Release RelayX v0.1.12 evidence taxonomy

Author: RedteamNotes

README.md

@@ -73,8 +73,8 @@ telemetry.
 - Lab response differential analysis for stable policy-state pairs, including
   discriminator keys, context-only differences, and promotion support.
 - Evidence completeness reporting for finding/path records, including protocol
-  judgement fields, confidence distribution, missing contract keys, and
-  remaining uncertainty.
+  judgement fields, source taxonomy, confidence distribution, missing contract
+  keys, and remaining uncertainty.
 - Guarded validation and execution records with dry-run, armed, and confirmed
   modes, operator context, timebox/noise/scope checks, and JSONL audit logs.
 - Source validation planning for WebClient/WebDAV, RPC coercion surfaces,
@@ -222,7 +222,7 @@ relayx lab-stability     Assess repeat-capture lab stability and drift
 relayx lab-diff          Compare stable lab policy-state response differences
 relayx lab-index         Summarize lab signature corpuses
 relayx lab-profile       Generate a calibration profile draft from corpuses
-relayx evidence-report   Audit evidence completeness and judgement fields
+relayx evidence-report   Audit evidence completeness, source taxonomy, and judgement fields
 relayx validate          Run guarded active validation for one path
 relayx profiles          List bundled RelayX profiles
 relayx export            Export graph, JSONL, CSV, report, or diagram artifacts
@@ -313,7 +313,9 @@ an artifact does not satisfy the selected contract.
 `relayx evidence-report -r result.json` audits an existing result without
 network activity. It highlights candidate or relayable records without
 evidence, protocol judgement records missing policy inference or remaining
-uncertainty, and evidence entries that still carry unknown confidence.
+uncertainty, evidence entries that still carry unknown confidence, and source
+taxonomy counts such as wire observation, policy inference, lab calibration,
+source model, route model, control mapping, and operator context.
 
 ## Calibration
 

docs/CLI.md

@@ -105,9 +105,12 @@ relayx schema validate -k evidence-report evidence-report.json
 `evidence-report` audits an existing result offline. It reports whether
 candidate or relayable records have evidence, whether protocol judgement
 records expose response classification, policy inference, and remaining
-uncertainty, and whether any evidence still has unknown confidence. It is meant
-for lab promotion review, enterprise handoff, and fixture quality checks; it
-does not scan, validate, relay, or mutate the result file.
+uncertainty, whether any evidence still has unknown confidence, and how each
+evidence item maps into the source taxonomy. The taxonomy separates wire
+observation, policy inference, lab calibration, source model, route model,
+control mapping, operator context, error, and unsupported-boundary evidence.
+It is meant for lab promotion review, enterprise handoff, and fixture quality
+checks; it does not scan, validate, relay, or mutate the result file.
 
 ## Schema Contracts
 

docs/ENTERPRISE_OUTPUTS.md

@@ -86,8 +86,9 @@ for CI and ingestion pipeline checks.
 `relayx quality-gate` is the local CI and release gate. It validates package
 metadata, schema catalog coverage, JSON fixtures, schema fixture directories,
 enterprise output matrix coverage, lab matrix coverage, lab stability checks,
-lab differential checks, evidence-report checks, documentation coverage, and
-GitHub Actions workflow presence. Failed gates return exit code `2`.
+lab differential checks, evidence-report checks, evidence source taxonomy
+coverage, documentation coverage, and GitHub Actions workflow presence. Failed
+gates return exit code `2`.
 
 ```bash
 relayx quality-gate -C . -f json -o relayx-quality-gate.json

docs/LAB_VALIDATION.md

@@ -21,7 +21,8 @@ by reports, ranking, and regression tests.
 
 Use `relayx evidence-report -r result.json` before promoting lab evidence. The
 report checks whether finding/path records carry evidence, protocol judgement
-fields, confidence, and remaining uncertainty in a consistent structure.
+fields, source taxonomy, confidence, and remaining uncertainty in a consistent
+structure.
 
 | Oracle | Required evidence keys |
 | --- | --- |
@@ -137,6 +138,12 @@ offline audits of an existing result and do not prove protocol correctness; they
 make missing judgement fields and unknown-confidence evidence visible before a
 lab profile or enterprise handoff relies on the result.
 
+The evidence-report source taxonomy distinguishes observed wire evidence,
+policy inference, lab calibration evidence, modeled source or route context,
+control mappings, operator context, errors, and unsupported boundaries. Lab
+promotion should be based on the appropriate source categories rather than a
+single undifferentiated evidence count.
+
 For baseline comparisons, promotion requires both:
 
 1. A candidate signature that matches a promotable calibrated lab state.

docs/README.fr.md

@@ -85,8 +85,8 @@ echec.
   de policy states et separer les vrais response discriminators des champs de
   contexte.
 - Evidence completeness reporting pour auditer les records finding/path, les
-  champs de protocol judgement, la distribution de confidence, les contract
-  keys manquantes et l'incertitude restante.
+  champs de protocol judgement, la source taxonomy, la distribution de
+  confidence, les contract keys manquantes et l'incertitude restante.
 - Exports entreprise pour graph analysis, ingestion SIEM, revue CSV, rapports
   HTML/Markdown, scan diff et simulation d'impact de remediation.
 - Generation d'enterprise bundle avec manifest, hashes d'artefacts, schema
@@ -220,7 +220,7 @@ relayx lab-stability     Evalue stabilite et drift des captures lab repetees
 relayx lab-diff          Compare les response differentials entre policy states
 relayx lab-index         Resume les corpuses de signatures lab
 relayx lab-profile       Genere un draft de calibration profile depuis corpus
-relayx evidence-report   Audite evidence completeness et champs de judgement
+relayx evidence-report   Audite evidence completeness, source taxonomy et judgement
 relayx validate          Lance une validation active controlee pour un chemin
 relayx profiles          Liste les profils RelayX integres
 relayx export            Exporte graph, JSONL, CSV, rapport ou diagramme
@@ -313,7 +313,9 @@ lorsque l'artefact ne respecte pas le contrat choisi.
 `relayx evidence-report -r result.json` audite un resultat existant hors ligne,
 sans trafic reseau. Il signale les records candidate/relayable sans evidence,
 les protocol judgement records sans policy inference ou remaining uncertainty,
-et les evidence entries qui gardent une confidence `unknown`.
+les evidence entries qui gardent une confidence `unknown`, et les categories de
+source comme wire observation, policy inference, lab calibration, source model,
+route model, control mapping et operator context.
 
 ## Calibration laboratoire
 

docs/README.zh-CN.md

@@ -73,7 +73,8 @@ validation 必须显式开启，并可能产生失败登录类遥测。
 - lab response differential analysis，用于比较稳定 lab policy state
   signature，区分真正的 response discriminator 和仅作上下文参考的字段。
 - evidence completeness reporting，用于审计 finding/path 证据记录、
-  protocol judgement 字段、confidence 分布、缺失 contract key 和剩余不确定性。
+  protocol judgement 字段、source taxonomy、confidence 分布、缺失 contract key
+  和剩余不确定性。
 - graph、SIEM、CSV、HTML/Markdown report、scan diff、remediation impact
   simulation 等企业输出。
 - enterprise bundle 生成，包含 manifest、artifact hash、schema status、
@@ -204,7 +205,7 @@ relayx lab-stability     评估重复 lab capture 的稳定性和漂移
 relayx lab-diff          比较稳定 lab policy-state response differential
 relayx lab-index         汇总 lab signature corpus
 relayx lab-profile       从 corpus 生成 calibration profile 草案
-relayx evidence-report   审计 evidence completeness 和 judgement 字段
+relayx evidence-report   审计 evidence completeness、source taxonomy 和 judgement 字段
 relayx validate          对单条 path 运行受控 active validation
 relayx profiles          列出内置 RelayX profile
 relayx export            导出 graph、JSONL、CSV、report 或 diagram 产物
@@ -292,7 +293,9 @@ artifact 不符合所选 contract 时返回 exit code `2`。
 `relayx evidence-report -r result.json` 会离线审计已有 result，不产生网络流量。
 它会标出缺少 evidence 的 candidate/relayable record、缺少 policy inference 或
 remaining uncertainty 的 protocol judgement record，以及仍为 unknown confidence
-的 evidence entry。
+的 evidence entry，并统计 wire observation、policy inference、lab calibration、
+source model、route model、control mapping 和 operator context 等 evidence source
+类别。
 
 ## 实验室校准
 

docs/ROADMAP.md

@@ -40,6 +40,9 @@ uncertain, and what an operator is allowed to do next.
 - Evidence completeness reporting for existing results, including finding/path
   evidence counts, confidence distribution, protocol judgement fields, missing
   contract keys, and remaining uncertainty.
+- Evidence source taxonomy for separating wire observations, policy
+  inferences, lab-calibration evidence, source and route models, control
+  mappings, operator context, errors, and unsupported boundaries.
 - Guarded validation and controlled execution state machines with dry-run,
   armed, and confirmed modes.
 - Execution module inventory, module planning, and Adapter SDK dispatch,
@@ -83,9 +86,9 @@ Near-term work:
 - Expand real HTTP/IIS EPA, AD CS Web Enrollment EPA, LDAP signing, LDAPS CBT,
   and MSSQL encryption/EPA response-difference captures beyond the bundled
   synthetic fixture corpus.
-- Expand evidence-report source taxonomy so protocol judgements consistently
-  distinguish observed wire evidence, inferred policy state, lab-calibrated
-  promotion evidence, and operator-supplied context.
+- Extend the source taxonomy with real lab-corpus provenance, endpoint build
+  metadata, and operator-reviewed promotion decisions once those artifacts are
+  available from authorized labs.
 - Keep synthetic authentication rejection states subdivided without treating
   invalid-credential rejection as proof of relayability.
 

docs/SCHEMA.md

@@ -46,8 +46,8 @@ Machine-readable validation reports use `--format json`.
 - `lab-differential`: lab response differential report comparing stable
   policy-state signatures.
 - `evidence-report`: offline result evidence completeness report for
-  finding/path records, protocol judgement fields, confidence, and remaining
-  uncertainty.
+  finding/path records, source taxonomy, protocol judgement fields, confidence,
+  and remaining uncertainty.
 - `execution-record`: guarded validation or controlled execution audit record.
 - `module-manifest`: JSON manifest for execution adapter capability planning.
 - `opsec-policy`: OPSEC policy used by validation, execution, and source
@@ -84,6 +84,15 @@ judgement records are expected to expose response classification, policy
 inference, and remaining uncertainty; missing fields are reported as warnings
 so teams can decide whether lab promotion or handoff is ready.
 
+Evidence reports also include a source taxonomy. Each evidence item is mapped
+to a category such as `wire_observation`, `policy_inference`,
+`lab_calibration`, `source_model`, `route_model`, `control_mapping`,
+`operator_context`, `error`, or `unsupported`, plus a judgement role such as
+`observation`, `response_semantics`, `policy_inference`, or
+`uncertainty_boundary`. This lets teams separate what RelayX observed on the
+wire from what it inferred, modeled, calibrated, or received as operator
+context.
+
 ## Lab Confidence Contract
 
 Calibration reports, baseline comparisons, and lab verification reports include

docs/TUTORIAL.md

@@ -128,8 +128,9 @@ relayx -q schema validate -k evidence-report /tmp/relayx-evidence-report.json
 ```
 
 The evidence report is offline. It highlights records that lack evidence,
-protocol judgement fields, remaining uncertainty, or confidence assignments
-before the result is used for lab promotion or enterprise handoff.
+protocol judgement fields, remaining uncertainty, confidence assignments, or
+clear source taxonomy before the result is used for lab promotion or
+enterprise handoff.
 
 ## 3. Review Route And Pivot Awareness
 

examples/tutorial/baseline-result.json

@@ -78,7 +78,7 @@
     "started_at": "2026-06-06T08:00:00+00:00",
     "target_count": 2,
     "tool": "RelayX",
-    "version": "0.1.11"
+    "version": "0.1.12"
   },
   "paths": [
     {