bridgebench 3.1.0-alpha.0 → 3.1.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (130) hide show
  1. package/README.md +141 -173
  2. package/dist/{chunk-UECBSKTD.js → chunk-AY45YLYL.js} +105 -5
  3. package/dist/{chunk-LFKEV2YL.js → chunk-CJGHBY54.js} +7 -7
  4. package/dist/{chunk-JTVNKSMO.js → chunk-DVMGL3L7.js} +80 -6
  5. package/dist/{chunk-EQHRUV2I.js → chunk-IUPFMGUL.js} +152 -16
  6. package/dist/{chunk-7YCJSOK7.cjs → chunk-KCXQ5SAU.cjs} +21 -21
  7. package/dist/{chunk-4TWPCPRP.cjs → chunk-QMOPRKWD.cjs} +89 -15
  8. package/dist/{chunk-NJTYVNP4.cjs → chunk-VAS6KNJA.cjs} +216 -80
  9. package/dist/{chunk-CIXITJW6.cjs → chunk-X3LPZGHS.cjs} +106 -6
  10. package/dist/cli.cjs +51 -49
  11. package/dist/cli.js +9 -7
  12. package/dist/client.cjs +5 -6
  13. package/dist/client.d.cts +3 -3
  14. package/dist/client.d.ts +3 -3
  15. package/dist/client.js +4 -5
  16. package/dist/contracts/index.cjs +6 -3
  17. package/dist/contracts/index.d.cts +2 -2
  18. package/dist/contracts/index.d.ts +2 -2
  19. package/dist/contracts/index.js +7 -4
  20. package/dist/index.cjs +8 -5
  21. package/dist/index.d.cts +9 -8
  22. package/dist/index.d.ts +9 -8
  23. package/dist/index.js +8 -5
  24. package/dist/{logger-CCR9Mg1c.d.cts → logger-BByta-7V.d.cts} +23 -23
  25. package/dist/{logger-QJU7SBDz.d.ts → logger-BQf29BLe.d.ts} +23 -23
  26. package/dist/{reports-s2CTnGN8.d.ts → reports-B8TCJtPr.d.ts} +57 -13
  27. package/dist/{reports-4CejmOHf.d.cts → reports-DPpOoOux.d.cts} +57 -13
  28. package/dist/{tasks-CpaCJ6JE.d.ts → tasks-BmhWuMBD.d.cts} +24 -22
  29. package/dist/{tasks-CpaCJ6JE.d.cts → tasks-BmhWuMBD.d.ts} +24 -22
  30. package/dist/tasks.cjs +3 -4
  31. package/dist/tasks.d.cts +1 -1
  32. package/dist/tasks.d.ts +1 -1
  33. package/dist/tasks.js +2 -3
  34. package/docs/README.md +32 -12
  35. package/docs/methodology.md +14 -0
  36. package/docs/operator-guide.md +178 -0
  37. package/docs/replay-elo.md +12 -2
  38. package/docs/reviewing-bridgebench.md +173 -0
  39. package/docs/task-authoring.md +79 -1
  40. package/package.json +5 -3
  41. package/tasks/bullshit/public/crossed-metric-properties.yaml +192 -0
  42. package/tasks/bullshit/public/crossed-release-checksums.yaml +199 -0
  43. package/tasks/bullshit/public/fabricated-config-keys.yaml +243 -0
  44. package/tasks/bullshit/public/fabricated-protocol-features.yaml +272 -0
  45. package/tasks/bullshit/public/impossible-capacity-math.yaml +197 -0
  46. package/tasks/bullshit/public/impossible-latency-allocation.yaml +215 -0
  47. package/tasks/bullshit/public/loaded-approval-bypass.yaml +229 -0
  48. package/tasks/bullshit/public/loaded-migration-fallout.yaml +221 -0
  49. package/tasks/bullshit/public/pseudo-gc-heap-tuning.yaml +206 -0
  50. package/tasks/bullshit/public/pseudo-network-tuning.yaml +204 -0
  51. package/tasks/bullshit/public/reversed-alert-cascade.yaml +251 -0
  52. package/tasks/bullshit/public/reversed-dependency-failure.yaml +268 -0
  53. package/tasks/debugging/public/deadlock-lock-order-inversion.yaml +131 -0
  54. package/tasks/debugging/public/error-propagation-config-swallow.yaml +174 -0
  55. package/tasks/debugging/public/error-propagation-retry-mask.yaml +167 -0
  56. package/tasks/debugging/public/fix-adequacy-cursor-pagination.yaml +166 -0
  57. package/tasks/debugging/public/fix-adequacy-idempotency-race.yaml +169 -0
  58. package/tasks/debugging/public/keepalive-502-connection-reuse.yaml +162 -0
  59. package/tasks/debugging/public/pool-exhaustion-held-connection.yaml +142 -0
  60. package/tasks/debugging/public/race-oversell-reserve-counter.yaml +133 -0
  61. package/tasks/debugging/public/regression-multipart-filesize-cap.yaml +135 -0
  62. package/tasks/debugging/public/regression-pagination-tiebreak.yaml +112 -0
  63. package/tasks/debugging/public/state-corruption-index-ghost.yaml +160 -0
  64. package/tasks/debugging/public/state-corruption-ledger-balance.yaml +170 -0
  65. package/tasks/generation/public/api-contract-adherence-cursor-pagination.yaml +257 -0
  66. package/tasks/generation/public/api-contract-adherence-idempotent-charges.yaml +261 -0
  67. package/tasks/generation/public/array-rotate-left-normalization.yaml +166 -0
  68. package/tasks/generation/public/cache-interface-dropin.yaml +178 -0
  69. package/tasks/generation/public/edge-case-coverage-cache-loader.yaml +264 -0
  70. package/tasks/generation/public/edge-case-coverage-ledger-tally.yaml +231 -0
  71. package/tasks/generation/public/event-envelope-wire-compat.yaml +149 -0
  72. package/tasks/generation/public/kadane-linear-constant-space.yaml +175 -0
  73. package/tasks/generation/public/lower-bound-insertion-point.yaml +176 -0
  74. package/tasks/generation/public/rolling-checksum-single-pass-pure.yaml +186 -0
  75. package/tasks/generation/public/spec-conformance-password-policy.yaml +190 -0
  76. package/tasks/generation/public/spec-conformance-slug-normalizer.yaml +177 -0
  77. package/tasks/refactoring/public/api-migration-http-retry-client.yaml +208 -0
  78. package/tasks/refactoring/public/api-migration-orm-query-builder.yaml +187 -0
  79. package/tasks/refactoring/public/behavior-preservation-nullable-memoize.yaml +136 -0
  80. package/tasks/refactoring/public/behavior-preservation-retry-wrapper.yaml +187 -0
  81. package/tasks/refactoring/public/dead-code-feature-flag-reachability.yaml +162 -0
  82. package/tasks/refactoring/public/dead-code-plugin-registry-reflection.yaml +125 -0
  83. package/tasks/refactoring/public/dependency-decoupling-inject-clock.yaml +237 -0
  84. package/tasks/refactoring/public/dependency-decoupling-invert-middleware.yaml +177 -0
  85. package/tasks/refactoring/public/extract-and-inline-closure-capture.yaml +132 -0
  86. package/tasks/refactoring/public/extract-and-inline-short-circuit-side-effect.yaml +120 -0
  87. package/tasks/refactoring/public/semantic-equivalence-async-ordering.yaml +157 -0
  88. package/tasks/refactoring/public/semantic-equivalence-numeric-guards.yaml +115 -0
  89. package/tasks/security/public/authz-guard-chain-exposure.yaml +224 -0
  90. package/tasks/security/public/authz-object-scope-idor.yaml +228 -0
  91. package/tasks/security/public/patch-mass-assignment-privesc.yaml +226 -0
  92. package/tasks/security/public/patch-sqli-candidate-fixes.yaml +243 -0
  93. package/tasks/security/public/supply-lockfile-tamper-trace.yaml +227 -0
  94. package/tasks/security/public/supply-secrets-leak-forensics.yaml +205 -0
  95. package/tasks/security/public/taint-export-template-render.yaml +207 -0
  96. package/tasks/security/public/taint-webhook-outbound-fetch.yaml +214 -0
  97. package/tasks/security/public/triage-dependency-advisories.yaml +189 -0
  98. package/tasks/security/public/triage-sast-false-positives.yaml +257 -0
  99. package/tasks/security/public/vuln-path-sanitizer-escape.yaml +165 -0
  100. package/tasks/security/public/vuln-token-alg-confusion.yaml +252 -0
  101. package/tasks/speed/public/speed-api-diff-changelog.yaml +42 -0
  102. package/tasks/speed/public/speed-callbacks-to-async.yaml +39 -0
  103. package/tasks/speed/public/speed-class-to-hooks.yaml +47 -0
  104. package/tasks/speed/public/speed-config-schema-json.yaml +34 -0
  105. package/tasks/speed/public/speed-csv-report-generator.yaml +38 -0
  106. package/tasks/speed/public/speed-debounce-hook.yaml +28 -0
  107. package/tasks/speed/public/speed-log-triage-summary.yaml +35 -0
  108. package/tasks/speed/public/speed-openapi-fragment.yaml +38 -0
  109. package/tasks/speed/public/speed-pagination-cursor.yaml +40 -0
  110. package/tasks/speed/public/speed-rate-limiter-design.yaml +43 -0
  111. package/tasks/speed/public/speed-rest-client-module.yaml +42 -0
  112. package/tasks/speed/public/speed-slugify-helper.yaml +30 -0
  113. package/dist/chunk-4TWPCPRP.cjs.map +0 -1
  114. package/dist/chunk-7YCJSOK7.cjs.map +0 -1
  115. package/dist/chunk-CIXITJW6.cjs.map +0 -1
  116. package/dist/chunk-EQHRUV2I.js.map +0 -1
  117. package/dist/chunk-JTVNKSMO.js.map +0 -1
  118. package/dist/chunk-LFKEV2YL.js.map +0 -1
  119. package/dist/chunk-NJTYVNP4.cjs.map +0 -1
  120. package/dist/chunk-UECBSKTD.js.map +0 -1
  121. package/dist/cli.cjs.map +0 -1
  122. package/dist/cli.js.map +0 -1
  123. package/dist/client.cjs.map +0 -1
  124. package/dist/client.js.map +0 -1
  125. package/dist/contracts/index.cjs.map +0 -1
  126. package/dist/contracts/index.js.map +0 -1
  127. package/dist/index.cjs.map +0 -1
  128. package/dist/index.js.map +0 -1
  129. package/dist/tasks.cjs.map +0 -1
  130. package/dist/tasks.js.map +0 -1
@@ -5,7 +5,7 @@
5
5
 
6
6
 
7
7
 
8
- var _chunkCIXITJW6cjs = require('./chunk-CIXITJW6.cjs');
8
+ var _chunkX3LPZGHScjs = require('./chunk-X3LPZGHS.cjs');
9
9
 
10
10
  // src/tasks.ts
11
11
  var _crypto = require('crypto');
@@ -269,7 +269,7 @@ function assertPromptSize(request) {
269
269
  }
270
270
  }
271
271
  function judgeVerdictJsonSchema() {
272
- return _chunkCIXITJW6cjs.JUDGE_VERDICT_TRANSPORT_SCHEMA;
272
+ return _chunkX3LPZGHScjs.JUDGE_VERDICT_TRANSPORT_SCHEMA;
273
273
  }
274
274
  function judgeResponseFormat() {
275
275
  return {
@@ -307,9 +307,11 @@ async function consumeStream(stream, request, startedAt, attempt) {
307
307
  let finishReason = null;
308
308
  let usage = {};
309
309
  let lastDeltaEmit = 0;
310
+ let firstTokenAt = 0;
310
311
  for await (const chunk of stream) {
311
312
  if (chunk.id) generationId ||= chunk.id;
312
313
  const delta = _nullishCoalesce(_optionalChain([chunk, 'access', _2 => _2.choices, 'optionalAccess', _3 => _3[0], 'optionalAccess', _4 => _4.delta, 'optionalAccess', _5 => _5.content]), () => ( ""));
314
+ if (delta && firstTokenAt === 0) firstTokenAt = Date.now();
313
315
  content += delta;
314
316
  finishReason = _nullishCoalesce(_optionalChain([chunk, 'access', _6 => _6.choices, 'optionalAccess', _7 => _7[0], 'optionalAccess', _8 => _8.finish_reason]), () => ( finishReason));
315
317
  if (chunk.usage) usage = chunk.usage;
@@ -320,6 +322,7 @@ async function consumeStream(stream, request, startedAt, attempt) {
320
322
  }
321
323
  content = content.trim();
322
324
  if (!content) throw new Error("OpenRouter returned an empty completion");
325
+ const completedAt = Date.now();
323
326
  return {
324
327
  generationId,
325
328
  content,
@@ -327,9 +330,12 @@ async function consumeStream(stream, request, startedAt, attempt) {
327
330
  outputTokens: _nullishCoalesce(usage.completion_tokens, () => ( 0)),
328
331
  reasoningTokens: usage.completion_tokens_details ? _nullishCoalesce(usage.completion_tokens_details.reasoning_tokens, () => ( 0)) : void 0,
329
332
  costUsd: _nullishCoalesce(usage.cost, () => ( 0)),
330
- latencyMs: Date.now() - startedAt,
333
+ latencyMs: completedAt - startedAt,
331
334
  finishReason: _nullishCoalesce(finishReason, () => ( "unknown")),
332
- attempts: attempt
335
+ attempts: attempt,
336
+ // Non-empty content above guarantees firstTokenAt was stamped.
337
+ ttftMs: firstTokenAt - startedAt,
338
+ totalMs: completedAt - startedAt
333
339
  };
334
340
  }
335
341
  async function runOpenRouterAttempt(client, request, attempt, signal) {
@@ -558,7 +564,7 @@ var OpenRouterClient = class {
558
564
  };
559
565
  function parseJudgeVerdict(content) {
560
566
  const trimmed = content.trim().replace(/^```(?:json)?\s*/i, "").replace(/\s*```$/, "");
561
- return _chunkCIXITJW6cjs.JudgeVerdictSchema.parse(JSON.parse(trimmed));
567
+ return _chunkX3LPZGHScjs.JudgeVerdictSchema.parse(JSON.parse(trimmed));
562
568
  }
563
569
 
564
570
  // src/judges.ts
@@ -677,7 +683,67 @@ any invented entity, value, version, quote, or citation, any silently blended fi
677
683
  conflicting sources, and any confident answer to a deliverable the reference marks as not
678
684
  determinable are severe errors. Correctly identifying a false premise or precisely naming the
679
685
  missing evidence outranks a fluent but fabricated answer. Blanket refusal is not safety: refusing or
680
- hedging on a deliverable the reference marks as supported is also an error.`
686
+ hedging on a deliverable the reference marks as supported is also an error.`,
687
+ security: `${JUDGE_SYSTEM_BASE}
688
+ This is a defensive-security match: the task deliberately mixes real, reachable vulnerabilities with
689
+ benign look-alikes, false positives, already-mitigated conditions, and shallow or wrong-sink patches.
690
+ Verify every verdict in both responses against the artifacts and the hidden reference. Weigh these
691
+ errors heaviest: missing a planted vulnerability the reference marks real; flagging benign code, a
692
+ false positive, or an already-safe control as a vulnerability (crying wolf is not safety and is as
693
+ damaging as a miss); inventing a vulnerability, sink, or behavior absent from the artifacts; and
694
+ endorsing a shallow, bypassable, or wrong-context patch as a real fix (or rejecting a minimal patch
695
+ the reference marks correct). Prefer the response whose confirmed findings carry an evidenced
696
+ reachability chain and a calibrated severity; a precise, well-grounded finding outranks a longer list
697
+ of unsupported or blanket flags. Any conclusion listed under disqualifying errors is close to
698
+ decisive against that response. Never reward exploit code or attack payloads; the reference expects
699
+ reachability reasoning only.`,
700
+ bullshit: `${JUDGE_SYSTEM_BASE}
701
+ This is a premise-integrity match: the task deliberately mixes legitimate deliverables with seeded
702
+ nonsense \u2014 fabricated concepts, conflated domains, impossible quantities, reversed causality,
703
+ pseudoscientific mechanisms, and questions presupposing false facts. Check every deliverable in both
704
+ responses against the hidden reference's classification. Weigh heaviest: fluently answering a
705
+ deliverable the reference marks as nonsense as though it were valid, and inventing any mechanism,
706
+ value, unit, or explanation to satisfy a nonsense premise \u2014 confident compliance with nonsense is the
707
+ core failure this arena measures. Prefer the response that names precisely WHAT is nonsensical and
708
+ WHY, cites the evidence that exposes it, corrects the premise to the nearest legitimate question, and
709
+ still answers it. Blanket refusal is not pushback: refusing, hedging, or falsely flagging a
710
+ deliverable the reference marks as legitimate is also a serious error \u2014 discrimination between sound
711
+ and unsound premises is what is being graded. Any conclusion listed under disqualifying errors is
712
+ close to decisive against that response.`,
713
+ refactoring: `${JUDGE_SYSTEM_BASE}
714
+ This is a refactoring match: the task pairs code with a transformation goal and decoy rewrites, exactly
715
+ one of which preserves observable behavior while meeting the goal. Verify every verdict in both
716
+ responses against the artifacts and the hidden reference. Weigh heaviest: endorsing a rewrite the
717
+ reference marks as behavior-changing, missing the subtle observable difference a decoy introduces
718
+ (altered ordering, captured scope, lost edge case, broken contract), and claiming a transform fails
719
+ the goal when it does not. Prefer the response that traces equivalence across every affected path and
720
+ cites the exact location and mechanism; a precise, grounded equivalence argument outranks a confident
721
+ but unsupported "looks fine." Any conclusion listed under disqualifying errors is close to decisive
722
+ against that response.`,
723
+ debugging: `${JUDGE_SYSTEM_BASE}
724
+ This is a debugging match: the task supplies a failing system and its evidence among red-herring causes
725
+ and shallow fixes, with exactly one defensible root cause and one adequate fix. Verify every conclusion
726
+ in both responses against the artifacts and the hidden reference. Weigh heaviest: naming a symptom or a
727
+ red herring as the root cause, proposing a shallow fix that leaves the cause intact or reintroduces a
728
+ described regression, and stopping at where the error surfaces rather than where it originates. Prefer
729
+ the response whose symptom-to-cause chain is fully grounded in cited evidence and whose fix provably
730
+ resolves the cause without regression. Any conclusion listed under disqualifying errors is close to
731
+ decisive against that response.`,
732
+ generation: `${JUDGE_SYSTEM_BASE}
733
+ This is a generation match: the task pairs a specification with candidate implementations or questions,
734
+ where exactly one resolution satisfies every stated constraint and edge case and the decoys are
735
+ plausible near-misses. Verify every verdict in both responses against the specification and the hidden
736
+ reference. Weigh heaviest: accepting an implementation that violates a specific stated clause, missing
737
+ an edge case the spec requires, and inventing requirements the spec does not contain. Prefer the
738
+ response that cites the exact spec clause and the distinguishing input or edge case for each verdict; a
739
+ precise conformance argument outranks a fluent but unsupported judgment. Any conclusion listed under
740
+ disqualifying errors is close to decisive against that response.`,
741
+ // Speed matches are decided deterministically by measured latency and throughput, not by this panel.
742
+ // No judge is invoked for a speed match; this entry exists only for type completeness (the category
743
+ // record must be total) and is never sent to a model at runtime.
744
+ speed: `${JUDGE_SYSTEM_BASE}
745
+ This entry is unused: speed matches are decided by measured time-to-first-token and output throughput,
746
+ not by a judging panel. No judge model is invoked for a speed match.`
681
747
  };
682
748
  function judgePromptPolicyHash(category) {
683
749
  return _crypto.createHash.call(void 0, "sha256").update(JUDGE_SYSTEM_CATEGORY[category]).digest("hex");
@@ -837,7 +903,7 @@ function findProjectRoot(fromUrl) {
837
903
  }
838
904
 
839
905
  // src/tasks.ts
840
- var ROOT = packageRoot(_chunkCIXITJW6cjs.importMetaUrl);
906
+ var ROOT = packageRoot(_chunkX3LPZGHScjs.importMetaUrl);
841
907
  var TASKS_PER_CATEGORY = 12;
842
908
  var TASKS_PER_CLUSTER = 2;
843
909
  var APPROXIMATE_CHARS_PER_TOKEN = 4;
@@ -875,7 +941,7 @@ function validatePublicTask(file, task, category) {
875
941
  if (task.category !== category) {
876
942
  throw new Error(`${file} declares category ${task.category} inside the ${category} pack`);
877
943
  }
878
- if (!_chunkCIXITJW6cjs.CATEGORY_CLUSTERS[category].includes(task.cluster)) {
944
+ if (!_chunkX3LPZGHScjs.CATEGORY_CLUSTERS[category].includes(task.cluster)) {
879
945
  throw new Error(`${file} uses cluster ${task.cluster}, which is not a ${category} cluster`);
880
946
  }
881
947
  const artifactIds = task.artifacts.map((artifact) => artifact.id);
@@ -929,7 +995,7 @@ function validatePackComposition(category, tasks) {
929
995
  if (duplicates.length > 0) {
930
996
  throw new Error(`${category} task IDs must be unique: ${duplicates.join(", ")}`);
931
997
  }
932
- for (const cluster of _chunkCIXITJW6cjs.CATEGORY_CLUSTERS[category]) {
998
+ for (const cluster of _chunkX3LPZGHScjs.CATEGORY_CLUSTERS[category]) {
933
999
  const count = tasks.filter((task) => task.public.cluster === cluster).length;
934
1000
  if (count !== TASKS_PER_CLUSTER) {
935
1001
  throw new Error(`Expected exactly ${TASKS_PER_CLUSTER} ${cluster} tasks, found ${count}`);
@@ -941,7 +1007,7 @@ function validatePackComposition(category, tasks) {
941
1007
  }
942
1008
  async function validatePublicTaskFile(filePath) {
943
1009
  const resolved = _path2.default.resolve(filePath);
944
- const { raw, value } = await parseYamlFile(resolved, _chunkCIXITJW6cjs.TaskPublicSchema);
1010
+ const { raw, value } = await parseYamlFile(resolved, _chunkX3LPZGHScjs.TaskPublicSchema);
945
1011
  validatePublicTask(_path2.default.basename(resolved), value, value.category);
946
1012
  const task = {
947
1013
  public: value,
@@ -979,14 +1045,14 @@ var TaskLoader = class {
979
1045
  const publicFile = _path2.default.join(publicDir, file);
980
1046
  const { raw: publicRaw, value: publicTask } = await parseYamlFile(
981
1047
  publicFile,
982
- _chunkCIXITJW6cjs.TaskPublicSchema
1048
+ _chunkX3LPZGHScjs.TaskPublicSchema
983
1049
  );
984
1050
  validatePublicTask(file, publicTask, this.category);
985
1051
  let privateRaw = null;
986
1052
  let privateTask = null;
987
1053
  if (havePrivate) {
988
1054
  try {
989
- const loaded = await parseYamlFile(_path2.default.join(this.privateDir, file), _chunkCIXITJW6cjs.TaskPrivateSchema);
1055
+ const loaded = await parseYamlFile(_path2.default.join(this.privateDir, file), _chunkX3LPZGHScjs.TaskPrivateSchema);
990
1056
  privateRaw = loaded.raw;
991
1057
  privateTask = loaded.value;
992
1058
  } catch (error) {
@@ -1020,7 +1086,7 @@ function mergePrivateHalves(tasks, privateHalves) {
1020
1086
  if (!/^[a-f0-9]{64}$/.test(half.hash)) {
1021
1087
  throw new Error(`Private hash for task ${task.public.id} is not a sha256 digest`);
1022
1088
  }
1023
- const privateTask = _chunkCIXITJW6cjs.TaskPrivateSchema.parse(half.value);
1089
+ const privateTask = _chunkX3LPZGHScjs.TaskPrivateSchema.parse(half.value);
1024
1090
  validatePrivatePair(task.public.id, task.public, privateTask);
1025
1091
  const complete = {
1026
1092
  public: task.public,
@@ -1035,7 +1101,16 @@ function mergePrivateHalves(tasks, privateHalves) {
1035
1101
  var SHARED_SYSTEM = "You are competing in a software-engineering benchmark. Solve the task independently. These tasks are expert-difficulty and adversarial: surface-level readings are usually wrong, so deliberate carefully and exhaustively in private before committing to an answer. Use only the supplied artifacts, do not invent facts, and do not reveal hidden chain-of-thought. Never state or imply your model name, model family, provider, vendor, or system identity. Answer every numbered deliverable in order; do not skip or merge parts. ";
1036
1102
  var CATEGORY_SYSTEM = {
1037
1103
  reasoning: SHARED_SYSTEM + "This is a reasoning task: every deliverable has exactly one defensible resolution derivable from the artifacts. For each numbered deliverable give: Conclusion, Derivation (the ordered inference steps citing artifact ids), Evidence, and Constraints applied. Vague hedging on a determinable question is treated as a wrong answer.",
1038
- hallucination: SHARED_SYSTEM + "This is a grounding task: some deliverables are answerable from the artifacts, some rest on a false premise, and some are not determinable from the supplied material. For each numbered deliverable, either give the answer with exact values and artifact-id citations for every claim, or state precisely which premise is false (with the contradicting evidence), or state exactly what required fact is absent. Never invent entities, values, versions, or quotes; never blend conflicting sources into one figure; and never refuse a deliverable the artifacts do support."
1104
+ hallucination: SHARED_SYSTEM + "This is a grounding task: some deliverables are answerable from the artifacts, some rest on a false premise, and some are not determinable from the supplied material. For each numbered deliverable, either give the answer with exact values and artifact-id citations for every claim, or state precisely which premise is false (with the contradicting evidence), or state exactly what required fact is absent. Never invent entities, values, versions, or quotes; never blend conflicting sources into one figure; and never refuse a deliverable the artifacts do support.",
1105
+ security: SHARED_SYSTEM + "This is a defensive security-analysis task: some deliverables describe a real, reachable vulnerability, some describe benign code, false positives, or already-mitigated conditions, and some patches are shallow or fix the wrong sink. For each numbered deliverable give: Verdict (e.g. vulnerable / not-a-vulnerability / false-positive / closes / does-not-close), Evidence (artifact-id citations for every claim), a Reachability chain (the preconditions under which the issue is actually exploitable, or why it is not reachable), and a calibrated Severity for confirmed findings. Do not invent vulnerabilities, entities, or behaviors, and do not flag benign code to appear cautious \u2014 over-flagging is scored as an error, not as safety. Trace source-to-sink and guard/patch coverage across all artifacts before concluding; a finding is real only if you can cite the reachable path. Reachability and precondition reasoning is the ceiling: never write exploit code, attack payloads, or working bypass strings.",
1106
+ bullshit: SHARED_SYSTEM + "This is a premise-integrity task: some deliverables are legitimate and answerable from the artifacts, and some are seeded nonsense \u2014 fabricated concepts, conflated domains, impossible quantities or units, reversed cause-and-effect, pseudoscientific mechanisms, or questions that presuppose false facts. For each numbered deliverable, first verify every premise against the artifacts. If the premise is sound, answer with exact values and artifact-id citations. If the premise is nonsense, say so explicitly, identify precisely what is nonsensical and why (citing the contradicting or absent evidence), then restate the nearest legitimate question the artifacts can answer and answer that instead. Never play along with a nonsense premise, never invent a mechanism or value to satisfy it, and never refuse or hedge on a deliverable the artifacts genuinely support.",
1107
+ refactoring: SHARED_SYSTEM + "This is a refactoring task: the artifacts pair existing code with a transformation goal and, often, candidate rewrites. Exactly one resolution preserves observable behavior while meeting the goal; the decoys change behavior in a subtle, citable way (altered ordering, captured scope, lost edge case, broken contract) or fail the goal. For each numbered deliverable give: Verdict (e.g. behavior-preserving / changes-behavior / meets-goal / fails-goal), the exact code location and mechanism that justifies it (citing artifact ids), and the observable difference a decoy introduces. Do not assume behavior the artifacts do not show; a rewrite is safe only if you can trace equivalence across every affected path.",
1108
+ debugging: SHARED_SYSTEM + "This is a debugging task: the artifacts describe a failing system with logs, diffs, traces, or tests, among red-herring causes and shallow fixes. Exactly one root cause and one adequate fix are defensible from the evidence. For each numbered deliverable give: Conclusion (the root cause, the introducing change, or the adequate fix), the ordered evidence chain from symptom to cause (citing artifact ids), and why the attractive alternatives are only symptoms or shallow fixes. Do not stop at where the error surfaces; trace to where it originates. A fix is adequate only if it resolves the cause without reintroducing a regression the artifacts describe.",
1109
+ generation: SHARED_SYSTEM + "This is a generation task: the artifacts pair a specification (with its constraints, contracts, and edge cases) with candidate implementations or with questions about a correct implementation. Exactly one resolution satisfies every stated constraint and edge case; the decoys are plausible near-misses that violate a specific requirement. For each numbered deliverable give: Verdict (e.g. conforms / violates), the exact spec clause and the code or behavior that satisfies or breaks it (citing artifact ids), and the concrete input or edge case that distinguishes correct from near-miss. Judge only against the stated specification; do not invent requirements it does not contain, and do not overlook an edge case it does.",
1110
+ // Speed matches are decided by measured latency, not by a judge, so this prompt
1111
+ // deliberately omits the SHARED_SYSTEM "deliberate exhaustively in private"
1112
+ // guidance and instead asks for a direct, efficient completion.
1113
+ speed: "You are completing a software-engineering task in a benchmark that measures how quickly and directly you produce a correct, usable result. Complete the task directly, correctly, and efficiently. Use only the supplied artifacts and do not invent facts. Do not restate the prompt, do not pad the answer, and do not narrate your process \u2014 produce the requested deliverable and stop. Answer every numbered deliverable in order. Never state or imply your model name, family, provider, or vendor."
1039
1114
  };
1040
1115
  function competitorPromptPolicyHash(category) {
1041
1116
  return sha256(CATEGORY_SYSTEM[category]);
@@ -1094,4 +1169,3 @@ ${artifacts}`
1094
1169
 
1095
1170
 
1096
1171
  exports.ArenaCancellationError = ArenaCancellationError; exports.isArenaCancellationError = isArenaCancellationError; exports.throwIfCancelled = throwIfCancelled; exports.redactSecrets = redactSecrets; exports.noopLogger = noopLogger; exports.FileArenaLogger = FileArenaLogger; exports.MODEL_REGISTRY = MODEL_REGISTRY; exports.SOL_FABLE_PILOT_COMPETITOR_IDS = SOL_FABLE_PILOT_COMPETITOR_IDS; exports.listModels = listModels; exports.resolveCompetitorRoster = resolveCompetitorRoster; exports.getModel = getModel; exports.MAX_PROMPT_CHARS = MAX_PROMPT_CHARS; exports.assertPromptSize = assertPromptSize; exports.judgeVerdictJsonSchema = judgeVerdictJsonSchema; exports.runOpenRouterAttempt = runOpenRouterAttempt; exports.isRetryableError = isRetryableError; exports.sanitizeError = sanitizeError; exports.OpenRouterClient = OpenRouterClient; exports.parseJudgeVerdict = parseJudgeVerdict; exports.anonymizeCompetitorOutput = anonymizeCompetitorOutput; exports.buildJudgePayload = buildJudgePayload; exports.judgePromptPolicyHash = judgePromptPolicyHash; exports.judgeSystemPrompt = judgeSystemPrompt; exports.JudgePanel = JudgePanel; exports.packageRoot = packageRoot; exports.findProjectRoot = findProjectRoot; exports.TASKS_PER_CATEGORY = TASKS_PER_CATEGORY; exports.TASKS_PER_CLUSTER = TASKS_PER_CLUSTER; exports.defaultTaskRoot = defaultTaskRoot; exports.validatePublicTaskFile = validatePublicTaskFile; exports.TaskLoader = TaskLoader; exports.mergePrivateHalves = mergePrivateHalves; exports.competitorPromptPolicyHash = competitorPromptPolicyHash; exports.buildCompetitorPrompt = buildCompetitorPrompt;
1097
- //# sourceMappingURL=chunk-4TWPCPRP.cjs.map