P3.2: Automatic Drift Remediation — Implementation Plan

Created: 2026-01-22
Status: ✅ Approved
Dependency: P3.1 Provenance Tracking System (complete)

Goal

Implement an intelligent drift remediation system that detects, analyzes, and proposes fixes for spec→code misalignments. The system enables:

1. Proactive spec suggestions when drift is detected
2. Automated PR generation for simple remediations
3. CI integration for drift-aware merge workflows

[!IMPORTANT] This builds on the P3.1 Provenance System. All drift detection leverages the existing lineage graph to trace generated code back to source specs.

User Review Required

Design Decisions

1. Conservative Auto-Fix Scope: Auto-generated PRs are limited to regeneration from specs (no direct code patching). Complex semantic drift requires human review.

2. Dual-Mode Architecture: The system operates in both CI (blocking/advisory) and Workbench UI (interactive) modes.

3. GitHub Integration First: PR automation targets GitHub API. GitLab/Bitbucket adapters are out of scope but interface is extensible.

Architecture Overview

flowchart TD
    subgraph Detection["Drift Detection Layer"]
        DD[DriftDetector] --> |hash compare| PC[ProvenanceComparator]
        DD --> |semantic diff| SD[SemanticDiffer]
    end

    subgraph Analysis["Analysis & Suggestion Layer"]
        AN[DriftAnalyzer] --> |classify| CL{DriftType}
        CL --> |benign| BEN[FormatDrift]
        CL --> |spec_stale| STALE[SpecSuggestion]
        CL --> |code_stale| CODE[RegenSuggestion]
        CL --> |semantic| SEM[ManualReviewRequired]
    end

    subgraph Remediation["Remediation Layer"]
        REM[RemediationEngine] --> |generate| REGEN[RegenerationRunner]
        REM --> |create| PR[PRCreator]
        REM --> |notify| UI[WorkbenchNotifier]
    end

    Detection --> Analysis --> Remediation

Proposed Changes

Drift Detection Service (Python)

New service module under services/workbench-bff/ for drift detection and remediation orchestration.

[NEW] drift_detector.py

Core drift detection engine leveraging the provenance graph.

Key Classes:

• DriftType(Enum): Classification of drift (NONE, BENIGN, SPEC_STALE, CODE_STALE, SEMANTIC)
• DriftReport(dataclass): Structured drift analysis result
• DriftDetector: Main detection class comparing spec hashes to generated artifact hashes

Features:

• Hash-based quick detection using provenance node hashes
• Deep diff for semantic classification
• Lineage-aware impact analysis
• Batch detection across all contexts
• Incremental scan by context with cached hashes
• Timeouts for deep diffs; fallback to hash-only classification

[NEW] drift_analyzer.py

Intelligent drift classification and suggestion generation.

Key Classes:

• DriftSuggestion(dataclass): Actionable fix suggestion with confidence score
• DriftAnalyzer: Classifies drift and generates remediation suggestions

Features:

• Pattern-based classification (format-only, import changes, comment drift, structural drift)
• Confidence scoring for auto-fix viability
• Spec update suggestions with line-level hints
• Regeneration command generation
• Per-run limits (max contexts, max diff size) to bound CI runtime

[NEW] remediation_engine.py

Orchestrates remediation actions including PR creation.

Key Classes:

• RemediationConfig(dataclass): Configuration for auto-fix thresholds
• RemediationAction(dataclass): Concrete action (regenerate, update_spec, manual_review)
• RemediationEngine: Executes remediation strategies

Features:

• Auto-regenerate for benign/code-stale drift (spec-first)
• Regeneration triggering via just pipeline <context>
• PR creation via GitHub API (with approval gates)
• Audit logging of all remediation actions

Auto-Fix Safety Policy:

• Allowed change kinds: regeneration from specs only (no direct code patching)
• Disallowed paths: **/src/gen/** for patching (regen is allowed via pipeline)
• Allowed file types: .ts, .tsx, .py, .md (for reporting only)
• Max diff size per remediation: 200 LOC
• If limits exceeded, downgrade to manual_review

[NEW] pr_creator.py

GitHub PR automation following the port/adapter pattern.

Port Interface:

1
2
3
4
5
6
7
8
class PRCreatorPort(Protocol):
    def create_remediation_pr(
        self,
        title: str,
        body: str,
        branch: str,
        changes: list[FileChange],
    ) -> PRResult: ...

Adapter Implementation:

• GitHubPRCreator: Full GitHub API integration
• Branch creation, commit, and PR lifecycle management
• Draft PR by default (requires human approval)
• Labels: drift-remediation, auto-generated
• Secrets handling: access tokens must come from environment/injected secret stores (no config/source)
• Token scopes: minimal permissions for create_remediation_pr (avoid admin scopes)
• Rotation hooks: adapter must support token refresh/rotation without restart
• API resiliency: rate limiting + exponential backoff on branch/commit/PR calls

API Routes

[NEW] drift_routes.py

REST endpoints for drift detection and remediation.

Cross-cutting concerns:

• Authentication middleware (JWT/OAuth validation) on all routes
• RBAC enforcement on /drift/analyze and /drift/remediate
• Rate limiting (stricter limits on POST endpoints)
• Structured audit logs (user, action, target, timestamp) before mutations
• Audit log retention (e.g., 90 days) and redaction policy for secrets/PII

Endpoints: | Method | Path | Description | |——–|——|————-| | GET | /drift/scan | Scan all contexts for drift | | GET | /drift/context/{context} | Get drift status for specific context | | GET | /drift/report/{node_id} | Detailed drift report for a node | | POST | /drift/analyze | Analyze drift and get suggestions | | POST | /drift/remediate | Execute remediation action | | GET | /drift/history | Get remediation audit history |

API constraints:

• /drift/scan supports contexts[] filter to limit scope
• /drift/report/{node_id} supports summary=true for light payloads
• /drift/history supports pagination (limit, cursor)

Pydantic Models

[MODIFY] models.py

Add drift-related API models:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
class DriftType(str, Enum):
    NONE = "none"
    BENIGN = "benign"
    SPEC_STALE = "spec_stale"
    CODE_STALE = "code_stale"
    SEMANTIC = "semantic"

class DriftReportModel(BaseModel):
    nodeId: str
    nodeType: str
    context: str
    driftType: DriftType
    confidence: float  # 0.0-1.0
    specHash: str | None
    codeHash: str | None
    lastSyncedAt: str | None
    suggestions: list[DriftSuggestionModel]

class DriftSuggestionModel(BaseModel):
    suggestionId: str
    action: Literal["regenerate", "update_spec", "manual_review"]
    description: str
    confidence: float
    autoFixable: bool
    estimatedImpact: str  # "low" | "medium" | "high"
    command: str | None  # e.g., "just pipeline semantic-core"

class RemediationRequestModel(BaseModel):
    nodeId: str
    suggestionId: str
    createPR: bool = True
    draftPR: bool = True

class RemediationResultModel(BaseModel):
    success: bool
    action: str
    prUrl: str | None
    errorMessage: str | None
    auditId: str

Workbench UI Components (TypeScript/React)

[NEW] drift-api.ts

Frontend API client for drift endpoints.

1
2
3
4
5
6
export function scanForDrift(): Promise<DriftScanResult>;
export function getContextDrift(context: string): Promise<DriftReport[]>;
export function getDriftReport(nodeId: string): Promise<DriftReport>;
export function analyzeDrift(nodeId: string): Promise<DriftAnalysis>;
export function executeRemediation(request: RemediationRequest): Promise<RemediationResult>;
export function getDriftHistory(): Promise<DriftAuditEntry[]>;

[NEW] DriftDashboard.tsx

Main UI for drift visualization and remediation.

Features:

• System-wide drift health summary with context breakdown
• Severity-colored drift indicators (green/yellow/orange/red)
• One-click remediation for auto-fixable issues
• Direct links to affected spec files
• Audit trail of past remediations

[NEW] DriftReportCard.tsx

Component displaying individual drift reports.

Shows:

• Node path with provenance link
• Drift type badge with explanation
• Confidence meter
• Suggested actions with “Apply” buttons
• Impact preview (affected downstream nodes)

[NEW] drift.ts

TypeScript type definitions mirroring backend models.

[MODIFY] App.tsx

Add route for Drift Dashboard:

1
<Route path="/drift" element={<DriftDashboard />} />

[MODIFY] [Navigation components]

Add navigation link to Drift Dashboard in sidebar/header.

CI Integration

[NEW] drift_check.sh

CI guard script for drift-aware merges.

Modes:

• --warn: Advisory mode (log drift, don’t fail)
• --fail: Blocking mode (fail if semantic drift detected)
• --auto-remediate: Create remediation PR automatically
• --dry-run: Simulate remediation actions without creating PRs
• --confirm: Explicit confirmation required for actual PR creation
• --require-approval: Gate PR creation on human approval signal

Safety gates:

• Configurable per-run cap (e.g., MAX_REMEDIATION_PRS) to prevent PR spam
• Simple rate limiting/backoff around create_remediation_pr
• Audit trail appended to remediation_audit.log (context, node, action, timestamp)
• Standardized PR body/comment summarizing why the PR was opened

Integration:

1
2
3
# .github/workflows/ci.yml addition
- name: Drift Check
  run: ./scripts/ci/drift_check.sh --fail

[NEW] auto_remediate.yml

GitHub Actions workflow for automated remediation PRs.

Token configuration:

• Required secret name: GITHUB_TOKEN or custom DRIFT_REMEDIATION_TOKEN
• Required permissions: contents: write, pull-requests: write
• Use GITHUB_TOKEN for same-repo PRs; use PAT for cross-repo or elevated limits
• Configure in repository settings → Secrets and variables → Actions
• Wire into workflow env for scripts (used by scripts/ci/drift_check.sh)

1
2
3
4
5
6
7
8
9
permissions:
  contents: write
  pull-requests: write

steps:
  - name: Drift Check (auto-remediate)
    run: ./scripts/ci/drift_check.sh --auto-remediate --confirm
    env:
      GITHUB_TOKEN: $

Triggers:

• On push to dev if drift detected
• Manual workflow dispatch
• Scheduled daily scan (cron: '0 6 * * *' — 6 AM UTC)

Actions:

• Scans all contexts for drift
• Creates draft PR for benign/auto-fixable drift
• Notifies maintainers via GitHub issues for semantic drift

CLI Tooling

[NEW] drift_heal.py

Command-line interface for drift operations.

Commands:

1
2
3
4
5
6
7
8
9
10
11
# Scan all contexts
python tools/drift_heal.py scan

# Check specific context
python tools/drift_heal.py check semantic-core

# Apply remediation
    python tools/drift_heal.py remediate <node-id> --type=regenerate [--dry-run] [--force]

# Generate report
python tools/drift_heal.py report --format=json > drift-report.json

Remediate behavior:

• Centralize remediation preview in the remediate handler
• --dry-run: print human-readable preview and exit without changes
• --force: skip confirmation prompt and proceed
• Refuse --auto unless --force is set (except --dry-run)
• --auto only performs regeneration suggestions (no direct patching)
• Preview must list each planned change; output must state what applied

[MODIFY] justfile

Add drift-related recipes:

# Scan all contexts for drift
drift-scan:
    python tools/drift_heal.py scan

# Check drift for specific context
drift-check context:
    python tools/drift_heal.py check 

# Auto-remediation preview (regenerate/update-spec only)
drift-heal:
    python tools/drift_heal.py remediate --auto --dry-run

# Generate drift report
drift-report:
    python tools/drift_heal.py report --format=markdown

Value-Add Enhancements

1. Smart Suggestion Ranking

Suggestions are ranked by:

• Confidence: Higher confidence = safer auto-fix
• Impact: Lower impact changes first
• Freshness: Recent specs preferred over stale

2. Batch Remediation

One-click “Fix All Safe Issues” that:

• Groups benign/code-stale drift by context
• Creates single cohesive PR per context
• Preserves atomic commit history

3. Drift Trend Analytics

Dashboard shows:

• Drift frequency over time
• Most drift-prone specs/contexts
• Time-to-remediate metrics

4. Integration with Provenance Explorer

From ProvenanceExplorer:

• Click any node → “Check for Drift”
• Drift badge on nodes with active drift
• Lineage-aware impact visualization

5. Pre-commit Hook Support

1
2
3
4
5
6
7
# .pre-commit-config.yaml
- repo: local
  hooks:
    - id: drift-check
      name: Drift Check
      entry: python tools/drift_heal.py check --fail-on-semantic
      language: system

File Summary

Verification Plan

Automated Tests

Python Unit Tests

File: services/workbench-bff/tests/test_drift_detector.py

1
2
# Run drift detector tests
cd services/workbench-bff && python -m pytest tests/test_drift_detector.py -v

Test Cases:

• test_detect_no_drift: Clean state returns NONE
• test_detect_benign_drift: Format-only changes classified correctly
• test_detect_spec_stale: Outdated spec detected
• test_detect_code_stale: Outdated code detected
• test_detect_semantic_drift: Structural changes flagged
• test_batch_scan: All contexts scanned efficiently

Python Integration Tests

File: services/workbench-bff/tests/test_drift_api.py

1
2
# Run drift API integration tests
cd services/workbench-bff && python -m pytest tests/test_drift_api.py -v

Test Cases:

• test_scan_endpoint: /drift/scan returns valid response
• test_context_drift: /drift/context/{context} filters correctly
• test_analyze_and_remediate: Full remediation workflow
• test_audit_history: Remediation actions logged

TypeScript Component Tests

File: apps/workbench/src/pages/__tests__/DriftDashboard.test.tsx

1
2
# Run Workbench tests
pnpm nx test workbench --testFile=DriftDashboard

Test Cases:

• Renders drift summary correctly
• Displays drift reports for each context
• “Apply” button triggers remediation API
• Error states handled gracefully

CI Script Validation

1
2
3
4
5
6
7
# Test drift_check.sh in warn mode (should always pass)
./scripts/ci/drift_check.sh --warn

# Test with intentional drift (create temp file in gen/)
touch libs/semantic-core/domain/src/gen/temp_test_file.ts
./scripts/ci/drift_check.sh --warn  # Should report drift
rm libs/semantic-core/domain/src/gen/temp_test_file.ts

Manual Verification

Workbench UI Flow

1. Start dev environment: just dev-up && just workbench-dev
2. Navigate to http://localhost:3000/drift
3. Verify:
   • Dashboard loads without errors
   • Context cards show drift status
   • Clicking a context shows detailed drift reports
   • “Scan Now” button triggers fresh scan
   • Remediation buttons are enabled for auto-fixable issues
   • Audit history shows past remediations

CLI Tooling

1
2
3
4
# Verify CLI commands work
python tools/drift_heal.py scan
python tools/drift_heal.py check semantic-core
python tools/drift_heal.py report --format=markdown

Just Recipes

1
2
3
4
5
6
# Verify just recipes are registered
just --list | grep drift

# Run recipes
just drift-scan
just drift-report

Dependencies

Out of Scope

• GitLab/Bitbucket PR automation (interface extensible)
• AI-powered spec rewriting (future enhancement)
• Real-time drift watching (requires file watcher infra)

Risk Mitigation

Timeline Estimate

References

• P3.1 Provenance Tracking
• Existing Drift Check
• CI Guard Script
• Last-Mile Plan