Context
Cross-repo traceability validation (REQ-020) currently requires manually declaring externals in rivet.yaml. But projects using Bazel or Nix already have a dependency graph with pinned revisions — rivet should be able to read it directly.
Eclipse SCORE pins 75+ repos via known_good.json → auto-generated MODULE.bazel with git_override(). Nix flakes pin inputs in flake.lock. Both contain exactly the information rivet needs: which repos, at what commits.
Problem
Maintaining a parallel dependency declaration in rivet.yaml:
- Drifts from the build system's source of truth
- Requires manual updates when repos are added/removed
- Forces teams to learn rivet-specific config when they already express this in Bazel/Nix
Proposed approach
Build system discovery
Rivet auto-discovers cross-repo dependencies from build system manifests:
# rivet.yaml
externals:
discovery: bazel # or: nix, known-good-json, manual (default)
# Optional overrides still allowed
overrides:
score-baselibs:
artifacts-path: docs/requirementsBazel provider: Parse MODULE.bazel for bazel_dep() + git_override() entries. Resolve workspace paths via bazel info output_base or read MODULE.bazel.lock.
Nix provider: Parse flake.lock for input entries with locked.rev and locked.url.
known-good-json provider: Parse SCORE-style known_good.json with repo names, commit SHAs, and code roots.
Rivet as a Bazel rule / Nix derivation
Additionally, rivet itself should be consumable as:
rules_rivet: Bazel module with a rivet_validate() rule that runs validation as a bazel test target- Nix flake:
nix run github:pulseengine/rivet -- validate
- Both distribute the single static binary without pulling LLVM/JDK/Python
Rivet artifacts
- REQ-027
- DD-022
- FEAT-044, FEAT-045
References
Context
Cross-repo traceability validation (REQ-020) currently requires manually declaring externals in rivet.yaml. But projects using Bazel or Nix already have a dependency graph with pinned revisions — rivet should be able to read it directly.
Eclipse SCORE pins 75+ repos via
known_good.json→ auto-generatedMODULE.bazelwithgit_override(). Nix flakes pin inputs inflake.lock. Both contain exactly the information rivet needs: which repos, at what commits.Problem
Maintaining a parallel dependency declaration in rivet.yaml:
Proposed approach
Build system discovery
Rivet auto-discovers cross-repo dependencies from build system manifests:
Bazel provider: Parse
MODULE.bazelforbazel_dep()+git_override()entries. Resolve workspace paths viabazel info output_baseor readMODULE.bazel.lock.Nix provider: Parse
flake.lockfor input entries withlocked.revandlocked.url.known-good-json provider: Parse SCORE-style
known_good.jsonwith repo names, commit SHAs, and code roots.Rivet as a Bazel rule / Nix derivation
Additionally, rivet itself should be consumable as:
rules_rivet: Bazel module with arivet_validate()rule that runs validation as abazel testtargetnix run github:pulseengine/rivet -- validateRivet artifacts
References