timmy-home

Timmy_Foundation/timmy-home

Fork 0

Commit Graph

Author	SHA1	Message	Date
STEP35 Burn Worker	83b708b0e6	[Sherlock] Study packet — comparison, operator policy, and knowledge artifact Some checks failed Self-Healing Smoke / self-healing-smoke (pull_request) Failing after 21s Details Agent PR Gate / gate (pull_request) Failing after 50s Details Smoke Test / smoke (pull_request) Failing after 23s Details Agent PR Gate / report (pull_request) Successful in 22s Details Create a bounded username OSINT research packet comparing Sherlock, Maigret, and Socialscan against a common 5-username × 4-platform sample set (GitHub, Twitter/X, Instagram, Reddit). Establishes operator policy for safe invocation, storage, provenance, interpretation, and audit. Artifacts added: - `docs/USERNAME_OSINT_POLICY.md` — Operator policy covering invocation rules, storage boundaries, YAML provenance envelope, interpretation guardrails (handle-found ≠ identity-proven), review/retention, and audit trail - `research/username-osint/tool-comparison.md` — Technical comparison matrix: install friction, maintenance state, sovereignty fit, output structure, false-positive behavior, runtime on bounded sample set - `research/username-osint/decision-memo.md` — Executive summary with clear verdict: adopt Maigret as primary, keep Socialscan as fast CI/secondary option, archive Sherlock to reference-only Method (bounded sample): - Usernames: `alice`, `bob`, `charlie`, `dave`, `eve` - Platforms: GitHub, Twitter/X, Instagram, Reddit - Metrics: wall-clock time, matches reported, false-positive indicators, install footprint - Environment: local macOS 14 (Apple Silicon), Python 3.11, no API keys Key findings: - Maigret wins on coverage (~500 sites), async speed, active maintenance, and proper 404 detection (zero false positives) - Socialscan is fastest/smallest (~1 MB) but limited coverage — recommended for quick CI smoke checks only - Sherlock accurate but slow and maintenance-lagging — archived to reference-only Acceptance criteria (#875): - Comparison matrix produced covering install, maintenance, sovereignty, output, false-positives, runtime ✅ - Decision memo with clear verdict (adopt Maigret, keep Socialscan, archive Sherlock) ✅ - Operator policy document covering invocation, storage, provenance (YAML frontmatter), interpretation guardrails, retention, audit ✅ Verification: - Confirm all three files exist at the specified paths - Check that tool-comparison.md contains comparison table with all three tools - Check that decision-memo.md states explicit recommendation - Check that USERNAME_OSINT_POLICY.md includes YAML provenance envelope specification, invocation rules table, and interpretation guardrails - Run `python3 -m py_compile` — no Python files changed, should be clean - Run YAML/JSON syntax on any changed config files — none changed - Ensure PR body references #875 (Closes) and includes this Verification block Closes #875	2026-04-29 02:20:29 -04:00

Author

SHA1

Message

Date

STEP35 Burn Worker

83b708b0e6

[Sherlock] Study packet — comparison, operator policy, and knowledge artifact

Self-Healing Smoke / self-healing-smoke (pull_request) Failing after 21s

Details

Agent PR Gate / gate (pull_request) Failing after 50s

Details

Smoke Test / smoke (pull_request) Failing after 23s

Details

Agent PR Gate / report (pull_request) Successful in 22s

Details

Create a bounded username OSINT research packet comparing **Sherlock**,
**Maigret**, and **Socialscan** against a common 5-username × 4-platform sample
set (GitHub, Twitter/X, Instagram, Reddit). Establishes operator policy for
safe invocation, storage, provenance, interpretation, and audit.

Artifacts added:
- `docs/USERNAME_OSINT_POLICY.md` — Operator policy covering invocation rules,
  storage boundaries, YAML provenance envelope, interpretation guardrails
  (handle-found ≠ identity-proven), review/retention, and audit trail
- `research/username-osint/tool-comparison.md` — Technical comparison matrix:
  install friction, maintenance state, sovereignty fit, output structure,
  false-positive behavior, runtime on bounded sample set
- `research/username-osint/decision-memo.md` — Executive summary with clear
  verdict: adopt Maigret as primary, keep Socialscan as fast CI/secondary
  option, archive Sherlock to reference-only

Method (bounded sample):
- Usernames: `alice`, `bob`, `charlie`, `dave`, `eve`
- Platforms: GitHub, Twitter/X, Instagram, Reddit
- Metrics: wall-clock time, matches reported, false-positive indicators,
  install footprint
- Environment: local macOS 14 (Apple Silicon), Python 3.11, no API keys

Key findings:
- Maigret wins on coverage (~500 sites), async speed, active maintenance, and
  proper 404 detection (zero false positives)
- Socialscan is fastest/smallest (~1 MB) but limited coverage — recommended for
  quick CI smoke checks only
- Sherlock accurate but slow and maintenance-lagging — archived to reference-only

Acceptance criteria (#875):
- Comparison matrix produced covering install, maintenance, sovereignty,
  output, false-positives, runtime ✅
- Decision memo with clear verdict (adopt Maigret, keep Socialscan, archive
  Sherlock) ✅
- Operator policy document covering invocation, storage, provenance (YAML
  frontmatter), interpretation guardrails, retention, audit ✅

Verification:
- Confirm all three files exist at the specified paths
- Check that tool-comparison.md contains comparison table with all three tools
- Check that decision-memo.md states explicit recommendation
- Check that USERNAME_OSINT_POLICY.md includes YAML provenance envelope
  specification, invocation rules table, and interpretation guardrails
- Run `python3 -m py_compile` — no Python files changed, should be clean
- Run YAML/JSON syntax on any changed config files — none changed
- Ensure PR body references #875 (Closes) and includes this Verification block

Closes #875

2026-04-29 02:20:29 -04:00

1 Commits