stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/policy/prohibitedpatternanalyzer.md

2.6 KiB
Raw Blame History

ProhibitedPatternAnalyzer (Static Purity Analysis)

Module

Policy

Status

IMPLEMENTED

Description

Static purity analysis detecting prohibited patterns (ambient IO, clock access, etc.) in evaluation code.

Implementation Details

  • ProhibitedPatternAnalyzer: src/Policy/StellaOps.Policy.Engine/DeterminismGuard/ProhibitedPatternAnalyzer.cs
    • Regex-based detection of non-deterministic patterns in source code
    • Prohibited pattern categories:
      • Wall-clock access: DateTime.Now, DateTime.UtcNow, DateTimeOffset.Now, DateTimeOffset.UtcNow
      • Random number generation: Random, RandomNumberGenerator
      • Network access: HttpClient, WebRequest, TcpClient, UdpClient
      • Filesystem access: File., Directory., Path.GetTempPath
    • Line-by-line scanning with comment line skipping (lines starting with // or ///)
    • Returns list of ProhibitedPatternMatch with line number, pattern name, matched text
  • DeterminismGuardService: src/Policy/StellaOps.Policy.Engine/DeterminismGuard/DeterminismGuardService.cs
    • AnalyzeSource(sourceCode) invokes ProhibitedPatternAnalyzer to find violations
    • CreateScope() creates a determinism guard scope for runtime monitoring
    • ValidateContext<T>() validates evaluation context for determinism
    • Combines ProhibitedPatternAnalyzer (static) and RuntimeDeterminismMonitor (runtime)
  • RuntimeDeterminismMonitor: src/Policy/StellaOps.Policy.Engine/DeterminismGuard/RuntimeDeterminismMonitor.cs -- runtime monitoring companion
  • GuardedPolicyEvaluator: src/Policy/StellaOps.Policy.Engine/Gates/Determinization/DeterminizationGate.cs -- gate that uses determinism guards in evaluation pipeline

E2E Test Plan

  • Analyze source code containing DateTime.Now; verify prohibited pattern detected with correct line number
  • Analyze source code containing new Random(); verify prohibited pattern detected
  • Analyze source code containing HttpClient; verify network access pattern detected
  • Analyze source code containing File.ReadAllText; verify filesystem pattern detected
  • Analyze source code with prohibited pattern in a comment line (// DateTime.Now); verify NOT detected (comment skipped)
  • Analyze clean source code with no prohibited patterns; verify empty results
  • Analyze source code with multiple violations on different lines; verify all detected with correct line numbers
  • Verify DeterminismGuardService.AnalyzeSource returns results from ProhibitedPatternAnalyzer
  • Create determinism guard scope; use TimeProvider instead of DateTime.Now; verify no violations