topos.evaluation.suppression¶
Allowlist overlay — the adjusted SECURE verdict (anti-gaming design).
The core classification pipeline is canonical and untouched: it always
produces the raw verdict from the full DANGEROUS_APIS registry. This
module computes an adjusted view on top of that result by re-counting
dangerous calls / taint flows with the allowlisted patterns removed.
Both verdicts are always surfaced together, every suppression is disclosed with its mandatory reason, and any active suppression caps the attainable grade below Gold/IDEAL. An agent therefore cannot silently hide a finding to inflate the score — only acknowledge it, visibly, and never to the top.
- class topos.evaluation.suppression.AdjustedVerdict(raw_secure_pass, adjusted_secure_pass, raw_element, adjusted_element, active_findings=<factory>, acknowledged=<factory>, grade_capped=False)[source]
Bases:
objectRaw vs. allowlist-adjusted SECURE verdict for one file.
- raw_secure_pass
- adjusted_secure_pass
- raw_element
- adjusted_element
- active_findings
- acknowledged
- grade_capped = False
- property suppressions_active
- property verdict_changed
- topos.evaluation.suppression.apply_allowlist(result, findings, config, *, file_path, cpg)[source]
Overlay config’s allowlist onto a canonical classification result.
findings are the raw findings (full registry). cpg is used to recompute exact adjusted counts so the 20-finding display cap cannot corrupt the verdict.