chadfowler.com / phoenix
Reference implementation for the Phoenix Architecture. Work in progress. aicoding.leaflet.pub/
ai coding crazy
fork atom
phoenix / PRD.md
at main 473 lines 8.9 kB view raw view rendered
Chad Fowler Phoenix VCS v0.1.0 — initial commit
030f51e3
1# Phoenix VCS — Product Requirements Document (v1.0) 2 3Status: Build-Ready Specification 4Core Thesis: Version control should operate on **intent and causality**, not file diffs. 5Primary Trust Surface: `phoenix status` must always be explainable, conservative, and correct-enough to rely on. 6 7--- 8 9# 0. Executive Summary 10 11Phoenix is a regenerative version control system. 12 13It compiles: 14 15Spec Line 16→ Clause 17→ Canonical Requirement Graph 18→ Implementation Units 19→ Generated Code 20→ Evidence 21→ Policy Decision 22 23Every transformation emits provenance edges. 24 25Selective invalidation is the defining capability: 26 27> Changing one spec line invalidates only the dependent subtree — not the entire repository. 28 29Phoenix is not “AI that writes code.” 30 31Phoenix is a **causal compiler for intent.** 32 33--- 34 35# 1. Adoption Scope 36 37## v1 Scope (Build Target) 38- Greenfield-first (new services or modules) 39- Progressive wrapping for brownfield systems 40- Module-level Implementation Units (function-level optional later) 41- TypeScript-first reference implementation 42 43## Explicit Non-Goals (v1) 44- Automatic reverse engineering of arbitrary legacy code 45- Perfect semantic determinism 46- Fully decentralized CRDT replication 47- Multi-language parity beyond reference language 48 49--- 50 51# 2. Core System Model 52 53Phoenix maintains five interconnected graphs: 54 551. Spec Graph (Clauses) 562. Canonical Graph (Requirements, Constraints, Invariants, Definitions) 573. Implementation Graph (Implementation Units) 584. Evidence Graph (Tests, Analysis, Reviews) 595. Provenance Graph (All transformation edges + meta-events) 60 61Everything is content-addressed and versioned. 62 63--- 64 65# 3. Spec Ingestion & Semantic Hashing 66 67## 3.1 Clause Extraction 68 69Each spec document is parsed into: 70 71```yaml 72clause_id: 73source_doc_id: 74source_line_range: 75raw_text: 76normalized_text: 77section_path: 78 793.2 Two-Pass Semantic Hashing (Bootstrapped) 80 81Cold start exists. It is explicit. 82 83Pass 1 — Cold 84 • Compute clause_semhash 85 • Compute context_semhash_cold using local context only 86 • Classifier operates conservatively 87 • System marked BOOTSTRAP_COLD 88 89Canonicalization runs 90 91Pass 2 — Warm 92 • Compute context_semhash_warm including extracted canonical graph context 93 • Re-run classifier 94 • System transitions to BOOTSTRAP_WARMING 95 96After stabilization: 97 • System transitions to STEADY_STATE 98 99Bootstrap state controls: 100 • D-rate alarms suppressed during cold 101 • Severity downgraded during warming 102 103104 1054. Change Classification (A/B/C/D) 106 107Phoenix does not use a single embedding threshold. 108 109Every change is classified: 110 111Class Meaning 112A Trivial (formatting) 113B Local semantic change 114C Contextual semantic shift 115D Uncertain 116 117Signals used: 118 • normalized diff heuristics 119 • clause_semhash distance 120 • context_semhash distance 121 • term-reference deltas 122 • section structure deltas 123 1244.1 D-Rate Trust Loop 125 126Target: ≤5% 127Acceptable: ≤10% 128Alarm: >15% (rolling window) 129 130If alarm: 131 • classifier tuning required 132 • override friction increases 133 • PolicyBot surfaces trust degradation warning 134 135Metric: D-rate is first-class. 136 137138 1395. Canonicalization Pipelines 140 141Canonicalization is versioned and explicit. 142 143canon_pipeline_id: 144model_id: 145promptpack_version: 146extraction_rules_version: 147diff_policy_version: 148 1495.1 Shadow Canonicalization (Upgrade Mode) 150 151Upgrade runs old and new pipelines in parallel. 152 153Diff metrics: 154 • node_change_pct 155 • edge_change_pct 156 • risk_escalations 157 • orphan_nodes 158 • out_of_scope_growth 159 • semantic_stmt_drift 160 161Classification: 162 163SAFE: 164 • node_change_pct ≤3% 165 • no orphan nodes 166 • no risk escalations 167 168COMPACTION EVENT: 169 • node_change_pct ≤25% 170 • no orphan nodes 171 • limited risk escalations 172 173REJECT: 174 • orphan nodes exist 175 • excessive churn 176 • semantic drift large 177 178Upgrade produces meta-node: 179 180type: PipelineUpgrade 181 182 183184 1856. Implementation Units (IUs) 186 187Implementation Units are stable compilation boundaries. 188 189iu_id: 190kind: module | function 191risk_tier: 192contract: 193dependencies: 194boundary_policy: 195impact: 196evidence_policy: 197 198Bots propose. 199Humans or policy accept. 200 201202 2037. Boundary Policy Schema (Enforced) 204 205Each IU declares: 206 207dependencies: 208 code: 209 allowed_ius: 210 allowed_packages: 211 forbidden_ius: 212 forbidden_packages: 213 forbidden_paths: 214 side_channels: 215 databases: 216 queues: 217 caches: 218 config: 219 external_apis: 220 files: 221 2227.1 Architectural Linter (Required) 223 224Post-generation: 225 • Extract dependency graph 226 • Validate against boundary policy 227 • Emit diagnostics 228 229Violation severity controlled by: 230 231enforcement: 232 dependency_violation: 233 severity: error|warning 234 side_channel_violation: 235 severity: warning|error 236 237Side-channel dependencies create graph edges for invalidation. 238 239240 2418. Regeneration Engine 242 243Regeneration operates at IU granularity. 244 245Records: 246 • model_id 247 • promptpack hash 248 • toolchain version 249 • normalization steps 250 251Generated artifacts produce: 252 253.phoenix/generated_manifest 254 255Per-file and per-IU hashes. 256 257258 2599. Drift Detection 260 261On status: 262 • Compare working tree vs generated_manifest 263 • If mismatch and no waiver: 264 • Emit ERROR 265 • Block acceptance 266 267Manual edits must be labeled: 268 • promote_to_requirement 269 • waiver (signed) 270 • temporary_patch (expires) 271 272273 27410. Evidence & Policy Engine 275 276Risk-tiered enforcement. 277 278Low tier: 279 • typecheck 280 • lint 281 • boundary validation 282 283Medium: 284 • unit tests required 285 286High: 287 • unit + property tests 288 • threat note 289 • static analysis 290 291Critical: 292 • human signoff or formal/simulation evidence 293 294Evidence binds to: 295 • canonical nodes 296 • IU IDs 297 • generated artifact hashes 298 299300 30111. Cascading Failure Semantics 302 303If IU-X evidence fails: 304 • IU-X blocked 305 • Dependent IU-Y: 306 • re-run typecheck 307 • re-run boundary checks 308 • re-run relevant tests (tagged) 309 310Failure propagation is explicit and graph-based. 311 312313 31412. Compaction 315 31612.1 Storage Tiers 317 318Hot Graph (last 30 days default) 319Ancestry Index (forever metadata) 320Cold Packs (heavy blobs) 321 322Compaction never deletes: 323 • node headers 324 • provenance edges 325 • approvals 326 • signatures 327 32812.2 Triggers 329 • Size threshold exceeded 330 • Pipeline upgrade accepted 331 • Time-based fallback 332 333Compaction produces: 334 335type: CompactionEvent 336 337PolicyBot announces compaction. 338 339340 34113. Diagnostics & Severity Model 342 343Every status item is: 344 345severity: error|warning|info 346category: 347subject: 348message: 349recommended_actions: 350 351Grouped by severity. 352 353This is Phoenix’s primary UX. 354 355356 35714. Freeq Bot Integration 358 359Bots behave as normal users. 360 361Command style: 362 363SpecBot: ingest spec/auth.md 364ImplBot: regen iu=AuthIU 365PolicyBot: status 366 36714.1 Confirmation Model 368 369Mutating commands: 370 • Bot echoes parsed intent 371 • User replies ok or phx confirm <id> 372 373Read-only commands: 374 • execute immediately 375 37614.2 Command Grammar 377 378Each bot exposes: 379 380BotName: help 381BotName: commands 382BotName: version 383 384No fuzzy NLU in v1. 385 386387 38815. Bootstrap Flow 389 390phoenix bootstrap 391 • Runs cold pass 392 • Runs canonicalization 393 • Runs warm pass 394 • Generates first Trust Dashboard 395 • Sets system state to WARMING 396 397D-rate alarms disabled until STEADY_STATE. 398 399400 40116. Trust Dashboard (Status Example) 402 403Severity Category Subject Why Action 404ERROR boundary AuthIU Imports InternalAdminIU (forbidden) Refactor or update policy 405WARN d-rate Global D-rate 12% (>10%) Tune classifier 406WARN drift AuthIU Working tree differs from manifest Label or reconcile 407INFO canon spec/auth.md:L42 Warm context hash applied None 408 409 410411 41217. Brownfield Progressive Wrapping 413 414Step 1: Wrap Module 415 • Define IU boundary around existing module 416 • Write minimal spec 417 • Enforce boundary + evidence without full regeneration 418 419Step 2: Annotate Provenance 420 • Map functions to requirement IDs manually 421 • Gradually increase regen surface 422 423424 42518. Build Phases 426 427Phase A: Clause extraction + clause_semhash 428Phase B: Canonicalization + warm context hashing + classifier 429Phase C1: IU module-level + regen + manifest 430Phase C2: Boundary validator + UnitBoundaryChange 431Phase D: Evidence + policy + cascade 432Phase E: Shadow pipeline + compaction 433Phase F: Freeq bots 434 435Parallel where feasible. 436 437438 43919. Success Criteria (Alpha) 440 • Delete generated code → full regen succeeds 441 • Clause change invalidates only dependent IU subtree 442 • Boundary linter catches undeclared coupling 443 • Drift detection blocks unlabeled edits 444 • D-rate within acceptable bounds 445 • Shadow pipeline upgrade produces classified diff 446 • Compaction preserves ancestry 447 • Freeq bots perform ingest/canon/plan/regen/status safely 448 449450 45120. Metrics 452 • D-rate 453 • Override rate 454 • Canonical stability rate 455 • Upgrade-induced churn 456 • Boundary violation rate 457 • Drift incidents 458 • Status resolution time 459 460461 46221. The Bet 463 464If phoenix status is trusted, Phoenix becomes the coordination substrate. 465 466If status is noisy or wrong, the system dies. 467 468Trust > cleverness. 469 470471 472End of PRD v1.0 473