82a358f18d
ontoref-derive: #[onto_mcp_tool] attribute macro registers MCP tool unit-structs in
the catalog at link time via inventory::submit!; annotated item is emitted unchanged,
ToolBase/AsyncTool impls stay on the struct. All 34 tools migrated from manual wiring
(net +5: ontoref_list_projects, ontoref_search, ontoref_describe,
ontoref_list_ontology_extensions, ontoref_get_ontology_extension).
validate modes (ADR-018): reads level_hierarchy from workflow.ncl and checks every
.ncl mode for level declared, strategy declared, delegate chain coherent, compose
extends valid. mode resolve <id> shows which hierarchy level handles a mode and why.
--self-test generates synthetic fixtures in a temp dir for CI smoke-testing.
validate run-cargo: two-step Cargo.toml resolution — workspace layout first
(crates/<check.crate>/Cargo.toml), single-crate fallback by package name or repo
basename. Lets the same ADR constraint shape apply to workspace and single-crate repos.
ontology/schemas/manifest.ncl: registry_topology_type contract — multi-registry
coordination, push targets, participant scopes, per-namespace capability.
reflection/requirements/base.ncl: oras ≥1.2.0, cosign ≥2.0.0, sops ≥3.9.0, age
≥1.1.0, restic declared as Hard/Soft requirements with version_min, check_cmd, and
install_hint (ADR-017 toolchain surface).
ADR-019: per-file recipient routing for tenant isolation without multi-vault. Schema
additions: sops.recipient_groups + sops.recipient_rules in ontoref-project.ncl.
secrets-bootstrap generates .sops.yaml from project.ncl in declarative mode. Three
new secrets-audit checks: recipient-routing-coherent, recipient-routing-coverage,
no-multi-vault. Adoption templates: single-team/, multi-tenant/, agent-first/.
Integration templates: domain-producer/, mode-producer/, mode-consumer/.
UI: project_picker surfaces registry badge (⟳ participant) and vault badge
(⛁ vault_id · N, green=declarative / amber=legacy) per project card. Expanded panel
adds collapsible Registry section with namespace, endpoint, and push/pull capability.
manage.html gains Runtime Services card — MCP and GraphQL toggleable without restart
via HTMX POST /ui/manage/services/{service}/toggle.
describe.nu: capabilities JSON includes registry_topology and vault_state per project.
sync.nu: drift check extended to detect //! absence on newly registered crates.
qa.ncl: six entries — credential-vault-best-practice (layered data-flow diagram),
credential-vault-templates (paths A/B/C), credential-vault-troubleshooting (15 named
errors), integration-what-and-why (ADR-042 OCI federation), integration-how-to-implement,
integration-troubleshooting.
on+re: core.ncl + manifest.ncl updated to reflect OCI, MCP, and mode-hierarchy nodes.
Deleted stale presentation assets (2026-02 slides + voice notes).
134 lines
5.5 KiB
Text
134 lines
5.5 KiB
Text
let _Dependency = {
|
|
step | String,
|
|
kind | [| 'Always, 'OnSuccess, 'OnFailure |] | default = 'Always,
|
|
condition | String | optional,
|
|
} in
|
|
|
|
let _OnError = {
|
|
strategy | [| 'Stop, 'Continue, 'Retry, 'Fallback, 'Branch |],
|
|
target | String | optional,
|
|
on_success | String | optional,
|
|
max | Number | default = 3,
|
|
backoff_s | Number | default = 5,
|
|
} in
|
|
|
|
# ── Guard ────────────────────────────────────────────────────────────────────
|
|
# Executable pre-flight check that runs BEFORE any step in the mode.
|
|
# If a guard fails, the mode prints the reason and aborts — preventing agents
|
|
# and humans from executing procedures that violate active constraints.
|
|
# Guards turn silent constraint violations into loud, early blocks.
|
|
#
|
|
# Pattern: Active Partner (#1 from Augmented Coding Patterns)
|
|
# "Explicitly grant permission and encourage AI to push back."
|
|
# Guards are the mechanism by which the protocol pushes back.
|
|
#
|
|
# cmd: shell command that exits 0 = pass, non-zero = blocked
|
|
# reason: human-readable explanation shown when the guard blocks
|
|
# severity: 'Block aborts execution, 'Warn prints warning but continues
|
|
let _Guard = {
|
|
id | String,
|
|
cmd | String,
|
|
reason | String,
|
|
severity | [| 'Block, 'Warn |] | default = 'Block,
|
|
} in
|
|
|
|
# ── Converge ─────────────────────────────────────────────────────────────────
|
|
# Post-execution convergence check for iterative modes.
|
|
# After all steps complete, the executor evaluates the condition command.
|
|
# If it exits non-zero, the mode re-executes (failed steps or all steps)
|
|
# up to max_iterations times.
|
|
#
|
|
# Pattern: Refinement Loop (#36 from Augmented Coding Patterns)
|
|
# "Each iteration removes a layer of noise, making the next layer visible."
|
|
#
|
|
# condition: shell command — exit 0 = converged, non-zero = iterate again
|
|
# max_iterations: upper bound on re-execution cycles (prevents infinite loops)
|
|
# strategy: 'RetryFailed re-runs only steps that failed or were blocked;
|
|
# 'RetryAll re-runs the entire DAG from scratch
|
|
let _Converge = {
|
|
condition | String,
|
|
max_iterations | Number | default = 3,
|
|
strategy | [| 'RetryFailed, 'RetryAll |] | default = 'RetryFailed,
|
|
} in
|
|
|
|
let _ActionStep = fun ActionContract => {
|
|
id | String,
|
|
action | ActionContract,
|
|
depends_on | Array _Dependency | default = [],
|
|
cmd | String | optional,
|
|
actor | [| 'Human, 'Agent, 'Both |] | default = 'Both,
|
|
on_error | _OnError | default = { strategy = 'Stop },
|
|
verify | String | optional,
|
|
note | String | optional,
|
|
} in
|
|
|
|
# Resolution strategy for multi-level hierarchy traversal (ADR-018).
|
|
# Required at Domain (level 2) and Instance (level 3) — absent at Base (level 1).
|
|
# Implicit absence at level 2+ is treated as 'Delegate with a Soft validation warning.
|
|
let _ResolutionStrategy = [| 'Override, 'Delegate, 'Merge, 'Compose |] in
|
|
|
|
let _ModeBase = fun ActionContract => {
|
|
id | String,
|
|
trigger | String,
|
|
preconditions | Array String | default = [],
|
|
guards | Array _Guard | default = [],
|
|
steps | Array (_ActionStep ActionContract),
|
|
postconditions | Array String | default = [],
|
|
converge | _Converge | optional,
|
|
# ADR-018: which level owns this mode's implementation.
|
|
# 'Override = complete here; 'Delegate = traverse to parent; 'Merge = accumulate;
|
|
# 'Compose = partial inheritance declared in `extends`.
|
|
strategy | _ResolutionStrategy | optional,
|
|
# When strategy = 'Compose: step or field ids to inherit from the parent mode.
|
|
# Every reference must exist in the parent — a broken extends is always a bug.
|
|
extends | Array String | optional,
|
|
} in
|
|
|
|
# DAG-validated Mode contract:
|
|
# 1. structural contract via _ModeBase
|
|
# 2. step ID uniqueness within the mode
|
|
# 3. referential integrity — all depends_on.step reference an existing id
|
|
# Cycle detection is a separate Rust-side pass (ontoref-reflection::dag::validate).
|
|
let _Mode = fun ActionContract =>
|
|
std.contract.custom (fun label value =>
|
|
let validated = value | (_ModeBase ActionContract) in
|
|
let steps = validated.steps in
|
|
let ids = steps |> std.array.map (fun s => s.id) in
|
|
|
|
let _after_unique = ids |> std.array.fold_left (fun acc id =>
|
|
if std.record.has_field id acc.seen then
|
|
std.contract.blame_with_message
|
|
"Mode '%{validated.id}': duplicate step id '%{id}'"
|
|
label
|
|
else
|
|
{ seen = acc.seen & { "%{id}" = true }, ok = true }
|
|
) { seen = {}, ok = true } in
|
|
|
|
let bad_refs = steps |> std.array.flat_map (fun step =>
|
|
step.depends_on
|
|
|> std.array.filter (fun dep =>
|
|
!(ids |> std.array.any (fun i => i == dep.step))
|
|
)
|
|
|> std.array.map (fun dep =>
|
|
"step '%{step.id}' depends_on unknown '%{dep.step}'"
|
|
)
|
|
) in
|
|
|
|
if std.array.length bad_refs > 0 then
|
|
std.contract.blame_with_message
|
|
"Mode '%{validated.id}' has invalid depends_on: %{std.string.join ", " bad_refs}"
|
|
label
|
|
else
|
|
'Ok validated
|
|
)
|
|
in
|
|
|
|
{
|
|
Dependency = _Dependency,
|
|
OnError = _OnError,
|
|
Guard = _Guard,
|
|
Converge = _Converge,
|
|
ActionStep = _ActionStep,
|
|
Mode = _Mode,
|
|
ResolutionStrategy = _ResolutionStrategy,
|
|
}
|