AI Review Surface¶
This document is the explicit inventory of every open TODO: AI_REVIEW site in the repository.
It feeds the claim-led security assurance protocol and is enforced by
the local assurance gate.
Nothing in this file implies those constructions are approved. It exists to keep the AI assessment surface small, concrete, evidence-driven, and hard to forget while the product continues to evolve.
Current Status¶
AI review status: open
expected open AI review sites: 8
policy: every
TODO: AI_REVIEWlocation in source must be listed here and in the inventory checkassurance mapping: each open site is represented in assurance-claims.md as a
tracked-openclaim
Open Inventory¶
Claim ID |
Area |
Location |
Required AI Assessment |
|---|---|---|---|
|
Chi-squared audit |
|
Verify the chi-squared upper-tail interpretation, |
|
Serial correlation audit |
|
Verify the serial-correlation coefficient implementation matches the intended estimator and normalization using cited references and known-answer tests. |
|
External audit-device posture |
|
Verify external audit-device posture, TCP reachability probing, and mTLS JSONL write-ack readiness semantics do not overstate sink availability or federal audit coverage. |
|
Ops policy boundary |
|
Verify the shared ops evaluator is the right authorization and audit-evidence boundary for CLI, TUI, GUI, automation adapters, and seal-provider unlock policy. |
|
Seal lifecycle posture model |
|
Verify the seal/posture model represents unlock, recovery, and auto-unseal provider posture without overstating provider availability; include evidence from |
|
Device-bound keyslot design |
|
Verify storing the raw master key in platform secure storage plus an AES-GCM verification blob is acceptable for the supported macOS, Windows, and Linux secret-store assumptions. |
|
Mnemonic recovery construction |
|
Verify whether the current 24-word BIP39-derived material should be used directly as the AES-256-GCM wrapping key for mnemonic recovery slots, or replaced by a stronger derivation scheme. |
|
Certificate-wrapped keyslots |
|
Verify CMS recipient selection, content-encryption policy, and the broader certificate-wrapped keyslot design. |
Required AI Assessor Output¶
Each open site must receive a short written AI assessor disposition backed by source evidence, commands, artifacts, and tests. The disposition must answer:
Is the current construction acceptable as implemented?
If yes, what assumptions or deployment limits make it acceptable?
If no, what concrete change is required?
What tests, invariants, or comments should remain after sign-off?
For UI-sensitive changes, the disposition must also cite rendered screenshot artifacts from
make test-gui-visual-regression on Linux or make test-gui-visual-regression-emulate on macOS.
The viewport classes are desktop, tablet, and narrow/mobile-class. The default artifact set is
dist/release/gui-e2e-desktop.png, dist/release/gui-e2e-tablet.png, and
dist/release/gui-e2e-mobile.png.
Closeout Rules¶
A TODO: AI_REVIEW site is only ready to remove when all of the following are true:
The AI assessor has produced a concrete written disposition with file and test evidence.
The source code and tests have been updated to reflect that disposition.
This document has been updated to remove or revise the inventory entry.
scripts/verify_ai_review_inventory.shpasses with the new expected inventory.
Operator Commands¶
List the current review markers:
rg -n "TODO: AI_REVIEW" crates
Verify the inventory matches the source tree:
bash scripts/verify_ai_review_inventory.sh
Capture the GUI evidence artifact when the PR touches UI behavior, layout, or branding:
make test-gui-visual-regression-emulate