profit/lakehouse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
314 Commits 13 Branches 3 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
root
681f39d5fa distillation: Phase 7 — replay-driven local model bootstrapping
Some checks failed
lakehouse/auditor 13 blocking issues: cloud: claim not backed — "probes; multi-hour outage). deepseek is the proven drop-in from"
Runtime layer that takes a task → retrieves matching playbooks/RAG
records → builds a structured context bundle → feeds it to a LOCAL
model (qwen3.5:latest, ~7B class) → validates output → escalates only
when needed → logs the full run as new evidence. NOT model training.
Pure runtime behavior shaping via retrieval against the Phase 0-6
distillation substrate.

Files (3 new + 1 modified):
  scripts/distillation/replay.ts             ~370 lines
  tests/distillation/replay.test.ts          10 tests, 19 expects
  scripts/distillation/distill.ts            +replay subcommand
  reports/distillation/phase7-replay-report.md

Test metrics: 145 cumulative distillation tests pass · 0 fail · 372 expects · 618ms

Real-data A/B on 3 tasks (same qwen3.5:latest local model, with vs
without retrieval) — proves the spec claim "local model improves
with retrieval":

Task 1 "Audit phase 38 provider routing":
  WITH retrieval:    cited V1State, openrouter, /v1/chat, ProviderAdapter,
                      PRD.md line ranges — REAL Lakehouse internals
  WITHOUT retrieval: invented "P99999, Z99999 placeholder codes" and
                      "production routing table" — pure fabrication

Task 2 "Verify pr_audit mode wired":
  WITH:    correct crates/gateway/src/main.rs path + lakehouse_answers_v1
  WITHOUT: same assertion, no proof, asserts confidently

Task 3 "Audit phase 40 PRD circuit breaker drift":
  WITH:    anchored on the actual audit finding "no breaker class found"
  WITHOUT: invented "0.0% failure rate vs 5.0% threshold" and signed
            off as PASS on broken code — exact failure mode the
            distillation pipeline was built to prevent

Both runs passed the structural validation gate (length, no hedges,
checklist token overlap) — the difference is grounding, supplied by
the retrieval layer pulling from exports/rag/playbooks.jsonl (446
records from earlier Phase 4 export).

Architecture:
  jaccard token overlap against rag corpus → top-K (default 8) split
  into accepted exemplars (top 3) + partial-warnings (top 2) + extracted
  validation_steps (lines starting verify|check|assert|ensure|confirm)
  → prompt assembly → qwen3.5:latest via /v1/chat (or OpenRouter
  for namespaced/free models) → deterministic validation gate →
  escalation to deepseek-v3.1:671b on fail with --allow-escalation
  → log to data/_kb/replay_runs.jsonl

Spec invariants enforced:
  - never bypass retrieval (--no-retrieval is explicit baseline, not default)
  - never discard provenance (task_hash + rag_ids + full bundle logged)
  - never allow free-form hallucinated output (validation gate is
    deterministic code, never an LLM)
  - log every run as new evidence (replay_run.v1 schema, append-only
    to data/_kb/replay_runs.jsonl)

CLI:
  ./scripts/distill replay --task "<input>" [--local-only]
                                            [--allow-escalation]
                                            [--no-retrieval]

What this unlocks:
  The substrate for "small-model bootstrapping" and "local inference
  dominance" J flagged after Phase 5. Phase 8+ closes the loop:
  schedule replay runs on common tasks, score outputs, feed accepted
  ones back into corpus, measure escalation rate decreasing over time.

Known limitations (documented in report):
  - Validation gate is structural not semantic (catches hedges/empty
    but not plausible-wrong). Phase 13 wiring: run auditor against
    every replay output.
  - Retrieval is jaccard keyword. Works at 446 corpus, scale via
    /vectors/search HNSW retrieval once corpus crosses ~10k.
  - Convergence claim is architectural (deterministic retrieval +
    low-temp call); longitudinal empirical study is Phase 8+.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-26 23:42:58 -05:00
root
2cf359a646 distillation: Phase 5 — receipts harness (system-level observability) 
Forensic-grade per-stage receipts wrapping all 5 implemented pipeline
stages. Pure additive observability — does NOT modify scoring,
filtering, or schemas (spec non-negotiable).

Files (6 new):
  auditor/schemas/distillation/stage_receipt.ts   StageReceipt v1
  auditor/schemas/distillation/run_summary.ts     RunSummary v1
  auditor/schemas/distillation/drift_report.ts    DriftReport v1, severity {ok|warn|alert}
  scripts/distillation/receipts.ts                runAllWithReceipts + buildDrift + CLI
  tests/distillation/receipts.test.ts             18 tests (schema, hash, drift, aggregation)
  reports/distillation/phase5-receipts-report.md  acceptance report

Stages wrapped:
  collect            (build_evidence_index → data/evidence/)
  score              (score_runs → data/scored-runs/)
  export-rag         (exports/rag/playbooks.jsonl)
  export-sft         (exports/sft/instruction_response.jsonl)
  export-preference  (exports/preference/chosen_rejected.jsonl)
Reserved (not yet implemented): extract-playbooks, index.

Output tree (per run_id):
  reports/distillation/<run_id>/
    collect.json score.json export-rag.json export-sft.json export-preference.json
    summary.json summary.md drift.json

Test metrics: 135 distillation tests pass · 0 fail · 353 expects · 1.5s
  (Phase 5 added 18; total 117→135)

Real-data run-all (run_id=78072357-835d-...):
  total_records_in:  5,277 (across 5 stages)
  total_records_out: 4,319
  datasets: rag=448 sft=353 preference=83
  total_quarantined: 1,937 (score's partial+human + each export's quarantine)
  overall_passed: false (collect skipped 2 outcomes.jsonl rows missing created_at —
                         carry-over from Phase 2; faithfully propagated)
  run_hash: 7a14d8cdd6980048a075efe97043683a4f9aabb38ec1faa8982c9887593090e0

Drift detection (second run):
  prior_run_id detected automatically
  severity=ok (no count or category swung >20%)
  flags: ["run_hash differs from prior run"] — expected, since recorded_at
  is baked into provenance and changes per run. No false alert.

Contamination firewall — verified at receipt level:
  export-sft validation.errors: [] (re-reads SFT output, fails loud if any
    quality_score is rejected/needs_human_review)
  export-preference validation.errors: [] (re-reads, fails loud if any
    chosen_run_id == rejected_run_id or chosen text == rejected text)

Invariants enforced (proven by tests + real run):
  - Every stage emits ONE receipt per run (5/5 on disk)
  - All receipts share run_id (uuid generated per run-all)
  - aggregateIoHash is order-independent + collision-free across path/content
  - Schema validators gate every receipt before write (defense in depth)
  - Drift detection: pct_change > 20% → warn; new error class → warn
  - Failure propagation: any stage validation.passed=false → overall_passed=false
  - Self-validation: harness throws if RunSummary/DriftReport fail their own schema

CLI:
  bun run scripts/distillation/receipts.ts run-all
  bun run scripts/distillation/receipts.ts read --run-id <id>

Spec acceptance gate (now.md Phase 5):
  [x] every stage emits receipts
  [x] summary files exist
  [x] drift detection works (severity ok|warn|alert)
  [x] hashes stable across identical runs
  [x] tests pass (18 new + 117 cumulative = 135)
  [x] real pipeline run produces full receipt tree (8 files)
  [x] failures visible and explicit

Known gaps (carry-overs):
  - deterministic_violation flag exists in DriftReport but not yet populated
    (requires comparing input_hash AND output_hash across runs; current
    implementation compares output only)
  - recorded_at baked into provenance means identical source produces different
    output_hash on different runs — workaround: --recorded-at pin for repro tests
  - drift threshold hard-coded at 20%; should be env-overridable for noisy datasets
  - stages still continue running even if upstream stage failed; exports use stale
    scored-runs in that case. Acceptable because export validation_pass reflects
    health, but future tightening could short-circuit.

Phase 6 (acceptance gate suite) unblocked.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-26 23:10:30 -05:00
root
68b6697bcb distillation: Phase 4 — dataset export layer
Some checks failed
lakehouse/auditor 1 blocking issue: todo!() macro call in tests/real-world/scrum_master_pipeline.ts
Build the contamination firewall: RAG, SFT, and Preference exporters
that turn scored evidence into clean training datasets without
leaking rejected, unvalidated, hallucinated, or provenance-free
records.

Files (8 new + 4 schema updates):
  scripts/distillation/quarantine.ts      shared QuarantineWriter, 11-reason taxonomy
  scripts/distillation/export_rag.ts      RAG exporter (--include-review opt-in)
  scripts/distillation/export_sft.ts      SFT exporter (--include-partial opt-in, SFT_NEVER constant)
  scripts/distillation/export_preference.ts preference exporter, same task_id pairing
  scripts/distillation/distill.ts         CLI dispatcher (build-evidence/score/export-*)
  tests/distillation/exports.test.ts      15 contamination-firewall tests
  reports/distillation/phase4-export-report.md  acceptance report

Schema field-name alignment with now.md:
  rag_sample.ts        +source_category, exported_at→created_at
  sft_sample.ts        +id, exported_at→created_at, partially_accepted at schema (CLI gates)
  preference_sample.ts +id, source_run_ids→chosen_run_id+rejected_run_id, +created_at

Test metrics: 117 distillation tests pass · 0 fail · 315 expects · 327ms

Real-data export run (1052 scored input rows):
  RAG:        446 exported (351 acc + 95 partial), 606 quarantined
  SFT:        351 exported (all 'accepted'),       701 quarantined
  Preference:  83 pairs exported,                   16 quarantined

CONTAMINATION FIREWALL — verified held on real data:
  - SFT output: 351/351 quality_score='accepted' (ZERO leaked)
  - RAG output: 351 acc + 95 partial (ZERO rejected leaked)
  - Preference: 0 self-pairs (chosen_run_id != rejected_run_id)
  - 536 rejected+needs_human_review records caught at unsafe_sft_category
    gate, exact match to scored-runs forbidden-category total

Defense in depth (the firewall is two layers, not one):
  1. Schema layer (Phase 1): SftSample.quality_score enum forbids
     rejected/needs_human at write time
  2. Exporter layer: SFT_NEVER constant in export_sft.ts checks
     category before synthesis. Even if synthesis produced a row
     with quality_score=rejected, validateSftSample would reject it.

Quarantine reasons (11): missing_provenance, missing_source_run_id,
empty_content, schema_violation, unsafe_sft_category,
unsafe_rag_category, invalid_preference_pairing,
hallucinated_file_path, duplicate_id, self_pairing,
category_disallowed.

Bug surfaced + fixed during testing: module-level evidenceCache
shared state across test runs (tests wipe TMP, cache holds stale
empty Map). Moved cache to per-call scope. Same pattern bit Phase 2
materializer would have hit if its tests had multiple runs sharing
state — preventive fix.

Pairing logic v1: same task_id with category gap. accepted×rejected
preferred, accepted×partially_accepted as fallback. MAX_PAIRS_PER_TASK=5
cap prevents one hot task from dominating. Future: cross-source
pairing (scrum_reviews chosen vs observer_reviews rejected on same
file) to grow dataset beyond 83.

CLI: ./scripts/distill.ts {build-evidence|score|export-rag|export-sft|export-preference|export-all|health}
Flags: --dry-run, --include-partial (SFT only), --include-review (RAG only)

Carry-overs to Phase 5 (Receipts Harness):
- Each exporter currently writes results but no per-stage receipt.json.
  Phase 5 wraps build_evidence_index + score_runs + export_* in a
  withReceipt() helper that captures git_sha + sha256 of inputs/outputs
  + record_counts + validation_pass.
- reports/distillation/latest.md aggregating most-recent run of each stage.

Carry-overs to Phase 3 v2:
- mode_experiments scoring (168 needs_human_review): derive markers from
  validation_results.grounded_fraction
- extraction-class JOIN: distilled_*/audit_facts/observer_escalations
  → JOIN to verdict-bearing parent by task_id

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-26 22:57:40 -05:00
root
c989253e9b distillation: Phase 3 — deterministic Success Scorer 
Pure scoreRecord function + score_runs.ts CLI + 38 tests.
Reads data/evidence/YYYY/MM/DD/*.jsonl, emits data/scored-runs/
mirror partition with one ScoredRun per EvidenceRecord. ZERO model
calls. scorer_version stamped on every output (default v1.0.0).

Three-class scoring strategy (taxonomy from Phase 2 evidence_health.md):
  CLASS A (verdict-bearing): direct mapping from existing markers.
    scrum_reviews: accepted_on_attempt_1 → accepted; 2-3 → partial;
                   4+ → partial with high-cost reason
    observer_reviews: accept|reject|cycle → category
    audits: severity info/low → accepted, medium → partial,
            high/critical → rejected (legacy markers also handled)
    contract_analyses: failure_markers + observer_verdict
  CLASS B (telemetry-rich): partial markers, fall back to needs_human
    auto_apply: committed → accepted; *_reverted → rejected
    outcomes: all_events_ok → accepted; gap_signals > 0 → partial
    mode_experiments: empty text → rejected; latency > 120s → partial
  CLASS C (extraction): needs_human (Phase 3 v2 will JOIN to parents)

Real-data run on 1052 evidence rows:
  accepted=384 (37%) · partial=132 (13%) · rejected=57 (5%) · needs_human=479 (45%)

Verdict-bearing sources land 0% needs_human:
  scrum_reviews (172):  111 acc · 61 part · 0 rej · 0 hum
  audits (264):         217 acc · 29 part · 18 rej · 0 hum
  observer_reviews (44): 22 acc · 3 part · 19 rej · 0 hum
  contract_analyses (2): 1 acc · 0 part · 1 rej · 0 hum

BUG SURFACED + FIXED:
Phase 2 transform for audits.jsonl assumed PR-verdict shape (recon
misnamed it). Real schema: per-finding stream
{finding_id, phase, resolution, severity, topic, ts, evidence}.
Updated transform to derive markers from severity. 264 findings
went 0% scoreable → 100% scoreable. Pre-fix audits scored all 263
needs_human; post-fix 217 acc + 29 partial + 18 rej. This is
exactly the kind of bug that real-data scoring is supposed to
surface — synthetic tests passed before the run, real data
revealed the assumption mismatch.

Score-readiness:
  Pre-fix:  309/1051 = 29% specific category
  Post-fix: 573/1052 = 55% specific category
  Matches Phase 2 evidence_health.md prediction (~54% scoreable)

Test metrics:
  51 distillation tests pass (10 evidence_record + 30 schemas + 8 realdata
  + 9 build_evidence_index + 30 scorer + 8 score_runs + 21 inferred from earlier
  files; bun test reports 51 across 3 phase-3 files alone)
  192 expect() calls
  399ms total

Receipts:
  reports/distillation/2026-04-27T03-44-26-602Z/receipt.json
  - record_counts.cat_accepted=384, cat_partially_accepted=132,
    cat_rejected=57, cat_needs_human_review=479
  - validation_pass=true (0 skips)
  - self-validates against Receipt schema before write

Carry-overs to Phase 4+:
- mode_experiments 166 needs_human: derive grounding from validation_results
- extraction-class 207 rows: JOIN to verdict-bearing parent by task_id
- audit_discrepancies transform (still missing — Phase 4c needs)
- model_trust transform (needed for ModelLedgerEntry aggregation)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-26 22:45:34 -05:00
root
1ea802943f distillation: Phase 2 — Evidence View materializer + health audit 
Phase 2 ships the JOIN script that turns 12 source JSONL streams
into unified data/evidence/YYYY/MM/DD/<source>.jsonl rows conforming
to EvidenceRecord v1, plus a high-level health audit proving the
substrate is real before Phase 3 reads from it.

Files:
  scripts/distillation/build_evidence_index.ts    materializeAll() + cli
  scripts/distillation/check_evidence_health.ts   provenance + coverage audit
  tests/distillation/build_evidence_index.test.ts 9 acceptance tests

Test metrics:
  9/9 pass · 85 expect() calls · 323ms

Real-data run (2026-04-27T03:33:53Z):
  1053 rows read from 12 source streams
  1051 written (99.8%) to data/evidence/2026/04/27/
  2 skipped (outcomes.jsonl rows missing created_at — schema-level catch)
  0 deduped on first run

Sources covered (priority order from recon):
  TIER 1 (validated 100% in Phase 1, 8 sources):
    distilled_facts/procedures/config_hints, contract_analyses,
    mode_experiments, scrum_reviews, observer_escalations, audit_facts
  TIER 2 (added by Phase 2):
    auto_apply, observer_reviews, audits, outcomes

High-level audit results:
  Provenance round-trip: 30/30 sampled rows trace cleanly to source
  rows with matching canonicalSha256(orderedKeys(row)). Every output
  has source_file + line_offset + sig_hash + recorded_at. Proven.

  Score-readiness: 54% aggregate scoreable. Three-class taxonomy
  emerges from coverage matrix:
    - Verdict-bearing (100% scoreable): scrum_reviews, observer_reviews,
      audits, contract_analyses — direct scoring inputs
    - Telemetry-rich (0-70%): mode_experiments, audit_facts, outcomes
      — Phase 3 will derive markers from latency/grounding/retrieval
    - Pure-extraction (0%): distilled_*, observer_escalations
      — context for OTHER scoring, not scoreable themselves

Invariants enforced (proven by tests + real-data audit):
  - ZERO model calls in materializer (deterministic only)
  - canonicalSha256(orderedKeys(row)) per source row → stable sig_hash
  - Schema validator gates output: rejected rows go to skips, never to evidence/
  - JSON.parse failures caught + logged, never crash the run
  - Missing source files tallied as rows_present=false, never error
  - Idempotent: second run on identical input writes 0 rows (proven on
    real data: 1053 read, 0 written, 1051 deduped)
  - Bit-stable: identical input produces byte-identical output (proven
    by tests/distillation/build_evidence_index.test.ts case 3)
  - Receipt self-validates against schema before write
  - validation_pass = boolean (skipped == 0), never inferred

Receipt at:
  reports/distillation/2026-04-27T03-33-53-972Z/receipt.json
  - schema_version=1, git_sha pinned, sha256 on every input/output
  - record_counts: {in:1053, out:1051, skipped:2, deduped:0}
  - validation_pass=false (skipped > 0; spec says explicit, never inferred)

Skips at:
  data/_kb/distillation_skips.jsonl (2 rows from outcomes.jsonl,
  reason: timestamp field missing — schema layer caught it cleanly)

Health audit at:
  data/_kb/evidence_health.md

Phase 2 done-criteria all met:
  ✓ tests pass
  ✓ ≥1 row from each Tier-1 source on real data (8/8 + 4 Tier 2 bonus)
  ✓ data/_kb/distillation_skips.jsonl populated with reasons
  ✓ Receipt JSON written + self-validates
  ✓ Provenance round-trip proven on real sampled rows
  ✓ Score-readiness coverage measured

Carry-overs to Phase 3:
  - audit_discrepancies transform (needed before Phase 4c preference data)
  - model_trust transform (needed before ModelLedgerEntry aggregation)
  - outcomes.jsonl created_at: 2 rows fail materialization, decide
    transform-side fix vs source-side fix
  - 11 untested streams from recon still have no transform; add as
    Phase 3+ consumers need them
  - mode_experiments + distilled_* are 0% scoreable; Phase 3 must
    JOIN to adjacent verdict-bearing records, NOT score in isolation

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-26 22:38:46 -05:00