@kontourai/flow-agents 1.3.0 → 2.0.0

package/evals/integration/test_claim_lookup.sh

@@ -0,0 +1,352 @@
+#!/usr/bin/env bash
+# test_claim_lookup.sh — Integration tests for the `claim` subcommand (#162).
+#
+# Verifies:
+#   AC1: status + value + failing evidence (with execution block) + policy + derivation drilldown
+#   AC1: --json flag emits structured ClaimExplanation object
+#   AC1: unknown claim id exits 1 with clear error listing available ids
+#   AC1: missing bundle exits 1 with clear error
+#   AC3: gate-hint in stop-goal-fit.js disputed warning contains workflow:sidecar -- claim
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+source "$ROOT/evals/lib/node.sh"
+
+TMPDIR_EVAL="$(mktemp -d)"
+errors=0
+
+cleanup() { rm -rf "$TMPDIR_EVAL"; }
+trap cleanup EXIT
+
+_pass() { echo "  ✓ $1"; }
+_fail() { echo "  ✗ $1"; errors=$((errors + 1)); }
+
+echo "=== Claim Lookup Tests (issue #162) ==="
+
+# ── helpers ──────────────────────────────────────────────────────────────────
+
+jq_node() {
+  local file="$1"; local expr="$2"
+  node -e "
+const d=JSON.parse(require('fs').readFileSync('${file}','utf8'));
+const r=(${expr})(d);
+if(r===undefined||r===null){process.exit(2);}
+if(typeof r==='boolean'||typeof r==='number'||typeof r==='string'){
+  process.stdout.write(String(r)+'\n');
+}else{
+  process.stdout.write(JSON.stringify(r)+'\n');
+}"
+}
+
+# Seed a trust.bundle with a DISPUTED claim including a failing execution block and a policy.
+seed_disputed_bundle() {
+  local dir="$1" slug="$2"
+  local ts="2026-06-25T00:00:00Z"
+  local claimId="${slug}/unit-tests.flow-agents.workflow.unit tests pass"
+  mkdir -p "$dir"
+  cat > "$dir/trust.bundle" <<JSON
+{
+  "schemaVersion": 3,
+  "source": "claim-lookup-test;statusFunctionVersion=1",
+  "claims": [
+    {
+      "id": "$claimId",
+      "subjectType": "workflow-check",
+      "subjectId": "${slug}/unit-tests",
+      "surface": "flow-agents.workflow",
+      "claimType": "workflow.check.test",
+      "fieldOrBehavior": "unit tests pass",
+      "value": "fail",
+      "status": "disputed",
+      "impactLevel": "high",
+      "verificationPolicyId": "policy:workflow.check.test",
+      "createdAt": "$ts",
+      "updatedAt": "$ts"
+    }
+  ],
+  "evidence": [
+    {
+      "id": "ev:${claimId}",
+      "claimId": "${claimId}",
+      "evidenceType": "test_output",
+      "label": "npm test output",
+      "method": "validation",
+      "excerptOrSummary": "8 tests failed",
+      "status": "disputed",
+      "execution": {
+        "runner": "npm test",
+        "label": "npm test",
+        "isError": true,
+        "exitCode": 1
+      },
+      "sourceRef": "command-log.jsonl",
+      "createdAt": "$ts"
+    }
+  ],
+  "events": [
+    {
+      "id": "evt:${claimId}",
+      "claimId": "${claimId}",
+      "status": "disputed",
+      "actor": "test",
+      "method": "validation",
+      "evidenceIds": ["ev:${claimId}"],
+      "createdAt": "$ts",
+      "verifiedAt": "$ts"
+    }
+  ],
+  "policies": [
+    {
+      "id": "policy:workflow.check.test",
+      "claimType": "workflow.check.test",
+      "requiredEvidence": ["test_output"],
+      "requiredMethods": ["validation"],
+      "acceptanceCriteria": ["A verified verification event must support a workflow.check.test claim."],
+      "reviewAuthority": "system",
+      "validityRule": { "kind": "manual" },
+      "stalenessTriggers": [],
+      "conflictRules": [],
+      "impactLevel": "high"
+    }
+  ]
+}
+JSON
+}
+
+# ── Test 1: AC1 — text output has status + value + evidence + policy + drilldown ──
+
+echo ""
+echo "── Test 1: text output (status + evidence + policy + drilldown) ──"
+
+AC1_DIR="$TMPDIR_EVAL/ac1"
+AC1_SLUG="claim-lookup-ac1"
+seed_disputed_bundle "$AC1_DIR" "$AC1_SLUG"
+AC1_CLAIM_ID="${AC1_SLUG}/unit-tests.flow-agents.workflow.unit tests pass"
+
+AC1_OUT="$TMPDIR_EVAL/ac1.out"
+if flow_agents_node workflow-sidecar claim "$AC1_CLAIM_ID" "$AC1_DIR" >"$AC1_OUT" 2>&1; then
+  _pass "AC1: claim command exits 0 for known disputed claim"
+else
+  _fail "AC1: claim command failed: $(cat "$AC1_OUT")"
+fi
+
+if grep -q "Status: disputed" "$AC1_OUT"; then
+  _pass "AC1: output contains derived status (disputed)"
+else
+  _fail "AC1: output missing derived status: $(head -3 "$AC1_OUT")"
+fi
+
+if grep -q "Value: fail" "$AC1_OUT"; then
+  _pass "AC1: output contains raw value"
+else
+  _fail "AC1: output missing value"
+fi
+
+if grep -q "exitCode: 1" "$AC1_OUT" && grep -q "isError: true" "$AC1_OUT"; then
+  _pass "AC1: failing evidence execution block shown (exitCode + isError)"
+else
+  _fail "AC1: execution block missing from evidence output: $(grep -i "exitCode\|isError\|Evidence" "$AC1_OUT" || echo '(not found)')"
+fi
+
+if grep -q "Governing Policy (policy:workflow.check.test)" "$AC1_OUT"; then
+  _pass "AC1: governing policy section present"
+else
+  _fail "AC1: governing policy section missing"
+fi
+
+if grep -q "requiredEvidence:" "$AC1_OUT" && grep -q "acceptanceCriteria:" "$AC1_OUT" && grep -q "reviewAuthority:" "$AC1_OUT"; then
+  _pass "AC1: policy fields (requiredEvidence, acceptanceCriteria, reviewAuthority) present"
+else
+  _fail "AC1: policy fields incomplete: $(grep -E "required|acceptance|review" "$AC1_OUT" || echo '(not found)')"
+fi
+
+if grep -q "Derivation Drilldown:" "$AC1_OUT"; then
+  _pass "AC1: derivation drilldown section present"
+else
+  _fail "AC1: derivation drilldown section missing"
+fi
+
+# ── Test 2: AC1 — --json flag emits structured ClaimExplanation ──
+
+echo ""
+echo "── Test 2: --json flag emits structured ClaimExplanation object ──"
+
+AC2_JSON="$TMPDIR_EVAL/ac1.json"
+if flow_agents_node workflow-sidecar claim "$AC1_CLAIM_ID" "$AC1_DIR" --json >"$AC2_JSON" 2>&1; then
+  _pass "AC2: --json exits 0"
+else
+  _fail "AC2: --json failed: $(cat "$AC2_JSON")"
+fi
+
+# Validate JSON structure
+FOUND="$(jq_node "$AC2_JSON" 'd => d.found' 2>/dev/null || echo '')"
+STATUS="$(jq_node "$AC2_JSON" 'd => d.status' 2>/dev/null || echo '')"
+VALUE="$(jq_node "$AC2_JSON" 'd => d.value' 2>/dev/null || echo '')"
+HAS_POLICY="$(jq_node "$AC2_JSON" 'd => d.policy !== null && d.policy.id !== undefined' 2>/dev/null || echo '')"
+EVIDENCE_LEN="$(jq_node "$AC2_JSON" 'd => d.evidence.length' 2>/dev/null || echo '')"
+EXEC_EXITCODE="$(jq_node "$AC2_JSON" 'd => d.evidence[0] && d.evidence[0].execution && d.evidence[0].execution.exitCode' 2>/dev/null || echo '')"
+HAS_WHY="$(jq_node "$AC2_JSON" 'd => typeof d.why === "object" && d.why !== null' 2>/dev/null || echo '')"
+
+[[ "$FOUND" == "true" ]] && _pass "AC2: found=true in JSON" || _fail "AC2: expected found=true, got '$FOUND'"
+[[ "$STATUS" == "disputed" ]] && _pass "AC2: status=disputed in JSON" || _fail "AC2: expected status=disputed, got '$STATUS'"
+[[ "$VALUE" == "fail" ]] && _pass "AC2: value=fail in JSON" || _fail "AC2: expected value=fail, got '$VALUE'"
+[[ "$HAS_POLICY" == "true" ]] && _pass "AC2: policy object present in JSON" || _fail "AC2: policy missing: $HAS_POLICY"
+[[ "$EVIDENCE_LEN" == "1" ]] && _pass "AC2: evidence array has 1 item" || _fail "AC2: expected 1 evidence item, got '$EVIDENCE_LEN'"
+[[ "$EXEC_EXITCODE" == "1" ]] && _pass "AC2: evidence[0].execution.exitCode=1 in JSON" || _fail "AC2: expected exitCode=1, got '$EXEC_EXITCODE'"
+[[ "$HAS_WHY" == "true" ]] && _pass "AC2: why object present in JSON" || _fail "AC2: why object missing"
+
+# ── Test 3: AC1 — unknown id exits 1 with clear error listing available ids ──
+
+echo ""
+echo "── Test 3: unknown claim id → clear error + list of available ids ──"
+
+AC3_OUT="$TMPDIR_EVAL/ac3.out"
+if flow_agents_node workflow-sidecar claim "nonexistent-claim-id" "$AC1_DIR" >"$AC3_OUT" 2>&1; then
+  _fail "AC3: expected exit 1 for unknown claim id but got 0"
+else
+  _pass "AC3: exits 1 for unknown claim id"
+fi
+
+if grep -q "unknown claim id: nonexistent-claim-id" "$AC3_OUT"; then
+  _pass "AC3: error message names the unknown id"
+else
+  _fail "AC3: error message missing id: $(cat "$AC3_OUT")"
+fi
+
+if grep -q "Available claim ids" "$AC3_OUT"; then
+  _pass "AC3: error lists available claim ids"
+else
+  _fail "AC3: error does not list available ids: $(cat "$AC3_OUT")"
+fi
+
+# ── Test 4: AC1 — missing bundle exits 1 ──
+
+echo ""
+echo "── Test 4: missing bundle → clear error ──"
+
+AC4_OUT="$TMPDIR_EVAL/ac4.out"
+if flow_agents_node workflow-sidecar claim "any-id" "$TMPDIR_EVAL/nonexistent" >"$AC4_OUT" 2>&1; then
+  _fail "AC4: expected exit 1 for missing bundle but got 0"
+else
+  _pass "AC4: exits 1 for missing bundle"
+fi
+
+if grep -q "no trust.bundle at" "$AC4_OUT"; then
+  _pass "AC4: error message mentions missing trust.bundle"
+else
+  _fail "AC4: error message missing: $(cat "$AC4_OUT")"
+fi
+
+# ── Test 5: AC3 — gate-hint in stop-goal-fit.js warning ──
+# Use a bundle with an acceptance criterion claim (not a check claim) so the
+# bundleEnforcement warning is not deduplicated by captureCrossReference.
+# FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip prevents backstop re-runs for hermeticity.
+
+echo ""
+echo "── Test 5: gate-hint appears in stop-goal-fit.js disputed warning ──"
+
+AC5_PROJ="$TMPDIR_EVAL/gate-hint-proj"
+AC5_SLUG="gate-hint-test"
+AC5_DIR="$AC5_PROJ/.flow-agents/$AC5_SLUG"
+mkdir -p "$AC5_DIR"
+
+# Write a minimal bundle with a disputed acceptance criterion claim.
+# Using workflow.acceptance.criterion (not workflow.check.*) so the subjectId
+# won't match any evidence check id and bundleEnforcement won't be deduped.
+cat > "$AC5_DIR/trust.bundle" <<'BUNDLE'
+{
+  "schemaVersion": 3,
+  "source": "claim-lookup-test",
+  "claims": [
+    {
+      "id": "gate-hint-test/AC1.flow-agents.workflow.acceptance criterion verified",
+      "subjectType": "workflow-criterion",
+      "subjectId": "gate-hint-test/AC1",
+      "surface": "flow-agents.workflow",
+      "claimType": "workflow.acceptance.criterion",
+      "fieldOrBehavior": "acceptance criterion verified",
+      "value": "fail",
+      "status": "disputed",
+      "impactLevel": "high",
+      "verificationPolicyId": "policy:workflow.acceptance.criterion",
+      "createdAt": "2026-06-25T00:00:00Z",
+      "updatedAt": "2026-06-25T00:00:00Z"
+    }
+  ],
+  "evidence": [],
+  "events": [
+    {
+      "id": "evt:gate-hint-test/AC1",
+      "claimId": "gate-hint-test/AC1.flow-agents.workflow.acceptance criterion verified",
+      "status": "disputed",
+      "actor": "test",
+      "method": "validation",
+      "evidenceIds": [],
+      "createdAt": "2026-06-25T00:00:00Z",
+      "verifiedAt": "2026-06-25T00:00:00Z"
+    }
+  ],
+  "policies": [
+    {
+      "id": "policy:workflow.acceptance.criterion",
+      "claimType": "workflow.acceptance.criterion",
+      "requiredEvidence": ["human_attestation"],
+      "acceptanceCriteria": ["A criterion must have a verified event."],
+      "reviewAuthority": "system",
+      "validityRule": { "kind": "manual" },
+      "stalenessTriggers": [],
+      "conflictRules": [],
+      "impactLevel": "high"
+    }
+  ]
+}
+BUNDLE
+
+cat > "$AC5_DIR/state.json" <<'JSON'
+{"schema_version":"1.0","task_slug":"gate-hint-test","status":"delivered","phase":"done","updated_at":"2026-06-25T00:00:00Z","next_action":{"status":"done","summary":"done"}}
+JSON
+
+cat > "$AC5_DIR/gate-hint-test--deliver.md" <<'MD'
+# Gate Hint Test
+
+branch: main
+status: delivered
+type: deliver
+
+## Definition Of Done
+- [x] all tests pass
+
+## Goal Fit Gate
+- [x] criteria verified
+
+### Verdict: PASS
+MD
+
+AC5_OUT="$TMPDIR_EVAL/ac5.out"
+# FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip prevents backstop re-runs for hermeticity.
+printf '{"hook_event_name":"Stop","cwd":"%s"}' "$AC5_PROJ" \
+  | FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip node "$ROOT/scripts/hooks/stop-goal-fit.js" >"$AC5_OUT" 2>&1 || true
+
+if grep -q "workflow:sidecar -- claim" "$AC5_OUT"; then
+  _pass "AC5: gate-hint 'workflow:sidecar -- claim' appears in stop-goal-fit output"
+else
+  _fail "AC5: gate-hint missing from stop-goal-fit output: $(cat "$AC5_OUT")"
+fi
+
+if grep -q "trust.bundle claim disputed" "$AC5_OUT"; then
+  _pass "AC5: disputed warning present in stop-goal-fit output"
+else
+  _fail "AC5: disputed warning missing: $(cat "$AC5_OUT")"
+fi
+
+# ── Results ──────────────────────────────────────────────────────────────────
+
+echo ""
+echo "──────────────────────────────────"
+echo "claim lookup tests: $((errors)) failed"
+if [[ "$errors" -eq 0 ]]; then
+  echo "ALL PASSED"
+  exit 0
+else
+  exit 1
+fi

package/evals/integration/test_command_log_integrity.sh

@@ -0,0 +1,275 @@
+#!/usr/bin/env bash
+# test_command_log_integrity.sh — Hash-chain tamper-evidence for command-log.jsonl (Increment B2)
+#
+# Proves that command-log.jsonl's hash-chain makes alteration DETECTABLE:
+#   1. Altered entry (flip exitCode/observedResult without fixing hash) → broken → gate blocks.
+#   2. Removed/reordered entry → linkage breaks → broken → gate blocks.
+#   3. Legit untampered chain → ok → normal behavior; genuine fail still caught.
+#   4. Legacy unchained log (pre-B2) → legacy → existing behavior unchanged.
+#
+# HONEST FRAMING (in comments and code): this is tamper-EVIDENCE, not tamper-PROOF.
+# An agent that recomputes the whole chain can forge a valid chain. The real
+# tamper-proof boundary is the signed checkpoint (B1, already merged). This chain
+# raises the local bar and catches casual/accidental tampering and corruption.
+#
+# Usage: bash evals/integration/test_command_log_integrity.sh
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+CAPTURE="$ROOT/scripts/hooks/evidence-capture.js"
+GATE="$ROOT/scripts/hooks/stop-goal-fit.js"
+
+export FLOW_AGENTS_GOAL_FIT_MAX_BLOCKS=100000
+
+TMP="$(mktemp -d)"
+errors=0
+_pass() { echo "  ✓ $1"; }
+_fail() { echo "  ✗ $1"; errors=$((errors + 1)); }
+
+cleanup() { rm -rf "$TMP"; }
+trap cleanup EXIT
+
+# ── helper: seed a minimal delivered workflow artifact ────────────────────────
+seed_repo() { # $1=dir $2=slug
+  local p="$1" slug="$2"
+  mkdir -p "$p/.flow-agents/$slug"
+  printf '# Repo\n' > "$p/AGENTS.md"
+  printf '%s' "{\"schema_version\":\"1.0\",\"task_slug\":\"$slug\",\"status\":\"delivered\",\"phase\":\"done\",\"updated_at\":\"2026-06-23T00:00:00Z\",\"next_action\":{\"status\":\"done\",\"summary\":\"done\"}}" \
+    > "$p/.flow-agents/$slug/state.json"
+  cat > "$p/.flow-agents/$slug/$slug--deliver.md" << MD
+# $slug
+
+branch: main
+status: delivered
+type: deliver
+
+## Definition Of Done
+- [x] tests pass
+
+## Goal Fit Gate
+- [x] acceptance verified
+
+### Verdict: PASS
+MD
+}
+
+# Write two chained entries to command-log.jsonl via evidence-capture.js.
+# Returns the log file path.
+write_chained_log() { # $1=repo_dir $2=slug
+  local p="$1" slug="$2"
+  # Entry 0: npm test passes
+  printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"npm test"},"tool_response":{"exitCode":0,"stdout":"ok"}}' "$p" \
+    | node "$CAPTURE" >/dev/null 2>&1
+  # Entry 1: npm run lint FAILS
+  printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"npm run lint"},"tool_response":{"exitCode":1,"stderr":"lint errors"}}' "$p" \
+    | node "$CAPTURE" >/dev/null 2>&1
+}
+
+# ─── Test 1: altered entry detected (flip exitCode/observedResult, keep old hash) ──────
+echo "Test 1: altered entry (flip fail→pass without fixing hash) → broken → gate blocks"
+
+T1="$TMP/t1"; seed_repo "$T1" t1
+write_chained_log "$T1" t1
+
+LOG="$T1/.flow-agents/t1/command-log.jsonl"
+
+if [[ -f "$LOG" ]]; then _pass "T1: command-log.jsonl written"; else _fail "T1: command-log.jsonl missing"; fi
+
+# Verify clean chain (before tamper)
+chain_status=$(node -e "const g = require('$GATE'); const r = g.verifyCommandLogChain('$T1/.flow-agents/t1'); console.log(r.status);")
+if [[ "$chain_status" == "ok" ]]; then
+  _pass "T1: untampered chain verifies as ok"
+else
+  _fail "T1: expected ok, got $chain_status"
+fi
+
+# Tamper: flip entry 1 (lint, FAIL) to look like a PASS — change exitCode and observedResult
+# but do NOT update _chain.hash → chain is broken.
+python3 - "$LOG" << 'PY'
+import json, sys
+lines = open(sys.argv[1]).read().strip().split('\n')
+e1 = json.loads(lines[1])
+e1['exitCode'] = 0          # hide the failure
+e1['observedResult'] = 'pass'  # claim it passed
+# _chain.hash is NOT updated — deliberate, this is the tamper
+lines[1] = json.dumps(e1)
+open(sys.argv[1], 'w').write('\n'.join(lines) + '\n')
+PY
+
+# Verify broken chain
+chain_after=$(node -e "const g = require('$GATE'); const r = g.verifyCommandLogChain('$T1/.flow-agents/t1'); console.log(r.status + ':' + r.brokenAt);")
+if [[ "$chain_after" == "broken:1" ]]; then
+  _pass "T1: tampered entry detected → broken at entry 1"
+else
+  _fail "T1: expected broken:1, got $chain_after"
+fi
+
+# Seed evidence.json claiming npm test passed (the untampered entry)
+# The tampered entry (lint) was a FAIL flipped to PASS — so the log now shows a false pass.
+# Since chain is broken, gate should block with integrity warning and NOT trust log passes.
+printf '%s' '{"schema_version":"1.0","task_slug":"t1","verdict":"pass","checks":[{"id":"npm-test","kind":"command","status":"pass","command":"npm test","summary":"passed"}]}' \
+  > "$T1/.flow-agents/t1/evidence.json"
+
+set +e
+gate_out=$(FLOW_AGENTS_GOAL_FIT_MODE=block FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip \
+  node "$GATE" 2>&1 <<< "{\"hook_event_name\":\"Stop\",\"cwd\":\"$T1\"}")
+gate_exit=$?
+set -e
+
+if [[ "$gate_exit" -eq 2 ]]; then
+  _pass "T1: gate blocks (exit 2) when chain is broken"
+else
+  _fail "T1: gate should block on broken chain, exit=$gate_exit output=$gate_out"
+fi
+
+if echo "$gate_out" | grep -q "command-log integrity check FAILED"; then
+  _pass "T1: gate emits integrity-failure warning"
+else
+  _fail "T1: missing integrity-failure warning: $gate_out"
+fi
+
+if echo "$gate_out" | grep -q "NOT trusted"; then
+  _pass "T1: gate emits 'NOT trusted' signal for claimed passes"
+else
+  _fail "T1: missing NOT trusted signal: $gate_out"
+fi
+
+# ─── Test 2: removed/reordered entry detected ─────────────────────────────────────
+echo ""
+echo "Test 2: removed/reordered entry → linkage breaks → broken → gate flags it"
+
+T2="$TMP/t2"; seed_repo "$T2" t2
+write_chained_log "$T2" t2
+
+LOG2="$T2/.flow-agents/t2/command-log.jsonl"
+lines_before=$(wc -l < "$LOG2" | tr -d ' ')
+
+# Reorder: swap entry 0 and entry 1
+python3 - "$LOG2" << 'PY'
+import sys
+lines = open(sys.argv[1]).read().strip().split('\n')
+# swap
+lines[0], lines[1] = lines[1], lines[0]
+open(sys.argv[1], 'w').write('\n'.join(lines) + '\n')
+PY
+
+chain_reorder=$(node -e "const g = require('$GATE'); const r = g.verifyCommandLogChain('$T2/.flow-agents/t2'); console.log(r.status);")
+if [[ "$chain_reorder" == "broken" ]]; then
+  _pass "T2: reordered entries detected → broken"
+else
+  _fail "T2: expected broken on reorder, got $chain_reorder"
+fi
+
+# Test: delete middle entry (restore then delete entry 0 so entry 1's prevHash is wrong)
+write_chained_log "$T2" t2  # re-append fresh entries (now 4 total — but that's fine for test)
+# Write a fresh log with just 2 entries and then delete the first
+LOG2_FRESH="$T2/.flow-agents/t2/command-log.jsonl"
+python3 - "$LOG2_FRESH" << 'PY'
+import sys
+lines = [l for l in open(sys.argv[1]).read().strip().split('\n') if l.strip()]
+# Keep only the last 2 entries (fresh from second write_chained_log call above)
+last2 = lines[-2:]
+# Delete entry[0] of the last2 → only entry[1] remains, whose prevHash won't match genesis
+open(sys.argv[1], 'w').write(last2[1] + '\n')
+PY
+
+chain_delete=$(node -e "const g = require('$GATE'); const r = g.verifyCommandLogChain('$T2/.flow-agents/t2'); console.log(r.status);")
+if [[ "$chain_delete" == "broken" ]]; then
+  _pass "T2: removed predecessor entry detected → broken (prevHash mismatch)"
+else
+  _fail "T2: expected broken on removed predecessor, got $chain_delete"
+fi
+
+# ─── Test 3: legit untampered chain — ok — genuine fail still caught ─────────────────
+echo ""
+echo "Test 3: legit untampered chain → ok → genuine fail still caught (capture-teeth)"
+
+T3="$TMP/t3"; seed_repo "$T3" t3
+# Write entry 0 (pass) and entry 1 (fail)
+printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"npm test"},"tool_response":{"exitCode":0}}' "$T3" \
+  | node "$CAPTURE" >/dev/null 2>&1
+printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"npm run build"},"tool_response":{"exitCode":1}}' "$T3" \
+  | node "$CAPTURE" >/dev/null 2>&1
+
+chain_legit=$(node -e "const g = require('$GATE'); const r = g.verifyCommandLogChain('$T3/.flow-agents/t3'); console.log(r.status);")
+if [[ "$chain_legit" == "ok" ]]; then
+  _pass "T3: untampered chained log verifies ok"
+else
+  _fail "T3: expected ok, got $chain_legit"
+fi
+
+# Evidence claims npm run build passed (it actually failed → capture log shows fail → block)
+printf '%s' '{"schema_version":"1.0","task_slug":"t3","verdict":"pass","checks":[{"id":"build","kind":"command","status":"pass","command":"npm run build","summary":"build passed"}]}' \
+  > "$T3/.flow-agents/t3/evidence.json"
+
+set +e
+gate3_out=$(FLOW_AGENTS_GOAL_FIT_MODE=block FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip \
+  node "$GATE" 2>&1 <<< "{\"hook_event_name\":\"Stop\",\"cwd\":\"$T3\"}")
+gate3_exit=$?
+set -e
+
+if [[ "$gate3_exit" -eq 2 ]]; then
+  _pass "T3: gate blocks on genuine fail caught by capture log (ok chain, capture teeth active)"
+else
+  _fail "T3: gate should block on captured fail, exit=$gate3_exit output=$gate3_out"
+fi
+
+if echo "$gate3_out" | grep -q "capture log CONTRADICTS claimed pass"; then
+  _pass "T3: gate emits capture-log contradicts warning (genuine fail caught)"
+else
+  _fail "T3: missing capture-log contradicts warning: $gate3_out"
+fi
+
+if ! echo "$gate3_out" | grep -q "command-log integrity check FAILED"; then
+  _pass "T3: no false integrity-failure warning for untampered chain"
+else
+  _fail "T3: spurious integrity-failure warning emitted: $gate3_out"
+fi
+
+# ─── Test 4: backward-compat — legacy unchained log → legacy → existing behavior ────
+echo ""
+echo "Test 4: legacy unchained log (no _chain) → legacy → existing behavior unchanged"
+
+T4="$TMP/t4"; seed_repo "$T4" t4
+
+# Write a legacy-style log (no _chain field) — exactly like pre-B2 fixtures
+printf '%s\n' '{"command":"npm test","observedResult":"fail","exitCode":1,"capturedAt":"2026-06-23T00:00:00Z","source":"postToolUse-capture"}' \
+  > "$T4/.flow-agents/t4/command-log.jsonl"
+
+chain_legacy=$(node -e "const g = require('$GATE'); const r = g.verifyCommandLogChain('$T4/.flow-agents/t4'); console.log(r.status);")
+if [[ "$chain_legacy" == "legacy" ]]; then
+  _pass "T4: unchained (legacy) log returns legacy status"
+else
+  _fail "T4: expected legacy, got $chain_legacy"
+fi
+
+# Evidence claims npm test passed, but legacy log shows it failed → still blocks
+printf '%s' '{"schema_version":"1.0","task_slug":"t4","verdict":"pass","checks":[{"id":"unit-tests","kind":"command","status":"pass","command":"npm test","summary":"passed"}]}' \
+  > "$T4/.flow-agents/t4/evidence.json"
+
+set +e
+gate4_out=$(FLOW_AGENTS_GOAL_FIT_MODE=block FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip \
+  node "$GATE" 2>&1 <<< "{\"hook_event_name\":\"Stop\",\"cwd\":\"$T4\"}")
+gate4_exit=$?
+set -e
+
+if [[ "$gate4_exit" -eq 2 ]] && echo "$gate4_out" | grep -q "capture log CONTRADICTS"; then
+  _pass "T4: legacy log still catches false-completion (existing behavior preserved)"
+else
+  _fail "T4: legacy log failed to catch false-completion: exit=$gate4_exit output=$gate4_out"
+fi
+
+if ! echo "$gate4_out" | grep -q "command-log integrity check FAILED"; then
+  _pass "T4: no integrity-failure warning for legacy (unchained) log"
+else
+  _fail "T4: spurious integrity warning for legacy log: $gate4_out"
+fi
+
+# ─── Summary ─────────────────────────────────────────────────────────────────
+echo ""
+if [[ "$errors" -eq 0 ]]; then
+  echo "command-log integrity tests passed."
+  exit 0
+fi
+echo "command-log integrity tests FAILED: $errors issue(s)."
+exit 1

package/evals/integration/test_context_map.sh

@@ -38,10 +38,8 @@ for expected in \
   'Support Skills' \
   'Agents' \
   'Optional Powers' \
-  'Packs' \
   'Context Loading Rules' \
   'npm run context-map:check' \
-  'packaging/packs.json' \
   'workflow-release.schema.json' \
   'workflow-learning.schema.json' \
   'plan-work' \