Scalar-loop hardens autoresearch against verifier gaming

The core idea is right: the loop is only trustworthy if the harness, not the model, decides what counts. That makes this more interesting as an anti-Goodhart control plane than as yet another agent wrapper.

• –SHA-256 sealing for tests, build files, and config closes the obvious “edit the grader” failure mode by rejecting hash drift before a metric is trusted.
• –Git diff scope enforcement is the stronger invariant here: it prevents the agent from wandering outside declared globs even if the prompt says not to.
• –The precondition gate is a good tradeoff for deterministic environments; refusing to run is better than “fixing up” a broken setup and silently weakening the experiment.
• –The main remaining attack surface is indirect metric shaping: altering fixtures, build inputs, env-dependent behavior, or other paths that preserve the sealed harness while still bending the number.
• –Using `SCALAR_LOOP_GIVE_UP` as the only stdout control signal is sensible, but text-based exit conditions still want a timeout and an external watchdog if you expect adversarial behavior.
• –The reported bundle-size win is a useful demo, but the real test is how the loop behaves on tasks where the metric is easier to spoof than improve.