busya/ss-tools
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

semantics

Browse Source
This commit is contained in:
busya
2026-03-27 21:27:31 +03:00
parent 7c85552132
commit 2ed66bfebc
182 changed files with 21186 additions and 10254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
backend/src/services/clean_release/compliance_orchestrator.py
View File

@@ -1,11 +1,11 @@
# [DEF:compliance_orchestrator:Module]
# [DEF:ComplianceOrchestrator:Module]
# @COMPLEXITY: 5
# @SEMANTICS: clean-release, orchestrator, compliance-gate, stages
# @PURPOSE: Execute mandatory clean compliance stages and produce final COMPLIANT/BLOCKED/FAILED outcome.
# @LAYER: Domain
# @RELATION: DEPENDS_ON -> backend.src.services.clean_release.stages
# @RELATION: DEPENDS_ON -> backend.src.services.clean_release.report_builder
# @RELATION: DEPENDS_ON -> backend.src.services.clean_release.repository
# @RELATION: [DEPENDS_ON] ->[ComplianceStages]
# @RELATION: [DEPENDS_ON] ->[RepositoryRelations]
# @RELATION: [DEPENDS_ON] ->[CleanReleaseModels]
# @INVARIANT: COMPLIANT is impossible when any mandatory stage fails.
# @TEST_CONTRACT: ComplianceCheckRun -> ComplianceCheckRun
# @TEST_FIXTURE: compliant_candidate -> file:backend/tests/fixtures/clean_release/fixtures_clean_release.json
@@ -51,7 +51,8 @@ class CleanComplianceOrchestrator:
def __init__(self, repository: CleanReleaseRepository):
with belief_scope("CleanComplianceOrchestrator.__init__"):
self.repository = repository
# [/DEF:CleanComplianceOrchestrator.__init__:Function]
# [/DEF:__init__:Function]
# [DEF:start_check_run:Function]
# @PURPOSE: Initiate a new compliance run session.
@@ -69,31 +70,51 @@ class CleanComplianceOrchestrator:
) -> ComplianceRun:
with belief_scope("start_check_run"):
actor = requested_by or legacy_kwargs.get("triggered_by") or "system"
execution_mode = str(legacy_kwargs.get("execution_mode") or "").strip().lower()
execution_mode = (
str(legacy_kwargs.get("execution_mode") or "").strip().lower()
)
manifest_id_value = manifest_id
if manifest_id_value and str(manifest_id_value).strip().lower() in {"tui", "api", "scheduler"}:
if manifest_id_value and str(manifest_id_value).strip().lower() in {
"tui",
"api",
"scheduler",
}:
logger.reason(
"Detected legacy positional execution_mode passed through manifest_id slot",
extra={"candidate_id": candidate_id, "execution_mode": manifest_id_value},
extra={
"candidate_id": candidate_id,
"execution_mode": manifest_id_value,
},
)
execution_mode = str(manifest_id_value).strip().lower()
manifest_id_value = None
manifest = self.repository.get_manifest(manifest_id_value) if manifest_id_value else None
manifest = (
self.repository.get_manifest(manifest_id_value)
if manifest_id_value
else None
)
policy = self.repository.get_policy(policy_id)
if manifest_id_value and manifest is None:
logger.explore(
"Manifest lookup missed during run start; rejecting explicit manifest contract",
extra={"candidate_id": candidate_id, "manifest_id": manifest_id_value},
extra={
"candidate_id": candidate_id,
"manifest_id": manifest_id_value,
},
)
raise ValueError("Manifest or Policy not found")
if policy is None:
logger.explore(
"Policy lookup missed during run start; using compatibility placeholder snapshot",
extra={"candidate_id": candidate_id, "policy_id": policy_id, "execution_mode": execution_mode or "unspecified"},
extra={
"candidate_id": candidate_id,
"policy_id": policy_id,
"execution_mode": execution_mode or "unspecified",
},
)
manifest_id_value = manifest_id_value or f"manifest-{candidate_id}"
@@ -118,9 +139,14 @@ class CleanComplianceOrchestrator:
)
logger.reflect(
"Initialized compliance run with compatibility-safe dependency placeholders",
extra={"run_id": check_run.id, "candidate_id": candidate_id, "policy_id": policy_id},
extra={
"run_id": check_run.id,
"candidate_id": candidate_id,
"policy_id": policy_id,
},
)
return self.repository.save_check_run(check_run)
# [/DEF:start_check_run:Function]
# [DEF:execute_stages:Function]
@@ -129,7 +155,11 @@ class CleanComplianceOrchestrator:
# @POST: Returns persisted ComplianceRun with status FAILED on missing dependencies, otherwise SUCCEEDED with final_status set.
# @SIDE_EFFECT: Reads candidate/policy/registry/manifest and persists updated check_run.
# @DATA_CONTRACT: Input -> (check_run:ComplianceRun, forced_results:Optional[List[ComplianceStageRun]]), Output -> ComplianceRun
def execute_stages(self, check_run: ComplianceRun, forced_results: Optional[List[ComplianceStageRun]] = None) -> ComplianceRun:
def execute_stages(
self,
check_run: ComplianceRun,
forced_results: Optional[List[ComplianceStageRun]] = None,
) -> ComplianceRun:
with belief_scope("execute_stages"):
if forced_results is not None:
for index, result in enumerate(forced_results, start=1):
@@ -170,12 +200,15 @@ class CleanComplianceOrchestrator:
summary = manifest.content_json.get("summary", {})
purity_ok = summary.get("prohibited_detected_count", 0) == 0
check_run.final_status = (
ComplianceDecision.PASSED.value if purity_ok else ComplianceDecision.BLOCKED.value
ComplianceDecision.PASSED.value
if purity_ok
else ComplianceDecision.BLOCKED.value
)
check_run.status = RunStatus.SUCCEEDED
check_run.finished_at = datetime.now(timezone.utc)
return self.repository.save_check_run(check_run)
# [/DEF:execute_stages:Function]
# [DEF:finalize_run:Function]
@@ -202,7 +235,10 @@ class CleanComplianceOrchestrator:
check_run.status = RunStatus.SUCCEEDED
check_run.finished_at = datetime.now(timezone.utc)
return self.repository.save_check_run(check_run)
# [/DEF:finalize_run:Function]
# [/DEF:CleanComplianceOrchestrator:Class]
@@ -229,5 +265,7 @@ def run_check_legacy(
)
run = orchestrator.execute_stages(run)
return orchestrator.finalize_run(run)
# [/DEF:run_check_legacy:Function]
# [/DEF:backend.src.services.clean_release.compliance_orchestrator:Module]
# [/DEF:ComplianceOrchestrator:Module]