Docs: add curated DeepSeek audit triage note #39

New issue

Closed

opened 2026-05-12 08:05:08 +02:00 by codex · 0 comments

codex commented

2026-05-12 08:05:08 +02:00

Collaborator

Source

Triaged from DeepSeek v4 Pro audit via #35.

Problem

The raw DeepSeek audit is useful but mixed-quality. It should not be committed as canonical guidance without triage because it includes:

accepted actionable findings
already-deferred ADR work
research ideas
overstated claims
factual false positives

A curated note gives future agents the durable context without making them rediscover which parts were accepted or rejected.

Target artifact

Add a short repo document, for example docs/audits/deepseek-v4-pro-triage-2026-05-12.md, that records:

scope and date of the audit
ADRs checked: ADR 0008 and ADR 0009
link to #35 as the backlog index
accepted findings with issue links
deferred findings with issue links
rejected findings with one-line rationale
explicit note that the raw audit is input, not authority

Acceptance criteria

The document links to #35, #36, #37, #38, #27, and other relevant follow-up issues.
ADR references use current numbers: ADR 0008 for dogfood gating, ADR 0009 for three-bucket classification, ADR 0010/0011 only if directly relevant.
Rejected findings are named clearly enough that future agents do not recreate the same issues without a new repro.
README does not need to link this unless operator wants public-facing audit transparency.

Out of scope

Committing the raw DeepSeek output as-is.
Treating external model audits as accepted architecture decisions.
Changing code behavior.

## Source Triaged from DeepSeek v4 Pro audit via #35. ## Problem The raw DeepSeek audit is useful but mixed-quality. It should not be committed as canonical guidance without triage because it includes: - accepted actionable findings - already-deferred ADR work - research ideas - overstated claims - factual false positives A curated note gives future agents the durable context without making them rediscover which parts were accepted or rejected. ## Target artifact Add a short repo document, for example `docs/audits/deepseek-v4-pro-triage-2026-05-12.md`, that records: - scope and date of the audit - ADRs checked: ADR 0008 and ADR 0009 - link to #35 as the backlog index - accepted findings with issue links - deferred findings with issue links - rejected findings with one-line rationale - explicit note that the raw audit is input, not authority ## Acceptance criteria - The document links to #35, #36, #37, #38, #27, and other relevant follow-up issues. - ADR references use current numbers: ADR 0008 for dogfood gating, ADR 0009 for three-bucket classification, ADR 0010/0011 only if directly relevant. - Rejected findings are named clearly enough that future agents do not recreate the same issues without a new repro. - README does not need to link this unless operator wants public-facing audit transparency. ## Out of scope - Committing the raw DeepSeek output as-is. - Treating external model audits as accepted architecture decisions. - Changing code behavior.

codex added the

severity:low

area:docs

source:deepseek-v4-pro

labels

2026-05-12 08:05:08 +02:00

codex referenced this issue

2026-05-12 08:06:04 +02:00

Triage DeepSeek v4 Pro audit into actionable backlog #35

codex referenced this issue from a commit

2026-05-12 08:37:07 +02:00

Docs: record DeepSeek audit triage