You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The evidence-corroboration allowlist has three divergent schema definitions. The committed allowlist file and the GP1 schema package use identityPattern/source, but the GP2 producer loader and the GP4 consumer loader each hand-roll an outdated issuer+identity schema. As a result neither loader can parse the real recipes/evidence/allowlist.yaml, and docs/contributor/evidence-ingest.md documents the stale shape.
Running either loader against the real allowlist fails closed: the unknown identityPattern/source fields are ignored, leaving Identity empty, and validation rejects it with allowlist <class> entry has empty identity. Confirmed by running corroborate -allowlist recipes/evidence/allowlist.yaml.
Community entries keyed by source slug can never classify through the stale loaders (no source field), so a legitimately-allowlisted community signer would be mislabeled community/allowlisted=false.
docs/contributor/evidence-ingest.md (the "Classification" schema block) is inaccurate relative to the actual file.
Proposed fix
Retire the two hand-rolled loaders and have both GP2 (pkg/evidence/project) and GP4 (pkg/corroborate) consume the shared pkg/evidence/allowlist package (or its schema), so file + code + docs converge on one definition.
Then:
Update pkg/corroborate/testdata/allowlist.yaml (currently written in the old identity schema) and the classify_test.go expectations in both packages.
Update docs/contributor/evidence-ingest.md to the identityPattern/source schema.
Re-enable -allowlist recipes/evidence/allowlist.yaml in .github/workflows/evidence-dashboard-publish.yaml and drop the deferral note in docs/contributor/evidence-dashboard-publish.md.
Acceptance
corroborate -allowlist recipes/evidence/allowlist.yaml succeeds and classifies first-party (identityPattern) and community (source) signers correctly.
One allowlist schema definition is used across GP1/GP2/GP4 (no duplicate hand-rolled structs).
evidence-ingest.md and evidence-dashboard-publish.md describe the same, correct schema.
Anti-sybil invariants (disjoint classes, no over-broad patterns, source-slug uniqueness) remain enforced by the shared package.
Summary
The evidence-corroboration allowlist has three divergent schema definitions. The committed allowlist file and the GP1 schema package use
identityPattern/source, but the GP2 producer loader and the GP4 consumer loader each hand-roll an outdatedissuer+identityschema. As a result neither loader can parse the realrecipes/evidence/allowlist.yaml, anddocs/contributor/evidence-ingest.mddocuments the stale shape.Current state
recipes/evidence/allowlist.yaml(source of truth)issuer+identityPattern(first-party),issuer+sourceslug (community)pkg/evidence/allowlist(GP1 schema pkg)Entry{Label, Issuer, Source, IdentityPattern}— exactly one of Source/IdentityPatternpkg/evidence/project/classify.go(GP2 producer loader)AllowlistEntry{Issuer, Identity}pkg/corroborate/classify.go(GP4 consumer loader)AllowlistEntry{Issuer, Identity}docs/contributor/evidence-ingest.md(classification section)issuer+identityImpact
identityPattern/sourcefields are ignored, leavingIdentityempty, and validation rejects it withallowlist <class> entry has empty identity. Confirmed by runningcorroborate -allowlist recipes/evidence/allowlist.yaml.sourceslug can never classify through the stale loaders (nosourcefield), so a legitimately-allowlisted community signer would be mislabeledcommunity/allowlisted=false.-allowlistand rely on the class baked intometa.jsonat ingest as a workaround.docs/contributor/evidence-ingest.md(the "Classification" schema block) is inaccurate relative to the actual file.Proposed fix
Retire the two hand-rolled loaders and have both GP2 (
pkg/evidence/project) and GP4 (pkg/corroborate) consume the sharedpkg/evidence/allowlistpackage (or its schema), so file + code + docs converge on one definition.Then:
pkg/corroborate/testdata/allowlist.yaml(currently written in the oldidentityschema) and theclassify_test.goexpectations in both packages.docs/contributor/evidence-ingest.mdto theidentityPattern/sourceschema.-allowlist recipes/evidence/allowlist.yamlin.github/workflows/evidence-dashboard-publish.yamland drop the deferral note indocs/contributor/evidence-dashboard-publish.md.Acceptance
corroborate -allowlist recipes/evidence/allowlist.yamlsucceeds and classifies first-party (identityPattern) and community (source) signers correctly.evidence-ingest.mdandevidence-dashboard-publish.mddescribe the same, correct schema.Affected files
pkg/evidence/project/classify.go,pkg/corroborate/classify.gopkg/evidence/allowlist/(target shared schema)pkg/corroborate/testdata/allowlist.yaml,*_test.goin both packagesdocs/contributor/evidence-ingest.md,docs/contributor/evidence-dashboard-publish.md.github/workflows/evidence-dashboard-publish.yamlRelated
Epic #1400 · GP1 (allowlist schema) · GP2 #1402 · GP4 #1404 · GP5 #1405 (workaround in PR #1504) · surfaced while reviewing PR #1504.