Skip to content

feat(discovery): family-aware/target-as-LLM hunt class + mid-loop early-warning + attack-chain rollup (T3MP3ST R5/R8/R15; v0.26.0)#161

Merged
omkhar merged 2 commits into
mainfrom
omkhar/160-discovery-targeting-reporting
Jul 5, 2026
Merged

feat(discovery): family-aware/target-as-LLM hunt class + mid-loop early-warning + attack-chain rollup (T3MP3ST R5/R8/R15; v0.26.0)#161
omkhar merged 2 commits into
mainfrom
omkhar/160-discovery-targeting-reporting

Conversation

@omkhar

@omkhar omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner

Closes #160. PR-C of 3 (final) implementing the T3MP3ST-audit survivors. Tier-3, prose-only reference additions — no validator or canonical-body change.

What changed

  • R5 — family-aware target-class vocabulary + target-as-LLM hunt class. Before lane routing, characterize the target's trust-boundary paradigm (memory/process, state/invariant, model/guardrail, network-protocol) and instantiate the existing lane model + bug-class questions with family-appropriate vocabulary (subsystem_inventory.other + the open bug-class list are the sanctioned extension points — no enum/validator change). Adds a Model/guardrail (target-as-LLM) analyst lane for when the target itself is an LLM/agent app, explicitly distinct from the analyzer's own XPIA/tool-firewall containment. Candidate-labeling recall only; every candidate still passes the normal gates. (discovery-specialist-router.md + discovery-orchestrator.md)
  • R8 — non-blocking mid-loop early-warning. The Critique/Adapt stage surfaces evidence-without-hypothesis and closure-needs-retest sooner than the terminal drift gate, scheduling the missing step into next_commands; non-blocking, never auto-dispositions, and never substitutes for drift-gate.md (the single source of truth). (loop-engineering.md)
  • R15 — per-asset attack-chain rollup. An optional, ungated presentation table grouping several validated findings on one asset into an ordered chain rated by worst-step = max already-proven demonstrated_impact — no new chain-severity synthesis, no new proof; discovered stays distinct from proven. (artifact-index.md)

Process

  • Re-scoped survivors of the loop-until-dry adversarial review (Tier-3).
  • A three-lens /simplify pass (reuse/dedup, simplification, altitude) confirmed all additions are genuinely new or correctly-cited pointers, verified R8's non-blocking/defers-to-drift-gate and R15's optional/no-synthesis framing, and drove three concision cuts.
  • No canonical-body edit (trusted-body digest unchanged), no validator/contract change. Reference ceilings raised (router 85→98, orchestrator 104→107, loop-engineering 112→122, artifact-index 236→246), consensus in reviews/discovery-targeting-reporting-consensus.md; five-agent docs recheck + agent-feature-matrix.md refresh in docs/authoritative-sources.md.
  • make sync + make verify clean (686 unit + 9 integration).

🤖 Generated with Claude Code

…ly-warning + attack-chain rollup (T3MP3ST R5/R8/R15; v0.26.0) (#160)

PR-C of the T3MP3ST-audit survivors; prose-only reference additions.

- R5: characterize the target's trust-boundary paradigm before lane routing and
  instantiate the existing lane model + bug-class questions with family-appropriate
  vocabulary (subsystem_inventory.other + open bug-class list are the extension
  points, no enum/validator change); add a Model/guardrail (target-as-LLM) analyst
  lane for when the target itself is an LLM/agent app. Recall only; gates unchanged.
- R8: non-blocking mid-loop early-warning in the critique/adapt stage surfacing
  evidence-without-hypothesis + closure-needs-retest, scheduling the missing step;
  never auto-dispositions, never substitutes for drift-gate.md.
- R15: optional per-asset attack-chain rollup rated by worst-step = max already-proven
  demonstrated_impact; discovered kept distinct from proven.

Reference ceilings raised per reviews/discovery-targeting-reporting-consensus.md.
686 unit + 9 integration green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 24ff212b68

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread skill-core/references/artifact-index.md Outdated
… max-reduce (Codex #161)

demonstrated_impact is an open capability description, not an ordered enum, so
'worst step = max(demonstrated_impact)' is undefined and would push agents to
invent an ordering / synthesize a chain severity — contradicting the no-synthesis
clause. The optional rollup now lists each step's own already-proven
demonstrated_impact and severity per row, with no computed chain rating. CHANGELOG
+ consensus updated to match; ceiling 246->247. 686 unit + 9 integration green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

Addressed (real): demonstrated_impact is an open capability description, not an ordered enum, so a max() over it is undefined and invites exactly the synthesis the clause forbids. The optional rollup now lists each step's own already-proven demonstrated_impact and severity per row, with no computed chain rating / no max-reduce. CHANGELOG + consensus updated to match.

@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Breezy!

Reviewed commit: 55961ca50f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@omkhar omkhar merged commit 2b82ae9 into main Jul 5, 2026
10 checks passed
@omkhar omkhar deleted the omkhar/160-discovery-targeting-reporting branch July 5, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Discovery targeting & reporting ergonomics: family-aware/target-as-LLM hunt class + mid-loop early-warning + per-asset attack-chain rollup (R5/R8/R15)

1 participant