jesus/ontoref
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ontoref/reflection/migrations/0010-manifest-capability-completeness.ncl
Jesús Pérez 82a358f18d
Some checks failed
Nickel Type Check / Nickel Type Checking (push) Has been cancelled
Details
Rust CI / Security Audit (push) Has been cancelled
Details
Rust CI / Check + Test + Lint (push) Has been cancelled
Details
feat: #[onto_mcp_tool] catalog, OCI credential vault layer, validate ADR-018 mode hierarchy 
ontoref-derive: #[onto_mcp_tool] attribute macro registers MCP tool unit-structs in
  the catalog at link time via inventory::submit!; annotated item is emitted unchanged,
  ToolBase/AsyncTool impls stay on the struct. All 34 tools migrated from manual wiring
  (net +5: ontoref_list_projects, ontoref_search, ontoref_describe,
  ontoref_list_ontology_extensions, ontoref_get_ontology_extension).

  validate modes (ADR-018): reads level_hierarchy from workflow.ncl and checks every
  .ncl mode for level declared, strategy declared, delegate chain coherent, compose
  extends valid. mode resolve <id> shows which hierarchy level handles a mode and why.
  --self-test generates synthetic fixtures in a temp dir for CI smoke-testing.

  validate run-cargo: two-step Cargo.toml resolution — workspace layout first
  (crates/<check.crate>/Cargo.toml), single-crate fallback by package name or repo
  basename. Lets the same ADR constraint shape apply to workspace and single-crate repos.

  ontology/schemas/manifest.ncl: registry_topology_type contract — multi-registry
  coordination, push targets, participant scopes, per-namespace capability.

  reflection/requirements/base.ncl: oras ≥1.2.0, cosign ≥2.0.0, sops ≥3.9.0, age
  ≥1.1.0, restic declared as Hard/Soft requirements with version_min, check_cmd, and
  install_hint (ADR-017 toolchain surface).

  ADR-019: per-file recipient routing for tenant isolation without multi-vault. Schema
  additions: sops.recipient_groups + sops.recipient_rules in ontoref-project.ncl.
  secrets-bootstrap generates .sops.yaml from project.ncl in declarative mode. Three
  new secrets-audit checks: recipient-routing-coherent, recipient-routing-coverage,
  no-multi-vault. Adoption templates: single-team/, multi-tenant/, agent-first/.
  Integration templates: domain-producer/, mode-producer/, mode-consumer/.

  UI: project_picker surfaces registry badge (⟳ participant) and vault badge
  (⛁ vault_id · N, green=declarative / amber=legacy) per project card. Expanded panel
  adds collapsible Registry section with namespace, endpoint, and push/pull capability.
  manage.html gains Runtime Services card — MCP and GraphQL toggleable without restart
  via HTMX POST /ui/manage/services/{service}/toggle.

  describe.nu: capabilities JSON includes registry_topology and vault_state per project.
  sync.nu: drift check extended to detect //! absence on newly registered crates.
  qa.ncl: six entries — credential-vault-best-practice (layered data-flow diagram),
  credential-vault-templates (paths A/B/C), credential-vault-troubleshooting (15 named
  errors), integration-what-and-why (ADR-042 OCI federation), integration-how-to-implement,
  integration-troubleshooting.

  on+re: core.ncl + manifest.ncl updated to reflect OCI, MCP, and mode-hierarchy nodes.
  Deleted stale presentation assets (2026-02 slides + voice notes).
2026-05-12 04:46:15 +01:00

40 lines
1.8 KiB
Text
Raw Blame History

{
id = "0010",
slug = "manifest-capability-completeness",
description = "Ensure manifest.ncl declares capabilities[] covering all project functionality — not just ontology structure. Without capabilities, agents see a partial view of the project via describe capabilities.",
check = {
tag = "Grep",
pattern = "make_capability",
paths = [".ontology/manifest.ncl"],
must_be_empty = false,
},
instructions = "
Your project's .ontology/manifest.ncl must declare capabilities[] that describe what the project
DOES — not just what it IS. Each capability should have:
id, name, summary (>30 chars), rationale, how, artifacts[], nodes[]
Without capabilities, `describe capabilities` shows an incomplete view and agents will miss
functionality that exists in the codebase.
1. Run `ontoref sync audit` and check for 'Manifest capability gaps':
- Practice nodes not referenced by any capability's nodes[]
- Reflection modes not referenced by any capability's artifacts[]
2. For each gap, either:
a. Add the missing node/artifact reference to an existing capability, OR
b. Create a new capability entry if the functionality is distinct
3. Verify with: nickel export .ontology/manifest.ncl | from json | get capabilities | length
Should return >= 3 (most real projects have 5-15 capabilities).
4. Run `ontoref sync audit` again — 'Manifest capability gaps' section should not appear.
Common capabilities to declare:
- Each major crate or module with distinct functionality
- Each daemon UI feature (compose, actions, notifications)
- Each CLI subsystem (backlog, forms, sync, coder)
- Each integration point (MCP, NATS, API catalog)
- Each operational workflow (migration, validation, onboarding)
",
}
Reference in a new issue View git blame Copy permalink