JWT claim + docs-vs-implementation detector (v0.3.0)#22
Merged
Conversation
…3.0)
Second verification slice:
- New built-in claim jwt-authentication ("Authentication uses JWT access
tokens"), powered by the v0.0.6 JWT purpose classifier.
- New contradiction detector: documentation claims JWT while the only JWT
usage found is invitation/verification tokens -> CONTRADICTED with both
sides. Documentation with no usage at all stays WEAK, never contradicted:
absence is not positive conflicting evidence.
- Evaluator registry replaces the single hardcoded dispatch, so adding claims
is adding definitions.
- fix: signal metadata was hardcoded to '{}' at persistence, silently dropping
extractor metadata (including JWT purpose) since V0. Concept detection never
noticed (in-process); verification is the first DB reader of metadata and
exposed it. Regression test added.
126 tests (6 new). No breaking changes. Version 0.3.0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Second verification slice, proving the claim registry generalizes.
jwt-authentication- "Authentication uses JWT access tokens", powered by the existing JWT purpose classifier (access vs invitation/verification tokens)Bug found and fixed
Signal
metadata_jsonwas hardcoded to'{}'at persistence since V0 - every extractor's metadata silently dropped. Concept detection never noticed (it runs in-process on live Signal objects); the verification engine is the first feature reading metadata back from the database, and it exposed the bug immediately. Fixed with a regression test asserting the JWT purpose survives the round-trip.Verification
No breaking changes. Version 0.3.0. No tag, no publish - awaiting approval.