docs/MANUAL.md at main · chadfowler.com/phoenix

chadfowler.com / phoenix
fork atom
Reference implementation for the Phoenix Architecture. Work in progress. aicoding.leaflet.pub/
ai coding crazy
fork atom
phoenix / docs / MANUAL.md
at main 543 lines 15 kB view raw view rendered
wrap content
Chad Fowler Phoenix VCS v0.1.0 — initial commit 5w ago
030f51e3
  1# Phoenix VCS — Complete Manual
  2
  3**Version 0.1.0 (Alpha)**
  4
  5Phoenix is a regenerative version control system. It compiles intent — expressed as Markdown specs — into a content-addressed graph of requirements, generated code, and provenance. Every transformation is traceable. Changing one spec line invalidates only the dependent subtree, not the entire repository.
  6
  7---
  8
  9## Table of Contents
 10
 111. [Quick Start](#1-quick-start)
 122. [Core Concepts](#2-core-concepts)
 133. [The Five Graphs](#3-the-five-graphs)
 144. [Phase A — Spec Ingestion](#4-phase-a--spec-ingestion)
 155. [Phase B — Canonicalization](#5-phase-b--canonicalization)
 166. [Phase C — Implementation Units](#6-phase-c--implementation-units)
 177. [Phase D — Evidence & Policy](#7-phase-d--evidence--policy)
 188. [Phase E — Shadow Pipeline & Compaction](#8-phase-e--shadow-pipeline--compaction)
 199. [Phase F — Bot Interface](#9-phase-f--bot-interface)
 2010. [API Reference](#10-api-reference)
 2111. [Configuration](#11-configuration)
 2212. [Troubleshooting](#12-troubleshooting)
 23
 24---
 25
 26## 1. Quick Start
 27
 28```bash
 29# Install
 30npm install phoenix-vcs
 31
 32# Run the interactive demo
 33npx tsx demo.ts
 34
 35# Run tests
 36npm test
 37```
 38
 39### Minimal Example
 40
 41```typescript
 42import {
 43  parseSpec, extractCanonicalNodes, planIUs,
 44  generateIU, diffClauses, classifyChanges,
 45} from 'phoenix-vcs';
 46
 47// Parse a spec
 48const clauses = parseSpec(specContent, 'spec/auth.md');
 49
 50// Canonicalize
 51const canonNodes = extractCanonicalNodes(clauses);
 52
 53// Plan Implementation Units
 54const ius = planIUs(canonNodes, clauses);
 55
 56// Generate code
 57const result = generateIU(ius[0]);
 58// result.files → Map<path, content>
 59// result.manifest → IUManifest with content hashes
 60```
 61
 62---
 63
 64## 2. Core Concepts
 65
 66### Content Addressing
 67
 68Every object in Phoenix (clause, canonical node, IU, evidence record) is identified by a SHA-256 hash of its content. If the content changes, the ID changes. If it doesn't, the ID is stable. This gives us:
 69
 70- **Deduplication** — identical content is stored once
 71- **Integrity** — any tampering changes the hash
 72- **Determinism** — same input always produces same output
 73
 74### Selective Invalidation
 75
 76Phoenix's defining capability. When a spec changes, Phoenix traces the impact through:
 77
 78```
 79Spec line → Clause → Canonical Nodes → IUs → Generated Files → Evidence → Dependents
 80```
 81
 82Only the affected subtree is invalidated and regenerated. Everything else stays untouched.
 83
 84### Trust Surface
 85
 86`phoenix status` is the primary UX. If it's trustworthy, Phoenix works. If it's noisy or wrong, the system dies. Every design decision optimizes for status being **explainable, conservative, and correct-enough to rely on.**
 87
 88### Bootstrap States
 89
 90Phoenix tracks system maturity through three states:
 91
 92| State | Meaning | D-Rate Alarms | Severity |
 93|-------|---------|--------------|----------|
 94| `BOOTSTRAP_COLD` | First parse, no canonical graph | Suppressed | N/A |
 95| `BOOTSTRAP_WARMING` | Canonical graph exists, stabilizing | Active | Downgraded |
 96| `STEADY_STATE` | D-rate acceptable, system trusted | Active | Normal |
 97
 98---
 99
100## 3. The Five Graphs
101
102Phoenix maintains five interconnected, content-addressed graphs:
103
104### 3.1 Spec Graph
105
106Clauses extracted from Markdown spec documents. Each clause is a heading + body section.
107
108```
109clause_id → { source_doc_id, source_line_range, raw_text, normalized_text,
110              section_path, clause_semhash, context_semhash_cold }
111```
112
113### 3.2 Canonical Graph
114
115Structured requirements extracted from clauses: Requirements, Constraints, Invariants, Definitions.
116
117```
118canon_id → { type, statement, source_clause_ids, linked_canon_ids, tags }
119```
120
121### 3.3 Implementation Graph
122
123Implementation Units — stable compilation boundaries mapping requirements to generated code.
124
125```
126iu_id → { kind, name, risk_tier, contract, source_canon_ids, dependencies,
127           boundary_policy, evidence_policy, output_files }
128```
129
130### 3.4 Evidence Graph
131
132Proof that generated code meets its risk-tier requirements: test results, analysis reports, human signoffs.
133
134```
135evidence_id → { kind, status, iu_id, canon_ids, artifact_hash, message }
136```
137
138### 3.5 Provenance Graph
139
140All transformation edges connecting the above. Every extraction, generation, and validation produces a provenance edge that records what was done, when, by what tool, with what input.
141
142---
143
144## 4. Phase A — Spec Ingestion
145
146### Clause Extraction
147
148Phoenix splits Markdown documents on heading boundaries. Each heading + its body = one clause.
149
150```typescript
151import { parseSpec } from 'phoenix-vcs';
152
153const clauses = parseSpec(markdownContent, 'spec/auth.md');
154// Returns: Clause[]
155```
156
157**Section paths** track heading hierarchy: `["Authentication Service", "API Endpoints", "POST /auth/login"]`
158
159**Pre-heading content** is captured as a `(preamble)` clause.
160
161### Normalization
162
163Before hashing, text is normalized to eliminate formatting noise:
164
165- Heading markers (`##`) removed
166- Bold/italic/code markers removed
167- Lowercased
168- Whitespace collapsed
169- **List items sorted alphabetically** — reordering bullets doesn't change the hash
170- Code blocks replaced with `(code block)` placeholder
171
172### Semantic Hashing
173
174Two hashes per clause:
175
176| Hash | Formula | Purpose |
177|------|---------|---------|
178| `clause_semhash` | `SHA-256(normalized_text)` | Pure content identity |
179| `context_semhash_cold` | `SHA-256(text + section_path + neighbor_hashes)` | Structural awareness |
180
181### Diffing
182
183```typescript
184import { diffClauses } from 'phoenix-vcs';
185
186const diffs = diffClauses(oldClauses, newClauses);
187// Each diff: { diff_type: UNCHANGED|MODIFIED|ADDED|REMOVED|MOVED, ... }
188```
189
190### Persistence
191
192```typescript
193import { SpecStore } from 'phoenix-vcs';
194
195const store = new SpecStore('.phoenix');
196const result = store.ingestDocument('spec/auth.md', projectRoot);
197const clauses = store.getClauses('spec/auth.md');
198```
199
200---
201
202## 5. Phase B — Canonicalization
203
204### Canonical Node Extraction
205
206Phoenix scans each clause for semantic patterns:
207
208| Pattern | Type |
209|---------|------|
210| "must", "shall", "required" | REQUIREMENT |
211| "must not", "forbidden", "limited to" | CONSTRAINT |
212| "always", "never" | INVARIANT |
213| ": ", "is defined as" | DEFINITION |
214
215Heading context also applies: lines under "## Security Constraints" are classified as constraints.
216
217```typescript
218import { extractCanonicalNodes } from 'phoenix-vcs';
219
220const canonNodes = extractCanonicalNodes(clauses);
221```
222
223### Term-Based Linking
224
225Nodes sharing ≥2 significant terms are automatically linked, forming a requirements graph.
226
227### Warm Context Hashing
228
229After canonicalization, `context_semhash_warm` incorporates canonical graph context:
230
231```typescript
232import { computeWarmHashes } from 'phoenix-vcs';
233
234const warmHashes = computeWarmHashes(clauses, canonNodes);
235// Map<clause_id, warm_hash>
236```
237
238### A/B/C/D Change Classification
239
240Every clause diff is classified using multiple signals:
241
242| Class | Meaning | Signals |
243|-------|---------|---------|
244| **A** | Trivial | No semhash change, formatting only |
245| **B** | Local Semantic | Content changed, limited blast radius |
246| **C** | Contextual Shift | Canonical graph affected, structural context shifted |
247| **D** | Uncertain | Classifier can't decide — needs human review |
248
249```typescript
250import { classifyChanges } from 'phoenix-vcs';
251
252const classifications = classifyChanges(diffs, canonBefore, canonAfter, warmBefore, warmAfter);
253```
254
255### D-Rate Tracking
256
257The rate of D-class (uncertain) classifications is tracked over a rolling window:
258
259| Level | Rate | Action |
260|-------|------|--------|
261| TARGET | ≤5% | Normal operation |
262| ACCEPTABLE | ≤10% | Monitor |
263| WARNING | ≤15% | Tune classifier |
264| ALARM | >15% | Override friction increases |
265
266---
267
268## 6. Phase C — Implementation Units
269
270### IU Planning
271
272```typescript
273import { planIUs } from 'phoenix-vcs';
274
275const ius = planIUs(canonNodes, clauses);
276```
277
278Groups canonical nodes into module-level IUs by:
279- Shared source clauses
280- Term-based linking
281- Transitive graph connectivity
282
283Each IU gets a risk tier, contract, boundary policy, and evidence policy.
284
285### Code Generation
286
287```typescript
288import { generateIU } from 'phoenix-vcs';
289
290const result = generateIU(iu);
291// result.files: Map<path, content>
292// result.manifest: IUManifest
293```
294
295### Drift Detection
296
297```typescript
298import { detectDrift } from 'phoenix-vcs';
299
300const report = detectDrift(manifest, projectRoot, waivers);
301// report.entries: DriftEntry[] with CLEAN|DRIFTED|WAIVED|MISSING status
302```
303
304Manual edits must be labeled:
305- `promote_to_requirement` — edit becomes a new spec clause
306- `waiver` — signed exception
307- `temporary_patch` — expires on a date
308
309### Boundary Validation
310
311Each IU declares what it's allowed to touch:
312
313```yaml
314boundary_policy:
315  code:
316    allowed_packages: [express, bcrypt]
317    forbidden_packages: [axios]
318    forbidden_paths: [./internal/**]
319  side_channels:
320    config: [DATABASE_URL]
321    databases: []
322    external_apis: []
323```
324
325```typescript
326import { extractDependencies, validateBoundary } from 'phoenix-vcs';
327
328const depGraph = extractDependencies(sourceCode, filePath);
329const diagnostics = validateBoundary(depGraph, iu);
330```
331
332---
333
334## 7. Phase D — Evidence & Policy
335
336### Policy Evaluation
337
338```typescript
339import { evaluatePolicy } from 'phoenix-vcs';
340
341const evaluation = evaluatePolicy(iu, evidenceRecords);
342// evaluation.verdict: 'PASS' | 'FAIL' | 'INCOMPLETE'
343```
344
345### Evidence Kinds
346
347| Kind | Risk Tiers |
348|------|-----------|
349| typecheck | All |
350| lint | All |
351| boundary_validation | All |
352| unit_tests | Medium+ |
353| property_tests | High+ |
354| static_analysis | High+ |
355| threat_note | High+ |
356| human_signoff | Critical |
357
358### Cascading Failures
359
360```typescript
361import { computeCascade } from 'phoenix-vcs';
362
363const events = computeCascade(evaluations, ius);
364// Produces BLOCK actions on failed IUs
365// Produces RE_VALIDATE actions on dependents
366```
367
368---
369
370## 8. Phase E — Shadow Pipeline & Compaction
371
372### Shadow Pipeline
373
374Safe canonicalization upgrades by running old and new pipelines in parallel:
375
376```typescript
377import { runShadowPipeline } from 'phoenix-vcs';
378
379const result = runShadowPipeline(oldConfig, newConfig, oldNodes, newNodes);
380// result.classification: SAFE | COMPACTION_EVENT | REJECT
381// result.metrics: { node_change_pct, orphan_nodes, risk_escalations, ... }
382```
383
384### Compaction
385
386```typescript
387import { runCompaction, shouldTriggerCompaction } from 'phoenix-vcs';
388
389const { trigger, reason } = shouldTriggerCompaction(storageStats);
390if (trigger) {
391  const event = runCompaction(objects, reason);
392  // event.preserved: { node_headers, provenance_edges, approvals, signatures }
393}
394```
395
396**Never deleted:** node headers, provenance edges, approvals, signatures.
397
398---
399
400## 9. Phase F — Bot Interface
401
402### Command Grammar
403
404```
405BotName: action [key=value ...]
406```
407
408### Available Commands
409
410| Bot | Command | Mutating | Description |
411|-----|---------|----------|-------------|
412| SpecBot | ingest | ✓ | Ingest a spec document |
413| SpecBot | diff | | Show clause diff |
414| SpecBot | clauses | | List clauses |
415| ImplBot | plan | ✓ | Plan IUs from canonical graph |
416| ImplBot | regen | ✓ | Regenerate code for an IU |
417| ImplBot | drift | | Check drift status |
418| PolicyBot | status | | Show trust dashboard |
419| PolicyBot | evidence | | Show evidence for an IU |
420| PolicyBot | cascade | | Show cascade effects |
421| PolicyBot | evaluate | | Evaluate policy for an IU |
422
423### Confirmation Model
424
425Mutating commands require confirmation:
426
427```
428> SpecBot: ingest spec/auth.md
429
430SpecBot wants to: Ingest spec document: spec/auth.md
431Reply 'ok' or 'phx confirm a1b2c3d4e5f6' to proceed.
432
433> ok
434```
435
436Read-only commands execute immediately.
437
438```typescript
439import { parseCommand, routeCommand } from 'phoenix-vcs';
440
441const cmd = parseCommand('PolicyBot: status');
442const response = routeCommand(cmd);
443```
444
445---
446
447## 10. API Reference
448
449### Core Functions
450
451| Function | Input | Output |
452|----------|-------|--------|
453| `parseSpec(content, docId)` | Markdown string | `Clause[]` |
454| `normalizeText(raw)` | Raw text | Normalized string |
455| `diffClauses(before, after)` | Two clause arrays | `ClauseDiff[]` |
456| `extractCanonicalNodes(clauses)` | Clause array | `CanonicalNode[]` |
457| `computeWarmHashes(clauses, nodes)` | Clauses + canon | `Map<string, string>` |
458| `classifyChanges(diffs, ...)` | Diffs + context | `ChangeClassification[]` |
459| `planIUs(nodes, clauses)` | Canon + clauses | `ImplementationUnit[]` |
460| `generateIU(iu)` | Single IU | `RegenResult` |
461| `detectDrift(manifest, root)` | Manifest + path | `DriftReport` |
462| `extractDependencies(source, path)` | Source code | `DependencyGraph` |
463| `validateBoundary(graph, iu)` | Deps + IU | `Diagnostic[]` |
464| `evaluatePolicy(iu, evidence)` | IU + records | `PolicyEvaluation` |
465| `computeCascade(evals, ius)` | Evals + IUs | `CascadeEvent[]` |
466| `runShadowPipeline(old, new, ...)` | Configs + nodes | `ShadowResult` |
467| `runCompaction(objects, trigger)` | Objects + trigger | `CompactionEvent` |
468| `parseCommand(raw)` | String | `BotCommand` |
469| `routeCommand(cmd)` | BotCommand | `BotResponse` |
470
471### Stores
472
473| Store | Purpose |
474|-------|---------|
475| `ContentStore` | Content-addressed object storage |
476| `SpecStore` | Spec graph persistence |
477| `CanonicalStore` | Canonical graph persistence |
478| `EvidenceStore` | Evidence record persistence |
479| `ManifestManager` | Generated file manifest |
480
481---
482
483## 11. Configuration
484
485### `.phoenix/` Directory Structure
486
487```
488.phoenix/
489  store/objects/          # Content-addressed objects
490  graphs/
491    spec.json             # Spec graph index
492    canonical.json        # Canonical graph index
493    evidence.json         # Evidence records
494  manifests/
495    generated_manifest.json
496  state.json              # Bootstrap state
497```
498
499### Risk Tier Evidence Requirements
500
501| Tier | Required Evidence |
502|------|------------------|
503| Low | typecheck, lint, boundary_validation |
504| Medium | + unit_tests |
505| High | + property_tests, static_analysis, threat_note |
506| Critical | + human_signoff |
507
508---
509
510## 12. Troubleshooting
511
512### "DRIFT DETECTED" on phoenix status
513
514A generated file was modified directly. Options:
5151. **Revert** the manual edit and let Phoenix regenerate
5162. **Promote** the edit to a requirement: `promote_to_requirement`
5173. **Waive** with justification: `waiver` (requires signing)
5184. **Patch** temporarily: `temporary_patch` (set expiry date)
519
520### High D-Rate (>15%)
521
522The classifier is uncertain about too many changes. Options:
5231. Write more specific spec language (avoid ambiguity)
5242. Review D-class changes and provide feedback
5253. Check if a canonicalization pipeline upgrade is needed
526
527### Boundary Violation Errors
528
529An IU's code imports something not allowed by its boundary policy. Options:
5301. Remove the import
5312. Update the boundary policy to allow it (and document why)
5323. Move the functionality to an IU that's allowed to use that dependency
533
534### Cascade BLOCK
535
536An upstream IU failed evidence. Options:
5371. Fix the failing evidence (e.g., fix the type error)
5382. Check if the evidence is stale and re-run
5393. All downstream IUs are blocked until the upstream is fixed
540
541---
542
543*Phoenix VCS — Trust > Cleverness*