Child of #460. A 3-lens adversarial review of the DYADT reference verifier (scripts/verify-claims.sh) confirmed 16 holes; 15 were fixed in the Wave-4 hardening (#458). This tracks the residual + minor items.
Residual (real, must fix)
Always-matching contains: regex vacuously confirms. The hardening rejects an empty contains: pattern, but not a trivially-always-matching one. expect="contains:.*" (also ^, $, ., .+) passes grep -Eq against any non-empty file → confirmed for content the agent never added.
- Fix: require a
contains: pattern to contain at least one literal (non-metacharacter) character — reject if, after stripping regex metachars/quantifiers, nothing remains. Add a conformance vector (always-match.a2ml → unverifiable).
- Note:
stdout-contains: uses fixed-string grep -F, so .* there is a literal search and is NOT vacuous; only the regex contains: is affected.
Minor (spec clarity / coverage)
- Regex dialect unspecified (
contains:<regex>): the reference uses POSIX ERE (grep -E); two conforming verifiers could disagree. Pin the dialect in CLAIM-FORMAT.adoc.
- Over-broad licence guard (LOW, accepted): any claim whose fields contain
licence/license/SPDX → unverifiable manual-only. This is fail-safe (a benign claim flagged manual-only is harmless per the Manual-Only policy), but could be narrowed to claim_class/an explicit flag later.
- Conformance coverage: several normative MUSTs still lack a vector. Add vectors so the production verifier is fully constrained.
Acceptance: the always-match hole is closed with a regression assertion + conformance vector; the spec pins the regex dialect.
Child of #460. A 3-lens adversarial review of the DYADT reference verifier (
scripts/verify-claims.sh) confirmed 16 holes; 15 were fixed in the Wave-4 hardening (#458). This tracks the residual + minor items.Residual (real, must fix)
Always-matching
contains:regex vacuously confirms. The hardening rejects an emptycontains:pattern, but not a trivially-always-matching one.expect="contains:.*"(also^,$,.,.+) passesgrep -Eqagainst any non-empty file →confirmedfor content the agent never added.contains:pattern to contain at least one literal (non-metacharacter) character — reject if, after stripping regex metachars/quantifiers, nothing remains. Add a conformance vector (always-match.a2ml→unverifiable).stdout-contains:uses fixed-stringgrep -F, so.*there is a literal search and is NOT vacuous; only the regexcontains:is affected.Minor (spec clarity / coverage)
contains:<regex>): the reference uses POSIX ERE (grep -E); two conforming verifiers could disagree. Pin the dialect inCLAIM-FORMAT.adoc.licence/license/SPDX→unverifiable manual-only. This is fail-safe (a benign claim flagged manual-only is harmless per the Manual-Only policy), but could be narrowed toclaim_class/an explicit flag later.Acceptance: the always-match hole is closed with a regression assertion + conformance vector; the spec pins the regex dialect.