# ATH-384 — SDK IP-leak baseline.
#
# Lists known-tracked leaks that pre-date this CI gate. The gate fails
# only on leaks NOT in this file. When a ticket below lands, the
# corresponding entries should be removed from this file in the same
# PR that fixes the leak.
#
# Format: <repo-relative-path>:<pattern-description>
# Blank lines and lines starting with '#' are ignored.
# The pattern-description must match the `pattern_desc` string emitted
# by check_sdk_ip.py exactly.
#
# Goal: drive this file to empty. Every removed line is a real IP
# protection gain.

# ─── src/kairos/bundle.py — LEGITIMATE, KEEP EXEMPT ──────────────────
#
# bundle.py is the redaction-gate enforcement code itself. It contains
# the FORBIDDEN_MARKERS list by design — not a leak. Exempt permanently.

src/kairos/bundle.py:prompt template leaked

# NOTE 2026-04-19: the filenames.py baseline entry was removed when
# check_sdk_ip.py was retrofitted to use `tokenize` for comment /
# docstring / string-literal stripping (same pattern as
# check_tls_verify.py). Its docstring reference to
# `environments/lean-theorem-proving/root_data/eval/configs/` no
# longer trips the internal-path pattern. One fewer exemption.

# ─── src/kairos/eval_harness.py — BLOCKED ON ATH-383 ─────────────────
#
# eval_harness.py (3,734 LOC) contains the production agent prompts as
# Python f-strings. Multiple FORBIDDEN_MARKERS hits around lines
# 2128-2132 where the system prompt is constructed. These are REAL IP
# leaks; they ship to customer VMs today.
#
# Resolution: ATH-383 migrates eval_harness.py out of the SDK into
# athanor-builder (called via subprocess). At that point these lines
# disappear from the SDK entirely and this exemption should be deleted.
#
# Until ATH-383 ships, the NDA + proprietary license are the primary
# protection for this content.

src/kairos/eval_harness.py:prompt template leaked

# ─── src/kairos/sv/swarm.py — LEGITIMATE, KEEP EXEMPT ──────────────
# (ATH-409) State-swarm cover-probe splice. The flagged f-string is SV
# source code that gets spliced into the customer's spec, not a prompt
# template. No IP leak.
src/kairos/sv/swarm.py:prompt template leaked

# ─── src/kairos/sv/invariants.py — LEGITIMATE, KEEP EXEMPT ─────────
# (ATH-411) Docstring + f-strings contain SVA example text. Not a
# prompt template leak; comment examples of the output shape.
src/kairos/sv/invariants.py:prompt template leaked

# ─── src/kairos/sec/closed_loop/mine_assumptions.py — LEGITIMATE, KEEP EXEMPT ──
# (ATH-1087) LLM mining prompt instructs the proposer on the SVA
# assert-property format with reset-disable-iff guard pattern. The
# flagged literal is a generic SVA template, not Annapurna RTL or
# customer IP. Same shape as kairos.sv.swarm/invariants exemption —
# prompt template framing the proposer's output shape, not actual IP.
src/kairos/sec/closed_loop/mine_assumptions.py:prompt template leaked
