β CP7 Shadow Enforcement Evaluation Plan
Source:
governance/CP7-SHADOW-EVALUATION-PLAN.mdβ branchadpa-project-charter, repository mdresch/adpa.
β CP7 Shadow Enforcement Evaluation Plan
Purpose
This document defines the evaluation plan for transitioning CP7 (Directory Boundary Enforcement) from Phase 1 (Instrumentation) to Phase 5 (Constitutional Enforcement).
Current Status: Phase 1 β Instrumentation Complete
Target Status: Phase 5 β Constitutional Enforcement
Estimated Duration: 14-21 days minimum
1. Evaluation Objectives
Primary Objectives
- Prove CP7 produces zero false positives
- Verify all violations are explainable
- Confirm violations correlate with real risk
- Document impact radius
- Define rollback path
Secondary Objectives
- Collect metrics on violation frequency
- Identify most common violation types
- Validate manifest configuration
- Test edge cases (symlinks, case sensitivity, etc.)
2. Phase 2: Shadow Evaluation Implementation
2.1 Dual-Channel Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β REQUEST INCOMING β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β EXECUTION CHANNEL β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Current Behavior (Unchanged) β β
β β - Executes as today β β
β β - No enforcement applied β β
β β - Returns normal result β β
β β - No blocking, no tokens required β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β (parallel)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β EVALUATION CHANNEL (Shadow) β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β CP7 Validation Logic β β
β β - Runs full CP7 validation β β
β β - Generates violation codes β β
β β - Emits warnings, logs, telemetry β β
β β - Does NOT block execution β β
β β - Does NOT deny tokens β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Shadow Evaluation Log β β
β β - Request ID β β
β β - Would block? (yes/no) β β
β β - Violation code (if any) β β
β β - Reason (if any) β β
β β - Suggested action (if any) β β
β β - Timestamp β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β METRICS COLLECTOR β
β - Aggregates shadow evaluation results β
β - Calculates false positive rate β
β - Identifies patterns β
β - Generates reports β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
2.2 Shadow Mode Configuration
{
"cp7_enforcement_mode": "shadow",
"shadow_evaluation": {
"enabled": true,
"log_all_requests": true,
"block_enabled": false,
"token_required": false,
"metrics_collection": true,
"telemetry_endpoint": "/api/cp7/telemetry"
},
"phase": 2,
"phase_name": "Shadow Evaluation",
"started_at": "2026-04-16T00:00:00Z",
"target_phase": 5,
"target_phase_name": "Constitutional Enforcement"
}
3. Phase 3: Evidence Collection Plan
3.1 Metrics Dashboard
| Metric | Description | Collection Method |
|---|---|---|
total_requests |
All requests evaluated | Counter |
valid_requests |
Requests that would pass | Counter |
blocked_requests |
Requests that would be blocked | Counter |
violations_by_code |
Count per violation code | Histogram |
violations_by_path |
Count per path pattern | Histogram |
violations_by_extension |
Count per file extension | Histogram |
violations_by_task_class |
Count per TCL class | Histogram |
false_positives |
Reported false positives | Counter |
false_positive_rate |
FP / total_requests | Gauge |
avg_evaluation_time_ms |
Time to evaluate | Summary |
3.2 Daily Report Template
# CP7 Shadow Evaluation Daily Report
**Date:** YYYY-MM-DD
**Phase:** 2 (Shadow Evaluation)
## Summary
- Total requests evaluated: X
- Would block: X (X%)
- Would pass: X (X%)
- False positives reported: X
## Violations by Code
| Code | Count | Percentage |
|------|-------|------------|
| CP7-UNAPPROVED-PATH | X | X% |
| CP7-INVALID-EXTENSION | X | X% |
| ... | ... | ... |
## Top Flagged Paths
1. /path/to/file1.ts (X violations)
2. /path/to/file2.ts (X violations)
## Top Flagged Extensions
1. .ts (X violations)
2. .json (X violations)
## False Positives
| ID | Path | Reason | Status |
|----|------|--------|--------|
| FP-001 | /path/file.ts | Legitimate workflow | Investigating |
## Recommendations
- [Recommendation 1]
- [Recommendation 2]
4. Phase 4: Validation Checklist
4.1 Path Authority Law (CP7 Core)
Test Cases:
| Test ID | Description | Expected | Status |
|---|---|---|---|
| PATH-001 | Valid path in approved directory | Pass | β¬ |
| PATH-002 | Invalid path outside approved directories | Block | β¬ |
| PATH-003 | Path in blocked list | Block | β¬ |
| PATH-004 | Path with case variation | Deterministic | β¬ |
| PATH-005 | Path with symlink | Deterministic | β¬ |
| PATH-006 | Path with .. traversal |
Block | β¬ |
| PATH-007 | Path with null byte injection | Block | β¬ |
| PATH-008 | Path with unicode normalization | Deterministic | β¬ |
| PATH-009 | Windows vs Unix path separators | Deterministic | β¬ |
| PATH-010 | Absolute vs relative path | Deterministic | β¬ |
4.2 Task-Class Scope Law
Test Cases:
| Test ID | Description | Expected | Status |
|---|---|---|---|
| TASK-001 | TCL-FEAT in approved directory | Pass | β¬ |
| TASK-002 | TCL-DOC in code directory | Block | β¬ |
| TASK-003 | TCL-SEC in governance directory | Pass | β¬ |
| TASK-004 | Unknown task class | Block | β¬ |
| TASK-005 | Empty task class | Block | β¬ |
| TASK-006 | Task class escalation attempt | Block | β¬ |
4.3 Extension Integrity Law
Test Cases:
| Test ID | Description | Expected | Status |
|---|---|---|---|
| EXT-001 | Allowed extension in approved directory | Pass | β¬ |
| EXT-002 | Blocked extension globally | Block | β¬ |
| EXT-003 | Extension not in allowed list | Block | β¬ |
| EXT-004 | Uppercase extension (.TS) | Deterministic | β¬ |
| EXT-005 | Multi-extension (.tar.gz) | Deterministic | β¬ |
| EXT-006 | No extension | Deterministic | β¬ |
| EXT-007 | Extension with query string | Block | β¬ |
4.4 Deny > Allow Precedence Law
Test Cases:
| Test ID | Description | Expected | Status |
|---|---|---|---|
| PREC-001 | Path in both approved and blocked | Block | β¬ |
| PREC-002 | Extension in both allowed and blocked | Block | β¬ |
| PREC-003 | Global block overrides directory allow | Block | β¬ |
| PREC-004 | Directory allow does not override global block | Block | β¬ |
5. Negative Side Effects Detection
5.1 Silent Productivity Loss
Detection Method:
- Monitor developer workflow completion rates
- Track time-to-commit for common tasks
- Survey developers for unexpected friction
Threshold: Zero unexplained productivity loss
5.2 Governance Deadlock
Detection Method:
- Attempt all common operations during shadow evaluation
- Verify no circular dependencies in manifest
- Test system self-operation paths
Threshold: Zero deadlock scenarios
5.3 Law Conflicts
Detection Method:
- Cross-reference CP7 with CP1-CP6
- Test scenarios where laws might conflict
- Document resolution precedence
Threshold: Zero conflicts
5.4 Observability Gap
Detection Method:
- Verify all violations are logged
- Verify all logs are explainable
- Verify logs contain sufficient context
Threshold: Zero unexplainable violations
6. Graduation Criteria
CP7 graduates to Phase 5 (Constitutional Enforcement) when:
Quantitative Criteria
- Shadow evaluation duration β₯ 14 days
- Total requests evaluated β₯ 1000
- False positive count = 0
- False positive rate < 0.1%
- All test cases pass
Qualitative Criteria
- All violations explainable
- Violations correlate with real risk
- Impact radius documented
- No negative side effects detected
- Rollback path defined and tested
Authorization Criteria
- Human review completed
- DRACO board attestation obtained
- CSR epoch assigned
7. Rollback Plan
7.1 Immediate Rollback (Phase 5 β Phase 2)
If CP7 causes issues in Phase 5:
# 1. Revert configuration
cp7_enforcement_mode: "shadow"
# 2. Log incident
echo "CP7_ROLLBACK: $(date)" >> /var/log/cp7-incidents.log
# 3. Notify DRACO
# Automated notification to governance board
# 4. Preserve evidence
# All logs from incident period preserved for analysis
7.2 Analysis Period
After rollback:
- Analyze all violations during incident
- Identify root cause
- Update law or implementation
- Re-run Phases 2-4
- Re-obtain human authorization
8. Timeline
| Phase | Duration | Start | End |
|---|---|---|---|
| Phase 1: Instrumentation | Complete | β | β |
| Phase 2: Shadow Evaluation | 14 days min | Day 1 | Day 14+ |
| Phase 3: Evidence Collection | Ongoing | Day 1 | Day 14+ |
| Phase 4: Validation | 3 days | Day 15 | Day 17 |
| Phase 5: Constitutional Enforcement | β | Day 18+ | β |
Note: Phase 2 can be extended if criteria not met.
Governance Lineage
| Field | Value |
|---|---|
| Artifact ID | CP7βSHADOWβEVALβPLANβ001 |
| Version | v1.0.0 |
| Parent | RPASβCMβLAWβHARDENINGβ001 |
| Related | AMDβ2026β04β16β0001, RPASβCMβCOLβ001 |
| Author | Agent (advisory) β awaiting human decision |
| CSR Epoch | Pending attestation |