feat(trace-topology): IdentityUnknown reconciliation check (v0.11.0)#239
Open
avrabe wants to merge 1 commit into
Open
feat(trace-topology): IdentityUnknown reconciliation check (v0.11.0)#239avrabe wants to merge 1 commit into
avrabe wants to merge 1 commit into
Conversation
Rivet verification gate✅ 20/20 passed
Filter: Failed artifacts(none) Updated automatically by |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
First of the five v1 deterministic checks (design §4.1). Adds the `engine` module with `DeclaredModel` — the declared-identity index built by walking an instantiated AADL SystemInstance — and `check_identity_unknown`, which flags any unicast MAC observed in a PCAPNG capture, or any LLDP neighbor chassis-id, that no AADL Spar_Identity property declares. Group-addressed (multicast / broadcast) MACs are exempt — they reconcile against Multicast_Group, a connection-borne surface. Findings are deterministic: PCAPNG findings then LLDP findings, each ascending, each distinct identity once. Connection-borne identities (Stream_Handle, Multicast_Group, VLAN_ID) and the other four checks are deferred to sibling v0.11.0 commits; they need the connection-property surface this module does not yet reach. 11 unit tests + 3 instantiated-AADL integration tests. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
avrabe
force-pushed
the
feat/v0.11.0-reconciler-identity-unknown
branch
from
7185ee6 to
d2aff49
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
First of the five v1 deterministic checks — the start of the v0.11.0
reconciliation engine (design
docs/designs/v0.10.0-trace-topology.md§4.1; contract
docs/contracts/spar-trace-topology-v1.md).enginemodule:DeclaredModel— the declared-identity index, built once by walkingan instantiated AADL
SystemInstanceand reading every component'sSpar_Identity::MAC_Address/LLDP_Chassis_Id.check_identity_unknown— flags any unicast MAC observed in a PCAPNGcapture, or any LLDP neighbor chassis-id, that no AADL component
declares. Emits
ReconcileFinding::IdentityUnknown.parse_mac/ReconcileError— the MAC-normalisation primitive andthe engine's input-failure error type (CLI exit code 2).
reconciled against
Multicast_Group, a connection-borne surface, notMAC_Address. Without this filter every capture would flood findingsfor LLDP / gPTP / broadcast protocol traffic.
each ascending, each distinct identity reported once — finding order
is a pure function of input content.
Deliberately deferred (documented in the module + commit)
Stream_Handle,Multicast_Group,VLAN_ID) — declared on AADL connections, not components, so notreachable through the component property-map surface this module uses.
TopologyMissingWiring,ConfigDrift,GptpOutOfBudget,BinaryMismatch), the orchestratingreconcile(),and SARIF / in-toto emission — sibling v0.11.0 / v1.0 commits.
Artifacts:
REQ-TRACE-TOPOLOGY-008+TEST-TRACE-TOPOLOGY-IDENTITY-UNKNOWN.Test plan
cargo test -p spar-trace-topology --lib -- engine::tests— 11 unit testscargo test -p spar-trace-topology --test identity_reconcile— 3 integration tests (instantiated AADL)cargo clippy -p spar-trace-topology --all-targets— cleancargo fmt --check— cleanrivet validate— 0 broken cross-refs; error/warning totals byte-identical to baseline🤖 Generated with Claude Code