Skip to content

paths templates: 4 incorporations + 2 new (it-dependency, cybersecurity-attack-paths), on relationalai 1.15#87

Draft
cafzal wants to merge 14 commits into
mainfrom
paths/energy-telco-bom-itdep
Draft

paths templates: 4 incorporations + 2 new (it-dependency, cybersecurity-attack-paths), on relationalai 1.15#87
cafzal wants to merge 14 commits into
mainfrom
paths/energy-telco-bom-itdep

Conversation

@cafzal

@cafzal cafzal commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

Adds paths (variable-length traversal) coverage across the templates that mirror the validated path-eval ontologies, plus two net-new templates — cross-domain paths representation (energy, telco, supply-chain/BOM, tech-dependency, cybersecurity). Everything is pinned to relationalai==1.15.0, the release that ships the RPQ paths backend. Companion to the skills + eval work in rai-agent-evals#109.

Each incorporation composes its paths add on a centrality/structure artifact the template already computes; the domain framing stays in the template (the skill content carries the generalized pattern, per the plan).

Adds — all gates cleared on 1.15

Template Paths add Code + pin Docs Runbook paste-test Full-template 1.15 run
energy_grid_planning Stage 2.5 corridor fragility + contingency ✅ 1.15 ✅ 421 corridors / 99.833 / DFW; Stage 4 OPTIMAL
telco_network_recovery Stage 3.5 call-path enumeration (arity-3 entity-last edge, PageRank) ✅ 1.15 ✅ GNN→rules→PageRank→3.5→MIP; seed SUB-CON-00900, 198 paths, 54 towers, $4.99M
bom-reachability Assembly paths + maximal-paths (BOM DAG) ✅ 1.15 ✅ verbatim n/a ✅ 18 paths / 8 maximal; assembly_depth persisted
it-dependency-mapping (new) Downstream dependency paths + maximal-paths ✅ 1.15 n/a ✅ 46 paths → 6 maximal, 5-hop longest
cybersecurity-attack-paths (new) Multi-edge kill-chain (exploit → cred → pivot) + point query + exposure ranking ✅ 1.15 ✅ 3 kill-chains, 7-route point query, exposure 28/26/25, 11/12 assets persisted

The new cybersecurity-attack-paths template is the showcase for the 1.15 multi-relationship sequence capability: an attack chain composes distinct technique edges in kill-chain order, which a single unioned edge or a flat join cannot express because the order of techniques matters.

Verification

  • Pins bumped 1.13 → 1.15; the four incorporations re-run end-to-end on 1.15 and reproduce their counts exactly under the RPQ backend — no regression. Notably the telco arity-3 calls_via edge (caller, tower, callee) enumerates correctly under RPQ (an entity is the last field, which RPQ requires).
  • New cybersecurity-attack-paths: py_compile + ruff clean, runs on 1.15, and its runbook was paste-tested by a fresh agent that reproduced every documented number (3 kill-chains, 7-route point query, 28/26/25, 11/12 assets) without seeing the script.
  • py_compile + ruff green across all five; pins match v1/ (1.15); every reasoner stage binds its output back to the ontology; dev-templates-review + repo CONTRIBUTING.md conventions followed.
  • The full-template run gate previously caught two real bugs that static checks missed (it-dependency p.length-fanout; energy walk-vs-simple count), both fixed and re-run-verified on 1.15.

Test plan

  • paths-stage code + 1.15 pin + docstring + README (+ runbook where multi-reasoner) — all five
  • py_compile + ruff; dev-templates-review + repo conventions
  • full-template end-to-end run on 1.15 — four incorporations reproduce exactly; cybersecurity runs clean
  • changed/new runbook prompts paste-tested by fresh agents (energy 5b, telco 6b, cybersecurity full runbook)

@cafzal
energy_grid_planning: add Stage 2.5 paths (transmission corridors + c…
386ad6e 
…ontingency), bump to 1.13

WIP checkpoint - code + pin + docstring. README/runbook + full-template live-run pending.
Stage 2.5 composes on Stage 2 betweenness; logic live-validated standalone (421 corridors,
max betweenness-load 99.833, top-substation removal reroutes).
@github-actions

github-actions Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

The docs preview for this pull request has been deployed to Vercel!

✅ Preview: https://relationalai-docs-hm91x0hh9-relationalai.vercel.app/build/templates
🔍 Inspect: https://vercel.com/relationalai/relationalai-docs/Cp8qVKdJ56pYbk4sz2Z8F4a7u12k

@cafzal
energy_grid_planning: README + runbook for Stage 2.5 paths
4f70f27 
- How it works: Stage 2.5 subsection (transmission corridors + contingency) with
  verbatim snippet; chain-composition bullet for Substation.fragility_load.
- Runbook: step 5b 'Trace fragile transmission corridors' (question-shaped,
  betweenness anchored by structural test; 421 corridors, load 99.833, DFW
  contingency reroutes).
@cafzal
bom-reachability: add assembly-path enumeration (PREVIEW) + bump to 1.13
59cbaa7 
Derive SKU.feeds (input_sku -> output_sku) from BillOfMaterials, enumerate
assembly paths on the BOM DAG, add a maximal-paths view, persist SKU.assembly_depth.
Mirrors the live-validated Q4 pattern (18 paths -> finished goods). py_compile +
ruff green; full-template live-run is the pre-merge gate.
@cafzal
telco_network_recovery: add Stage 3.5 call-path enumeration (PREVIEW)
58f0877 
Arity-3 Subscriber.calls_via edge (caller via routed_through tower -> callee) from
CallDetailRecord; enumerate call paths from the top-PageRank hub (scoped; the call
graph is large/cyclic), recover the routing tower per hop via relationship_fields,
rank by PageRank summed along the route, persist Subscriber.top_call_path_influence.
Refactored to the live-validated explicit-src + pandas-field_index form (matches
telco_validate.py: 6376 simple <=3-hop paths, 120 towers). py_compile + ruff green;
pin already 1.13. Full-template live-run is the pre-merge gate.
@cafzal
it-dependency-mapping: NEW paths template (downstream dependency paths)
ff57456 
Single-reasoner (Graph/paths) template, Technology & Telecom domain. Feature
.contributes_to self-relationship (acyclic DAG); model.path(Feature.contributes_to
.repeat(1,N)).all_paths() enumerates downstream dependency paths, reduces to
maximal chains, persists Feature.max_downstream_depth. 14 features / 15 edges;
46 paths -> 6 maximal, longest 5 hops. Uses the live-validated single-relationship
path form. py_compile + ruff green; pin 1.13.0. Full-template live-run is the
pre-merge gate.
cafzal added 2 commits June 16, 2026 10:12
@cafzal
bom-reachability: README How-it-works section for assembly-path enume…
50932e8 
…ration
@cafzal
telco_network_recovery: runbook step 6b + README property for Stage 3…
ed87e26 
….5 paths

Runbook: question-shaped 'trace most-influential call paths' step (PageRank
anchored by structural test, scoped to a seed hub). README: Subscriber
.top_call_path_influence row in the concepts table.
@cafzal
it-dependency-mapping: fix path reassembly fan-out (full-template 1.1…
cc5dc2b 
…3 run)

The end-to-end run surfaced a bug py_compile/ruff missed: selecting p.length
alongside p.nodes fanned out the node rows, so maximal chains showed repeated
nodes and wrong hop counts. Drop p.length from the select, dedupe (path_id, step),
derive hops = max(step). Re-run verified: 46 paths -> 6 maximal, longest 5 hops
(Clickstream Ingest -> ... -> Retention Dashboard, 6 features / 5 owners).
@cafzal
energy_grid_planning: count simple corridors, not raw walks (full-tem…
b83ae92 
…plate 1.13 run)

End-to-end run surfaced that n_corridors counted all enumerated walks (8844),
mislabeled 'simple' and mismatching the runbook's 421. Count only simple
corridors (len([...]), not the shadowed sum). Re-run confirmed: 421 simple
corridors, max betweenness-load 99.833, DFW contingency 5 reroute / 1 lose all
-- matches the runbook + paste-test.
@cafzal
telco_network_recovery: runbook 6b verified numbers (full-template 1.…
22aea6c 
…13 run)

End-to-end run confirms the bundled data matches the eval (same seed/counts), so
the 6b response now carries the verified output: seed SUB-CON-00900, 198 simple
<=3-hop call paths, 54 towers, top route SUB-CON-00900 -> SUB-CON-00814 ->
SUB-ENT-0038 -> SUB-CON-00644 (PageRank sum 0.009041).
cafzal added 2 commits June 22, 2026 09:18
@cafzal
templates: bump 4 paths-template pins 1.13.0->1.15.0 (RPQ backend)
14351f0 
Re-ran all four end-to-end on pyrel 1.15; path counts reproduce exactly under
the RPQ translator (no regression):
- bom-reachability: 18 assembly paths, 8 maximal
- it-dependency-mapping: 46 paths, 6 maximal, 5-hop longest
- energy_grid_planning: 421 corridors, fragility 99.833, Stage 4 OPTIMAL
- telco_network_recovery: 198 call paths, 54 towers, Stage 4 MIP OPTIMAL

Notably the telco arity-3 calls_via edge (caller, tower, callee -- entity last)
enumerates correctly under RPQ; the entity-last ordering is the safe shape.
@cafzal
templates: add cybersecurity-attack-paths (multi-edge kill-chain, 1.15)
85f5e6d 
Net-new graph-paths template showcasing the multi-relationship-sequence
capability in pyrel 1.15: an attack chain composes DISTINCT technique edges in
kill-chain order (exploit a perimeter host, reuse credentials inward, then pivot
laterally), which a single unioned edge or a flat join cannot express.

- 12-asset enterprise estate, 16 technique-tagged steps; one edge per technique
  (exploit_to / cred_to / pivot_to) plus a can_reach union.
- Multi-edge kill-chain: model.path(a.exploit_to, b.cred_to, c.pivot_to.repeat(1,2), dst)
  filtered to internet-facing source + crown-jewel dst -> 3 chains; p.relationships
  labels the technique per hop.
- Point query: all web-01 -> db-01 routes over can_reach (<=6 hops, simple) -> 7 routes.
- Exposure ranking (28/26/25) and persisted Asset.on_attack_path (11 of 12 assets).

Runs clean on 1.15 (py_compile + ruff); runbook paste-tested by a fresh agent
that reproduced all documented numbers (3 chains, 7 routes, 28/26/25, 11 assets)
without seeing the script.
@cafzal cafzal changed the title paths incorporations: energy / telco / bom-reachability / it-dependency-mapping (1.13) paths templates: 4 incorporations + 2 new (it-dependency, cybersecurity-attack-paths), on relationalai 1.15 Jun 22, 2026
@cafzal
templates: address pre-share review findings
db7710d 
it-dependency-mapping README: the 'How it works' enumeration snippet was
teaching the p.length-fanout anti-pattern the script avoids -- replaced with
the script's actual select (no p.length) + dedupe + max(step) reassembly.
Version refs: bump the two hard prereq contradictions (energy ==1.11.0, telco
==1.12.0) and the paths PREVIEW notes (>=1.13) to match the ==1.15.0 pin; kept
the accurate 'introduced in 1.13' history and the >=1.12 member-mapping note.
cybersecurity-attack-paths: dedupe the per-chain exposure sum (set()) to match
the 'distinct assets' claim; anchor technique_label to a trailing '_to' suffix
so a custom mid-string technique isn't mangled.
bom-reachability: single pandas import style (pd.read_csv).

All five py_compile + ruff clean; bom re-run unchanged (18 paths / 8 maximal);
cybersecurity re-run unchanged (3 chains, exposure 28/26/25, 7 routes, 11/12).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@somacdivad somacdivad Awaiting requested review from somacdivad somacdivad will be requested when the pull request is marked ready for review somacdivad is a code owner

@jablonskidev jablonskidev Awaiting requested review from jablonskidev jablonskidev will be requested when the pull request is marked ready for review jablonskidev is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

deployed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cafzal