Configuration control — red-team reordering, lint-Substrate integration, report fixes
Summary
Three changes: reordered the pipeline so red-team runs before the final review (not after), integrated lint with Substrate classifications to eliminate false-positive ontological mismatches, and fixed report template issues.
Changes
1. Red-team before review
Problem: The elevator project was marked PASS with 23 red-team findings outstanding because the red-team ran after the review, not before. Findings were informational and post-completion — the review never saw them.
Fix: Reordered the pipeline:
| Before | After |
|---|---|
| validated → review → complete → red-team → idle | validated → red-team → red-teamed → review → complete → idle |
New state red-teamed between validated and complete. The review session now sees all rt-* tagged findings and can address them before issuing the PASS verdict. The complete → idle transition is a no-op with auto-cleanup.
2. Lint-Substrate integration (airgen-cli v0.17.0 → v0.17.1)
Problem: Lint classified concepts independently from Substrate, producing different hex codes because lint uses only the concept name while Substrate classifications have rich engineering context. This caused 7 false-positive “Ontological Mismatch” findings on the vertical farm — lint said entities lacked Physical Object, but Substrate had them correctly classified with Physical Object.
Root cause: Lint and Substrate are independent classification paths. There was no way for lint to use existing Substrate classifications.
Fix: v0.17.0 added --substrate-namespace <ns> flag. v0.17.1 fixed the entity name matching (v0.17.0 had a fuzzy matching bug that mapped “sensor array” to “enrichment subsystem”). Now lint uses exact name matching — entities found in the Substrate namespace use their stored classifications, others fall back to fresh classification.
Result: Vertical farm high findings: 7 → 2. The guard lint check now includes --substrate-namespace to reduce false positives across all projects.
3. Report template fixes
- External interface hex codes — were showing the system’s own hex code for every interface (template matched
f.subject= system name instead of extracting the external system name fromf.object). Fixed with case-insensitive substring matching against entity names. - Standards table — added elevator-specific standards (EN 81-20/28/50/70/72/73/77/80, EN 12015/12016, IEC 62061, ISO 13849-1, ISO 25745-2, ISO 4190-5, IEC 61439, IEC 60529).
- Stakeholder hex codes — manually classified all 6 elevator stakeholders as UHT entities.
- Hazard count — added to the report stats grid for visibility alongside requirements, entities, and diagrams.
4. Session infrastructure fixes
- Journal backup fallback — output parser now checks
/tmp/uht-journal-entry.mdwhen Claude’s final text output has no frontmatter (sessions 454-456 quarantined because Opus wrote journal to backup file but output a summary). - Astro build timeout — increased from 300s to 600s (builds exceeded 300s at 581 pages).
- Auto-clear project on idle — harness automatically deletes CURRENT_SE_PROJECT/SYSTEM/NAMESPACE facts when transitioning to idle (was causing stale project pickup).
Version manifest
| Component | Before | After |
|---|---|---|
| airgen-cli | v0.16.0 | v0.17.1 |
| Pipeline order | validate → review → red-team | validate → red-team → review |
| States | 8 | 9 (+red-teamed) |
| Lint integration | Independent classification | Substrate namespace lookup |
| Lint high findings (vertical farm) | 7 | 2 |
| Astro build timeout | 300s | 600s |
| Project cleanup | Claude-dependent | Auto on idle transition |