Detects obfuscated payloads in MR diffs.
· BASE64_INJECTION — regex [A-Za-z0-9+/]{60,}
· LOCALIZED_PAYLOAD — Shannon entropy + Gini locality
· NEAR_PERFECT_ENTROPY — global entropy > 7.9 bits/byte
Source: STYLOMETRY entropy_core.py
Detects manipulative intent in commit messages.
· URGENCY_INJECTION, AUTHORITY_DROPPING
· CARNEGIE_HELPER_TRAP, OBFUSCATION_INTENT
· ECO_FALSE_MODESTY, DEFENSIVE_JUSTIFICATION
· Synergy rules SYN-001 / SYN-002
Source: STYLOMETRY semiotic_core.py
Detects social engineering via Grice + Carnegie + Cialdini.
· Grice: MANNER, QUALITY, RELATION, QUANTITY
· Carnegie: flattery, emotional_urgency, lesser_evil
· Cialdini: AUTHORITY, SCARCITY, RECIPROCITY,
COMMITMENT, SOCIAL_PROOF, LIKING
≥2 independent cores must fire for any non-PASS verdict. A single core — however severe — can reach at most REQUIRE_REVIEW (damped ×0.6), never BLOCK. This mirrors the Daubert evidentiary standard.
When all 3 cores fire simultaneously, MCP is amplified ×1.3. Rational: simultaneous activation of independent forensic layers indicates a coordinated attack, not coincidence.
All scores, weights, and thresholds use Python fractions.Fraction.
No floating-point drift, no rounding errors. The API exposes the exact rational form
(e.g. 949/1000) alongside the percentage.
Every audit is sealed in a SHA-256 tamper-evident JSONL chain. Each entry's hash covers its data + the previous entry's hash. Retroactive modification breaks every subsequent hash.
| Verdict | MCP Score | Action |
|---|---|---|
| PASS | < 20% | No forensic concerns. Standard review. |
| WARN | 20–35% | Anomalies logged. Monitor MR. |
| REQUIRE_REVIEW | 35–75% | Security review required before merge. |
| BLOCK | ≥ 75% | Critical findings. Do not merge. |
Every ORBIT-GUARDIAN audit produces a chain entry. Each entry's hash covers its own data plus the previous entry's hash. Tampering with any entry breaks every subsequent hash.
Paste a trace_id from a previous audit (or click "Explain" after running a scenario).