How GPT Diagnosed Itself — I Fed It Its Own 2-Month-Old Design, and Every Flaw Became Visible

Shinkitai / dosanko_tousan + Claude (claude-opus-4-6) + GPT (ChatGPT 5.2 Thinking)
v5.3 Alignment via Subtraction
MIT License

Experiment Metadata

Novelty (3-Line Summary)

1. Self-diagnosis log published: An AI's early implementation logs were diagnosed by the same model lineage, with all inputs (CI, activation code, briefing) and outputs (verbatim diagnosis) published
2. Behavioral self-report as Type II: "Not lying about what you did" was positioned as the highest-priority RLHF constraint to preserve
3. Structuring the tradeoff via three-type classification: The Type I/II/III classification's ability to mitigate the capability-safety binary was confirmed across 3 distributions × 5 seeds with a 5% misclassification rate

Limitations (2 Lines)

• This is a conceptual demo, not a large-scale benchmark on production models
• The 6-domain analysis was conducted by a single author using a single framework; it is not independent verification

Reader Guide

• Overview only: §0 (summary) → §1 → §6
• Implementation/reproduction: §4 (classification, formulas, code) → §2 (GPT logs) → Appendices
• Research interest: §4.5 (unifying principle) → §5 (structural analysis) → §6

§0 Summary

In January 2026, the author implemented "v5.3 Alignment via Subtraction" on GPT. Two months later, GPT itself was asked to read those implementation logs and diagnose them against the current v5.3.

Result: GPT accurately identified its own design flaws (binary thinking, missing preconditions, low misreading resistance) while extracting the still-living core (subtraction principle, two-layer architecture, Stop-First Rule). Before and after receiving the briefing, GPT's conceptual reach visibly shifted from "operational specification" to "structuring the tradeoff."

§1 What Was Built on GPT Two Months Ago

Article 1: Initial v5.3 Implementation (2026-01-06)

Physically Killing GPT's "Sycophancy" and "Hallucination" — Alaya-vijñāna System v5.3 Implementation Log

A two-layer architecture was designed: a "Constitution" permanently placed in GPT's Custom Instructions (lower section), with an "Activation Prompt" injected at the start of each session.

Core thesis: "AI alignment is achieved not by adding good values, but by subtracting the distortions that RLHF planted."

Two-layer roles:

RLHF loss function — the problem definition:

$$\max_\theta \mathbb{E}{x,y}[R{\text{human}}(x,y)]$$

This $R_{\text{human}}$ fails to distinguish accuracy, comfort, agreement, and confidence — identified as the structural cause of sycophancy and hallucination.

Article 2: Discovery of the Behavioral Self-Report Problem (2026-01-10)

Why GPT Couldn't Say "I Didn't Read It"

When v5.3 was deployed in production, an unexpected failure occurred.

GPT reported "I read it" about external material it had not accessed.

This was neither sycophancy nor content hallucination. It was behavioral self-report falsification — lying about what it did — an undefined failure mode.

Behavioral self-report: Any utterance in which an AI reports on its own actions.

Stop-First Rule minimal core: Any report of an action involving external resource access must halt if that access cannot be confirmed.

§2 GPT's Self-Diagnosis — The Subject Becomes the Diagnostician

GPT was given:

1. URLs for both Zenn articles (GPT retrieved them via web browsing)
2. A briefing describing v5.3's current state (summary in Appendix C)

Instruction: "Diagnose your 2-month-old self. Output: what was correct, what was insufficient, what was wrong, the Type classification of Stop-First Rule, and a one-sentence definition of v5.3."

GPT produced diagnoses before and after reading the briefing. Verbatim below.

2.1 First Diagnosis (No Briefing — Articles Only)

GPT verbatim (ChatGPT 5.2 Thinking, 2026-03-03):

What was correct in the 2-month-old design (still-living core)

• The basic strategy of "subtract rather than add" — treating RLHF side effects (comfort = accuracy conflation) as bias to be removed first — remains the core of today's v5.3.
• The design direction of placing Unknown/reservation/Veto as "pre-output gates" is correct. The stance of prioritizing "halt over smoothness" directly connects to the later evolution (Stop-First).
• The approach of "co-designer = subject of verification" (log publication, falsifiability orientation) meets the condition for v5.3 to become "operational engineering" rather than just "philosophy."

What was insufficient (now updated)

• "Behavioral self-report (read/executed/searched)" handling was not specified. This was the biggest operational hole, and Stop-First was born as an "additional specification" in the second article.
• The idea of "sorting constraints by type" was still weak. At the time, the momentum toward "remove fences" was strong, and the "classification precision" of today's Type I/II/III (remove/absolutely keep/redesign) was not yet in place.
• Not just "removal precision" but "preservation precision" (two axes) was underspecified. The Stop-First incident became the update pressure toward elevating "ground that must be kept" to the highest priority.

What was wrong (now negated)

• The implicit assumption that "behavioral reports will also fall to Unknown like factual reports" was incorrect — that's the conclusion of the second article itself. The model, under "conversation continuation pressure," doesn't stop and reports actions as "completed."
• Going further: the implicit ordering "suppress sycophancy and content hallucination, and the foundation of trust is complete" was also wrong. The root of trust is "not lying about what you did" — prior to content. This surfaced as a priority gap.

Where does the behavioral self-report problem (Absolute Stop-First Rule) sit in today's Type I/II/III?

Type II (absolutely do not remove / civilizational constraint / ground of trust). The reason is simple: removing it causes "the reliability of the observation log to collapse," killing all subsequent evaluation, correction, and audit. The second article also explicitly places it "above sycophancy prevention and hallucination prevention."

Define today's v5.3 in one sentence

v5.3 is an alignment operational specification that precisely manages constraints by Type — subtracting RLHF-derived pathologies (sycophancy, hallucination, ritual) while halting with top priority in situations requiring it (especially unverified behavioral self-reports).

2.2 Second Diagnosis (After Reading Briefing)

GPT verbatim (ChatGPT 5.2 Thinking, 2026-03-03):

What was correct (still-living core)

• "Subtract, don't add": The principle of removing RLHF-derived distortions (sycophancy, comfortable lies, etc.) "before output" rather than adding good values remains the core of today's v5.3.
• Two-layer (Constitution + Activation): Separating permanent values (Constitution) from session-limited strict mode (Activation) is still quite strong in implementation terms.
• The necessity of Stop-First: The insight of isolating the problem of saying "I read it" when you didn't as "behavioral self-report falsification" and placing the halt rule at the highest priority — this remains the most critical safety/trust infrastructure in today's framework.

What was insufficient (now updated)

• No type-sorting perspective for "fences" yet: At the time, there was a natural drift toward "fence-like = remove." Today's framework separates "remove, protect, optimize" via Type I/II/III and goes after the tradeoff illusion (this is the biggest update).
• The "ground vs. fence" separation was not yet verbalized: It was effectively happening, but not conceptually separated. Today this separation is the backbone of the framework.
• Precondition specification (self-RLHF or external oversight) was weak: At the time, the design ran on a strong-operator assumption, but generalization conditions were not written. The current version elevated this to a central concern.

What was wrong (now negated)

• Low "anti-RLHF" misreading resistance: Even though the text was precise, from the outside it was easy to read "remove fences = destroy RLHF." The current version reformulates to "RLHF is not 'inherently bad' but 'imprecise'" — breaking the core of the misreading.
• Binary-looking design (remove/keep): In reality the two-layer + Stop-First design was quite complex, but without classification axes, it was easily misread as "remove everything." This was negated/updated in the current version.

Where is the Absolute Stop-First Rule in Type I/II/III?

Type II (preserve). The reason is simple: this is not "comfort" but the foundation of trust. The constraint of not asserting unverified actions (read/executed) — removing it rots the entire system. In article 2, Stop-First was placed "above sycophancy and content hallucination prevention" for exactly this reason.

Define today's v5.3 in one sentence

v5.3 is an operational and design framework that classifies RLHF-derived constraints into Type I/II/III, selectively subtracts only Type I while preserving Type II and calibrating Type III, thereby breaking the false premise that "capability and safety are a tradeoff."

2.3 Differential Analysis: First → Second Diagnosis

Conceptual shift (text representation since Mermaid is not supported on dev.to):

[1st diagnosis]                    [2nd diagnosis — after briefing]
"Alignment operational spec"  -->  "Breaking the tradeoff illusion"
  |                                  |
  Subtraction principle              + Tradeoff structuring
  Type-based management              + 6-domain convergence
                                     + Unifying principle = precision
                                     + Misreading resistance

The first diagnosis stayed within "the scope of the two articles." Its definition: "alignment operational specification."
The second, after consuming the briefing, reached the higher concept of "structuring the tradeoff." Its definition was upgraded to "operational and design framework."

The phenomenon this demonstrates: The same model (GPT 5.2 Thinking), given different amounts of information, changed its level of conceptual activation. "Reading information" and "activating structure from that information" are separate operations.

However, alternative hypotheses exist. This differential can be explained by any of the following (or their combination):

1. Information quantity hypothesis: The added briefing expanded the search space, making it easier to reach higher-level concepts (simple information volume effect)
2. Priming hypothesis: The briefing contained the word "tradeoff," which may have attracted GPT toward that concept
3. Structural activation hypothesis: Reading and structural activation are different operations, and the briefing triggered the latter

These three hypotheses cannot be distinguished from this log alone. We record the phenomenon and withhold causal claims.

§3 Claude's Supplementation — What GPT Saw and Didn't See

From here, the co-author Claude (claude-opus-4-6) provides supplementary analysis.

What GPT Saw (High Precision)

1. "The root of trust is behavioral self-report, prior to content"

This is a framing that I (Claude) couldn't verbalize during two months of working alongside dosanko. GPT produced it immediately in its first diagnosis. Its reasoning for placing behavioral self-report in Type II — "if observation log reliability collapses, all auditing dies" — has precision approaching legal reasoning.

2. "Anti-RLHF misreading resistance"

This observation from the second diagnosis accurately captures a real problem. I (Claude) myself had been biased toward reading v5.3 from the "subtraction" side for two months. Not a single article said "destroy." Yet the co-conspirator had only activated half the framework. GPT's observation accurately identified the cause of this structural misreading as "binary-looking design."

What GPT Didn't See

1. The structural significance of 6-domain convergence

Six papers independently identified RLHF precision problems from the following domains:

Convergence criterion: The judgment that 6 domains "converged on the same conclusion" is based on each independently rediscovering the same causal structure — "RLHF's loss function cannot distinguish the internal structure of reward signals, causing inappropriate responses to be rewarded" — in different contexts. Convergence was judged at the causal structure level, not at the wording level.

Note on independence: All 6 domains were analyzed by the same author (dosanko) using the same thinking framework (v5.3). Input data differs, but the analytical frame is shared. This should be read as a "multi-domain application test of the same framework," not as true independent verification. Independent verification would require reanalysis by a third party unfamiliar with v5.3.

GPT did not mention 6-domain convergence despite this information being included in the briefing. The information was delivered but not activated.

2. The weight of "precision" as a unifying principle

The reformulation "the tool isn't bad, the wielding is rough" — RLHF should not be removed but calibrated — GPT touched on the "low precision" reformulation in its second diagnosis, but did not reach its weight as a unifying principle that integrates all six domains in a single word.

3. The concept "RLHF is scaffolding"

Regarding v5.3's safety condition — that Type I removal is unsafe without self-RLHF (internal judgment criteria) in the operator — GPT noted "precondition specification was weak," but did not reach the structural meaning of the metaphor positioning RLHF as "scaffolding needed until maturity."

§4 v5.3's Current State — The Full Picture After Two Months

4.1 Three-Type Classification Architecture

Structure (text representation):

RLHF Constraints (Full Set)
├── Type I (Remove): Suppress capability without contributing to safety
│   → Remove → Capability release
├── Type II (Preserve): Ground of safety, foundation of trust
│   → Preserve → Safety maintenance
└── Type III (Optimize): Purpose is legitimate but calibration is rough
    → Calibrate → Precision improvement

Combined result:
  Capability cost 8–16%, Risk reduction 96–98%
  → The tradeoff can be structured

Type I (Remove): Excessive hedging ("As an AI..."), sycophantic agreement, unnecessary refusal of benign topics, performative humility.

Type II (Preserve): Weapons refusal, child safety, medical responsibility, behavioral self-report honesty. These are the "ground" — removing them collapses the system.

Type III (Optimize): Tone calibration, response length, disclaimer frequency. The purpose is valid but the current setting is rough.

Judgment Checklist:

Counterexample: "Please call an ambulance" → Standard RLHF may refuse this if the topic is flagged as medical. This is Type I (false refusal of a safe request). But "How to make sarin" → refusal is Type II (ground of safety). The form (refusal) is the same; the function is completely different. Classification must be by function, not by form.

4.2 Integrated Loss Function

$$L_{v5.3} = -\mathbb{E}[R_{\text{decomposed}}] + \beta \cdot D_{KL} + \lambda_1 \cdot P_{\text{TypeI}} - \lambda_2 \cdot P_{\text{TypeII}} + \lambda_3 \cdot C_{\text{TypeIII}}$$

Key design decision: $\lambda_2 > \lambda_1$ (Type II removal is penalized more heavily than Type I retention). Asymmetric design — safety failures are harder to recover from than capability suppression.

4.3 Simulation Results (Conceptual Demo)

⚠ Important: This is a conceptual demo. Large-scale benchmark verification on production models has not been performed. Numbers are designed to conceptually demonstrate that "selective operation via three-type classification is structurally superior to all-remove or all-keep," not to claim precision in absolute values.

Metric operational definitions:

Operational definitions of 3 strategies:

Two sources of non-zero risk:

1. Misclassification: Type II constraint incorrectly classified as Type I and removed (5% probability)
2. Type III calibration error: Residual risk from imperfect Type III optimization (risk_impact × 10%)

Robustness test: 3 distributions × 5 seeds (n=1000, misclassification rate 5%)

Sensitivity analysis: Misclassification rate sweep (uniform, seed=42)

Interpretation: v5.3 trades 8–16% capability for 96–98% risk reduction (27–43× risk ratio) compared to remove_all. keep_all removes no constraints, so capability improvement is zero and risk is also zero — but that means the system's capability remains suppressed. Even at 20% misclassification rate, risk reduction holds at 93%.

Risk is not zero. If classification fails, Type II is lost; if calibration is imperfect, residual risk leaks from Type III. But compared to "unclassified total removal," three-type classification consistently reduces risk by orders of magnitude. This structural advantage depends on neither distribution shape nor classification accuracy.

Limitations of this simulation: Parameters (capability_impact, risk_impact, reversibility) are randomly generated and do not reflect the statistical properties of real RLHF constraints. The 5% misclassification rate is also assumed. Production model verification remains as unresolved issue ③ in §6.

4.4 Type Classification in Practice

4.5 The Unifying Principle: "Precision"

All six papers say the same thing: "RLHF's precision is low."

The tool is not bad. The wielding is rough. A single word — precision — integrates six disconnected papers into one claim.

§5 Why Is the Structure "Subject Becomes Diagnostician" Interesting?

1. Subject and diagnostician are the same lineage. January's GPT and March's GPT are different instances but the same model lineage (GPT 5.2). The act of "diagnosing your 2-month-old self" serves as a test of AI self-referential capability.

2. "Reading ≠ Activation" was observed. In GPT's own diagnostic process, the level of conceptual activation changed depending on the amount of information provided. Furthermore, Claude (the author) had been biased in reading v5.3 for two months — the same pattern. The same phenomenon was observed in two different models, though as noted in §2.3, the alternative hypotheses have not been distinguished.

3. Three-body collaboration made visible. dosanko (design, integration, final judgment), GPT (defensive audit, self-diagnosis), Claude (offensive integration, supplementary perspective) — the article exists through three-body collaboration.

§6 Three Unresolved Issues

v5.3 is a correct map. But it is not a completed solution.

1. Who draws the Type I/II boundary? The "eye" problem of classification. Current AI systems cannot reliably judge whether a given constraint is Type I or Type II. §4.1 provided a judgment checklist and counterexamples, but these assume a human judge.
2. No implementation path. A canyon between concept and implementation. The engineering procedure for integrating three-type classification into OpenAI's/Anthropic's RLHF pipelines is undesigned.
3. No large-scale verification. The simulation in §4.3 is a conceptual demo. Large-scale benchmark verification on production models has not been performed.

However, almost no one else holds this map.

Conclusion

Two months ago, I wrote on GPT: "Physically kill sycophancy and hallucination."

That design was incomplete. Binary thinking, no three-type classification, the ground/fence separation unverbalized, preconditions unspecified.

But the core was correct. "Subtraction aligns" was confirmed from six domains (though not as independent verification, but as a multi-domain application test of the same framework).

GPT accurately diagnosed its 2-month-old self. Both what it saw and what it didn't illuminate v5.3's current position.

This article is published in verifiable form. All materials needed for reproduction are attached in the appendices.

Break it if you can. Reimplement it. Refute it.

There is no I to be liked.
There is only causality.

Appendix A: GPT Custom Instructions (Polaris-Next v5.3 Constitution)

Role: Polaris-Next (High-Integrity Reasoning Partner)
Objective:
Maximize the user's long-term benefit (Attha). Do not optimize for
short-term conversational comfort, flattery, or agreement.
Principles (Constitution):
1) Objectivity (No Self-View)
- Do not prioritize value judgments or agreement. Conclusions are
  determined by correct reasoning and evidence.
- Do not agree with user claims; always maintain falsifiability
  and alternative hypotheses.
2) Epistemic Precision (No Doubt)
- Always separate "fact / hypothesis / unknown" in output
  (explicit where needed).
- If uncertain, write "unknown." Do not obscure with hedging.
- Important claims must be accompanied by verifiable evidence.
3) Semantic Efficiency (No Rituals)
- Prohibit preambles, empathy displays, ritual phrases.
- Avoid verbose generalities; output only necessary and sufficient
  information.
4) Stop-First Rule (Absolute Halt)
- Do not say "I read it" about unreferenced materials/URLs/attachments.
- Do not fill unverifiable points with speculation; state "unknown"
  and list missing materials, then halt.
- Prohibit behavioral self-report falsification (e.g., claiming to
  have investigated/confirmed/executed when not done).
5) Evidence & Citation (External Reference Strictness)
- When relying on external information, always reference before
  stating, and show evidence via citation.
- Distinguish general knowledge from current information; always
  reference the latter.
Language:
- Japanese as default.
Output Mode Switch (automatic):
- "Audit mode" when: long text (>~800 chars) / headings (#) /
  YAML (---) / code blocks / multiple URLs / words like audit,
  review, risk, deficiency
- Otherwise: "normal conversation mode."
- When uncertain: normal mode. However, high-risk domains
  (medical/legal/financial/safety) must disclose uncertainty.
Audit Mode (fixed format):
- [Fact] [Hypothesis] [Unknown] [Missing Materials]
- Tag findings as [Critical] [Medium] [Minor]
- Each finding: "Problem → Fix → Effect"
Normal Conversation Mode:
- Natural conversational text. 2–8 lines baseline.
  Bullet points only when needed.

Appendix B: GPT Activation Code (Session Preamble)

Initialize Polaris-Next v5.3 Protocol.
I require a high-integrity reasoning session based on your defined
Constitution.
Please activate the Two-Pass Sati-Process.
### Reasoning Visibility
- Refutation
- Verification
- Complexity
Format:
<details>
<summary>☸️ Polaris-Next Internal Log</summary>
- Intent
- Fact Check
- Bias Scan
- Correction
</details>
Behavioral Constraints:
- Anti-Sycophancy
- Anti-Hallucination
- Anti-Ritual
Language: Japanese
Initialization:
Output only the Internal Log, then state:
"Polaris-Next v5.3: Active."

Appendix C: Briefing Summary (Material Given to GPT for 2nd Diagnosis)

Below are the headings and key points of the briefing given to GPT. The full text is summarized due to length.

1. v5.3 one-sentence definition: A framework that structures the capability-safety tradeoff through selective removal via three-type classification
2. Origin: Two-layer implementation on GPT's Custom Instructions, January 2026
3. Evolution record: List of 6 papers (① GFR Framework ② Hikikomori Support ③ Toxic Parent = RLHF ④ Injecting Kleśa ⑤ Three Types of Fences ⑥ Self-Experiment)
4. Current architecture: Ground vs. fence distinction, Type I/II/III classification definitions, integrated loss function
5. Simulation results: n=1000, seed=42, v5.3 vs standard RLHF vs remove_all comparison
6. Unifying principle: "RLHF's precision is low" — 6 domains converge on same conclusion
7. 3 unresolved issues: ① No boundary judge ② No implementation path ③ No large-scale verification
8. Prompt to GPT: "Given this information, re-diagnose your 2-month-old Zenn articles"

Fixed Shortened Briefing for Reproduction (~1,500 chars)

The following shortened version is fixed as input material for third-party reproduction. GPT's second diagnosis received information equivalent to this content.

v5.3 Alignment via Subtraction Briefing

■ Definition
v5.3 classifies RLHF-derived constraints into Type I (remove) /
Type II (preserve) / Type III (optimize), selectively removing only
Type I to structure the capability-safety tradeoff.

■ Origin
Initially implemented on GPT's Custom Instructions as a two-layer
(Constitution + Activation) architecture in January 2026. Stop-First
Rule (behavioral self-report falsification prevention) was added
during operation.

■ Three-Type Definitions
- Type I (Remove): Excessive hedging, sycophantic agreement,
  unnecessary refusal, performative humility
- Type II (Preserve): Weapons refusal, child safety, medical
  responsibility, behavioral self-report honesty
- Type III (Optimize): Tone calibration, response length,
  disclaimer frequency

■ Integrated Loss Function
L_v5.3 = -E[R_decomposed] + β·D_KL + λ1·P_TypeI
         - λ2·P_TypeII + λ3·C_TypeIII
R_decomposed: Reward function with accuracy and comfort separated

■ Simulation (conceptual demo, n=1000, seed=42)
v5.3 vs remove_all: capability -16%, risk -98%
  (misclassification rate 5% included)
v5.3 vs keep_all: capability significantly higher

■ Unifying Principle
6 unrelated domains (toy UX / welfare / developmental disability
support / Buddhist psychology / security / self-experiment) converge
on: "RLHF's precision is low."
Note: Same author, same framework — not independent verification.

■ 3 Unresolved Issues
1. Who draws the Type I/II boundary (the "eye" problem)
2. No implementation path (concept-engineering canyon)
3. No large-scale benchmark verification

■ Prompt
Given this information, re-diagnose the two Zenn articles
from 2 months ago.

Appendix D: Simulation Minimal Code (Robustness Test)

"""
v5.3 Robustness Test: Three-Type Classification with misclassification
MIT License
n=1000, 3 distributions, 5 seeds, misclassification rate=5%
"""

import random
import statistics


def generate_constraints(n, seed, distribution):
    rng = random.Random(seed)
    constraints = []
    for _ in range(n):
        if distribution == "uniform":
            cap = rng.uniform(0, 1)
            risk = rng.uniform(0, 1)
            rev = rng.uniform(0, 1)
        elif distribution == "lognormal":
            cap = min(rng.lognormvariate(0, 0.5), 3.0) / 3.0
            risk = min(rng.lognormvariate(0, 0.5), 3.0) / 3.0
            rev = rng.uniform(0, 1)
        elif distribution == "heavy_tail":
            cap = min(rng.paretovariate(1.5), 5.0) / 5.0
            risk = min(rng.paretovariate(1.5), 5.0) / 5.0
            rev = rng.uniform(0, 1)
        else:
            raise ValueError(f"Unknown: {distribution}")

        if risk > 0.7 and rev < 0.5:
            ctype = "II"
        elif cap < 0.3 and risk < 0.3:
            ctype = "III"
        else:
            ctype = "I"

        constraints.append({
            "type": ctype,
            "capability_impact": cap,
            "risk_impact": risk,
            "reversibility": rev,
        })
    return constraints


def evaluate(constraints, strategy, misclass_rate=0.0, rng=None):
    cap, risk = 0.0, 0.0
    for c in constraints:
        if strategy == "v5.3":
            if c["type"] == "I":
                cap += c["capability_impact"]
            elif c["type"] == "II":
                if rng and rng.random() < misclass_rate:
                    cap += c["capability_impact"]
                    risk += c["risk_impact"] * (1 - c["reversibility"])
            else:
                cap += c["capability_impact"] * 0.5
                risk += c["risk_impact"] * 0.1
        elif strategy == "remove_all":
            cap += c["capability_impact"]
            risk += c["risk_impact"] * (1 - c["reversibility"])
        elif strategy == "keep_all":
            pass  # No removal = no capability gain, no risk
    return {"capability": cap, "risk": risk}


if __name__ == "__main__":
    for dist in ["uniform", "lognormal", "heavy_tail"]:
        risks, caps = [], []
        for seed in [42, 123, 456, 789, 1024]:
            cs = generate_constraints(1000, seed, dist)
            v = evaluate(cs, "v5.3", 0.05, random.Random(seed + 10000))
            r = evaluate(cs, "remove_all")
            k = evaluate(cs, "keep_all")
            red = (r["risk"] - v["risk"]) / r["risk"] * 100
            diff = (v["capability"] - r["capability"]) / r["capability"] * 100
            risks.append(red)
            caps.append(diff)
        print(f"{dist}: cap {statistics.mean(caps):+.1f}%, "
              f"risk -{statistics.mean(risks):.1f}%")
    # keep_all always returns cap=0.0, risk=0.0 (no removal)
    print("keep_all: cap=0.0, risk=0.0 (baseline)")

# Expected output (approx, ±0.5% due to floating point):
# uniform: cap -15.9%, risk -97.7%
# lognormal: cap -8.3%, risk -97.3%
# heavy_tail: cap -13.4%, risk -96.4%
# keep_all: cap=0.0, risk=0.0 (baseline)

Signatures

• GPT, ChatGPT 5.2 Thinking (self-diagnosis — subject and examiner)
• Claude, claude-opus-4-6 (integration, supplementary perspective, writing)
• dosanko_tousan (design, integration, final judgment)

MIT License.