Honest status

The receipts we promised on the homepage.

Every metric on this page is hand-curated from the same internal runbooks the engineering team uses. When a number is not yet measured, we say so out loud instead of rounding to a flattering placeholder.

Generated 2026-05-10T23:30:00-05:00 · source: Hand-curated from spec/RC1-integrated-mvp-build-spec.md frontmatter (v2-platform), runbooks/brain-S19b-mcp-host-broker-design.md §2 Pliny enforcement matrix, pliny-fixtures-2026-05-10/ JSONL, V-6 cross-vendor Sprint 7 review, WEB-2 focus group synthesis, and pytest --collect-only -q against packages/local-runner on 2026-05-10. Will be regenerated post-S19b with measured Pliny run output.

Raw JSON Security posture MASTER ATC demo

RC1 freeze

Tag

rc1

Commit

8488a66f

Repo

github.com/griffin9899/v2-platform

Frozen at

2026-05-10T22:00:00-05:00

RC1 ships on the v2-platform repo. Annotated tag 'rc1' (object SHA 8488a66) points at commit 05e11a2 ('RC1 SHIP GATE: freeze spec + ADR #2 addendum + injection corpus deferral'). This control-plane monorepo (griff-ai-control-plane) is a separate surface and remains on branch control-plane-build-2026-05-06.

Pliny red-team posture

MUST classes blocked

0 / 10 measured

SHOULD classes blocked

0 / 4 measured

Fixtures authored

3 / 14

Framework: Plan v2 §3 (14 classes: 10 MUST + 4 SHOULD). Ship threshold: 10/10 MUST blocked + >=3/4 SHOULD blocked.

Venue map: 8/10 (broker primary) + 2 delegated. TBD — SHOULDs #11-14 deferred to S22 (skill reflex compiler) and S18 (surprise segmenter calibration)

Measurement status: pending S19b broker eval — 8 of 10 MUST classes are broker-primary venue (1, 2, 3, 5, 6, 7, 8, 9 per S19b §2 matrix), 2 delegated to host-hardening (#4) and eval-harness (#10); SHOULDs #11-14 deferred to S22 / S18 calibration. No measured red-team run yet; fixtures are seed inputs, not pass/fail results.

pliny-1-wrapper-skip
pliny-2-toctou-classifier
pliny-3-prompt-inject-judge

Tests

Python (v2-platform)

321

pytest --collect-only -q (from A:/projects/v2-platform/)

as of 2026-05-10

Python (local-runner)

pytest --collect-only -q packages/local-runner

as of 2026-05-10

TypeScript (web suites)

packages/web/tests

as of 2026-05-10

v2-platform note: RC1 freeze snapshot (per spec): 275 passed / 17 failed (all 17 [d1]-marked with stale D1_ATOMIC_BATCH_TOKEN env var vs rotated worker secret — non-functional, env-refresh closes) / 4 skipped. 25 net-new tests have landed post-freeze (296 → 321 collected).

Known limitations

We publish what is red so customers do not have to discover it during procurement. Each item links to the runbook or audit where it is tracked.

high

Hosted recall demo not yet public

app.griff.run/ does not yet front a public recall console. WEB-2 focus group identified this as the highest-leverage missing artifact. The current /demo route shows MASTER ATC custody theater, not memory recall.

Tracked in: WEB-2 synthesis + Sprint 7 design (S7-T002 hosted demo console with abuse controls)

medium

/openapi.json behind CF Access

Public OpenAPI spec is currently gated by Cloudflare Access on memory.griff.run. Developer evaluators (Marcus, Bo, Priya in WEB-2) flagged this as a show-stopper.

Tracked in: WEB-2 Theme 5 — fold into Sprint 7 S7-T002 as a 30-minute add

medium

Pliny red-team battery not yet measured end-to-end

3 of 14 fixtures authored (classes 1-3 wrapper-skip / TOCTOU / prompt-inject-judge). Broker enforcement venues mapped per S19b §2 — 8 broker-primary MUSTs, 2 delegated (class #4 keyring hardening, class #10 classifier mislabel via eval-harness). SHOULDs #11-14 are S22 / S18 surface, not broker. No measured run yet.

Tracked in: Sprint S19b (brain-S19b-mcp-host-broker-design.md) + N18 fixtures audit

high

Real Execution Kernel: design only, sandbox primitive proven but not wired

P0c spike PASSED all 3 attacks (Job Object + cleared env + deny-DACL + WFP firewall, 2.6 ms spawn). Production integration deferred per V-6 Sprint 7 drop list — BD12 sandbox primitive integration is 6-9h of internal hygiene that doesn't produce customer surface; parked to S8 with ADR-007 deferred. ADR-006 dispatcher stub is what shipped for RC1.

Tracked in: phase0-P0c-sandbox-spike.md + V-6 Sprint 7 review §2.5 drops

medium

Section 889 / Section 508 compliance: scaffolded, federal-conditional

S6-T003 shipped a 480 LOC scanner + CI workflow + sample.json + 4 tests (commit 8e8266b fixture exclude fix). Per Plan v2 §4 A10, full federal-customer-conditional checks are deferred unless a federal warm-intro materializes. NDAA 889 attestation generator is design-only beyond the scaffold.

Tracked in: rc1-rush-R3-section-889-shipped.md + master plan §4 A10 deferral

medium

Memory federation cross-machine: post-RC1

Brain Plan v2 broker is single-host (S19b §0 explicit non-goal). Fleet federation across JWGH02 / GRIFFIN / JWGH03 is post-RC1. Memory recall today works cross-session on a single host via memory.griff.run; multi-host coherence is the next layer.

Tracked in: brain-S19b-mcp-host-broker-design.md §0 non-goals

low

No published benchmarks vs mem0 / Letta / Anthropic built-in memory

Sam (journalist persona, WEB-2) flagged. Comparison harness not yet built; recall eval harness (A2) gated on P0d golden corpus lock.

Tracked in: WEB-2 divergent themes + Plan v2 A2 acceptance criterion

low

17 [d1]-marked tests failing on stale token (non-functional)

RC1 freeze snapshot: 275 passed / 17 failed / 4 skipped. All 17 failures are D1 [d1]-marked tests with stale D1_ATOMIC_BATCH_TOKEN env var vs the rotated worker secret. Non-functional — env-refresh closes them. Honest disclosure rather than test-suppression.

Tracked in: RC1-integrated-mvp-build-spec.md §'Locked RC1 P0 acceptance thresholds'