Skip to content

docs(spec): add registry reconciliation contract#257

Merged
EffortlessSteven merged 1 commit into
mainfrom
docs/reconcile-spec
May 13, 2026
Merged

docs(spec): add registry reconciliation contract#257
EffortlessSteven merged 1 commit into
mainfrom
docs/reconcile-spec

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Summary:

  • add SHIPPER-SPEC-0003 for ambiguous publish registry reconciliation
  • define Published / NotPublished / StillUnknown behavior and resume rules
  • keep support-tier promotion blocked until implementation, tests, ADR, and plan exist

Validation:

  • cargo xtask check-doc-contracts --mode advisory
  • cargo xtask policy-report
  • cargo fmt --all -- --check
  • cargo xtask check-file-policy --mode blocking-allowlist
  • git diff --cached --check

Non-goals:

  • no runtime publish-engine behavior change
  • no support-tier promotion
  • no README/product claim promotion

@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@coderabbitai

coderabbitai Bot commented May 13, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 58 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e1e3c19f-ac56-4a8f-89aa-f2497c480253

📥 Commits

Reviewing files that changed from the base of the PR and between e7a0d75 and 089fd0e.

📒 Files selected for processing (1)
  • docs/specs/SHIPPER-SPEC-0003-registry-reconciliation.md
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/reconcile-spec

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@factory-droid

factory-droid Bot commented May 13, 2026

Copy link
Copy Markdown

Droid finished @EffortlessSteven's task —— View job


Droid review completed for PR #257 (docs/reconcile-spec).

Validation Summary: All 4 candidate comments validated and posted as a batched review.

Priority Finding Status
P1 Test mapping references non-existent reconciliation tests in shipper-types Posted
P2 Empty linked-artifact header fields create ambiguity about acceptance criteria Posted
P3 Events-as-truth invariant not explicitly stated in Behavior Contract ordering Posted
P3 StillUnknown acceptance example omits the halt-for-operator-action consequence Posted

No security issues identified.

Comment on lines +99 to +102
- `cargo test -p shipper-cli --test bdd_publish`
- targeted resume tests for all three reconciliation outcomes
- policy/doc gates:
- `cargo xtask check-doc-contracts --mode advisory`

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P1] Test mapping references non-existent reconciliation tests in shipper-types

The Test Mapping section specifies cargo test -p shipper-types reconciliation as expected implementation proof, but shipper-types is a types/data-schema crate containing only snapshot/integration tests for schemas and release levels. The ReconciliationOutcome type is defined in shipper-types (with documentation referencing the reconciliation flow), but there are no reconciliation-specific tests in that crate — those tests reside in shipper-core. Running cargo test -p shipper-types reconciliation would find zero tests, making the spec's test mapping inaccurate. The spec should either remove this bullet or clarify that shipper-types holds only the type definitions while actual reconciliation tests live in shipper-core.

Comment on lines +1 to +5
# SHIPPER-SPEC-0003: Registry Reconciliation

Status: proposed
Owner: EffortlessMetrics
Created: 2026-05-13

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P2] Empty linked-artifact header fields create ambiguity about acceptance criteria

The spec header contains several empty fields: Linked specs:, Linked ADRs:, Linked plan:, Linked PRs:. While the proposed status may intend these to be filled as the lane progresses, the Implementation Mapping section explicitly mentions an ADR that should record registry-truth-over-Cargo-output decision, creating an inconsistency — that ADR is referenced in prose but not linked in the header. The companion proposal SHIPPER-PROP-0002 has identical empty fields, suggesting this is the established pattern, but the spec should either populate the ADR link or clarify that the ADR is pending and tracked via open questions rather than a header link.

Comment on lines +22 to +43
happened from the operator.

Shipper must close ambiguous publish outcomes against registry evidence before
retrying or resuming.

## Behavior Contract

When a cargo publish attempt exits with an ambiguous class, Shipper must:

1. Persist that the package outcome is ambiguous before taking follow-up action.
2. Emit a `publish_reconciling` event before querying registry truth.
3. Query registry truth using bounded sparse-index and/or registry API evidence,
honoring the configured readiness method where applicable.
4. Produce exactly one reconciliation outcome:
- `Published`
- `NotPublished`
- `StillUnknown`
5. Emit a `publish_reconciled` event with the outcome and structured evidence.
6. Persist the reconciliation outcome in execution state.
7. Apply the outcome:
- `Published`: mark the package complete and do not re-upload.
- `NotPublished`: allow retry policy to continue.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P3] Events-as-truth invariant not explicitly stated in Behavior Contract ordering

The Required Evidence section requires State and events remain consistent with the events-as-truth invariant, and publish_reconciling/publish_reconciled events are referenced, but the Behavior Contract steps (1-8) do not explicitly mandate that both events must be written to events.jsonl before the corresponding state update. The spec describes what actions must happen but not the critical ordering constraint (events first, state second) that the events-as-truth invariant enforces. Implementers reading only the Behavior Contract could miss this requirement. The spec should clarify that steps 2 and 5 (event emission) must complete and be flushed to events.jsonl before steps 6 and 7 (state persistence) execute.

Comment on lines +80 to +88
reconciliation outcome is `Published`.
- Cargo exits with a timeout, bounded registry checks complete and the version
remains absent: reconciliation outcome is `NotPublished`.
- Cargo exits with a network failure, and both registry evidence paths are
unavailable or inconclusive: reconciliation outcome is `StillUnknown`.
- Resume sees a persisted `Published` reconciliation outcome: the package is
skipped without another `cargo publish`.
- Resume sees a persisted `StillUnknown` reconciliation outcome: Shipper stops
for operator action instead of retrying.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P3] StillUnknown acceptance example omits the halt-for-operator-action consequence

The Acceptance Examples section states that StillUnknown results when registry evidence paths are unavailable or inconclusive, but unlike the other examples it does not state the consequence: that Shipper must stop before blind retry and require operator action (which Behavior Contract step 7 explicitly requires). The other two outcome examples describe consequences (Published → skip upload; NotPublished → retry-eligible), but StillUnknown only describes the trigger condition. An implementer relying solely on the acceptance examples would not know that StillUnknown is a terminal state requiring manual intervention.

@EffortlessSteven EffortlessSteven merged commit babb917 into main May 13, 2026
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant