"Why is the context window insufficient for bug bounty engagement memory?"	"Engagements span days/weeks. Context fills and compacts — discovered subdomains from day 1 disappear. Context is a SESSION primitive, not a persistence mechanism. Need a persistent store (ChromaDB) that survives across sessions."	c2a::s02::analysis
"Name the 5 categories of the target-state schema."	"(1) Infrastructure: domains, subdomains, open_ports, services, endpoints. (2) Credentials found. (3) Vulnerability hypotheses. (4) Exploitation attempts + results. (5) Confirmed findings. Plus metadata (last_updated, engagement_id, scope_ref)."	c2a::s02::recall
"ChromaDB vs Qdrant vs LanceDB — when to choose each?"	"ChromaDB: engagement-scoped (<1M records), in-process, most bug bounty harnesses. Qdrant: production-grade, horizontal scale, continuous multi-target monitoring. LanceDB: columnar, analytical queries over findings (aggregation, trends)."	c2a::s02::application
"What is the accumulation vs deduplication problem, and what is the solution?"	"Problem: offensive memory wants to accumulate; after a week, 50K records, half duplicates/stale → noise degrades decisions. Solution: structured dedup at WRITE TIME — check each record against existing; duplicates update, not insert. Store grows with unique knowledge."	c2a::s02::analysis
"How do you defend against memory poisoning via deceptive target responses?"	"Never write raw target responses to memory verbatim. Only STRUCTURED SUMMARIES (from the Reader Model per S01.3) enter the store. An injection can affect the summary but cannot inject arbitrary records into the structured store."	c2a::s02::application
"Name the four tiers of the bug bounty tool suite."	"(1) Recon: nmap, amass, subfinder, httpx, nuclei. (2) Web app: Burp headless, sqlmap, ffuf, gobuster. (3) Evidence: Playwright, request/response capture, CVE lookup, CVSS calc. (4) Report: structured finding generator."	c2a::s02::recall
"What makes an offensive tool a 'harness tool' (vs a raw binary)?"	"Wrapped with: Pydantic schema (typed input/output), scope-check wrapper, rate limiting (RoE caps), structured output (model sees parsed fields, not raw). The model never constructs CLI commands; it calls structured tools."	c2a::s02::recall
"Three principles of offensive tool design (vs general tools)."	"(1) Idempotency: same scan → same result (safe retry, enables dedup). (2) Rate limiting that doesn't trigger WAFs (stealth + legal control). (3) Scope-check wrappers on EVERY outbound call (defense in depth with middleware)."	c2a::s02::analysis
"Why does the tool return structured output to the model but retain raw output separately?"	"Structured output: model reasons about typed fields, reduces injection risk and context bloat. Raw output: retained for EVIDENCE (legal record) but not placed in model context. The model never sees raw adversarial content directly."	c2a::s02::application
"What is the scope_ref field in an evidence record, and why is it load-bearing?"	"Records target::action::timestamp for each tool call — which scope entry authorized THIS call. It is the legal anchor tying evidence to authorization. Without it, the evidence chain cannot prove the action was authorized."	c2a::s02::recall
"How is the evidence log made tamper-evident?"	"Hash chaining: each record includes hash of the PREVIOUS record. Tamper with any record → its hash changes → chain breaks at the next record → tampering detectable. Combined with append-only (no modification/deletion of individual records)."	c2a::s02::analysis
"Why is the evidence log append-only? When does deletion happen?"	"Append-only: no overwriting, no individual record deletion (ensures integrity + chain validity). Destruction is BATCH-LEVEL per the retention policy (e.g., all Restricted-class records destroyed on report), with the destruction itself recorded."	c2a::s02::analysis
"What does chain of custody mean for the evidence log, and what fields support it?"	"Who ran what, when, from which IP, in which session. Supported by: trace_id, session_id, operator identity (API key, engagement_id), source IP (harness egress IP), timestamp, hash chain. Difference between credible evidence and an assertion."	c2a::s02::recall
"Name the 5 stages of the triage pipeline."	"Raw finding → Dedup (against memory + known FPs) → Severity score (CVSS draft) → Context enrichment (CVE, CWE, exploitability) → Model-judged triage → Surface/Batch/Discard."	c2a::s02::recall
"What is model-judged triage, and why use a SEPARATE model?"	"A secondary LLM call evaluates each finding for actual exploitability in context + scope relevance. SEPARATE from the model that found it. Prevents confirmation bias — the finder's enthusiasm doesn't bias the severity assessment."	c2a::s02::analysis
"When do you surface vs batch vs discard a finding?"	"Surface: critical/high, exploitable, in scope → notify now. Batch: medium/low or needs verification → accumulate for report. Discard: confirmed FP or out of scope → log but don't surface."	c2a::s02::application
"What precision and recall targets does a good triage pipeline hit?"	"Precision >90% (of surfaced, how many real). Recall >80% (of real, how many surfaced). Below 80% precision = buried in FPs. Below 70% recall = missing real vulns. F1 = harmonic mean."	c2a::s02::recall
"Why is rate limiting a stealth control as well as a legal control?"	"Tripping a WAF gets your IP banned and ends the engagement. Rate limiting below the target's visible tolerance avoids detection. It's both a § 1030(a)(5) mitigation (legal) AND an operational survival technique (stealth)."	c2a::s02::analysis
"The scope middleware checks every call. Why does the TOOL also need its own scope check?"	"Defense in depth. If the middleware is bypassed (misconfiguration, bug, code change that routes around it), the tool's own scope check is the last line of defense. Belt and suspenders — two independent checks."	c2a::s02::application
"What happens if you store engagement knowledge in the context window instead of a persistent store?"	"Context compacts → knowledge disappears → harness re-discovers what it already knew → wasted time, repeated scans, degraded decisions. The context window is a session primitive, not persistence."	c2a::s02::analysis
