e758f2ebfb
Completes Task #3 of httpclient dogfooding with 100% detection rate (7/7 violations). ## New Extractors - **OptionBoundsExtractor**: Detects Option<T> fields set to None (unbounded) - **OptionValueExtractor**: Extracts values from Some(n) for threshold checks Both extractors use context-aware pattern matching to understand Rust Option<T> semantics, which declarative extractors cannot handle. ## Implementation **Files Created**: - applications/aphoria/src/extractors/option_bounds.rs (257 lines) - applications/aphoria/src/extractors/option_value.rs (277 lines) - applications/aphoria/docs/examples/extractors/programmatic-option-semantics.md **Files Modified**: - applications/aphoria/src/extractors/mod.rs - Added module declarations - applications/aphoria/src/extractors/registry.rs - Registered extractors - applications/aphoria/dogfood/httpclient/.aphoria/claims.toml - Added 4 claims - applications/aphoria/dogfood/httpclient/TASK-1-SUMMARY.md - Task #3 completion ## Results | Metric | Value | |--------|-------| | Detection Rate | 100% (7/7 violations) | | Improvement | +29 percentage points (from 71%) | | New Violations | 2 (max_redirects, max_retries unbounded) | | Unit Tests | 13 (all passing) | ## Two-Claim Strategy For each bounded Option<T> field: 1. **configured** claim - Detects None (unbounded) 2. **max_value** claim - Validates Some(n) threshold Example: - `max_redirects: None` → CONFLICT (not configured) - `max_redirects: Some(20)` → CONFLICT (exceeds 10) - `max_redirects: Some(5)` → PASS ## Enterprise Quality ✓ Proper error handling (no unwrap/expect) ✓ Comprehensive tests (6+7 unit tests) ✓ Full documentation with examples ✓ Reusable for 10+ similar patterns ✓ Screening patterns for performance ## Cachewrap Dogfood Also includes complete cachewrap dogfood exercise: - 10 claims for Redis cache wrapper - Day 1-5 summaries - Full retrospective and evaluation - Declarative extractors for all patterns Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| .aphoria | ||
| docs/sources | ||
| src | ||
| Cargo.toml | ||
| create-claims.sh | ||
| DAY1-SUMMARY.md | ||
| DAY2-SUMMARY.md | ||
| DAY3-SUMMARY.md | ||
| DAY5-DOGFOODING-REPORT.md | ||
| DEMO-SCRIPT.md | ||
| DOGFOODING-REPORT.md | ||
| plan.md | ||
| README-FINAL.md | ||
| README.md | ||
| scan-all-violations.json | ||
| scan-debug.log | ||
| scan-final.json | ||
| scan-fixed.json | ||
| scan-results-v1.json | ||
| scan-results-v2.json | ||
| scan-task3.json | ||
| scan-with-prefix.json | ||
| TASK-1-SUMMARY.md | ||
HTTP Client Library (httpclient) - Project 2
Status: Ready to start (Project 1 complete) Purpose: Demonstrate Aphoria's autonomous flywheel through pattern reuse from dbpool Duration: 4 days (faster than Project 1's 5 days due to skills + pattern reuse)
What Makes This Different from Project 1
Project 1 (dbpool): Established baseline
- Created 27 claims from scratch (manual workflow, 4 hours)
- 2-3 naming errors to fix
- Manual CLI workflow
Project 2 (httpclient): Demonstrates flywheel
- Reuse 8-10 claims from dbpool (skills-driven, 1-2 hours)
- 0 naming errors (skills enforce consistency)
- Autonomous workflow via skills
Expected Results:
- 50-60% time reduction for Day 1
- 40% pattern reuse
- 100% naming consistency
Quick Start
Pre-Flight Check
# Verify Project 1 corpus exists
curl 'http://localhost:18180/v1/aphoria/corpus' | \
jq '[.items[] | select(.subject | contains("dbpool"))] | length'
# Must return: 27
# Verify skills installed
ls -la ~/.claude/skills/ | grep aphoria | wc -l
# Must return: 8
If both pass: You're ready to start
If either fails: Complete Project 1 first or install skills
What We're Building
httpclient: Production-ready HTTP client library with connection pooling, timeout management, and TLS enforcement.
Why This Project:
- Shares patterns with dbpool: connection_timeout, TLS config, metrics
- Demonstrates flywheel: Skills discover existing patterns, enforce aligned naming
- Real violations: timeout cascades, redirect loops, TLS bypasses
- Measurable ROI: "50% faster due to pattern reuse" + "Aphoria prevented production timeout cascade"
7 Intentional Violations
- Unbounded redirect limit (should be ≤10)
- Excessive request timeout (120s vs 30s max)
- Excessive connection timeout (60s vs 10s max)
- Missing idle timeout (connections never expire)
- TLS verification disabled (MITM vulnerability)
- TLS version too low (TLS 1.0 vs 1.2 minimum)
- No retry limit (retry storms amplify failures)
All violations have clear consequences and alignment with dbpool patterns.
Pattern Reuse from dbpool
| dbpool Pattern | httpclient Adaptation |
|---|---|
connection_timeout: max 30s |
request_timeout: max 30s |
tls/enabled: required |
tls/certificate_validation: required |
tls/min_version: 1.2 |
tls/min_version: 1.2 (same) |
max_connections: required |
max_redirects: max 10 (bounded resource) |
max_lifetime: required |
idle_timeout: required (lifecycle) |
Skills will discover these patterns automatically on Day 1.
Day-by-Day Plan
Day 1: Claims with Pattern Discovery (1-2 hours)
Use skills:
/aphoria-suggest- Discover reusable dbpool patterns/aphoria-claims- Extract claims with enforced naming alignment
Target: 22 claims (8-10 reused, 12-14 new)
See: plan.md Day 1 for detailed workflow
Day 2: Implementation (4-5 hours)
Create library with 7 violations:
src/config.rs- 5 violationssrc/client.rs- 2 violations
Document violations inline with // VIOLATION: comments
See: plan.md Day 2 for file structure
Day 3: Scan + Custom Extractors (2-3 hours)
Initial scan:
aphoria scan --persist --format json > scan-results-v1.json
If built-in extractors insufficient:
/aphoria-custom-extractor-creator
"Generate extractors for these violations..."
Target: 7/7 violations detected
See: plan.md Day 3 for extractor generation
Day 4: Remediation (4-5 hours)
Fix violations incrementally:
- Fix 1 → scan-v2.json
- Fix 2 → scan-v3.json
- ...
- Fix 7 → scan-v8.json (0 conflicts)
Git commit after each fix with context
See: plan.md Day 4 for remediation workflow
Day 5: Documentation (3-4 hours)
Create:
SUCCESS-STORY.md- Flywheel metrics and evidenceDEMO-SCRIPT.md- Stakeholder presentation
Document:
- Time savings: 60%+ reduction
- Pattern reuse: 40%+ claims
- Naming consistency: 100%
See: plan.md Day 5 for documentation requirements
Success Criteria
Minimum (Proves Skills Work)
- ✅ Day 1 in <2 hours (vs 4 hours)
- ✅ 8+ claims reused from dbpool
- ✅ 0 naming errors
- ✅ 7/7 violations detected
Full (Proves Flywheel Works)
- ✅ All of above, plus:
- ✅ Skills generated all extractors
- ✅ Documented flywheel value:
- Time: 60%+ faster
- Reuse: 40%+ patterns
- Consistency: 100% aligned
Files
Planning:
plan.md- Complete 5-day planCHECKLIST.md- Day-by-day execution (similar to dbpool)README.md- This file
Authority Sources (fetch on Day 1):
docs/sources/http-rfcs.md- RFC 7230-7235docs/sources/mozilla-http.md- Mozilla HTTP best practicesdocs/sources/requests-docs.md- Requests library patterns
Implementation (Day 2):
src/- HTTP client library with violationstests/- Integration testsCargo.toml- Dependencies
Evidence (Days 3-5):
scan-results-v*.json- Progressive scan resultsSUCCESS-STORY.md- Flywheel demonstrationDEMO-SCRIPT.md- Presentation guide
Documentation
Detailed plan: plan.md
Execution checklist: CHECKLIST.md (reference dbpool's with Project 2 context)
Pattern reuse guide: ../dbpool/docs/multi-project-setup.md
Ready to Start?
- ✅ Verify pre-flight checks pass (27 dbpool claims, 8 skills)
- ✅ Read
plan.mdfor complete context - ✅ Start Day 1 with
/aphoria-suggestto discover patterns
The flywheel is ready. Project 2 will prove it works.