GATE-004: Enable Namespace Deduplication Check (BLOCKING) (#81)

* Initial plan

* Enable GATE-004: Namespace Deduplication Check

- Updated CI workflow to enable GATE-004 (changed continue-on-error from true to false)
- Updated CI governance gates index to mark GATE-004 as Active
- Script check_ata99_registry.py already fully implemented
- Database schema already in place (plc_ontology_schema.sql)
- Tested locally: script runs successfully and checks for duplicate namespace IDs

Co-authored-by: AmedeoPelliccia <164860269+AmedeoPelliccia@users.noreply.github.com>

* Fix GATE-004 duplicate detection logic

- Fixed namespace ID pattern regex (removed line anchors ^ and $)
- Fixed duplicate detection to check scanned entries before registration
- Fixed report generation to use tracked conflicts
- Fixed output display to show conflicts from report
- Tested with duplicate and non-duplicate scenarios
- Exit code 0 for pass, 1 for fail with duplicates

Co-authored-by: AmedeoPelliccia <164860269+AmedeoPelliccia@users.noreply.github.com>

* Address code review feedback for GATE-004

- Removed duplicate conflict tracking (use only checker.conflicts)
- Record all conflict pairs for 3+ duplicates (not just first two)
- Improved finding message to include occurrence count
- Tested with 3-way duplicate scenario

Co-authored-by: AmedeoPelliccia <164860269+AmedeoPelliccia@users.noreply.github.com>

* Fix conflict pair recording and validation consistency

- Record all unique pairs for N duplicates (N*(N-1)/2 pairs)
  Previously: 3 duplicates → 2 pairs (A-B, B-C)
  Now: 3 duplicates → 3 pairs (A-B, A-C, B-C)
- Changed validation from re.match() to re.search() for consistency
  Both scanning and validation now use same matching behavior

Addresses feedback in PR review comment #2674204672 and #2674204685

Co-authored-by: AmedeoPelliccia <164860269+AmedeoPelliccia@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: AmedeoPelliccia <164860269+AmedeoPelliccia@users.noreply.github.com>

Author: Copilot

.github/workflows/governance-gates.yml

@@ -189,17 +189,13 @@ The CSV should include the following columns:
           exit $EXIT_CODE
         continue-on-error: false
 
-      # GATE-004: Namespace Deduplication Check (BLOCKING - when script exists)
+      # GATE-004: Namespace Deduplication Check (BLOCKING)
       - name: GATE-004 - Namespace Deduplication Check
         id: namespace_dedup
         run: |
           echo "🔍 Checking for duplicate namespace IDs..."
-          if [ -f "scripts/check_ata99_registry.py" ]; then
-            python scripts/check_ata99_registry.py --deduplicate
-          else
-            echo "⚠️  Script not yet implemented (planned)"
-          fi
-        continue-on-error: true
+          python scripts/check_ata99_registry.py --deduplicate
+        continue-on-error: false
 
       # GATE-006: Detect Governance Changes (LABELING)
       - name: GATE-006 - Detect Governance Changes
@@ -319,7 +315,7 @@ This PR modifies governance-impacting files and requires **CM WG approval** befo
           echo "| GATE-002 | ${{ steps.schema_registration.outcome == 'success' && '✅ PASS' || '❌ FAIL' }} | Schema Registration Check |"
           echo "| GATE-003 | ${{ steps.trace_integrity.outcome == 'success' && (steps.trace_integrity.outputs.broken_count > 0 && '⚠️ PASS (warnings)' || '✅ PASS') || '❌ FAIL' }} | Trace Link Integrity (${{ steps.trace_integrity.outputs.broken_count || 0 }} links to planned content) |"
           echo "| GATE-LINK-001 | ${{ steps.link_integrity.outcome == 'success' && '✅ PASS' || '❌ FAIL' }} | Internal Link Integrity (mode: ${{ steps.link_integrity.outputs.link_mode }}) |"
-          echo "| GATE-004 | ⏭️ PLANNED | Namespace Deduplication |"
+          echo "| GATE-004 | ${{ steps.namespace_dedup.outcome == 'success' && '✅ PASS' || '❌ FAIL' }} | Namespace Deduplication |"
           echo "| GATE-006 | ${{ steps.governance_changes.outputs.governance_change == 'true' && '⚠️ REVIEW' || '✅ PASS' }} | Governance Change Detection |"
           echo "| GATE-007 | ⏭️ PLANNED | Breaking Schema Detection |"
           echo "| GATE-008 | ⏭️ PLANNED | Evidence Link Validation |"

00_AMPEL360_SPACET_Q10_GEN_PLUS_BB_GEN_LC01_K05_DATA__ci-governance-gates_IDX_I01-R01_ACTIVE.md

@@ -28,7 +28,7 @@ This index catalogs all **CI/CD governance gates** implemented to enforce nomenc
 | **GATE-001** | Nomenclature Validation | `validate_nomenclature.py` | BLOCKING | Active | Validates all files against v3.0 standard |
 | **GATE-002** | Schema Registration Check | `scripts/validate_schema_registry.py` | BLOCKING | Active | Verifies schema refs exist in ATA 91 |
 | **GATE-003** | Trace Link Integrity | `scripts/validate_trace_links.py --skip-templates` | WARNING (during PORTAL build-out) | Active | Validates trace link targets exist, skips template placeholders and planned structure. Currently allows ~490 links to planned content. |
-| **GATE-004** | Namespace Deduplication | `scripts/check_ata99_registry.py` | BLOCKING | Planned | Prevents duplicate IDs across namespaces |
+| **GATE-004** | Namespace Deduplication | `scripts/check_ata99_registry.py` | BLOCKING | Active | Prevents duplicate IDs across namespaces |
 | **GATE-005** | Identifier Grammar Check | `scripts/validate_identifiers.py` | BLOCKING | Planned | Validates canonical ID format |
 
 ### Category B: Pull Request Review Gates
@@ -71,8 +71,8 @@ This index catalogs all **CI/CD governance gates** implemented to enforce nomenc
 
 ### By Status
 
-- **Active (implemented):** GATE-001, GATE-002, GATE-003, GATE-006, GATE-009, GATE-010
-- **Planned (to be implemented):** GATE-004, GATE-005, GATE-007, GATE-008, GATE-011, GATE-012, GATE-013, GATE-014, GATE-015, GATE-016, GATE-017, GATE-018
+- **Active (implemented):** GATE-001, GATE-002, GATE-003, GATE-004, GATE-006, GATE-009, GATE-010
+- **Planned (to be implemented):** GATE-005, GATE-007, GATE-008, GATE-011, GATE-012, GATE-013, GATE-014, GATE-015, GATE-016, GATE-017, GATE-018
 
 ### By Responsible Team
 
@@ -90,7 +90,7 @@ This index catalogs all **CI/CD governance gates** implemented to enforce nomenc
 | GATE-001 | Nomenclature Standard v3.0 | `.github/workflows/nomenclature-validation.yml` | `validate_nomenclature.py` |
 | GATE-002 | Governance Reference Policy §4.2 | `.github/workflows/governance-gates.yml` | ATA 91 schema registry |
 | GATE-003 | Governance Reference Policy §5.3 | `.github/workflows/governance-gates.yml` | `scripts/validate_trace_links.py`, `docs/GATE-003-TRACE-LINK-VALIDATION.md` |
-| GATE-004 | Identifier Grammar §4.5.2 | Planned: `.github/workflows/governance-gates.yml` | ATA 99 namespace registry |
+| GATE-004 | Identifier Grammar §4.5.2 | `.github/workflows/governance-gates.yml` | ATA 99 namespace registry, `scripts/check_ata99_registry.py` |
 | GATE-005 | Identifier Grammar §4.1 | Planned: `.github/workflows/governance-gates.yml` | None |
 | GATE-006 | Governance Reference Policy §6.3 | `.github/workflows/governance-gates.yml` | CM WG approval list |
 | GATE-007 | Governance Reference Policy §4.3 | Planned: `.github/workflows/governance-gates.yml` | ATA 91 schema versioning |
@@ -447,9 +447,9 @@ jobs:
 
 ### Implementation Priority
 
-**Phase 1 (Immediate - Complete):** GATE-001, GATE-002, GATE-003, GATE-006, GATE-009, GATE-010 (active)
+**Phase 1 (Immediate - Complete):** GATE-001, GATE-002, GATE-003, GATE-004, GATE-006, GATE-009, GATE-010 (active)
 
-**Phase 2 (Q1 2026):** GATE-004, GATE-005 (critical for governance enforcement)
+**Phase 2 (Q1 2026):** GATE-005 (critical for governance enforcement)
 
 **Phase 3 (Q2 2026):** GATE-007, GATE-008, GATE-015, GATE-016, GATE-017 (audit and staleness detection)
 

scripts/check_ata99_registry.py

@@ -61,10 +61,10 @@ class ATA99RegistryChecker:
 
     # Namespace ID patterns for validation
     NAMESPACE_PATTERNS = {
-        'ata99_namespace': r'^NS-ATA99-[A-Z0-9-]+$',
-        'schema_namespace': r'^NS-SCH-[A-Z0-9-]+$',
-        'trace_namespace': r'^NS-TR-[A-Z0-9-]+$',
-        'identifier_namespace': r'^NS-ID-[A-Z0-9-]+$',
+        'ata99_namespace': r'NS-ATA99-[A-Z0-9-]+',
+        'schema_namespace': r'NS-SCH-[A-Z0-9-]+',
+        'trace_namespace': r'NS-TR-[A-Z0-9-]+',
+        'identifier_namespace': r'NS-ID-[A-Z0-9-]+',
     }
 
     def __init__(self, db_path: str = "plc_ontology.db"):
@@ -195,7 +195,7 @@ def validate_namespace_id_format(self, namespace_id: str) -> Tuple[bool, Optiona
             (is_valid, error_message)
         """
         for ns_type, pattern in self.NAMESPACE_PATTERNS.items():
-            if re.match(pattern, namespace_id):
+            if re.search(pattern, namespace_id):
                 return (True, None)
 
         return (False, f"Namespace ID '{namespace_id}' does not match any known pattern")
@@ -213,12 +213,17 @@ def _compute_file_hash(self, file_path: Path) -> str:
 
     def generate_report(self) -> Dict[str, Any]:
         """Generate deduplication report."""
-        duplicates = self.db.check_namespace_duplicates()
-        
         report = {
-            'total_duplicates': len(duplicates),
+            'total_duplicates': len(self.conflicts),
             'conflicts': self.conflicts,
-            'duplicates_detail': duplicates
+            'duplicates_detail': [
+                {
+                    'namespace_id': c['namespace_id'],
+                    'count': c['count'],
+                    'paths': ', '.join(c['paths'])
+                }
+                for c in self.conflicts
+            ]
         }
 
         return report
@@ -248,41 +253,66 @@ def run_gate_004(db_path: str = "plc_ontology.db", directory: Path = Path('.'))
         (passed, report)
     """
     import time
+    from collections import defaultdict
     start_time = time.time()
 
     checker = ATA99RegistryChecker(db_path)
 
     # Scan and register namespaces
     entries = checker.scan_repository(directory)
+    
+    # Check for duplicates in scanned entries BEFORE registering
+    namespace_to_paths = defaultdict(list)
+    for entry in entries:
+        namespace_to_paths[entry.namespace_id].append(entry.artifact_path)
+    
+    for namespace_id, paths in namespace_to_paths.items():
+        if len(paths) > 1:
+            # Record all unique conflict pairs in the database
+            # For N duplicates, record all N*(N-1)/2 unique pairs
+            for i in range(len(paths)):
+                for j in range(i + 1, len(paths)):
+                    checker.db.record_namespace_conflict(
+                        namespace_id=namespace_id,
+                        artifact_path_1=paths[i],
+                        artifact_path_2=paths[j],
+                        conflict_type='DUPLICATE_ID'
+                    )
+            
+            # Add to checker's conflict list (used for reporting)
+            checker.conflicts.append({
+                'namespace_id': namespace_id,
+                'count': len(paths),
+                'paths': paths
+            })
+    
+    # Register namespaces (INSERT OR REPLACE will update existing ones)
     if entries:
         checker.register_namespaces(entries)
 
-    # Check for duplicates
-    conflicts = checker.check_duplicates()
-    
     # Generate report
     report = checker.generate_report()
 
     execution_time_ms = int((time.time() - start_time) * 1000)
 
     # Record gate run in database
-    passed = len(conflicts) == 0
+    passed = len(checker.conflicts) == 0
     run_id = checker.db.record_gate_run(
         gate_code='GATE-004',
         passed=passed,
-        error_count=len(conflicts),
+        error_count=len(checker.conflicts),
         warning_count=0,
         execution_time_ms=execution_time_ms,
         metadata=report
     )
 
     # Record findings
-    for conflict in conflicts:
+    for conflict in checker.conflicts:
         checker.db.record_gate_finding(
             run_id=run_id,
             gate_code='GATE-004',
             severity='ERROR',
-            message=f"Duplicate namespace ID: {conflict['namespace_id']}",
+            message=f"Duplicate namespace ID: {conflict['namespace_id']} ({conflict['count']} occurrences)",
             finding_code='NAMESPACE_DUPLICATE',
             details=conflict
         )
@@ -388,7 +418,20 @@ def main():
             if args.json:
                 print(json.dumps(report, indent=2))
             else:
-                checker.print_conflicts()
+                # Print conflicts from report
+                conflicts = report.get('conflicts', [])
+                if not conflicts:
+                    print("\n✅ No namespace conflicts detected")
+                else:
+                    print(f"\n❌ Found {len(conflicts)} namespace conflict(s):\n")
+                    
+                    for conflict in conflicts:
+                        print(f"Namespace ID: {conflict['namespace_id']}")
+                        print(f"  Occurrences: {conflict['count']}")
+                        print(f"  Conflicting files:")
+                        for path in conflict['paths']:
+                            print(f"    - {path}")
+                        print()
 
                 print(f"\n{'═'*70}")
                 print(f"GATE-004: Namespace Deduplication Check")