probity. release notes

every change that alters the audit JSON schema, the classifier, the rubric, or anything else that affects whether two audits over the same bytes produce identical dossiers ships under a version bump. older dossiers are not re-derivable from newer probity builds; the version is part of every claim's input digest by design.

current: probity v0.0.8 · released 2026-07-16

v0.0.8

released 2026-07-16 current

probity can now bind a completed split-model statistics audit to forge's immutable provisioning receipt. this preserves a verifiable source identity for exceptionally large models without pretending that the binding pass reread and rehashed every payload byte.

immutable provision-receipt binding

  • the new probity bind-receipt command requires an explicit completed statistics dossier, forge target manifest, immutable provision receipt, and fresh markdown, json, and manifest output paths.
  • probity verifies the receipt's file digest and canonical self-digest, apfs volume identity, native clone contract, source protections, complete origin/master/working shard inventories, ordered split-set identities, and forge inspector gadget provisioning trace.
  • verified shard hashes are transferred into the dossier under a content-addressed receipt_binding block. the report explicitly records fresh_payload_hash: false, so receipt-backed identity can never be mistaken for a fresh payload scan.
  • the binding adds one content-addressed integrity claim and one inspector gadget gate, then installs the json, markdown, and claim manifest as new immutable artifacts. existing evidence is never relabeled in place.

strict replay and tamper rejection

  • probity verify --strict now validates the receipt provenance, binding digest, transferred shard inventory, split-set identity, inspector gadget gate, and every content-addressed claim, stopping on the first mismatch.
  • unknown json fields, trailing values, mutable receipt files, path substitutions, altered filesystem evidence, reordered shards, changed stage records, and modified claim payloads fail closed.
  • the markdown report carries the exact receipt-binding replay command. reproduction requires the same statistics artifact, target manifest, provision receipt, and probity operator build.

authoritative glm 5.2 source dossier

  • the catalog now includes the receipt-bound 33-shard GLM 5.2 BF16 source audit: 1,809 tensors, 753.864b parameters, 42.376b active parameters, 79 blocks, and a 1,048,576-token native context window.
  • probity identifies 76 routed moe blocks plus 3 dense blocks, 256 experts with 8 selected per token, 64 query heads, 1 kv head, separate 576-wide key and 512-wide value state, and an exact full-context fp16/bf16 kv-cache estimate of 167.875 gib.
  • the audit covers 5,056 attention heads and 19,456 expert rows with zero dead heads, zero dead experts, zero nan values, and zero infinite values. its 214 findings are all low-severity static signals, not evidence of corrupted model bytes.
  • the final dossier carries 412 inspector gadget stages and 9 replayable claims. it is structural evidence for forge calibration, not a behavioral-quality or generation-speed certification.

v0.0.7

released 2026-07-16 previous

probity now reads durable forge lineage from inside a materialized gguf. the marker establishes creation provenance only. the catalog requires separate post-write evidence before it applies forge branding.

materialized forge artifacts

  • v0.0.7 adds the top-level forge_provenance dossier block. ordinary models omit it; materialized forge outputs populate it only from the marker probity reads inside the gguf.
  • a forge output carries an embedded, namespaced marker bound to the exact source file or ordered split set, shard inventory, source architecture, source descriptor inventory, target, plan digest, forge release, probity release, and evidence basis.
  • a plan, calibration report, filename, or projected size can never unlock forge branding. the output model must exist and complete every public gate.
  • the forged badge requires matching native execution evidence, realized reconstruction, a fresh probity audit, valid content-addressed claims, and an accepted source-to-output static comparison.
  • the badge states its scope as post-write static gates passed. behavioral quality remains explicitly unmeasured until a separate evaluation supplies that evidence.

bounded forge materialization

  • forge v0.0.5 converts tensors in bounded, alignment-safe chunks instead of retaining a complete source tensor, float expansion, and encoded tensor at the same time.
  • the v5 public gate records the configured and effective conversion-buffer budgets, modeled live-buffer peak, sampled process-wide Go HeapInuse peak, and an explicit false rss_hard_limit.
  • the catalog rejects missing or inconsistent v5 memory evidence. the buffer budget is not an operating-system process limit and does not claim to cap total RSS or inference memory.

read-only forge plan fitting

  • forge plan-fit clones an explicit current, uncalibrated plan and has no gguf open or write path. it atomically emits only a fitted canonical plan and a content-bound evidence receipt; the input plan is rehashed after installation and must remain byte-identical.
  • complete-file ceilings and tensor-payload ceilings are distinct. for a complete-file or hardware target, forge subtracts probity's audited source non-tensor overhead and an explicit output-overhead reserve before fitting the tensor payload.
  • hardware receipts expose target ram, kv cache, runtime reserve, and safety margin as separate operands. none is hidden inside another allowance.
  • the receipt binds exact input and output canonical plan sha-256 values, ordered precision moves, projected complete-file bytes, feasibility and stop reason, source identities, and one inspector gadget budget-fit stage per move.
  • a fitted plan is structural planning evidence only. it cannot receive forge branding and must later pass reconstruction calibration, native materialization validation, a fresh probity audit, and independent behavioral evaluation.

automatic catalog pairing

  • the completed forge dossier is indexed as a separate model entry and paired with its original by exact file or split-set identity plus the complete dossier sha-256, never by filename alone.
  • the forged entry receives a distinct visual treatment and a direct comparison with the original probity dossier.
  • the original remains exactly Qwen3.6-35B-A3B Q8_0. internal clone labels never appear in its public model name; model-content fingerprints remain unchanged and authoritative.

v0.0.6

released 2026-07-15 previous

probity is the light: v0.0.6 makes source identity, signed truth, measurement lineage, and evidence boundaries first-class. inspector gadget is the instrument stack that records how each static result was produced. forge may act on that verified evidence, but it now refuses missing provenance, unsafe tensor geometry, or an unverified source instead of silently guessing.

probity evidence contract

  • the source is opened read-only, inventoried tensor by tensor, and bound to header, metadata, descriptor, tokenizer, architecture, file, or split-set fingerprints.
  • canonical claim payloads are content-addressed and replayable under the same source bytes and pinned operator build. a claim id is an integrity seal, not a digital signature, author identity, or behavioral certification.
  • successful inspector gadget executions preserve ordered index, registry class, stage kind, display name, output length, non-zero count, energy, and entropy. head, expert, and tensor-local audits retain their nested lineage.
  • the public dossier now includes an evidence map that distinguishes recorded facts, measured static evidence, downstream forge calibration, and behavioral evidence that has not been measured.

forge handoff · verified evidence only

  • probity supplies real tensor roles, outlier structure, bounded spectra, head and expert audits, source fingerprints, and inspector gadget lineage. forge consumes those facts as planning evidence; it does not bypass them with a global quantization preset.
  • forge calibration measures native codec reconstruction per eligible tensor over deterministic seeds, preserves request-order inspector gadget records across parallel workers, and promotes seed-unstable decisions to the safer precision.
  • precision is selected per tensor and role from a bounded rate–distortion frontier. low-bit types are a floor to evaluate, not a command to compress protected or geometrically incompatible tensors.
  • source sha-256 provenance must match the plan before execution. the read-only source clone is never rewritten; output is staged, reopened, checked against metadata and tensor inventory, hashed, and committed atomically.
  • forge calibration is a separate artifact. a probity dossier does not imply that calibration ran, and weights-only reconstruction does not claim coherence, perplexity, task accuracy, or runtime stability.

authoritative qwen3.6 35b-a3b dossier

  • the catalog now publishes the fresh probity v0.0.6 original-model audit: 733 tensors, 34.66b parameters, 160 audited attention-head rows, 10,240 audited expert rows, 179 aggregate inspector gadget stage records, and 8 content-addressed claims.
  • its 12 audit findings are static ig warnings: 1 medium and 11 low. they include one low-magnitude expert candidate, class-aware hampel outliers, outlier-channel risks, and an embedding-side glitch-token signal.
  • those 12 findings do not mean corrupted model bytes: the dossier records zero tokenizer-source findings, zero tensor-source findings, zero critical/high findings, and zero nan/inf values.
  • the dossier is clean-tier at 86/100. any removal, pruning, or lower-precision decision still requires forge reconstruction calibration and an independent behavioral evaluation.

pre-write qwen calibration research

  • the internal source-bound calibration measured 372 tensors and 73,138,176 sampled weights across deterministic seeds 42, 43, and 44, with 12,057 forge inspector gadget stage records.
  • two seed-unstable tensors were promoted to the safer precision. eight protected tensors whose precision changed were explicitly measured instead of inheriting an unverified choice.
  • the mixed-precision plan predicts 11,327,653,901 bytes (10.55 gib), a 69.30% reduction from the 34.36 gib source, at an estimated 2.6145 bits per weight. selected objective distortion is 0.09915 at p99 and 0.09949 maximum.
  • the plan recorded all 733 per-role decisions, including protected f32/q8 retention and measured iq/q selections. it did not imply a full model was written.
  • the pre-write plan is not a model artifact, does not receive forge branding, and is not indexed as a catalog model. predicted size is not reported as an artifact size.

cache and positional evidence

  • architecture records now preserve separate attention key and value widths instead of assuming both equal the query-head width.
  • probity records the GGUF RoPE scaling type, factor, original context length, and whether the producer declares the scaled configuration as fine-tuned.
  • deployment estimates use the separate key/value dimensions while retaining a compatible fallback for older GGUF producers.
  • the dossier remains honest about scope: KV state is generated by the runtime and is not stored inside the GGUF.

catalog status

  • qwen3.6 35b-a3b now carries its genuine v0.0.6 audit and inspector gadget lineage. it was mechanically published from the authoritative forge-workspace dossier; no stale result was relabeled.
  • qwen3.6 27b and minimax m2.7 remain visibly stamped v0.0.5 until their selected GGUF files are genuinely re-audited with this exact operator build.

v0.0.5

released 2026-07-15

one authoritative inspector gadget runtime now powers every probity audit path. v0.0.5 migrates the production pipeline to inspector gadget's current stage contract, records successful stage executions as machine-readable evidence, and deliberately resets the public catalog so legacy dossiers cannot be mistaken for current results.

inspector gadget unification

  • probity's production operators now use the current discovery.Stage, Apply, and Describe contracts from the workspace's authoritative inspector gadget module.
  • probity, forge, acuity, the public site, and optrenium studio now resolve the same local inspector gadget implementation. stale copies from older development workspaces are no longer part of the build graph.
  • current drift, out-of-distribution, conformal, false-discovery-rate, and narrative stages replace the retired APIs in the tabular pipeline and research experiments.

auditable stage lineage

  • new GGUF dossiers persist an ordered trace at ig_findings.stage_records; tensor, head, and expert records also retain their local ig_stage_records.
  • each successful stage record carries its execution index, registry class, stage kind, display name, output length, non-zero count, energy, and entropy. failed stages are never presented as completed evidence.
  • the dossier's ig findings tab now exposes this trace directly, with a bounded table for large models and the complete record set retained in raw JSON.

robust weight analysis

  • registered class-aware Hampel stage: tensor, attention-head, and MoE-expert outlier analysis now shares the current inspector gadget implementation while preserving probity's within-class comparisons and global significance gate.
  • bounded singular-spectrum stage: deterministic power iteration supplies the leading spectrum and effective-rank evidence without allowing unbounded matrix materialization.
  • qwen3.6 hybrid attention coverage: probity separates gated deltanet blocks from full gated-attention blocks, measures only each head's query channels, and derives kv-cache estimates from the full-attention layers that actually allocate a cache.
  • stage summaries provide provenance for the evidence that forge will use when selecting tensor-specific compression levels. v0.0.5 does not claim that activation-aware sensitivity or an automatic forge quantization plan is already emitted.

catalog migration

  • all pre-v0.0.5 public model dossiers were retired from the active catalog. the replacement catalog now contains fresh v0.0.5 audits for Qwen3.6 27B Q8_0, Qwen3.6 35B-A3B Q8_0, and the seven-shard MiniMax M2.7 Q8_0 model.
  • older JSON remains a historical format, not a v0.0.5 result. stage lineage cannot be added retroactively; it requires a real re-audit of the source GGUF bytes.
  • reproduction requires the same source bytes and exact binary/operator code. the dossier records the probity release and stage classes; deployment must retain the matching binary artifact externally.

validation

  • the complete optrenium workspace and each standalone module build against the authoritative local dependency graph.
  • the inspector gadget suite and migrated probity experiments complete cleanly, including determinism, calibration, min-cut, feature-contrast, and permutation-baseline checks.

v0.0.4

released 2026-05-15

coverage expansion for modern quantizations and modern architectures. probity can now fully audit models that use non-linear 4-bit quantization (IQ4_NL / IQ4_XS; popular community quants from unsloth, bartowski, mradermacher) and models that use MLA (multi-head latent attention): the DeepSeek-V2/V3 / GLM 5.1 family. previous versions of probity could not decode IQ4 bytes (so head + expert audits silently returned zero) and could not classify MLA tensors (showing as unknown_components). v0.0.4 fixes both, plus adds support for two auxiliary sub-mechanisms that ship with GLM 5.1: the DSA "indexer" sparse-attention selector and the multi-token-prediction NextN head.

quantization decoder: new coverage

  • IQ4_NL dequantizer: 4-bit non-linear codebook (16-entry signed lookup table). 32 elements per block, 18 bytes. Used by every modern unsloth UD-Q4 / IQ4 release.
  • IQ4_XS dequantizer: 256-element super-block with 8 per-32 sub-scales, packed via the same 16-entry codebook. 136 bytes per super-block.
  • direct consequence: head_audit and expert_audit now produce per-head Q/K/V L2 norms + per-expert magnitudes on IQ4-quantized models. previously these returned silently empty.

architecture classifier: additions

  • MLA (Multi-head Latent Attention): 7 new aliases. DeepSeek-V2/V3 and GLM 5.1 factor Q/K/V through a low-rank latent: attn_q_a → q_lora_rank → attn_q_b → per-head Q, and similarly for K/V via attn_kv_a_mqa → kv_lora_rank → attn_k_b / attn_v_b. probity now maps the per-head "_b" tensors to CompAttnQ/K/V (so head_audit works) and the latent down-projections + their norms to dedicated CompAttnQLatent / CompAttnKVLatent / *_norm classes.
  • DSA "indexer" sparse-attention sub-mechanism: 4 new aliases. DeepSeek-V3 introduces an auxiliary attention that scores past positions for sparse-attention selection (indexer.attn_q_b, indexer.attn_k, indexer.k_norm, indexer.proj). classified as its own component family (CompIndexerQ/K/KNorm/Proj) so it appears in per-component-quality rollups without contaminating the main head_audit.
  • NextN multi-token-prediction head: 4 new aliases. GLM 5.1 ships an auxiliary head for self-speculative decoding (nextn.eh_proj, nextn.enorm, nextn.hnorm, nextn.shared_head_norm). all four now classify under CompNextN* roles so the speculative-decoding head doesn't show as unknown.
  • direct consequence: GLM 5.1 Q8_0 (753.86B params, 79 layers, glm-dsa family) now audits with zero unknown_components, and head_audit reports the full 79 × 64 = 5,056 main attention heads.

testing

  • probity test suite extended to cover the new dequantizers + classifier additions; all internal tests green.
  • forge (the sibling audit-guided optimizer) shipped its own 110-test foundation across 8 packages in parallel; every public function has unit tests + benchmarks. forge can now safely consume v0.0.4 dossiers with the new role classifications.

migration notes

  • any model in your catalog that uses IQ4_NL or IQ4_XS quants should be re-audited under v0.0.4; the head/expert audit on those will go from empty to fully populated.
  • any model in your catalog from the MLA family (DeepSeek-V2, DeepSeek-V3, GLM 5.1) should be re-audited under v0.0.4; unknown_components will drop from 15+ to 0.
  • all earlier-version dossiers remain readable by the catalog server. the version banner above is informational, not a forced-upgrade.

v0.0.3

released 2026-05-14

a massive expansion of the audit surface: per-tensor cryptographic fingerprints, class-aware statistical detection, score-weighted readiness rubric, ten new structural signals, the new lineage tab, side-by-side compare view, and rubric calibration for SOTA-class architectures (MoE, hybrid, multilingual). every existing model in the catalog has been re-audited under v0.0.3; old v0.0.2 dossiers are not forward-compatible.

audit signals: new

  • per-tensor SHA-256 fingerprints: every tensor now hashed during the streaming stats pass. content-addressed identity for cross-model lineage detection.
  • spectral entropy: Shannon entropy of top-singular-value distribution per SVD'd tensor. low = degenerate; high = full-rank.
  • refusal-direction vector + amplification-direction vector: centroid of bottom-N suppressed output-projection rows (and top-N amplified). published as `float32[embed_dim]` arrays plus cosine angle between them. partial fingerprint of RLHF / safety training, derivable from weights alone.
  • top-K outlier channels per tensor (previously top-1); enables real cross-layer outlier-lane detection.
  • cross-layer L2 trajectory per Component: depth-wise weight-magnitude line chart per tensor class. reveals training-rate decay, distillation chains, lora-merge discontinuities, fat-layer anomalies.
  • intra-model byte-identical tensor groups: using per-tensor SHA-256, detects copy-paste errors / deliberate weight tying / converter dedup.
  • vocab forensics: long-token categorisation (URL / code / JSON / GUID / datetime / non-Latin / memorised-phrase). privacy + memorisation signal.
  • outlier-lane scan: channel indices that recur as outliers across multiple attention layers. residual-stream-level Dettmers outlier features. quantization-critical.
  • per-component quality rollup: model-level training quality broken down by tensor class.
  • head diversity per layer: within-block Q-head pairwise specialisation. sparkline visualisation.
  • numerical hygiene: NaN/Inf totals across tensors. promoted to a red-bordered alert on the overview tab when nonzero.
  • model-level quality rollup: mean / median training-quality, mean prune potential, mean anisotropy.
  • lineage fingerprints: distillation late/early std-dev ratio, lora-merge top-singular-value shoulder, quantizer-toolchain shape classification.
  • block similarity matrix: NxN cosine similarity of per-block statistical fingerprints. visualised as a contrast-stretched heatmap.
  • deployment-cost estimator: per-context-length KV-cache + total memory table.

audit signals: calibrated

  • class-aware Hampel detector: outliers now computed WITHIN each Component class (attn_q vs attn_q, ffn_down_exps vs ffn_down_exps). pre-v0.0.3 the detector compared MoE expert tensors against attention norms across the alphabetical name space; producing structurally-induced false positives. now reports a per-finding z-score against the class median, threshold filter at |z| ≥ 3.5.
  • script-aware tokenizer detection: bidi / zero-width / control characters demote severity when found in their natural script context (Arabic + RLO is normal; Latin + RLO is an attack). seven Unicode-block ranges classified.
  • pure-control-token demotion: tokenizer byte-fallback tokens (standalone `‮`, `​`, `\x01`, etc.) demoted one tier since they're tokenizer hygiene, not adversarial.
  • tokenizer per-severity caps: high uncapped, medium ≤ 15, low ≤ 5. legitimate multilingual content can no longer single-handedly tank a score; real attacks always propagate.
  • score-weighted readiness rubric for low-severity findings: each finding's penalty is sized by its score (Hampel z-score, outlier-channel max-ratio, glitch-token count). barely-flagged findings cost a fraction of severe ones.
  • fix: tokenizer findings no longer double-counted: previously deducted via both `medium_deduction` AND `tokenizer_deduction`. fixed by excluding tokenizer-sourced anomalies from the generic severity buckets.

architecture classifier: additions

  • Gemma 4 (dense): inp_gate, layer_output_scale, per_layer_model_proj, per_layer_proj_norm, per_layer_token_embd, post_ffw_norm, post_norm, proj, rope_freqs (top-level)
  • Gemma 4 (MoE): ffn_gate_up_exps (fused gate+up; Gemma 4's `attn_qkv` for FFN), post_ffw_norm_1, post_ffw_norm_2, pre_ffw_norm_2 (dual-FFN architecture)
  • Qwen 3.6 / Qwen 3.5: attn_gate, ffn_gate_inp_shexp, post_attention_norm, ssm_alpha, ssm_beta; Q-only `attn_qkv` layout detection (Qwen 3.6 reuses the name for a non-fused tensor)
  • regex: `blk.N..scale` suffix now strips correctly (Gemma 4 MoE per-tensor quant scale vectors)
  • FFN length: three-tier fallback: `feed_forward_length` → `expert_feed_forward_length` → `ffn_down_exps.shape[0]`

UX additions

  • lineage tab on every dossier; model-level training quality KPIs, lineage fingerprint cards, block-similarity heatmap, per-component quality table, outlier-lane scan, head-diversity sparkline, L2 trajectory line chart, byte-identical tensor groups
  • compare view at /probity/compare?a=X&b=Y; side-by-side dossier diff across 10 sections, with auto-deltas (matching = muted, small diff = sage, large diff = amber)
  • catalog filter UI: free-text search across name / family / base-model / org / license; sort by readiness, params, quality, context, memory@32K; tier / family / shape chips; VRAM-fit + context-length pickers; compare-mode toggle; group-by-family clustering
  • tokenizer tab additions: embedding glitch tokens (input-side outliers), output projection magnitudes (least- and most-projected tokens), refusal-direction interpretation card, vocab forensics
  • architecture tab additions: deployment footprint table (KV cache memory at 4K / 16K / 32K / 64K / 128K / native context)
  • tensors tab: three new sortable columns: training quality, pruning potential, anisotropy index; color-tinted by tier
  • overview tab: deductions panel rows are now clickable (jump to source data tab); NaN/Inf alert banner (red-bordered, top of page when present)
  • comprehensive ELI5 tooltips: every technical label across every tab now hover-bearing with plain-English explanations. 40+ new glossary entries.

bug fixes

  • humanBytes 32-bit shift overflow in dossier + compare templates; `1 << 40` in JS evaluates to 256 (32-bit wrap), causing every byte size ≥ 256 to render as "tib". Now uses explicit power-of-2 constants.
  • Layer field omitempty: layer 0 was serialised as missing → JS rendered the literal string "undefined". Field is now always emitted.
  • compare template missing from allow-list: caused 500 error on /probity/compare. Page allow-list now includes every page template.
  • Hampel sub-threshold emission: windowed detector flagged tensors with |global z| < 3.5; those are now filtered out.
  • refusal-direction nil-row underweighting: averaging by nominal N rather than rows-actually-read introduced bias when any selected row came back empty. Now divides by the count actually summed.
  • amplified-token loop on tiny vocabs: when len(vocab) < 2N, the same tokens were emitted as both suppressed AND amplified. Now properly guards the upper-bound.
  • dead ComputeOutlierLanes placeholder removed; confusing exported function that returned a stub.
  • dossier null guards: per-component table, head-diversity tooltip, L2-trajectory polyline, block-similarity matrix all hardened against missing fields on partial / older audits.

v0.0.2

released 2026-05-13

first public release of the catalog. introduced the deploy-readiness score, the validator gate, MoE accounting, hybrid-model awareness, and the per-attention-head + per-MoE-expert decomposition passes. not backward-compatible with v0.0.1 manifests.

  • deploy-readiness score: single 0–100 composite over every signal, with explicit tier banding (clean / advisory / caution / blocked) and per-signal deduction breakdown
  • validator gate: 30+ invariants checked before any dossier is written. one violation fails the audit, preventing an invalid finding from receiving a content-addressed claim ID.
  • MaxElements=0 default: full-tensor read by default; partial reads available via explicit cap with `samples_seen_fraction` honesty
  • per-row partial-read fix: dead-row detection no longer falsely flags rows simply because the read stopped before reaching them
  • per-attention-head decomposition: Q/K/V/O L2 norms per (layer, head); GQA-aware (q-head ↔ kv-group mapping); within-layer Hampel + median-fraction dead-head detection
  • per-MoE-expert decomposition: gate / up / down / router-column L2 per expert; collapsed-expert detection
  • hybrid model awareness: layer-type breakdown (attention / SSM / MoE-FFN / dense-FFN), proper handling of models where some blocks lack attention (Nemotron-Hybrid, Jamba)
  • metadata-vs-tensor reconciliation: when `head_count_kv` metadata disagrees with K/V tensor shapes (Nemotron-Hybrid common case), audit trusts the tensor shapes; mismatch surfaced as a low-severity anomaly + dossier card
  • active parameters: MoE-aware per-token compute footprint accounting
  • tied-weights detection: same-offset / byte-match / no-match classification for token_embd ↔ output
  • outlier-channel scan: Dettmers-style channel-max / median-max ratio detection per 2-D tensor
  • fused-QKV support: Nemotron-class fused attention tensors handled in the per-head pass
  • tokenizer attack-vector scan: RTL override, zero-width chars, control chars, BOM, bidi markers (script-blind in v0.0.2, refined in v0.0.3)
  • content-addressed fingerprints: header, metadata, descriptors, architecture, tokenizer, file (or split-set) SHA-256 digests with section-by-section coverage
  • content-addressed claim manifest: every finding collapsed into a stable claim ID hashed from (section, operator class, operator version, input digest, score, verdict, detail)

v0.0.1

internal preview

initial development build. core GGUF parser, basic per-tensor weight statistics, single-pass dossier writer. dossiers from this version are not forward-compatible with the public catalog format.

every claim ID is a content-integrity identifier, not a digital signature. a fresh audit against the same GGUF bytes and pinned probity/operator build should reproduce the same fingerprints and canonical claim IDs; behavioral validity still requires independent evaluation.

probity is a commercial product. licensing: licensing@optrenium.ai

glossary · hover any underlined term for its definition