Back to corpus
technical noteexperiment writeup candidatescore 36

Graph Kernel DEP Audit V2

**OpenClaw CompCore — Deep Engineering Posture Assessment** **Version:** 2.0.0 · **Date:** 2026-02-14 **Auditor:** Automated Code Analysis + Live Service Inspection **Codebase:** `core/semantic/cc-graph-kernel/` — ~11,241 lines Rust

Open full HTMLDownload HTMLCorpus JSONPaper schema

Full HTML reader

Read the full artifact

Open in new tab

Extracted abstract or opening context

**OpenClaw CompCore — Deep Engineering Posture Assessment** **Version:** 2.0.0 · **Date:** 2026-02-14 **Auditor:** Automated Code Analysis + Live Service Inspection **Codebase:** `core/semantic/cc-graph-kernel/` — ~11,241 lines Rust The Graph Kernel is a remarkably well-architected provenance engine. It achieves something rare: a Rust service with genuine cryptographic security guarantees enforced at the type level, deterministic behavior verified through golden tests, and a clean separation between its core library (zero I/O) and its service layer (Axum + PostgreSQL). The codebase punches above its weight. That said, this audit identifies 47 specific findings across 12 dimensions. The most critical: **the 291ms latency is entirely addressable** (90% network RTT), **entity normalization lives outside the Rust service** (Python middleware), and **server-side multi-hop traversal doesn't exist** (client must make N HTTP calls for N hops). None of these are architectural debt — they're engineering TODOs that the team has already documented. **Overall Health Score: 7.4 / 10** — Production-viable with clear improvement vectors. | # | Dimension | Score | Verdict | |---|-----------|-------|---------| | 1 | Code Quality | **8/10** | Clean Rust, strong idioms, no unsafe | | 2 | Architecture | **9/10** | Exceptional separation of concerns | | 3 | Performance | **5/10** | 291ms latency, all network-caused | | 4 | Data Model | **7/10** | Solid triple store, normalization gaps | | 5 | Security | **9/10** | HMAC + type-level enforcement is excellent | | 6 | Testing | **8/10** | Golden tests, property tests, benchmarks | | 7 | Documentation | **9/10** | Research paper, architecture doc, inline comments | | 8 | Dependencies | **7/10** | Clean, some staleness risk | | 9 | Operational | **7/10** | Health checks present, metrics are log-based only | | 10 | Scale | **6/10** | Works at current load, limits unclear | | 11 | Known Bugs | **6/10** | Entity normalization, pagination | | 12 | Missing Features | **5/10** | No server-side traversal, no streaming, no visualization |

Promotion decision

What has to happen next

Attach run IDs, datasets, metrics, and reproduction commands.

Why this is not always a full paper yet

Corpus pages are public-safe readers for discovered workspace artifacts. They are not automatically final papers. A corpus item becomes a polished paper only after the editable source, evidence checkpoints, references, figures, render path, and release status are attached through the paper schema.