@loomfsm/bundle-code 0.1.0

package/dist/src/invariants.js

@@ -0,0 +1,208 @@
+// Code-bundle domain invariants + the deterministic safety floor.
+//
+// These run inside the same `runInvariants(tx)` call as the substrate's
+// own state-shape rules; the substrate does not care whether a violation
+// came from a generic rule or one of these. A non-null return rolls the
+// commit back. Each invariant is a pure function over the narrow state
+// projection plus declared `reads` metadata — no clock, no IO; replay
+// re-runs them against the stored state and must reach the same verdict.
+//
+// Numbering: the substrate owns the low range; bundle rules start at 101.
+// The four `INV_CODE_*` rules encode the code domain (a plan gate implies
+// planning is closed, sacred tests can't be silently rewritten, an
+// acceptance PASS can't coexist with open blocking findings). The three
+// floor rules (`INV_lint_clean` / `INV_tests_pass` / `INV_typecheck_clean`)
+// are the deterministic boundary that makes a fully-autonomous final gate
+// defensible — they READ a status field; the deterministic Step that
+// WRITES it (a shell-out to lint / test / typecheck) is the writer the
+// floor depends on. The floor only engages when the final role's policy
+// is literally `auto`; under the honest baseline (`on-blockers`) the
+// human-or-blocker gate is the boundary and the floor stays dormant.
+// Local typed-identity helper mirroring the substrate's own invariant
+// constructor: bind the `reads` metadata onto a pure verdict function.
+// The substrate does not export its private constructor, so the bundle
+// carries its own one-liner.
+function defineInvariant(reads, fn) {
+    return Object.assign(fn, { reads });
+}
+// A gate counts as "approved" whether a human approved it or a policy
+// auto-approved it — both close the checkpoint.
+function isApproved(status) {
+    return status === "approved" || status === "auto-approved";
+}
+function phaseStatus(state, name) {
+    const row = state.phases.find((p) => p.name === name);
+    return row ? row.status : null;
+}
+// Narrow a `bundle_state` sub-object's `status` field to `"ok"`. The
+// column is an opaque JSON blob on the snapshot, so every read is an
+// unknown that must be shape-checked before use.
+function statusField(value) {
+    if (typeof value !== "object" || value === null)
+        return null;
+    const s = value.status;
+    return typeof s === "string" ? s : null;
+}
+function bundleStateField(state, key) {
+    return state.bundle_state?.[key];
+}
+// ============================================================================
+// Domain rules — INV_CODE_101..104
+// ============================================================================
+// Once the plan gate is approved, the planning phase must be closed.
+export const invCode101 = defineInvariant(["gates", "phases"], (state) => {
+    if (!isApproved(state.gates["gate-plan"]?.status))
+        return null;
+    const planning = phaseStatus(state, "planning");
+    if (planning === null)
+        return null; // no planning row yet — nothing to assert
+    if (planning === "completed" || planning === "skipped")
+        return null;
+    return {
+        code: "INV_CODE_101",
+        message: `gate-plan approved but planning phase is '${planning}'`,
+        detail: { planning_status: planning },
+    };
+});
+// Once the final gate is approved, both the implementation and validation
+// phases must be completed.
+export const invCode102 = defineInvariant(["gates", "phases"], (state) => {
+    if (!isApproved(state.gates["gate-final"]?.status))
+        return null;
+    const impl = phaseStatus(state, "implementation");
+    const validation = phaseStatus(state, "validation");
+    if (impl === "completed" && validation === "completed")
+        return null;
+    return {
+        code: "INV_CODE_102",
+        message: `gate-final approved but implementation='${impl ?? "missing"}' validation='${validation ?? "missing"}'`,
+        detail: { implementation_status: impl, validation_status: validation },
+    };
+});
+// Sacred tests: if the implementer modified test files, the final gate may
+// only close with explicit HUMAN approval — a policy must not silently
+// auto-approve work that rewrote the tests it is judged against.
+export const invCode103 = defineInvariant(["bundle_state.test_files_modified_by_implementer", "gates"], (state) => {
+    const modified = bundleStateField(state, "test_files_modified_by_implementer");
+    if (!Array.isArray(modified) || modified.length === 0)
+        return null;
+    const g = state.gates["gate-final"];
+    if (!g || !isApproved(g.status))
+        return null;
+    if (g.decided_by === "human")
+        return null;
+    return {
+        code: "INV_CODE_103",
+        message: `implementer modified ${modified.length} test file(s); final gate must be human-approved, not '${g.decided_by}'`,
+        detail: { decided_by: g.decided_by, modified_count: modified.length },
+    };
+});
+// An acceptance PASS cannot coexist with open blocking findings from
+// implementation-phase reviewers at the latest review iteration.
+export const invCode104 = defineInvariant(["agent_verdicts"], (state) => {
+    const acceptance = state.agent_verdicts.find((v) => v.agent === "acceptance" && v.phase === "validation");
+    if (!acceptance)
+        return null;
+    if (acceptance.verdict !== "PASS" && acceptance.verdict !== "PASS_WITH_WARNINGS") {
+        return null;
+    }
+    const implEntries = state.agent_verdicts.filter((v) => v.phase === "implementation" && v.agent !== "acceptance");
+    if (implEntries.length === 0)
+        return null;
+    const latestIter = implEntries.reduce((m, v) => Math.max(m, v.iteration ?? 1), 0);
+    const offenders = implEntries.filter((v) => v.iteration === latestIter && v.blocking_issues > 0);
+    if (offenders.length === 0)
+        return null;
+    const sum = offenders.reduce((s, v) => s + v.blocking_issues, 0);
+    return {
+        code: "INV_CODE_104",
+        message: `acceptance.verdict='${acceptance.verdict}' but ${sum} open blocking finding(s) from impl-phase reviewers at iteration=${latestIter}`,
+        detail: {
+            offenders: offenders.map((v) => ({
+                agent: v.agent,
+                iteration: v.iteration,
+                blocking_issues: v.blocking_issues,
+            })),
+        },
+    };
+});
+// ============================================================================
+// Safety floor — only engages when the final role's policy is `auto`
+// ============================================================================
+// True only at the moment a fully-autonomous final gate is being approved.
+// Under the `on-blockers` baseline the gate's blocker check is the boundary
+// and the floor stays dormant, so the substrate never has to write the
+// status fields these rules read until a deployment opts into `auto`.
+function atFinalAutoApprove(state) {
+    if (state.gate_policies["final"] !== "auto")
+        return false;
+    return isApproved(state.gates["gate-final"]?.status);
+}
+function floorViolation(code, field, status, value) {
+    return {
+        code,
+        message: `${field} must pass before final auto-approve (status=${status ?? "missing"})`,
+        detail: { [field]: value },
+    };
+}
+export const invLintClean = defineInvariant(["gate_policies", "gates", "bundle_state.lint_result"], (state) => {
+    if (!atFinalAutoApprove(state))
+        return null;
+    const lint = bundleStateField(state, "lint_result");
+    const status = statusField(lint);
+    if (status === "ok")
+        return null;
+    return floorViolation("INV_lint_clean", "lint_result", status, lint);
+});
+export const invTestsPass = defineInvariant(["gate_policies", "gates", "bundle_state.test_run"], (state) => {
+    if (!atFinalAutoApprove(state))
+        return null;
+    const tests = bundleStateField(state, "test_run");
+    const status = statusField(tests);
+    if (status === "ok")
+        return null;
+    return floorViolation("INV_tests_pass", "test_run", status, tests);
+});
+export const invTypecheckClean = defineInvariant(["gate_policies", "gates", "bundle_state.typecheck"], (state) => {
+    if (!atFinalAutoApprove(state))
+        return null;
+    const tc = bundleStateField(state, "typecheck");
+    const status = statusField(tc);
+    if (status === "ok")
+        return null;
+    return floorViolation("INV_typecheck_clean", "typecheck", status, tc);
+});
+// Bridge to the loader's auto-policy completeness gate. When a role's
+// default (or per-task override) resolves to `auto`, the loader looks for
+// an invariant whose FUNCTION NAME is `INV_safety_floor_<role>` — the
+// single registered floor for that role. This composite is that anchor for
+// the `final` role: it runs the three deterministic checks above and
+// surfaces the first failure, so a deployment can flip `final` to `auto`
+// and load cleanly, with the floor genuinely enforcing on every
+// auto-approve. The function's `name` (not its violation code) is what the
+// loader matches.
+const safetyFloorFinalImpl = defineInvariant([
+    "gate_policies",
+    "gates",
+    "bundle_state.lint_result",
+    "bundle_state.test_run",
+    "bundle_state.typecheck",
+], (state, snapshots) => invLintClean(state, snapshots) ??
+    invTestsPass(state, snapshots) ??
+    invTypecheckClean(state, snapshots));
+Object.defineProperty(safetyFloorFinalImpl, "name", {
+    value: "INV_safety_floor_final",
+});
+export const invSafetyFloorFinal = safetyFloorFinalImpl;
+// The full domain + floor set the bundle registers.
+export const codeBundleInvariants = [
+    invCode101,
+    invCode102,
+    invCode103,
+    invCode104,
+    invLintClean,
+    invTestsPass,
+    invTypecheckClean,
+    invSafetyFloorFinal,
+];
+//# sourceMappingURL=invariants.js.map

package/dist/src/invariants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"invariants.js","sourceRoot":"","sources":["../../src/invariants.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,EAAE;AACF,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AACxE,uEAAuE;AACvE,sEAAsE;AACtE,yEAAyE;AACzE,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,mEAAmE;AACnE,wEAAwE;AACxE,4EAA4E;AAC5E,0EAA0E;AAC1E,qEAAqE;AACrE,uEAAuE;AACvE,wEAAwE;AACxE,qEAAqE;AACrE,qEAAqE;AASrE,sEAAsE;AACtE,uEAAuE;AACvE,uEAAuE;AACvE,6BAA6B;AAC7B,SAAS,eAAe,CACtB,KAAwB,EACxB,EAA4E;IAE5E,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,sEAAsE;AACtE,gDAAgD;AAChD,SAAS,UAAU,CAAC,MAA0B;IAC5C,OAAO,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,eAAe,CAAC;AAC7D,CAAC;AAED,SAAS,WAAW,CAAC,KAAsB,EAAE,IAAY;IACvD,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACtD,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,qEAAqE;AACrE,qEAAqE;AACrE,iDAAiD;AACjD,SAAS,WAAW,CAAC,KAAc;IACjC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC7D,MAAM,CAAC,GAAI,KAA8B,CAAC,MAAM,CAAC;IACjD,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1C,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAsB,EAAE,GAAW;IAC3D,OAAO,KAAK,CAAC,YAAY,EAAE,CAAC,GAAG,CAAC,CAAC;AACnC,CAAC;AAED,+EAA+E;AAC/E,mCAAmC;AACnC,+EAA+E;AAE/E,qEAAqE;AACrE,MAAM,CAAC,MAAM,UAAU,GAAc,eAAe,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE;IAClF,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/D,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAChD,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,CAAC,0CAA0C;IAC9E,IAAI,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACpE,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,6CAA6C,QAAQ,GAAG;QACjE,MAAM,EAAE,EAAE,eAAe,EAAE,QAAQ,EAAE;KACtC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,0EAA0E;AAC1E,4BAA4B;AAC5B,MAAM,CAAC,MAAM,UAAU,GAAc,eAAe,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE;IAClF,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChE,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACpD,IAAI,IAAI,KAAK,WAAW,IAAI,UAAU,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IACpE,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,2CAA2C,IAAI,IAAI,SAAS,iBAAiB,UAAU,IAAI,SAAS,GAAG;QAChH,MAAM,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,iBAAiB,EAAE,UAAU,EAAE;KACvE,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,2EAA2E;AAC3E,uEAAuE;AACvE,iEAAiE;AACjE,MAAM,CAAC,MAAM,UAAU,GAAc,eAAe,CAClD,CAAC,iDAAiD,EAAE,OAAO,CAAC,EAC5D,CAAC,KAAK,EAAE,EAAE;IACR,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,EAAE,oCAAoC,CAAC,CAAC;IAC/E,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACpC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,IAAI,CAAC,CAAC,UAAU,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,wBAAwB,QAAQ,CAAC,MAAM,0DAA0D,CAAC,CAAC,UAAU,GAAG;QACzH,MAAM,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,CAAC,MAAM,EAAE;KACtE,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,qEAAqE;AACrE,iEAAiE;AACjE,MAAM,CAAC,MAAM,UAAU,GAAc,eAAe,CAAC,CAAC,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE;IACjF,MAAM,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,IAAI,CAAC,CAAC,KAAK,KAAK,YAAY,CAC5D,CAAC;IACF,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,UAAU,CAAC,OAAO,KAAK,MAAM,IAAI,UAAU,CAAC,OAAO,KAAK,oBAAoB,EAAE,CAAC;QACjF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,WAAW,GAAG,KAAK,CAAC,cAAc,CAAC,MAAM,CAC7C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,gBAAgB,IAAI,CAAC,CAAC,KAAK,KAAK,YAAY,CAChE,CAAC;IACF,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,IAAI,CAAC,CAAC,eAAe,GAAG,CAAC,CAC3D,CAAC;IACF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;IACjE,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,uBAAuB,UAAU,CAAC,OAAO,SAAS,GAAG,oEAAoE,UAAU,EAAE;QAC9I,MAAM,EAAE;YACN,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/B,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,eAAe,EAAE,CAAC,CAAC,eAAe;aACnC,CAAC,CAAC;SACJ;KACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,+EAA+E;AAC/E,qEAAqE;AACrE,+EAA+E;AAE/E,2EAA2E;AAC3E,4EAA4E;AAC5E,uEAAuE;AACvE,sEAAsE;AACtE,SAAS,kBAAkB,CAAC,KAAsB;IAChD,IAAI,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1D,OAAO,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,cAAc,CACrB,IAAY,EACZ,KAAa,EACb,MAAqB,EACrB,KAAc;IAEd,OAAO;QACL,IAAI;QACJ,OAAO,EAAE,GAAG,KAAK,gDAAgD,MAAM,IAAI,SAAS,GAAG;QACvF,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAc,eAAe,CACpD,CAAC,eAAe,EAAE,OAAO,EAAE,0BAA0B,CAAC,EACtD,CAAC,KAAK,EAAE,EAAE;IACR,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,cAAc,CAAC,gBAAgB,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;AACvE,CAAC,CACF,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAc,eAAe,CACpD,CAAC,eAAe,EAAE,OAAO,EAAE,uBAAuB,CAAC,EACnD,CAAC,KAAK,EAAE,EAAE;IACR,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,cAAc,CAAC,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;AACrE,CAAC,CACF,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAc,eAAe,CACzD,CAAC,eAAe,EAAE,OAAO,EAAE,wBAAwB,CAAC,EACpD,CAAC,KAAK,EAAE,EAAE;IACR,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,MAAM,EAAE,GAAG,gBAAgB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC/B,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,cAAc,CAAC,qBAAqB,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC,CACF,CAAC;AAEF,sEAAsE;AACtE,0EAA0E;AAC1E,sEAAsE;AACtE,2EAA2E;AAC3E,qEAAqE;AACrE,yEAAyE;AACzE,gEAAgE;AAChE,2EAA2E;AAC3E,kBAAkB;AAClB,MAAM,oBAAoB,GAAG,eAAe,CAC1C;IACE,eAAe;IACf,OAAO;IACP,0BAA0B;IAC1B,uBAAuB;IACvB,wBAAwB;CACzB,EACD,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,CACnB,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;IAC9B,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;IAC9B,iBAAiB,CAAC,KAAK,EAAE,SAAS,CAAC,CACtC,CAAC;AACF,MAAM,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,EAAE;IAClD,KAAK,EAAE,wBAAwB;CAChC,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAc,oBAAoB,CAAC;AAEnE,oDAAoD;AACpD,MAAM,CAAC,MAAM,oBAAoB,GAAgB;IAC/C,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,YAAY;IACZ,YAAY;IACZ,iBAAiB;IACjB,mBAAmB;CACpB,CAAC"}

package/dist/src/policy-resolver.d.ts

@@ -0,0 +1,2 @@
+import type { GatePolicyResolver } from "@loomfsm/kernel";
+export declare const codePolicyResolver: GatePolicyResolver;

package/dist/src/policy-resolver.js

@@ -0,0 +1,65 @@
+// Code-bundle gate-policy resolver.
+//
+// The substrate's `on-blockers` / `auto` factories delegate the domain
+// decision to this function: given a clean-enough state, what does the
+// code domain want a gate to do? It is a pure function over the narrow
+// state projection plus the policy context's pre-materialized accessors —
+// no clock, no LLM call, no network. The substrate relies on that purity
+// to replay a gate decision deterministically.
+//
+// Three roles, three postures:
+//   - classify: trust the classifier; auto-approve.
+//   - plan:     auto-reject (revise) while planning carries open blockers,
+//               else auto-approve.
+//   - final:    auto-reject (revise) if acceptance failed or any blocking
+//               finding is still open, else auto-approve.
+//
+// `counts_against_replan_cap` is set on the auto-reject paths so a stuck
+// revise loop is bounded by the substrate's replan budget rather than
+// spinning forever.
+function renderPlanFeedback(blockers) {
+    return `Plan has ${blockers} open blocking finding(s). Revise the plan to resolve them before implementation.`;
+}
+function renderFinalFeedback(acceptanceFailed, openBlockers) {
+    const parts = [];
+    if (acceptanceFailed)
+        parts.push("acceptance verdict is not a PASS");
+    if (openBlockers > 0)
+        parts.push(`${openBlockers} open blocking finding(s)`);
+    return `Final checks did not clear: ${parts.join("; ")}. Address these and resubmit.`;
+}
+export const codePolicyResolver = (state, role, ctx) => {
+    if (role === "classify") {
+        return { type: "auto-approve", reason: "code: classify trust" };
+    }
+    if (role === "plan") {
+        const planBlockers = ctx.findings.countBlocking({ phase: "planning" });
+        if (planBlockers > 0) {
+            return {
+                type: "auto-reject",
+                reason: `code: ${planBlockers} blocking finding(s) in planning`,
+                reject_intent: "revise",
+                feedback: renderPlanFeedback(planBlockers),
+                counts_against_replan_cap: true,
+            };
+        }
+        return { type: "auto-approve", reason: "code: plan clean" };
+    }
+    if (role === "final") {
+        const verdict = ctx.latest_verdict(state, "acceptance");
+        const acceptanceFailed = verdict?.verdict === "FAIL";
+        const openBlockers = ctx.findings.countBlocking({});
+        if (acceptanceFailed || openBlockers > 0) {
+            return {
+                type: "auto-reject",
+                reason: "code: final safety floor",
+                reject_intent: "revise",
+                feedback: renderFinalFeedback(acceptanceFailed, openBlockers),
+                counts_against_replan_cap: true,
+            };
+        }
+        return { type: "auto-approve", reason: "code: final clean" };
+    }
+    return { type: "human-required", reason: `code: unknown role '${role}'` };
+};
+//# sourceMappingURL=policy-resolver.js.map

package/dist/src/policy-resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-resolver.js","sourceRoot":"","sources":["../../src/policy-resolver.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,EAAE;AACF,uEAAuE;AACvE,uEAAuE;AACvE,uEAAuE;AACvE,0EAA0E;AAC1E,yEAAyE;AACzE,+CAA+C;AAC/C,EAAE;AACF,+BAA+B;AAC/B,oDAAoD;AACpD,2EAA2E;AAC3E,mCAAmC;AACnC,0EAA0E;AAC1E,0DAA0D;AAC1D,EAAE;AACF,yEAAyE;AACzE,sEAAsE;AACtE,oBAAoB;AAUpB,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,OAAO,YAAY,QAAQ,mFAAmF,CAAC;AACjH,CAAC;AAED,SAAS,mBAAmB,CAC1B,gBAAyB,EACzB,YAAoB;IAEpB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,gBAAgB;QAAE,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IACrE,IAAI,YAAY,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,2BAA2B,CAAC,CAAC;IAC7E,OAAO,+BAA+B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,+BAA+B,CAAC;AACxF,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAuB,CACpD,KAAsB,EACtB,IAAc,EACd,GAAkB,EACA,EAAE;IACpB,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAClE,CAAC;IAED,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;QACvE,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,SAAS,YAAY,kCAAkC;gBAC/D,aAAa,EAAE,QAAQ;gBACvB,QAAQ,EAAE,kBAAkB,CAAC,YAAY,CAAC;gBAC1C,yBAAyB,EAAE,IAAI;aAChC,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAC9D,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,GAAG,CAAC,cAAc,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,OAAO,EAAE,OAAO,KAAK,MAAM,CAAC;QACrD,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QACpD,IAAI,gBAAgB,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,0BAA0B;gBAClC,aAAa,EAAE,QAAQ;gBACvB,QAAQ,EAAE,mBAAmB,CAAC,gBAAgB,EAAE,YAAY,CAAC;gBAC7D,yBAAyB,EAAE,IAAI;aAChC,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAC/D,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,uBAAuB,IAAI,GAAG,EAAE,CAAC;AAC5E,CAAC,CAAC"}

package/dist/src/sandbox-rules.d.ts

@@ -0,0 +1,2 @@
+import type { SensitivePathRules } from "@loomfsm/kernel";
+export declare const CODE_BUNDLE_SENSITIVE_PATH_RULES: SensitivePathRules;

package/dist/src/sandbox-rules.js

@@ -0,0 +1,40 @@
+// Dev-ecosystem sensitive-path rules contributed by the code bundle.
+//
+// The substrate's path-discipline floor is deliberately domain-neutral —
+// it knows about universally-sensitive credential stores (`~/.ssh`,
+// `.env`, cloud credential dirs) but NOT about the secret files a
+// software project carries. Those belong to whoever owns the domain.
+//
+// This ruleset is the code bundle's contribution, merged onto the kernel
+// floor via `mergeSensitivePathRules` when the per-task tool context is
+// assembled. Two rings, same shape the substrate uses:
+//   - `dirs` are matched as substrings of the resolved path, so each token
+//     is dot/slash-anchored to avoid colliding with an ordinary project
+//     folder of the same name.
+//   - `filePatterns` are RegExps tested against the resolved path, anchored
+//     on a segment boundary so a leading-dot secret name trips but an
+//     unrelated longer name does not.
+//
+// Anti-typo guard, not an exfil boundary: a motivated caller can still
+// reach an in-project file whose name dodges every pattern. Process-level
+// isolation is the real boundary; this is the cheap inner ring that stops
+// an LLM-confabulated or injection-supplied path from reading a package
+// registry token or an infra credential by accident.
+export const CODE_BUNDLE_SENSITIVE_PATH_RULES = {
+    dirs: [
+        "/.kube/", // kubeconfig + cluster client certs
+        "/.docker/", // registry auth (config.json holds base64 creds)
+        "/.config/gh/", // GitHub CLI host tokens
+    ],
+    filePatterns: [
+        /(^|\/)\.npmrc$/, // npm registry auth token (_authToken)
+        /(^|\/)\.pypirc$/, // PyPI upload credentials
+        /(^|\/)[^/]*\.tfvars$/, // Terraform variables — terraform.tfvars and friends carry secrets
+        /kubectl[/_]?config/, // a kubectl config dropped outside ~/.kube
+        // `.pgpass` is also on the kernel floor; carried here too so the code
+        // bundle's ruleset reads as a complete dev-ecosystem set on its own.
+        // The merge is additive, so the duplicate is a harmless second check.
+        /(^|\/)\.pgpass$/,
+    ],
+};
+//# sourceMappingURL=sandbox-rules.js.map

package/dist/src/sandbox-rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-rules.js","sourceRoot":"","sources":["../../src/sandbox-rules.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,yEAAyE;AACzE,oEAAoE;AACpE,kEAAkE;AAClE,qEAAqE;AACrE,EAAE;AACF,yEAAyE;AACzE,wEAAwE;AACxE,uDAAuD;AACvD,2EAA2E;AAC3E,wEAAwE;AACxE,+BAA+B;AAC/B,4EAA4E;AAC5E,sEAAsE;AACtE,sCAAsC;AACtC,EAAE;AACF,uEAAuE;AACvE,0EAA0E;AAC1E,0EAA0E;AAC1E,wEAAwE;AACxE,qDAAqD;AAIrD,MAAM,CAAC,MAAM,gCAAgC,GAAuB;IAClE,IAAI,EAAE;QACJ,SAAS,EAAE,oCAAoC;QAC/C,WAAW,EAAE,iDAAiD;QAC9D,cAAc,EAAE,yBAAyB;KAC1C;IACD,YAAY,EAAE;QACZ,gBAAgB,EAAE,uCAAuC;QACzD,iBAAiB,EAAE,0BAA0B;QAC7C,sBAAsB,EAAE,mEAAmE;QAC3F,oBAAoB,EAAE,2CAA2C;QACjE,sEAAsE;QACtE,qEAAqE;QACrE,sEAAsE;QACtE,iBAAiB;KAClB;CACF,CAAC"}

package/dist/test/bundle.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/test/bundle.test.js

@@ -0,0 +1,289 @@
+import assert from "node:assert/strict";
+import { existsSync, mkdtempSync, rmSync, statSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { afterEach, beforeEach, describe, it } from "node:test";
+import { KernelError, buildPrompt, captureNow, closeDb, loadBundle, reconcileExtensions, } from "@loomfsm/kernel";
+import codeBundle from "../src/bundle.js";
+import codeManifest from "../manifest.js";
+// The compiled test lives at dist/test/; the package root (where agents/,
+// schemas/, src/ and manifest.ts sit) is two levels up.
+const PKG_ROOT = join(dirname(fileURLToPath(import.meta.url)), "..", "..");
+function freshProject() {
+    return mkdtempSync(join(tmpdir(), "loom-bundle-code-"));
+}
+function cleanup(dir) {
+    try {
+        closeDb(dir);
+    }
+    catch {
+        /* may already be closed */
+    }
+    rmSync(dir, { recursive: true, force: true });
+}
+function shuttleStub(name = "claude-code-shuttle") {
+    return {
+        name,
+        capabilities: { execution: "shuttle", idempotent_spawn: true, reports_usage: true },
+        async spawn() {
+            throw new Error("stub — spawn must not run in loader tests");
+        },
+    };
+}
+async function installManifest(dir, now) {
+    await reconcileExtensions({
+        manifests: [{ path: "/fixture/manifest.json", raw: codeManifest }],
+        project_dir: dir,
+        now,
+    });
+}
+// ============================================================================
+// Happy path — the real bundle registers without error
+// ============================================================================
+describe("@loomfsm/bundle-code — loadBundle", () => {
+    let projectDir;
+    beforeEach(() => {
+        projectDir = freshProject();
+    });
+    afterEach(() => cleanup(projectDir));
+    it("registers the migrated manifest + bundle into a populated Registry", async () => {
+        const now = captureNow();
+        await installManifest(projectDir, now);
+        const registry = await loadBundle({
+            bundle: codeBundle,
+            bundle_source_dir: PKG_ROOT,
+            project_dir: projectDir,
+            providers: [shuttleStub()],
+            now,
+        });
+        // 21 canonical agents (the source's 24 minus the three CC-harness
+        // trigger agents).
+        assert.equal(registry.agents.size, 21);
+        // Every agent's `.md` is read off disk into the prompt map at load.
+        assert.equal(registry.prompts?.size, 21);
+        assert.ok((registry.prompts?.get("classifier")?.body.length ?? 0) > 0);
+        assert.equal(registry.flows.size, 3);
+        assert.deepEqual(registry.flows.get("medium"), [
+            "initialize", "classify", "classify-agent", "gate-classify",
+            "enrich", "plan", "plan-review", "gate-plan",
+            "git-stash", "implement", "git-diff", "pre-review", "review",
+            "reconcile", "iterate", "final-checks", "test-verify",
+            "gate-final", "finalize",
+        ]);
+        // Two post-commit observers, eight domain + floor invariants.
+        assert.equal(registry.hooks.length, 2);
+        assert.equal(registry.invariants.length, 8);
+        // Vocabulary merged the bundle's error_classes onto the kernel set.
+        assert.ok(registry.vocabularies.error_classes.has("impl-blockers"));
+        assert.ok(registry.vocabularies.gate_roles.has("classify"));
+    });
+    it("materializes the declared spawn-context assets and injects them into the classifier prompt", async () => {
+        const now = captureNow();
+        await installManifest(projectDir, now);
+        const registry = await loadBundle({
+            bundle: codeBundle,
+            bundle_source_dir: PKG_ROOT,
+            project_dir: projectDir,
+            providers: [shuttleStub()],
+            now,
+        });
+        // The two declared assets materialize, in declaration order, scoped to
+        // the classifier.
+        const assets = registry.context_assets ?? [];
+        assert.equal(assets.length, 2);
+        const refs = assets.find((a) => a.heading === "Refs catalog");
+        const stack = assets.find((a) => a.heading === "Stack candidate registry");
+        assert.ok(refs !== undefined, "refs catalog asset materialized");
+        assert.ok(stack !== undefined, "stack registry asset materialized");
+        assert.deepEqual(refs.agents, ["classifier"]);
+        // The catalog lists real reference filenames (the field that hallucinated
+        // when no catalog was supplied).
+        assert.ok(refs.body.includes("FILE: knowledge/references/api-design.md"));
+        assert.ok(refs.body.includes("FILE: knowledge/references/security-backend.md"));
+        // The stack registry inlines the real candidate file.
+        assert.ok(stack.body.includes("```yaml"));
+        // End-to-end: the classifier's spawn prompt carries both, under their
+        // bundle headings; a non-consuming agent's prompt does not.
+        const classifierAgent = registry.agents.get("classifier");
+        assert.ok(classifierAgent !== undefined);
+        const classifierPrompt = buildPrompt(makeClassifyState(), classifierAgent, registry);
+        assert.ok(classifierPrompt.includes("### Refs catalog"));
+        assert.ok(classifierPrompt.includes("FILE: knowledge/references/api-design.md"));
+        assert.ok(classifierPrompt.includes("### Stack candidate registry"));
+        const implementer = registry.agents.get("implementer");
+        assert.ok(implementer !== undefined);
+        const implPrompt = buildPrompt(makeClassifyState(), implementer, registry);
+        assert.ok(!implPrompt.includes("### Refs catalog"));
+    });
+});
+// Minimal state for the pure render path. buildPrompt reads task / ids /
+// project / decisions / driver.flow_name; a partial cast suffices (the same
+// shape the kernel renderer's own specs use).
+function makeClassifyState() {
+    return {
+        task: "fix a typo in the README",
+        task_short: "typo-fix",
+        task_id: "task-1",
+        driver_state_id: "ds-1",
+        project_dir: "/work/proj",
+        decisions: {},
+        driver: { flow_name: "medium" },
+    };
+}
+// ============================================================================
+// Every agent in agents[] has a backing template .md on disk
+// ============================================================================
+describe("@loomfsm/bundle-code — agent templates", () => {
+    it("every agents[] entry resolves to an existing .md template file", () => {
+        for (const agent of codeBundle.agents) {
+            const abs = join(PKG_ROOT, agent.template_path);
+            assert.ok(existsSync(abs) && statSync(abs).isFile(), `agent '${agent.name}' template missing: ${agent.template_path}`);
+        }
+    });
+    it("declares exactly the 21 canonical agents", () => {
+        assert.equal(codeBundle.agents.length, 21);
+        const names = codeBundle.agents.map((a) => a.name).sort();
+        // The three CC-harness trigger agents are NOT bundle agents.
+        for (const excluded of ["fe-test-all-agent", "runtime-debug-agent", "test-all-agent"]) {
+            assert.ok(!names.includes(excluded), `${excluded} must not be a bundle agent`);
+        }
+    });
+    it("maps each gate to its intended kernel role", () => {
+        // The loader accepts ANY valid role per gate, so a valid-but-wrong swap
+        // (e.g. gate-plan -> "final") loads fine yet is a real bug. Pin the
+        // intended mapping here, which load does not guarantee.
+        assert.deepEqual(codeBundle.gate_roles, {
+            "gate-classify": "classify",
+            "gate-plan": "plan",
+            "gate-final": "final",
+        });
+    });
+});
+// ============================================================================
+// Refusals — the load test must FAIL when the bundle shape is broken
+// ============================================================================
+describe("@loomfsm/bundle-code — load-time refusals", () => {
+    let projectDir;
+    beforeEach(() => {
+        projectDir = freshProject();
+    });
+    afterEach(() => cleanup(projectDir));
+    it("refuses an orphan stage name in a flow (BUNDLE_FLOW_UNKNOWN_STAGE)", async () => {
+        const now = captureNow();
+        await installManifest(projectDir, now);
+        const broken = {
+            ...codeBundle,
+            flows: {
+                ...codeBundle.flows,
+                medium: [...(codeBundle.flows["medium"] ?? []), "ghost-stage"],
+            },
+        };
+        await assert.rejects(loadBundle({
+            bundle: broken,
+            bundle_source_dir: PKG_ROOT,
+            project_dir: projectDir,
+            providers: [shuttleStub()],
+            now,
+        }), (err) => {
+            assert.ok(err instanceof KernelError);
+            assert.equal(err.code, "BUNDLE_FLOW_UNKNOWN_STAGE");
+            assert.equal(err.detail?.["missing_stage"], "ghost-stage");
+            return true;
+        });
+    });
+    it("refuses a gate whose role is neither kernel-known nor declared (GATE_ROLE_UNKNOWN)", async () => {
+        const now = captureNow();
+        await installManifest(projectDir, now);
+        const broken = {
+            ...codeBundle,
+            gate_roles: { ...codeBundle.gate_roles, "gate-final": "bogus-role" },
+        };
+        await assert.rejects(loadBundle({
+            bundle: broken,
+            bundle_source_dir: PKG_ROOT,
+            project_dir: projectDir,
+            providers: [shuttleStub()],
+            now,
+        }), (err) => {
+            assert.ok(err instanceof KernelError);
+            assert.equal(err.code, "GATE_ROLE_UNKNOWN");
+            assert.equal(err.detail?.["role"], "bogus-role");
+            return true;
+        });
+    });
+    it("refuses an agent whose template .md is missing on disk (TEMPLATE_NOT_FOUND)", async () => {
+        const now = captureNow();
+        await installManifest(projectDir, now);
+        const broken = {
+            ...codeBundle,
+            agents: [
+                ...codeBundle.agents,
+                { name: "phantom", template_path: "agents/phantom.md", output_kind: "nonreview" },
+            ],
+        };
+        await assert.rejects(loadBundle({
+            bundle: broken,
+            bundle_source_dir: PKG_ROOT,
+            project_dir: projectDir,
+            providers: [shuttleStub()],
+            now,
+        }), (err) => {
+            assert.ok(err instanceof KernelError);
+            assert.equal(err.code, "TEMPLATE_NOT_FOUND");
+            assert.equal(err.detail?.["agent"], "phantom");
+            return true;
+        });
+    });
+    it("refuses a spawn stage referencing an undeclared agent (BUNDLE_AGENT_UNKNOWN)", async () => {
+        const now = captureNow();
+        await installManifest(projectDir, now);
+        const broken = {
+            ...codeBundle,
+            stages: {
+                ...codeBundle.stages,
+                implement: { kind: "spawn", name: "implement", phase: "implementation", agent: "ghost-agent" },
+            },
+        };
+        await assert.rejects(loadBundle({
+            bundle: broken,
+            bundle_source_dir: PKG_ROOT,
+            project_dir: projectDir,
+            providers: [shuttleStub()],
+            now,
+        }), (err) => {
+            assert.equal(err.code, "BUNDLE_AGENT_UNKNOWN");
+            assert.equal(err.detail?.["agent"], "ghost-agent");
+            return true;
+        });
+    });
+});
+// ============================================================================
+// Auto-readiness — flipping the final role to `auto` loads cleanly because
+// the resolver + the named safety-floor invariant are both shipped.
+// ============================================================================
+describe("@loomfsm/bundle-code — full-autonomous readiness", () => {
+    let projectDir;
+    beforeEach(() => {
+        projectDir = freshProject();
+    });
+    afterEach(() => cleanup(projectDir));
+    it("loads cleanly when the final role is overridden to auto", async () => {
+        const now = captureNow();
+        await installManifest(projectDir, now);
+        const autoFinal = {
+            ...codeBundle,
+            default_gate_policies: { ...codeBundle.default_gate_policies, final: "auto" },
+        };
+        const registry = await loadBundle({
+            bundle: autoFinal,
+            bundle_source_dir: PKG_ROOT,
+            project_dir: projectDir,
+            providers: [shuttleStub()],
+            now,
+        });
+        // The resolver + INV_safety_floor_final satisfied the auto-policy gate.
+        assert.ok(registry.invariants.some((inv) => inv.name === "INV_safety_floor_final"));
+    });
+});
+//# sourceMappingURL=bundle.test.js.map