chore(v2.5.0): update doc counts 23→25, STATE.a2ml v2.3.0, complete milestone

- Update all category counts (23→25) across README, TOPOLOGY, CONTRIBUTING,
  EXPLAINME, CLAUDE.md, ROADMAP, STATE.a2ml
- STATE.a2ml: version 2.3.0, completion 98%, add session-2026-04-12b block,
  remove input-boundary/mutation from next-priorities (done)
- TOPOLOGY.md: PA001–PA025, v2.3.0, Last updated 2026-04-12
- CLAUDE.md: v2.5.0 categories summary, updated next-priorities

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: hyperpolymath

.claude/CLAUDE.md

@@ -89,7 +89,7 @@ cp target/release/panic-attack ~/.asdf/installs/rust/nightly/bin/
 ## Key Design Decisions
 
 - **49 language analyzers**: Rust, C/C++, Go, Python, JavaScript, Ruby, Elixir, Erlang, Gleam, ReScript, OCaml, SML, Scheme, Racket, Haskell, PureScript, Idris, Lean, Agda, Isabelle, Coq, Prolog, Logtalk, Datalog, Zig, Ada, Odin, Nim, Pony, D, Nickel, Nix, Shell, Julia, Lua, + 12 nextgen DSLs
-- **23 weak point categories**: UnsafeCode, PanicPath, CommandInjection, UnsafeDeserialization, AtomExhaustion, UnsafeFFI, PathTraversal, HardcodedSecret, ProofDrift, CryptoMisuse, SupplyChain, etc.
+- **25 weak-point categories** (PA001–PA025): UnsafeCode, PanicPath, CommandInjection, UnsafeDeserialization, AtomExhaustion, UnsafeFFI, PathTraversal, HardcodedSecret, ProofDrift (PA021), CryptoMisuse (PA022), SupplyChain (PA023), InputBoundary (PA024), MutationGap (PA025), etc.
 - **Per-file language detection**: Each file analyzed with its own language-specific patterns. Skips `external_corpora/`, `third_party/`, and `corpus/` directories
 - **miniKanren logic engine**: Relational reasoning for taint analysis, cross-language vulnerability chains, and search strategy optimisation
 - **Latin-1 fallback**: Non-UTF-8 files handled gracefully
@@ -161,20 +161,28 @@ Phase 2 adds VeriSimDB hexad persistence and auto-retire on upstream fix.
 Three self-contained modes — none requires the others:
 
 1. **Standalone** (USB/laptop/air-gapped): Single binary, zero deps, `assail`/`assault` individual targets
-2. **Panicbot** (gitbot-fleet/CI): Automated JSON scanning, PA001–PA021 codes, bot directives
+2. **Panicbot** (gitbot-fleet/CI): Automated JSON scanning, PA001–PA025 codes, bot directives
 3. **Mass-panic** (assemblyline + verisimdb + Chapel): Org-scale batch scanning with incremental BLAKE3, hexad persistence, delta reporting, notifications. Chapel (planned) for distributed multi-machine orchestration.
 
 ## Planned Features (Next Priorities)
 
 1. **verisimdb HTTP API integration**: Push hexads via REST (awaiting API stabilisation)
-2. **kanren context-facts**: ~10 rules for FP suppression (~8% -> ~2-3%)
-3. **hypatia pipeline**: JSON AssailReport consumed by Hypatia Elixir rules (Logtalk export removed 2026-04-12)
-4. **Shell completions**: bash, zsh, fish, nushell
-5. **Chapel metalayer**: Distributed `coforall` scanning across compute clusters
+2. **Shell completions**: bash, zsh, fish, nushell (v2.3.0)
+3. **Interactive TUI mode**: Review findings in terminal (v2.3.0)
+4. **Chapel metalayer**: Distributed `coforall` scanning across compute clusters (v3.0.0)
+
+## v2.5.0 Detection Categories (COMPLETE — 25 categories total)
+
+All five detection categories shipped in v2.5.0 (2026-04-12):
+- **ProofDrift (PA021)**: Proof escape hatches in Isabelle/Coq/Lean/Agda/Idris2; Julia mirror patterns
+- **CryptoMisuse (PA022)**: Weak hash (MD5/SHA-1) in security context; timing-unsafe == on secrets
+- **SupplyChain (PA023)**: Unpinned deps, absent lock files, unverified manifests
+- **InputBoundary (PA024)**: Unchecked CBOR/MessagePack (Rust), JSON.parse without try-catch (JS/Julia)
+- **MutationGap (PA025)**: No cargo-mutants config (Rust), all-type-only assertions (Julia), no property testing (Elixir)
 
 ## Integration Points
 
-- **panicbot**: gitbot-fleet verifier bot — invokes `panic-attack assail --output-format json`, translates WeakPoints to Findings (PA001-PA021). Directives at `.machine_readable/bot_directives/panicbot.scm`
+- **panicbot**: gitbot-fleet verifier bot — invokes `panic-attack assail --output-format json`, translates WeakPoints to Findings (PA001-PA025). Directives at `.machine_readable/bot_directives/panicbot.scm`
 - **verisimdb**: Store scan results as hexads (document + semantic modalities). File I/O works, API planned
 - **hypatia**: Neurosymbolic rule engine processes findings. Env var watcher in diagnostics
 - **panll**: Event-chain export for three-panel visualisation. Working via `panll` subcommand. Two dedicated panels: panic-attack (single-repo) and Mass Panic (assemblyline batch GUI)

.machine_readable/6a2/STATE.a2ml

@@ -4,14 +4,14 @@
 
 [metadata]
 project = "panic-attacker"
-version = "2.2.0"
+version = "2.3.0"
 last-updated = "2026-04-12"
 status = "active"
 
 [project-context]
 name = "panic-attacker"
-completion-percentage = 97
-phase = "CRG C (Beta) — v2.5.0 detection categories in progress"
+completion-percentage = 98
+phase = "CRG C (Beta) — v2.5.0 detection categories complete; v2.3.0 shell completions + TUI next"
 
 [testing-completion-2026-04-04]
 description = "CRG C blitz completed: unit + smoke + build + P2P + E2E + reflexive + contract + aspect + benchmarks"
@@ -33,16 +33,21 @@ language-detection = "Skips external_corpora/, third_party/, and corpus/ directo
 logtalk-removed = "Logtalk export removed; Hypatia now consumes JSON AssailReport via Elixir rules"
 fp-suppression = "WeakPoint.suppressed field wired; apply_suppression() runs kanren engine on every scan; panicbot filters suppressed items"
 languages = "49 languages (added Isabelle/HOL .thy and Coq/Rocq .v with dedicated analyzers)"
-categories = "23 weak point categories (added ProofDrift PA021, CryptoMisuse PA022, SupplyChain PA023)"
+categories = "23 weak point categories as of 2026-04-12 (ProofDrift PA021, CryptoMisuse PA022, SupplyChain PA023); InputBoundary PA024 + MutationGap PA025 added same session → 25 total"
 proof-drift = "ProofDrift: sorry/oops/Admitted/trustMe/believe_me/assert_total/%partial across Isabelle/Coq/Lean/Agda/Idris2; Julia mirror patterns"
 crypto-misuse = "CryptoMisuse: MD5/SHA-1 in security context (Rust/Python/JS/Go/Elixir); timing-unsafe == on secret variables"
 supply-chain = "SupplyChain: Cargo.toml git-deps without rev=, absent Cargo.lock, Julia Manifest.toml without hashes, flake.nix without narHash, unpinned deno.json"
 panicbot-wired = "PA021/PA022/PA023 wired in gitbot-fleet/bots/panicbot/src/translator.rs"
-idris2-abi = "PatternCompleteness.idr updated: 49 languages, 23 categories, all proven total"
+idris2-abi = "PatternCompleteness.idr updated: 49 languages, 25 categories, all proven total"
+
+[session-2026-04-12b]
+input-boundary = "InputBoundary PA024: CBOR/MessagePack (serde_cbor/ciborium/rmp_serde) in Rust, JSON.parse without try-catch in JS, JSON3.read/JSON.parse in Julia"
+mutation-gap = "MutationGap PA025: Cargo.toml with test infra but no cargo-mutants config (Rust, project-level), @testset all-type-only assertions (Julia), ExUnit without ExUnitProperties/StreamData (Elixir)"
+panicbot-wired = "PA024/PA025 wired in gitbot-fleet/bots/panicbot/src/translator.rs"
+categories = "25 weak point categories total (v2.5.0 complete)"
+v25-complete = "All 5 v2.5.0 detection categories done: crypto_misuse, proof_drift, supply_chain, input_boundary, mutation"
 
 [next-priorities]
 verisimdb-http = "Push hexads via REST (awaiting API stabilization)"
 shell-completions = "bash, zsh, fish, nushell"
-input-boundary = "v2.5.0: unchecked CBOR/JSON/A2ML deserialization"
-mutation = "v2.5.0: mutation test coverage gaps"
 chapel-metalayer = "Distributed coforall scanning across compute clusters (future)"

CONTRIBUTING.md

@@ -147,7 +147,7 @@ panic-attacker/
 ├── src/
 │   ├── main.rs              # CLI entry point (clap) — 20 subcommands
 │   ├── lib.rs               # Library API
-│   ├── types.rs             # Core types (49 languages, 23 categories)
+│   ├── types.rs             # Core types (49 languages, 25 categories)
 │   ├── assail/              # Static analysis engine
 │   │   ├── analyzer.rs      # 49-language analyzer with per-file detection
 │   │   └── patterns.rs      # Language-specific attack patterns

EXPLAINME.adoc

@@ -43,7 +43,7 @@ The README makes claims. This file backs them up.
 
 | `src/main.rs` | CLI entry: 20 subcommands (assail, assault, temporal, panll, groove, bridge, etc.)
 | `src/lib.rs` | Library API exposing all analysis engines
-| `src/assail/` | Static analysis (49 languages, 23 weak point categories)
+| `src/assail/` | Static analysis (49 languages, 25 weak-point categories)
 | `src/assail/analyzer.rs` | Per-file language detection and pattern matching dispatcher
 | `src/assail/patterns.rs` | Language-specific regex patterns for weak points
 | `src/kanren/` | Logic engine (unification, fact database, taint, cross-lang)

README.adoc

@@ -66,7 +66,7 @@ panic-attack exists to address this by combining:
 panic-attack provides:
 
 * **49-language static analysis** across multiple families
-* **Weak point detection** (23 categories)
+* **Weak point detection** (25 categories)
 * **Attack simulation (6 axes)**: CPU, memory, disk, network, concurrency, time
 * **miniKanren logic engine** for taint analysis and cross-language reasoning
 * **Signature detection** (use-after-free, deadlock, etc.)

ROADMAP.adoc

@@ -18,7 +18,7 @@ binary, panicbot (gitbot-fleet CI integration), and mass-panic (org-scale batch
 
 **Key capabilities today:**
 
-* 49-language analyzer with per-file detection and 23 weak-point categories
+* 49-language analyzer with per-file detection and 25 weak-point categories
 * miniKanren v2.0.0 logic engine (taint analysis, cross-language reasoning, search strategies)
 * Patch Bridge CVE lifecycle engine (OSV API, reachability scan, phantom dependency detection)
 * Cryptographic attestation chain (intent/evidence/seal)
@@ -139,7 +139,7 @@ Identified as an estate-wide gap in the 2026-04-05 KRL-stack CRG blitz audit.
 
 == v3.1.0 -- Ecosystem Integration
 
-* [x] Panicbot integration (gitbot-fleet, PA001-PA021 codes)
+* [x] Panicbot integration (gitbot-fleet, PA001-PA025 codes)
 * [x] Hypatia diagnostics self-check
 * [x] PanLL event-chain export (two dedicated panels)
 * [x] Cryptographic attestation chain with optional Ed25519 signing

TOPOLOGY.md

@@ -1,6 +1,6 @@
 <!-- SPDX-License-Identifier: PMPL-1.0-or-later -->
 <!-- TOPOLOGY.md — Project architecture map and completion dashboard -->
-<!-- Last updated: 2026-03-07 -->
+<!-- Last updated: 2026-04-12 -->
 
 # panic-attack — Project Topology
 
@@ -55,7 +55,7 @@
 COMPONENT                          STATUS              NOTES
 ─────────────────────────────────  ──────────────────  ─────────────────────────────────
 CORE CAPABILITIES
-  Assail Static Analysis            ██████████ 100%    49 languages, 23 categories
+  Assail Static Analysis            ██████████ 100%    49 languages, 25 categories
   Multi-Axis Stress Testing         ██████████ 100%    6 axes (CPU, Mem, Disk, etc)
   miniKanren Logic Engine           ██████████ 100%    Taint, cross-lang, strategies
   Ambush / Amuck / Abduct           ██████████ 100%    Advanced workflows stable
@@ -82,7 +82,7 @@ BATCH & PIPELINE
   i18n Support (10 languages)       ██████████ 100%    ISO 639-1, compile-time safe
 
 INTEGRATION
-  Panicbot (gitbot-fleet)           ██████████ 100%    PA001–PA021, JSON contract
+  Panicbot (gitbot-fleet)           ██████████ 100%    PA001–PA025, JSON contract
   Diagnostics (self-check)          ██████████ 100%    Version, fleet, attestation
   VerisimDB Storage                 ██████░░░░  60%    File I/O works, API planned
   Hypatia Pipeline                  ████░░░░░░  40%    Env var watcher, no kanren export
@@ -94,7 +94,7 @@ REPO INFRASTRUCTURE
   Readiness Tests (CRG)             ██████████ 100%    18 tests: D(4) C(10) B(4)
 
 ─────────────────────────────────────────────────────────────────────────────
-OVERALL:                            █████████░  ~97%   v2.2.0 Stable
+OVERALL:                            █████████░  ~98%   v2.3.0 Stable
 ```
 
 ## Key Dependencies
@@ -103,7 +103,7 @@ OVERALL:                            █████████░  ~97%   v2.2.
 Assail (49L) ───► kanren Logic ───► Taint/XLang ───► Weak Points
      │                │                                    │
      ▼                ▼                                    ▼
-Assemblyline ──► Notify Pipeline ──► GitHub Issues    Panicbot (PA001–PA021)
+Assemblyline ──► Notify Pipeline ──► GitHub Issues    Panicbot (PA001–PA025)
      │                │                                    │
      ▼                ▼                                    ▼
 BLAKE3 Cache ──► VerisimDB Store ──► PanLL Export     Fleet FindingSet