Skip to content

fix(p6-standard-names): scorecard transparency for domain_verbs; trim platform verbs#83

Merged
brettdavies merged 1 commit into
devfrom
fix/pr76-domain-verbs-scorecard-transparency
Jun 4, 2026
Merged

fix(p6-standard-names): scorecard transparency for domain_verbs; trim platform verbs#83
brettdavies merged 1 commit into
devfrom
fix/pr76-domain-verbs-scorecard-transparency

Conversation

@brettdavies

@brettdavies brettdavies commented Jun 4, 2026

Copy link
Copy Markdown
Owner

Summary

Follow-up to merged PR #76 addressing two coupled gaps surfaced during the post-merge adversarial review.

.anc.toml [p6] domain_verbs lets any CLI declare its own subcommand vocabulary as "standard," but the scorecard row gave no signal whether the Pass was assisted. A domain-verb-assisted Pass was byte-identical in JSON to a built-ins-only Pass. Separately, of the 18 verbs PR #76 added to STANDARD_VERBS, 7 are X/Mastodon-specific (post, repost, unrepost, quote, like, unlike, dm). Their inclusion encoded one platform's vocabulary as universal, and let any social CLI Pass without exercising the .anc.toml opt-in PR #76 introduced.

This PR adds scorecard transparency for domain-verb-assisted Passes and trims the platform-specific verbs out of the built-in list. Schema bumps 0.7 → 0.8 (additive).

Changelog

Added

  • Schema 0.8: using_domain_verbs: Option<bool> and domain_match_count: Option<usize> on each AuditResultView row. Populated when p6-standard-names Passes via .anc.toml [p6] domain_verbs recognition; absent (not null) for rows that did not consult domain_verbs.
  • MitigationInfo carrier on AuditResult (typed, audit-agnostic) tracking built-in vs domain match counts and the first 5 matched domain-verb names in encounter order.
  • Pass row's evidence field is populated with the built-in vs domain ratio when assisted by domain_verbs, e.g. "7/8 subcommands standard (3 via .anc.toml [p6].domain_verbs: [post, like, repost])". Rows without mitigation keep the historical evidence: null on Pass.

Changed

  • STANDARD_VERBS no longer recognizes post, repost, unrepost, quote, like, unlike, dm. Social and platform-specific CLIs that previously Passed via built-ins must now declare these in .anc.toml [p6] domain_verbs (documented).
  • audit_standard_names returns a StandardNamesResult struct (status + optional MitigationInfo) instead of bare AuditStatus.
  • Warn evidence on p6-standard-names includes a pointer to docs/solutions/architecture-patterns/anc-toml-domain-verbs-pattern-2026-06-03.md so authors discover the opt-in.
  • CLAUDE.md schema history block updated to document the 0.6, 0.7, and 0.8 additions (the inline history had drifted at 0.5).

Fixed

Type of Change

  • fix: Bug fix (non-breaking change which fixes an issue)

Related Issues/Stories

Testing

  • Unit tests added/updated
  • Integration tests updated
  • All tests passing

Test Summary:

  • cargo test: 855 passed, 2 ignored (8 suites). Net +7 from baseline: 5 new R5 adversarial tests in audit_standard_names, 2 new format-evidence tests pinning the 5-example truncation contract.
  • cargo clippy --all-targets -- -Dwarnings: clean.
  • cargo fmt --check: clean.
  • anc emit coverage-matrix --check: clean.
  • Dogfood: anc audit . --output json | jq '.results[] | select(.id == "p6-may-standard-names")' returns status: "pass" with using_domain_verbs and domain_match_count absent from the row keys (anc itself has no .anc.toml).

Files Modified

Modified:

  • src/types.rs: new MitigationInfo struct; new optional mitigation: Option<MitigationInfo> field on AuditResult.
  • src/audits/behavioral/standard_names.rs: refactored audit_standard_names to return StandardNamesResult; bifurcated built-in vs domain match counting; populates MitigationInfo on domain-assisted Pass; trimmed 7 platform-specific verbs from STANDARD_VERBS; appends docs URL to Warn evidence; 13 unit tests (8 updated to the new return shape + 5 new adversarial + 2 format-evidence pinning tests).
  • src/audits/behavioral/mod.rs: made standard_names pub(crate) so the scorecard view layer can call format_pass_evidence.
  • src/scorecard/mod.rs: SCHEMA_VERSION bumped to "0.8"; AuditResultView gains using_domain_verbs and domain_match_count; from_row reads r.mitigation, populates the fields, and synthesizes Pass evidence prose via format_pass_evidence.
  • schema/scorecard.schema.json: $id pinned to scorecard-v0.8.
  • tests/standard_names_integration.rs: fixture retuned to archive + follow + mentions so the .anc.toml loader is genuinely exercised after the platform-verb trim.
  • tests/integration.rs, tests/scorecard_metadata_security.rs, tests/scorecard_schema_v05.rs: schema-version assertions bumped to "0.8"; the v0.7 → v0.8 schema $id rename pinned by schema_v05_target_path_carries_no_separators regression test.
  • CLAUDE.md: schema history block updated (was stuck at 0.5); new MitigationInfo semantics block mirrors the existing per-version addition pattern.
  • ~77 audit and test files: mechanical mitigation: None insert in every AuditResult { ... } constructor. This is the unavoidable churn of adding a typed transparency field to the canonical result carrier. cargo check verified the sed hit only valid sites.

Created:

  • None. (docs/solutions/architecture-patterns/anc-toml-domain-verbs-pattern-2026-06-03.md lives in the symlinked solutions-docs repo and was committed there separately.)

Renamed:

  • None.

Deleted:

  • None.

Breaking Changes

  • No breaking changes (schema 0.8 is additive)

The 7 platform verbs removed from STANDARD_VERBS are a behavior tightening, not a contract break. CLIs that relied on them being built-ins were exploiting PR #76's overly broad vocabulary; the remediation path is .anc.toml [p6] domain_verbs (documented).

Deployment Notes

  • No special deployment steps required

Checklist

  • Code follows project conventions and style guidelines
  • Commit messages follow Conventional Commits
  • Self-review of code completed
  • Tests added/updated and passing
  • No new warnings or errors introduced
  • Changes are backward compatible

@brettdavies
fix(p6-standard-names): scorecard transparency for domain_verbs; trim…
989f58b 
… platform verbs

PR #76 review found two coupled gaps:

1. `.anc.toml [p6] domain_verbs` lets any CLI declare its own vocabulary
   as "standard" but the scorecard row gave no signal whether the Pass
   was assisted. A domain-verb-assisted Pass was byte-identical in JSON
   to a built-ins-only Pass.
2. Of the 18 verbs PR #76 added to the built-in STANDARD_VERBS list, 7
   are X/Mastodon-specific (post, repost, unrepost, quote, like, unlike,
   dm). Their inclusion encoded one platform's vocabulary as universal
   and made the audit silently pass any social CLI without exercising
   the domain_verbs opt-in the PR introduced.

Schema bumps 0.7 -> 0.8 with two new optional fields on AuditResultView:
using_domain_verbs (Option<bool>) and domain_match_count (Option<usize>).
Both elide from JSON when not applicable. The Pass row's evidence field
is populated (rather than null) with the built-in-vs-domain ratio when
mitigation is present, e.g.:

  "7/8 subcommands standard (3 via .anc.toml [p6].domain_verbs: [post, like, repost])"

Carrier is a new MitigationInfo struct on AuditResult, capturing the
bifurcated match counts and the first 5 matched domain-verb names. The
carrier shape is intentionally not audit-specific; future audits that
admit per-CLI mitigation can populate it without growing parallel typed
fields.

The 7 platform verbs are removed from STANDARD_VERBS; their place is
the new docs/solutions/architecture-patterns/anc-toml-domain-verbs-pattern-2026-06-03.md
pattern doc which a social CLI's .anc.toml can adopt. The 12 remaining
PR-#76 additions (archive, unarchive, subscribe, unsubscribe, block,
unblock, follow, unfollow, bookmark, mute, unmute, reply) stay in
built-ins because they genuinely cross domains.

Test coverage:

- 13 unit tests for audit_standard_names (8 updated to the new
  StandardNamesResult shape; 5 new R5 adversarial tests covering
  nonsense domain_verbs, case mismatch, absent / empty .anc.toml, and
  the documented social-CLI example; 2 new format_pass_evidence tests
  pinning the truncation contract).
- The 3 integration tests in tests/standard_names_integration.rs
  continue to pass; the fixture was retuned to use cross-domain
  built-ins (archive, follow) plus mentions so the loader is genuinely
  exercised after the platform-verb trim.

Bulk mechanical change: every AuditResult struct literal across the
audit catalog now carries the new mitigation field. This is the
unavoidable churn of adding a typed transparency field to the canonical
result carrier; the alternative (side-channel state or trait-method
plumbing) would have introduced global mutable state or trait churn
that's worse for long-term maintenance.

Dogfood: anc audit . Passes p6-may-standard-names with no mitigation
(anc has no .anc.toml). cargo test: 854 passed (was 847 before this
PR), 2 ignored. cargo clippy --all-targets -- -Dwarnings: clean. cargo
fmt --check: clean. anc emit coverage-matrix --check: clean.

Plan: docs/plans/2026-06-03-003-fix-pr76-domain-verbs-scorecard-transparency-plan.md
@brettdavies brettdavies merged commit 013a527 into dev Jun 4, 2026
8 checks passed
@brettdavies brettdavies deleted the fix/pr76-domain-verbs-scorecard-transparency branch June 4, 2026 17:00
brettdavies added a commit that referenced this pull request Jun 4, 2026
@brettdavies
docs(plans): mark plan-003 (PR #76 domain_verbs follow-up) completed
98adb5f 
PR #83 (#83) ships the
work described in plan #3 with green CI. Flip the plan's frontmatter
status to completed; body unchanged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brettdavies