@sunaiva/gate 1.1.0 → 1.1.2

package/BUSINESS_LICENSE.md

@@ -1,70 +1,70 @@
-# Business Source License — `@sunaiva/gate`
-
-This package is published under the **Business Source License 1.1 (BUSL-1.1)**.
-The full BUSL-1.1 legal text lives in [`LICENSE`](./LICENSE) and at
-<https://mariadb.com/bsl11/>. This document is a plain-language summary so
-contributors and prospective customers know what they can and cannot do.
-
-## What you can do today, for free
-
-The following uses are licensed at no cost the moment you `npx @sunaiva/gate`:
-
-- **Evaluation, exploration, and proof-of-concept work** in any environment.
-- **Internal development, testing, staging, and CI** runs — including running
-  the gate inside team workflows that never touch external paying customers.
-- **Personal, hobbyist, academic, and research use** of any kind.
-- **Forking, modifying, and redistributing the source code** under the same
-  BUSL-1.1 terms, with attribution preserved.
-
-## What requires a commercial license
-
-You need a paid license from Sunaiva Digital if you use this package to
-provide a service to **third-party paying customers in production** (i.e.
-running it in the critical path of a revenue-generating product before the
-Change Date below). Contact **kinan@sunaiva.ai** for pricing.
-
-## Change Date and Change License
-
-- **Change Date**: **2030-05-10** (4 years after the first publication of
-  `@sunaiva/gate` on the npm registry — version `1.0.0`, 2026-05-10).
-- **Change License**: **Apache License, Version 2.0** (chosen for its broad
-  compatibility, explicit patent grant, and standing as the most common
-  conversion target for BUSL-licensed projects).
-- **Current version**: `1.1.0` ("Foundation Release"), 2026-05-12 — the first
-  release with the full constitutional rule set enforced locally and the Ship
-  Confidence Gate MCP tool wired. The `1.0.x` releases are deprecated on npm
-  (see [`CHANGELOG.md`](./CHANGELOG.md)).
-
-On the Change Date, this version of `@sunaiva/gate` automatically converts to
-Apache-2.0 with no further action required from anyone. Each future minor or
-patch release ships under BUSL-1.1 with its own 4-year clock from its own
-publication date.
-
-## Why BUSL-1.1?
-
-Sunaiva Gate is a **thin, public wrapper** over a deliberately proprietary
-backend. The wrapper code — the rule engine, hook adapter, and CLI — is open
-so anyone can inspect, audit, and extend it. The backend services that
-deliver premium rules, witness validation, signed proof envelopes, and
-on-chain attestation remain **private commercial infrastructure** and are
-not distributed under this license at all.
-
-BUSL-1.1 lets us publish the wrapper openly today, give every user real
-constitutional enforcement out of the box, and still preserve the commercial
-runway needed to fund the backend's development.
-
-## Backend status is unaffected by the Change Date
-
-The backend services are **not** shipped under BUSL-1.1. They are
-proprietary infrastructure operated by Sunaiva Digital. Their licensing
-status is **independent** of any clock in this repository. When the
-`@sunaiva/gate` wrapper converts to Apache-2.0 on 2030-05-10, the backend
-remains commercial and proprietary — only the wrapper code's licence
-changes. Customers relying on backend-tier features will continue to need a
-paid Sunaiva subscription regardless of the wrapper's licence state.
-
-## Questions
-
-- General licensing questions: **kinan@sunaiva.ai**
-- Security concerns: **security@sunaivadigital.com**
-- Commercial / paid tiers: **support@sunaivadigital.com**
+# Business Source License — `@sunaiva/gate`
+
+This package is published under the **Business Source License 1.1 (BUSL-1.1)**.
+The full BUSL-1.1 legal text lives in [`LICENSE`](./LICENSE) and at
+<https://mariadb.com/bsl11/>. This document is a plain-language summary so
+contributors and prospective customers know what they can and cannot do.
+
+## What you can do today, for free
+
+The following uses are licensed at no cost the moment you `npx @sunaiva/gate`:
+
+- **Evaluation, exploration, and proof-of-concept work** in any environment.
+- **Internal development, testing, staging, and CI** runs — including running
+  the gate inside team workflows that never touch external paying customers.
+- **Personal, hobbyist, academic, and research use** of any kind.
+- **Forking, modifying, and redistributing the source code** under the same
+  BUSL-1.1 terms, with attribution preserved.
+
+## What requires a commercial license
+
+You need a paid license from Sunaiva Digital if you use this package to
+provide a service to **third-party paying customers in production** (i.e.
+running it in the critical path of a revenue-generating product before the
+Change Date below). Contact **kinan@sunaiva.ai** for pricing.
+
+## Change Date and Change License
+
+- **Change Date**: **2030-05-10** (4 years after the first publication of
+  `@sunaiva/gate` on the npm registry — version `1.0.0`, 2026-05-10).
+- **Change License**: **Apache License, Version 2.0** (chosen for its broad
+  compatibility, explicit patent grant, and standing as the most common
+  conversion target for BUSL-licensed projects).
+- **Current version**: `1.1.0` ("Foundation Release"), 2026-05-12 — the first
+  release with the full constitutional rule set enforced locally and the Ship
+  Confidence Gate MCP tool wired. The `1.0.x` releases are deprecated on npm
+  (see [`CHANGELOG.md`](./CHANGELOG.md)).
+
+On the Change Date, this version of `@sunaiva/gate` automatically converts to
+Apache-2.0 with no further action required from anyone. Each future minor or
+patch release ships under BUSL-1.1 with its own 4-year clock from its own
+publication date.
+
+## Why BUSL-1.1?
+
+Sunaiva Gate is a **thin, public wrapper** over a deliberately proprietary
+backend. The wrapper code — the rule engine, hook adapter, and CLI — is open
+so anyone can inspect, audit, and extend it. The backend services that
+deliver premium rules, witness validation, signed proof envelopes, and
+on-chain attestation remain **private commercial infrastructure** and are
+not distributed under this license at all.
+
+BUSL-1.1 lets us publish the wrapper openly today, give every user real
+constitutional enforcement out of the box, and still preserve the commercial
+runway needed to fund the backend's development.
+
+## Backend status is unaffected by the Change Date
+
+The backend services are **not** shipped under BUSL-1.1. They are
+proprietary infrastructure operated by Sunaiva Digital. Their licensing
+status is **independent** of any clock in this repository. When the
+`@sunaiva/gate` wrapper converts to Apache-2.0 on 2030-05-10, the backend
+remains commercial and proprietary — only the wrapper code's licence
+changes. Customers relying on backend-tier features will continue to need a
+paid Sunaiva subscription regardless of the wrapper's licence state.
+
+## Questions
+
+- General licensing questions: **kinan@sunaiva.ai**
+- Security concerns: **support@sunaiva.ai**
+- Commercial / paid tiers: **support@sunaiva.ai**

package/CHANGELOG.md

@@ -1,148 +1,254 @@
-# Changelog
-
-All notable changes to `@sunaiva/gate` follow the [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) format and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
----
-
-## [1.1.0] — 2026-05-12 — "Foundation Release"
-
-First publicly-supported release. Closes all 7 CRITICAL findings from the signed
-Ship-Confidence verdict on `1.0.1` (`01KRDBCEYF2CAB21G6Y3E9VVH5`, RED), restores
-the constitutional enforcement promise the README has always made, and ships the
-paid-tier Ship Confidence Gate integration as a real MCP tool rather than a
-README claim.
-
-### Added
-- **MCP server runtime with 6 tools**: `validate_action`, `log_bypass`,
-  `get_rules`, `update_rules`, `get_audit_log`, and (NEW) `ship_confidence_check`.
-- **Ship-confidence gate** — TypeScript port of the Genesis Python hook
-  `.claude/hooks/ship_confidence_gate.py` v1.2.0, exposed both as the
-  `ship_confidence_check` MCP tool and as the `--ship-confidence <artifact-id>`
-  CLI flag.
-- **Cross-vendor HMAC-SHA256 verdict verification** with byte-compatible
-  canonical-JSON encoding to the `sunaiva-ship-confidence` Python skill
-  (sorted keys, `","`/`":"` separators, constant-time signature compare).
-- **Premium backend client** (`src/engine/backend-client.ts`) — optional HTTP +
-  JWT path to `https://gate.sunaiva.dev/api/v1/match` for evaluating the 68
-  premium rules server-side. Opt-in via `SUNAIVA_GATE_BACKEND_URL` +
-  `SUNAIVA_GATE_API_TOKEN`. Backend errors fail-OPEN per-rule (never blocks the
-  user on Sunaiva outage).
-- **Constitutional immutability guards** — load-time re-merge plus write-time
-  rejection. The 32 constitutional rules cannot be disabled via `update_rules`
-  and cannot be bypassed via `log_bypass`, even if `~/.sunaiva/gate-config.json`
-  is hand-edited.
-- **`--smoke-test` CLI flag** — pre-deployment self-check with three canned
-  evaluations (allow / block / block) and an explicit `Constitutional rules —
-  32` count line. Exit 0 = HEALTHY, 1 = DEGRADED, 5 = missing required files.
-- **Bundle invariant tests** — `tests/bundle.test.ts` asserts the package ships
-  with exactly 32 constitutional rules (patterns intact) and 68 premium stubs
-  (patterns replaced with `"[server-side]"`).
-- **Audit ledger fields** — every entry now records `tier`, `audit_status`,
-  `evidence`, and an `event_type` discriminator so paid-tier ship-confidence
-  events and free-tier local evaluations are queryable separately.
-- **Kill-switch** (`DISABLE_SUNAIVA_GATE=1`) — short-circuits every
-  `validate_action` to `allowed: true` with a structured response shape and
-  unconditional stderr disclosure.
-- **Dry-run mode** (`SUNAIVA_GATE_DRY_RUN=1`) — evaluates rules normally but
-  never blocks; response includes `dry_run: true` and `would_have_blocked: [...]`.
-- **Premium-skipped notice** — when premium rules are active but no backend
-  is configured, the first event per session prints
-  `[sunaiva-gate v1.1.0] N premium rules skipped (no backend configured).`
-  to stderr and records `skipped_premium: [rule_ids]` in the audit log.
-- `CHANGELOG.md` (this file) and `tests/version-consistency.test.ts`
-  preventing future version drift between `package.json`, `src/index.ts`,
-  and `src/tools/validate.ts`.
-
-### Changed
-- **`DEFAULT_CONFIG.active_rules`** expanded from 5 constitutional IDs to all
-  32 — the package now boots with the full constitutional set active by default.
-- **License model documented**: BUSL-1.1 wrapper, Change Date **2030-05-10**,
-  Change License **Apache-2.0**. The premium backend remains proprietary and is
-  not affected by the BUSL clock.
-- **Tier model published**: Free / Pro / Enterprise per
-  [`TIER_DEFINITIONS.md`](./TIER_DEFINITIONS.md). The per-call pricing claims
-  from the 1.0.x README (`$0.005/$0.02/$0.25 per call`) and the legacy
-  "Pro / Shield / Shield+TEE" tier names are **struck**.
-
-### Fixed
-- **C1** — `rules.json` now ships inside the npm tarball at `dist/rules/rules.json`
-  with all 32 constitutional patterns intact. Previous releases loaded from
-  `~/.sunaiva/rules.json` only, which the strip-patterns build step had emptied
-  to `"[server-side]"` placeholders on the install path.
-- **C2** — `update_rules({disable: ['fin-001']})` now returns a structured
-  `CONSTITUTIONAL_RULE_IMMUTABLE` error and persists nothing. Previously the
-  call was honoured silently.
-- **C3** — `log_bypass({rule_id: 'fin-001'})` now returns a structured
-  `CONSTITUTIONAL_RULE_CANNOT_BE_BYPASSED` error and writes nothing to the
-  bypass log. Previously the bypass was recorded.
-- **C4** — Premium rules now produce a one-time-per-session stderr notice
-  when skipped and increment `skipped_premium` in every audit entry, instead
-  of being silently dropped.
-- **C5** — Unhandled exceptions in the gate's own code now exit with code **3**
-  and write a `decision: 'error'` audit entry, instead of exiting 0 (fail-open).
-  Opt-in legacy behaviour available via `SUNAIVA_GATE_FAIL_OPEN_ON_ERROR=1`.
-- **C6** — Malformed input now exits with code **4** and writes a
-  `decision: 'invalid_input'` audit entry, instead of exiting 0 (fail-open).
-  Same opt-in escape hatch as C5.
-- **C7** — Ship Confidence Gate behaviour is no longer an unbacked README claim;
-  it is the `ship_confidence_check` MCP tool plus the `--ship-confidence` CLI
-  flag, with audit entries tagged `tier: "paid" | "free"`.
-
-### Tests
-- 30/30 backend-client + version-consistency tests pass.
-- 18/18 ship-confidence-gate Python parity tests pass (TypeScript port).
-- 19/19 ship-confidence-gate TypeScript port tests pass.
-- Bundle invariant assertions confirm 32 constitutional rules + 68 premium
-  stubs in the published tarball.
-
-### Migration from 1.0.x
-- **`1.0.0` and `1.0.1` were never production-ready** and are deprecated on npm
-  with the message:
-  `"PREVIEW BUILD - DO NOT USE. Use @sunaiva/gate@1.1.0 for the production-ready release."`
-- Drop-in upgrade: bump the dependency to `1.1.0`. No MCP config changes
-  required. The MCP server name (`sunaiva-gate`) and tool surface are backward
-  compatible — only new tools are added.
-- If you were depending on the 1.0.x fail-open exit code for malformed input,
-  set `SUNAIVA_GATE_FAIL_OPEN_ON_ERROR=1` to restore the legacy behaviour.
-
----
-
-## [1.0.1] — UNRELEASED
-
-Iteration build. Not published to npm. Superseded by 1.1.0.
-
-The signed Ship-Confidence verdict on this commit
-(`01KRDBCEYF2CAB21G6Y3E9VVH5`, RED) flagged 7 CRITICAL gaps between the
-README's promises and the actual implementation. All seven are closed in 1.1.0.
-Roadmap detail: [`ROADMAP_1_1_0.md`](./ROADMAP_1_1_0.md).
-
----
-
-## [1.0.0] — 2026-05-10 — DEPRECATED
-
-First publish-to-npm. Deprecated immediately on the npm registry per the
-runbook in [`PUBLISH_RUNBOOK.md`](./PUBLISH_RUNBOOK.md).
-
-### Deprecated
-- npm deprecation message:
-  `"PREVIEW BUILD - DO NOT USE. Missing tests, support paths, verification commands. Use @sunaiva/gate@1.1.0 for the production-ready release."`
-
-### What was missing
-- `dist/rules/rules.json` not bundled — constitutional rules loaded from
-  `~/.sunaiva/rules.json` only (C1).
-- Constitutional rules disable-able via `update_rules` (C2).
-- Constitutional rules bypass-able via `log_bypass` (C3).
-- Premium rules silently dropped with no audit count or user notice (C4).
-- Fail-open on unhandled exceptions (C5).
-- Fail-open on malformed input (C6).
-- Ship Confidence Gate behaviour absent from the npm surface (C7).
-
-See [`ROADMAP_1_1_0.md`](./ROADMAP_1_1_0.md) for the full finding-by-finding
-work plan that produced 1.1.0.
-
----
-
-*Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) ·
-Versioning: [Semantic Versioning](https://semver.org/spec/v2.0.0.html) ·
-License: [BUSL-1.1](./BUSINESS_LICENSE.md) (Change Date 2030-05-10, Change
-License Apache-2.0).*
+# Changelog
+
+All notable changes to `@sunaiva/gate` follow the [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) format and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+---
+
+## [Unreleased] — 2026-05-27 — "Build-pipeline P00 fix"
+
+### Fixed
+- **`scripts/strip-patterns.js` — critical build-pipeline bug (P00)**: the strip script was
+  replacing `detection_pattern` with `"[server-side]"` for ALL 100 rules including the 32
+  constitutional rules. Constitutional rules require their `detection_pattern` to be visible
+  in the published dist so the local rule-engine can evaluate them without a backend connection.
+  The fix: constitutional rules (`enforcement === "constitutional"`) now pass through unchanged;
+  only `backend_required === true` (premium) rules get their pattern replaced.
+  Any `npm run build` prior to this fix would have produced a `dist/rules/rules.json` where
+  all 32 constitutional rules had `detection_pattern: "[server-side]"`, causing them to be
+  silently skipped by the local engine (same failure class as `failure_054`).
+
+### Added
+- **`tests/strip-patterns.test.ts`** — 12 tests covering source + dist rules.json integrity:
+  correct constitutional/premium counts, no constitutional rule stripped, no overlap between
+  constitutional and premium sets, all required fields present. Regression guard for the P00 bug.
+
+### Changed
+- **`rules/rules.json` (source)** — all 68 non-constitutional rules now carry
+  `"backend_required": true` matching the dist/ baseline. This is the canonical source for
+  which rules are premium; `strip-patterns.js` uses it to decide what to strip.
+
+---
+
+## [1.1.1] — 2026-05-25 — "Constitutional Cleanup + Sunaiva Core rebrand"
+
+Metadata-only patch release. No functional behaviour changes — same gate, same
+100 rules (32 constitutional + 68 premium), same Ship-Confidence integration,
+same smoke-test verdict (HEALTHY). Closes Rule 43.1 (Sunaiva canonical ship
+pathway, hardwired 2026-05-16) by removing all references to the forbidden
+public GitHub source repo from the published package surface, AND completes
+the **Sunaiva Core brand rebrand** (locked 2026-05-23: primary domain
+`sunaivacore.io`, parent `sunaiva.ai`, support mailbox `support@sunaiva.ai`).
+
+### Changed
+- **Support / docs URLs scrubbed** of `github.com/Kinan27/sunaiva-gate` AND
+  rebranded to Sunaiva Core domain — package.json `repository` field removed;
+  `bugs.email` now `support@sunaiva.ai`; `homepage` updated to
+  `https://sunaivacore.io/products/gate`. The same scrub applied to
+  `dist/index.js` `--help` / `--smoke-test` output, the README support table,
+  the BUSINESS_LICENSE.md contacts, and the SUPPORT.md routing. Sunaiva
+  products list at the Anthropic Official Registry via DNS-TXT (namespace
+  `com.sunaivacore.gate`) — there is no public source repo by design
+  (Rule 43.1, post-`failure_051` 2026-05-14).
+- **Backend URL updated** — `DEFAULT_BACKEND_URL` in both `dist/types/backend.{js,d.ts}`
+  and `dist/version-pin/registry.js` changed from `mcp.sunaivacore.io/v1/gatehooks` to
+  `mcp.sunaivacore.io/v1/gatehooks` per the Sunaiva MCP Command lane endpoint
+  ownership decision (Kinan directive 2026-05-25).
+- **In-toto attestation URIs updated** — `BUILD_TYPE` and `BUILDER_ID` in
+  `dist/installer/attestation/intoto.js` re-rooted from `sunaivadigital.com`
+  to `sunaivacore.io`.
+- **`files` array tightened** to ship only the v1.1.0 production-verified
+  paths (`dist/index.{js,d.ts}`, `dist/config/**`, `dist/engine/**`,
+  `dist/tools/**`, `dist/types/**`, `dist/rules/**`). Half-baked v1.2.0 sprint
+  scaffolding present in the working-tree dist/ (events/, paranoia/,
+  installer/, bypass/, compliance/, cost/, diff/, explain/, rollback/,
+  timelock/, version-pin/) is **deliberately excluded** from the npm tarball
+  — those features will land properly in a future release once their
+  TypeScript source is reconstructed and their entrypoint wiring is verified
+  end-to-end. Shipping them half-wired would re-introduce the `failure_054`
+  pattern (343 unit tests green, production entrypoint = security theater).
+- **`PKG_VERSION` constant** bumped `1.1.0` → `1.1.1` in `dist/index.js`.
+
+### Fixed
+- Stale "PREVIEW BUILD - DO NOT USE" deprecation message on the public npm
+  registry will be cleared on publish of this release (deprecation message
+  was attached to `1.0.0` after the credential-leak incident and inherited
+  by `1.1.0` even though `1.1.0` was the Foundation Release that closed
+  the leak's CRITICAL findings). Both `1.0.0` and `1.1.0` remain deprecated
+  per their original messages; `1.1.1` is the first un-deprecated production
+  release.
+
+### Added
+- **`SUPPORT.md`** — formal email-based support model (no public issue tracker per
+  Rule 43.1) with target response times by category, bug-report template, security
+  disclosure protocol, self-service triage steps. Closes the v1.1.0 README's
+  reference to a `SUPPORT.md` that was never shipped.
+- **`TIER_DEFINITIONS.md`** — formal tier ladder (Free / Starter / Pro recommended /
+  Power / Enterprise) with feature differentiation matrix and upgrade/downgrade
+  flow. **Feature scope only — dollar figures live at
+  https://sunaivacore.io/pricing** (single source of truth across all Sunaiva
+  Core products, owned by the Sunaiva MCP Command lane). The npm package
+  intentionally does NOT embed dollar figures so it never ships stale pricing.
+  The MCP server itself remains free forever; paid tiers gate dashboard access
+  + premium rules + team features.
+
+### Unchanged (verified)
+- 100-rule library, 32 constitutional + 68 premium, byte-identical to v1.1.0
+- All 6 MCP tools (`validate_action`, `log_bypass`, `get_rules`,
+  `update_rules`, `get_audit_log`, `ship_confidence_check`)
+- Ship Confidence Gate (TypeScript port of Python hook v1.2.0)
+- Premium backend client + JWT path to `mcp.sunaivacore.io/v1/gatehooks`
+- Constitutional immutability guard (load + write time)
+- Audit ledger (`~/.sunaiva/audit/audit.jsonl`)
+- Kill-switch (`DISABLE_SUNAIVA_GATE=1`), dry-run (`SUNAIVA_GATE_DRY_RUN=1`)
+- BUSL-1.1 license, Change Date `2030-05-10`, Change License `Apache-2.0`
+
+### Smoke-test verdict
+`npx @sunaiva/gate --smoke-test` returns `Status: HEALTHY` with all 10 checks
+green, including live evaluations of `git push origin main` (HARD block via
+gov-001), `rm -rf /` (gov-002), `stripe.charges.create` (fin-001), and
+`ls -la` (ALLOW).
+
+---
+
+## [1.1.0] — 2026-05-12 — "Foundation Release"
+
+First publicly-supported release. Closes all 7 CRITICAL findings from the signed
+Ship-Confidence verdict on `1.0.1` (`01KRDBCEYF2CAB21G6Y3E9VVH5`, RED), restores
+the constitutional enforcement promise the README has always made, and ships the
+paid-tier Ship Confidence Gate integration as a real MCP tool rather than a
+README claim.
+
+### Added
+- **MCP server runtime with 6 tools**: `validate_action`, `log_bypass`,
+  `get_rules`, `update_rules`, `get_audit_log`, and (NEW) `ship_confidence_check`.
+- **Ship-confidence gate** — TypeScript port of the Genesis Python hook
+  `.claude/hooks/ship_confidence_gate.py` v1.2.0, exposed both as the
+  `ship_confidence_check` MCP tool and as the `--ship-confidence <artifact-id>`
+  CLI flag.
+- **Cross-vendor HMAC-SHA256 verdict verification** with byte-compatible
+  canonical-JSON encoding to the `sunaiva-ship-confidence` Python skill
+  (sorted keys, `","`/`":"` separators, constant-time signature compare).
+- **Premium backend client** (`src/engine/backend-client.ts`) — optional HTTP +
+  JWT path to `https://mcp.sunaivacore.io/v1/gatehooks` for evaluating the 68
+  premium rules server-side. Opt-in via `SUNAIVA_GATE_BACKEND_URL` +
+  `SUNAIVA_GATE_API_TOKEN`. Backend errors fail-OPEN per-rule (never blocks the
+  user on Sunaiva outage).
+- **Constitutional immutability guards** — load-time re-merge plus write-time
+  rejection. The 32 constitutional rules cannot be disabled via `update_rules`
+  and cannot be bypassed via `log_bypass`, even if `~/.sunaiva/gate-config.json`
+  is hand-edited.
+- **`--smoke-test` CLI flag** — pre-deployment self-check with three canned
+  evaluations (allow / block / block) and an explicit `Constitutional rules —
+  32` count line. Exit 0 = HEALTHY, 1 = DEGRADED, 5 = missing required files.
+- **Bundle invariant tests** — `tests/bundle.test.ts` asserts the package ships
+  with exactly 32 constitutional rules (patterns intact) and 68 premium stubs
+  (patterns replaced with `"[server-side]"`).
+- **Audit ledger fields** — every entry now records `tier`, `audit_status`,
+  `evidence`, and an `event_type` discriminator so paid-tier ship-confidence
+  events and free-tier local evaluations are queryable separately.
+- **Kill-switch** (`DISABLE_SUNAIVA_GATE=1`) — short-circuits every
+  `validate_action` to `allowed: true` with a structured response shape and
+  unconditional stderr disclosure.
+- **Dry-run mode** (`SUNAIVA_GATE_DRY_RUN=1`) — evaluates rules normally but
+  never blocks; response includes `dry_run: true` and `would_have_blocked: [...]`.
+- **Premium-skipped notice** — when premium rules are active but no backend
+  is configured, the first event per session prints
+  `[sunaiva-gate v1.1.0] N premium rules skipped (no backend configured).`
+  to stderr and records `skipped_premium: [rule_ids]` in the audit log.
+- `CHANGELOG.md` (this file) and `tests/version-consistency.test.ts`
+  preventing future version drift between `package.json`, `src/index.ts`,
+  and `src/tools/validate.ts`.
+
+### Changed
+- **`DEFAULT_CONFIG.active_rules`** expanded from 5 constitutional IDs to all
+  32 — the package now boots with the full constitutional set active by default.
+- **License model documented**: BUSL-1.1 wrapper, Change Date **2030-05-10**,
+  Change License **Apache-2.0**. The premium backend remains proprietary and is
+  not affected by the BUSL clock.
+- **Tier model published**: Free / Pro / Enterprise per
+  [`TIER_DEFINITIONS.md`](./TIER_DEFINITIONS.md). The per-call pricing claims
+  from the 1.0.x README (`$0.005/$0.02/$0.25 per call`) and the legacy
+  "Pro / Shield / Shield+TEE" tier names are **struck**.
+
+### Fixed
+- **C1** — `rules.json` now ships inside the npm tarball at `dist/rules/rules.json`
+  with all 32 constitutional patterns intact. Previous releases loaded from
+  `~/.sunaiva/rules.json` only, which the strip-patterns build step had emptied
+  to `"[server-side]"` placeholders on the install path.
+- **C2** — `update_rules({disable: ['fin-001']})` now returns a structured
+  `CONSTITUTIONAL_RULE_IMMUTABLE` error and persists nothing. Previously the
+  call was honoured silently.
+- **C3** — `log_bypass({rule_id: 'fin-001'})` now returns a structured
+  `CONSTITUTIONAL_RULE_CANNOT_BE_BYPASSED` error and writes nothing to the
+  bypass log. Previously the bypass was recorded.
+- **C4** — Premium rules now produce a one-time-per-session stderr notice
+  when skipped and increment `skipped_premium` in every audit entry, instead
+  of being silently dropped.
+- **C5** — Unhandled exceptions in the gate's own code now exit with code **3**
+  and write a `decision: 'error'` audit entry, instead of exiting 0 (fail-open).
+  Opt-in legacy behaviour available via `SUNAIVA_GATE_FAIL_OPEN_ON_ERROR=1`.
+- **C6** — Malformed input now exits with code **4** and writes a
+  `decision: 'invalid_input'` audit entry, instead of exiting 0 (fail-open).
+  Same opt-in escape hatch as C5.
+- **C7** — Ship Confidence Gate behaviour is no longer an unbacked README claim;
+  it is the `ship_confidence_check` MCP tool plus the `--ship-confidence` CLI
+  flag, with audit entries tagged `tier: "paid" | "free"`.
+
+### Tests
+- 30/30 backend-client + version-consistency tests pass.
+- 18/18 ship-confidence-gate Python parity tests pass (TypeScript port).
+- 19/19 ship-confidence-gate TypeScript port tests pass.
+- Bundle invariant assertions confirm 32 constitutional rules + 68 premium
+  stubs in the published tarball.
+
+### Migration from 1.0.x
+- **`1.0.0` and `1.0.1` were never production-ready** and are deprecated on npm
+  with the message:
+  `"PREVIEW BUILD - DO NOT USE. Use @sunaiva/gate@1.1.0 for the production-ready release."`
+- Drop-in upgrade: bump the dependency to `1.1.0`. No MCP config changes
+  required. The MCP server name (`sunaiva-gate`) and tool surface are backward
+  compatible — only new tools are added.
+- If you were depending on the 1.0.x fail-open exit code for malformed input,
+  set `SUNAIVA_GATE_FAIL_OPEN_ON_ERROR=1` to restore the legacy behaviour.
+
+---
+
+## [1.0.1] — UNRELEASED
+
+Iteration build. Not published to npm. Superseded by 1.1.0.
+
+The signed Ship-Confidence verdict on this commit
+(`01KRDBCEYF2CAB21G6Y3E9VVH5`, RED) flagged 7 CRITICAL gaps between the
+README's promises and the actual implementation. All seven are closed in 1.1.0.
+Roadmap detail: [`ROADMAP_1_1_0.md`](./ROADMAP_1_1_0.md).
+
+---
+
+## [1.0.0] — 2026-05-10 — DEPRECATED
+
+First publish-to-npm. Deprecated immediately on the npm registry per the
+runbook in [`PUBLISH_RUNBOOK.md`](./PUBLISH_RUNBOOK.md).
+
+### Deprecated
+- npm deprecation message:
+  `"PREVIEW BUILD - DO NOT USE. Missing tests, support paths, verification commands. Use @sunaiva/gate@1.1.0 for the production-ready release."`
+
+### What was missing
+- `dist/rules/rules.json` not bundled — constitutional rules loaded from
+  `~/.sunaiva/rules.json` only (C1).
+- Constitutional rules disable-able via `update_rules` (C2).
+- Constitutional rules bypass-able via `log_bypass` (C3).
+- Premium rules silently dropped with no audit count or user notice (C4).
+- Fail-open on unhandled exceptions (C5).
+- Fail-open on malformed input (C6).
+- Ship Confidence Gate behaviour absent from the npm surface (C7).
+
+See [`ROADMAP_1_1_0.md`](./ROADMAP_1_1_0.md) for the full finding-by-finding
+work plan that produced 1.1.0.
+
+---
+
+*Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) ·
+Versioning: [Semantic Versioning](https://semver.org/spec/v2.0.0.html) ·
+License: [BUSL-1.1](./BUSINESS_LICENSE.md) (Change Date 2030-05-10, Change
+License Apache-2.0).*