@kontourai/flow-agents 1.2.0 → 1.4.0

package/evals/integration/test_kit_conformance_levels.sh

@@ -164,7 +164,7 @@ run_inspect "$ROOT/kits/builder" "$out" || true
 if node -e "
 const d = require('fs').readFileSync('$out', 'utf8');
 const r = JSON.parse(d);
-const required = ['kit_id','kit_name','conformance','targets','third_party_extensions'];
+const required = ['kit_id','kit_name','conformance','targets','third_party_extensions','trust'];
 for (const k of required) {
   if (!(k in r)) throw new Error('missing key: ' + k);
 }
@@ -199,6 +199,60 @@ else
   cat "$out"
 fi
 
+# ===================================================================
+echo ""
+echo "=== 8. Trust axis: first-party allowlist (builder and knowledge) ==="
+# ===================================================================
+
+for kit_name in builder knowledge; do
+  out="$TMP_DIR/trust-${kit_name}.out"
+  run_inspect "$ROOT/kits/$kit_name" "$out" || true
+  trust=$(node -e "const d=require('fs').readFileSync('$out','utf8'); console.log(JSON.parse(d).trust)" 2>/dev/null)
+  if [[ "$trust" == "first-party" ]]; then
+    pass "$kit_name kit trust: first-party (in Kontour allowlist)"
+  else
+    fail "$kit_name kit trust: expected first-party, got '$trust'"
+    cat "$out"
+  fi
+done
+
+# ===================================================================
+echo ""
+echo "=== 9. Trust axis: unverified for third-party and fixture kits ==="
+# ===================================================================
+
+for fixture in k0-flows-only k1-agent-extension k2-with-evals third-party-extension; do
+  out="$TMP_DIR/trust-${fixture}.out"
+  run_inspect "$ROOT/evals/fixtures/kit-conformance-levels/$fixture" "$out" || true
+  trust=$(node -e "const d=require('fs').readFileSync('$out','utf8'); console.log(JSON.parse(d).trust)" 2>/dev/null)
+  if [[ "$trust" == "unverified" ]]; then
+    pass "$fixture fixture trust: unverified (not in first-party allowlist)"
+  else
+    fail "$fixture fixture trust: expected unverified, got '$trust'"
+    cat "$out"
+  fi
+done
+
+# ===================================================================
+echo ""
+echo "=== 10. Trust field present in inspect JSON schema ==="
+# ===================================================================
+
+out="$TMP_DIR/trust-schema.out"
+run_inspect "$ROOT/kits/builder" "$out" || true
+if node -e "
+const d = require('fs').readFileSync('$out', 'utf8');
+const r = JSON.parse(d);
+if (!('trust' in r)) throw new Error('missing key: trust');
+const valid = ['first-party', 'verified', 'unverified'];
+if (!valid.includes(r.trust)) throw new Error('trust must be one of: ' + valid.join(', ') + '; got: ' + r.trust);
+" 2>/dev/null; then
+  pass "inspect JSON output includes trust field with valid value"
+else
+  fail "inspect JSON output is missing trust field or has invalid value"
+  cat "$out"
+fi
+
 # ===================================================================
 echo ""
 if [[ "$errors" -eq 0 ]]; then

package/evals/integration/test_workflow_sidecar_writer.sh

@@ -544,22 +544,22 @@ else
   _fail "existing invalid acceptance ref rejection was not fail-closed: $(cat "$TMPDIR_EVAL/invalid-acceptance-ref.out" "$TMPDIR_EVAL/invalid-acceptance-ref.err")"
 fi
 
-SURFACE_CHECK='{"id":"surface-trust-fixture","kind":"policy","status":"pass","summary":"Surface trust evidence passed.","surface_trust_refs":[{"artifact_kind":"TrustReport","artifact_ref":"trust/report.json","gate_id":"builder.surface.claim","claim_type":"surface.claim","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Issued during this workflow."},"authority":{"producer":"surface-local","summary":"Local Surface trust producer."},"integrity":{"status":"matched","summary":"Artifact digest matched expected subject and gate.","digest":"sha256:abc123"},"status":"pass","summary":"Accepted Surface claim."}]}'
+SURFACE_CHECK='{"id":"surface-trust-fixture","kind":"policy","status":"pass","summary":"Hachure trust.bundle evidence passed.","surface_trust_refs":[{"artifact_kind":"trust.bundle","artifact_ref":"trust/report.json","gate_id":"builder.trust.bundle","claim_type":"builder.trust.bundle","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Issued during this workflow."},"authority":{"producer":"surface-local","summary":"Local Surface trust producer."},"integrity":{"status":"matched","summary":"Artifact digest matched expected subject and gate.","digest":"sha256:abc123"},"status":"pass","summary":"Accepted trust.bundle claim."}]}'
 if flow_agents_node "$WRITER" record-evidence "$ARTIFACT_DIR" \
   --verdict pass \
   --check-json "$SURFACE_CHECK" \
   --timestamp "2026-05-09T00:01:05Z" >"$TMPDIR_EVAL/surface-evidence.out" 2>"$TMPDIR_EVAL/surface-evidence.err" \
   && rg -q '"surface_trust_refs"' "$ARTIFACT_DIR/evidence.json" \
-  && rg -q '"artifact_kind": "TrustReport"' "$ARTIFACT_DIR/evidence.json" \
+  && rg -q '"artifact_kind": "trust.bundle"' "$ARTIFACT_DIR/evidence.json" \
   && ! rg -q 'veritas' "$ARTIFACT_DIR/evidence.json"; then
-  _pass "sidecar writer records provider-neutral Surface trust refs"
+  _pass "sidecar writer records Hachure-aligned trust.bundle refs"
 else
-  _fail "sidecar writer did not record Surface trust refs: $(cat "$TMPDIR_EVAL/surface-evidence.out" "$TMPDIR_EVAL/surface-evidence.err")"
+  _fail "sidecar writer did not record Hachure-aligned trust.bundle refs: $(cat "$TMPDIR_EVAL/surface-evidence.out" "$TMPDIR_EVAL/surface-evidence.err")"
 fi
 
 if flow_agents_node "$WRITER" record-evidence "$ARTIFACT_DIR" \
   --verdict pass \
-  --check-json '{"id":"surface-trust-native-field","kind":"policy","status":"pass","summary":"Should fail.","surface_trust_refs":[{"artifact_kind":"Trust Snapshot","artifact_ref":"trust/snapshot.json","gate_id":"builder.surface.claim","claim_type":"surface.claim","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Fresh."},"authority":{"producer":"surface-local","summary":"Producer exists.","veritas_policy":"native-field"},"integrity":{"status":"matched","summary":"Matched."},"status":"pass"}]}' >"$TMPDIR_EVAL/surface-invalid.out" 2>&1; then
+  --check-json '{"id":"surface-trust-native-field","kind":"policy","status":"pass","summary":"Should fail.","surface_trust_refs":[{"artifact_kind":"trust.bundle","artifact_ref":"trust/snapshot.json","gate_id":"builder.trust.bundle","claim_type":"builder.trust.bundle","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Fresh."},"authority":{"producer":"surface-local","summary":"Producer exists.","veritas_policy":"native-field"},"integrity":{"status":"matched","summary":"Matched."},"status":"pass"}]}' >"$TMPDIR_EVAL/surface-invalid.out" 2>&1; then
   _fail "sidecar writer should reject provider-specific Surface trust fields"
 elif rg -q 'unsupported field' "$TMPDIR_EVAL/surface-invalid.out"; then
   _pass "sidecar writer rejects provider-specific Surface trust fields"
@@ -581,10 +581,10 @@ check_contradictory_surface_ref() {
   fi
 }
 
-check_contradictory_surface_ref "rejected-pass" '{"artifact_kind":"TrustReport","artifact_ref":"trust/report.json","gate_id":"builder.surface.claim","claim_type":"surface.claim","claim_status":"rejected","subject":"builder-kit","freshness":{"status":"fresh","summary":"Fresh."},"authority":{"producer":"surface-local","summary":"Producer exists."},"integrity":{"status":"matched","summary":"Matched."},"status":"pass"}'
-check_contradictory_surface_ref "stale-pass" '{"artifact_kind":"TrustReport","artifact_ref":"trust/report.json","gate_id":"builder.surface.claim","claim_type":"surface.claim","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"stale","summary":"Stale."},"authority":{"producer":"surface-local","summary":"Producer exists."},"integrity":{"status":"matched","summary":"Matched."},"status":"pass"}'
-check_contradictory_surface_ref "missing-authority-pass" '{"artifact_kind":"TrustReport","artifact_ref":"trust/report.json","gate_id":"builder.surface.claim","claim_type":"surface.claim","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Fresh."},"authority":{"producer":"unknown","summary":"Producer missing."},"integrity":{"status":"matched","summary":"Matched."},"status":"pass"}'
-check_contradictory_surface_ref "integrity-mismatch-pass" '{"artifact_kind":"TrustReport","artifact_ref":"trust/report.json","gate_id":"builder.surface.claim","claim_type":"surface.claim","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Fresh."},"authority":{"producer":"surface-local","summary":"Producer exists."},"integrity":{"status":"mismatch","summary":"Mismatch."},"status":"pass"}'
+check_contradictory_surface_ref "rejected-pass" '{"artifact_kind":"trust.bundle","artifact_ref":"trust/report.json","gate_id":"builder.trust.bundle","claim_type":"builder.trust.bundle","claim_status":"rejected","subject":"builder-kit","freshness":{"status":"fresh","summary":"Fresh."},"authority":{"producer":"surface-local","summary":"Producer exists."},"integrity":{"status":"matched","summary":"Matched."},"status":"pass"}'
+check_contradictory_surface_ref "stale-pass" '{"artifact_kind":"trust.bundle","artifact_ref":"trust/report.json","gate_id":"builder.trust.bundle","claim_type":"builder.trust.bundle","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"stale","summary":"Stale."},"authority":{"producer":"surface-local","summary":"Producer exists."},"integrity":{"status":"matched","summary":"Matched."},"status":"pass"}'
+check_contradictory_surface_ref "missing-authority-pass" '{"artifact_kind":"trust.bundle","artifact_ref":"trust/report.json","gate_id":"builder.trust.bundle","claim_type":"builder.trust.bundle","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Fresh."},"authority":{"producer":"unknown","summary":"Producer missing."},"integrity":{"status":"matched","summary":"Matched."},"status":"pass"}'
+check_contradictory_surface_ref "integrity-mismatch-pass" '{"artifact_kind":"trust.bundle","artifact_ref":"trust/report.json","gate_id":"builder.trust.bundle","claim_type":"builder.trust.bundle","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Fresh."},"authority":{"producer":"surface-local","summary":"Producer exists."},"integrity":{"status":"mismatch","summary":"Mismatch."},"status":"pass"}'
 
 SURFACE_FIXTURE_DIR="$ROOT/evals/fixtures/surface-trust"
 check_surface_fixture() {

package/evals/run.sh

@@ -135,6 +135,8 @@ run_static() {
   echo ""
   bash "$EVAL_DIR/static/test_evidence_refs.sh" || result=1
   echo ""
+  bash "$EVAL_DIR/static/test_library_exports.sh" || result=1
+  echo ""
   bash "$EVAL_DIR/static/test_console_presets.sh" || result=1
   echo ""
   bash "$EVAL_DIR/static/test_repo_hooks.sh" || result=1

package/evals/static/test_library_exports.sh

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+# test_library_exports.sh — the package exposes the canonical workflow-sidecar
+# writer/validator as an importable library (issue #99). Guards three things:
+#   1. package.json declares the library entry points (exports/main/types).
+#   2. importing the entry point does NOT execute the CLI (entry guard holds).
+#   3. the CLI still runs when invoked directly (entry guard regression).
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+source "$ROOT/evals/lib/node.sh"
+cd "$ROOT"
+
+errors=0
+pass() { echo "  ✓ $1"; }
+fail() { echo "  ✗ $1"; errors=$((errors + 1)); }
+
+echo "=== Library Export Surface (#99) ==="
+
+# Ensure the build exists (cheap no-op if already built).
+flow_agents_node node_modules/typescript/bin/tsc -p tsconfig.json >/dev/null 2>&1 || npm run build --silent >/dev/null 2>&1 || true
+
+# 1. package.json entry points
+if node -e '
+const p = require("./package.json");
+const fail = (m) => { console.error(m); process.exit(1); };
+if (p.main !== "build/src/index.js") fail("main must be build/src/index.js");
+if (p.types !== "build/src/index.d.ts") fail("types must be build/src/index.d.ts");
+if (!p.exports || !p.exports["."]) fail("exports must define the root entry");
+const root = p.exports["."];
+if (root.import !== "./build/src/index.js") fail("exports[.].import must be ./build/src/index.js");
+if (root.types !== "./build/src/index.d.ts") fail("exports[.].types must be ./build/src/index.d.ts");
+' 2>/tmp/lib-exports-pkg.err; then
+  pass "package.json declares library entry points (main/types/exports)"
+else
+  fail "package.json library entry points missing or wrong: $(cat /tmp/lib-exports-pkg.err)"
+fi
+
+# 2. built artifacts present
+if [[ -f "build/src/index.js" && -f "build/src/index.d.ts" ]]; then
+  pass "build emits index.js and index.d.ts"
+else
+  fail "build is missing index.js or index.d.ts (run npm run build)"
+fi
+
+# 3. importing the library does not run the CLI, and the public API is present.
+# If importing executed the CLI it would call process.exit before our marker prints.
+if node --input-type=module -e '
+import * as lib from "./build/src/index.js";
+const required = [
+  "validateTrustBundle", "normalizeCheck", "normalizeFinding", "normalizeLearning",
+  "normalizeEvidenceRefs", "validateEvidenceRef", "validateLearningCorrection",
+  "loadJson", "writeJson", "appendJsonl", "sidecarBase", "writeState",
+  "readSidecar", "writeSidecar",
+  "statuses", "phases", "checkKinds", "checkStatuses", "verdicts",
+];
+const missing = required.filter((name) => lib[name] === undefined);
+if (missing.length) { console.error("missing exports: " + missing.join(", ")); process.exit(1); }
+// Exercise a validator to prove it is the real implementation, not a stub.
+let threw = false;
+try { lib.normalizeCheck({ id: "x" }); } catch { threw = true; }
+if (!threw) { console.error("normalizeCheck should reject an invalid check"); process.exit(1); }
+const ok = lib.normalizeCheck({ id: "b", kind: "test", status: "pass", summary: "ok" });
+if (ok.id !== "b") { console.error("normalizeCheck should return the normalized check"); process.exit(1); }
+console.log("LIBRARY_IMPORT_OK");
+' 2>/dev/null | grep -q "LIBRARY_IMPORT_OK"; then
+  pass "importing the library exposes the public API without running the CLI"
+else
+  fail "library import failed, ran the CLI, or is missing public exports"
+fi
+
+# 4. the CLI still runs when invoked directly (entry guard regression guard).
+# A missing required flag must produce the CLI's own validation error, proving main() ran.
+cli_out="$(node build/src/cli/workflow-sidecar.js ensure-session --artifact-root /tmp/nonexistent-lib-test 2>&1 || true)"
+if echo "$cli_out" | grep -q "task-slug is required"; then
+  pass "CLI entry still executes when run directly"
+else
+  fail "CLI entry did not run as a script (entry guard regression): $cli_out"
+fi
+
+echo ""
+if [[ "$errors" -gt 0 ]]; then
+  echo "Library export checks failed: $errors issue(s)."
+  exit 1
+fi
+echo "Library export checks passed."

package/evals/static/test_package.sh

@@ -211,8 +211,8 @@ for (const gateId of ["verify-gate", "merge-ready-gate"]) {
 const expectations = Object.values(flow.gates || {}).flatMap((gate) => gate.expects || []);
 if (!expectations.length) throw new Error("Builder build flow should declare gate expectations");
 for (const expectation of expectations) {
-  if (expectation.kind !== "surface.claim") throw new Error(`${expectation.id || "<unknown>"} should remain a surface.claim expectation`);
-  if (!expectation.claim?.type || !expectation.claim?.accepted_statuses) throw new Error(`${expectation.id || "<unknown>"} should declare claim type and accepted statuses`);
+  if (expectation.kind !== "trust.bundle") throw new Error(`${expectation.id || "<unknown>"} should remain a trust.bundle expectation`);
+  if (!expectation.bundle_claim?.claimType || !expectation.bundle_claim?.accepted_statuses) throw new Error(`${expectation.id || "<unknown>"} should declare bundle_claim claimType and accepted statuses`);
 }
 const flowText = JSON.stringify(flow).toLowerCase();
 for (const term of ["veritas", "trust_provider", "trust-provider", "provider_name", "provider_ref", "veritas_policy", "veritas_readiness"]) {
@@ -221,7 +221,7 @@ for (const term of ["veritas", "trust_provider", "trust-provider", "provider_nam
 console.log("ok");
 NODE
   then
-    _pass "installed Builder Kit build flow keeps provider-neutral surface.claim gates"
+    _pass "installed Builder Kit build flow keeps provider-neutral trust.bundle gates"
   else
     _fail "installed Builder Kit build flow route-back or provider-neutral gate policy missing or wrong"
   fi

package/evals/static/test_universal_bundles.sh

@@ -411,6 +411,21 @@ else
   _fail "catalog metadata check failed"
 fi
 
+# Block Reason Channel (#100): the generated opencode/pi adapters must carry the
+# policy reason into their block path so the model learns why it was blocked.
+# claude/codex deny translation is covered in test_hook_category_behaviors.sh.
+BUILDER_SRC="$ROOT_DIR/src/tools/build-universal-bundles.ts"
+if grep -q "throw new Error(policyResult.reason" "$BUILDER_SRC"; then
+  _pass "opencode adapter surfaces the block reason to the model (thrown error)"
+else
+  _fail "opencode adapter block path dropped the policy reason"
+fi
+if grep -q "reason: result.reason" "$BUILDER_SRC"; then
+  _pass "pi adapter surfaces the block reason to the model (block result reason)"
+else
+  _fail "pi adapter block path dropped the policy reason"
+fi
+
 echo ""
 echo "==========================="
 total=$((pass + fail))

package/evals/static/test_workflow_skills.sh

@@ -1075,17 +1075,17 @@ const flow = JSON.parse(fs.readFileSync(process.argv[2], "utf8"));
 const expectations = Object.values(flow.gates || {}).flatMap((gate) => gate.expects || []);
 if (!expectations.length) throw new Error("no Builder Kit gate expectations found");
 for (const expectation of expectations) {
-  if (expectation.kind !== "surface.claim") throw new Error(`${expectation.id || "<unknown>"} is not a surface.claim expectation`);
-  if (!expectation.claim?.type || !expectation.claim?.accepted_statuses) throw new Error(`${expectation.id || "<unknown>"} is missing claim type or accepted statuses`);
+  if (expectation.kind !== "trust.bundle") throw new Error(`${expectation.id || "<unknown>"} is not a trust.bundle expectation`);
+  if (!expectation.bundle_claim?.claimType || !expectation.bundle_claim?.accepted_statuses) throw new Error(`${expectation.id || "<unknown>"} is missing bundle_claim claimType or accepted statuses`);
 }
 const flowText = JSON.stringify(flow).toLowerCase();
 for (const term of ["veritas", "trust_provider", "trust-provider", "provider_name", "provider_ref", "veritas_policy", "veritas_readiness"]) {
   if (flowText.includes(term)) throw new Error(`provider-specific trust field leaked into Builder Kit build flow: ${term}`);
 }
 NODE
-  pass "Builder build flow keeps provider-neutral surface.claim expectations"
+  pass "Builder build flow keeps provider-neutral trust.bundle expectations"
 else
-  fail "Builder build flow keeps provider-neutral surface.claim expectations"
+  fail "Builder build flow keeps provider-neutral trust.bundle expectations"
 fi
 require_text "$MAP" 'pull-work' "map includes pull-work"
 require_text "$MAP" 'pickup Probe before planning' "map documents pickup Probe before planning"

package/kits/builder/flows/build.flow.json

@@ -19,12 +19,12 @@
       "expects": [
         {
           "id": "selected-work",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "A ready work item is selected with scope and acceptance context.",
-          "claim": {
-            "type": "builder.pull-work.selected",
-            "subject": "work-item",
+          "bundle_claim": {
+            "claimType": "builder.pull-work.selected",
+            "subjectType": "work-item",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }
@@ -35,23 +35,23 @@
       "expects": [
         {
           "id": "pickup-probe-readiness",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Pickup Probe evidence is recorded before planning: goal fit and scope, blockers and dependencies, dependency freshness, acceptance criteria quality, provider state, risk, stop-short risks, planning readiness, decisions, unresolved questions, accepted gaps, probe_status, probe_artifact_ref, grouping decision, expected modified files, and conflict risks.",
-          "claim": {
-            "type": "builder.design-probe.pickup-readiness",
-            "subject": "work-item",
+          "bundle_claim": {
+            "claimType": "builder.design-probe.pickup-readiness",
+            "subjectType": "work-item",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "probe-decisions-or-accepted-gaps",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Planning is blocked until pickup Probe decisions are captured in the pull-work or plan handoff artifact, or unresolved questions are explicitly recorded as accepted gaps. Stale broad continuation language after a merge is not sufficient for planning newly selected work.",
-          "claim": {
-            "type": "builder.design-probe.decisions",
-            "subject": "decision",
+          "bundle_claim": {
+            "claimType": "builder.design-probe.decisions",
+            "subjectType": "decision",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }
@@ -62,12 +62,12 @@
       "expects": [
         {
           "id": "implementation-plan",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "The implementation plan names files, changes, acceptance evidence, and sequencing.",
-          "claim": {
-            "type": "builder.plan.implementation",
-            "subject": "artifact",
+          "bundle_claim": {
+            "claimType": "builder.plan.implementation",
+            "subjectType": "artifact",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }
@@ -78,12 +78,12 @@
       "expects": [
         {
           "id": "implementation-scope",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "The implementation scope records changed files and excludes unrelated work.",
-          "claim": {
-            "type": "builder.execute.scope",
-            "subject": "change",
+          "bundle_claim": {
+            "claimType": "builder.execute.scope",
+            "subjectType": "change",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }
@@ -105,24 +105,24 @@
       "expects": [
         {
           "id": "tests-evidence",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Relevant tests or checks have evidence tied to the implemented change.",
-          "claim": {
-            "type": "builder.verify.tests",
-            "subject": "flow-step",
+          "bundle_claim": {
+            "claimType": "builder.verify.tests",
+            "subjectType": "flow-step",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "policy-compliance",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": false,
           "description": "Policy compliance evidence is attached when policy gates apply.",
           "explore_hint": "Use as advisory evidence for scope, security, privacy, release, or repository policy checks.",
-          "claim": {
-            "type": "builder.verify.policy-compliance",
-            "subject": "artifact",
+          "bundle_claim": {
+            "claimType": "builder.verify.policy-compliance",
+            "subjectType": "artifact",
             "accepted_statuses": ["trusted", "accepted", "advisory"]
           }
         }
@@ -144,12 +144,12 @@
       "expects": [
         {
           "id": "merge-readiness",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "The change is ready for merge review based on scope, evidence, and unresolved risks.",
-          "claim": {
-            "type": "builder.merge-ready.readiness",
-            "subject": "change",
+          "bundle_claim": {
+            "claimType": "builder.merge-ready.readiness",
+            "subjectType": "change",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }
@@ -160,12 +160,12 @@
       "expects": [
         {
           "id": "pull-request-opened",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "A pull request exists with linked work, implementation summary, and verification evidence.",
-          "claim": {
-            "type": "builder.pr-open.pull-request",
-            "subject": "pull-request",
+          "bundle_claim": {
+            "claimType": "builder.pr-open.pull-request",
+            "subjectType": "pull-request",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }
@@ -176,12 +176,12 @@
       "expects": [
         {
           "id": "ci-merge-readiness",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "CI and review status support a merge-ready decision.",
-          "claim": {
-            "type": "builder.merge-ready-ci.readiness",
-            "subject": "pull-request",
+          "bundle_claim": {
+            "claimType": "builder.merge-ready-ci.readiness",
+            "subjectType": "pull-request",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }
@@ -192,23 +192,23 @@
       "expects": [
         {
           "id": "decision-evidence",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Durable decision evidence from the build is recorded.",
-          "claim": {
-            "type": "builder.learn.decisions",
-            "subject": "decision",
+          "bundle_claim": {
+            "claimType": "builder.learn.decisions",
+            "subjectType": "decision",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "learning-evidence",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Learning evidence from delivery is recorded for future work.",
-          "claim": {
-            "type": "builder.learn.evidence",
-            "subject": "release",
+          "bundle_claim": {
+            "claimType": "builder.learn.evidence",
+            "subjectType": "release",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }

package/kits/builder/flows/shape.flow.json

@@ -13,79 +13,79 @@
       "expects": [
         {
           "id": "shaped-problem",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "The problem is stated in terms a builder can act on.",
-          "claim": {
-            "type": "builder.shape.problem",
-            "subject": "decision",
+          "bundle_claim": {
+            "claimType": "builder.shape.problem",
+            "subjectType": "decision",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "shaped-outcome",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "The intended outcome is explicit enough to evaluate later.",
-          "claim": {
-            "type": "builder.shape.outcome",
-            "subject": "flow-run",
+          "bundle_claim": {
+            "claimType": "builder.shape.outcome",
+            "subjectType": "flow-run",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "shaped-constraints",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Constraints that affect implementation are captured.",
-          "claim": {
-            "type": "builder.shape.constraints",
-            "subject": "decision",
+          "bundle_claim": {
+            "claimType": "builder.shape.constraints",
+            "subjectType": "decision",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "shaped-non-goals",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Non-goals are named so the build stays scoped.",
-          "claim": {
-            "type": "builder.shape.non-goals",
-            "subject": "decision",
+          "bundle_claim": {
+            "claimType": "builder.shape.non-goals",
+            "subjectType": "decision",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "shaped-success",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Success criteria are concrete enough for verification.",
-          "claim": {
-            "type": "builder.shape.success",
-            "subject": "artifact",
+          "bundle_claim": {
+            "claimType": "builder.shape.success",
+            "subjectType": "artifact",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "shaped-risk",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Material delivery risks are recorded before breakdown.",
-          "claim": {
-            "type": "builder.shape.risk",
-            "subject": "decision",
+          "bundle_claim": {
+            "claimType": "builder.shape.risk",
+            "subjectType": "decision",
             "accepted_statuses": ["trusted", "accepted"]
           }
         },
         {
           "id": "open-decisions",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": false,
           "description": "Open decisions are recorded when the shape is not fully settled.",
           "explore_hint": "Attach when unresolved choices could affect slices or issue boundaries.",
-          "claim": {
-            "type": "builder.shape.open-decisions",
-            "subject": "decision",
+          "bundle_claim": {
+            "claimType": "builder.shape.open-decisions",
+            "subjectType": "decision",
             "accepted_statuses": ["trusted", "accepted", "advisory"]
           }
         }
@@ -96,12 +96,12 @@
       "expects": [
         {
           "id": "slices-defined",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "The shaped work is split into independently useful slices.",
-          "claim": {
-            "type": "builder.breakdown.slices",
-            "subject": "work-item",
+          "bundle_claim": {
+            "claimType": "builder.breakdown.slices",
+            "subjectType": "work-item",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }
@@ -112,12 +112,12 @@
       "expects": [
         {
           "id": "work-items-filed",
-          "kind": "surface.claim",
+          "kind": "trust.bundle",
           "required": true,
           "description": "Work items are filed or otherwise recorded with enough context to pull later.",
-          "claim": {
-            "type": "builder.file-issues.work-items",
-            "subject": "work-item",
+          "bundle_claim": {
+            "claimType": "builder.file-issues.work-items",
+            "subjectType": "work-item",
             "accepted_statuses": ["trusted", "accepted"]
           }
         }