UNPKG

aiwg

Version:

Deployment tool and support utility for AI context. Copies agents, skills, commands, rules, and behaviors into the paths each AI platform reads (Claude Code, Codex, Copilot, Cursor, Warp, OpenClaw, and 6 more) so one source of truth works across 10 platfo

aiwg.io

jmagly/aiwg

190 lines (144 loc) 11.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# Error Handling Tree ## Metadata - ID: DES-EHT-`id` - Owner: `name/role/team` - Contributors: `list` - Reviewers: `list` - Team: `team` - Stakeholders: `list` - Status: `draft/in-progress/blocked/approved/done` - Dates: created `YYYY-MM-DD` / updated `YYYY-MM-DD` / due `YYYY-MM-DD` - Related: UC-`id`, REQ-`id`, DES-`id`, BS-`id`, IC-`id`, PSC-`id`, CODE-`module`, TEST-`id` ## Related Templates - agentic/code/frameworks/sdlc-complete/templates/analysis-design/pseudocode-spec-template.md - agentic/code/frameworks/sdlc-complete/templates/analysis-design/method-interface-contract-template.md - agentic/code/frameworks/sdlc-complete/templates/analysis-design/activity-diagram-spec-template.md - agentic/code/frameworks/sdlc-complete/templates/analysis-design/state-machine-spec-template.md ## Traceability - Parent Use Case: UC-`id``title` - Behavioral Spec: BS-`id` - Interface Contracts: DES-MIC-`id`, DES-MIC-`id` - Pseudo-Code Specs: DES-PSC-`id`, DES-PSC-`id` ## Error Context - Component / Service: `fully qualified name of the component this tree covers` - Scope: `single method / module / service boundary / cross-service flow` - Error Philosophy: `fail-fast / fail-safe / retry-first / circuit-breaker` - Caller Expectations: `caller receives typed error / HTTP status / event / nothing (fire-and-forget)` ## Error Propagation Diagram ```mermaid flowchart TD Operation([Operation]) --> Decision{Success?} Decision -->|Yes| Success([Return Result]) Decision -->|No| Classify{Error Type?} Classify -->|Transient| Retry[Retry with Backoff] Retry --> RetryDecision{Max Retries?} RetryDecision -->|No| Operation RetryDecision -->|Yes| CircuitBreaker[Open Circuit Breaker] CircuitBreaker --> Escalate([Escalate to Caller]) Classify -->|Validation| Reject([Return Validation Error]) Classify -->|Fatal| Log[Log + Alert] Log --> Abort([Abort with Error]) ``` ## Exception Catalog Every exception this component can raise or receive. Each row must trace to an interface contract exception specification (DES-MIC). | ID | Exception | Type | Source | Severity | Transient | Notes | | -- | --------- | ---- | ------ | -------- | --------- | ----- | | E01 | `ExceptionName` | checked/unchecked | `originating component or operation` | `fatal/degraded/warning` | yes/no | `additional context` | ## Error Handling Matrix Map each exception to its handler and recovery strategy. | Exception (ID) | Detection Point | Handler Action | Recovery Strategy | Fallback | Caller Notification | | --------------- | --------------- | -------------- | ----------------- | -------- | ------------------- | | E01 | `where in the flow this is caught` | `what the handler does` | `retry / compensate / abort / degrade` | `fallback behavior or none` | `error code / HTTP status / event` | ## Retry Specifications For each transient exception that is retried, document the retry policy. | Exception (ID) | Max Retries | Backoff Strategy | Initial Delay | Max Delay | Jitter | Circuit Breaker Threshold | | --------------- | ----------- | ---------------- | ------------- | --------- | ------ | ------------------------- | | E01 | `count` | `constant/linear/exponential` | `ms` | `ms` | `yes/no` | `N failures in M seconds` | ## Compensation Actions For operations that must be undone on failure (saga pattern), document the compensation chain. | Failed Operation | Compensation Action | Idempotent | Timeout | Owner | | ---------------- | ------------------- | ---------- | ------- | ----- | | `what succeeded before the failure` | `what must be undone` | yes/no | `ms` | `component responsible` | ## Error Propagation Rules Define how errors flow between layers. Every boundary crossing must have an explicit mapping. | Source Layer | Source Error | Target Layer | Target Error | Transformation | Information Lost | | ------------ | ----------- | ------------ | ------------ | -------------- | ---------------- | | `service / module` | `internal error` | `API / caller` | `external error` | `mapping rule` | `what details are stripped (security)` | ## Logging and Observability | Exception (ID) | Log Level | Log Fields | Alert Rule | Dashboard | | --------------- | --------- | ---------- | ---------- | --------- | | E01 | `error/warn/info` | `fields to capture (no PII in plaintext)` | `threshold for paging` | `link to dashboard or panel` | ## Completeness Checklist - [ ] Every exception in the Exception Catalog has a row in the Error Handling Matrix - [ ] Every transient exception has a Retry Specification - [ ] Every multi-step operation with side effects has a Compensation Action chain - [ ] Error Propagation Rules cover every layer boundary (service → API, module → module) - [ ] No exception is silently swallowed — every handler has an explicit recovery or escalation - [ ] Logging captures enough context to diagnose without exposing PII - [ ] Retry policies have both max-retries and circuit-breaker thresholds - [ ] The Error Propagation Diagram matches the Exception Catalog - [ ] Fatal errors have alerting rules defined ## How to Fill This Template 1. **Inventory Exceptions**: Start from the interface contracts (DES-MIC) for all methods in scope. Every exception spec becomes a row in the Exception Catalog. 2. **Classify**: Mark each exception as transient or permanent. Transient errors get retry specs; permanent errors get immediate handling. 3. **Draw the Diagram**: Sketch the error flow using MermaidJS. Show the decision tree: success → return, transient → retry → circuit breaker, validation → reject, fatal → abort. 4. **Fill the Handling Matrix**: For each exception, document where it's detected, what the handler does, and how the system recovers. 5. **Define Retry Policies**: For transient errors, specify backoff strategy, max retries, and circuit breaker thresholds. Avoid unbounded retries. 6. **Define Compensations**: For saga-style flows, document what must be undone when a later step fails. Every compensation must be idempotent. 7. **Map Propagation Rules**: At every layer boundary, document how internal errors are translated to external errors. Strip internal details for security. 8. **Add Observability**: Every exception needs a log level and captured fields. Fatal errors need alerting rules. 9. **Validate**: Walk the completeness checklist. No silent swallowing; no unbounded retries; no unlogged fatals. ## Example ### Component: PaymentService **Scope**: All operations in `PaymentService` module. **Error Philosophy**: Retry-first for transient failures; fail-fast for validation; compensate for partial success. ```mermaid flowchart TD Authorize([authorize payment]) --> AuthDecision{Success?} AuthDecision -->|Yes| AuthSuccess([Return authorizationId]) AuthDecision -->|No| AuthClassify{Error Type?} AuthClassify -->|Network timeout| RetryAuth[Retry with exponential backoff] RetryAuth --> RetryCheck{Retries < 3?} RetryCheck -->|Yes| Authorize RetryCheck -->|No| CBOpen[Open Circuit Breaker] CBOpen --> AuthFail([PaymentUnavailableException]) AuthClassify -->|Invalid card| CardReject([InvalidPaymentMethodException]) AuthClassify -->|Insufficient funds| FundsReject([InsufficientFundsException]) AuthClassify -->|Provider error| ProviderFail[Log + Alert] ProviderFail --> AuthFail ``` **Exception Catalog**: | ID | Exception | Type | Source | Severity | Transient | Notes | | -- | --------- | ---- | ------ | -------- | --------- | ----- | | E01 | NetworkTimeoutException | unchecked | HTTP client → payment provider | degraded | yes | Provider API latency spike | | E02 | InvalidPaymentMethodException | checked | Payment provider response | warning | no | Card expired, invalid number, etc. | | E03 | InsufficientFundsException | checked | Payment provider response | warning | no | Customer has insufficient balance | | E04 | PaymentProviderException | unchecked | Payment provider 5xx | fatal | yes | Provider-side outage | | E05 | PaymentUnavailableException | checked | Circuit breaker open | degraded | no | Surfaced to caller after retries exhausted | **Error Handling Matrix**: | Exception (ID) | Detection Point | Handler Action | Recovery Strategy | Fallback | Caller Notification | | --------------- | --------------- | -------------- | ----------------- | -------- | ------------------- | | E01 | HTTP client timeout | catch, increment retry counter | retry with backoff | open circuit breaker after max retries | PaymentUnavailableException | | E02 | Provider response code `card_invalid` | map to domain exception | none — immediate rejection | none | InvalidPaymentMethodException (400) | | E03 | Provider response code `insufficient_funds` | map to domain exception | none — immediate rejection | none | InsufficientFundsException (402) | | E04 | Provider HTTP 5xx | log error, increment retry counter | retry with backoff | open circuit breaker | PaymentUnavailableException (503) | | E05 | Circuit breaker state check | skip provider call | none — circuit is open | none | PaymentUnavailableException (503) | **Retry Specifications**: | Exception (ID) | Max Retries | Backoff Strategy | Initial Delay | Max Delay | Jitter | Circuit Breaker Threshold | | --------------- | ----------- | ---------------- | ------------- | --------- | ------ | ------------------------- | | E01 | 3 | exponential | 200ms | 5000ms | yes (0-100ms) | 5 failures in 60 seconds | | E04 | 3 | exponential | 500ms | 10000ms | yes (0-200ms) | 3 failures in 30 seconds | **Error Propagation Rules**: | Source Layer | Source Error | Target Layer | Target Error | Transformation | Information Lost | | ------------ | ----------- | ------------ | ------------ | -------------- | ---------------- | | PaymentService | NetworkTimeoutException | OrderService (caller) | PaymentUnavailableException | wrap with generic message | provider URL, timeout duration | | PaymentService | PaymentProviderException | OrderService (caller) | PaymentUnavailableException | wrap with generic message | provider error body, trace ID (logged internally) | | OrderService | PaymentUnavailableException | API Gateway | 503 Service Unavailable | map to HTTP status | exception stack trace, internal error ID | ## Agent Notes - Create one DES-EHT per component or service boundary; do not mix error trees from unrelated components. - Every exception must trace back to a DES-MIC exception specification — if an exception has no interface contract, it's undocumented behavior. - Retry policies must always have a ceiling (max retries + circuit breaker). Unbounded retries are a reliability hazard. - Compensation actions must be idempotent — a compensation that fails and is retried must produce the same result. - Error propagation rules should strip internal details at every trust boundary to prevent information leakage. - Generate negative test cases directly: one per exception, one per retry exhaustion, one per circuit breaker trip, one per compensation chain. - Save finalized spec to `.aiwg/architecture/error-handling/DES-EHT-{id}.md`.