Skip to content

FEAT-050 (v3.0): tool-qualification dossier (DO-330 TQL-5 / ISO 26262-8 §11)#89

Merged
avrabe merged 2 commits into
mainfrom
feat-050-qual-dossier
Jul 1, 2026
Merged

FEAT-050 (v3.0): tool-qualification dossier (DO-330 TQL-5 / ISO 26262-8 §11)#89
avrabe merged 2 commits into
mainfrom
feat-050-qual-dossier

Conversation

@avrabe

@avrabe avrabe commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

The G-005 capstone (CA-011). docs/qualification-dossier-v1.md maps every
DO-330 TQL-5 objective and every ISO 26262-8:2018 §11 (TCL) objective to a
concrete scry artifact — a mechanized proof, a runnable test, a CI gate, or an
explicit scope statement.

Honesty-first (the roadmap audit's mandate)

  • §4 mechanized inventory names all 17 admit-free Rocq proofs + the semantic
    Verus join proof, each re-checked by bazel test in CI. Evidence that is
    test-/γ-sweep-validated but not machine-proven (MC/DC, the value-level
    transfers, float rounding) is labelled as such — never as mechanized.
  • §5 scope/limitation is fed by the FEAT-040 gap report (the per-artifact
    conservative-site oracle) + each domain's known precision limits.
  • §6 honesty notes record the deltas: REQ-002 is now literally true for
    i32.add (WrapAdd.v) but not tool-wide; float rounding is γ-sweep not
    Rocq; the Verus join proof's false-then-repaired history is recorded.
  • §7 ISO 26262-8 derives TCL1 (TI2 × TD1) with the proof + MC/DC +
    per-release falsification-statement argument for TD1.

Depends on the substance (FEAT-045/046/048) having shipped — it has. Doc +
roadmap status only; rivet validate PASS.

🤖 Generated with Claude Code

avrabe and others added 2 commits July 1, 2026 08:27
…-8 §11)

The G-005 capstone (CA-011). docs/qualification-dossier-v1.md maps every
DO-330 TQL-5 objective and every ISO 26262-8 §11 (TCL) objective to a concrete
scry artifact — a mechanized proof, a runnable test, a CI gate, or an explicit
scope statement.

Honesty-first (the roadmap audit's mandate):
- The mechanized-soundness inventory (§4) names all 17 admit-free Rocq proofs +
  the semantic Verus join proof, each re-checked by bazel test in CI. Evidence
  that is test-/γ-sweep-validated but NOT machine-proven (MC/DC, the value-level
  transfers, float rounding) is labelled as such, never as mechanized.
- The scope/limitation statement (§5) is fed by the FEAT-040 gap report (the
  per-artifact conservative-site oracle) plus the known precision limits of each
  domain.
- §6 honesty notes record the deltas: REQ-002 is now literally true for i32.add
  (WrapAdd.v) but NOT tool-wide; float rounding is γ-sweep not Rocq; the Verus
  join proof's false-then-repaired history is recorded, not hidden.
- ISO 26262-8: derives TCL1 (TI2 × TD1) with the proof + MC/DC + per-release
  falsification-statement argument for TD1.

Depends on the substance having landed (FEAT-045/046/048 shipped). Doc +
roadmap status only; rivet validate PASS.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
An adversarial overclaim-audit of the dossier flagged (core §4 proof basis
verified honest):
- 'Rocq 9.0.1' -> 'Rocq 9.0' (MODULE.bazel pins 9.0, not 9.0.1).
- 'sigil-signed release artifacts' -> cosign (sigstore keyless OIDC) + SLSA-v1
  build-provenance attestation (release.yml actually uses cosign, not sigil).
- 'rivet coverage (CI gate)' -> rivet coverage is an assessor-run entry point
  (§8), NOT wired into CI; only rivet validate is a gate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

📐 rivet artifact delta

PR: #89 Base SHA: 13091c6c

Validation

head — `rivet validate` result
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-7 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-8 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-9 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SYS-1 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-2 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-3 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-4 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-5 (system-req, status: accepted) — missing: sys-integration-verification
  → run `rivet validate --explain SR-1` to see which link type and source types satisfy a gap

Result: PASS (80 warnings)
Schemas: common@0.3.0 (embedded), dev@0.2.0 (embedded), research@0.1.0 (embedded), research-ext@0.1.0 (on-disk), safety-case@0.1.0 (embedded), aspice@0.2.0 (embedded)
base — `rivet validate` result (for comparison)
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-7 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-8 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-9 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SYS-1 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-2 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-3 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-4 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-5 (system-req, status: accepted) — missing: sys-integration-verification
  → run `rivet validate --explain SR-1` to see which link type and source types satisfy a gap

Result: PASS (80 warnings)
Schemas: common@0.3.0 (embedded), dev@0.2.0 (embedded), research@0.1.0 (embedded), research-ext@0.1.0 (on-disk), safety-case@0.1.0 (embedded), aspice@0.2.0 (embedded)

Artifact stats

base head
Total artifacts 203 203
full stats — head
Artifact summary:
  academic-reference               24
  competitive-analysis             11
  design-decision                  17
  feature                          58
  market-finding                    7
  requirement                      17
  safety-context                    3
  safety-goal                       5
  safety-justification              3
  safety-solution                   6
  safety-strategy                   1
  stakeholder-req                   3
  sw-req                           13
  sw-verification                  13
  sys-verification                  5
  system-req                        5
  technology-evaluation            12
  TOTAL                           203

Orphan artifacts (no links): 11
  CA-001
  CA-002
  CA-003
  CA-004
  CA-005
  CA-006
  CA-007
  CA-008
  CA-009
  CA-010
  CA-011

Diagnostics: 0 error(s), 80 warning(s), 16 info(s)

Diff (base → head)

~ FEAT-050
  status: - proposed -> + accepted

0 added, 0 removed, 1 modified, 202 unchanged

AADL model — head

spar/scry.aadl: OK

Posted by the rivet-delta workflow. Informational only — does not gate the PR.

@avrabe avrabe merged commit 2adc566 into main Jul 1, 2026
10 checks passed
@avrabe avrabe deleted the feat-050-qual-dossier branch July 1, 2026 07:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant