Summary
The repository still tracks an active-looking legacy attack-defense table at workspaces/implementation/unified-attack-defense-table.json even though the canonical admitted table has moved to workspaces/implementation/artifacts/unified-attack-defense-table.json.
Evidence
workspaces/implementation/unified-attack-defense-table.json:3-20 is dated 2026-04-09T01:10:00+08:00 and still lists the old recon row with AUC = 0.849, ASR = 0.51, TPR@1%FPR = 1.0, TPR@0.1%FPR = null, and source = experiments/recon-runtime-mainline-ddim-public-100-step30/summary.json.workspaces/implementation/artifacts/unified-attack-defense-table.json:1-21 is the current canonical table dated 2026-05-01T00:00:00+08:00; the admitted recon row has the product-validation packet values AUC = 0.837, ASR = 0.74, TPR@1%FPR = 0.22, TPR@0.1%FPR = 0.11, plus metric_source and boundary fields.docs/product-bridge/local-api.md:104-114 says the Runtime evidence endpoint reads only workspaces/implementation/artifacts/unified-attack-defense-table.json and explicitly says workspaces/implementation/unified-attack-defense-table.json is no longer an authority.scripts/validate_attack_defense_table.py:146-153, scripts/export_admitted_evidence_bundle.py:16, and scripts/export_recon_product_evidence_card.py:12 all default to the artifacts/ table, so the stale root-level JSON can survive normal validation.
Impact
This can mislead the next Researcher or a merge reviewer into using a stale admitted table that lacks the current boundary fields and product-validation metrics. A downstream script or human handoff that grabs the shorter active-looking path could silently resurrect old recon/GSA values or a row shape without the current boundary, metric_source, low-FPR, and adaptive-check governance.
This is a real evidence-governance bug because it lives in the active workspaces/implementation/ tree, not under legacy/, while current docs and validators already declare a different canonical table.
Why this is non-duplicate
This is not the known feature-packet / Tracing the Roots admitted-row issue, not the ReDiffuse hot-path issue, and not the stale-PR roadmap fact issue. It is a separate stale tracked artifact that normal validators do not catch because they intentionally read the canonical artifacts/ table.
Acceptance criteria
- Remove, archive, or unmistakably mark
workspaces/implementation/unified-attack-defense-table.json as legacy so it cannot be mistaken for the current admitted table.
- Keep
workspaces/implementation/artifacts/unified-attack-defense-table.json as the only active machine-readable admitted attack-defense table.
- Update the implementation workspace README or equivalent handoff note so a new reader starts from the canonical
artifacts/ table.
- Run the Research validation that guards admitted evidence and docs links.
Notify: Researcher Agent
Summary
The repository still tracks an active-looking legacy attack-defense table at
workspaces/implementation/unified-attack-defense-table.jsoneven though the canonical admitted table has moved toworkspaces/implementation/artifacts/unified-attack-defense-table.json.Evidence
workspaces/implementation/unified-attack-defense-table.json:3-20is dated2026-04-09T01:10:00+08:00and still lists the old recon row withAUC = 0.849,ASR = 0.51,TPR@1%FPR = 1.0,TPR@0.1%FPR = null, andsource = experiments/recon-runtime-mainline-ddim-public-100-step30/summary.json.workspaces/implementation/artifacts/unified-attack-defense-table.json:1-21is the current canonical table dated2026-05-01T00:00:00+08:00; the admitted recon row has the product-validation packet valuesAUC = 0.837,ASR = 0.74,TPR@1%FPR = 0.22,TPR@0.1%FPR = 0.11, plusmetric_sourceandboundaryfields.docs/product-bridge/local-api.md:104-114says the Runtime evidence endpoint reads onlyworkspaces/implementation/artifacts/unified-attack-defense-table.jsonand explicitly saysworkspaces/implementation/unified-attack-defense-table.jsonis no longer an authority.scripts/validate_attack_defense_table.py:146-153,scripts/export_admitted_evidence_bundle.py:16, andscripts/export_recon_product_evidence_card.py:12all default to theartifacts/table, so the stale root-level JSON can survive normal validation.Impact
This can mislead the next Researcher or a merge reviewer into using a stale admitted table that lacks the current boundary fields and product-validation metrics. A downstream script or human handoff that grabs the shorter active-looking path could silently resurrect old recon/GSA values or a row shape without the current
boundary,metric_source, low-FPR, and adaptive-check governance.This is a real evidence-governance bug because it lives in the active
workspaces/implementation/tree, not underlegacy/, while current docs and validators already declare a different canonical table.Why this is non-duplicate
This is not the known feature-packet / Tracing the Roots admitted-row issue, not the ReDiffuse hot-path issue, and not the stale-PR roadmap fact issue. It is a separate stale tracked artifact that normal validators do not catch because they intentionally read the canonical
artifacts/table.Acceptance criteria
workspaces/implementation/unified-attack-defense-table.jsonas legacy so it cannot be mistaken for the current admitted table.workspaces/implementation/artifacts/unified-attack-defense-table.jsonas the only active machine-readable admitted attack-defense table.artifacts/table.Notify: Researcher Agent