SEA-Forge™ Dependency Gap Analysis

Last Updated: 2025-12-30
Scope: Comprehensive analysis of missing dependencies across all SEA™ bounded contexts and architectural pillars.

This document categorizes missing dependencies for the entire SEA-Forge™ system based on the architecture defined in ARCHITECTURE.md and the 150+ specifications in the system context map.

Executive Summary

SEA-Forge™ is composed of 5 architectural pillars spanning 8 bounded contexts. The current dependency footprint covers basic infrastructure (OpenTelemetry, OpenFeature, Zod validation, Nx tooling) but lacks domain-specific libraries for:

  1. Semantic Core — Knowledge graphs, policy engines, temporal databases
  2. Cognitive Extension — AI orchestration, artifact generation, case management
  3. Architectural Governance — Architecture validation, compliance tooling
  4. Developer Tooling — LSP integration, SEA-DSL parsing, manifest compilation
  5. GovernedSpeed™ — Policy gateways, evidence collection, circuit breakers
  6. IFL (Identity & Ledger) — Cryptographic signing, immutable ledger storage
  7. Messaging Infrastructure — NATS JetStream, outbox/inbox pattern
  8. UI/UX Layer — Interactive cognitive artifacts, LibreChat integration

[x] 1. Semantic Core (Bounded Context: semantic-core)

The Semantic Core manages the semantic model, knowledge graphs, and policy evaluation.

[x] 1.1 Knowledge Graph & Reasoning

Missing Capability Recommended Dependency Justification ADR/SDS Reference
RDF Triple Store oxigraph (Rust) / rdflib (Python) Required for RDF/OWL/SHACL storage and SPARQL queries. Oxigraph is preferred for performance. ADR-006, SDS-003
SPARQL Query Engine Built into oxigraph or @comunica/query-sparql (Node) Execute semantic queries across the knowledge graph. SDS-003
SHACL Validation pyshacl (Python) or SHACL support in Oxigraph Validate knowledge graph integrity against shape constraints. SDS-003
OWL Inference owlrl (Python) or Oxigraph reasoning extensions Enable logical inference over ontologies. ADR-006

[x] 1.2 SEA-DSL Parsing & Compilation

Missing Capability Recommended Dependency Justification ADR/SDS Reference
SEA-DSL Parser tree-sitter + custom SEA™ grammar Parse .sea files into AST for compilation. ADR-004, SDS-002
AST Traversal @babel/traverse or custom visitor pattern Navigate and transform parsed AST. Developer Tooling REF-001
Policy Evaluator rego (OPA) or custom rule engine Execute SEA-DSL policies at runtime. SDS-002

[x] 1.3 Temporal Database (Semantic Memory)

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Vector Store pgvector (PostgreSQL extension) PostgreSQL-native vector storage with ACID guarantees, hybrid queries, and simpler ops than dedicated vector DBs. Sufficient for SEA™’s scale (< 1M vectors). SDS-015
Time-Series DB timescaledb (PostgreSQL extension) Track metric evolution and pattern detection with native PostgreSQL integration. SDS-015
Embedding Model EmbeddingGemma 300M 4-bit (GGUF via llama.cpp) Local-first, deterministic embeddings. 300M params + 4-bit quantization = fast inference (< 100ms) with low resource usage. Fine-tunable on SEA-DSL corpus. SDS-015

Current Status:

[x] 2. Cognitive Extension (Bounded Context: cognitive-extension)

The Cognitive Extension provides AI-driven artifact generation, case management, and agent orchestration.

[x] 2.1 AI Orchestration & Agent Framework

Missing Capability Recommended Dependency Justification ADR/SDS Reference
LLM Orchestration semantic-kernel + langgraph Semantic Kernel for workflows, LangGraph for graph-based agent patterns (Softmax Router). State management, checkpointing, visual debugging. SDS-040, SDS-006
Structured Output outlines (Python) Constrained generation at token level using FSM/regex. Guarantees schema validity without retries. Works with local models (deterministic + local-first). SDS-027, SDS-029
Prompt Engineering baml Type-safe prompt definitions with generated clients. Built-in retry/fallback, model abstraction, version control. Prompts as executable code. ADR-009, ADR-026, SDS-025

[x] 2.2 Artifact Generation (CADSL)

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Diagram Rendering mermaid / d2 / graphviz Generate visual artifacts from CADSL templates. ADR-008, SDS-038
Markdown Templating remark / unified Transform markdown with custom syntax extensions. SDS-038
Interactive UI Components @headlessui/react + shadcn/ui + copilotkit HeadlessUI for primitives, shadcn for styling, CopilotKit for Chat UI (LibreChat shell) and Generative UI Components (CADSL artifacts). Wrap in port adapter to route AI calls through Policy Gateway. PRD-005, SDS-038, SDS-048

[x] 2.3 Case Management (CMMN)

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Workflow Engine activepieces + temporal.io (integrated) Activepieces for integration workflows, Temporal for reliable case execution. ADR-021, SDS-012
Event Sourcing eventstore / NATS JetStream (see §7) Store case history as immutable events. SDS-012

[x] 2.4 LLM Provider Abstraction

NEW: Unified LLM provider interface supporting multiple backends.

Missing Capability Recommended Dependency Justification ADR/SDS Reference
LLM Provider Abstraction litellm (Python) Unified OpenAI-compatible API for 100+ providers. Single interface for OpenAI, Anthropic, Ollama, OpenRouter. Built-in fallbacks, retries, and observability. ADR-035, SDS-049
Local Development ollama (via LiteLLM) Local-first development without API keys. Same code path as production. Cost-free iteration. ADR-035
Cost Optimization openrouter (via LiteLLM) Model arbitrage across providers. Single API key for 100+ models. Automatic fallbacks. ADR-035
Structured Output outlines + LiteLLM Constrained generation with LiteLLM provider support. Deterministic schema-valid outputs. SDS-027, SDS-029

Port/Adapter Architecture:

Port Adapter Notes
LlmProviderPort LiteLLMAdapter Production adapter using LiteLLM
LlmProviderPort FakeLlmAdapter Test double with deterministic responses
PolicyGatewayPort HTTP client Routes calls through SDS-042

Current Status:

[x] 3. Architectural Governance (Bounded Context: architectural-governance)

Enforces architectural rules and compliance validation.

[x] 3.1 CALM (Architecture-as-Code)

Missing Capability Recommended Dependency Justification ADR/SDS Reference
CALM CLI @finos/calm-cli or custom CALM parser Validate architectural definitions against CALM schemas. ADR-005, SDS-039
C4 Diagram Generation structurizr-cli / @structurizr/dsl Generate C4 diagrams from architectural models. SDS-039

[x] 3.2 Compliance-as-Code (OSCAL Ecosystem)

NEW: Machine-readable compliance validation for NIST AI RMF, ISO 42001, and EU AI Act.

Missing Capability Recommended Dependency Justification ADR/SDS Reference
OSCAL Schema Management trestle (Python, IBM FOSS) Manage OSCAL documents, decompose frameworks into actionable Git-tracked components. ADR-028, REF-020, Plan P007
CI/CD Compliance Validation lula (Go CLI) Compliance-as-Code engine; compares infrastructure state against OSCAL controls. Fails build on violations. Plan P007
OSCAL Library oscal-lib (Python) Programmatic OSCAL schema generation and validation. Plan P007
ML Model Testing (Evidence) giskard (Python) Bias, data leakage, and safety testing. Generates evidence artifacts for ISO 42001 audits. ADR-028, SDS-043
Regulatory Text Conversion text-to-oscal (Utility) Convert regulatory text (EU AI Act PDF) to machine-readable OSCAL format. Plan P007

[x] 3.3 Compliance Workflow

  1. Define Schema: Use trestle to create OSCAL Profile mapping EU AI Act → technical checks
  2. Generate Evidence: Integrate giskard in ML pipeline to produce JSON evidence artifacts
  3. Validate in CI/CD: Use lula + opa in GitHub Actions; fail pipeline if bias score exceeds threshold

Current Status:

[x] 4. Developer Tooling (Bounded Context: developer-tooling)

Provides developer experience enhancements including linters, scaffolders, and IDE integrations.

[x] 4.1 LSP Integration (Existing: DomainForge™ Extension)

Already Available: DomainForge™ VS Code Extension (Open VSX)

Capability Status Notes
SEA-DSL Syntax Highlighting ✅ Present Via DomainForge™ extension
SEA-DSL Language Server ✅ Present Hover, completions, diagnostics
LSP Server ⚠️ Evaluate May need custom vscode-languageserver for additional SEA-specific features
MCP (Model Context Protocol) ❌ Gap Expose LSP capabilities to AI agents via @modelcontextprotocol/sdk

[x] 4.2 SEA-DSL Tooling

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Flow Annotation Linter Custom ESLint/TSLint plugin Enforce @cqrs, @tx, @outbox annotations. SDS-001 (Developer Tooling)
SEA™ IR Compiler Custom TypeScript/Python compiler Transform SEA-DSL → AST → IR → Manifest. REF-001, SDS-021

Current Status:

[x] 5. GovernedSpeed™ (Continuous Governance)

Integrated governance layer for runtime policy enforcement and evidence collection.

[x] 5.1 Policy Gateway (Runtime Enforcement)

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Policy Engine @open-policy-agent/opa-wasm (Node) / opa (CLI) Execute SEA-DSL policies as OPA Rego rules. ADR-028, SDS-042
PII Detection presidio-analyzer (Python) / piitoolkit Detect and redact sensitive information. SDS-042
Prompt Injection Defense rebuff / llm-guard Block jailbreak attempts and adversarial prompts. SDS-042

[x] 5.2 Risk & Evidence Service

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Tamper-Evident Hashing crypto (Node built-in) / hashlib (Python) Generate SHA-256 artifact proofs. SDS-043
Audit Logging pino (Node) / structlog (Python) Structured logs with retention policies. SDS-043
Compliance Metrics OpenTelemetry (already present) + custom metrics Export llm_pass_at_5, fairness_subgroup_delta. ADR-029

[x] 5.3 Resilience & Rate Limiting

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Circuit Breakers cockatiel (Node) / tenacity (Python) Prevent cascading failures with retry/backoff. N/A (General resilience)
Rate Limiting rate-limiter-flexible + ioredis Enforce API quotas with distributed coordination. N/A (General resilience)
Distributed Locks redlock (Node) / redis-py locks Coordinate exclusive operations across services. N/A (General infra)

Current Status:

[x] 6. IFL (Immutable Facts Ledger) & Identity

Cryptographic identity and tamper-evident event ledger.

[x] 6.1 Cryptography & Signing

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Hashing (SHA-256) crypto (Node) / hashlib (Python) Generate ifl:hash for concept IDs. ADR-011, SDS-034
Digital Signatures libsodium-wrappers (Node) / cryptography (Python) Sign events with Ed25519 for authenticity. SDS-034
Merkle Proofs merkletreejs (Node) / pymerkle (Python) Construct Merkle trees for identity token lineage. SDS-034

[x] 6.2 Ledger Storage

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Immutable Ledger immudb-node / immudb-py or custom Git-based ledger Store tamper-evident event history. ADR-011, SDS-034
Event Serialization protobufjs (Node) / protobuf (Python) Efficient binary encoding for events. N/A (Performance)

Current Status:

[x] 7. Messaging Infrastructure (Cross-Context Communication)

Enables reliable event-driven communication between bounded contexts.

[x] 7.1 NATS JetStream

Missing Capability Recommended Dependency Justification ADR/SDS Reference
NATS Client nats (Node) / nats-py (Python) Publish/subscribe to JetStream streams. ADR-032, SDS-047
Stream Management Built into NATS client Create per-context streams with retention policies. SDS-047

[x] 7.2 Outbox/Inbox Pattern

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Transactional Outbox Custom implementation or ts-event-bus Ensure atomic writes to DB + event queue. PRD-022, SDS-047
Idempotency Keys uuid (Node/Python) + DB storage Deduplicate messages with unique IDs. SDS-047

Current Status:

[x] 8. UI/UX Layer (Interactive Artifacts & Shells)

Provides user-facing interfaces for cognitive artifacts and platform interaction.

[x] 8.1 Cognitive Artifact Rendering

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Real-Time UI Updates socket.io / ws (WebSocket) Push artifact updates to clients. SDS-038
Component Library @radix-ui/react-* / shadcn/ui Accessible, composable UI primitives. N/A (UI framework)
Markdown Rendering react-markdown / marked Display rich text artifacts. SDS-038
Chat UI copilotkit (UI primitives only) Pre-built chat interface for LibreChat shell. Wrap in CognitiveUIPort adapter. SDS-048
Generative UI copilotkit (Generative UI components) Render AI-generated CADSL artifacts. Route all AI calls through Policy Gateway. SDS-038

[x] 8.2 Platform Integration (Shells)

Missing Capability Recommended Dependency Justification ADR/SDS Reference
LibreChat Integration Custom OpenAI-compatible API facade Expose SEA™ services to LibreChat UI. ADR-033, SDS-048
Zed IDE Extension Zed extension API (not yet public) Integrate SEA-DSL editing into Zed. ADR-033, SDS-048

Current Status:

[x] 9. Testing & Quality Assurance

Comprehensive testing infrastructure for all bounded contexts.

[x] 9.1 Unit & Integration Testing

Missing Capability Recommended Dependency Justification Current Status
Node.js Testing vitest + @vitest/coverage-v8 Fast, Vite-native test runner. ✅ Present
Python Testing pytest + pytest-cov + pytest-asyncio Comprehensive Python test framework. ✅ Present
Mocking msw (Node), respx (Python) Mock HTTP/API interactions. ✅ Present
Testcontainers @testcontainers/postgresql, testcontainers (Python) Spin up real services for integration tests. ✅ Present

[x] 9.2 E2E & Browser Testing

Missing Capability Recommended Dependency Justification Current Status
Browser Automation @playwright/test E2E testing for UI components. ✅ Present

Current Status:

[x] 10. Observability & Monitoring

Semantic telemetry and distributed tracing.

[x] 10.1 OpenTelemetry

Missing Capability Recommended Dependency Justification Current Status
OTel SDK @opentelemetry/sdk-node Core instrumentation. ✅ Present
Auto-Instrumentation @opentelemetry/auto-instrumentations-node Automatic tracing. ✅ Present
Exporters @opentelemetry/exporter-trace-otlp-grpc Send telemetry to OTel Collector. ✅ Present
Semantic Conventions @opentelemetry/semantic-conventions Standardized attribute names. ✅ Present

[x] 10.2 Observability Backend

Missing Capability Recommended Dependency Justification ADR/SDS Reference
Collector otel-collector (Docker) Aggregate and route telemetry. ADR-029
Storage OpenObserve / Grafana / Logfire Store and visualize traces/metrics. ADR-029

Current Status:

Phase 0: Foundation (Sprint 1 — Walking Skeleton)

Goal: Prove end-to-end connectivity with minimal dependencies.

Action Dependency Justification
Add crypto for hashing libsodium-wrappers (Node), cryptography (Python) Support ifl:hash generation
Add RDF library rdflib (Python) Enable Knowledge Graph prototype
Add resilience cockatiel (Node) Wrap external API calls
Add vector DB pgvector (PostgreSQL extension) Local vector search without extra infra
Add embedding model llama.cpp + EmbeddingGemma-300M-4bit.gguf Deterministic, local embeddings

Phase 1: Semantic Core (Sprint 2-3)

Goal: Establish semantic foundation.

Action Dependency Justification
Integrate Oxigraph oxigraph (Rust binary) Production RDF store
Add SEA-DSL parser tree-sitter + custom grammar Parse .sea files
Add policy engine @open-policy-agent/opa-wasm Runtime policy evaluation

Phase 2: Cognitive Extension (Sprint 4-5)

Goal: Enable AI-driven artifact generation.

Action Dependency Justification
Add LLM orchestration semantic-kernel + langgraph Workflows + graph-based agents
Add prompt engineering baml Type-safe, versionable prompts
Add structured output outlines (Python) Constrained generation (deterministic)
Add diagram rendering mermaid / d2 Generate visual artifacts

Phase 3: GovernedSpeed™ (Sprint 6-7)

Goal: Integrate continuous governance.

Action Dependency Justification
Add PII detection presidio-analyzer Block sensitive data
Add prompt defense llm-guard Prevent jailbreaks
Add rate limiting rate-limiter-flexible + ioredis Enforce quotas

Phase 4: Messaging & Integration (Sprint 8+)

Goal: Enable cross-context communication.

Action Dependency Justification
Add NATS client nats (Node/Python) Event streaming
Add ledger DB immudb-node Immutable event storage
Add WebSocket socket.io Real-time UI updates

[x] 12. Summary Table

Pillar Present Dependencies Missing Dependencies Priority
Semantic Core zod, sea-dsl Oxigraph, tree-sitter, OPA, pgvector, EmbeddingGemma 🔴 Critical
Cognitive Extension None Semantic Kernel, LangGraph, BAML, Outlines, Mermaid 🟡 High
Arch Governance None CALM CLI, Structurizr, Trestle, Lula, Giskard 🟡 High
Developer Tooling ESLint, Prettier, DomainForge™ Extension MCP SDK, Flow Annotation Linter 🟠 Medium
GovernedSpeed™ OpenTelemetry OPA, Presidio, Cockatiel, Rate Limiter 🔴 Critical
IFL (Identity) None libsodium, immudb, merkletreejs 🔴 Critical
Messaging None NATS, Outbox/Inbox 🟠 Medium
UI/UX None socket.io, shadcn/ui, CopilotKit (Chat + Generative UI) 🟢 Low
Testing Vitest, Pytest, Playwright None ✅ Complete
Observability Full OTel SDK Collector config, OpenObserve 🟠 Medium

References

Document Purpose
ARCHITECTURE.md System architecture overview
System Context Map 150+ spec index
Traceability Matrix ADR → PRD → SDS mappings
ENGINEERING.SOP.md Phase-by-phase implementation guide