vestige/blackbox-proof-2026-06-22/screenshots
Sam Valladares e08182675b fix(blackbox): C2-deep gate destructive writes post-delete + redact PR content
Two deeper review findings (both blockers) + doc de-staling.

C2-deep: my earlier C2 made purge/delete TRACE as memory.write, but gate_writes
did `get_node(id) -> skip on None`, and purge had already DELETEd the row — so a
destructive removal still never opened a Memory PR (it was silently skipped).
The most security-critical write type couldn't be reviewed. Fix: a missing node
is now gateable for destructive decisions — gate_writes builds the WriteContext
from the decision itself (marks `forgets`, which classify_write gates), and the
PR records the removal with node.deleted=true. Proven live: purging a node opens
a PR (kind node_decayed, deleted true); test
gate_opens_pr_for_destructive_write_after_node_deleted_c2.

PRIV: gate_writes copied the FULL node.content into the PR diff + title, so a
real secret in a gated memory would leak into the memory_prs table, the
dashboard, and any exported proof bundle — defeating the point of gating
sensitive writes. Fix: the PR now stores a truncated content PREVIEW + an FNV
content HASH, and sensitive-topic/sensitive-node-type writes are fully REDACTED
("[redacted — sensitive content; review via risk signals]"). The reviewer still
sees the risk signals (why it opened) and a hash (to correlate), never the
secret. Tests gate_redacts_sensitive_content_in_pr_priv,
content_preview_redacts_sensitive_and_truncates, content_hash_is_stable. The
committed memory_pr.json + the whole proof bundle were re-captured and contain
no secret (verified by scan); the re-shot memory-prs.png shows the redaction.

DOC: REVIEW.md commit list is now git-log-based (no stale hashes); C2-deep + PRIV
added to the findings table; PROOF.md write/PR rows updated; test count -> 1007.

Gates: 1007 lib tests pass (+7 new regressions), clippy -D warnings clean,
dashboard check + build clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 19:50:57 -05:00
..
black-box-dream.png proof(blackbox): dream.patch proven live with a real dream run 2026-06-22 17:51:46 -05:00
black-box.png fix(blackbox): address review blockers B1–B7 + re-capture proof bundle 2026-06-22 18:46:14 -05:00
dream-producers.png proof(blackbox): dream.patch proven live with a real dream run 2026-06-22 17:51:46 -05:00
graph.png proof(blackbox): Proof Lock — full-spine test, honest UI states, proof pack 2026-06-22 17:41:02 -05:00
memory-prs.png fix(blackbox): C2-deep gate destructive writes post-delete + redact PR content 2026-06-22 19:50:57 -05:00
README.md proof(blackbox): Proof Lock — full-spine test, honest UI states, proof pack 2026-06-22 17:41:02 -05:00
receipts.png fix(blackbox): address review blockers B1–B7 + re-capture proof bundle 2026-06-22 18:46:14 -05:00

Proof Pack Screenshots

Captured with Playwright (@playwright/test, headless Chromium, 1440×1700 @2x) from the live Vestige dashboard at http://localhost:5173/dashboard, proxying to a real vestige-mcp server with real trace data.

File Tab Shows
black-box.png Black Box spine header (WebSocket Connected), run picker (proof/proof2), timeline scrubber + colored ticks, current event detail, memory pulse, event producers (with honest dream.patch/sanhedrin.veto off-by-default states), receipts panel, full event log
receipts.png Black Box → Receipts a real ReceiptCard: receipt id, retrieved/suppressed/trust-floor, activation path, retrieved ids, "Open receipt in Cinema"
memory-prs.png Memory PRs killer line + quarantine-review note, Fast/Risk-Gated/Paranoid modes, status filters, PR rows, cognition diff, "Why this opened" signal (sensitive_topic), Decided: promote
graph.png Graph the live WebGL memory constellation + Memory Cinema button (unchanged)

Re-capture: start the dev server (pnpm --filter @vestige/dashboard dev), point its /api proxy at a running vestige-mcp with trace data, then run the capture script (see PROOF.md "Reproduce").