Nine Failure Modes (FM-01..FM-09)

grace intermediate 6 min read

ELI5

stratt ci runs nine x-ray scans on every change. Eight block the build; one (draft isolation) only flashes a warning. Each scan has a number — when CI fails, the number tells you exactly which scanner caught it.

Technical Deep Dive

Source: packages/graph/src/{ci,protect,dag}.ts, agent/SOUL.md.

The Nine Modes

Code	Name	Severity	Implementation
FM-01	Fingerprint tamper	Critical	`graph/src/ci.ts`
FM-02	Broken import	Critical	`graph/src/resolve.ts`
FM-03	DAG cycle	Critical	`graph/src/dag.ts` (Kahn’s algorithm)
FM-04	Protected agent missing	Blocking	`graph/src/protect.ts`
FM-05	Gate removal without major bump	Blocking	`graph/src/protect.ts`
FM-06	Contract breaking change without major bump	Blocking	`graph/src/protect.ts`
FM-07	Draft isolation (stable importing draft)	Warning	`graph/src/protect.ts`
FM-08	R2 infrastructure failure	Infrastructure	publishing path
FM-09	Capability check (agent lacks declared capability)	Blocking	`graph/src/protect.ts`

Scanner Pipeline

flowchart TD
    A[stratt ci paths --council X] --> B[FM-01 verify Blake3 of every unit]
    B --> C[FM-02 resolve every import]
    C --> D[FM-03 Kahn DAG cycle detect]
    D --> E[FM-04 protected agent present per chain]
    E --> F[FM-05 gate-removal vs prior published]
    F --> G[FM-06 contract diff classification]
    G --> H[FM-07 status compatibility check]
    H --> I[FM-09 step.agent capabilities cover step requirements]
    I --> J{any blocking?}
    J -->|yes| K[exit 1]
    J -->|no| L[FM-07 warnings only? exit 0]
    B -. failure .-> K
    C -. failure .-> K
    D -. failure .-> K
    E -. failure .-> K
    F -. failure .-> K
    G -. failure .-> K
    I -. failure .-> K
    style H fill:#fef3c7
    style K fill:#fecaca

Spec Mapping

FM-01 → SPEC-02
FM-02, FM-03 → SPEC-03
FM-04, FM-05 → SPEC-04
FM-06, FM-07 → SPEC-01 (FM-07 also touches SPEC-03)
FM-08 → publishing infrastructure (SPEC-02 atomicity)
FM-09 → SPEC-01

Severity Semantics

Critical — content integrity violation; the unit cannot be trusted at all.
Blocking — protocol invariant violation; must be fixed before merge.
Warning — flagged but does not exit non-zero; surfaces in CI logs.
Infrastructure — outside the unit content; retry-able.

Key Terms

Kahn’s algorithm → BFS-based DAG cycle detection used in FM-03; finds a topological order or reports the cycle.
Blast radius → All units transitively dependent on a target; consulted by FM-06 when classifying breaking changes.
Status compatibility → Allowed importer/imported status pairs (see grace-012).

Q&A

Q: Why is FM-07 only a warning? A: A stable unit transiently importing a draft during refactor is a real pattern; blocking would create churn. The warning surfaces the drift without halting.

Q: Where in the pipeline does FM-08 surface? A: Not during stratt ci — it is the publishing path failure (R2 unavailable). It is infrastructure-level and the publish operation is atomic so the fingerprint commit rolls back if R2 write fails.

Q: Does FM-04 fire if the protected agent is on a deprecated step? A: Presence is checked at chain composition level, not by step status. The protected agent must own at least one step in the executable composition.

Examples

A PR removes the BECK-02 reviewer step from dev/chain/sol-1-boot and edits a single task body. CI run:

FM-01 ✓ (fingerprint recomputed)
FM-02 ✓ (no import changes)
FM-03 ✓ (no cycle)
FM-04 ✗ blocking — Pathfinder protected agent BECK-02 missing.
(FM-05 also fires if a gate step was removed)

Exit 1 with FM-04 message; merge blocked.

neighbors on the map

Blake3 Canonical Serialisation Pipeline implementing a non-JS GRACE verifier (Rust, Go, Python)
Gate Checkpoint Protocol designing a gated chain step
Draft Isolation Rule (FM-07) promoting a unit from review to approved and seeing FM-07 fire