@deftai/directive-content 0.55.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/skills/deft/SKILL.md +6 -0
- package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
- package/.agents/skills/deft-directive-build/SKILL.md +10 -0
- package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
- package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
- package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
- package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
- package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
- package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
- package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
- package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
- package/.agents/skills/deft-directive-release/SKILL.md +12 -0
- package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
- package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
- package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
- package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
- package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
- package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
- package/LICENSE.md +22 -0
- package/QUICK-START.md +167 -0
- package/UPGRADING.md +517 -0
- package/coding/build-output.md +28 -0
- package/coding/coding.md +235 -0
- package/coding/debugging.md +110 -0
- package/coding/holzmann.md +96 -0
- package/coding/hygiene.md +127 -0
- package/coding/security.md +158 -0
- package/coding/testing.md +162 -0
- package/coding/toolchain.md +44 -0
- package/commands.md +300 -0
- package/context/context.md +57 -0
- package/context/deterministic-split.md +67 -0
- package/context/examples.md +26 -0
- package/context/fractal-summaries.md +69 -0
- package/context/long-horizon.md +46 -0
- package/context/spec-deltas.md +177 -0
- package/context/tool-design.md +34 -0
- package/context/working-memory.md +62 -0
- package/contracts/boundary-maps.md +65 -0
- package/contracts/deterministic-questions.md +59 -0
- package/contracts/hierarchy.md +77 -0
- package/conventions/content-manifest.json +399 -0
- package/conventions/machine-generated-banner.md +130 -0
- package/conventions/references.md +120 -0
- package/conventions/rule-ownership.json +382 -0
- package/conventions/task-caching.md +43 -0
- package/conventions/vbrief-filenames.md +70 -0
- package/deployments/README.md +37 -0
- package/deployments/agentuity/README.md +138 -0
- package/deployments/agentuity/via-cli.md +380 -0
- package/deployments/agentuity/via-cloud.md +425 -0
- package/deployments/agentuity/via-github-actions.md +664 -0
- package/deployments/agentuity/via-gravity-network.md +606 -0
- package/deployments/agentuity/via-vpc.md +607 -0
- package/deployments/aws/README.md +38 -0
- package/deployments/aws/via-app-runner.md +612 -0
- package/deployments/aws/via-ecs-fargate.md +561 -0
- package/deployments/aws/via-elastic-beanstalk.md +628 -0
- package/deployments/aws/via-lambda.md +649 -0
- package/deployments/azure/README.md +37 -0
- package/deployments/azure/via-aks.md +390 -0
- package/deployments/azure/via-app-service.md +564 -0
- package/deployments/azure/via-container-apps.md +599 -0
- package/deployments/azure/via-functions.md +552 -0
- package/deployments/cloud-gov/README.md +63 -0
- package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
- package/deployments/cloud-gov/agents.md +39 -0
- package/deployments/cloud-gov/cicd.md +64 -0
- package/deployments/cloud-gov/deployment.md +150 -0
- package/deployments/cloud-gov/logging.md +43 -0
- package/deployments/cloud-gov/manifest.md +121 -0
- package/deployments/cloud-gov/overview.md +58 -0
- package/deployments/cloud-gov/security.md +46 -0
- package/deployments/cloud-gov/services.md +72 -0
- package/deployments/cloud-gov/upstream/README.md +18 -0
- package/deployments/cloudflare/README.md +33 -0
- package/deployments/cloudflare/via-dashboard.md +83 -0
- package/deployments/cloudflare/via-git.md +90 -0
- package/deployments/cloudflare/via-github-actions.md +185 -0
- package/deployments/cloudflare/via-terraform.md +157 -0
- package/deployments/cloudflare/via-wrangler.md +165 -0
- package/deployments/fly-io/README.md +37 -0
- package/deployments/fly-io/via-dockerfile.md +648 -0
- package/deployments/fly-io/via-flyctl.md +653 -0
- package/deployments/fly-io/via-github-actions.md +695 -0
- package/deployments/fly-io/via-multi-region.md +598 -0
- package/deployments/google/README.md +34 -0
- package/deployments/google/via-app-engine.md +42 -0
- package/deployments/google/via-cloud-functions.md +23 -0
- package/deployments/google/via-cloud-run.md +330 -0
- package/deployments/google/via-gke.md +23 -0
- package/deployments/netlify/README.md +99 -0
- package/deployments/netlify/via-cli.md +17 -0
- package/deployments/netlify/via-functions.md +19 -0
- package/deployments/netlify/via-git.md +25 -0
- package/deployments/vercel/README.md +90 -0
- package/deployments/vercel/via-api.md +16 -0
- package/deployments/vercel/via-cli.md +17 -0
- package/deployments/vercel/via-git.md +24 -0
- package/docs/BROWNFIELD.md +179 -0
- package/docs/getting-started.md +137 -0
- package/docs/good-agents-md.md +137 -0
- package/events/README.md +89 -0
- package/events/event-record.schema.json +26 -0
- package/events/registry.json +166 -0
- package/events/registry.schema.json +71 -0
- package/glossary.md +145 -0
- package/incidents/README.md +81 -0
- package/incidents/_template.md +38 -0
- package/interfaces/cli.md +104 -0
- package/interfaces/rest.md +212 -0
- package/interfaces/tui.md +242 -0
- package/interfaces/web.md +123 -0
- package/languages/6502-DASM.md +132 -0
- package/languages/c.md +235 -0
- package/languages/commands.md +23 -0
- package/languages/cpp.md +132 -0
- package/languages/csharp.md +259 -0
- package/languages/dart.md +183 -0
- package/languages/delphi.md +218 -0
- package/languages/elixir.md +208 -0
- package/languages/go.md +78 -0
- package/languages/java.md +278 -0
- package/languages/javascript.md +163 -0
- package/languages/julia.md +175 -0
- package/languages/kotlin.md +193 -0
- package/languages/markdown.md +168 -0
- package/languages/mermaid.md +146 -0
- package/languages/officejs.md +392 -0
- package/languages/python.md +209 -0
- package/languages/r.md +163 -0
- package/languages/rust.md +216 -0
- package/languages/sql.md +216 -0
- package/languages/swift.md +153 -0
- package/languages/typescript.md +132 -0
- package/languages/vba.md +279 -0
- package/languages/vhdl.md +180 -0
- package/languages/visual-basic.md +151 -0
- package/languages/zig.md +196 -0
- package/meta/SOUL.md +27 -0
- package/meta/code-field.md +44 -0
- package/meta/morals.md +40 -0
- package/meta/philosophy.md +39 -0
- package/meta/project.md +49 -0
- package/meta/ralph.md +223 -0
- package/meta/security.md +80 -0
- package/meta/versioning.md +326 -0
- package/package.json +22 -0
- package/packs/lessons/lessons-pack-0.1.json +553 -0
- package/packs/patterns/patterns-pack-0.1.json +57 -0
- package/packs/rules/rules-pack-0.1.json +4767 -0
- package/packs/skills/skills-pack-0.1.json +262 -0
- package/packs/strategies/strategies-pack-0.1.json +167 -0
- package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
- package/patterns/executor-layer-credentials.md +227 -0
- package/patterns/llm-app.md +156 -0
- package/patterns/multi-agent.md +278 -0
- package/patterns/prompt-assembly-layer-ordering.md +154 -0
- package/patterns/role-as-overlay.md +179 -0
- package/platforms/2600.md +137 -0
- package/platforms/unity.md +329 -0
- package/references/composer-skill-porting.md +152 -0
- package/references/cost-models.md +163 -0
- package/references/ip-risk.md +246 -0
- package/references/plain-english-ux.md +275 -0
- package/resilience/context-pruning.md +67 -0
- package/resilience/continue-here.md +62 -0
- package/scm/changelog.md +276 -0
- package/scm/git.md +139 -0
- package/scm/github.md +265 -0
- package/secrets/.gitkeep +0 -0
- package/skills/deft-build/SKILL.md +20 -0
- package/skills/deft-directive-article-review/SKILL.md +156 -0
- package/skills/deft-directive-build/SKILL.md +302 -0
- package/skills/deft-directive-cost/SKILL.md +201 -0
- package/skills/deft-directive-debug/SKILL.md +140 -0
- package/skills/deft-directive-decompose/SKILL.md +96 -0
- package/skills/deft-directive-gh-arch/SKILL.md +160 -0
- package/skills/deft-directive-gh-slice/SKILL.md +199 -0
- package/skills/deft-directive-glossary/SKILL.md +118 -0
- package/skills/deft-directive-interview/SKILL.md +528 -0
- package/skills/deft-directive-pre-pr/SKILL.md +131 -0
- package/skills/deft-directive-probe/SKILL.md +127 -0
- package/skills/deft-directive-refinement/SKILL.md +403 -0
- package/skills/deft-directive-release/SKILL.md +266 -0
- package/skills/deft-directive-review-cycle/SKILL.md +401 -0
- package/skills/deft-directive-setup/SKILL.md +717 -0
- package/skills/deft-directive-swarm/SKILL.md +989 -0
- package/skills/deft-directive-sync/SKILL.md +288 -0
- package/skills/deft-directive-triage/SKILL.md +137 -0
- package/skills/deft-directive-write-skill/SKILL.md +169 -0
- package/skills/deft-interview/SKILL.md +16 -0
- package/skills/deft-pre-pr/SKILL.md +16 -0
- package/skills/deft-review-cycle/SKILL.md +16 -0
- package/skills/deft-roadmap-refresh/SKILL.md +16 -0
- package/skills/deft-setup/SKILL.md +20 -0
- package/skills/deft-swarm/SKILL.md +16 -0
- package/skills/deft-sync/SKILL.md +16 -0
- package/strategies/README.md +83 -0
- package/strategies/artifact-guards.md +85 -0
- package/strategies/bdd.md +115 -0
- package/strategies/brownfield.md +7 -0
- package/strategies/discuss.md +129 -0
- package/strategies/emit-hints.md +69 -0
- package/strategies/enterprise.md +193 -0
- package/strategies/interview.md +551 -0
- package/strategies/map.md +179 -0
- package/strategies/probe.md +151 -0
- package/strategies/rapid.md +155 -0
- package/strategies/research.md +155 -0
- package/strategies/roadmap.md +9 -0
- package/strategies/speckit.md +437 -0
- package/strategies/v0-20-contract.md +134 -0
- package/strategies/yolo.md +169 -0
- package/swarm/swarm.md +300 -0
- package/templates/COST-ESTIMATE.md +114 -0
- package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
- package/templates/agent-prompt-preamble.md +409 -0
- package/templates/agents-entry.md +211 -0
- package/templates/agents-entry.placeholders.md +75 -0
- package/templates/embed.go +20 -0
- package/templates/embed_test.go +36 -0
- package/templates/make-spec-example.md +9 -0
- package/templates/make-spec.md +246 -0
- package/templates/project.md.template +52 -0
- package/templates/specification.md +1 -0
- package/templates/swarm-greptile-poller-prompt.md +556 -0
- package/templates/user.md.template +31 -0
- package/tools/RWLDL.md +80 -0
- package/tools/greptile.md +141 -0
- package/tools/installer.md +23 -0
- package/tools/taskfile-migration.md +32 -0
- package/tools/taskfile.md +185 -0
- package/tools/telemetry.md +285 -0
- package/vbrief/schemas/cache-meta.schema.json +137 -0
- package/vbrief/schemas/candidates.schema.json +130 -0
- package/vbrief/schemas/codebase-map.schema.json +213 -0
- package/vbrief/schemas/lessons-pack.schema.json +134 -0
- package/vbrief/schemas/patterns-pack.schema.json +84 -0
- package/vbrief/schemas/rules-pack.schema.json +105 -0
- package/vbrief/schemas/skills-pack.schema.json +94 -0
- package/vbrief/schemas/slices.schema.json +87 -0
- package/vbrief/schemas/strategies-pack.schema.json +89 -0
- package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
- package/vbrief/schemas/vbrief-core.schema.json +1022 -0
- package/vbrief/vbrief.md +684 -0
- package/verification/integration.md +76 -0
- package/verification/plan-checking.md +85 -0
- package/verification/uat.md +60 -0
- package/verification/verification.md +117 -0
|
@@ -0,0 +1,285 @@
|
|
|
1
|
+
# Telemetry Standards
|
|
2
|
+
|
|
3
|
+
Logging, tracing, metrics, and error tracking for production systems.
|
|
4
|
+
|
|
5
|
+
Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
|
|
6
|
+
|
|
7
|
+
**Scope:** Observability, monitoring, and debugging across all modes.
|
|
8
|
+
|
|
9
|
+
**⚠️ See also**: [main.md](../../main.md) | [coding.md](../coding/coding.md)
|
|
10
|
+
|
|
11
|
+
## Mode-Specific Requirements
|
|
12
|
+
|
|
13
|
+
### fun Mode (Learning/Prototyping)
|
|
14
|
+
|
|
15
|
+
**Logging:**
|
|
16
|
+
- ? Use print() or basic logging
|
|
17
|
+
- ? Structured logging optional
|
|
18
|
+
|
|
19
|
+
**Error Tracking:**
|
|
20
|
+
- ? Optional
|
|
21
|
+
|
|
22
|
+
**Tracing:**
|
|
23
|
+
- ? Optional
|
|
24
|
+
|
|
25
|
+
**Metrics:**
|
|
26
|
+
- ? Optional
|
|
27
|
+
|
|
28
|
+
### fast Mode (Development - Default)
|
|
29
|
+
|
|
30
|
+
**Logging:**
|
|
31
|
+
- ~ Structured logging (structlog, loguru, zerolog)
|
|
32
|
+
- ~ Log levels: DEBUG, INFO, WARN, ERROR
|
|
33
|
+
- ~ Include context: timestamp, level, message, request_id
|
|
34
|
+
|
|
35
|
+
**Error Tracking:**
|
|
36
|
+
- ~ Use Sentry.io or equivalent
|
|
37
|
+
- ~ Sample rate: 10-50% in dev, 100% errors
|
|
38
|
+
- ~ Capture stack traces
|
|
39
|
+
|
|
40
|
+
**Tracing:**
|
|
41
|
+
- ? Optional for debugging
|
|
42
|
+
- ~ Use for complex workflows
|
|
43
|
+
|
|
44
|
+
**Metrics:**
|
|
45
|
+
- ~ Basic metrics (request count, latency)
|
|
46
|
+
- ? Custom business metrics
|
|
47
|
+
|
|
48
|
+
### pro Mode (Production)
|
|
49
|
+
|
|
50
|
+
**Logging:**
|
|
51
|
+
- ! Structured logging mandatory
|
|
52
|
+
- ! Log levels: INFO, WARN, ERROR (⊗ DEBUG in production)
|
|
53
|
+
- ! Include: timestamp, level, message, trace_id, span_id, user_id, request_id
|
|
54
|
+
- ! Log rotation and retention policy
|
|
55
|
+
|
|
56
|
+
**Error Tracking:**
|
|
57
|
+
- ! Sentry.io or equivalent mandatory
|
|
58
|
+
- ! Sample rate: 100% errors, 10-20% transactions
|
|
59
|
+
- ! Release tracking and source maps
|
|
60
|
+
- ! User feedback integration
|
|
61
|
+
|
|
62
|
+
**Tracing:**
|
|
63
|
+
- ! Distributed tracing (OpenTelemetry, logfire, Sentry)
|
|
64
|
+
- ! Instrument critical paths
|
|
65
|
+
- ! Trace sampling: 1-10% in production
|
|
66
|
+
- ! Include: service name, operation name, duration, tags
|
|
67
|
+
|
|
68
|
+
**Metrics:**
|
|
69
|
+
- ! RED metrics (Rate, Error, Duration)
|
|
70
|
+
- ! System metrics (CPU, memory, disk)
|
|
71
|
+
- ! Business metrics (orders, users, revenue)
|
|
72
|
+
- ! Alerting on SLOs/SLIs
|
|
73
|
+
|
|
74
|
+
## Recommended Tools
|
|
75
|
+
|
|
76
|
+
**Structured Logging:**
|
|
77
|
+
- Python: logfire (pro), structlog (fast/pro), loguru (fast)
|
|
78
|
+
- Go: zerolog, zap
|
|
79
|
+
- TypeScript: pino, winston
|
|
80
|
+
- C++: spdlog
|
|
81
|
+
|
|
82
|
+
**Error Tracking:**
|
|
83
|
+
- Sentry.io (all languages, all modes)
|
|
84
|
+
- Rollbar, Bugsnag (alternatives)
|
|
85
|
+
|
|
86
|
+
**Tracing:**
|
|
87
|
+
- OpenTelemetry (all languages, pro mode)
|
|
88
|
+
- logfire (Python, pro mode)
|
|
89
|
+
- Sentry (all languages, fast/pro mode)
|
|
90
|
+
|
|
91
|
+
**Metrics:**
|
|
92
|
+
- Prometheus (self-hosted)
|
|
93
|
+
- Datadog, New Relic (SaaS)
|
|
94
|
+
- OpenTelemetry metrics
|
|
95
|
+
|
|
96
|
+
## Logging Best Practices
|
|
97
|
+
|
|
98
|
+
**Structure:**
|
|
99
|
+
- ! JSON format for machine parsing
|
|
100
|
+
- ! Human-readable format for development
|
|
101
|
+
- ! Consistent field names across services
|
|
102
|
+
|
|
103
|
+
**Content:**
|
|
104
|
+
- ! Include context: timestamp, level, logger name, message
|
|
105
|
+
- ~ Include identifiers: user_id, request_id, trace_id, span_id
|
|
106
|
+
- ~ Include metadata: environment, version, host
|
|
107
|
+
- ⊗ Log sensitive data (PII, secrets, passwords)
|
|
108
|
+
|
|
109
|
+
**Levels:**
|
|
110
|
+
- **DEBUG**: Detailed diagnostic information (fun/fast only)
|
|
111
|
+
- **INFO**: General informational messages
|
|
112
|
+
- **WARN**: Warning messages, potentially harmful situations
|
|
113
|
+
- **ERROR**: Error events, but application continues
|
|
114
|
+
- **FATAL**: Severe errors causing shutdown
|
|
115
|
+
|
|
116
|
+
**Examples:**
|
|
117
|
+
```python
|
|
118
|
+
# Good
|
|
119
|
+
log.info("order_created", order_id=order.id, user_id=user.id, total=order.total)
|
|
120
|
+
|
|
121
|
+
# Bad
|
|
122
|
+
log.info(f"Order {order.id} created by {user.email} for ${order.total}") # Not structured
|
|
123
|
+
log.debug(f"Password: {password}") # Sensitive data
|
|
124
|
+
```
|
|
125
|
+
|
|
126
|
+
## Tracing Best Practices
|
|
127
|
+
|
|
128
|
+
**Span Naming:**
|
|
129
|
+
- ! Use verb + noun: `process_order`, `validate_user`, `fetch_data`
|
|
130
|
+
- ! Include operation type: `http.request`, `db.query`, `cache.get`
|
|
131
|
+
- ⊗ Generic names: `process`, `handle`, `do_work`
|
|
132
|
+
|
|
133
|
+
**Span Attributes:**
|
|
134
|
+
- ~ Add business context: order_id, user_id, amount
|
|
135
|
+
- ~ Add technical context: http.method, http.status_code, db.statement
|
|
136
|
+
- ~ Add errors: error=true, error.message, error.type
|
|
137
|
+
- ⊗ Add sensitive data
|
|
138
|
+
|
|
139
|
+
**Sampling:**
|
|
140
|
+
- ! Sample strategically to control costs
|
|
141
|
+
- ~ 100% errors, 1-10% success in production
|
|
142
|
+
- ~ Higher rate for critical paths
|
|
143
|
+
- ? Adaptive sampling based on latency
|
|
144
|
+
|
|
145
|
+
## Metrics Best Practices
|
|
146
|
+
|
|
147
|
+
**RED Metrics (Mandatory in pro):**
|
|
148
|
+
- **Rate**: Requests per second
|
|
149
|
+
- **Error**: Error rate (%)
|
|
150
|
+
- **Duration**: Latency (p50, p95, p99)
|
|
151
|
+
|
|
152
|
+
**Naming:**
|
|
153
|
+
- ! Use descriptive names: `http_requests_total`, `order_processing_duration_seconds`
|
|
154
|
+
- ! Include units: `_seconds`, `_bytes`, `_total`
|
|
155
|
+
- ! Use labels for dimensions: method, status, endpoint
|
|
156
|
+
|
|
157
|
+
**Types:**
|
|
158
|
+
- **Counter**: Monotonically increasing (requests, errors)
|
|
159
|
+
- **Gauge**: Current value (memory, queue depth)
|
|
160
|
+
- **Histogram**: Distribution (latency, size)
|
|
161
|
+
- **Summary**: Similar to histogram (p50, p95, p99)
|
|
162
|
+
|
|
163
|
+
## Error Tracking
|
|
164
|
+
|
|
165
|
+
**What to Track:**
|
|
166
|
+
- ! All unhandled exceptions
|
|
167
|
+
- ! Explicit error captures (validation failures, business logic errors)
|
|
168
|
+
- ~ Performance issues (slow queries, timeouts)
|
|
169
|
+
- ~ User feedback (bug reports, feature requests)
|
|
170
|
+
|
|
171
|
+
**Context:**
|
|
172
|
+
- ! Stack trace
|
|
173
|
+
- ! Request data (sanitized)
|
|
174
|
+
- ! User context (ID, not PII)
|
|
175
|
+
- ! Environment (version, host, OS)
|
|
176
|
+
- ~ Breadcrumbs (previous events)
|
|
177
|
+
|
|
178
|
+
**Sentry Configuration:**
|
|
179
|
+
```python
|
|
180
|
+
import sentry_sdk
|
|
181
|
+
|
|
182
|
+
sentry_sdk.init(
|
|
183
|
+
dsn="https://...@sentry.io/...",
|
|
184
|
+
environment="production",
|
|
185
|
+
release="my-app@1.2.3",
|
|
186
|
+
traces_sample_rate=0.1,
|
|
187
|
+
profiles_sample_rate=0.1,
|
|
188
|
+
before_send=sanitize_data, # ! Remove PII
|
|
189
|
+
)
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
## Integration Patterns
|
|
193
|
+
|
|
194
|
+
**Context Propagation:**
|
|
195
|
+
- ! Propagate trace_id and span_id across service boundaries
|
|
196
|
+
- ! Use W3C Trace Context headers
|
|
197
|
+
- ! Include trace_id/span_id in logs for correlation
|
|
198
|
+
|
|
199
|
+
**Alerting:**
|
|
200
|
+
- ! Alert on error rate spikes
|
|
201
|
+
- ! Alert on latency degradation (p95 > threshold)
|
|
202
|
+
- ! Alert on critical business metrics
|
|
203
|
+
- ~ Use runbooks for common issues
|
|
204
|
+
|
|
205
|
+
## Anti-Patterns
|
|
206
|
+
|
|
207
|
+
- ⊗ Logging in tight loops (performance impact)
|
|
208
|
+
- ⊗ Logging sensitive data (PII, secrets, passwords)
|
|
209
|
+
- ⊗ Using string formatting instead of structured logging
|
|
210
|
+
- ⊗ No sampling in high-traffic production (cost explosion)
|
|
211
|
+
- ⊗ Ignoring errors silently
|
|
212
|
+
- ⊗ Missing context (no trace_id, request_id)
|
|
213
|
+
- ⊗ Generic span/metric names
|
|
214
|
+
- ⊗ Over-instrumenting (trace everything)
|
|
215
|
+
|
|
216
|
+
## Mode Decision Matrix
|
|
217
|
+
|
|
218
|
+
| Feature | fun | fast | pro |
|
|
219
|
+
|---------|-----|------|-----|
|
|
220
|
+
| Structured Logging | ? | ~ | ! |
|
|
221
|
+
| Error Tracking | ? | ~ | ! |
|
|
222
|
+
| Distributed Tracing | ? | ? | ! |
|
|
223
|
+
| Metrics (RED) | ? | ~ | ! |
|
|
224
|
+
| Log Rotation | ? | ~ | ! |
|
|
225
|
+
| Alerting | ? | ? | ! |
|
|
226
|
+
| PII Sanitization | ? | ~ | ! |
|
|
227
|
+
| Source Maps | ? | ~ | ! |
|
|
228
|
+
| Release Tracking | ? | ~ | ! |
|
|
229
|
+
|
|
230
|
+
## Testing Telemetry
|
|
231
|
+
|
|
232
|
+
**Development:**
|
|
233
|
+
- ~ Use local exporters (console, file)
|
|
234
|
+
- ~ Test with sampling=1.0
|
|
235
|
+
- ~ Verify context propagation
|
|
236
|
+
|
|
237
|
+
**Staging:**
|
|
238
|
+
- ~ Mirror production config
|
|
239
|
+
- ~ Test alerting thresholds
|
|
240
|
+
- ~ Validate dashboards
|
|
241
|
+
|
|
242
|
+
**Production:**
|
|
243
|
+
- ! Gradual rollout of telemetry changes
|
|
244
|
+
- ! Monitor telemetry overhead (<5% CPU)
|
|
245
|
+
- ! Validate data quality
|
|
246
|
+
|
|
247
|
+
## LLM-specific observability (#481)
|
|
248
|
+
|
|
249
|
+
LLM applications carry observability needs that conventional request/response tracing does not address. Poisoning, prompt drift, output schema regressions, and token-budget exhaustion are invisible to standard logging unless the prompt and response are captured verbatim and the model + token telemetry is recorded alongside the call. This section extends the general telemetry guidance for projects that call LLM APIs (see [../patterns/llm-app.md](../patterns/llm-app.md) for the full LLM-application standards; this section is the observability slice).
|
|
250
|
+
|
|
251
|
+
**Per-call audit log (mandatory in pro mode; recommended in fast mode):**
|
|
252
|
+
- ! Log every LLM call: model identifier, prompt hash, response hash, latency, token count (input + output), tool calls invoked
|
|
253
|
+
- ! Store prompt/response pairs in a queryable audit log, separate from application logs — application logs carry pointers/hashes only; the audit log carries the verbatim content
|
|
254
|
+
- ! Log tool invocations alongside the LLM call that produced them so the audit trail `(prompt -> response -> tool call -> outcome)` is recoverable as a single chain
|
|
255
|
+
- ⊗ MUST NOT log raw secrets or PII that leaked into the prompt; redact at log-write time, not at log-read time (the general `⊗ Log sensitive data` rule applies equally to LLM audit logs)
|
|
256
|
+
|
|
257
|
+
**Token budget tracking:**
|
|
258
|
+
- ~ Track token budgets per session and per user — budget exhaustion is a denial-of-service vector AND a cost-attack vector
|
|
259
|
+
- ~ Emit a metric on every LLM call: `llm_tokens_total{model, kind="input|output", user_id, session_id}`
|
|
260
|
+
- ~ Alert on per-user token spikes (anomaly detection on the distribution; a sudden 10x in tokens/hour for one user is a probe signal)
|
|
261
|
+
|
|
262
|
+
**Latency histograms per model/prompt variant:**
|
|
263
|
+
- ~ Record latency as a histogram dimensioned by `{model, prompt_variant}` so a slow-down on one prompt template is visible without polluting the model-wide aggregate
|
|
264
|
+
- ~ Track p50/p95/p99 separately for streaming vs. non-streaming calls (streaming p99 is end-of-first-token; non-streaming p99 is end-of-full-response — conflating them hides regressions)
|
|
265
|
+
|
|
266
|
+
**Evaluation harness logging:**
|
|
267
|
+
- ~ Record evaluation-harness results in the audit log so output quality can be tracked over time (regression detection on the model output distribution, not just the application's behavior)
|
|
268
|
+
- ~ Tag each eval run with the prompt-template version and the model identifier so a quality regression can be traced to either a prompt edit or a provider model update
|
|
269
|
+
|
|
270
|
+
**Anomaly detection on output distributions:**
|
|
271
|
+
- ~ Track output-length distribution per prompt variant; a sudden shift (longer outputs, shorter outputs, or higher variance) is a probe signal worth investigating
|
|
272
|
+
- ~ Track refusal-rate per prompt variant; an unexpected refusal-rate change typically points at a provider-side policy update or a prompt drift
|
|
273
|
+
- ~ Alert when a deployed prompt template diverges from the reviewed baseline (the **prompt drift detector**); a code review approved one prompt, a runtime change to that prompt without review is a regression signal
|
|
274
|
+
|
|
275
|
+
**Cross-references:**
|
|
276
|
+
- [../patterns/llm-app.md](../patterns/llm-app.md) `## LLM-specific observability` -- the full standards body this section anchors to
|
|
277
|
+
- [../coding/coding.md](../coding/coding.md) `## Calling LLM APIs (#481)` -- short addendum cross-linking the patterns file
|
|
278
|
+
|
|
279
|
+
## References
|
|
280
|
+
|
|
281
|
+
- OpenTelemetry: https://opentelemetry.io/
|
|
282
|
+
- Sentry.io: https://sentry.io/
|
|
283
|
+
- logfire: https://pydantic.dev/logfire
|
|
284
|
+
- structlog: https://www.structlog.org/
|
|
285
|
+
- zerolog: https://github.com/rs/zerolog
|
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://vbrief.dev/schemas/cache-meta-1.0.schema.json",
|
|
4
|
+
"title": "Deft Cache Entry meta.json",
|
|
5
|
+
"description": "Per-entry metadata file for the unified content cache (#883 v1). Validates on read AND write so a corrupt or version-incompatible meta.json fails closed (epic v1_must_include M4). Layout: .deft-cache/<source>/<key>/meta.json -- one file per cache entry, sibling to raw.json (always present) and content.md (only present when scan_result.passed=true OR scanner severity is fence-and-pass / strip-and-pass).",
|
|
6
|
+
"type": "object",
|
|
7
|
+
"required": [
|
|
8
|
+
"source",
|
|
9
|
+
"key",
|
|
10
|
+
"fetched_at",
|
|
11
|
+
"ttl_seconds",
|
|
12
|
+
"expires_at",
|
|
13
|
+
"scan_result",
|
|
14
|
+
"size_bytes",
|
|
15
|
+
"stale"
|
|
16
|
+
],
|
|
17
|
+
"properties": {
|
|
18
|
+
"source": {
|
|
19
|
+
"type": "string",
|
|
20
|
+
"description": "Cache source type. v1 ships 'github-issue' only; 5 additional types (github-pr, github-review, url, email, file) are deferred to v2 per the epic deferred_to_v2 list. The schema constrains the enum so a typo or premature v2 source fails closed at write time.",
|
|
21
|
+
"enum": ["github-issue"]
|
|
22
|
+
},
|
|
23
|
+
"key": {
|
|
24
|
+
"type": "string",
|
|
25
|
+
"minLength": 1,
|
|
26
|
+
"description": "Source-specific lookup key. For github-issue: '<owner>/<repo>/<N>' (e.g. 'deftai/directive/883'). The cache.py CLI normalises and validates the shape per source before write."
|
|
27
|
+
},
|
|
28
|
+
"fetched_at": {
|
|
29
|
+
"$ref": "#/$defs/dateTime",
|
|
30
|
+
"description": "ISO-8601 UTC timestamp at which raw.json was retrieved from upstream. Consumed by triage_refresh.py (Story 3) for staleness detection."
|
|
31
|
+
},
|
|
32
|
+
"ttl_seconds": {
|
|
33
|
+
"type": "integer",
|
|
34
|
+
"minimum": 0,
|
|
35
|
+
"description": "Source-specific TTL in seconds (github-issue=604800 / 7d in v1). Hard-coded per source by cache.py; persisted here so future TTL bumps do not silently re-classify pre-existing entries."
|
|
36
|
+
},
|
|
37
|
+
"expires_at": {
|
|
38
|
+
"$ref": "#/$defs/dateTime",
|
|
39
|
+
"description": "ISO-8601 UTC timestamp at which this entry should be considered stale. Computed at write time as fetched_at + ttl_seconds; pinned in meta.json so the staleness check is a simple time comparison without re-derivation."
|
|
40
|
+
},
|
|
41
|
+
"etag": {
|
|
42
|
+
"type": "string",
|
|
43
|
+
"description": "Reserved for v2 ETag-based conditional refresh. Deferred from v1 (gh CLI does not expose ETag at the JSON layer). Optional; omit on write in v1 callers."
|
|
44
|
+
},
|
|
45
|
+
"scan_result": {
|
|
46
|
+
"$ref": "#/$defs/ScanResult"
|
|
47
|
+
},
|
|
48
|
+
"size_bytes": {
|
|
49
|
+
"type": "integer",
|
|
50
|
+
"minimum": 0,
|
|
51
|
+
"description": "Byte length of raw.json on disk at write time. Audit-only -- consumed by cache:stats / cache:doctor (deferred to v2) for sanity checks; v1 callers persist the value but do not act on it."
|
|
52
|
+
},
|
|
53
|
+
"stale": {
|
|
54
|
+
"type": "boolean",
|
|
55
|
+
"description": "Frozen at write time as 'false'. The runtime staleness check on cache:get re-computes from current time vs expires_at; this field exists so a downstream consumer reading meta.json directly (without invoking cache:get) sees a defined value. v1 substitute for the deferred cache:check command per the epic deferred_to_v2 list."
|
|
56
|
+
}
|
|
57
|
+
},
|
|
58
|
+
"additionalProperties": false,
|
|
59
|
+
"$defs": {
|
|
60
|
+
"ScanResult": {
|
|
61
|
+
"type": "object",
|
|
62
|
+
"required": [
|
|
63
|
+
"passed",
|
|
64
|
+
"scanned_at",
|
|
65
|
+
"scanner_version",
|
|
66
|
+
"flags"
|
|
67
|
+
],
|
|
68
|
+
"description": "Quarantine scan outcome (#583 / scanner v2). passed=false means the credentials category fired (hard-fail severity); fence-and-pass / strip-and-pass severities still record flags but passed remains true and content.md is written.",
|
|
69
|
+
"properties": {
|
|
70
|
+
"passed": {
|
|
71
|
+
"type": "boolean",
|
|
72
|
+
"description": "Whether the entry's content.md was safe to write. False only when at least one flag carries severity hard-fail (credentials category)."
|
|
73
|
+
},
|
|
74
|
+
"scanned_at": {
|
|
75
|
+
"$ref": "#/$defs/dateTime",
|
|
76
|
+
"description": "ISO-8601 UTC timestamp at which the scan ran. Distinct from fetched_at because a future cache:doctor --rescan can update scan_result without re-fetching."
|
|
77
|
+
},
|
|
78
|
+
"scanner_version": {
|
|
79
|
+
"type": "string",
|
|
80
|
+
"pattern": "^\\d+\\.\\d+\\.\\d+$",
|
|
81
|
+
"description": "Scanner SemVer (e.g. '2.0.0') as reported by scripts/cache_scanner.SCANNER_VERSION. Documented bump rule in the scanner module: patch=patterns, minor=categories, major=semantic rewrites."
|
|
82
|
+
},
|
|
83
|
+
"flags": {
|
|
84
|
+
"type": "array",
|
|
85
|
+
"description": "Per-flag findings. Empty array means a clean pass with no scanner action; non-empty does not by itself imply passed=false (only hard-fail severity does).",
|
|
86
|
+
"items": {
|
|
87
|
+
"$ref": "#/$defs/ScanFlag"
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
},
|
|
91
|
+
"additionalProperties": false
|
|
92
|
+
},
|
|
93
|
+
"ScanFlag": {
|
|
94
|
+
"type": "object",
|
|
95
|
+
"required": [
|
|
96
|
+
"category",
|
|
97
|
+
"severity",
|
|
98
|
+
"detail"
|
|
99
|
+
],
|
|
100
|
+
"properties": {
|
|
101
|
+
"category": {
|
|
102
|
+
"type": "string",
|
|
103
|
+
"enum": [
|
|
104
|
+
"injection-heading",
|
|
105
|
+
"credentials",
|
|
106
|
+
"invisible-unicode"
|
|
107
|
+
],
|
|
108
|
+
"description": "Scanner v2 category. v1 baseline ships these three; shell-cmd-injection and exfiltration-patterns are deferred to v2."
|
|
109
|
+
},
|
|
110
|
+
"severity": {
|
|
111
|
+
"type": "string",
|
|
112
|
+
"enum": [
|
|
113
|
+
"fence-and-pass",
|
|
114
|
+
"hard-fail",
|
|
115
|
+
"strip-and-pass"
|
|
116
|
+
],
|
|
117
|
+
"description": "Per-category severity. injection-heading=fence-and-pass; credentials=hard-fail; invisible-unicode=strip-and-pass. Per-category severity is a documented epic departure from the design doc's uniform hard-fail (rationale: hard-fail-on-injection-headings would break legitimate '## STEP' template headings)."
|
|
118
|
+
},
|
|
119
|
+
"detail": {
|
|
120
|
+
"type": "string",
|
|
121
|
+
"description": "Human-readable summary of what was matched (e.g. 'matched credential pattern: ghp_<32 chars>' or 'stripped 3 invisible unicode codepoints'). Detail strings MUST NOT include the matched secret itself for the credentials category -- emit a redacted descriptor only."
|
|
122
|
+
},
|
|
123
|
+
"match_count": {
|
|
124
|
+
"type": "integer",
|
|
125
|
+
"minimum": 0,
|
|
126
|
+
"description": "Number of distinct matches for this flag. Useful for invisible-unicode strip-and-pass where the meaningful number is the codepoint count, not a string excerpt."
|
|
127
|
+
}
|
|
128
|
+
},
|
|
129
|
+
"additionalProperties": false
|
|
130
|
+
},
|
|
131
|
+
"dateTime": {
|
|
132
|
+
"type": "string",
|
|
133
|
+
"format": "date-time",
|
|
134
|
+
"pattern": "(Z|[+-]\\d{2}:\\d{2})$"
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
}
|
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://deft.dev/schemas/candidates-1.0.schema.json",
|
|
4
|
+
"title": "Triage Candidates Log Entry v1",
|
|
5
|
+
"description": "Frozen interface contract for one line in vbrief/.eval/candidates.jsonl. Each line is a single JSON object capturing one triage decision. The log is append-only -- existing lines are never edited or deleted. Consumed by Story 3 (triage actions), Story 4 (triage:bulk + triage:refresh), and Story 6 (bootstrap). Field set, types, and enums are FROZEN -- new fields may only be added in additive, optional positions in a follow-up schema version.",
|
|
6
|
+
"type": "object",
|
|
7
|
+
"additionalProperties": false,
|
|
8
|
+
"required": [
|
|
9
|
+
"decision_id",
|
|
10
|
+
"timestamp",
|
|
11
|
+
"repo",
|
|
12
|
+
"issue_number",
|
|
13
|
+
"decision",
|
|
14
|
+
"actor"
|
|
15
|
+
],
|
|
16
|
+
"properties": {
|
|
17
|
+
"decision_id": {
|
|
18
|
+
"type": "string",
|
|
19
|
+
"format": "uuid",
|
|
20
|
+
"description": "RFC 4122 UUID (any version) uniquely identifying this decision row.",
|
|
21
|
+
"pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$"
|
|
22
|
+
},
|
|
23
|
+
"timestamp": {
|
|
24
|
+
"type": "string",
|
|
25
|
+
"format": "date-time",
|
|
26
|
+
"description": "ISO-8601 UTC timestamp with the literal Z suffix (e.g. 2026-05-03T16:32:54Z) when the decision was recorded. Non-UTC offsets are intentionally rejected because latest_decision() sorts by lexicographic timestamp comparison, which is correct only when every entry is anchored to the same zone.",
|
|
27
|
+
"pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(\\.\\d+)?Z$"
|
|
28
|
+
},
|
|
29
|
+
"repo": {
|
|
30
|
+
"type": "string",
|
|
31
|
+
"description": "GitHub-style 'owner/name' coordinate of the repository the issue belongs to.",
|
|
32
|
+
"pattern": "^[A-Za-z0-9._-]+/[A-Za-z0-9._-]+$"
|
|
33
|
+
},
|
|
34
|
+
"issue_number": {
|
|
35
|
+
"type": "integer",
|
|
36
|
+
"minimum": 1,
|
|
37
|
+
"description": "Issue number within `repo`."
|
|
38
|
+
},
|
|
39
|
+
"decision": {
|
|
40
|
+
"type": "string",
|
|
41
|
+
"enum": [
|
|
42
|
+
"accept",
|
|
43
|
+
"reject",
|
|
44
|
+
"defer",
|
|
45
|
+
"needs-ac",
|
|
46
|
+
"mark-duplicate",
|
|
47
|
+
"reset",
|
|
48
|
+
"resume-eligible"
|
|
49
|
+
],
|
|
50
|
+
"description": "Decision verb. `mark-duplicate` requires `linked_to`; `reset` and `resume-eligible` require `prior_decision_id`. `resume-eligible` is appended by the resume-condition evaluator (#1123 / D3) when a prior `defer` entry's `resume_on` expression fires; it does NOT auto-un-defer."
|
|
51
|
+
},
|
|
52
|
+
"actor": {
|
|
53
|
+
"type": "string",
|
|
54
|
+
"minLength": 1,
|
|
55
|
+
"description": "Decision actor identity -- a human username (e.g. 'msadams') or an agent tag (e.g. 'agent:warp-oz')."
|
|
56
|
+
},
|
|
57
|
+
"reason": {
|
|
58
|
+
"type": "string",
|
|
59
|
+
"description": "Optional free-form rationale captured at decision time."
|
|
60
|
+
},
|
|
61
|
+
"resume_on": {
|
|
62
|
+
"type": "string",
|
|
63
|
+
"description": "Optional structured resume condition recorded on `defer` entries (#1123 / D3). Grammar v1: `ref:closed:#N` | `ref:merged:#N` | `date:>=YYYY-MM-DD` | `pending-count:>=N` | `pending-count:<=N`, joined by a single top-level `AND` / `OR`. Evaluated by `scripts/resume_conditions.py`; firings append a sibling `resume-eligible` entry.",
|
|
64
|
+
"minLength": 1
|
|
65
|
+
},
|
|
66
|
+
"linked_to": {
|
|
67
|
+
"type": "integer",
|
|
68
|
+
"minimum": 1,
|
|
69
|
+
"description": "Required ONLY when `decision` is `mark-duplicate`: issue number this duplicate links to."
|
|
70
|
+
},
|
|
71
|
+
"prior_decision_id": {
|
|
72
|
+
"type": "string",
|
|
73
|
+
"pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$",
|
|
74
|
+
"description": "Required ONLY when `decision` is `reset`: the prior decision's `decision_id` being undone."
|
|
75
|
+
}
|
|
76
|
+
},
|
|
77
|
+
"allOf": [
|
|
78
|
+
{
|
|
79
|
+
"if": {
|
|
80
|
+
"properties": {
|
|
81
|
+
"decision": {
|
|
82
|
+
"const": "mark-duplicate"
|
|
83
|
+
}
|
|
84
|
+
},
|
|
85
|
+
"required": [
|
|
86
|
+
"decision"
|
|
87
|
+
]
|
|
88
|
+
},
|
|
89
|
+
"then": {
|
|
90
|
+
"required": [
|
|
91
|
+
"linked_to"
|
|
92
|
+
]
|
|
93
|
+
},
|
|
94
|
+
"else": {
|
|
95
|
+
"not": {
|
|
96
|
+
"required": [
|
|
97
|
+
"linked_to"
|
|
98
|
+
]
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
},
|
|
102
|
+
{
|
|
103
|
+
"if": {
|
|
104
|
+
"properties": {
|
|
105
|
+
"decision": {
|
|
106
|
+
"enum": [
|
|
107
|
+
"reset",
|
|
108
|
+
"resume-eligible"
|
|
109
|
+
]
|
|
110
|
+
}
|
|
111
|
+
},
|
|
112
|
+
"required": [
|
|
113
|
+
"decision"
|
|
114
|
+
]
|
|
115
|
+
},
|
|
116
|
+
"then": {
|
|
117
|
+
"required": [
|
|
118
|
+
"prior_decision_id"
|
|
119
|
+
]
|
|
120
|
+
},
|
|
121
|
+
"else": {
|
|
122
|
+
"not": {
|
|
123
|
+
"required": [
|
|
124
|
+
"prior_decision_id"
|
|
125
|
+
]
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
]
|
|
130
|
+
}
|