Parent: #250
Recommended tier: strong
Blocked by: #255
Goal
Port the normalized report and SARIF presentation surfaces to Rust after the full diagnostic message/Evidence model is stable.
The Rust output must reproduce Python's semantics, including primary locations, related locations, code flows, severity, rule identity and deterministic ordering.
Sources of truth
Deliverable
.ownreport.json
Implement:
- schema/version fields;
- tool and run metadata;
- diagnostics and ordered Evidence;
- deterministic ordering;
- stable normalized paths;
- canonical serialization contract.
SARIF 2.1.0
Implement:
tool.driver.name and rule metadata;
- result severity/level mapping;
- primary physical location;
- related locations;
codeFlows / thread-flow locations;
- diagnostic message;
- fingerprints/properties where Python currently emits them;
- stable ordering and URI normalization.
Canonical comparison
Do not begin by requiring raw byte identity where serializers legitimately differ in map order or formatting. Instead:
- Parse both JSON documents.
- Remove only explicitly enumerated volatile fields.
- Normalize only collections whose contract is unordered.
- Preserve order for diagnostics, Evidence, related locations and code flows wherever Python treats it as meaningful.
- Serialize a canonical form and byte-compare it.
The PR must document every removed/normalized field and why it is non-semantic. A wildcard "ignore metadata" rule is forbidden.
Required controls
- one diagnostic with no Evidence;
- multiple diagnostics with tie ordering;
- multi-file related locations;
- multi-step code flow;
- DI004/DI005 primary anchor plus registration context;
- Windows drive path and Unix path;
- non-ASCII path;
- warning/error/note mappings used by the current core;
- equal message/code at distinct locations;
- stable rule-table ordering;
- empty result set;
- GitHub upload of Rust-generated SARIF.
Architecture guardrails
Fixture discipline
Add Python-authored frozen fixtures for:
- normalized
.ownreport.json;
- normalized SARIF.
Steady-state Rust tests run with zero Python. Regeneration is explicit.
Acceptance
- Canonical
.ownreport.json parity: zero unexplained diff.
- Canonical SARIF parity: zero unexplained diff.
- Ordered Evidence, related locations and codeFlows match.
- Rust SARIF uploads successfully to GitHub Code Scanning in CI.
- Tool identity remains
Owen.
- No existing Python output changes unless separately justified Python-first.
- DAG, fmt, clippy and all tests remain green.
Parent: #250
Recommended tier: strong
Blocked by: #255
Goal
Port the normalized report and SARIF presentation surfaces to Rust after the full diagnostic message/Evidence model is stable.
The Rust output must reproduce Python's semantics, including primary locations, related locations, code flows, severity, rule identity and deterministic ordering.
Sources of truth
ownlang/spec/Diagnostics.md.ownreport.jsonand SARIF testsDeliverable
.ownreport.jsonImplement:
SARIF 2.1.0
Implement:
tool.driver.nameand rule metadata;codeFlows/ thread-flow locations;Canonical comparison
Do not begin by requiring raw byte identity where serializers legitimately differ in map order or formatting. Instead:
The PR must document every removed/normalized field and why it is non-semantic. A wildcard "ignore metadata" rule is forbidden.
Required controls
Architecture guardrails
own-diagnosticsstill must not depend on parser/CFG/analysis.Fixture discipline
Add Python-authored frozen fixtures for:
.ownreport.json;Steady-state Rust tests run with zero Python. Regeneration is explicit.
Acceptance
.ownreport.jsonparity: zero unexplained diff.Owen.