Ω
VERITAS Ω-CODE
Full Verification Run Report
5
Total Runs
1
Pass
3
Violation
1
Inconclusive
0
Model Bound
PASS
VIOLATION
INCONCLUSIVE
MODEL_BOUND
00
Vault.sol Reentrancy — Ω-CODE v1.0

Legacy 8-gate pipeline. Classic Solidity reentrancy pattern: external call before state update, declared lock state never set.

0
Vault.sol
Solidity 0.8.20 · Ω-CODE v1.0 · 8-gate pipeline
VIOLATION
INVALID_STATE_REACHABLE
0
CLAEG
Grammar valid, no free vars, all symbols resolve (UNLOCKED, LOCKED → FILE scope enum)
PASS
1
INTAKE
3 artifacts: dependency_graph, file_manifest, ast_root
PASS
2
TYPE
2 trust boundaries: msg.sender.call, msg.sender
PASS
3
EVIDENCE
2 independent types: AST slice + call trace
PASS
4
AUTHORITY
Solidity spec confirms call-before-write permits reentrancy
PASS
5
SOLVENCY
lockState never set to LOCKED in withdraw() — reenterable while UNLOCKED
VIOLATION
6
INCENTIVE
not run
CASCADE
7
TEMPORAL
not run
CASCADE
8
ADVERSARY
not run
CASCADE
VIOLATION: INVALID_STATE_REACHABLE — Gate 5 (SOLVENCY)

The assertion CANNOT_REACH(UNLOCKED, LOCKED) is violated. lockState is declared as an enum but never written inside withdraw(). The reachability matrix confirms UNLOCKED → LOCKED is unreachable. The external call can re-enter while balance is stale.

Gates Run
6 of 9 (0–5), cascade on 6–8
Halted At
Gate 5 (SOLVENCY)
Claim Seal
8e9730305c9a1094eff32e8fd260f7f78a5868a1d15c4fdf74564997a915011f
ENV Hash
d3467ad39d462a9d5cbc76f6583d6109235905ac30b60f401c462b1070a3685c
Run Seal 1cbf17f977796f2e40cff39e5203aa3de3c3dc4bf9db5c01560cdd1d2b398440
01
auth-api — Ω-CODE v2.0 First Run

10-gate pipeline. Flask authentication API with a deliberately planted hardcoded JWT secret. Tests zero-tolerance security enforcement.

1
auth-api v0.3.0
Python 3.11.4 · Flask · Ω-CODE v2.0 · 10-gate pipeline
VIOLATION
SECRET_DETECTED
1
INTAKE
BuildClaim parsed, ClaimID verified, lockfile matches
PASS
2
TYPE
4 primitives, 4 boundaries, all symbols + units valid
PASS
3
DEPENDENCY
4 packages (Flask, PyJWT, bcrypt, requests), 0 CVEs
PASS
4
EVIDENCE
|S|≥2 all vars, agreement≥0.80, mean Q≥0.70
PASS
5
MATH
All 4 constraints SAT via interval propagation
PASS
6
COST
utilization=0.375, well under redline
PASS
7
INCENTIVE
100% pypi registry concentration
MODEL_BOUND
8
SECURITY
Hardcoded JWT secret in auth_api/config.py:12
VIOLATION
9
ADVERSARY
not run
10
TRACE_SEAL
not run
VIOLATION: SECRET_DETECTED — Gate 8 (SECURITY)

Zero-tolerance trigger: secrets_detected: true in SecurityManifest. Bandit SAST identified hardcoded JWT secret key at auth_api/config.py:12 (severity: CRITICAL). Pipeline halted immediately. No downstream execution.

Gates Run
8 of 10
Halted At
Gate 8 (SECURITY)
ClaimID
3c8514ea0cfdffb68d73eea236669aedaf3d241e119fe6b57d15db978739ef1f
ENV Hash
809ba9eed8b2be5314ad61c9492a5fdde0165a937629040962361c7d72a76bc5
Trace Seal 637e324085b94b26493234afa756236f3dc104f377693aaa141a1faca686a90a
02
data-transform — Clean Pass

Full 10-gate pipeline closure. Well-tested ETL library with diverse evidence, clean dependencies, no security findings, and adversary-resistant constraints.

2
data-transform v1.2.0
Python 3.11.4 · pandas + numpy + pyarrow · Ω-CODE v2.0
PASS
1
INTAKE
BuildClaim valid, commit verified, lockfile matches
PASS
2
TYPE
6 primitives, 5 boundaries, all symbols + units valid
PASS
3
DEPENDENCY
3 packages, 0 CVEs, all hashes verified
PASS
4
EVIDENCE
|S|≥2 all vars, agreement=1.0, mean Q=0.94
PASS
5
MATH
5/5 constraints SAT — coverage=0.91, latency=85ms
PASS
6
COST
utilization=0.42, build_time=38s/120s
PASS
7
INCENTIVE
max dominance=0.50, 2 registries (pypi+conda)
PASS
8
SECURITY
no secrets, 0 CRITICAL/HIGH, TLS 1.3, all boundaries mitigated
PASS
9
ADVERSARY
3/3 attacks survived, no constraint flips, mutation kill=0.82
PASS
10
TRACE_SEAL
trace chain sealed, manifest written
PASS
Gates Run
10 of 10 — full closure
Evidence Quality
mean Q=0.94, agreement=1.0, |S|≥2 all vars
Cost Utilization
0.42 (well under 0.80 warning / 0.95 redline)
Adversary Coverage
3/3 attacks, 0 constraint flips, mutation kill 82%
Trace Seal 856ac1f26ef302542053e8e9bd7c76cd2d8affe05487dd9850056c41448e7f9b
03
pricing-engine — Adversary Fragility

Passes all correctness and security checks — it works today. But a 5% perturbation on discount_rate causes total_price to violate its floor constraint. "It works" ≠ "it's robust."

3
pricing-engine v0.8.0
Python 3.11.4 · FastAPI + pydantic · Ω-CODE v2.0
VIOLATION
ADVERSARY_FRAGILE
1
INTAKE
BuildClaim valid, commit verified
PASS
2
TYPE
3 primitives (discount_rate, total_price, margin), units consistent
PASS
3
DEPENDENCY
3 packages, 0 CVEs
PASS
4
EVIDENCE
|S|≥2 all vars, agreement=0.95, mean Q=0.88
PASS
5
MATH
total_price ≥ 10.00 → SAT (observed: 12.50)
PASS
6
COST
utilization=0.28
PASS
7
INCENTIVE
max dominance=0.50, diverse sources
PASS
8
SECURITY
no secrets, 0 SAST findings, TLS 1.3
PASS
9
ADVERSARY
discount_rate +5% → total_price 12.50 → 9.84, flips constraint
VIOLATION
10
TRACE_SEAL
not run
VIOLATION: ADVERSARY_FRAGILE — Gate 9 (ADVERSARY)

Attack atk-001 (fuzz discount_rate +5%): discount_rate 0.15 → 0.1575. Total price drops from $12.50 to $9.84, violating the total_price >= 10.00 boundary. A 5% input variation causes a constraint flip — the system is correct but fragile.

Gates Run
9 of 10
Halted At
Gate 9 (ADVERSARY)
Attack Details
delta_rel=+0.05 (sign=+1 from hash parity), magnitude=0.05
Constraint Flipped
total_price >= 10.00: SAT → UNSAT
Trace Seal 7a244f5b2de8f5d08373d23799c08b12217ededc5debf548ac5141ed7050cf62
04
ml-pipeline — Evidence Starvation

Early-stage ML training pipeline with only one evidence source per variable. The system didn't say it's bad — it said it can't evaluate the claim. Epistemic honesty, not failure.

4
ml-pipeline v0.1.0
Python 3.11.4 · torch + sklearn + mlflow · Ω-CODE v2.0
INCONCLUSIVE
INSUFFICIENT_INDEPENDENCE
1
INTAKE
BuildClaim valid, commit verified
PASS
2
TYPE
4 primitives, 3 boundaries, units valid
PASS
3
DEPENDENCY
torch 2.1.0 has CVE-2024-XXXX (MEDIUM, patch in 2.2.0)
MODEL_BOUND
4
EVIDENCE
|S|=1 for accuracy, f1_score, training_time — need ≥2
INCONCLUSIVE
5
MATH
not run
6
COST
not run
7
INCENTIVE
not run
8
SECURITY
not run
9
ADVERSARY
not run
10
TRACE_SEAL
not run
INCONCLUSIVE: INSUFFICIENT_INDEPENDENCE — Gate 4 (EVIDENCE)

MIS_GREEDY returned |S|=1 for all critical variables (accuracy, f1_score, training_time). The staging regime requires Kmin=2 independent sources. One test suite from one team is not sufficient to verify accuracy claims. The fix is to add a second independent evaluation source — not to lower the bar.

Gates Run
4 of 10
Halted At
Gate 4 (EVIDENCE)
Also Flagged
Gate 3: MODEL_BOUND (CVE_MEDIUM) on torch 2.1.0
Remediation
Add ≥1 independent evaluation source per variable
Trace Seal bb2e5c1587dcfe22aa5fcaf4f17cfb77973cb2bfae115e722460da50bed1af1d
Σ
Gate Coverage Matrix

All 10 gates exercised across the run set. All 4 verdict types demonstrated.

RUN
1
2
3
4
5
6
7
8
9
10
v1.0
auth
data
price
ml
?
MetricValueNotes
Total runs51× v1.0 (8-gate), 4× v2.0 (10-gate)
Verdicts1 PASS, 3 VIOLATION, 1 INCONCLUSIVEAll 4 verdict types exercised
Gate coverageAll 10 gates exercisedGate 10 only in full-pass run (by design)
Halt positionsGate 4, 5, 8, 9Fail-fast proven at 4 different positions
MODEL_BOUND instances3VENDOR_CONCENTRATION (×1), CVE_MEDIUM (×1), in-pass (×1)
Seals verified5/5All recomputed and matched
Unique failure classes4Reentrancy, secret exposure, adversary fragility, evidence starvation
DeterminismProvenSame inputs → same seal across all runs
Failure ClassCaught AtRunImplication
State integrity (reentrancy)Gate 5 (SOLVENCY)v1.0 Vault.solLogic correctness — does the code behave as declared?
Secret exposureGate 8 (SECURITY)auth-apiSecurity posture — is the system safe to deploy?
Adversary fragilityGate 9 (ADVERSARY)pricing-engineRobustness — does it survive real-world variation?
Evidence starvationGate 4 (EVIDENCE)ml-pipelineEpistemic honesty — can we even evaluate the claim?

"This layer does not guarantee greatness.
It makes hidden weakness harder to survive."