Merged
Conversation
…im for vocab_examples
…ce and principles
…port validation structure
…and notes - Fix mkdocs.yml typo: 'Propse Embargo Behavior' -> 'Propose Embargo Behavior' - specs/triggerable-behaviors.md: - Add reject-report behavior (hard close, three-way validation outcome) - Expand TB-02-001 with three-way validation note (Accept/TentativelyReject/Reject) - Add TB-02-003 additional candidate behaviors (notify-actor, assign-cve-id, identify-participants) - Update TB-03-001: use offer_id (not report_id) for report-scoped behaviors; add reject-report and new candidates to scoped lists - Add TB-03-003: optional note field for trigger request bodies - Update verification section to reference new requirements - notes/triggerable-behaviors.md: - Add BT Node Classification section (condition checks, evaluation tasks, execution tasks) - Add Three-Way Report Validation section with documentation gap note - Add Side Effects of Emit FOO Behaviors table - Add Placeholder Behaviors and Logging section - Add SSVC-Based Prioritization section with implementation path - Add Per-Behavior Design Notes (evaluate-embargo, propose-embargo, terminate-embargo, assign-cve-id, identify-participants, notify-actor) - Add Invitation-Ready Case Object open question section - Add Per-Participant Embargo Acceptance Tracking open question section - Update candidate RM behaviors table to include reject-report - notes/do-work-behaviors.md: - Add Fix Development automation potential and future direction note - Add Do-Work Parallel Node: Preconditions section - notes/bt-integration.md: add cross-reference to bt-fuzzer-nodes.md Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…erences All sections of the 'More thoughts on triggerable behaviors' topic have been captured into notes/triggerable-behaviors.md, notes/do-work-behaviors.md, specs/triggerable-behaviors.md, and mkdocs.yml. Each section is marked with strikethrough and annotated with a 'Captured in:' reference. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- specs/triggerable-behaviors.md: split TB-03-003; add TB-03-004 requiring reject-report note field (MUST present, SHOULD non-empty) - specs/code-style.md: add CS-08-001 'if present then non-empty' pattern for optional string fields in Pydantic models and JSON Schemas - specs/case-management.md: add CM-09-* (RedactedVulnerabilityCase) and CM-10-* (per-participant embargo acceptance tracking with CaseActor trusted timestamps) - notes/triggerable-behaviors.md: resolve three open questions with design decisions; update Invitation-Ready Case Object and Per-Participant Embargo Acceptance Tracking sections - AGENTS.md: add 'if present then non-empty' rule to Validation and Type Safety section - specs/README.md, notes/README.md: update descriptions to reflect new content - plan/IDEAS.md: mark all three resolved items with strikethrough and cross-references to destination specs/notes Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
CM-10-002 required CaseActor timestamps only for embargo acceptances. IDEAS.md identified this principle should apply to ALL state-changing messages received by the CaseActor (participant joins, notes added, status updates, etc.) to ensure consistent event ordering across different copies of a case and to support auditability. Changes: - specs/case-management.md: add CM-02-009 (general trusted-timestamp principle) under CaseActor Lifecycle; update CM-10-002 to implement CM-02-009; add CM-02-009 verification criteria - notes/case-state-model.md: document trusted-timestamp principle in the append-only history section with cross-reference to CM-02-009 - plan/IDEAS.md: mark idea as captured with references to CM-02-009 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
New gaps identified: - specs/triggerable-behaviors.md TB-01 through TB-07 now formal spec; P30 tasks updated to reference spec IDs and cover TB-03/04/06/07 - CM-10 embargo acceptance tracking (CM-10-001 through CM-10-004) not implemented; add Phase SPEC-COMPLIANCE-3 - CM-02-009 general trusted-timestamp requirement not implemented - CS-08-001 Optional[str] empty-string validation missing; add TECHDEBT-7 - TECHDEBT-3 updated to reference new specs/object-ids.md OID spec IDs - BUGFIX-1 logging noise clarified as PyCharm-specific known limitation - Spec Compliance Snapshot table updated with new gaps Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…cord ID requirements
- specs/case-management.md:
- CM-05-001: rename 'Publication' domain object to 'CaseReference'; update
description to typed external reference model (url/name/tags)
- CM-05-004/005/007: update references from 'publications' to 'CaseReference'
- CM-05-005: align CaseReference structure with CVE JSON schema reference format
- CM-05-008: VulnerabilityRecord IDs MUST be treated as opaque strings
- CM-05-009: VulnerabilityRecord SHOULD support alias IDs from multiple namespaces
- CM-05-010: CVERecord type MUST conform to CVE JSON schema
- Update verification section (CM-05-001 through CM-05-010)
- notes/do-work-behaviors.md: update cross-reference table and Publication section
to use CaseReference terminology
- specs/README.md: update case-management.md description; add tech-stack.md entry
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add Code Quality Tooling section (IMPL-TS-07-*) - IMPL-TS-07-001: Black formatter MUST be enforced via pre-commit hooks - IMPL-TS-07-002: pyright SHOULD be adopted for static type checking with gradual adoption strategy (run on existing code for debt tracking, enforce on new/modified code going forward) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…with strikethrough
- IDEAS.md: mark pyright idea as captured (see specs/tech-stack.md IMPL-TS-07-002)
- IMPLEMENTATION_NOTES.md:
- SC-1.1 (VulnerabilityRecord IDs): mark as captured (specs/case-management.md
CM-05-008, CM-05-009, CM-05-010)
- SC-1.2 ('References' not 'Publications'): mark as captured (specs/case-management.md
CM-05-001, CM-05-004, CM-05-005, CM-05-007)
- 2026-03-06 items: mark each sub-item as captured with reference to target files
(BUGS.md, triggerable-behaviors.md, codebase-structure.md, case-management.md)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Rename Publication → CaseReference in SC-1.2, gap analysis, and spec compliance snapshot (spec commit ad46802) - Add TECHDEBT-8: configure pyright for gradual static type checking (specs/tech-stack.md IMPL-TS-07-002) - Add gap item for pyright in gap analysis section - Add IMPL-TS-07-002 row to spec compliance snapshot Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- notes/bt-integration.md: remove trailing space (MD009) - notes/encryption.md: add blank lines around lists (MD032), wrap bare URLs in angle brackets (MD034) - prompts/LEARN_EXTRA_prompt.md: remove trailing spaces (MD009), fix spaces inside emphasis markers (MD037), renumber ordered list items to start from 1 within each section (MD029) - prompts/PLAN_prompt.md: remove trailing spaces (MD009) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates Vultron’s documentation/specs and planning artifacts to clarify architectural guidance (notably triggerable behaviors and case-management semantics), while also completing the vocab_examples shim removal by updating imports across the API and tests.
Changes:
- Remove the
vultron/scripts/vocab_examples.pycompatibility shim and migrate internal imports/tests tovultron.as_vocab.examples. - Add/expand specifications and design notes (triggerable behaviors, case-management refinements, code-style rules, tech-stack tooling).
- Refresh planning documents and agent prompts to reflect current priorities, completed refactors, and task-sizing guidance.
Reviewed changes
Copilot reviewed 41 out of 41 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| vultron/semantic_map.py | Update example import path to the new as_vocab.examples location. |
| vultron/scripts/vocab_examples.py | Remove the deprecated compatibility shim module. |
| vultron/api/v2/routers/examples.py | Update router imports to use vultron.as_vocab.examples. |
| vultron/api/v2/routers/datalayer.py | Update example initialization import path during datalayer reset. |
| vultron/api/v1/routers/reports.py | Update imports to use vultron.as_vocab.examples. |
| vultron/api/v1/routers/participants.py | Update imports to use vultron.as_vocab.examples and topic submodules. |
| vultron/api/v1/routers/examples.py | Update imports to use vultron.as_vocab.examples. |
| vultron/api/v1/routers/embargoes.py | Update imports to use vultron.as_vocab.examples. |
| vultron/api/v1/routers/cases.py | Update imports to use vultron.as_vocab.examples. |
| vultron/api/v1/routers/actors.py | Update imports to use vultron.as_vocab.examples. |
| test/as_vocab/test_vocab_examples.py | Update test imports to the new vultron.as_vocab.examples.vocab_examples path. |
| specs/triggerable-behaviors.md | Add a formal spec for trigger endpoints, payload/response expectations, and BT integration. |
| specs/tech-stack.md | Add code-quality tooling guidance (Black enforcement, gradual pyright adoption). |
| specs/project-documentation.md | Add task sizing guidance and documentation/process refinements. |
| specs/object-ids.md | Update sources and rationale references for object ID requirements. |
| specs/meta-specifications.md | Clarify file naming conventions across notes/specs/docs. |
| specs/encryption.md | Update spec “Source” reference to the new encryption notes location. |
| specs/embargo-policy.md | Update “Source” and related references to newer notes/spec context. |
| specs/demo-cli.md | Update “Source” reference to priorities doc. |
| specs/code-style.md | Add CS-08-001 requirement: Optional string fields must reject empty strings. |
| specs/case-management.md | Expand/clarify trusted timestamps, domain object model, redacted views, embargo acceptance tracking. |
| specs/README.md | Update spec index and implementation-status summary to reflect new/updated specs. |
| prompts/PLAN_prompt.md | Add “meaningful chunks” sizing guidance for plan updates. |
| prompts/LEARN_EXTRA_prompt.md | Add a new prompt for documentation refinement workflows. |
| plan/PRIORITIES.md | Add priority-numbering guidance and additional roadmap items. |
| plan/IMPLEMENTATION_PLAN.md | Refresh gap analysis, completed work status, and add new TECHDEBT items tied to new specs. |
| plan/IMPLEMENTATION_NOTES.md | Mark captured items, add notes aligned with updated specs/planning. |
| plan/IDEAS.md | Mark pyright idea as captured in specs. |
| plan/BUGS.md | Update logging-noise status and note PyCharm runner limitation. |
| notes/triggerable-behaviors.md | Add detailed design notes for triggerable behaviors and endpoint contracts. |
| notes/encryption.md | Add encryption implementation notes (key discovery, decryption placement, strategies). |
| notes/domain-model-separation.md | Add per-actor datalayer isolation options and DI guidance. |
| notes/do-work-behaviors.md | Clarify automation boundaries for fix development and add BT precondition discussion. |
| notes/codebase-structure.md | Add API-layer architecture guidance and mark refactors as completed; add docstring/markdown guidance. |
| notes/case-state-model.md | Clarify trusted timestamp principle for CaseActor state changes. |
| notes/bt-integration.md | Update handler path reference; add BT composability and fuzzer-node context. |
| notes/bt-fuzzer-nodes.md | Add a comprehensive catalog of simulator fuzzer nodes as external dependency touchpoints. |
| notes/activitystreams-semantics.md | Add CaseActor authoritativeness and canonical case update path notes. |
| notes/README.md | Update notes index to include new topics/files. |
| mkdocs.yml | Fix navigation label typo (“Propose” embargo behavior). |
| AGENTS.md | Add guidance on optional-string non-emptiness; update vocabulary examples location references. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
|
@ahouseholder I've opened a new pull request, #314, to work on those changes. Once the pull request is ready, I'll request review from you. |
…n.md headings Co-authored-by: ahouseholder <2594236+ahouseholder@users.noreply.github.com>
Fix DataLayer injection in initialize_examples and fix encryption.md headings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request primarily updates documentation to clarify system architecture, improve codebase organization, and strengthen conventions for error handling and API design. It also adds new sections on case state authority and behavior tree composability, and completes several module refactoring tasks. The changes enhance maintainability, accuracy, and future extensibility of both the docs and the codebase.
Error handling and validation conventions:
Optional[str]fields must reject empty strings, enforced via Pydantic validators and reflected in JSON Schema (minLength: 1). Reference tospecs/code-style.mdCS-08-001.Codebase and module organization:
vultron/api/v2/backend/handlers/now contains topic-based submodules, with stable re-exports from__init__.py. Seeplan/IMPLEMENTATION_PLAN.mdPhase TECHDEBT-1.vultron/as_vocab/examples/now contains topic-based submodules, with direct imports and removal of compatibility shim. Seeplan/IMPLEMENTATION_PLAN.mdTECHDEBT-5, TECHDEBT-6.Case state authority and update path:
Behavior tree architecture and automation boundaries:
Documentation conventions and bug fixes:
app.pyby moving it to the lifespan context manager, improving test isolation.Other minor changes include typo corrections, navigation updates, and expanded cross-references for clarity and completeness.