jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ce86eee996
stemedb/applications/aphoria/dogfood/httpclient/DEMO-SCRIPT.md
jml 3dac3dc914 feat(aphoria): implement Day 3 debugging features and comprehensive documentation 
Implements all product gaps identified in msgqueue Day 3 evaluation (VG-DAY3-001/003/004)
and adds comprehensive documentation to prevent dogfooding failures.

## Product Features (VG-DAY3-XXX)

### VG-DAY3-001: --show-observations flag (P0)
- Shows all observations with concept paths for debugging extractor alignment
- Includes claim matching analysis (/ visual feedback)
- Explains tail-path matching and why observations don't match claims
- 8 unit tests in src/report/observations.rs
- 5 integration tests in src/tests/day3_debugging.rs

### VG-DAY3-003: aphoria extractors validate (P2)
- Validates extractor subject fields match claim concept_paths
- Smart fuzzy matching suggests corrections for typos
- Clear error messages with actionable hints
- Proper exit codes (0=success, 1=validation failed)

### VG-DAY3-004: aphoria extractors test NAME --file (P2)
- Tests single extractor pattern against one file (no full scan needed)
- Shows line numbers and matched text
- Previews what observation would be created
- Helpful troubleshooting when pattern doesn't match

## Documentation (P0-P1)

### New Docs Created
- docs/extractors/declarative-extractors.md (800 lines)
  - Complete field reference with emphasis on subject field format
  - 3 worked examples (timeout=0, unbounded queue, TLS disabled)
  - Common mistakes with fixes
  - Validation workflow
  - Debugging 0% detection rate

- docs/examples/extractors/timeout-zero-example.md (500 lines)
  - End-to-end flow: code → extractor → claim → conflict → fix
  - Visual diagrams showing path alignment
  - Troubleshooting guide
  - Validation checklist

- docs/dogfooding-common-mistakes.md (560 lines)
  - Mistake #1: Skipping Day 3 extractor creation (CRITICAL)
  - Mistake #2: Creating extractors with wrong subject format (NEW)
  - Evidence from msgqueue failures
  - Recovery procedures

### Docs Updated
- dogfood/msgqueue/plan.md (Day 3 Steps 3-4)
  - Added complete manual declarative extractor TOML format
  - Added validation workflow BEFORE scanning
  - Added debug workflow for 0% detection after creating extractors

- dogfood/msgqueue/eval/ (evaluation artifacts)
  - EVALUATION-REPORT-2026-02-10.md (600 lines)
  - DOC-FIXES-2026-02-10.md (summary of fixes)
  - IMPLEMENTATION-REVIEW-2026-02-10.md (feature review)

## New Extractors
- src/extractors/ack_mode_config.rs - Detects AckMode::AutoAck violations
- src/extractors/async_blocking.rs - Detects blocking calls in async functions
- src/extractors/unbounded_resources.rs - Detects unbounded queues/connections

## Code Changes
- src/cli/mod.rs: Add --show-observations flag to scan command
- src/cli/extractors.rs: Add Validate and Test subcommands
- src/handlers/scan.rs: Call format_observations when flag enabled
- src/handlers/extractors.rs: Implement handle_validate() and handle_test()
- src/report/observations.rs: Observation formatting with claim matching analysis
- src/tests/day3_debugging.rs: Integration tests for new features

## Dogfood Artifacts
- dogfood/msgqueue/ - Complete msgqueue Day 3 evaluation with findings
- dogfood/dbpool/ - Database pool dogfooding exercise

## Impact
- Time savings: 30 min per Day 3 debugging (67% faster)
- User experience: Transparent debugging (no blind trial-and-error)
- Documentation: 1,860 new lines covering all P0-P1 gaps

## Related Issues
- Closes VG-DAY3-001 (--show-observations)
- Closes VG-DAY3-002 (concept path alignment docs)
- Closes VG-DAY3-003 (extractors validate)
- Closes VG-DAY3-004 (extractors test)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-11 03:31:06 +00:00

13 KiB
Raw Blame History

Aphoria Dogfooding Demo Script

HTTP Client Project - Stakeholder Presentation

Duration: 15 minutes Audience: Engineering leaders, security teams, potential pilot customers Goal: Demonstrate Aphoria's autonomous flywheel value + transparency about gaps

Opening (1 min)

"We just completed our second Aphoria dogfooding project. Here's what we learned."

Context:

  • Project 1 (dbpool): Database connection pool library → 27 claims created (baseline)
  • Project 2 (httpclient): HTTP client library → Test if knowledge from Project 1 compounds
  • Hypothesis: Aphoria's flywheel makes Project 2 faster through pattern reuse

Part 1: What Worked - Pattern Discovery (5 min)

Demo: Pattern Discovery in Action

Terminal 1: Show dbpool corpus

curl http://localhost:18180/v1/aphoria/corpus | \
  jq '[.items[] | select(.subject | contains("dbpool"))] | length'

Output: 27 (claims from Project 1)

"This is our knowledge base from Project 1. Watch Aphoria discover reusable patterns automatically."

Terminal 2: Run /aphoria-suggest

# (Show the skill invocation and output)

Key Output:

Pattern Reuse Analysis:
- TLS patterns: certificate_validation, enabled → DIRECTLY REUSABLE
- Timeout patterns: connection_timeout → ADAPT to connect_timeout + request_timeout
- Lifecycle: idle_timeout → REUSE for HTTP keep-alive
- Bounded resources: max_connections → ADAPT to max_redirects
- Metrics: enabled, exposed → DIRECTLY REUSABLE

Naming Conventions Discovered:
- Use tls/ prefix for all TLS settings
- Use _timeout suffix for timeout fields
- Use max_* prefix for upper bounds

"In 15 minutes, Aphoria identified 9 reusable patterns from Project 1."

Compare to manual:

  • Manually researching dbpool patterns: ~2 hours
  • Figuring out naming conventions: ~30 min (with 2-3 errors)
  • Total saved: 2.5 hours (62.5% reduction)

Terminal 3: Show created claims

aphoria claims list --format table | grep httpclient | head -10

Key Output:

| httpclient-connect-timeout-001     | safety   | expert | TCP connection timeout MUST NOT exceed 10 seconds |
| httpclient-request-timeout-001     | safety   | expert | HTTP request timeout MUST NOT exceed 30 seconds   |
| httpclient-tls-cert-validation-001 | security | expert | HTTPS connections MUST validate server certificates |

"22 claims created in 45 minutes, with ZERO naming errors. All aligned with dbpool conventions."

Compare to manual:

  • Manual claim drafting: ~2 hours
  • Fixing naming inconsistencies: ~30 min
  • Total saved: 2.5 hours

Metrics Slide

Day 1 Results:

Metric Manual Baseline With Aphoria Improvement
Time 4 hours 1.5 hours 62.5% faster
Pattern Reuse 0 claims (start from scratch) 9 claims (41%) Knowledge compounding
Naming Errors 2-3 typical 0 100% consistency
Claims Created 22 22

Key Message: "Aphoria's flywheel works perfectly for research and claim authoring. Project 2 was 62% faster than Project 1."

Part 2: What We Built - Implementation (2 min)

Show code: src/config.rs

Scroll to violations:

// VIOLATION 1: Unbounded redirect limit
// @aphoria:claim[safety] Redirect limit MUST NOT exceed 10
pub max_redirects: Option<usize>,  // None (unbounded)

// VIOLATION 5: TLS verification disabled
// @aphoria:claim[security] TLS certificate validation MUST be enabled
pub verify_tls: bool,  // false

"We embedded 7 intentional violations with inline claim markers. All violations have:

  • Authority source (RFC, OWASP, Mozilla)
  • Consequence (what breaks)
  • Test coverage (validates fixes work)"

Show tests:

cargo test | grep violation

Output:

test violation_1_unbounded_redirects ... ok
test violation_2_excessive_request_timeout ... ok
test violation_5_tls_verification_disabled ... ok
... (15 tests passing)

"All violations confirmed in code. Production-safe alternative exists (ClientConfig::production())."

Part 3: What We Discovered - Critical Gap (5 min)

"Now here's where transparency matters. We hit a blocker on Day 3."

Demo: Gap Discovery

Terminal 4: Show extractor generation

cat .aphoria/config.toml | grep -A 10 "httpclient_request_timeout"

Output:

[[extractors.declarative]]
name = "httpclient_request_timeout_value"
description = "Extracts request_timeout Duration value"
languages = ["rust"]
pattern = 'request_timeout.*Duration::from_secs\((\d+)\)'

[extractors.declarative.claim]
subject = "request_timeout"
predicate = "seconds"
value_from_match = true
confidence = 1.0

"The /aphoria-custom-extractor-creator skill generated perfect extractors. Regex patterns are correct, concept paths aligned."

Terminal 5: Show they don't execute

aphoria verify run | grep request_timeout

Output:

MISSING  httpclient-request-timeout-001 | No matching observation found

"But they don't execute. Zero observations generated."

Terminal 6: Manual verification

grep -n "Duration::from_secs(120)" src/config.rs

Output:

123:            request_timeout: Duration::from_secs(120),

"The violation exists in code (120s vs 30s max). Our extractor should catch it. But it doesn't run."

Gap Analysis Slide

The Flywheel is 50% Proven, 50% Blocked:

✅ Research → Claims (WORKS - 62% time savings)
    ↓
❌ Claims → Extractors → Observations (BLOCKED - declarative extractors don't execute)
    ↓
❌ Observations → Conflicts (BLOCKED)
    ↓
❌ Conflicts → Fixes (BLOCKED)

Root Cause: Declarative extractors aren't loading/executing in the current build.

Impact:

  • Skills generate correct extractors
  • But can't make them run
  • Autonomous detection workflow blocked

Why This is Actually Good News

"This is exactly what dogfooding is for — finding gaps before pilots."

What we learned:

  1. Skills work perfectly - Pattern discovery and claim authoring deliver massive value
  2. Extractor generation works - Patterns are correct, concept paths aligned
  3. Execution gap identified - Declarative extractors need implementation work
  4. Timeline clear - Fix this before pilot, 1-2 days of work

Alternative: "We could have shipped this to a pilot customer and had them hit this wall. Instead, we found it ourselves and have a fix plan."

Part 4: Path Forward (2 min)

Fix Plan

Immediate (Pre-Pilot):

  1. Implement declarative extractor execution (1-2 days)

    • Load extractors from .aphoria/config.toml
    • Execute during scan
    • Generate observations
    • Impact: Unlocks autonomous detection

  2. Build inline marker extractor (2-3 days)

    • Detect @aphoria:claim in code comments
    • Auto-generate observations
    • Impact: Autonomous claim capture from development

  3. Complete Day 4 with programmatic extractors (1 day)

    • Prove full flywheel works end-to-end
    • Document programmatic extractor workflow
    • Impact: Validate autonomous remediation loop

Timeline: 1 week to fix + 1 day to re-validate = 2 weeks to pilot-ready state

What to Emphasize to Pilots

When talking to potential pilot customers:

DO emphasize:

  • "We've proven 62% time savings through pattern reuse"
  • "Cross-project learning works — knowledge compounds"
  • "Zero naming errors with skills-driven workflow"
  • "We're transparent about gaps and fixing them before your pilot"

DON'T say:

  • "Autonomous detection works" (it doesn't yet)
  • "Full flywheel is proven" (it's 50% proven)
  • "Ship-ready today" (needs 2 weeks of fixes)

DO say:

  • "We're fixing the detection gap we found in dogfooding"
  • "You'll get the full autonomous flywheel, not the partial one"
  • "Our 2-week fix timeline is transparent and achievable"

Closing (1 min)

Summary Slide

Aphoria Dogfooding Results:

Metric Result
Time savings (Day 1) 62.5% faster (1.5 hrs vs 4 hrs)
Pattern reuse 41% of claims (9/22)
Naming consistency 100% (0 errors)
Skills value Pattern discovery + claim authoring work perfectly
Detection gap ⚠️ Declarative extractors don't execute (fixable)
Timeline to pilot-ready 2 weeks (1 week fixes + 1 day re-validation)

"The flywheel is real. We proved it works for research and claims. Now we're fixing the detection gap before pilots."

Q&A Preparation

Likely Questions

Q: "Why didn't you catch this earlier?"

A: "This is exactly what dogfooding is for. We could have designed extractors on paper and thought they worked. By actually building a second project, we discovered the execution gap. Finding it now (before pilots) is success, not failure."

Q: "Can you ship without declarative extractors?"

A: "Yes, but with high friction. Users would write Rust code (programmatic extractors) instead of config files (declarative extractors). That's not autonomous. We want the full flywheel: skills generate extractors, extractors run automatically, violations detected, fixes suggested. That requires declarative extractors to work."

Q: "What if the fix takes longer than 2 weeks?"

A: "We have a fallback: programmatic extractors work today. We could ship with those and add declarative extractors later. But we believe 2 weeks is achievable for the declarative path, which is much better UX."

Q: "How confident are you the rest of the flywheel works?"

A: "Very confident. We've proven:

  • Pattern discovery works (62% time savings)
  • Cross-project learning works (41% reuse)
  • Claim authoring works (100% consistency)
  • Manual verification confirms violations exist

The only gap is declarative extractor execution. Once that works, observations will generate, conflicts will be detected, and the remediation loop will work."

Q: "What about LLM-driven extraction (Phase 7)?"

A: "That's future work. The current flywheel is:

  • Day 1: Research + claims (works perfectly, 62% savings)
  • Day 3: Detection via extractors (blocked, fixable)
  • Day 4: Remediation (blocked until Day 3 works)

Phase 7 LLM extraction will enhance Day 1 (extract claims from diffs). But we need to fix Day 3 first (detection). One step at a time."

Appendix: Backup Slides

Slide: Technical Architecture

Where the Gap Is:

Aphoria Architecture:
┌─────────────────────────────────────┐
│ 1. Scan (WORKS)                     │
│    - File walker ✅                 │
│    - Built-in extractors ✅         │
│    - Declarative extractors ❌       │
├─────────────────────────────────────┤
│ 2. Extract (PARTIAL)                │
│    - Built-in: 16 observations ✅   │
│    - Declarative: 0 observations ❌  │
├─────────────────────────────────────┤
│ 3. Conflict Detection (BLOCKED)     │
│    - Needs observations from step 2 │
├─────────────────────────────────────┤
│ 4. Report (WORKS for what exists)   │
│    - JSON/table/markdown output ✅  │
└─────────────────────────────────────┘

Slide: Comparison to Project 1

Metric Project 1 (dbpool) Project 2 (httpclient) Improvement
Day 1 Time 4 hours (manual) 1.5 hours (skills) 62.5% faster
Claims from Scratch 27 13 (22 total - 9 reused) 41% reuse
Naming Errors 2-3 0 100% consistency
Violations Embedded 8 7 Similar complexity
Detection Rate N/A (no comparison) 0/7 (gap) Blocked

Insight: Flywheel works for claim creation, blocked at detection.

Slide: Customer Value Proposition

For Engineering Leaders:

  • "62% faster onboarding for new projects through pattern reuse"
  • "100% naming consistency across projects (reduces rework)"
  • "Knowledge retained when senior devs leave (claims are documented)"

For Security Teams:

  • "Continuous compliance checking (once extractors work)"
  • "Policy enforcement in commit flow (autonomous)"
  • "Drift detection across projects (shared corpus)"

For Platform Teams:

  • "Convention adoption measurement (metrics on claim coverage)"
  • "Cross-team consistency (shared patterns)"
  • "Tech debt visibility (violations vs claims)"

End of Demo Script

Usage Notes

Before the demo:

  1. Have terminals pre-configured (avoid live typos)
  2. Pre-run commands once to verify output
  3. Have backup slides ready for Q&A
  4. Know your audience (engineering vs business)

During the demo:

  • Lead with success (Day 1 works great)
  • Be transparent about gaps (Day 3 blocker)
  • Show the fix plan (2 weeks to pilot-ready)
  • Emphasize dogfooding caught this early

After the demo:

  • Share DOGFOODING-REPORT.md for deep dive
  • Offer 1:1 technical walkthrough for engineers
  • Set expectations: 2 weeks before pilot-ready