Conversation
7 tasks
zeevdr
added
docs
11 tasks
Adds .agents/context/cel-validation.md covering the design space for cross-field validation via CEL (issue #76): - Prior art survey: Kubernetes CRD x-kubernetes-validations, buf protovalidate, Terraform variable validation, JSON Schema 2020-12 conditionals (dependentRequired / if-then-else), Symfony Expression - Schema shape: top-level `validations:` list at group granularity, binding `self.<path>` to align with K8s + protovalidate idiom - JSON Schema carve-out: `dependentRequired:` for free declarative cross-field requirement; CEL is the escape hatch for arithmetic / multi-field invariants - Lint rules: 4 (syntax / >=1 field ref / typed-env resolution / native-substitutable detection) - Engine: cel-go, compile at ImportSchema, cache cel.Program, evaluate per write, CostLimit for DoS protection - Phasing: Phase 1 reserve keys + dependentRequired enforcement + prefix-overlap lint (v0.1.0); Phase 2 CEL engine MVP; Phase 3 polish Updates schema-spec.md to reserve `validations:` and `dependentRequired:` in v0.1.0 and cross-link the brief. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Surfaced during the dependentRequired implementation race-safety discussion. Two CEL rules can be jointly unsatisfiable (a>b paired with b>a; x==k1 paired with x==k2 for distinct constants), making every config fail the validation gate. Worth detecting at ImportSchema time so the schema author hears about it instead of every downstream user. Documents three approaches with trade-offs: - AST pattern match (cheap, common shapes only) - Empty-set probe (cheap, statistical) - SMT translation via z3 (heavy, violates vanilla principle) Phase 2 ships AST pattern match + empty-set probe. SMT out of scope. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.agents/context/cel-validation.mddiscovery brief for issue CEL expressions for advanced validation #76validations:anddependentRequired:in schema spec v0.1.0 (Publish meta-schema for schema YAML structure (v0.1.0) #117) so the schema shape locks before v0.1.0 shipsdependentRequiredenforcement + prefix-overlap lint; Phase 2 ships the cel-go engine; Phase 3 polishPrior art surveyed: Kubernetes CRD
x-kubernetes-validations, bufprotovalidate, Terraform variable validation, JSON Schema 2020-12 conditionals, Symfony Expression. Decisions explained in the brief.Three follow-up issues filed against #76 as Phase 1 subtasks.
Test plan