fix: HIGH-tier batch 1 — dead scope gate, set-hash + agent-ordering determinism, always-on parity gate#5
Closed
New1Direction wants to merge 5 commits into
Closed
Conversation
objective_tracker iterated worker_response.artifacts (a List[dict]) as if it were a dict and guarded on isinstance(..., dict) (always False), so the entire SCOPE_MUTATION branch was dead — a worker could rewrite an immutable scope key (e.g. change the target domain or mode) with no violation. Now scans each artifact dict in the list for a mutated scope key and HALTs. + regression tests.
json.dumps(payload, sort_keys=True, default=str) only orders dict KEYS; a set value fell to str(set), whose order is PYTHONHASHSEED-dependent — so the content-addressed event_hash/payload_hash/reproducibility_hash/state_signature differed across processes for any set-bearing payload, breaking replay and verify_partition_chain after a restart. - core.py: add _canonical() — recursively converts set/frozenset to a deterministically-sorted list. Applied at all hash sites (event_hash, payload_hash, epoch coord hash) and in semantic_fabric (reproducibility_hash, state_signature). No-op for set-free payloads, so existing hashes are unchanged. - test: real DomainEvent with a set payload now hashes identically across PYTHONHASHSEED=0..3 (was 4 distinct hashes).
… stable pi_threat_model_generator and pi_zk_circom_underconstrained_sentry deduped with list(set(...)) / set(...), whose iteration order depends on PYTHONHASHSEED — so identical input produced different output byte order across processes, breaking byte-identical replay. Switched to list(dict.fromkeys(...)) (insertion order). Test: STRIDE_categories order is now identical across PYTHONHASHSEED=0..2.
…arity) - ci.yml: pin PYTHONHASHSEED=0 (workflow-level) so set/dict iteration order is reproducible across runs — the byte-identical-output/replay guarantee assumes it, and it makes determinism regressions deterministically catchable. - rust-core.yml: remove the paths: filter so the Rust<->Python byte-equivalence parity gate runs on every push/PR to main/develop. Previously a determinism-affecting change outside rust/** + 3 src dirs could merge green because the only parity gate never triggered.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Owner
Author
|
Consolidated. All commits from this PR are now in |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
First batch of HIGH-severity audit fixes (TDD, verified). Stacked on #4; base is
fix/ledger-tenant-scoping.Fixed in this PR
SCOPE_MUTATIONgate (governance) — the gate iteratedWorkerResponse.artifacts(aList[dict]) as if it were a dict and guarded onisinstance(..., dict)(always False), so a worker could rewrite an immutable scope key (e.g. change the target domain) with no violation. Now scans each artifact and HALTs.json.dumps(..., default=str)turned asetintostr(set), whose order isPYTHONHASHSEED-dependent, soevent_hash/payload_hash/reproducibility_hash/state_signaturediffered across processes. Added_canonical()(sets → sorted lists) at all hash sites. No-op for set-free payloads.list(set(...))in live agents (determinism) —pi_threat_model_generator+pi_zk_circom_underconstrained_sentrynow use order-preserving dedup, so output byte order is hash-seed independent.PYTHONHASHSEED=0; remove thepaths:filter so the Rust↔Python parity gate runs on every PR (it was path-filtered, so a determinism break outside a few dirs could merge green).Verification
Correction to the audit (honesty)
The audit listed a 5th high — the
pi-semantic-governance.yml"dependency-confusion / dead merge gate." On inspection that file is untracked on every branch (never committed), so GitHub Actions never ran it: it's a latent risk if someone commits it, not a live CI vector as the finding implied. I left the untracked file in place (didn't create it; reality contradicts the finding) — recommend deleting it or never committing it.Still open from the HIGH tier (next batch)
cpu_ms+TIMEOUTstatus (determinism)time.time()microseconds (determinism)BashCommandHookcommand injection (shell=True+ unsanitized interpolation)i64overflow panic → usei128/guard (Rust parity)🤖 Generated with Claude Code