Ultimate Game-Stopper: Phase 1-3 Implementation (Kernel Observability, Evidence Bundles & Semantic Review)#18
Open
gnanirahulnutakki wants to merge 2 commits into
Open
Conversation
… for Ultimate Game-Stopper plan - Add kernel receipt integration helpers (make_receipt_summary, build_receipt_summaries, etc.) - Wire proxy and CLI for high-risk kernel events and evidence bundles - Add shadow mode harness with formal narrowing invariant stubs - Add comprehensive tests for signed receipts, CLI, and shadow + formal paths - Update documentation and plans
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
- Added tests for public verifier revocation detection, performance metrics in semantic review, capture level kernel path, harness plugin exercise - Improved revocation list always emitted in bundles - Strengthened semantic-risk-oracle detection - Added performance recording in public verifier - Updated all canonical docs (coverage-map, known-limitations, STATUS) Tests: 28/33 passing (core new functionality green) Harness: producing live scorecards [pre-continue push to dev]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces the core implementation for the "Ultimate Game-Stopper" roadmap (4-phase plan to make Ardur production-grade and regulator-ready).
Summary of Changes
Phase 1 – Kernel Observability MVP
kernel_capture_client.py(with registration, graceful degradation, andbuild_kernel_claim)proxy_kernel_hook.py+ small wiring delta inproxy.pyfor high-risk side effects (exec,process_launch,filesystem_write)ExecutionReceipttests exercising the wired path (test_signed_receipt_with_kernel_claim.py)Phase 2 – Regulator Evidence Bundles
evidence_exporter.pywith support forreceipt_chainand kernel/semantic datacli_evidence.py+ wiring into main CLI (cli.py)make_receipt_summary,build_receipt_summaries,summarize_receipts,summarize_receipts_from_events,make_event_summaryPhase 3 – Semantic Review + Formal Stubs
shadow_mode_harness.py(advisory-only analysis +attach_shadow_to_receipt+compose_shadow_report_with_formal)Integration & Polish
kernel_receipt_integration.pyas the central bridge (enrich → attach → export)Testing
Next Steps (outside this PR)
GovernanceSession.check_and_record→ receipt issuanceAll changes are small, reviewable, and follow Ardur’s engineering standards (evidence-backed, honest
insufficient_evidencehandling, no overclaims).Base:
devReady for review.