docs(roadmap): 10-persona review + REQ-093..099 + REQ-100 (externals: kind) + REQ-101 (verify gate)

[avrabe]

Summary

• Files the 10-persona-review synthesis as the v0.14.0+ roadmap design doc
  (docs/design/10-persona-review-roadmap.md).

• Files seven REQs (REQ-093..099) — each with a shell-testable Acceptance step:

  • REQ-093 — implement the three FUTURE oracles (asil-decomposition,
    coverage-threshold, method-table-compliance). The schema parses
    pipelines that don't fire today; this turns ISO 26262 narrative into
    mechanical checks.
  • REQ-094 — rivet release-verify <tag>: reproducible-build + cosign
    sigstore verification end-to-end. The production side (signing) shipped
    in v0.10.x; this adds the consumer side.
  • REQ-095 — cargo build invokes rivet validate for crates with a
    rivet.yaml — born-compliant at the compile step (Carrasco named this
    as the biggest MBSE-philosophy win).
  • REQ-096 — SACM 2.x typed safety-case schema with deductive-
    sufficiency rules. Promotes rivet from "traceability infra" to
    "assurance-case infra."
  • REQ-097 — DO-330 TQP / TOR / TVCP / TCI / TAS as a typed schema,
    dogfooded by rivet's own qualification dossier. Turns the TCL-2
    narrative into a TCL-2 tool shape.
  • REQ-098 — independence-of-verification-layers oracle. Refuses
    product-of-miss-rates claims when the shared-code intersection exceeds
    the configured threshold. The common-mode-failure finding made
    mechanical.
  • REQ-099 — rivet_apply MCP tool: idempotency keys + atomic
    transactions + auto-reload + post-state diagnostics. Ports the F2
    silent-failure ethos (REQ-082) to mutation.

Deliberately NOT filed

A v1.0 readiness gate. Per direction, we see how far we can progress
through the v0.14.0+ backlog without pre-committing to a 1.0 milestone;
1.0 ships when the natural state of the work meets Carrasco's
flip-condition (b) — not when a calendar says so.

Test plan

• `rivet validate` — PASS (147 INFOs, all pre-existing field-not-in-schema)
• CI

🤖 Generated with Claude Code

[github-actions]

📐 Rivet artifact delta

Change	Count
Added	9
Removed	0
Modified	0
Downstream impacted (depth ≤ 5)	0

Graph

graph LR
  REQ_093["REQ-093"]:::added
  REQ_094["REQ-094"]:::added
  REQ_095["REQ-095"]:::added
  REQ_096["REQ-096"]:::added
  REQ_097["REQ-097"]:::added
  REQ_098["REQ-098"]:::added
  REQ_099["REQ-099"]:::added
  REQ_100["REQ-100"]:::added
  REQ_101["REQ-101"]:::added
  classDef added fill:#d4edda,stroke:#28a745,color:#155724
  classDef removed fill:#f8d7da,stroke:#dc3545,color:#721c24
  classDef modified fill:#fff3cd,stroke:#ffc107,color:#856404
  classDef overflow fill:#e2e3e5,stroke:#6c757d,color:#495057,stroke-dasharray: 3 3

Loading

Added

• REQ-093
• REQ-094
• REQ-095
• REQ-096
• REQ-097
• REQ-098
• REQ-099
• REQ-100
• REQ-101

📎 Full HTML dashboard attached as workflow artifact rivet-delta-pr-326 — download from the workflow run.

_{Posted by rivet-delta workflow. The graph shows only changed artifacts; open the HTML dashboard (above) for full context.}

[github-actions]

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Rivet Criterion Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.

Benchmark suite	Current: 6af726e	Previous: 89f243c	Ratio
store_insert/10000	15994056 ns/iter (± 745990)	12242554 ns/iter (± 359791)	1.31
validate/10000	15309267 ns/iter (± 848876)	12155462 ns/iter (± 114767)	1.26
traceability_matrix/100	5486 ns/iter (± 32)	4377 ns/iter (± 23)	1.25

This comment was automatically generated by workflow using github-action-benchmark.

[avrabe]

Added REQ-100 (externals: kind: source) by request. Reuses the REQ-100 slot that was deliberately left free after dropping the v1.0-readiness proposal.

Removes 58 WARN lines of missing rivet.yaml noise per sync in the eclipse-score importer workflow — and generalises to any fork tracking a non-rivet upstream (sphinx-needs, DOORS exports, plain code repos) that feeds a converter or source-linker. ~20 LoC in rivet-core + schema entry.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[avrabe]

Added REQ-101 — rivet verify artifact-driven verification gate, the meld pattern (tools/post_verification_comment.py, ~50 LoC) made first-class.

Design highlights:

• The artifact list is the worklist; absence of a matching test is a discrete MISSING row, not silence.
• Schema extension via a new optional verification-template field on ArtifactTypeDef — composes on the existing struct per the reuse-binding-patterns guidance, no new directive.
• Runner is shell-injectable via rivet.yaml (default cargo test --no-fail-fast) so pytest / nextest / bazel / ctest work without rivet learning each.
• Outputs: meld-parity --format pr-comment, JSON for dashboards, and a YAML write-through into the existing ResultStore (so rivet results show surfaces verify results without modification).
• Explicitly NOT an oracle in rivet validate — validate stays read-only over YAML.

Baselined v0.14.0-track.