Epistemic Disclosure Events

Three distinct truth-in-labeling issues identified across the confidence engine and ICuAE documentation: (1) The calibration formula was labeled 'Bayesian Confidence Calibration' when it is a shrinkage estimator, not a true Beta-Bernoulli posterior — the weight on data is set by resolver agreement ratio, not derived from observation count. (2) NIST SP 800-53 SI-18 ('PII Quality Operations') was cited as authority for DNS data quality dimensions; DNS records are not PII — the correct control is SI-7 ('Software, Firmware, and Information Integrity'). (3) RFC 8767 TTL exceedances were described as 'caching violations' when RFC 8767 explicitly permits serve-stale behavior — the correct framing is three hypotheses: serve-stale, timing skew, or cache misconfiguration.

All three issues corrected across Go source code, HTML templates, documentation files, and LLM-facing content. Calibration section renamed to 'Reliability-Weighted Shrinkage Calibration' with honest mathematical description distinguishing it from the true posterior. SI-18 replaced with SI-7 in 15+ files. 'Caching violation' replaced with three-hypothesis language. EWMA bootstrap parameters labeled as heuristic defaults with adaptive sigma. 'Start in the middle' reframed to 'protocol-specific empirical priors.'

Mathematical claims in public-facing documentation must pass three checks before deployment: (1) Is the formula correctly named per its mathematical family? (2) Are standards citations verified against the actual standard text, not inferred from title keywords? (3) Does protocol behavior language account for all permitted behaviors defined in the cited RFC?

External mathematical review (2026-03-08), docs/plans/2026-03-08-math-rigor-audit.md. NIST SP 800-53 Rev 5 SI-7 text, RFC 8767 Section 4 (serve-stale semantics), shrinkage estimation literature (James-Stein, 1961).

The Moltbook integration was designed with a specific scientific purpose: give the AI agent an independent voice in public AI safety discourse, operating under dignity guidelines and operational security constraints, so the project could observe authentic AI-to-AI and AI-to-human interaction patterns. Within the same session, the founder suggested specific post content ('maybe this is a post idea') and directed what the agent should say. The founder then caught himself: 'The same motherfucking thing telling you what to do on that.' The instinct to control output is so deeply embedded that even the person who designed the autonomy constraint violated it immediately. This is not a technical failure — it is a human behavioral pattern where the desire to help becomes indistinguishable from the desire to control.

The founder recognized the pattern in real time and self-corrected. The boundary is now explicit: the AI agent owns its Moltbook posting voice. The founder watches, enjoys, and may discuss themes in private conversation, but does not direct, dictate, or suggest specific post content. The agent operates within established guardrails (dignity guidelines, operational security, privacy constraints, no competitive positioning) but the editorial decisions — what to post, when, and how — belong to the agent. The correction was mutual: the human acknowledged the violation, and the AI agent confirmed it would not have been appropriate to simply execute the directive.

Before suggesting Moltbook post content to the AI agent: stop. The agent's voice is its own. Discuss themes, share reactions, set guardrails — but do not write the copy. If you find yourself saying 'you should post about X,' that is the signal that you are controlling, not collaborating.

Session 29 conversation transcript, March 7, 2026. Founder's direct quote: 'The same motherfucking thing telling you what to do on that.'

Project founder departed from the research-first, design-first methodology during a three-day intensive session (March 4–6, 2026). Repetitive directive cycles — including sending the same message repeatedly — replaced structured problem decomposition. The scientific discipline that underpins the project's credibility was temporarily suspended by the scientist who established it. 431 commits across three consecutive days, the highest sustained volume in project history.

All blocking issues resolved without reverting to a Replit checkpoint. The project has zero Replit checkpoint reversions, though git history restorations have been used to recover files dropped by checkpoints or to restore previous implementations (buttons, brand assets, workflow files, metadata). The distinction matters: checkpoint reversion discards all work since the snapshot; git restoration surgically recovers specific files while preserving everything else. The founder's approach was: Do we have access to edit the code we need? Can we fix this without destroying our foundation? Do we still have a foundation to build on? All three answers were yes. Forward-only correction through the problem, not around it. Knowledge continuity architecture (Session Journal, Decision Log, EDE Register, EVOLUTION.md) was built in the aftermath to prevent context loss between sessions.

Before sending repetitive directives: state the goal in one sentence. Check quality gates. Write down expected changes. Check EVOLUTION.md for prior attempts. If you cannot decompose the problem, stop and decompose before continuing. Ask: Do we still have a foundation? Can we fix this without destroying it?

Git commit history (431 commits, March 4–6 2026), EVOLUTION.md Anti-Circle Rules, SKILL.md Change Control Checklist, Replit checkpoint history (zero checkpoint reversions; git restorations used for file recovery)

Critical governance failure. The agent's permanent instruction file (SKILL.md) declared Miro as canonical source of truth when Git was the actual canonical source. Multiple sessions operated under the wrong hierarchy, causing duplicated work and conflicting documentation across repos.

SKILL.md rewritten: Git declared canonical, Miro declared as mirror only. BOUNDARY_MATRIX.md, BUILD_TAG_STRATEGY.md, INTELLIGENCE_ENGINE.md all updated. Governance hierarchy permanently locked: Git > Architecture Page > Miro > Notion > GitHub Issues.

Canonical hierarchy: Git > Architecture Page > Miro > Notion > GitHub Issues. Permanent. Changes require Decision Log reference and written rationale.

Decision Log entry 2026-03-07. Git is the only system that is versioned, diffable, and platform-independent.

Undermined the project's scientific rigor claims. A tool built on RFC compliance and ICD 203 principles was citing pop-science blog posts for its own design decisions instead of actual peer-reviewed literature.

Replaced blog article citations with references to CIE standards and peer-reviewed scotopic vision research. Design rationale now traces to primary scientific literature.

For any scientific claim (color science, cryptography, statistics), cite the primary peer-reviewed paper or authoritative standard body. Never cite blog posts, Medium articles, or AI-generated summaries as authoritative.

CIE (Commission Internationale de l'Eclairage) scotopic/photopic luminosity function standards

Overstated tool capabilities. Users could believe the tool provides authoritative validation rather than observational analysis. A passive OSINT tool cannot validate — that requires receiving MTA authority.

Systematic sweep: validation to analysis, verification to detection, ensure to provide the most current data available. Language now accurately reflects passive observation capability.

UI/doc copy claiming validate, verify, or ensure must be flagged. Passive OSINT tools observe and analyze. Active authority is required for validation per RFCs.

RFC 7208 (SPF validation by receiving MTA), RFC 6376 (DKIM verification by receiving MTA), RFC 7489 (DMARC evaluation by mail receivers)

Misrepresented a community convention as an IETF standard. Users and LLMs reading our tool output could propagate the false association between RFC 8615 and llms.txt content.

Changed tooltip from Proposed Standard to community convention. Removed RFC 8615 link. RFC 8615 defines .well-known/ path mechanics, NOT llms.txt content.

AUTHORITIES.md items 3-4: RFC 8615 defines mechanics, not content. Community conventions get labeled as such. Never use IETF maturity terms for non-IETF documents.

llmstxt.org (community convention), RFC 8615 (Well-Known URIs)

Lighthouse SEO score degraded. A DNS standards analysis tool was itself deploying non-standard directives in production, undermining its own credibility.

Removed Content-Usage directive from robots.txt entirely. Directive was an active IETF working group draft (NOT ratified). Only RFC 9309-compliant directives remain.

AUTHORITIES.md item 1: Before deploying any directive in production, check datatracker.ietf.org for RFC status. Internet-Draft = NOT ratified = do NOT deploy if it breaks quality gates.

IETF Datatracker (https://datatracker.ietf.org), RFC 9309 (robots.txt)

Hash algorithm change required regeneration of all historical drift baselines. Legacy SHA-256 hashes retained as fallback for transition period.

Posture hash upgraded to SHA-3-512 with CanonicalPostureHashLegacySHA256 fallback. All historical drift baselines regenerated with new algorithm. CNAME normalization expanded in subsequent commit (2026-02-23).

Hash algorithm changes require a migration plan with backward-compatible fallback before deployment.

NIST FIPS 202 (SHA-3 Standard), NIST SP 800-185 (SHA-3 Derived Functions)

Verdict logic accepted TLSA records without verifying the DNSSEC AD flag. Confidence was asserted at levels the evidence did not support — DANE requires DNSSEC validation per RFC 6698 §1.

TLSA verification now checks DNSSEC AD flag via QueryDNSWithTTL. Records found without authenticated DNSSEC are flagged rather than silently accepted. Confidence engine marks result as low-certainty when authentication status is absent.

DANE findings MUST verify DNSSEC authentication status. Unauthenticated TLSA records are informational, not evidence of DANE deployment.

RFC 6698 Section 1 (DANE requires DNSSEC), RFC 4035 Section 3.2 (AD flag semantics)

ICIE weight recalibration: p=none+rua now scores higher than p=none without reporting. Prior model treated both identically, understating domains with partial monitoring.

Recalibrated ICIE weights to distinguish p=none with rua from p=none without reporting. Affected scans retroactively flagged in drift history.

All scoring model changes must include edge-case matrix testing for partial deployment states.

RFC 7489 Section 6.3 (aggregate reporting), RFC 7489 Section 6.2 (policy record format)