@sunaiva/gate 1.0.0 → 1.1.2

package/dist/engine/ship-confidence-gate.js

@@ -0,0 +1,768 @@
+/**
+ * ShipConfidenceGate — TypeScript port of .claude/hooks/ship_confidence_gate.py v1.2.0
+ *
+ * HOOK_NAME    = ship_confidence_gate
+ * HOOK_VERSION = 1.2.0 (ts-port)
+ * RULE         = Rule 42 — Ship Confidence Gate (constitutional / HARD)
+ *
+ * DUAL-TIER AUTHORIZATION:
+ *   PAID  : Cryptographically-signed Verdict file at
+ *           <genesis-root>/data/ship_confidence_verdicts/<artifact>.signed.json
+ *           Verified against env $SHIP_CONFIDENCE_SIGNING_KEY (HMAC-SHA256 over
+ *           canonical JSON, signature field excluded). Allow iff:
+ *             - signature is valid (constant-time)
+ *             - level == "GREEN"
+ *             - signed_at within last 60 minutes
+ *           Tagged in audit ledger as tier=paid.
+ *
+ *   FREE  : One-time approval token at
+ *           <genesis-root>/data/deploy_queue/APPROVAL_TOKENS/<artifact>.json
+ *           Token must be fresh (<1h). Tagged tier=free; includes upgrade hint.
+ *
+ *   When NEITHER produces an allow, block-with-attribution message names BOTH
+ *   paths so the operator knows the two ways to unblock.
+ *
+ * SELF-STAMPING:
+ *   Every allow / block payload carries hook_name, hook_version, rule_name,
+ *   rule_version, why, suggested_fix, artifact_id, command_preview, timestamp.
+ *
+ * ESCAPE HATCHES:
+ *   DISABLE_SUNAIVA_GATE=1       — emergency bypass (allow + log bypass event)
+ *   SUNAIVA_GATE_DRY_RUN=1       — warn-only (would-have-blocked notice, allow)
+ *
+ * AUDIT LEDGER (per Opus orchestrator decision [VERIFY] item 5):
+ *   Single file: ~/.sunaiva/audit/audit.jsonl with `event_type` field for
+ *   queryability. Event types written by this gate:
+ *     - ship_confidence_allow
+ *     - ship_confidence_block
+ *     - ship_confidence_bypass
+ *     - ship_confidence_dry_run
+ *     - ship_confidence_error
+ *
+ * FAIL-OPEN:
+ *   Any uncaught exception below the public check() boundary returns ALLOW
+ *   with audit type=error. NEVER blocks on hook-internal bugs.
+ *
+ * Source of truth: .claude/hooks/ship_confidence_gate.py v1.2.0 (18/18 tests pass).
+ * Ported: 2026-05-12 (Wave 2 builder B2).
+ */
+import { existsSync, mkdirSync, readFileSync, appendFileSync, readdirSync, unlinkSync, } from "node:fs";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
+import { canonicalJson, verifyHmac } from "./hmac-verifier.js";
+// ---------------------------------------------------------------------------
+// Self-stamp constants
+// ---------------------------------------------------------------------------
+export const HOOK_NAME = "ship_confidence_gate";
+export const HOOK_VERSION = "1.2.0";
+export const RULE_NAME = "Rule 42 — Ship Confidence Gate";
+export const RULE_VERSION = "1.0";
+// Defaults matching the Python source.
+const DEFAULT_VERDICT_MAX_AGE_MINUTES = 60;
+const DEFAULT_TOKEN_TTL_SECONDS = 3600;
+const DEFAULT_ALLOWED_LEVELS = ["GREEN"];
+const DEFAULT_SIGNING_KEY_ENV = "SHIP_CONFIDENCE_SIGNING_KEY";
+// Audit log path (single file with event_type field per orchestrator decision).
+const DEFAULT_AUDIT_DIR = join(homedir(), ".sunaiva", "audit");
+const DEFAULT_AUDIT_PATH = join(DEFAULT_AUDIT_DIR, "audit.jsonl");
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function nowIso() {
+    return new Date().toISOString();
+}
+/** Match the Python _sanitize: non-[A-Za-z0-9._-] → '-', strip dashes, max 128. */
+export function sanitizeArtifactId(artifactId) {
+    return artifactId
+        .replace(/[^A-Za-z0-9._-]/g, "-")
+        .replace(/^-+|-+$/g, "")
+        .slice(0, 128);
+}
+/**
+ * Detect the genesis-system root, matching the Python _detect_genesis_root logic.
+ * Priority: env override → WSL path → Windows path → fall back to a path that
+ * may not exist (so log paths stay consistent).
+ */
+function detectGenesisRoot(env) {
+    for (const k of ["GENESIS_ROOT", "CLAUDE_PROJECT_DIR"]) {
+        const v = (env[k] ?? "").trim();
+        if (v && existsSync(v))
+            return v;
+    }
+    const wsl = "/mnt/e/genesis-system";
+    const win = "E:/genesis-system";
+    if (existsSync(win))
+        return win;
+    if (existsSync(wsl))
+        return wsl;
+    return win;
+}
+/** Safe JSONL append — never throws. */
+function safeAppendJsonl(path, record) {
+    try {
+        mkdirSync(dirname(path), { recursive: true });
+        appendFileSync(path, JSON.stringify(record) + "\n", { encoding: "utf-8" });
+    }
+    catch {
+        /* fail-open on log failure */
+    }
+}
+/** Parse signed_at ISO timestamps tolerantly (accepts 'Z' suffix). */
+function parseSignedAt(raw) {
+    if (raw instanceof Date)
+        return raw;
+    if (typeof raw !== "string")
+        return null;
+    try {
+        const normalized = raw.endsWith("Z") ? raw.replace(/Z$/, "+00:00") : raw;
+        // Node Date parser handles both ISO-8601 with offset and the trailing-Z form.
+        const d = new Date(normalized);
+        if (isNaN(d.getTime()))
+            return null;
+        return d;
+    }
+    catch {
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Main gate class
+// ---------------------------------------------------------------------------
+export class ShipConfidenceGate {
+    verdictDir;
+    approvalDir;
+    maxAgeMinutes;
+    signingKeyEnv;
+    allowedLevels;
+    tokenTtlSeconds;
+    genesisRoot;
+    auditLogPath;
+    env;
+    constructor(opts = {}) {
+        this.env = opts.env ?? process.env;
+        this.genesisRoot = opts.genesisRoot ?? detectGenesisRoot(this.env);
+        this.verdictDir =
+            opts.verdictDir ?? join(this.genesisRoot, "data", "ship_confidence_verdicts");
+        this.approvalDir =
+            opts.approvalDir ?? join(this.genesisRoot, "data", "deploy_queue", "APPROVAL_TOKENS");
+        this.maxAgeMinutes = opts.maxAgeMinutes ?? DEFAULT_VERDICT_MAX_AGE_MINUTES;
+        this.signingKeyEnv = opts.signingKeyEnv ?? DEFAULT_SIGNING_KEY_ENV;
+        this.allowedLevels = opts.allowedLevels ?? DEFAULT_ALLOWED_LEVELS;
+        this.tokenTtlSeconds = opts.tokenTtlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS;
+        this.auditLogPath =
+            opts.auditLogPath ?? this.env.SUNAIVA_GATE_AUDIT_PATH ?? DEFAULT_AUDIT_PATH;
+    }
+    // -------------------------------------------------------------------------
+    // PAID TIER — signed verdict verification
+    // -------------------------------------------------------------------------
+    /**
+     * Look up and verify the signed Verdict for an artifact.
+     *
+     * Return-value semantics mirror the Python _check_signed_verdict:
+     *   - "allow"     : valid signature, allowed level, fresh → grant
+     *   - "block"     : verdict present but fails policy → HARD block
+     *   - "absent"    : no verdict file → caller tries free-tier fallback
+     *   - "skip_key"  : verdict present but signing key env unset → fall through
+     *
+     * NEVER throws. Any unexpected error → "absent" (the outer fail-open handler
+     * in check() preserves overall fail-OPEN semantics).
+     */
+    async checkSignedVerdict(artifactId) {
+        try {
+            if (!existsSync(this.verdictDir)) {
+                return { decision: "absent", reason: "verdict directory does not exist", evidence: null };
+            }
+            const sanitized = sanitizeArtifactId(artifactId);
+            let verdictPath = join(this.verdictDir, `${sanitized}.signed.json`);
+            if (!existsSync(verdictPath)) {
+                // Fallback: scan for any signed verdict whose payload's run_manifest
+                // product_name matches the requested artifact_id.
+                let found = false;
+                try {
+                    const files = readdirSync(this.verdictDir).filter((f) => f.endsWith(".signed.json"));
+                    for (const f of files) {
+                        const candidate = join(this.verdictDir, f);
+                        try {
+                            const parsed = JSON.parse(readFileSync(candidate, "utf-8"));
+                            const productName = parsed?.run_manifest?.product_name;
+                            if (productName === artifactId) {
+                                verdictPath = candidate;
+                                found = true;
+                                break;
+                            }
+                        }
+                        catch {
+                            // skip malformed files
+                        }
+                    }
+                }
+                catch {
+                    /* ignore directory read failures */
+                }
+                if (!found) {
+                    return {
+                        decision: "absent",
+                        reason: `no signed verdict for ${artifactId}`,
+                        evidence: null,
+                    };
+                }
+            }
+            // Read + parse verdict
+            let verdict;
+            try {
+                const raw = readFileSync(verdictPath, "utf-8");
+                const parsed = JSON.parse(raw);
+                if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+                    return {
+                        decision: "absent",
+                        reason: "verdict file is not a JSON object",
+                        evidence: null,
+                    };
+                }
+                verdict = parsed;
+            }
+            catch (err) {
+                // Malformed file = probably wrong file, not an attack → fall through.
+                const kind = err instanceof Error ? err.constructor.name : "Unknown";
+                return {
+                    decision: "absent",
+                    reason: `verdict file unreadable (${kind})`,
+                    evidence: null,
+                };
+            }
+            const signatureHex = verdict.signature;
+            if (typeof signatureHex !== "string" || signatureHex.length === 0) {
+                return {
+                    decision: "absent",
+                    reason: "verdict has no signature field",
+                    evidence: null,
+                };
+            }
+            // Signing key
+            const signingKeyRaw = this.env[this.signingKeyEnv] ?? "";
+            if (!signingKeyRaw) {
+                return {
+                    decision: "skip_key",
+                    reason: `${this.signingKeyEnv} env var not set — cannot verify signature, falling back to free-tier approval token.`,
+                    evidence: { verdict_path: verdictPath },
+                };
+            }
+            const keyBytes = Buffer.from(signingKeyRaw, "utf-8");
+            // Canonical payload = verdict minus signature field
+            const payloadDict = {};
+            for (const [k, v] of Object.entries(verdict)) {
+                if (k === "signature")
+                    continue;
+                payloadDict[k] = v;
+            }
+            const payloadBytes = canonicalJson(payloadDict);
+            if (!verifyHmac(payloadBytes, signatureHex, keyBytes)) {
+                return {
+                    decision: "block",
+                    reason: "HMAC signature invalid — possible tampering of signed verdict",
+                    evidence: {
+                        verdict_path: verdictPath,
+                        signature_algorithm: verdict.signature_algorithm,
+                        verdict_id: verdict.verdict_id,
+                    },
+                };
+            }
+            // Freshness check
+            const signedAt = parseSignedAt(verdict.signed_at);
+            if (signedAt === null) {
+                return {
+                    decision: "block",
+                    reason: "signed_at field missing or unparseable — verdict cannot be aged",
+                    evidence: { verdict_path: verdictPath },
+                };
+            }
+            const ageMinutes = (Date.now() - signedAt.getTime()) / 60000;
+            if (ageMinutes > this.maxAgeMinutes) {
+                return {
+                    decision: "block",
+                    reason: `verdict is stale (${ageMinutes.toFixed(1)} min old, max ${this.maxAgeMinutes} min) — re-run sunaiva-ship-confidence skill`,
+                    evidence: {
+                        verdict_path: verdictPath,
+                        verdict_id: verdict.verdict_id,
+                        age_minutes: Number(ageMinutes.toFixed(2)),
+                    },
+                };
+            }
+            // Level check
+            const level = (verdict.level ?? "UNKNOWN");
+            if (!this.allowedLevels.includes(level)) {
+                return {
+                    decision: "block",
+                    reason: `verdict is ${level} (paid tier requires ${this.allowedLevels.join("/")}) — fix findings or acknowledge caveats via free-tier approval token`,
+                    evidence: {
+                        verdict_path: verdictPath,
+                        verdict_id: verdict.verdict_id,
+                        level,
+                    },
+                };
+            }
+            // All checks passed
+            return {
+                decision: "allow",
+                reason: `verdict ${level} + signature valid + fresh (${ageMinutes.toFixed(1)} min)`,
+                evidence: {
+                    verdict_path: verdictPath,
+                    verdict_id: verdict.verdict_id,
+                    level,
+                    signed_at: signedAt.toISOString(),
+                    signature_algorithm: verdict.signature_algorithm,
+                    age_minutes: Number(ageMinutes.toFixed(2)),
+                },
+            };
+        }
+        catch (err) {
+            // Unexpected error → fall through. The outer check() also has fail-open.
+            const kind = err instanceof Error ? err.constructor.name : "Unknown";
+            return {
+                decision: "absent",
+                reason: `paid-tier check raised ${kind}`,
+                evidence: null,
+            };
+        }
+    }
+    // -------------------------------------------------------------------------
+    // FREE TIER — approval token lookup
+    // -------------------------------------------------------------------------
+    /**
+     * Find a fresh approval token matching the artifact_id.
+     * Token must be JSON with at minimum {artifact_id, timestamp}.
+     */
+    async findApprovalToken(artifactId) {
+        try {
+            if (!existsSync(this.approvalDir))
+                return null;
+            const sanitized = sanitizeArtifactId(artifactId);
+            const candidates = [];
+            const exact = join(this.approvalDir, `${sanitized}.json`);
+            if (existsSync(exact))
+                candidates.push(exact);
+            try {
+                const files = readdirSync(this.approvalDir).filter((f) => f.endsWith(".json"));
+                for (const f of files) {
+                    const p = join(this.approvalDir, f);
+                    if (candidates.includes(p))
+                        continue;
+                    try {
+                        const token = JSON.parse(readFileSync(p, "utf-8"));
+                        if (token?.artifact_id === artifactId)
+                            candidates.push(p);
+                    }
+                    catch {
+                        // skip
+                    }
+                }
+            }
+            catch {
+                /* dir read failure */
+            }
+            const nowMs = Date.now();
+            for (const p of candidates) {
+                try {
+                    const token = JSON.parse(readFileSync(p, "utf-8"));
+                    let ts = token?.timestamp;
+                    if (typeof ts === "string") {
+                        // ISO-8601 → epoch seconds (matching Python behaviour)
+                        const dt = parseSignedAt(ts);
+                        if (dt)
+                            ts = dt.getTime() / 1000;
+                        else
+                            continue;
+                    }
+                    if (typeof ts !== "number")
+                        continue;
+                    // timestamp is in seconds (Python time.time() convention)
+                    if (nowMs / 1000 - ts < this.tokenTtlSeconds)
+                        return p;
+                }
+                catch {
+                    continue;
+                }
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+    /** Single-use token consumption. Never throws. */
+    async consumeToken(tokenPath) {
+        try {
+            unlinkSync(tokenPath);
+        }
+        catch {
+            /* fail-open */
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Public output formatters (self-stamping helpers)
+    // -------------------------------------------------------------------------
+    /** Self-stamped allow payload (matches Python format_allow + _stamp). */
+    formatAllow(opts) {
+        const stamp = {
+            hook_name: HOOK_NAME,
+            hook_version: HOOK_VERSION,
+            rule_name: RULE_NAME,
+            rule_version: RULE_VERSION,
+            why: opts.why,
+            suggested_fix: "",
+            artifact_id: opts.artifactId,
+            command_preview: (opts.commandPreview ?? "").slice(0, 300),
+            timestamp: nowIso(),
+            label: opts.label,
+            tier: opts.tier,
+        };
+        const ctxPrefix = `[${HOOK_NAME} v${HOOK_VERSION}]`;
+        const tierTag = opts.tier ? `[tier=${opts.tier}] ` : "";
+        return {
+            continue: true,
+            additionalContext: `${ctxPrefix} ${tierTag}${opts.extraContext ?? opts.why}`,
+            _stamp: stamp,
+        };
+    }
+    /** Self-stamped block payload (matches Python format_block + _stamp). */
+    formatBlock(opts) {
+        const lines = [
+            `[${HOOK_NAME} v${HOOK_VERSION}] SHIP-CONFIDENCE GATE — ${RULE_NAME}`,
+            `BLOCKED: ${opts.label}`,
+            `Artifact: ${opts.artifactId}`,
+            `Why: ${opts.reason}`,
+            "",
+            `Suggested fix: ${opts.suggestedFix}`,
+            "",
+            "Override is NOT available — this gate is constitutional (Rule 42).",
+            "Emergency bypass: set DISABLE_SUNAIVA_GATE=1 (logged to audit.jsonl).",
+            "Test workflow:    set SUNAIVA_GATE_DRY_RUN=1 (warn-only, never blocks).",
+        ];
+        const stamp = {
+            hook_name: HOOK_NAME,
+            hook_version: HOOK_VERSION,
+            rule_name: RULE_NAME,
+            rule_version: RULE_VERSION,
+            why: opts.reason,
+            suggested_fix: opts.suggestedFix,
+            artifact_id: opts.artifactId,
+            command_preview: (opts.commandPreview ?? "").slice(0, 300),
+            timestamp: nowIso(),
+            label: opts.label,
+        };
+        return {
+            continue: false,
+            decision: "block",
+            reason: `[${HOOK_NAME} v${HOOK_VERSION}] ${opts.label} — ${opts.reason}. Artifact=${opts.artifactId}. ${opts.suggestedFix}`,
+            stopReason: `[${HOOK_NAME}] ${opts.label}: ${opts.reason}`,
+            message: lines.join("\n"),
+            _stamp: stamp,
+        };
+    }
+    // -------------------------------------------------------------------------
+    // Public audit-write helpers
+    // -------------------------------------------------------------------------
+    /**
+     * Write an entry to the unified audit ledger. Matches the schema in §6.2 of
+     * BUILD_PLAN_1_1_0_WAVE2_BRIEFS.md and tags it with event_type so a single
+     * file is queryable (Opus orchestrator decision on [VERIFY] item 5).
+     */
+    writeAudit(entry) {
+        const stamped = {
+            timestamp: nowIso(),
+            gate_version: HOOK_VERSION,
+            hook_name: HOOK_NAME,
+            ...entry,
+        };
+        safeAppendJsonl(this.auditLogPath, stamped);
+    }
+    /** Expose the audit log path for tests and tooling. */
+    getAuditLogPath() {
+        return this.auditLogPath;
+    }
+    // -------------------------------------------------------------------------
+    // Top-level orchestrator
+    // -------------------------------------------------------------------------
+    /**
+     * Run the full gate logic for a given artifact_id + optional command preview.
+     * Returns a GateResult with a final allow/block decision and a self-stamped
+     * payload. Audit entries are written to the unified ledger.
+     *
+     * Behaviour order (matching Python main()):
+     *   0. Kill-switch (DISABLE_SUNAIVA_GATE=1) → allow, log bypass.
+     *   1. Dry-run (SUNAIVA_GATE_DRY_RUN=1) → probe both tiers, log dry-run, allow.
+     *   2. PAID tier → if allow, return allow tier=paid.
+     *                  If block, hard-block (never fall through).
+     *                  If absent/skip_key, continue to free tier.
+     *   3. FREE tier → token present and fresh → allow tier=free.
+     *                  Token missing → block with dual-path hint.
+     *
+     * FAIL-OPEN: any uncaught exception → allow with audit event_type=ship_confidence_error.
+     */
+    async check(artifactId, options = {}) {
+        const commandPreview = (options.commandPreview ?? "").slice(0, 300);
+        const label = options.label ?? "publish-class action";
+        try {
+            // 0. Kill-switch
+            if (this.env.DISABLE_SUNAIVA_GATE === "1") {
+                this.writeAudit({
+                    event_type: "ship_confidence_bypass",
+                    type: "bypass",
+                    tier: null,
+                    audit_status: "BYPASSED",
+                    artifact_id: artifactId,
+                    command_preview: commandPreview,
+                    evidence: null,
+                    reason: "DISABLE_SUNAIVA_GATE=1 — kill-switch active",
+                });
+                const allowPayload = this.formatAllow({
+                    artifactId,
+                    tier: null,
+                    why: "BYPASSED via DISABLE_SUNAIVA_GATE=1 — event logged",
+                    commandPreview,
+                    label,
+                });
+                return {
+                    decision: "allow",
+                    tier: null,
+                    reason: allowPayload.additionalContext,
+                    evidence: {},
+                    stamp: allowPayload._stamp,
+                    bypassed: true,
+                };
+            }
+            // 1. Dry-run: probe both tiers but never enforce
+            const dryRun = this.env.SUNAIVA_GATE_DRY_RUN === "1";
+            // 2. PAID tier
+            const paid = await this.checkSignedVerdict(artifactId);
+            if (dryRun) {
+                // Probe free tier in parallel so the dry-run message is informative.
+                let dryReason;
+                let wouldHaveBeen = "block";
+                if (paid.decision === "allow") {
+                    dryReason = `would have allowed (tier=paid: ${paid.reason})`;
+                    wouldHaveBeen = "allow";
+                }
+                else if (paid.decision === "block") {
+                    dryReason = `would have blocked (tier=paid: ${paid.reason})`;
+                    wouldHaveBeen = "block";
+                }
+                else {
+                    const tokenPath = await this.findApprovalToken(artifactId);
+                    if (tokenPath) {
+                        dryReason = "would have allowed (tier=free, approval token present)";
+                        wouldHaveBeen = "allow";
+                    }
+                    else {
+                        dryReason = `no signed verdict and no approval token (paid: ${paid.reason})`;
+                        wouldHaveBeen = "block";
+                    }
+                }
+                this.writeAudit({
+                    event_type: "ship_confidence_dry_run",
+                    type: wouldHaveBeen === "block" ? "dry_run_block" : "dry_run_pass",
+                    tier: paid.decision === "allow" ? "paid" : null,
+                    audit_status: "DRY_RUN",
+                    dry_run: true,
+                    artifact_id: artifactId,
+                    command_preview: commandPreview,
+                    evidence: paid.evidence,
+                    reason: dryReason,
+                    would_have_blocked: wouldHaveBeen === "block" ? [artifactId] : [],
+                });
+                const payload = this.formatAllow({
+                    artifactId,
+                    tier: null,
+                    why: `DRY RUN — ${dryReason}`,
+                    commandPreview,
+                    label,
+                    extraContext: `DRY RUN — ${dryReason}. Set SUNAIVA_GATE_DRY_RUN=0 to enforce.`,
+                });
+                return {
+                    decision: "allow",
+                    tier: null,
+                    reason: payload.additionalContext,
+                    evidence: paid.evidence ?? {},
+                    stamp: payload._stamp,
+                    would_have_been: wouldHaveBeen,
+                };
+            }
+            if (paid.decision === "allow") {
+                this.writeAudit({
+                    event_type: "ship_confidence_allow",
+                    type: "ship_confidence_allow",
+                    tier: "paid",
+                    audit_status: "SIGNED_VERDICT_GREEN",
+                    artifact_id: artifactId,
+                    command_preview: commandPreview,
+                    evidence: paid.evidence,
+                    reason: paid.reason,
+                });
+                const payload = this.formatAllow({
+                    artifactId,
+                    tier: "paid",
+                    why: `signed verdict GREEN for ${artifactId} — ${paid.reason}`,
+                    commandPreview,
+                    label,
+                });
+                return {
+                    decision: "allow",
+                    tier: "paid",
+                    reason: payload.additionalContext,
+                    evidence: paid.evidence ?? {},
+                    verdict_id: paid.evidence?.verdict_id,
+                    level: paid.evidence?.level,
+                    signed_at: paid.evidence?.signed_at,
+                    age_minutes: paid.evidence?.age_minutes,
+                    stamp: payload._stamp,
+                };
+            }
+            if (paid.decision === "block") {
+                const sanitized = sanitizeArtifactId(artifactId);
+                const suggestedFix = `Re-run sunaiva-ship-confidence skill to produce a fresh GREEN verdict at ` +
+                    `data/ship_confidence_verdicts/${sanitized}.signed.json. ` +
+                    `If the signature is invalid, the verdict file may have been modified post-signing.`;
+                const blockReason = `Signed verdict present but rejected: ${paid.reason}`;
+                const payload = this.formatBlock({
+                    label,
+                    reason: blockReason,
+                    artifactId,
+                    commandPreview,
+                    suggestedFix,
+                });
+                this.writeAudit({
+                    event_type: "ship_confidence_block",
+                    type: "ship_confidence_block",
+                    tier: "paid",
+                    audit_status: "SIGNED_VERDICT_REJECTED",
+                    artifact_id: artifactId,
+                    command_preview: commandPreview,
+                    evidence: paid.evidence,
+                    reason: blockReason,
+                    violations: ["rule-42"],
+                });
+                return {
+                    decision: "block",
+                    tier: "paid",
+                    reason: payload.reason,
+                    evidence: paid.evidence ?? {},
+                    stamp: payload._stamp,
+                };
+            }
+            // paid.decision === "absent" or "skip_key" → free tier
+            const paidFallthrough = paid.reason;
+            // 3. FREE tier — approval token check
+            const tokenPath = await this.findApprovalToken(artifactId);
+            if (tokenPath === null) {
+                const sanitized = sanitizeArtifactId(artifactId);
+                const blockReason = `No signed verdict (paid) and no fresh (<1h) approval token (free) for ${artifactId}. ` +
+                    `Paid path: ${paidFallthrough}`;
+                const suggestedFix = `(paid) Run sunaiva-ship-confidence skill to produce a signed verdict at ` +
+                    `data/ship_confidence_verdicts/${sanitized}.signed.json ` +
+                    `(requires ${this.signingKeyEnv} env var). ` +
+                    `OR (free) Surface a Deploy Card to operator and write ` +
+                    `data/deploy_queue/APPROVAL_TOKENS/${sanitized}.json.`;
+                const payload = this.formatBlock({
+                    label,
+                    reason: blockReason,
+                    artifactId,
+                    commandPreview,
+                    suggestedFix,
+                });
+                this.writeAudit({
+                    event_type: "ship_confidence_block",
+                    type: "ship_confidence_block",
+                    tier: null,
+                    audit_status: "NO_AUTHORIZATION",
+                    artifact_id: artifactId,
+                    command_preview: commandPreview,
+                    evidence: { paid_fallthrough_reason: paidFallthrough },
+                    reason: blockReason,
+                    violations: ["rule-42"],
+                });
+                return {
+                    decision: "block",
+                    tier: null,
+                    reason: payload.reason,
+                    evidence: { paid_fallthrough_reason: paidFallthrough },
+                    stamp: payload._stamp,
+                };
+            }
+            // Token found — Phase 1: presence is sufficient (matches Python lenient mode).
+            this.writeAudit({
+                event_type: "ship_confidence_allow",
+                type: "ship_confidence_allow",
+                tier: "free",
+                audit_status: "ACCEPTED",
+                artifact_id: artifactId,
+                command_preview: commandPreview,
+                evidence: {
+                    token_path: tokenPath,
+                    paid_fallthrough_reason: paidFallthrough,
+                },
+                reason: "free-tier approval token accepted",
+                upgrade_hint: "Free tier — no cryptographic proof. Upgrade to sunaiva-ship-confidence for signed verdicts: https://sunaivacore.io/products/ship-confidence",
+            });
+            await this.consumeToken(tokenPath);
+            const payload = this.formatAllow({
+                artifactId,
+                tier: "free",
+                why: `approved publish: ${artifactId}`,
+                commandPreview,
+                label,
+            });
+            return {
+                decision: "allow",
+                tier: "free",
+                reason: payload.additionalContext,
+                evidence: { token_path: tokenPath, paid_fallthrough_reason: paidFallthrough },
+                stamp: payload._stamp,
+            };
+        }
+        catch (err) {
+            // FAIL-OPEN — never block on hook-internal bugs.
+            const errClass = err instanceof Error ? err.constructor.name : "Unknown";
+            const errMsg = err instanceof Error ? err.message : String(err);
+            this.writeAudit({
+                event_type: "ship_confidence_error",
+                type: "error",
+                tier: null,
+                audit_status: "FAIL_OPEN_ON_EXCEPTION",
+                artifact_id: artifactId,
+                command_preview: commandPreview,
+                evidence: null,
+                reason: `gate raised ${errClass}: ${errMsg}`,
+                error_class: errClass,
+                error_message: errMsg,
+            });
+            const payload = this.formatAllow({
+                artifactId,
+                tier: null,
+                why: `FAIL-OPEN on exception (${errClass}) — gate did not enforce`,
+                commandPreview,
+                label,
+            });
+            return {
+                decision: "allow",
+                tier: null,
+                reason: payload.additionalContext,
+                evidence: {},
+                stamp: payload._stamp,
+            };
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Internal helpers exposed for tests
+// ---------------------------------------------------------------------------
+export const __test = {
+    detectGenesisRoot,
+    parseSignedAt,
+    DEFAULT_AUDIT_PATH,
+    DEFAULT_AUDIT_DIR,
+};
+// Re-export the audit path resolver for tests/tooling
+export function defaultAuditLogPath() {
+    return DEFAULT_AUDIT_PATH;
+}
+//# sourceMappingURL=ship-confidence-gate.js.map