Depth Advantage: consequence reasoning, cascade analysis, verification loop#46
Merged
Conversation
Attestations now include: - trace: step-by-step evaluation process (parse, analyze, policy) - verification: CLI commands and API checks for independent verification - state_snapshot: captured resource state at evaluation time - reproducibility: whether assessment is deterministic or state-dependent This gives third parties cryptographic proof of HOW RecourseOS reached its verdict, not just WHAT the verdict was. Competitors only log verdicts; we prove the reasoning chain. Schema updated with reasoningTrace and verificationInstructions definitions. TraceBuilder captures evaluation steps as they occur. Terraform evaluator wired up to produce traces. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
S3 buckets now include: - Object count and total size in human-readable format - Last modified timestamp with relative time - Sample size indicator for large buckets RDS instances now include: - Engine type in reasoning - Snapshot count and recency - Backup retention period - PITR availability - Multi-AZ and replica status Before: "S3 bucket deletion is destructive" After: "S3 bucket 'prod-data' (12,847 objects, 50 GB, last modified 2 hours ago) has no versioning; deletion is UNRECOVERABLE" Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Cascade impact now includes:
- Resource type for each affected resource
- Depth tracking (1 = direct, 2+ = transitive)
- Dependency type (explicit vs implicit)
- Human-readable summary grouped by type
Example output:
- cascadeSummary: "3 subnets, 2 EC2 instances, 1 NAT gateway, 1 RDS instance"
- maxCascadeDepth: 2
- cascadeByType: { "aws_subnet": 3, "aws_instance": 2, ... }
This enables agents to understand the full blast radius of a deletion
with concrete resource counts grouped by type.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added OutputPattern type for automatic output interpretation: - json_array_not_empty: Check if array has items - json_field_equals: Check field value matches expected - json_field_exists: Check field exists - regex: Match pattern in raw output - exit_code: Check command exit code New pattern-matcher.ts: - interpretVerificationOutput() for automatic matching - matchPattern() for individual pattern evaluation - Supports nested JSON paths (e.g., "a.b.c") Updated verification templates with: - expected_pattern and failure_pattern for structured matching - example_output showing expected format - RDS, DynamoDB, S3 templates enhanced Improved evidence re-evaluation: - Pattern matching used when structured patterns available - Falls back to agent interpretation when no patterns - Better evidence evaluation result tracking - Detailed reasoning in verdict upgrades Workflow: 1. RecourseOS returns verification suggestions with patterns 2. Agent runs command, captures output and exit code 3. Agent submits evidence with raw_output 4. Pattern matcher auto-interprets output 5. Verdict upgraded if evidence confirms recovery paths Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added implementation status table showing all 5 areas complete - Added detailed implementation notes with file paths - Added example outputs for each feature - Added files changed section for reference - Updated competitive positioning table - Marked all success metrics as complete Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Website: - Create docs/depth-advantage.html with full feature documentation - Add link to depth-advantage from docs.html Design Drafts section Verification Protocol v1.1: - Add OutputPattern schema for automatic output interpretation - Document 5 pattern types: json_array_not_empty, json_field_equals, json_field_exists, regex, exit_code - Add workflow section and examples for S3, RDS, DynamoDB Tests: - Add tests/pattern-matcher.test.ts with 58 tests (97.4% coverage) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the "depth advantage" strategy - competing on consequence depth rather than gateway breadth.
OutputPatterntypes for automatic output interpretationChanges
Core Features
objectCount,totalSizeBytes,snapshotCount, etc.)CascadeImpactwithresourceType,depth,dependencyTypefieldsOutputPatternschema with 5 pattern types for automatic verification matchingTraceBuilderfor capturing evaluation steps in attestationsDocumentation
docs/depth-advantage.html- Full feature documentation pagedocs/verification-protocol-v1.md- OutputPattern schema and examples (v1.1)docs/depth-advantage.md- Implementation status and detailsTests
tests/pattern-matcher.test.ts- 58 tests (97.4% coverage)Test plan
npm test)🤖 Generated with Claude Code