feat: content-hash invalidation of proven (stale detection)#5
Merged
Conversation
Implements the `proven -> inbox` auto-invalidation from arghda-spec.adoc's
open question ("record a content hash so upstream changes can invalidate
proven"). Answers the recurring echo-types pain: "is this proven thing
still valid, or did something underneath it change?"
- `hash` module: dependency-free SHA-256 (FIPS 180-4), pinned against the
NIST vectors (empty / "abc" / "hello world" / multi-block). Kept hermetic
(no sha2 dependency tree) in keeping with the crate's lightweight ethos;
this is change-detection, not a security boundary.
- `proven` module: the `.arghda/hashes.json` manifest (basename -> {sha256,
promoted_at}).
- `Workspace::transition` records a file's hash on entry to `proven` and
drops it on exit; `Workspace::stale_proven` recomputes and flags proven
files whose content changed since promotion (or were never recorded — the
"how did this get into proven/?" case).
- CLI `stale <ws> [--invalidate]`: lists stale proven files; `--invalidate`
moves each back to inbox (proven -> inbox) with an Invalidate event.
Scope: v1 hashes file content only. The spec's "file + transitive imports"
form needs the workspace to track the source tree's include root (the flat
triage layout doesn't carry it) — a documented follow-on.
Verification
- cargo fmt/clippy(-D warnings)/test clean; 35 tests (+4 SHA-256 vectors,
+3 proven lifecycle). `just check` + `just validate-rsr` green.
- End-to-end CLI dogfood: promote records the hash; editing the proven file
is flagged "content changed since promotion"; `stale --invalidate` moves
it back to inbox and logs the Invalidate event.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019GiSiEfgZCte35dyykgBHs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Engine polish (1/4) — content-hash invalidation of
provenImplements the
proven -> inboxauto-invalidation fromarghda-spec.adoc's open question, and answers a recurring echo-types pain: "is this proven thing still valid, or did something underneath it change?"What's added
hashmodule — dependency-free SHA-256 (FIPS 180-4), pinned against the NIST vectors (empty /abc/hello world/ multi-block). Kept hermetic (nosha2dependency tree) in keeping with the crate's lightweight ethos; this is change-detection, not a security boundary.provenmodule — the.arghda/hashes.jsonmanifest (basename -> {sha256, promoted_at}).Workspace::transitionrecords a file's hash on entry toprovenand drops it on exit;Workspace::stale_provenrecomputes and flags proven files whose content changed since promotion (or were never recorded — the "how did this get intoproven/?" case).stale <ws> [--invalidate]— lists stale proven files;--invalidatemoves each back to inbox (proven -> inbox) with anInvalidateevent.Scope
v1 hashes file content only. The spec's "file + transitive imports" form needs the workspace to track the source tree's include root (the flat triage layout doesn't carry it) — a documented follow-on.
Verification (real, not eyeballed)
cargo fmt/clippy -D warnings/testclean; 35 tests (+4 SHA-256 NIST vectors, +3 proven-lifecycle).just check+just validate-rsrgreen.promoterecords the hash; editing the proven file is flagged "content changed since promotion";stale --invalidatemoves it back to inbox and logs theInvalidateevent.Next (engine polish, in order)
config +
unpinned-headline, then the Groove/.well-known/groovemanifest, thenunused-import(needs the externalagda-unused).Draft for review.
🤖 Generated with Claude Code
https://claude.ai/code/session_019GiSiEfgZCte35dyykgBHs
Generated by Claude Code