DeliciousBuding
diff --git a/‎AGENTS.md‎
Lines changed: 1 addition & 1 deletion b/‎AGENTS.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ROADMAP.md‎
Lines changed: 38 additions & 7 deletions b/‎ROADMAP.md‎
Lines changed: 38 additions & 7 deletions
diff --git a/‎docs/evidence/feature-packet-channel-consumer-verdict-20260525.md‎
Lines changed: 88 additions & 0 deletions b/‎docs/evidence/feature-packet-channel-consumer-verdict-20260525.md‎
Lines changed: 88 additions & 0 deletions
@@ -28,7 +28,7 @@ Do not start from memory or old chat context. Re-anchor on repository files.
 
 ## Current Operating State
 
-- Active work: `2026-05-25 LeakyCLIP CLIP-inversion boundary gate is the latest Lane A metadata-only update. The official dongdongunique/LeakyCLIP repo is code-public and exposes CLIP inversion, embedding alignment, Stable Diffusion refinement, metrics, configs, and scripts, but the audited target is CLIP and diffusion is only an optional refinement stage. The checked public surface has no frozen target hashes, immutable member/nonmember manifests, generated reconstruction packet, per-row membership score file, ROC array, metric JSON, trained alignment weights, or no-training verifier. This is CLIP / multimodal privacy watch-plus, not a second diffusion asset, not a Platform/Runtime row, and not a GPU or download release. active_gpu_question = none; next_gpu_candidate = none; CPU sidecar = none selected after LeakyCLIP CLIP-inversion boundary gate. ReDiffuse DDPM/STL-10 remains closed by default after the weak bounded scout (AUC = 0.4996337890625) and weak SimA-style score-norm scorer (AUC = 0.5052947998046875).`
+- Active work: `2026-05-25 feature-packet channel consumer verdict is the latest consumer-boundary update. Tracing the Roots remains positive Research-side feature-packet evidence (AUC = 0.815826, TPR@1%FPR = 0.134000), but the Platform/Runtime feature-packet channel is deferred because the public surface still has only one singleton feature tensor packet, no second non-source-equivalent public feature-packet, and no raw target checkpoint / raw sample manifest / feature-regeneration assets. Do not create feature-packet schema, bundle export, validators, tests, Platform UI types, or Runtime runners from this singleton. active_gpu_question = none; next_gpu_candidate = none; CPU sidecar = none selected after feature-packet channel consumer verdict. LeakyCLIP remains CLIP / multimodal privacy watch-plus, not a second diffusion asset. ReDiffuse DDPM/STL-10 remains closed by default after the weak bounded scout (AUC = 0.4996337890625) and weak SimA-style score-norm scorer (AUC = 0.5052947998046875).`
 - Next GPU candidate: none selected
 - Long-horizon control: follow `ROADMAP.md` section
   `Long-Horizon Research Task Board（2026-05-13 起）` before reopening any
 
@@ -2,6 +2,33 @@
 
 > Last updated: 2026-05-25
 
+## 2026-05-25 Feature-Packet 通道消费者裁决
+
+最新决策：不在 2026-05-25 为 Tracing the Roots 单例开通 Platform/Runtime
+`feature-packet` 消费通道。Tracing the Roots 的 replay 分数仍为正面
+Research 证据（`AUC = 0.815826`，`TPR@1%FPR = 0.134000`），但它是单个灰盒
+feature tensor 包，不是 raw checkpoint / raw sample manifest / image
+query-response / per-image identity 证据。
+
+本轮窄范围公开面复查只查能改变消费者决策的事实。GitHub repo 搜索
+`diffusion membership feature tensor`、`diffusion trajectory membership` 和
+`membership inference diffusion features` 返回空；GitHub code 搜索
+`member.pt external.pt diffusion` 返回空；Hugging Face datasets/models API
+对 `diffusion membership feature`、`diffusion trajectory membership`、
+`membership inference diffusion feature packet` 没有返回可用条目；arXiv 精确查询
+`all:"diffusion trajectory" AND all:"membership inference"` 只返回 Tracing the
+Roots。更宽的 trajectory 查询只返回已覆盖或非 feature-packet 线路。
+
+因此灰盒 feature-packet 线路从“候选合约”收敛为 deferred candidate design note：
+保留设计边界和 Tracing Roots 候选卡片，但不新增 schema、machine-readable bundle、
+validator、tests、Platform UI 类型或 Runtime runner。重新评估条件是第二个公开非同源
+feature-packet、raw provenance/regeneration assets，或明确打开灰盒/白盒
+feature-level 产品线。当前 slots：
+`active_gpu_question = none`，`next_gpu_candidate = none`，
+`CPU sidecar = none selected after feature-packet channel consumer verdict`。
+See
+[docs/evidence/feature-packet-channel-consumer-verdict-20260525.md](docs/evidence/feature-packet-channel-consumer-verdict-20260525.md)。
+
 ## 2026-05-25 LeakyCLIP CLIP-inversion 边界门控
 
 最新决策：`dongdongunique/LeakyCLIP` 是一个真实的官方代码公开面，但它不是当前
@@ -129,9 +156,11 @@ Tracing the Roots 保留为正面的 Research 候选和 feature-packet 消费方
 `AUC = 0.815826`，`TPR@1%FPR = 0.134000`。它可以支撑"扩散轨迹特征携带成员信号"
 这一 Research 结论，但不得写成已准入 Platform 证据、Runtime 模式或逐图像成员身份判断。
 
-灰盒 feature-packet 通道当前状态为候选合约。若未来要准入，必须先建立独立于黑盒响应合约的
-schema、机器可读 bundle、验证脚本、测试和产品桥接交接，并显式写清权限假设、非逐图像身份边界
-和低 FPR 解释。
+2026-05-25 consumer verdict 进一步收紧：灰盒 feature-packet 通道当前不打开，
+只保留为 deferred candidate design note。若未来要准入，必须先出现第二个公开非同源
+feature-packet、raw provenance/regeneration assets，或明确打开灰盒/白盒
+feature-level 产品线；之后才建立独立于黑盒响应合约的 schema、机器可读 bundle、
+验证脚本、测试和产品桥接交接，并显式写清权限假设、非逐图像身份边界和低 FPR 解释。
 
 ReDiffuse OpenReview split manifests 仍是第二资产路径的最清晰线索，但公开面仍缺
 target checkpoint、response/feature cache、score packet、ROC CSV 和 metric artifact。
@@ -182,10 +211,12 @@ bounded scout 和同 checkpoint 的 SimA-style score-norm 单次评分已完成
 第二数据集面或准入证据；只有公开第三方 STL-10 checkpoint/score packet、真正不同的
 membership observable，或被明确批准的长训预算与 checkpoint/score 发布合约，才能重新开启。
 
-**中期**：决定 Tracing the Roots feature-packet 通道。若是，设计消费合约并准入。
-若否，作为 Research 侧参考关闭。
-2026-05-25 修正：feature-packet 通道仅定义为候选合约，Tracing the Roots 不进入现有
-Platform/Runtime 五行 admitted bundle；晋升必须另建 schema、bundle、validator、tests 和产品桥接交接。
+**中期**：Tracing the Roots feature-packet 通道已裁决为 deferred，不作为当前
+Platform/Runtime 消费通道。2026-05-25 consumer verdict 确认：公开面没有第二个可用
+feature-packet，也没有 raw provenance/regeneration assets；Tracing the Roots 不进入现有
+Platform/Runtime 五行 admitted bundle。只有出现第二个公开非同源 feature-packet、
+raw provenance/regeneration assets，或明确打开灰盒/白盒 feature-level 产品线时，才重新评估
+schema、bundle、validator、tests 和产品桥接交接。
 
 **当前不启动新的 GPU 实验。**
 `active_gpu_question = none`，`next_gpu_candidate = none`
 
@@ -0,0 +1,88 @@
+# Feature-Packet 通道消费者裁决
+
+> Date: 2026-05-25
+> Status: consumer verdict / feature-packet channel deferred / no Platform or Runtime schema / no admitted row / no download / no GPU release
+
+## 问题
+
+是否应该因为 Tracing the Roots 的正面 feature-packet replay，立刻为
+Platform/Runtime 开通一个灰盒 `feature-packet` 消费通道？
+
+本轮只做消费者边界裁决，不运行模型、不下载数据、不新增 CLI、validator 或 bundle
+schema。目标是判断一个产品/Runtime 通道是否现在值得开，而不是重复证明
+Tracing the Roots 分数为正。
+
+## 现有正面证据
+
+Tracing the Roots 仍是有效的 Research 侧正面证据：
+
+| 指标 | 值 |
+| --- | ---: |
+| Eval AUC | `0.815826` |
+| Eval accuracy | `0.737500` |
+| TPR@1%FPR | `0.134000` |
+| TPR@0.1%FPR | `0.038000` |
+
+这个结果说明公开的扩散轨迹 feature tensor 携带非平凡成员信号。它不说明
+DiffAudit 已经拥有 raw checkpoint、raw member/nonmember image IDs、可再生特征脚本
+或图像 query-response 证据。
+
+## 2026-05-25 窄范围公开面复查
+
+复查只查能改变消费者决策的事实：是否已经出现第二个公开 feature-packet，
+或是否出现 raw provenance / regeneration assets。
+
+| Surface | Query | Result |
+| --- | --- | --- |
+| GitHub repos | `diffusion membership feature tensor` | `[]` |
+| GitHub repos | `diffusion trajectory membership` | `[]` |
+| GitHub repos | `membership inference diffusion features` | `[]` |
+| GitHub code | `member.pt external.pt diffusion` | `[]` |
+| Hugging Face datasets API | `diffusion membership feature`; `diffusion trajectory membership`; `membership inference diffusion feature packet` | no dataset entries returned |
+| Hugging Face models API | same three queries | no model entries returned |
+| arXiv exact query | `all:"diffusion trajectory" AND all:"membership inference"` | only Tracing the Roots / `2411.07449v3` |
+| arXiv broader trajectory query | `all:"diffusion" AND all:"membership inference" AND all:"trajectory"` | returns already-covered or non-feature-packet lines such as SimA, trajectory-generation privacy, PIA, withdrawn DLM, Tracing the Roots, and RareGraph-Synth |
+
+The live check found no second public image/latent-image diffusion membership
+feature-packet suitable for a Platform/Runtime consumer lane.
+
+## 裁决
+
+不在 2026-05-25 开通 Platform/Runtime `feature-packet` 通道。
+
+原因不是 Tracing the Roots 信号弱，而是消费者证据面太窄：
+
+- 只有一个正面 feature-packet singleton，无法证明 schema 可复用。
+- 公共包不包含 raw target checkpoint identity、raw sample IDs 或 feature regeneration contract。
+- 权限假设是灰盒/白盒内部特征，不是当前产品五行 bundle 的黑盒/白盒既有消费语义。
+- 产品 copy 容易被误写成逐图像成员身份判断，但当前证据只支持 feature-level 信号。
+- 为单例新增 schema、bundle、validator、tests 和 UI/Runtime 交接是低收益工程化。
+
+当前状态：
+
+- Tracing the Roots 保留为 `positive-provenance-limited` Research 证据。
+- `docs/product-bridge/feature-packet-lane.md` 只保留为 deferred candidate design note。
+- `admitted-evidence-bundle.json` 仍只有五行：`recon`、`PIA baseline`、
+  `PIA defended`、`GSA`、`DPDM W-1`。
+- 不改变 Platform schema、Runtime runner、推荐逻辑、产品文案或导出脚本。
+- `active_gpu_question = none`，`next_gpu_candidate = none`，
+  `CPU sidecar = none selected after feature-packet channel consumer verdict`。
+
+## Reopen 条件
+
+只有出现以下条件之一，才重新评估 feature-packet 消费通道：
+
+- 第二个公开、可校验、非同源的 diffusion feature-packet，带固定 member/nonmember
+  feature tensors、metrics 和来源 checksum；
+- Tracing the Roots 作者或其他公开源发布 raw target checkpoint identity、
+  raw sample manifests 和可再生 feature extraction contract；
+- DiffAudit 明确决定打开灰盒/白盒 feature-level 产品线，并接受它不是逐图像
+  identity proof 的产品边界。
+
+## Stop 条件
+
+不要围绕 Tracing the Roots 单例新增 Platform/Runtime schema、validator、bundle export、
+测试矩阵、UI 展示类型或 Runtime runner。不要下载 raw CIFAR/CelebA-HQ/FFHQ、
+target checkpoints、generated images，或启动 feature-family / timestep /
+classifier / optimizer sweep。
+