@neurcode/action 0.2.1 → 0.3.0-rc.6

package/README.md

@@ -1,88 +1,223 @@
-# Neurcode Verify GitHub Action
+# Neurcode Runtime Admission Advisory
 
-Enterprise PR governance action for `neurcode verify`, with optional auto-remediation and merge-confidence publishing.
+**A zero-account, source-free PR triage report for ownership, sensitive surfaces, and runtime admission evidence.**
 
-## Recommended PR Gate (Deterministic)
+Install one workflow file and get a deterministic GitHub Step Summary that helps maintainers decide where review attention should go. It works for AI-assisted PRs and ordinary PRs.
 
-```yaml
-name: Neurcode Gatekeeper
+No Neurcode account. No API key. No source upload. No telemetry. No local runtime required.
+
+## OSS Maintainer Path
+
+Use the Action as a free PR triage layer first:
+
+1. Install the workflow below.
+2. Open or update a pull request.
+3. Read the Step Summary for review routing: changed-file count, subsystems, CODEOWNERS zones, sensitive path categories, admission status, and deterministic maintainer questions.
+4. If your team uses AI coding agents, optionally run a governed local session and commit `.neurcode-admission/*.json` so future PRs show source-free runtime context.
+
+Without an account, maintainers still get immediate review-attention signals for CODEOWNERS crossings, CI/workflow files, dependency manifests, lockfiles, auth/config/payment-like paths, database migrations, infrastructure/deploy paths, generated files, and docs-only PRs that should stay quiet when no deterministic routing flag fires.
+
+This is not a vulnerability scanner and not a review replacement. It is a source-free way to make "who should look at this PR?" easier to answer.
+
+## What Maintainers Get
+
+On every pull request, the Action reports:
 
+- changed file count and change kinds
+- top-level subsystem reach
+- CODEOWNERS areas and owners crossed, read from the base commit
+- deterministic sensitive path categories such as auth, billing/payment, database/migrations, CI/workflow, infrastructure/deploy, secrets/config, dependency manifests, lockfiles, and generated files
+- optional `.neurcode-admission/*.json` runtime admission context: trust level, governed host, blocked/approved/denied counts, approval-required surfaces, and receipt/integrity status
+- deterministic maintainer questions generated from those facts
+
+The report uses review-attention language. It does not claim security vulnerabilities or infer model intent.
+
+## Quick Start
+
+```yaml
+# .github/workflows/neurcode-admission.yml
+name: Neurcode Admission Advisory
 on:
   pull_request:
     types: [opened, synchronize, reopened]
-
+permissions:
+  contents: read
 jobs:
-  governance:
+  admission-advisory:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
+      - uses: sujit-jaunjal/neurcode-actions@v0.3.0-rc.5
+```
 
-      - name: Run Neurcode Verification
-        uses: ./packages/action
-        env:
-          NEURCODE_API_URL: https://api.neurcode.com
-        with:
-          api_key: ${{ secrets.NEURCODE_API_KEY }}
-          project_id: ${{ vars.NEURCODE_PROJECT_ID }}
-          org_id: ${{ vars.NEURCODE_ORG_ID }}
-          base_ref: 'HEAD~1'
-          threshold: 'C'
-          record: 'true'
-          verify_policy_only: 'true'
-          changed_files_only: 'true'
-          auto_remediate: 'true'
-          remediation_commit: 'false'
-          remediation_push: 'false'
+That is enough for the standalone report. Runtime admission provenance activates only when a PR includes `.neurcode-admission/*.json`.
+
+## How It Connects To Runtime Governance
+
+The free Action helps after code reaches a PR. The Neurcode runtime platform governs before code lands.
+
+| Layer | What it does | Account required | Trust boundary |
+|---|---|---:|---|
+| Action alone | Deterministic PR review routing from git metadata, CODEOWNERS, path categories, and optional admission artifacts. | No | Source-free, advisory, no telemetry. |
+| Action + runtime admission record | Shows that the PR includes source-free runtime context from a governed local session. | No for the Action | Trust level is explicit: `self_attested`, `unsigned_local`, or `backend_signed` when a signed receipt is attached. |
+| Full Neurcode runtime platform | Governs live AI coding sessions with source-free intent summaries, exact-path approvals, ownership boundaries, dashboard workflow, and backend receipts where configured. | Yes | Runtime evidence remains source-free; backend-signed receipts are stronger than self-attested records but still must be verified. |
+
+Common PR states:
+
+- **Without runtime:** the report says `no_record - no self-attested record attached`. That is normal for ordinary PRs.
+- **With runtime:** the report can say `self_attested_complete`, `self_attested_incomplete`, or `self_attested_inconsistent` and show covered/uncovered path counts.
+- **With backend receipts:** the report can label runtime context `backend_signed` only when signed receipt metadata is attached. Self-attested records remain claims.
+
+## Export A Runtime Admission Record
+
+Use this when a PR was produced from a governed Neurcode runtime session:
+
+```bash
+# 1. Run a governed AI coding session locally.
+# 2. Finish the session, or keep it active if you want to export current context.
+neurcode session export-admission
+
+# 3. Commit the source-free PR artifact.
+git add .neurcode-admission/*.json
+git commit -m "Add Neurcode runtime admission context"
 ```
 
-## Inputs (Common)
+You can also export a selected session:
+
+```bash
+neurcode session export-admission <sessionId>
+# equivalent legacy form:
+neurcode admission export <sessionId>
+```
+
+The artifact is written to `.neurcode-admission/<sessionId>.json`. It contains paths, owners, counts, hashes, trust level, runtime host metadata, approval-required surfaces, and receipt/integrity status. It must not contain source code, diff hunks, patch bodies, shell command bodies, secrets, or raw prompts.
+
+## Report Shape
+
+The GitHub Step Summary is organized for PR triage:
+
+- **Maintainer read this first**: compact table with changed files, subsystems, sensitive surfaces, CODEOWNERS status, admission status, and review routing cue.
+- **Review routing**: ownership zones, owner tokens, unowned paths, no-CODEOWNERS state, and degraded CODEOWNERS diagnostics.
+- **Sensitive surfaces**: path/category hits only, capped with `+N more`.
+- **Subsystem reach**: ranked top-level directories.
+- **Runtime admission provenance**: `no_record`, `self_attested_complete`, `self_attested_incomplete`, or `self_attested_inconsistent`, explained in plain English.
+- **Runtime admission context**: whether a record was found, trust level, session count, governed host, blocked/approved/denied counts, approval-required surfaces, and receipt/integrity status.
+- **Suggested maintainer questions**: deterministic questions such as "This PR touches CI or workflow files. Should workflow changes be reviewed separately?"
+- **Trust boundary**: always present.
+
+Every line is traceable to paths, git modes, blob object IDs, CODEOWNERS metadata, file categories, changed-file status, or deterministic hashes. There is no AI inference in the report.
+
+## Inputs
 
-| Input | Description | Default |
+| Input | Default | Description |
 |---|---|---|
-| `api_key` | Neurcode API key for verify/ship in CI | `''` |
-| `project_id` | Neurcode project id for cloud-linked workflows | `''` |
-| `org_id` | Optional org id for CI auth scoping | `''` |
-| `base_ref` | Override verify base ref (`origin/main`, `HEAD~1`, etc.) | `''` |
-| `record` | Record verification to Neurcode cloud | `true` |
-| `threshold` | Minimum acceptable grade (`A`/`B`/`C`/`D`/`F`) | `C` |
-| `verify_policy_only` | Run `neurcode verify --policy-only` | `false` |
-| `changed_files_only` | Enforce only violations from changed files in this PR/base diff | `false` |
-| `enforce_strict_verification` | Treat tier-limited `INFO` as failure | `false` |
-| `auto_remediate` | Run `neurcode ship` when verify fails | `false` |
-| `remediation_commit` | Create remediation commit on success | `false` |
-| `remediation_push` | Push remediation commit to PR branch | `false` |
-| `verify_after_remediation` | Re-run verify after remediation | `true` |
-
-See `action.yml` for full advanced inputs (timeouts, retries, CLI source/version, commit metadata).
+| `policy` | `advisory` | `advisory` never blocks. `strict_self_attested` is experimental and may fail on incomplete/inconsistent self-attested records. |
+| `no_record_strict` | `false` | In strict mode, fail when no admission record exists. |
+| `max_artifacts` | `256` | Maximum `.neurcode-admission/*.json` files to process. |
+| `max_aggregate_bytes` | `16777216` | Maximum aggregate artifact bytes. |
+
+Base and head SHAs are resolved from `github.event.pull_request`. There are no SHA override inputs.
 
 ## Outputs
 
-| Output | Meaning |
+Existing outputs are preserved:
+
+| Output | Description |
+|---|---|
+| `effect_count` | Number of files in the committed delta. |
+| `subsystems` | Comma-separated top-level directories touched. |
+| `sensitive_surfaces` | Comma-separated sensitive surface categories. |
+| `codeowners_zones_crossed` | Distinct CODEOWNERS ownership zones crossed. |
+| `codeowners_changed` | `true` when CODEOWNERS itself appears in the delta. |
+| `admission_verdict` | `self_attested_complete`, `self_attested_incomplete`, `self_attested_inconsistent`, or `no_record`. |
+| `covered_paths_count` | Changed paths with strict-admissible admission coverage. |
+| `uncovered_paths_count` | Changed paths without admission coverage. |
+| `record_count` | Total admission artifacts discovered. |
+| `usable_record_count` | Artifacts passing bounded parsing and consistency checks. |
+| `runtime_admission_found` | `true` when `.neurcode-admission` metadata was present. |
+| `runtime_admission_trust_level` | `none`, `unsigned_local`, `self_attested`, `backend_signed`, or `mixed`. |
+| `runtime_admission_session_count` | Governed runtime sessions represented by usable admission records. |
+| `runtime_admission_blocked_count` | Paths blocked during represented runtime sessions. |
+| `runtime_admission_approved_count` | Exact paths approved during represented runtime sessions. |
+| `runtime_admission_denied_count` | Denied paths in represented runtime sessions. |
+| `runtime_admission_receipt_status` | Source-free receipt posture: `not_present`, `local_self_attested`, `valid`, `unverifiable`, `backend_signed`, or `mixed`. |
+| `action_blocked` | `true` only in strict mode when admission failed. |
+
+The older `runtime_blocked_paths_count`, `runtime_approved_paths_count`, and
+`runtime_denied_paths_count` aliases are retained for RC5 compatibility.
+
+New maintainer-report outputs:
+
+| Output | Description |
 |---|---|
-| `verdict` | Verification verdict |
-| `verify_mode` | Effective verify mode (`plan_aware`, `plan_enforced_explicit`, `policy_only`, `policy_only_fallback`) |
-| `policy_only_fallback_used` | `true` if missing plan context triggered policy-only retry |
-| `grade` | Verification grade |
-| `score` | Verification score |
-| `violations` | Violation count |
-| `verification_tier` | Reported tier (if present) |
-| `tier_limited` | `true` if verify result is tier-limited |
-| `threshold` | Threshold used by action |
-| `threshold_passed` | `true` / `false` / `unknown` |
-| `remediation_status` | `READY_TO_MERGE` or `BLOCKED` (when remediation runs) |
-| `merge_confidence` | Merge confidence from ship summary |
-| `share_card_url` | Public merge confidence card URL (when available) |
-| `remediation_commit_created` | Whether remediation commit was created |
-| `remediation_commit_pushed` | Whether remediation commit was pushed |
-| `remediation_commit_sha` | Commit SHA when a remediation commit is created |
-
-## Safety Defaults
-
-- Use `verify_policy_only: true` for stable PR governance checks.
-- Without explicit `plan_id`, the action runs plan-aware mode first and automatically retries in policy-only mode only when the verify failure is strictly "missing plan context".
-- Use `changed_files_only: true` to avoid blocking on historical repository debt.
-- Use `base_ref: HEAD~1` for incremental adoption on long-lived branches with legacy violations.
-- Keep `remediation_commit` and `remediation_push` disabled in shared CI.
-- Enable commit/push only in a dedicated remediation workflow where branch mutation is expected.
+| `review_attention` | `simple`, `manual_routing`, or `needs_attention`. |
+| `maintainer_questions_count` | Number of deterministic maintainer questions generated. |
+| `sensitive_surface_count` | Number of distinct sensitive surface categories detected. |
+
+## Runtime Admission Provenance
+
+Runtime admission records are optional. They are source-free JSON files under `.neurcode-admission/*.json`.
+
+Export commands:
+
+```bash
+neurcode session export-admission
+neurcode session export-admission <sessionId>
+neurcode session export-admission <sessionId> --receipt receipt.json
+```
+
+`--receipt` attaches source-free backend receipt metadata when you already have a Neurcode runtime receipt JSON. The admission artifact includes receipt ID, key ID, replay hash, signature status, verification status, signed timestamp, and verifier hint, never the full receipt body or signature.
+
+Possible verdicts:
+
+- `no_record`: no record is attached.
+- `self_attested_complete`: usable records claim coverage for every changed path.
+- `self_attested_incomplete`: usable records claim coverage for only part of the changed path set.
+- `self_attested_inconsistent`: records are malformed or inconsistent with committed git metadata.
+
+If no files exist, the report says: "No runtime admission record found. This report is PR metadata only."
+
+Self-attested provenance is a claim by the PR author, not cryptographic proof and not enterprise signed evidence. Backend-signed context is displayed only when signed receipt metadata is attached and should be verified before being treated as enterprise evidence.
+
+## Strict Self-Attested Mode
+
+```yaml
+- uses: sujit-jaunjal/neurcode-actions@v0.3.0-rc.5
+  with:
+    policy: strict_self_attested
+    no_record_strict: 'false'
+```
+
+This mode is experimental. It can block on self-attested incomplete or inconsistent records. It is not a trusted branch-protection gate and not a replacement for enterprise-grade signed receipts.
+
+## Trust Boundary
+
+- Fork-safe: no secrets required and `pull_request_target` is rejected.
+- Source-free: paths, modes, blob object IDs, CODEOWNERS metadata, categories, and deterministic hashes only.
+- No source content, diff hunks, prompts, patches, or secrets are uploaded or rendered.
+- CODEOWNERS is read from the base commit, never the PR head.
+- Unsupported CODEOWNERS syntax is reported as degraded analysis instead of guessed.
+- Advisory by default.
+
+## Evaluation Harness
+
+Run the source-free OSS evaluation harness:
+
+```bash
+pnpm --filter @neurcode/action build
+node packages/action/evaluation/oss-report-harness.mjs
+```
+
+The harness runs controlled OSS-style PR scenarios, scores the report as ACTIONABLE, OBVIOUS, or NOISE, and writes `packages/action/evaluation/latest-report.md`.
+
+## Preserved Installation Path
+
+The `sujit-jaunjal/neurcode-actions@v0.2.4` release remains available and untouched. `v0.3.0-rc.5` is the current rehearsal ref for runtime admission bridge behavior after live Airflow fork rehearsal.
+
+## Adoption Bridge Docs
+
+- [OSS maintainer path](./oss-public/docs/oss-maintainer-path.md)
+- [Runtime admission demo story](./oss-public/docs/runtime-admission-demo-story.md)
+- [Maintainer outreach ask](./oss-public/docs/maintainer-outreach.md)

package/action.yml

@@ -1,217 +1,113 @@
-name: 'Neurcode Verify'
-description: 'Gatekeeper action that runs neurcode verify and fails the build if code adherence grade is below threshold'
+name: 'Neurcode - Runtime Admission Advisory'
+description: >
+  Zero-account, source-free PR triage report for ownership, sensitive surfaces,
+  subsystem reach, and optional runtime admission evidence. No account,
+  API key, source upload, telemetry, or local runtime required. Self-attested
+  provenance is a claim, backend-signed context must be verified, and the Action is
+  advisory-only by default - never blocks.
 author: 'Neurcode'
 branding:
-  icon: 'shield-check'
+  icon: 'shield'
   color: 'blue'
 
 inputs:
-  threshold:
-    description: 'Minimum passing grade (A, B, C, D, F). Default: C'
+  policy:
+    description: >
+      admission-gate policy. "advisory" (default) - step summary only, never fails the
+      job. "strict_self_attested" - experimental; may fail on incomplete/inconsistent
+      records (clearly labelled as NOT enterprise proof, NOT a trusted gate).
     required: false
-    default: 'C'
-  github_token:
-    description: 'GitHub Token for posting PR comments. Pass github.token from the workflow.'
-    required: false
-    default: ''
-  annotate:
-    description: 'Post inline annotations on the PR for each violation (file + line)'
-    required: false
-    default: 'true'
-  api_key:
-    description: 'Neurcode API Key for recording results to Neurcode Cloud'
-    required: false
-    default: ''
-  record:
-    description: 'Enable reporting verification results to Neurcode Cloud'
-    required: false
-    default: 'true'
-  working_directory:
-    description: 'Directory where to run the neurcode verify command'
-    required: false
-    default: '.'
-  base_ref:
-    description: 'Override base ref for verify diff (e.g., origin/main, HEAD~1)'
-    required: false
-    default: ''
-  plan_id:
-    description: 'Plan ID to verify against (optional, will use from config if not provided)'
-    required: false
-    default: ''
-  project_id:
-    description: 'The Neurcode Project ID (Optional if config file exists)'
-    required: false
-    default: ''
-  org_id:
-    description: 'Optional organization ID used to scope CI auth when login state is unavailable'
-    required: false
-    default: ''
-  neurcode_cli_version:
-    description: 'npm version specifier for @neurcode-ai/cli (e.g. "latest", "0.8.13", "^0.8")'
-    required: false
-    default: 'latest'
-  neurcode_cli_source:
-    description: 'CLI install source: npm (registry) or workspace (local packages/cli in current repo)'
-    required: false
-    default: 'npm'
-  neurcode_cli_workspace_path:
-    description: 'Workspace path used when neurcode_cli_source=workspace'
-    required: false
-    default: 'packages/cli'
-  verify_timeout_minutes:
-    description: 'Timeout for neurcode verify command in minutes (Linux/macOS runners)'
-    required: false
-    default: '8'
-  verify_policy_only:
-    description: 'Run neurcode verify in policy-only mode (skip plan/scope enforcement)'
-    required: false
-    default: 'false'
-  compiled_policy_path:
-    description: 'Compiled policy artifact path passed to neurcode verify'
-    required: false
-    default: 'neurcode.policy.compiled.json'
-  change_contract_path:
-    description: 'Change contract path passed to neurcode verify'
-    required: false
-    default: '.neurcode/change-contract.json'
-  enforce_change_contract:
-    description: 'Treat change contract drift as hard verification failure'
-    required: false
-    default: 'false'
-  changed_files_only:
-    description: 'Only enforce violations detected in files changed by this PR/base diff'
-    required: false
-    default: 'false'
-  fail_on_violation:
-    description: 'Fail the build if violations are found'
-    required: false
-    default: 'true'
-  enforce_strict_verification:
-    description: 'Treat tier-limited INFO verification results as failure (enterprise trust mode)'
-    required: false
-    default: 'false'
-  auto_remediate:
-    description: 'When verify fails, run neurcode ship auto-remediation flow'
-    required: false
-    default: 'false'
-  remediation_goal:
-    description: 'Optional explicit goal passed to neurcode ship for auto-remediation'
-    required: false
-    default: ''
-  remediation_max_attempts:
-    description: 'Maximum ship remediation attempts when auto_remediate=true'
-    required: false
-    default: '2'
-  remediation_skip_tests:
-    description: 'Skip tests during remediation ship run'
-    required: false
-    default: 'true'
-  remediation_allow_dirty:
-    description: 'Allow dirty tree during remediation ship run'
-    required: false
-    default: 'true'
-  publish_merge_card:
-    description: 'Publish merge confidence card during remediation ship run'
-    required: false
-    default: 'true'
-  ship_test_command:
-    description: 'Optional test command override for neurcode ship remediation'
-    required: false
-    default: ''
-  ship_timeout_minutes:
-    description: 'Timeout for neurcode ship remediation command in minutes (Linux/macOS runners)'
-    required: false
-    default: '20'
-  ship_network_retries:
-    description: 'Additional retries for neurcode ship when transient network errors occur'
-    required: false
-    default: '1'
-  ship_network_retry_delay_seconds:
-    description: 'Delay between neurcode ship network retries in seconds'
-    required: false
-    default: '5'
-  verify_after_remediation:
-    description: 'Run neurcode verify again after auto-remediation succeeds'
-    required: false
-    default: 'true'
-  verify_after_remediation_timeout_minutes:
-    description: 'Timeout for post-remediation neurcode verify command in minutes'
-    required: false
-    default: '8'
-  remediation_commit:
-    description: 'When auto-remediation succeeds, create a commit with generated fixes (same-repo PRs only)'
-    required: false
-    default: 'false'
-  remediation_push:
-    description: 'Push remediation commit back to PR branch (requires write permissions and same-repo PR)'
+    default: 'advisory'
+
+  no_record_strict:
+    description: >
+      In strict_self_attested mode, fail when no .neurcode-admission/*.json record is
+      present. Default false - no_record is reported but does not block.
     required: false
     default: 'false'
-  require_remediation_push_success:
-    description: 'Fail the action when remediation push is enabled but commit cannot be pushed'
+
+  require_signed_evidence:
+    description: >
+      Optional strict AI Change Record evidence mode. When true, fail if
+      .neurcode-ai-record/*.json is missing, invalid, or lacks a receipt that
+      the runner can verify with NEURCODE_AI_CHANGE_RECORD_SIGNING_SECRET and
+      NEURCODE_AI_CHANGE_RECORD_SIGNING_KEY_ID.
+      Default false keeps the Action advisory-only.
     required: false
     default: 'false'
-  remediation_push_retries:
-    description: 'Additional retries for remediation push on non-fast-forward races'
-    required: false
-    default: '2'
-  remediation_push_retry_delay_seconds:
-    description: 'Delay between remediation push retries in seconds'
-    required: false
-    default: '2'
-  remediation_commit_message:
-    description: 'Commit message used when remediation_commit=true'
-    required: false
-    default: 'chore(neurcode): auto-remediate verify failures'
-  remediation_git_user_name:
-    description: 'Git user.name for remediation commits'
+
+  max_artifacts:
+    description: 'Maximum number of .neurcode-admission/*.json files to process.'
     required: false
-    default: 'neurcode-bot'
-  remediation_git_user_email:
-    description: 'Git user.email for remediation commits'
+    default: '256'
+
+  max_aggregate_bytes:
+    description: 'Maximum aggregate byte size of all artifact files (bytes).'
     required: false
-    default: 'neurcode-bot@users.noreply.github.com'
+    default: '16777216'
 
 outputs:
-  verdict:
-    description: 'neurcode verify verdict'
-  verify_mode:
-    description: 'verification mode used by action (plan_aware|plan_enforced_explicit|policy_only|policy_only_fallback)'
-  policy_only_fallback_used:
-    description: 'true when action retried verify in policy-only mode due to missing plan context'
-  grade:
-    description: 'neurcode verify grade'
-  score:
-    description: 'neurcode verify score'
-  violations:
-    description: 'total violation count'
-  risk_level:
-    description: 'blast radius risk level'
-  suspicious_change_flagged:
-    description: 'whether suspicious change detector was triggered'
-  governance_decision:
-    description: 'governance decision matrix outcome'
-  average_relevance_score:
-    description: 'average per-file AI relevance score'
-  ai_change_log_integrity_valid:
-    description: 'true when signed/tamper checks passed for AI change log'
-  ai_change_log_signed:
-    description: 'true when AI change log is cryptographically signed'
-  org_manual_approval_required:
-    description: 'true when org governance requires manual approvals'
-  org_minimum_manual_approvals:
-    description: 'minimum distinct manual approvers required by org governance'
-  policy_compilation_fingerprint:
-    description: 'compiled policy fingerprint used during verify'
-  policy_compilation_rule_count:
-    description: 'deterministic rule count in compiled policy'
-  change_contract_exists:
-    description: 'true when a change contract artifact was present'
-  change_contract_valid:
-    description: 'true when evaluated change contract passed'
-  change_contract_enforced:
-    description: 'true when change contract drift was configured as hard-fail'
-  change_contract_id:
-    description: 'content-derived identifier of the active change contract'
+  # ── Layer 1: standalone effect inventory ─────────────────────────────────
+  effect_count:
+    description: 'Number of files in the committed PR delta (admission support artifacts excluded).'
+  subsystems:
+    description: 'Comma-separated list of top-level subsystems/directories touched.'
+  sensitive_surfaces:
+    description: 'Comma-separated sensitive surface categories detected (e.g. migrations,CI).'
+  sensitive_surface_count:
+    description: 'Number of distinct sensitive surface categories detected.'
+  codeowners_zones_crossed:
+    description: 'Number of distinct CODEOWNERS ownership zones crossed by this PR.'
+  codeowners_changed:
+    description: 'true when CODEOWNERS itself appears in the PR delta.'
+  review_attention:
+    description: 'Deterministic routing summary: simple, manual_routing, or needs_attention.'
+  maintainer_questions_count:
+    description: 'Number of deterministic maintainer questions generated in the step summary.'
+
+  # ── Layer 2: runtime-aware admission ─────────────────────────────────────
+  admission_verdict:
+    description: >
+      Admission verdict: self_attested_complete | self_attested_incomplete |
+      self_attested_inconsistent | no_record.
+  covered_paths_count:
+    description: 'Number of changed paths with strict-admissible governance coverage.'
+  uncovered_paths_count:
+    description: 'Number of changed paths without admission coverage.'
+  record_count:
+    description: 'Total .neurcode-admission/*.json files discovered.'
+  usable_record_count:
+    description: 'Records that passed bounded parsing and internal consistency checks.'
+  runtime_admission_found:
+    description: 'true when .neurcode-admission metadata was present in the PR head tree.'
+  runtime_admission_trust_level:
+    description: 'Runtime context trust level: none | unsigned_local | self_attested | backend_signed | mixed.'
+  runtime_admission_session_count:
+    description: 'Number of governed runtime sessions represented by usable admission records.'
+  runtime_admission_blocked_count:
+    description: 'Source-free count of paths blocked during represented runtime sessions.'
+  runtime_admission_approved_count:
+    description: 'Source-free count of exact paths approved during represented runtime sessions.'
+  runtime_admission_denied_count:
+    description: 'Source-free count of denied paths in represented runtime sessions.'
+  runtime_admission_receipt_status:
+    description: 'Source-free receipt posture: not_present | local_self_attested | valid | unverifiable | backend_signed | mixed.'
+  ai_change_record_found:
+    description: 'true when .neurcode-ai-record/*.json source-free AI Change Record evidence was discovered.'
+  ai_change_record_trust_level:
+    description: 'AI Change Record trust posture: none | self_attested | backend_signed_unverified | backend_signed_verified | backend_signed_invalid | mixed.'
+  ai_change_record_receipt_status:
+    description: 'AI Change Record receipt verification posture: not_present | valid | unverifiable | tampered | unsigned | mixed.'
+  runtime_blocked_paths_count:
+    description: 'Deprecated alias for runtime_admission_blocked_count.'
+  runtime_approved_paths_count:
+    description: 'Deprecated alias for runtime_admission_approved_count.'
+  runtime_denied_paths_count:
+    description: 'Deprecated alias for runtime_admission_denied_count.'
+
+  # ── Policy outcome ────────────────────────────────────────────────────────
+  action_blocked:
+    description: 'true only when policy=strict_self_attested and admission failed. Always false in advisory mode.'
 
 runs:
   using: 'node24'