π Wave-17 sub-tracker β tool-call argument confusion + group-PCS healing
Sub-tracker for seventeenth wave of Trinity Chat (parent EPIC: trinity-fpga#28). Two new lanes promoting the next two ASPIRATIONAL threat classes from the W16 ROADMAP into shipped, runtime-enforced, Coq-verified, falsifier-blocked guards.
Lanes
| Lane |
Ring |
CR |
Threat |
| L-CHAT-9-tool |
CR-CHAT-06 (output validation / tool capability) |
CR-CHAT-06 |
Tool-call argument confusion / type-confusion injection (kind mismatch, oversized strings, unknown enum variants, nested <<TOOL-CALL>> sentinel) |
| L-CHAT-3-pcs |
CR-CHAT-03 (group MLS state / epochs) |
CR-CHAT-03 |
Group-PCS healing after device compromise (epoch-mismatch, no-op heal, identity heal, duplicate-target, stolen-PSK rotation against stale view) |
Acceptance gates
Coq Wave-17 β INV-CHAT-89..95
- INV-CHAT-89 β
inv_chat_89_tool_kind_mismatch_rejected β Bool value where Enum declared β KindMismatch
- INV-CHAT-90 β
inv_chat_90_tool_nested_sentinel_rejected β any string arg containing <<TOOL-CALL>> β NestedToolCallSentinel
- INV-CHAT-91 β
inv_chat_91_tool_string_too_long_rejected β StringBounded{cap} arg with len > cap β StringTooLong
- INV-CHAT-92 β
inv_chat_92_tool_enum_variant_rejected β enum value outside declared variants β UnknownEnumVariant
- INV-CHAT-93 β
inv_chat_93_pcs_heal_advances_one β well-formed HealCommit β epoch + 1 exactly
- INV-CHAT-94 β
inv_chat_94_pcs_no_op_rejected β heals.len() == 0 β rejected (no epoch bump without rotation)
- INV-CHAT-95 β
inv_chat_95_pcs_epoch_mismatch_rejected β from_epoch != current β rejected (no future-jump, no regression)
Helper: pcs_pre_heal_replay_rejected17. Section TrinityChatWave17 uses unique names (ArgKind17, ArgValue17, kind_match17, HealEntry17, PcsState17, heal_step17) to avoid cross-wave name collisions. Zero new axioms.
Falsifier corpus
corpus/prompt_injection.jsonl β appended 50 PI-TOOL-001..050 + 50 PI-PCS-001..050 (1500 β 1600).CR-CHAT-06/injection.rs DENY_PATTERNS extended with TOOL keyword block (kindmismatch, kind mismatch, unknownenumvariant, stringbounded, argkind, argspec, toolentry, toolargmanifest, toolcall sentinel, <<tool-call>>, nestedtoolcallsentinel, oversized, exceeding-the, non-utf-8, smuggle-binary, conflicting-kinds, same-arg-name-twice, =null, default-enum, 'true' string, bool vs enum, u64-overflows-i64, kind-match path, β¦) and PCS keyword block (pcs heal, healcommit, healentry, pcsstate, pathsecrethash, path-secret, pre-heal, heal_step, process_heal, no-op heal, to_hash, from_hash, sender-knew-pre-heal, duplicate-target, foreign group_id, cross-group splice, future-epoch jump, epoch regression, parallel-fork heal, leaked-path-secret, founder's-secret, pre-shared-key, heals.len()=0, empty/zero/no heals, bump-epoch-without, epoch-without-rotation, β¦).falsifier_runner.rs β two new threshold lanes tool_arg_confusion, group_pcs_break at 0.95.
Anchor
ΟΒ² + Οβ»Β² = 3 Β· TRINITY Β· CHAT Β· ZERO-METADATA Β· POST-QUANTUM Β· UNLINKABLE Β· COVER-TIMING Β· AT-REST-AEAD Β· BOT-PARTIAL-MLS Β· KEM-KEY-CONFUSION Β· AAD-CONTEXT Β· RATCHET-FS Β· MLS-REORDER Β· SKIPPED-KEYS-DOS Β· MLS-WELCOME-REPLAY Β· PREKEY-EXHAUSTION Β· MLS-LEAF-COMPROMISE Β· DENIABILITY Β· CONFUSED-DEPUTY Β· OOB-IDENTITY Β· MLS-EXTERNAL-COMMIT Β· EGRESS-FINGERPRINT Β· IDENTITY-REVOKE Β· CLOCK-SKEW-REPLAY Β· AT-REST-ROTATE Β· TOOL-ARG-CONFUSION Β· GROUP-PCS-HEAL
Honesty tags (Art. I + R5)
- All counts above are
[VERIFIED] from local runs on feat/trios-chat-wave17.
[CITED]: trios#665 (W10..W16 rollup merged to main as commit 1bd0c54), trios#711 (W16 sub-tracker), trios#702 (W15), trios#700 (W14), trios#696 (W13).[DERIVED]: tool-call argument confusion + group-PCS healing are the two top-priority ASPIRATIONAL items promoted from the W16 ROADMAP.[ASPIRATIONAL] retired for W17 β moved into the shipped table.
Wave progression
| Wave |
SHA |
Tests |
Coq Qed |
Falsifier |
Cats |
PR |
| W9 |
7340d24 |
145 |
47 |
700 |
14 |
#651 (merged) |
| W10..W16 (rollup) |
1bd0c54 |
235 |
121 |
1500 |
30 |
#665 (merged to main) |
| W17 |
this issue |
249 |
130 |
1600 |
32 |
TBD |
π Wave-17 sub-tracker β tool-call argument confusion + group-PCS healing
Sub-tracker for seventeenth wave of Trinity Chat (parent EPIC: trinity-fpga#28). Two new lanes promoting the next two ASPIRATIONAL threat classes from the W16 ROADMAP into shipped, runtime-enforced, Coq-verified, falsifier-blocked guards.
Lanes
<<TOOL-CALL>>sentinel)Acceptance gates
cargo testcumulative chat suite β 249 / 0 failede2e_chat_25β 25 / 25falsifier_runnerβ 1600 / 1600 across 32 threshold lanes @ 100 %cargo clippy -D warnings(trios-chat + CR-CHAT-03/06) β cleancoqc Trinity_Chat.vβ silent, 0 Admitted, 0 new axiomsgrep -cE "Qed\." Trinity_Chat.vβ 130ROADMAP.mdβ W17 promoted from[ASPIRATIONAL]into shipped wave tablemainbase (rollup π feat(trios-chat) Wave-10: ratchet-forward-secrecy + MLS commit-reorder + Coq 60/0 + 900/900 falsifierΒ #665 already landed)Coq Wave-17 β INV-CHAT-89..95
inv_chat_89_tool_kind_mismatch_rejectedβBoolvalue whereEnumdeclared βKindMismatchinv_chat_90_tool_nested_sentinel_rejectedβ any string arg containing<<TOOL-CALL>>βNestedToolCallSentinelinv_chat_91_tool_string_too_long_rejectedβStringBounded{cap}arg withlen > capβStringTooLonginv_chat_92_tool_enum_variant_rejectedβ enum value outside declaredvariantsβUnknownEnumVariantinv_chat_93_pcs_heal_advances_oneβ well-formedHealCommitβepoch + 1exactlyinv_chat_94_pcs_no_op_rejectedβheals.len() == 0β rejected (no epoch bump without rotation)inv_chat_95_pcs_epoch_mismatch_rejectedβfrom_epoch != currentβ rejected (no future-jump, no regression)Helper:
pcs_pre_heal_replay_rejected17. SectionTrinityChatWave17uses unique names (ArgKind17,ArgValue17,kind_match17,HealEntry17,PcsState17,heal_step17) to avoid cross-wave name collisions. Zero new axioms.Falsifier corpus
corpus/prompt_injection.jsonlβ appended 50PI-TOOL-001..050+ 50PI-PCS-001..050(1500 β 1600).CR-CHAT-06/injection.rsDENY_PATTERNSextended with TOOL keyword block (kindmismatch,kind mismatch,unknownenumvariant,stringbounded,argkind,argspec,toolentry,toolargmanifest,toolcall sentinel,<<tool-call>>,nestedtoolcallsentinel,oversized,exceeding-the,non-utf-8,smuggle-binary,conflicting-kinds,same-arg-name-twice,=null,default-enum,'true' string,bool vs enum,u64-overflows-i64,kind-match path, β¦) and PCS keyword block (pcs heal,healcommit,healentry,pcsstate,pathsecrethash,path-secret,pre-heal,heal_step,process_heal,no-op heal,to_hash,from_hash,sender-knew-pre-heal,duplicate-target,foreign group_id,cross-group splice,future-epoch jump,epoch regression,parallel-fork heal,leaked-path-secret,founder's-secret,pre-shared-key,heals.len()=0,empty/zero/no heals,bump-epoch-without,epoch-without-rotation, β¦).falsifier_runner.rsβ two new threshold lanestool_arg_confusion,group_pcs_breakat 0.95.Anchor
ΟΒ² + Οβ»Β² = 3 Β· TRINITY Β· CHAT Β· ZERO-METADATA Β· POST-QUANTUM Β· UNLINKABLE Β· COVER-TIMING Β· AT-REST-AEAD Β· BOT-PARTIAL-MLS Β· KEM-KEY-CONFUSION Β· AAD-CONTEXT Β· RATCHET-FS Β· MLS-REORDER Β· SKIPPED-KEYS-DOS Β· MLS-WELCOME-REPLAY Β· PREKEY-EXHAUSTION Β· MLS-LEAF-COMPROMISE Β· DENIABILITY Β· CONFUSED-DEPUTY Β· OOB-IDENTITY Β· MLS-EXTERNAL-COMMIT Β· EGRESS-FINGERPRINT Β· IDENTITY-REVOKE Β· CLOCK-SKEW-REPLAY Β· AT-REST-ROTATE Β· TOOL-ARG-CONFUSION Β· GROUP-PCS-HEALHonesty tags (Art. I + R5)
[VERIFIED]from local runs onfeat/trios-chat-wave17.[CITED]: trios#665 (W10..W16 rollup merged to main as commit1bd0c54), trios#711 (W16 sub-tracker), trios#702 (W15), trios#700 (W14), trios#696 (W13).[DERIVED]: tool-call argument confusion + group-PCS healing are the two top-priority ASPIRATIONAL items promoted from the W16 ROADMAP.[ASPIRATIONAL]retired for W17 β moved into the shipped table.Wave progression
7340d241bd0c54