Documentation
¶
Overview ¶
Package arch implements the m/v waterline gates — the machine-checkable boundary between the engine-neutral `m` layer and the VistA-specific `v` layer (see docs/background/m-v-waterline-adr.md in the org `docs` repo).
It ships four gates:
- G1 — dependency-direction — the core invariant: dependency flows one way, v → m, never the reverse. An `m`-layer repo's Go dependency closure must contain no `vista-cloud-dev/v-*` module, and its M source must reference no `VSL*` (v-layer) routine.
- G2 — forbidden-symbol (no VistA below the waterline): an `m`-layer `.m` file's code must not reference a VistA-only symbol (FileMan/Kernel/KIDS: ^DIC/^DIE/^DIK/^DIQ, ^DD(, ^DPT(, ^VA(, ^XUS*, ^XPD*). Comment-aware — a symbol named only in a ';' comment (e.g. an STDMOCK doc example) is not a reference.
- G3 — transport-monopoly: only m-driver-sdk may run a driver binary / build the engine envelope. Any other repo's Go code naming a driver binary ("m-ydb"/"m-iris") other than its own is hand-rolling transport — reach the engine through mdriver.Client instead.
- G4 — seam-pin: a repo requiring m-driver-sdk must pin a tagged release in go.mod — no `replace` to it, no pseudo-version (untagged commit).
It also validates the repo's standardized meta artifact (Phase B item 1): root repo.meta.json (preferred, then dist/repo.meta.json) must carry id, layer, language, and verification_commands; layer must be "m" or "v".
G1 and G2 apply to the m layer; G3, G4, and meta-validation are layer-agnostic (a v consumer also must not hand-roll transport and must seam-pin). A repo declares its layer in a committed meta artifact ("layer": "m"|"v"); a `v`-layer repo passes G1/G2 trivially.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Layer ¶
type Layer string
Layer is a repo's side of the waterline.
func ResolveLayer ¶
ResolveLayer determines the repo's declared layer. An explicit override ("m"/"v") wins; otherwise the top-level "layer" field of a known committed meta artifact is read (dist/repo.meta.json, then dist/v-contract.json).
type Meta ¶
type Meta struct {
ID string `json:"id"`
Layer string `json:"layer"`
Language []string `json:"language"`
VerificationCommands []string `json:"verification_commands"`
}
Meta is the standardized repo meta artifact (the schema item 1 validates). Required: id, layer, language, verification_commands. Optional fields (consumes, exposes — repo-defined object shapes) and descriptive fields (repo, role, license, …) are allowed and ignored here.
type MetaProblem ¶
MetaProblem is one meta-shape finding (a missing or malformed field).
func ValidateMeta ¶
func ValidateMeta(meta Meta) []MetaProblem
ValidateMeta checks the meta against the standardized schema (Phase B item 1): id, layer, language, and verification_commands are required; layer must be "m" or "v"; consumes and exposes are optional. Returns one MetaProblem per violation (empty when clean).
type Report ¶
type Report struct {
Layer Layer `json:"layer"`
CheckedGo bool `json:"checkedGo"` // G1 Go dependency closure
CheckedM bool `json:"checkedM"` // G1 m-ref + G2 forbidden-symbol
CheckedG3 bool `json:"checkedG3"` // G3 transport-monopoly (driver refs)
CheckedG4 bool `json:"checkedG4"` // G4 seam-pin (go.mod)
CheckedMeta bool `json:"checkedMeta"` // meta-artifact shape
Violations []Violation `json:"violations"`
}
Report is the full waterline-gate result for one repo.
type Violation ¶
type Violation struct {
Gate string `json:"gate"` // "G1" | "G2" | "G3" | "G4" | "META"
Kind string `json:"kind"` // "go-dep" | "m-ref" | "vista-symbol" | "driver-ref" | "seam-replace" | "seam-untagged" | "meta-shape"
Source string `json:"source"` // offending module path or file:line
Detail string `json:"detail"` // human-readable explanation
}
Violation is one gate finding — a waterline breach (G1–G4) or a meta-shape problem (META).
func CheckDriverMonopoly ¶
CheckDriverMonopoly scans the Go source under root for an exec of a driver binary other than the repo's own (selfName) — the G3 transport-monopoly violation (ADR §3.2: no `exec.Command(…, "m-ydb"/"m-iris", …)` outside the SDK). The driver literal must co-occur with an exec.Command/CommandContext call on the same code line, so the gate's own deny-list and string fixtures (which name the binaries but never exec them) do not trip it. Only m-driver-sdk may run a driver / build the envelope; every other consumer reaches the engine through mdriver.Client (engine name "ydb"/"iris", never the binary). Comment text is ignored (goCodePortion); generated/vendored trees are skipped. The SDK is exempt and is not scanned (the caller skips it).
func CheckMRefs ¶
CheckMRefs scans the .m source under root for references to v-layer (VSL*) routines — the M-side m → v G1 violation.
func CheckSeamPin ¶
CheckSeamPin inspects root/go.mod for the seam-pin invariant (G4): a repo that requires m-driver-sdk must pin a *tagged* release — no `replace` directive to it and no pseudo-version (untagged commit) require. A repo with no go.mod, or one not depending on the SDK, passes trivially.
func CheckVistaSymbols ¶
CheckVistaSymbols scans the code portion of the .m source under root for VistA-only symbols (the G2 violation — no VistA below the waterline). Comment text is ignored via codePortion.