Post-merge review of the Batch C Shuffle inventories (PR #404) re-derived every claim from the committed evidence. The "no ACES expressivity gap" conclusion holds (structured mapping manifests per aces#468-470 are used; docker.sock fits local_control_interfaces), but the review found two encoded falsehoods and several depth shortfalls to fix.
Errors
- frontend: dead published port + false prose. Compose publishes
3001:3001 but nginx listens only on 80/443 (frontend-state.txt socket table) — container port 3001 has no listener, so host:3001 is dead. The node description, network description, ledger facts shuffle-frontend.network.identity / runtime.service-listeners, and the README all claim "nginx HTTP/80 published to the host as 3001". Decision: fix the range to 3001:80 (upstream Shuffle convention), recreate the service, recapture the bundle, and correct SDL/ledger/README.
- opensearch: data-volume mount missing + false
encoded disposition. docker-inspect shows aptl_shuffle_opensearch_data -> /usr/share/opensearch/data (RW) but the node's runtime.mounts is empty, while ledger fact shuffle-opensearch.runtime.mounts claims the mount table records it. No test coverage of mounts.
Depth shortfalls
- opensearch software_components: 1 hand-written row vs 692 Maven components in the bundle's own Syft SBOM. Backend encodes 157 Go modules, orborus 139 — same semantic family, undeclared inconsistent depth. Encode the Maven catalogue.
- opensearch identity authority: security plugin enabled,
.opendistro_security (10 docs) in evidence, but no _plugins/_security/api/internalusers capture and identity_authorities: []. Capture and encode (backend precedent).
- capability assertions without evidence: frontend/opensearch/orborus encode 14 "effective" capabilities with no CapEff capture in any bundle. Add
/proc/1/status capability capture to the capture scripts and derive the encoding from evidence.
Minor
- orborus ledger digest typo:
sha256:e74e0246...366dba splices the platform-digest prefix onto the multi-arch index digest suffix.
- Docker embedded-DNS loopback listeners encoded on backend+orborus but omitted on frontend+opensearch despite identical evidence; standardize.
- Stale opensearch capture-limits line claims ACES mappings/templates are "name-only list[str] ... (blocked surface)" — false against the structured mapping manifests encoded in the same PR. Fix the generated limits text.
- orborus filesystem manifest retains only 3 rows with no full tree in evidence (declared, but a corpus outlier vs backend's full-tree-as-evidence pattern). Retain the full tree.
All three bundles recapture against the running lab with updated capture scripts; SDL nodes regenerate; tests/ledgers/READMEs/parity rows updated to match.
Post-merge review of the Batch C Shuffle inventories (PR #404) re-derived every claim from the committed evidence. The "no ACES expressivity gap" conclusion holds (structured mapping manifests per aces#468-470 are used; docker.sock fits
local_control_interfaces), but the review found two encoded falsehoods and several depth shortfalls to fix.Errors
3001:3001but nginx listens only on 80/443 (frontend-state.txtsocket table) — container port 3001 has no listener, so host:3001 is dead. The node description, network description, ledger factsshuffle-frontend.network.identity/runtime.service-listeners, and the README all claim "nginx HTTP/80 published to the host as 3001". Decision: fix the range to3001:80(upstream Shuffle convention), recreate the service, recapture the bundle, and correct SDL/ledger/README.encodeddisposition. docker-inspect showsaptl_shuffle_opensearch_data -> /usr/share/opensearch/data (RW)but the node'sruntime.mountsis empty, while ledger factshuffle-opensearch.runtime.mountsclaims the mount table records it. No test coverage of mounts.Depth shortfalls
.opendistro_security(10 docs) in evidence, but no_plugins/_security/api/internaluserscapture andidentity_authorities: []. Capture and encode (backend precedent)./proc/1/statuscapability capture to the capture scripts and derive the encoding from evidence.Minor
sha256:e74e0246...366dbasplices the platform-digest prefix onto the multi-arch index digest suffix.All three bundles recapture against the running lab with updated capture scripts; SDL nodes regenerate; tests/ledgers/READMEs/parity rows updated to match.