Invariant Rules for Contributors

Rule: Check Before You Write

Before adding any new data structure, RPC, or dependency, verify it does not violate any invariant. The Traceability → Invariant Map maps each invariant to its enforcement point.

Quick Checks

You want to…	Invariant risk	Check
Add a shared data store	INV-01	Is it local-only?
Import a gossip/CRDT library	INV-02	ci/scan_prohibited will catch it
Designate a “primary” node	INV-03	Not allowed
Increase memory per segment	INV-07	Does it scale with fleet size?
Add a peer RPC	INV-09	mTLS required?
Import adk/runtime from edge	INV-10	ci/scan_dependencies will catch it

Adding a New FI Test

1. Add or update a Go FI test under edge/fi/ with //go:build integration when the scenario is runtime-behavioral.

2. Add or update a shell FI script under edge/ci/tests/ when environment orchestration is required.

3. Execute make fi for the non-root suite and make fi-root when validating root-required scenarios.

4. Confirm /tmp/edge-fi-report/traceability.md includes the new case and expected invariant mapping.

5. Update docs/fi-catalog/matrix.md and docs/fi-catalog/expected-outputs.md with the new case and evidence path.

Evidence

• edge/fi/fi_assurance_test.go

• edge/fi/fi_quota_test.go

• edge/fi/fi_retry_test.go

• edge/ci/tests/run_all.sh

• edge/ci/tests/gen_traceability_report.sh

• Makefile (fi, fi-root)

See Also

• Architecture → Invariants

• Contributing → Guide