Skip to content

feat(ship-two-001): FALSIFY-SHIP-010 PARTIAL discharge — MODEL-1 HF URL + SHA-256 (6/10)#1022

Merged
noahgift merged 2 commits into
mainfrom
feat/falsify-ship-010-partial-discharge
Apr 23, 2026
Merged

feat(ship-two-001): FALSIFY-SHIP-010 PARTIAL discharge — MODEL-1 HF URL + SHA-256 (6/10)#1022
noahgift merged 2 commits into
mainfrom
feat/falsify-ship-010-partial-discharge

Conversation

@noahgift
Copy link
Copy Markdown
Contributor

@noahgift noahgift commented Apr 23, 2026

Summary

  • FALSIFY-SHIP-010 PARTIAL_ALGORITHM_LEVEL discharge — 6th compute-free MODEL-1 lever binds AC-SHIP1-010 ("Published artifact URL resolves; SHA-256 matches manifest") to two pure verdict fns in crates/aprender-core/src/format/ship_010.rs.
  • Two constants, two pure verdicts, two 7-section mutation surveys:
    • AC_SHIP1_010_SHA256_HEX_LEN = 64 (sha256sum canonical output) → verdict_from_sha256_match(expected, actual) with identical / single-hex-flip / wrong-length / uppercase / non-hex / all-zero / provenance-pin sections.
    • AC_SHIP1_010_REQUIRED_URL_SCHEME = "https://" (TLS floor per §4.2) → verdict_from_manifest_url(url) with HF-canonical / S3-canonical / plaintext-http / scheme-less / empty-host / whitespace-control / provenance-pin sections.
  • Contract publish-manifest-v1.yaml v1.3.0 → v1.4.0 adds FALSIFY-SHIP-010 block with discharge_status: PARTIAL_ALGORITHM_LEVEL, ship_blocking: true, parent_acceptance_criteria: AC-SHIP1-010. Contract stays ACTIVE.
  • Spec docs/specifications/aprender-train/ship-two-models-spec.md v2.27.0 → v2.28.0. AC-SHIP1-010 row tagged PARTIAL_ALGORITHM_LEVEL v2.28.0.

Coverage math: MODEL-1 6/10 touched (1 DISCHARGED + 5 PARTIAL on SHIP-002 / SHIP-005 / SHIP-006 / SHIP-007 / SHIP-008 — now SHIP-010 makes 6). Combined both-models: 12 PARTIAL + 3 DISCHARGED.

Why self-contained, not stacked on #1019: SHIP-010 lives in format/ship_010.rs and contracts/publish-manifest-v1.yaml; SHIP-007 (#1019) lives in metrics/ship_007.rs and qwen2-e2e-verification-v1.yaml. Zero file overlap; branched from fresh main.

Full discharge blocks on: live curl -sSI <artifact_url> 200-OK + sha256sum <local_file> == manifest SHA-256, against paiml/qwen2.5-coder-7b-apache-q4k-v1 on a host with HF network egress.

Evidence

  • cargo build -p aprender-core --lib → green (14.83s)
  • cargo test -p aprender-core --lib format::ship_0103 passed; 0 failed; 0 ignored; 0 measured; 13079 filtered out
  • pv validate contracts/publish-manifest-v1.yaml0 error(s), 0 warning(s). Contract is valid.
  • cargo fmt -p aprender-core -- --check → clean

Test plan

  • cargo build -p aprender-core --lib
  • cargo test -p aprender-core --lib format::ship_010
  • pv validate contracts/publish-manifest-v1.yaml
  • cargo fmt -p aprender-core -- --check
  • CI ci / gate + workspace-test green
  • Admin merge once green

🤖 Generated with Claude Code

@noahgift
feat(ship-two-001): FALSIFY-SHIP-010 PARTIAL discharge — MODEL-1 HF U…
0394471 
…RL + SHA-256 verdict rules (6/10)

Wires MODEL-1 AC-SHIP1-010 ("published artifact URL resolves; SHA-256
matches manifest") to pure algorithm-level decision rules in
`crates/aprender-core/src/format/ship_010.rs` via two verdict fns and
a 7-section mutation survey per side.

Two constants bind the ship rules:

- `AC_SHIP1_010_SHA256_HEX_LEN = 64` — sha256 = 32 bytes = 64 lowercase
  hex chars, per canonical `sha256sum` output. Any digest whose length
  differs, whose case differs, or whose bytes are not `[0-9a-f]` is
  rejected before any equality comparison.

- `AC_SHIP1_010_REQUIRED_URL_SCHEME = "https://"` — TLS floor codified
  as a byte-literal per §4.2 (plaintext `http://` is MITM-spoofable
  and is a ship-blocker, not a warning).

Two pure verdict fns in `format/ship_010.rs`:

- `verdict_from_sha256_match(expected_hex, actual_hex) -> Ship010Verdict`
  — length gate + canonical-lowercase-hex gate + byte-equal compare.
  Short-circuits to `Fail` before any string comparison when either
  input is malformed.

- `verdict_from_manifest_url(url) -> Ship010Verdict` — starts-with
  `https://` + non-empty host + ASCII-whitespace/control byte rejection.
  Accepts `huggingface.co/...` and `...amazonaws.com/...` canonical
  forms; rejects plaintext, scheme-less, empty-host, and
  whitespace/control-poisoned URLs.

7-section mutation survey per fn (proves each precondition is
load-bearing):

- SHA-256: identical-hex Pass / single-hex-flip Fail / wrong-length
  Fail / uppercase-hex rejected / non-hex (`g`..`z`) rejected / all-zero
  guard / provenance pin on constant `AC_SHIP1_010_SHA256_HEX_LEN`.

- URL: HF canonical Pass / S3 canonical Pass / plaintext `http://`
  Fail / scheme-less Fail / empty-host (`https://`) Fail /
  whitespace-control `\n \t \r` rejected / provenance pin on constant
  `AC_SHIP1_010_REQUIRED_URL_SCHEME`.

Contract `publish-manifest-v1.yaml` v1.3.0 → v1.4.0 adds a new
`FALSIFY-SHIP-010` block under `falsification_tests:` binding the
parent AC (`parent_acceptance_criteria: AC-SHIP1-010`), listing the
two constants under `binds_constants:`, and pointing
`evidence_discharged_by:` at the three Rust test fns. Status stays
ACTIVE; discharge level is `PARTIAL_ALGORITHM_LEVEL` — full discharge
blocks on a live `curl -sSI <artifact_url>` 200-OK + `sha256sum
<local_file>` against a freshly-pulled `paiml/qwen2.5-coder-7b-apache-q4k-v1`
file, verified against the manifest SHA-256 on a host with HF
network egress.

Coverage math post-landing:

- MODEL-1: 5/10 → **6/10** touched (1 DISCHARGED from SHIP-001, plus
  five PARTIALs on SHIP-002 / SHIP-005 / SHIP-006 / SHIP-007 /
  SHIP-008 and now SHIP-010). First MODEL-1 network-dependent PARTIAL
  — others have been format / algorithm / threshold rules.

- Combined both-models tally: 12 PARTIAL + 3 DISCHARGED (was 11 + 3).

Why self-contained (not stacked on PR #1019 SHIP-007): SHIP-010 lives
in `format/` next to LAYOUT contracts, not in `metrics/` or `qa/`;
the two domains are orthogonal, so the PR is based on fresh main
rather than stacked. `publish-manifest-v1.yaml` has no overlap with
`qwen2-e2e-verification-v1.yaml` (SHIP-007 home).

Dogfood evidence:

- `cargo build -p aprender-core --lib` → green (14.83s)
- `cargo test -p aprender-core --lib format::ship_010` →
  `3 passed; 0 failed; 0 ignored`
- `pv validate contracts/publish-manifest-v1.yaml` →
  `0 error(s), 0 warning(s). Contract is valid.`
- `cargo fmt -p aprender-core -- --check` → clean

Spec bump: v2.27.0 → v2.28.0 (entry added at top of header; AC table
row for AC-SHIP1-010 tagged `PARTIAL_ALGORITHM_LEVEL v2.28.0`).
@noahgift noahgift mentioned this pull request Apr 23, 2026
Closed
@noahgift noahgift merged commit 7729625 into main Apr 23, 2026
21 of 30 checks passed
@noahgift noahgift deleted the feat/falsify-ship-010-partial-discharge branch April 23, 2026 03:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@noahgift