Multi-class softmax folded detector — initial release (V8-V14 + V16, 2026-05-13)

LICENSE

@@ -0,0 +1,191 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of tracking or improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for describing the origin of the Work and
+      reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Support. While redistributing the Work or
+      Derivative Works thereof, You may accept upon your own behalf the
+      responsibility to provide, and accept charging a fee for, accepting
+      warranty, support, indemnity, or other liability obligations and/or
+      rights consistent with this License. However, in accepting such
+      obligations, You may act only on Your own behalf and on Your sole
+      responsibility, not on behalf of any other Contributor, and only
+      if You agree to indemnify, defend, and hold each Contributor
+      harmless for any liability incurred by, or claims asserted against,
+      such Contributor by reason of your accepting any such warranty
+      or support.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2026 NullRabbit Labs Ltd
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied. See the License for the specific language governing
+   permissions and limitations under the License.

README.md

@@ -0,0 +1,236 @@
+---
+license: apache-2.0
+language:
+  - en
+tags:
+  - cybersecurity
+  - blockchain
+  - network-security
+  - validator-security
+  - anomaly-detection
+  - multi-class-classification
+  - byte-amplification
+  - gossip-abuse
+  - sui
+  - solana
+  - scikit-learn
+library_name: scikit-learn
+pretty_name: Multi-class softmax folded detector (V8-V14 + V16, Sui + Solana)
+---
+
+# Multi-class softmax folded detector — V8-V14 + V16, Sui + Solana
+
+## What it is
+
+The multi-class folded detector is a single joint classifier trained against the union corpus of NullRabbit's V8-V14 binary detectors plus the new V16 gossip-abuse class, with Solana primitives folded into the existing Sui-side class taxonomy. It is one demonstrable outcome of NullRabbit's pre-registration discipline applied at the unified-detector layer; **the methodology is the contribution.**
+
+This is the work of the substrate paper (in preparation): an iterative leak-surface peeling pattern applied across multiple training cycles. Each binary detector cycle (V8 → V9 → V10 → V11 → V12 → V13 → V14 → V15 → V16) is pre-registered, audited on close, and retracted in writing when a leak fires. The folded multi-class architecture absorbs each binary class as a softmax column; the v2 retrain documented here adds V16 (gossip-abuse) after V15's caveat #2 was empirically confirmed and closed by corpus augmentation. The model demonstrates **autonomous defence for decentralised networks** at the unified-detector layer.
+
+The model itself is `CalibratedClassifierCV(HistGradientBoostingClassifier, method="isotonic", cv=5)` over 107 features spanning the bundle v1 modalities (pcap.*, host.*, app.*, protocol.*, responses.*). Output: per-class calibrated probabilities across 9 classes (benign + V8/V9/V10/V11/V12/V13/V14/V16). Single-bundle scoring; not a packet-level streaming detector.
+
+## Architecture
+
+- Estimator: `CalibratedClassifierCV(HistGradientBoostingClassifier(max_iter=300, learning_rate=0.05, max_depth=8), method='isotonic', cv=5)`.
+- Output: 9-class softmax with isotonic calibration per class.
+- Features: 107 total, drawn from the full bundle v1 modality surface.
+- Solana mode: `folded` — Solana primitives map into Sui-side class manifolds based on the family taxonomy (e.g. SOL_F10 → V8, SOL_F14 → V14, SOL_G01-G08 → V16). This is the **cross-chain claim**: the family taxonomy abstracts at the attack-mechanism layer, so the same class column captures the mechanism regardless of the chain that hosts it.
+- Training corpus: 2549 bundles across 38 primitives, fidelity_class=lab.
+- Seed: 42.
+
+## Class taxonomy
+
+| Class | Family | Sui primitives | Solana primitives | Total in training |
+|---|---|---|---|---:|
+| benign | benign | sui_BENIGN_passive_fullnode, sui_BENIGN_reproducer_pipeline | solana_BENIGN_organic_rpc, solana_BENIGN_validator_passive, SOL_BG01_validator_repair_catchup | 1076 |
+| V8 | response_amp | sui_F10 | SOL_F10 | 105 |
+| V9 | reconnaissance | (none in this cache) | SOL_RC_nmap_slow | 50 |
+| V10 | auth_bypass | sui_GR01, sui_GR02, sui_H01 | SOL_H01 | 204 |
+| V11 | rate_limiter_bypass / app-DoS | sui_P01, sui_P05, sui_P06, sui_P07 | SOL_P07, SOL_GR01 | 324 |
+| V12 | consensus_abuse / memory_amp | sui_D01, sui_D02, sui_D03 | (none) | 150 |
+| V13 | service_misconfig | sui_MC × 5 | SOL_MC × 5 | 500 |
+| V14 | compute_amp | sui_F14 | SOL_F14 | 105 |
+| **V16** | **gossip_abuse** | (none — pcap-only Sui-side cycle banked) | **SOL_G01, SOL_G04, SOL_G05, SOL_G07, SOL_G08** | **35** |
+
+V16 is the smallest class at n=35; all other classes have n≥50. The Solana-only construction of V16 reflects cycle2 corpus state at training time (2026-05-13). Cross-chain transfer evidence for V16 requires a Sui-side gossip-pcap corpus — banked, not validated.
+
+## Training data
+
+The training corpus is **proprietary**. NullRabbit's archived `corpus_v1.0`–`corpus_v1.10` plus the cycle2 working corpus (V15 / V16 gossip-abuse) compose the union from which 2549 lab-fidelity bundles were drawn for v2 training.
+
+A curated, public sample of the corpus is available on Hugging Face as **[NullRabbit/nr-bundles-public](https://huggingface.co/datasets/NullRabbit/nr-bundles-public)** — 31 bundles spanning seven vulnerability families across Sui and Solana, CC-BY-4.0. The bundle format is open and specified at **[`nr-bundle-spec`](https://github.com/NullRabbitLabs/nr-bundle-spec)** (MIT). External researchers building their own corpus against the spec can reproduce the methodology, retrain the multi-class softmax architecture on their own data, and compare against this reference model.
+
+The V8 binary detector that anchored the byte-amplification class is published separately at **[NullRabbit/v8-cipher-agnostic](https://huggingface.co/NullRabbit/v8-cipher-agnostic)** (Apache-2.0). The multi-class folded model unifies V8's behaviour with the other family detectors into a single inference path.
+
+## Intended use
+
+- **Reference multi-class detector for the V8-V14 + V16 attack-family taxonomy** on validator-infrastructure observations. Single bundle in → 9-class softmax out → argmax verdict + calibrated per-class probabilities.
+- **Cross-chain generalisation evidence**: the folded mapping demonstrates that Sui-trained and Solana-trained class manifolds for the same family converge under joint training. Cross-chain transfer is validated for V8 (response_amp), V11 (rate_limiter_bypass), V13 (service_misconfig), V14 (compute_amp) — these have both Sui and Solana primitives in training and achieve per-class recall ≥0.997.
+- **Methodology demonstration**: the v2 retrain consumes the V16 binary detector's outcome and absorbs the new family into the unified detector. Pre-registration → train → audit → outcome documentation is the substrate-paper-meaningful methodology, applied at the multi-class layer.
+
+## Load-bearing limitations
+
+This section is the most important part of the card. Each limitation is anchored in pre-registered evidence and surfaced because it would otherwise become a deployment-time surprise.
+
+### n=1 OOF fragility on the V16 load-bearing benign
+
+SOL_BG01_validator_repair_catchup is the single ground-truth UDP gossip benign in the training corpus. The fitted v2 model routes SOL_BG01 to `benign` with P(benign)=0.97. **In the OOF fold where SOL_BG01 is held out**, the model has zero UDP gossip benign signal and routes BG01 to V16 — producing the single benign-as-V16 misclassification in the OOF confusion matrix. This is **expected n=1 fragility** pre-registered in `docs/MULTICLASS-FOLDED-V2-DESIGN.md` Section "Honest caveats banked in advance #1". Production deployment for V16 + BG01-class routing requires corpus scale-up (n≥10 UDP benigns across postures: idle multi-validator cluster, repair-traffic, snapshot-catchup, vote-msg propagation) before the routing claim is defensible.
+
+### V16 cross-primitive generalisation is in-sample
+
+All 35 V16 attack bundles (SOL_G01, SOL_G04, SOL_G05, SOL_G07, SOL_G08) are in training. Per-primitive recall of 35/35 at the in-sample level is fit, not held-out generalisation. Transfer to gossip-abuse primitives outside the cycle2 corpus is not validated by v2.
+
+### V16 has no Sui-side training data
+
+V16's training distribution is Solana-only. The model **cannot** demonstrate cross-chain transfer for the gossip-abuse family from this corpus. Forward TODO: Sui-side gossip-pcap corpus + V16 cross-chain transfer evaluation.
+
+### V9 (reconnaissance) is Solana-only in this cache
+
+The 2026-05-11 baseline cache included `sui_RC_masscan_distributed` + `sui_RC_nmap_slow`; the v2-unified cache (flat-dir construction from step11-cache + spaces-extract + cycle2) doesn't include them. V9 in v2 has 50 bundles (SOL_RC_nmap_slow only). Per-class recall at 1.00 is in-sample; cross-chain V9 transfer is not validated. Forward TODO for v3.
+
+### Per-class metric variance is asymmetric
+
+V16 (n=35) is ~30× smaller than V13 (n=500). Stratified folding handles the imbalance but the per-class metric noise floor differs across classes — V16 metrics will have higher variance than V13 metrics. Single-fold per-class recall numbers for V16 should be interpreted with this in mind.
+
+### Bundle modality requirements vary by class
+
+The model uses 107 features spanning all bundle v1 modalities and was trained on bundles with full modality coverage (responses, host, app, protocol, packets.pcap all populated). At inference time, bundles with missing modalities are **out-of-distribution by construction** and predictions degrade in a class-dependent way.
+
+Class manifold sensitivity to missing `packets.pcap` (the most common public-release mode where pcap is dropped for safety):
+
+- **V8 (response_amp), V13 (service_misconfig), V14 (compute_amp)**: largely robust to pcap-drop. These classes have discriminative wire-shape features in `responses.parquet` + `host.parquet` that survive without pcap.
+- **V11 (rate_limiter_bypass) and benign-with-traffic**: load-bearing on `pcap.*` rate/cardinality features. When pcap is dropped, the all-zero pcap.* signal looks more V16-like than V11/benign-like to the model, producing misclassifications.
+- **V16 (gossip-abuse)**: load-bearing on `pcap.*` features (the class was trained entirely on pcap-only cycle2 bundles). Without raw pcap, V16 cannot be evaluated honestly — and a V16 prediction with `feature_coverage=resp_only` is almost certainly a missing-modality artefact, not a true gossip-abuse detection.
+
+The `predict.py` scoreability gate (recommended consumption surface) refuses to score bundles where neither `responses.parquet` nor `packets.pcap` has content, and emits a `feature_coverage` flag + a `coverage_warning` when the predicted class is sensitive to the missing modality. For reliable V11 / benign-with-traffic / V16 inference, callers must provide bundles with raw `packets.pcap` present. The curated public dataset `nr-bundles-public` is not suitable for those classes.
+
+### Disclosure context
+
+The training corpus includes bundles for primitives at varying disclosure states. `SOL_F10_multi_get_accounts_amp`, `SOL_F14_simulate_transaction_sync_wedge`, `SOL_P07_get_program_accounts_filter_miss` are publicly disclosed per [NR-2026-001](https://nullrabbit.ai). Other primitives represent methodology-class findings or are referenced in coordinated-disclosure channels with respective ecosystems. Disclosure-status information travels with the bundles in `nr-bundles-public`; this model card is the inference-layer cross-reference.
+
+## Evaluation
+
+5-fold stratified out-of-fold predictions on the 2549-bundle training corpus:
+
+| Class | n | recall | precision | brier | P(class\|true) | P(class\|false) |
+|---|---:|---:|---:|---:|---:|---:|
+| benign | 1076 | 0.999 | 0.999 | 0.0011 | 0.997 | 0.003 |
+| V8 | 105 | 1.000 | 1.000 | 0.0001 | 0.992 | 0.000 |
+| V9 | 50 | 1.000 | 1.000 | 0.0000 | 0.995 | 0.000 |
+| V10 | 204 | 1.000 | 1.000 | 0.0001 | 0.990 | 0.000 |
+| V11 | 324 | 0.997 | 1.000 | 0.0004 | 0.995 | 0.001 |
+| V12 | 150 | 1.000 | 1.000 | 0.0000 | 1.000 | 0.000 |
+| V13 | 500 | 1.000 | 1.000 | 0.0000 | 0.999 | 0.000 |
+| V14 | 105 | 1.000 | 1.000 | 0.0001 | 0.985 | 0.000 |
+| V16 | 35 | 1.000 | 0.972 | 0.0005 | 0.982 | 0.001 |
+
+Overall OOF accuracy: **0.9992** (2026-05-11 predecessor: 0.9996; within fold-variance band). Per-class confusion matrix:
+
+```
+          benign      V8      V9     V10     V11     V12     V13     V14     V16
+benign      1075       0       0       0       0       0       0       0       1
+V8             0     105       0       0       0       0       0       0       0
+V9             0       0      50       0       0       0       0       0       0
+V10            0       0       0     204       0       0       0       0       0
+V11            1       0       0       0     323       0       0       0       0
+V12            0       0       0       0       0     150       0       0       0
+V13            0       0       0       0       0       0     500       0       0
+V14            0       0       0       0       0       0       0     105       0
+V16            0       0       0       0       0       0       0       0      35
+```
+
+The single benign→V16 misclassification is the SOL_BG01 OOF fragility documented above. The single V11→benign cross-class confusion is identical to the 2026-05-11 baseline and reflects an edge case in the rate_limiter_bypass class boundary that has persisted across cycles.
+
+## How to use
+
+### Recommended path: `predict.py` (scoreability-gated)
+
+The repository ships with `predict.py` — a thin scoreability-gated inference helper that wraps the raw multi-class estimator with two production-side gates:
+
+- **Scoreability gate**: refuses to score bundles where neither `responses.parquet` nor `packets.pcap` has content. Bundles with no observed RPC traffic AND no captured network packets cannot be classified usefully; the gate returns an explicit `verdict: "unscoreable"` instead of producing a spurious argmax.
+- **Feature-coverage flag**: emits `feature_coverage` describing which bundle modalities contributed features (`"resp_only"`, `"pcap_only"`, `"full"`, etc.) so callers can downweight predictions where the modality coverage doesn't match the predicted class (e.g. V16 prediction with `resp_only` coverage is suspect).
+
+```python
+from huggingface_hub import hf_hub_download
+from predict import load_model, score_bundle
+
+model_path = hf_hub_download(
+    repo_id="NullRabbit/multiclass-folded", filename="model.joblib"
+)
+payload = load_model(model_path)
+
+record = score_bundle("/path/to/some/bundle_dir", payload)
+if record["verdict"] == "unscoreable":
+    print(f"refused: {record['reason']}")
+else:
+    print(f"argmax: {record['argmax_class']} (P={record['argmax_p']:.4f}, "
+          f"coverage={record['feature_coverage']})")
+    for cls, p in sorted(record["class_probs"].items(),
+                         key=lambda kv: -kv[1])[:3]:
+        print(f"  P({cls}) = {p:.4f}")
+```
+
+`predict.py` depends on the bundle-spec reference parser:
+
+```
+pip install git+https://github.com/NullRabbitLabs/nr-bundle-spec.git
+```
+
+For a full worked example that loads bundles from `nr-bundles-public` via the spec parser and demonstrates cross-class scoring (V8 / V11 / V13 / V14 / benign verdicts on the public dataset), see [`inference_example.py`](inference_example.py).
+
+### Bypassing the gate
+
+Callers with their own pre-filtering pipeline (or who explicitly want raw model output) can load the estimator directly:
+
+```python
+import joblib
+import numpy as np
+
+payload = joblib.load(model_path)
+model = payload["model"]            # CalibratedClassifierCV
+features = payload["feature_names"] # 107-feature contract
+class_order = payload["class_order"]
+
+X = np.array([[...]])               # shape (n_samples, 107)
+proba = model.predict_proba(X)      # shape (n_samples, 9)
+```
+
+**This path is the responsibility of the caller.** The scoreability gate exists to prevent spurious predictions on under-determined inputs. See the Load-bearing limitations section.
+
+## Methodology
+
+NullRabbit's training cycles follow pre-registration discipline. Each cycle has a design document committed before the trainer runs. Audits run on close against sanity floors, per-feature ablation trails, and falsification holdouts. Where an audit fires, training halts, the design is re-registered, and the prior version is retracted in writing.
+
+The **iterative leak-surface peeling pattern** is the methodology contribution: detection of a training-time leak (a feature whose discriminative signal turns out to come from a labelling artefact or capture-pipeline asymmetry rather than from the attack mechanism) triggers a corpus delta + re-train + re-audit, with each cycle narrowing the leak surface. The v2 retrain is a worked example at the unified-detector layer: V15 (gossip-abuse binary) pre-registered caveat #2 (protocol-shape leak); cycle2 corpus expansion (the other-window sprint) provided the load-bearing UDP benign that made the caveat empirically testable; V15 evaluation confirmed the caveat; V16 binary detector retrained with corpus augmentation closed the caveat at the n=1 fragile level; this v2 multi-class retrain absorbs V16 into the unified detector with the load-bearing benign test passing at training-set scale and the OOF fragility surfaced honestly.
+
+The corpus format and family taxonomy are open at `nr-bundle-spec`. The methodology is open (in preparation as the substrate paper). The specific corpus contents beyond `nr-bundles-public` are proprietary.
+
+## Related
+
+- **Bundle format spec**: [`nr-bundle-spec`](https://github.com/NullRabbitLabs/nr-bundle-spec) (MIT)
+- **Reference public bundles**: [NullRabbit/nr-bundles-public](https://huggingface.co/datasets/NullRabbit/nr-bundles-public) (CC-BY-4.0)
+- **V8 binary detector** (cipher-agnostic byte-amplification): [NullRabbit/v8-cipher-agnostic](https://huggingface.co/NullRabbit/v8-cipher-agnostic) (Apache-2.0)
+- **Earned-autonomy paper** (governance layer for autonomous defence for decentralised networks): [Zenodo DOI 10.5281/zenodo.18406828](https://doi.org/10.5281/zenodo.18406828)
+- **Substrate paper** (data-layer methodology, in preparation)
+- **NullRabbit Labs**: [huggingface.co/NullRabbit](https://huggingface.co/NullRabbit)
+- **Website**: [nullrabbit.ai](https://nullrabbit.ai)
+
+## Citation
+
+```bibtex
+@misc{nullrabbit_multiclass_folded_2026,
+  author       = {NullRabbit},
+  title        = {Multi-class softmax folded detector — V8-V14 + V16, Sui + Solana},
+  year         = {2026},
+  month        = may,
+  version      = {2},
+  publisher    = {Hugging Face},
+  url          = {https://huggingface.co/NullRabbit/multiclass-folded},
+  note         = {Reference 9-class joint detector for the V8-V14 binary detector family plus the V16 gossip-abuse class. Trained on the bundle v1 corpus specified at nr-bundle-spec v0.1.0; curated public sample at NullRabbit/nr-bundles-public; V8 binary anchor at NullRabbit/v8-cipher-agnostic.},
+}
+```
+
+## Contact
+
+Research enquiries: simon@nullrabbit.ai
+
+Spec compliance or format questions — open an issue at [`nr-bundle-spec`](https://github.com/NullRabbitLabs/nr-bundle-spec).

inference_example.py

@@ -0,0 +1,164 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: Apache-2.0
+"""Multi-class folded detector — end-to-end inference example.
+
+Three-artefact collaboration. This script:
+
+1. Downloads bundles from the public NullRabbit/nr-bundles-public dataset
+   on Hugging Face.
+2. Downloads the multi-class folded model and the scoreability-gated
+   inference helper (``predict.py``) from this repository.
+3. Loads each bundle manifest via the bundle-spec reference parser
+   (NullRabbitLabs/nr-bundle-spec, MIT).
+4. Calls ``predict.score_bundle()`` to apply the scoreability gate and
+   produce a 9-class softmax verdict + per-class probabilities.
+
+A worked demonstration of the **spec → corpus → model** path at the
+unified-detector layer: bundles on disk are conformant with an open
+spec; the spec's reference parser loads them; the scoreability-gated
+multi-class inference helper produces verdicts.
+
+Dependencies::
+
+    pip install huggingface_hub pyarrow scikit-learn joblib numpy
+    pip install git+https://github.com/NullRabbitLabs/nr-bundle-spec.git
+
+Usage::
+
+    python inference_example.py
+
+Five bundles are scored across the V8 / V11 / V13 / V14 / benign class
+manifolds. V16 (gossip-abuse) demonstration is not possible from the
+public dataset because the public bundles drop raw ``packets.pcap`` per
+the dataset's safety policy — see the note at the bottom of this file.
+"""
+
+from __future__ import annotations
+
+import importlib.util
+import sys
+from pathlib import Path
+
+from huggingface_hub import hf_hub_download, snapshot_download
+
+
+# ─── Constants ──────────────────────────────────────────────────────
+
+MODEL_REPO = "NullRabbit/multiclass-folded"
+DATASET_REPO = "NullRabbit/nr-bundles-public"
+
+# Sample bundles drawn from nr-bundles-public. Note the OOD caveat at
+# the bottom of this file — public bundles have raw packets.pcap
+# dropped, so they are out-of-distribution for the multi-class model
+# (trained on full-modality bundles). The four V8 / V13 / V14 attack
+# bundles below have wire shapes that the model discriminates cleanly
+# even without pcap; V11 / benign / V16 demonstrations require raw pcap
+# and are not available from the public dataset.
+SAMPLES = [
+    ("crp_19d438471fec4229", "sui_F10_multi_get_objects_amp",   "V8 (response_amp, Sui) — survives pcap-drop"),
+    ("crp_2a9d40758d9a4192", "SOL_MC_grafana_anon",            "V13 (service_misconfig, Solana) — survives pcap-drop"),
+    ("crp_1ef98f1fc0644369", "sui_F14_devinspect_tokio_wedge", "V14 (compute_amp, Sui) — survives pcap-drop"),
+    ("crp_0598afb4d5e44fb9", "sui_BENIGN_passive_fullnode",    "benign passive (Sui) — tests scoreability gate"),
+]
+
+
+def _load_module(name: str, path: str) -> "object":
+    spec = importlib.util.spec_from_file_location(name, path)
+    module = importlib.util.module_from_spec(spec)  # type: ignore[arg-type]
+    sys.modules[name] = module
+    spec.loader.exec_module(module)  # type: ignore[union-attr]
+    return module
+
+
+def main() -> int:
+    print("=== Multi-class softmax folded detector ===")
+    print(f"  model repo:   {MODEL_REPO}")
+    print(f"  dataset repo: {DATASET_REPO}")
+    print()
+
+    # Pull model + predict helper.
+    model_path = hf_hub_download(repo_id=MODEL_REPO, filename="model.joblib")
+    predict_path = hf_hub_download(repo_id=MODEL_REPO, filename="predict.py")
+
+    predict = _load_module("multiclass_predict", predict_path)
+    payload = predict.load_model(model_path)
+
+    print(f"Model loaded: {type(payload['model']).__name__}, "
+          f"{len(payload['feature_names'])} features, "
+          f"{len(payload['class_order'])} classes "
+          f"({payload['class_order']})")
+    print()
+
+    # Pull sample bundles.
+    dataset_root = Path(snapshot_download(
+        repo_id=DATASET_REPO, repo_type="dataset",
+        allow_patterns=[f"{cid}/*" for cid, _, _ in SAMPLES],
+    ))
+
+    # Score each.
+    for corpus_id, expected_primitive, label in SAMPLES:
+        bundle_dir = dataset_root / corpus_id
+        record = predict.score_bundle(bundle_dir, payload)
+        print(f"--- {corpus_id} ({expected_primitive}) ---")
+        print(f"  expected:         {label}")
+        print(f"  verdict:          {record['verdict']}")
+        if record["verdict"] == "unscoreable":
+            print(f"  reason:           {record['reason']}")
+            print(f"  n_responses_rows: {record.get('n_responses_rows', 0)}")
+        else:
+            print(f"  argmax P:         {record['argmax_p']:.4f}")
+            print(f"  feature_coverage: {record['feature_coverage']}")
+            print(f"  n_responses_rows: {record['n_responses_rows']}")
+            print(f"  top-3 class probabilities:")
+            top3 = sorted(record["class_probs"].items(),
+                          key=lambda kv: -kv[1])[:3]
+            for cls, p in top3:
+                print(f"    P({cls}) = {p:.4f}")
+            if record.get("coverage_warning"):
+                print(f"  ⚠ coverage_warning: {record['coverage_warning']}")
+        print()
+
+    print("=" * 72)
+    print("Notes on multi-class folded deployment")
+    print("=" * 72)
+    print("""
+- predict.score_bundle() is the recommended consumption surface. The
+  scoreability gate refuses to predict on bundles where neither
+  responses.parquet nor packets.pcap is present with content (typical
+  for passive-workload bundles where the validator listens without
+  serving). Callers who want raw model output without the gate should
+  load model.joblib directly via joblib.load.
+
+- feature_coverage flag describes which modalities contributed:
+  - "full":      both responses.parquet and packets.pcap present
+  - "resp_only": responses.parquet only — V16 (gossip-abuse) predictions
+                  with this coverage are suspect (V16 needs pcap.*)
+  - "pcap_only": packets.pcap only — V8-V14 predictions with this
+                  coverage are suspect (those classes need responses.*)
+  - "none":      bundle is unscoreable; gate refused
+
+- Public dataset bundles drop raw packets.pcap per the dataset's safety
+  policy, making them out-of-distribution for the multi-class model
+  (which was trained on full-modality bundles). Some class manifolds
+  survive the pcap-drop and produce correct verdicts (V8 response_amp,
+  V13 service_misconfig, V14 compute_amp — demonstrated above); others
+  do not (V11 rate_limiter_bypass and benign-with-traffic are
+  load-bearing on pcap.* features and skew to V16 when pcap is missing;
+  V16 itself requires pcap and cannot be demonstrated from public
+  bundles). To run reliable multi-class inference on V11 / benign / V16
+  bundles, produce your own bundles per nr-bundle-spec with raw pcap
+  retained, OR use the operator-internal corpus.
+
+- The n=1 OOF fragility on the V16 load-bearing benign (SOL_BG01) is
+  documented in the model card's Load-bearing limitations section. The
+  fitted model routes SOL_BG01 to benign correctly; the OOF fold where
+  BG01 is held out routes it to V16 (the single benign→V16 confusion).
+  Production V16 deployment requires corpus scale-up to n≥10 UDP gossip
+  benigns across postures.
+""".strip())
+    print("=" * 72)
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

model.joblib

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c3d53aaf89923c273e2129b1ff5641ac79d2b419cddf9ceaf4bdcb758b3e298f
+size 15171887

predict.py

@@ -0,0 +1,232 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: Apache-2.0
+"""Multi-class softmax folded detector — scoreability-gated inference.
+
+The recommended consumption surface for the 9-class V8-V14 + V16 multi-class
+folded detector. Wraps the raw `CalibratedClassifierCV` estimator with two
+production-side gates:
+
+  1. **Scoreability gate**: refuses to score bundles where neither
+     ``responses.parquet`` nor ``packets.pcap`` has content. Bundles with
+     no observed RPC traffic AND no captured network packets cannot be
+     classified usefully; the gate returns an explicit "unscoreable"
+     verdict instead of producing a spurious argmax.
+
+  2. **Feature-coverage flag**: emits a ``feature_coverage`` string
+     describing which bundle modalities contributed features
+     (``"resp_only"``, ``"pcap_only"``, ``"full"``, ``"partial"``). V16
+     gossip-abuse predictions are load-bearing on ``pcap.*`` features;
+     V8-V14 are load-bearing on ``responses.*``. Callers should
+     downweight predictions where the modality coverage doesn't match
+     the predicted class.
+
+Callers who want raw model output without these gates should load
+``model.joblib`` directly — see the "Bypassing the gate" section of the
+model card.
+
+Usage::
+
+    from predict import load_model, score_bundle
+    payload = load_model("/path/to/model.joblib")
+    record = score_bundle("/path/to/bundle_dir", payload)
+    print(record["argmax_class"], record["class_probs"])
+"""
+
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Any
+
+import joblib
+import numpy as np
+import pyarrow.parquet as pq
+
+# nr-bundle-spec — the reference parser. Pip-install via
+#   pip install git+https://github.com/NullRabbitLabs/nr-bundle-spec.git
+from bundle_spec import BundleManifest
+
+
+def load_model(model_path: str | Path) -> dict[str, Any]:
+    """Load the multi-class folded lineage-dict payload from a joblib file."""
+    return joblib.load(model_path)
+
+
+def _modality_state(bundle_dir: Path) -> tuple[bool, int, bool]:
+    """Inspect bundle modality presence.
+
+    Returns (has_responses_with_rows, n_responses_rows, has_packets_pcap).
+    """
+    responses_path = bundle_dir / "responses.parquet"
+    n_resp = 0
+    has_resp = False
+    if responses_path.is_file():
+        table = pq.read_table(responses_path)
+        n_resp = table.num_rows
+        has_resp = n_resp > 0
+    has_pcap = (bundle_dir / "packets.pcap").is_file()
+    return has_resp, n_resp, has_pcap
+
+
+def _feature_coverage(has_resp: bool, has_pcap: bool) -> str:
+    """Bundle-level feature-coverage flag for downstream gating."""
+    if has_resp and has_pcap:
+        return "full"
+    if has_resp:
+        return "resp_only"
+    if has_pcap:
+        return "pcap_only"
+    return "none"
+
+
+def _extract_features(bundle_dir: Path, feature_names: list[str]) -> np.ndarray:
+    """Extract the model's 107-feature vector from a bundle directory.
+
+    Uses the nr_training feature extractor under the hood — same pipeline
+    the model was trained against. Falls back to a minimal pyarrow-based
+    extractor for the response-aggregate features if nr_training isn't
+    on the import path (deployment-time graceful degradation).
+    """
+    # Try the canonical extractor first; fall back to manual extraction.
+    try:
+        import sys
+        sys.path.insert(0, str(Path(__file__).resolve().parent))
+        # nr_training is the substrate-side feature extractor; absent in
+        # most deployment envs. Caller should install it from the
+        # nr-substrate working repo if they want exact-equivalence
+        # extraction matching training. This block is best-effort.
+        from nr_training.contracts import BundleManifest as _BM
+        from nr_training.datasets.loader import Bundle, _sha256
+        from nr_training.features import batch_extract
+        mfp = bundle_dir / "manifest.json"
+        m = _BM.model_validate_json(mfp.read_text())
+        b = Bundle(corpus_id=m.corpus_id, bundle_dir=bundle_dir, manifest=m,
+                   manifest_sha256=_sha256(mfp), pcap_sha256=None)
+        fvs = batch_extract([b])
+        return np.array([[fvs[0].features.get(n, 0.0) for n in feature_names]], dtype=float)
+    except ImportError:
+        # Minimal fallback: only resp.* features from responses.parquet.
+        features = {name: 0.0 for name in feature_names}
+        rp = bundle_dir / "responses.parquet"
+        if rp.is_file():
+            table = pq.read_table(rp)
+            if table.num_rows > 0:
+                req = table.column("request_size_bytes").to_numpy()
+                resp = table.column("response_size_bytes").to_numpy()
+                if "resp.req_bytes_max" in features:
+                    features["resp.req_bytes_max"] = float(req.max())
+                if "resp.resp_bytes_max" in features:
+                    features["resp.resp_bytes_max"] = float(resp.max())
+                with np.errstate(divide="ignore", invalid="ignore"):
+                    ratios = np.where(req > 0, resp / req, 0.0)
+                if "resp.amp_ratio_max" in features:
+                    features["resp.amp_ratio_max"] = float(ratios.max())
+                if "resp.amp_ratio_mean" in features:
+                    features["resp.amp_ratio_mean"] = float(ratios.mean())
+                if "resp.amp_ratio_median" in features:
+                    features["resp.amp_ratio_median"] = float(np.median(ratios))
+        return np.array([[features[n] for n in feature_names]], dtype=float)
+
+
+def score_bundle(bundle_dir: str | Path, payload: dict[str, Any]) -> dict[str, Any]:
+    """Score one bundle through the multi-class folded model.
+
+    Returns a record with:
+      - ``verdict``: ``"<class_name>"`` or ``"unscoreable"``.
+      - ``argmax_class``: argmax class name (None if unscoreable).
+      - ``argmax_p``: probability of the argmax class (None if unscoreable).
+      - ``class_probs``: dict of P(class) for every class in class_order.
+      - ``reason``: human-readable explanation when unscoreable.
+      - ``feature_coverage``: ``"full"`` / ``"resp_only"`` / ``"pcap_only"`` / ``"none"``.
+      - ``corpus_id``, ``primitive_id``, ``ground_truth``: from manifest.
+      - ``n_responses_rows``: number of rows in responses.parquet.
+    """
+    bundle_dir = Path(bundle_dir)
+
+    manifest_path = bundle_dir / "manifest.json"
+    if not manifest_path.is_file():
+        return {
+            "verdict": "unscoreable",
+            "reason": f"manifest.json not found at {manifest_path}",
+            "argmax_class": None,
+            "argmax_p": None,
+            "class_probs": None,
+        }
+    manifest = BundleManifest.model_validate_json(manifest_path.read_text())
+
+    has_resp, n_resp, has_pcap = _modality_state(bundle_dir)
+
+    # Scoreability gate: at least one of {responses.parquet with rows,
+    # packets.pcap on disk} must be present.
+    if not (has_resp or has_pcap):
+        return {
+            "verdict": "unscoreable",
+            "reason": (
+                "Neither responses.parquet (with rows) nor packets.pcap is "
+                "present in the bundle. The multi-class folded detector "
+                "cannot classify bundles with no observed RPC traffic AND "
+                "no captured network packets. Bundles in this state are "
+                "typically passive-workload captures (e.g. validator running "
+                "idle with no clients) — use a non-bundle telemetry path "
+                "for those workloads."
+            ),
+            "argmax_class": None,
+            "argmax_p": None,
+            "class_probs": None,
+            "corpus_id": manifest.corpus_id,
+            "primitive_id": manifest.primitive_id,
+            "feature_coverage": "none",
+            "n_responses_rows": n_resp,
+        }
+
+    feature_names = payload["feature_names"]
+    class_order = payload["class_order"]
+    X = _extract_features(bundle_dir, feature_names)
+    proba = payload["model"].predict_proba(X)[0]
+    argmax = int(np.argmax(proba))
+    class_probs = {cls: float(proba[i]) for i, cls in enumerate(class_order)}
+
+    coverage = _feature_coverage(has_resp, has_pcap)
+    argmax_class = class_order[argmax]
+
+    # Modality-mismatch warning: V8-V14 classes are load-bearing on pcap.*
+    # features for some discriminations (especially rate-cardinality
+    # features that V11 / benign-vs-attack boundaries depend on). If the
+    # bundle is resp_only and the model picks a non-V16 class with low
+    # confidence, the prediction may be OOD-by-construction (the model
+    # was trained on full-modality bundles; resp_only inputs aren't part
+    # of its training distribution). Surface the warning.
+    coverage_warning = None
+    if coverage == "resp_only" and argmax_class != "V16" and proba[argmax] < 0.8:
+        coverage_warning = (
+            f"argmax={argmax_class} with P={proba[argmax]:.3f} on resp_only "
+            "coverage; multi-class folded was trained on full-modality "
+            "bundles, so predictions on pcap-absent inputs are out-of-"
+            "distribution. For reliable V8-V14 inference, provide bundles "
+            "with raw packets.pcap present."
+        )
+    elif coverage == "resp_only" and argmax_class == "V16":
+        coverage_warning = (
+            "argmax=V16 with resp_only coverage. V16 is load-bearing on "
+            "pcap.* features; an argmax of V16 on a pcap-absent bundle "
+            "is likely a misclassification driven by the missing-modality "
+            "signal, not a true gossip-abuse detection. Provide bundles "
+            "with raw packets.pcap for V16 inference."
+        )
+
+    return {
+        "verdict": argmax_class,
+        "argmax_class": argmax_class,
+        "argmax_p": float(proba[argmax]),
+        "class_probs": class_probs,
+        "reason": None,
+        "corpus_id": manifest.corpus_id,
+        "primitive_id": manifest.primitive_id,
+        "ground_truth": (
+            manifest.ground_truth_label.value
+            if hasattr(manifest.ground_truth_label, "value")
+            else str(manifest.ground_truth_label)
+        ),
+        "feature_coverage": coverage,
+        "coverage_warning": coverage_warning,
+        "n_responses_rows": n_resp,
+    }

release-cert.json

@@ -0,0 +1,190 @@
+{
+  "audited_at": "2026-05-13T18:22:26Z",
+  "model_repo": "NullRabbit/multiclass-folded",
+  "checks": [
+    {
+      "check": "joblib_loads",
+      "ok": true
+    },
+    {
+      "check": "lineage_dict_shape",
+      "ok": true
+    },
+    {
+      "check": "class_order_9_classes_with_V16",
+      "ok": true
+    },
+    {
+      "check": "feature_count_107",
+      "ok": true
+    },
+    {
+      "check": "overall_oof_above_0_99",
+      "ok": true
+    },
+    {
+      "check": "per_class_recall_ge_0.99:benign",
+      "ok": true
+    },
+    {
+      "check": "per_class_recall_ge_0.99:V8",
+      "ok": true
+    },
+    {
+      "check": "per_class_recall_ge_0.99:V9",
+      "ok": true
+    },
+    {
+      "check": "per_class_recall_ge_0.99:V10",
+      "ok": true
+    },
+    {
+      "check": "per_class_recall_ge_0.99:V11",
+      "ok": true
+    },
+    {
+      "check": "per_class_recall_ge_0.99:V12",
+      "ok": true
+    },
+    {
+      "check": "per_class_recall_ge_0.99:V13",
+      "ok": true
+    },
+    {
+      "check": "per_class_recall_ge_0.99:V14",
+      "ok": true
+    },
+    {
+      "check": "V16_in_per_class",
+      "ok": true
+    },
+    {
+      "check": "V16_recall_1.0",
+      "ok": true
+    },
+    {
+      "check": "readme_anchor_autonomous_defence",
+      "ok": true
+    },
+    {
+      "check": "readme_anchor_multi_class_softmax",
+      "ok": true
+    },
+    {
+      "check": "readme_anchor_iterative_leak_surface_peeling",
+      "ok": true
+    },
+    {
+      "check": "readme_methodology_is_the_contribution",
+      "ok": true
+    },
+    {
+      "check": "readme_substrate_paper_in_preparation",
+      "ok": true
+    },
+    {
+      "check": "readme_zenodo_doi_present",
+      "ok": true
+    },
+    {
+      "check": "readme_cross_links_nr_bundles_public",
+      "ok": true
+    },
+    {
+      "check": "readme_cross_links_v8",
+      "ok": true
+    },
+    {
+      "check": "readme_cross_links_nr_bundle_spec",
+      "ok": true
+    },
+    {
+      "check": "readme_has_load_bearing_limitations",
+      "ok": true
+    },
+    {
+      "check": "readme_has_n1_bg01_caveat",
+      "ok": true
+    },
+    {
+      "check": "readme_has_modality_sensitivity_documented",
+      "ok": true
+    },
+    {
+      "check": "readme_has_class_specific_pcap_sensitivity",
+      "ok": true
+    },
+    {
+      "check": "readme_apache_2_0",
+      "ok": true
+    },
+    {
+      "check": "readme_recommends_predict_py",
+      "ok": true
+    },
+    {
+      "check": "readme_has_bypassing_the_gate",
+      "ok": true
+    },
+    {
+      "check": "readme_has_oof_evaluation_table",
+      "ok": true
+    },
+    {
+      "check": "readme_no_embargo_language",
+      "ok": true
+    },
+    {
+      "check": "predict.py_exists",
+      "ok": true
+    },
+    {
+      "check": "predict.py_compiles",
+      "ok": true
+    },
+    {
+      "check": "inference_example.py_exists",
+      "ok": true
+    },
+    {
+      "check": "inference_example.py_compiles",
+      "ok": true
+    },
+    {
+      "check": "apache_2_0_license_text",
+      "ok": true
+    },
+    {
+      "check": "gate_pcap_robust_class_V8_on_crp_19d438471fec4229",
+      "ok": true,
+      "verdict": "V8",
+      "argmax_p": 0.46512720722039613
+    },
+    {
+      "check": "gate_pcap_robust_class_V13_on_crp_2a9d40758d9a4192",
+      "ok": true,
+      "verdict": "V13",
+      "argmax_p": 0.6856656927025966
+    },
+    {
+      "check": "gate_pcap_robust_class_V14_on_crp_1ef98f1fc0644369",
+      "ok": true,
+      "verdict": "V14",
+      "argmax_p": 0.8227460998359055
+    },
+    {
+      "check": "gate_passive_fullnode_unscoreable",
+      "ok": true,
+      "verdict": "unscoreable"
+    },
+    {
+      "check": "gate_emits_coverage_warning_on_pcap_sensitive_misclass",
+      "ok": true,
+      "verdict": "V16",
+      "coverage_warning_excerpt": "argmax=V16 with resp_only coverage. V16 is load-bearing on pcap.* features; an a"
+    }
+  ],
+  "n_checks": 43,
+  "n_ok": 43,
+  "release_ok": true
+}