muaddib-scanner 2.11.90 → 2.11.92

package/bin/muaddib.js

@@ -659,6 +659,19 @@ if (command === 'version' || command === '--version' || command === '-v') {
     console.error('[ERROR]', err.message);
     process.exit(1);
   });
+} else if (command === 'shadow-report') {
+  const { runShadowReport } = require('../src/commands/shadow-report.js');
+  const shOpts = { json: jsonOutput };
+  for (let i = 0; i < options.length; i++) {
+    if (options[i] === '--since' && options[i + 1]) { shOpts.since = options[i + 1]; i++; }
+    else if (options[i] === '--detector' && options[i + 1]) { shOpts.detector = options[i + 1]; i++; }
+  }
+  runShadowReport(shOpts).then(() => {
+    process.exit(0);
+  }).catch(err => {
+    console.error('[ERROR]', err.message);
+    process.exit(1);
+  });
 } else if (command === 'evaluate') {
   if (wantHelp) showHelp('evaluate');
   const { evaluate } = require('../src/commands/evaluate.js');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.11.90",
+  "version": "2.11.92",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/{self-scan-v2.11.90.json → self-scan-v2.11.92.json}

@@ -1,6 +1,6 @@
 {
   "target": "node_modules",
-  "timestamp": "2026-06-11T08:32:51.994Z",
+  "timestamp": "2026-06-11T11:05:03.615Z",
   "threats": [
     {
       "type": "string_mutation_obfuscation",

package/src/commands/shadow-report.js

@@ -0,0 +1,106 @@
+'use strict';
+
+// muaddib shadow-report — read the shadow-mode divergence log and print the
+// V1-vs-V2 adjudication split per detector. This is the read side of
+// src/shared/shadow.js: detectors compute a candidate semantics alongside the
+// live one and log disagreements; this command turns the log into the table a
+// human adjudicates before flipping the semantics.
+//
+// The log only contains DIVERGENCES (agreements are not recorded), so:
+//   old-only  = oldVerdict truthy, newVerdict falsy → alerts V2 would drop (FP killed)
+//   new-only  = newVerdict truthy, oldVerdict falsy → NEW flags (review every one)
+//   changed   = both truthy but different (e.g. severity reclassification)
+
+const { readShadowDivergences } = require('../shared/shadow.js');
+
+const DAY_MS = 24 * 60 * 60 * 1000;
+
+/** Parse `--since 7d` / `--since 12h` / ISO string → ms epoch (null = all). */
+function parseSince(s) {
+  if (!s) return null;
+  const m = /^(\d+)([dh])$/.exec(s);
+  if (m) {
+    const n = parseInt(m[1], 10);
+    return Date.now() - n * (m[2] === 'd' ? DAY_MS : 3600 * 1000);
+  }
+  const p = Date.parse(s);
+  return Number.isNaN(p) ? null : p;
+}
+
+function classify(e) {
+  const oldT = !!e.oldVerdict, newT = !!e.newVerdict;
+  if (oldT && !newT) return 'oldOnly';
+  if (!oldT && newT) return 'newOnly';
+  return 'changed';
+}
+
+async function runShadowReport(opts = {}) {
+  const sinceMs = parseSince(opts.since);
+  const entries = readShadowDivergences({
+    detector: opts.detector || undefined,
+    sinceTs: sinceMs !== null ? sinceMs : undefined
+  });
+
+  if (entries.length === 0) {
+    console.log('\n  No shadow divergences recorded' +
+      (opts.detector ? ` for detector "${opts.detector}"` : '') +
+      (opts.since ? ` since ${opts.since}` : '') +
+      '.\n  (Shadow mode logs only V1≠V2 disagreements; enable with MUADDIB_SHADOW=1.)\n');
+    return;
+  }
+
+  // Group by detector, dedup by package@version (a package rescanned N times
+  // diverges N times — the adjudication unit is the package, not the event).
+  const byDetector = new Map();
+  for (const e of entries) {
+    let d = byDetector.get(e.detector);
+    if (!d) { d = { events: 0, byKey: new Map() }; byDetector.set(e.detector, d); }
+    d.events++;
+    const key = `${e.package || '?'}@${e.version || ''}`;
+    if (!d.byKey.has(key)) d.byKey.set(key, e); // first divergence wins for the listing
+  }
+
+  if (opts.json) {
+    const out = {};
+    for (const [det, d] of byDetector) {
+      const split = { oldOnly: [], newOnly: [], changed: [] };
+      for (const [key, e] of d.byKey) split[classify(e)].push({ key, evidence: e.evidence });
+      out[det] = {
+        events: d.events, distinct: d.byKey.size,
+        oldOnly: split.oldOnly.length, newOnly: split.newOnly.length, changed: split.changed.length,
+        newOnlyList: split.newOnly, oldOnlyExamples: split.oldOnly.slice(0, 20)
+      };
+    }
+    console.log(JSON.stringify(out, null, 2));
+    return;
+  }
+
+  console.log('\n  MUAD\'DIB Shadow Divergence Report' + (opts.since ? ` (since ${opts.since})` : '') + '\n');
+  for (const [det, d] of byDetector) {
+    const split = { oldOnly: [], newOnly: [], changed: [] };
+    for (const [key, e] of d.byKey) split[classify(e)].push({ key, e });
+    console.log(`  ${det}`);
+    console.log(`    divergence events: ${d.events} | distinct pkg@version: ${d.byKey.size}`);
+    console.log(`    old-only (V2 drops the alert — FP killed): ${split.oldOnly.length}`);
+    console.log(`    new-only (V2 adds a flag — REVIEW):        ${split.newOnly.length}`);
+    if (split.changed.length) {
+      console.log(`    changed (both fire, different verdict):   ${split.changed.length}`);
+    }
+    const show = (label, list, max) => {
+      if (!list.length) return;
+      console.log(`    ${label}:`);
+      for (const { key, e } of list.slice(0, max)) {
+        const ev = e.evidence ? JSON.stringify(e.evidence) : '';
+        console.log(`      - ${key}  old=${JSON.stringify(e.oldVerdict)} new=${JSON.stringify(e.newVerdict)} ${ev.slice(0, 140)}`);
+      }
+      if (list.length > max) console.log(`      ... and ${list.length - max} more`);
+    };
+    // Every NEW flag must be human-reviewed (possible FN risk if wrong) — show all.
+    show('new-only detail', split.newOnly, 50);
+    show('old-only examples', split.oldOnly, 20);
+    show('changed detail', split.changed, 20);
+    console.log('');
+  }
+}
+
+module.exports = { runShadowReport, parseSince };

package/src/monitor/state.js

@@ -975,6 +975,14 @@ const SCAN_LEDGER_OUTCOMES = new Set([
   'static_timeout', 'size_skip', 'dropped', 'error'
 ]);
 
+// Benign terminal verdicts — the ledger-headline "clean" bucket. Mirrors the
+// in-memory stats.clean semantics (every path that increments stats.clean writes
+// one of these outcomes). sandbox_inconclusive/unconfirmed and size_skip are
+// deliberately in neither bucket: scanned but not vouched-for.
+const CLEAN_LEDGER_OUTCOMES = new Set([
+  'clean', 'clean_low_signal', 'clean_tooling', 'ml_clean', 'llm_benign'
+]);
+
 /**
  * Append one per-scan ledger entry recording the terminal outcome of a dequeued
  * package. Best-effort: NEVER throws (a ledger failure must not break scanning).
@@ -1112,6 +1120,12 @@ function computeLedgerRollup(sinceTs, opts = {}) {
   const byOutcome = Object.create(null);
   const byEcosystem = Object.create(null);
   let total = 0, scanned = 0, dropped = 0, alerted = 0;
+  // Headline counters (ledger-derived daily-report headline — restart-proof, unlike
+  // the in-memory stats counters). clean buckets all the benign terminal verdicts;
+  // errors only the ledgerized failure outcomes (HTTP/tar failures live in the
+  // in-memory errorsByType breakdown, not the ledger).
+  let hClean = 0, hErrors = 0;
+  const hByTier = { t1: 0, t1a: 0, t1b: 0, t2: 0, t3: 0 };
   let earliest = null, latest = null;
   // Two sets so `vanished` is correct regardless of drop/scan ordering in the file.
   // droppedKeys is small (drops only happen under queue-cap pressure); scannedKeys is
@@ -1153,10 +1167,24 @@ function computeLedgerRollup(sinceTs, opts = {}) {
       if (underCap) { droppedKeys.add(key); allNames.add(e.name); } else exactVanished = false;
     } else {
       scanned++; ecoNode.scanned++;
-      if (outcome === 'suspect' || outcome === 'confirmed') { alerted++; ecoNode.alerted++; }
+      if (outcome === 'suspect' || outcome === 'confirmed') {
+        alerted++; ecoNode.alerted++;
+        const t = e.tier !== undefined && e.tier !== null ? String(e.tier) : null;
+        if (t === '1a') hByTier.t1a++;
+        else if (t === '1b') hByTier.t1b++;
+        else if (t === '1') hByTier.t1++;
+        else if (t === '2') hByTier.t2++;
+        else if (t === '3') hByTier.t3++;
+      } else if (CLEAN_LEDGER_OUTCOMES.has(outcome)) {
+        hClean++;
+      } else if (outcome === 'error' || outcome === 'static_timeout') {
+        hErrors++;
+      }
       if (underCap) { scannedKeys.add(key); allNames.add(e.name); scannedNames.add(e.name); } else exactVanished = false;
     }
   });
+  // Match the in-memory suspectByTier semantics where t1 = t1a + t1b (+ legacy '1').
+  hByTier.t1 += hByTier.t1a + hByTier.t1b;
 
   let vanished = 0;
   for (const k of droppedKeys) { if (!scannedKeys.has(k)) vanished++; }
@@ -1181,6 +1209,16 @@ function computeLedgerRollup(sinceTs, opts = {}) {
     distinctPackages: allNames.size,
     distinctScanned: scannedNames.size,
     distinctCoverage: allNames.size > 0 ? scannedNames.size / allNames.size : null,
+    // Ledger-derived daily-report headline (window-exact, restart-proof). `suspect`
+    // mirrors `alerted` (suspect+confirmed); `scanned` mirrors the non-dropped count
+    // above. The in-memory counters remain the fallback when the ledger is unavailable.
+    headline: {
+      scanned,
+      clean: hClean,
+      suspect: alerted,
+      errors: hErrors,
+      byTier: hByTier
+    },
     byOutcome,
     byEcosystem
   };
@@ -1421,6 +1459,21 @@ function loadLastDailyReportDate() {
   }
 }
 
+/**
+ * Load the exact ISO timestamp of the last daily report send (the start of the
+ * current reporting window). Returns null when absent (pre-upgrade file, first
+ * report ever, corrupt file) — callers fall back to a fixed 24h window.
+ */
+function loadLastDailyReportTs() {
+  try {
+    const raw = fs.readFileSync(LAST_DAILY_REPORT_FILE, 'utf8');
+    const data = JSON.parse(raw);
+    return typeof data.lastReportTs === 'string' ? data.lastReportTs : null;
+  } catch {
+    return null;
+  }
+}
+
 /**
  * Persist the date of the last daily report sent (YYYY-MM-DD), and optionally the
  * monotonic scan-stats baseline captured at that moment (used by the next report's
@@ -1430,6 +1483,10 @@ function saveLastDailyReportDate(dateStr, scanStatsBaseline) {
   try {
     const payload = { lastReportDate: dateStr };
     if (scanStatsBaseline) payload.scanStatsBaseline = scanStatsBaseline;
+    // Exact send timestamp = start of the NEXT report's ledger window (8h→8h
+    // semantics, restart-proof). Written in the same write-ahead as the date
+    // stamp, so a mid-send kill can neither hole nor double-count the window.
+    payload.lastReportTs = new Date().toISOString();
     atomicWriteFileSync(LAST_DAILY_REPORT_FILE, JSON.stringify(payload, null, 2));
   } catch (err) {
     console.error(`[MONITOR] Failed to save last daily report date: ${err.message}`);
@@ -1735,6 +1792,7 @@ module.exports = {
   captureScanStatsBaseline,
   reconcileDailyHeadline,
   loadLastDailyReportDate,
+  loadLastDailyReportTs,
   saveLastDailyReportDate,
   hasReportBeenSentToday,
   saveRecentlyScanned,

package/src/monitor/webhook.js

@@ -30,7 +30,8 @@ const {
   loadStateRaw,
   getScansSinceLastMemoryPersist,
   setScansSinceLastMemoryPersist,
-  computeLedgerRollup
+  computeLedgerRollup,
+  loadLastDailyReportTs
 } = require('./state.js');
 const {
   HIGH_CONFIDENCE_MALICE_TYPES,
@@ -1049,24 +1050,59 @@ function formatDelta(current, previous) {
   return '=0';
 }
 
-// Phase 0b: rolling window for the daily report's ledger section. The report runs
-// once/day, so 24h is the natural "what happened today" view and keeps the rollup's
-// distinct-key sets small (one day of scans, far below MAX_ROLLUP_KEYS). Env-tunable.
+// Phase 0b: fallback window for the daily report's ledger section when no
+// last-report timestamp exists yet (first report ever / pre-upgrade stamp file).
+// Normal operation derives the window from lastReportTs instead (8h→8h Paris,
+// restart-proof). Env-tunable.
 const LEDGER_ROLLUP_WINDOW_MS = (() => {
   const v = parseInt(process.env.MUADDIB_LEDGER_ROLLUP_WINDOW_MS, 10);
   return Number.isFinite(v) && v > 0 ? v : 24 * 60 * 60 * 1000;
 })();
 
+// Hard ceiling on the report window. A multi-day daemon outage would otherwise make
+// the next report's window (and the rollup's distinct-key sets) span the whole gap;
+// clamp to 48h and flag it so the report stays honest about the truncation.
+const LEDGER_ROLLUP_MAX_WINDOW_MS = 48 * 60 * 60 * 1000;
+
 /**
- * Compute the per-scan ledger rollup for the daily-report window. Best-effort: a
- * rollup failure (corrupt ledger, I/O) must NEVER break the daily report, so this
- * swallows errors and returns null. Also returns null when the ledger is empty so
- * the report omits the section instead of showing a noise row of zeros.
+ * Compute the per-scan ledger rollup for the daily-report window. The window is
+ * [last report send → now] (8h→8h Paris semantics, exact across restarts) when the
+ * lastReportTs stamp exists, else the fixed fallback window. Best-effort: a rollup
+ * failure (corrupt ledger, I/O) must NEVER break the daily report, so this swallows
+ * errors and returns null. Also returns null when the ledger is empty so the report
+ * omits the section instead of showing a noise row of zeros.
  */
 function safeLedgerRollup() {
   try {
-    const rollup = computeLedgerRollup(Date.now() - LEDGER_ROLLUP_WINDOW_MS);
-    return (rollup && rollup.total > 0) ? rollup : null;
+    const now = Date.now();
+    let sinceMs = now - LEDGER_ROLLUP_WINDOW_MS;
+    let windowClamped = false;
+    let windowSource = 'fallback_24h';
+    const lastTs = loadLastDailyReportTs();
+    if (lastTs) {
+      const p = Date.parse(lastTs);
+      // Guard against clock skew (stamp in the future) — fall back to 24h.
+      if (!Number.isNaN(p) && p <= now) {
+        if (p < now - LEDGER_ROLLUP_MAX_WINDOW_MS) {
+          sinceMs = now - LEDGER_ROLLUP_MAX_WINDOW_MS;
+          windowClamped = true;
+        } else {
+          sinceMs = p;
+        }
+        windowSource = 'last_report';
+      }
+    }
+    // Ledger source resolved at CALL time (not module load) so tests can point the
+    // rollup at a synthetic/empty ledger after the module graph is already loaded.
+    // Unset env → computeLedgerRollup falls back to its SCAN_LEDGER_FILE default.
+    const fileOverride = process.env.MUADDIB_SCAN_LEDGER_FILE;
+    const rollup = computeLedgerRollup(sinceMs, fileOverride ? { file: fileOverride } : {});
+    if (rollup && rollup.total > 0) {
+      rollup.windowClamped = windowClamped;
+      rollup.windowSource = windowSource;
+      return rollup;
+    }
+    return null;
   } catch {
     return null;
   }
@@ -1091,7 +1127,10 @@ function formatLedgerField(rollup) {
   if (ecos.length > 0) {
     lines.push(ecos.slice(0, 4).map(e => `${e} ${rollup.byEcosystem[e].total}`).join(' · '));
   }
-  return { name: 'Ledger (24h)', value: lines.join('\n'), inline: false };
+  const label = rollup.windowSource === 'last_report'
+    ? `Ledger (since last report${rollup.windowClamped ? ', clamped 48h' : ''})`
+    : 'Ledger (24h)';
+  return { name: label, value: lines.join('\n'), inline: false };
 }
 
 // AUDIT-C: MCP self-identity by package name (matches the F9/F15 MCP_NAME_RE family in
@@ -1115,6 +1154,22 @@ function buildDailyReportEmbed(stats, dailyAlerts, ledgerRollup) {
   // instead of disk-based daily entries which can undercount due to UTC/Paris date mismatch
   const { top3: diskTop3 } = buildReportFromDisk();
 
+  // --- Phase 0b: per-scan ledger rollup (resolved early so the headline can use it) ---
+  // Caller may pass a precomputed rollup (sendDailyReport does, to persist the same
+  // numbers it displays); undefined → compute here; explicit null → omit the section.
+  const ledger = ledgerRollup !== undefined ? ledgerRollup : safeLedgerRollup();
+
+  // HEADLINE BOUNDARY — scanned/clean/suspect come from the ledger window
+  // [last report → now] when available: window-exact and restart-proof, unlike the
+  // in-memory counters (reset-restore cycles can under-count after a restart storm).
+  // Everything NOT in the ledger (errorsByType breakdown, changes-stream/publish-event
+  // counts, pypi*, avg scan time) stays on the in-memory counters + daily-stats.json:
+  // best-effort since the last reset, may under-count after a restart.
+  const headline = (ledger && ledger.headline && ledger.headline.scanned > 0) ? ledger.headline : null;
+  const hScanned = headline ? headline.scanned : stats.scanned;
+  const hClean = headline ? headline.clean : stats.clean;
+  const hSuspect = headline ? headline.suspect : stats.suspect;
+
   // Prefer in-memory dailyAlerts for top suspects (richer data), fallback to disk
   const top3 = dailyAlerts.length > 0
     ? dailyAlerts.slice().sort((a, b) => (b.score || 0) - (a.score || 0) || b.findingsCount - a.findingsCount).slice(0, 3)
@@ -1133,14 +1188,9 @@ function buildDailyReportEmbed(stats, dailyAlerts, ledgerRollup) {
       }).join('\n')
     : 'None';
 
-  // Avg scan time from in-memory stats
+  // Avg scan time from in-memory stats (totalTimeMs is not ledgerized — best-effort)
   const avg = stats.scanned > 0 ? (stats.totalTimeMs / stats.scanned / 1000).toFixed(1) : '0.0';
 
-  // --- Phase 0b: per-scan ledger rollup (resolved early so Coverage can use it) ---
-  // Caller may pass a precomputed rollup (sendDailyReport does, to persist the same
-  // numbers it displays); undefined → compute here; explicit null → omit the section.
-  const ledger = ledgerRollup !== undefined ? ledgerRollup : safeLedgerRollup();
-
   // --- Coverage ---
   // HEADLINE: honest, version-collapsed coverage from the scan-ledger — distinct
   // package NAMES actually scanned vs distinct names seen (scanned + dropped) in
@@ -1155,8 +1205,8 @@ function buildDailyReportEmbed(stats, dailyAlerts, ledgerRollup) {
   const published = npmPub + pypiPub;
   const catchupSkipped = (stats.npmCatchupSkippedSeqs || 0) + (stats.pypiCatchupSkippedEvents || 0);
   const opsSuffix = catchupSkipped > 0
-    ? `\nOps: ${stats.scanned} | Catch-up skip: ${catchupSkipped}`
-    : `\nOps: ${stats.scanned}`;
+    ? `\nOps: ${hScanned} | Catch-up skip: ${catchupSkipped}`
+    : `\nOps: ${hScanned}`;
   let coverageText;
   if (ledger && ledger.distinctPackages > 0 && ledger.distinctCoverage != null) {
     const pct = (ledger.distinctCoverage * 100).toFixed(0);
@@ -1183,8 +1233,8 @@ function buildDailyReportEmbed(stats, dailyAlerts, ledgerRollup) {
   const yesterday = loadYesterdayMetrics();
   let trendsText = 'No data (first day or missing)';
   if (yesterday) {
-    const dScanned = formatDelta(stats.scanned, yesterday.scanned || 0);
-    const dSuspect = formatDelta(stats.suspect, yesterday.suspect || 0);
+    const dScanned = formatDelta(hScanned, yesterday.scanned || 0);
+    const dSuspect = formatDelta(hSuspect, yesterday.suspect || 0);
     const dErrors = formatDelta(stats.errors, yesterday.errors || 0);
     trendsText = `${dScanned} scanned, ${dSuspect} suspects, ${dErrors} errors`;
   }
@@ -1245,8 +1295,8 @@ function buildDailyReportEmbed(stats, dailyAlerts, ledgerRollup) {
       color: 0x3498db,
       fields: [
         { name: 'Coverage', value: coverageText, inline: true },
-        { name: 'Clean', value: `${stats.clean}`, inline: true },
-        { name: 'Suspects', value: `${stats.suspect}`, inline: true },
+        { name: 'Clean', value: `${hClean}`, inline: true },
+        { name: 'Suspects', value: `${hSuspect}`, inline: true },
         { name: 'Errors', value: formatErrorBreakdown(stats.errors, stats.errorsByType), inline: true },
         { name: 'Avg Scan Time', value: `${avg}s/pkg`, inline: true },
         { name: 'Timeouts', value: timeoutText, inline: true },
@@ -1262,7 +1312,9 @@ function buildDailyReportEmbed(stats, dailyAlerts, ledgerRollup) {
         { name: 'System', value: healthText, inline: false }
       ],
       footer: {
-        text: `MUAD'DIB - Daily summary | ${readableTime}`
+        // Headline-source annotation: 'ledger' = window-exact [last report → now],
+        // 'counters' = in-memory fallback (ledger unavailable — pre-upgrade behavior).
+        text: `MUAD'DIB - Daily summary | headline: ${headline ? 'ledger (since last report)' : 'counters'} | ${readableTime}`
       },
       timestamp: now.toISOString()
     }]
@@ -1285,20 +1337,34 @@ async function sendDailyReport(stats, dailyAlerts, recentlyScanned, downloadsCac
     console.log(`[MONITOR] Daily report suppressed: before ${DAILY_REPORT_HOUR}:00 Paris (hour=${getParisHour()})`);
     return;
   }
-  // Crash-safe headline: a restart-storm around report time can zero the in-memory
-  // counter (the monitor OOM-restarts ~10×/day). Floor scanned/clean/suspect at the
-  // durable scan-stats delta so we never publish "5" when ~44k were really scanned.
-  reconcileDailyHeadline(stats);
+  // Phase 0b: compute the ledger rollup ONCE so the embed shows exactly the numbers
+  // we persist (no double-scan, no drift between Discord and the on-disk metrics).
+  // Resolved BEFORE the empty-skip and the reconcile: when the ledger headline is
+  // available it IS the published number (window [last report → now], restart-proof),
+  // and the counter-based machinery below only runs as fallback.
+  const ledgerRollup = safeLedgerRollup();
+  const headline = (ledgerRollup && ledgerRollup.headline && ledgerRollup.headline.scanned > 0)
+    ? ledgerRollup.headline : null;
+
+  if (!headline) {
+    // Crash-safe FALLBACK headline: a restart-storm around report time can zero the
+    // in-memory counter (the monitor OOM-restarts ~10×/day). Floor scanned/clean/suspect
+    // at the durable scan-stats delta so we never publish "5" when ~44k were really
+    // scanned. Not applied when the ledger headline is used — that one is window-exact.
+    reconcileDailyHeadline(stats);
+  }
 
   // Never send an empty report (0 scanned — restart with no work done)
-  if (stats.scanned === 0) {
+  const publishedScanned = headline ? headline.scanned : stats.scanned;
+  if (publishedScanned === 0) {
     console.log('[MONITOR] Daily report skipped (0 packages scanned)');
     return;
   }
 
   // Write-ahead: mark today's report as sent BEFORE the webhook HTTP request.
   // If the process is killed (SIGKILL) during sendWebhook, the date is already
-  // recorded on disk and prevents duplicate reports on next startup.
+  // recorded on disk and prevents duplicate reports on next startup. The same
+  // write-ahead stamps lastReportTs = start of the next report's ledger window.
   const today = getParisDateString();
   stats.lastDailyReportDate = today;
   // Persist the monotonic scan-stats counter as the baseline for the NEXT report's
@@ -1306,23 +1372,23 @@ async function sendDailyReport(stats, dailyAlerts, recentlyScanned, downloadsCac
   saveLastDailyReportDate(today, captureScanStatsBaseline());
   // Observability: the success path previously logged nothing, which made the late-fire bug
   // invisible in the journal. Log the stamped date + the actual Paris hour (an on-time 08:00
-  // fire vs a catch-up at hour 14 are now distinguishable) + the headline count.
-  console.log(`[MONITOR] Daily report firing for ${today} (hour=${getParisHour()} Paris, scanned=${stats.scanned})`);
+  // fire vs a catch-up at hour 14 are now distinguishable) + the headline count + source.
+  console.log(`[MONITOR] Daily report firing for ${today} (hour=${getParisHour()} Paris, scanned=${publishedScanned}, headline=${headline ? 'ledger' : 'counters'})`);
 
-  // Phase 0b: compute the ledger rollup ONCE so the embed shows exactly the numbers
-  // we persist (no double-scan, no drift between Discord and the on-disk metrics).
-  const ledgerRollup = safeLedgerRollup();
   const payload = buildDailyReportEmbed(stats, dailyAlerts, ledgerRollup);
 
-  // Persist locally with full raw metrics (independent of webhook — enables trend analysis)
+  // Persist locally with full raw metrics (independent of webhook — enables trend analysis).
+  // Headline (scanned/clean/suspect/byTier) follows the same source as the embed: ledger
+  // window when available, in-memory counters otherwise. headlineSource records which.
   persistDailyReport(payload, {
-    scanned: stats.scanned,
-    clean: stats.clean,
-    suspect: stats.suspect,
+    headlineSource: headline ? 'ledger' : 'counters',
+    scanned: publishedScanned,
+    clean: headline ? headline.clean : stats.clean,
+    suspect: headline ? headline.suspect : stats.suspect,
     errors: stats.errors,
     errorsByType: { ...stats.errorsByType },
     avgScanTimeMs: stats.scanned > 0 ? Math.round(stats.totalTimeMs / stats.scanned) : 0,
-    suspectByTier: { ...stats.suspectByTier },
+    suspectByTier: headline ? { ...headline.byTier } : { ...stats.suspectByTier },
     mlFiltered: stats.mlFiltered || 0,
     llmAnalyzed: stats.llmAnalyzed || 0,
     llmSuppressed: stats.llmSuppressed || 0,

package/src/pipeline/processor.js

@@ -270,7 +270,11 @@ async function process(threats, targetPath, options, pythonDeps, warnings, scann
       debugLog('[EMAIL-DOMAIN] check failed: ' + err.message);
     }
     try {
-      const rdapThreats = await checkCompromisedDomain(_pkgMeta.npmRegistryMeta);
+      // shadowCtx identifies the package in shadow-divergence records (V2
+      // candidate semantics logged alongside V1 — zero effect on threats).
+      const rdapThreats = await checkCompromisedDomain(_pkgMeta.npmRegistryMeta, {
+        shadowCtx: { name: packageName, version: packageVersion, ecosystem: 'npm' }
+      });
       for (const t of rdapThreats) deduped.push(t);
     } catch (err) {
       debugLog('[RDAP] check failed: ' + err.message);

package/src/scanner/email-domain.js

@@ -17,6 +17,7 @@
 
 const dns = require('dns');
 const { debugLog } = require('../utils.js');
+const { isShadowEnabled, recordShadowDivergence } = require('../shared/shadow.js');
 
 const MX_TIMEOUT_MS = 3000;
 const MX_CACHE_TTL = 30 * 24 * 60 * 60 * 1000; // 30 days
@@ -236,10 +237,67 @@ function isCompromisedDomain(creationDateISO, packageCreatedAtISO) {
   return cDate > (rDate - COMPROMISE_MARGIN_MS);
 }
 
+// =============================================================================
+// V2 candidate semantics (SHADOW-ONLY until adjudicated — V1 above still emits
+// every threat). Two changes vs V1, both validated by the node-ipc takeover
+// (May 2026: domain atlantis-software.net re-registered 2026-05-07, malicious
+// 9.2.3/12.0.1 published 05-14, FIRST publish years earlier):
+//
+//  1. STRICT comparison — creation > first_publish, the 30-day pre-publish
+//     margin removed. A dev who buys their domain a few weeks before shipping
+//     v1 is the NORMAL case (the margin was the main source of the 850+ FP);
+//     a dev cannot have published with an email on a domain that did not
+//     exist yet, so creation strictly after first publish stays a hard signal.
+//     RDAP caveat that makes this work: many registries RESET the creation
+//     date on re-registration (.net/Namecheap do — node-ipc's signal).
+//  2. Public email providers excluded — gmail.com etc. can never be "taken
+//     over" by re-registration; any weird RDAP answer for them is noise.
+//     This is a domain-CLASS exclusion, not a package whitelist.
+// =============================================================================
+
+// Consumer email providers — domain takeover does not apply (the provider
+// owns the domain; accounts are compromised via other vectors, out of scope
+// for this RDAP signal).
+const PUBLIC_EMAIL_PROVIDERS = new Set([
+  'gmail.com', 'googlemail.com',
+  'outlook.com', 'hotmail.com', 'live.com', 'msn.com',
+  'yahoo.com', 'ymail.com', 'rocketmail.com',
+  'proton.me', 'protonmail.com', 'pm.me',
+  'icloud.com', 'me.com', 'mac.com',
+  'aol.com',
+  'gmx.com', 'gmx.de', 'gmx.net',
+  'mail.ru', 'inbox.ru', 'list.ru', 'bk.ru',
+  'qq.com', 'foxmail.com', '163.com', '126.com', 'yeah.net', 'sina.com',
+  'yandex.ru', 'yandex.com',
+  'zoho.com', 'fastmail.com', 'hey.com',
+  'tutanota.com', 'tuta.com', 'tuta.io',
+  'web.de', 't-online.de', 'freenet.de',
+  'free.fr', 'orange.fr', 'laposte.net', 'wanadoo.fr', 'sfr.fr',
+  'naver.com', 'daum.net', 'hanmail.net',
+  'rediffmail.com', 'seznam.cz', 'wp.pl', 'o2.pl', 'interia.pl',
+  'duck.com', 'pobox.com', 'hushmail.com', 'mailbox.org', 'posteo.de'
+]);
+
+/**
+ * V2: strict creation-after-first-publish, public providers excluded.
+ * Pure — used by the shadow hook below and by scripts/backtest-email-domain.js.
+ */
+function isCompromisedDomainV2(creationDateISO, firstPublishISO, domain) {
+  if (!creationDateISO || !firstPublishISO) return false;
+  if (domain && PUBLIC_EMAIL_PROVIDERS.has(String(domain).toLowerCase())) return false;
+  const cDate = new Date(creationDateISO).getTime();
+  const rDate = new Date(firstPublishISO).getTime();
+  if (isNaN(cDate) || isNaN(rDate)) return false;
+  return cDate > rDate;
+}
+
 /**
  * F1 entry point.
- * @param {object|null} meta - Digested metadata. Reads maintainer_emails + created_at.
+ * @param {object|null} meta - Digested metadata. Reads maintainer_emails + created_at
+ *   (= the package's FIRST publish date, both npm and PyPI sides).
  * @param {object} options - { fetchRdap } for tests to inject a mock.
+ *   { shadowCtx: {name, version, ecosystem} } identifies the scanned package in
+ *   shadow-divergence records (optional — without it divergences log package:null).
  * @returns {Promise<Array>} threats array
  */
 async function checkCompromisedDomain(meta, options = {}) {
@@ -263,6 +321,24 @@ async function checkCompromisedDomain(meta, options = {}) {
       continue;
     }
     if (!rdap || !rdap.creationDate) continue;
+    // SHADOW (zero effect on the threats emitted below): compare the live V1
+    // verdict with the V2 candidate and log only disagreements. Adjudication =
+    // scripts/backtest-email-domain.js replay + `muaddib shadow-report`.
+    try {
+      if (isShadowEnabled()) {
+        const v1 = isCompromisedDomain(rdap.creationDate, meta.created_at);
+        const v2 = isCompromisedDomainV2(rdap.creationDate, meta.created_at, domain);
+        if (v1 !== v2) {
+          const ctx = options.shadowCtx || {};
+          recordShadowDivergence({
+            detector: 'compromised_email_domain',
+            package: ctx.name, version: ctx.version, ecosystem: ctx.ecosystem,
+            oldVerdict: v1, newVerdict: v2,
+            evidence: { domain, creationDate: rdap.creationDate, firstPublish: meta.created_at, oldMarginDays: 30 }
+          });
+        }
+      }
+    } catch { /* shadow must never affect the scan */ }
     if (isCompromisedDomain(rdap.creationDate, meta.created_at)) {
       const cd = rdap.creationDate.slice(0, 10);
       const pd = meta.created_at.slice(0, 10);
@@ -297,6 +373,9 @@ module.exports = {
   checkCompromisedDomain,
   fetchRdap,
   isCompromisedDomain,
+  // V2 candidate (shadow-only until adjudicated; used by the backtest script)
+  isCompromisedDomainV2,
+  PUBLIC_EMAIL_PROVIDERS,
   _resetRdapCache,
   RDAP_TIMEOUT_MS,
   RDAP_CACHE_TTL,

package/src/scanner/pypi-maintainer.js

@@ -72,7 +72,10 @@ async function runPyPIMaintainerChecks(packageName, pypiRegistryMeta, options =
   let rdapThreats = [];
   try {
     rdapThreats = await checkCompromisedDomain(helperMeta, {
-      fetchRdap: options.fetchRdap
+      fetchRdap: options.fetchRdap,
+      // PyPI created_at is the earliest release time (pypi-registry.js) =
+      // first publish, so the V2 shadow comparison is valid on this side too.
+      shadowCtx: { name: packageName, ecosystem: 'pypi' }
     });
   } catch { /* silent */ }
   for (const t of rdapThreats) threats.push(adaptThreatToPyPI(t, declarationFile));

package/src/shared/shadow.js

@@ -0,0 +1,190 @@
+'use strict';
+
+/**
+ * Shadow-mode divergence framework.
+ *
+ * Lets a detector compute a CANDIDATE new semantics (V2) alongside its live
+ * semantics (V1) and log the cases where the two verdicts disagree — with ZERO
+ * effect on emitted threats, scores, or tiers. The divergence log is the
+ * adjudication input for flipping V1 → V2: replay historical alerts through
+ * the shadow (backtest) or let it run live as a post-merge safety net, then
+ * read the split with `muaddib shadow-report`.
+ *
+ * Contract (fail-safe by construction):
+ *  - Nothing here returns a value the scan pipeline can act on. The framework
+ *    cannot change a verdict even if misused.
+ *  - recordShadowDivergence NEVER throws — a shadow failure must never break a
+ *    scan (same posture as appendScanLedger).
+ *  - Disabled by default. The daemon opts in via MUADDIB_SHADOW=1 in its
+ *    service environment; CLI scans and tests stay inert unless they set it.
+ *  - Bounded: the JSONL file is capped at MUADDIB_SHADOW_MAX entries (default
+ *    50 000) with streaming FIFO compaction — same pattern as the scan-ledger.
+ *
+ * Concurrency: unlike the scan-ledger (main-thread-only writer), this module
+ * is called from INSIDE scan workers (pipeline/processor.js runs there), so N
+ * worker_threads may append concurrently. Each record is serialized to ONE
+ * appendFileSync call of one full line (flag 'a' = O_APPEND; small writes are
+ * serialized by the inode lock on ext4) — never two writes per line. The
+ * reader skips unparsable lines (a crash mid-write can truncate at most the
+ * final line).
+ *
+ * Env (all read at CALL time so tests can re-point after module load):
+ *   MUADDIB_SHADOW=1          enable (default off)
+ *   MUADDIB_SHADOW_FILE=path  divergence log override (tests)
+ *   MUADDIB_SHADOW_MAX=n      entry cap (default 50000)
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const DEFAULT_SHADOW_FILE = path.join(__dirname, '..', '..', 'data', 'shadow-divergence.jsonl');
+const DEFAULT_MAX_ENTRIES = 50_000;
+const EVIDENCE_MAX_BYTES = 2048;
+// Count lines (cheap streaming pass) only every N appends, not on every write.
+const COMPACT_CHECK_INTERVAL = 500;
+
+let _appendsSinceCheck = 0;
+
+function isShadowEnabled() {
+  return globalThis.process.env.MUADDIB_SHADOW === '1';
+}
+
+function _shadowFile() {
+  return globalThis.process.env.MUADDIB_SHADOW_FILE || DEFAULT_SHADOW_FILE;
+}
+
+function _maxEntries() {
+  const raw = globalThis.process.env.MUADDIB_SHADOW_MAX;
+  const n = raw ? parseInt(raw, 10) : NaN;
+  return (Number.isFinite(n) && n >= 10 && n <= 5_000_000) ? n : DEFAULT_MAX_ENTRIES;
+}
+
+/**
+ * Serialize evidence with a hard size cap. Oversized evidence is replaced by a
+ * truncated string form — the log line must stay small so the single-write
+ * append atomicity argument holds.
+ */
+function _capEvidence(evidence) {
+  if (evidence === undefined || evidence === null) return null;
+  let s;
+  try {
+    s = JSON.stringify(evidence);
+  } catch {
+    s = String(evidence);
+  }
+  if (s.length <= EVIDENCE_MAX_BYTES) {
+    try { return JSON.parse(s); } catch { return s; }
+  }
+  return { _truncated: true, head: s.slice(0, EVIDENCE_MAX_BYTES) };
+}
+
+/**
+ * Record one shadow divergence (oldVerdict !== newVerdict). Call sites are
+ * expected to compare verdicts BEFORE calling — agreements are not logged
+ * (the log captures the would-change population, not every scan).
+ * Never throws. No-op when shadow mode is disabled.
+ *
+ * @param {object} d
+ * @param {string} d.detector    e.g. 'compromised_email_domain'
+ * @param {string} [d.package]
+ * @param {string} [d.version]
+ * @param {string} [d.ecosystem]
+ * @param {*}      d.oldVerdict  live semantics result
+ * @param {*}      d.newVerdict  candidate semantics result
+ * @param {*}      [d.evidence]  capped at 2KB serialized
+ */
+function recordShadowDivergence(d) {
+  try {
+    if (!isShadowEnabled()) return;
+    if (!d || !d.detector) return;
+    const file = _shadowFile();
+    const dir = path.dirname(file);
+    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+    const entry = {
+      ts: new Date().toISOString(),
+      detector: String(d.detector),
+      package: d.package || null,
+      version: d.version || null,
+      ecosystem: d.ecosystem || null,
+      oldVerdict: d.oldVerdict !== undefined ? d.oldVerdict : null,
+      newVerdict: d.newVerdict !== undefined ? d.newVerdict : null,
+      evidence: _capEvidence(d.evidence)
+    };
+    // ONE write per line — see the concurrency note in the header.
+    fs.appendFileSync(file, JSON.stringify(entry) + '\n', { encoding: 'utf8', flag: 'a' });
+    _appendsSinceCheck++;
+    if (_appendsSinceCheck >= COMPACT_CHECK_INTERVAL) {
+      _appendsSinceCheck = 0;
+      _compactShadowJsonl(file);
+    }
+  } catch {
+    // Never throw, never log loudly — a shadow failure must not affect scans.
+  }
+}
+
+/**
+ * Streaming FIFO compaction: keep only the most recent max entries.
+ * Local minimal implementation (not shared with state.js) so the worker-side
+ * require graph stays free of the monitor state module.
+ */
+function _compactShadowJsonl(file) {
+  try {
+    const max = _maxEntries();
+    const lines = _readLines(file);
+    if (lines.length <= max) return;
+    const kept = lines.slice(lines.length - max);
+    const tmp = file + '.tmp';
+    fs.writeFileSync(tmp, kept.join('\n') + '\n', 'utf8');
+    fs.renameSync(tmp, file);
+  } catch {
+    // Best-effort; an oversized shadow log is preferable to a crashed scan.
+  }
+}
+
+/** Read raw lines, dropping empties. Returns [] on any error. */
+function _readLines(file) {
+  try {
+    return fs.readFileSync(file, 'utf8').split('\n').filter(l => l.trim().length > 0);
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Read divergence entries, tolerant of corrupt lines (skipped silently).
+ * @param {object} [opts]
+ * @param {string} [opts.detector] filter by detector
+ * @param {number|string} [opts.sinceTs] ms epoch or ISO — entries older are skipped
+ * @returns {Array<object>}
+ */
+function readShadowDivergences(opts = {}) {
+  let sinceMs = null;
+  if (typeof opts.sinceTs === 'number' && Number.isFinite(opts.sinceTs)) sinceMs = opts.sinceTs;
+  else if (typeof opts.sinceTs === 'string') {
+    const p = Date.parse(opts.sinceTs);
+    if (!Number.isNaN(p)) sinceMs = p;
+  }
+  const out = [];
+  for (const line of _readLines(_shadowFile())) {
+    let e;
+    try { e = JSON.parse(line); } catch { continue; } // truncated/corrupt line
+    if (!e || typeof e !== 'object' || !e.detector) continue;
+    if (opts.detector && e.detector !== opts.detector) continue;
+    if (sinceMs !== null) {
+      const t = e.ts ? Date.parse(e.ts) : NaN;
+      if (Number.isNaN(t) || t < sinceMs) continue;
+    }
+    out.push(e);
+  }
+  return out;
+}
+
+module.exports = {
+  isShadowEnabled,
+  recordShadowDivergence,
+  readShadowDivergences,
+  // test seams
+  _capEvidence,
+  _compactShadowJsonl,
+  EVIDENCE_MAX_BYTES
+};