feat(ci): cache heavy test artifacts and compare trends

[ootakazuhiko]

背景

• Roadmap: Podman & Conformance follow-up #1160 フェーズD（🔧 Test Stability Issues - Flaky Test Resolution and CI Hardening #1005 Test Stability Phase1/Phase2 継続タスク）の一環として、CI Extended の再実行時に mutation / property / MBT の重い成果物を再利用できるようにしたい
• 再利用のためのキャッシュ同期や差分比較が未整備で、rerun 時に毎回長時間処理していたため、Step Summary で比較・履歴化する導線を追加する

変更概要

• .github/workflows/ci-extended.yml に heavy テスト成果物の restore/snapshot/store とトレンド比較ステップを追加
• 共有キャッシュを扱う CLI として scripts/pipelines/sync-test-results.mjs を新規実装（store/restore/status/snapshot）
• 前回実行との差分を Markdown/JSON で出力する scripts/pipelines/compare-test-trends.mjs を追加し、Step Summary + reports/heavy-test-trends.json を生成
• stryker.conf.cjs に ignoreStatic を導入し quick ランを高速化、scripts/mutation/run-scoped.sh を mktemp + 自動クリーンアップ対応
• ドキュメント（docs/ci-policy.md, docs/ci/label-gating.md, docs/ci/phase2-ci-hardening-outline.md, docs/testing/integration-runtime-helpers.md, docs/notes/issue-progress.md）をキャッシュ運用に合わせて更新
• CLI ログ文言・テスト期待値（レポート無し時のメッセージ）を調整

ログ

• pnpm types:check
• VITEST_POOL_STRATEGY=forks pnpm vitest run tests/integration/integration-cli.test.ts （MaxListenersExceededWarning は既存のvitest課題）
• node scripts/pipelines/sync-test-results.mjs --status
• node scripts/pipelines/compare-test-trends.mjs
• pnpm lint（既存バックログにより失敗、stryker.conf.cjs の no-undef は解消済み）

テスト

• 上記ログ参照。新規スクリプトは source/cache 不在ケースでの挙動を確認済み。

影響範囲

• CI Extended workflow（ラベル経由の再実行含む）
• Mutation quick / MBT / Property harness の成果物出力と Step Summary
• 生成物キャッシュ .cache/test-results と reports/heavy-test-trends.json

ロールバック

• git revert HEAD で巻き戻し可能。CI Extended ワークフロー変更が含まれるため revert 後に pipeline を再実行して影響確認する。

関連Issue

• Refs 🔧 Test Stability Issues - Flaky Test Resolution and CI Hardening #1005
• Refs Roadmap: Podman & Conformance follow-up #1160

[ootakazuhiko]

@github-copilot review

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[github-actions]

Quality Summary

• Adapters:

• Formal: n/a

• Replay: n/a

• Trace IDs:

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/b9988172d78022f9218ef0eda7dc4df2a7887c68/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[Copilot]

Pull Request Overview

This PR adds caching and trend comparison capabilities to the CI Extended workflow, enabling reuse of heavy test artifacts (mutation/property/MBT results) during reruns and providing historical diff reporting.

Key Changes:

• Added cache restore/snapshot/store steps to ci-extended.yml with sync-test-results.mjs CLI for managing .cache/test-results
• Implemented compare-test-trends.mjs to generate Markdown/JSON diff reports comparing current vs. baseline metrics, posted to Step Summary
• Optimized mutation quick runs with ignoreStatic: true in stryker.conf.cjs and improved run-scoped.sh to use mktemp workspaces with automatic cleanup

Reviewed Changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/integration/integration-cli.test.ts	Updated test expectation to match revised error message wording
stryker.conf.cjs	Added eslint env/disable directives and ignoreStatic: true for faster mutation runs
src/cli/integration-cli.ts	Updated console message to clarify "no reports found" vs "directory missing"
scripts/pipelines/sync-test-results.mjs	New CLI for store/restore/snapshot/status operations on heavy test cache
scripts/pipelines/compare-test-trends.mjs	New script to diff baseline vs current metrics and output Markdown/JSON trend report
scripts/mutation/run-scoped.sh	Refactored temp file cleanup to handle directories; added mktemp workspace logic
docs/testing/integration-runtime-helpers.md	Added documentation for heavy test artifacts cache usage in CI Extended
docs/notes/issue-progress.md	Updated #1005 progress notes to reflect caching and trend comparison completion
docs/ci/phase2-ci-hardening-outline.md	Checked off caching/trend tasks; adjusted next action items
docs/ci/label-gating.md	Added guidance on cache restore/store workflow for reruns
docs/ci-policy.md	Extended policy documentation with cache rehydration steps and trend artifact details
.github/workflows/ci-extended.yml	Integrated cache restore/save, baseline snapshot, and trend comparison steps

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

[nitpick] The hardcoded fallback /tmp may not be portable across all systems. Consider using a more portable approach or documenting the assumption that /tmp exists.

Suggested change

	WORKSPACE_DIR=$(mktemp -d "${TMPDIR:-/tmp}/stryker-workspace-XXXXXX")
	# Find a suitable temp directory
	if [[ -n "${TMPDIR:-}" && -d "${TMPDIR}" && -w "${TMPDIR}" ]]; then
	TEMP_BASE="${TMPDIR}"
	elif [[ -n "${TEMP:-}" && -d "${TEMP}" && -w "${TEMP}" ]]; then
	TEMP_BASE="${TEMP}"
	elif [[ -n "${TMP:-}" && -d "${TMP}" && -w "${TMP}" ]]; then
	TEMP_BASE="${TMP}"
	elif [[ -d "/tmp" && -w "/tmp" ]]; then
	TEMP_BASE="/tmp"
	else
	echo "No suitable temporary directory found. Please set TMPDIR, TEMP, or TMP to a writable directory." >&2
	exit 1
	fi
	WORKSPACE_DIR=$(mktemp -d "${TEMP_BASE}/stryker-workspace-XXXXXX")

[github-actions]

Generate Artifacts Preview

Generated at: 2025-11-05T08:34:06.914Z

• tests/api/generated: clean
• artifacts/codex: clean
• artifacts/spec: clean

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[github-actions]

KvOnce Trace Validation

• OTLP: ✅ Success (Issues: 0)
• NDJSON: ✅ Success (Issues: 0)

[github-actions]

🔒 Security Analysis Report

Security Analysis Report

Generated on: Tue Oct 28 04:43:37 UTC 2025

SBOM Summary

• SBOM format: CycloneDX
• Spec version: 1.4
• Components: 317
• Dependencies: 0

Component Types

286 file components
31 library components

Licenses (top)

Dependency Audit Results

Recommendations

1. Review SBOM for unexpected dependencies
2. Update vulnerable packages to latest versions
3. Monitor for new vulnerabilities in dependencies
4. Consider using dependency scanning tools in CI/CD

---

Generated by SBOM workflow

[ootakazuhiko]

Nightly 向けの heavy test trend アーカイブ要件を に整理しました。CI Extended follow-up の設計メモとして併せてご確認ください。

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[ootakazuhiko]

Nightly 向けの heavy test trend アーカイブ要件を docs/ci/heavy-test-trend-archive.md に整理しました。CI Extended follow-up の設計メモとして併せてご確認ください。

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/844a4b69b46716aecec8c1d4f7dd9a931468461b/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[github-actions]

🔒 Security Analysis Report

Security Analysis Report

Generated on: Tue Oct 28 05:24:50 UTC 2025

SBOM Summary

• SBOM format: CycloneDX
• Spec version: 1.4
• Components: 317
• Dependencies: 0

Component Types

286 file components
31 library components

Licenses (top)

Dependency Audit Results

Recommendations

1. Review SBOM for unexpected dependencies
2. Update vulnerable packages to latest versions
3. Monitor for new vulnerabilities in dependencies
4. Consider using dependency scanning tools in CI/CD

---

Generated by SBOM workflow

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/a4f80ee1731e293dca4248f3fe9cb8327b7852e2/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[github-actions]

🔒 Security Analysis Report

Security Analysis Report

Generated on: Tue Oct 28 07:15:25 UTC 2025

SBOM Summary

• SBOM format: CycloneDX
• Spec version: 1.4
• Components: 317
• Dependencies: 0

Component Types

286 file components
31 library components

Licenses (top)

Dependency Audit Results

Recommendations

1. Review SBOM for unexpected dependencies
2. Update vulnerable packages to latest versions
3. Monitor for new vulnerabilities in dependencies
4. Consider using dependency scanning tools in CI/CD

---

Generated by SBOM workflow

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[ootakazuhiko]

• Nightly スケジュール実行のみ reports/heavy-test-trends-history/<timestamp>.json を生成するようにし、30 日保持の heavy-test-trends-history アーティファクトを追加しました。
• compare-test-trends.mjs は GitHub Actions の runId/runNumber/sha などを context フィールドに含めるため、履歴 JSON から実行情報を追跡できます。

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/5014bbd220d6cd1609da8976c062802b8cd0dacf/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[ootakazuhiko]

• scripts/pipelines/render-heavy-trend-summary.mjs に Warning/Critical 閾値を受け取る CLI オプションと JSON 出力を追加しました。Step Summary と summary.json で ⚠️/ 🚨 を表示し、後段の通知ワークフローに渡せるようになっています。

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/8aabf0c5e84e17e920ad874979c1442e56b2e590/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[github-actions]

🔒 Security Analysis Report

Security Analysis Report

Generated on: Fri Oct 31 21:05:43 UTC 2025

SBOM Summary

• SBOM format: CycloneDX
• Spec version: 1.4
• Components: 317
• Dependencies: 0

Component Types

286 file components
31 library components

Licenses (top)

Dependency Audit Results

Recommendations

1. Review SBOM for unexpected dependencies
2. Update vulnerable packages to latest versions
3. Monitor for new vulnerabilities in dependencies
4. Consider using dependency scanning tools in CI/CD

---

Generated by SBOM workflow

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[ootakazuhiko]

• ci-extended.yml のスケジュール実行に、heavy trend summary の閾値判定と Slack 通知ステップを追加しました（Warning/critical 時のみ送信）。
• render-heavy-trend-summary.mjs の JSON 出力を利用し、summary.json から最高 severity を取得して Slack メッセージを生成します。
• 関連ドキュメント（heavy-test-alerts.md 等）も更新済みです。

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/f0996f180827d619b713445196ab43e7ac451296/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[github-actions]

🔒 Security Analysis Report

Security Analysis Report

Generated on: Wed Nov 5 01:56:50 UTC 2025

SBOM Summary

• SBOM format: CycloneDX
• Spec version: 1.4
• Components: 317
• Dependencies: 0

Component Types

286 file components
31 library components

Licenses (top)

Dependency Audit Results

Recommendations

1. Review SBOM for unexpected dependencies
2. Update vulnerable packages to latest versions
3. Monitor for new vulnerabilities in dependencies
4. Consider using dependency scanning tools in CI/CD

---

Generated by SBOM workflow

[ootakazuhiko]

• Critical 判定時に自動 Issue 起票するためのテンプレート（タイトル・本文例）と gh issue create 利用案を docs/ci/heavy-test-alerts.md に追記しました。

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/70528d64e999b0052c8d95837e09d76c1b5e99ed/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[github-actions]

🔒 Security Analysis Report

Security Analysis Report

Generated on: Wed Nov 5 01:59:56 UTC 2025

SBOM Summary

• SBOM format: CycloneDX
• Spec version: 1.4
• Components: 317
• Dependencies: 0

Component Types

286 file components
31 library components

Licenses (top)

Dependency Audit Results

Recommendations

1. Review SBOM for unexpected dependencies
2. Update vulnerable packages to latest versions
3. Monitor for new vulnerabilities in dependencies
4. Consider using dependency scanning tools in CI/CD

---

Generated by SBOM workflow

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[ootakazuhiko]

• Critical 判定時には actions/github-script で自動的に Issue (flaky-test, ci-stability, needs-investigation) を起票するよう ci-extended.yml を更新しました。Issue 本文には run URL / summary.json / 詳細理由を含めます。
• docs/ci/heavy-test-alerts.md もアップデートし、テンプレートと TODO を更新済みです。

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/0381d4af53b7ab5977502bf33428350c76f9ba3a/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[github-actions]

🔒 Security Analysis Report

Security Analysis Report

Generated on: Wed Nov 5 02:07:30 UTC 2025

SBOM Summary

• SBOM format: CycloneDX
• Spec version: 1.4
• Components: 317
• Dependencies: 0

Component Types

286 file components
31 library components

Licenses (top)

Dependency Audit Results

Recommendations

1. Review SBOM for unexpected dependencies
2. Update vulnerable packages to latest versions
3. Monitor for new vulnerabilities in dependencies
4. Consider using dependency scanning tools in CI/CD

---

Generated by SBOM workflow

[ootakazuhiko]

• Heavy test trend の可視化 PoC として docs/ci/heavy-test-album.md を追加し、サンプル JSON と Markdown テーブル案を記載しました。

[github-actions]

❓ Code Generation Drift Detection

Status:
Regeneration needed: No

---

Automated by AE-Framework Codegen

[github-actions]

🔍 Verification Summary

• Traceability: 6 scenarios
  • Tests: 3 (50%)
  • Impl: 3 (50%)
  • Formal: 3 (50%)

Unlinked (top 5)

- Device registration publishes enough pre-keys and emits audit log (id: device-registration-publishes-enough-pre-keys-and-emits-audit-log) test:N/A impl:N/A formal:N/A - Invalid auth tag triggers audit violation for AES-GCM envelopes (id: invalid-auth-tag-triggers-audit-violation-for-aes-gcm-envelopes) test:N/A impl:N/A formal:N/A - Session rotation stays within forward secrecy thresholds (id: session-rotation-stays-within-forward-secrecy-thresholds) test:N/A impl:N/A formal:N/A

Linked examples (up to 3)

- Successful reservation (id: successful-reservation) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/specs/formal/tla+/Inventory.tla) - Prevent negative stock (id: prevent-negative-stock) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/specs/formal/tla+/Inventory.tla) - Idempotent by order id (id: idempotent-by-order-id) test: [traceability/inventory.trace.test.ts](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/tests/traceability/inventory.trace.test.ts) impl: [domain/inventory.ts](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/src/domain/inventory.ts) formal: [tla+/Inventory.tla](https://github.com/itdojp/ae-framework/blob/e1370bffceb1c3c4c9cceebc58c1c86a94a18035/specs/formal/tla+/Inventory.tla)

Hit basis (tests/formal)

- Test hits: title=3 id=0 tag=0 - Formal hits: title=0 id=3 tag=0

- Model Check (TLC): 2/8 (25%) modules ok

Non-OK modules (top 5)

- KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt) - KvOnceImpl (log: artifacts/codex/KvOnceImpl.tlc.log.txt) - KvOnce (log: artifacts/codex/KvOnce.tlc.log.txt) - KvOnceRefinement (log: artifacts/codex/KvOnceRefinement.tlc.log.txt)

- Alloy: detected 2 specs (execution skipped) - Contracts: schemas=true conditions=true machine=true - Contracts exec: parseIn=false pre=false post=false parseOut=false

[github-actions]

CodeX Artifacts Summary

• • Contract/E2E templates: 1 files (dir: tests/api/generated)
• • Tests: PBT files=122, BDD features=0
• • Formal specs: TLA=1, Alloy=1

[github-actions]

🔒 Security Analysis Report

Security Analysis Report

Generated on: Wed Nov 5 08:35:34 UTC 2025

SBOM Summary

• SBOM format: CycloneDX
• Spec version: 1.4
• Components: 317
• Dependencies: 0

Component Types

286 file components
31 library components

Licenses (top)

Dependency Audit Results

Recommendations

1. Review SBOM for unexpected dependencies
2. Update vulnerable packages to latest versions
3. Monitor for new vulnerabilities in dependencies
4. Consider using dependency scanning tools in CI/CD

---

Generated by SBOM workflow