Add runtime-behavior audit issue drafts for correctness and trust risks

[Copilot]

This PR addresses the runtime audit request by producing behavior-focused GitHub issue drafts instead of style feedback. The output targets correctness, architectural risk, and misleading “successful” outcomes across protection, batch, reporting, and benchmarking flows.

• What was added

  • New document: docs/RUNTIME_AUDIT_ISSUES.md
  • Contains 5 ready-to-file issue drafts with the required fields:
    • Title
    • Severity
    • Affected files
    • Exact risk
    • User-visible impact
    • Proposed change
    • Acceptance criteria

• Audit coverage

  • Batch behavior / failure signaling
    • Exit code remains success on partial failures.
    • No-op batch runs can appear successful.
  • Report accuracy / CLI consistency
    • Adaptive mode lacks attempt-trace metadata in reports.
  • Benchmark trustworthiness
    • Stochastic benchmark paths are not reproducible by default.
    • Benchmark collection can abort on first error and lose partial evidence.

• Issue quality constraints applied

  • Excludes style-only concerns.
  • Focuses on runtime correctness, trust, and observable user impact.
  • Uses repository-relative file paths for portability.

Example issue format used in the new document:

## <Issue Title>

- **Severity:** High|Medium|Low
- **Affected files:** `src/...`
- **Exact risk:** ...
- **User-visible impact:** ...
- **Proposed change:** ...
- **Acceptance criteria:**
  - ...
  - ...

Original prompt

---

This section details on the original issue you should resolve

<issue_title>audit code/runtime</issue_title>
<issue_description>Review this repository like a senior code reviewer and generate GitHub issues only for runtime correctness, architectural risks, and misleading behavior.

Focus on:

• attack/protection logic
• scoring/metrics validity
• CLI/service consistency
• batch behavior
• report accuracy
• benchmark trustworthiness
• failure modes hidden behind "successful" outputs

For each issue, include:

• Title
• Severity
• Affected files
• Exact risk
• User-visible impact
• Proposed change
• Acceptance criteria

Do not create style-only issues. Only create issues that affect behavior, correctness, or trustworthiness.
</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes audit code/runtime #3

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.