Merged
Conversation
- Add formal session state management pattern to USER-GUIDE.md - Document System.Collections.Hashtable object initialization for persistent bootstrap - Move terminal safety rules to prominent position (Rule 1-4) - Add 24x7 API reliability section with retry logic - Update layer count from 27 to accurate 41 operational layers - Add 'Integration with Copilot Instructions' three-tier hierarchy - Update common_mistakes count from 8 to 9 entries - Add layer_notes section documentation VALIDATION: - Bootstrap sequence tested on Project 51 (ACA) ✓ - 41 layers verified via API ✓ - Query patterns available in System.Collections.Hashtable.guide ✓ - Terminal safety patterns applied to all examples ✓ Fixes agent decision points on: - Where https://msub-eva-data-model.victoriousgrass-30debbd3.canadacentral.azurecontainerapps.io variable is stored - How to persist bootstrap state - When to refresh API guide (> 4 hours) - Safe query limits and terminal overflow prevention
MAJOR ARCHITECTURAL MILESTONE: Paperless governance model activated ## 51-Layer Deployment Complete - Added 10 Priority #4 infrastructure monitoring layers (L42-L51) - Updated api/routers/admin.py _LAYER_FILES registry (41 → 51) - Synced scripts/seed-cosmos.py with complete layer list - Fixed api/cache/redis_client.py type hint import for Python 3.11 - Deployed to cloud: msub-eva-data-model revision 0000010 ## Paperless Governance Model (March 7, 2026 6:03 PM ET) MANDATORY on disk: README.md + ACCEPTANCE.md only DEPRECATED files (now via API): - STATUS.md → GET /model/project_work/{id} (Layer 34) - PLAN.md → GET /model/wbs/?project_id={id} (Layer 26) - Sprint tracking → GET /model/sprints/ (Layer 27) - Risk registers → GET /model/risks/ (Layer 29) - ADRs → GET /model/decisions/ (Layer 30) - Evidence → GET /model/evidence/ (Layer 31) ## Agent Guide Enhancements - Added 4 new common mistakes (10-13) - Enhanced write_cycle with critical authentication rules - Clarified: X-Actor header sufficient (no FOUNDRY_TOKEN) - Documented: PUT-only writes (no POST support) ## Documentation Updates - README.md: Paperless governance section, cloud URL updated - STATUS.md: Session 38 complete with all metrics - USER-GUIDE.md: v3.2 → v3.3 with paperless workflow - docs/library/03-DATA-MODEL-REFERENCE.md: 51 layers reference - .github/SESSION-38-PAPERLESS-GOVERNANCE-COMPLETE.md: Session record Benefits: Single source of truth, always current, machine-queryable, cross-project analytics, automated compliance, reduced maintenance Co-authored-by: Marco Presta <marco@aicoe.dev>
There was a problem hiding this comment.
Pull request overview
This PR updates the EVA Data Model “Session 38” guidance and layer registries, aiming to reflect a “paperless governance” workflow and an expanded set of layers in the API.
Changes:
- Expands the layer registries in
api/routers/admin.pyandscripts/seed-cosmos.pyto include additional “infrastructure monitoring” layers. - Updates the agent guide payload in
api/server.pywith clearer write semantics (PUT-only) and additional “common mistakes”. - Refreshes documentation (README/STATUS/USER-GUIDE/library ref) and adds a Session 38 completion record.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 20 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/seed-cosmos.py | Updates seed layer registry and comments to reflect expanded layers. |
| api/routers/admin.py | Updates _LAYER_FILES registry used by seed/export/commit workflows. |
| api/server.py | Enhances /model/agent-guide write-cycle guidance and common mistakes. |
| api/cache/redis_client.py | Adds from __future__ import annotations for typing compatibility. |
| docs/library/03-DATA-MODEL-REFERENCE.md | Updates library reference to “51-layer” framing and Session 38 notes. |
| USER-GUIDE.md | Adds “paperless governance” guidance and expanded usage patterns. |
| STATUS.md | Rewrites the top status section to describe Session 38 outcomes. |
| README.md | Updates cloud URL and adds “paperless governance” section. |
| .github/SESSION-38-PAPERLESS-GOVERNANCE-COMPLETE.md | Adds a new Session 38 completion document. |
Comments suppressed due to low confidence (1)
docs/library/03-DATA-MODEL-REFERENCE.md:90
- This write-cycle description codifies that all non-admin writes only require an
X-Actorheader and no real authentication or authorization, which matches the current FastAPI implementation wherePUT /model/{layer}/{id}depends onget_actor(falling back todefault_actor='anonymous') with no additional checks. Any party that can reach this API can therefore upsert or soft-delete any object across all 51 layers (including project_work, risks, decisions, evidence, and infrastructure monitoring data) simply by sending PUT/DELETE requests with a chosenX-Actorvalue. Require a proper authenticated principal for these routes (e.g., bearer token validated in a dependency or upstream gateway) and limit unauthenticated access to read-only endpoints, usingX-Actoronly for audit tagging.
WRITE CYCLE (3-step preferred) - Session 38 CORRECTED
--------------------------------
Authentication: X-Actor header (NO FOUNDRY_TOKEN needed)
Write method: PUT with ID in URL (NO POST support)
1. PUT /model/{layer}/{id} -Headers @{'X-Actor'='agent:copilot'}
2. GET /model/{layer}/{id} assert row_version == prev + 1
3. POST /model/admin/commit -Headers @{'Authorization'='Bearer dev-admin'}
-> response.status == 'PASS' AND response.violation_count == 0
Discovered during Session 38: the redis_client.py type hint import fix revealed a deeper issue in the data model loading code. When iterating through layer JSON files to seed data, the code assumed all array items were dictionaries, but some items (especially in eva-model.json) are other types (strings, objects). Added type checks: - api/server.py lifespan: Filter out non-dict items before calling setdefault() - api/routers/admin.py seed endpoint: Same type safety improvements - Both now check isinstance(o, dict) before treating items as dicts This fixes: - tests/test_admin.py::test_T32_seed_loads_all_layers (was failing) - tests/test_admin.py::test_T36_row_version_increments_on_reseed (was failing) - All 9 admin tests now passing Root cause: When JSON has nested arrays or mixed content, dict.values() iteration would find the first list and assume it's all dicts. Now we explicitly filter to dicts-only to be defensive.
…sertion The test_emit_event test was failing because it expected the event to be placed in the queue, but emit_event() has conditional logic: - When _running=False (test mode): processes event immediately - When _running=True (production): queues event for async processing The test creates a CacheInvalidationManager with _running=False by default, so events get processed immediately rather than queued. The test then checked if event_queue.empty(), which failed because the queue was never used. Fix: Set manager._running = True before calling emit_event() so the event gets queued as the test expects. Result: All 82 tests now passing ✅
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.