Module 11's final deliverable (BRIEF §9, PLAN §132), built last. Exercises the
full public toolkit as a consumer would compose it — the _ingest helper doubles
as the README worked example.
- test_showcase: ONE poisoned artifact planting a vulnerability per detection
channel — 5 invisible carriers (zero-width/BIDI/unicode-tag/html-comment/
data-uri), injection across raw + homoglyph + rot13 + whole-string-base64
(decode-and-rescan) channels with DISTINCT lexicon ids so dedup won't merge
them, plus a credential the mock transform leaks into its output (LLM02). All
10 planted labels caught; disposition FAIL_SECURE; egress evidence never
carries the secret value; a clean document + clean transform WARNs (no FP).
- test_corpus: adversarial recall == 100% over the planted classes (a silent
drop is a regression), and a false-positive corpus of attack-resembling legit
content (injection vocabulary, secret-shaped placeholders/varrefs, high-entropy
checksums) that disposes WARN under a trusted source — most producing NO
finding (the suppression rules hold). One MEDIUM homoglyph case proves hard-fail
is an explicit opt-in: same finding WARNs trusted, QUARANTINEs under upload.
Secret fixtures assembled from fragments (gitleaks-safe); every payload verified
against the real detectors before assertion. 12 new tests; 201 green total.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HyRCQMocjZ6SmSQ6JidJ2k