diff --git a/fix_appendix_b.py b/fix_appendix_b.py new file mode 100644 index 00000000..7be476e6 --- /dev/null +++ b/fix_appendix_b.py @@ -0,0 +1,28 @@ + +import re + +def fix_appendix_b(filepath): + with open(filepath, 'r') as f: + content = f.read() + + # Replacements for Appendix B + # Note: Source has escaped underscores "\_" + replacements = [ + (r'\texttt{data/batch\_runs/detections\_grok200.json}', r'\url{data/batch_runs/detections_grok200.json}'), + (r'\texttt{data/policy\_metrics\_grok200.json}', r'\url{data/policy_metrics_grok200.json}'), + (r'\texttt{data/batch\_runs/patches\_grok200.json}', r'\url{data/batch_runs/patches_grok200.json}'), + (r'\texttt{data/batch\_runs/verified\_grok200.json}', r'\url{data/batch_runs/verified_grok200.json}') + ] + + for old, new in replacements: + content = content.replace(old, new) + + # Inject \sloppy after \appendices + if r'\appendices' in content and r'\appendices\n\n\sloppy' not in content: + content = content.replace(r'\appendices', r'\appendices' + '\n' + r'\sloppy') + + with open(filepath, 'w') as f: + f.write(content) + +if __name__ == "__main__": + fix_appendix_b('paper/access.tex') diff --git a/fix_overfull.py b/fix_overfull.py new file mode 100644 index 00000000..e3831a53 --- /dev/null +++ b/fix_overfull.py @@ -0,0 +1,109 @@ + +import re + +def fix_overfull_hbox(filepath): + with open(filepath, 'r') as f: + content = f.read() + + # 1. Fix Discussion URL/Path + # Pattern: \texttt{e4af5...} -> \url{e4af5...} + # Pattern: \texttt{archives/...} -> \url{archives/...} + content = content.replace(r'\texttt{e4af5efa7b0a52d7b7e58d76879b0060b354af27}', r'\url{e4af5efa7b0a52d7b7e58d76879b0060b354af27}') + content = content.replace(r'\texttt{archives/k8s-auto-fix-evidence-20251020.tar.gz}', r'\url{archives/k8s-auto-fix-evidence-20251020.tar.gz}') + + # 2. Fix Appendix B (Risk Score Example) + # Replaces specific \texttt paths with \url + paths_to_fix = [ + "data/batch_runs/detections_grok200.json", + "data/policy_metrics_grok200.json", + "data/batch_runs/patches_grok200.json", + "data/batch_runs/verified_grok200.json" + ] + for path in paths_to_fix: + content = content.replace(r'\texttt{' + path + '}', r'\url{' + path + '}') + + # 3. Fix Appendix D and E tables (Artifact Index & Manifest) + # The tables use >{\ttfamily...}p{...} which forces ttfamily. + # We want to wrap the content in \url{...}. + # The content in the tex file has escaped underscores (e.g. data/live\_cluster/results\_1k.json) + # We need to match these lines in the tabular environments. + + # Strategy: Find the lines inside the tabularx environments in the appendices and wrap the first column content in \url{...} + # However, replacing strictly by string match is safer if we know the content. + + # List of artifacts from the grep output + known others + # We need to handle the escaped underscores in the source file. + artifacts = [ + r"data/live\_cluster/results\_1k.json", + r"data/live\_cluster/summary\_1k.csv", + r"data/batch\_runs/grok\_5k/metrics\_grok5k.json", + r"data/batch\_runs/grok\_5k/\\allowbreak metrics\_grok5k.json", # Special case in App D + r"data/batch\_runs/grok\_full/metrics\_grok\_full.json", + r"data/batch\_runs/grok200\_latency\_summary.csv", + r"data/batch\_runs/verified\_grok200\_latency\_summary.csv", + r"data/eval/significance\_tests.json", + r"data/eval/table4\_counts.csv", + r"data/eval/table4\_with\_ci.csv", + r"data/scheduler/fairness\_metrics.json", + r"data/scheduler/metrics\_schedule\_sweep.json", + r"data/risk/risk\_calibration.csv", + r"data/metrics\_schedule\_compare.json", + r"data/grok\_failure\_analysis.csv" + ] + + for artifact in artifacts: + # We want to replace "artifact" with "\url{artifact_unescaped}" + # But wait, if we use \url, we should pass the unescaped string (no backslashes before underscores) + # OR, if we use \url, it treats it as verbatim, so if we pass "data/live\_cluster...", it might print the backslash. + # Standard \url{...} usage expects raw characters. + # So we should strip the backslashes from the replacement string. + + # Remove \\allowbreak for the replacement url + clean_artifact_for_url = artifact.replace(r'\_', '_').replace(r'\\allowbreak ', '') + + # The replacement: \url{clean_artifact_for_url} + # Note: We must be careful not to double-wrap if run multiple times, but we assume single run. + + # We only want to replace it if it's NOT already wrapped in \url. + # Regex lookbehind is hard, but we can just replace string literals. + + # Search for the artifact string. + # Note: The file content has "data/live\_cluster/results\_1k.json". + + # If we replace `data/live\_cluster...` with `\url{data/live_cluster...}` + replacement = r'\url{' + clean_artifact_for_url + '}' + + # Special handling for the split line in Appendix D + if "allowbreak" in artifact: + # The source has: data/batch_runs/grok_5k/\allowbreak metrics_grok5k.json + # We want to replace the whole thing with \url{...} + pass + + content = content.replace(artifact, replacement) + + # Also fix Appendix F (Corpus) + # data/manifests/artifacthub/ -> \url{...} + # docs/appendix_corpus.md -> \url{...} + # data/manifests/001.yaml -> \url{...} + # 002.yaml -> \url{...} + + corpus_fixes = [ + (r'docs / appendix _ corpus . md', r'\url{docs/appendix_corpus.md}'), # This looks like what grep output showed (badness 10000 log) + # Wait, the log showed expanded text. The file has escaped text. + (r'docs/appendix\_corpus.md', r'\url{docs/appendix_corpus.md}'), + (r'data/manifests/001.yaml', r'\url{data/manifests/001.yaml}'), + (r'002.yaml', r'\url{002.yaml}') # Be careful with this short match + ] + + for old, new in corpus_fixes: + # Check if already wrapped + if r'\url{' + old not in content and old in content: + # Special check for 002.yaml to avoid false positives? + # It appears as: "data/manifests/001.yaml and 002.yaml" + content = content.replace(old, new) + + with open(filepath, 'w') as f: + f.write(content) + +if __name__ == "__main__": + fix_overfull_hbox('paper/access.tex') diff --git a/paper/access.aux b/paper/access.aux new file mode 100644 index 00000000..8976cbf0 --- /dev/null +++ b/paper/access.aux @@ -0,0 +1,147 @@ +\relax +\providecommand\babel@aux[2]{} +\@nameuse{bbl@beforestart} +\providecommand\hyper@newdestlabel[2]{} +\providecommand\HyField@AuxAddToFields[1]{} +\providecommand\HyField@AuxAddToCoFields[2]{} +\citation{malul2024} +\citation{kyverno_docs} +\citation{borg} +\citation{kyverno_docs} +\babel@aux{english}{} +\@writefile{toc}{\contentsline {section}{\numberline {I}Importance of the Problem}{1}{section.1}\protected@file@percent } +\citation{kyverno_docs} +\citation{malul2024} +\citation{kyverno_docs} +\citation{borg} +\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces Comparison of automated Kubernetes remediation systems (Oct.~2025 snapshot).}}{2}{table.1}\protected@file@percent } +\newlabel{tab:comparison}{{1}{2}{Comparison of automated Kubernetes remediation systems (Oct.~2025 snapshot)}{table.1}{}} +\@writefile{lot}{\contentsline {table}{\numberline {2}{\ignorespaces Head-to-head policy-level acceptance on the 500-manifest security-context slice. Counts and rates regenerate from \url {data/detections.json}, \url {data/verified.json}, and baseline CSVs under \url {data/baselines/}.}}{2}{table.2}\protected@file@percent } +\newlabel{tab:baselines}{{2}{2}{Head-to-head policy-level acceptance on the 500-manifest security-context slice. Counts and rates regenerate from \url {data/detections.json}, \url {data/verified.json}, and baseline CSVs under \url {data/baselines/}}{table.2}{}} +\@writefile{toc}{\contentsline {section}{\numberline {II}Related Work}{2}{section.2}\protected@file@percent } +\citation{b1} +\citation{b3} +\citation{b2} +\citation{kube_linter_docs} +\citation{kyverno_docs} +\citation{opa_gatekeeper} +\citation{kubectl_reference} +\citation{aardvark} +\citation{kubeintellect} +\@writefile{toc}{\contentsline {section}{\numberline {III}System Design}{3}{section.3}\protected@file@percent } +\newlabel{sec:system-design}{{III}{3}{System Design}{section.3}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {III-A}}Notation}{3}{subsection.3.1}\protected@file@percent } +\newlabel{sec:notation}{{\mbox {III-A}}{3}{Notation}{subsection.3.1}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {III-B}}End-to-End Walkthrough on Real Manifests}{3}{subsection.3.2}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {III-C}}Research Questions and Findings}{4}{subsection.3.3}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {IV}Implementation and Metrics}{4}{section.4}\protected@file@percent } +\newlabel{sec:impl-metrics}{{IV}{4}{Implementation and Metrics}{section.4}{}} +\@writefile{lot}{\contentsline {table}{\numberline {3}{\ignorespaces At-a-glance comparison across remediation steps.}}{5}{table.3}\protected@file@percent } +\newlabel{tab:glance}{{3}{5}{At-a-glance comparison across remediation steps}{table.3}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {IV-A}}The Closed-Loop Pipeline}{5}{subsection.4.1}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {IV-B}}Verification Gates}{5}{subsection.4.2}\protected@file@percent } +\citation{joseph2016} +\citation{artifacthub} +\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces Closed-loop architecture with detector, proposer, and verifier gates (policy re-check, schema validation, \texttt {kubectl apply --dry-run=server}) feeding the risk-aware scheduler. The scheduler consumes \texttt {policy\_metrics.json} entries \{${p}$, $\mathbb {E}[t]$, $R$, KEV\} to score work using the scheduling function.}}{6}{figure.1}\protected@file@percent } +\newlabel{fig:architecture}{{1}{6}{Closed-loop architecture with detector, proposer, and verifier gates (policy re-check, schema validation, \texttt {kubectl apply --dry-run=server}) feeding the risk-aware scheduler. The scheduler consumes \texttt {policy\_metrics.json} entries \{${p}$, $\mathbb {E}[t]$, $R$, KEV\} to score work using the scheduling function}{figure.1}{}} +\@writefile{toc}{\contentsline {section}{\numberline {V}Implementation Status and Evidence}{6}{section.5}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-A}}Sample Detection Record}{6}{subsection.5.1}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-B}}Unit Test Evidence}{6}{subsection.5.2}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-C}}Dataset and Configuration}{6}{subsection.5.3}\protected@file@percent } +\@writefile{lot}{\contentsline {table}{\numberline {4}{\ignorespaces Evidence for each stage of the implemented pipeline (October 2025 snapshot).}}{7}{table.4}\protected@file@percent } +\newlabel{tab:evidence}{{4}{7}{Evidence for each stage of the implemented pipeline (October 2025 snapshot)}{table.4}{}} +\@writefile{lot}{\contentsline {table}{\numberline {5}{\ignorespaces Execution environment for the reproduced rule-mode evaluations.}}{7}{table.5}\protected@file@percent } +\newlabel{tab:environment}{{5}{7}{Execution environment for the reproduced rule-mode evaluations}{table.5}{}} +\@writefile{lot}{\contentsline {table}{\numberline {6}{\ignorespaces LLM-backed proposer configuration for Grok/xAI sweeps (values from \texttt {configs/run.yaml}).}}{7}{table.6}\protected@file@percent } +\newlabel{tab:llm_config}{{6}{7}{LLM-backed proposer configuration for Grok/xAI sweeps (values from \texttt {configs/run.yaml})}{table.6}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-D}}Evaluation Results}{7}{subsection.5.4}\protected@file@percent } +\newlabel{sec:evaluation}{{\mbox {V-D}}{7}{Evaluation Results}{subsection.5.4}{}} +\@writefile{lot}{\contentsline {table}{\numberline {7}{\ignorespaces Top 10 Grok/xAI Failure Causes and Latencies}}{7}{table.7}\protected@file@percent } +\newlabel{tab:grok_failures}{{7}{7}{Top 10 Grok/xAI Failure Causes and Latencies}{table.7}{}} +\citation{xai_pricing} +\@writefile{lot}{\contentsline {table}{\numberline {8}{\ignorespaces Detector performance on synthetic hold-out manifests ($n=9$). Note: These are hand-crafted test cases with obvious violations; real-world performance is validated through live-cluster evaluation.}}{8}{table.8}\protected@file@percent } +\newlabel{tab:detector_performance}{{8}{8}{Detector performance on synthetic hold-out manifests ($n=9$). Note: These are hand-crafted test cases with obvious violations; real-world performance is validated through live-cluster evaluation}{table.8}{}} +\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces Median wait time (bars) and P95 error bars for each risk tier. Bandit scheduling keeps the top quartile under 0.7~h while FIFO defers the same items for 26--50~h, illustrating the fairness gains summarized in \url {data/scheduler/metrics_schedule_sweep.json} and \url {data/scheduler/metrics_sweep_live.json}.}}{9}{figure.2}\protected@file@percent } +\newlabel{fig:fairness}{{2}{9}{Median wait time (bars) and P95 error bars for each risk tier. Bandit scheduling keeps the top quartile under 0.7~h while FIFO defers the same items for 26--50~h, illustrating the fairness gains summarized in \url {data/scheduler/metrics_schedule_sweep.json} and \url {data/scheduler/metrics_sweep_live.json}}{figure.2}{}} +\@writefile{lot}{\contentsline {table}{\numberline {9}{\ignorespaces Verifier failure taxonomy comparing the rules baseline (pre-fixture) against the supported corpus after fixture seeding. Counts derive from \url {data/failures/taxonomy_counts.csv} generated by \texttt {scripts/aggregate\_failure\_taxonomy.py}.}}{9}{table.9}\protected@file@percent } +\newlabel{tab:failure_taxonomy}{{9}{9}{Verifier failure taxonomy comparing the rules baseline (pre-fixture) against the supported corpus after fixture seeding. Counts derive from \protect \url {data/failures/taxonomy_counts.csv} generated by \texttt {scripts/aggregate\_failure\_taxonomy.py}}{table.9}{}} +\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces Comparison of admission-time (Kyverno) and post-hoc (\texttt {k8s-auto-fix}) policy enforcement on overlapping policies (seed=1337).}}{9}{figure.3}\protected@file@percent } +\newlabel{fig:admission_vs_posthoc}{{3}{9}{Comparison of admission-time (Kyverno) and post-hoc (\texttt {k8s-auto-fix}) policy enforcement on overlapping policies (seed=1337)}{figure.3}{}} +\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces Acceptance comparison between rules-only, LLM-only, and hybrid remediation modes (\url {data/baselines/mode_comparison.csv}).}}{9}{figure.4}\protected@file@percent } +\newlabel{fig:mode_comparison}{{4}{9}{Acceptance comparison between rules-only, LLM-only, and hybrid remediation modes (\protect \url {data/baselines/mode_comparison.csv})}{figure.4}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-E}}Threat Model}{9}{subsection.5.5}\protected@file@percent } +\citation{nvd,epss} +\citation{cisa_kev} +\@writefile{lot}{\contentsline {table}{\numberline {10}{\ignorespaces Risk calibration summary derived from \url {data/risk/risk_calibration.csv}. $\Delta R$ uses policy risk weights; “per time unit” divides by summed expected-time priors.}}{10}{table.10}\protected@file@percent } +\newlabel{tab:risk_calibration}{{10}{10}{Risk calibration summary derived from \protect \url {data/risk/risk_calibration.csv}. $\Delta R$ uses policy risk weights; “per time unit” divides by summed expected-time priors}{table.10}{}} +\@writefile{lot}{\contentsline {table}{\numberline {11}{\ignorespaces Acceptance and latency summary (seed 1337). Results generated from \url {data/eval/unified_eval_summary.json}.}}{10}{table.11}\protected@file@percent } +\newlabel{tab:eval_summary}{{11}{10}{Acceptance and latency summary (seed 1337). Results generated from \protect \url {data/eval/unified_eval_summary.json}}{table.11}{}} +\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces Operator A/B study results comparing bandit scheduler against baseline modes (simulated). Dual-axis chart shows acceptance rate (green bars) and mean wait time (blue bars) across 247 simulated queue assignments (\url {data/operator\_ab/summary\_simulated.csv}).}}{10}{figure.5}\protected@file@percent } +\newlabel{fig:operator_ab}{{5}{10}{Operator A/B study results comparing bandit scheduler against baseline modes (simulated). Dual-axis chart shows acceptance rate (green bars) and mean wait time (blue bars) across 247 simulated queue assignments (\protect \url {data/operator\_ab/summary\_simulated.csv})}{figure.5}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-F}}Threats and Mitigations}{10}{subsection.5.6}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-G}}Threat Intelligence and Risk Scoring (CVE/KEV/EPSS)}{10}{subsection.5.7}\protected@file@percent } +\citation{auer2002} +\@writefile{lot}{\contentsline {table}{\numberline {12}{\ignorespaces Guardrail example: Cilium DaemonSet patch (excerpt).}}{11}{table.12}\protected@file@percent } +\newlabel{tab:cilium_patch}{{12}{11}{Guardrail example: Cilium DaemonSet patch (excerpt)}{table.12}{}} +\@writefile{lot}{\contentsline {table}{\numberline {13}{\ignorespaces Cross-Cluster Replication Results}}{11}{table.13}\protected@file@percent } +\newlabel{tab:cross_cluster_replication}{{13}{11}{Cross-Cluster Replication Results}{table.13}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-H}}Guidance Refresh and RAG Hooks}{11}{subsection.5.8}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-I}}Risk-Bandit Scheduler with Aging and KEV Preemption}{11}{subsection.5.9}\protected@file@percent } +\newlabel{eq:scheduler_score}{{1}{11}{Risk-Bandit Scheduler with Aging and KEV Preemption}{equation.5.1}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-J}}Baselines and Ablations}{11}{subsection.5.10}\protected@file@percent } +\@writefile{lot}{\contentsline {table}{\numberline {14}{\ignorespaces Verifier gate ablation using 19 patched samples (\texttt {data/ablation/verifier\_gate\_metrics.json}). Acceptance reports the share of patches passing under the scenario; escapes count regressions that the full verifier blocks.}}{12}{table.14}\protected@file@percent } +\newlabel{tab:verifier_ablation}{{14}{12}{Verifier gate ablation using 19 patched samples (\texttt {data/ablation/verifier\_gate\_metrics.json}). Acceptance reports the share of patches passing under the scenario; escapes count regressions that the full verifier blocks}{table.14}{}} +\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-K}}Metrics and Measurement}{12}{subsection.5.11}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {VI}Limitations and Mitigations}{12}{section.6}\protected@file@percent } +\citation{xai_pricing} +\bibstyle{IEEEtran} +\bibcite{cis_benchmarks}{1} +\bibcite{pss}{2} +\bibcite{opa_gatekeeper}{3} +\bibcite{kube_linter_docs}{4} +\bibcite{k8s_security_context}{5} +\bibcite{rfc6902}{6} +\bibcite{kubectl_reference}{7} +\bibcite{xai_pricing}{8} +\bibcite{k8s_seccomp}{9} +\bibcite{nvd}{10} +\bibcite{cisa_kev}{11} +\bibcite{epss}{12} +\bibcite{trivy}{13} +\bibcite{grype}{14} +\@writefile{lof}{\contentsline {figure}{\numberline {6}{\ignorespaces Risk-Bandit scheduling loop (aging + KEV preemption) maximizing expected risk reduction per unit time with exploration and fairness.}}{13}{figure.6}\protected@file@percent } +\newlabel{fig:bandit-pseudocode}{{6}{13}{Risk-Bandit scheduling loop (aging + KEV preemption) maximizing expected risk reduction per unit time with exploration and fairness}{figure.6}{}} +\@writefile{toc}{\contentsline {section}{\numberline {VII}Discussion and Future Work}{13}{section.7}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{References}{13}{section*.1}\protected@file@percent } +\bibcite{swe_bench_verified}{15} +\bibcite{llmsecconfig}{16} +\bibcite{malul2024}{17} +\bibcite{kubellm}{18} +\bibcite{kyverno_docs}{19} +\bibcite{borg}{20} +\bibcite{artifacthub}{21} +\bibcite{auer2002}{22} +\bibcite{joseph2016}{23} +\bibcite{aardvark}{24} +\bibcite{kubeintellect}{25} +\bibcite{b1}{26} +\bibcite{b2}{27} +\bibcite{b3}{28} +\@writefile{toc}{\contentsline {subsection}{Brian Mendonca}{14}{section*.2}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{Vijay K. Madisetti}{14}{section*.2}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {A}Grok/xAI Failure Analysis}{15}{appendix.Appendix.A}\protected@file@percent } +\newlabel{app:grok_failures}{{A}{15}{Grok/xAI Failure Analysis}{appendix.Appendix.A}{}} +\@writefile{toc}{\contentsline {section}{\numberline {B}Risk Score Worked Example}{16}{appendix.Appendix.B}\protected@file@percent } +\newlabel{app:risk_example}{{B}{16}{Risk Score Worked Example}{appendix.Appendix.B}{}} +\@writefile{toc}{\contentsline {section}{\numberline {C}Acronym Glossary}{17}{appendix.Appendix.C}\protected@file@percent } +\newlabel{app:acronyms}{{C}{17}{Acronym Glossary}{appendix.Appendix.C}{}} +\@writefile{toc}{\contentsline {section}{\numberline {D}Artifact Index}{18}{appendix.Appendix.D}\protected@file@percent } +\newlabel{app:artifact_index}{{D}{18}{Artifact Index}{appendix.Appendix.D}{}} +\@writefile{lot}{\contentsline {table}{\numberline {15}{\ignorespaces Primary artifacts bundled with the paper.}}{19}{table.15}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {E}Evaluation Artifact Manifest}{20}{appendix.Appendix.E}\protected@file@percent } +\newlabel{app:artifact_manifest}{{E}{20}{Evaluation Artifact Manifest}{appendix.Appendix.E}{}} +\@writefile{lot}{\contentsline {table}{\numberline {16}{\ignorespaces Key evaluation artifacts with record counts and purposes for full reproducibility.}}{21}{table.16}\protected@file@percent } +\newlabel{tab:artifact_manifest}{{16}{21}{Key evaluation artifacts with record counts and purposes for full reproducibility}{table.16}{}} +\@writefile{toc}{\contentsline {section}{\numberline {F}Corpus Mining and Integrity}{22}{appendix.Appendix.F}\protected@file@percent } +\newlabel{app:corpus}{{F}{22}{Corpus Mining and Integrity}{appendix.Appendix.F}{}} +\gdef \@abspage@last{22} diff --git a/paper/access.log b/paper/access.log new file mode 100644 index 00000000..1cb45bd1 --- /dev/null +++ b/paper/access.log @@ -0,0 +1,1979 @@ +This is pdfTeX, Version 3.141592653-2.6-1.40.25 (TeX Live 2023/Debian) (preloaded format=pdflatex 2025.12.9) 9 DEC 2025 17:49 +entering extended mode + restricted \write18 enabled. + %&-line parsing enabled. +**access.tex +(./access.tex +LaTeX2e <2023-11-01> patch level 1 +L3 programming layer <2024-01-22> +(./ieeeaccess.cls (./IEEEtran.cls +Document Class: IEEEtran 2015/08/26 V1.8b by Michael Shell +-- See the "IEEEtran_HOWTO" manual for usage information. +-- http://www.michaelshell.org/tex/ieeetran/ +\@IEEEtrantmpdimenA=\dimen140 +\@IEEEtrantmpdimenB=\dimen141 +\@IEEEtrantmpdimenC=\dimen142 +\@IEEEtrantmpcountA=\count187 +\@IEEEtrantmpcountB=\count188 +\@IEEEtrantmpcountC=\count189 +\@IEEEtrantmptoksA=\toks17 +LaTeX Font Info: Trying to load font information for OT1+ptm on input line 5 +03. +(/usr/share/texlive/texmf-dist/tex/latex/psnfss/ot1ptm.fd +File: ot1ptm.fd 2001/06/04 font definitions for OT1/ptm. +) +-- Using 8.5in x 11in (letter) paper. +-- Using PDF output. +\@IEEEnormalsizeunitybaselineskip=\dimen143 +-- This is a 10 point document. +\CLASSINFOnormalsizebaselineskip=\dimen144 +\CLASSINFOnormalsizeunitybaselineskip=\dimen145 +\IEEEnormaljot=\dimen146 +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <5> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <5> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <7> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <7> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <8> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <8> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <9> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <9> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <10> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <10> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <11> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <11> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <12> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <12> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <17> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <17> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <20> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <20> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <24> not available +(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090. +LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <24> not available +(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090. + +\IEEEquantizedlength=\dimen147 +\IEEEquantizedlengthdiff=\dimen148 +\IEEEquantizedtextheightdiff=\dimen149 +\IEEEilabelindentA=\dimen150 +\IEEEilabelindentB=\dimen151 +\IEEEilabelindent=\dimen152 +\IEEEelabelindent=\dimen153 +\IEEEdlabelindent=\dimen154 +\IEEElabelindent=\dimen155 +\IEEEiednormlabelsep=\dimen156 +\IEEEiedmathlabelsep=\dimen157 +\IEEEiedtopsep=\skip48 +\c@section=\count190 +\c@subsection=\count191 +\c@subsubsection=\count192 +\c@paragraph=\count193 +\c@IEEEsubequation=\count194 +\abovecaptionskip=\skip49 +\belowcaptionskip=\skip50 +\c@figure=\count195 +\c@table=\count196 +\@IEEEeqnnumcols=\count197 +\@IEEEeqncolcnt=\count198 +\@IEEEsubeqnnumrollback=\count199 +\@IEEEquantizeheightA=\dimen158 +\@IEEEquantizeheightB=\dimen159 +\@IEEEquantizeheightC=\dimen160 +\@IEEEquantizeprevdepth=\dimen161 +\@IEEEquantizemultiple=\count266 +\@IEEEquantizeboxA=\box51 +\@IEEEtmpitemindent=\dimen162 +\IEEEPARstartletwidth=\dimen163 +\c@IEEEbiography=\count267 +\@IEEEtranrubishbin=\box52 +) (./ifpdf.sty +Package: ifpdf 2025/10/15 v0.2 local fallback of ifpdf +) (/usr/share/texlive/texmf-dist/tex/latex/xkeyval/xkeyval.sty +Package: xkeyval 2022/06/16 v2.9 package option processing (HA) + +(/usr/share/texlive/texmf-dist/tex/generic/xkeyval/xkeyval.tex +(/usr/share/texlive/texmf-dist/tex/generic/xkeyval/xkvutils.tex +\XKV@toks=\toks18 +\XKV@tempa@toks=\toks19 + +(/usr/share/texlive/texmf-dist/tex/generic/xkeyval/keyval.tex)) +\XKV@depth=\count268 +File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA) +)){/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{t1-times.map}{t1-formata. +map}{t1-giovannistd.map} +\@draftversionrule=\dimen164 + (/usr/share/texlive/texmf-dist/tex/latex/xcolor/xcolor.sty +Package: xcolor 2023/11/15 v3.01 LaTeX color extensions (UK) + +(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/color.cfg +File: color.cfg 2016/01/02 v1.6 sample color configuration +) +Package xcolor Info: Driver file: pdftex.def on input line 274. + +(/usr/share/texlive/texmf-dist/tex/latex/graphics-def/pdftex.def +File: pdftex.def 2022/09/22 v1.2b Graphics/color driver for pdftex +) +(/usr/share/texlive/texmf-dist/tex/latex/graphics/mathcolor.ltx) +Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1350. +Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1354. +Package xcolor Info: Model `RGB' extended on input line 1366. +Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1368. +Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1369. +Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1370. +Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1371. +Package xcolor Info: Model `Gray' substituted by `gray' on input line 1372. +Package xcolor Info: Model `wave' substituted by `hsb' on input line 1373. +) +(/usr/share/texlive/texmf-dist/tex/latex/colortbl/colortbl.sty +Package: colortbl 2022/06/20 v1.0f Color table columns (DPC) + +(/usr/share/texlive/texmf-dist/tex/latex/tools/array.sty +Package: array 2023/10/16 v2.5g Tabular extension package (FMi) +\col@sep=\dimen165 +\ar@mcellbox=\box53 +\extrarowheight=\dimen166 +\NC@list=\toks20 +\extratabsurround=\skip51 +\backup@length=\skip52 +\ar@cellbox=\box54 +) +\everycr=\toks21 +\minrowclearance=\skip53 +\rownum=\count269 +) +\figbox=\box55 +\titlewidth=\skip54 +\abstractwidth=\skip55 +\c@addrCtr=\count270 +\abstractbox=\box56 +\indexbox=\box57 +\absht=\dimen167 +\kwdht=\dimen168 +\@tempcntc=\count271 +\titlepgskip=\skip56 +\maketitlebox=\box58 +) +(/usr/share/texlive/texmf-dist/tex/latex/cite/cite.sty +LaTeX Info: Redefining \cite on input line 302. +LaTeX Info: Redefining \nocite on input line 332. +Package: cite 2015/02/27 v 5.5 +) +(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsmath.sty +Package: amsmath 2023/05/13 v2.17o AMS math features +\@mathmargin=\skip57 + +For additional information on amsmath, use the `?' option. +(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amstext.sty +Package: amstext 2021/08/26 v2.01 AMS text + +(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsgen.sty +File: amsgen.sty 1999/11/30 v2.0 generic functions +\@emptytoks=\toks22 +\ex@=\dimen169 +)) +(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsbsy.sty +Package: amsbsy 1999/11/29 v1.2d Bold Symbols +\pmbraise@=\dimen170 +) +(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsopn.sty +Package: amsopn 2022/04/08 v2.04 operator names +) +\inf@bad=\count272 +LaTeX Info: Redefining \frac on input line 234. +\uproot@=\count273 +\leftroot@=\count274 +LaTeX Info: Redefining \overline on input line 399. +LaTeX Info: Redefining \colon on input line 410. +\classnum@=\count275 +\DOTSCASE@=\count276 +LaTeX Info: Redefining \ldots on input line 496. +LaTeX Info: Redefining \dots on input line 499. +LaTeX Info: Redefining \cdots on input line 620. +\Mathstrutbox@=\box59 +\strutbox@=\box60 +LaTeX Info: Redefining \big on input line 722. +LaTeX Info: Redefining \Big on input line 723. +LaTeX Info: Redefining \bigg on input line 724. +LaTeX Info: Redefining \Bigg on input line 725. +\big@size=\dimen171 +LaTeX Font Info: Redeclaring font encoding OML on input line 743. +LaTeX Font Info: Redeclaring font encoding OMS on input line 744. +\macc@depth=\count277 +LaTeX Info: Redefining \bmod on input line 905. +LaTeX Info: Redefining \pmod on input line 910. +LaTeX Info: Redefining \smash on input line 940. +LaTeX Info: Redefining \relbar on input line 970. +LaTeX Info: Redefining \Relbar on input line 971. +\c@MaxMatrixCols=\count278 +\dotsspace@=\muskip16 +\c@parentequation=\count279 +\dspbrk@lvl=\count280 +\tag@help=\toks23 +\row@=\count281 +\column@=\count282 +\maxfields@=\count283 +\andhelp@=\toks24 +\eqnshift@=\dimen172 +\alignsep@=\dimen173 +\tagshift@=\dimen174 +\tagwidth@=\dimen175 +\totwidth@=\dimen176 +\lineht@=\dimen177 +\@envbody=\toks25 +\multlinegap=\skip58 +\multlinetaggap=\skip59 +\mathdisplay@stack=\toks26 +LaTeX Info: Redefining \[ on input line 2953. +LaTeX Info: Redefining \] on input line 2954. +) +(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amssymb.sty +Package: amssymb 2013/01/14 v3.01 AMS font symbols + +(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amsfonts.sty +Package: amsfonts 2013/01/14 v3.01 Basic AMSFonts support +\symAMSa=\mathgroup4 +\symAMSb=\mathgroup5 +LaTeX Font Info: Redeclaring math symbol \hbar on input line 98. +LaTeX Font Info: Overwriting math alphabet `\mathfrak' in version `bold' +(Font) U/euf/m/n --> U/euf/b/n on input line 106. +)) +(/usr/share/texlive/texmf-dist/tex/latex/algorithms/algorithmic.sty +Package: algorithmic 2009/08/24 v0.1 Document Style `algorithmic' + +(/usr/share/texlive/texmf-dist/tex/latex/base/ifthen.sty +Package: ifthen 2022/04/13 v1.1d Standard LaTeX ifthen package (DPC) +) +\c@ALC@unique=\count284 +\c@ALC@line=\count285 +\c@ALC@rem=\count286 +\c@ALC@depth=\count287 +\ALC@tlm=\skip60 +\algorithmicindent=\skip61 +) +(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty +Package: graphicx 2021/09/16 v1.2d Enhanced LaTeX Graphics (DPC,SPQR) + +(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty +Package: graphics 2022/03/10 v1.4e Standard LaTeX Graphics (DPC,SPQR) + +(/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty +Package: trig 2021/08/11 v1.11 sin cos tan (DPC) +) +(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/graphics.cfg +File: graphics.cfg 2016/06/04 v1.11 sample graphics configuration +) +Package graphics Info: Driver file: pdftex.def on input line 107. +) +\Gin@req@height=\dimen178 +\Gin@req@width=\dimen179 +) +(/usr/share/texlive/texmf-dist/tex/latex/base/textcomp.sty +Package: textcomp 2020/02/02 v2.0n Standard LaTeX package +) +(/usr/share/texlive/texmf-dist/tex/generic/babel/babel.sty +Package: babel 2024/01/07 v24.1 The Babel package +\babel@savecnt=\count288 +\U@D=\dimen180 +\l@unhyphenated=\language9 + +(/usr/share/texlive/texmf-dist/tex/generic/babel/txtbabel.def) +\bbl@readstream=\read2 +\bbl@dirlevel=\count289 + +(/usr/share/texlive/texmf-dist/tex/generic/babel-english/english.ldf +Language: english 2017/06/06 v3.3r English support from the babel system +Package babel Info: Hyphen rules for 'british' set to \l@english +(babel) (\language0). Reported on input line 82. +Package babel Info: Hyphen rules for 'UKenglish' set to \l@english +(babel) (\language0). Reported on input line 83. +Package babel Info: Hyphen rules for 'canadian' set to \l@english +(babel) (\language0). Reported on input line 102. +Package babel Info: Hyphen rules for 'australian' set to \l@english +(babel) (\language0). Reported on input line 105. +Package babel Info: Hyphen rules for 'newzealand' set to \l@english +(babel) (\language0). Reported on input line 108. +)) +(/usr/share/texlive/texmf-dist/tex/generic/babel/locale/en/babel-english.tex +Package babel Info: Importing font and identification data for english +(babel) from babel-en.ini. Reported on input line 11. +) +(/usr/share/texlive/texmf-dist/tex/latex/microtype/microtype.sty +Package: microtype 2023/03/13 v3.1a Micro-typographical refinements (RS) + +(/usr/share/texlive/texmf-dist/tex/latex/etoolbox/etoolbox.sty +Package: etoolbox 2020/10/05 v2.5k e-TeX tools for LaTeX (JAW) +\etb@tempcnta=\count290 +) +\MT@toks=\toks27 +\MT@tempbox=\box61 +\MT@count=\count291 +LaTeX Info: Redefining \noprotrusionifhmode on input line 1059. +LaTeX Info: Redefining \leftprotrusion on input line 1060. +\MT@prot@toks=\toks28 +LaTeX Info: Redefining \rightprotrusion on input line 1078. +LaTeX Info: Redefining \textls on input line 1368. +\MT@outer@kern=\dimen181 +LaTeX Info: Redefining \textmicrotypecontext on input line 1988. +\MT@listname@count=\count292 + +(/usr/share/texlive/texmf-dist/tex/latex/microtype/microtype-pdftex.def +File: microtype-pdftex.def 2023/03/13 v3.1a Definitions specific to pdftex (RS) + +LaTeX Info: Redefining \lsstyle on input line 902. +LaTeX Info: Redefining \lslig on input line 902. +\MT@outer@space=\skip62 +) +Package microtype Info: Loading configuration file microtype.cfg. + +(/usr/share/texlive/texmf-dist/tex/latex/microtype/microtype.cfg +File: microtype.cfg 2023/03/13 v3.1a microtype main configuration file (RS) +)) +(/usr/share/texlive/texmf-dist/tex/latex/booktabs/booktabs.sty +Package: booktabs 2020/01/12 v1.61803398 Publication quality tables +\heavyrulewidth=\dimen182 +\lightrulewidth=\dimen183 +\cmidrulewidth=\dimen184 +\belowrulesep=\dimen185 +\belowbottomsep=\dimen186 +\aboverulesep=\dimen187 +\abovetopsep=\dimen188 +\cmidrulesep=\dimen189 +\cmidrulekern=\dimen190 +\defaultaddspace=\dimen191 +\@cmidla=\count293 +\@cmidlb=\count294 +\@aboverulesep=\dimen192 +\@belowrulesep=\dimen193 +\@thisruleclass=\count295 +\@lastruleclass=\count296 +\@thisrulewidth=\dimen194 +) +(/usr/share/texlive/texmf-dist/tex/latex/tools/tabularx.sty +Package: tabularx 2023/07/08 v2.11c `tabularx' package (DPC) +\TX@col@width=\dimen195 +\TX@old@table=\dimen196 +\TX@old@col=\dimen197 +\TX@target=\dimen198 +\TX@delta=\dimen199 +\TX@cols=\count297 +\TX@ftn=\toks29 +) +(/usr/share/texlive/texmf-dist/tex/latex/multirow/multirow.sty +Package: multirow 2021/03/15 v2.8 Span multiple rows of a table +\multirow@colwidth=\skip63 +\multirow@cntb=\count298 +\multirow@dima=\skip64 +\bigstrutjot=\dimen256 +) +(/usr/share/texlive/texmf-dist/tex/latex/listings/listings.sty +\lst@mode=\count299 +\lst@gtempboxa=\box62 +\lst@token=\toks30 +\lst@length=\count300 +\lst@currlwidth=\dimen257 +\lst@column=\count301 +\lst@pos=\count302 +\lst@lostspace=\dimen258 +\lst@width=\dimen259 +\lst@newlines=\count303 +\lst@lineno=\count304 +\lst@maxwidth=\dimen260 + +(/usr/share/texlive/texmf-dist/tex/latex/listings/lstmisc.sty +File: lstmisc.sty 2023/02/27 1.9 (Carsten Heinz) +\c@lstnumber=\count305 +\lst@skipnumbers=\count306 +\lst@framebox=\box63 +) +(/usr/share/texlive/texmf-dist/tex/latex/listings/listings.cfg +File: listings.cfg 2023/02/27 1.9 listings configuration +)) +Package: listings 2023/02/27 1.9 (Carsten Heinz) + +(/usr/share/texlive/texmf-dist/tex/latex/base/alltt.sty +Package: alltt 2021/01/29 v2.0g defines alltt environment +) +(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hyperref.sty +Package: hyperref 2024-01-20 v7.01h Hypertext links for LaTeX + +(/usr/share/texlive/texmf-dist/tex/generic/iftex/iftex.sty +Package: iftex 2022/02/03 v1.0f TeX engine tests +) +(/usr/share/texlive/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty +Package: kvsetkeys 2022-10-05 v1.19 Key value parser (HO) +) +(/usr/share/texlive/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty +Package: kvdefinekeys 2019-12-19 v1.6 Define keys (HO) +) +(/usr/share/texlive/texmf-dist/tex/generic/pdfescape/pdfescape.sty +Package: pdfescape 2019/12/09 v1.15 Implements pdfTeX's escape features (HO) + +(/usr/share/texlive/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty +Package: ltxcmds 2023-12-04 v1.26 LaTeX kernel commands for general use (HO) +) +(/usr/share/texlive/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty +Package: pdftexcmds 2020-06-27 v0.33 Utility functions of pdfTeX for LuaTeX (HO +) + +(/usr/share/texlive/texmf-dist/tex/generic/infwarerr/infwarerr.sty +Package: infwarerr 2019/12/03 v1.5 Providing info/warning/error messages (HO) +) +Package pdftexcmds Info: \pdf@primitive is available. +Package pdftexcmds Info: \pdf@ifprimitive is available. +Package pdftexcmds Info: \pdfdraftmode found. +)) +(/usr/share/texlive/texmf-dist/tex/latex/hycolor/hycolor.sty +Package: hycolor 2020-01-27 v1.10 Color options for hyperref/bookmark (HO) +) +(/usr/share/texlive/texmf-dist/tex/latex/auxhook/auxhook.sty +Package: auxhook 2019-12-17 v1.6 Hooks for auxiliary files (HO) +) +(/usr/share/texlive/texmf-dist/tex/latex/hyperref/nameref.sty +Package: nameref 2023-11-26 v2.56 Cross-referencing by name of section + +(/usr/share/texlive/texmf-dist/tex/latex/refcount/refcount.sty +Package: refcount 2019/12/15 v3.6 Data extraction from label references (HO) +) +(/usr/share/texlive/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty +Package: gettitlestring 2019/12/15 v1.6 Cleanup title references (HO) + +(/usr/share/texlive/texmf-dist/tex/latex/kvoptions/kvoptions.sty +Package: kvoptions 2022-06-15 v3.15 Key value format for package options (HO) +)) +\c@section@level=\count307 +) +\@linkdim=\dimen261 +\Hy@linkcounter=\count308 +\Hy@pagecounter=\count309 + +(/usr/share/texlive/texmf-dist/tex/latex/hyperref/pd1enc.def +File: pd1enc.def 2024-01-20 v7.01h Hyperref: PDFDocEncoding definition (HO) +Now handling font encoding PD1 ... +... no UTF-8 mapping file for font encoding PD1 +) +(/usr/share/texlive/texmf-dist/tex/generic/intcalc/intcalc.sty +Package: intcalc 2019/12/15 v1.3 Expandable calculations with integers (HO) +) +\Hy@SavedSpaceFactor=\count310 + +(/usr/share/texlive/texmf-dist/tex/latex/hyperref/puenc.def +File: puenc.def 2024-01-20 v7.01h Hyperref: PDF Unicode definition (HO) +Now handling font encoding PU ... +... no UTF-8 mapping file for font encoding PU +) +Package hyperref Info: Hyper figures OFF on input line 4179. +Package hyperref Info: Link nesting OFF on input line 4184. +Package hyperref Info: Hyper index ON on input line 4187. +Package hyperref Info: Plain pages OFF on input line 4194. +Package hyperref Info: Backreferencing OFF on input line 4199. +Package hyperref Info: Implicit mode ON; LaTeX internals redefined. +Package hyperref Info: Bookmarks ON on input line 4446. +\c@Hy@tempcnt=\count311 + +(/usr/share/texlive/texmf-dist/tex/latex/url/url.sty +\Urlmuskip=\muskip17 +Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc. +) +LaTeX Info: Redefining \url on input line 4784. +\XeTeXLinkMargin=\dimen262 + +(/usr/share/texlive/texmf-dist/tex/generic/bitset/bitset.sty +Package: bitset 2019/12/09 v1.3 Handle bit-vector datatype (HO) + +(/usr/share/texlive/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty +Package: bigintcalc 2019/12/15 v1.5 Expandable calculations on big integers (HO +) +)) +\Fld@menulength=\count312 +\Field@Width=\dimen263 +\Fld@charsize=\dimen264 +Package hyperref Info: Hyper figures OFF on input line 6063. +Package hyperref Info: Link nesting OFF on input line 6068. +Package hyperref Info: Hyper index ON on input line 6071. +Package hyperref Info: backreferencing OFF on input line 6078. +Package hyperref Info: Link coloring OFF on input line 6083. +Package hyperref Info: Link coloring with OCG OFF on input line 6088. +Package hyperref Info: PDF/A mode OFF on input line 6093. + +(/usr/share/texlive/texmf-dist/tex/latex/base/atbegshi-ltx.sty +Package: atbegshi-ltx 2021/01/10 v1.0c Emulation of the original atbegshi +package with kernel methods +) +\Hy@abspage=\count313 +\c@Item=\count314 +\c@Hfootnote=\count315 +) +Package hyperref Info: Driver (autodetected): hpdftex. + +(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hpdftex.def +File: hpdftex.def 2024-01-20 v7.01h Hyperref driver for pdfTeX + +(/usr/share/texlive/texmf-dist/tex/latex/base/atveryend-ltx.sty +Package: atveryend-ltx 2020/08/19 v1.0a Emulation of the original atveryend pac +kage +with kernel methods +) +\Fld@listcount=\count316 +\c@bookmark@seq@number=\count317 + +(/usr/share/texlive/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty +Package: rerunfilecheck 2022-07-10 v1.10 Rerun checks for auxiliary files (HO) + +(/usr/share/texlive/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty +Package: uniquecounter 2019/12/15 v1.4 Provide unlimited unique counter (HO) +) +Package uniquecounter Info: New unique counter `rerunfilecheck' on input line 2 +85. +) +\Hy@SectionHShift=\skip65 +) +Package hyperref Info: Option `colorlinks' set `true' on input line 28. + +(/usr/share/texlive/texmf-dist/tex/latex/tools/bm.sty +Package: bm 2023/07/08 v1.2f Bold Symbol Support (DPC/FMi) +\symboldoperators=\mathgroup6 +\symboldletters=\mathgroup7 +\symboldsymbols=\mathgroup8 +Package bm Info: No bold for \OMX/cmex/m/n, using \pmb. +Package bm Info: No bold for \U/msa/m/n, using \pmb. +Package bm Info: No bold for \U/msb/m/n, using \pmb. +LaTeX Font Info: Redeclaring math alphabet \mathbf on input line 149. +) +(/usr/share/texlive/texmf-dist/tex/latex/psnfss/courier.sty +Package: courier 2020/03/25 PSNFSS-v9.3 (WaS) +) +\symrsfs=\mathgroup9 +{t1-formata.map + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-i +talic' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-m +edium' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-m +ediumitalic' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-l +ight' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-l +ightitalic' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-b +old' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-b +olditalic' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-c +ondmedium' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-c +ondmediumital' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-r +egular' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-formata.map): fontmap entry for `t1-formata-r +egsymb' already exists, duplicates ignored +}{t1-times.map + +pdfTeX warning: pdflatex (file t1-times.map): fontmap entry for `t1-times' alre +ady exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-times.map): fontmap entry for `t1-times-itali +c' already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-times.map): fontmap entry for `t1-times-bold' + already exists, duplicates ignored + + +pdfTeX warning: pdflatex (file t1-times.map): fontmap entry for `t1-times-boldi +talic' already exists, duplicates ignored +}{t1-helvetica.map}{t1-giovannistd.map + +pdfTeX warning: pdflatex (file t1-giovannistd.map): fontmap entry for `t1-giova +nnistd-bookitalic' already exists, duplicates ignored +} (/usr/share/texlive/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def +File: l3backend-pdftex.def 2024-01-04 L3 backend support: PDF output (pdfTeX) +\l__color_backend_stack_int=\count318 +\l__pdf_internal_box=\box64 +) +(./access.aux) +\openout1 = `access.aux'. + +LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 85. +LaTeX Font Info: ... okay on input line 85. +LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 85. +LaTeX Font Info: ... okay on input line 85. +LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 85. +LaTeX Font Info: ... okay on input line 85. +LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 85. +LaTeX Font Info: ... okay on input line 85. +LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 85. +LaTeX Font Info: ... okay on input line 85. +LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 85. +LaTeX Font Info: ... okay on input line 85. +LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 85. +LaTeX Font Info: ... okay on input line 85. +LaTeX Font Info: Checking defaults for PD1/pdf/m/n on input line 85. +LaTeX Font Info: ... okay on input line 85. +LaTeX Font Info: Checking defaults for PU/pdf/m/n on input line 85. +LaTeX Font Info: ... okay on input line 85. + +-- Lines per column: 56 (exact). +\symNewLetters=\mathgroup10 +\symxsymbols=\mathgroup11 +LaTeX Font Info: Redeclaring math symbol \ddagger on input line 85. +LaTeX Font Info: Redeclaring math symbol \dagger on input line 85. +\c@mv@regular=\count319 +LaTeX Font Info: Encoding `OT1' has changed to `T1' for symbol font +(Font) `operators' in the math version `regular' on input line 85. + +LaTeX Font Info: Overwriting symbol font `operators' in version `regular' +(Font) OT1/cmr/m/n --> T1/formata/n/n on input line 85. +LaTeX Font Info: Overwriting symbol font `NewLetters' in version `regular' +(Font) T1/times/n/it --> T1/formata/n/it on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathrm' in version `regular' +(Font) T1/formata/n/n --> T1/formata/n/n on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathit' in version `regular' +(Font) OT1/cmr/m/it --> T1/formata/n/it on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathbf' in version `regular' +(Font) OT1/cmr/bx/n --> T1/formata/m/n on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathtt' in version `regular' +(Font) OT1/cmtt/m/n --> OT1/pcr/m/n on input line 85. +\c@mv@medium=\count320 +LaTeX Font Info: Encoding `OT1' has changed to `T1' for symbol font +(Font) `operators' in the math version `medium' on input line 85. +LaTeX Font Info: Overwriting symbol font `operators' in version `medium' +(Font) OT1/cmr/m/n --> T1/formata/m/n on input line 85. +LaTeX Font Info: Overwriting symbol font `NewLetters' in version `medium' +(Font) T1/times/n/it --> T1/formata/m/it on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathrm' in version `medium' +(Font) > T1/formata/m/n on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathit' in version `medium' +(Font) OT1/cmr/m/it --> T1/formata/m/it on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathbf' in version `medium' +(Font) > T1/formata/b/n on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathtt' in version `medium' +(Font) OT1/cmtt/m/n --> OT1/pcr/b/n on input line 85. +\c@mv@black=\count321 +LaTeX Font Info: Encoding `OT1' has changed to `T1' for symbol font +(Font) `operators' in the math version `black' on input line 85. +LaTeX Font Info: Overwriting symbol font `operators' in version `black' +(Font) OT1/cmr/m/n --> T1/formata/b/n on input line 85. +LaTeX Font Info: Overwriting symbol font `NewLetters' in version `black' +(Font) T1/times/n/it --> T1/formata/b/it on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathrm' in version `black' +(Font) > T1/formata/b/n on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathit' in version `black' +(Font) OT1/cmr/m/it --> T1/formata/b/it on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathbf' in version `black' +(Font) > T1/formata/b/n on input line 85. +LaTeX Font Info: Overwriting math alphabet `\mathtt' in version `black' +(Font) OT1/cmtt/m/n --> OT1/pcr/b/n on input line 85. +LaTeX Font Info: Trying to load font information for T1+ptm on input line 85 +. +(/usr/share/texlive/texmf-dist/tex/latex/psnfss/t1ptm.fd +File: t1ptm.fd 2001/06/04 font definitions for T1/ptm. +) +LaTeX Font Info: Trying to load font information for T1+times on input line +85. + (./t1times.fd) +(/usr/share/texlive/texmf-dist/tex/context/base/mkii/supp-pdf.mkii +[Loading MPS to PDF converter (version 2006.09.02).] +\scratchcounter=\count322 +\scratchdimen=\dimen265 +\scratchbox=\box65 +\nofMPsegments=\count323 +\nofMParguments=\count324 +\everyMPshowfont=\toks31 +\MPscratchCnt=\count325 +\MPscratchDim=\dimen266 +\MPnumerator=\count326 +\makeMPintoPDFobject=\count327 +\everyMPtoPDFconversion=\toks32 +) (/usr/share/texlive/texmf-dist/tex/latex/epstopdf-pkg/epstopdf-base.sty +Package: epstopdf-base 2020-01-24 v2.11 Base part for package epstopdf +Package epstopdf-base Info: Redefining graphics rule for `.eps' on input line 4 +85. + +(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg +File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv +e +)) +LaTeX Info: Redefining \microtypecontext on input line 85. +Package microtype Info: Applying patch `item' on input line 85. +Package microtype Info: Applying patch `toc' on input line 85. +Package microtype Info: Applying patch `eqnum' on input line 85. +Package microtype Info: Applying patch `footnote' on input line 85. +Package microtype Info: Applying patch `verbatim' on input line 85. +Package microtype Info: Generating PDF output. +Package microtype Info: Character protrusion enabled (level 2). +Package microtype Info: Using default protrusion set `alltext'. +Package microtype Info: Automatic font expansion enabled (level 2), +(microtype) stretch: 20, shrink: 20, step: 1, non-selected. +Package microtype Info: Using default expansion set `alltext-nott'. +LaTeX Info: Redefining \showhyphens on input line 85. +Package microtype Info: No adjustment of tracking. +Package microtype Info: No adjustment of interword spacing. +Package microtype Info: No adjustment of character kerning. +Package microtype Info: Loading generic protrusion settings for font family +(microtype) `times' (encoding: T1). +(microtype) For optimal results, create family-specific settings. +(microtype) See the microtype manual for details. +\c@lstlisting=\count328 +Package hyperref Info: Link coloring ON on input line 85. + +(./access.out) (./access.out) +\@outlinefile=\write3 +\openout3 = `access.out'. + + +(/usr/share/texlive/texmf-dist/tex/latex/psnfss/t1pcr.fd +File: t1pcr.fd 2001/06/04 font definitions for T1/pcr. +) + +File: bullet.png Graphic file (type png) + +Package pdftex.def Info: bullet.png used on input line 109. +(pdftex.def) Requested size: 5.0pt x 14.6871pt. +Package microtype Info: Loading generic protrusion settings for font family +(microtype) `formata' (encoding: T1). +(microtype) For optimal results, create family-specific settings. +(microtype) See the microtype manual for details. +LaTeX Font Info: Font shape `T1/pcr/n/n' in size <10> not available +(Font) Font shape `T1/pcr/m/n' tried instead on input line 110. +Package microtype Info: Loading generic protrusion settings for font family +(microtype) `pcr' (encoding: T1). +(microtype) For optimal results, create family-specific settings. +(microtype) See the microtype manual for details. + +(/usr/share/texlive/texmf-dist/tex/latex/microtype/mt-cmr.cfg +File: mt-cmr.cfg 2013/05/19 v2.2 microtype config. file: Computer Modern Roman +(RS) +) +LaTeX Font Info: Trying to load font information for U+msa on input line 110 +. + +(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsa.fd +File: umsa.fd 2013/01/14 v3.01 AMS symbols A +) +(/usr/share/texlive/texmf-dist/tex/latex/microtype/mt-msa.cfg +File: mt-msa.cfg 2006/02/04 v1.1 microtype config. file: AMS symbols (a) (RS) +) +LaTeX Font Info: Trying to load font information for U+msb on input line 110 +. + +(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsb.fd +File: umsb.fd 2013/01/14 v3.01 AMS symbols B +) +(/usr/share/texlive/texmf-dist/tex/latex/microtype/mt-msb.cfg +File: mt-msb.cfg 2005/06/01 v1.0 microtype config. file: AMS symbols (b) (RS) +) +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 10.50003pt on input line 110. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 7.35002pt on input line 110. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 5.25002pt on input line 110. +File: bullet.png Graphic file (type png) + +Package pdftex.def Info: bullet.png used on input line 113. +(pdftex.def) Requested size: 5.0pt x 14.6871pt. +Package microtype Info: Loading generic protrusion settings for font family +(microtype) `giovannistd' (encoding: T1). +(microtype) For optimal results, create family-specific settings. +(microtype) See the microtype manual for details. +LaTeX Font Info: Calculating math sizes for size <9.9> on input line 118. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 10.39502pt on input line 118. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 7.27647pt on input line 118. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 5.19751pt on input line 118. +LaTeX Font Info: Calculating math sizes for size <6.6> on input line 118. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 6.93002pt on input line 118. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 4.85098pt on input line 118. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 3.46501pt on input line 118. + +Overfull \hbox (9.2679pt too wide) in paragraph at lines 118--118 +[] + [] + + +Overfull \hbox (9.2679pt too wide) in paragraph at lines 118--118 +[] + [] + + +Overfull \hbox (2.10097pt too wide) in paragraph at lines 155--155 +[]|\T1/times/m/n/9 (-20) Validation/mutation + [] + +(../docs/reproducibility/baselines.tex) + +File: logo.png Graphic file (type png) + +Package pdftex.def Info: logo.png used on input line 184. +(pdftex.def) Requested size: 91.32pt x 23.66309pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[1{/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc} + + + <./logo.png> <./bullet.png>] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 200. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[2 <./notaglinelogo.png>] +Underfull \hbox (badness 2253) in paragraph at lines 206--207 +\T1/times/b/n/10 (+20) 1. Detection-Only Pipelines. \T1/times/n/n/10 (+20) Stat +ic anal-y-sis tools like + [] + +LaTeX Font Info: Font shape `T1/pcr/n/n' in size <7> not available +(Font) Font shape `T1/pcr/m/n' tried instead on input line 236. + +Underfull \hbox (badness 4595) in paragraph at lines 249--250 +\T1/times/n/n/10 (+20) and re-ports four pol-icy vi-o-la-tions: \T1/pcr/m/n/10 +no_privileged\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 249--250 +\T1/pcr/m/n/10 drop_capabilities\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 run_as_ +non_root\T1/times/n/n/10 (+20) , and + [] + + +Underfull \hbox (badness 2698) in paragraph at lines 249--250 +\T1/pcr/m/n/10 no_latest_tag\T1/times/n/n/10 (+20) . These cor-re-spond to the +struc-tured + [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 250. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[3] +Underfull \hbox (badness 2837) in paragraph at lines 267--268 +[]\T1/times/b/n/10 (+20) Server Dry-Run\T1/times/n/n/10 (+20) : Suc-ceeds, as \ +T1/pcr/m/n/10 kubectl apply + [] + + +Underfull \hbox (badness 3907) in paragraph at lines 288--289 +\T1/times/m/it/10 (+20) 1. De-tect\T1/times/n/n/10 (+20) : The de-tec-tor flags + \T1/pcr/m/n/10 read_only_root_fs\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 1590) in paragraph at lines 325--325 +[]|\T1/times/m/n/7 (+20) Triad: pol-icy re-check + schema + + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 325--325 +[]|\T1/times/m/n/7 (+20) Scanner checks; no server dry- + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 340--353 +[] + [] + + +Underfull \hbox (badness 1354) in paragraph at lines 340--353 +\T1/times/n/n/10 (+20) and re-peat-able per-for-mance claims along-side func-ti +onal + [] + + +Underfull \vbox (badness 3219) has occurred while \output is active [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 353. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[4] +Underfull \hbox (badness 1383) in paragraph at lines 360--361 +[]\T1/times/b/n/10 (+20) Budget-aware Retry: \T1/times/n/n/10 (+20) A con-fig-u +rable retry bud-get + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 366--367 +[]\T1/times/b/n/10 (+20) Policy Re-check: \T1/times/n/n/10 (+20) The patched ma +n-i-fest is re- + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 366--367 +\T1/times/n/n/10 (+20) each cov-ered pol-icy (e.g., \T1/pcr/m/n/10 no_latest_ta +g\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 366--367 +\T1/pcr/m/n/10 no_privileged\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 drop_capabi +lities\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 366--367 +\T1/pcr/m/n/10 drop_cap_sys_admin\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 run_as +_non_root\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 366--367 +\T1/pcr/m/n/10 read_only_root_fs\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 no_host +_* \T1/times/n/n/10 (+20) flags, + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 366--367 +\T1/pcr/m/n/10 no_allow_privilege_escalation\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 3009) in paragraph at lines 366--367 +\T1/pcr/m/n/10 enforce_seccomp\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 set_reque +sts_limits\T1/times/n/n/10 (+20) ); + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 366--367 +\T1/pcr/m/n/10 --enable-rescan\T1/times/n/n/10 (+20) . Non-allowlisted \T1/pcr/ +m/n/10 hostPath + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 368--369 +[]\T1/times/b/n/10 (+20) Server-side Dry-run: \T1/times/n/n/10 (+20) When \T1/p +cr/m/n/10 kubectl \T1/times/n/n/10 (+20) is + [] + + +Underfull \hbox (badness 3209) in paragraph at lines 368--369 +\T1/times/n/n/10 (+20) avail-able, the sys-tem ex-e-cutes \T1/pcr/m/n/10 kubect +l apply + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 372--373 +[]\T1/times/b/n/10 (+20) Dangerous ca-pa-bil-i-ties blocked: \T1/times/n/n/10 ( ++20) Re-jects + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 372--373 +\T1/pcr/m/n/10 capabilities.add \T1/times/n/n/10 (+20) en-tries con-tain-ing + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 372--373 +\T1/pcr/m/n/10 NET_RAW\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 NET_ADMIN\T1/time +s/n/n/10 (+20) , \T1/pcr/m/n/10 SYS_ADMIN\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 375--376 +[]\T1/times/b/n/10 (+20) hostPath al-lowlist/re-me-di-a-tion: \T1/times/n/n/10 +(+20) Re- + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 375--376 +\T1/times/n/n/10 (+20) stricts host mounts to ap-proved paths + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 375--376 +\T1/times/n/n/10 (+20) ([][]$/var / run / secrets / kubernetes . io / serviceac +count$[][], + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 375--376 +[][]$\T1/times/n/n/10 (+20) /var / lib / kubelet / pods$[][], [][]$/etc / ssl / + certs$[][]); non- + [] + + +Underfull \vbox (badness 1622) has occurred while \output is active [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 416. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[5] +Underfull \hbox (badness 2027) in paragraph at lines 447--447 +[]|\T1/pcr/m/n/8 data/patches.json \T1/times/m/n/8 (+20) con-tain-ing guarded J +SON Patch ar-rays. Rules mode emits single- + [] + + +Underfull \hbox (badness 3271) in paragraph at lines 447--447 +\T1/times/m/n/8 (+20) operation fixes; ven-dor/vLLM modes re-quire OpenAI-compa +tible end-points con-fig-ured in + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 447--447 +[]|\T1/pcr/m/n/8 data/verified.json \T1/times/m/n/8 (+20) log-ging \T1/pcr/m/n/ +8 accepted\T1/times/m/n/8 (+20) , \T1/pcr/m/n/8 ok_schema\T1/times/m/n/8 (+20) +, \T1/pcr/m/n/8 ok_policy\T1/times/m/n/8 (+20) , and + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 447--447 +\T1/pcr/m/n/8 read_only_root_fs\T1/times/m/n/8 (+20) , \T1/pcr/m/n/8 no_host_* +\T1/times/m/n/8 (+20) flags, \T1/pcr/m/n/8 no_allow_privilege_escalation\T1/tim +es/m/n/8 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 470--471 +\T1/times/n/n/10 (+20) Executing \T1/pcr/m/n/10 python -m unittest discover + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 470--471 +\T1/pcr/m/n/10 -s tests \T1/times/n/n/10 (+20) yields \T1/pcr/m/n/10 16 tests i +n 0.02s, OK + [] + + +Underfull \hbox (badness 3646) in paragraph at lines 470--471 +\T1/times/n/n/10 (+20) suite, which ac-ti-vates af-ter \T1/pcr/m/n/10 data/patc +hes.json \T1/times/n/n/10 (+20) is + [] + + +Underfull \hbox (badness 2884) in paragraph at lines 473--474 +\T1/times/b/n/10 (+20) Property-based tests. \T1/times/n/n/10 (+20) In ad-di-ti +on to the de-ter-min-is-tic + [] + + +Underfull \hbox (badness 7256) in paragraph at lines 473--474 +\T1/times/n/n/10 (+20) con-tract tests, \T1/pcr/m/n/10 tests/test_property_guar +ds.py + [] + + +Underfull \hbox (badness 2435) in paragraph at lines 473--474 +\T1/times/n/n/10 (+20) ver-ify that the per-policy patch-ers be-have safely (e. +g., + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 473--474 +\T1/pcr/m/n/10 drop_capabilities\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 drop_ca +p_sys_admin\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 473--474 +\T1/pcr/m/n/10 run_as_non_root\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 enforce_s +eccomp\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 473--474 +\T1/pcr/m/n/10 no_allow_privilege_escalation\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 473--474 +\T1/pcr/m/n/10 no_host_path\T1/times/n/n/10 (+20) ). These checks val-i-date th +at those + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 473--474 +\T1/times/n/n/10 (+20) ca-pa-bil-i-ties, deny-ing priv-i-lege es-ca-la-tion, en +-forc-ing + [] + + +Underfull \hbox (badness 2027) in paragraph at lines 473--474 +\T1/times/n/n/10 (+20) Run-timeDe-fault sec-comp, and pre-fer-ring non-privileg +ed + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 476--477 +\T1/times/n/n/10 (+20) Two de-lib-er-ately vul-ner-a-ble man-i-fests (\T1/pcr/m +/n/10 001.yaml\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 4846) in paragraph at lines 478--479 +[]\T1/times/n/n/10 (+20) Table [][]5[][] sum-ma-rizes the run-time en-vi-ron-me +nt used + [] + + +Underfull \hbox (badness 3471) in paragraph at lines 478--479 +\T1/times/n/n/10 (+20) for the re-gen-er-a-tions in Sec-tion [][][][][]; the fu +ll de-pen- + [] + +(./grok_failures_table.tex) +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 520. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[6] +Underfull \hbox (badness 10000) in paragraph at lines 524--525 +\T1/times/b/n/10 (+20) Detector ac-cu-racy. \T1/times/n/n/10 (+20) Run-ning + [] + + +Underfull \hbox (badness 4518) in paragraph at lines 524--525 +\T1/pcr/m/n/10 scripts/eval_detector.py \T1/times/n/n/10 (+20) on a syn-thetic +nine- + [] + + +Underfull \hbox (badness 2318) in paragraph at lines 524--525 +\T1/times/n/n/10 (+20) con-trolled eval-u-a-tion uses hand-crafted test cases w +ith + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 524--525 +\T1/times/n/n/10 (+20) re-play ([][]$data / live _ cluster / results _ 1k . jso +n$[][]; sum-mary in + [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 525. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[7] +Underfull \hbox (badness 10000) in paragraph at lines 527--528 +\T1/pcr/m/n/10 no_host_path\T1/times/n/n/10 (+20) , \T1/pcr/m/n/10 no_host_port +s\T1/times/n/n/10 (+20) ). The de-tec-tor + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 527--528 +\T1/times/n/n/10 (+20) poli-cies (de-tec-tions fil-tered via [][]$data / eval / + artifacthub _ + [] + + +Underfull \hbox (badness 2781) in paragraph at lines 527--528 +\T1/times/n/n/10 (+20) sample _ detections _ ^^\ltered . json$[][]). La-bels, d +e-tec-tions, and + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 527--528 +[][]$\T1/times/n/n/10 (+20) data / eval / artifacthub _ sample _ detections . j +son$[][], and + [] + +<../figures/fairness_waits.png, id=346, 469.755pt x 252.945pt> +File: ../figures/fairness_waits.png Graphic file (type png) + +Package pdftex.def Info: ../figures/fairness_waits.png used on input line 566. + +(pdftex.def) Requested size: 218.40471pt x 117.60277pt. +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 569. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[8] +<../figures/admission_vs_posthoc.png, id=367, 867.24pt x 505.89pt> +File: ../figures/admission_vs_posthoc.png Graphic file (type png) + +Package pdftex.def Info: ../figures/admission_vs_posthoc.png used on input lin +e 612. +(pdftex.def) Requested size: 218.40471pt x 127.39848pt. +<../figures/mode_comparison.png, id=368, 433.62pt x 289.08pt> +File: ../figures/mode_comparison.png Graphic file (type png) + +Package pdftex.def Info: ../figures/mode_comparison.png used on input line 619 +. +(pdftex.def) Requested size: 218.40471pt x 145.60269pt. +<../figures/operator_ab.png, id=371, 571.4148pt x 353.6412pt> +File: ../figures/operator_ab.png Graphic file (type png) + +Package pdftex.def Info: ../figures/operator_ab.png used on input line 626. +(pdftex.def) Requested size: 218.40471pt x 135.16748pt. + +Overfull \hbox (41.14658pt too wide) in paragraph at lines 656--667 + [][] + [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 682. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[9 <../figures/fairness_waits.png> <../figures/admission_vs_posthoc.png> <../fi +gures/mode_comparison.png>] +Underfull \hbox (badness 10000) in paragraph at lines 684--685 +\T1/times/n/n/10 (+20) The re-pro-ducibil-ity bun-dle (\T1/pcr/m/n/10 make + [] + + +Underfull \hbox (badness 2671) in paragraph at lines 684--685 +\T1/times/n/n/10 (+20) Se-man-tic re-gres-sion checks now block Grok-generated + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 684--685 +\T1/times/n/n/10 (+20) un-der [][]$infra / ^^\xtures/$[][] seed RBAC/Net-workPo +l-icy gaps + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 684--685 +\T1/times/n/n/10 (+20) be-fore ver-i-fi-ca-tion. We threat-modeled ma-li-cious +or + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 684--685 +\T1/times/n/n/10 (+20) sur-faces un-ver-i-fied patches. Resid-ual risks^^Vprima +rily + [] + + +Underfull \hbox (badness 8170) in paragraph at lines 684--685 +\T1/times/n/n/10 (+20) cap-tured in [][]$logs / grok5k / failure _ summary _ la +test . txt$[][] and + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 684--685 +\T1/times/n/n/10 (+20) guardrails harden high-privilege Dae-mon-Sets with-out + [] + + +Underfull \vbox (badness 1107) has occurred while \output is active [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 738. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[10 <../figures/operator_ab.png>] +Underfull \hbox (badness 2903) in paragraph at lines 761--762 +\T1/times/n/n/10 (+20) Replay of the 830-item queue snap-shot ([][]$data / metr +ics _ + [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 764. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[11] +Underfull \hbox (badness 3792) in paragraph at lines 765--766 +\T1/times/n/n/10 (+20) set re-source lim-its with-out also set-ting re-quests. +The + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 765--766 +\T1/times/n/n/10 (+20) base-line (\T1/pcr/m/n/10 scripts/run_kyverno_baseline.p +y\T1/times/n/n/10 (+20) , + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 765--766 +\T1/pcr/m/n/10 data/baselines/kyverno_baseline.csv\T1/times/n/n/10 (+20) ) + [] + + +Underfull \hbox (badness 4792) in paragraph at lines 765--766 +\T1/times/n/n/10 (+20) achieves 67.98% mean ac-cep-tance across 17 poli-cies + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 801--801 +[]\T1/pcr/m/n/10 --- a/manifest.yaml +++ b/manifest.yaml + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 801--801 +\T1/pcr/m/n/10 @@ -8,4 +8,4 @@ volumes: - name: + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 801--801 +\T1/pcr/m/n/10 host-data hostPath: - path: + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 877--878 +\T1/times/n/n/10 (+20) skew to-ward Helm-derived work-loads and may + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 877--878 +\T1/times/n/n/10 (+20) miss be-spoke pro-duc-tion clus-ters. \T1/times/b/n/10 ( ++20) Mit-i-ga-tion: + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 877--878 +\T1/times/n/n/10 (+20) we re-fresh the Ar-ti-fac-tHub scrape monthly + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 877--878 +\T1/times/n/n/10 (+20) (\T1/pcr/m/n/10 scripts/collect_artifacthub.py\T1/times/ +n/n/10 (+20) ), add + [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 880. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[12] +Underfull \hbox (badness 3302) in paragraph at lines 886--887 +[]\T1/times/n/n/10 (+20) All met-rics in this pa-per are re-gen-er-ated from th +e + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 890--891 +[]\T1/times/n/n/10 (+20) Near-term ef-forts fo-cus on keep-ing the seeded + [] + + +Underfull \hbox (badness 2376) in paragraph at lines 890--891 +\T1/times/n/n/10 (+20) clus-ters, en-rich-ing Grok/xAI teleme-try with mono-ton +ic + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 890--891 +\T1/times/n/n/10 (+20) la-tency traces, and con-duct-ing an op-er-a-tor ro-ta-t +ion + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 890--891 +\T1/times/n/n/10 (+20) with em-bed-ded sur-veys to val-i-date the sched-uler + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 890--891 +\T1/times/n/n/10 (+20) against real an-a-lyst work-flows. All ar-ti-facts re-ma +in + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 890--891 +\T1/times/n/n/10 (+20) avail-able at [][]$https : / / github . com / bmendonca3 + / k8s-[]auto-[]^^\x$[][] + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 890--891 +\T1/times/n/n/10 (+20) (com-mit [][]$e4af5efa7b0a52d7b7e58d76879b0060b354af27$[ +][]), + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 890--891 +\T1/times/n/n/10 (+20) with a long-term snap-shot mir-rored in [][]$archives / + [] + +LaTeX Font Info: Calculating math sizes for size <7.61> on input line 901. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 7.99051pt on input line 901. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 5.59332pt on input line 901. +LaTeX Font Info: Font shape `U/rsfs/m/n' will be +(Font) scaled to size 3.99524pt on input line 901. +LaTeX Font Info: Font shape `T1/pcr/n/n' in size <7.61> not available +(Font) Font shape `T1/pcr/m/n' tried instead on input line 919. + +Underfull \hbox (badness 10000) in paragraph at lines 931--932 +[]\T1/times/m/n/7.61 (+20) CISA Known Ex-ploited Vul-ner-a-bil-i-ties Cat-a-log +. Ac-cessed: + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 931--932 +\T1/times/m/n/7.61 (+20) Oct. 2025. [On-line]. Avail-able: [][]$https : / / www + . cisa . gov / + [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 941. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[13] + +Package hyperref Warning: The anchor of a bookmark and its parent's must not +(hyperref) be the same. Added a new anchor on input line 983. + + +File: brian_mendonca_photo.png Graphic file (type png) + +Package pdftex.def Info: brian_mendonca_photo.png used on input line 983. +(pdftex.def) Requested size: 72.26357pt x 56.37804pt. +File: brian_mendonca_photo.png Graphic file (type png) + +Package pdftex.def Info: brian_mendonca_photo.png used on input line 983. +(pdftex.def) Requested size: 72.26357pt x 56.37804pt. + +Underfull \hbox (badness 3019) in paragraph at lines 983--989 +[]\T1/times/n/n/8 (+20) Prior to grad-u-ate study, he worked as an + [] + + +Underfull \hbox (badness 1783) in paragraph at lines 983--989 +\T1/times/n/n/8 (+20) Aerospace Qual-ity En-gi-neer at BAE Sys-tems + [] + + +File: vijay_madisetti_photo.png Graphic file (type png) + +Package pdftex.def Info: vijay_madisetti_photo.png used on input line 991. +(pdftex.def) Requested size: 72.26932pt x 87.05168pt. +File: vijay_madisetti_photo.png Graphic file (type png) + +Package pdftex.def Info: vijay_madisetti_photo.png used on input line 991. +(pdftex.def) Requested size: 72.26932pt x 87.05168pt. +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1000. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[14 <./brian_mendonca_photo.png> <./vijay_madisetti_photo.png>] +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1005. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[15 + + +] +Underfull \hbox (badness 4726) in paragraph at lines 1012--1013 +[]\T1/times/n/n/10 (+20) Inspect the pro-poser/ver-i-fier records ([][]$data / +batch _ + [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1016. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[16 + + +] +Overfull \hbox (19.66112pt too wide) in paragraph at lines 1021--1040 + [][] + [] + +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1042. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[17 + + +] +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1061. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[18 + + +] +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1061. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[19] +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1089. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[20 + + + +] +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1089. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[21] +Underfull \hbox (badness 10000) in paragraph at lines 1091--1091 +[][][][]\T1/times/n/n/8 (+20) Command: \T1/pcr/m/n/8 python scripts/collect_art +ifacthub.py + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 1094--1095 +\T1/pcr/m/n/10 scripts/generate_corpus_appendix.py \T1/times/n/n/10 (+20) emits + + [] + + +Underfull \hbox (badness 10000) in paragraph at lines 1094--1095 +[][]$\T1/times/n/n/10 (+20) docs / appendix _ corpus . md$[][], a SHA-256 in-ve +n-tory of + [] + + +Underfull \hbox (badness 4341) in paragraph at lines 1094--1095 +\T1/times/n/n/10 (+20) ev-ery man-i-fest (in-clud-ing the cu-rated smoke tests +in + [] + + +Underfull \hbox (badness 5022) in paragraph at lines 1094--1095 +[][]$\T1/times/n/n/10 (+20) data / manifests / 001 . yaml$[][] and [][]$002 . y +aml$[][]). This ap-pendix + [] + +File: bullet.png Graphic file (type png) + +Package pdftex.def Info: bullet.png used on input line 1099. +(pdftex.def) Requested size: 5.0pt x 14.6871pt. +File: notaglinelogo.png Graphic file (type png) + +Package pdftex.def Info: notaglinelogo.png used on input line 1101. +(pdftex.def) Requested size: 91.32pt x 23.1352pt. + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Overfull \hbox (505.12177pt too wide) has occurred while \output is active +[] + [] + + +Underfull \hbox (badness 10000) has occurred while \output is active +[] + [] + +[22 + + + +] (./access.aux) + *********** +LaTeX2e <2023-11-01> patch level 1 +L3 programming layer <2024-01-22> + *********** +Package rerunfilecheck Info: File `access.out' has not changed. +(rerunfilecheck) Checksum: 47A4ABBE3FBFB076163A4A9272F1D770;5711. + ) +Here is how much of TeX's memory you used: + 17940 strings out of 476106 + 282955 string characters out of 5793933 + 2112975 words of memory out of 5000000 + 39090 multiletter control sequences out of 15000+600000 + 690608 words of font info for 436 fonts, out of 8000000 for 9000 + 59 hyphenation exceptions out of 8191 + 75i,16n,84p,1557b,1623s stack positions out of 10000i,1000n,20000p,200000b,200000s + +pdfTeX warning (dest): name{section*.1} has been referenced but does not exist, + replaced by a fixed one + +< +/usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy6.pfb><./t1-formata-bold.pfb><. +/t1-formata-condmedium.pfb><./t1-formata-medium.pfb><./t1-formata-mediumitalic. +pfb><./t1-formata-regular.pfb><./t1-giovannistd-bookitalic.pfb><./t1-times-bold +.pfb><./t1-times-italic.pfb><./t1-times.pfb> +Output written on access.pdf (22 pages, 1696401 bytes). +PDF statistics: + 828 PDF objects out of 1000 (max. 8388607) + 676 compressed objects within 7 object streams + 170 named destinations out of 1000 (max. 500000) + 119110 words of extra memory for PDF output out of 128383 (max. 10000000) diff --git a/paper/access.out b/paper/access.out new file mode 100644 index 00000000..cbbd5519 --- /dev/null +++ b/paper/access.out @@ -0,0 +1,32 @@ +\BOOKMARK [1][-]{section.1}{\376\377\000I\000m\000p\000o\000r\000t\000a\000n\000c\000e\000\040\000o\000f\000\040\000t\000h\000e\000\040\000P\000r\000o\000b\000l\000e\000m}{}% 1 +\BOOKMARK [1][-]{section.2}{\376\377\000R\000e\000l\000a\000t\000e\000d\000\040\000W\000o\000r\000k}{}% 2 +\BOOKMARK [1][-]{section.3}{\376\377\000S\000y\000s\000t\000e\000m\000\040\000D\000e\000s\000i\000g\000n}{}% 3 +\BOOKMARK [2][-]{subsection.3.1}{\376\377\000N\000o\000t\000a\000t\000i\000o\000n}{section.3}% 4 +\BOOKMARK [2][-]{subsection.3.2}{\376\377\000E\000n\000d\000-\000t\000o\000-\000E\000n\000d\000\040\000W\000a\000l\000k\000t\000h\000r\000o\000u\000g\000h\000\040\000o\000n\000\040\000R\000e\000a\000l\000\040\000M\000a\000n\000i\000f\000e\000s\000t\000s}{section.3}% 5 +\BOOKMARK [2][-]{subsection.3.3}{\376\377\000R\000e\000s\000e\000a\000r\000c\000h\000\040\000Q\000u\000e\000s\000t\000i\000o\000n\000s\000\040\000a\000n\000d\000\040\000F\000i\000n\000d\000i\000n\000g\000s}{section.3}% 6 +\BOOKMARK [1][-]{section.4}{\376\377\000I\000m\000p\000l\000e\000m\000e\000n\000t\000a\000t\000i\000o\000n\000\040\000a\000n\000d\000\040\000M\000e\000t\000r\000i\000c\000s}{}% 7 +\BOOKMARK [2][-]{subsection.4.1}{\376\377\000T\000h\000e\000\040\000C\000l\000o\000s\000e\000d\000-\000L\000o\000o\000p\000\040\000P\000i\000p\000e\000l\000i\000n\000e}{section.4}% 8 +\BOOKMARK [2][-]{subsection.4.2}{\376\377\000V\000e\000r\000i\000f\000i\000c\000a\000t\000i\000o\000n\000\040\000G\000a\000t\000e\000s}{section.4}% 9 +\BOOKMARK [1][-]{section.5}{\376\377\000I\000m\000p\000l\000e\000m\000e\000n\000t\000a\000t\000i\000o\000n\000\040\000S\000t\000a\000t\000u\000s\000\040\000a\000n\000d\000\040\000E\000v\000i\000d\000e\000n\000c\000e}{}% 10 +\BOOKMARK [2][-]{subsection.5.1}{\376\377\000S\000a\000m\000p\000l\000e\000\040\000D\000e\000t\000e\000c\000t\000i\000o\000n\000\040\000R\000e\000c\000o\000r\000d}{section.5}% 11 +\BOOKMARK [2][-]{subsection.5.2}{\376\377\000U\000n\000i\000t\000\040\000T\000e\000s\000t\000\040\000E\000v\000i\000d\000e\000n\000c\000e}{section.5}% 12 +\BOOKMARK [2][-]{subsection.5.3}{\376\377\000D\000a\000t\000a\000s\000e\000t\000\040\000a\000n\000d\000\040\000C\000o\000n\000f\000i\000g\000u\000r\000a\000t\000i\000o\000n}{section.5}% 13 +\BOOKMARK [2][-]{subsection.5.4}{\376\377\000E\000v\000a\000l\000u\000a\000t\000i\000o\000n\000\040\000R\000e\000s\000u\000l\000t\000s}{section.5}% 14 +\BOOKMARK [2][-]{subsection.5.5}{\376\377\000T\000h\000r\000e\000a\000t\000\040\000M\000o\000d\000e\000l}{section.5}% 15 +\BOOKMARK [2][-]{subsection.5.6}{\376\377\000T\000h\000r\000e\000a\000t\000s\000\040\000a\000n\000d\000\040\000M\000i\000t\000i\000g\000a\000t\000i\000o\000n\000s}{section.5}% 16 +\BOOKMARK [2][-]{subsection.5.7}{\376\377\000T\000h\000r\000e\000a\000t\000\040\000I\000n\000t\000e\000l\000l\000i\000g\000e\000n\000c\000e\000\040\000a\000n\000d\000\040\000R\000i\000s\000k\000\040\000S\000c\000o\000r\000i\000n\000g\000\040\000\050\000C\000V\000E\000/\000K\000E\000V\000/\000E\000P\000S\000S\000\051}{section.5}% 17 +\BOOKMARK [2][-]{subsection.5.8}{\376\377\000G\000u\000i\000d\000a\000n\000c\000e\000\040\000R\000e\000f\000r\000e\000s\000h\000\040\000a\000n\000d\000\040\000R\000A\000G\000\040\000H\000o\000o\000k\000s}{section.5}% 18 +\BOOKMARK [2][-]{subsection.5.9}{\376\377\000R\000i\000s\000k\000-\000B\000a\000n\000d\000i\000t\000\040\000S\000c\000h\000e\000d\000u\000l\000e\000r\000\040\000w\000i\000t\000h\000\040\000A\000g\000i\000n\000g\000\040\000a\000n\000d\000\040\000K\000E\000V\000\040\000P\000r\000e\000e\000m\000p\000t\000i\000o\000n}{section.5}% 19 +\BOOKMARK [2][-]{subsection.5.10}{\376\377\000B\000a\000s\000e\000l\000i\000n\000e\000s\000\040\000a\000n\000d\000\040\000A\000b\000l\000a\000t\000i\000o\000n\000s}{section.5}% 20 +\BOOKMARK [2][-]{subsection.5.11}{\376\377\000M\000e\000t\000r\000i\000c\000s\000\040\000a\000n\000d\000\040\000M\000e\000a\000s\000u\000r\000e\000m\000e\000n\000t}{section.5}% 21 +\BOOKMARK [1][-]{section.6}{\376\377\000L\000i\000m\000i\000t\000a\000t\000i\000o\000n\000s\000\040\000a\000n\000d\000\040\000M\000i\000t\000i\000g\000a\000t\000i\000o\000n\000s}{}% 22 +\BOOKMARK [1][-]{section.7}{\376\377\000D\000i\000s\000c\000u\000s\000s\000i\000o\000n\000\040\000a\000n\000d\000\040\000F\000u\000t\000u\000r\000e\000\040\000W\000o\000r\000k}{}% 23 +\BOOKMARK [1][-]{section*.1}{\376\377\000R\000e\000f\000e\000r\000e\000n\000c\000e\000s}{}% 24 +\BOOKMARK [2][-]{section*.2}{\376\377\000B\000r\000i\000a\000n\000\040\000M\000e\000n\000d\000o\000n\000c\000a}{section*.1}% 25 +\BOOKMARK [2][-]{section*.2}{\376\377\000V\000i\000j\000a\000y\000\040\000K\000.\000\040\000M\000a\000d\000i\000s\000e\000t\000t\000i}{section*.1}% 26 +\BOOKMARK [1][-]{appendix.Appendix.A}{\376\377\000G\000r\000o\000k\000/\000x\000A\000I\000\040\000F\000a\000i\000l\000u\000r\000e\000\040\000A\000n\000a\000l\000y\000s\000i\000s}{}% 27 +\BOOKMARK [1][-]{appendix.Appendix.B}{\376\377\000R\000i\000s\000k\000\040\000S\000c\000o\000r\000e\000\040\000W\000o\000r\000k\000e\000d\000\040\000E\000x\000a\000m\000p\000l\000e}{}% 28 +\BOOKMARK [1][-]{appendix.Appendix.C}{\376\377\000A\000c\000r\000o\000n\000y\000m\000\040\000G\000l\000o\000s\000s\000a\000r\000y}{}% 29 +\BOOKMARK [1][-]{appendix.Appendix.D}{\376\377\000A\000r\000t\000i\000f\000a\000c\000t\000\040\000I\000n\000d\000e\000x}{}% 30 +\BOOKMARK [1][-]{appendix.Appendix.E}{\376\377\000E\000v\000a\000l\000u\000a\000t\000i\000o\000n\000\040\000A\000r\000t\000i\000f\000a\000c\000t\000\040\000M\000a\000n\000i\000f\000e\000s\000t}{}% 31 +\BOOKMARK [1][-]{appendix.Appendix.F}{\376\377\000C\000o\000r\000p\000u\000s\000\040\000M\000i\000n\000i\000n\000g\000\040\000a\000n\000d\000\040\000I\000n\000t\000e\000g\000r\000i\000t\000y}{}% 32 diff --git a/paper/access.pdf b/paper/access.pdf index 70901dec..4b9a77c5 100644 Binary files a/paper/access.pdf and b/paper/access.pdf differ diff --git a/paper/access.tex b/paper/access.tex index d18ce151..05d9d5ba 100644 --- a/paper/access.tex +++ b/paper/access.tex @@ -887,105 +887,7 @@ \section{Discussion and Future Work} Looking forward, we will automate guidance refreshes in CI (\url{scripts/refresh_guidance.py}), fold EPSS/KEV feeds directly into the risk score $R_i$, and scale the qualitative feedback loop that now captures operator notes in \url{docs/qualitative_feedback.md}. As the LLM-backed proposer matures, we plan to publish comparative acceptance and latency data, extend scheduler policies with batch-aware fairness, and run human-in-the-loop rotations so the system graduates from prototype to production-ready remediation service. -Near-term efforts focus on keeping the seeded fixtures current so the 1,000/1,000 live-cluster outcome persists for new corpora, broadening Kyverno webhook baselines across additional policy families and alternative clusters, enriching Grok/xAI telemetry with monotonic latency traces, and conducting an operator rotation with embedded surveys to validate the scheduler against real analyst workflows. All artifacts remain available at \url{https://github.com/bmendonca3/k8s-auto-fix} (commit \texttt{e4af5efa7b0a52d7b7e58d76879b0060b354af27}), with a long-term snapshot mirrored in \texttt{archives/k8s-auto-fix-evidence-20251020.tar.gz}. - -\appendices - -\section{Grok/xAI Failure Analysis} -\label{app:grok_failures} - -The raw data for the Grok/xAI failure analysis can be found in \texttt{data/grok\_failure\_analysis.csv}. This file provides a comprehensive list of all failure causes and their corresponding counts, generated from the analysis of the 5,000-manifest Grok corpus. - -\section{Risk Score Worked Example} -\label{app:risk_example} - -The released telemetry enables reviewers to recompute risk units and $\Delta R/t$ for any queue item. As a concrete example we trace detection \texttt{001} from the Grok/xAI replay: -\begin{enumerate} - \item Look up the detection metadata in \texttt{data/batch\_runs/detections\_grok200.json} to confirm the violation is \texttt{latest-tag}. - \item Normalise the policy identifier and pull its risk weight and expected latency from \texttt{data/policy\_metrics\_grok200.json}. For \texttt{no\_latest\_tag} the risk is 50 units and the proposer+verifier expected time is 9.363~s (averaged from the recorded latencies). - \item Inspect the proposer/verifier records (\texttt{data/batch\_runs/patches\_grok200.json}; \texttt{data/batch\_runs/verified\_grok200.json}) to see that the patch was accepted with a measured end-to-end latency of 7.339~s and verifier latency of 0.332~s. -\end{enumerate} -Because the patch succeeded, the pre-risk $R^{\text{pre}} = 50$ drops to $R^{\text{post}} = 0$, yielding $\Delta R = 50$ and $\Delta R/t = 50 / 9.363 = 5.34$ risk units per second. Summing the same quantities across the corpus reproduces Table~\ref{tab:risk_calibration}, as computed by \texttt{scripts/risk\_calibration.py}. - -\section{Acronym Glossary} -\label{app:acronyms} -\begin{table}[h] -\centering -\small -\begin{tabular}{@{}ll@{}} -\toprule -\textbf{Acronym} & \textbf{Definition} \\ -\midrule -CIS & Center for Internet Security \\ -PSS & Pod Security Standards \\ -CRD & Custom Resource Definition \\ -RBAC & Role-Based Access Control \\ -CTI & Cyber Threat Intelligence \\ -KEV & CISA Known Exploited Vulnerabilities \\ -EPSS & Exploit Prediction Scoring System \\ -CVE/CVSS & Common Vulnerabilities and Exposures / Scoring System \\ -RAG & Retrieval-Augmented Generation \\ -MTTR & Mean Time To Remediate \\ -CEL & Common Expression Language (Kubernetes) \\ -SAST & Static Application Security Testing \\ -DAST & Dynamic Application Security Testing \\ -\bottomrule -\end{tabular} -\end{table} - -\section{Artifact Index} -\label{app:artifact_index} -\begin{table*}[t!] -\centering -\small -\caption{Primary artifacts bundled with the paper.} -\begin{tabularx}{\textwidth}{@{}>{\ttfamily\raggedright\arraybackslash}p{2.8in}>{\raggedright\arraybackslash}X@{}} -\toprule -\textrm{\textbf{Artifact (path)}} & \textbf{Description} \\ -\midrule -data/live\_cluster/results\_1k.json & Live-cluster replay outcomes (1,000 manifests, dry-run/live apply parity). \\ -data/batch\_runs/grok\_5k/\allowbreak metrics\_grok5k.json & Grok/xAI telemetry (acceptance, latency, token counts) for the 5k sweep. \\ -data/risk/risk\_calibration.csv & Risk accounting summary ($\Delta R$, residual risk, $\Delta R/t$) for supported and 5k corpora. \\ -data/metrics\_schedule\_compare.json & Queue replay statistics for FIFO vs.\ risk-aware schedulers (rank, wait, $\Delta R/t$). \\ -data/grok\_failure\_analysis.csv & Grok failure taxonomy (dry-run retrievals, StatefulSet validation, etc.). \\ -\bottomrule -\end{tabularx} -\end{table*} - -\section{Evaluation Artifact Manifest} -\label{app:artifact_manifest} -\begin{table*}[t!] -\centering -\small -\caption{Key evaluation artifacts with record counts and purposes for full reproducibility.} -\label{tab:artifact_manifest} -\begin{tabularx}{\textwidth}{@{}>{\ttfamily\raggedright\arraybackslash}p{3in}>{\raggedright\arraybackslash}X r@{}} -\toprule -\textrm{\textbf{Artifact Path}} & \textbf{Purpose} & \textbf{Count} \\ -\midrule -data/live\_cluster/results\_1k.json & Live-cluster replay outcomes (dry-run + apply) & 1{,}000 \\ -data/live\_cluster/summary\_1k.csv & Live-cluster aggregate statistics & 1 \\ -data/batch\_runs/grok\_5k/metrics\_grok5k.json & Grok-5k acceptance \& token telemetry & 5{,}000 \\ -data/batch\_runs/grok\_full/metrics\_grok\_full.json & Manifest slice (1{,}313) acceptance & 1{,}313 \\ -data/batch\_runs/grok200\_latency\_summary.csv & Proposer latency summary (Grok-200) & 280 \\ -data/batch\_runs/verified\_grok200\_latency\_summary.csv & Verifier latency summary (Grok-200) & 140 \\ -data/eval/significance\_tests.json & Statistical significance tests (z-test, Mann-Whitney U) & 12 \\ -data/eval/table4\_counts.csv & Table 4 manifest counts per corpus & 4 \\ -data/eval/table4\_with\_ci.csv & Wilson 95\% confidence intervals & 4 \\ -data/scheduler/fairness\_metrics.json & Scheduler fairness (Gini, starvation) & 830 \\ -data/scheduler/metrics\_schedule\_sweep.json & Scheduler parameter sweep results & 16 \\ -data/risk/risk\_calibration.csv & Risk reduction ($\Delta R$) per corpus & 2 \\ -\bottomrule -\end{tabularx} -\end{table*} - - -\section{Corpus Mining and Integrity} -\label{app:corpus} -\noindent\textbf{ArtifactHub mining pipeline.} Running the data collection helper\footnote{Command: \texttt{python scripts/\allowbreak collect\_artifacthub.py\ --limit\ 5000}.} renders Helm charts directly from ArtifactHub using \texttt{helm\ template}, normalizes resource filenames, and writes structured manifests under \url{data/manifests/artifacthub/}. The script records fetch failures and chart metadata so regenerated datasets can be diffed against the published summary. - -\medskip -\noindent\textbf{Corpus hashes.} After manifests are rendered, \texttt{python scripts/generate\_corpus\_appendix.py} emits \url{docs/appendix\_corpus.md}, a SHA-256 inventory of every manifest (including the curated smoke tests in \url{data/manifests/001.yaml} and \url{002.yaml}). This appendix enables reproducibility reviewers to verify corpus integrity and trace individual evaluation examples back to their Helm chart origins. +Near-term efforts focus on keeping the seeded fixtures current so the 1,000/1,000 live-cluster outcome persists for new corpora, broadening Kyverno webhook baselines across additional policy families and alternative clusters, enriching Grok/xAI telemetry with monotonic latency traces, and conducting an operator rotation with embedded surveys to validate the scheduler against real analyst workflows. All artifacts remain available at \url{https://github.com/bmendonca3/k8s-auto-fix} (commit \url{e4af5efa7b0a52d7b7e58d76879b0060b354af27}), with a long-term snapshot mirrored in \url{archives/k8s-auto-fix-evidence-20251020.tar.gz}. %==================== % References @@ -1092,6 +994,108 @@ \section{Corpus Mining and Integrity} Professor Madisetti is a Fellow of the IEEE and has been honored with the Terman Medal by the American Society of Engineering Education (ASEE). He has authored several widely referenced textbooks on topics including cloud computing, data analytics, blockchain, and microservices, and has extensive experience in secure system architectures and privacy-preserving technologies. \end{IEEEbiography} +\appendices +\sloppy + +\clearpage \section{Grok/xAI Failure Analysis} +\label{app:grok_failures} + +The raw data for the Grok/xAI failure analysis can be found in \texttt{\url{data/grok_failure_analysis.csv}}. This file provides a comprehensive list of all failure causes and their corresponding counts, generated from the analysis of the 5,000-manifest Grok corpus. + +\clearpage \section{Risk Score Worked Example} +\label{app:risk_example} + +The released telemetry enables reviewers to recompute risk units and $\Delta R/t$ for any queue item. As a concrete example we trace detection \texttt{001} from the Grok/xAI replay: +\begin{enumerate} + \item Look up the detection metadata in \url{data/batch_runs/detections_grok200.json} to confirm the violation is \texttt{latest-tag}. + \item Normalise the policy identifier and pull its risk weight and expected latency from \url{data/policy_metrics_grok200.json}. For \texttt{no\_latest\_tag} the risk is 50 units and the proposer+verifier expected time is 9.363~s (averaged from the recorded latencies). + \item Inspect the proposer/verifier records (\url{data/batch_runs/patches_grok200.json}; \url{data/batch_runs/verified_grok200.json}) to see that the patch was accepted with a measured end-to-end latency of 7.339~s and verifier latency of 0.332~s. +\end{enumerate} +Because the patch succeeded, the pre-risk $R^{\text{pre}} = 50$ drops to $R^{\text{post}} = 0$, yielding $\Delta R = 50$ and $\Delta R/t = 50 / 9.363 = 5.34$ risk units per second. Summing the same quantities across the corpus reproduces Table~\ref{tab:risk_calibration}, as computed by \texttt{scripts/risk\_calibration.py}. + +\clearpage \section{Acronym Glossary} +\label{app:acronyms} +\begin{table}[h] +\centering +\small +\begin{tabular}{@{}ll@{}} +\toprule +\textbf{Acronym} & \textbf{Definition} \\ +\midrule +CIS & Center for Internet Security \\ +PSS & Pod Security Standards \\ +CRD & Custom Resource Definition \\ +RBAC & Role-Based Access Control \\ +CTI & Cyber Threat Intelligence \\ +KEV & CISA Known Exploited Vulnerabilities \\ +EPSS & Exploit Prediction Scoring System \\ +CVE/CVSS & Common Vulnerabilities and Exposures / Scoring System \\ +RAG & Retrieval-Augmented Generation \\ +MTTR & Mean Time To Remediate \\ +CEL & Common Expression Language (Kubernetes) \\ +SAST & Static Application Security Testing \\ +DAST & Dynamic Application Security Testing \\ +\bottomrule +\end{tabular} +\end{table} + +\clearpage \section{Artifact Index} +\label{app:artifact_index} +\begin{table*}[t!] +\centering +\small +\caption{Primary artifacts bundled with the paper.} +\begin{tabularx}{\textwidth}{@{}>{\ttfamily\raggedright\arraybackslash}p{2.8in}>{\raggedright\arraybackslash}X@{}} +\toprule +\textrm{\textbf{Artifact (path)}} & \textbf{Description} \\ +\midrule +\url{data/live_cluster/results_1k.json} & Live-cluster replay outcomes (1,000 manifests, dry-run/live apply parity). \\ +data/batch\_runs/grok\_5k/\allowbreak metrics\_grok5k.json & Grok/xAI telemetry (acceptance, latency, token counts) for the 5k sweep. \\ +\url{data/risk/risk_calibration.csv} & Risk accounting summary ($\Delta R$, residual risk, $\Delta R/t$) for supported and 5k corpora. \\ +\url{data/metrics_schedule_compare.json} & Queue replay statistics for FIFO vs.\ risk-aware schedulers (rank, wait, $\Delta R/t$). \\ +\url{data/grok_failure_analysis.csv} & Grok failure taxonomy (dry-run retrievals, StatefulSet validation, etc.). \\ +\bottomrule +\end{tabularx} +\end{table*} + +\clearpage \section{Evaluation Artifact Manifest} +\label{app:artifact_manifest} +\begin{table*}[t!] +\centering +\small +\caption{Key evaluation artifacts with record counts and purposes for full reproducibility.} +\label{tab:artifact_manifest} +\begin{tabularx}{\textwidth}{@{}>{\ttfamily\raggedright\arraybackslash}p{3in}>{\raggedright\arraybackslash}X r@{}} +\toprule +\textrm{\textbf{Artifact Path}} & \textbf{Purpose} & \textbf{Count} \\ +\midrule +\url{data/live_cluster/results_1k.json} & Live-cluster replay outcomes (dry-run + apply) & 1{,}000 \\ +\url{data/live_cluster/summary_1k.csv} & Live-cluster aggregate statistics & 1 \\ +\url{data/batch_runs/grok_5k/metrics_grok5k.json} & Grok-5k acceptance \& token telemetry & 5{,}000 \\ +\url{data/batch_runs/grok_full/metrics_grok_full.json} & Manifest slice (1{,}313) acceptance & 1{,}313 \\ +\url{data/batch_runs/grok200_latency_summary.csv} & Proposer latency summary (Grok-200) & 280 \\ +\url{data/batch_runs/verified_grok200_latency_summary.csv} & Verifier latency summary (Grok-200) & 140 \\ +\url{data/eval/significance_tests.json} & Statistical significance tests (z-test, Mann-Whitney U) & 12 \\ +\url{data/eval/table4_counts.csv} & Table 4 manifest counts per corpus & 4 \\ +\url{data/eval/table4_with_ci.csv} & Wilson 95\% confidence intervals & 4 \\ +\url{data/scheduler/fairness_metrics.json} & Scheduler fairness (Gini, starvation) & 830 \\ +\url{data/scheduler/metrics_schedule_sweep.json} & Scheduler parameter sweep results & 16 \\ +\url{data/risk/risk_calibration.csv} & Risk reduction ($\Delta R$) per corpus & 2 \\ +\bottomrule +\end{tabularx} +\end{table*} + + +\clearpage \section{Corpus Mining and Integrity} +\label{app:corpus} +\noindent\textbf{ArtifactHub mining pipeline.} Running the data collection helper\footnote{Command: \texttt{python scripts/\allowbreak collect\_artifacthub.py\ --limit\ 5000}.} renders Helm charts directly from ArtifactHub using \texttt{helm\ template}, normalizes resource filenames, and writes structured manifests under \url{data/manifests/artifacthub/}. The script records fetch failures and chart metadata so regenerated datasets can be diffed against the published summary. + +\medskip +\noindent\textbf{Corpus hashes.} After manifests are rendered, \texttt{python scripts/generate\_corpus\_appendix.py} emits \url{docs/appendix\_corpus.md}, a SHA-256 inventory of every manifest (including the curated smoke tests in \url{data/manifests/001.yaml} and \url{002.yaml}). This appendix enables reproducibility reviewers to verify corpus integrity and trace individual evaluation examples back to their Helm chart origins. + + + + \EOD \end{document} diff --git a/paper/final_check-14.png b/paper/final_check-14.png new file mode 100644 index 00000000..183a7b6d Binary files /dev/null and b/paper/final_check-14.png differ diff --git a/paper/final_check-15.png b/paper/final_check-15.png new file mode 100644 index 00000000..7600f65c Binary files /dev/null and b/paper/final_check-15.png differ diff --git a/paper/final_check-16.png b/paper/final_check-16.png new file mode 100644 index 00000000..b65ebb50 Binary files /dev/null and b/paper/final_check-16.png differ diff --git a/paper/final_check-17.png b/paper/final_check-17.png new file mode 100644 index 00000000..0dcc5a99 Binary files /dev/null and b/paper/final_check-17.png differ diff --git a/paper/final_check-18.png b/paper/final_check-18.png new file mode 100644 index 00000000..43488d0b Binary files /dev/null and b/paper/final_check-18.png differ diff --git a/paper/final_check-19.png b/paper/final_check-19.png new file mode 100644 index 00000000..77d9afbb Binary files /dev/null and b/paper/final_check-19.png differ diff --git a/paper/final_check-20.png b/paper/final_check-20.png new file mode 100644 index 00000000..34f09284 Binary files /dev/null and b/paper/final_check-20.png differ diff --git a/paper/final_check-21.png b/paper/final_check-21.png new file mode 100644 index 00000000..30ba0c4b Binary files /dev/null and b/paper/final_check-21.png differ diff --git a/paper/final_check-22.png b/paper/final_check-22.png new file mode 100644 index 00000000..602b6d6d Binary files /dev/null and b/paper/final_check-22.png differ diff --git a/paper/output_page-14.png b/paper/output_page-14.png new file mode 100644 index 00000000..183a7b6d Binary files /dev/null and b/paper/output_page-14.png differ diff --git a/paper/output_page-15.png b/paper/output_page-15.png new file mode 100644 index 00000000..5a601d32 Binary files /dev/null and b/paper/output_page-15.png differ diff --git a/paper/output_page-16.png b/paper/output_page-16.png new file mode 100644 index 00000000..e42c7cad Binary files /dev/null and b/paper/output_page-16.png differ diff --git a/paper/output_page-17.png b/paper/output_page-17.png new file mode 100644 index 00000000..0dcc5a99 Binary files /dev/null and b/paper/output_page-17.png differ diff --git a/paper/output_page-18.png b/paper/output_page-18.png new file mode 100644 index 00000000..43488d0b Binary files /dev/null and b/paper/output_page-18.png differ diff --git a/paper/output_page-19.png b/paper/output_page-19.png new file mode 100644 index 00000000..53b7a922 Binary files /dev/null and b/paper/output_page-19.png differ diff --git a/paper/output_page-20.png b/paper/output_page-20.png new file mode 100644 index 00000000..34f09284 Binary files /dev/null and b/paper/output_page-20.png differ diff --git a/paper/output_page-21.png b/paper/output_page-21.png new file mode 100644 index 00000000..27c1968a Binary files /dev/null and b/paper/output_page-21.png differ diff --git a/paper/output_page-22.png b/paper/output_page-22.png new file mode 100644 index 00000000..602b6d6d Binary files /dev/null and b/paper/output_page-22.png differ diff --git a/refactor_tex.py b/refactor_tex.py new file mode 100644 index 00000000..680e329d --- /dev/null +++ b/refactor_tex.py @@ -0,0 +1,91 @@ +import re + +def refactor_tex(): + with open('paper/access.tex', 'r') as f: + content = f.read() + + # Define markers + start_marker = r'\\appendices' + end_marker = r'%====================\n% References' + + # Locate start + start_match = re.search(start_marker, content) + if not start_match: + print("Error: Could not find start marker") + return + + start_idx = start_match.start() + + # Locate end + end_match = re.search(end_marker, content) + if not end_match: + print("Error: Could not find end marker") + return + + end_idx = end_match.start() + + # Extract block + # The block includes \appendices up to the end marker + appendix_block = content[start_idx:end_idx] + + # Remove block from content + # We remove from start_idx to end_idx + new_content = content[:start_idx] + content[end_idx:] + + # Locate insertion point (after last \end{IEEEbiography}) + # We look for the last occurrence + bio_end_marker = r'\\end{IEEEbiography}' + bio_matches = list(re.finditer(bio_end_marker, new_content)) + + if not bio_matches: + print("Error: Could not find biography end marker") + return + + last_bio_end = bio_matches[-1].end() + + # Check if \EOD is there + eod_marker = r'\\EOD' + eod_match = re.search(eod_marker, new_content[last_bio_end:]) + + if not eod_match: + print("Warning: Could not find EOD after biography, inserting anyway") + + # Process appendix block to add \clearpage + # "Insert a \clearpage command immediately before each \section command." + # We should skip the first one if we don't want a clearpage right after \appendices? + # The instructions say: + # "Inject Spacers: Within the newly pasted Appendices block, iterate through every instance of \section{...}." + # "Apply Logic: Insert a \clearpage command immediately before each \section command." + # Example: \clearpage \section{Grok/xAI Failure Analysis} + + # Let's do a substitution on the extracted block + # We handle \section + # But wait, \appendices is a command, usually followed by sections. + # The ieeeaccess class might behave specifically. + # The instruction is explicit: "Insert a \clearpage command immediately **before** each \section command." + + def clearpage_sub(match): + return r'\clearpage ' + match.group(0) + + processed_block = re.sub(r'\\section\{', clearpage_sub, appendix_block) + + # Insert block + # We insert after last_bio_end + # Ensure some newlines + + final_content = ( + new_content[:last_bio_end] + + "\n\n" + + processed_block + + "\n" + + new_content[last_bio_end:] + ) + + # Write back + with open('paper/access.tex', 'w') as f: + f.write(final_content) + + print("Refactoring complete.") + +if __name__ == "__main__": + refactor_tex()