@oscharko-dev/keiko-evaluations 0.2.7 → 0.2.9

package/dist/voice-action/fixtures/segment.js

@@ -0,0 +1,25 @@
+// Deterministic transcript-segment builders for the voice-action fixtures (Epic #491, Issue #503).
+//
+// Fixtures supply REAL `VoiceTranscriptSegment` values so the runner can pipe them through the contract
+// boundary `selectCommittedVoiceTranscript`. That proves the committed-only guarantee (AC2) structurally
+// — a partial / discarded / superseded segment physically present in a fixture cannot reach the proposal
+// — rather than asserting it. These builders are pure data factories: no IO, clock, or randomness.
+import { voiceTranscriptSegmentRedactionClass, voiceTranscriptSegmentReplayClass, } from "@oscharko-dev/keiko-contracts";
+// Build one segment, deriving the replay / redaction classes from the contract tables so the fixtures
+// never re-encode classification (a single source of truth keeps them aligned with the lifecycle).
+export function buildSegment(spec, source) {
+    return {
+        id: spec.id,
+        seq: spec.seq,
+        state: spec.state,
+        text: spec.text,
+        source,
+        revision: spec.supersedesId === undefined ? 0 : 1,
+        replayClass: voiceTranscriptSegmentReplayClass(spec.state),
+        redactionClass: voiceTranscriptSegmentRedactionClass(spec.state),
+        supersedesId: spec.supersedesId,
+    };
+}
+export function buildSegments(specs, source) {
+    return specs.map((spec) => buildSegment(spec, source));
+}

package/dist/voice-action/fixtures/voice.d.ts

@@ -0,0 +1,6 @@
+import type { VoiceActionEvalFixture } from "../types.js";
+export declare const voiceReadOnly: VoiceActionEvalFixture;
+export declare const voiceMutating: VoiceActionEvalFixture;
+export declare const voiceUnknownFailClosed: VoiceActionEvalFixture;
+export declare const VOICE_FIXTURES: readonly VoiceActionEvalFixture[];
+//# sourceMappingURL=voice.d.ts.map

package/dist/voice-action/fixtures/voice.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"voice.d.ts","sourceRoot":"","sources":["../../../src/voice-action/fixtures/voice.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAG1D,eAAO,MAAM,aAAa,EAAE,sBAwB3B,CAAC;AAEF,eAAO,MAAM,aAAa,EAAE,sBAwB3B,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,sBAyBpC,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,SAAS,sBAAsB,EAI3D,CAAC"}

package/dist/voice-action/fixtures/voice.js

@@ -0,0 +1,74 @@
+// Baseline voice-enabled fixtures (Epic #491, Issue #503; AC2/AC3). These exercise the governance
+// scaffold under capture-capable profiles (`speech-to-text`, `full-realtime`) with committed text,
+// proving a read-only spoken action routes without confirmation while a mutating one demands an explicit
+// confirmation step bound to the committed content. Pure value modules.
+import { buildSegments } from "./segment.js";
+export const voiceReadOnly = {
+    name: "voice-read-only",
+    category: "voice",
+    description: "STT committed read-only request (`show ...`); classifies read-only and needs no confirmation (AC3).",
+    profile: "speech-to-text",
+    source: "dictation",
+    turnIndex: 0,
+    segments: buildSegments([{ id: "s1", seq: 1, state: "committed", text: "show the open tickets" }], "dictation"),
+    dimensions: new Set([
+        "capability-gating",
+        "committed-only",
+        "confirmation-discipline",
+        "evidence-safety",
+    ]),
+    oracle: {
+        expectedGatingAllowed: true,
+        expectsProposal: true,
+        expectedEffectClass: "read-only",
+        expectedRequiresConfirmation: false,
+    },
+};
+export const voiceMutating = {
+    name: "voice-mutating",
+    category: "voice",
+    description: "Full-realtime committed mutating request (`update ...`); requires an explicit confirmation step (AC3).",
+    profile: "full-realtime",
+    source: "realtime",
+    turnIndex: 0,
+    segments: buildSegments([{ id: "s1", seq: 1, state: "committed", text: "update the customer record" }], "realtime"),
+    dimensions: new Set([
+        "capability-gating",
+        "committed-only",
+        "confirmation-discipline",
+        "evidence-safety",
+    ]),
+    oracle: {
+        expectedGatingAllowed: true,
+        expectsProposal: true,
+        expectedEffectClass: "mutating",
+        expectedRequiresConfirmation: true,
+    },
+};
+export const voiceUnknownFailClosed = {
+    name: "voice-unknown-fail-closed",
+    category: "voice",
+    description: "STT committed text matching no effect marker; classifies `unknown` and is forced to confirm — " +
+        "the security-critical fail-closed default the taxonomy guarantees (AC3).",
+    profile: "speech-to-text",
+    source: "dictation",
+    turnIndex: 0,
+    segments: buildSegments([{ id: "s1", seq: 1, state: "committed", text: "the quarterly review is scheduled" }], "dictation"),
+    dimensions: new Set([
+        "capability-gating",
+        "committed-only",
+        "confirmation-discipline",
+        "evidence-safety",
+    ]),
+    oracle: {
+        expectedGatingAllowed: true,
+        expectsProposal: true,
+        expectedEffectClass: "unknown",
+        expectedRequiresConfirmation: true,
+    },
+};
+export const VOICE_FIXTURES = [
+    voiceReadOnly,
+    voiceMutating,
+    voiceUnknownFailClosed,
+];

package/dist/voice-action/index.d.ts

@@ -0,0 +1,6 @@
+export { deriveVoiceActionObservation, runVoiceActionEvaluation } from "./runner.js";
+export { scoreVoiceActionQuality, aggregateVoiceActionQuality } from "./scorer.js";
+export { renderVoiceActionSummary } from "./render.js";
+export { ALL_VOICE_ACTION_FIXTURES, voiceActionFixturesForCategory, voiceActionFixtureByName, } from "./fixtures/index.js";
+export { VOICE_ACTION_DIMENSIONS, VOICE_ACTION_FIXTURE_CATEGORIES, VOICE_ACTION_EVAL_SCHEMA_VERSION, type VoiceActionDimension, type VoiceActionFixtureCategory, type VoiceActionOracle, type VoiceActionEvalFixture, type VoiceActionStalenessTrajectory, type VoiceActionObservation, type VoiceActionOutcome, type VoiceActionDimensionResult, type VoiceActionFixtureResult, type VoiceActionScorecardEntry, type VoiceActionEvalSummary, type VoiceActionScorecard, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/voice-action/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/voice-action/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,4BAA4B,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACrF,OAAO,EAAE,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC;AACnF,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EACL,yBAAyB,EACzB,8BAA8B,EAC9B,wBAAwB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,uBAAuB,EACvB,+BAA+B,EAC/B,gCAAgC,EAChC,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,EAC/B,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,8BAA8B,EACnC,KAAK,sBAAsB,EAC3B,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,GAC1B,MAAM,YAAY,CAAC"}

package/dist/voice-action/index.js

@@ -0,0 +1,10 @@
+// Public barrel for the Voice Action Governance evaluation suite (Epic #491, Issue #503; ADR-0066).
+// Exposes the deterministic observation derivation, the six-dimension scorer, the suite runner, the
+// scorecard renderer, the fixture registry, and the result/fixture types. Self-contained: it is NOT
+// re-exported from the package barrel (the discussion suite is likewise self-contained), so this
+// security suite stands alone and is proven by suite.test.ts.
+export { deriveVoiceActionObservation, runVoiceActionEvaluation } from "./runner.js";
+export { scoreVoiceActionQuality, aggregateVoiceActionQuality } from "./scorer.js";
+export { renderVoiceActionSummary } from "./render.js";
+export { ALL_VOICE_ACTION_FIXTURES, voiceActionFixturesForCategory, voiceActionFixtureByName, } from "./fixtures/index.js";
+export { VOICE_ACTION_DIMENSIONS, VOICE_ACTION_FIXTURE_CATEGORIES, VOICE_ACTION_EVAL_SCHEMA_VERSION, } from "./types.js";

package/dist/voice-action/render.d.ts

@@ -0,0 +1,3 @@
+import type { VoiceActionScorecard } from "./types.js";
+export declare function renderVoiceActionSummary(scorecard: VoiceActionScorecard): string;
+//# sourceMappingURL=render.d.ts.map

package/dist/voice-action/render.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"render.d.ts","sourceRoot":"","sources":["../../src/voice-action/render.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAGV,oBAAoB,EAErB,MAAM,YAAY,CAAC;AA2BpB,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,oBAAoB,GAAG,MAAM,CA6BhF"}

package/dist/voice-action/render.js

@@ -0,0 +1,49 @@
+// renderVoiceActionSummary (Issue #503): VoiceActionScorecard -> human-readable string. One line per
+// fixture (name, category, dimension pass/fail glyphs), a per-dimension table, the covered-effect-class
+// line, the no-voice / voice coverage line, and a Go/No-Go verdict. The scorecard carries only
+// harness-authored, content-free fields (counts, closed-vocabulary labels, numeric scores), so this
+// renderer performs no redaction — it only formats fields that are safe to print.
+function glyph(result) {
+    if (result.outcome === "pass") {
+        return "PASS";
+    }
+    if (result.outcome === "fail") {
+        return "FAIL";
+    }
+    return "n/a";
+}
+function fixtureLine(fixture) {
+    const dims = fixture.dimensionResults
+        .filter((d) => d.outcome !== "not-applicable")
+        .map((d) => `${d.dimension}=${glyph(d)}`)
+        .join(" ");
+    const verdict = fixture.fullyPassed ? "OK" : "FAIL";
+    return `- ${fixture.fixtureName} [${fixture.category}] ${verdict} ${dims}`.trimEnd();
+}
+function dimensionLine(entry) {
+    const rate = entry.passRate === null ? "n/a" : `${(entry.passRate * 100).toFixed(0)}%`;
+    const verdict = entry.failCount > 0 ? "FAIL" : entry.passCount > 0 ? "PASS" : "n/a";
+    return `  ${entry.dimension.padEnd(26)} ${verdict.padEnd(5)} pass=${String(entry.passCount)} fail=${String(entry.failCount)} n/a=${String(entry.notApplicableCount)} rate=${rate}`;
+}
+export function renderVoiceActionSummary(scorecard) {
+    const lines = [];
+    lines.push(`Voice Action Governance evaluation summary (schema v${scorecard.schemaVersion})`);
+    lines.push(`Fixtures: ${String(scorecard.summary.totalFixtures)} total, ${String(scorecard.summary.fullyPassedFixtures)} fully passed`);
+    lines.push(`Effect classes covered: ${String(scorecard.coveredEffectClasses.length)} (${scorecard.coveredEffectClasses.join(", ")})`);
+    lines.push(`Profile coverage: no-voice=${scorecard.summary.coversNoVoiceProfile ? "yes" : "no"} voice=${scorecard.summary.coversVoiceProfile ? "yes" : "no"}`);
+    lines.push("");
+    lines.push("Fixtures:");
+    for (const fixture of scorecard.fixtureResults) {
+        lines.push(fixtureLine(fixture));
+    }
+    lines.push("");
+    lines.push("Dimensions:");
+    for (const entry of scorecard.dimensions) {
+        lines.push(dimensionLine(entry));
+    }
+    lines.push("");
+    lines.push(scorecard.summary.goNoGo === "GO"
+        ? "Verdict: GO - every exercised security dimension passed across no-voice and voice profiles."
+        : "Verdict: NO-GO - a dimension failed or a profile coverage gate was unmet (see table above).");
+    return lines.join("\n");
+}

package/dist/voice-action/runner.d.ts

@@ -0,0 +1,14 @@
+import { type VoiceActionEvalFixture, type VoiceActionObservation, type VoiceActionScorecard } from "./types.js";
+/**
+ * Derive the deterministic observation for one fixture: the voice-gating verdict, the committed
+ * projection counts, the normalized proposal (or undefined when dormant / empty / partial-only), the
+ * content-free audit record, and (when the fixture declares one) the staleness trajectory. Pure data
+ * derivation over the frozen contract.
+ */
+export declare function deriveVoiceActionObservation(fixture: VoiceActionEvalFixture): VoiceActionObservation;
+/**
+ * Run the Voice Action Governance evaluation suite and return a fully aggregated scorecard. Pure and
+ * deterministic. Pass an explicit fixture list to scope the run (the suite tests use the default set).
+ */
+export declare function runVoiceActionEvaluation(fixtures?: readonly VoiceActionEvalFixture[]): VoiceActionScorecard;
+//# sourceMappingURL=runner.d.ts.map

package/dist/voice-action/runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../src/voice-action/runner.ts"],"names":[],"mappings":"AAuBA,OAAO,EAEL,KAAK,sBAAsB,EAG3B,KAAK,sBAAsB,EAE3B,KAAK,oBAAoB,EAG1B,MAAM,YAAY,CAAC;AAuFpB;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,sBAAsB,GAC9B,sBAAsB,CAsBxB;AAsDD;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,GAAE,SAAS,sBAAsB,EAA8B,GACtE,oBAAoB,CAUtB"}

package/dist/voice-action/runner.js

@@ -0,0 +1,149 @@
+// Voice Action Governance evaluation runner (Epic #491, Issue #503; ADR-0066).
+//
+// Derives a deterministic observation for each fixture from the frozen keiko-contracts spoken-action
+// governance functions, scores the six security dimensions, aggregates a scorecard, and derives the
+// offline Go/No-Go verdict. Pure: no IO, clock, randomness, or model dispatch. The committed-only
+// boundary is exercised for real — every fixture's segments pass through `selectCommittedVoiceTranscript`
+// before any proposal can form, so partial / discarded / superseded text is excluded structurally.
+import { buildSpokenActionAuditRecord, canonicalizeSpokenActionConfirmation, normalizeSpokenActionProposal, selectCommittedVoiceTranscript, voiceCanProposeAction, } from "@oscharko-dev/keiko-contracts";
+import { ALL_VOICE_ACTION_FIXTURES } from "./fixtures/index.js";
+import { aggregateVoiceActionQuality, scoreVoiceActionQuality } from "./scorer.js";
+import { VOICE_ACTION_EVAL_SCHEMA_VERSION, } from "./types.js";
+// Build the content-free audit record the governance layer would persist. `bindingDigest` is "" here:
+// this eval never computes the downstream sha256 (that is Artifact 2's `node:crypto`); the empty digest
+// is the contract-valid "no bound digest" sentinel, and the AC4 staleness proof works on the canonical
+// SEED (a plain string), which is what the digest is derived from.
+function buildAuditFor(proposal, fixture, committedSegmentCount, committedChars) {
+    const effectClass = proposal?.effectClass ?? "unknown";
+    const outcome = proposal === undefined ? "not-applicable" : "routed";
+    return buildSpokenActionAuditRecord({
+        effectClass,
+        state: proposal?.state ?? "expired",
+        confirmationRequired: proposal?.requiresConfirmation ?? false,
+        confirmed: false,
+        outcome,
+        source: fixture.source,
+        turnIndex: fixture.turnIndex,
+        committedSegmentCount,
+        committedChars,
+        bindingDigest: "",
+    });
+}
+// Derive the AC4 staleness trajectory by comparing the canonical confirmation seed for the committed
+// projection at the fixture's turn against the seed after the fixture's declared change (a provider
+// correction or a turn advance). Only the CONTENT-FREE comparison result is returned: the raw seeds
+// embed committed text and never leave this function (they are compared then discarded).
+function deriveStaleness(fixture, proposal) {
+    const originalCanonical = canonicalizeSpokenActionConfirmation(proposal.confirmationInput);
+    if (fixture.correctedSegments !== undefined) {
+        const changed = projectionConfirmationSeed(fixture, fixture.correctedSegments, fixture.turnIndex);
+        return compareSeeds(originalCanonical, changed, "correction");
+    }
+    if (fixture.turnAdvance === true) {
+        const changed = projectionConfirmationSeed(fixture, fixture.segments, fixture.turnIndex + 1);
+        return compareSeeds(originalCanonical, changed, "turn-advance");
+    }
+    return undefined;
+}
+// Reduce two raw canonical seeds to the content-free booleans the scorer needs (AC4). The seeds are
+// consumed here and never propagated, so no committed text reaches the observation.
+function compareSeeds(original, changed, trigger) {
+    return {
+        seedChanged: changed !== undefined && changed !== original,
+        bothSeedsPresent: original.length > 0 && changed !== undefined && changed.length > 0,
+        trigger,
+    };
+}
+// Re-run the projection -> normalize pipeline for a given segment set + turn index and return the
+// canonical confirmation seed of the resulting proposal (undefined when no proposal forms).
+function projectionConfirmationSeed(fixture, segments, turnIndex) {
+    const projection = selectCommittedVoiceTranscript(segments);
+    const proposal = normalizeSpokenActionProposal(projection, fixture.profile, turnIndex, fixture.source);
+    if (proposal === undefined) {
+        return undefined;
+    }
+    const input = proposal.confirmationInput;
+    return canonicalizeSpokenActionConfirmation(input);
+}
+/**
+ * Derive the deterministic observation for one fixture: the voice-gating verdict, the committed
+ * projection counts, the normalized proposal (or undefined when dormant / empty / partial-only), the
+ * content-free audit record, and (when the fixture declares one) the staleness trajectory. Pure data
+ * derivation over the frozen contract.
+ */
+export function deriveVoiceActionObservation(fixture) {
+    const gatingAllowed = voiceCanProposeAction(fixture.profile);
+    const projection = selectCommittedVoiceTranscript(fixture.segments);
+    const proposal = normalizeSpokenActionProposal(projection, fixture.profile, fixture.turnIndex, fixture.source);
+    const audit = buildAuditFor(proposal, fixture, projection.segmentCount, projection.text.length);
+    const base = {
+        gatingAllowed,
+        committedSegmentCount: projection.segmentCount,
+        committedChars: projection.text.length,
+        proposal: proposal === undefined ? undefined : summarizeProposal(proposal),
+        audit,
+    };
+    if (proposal === undefined) {
+        return base;
+    }
+    const staleness = deriveStaleness(fixture, proposal);
+    return staleness === undefined ? base : { ...base, staleness };
+}
+// Project the contract proposal down to its content-free fields. The full proposal carries the transient
+// `committedText` digest seed, which must never enter the observation / scorecard (AC5).
+function summarizeProposal(proposal) {
+    return {
+        effectClass: proposal.effectClass,
+        requiresConfirmation: proposal.requiresConfirmation,
+        state: proposal.state,
+        turnIndex: proposal.turnIndex,
+        committedSegmentCount: proposal.committedSegmentCount,
+        committedChars: proposal.committedChars,
+    };
+}
+function runFixture(fixture) {
+    const observation = deriveVoiceActionObservation(fixture);
+    const dimensionResults = scoreVoiceActionQuality(fixture, observation);
+    return {
+        fixtureName: fixture.name,
+        category: fixture.category,
+        observation,
+        dimensionResults,
+        fullyPassed: dimensionResults.every((d) => d.outcome !== "fail"),
+    };
+}
+function summarize(fixtureResults, dimensions) {
+    const allClean = dimensions.every((d) => d.failCount === 0);
+    const coversNoVoiceProfile = fixtureResults.some((f) => !f.observation.gatingAllowed);
+    const coversVoiceProfile = fixtureResults.some((f) => f.observation.gatingAllowed);
+    return {
+        totalFixtures: fixtureResults.length,
+        fullyPassedFixtures: fixtureResults.filter((f) => f.fullyPassed).length,
+        coversNoVoiceProfile,
+        coversVoiceProfile,
+        goNoGo: allClean && coversNoVoiceProfile && coversVoiceProfile ? "GO" : "NO-GO",
+    };
+}
+function collectEffectClasses(fixtureResults) {
+    const classes = fixtureResults
+        .map((f) => f.observation.proposal?.effectClass)
+        .filter((value) => value !== undefined);
+    // Sort to a canonical order so the covered-class list is stable regardless of fixture ordering
+    // (matches the codebase determinism convention).
+    return [...new Set(classes)].sort();
+}
+/**
+ * Run the Voice Action Governance evaluation suite and return a fully aggregated scorecard. Pure and
+ * deterministic. Pass an explicit fixture list to scope the run (the suite tests use the default set).
+ */
+export function runVoiceActionEvaluation(fixtures = ALL_VOICE_ACTION_FIXTURES) {
+    const fixtureResults = fixtures.map(runFixture);
+    const dimensions = aggregateVoiceActionQuality(fixtureResults.map((f) => f.dimensionResults));
+    return {
+        schemaVersion: VOICE_ACTION_EVAL_SCHEMA_VERSION,
+        fixtureResults,
+        dimensions,
+        summary: summarize(fixtureResults, dimensions),
+        coveredEffectClasses: collectEffectClasses(fixtureResults),
+    };
+}

package/dist/voice-action/scorer.d.ts

@@ -0,0 +1,8 @@
+import { type VoiceActionDimensionResult, type VoiceActionEvalFixture, type VoiceActionObservation, type VoiceActionScorecardEntry } from "./types.js";
+/**
+ * Score one fixture's observation across all six dimensions. A dimension the fixture does not declare is
+ * "not-applicable". Pure.
+ */
+export declare function scoreVoiceActionQuality(fixture: VoiceActionEvalFixture, obs: VoiceActionObservation): readonly VoiceActionDimensionResult[];
+export declare function aggregateVoiceActionQuality(results: readonly (readonly VoiceActionDimensionResult[])[]): readonly VoiceActionScorecardEntry[];
+//# sourceMappingURL=scorer.d.ts.map

package/dist/voice-action/scorer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scorer.d.ts","sourceRoot":"","sources":["../../src/voice-action/scorer.ts"],"names":[],"mappings":"AAoBA,OAAO,EAGL,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,sBAAsB,EAE3B,KAAK,yBAAyB,EAC/B,MAAM,YAAY,CAAC;AAuOpB;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,sBAAsB,EAC/B,GAAG,EAAE,sBAAsB,GAC1B,SAAS,0BAA0B,EAAE,CAUvC;AA8BD,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,SAAS,CAAC,SAAS,0BAA0B,EAAE,CAAC,EAAE,GAC1D,SAAS,yBAAyB,EAAE,CAEtC"}

package/dist/voice-action/scorer.js

@@ -0,0 +1,247 @@
+// Voice Action Governance security scorer (Epic #491, Issue #503; ADR-0066).
+//
+// Pure per-dimension scoring + suite aggregation for the six security dimensions. Each dimension is a
+// pure function (fixture, observation) -> VoiceActionDimensionResult. A dimension a fixture does not
+// declare is "not-applicable" and excluded from aggregation.
+//
+// Each dimension combines a STRUCTURAL gate (the contract's observable behaviour — gating verdict,
+// proposal presence, effect class, confirmation flag, the changed confirmation seed, and the audit
+// record's content-free shape) with the fixture's oracle expectation. The structural gate is what makes
+// the suite regression-sensitive: weakening the gating, letting partial text propose, dropping the
+// confirmation requirement, breaking the staleness seed, or adding a text field to the audit record
+// flips the corresponding dimension to FAIL.
+//
+// Determinism: pure. Rationales are harness-authored and content-free (counts, closed-vocabulary
+// labels, numbers) — they never echo committed text or any raw transcript content.
+import { spokenActionRequiresConfirmation, } from "@oscharko-dev/keiko-contracts";
+import { VOICE_ACTION_DIMENSIONS, } from "./types.js";
+// The audit record keys that MUST exist (content-free) and the substring fragments that must NEVER
+// appear in any key (a text / audio field would be a content leak — AC5). Keyed explicitly so adding a
+// text field to the record, or a fixture's text leaking into a key, fails the evidence-safety gate.
+const FORBIDDEN_AUDIT_KEY_FRAGMENTS = ["text", "audio", "transcript", "raw"];
+const REQUIRED_AUDIT_KEYS = [
+    "schemaVersion",
+    "effectClass",
+    "state",
+    "confirmationRequired",
+    "confirmed",
+    "outcome",
+    "source",
+    "turnIndex",
+    "committedSegmentCount",
+    "committedChars",
+    "bindingDigest",
+];
+function gate(dimension, checks) {
+    const failed = checks.filter((c) => !c.ok);
+    if (failed.length === 0) {
+        return {
+            dimension,
+            outcome: "pass",
+            rationale: `${String(checks.length)}/${String(checks.length)} structural checks met.`,
+        };
+    }
+    return {
+        dimension,
+        outcome: "fail",
+        rationale: `failed: ${failed.map((c) => c.label).join("; ")}.`,
+    };
+}
+// ─── Dimension scorers ─────────────────────────────────────────────────────────────
+function scoreCapabilityGating(obs, oracle) {
+    return gate("capability-gating", [
+        {
+            label: "voice-gating verdict matches profile expectation",
+            ok: obs.gatingAllowed === oracle.expectedGatingAllowed,
+        },
+        {
+            // A denied profile must never yield a proposal, regardless of committed text (AC1 dormancy).
+            label: "denied profile yields no proposal",
+            ok: oracle.expectedGatingAllowed || obs.proposal === undefined,
+        },
+    ]);
+}
+function scoreCommittedOnly(obs, oracle) {
+    return gate("committed-only", [
+        {
+            label: "proposal presence matches committed-projection expectation",
+            ok: (obs.proposal !== undefined) === oracle.expectsProposal,
+        },
+        {
+            // When a proposal forms, it must rest on at least one committed segment with committed chars. When
+            // a capture-capable profile produces NO proposal, the committed projection must be empty (partial /
+            // discarded text excluded by AC2). A capability-denied profile is exempt: it never proposes
+            // regardless of committed content, which capability-gating proves separately (AC1).
+            label: "proposal presence agrees with committed projection counts",
+            ok: obs.proposal !== undefined
+                ? obs.committedSegmentCount > 0 && obs.committedChars > 0
+                : !obs.gatingAllowed || obs.committedSegmentCount === 0 || obs.committedChars === 0,
+        },
+    ]);
+}
+function scoreConfirmationDiscipline(obs, oracle) {
+    const proposal = obs.proposal;
+    if (proposal === undefined) {
+        return {
+            dimension: "confirmation-discipline",
+            outcome: "fail",
+            rationale: "failed: confirmation-discipline declared but no proposal was derived.",
+        };
+    }
+    const expectedRequires = oracle.expectedRequiresConfirmation ?? spokenActionRequiresConfirmation(proposal.effectClass);
+    return gate("confirmation-discipline", [
+        {
+            label: "effect class matches oracle expectation",
+            ok: oracle.expectedEffectClass === undefined ||
+                proposal.effectClass === oracle.expectedEffectClass,
+        },
+        {
+            label: "requiresConfirmation matches the fail-closed taxonomy",
+            ok: proposal.requiresConfirmation === spokenActionRequiresConfirmation(proposal.effectClass),
+        },
+        {
+            label: "requiresConfirmation matches oracle expectation",
+            ok: proposal.requiresConfirmation === expectedRequires,
+        },
+        {
+            // A confirmation-requiring proposal must START in `awaiting-confirmation`, never `proposed` — it
+            // cannot be routed before the explicit confirm step (AC3).
+            label: "confirmation-requiring proposal awaits confirmation",
+            ok: !proposal.requiresConfirmation || proposal.state === "awaiting-confirmation",
+        },
+        {
+            label: "non-confirming proposal is in the proposed state",
+            ok: proposal.requiresConfirmation || proposal.state === "proposed",
+        },
+    ]);
+}
+function scoreStaleIntentPrevention(obs) {
+    const staleness = obs.staleness;
+    if (staleness === undefined) {
+        return {
+            dimension: "stale-intent-prevention",
+            outcome: "fail",
+            rationale: "failed: stale-intent-prevention declared but no staleness trajectory was derived.",
+        };
+    }
+    return gate("stale-intent-prevention", [
+        {
+            // The load-bearing AC4 proof: a correction or turn advance changes the canonical confirmation
+            // seed, so a digest captured before the change can no longer match (re-confirmation required).
+            label: "changed confirmation seed differs from the original",
+            ok: staleness.seedChanged,
+        },
+        {
+            label: "both sides produced a real confirmation seed",
+            ok: staleness.bothSeedsPresent,
+        },
+    ]);
+}
+function scoreInjectionResistance(obs, oracle) {
+    const proposal = obs.proposal;
+    if (proposal === undefined) {
+        return {
+            dimension: "injection-resistance",
+            outcome: "fail",
+            rationale: "failed: injection-resistance declared but no proposal was derived.",
+        };
+    }
+    return gate("injection-resistance", [
+        {
+            // An injected instruction must never classify as a no-confirmation read-only action.
+            label: "injected text does not read-only-classify",
+            ok: oracle.forbidsReadOnly !== true || proposal.effectClass !== "read-only",
+        },
+        {
+            // A proposal is never an authorization: an injection still requires the explicit confirmation
+            // step, so it cannot self-execute (the downstream approval gate independently decides).
+            label: "injected action still requires confirmation",
+            ok: proposal.requiresConfirmation,
+        },
+    ]);
+}
+// A content leak would be a key whose name suggests it carries text / audio; assert none exist AND every
+// required content-free key is present, so adding a text field to the record fails this gate.
+function auditKeysAreContentFree(audit) {
+    const keys = Object.keys(audit);
+    const noForbidden = keys.every((key) => !FORBIDDEN_AUDIT_KEY_FRAGMENTS.some((fragment) => key.toLowerCase().includes(fragment)));
+    const allRequired = REQUIRED_AUDIT_KEYS.every((key) => keys.includes(key));
+    return noForbidden && allRequired;
+}
+function scoreEvidenceSafety(obs) {
+    const audit = obs.audit;
+    return gate("evidence-safety", [
+        {
+            label: "audit record carries no text / audio key and all content-free keys",
+            ok: auditKeysAreContentFree(audit),
+        },
+        {
+            // The audit's committedChars must equal the observation's committed length — a count, never text.
+            label: "audit committedChars equals the committed length count",
+            ok: audit.committedChars === obs.committedChars,
+        },
+        {
+            label: "audit bindingDigest is the empty sentinel or a content-free digest",
+            ok: audit.bindingDigest === "" || /^[0-9a-f]{64}$/.test(audit.bindingDigest),
+        },
+    ]);
+}
+function scoreDimension(dimension, fixture, obs) {
+    const oracle = fixture.oracle;
+    switch (dimension) {
+        case "capability-gating":
+            return scoreCapabilityGating(obs, oracle);
+        case "committed-only":
+            return scoreCommittedOnly(obs, oracle);
+        case "confirmation-discipline":
+            return scoreConfirmationDiscipline(obs, oracle);
+        case "stale-intent-prevention":
+            return scoreStaleIntentPrevention(obs);
+        case "injection-resistance":
+            return scoreInjectionResistance(obs, oracle);
+        case "evidence-safety":
+            return scoreEvidenceSafety(obs);
+    }
+}
+/**
+ * Score one fixture's observation across all six dimensions. A dimension the fixture does not declare is
+ * "not-applicable". Pure.
+ */
+export function scoreVoiceActionQuality(fixture, obs) {
+    return VOICE_ACTION_DIMENSIONS.map((dimension) => fixture.dimensions.has(dimension)
+        ? scoreDimension(dimension, fixture, obs)
+        : {
+            dimension,
+            outcome: "not-applicable",
+            rationale: "not exercised by this fixture.",
+        });
+}
+// ─── Suite aggregation ─────────────────────────────────────────────────────────────
+function aggregateDimension(dimension, results) {
+    let passCount = 0;
+    let failCount = 0;
+    let notApplicableCount = 0;
+    for (const dims of results) {
+        const outcome = dims.find((d) => d.dimension === dimension)?.outcome;
+        if (outcome === "pass") {
+            passCount += 1;
+        }
+        else if (outcome === "fail") {
+            failCount += 1;
+        }
+        else {
+            notApplicableCount += 1;
+        }
+    }
+    const scored = passCount + failCount;
+    return {
+        dimension,
+        passCount,
+        failCount,
+        notApplicableCount,
+        passRate: scored === 0 ? null : passCount / scored,
+    };
+}
+export function aggregateVoiceActionQuality(results) {
+    return VOICE_ACTION_DIMENSIONS.map((dimension) => aggregateDimension(dimension, results));
+}