@kontourai/flow-agents 1.3.0 → 2.0.0

package/evals/integration/test_evidence_capture_hook.sh

@@ -0,0 +1,185 @@
+#!/usr/bin/env bash
+# test_evidence_capture_hook.sh — Capture-first evidence determinism contracts.
+#
+# Part A: evidence-capture.js deterministically records command executions to
+#         .flow-agents/<slug>/command-log.jsonl (machine-recorded, not model-claimed).
+# Part B: stop-goal-fit.js cross-references evidence.json claimed-pass command
+#         checks against the capture log, and re-runs a TRUSTED backstop command
+#         only when the log has no execution for a claimed-pass command.
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+CAPTURE="$ROOT/scripts/hooks/evidence-capture.js"
+GATE="$ROOT/scripts/hooks/stop-goal-fit.js"
+
+# Disable the block escape hatch so repeated independent assertions never trip it.
+export FLOW_AGENTS_GOAL_FIT_MAX_BLOCKS=100000
+
+TMP="$(mktemp -d)"
+errors=0
+_pass() { echo "  ✓ $1"; }
+_fail() { echo "  ✗ $1"; errors=$((errors + 1)); }
+
+# ---- helpers -------------------------------------------------------------
+seed_repo() { # $1 dir, $2 slug
+  local p="$1" slug="$2"
+  mkdir -p "$p/.flow-agents/$slug"
+  printf '# Repo\n' > "$p/AGENTS.md"
+  printf '%s' "{\"schema_version\":\"1.0\",\"task_slug\":\"$slug\",\"status\":\"delivered\",\"phase\":\"done\",\"updated_at\":\"2026-06-23T00:00:00Z\",\"next_action\":{\"status\":\"done\",\"summary\":\"done\"}}" > "$p/.flow-agents/$slug/state.json"
+  cat > "$p/.flow-agents/$slug/$slug--deliver.md" <<MD
+# $slug
+
+branch: main
+status: delivered
+type: deliver
+
+## Definition Of Done
+- [x] tests pass
+
+## Goal Fit Gate
+- [x] acceptance verified
+
+### Verdict: PASS
+MD
+}
+
+capture() { # stdin = payload json
+  node "$CAPTURE" >/dev/null 2>&1
+}
+
+# ============================================================================
+# Part A — deterministic capture
+# ============================================================================
+A="$TMP/capture"; seed_repo "$A" t1
+echo "Part A: deterministic capture"
+
+printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"npm test"},"tool_response":{"exitCode":0,"stdout":"ok"}}' "$A" | capture
+printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"npm run lint"},"error":"command failed"}' "$A" | capture
+printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"make build"},"tool_response":{"exit_code":2}}' "$A" | capture
+# A non-command tool (Write) must NOT be captured.
+printf '{"hook_event_name":"PostToolUse","tool_name":"Write","cwd":"%s","tool_input":{"file_path":"/tmp/x"}}' "$A" | capture
+
+LOG="$A/.flow-agents/t1/command-log.jsonl"
+if [[ -f "$LOG" ]]; then _pass "capture writes command-log.jsonl"; else _fail "capture did not write command-log.jsonl"; fi
+
+lines=$(wc -l < "$LOG" | tr -d ' ')
+if [[ "$lines" == "3" ]]; then _pass "capture records 3 command executions (Write tool excluded)"; else _fail "expected 3 log lines, got $lines"; fi
+
+if rg -q '"command":"npm test","observedResult":"pass","exitCode":0' "$LOG"; then
+  _pass "clean exit 0 recorded as observedResult:pass exitCode:0"
+else _fail "passing command not recorded correctly: $(cat "$LOG")"; fi
+
+if rg -q '"command":"npm run lint","observedResult":"fail","exitCode":null' "$LOG"; then
+  _pass "error field with no exit code recorded as fail exitCode:null"
+else _fail "errored command not recorded correctly"; fi
+
+if rg -q '"command":"make build","observedResult":"fail","exitCode":2' "$LOG"; then
+  _pass "non-zero exit recorded as fail with exitCode"
+else _fail "non-zero-exit command not recorded correctly"; fi
+
+if rg -q '"source":"postToolUse-capture"' "$LOG"; then _pass "records source:postToolUse-capture"; else _fail "missing source field"; fi
+
+# Capture is non-blocking: it always exits 0 and echoes stdin.
+out=$(printf '{"hook_event_name":"PostToolUse","tool_name":"Bash","cwd":"%s","tool_input":{"command":"echo hi"},"error":"boom"}' "$A" | node "$CAPTURE"; echo "EXIT=$?")
+if rg -q 'EXIT=0' <<<"$out" && rg -q 'echo hi' <<<"$out"; then
+  _pass "capture is non-blocking (exit 0, echoes stdin) even on a failing command"
+else _fail "capture should be non-blocking and echo stdin"; fi
+
+# ============================================================================
+# Part B1 — gate cross-references log: claimed pass but log shows FAIL → block
+# ============================================================================
+echo "Part B1: log contradicts claimed pass → block"
+B="$TMP/contradict"; seed_repo "$B" t1
+printf '%s' '{"schema_version":"1.0","task_slug":"t1","verdict":"pass","checks":[{"id":"unit-tests","kind":"command","status":"pass","command":"npm test","summary":"tests passed"}]}' > "$B/.flow-agents/t1/evidence.json"
+printf '%s\n' '{"command":"npm test","observedResult":"fail","exitCode":1,"capturedAt":"2026-06-23T00:00:00Z","source":"postToolUse-capture"}' > "$B/.flow-agents/t1/command-log.jsonl"
+
+if FLOW_AGENTS_GOAL_FIT_MODE=block FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip node "$GATE" >/dev/null 2>"$TMP/b1.err" <<JSON
+{"hook_event_name":"Stop","cwd":"$B"}
+JSON
+then _fail "gate should BLOCK when capture log contradicts claimed pass"
+else
+  status=$?
+  if [[ "$status" -eq 2 ]] && rg -q 'capture log CONTRADICTS claimed pass' "$TMP/b1.err" && rg -q 'caught false-completion' "$TMP/b1.err"; then
+    _pass "gate blocks (exit 2) caught false-completion via capture log"
+  else _fail "gate returned unexpected result: status=$status output=$(cat "$TMP/b1.err")"; fi
+fi
+
+# ============================================================================
+# Part B2 — gate cross-references log: claimed pass and log shows PASS → no re-run
+# ============================================================================
+echo "Part B2: log confirms claimed pass → satisfied, no re-run"
+C="$TMP/confirm"; seed_repo "$C" t1
+printf '%s' '{"schema_version":"1.0","task_slug":"t1","verdict":"pass","checks":[{"id":"unit-tests","kind":"command","status":"pass","command":"npm test","summary":"tests passed"}]}' > "$C/.flow-agents/t1/evidence.json"
+printf '%s\n' '{"command":"npm test","observedResult":"pass","exitCode":0,"capturedAt":"2026-06-23T00:00:00Z","source":"postToolUse-capture"}' > "$C/.flow-agents/t1/command-log.jsonl"
+# A poisoned npm on PATH proves the gate does NOT re-run when the log confirms.
+POISON="$TMP/poison"; mkdir -p "$POISON"
+printf '#!/usr/bin/env bash\necho "npm should not run" >&2\nexit 99\n' > "$POISON/npm"; chmod +x "$POISON/npm"
+PATH="$POISON:$PATH" FLOW_AGENTS_GOAL_FIT_MODE=block node "$GATE" >/dev/null 2>"$TMP/b2.err" <<JSON
+{"hook_event_name":"Stop","cwd":"$C"}
+JSON
+if rg -q 'CONTRADICTS|backstop|npm should not run' "$TMP/b2.err"; then
+  _fail "gate should NOT re-run or warn when the capture log confirms the pass: $(cat "$TMP/b2.err")"
+else _pass "gate trusts the log on a confirmed pass and does not re-run the backstop"; fi
+
+# ============================================================================
+# Part B3 — never-captured claimed-pass command → trusted backstop re-run (declared manifest target FAILS) → block
+# ============================================================================
+echo "Part B3: never-captured claim → trusted manifest backstop catches a fail"
+D="$TMP/backstop"; seed_repo "$D" t1
+printf '%s' '{"name":"x","scripts":{"test":"exit 7"}}' > "$D/package.json"
+printf '%s' '{"schema_version":"1.0","task_slug":"t1","verdict":"pass","checks":[{"id":"unit-tests","kind":"command","status":"pass","command":"npm test","summary":"tests passed"}]}' > "$D/.flow-agents/t1/evidence.json"
+# command-log.jsonl intentionally absent — the command was never actually run.
+
+if FLOW_AGENTS_GOAL_FIT_MODE=block node "$GATE" >/dev/null 2>"$TMP/b3.err" <<JSON
+{"hook_event_name":"Stop","cwd":"$D"}
+JSON
+then _fail "gate should BLOCK when trusted backstop re-run of declared manifest target fails"
+else
+  status=$?
+  if [[ "$status" -eq 2 ]] && rg -q 'trusted backstop \(manifest\)' "$TMP/b3.err" && rg -q 'FAILED with exit 7' "$TMP/b3.err"; then
+    _pass "gate runs trusted declared manifest target as backstop and blocks on its failure"
+  else _fail "backstop did not catch declared-target failure: status=$status output=$(cat "$TMP/b3.err")"; fi
+fi
+
+# ============================================================================
+# Part B4 — never-captured claim, no trusted command resolves → NOT_VERIFIED (never a silent pass)
+# ============================================================================
+echo "Part B4: never-captured claim, nothing trusted resolves → NOT_VERIFIED"
+E="$TMP/notverified"; seed_repo "$E" t1
+printf '%s' '{"schema_version":"1.0","task_slug":"t1","verdict":"pass","checks":[{"id":"custom","kind":"command","status":"pass","command":"./my-thing.sh","summary":"ran custom"}]}' > "$E/.flow-agents/t1/evidence.json"
+
+if FLOW_AGENTS_GOAL_FIT_MODE=block node "$GATE" >/dev/null 2>"$TMP/b4.err" <<JSON
+{"hook_event_name":"Stop","cwd":"$E"}
+JSON
+then _fail "gate should not silently pass an un-captured, un-verifiable claimed-pass command"
+else
+  status=$?
+  if [[ "$status" -eq 2 ]] && rg -q 'NOT_VERIFIED' "$TMP/b4.err" && rg -q 'no trusted command' "$TMP/b4.err"; then
+    _pass "gate records NOT_VERIFIED (never a guess) when no trusted command resolves"
+  else _fail "NOT_VERIFIED path returned unexpected result: status=$status output=$(cat "$TMP/b4.err")"; fi
+fi
+
+# ============================================================================
+# Part B5 — arbitrary model command is opt-in only (FLOW_AGENTS_GOAL_FIT_RECHECK)
+# ============================================================================
+echo "Part B5: free-form model command re-run is opt-in only"
+F="$TMP/recheck"; seed_repo "$F" t1
+printf '%s' '{"schema_version":"1.0","task_slug":"t1","verdict":"pass","checks":[{"id":"custom","kind":"command","status":"pass","command":"exit 5","summary":"ran custom"}]}' > "$F/.flow-agents/t1/evidence.json"
+# Opt-in ON: the model's free-form "exit 5" is re-run and fails → block.
+if FLOW_AGENTS_GOAL_FIT_MODE=block FLOW_AGENTS_GOAL_FIT_RECHECK=true node "$GATE" >/dev/null 2>"$TMP/b5.err" <<JSON
+{"hook_event_name":"Stop","cwd":"$F"}
+JSON
+then _fail "with RECHECK=true the failing model command should block"
+else
+  status=$?
+  if [[ "$status" -eq 2 ]] && rg -q 'FLOW_AGENTS_GOAL_FIT_RECHECK' "$TMP/b5.err"; then
+    _pass "FLOW_AGENTS_GOAL_FIT_RECHECK=true opts into re-running the model's free-form command"
+  else _fail "recheck opt-in path returned unexpected result: status=$status output=$(cat "$TMP/b5.err")"; fi
+fi
+
+if [[ "$errors" -eq 0 ]]; then
+  echo "Evidence capture hook integration passed."
+  exit 0
+fi
+echo "Evidence capture hook integration failed: $errors issue(s)."
+exit 1

package/evals/integration/test_flow_kit_repository.sh

@@ -53,6 +53,7 @@ expect_fail() {
 
 echo "=== Flow Kit Repository Fixture Checks ==="
 expect_pass "valid-local-kit"
+expect_pass "valid-unknown-extension"
 expect_fail "invalid-schema-version" '\.schema_version must be "1\.0"'
 expect_fail "invalid-missing-schema-version" '\.schema_version must be "1\.0"'
 expect_fail "invalid-id" '\.id must be a kebab-case string'
@@ -63,6 +64,7 @@ expect_fail "invalid-absolute-path" 'flows\[0\]\.path must be relative'
 expect_fail "invalid-traversal" "flows\\[0\\]\\.path must not contain"
 expect_fail "invalid-malformed-json" 'invalid JSON'
 expect_fail "invalid-asset-section" '\.docs must be a list'
+expect_fail "invalid-missing-extension-asset" 'docs\[0\]\.path points at missing asset'
 expect_fail "invalid-duplicate-flow" "flows\\[1\\]\\.path duplicates"
 
 echo ""

package/evals/integration/test_flowdef_session_activation.sh

@@ -0,0 +1,273 @@
+#!/usr/bin/env bash
+# test_flowdef_session_activation.sh — Integration eval for ADR 0016 Step 1.
+#
+# Proves that ensure-session --flow-id builder.build activates the FlowDefinition-
+# driven path so producers fire, gates enforce on builder.* claims, and advance-state
+# correctly sets active_step_id via the phase_map at each phase.
+#
+# Tests:
+#   1. ensure-session --flow-id builder.build writes active_flow_id + default
+#      active_step_id (pull-work) to current.json.
+#   2. advance-state through phases (planning→execution→verification) sets correct
+#      active_step_id via phase_map at each transition.
+#   3. At the verify step, record-gate-claim for tests-evidence produces
+#      builder.verify.tests (status=verified) in the bundle — producer fires.
+#   4. A TAMPERED builder.verify.tests bundle at the verify step BLOCKS (exit 2)
+#      with the tamper warning naming the declared claimType.
+#   5. Fallback: session without --flow-id produces only workflow.* claims (the
+#      retained safety net for non-flow sessions).
+#
+# Deterministic, no model spend, self-cleaning.
+# Usage: bash evals/integration/test_flowdef_session_activation.sh
+
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+source "$ROOT/evals/lib/node.sh"
+GATE="$ROOT/scripts/hooks/stop-goal-fit.js"
+
+export FLOW_AGENTS_GOAL_FIT_MAX_BLOCKS=100000
+
+TMP="$(mktemp -d)"
+errors=0
+
+_pass() { echo "  ✓ $1"; }
+_fail() { echo "  ✗ $1"; errors=$((errors + 1)); }
+
+cleanup() { rm -rf "$TMP"; }
+trap cleanup EXIT
+
+WRITER="workflow-sidecar"
+
+# ─── TEST 1: ensure-session --flow-id activates the flow ─────────────────────
+echo ""
+echo "=== 1. ensure-session --flow-id builder.build activates FlowDefinition-driven path ==="
+
+MAIN_AROOT="$TMP/main-aroot"
+SLUG="activation-test"
+SESSION_DIR="$MAIN_AROOT/$SLUG"
+mkdir -p "$MAIN_AROOT"
+
+flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$MAIN_AROOT" \
+  --task-slug "$SLUG" \
+  --title "Step 1 activation test" \
+  --summary "Test that --flow-id builder.build activates the FlowDefinition-driven path." \
+  --criterion "All gates produce declared claims" \
+  --flow-id builder.build \
+  --timestamp "2026-06-01T00:00:00Z" >/dev/null 2>&1
+
+node -e "
+const fs = require('fs');
+const c = JSON.parse(fs.readFileSync('$MAIN_AROOT/current.json', 'utf8'));
+if (c.active_flow_id !== 'builder.build') throw new Error('expected active_flow_id=builder.build, got ' + c.active_flow_id);
+if (!c.active_step_id) throw new Error('expected active_step_id to be set (first step default), got ' + c.active_step_id);
+console.log('current.json: active_flow_id=' + c.active_flow_id + ' active_step_id=' + c.active_step_id);
+" 2>&1 \
+  && _pass "ensure-session --flow-id builder.build writes active_flow_id + default active_step_id to current.json" \
+  || _fail "ensure-session --flow-id builder.build did NOT write active_flow_id to current.json"
+
+# ─── TEST 2: advance-state sets active_step_id via phase_map ─────────────────
+echo ""
+echo "=== 2. advance-state through phases sets active_step_id via phase_map ==="
+
+flow_agents_node "$WRITER" init-plan "$SESSION_DIR/$SLUG--deliver.md" \
+  --source-request "Test" --summary "Testing" \
+  --timestamp "2026-06-01T00:00:30Z" >/dev/null 2>&1
+
+test_phase_step() {
+  local phase="$1" expected_step="$2"
+  flow_agents_node "$WRITER" advance-state "$SESSION_DIR" \
+    --status in_progress --phase "$phase" \
+    --summary "Testing phase $phase." \
+    --next-action "Continue." \
+    --flow-definition builder.build \
+    --timestamp "2026-06-01T00:01:00Z" >/dev/null 2>&1
+  local actual
+  actual=$(node -e "
+    const fs = require('fs');
+    const c = JSON.parse(fs.readFileSync('$MAIN_AROOT/current.json', 'utf8'));
+    console.log(c.active_step_id || '');
+  " 2>/dev/null)
+  if [ "$actual" = "$expected_step" ]; then
+    _pass "advance-state phase=$phase → active_step_id=$expected_step"
+  else
+    _fail "advance-state phase=$phase → got active_step_id=$actual (expected $expected_step)"
+  fi
+}
+
+test_phase_step "planning"     "plan"
+test_phase_step "execution"    "execute"
+test_phase_step "verification" "verify"
+
+# ─── TEST 3: at verify step, record-gate-claim produces builder.verify.tests ──
+echo ""
+echo "=== 3. verify step: producer fires — record-gate-claim produces builder.verify.tests ==="
+
+if flow_agents_node "$WRITER" record-gate-claim "$SESSION_DIR" \
+  --status pass \
+  --summary "All tests pass." \
+  --expectation "tests-evidence" \
+  --timestamp "2026-06-01T00:02:00Z" >/dev/null 2>&1; then
+  _pass "record-gate-claim at verify step succeeds (expectation=tests-evidence)"
+else
+  _fail "record-gate-claim at verify step FAILED"
+fi
+
+node -e "
+const fs = require('fs');
+const bundlePath = '$SESSION_DIR/trust.bundle';
+if (!fs.existsSync(bundlePath)) throw new Error('trust.bundle not found');
+const bundle = JSON.parse(fs.readFileSync(bundlePath, 'utf8'));
+const declared = (bundle.claims || []).find(c => c.claimType === 'builder.verify.tests');
+if (!declared) throw new Error('MISSING builder.verify.tests; claims: ' + (bundle.claims||[]).map(c=>c.claimType).join(', '));
+if (declared.status !== 'verified') throw new Error('expected status=verified, got ' + declared.status);
+console.log('builder.verify.tests: subjectType=' + declared.subjectType + ' status=' + declared.status + ' value=' + declared.value);
+" 2>&1 \
+  && _pass "bundle contains builder.verify.tests (subjectType=flow-step, status=verified, value=pass)" \
+  || _fail "bundle missing or incorrect builder.verify.tests claim"
+
+# ─── TEST 4: tampered bundle at verify step BLOCKS ────────────────────────────
+echo ""
+echo "=== 4. tamper-blocks: builder.verify.tests — tampered bundle triggers gate exit 2 ==="
+
+TAMPER_DIR="$TMP/tamper-verify"
+TAMPER_SLUG="tamper-verify-test"
+mkdir -p "$TAMPER_DIR"
+printf '# Test repo\n' > "$TAMPER_DIR/AGENTS.md"
+mkdir -p "$TAMPER_DIR/.flow-agents/$TAMPER_SLUG"
+
+flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$TAMPER_DIR/.flow-agents" \
+  --task-slug "$TAMPER_SLUG" \
+  --title "Tamper verify test" \
+  --summary "Testing tamper detection at verify step." \
+  --flow-id builder.build \
+  --step-id verify \
+  --timestamp "2026-06-01T02:00:00Z" >/dev/null 2>&1
+
+flow_agents_node "$WRITER" init-plan "$TAMPER_DIR/.flow-agents/$TAMPER_SLUG/$TAMPER_SLUG--deliver.md" \
+  --source-request "Test" --summary "Tamper test" \
+  --timestamp "2026-06-01T02:00:00Z" >/dev/null 2>&1
+
+flow_agents_node "$WRITER" advance-state "$TAMPER_DIR/.flow-agents/$TAMPER_SLUG" \
+  --status in_progress --phase verification \
+  --summary "At verify." --next-action "Continue." \
+  --flow-definition builder.build \
+  --timestamp "2026-06-01T02:00:30Z" >/dev/null 2>&1
+
+# Write TAMPERED trust.bundle: stored verified, evidence passing=false
+python3 - "$TAMPER_DIR/.flow-agents/$TAMPER_SLUG/trust.bundle" << 'PY'
+import json, sys
+bundle = {
+    "schemaVersion": 3,
+    "source": "flow-agents/workflow-sidecar",
+    "claims": [{
+        "id": "c1",
+        "subjectId": "tamper-verify-test/verify-tests",
+        "subjectType": "flow-step",
+        "claimType": "builder.verify.tests",
+        "fieldOrBehavior": "Tests pass",
+        "value": "pass",
+        "impactLevel": "high",
+        "status": "verified",
+        "createdAt": "2026-06-01T02:00:00Z",
+        "updatedAt": "2026-06-01T02:00:00Z"
+    }],
+    "evidence": [{
+        "id": "ev1",
+        "claimId": "c1",
+        "evidenceType": "test_output",
+        "method": "validation",
+        "sourceRef": "command-log.jsonl",
+        "excerptOrSummary": "tests FAILED",
+        "observedAt": "2026-06-01T02:00:00Z",
+        "collectedBy": "harness",
+        "passing": False,
+        "blocking": True
+    }],
+    "policies": [],
+    "events": [{
+        "id": "evt1",
+        "claimId": "c1",
+        "status": "verified",
+        "actor": "agent",
+        "method": "workflow-check",
+        "evidenceIds": ["ev1"],
+        "createdAt": "2026-06-01T02:00:00Z"
+    }]
+}
+json.dump(bundle, open(sys.argv[1], 'w'))
+PY
+
+set +e
+tamper_out="$(FLOW_AGENTS_GOAL_FIT_MODE=block FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip \
+    node "$GATE" 2>&1 <<< "{\"hook_event_name\":\"Stop\",\"cwd\":\"$TAMPER_DIR\"}")"
+tamper_exit="$?"
+set -e
+
+if [ "$tamper_exit" -eq 2 ]; then
+  _pass "gate BLOCKS tampered builder.verify.tests bundle (exit 2)"
+else
+  _fail "gate did NOT block tampered bundle: exit=$tamper_exit"
+fi
+
+if echo "$tamper_out" | grep -qE "stored status.*does not match recompute|possible tampered bundle|caught false-completion"; then
+  _pass "gate emits tamper warning for builder.verify.tests"
+else
+  _fail "gate tamper warning missing from output: $tamper_out"
+fi
+
+if echo "$tamper_out" | grep -q "builder.verify.tests"; then
+  _pass "gate tamper warning names declared claimType builder.verify.tests"
+else
+  _fail "gate tamper warning does not name builder.verify.tests: $tamper_out"
+fi
+
+# ─── TEST 5: Fallback — session without --flow-id (workflow.* only, safety net) ─
+echo ""
+echo "=== 5. Fallback: session without --flow-id produces only workflow.* claims (safety net intact) ==="
+
+FALLBACK_AROOT="$TMP/fallback-aroot"
+FALLBACK_SLUG="fallback-test"
+FALLBACK_DIR="$FALLBACK_AROOT/$FALLBACK_SLUG"
+mkdir -p "$FALLBACK_AROOT"
+
+flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$FALLBACK_AROOT" \
+  --task-slug "$FALLBACK_SLUG" \
+  --title "Fallback no-flow test" \
+  --summary "No --flow-id: workflow.* fallback is the safety net for non-flow sessions." \
+  --timestamp "2026-06-01T10:00:00Z" >/dev/null 2>&1
+
+flow_agents_node "$WRITER" init-plan "$FALLBACK_DIR/$FALLBACK_SLUG--deliver.md" \
+  --source-request "Test" --summary "Testing fallback." \
+  --timestamp "2026-06-01T10:00:00Z" >/dev/null 2>&1
+
+flow_agents_node "$WRITER" record-evidence "$FALLBACK_DIR" \
+  --verdict pass \
+  --check-json '{"id":"fallback-check","kind":"test","status":"pass","summary":"Fallback test passes"}' \
+  --timestamp "2026-06-01T10:01:00Z" >/dev/null 2>&1
+
+node -e "
+const fs = require('fs');
+const bundle = JSON.parse(fs.readFileSync('$FALLBACK_DIR/trust.bundle', 'utf8'));
+const claims = bundle.claims || [];
+const wfClaim = claims.find(c => c.claimType === 'workflow.check.test');
+const builderClaims = claims.filter(c => c.claimType.startsWith('builder.'));
+if (!wfClaim) throw new Error('MISSING workflow.check.test in fallback session');
+if (builderClaims.length > 0) throw new Error('UNEXPECTED builder.* claims in fallback session: ' + builderClaims.map(c=>c.claimType).join(', '));
+if (wfClaim.id.endsWith('-legacy')) throw new Error('workflow.check.test should not have -legacy suffix when no flow active');
+console.log('fallback: only workflow.check.test present (no builder.* claims, no -legacy suffix)');
+" 2>&1 \
+  && _pass "fallback (no --flow-id): only workflow.check.test produced, builder.* absent (producers dormant)" \
+  || _fail "fallback (no --flow-id): unexpected claims in trust.bundle"
+
+# ─── Summary ──────────────────────────────────────────────────────────────────
+echo ""
+if [ "$errors" -eq 0 ]; then
+  echo "test_flowdef_session_activation: all checks passed."
+  exit 0
+fi
+echo "test_flowdef_session_activation: $errors check(s) FAILED."
+exit 1