Skip to content

v1.0.1 — audit remediation

Choose a tag to compare

@RNT56 RNT56 released this 21 Jun 00:14
624a99d

A post-1.0.0 patch from a full adversarial audit of the merged P11 (verifier-backed artifact factory) + P12 (verified swarm) surface (28.6k lines: 8-reviewer review → independent verify → synthesis).

The audit confirmed the architecture and all seven invariants (I1–I7) are sound, and fixed 20 real defects:

  • 🔴 Blocker — code-pack flag injection: a worker Evidence.Value of -run=^$ ran go test -run=^$, selected zero tests, exited 0, and laundered a green verdict past the verifier (I2 erosion). Fixed with a leading-dash reject + a -- positional separator. 1.0.0 shipped with this (the audit ran post-release).
  • 🟠 8 major — finance keyed checks could never pass (single-quoted $VAR), swarm false-RED on repeat runs, pool cap-sharing on inherited tiers, a dead --egress-allow flag, the absent TipSHA fold seam, and 3 masking tests rewritten to discriminate.
  • 🟡 8 minor + 3 polish — termination rails, board redaction, dead-trace removal, non-recording budget probe, and more.

Every defect except the blocker failed safe (false-RED or inert). make verify + go test -race green; go.mod/go.sum unchanged; default binary still 2 core deps, CGO_ENABLED=0.

Full per-defect detail: #53. Release: #54.