Summary
Design how CodeGuard should decide which files, paths, or rule checks need analysis on repeat runs.
Goals
- Reduce unnecessary scanning without missing security-relevant changes.
- Allow the implementation to choose the right signal: content digests, VCS state, filesystem metadata, watcher state, rule/config changes, or dependency context.
- Keep the first version simple and document its limits.
Design Questions
- What is the right unit of work: file, rule/file pair, package, repository, or something else?
- Which inputs should invalidate prior results?
- How should added, changed, deleted, renamed, generated, untracked, symlinked, and binary files be handled?
- What should be recorded for auditability and repeatability?
Acceptance Criteria
- A short design proposal recommends a first implementation path.
- Alternatives and tradeoffs are documented.
- Correctness risks are explicit.
- Follow-up implementation work can be split into focused issues or PRs.
Summary
Design how CodeGuard should decide which files, paths, or rule checks need analysis on repeat runs.
Goals
Design Questions
Acceptance Criteria