Skip to content

v1.6.0: self-correcting design, OSCAL compliance, credible cost, exporter hardening#68

Merged
xmpuspus merged 1 commit into
mainfrom
feat/v160-defensibility-relevance
Jun 16, 2026
Merged

v1.6.0: self-correcting design, OSCAL compliance, credible cost, exporter hardening#68
xmpuspus merged 1 commit into
mainfrom
feat/v160-defensibility-relevance

Conversation

@xmpuspus

Copy link
Copy Markdown
Owner

Closes the defensibility + relevance gaps from the June 2026 product audit (8-dimension audit + competitive research). The recurring theme: the defensible engine work was already in the tree but not wired together, not exposed, and undercut by credibility holes. This release fixes that.

Moat (compliance-at-design-time + a self-correcting architect)

  • generate -> critique -> repair loop. Architect.design() runs the deterministic critics that already existed (scorer, linter, validator) against every spec and, on blocking findings, repairs once before returning — bounded, fails safe, records a critique block in spec.metadata. Exposed offline as cloudwright review <spec> (no API key).
  • OSCAL 1.1.2 export (compliance --oscal) and control traceability (--traceability): design intent -> component -> Terraform resource -> control ID -> status.
  • Compliance-gated component patterns (suggest_compliant_patterns).

Relevance (move upstream)

  • Agentic drift -> remediation (drift --remediate): drift -> cost delta -> quality delta -> plan preview, read-only.
  • Credible cost: region-aware pricing (was always us-east-1), egress, carbon (cost --carbon), FOCUS CSV (--focus), per-line pricing confidence.
  • OpenTofu: export --format opentofu + tofu-aware plan.

Credibility fixes (verified against source)

  • Terraform exporter injection hardening: 13 numeric fields coerced via _hcl_num, validator rejects newlines/braces (closed a string-typed-numeric -> local-exec path). Pulumi/CFN were already safe.
  • cloudwright plan no longer carries the LLM key into the IaC subprocess; redacts secret-shaped values from output.
  • Compliance now overrides workload profile (sandbox + framework forces encryption/HA) — the prior test passed only because it set production.
  • WAF export emits a deployable multi-line default_action.
  • Cost region is applied; the silent $10 fallback is marked low-confidence.
  • LLM parse failures log the full response instead of truncating to 300 chars.

Surfaces / docs

  • Frontend: structured {code, message, suggestion} error contract (was reading data.detail) + usage telemetry.
  • New docs/ (getting-started, cli-reference, troubleshooting, mcp-reference), README "What's new", and a reproducible cloudwright review demo GIF.
  • Versions bumped to 1.6.0 across all 4 packages + extras pins + server.json.

Tests

New: critique/repair (7), OSCAL (11), patterns (14), traceability (2), remediation (8), cost credibility (30), exporter hardening + OpenTofu (15). CI-replica green: core 1367 passed / 83% coverage, web 99 passed, CLI 99, MCP 6, ruff clean.

Known latent (not in scope)

The terraform/e2e tests that need terraform/an API key skip in CI (no binary / no key) and are unchanged.

Reviewed by Xavier Puspus

…rter hardening

Closes the defensibility + relevance gaps from the June 2026 product audit.

Moat:
- generate -> critique -> repair loop in Architect.design() (wires the existing
  scorer/linter/validator back into generation); offline `cloudwright review`
- OSCAL 1.1.2 component-definition export (`compliance --oscal`) + control
  traceability (`--traceability`)
- compliance-gated component patterns (suggest_compliant_patterns)

Relevance:
- agentic drift -> remediation (drift --remediate): diff -> cost delta ->
  quality delta -> plan preview, read-only
- cost credibility: region-aware pricing, egress, carbon (--carbon), FOCUS CSV
  (--focus), per-line pricing confidence
- OpenTofu export alias + tofu-aware planner

Credibility fixes:
- Terraform exporter injection hardening (numeric coercion + validator)
- `cloudwright plan` no longer carries the LLM key into the IaC subprocess;
  redacts secret-shaped values from output
- compliance now overrides workload profile (sandbox + framework forces
  encryption/HA); WAF export is deployable; cost region is applied; LLM parse
  failures keep the full response

Surfaces/docs: frontend structured-error contract + usage telemetry; docs/
  getting-started, cli-reference, troubleshooting, mcp-reference; What's new +
  review demo GIF. Versions bumped to 1.6.0 (4 packages + extras + server.json).

Co-Authored-By: Xavier Puspus
@xmpuspus xmpuspus merged commit ae6b01a into main Jun 16, 2026
5 checks passed
@xmpuspus xmpuspus deleted the feat/v160-defensibility-relevance branch June 16, 2026 12:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant