【汽车芯片功能安全分析与故障注入实践 19】CI Automation：从手动安全运行到可复现安全回归门禁

作者 ：Darren H. Chen
方向 ：汽车芯片功能安全分析与故障注入实践
Demo ：D19_ci_automation
标签：汽车芯片、功能安全、CI 自动化、安全回归、故障注入、FMEDA、Diagnostic Coverage、Residual FIT、Evidence Package、Dashboard、工程流程

---

1. 为什么这一篇重要？

上一篇文章中，我们已经把 safety evidence packages、reports、regression outputs 和 comparison results 转换成了 dashboard 和 website demo。

D18 生成的输出包括：

site/index.html
site/assets/app.js
site/assets/style.css
site/data/dashboard_index.json
site/data/overview_metrics.json
site/data/fault_outcomes.json
site/data/measured_dc.json
site/data/fmeda_rows.json
site/data/residual_fit.json
site/data/review_items.json
site/data/trend_summary.json
site/data/tool_comparison.json
site/data/traceability_links.json
outputs/dashboard_build_summary.md
outputs/dashboard_validation.csv
outputs/dashboard_warnings.csv
outputs/site_manifest.yaml

这让整个流程变得可见、可评审。

但是，一个工程平台不能只依赖手动执行。

真实团队最终会问：

当 design、configuration、fault list 或 safety policy 发生变化时，安全分析流程能否自动执行？

本篇对应的 Demo 是：

D19_ci_automation

本篇引入的通用工具名是：

safeic-ci

safeic-ci 的目标，是把前面的安全分析步骤组织成一个可重复的 CI-style flow：

input package validation
static preflight
fault list generation
campaign execution or emulation
fault outcome classification
measured DC computation
FMEDA update
evidence package generation
safety report generation
regression comparison
dashboard refresh
CI gate decision
artifact archiving

并生成：

ci_summary.md
ci_status.csv
ci_gate_result.json
ci_stage_status.csv
ci_artifact_index.csv
ci_warnings.csv
ci_failure_reasons.csv
ci_run_manifest.yaml

核心思想是：

CI automation 把 safety workflow 从手工 demo sequence 转换成可重复执行的工程门禁。这个门禁不证明设计一定安全，但能防止 safety evidence 在设计变化中悄悄退化。

---

2. D19 在整体流程中的位置

D19 是覆盖前面 Demo 的自动化层。
D01-D13 Analysis Steps
D14 Evidence Package
D15 Safety Report
D16 Regression
D18 Dashboard
CI Config
D19 CI Automation
CI Gate Result

图 1：D19 将前面的 analysis、reporting、regression 和 dashboard 步骤组织成 CI-style workflow。

前面的 Demo 回答了：

如何构建 evidence？
如何报告 evidence？
如何跟踪 regression？
如何可视化 evidence？

D19 回答的是：

如何重复运行这个 flow？
哪些 stages pass、warn 或 fail？
生成了哪些 artifacts？
哪些 warning 应阻塞 CI gate？
哪些 warning 只需要报告？
Dashboard 是否能自动刷新？
结果是否能归档用于后续比较？

从这里开始，整个流程开始具备 continuous engineering system 的形态。

---

3. CI Automation 不是 Certification

CI gate 不是 safety certification gate。

它不能证明：

设计符合 ISO 26262
safety case 已经完整
safety mechanism 已经充分
产品已经可以 release

它能证明的是更窄但非常有用的事情：

配置的 analysis flow 已经运行
required artifacts 已经生成
metrics 可以被解析
regression checks 已经执行
high-severity regressions 能被发现
evidence package 已经生成
report 和 dashboard 已经刷新

does not prove
CI Automation
Repeatability
Artifact Completeness
Regression Detection
Evidence Refresh
Final Safety Signoff

图 2：CI automation 提升 repeatability 和 regression detection，但不替代 formal safety review。

这个边界必须在公开报告和内部报告中明确说明。

---

4. 为什么功能安全流程需要 CI？

如果没有 CI automation，safety artifacts 很容易变旧。

常见问题包括：

RTL changed but fault list was not regenerated
fault list changed but campaign was not rerun
campaign reran but fault outcomes were not reclassified
measured DC changed but FMEDA was not updated
FMEDA changed but evidence package was not rebuilt
report was not regenerated
dashboard shows old values
regression comparison uses an old baseline

CI automation 的价值在于通过受控 dependency chain 减少这些断链。
Design Change
Preflight
Fault List
Campaign
Outcome Classification
Measured DC
FMEDA
Evidence Package
Report
Regression Gate
Dashboard

图 3：CI automation 让 safety artifacts 随 design 和 policy changes 保持同步。

关键价值不是速度，而是防止隐藏的 evidence drift。

---

5. CI Orchestration 与 Individual Tools 的区别

前面的 Demo 引入了多个单一职责工具：

safeic-input
safeic-fit
safeic-struct
safeic-dc
safeic-faultgen
safeic-vcd
safeic-campaign
safeic-classify
safeic-measdc
safeic-fmeda
safeic-evidence
safeic-report
safeic-regress
safeic-compare
safeic-dashboard

D19 引入的是 orchestration tool：

safeic-ci

safeic-ci 不应该复制所有工具的内部逻辑。

它应该负责：

load CI configuration
determine which stages to run
execute each stage
capture logs
collect exit codes
validate artifacts
evaluate gate policy
summarize results
archive artifacts

这种分离可以让每个工具保持单一职责，也让 CI 行为更容易调试。

---

6. CI Stages

一个实用的 D19 CI flow 可以拆成以下 stages：

stage_00_environment_check
stage_01_input_preflight
stage_02_static_analysis
stage_03_fault_list_generation
stage_04_campaign_execution
stage_05_fault_classification
stage_06_measured_dc
stage_07_fmeda_update
stage_08_evidence_package
stage_09_report_generation
stage_10_regression_check
stage_11_dashboard_build
stage_12_archive
stage_13_gate_decision

每个 stage 都应产生：

status
start time
end time
duration
command
log file
expected artifacts
actual artifacts
warnings
errors

示例：

stage,status,duration_sec,log,artifacts
stage_05_fault_classification,PASS,3.2,logs/stage_05.log,outputs/D11/fault_outcomes.csv
stage_10_regression_check,WARN,1.1,logs/stage_10.log,outputs/D16/regression_alerts.csv
stage_13_gate_decision,FAIL,0.2,logs/stage_13.log,outputs/ci_gate_result.json

Stage model 让一次 CI run 本身也变成可评审对象。

---

7. Stage Status Model

一个有用的 CI status model 可以包含：

PASS
WARN
FAIL
SKIP
BLOCKED
NOT_RUN

定义如下：

PASS:
  stage completed and required artifacts exist

WARN:
  stage completed but warnings were found

FAIL:
  stage failed or required artifacts are missing

SKIP:
  stage intentionally skipped by configuration

BLOCKED:
  stage was not run because an earlier required stage failed

NOT_RUN:
  stage was not scheduled or not reached

这比二元 pass/fail 更适合安全分析流程。

因为功能安全分析经常产生需要 review 的 warning，但它们不一定都应该阻塞早期探索流程。

---

8. CI Gate Result

最终 CI gate 必须显式。

建议 gate statuses：

PASS
PASS_WITH_WARNINGS
FAIL
MANUAL_REVIEW_REQUIRED

示例：

{
  "gate": "MANUAL_REVIEW_REQUIRED",
  "reason": "high-severity review item remains open",
  "failed_stages": [],
  "warning_stages": ["stage_10_regression_check"],
  "critical_alerts": 0,
  "high_alerts": 1,
  "manual_review_items": 2
}

MANUAL_REVIEW_REQUIRED 是很有价值的状态。

它表示自动化流程已经完成，但在接受这份 evidence 之前，需要工程判断。

---

9. CI Gate Policy

D19 应由 gate policy file 控制。

示例：

ci_gate_policy:
  fail_on:
    - missing_required_artifact
    - stage_failure
    - critical_regression_alert
    - detected_to_unsafe
    - residual_fit_increase_above_fail_threshold
    - private_data_leak_detected

  manual_review_on:
    - high_regression_alert
    - measured_dc_lower_than_estimated
    - new_unsafe_fault
    - unresolved_ratio_above_threshold
    - policy_changed_with_metric_change
    - high_severity_review_item_open

  warn_on:
    - low_confidence_metric
    - small_sample_size
    - public_demo_limitation
    - non_blocking_dashboard_warning

  allow_skip:
    - commercial_tool_comparison
    - dashboard_build

这让 CI decision 可复现。

同一组 evidence 不应因为不同人看 log 而得到不同 gate result。

---

10. CI Configuration

CI configuration 定义要运行什么。

示例 ci_config.yaml：

ci:
  name: toy_counter_safety_ci
  mode: public_demo
  top_module: toy_counter
  run_id: auto

stages:
  input_preflight: true
  static_analysis: true
  fault_list_generation: true
  campaign_execution: true
  fault_classification: true
  measured_dc: true
  fmeda_update: true
  evidence_package: true
  report_generation: true
  regression_check: true
  commercial_tool_comparison: false
  dashboard_build: true
  archive: true

execution:
  shell: csh
  stop_on_stage_failure: false
  continue_after_warning: true
  max_runtime_minutes: 60

artifacts:
  root: ci_runs
  retain_last_n: 10

这个文件让 pipeline 变得显式。

不同 profile 可以使用不同 stage sets。

---

11. CI Profiles

建议 profiles：

public_demo
developer_quick
nightly_full
pre_release
customer_demo
internal_review

示例：

profiles:
  developer_quick:
    campaign_execution: emulation
    regression_check: true
    dashboard_build: false

  nightly_full:
    campaign_execution: real_or_large_sample
    regression_check: true
    dashboard_build: true
    archive: true

  public_demo:
    campaign_execution: emulation
    commercial_tool_comparison: synthetic_normalized_data
    dashboard_build: true
    sanitize_outputs: true

Profiles 让同一套架构支持不同使用场景。

Public demo 不应该与 internal full campaign 完全一样运行。

---

12. Trigger Conditions

CI 可以由以下变化触发：

RTL files
testbench files
fault policies
classification policies
measurement policies
FMEDA seed table
tool scripts
dashboard templates
report templates
comparison configuration

示例 trigger logic：

triggers:
  rtl_changed:
    run:
      - input_preflight
      - fault_list_generation
      - campaign_execution
      - fault_classification
      - measured_dc
      - fmeda_update
      - evidence_package
      - regression_check

  report_template_changed:
    run:
      - report_generation
      - dashboard_build

  dashboard_template_changed:
    run:
      - dashboard_build

这可以避免不必要的 reruns。

也让 dependency reasoning 更清楚。

---

13. Dependency Graph

D19 应建模 stages 之间的依赖关系。

示例：
input_preflight
static_analysis
fault_list_generation
campaign_execution
fault_classification
measured_dc
fmeda_update
evidence_package
report_generation
regression_check
dashboard_build
archive
gate_decision

图 4：CI dependency graph 可以防止 downstream artifacts 变旧。

如果 campaign_execution 失败，后续 stages 可以被 block，也可以按 policy 进入 partial mode。

---

14. Partial CI Runs

CI run 可以是 partial。

示例：

report-only rerun
dashboard-only rebuild
regression-only comparison
preflight-only check
fault-classification rerun

Partial runs 很有用，因为不是每次变化都需要完整 campaign。

但 partial runs 必须被标记。

示例：

run_id,profile,run_type,status
ci_001,public_demo,full_flow,PASS_WITH_WARNINGS
ci_002,public_demo,dashboard_only,PASS
ci_003,developer_quick,preflight_only,PASS

由 partial run 生成的报告，不应被误解为一次完整 safety-analysis update。

---

15. Artifact Management

CI 应将 artifacts 存储在结构化 run directory 中。

建议结构：

ci_runs/
  ci_2026_05_12_001/
    ci_run_manifest.yaml
    ci_status.csv
    ci_gate_result.json
    logs/
      stage_01_input_preflight.log
      stage_02_static_analysis.log
      ...
    artifacts/
      D11_fault_outcomes/
      D12_measured_dc/
      D13_fmeda/
      D14_evidence_package/
      D15_report/
      D16_regression/
      D18_dashboard/
    summaries/
      ci_summary.md
      safety_report_summary.md
      regression_summary.md

这样 CI results 才容易归档和比较。

---

16. Artifact Index

D19 应生成 ci_artifact_index.csv。

示例：

artifact_id,stage,file_path,artifact_type,required,exists,sha256
A001,stage_05_fault_classification,artifacts/D11/fault_outcomes.csv,fault_outcomes,true,true,abc123
A002,stage_06_measured_dc,artifacts/D12/measured_dc_by_failure_mode.csv,metric,true,true,def456
A003,stage_07_fmeda_update,artifacts/D13/fmeda_table.csv,fmeda,true,true,789abc
A004,stage_11_dashboard_build,artifacts/D18/site/index.html,dashboard,false,true,555aaa

Artifact index 对可复现性非常关键。

它说明生成了什么，以及它们来自哪个 stage。

---

17. Log Management

每个 stage 都应有日志。

示例：

logs/stage_01_input_preflight.log
logs/stage_04_campaign_execution.log
logs/stage_10_regression_check.log
logs/stage_13_gate_decision.log

CI summary 应包含关键 log paths。

不应该让用户在随机输出目录中到处找 log。

一个好的 log 应包括：

command
working directory
environment summary
start time
end time
exit code
warnings
errors
artifact paths

Logs 也是 evidence。

---

18. Environment Capture

如果没有 environment capture，safety CI results 很难复现。

D19 应记录：

OS
hostname
user or sanitized user
shell
Python version
tool versions
PATH snapshot or sanitized PATH
license environment presence
Git commit
working tree status
run timestamp

示例 environment_summary.csv：

item,value
os,Rocky Linux 8.10
shell,csh
python,3.11
git_commit,abc1234
working_tree,dirty
safa_available,false
execution_mode,public_demo_emulation

对于 public demos，要脱敏 private paths 和 usernames。

---

19. Real Tool Mode vs Emulation Mode

D19 应明确区分：

real_tool_mode
emulation_mode
hybrid_mode

定义：

real_tool_mode:
  invokes licensed or installed tools

emulation_mode:
  uses sample data or lightweight open scripts

hybrid_mode:
  uses real outputs from previous runs but does not invoke the tool in CI

示例：

execution_modes:
  campaign_execution: emulation
  commercial_tool_comparison: normalized_sample
  dashboard_build: real

这可以防止 public demo 用户误以为执行了完整商用工具流程。

---

20. Handling Commercial Tools in CI

商用工具可能需要：

licenses
specific OS
specific environment variables
restricted logs
large runtime
confidential outputs

对于 public CI，通常更适合使用：

normalized sample outputs
sanitized snapshots
mock adapters
pre-recorded demo artifacts

对于 private CI，可以配置真实商用工具运行。

D19 应支持两种模式：

commercial_tool:
  mode: normalized_snapshot
  allow_raw_report_publish: false
  adapter: generic_csv

这样可以保证公开流程安全。

---

21. Caching and Incremental Builds

部分 safety stages 可能开销较大。

D19 可以支持 caching。

Cache keys 可以包括：

RTL hash
filelist hash
policy hash
fault list hash
campaign config hash
tool version

示例：

cache:
  enabled: true
  keys:
    fault_list_generation:
      - rtl_hash
      - faultgen_policy_hash
    measured_dc:
      - fault_outcomes_hash
      - measurement_policy_hash

如果输入没有变化，某个 stage 可以复用 previous artifacts。

但 caching 必须透明。

CI report 应说明：

stage reused cached artifact

而不是假装该 stage 重新运行了。

---

22. Safety Regression Gate

D19 最重要的输出是 gate decision。

Gate 应综合考虑：

stage failures
missing artifacts
critical regression alerts
new unsafe faults
detected-to-unsafe deltas
residual FIT increase
review item severity
evidence quality degradation
policy changes
dashboard privacy violations

示例 decision logic：

if any required stage fails:
  FAIL

else if critical regression alert exists:
  FAIL

else if high-severity review item exists:
  MANUAL_REVIEW_REQUIRED

else if warnings exist:
  PASS_WITH_WARNINGS

else:
  PASS

具体 policy 应按项目定义。

D19 应把它显式化。

---

23. CI Status Report

ci_status.csv 应总结每个 stage。

示例：

stage,status,duration_sec,required,log,summary
environment_check,PASS,0.2,true,logs/stage_00.log,environment captured
input_preflight,PASS,1.1,true,logs/stage_01.log,input package valid
fault_classification,PASS,2.4,true,logs/stage_05.log,fault outcomes generated
measured_dc,PASS,1.0,true,logs/stage_06.log,measured DC generated
regression_check,WARN,1.3,true,logs/stage_10.log,one high review item remains open
dashboard_build,PASS,0.9,false,logs/stage_11.log,site generated
gate_decision,MANUAL_REVIEW_REQUIRED,0.1,true,logs/stage_13.log,high review item open

这是 CI run 结束后 reviewer 最应该先看的文件。

---

24. CI Summary Report

ci_summary.md 应该是可读的。

示例：

# D19 CI Automation Summary

Run ID: ci_2026_05_12_001  
Profile: public_demo  
Design: toy_counter  
Gate: MANUAL_REVIEW_REQUIRED  

## Stage Summary

- PASS: 10
- WARN: 1
- FAIL: 0
- SKIP: 1

## Key Warnings

1. High-severity review item remains open for FM_ALARM_NOT_ASSERTED.
2. Measured DC confidence is low for selected demo groups.
3. Dashboard uses public demo data and is not production signoff evidence.

## Generated Artifacts

- Evidence package
- Safety report
- Regression summary
- Static dashboard site

## Next Actions

1. Review alarm-path safety mechanism.
2. Expand fault campaign sample size.
3. Keep selected DC conservative until evidence confidence improves.

这个 summary 应该让 reviewer 快速判断下一步要看什么。

---

25. CI Failure Reasons

如果 gate 失败，失败原因必须明确。

示例 ci_failure_reasons.csv：

reason_id,severity,category,stage,message,recommended_action
F001,CRITICAL,regression,stage_10_regression_check,detected fault F010 became unsafe,review recent RTL or safety mechanism change
F002,HIGH,artifact,stage_07_fmeda_update,fmeda_table.csv missing,rerun FMEDA update stage

没有清楚原因的 CI failure 会浪费工程时间。

---

26. CI Warnings

Warnings 应与 failures 分开。

示例 ci_warnings.csv：

warning_id,severity,stage,message
W001,MEDIUM,stage_06_measured_dc,measured DC confidence is LOW
W002,LOW,stage_11_dashboard_build,one traceability link target missing
W003,LOW,stage_00_environment_check,SAFA_SA not found; using emulation mode

Warnings 对 review 很有价值，但不应总是让 CI fail。

---

27. CI Run Manifest

Run manifest 记录发生了什么。

示例 ci_run_manifest.yaml：

ci_run:
  run_id: ci_2026_05_12_001
  profile: public_demo
  design: toy_counter
  start_time: 2026-05-12T10:00:00
  end_time: 2026-05-12T10:08:00
  gate_result: MANUAL_REVIEW_REQUIRED

inputs:
  ci_config: inputs/ci_config.yaml
  ci_gate_policy: inputs/ci_gate_policy.yaml
  design_manifest: inputs/design_manifest.yaml

outputs:
  status: outputs/ci_status.csv
  gate_result: outputs/ci_gate_result.json
  summary: outputs/ci_summary.md
  artifact_index: outputs/ci_artifact_index.csv

这让 CI runs 可以被比较和审计。

---

28. D19 Repository Layout

建议目录：

D19_ci_automation/
  README.md
  run_demo.sh
  run_demo.csh
  manifest.yaml

  inputs/
    ci_config.yaml
    ci_gate_policy.yaml
    design_manifest.yaml
    stage_commands.yaml
    public_data_policy.yaml

  scripts/
    run_stage.csh
    run_ci.csh
    run_ci.sh

  tools/
    safeic_ci.py

  workspace/
    D01/
    D11/
    D12/
    D13/
    D14/
    D15/
    D16/
    D18/

  ci_runs/
    ci_demo_latest/
      logs/
      artifacts/
      summaries/

  outputs/
    ci_summary.md
    ci_status.csv
    ci_gate_result.json
    ci_stage_status.csv
    ci_artifact_index.csv
    ci_warnings.csv
    ci_failure_reasons.csv
    ci_run_manifest.yaml

D19 的 public demo 不应要求前面所有 Demo 都完整真实运行。

它可以使用一个小型 sample workspace。

---

29. Stage Command File

Stage command file 把执行命令放在 Python 逻辑之外。

示例 stage_commands.yaml：

stages:
  input_preflight:
    command: "csh workspace/D01/scripts/run_demo.csh"
    required: true

  fault_classification:
    command: "csh workspace/D11/scripts/run_demo.csh"
    required: true

  measured_dc:
    command: "csh workspace/D12/scripts/run_demo.csh"
    required: true

  fmeda_update:
    command: "csh workspace/D13/scripts/run_demo.csh"
    required: true

  evidence_package:
    command: "csh workspace/D14/scripts/run_demo.csh"
    required: true

  report_generation:
    command: "csh workspace/D15/scripts/run_demo.csh"
    required: true

  regression_check:
    command: "csh workspace/D16/scripts/run_demo.csh"
    required: true

  dashboard_build:
    command: "csh workspace/D18/scripts/run_demo.csh"
    required: false

这让 CI orchestrator 更灵活。

---

30. 工具架构

通用工具 safeic-ci 可以实现成 staged orchestrator。
manifest.yaml
safeic-ci
ci_config.yaml
ci_gate_policy.yaml
stage_commands.yaml
workspace/
Load Config
Resolve Stages
Capture Environment
Run Stages
Collect Artifacts
Evaluate Warnings and Failures
Apply Gate Policy
Write CI Reports
Archive Run

图 5：safeic-ci 负责组织 stages、捕获 logs 和 artifacts、应用 gate policy，并输出 CI reports。

建议内部模块：

safeic_ci/
  cli.py
  manifest.py
  load_config.py
  stage_graph.py
  env_capture.py
  command_runner.py
  artifact_collector.py
  log_parser.py
  gate_policy.py
  status_report.py
  archive.py
  summary.py

职责划分：

Module	Responsibility
stage_graph.py	Resolve stages and dependencies
env_capture.py	Capture reproducibility context
command_runner.py	Run commands and capture exit codes
artifact_collector.py	Collect and hash generated artifacts
log_parser.py	Extract warnings and errors
gate_policy.py	Apply CI gate rules
status_report.py	Write stage status tables
archive.py	Store run artifacts
summary.py	Generate human-readable summary

---

31. D19 Manifest

示例：

project:
  name: automotive_safeic_practice
  demo: D19_ci_automation
  top_module: toy_counter

inputs:
  ci_config: inputs/ci_config.yaml
  ci_gate_policy: inputs/ci_gate_policy.yaml
  design_manifest: inputs/design_manifest.yaml
  stage_commands: inputs/stage_commands.yaml
  public_data_policy: inputs/public_data_policy.yaml

workspace:
  root: workspace

outputs:
  summary: outputs/ci_summary.md
  status: outputs/ci_status.csv
  gate_result: outputs/ci_gate_result.json
  stage_status: outputs/ci_stage_status.csv
  artifact_index: outputs/ci_artifact_index.csv
  warnings: outputs/ci_warnings.csv
  failure_reasons: outputs/ci_failure_reasons.csv
  run_manifest: outputs/ci_run_manifest.yaml

Manifest 定义 CI run。

---

32. D19 执行流程

Load Manifest
Load CI Config
Load Gate Policy
Load Stage Commands
Capture Environment
Create CI Run Directory
Run Enabled Stages
Capture Logs and Exit Codes
Collect Required Artifacts
Parse Warnings and Alerts
Evaluate Gate Policy
Write CI Status Reports
Archive Artifacts

图 6：D19 执行流程：加载配置、运行 stages、收集 artifacts、评估 gate policy 并归档结果。

示例 bash 脚本：

#!/usr/bin/env bash
set -euo pipefail

safeic-ci \
  --manifest manifest.yaml \
  --output-dir outputs

示例 csh 脚本：

#!/bin/csh -f

set DEMO = D19_ci_automation
echo "Running $DEMO"

safeic-ci \
  --manifest manifest.yaml \
  --output-dir outputs

预期输出：

outputs/ci_summary.md
outputs/ci_status.csv
outputs/ci_gate_result.json
outputs/ci_stage_status.csv
outputs/ci_artifact_index.csv
outputs/ci_warnings.csv
outputs/ci_failure_reasons.csv
outputs/ci_run_manifest.yaml

---

33. ci_gate_result.json 示例

{
  "run_id": "ci_demo_latest",
  "profile": "public_demo",
  "gate": "MANUAL_REVIEW_REQUIRED",
  "stage_counts": {
    "PASS": 10,
    "WARN": 1,
    "FAIL": 0,
    "SKIP": 1
  },
  "alerts": {
    "critical": 0,
    "high": 1,
    "medium": 2,
    "low": 1
  },
  "reasons": [
    "high-severity review item remains open",
    "measured DC confidence is low"
  ],
  "recommendation": "review safety findings before accepting this CI run"
}

这个文件可以被 scripts、dashboards 或 CI systems 消费。

---

34. ci_status.csv 示例

stage,status,required,duration_sec,exit_code,log
environment_check,PASS,true,0.2,0,logs/stage_00_environment_check.log
input_preflight,PASS,true,1.1,0,logs/stage_01_input_preflight.log
fault_list_generation,PASS,true,1.5,0,logs/stage_03_fault_list_generation.log
campaign_execution,PASS,true,2.8,0,logs/stage_04_campaign_execution.log
fault_classification,PASS,true,1.7,0,logs/stage_05_fault_classification.log
measured_dc,PASS,true,0.8,0,logs/stage_06_measured_dc.log
fmeda_update,PASS,true,0.9,0,logs/stage_07_fmeda_update.log
evidence_package,PASS,true,1.0,0,logs/stage_08_evidence_package.log
report_generation,PASS,true,0.7,0,logs/stage_09_report_generation.log
regression_check,WARN,true,0.6,0,logs/stage_10_regression_check.log
dashboard_build,PASS,false,0.8,0,logs/stage_11_dashboard_build.log
gate_decision,MANUAL_REVIEW_REQUIRED,true,0.1,0,logs/stage_13_gate_decision.log

这个表可以一眼看出 CI run 的状态。

---

35. ci_summary.md 示例

# D19 CI Automation Summary

Run ID: ci_demo_latest  
Profile: public_demo  
Design: toy_counter  
Gate Result: MANUAL_REVIEW_REQUIRED  

## Stage Status

| Status | Count |
|---|---:|
| PASS | 10 |
| WARN | 1 |
| FAIL | 0 |
| SKIP | 1 |

## Main Artifacts

- Evidence package generated.
- Safety report generated.
- Regression comparison generated.
- Dashboard site generated.

## Gate Reasons

- High-severity review item remains open.
- Measured DC confidence is low for demo sample.

## Recommended Actions

1. Review alarm-path safety mechanism.
2. Expand campaign sample size.
3. Keep FMEDA selected DC conservative.

这是面向工程师的人类可读 summary。

---

36. 校验规则

safeic-ci 应校验：

manifest.yaml exists
ci_config.yaml exists
ci_gate_policy.yaml exists
stage_commands.yaml exists
enabled stages have commands
required stage commands are runnable
workspace exists
output directory is writable
required artifacts are defined
gate policy has valid rules
stage statuses are valid
artifact index is generated
gate result is generated

示例信息：

[PASS] CI config loaded
[PASS] gate policy loaded
[PASS] stage command file loaded
[PASS] workspace found
[PASS] stage input_preflight completed
[WARN] stage regression_check produced high-severity review item
[WARN] dashboard build generated public demo limitation warning
[ERROR] required artifact D13/fmeda_table.csv missing

CI orchestrator 应在 required configuration 无效时清楚失败。

---

37. 常见错误

37.1 把 CI PASS 当成 Safety Signoff

CI pass 只代表 configured checks 通过。

它不代表最终安全批准。

37.2 隐藏 Warnings

即使 warnings 不导致 gate fail，也应报告。

37.3 复用 Cached Artifacts 但不披露

如果某个 stage 使用 cache，summary 必须说明。

37.4 没有 Dependency Awareness 就运行 Stages

如果忽视依赖关系，downstream artifacts 可能变旧。

37.5 混合 Public Demo 和 Private Project Data

Public CI 必须脱敏。

Private project artifacts 不应泄露到 public dashboards 或 repositories。

37.6 所有 Low-Confidence Metric 都 Fail CI

Low confidence 在早期 Demo 中可能是预期现象。

可以用 manual review 或 warning status 处理。

37.7 不归档 Artifacts

没有 archived artifacts，regression tracking 会变得不可靠。

---

38. D19 如何连接到后续 Demo？

D19 为 public demo packaging、user trials 和 platform delivery 创建 automation foundation。
D19 CI Automation
D20 Public Demo Package
D21 User Trial Flow
D22 Training Package
D23 Deployment Profile
Shareable GitHub Release
External User Evaluation
Course / Workshop Material
Internal or Customer Deployment

图 7：D19 为 demo packaging、trials、training 和 deployment 提供自动化基础。

一旦 CI automation 存在，后续每个输出都可以一致地重新生成。

---

39. 推荐实现阶段

D19 可以分阶段实现。

Stage 1：Stage Runner

运行配置好的 commands，并捕获 status。

交付物：

ci_status.csv
logs/

Stage 2：Artifact Collection

收集 expected artifacts，并生成 hashes。

交付物：

ci_artifact_index.csv

Stage 3：Gate Policy Evaluation

应用 pass/warn/fail/manual-review 规则。

交付物：

ci_gate_result.json
ci_failure_reasons.csv
ci_warnings.csv

Stage 4：Summary and Archive

生成 summary 并归档 run directory。

交付物：

ci_summary.md
ci_run_manifest.yaml
ci_runs/

Stage 5：Dashboard Refresh and Publication Hook

自动重建 dashboard，并准备 public demo bundle。

交付物：

site/
public_demo_bundle.zip

这个分阶段方法让 D19 立刻能作为 orchestration layer 使用，并且能逐步扩展到真实 CI integration。

---

40. 总结

CI automation 把 safety workflow 转换成可重复执行的工程门禁。

D19 Demo：

D19_ci_automation

引入通用工具：

safeic-ci

该工具消费：

ci_config.yaml
ci_gate_policy.yaml
stage_commands.yaml
workspace artifacts
previous demo tools and scripts

并生成：

ci_summary.md
ci_status.csv
ci_gate_result.json
ci_stage_status.csv
ci_artifact_index.csv
ci_warnings.csv
ci_failure_reasons.csv
ci_run_manifest.yaml

核心结论是：

Safety CI 不是 certification。它的价值在于 repeatability、artifact completeness、regression detection 和 evidence freshness。它帮助确保 design 和 policy changes 不会悄悄破坏 safety argument。

D19 把前面的 demo sequence 转换成一个可自动化 workflow，可用于内部工程、公开方法论演示以及未来面向客户的评估流程。

---

41. D19 Demo Checklist

对于 D19_ci_automation，预期交付物如下：

[ ] README.md
[ ] run_demo.sh
[ ] run_demo.csh
[ ] manifest.yaml

[ ] inputs/ci_config.yaml
[ ] inputs/ci_gate_policy.yaml
[ ] inputs/design_manifest.yaml
[ ] inputs/stage_commands.yaml
[ ] inputs/public_data_policy.yaml

[ ] scripts/run_stage.csh
[ ] scripts/run_ci.csh
[ ] scripts/run_ci.sh

[ ] tools/safeic_ci.py

[ ] workspace/D01/
[ ] workspace/D11/
[ ] workspace/D12/
[ ] workspace/D13/
[ ] workspace/D14/
[ ] workspace/D15/
[ ] workspace/D16/
[ ] workspace/D18/

[ ] outputs/ci_summary.md
[ ] outputs/ci_status.csv
[ ] outputs/ci_gate_result.json
[ ] outputs/ci_stage_status.csv
[ ] outputs/ci_artifact_index.csv
[ ] outputs/ci_warnings.csv
[ ] outputs/ci_failure_reasons.csv
[ ] outputs/ci_run_manifest.yaml

[ ] ci_runs/ci_demo_latest/logs/
[ ] ci_runs/ci_demo_latest/artifacts/
[ ] ci_runs/ci_demo_latest/summaries/

一次成功的 D19 运行应该回答：

使用了哪个 CI profile？
哪些 stages 被运行？
哪些 stages pass、warn、fail、skip 或 blocked？
生成了哪些 artifacts？
哪些 required artifacts 缺失？
哪些 warnings 需要 review？
哪些 issues 会导致 gate fail？
哪些 issues 需要 manual review？
Dashboard 是否刷新？
Artifacts 是否归档？
该 run 是否可以作为后续 regression tracking 的 baseline？