quantumpipes
diff --git a/‎src/qp_vault/cli/main.py‎
Lines changed: 18 additions & 14 deletions b/‎src/qp_vault/cli/main.py‎
Lines changed: 18 additions & 14 deletions
diff --git a/‎src/qp_vault/core/search_engine.py‎
Lines changed: 43 additions & 7 deletions b/‎src/qp_vault/core/search_engine.py‎
Lines changed: 43 additions & 7 deletions
diff --git a/‎src/qp_vault/integrations/fastapi_routes.py‎
Lines changed: 15 additions & 15 deletions b/‎src/qp_vault/integrations/fastapi_routes.py‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎src/qp_vault/vault.py‎
Lines changed: 16 additions & 10 deletions b/‎src/qp_vault/vault.py‎
Lines changed: 16 additions & 10 deletions
@@ -226,28 +226,32 @@ def verify(
     vault = _get_vault(path)
 
     if resource_id:
-        result = vault.verify(resource_id)
-        if result.passed:
+        from qp_vault.models import VerificationResult
+        r = vault.verify(resource_id)
+        assert isinstance(r, VerificationResult)
+        if r.passed:
             console.print(f"[green]PASS[/green]  {resource_id}")
-            console.print(f"  Hash: {result.stored_hash}")
-            console.print(f"  Chunks verified: {result.chunk_count}")
+            console.print(f"  Hash: {r.stored_hash}")
+            console.print(f"  Chunks verified: {r.chunk_count}")
         else:
             console.print(f"[red]FAIL[/red]  {resource_id}")
-            console.print(f"  Stored:   {result.stored_hash}")
-            console.print(f"  Computed: {result.computed_hash}")
-            if result.failed_chunks:
-                console.print(f"  Failed chunks: {len(result.failed_chunks)}")
+            console.print(f"  Stored:   {r.stored_hash}")
+            console.print(f"  Computed: {r.computed_hash}")
+            if r.failed_chunks:
+                console.print(f"  Failed chunks: {len(r.failed_chunks)}")
             raise typer.Exit(1)
     else:
-        result = vault.verify()
-        if result.passed:
+        from qp_vault.models import VaultVerificationResult
+        vr = vault.verify()
+        assert isinstance(vr, VaultVerificationResult)
+        if vr.passed:
             console.print("[green]PASS[/green]  Vault integrity verified")
-            console.print(f"  Resources: {result.resource_count}")
-            console.print(f"  Merkle root: {result.merkle_root}")
-            console.print(f"  Duration: {result.duration_ms}ms")
+            console.print(f"  Resources: {vr.resource_count}")
+            console.print(f"  Merkle root: {vr.merkle_root}")
+            console.print(f"  Duration: {vr.duration_ms}ms")
         else:
             console.print("[red]FAIL[/red]  Vault integrity check failed")
-            console.print(f"  Failed: {len(result.failed_resources)} resources")
+            console.print(f"  Failed: {len(vr.failed_resources)} resources")
             raise typer.Exit(1)
 
 
 
@@ -15,20 +15,34 @@
 from datetime import UTC, datetime
 from typing import TYPE_CHECKING
 
-from qp_vault.enums import TrustTier
+from qp_vault.enums import AdversarialStatus, ResourceStatus, TrustTier
 
 if TYPE_CHECKING:
     from qp_vault.config import VaultConfig
     from qp_vault.models import SearchResult
 
-# Default trust weights
+# Default trust weights (organizational dimension)
 TRUST_WEIGHTS: dict[str, float] = {
     TrustTier.CANONICAL.value: 1.5,
     TrustTier.WORKING.value: 1.0,
     TrustTier.EPHEMERAL.value: 0.7,
     TrustTier.ARCHIVED.value: 0.25,
 }
 
+# Adversarial verification multipliers (security dimension)
+# Effective RAG weight = trust_weight * adversarial_multiplier
+ADVERSARIAL_MULTIPLIERS: dict[str, float] = {
+    AdversarialStatus.VERIFIED.value: 1.0,
+    AdversarialStatus.UNVERIFIED.value: 0.7,
+    AdversarialStatus.SUSPICIOUS.value: 0.3,
+}
+
+# Statuses excluded from search results by default
+EXCLUDED_STATUSES: set[str] = {
+    ResourceStatus.QUARANTINED.value,
+    ResourceStatus.DELETED.value,
+}
+
 # Default freshness half-life in days
 FRESHNESS_HALF_LIFE: dict[str, int] = {
     TrustTier.CANONICAL.value: 365,
@@ -44,6 +58,23 @@ def compute_trust_weight(trust_tier: str, config: VaultConfig | None = None) ->
     return weights.get(trust_tier, 1.0)
 
 
+def compute_adversarial_multiplier(adversarial_status: str) -> float:
+    """Get adversarial verification multiplier.
+
+    Returns the security-dimension weight for a given adversarial status.
+    Effective RAG weight = trust_weight * adversarial_multiplier.
+    """
+    return ADVERSARIAL_MULTIPLIERS.get(adversarial_status, 0.7)
+
+
+def is_searchable(status: str) -> bool:
+    """Check if a resource with the given status should appear in search results.
+
+    QUARANTINED and DELETED resources are excluded by default.
+    """
+    return status not in EXCLUDED_STATUSES
+
+
 def compute_freshness(
     updated_at: datetime | str | None,
     trust_tier: str,
@@ -88,18 +119,23 @@ def apply_trust_weighting(
     for result in results:
         tier = result.trust_tier.value if hasattr(result.trust_tier, "value") else str(result.trust_tier)
         tw = compute_trust_weight(tier, config)
+
+        # CIS 2D trust: multiply by adversarial verification status
+        adv_status = getattr(result, "adversarial_status", None)
+        adv_str = adv_status.value if hasattr(adv_status, "value") else str(adv_status or "unverified")
+        adv_mult = compute_adversarial_multiplier(adv_str)
+
         # Freshness: we don't have updated_at on SearchResult, use 1.0 for now
-        # (will be enhanced when we add resource timestamps to search results)
         freshness = 1.0
 
-        # Composite score
-        raw = result.relevance  # Already computed by storage backend
-        composite = raw * tw * freshness
+        # Composite score: raw * organizational_trust * adversarial_verification * freshness
+        raw = result.relevance
+        composite = raw * tw * adv_mult * freshness
 
         weighted.append(
             result.model_copy(
                 update={
-                    "trust_weight": tw,
+                    "trust_weight": tw * adv_mult,
                     "freshness": freshness,
                     "relevance": composite,
                 }
 
@@ -117,7 +117,7 @@ def _handle_error(e: Exception) -> HTTPException:
         return HTTPException(status_code=500, detail="Internal server error")
 
     @router.post("/resources")
-    async def add_resource(req: AddResourceRequest) -> dict:
+    async def add_resource(req: AddResourceRequest) -> dict[str, Any]:
         resource = await vault.add(
             req.content,
             name=req.name,
@@ -139,7 +139,7 @@ async def list_resources(
         status: str | None = None,
         limit: int = 50,
         offset: int = 0,
-    ) -> dict:
+    ) -> dict[str, Any]:
         resources = await vault.list(
             trust=trust,
             layer=layer,
@@ -151,15 +151,15 @@ async def list_resources(
         return {"data": [r.model_dump() for r in resources], "meta": {"count": len(resources)}}
 
     @router.get("/resources/{resource_id}")
-    async def get_resource(resource_id: str) -> dict:
+    async def get_resource(resource_id: str) -> dict[str, Any]:
         try:
             resource = await vault.get(resource_id)
         except Exception as e:
             raise _handle_error(e) from e
         return {"data": resource.model_dump(), "meta": {}}
 
     @router.put("/resources/{resource_id}")
-    async def update_resource(resource_id: str, req: UpdateResourceRequest) -> dict:
+    async def update_resource(resource_id: str, req: UpdateResourceRequest) -> dict[str, Any]:
         try:
             resource = await vault.update(
                 resource_id,
@@ -174,49 +174,49 @@ async def update_resource(resource_id: str, req: UpdateResourceRequest) -> dict:
         return {"data": resource.model_dump(), "meta": {}}
 
     @router.delete("/resources/{resource_id}")
-    async def delete_resource(resource_id: str, hard: bool = False) -> dict:
+    async def delete_resource(resource_id: str, hard: bool = False) -> dict[str, Any]:
         try:
             await vault.delete(resource_id, hard=hard)
         except Exception as e:
             raise _handle_error(e) from e
         return {"data": {"deleted": True}, "meta": {}}
 
     @router.post("/resources/{resource_id}/transition")
-    async def transition_resource(resource_id: str, req: TransitionRequest) -> dict:
+    async def transition_resource(resource_id: str, req: TransitionRequest) -> dict[str, Any]:
         try:
             resource = await vault.transition(resource_id, req.target, reason=req.reason)
         except Exception as e:
             raise _handle_error(e) from e
         return {"data": resource.model_dump(), "meta": {}}
 
     @router.post("/resources/{resource_id}/supersede")
-    async def supersede_resource(resource_id: str, req: SupersedeRequest) -> dict:
+    async def supersede_resource(resource_id: str, req: SupersedeRequest) -> dict[str, Any]:
         try:
             old, new = await vault.supersede(resource_id, req.new_id)
         except Exception as e:
             raise _handle_error(e) from e
         return {"data": {"old": old.model_dump(), "new": new.model_dump()}, "meta": {}}
 
     @router.get("/resources/{resource_id}/verify")
-    async def verify_resource(resource_id: str) -> dict:
+    async def verify_resource(resource_id: str) -> dict[str, Any]:
         result = await vault.verify(resource_id)
         return {"data": result.model_dump(), "meta": {}}
 
     @router.get("/resources/{resource_id}/proof")
-    async def export_proof(resource_id: str) -> dict:
+    async def export_proof(resource_id: str) -> dict[str, Any]:
         try:
             proof = await vault.export_proof(resource_id)
         except Exception as e:
             raise _handle_error(e) from e
         return {"data": proof.model_dump(), "meta": {}}
 
     @router.get("/resources/{resource_id}/chain")
-    async def get_chain(resource_id: str) -> dict:
+    async def get_chain(resource_id: str) -> dict[str, Any]:
         chain = await vault.chain(resource_id)
         return {"data": [r.model_dump() for r in chain], "meta": {"length": len(chain)}}
 
     @router.post("/search")
-    async def search(req: SearchRequest) -> dict:
+    async def search(req: SearchRequest) -> dict[str, Any]:
         as_of = date.fromisoformat(req.as_of) if req.as_of else None
         results = await vault.search(
             req.query,
@@ -233,22 +233,22 @@ async def search(req: SearchRequest) -> dict:
         }
 
     @router.get("/verify")
-    async def verify_all() -> dict:
+    async def verify_all() -> dict[str, Any]:
         result = await vault.verify()
         return {"data": result.model_dump(), "meta": {}}
 
     @router.get("/health")
-    async def health() -> dict:
+    async def health() -> dict[str, Any]:
         score = await vault.health()
         return {"data": score.model_dump(), "meta": {}}
 
     @router.get("/status")
-    async def status() -> dict:
+    async def status() -> dict[str, Any]:
         s = await vault.status()
         return {"data": s, "meta": {}}
 
     @router.get("/expiring")
-    async def expiring(days: int = 90) -> dict:
+    async def expiring(days: int = 90) -> dict[str, Any]:
         resources = await vault.expiring(days=days)
         return {"data": [r.model_dump() for r in resources], "meta": {"days": days}}
 
 
@@ -24,6 +24,8 @@
 )
 from qp_vault.exceptions import VaultError
 from qp_vault.models import (
+    HealthScore,
+    MerkleProof,
     Resource,
     SearchResult,
     VaultVerificationResult,
@@ -43,7 +45,6 @@
     from datetime import date
 
     from qp_vault.core.layer_manager import LayerView
-    from qp_vault.models import HealthScore, MerkleProof
 
 # --- Input Sanitization ---
 
@@ -763,29 +764,34 @@ def chain(self, resource_id: str) -> list[Resource]:
         """Get supersession chain."""
         return _run_async(self._async.chain(resource_id))
 
-    def export_proof(self, resource_id: str) -> Any:
+    def export_proof(self, resource_id: str) -> MerkleProof:
         """Export Merkle proof for auditors."""
-        return _run_async(self._async.export_proof(resource_id))
+        result: MerkleProof = _run_async(self._async.export_proof(resource_id))
+        return result
 
     def search(self, query: str, **kwargs: Any) -> list[SearchResult]:
         """Trust-weighted hybrid search."""
-        return _run_async(self._async.search(query, **kwargs))
+        result: list[SearchResult] = _run_async(self._async.search(query, **kwargs))
+        return result
 
     def verify(self, resource_id: str | None = None) -> VerificationResult | VaultVerificationResult:
         """Verify integrity."""
-        return _run_async(self._async.verify(resource_id))
+        result: VerificationResult | VaultVerificationResult = _run_async(self._async.verify(resource_id))
+        return result
 
-    def layer(self, name: MemoryLayer | str) -> Any:
+    def layer(self, name: MemoryLayer | str) -> LayerView:  # type: ignore[return-value]
         """Get a scoped view of a memory layer."""
-        return self._async.layer(name)
+        return self._async.layer(name)  # type: ignore[return-value]
 
-    def health(self) -> Any:
+    def health(self) -> HealthScore:
         """Compute vault health score."""
-        return _run_async(self._async.health())
+        result: HealthScore = _run_async(self._async.health())
+        return result
 
     def status(self) -> dict[str, Any]:
         """Get vault status."""
-        return _run_async(self._async.status())
+        result: dict[str, Any] = _run_async(self._async.status())
+        return result
 
     def register_embedder(self, embedder: EmbeddingProvider) -> None:
         """Register a custom embedding provider."""