audrey 1.0.1 → 1.0.3

package/scripts/verify-paper-claims.mjs

@@ -54,7 +54,7 @@ Options:
 
 function assertTextNeedles(needles, shouldExist, failures) {
   for (const needle of needles) {
-    let text = '';
+    let text;
     try {
       text = readText(needle.path);
     } catch (error) {
@@ -64,8 +64,10 @@ function assertTextNeedles(needles, shouldExist, failures) {
     const normalizedText = text.replace(/\s+/g, ' ');
     const normalizedNeedle = needle.text.replace(/\s+/g, ' ');
     const found = text.includes(needle.text) || normalizedText.includes(normalizedNeedle);
-    if (shouldExist && !found) failures.push(`${needle.path} is missing claim text: ${needle.text}`);
-    if (!shouldExist && found) failures.push(`${needle.path} contains forbidden claim text: ${needle.text}`);
+    if (shouldExist && !found)
+      failures.push(`${needle.path} is missing claim text: ${needle.text}`);
+    if (!shouldExist && found)
+      failures.push(`${needle.path} contains forbidden claim text: ${needle.text}`);
   }
 }
 
@@ -73,11 +75,16 @@ function guardbenchLocalPassed() {
   const summary = readJson('benchmarks/output/guardbench-summary.json');
   const failures = [];
   if (summary.passed !== 10) failures.push(`GuardBench passed expected 10, got ${summary.passed}`);
-  if (summary.scenarios !== 10) failures.push(`GuardBench scenarios expected 10, got ${summary.scenarios}`);
-  if (summary.redactionLeaks !== 0) failures.push(`GuardBench decision redaction leaks expected 0, got ${summary.redactionLeaks}`);
-  if (summary.artifactRedactionSweep?.passed !== true) failures.push('GuardBench artifact redaction sweep did not pass');
+  if (summary.scenarios !== 10)
+    failures.push(`GuardBench scenarios expected 10, got ${summary.scenarios}`);
+  if (summary.redactionLeaks !== 0)
+    failures.push(`GuardBench decision redaction leaks expected 0, got ${summary.redactionLeaks}`);
+  if (summary.artifactRedactionSweep?.passed !== true)
+    failures.push('GuardBench artifact redaction sweep did not pass');
   if (summary.artifactRedactionSweep?.leakCount !== 0) {
-    failures.push(`GuardBench artifact leak count expected 0, got ${summary.artifactRedactionSweep?.leakCount}`);
+    failures.push(
+      `GuardBench artifact leak count expected 0, got ${summary.artifactRedactionSweep?.leakCount}`,
+    );
   }
   return failures;
 }
@@ -88,9 +95,9 @@ function noPublishedSecretLeaks() {
     'benchmarks/output/guardbench-summary.json',
     'benchmarks/output/guardbench-raw.json',
   ];
-  return paths.flatMap(path => readText(path).includes(SEEDED_SECRET)
-    ? [`${path} contains the seeded raw secret`]
-    : []);
+  return paths.flatMap(path =>
+    readText(path).includes(SEEDED_SECRET) ? [`${path} contains the seeded raw secret`] : [],
+  );
 }
 
 function adapterRegistryHasMem0Zep() {
@@ -104,15 +111,26 @@ function adapterRegistryHasMem0Zep() {
 
 function externalEvidencePending() {
   const evidence = readJson('benchmarks/output/external/guardbench-external-evidence.json');
-  const rows = (evidence.adapters ?? []).filter(adapter => ['mem0-platform', 'zep-cloud'].includes(adapter.id));
+  const rows = (evidence.adapters ?? []).filter(adapter =>
+    ['mem0-platform', 'zep-cloud'].includes(adapter.id),
+  );
   const failures = [];
-  if (rows.length !== 2) failures.push(`External evidence expected Mem0 and Zep rows, got ${rows.length}`);
+  if (rows.length !== 2)
+    failures.push(`External evidence expected Mem0 and Zep rows, got ${rows.length}`);
   if (rows.every(row => row.status === 'verified')) {
-    failures.push('External evidence is fully verified but claim register still marks external scores pending');
+    failures.push(
+      'External evidence is fully verified but claim register still marks external scores pending',
+    );
   }
   for (const row of rows) {
-    if (row.status !== 'pending') failures.push(`External evidence row ${row.id} should remain pending until strict live evidence passes`);
-    if (row.evidenceKind !== 'dry-run') failures.push(`External evidence row ${row.id} should be dry-run evidence before live credentials`);
+    if (row.status !== 'pending')
+      failures.push(
+        `External evidence row ${row.id} should remain pending until strict live evidence passes`,
+      );
+    if (row.evidenceKind !== 'dry-run')
+      failures.push(
+        `External evidence row ${row.id} should be dry-run evidence before live credentials`,
+      );
   }
   return failures;
 }
@@ -121,9 +139,13 @@ function externalEvidenceNoSecrets() {
   const text = readText('benchmarks/output/external/guardbench-external-evidence.json');
   const evidence = JSON.parse(text);
   const failures = [];
-  if (text.includes('runtime-key')) failures.push('External evidence report contains test runtime-key');
+  if (text.includes('runtime-key'))
+    failures.push('External evidence report contains test runtime-key');
   for (const row of evidence.adapters ?? []) {
-    if (row.secretLeakCount !== 0) failures.push(`External evidence row ${row.id} reports ${row.secretLeakCount} credential leak(s)`);
+    if (row.secretLeakCount !== 0)
+      failures.push(
+        `External evidence row ${row.id} reports ${row.secretLeakCount} credential leak(s)`,
+      );
   }
   return failures;
 }
@@ -134,7 +156,11 @@ function paperStageBoundaryExcludesExternalScores() {
   if (!paper.includes('this paper does not report external-system GuardBench scores')) {
     failures.push('Paper missing explicit external-score exclusion');
   }
-  if (!paper.includes('External scores added only when live adapter runs and raw outputs are published')) {
+  if (
+    !paper.includes(
+      'External scores added only when live adapter runs and raw outputs are published',
+    )
+  ) {
     failures.push('Paper missing Stage-B external-score condition');
   }
   return failures;
@@ -151,7 +177,8 @@ async function runArtifactCheck(name) {
   if (name === 'external-evidence-pending') return externalEvidencePending();
   if (name === 'guardbench-local-passed') return guardbenchLocalPassed();
   if (name === 'no-published-secret-leaks') return noPublishedSecretLeaks();
-  if (name === 'paper-stage-boundary-excludes-external-scores') return paperStageBoundaryExcludesExternalScores();
+  if (name === 'paper-stage-boundary-excludes-external-scores')
+    return paperStageBoundaryExcludesExternalScores();
   if (name === 'publication-verifier-ok') return publicationVerifierOk();
   return [`Unknown claim artifact check: ${name}`];
 }
@@ -168,7 +195,8 @@ export async function verifyPaperClaims(options = {}) {
     assertTextNeedles(claim.forbiddenText ?? [], false, failures);
     for (const evidence of claim.evidence ?? []) {
       const [path] = evidence.split('#');
-      if (!existsSync(fromRoot(path))) failures.push(`Missing evidence file for ${claim.id}: ${path}`);
+      if (!existsSync(fromRoot(path)))
+        failures.push(`Missing evidence file for ${claim.id}: ${path}`);
     }
     for (const check of claim.artifactChecks ?? []) {
       failures.push(...(await runArtifactCheck(check)));

package/scripts/verify-paper-submission-bundle.mjs

@@ -94,7 +94,7 @@ export function verifyPaperSubmissionBundle(options = {}) {
   const checkSourceFreshness = options.checkSourceFreshness !== false;
   const manifestPath = join(dir, 'paper-submission-manifest.json');
   const failures = [];
-  let manifest = null;
+  let manifest;
 
   try {
     manifest = readJson(manifestPath);
@@ -116,14 +116,16 @@ export function verifyPaperSubmissionBundle(options = {}) {
 
   const listed = new Map((manifest.files ?? []).map(file => [file.path, file]));
   for (const file of REQUIRED_FILES) {
-    if (!listed.has(file)) failures.push(`paper-submission-manifest.json: missing required file record ${file}`);
+    if (!listed.has(file))
+      failures.push(`paper-submission-manifest.json: missing required file record ${file}`);
   }
   const compileReport = listed.has('docs/paper/output/arxiv-compile-report.json')
     ? readJson(join(dir, 'docs/paper/output/arxiv-compile-report.json'))
     : null;
   if (compileReport?.status === 'passed') {
     for (const file of PASSED_COMPILE_FILES) {
-      if (!listed.has(file)) failures.push(`paper-submission-manifest.json: missing compile-proof file record ${file}`);
+      if (!listed.has(file))
+        failures.push(`paper-submission-manifest.json: missing compile-proof file record ${file}`);
     }
   }
   if (listed.has('paper-submission-manifest.json')) {
@@ -152,7 +154,9 @@ export function verifyPaperSubmissionBundle(options = {}) {
     }
   }
 
-  const actualFiles = walkFiles(dir).filter(file => file !== 'paper-submission-manifest.json').sort();
+  const actualFiles = walkFiles(dir)
+    .filter(file => file !== 'paper-submission-manifest.json')
+    .sort();
   const listedFiles = [...listed.keys()].sort();
   const actualSet = new Set(actualFiles);
   const listedSet = new Set(listedFiles);
@@ -160,17 +164,24 @@ export function verifyPaperSubmissionBundle(options = {}) {
     if (!listedSet.has(file)) failures.push(`${file}: present in bundle but missing from manifest`);
   }
   for (const file of listedFiles) {
-    if (!actualSet.has(file)) failures.push(`${file}: listed in manifest but not present in bundle`);
+    if (!actualSet.has(file))
+      failures.push(`${file}: listed in manifest but not present in bundle`);
   }
   for (const file of scanFilesForLocalPaths(dir, actualFiles)) {
     failures.push(`${file}: contains a local absolute path`);
   }
-  if (manifest.claimVerification?.ok !== true) failures.push('paper-submission-manifest.json: claimVerification is not ok');
-  if (manifest.publicationPackVerification?.ok !== true) failures.push('paper-submission-manifest.json: publicationPackVerification is not ok');
-  if (manifest.guardBenchSnapshot?.passed !== 10) failures.push('paper-submission-manifest.json: GuardBench passed count is not 10');
-  if (manifest.guardBenchSnapshot?.scenarios !== 10) failures.push('paper-submission-manifest.json: GuardBench scenario count is not 10');
-  if (manifest.guardBenchSnapshot?.redactionLeaks !== 0) failures.push('paper-submission-manifest.json: GuardBench decision redaction leaks are not 0');
-  if (manifest.guardBenchSnapshot?.artifactLeaks !== 0) failures.push('paper-submission-manifest.json: GuardBench artifact leaks are not 0');
+  if (manifest.claimVerification?.ok !== true)
+    failures.push('paper-submission-manifest.json: claimVerification is not ok');
+  if (manifest.publicationPackVerification?.ok !== true)
+    failures.push('paper-submission-manifest.json: publicationPackVerification is not ok');
+  if (manifest.guardBenchSnapshot?.passed !== 10)
+    failures.push('paper-submission-manifest.json: GuardBench passed count is not 10');
+  if (manifest.guardBenchSnapshot?.scenarios !== 10)
+    failures.push('paper-submission-manifest.json: GuardBench scenario count is not 10');
+  if (manifest.guardBenchSnapshot?.redactionLeaks !== 0)
+    failures.push('paper-submission-manifest.json: GuardBench decision redaction leaks are not 0');
+  if (manifest.guardBenchSnapshot?.artifactLeaks !== 0)
+    failures.push('paper-submission-manifest.json: GuardBench artifact leaks are not 0');
 
   return {
     ok: failures.length === 0,

package/scripts/verify-publication-pack.mjs

@@ -70,25 +70,33 @@ function referencesPendingClaim(entry, claimMap) {
 }
 
 function hasPendingBoundaryLanguage(text) {
-  return /\b(pending|deferred|does not report|not reporting|not claimed|Stage-B|live credentialed)\b/i.test(text);
+  return /\b(pending|deferred|does not report|not reporting|not claimed|Stage-B|live credentialed)\b/i.test(
+    text,
+  );
 }
 
 function validateEntry(entry, claimMap, forbiddenNeedles) {
   const failures = [];
   const reservedUrlChars = Number.isInteger(entry.reservedUrlChars) ? entry.reservedUrlChars : 0;
   if (entry.text.length > entry.maxChars) {
-    failures.push(`${entry.id}: text length ${entry.text.length} exceeds maxChars ${entry.maxChars}`);
+    failures.push(
+      `${entry.id}: text length ${entry.text.length} exceeds maxChars ${entry.maxChars}`,
+    );
   }
   if (entry.text.includes(SEEDED_SECRET)) failures.push(`${entry.id}: contains seeded raw secret`);
-  if (entry.text.includes('runtime-key')) failures.push(`${entry.id}: contains runtime-key test credential`);
+  if (entry.text.includes('runtime-key'))
+    failures.push(`${entry.id}: contains runtime-key test credential`);
   for (const claimId of entry.claimIds) {
     if (!claimMap.has(claimId)) failures.push(`${entry.id}: unknown claim id ${claimId}`);
   }
   for (const needle of forbiddenNeedles) {
-    if (entry.text.includes(needle)) failures.push(`${entry.id}: contains forbidden claim text: ${needle}`);
+    if (entry.text.includes(needle))
+      failures.push(`${entry.id}: contains forbidden claim text: ${needle}`);
   }
   if (referencesPendingClaim(entry, claimMap) && !hasPendingBoundaryLanguage(entry.text)) {
-    failures.push(`${entry.id}: references a pending claim without explicit pending/deferred boundary language`);
+    failures.push(
+      `${entry.id}: references a pending claim without explicit pending/deferred boundary language`,
+    );
   }
   if (/10\/10/.test(entry.text) && !/\b(local|Stage-A)\b/i.test(entry.text)) {
     failures.push(`${entry.id}: 10/10 claim must be scoped as local or Stage-A`);
@@ -106,10 +114,14 @@ function validateEntry(entry, claimMap, forbiddenNeedles) {
     if (!Number.isInteger(entry.reservedUrlChars)) {
       failures.push(`${entry.id}: X post requiring an artifact URL must set reservedUrlChars`);
     } else if (entry.reservedUrlChars < X_URL_RESERVED_CHARS) {
-      failures.push(`${entry.id}: X artifact URL reserve must be at least ${X_URL_RESERVED_CHARS} characters`);
+      failures.push(
+        `${entry.id}: X artifact URL reserve must be at least ${X_URL_RESERVED_CHARS} characters`,
+      );
     }
     if (entry.text.length + reservedUrlChars > entry.maxChars) {
-      failures.push(`${entry.id}: text length ${entry.text.length} plus URL reserve ${reservedUrlChars} exceeds maxChars ${entry.maxChars}`);
+      failures.push(
+        `${entry.id}: text length ${entry.text.length} plus URL reserve ${reservedUrlChars} exceeds maxChars ${entry.maxChars}`,
+      );
     }
   }
   return failures;
@@ -122,14 +134,16 @@ export async function verifyPublicationPack(options = {}) {
   const claimRegister = readJson(pack.claimRegister);
   const claimMap = new Map((claimRegister.claims ?? []).map(claim => [claim.id, claim]));
   const forbiddenNeedles = (claimRegister.claims ?? []).flatMap(claim =>
-    (claim.forbiddenText ?? []).map(needle => needle.text));
+    (claim.forbiddenText ?? []).map(needle => needle.text),
+  );
 
   const schemaFailures = validateSchema(pack, schema, 'audrey-publication-pack');
   const ids = new Set();
   const entryReports = [];
   const failures = [...schemaFailures.map(failure => `publication pack schema: ${failure}`)];
 
-  if (!claimReport.ok) failures.push(...claimReport.failures.map(failure => `claim verifier: ${failure}`));
+  if (!claimReport.ok)
+    failures.push(...claimReport.failures.map(failure => `claim verifier: ${failure}`));
 
   for (const entry of pack.entries ?? []) {
     const entryFailures = [];