chore(video): carry-forward PR #2 evidence + GPD retrofit + Opus-audited cleanup#6
Merged
Zer0pa-Architect-Prime merged 11 commits intoApr 28, 2026
Merged
Conversation
Imports the v0.1.0 perception-receipt product surface from PR #2 (reorientation/2026-04-17, 5ad80da) without overwriting current main investor-readiness hardening. Carried forward: - src/zpe_video/manifest.py, receipt.py, py.typed (NEW) - src/zpe_video/__init__.py, codec.py, detector.py, fixtures.py, metrics.py (PR #2 versions; main did not modify these since merge-base) - tests/test_codec.py, test_manifest.py, test_receipt.py - examples/01_round_trip.py, 02_cross_writer.py, 03_file_round_trip.py, README.md - scripts/authority_bundle.py, receipt_core_benchmark.py, measure_am_c01.py, measure_am_c01_ladder.py - src/README.md Drift rejected: none in this surface. PR #5 operator-name redaction already verified clean on PR #2 head.
Imports the transparency bundle (research ledger, phase artifacts, fair-baseline benchmark) and authority packet from PR #2. Carried forward: - docs/transparency/README.md - docs/transparency/phase09_4_1_1_2_2_receipt_core_provenance_benchmark/* (PLAN, SUMMARY, baseline_table, manifest_binding, summary.json) - docs/transparency/phase9_4_1_1_2_1_candidate_a_roi_sidecar/* - docs/transparency/phase9_4_1_1_2_1_candidate_b_video_llm_object_memory/* - docs/transparency/phase9_4_1_1_2_1_candidate_c_primitive_semantic_enrichment/* - docs/transparency/phase9_4_1_1_2_fair_baseline/* (BENCHMARK-REPORT, PLAN, SUMMARY, harness, summary.json) - docs/transparency/research_ledger/TAKEOVER_ASSESSMENT_2026-04-16_WEDGE.md - docs/transparency/research_ledger/VERDICT-SYNTHESIS.md - docs/transparency/research_ledger/WAVE-2-SYNTHESIS-SUMMARY.md - docs/transparency/research_ledger/ranked_hypothesis_ladder.md - proofs/manifests/CURRENT_AUTHORITY_PACKET.md - proofs/manifests/current_authority_packet.json - proofs/README.md, proofs/reruns/README.md - proofs/reference/2026-03-09_workspace_snapshot/resource_inventory.json
… reorientation log) Imports the doc surface introduced by PR #2: wire format spec, wedge definition, public-audit snapshot stamp, transparency journey, quickstart, repo shape, current STATUS narrative, and the 2026-04-17 reorientation fix log / novelty card / open questions. Carried forward: - docs/PUBLIC_AUDIT_SNAPSHOT_STAMP.md - docs/QUICKSTART.md - docs/REPO_SHAPE.md - docs/STATUS.md - docs/TRANSPARENCY_JOURNEY.md - docs/WEDGE.md - docs/WIRE_FORMAT.md - docs/_reorientation/2026-04-17/FIX_LOG.md - docs/_reorientation/2026-04-17/NOVELTY_CARD.md - docs/_reorientation/2026-04-17/OPEN_QUESTIONS.md Drift rejected (NOT carried): - docs/RESTART_PROMPT_2026-04-24.md (operator-private restart prompt; not product documentation; references stale Mac restoration shape)
Imports new infrastructure files from PR #2 that do not conflict with current main. Carried forward: - .github/ISSUE_TEMPLATE/config.yml - .github/workflows/sbom.yml - .github/workflows/verify-package.yml - .pre-commit-config.yaml - GOVERNANCE.md - Makefile - ROADMAP.md - SUPPORT.md - uv.lock (SUPPORT.md is also touched on main side as a Modified file and is in the 31-file overlap; this checkout takes the PR #2 version since it adds substantively more than main's change. Will revisit in overlap-resolution commit if conflict.)
…r SVGs) Imports the ZPE-IMC-derived visual system from PR #2 per the Zer0pa Repo Docs Playbook (canonical 2026-03-21) §Visual System. Carried forward: - .github/assets/readme/zpe-masthead.gif - .github/assets/readme/zpe-masthead-option-3-2.gif - .github/assets/readme/zpe-masthead-option-3-3.gif - .github/assets/readme/section-bars/*.svg (76 section-bar SVGs) These assets are referenced by the README, docs/STATUS.md, docs/QUICKSTART.md, docs/REPO_SHAPE.md, and other docs surfaces brought in by earlier carry-forward commits.
…#2 and main Hand-resolves the overlap between PR #2 (reorientation/2026-04-17) and current main (PR #3 investor-readiness hardening + PR #4 + PR #5). Key finding: PR #2 is already free of all orphan claims that PR #3 was scrubbing on main: - No `bounded_signal_only`, `flat_lane_still_dominant` references - No `MOT17Det` blocker metric - No `current GO` / sovereign-closure claims - No `docs/inputs/` outer-workspace path leakage - No `priniven` operator-name leakage (verified across whole tree) PR #2's reorientation independently arrived at the cleaner state by replacing the surface, while PR #3 was scrubbing the older surface. Therefore PR #2 versions are taken as base for substantive content. PR #2 versions taken (27 files): - .github/ISSUE_TEMPLATE/bug_report.md, evidence_dispute.md, feature_request.md, question.md - .github/PULL_REQUEST_TEMPLATE.md - .github/workflows/ci.yml, publish.yml - .zenodo.json - AUDITOR_PLAYBOOK.md, CHANGELOG.md, CITATION.cff, CODE_OF_CONDUCT.md, CONTRIBUTING.md, PUBLIC_AUDIT_LIMITS.md, RELEASING.md, REPRODUCIBILITY.md, SECURITY.md - docs/ARCHITECTURE.md, FAQ.md, LEGAL_BOUNDARIES.md, README.md, SUPPORT.md, VERIFICATION.md - LICENSE (PR #2 version is correct for ZPE-Video; main's LICENSE carried a cross-repo leak referencing src/zpe_diagram/* paths from the IMC repo at line 273 — flagged for orchestrator) - proofs/PROOF_INDEX.md, proofs/logs/README.md - src/zpe_video/pipeline.py (PR #2's version is a 1107-line superset that already incorporates main's pyflakes fixes; verified `import struct` and dead `mag_class` block are absent) Surgical patches applied on top of PR #2 base: - README.md: added `## Upcoming Workstreams` section between `## Quick Start` and `## Ecosystem`. Required by `scripts/compliance_audit.sh` (PR #3 hardening); content is reorientation-aligned (receipt-core benchmark, cross-writer defense, C2PA binding, authority-packet promotion). Section references the PR #2 reorientation OPEN_QUESTIONS.md and the research_ledger so the next agent has falsification routes. - pyproject.toml: added `<2` upper bound to `hatchling>=1.27` build dependency, mirroring PR #3 hardening posture (`setuptools>=69,<82`, `wheel>=0.43,<1`). Main version preserved (1 file, NOT taken from PR #2): - .github/workflows/auto-add-to-project.yml — main has the PR #4 ENABLE_PROJECT_AUTOMATION gate + token-preflight that PR #2 predates. Keep main's hardening. Main deletion respected (1 file): - docs/inputs/README.md — deleted by PR #3 along with the entire drift surface; do not restore. Compliance gate (scripts/compliance_audit.sh expected headers) re-verified after merge: all 10 required headers present, no forbidden renames, `| Verdict | STAGED |` row present.
…gates
Resolves three issues that surfaced when running scripts/compliance_audit.sh
on the carried-forward branch:
1. PEP 639 license-expression / classifier conflict
- pyproject.toml: removed `"License :: Other/Proprietary License"`
classifier so only the SPDX license expression
`license = "LicenseRef-Zer0pa-SAL-7.0"` remains. Compliance script
enforces this by design; classifiers + SPDX expression coexisting
is rejected as ambiguous.
2. PII / hardcoded operator path leakage
- proofs/reference/2026-03-09_workspace_snapshot/resource_inventory.json
DROPPED. PR #2 added this file with 49 hardcoded
`/Users/Zer0pa/ZPE/ZPE Video/...` paths (command logs, dataset
paths, traceback frames). Additionally the file is malformed JSON
(parse error at line 291: extra quote in `""source_reference"`).
Main's `resource_inventory_unparseable_snapshot.txt` is the
honest custody-text equivalent and is retained as authority.
- docs/transparency/research_ledger/TAKEOVER_ASSESSMENT_2026-04-16_WEDGE.md
line 4: `Workspace root: /Users/Zer0pa/ZPE/ZPE Video` →
`Workspace root: <REPO_ROOT> (operator-local; absolute path
redacted)`.
- docs/_reorientation/2026-04-17/FIX_LOG.md line 3:
`/Users/Zer0pa/Status_Packets/...` → `<OPERATOR_WORKSPACE>/Status_Packets/...`
marker. Path is operator-private and not part of the repo
authority surface.
3. Stale reference in PROOF_INDEX.md
- Line 22: pointed at the dropped `resource_inventory.json`. Updated
to reference `resource_inventory_unparseable_snapshot.txt` per
main's authority shape, with explicit "custody text, not
machine-readable authority" framing.
After these changes `scripts/compliance_audit.sh` exits 0:
- All 10 required README headers present
- Optional `## Competitive Benchmarks` present
- No forbidden header renames
- `| Verdict | STAGED |` row present
- All proof anchors resolve
- No `/Users/(prinivenpillay|Zer0pa)/...` or `Priniven Pillay` paths
- `PASS: compliance audit clean`
Resolves the only two ruff I001 (import-block-un-sorted) findings on the carried-forward branch. Pure cosmetic reorder; no behavior change. Verified by re-running examples/02_cross_writer.py: `cross-writer wedge: VERIFIED` with byte-identical SHA-256 between library and independent from-spec writer. Affected files: - examples/01_round_trip.py: alphabetize import names - examples/02_cross_writer.py: alphabetize WIRE_* / Box / etc. After fix: - ruff check src tests examples scripts → All checks passed!
… Commit SHA Reviewer audit (post-engineer prompt) flagged the Commercial Readiness table as carrying unbacked claims: 1. `Confidence | 100%` row had no matching field in `proofs/manifests/current_authority_packet.json` or the .md packet. Per Zer0pa ethos (evidence-first; if not evidenced, mark UNKNOWN/UNVERIFIED or remove): REMOVED. 2. `Commit SHA | d68a3da` was stale — that SHA is the merge-base between PR #2 and main from before PRs #3/#4/#5 landed; it does not reflect the current carry-forward branch HEAD nor any authority packet field. REPLACED with two backed rows that reference the actual authority packet: - `Receipt-core verdict | PASS (per authority packet)` (sourced from `commercial_receipt_core_verdict` field in `proofs/manifests/current_authority_packet.json`) - `Authority bundle SHA-256 | bde8d94dc3c6...` (sourced from `bundle_sha256` field; verified present in both CURRENT_AUTHORITY_PACKET.md and current_authority_packet.json) Compliance audit re-verified after change: PASS clean.
Migrates the ZPE-Video phase verdict trail from PR #2 source artifacts (origin/reorientation/2026-04-17:docs/inputs/) into canonical GPD location. Source files are NOT carried into docs/inputs/ (that is drift); they are read-only via `git show` and their evidence restated in .gpd/. Source artifacts pulled from origin/reorientation/2026-04-17: - docs/inputs/review-packs/2026-03-22_science_engineering_pack/02_AUTHORITY_GATES_AND_NUMBERS.md (phases 09-09, 09.1, 09.2 verdicts and key numbers) - docs/inputs/review-packs/2026-03-22_science_engineering_pack_phase09_3_local/ 03_PHASE_09_3_NARROW_SURVEILLANCE.md (phase 09.3) - docs/inputs/review-packs/2026-03-22_science_engineering_pack_phase09_3_1_local/ 00_READ_FIRST.md + 03_PHASE_09_3_1_PORTAL_LOCAL_CONSUMER.md (phase 09.3.1) - docs/inputs/status-notes/2026-03-23_phase09_3_2_retire_surface/ 00_READ_FIRST.md + 01_STATUS.md + 02_KEY_TABLES.md (phase 09.3.2) All 6 phase folders populated (09-09, 09.1, 09.2, 09.3, 09.3.1, 09.3.2). Sanitization applied: - No /Users/Zer0pa/ or /Users/prinivenpillay/ paths in any .gpd/ file - No Priniven Pillay references anywhere in the commit - Pre-existing untracked BRANCH_HYGIENE_ADVISORY.md: sanitized its inline path examples (<OPERATOR_HOME>) and added to .gitignore Verdict mappings (descriptive -> canonical enum): - bounded_signal_only -> INCONCLUSIVE (09-09, 09.2, 09.3, 09.3.1) - flat_lane_still_dominant -> INCONCLUSIVE (09.1) - retire_surface -> SUSPENDED_BY_OWNER (09.3.2; owner decision after evidence of event heterogeneity as root cause, not a test failure) Verification gates: compliance_audit PASS, git grep priniven clean (only in scripts/compliance_audit.sh), git grep /Users/Zer0pa 0 matches outside LICENSE, state.json valid JSON, 18 files in .gpd/.
Independent Opus audit on the assembled carry-forward branch (commit 877389f) returned BLOCKING_FINDINGS_REQUIRE_FIX. This commit closes all 3 BLOCKING and 4 of 5 MINOR findings. BLOCKING fixes (F-01, F-02, F-03 — authority packet integrity): - proofs/manifests/CURRENT_AUTHORITY_PACKET.md and current_authority_packet.json regenerated via scripts/authority_bundle.py. Two of 13 file SHA-256s (README.md, pyproject.toml) had drifted because both files were edited in commits 1765214/ca1b6a9/1cb1418 after the packet was first generated at 370f895. - README.md "Authority bundle SHA-256" row decoupled from the hash value to break the self-reference recursion (citing the bundle hash inside README perturbs the README's own SHA, which perturbs the bundle hash). Now reads: "Authority bundle | regenerated by `scripts/authority_bundle.py` per release; canonical hash lives in `current_authority_packet.json`". This is structurally stable: future README edits no longer require chasing the bundle hash. - Verified: `python3` SHA-256 check across all 13 files in the packet now reports 0 mismatches. MINOR fixes: - F-04: AUDITOR_PLAYBOOK.md line 20 — test count corrected from "22 tests: 20 receipt + 2 legacy codec" to "29 tests: 20 receipt + 7 manifest + 2 legacy codec". - F-05: .gpd/PROJECT.md line 26 — `docs/NOVELTY_CARD.md` link did not exist; updated to actual path `docs/_reorientation/2026-04-17/NOVELTY_CARD.md`. - F-06: .gpd/ROADMAP.md lines 13, 22, 23 — `killed` descriptive label was bound to canonical enum `INCONCLUSIVE`; `INCONCLUSIVE` is "tested, signal present but below gate" and is wrong for falsified claims. Re-bound `killed → FAIL` (per Zer0pa enum: "claim falsified") for Phase 08, Phase 09.4.1.1.2 fair-baseline archive-query falsification, and Phase 09.4.1.1.2.1-A ROI / foveated sidecar. - F-07: .gpd/PHASES/09.1-.../VERDICT.md — added a 7-line "Note on Enum Selection" explaining why `flat_lane_still_dominant → INCONCLUSIVE` was retained (real factorization signal exists vs flat baseline) rather than promoted to `FAIL` (wedge hypothesis falsified by simpler temporal-only baseline). Captures the auditor's borderline-judgment concern in the artifact rather than silently picking one side. - F-09: docs/STATUS.md line 9 — date `2026-04-24` was stale vs the carry-forward + retrofit landing on 2026-04-28; updated. INFO findings not actioned (auditor judgment: not regressions): - F-08: `bounded_signal_only` in GOVERNANCE.md / ROADMAP.md is intentional canonical glossary/usage, not regression. - F-10: Competitive Benchmarks storage figures are illustrative orders-of-magnitude across multiple cited transparency-bundle sources; defensible. - F-11: Optional `.gpd/PHASES/09.4.1.1.2.2-...` symmetry folder skipped — active phase artifacts already live at `docs/transparency/phase09_4_1_1_2_2_*` and ROADMAP.md routes there. Adding a duplicate folder would diverge two surfaces. Untracked audit reports (FALSIFICATION_AUDIT_2026-04-28.md, BRANCH_HYGIENE_ADVISORY.md) removed: their findings have been extracted into commits; their bodies tripped the audit script's PII scan because they discussed the strings the scan looks for. Re-verified gates (all PASS): - bash scripts/compliance_audit.sh → PASS clean - pytest tests -q → 29 passed - ruff check → All checks passed! - examples/02_cross_writer.py → cross-writer wedge: VERIFIED - python -m build → success - .gpd/state.json valid JSON - python3 SHA-256 verify across all 13 authority-packet files → 0 mismatches
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Wave-2 carry-forward of PR #2's evidence packets onto the post-Wave-1.5b main, with full Opus falsification audit + 3 BLOCKING + 4 MINOR findings closed.
Confidence | 100%claim — confirmed unbacked in authority packet; replaced with backedReceipt-core verdictrow.gpd/phase retrofit — 18 files: 6 top-level (PROJECT/STATE/ROADMAP/REQUIREMENTS/CONVENTIONS/state.json) + 6 phase folders × (SUMMARY+VERDICT) covering 09-09 → 09.3.2; sources sanitized (no operator paths)scripts/authority_bundle.py; README decoupled from literal hash quote (links to JSON instead) to break self-reference recursionVerification
scripts/compliance_audit.sh— PASS cleanpytest tests -q— 29 passedruff check src tests examples scripts— All checks passedexamples/02_cross_writer.py— cross-writer wedge VERIFIED (byte-identical SHA-256)python -m build— sdist + wheel built cleanly.gpd/state.json— valid JSON.DS_Store/__pycache__/.pytest_cache/*.egg-infotrackedscripts/compliance_audit.sh:63is the audit's own detection target, same pattern as GFHPATH_SYMBOLS.mdlegend)Forward-fix discipline
Out of scope (post-merge / future)
origin/reorientation/2026-04-17(PR reorientation: align repo docs to ethos; ship v0.1.0 perception-receipt wedge #2 branch — safe to delete after this merges)preserve/video-safety-2026-04-27,codex/phase-09.3.2-portal-state-machine) carry pre-PR-chore: redact operator real-name leakage (multi-shape) #5 priniven paths inresource_inventory.json— must be scrubbed before any public visibility flippii_userinscripts/compliance_audit.shshould be parameterized via env var pre-public-flip (script's own detection target; legitimate but visible if repo flips PUBLIC)🤖 Generated with Claude Code