docs/research/sync-simplification-audit/verified-risk-reward.md
5d02ec86…2651, findings
83acd393…c8e9, retained ac42fde4…e4d, verification
9dda34db…f18dThis document orders only the five candidates that reached a clean Wave E
verified disposition. It is derived from verification.md,
findings.md, and retained.md; it is not part of
the frozen audit baseline and does not change any candidate's evidence or
disposition.
discovered/proposed, unverified and are not ranked.Candidates are compared in this order:
All five have reproduced evidence and low behavioral risk. Their order is therefore driven mainly by privacy payoff, validation cost, compatibility sensitivity, and dependency sequencing.
N42 and N211 share the same overall risk/reward tier. Their 4a/4b labels
follow F1's recommended integration sequence; they do not claim a measured
benefit or confidence difference between the two candidates.
| Priority | Candidate | Reward | Risk and cost | Why it belongs here |
|---|---|---|---|---|
| 1 | SSA-0025 / N25 — stop retaining decrypted JSON samples | High privacy payoff; medium maintenance benefit | Low behavioral risk; medium validation | Removes plaintext retention from error objects while preserving recovery and routing. It has the clearest direct user-data benefit. |
| 2 | SSA-0009 / N09 — remove duplicate final-upgrade mock assertions | Medium maintenance benefit | Low behavioral risk; small validation | A small, reversible test-only deletion backed by the real IndexedDB descriptor test and version-threshold coverage. |
| 3 | SSA-0202 / N202 — remove unused SuperSync E2E helper APIs | Medium maintenance benefit | Low behavioral risk; small validation | Removes 13 unused unpublished helpers and is isolated from production and the application integration harness. |
| 4a | SSA-0042 / N42 — remove unused legacy database writers | Medium maintenance benefit | Low behavioral risk; medium validation; compatibility-sensitive area | The methods are unused, but the surrounding legacy migration and recovery boundary justifies later integration and broader validation. |
| 4b | SSA-0211 / N211 — remove definition-only integration APIs | Medium maintenance benefit | Low behavioral risk; medium validation; widest test-harness surface | Removes 17 APIs, but must retain call-history storage and the awaited zero-latency ordering boundary across five direct harness consumers. |
The matrix has no high-risk verified row. That is a result of fast-track admission deliberately preferring a smaller low-risk shortlist, not evidence that the broader findings register is low risk.
79a3da4fd738460559d70b974ef52eb8093cc3c9cfc07b7145fe5a8f32a98ff4JsonParseError identity, safe message, numeric
parse position, fail-closed parsing/decryption, .bak recovery, wrapper
routing, and force-overwrite behavior.1dd864b5c919289ea9624bb3547d6332f23a48cf9b5f3621aee7f4623c914ff91a69b3ad2f75e847a37ac3cfdaea416cf9ca0c37cd00a087000e214b28ea6d5a68dff22a1f2ee21c97156cfb977ff5adb4209cd20bbad3f75d6f414d73f3b902d75667b114fd1b86c1661d888f6dd672b64c480601f6b8a2b6c022ea38fc312agetCallsTo, its
call-history storage, reset behavior, ready-by-default behavior, and the
awaited zero-latency asynchronous boundary.The risk/reward ranking and F1 dependency graph permit this execution shape:
Keep every stable ID in its own reviewable implementation slice. Do not bundle the rejected or decision-required records into these changes.
| Candidate | Disposition | Reason |
|---|---|---|
SSA-0167 / B35-C14 | Rejected | Its immutable packet missed a second exportable calendar-content log. A wider two-sink proposal is unverified. |
SSA-0043 / B12-C01 | Decision-required | Static evidence was favorable, but the verifier did not complete the mandatory after-baseline reproduction. |
SSA-0188 / B35-C35 | Decision-required | The fresh verifier session returned neither a terminal report nor an after-baseline reproduction. |
The other 206 origins are research inventory, not an ordered implementation queue. Ranking them would require a separate evidence pass that assigns the same four bands and resolves compatibility, consumer, and validation gaps without modifying the frozen audit records.
verification.md for authoritative verifier evidence and F1 edges.findings.md for the immutable candidate packet and revision hash.retained.md for boundaries that must survive implementation.npm run checkFile <filepath> for every changed
TypeScript file and the candidate-specific tests listed above.