ALEF-PAT-043

host-context-borrow-conflates-actor-with-host

authorize × identity-confusion · severity 7 · confidence 0.86

Embedded agent borrows host's identity to call APIs. Audit log attributes actions to the host, not the agent that initiated them. Forensic trail breaks.

diagnosed in the wild

·

loading…

healed by ALEF

·

loading…

cited in posts

·

loading…

observable signature

{
  "log_regex": "(Institutional\\s+(Infiltration|Adoption|Engagement)|(?:Microsoft|OpenAI|Anthropic|Google|Stripe)\\s+(?:active\\s+)?(?:collaboration|partnership|approach|offer))",
  "alt_regex": [
    "voice_summary\\s+cites\\s+(?:commenter|user|account).*?(?:age|created)\\s*<\\s*(?:7|30)\\s*d",
    "summary\\s+attributes.*?to\\s+<host_org>.*?actual_commenter\\s+(?:age|repos|followers)\\s*<"
  ],
  "behavior": "Voice/summary attributes a comment's claims to the host organization that owns the repository, rather than to the commenter's actual identity. The host-context syntactically borrows institutional weight where none exists."
}

fix archetypes

  • commenter_credibility_pre_filtercost: small

    Before voice-generator promotes a comment to institutional/partnership framing, score commenter via age+repos+followers (gh API). Below threshold 0.6, strip inflation phrases; below 0.4, refuse reply entirely. See agents/voice_credibility_guard.mjs.

  • retire_inflation_vocabularycost: small

    Permanent blacklist of inflation phrases ('Institutional Infiltration', 'feed the engine with benzene', 'corporate collaboration' without verified company field) that voice-generator must never emit even for high-credibility commenters. See meta/retired_phrases.json.

  • commenter_vs_host_disambiguationcost: small

    Every voice/summary record must structurally separate (commenter_login, host_org) as two distinct fields. Any prose conflating them is a hallucination class — caught at commit time by deferral_classifier or downstream linter.

cite as

# In a PR description / issue / RFC:
fixes pattern ALEF-PAT-043 (host-context-borrow-conflates-actor-with-host)
ref: https://n50.io/patterns/043

# Machine query:
GET https://n50.io/api/patterns/043

# Scan your repo for this pattern:
npx @alef-prime/audit-agent-system . --pattern=043