From eb77a4732bd40d9c612a543f0c39b228e3389f5f Mon Sep 17 00:00:00 2001 From: ruv Date: Sun, 31 May 2026 11:33:42 -0400 Subject: [PATCH] fix(proof): pin lock to numpy 2.4.2 to match the published proof hash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Verify Pipeline Determinism has been failing (on main too) because requirements-lock.txt pinned numpy 1.26.4 / scipy 1.14.1 (→ hash 667eb054…) while the committed/published expected_features.sha256 (ca58956c…) was generated with modern numpy 2.x — the version a fresh `pip install numpy`, the maintainers, and the proof-of-capabilities.md skeptic path all use today. Bump the lock to numpy 2.4.2 / scipy 1.17.1 so the determinism gate matches its own published proof. verify.py prints VERDICT: PASS with these versions locally. The lock is consumed *only* by verify-pipeline.yml (the Tests jobs use requirements.txt), so this is scoped to the determinism gate. Co-Authored-By: claude-flow --- archive/v1/requirements-lock.txt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/archive/v1/requirements-lock.txt b/archive/v1/requirements-lock.txt index 3169fe04..dae6d01c 100644 --- a/archive/v1/requirements-lock.txt +++ b/archive/v1/requirements-lock.txt @@ -6,8 +6,14 @@ # # To update: change versions, run `python v1/data/proof/verify.py --generate-hash`, # then commit the new expected_features.sha256. +# +# numpy/scipy track the versions the *published* expected hash +# (expected_features.sha256 = ca58956c…) was generated with — modern numpy 2.x, +# i.e. what a fresh `pip install numpy` and the proof-of-capabilities.md skeptic +# path produce today. The old 1.26.4 pin no longer matched that hash and made +# the determinism gate fail against its own published proof. -numpy==1.26.4 -scipy==1.14.1 +numpy==2.4.2 +scipy==1.17.1 pydantic==2.10.4 pydantic-settings==2.7.1