Skip to main content

Workflow Pack profile validator — governance schema for Tessera JobPack-based workflows.

Project description

tesserakit-workflow

Validate Workflow Pack profile definitions: the governance schema that sits on top of the Tessera JobPack contract.

A Workflow Pack defines a governed multi-step workflow as a YAML file. This pack validates it:

  • all steps have declared outputs (traceable)
  • review gates reference real steps
  • a recursion fence is declared
  • evidence policy has hash-invariant steps (TOCTOU guard)
  • no step references an undeclared adapter

Quickstart

tessera workflow validate --input examples/workflow/valid_codeops.workflow.yaml --output out/
open out/governance_report.md

What it checks

Code Severity Description
no_steps error Workflow defines no steps
review_gate_unknown_step error Gate references a step that does not exist
invalid_promotion_rule error promotion_rule is not a known value
capability_envelope_unknown_step error Envelope references a step that does not exist
missing_recursion_fence warning No recursion fence defined (kernel-path mutation risk)
promotion_without_review warning promotion_rule: after_review but no gates defined
undefined_adapter warning Step uses adapter not listed in required_adapters
missing_evidence_hash_invariant warning No hash-invariant steps (TOCTOU risk)
step_undefined_input warning Step input not produced by any earlier step
step_missing_outputs info Step has no outputs (untraceable)

Workflow Pack schema

name: my.workflow
version: "0.1"
steps:
  - name: step_one
    adapter: tessera_repo
    outputs: [repo_map.jsonl]
  - name: step_two
    adapter: codegen
    inputs: [repo_map.jsonl]
    outputs: [patch.diff, patch_hash.txt]

required_adapters: [tessera_repo, codegen]
review_gates:
  - after_step: step_two
    label: human_review
evidence_policy:
  hash_invariant_steps: [step_two]
recursion_fence:
  protected_paths: [kernel/]
promotion_rule: after_review

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tesserakit_workflow-0.4.0.tar.gz (6.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tesserakit_workflow-0.4.0-py3-none-any.whl (8.8 kB view details)

Uploaded Python 3

File details

Details for the file tesserakit_workflow-0.4.0.tar.gz.

File metadata

  • Download URL: tesserakit_workflow-0.4.0.tar.gz
  • Upload date:
  • Size: 6.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for tesserakit_workflow-0.4.0.tar.gz
Algorithm Hash digest
SHA256 0ecd18a53688663dfb78656855e0651d46e82fc2ad7bdf1840d7b49c5c432610
MD5 0c155ab22a5a618c8f7309d5b20c7fce
BLAKE2b-256 0783d09d01b36c645a69828c9b330add79cb8393adc8cc8bb398782c5c0b24dd

See more details on using hashes here.

File details

Details for the file tesserakit_workflow-0.4.0-py3-none-any.whl.

File metadata

File hashes

Hashes for tesserakit_workflow-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b79f023742d929fb31ddf8fcd390c8f73fbbb86c9a5ec25413f8f33e30e0b342
MD5 a0ff0c3f5e53efb26f2bfc4145c8616e
BLAKE2b-256 af578e25fbffd59aeed95117a245b6dc91743c6e0067876e764239b709a58029

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page