de8fb10f52
Some checks failed
lakehouse/auditor 4 blocking issues: todo!() macro call in tests/real-world/scrum_master_pipeline.ts
Phase 42 PRD (docs/CONTROL_PLANE_PRD.md:144): "truth/ dir at repo
root — rule files, versioned in git." Didn't exist. Landing both the
dir + its loader.
New files:
truth/
README.md — documents file format, rule shape,
composition model (file rules are
additive on top of in-code default_
truth_store), explicit non-goals
(no hot reload, no inheritance)
staffing.fill.toml — 2 staffing.fill rules:
endorsed-count-matches-target,
city-required (both Reject via
FieldEmpty)
staffing.any.toml — 1 staffing.any rule:
no-destructive-sql-in-context via
FieldContainsAny (parallel to the
queryd SQL gate we already ship)
crates/truth/src/loader.rs — load_from_dir(store, dir)
— 5 tests: happy path, duplicate-ID
rejection within files, duplicate-ID
rejection against in-code rules,
non-toml files skipped, missing-dir
error. Alphabetical file order for
reproducible error messages.
crates/truth/src/lib.rs — new pub fn all_rule_ids() helper on
TruthStore so the loader can detect
collisions without breaching the
private `rules` field.
crates/truth/Cargo.toml — adds `toml` workspace dep.
Composition model: file rules are ADDITIVE on top of what
default_truth_store() registers in code. Operators can tune
thresholds/needles/descriptions at the file layer without a code
deploy. Schema changes (new RuleCondition variants) still need a
code bump.
Integration hook (not in this commit, flagged for follow-up):
main.rs should call loader::load_from_dir(&mut store, "truth/")
after default_truth_store() so file-backed rules take effect on
gateway boot. Deliberately separate: this commit lands the
machinery; wiring it on happens when the team is ready to own
the rule file lifecycle.
Total: 37 truth tests green (was 32). Workspace warnings still 0.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
21 lines
798 B
TOML
21 lines
798 B
TOML
# Phase 42 — staffing.any task class rules (file-backed).
|
|
#
|
|
# Rules that apply across ALL staffing task classes (fill, rescue,
|
|
# sms_draft, etc). The router registers them once and evaluates them
|
|
# on every staffing.* call.
|
|
|
|
[[rule]]
|
|
id = "any.no-destructive-sql-in-context"
|
|
task_class = "staffing.any"
|
|
description = "Reject staffing calls whose SQL context contains destructive verbs"
|
|
action = { type = "Reject", message = "destructive SQL rejected by staffing.any gate" }
|
|
|
|
[rule.condition]
|
|
type = "FieldContainsAny"
|
|
field = "sql_context"
|
|
needles = ["drop table", "truncate", "delete from", "drop schema", "drop database"]
|
|
|
|
# Additional staffing.any rules (e.g. PII scrubbing, rate limits) can be
|
|
# layered here; see the in-code staffing_rules() for the pii-redact rule
|
|
# that ships by default.
|