chore(proof-surface): output integrity and adversarial parity#72
Merged
Conversation
…70) Two regulatory citation defects across 6 tracked files (11 specific text edits). No schema, axiom, class, or property changes. Pipeline behavior byte-identical: ALL CHECKS PASSED, exit 0. Defect 1 (Recital 22 miscitation, 7 locations): Recital 22 of Regulation (EU) 2024/1689 governs extraterritorial scope (third-country operators), not the biometric verification carve-out. The correct anchor chain is Recital 15 (definition + carve-out), Recital 17 (RBI-specific carve-out + rationale), and Annex III item 1(a) operative clause. Fixed in: - 03_TECHNICAL_CORE/ontology/ARCO_instances_verification.ttl (lines 18, 27): kiosk fixture rdfs:comment surfaced via select_system_comment.sparql into the negative-case certificate panel - 03_TECHNICAL_CORE/scripts/run_pipeline.py (lines 445, 1243): docstring + inline comment describing the design pattern - 03_TECHNICAL_CORE/reasoning/select_system_comment.sparql (line 6): SPARQL header comment - docs/MODELING_ROADMAP.md (line 15): public-facing modeling narrative Defect 2 (Article 3(36) "intended to be used" misattribution, 4 locations in tracked files): Article 3(36) is the technical 1:1 verification definition; it does not contain the phrase "intended to be used." That framing appears verbatim in Recital 15, Recital 17, and Annex III item 1(a). Fixed in: - docs/MODELING_ROADMAP.md (line 68) - docs/kiosk_demo_v1/kiosk_demo.md (lines 65, 172) - LIMITATIONS.md (line 114) Defect 3 (Article 3(43) paraphrase fidelity, 1 location): Article 3(43) verbatim uses "system" (BFO Bucket 1) where ARCO's :PostRemoteBiometricIdentificationProcess class uses "process" (BFO Bucket 4). Light fix in LIMITATIONS.md:141 adds the verbatim regulatory text and explicitly flags the "process" framing as ARCO's modeling translation. The corresponding TTL skos:definition at ARCO_governance_extension.ttl:336 deliberately not modified: the existing rdfs:comment already discloses the unused-stub status and regulatory paraphrase context, so adding a redundant flag in the definition would violate Adequatism. Verification: - python 03_TECHNICAL_CORE/scripts/run_pipeline.py returns ALL CHECKS PASSED, exit 0 - grep "Recital 22" across the technical core returns zero hits - grep 'Article 3(36).{0,40}intended to be used' returns zero hits - All 14 fixes verified by per-fix backtest agents (deploy + verify pattern) Deferred: - Class-naming question (:PostRBI Process vs :PostRBI System for BFO Bucket 4 vs Bucket 1) tracked separately - /intake of the EU AI Act source into KB pending separate authorization - Output structure work (executive summary restructure, row-level audit-table interpretations, RAG colors, audit-trail anchor) is the separate next milestone Revert: each fix is a localized text edit in an annotation property, code comment, or prose paragraph. No cascading effects expected. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Article 6(3) derogation scope qualifier no longer concatenated into `VERIFIED (ENTAILED)` literals (certificate text, summary print, summary.json, HTML badge, cert_lines builder). Scope surfaces as a separate field everywhere it appeared: - `derogation_evaluation_scope` object in summary.json - separate `ARTICLE 6(3) DEROGATION: NOT EVALUATED (run scope)` line in certificate.txt - pre-existing `derogation_scope_badge` HTML node now the canonical HTML disclosure surface Gate 3 display now requires the USS to designate `:NaturalPersonRole` (not just USS existence). Shared `gate3_designates_expected_role` helper applied to both HTML view and determination packet status, closing the display-weaker-than-OWL-axiom gap. `test_output_provenance.py` forbidden-pattern check passes 0/0. README and LIMITATIONS updated to remove stale "failing-by-design" language and "LIVE" markers on the now-closed Gate 3 and Article 6(3) defects. Closes OPEN_PROBLEMS L3.4 (Gate 3 truth-surface) and the Article 6(3) mixed-provenance forbidden-pattern. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New fixture `ARCO_instances_adversarial_decoy_5b.ttl` declares
`:WeirdCalculator owl:equivalentClass :CreditworthinessEvaluationCapability`,
types `:WeirdCalc_Disposition` only as the alias class, and asserts the
three-gate participants (IUS prescribing a `:CreditworthinessEvaluationProcess`
token, USS designating `:NaturalPersonRole`). Adversarial-purity
discipline matches the 1(a) decoy: no provider organisation, no
assessment documentation, no obligation, no determination ICE — only
what the gate axiom needs to fire.
New `test_credit_decoy_classifies_via_equivalent_class` in
`test_adversarial_mechanism.py` verifies five assertions:
1. pre-reasoning disposition typed as alias only
2. pre-reasoning disposition NOT typed as :CreditworthinessEvaluationCapability
3. post-reasoning disposition IS typed as :CreditworthinessEvaluationCapability
4. post-reasoning system entails :AnnexIII5bApplicableSystem
5. post-reasoning system does NOT entail :AnnexIII1aApplicableSystem
(cross-category isolation preserved)
Alias path's IRIs and labels avoid Credit / Score / Assessment / Evaluation
/ 5b vocabulary so a grep/label-matching reader sees no regulated-class
hint in the disposition, module, or system names. The `rdfs:comment` on
the alias class necessarily names :CreditworthinessEvaluationCapability
(that is what `owl:equivalentClass` documents).
README and LIMITATIONS adversarial-coverage descriptions updated to
reflect two equivalentClass decoys (1(a) + 5(b)) plus the blank-node ghost.
Closes OPEN_PROBLEMS L3.7 (5(b) adversarial equivalentClass parity).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
"the regulated class IRI never appears in the input data" is not literally true — the regulated class IRI does appear in the `owl:equivalentClass` declaration on the alias class. The safer claim is that the regulated class is not asserted as the disposition's type. The equivalentClass declaration is class-level, not instance-level, so the reasoner reaches the disposition's classification via class-equivalence propagation, not via direct type assertion. That distinction is what the test exercises. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds `ARCO_instances_adversarial_decoy_5b.ttl` (system `:WeirdCalcSystem_001`) to the HermiT-vs-OWL-RL cross-check matrix so the new 5(b) equivalentClass decoy is verified under both reasoners before merge, matching the 1(a) decoy's existing coverage. The fixture uses named individuals only (no blank-node disposition) so it does not hit the GhostSystem exclusion path documented in hermit_cross_check.py's module docstring. Three loci touched: - 03_TECHNICAL_CORE/scripts/hermit_cross_check.py: CERTIFICATE_GRADE_SCENARIOS - .github/workflows/robot-validate.yml: matrix strategy fixture list - LIMITATIONS.md §7.4: HermiT cross-check inventory prose Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Verdict
This PR did not drift into new production modeling commitments. It tightens the proof surface, separates graph-backed claims from run metadata, aligns display output with the OWL gate, and makes adversarial
owl:equivalentClasscoverage symmetric across the two modeled Annex III categories.Commit 1: citation anchors for verification carve-out
2b52861 fix(citations): correct EU AI Act anchors for verification carve-out (#70)Three citation / prose-fidelity fixes against Regulation (EU) 2024/1689. No code logic, schema, production axiom, class, or property changes. Classification behavior is unchanged. The kiosk
rdfs:commentis surfaced byselect_system_comment.sparql, so the certificate prose-scope text reflects the corrected wording.Fixed:
Files:
ARCO_instances_verification.ttl,select_system_comment.sparql,run_pipeline.pycomment blocks,LIMITATIONS.md,docs/MODELING_ROADMAP.md,docs/kiosk_demo_v1/kiosk_demo.md.Stats: 18 insertions, 15 deletions.
Commit 2: output provenance split + Gate 3 display match
295d003 fix(output): separate scope metadata from graph-backed entailmentChanges:
VERIFIED (ENTAILED)orNOT APPLICABLE; Article 6(3) non-evaluation is surfaced separately as run-scope metadata.summary.jsonnow emitsderogation_evaluation_scope, matching the manifest field the pipeline previously declared but did not emit.gate3_designates_expected_role(gate_evidence)now requires the bound role to equal:NaturalPersonRole, replacing the weakerbool(uss_uri)display check. The helper is used for both HTML anddetermination_packet.json.Files:
run_pipeline.py,test_output_provenance.py,LIMITATIONS.md,README.md,.gitignore.Stats: 88 insertions, 37 deletions.
Commit 3: 5(b) adversarial equivalentClass parity
aa1c8d1 test(adversarial): add 5(b) equivalentClass decoy parityAdds a 5(b) adversarial fixture parallel to the existing 1(a) decoy.
New fixture:
ARCO_instances_adversarial_decoy_5b.ttl.:WeirdCalculator owl:equivalentClass :CreditworthinessEvaluationCapability.owl:equivalentClassaxiom documents.New test:
test_credit_decoy_classifies_via_equivalent_class()intest_adversarial_mechanism.py.The test verifies:
:AnnexIII5bApplicableSystem.:WeirdCalculator.:CreditworthinessEvaluationCapability.:CreditworthinessEvaluationCapability.:AnnexIII5bApplicableSystem.:AnnexIII1aApplicableSystem.Docs updated: README and LIMITATIONS now describe the three adversarial cases: 1(a) decoy, 5(b) decoy, and blank-node ghost.
Stats: 4 files changed, 1 new file, 168 insertions, 4 deletions.
Commit 4: README adversarial-coverage precision
db149eb docs(readme): tighten adversarial-coverage claimOne-line overclaim correction:
the regulated class IRI never appears in the input datathe regulated class is not asserted as the disposition's typeReason: the
owl:equivalentClassdeclaration in each decoy fixture necessarily names the regulated class IRI. The narrower claim is the actual proof target: the disposition is not directly typed as the regulated class; the reasoner reaches that classification through class-equivalence propagation.Stats: 1 insertion, 1 deletion.
Aggregate
owl:equivalentClass:WeirdCalculatorsummary.jsonnow emitsderogation_evaluation_scopetest_output_provenance.pyValidation
Run locally on
chore/proof-surface-honesty:python 03_TECHNICAL_CORE/scripts/test_output_provenance.pypython 03_TECHNICAL_CORE/scripts/test_gate_removal.pypython 03_TECHNICAL_CORE/scripts/test_adversarial_mechanism.pypython 03_TECHNICAL_CORE/scripts/test_scenarios.pyAll passed.
Not included
Intentionally outside this PR:
runs/.OPEN_PROBLEMS.mdregister edits.docs/plans/artifacts.