fix: verify expansion artifacts before the paper release republishes them#17
Merged
Conversation
…them The paper wrapper checked only that the expansion manifest recorded the expected source commit, then copied paper/expansion/results and figures into the detached build worktree without validating the recorded hashes. A tampered or unexpected expansion output would flow into the published PDFs without any digest failure (reproduced: editing a generated value while leaving the manifest unchanged produced a successful release reporting the edited number). - Add verify_expansion_artifacts to scripts/run_paper_experiments.py: every file listed in manifest[artifacts] must exist, be a regular non-symlink file inside the expansion tree with a safe relative path, and match its recorded SHA-256; every file on disk under results/ and figures/ must be listed (results/manifest.json is the only exception because it cannot record its own hash). - Call it from release_paper_artifacts.sh after the source-commit equality check and before the copy; correct both wrappers' comments, which overclaimed that only release-critical source dirt could corrupt a release. - Regression tests: valid tree accepted; tampered, missing, unexpected, symlinked, traversal, and absolute-path artifacts each fail closed; the wrapper calls the verifier before copying; the committed expansion tree validates. - CLAUDE.md: document that dependency changes require regenerating both artifact releases because pyproject.toml and poetry.lock are release-critical fingerprinted inputs. - dependabot.yml: move pip version updates to a monthly grouped cadence; security alerts remain handled immediately via the coordinated flow.
Both releases regenerated from clean source commit 34096ad via the release wrappers (expansion first, then paper); the paper release ran with the new expansion-artifact verification active. Every economic CSV, figure, and target-tape hash is byte-identical to the prior release; the only content change in either PDF is the source-tree digest hex in the reproducibility appendix (pdftotext diff: one line per document).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to #16, closing the Medium fail-open defect found in review: the paper wrapper checked only the expansion manifest's source commit, then copied paper/expansion/results and figures into the build worktree without validating the recorded hashes, so a tampered expansion output would flow into the published PDFs (reproduced by editing a generated value with the manifest left unchanged).
Verification
Merge notes
Merge by command-line fast-forward push only (git push origin fix/release-artifact-validation:main). Do NOT use squash or the GitHub rebase button: both rewrite SHAs and would orphan the recorded source commit 34096ad. Do not move research-audit-v1.