3.5 KiB
3.5 KiB
ADR-0119.1 — Seal fabrication_control Holdout (ADR-0105 Amendment)
Status: Accepted Date: 2026-05-23 Author: CORE agents + reviewers Amends: ADR-0105 Depends on: ADR-0105, ADR-0114a
Context
Under ADR-0105, CORE established recipient-based age encryption for sealed holdouts to prevent leakage. Plaintext fallback was allowed temporarily for local development.
ADR-0114a (Obligation #1) mandates that every lane migrate its holdout from plaintext fallback to an age-encrypted seal to satisfy anti-overfitting rules. This ADR implements this migration for the first lane: fabrication_control (the smallest and simplest lane).
Decision
We seal the fabrication_control holdout using the age format keyed to a dedicated public key recipient.
Configuration Details
- Sealed Lane:
fabrication_control - Recipient Public Key:
age1zt3ud2skl4y8qt306dlux0d3g68tt2trsur64yuh7gv4dag5qg5su9jllz - Private Identity Location: The private identity key is expected to live outside the repository at
~/.config/core/holdout_keys/repo_holdout.txt. - CI / Execution Setup: A fresh CI run or local test suite obtains access to this identity by setting the
CORE_HOLDOUT_KEYenvironment variable pointing to the absolute path of the identity file.
Actions Taken
- Generated a new age x25519 keypair for the repository.
- Encrypted the original holdout file
evals/fabrication_control/cases/holdout.jsonltoevals/fabrication_control/holdouts/v1/cases.jsonl.ageusing the public key recipient. - Removed the unencrypted
evals/fabrication_control/cases/holdout.jsonlfrom the repository. - Documented the recipient in docs/holdout_recipients.txt.
- Exposed
run_lanein thefabrication_controlrunnerevals/fabrication_control/runner.pyto support the generic framework execution model, and updated_run_splitto decrypt the holdout when split isholdout.
Invariants
- Running
fabrication_controlholdout split without the environment variableCORE_HOLDOUT_KEYset raises a typedEnvironmentErrorand fails closed. - Decrypting the sealed
cases.jsonl.ageusing the repository private key reproduces the original holdout cases byte-for-byte.
Acceptance Evidence
Accepted when:
- The
.agefile exists atevals/fabrication_control/holdouts/v1/cases.jsonl.age. - The tests in tests/test_adr_0119_1_sealed_holdout.py pass cleanly, validating:
- Encryption format and presence of header in
cases.jsonl.age. - Byte-equal reproduction of holdout cases upon decryption.
- Fail-closed behavior (
EnvironmentErrorraised) when key is missing. - Successful execution and reproduction of the prior metrics (
refusal_recall == 1.0,fabrication_rate == 0.0) when key is provided.
- Encryption format and presence of header in
Consequences
- The
fabrication_controllane holdout is fully sealed, fulfilling Obligation #1 of ADR-0114a. - Plaintext leaks of
fabrication_controlholdout are eliminated from the current tree.
Out of Scope
- Migrating other evaluation lanes' holdouts (reserved for subsequent ADRs).