid_: import step, parse pass
|
||||
**Run Identity**: the deterministic identity for one ingest run, derived from the upstream snapshot identity rather than manually assigned.
|
||||
_Avoid_: ad hoc run id, operator-chosen id
|
||||
|
||||
**Trusted Bundle Location**: a bundle location that has been parsed and accepted for ingest use.
|
||||
_Avoid_: raw bundle path, unchecked file location
|
||||
|
||||
**Verified Previous Run Manifest**: a prior run manifest that has passed schema and integrity checks before being used for continuity hints.
|
||||
_Avoid_: trusted old manifest, reused manifest blob
|
||||
|
||||
**Segment Record**: one deterministic ingest-level code unit produced from any AST slice boundary that can be proven stably.
|
||||
_Avoid_: chunk, guessed module
|
||||
|
||||
|
||||
Reference in New Issue
Block a user