chore(docs): auto-detected drift sweep#68
Draft
TimothyVang wants to merge 136 commits into
Draft
Conversation
TimothyVang
changed the title
…in.py, fix test cmd [W1.A.0]
…src/verdict/ [W1.A.0]
…vices/mcp references [W1.A.0]
… TLDR.md, DEVPOST_COMPLIANCE.md [W1.A.0]
TimothyVang
force-pushed
the
chore/auto-doc-sync
branch
from
5e1851b to
0506841
Compare
TimothyVang
changed the title
…PER_CASE [W1.A.0]
CLI choices are {jsonl,execution-logs,html}; doc said {json,csv,sigtools_triage}.
…d [W1.A.0] LedgerEventType gains case_conclusion (present in ledger.py since W1.B.11). microsandbox_version/rootfs_sha256/tool_version/kernel_version are required str fields in code; ARCHITECTURE.md §5 snippet incorrectly showed them as str | None = None.
- TL;DR item 2: (9 nodes) → (8 nodes); unverifiable_finalize_node is a helper called from replan_node, not a registered graph node — matches topology.py and ARCHITECTURE.md (fixed in prior run for CLAUDE.md etc.) - Week 2 critical-path output: same 9→8 fix; remove unverifiable_finalize from the named-node chain - W1 acceptance-gate table: drop --directory services/agent prefix from schema test command; correct form per CLAUDE.md §10.3 - Authorities table: services/mcp/src/tools/ and services/agent_mcp/ do not exist; tools live at src/verdict/tools/ (parallel fix to CONTRIBUTING.md stale-services sweep)
docs/DFIR_MEMORY.md (44 lines, memory model spec) exists in the repo but was missing from the docs/ index. Per docs/README.md editing rules: "Any new file under docs/ needs a row above." Added under Current authority.
….A.0] docs/spec/ contains 01-audit-v4.3.md through 04-spec-plan-v4.6.md (four numbered files). §6 claimed five (01..05). §12 already said 01..04 correctly.
….2 [W1.A.0] CLI code (src/verdict/cli/__main__.py) shows: - verdict status requires positional <case_id>; §10.2 showed it without any arg. - verdict approve takes <case_id> <finding_id> --approver <approver> (required); §10.2 showed only <finding_id>.
…ms [W1.A.0] VerdictStatus enum (src/verdict/schemas/verdict_status.py) has no VERIFIED member. README used it in two places: - Gateway diagram: VERIFIED → VETTED_* to cover all three vetting modes. - Air-gap demo beat: VERIFIED → VETTED_AIRGAP (the correct air-gap outcome).
…-check to CLI surface [W1.A.0] VERIFIED is not a canonical VerdictStatus member — replaced with honest VETTED_CLOUD framing per §3.6. CLI surface one-liner was missing three commands that exist in src/verdict/cli/__main__.py: run-tool, run-case, package-check.
…hema snippet [W1.A.0] src/verdict/schemas/case_conclusion.py has no case_id field; ARCHITECTURE.md §4 code block incorrectly showed it. Removed to match the actual schema.
…cations [W1.A.0] Neither THREAT_MODEL.md nor CLI.md exist as discrete files. Threat model content lives in ARCHITECTURE.md §9; CLI reference is in RELEASE.md. Updated Tim's deliverables panel to cite the correct locations.
…s → _forensic_corroboration [W1.A.0] CLAUDE.md §3.2 cited a validator name that does not exist in src/verdict/schemas/finding.py. The actual implementation consolidates all forensic-corroboration checks (execution-class two-class rule, per-artifact caveat triggers, EVTX_4624 logon-type caveat) into a single _forensic_corroboration model_validator. Also adds run-tool, run-case, and package-check to the CLAUDE.md §10.2 CLI surface — these commands exist in src/verdict/cli/__main__.py but were absent from the §10.2 reference table.
…ensic_corroboration snippet [W1.A.0] The §4 code snippet showed _execution_claims_need_two_classes and _amcache_caveat_required as two separate model_validators. The actual implementation in src/verdict/schemas/finding.py uses a single _forensic_corroboration validator that handles all three invariants: 1. Execution-class technique requires ≥2 distinct artifact classes 2. Each AVAILABLE_CAVEAT_TRIGGERS entry requires its CaveatID 3. EVTX_4624 logon-type 3/10 requires LOGON_TYPE_3_VS_10 Also adds AVAILABLE_CAVEAT_TRIGGERS mapping and evtx_4624_logon_types field to match the real Finding schema.
…erEntry snippet [W1.A.0] `src/verdict/schemas/ledger.py` declares `prev_entry_hash: str | None` (nullable for the first entry in a case, which has no predecessor). The code-block in §5 still showed the non-nullable `str` form introduced before 9e68e68.
…A.0] verdict approve <finding_id> → verdict approve <case_id> <finding_id> --approver <approver> matches src/verdict/cli/__main__.py approve_parser definition.
…le [W1.A.0] verdict approve <finding_id> → verdict approve <case_id> <finding_id> --approver <approver> matches src/verdict/cli/__main__.py approve_parser definition.
…PLIANCE Full CLI surface [W1.A.0]
…and mode_at_case_init type in ARCHITECTURE.md [W1.A.0]
… exist [W1.A.0] src/verdict/ledger/hmac_key.py is implemented and commit d35592e feat(ledger): HMAC key TPM-backed or gpg-encrypted [W1.G.6] is in history. Checkboxes were left unchecked in error.
…and commit 0ada48c exist [W1.A.0] src/verdict/runtime/evidence_recheck.py is implemented, both referenced tests exist in tests/runtime/test_evidence_recheck.py, and commit 0ada48c feat(runtime): periodic evidence re-hash check (10 super-steps) [W1.G.7] is in history. Checkboxes were left unchecked in error.
derive_seeds.py, strategy.py + universal_self_consistency.py, test_pretooluse_deny.py, and smoke marker all present on origin/main.
src/verdict/ledger/redaction.py + tests/ledger/test_redaction.py exist on main (W3.B.3). src/verdict/runtime/mode_lock.py + tests/runtime/test_mode_lock.py exist on main (W3.C.1). tests/graph/test_pivot_node.py, InvestigationPlan.pivot_budget=15 exist on main (W3.D.1). tests/schemas/test_plan.py::test_replan_budget_defaults_to_3, replan_budget=3 field exist (W3.D.2). tests/graph/test_unverifiable_finalize.py, idempotency-keyed implementation exist on main (W3.D.3). src/verdict/graph/checkpoint.py + tests/graph/test_checkpoint.py exist on main (W3.E.1).
…present [W1.A.0] docs/ARCHITECTURE_DIAGRAM.mmd and docs/ARCHITECTURE_DIAGRAM.svg exist on main (W6.C.7.a/b-partial). README.md and ARCHITECTURE.md both reference the SVG (W6.C.7.c done). Commit 998c274 delivered the diagram (W6.C.7.d done). W6.C.7.b stays open — PNG fallback not yet rendered.
…am status cell [W1.A.0] docs/ARCHITECTURE_DIAGRAM.mmd + .svg exist; README.md and ARCHITECTURE.md both reference the SVG; commit 998c274 delivered it. PNG fallback (W6.C.7.b) still pending. Status cell updated: README embed is present; only PNG fallback remains.
…1.A.0] No Cargo.toml or pnpm-lock.yaml exist in the repo yet. The install block already uses `test -f Cargo.toml &&` and `test -f pnpm-lock.yaml &&` guards; the sanity-check block lacked them, causing `cargo test` and `pnpm test` to fail on a clean clone.
…[W1.A.0] Branch naming example used hyphens (W1-B-1) but all actual branches and CLAUDE.md §3.7 use dots (W1.B.1).
…tree [W1.A.0] verdict_status.py (W1.B.13) and case_conclusion.py (W1.B.14) were omitted from the schemas/ section; comprehension_gate.py (W2.B.2) and wrappers/ (W2.C.1, W2.C.3) were omitted from the graph/ section. All four tasks are marked [x] complete and the files exist in src/verdict/.
…nce_count don't exist [W1.A.0]
…ric allow-list invocation [W1.A.0] registry.py registers vol3.info as an explicit ExternalToolSpec (with vol3.pslist and vol3.psscan). ARCHITECTURE.md §6 described windows.info as "invoked through the generic vol3 allow-list" and excluded it from the 10 typed plugin wrappers; code contradicts that claim. Update ARCHITECTURE.md §6 header from 23→24 wrappers and vol3 entry from 10→11 typed plugin wrappers. Update DEVPOST_COMPLIANCE.md Criterion 3 and BUILD_PLAN.md project summary to match.
…appers [W1.A.0] vol3.info is a typed ExternalToolSpec in registry.py, making the total typed wrapper count 24 (11 vol3 + 2+2+3+3+3 other). Update the Week 2 acceptance gate to reflect the correct target count.
…file tree [W1.A.0]
…le [W1.A.0] examiner_caveats.md and playbooks/*.yml now exist under src/verdict/; drop the "planned" prefix that made them sound like future work.
…gistry.py = 11 [W1.A.0]
… plugins and 24 wrappers [W1.A.0] ARCHITECTURE.md and DEVPOST_COMPLIANCE.md both show 11 vol3 plugins (windows.info reinstated in registry.py) and 24 wrappers. The resolution log entries for H1 and H2 incorrectly described the closed state as 10 plugins / 23 wrappers.
…W1.A.0] The _cmd_doctor implementation checks mode, sandbox, HMAC key, SGLang, and forensic tools. It does not check Langfuse connectivity.
scripts/sift-vm-bootstrap.sh is not present in the repo; W1.A.2.a described it as "project's existing" which was incorrect per git ls-files.
…Vang/Verdict [W1.A.0] README.md and CONTRIBUTING.md already establish the repo as github.com/TimothyVang/Verdict; the DEVPOST_COMPLIANCE.md Public-repository-URL row still had the stale <org> placeholder.
…/ file tree [W1.A.0]
…te [W1.A.0] The Week 2 acceptance gate referenced git blame on tool_executor.py, but src/verdict/graph/wrappers/tool_executor.py does not exist in the repo; the wrappers/ directory contains only deny_rule.py and ledger_emitter.py (both verified against git ls-files). The file tree in BUILD_PLAN.md §file-layout already omits tool_executor.py. The acceptance gate now references the two files that actually exist.
W5.E.4.a test description used the old `verdict approve <finding_id>` synopsis. The CLI is already implemented as `verdict approve <case_id> <finding_id> --approver <approver>` (src/verdict/cli/__main__.py). Updated the task description to match the real command signature.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sweep timestamp: 2026-05-25T11:30:00Z
Drift items fixed (this branch, all runs)
docs/BUILD_PLAN.mdtool_executor.pywhich does not exist; gate updated to the two wrappers that exist (deny_rule.py,ledger_emitter.py).docs/BUILD_PLAN.mdevidence_recheck.pyandmode_lock.pytoruntime/in the file tree; both exist atsrc/verdict/runtime/.docs/DEVPOST_COMPLIANCE.md<org>placeholder with actual repo URLTimothyVang/Verdict.docs/BUILD_PLAN.mdsift-vm-bootstrap.shreference; file does not exist (scripts/bootstrap-dev.shis the correct path).docs/MCP_FRAMEWORK.mdverdict doctorcheck list;_cmd_doctorin CLI does not check Langfuse.docs/DOCS_ACCURACY_REPORT.mddocs/BUILD_PLAN.mdvol3.infoinregistry.py= 11.docs/AGENT_SWARM.mddocs/BUILD_PLAN.mddocs/BUILD_PLAN.mdexternal.py,parsers.py,registry.pytotools/file tree; all exist atsrc/verdict/tools/.docs/BUILD_PLAN.mdmemory/,proof/, and missingtests/subdirs to file tree; all exist.docs/BUILD_PLAN.mddocs/ARCHITECTURE.mdvol3.infodescription — it is a typedExternalToolSpecinregistry.py, not a generic allow-list invocation.docs/ARCHITECTURE.mdsigningandinstance_countfields do not exist inHuntEvilBaseline.docs/DFIR_MEMORY.mdevidence_refsfield name (singular→plural) to matchMemoryEntry.evidence_refs.CLAUDE.mddocs/BUILD_PLAN.mdCONTRIBUTING.mdfeat/W1.B.1-...notfeat/W1-B-1-...).docs/DEVPOST_COMPLIANCE.mdREADME.mdhas no SVG reference yet (pending task).docs/BUILD_PLAN.mdcredentials.pytocli/file tree; file exists atsrc/verdict/cli/credentials.pysince W1.A.1.docs/BUILD_PLAN.mdverdict approve <finding_id>; corrected toverdict approve <case_id> <finding_id> --approver <approver>to match the implemented CLI.docs/BUILD_PLAN.mdsanitization.pyfile tree annotation had wrong task ID(W2.E.4)(Hayabusa flag-matrix validator); corrected to(W2.E.5)(sanitization scanner).Items skipped (capped at 20 per run)
Remaining items checked and confirmed no-drift or forward-looking:
pyproject.tomlwhile docs cite it — W2.B.5 pending merge (forward-looking)tests/smoke/test_amendment_a2_guard.pyin BUILD_PLAN tree but not yet created — forward-looking planned testverification/cloud_self_consistency.py,airgap_cross_engine.py,dual_lane_cross_engine.pyin tree but not yet created — W1.C.2 / W3.A.1 / W3.A.2 forward-lookinginspect_ai/scorers/andinspect_ai/ground_truth/not yet created — W4 forward-looking[ ]— implementation is on main (via W6.A.2 commit) but formal W2.E.5 commit tag absent; left for human judgmentGenerated by routine verdict-doc-drift. Manage at https://claude.ai/code/routines