Skip to content

Adversarial harness gates (two-tier verify)#73

Merged
SafetyMP merged 1 commit into
mainfrom
cursor/adversarial-harness-gates
Jul 13, 2026
Merged

Adversarial harness gates (two-tier verify)#73
SafetyMP merged 1 commit into
mainfrom
cursor/adversarial-harness-gates

Conversation

@SafetyMP

@SafetyMP SafetyMP commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

  • Two-tier harness: hermetic verify.sh (stop hook) + declared integration_cmd (CI/manual).
  • Stub canary script to block placeholder verify and fake policy stubs.

Test plan

  • ./scripts/verify.sh
  • harness check --contract

Summary

Governance

  • riskTier: T0

  • delegatedTaskPlan: N/A

  • Completed lanes (session): N/A (session state not recorded)

  • Suggested tier (CI): T0

  • Runtime: cursor-3-native

  • Regulated graph: no

  • Latest reflect report: specs/governance/learning/reports/2026-06-01-reflect.json

  • Runtime audit: grade F — critical: pretooluse_never_fired, subagent_hooks_inert — enforcement active=balanced recommended=balanced score=15 (npm run governance:audit:write)

Harness delta (Adaptation plane)

  • New friction / ledger signal? Y/N → signal_id: ___

PO orchestration checkpoint (required when riskTier ≥ T1; T0 use step 1 chore N/A)

Feature brief / spike ADR / Plan Mode: 
UAC count: 
PO gate complete: Y/N
Friction targets cited: Y/N/N/A
Phase ADR: specs/alignment/decisions/0001-phase1-scope.md
Payroll / Compliance / Math: N/A or brief path

Lifecycle (S&OP / value delivery)

  • Demand (S&OP): feature brief or Plan Mode path above
  • Supply (IBP): lane completion from handoff / session state
  • Delivery: UAC checklist + CI evidence → specs/templates/value-delivery-record.md

Evidence bundle (required when riskTier ≥ T3)

  • Bundle: npm run governance:evidence:collect -- --handoff specs/.../orchestrator-handoff.json --principal "Name"
  • Lane sign-offs: specs/governance/evidence/lane-signoffs/

Golden thread stub (required when riskTier ≥ T1)

Risk or requirement Control Artifact path Verifier Legal (or N/A) Compliance / kernel (or N/A) QA / UAC # (or N/A)

Agent lane sign-off (parallel — ADR 0011)

Complete lanes from delegatedTaskPlan; paste evidence links per lane:

  • scout — exploration notes or N/A
  • architectspecs/.../architecture-spec.md or N/A
  • builder — implementation complete
  • sentinelsecurity-review.md; no merge blockers
  • verifierqa-plan.md + CI evidence
  • counsellegal-checklist.md (T3+ regulated paths)
  • custodian — migration runbook (T2+ DDL)
  • release_ops — CI/deploy evidence (T2+ ops paths)
  • ai_governance_reviewer — MCP/Cedar review (T3+ copilot)

Declare integration_cmd in profile.yaml, add check-stub-canary.sh,
and wire hermetic verify where applicable (stop hook unchanged).
Copilot AI review requested due to automatic review settings July 13, 2026 01:19
@vercel

vercel Bot commented Jul 13, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
hr-erp Ready Ready Preview, Comment Jul 13, 2026 1:20am

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@SafetyMP
SafetyMP merged commit 3f20aa2 into main Jul 13, 2026
11 checks passed
@SafetyMP
SafetyMP deleted the cursor/adversarial-harness-gates branch July 13, 2026 01:30
SafetyMP pushed a commit that referenced this pull request Jul 13, 2026
Keep tier-3 adversarial fields and threat-model requires; retain
integration_cmd and hermetic_stop_only disclosure from merged base.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants