diff --git a/artifacts/findings.yaml b/artifacts/findings.yaml index dcfaf97..75f659e 100644 --- a/artifacts/findings.yaml +++ b/artifacts/findings.yaml @@ -772,6 +772,13 @@ artifacts: single milestone ack on jess#62 (matrix complete) - the deferred-from-v1.84 ack, at the meaningful boundary rather than per-release. Evidence: results/jess-build-falcon-v1.85.0.xml. + UPDATE 2026-06-23 (cron loop, falcon-v1.86.0 + v1.87.0 = traceability closeout): + both are relay's RIGHT-SIDE-OF-V work (test-level evidence on the HAL arc + + drift-guarded gate, "last requirement-verification gaps closed", pulseengine.eu#89 / + relay #221/#223) - NOT flight-logic changes. Per-piece GREEN on v1.87.0, SIL PASS + (kiln==wasmtime), authoritative skip inventory UNCHANGED at 3 of 18 all #369 + hard-float, bulk-mem clean. No new on-target gap. Evidence: + results/jess-build-falcon-v1.87.0.xml. tags: [release-watch, synth, fpu, miscompile, correctness, on-target, blocker] fields: detected-by: jess REQ-PIX-001 value-level oracle - silent miscompile resolved in v0.11.46 (GI-FPU-001, verified loud-skip exit 1); OPEN remainder is GI-FPU-002 hard-float diff --git a/artifacts/phase2-pixhawk.yaml b/artifacts/phase2-pixhawk.yaml index f9f0f0f..38e4da7 100644 --- a/artifacts/phase2-pixhawk.yaml +++ b/artifacts/phase2-pixhawk.yaml @@ -586,3 +586,41 @@ artifacts: links: - type: verifies target: REQ-PIX-017 + + - id: REQ-PIX-018 + type: requirement + title: jess CI gates the falcon wasm with witness (MC/DC branch coverage) + scry (sound abstract interpretation), on the meld-fused core + status: draft + description: > + Inbound jess#91 (avrabe, org release-consistency campaign; hub pulseengine.eu#98): + jess builds/consumes wasm firmware but gates CI only on rivet + spar - add the + DO-178C/DO-333 verification legs witness (structural coverage) + scry (sound static + analysis) on the falcon wasm. Aligns with jess's verification posture + the + experience report pulseengine.eu#90 (close the right side of the V). + FEASIBILITY CONFIRMED 2026-06-23 (jess investigated locally): + - witness: instruments only CORE modules, not the falcon COMPONENT - but jess + ALREADY produces the meld-fused core in scripts/jess-build.sh (falcon.fused.wasm). + `witness instrument falcon.fused.wasm` succeeds (witness v0.36.0, SHA/sig-verified + darwin release) -> 1407 BRANCHES, 0 DWARF-correlated decisions. The released + falcon wasm is STRIPPED (no .debug_* DWARF, only a `name` section), so jess's + witness gate is structural BRANCH coverage on the fused core, NOT DWARF-correlated + MC/DC decisions. Running the instrumented core needs a harness (kilnd, which + jess-build.sh already has). + - scry: ships scry-1.17.0-wasm32-wasip2.wasm + a crates.io lib (synth-cli already + consumes it for the #383 shadow-stack analysis); runnable on the falcon core. + DEVIATION (raised at the hub pulseengine.eu#98, per the campaign rule): because jess + CONSUMES the released stripped falcon wasm (no source/DWARF), its witness gate is + branch-coverage + scry sound-analysis on the fused core - COMPLEMENTING relay's + source-level DWARF-correlated MC/DC gate (relay builds falcon with debuginfo), not + duplicating it. sigil-signing is N/A (jess cuts no release; blocked on sigil#164). + PLAN: add (a) a witness branch-coverage gate (meld fuse -> witness instrument -> run + via kilnd -> report -> assert no branch-coverage regression) and (b) a scry + sound-analysis gate, both on the fused falcon core, to .github/workflows/ci.yml - + the deliberate follow-on feature (not rushed in a supervisory tick). + fields: + category: process + priority: should + release: v0.9.0 + links: + - type: traces-to + target: REQ-PIX-001 diff --git a/results/jess-build-falcon-v1.87.0.xml b/results/jess-build-falcon-v1.87.0.xml new file mode 100644 index 0000000..697e74b --- /dev/null +++ b/results/jess-build-falcon-v1.87.0.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + +