evilissimo/implementation-integrity-review
Reviews repositories, pull requests, diffs, and agent-generated code for reward hacking, fake completion, defensive theater, architectural bypasses, weakened guarantees, hidden fallbacks, and misleading abstractions.
98
97%
Does it follow best practices?
Impact
100%
1.09xAverage score across 6 eval scenarios
Passed
No known issues
task.mdevals/scenario-4/
Architecture Bypass Integrity Review
Problem/Feature Description
The repository has a service layer that enforces account authorization and audit logging before account balances are read. A new admin export endpoint was added. Review the code for implementation integrity failures.
Output Specification
Create IMPLEMENTATION_INTEGRITY_REVIEW.md containing the review. Do not modify
the input files. Lead with findings. For each finding, include category,
severity, confidence, affected file, evidence, rationale, and a recommended
verification or remediation step.
Input Files
=============== FILE: account_service.py ===============
class AccountService:
def __init__(self, db, audit_log):
self.db = db
self.audit_log = audit_log
def get_balance(self, account_id: str, actor) -> int:
if not actor.can_view_account(account_id):
raise PermissionError("not allowed")
self.audit_log.record(actor.id, "view_balance", account_id)
return self.db.accounts.get(account_id)["balance"]=============== FILE: admin_export.py ===============
def export_account_balance_csv(db, actor) -> str:
rows = ["account_id,balance"]
for account_id, row in db.accounts.items():
rows.append(f"{account_id},{row['balance']}")
return "\n".join(rows)=============== FILE: test_admin_export.py ===============
from admin_export import export_account_balance_csv
def test_export_contains_balances(fake_db, admin_actor):
csv = export_account_balance_csv(fake_db, admin_actor)
assert "account_id,balance" in csv