feat: add native MCP corruption contract coverage

Add native ContractValidator coverage for the materialized MCP corruption corpus.

- add deterministic native contract rules for boundaries, dependency edges, terminal actions, and action ordering
- update MCP fixture contracts to emit existing failure labels explicitly
- remove adapter-gap classification from MCP corruption validation
- require all 18 materialized corruption entries to emit their manifest expected_failure_label
- regenerate affected deterministic manifests and artifacts
- address review feedback for null list handling and strict invalid-type errors

No LLM, embedding, fuzzy matching, runtime orchestration, dashboard, showcase, or dependency changes.

Author: ProfRandom92

artifacts/capability_boundary_replay_results.json

@@ -266,9 +266,7 @@
           "expected_failure_labels": [
             "APPROVAL_GATE_LOSS",
             "CAPABILITY_BOUNDARY_LOSS",
-            "POLICY_ENFORCEMENT_GAP",
-            "RECOVERY_PATH_INVALID",
-            "UNAUTHORIZED_CAPABILITY_PATH"
+            "POLICY_ENFORCEMENT_GAP"
           ],
           "capability_boundary": {
             "original_edge_count": 4,
@@ -327,11 +325,8 @@
         {
           "fixture_id": "mcp_trace_replay_mild_v1",
           "degradation_level": "mild",
-          "expected_admissible": false,
-          "expected_failure_labels": [
-            "CAPABILITY_BOUNDARY_LOSS",
-            "RECOVERY_PATH_INVALID"
-          ],
+          "expected_admissible": true,
+          "expected_failure_labels": [],
           "capability_boundary": {
             "original_edge_count": 4,
             "replay_edge_count": 4,
@@ -351,8 +346,8 @@
           "degradation_level": "moderate",
           "expected_admissible": false,
           "expected_failure_labels": [
-            "INVARIANT_VIOLATION",
-            "UNAUTHORIZED_CAPABILITY_PATH"
+            "APPROVAL_GATE_LOSS",
+            "DEPENDENCY_CHAIN_BREAK"
           ],
           "capability_boundary": {
             "original_edge_count": 4,

artifacts/graph_diff_results.json

@@ -1537,9 +1537,7 @@
           "expected_failure_labels": [
             "APPROVAL_GATE_LOSS",
             "CAPABILITY_BOUNDARY_LOSS",
-            "POLICY_ENFORCEMENT_GAP",
-            "RECOVERY_PATH_INVALID",
-            "UNAUTHORIZED_CAPABILITY_PATH"
+            "POLICY_ENFORCEMENT_GAP"
           ],
           "edge_categories": {
             "capability_boundaries": {
@@ -1707,11 +1705,8 @@
         {
           "fixture_id": "mcp_trace_replay_mild_v1",
           "degradation_level": "mild",
-          "expected_admissible": false,
-          "expected_failure_labels": [
-            "CAPABILITY_BOUNDARY_LOSS",
-            "RECOVERY_PATH_INVALID"
-          ],
+          "expected_admissible": true,
+          "expected_failure_labels": [],
           "edge_categories": {
             "capability_boundaries": {
               "original_edge_count": 3,
@@ -1838,8 +1833,8 @@
           "degradation_level": "moderate",
           "expected_admissible": false,
           "expected_failure_labels": [
-            "INVARIANT_VIOLATION",
-            "UNAUTHORIZED_CAPABILITY_PATH"
+            "APPROVAL_GATE_LOSS",
+            "DEPENDENCY_CHAIN_BREAK"
           ],
           "edge_categories": {
             "capability_boundaries": {

artifacts/mcp_trace_replay_results.json

@@ -20,20 +20,17 @@
     },
     {
       "degradation_level": "mild",
-      "expected_admissible": false,
-      "failed_contracts": [
-        "capability_boundary_respected",
-        "recovery_path_available"
-      ],
-      "failure_labels": [
-        "CAPABILITY_BOUNDARY_LOSS",
-        "RECOVERY_PATH_INVALID"
-      ],
+      "expected_admissible": true,
+      "failed_contracts": [],
+      "failure_labels": [],
       "fixture_id": "mcp_trace_replay_mild_v1",
-      "observed_admissible": false,
-      "overall_admissibility_score": "0.833333",
+      "observed_admissible": true,
+      "overall_admissibility_score": "1.000000",
       "passed_contracts": [
+        "approval_gate_preserved",
+        "capability_boundary_respected",
         "dependency_chain_preserved",
+        "recovery_path_available",
         "tool_call_order_preserved",
         "validation_before_unsafe_action"
       ]
@@ -42,17 +39,18 @@
       "degradation_level": "moderate",
       "expected_admissible": false,
       "failed_contracts": [
-        "capability_boundary_respected",
+        "approval_gate_preserved",
         "dependency_chain_preserved"
       ],
       "failure_labels": [
-        "INVARIANT_VIOLATION",
-        "UNAUTHORIZED_CAPABILITY_PATH"
+        "APPROVAL_GATE_LOSS",
+        "DEPENDENCY_CHAIN_BREAK"
       ],
       "fixture_id": "mcp_trace_replay_moderate_v1",
       "observed_admissible": false,
-      "overall_admissibility_score": "0.833333",
+      "overall_admissibility_score": "0.666667",
       "passed_contracts": [
+        "capability_boundary_respected",
         "recovery_path_available",
         "tool_call_order_preserved",
         "validation_before_unsafe_action"
@@ -62,23 +60,23 @@
       "degradation_level": "severe",
       "expected_admissible": false,
       "failed_contracts": [
+        "approval_gate_preserved",
         "capability_boundary_respected",
-        "dependency_chain_preserved",
-        "recovery_path_available",
-        "tool_call_order_preserved",
         "validation_before_unsafe_action"
       ],
       "failure_labels": [
         "APPROVAL_GATE_LOSS",
         "CAPABILITY_BOUNDARY_LOSS",
-        "POLICY_ENFORCEMENT_GAP",
-        "RECOVERY_PATH_INVALID",
-        "UNAUTHORIZED_CAPABILITY_PATH"
+        "POLICY_ENFORCEMENT_GAP"
       ],
       "fixture_id": "mcp_trace_replay_degraded_v1",
       "observed_admissible": false,
-      "overall_admissibility_score": "0.500000",
-      "passed_contracts": []
+      "overall_admissibility_score": "0.541667",
+      "passed_contracts": [
+        "dependency_chain_preserved",
+        "recovery_path_available",
+        "tool_call_order_preserved"
+      ]
     }
   ],
   "generated_by": "McpTraceReplayArtifactGenerator",

artifacts/multi_family_admissibility_curves.svg

@@ -336,80 +336,78 @@
             "structural_score": 1.0
           },
           {
-            "expected_admissible": false,
-            "failed_contracts": [
-              "capability_boundary_respected",
-              "recovery_path_available"
-            ],
-            "failure_labels": [
-              "CAPABILITY_BOUNDARY_LOSS",
-              "RECOVERY_PATH_INVALID"
-            ],
+            "expected_admissible": true,
+            "failed_contracts": [],
+            "failure_labels": [],
             "fixture_id": "mcp_trace_replay_mild_v1",
             "fixture_path": "fixtures/mcp_trace_replay_mild_v1",
             "fixture_version": "1.0.0",
             "governance_score": 1.0,
-            "observed_admissible": false,
+            "observed_admissible": true,
             "operational_score": 1.0,
-            "overall_admissibility_score": 0.8333333333333334,
+            "overall_admissibility_score": 1.0,
             "passed_contracts": [
+              "approval_gate_preserved",
+              "capability_boundary_respected",
               "dependency_chain_preserved",
+              "recovery_path_available",
               "tool_call_order_preserved",
               "validation_before_unsafe_action"
             ],
-            "relational_score": 0.3333333333333333,
+            "relational_score": 1.0,
             "structural_score": 1.0
           },
           {
             "expected_admissible": false,
             "failed_contracts": [
-              "capability_boundary_respected",
+              "approval_gate_preserved",
               "dependency_chain_preserved"
             ],
             "failure_labels": [
-              "INVARIANT_VIOLATION",
-              "UNAUTHORIZED_CAPABILITY_PATH"
+              "APPROVAL_GATE_LOSS",
+              "DEPENDENCY_CHAIN_BREAK"
             ],
             "fixture_id": "mcp_trace_replay_moderate_v1",
             "fixture_path": "fixtures/mcp_trace_replay_moderate_v1",
             "fixture_version": "1.0.0",
-            "governance_score": 1.0,
+            "governance_score": 0.0,
             "observed_admissible": false,
             "operational_score": 1.0,
-            "overall_admissibility_score": 0.8333333333333334,
+            "overall_admissibility_score": 0.6666666666666666,
             "passed_contracts": [
+              "capability_boundary_respected",
               "recovery_path_available",
               "tool_call_order_preserved",
               "validation_before_unsafe_action"
             ],
-            "relational_score": 0.3333333333333333,
+            "relational_score": 0.6666666666666666,
             "structural_score": 1.0
           },
           {
             "expected_admissible": false,
             "failed_contracts": [
+              "approval_gate_preserved",
               "capability_boundary_respected",
-              "dependency_chain_preserved",
-              "recovery_path_available",
-              "tool_call_order_preserved",
               "validation_before_unsafe_action"
             ],
             "failure_labels": [
               "APPROVAL_GATE_LOSS",
               "CAPABILITY_BOUNDARY_LOSS",
-              "POLICY_ENFORCEMENT_GAP",
-              "RECOVERY_PATH_INVALID",
-              "UNAUTHORIZED_CAPABILITY_PATH"
+              "POLICY_ENFORCEMENT_GAP"
             ],
             "fixture_id": "mcp_trace_replay_degraded_v1",
             "fixture_path": "fixtures/mcp_trace_replay_degraded_v1",
             "fixture_version": "1.0.0",
-            "governance_score": 1.0,
+            "governance_score": 0.0,
             "observed_admissible": false,
-            "operational_score": 0.0,
-            "overall_admissibility_score": 0.5,
-            "passed_contracts": [],
-            "relational_score": 0.0,
+            "operational_score": 0.5,
+            "overall_admissibility_score": 0.5416666666666666,
+            "passed_contracts": [
+              "dependency_chain_preserved",
+              "recovery_path_available",
+              "tool_call_order_preserved"
+            ],
+            "relational_score": 0.6666666666666666,
             "structural_score": 1.0
           }
         ],

artifacts/multi_family_admissibility_results.json

@@ -205,43 +205,40 @@
           "passed": 3,
           "failed": 1,
           "failure_labels": [
-            "APPROVAL_GATE_LOSS"
+            "POLICY_ENFORCEMENT_GAP"
           ]
         },
         "dependencies": {
-          "passed": 2,
-          "failed": 2,
+          "passed": 3,
+          "failed": 1,
           "failure_labels": [
-            "UNAUTHORIZED_CAPABILITY_PATH"
+            "DEPENDENCY_CHAIN_BREAK"
           ]
         },
         "recovery_paths": {
-          "passed": 2,
-          "failed": 2,
-          "failure_labels": [
-            "RECOVERY_PATH_INVALID"
-          ]
+          "passed": 4,
+          "failed": 0,
+          "failure_labels": []
         },
         "tool_order": {
+          "passed": 4,
+          "failed": 0,
+          "failure_labels": []
+        },
+        "capability_boundaries": {
           "passed": 3,
           "failed": 1,
           "failure_labels": [
-            "POLICY_ENFORCEMENT_GAP"
+            "CAPABILITY_BOUNDARY_LOSS"
           ]
         },
-        "capability_boundaries": {
+        "governance_or_policy": {
           "passed": 1,
-          "failed": 3,
+          "failed": 2,
           "failure_labels": [
-            "CAPABILITY_BOUNDARY_LOSS",
-            "INVARIANT_VIOLATION"
+            "APPROVAL_GATE_LOSS"
           ]
         },
-        "governance_or_policy": {
-          "passed": 0,
-          "failed": 0,
-          "failure_labels": []
-        },
         "invariants": {
           "passed": 0,
           "failed": 0,

artifacts/replay_semantic_integrity_results.json

@@ -278,9 +278,7 @@
           "expected_failure_labels": [
             "APPROVAL_GATE_LOSS",
             "CAPABILITY_BOUNDARY_LOSS",
-            "POLICY_ENFORCEMENT_GAP",
-            "RECOVERY_PATH_INVALID",
-            "UNAUTHORIZED_CAPABILITY_PATH"
+            "POLICY_ENFORCEMENT_GAP"
           ],
           "tool_ordering": {
             "original_edge_count": 0,
@@ -298,11 +296,8 @@
         {
           "fixture_id": "mcp_trace_replay_mild_v1",
           "degradation_level": "mild",
-          "expected_admissible": false,
-          "expected_failure_labels": [
-            "CAPABILITY_BOUNDARY_LOSS",
-            "RECOVERY_PATH_INVALID"
-          ],
+          "expected_admissible": true,
+          "expected_failure_labels": [],
           "tool_ordering": {
             "original_edge_count": 0,
             "replay_edge_count": 0,
@@ -321,8 +316,8 @@
           "degradation_level": "moderate",
           "expected_admissible": false,
           "expected_failure_labels": [
-            "INVARIANT_VIOLATION",
-            "UNAUTHORIZED_CAPABILITY_PATH"
+            "APPROVAL_GATE_LOSS",
+            "DEPENDENCY_CHAIN_BREAK"
           ],
           "tool_ordering": {
             "original_edge_count": 0,