Add peer review evidence recertification guard

[KoiosSG]

@algora-pbc /claim #15

Summary

Adds a distinct peer-review-evidence-recertification-guard/ slice for the Community & User Reputation System.

The guard evaluates whether structured peer reviews and inline comments still apply after reviewed documents, datasets, code, or notebooks change. It freezes stale review reputation deltas, blocks reputation updates when stale review or inline-comment evidence is present, validates reputation-delta evidence before profile credit is applied, marks inline comment anchors stale when artifact evidence changes even if a selector line did not move, holds missing or malformed review, artifact, and inline-comment timestamps for recertification, validates artifact timestamp evidence for both review and inline-comment recertification paths, freezes public/semi-private review credit when the reviewer identity is missing, converts malformed evidence entries and malformed non-array evidence collections into recertification holds, preserves anonymous/double-blind reviewer labels, emits deterministic JSON/Markdown/SVG/video audit artifacts, and tolerates sparse project snapshots that omit review, comment, or artifact collections.

Latest Hardening

• e6a9df4: malformed non-array reviews and inlineComments collections now create explicit recertification holds instead of being treated like omitted evidence.
• Added red regressions for object-shaped review/comment collections that previously produced no decision and allowed allow-reputation-update.
• The guard now emits malformed-review-list and malformed-inline-comment-list, creates peer-review/comment recertification tasks, freezes reputation updates, and blocks profile updates until the evidence shape is fixed.
• Added reports/malformed-collection-packet.json and refreshed the Markdown reviewer evidence so maintainers can inspect the path directly.

Prior Hardening Coverage

• Invalid review reputation deltas are frozen before any profile credit, leaderboard, or badge update can apply.
• Malformed review and inline-comment entries inside otherwise valid arrays create recertification holds instead of crashing or being silently ignored.
• Space-separated blind and fully anonymous mode names normalize before redaction, so labels like Double Blind and Fully Anonymous do not leak raw reviewer IDs.
• Inline comment anchors become stale when the underlying artifact digest changes, even if the selector line remains unchanged.
• Blind and anonymous review mode variants are redacted consistently in decisions, timelines, and audit output.
• Malformed or missing review submission and recertification timestamps require recertification instead of preserving reputation credit.
• Malformed or missing inline-comment timestamps require comment recertification with explicit audit reasons.
• Missing inline-comment anchor metadata and missing artifact anchor maps require recertification instead of crashing evaluation.
• Stale inline-comment evidence blocks reputation updates even when no stale review is present.
• Malformed or missing artifact change timestamps require review and inline-comment recertification before credit or comment evidence can remain current.
• Public or semi-private reviews without a reviewer identity freeze reputation credit with reviewer-identity-missing instead of applying credit to reviewer:undefined.
• Sparse project snapshots that omit review, comment, or artifact collections produce deterministic audit packets instead of runtime failures; missing artifact collections yield artifact-missing recertification evidence.

Non-overlap

This is scoped to stale peer-review and inline-comment evidence recertification before reputation updates. It does not duplicate reviewer workload equity, broad reputation ledgers, COI/recusal, civility, workload, accessibility, rubric validation, edit history, badge renewal, profile visibility, identity impersonation, citation venue integrity, or other issue #15 slices.

Validation

• Red regression failed before implementation with no malformed-review-list decision for an object-shaped review collection.
• npm test from peer-review-evidence-recertification-guard passed: 27 tests.
• npm run demo regenerated deterministic packet/report/SVG artifacts, including malformed-collection-packet.json.
• npm run video regenerated reports/demo.mp4.
• npm run check passed: test, demo, video.
• ffprobe verified peer-review-evidence-recertification-guard/reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 52,113 bytes.
• All 5 generated JSON packets parsed successfully.
• git diff --check and git diff --cached --check passed; only Windows line-ending normalization warnings appeared before staging.
• Focused restricted-string scan found no credential, payout, or token strings.
• GitHub PR head after push: e6a9df4.

Demo Artifacts

• peer-review-evidence-recertification-guard/reports/recertification-packet.json
• peer-review-evidence-recertification-guard/reports/empty-evidence-packet.json
• peer-review-evidence-recertification-guard/reports/invalid-reputation-delta-packet.json
• peer-review-evidence-recertification-guard/reports/malformed-evidence-packet.json
• peer-review-evidence-recertification-guard/reports/malformed-collection-packet.json
• peer-review-evidence-recertification-guard/reports/recertification-report.md
• peer-review-evidence-recertification-guard/reports/summary.svg
• peer-review-evidence-recertification-guard/reports/demo.mp4

Synthetic data only. No credentials, private user data, live profile systems, payment systems, or external APIs are used.

AI-assisted with OpenAI Codex; I reviewed and locally verified the diff before submitting.

[KoiosSG]

Hardening update pushed in 05d75c3: inline comment anchors now become stale when the underlying artifact digest changes, even if the selector line remains unchanged. I added a regression that failed before the fix with current == stale and now passes. Validation refreshed locally: npm run check, npm test (6 tests), node --check on index/demo/test, ffprobe on demo.mp4, git diff --check, and sensitive-term scan returned no matches.

[KoiosSG]

Follow-up hardening pass for the peer review evidence recertification guard.

What changed:

• Added a regression for blind-review modes arriving as case/separator variants, e.g. Double_Blind.
• Normalized review mode classification before redaction, so anonymous, blind, double-blind, and fully-anonymous variants still use anonymous labels instead of raw reviewer IDs.
• This keeps recertification tasks and timeline packets privacy-preserving even when upstream mode serialization changes slightly.

Validation:

• Confirmed the new regression failed before the implementation by leaking reviewer:orcid:... instead of the anonymous label.
• npm test -> 7 peer review evidence recertification tests passed.
• npm run check -> test, demo, and demo video generation passed.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s.
• git diff --check and git diff --cached --check passed, with only Git line-ending normalization warnings on Windows.
• Sensitive-term scan found only expected local hashing/test assertions, no payout or credential strings.

[KoiosSG]

Follow-up competitive hardening pass for the peer-review evidence recertification guard.

What changed:

• Added a regression for malformed review submission/recertification timestamps.
• Treat invalid review timing as invalid-review-timestamp, requiring recertification before review-derived reputation deltas can apply.
• Updated README and requirements map so the documented evidence-chain contract includes timestamp validity.

Why this matters:

• For this issue Community & User Reputation System #15 slice, artifact digest checks are only defensible if the review timing evidence is parseable. A malformed timestamp previously made the freshness comparison false and could leave a review marked current.
• This keeps PR Add peer review evidence recertification guard #421 stronger in the crowded issue Community & User Reputation System #15 field while staying focused on its distinct peer-review evidence recertification scope.

Validation:

• Confirmed the new regression failed before the implementation: malformed recertifiedAt was incorrectly current instead of recertification-required.
• npm test -> 8 peer review evidence recertification tests passed.
• npm run check -> test, demo, and video generation passed.
• npm run demo -> generated recertification packet/report/SVG with expected block-reputation-update recommendation.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 45,287 bytes.
• git diff --check and git diff --cached --check passed; the only messages were Git line-ending normalization warnings on Windows.
• Sensitive-term scan of the code/test/docs patch found no payout or credential strings.

[KoiosSG]

Follow-up competitive hardening pass for the peer-review evidence recertification guard.

What changed in 631d59f:

• Added a regression for malformed inline-comment timestamps.
• Inline comments with invalid timing evidence now require recertification instead of being treated as current just because the artifact digest and selector still match.
• Updated README, acceptance notes, and requirements map so the evidence-chain contract covers malformed comment timing as well as malformed review timing.

Validation:

• Confirmed the new regression failed before the implementation: the inline comment was incorrectly current instead of recertification-required.
• npm test -> 9 peer review evidence recertification tests passed.
• npm run check -> tests, demo generation, and demo video generation passed.
• node --check on index/demo/test passed.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 45,287 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows.
• Sensitive-term scan of the assistant returned no payout or credential strings.

[KoiosSG]

Hardening update pushed in b38ebcc (Handle missing comment anchor evidence).

I found and covered another recertification edge case: malformed inline-comment anchor evidence could previously throw during evaluation instead of producing a recertification task. The new coverage verifies both missing comment.anchor metadata and missing artifact.currentAnchors maps.

The new regressions failed before the implementation with:

• TypeError: Cannot read properties of undefined (reading 'selector')
• TypeError: Cannot read properties of undefined (reading 'src/analyze.py#L41')

Fresh validation after the commit:

• npm test -> 11 tests passed
• npm run demo
• npm run video
• npm run check
• node --check on index.js, demo.js, and test.js
• ffprobe confirmed reports/demo.mp4 is H.264, 1280x720, 30fps, 4.0s, 45,287 bytes
• git diff --check and git diff --cached --check
• Sensitive-term scan over the feature slice returned no matches

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in 79427c1:

• Added a regression for the comment-only stale-evidence path where no reviews are stale, but an inline comment anchor is stale after an artifact digest change.
• The packet summary now blocks reputation updates when either stale reviews or stale inline comments require recertification.
• README, requirements map, and acceptance notes now explicitly describe the inline-comment reputation hold.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow-reputation-update instead of block-reputation-update.
• npm test -> 12 peer review evidence recertification tests passed.
• npm run check -> test, demo, and video passed.
• npm run demo -> regenerated packet/report/SVG artifacts with Recommended action: block-reputation-update.
• npm run video -> regenerated demo.mp4.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 45,287 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in eb44545:

• Added a regression for malformed artifact changedAt evidence where a review could still be treated as current if the artifact digest matched.
• Artifact change timestamps are now validated before review credit is applied.
• Malformed artifact timestamps require review recertification with invalid-artifact-timestamp, freeze the effective reputation delta, and generate a peer-review recertification task.
• README, requirements map, and acceptance notes now explicitly cover malformed artifact timestamp evidence.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with current instead of recertification-required.
• npm test -> 13 peer review evidence recertification tests passed.
• npm run check -> test, demo, and video generation passed.
• npm run demo -> regenerated packet/report/SVG artifacts with block-reputation-update.
• npm run video -> regenerated reports/demo.mp4.
• node --check passed for index, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 45,287 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows before staging.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in 022b505:

• Added a regression for inline comments whose artifact changedAt evidence is malformed while the digest and selector still match.
• Inline-comment recertification now treats malformed artifact timestamps as invalid-artifact-timestamp and marks the anchor stale.
• This closes the remaining timing-evidence asymmetry: artifact timestamp validity now gates both review-derived reputation credit and inline-comment evidence.
• README, requirements map, and acceptance notes now explicitly cover malformed artifact timing for inline-comment recertification.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with current instead of recertification-required.
• npm test -> 14 peer review evidence recertification tests passed.
• npm run check -> test, demo, and video generation passed.
• npm run demo -> regenerated packet/report/SVG artifacts with block-reputation-update.
• npm run video -> regenerated reports/demo.mp4.
• node --check passed for index, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 45,287 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in 23a9b8d:

• Added a regression for space-separated blind-review mode labels such as Double Blind and Fully Anonymous.
• Review mode normalization now collapses spaces, underscores, and repeated separators before privacy classification.
• Recertification tasks, comment tasks, reputation actions, and timeline packets keep using anonymous labels instead of leaking raw reviewer IDs when upstream serializers use spaces.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with reviewer:orcid:0000-0002-space-private instead of anonymous-reviewer-space.
• npm test -> 15 peer review evidence recertification tests passed.
• npm run check -> test, demo, and video generation passed.
• node --check passed for index, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 4.0s.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows.
• Sensitive-term scan returned no payout or credential strings.

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in 6768265:

• Added regressions for missing/null timestamp evidence in the recertification chain: inline-comment submittedAt, review submittedAt, and artifact changedAt.
• Timestamp validation now rejects non-string or blank values before date parsing, so null is no longer accepted as Unix epoch timing evidence by JavaScript date coercion.
• Review/artifact comparison now skips artifact-updated-after-review comparisons when the review timestamp itself is invalid, keeping audit reasons precise.
• README, requirements map, and acceptance notes now explicitly cover missing as well as malformed timing evidence.

Validation refreshed locally:

• Confirmed the first new regression failed before implementation with current instead of recertification-required for a null inline-comment timestamp.
• npm test -> 18 peer review evidence recertification tests passed.
• npm run check -> test, demo, and video generation passed.
• npm run demo -> regenerated packet/report/SVG artifacts with block-reputation-update.
• npm run video -> regenerated reports/demo.mp4.
• node --check passed for index, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 45,287 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows before staging.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in f567181:

• Added a regression for public/non-blind reviews that are otherwise current but have no reviewer identity.
• Such reviews now require recertification with reviewer-identity-missing instead of applying reputation credit to reviewer:undefined.
• The demo packet/report/SVG now includes the missing-public-reviewer case, raising stale reviews to 3 and frozen reputation delta to 41.
• README, requirements map, and acceptance notes now document the reviewer-identity gate for non-blind reputation credit.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with current instead of recertification-required.
• npm test -> 19 peer review evidence recertification tests passed.
• npm run check -> test, demo generation, and demo video generation passed.
• npm run demo -> regenerated packet/report/SVG artifacts with block-reputation-update.
• npm run video -> regenerated reports/demo.mp4.
• node --check passed for index, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 45,287 bytes.
• git diff --check passed; only Windows line-ending normalization warnings appeared.
• Sensitive-term scan found no credential or payout strings; the only hits were protective test assertions.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in a400945:

• Added a regression for inline comments where the artifact changedAt timestamp postdates the comment while the digest and selector evidence still match.
• Inline-comment recertification now emits artifact-updated-after-comment and blocks reputation updates until the comment evidence is recertified.
• README, requirements map, acceptance notes, and deterministic reviewer artifacts were refreshed to document the artifact-timestamp gate.

Validation refreshed locally:

• Confirmed the new regression failed before implementation because artifact-updated-after-comment was missing from recertification reasons.
• npm test -> 20 peer review evidence recertification tests passed.
• npm run check -> test, demo generation, and demo video generation passed.
• node --check passed for index.js, test.js, and demo.js.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 45,287 bytes.
• git diff --check passed; only Windows line-ending normalization warnings appeared.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in e86f68d:

• Added regressions for sparse project payloads that omit reviews, inlineComments, or artifacts collections.
• Omitted review/comment collections now evaluate as empty evidence and still produce a deterministic timeline audit packet.
• Omitted artifact collections with existing reviews now produce artifact-missing recertification evidence, freeze the reputation delta, and generate a peer-review task instead of crashing.
• Demo/docs now include reports/empty-evidence-packet.json so reviewers can inspect the empty-evidence behavior directly.

Validation refreshed locally:

• Confirmed the new sparse-list regression failed before implementation on project.reviews.map.
• Confirmed the artifact-list regression failed before implementation on project.artifacts.find.
• npm test -> 22 peer review evidence recertification tests passed.
• npm run demo, npm run video, and npm run check passed.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 52,625 bytes.
• git diff --check and git diff --cached --check passed; only Windows line-ending normalization warnings appeared.
• Sensitive-term scan returned no credential or payout strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the peer review evidence recertification guard.

What changed in 476d8c6:

• Added a regression for malformed review reputation-delta evidence, e.g. a string reputationDelta value.
• Reviews with malformed deltas now require recertification with invalid-reputation-delta instead of applying current profile credit.
• Invalid deltas are normalized out of action and frozen-delta summary math until recertified, preventing non-numeric credit from reaching reputation, leaderboard, or badge updates.
• Added reports/invalid-reputation-delta-packet.json and refreshed Markdown/SVG/MP4 reviewer evidence.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with current instead of recertification-required.
• npm test -> 23 peer review evidence recertification tests passed.
• npm run demo -> regenerated recertification, empty-evidence, and invalid-reputation-delta packets.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> test, demo, and video generation passed.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 52,616 bytes.
• All 3 generated JSON packets parsed successfully.
• git diff --check and git diff --cached --check passed; only Windows line-ending normalization warnings appeared before staging.
• Focused sensitive scan returned no payout, credential, or token strings.

PR state after push: open at head 476d8c6; no checks are reported for this branch.

[KoiosSG]

Pushed an additional hardening commit: 737d836.

What changed:

• Malformed review and inline-comment entries inside otherwise valid evidence arrays now become explicit recertification holds instead of crashing or being silently ignored.
• Added regressions for malformed review/comment entries; the review case failed before implementation with TypeError: Cannot read properties of null (reading 'artifactId').
• Added reports/malformed-evidence-packet.json and updated the generated report/video/docs so the reviewer evidence covers the new guard path.

Fresh verification:

• npm run check passed: 25 tests, deterministic demo regeneration, and video generation.
• All 4 generated JSON packets parsed successfully.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 52,113 bytes.
• git diff --check / git diff --cached --check passed; sensitive-string scan found no credential, payout, or token strings.

[KoiosSG]

Follow-up hardening pushed in e6a9df4 for the peer-review evidence recertification guard.

What changed:

• Malformed non-array reviews and inlineComments collections now produce explicit recertification holds instead of being treated like omitted evidence.
• Added red regressions for object-shaped review/comment collections, plus malformed-review-list and malformed-inline-comment-list audit reasons.
• Refreshed reviewer evidence with reports/malformed-collection-packet.json and updated the PR body validation notes.

Validation refreshed locally:

• Confirmed the new regression failed before implementation because no malformed review-list decision was emitted.
• npm test -> 27 tests passed.
• npm run demo, npm run video, and npm run check passed.
• All 5 generated JSON packets parsed successfully.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 30 fps, 4.0s, 52,113 bytes.
• git diff --check and git diff --cached --check passed; focused restricted-string scan returned no matches.