91edd43164
Adapts docs/SCRUM.md framework (originally written for the matrix-agent-validated repo) to the Go rewrite. Five deliverables: golang-lakehouse-scrum-test.md top-line + scoring + verdict risk-register.md 12 findings, R-001..R-012 claim-coverage-table.md claim/test/risk for Sprint 2 sprint-backlog.md 5 sprints, ~2 weeks of work acceptance-gates.md DoD as runnable commands Every claim cites file:line, command output, or "missing evidence." Smoke chain ran clean (33s wall, all 9 PASS) and is captured in reports/scrum/_evidence/smoke_chain.log (gitignored — runtime artifact). Scoring: Reproducibility 7/10 9 smokes deterministic, no just/CI gate Test Coverage 6/10 internal/ packages tested, 6/7 cmd/ aren't Trust Boundary 7/10 escapes ok, zero auth, /sql is RCE-eq off-loopback Memory Correctness 3/10 pathway/playbook/observer not yet ported Deployment Readiness 4/10 no REPLICATION, no env template, no systemd Maintainability 8/10 no god-files, 7 lean binaries, ADRs current Top three risks: R-001 HIGH queryd /sql + DuckDB + non-loopback bind = RCE-equivalent R-002 HIGH internal/shared (server.go + config.go) zero tests R-003 HIGH internal/storeclient zero tests, used by 2 services R-004 MED 9-smoke chain green but not gated (no justfile/hook) The audit is the work; refactors come after. Sprint 0 owns coverage + CI gating; Sprint 1 owns trust-boundary decisions; Sprints 2-3 are mostly design-bar work for unbuilt agent components. .gitignore exception: /reports/* + !/reports/scrum/ keeps reports/ a runtime-artifact directory while exposing reports/scrum/ as tracked documentation. Mirrors the pattern future audit passes will land in. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
51 lines
1013 B
Plaintext
51 lines
1013 B
Plaintext
# Go
|
|
*.exe
|
|
*.exe~
|
|
*.dll
|
|
*.so
|
|
*.dylib
|
|
*.test
|
|
*.out
|
|
go.work
|
|
go.work.sum
|
|
vendor/
|
|
|
|
# Build artifacts
|
|
/bin/
|
|
/dist/
|
|
|
|
# Editor / OS
|
|
.DS_Store
|
|
.idea/
|
|
.vscode/
|
|
*.swp
|
|
*~
|
|
|
|
# Local data — these directories follow the Rust lakehouse pattern;
|
|
# regenerated by services on demand. Do not commit runtime artifacts.
|
|
/data/_auditor/
|
|
/data/_kb/
|
|
/data/_pathway_memory/
|
|
/data/_errors/
|
|
/data/_imagecache/
|
|
/data/datasets/
|
|
/data/vectors/
|
|
/data/headshots/
|
|
/data/lance/
|
|
/exports/
|
|
/logs/
|
|
# /reports/ holds runtime artifacts by default (matches Rust lakehouse
|
|
# convention) — but reports/scrum/ is intentional audit documentation.
|
|
# Use /reports/* + un-ignore so git can traverse into reports/.
|
|
/reports/*
|
|
!/reports/scrum/
|
|
# Inside the audit directory, the per-run _evidence/ dump (smoke logs,
|
|
# command output) IS runtime — track the dir, ignore its contents.
|
|
/reports/scrum/_evidence/*
|
|
!/reports/scrum/_evidence/.gitkeep
|
|
|
|
# Secrets — never commit. Resolved via SecretsProvider per ADR-001 §1.x.
|
|
*.env
|
|
secrets.toml
|
|
secrets-go.toml
|