From d77ae9b20467ffc81853fcf54dbac6dd6dd5d2b9 Mon Sep 17 00:00:00 2001 From: Ralf Anton Beier Date: Tue, 23 Jun 2026 00:29:35 +0200 Subject: [PATCH] =?UTF-8?q?inbound(jess#91=20=E2=86=92=20REQ-PIX-018):=20t?= =?UTF-8?q?riage=20witness+scry=20CI=20gates=20(feasibility=20confirmed,?= =?UTF-8?q?=20deviation=20flagged);=20falcon-v1.87=20per-piece=20GREEN?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit INBOUND jess#91 (avrabe, org release-consistency campaign, hub pulseengine.eu#98): add witness (MC/DC) + scry (sound abstract interpretation) CI gates on the falcon wasm. Triaged + feasibility-investigated + captured as REQ-PIX-018 (draft). Feasibility CONFIRMED locally: witness v0.36.0 (SHA/sig-verified) instruments the meld-fused core jess already produces (falcon.fused.wasm) -> 1407 branches, 0 DWARF decisions (released falcon is stripped). scry ships a wasm + crates.io lib (synth already consumes it). DEVIATION (to raise at hub pulseengine.eu#98): jess CONSUMES the released stripped wasm, so its witness gate is branch-coverage + scry sound-analysis on the fused core — COMPLEMENTING relay's source-level DWARF-MC/DC, not duplicating it; sigil N/A (no release, sigil#164). falcon-v1.86/v1.87 = relay traceability closeout (pulseengine.eu#89), NOT flight logic. Per-piece GREEN on v1.87, skip inventory unchanged (3/18 #369, bulk-mem clean). AFD-024 noted; evidence committed. rivet validate: PASS. Co-Authored-By: Claude Opus 4.8 --- artifacts/findings.yaml | 7 +++++ artifacts/phase2-pixhawk.yaml | 38 +++++++++++++++++++++++++++ results/jess-build-falcon-v1.87.0.xml | 12 +++++++++ 3 files changed, 57 insertions(+) create mode 100644 results/jess-build-falcon-v1.87.0.xml diff --git a/artifacts/findings.yaml b/artifacts/findings.yaml index dcfaf97..75f659e 100644 --- a/artifacts/findings.yaml +++ b/artifacts/findings.yaml @@ -772,6 +772,13 @@ artifacts: single milestone ack on jess#62 (matrix complete) - the deferred-from-v1.84 ack, at the meaningful boundary rather than per-release. Evidence: results/jess-build-falcon-v1.85.0.xml. + UPDATE 2026-06-23 (cron loop, falcon-v1.86.0 + v1.87.0 = traceability closeout): + both are relay's RIGHT-SIDE-OF-V work (test-level evidence on the HAL arc + + drift-guarded gate, "last requirement-verification gaps closed", pulseengine.eu#89 / + relay #221/#223) - NOT flight-logic changes. Per-piece GREEN on v1.87.0, SIL PASS + (kiln==wasmtime), authoritative skip inventory UNCHANGED at 3 of 18 all #369 + hard-float, bulk-mem clean. No new on-target gap. Evidence: + results/jess-build-falcon-v1.87.0.xml. tags: [release-watch, synth, fpu, miscompile, correctness, on-target, blocker] fields: detected-by: jess REQ-PIX-001 value-level oracle - silent miscompile resolved in v0.11.46 (GI-FPU-001, verified loud-skip exit 1); OPEN remainder is GI-FPU-002 hard-float diff --git a/artifacts/phase2-pixhawk.yaml b/artifacts/phase2-pixhawk.yaml index f9f0f0f..38e4da7 100644 --- a/artifacts/phase2-pixhawk.yaml +++ b/artifacts/phase2-pixhawk.yaml @@ -586,3 +586,41 @@ artifacts: links: - type: verifies target: REQ-PIX-017 + + - id: REQ-PIX-018 + type: requirement + title: jess CI gates the falcon wasm with witness (MC/DC branch coverage) + scry (sound abstract interpretation), on the meld-fused core + status: draft + description: > + Inbound jess#91 (avrabe, org release-consistency campaign; hub pulseengine.eu#98): + jess builds/consumes wasm firmware but gates CI only on rivet + spar - add the + DO-178C/DO-333 verification legs witness (structural coverage) + scry (sound static + analysis) on the falcon wasm. Aligns with jess's verification posture + the + experience report pulseengine.eu#90 (close the right side of the V). + FEASIBILITY CONFIRMED 2026-06-23 (jess investigated locally): + - witness: instruments only CORE modules, not the falcon COMPONENT - but jess + ALREADY produces the meld-fused core in scripts/jess-build.sh (falcon.fused.wasm). + `witness instrument falcon.fused.wasm` succeeds (witness v0.36.0, SHA/sig-verified + darwin release) -> 1407 BRANCHES, 0 DWARF-correlated decisions. The released + falcon wasm is STRIPPED (no .debug_* DWARF, only a `name` section), so jess's + witness gate is structural BRANCH coverage on the fused core, NOT DWARF-correlated + MC/DC decisions. Running the instrumented core needs a harness (kilnd, which + jess-build.sh already has). + - scry: ships scry-1.17.0-wasm32-wasip2.wasm + a crates.io lib (synth-cli already + consumes it for the #383 shadow-stack analysis); runnable on the falcon core. + DEVIATION (raised at the hub pulseengine.eu#98, per the campaign rule): because jess + CONSUMES the released stripped falcon wasm (no source/DWARF), its witness gate is + branch-coverage + scry sound-analysis on the fused core - COMPLEMENTING relay's + source-level DWARF-correlated MC/DC gate (relay builds falcon with debuginfo), not + duplicating it. sigil-signing is N/A (jess cuts no release; blocked on sigil#164). + PLAN: add (a) a witness branch-coverage gate (meld fuse -> witness instrument -> run + via kilnd -> report -> assert no branch-coverage regression) and (b) a scry + sound-analysis gate, both on the fused falcon core, to .github/workflows/ci.yml - + the deliberate follow-on feature (not rushed in a supervisory tick). + fields: + category: process + priority: should + release: v0.9.0 + links: + - type: traces-to + target: REQ-PIX-001 diff --git a/results/jess-build-falcon-v1.87.0.xml b/results/jess-build-falcon-v1.87.0.xml new file mode 100644 index 0000000..697e74b --- /dev/null +++ b/results/jess-build-falcon-v1.87.0.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + +