Architecture Decision Records¶
This directory contains Architecture Decision Records (ADRs) for the Assay project.
Index¶
| ADR | Title | Status | Priority |
|---|---|---|---|
| ADR-001 | Sandbox Design | Accepted | - |
| ADR-002 | Trace Replay | Accepted | - |
| ADR-003 | Gate Semantics | Accepted | - |
| ADR-004 | Judge Metrics | Accepted | - |
| ADR-005 | Relative Thresholds | Accepted | - |
| ADR-006 | Evidence Contract | Accepted | - |
| ADR-007 | Deterministic Provenance | Accepted | - |
| ADR-008 | Evidence Streaming Architecture | Proposed | Backlog |
| ADR-009 | WORM Storage for Evidence Retention | Deferred | Q3+ |
| ADR-010 | Evidence Store Ingest API | Deferred | Q3+ |
| ADR-011 | MCP Tool Signing with Sigstore | Proposed | P1 |
| ADR-012 | Transparency Log Integration | Proposed | P3 |
| ADR-013 | EU AI Act Compliance Pack | Accepted | P2 |
| ADR-014 | GitHub Action v2 Design | Implemented | ✅ |
| ADR-015 | BYOS Storage Strategy | Accepted | P1 |
| ADR-021 | Local Pack Discovery and Pack Resolution Order | Accepted | P2 |
| ADR-022 | SOC2 Baseline Pack (AICPA Trust Service Criteria) | Accepted | P2 |
| ADR-023 | CICD Starter Pack (Adoption Floor) | Accepted | P1 |
| ADR-024 | Sim Engine Hardening (Limits + Time Budget) | Superseded | P2 |
| ADR-025 | Evidence-as-a-Product | Accepted | P1/P2 |
| ADR-026 | Protocol Adapters | Accepted | P1 |
| ADR-027 | Tool Taxonomy and Class-Based Route Policies | Proposed | P1 |
| ADR-028 | Coverage Report (Tool & Route Completeness) | Proposed | P1 |
| ADR-029 | Session & State Window Contract (MCP Governance) | Proposed | P1 |
| ADR-030 | Coverage + Wrap DX Polish | Proposed | P2 |
| ADR-020 | Dependency Governance | Accepted | - |
Q2 2026 Priorities¶
Strategy: BYOS-first (Bring Your Own Storage) per ADR-015. Focus on CLI features, defer managed infrastructure until PMF.
| Priority | ADR | Status | Notes |
|---|---|---|---|
| ✅ | ADR-014 | Implemented | Marketplace |
| P1 | ADR-015 | Accepted | push/pull/list with S3-compatible storage |
| P1 | ADR-011 | Proposed | x-assay-sig + local-key signing in OSS; Sigstore keyless deferred to enterprise |
| P1 | ADR-023 | Accepted | OSS starter adoption floor (implemented) |
| P2 | ADR-021 | Accepted | Local pack discovery + safe resolution order (implemented) |
| P2 | ADR-022 | Accepted | SOC2 baseline OSS pack (implemented) |
| P1/P2 | ADR-025 | Accepted | I1/I2/I3 slices merged on main; formal accept complete |
| P1 | ADR-026 | Accepted | ACP + A2A + UCP adapter slices and E0-E4 stabilization are merged on main |
| P1 | ADR-027 | Proposed | A/B slices merged on main (taxonomy + class-aware tool matching); formal status update pending |
| P1 | ADR-028 | Proposed | A/B slices merged on main (coverage contract + generator + wrap emission); formal status update pending |
| P1 | ADR-029 | Proposed | A/B slices merged on main (session/state contract + informational export); formal status update pending |
| P2 | ADR-030 | Proposed | A/B/C slices merged on main (coverage markdown/file input + closure docs); formal status update pending |
| P2 | ADR-013 | Accepted | Article 12 mapping, --pack flag |
| P3 | ADR-012 | Proposed | Builds on ADR-011 |
| Deferred | ADR-009 | Deferred | Managed WORM → Q3+ if demand |
| Deferred | ADR-010 | Deferred | Managed API → Q3+ if demand |
Template¶
New ADRs should follow this structure:
# ADR-XXX: Title
## Status
Proposed | Accepted | Deprecated | Superseded
## Context
What is the issue that we're seeing that is motivating this decision?
## Decision
What is the change that we're proposing and/or doing?
## Consequences
What becomes easier or more difficult to do because of this change?