jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4360a17dd3
stemedb/.agentive-remediation/aphoria-concept-paths/history.md
jordan 157dbbb9eb feat: Complete Aphoria Phase 8-9 + UAT suite (90/90 tests passing) 
## Phase 8: Enterprise Extractor Improvements 
- 14 security extractors (TLS, JWT, SQL injection, XSS, etc.)
- 10 framework-specific extractors (Spring, Django, Rails, etc.)
- Config file security detection (YAML, TOML)

## Phase 9: Autonomous Extractor Generation 
- Shadow mode executor with TP/FP tracking
- Graduation pipeline with confidence thresholds
- Auto-rollback on regression detection
- Cross-project pattern syncing

## UAT Suite Complete (14 scripts, 90 tests)
- test-core-detection.sh (6 tests)
- test-declarative-extractors.sh (5 tests)
- test-domain-frameworks.sh (5 tests)
- test-domain-unreal.sh (3 tests)
- test-llm-extraction.sh (6 tests)
- test-eval-harness.sh (5 tests)
- test-cross-language.sh (3 tests)
- test-precommit-performance.sh (4 tests)
- test-output-formats.sh (8 tests)
- test-drift-detection.sh (6 tests)
- test-exit-codes.sh (12 tests)
+ 3 more scripts

## Other Changes
- Updated roadmap to mark Phase 8-9 complete
- Added .gitignore entries for build artifacts
- Updated pre-commit: 800 line limit, exclude tests/data/cmd

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 22:50:55 -07:00

2.2 KiB
Raw Blame History

aphoria-concept-paths

AUDIT (2026-02-06)

Pattern: Concept paths built inconsistently across extractors

Analysis: Found 29 concept path constructions across different patterns:

Pattern Count Files
A - Inline format!("code://{}", path.join("/")) 24 All extractors
B - build_claim() helper 1 traits.rs definition only
C - format!("{}/{}", prefix, subject) 3 llm/extractor.rs
D - Hardcoded literals scattered tests

Key Finding: The build_claim() helper in traits.rs already exists but is NOT used by any extractor!

// traits.rs:35-63 - UNDERUTILIZED HELPER
pub fn build_claim(
    path_segments: &[String],
    leaf_segments: &[&str],
    predicate: &str,
    value: ObjectValue,
    file: &str,
    line: usize,
    matched_text: &str,
    base_confidence: f32,
    description: &str,
) -> ExtractedClaim {
    // ... builds concept_path consistently
}

Files with inline concept path construction:

  • extractors/jwt_config.rs (1)
  • extractors/tls_verify.rs (1)
  • extractors/tls_version.rs (1)
  • extractors/timeout_config.rs (1)
  • extractors/weak_crypto.rs (2)
  • extractors/hardcoded_secrets.rs (1)
  • extractors/cors_config.rs (2)
  • extractors/rate_limit.rs (2)
  • extractors/dep_versions.rs (4)
  • extractors/sql_injection.rs (1)
  • extractors/command_injection.rs (2)
  • extractors/unreal_*.rs (4)
  • extractors/config_security.rs (1)
  • extractors/declarative/executor.rs (1)
  • llm/extractor.rs (3)

Recommended Fix:

  1. Migrate all extractors to use build_claim() helper
  2. Create a ConceptPath struct for type-safe path building
  3. Validate scheme prefixes (code://, rfc://, owasp://)

Priority: Medium (code duplication, no functional bug)

DEFERRED (2026-02-06)

Reason: Low impact refactor - all patterns produce correct output.

Mitigation:

  1. build_claim() helper already exists in traits.rs
  2. aphoria-dev skill already guides new extractors to use helper
  3. No functional bugs from current implementation
  4. 24 extractors would need updating with no user-visible benefit

Recommendation for future:

  • New extractors MUST use build_claim() helper
  • Consider migration if a breaking change to concept paths is needed