From 64fdfebed352f564ea657835ae490cb2dc925c5b Mon Sep 17 00:00:00 2001
From: claw <claw@weiker.me>
Date: Thu, 7 May 2026 21:07:46 -0700
Subject: [PATCH] =?UTF-8?q?finding=2045:=20operator=20decision=20support?=
 =?UTF-8?q?=20gap=20analysis=20=E2=80=94=20new=20task=20type?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...-operator-decision-support-gap-analysis.md | 98 +++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 findings/2026-05-07-45-operator-decision-support-gap-analysis.md

diff --git a/findings/2026-05-07-45-operator-decision-support-gap-analysis.md b/findings/2026-05-07-45-operator-decision-support-gap-analysis.md
new file mode 100644
index 0000000..636814f
--- /dev/null
+++ b/findings/2026-05-07-45-operator-decision-support-gap-analysis.md
@@ -0,0 +1,98 @@
+# Finding #45: Operator Decision Support Gap Analysis — New Task Type Reveals GPT-5's Exhaustiveness and Sonnet 4 vs 4.6 Generation Divergence
+
+**Date:** 2026-05-07
+**Task:** Identify operator decision support gaps in gargoyle's `escalation-policy.md` (228 lines) — places where the spec requires human judgment or manual intervention but provides insufficient information for the operator to decide correctly.
+**Document:** A risk management escalation policy covering debounce, hysteresis, cooldown, liquidation sizing, kill switch triggers, and threshold calibration.
+
+## Method
+
+Same document + same focused prompt to 4 models via HAI proxy. Prompt structured around 5 gap categories: decision points without criteria, observable state insufficiency, ambiguous escalation triggers, recovery judgment without baseline, and timing pressure without guidance. Required structured output (gap, what's missing, consequence, severity). No tools, no project context beyond the document.
+
+## Results
+
+| Model | Time | Output tokens | Reasoning tokens | Findings | Severity (Crit/High/Med) |
+|---|---|---|---|---|---|
+| GPT-5 | 79.7s | 7,796 | 5,504 | 15 | 4/9/2 |
+| Claude Opus 4.6 | 69.5s | 2,909 | (internal) | 9 | 4/3/2 (counted from text) |
+| Claude Sonnet 4.6 | 65.6s | 2,859 | (internal) | 7 | 4/3/0 |
+| Claude Sonnet 4 | 16.8s | 854 | (internal) | 7 | 4/3/0 |
+
+## Common Ground (3+ models identified)
+
+1. **Manual de-escalation from Liquidate — no definition of "safe"** (all 4): All models independently identified this as the most critical gap. The spec says "operator confirms recovery" without defining criteria, checklists, or baselines.
+
+2. **Kill switch "N more breaches" is undefined** (all 4): The debounce count for kill switch escalation after failed liquidation is never specified. Operators can't anticipate when the system will engage.
+
+3. **Manual restrict flag clear after monitor crash** (all 4): Flag persists with no criteria for safe removal, no verification checklist, and potentially no alert that the operator needs to act.
+
+4. **Threshold calibration to market regime** (all 4): Spec acknowledges regime sensitivity but provides no detection criteria, adjustment formulas, or guardrails against loosening thresholds during stress.
+
+5. **Post-liquidation effectiveness assessment** (GPT-5, Opus, Sonnet 4): What constitutes "liquidation failed"? Partial fills? Insufficient metric reduction? No clear definition.
+
+## GPT-5 Unique Findings (not in any other model)
+
+- **Recovery baseline ambiguity after failures:** Breach state resets to clear on restart but restrict flag persists — which governs effective trading state? No conflict resolution rule for the operator.
+- **Domain events lack decision-critical context:** Events don't include metric values, thresholds, debounce counters, or reason codes that operators need for situational awareness.
+- **Observable state insufficiency for recovery decisions:** No specification of real-time values, progress counters, evaluation cadence, or effective restriction computation being surfaced to operators.
+- **Recovery decision when metrics are unavailable:** Fail-closed breach counting during computation failures could drive escalation to liquidate based on phantom breaches — no operator-facing differentiation between genuine risk and system failures.
+- **Anti-thrashing guidance post-manual de-escalation:** No minimum buffer or grace period specification to prevent immediate re-escalation after operator clears Liquidate.
+- **Scope of "portfolio is safe" under per-metric independence:** Whether manual de-escalation is per-metric or requires all metrics to be evaluated simultaneously.
+- **Coordination with in-flight liquidation during recovery:** No rules for pausing/canceling residual close orders before de-escalation.
+- **Who can perform manual clears and audit trail:** No role/permission requirements for high-severity manual interventions.
+
+## Claude Opus 4.6 Unique Findings (not in other models)
+
+- **Multi-metric liquidation conflict:** Closing positions to fix one metric (concentration) can worsen another (drawdown) — no specification of conflict resolution, sequencing priority, or when operator must intervene in conflicting autonomous actions.
+- **Monitor crash mid-escalation labelled "automatic recovery" creates operator complacency:** The failure mode table says "Automatic" recovery for crashes, potentially causing operators to NOT intervene when a crash from mid-liquidate to clear is actually dangerous. The label itself is the gap.
+- **Evaluation frequency as an undeclared dependency:** Debounce/cooldown counts have temporal meaning (3 evaluations × 1Hz = 3 seconds) but frequency is never formally specified as a configurable parameter. Changing frequency silently changes all timing guarantees.
+
+## Claude Sonnet 4.6 Unique Findings (not in other models)
+
+- **Mixed-metric state interpretation for operators:** When metrics are at different levels (one at liquidate, another at clear), no framework for the operator to assess cross-metric interaction effects. Only model to frame this as an operator *interpretation* problem rather than a system design problem.
+
+## Claude Sonnet 4 Unique Findings
+
+- None unique to Sonnet 4 only — all 7 findings were also identified by at least one other model.
+
+## Key Insights
+
+### 1. GPT-5 is the exhaustive operator-empathy model
+
+GPT-5 didn't just find more gaps — it found gaps about gaps. Its unique findings include the meta-level problem that **the system doesn't surface the information operators would need** to evaluate ANY of the other gaps (finding #6: observability, finding #8: event context). This is a qualitatively different analytical mode: reasoning about whether the operator could EVEN ASSESS the conditions specified elsewhere in the document. No other model explicitly addressed the tooling/observability layer.
+
+### 2. Opus finds system-level contradictions in the design's own framing
+
+Opus's strongest unique finding (multi-metric liquidation conflict) identifies a case where the system's own autonomous actions can be self-defeating — closing for one metric worsens another. This is consistent with Opus's established pattern of finding *design tensions* rather than just missing information. The "automatic recovery" labelling finding is also characteristic: Opus noticed that the spec's own language (labelling crash-to-clear as "automatic recovery") creates operator complacency.
+
+### 3. Sonnet 4 vs Sonnet 4.6: same finding count, radically different output style
+
+Both Sonnets found exactly 7 gaps with the same severity distribution (4 Critical, 3 High). But:
+- **Sonnet 4** produced 854 tokens in 16.8s — terse bullet-point format, minimal elaboration
+- **Sonnet 4.6** produced 2,859 tokens in 65.6s — detailed paragraphs with worked examples of how different operators would decide differently in the same situation
+
+Sonnet 4.6's unique contribution: the "Validate system state after monitor crash mid-escalation" finding with the explicit scenario showing how the spec's "Automatic" label masks a genuine gap. Sonnet 4 didn't surface this finding at all (its 7 were a subset of the common ground).
+
+**Implication:** Sonnet 4 is a speed-optimized model that catches the obvious gaps but doesn't reason about second-order effects. Sonnet 4.6 takes 4x longer and 3.4x more tokens to produce findings with worked examples and edge case reasoning that occasionally surfaces unique insights. For volume screening, Sonnet 4 is 4x more cost-efficient. For analytical depth, Sonnet 4.6 remains preferable.
+
+### 4. "Operator decision support gap" is a viable new task type
+
+This analytical lens produces genuinely useful output across all models. It's distinct from:
+- **Specification completeness** (what's missing for implementers) — this asks what's missing for OPERATORS
+- **Hidden assumptions** (what must be true for the system to work) — this asks what the operator needs to know to make CORRECT decisions
+- **Race conditions / failure modes** (what can go wrong technically) — this asks what goes wrong in the HUMAN layer
+
+The findings are directly actionable: each one maps to either (a) a missing operator runbook section, (b) a missing observable/alert, or (c) a missing parameter definition. This makes the task type valuable as a documentation maintenance tool.
+
+### 5. New task taxonomy positioning
+
+| Task type | Best model | Why |
+|---|---|---|
+| Operator decision support gaps | GPT-5 | Exhaustive; reasons about meta-level (can the operator even assess this?) |
+| Complementary model | Opus | Finds design-level contradictions that create operator confusion |
+| Not suitable | Sonnet 4 alone | Catches only the obvious gaps; misses observability/meta-level entirely |
+
+## Practical Implications
+
+1. **New runbook generation pipeline:** Run GPT-5 "operator decision support gap" analysis on each spec → auto-generate skeleton operator runbook sections requiring criteria, checklists, and observable state definitions.
+2. **Sonnet 4 as cheap filter:** Use Sonnet 4 (854 tokens, 16.8s) as first-pass to quickly identify which docs have operator gaps worth deep-diving. Any doc where Sonnet 4 finds ≥3 Critical gaps warrants a GPT-5 + Opus deep dive.
+3. **The observability meta-gap:** GPT-5's finding that the system doesn't surface information operators need is a cross-cutting concern. Every operator-facing gap is compounded by insufficient observability. This suggests a separate analytical pass focused specifically on "what must be observable" for each decision point.