@kontourai/flow-agents 2.0.0 → 2.0.1

package/.github/workflows/runtime-compat.yml

@@ -75,7 +75,7 @@ jobs:
           node-version: 24
 
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
         with:
           python-version: "3.12"
 

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## [2.0.1](https://github.com/kontourai/flow-agents/compare/v2.0.0...v2.0.1) (2026-06-27)
+
+
+### Fixes
+
+* carry KIT IDENTITY through the trust chain — stop flattening non-builder kits to "builder" ([#235](https://github.com/kontourai/flow-agents/issues/235)) ([02d2782](https://github.com/kontourai/flow-agents/commit/02d2782ca8d9158a018d0fc6c35adc6a34c827d5))
+* **gate:** classify concurrent-fork vs tamper; never hard-block a benign race ([#233](https://github.com/kontourai/flow-agents/issues/233)) ([e24743b](https://github.com/kontourai/flow-agents/commit/e24743b7dbff05df64e198e420e47841ce534df3))
+
 ## [2.0.0](https://github.com/kontourai/flow-agents/compare/v1.4.0...v2.0.0) (2026-06-27)
 
 

package/build/src/cli/workflow-sidecar.d.ts

@@ -167,6 +167,22 @@ export declare function sidecarBase(slug: string): AnyObj;
 export declare function validateEvidenceRef(ref: AnyObj, label: string): AnyObj;
 export declare function normalizeEvidenceRefs(raw: unknown, label: string): AnyObj[];
 export declare function normalizeCheck(raw: AnyObj): AnyObj;
+/**
+ * Derive kit identity from a parsed trust.bundle by structurally reading the
+ * DECLARED primary claim (kit-typed) rather than hardcoding "builder".
+ *
+ * Resolution order (no fallbacks to "builder"):
+ *   1. First non-workflow.* claim in bundle.claims[] → claimType drives kitId + subject.
+ *   2. No kit-typed claim: try current.json active_flow_id adjacent to the bundle file
+ *      (bundle lives at <session-dir>/trust.bundle → flowAgentsDir = grandparent).
+ *   3. Genuinely unknown: mark as "unknown" — never hardcode a kit identity.
+ */
+export declare function kitIdentityFromBundle(raw: AnyObj, bundleFile: string): {
+    claimType: string;
+    kitId: string;
+    subject: string;
+    gateId: string;
+};
 export declare function writeState(dir: string, slug: string, status: string, phase: string, timestamp: string, summary: string, next?: string): void;
 export declare function normalizeFinding(raw: AnyObj): AnyObj;
 /**

package/build/src/cli/workflow-sidecar.js

@@ -6,7 +6,7 @@ import { createHash } from "node:crypto";
 import { createRequire } from "node:module";
 import { fileURLToPath } from "node:url";
 // ADR 0016 Abstraction A: shared FlowDefinition resolver (P-a)
-import { resolveActiveFlowStep, resolveFlowFilePath, resolvePhaseMap } from "../lib/flow-resolver.js";
+import { resolveActiveFlowStep, resolveFlowFilePath, resolvePhaseMap, resolveRouteBackPolicy } from "../lib/flow-resolver.js";
 export const statuses = new Set(["new", "planning", "planned", "in_progress", "blocked", "verifying", "verified", "needs_decision", "not_verified", "failed", "delivered", "accepted", "archived"]);
 export const phases = ["idea", "backlog", "pickup", "planning", "execution", "verification", "goal_fit", "evidence", "release", "learning", "done"];
 export const checkKinds = new Set(["build", "types", "lint", "test", "security", "diff", "browser", "runtime", "policy", "external"]);
@@ -1071,15 +1071,63 @@ function deriveSurfaceStatus(ref) {
         return "fail";
     return "pass";
 }
+/**
+ * Derive kit identity from a parsed trust.bundle by structurally reading the
+ * DECLARED primary claim (kit-typed) rather than hardcoding "builder".
+ *
+ * Resolution order (no fallbacks to "builder"):
+ *   1. First non-workflow.* claim in bundle.claims[] → claimType drives kitId + subject.
+ *   2. No kit-typed claim: try current.json active_flow_id adjacent to the bundle file
+ *      (bundle lives at <session-dir>/trust.bundle → flowAgentsDir = grandparent).
+ *   3. Genuinely unknown: mark as "unknown" — never hardcode a kit identity.
+ */
+export function kitIdentityFromBundle(raw, bundleFile) {
+    // 1. Structurally read the bundle's declared kit-typed claim.
+    const claims = Array.isArray(raw.claims) ? raw.claims : [];
+    for (const claim of claims) {
+        const ct = typeof claim?.claimType === "string" ? claim.claimType : "";
+        if (ct && !ct.startsWith("workflow.")) {
+            const kitId = ct.split(".")[0] ?? "unknown";
+            if (kitId && kitId !== "unknown") {
+                return { claimType: ct, kitId, subject: `${kitId}-kit`, gateId: ct };
+            }
+        }
+    }
+    // 2. No kit-typed claim in bundle — try to derive kit from current.json active_flow_id.
+    //    The bundle lives at <session-dir>/trust.bundle, so:
+    //      sessionDir = path.dirname(bundleFile)
+    //      flowAgentsDir = path.dirname(sessionDir)
+    try {
+        const sessionDir = path.dirname(bundleFile);
+        const flowAgentsDir = path.dirname(sessionDir);
+        const currentFile = path.join(flowAgentsDir, "current.json");
+        const current = JSON.parse(fs.readFileSync(currentFile, "utf8"));
+        const flowId = typeof current["active_flow_id"] === "string" ? current["active_flow_id"] : null;
+        if (flowId && flowId.includes(".")) {
+            const kitId = flowId.split(".")[0];
+            if (kitId) {
+                const derivedClaimType = `${kitId}.trust.bundle`;
+                return { claimType: derivedClaimType, kitId, subject: `${kitId}-kit`, gateId: derivedClaimType };
+            }
+        }
+    }
+    catch {
+        // Ignore — fall through to unknown
+    }
+    // 3. Genuinely unknown — never fallback to "builder".
+    return { claimType: "unknown.trust.bundle", kitId: "unknown", subject: "unknown-kit", gateId: "unknown.trust.bundle" };
+}
 function surfaceCheckFromArtifact(file, index) {
     const raw = JSON.parse(read(file));
     const lower = JSON.stringify(raw).toLowerCase();
+    // Structurally read kit identity from the bundle — never hardcode "builder".
+    const { claimType: bundleClaimType, subject: bundleSubject, gateId: bundleGateId } = kitIdentityFromBundle(raw, file);
     let ref;
     if (lower.includes("provider") && lower.includes("absent")) {
-        ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: "provider.unavailable", claim_type: "builder.trust.bundle", claim_status: "unknown", subject: "builder-kit", freshness: { status: "unknown", summary: "No trust provider is configured" }, authority: { producer: "unknown", summary: "No trust provider is configured" }, integrity: { status: "unknown", summary: "Unknown" }, status: "not_verified", summary: "No trust provider is configured" };
+        ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: "provider.unavailable", claim_type: bundleClaimType, claim_status: "unknown", subject: bundleSubject, freshness: { status: "unknown", summary: "No trust provider is configured" }, authority: { producer: "unknown", summary: "No trust provider is configured" }, integrity: { status: "unknown", summary: "Unknown" }, status: "not_verified", summary: "No trust provider is configured" };
     }
     else if (lower.includes("artifact") && lower.includes("absent")) {
-        ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: "artifact.unavailable", claim_type: "builder.trust.bundle", claim_status: "unknown", subject: "builder-kit", freshness: { status: "unknown", summary: "Artifact not readable" }, authority: { producer: "unknown", summary: "Artifact not readable" }, integrity: { status: "unknown", summary: "Artifact not readable" }, status: "not_verified", summary: "artifact not readable" };
+        ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: "artifact.unavailable", claim_type: bundleClaimType, claim_status: "unknown", subject: bundleSubject, freshness: { status: "unknown", summary: "Artifact not readable" }, authority: { producer: "unknown", summary: "Artifact not readable" }, integrity: { status: "unknown", summary: "Artifact not readable" }, status: "not_verified", summary: "artifact not readable" };
     }
     else {
         const claimStatus = lower.includes("rejected") ? "rejected" : "accepted";
@@ -1087,7 +1135,7 @@ function surfaceCheckFromArtifact(file, index) {
         const producer = lower.includes("missing-authority") ? "unknown" : "surface-local";
         const integrity = lower.includes("mismatch") ? "mismatch" : "matched";
         // Use trust.bundle as the canonical Hachure-aligned artifact_kind for all trust-backed evidence refs
-        ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: "builder.trust.bundle", claim_type: "builder.trust.bundle", claim_status: claimStatus, subject: "builder-kit", freshness: { status: freshness, summary: freshness === "fresh" ? "fresh" : "not currently verifiable" }, authority: { producer, summary: producer === "unknown" ? "missing authority" : "Local Surface trust producer." }, integrity: { status: integrity, summary: integrity === "matched" ? "matched" : "integrity mismatch" } };
+        ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: bundleGateId, claim_type: bundleClaimType, claim_status: claimStatus, subject: bundleSubject, freshness: { status: freshness, summary: freshness === "fresh" ? "fresh" : "not currently verifiable" }, authority: { producer, summary: producer === "unknown" ? "missing authority" : "Local Surface trust producer." }, integrity: { status: integrity, summary: integrity === "matched" ? "matched" : "integrity mismatch" } };
         ref.status = deriveSurfaceStatus(ref);
         ref.summary = ref.status === "pass" ? "accepted" : ref.status === "not_verified" ? "not currently verifiable" : (claimStatus === "rejected" ? "rejected" : producer === "unknown" ? "missing authority" : "integrity mismatch");
     }
@@ -1342,16 +1390,22 @@ async function advanceState(p) {
     if ((status === "archived" || status === "accepted") && prev.phase !== "learning")
         diagnostic(dir, "terminal_jump_rejected", "Terminal workflow states require release and learning gates.");
     const flow = opt(p, "flow-definition");
-    if (flow === "builder.build" && prev.phase === "verification" && phase === "execution") {
+    // Route-back guard: FlowDefinition-driven (not hardcoded to builder.build).
+    // Fires when the active flow's gate for prev.phase declares a route_back_policy
+    // AND the target phase maps to a step listed in on_route_back values.
+    // builder.build verify-gate already carries this declaration — behavior preserved.
+    const repoRoot = flow ? findRepoRootFromDir(dir) : "";
+    const routeBack = flow ? resolveRouteBackPolicy(flow, prev.phase, phase, repoRoot) : null;
+    if (routeBack) {
         const reason = opt(p, "route-back-reason");
         if (!reason)
-            diagnostic(dir, "route_back_reason_required", "Builder Kit route-back requires implementation_defect or equivalent reason.");
+            diagnostic(dir, "route_back_reason_required", `Route-back from ${prev.phase} to ${phase} requires a --route-back-reason (e.g. implementation_defect).`);
         const file = path.join(dir, "transition-attempts.json");
         const attempts = loadJson(file);
-        const key = `verification->execution:${reason}`;
+        const key = `${prev.phase}->${phase}:${reason}`;
         const count = attempts[key]?.count ?? 0;
-        if (count >= 3)
-            diagnostic(dir, "route_back_attempts_exceeded", "Builder Kit route-back attempts exceeded.");
+        if (count >= routeBack.maxAttempts)
+            diagnostic(dir, "route_back_attempts_exceeded", `Route-back attempt limit (${routeBack.maxAttempts}) exceeded for ${prev.phase}→${phase}.`);
         attempts[key] = { count: count + 1, reason, updated_at: opt(p, "timestamp", now()) };
         writeJson(file, attempts);
     }
@@ -1365,7 +1419,7 @@ async function advanceState(p) {
     // --step-id individually. The repoRoot is derived by walking up from dir to find kits/.
     if (flow) {
         const root = path.resolve(opt(p, "artifact-root", path.dirname(dir)));
-        const repoRoot = findRepoRootFromDir(dir);
+        // repoRoot already computed above when flow is present
         const phaseMap = resolvePhaseMap(flow, repoRoot);
         const stepId = phaseMap?.[phase] ?? undefined;
         if (stepId) {

package/build/src/lib/flow-resolver.d.ts

@@ -80,3 +80,32 @@ export declare function resolvePhaseMap(flowId: string, repoRoot: string): Recor
  * @returns ActiveFlowStep or null when fields are absent or resolution fails.
  */
 export declare function resolveActiveFlowStep(flowAgentsDir: string): ActiveFlowStep | null;
+/** The resolved route-back policy for a phase transition. */
+export type RouteBackPolicy = {
+    /** Maximum allowed route-back attempts for this transition key. */
+    maxAttempts: number;
+    /** Action when attempts are exceeded (e.g. "block"). */
+    onExceeded: string;
+    /** The step id whose gate declared this policy (e.g. "verify"). */
+    fromStepId: string;
+};
+/**
+ * Resolve the route-back policy for a phase transition, if the active FlowDefinition
+ * declares one on the source phase's gate.
+ *
+ * A route-back is a transition where the source phase's gate declares both
+ * `route_back_policy` and `on_route_back`, and the target phase maps to a step
+ * listed as a route-back target in `on_route_back` values.
+ *
+ * This is the FlowDefinition-driven replacement for the hardcoded
+ * `flow === "builder.build" && prev.phase === "verification" && phase === "execution"`
+ * guard in advance-state. Any flow that declares `route_back_policy` on a gate
+ * automatically gets route-back enforcement without code changes.
+ *
+ * @param flowId    e.g. "builder.build" — kitId is the prefix before the first ".".
+ * @param fromPhase Lifecycle phase leaving (e.g. "verification").
+ * @param toPhase   Lifecycle phase entering (e.g. "execution").
+ * @param repoRoot  Absolute path to the repository root (kits/ lives here).
+ * @returns RouteBackPolicy when the transition is a declared route-back, null otherwise.
+ */
+export declare function resolveRouteBackPolicy(flowId: string, fromPhase: string, toPhase: string, repoRoot: string): RouteBackPolicy | null;

package/build/src/lib/flow-resolver.js

@@ -235,3 +235,74 @@ export function resolveActiveFlowStep(flowAgentsDir) {
     const repoRoot = findRepoRoot(path.dirname(flowAgentsDir));
     return resolveFlowStep(flowId, stepId, repoRoot);
 }
+/**
+ * Resolve the route-back policy for a phase transition, if the active FlowDefinition
+ * declares one on the source phase's gate.
+ *
+ * A route-back is a transition where the source phase's gate declares both
+ * `route_back_policy` and `on_route_back`, and the target phase maps to a step
+ * listed as a route-back target in `on_route_back` values.
+ *
+ * This is the FlowDefinition-driven replacement for the hardcoded
+ * `flow === "builder.build" && prev.phase === "verification" && phase === "execution"`
+ * guard in advance-state. Any flow that declares `route_back_policy` on a gate
+ * automatically gets route-back enforcement without code changes.
+ *
+ * @param flowId    e.g. "builder.build" — kitId is the prefix before the first ".".
+ * @param fromPhase Lifecycle phase leaving (e.g. "verification").
+ * @param toPhase   Lifecycle phase entering (e.g. "execution").
+ * @param repoRoot  Absolute path to the repository root (kits/ lives here).
+ * @returns RouteBackPolicy when the transition is a declared route-back, null otherwise.
+ */
+export function resolveRouteBackPolicy(flowId, fromPhase, toPhase, repoRoot) {
+    if (!flowId || !fromPhase || !toPhase)
+        return null;
+    const dotIdx = flowId.indexOf(".");
+    if (dotIdx < 1)
+        return null;
+    const kitId = flowId.slice(0, dotIdx);
+    const flowName = flowId.slice(dotIdx + 1);
+    if (!kitId || !flowName)
+        return null;
+    const flowFilePath = resolveFlowFilePath(kitId, flowName, flowId, repoRoot);
+    if (!flowFilePath)
+        return null;
+    let flowDef;
+    try {
+        const raw = fs.readFileSync(flowFilePath, "utf8");
+        flowDef = JSON.parse(raw);
+    }
+    catch {
+        return null; // ENOENT, permission error, or parse error — fail-open
+    }
+    if (!flowDef || typeof flowDef !== "object")
+        return null;
+    const phaseMap = flowDef.phase_map;
+    if (!phaseMap || typeof phaseMap !== "object" || Array.isArray(phaseMap))
+        return null;
+    const fromStep = phaseMap[fromPhase];
+    const toStep = phaseMap[toPhase];
+    if (!fromStep || !toStep)
+        return null; // phases not in this flow
+    if (!flowDef.gates)
+        return null;
+    for (const gate of Object.values(flowDef.gates)) {
+        if (!gate || gate.step !== fromStep)
+            continue;
+        if (!gate.route_back_policy || !gate.on_route_back)
+            return null;
+        // Check if toStep is a valid route-back target declared in on_route_back
+        const routeBackTargets = Object.values(gate.on_route_back);
+        if (!routeBackTargets.includes(toStep))
+            return null;
+        const maxAttempts = typeof gate.route_back_policy.max_attempts === "number"
+            ? gate.route_back_policy.max_attempts
+            : 3;
+        return {
+            maxAttempts,
+            onExceeded: gate.route_back_policy.on_exceeded ?? "block",
+            fromStepId: fromStep,
+        };
+    }
+    return null;
+}

package/evals/ci/antigaming-suite.sh

@@ -19,6 +19,7 @@ TESTS=(
   "evals/integration/test_reconcile_soundness.sh"
   "evals/integration/test_captured_fail_reconciliation.sh"
   "evals/integration/test_command_log_integrity.sh"
+  "evals/integration/test_command_log_fork_classification.sh"
   "evals/integration/test_resolvefirststep_security.sh"
   "evals/integration/test_enforcer_expects_driven.sh"
   "evals/integration/test_goal_fit_rederive.sh"

package/evals/integration/test_command_log_fork_classification.sh

@@ -0,0 +1,134 @@
+#!/usr/bin/env bash
+# test_command_log_fork_classification.sh
+#
+# The verifier must tell a BENIGN concurrent fork apart from real TAMPER, and
+# the repair tool must refuse to touch tamper. This is what prevents an honest
+# parallel-write race from becoming a hard block an agent is tempted to launder.
+#
+#   forked  = two PostToolUse captures share a parent; all hashes self-consistent
+#             and reachable. NON-blocking advisory; records stay trusted.
+#   broken  = content edit (self-hash mismatch) / reorder / deletion / a
+#             non-capture sibling on a shared parent. Hard block (unchanged).
+#
+# Also proves: repair re-linearizes forked→ok, and REFUSES broken (no laundering).
+set -uo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+export GATE="$ROOT/scripts/hooks/stop-goal-fit.js"
+REPAIR="$ROOT/scripts/repair-command-log.js"
+
+TMP="$(mktemp -d)"; trap 'rm -rf "$TMP"' EXIT
+errors=0
+_pass() { echo "  ✓ $1"; }
+_fail() { echo "  ✗ $1"; errors=$((errors + 1)); }
+
+SD=".flow-agents/s"
+
+# Build a command-log from a spec: JSON array of {cmd,exit,src,parent} where
+# parent is the 0-based index of the entry whose hash is this entry's prevHash
+# (-1 = genesis). Lets us construct linear chains AND forks deterministically.
+build() { # $1=dir $2=spec-json
+  mkdir -p "$1/$SD"
+  DIR="$1" node -e '
+    const fs=require("fs"),crypto=require("crypto"),path=require("path");
+    const g=require(process.env.GATE), GEN=g.CHAIN_GENESIS_VERIFY;
+    const canon=r=>{const k=Object.keys(r).filter(x=>x!=="_chain").sort();const o={};for(const x of k)o[x]=r[x];return JSON.stringify(o);};
+    const H=(p,r)=>crypto.createHash("sha256").update(p+canon(r)).digest("hex");
+    const spec=JSON.parse(process.argv[1]); const hashes=[],lines=[];
+    spec.forEach((s,i)=>{
+      const rec={command:s.cmd,observedResult:s.exit===0?"pass":"fail",exitCode:s.exit,
+        capturedAt:new Date(Date.UTC(2026,0,1,0,0,i)).toISOString(),source:s.src||"postToolUse-capture"};
+      const prev=s.parent===-1?GEN:hashes[s.parent]; const h=H(prev,rec);
+      hashes.push(h); lines.push(JSON.stringify({...rec,_chain:{seq:i,prevHash:prev,hash:h}}));
+    });
+    fs.writeFileSync(path.join(process.env.DIR,".flow-agents/s/command-log.jsonl"),lines.join("\n")+"\n");
+  ' "$2"
+}
+status() { DIR="$1" node -e 'const g=require(process.env.GATE);console.log(g.verifyCommandLogChain(process.env.DIR+"/.flow-agents/s").status)' ; }
+
+# ── 1. linear → ok ────────────────────────────────────────────────────────────
+D="$TMP/linear"; build "$D" '[{"cmd":"a","exit":0,"parent":-1},{"cmd":"b","exit":0,"parent":0}]'
+[ "$(status "$D")" = "ok" ] && _pass "linear chain → ok" || _fail "linear → $(status "$D"), want ok"
+
+# ── 2. concurrent fork (two captures share a parent) → forked ─────────────────
+D="$TMP/fork"; build "$D" '[{"cmd":"a","exit":0,"parent":-1},{"cmd":"b","exit":0,"parent":0},{"cmd":"c","exit":0,"parent":0}]'
+[ "$(status "$D")" = "forked" ] && _pass "concurrent fork → forked (not broken)" || _fail "fork → $(status "$D"), want forked"
+
+# ── 3. content edit (flip exitCode, keep hash) → broken ───────────────────────
+D="$TMP/flip"; build "$D" '[{"cmd":"npm test","exit":0,"parent":-1},{"cmd":"npm run lint","exit":1,"parent":0}]'
+python3 - "$D/$SD/command-log.jsonl" <<'PY'
+import json,sys
+L=open(sys.argv[1]).read().strip().split("\n"); e=json.loads(L[1]); e["exitCode"]=0; e["observedResult"]="pass"
+L[1]=json.dumps(e); open(sys.argv[1],"w").write("\n".join(L)+"\n")
+PY
+[ "$(status "$D")" = "broken" ] && _pass "content edit → broken (tamper, not fork)" || _fail "flip → $(status "$D"), want broken"
+
+# ── 4. reorder → broken ───────────────────────────────────────────────────────
+D="$TMP/reorder"; build "$D" '[{"cmd":"a","exit":0,"parent":-1},{"cmd":"b","exit":0,"parent":0}]'
+python3 - "$D/$SD/command-log.jsonl" <<'PY'
+import sys
+L=open(sys.argv[1]).read().strip().split("\n"); L[0],L[1]=L[1],L[0]; open(sys.argv[1],"w").write("\n".join(L)+"\n")
+PY
+[ "$(status "$D")" = "broken" ] && _pass "reorder → broken" || _fail "reorder → $(status "$D"), want broken"
+
+# ── 5. deleted predecessor → broken ───────────────────────────────────────────
+D="$TMP/delete"; build "$D" '[{"cmd":"a","exit":0,"parent":-1},{"cmd":"b","exit":0,"parent":0}]'
+python3 - "$D/$SD/command-log.jsonl" <<'PY'
+import sys
+L=open(sys.argv[1]).read().strip().split("\n"); open(sys.argv[1],"w").write(L[1]+"\n")
+PY
+[ "$(status "$D")" = "broken" ] && _pass "deleted predecessor → broken" || _fail "delete → $(status "$D"), want broken"
+
+# ── 6. non-capture sibling on a shared parent → broken (not a benign fork) ─────
+D="$TMP/badfork"; build "$D" '[{"cmd":"a","exit":0,"parent":-1},{"cmd":"b","exit":0,"parent":0},{"cmd":"c","exit":0,"parent":0,"src":"manual-inject"}]'
+[ "$(status "$D")" = "broken" ] && _pass "non-capture sibling fork → broken (conservative)" || _fail "badfork → $(status "$D"), want broken"
+
+# ── 7. repair re-linearizes forked → ok; refuses broken ───────────────────────
+D="$TMP/fork2"; build "$D" '[{"cmd":"a","exit":0,"parent":-1},{"cmd":"b","exit":0,"parent":0},{"cmd":"c","exit":0,"parent":0}]'
+node "$REPAIR" "$D/$SD" --reason "test" >/dev/null 2>&1
+[ "$(status "$D")" = "ok" ] && _pass "repair: forked → ok" || _fail "repair forked → $(status "$D"), want ok"
+
+D="$TMP/flip2"; build "$D" '[{"cmd":"x","exit":0,"parent":-1},{"cmd":"y","exit":1,"parent":0}]'
+python3 - "$D/$SD/command-log.jsonl" <<'PY'
+import json,sys
+L=open(sys.argv[1]).read().strip().split("\n"); e=json.loads(L[1]); e["exitCode"]=0
+L[1]=json.dumps(e); open(sys.argv[1],"w").write("\n".join(L)+"\n")
+PY
+before=$(cat "$D/$SD/command-log.jsonl")
+set +e; node "$REPAIR" "$D/$SD" >/dev/null 2>&1; rc=$?; set -e
+after=$(cat "$D/$SD/command-log.jsonl")
+if [ "$rc" -ne 0 ] && [ "$before" = "$after" ]; then _pass "repair: REFUSES broken (exit!=0, log unchanged — no laundering)"; else _fail "repair touched/accepted a broken log (rc=$rc)"; fi
+
+# ── 8. the Stop gate does NOT hard-block a forked log ─────────────────────────
+D="$TMP/gate"; mkdir -p "$D/$SD"
+printf '# Repo\n' > "$D/AGENTS.md"
+printf '%s' '{"schema_version":"1.0","task_slug":"s","status":"delivered","phase":"done","updated_at":"2026-06-23T00:00:00Z","next_action":{"status":"done","summary":"done"}}' > "$D/$SD/state.json"
+cat > "$D/$SD/s--deliver.md" <<'MD'
+# s
+
+branch: main
+status: delivered
+type: deliver
+
+## Definition Of Done
+- [x] tests pass
+
+## Goal Fit Gate
+- [x] acceptance verified
+
+### Verdict: PASS
+MD
+# forked log whose captures are all PASS, so there is no contradiction to flag
+build "$D" '[{"cmd":"npm test","exit":0,"parent":-1},{"cmd":"npm run build","exit":0,"parent":0},{"cmd":"npm run build","exit":0,"parent":0}]'
+printf '%s' '{"schema_version":"1.0","task_slug":"s","verdict":"pass","checks":[{"id":"t","kind":"command","status":"pass","command":"npm test","summary":"ok"}]}' > "$D/$SD/evidence.json"
+set +e
+out=$(FLOW_AGENTS_GOAL_FIT_MODE=block FLOW_AGENTS_GOAL_FIT_BACKSTOP=skip node "$GATE" 2>&1 <<< "{\"hook_event_name\":\"Stop\",\"cwd\":\"$D\"}")
+rc=$?
+set -e
+if [ "$rc" -eq 0 ]; then _pass "gate does NOT hard-block forked log (exit 0)"; else _fail "gate blocked forked log (exit $rc): $out"; fi
+echo "$out" | grep -q "concurrent-capture fork" && _pass "gate emits the concurrent-fork advisory" || _fail "missing fork advisory: $out"
+echo "$out" | grep -q "command-log integrity check FAILED" && _fail "gate wrongly emitted tamper warning for a fork" || _pass "no false tamper warning for a fork"
+
+echo ""
+if [ "$errors" -eq 0 ]; then echo "fork classification tests passed."; exit 0; fi
+echo "fork classification tests FAILED: $errors issue(s)."; exit 1