lakehouse

profit/lakehouse

Fork 0

Commit Graph

Author	SHA1	Message	Date
root	5bdd159966	distillation: Phase 8 — full system audit Some checks failed lakehouse/auditor 14 blocking issues: cloud: claim not backed — "Phase 8 done-criteria (per spec):" Meta-audit script that runs deterministic checks across Phases 0-7 and compares to a baseline (auto-grown from prior runs). Pure observability — no pipeline modification. Single command: ./scripts/distill audit-full Files (2 new + 1 modified): scripts/distillation/audit_full.ts ~430 lines, 8 phase checks + drift scripts/distillation/distill.ts +audit-full subcommand reports/distillation/phase8-full-audit-report.md (autogenerated by run) Real-data audit on commit 681f39d: 22 total checks, 16 required, ALL 16 required PASS. Per-phase (required-pass / required): P0 recon: 1/1 — docs/recon/local-distillation-recon.md + tier-1 streams P1 schemas: 1/1 — 51 schema tests pass via subprocess P2 evidence: 1/1 — materializer dry-run completes P3 scoring: 1/1 — acc=386 part=132 rej=57 hum=480 on disk P4 exports: 5/5 — SFT 0-leak + RAG 0-rejected + Pref 0 self-pairs + 0 identical-text + 0 missing provenance P5 receipts: 4/4 — 5/5 stage receipts, all validate, RunSummary valid, run_hash is sha256 P6 acceptance: 1/1 — 22/22 fixture invariants pass via subprocess P7 replay: 2/2 — 3/3 dry-run tasks pass + escalation guard holds Drift detection (auto-grown baseline at data/_kb/audit_baselines.jsonl): 10 tracked metrics across P2/P3/P4 + quarantine totals. This run vs first audit baseline: 0% drift on all 10 metrics. Future drift >20% on any metric flips flag from ok → warn. Non-negotiables: - DO NOT modify pipeline logic — audit only reads + calls scripts - DO NOT suppress failures — non-zero exit on any required-check fail - DO NOT fake pass conditions — checks are deterministic + assertive Bug surfaced during construction (matches the spec's "spec is honest" gate): P3 check first used scoreAll dry-run which reported 0 accepted because scored-runs were deduped against. Fixed by reading data/scored-runs/ directly to get the on-disk distribution. Same class of bug as the audits.jsonl recon mistake from Phase 3 — assume nothing about a stream, inspect what's there. Phase 8 done-criteria (per spec): ✓ audit command runs successfully ✓ all 8 phases verified (P0..P7) ✓ drift clearly reported (10-metric drift table per run) ✓ report exists (reports/distillation/phase8-full-audit-report.md) What this unlocks: Subsequent CI / cron runs of audit-full will surface real drift if the pipeline's behavior changes. The system is now self-monitoring in the strongest sense: every invariant has an automated check, every metric has a drift gate, and the report tells a future agent exactly what diverged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 23:48:54 -05:00

Author

SHA1

Message

Date

root

5bdd159966

distillation: Phase 8 — full system audit

lakehouse/auditor 14 blocking issues: cloud: claim not backed — "Phase 8 done-criteria (per spec):"

Meta-audit script that runs deterministic checks across Phases 0-7
and compares to a baseline (auto-grown from prior runs). Pure
observability — no pipeline modification. Single command:

  ./scripts/distill audit-full

Files (2 new + 1 modified):
  scripts/distillation/audit_full.ts     ~430 lines, 8 phase checks + drift
  scripts/distillation/distill.ts        +audit-full subcommand
  reports/distillation/phase8-full-audit-report.md  (autogenerated by run)

Real-data audit on commit 681f39d:
  22 total checks, 16 required, ALL 16 required PASS.

Per-phase (required-pass / required):
  P0 recon:       1/1 — docs/recon/local-distillation-recon.md + tier-1 streams
  P1 schemas:     1/1 — 51 schema tests pass via subprocess
  P2 evidence:    1/1 — materializer dry-run completes
  P3 scoring:     1/1 — acc=386 part=132 rej=57 hum=480 on disk
  P4 exports:     5/5 — SFT 0-leak + RAG 0-rejected + Pref 0 self-pairs +
                       0 identical-text + 0 missing provenance
  P5 receipts:    4/4 — 5/5 stage receipts, all validate, RunSummary valid,
                       run_hash is sha256
  P6 acceptance:  1/1 — 22/22 fixture invariants pass via subprocess
  P7 replay:      2/2 — 3/3 dry-run tasks pass + escalation guard holds

Drift detection (auto-grown baseline at data/_kb/audit_baselines.jsonl):
  10 tracked metrics across P2/P3/P4 + quarantine totals.
  This run vs first audit baseline: 0% drift on all 10 metrics.
  Future drift >20% on any metric flips flag from ok → warn.

Non-negotiables:
  - DO NOT modify pipeline logic — audit only reads + calls scripts
  - DO NOT suppress failures — non-zero exit on any required-check fail
  - DO NOT fake pass conditions — checks are deterministic + assertive

Bug surfaced during construction (matches the spec's "spec is honest"
gate): P3 check first used scoreAll dry-run which reported 0 accepted
because scored-runs were deduped against. Fixed by reading
data/scored-runs/ directly to get the on-disk distribution. Same
class of bug as the audits.jsonl recon mistake from Phase 3 — assume
nothing about a stream, inspect what's there.

Phase 8 done-criteria (per spec):
  ✓ audit command runs successfully
  ✓ all 8 phases verified (P0..P7)
  ✓ drift clearly reported (10-metric drift table per run)
  ✓ report exists (reports/distillation/phase8-full-audit-report.md)

What this unlocks:
  Subsequent CI / cron runs of audit-full will surface real drift if
  the pipeline's behavior changes. The system is now self-monitoring
  in the strongest sense: every invariant has an automated check,
  every metric has a drift gate, and the report tells a future agent
  exactly what diverged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-26 23:48:54 -05:00

1 Commits