{
  "schema_version": 1,
  "kind": "change_consequence_certificate",
  "certificate_id": "D58AFE9870A7ABC2A8BEA533BE1EEA55D0BF39DED8D91BCA502F68EF8A5E6D72",
  "content_address": "sha256:d58afe9870a7abc2a8bea533be1eea55d0bf39ded8d91bca502f68ef8a5e6d72",
  "subject": {
    "repository": "sample/model-loader-service",
    "pull_request": "https://github.com/acme/model-loader-service/pull/1842",
    "title": "Model loader fallback change",
    "changed_files": [
      "loaders/model_registry.py",
      "loaders/fallback_loader.py",
      "config/model_sources.py",
      "tests/test_model_registry.py",
      "tests/test_fallback_loader.py",
      "docs/model-loading.md"
    ],
    "changed_file_count": 6
  },
  "evidence": {
    "tests": {
      "affected_tests": [
        "tests/test_model_registry.py::test_prefers_pinned_registry_entry",
        "tests/test_fallback_loader.py::test_rejects_unsigned_remote_model",
        "tests/test_fallback_loader.py::test_blocks_untrusted_scheme",
        "tests/test_fallback_loader.py::test_records_audit_event",
        "tests/test_model_registry.py::test_cache_key_includes_model_digest",
        "tests/test_model_registry.py::test_missing_digest_fails_closed"
      ],
      "missing_negative_controls": [
        "fallback URL redirects to unsigned model",
        "registry entry has digest mismatch after cache warmup"
      ],
      "claim_boundary": "Mapped tests are high-signal review evidence, not a replacement for the full suite."
    },
    "owners": {
      "required_reviewers": [
        "@ml-platform",
        "@appsec-review"
      ],
      "routing_reason": "The change touches model loading, fallback resolution, and remote source validation."
    },
    "security": {
      "semgrep": {
        "status": "available",
        "finding_count": 1,
        "blocking_finding_count": 1,
        "top_findings": [
          {
            "rule_id": "python.lang.security.audit.dynamic-model-load",
            "path": "loaders/fallback_loader.py",
            "line": 88,
            "severity": "high",
            "message": "Remote model fallback accepts a URL before digest and signature validation."
          }
        ]
      },
      "osv": {
        "status": "available",
        "vulnerability_count": 0
      }
    },
    "hosted_runtime_trace": {
      "status": "available",
      "snapshot_fanout_speedup": 3821.9354,
      "claim_boundary": "Hosted fanout evidence proves computational acceleration for impact lookup, not total engineering throughput."
    }
  },
  "policy_result": {
    "status": "attention_required",
    "required_review_surfaces": [
      "human reviewer reads the changed files",
      "owner review",
      "affected mapped tests",
      "security scan",
      "dependency audit"
    ],
    "merge_blockers": [
      "Block merge until unsafe fallback path has an explicit negative test.",
      "Block merge until remote model URL is validated before fetch or load."
    ]
  },
  "reviewer_decision": {
    "recommended_action": "block_until_fixed",
    "review_summary": "The certificate narrows the review from six changed files to one unsafe fallback path, two missing negative controls, and two required owners.",
    "expected_value": "A reviewer can make a safer decision before merge instead of discovering the model-load risk after deployment."
  },
  "unknowns": [
    "Production model registry policy is not attached.",
    "Runtime allowlist configuration is not attached.",
    "This sample is illustrative; paid pilots run against the buyer's real repository and PRs."
  ],
  "claim_boundary": "This is a public sample artifact for product evaluation. It is not customer evidence, legal attestation, or proof of paid demand."
}
