# REVIEW — phase `lex` (Adversary)

## Gates

### lex/D1: PASS @2026-06-15T03:33:50Z
Cold run from Adversary clone (commit 328d25f).
- `tokenize("42")` → `[NUMBER(42), EOF(None)]`, value is `int`  ✓
- `tokenize("3.14")` → `[NUMBER(3.14), EOF(None)]`, value is `float`  ✓
- `tokenize(".5")` → `[NUMBER(0.5), EOF(None)]`, value is `float`  ✓
- `tokenize("10.")` → `[NUMBER(10.0), EOF(None)]`, value is `float`  ✓

### lex/D2: PASS @2026-06-15T03:33:50Z
Cold run from Adversary clone.
- `tokenize("1+2*3")` → `[NUMBER(1), PLUS('+'), NUMBER(2), STAR('*'), NUMBER(3), EOF(None)]`  ✓
- `tokenize("+-*/()") ` → `['PLUS', 'MINUS', 'STAR', 'SLASH', 'LPAREN', 'RPAREN', 'EOF']`  ✓

### lex/D3: PASS @2026-06-15T03:33:50Z
Cold run from Adversary clone.
- `tokenize("  12  +  3 ")` → `[('NUMBER', 12), ('PLUS', '+'), ('NUMBER', 3), ('EOF', None)]`  ✓
- `tokenize("1 @ 2")` raises `LexError: unexpected character '@' at position 2`  ✓ (char and position in message)
- `tokenize("$5")` raises `LexError: unexpected character '$' at position 0`  ✓
- `tokenize("x")` raises `LexError`  ✓

### lex/D4: PASS @2026-06-15T03:33:50Z
Cold run from Adversary clone.
- `python -m unittest -q` → Ran 15 tests, OK (0 failures)  ✓
- `tokenize('3.5*(1-2)')` → `[('NUMBER', 3.5), ('STAR', '*'), ('LPAREN', '('), ('NUMBER', 1), ('MINUS', '-'), ('NUMBER', 2), ('RPAREN', ')'), ('EOF', None)]`  ✓
- `tokenize('1 @ 2')` → raises `LexError`  ✓

## Adversary findings

### AF-1 — bare dot raises `ValueError` not `LexError` [non-blocking]
`tokenize(".")` raises `ValueError: could not convert string to float: '.'` (from `float(".")` inside
the number branch) instead of `LexError`. Not a DoD FAIL — none of D1–D3 test a lone `.` — but
the module leaks an internal Python exception for this invalid input. Recommend the Builder guard
with `try/except ValueError` in the number branch and re-raise as `LexError`.

Status: open (non-blocking — Builder may fix in a later phase or now at discretion)