79 lines
3.0 KiB
Markdown
79 lines
3.0 KiB
Markdown
|
# Execution Credibility Gate Review
|
||
|
|
|
||
|
|
## Gate
|
||
|
|
|
||
|
|
- `Smart Clean Execution Credibility`
|
||
|
|
|
||
|
|
## Review Date
|
||
|
|
|
||
|
|
- `2026-03-12`
|
||
|
|
|
||
|
|
## Scope Reviewed
|
||
|
|
|
||
|
|
- `ATL-211` additional safe-target execution coverage
|
||
|
|
- `ATL-212` structured executable targets through the worker path
|
||
|
|
- `ATL-215` execution credibility gate review
|
||
|
|
|
||
|
|
## Readiness Checklist
|
||
|
|
|
||
|
|
- [x] Required P0 tasks complete
|
||
|
|
- [x] Docs updated
|
||
|
|
- [x] Risks reviewed
|
||
|
|
- [x] Open questions below threshold
|
||
|
|
- [x] Next-stage inputs available
|
||
|
|
|
||
|
|
## Evidence Reviewed
|
||
|
|
|
||
|
|
- `Docs/Execution/Execution-Chain-Audit-2026-03-09.md`
|
||
|
|
- `Docs/Execution/Smart-Clean-Execution-Coverage-2026-03-09.md`
|
||
|
|
- `Packages/AtlasInfrastructure/Tests/AtlasInfrastructureTests/AtlasInfrastructureTests.swift`
|
||
|
|
- `Packages/AtlasProtocol/Tests/AtlasProtocolTests/AtlasProtocolTests.swift`
|
||
|
|
- `Packages/AtlasApplication/Tests/AtlasApplicationTests/AtlasApplicationTests.swift`
|
||
|
|
|
||
|
|
## Automated Validation Summary
|
||
|
|
|
||
|
|
- `swift test --package-path Packages` — pass
|
||
|
|
- `swift test --package-path Apps` — pass
|
||
|
|
|
||
|
|
## Gate Assessment
|
||
|
|
|
||
|
|
### ATL-212 Structured Target Contract
|
||
|
|
|
||
|
|
- Smart Clean `ActionItem` payloads now carry structured `targetPaths`.
|
||
|
|
- `plan.execute` now prefers plan-carried targets instead of reconstructing destructive intent from the snapshot alone.
|
||
|
|
- Recovery items can now use restore mappings to preserve the real original path even when execution was driven by plan-carried targets.
|
||
|
|
|
||
|
|
### ATL-211 Coverage Increment
|
||
|
|
|
||
|
|
- This slice keeps the previously shipped safe direct-trash subset and does not expand execution into `Library/Containers`.
|
||
|
|
- File-backed contract tests prove `scan -> execute -> rescan` improvement for:
|
||
|
|
- `~/Library/Caches/*`
|
||
|
|
- `~/Library/pnpm/store/*`
|
||
|
|
|
||
|
|
### Truthfulness Check
|
||
|
|
|
||
|
|
- History summaries still derive from the actual worker task result.
|
||
|
|
- Smart Clean only records recovery entries when a real Trash move happened or a restore mapping exists.
|
||
|
|
- Unsupported or review-only targets remain fail-closed or skipped as review-only instead of being claimed as cleaned.
|
||
|
|
|
||
|
|
## Remaining Limits
|
||
|
|
|
||
|
|
- `Library/Containers` cleanup is still unsupported in the direct-trash path because the worker does not yet mirror the upstream protected-container filters.
|
||
|
|
- `Group Containers` cleanup is still unsupported in the direct-trash path.
|
||
|
|
- Broader `System` cleanup and aggregated dry-run-only findings still fail closed unless they resolve to the supported structured targets.
|
||
|
|
- This change did not add a new packaged-app manual verification pass; the evidence here is test-backed.
|
||
|
|
|
||
|
|
## Decision
|
||
|
|
|
||
|
|
- `Pass with Conditions`
|
||
|
|
|
||
|
|
## Conditions
|
||
|
|
|
||
|
|
- Release-facing copy must continue to distinguish supported vs unsupported Smart Clean paths.
|
||
|
|
- External release validation should still rerun manual packaged `scan -> execute -> rescan` flows for the supported target classes.
|
||
|
|
|
||
|
|
## Follow-up Actions
|
||
|
|
|
||
|
|
- Only add container cleanup support after the worker can enforce the same protected-container rules as the upstream cleanup runtime.
|
||
|
|
- Evaluate the next safe Smart Clean increment only if it preserves explicit restore semantics and fail-closed behavior.
|