chore: revert contract amend; restore upstream-pinned sha #636
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: "-D warnings" | |
| RUST_BACKTRACE: 1 | |
| RUST_MIN_STACK: 8388608 # 8 MiB — clap/serde-json deep recursion | |
| PROPTEST_CASES: 256 | |
| # Single, monolithic `gate` job. Branch protection on `main` requires this | |
| # check (see FALSIFY-CCPA-009). Failing any step fails the gate. | |
| jobs: | |
| gate: | |
| name: ci/gate | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # Full history needed by check-doc-drift.sh § #15 which scans | |
| # `git log origin/main` to enumerate merged docs(M<NN>): | |
| # commits — without this CI's depth-1 checkout misses M-ids | |
| # other than the most-recent merge (M116). | |
| fetch-depth: 0 | |
| - name: Install Rust toolchain (stable + llvm-tools-preview) | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: llvm-tools-preview, rustfmt, clippy | |
| - name: Cache cargo | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| cache-on-failure: true | |
| # cargo-binstall fetches prebuilt binaries when crates publish them, | |
| # falls back to `cargo install` only when none exist. Drops cold-cache | |
| # tool install from ~30 min (compile from source) to ~30 s. | |
| - name: Install cargo-binstall | |
| uses: cargo-bins/cargo-binstall@main | |
| - name: Install pmat / pv / cargo-llvm-cov (binstall) | |
| run: | | |
| cargo binstall --no-confirm --locked cargo-llvm-cov | |
| cargo binstall --no-confirm --locked pmat || cargo install --locked pmat | |
| cargo binstall --no-confirm --locked aprender-contracts-cli || cargo install --locked aprender-contracts-cli | |
| # ── FALSIFY-CCPA-012 — pv contract gate ── | |
| # `pv validate` is the dogfooded gate per CLAUDE.md § "DOGFOOD pv, | |
| # NEVER bash". Bash workarounds are forbidden. | |
| - name: pv validate (FALSIFY-CCPA-012) | |
| run: pv validate contracts/claude-code-parity-apr-v1.yaml | |
| # ── M6 deliverable — pv lint sweep ── | |
| # Cross-contract gates: enforcement level, composition, etc. | |
| - name: pv lint (M6 deliverable) | |
| run: pv lint contracts/ | |
| # ── FALSIFY-CCPA-012 (b) — pin freshness ── | |
| # Bytes-only integrity check — NOT a re-implementation of pv. | |
| - name: pin-check (FALSIFY-CCPA-012) | |
| run: bash scripts/pin-check.sh contracts/pin.lock | |
| # ── FALSIFY-CCPA-012 (c) — companion ↔ aprender round-trip (M22) ── | |
| # Closes the M21 drift class: refuses companion-side contract bumps | |
| # whose bytes don't byte-match the aprender-side at the pinned | |
| # commit. Requires `contents:read` on paiml/aprender — the default | |
| # GITHUB_TOKEN is sufficient if aprender is in the same org or | |
| # public; otherwise the workflow needs an explicit token override. | |
| - name: pin-check-roundtrip (M22 — companion ↔ aprender drift guard) | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: bash scripts/pin-check-roundtrip.sh contracts/pin.lock | |
| # ── M22 step 4 — human-readable roll-up drift guard (M38) ── | |
| # Asserts spec header / status snapshot / README / CONTRIBUTING | |
| # M-counts all match the sub-milestones table tail, plus stated | |
| # gate count matches FALSIFY-CCPA-NNN row marker count. Codifies | |
| # the drift class M22 step 4 added on 2026-05-01 ("These are NOT | |
| # mechanically guarded by pin-check; a kaizen sweep is the | |
| # backstop"). M37 alone produced 6 drift-fix commits this catches. | |
| - name: check-doc-drift (M22 step 4 — kaizen backstop) | |
| run: bash scripts/check-doc-drift.sh | |
| # ── M46 — meta-test for the drift detector itself ── | |
| # Verifies every drift class in check-doc-drift.sh is correctly | |
| # caught by deliberately corrupting each, asserting the detector | |
| # exits 1 with the expected message, then restoring. Catches the | |
| # silent-regression class where a refactor breaks an assert. | |
| - name: test-doc-drift (M46 — drift-detector self-test) | |
| run: bash scripts/test-doc-drift.sh | |
| # ── Build + lint ── | |
| - name: cargo fmt --check | |
| run: cargo fmt --all -- --check | |
| - name: cargo clippy --all-targets | |
| run: cargo clippy --workspace --all-targets --all-features -- -D warnings | |
| - name: cargo build | |
| run: cargo build --workspace --all-features | |
| - name: cargo test | |
| run: cargo test --workspace --all-features | |
| # ── FALSIFY-CCPA-011 — coverage gate ── | |
| # cargo-tarpaulin is forbidden per CLAUDE.md § "Prohibited Tools". | |
| # Contract v0.4.0 § FALSIFY-CCPA-011: >=99% function AND >=99% line | |
| # coverage. Both have a 1% slack to absorb the llvm-cov reporting | |
| # artifact for generic monomorphizations — inner-closure mangled | |
| # instantiations created from outside the source unit (e.g. from | |
| # `bin/ccpa-arena-bench.rs` via `SubprocessDriver::new<String>`) | |
| # count as separate uncovered "functions" even when the source-side | |
| # function is fully exercised by tests. The 1% slack treats this | |
| # as a tooling artifact rather than uncovered behavior. | |
| # `--ignore-filename-regex '/bin/'` excludes operator-dispatch CLI | |
| # binaries (e.g. ccpa-arena-bench, ccpa-trace-subproc) whose runtime | |
| # path is a thin Cli::parse + delegate-to-library wrapper covered | |
| # end-to-end by the outer bash dispatcher scripts, not by unit tests. | |
| # | |
| # `ccpa-arena/src/(dispatch|session|subprocess_driver).rs` excluded | |
| # for the same reason: these are the multi-turn Arena bench harness | |
| # files that orchestrate apr code / claude code subprocesses across | |
| # many turns. They are exercised end-to-end by the operator-dispatched | |
| # Arena fixture runs (companion-repo M182-M230 corpus), not by unit | |
| # tests. Their internal control flow (spawn / wait / read / kill / | |
| # recover) is interaction-bound with the OS, not amenable to | |
| # deterministic unit testing. | |
| # Mirrors Makefile § cov. | |
| - name: function + line coverage gate (FALSIFY-CCPA-011) | |
| run: | | |
| cargo llvm-cov --workspace --all-features \ | |
| --ignore-filename-regex '/bin/|ccpa-arena/src/(dispatch|session|subprocess_driver)\.rs' \ | |
| --fail-under-functions 99 \ | |
| --fail-under-lines 99 | |
| # ── FALSIFY-CCPA-013 runtime evidence — bidirectional sensitivity test ── | |
| # Canonical corpus MUST pass; regression corpus MUST fail. | |
| # If regression somehow passes the meter is broken (false negatives). | |
| - name: install ccpa CLI (binary needed for next steps) | |
| run: cargo install --path crates/ccpa-cli --locked | |
| - name: canonical corpus PASSES (FALSIFY-CCPA-013 runtime evidence) | |
| run: ccpa corpus fixtures/canonical/ | |
| - name: regression corpus FAILS (meter sensitivity bidirectional) | |
| run: | | |
| set +e | |
| ccpa corpus fixtures/regression/ | |
| code=$? | |
| set -e | |
| if [ "$code" -eq 0 ]; then | |
| echo "ERROR: regression corpus passed — meter NOT detecting drift!" | |
| exit 1 | |
| fi | |
| echo "OK: regression corpus correctly exited $code (drift detected)" | |
| # ── FALSIFY-CCPA-007 — corpus_coverage HARD-BLOCKING (M16) ── | |
| # Reachable rows = SHIPPED+PARTIAL apr-code-parity-v1 rows MINUS | |
| # the contract-declared OOS list. As of M15 contract v1.3.0, | |
| # OOS at trace boundary = {keyboard-shortcuts, status-line}. | |
| # See contract status_history M15 § remaining_uncovered_classification. | |
| # CI requires we sync the parity-matrix yaml from a known | |
| # aprender commit; a fork checkout would diverge. | |
| - name: checkout aprender for canonical apr-code-parity-v1.yaml | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: paiml/aprender | |
| ref: main | |
| path: aprender-upstream | |
| sparse-checkout: | | |
| contracts/apr-code-parity-v1.yaml | |
| - name: corpus_coverage hard-blocking gate (FALSIFY-CCPA-007) | |
| run: | | |
| ccpa coverage \ | |
| --apr-code-parity-yaml aprender-upstream/contracts/apr-code-parity-v1.yaml \ | |
| --fixtures-dir fixtures/canonical/ \ | |
| --oos-rows keyboard-shortcuts,status-line | |
| # ── FALSIFY-CCPA-010 — pmat comply (is_compliant=true, no Fail-status checks) ── | |
| # `--strict` exits 2 on ANY Warn-status check (incl. advisory ones like | |
| # "Bronze reproducibility" or "missing memory profiler"). The contract's | |
| # gate is `is_compliant=true` — i.e. zero Fail-status checks. Warnings | |
| # are advisory and tracked separately in the contract's status_history. | |
| - name: pmat comply check (FALSIFY-CCPA-010) | |
| run: | | |
| pmat comply check --format json > comply.json | |
| jq -e '.is_compliant == true and ([.checks[] | select(.status == "Fail")] | length == 0)' comply.json | |
| warns=$(jq '[.checks[] | select(.status == "Warn")] | length' comply.json) | |
| echo "is_compliant=true, 0 Fails, ${warns} advisory Warns (tracked, not gating)" | |
| # ── FALSIFY-CCPA-009 ── | |
| # Enforced by GitHub branch protection, NOT by this job. After this | |
| # job lands on main once, follow scripts/install-branch-protection.sh | |
| # to require `ci/gate` as a status check on main. | |
| - name: Note FALSIFY-CCPA-009 | |
| run: | | |
| echo "FALSIFY-CCPA-009 (ci_main_branch_green) is asserted by" | |
| echo "GitHub branch protection — see scripts/install-branch-protection.sh" |