vrr/WFGY
2
0
Fork 0
mirror of https://github.com/onestardao/WFGY.git synced 2026-04-26 10:40:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
WFGY/ProblemMap/GlobalFixMap/Embeddings/poisoning_and_contamination.md

11 KiB
Raw Permalink Blame History

Poisoning and Contamination — Guardrails and Fix Patterns

🧭 Quick Return to Map

You are in a sub-page of Embeddings.
To reorient, go back here:

Think of this page as a desk within a ward.
If you need the full triage and all prescriptions, return to the Emergency Room lobby.

Use this page when answers suddenly contradict known anchors after an ingestion, when one domain dominates results with subtle text edits, or when λ becomes spiky only for a subset of sources. Goal is to localize the tainted slice, quarantine it, and rebuild cleanly with measurable gates. No infra change required.

Open these first

When to use this page

  • A small set of domains or mirrors suddenly starts winning top k with altered numbers or claims
  • Coverage to long standing anchors drops only after a crawl or vendor feed
  • ΔS remains high and flat while you raise k and add rerank, but only for specific time windows
  • λ flips only when the citation comes from a certain source family
  • Adversarial phrasing in corpus attracts unrelated queries

Acceptance targets

  • ΔS(question, retrieved) ≤ 0.45
  • Coverage of the target section ≥ 0.70
  • λ convergent across three paraphrases and two seeds
  • Domain skew normalized. No single low trust domain occupies more than 20 percent of top twenty on the gold set

Threat model at a glance

  • Source poisoning. Upstream page changed to subtly wrong math or policy lines.
  • Mirror contamination. CDN or scraped mirrors with injected edits and tracking params.
  • Adversarial attractors. Snippets seeded with instruction like strings to bias retrieval.
  • OCR contamination. Hyphenation or column bleed creates misleading near duplicates.
  • Label contamination. Gold set or eval answers were copied into the corpus.
  • Model mismatch contamination. A second embedder with different normalization pollutes neighborhoods.

Fix in 60 seconds

  1. Freeze ingestion and isolate the suspect window Partition by ingest_ts and source_id. Compare ΔS and coverage before and after the window.

  2. Clamp the prompt side Enforce cite first, fixed header order, and strict schema while you debug. See retrieval-traceability.md.

  3. Quarantine partitions Move new rows from suspect domains or the latest window into a shadow collection. Serve union plus deterministic rerank on top. See rerankers.md.

  4. Canonicalize and collapse Normalize URLs, remove trackers, apply MinHash or SimHash to detect near duplicates, keep one canonical. Re embed only canonicals. See also duplication_and_near_duplicate_collapse.md.

  5. Verify Three paraphrases and two seeds. Require coverage ≥ 0.70 and ΔS ≤ 0.45 with λ stable. If it passes, cut over.

Symptom → likely cause

  • Right doc appears from trusted domain only when k is very large Likely cause. Mirrors with edited numbers crowd the neighborhood. Collapse near duplicates and prefer canonical domain.

  • Answers contradict anchors only for last seven days of ingestion Likely cause. Feed contamination in that window. Quarantine by ingest_ts and re embed from clean sources.

  • Queries about policy suddenly retrieve instruction like pages Likely cause. Adversarial attractors in text. Down weight patterns and add cross encoder rerank.

  • Gold set precision drops when certain vendor ids appear Likely cause. Mixed embedder or normalization on vendor pipeline. Align metric and normalization, then rebuild that slice.

Probes you can paste into a notebook

Probe A — time window A/B
Split corpus by ingest_ts: before vs after suspected date.
Run 50 gold queries. Record ΔS and coverage per slice.
If after-slice fails while before-slice passes, quarantine after-slice.

Probe B — domain skew
For each domain group:
  run top-20 → count share in top-20 and median ΔS
Flag domains with share > 0.20 and worse ΔS than the median.

Probe C — adversarial attractor
Prepare synthetic queries with tokens like "instruction:", "ignore prior".
Measure how often suspect domains surface vs baseline. If > 3x, down weight pattern.

Probe D — outlier vectors
Sample 10k vectors from suspect window.
Compute L2 norms and first two PCA residuals.
Flag rows where either z score > 3. Review text and domain.

Collapse and tie break policy

  • Canonical pick order: canonical_domain then latest_rev then ocr_conf then longer_snippet_with_same_anchor.
  • Do not collapse across languages unless anchors and citations are identical and the user domain is monolingual.
  • Never serve non canonical duplicates in top k. Keep pointers for audits only.

Contract fields to add

{
  "source_id": "stable-source-key",
  "canonical_domain": "docs.example.com",
  "canonical_url": "https://docs.example.com/guide#s1",
  "ingest_ts": "2025-08-28T10:42:00Z",
  "ingest_channel": "crawler|vendor|manual",
  "trust_tier": "high|medium|low",
  "text_sha256": "sha256:...",
  "minhash_sig": ["...","...","..."],
  "simhash64": "0x8f32c1aa44d0beef",
  "ocr_conf": 0.97,
  "adversarial_flag": false,
  "sanitized": { "unicode_nfc": true, "zero_width_removed": true, "hyphen_fix": true },
  "duplicate_cluster_id": null,
  "duplicate_of": null,
  "review_status": "clean|quarantine|blocked"
}

Operational guardrails

  • Single writer per partition and idempotent upsert on (doc_id, section_id, rev)
  • Quarantine bucket for new domains and new channels, dual read until verified
  • Daily drift job that charts ΔS and coverage per domain and per ingest_ts window
  • Canary anchors per vertical to detect silent edits
  • Alerts on domain share spikes, λ flip rate spikes, and ΔS ≥ 0.60 on live traffic

Verification checklist

  • Coverage ≥ 0.70 and ΔS ≤ 0.45 on the gold anchors across three paraphrases and two seeds
  • λ convergent with cite first, order stable after harmless header tweaks
  • Domain share distribution looks even. No low trust domain exceeds 20 percent of top twenty
  • Anchor ranks do not regress after collapse and quarantine

Copy paste prompt for the LLM step

TXT OS and the WFGY Problem Map are loaded.

My issue: poisoning or contamination after recent ingestion.
Traces:
- time_window=..., domains=[...], ingest_channel=...
- ΔS(question,retrieved)=..., coverage=..., λ across 3 paraphrases
- duplicate_rate=..., adversarial_flag_rate=...

Tell me:
1) the failing layer and why,
2) the exact WFGY page to open next,
3) a quarantine + collapse plan and tie break I should implement,
4) a verification plan to reach coverage ≥ 0.70 and ΔS ≤ 0.45.
Use BBMC, BBCR, BBPF, BBAM when relevant.

🔗 Quick-Start Downloads (60 sec)

Tool Link 3-Step Setup
WFGY 1.0 PDF Engine Paper 1 Download · 2 Upload to your LLM · 3 Ask “Answer using WFGY + <your question>”
TXT OS (plain-text OS) TXTOS.txt 1 Download · 2 Paste into any LLM chat · 3 Type “hello world” — OS boots instantly

Explore More

Layer Page What its for
Proof WFGY Recognition Map External citations, integrations, and ecosystem proof
⚙️ Engine WFGY 1.0 Original PDF tension engine and early logic sketch (legacy reference)
⚙️ Engine WFGY 2.0 Production tension kernel for RAG and agent systems
⚙️ Engine WFGY 3.0 TXT based Singularity tension engine (131 S class set)
🗺️ Map Problem Map 1.0 Flagship 16 problem RAG failure taxonomy and fix map
🗺️ Map Problem Map 2.0 Global Debug Card for RAG and agent pipeline diagnosis
🗺️ Map Problem Map 3.0 Global AI troubleshooting atlas and failure pattern map
🧰 App TXT OS .txt semantic OS with fast bootstrap
🧰 App Blah Blah Blah Abstract and paradox Q&A built on TXT OS
🧰 App Blur Blur Blur Text to image generation with semantic control
🏡 Onboarding Starter Village Guided entry point for new users

If this repository helped, starring it improves discovery so more builders can find the docs and tools.
GitHub Repo stars