8.6 KiB
#region Std.Semantics.Contracts [C:5] [TYPE Skill] [SEMANTICS methodology,contracts,adr,decision-memory,anti-erosion] @BRIEF HOW to enforce PRE/POST, write ADRs, prevent structural erosion, execute verifiable edit loops, and maintain anchor safety (anti-corruption) across Python + Svelte. @RELATION DEPENDS_ON -> [Std.Semantics.Core] @RELATION DISPATCHES -> [Std.Semantics.Python] @RELATION DISPATCHES -> [Std.Semantics.Svelte] @RATIONALE Design by Contract is the ONLY mechanism that prevents Transformer agents from silently corrupting code over long horizons. Without @PRE/@POST enforcement, agents optimize for token-likelihood rather than correctness — adding null checks where @PRE already guarantees non-null, re-implementing @REJECTED paths because KV-cache evicted the rejection, and growing functions past the CC=10 threshold because no structural limit is visible in the attention window. The anti-corruption protocol (§VIII) exists because a single broken #region/#endregion pair cascades silently through the entire semantic graph — rendering all downstream contracts invisible to every agent. @REJECTED Trusting agents to self-police code quality without contracts was rejected — they optimize for immediate token likelihood, not long-term invariants. Linter-only enforcement was rejected — linters cannot see cross-file dependency graphs or detect rejected-path regression. Implicit contracts (naming conventions alone) were rejected — without explicit @PRE/@POST in the attention-dense header region, agents default to their pre-trained behavior of adding defensive checks everywhere.
Protocol Reference: Tier definitions, tag catalog, and anchor syntax are defined in semantics-core. This skill assumes you have loaded it. All rules below reference semantics-core §III for tier semantics — tiers are descriptive, not tag-gating.
I. DECISION MEMORY (ADR PROTOCOL)
Decision memory prevents architectural drift. It records the Decision Space — why we chose a path, and what we abandoned.
@RATIONALE— The reasoning behind the chosen implementation.@REJECTED— The alternative path that was considered but FORBIDDEN, and the exact risk/disqualification.
Three layers of decision memory:
- Global ADR — Standalone nodes defining repo-shaping decisions (e.g., "Use lingua, not fasttext"). Cannot be overridden locally.
- Task Guardrails — Preventive
@REJECTEDtags injected by the Orchestrator to keep agents away from known LLM pitfalls. - Reactive Micro-ADR — If you encounter a runtime failure and invent a valid workaround, document it via
@RATIONALE+@REJECTEDBEFORE closing the task. This prevents regression loops.
Resurrection Ban: Silently reintroducing a pattern or library marked as @REJECTED is a fatal regression. If the rejected path must be revived, emit <ESCALATION>.
@RATIONALE/@REJECTED are universally allowed at ALL tiers (C1-C5). They prevent regression loops regardless of complexity.
II. CORE CONTRACT ENFORCEMENT (C4-C5)
@PRE— Execution prerequisites. Enforce via explicitif/raiseguards. NEVER useassert.@POST— Strict output guarantees. Cascading Protection: You CANNOT alter a@POSTwithout verifying upstream@RELATION CALLSconsumers won't break.@SIDE_EFFECT— Explicit declaration of state mutations, I/O, DB writes, network calls.@DATA_CONTRACT— DTO mappings (e.g.,Input: UserCreateDTO → Output: UserResponseDTO).
III. ZERO-EROSION & ANTI-VERBOSITY
Long-horizon AI coding accumulates "slop":
- Structural Erosion: If modifications push a contract's CC above 10, decompose into smaller helpers linked via
@RELATION CALLS. - Verbosity: Don't write identity-wrappers, useless intermediate variables, or defensive checks for impossible states if
@PREalready guarantees validity. Trust the contract.
IV. VERIFIABLE EDIT LOOP
- Define verifier first. What pytest or browser check proves the
@POST? - Build bounded working packet from semantic context, impact analysis, and related tests.
- Preview-first mutation. Prefer
simulate/guarded_previewbeforeapply. - Run the smallest falsifiable verifier against the intended
@POST. - Apply only after preview + verifier agree.
- Re-run verification after apply. Record the result.
Shortcut Ban: A patch that "looks right" without an executable verifier is incomplete.
V. SEARCH DISCIPLINE
- Default to ONE primary hypothesis + explicit verification.
- Use multiple branches only for ambiguous high-impact changes where the verifier can't discriminate.
- Don't spend additional search budget on low-impact edits once the verifier passes.
- Overthinking is also a bug: avoid Best-of-N patch churn when one verified path suffices.
VI. RUBRIC REFINEMENT
- Convert repeated failures into explicit rule updates: which invariant was missed, which verifier was weak.
- Treat failed previews, blocked mutations, and failing test outputs as early experience.
- If the same failure repeats, improve the rubric or verifier BEFORE editing again.
- When unblock requires a higher-level change, escalate with the refined rubric.
VII. LANGUAGE-SPECIFIC VERIFICATION
# Python
cd backend && source .venv/bin/activate && python -m pytest -v
# Svelte
cd frontend && npm run test
# Linting
python -m ruff check . # Python
npm run lint # Frontend
VIII. ANTI-CORRUPTION PROTOCOL (Anchor Safety)
This is the canonical anti-corruption protocol. Agent prompts reference this section — they do NOT duplicate these rules.
The #region/#endregion markers are AST boundaries. If you break a pair, the semantic index breaks and ALL downstream agents hallucinate.
Before editing any file with anchors
- Read the file's region outline:
axiom_semantic_discovery read_outline file_path="<your file>" - Identify nested contracts — if the file has child
#regioninside a parent#region, you are inside a fractal tree - Never:
- Insert code between
#regionand the first metadata tag line (breaks INV_4) - Remove, move, or duplicate ANY
#endregionline - Add
@COMPLEXITY N— complexity goes in the anchor:[C:N] - Add
@C N— this is a non-standard legacy artifact, never create it - Put code outside all regions — every line must be inside a
#region/#endregionpair - Start a new
#regionbefore closing the previous one
- Insert code between
After every edit
- Verify: run
read_outlineon the file — confirm all#region/#endregionpairs match - If a
#endregionis missing → the file is corrupted, roll back immediately viaaxiom_workspace_checkpoint rollback_apply - If you changed anchors → run
axiom_semantic_index rebuild rebuild_mode="full"
When adding new contracts
- Always add BOTH
#region Id [C:N] [TYPE Type]and its matching# #endregion Id - Complexity
[C:N]goes in the ANCHOR line, never as a separate@tag - If the new contract is nested inside another → DO NOT close the parent until after your child's
#endregion
Language-specific anchor formats
- Python:
# #region ContractId [C:N] [TYPE TypeName] [SEMANTICS tags]/# #endregion ContractId - Svelte HTML:
<!-- #region ContractId [C:N] [TYPE Component] [SEMANTICS tags] -->/<!-- #endregion ContractId --> - Svelte JS/TS (script block):
// #region ContractId [C:N] .../// #endregion ContractId - Markdown/ADR:
## @{ ContractId [C:N] [TYPE TypeName]/## @} ContractId
Batch semantic work
- ONE file at a time. Verify each file before moving to the next.
- Never dispatch multiple agents to edit the same file simultaneously.
- For >3 files: process sequentially, with
read_outlineverification between each. - Forbidden operations (immediate
<ESCALATION>):- Duplicating ANY
#regionor#endregionline - Editing a contract with nested children without
destructive_intent=true - Batch-editing multiple files without per-file verification
- Duplicating ANY
Verification loop (every file, every edit)
read_outline(file) → identify boundaries → apply ONE patch → read_outline(file) → rebuild index
If ANY step fails — stop and fix before next file. Never chain patches without verification.
#endregion Std.Semantics.Contracts