fix(determinism): stabilize contract_hash, widen NoWallClock, correct DET-003#212
Merged
Conversation
… DET-003 Monster Phase B (docs/audit-2026-05-22.md): - contract_hash: recursively sort object keys before hashing so semantically-identical contracts hash identically regardless of map iteration order (>32-key maps are not stable across OTP versions). - NoWallClock: widen the Credo guard to pure contract & output-shaping transforms (graph, validate, vocab modules, contract hashing, occurrence serializer/enrichment). Fixes DET-006. Time-stamping engine modules (occurrence factory, run history, cache, OIDC, coordinator) stay exempt. - DET-003: the engine was already deterministic — corrected the flawed black-box case to compare two fresh workspaces and strip the run_id-bearing log path (the prior case reused .sykli/ so run 2 was a cache hit, and under-stripped). DET-003 and DET-006 now pass without expected_failure flags (#207, #208). B1 (injectable clock/id) is deferred to Phase H/DST: with the engine already deterministic it fixes no shipping bug and belongs where it is exercised. Verification: mix format/credo (32 files)/test (1756, 0 failures), escript.build, black-box 166 passed / 0 failed / GH-4 expected-red. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ield Review feedback on #211: keep the log evidence path under comparison and normalize only the variable run-id segment (logs/<run_id>/ -> logs/RUN_ID/), rather than deleting .data.tasks[].log entirely. Both runs use fresh workspaces (distinct cache keys), so neither is a cache hit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Monster Phase B of the audit-remediation program (
docs/audit-2026-05-22.md).Supersedes #211, which GitHub auto-closed when #210's branch was deleted on merge (stacked-PR gotcha). This is the same work, rebased onto
mainnow that #210 is merged. Review history and discussion are on #211.Changes
contract_hashstability (real bug). Recursively sorts object keys before hashing so semantically-identical contracts hash identically (>32-key maps had OTP-version-dependent iteration order). Tests cover the >32-key case.NoWallClockwidened (DET-006). Now covers the pure contract & output-shaping transforms (graph parse/validate, vocab modules, contract hashing, occurrence serializer/enrichment). Wholesale broadening was infeasible (83 legitimate wall-clock uses), so time-stamping engine modules stay exempt.DET-003 and DET-006 now pass without
expected_failureflags (closes #207, #208). B1 (injectable clock/id) deferred to Phase H/DST.Verification
All gates pass locally; #211 was fully green in CI (Core/Black-box/Conformance/Credo/SDKs) before rebase. CI will re-run here on
main.🤖 Generated with Claude Code