Skip to content

Cross-System Evidence Graph

The cross-system evidence graph is a read-only diagnostic artifact that normalizes release-confidence signals into one operator-facing view.

It connects:

source -> finding -> risk surface -> owner files -> artifacts -> commands -> recurrence -> operator action

The first implementation is advisory only. It does not auto-fix, auto-commit, auto-push, auto-merge, weaken checks, or mark a change safe without proof.

Inputs

The graph can consume existing SDETKit artifacts such as:

  • Sentinel control-room JSON
  • Mission Control JSON

The first supported command is:

python -m sdetkit.evidence_graph \
  --sentinel-control-room build/sdetkit/adaptive-sentinel/control-room.json \
  --mission-control build/sdetkit/mission-control/mission-control.json \
  --out-dir build/sdetkit/evidence-graph

Each input is optional. Missing inputs are reported in the source summary instead of failing the command.

Outputs

The command writes:

build/sdetkit/evidence-graph/evidence-graph.json
build/sdetkit/evidence-graph/evidence-graph.md
build/sdetkit/evidence-graph/evidence-graph-manifest.json

The JSON graph contains normalized nodes with:

source
finding_id
title
summary
risk_surface
severity
review_first
safe_to_auto_fix
owner_files
source_artifacts
recommended_commands
proof_commands
recurrence_state
operator_action
automation_allowed_now

The Markdown report gives operators the active findings, owner files, artifacts, and exact commands to run next.

The manifest records the graph path, Markdown path, source summaries, node count, and the fixed advisory policy:

automation_allowed_now=false

Review-first policy

The graph preserves review-first boundaries for risky surfaces such as workflow, dependency, security, release, CLI, package, diagnostic-engine, and unknown findings.

If a source finding says review_first=true, the graph keeps the finding review-first and forces safe_to_auto_fix=false.

Verification

Use focused proof before relying on a new graph change:

python -m pytest -q tests/test_evidence_graph.py -o addopts=
python -m pytest -q tests/test_adaptive_sentinel.py -o addopts=
python -m mypy src
python -m pre_commit run -a