c7aa607ae4
Per 2026-05-03 phase_1_6_bipa_gates scrum (13 findings, 0 convergent).
1 BLOCK verified false positive, 4 real fixes shipped:
False positive (verified):
- opus BLOCK on attest:55 — claimed `set -uo pipefail` without `-e`
makes the post-python3 `if [ $? -ne 0 ]` check unreachable. Verified
WRONG: `X=$(false); echo $?` prints 1. Bash propagates command-
substitution exit through $? on the assignment line. The check IS
the python3 exit gate. Inline comment added to the script noting
the false positive so future scrums don't re-flag.
Real fixes:
1. opus WARN attestation:18 — schema fingerprint hashed names ONLY,
missing column-type changes. A column repurposed to hold base64
photo bytes under its existing name would pass undetected. Now
hashes "name<TAB>type<TAB>nullable=bool" per row. Re-run produced
evidence SHA-256 1fdcc9f1... (vs old 230fffeb..., reflecting the
broader fingerprint scope).
2. opus WARN gate_4_test:60 — definition regex didn't catch
object-literal property forms (`const t = { FEMALE_NAMES: [...] }`)
or TypeScript class fields (`class L { public NAMES_X: string[] = [] }`).
Added two new patterns + a regression test
(Gate 4: object-literal and class-field bypasses are caught) that
exercises 5 bypass forms. 4/4 tests green; 1 minor regex tweak
needed mid-fix to handle single-line class bodies.
3. kimi WARN python3-reliance — script assumed pyarrow installed and
would emit a stack trace into the attestation if not. Added
`python3 -c "import pyarrow"` gate at top with clean install
instructions on failure.
4. opus INFO PHASE_1_6:200 — item 7 (training) silently dropped from
blocking set with bare "deferred" rationale. Now explicitly states
the deferral is conditional on small operator population (J + 1-2
named ops); item 7 re-promotes to blocking if population grows.
⚖ COUNSEL marker added.
Skipped (acceptable as ⚖ COUNSEL placeholders by design):
- kimi WARN consent template:30-day-SLA (counsel decides number)
- kimi WARN consent template:email-placeholder (counsel supplies)
- kimi WARN parquet absence (env override exists; redeployment-aware)
- kimi INFO runbook manual-erasure (marked TODO when /erase ships)
- qwen INFO doc path/status nits (already addressed by file moves)
Tests: 4/4 Gate 4 absence test (incl. new bypass-coverage), 3/3
attestation evidence checks pass on live data.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
92 lines
2.5 KiB
Markdown
92 lines
2.5 KiB
Markdown
# BIPA Pre-IdentityD Biometric Attestation
|
|
|
|
**Date:** 2026-05-03
|
|
**Spec:** docs/PHASE_1_6_BIPA_GATES.md §2
|
|
**Generator:** scripts/staffing/attest_pre_identityd_biometric_state.sh
|
|
|
|
## Purpose
|
|
|
|
This is a one-time defense artifact establishing that, as of
|
|
2026-05-03, no biometric identifiers or biometric information
|
|
from real candidates have been collected, processed, or stored
|
|
by the Lakehouse system. It is intended to be signed by J
|
|
(operator of record) and outside counsel, then anchored to a
|
|
tamper-evident store (filesystem with backups + version control).
|
|
|
|
## Evidence
|
|
|
|
## Check 1 — workers_500k.parquet schema (no biometric columns)
|
|
|
|
**Source:** `data/datasets/workers_500k.parquet`
|
|
|
|
**Schema columns** (18 total):
|
|
|
|
```
|
|
worker_id int64 nullable=True
|
|
name string nullable=True
|
|
role string nullable=True
|
|
email string nullable=True
|
|
phone string nullable=True
|
|
city string nullable=True
|
|
state string nullable=True
|
|
zip int64 nullable=True
|
|
skills string nullable=True
|
|
certifications string nullable=True
|
|
archetype string nullable=True
|
|
reliability double nullable=True
|
|
responsiveness double nullable=True
|
|
engagement double nullable=True
|
|
compliance double nullable=True
|
|
availability double nullable=True
|
|
communications string nullable=True
|
|
resume_text string nullable=True
|
|
```
|
|
|
|
**Schema SHA-256:** `973b9abe56420de8f88122278b633e813f90a64cf0ddaac6a9811dc0940be676`
|
|
|
|
- PASS: no biometric / photo / face / image column present
|
|
|
|
## Check 2 — KB + pathway memory contain no biometric payloads
|
|
|
|
**Sources scanned:**
|
|
- `data/_kb/*.jsonl` (knowledge base)
|
|
- `data/_pathway_memory/state.json` (pathway memory state)
|
|
|
|
**Files scanned:** 33
|
|
**Forbidden-pattern hits:** 0
|
|
|
|
- PASS: no biometric payload patterns found in scanned files
|
|
|
|
## Check 3 — Headshots manifest is synthetic-only
|
|
|
|
**Source:** `data/headshots/manifest.jsonl`
|
|
|
|
**Total rows:** 1000
|
|
**Rows tagged real/candidate_upload/photo_upload:** 0
|
|
|
|
- PASS: all 1000 rows are synthetic (no real-candidate uploads)
|
|
|
|
## Summary
|
|
|
|
**3 / 3** evidence checks pass.
|
|
|
|
|
|
---
|
|
|
|
## Attestation
|
|
|
|
I, the undersigned, attest that the above evidence accurately
|
|
reflects the state of the Lakehouse system as of 2026-05-03.
|
|
No biometric identifiers or biometric information from real
|
|
candidates have been collected, processed, or stored prior to
|
|
the deployment of the Phase 1.6 BIPA pre-launch gates.
|
|
|
|
**Evidence SHA-256:** `1fdcc9f1682de27e1a0556d698ce221b74c1e71cf54128763828b4bca7b5c1bf`
|
|
|
|
---
|
|
|
|
**Operator (J):** _______________________________ Date: __________
|
|
|
|
**Outside counsel:** ___________________________ Date: __________
|
|
|