e758f2ebfb
Completes Task #3 of httpclient dogfooding with 100% detection rate (7/7 violations). ## New Extractors - **OptionBoundsExtractor**: Detects Option<T> fields set to None (unbounded) - **OptionValueExtractor**: Extracts values from Some(n) for threshold checks Both extractors use context-aware pattern matching to understand Rust Option<T> semantics, which declarative extractors cannot handle. ## Implementation **Files Created**: - applications/aphoria/src/extractors/option_bounds.rs (257 lines) - applications/aphoria/src/extractors/option_value.rs (277 lines) - applications/aphoria/docs/examples/extractors/programmatic-option-semantics.md **Files Modified**: - applications/aphoria/src/extractors/mod.rs - Added module declarations - applications/aphoria/src/extractors/registry.rs - Registered extractors - applications/aphoria/dogfood/httpclient/.aphoria/claims.toml - Added 4 claims - applications/aphoria/dogfood/httpclient/TASK-1-SUMMARY.md - Task #3 completion ## Results | Metric | Value | |--------|-------| | Detection Rate | 100% (7/7 violations) | | Improvement | +29 percentage points (from 71%) | | New Violations | 2 (max_redirects, max_retries unbounded) | | Unit Tests | 13 (all passing) | ## Two-Claim Strategy For each bounded Option<T> field: 1. **configured** claim - Detects None (unbounded) 2. **max_value** claim - Validates Some(n) threshold Example: - `max_redirects: None` → CONFLICT (not configured) - `max_redirects: Some(20)` → CONFLICT (exceeds 10) - `max_redirects: Some(5)` → PASS ## Enterprise Quality ✓ Proper error handling (no unwrap/expect) ✓ Comprehensive tests (6+7 unit tests) ✓ Full documentation with examples ✓ Reusable for 10+ similar patterns ✓ Screening patterns for performance ## Cachewrap Dogfood Also includes complete cachewrap dogfood exercise: - 10 claims for Redis cache wrapper - Day 1-5 summaries - Full retrospective and evaluation - Declarative extractors for all patterns Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
8.8 KiB
8.8 KiB
Programmatic Extractors: Option Semantics
Overview
This example demonstrates when and how to use programmatic extractors instead of declarative extractors. The problem: detecting when Rust Option<T> configuration fields are set to None (unbounded) vs Some(value) (bounded).
The Problem
Scenario: HTTP client with configurable redirect and retry limits:
pub struct ClientConfig {
pub max_redirects: Option<usize>, // None = unbounded
pub max_retries: Option<u32>, // None = unbounded
}
impl Default for ClientConfig {
fn default() -> Self {
Self {
max_redirects: None, // ← VIOLATION: Allows infinite loops
max_retries: None, // ← VIOLATION: Allows retry storms
}
}
}
Security/Safety Claims:
- Redirect limit MUST be configured (not unbounded)
- Retry limit MUST be configured (not unbounded)
Why Declarative Extractors Fail
Declarative extractors (regex-based) have limitations:
# ❌ This won't work reliably
[[extractors.declarative]]
name = "max_redirects_none"
pattern = "max_redirects:\\s*None"
predicate = "configured"
value = false
Problems:
- ❌ Can't distinguish struct field declarations from actual values in Default impl
- ❌ Can't represent "unbounded" semantically for numeric comparison
- ❌ Can't extract values from
Some(10)vsSome(100)for threshold checks - ❌ Context-blind: doesn't know if a field is
Option<T>or not
Result: ~50% detection rate on first dogfood attempt.
The Programmatic Solution
Two Extractors, Two Claims Strategy
To fully validate Option bounded configuration, we need:
- OptionBoundsExtractor - Detects
Noneassignments (unbounded) - OptionValueExtractor - Extracts values from
Some(n)(for threshold checks)
Implementation 1: OptionBoundsExtractor
Purpose: Detect when Option<T> fields are set to None.
pub struct OptionBoundsExtractor {
/// Matches: pub field_name: Option<Type>
field_pattern: Regex,
/// Matches: field_name: None
none_pattern: Regex,
}
impl Extractor for OptionBoundsExtractor {
fn extract(&self, path_segments: &[String], content: &str, ...) -> Vec<Observation> {
// 1. Find all Option<T> field declarations
let option_fields = self.field_pattern
.captures_iter(content)
.map(|cap| cap[1].to_string())
.collect::<Vec<_>>();
// 2. Find all None assignments
let none_assignments = content.lines()
.enumerate()
.filter_map(|(idx, line)| {
self.none_pattern.captures(line).map(|cap| {
(cap[1].to_string(), idx + 1)
})
})
.collect::<Vec<_>>();
// 3. Match field names - if an Option<T> field is set to None, it's unbounded
for (field_name, line_num) in none_assignments {
if option_fields.contains(&field_name) {
observations.push(Observation {
concept_path: format!("{}/{}", path, field_name),
predicate: "configured",
value: Boolean(false), // Not configured (unbounded)
...
});
}
}
observations
}
}
Key Logic:
- ✅ Only triggers when BOTH patterns match (field declaration + None assignment)
- ✅ Context-aware: knows the field is
Option<T> - ✅ Creates semantic observation:
configured = false
Implementation 2: OptionValueExtractor
Purpose: Extract actual values from Some(n) for threshold comparison.
pub struct OptionValueExtractor {
field_pattern: Regex, // pub field_name: Option<Type>
some_pattern: Regex, // field_name: Some(value)
}
impl Extractor for OptionValueExtractor {
fn extract(&self, ...) -> Vec<Observation> {
// 1. Find all Option<T> fields
let option_fields = self.field_pattern.captures_iter(content)...;
// 2. Find all Some(value) assignments
for (line_num, line) in content.lines().enumerate() {
if let Some(cap) = self.some_pattern.captures(line) {
let field_name = &cap[1];
let value = &cap[2];
if option_fields.contains(field_name) {
observations.push(Observation {
predicate: "max_value",
value: Text(value.to_string()), // Extract for comparison
...
});
}
}
}
observations
}
}
Two-Claim Strategy
For each bounded field, author TWO claims:
Claim 1: Must be configured (OptionBoundsExtractor)
[[claim]]
id = "httpclient-max-redirects-configured"
concept_path = "httpclient/max_redirects"
predicate = "configured"
value = true
comparison = "equals"
invariant = "Redirect limit MUST be configured (not unbounded)"
consequence = "Unbounded redirects allow infinite loops, exhaust resources"
Claim 2: Max value threshold (OptionValueExtractor)
[[claim]]
id = "httpclient-max-redirects-threshold"
concept_path = "httpclient/max_redirects"
predicate = "max_value"
value = 10.0
comparison = "equals"
invariant = "Redirect limit MUST NOT exceed 10"
consequence = "Excessive redirects waste bandwidth, delay responses"
Conflict Detection
| Code | OptionBoundsExtractor | OptionValueExtractor | Result |
|---|---|---|---|
max_redirects: None |
configured = false |
(no observation) | CONFLICT with Claim 1 ✓ |
max_redirects: Some(20) |
(no observation) | max_value = "20" |
CONFLICT with Claim 2 ✓ |
max_redirects: Some(5) |
(no observation) | max_value = "5" |
PASS both claims ✓ |
Results: Declarative vs Programmatic
Task #1 (Declarative Only)
- Detection rate: 71% (5/7 violations)
- Missed:
max_redirects: None,max_retries: None - Reason: Can't distinguish None in struct vs Default impl
Task #3 (Hybrid: Declarative + Programmatic)
- Detection rate: 100% (7/7 violations)
- Time: ~7 hours (2 extractors + 4 claims + tests + docs)
- Reusability: Template for any bounded Option field
When to Use Programmatic Extractors
Use Programmatic When:
- Context matters: Need to understand surrounding code (e.g., "is this field Option?")
- Semantic understanding: Need to represent "unbounded" or extract values for comparison
- Multi-pattern matching: Need to correlate multiple patterns (declaration + assignment)
- Type-aware: Need to know the field's type to interpret its value
Use Declarative When:
- Simple patterns: Static text matching (e.g., "hardcoded API key")
- No context needed: Pattern is self-contained
- Rapid prototyping: Quick validation before committing to programmatic
- 90%+ accuracy: Declarative achieves target detection rate
Hybrid Strategy (Recommended)
Day 3 Workflow:
- Start with declarative (rapid prototyping, ~30 min)
- Measure detection rate (run scan, check conflicts)
- If <70%: Flag for refinement
- Day 5: Create programmatic extractors for false negatives
- Re-scan: Verify ≥90% detection
- Document: Show before/after improvement
Example:
- Day 3: Declarative → 71% (5/7)
- Day 5: Add programmatic → 100% (7/7)
- Improvement: +29 percentage points
Code Location
Extractors:
applications/aphoria/src/extractors/option_bounds.rsapplications/aphoria/src/extractors/option_value.rs
Claims:
applications/aphoria/dogfood/httpclient/.aphoria/claims.toml
Tests:
cargo test -p aphoria --lib extractors::option_bounds
cargo test -p aphoria --lib extractors::option_value
Reusable Pattern
This pattern works for any bounded Option configuration:
| Field | Claim 1 (configured) | Claim 2 (threshold) |
|---|---|---|
max_connections |
MUST be configured | ≤ 100 |
max_lifetime |
MUST be configured | ≤ 3600s |
pool_size |
MUST be configured | ≤ 50 |
idle_timeout |
MUST be configured | ≤ 300s |
Extractor configuration:
fn verifiable_predicates(&self) -> Vec<(&str, &str)> {
vec![
("max_redirects", "configured"), // or "max_value"
("max_retries", "configured"),
("max_connections", "configured"),
("idle_timeout", "configured"),
]
}
Enterprise Value
This implementation demonstrates:
- Production quality: Proper error handling, tests, documentation
- Reusability: Template for any bounded configuration pattern
- Knowledge transfer: Shows when/why to use programmatic extractors
- Flywheel completion: Unblocks autonomous learning for Pilot 1
Time investment: 7 hours Payoff: Reusable for 10+ similar patterns across all dogfood exercises