Ran all 5 persona Playwright specs against full stack after PR #1171
fixed the /stakestake navigation bug. Results:
- Navigation fix VERIFIED: /stake route works correctly (no /stakestake)
- 5/5 wallet connections succeeded
- 0/5 on-chain stakes completed (new blocker: ponder 504 timeout)
- 2/5 tests crashed due to chain snapshot/revert state corruption
Closes#1180
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary
PR #1172 (evidence: red-team 2026-03-26) was merged despite the review bot requesting schema fixes. This PR applies the corrections identified in that review.
## Changes
- `profile` → `optimizer_profile`
- `result: "PASS"` → `verdict: "floor_held"`
- `lm_eth_before`/`lm_eth_after`: integer ETH values → wei strings (×1e18)
- Add missing `candidate_commit`: `a76d393` (most recent OptimizerV3Push3 optimizer commit)
- Add missing `eth_extracted: 0`
- Add `attacks: []` (per-attack raw data is unrecoverable — session crashed due to Claude auto-update)
## Why this matters
The planner reads evidence files programmatically. Schema violations break automated delta_bps calculation and candidate tracking.
## Root cause of original violation
The action session that produced this evidence crashed due to a Claude Code auto-update mid-run. Evidence was reconstructed from diagnostics, and the schema was not matched correctly to the existing files.
Reviewed-on: https://codeberg.org/johba/harb/pulls/1173
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
PR #1160 wallet connector fix verified working. All 5 personas now
connect wallets successfully via desktop Connect button (previously 0/5).
New issue discovered: /stakestake navigation bug in attemptStake helper.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#1151
## Changes
Baseline UX persona evaluation (run-user-test formula). All 5 personas (tyler, alex, marcus, priya, sarah) ran against full stack. FAIL verdict: 0/5 completed — all blocked at wallet connector panel not rendering at 1280x720 viewport. Evidence file: evidence/user-test/2026-03-25.json with per-persona friction points, screenshots, and observations.
Reviewed-on: https://codeberg.org/johba/harb/pulls/1152
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Add the `methodology` field to the red-team schema (JSON example and
field table). `candidate_commit` was already documented in a prior
update; no change needed for that field.
The new field is backward-compatible — it is a free-text string already
present in existing evidence files (2026-03-20.json, 2026-03-23-*.json).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use anvil_snapshot/anvil_revert RPC methods instead of vm.snapshot()/vm.revertTo()
- Remove incorrect claim about top-level lm_eth_after reflecting worst-case attack
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: PRICE_STABILITY_INTERVAL (300s) was too long relative to
MIN_RECENTER_INTERVAL (60s). After any significant trade moving the tick
>1000 positions, the 5-minute TWAP lagged behind the current price by
hundreds of ticks, exceeding MAX_TICK_DEVIATION (50). Recenter reverted
with "price deviated from oracle" for ~285s — creating a window where
the LM could not reposition and adversary parasitic LP could extract
value from passive holders.
Fix: Reduce PRICE_STABILITY_INTERVAL from 300s to 30s. This ensures
TWAP converges within the 60s cooldown while still preventing same-block
manipulation (30s > ~12s Ethereum mainnet block time).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Evidence file: change result to PENDING (not INCREASED) with delta_bps 0,
since this is a registration placeholder, not a measured run
- Attack file: add missing unstake for position 6 so all staking positions
are cleaned up
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#1066
## Changes
Done. Here's what was changed:
**`evidence/README.md`**
- Added `"candidate_commit": "abc1234"` to the red-team schema JSON example
- Added `candidate_commit | string | Git commit SHA of the optimizer under test` row to the field table
**`scripts/harb-evaluator/red-team.sh`**
- Captures `CANDIDATE_COMMIT` from `git rev-parse HEAD` at startup (alongside existing `CANDIDATE_NAME`/`OPTIMIZER_PROFILE`)
- Added a new step (9a-pre) that writes `evidence/red-team/YYYY-MM-DD.json` at the end of each run, including `candidate_commit` plus all other schema fields (`candidate`, `optimizer_profile`, `lm_eth_before`, `lm_eth_after`, `eth_extracted`, `floor_held`, `verdict`, `attacks`)
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/harb/pulls/1075
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Addresses re-review feedback:
1. Attack 4 (2050 ETH): delta_bps=3746 is from extreme slippage
through thin liquidity beyond concentrated positions, not just
1% fees. Insight corrected to explain the slippage mechanism.
2. Floor Ratchet: renamed to "initial phase only", insight explicitly
notes the 2000-trade oscillation variant is NOT tested here and
is tracked as follow-up issue #1082.
3. Added methodology field explaining snapshot-isolation semantics
(why lm_eth_after == lm_eth_before).
4. Restored two dropped strategies (discovery WETH consumption,
one-way sell) with notes that they are subsumed by other attacks.
Re: #1058
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All 8 adversarial strategies failed to extract ETH from LiquidityManager.
LM ETH actually increased from ~1000 to ~1050 ETH due to fee income.
Key defense: 1% pool fee + atomic recenter + massive floor liquidity.
Closes#1058
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add evidence/ with subdirs for evolution, red-team, holdout, and user-test.
Each subdir has a .gitkeep and README.md documents the JSON schema for all four
process types so formulas and the planner have a canonical contract to read/write.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
