Skip to main content
KRAIT

Analysis Plane

The evolution pipeline that transforms code proposals into validated, reviewable pull requests.

The Evolution Pipeline

The analysis plane sits between the mutable periphery and the immutable core. Its job is to take raw code proposals from the Brain and transform them into changes that are safe, tested, and ready for human review. No proposal reaches production without passing through every stage of this pipeline.

Proposal Intake

When the Brain emits an evolution proposal, it arrives as a structured Elixir term containing the proposed module source, a natural-language rationale, and metadata about the conversation that triggered it. The Evolution supervisor receives this term and spawns a dedicated pipeline process to shepherd it through validation.

Each pipeline process is isolated. If one proposal crashes during analysis, it does not affect other proposals in flight. OTP supervision ensures that transient failures are retried automatically.

Narsil NIF Validation

The core of the analysis plane is Narsil, a Rust NIF that parses Elixir source into an AST and runs the full KRAIT rule suite against it. Narsil operates at the structural level, checking for forbidden function calls, unsafe patterns, and violations of the declared security classification.

Running validation in a Rust NIF gives KRAIT two advantages: performance (AST analysis completes in microseconds, not milliseconds) and memory safety (the NIF cannot corrupt the BEAM VM even if it encounters malformed input). Narsil returns a structured result containing either a clean bill of health or a list of rule violations with line numbers and explanations.

Test Generation and Execution

Proposals that pass Narsil validation enter the test stage. KRAIT generates property-based tests using StreamData and runs them inside a FLAME-spawned Docker container. The tests exercise both the happy path and edge cases derived from the module's type specifications.

GitHub PR Gate

Validated and tested proposals are packaged into a Git branch and pushed as a GitHub pull request. The PR includes the proposed code, generated tests, Narsil's analysis report, and the original rationale from the Brain. CI runs independently, and a human reviewer makes the final merge decision. Only merged code is hot-reloaded into the running agent.