fix: address critical safety gaps (SR-17, SR-25, SR-31)

.rivet/agent-context.md

@@ -0,0 +1,196 @@
+# Rivet Agent Context
+
+Auto-generated by `rivet context` — do not edit.
+
+## Project
+
+- **Name:** meld
+- **Version:** 0.2.0
+- **Schemas:** common, stpa, aspice, dev
+- **Sources:** safety/stpa (stpa-yaml), safety/requirements (generic-yaml)
+- **Docs:** docs
+
+## Artifacts
+
+| Type | Count | Example IDs |
+|------|-------|-------------|
+| control-action | 26 | CA-BUILD-1, CA-BUILD-2, CA-BUILD-3 |
+| controlled-process | 5 | PROC-COMPONENT, PROC-DEPGRAPH, PROC-INDEXSPACE |
+| controller | 7 | CTRL-BUILD, CTRL-CLI, CTRL-PARSER |
+| controller-constraint | 45 | CC-P-1, CC-P-2, CC-P-3 |
+| hazard | 10 | H-1, H-2, H-3 |
+| loss | 5 | L-1, L-2, L-3 |
+| loss-scenario | 21 | LS-P-1, LS-P-2, LS-P-3 |
+| requirement | 27 | SR-1, SR-2, SR-3 |
+| sub-hazard | 10 | H-3.1, H-3.2, H-3.3 |
+| system-constraint | 12 | SC-1, SC-2, SC-3 |
+| uca | 45 | UCA-A-1, UCA-A-2, UCA-A-3 |
+| **Total** | **213** | |
+
+## Schema
+
+- **`control-action`** — An action issued by a controller to a controlled process or another controller.
+
+  Required fields: action
+- **`controlled-process`** — A process being controlled — the physical or data transformation acted upon by controllers.
+
+  Required fields: (none)
+- **`controller`** — A system component (human or automated) responsible for issuing control actions.  Each controller has a process model — its internal beliefs about the state of the controlled process.
+
+  Required fields: (none)
+- **`controller-constraint`** — A constraint on a controller's behavior derived by inverting a UCA. Specifies what the controller must or must not do.
+
+  Required fields: constraint
+- **`design-decision`** — An architectural or design decision with rationale
+  Required fields: rationale
+- **`feature`** — A user-visible capability or feature
+  Required fields: (none)
+- **`hazard`** — A system state or set of conditions that, together with worst-case environmental conditions, will lead to a loss.
+
+  Required fields: (none)
+- **`loss`** — An undesired or unplanned event involving something of value to stakeholders.  Losses define what the analysis aims to prevent.
+
+  Required fields: (none)
+- **`loss-scenario`** — A causal pathway describing how a UCA could occur or how the control action could be improperly executed, leading to a hazard.
+
+  Required fields: (none)
+- **`requirement`** — A functional or non-functional requirement
+  Required fields: (none)
+- **`stakeholder-req`** — Stakeholder requirement (SYS.1)
+  Required fields: (none)
+- **`sub-hazard`** — A refinement of a hazard into a more specific unsafe condition.
+
+  Required fields: (none)
+- **`sw-arch-component`** — Software architectural element (SWE.2)
+  Required fields: (none)
+- **`sw-detail-design`** — Software detailed design or unit specification (SWE.3)
+  Required fields: (none)
+- **`sw-integration-verification`** — Software component and integration verification measure (SWE.5 — Software Component Verification and Integration Verification)
+
+  Required fields: (none)
+- **`sw-req`** — Software requirement (SWE.1)
+  Required fields: (none)
+- **`sw-verification`** — Software verification measure against SW requirements (SWE.6 — Software Verification)
+
+  Required fields: (none)
+- **`sys-integration-verification`** — System integration and integration verification measure (SYS.4 — System Integration and Integration Verification)
+
+  Required fields: (none)
+- **`sys-verification`** — System verification measure against system requirements (SYS.5 — System Verification)
+
+  Required fields: (none)
+- **`system-arch-component`** — System architectural element (SYS.3)
+  Required fields: (none)
+- **`system-constraint`** — A condition or behavior that must be satisfied to prevent a hazard. Each constraint is the inversion of a hazard.
+
+  Required fields: (none)
+- **`system-req`** — System requirement derived from stakeholder needs (SYS.2)
+  Required fields: (none)
+- **`uca`** — An Unsafe Control Action — a control action that, in a particular context and worst-case environment, leads to a hazard. Four types (provably complete):
+  1. Not providing the control action leads to a hazard
+  2. Providing the control action leads to a hazard
+  3. Providing too early, too late, or in the wrong order
+  4. Control action stopped too soon or applied too long
+
+  Required fields: uca-type
+- **`unit-verification`** — Unit verification measure (SWE.4 — Software Unit Verification)
+  Required fields: (none)
+- **`verification-execution`** — A verification execution run against a specific version
+  Required fields: version, timestamp
+- **`verification-verdict`** — Pass/fail verdict for a single verification measure in an execution run
+  Required fields: verdict
+
+### Link Types
+
+- `acts-on` (inverse: `acted-on-by`)
+- `allocated-to` (inverse: `allocated-from`)
+- `caused-by-uca` (inverse: `causes-scenario`)
+- `constrained-by` (inverse: `constrains`)
+- `constrains-controller` (inverse: `controller-constrained-by`)
+- `depends-on` (inverse: `depended-on-by`)
+- `derives-from` (inverse: `derived-into`)
+- `implements` (inverse: `implemented-by`)
+- `inverts-uca` (inverse: `inverted-by`)
+- `issued-by` (inverse: `issues`)
+- `leads-to-hazard` (inverse: `hazard-caused-by`)
+- `leads-to-loss` (inverse: `loss-caused-by`)
+- `mitigates` (inverse: `mitigated-by`)
+- `part-of-execution` (inverse: `contains-verdict`)
+- `prevents` (inverse: `prevented-by`)
+- `refines` (inverse: `refined-by`)
+- `result-of` (inverse: `has-result`)
+- `satisfies` (inverse: `satisfied-by`)
+- `traces-to` (inverse: `traced-from`)
+- `verifies` (inverse: `verified-by`)
+
+## Traceability Rules
+
+| Rule | Source Type | Severity | Description |
+|------|------------|----------|-------------|
+| hazard-has-loss | hazard | error | Every hazard must link to at least one loss |
+| constraint-has-hazard | system-constraint | error | Every system constraint must link to at least one hazard |
+| uca-has-hazard | uca | error | Every UCA must link to at least one hazard |
+| uca-has-controller | uca | error | Every UCA must link to a controller |
+| controller-constraint-has-uca | controller-constraint | error | Every controller constraint must link to at least one UCA |
+| hazard-has-constraint | hazard | warning | Every hazard should be addressed by at least one system constraint |
+| uca-has-controller-constraint | uca | warning | Every UCA should be addressed by at least one controller constraint |
+| sys2-derives-from-sys1 | system-req | error | Every system requirement must derive from a stakeholder requirement |
+| swe1-derives-from-sys | sw-req | error | Every SW requirement must derive from a system req or arch component |
+| swe2-allocated-from-swe1 | sw-arch-component | error | Every SW arch component must be allocated from a SW requirement |
+| swe3-refines-swe2 | sw-detail-design | error | Every detailed design must refine an architecture component |
+| swe4-verifies-swe3 | unit-verification | error | Every unit verification measure must verify a detailed design element |
+| swe6-verifies-swe1 | sw-verification | error | Every SW verification measure must verify a SW requirement |
+| sys5-verifies-sys2 | sys-verification | error | Every system verification measure must verify a system requirement |
+| swe1-has-verification | sw-req | warning | Every SW requirement should be verified by at least one verification measure |
+| sys2-has-verification | system-req | warning | Every system requirement should be verified by at least one verification measure |
+| swe3-has-verification | sw-detail-design | warning | Every detailed design element should be verified by at least one unit verification measure |
+| requirement-coverage | requirement | warning | Every requirement should be satisfied by at least one design decision or feature |
+| decision-justification | design-decision | error | Every design decision must link to at least one requirement |
+
+## Coverage
+
+**Overall: 88.7%**
+
+| Rule | Source Type | Covered | Total | % |
+|------|------------|---------|-------|---|
+| hazard-has-loss | hazard | 10 | 10 | 100.0% |
+| constraint-has-hazard | system-constraint | 12 | 12 | 100.0% |
+| uca-has-hazard | uca | 45 | 45 | 100.0% |
+| uca-has-controller | uca | 45 | 45 | 100.0% |
+| controller-constraint-has-uca | controller-constraint | 45 | 45 | 100.0% |
+| hazard-has-constraint | hazard | 10 | 10 | 100.0% |
+| uca-has-controller-constraint | uca | 45 | 45 | 100.0% |
+| sys2-derives-from-sys1 | system-req | 0 | 0 | 100.0% |
+| swe1-derives-from-sys | sw-req | 0 | 0 | 100.0% |
+| swe2-allocated-from-swe1 | sw-arch-component | 0 | 0 | 100.0% |
+| swe3-refines-swe2 | sw-detail-design | 0 | 0 | 100.0% |
+| swe4-verifies-swe3 | unit-verification | 0 | 0 | 100.0% |
+| swe6-verifies-swe1 | sw-verification | 0 | 0 | 100.0% |
+| sys5-verifies-sys2 | sys-verification | 0 | 0 | 100.0% |
+| swe1-has-verification | sw-req | 0 | 0 | 100.0% |
+| sys2-has-verification | system-req | 0 | 0 | 100.0% |
+| swe3-has-verification | sw-detail-design | 0 | 0 | 100.0% |
+| requirement-coverage | requirement | 0 | 27 | 0.0% |
+| decision-justification | design-decision | 0 | 0 | 100.0% |
+
+## Validation
+
+0 errors, 27 warnings
+
+## Commands
+
+```bash
+rivet validate              # validate all artifacts
+rivet list                  # list all artifacts
+rivet list -t <type>        # filter by type
+rivet stats                 # artifact counts + orphans
+rivet coverage              # traceability coverage report
+rivet matrix --from X --to Y  # traceability matrix
+rivet diff --base A --head B  # compare artifact sets
+rivet schema list           # list schema types
+rivet schema show <type>    # show type details
+rivet schema rules          # list traceability rules
+rivet export -f generic-yaml  # export as YAML
+rivet serve                 # start dashboard on :3000
+rivet context               # regenerate this file
+```

Cargo.toml

@@ -18,9 +18,9 @@ rust-version = "1.85"
 
 [workspace.dependencies]
 # WebAssembly parsing and encoding
-wasmparser = { version = "0.219", features = ["component-model"] }
-wasm-encoder = { version = "0.219", features = ["component-model"] }
-wasmprinter = "0.219"
+wasmparser = { version = "0.230", features = ["component-model"] }
+wasm-encoder = { version = "0.230", features = ["component-model"] }
+wasmprinter = "0.230"
 
 # CLI
 clap = { version = "4.5", features = ["derive", "cargo"] }