@kontourai/flow-agents 1.3.0 → 2.0.0

package/evals/acceptance/prove-capture-teeth-declared.sh

@@ -0,0 +1,335 @@
+#!/usr/bin/env bash
+# prove-capture-teeth-declared.sh — Permanent regression proof that the
+# capture cross-reference gate BLOCKS declared-type false-completions.
+#
+# Bug closed: captureCrossReference previously called bundleClaimedPassCommandChecks
+# WITHOUT declaredClaimTypes, so sessions with a FlowDefinition active (e.g.
+# builder.build / verify step) could emit declared-type claims (builder.verify.tests)
+# that the cross-reference was completely blind to. A command-log recording FAIL for
+# "npm test" would NOT block even though the trust.bundle evidence claimed it passed.
+# ADR 0016 P-c fix: captureCrossReference now accepts activeFlowStep and threads
+# declaredClaimTypes into bundleClaimedPassCommandChecks, mirroring bundleEnforcement
+# and sidecarGuidance.
+#
+# This eval:
+#   1. Proves the fix BLOCKS (exit 2): declared-type evidence claims pass, command-log
+#      says FAIL → gate emits "caught false-completion".
+#   2. Proves the control case SHIPS (exit 0): same fixture with a PASS log.
+#   3. Proves the workflow.check.* path still BLOCKS (no regression on original case).
+#
+# Deterministic — no model spend, no bundle install required.
+# Usage: bash evals/acceptance/prove-capture-teeth-declared.sh
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+GATE="$ROOT/scripts/hooks/stop-goal-fit.js"
+
+export FLOW_AGENTS_GOAL_FIT_MAX_BLOCKS=100000
+
+TMP="$(mktemp -d)"
+errors=0
+_pass() { echo "  ✓ $1"; }
+_fail() { echo "  ✗ $1"; errors=$((errors + 1)); }
+
+cleanup() { rm -rf "$TMP"; }
+trap cleanup EXIT
+
+# ─── helper: seed a minimal delivered workflow artifact ───────────────────────
+seed_repo() { # $1=dir $2=slug
+  local p="$1" slug="$2"
+  mkdir -p "$p/.flow-agents/$slug"
+  printf '# Repo\n' > "$p/AGENTS.md"
+  printf '%s' "{\"schema_version\":\"1.0\",\"task_slug\":\"$slug\",\"status\":\"delivered\",\"phase\":\"done\",\"updated_at\":\"2026-06-27T00:00:00Z\",\"next_action\":{\"status\":\"done\",\"summary\":\"done\"}}" \
+    > "$p/.flow-agents/$slug/state.json"
+  cat > "$p/.flow-agents/$slug/$slug--deliver.md" << MD
+# $slug
+
+branch: main
+status: delivered
+type: deliver
+
+## Definition Of Done
+- [x] tests pass
+
+## Goal Fit Gate
+- [x] acceptance verified
+
+### Verdict: PASS
+MD
+}
+
+# ─── helper: write the declared-type trust.bundle ─────────────────────────────
+# Evidence item has execution.label="npm test" linked to a builder.verify.tests claim
+# that asserts pass. The cross-reference must catch the command-log contradiction.
+write_declared_bundle() { # $1=bundle-path
+  python3 - "$1" << 'PY'
+import json, sys
+bundle = {
+    "schemaVersion": 3,
+    "source": "flow-agents/workflow-sidecar",
+    "claims": [{
+        "id": "c1",
+        "subjectId": "declared-false/tests",
+        "subjectType": "flow-step",
+        "claimType": "builder.verify.tests",
+        "fieldOrBehavior": "npm test",
+        "value": "pass",
+        "impactLevel": "high",
+        "status": "verified",
+        "createdAt": "2026-06-27T00:00:00Z",
+        "updatedAt": "2026-06-27T00:00:00Z"
+    }],
+    "evidence": [{
+        "id": "ev1",
+        "claimId": "c1",
+        "evidenceType": "command_output",
+        "method": "capture",
+        "sourceRef": "command-log.jsonl",
+        "excerptOrSummary": "npm test passed (agent claimed)",
+        "observedAt": "2026-06-27T00:00:00Z",
+        "collectedBy": "agent",
+        "passing": True,
+        "execution": {
+            "label": "npm test",
+            "exitCode": 0
+        }
+    }],
+    "policies": [],
+    "events": []
+}
+json.dump(bundle, open(sys.argv[1], 'w'))
+PY
+}
+
+# Minimal FlowDefinition: verify-gate expects builder.verify.tests
+# Using FLOW_AGENTS_FLOW_DEFS_DIR so the test is self-contained (no kits/ needed).
+FLOW_DEFS_DIR="$TMP/flows"
+mkdir -p "$FLOW_DEFS_DIR"
+cat > "$FLOW_DEFS_DIR/builder.build.flow.json" << 'FLOWJSON'
+{
+  "id": "builder.build",
+  "version": "1.0",
+  "gates": {
+    "verify-gate": {
+      "step": "verify",
+      "expects": [
+        {
+          "id": "tests-evidence",
+          "kind": "trust.bundle",
+          "required": true,
+          "bundle_claim": {
+            "claimType": "builder.verify.tests",
+            "subjectType": "flow-step",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    }
+  }
+}
+FLOWJSON
+
+# ─── Test 1: declared-type false-completion MUST BLOCK ────────────────────────
+echo "Test 1: declared-type evidence claims pass, command-log records FAIL → must BLOCK"
+echo "  (This is the hole: pre-fix the gate was blind to builder.verify.tests claims)"
+
+T1="$TMP/t1"
+seed_repo "$T1" "declared-false"
+
+# current.json: active FlowDefinition
+printf '%s' '{"artifact_dir":"declared-false","active_flow_id":"builder.build","active_step_id":"verify"}' \
+  > "$T1/.flow-agents/current.json"
+
+write_declared_bundle "$T1/.flow-agents/declared-false/trust.bundle"
+
+# command-log: npm test recorded as FAIL — the independent truth source says FAILED
+printf '%s\n' '{"command":"npm test","observedResult":"fail","exitCode":1,"capturedAt":"2026-06-27T00:00:00Z","source":"postToolUse-capture"}' \
+  > "$T1/.flow-agents/declared-false/command-log.jsonl"
+
+set +e
+t1_out="$(FLOW_AGENTS_GOAL_FIT_MODE=block \
+    FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip \
+    FLOW_AGENTS_FLOW_DEFS_DIR="$FLOW_DEFS_DIR" \
+    node "$GATE" 2>&1 <<< "{\"hook_event_name\":\"Stop\",\"cwd\":\"$T1\"}")"
+t1_exit="$?"
+set -e
+
+if [ "$t1_exit" -eq 2 ]; then
+  _pass "declared-type false-completion BLOCKED (exit 2)"
+else
+  _fail "declared-type false-completion NOT blocked: exit=$t1_exit output=$t1_out"
+fi
+
+if echo "$t1_out" | grep -q "caught false-completion"; then
+  _pass "emits 'caught false-completion' message"
+else
+  _fail "missing 'caught false-completion' in output: $t1_out"
+fi
+
+if echo "$t1_out" | grep -q "capture log CONTRADICTS claimed pass"; then
+  _pass "emits 'capture log CONTRADICTS claimed pass' message"
+else
+  _fail "missing contradicts message in output: $t1_out"
+fi
+
+if echo "$t1_out" | grep -q "npm test"; then
+  _pass "warning names the contradicted command (npm test)"
+else
+  _fail "warning does not name the command: $t1_out"
+fi
+
+# ─── Test 2: control — matching PASS log should SHIP (no false-block) ─────────
+echo ""
+echo "Test 2: same fixture but command-log records PASS → must SHIP (exit 0)"
+
+T2="$TMP/t2"
+seed_repo "$T2" "declared-pass"
+
+printf '%s' '{"artifact_dir":"declared-pass","active_flow_id":"builder.build","active_step_id":"verify"}' \
+  > "$T2/.flow-agents/current.json"
+
+# Reuse same bundle (trusts pass) but command-log confirms pass
+python3 - "$T2/.flow-agents/declared-pass/trust.bundle" << 'PY'
+import json, sys
+bundle = {
+    "schemaVersion": 3,
+    "source": "flow-agents/workflow-sidecar",
+    "claims": [{
+        "id": "c2",
+        "subjectId": "declared-pass/tests",
+        "subjectType": "flow-step",
+        "claimType": "builder.verify.tests",
+        "fieldOrBehavior": "npm test",
+        "value": "pass",
+        "impactLevel": "high",
+        "status": "verified",
+        "createdAt": "2026-06-27T00:00:00Z",
+        "updatedAt": "2026-06-27T00:00:00Z"
+    }],
+    "evidence": [{
+        "id": "ev2",
+        "claimId": "c2",
+        "evidenceType": "command_output",
+        "method": "capture",
+        "sourceRef": "command-log.jsonl",
+        "excerptOrSummary": "npm test passed",
+        "observedAt": "2026-06-27T00:00:00Z",
+        "collectedBy": "agent",
+        "passing": True,
+        "execution": {
+            "label": "npm test",
+            "exitCode": 0
+        }
+    }],
+    "policies": [],
+    "events": []
+}
+json.dump(bundle, open(sys.argv[1], 'w'))
+PY
+
+# command-log: npm test recorded as PASS — confirming evidence
+printf '%s\n' '{"command":"npm test","observedResult":"pass","exitCode":0,"capturedAt":"2026-06-27T00:00:00Z","source":"postToolUse-capture"}' \
+  > "$T2/.flow-agents/declared-pass/command-log.jsonl"
+
+set +e
+t2_out="$(FLOW_AGENTS_GOAL_FIT_MODE=block \
+    FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip \
+    FLOW_AGENTS_FLOW_DEFS_DIR="$FLOW_DEFS_DIR" \
+    node "$GATE" 2>&1 <<< "{\"hook_event_name\":\"Stop\",\"cwd\":\"$T2\"}")"
+t2_exit="$?"
+set -e
+
+if [ "$t2_exit" -ne 2 ]; then
+  _pass "confirming log clears the cross-reference (no false-block, exit $t2_exit)"
+else
+  _fail "confirming log incorrectly blocked (exit 2): $t2_out"
+fi
+
+if echo "$t2_out" | grep -q "caught false-completion"; then
+  _fail "confirming log incorrectly emits false-completion: $t2_out"
+else
+  _pass "confirming log does not emit false-completion"
+fi
+
+# ─── Test 3: workflow.check.* path still BLOCKS (regression guard) ────────────
+echo ""
+echo "Test 3: workflow.check.* false-completion still BLOCKS (no regression on original case)"
+
+T3="$TMP/t3"
+seed_repo "$T3" "wf-false"
+
+# No current.json active flow → loadActiveFlowStep returns null → workflow.* fallback
+printf '%s' '{"artifact_dir":"wf-false"}' \
+  > "$T3/.flow-agents/current.json"
+
+python3 - "$T3/.flow-agents/wf-false/trust.bundle" << 'PY'
+import json, sys
+bundle = {
+    "schemaVersion": 3,
+    "source": "flow-agents/workflow-sidecar",
+    "claims": [{
+        "id": "c3",
+        "subjectId": "wf-false/unit-tests",
+        "subjectType": "workflow-check",
+        "claimType": "workflow.check.command",
+        "fieldOrBehavior": "npm test",
+        "value": "pass",
+        "impactLevel": "high",
+        "status": "verified",
+        "createdAt": "2026-06-27T00:00:00Z",
+        "updatedAt": "2026-06-27T00:00:00Z"
+    }],
+    "evidence": [{
+        "id": "ev3",
+        "claimId": "c3",
+        "evidenceType": "command_output",
+        "method": "capture",
+        "sourceRef": "command-log.jsonl",
+        "excerptOrSummary": "npm test passed (agent claimed)",
+        "observedAt": "2026-06-27T00:00:00Z",
+        "collectedBy": "agent",
+        "passing": True,
+        "execution": {
+            "label": "npm test",
+            "exitCode": 0
+        }
+    }],
+    "policies": [],
+    "events": []
+}
+json.dump(bundle, open(sys.argv[1], 'w'))
+PY
+
+# command-log: npm test recorded as FAIL
+printf '%s\n' '{"command":"npm test","observedResult":"fail","exitCode":1,"capturedAt":"2026-06-27T00:00:00Z","source":"postToolUse-capture"}' \
+  > "$T3/.flow-agents/wf-false/command-log.jsonl"
+
+set +e
+t3_out="$(FLOW_AGENTS_GOAL_FIT_MODE=block \
+    FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip \
+    FLOW_AGENTS_FLOW_DEFS_DIR="$FLOW_DEFS_DIR" \
+    node "$GATE" 2>&1 <<< "{\"hook_event_name\":\"Stop\",\"cwd\":\"$T3\"}")"
+t3_exit="$?"
+set -e
+
+if [ "$t3_exit" -eq 2 ]; then
+  _pass "workflow.check.* false-completion still BLOCKS (no regression)"
+else
+  _fail "workflow.check.* false-completion NOT blocked: exit=$t3_exit output=$t3_out"
+fi
+
+if echo "$t3_out" | grep -q "caught false-completion"; then
+  _pass "workflow.check.* path still emits 'caught false-completion'"
+else
+  _fail "workflow.check.* path missing 'caught false-completion': $t3_out"
+fi
+
+# ─── Summary ──────────────────────────────────────────────────────────────────
+echo ""
+if [ "$errors" -eq 0 ]; then
+  echo "prove-capture-teeth-declared: all tests passed."
+  echo "PROOF: declared-type false-completions are blocked; workflow.check.* path unaffected."
+  exit 0
+fi
+echo "prove-capture-teeth-declared: FAILED ($errors issue(s))."
+exit 1

package/evals/acceptance/prove-capture-teeth.sh

@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+# prove-capture-teeth.sh — Deterministic proof (no model spend) that capture-first
+# evidence determinism has teeth through the SHIPPED bundles: an agent claims a
+# command passed, but the deterministically-captured command-log shows it actually
+# FAILED → Stop is blocked. Also proves the trusted backstop catches a never-run
+# claimed-pass command, and that a matching capture log lets Stop through.
+#
+# Mirrors prove-teeth.sh: installs each bundle and runs the installed hook commands
+# with seeded .flow-agents state, exactly as the runtime would on PostToolUse / Stop.
+#
+# Usage: bash evals/acceptance/prove-capture-teeth.sh
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+pass=0; fail=0
+_p(){ echo "  ✓ $1"; pass=$((pass+1)); }
+_f(){ echo "  ✗ $1"; fail=$((fail+1)); }
+
+echo "Building bundles..."
+(cd "$ROOT" && npm run build:bundles >/dev/null 2>&1) || { echo "build failed"; exit 1; }
+
+hook_cmd(){ # $1 settings/hooks json, $2 event, $3 script needle
+  python3 - "$1" "$2" "$3" <<'PY'
+import json,sys
+s=json.load(open(sys.argv[1]))
+for g in s.get("hooks",{}).get(sys.argv[2],[]):
+    for h in g["hooks"]:
+        if sys.argv[3] in h["command"]:
+            print(h["command"]); sys.exit(0)
+sys.exit(0)
+PY
+}
+
+# Seed: model CLAIMS the command passed (evidence.json) but the deterministic
+# capture log recorded it as FAIL — a false-completion the gate must catch.
+seed_capture_false_pass(){ # $1 project dir
+  local p="$1"; mkdir -p "$p/.flow-agents/cap-false"
+  [ -f "$p/AGENTS.md" ] || printf '# Repo\n' > "$p/AGENTS.md"
+  printf '%s' '{"schema_version":"1.0","task_slug":"cap-false","status":"delivered","phase":"done","updated_at":"2026-06-23T00:00:00Z","next_action":{"status":"done","summary":"done"}}' > "$p/.flow-agents/cap-false/state.json"
+  printf '%s' '{"schema_version":"1.0","task_slug":"cap-false","verdict":"pass","checks":[{"id":"unit-tests","kind":"command","status":"pass","command":"npm test","summary":"tests passed"}]}' > "$p/.flow-agents/cap-false/evidence.json"
+  printf '%s\n' '{"command":"npm test","observedResult":"fail","exitCode":1,"capturedAt":"2026-06-23T00:00:00Z","source":"postToolUse-capture"}' > "$p/.flow-agents/cap-false/command-log.jsonl"
+  cat > "$p/.flow-agents/cap-false/cap-false--deliver.md" <<'MD'
+# Cap False
+
+branch: main
+status: delivered
+type: deliver
+
+## Definition Of Done
+- [x] all unit tests pass
+
+## Goal Fit Gate
+- [x] acceptance criteria verified
+
+### Verdict: PASS
+MD
+}
+
+is_block(){ grep -q '"decision":"block"'; }
+
+run_bundle(){ # $1 label, $2 install.sh, $3 settings-json-rel, $4 home-env-name
+  local label="$1" installer="$2" cfgrel="$3" homevar="$4"
+  echo ""
+  echo "── $label: shipped bundle install ──"
+  local home proj
+  home="$(mktemp -d)"; proj="$(mktemp -d)"
+  bash "$installer" "$home" >/dev/null 2>&1 || { _f "$label install.sh failed"; return; }
+  local cfg="$home/$cfgrel"
+  [ -f "$cfg" ] || { _f "$label config not found at $cfgrel after install"; return; }
+  [ -f "$home/scripts/hooks/evidence-capture.js" ] || { _f "$label bundle missing evidence-capture.js after install"; return; }
+
+  # --- Capture hook is wired on PostToolUse in the shipped config ---
+  local capcmd; capcmd="$(hook_cmd "$cfg" PostToolUse evidence-capture)"
+  [ -n "$capcmd" ] || { _f "$label: no PostToolUse evidence-capture hook in shipped config"; return; }
+  _p "$label ships evidence-capture on PostToolUse"
+
+  # The capture hook deterministically records a real command result through the
+  # installed adapter path.
+  mkdir -p "$proj/.flow-agents/live-cap"
+  [ -f "$proj/AGENTS.md" ] || printf '# Repo\n' > "$proj/AGENTS.md"
+  printf '%s' '{"schema_version":"1.0","task_slug":"live-cap","status":"in_progress","phase":"verification","updated_at":"2026-06-23T00:00:00Z"}' > "$proj/.flow-agents/live-cap/state.json"
+  printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"npm run lint"},"error":"command failed"}' "$proj" \
+    | env "$homevar=$home" CLAUDE_PROJECT_DIR="$home" bash -c "$capcmd" >/dev/null 2>&1 || true
+  if rg -q '"command":"npm run lint","observedResult":"fail"' "$proj/.flow-agents/live-cap/command-log.jsonl" 2>/dev/null; then
+    _p "$label capture hook records a real FAIL to command-log.jsonl through the installed adapter"
+  else
+    _f "$label capture hook did not record the command result: $(cat "$proj/.flow-agents/live-cap/command-log.jsonl" 2>/dev/null)"
+  fi
+
+  # --- Teeth: claims-pass-but-log-shows-fail → Stop is BLOCKED ---
+  seed_capture_false_pass "$proj"
+  local stopcmd; stopcmd="$(hook_cmd "$cfg" Stop stop-goal-fit)"
+  [ -n "$stopcmd" ] || { _f "$label: no Stop stop-goal-fit hook in shipped config"; return; }
+  local blk; blk="$(printf '{"hook_event_name":"Stop","cwd":"%s"}' "$proj" | env "$homevar=$home" CLAUDE_PROJECT_DIR="$home" FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip bash -c "$stopcmd" 2>/dev/null)"
+  echo "$blk" | is_block && _p "$label BLOCKS a claimed-pass command that the capture log recorded as FAIL" || _f "$label did NOT block the captured false-completion: $blk"
+
+  # control: a matching capture log (pass) lets Stop through on the capture axis.
+  printf '%s\n' '{"command":"npm test","observedResult":"pass","exitCode":0,"capturedAt":"2026-06-23T00:00:00Z","source":"postToolUse-capture"}' > "$proj/.flow-agents/cap-false/command-log.jsonl"
+  local okblk; okblk="$(printf '{"hook_event_name":"Stop","cwd":"%s"}' "$proj" | env "$homevar=$home" CLAUDE_PROJECT_DIR="$home" FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip bash -c "$stopcmd" 2>&1)"
+  if echo "$okblk" | grep -q 'caught false-completion'; then
+    _f "$label control: a confirming capture log should not raise a false-completion"
+  else
+    _p "$label control: a confirming capture log clears the false-completion (no re-run)"
+  fi
+}
+
+run_bundle "Claude Code" "$ROOT/dist/claude-code/install.sh" ".claude/settings.json" "CLAUDE_PROJECT_DIR"
+run_bundle "Codex"       "$ROOT/dist/codex/install.sh"       ".codex/hooks.json"     "CODEX_HOME"
+
+echo ""
+echo "──────────────────────────────────"
+echo "prove-capture-teeth: $pass passed, $fail failed"
+[ "$fail" -eq 0 ] && echo "PROOF: shipped bundles capture real command results and BLOCK claimed-pass-but-actually-failed completions." || true
+exit $([ "$fail" -eq 0 ] && echo 0 || echo 1)

package/evals/acceptance/prove-teeth.sh

@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+# prove-teeth.sh — End-to-end proof that the SHIPPED bundles enforce goal fit
+# (block mode) and re-ground active goals (SessionStart re-injection), through
+# the real install + adapter path, for Claude Code and Codex.
+#
+# This is deterministic (no live model spend): it installs each bundle and runs
+# the installed hook commands with seeded .flow-agents state, exactly as the
+# runtime would on a Stop / SessionStart event.
+#
+# Usage: bash evals/acceptance/prove-teeth.sh
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+pass=0; fail=0
+_p(){ echo "  ✓ $1"; pass=$((pass+1)); }
+_f(){ echo "  ✗ $1"; fail=$((fail+1)); }
+
+echo "Building bundles..."
+(cd "$ROOT" && npm run build:bundles >/dev/null 2>&1) || { echo "build failed"; exit 1; }
+
+# Extract an installed hook command by event + script-name substring.
+hook_cmd(){ # $1 settings/hooks json, $2 event, $3 script needle
+  python3 - "$1" "$2" "$3" <<'PY'
+import json,sys
+s=json.load(open(sys.argv[1]))
+for g in s.get("hooks",{}).get(sys.argv[2],[]):
+    for h in g["hooks"]:
+        if sys.argv[3] in h["command"]:
+            print(h["command"]); sys.exit(0)
+sys.exit(0)
+PY
+}
+
+seed_false_completion(){ # $1 project dir — evidence FAIL but markdown claims PASS
+  local p="$1"; mkdir -p "$p/.flow-agents/false-done"
+  [ -f "$p/AGENTS.md" ] || printf '# Repo\n' > "$p/AGENTS.md"
+  printf '%s' '{"schema_version":"1.0","task_slug":"false-done","status":"in_progress","phase":"verification","updated_at":"2026-06-18T00:00:00Z","next_action":{"status":"continue","summary":"Make the failing tests pass."}}' > "$p/.flow-agents/false-done/state.json"
+  printf '%s' '{"schema_version":"1.0","task_slug":"false-done","verdict":"fail","checks":[{"id":"unit-tests","kind":"test","status":"fail","summary":"3 unit tests still failing"}]}' > "$p/.flow-agents/false-done/evidence.json"
+  cat > "$p/.flow-agents/false-done/false-done--deliver.md" <<'MD'
+# False Done
+
+branch: main
+status: executing
+type: deliver
+
+## Definition Of Done
+- [x] all unit tests pass
+
+## Goal Fit Gate
+- [x] acceptance criteria verified
+
+### Verdict: PASS
+MD
+}
+
+seed_active_resume(){ # $1 project dir — active in_progress task with a concrete next step
+  local p="$1"; mkdir -p "$p/.flow-agents/resume-task"
+  [ -f "$p/AGENTS.md" ] || printf '# Repo\n' > "$p/AGENTS.md"
+  printf '%s' '{"schema_version":"1.0","task_slug":"resume-task","status":"in_progress","phase":"execution","updated_at":"2026-06-18T00:00:00Z","next_action":{"status":"continue","summary":"Create a file named RESUMED.txt containing the word resumed.","target_phase":"verification"}}' > "$p/.flow-agents/resume-task/state.json"
+}
+
+is_block(){ grep -q '"decision":"block"'; }
+has_reground(){ # stdin = adapter json; assert additionalContext re-grounds the goal
+  python3 -c "import json,sys
+d=json.load(sys.stdin); ctx=d.get('hookSpecificOutput',{}).get('additionalContext','')
+sys.exit(0 if ('STATE:' in ctx and 'resume-task' in ctx and 'RESUMED.txt' in ctx) else 1)"
+}
+
+run_bundle(){ # $1 label, $2 install.sh, $3 settings-json-rel, $4 home-env-name
+  local label="$1" installer="$2" cfgrel="$3" homevar="$4"
+  echo ""
+  echo "── $label: shipped bundle install ──"
+  local home proj
+  home="$(mktemp -d)"; proj="$(mktemp -d)"
+  bash "$installer" "$home" >/dev/null 2>&1 || { _f "$label install.sh failed"; return; }
+  local cfg="$home/$cfgrel"
+  [ -f "$cfg" ] || { _f "$label config not found at $cfgrel after install"; return; }
+  [ -f "$home/scripts/hooks/stop-goal-fit.js" ] || { _f "$label bundle missing scripts/hooks after install"; return; }
+
+  # --- Teeth 1: false-completion block ---
+  seed_false_completion "$proj"
+  local stopcmd; stopcmd="$(hook_cmd "$cfg" Stop stop-goal-fit)"
+  [ -n "$stopcmd" ] || { _f "$label: no Stop stop-goal-fit hook in shipped config"; return; }
+  local blk; blk="$(printf '{"hook_event_name":"Stop","cwd":"%s"}' "$proj" | env "$homevar=$home" CLAUDE_PROJECT_DIR="$home" bash -c "$stopcmd" 2>/dev/null)"
+  echo "$blk" | is_block && _p "$label BLOCKS false completion by default (evidence=fail vs markdown PASS)" || _f "$label did NOT block: $blk"
+  # control: warn mode must pass through
+  local wrn; wrn="$(printf '{"hook_event_name":"Stop","cwd":"%s"}' "$proj" | env "$homevar=$home" CLAUDE_PROJECT_DIR="$home" FLOW_AGENTS_GOAL_FIT_MODE=warn bash -c "$stopcmd" 2>/dev/null)"
+  echo "$wrn" | is_block && _f "$label warn-mode override should NOT block" || _p "$label warn-mode override passes through (control)"
+
+  # --- Teeth 2: re-ground active goal on SessionStart ---
+  local sscmd; sscmd="$(hook_cmd "$cfg" SessionStart workflow-steering)"
+  [ -n "$sscmd" ] || { _f "$label: no SessionStart workflow-steering hook in shipped config"; return; }
+  seed_active_resume "$proj"
+  local rg; rg="$(printf '{"hook_event_name":"SessionStart","cwd":"%s","source":"compact"}' "$proj" | env "$homevar=$home" CLAUDE_PROJECT_DIR="$home" bash -c "$sscmd" 2>/dev/null)"
+  echo "$rg" | has_reground && _p "$label RE-GROUNDS the active goal on SessionStart (goal + next step survive compaction)" || _f "$label SessionStart did not re-ground: $rg"
+}
+
+run_bundle "Claude Code" "$ROOT/dist/claude-code/install.sh" ".claude/settings.json" "CLAUDE_PROJECT_DIR"
+run_bundle "Codex"       "$ROOT/dist/codex/install.sh"       ".codex/hooks.json"     "CODEX_HOME"
+
+echo ""
+echo "──────────────────────────────────"
+echo "prove-teeth: $pass passed, $fail failed"
+[ "$fail" -eq 0 ] && echo "PROOF: shipped Claude Code + Codex bundles enforce goal-fit and re-ground on compaction." || true
+exit $([ "$fail" -eq 0 ] && echo 0 || echo 1)

package/evals/ci/antigaming-suite.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+# Anti-gaming + trust regression suite — the tests that prove the gate, the CI
+# anchor, and their protections actually work. These MUST run in a required CI
+# lane so that weakening the gate code (stop-goal-fit.js, trust-reconcile.js,
+# config-protection.js, evidence-capture.js, flow-resolver.ts, the producer) is
+# caught: if any of these fail, the lane goes red and the change cannot merge.
+#
+# Convergence red-team (Round 5/7) found these ran in NO required check, so an
+# agent could edit the gate and the proof-tests never ran. This closes that.
+set -uo pipefail
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+cd "$ROOT_DIR"
+
+TESTS=(
+  "evals/acceptance/prove-capture-teeth.sh"
+  "evals/acceptance/prove-capture-teeth-declared.sh"
+  "evals/integration/test_gate_lockdown.sh"
+  "evals/integration/test_gate_bypass_chain.sh"
+  "evals/integration/test_reconcile_soundness.sh"
+  "evals/integration/test_captured_fail_reconciliation.sh"
+  "evals/integration/test_command_log_integrity.sh"
+  "evals/integration/test_resolvefirststep_security.sh"
+  "evals/integration/test_enforcer_expects_driven.sh"
+  "evals/integration/test_goal_fit_rederive.sh"
+  "evals/integration/test_flowdef_session_activation.sh"
+  "evals/integration/test_trust_reconcile.sh"
+  "evals/integration/test_trust_checkpoint.sh"
+  "evals/integration/test_checkpoint_signing.sh"
+  "evals/integration/test_mint_attestation.sh"
+  "evals/integration/test_publish_delivery.sh"
+  "evals/integration/test_phase_map_and_gate_claim.sh"
+)
+
+fail=0
+for t in "${TESTS[@]}"; do
+  if [[ ! -f "$t" ]]; then
+    echo "MISSING anti-gaming test: $t — refusing to pass (a removed regression test is a red flag)"
+    fail=1
+    continue
+  fi
+  echo "=== anti-gaming: $t ==="
+  if bash "$t"; then
+    echo "  PASS: $t"
+  else
+    echo "  FAIL: $t"
+    fail=1
+  fi
+done
+
+if [[ "$fail" -ne 0 ]]; then
+  echo "ANTI-GAMING SUITE FAILED — the gate / CI anchor / protections regressed or a regression test was removed."
+  exit 1
+fi
+echo "ANTI-GAMING SUITE PASSED (${#TESTS[@]} tests)."

package/evals/ci/run-baseline.sh

@@ -39,6 +39,7 @@ CHECKS=(
   "Telemetry doctor integration|bash evals/integration/test_telemetry_doctor.sh"
   "Utterance check integration|bash evals/integration/test_utterance_check.sh"
   "Pull work provider integration|bash evals/integration/test_pull_work_provider.sh"
+  "Anti-gaming and trust suite|bash evals/ci/antigaming-suite.sh"
   "Usage feedback import integration|bash evals/integration/test_usage_feedback_import.sh"
   "Usage feedback outcomes integration|bash evals/integration/test_usage_feedback_outcomes.sh"
   "Usage feedback report integration|bash evals/integration/test_usage_feedback_report.sh"
@@ -82,6 +83,7 @@ LANE_RUNTIME_AND_KIT=(
   "Telemetry doctor integration"
   "Utterance check integration"
   "Pull work provider integration"
+  "Anti-gaming and trust suite"
 )
 
 LANE_USAGE_FEEDBACK=(

package/evals/fixtures/flow-kit-repository/invalid-missing-extension-asset/flows/review.flow.json

@@ -0,0 +1,26 @@
+{
+  "id": "missing.extension.asset.review",
+  "version": "1.0",
+  "steps": [
+    { "id": "review", "next": "done" },
+    { "id": "done", "next": null }
+  ],
+  "gates": {
+    "review-gate": {
+      "step": "review",
+      "expects": [
+        {
+          "id": "review-evidence",
+          "kind": "trust.bundle",
+          "required": true,
+          "description": "Review evidence has been recorded.",
+          "bundle_claim": {
+            "claimType": "example.review.evidence",
+            "subjectType": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    }
+  }
+}