jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0ece696f5d
stemedb/.agentive-remediation/aphoria-concept-paths/history.md
jordan 157dbbb9eb feat: Complete Aphoria Phase 8-9 + UAT suite (90/90 tests passing) 
## Phase 8: Enterprise Extractor Improvements 
- 14 security extractors (TLS, JWT, SQL injection, XSS, etc.)
- 10 framework-specific extractors (Spring, Django, Rails, etc.)
- Config file security detection (YAML, TOML)

## Phase 9: Autonomous Extractor Generation 
- Shadow mode executor with TP/FP tracking
- Graduation pipeline with confidence thresholds
- Auto-rollback on regression detection
- Cross-project pattern syncing

## UAT Suite Complete (14 scripts, 90 tests)
- test-core-detection.sh (6 tests)
- test-declarative-extractors.sh (5 tests)
- test-domain-frameworks.sh (5 tests)
- test-domain-unreal.sh (3 tests)
- test-llm-extraction.sh (6 tests)
- test-eval-harness.sh (5 tests)
- test-cross-language.sh (3 tests)
- test-precommit-performance.sh (4 tests)
- test-output-formats.sh (8 tests)
- test-drift-detection.sh (6 tests)
- test-exit-codes.sh (12 tests)
+ 3 more scripts

## Other Changes
- Updated roadmap to mark Phase 8-9 complete
- Added .gitignore entries for build artifacts
- Updated pre-commit: 800 line limit, exclude tests/data/cmd

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 22:50:55 -07:00

74 lines
2.2 KiB
Markdown
Raw Blame History

# aphoria-concept-paths
## AUDIT (2026-02-06)
**Pattern:** Concept paths built inconsistently across extractors
**Analysis:**
Found 29 concept path constructions across different patterns:
| Pattern | Count | Files |
|---------|-------|-------|
| A - Inline `format!("code://{}", path.join("/"))` | 24 | All extractors |
| B - `build_claim()` helper | 1 | traits.rs definition only |
| C - `format!("{}/{}", prefix, subject)` | 3 | llm/extractor.rs |
| D - Hardcoded literals | scattered | tests |
**Key Finding:**
The `build_claim()` helper in `traits.rs` already exists but is NOT used by any extractor!
```rust
// traits.rs:35-63 - UNDERUTILIZED HELPER
pub fn build_claim(
path_segments: &[String],
leaf_segments: &[&str],
predicate: &str,
value: ObjectValue,
file: &str,
line: usize,
matched_text: &str,
base_confidence: f32,
description: &str,
) -> ExtractedClaim {
// ... builds concept_path consistently
}
```
**Files with inline concept path construction:**
- `extractors/jwt_config.rs` (1)
- `extractors/tls_verify.rs` (1)
- `extractors/tls_version.rs` (1)
- `extractors/timeout_config.rs` (1)
- `extractors/weak_crypto.rs` (2)
- `extractors/hardcoded_secrets.rs` (1)
- `extractors/cors_config.rs` (2)
- `extractors/rate_limit.rs` (2)
- `extractors/dep_versions.rs` (4)
- `extractors/sql_injection.rs` (1)
- `extractors/command_injection.rs` (2)
- `extractors/unreal_*.rs` (4)
- `extractors/config_security.rs` (1)
- `extractors/declarative/executor.rs` (1)
- `llm/extractor.rs` (3)
**Recommended Fix:**
1. Migrate all extractors to use `build_claim()` helper
2. Create a `ConceptPath` struct for type-safe path building
3. Validate scheme prefixes (code://, rfc://, owasp://)
**Priority:** Medium (code duplication, no functional bug)
## DEFERRED (2026-02-06)
**Reason:** Low impact refactor - all patterns produce correct output.
**Mitigation:**
1. `build_claim()` helper already exists in `traits.rs`
2. aphoria-dev skill already guides new extractors to use helper
3. No functional bugs from current implementation
4. 24 extractors would need updating with no user-visible benefit
**Recommendation for future:**
- New extractors MUST use `build_claim()` helper
- Consider migration if a breaking change to concept paths is needed
Reference in New Issue View Git Blame Copy Permalink