@kontourai/flow-agents 1.3.0 → 2.0.0

package/evals/integration/test_workflow_sidecar_writer.sh

@@ -480,10 +480,12 @@ else
   _fail "sidecar writer evidence failed: $(cat "$TMPDIR_EVAL/evidence.out" "$TMPDIR_EVAL/evidence.err")"
 fi
 
-if rg -q '"status": "verified"' "$ARTIFACT_DIR/state.json" && rg -q '"status": "pass"' "$ARTIFACT_DIR/acceptance.json"; then
-  _pass "sidecar writer updates state and acceptance from evidence"
+# Phase 4c: acceptance.json criteria status no longer updated at verification time (bundle-only).
+# State is verified; bundle claims carry the criteria status.
+if rg -q '"status": "verified"' "$ARTIFACT_DIR/state.json"   && [[ -f "$ARTIFACT_DIR/trust.bundle" ]]   && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const ac=b.claims.filter(c=>c.claimType==="workflow.acceptance.criterion"); if(ac.length===0) throw new Error("no acceptance criterion claims in bundle"); if(ac.some(c=>c.value!=="pass")) throw new Error("some acceptance criterion not pass in bundle: "+JSON.stringify(ac.map(c=>c.value)));' "$ARTIFACT_DIR/trust.bundle" 2>/dev/null; then
+  _pass "sidecar writer updates state and records acceptance in bundle from evidence"
 else
-  _fail "sidecar writer did not update state and acceptance"
+  _fail "sidecar writer did not update state or bundle from evidence"
 fi
 
 INVALID_REF_DIR="$TMPDIR_EVAL/repo/.flow-agents/invalid-evidence-ref"
@@ -545,14 +547,15 @@ else
 fi
 
 SURFACE_CHECK='{"id":"surface-trust-fixture","kind":"policy","status":"pass","summary":"Hachure trust.bundle evidence passed.","surface_trust_refs":[{"artifact_kind":"trust.bundle","artifact_ref":"trust/report.json","gate_id":"builder.trust.bundle","claim_type":"builder.trust.bundle","claim_status":"accepted","subject":"builder-kit","freshness":{"status":"fresh","summary":"Issued during this workflow."},"authority":{"producer":"surface-local","summary":"Local Surface trust producer."},"integrity":{"status":"matched","summary":"Artifact digest matched expected subject and gate.","digest":"sha256:abc123"},"status":"pass","summary":"Accepted trust.bundle claim."}]}'
+# Phase 4c: evidence.json no longer written; verify in trust.bundle (sole verification artifact).
 if flow_agents_node "$WRITER" record-evidence "$ARTIFACT_DIR" \
   --verdict pass \
   --check-json "$SURFACE_CHECK" \
   --timestamp "2026-05-09T00:01:05Z" >"$TMPDIR_EVAL/surface-evidence.out" 2>"$TMPDIR_EVAL/surface-evidence.err" \
-  && rg -q '"surface_trust_refs"' "$ARTIFACT_DIR/evidence.json" \
-  && rg -q '"artifact_kind": "trust.bundle"' "$ARTIFACT_DIR/evidence.json" \
-  && ! rg -q 'veritas' "$ARTIFACT_DIR/evidence.json"; then
-  _pass "sidecar writer records Hachure-aligned trust.bundle refs"
+  && [[ -f "$ARTIFACT_DIR/trust.bundle" ]] \
+  && ! rg -q 'veritas' "$ARTIFACT_DIR/trust.bundle" \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const c=b.claims.find(c=>c.claimType==="workflow.check.policy"); if(!c) throw new Error("no policy claim in bundle"); if(c.value!=="pass") throw new Error("expected pass, got "+c.value);' "$ARTIFACT_DIR/trust.bundle" 2>/dev/null; then
+  _pass "sidecar writer records Hachure-aligned trust.bundle refs (verified in bundle)"
 else
   _fail "sidecar writer did not record Hachure-aligned trust.bundle refs: $(cat "$TMPDIR_EVAL/surface-evidence.out" "$TMPDIR_EVAL/surface-evidence.err")"
 fi
@@ -595,13 +598,16 @@ check_surface_fixture() {
   local expected_text="$5"
   local dir="$TMPDIR_EVAL/repo/.flow-agents/surface-$name"
   mkdir -p "$dir"
+  # Phase 4c: evidence.json no longer written; verify surface trust check status in trust.bundle.
   if flow_agents_node "$WRITER" record-evidence "$dir" \
     --task-slug "surface-$name" \
     --verdict "$verdict" \
     --check-json '{"id":"ordinary-builder-evidence","kind":"test","status":"pass","summary":"Ordinary Builder Kit evidence still records."}' \
     --surface-trust-json "$SURFACE_FIXTURE_DIR/$fixture" \
     --timestamp "2026-05-09T00:02:00Z" >"$TMPDIR_EVAL/surface-$name.out" 2>"$TMPDIR_EVAL/surface-$name.err" \
-    && node -e 'const fs=require("fs"); const [file, expectedStatus, expectedText]=process.argv.slice(1); const data=JSON.parse(fs.readFileSync(file,"utf8")); const trustChecks=data.checks.filter((check)=>check.id.startsWith("surface-trust-")); if (trustChecks.length!==1) throw new Error(`expected one surface trust check, found ${trustChecks.length}`); const check=trustChecks[0]; if (check.status!==expectedStatus) throw new Error(`expected ${expectedStatus}, got ${check.status}`); const ref=check.surface_trust_refs[0]; const blob=JSON.stringify(check); if (!blob.includes(expectedText)) throw new Error(`missing expected text ${expectedText}: ${blob}`); if (blob.toLowerCase().includes("veritas")) throw new Error("surface trust output leaked a Veritas-specific field"); if (ref.gate_id==="unknown" || ref.claim_type==="unknown") throw new Error("surface trust ref did not map gate and claim metadata");' "$dir/evidence.json" "$expected_status" "$expected_text"
+    && [[ -f "$dir/trust.bundle" ]] \
+    && ! grep -qi 'veritas' "$dir/trust.bundle" \
+    && node -e 'const fs=require("fs"); const [bundleFile, expectedStatus, expectedText]=process.argv.slice(1); const b=JSON.parse(fs.readFileSync(bundleFile,"utf8")); const policyClaims=b.claims.filter((c)=>c.claimType==="workflow.check.policy"); if(policyClaims.length!==1) throw new Error("expected one policy claim, found "+policyClaims.length); const c=policyClaims[0]; if(c.value!==expectedStatus) throw new Error("expected "+expectedStatus+", got "+c.value); const blob=JSON.stringify(b); if(!blob.includes(expectedText)) throw new Error("missing expected text "+expectedText+" in bundle");' "$dir/trust.bundle" "$expected_status" "$expected_text" 2>/dev/null
   then
     _pass "surface trust fixture maps $name to $expected_status evidence"
   else
@@ -619,13 +625,15 @@ check_surface_fixture "artifact-absent" "artifact-absent.json" "not_verified" "n
 
 PURE_SURFACE_DIR="$TMPDIR_EVAL/repo/.flow-agents/surface-trust-only"
 mkdir -p "$PURE_SURFACE_DIR"
+# Phase 4c: evidence.json no longer written; verify in trust.bundle.
 if flow_agents_node "$WRITER" record-evidence "$PURE_SURFACE_DIR" \
   --task-slug "surface-trust-only" \
   --verdict pass \
   --surface-trust-json "$SURFACE_FIXTURE_DIR/accepted-claim-trust-report.json" \
   --timestamp "2026-05-09T00:02:30Z" >"$TMPDIR_EVAL/surface-only.out" 2>"$TMPDIR_EVAL/surface-only.err" \
-  && rg -q '"surface_trust_refs"' "$PURE_SURFACE_DIR/evidence.json"; then
-  _pass "sidecar writer records Surface trust evidence without unrelated check-json"
+  && [[ -f "$PURE_SURFACE_DIR/trust.bundle" ]] \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); if(!Array.isArray(b.claims)||b.claims.length===0) throw new Error("no claims in bundle"); ' "$PURE_SURFACE_DIR/trust.bundle" 2>/dev/null; then
+  _pass "sidecar writer records Surface trust evidence without unrelated check-json (verified in bundle)"
 else
   _fail "sidecar writer should accept Surface trust evidence without check-json: $(cat "$TMPDIR_EVAL/surface-only.out" "$TMPDIR_EVAL/surface-only.err")"
 fi
@@ -885,8 +893,12 @@ else
   _fail "sidecar writer not-verified evidence failed: $(cat "$TMPDIR_EVAL/nv-evidence.out" "$TMPDIR_EVAL/nv-evidence.err")"
 fi
 
-if rg -q '"status": "not_verified"' "$NV_DIR/state.json" && rg -q '"not_verified_gaps"' "$NV_DIR/evidence.json"; then
-  _pass "sidecar writer preserves not-verified state and gaps"
+# Phase 4c: evidence.json no longer written; not-verified state is in state.json + trust.bundle.
+# not_verified_gaps are accepted as input but not persisted to a sidecar (bundle-only sessions).
+if rg -q '"status": "not_verified"' "$NV_DIR/state.json" \
+  && [[ -f "$NV_DIR/trust.bundle" ]] \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const c=b.claims.find(c=>c.claimType==="workflow.check.external"); if(!c) throw new Error("no external check claim"); if(c.value!=="not_verified") throw new Error("expected not_verified, got "+c.value);' "$NV_DIR/trust.bundle" 2>/dev/null; then
+  _pass "sidecar writer preserves not-verified state in state.json and bundle"
 else
   _fail "sidecar writer did not preserve not-verified state"
 fi
@@ -978,10 +990,11 @@ status_a=$?
 wait "$pid_b"
 status_b=$?
 
+# Phase 4c: critique.json no longer written; verify both reviews are in trust.bundle claims.
 if [[ "$status_a" -eq 0 && "$status_b" -eq 0 ]] \
-  && rg -q '"id": "concurrent-review-a"' "$CONCURRENT_DIR/critique.json" \
-  && rg -q '"id": "concurrent-review-b"' "$CONCURRENT_DIR/critique.json"; then
-  _pass "sidecar writer serializes concurrent sidecar writes"
+  && [[ -f "$CONCURRENT_DIR/trust.bundle" ]] \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const cc=b.claims.filter(c=>c.claimType==="workflow.critique.review"); if(cc.length<2) throw new Error("expected 2 critique claims, found "+cc.length+": "+JSON.stringify(cc.map(c=>c.subjectId)));' "$CONCURRENT_DIR/trust.bundle" 2>/dev/null; then
+  _pass "sidecar writer serializes concurrent sidecar writes (both reviews in bundle)"
 else
   _fail "sidecar writer lost concurrent critique writes: $(cat "$TMPDIR_EVAL/concurrent-a.out" "$TMPDIR_EVAL/concurrent-a.err" "$TMPDIR_EVAL/concurrent-b.out" "$TMPDIR_EVAL/concurrent-b.err")"
 fi
@@ -1679,21 +1692,24 @@ else
   _fail "dogfood-pass should allow honest failed records: $(cat "$TMPDIR_EVAL/dogfood-failed-pass.out" "$TMPDIR_EVAL/dogfood-failed-pass.err")"
 fi
 
-if rg -q '"verdict": "fail"' "$FAILED_DOGFOOD_DIR/evidence.json" \
-  && rg -q '"status": "fail"' "$FAILED_DOGFOOD_DIR/critique.json" \
-  && rg -q '"status": "failed"' "$FAILED_DOGFOOD_DIR/state.json" \
-  && rg -q 'Required dogfood critique is not passing' "$FAILED_DOGFOOD_DIR/handoff.json"; then
-  _pass "dogfood-pass failed records preserve failed state and blockers"
+# Phase 4c: evidence.json/critique.json no longer written; verify in trust.bundle.
+if rg -q '"status": "failed"' "$FAILED_DOGFOOD_DIR/state.json" \
+  && rg -q 'Required dogfood critique is not passing' "$FAILED_DOGFOOD_DIR/handoff.json" \
+  && [[ -f "$FAILED_DOGFOOD_DIR/trust.bundle" ]] \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const cc=b.claims.filter(c=>c.claimType==="workflow.check.test"); if(!cc.length) throw new Error("no test check claim"); if(cc[0].value!=="fail") throw new Error("expected fail, got "+cc[0].value); const crit=b.claims.filter(c=>c.claimType==="workflow.critique.review"); if(!crit.length) throw new Error("no critique claim"); if(crit[0].value!=="fail") throw new Error("expected fail critique, got "+crit[0].value);' "$FAILED_DOGFOOD_DIR/trust.bundle" 2>/dev/null; then
+  _pass "dogfood-pass failed records preserve failed state and blockers (verified in bundle)"
 else
   _fail "dogfood-pass failed record did not preserve routing state"
 fi
 
+# Phase 4c: critique.json no longer written; validator reports sidecar missing (still blocks gate).
+# The trust.bundle carries the disputed critique claim which is the authoritative gate signal.
 if flow_agents_node "$VALIDATOR" --require-sidecars --require-critique "$FAILED_DOGFOOD_DIR" >"$TMPDIR_EVAL/dogfood-failed-valid.out" 2>"$TMPDIR_EVAL/dogfood-failed-valid.err"; then
-  _fail "strict validator should still reject failed required critique"
-elif rg -q 'required critique must pass' "$TMPDIR_EVAL/dogfood-failed-valid.out" "$TMPDIR_EVAL/dogfood-failed-valid.err"; then
-  _pass "dogfood-pass failed records remain visibly blocked under strict validation"
+  _fail "strict validator should still reject when critique is missing (4c bundle-only)"
+elif rg -q 'required critique must pass|required sidecar is missing' "$TMPDIR_EVAL/dogfood-failed-valid.out" "$TMPDIR_EVAL/dogfood-failed-valid.err"; then
+  _pass "dogfood-pass failed records remain visibly blocked under strict validation (sidecar missing or critique fail)"
 else
-  _fail "dogfood-pass failed record strict validation did not expose critique blocker"
+  _fail "dogfood-pass failed record strict validation did not expose critique blocker: $(cat "$TMPDIR_EVAL/dogfood-failed-valid.out" "$TMPDIR_EVAL/dogfood-failed-valid.err")"
 fi
 
 if flow_agents_node "$WRITER" dogfood-pass \
@@ -1715,11 +1731,13 @@ else
   _fail "dogfood-pass failed: $(cat "$TMPDIR_EVAL/dogfood-pass.out" "$TMPDIR_EVAL/dogfood-pass.err")"
 fi
 
+# Phase 4c: critique.json no longer written; verify in trust.bundle.
 if rg -q '"state_status": "verified"' "$TMPDIR_EVAL/dogfood-pass.out" \
-  && rg -q '"status": "pass"' "$DOGFOOD_DIR/critique.json" \
   && rg -q '"status": "learned"' "$DOGFOOD_DIR/learning.json" \
-  && rg -q '"status": "verified"' "$DOGFOOD_DIR/state.json"; then
-  _pass "dogfood-pass writes clean evidence, critique, learning, and state"
+  && rg -q '"status": "verified"' "$DOGFOOD_DIR/state.json" \
+  && [[ -f "$DOGFOOD_DIR/trust.bundle" ]] \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const crit=b.claims.filter(c=>c.claimType==="workflow.critique.review"); if(!crit.length) throw new Error("no critique claim in bundle"); if(crit[0].value!=="pass") throw new Error("expected pass critique, got "+crit[0].value);' "$DOGFOOD_DIR/trust.bundle" 2>/dev/null; then
+  _pass "dogfood-pass writes clean bundle, learning, and state (4c bundle-only)"
 else
   _fail "dogfood-pass did not produce expected clean sidecars"
 fi
@@ -1830,6 +1848,7 @@ flow_agents_node "$WRITER" init-plan "$DOGFOOD_NV_DIR/dogfood-not-verified--deli
   --next-action "Record not verified dogfood pass." \
   --timestamp "2026-05-09T00:00:00Z" >"$TMPDIR_EVAL/dogfood-nv-init.out" 2>"$TMPDIR_EVAL/dogfood-nv-init.err"
 
+# Phase 4c: evidence.json no longer written; verify not-verified claim in trust.bundle.
 if flow_agents_node "$WRITER" dogfood-pass \
   --artifact-root "$SESSION_ROOT" \
   --artifact-dir "$DOGFOOD_NV_DIR" \
@@ -1838,10 +1857,10 @@ if flow_agents_node "$WRITER" dogfood-pass \
   --gap "External live runtime unavailable." \
   --summary "Dogfood pass preserved not verified evidence." \
   --timestamp "2026-05-09T00:06:00Z" >"$TMPDIR_EVAL/dogfood-nv.out" 2>"$TMPDIR_EVAL/dogfood-nv.err" \
-  && rg -q '"verdict": "not_verified"' "$DOGFOOD_NV_DIR/evidence.json" \
   && rg -q '"state_status": "not_verified"' "$TMPDIR_EVAL/dogfood-nv.out" \
-  && rg -q '"External live runtime unavailable."' "$DOGFOOD_NV_DIR/evidence.json"; then
-  _pass "dogfood-pass preserves NOT_VERIFIED evidence and routing"
+  && [[ -f "$DOGFOOD_NV_DIR/trust.bundle" ]] \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const ec=b.claims.filter(c=>c.claimType==="workflow.check.external"); if(!ec.length) throw new Error("no external check claim"); if(ec[0].value!=="not_verified") throw new Error("expected not_verified, got "+ec[0].value);' "$DOGFOOD_NV_DIR/trust.bundle" 2>/dev/null; then
+  _pass "dogfood-pass preserves NOT_VERIFIED evidence and routing (verified in bundle)"
 else
   _fail "dogfood-pass did not preserve not verified evidence: $(cat "$TMPDIR_EVAL/dogfood-nv.out" "$TMPDIR_EVAL/dogfood-nv.err")"
 fi
@@ -2009,8 +2028,10 @@ else
   _fail "sidecar writer import critique failed: $(cat "$TMPDIR_EVAL/import-critique.out" "$TMPDIR_EVAL/import-critique.err")"
 fi
 
-if rg -q '"id": "minor-style-note"' "$REVIEW_DIR/critique.json" && rg -q '"status": "fixed"' "$REVIEW_DIR/critique.json"; then
-  _pass "sidecar writer extracts review findings"
+# Phase 4c: critique.json no longer written; verify critique claim in trust.bundle.
+if [[ -f "$REVIEW_DIR/trust.bundle" ]] \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const crit=b.claims.filter(c=>c.claimType==="workflow.critique.review"); if(!crit.length) throw new Error("no critique claim"); if(crit[0].value!=="pass") throw new Error("expected pass, got "+crit[0].value);' "$REVIEW_DIR/trust.bundle" 2>/dev/null; then
+  _pass "sidecar writer extracts review findings (verified in bundle)"
 else
   _fail "sidecar writer did not extract review findings"
 fi
@@ -2097,12 +2118,506 @@ MARKDOWN
 
 if flow_agents_node "$WRITER" import-critique "$IMPORT_BAD" "$IMPORT_BAD/imported-bad-critique--review.md" >"$TMPDIR_EVAL/import-bad-critique.out" 2>&1; then
   _fail "sidecar writer should reject imported failing critique"
-elif rg -q 'required critique must pass' "$TMPDIR_EVAL/import-bad-critique.out" && rg -q '"id": "imported-blocker"' "$IMPORT_BAD/critique.json"; then
-  _pass "sidecar writer persists and rejects imported failing critique"
+elif rg -q 'required critique must pass' "$TMPDIR_EVAL/import-bad-critique.out" \
+  && [[ -f "$IMPORT_BAD/trust.bundle" ]] \
+  && node -e 'const fs=require("fs"); const b=JSON.parse(fs.readFileSync(process.argv[1],"utf8")); const crit=b.claims.filter(c=>c.claimType==="workflow.critique.review"); if(!crit.length) throw new Error("no critique claim"); if(crit[0].value!=="fail") throw new Error("expected fail, got "+crit[0].value);' "$IMPORT_BAD/trust.bundle" 2>/dev/null; then
+  _pass "sidecar writer persists and rejects imported failing critique (critique in bundle, not sidecar)"
 else
   _fail "imported failing critique did not persist actionable finding"
 fi
 
+
+# ─── AC1: trust.bundle dual-write file existence and schema validity ──────────
+TB_SCHEMA_DIR="$TMPDIR_EVAL/repo/.flow-agents/trust-bundle-schema"
+mkdir -p "$TB_SCHEMA_DIR"
+cp "$ARTIFACT_DIR/auto-sidecars--deliver.md" "$TB_SCHEMA_DIR/trust-bundle-schema--deliver.md"
+flow_agents_node "$WRITER" init-plan "$TB_SCHEMA_DIR/trust-bundle-schema--deliver.md" \
+  --source-request "Trust bundle schema fixture." \
+  --summary "Trust bundle schema fixture." \
+  --next-action "Record evidence and verify trust.bundle." \
+  --timestamp "2026-05-09T00:00:00Z" >"$TMPDIR_EVAL/tb-schema-init.out" 2>"$TMPDIR_EVAL/tb-schema-init.err"
+
+if flow_agents_node "$WRITER" record-evidence "$TB_SCHEMA_DIR" \
+  --verdict pass \
+  --check-json '{"id":"tb-schema-check","kind":"test","status":"pass","summary":"Trust bundle schema fixture check passed."}' \
+  --timestamp "2026-05-09T00:01:00Z" >"$TMPDIR_EVAL/tb-schema-evidence.out" 2>"$TMPDIR_EVAL/tb-schema-evidence.err" \
+  && [[ -f "$TB_SCHEMA_DIR/trust.bundle" ]]; then
+  _pass "trust.bundle dual-write creates trust.bundle after record-evidence"
+else
+  _fail "trust.bundle dual-write did not create trust.bundle after record-evidence: $(cat "$TMPDIR_EVAL/tb-schema-evidence.out" "$TMPDIR_EVAL/tb-schema-evidence.err")"
+fi
+
+TB_BUNDLE_PATH="$TB_SCHEMA_DIR/trust.bundle"
+if [[ -f "$TB_BUNDLE_PATH" ]]; then
+  if node --input-type=module <<NODEOF 2>"$TMPDIR_EVAL/tb-validate.err"
+import { readFileSync } from 'node:fs';
+import { validateTrustBundle } from '${ROOT}/build/src/cli/workflow-sidecar.js';
+const bundle = JSON.parse(readFileSync('${TB_BUNDLE_PATH}', 'utf8'));
+const result = await validateTrustBundle(bundle);
+if (!result.available) { process.stderr.write('surface unavailable: validateTrustBundle.available was false\n'); process.exit(2); }
+if (!result.valid) { process.stderr.write('schema invalid: ' + result.errors.join('; ') + '\n'); process.exit(1); }
+NODEOF
+  then
+    _pass "trust.bundle dual-write produces schema-valid bundle (available:true, valid:true)"
+  else
+    _fail "trust.bundle schema validation failed: $(cat "$TMPDIR_EVAL/tb-validate.err")"
+  fi
+fi
+
+# ─── AC2: claim status fidelity — pass→verified, fail→disputed ───────────────
+TB_FIDELITY_DIR="$TMPDIR_EVAL/repo/.flow-agents/trust-bundle-fidelity"
+mkdir -p "$TB_FIDELITY_DIR"
+cp "$ARTIFACT_DIR/auto-sidecars--deliver.md" "$TB_FIDELITY_DIR/trust-bundle-fidelity--deliver.md"
+flow_agents_node "$WRITER" init-plan "$TB_FIDELITY_DIR/trust-bundle-fidelity--deliver.md" \
+  --source-request "Trust bundle claim fidelity fixture." \
+  --summary "Trust bundle claim fidelity fixture." \
+  --next-action "Seed pass and fail checks to verify claim status mapping." \
+  --timestamp "2026-05-09T00:00:00Z" >"$TMPDIR_EVAL/tb-fidelity-init.out" 2>"$TMPDIR_EVAL/tb-fidelity-init.err"
+
+if flow_agents_node "$WRITER" record-evidence "$TB_FIDELITY_DIR" \
+  --verdict fail \
+  --check-json '{"id":"tb-pass-check","kind":"test","status":"pass","summary":"This check passed."}' \
+  --check-json '{"id":"tb-fail-check","kind":"test","status":"fail","summary":"This check failed."}' \
+  --timestamp "2026-05-09T00:01:00Z" >"$TMPDIR_EVAL/tb-fidelity-evidence.out" 2>"$TMPDIR_EVAL/tb-fidelity-evidence.err" \
+  && [[ -f "$TB_FIDELITY_DIR/trust.bundle" ]]; then
+  if node --input-type=module <<NODEOF 2>"$TMPDIR_EVAL/tb-fidelity-check.err"
+import { readFileSync } from 'node:fs';
+const bundle = JSON.parse(readFileSync('${TB_FIDELITY_DIR}/trust.bundle', 'utf8'));
+const claims = bundle.claims;
+// Surface uses generateClaimId: search by subjectId (which encodes slug/checkId)
+const passClaim = claims.find((c) => c.subjectId && c.subjectId.endsWith('/tb-pass-check'));
+const failClaim = claims.find((c) => c.subjectId && c.subjectId.endsWith('/tb-fail-check'));
+if (!passClaim) { process.stderr.write('missing claim for subjectId ending with /tb-pass-check\n'); process.exit(1); }
+if (!failClaim) { process.stderr.write('missing claim for subjectId ending with /tb-fail-check\n'); process.exit(1); }
+if (passClaim.status !== 'verified') { process.stderr.write('pass check claim status was ' + passClaim.status + ', expected verified (Surface deriveClaimStatus)\n'); process.exit(1); }
+if (failClaim.status !== 'disputed') { process.stderr.write('fail check claim status was ' + failClaim.status + ', expected disputed (Surface deriveClaimStatus)\n'); process.exit(1); }
+// Assert at least one acceptance criterion claim exists (seeded by init-plan)
+const acClaims = claims.filter((c) => c.claimType === 'workflow.acceptance.criterion');
+if (acClaims.length === 0) { process.stderr.write('expected at least one workflow.acceptance.criterion claim but found none\n'); process.exit(1); }
+NODEOF
+  then
+    _pass "trust.bundle claim fidelity: pass check maps to verified, fail check maps to disputed, ac criterion claim present (Surface deriveClaimStatus)"
+  else
+    _fail "trust.bundle claim fidelity assertion failed: $(cat "$TMPDIR_EVAL/tb-fidelity-check.err")"
+  fi
+else
+  _fail "trust.bundle claim fidelity setup failed: $(cat "$TMPDIR_EVAL/tb-fidelity-evidence.out" "$TMPDIR_EVAL/tb-fidelity-evidence.err")"
+fi
+
+# ─── AC2: claim status fidelity — critique fail→disputed, pass→verified ──────
+TB_CRITIQUE_DIR="$TMPDIR_EVAL/repo/.flow-agents/trust-bundle-critique"
+mkdir -p "$TB_CRITIQUE_DIR"
+cp "$ARTIFACT_DIR/auto-sidecars--deliver.md" "$TB_CRITIQUE_DIR/trust-bundle-critique--deliver.md"
+flow_agents_node "$WRITER" init-plan "$TB_CRITIQUE_DIR/trust-bundle-critique--deliver.md" \
+  --source-request "Trust bundle critique claim fidelity fixture." \
+  --summary "Trust bundle critique claim fidelity fixture." \
+  --next-action "Record pass and fail critiques to verify claim status mapping." \
+  --timestamp "2026-05-09T00:00:00Z" >"$TMPDIR_EVAL/tb-critique-init.out" 2>"$TMPDIR_EVAL/tb-critique-init.err"
+flow_agents_node "$WRITER" record-evidence "$TB_CRITIQUE_DIR" \
+  --verdict pass \
+  --check-json '{"id":"tb-critique-setup","kind":"test","status":"pass","summary":"Critique fidelity setup passed."}' \
+  --timestamp "2026-05-09T00:01:00Z" >"$TMPDIR_EVAL/tb-critique-evidence.out" 2>"$TMPDIR_EVAL/tb-critique-evidence.err"
+
+# Record a failing critique (verdict fail → claim status disputed)
+flow_agents_node "$WRITER" record-critique "$TB_CRITIQUE_DIR" \
+  --id tb-fail-review \
+  --reviewer tool-code-reviewer \
+  --verdict fail \
+  --summary "Critique failed — blocking finding." \
+  --timestamp "2026-05-09T00:02:00Z" >"$TMPDIR_EVAL/tb-critique-fail.out" 2>"$TMPDIR_EVAL/tb-critique-fail.err" || true
+
+# Record a passing critique (verdict pass, no open findings → claim status verified)
+if flow_agents_node "$WRITER" record-critique "$TB_CRITIQUE_DIR" \
+  --id tb-pass-review \
+  --reviewer tool-code-reviewer \
+  --verdict pass \
+  --summary "Critique passed — no blocking findings." \
+  --timestamp "2026-05-09T00:02:30Z" >"$TMPDIR_EVAL/tb-critique-pass.out" 2>"$TMPDIR_EVAL/tb-critique-pass.err" \
+  && [[ -f "$TB_CRITIQUE_DIR/trust.bundle" ]]; then
+  if node --input-type=module <<NODEOF 2>"$TMPDIR_EVAL/tb-critique-assert.err"
+import { readFileSync } from 'node:fs';
+const bundle = JSON.parse(readFileSync('${TB_CRITIQUE_DIR}/trust.bundle', 'utf8'));
+const claims = bundle.claims;
+// Surface uses generateClaimId: search by subjectId (which encodes slug/reviewId)
+const failCritique = claims.find((c) => c.subjectId && c.subjectId.endsWith('/tb-fail-review'));
+const passCritique = claims.find((c) => c.subjectId && c.subjectId.endsWith('/tb-pass-review'));
+if (!failCritique) { process.stderr.write('missing claim for subjectId ending with /tb-fail-review\n'); process.exit(1); }
+if (!passCritique) { process.stderr.write('missing claim for subjectId ending with /tb-pass-review\n'); process.exit(1); }
+if (failCritique.status !== 'disputed') { process.stderr.write('fail critique claim status was ' + failCritique.status + ', expected disputed (Surface deriveClaimStatus)\n'); process.exit(1); }
+if (passCritique.status !== 'verified') { process.stderr.write('pass critique claim status was ' + passCritique.status + ', expected verified (Surface deriveClaimStatus)\n'); process.exit(1); }
+NODEOF
+  then
+    _pass "trust.bundle claim fidelity: critique fail→disputed, critique pass→verified"
+  else
+    _fail "trust.bundle critique claim fidelity assertion failed: $(cat "$TMPDIR_EVAL/tb-critique-assert.err")"
+  fi
+else
+  _fail "trust.bundle critique claim fidelity setup failed: $(cat "$TMPDIR_EVAL/tb-critique-pass.out" "$TMPDIR_EVAL/tb-critique-pass.err")"
+fi
+
+# ─── AC3: capture authoritative over claimed status + policies present (ADR 0010 maximal) ──
+TB_CAPTURE_DIR="$TMPDIR_EVAL/repo/.flow-agents/trust-bundle-capture"
+mkdir -p "$TB_CAPTURE_DIR"
+cp "$ARTIFACT_DIR/auto-sidecars--deliver.md" "$TB_CAPTURE_DIR/trust-bundle-capture--deliver.md"
+flow_agents_node "$WRITER" init-plan "$TB_CAPTURE_DIR/trust-bundle-capture--deliver.md" \
+  --source-request "Capture-authoritative trust bundle fixture." \
+  --summary "Capture-authoritative trust bundle fixture." \
+  --next-action "Seed a claimed-pass check whose command actually failed in the capture log." \
+  --timestamp "2026-05-09T00:00:00Z" >"$TMPDIR_EVAL/tb-capture-init.out" 2>"$TMPDIR_EVAL/tb-capture-init.err"
+# Deterministic capture log: the command FAILED (exit 1), recorded before record-evidence.
+printf '%s\n' '{"command":"npm test","observedResult":"fail","exitCode":1}' > "$TB_CAPTURE_DIR/command-log.jsonl"
+if flow_agents_node "$WRITER" record-evidence "$TB_CAPTURE_DIR" \
+  --verdict pass \
+  --check-json '{"id":"tb-capture-check","kind":"test","status":"pass","summary":"Claimed pass.","command":"npm test"}' \
+  --timestamp "2026-05-09T00:01:00Z" >"$TMPDIR_EVAL/tb-capture-evidence.out" 2>"$TMPDIR_EVAL/tb-capture-evidence.err" \
+  && [[ -f "$TB_CAPTURE_DIR/trust.bundle" ]]; then
+  if node --input-type=module <<NODEOF 2>"$TMPDIR_EVAL/tb-capture-assert.err"
+import { readFileSync } from 'node:fs';
+const bundle = JSON.parse(readFileSync('${TB_CAPTURE_DIR}/trust.bundle', 'utf8'));
+const claim = bundle.claims.find((c) => c.subjectId && c.subjectId.endsWith('/tb-capture-check'));
+if (!claim) { process.stderr.write('missing claim for /tb-capture-check\n'); process.exit(1); }
+if (claim.status !== 'disputed') { process.stderr.write('claimed-pass check with captured FAIL had status ' + claim.status + ', expected disputed (capture authoritative)\n'); process.exit(1); }
+if (!Array.isArray(bundle.policies) || bundle.policies.length === 0) { process.stderr.write('bundle.policies empty — expected a verification policy per claimType\n'); process.exit(1); }
+const ev = bundle.evidence.find((e) => e.claimId === claim.id);
+if (!ev || !ev.execution || ev.execution.isError !== true) { process.stderr.write('capture evidence with execution.isError=true missing\n'); process.exit(1); }
+NODEOF
+  then
+    _pass "trust.bundle capture authoritative: claimed-pass + captured-fail → disputed; policies present; execution evidence folded in"
+  else
+    _fail "trust.bundle capture-authoritative assertion failed: $(cat "$TMPDIR_EVAL/tb-capture-assert.err")"
+  fi
+else
+  _fail "trust.bundle capture-authoritative setup failed: $(cat "$TMPDIR_EVAL/tb-capture-evidence.out" "$TMPDIR_EVAL/tb-capture-evidence.err")"
+fi
+
+# ─── AC4: render-trust-panel projects the bundle to a standalone Surface Trust Panel (ADR 0010 Phase 3) ──
+if [[ -f "$TB_CAPTURE_DIR/trust.bundle" ]] && flow_agents_node "$WRITER" render-trust-panel "$TB_CAPTURE_DIR" --out "$TB_CAPTURE_DIR/trust-panel.html" >"$TMPDIR_EVAL/tb-panel.out" 2>"$TMPDIR_EVAL/tb-panel.err"; then
+  PANEL="$TB_CAPTURE_DIR/trust-panel.html"
+  REPORT="$TB_CAPTURE_DIR/trust-report.json"
+  if [[ -f "$PANEL" ]] \
+    && rg -q "<surface-trust-panel" "$PANEL" \
+    && rg -q "customElements.define" "$PANEL" \
+    && rg -q '"status":"disputed"' "$PANEL"; then
+    _pass "render-trust-panel: standalone Trust Panel HTML with inlined Surface element + disputed claim from the derived report"
+  else
+    _fail "render-trust-panel output missing panel element / inlined JS / disputed claim"
+  fi
+  # report artifact: the derived TrustReport (universal input for Surface's Snapshot Viewer / bare element)
+  if [[ -f "$REPORT" ]] && rg -q '"status": "disputed"' "$REPORT" && rg -q '"claims"' "$REPORT"; then
+    _pass "render-trust-panel: also emits trust-report.json (derived report with the disputed claim)"
+  else
+    _fail "render-trust-panel did not emit a valid trust-report.json: $(head -c 200 "$REPORT" 2>/dev/null)"
+  fi
+else
+  _fail "render-trust-panel failed: $(cat "$TMPDIR_EVAL/tb-panel.out" "$TMPDIR_EVAL/tb-panel.err")"
+fi
+
+# ─── AC5: trust-mcp wiring (flow-agents#137) — zero-write print + opt-in, reversible enable/disable ──
+TB_MCP_CFG="$TMPDIR_EVAL/mcp/.mcp.json"
+mkdir -p "$(dirname "$TB_MCP_CFG")"
+echo '{"mcpServers":{"other":{"command":"x","args":[]}}}' > "$TB_MCP_CFG"
+if flow_agents_node "$WRITER" trust-mcp >"$TMPDIR_EVAL/tb-mcp-print.out" 2>/dev/null \
+  && rg -q "flow-agents-surface-trust" "$TMPDIR_EVAL/tb-mcp-print.out" \
+  && flow_agents_node "$WRITER" trust-mcp --mode enable --config "$TB_MCP_CFG" >/dev/null 2>&1 \
+  && flow_agents_node "$WRITER" trust-mcp --mode enable --config "$TB_MCP_CFG" >/dev/null 2>&1; then
+  if node --input-type=module <<NODEOF 2>"$TMPDIR_EVAL/tb-mcp.err"
+import { readFileSync } from 'node:fs';
+const s = (JSON.parse(readFileSync('${TB_MCP_CFG}','utf8')).mcpServers) || {};
+if (!s['flow-agents-surface-trust']) { process.stderr.write('enable did not add our server\n'); process.exit(1); }
+if (!s['other']) { process.stderr.write('enable clobbered an existing server\n'); process.exit(1); }
+if (Object.keys(s).length !== 2) { process.stderr.write('enable not idempotent (count ' + Object.keys(s).length + ')\n'); process.exit(1); }
+NODEOF
+  then
+    flow_agents_node "$WRITER" trust-mcp --mode disable --config "$TB_MCP_CFG" >/dev/null 2>&1
+    if node --input-type=module <<NODEOF 2>>"$TMPDIR_EVAL/tb-mcp.err"
+import { readFileSync } from 'node:fs';
+const s = (JSON.parse(readFileSync('${TB_MCP_CFG}','utf8')).mcpServers) || {};
+if (s['flow-agents-surface-trust']) { process.stderr.write('disable left our server\n'); process.exit(1); }
+if (!s['other']) { process.stderr.write('disable removed an existing server\n'); process.exit(1); }
+NODEOF
+    then
+      _pass "trust-mcp: zero-write print; enable idempotent + preserves existing; disable removes only ours"
+    else
+      _fail "trust-mcp disable assertion failed: $(cat "$TMPDIR_EVAL/tb-mcp.err")"
+    fi
+  else
+    _fail "trust-mcp enable assertion failed: $(cat "$TMPDIR_EVAL/tb-mcp.err")"
+  fi
+else
+  _fail "trust-mcp print/enable invocation failed"
+fi
+
+# ─── AC6: agent liveness (ADR 0012) — held / free-on-lapse / free-on-release ──
+TB_LIVENESS_ROOT="$TMPDIR_EVAL/liveness/.flow-agents"
+flow_agents_node "$WRITER" liveness claim     held-subj  --actor agent-A --at "2026-06-25T11:50:00Z" --ttl 1800 --artifact-root "$TB_LIVENESS_ROOT" >/dev/null 2>&1
+flow_agents_node "$WRITER" liveness heartbeat held-subj  --actor agent-A --at "2026-06-25T11:58:00Z" --artifact-root "$TB_LIVENESS_ROOT" >/dev/null 2>&1
+flow_agents_node "$WRITER" liveness claim     stale-subj --actor agent-B --at "2026-06-25T11:00:00Z" --ttl 1800 --artifact-root "$TB_LIVENESS_ROOT" >/dev/null 2>&1
+flow_agents_node "$WRITER" liveness claim     rel-subj   --actor agent-C --at "2026-06-25T11:50:00Z" --ttl 1800 --artifact-root "$TB_LIVENESS_ROOT" >/dev/null 2>&1
+flow_agents_node "$WRITER" liveness release   rel-subj   --actor agent-C --at "2026-06-25T11:55:00Z" --artifact-root "$TB_LIVENESS_ROOT" >/dev/null 2>&1
+LIVENESS_OUT=$(flow_agents_node "$WRITER" liveness status --now "2026-06-25T12:00:00Z" --artifact-root "$TB_LIVENESS_ROOT" 2>/dev/null | grep -viE "unknown format")
+if echo "$LIVENESS_OUT" | grep -qE "held-subj.*agent-A.*held" \
+  && echo "$LIVENESS_OUT" | grep -qE "stale-subj.*agent-B.*free" \
+  && echo "$LIVENESS_OUT" | grep -qE "rel-subj.*agent-C.*free"; then
+  _pass "liveness: liveness claims recompute held / free(lapsed) / free(released) via Surface deriveTrustStatus (ADR 0012)"
+else
+  _fail "liveness status mismatch (expected held/free/free): $LIVENESS_OUT"
+fi
+
+# ─── AC7: lifecycle-driven liveness (ADR 0012) — init-plan claims, advance-state releases (opt-in) ──
+TB_LC_ROOT="$TMPDIR_EVAL/liveness-lifecycle/.flow-agents"
+TB_LC_DIR="$TB_LC_ROOT/lc-task"; mkdir -p "$TB_LC_DIR"
+cp "$ARTIFACT_DIR/auto-sidecars--deliver.md" "$TB_LC_DIR/lc-task--deliver.md"
+FLOW_AGENTS_LIVENESS=on FLOW_AGENTS_ACTOR=agent-LC flow_agents_node "$WRITER" init-plan "$TB_LC_DIR/lc-task--deliver.md" --task-slug lc-task --source-request x --summary y --next-action z --timestamp "2026-06-25T11:50:00Z" >/dev/null 2>&1
+LC_HELD=$(flow_agents_node "$WRITER" liveness status --now "2026-06-25T12:00:00Z" --artifact-root "$TB_LC_ROOT" 2>/dev/null | grep -viE "unknown format")
+FLOW_AGENTS_LIVENESS=on FLOW_AGENTS_ACTOR=agent-LC flow_agents_node "$WRITER" advance-state "$TB_LC_DIR" --status delivered --phase done --task-slug lc-task --timestamp "2026-06-25T11:55:00Z" >/dev/null 2>&1
+LC_FREE=$(flow_agents_node "$WRITER" liveness status --now "2026-06-25T12:00:00Z" --artifact-root "$TB_LC_ROOT" 2>/dev/null | grep -viE "unknown format")
+TB_OFF_ROOT="$TMPDIR_EVAL/liveness-off/.flow-agents"; mkdir -p "$TB_OFF_ROOT/off-task"
+cp "$ARTIFACT_DIR/auto-sidecars--deliver.md" "$TB_OFF_ROOT/off-task/off-task--deliver.md"
+flow_agents_node "$WRITER" init-plan "$TB_OFF_ROOT/off-task/off-task--deliver.md" --task-slug off-task --source-request x --summary y --next-action z >/dev/null 2>&1
+if echo "$LC_HELD" | grep -qE "lc-task.*agent-LC.*held" && echo "$LC_FREE" | grep -qE "lc-task.*agent-LC.*free" && [ ! -f "$TB_OFF_ROOT/liveness/events.jsonl" ]; then
+  _pass "liveness lifecycle: init-plan claims (held), advance→delivered releases (free); opt-in respected (no events when disabled)"
+else
+  _fail "liveness lifecycle mismatch: held=[$LC_HELD] free=[$LC_FREE] off=$([ -f "$TB_OFF_ROOT/liveness/events.jsonl" ] && echo wrote || echo none)"
+fi
+
+# ─── AC8: bundle-writers fail LOUDLY when Surface unavailable — no silent data loss (#156) ──
+TB_FO_DIR="$TMPDIR_EVAL/repo/.flow-agents/failopen"
+mkdir -p "$TB_FO_DIR"
+cp "$ARTIFACT_DIR/auto-sidecars--deliver.md" "$TB_FO_DIR/failopen--deliver.md"
+flow_agents_node "$WRITER" init-plan "$TB_FO_DIR/failopen--deliver.md" --task-slug failopen --source-request x --summary y --next-action z --timestamp "2026-05-09T00:00:00Z" >/dev/null 2>&1
+flow_agents_node "$WRITER" record-evidence "$TB_FO_DIR" --verdict pass --check-json '{"id":"c1","kind":"test","status":"pass","summary":"s"}' --timestamp "2026-05-09T00:01:00Z" >/dev/null 2>&1
+# With Surface forced-unavailable, record-critique MUST fail (non-zero), not silently drop the critique.
+if FLOW_AGENTS_SURFACE_UNAVAILABLE=1 flow_agents_node "$WRITER" record-critique "$TB_FO_DIR" --id rev-fo --reviewer r --verdict pass --summary fo --timestamp "2026-05-09T00:02:00Z" >"$TMPDIR_EVAL/failopen.out" 2>&1; then
+  _fail "record-critique fail-opened (exit 0) when Surface unavailable — SILENT DATA LOSS: $(cat "$TMPDIR_EVAL/failopen.out")"
+elif grep -qiE "was NOT written|not persisted" "$TMPDIR_EVAL/failopen.out"; then
+  _pass "bundle-writers fail loudly (no silent data loss) when Surface unavailable (#156)"
+else
+  _fail "record-critique failed but without a clear not-persisted message: $(cat "$TMPDIR_EVAL/failopen.out")"
+fi
+
+
+# ─── AC3: statusFunctionVersion conformance ───────────────────────────────────
+# Assert the statusFunctionVersion embedded in the emitted trust.bundle source
+# field matches @kontourai/surface's exported statusFunctionVersion constant.
+# Also run hachure conformance vectors through Surface's deriveClaimStatus to
+# confirm our producer path produces canonical statuses.
+TB_CONF_DIR="$TMPDIR_EVAL/repo/.flow-agents/trust-bundle-conformance"
+mkdir -p "$TB_CONF_DIR"
+cp "$ARTIFACT_DIR/auto-sidecars--deliver.md" "$TB_CONF_DIR/trust-bundle-conformance--deliver.md"
+flow_agents_node "$WRITER" init-plan "$TB_CONF_DIR/trust-bundle-conformance--deliver.md"   --source-request "Conformance fixture."   --summary "Conformance fixture."   --next-action "Record evidence and check statusFunctionVersion."   --timestamp "2026-05-09T00:00:00Z" >"$TMPDIR_EVAL/tb-conf-init.out" 2>"$TMPDIR_EVAL/tb-conf-init.err"
+flow_agents_node "$WRITER" record-evidence "$TB_CONF_DIR"   --verdict pass   --check-json '{"id":"conf-check","kind":"test","status":"pass","summary":"Conformance check passed."}'   --timestamp "2026-05-09T00:01:00Z" >"$TMPDIR_EVAL/tb-conf-evidence.out" 2>"$TMPDIR_EVAL/tb-conf-evidence.err"
+
+if [[ -f "$TB_CONF_DIR/trust.bundle" ]]; then
+  if node --input-type=module <<NODEOF 2>"$TMPDIR_EVAL/tb-sfv-check.err"
+import { readFileSync } from 'node:fs';
+import { statusFunctionVersion } from '@kontourai/surface';
+const bundle = JSON.parse(readFileSync('${TB_CONF_DIR}/trust.bundle', 'utf8'));
+// statusFunctionVersion is encoded in the source field as "...;statusFunctionVersion=<version>"
+const sourceMatch = (bundle.source || '').match(/statusFunctionVersion=(.+)$/);
+if (!sourceMatch) { process.stderr.write('bundle source does not contain statusFunctionVersion: ' + bundle.source + '\n'); process.exit(1); }
+const bundleSfv = sourceMatch[1];
+const surfaceSfv = String(statusFunctionVersion);
+if (bundleSfv !== surfaceSfv) {
+  process.stderr.write('bundle statusFunctionVersion ' + bundleSfv + ' does not match Surface statusFunctionVersion ' + surfaceSfv + '\n');
+  process.exit(1);
+}
+NODEOF
+  then
+    _pass "trust.bundle source encodes statusFunctionVersion matching Surface\'s canonical export"
+  else
+    _fail "trust.bundle statusFunctionVersion mismatch: $(cat "$TMPDIR_EVAL/tb-sfv-check.err")"
+  fi
+fi
+
+# Conformance vectors: assert Surface's deriveClaimStatus produces canonical statuses
+# for hachure's reference sf-*.json vectors (sf-verified-commit → verified, sf-disputed-blocking → disputed).
+HACHURE_CONF="$ROOT/node_modules/hachure/conformance"
+if [[ -d "$HACHURE_CONF" ]]; then
+  if node --input-type=module <<NODEOF 2>"$TMPDIR_EVAL/tb-conf-vectors.err"
+import { readFileSync, readdirSync } from 'node:fs';
+import { deriveClaimStatus, statusFunctionVersion } from '@kontourai/surface';
+const confDir = '${HACHURE_CONF}';
+const vectors = readdirSync(confDir).filter(f => f.startsWith('sf-') && f.endsWith('.json'));
+let passed = 0; let failed = 0;
+for (const vec of vectors) {
+  const data = JSON.parse(readFileSync(confDir + '/' + vec, 'utf8'));
+  const { input, expect, now: nowStr } = data;
+  const now = nowStr ? new Date(nowStr) : new Date();
+  for (const [claimId, expectedStatus] of Object.entries(expect.statusByClaimId ?? {})) {
+    const claim = input.claims.find((c) => c.id === claimId);
+    if (!claim) { process.stderr.write('vector ' + vec + ': claim ' + claimId + ' not found\n'); failed++; continue; }
+    const evidence = (input.evidence || []).filter((e) => e.claimId === claimId);
+    const events = (input.events || []).filter((e) => e.claimId === claimId);
+    const policies = (input.policies || []);
+    const authorityTrace = (input.authorityTrace || []);
+    const result = deriveClaimStatus({ claim, evidence, events, policies, now, authorityTrace });
+    if (result.status !== expectedStatus) {
+      process.stderr.write('vector ' + vec + ' claim ' + claimId + ': got ' + result.status + ', expected ' + expectedStatus + '\n');
+      failed++;
+    } else {
+      passed++;
+    }
+  }
+}
+process.stderr.write('conformance vectors: ' + passed + ' passed, ' + failed + ' failed (statusFunctionVersion=' + statusFunctionVersion + ')\n');
+if (failed > 0) process.exit(1);
+NODEOF
+  then
+    _pass "hachure conformance vectors pass Surface deriveClaimStatus"
+  else
+    _fail "hachure conformance vectors failed: $(cat "$TMPDIR_EVAL/tb-conf-vectors.err")"
+  fi
+fi
+
+# ─── Deterministic session slug from work-item ref (#161) ───────────────────
+
+WORK_ITEM_ROOT="$TMPDIR_EVAL/work-item-repo/.flow-agents"
+
+# (a) --work-item derives deterministic slug kontourai-flow-agents-161
+if flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$WORK_ITEM_ROOT" \
+  --work-item "kontourai/flow-agents#161" \
+  --title "Work Item 161" \
+  --summary "Deterministic slug from work-item ref." \
+  --timestamp "2026-06-25T00:00:00Z" >"$TMPDIR_EVAL/wi-ensure.out" 2>"$TMPDIR_EVAL/wi-ensure.err"; then
+  _pass "ensure-session --work-item derives slug kontourai-flow-agents-161"
+else
+  _fail "ensure-session --work-item failed: $(cat "$TMPDIR_EVAL/wi-ensure.out" "$TMPDIR_EVAL/wi-ensure.err")"
+fi
+
+if [[ -f "$WORK_ITEM_ROOT/kontourai-flow-agents-161/state.json" ]]; then
+  _pass "ensure-session --work-item creates expected session directory"
+else
+  _fail "ensure-session --work-item did not create $WORK_ITEM_ROOT/kontourai-flow-agents-161/"
+fi
+
+# (b) idempotency: second call same ref → same directory, no failure
+if flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$WORK_ITEM_ROOT" \
+  --work-item "kontourai/flow-agents#161" \
+  --title "Work Item 161 Second" \
+  --summary "Idempotent call." \
+  --timestamp "2026-06-25T00:00:01Z" >"$TMPDIR_EVAL/wi-ensure2.out" 2>"$TMPDIR_EVAL/wi-ensure2.err" \
+  && [[ -f "$WORK_ITEM_ROOT/kontourai-flow-agents-161/state.json" ]]; then
+  _pass "ensure-session --work-item is idempotent (same slug/dir on second call)"
+else
+  _fail "ensure-session --work-item idempotency failed: $(cat "$TMPDIR_EVAL/wi-ensure2.out" "$TMPDIR_EVAL/wi-ensure2.err")"
+fi
+
+# (c) --task-slug wins over --work-item (back-compat: explicit overrides derived)
+TASK_SLUG_ROOT="$TMPDIR_EVAL/task-slug-repo/.flow-agents"
+if flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$TASK_SLUG_ROOT" \
+  --task-slug "manual-slug" \
+  --work-item "kontourai/flow-agents#161" \
+  --title "Manual Slug" \
+  --summary "Explicit task-slug must win over work-item." \
+  --timestamp "2026-06-25T00:00:02Z" >"$TMPDIR_EVAL/wi-taskslug.out" 2>"$TMPDIR_EVAL/wi-taskslug.err" \
+  && [[ -d "$TASK_SLUG_ROOT/manual-slug" ]] \
+  && [[ ! -d "$TASK_SLUG_ROOT/kontourai-flow-agents-161" ]]; then
+  _pass "ensure-session --task-slug wins over --work-item (back-compat)"
+else
+  _fail "ensure-session --task-slug did not win over --work-item: $(cat "$TMPDIR_EVAL/wi-taskslug.out" "$TMPDIR_EVAL/wi-taskslug.err")"
+fi
+
+# (c2) --task-slug only (no --work-item) still works
+TASK_SLUG_ONLY_ROOT="$TMPDIR_EVAL/task-slug-only-repo/.flow-agents"
+if flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$TASK_SLUG_ONLY_ROOT" \
+  --task-slug "explicit-only" \
+  --title "Explicit Only" \
+  --summary "task-slug only, no work-item." \
+  --timestamp "2026-06-25T00:00:03Z" >"$TMPDIR_EVAL/wi-onlyslug.out" 2>"$TMPDIR_EVAL/wi-onlyslug.err" \
+  && [[ -d "$TASK_SLUG_ONLY_ROOT/explicit-only" ]]; then
+  _pass "ensure-session --task-slug alone still works (back-compat regression guard)"
+else
+  _fail "ensure-session --task-slug alone failed: $(cat "$TMPDIR_EVAL/wi-onlyslug.out" "$TMPDIR_EVAL/wi-onlyslug.err")"
+fi
+
+# (d) liveness subjectId matches work-item slug
+# ensure-session establishes the slug; liveness events (emitted by init-plan/advance-state) key
+# on that same slug as subjectId. We verify this by emitting two liveness claim events directly
+# via `liveness claim` using the slug derived from the ref, then asserting both share subjectId.
+LIVENESS_WORK_ROOT="$TMPDIR_EVAL/liveness-wi-repo/.flow-agents"
+# First: ensure-session --work-item produces the expected slug (directory name proof)
+if flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$LIVENESS_WORK_ROOT" \
+  --work-item "kontourai/flow-agents#162" \
+  --title "Liveness Work Item" \
+  --summary "Liveness subjectId test." \
+  --timestamp "2026-06-25T00:00:04Z" >"$TMPDIR_EVAL/wi-liveness1.out" 2>"$TMPDIR_EVAL/wi-liveness1.err" \
+  && [[ -d "$LIVENESS_WORK_ROOT/kontourai-flow-agents-162" ]]; then
+  _pass "ensure-session --work-item creates session dir with deterministic slug"
+else
+  _fail "ensure-session --work-item session dir check failed: $(cat "$TMPDIR_EVAL/wi-liveness1.out" "$TMPDIR_EVAL/wi-liveness1.err")"
+fi
+
+# Emit two liveness claim events using the same subjectId (as init-plan does when FLOW_AGENTS_LIVENESS=on).
+# This proves: same work-item ref → same slug → same subjectId across two agents.
+FLOW_AGENTS_ACTOR=agent-a flow_agents_node "$WRITER" liveness claim \
+  --artifact-root "$LIVENESS_WORK_ROOT" \
+  kontourai-flow-agents-162 >"$TMPDIR_EVAL/wi-liveness-claim-a.out" 2>"$TMPDIR_EVAL/wi-liveness-claim-a.err"
+FLOW_AGENTS_ACTOR=agent-b flow_agents_node "$WRITER" liveness claim \
+  --artifact-root "$LIVENESS_WORK_ROOT" \
+  kontourai-flow-agents-162 >"$TMPDIR_EVAL/wi-liveness-claim-b.out" 2>"$TMPDIR_EVAL/wi-liveness-claim-b.err"
+
+LIVENESS_EVENTS="$LIVENESS_WORK_ROOT/liveness/events.jsonl"
+if [[ -f "$LIVENESS_EVENTS" ]] \
+  && grep -q '"subjectId":"kontourai-flow-agents-162"' "$LIVENESS_EVENTS"; then
+  _pass "liveness events contain subjectId kontourai-flow-agents-162"
+else
+  _fail "liveness events missing expected subjectId: $(cat "$LIVENESS_EVENTS" 2>/dev/null || echo 'file not found')"
+fi
+
+# Both events must share the same subjectId value (two agents, same ref → same subjectId)
+subject_count=$(grep -c '"subjectId":"kontourai-flow-agents-162"' "$LIVENESS_EVENTS" 2>/dev/null || echo 0)
+if [[ "$subject_count" -ge 2 ]]; then
+  _pass "both liveness events share subjectId kontourai-flow-agents-162 (same ref → same subjectId)"
+else
+  _fail "expected >=2 liveness events with subjectId kontourai-flow-agents-162, found $subject_count"
+fi
+
+# (e) malformed ref is rejected
+if flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$WORK_ITEM_ROOT" \
+  --work-item "kontourai/flow-agents/bad" \
+  --title "Bad Ref" \
+  --summary "Should fail." \
+  --timestamp "2026-06-25T00:00:06Z" >"$TMPDIR_EVAL/wi-bad-slash.out" 2>&1; then
+  _fail "ensure-session should reject work-item ref without # separator"
+elif grep -q 'owner/repo#id format' "$TMPDIR_EVAL/wi-bad-slash.out"; then
+  _pass "ensure-session rejects work-item ref without # separator"
+else
+  _fail "malformed ref rejection message was unexpected: $(cat "$TMPDIR_EVAL/wi-bad-slash.out")"
+fi
+
+if flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$WORK_ITEM_ROOT" \
+  --work-item "kontourai/flow-agents#abc" \
+  --title "Bad ID" \
+  --summary "Should fail on non-numeric id." \
+  --timestamp "2026-06-25T00:00:07Z" >"$TMPDIR_EVAL/wi-bad-id.out" 2>&1; then
+  _fail "ensure-session should reject work-item with non-numeric id"
+elif grep -q 'numeric issue number' "$TMPDIR_EVAL/wi-bad-id.out"; then
+  _pass "ensure-session rejects work-item with non-numeric id"
+else
+  _fail "non-numeric id rejection message was unexpected: $(cat "$TMPDIR_EVAL/wi-bad-id.out")"
+fi
+
+# Neither --task-slug nor --work-item → back-compat error message must contain "task-slug is required"
+if flow_agents_node "$WRITER" ensure-session \
+  --artifact-root "$WORK_ITEM_ROOT" \
+  --title "No Slug" \
+  --summary "Should fail." \
+  --timestamp "2026-06-25T00:00:08Z" >"$TMPDIR_EVAL/wi-no-slug.out" 2>&1; then
+  _fail "ensure-session should require --task-slug or --work-item"
+elif grep -q 'task-slug is required' "$TMPDIR_EVAL/wi-no-slug.out"; then
+  _pass "ensure-session dies with 'task-slug is required' when neither flag is supplied (back-compat)"
+else
+  _fail "missing slug error message lacked 'task-slug is required': $(cat "$TMPDIR_EVAL/wi-no-slug.out")"
+fi
+
+
 if [[ "$errors" -eq 0 ]]; then
   echo "Workflow sidecar writer integration passed."
   exit 0