save checkpoint
This commit is contained in:
master
39
docs/features/checked/policy/prohibitedpatternanalyzer.md
Normal file
39
docs/features/checked/policy/prohibitedpatternanalyzer.md
Normal file
@@ -0,0 +1,39 @@
|
||||
# ProhibitedPatternAnalyzer (Static Purity Analysis)
|
||||
|
||||
## Module
|
||||
Policy
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Static purity analysis detecting prohibited patterns (ambient IO, clock access, etc.) in evaluation code.
|
||||
|
||||
## Implementation Details
|
||||
- **ProhibitedPatternAnalyzer**: `src/Policy/StellaOps.Policy.Engine/DeterminismGuard/ProhibitedPatternAnalyzer.cs`
|
||||
- Regex-based detection of non-deterministic patterns in source code
|
||||
- Prohibited pattern categories:
|
||||
- Wall-clock access: `DateTime.Now`, `DateTime.UtcNow`, `DateTimeOffset.Now`, `DateTimeOffset.UtcNow`
|
||||
- Random number generation: `Random`, `RandomNumberGenerator`
|
||||
- Network access: `HttpClient`, `WebRequest`, `TcpClient`, `UdpClient`
|
||||
- Filesystem access: `File.`, `Directory.`, `Path.GetTempPath`
|
||||
- Line-by-line scanning with comment line skipping (lines starting with `//` or `///`)
|
||||
- Returns list of `ProhibitedPatternMatch` with line number, pattern name, matched text
|
||||
- **DeterminismGuardService**: `src/Policy/StellaOps.Policy.Engine/DeterminismGuard/DeterminismGuardService.cs`
|
||||
- `AnalyzeSource(sourceCode)` invokes ProhibitedPatternAnalyzer to find violations
|
||||
- `CreateScope()` creates a determinism guard scope for runtime monitoring
|
||||
- `ValidateContext<T>()` validates evaluation context for determinism
|
||||
- Combines ProhibitedPatternAnalyzer (static) and RuntimeDeterminismMonitor (runtime)
|
||||
- **RuntimeDeterminismMonitor**: `src/Policy/StellaOps.Policy.Engine/DeterminismGuard/RuntimeDeterminismMonitor.cs` -- runtime monitoring companion
|
||||
- **GuardedPolicyEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/Determinization/DeterminizationGate.cs` -- gate that uses determinism guards in evaluation pipeline
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Analyze source code containing `DateTime.Now`; verify prohibited pattern detected with correct line number
|
||||
- [ ] Analyze source code containing `new Random()`; verify prohibited pattern detected
|
||||
- [ ] Analyze source code containing `HttpClient`; verify network access pattern detected
|
||||
- [ ] Analyze source code containing `File.ReadAllText`; verify filesystem pattern detected
|
||||
- [ ] Analyze source code with prohibited pattern in a comment line (`// DateTime.Now`); verify NOT detected (comment skipped)
|
||||
- [ ] Analyze clean source code with no prohibited patterns; verify empty results
|
||||
- [ ] Analyze source code with multiple violations on different lines; verify all detected with correct line numbers
|
||||
- [ ] Verify DeterminismGuardService.AnalyzeSource returns results from ProhibitedPatternAnalyzer
|
||||
- [ ] Create determinism guard scope; use TimeProvider instead of DateTime.Now; verify no violations
|
||||
Reference in New Issue
Block a user