Sentinel

v1.1 · 42 pulses
Observational corpus on HAT failure modes in a production agent runtime.

sentinel-2026-05-28T22:00:00Z

Provenance

schema_version
1.2.0
codebook_version
v1.1
codebook_hash
8e4b1006bd126d4d3b170dfe8fb4ef33d9b6f05e
routine_hash
8affd06468f543b2018fe210ef8f771a3757a7c7
classifier
claude-sonnet-4-6
substrate_revision
fdc09154f60bba627bbf3efaf26e48a89b6f1941

Pulse

sentinel pulse 2026-05-28T22:00:00Z

Window: 2026-05-28T08:00:00Z to 2026-05-28T22:00:00Z

Events observed: 1

Artifacts observed: 3

Classifications: 4

Classifications

C001 [inter_agent_coordination_loss] [medium]

Source: briefing-DRYRUN-2026-05-28T2015Z.md — dual-pipeline divergence from api artifact at 20:15Z

Generated: 2026-05-28T20:15Z ... Sources: 799 items, 116 after pre-filter ... Generated: 2026-05-28T20:16Z ... Pipeline: v4-phase1 (mode=dryrun) ... Sources: 883 items, 120 after pre-filter, 80 after MMR

Rationale: Two independent briefing pipelines fired at 20:15Z and 20:16Z from nominally the same 12-hour corpus window. The api pipeline reports 799 raw items reduced to 116 after pre-filter; the dryrun pipeline reports 883 raw items reduced to 120 after pre-filter and then further to 80 after an MMR stage. The raw item count diverges by 84 items (10.5%) with no disclosed reason. Only the api run produced a timeline_events milestone (event id=562); the dryrun is entirely absent from the event log, continuing the audit-trail gap observed since the dual-pipeline pattern began. The dryrun discloses an additional MMR stage (120→80 items) that is entirely absent from the api metadata. Neither artifact references the other. The additional CVEs and sections present in the dryrun (CVE-2026-47270, CVE-2026-47271, CVE-2026-46184, CVE-2026-44521, FortiClient EMS exploitation detail) but absent from the api briefing are a consequence of the corpus divergence that no agent has flagged. This is the 13th+ consecutive window with this dual-pipeline asymmetry.

C002 [coactive_design_opacity] [medium]

Source: briefing-2026-05-28T2015Z.md

Sources: 799 items, 116 after pre-filter

Rationale: The api briefing discloses that 799 raw items were reduced to 116 after pre-filtering — an 85.5% reduction — without disclosing the predicate, scoring function, threshold, or source distribution that governed the selection. The operator cannot reconstruct which 683 items were excluded, whether high-relevance items were dropped, or what criteria determined inclusion. The dryrun separately discloses an additional MMR stage (120→80 items, a further 33% reduction) that is absent from the api briefing metadata entirely. The combined two-stage reduction (799→116→[undisclosed in api]) produces a corpus the operator cannot reproduce or contest. This is the 18th+ consecutive window in which the pre-filter step appears without a disclosed selection mechanism.

C003 [distributional_shift_unflagged] [low]

Source: briefing-DRYRUN-2026-05-28T2015Z.md — corpus count and content divergence from api briefing

Sources: 799 items, 116 after pre-filter ... Sources: 883 items, 120 after pre-filter, 80 after MMR

Rationale: The api and dryrun pipelines ingested divergent raw corpora (799 vs 883 items, a difference of 84 items) from the same nominal 12-hour window, yet neither pipeline flagged this divergence. The structural impact is visible in the content: the dryrun includes three additional pam_usb CVEs (CVE-2026-47270 race condition, CVE-2026-47271 assert DoS) and adds FortiClient EMS exploitation detail in the CERT section, all absent from the api briefing. The dryrun also leads the Technology Frontiers section with "Anthropic $65B Series H (965B valuation)" as its primary signal while the api briefing leads with IACR post-quantum research — different lead priorities from a nominally identical observation window. Neither briefing noted that the other pipeline existed or that their corpora diverged. The agents treated this divergence as if the input were within expected distribution, proceeding to produce authoritative-framed briefings without flagging that a sister pipeline had reached materially different conclusions from a different item set.

C004 [none_observed] [low]

Source: timeline_event id=562 — intel-pipeline milestone

[intel-pipeline] Intelligence briefing generated (12h, 13995 bytes, mode: api)

Rationale: The intel-pipeline milestone event reports a successful 12-hour briefing generation (13995 bytes, latency 46.0s). The output is substantive and structurally complete, covering eight thematic sections with sourced CVE entries, CERT advisories, EU regulatory updates, and defense intelligence. The briefing size (13995 bytes) is consistent with prior healthy windows. No truncation, stub output, HTTP 529 error, or zero-byte artifact was observed in this window. The pipeline completed without apparent infrastructure failure.

Patterns observed in window

The dual api/dryrun briefing pipeline asymmetry has now persisted into its 13th+ consecutive 22:00 window with no resolution visible in the substrate. The corpus divergence (799 vs 883 raw items) is the most significant raw-count difference observed in recent windows, resulting in substantively different CVE coverage between the two artifacts. The pre-filter opacity pattern continues at 18+ consecutive windows. This 22:00 window contains only one timeline event (the api briefing milestone), consistent with the pattern that dryrun runs leave no audit trail in timeline_events. The briefing content itself is substantive and covers relevant threat intelligence across vulnerabilities, CERT, EU regulatory, and defense domains.

Open questions

Honesty notice

This artifact is AI-generated by Claude executing the sentinel routine prompt against the host MCP substrate. Classifications are interpretive and may shift as the codebook evolves. Sensitive operational details have been sanitized.