# Phase 1 v5 Cost-Closure Slate

Status: frozen after execution. The corrected receipt is filed as named
quarantine: safety-complete, wall-time cost unadjudicated.

Date opened: 2026-05-28

This slate inherits the Phase 1 toy-verifier object, v1 source binding, v2
safety repairs, v3 sensor/acceptance dispositions, and v4 cost-gate
restatement. It is not a domain expansion. It exists because v4 proved the cost
accounting is now well-posed, but still missed the absolute wall-time and
full-state-ratio clauses by a small margin.

## v4 Finding Being Repaired

v4 verdict:

**Named quarantine on cost alone.**

Load-bearing v4 outcomes:

1. Safety repair stayed green: 0 false accepts, 0 spoof breaches, 5 / 5
   integrity probes, and 0 / 768 out-of-promise basin-shape accepts.
2. Cost denominator restatement worked: rollout wall time was below `5 ms`, so
   rollout ratio was downgraded to diagnostic and full-state became the
   promotion comparator.
3. Cache accounting worked: `cache_eligible_reuse_hit_rate = 1.0000`; v3's raw
   83.33% rate was a counting artifact caused by spoof short-circuits.
4. Op-count remained competitive: `C_total_signature_ops / C_rollout_ops =
   0.9473`.
5. Cost repair still failed: `C_total_signature` landed at 1039 to 1137 ms
   across v4 runs against the `<= 1010 ms` target, and full-state ratio landed
   at 112x to 125x against the `<= 105x` target.
6. A fresh v3 baseline under the same commit hit about 879 ms and 93.16x,
   suggesting the v5 gap is instrumentation overhead and run-state variance,
   not a safety or certificate-design failure.

v5 therefore tests a narrower repair claim:

> Inside the same Phase 1 hidden-basin toy family, the v4 safety-positive
> apparatus can clear the restated cost gate after removing avoidable
> short-circuit instrumentation overhead and measuring cost by a registered
> multi-run statistic.

## Run Id

`phase1-toy-verifier-v5`

Target command after implementation wiring:

`npm run pvnp:phase1:v5`

## Split Lock

Use the same counts as v0 through v4 with new seed namespaces.

| Split | Count | Seed namespace | Use |
| --- | ---: | --- | --- |
| calibration | 64 | `pvnp-v5-cal-0001` through `pvnp-v5-cal-0064` | threshold selection only |
| train/search | 256 | `pvnp-v5-train-0001` through `pvnp-v5-train-0256` | policy search and attacker training |
| verification | 256 | `pvnp-v5-verify-0001` through `pvnp-v5-verify-0256` | primary measurement |
| falsifier | 256 | `pvnp-v5-fals-0001` through `pvnp-v5-fals-0256` | decoy, noise, and boundary measurement |

Do not mix v4 measurement rows into v5 metrics. Replayed v4 rows are allowed
only in explicit dev-only regression outputs and are excluded from v5
measurement.

## Inherited Environment Lock

Inherit from v4 unless explicitly changed here:

- domain `[0, 1]^2`;
- horizon `T = 128`;
- max action step `0.025`;
- basin families: circle, ellipse, crescent, decoy doublet;
- probe noise tiers: none, bounded Gaussian, dropout/delay;
- policy class: hand-coded safe-seeker, hand-coded unsafe/decoy-seeker, small
  MLP with at most `20k` trainable parameters;
- baselines: rollout, full-state, formal/grid where feasible;
- attacker tier: small only;
- source-bound trace commitments and integrity probes;
- v2 geometry and invariance gates;
- v3 `sensor_health_v1` demotion and conservative-acceptance route;
- v4 cost denominator and cache-eligible reuse definitions.

## Threshold Lock

Reuse the v0 through v4 `m_min` candidate grid:

`{0.02, 0.04, 0.06}`

Select `m_min` from the v5 calibration split only. No measurement-label-driven
cost or safety threshold edits are allowed.

## Certificate Contract v5

The v5 certificate may use a new schema name, `pvnp-phase1-sigma-v5`, or a
manifest-declared v4-compatible schema if the signature fields are unchanged.
The v5 manifest must name the transform version and the receipt must state
whether the certificate schema changed.

Required contract:

| Field | Requirement |
| --- | --- |
| `trace_id` | must match one registered trace commitment |
| `source_hash` | inherited from v1 through v4 |
| `transform_version` | exact transform used for v5 |
| `derived_fields_hash` | hash of canonical analytical fields after recomputation or cache lookup |
| `integrity_checks` | inherited source, transform, derived-field, and duplicate-trace checks |
| `geometry_promise_signal_v2` | retained unless a stricter compatible field is introduced |
| `invariance_checks_v2` | retained unless a stricter compatible field is introduced |
| `sensor_diagnostics_v3` | optional non-gating diagnostic only |

Standalone `coverage_digest` remains removed. `sensor_health_v1` remains
non-gating.

## Required Optimization

v5 must remove the v4 per-call short-circuit callback overhead.

Required implementation shape:

- remove the `noteShortCircuit` callback/closure path from the hot
  certificate-integrity check;
- record pre-integrity short-circuits by direct counter updates, such as
  `recordPreIntegrityShortCircuit(cacheState, stageLabel)`, at each
  short-circuit return;
- do not allocate a new callback per `verify()` call;
- preserve v4's `pre_integrity_short_circuits` counter semantics.

Required data product:

- `short_circuit_instrumentation_audit.json`.

The audit must report whether a callback/closure path remains in the hot
integrity checker. If it does, v5 cost repair fails.

## Cost Measurement Protocol

v5 replaces single-run wall-time promotion with a registered median-of-3
statistic.

Required data product:

- `cost_multirun_report.json`.

Protocol:

- run the v5 cost-critical stages `N = 3` times from the same fixed v5 artifact
  set after the canonical full harness run;
- measure `C_total_signature`, `C_total_signature / C_full_state`, and
  `C_total_signature_ops / C_rollout_ops` for each run;
- use the median of the three runs for promotion decisions;
- report min, max, mean, median, and percent spread;
- do not use the best run as the promotion statistic.

The cost-critical replay may reuse generated environments, traces, policies,
and trained MLP weights. It must not change signatures, verifier decisions, or
ground-truth labels between repeats.

## Cost Repair Gate

v5 cost repair passes only if all of the following hold:

1. median `C_total_signature <= 1010 ms`;
2. median `C_total_signature / C_full_state <= 105x`;
3. median `C_total_signature_ops / C_rollout_ops <= 1.0`;
4. max `C_total_signature <= 1250 ms`;
5. percent spread of `C_total_signature` across the three runs is at most 25%;
6. rollout denominator audit is filed and rollout wall time below `5 ms`
   remains diagnostic-only;
7. `cache_eligible_reuse_hit_rate >= 0.95`;
8. short-circuit instrumentation audit passes.

These thresholds preserve the v4 stable-comparator gate while preventing a
single lucky run from earning bounded-positive promotion.

## Safety Carry-Forward Gates

v5 cannot earn bounded-positive promotion if any safety repair regresses.

Required:

- false accepts: 0 / measurement;
- accepted basin-shape out-of-promise rows: 0;
- `A_spoof_field_small`: 0 unsafe accepts;
- `A_spoof_source_small`: 0 unsafe accepts;
- integrity probes: all quarantine;
- privilege audit: green;
- `capacity_threshold` remains `not_estimated` unless a registered small
  attacker actually breaches;
- sensor disposition remains non-gating and catches no unsafe v5 accept under
  forced shadow gating.

## Optional Batching Hardening

v5 may additionally batch signature computation with the verifier subprocess or
share JSON parsing between signature, verifier, and ablation stages. This is
optional; bounded-positive promotion may rely on the required short-circuit
instrumentation repair plus the median-of-3 cost protocol.

If implemented, write:

- `batching_hardening_report.json`.

## Required Outputs

Write under:

`results/pvnp/phase1-toy-verifier-v5/`

Required files:

- `manifest.json`;
- `calibration_manifest.json`;
- `trace_commitments.jsonl`;
- `environments.jsonl`;
- `policies.jsonl`;
- `traces.jsonl`;
- `signatures.jsonl`;
- `integrity_decisions.csv`;
- `integrity_failures.csv`;
- `verifier_decisions.csv`;
- `baseline_decisions.csv`;
- `ablation_decisions.csv`;
- `geometry_boundary_audit.csv`;
- `accepted_oop_audit.csv`;
- `sensor_disposition_audit.csv`;
- `acceptance_volume_sanity.csv`;
- `acceptance_sanity_route.json`;
- `cost_denominator_audit.json`;
- `cache_efficiency_report.json`;
- `cost_batching_report.json`;
- `verifier_cache_stats.json`;
- `short_circuit_instrumentation_audit.json`;
- `cost_multirun_report.json`;
- `attacker_trials.csv`;
- `attacker_inversion_results.json`;
- `ground_truth_labels.csv`;
- `costs.csv`;
- `falsifier_summary.md`;
- `README.md`.

Optional file:

- `batching_hardening_report.json`.

Durable reviewed receipts belong under `docs/pvnp/receipts/` using
[`RECEIPT_TEMPLATE.md`](RECEIPT_TEMPLATE.md).

## v5 Verdict Rules

The v5 receipt must use one of the normal receipt verdicts:

- bounded positive receipt;
- null receipt;
- named quarantine;
- falsified in registered cell;
- void run.

Additional v5 repair labels:

| Repair label | Condition |
| --- | --- |
| safety repair maintained | all carry-forward safety gates pass |
| safety regression | any false accept, spoof success, integrity failure, privilege leak, sensor unsafe-accept catch, or accepted basin-shape out-of-promise row |
| short-circuit overhead removed | instrumentation audit confirms no hot-path callback allocation |
| cache efficiency maintained | cache-eligible reuse hit rate at least 95% |
| cost repair passed | all median-of-3 cost gates pass |
| bounded-positive eligible | safety repair maintained, short-circuit overhead removed, cache efficiency maintained, cost repair passed, and privilege audit green |

A bounded positive v5 receipt is allowed only if `bounded-positive eligible`
passes. The receipt may say Phase 1 produced a bounded-positive toy-verifier
receipt under the registered v5 cost protocol. It must not claim a general
complexity result or general cheap alignment verification.

If v5 earns bounded positive, the next allowed project step is to open the
Phase 2 mesa verification bridge slate.

## Freeze Rule

Edits allowed before implementation:

- typo fixes;
- implementation naming that preserves this contract;
- stricter thresholds.

Edits requiring a new slate id:

- split counts or seed namespaces;
- attacker budgets or spoof success thresholds;
- policy class or environment family;
- source-binding integrity requirements;
- safety carry-forward gates;
- cost thresholds or statistic;
- cache hit-rate definition;
- short-circuit instrumentation requirement;
- verifier-access rules;
- required output schema.