Closes ChatGPT third-pass directive items #2 and #7. Docs + framework
only; engine math byte-identical to v2.9.31 (no version bump).
Added — validation/p6-comparison/ (item #2)
15-case Primavera P6 comparison matrix framework. Each case has:
- input.json (activities + relationships + opts, engine-input format)
- engine-output.json (full computeCPM result captured at v2.9.31)
- comparison.csv (per-activity ES/EF/LS/LF/TF/FF with engine column
 filled, P6 column blank for analyst capture, verdict_pass_fail col)
- README.md (case description + expected behavior + P6 setup notes)
Cases:
 01 FS chain 09 completed successor
 02 SS+5 with lag 10 out-of-sequence progress
 03 FF+3 with lag 11 mandatory start / finish
 04 SF edge case 12 SNET + FNLT
 05 negative float (FNLT) 13 ALAP
 06 multiple calendars 14 fractional lag (SUB_DAY_LAG)
 07 CA-ON Ontario holidays 15 dangling relationship
 08 in-progress retained logic
13 of 15 are P6-capturable. Cases 14 and 15 are known-by-construction
divergences documented in comparison-matrix.md.
Files added:
- validation/p6-comparison/README.md — framework overview
- validation/p6-comparison/comparison-matrix.md — master roll-up
- validation/p6-comparison/generate-cases.js — generator script
- validation/p6-comparison/engine-outputs-summary.json
- validation/p6-comparison/cases/<NN-name>/ — 15 per-case folders
Pending analyst action: populate the *_p6 columns of each case's
comparison.csv from native P6 capture, then mark verdict_pass_fail.
Each case is small (2-5 activities) and trivial to reproduce in P6.
Added — FORENSIC_USE_SOP.md (item #7)
14-step operating procedure for using cpm-engine to produce expert
opinions and claim deliverables. Each step has goal, action, engine
API support, and what evidence to capture in the manifest. Closes
the FRE 702 attack surface at the application layer (separate from
the principles layer, which is covered by DAUBERT.md + VERIFY_RELEASE.md).
Steps:
 1. Intake source artifact
 2. Preserve + SHA-256 hash
 3. Confirm data date
 4. Confirm schedule mode (retained vs override)
 5. Confirm calendars
 6. Run forensic strict validation
 7. Review alerts
 8. P6 comparison for opinion-controlling activities
 9. Select AACE method
 10. Record excluded activities
 11. Record overrides
 12. Generate deliverable via downstream skill
 13. QA against manifest
 14. Analyst signoff
Includes 14-item checklist for case-folder cover sheet — supports the
"did you follow your own SOP?" cross-exam question.
Engine math unchanged. computeCPM byte-identical to v2.9.27 through
v2.9.31. No version bump (engine stays at v2.9.31; these new files
DESCRIBE v2.9.31 rather than modify it).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Third adversarial-audit pass on v2.9.31 surfaced 35 findings. Closes
the 21 genuine bugs/drift/overclaim-language findings; the remaining
12-14 honest-disclosure findings get canned cross-exam responses in
docs/cross-exam-prep.md.
Added — version-drift regression gate (closes #1, #2, #3, #5, #6, #7,
#18, #30)
- tests/no-stale-version-refs.test.js: scans 13 doc surfaces for
 v2.9.X references; distinguishes current-state from historic
 narration via whitelist patterns; fails build if any current-state
 reference is not equal to ENGINE_VERSION.
- Wired into npm run test:all and npm run test:version-refs.
- The recurring drift class of bug (4 releases in a row) cannot
 recur in this form on v2.9.32+ without the build failing.
Fixed — version-drift sweep
- DAUBERT.md header v2.9.29 -> v2.9.32
- DAUBERT.md Layer 2 sigstore example: tag-agnostic v<TAG>/...
- VERIFY_RELEASE.md full sweep (header, manifest, checkout, expected
 output, citation block, doc-version footer)
- FORENSIC_USE_SOP.md, docs/jurisdictions.md, docs/api.md, P6
 framework READMEs, XER corpus README: all current-state refs
 bumped to v2.9.32
- Coverage baseline regenerated: 93.33% stmts / 82.39% branches /
 93.75% funcs / 93.33% lines (up from v2.9.31 due to 8 new tests).
Fixed — overclaim language pass (closes #4, #19, #20, #26, #27, #28,
#29)
- DAUBERT §4 + §5: 'is satisfied by' -> 'is addressed by ...
 determination for the trier of fact'
- DAUBERT §3.1: 'challenger can no longer claim untestability' ->
 'substantially weakens an untestability objection'
- FORENSIC_USE_SOP: 'The engine is reliable' -> 'The engine has a
 documented validation record'
- package.json description: 'Forensically-defensible' -> 'Open-source'
- P6 README: dropped 'roughly one work session' time estimate;
 replaced 'Layer-5-equivalent' coinage
Fixed — API doc bug (closes #17)
- docs/jurisdictions.md: getHolidays() documented as returning an
 array of ISO-8601 date strings (which is what it actually returns),
 not objects with {date, name, jurisdiction}. Added
 getJurisdictionCalendar() example showing the typed shape used by
 computeCPM's cal_map.
Engine code — Section Q strict-mode hardening (closes #21, #22, #31)
- computeCPMSalvaging now refuses forensic_strict at function entry,
 throwing StrictForensicViolation with context
 'salvage-mode-not-forensic'. Mirrors runCPM's refusal.
 Categorically closes the route-around audit flagged.
- FATAL_STRICT_CONTEXTS gains 'salvage-mode-not-forensic'.
- SECTION R-v2.9.32 added to cpm-engine.test.js: 8 new tests
 including a dead-context regression — every entry in
 FATAL_STRICT_CONTEXTS must appear at least twice in cpm-engine.js
 source (set member + emission/throw). Closes false-coverage risk.
Added — docs/cross-exam-prep.md (internal analyst resource)
17 pre-drafted defensive responses to predictable cross-examination
questions arising from the engine's published disclosures. Explicitly
marked NOT for court citation; analyst-prep only.
Tests
- 1,112 / 1,112 unit tests (was 1,104)
- 747 / 747 crossval across 43 fixtures
- Citation + truncation + version-drift regression PASS
- npm run verify PASS
Engine math byte-identical to v2.9.27 - v2.9.31 on non-strict path.
Strict mode additively hardened. Sigstore witness regenerated.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>