agentskeptic 0.2.1 → 1.0.3

package/dist/crossing/runCrossingSubcommand.js

@@ -11,8 +11,8 @@ import { runBatchVerifyWithTelemetrySubcommand } from "../verify/batchVerifyTele
 import { CROSSING_DECISION_READY_FOOTER } from "./crossingDecisionReadyFooter.js";
 function usageCrossing() {
     return `Usage:
-  agentskeptic crossing --bootstrap-input <path> --pack-out <path> (--db <sqlitePath> | --postgres-url <url>) [--no-truth-report]
-  agentskeptic crossing --workflow-id <id> --events <path> --registry <path> (--db <sqlitePath> | --postgres-url <url>) [--no-truth-report]
+  agentskeptic crossing --bootstrap-input <path> --pack-out <path> (--db <sqlitePath> | --postgres-url <url>) [--no-human-report]
+  agentskeptic crossing --workflow-id <id> --events <path> --registry <path> (--db <sqlitePath> | --postgres-url <url>) [--no-human-report]
 
 Normative: docs/crossing-normative.md
 
@@ -33,14 +33,14 @@ const BOOTSTRAP_LED_FLAGS = new Set([
     "--pack-out",
     "--db",
     "--postgres-url",
-    "--no-truth-report",
+    "--no-human-report",
     "--help",
     "-h",
 ]);
 function assertBootstrapLedCrossingArgsOnly(args) {
     for (let i = 0; i < args.length; i++) {
         const a = args[i];
-        if (a === "-h" || a === "--help" || a === "--no-truth-report")
+        if (a === "-h" || a === "--help" || a === "--no-human-report")
             continue;
         if (!a.startsWith("--")) {
             writeCrossingUsageAndExit(`Unexpected argument: ${a}`);
@@ -66,7 +66,7 @@ function buildVerifyIntegratorOwnedReplayLine(opts) {
     const dbPart = opts.postgresUrl !== undefined ?
         `--postgres-url ${JSON.stringify(opts.postgresUrl)}`
         : `--db ${JSON.stringify(opts.dbPath)}`;
-    const ntr = opts.noTruthReport ? " --no-truth-report" : "";
+    const ntr = opts.noHumanReport ? " --no-human-report" : "";
     return `agentskeptic verify-integrator-owned --workflow-id ${JSON.stringify(opts.workflowId)} --events ${JSON.stringify(ev)} --registry ${JSON.stringify(reg)} ${dbPart}${ntr}`;
 }
 export async function runCrossingSubcommand(args) {
@@ -75,7 +75,7 @@ export async function runCrossingSubcommand(args) {
         process.exit(0);
     }
     assertNoLockFlags(args);
-    const noTruthReport = args.includes("--no-truth-report");
+    const noHumanReport = args.includes("--no-human-report");
     const bootstrapLed = isBootstrapLedMode(args);
     if (bootstrapLed) {
         assertBootstrapLedCrossingArgsOnly(args);
@@ -132,7 +132,7 @@ export async function runCrossingSubcommand(args) {
             "--registry",
             outcome.registryPath,
             ...(db ? ["--db", path.resolve(db)] : ["--postgres-url", pu]),
-            ...(noTruthReport ? ["--no-truth-report"] : []),
+            ...(noHumanReport ? ["--no-human-report"] : []),
         ];
         await runBatchVerifyWithTelemetrySubcommand(batchArgs, {
             telemetrySubcommand: "verify_integrator_owned",
@@ -146,7 +146,7 @@ export async function runCrossingSubcommand(args) {
                         registryPath: outcome.registryPath,
                         dbPath: db ? path.resolve(db) : undefined,
                         postgresUrl: pu ?? undefined,
-                        noTruthReport,
+                        noHumanReport,
                     })}\n`);
                 }
                 process.stderr.write(CROSSING_DECISION_READY_FOOTER);

package/dist/decisionBlocker.contract.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=decisionBlocker.contract.test.d.ts.map

package/dist/decisionBlocker.contract.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionBlocker.contract.test.d.ts","sourceRoot":"","sources":["../src/decisionBlocker.contract.test.ts"],"names":[],"mappings":""}

package/dist/decisionBlocker.contract.test.js

@@ -0,0 +1,51 @@
+import { readFileSync, mkdtempSync, rmSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { tmpdir } from "node:os";
+import { fileURLToPath } from "node:url";
+import { DatabaseSync } from "node:sqlite";
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import { buildOutcomeCertificateFromWorkflowResult } from "./outcomeCertificate.js";
+import { formatDecisionBlockerForHumans } from "./decisionBlocker.js";
+import { verifyWorkflow } from "./pipeline.js";
+const root = join(dirname(fileURLToPath(import.meta.url)), "..");
+describe("formatDecisionBlockerForHumans contract", () => {
+    /** Seeded SQLite under tmp — `examples/demo.db` is gitignored and absent on clean CI. */
+    let workDir;
+    let dbPath;
+    beforeAll(() => {
+        workDir = mkdtempSync(join(tmpdir(), "agentskeptic-decision-blocker-"));
+        dbPath = join(workDir, "demo.db");
+        const sql = readFileSync(join(root, "examples", "seed.sql"), "utf8");
+        const db = new DatabaseSync(dbPath);
+        db.exec(sql);
+        db.close();
+    });
+    afterAll(() => {
+        rmSync(workDir, { recursive: true, force: true });
+    });
+    it("emits exactly six lines with required tokens for wf_missing certificate", async () => {
+        const eventsPath = join(root, "examples", "events.ndjson");
+        const registryPath = join(root, "examples", "tools.json");
+        const result = await verifyWorkflow({
+            workflowId: "wf_missing",
+            eventsPath,
+            registryPath,
+            database: { kind: "sqlite", path: dbPath },
+            logStep: () => { },
+            truthReport: () => { },
+        });
+        const certificate = buildOutcomeCertificateFromWorkflowResult(result, "contract_sql");
+        const { lines, trustDecision } = formatDecisionBlockerForHumans(certificate);
+        expect(trustDecision).toBe("unsafe");
+        expect(lines).toHaveLength(6);
+        expect(lines[0]).toMatch(/^Trust: unsafe$/);
+        expect(lines[1]).toMatch(/^Workflow: wf_missing$/);
+        expect(lines[2]).toMatch(/^First problem step: seq=/);
+        expect(lines[2]).toContain("tool=crm.upsert_contact");
+        expect(lines[2]).toContain("status=missing");
+        expect(lines[3]).toContain("ROW_ABSENT");
+        expect(lines[4]).toMatch(/^Expected: /);
+        expect(lines[5]).toMatch(/^Observed: /);
+    });
+});
+//# sourceMappingURL=decisionBlocker.contract.test.js.map

package/dist/decisionBlocker.contract.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionBlocker.contract.test.js","sourceRoot":"","sources":["../src/decisionBlocker.contract.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,EAAE,yCAAyC,EAAE,MAAM,yBAAyB,CAAC;AACpF,OAAO,EAAE,8BAA8B,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;AAEjE,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACvD,yFAAyF;IACzF,IAAI,OAAe,CAAC;IACpB,IAAI,MAAc,CAAC;IAEnB,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,gCAAgC,CAAC,CAAC,CAAC;QACxE,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QACpC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACb,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;YAClC,UAAU,EAAE,YAAY;YACxB,UAAU;YACV,YAAY;YACZ,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE;YAC1C,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;YACjB,WAAW,EAAE,GAAG,EAAE,GAAE,CAAC;SACtB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,yCAAyC,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QACtF,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,8BAA8B,CAAC,WAAW,CAAC,CAAC;QAC7E,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QACnD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QACtD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACtD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/decisionBlocker.d.ts

@@ -0,0 +1,10 @@
+import type { OutcomeCertificateV1 } from "./outcomeCertificate.js";
+import { type TrustDecision } from "./trustDecision.js";
+/**
+ * Fixed six-line human blocker for operators (Requirement 4 contract).
+ */
+export declare function formatDecisionBlockerForHumans(certificate: OutcomeCertificateV1): {
+    trustDecision: TrustDecision;
+    lines: string[];
+};
+//# sourceMappingURL=decisionBlocker.d.ts.map

package/dist/decisionBlocker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionBlocker.d.ts","sourceRoot":"","sources":["../src/decisionBlocker.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAgC,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAgCtF;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,WAAW,EAAE,oBAAoB,GAAG;IACjF,aAAa,EAAE,aAAa,CAAC;IAC7B,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB,CAoCA"}

package/dist/decisionBlocker.js

@@ -0,0 +1,66 @@
+import { trustDecisionFromCertificate } from "./trustDecision.js";
+function truncateOneLine(s, max) {
+    const flat = s.replace(/\s+/g, " ").trim();
+    return flat.length <= max ? flat : `${flat.slice(0, max - 1)}…`;
+}
+function sortedUniqueCodes(codes, cap) {
+    return [...new Set(codes)].sort((a, b) => a.localeCompare(b)).slice(0, cap);
+}
+function inferStepStatus(step) {
+    const o = step.observedOutcome.toLowerCase();
+    if (o.includes("missing") || o.includes("row is missing"))
+        return "missing";
+    // Batch contract `formatBatchObservedStateSummary`: ROW_ABSENT is often summarized as `rowCount=0` only.
+    if (/\browcount=0\b/.test(o) && !o.includes("field="))
+        return "missing";
+    if (o.includes("mismatch") || o.includes("wrong"))
+        return "inconsistent";
+    if (o.includes("matched") || o.includes("verified"))
+        return "verified";
+    return "non_verified";
+}
+function pickPrimaryStep(certificate) {
+    const steps = [...certificate.steps].sort((a, b) => a.seq - b.seq);
+    if (steps.length === 0)
+        return null;
+    const td = trustDecisionFromCertificate(certificate);
+    if (td === "safe")
+        return steps[0] ?? null;
+    for (const s of steps) {
+        if (inferStepStatus(s) !== "verified")
+            return s;
+    }
+    return steps[0] ?? null;
+}
+/**
+ * Fixed six-line human blocker for operators (Requirement 4 contract).
+ */
+export function formatDecisionBlockerForHumans(certificate) {
+    const trustDecision = trustDecisionFromCertificate(certificate);
+    const codes = sortedUniqueCodes(certificate.explanation.details.map((d) => d.code), 5);
+    const primary = pickPrimaryStep(certificate);
+    const line3 = trustDecision === "safe"
+        ? "First problem step: n/a"
+        : primary !== null
+            ? `First problem step: seq=${primary.seq} tool=${primary.toolId ?? "unknown"} status=${inferStepStatus(primary)}`
+            : "First problem step: n/a";
+    const line5 = primary !== null
+        ? `Expected: ${truncateOneLine(primary.expectedOutcome, 200)}`
+        : "Expected: (no step data)";
+    const line6 = primary !== null
+        ? `Observed: ${truncateOneLine(primary.observedOutcome, 200)}`
+        : "Observed: (no step data)";
+    const lines = [
+        `Trust: ${trustDecision}`,
+        `Workflow: ${certificate.workflowId}`,
+        line3,
+        `Reason codes: ${codes.length > 0 ? codes.join(", ") : "(none)"}`,
+        line5,
+        line6,
+    ];
+    if (lines.length !== 6) {
+        throw new Error("formatDecisionBlockerForHumans: invariant violated (must be exactly 6 lines)");
+    }
+    return { trustDecision, lines };
+}
+//# sourceMappingURL=decisionBlocker.js.map

package/dist/decisionBlocker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionBlocker.js","sourceRoot":"","sources":["../src/decisionBlocker.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,4BAA4B,EAAsB,MAAM,oBAAoB,CAAC;AAEtF,SAAS,eAAe,CAAC,CAAS,EAAE,GAAW;IAC7C,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3C,OAAO,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;AAClE,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAe,EAAE,GAAW;IACrD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,eAAe,CAAC,IAAsC;IAC7D,MAAM,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC;IAC7C,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5E,yGAAyG;IACzG,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,SAAS,CAAC;IACxE,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,cAAc,CAAC;IACzE,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC;IACvE,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,WAAiC;IACxD,MAAM,KAAK,GAAG,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IACnE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,EAAE,GAAG,4BAA4B,CAAC,WAAW,CAAC,CAAC;IACrD,IAAI,EAAE,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,eAAe,CAAC,CAAC,CAAC,KAAK,UAAU;YAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,WAAiC;IAI9E,MAAM,aAAa,GAAG,4BAA4B,CAAC,WAAW,CAAC,CAAC;IAChE,MAAM,KAAK,GAAG,iBAAiB,CAC7B,WAAW,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAClD,CAAC,CACF,CAAC;IACF,MAAM,OAAO,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IAE7C,MAAM,KAAK,GACT,aAAa,KAAK,MAAM;QACtB,CAAC,CAAC,yBAAyB;QAC3B,CAAC,CAAC,OAAO,KAAK,IAAI;YAChB,CAAC,CAAC,2BAA2B,OAAO,CAAC,GAAG,SAAS,OAAO,CAAC,MAAM,IAAI,SAAS,WAAW,eAAe,CAAC,OAAO,CAAC,EAAE;YACjH,CAAC,CAAC,yBAAyB,CAAC;IAElC,MAAM,KAAK,GACT,OAAO,KAAK,IAAI;QACd,CAAC,CAAC,aAAa,eAAe,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,EAAE;QAC9D,CAAC,CAAC,0BAA0B,CAAC;IACjC,MAAM,KAAK,GACT,OAAO,KAAK,IAAI;QACd,CAAC,CAAC,aAAa,eAAe,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,EAAE;QAC9D,CAAC,CAAC,0BAA0B,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,UAAU,aAAa,EAAE;QACzB,aAAa,WAAW,CAAC,UAAU,EAAE;QACrC,KAAK;QACL,iBAAiB,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;QACjE,KAAK;QACL,KAAK;KACN,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAC;IAClG,CAAC;IACD,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;AAClC,CAAC"}

package/dist/decisionGate.assertSafe.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=decisionGate.assertSafe.test.d.ts.map

package/dist/decisionGate.assertSafe.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionGate.assertSafe.test.d.ts","sourceRoot":"","sources":["../src/decisionGate.assertSafe.test.ts"],"names":[],"mappings":""}

package/dist/decisionGate.assertSafe.test.js

@@ -0,0 +1,52 @@
+import { readFileSync, mkdtempSync, rmSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { tmpdir } from "node:os";
+import { fileURLToPath } from "node:url";
+import { DatabaseSync } from "node:sqlite";
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import { createDecisionGate } from "./decisionGate.js";
+import { DecisionUnsafeError } from "./decisionUnsafeError.js";
+const root = join(dirname(fileURLToPath(import.meta.url)), "..");
+describe("DecisionGate.assertSafeForIrreversibleAction", () => {
+    /** Seeded SQLite under tmp — `examples/demo.db` is gitignored and absent on clean CI. */
+    let workDir;
+    let dbPath;
+    beforeAll(() => {
+        workDir = mkdtempSync(join(tmpdir(), "agentskeptic-assert-safe-"));
+        dbPath = join(workDir, "demo.db");
+        const sql = readFileSync(join(root, "examples", "seed.sql"), "utf8");
+        const db = new DatabaseSync(dbPath);
+        db.exec(sql);
+        db.close();
+    });
+    afterAll(() => {
+        rmSync(workDir, { recursive: true, force: true });
+    });
+    it("throws DecisionUnsafeError when DB does not match (wf_missing)", async () => {
+        const eventsPath = join(root, "examples", "events.ndjson");
+        const registryPath = join(root, "examples", "tools.json");
+        const lines = readFileSync(eventsPath, "utf8").split(/\r?\n/).filter((l) => l.trim().length > 0);
+        const gate = createDecisionGate({
+            workflowId: "wf_missing",
+            registryPath,
+            databaseUrl: dbPath,
+            projectRoot: root,
+            logStep: () => { },
+            truthReport: () => { },
+        });
+        for (const line of lines) {
+            const ev = JSON.parse(line);
+            if (ev.workflowId === "wf_missing") {
+                gate.appendRunEvent(ev);
+            }
+        }
+        await expect(gate.assertSafeForIrreversibleAction()).rejects.toSatisfy((e) => {
+            if (!(e instanceof DecisionUnsafeError))
+                return false;
+            if (e.trustDecision !== "unsafe")
+                return false;
+            return e.message.split("\n").length === 6;
+        });
+    });
+});
+//# sourceMappingURL=decisionGate.assertSafe.test.js.map

package/dist/decisionGate.assertSafe.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionGate.assertSafe.test.js","sourceRoot":"","sources":["../src/decisionGate.assertSafe.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;AAEjE,QAAQ,CAAC,8CAA8C,EAAE,GAAG,EAAE;IAC5D,yFAAyF;IACzF,IAAI,OAAe,CAAC;IACpB,IAAI,MAAc,CAAC;IAEnB,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,2BAA2B,CAAC,CAAC,CAAC;QACnE,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QACpC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACb,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjG,MAAM,IAAI,GAAG,kBAAkB,CAAC;YAC9B,UAAU,EAAE,YAAY;YACxB,YAAY;YACZ,WAAW,EAAE,MAAM;YACnB,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;YACjB,WAAW,EAAE,GAAG,EAAE,GAAE,CAAC;SACtB,CAAC,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;YACvD,IAAI,EAAE,CAAC,UAAU,KAAK,YAAY,EAAE,CAAC;gBACnC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QACD,MAAM,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAU,EAAE,EAAE;YACpF,IAAI,CAAC,CAAC,CAAC,YAAY,mBAAmB,CAAC;gBAAE,OAAO,KAAK,CAAC;YACtD,IAAI,CAAC,CAAC,aAAa,KAAK,QAAQ;gBAAE,OAAO,KAAK,CAAC;YAC/C,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/decisionGate.d.ts

@@ -0,0 +1,23 @@
+import { type OutcomeCertificateV1 } from "./outcomeCertificate.js";
+import type { VerificationPolicy, WorkflowResult } from "./types.js";
+export type CreateDecisionGateOptions = {
+    workflowId: string;
+    registryPath: string;
+    databaseUrl: string;
+    projectRoot?: string;
+    verificationPolicy?: VerificationPolicy;
+    logStep?: (line: object) => void;
+    truthReport?: (report: string) => void;
+};
+export type DecisionGate = {
+    appendRunEvent(value: unknown): void;
+    toNdjsonUtf8(): Buffer;
+    evaluate(): Promise<WorkflowResult>;
+    evaluateCertificate(): Promise<OutcomeCertificateV1>;
+    assertSafeForIrreversibleAction(): Promise<void>;
+};
+/**
+ * Runtime integration: buffer structured run events, evaluate against the registry + DB, assert before irreversible work.
+ */
+export declare function createDecisionGate(options: CreateDecisionGateOptions): DecisionGate;
+//# sourceMappingURL=decisionGate.d.ts.map

package/dist/decisionGate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionGate.d.ts","sourceRoot":"","sources":["../src/decisionGate.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,KAAK,oBAAoB,EAC1B,MAAM,yBAAyB,CAAC;AAKjC,OAAO,KAAK,EAA0C,kBAAkB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAe7G,MAAM,MAAM,yBAAyB,GAAG;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACjC,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,cAAc,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IACrC,YAAY,IAAI,MAAM,CAAC;IACvB,QAAQ,IAAI,OAAO,CAAC,cAAc,CAAC,CAAC;IACpC,mBAAmB,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACrD,+BAA+B,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAClD,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,yBAAyB,GAAG,YAAY,CA+EnF"}

package/dist/decisionGate.js

@@ -0,0 +1,88 @@
+import path from "node:path";
+import { CLI_OPERATIONAL_CODES, runLevelIssue } from "./failureCatalog.js";
+import { buildOutcomeCertificateFromWorkflowResult, } from "./outcomeCertificate.js";
+import { verifyRunStateFromBufferedRunEvents } from "./verifyRunStateFromBufferedRunEvents.js";
+import { loadSchemaValidator } from "./schemaLoad.js";
+import { resolveVerificationPolicyInput } from "./verificationPolicy.js";
+import { TruthLayerError } from "./truthLayerError.js";
+import { trustDecisionFromCertificate } from "./trustDecision.js";
+import { formatDecisionBlockerForHumans } from "./decisionBlocker.js";
+import { DecisionUnsafeError } from "./decisionUnsafeError.js";
+const validateEvent = loadSchemaValidator("event");
+const POSTGRES_URL_RE = /^postgres(ql)?:\/\//i;
+function verificationDatabaseFromUrl(databaseUrl, projectRoot) {
+    if (POSTGRES_URL_RE.test(databaseUrl)) {
+        return { kind: "postgres", connectionString: databaseUrl };
+    }
+    return { kind: "sqlite", path: path.resolve(projectRoot, databaseUrl) };
+}
+/**
+ * Runtime integration: buffer structured run events, evaluate against the registry + DB, assert before irreversible work.
+ */
+export function createDecisionGate(options) {
+    const projectRoot = path.resolve(options.projectRoot ?? process.cwd());
+    const registryPath = path.resolve(projectRoot, options.registryPath);
+    const verificationPolicy = resolveVerificationPolicyInput(options.verificationPolicy);
+    const database = verificationDatabaseFromUrl(options.databaseUrl, projectRoot);
+    const logStep = options.logStep ?? (() => { });
+    const truthReport = options.truthReport ?? (() => { });
+    const bufferedRunEvents = [];
+    const runLevelReasons = [];
+    const api = {};
+    api.appendRunEvent = (value) => {
+        if (typeof value !== "object" || value === null) {
+            runLevelReasons.push(runLevelIssue("MALFORMED_EVENT_LINE"));
+            return;
+        }
+        if (!validateEvent(value)) {
+            runLevelReasons.push(runLevelIssue("MALFORMED_EVENT_LINE"));
+            return;
+        }
+        const ev = value;
+        if (ev.workflowId !== options.workflowId) {
+            return;
+        }
+        bufferedRunEvents.push(ev);
+    };
+    api.toNdjsonUtf8 = () => {
+        const parts = [];
+        for (const ev of bufferedRunEvents) {
+            parts.push(`${JSON.stringify(ev)}\n`);
+        }
+        return Buffer.from(parts.join(""), "utf8");
+    };
+    api.evaluate = async () => {
+        if (!bufferedRunEvents.length && !runLevelReasons.length) {
+            throw new TruthLayerError(CLI_OPERATIONAL_CODES.CLI_USAGE, "DecisionGate.evaluate requires at least one buffered run event for the workflow.");
+        }
+        return verifyRunStateFromBufferedRunEvents({
+            workflowId: options.workflowId,
+            registryPath,
+            database,
+            projectRoot,
+            bufferedRunEvents,
+            runLevelReasons,
+            verificationPolicy,
+            logStep,
+            truthReport,
+        });
+    };
+    api.evaluateCertificate = async () => {
+        const result = await api.evaluate();
+        const certificate = buildOutcomeCertificateFromWorkflowResult(result, "contract_sql");
+        const validateCert = loadSchemaValidator("outcome-certificate-v1");
+        if (!validateCert(certificate)) {
+            throw new TruthLayerError(CLI_OPERATIONAL_CODES.WORKFLOW_RESULT_SCHEMA_INVALID, JSON.stringify(validateCert.errors ?? []));
+        }
+        return certificate;
+    };
+    api.assertSafeForIrreversibleAction = async () => {
+        const certificate = await api.evaluateCertificate();
+        if (trustDecisionFromCertificate(certificate) !== "safe") {
+            const { lines } = formatDecisionBlockerForHumans(certificate);
+            throw new DecisionUnsafeError(certificate, lines);
+        }
+    };
+    return api;
+}
+//# sourceMappingURL=decisionGate.js.map

package/dist/decisionGate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionGate.js","sourceRoot":"","sources":["../src/decisionGate.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,EACL,yCAAyC,GAE1C,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,mCAAmC,EAAE,MAAM,0CAA0C,CAAC;AAC/F,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,8BAA8B,EAAE,MAAM,yBAAyB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,OAAO,EAAE,4BAA4B,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,8BAA8B,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,MAAM,aAAa,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;AACnD,MAAM,eAAe,GAAG,sBAAsB,CAAC;AAE/C,SAAS,2BAA2B,CAAC,WAAmB,EAAE,WAAmB;IAC3E,IAAI,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QACtC,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,gBAAgB,EAAE,WAAW,EAAE,CAAC;IAC7D,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;AAC1E,CAAC;AAoBD;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAkC;IACnE,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACvE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IACrE,MAAM,kBAAkB,GAAG,8BAA8B,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACtF,MAAM,QAAQ,GAAG,2BAA2B,CAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAC/E,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAEtD,MAAM,iBAAiB,GAAe,EAAE,CAAC;IACzC,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,MAAM,GAAG,GAAG,EAAkB,CAAC;IAE/B,GAAG,CAAC,cAAc,GAAG,CAAC,KAAc,EAAQ,EAAE;QAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAChD,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QACD,MAAM,EAAE,GAAG,KAAiB,CAAC;QAC7B,IAAI,EAAE,CAAC,UAAU,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC;YACzC,OAAO;QACT,CAAC;QACD,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC,CAAC;IAEF,GAAG,CAAC,YAAY,GAAG,GAAW,EAAE;QAC9B,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC,CAAC;IAEF,GAAG,CAAC,QAAQ,GAAG,KAAK,IAA6B,EAAE;QACjD,IAAI,CAAC,iBAAiB,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;YACzD,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,SAAS,EAC/B,kFAAkF,CACnF,CAAC;QACJ,CAAC;QACD,OAAO,mCAAmC,CAAC;YACzC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY;YACZ,QAAQ;YACR,WAAW;YACX,iBAAiB;YACjB,eAAe;YACf,kBAAkB;YAClB,OAAO;YACP,WAAW;SACZ,CAAC,CAAC;IACL,CAAC,CAAC;IAEF,GAAG,CAAC,mBAAmB,GAAG,KAAK,IAAmC,EAAE;QAClE,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,QAAQ,EAAE,CAAC;QACpC,MAAM,WAAW,GAAG,yCAAyC,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QACtF,MAAM,YAAY,GAAG,mBAAmB,CAAC,wBAAwB,CAAC,CAAC;QACnE,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,8BAA8B,EACpD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM,IAAI,EAAE,CAAC,CAC1C,CAAC;QACJ,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC,CAAC;IAEF,GAAG,CAAC,+BAA+B,GAAG,KAAK,IAAmB,EAAE;QAC9D,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,mBAAmB,EAAE,CAAC;QACpD,IAAI,4BAA4B,CAAC,WAAW,CAAC,KAAK,MAAM,EAAE,CAAC;YACzD,MAAM,EAAE,KAAK,EAAE,GAAG,8BAA8B,CAAC,WAAW,CAAC,CAAC;YAC9D,MAAM,IAAI,mBAAmB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/decisionGate.persistBundle.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=decisionGate.persistBundle.test.d.ts.map

package/dist/decisionGate.persistBundle.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionGate.persistBundle.test.d.ts","sourceRoot":"","sources":["../src/decisionGate.persistBundle.test.ts"],"names":[],"mappings":""}

package/dist/{withWorkflowVerification.persistBundle.test.js → decisionGate.persistBundle.test.js}

@@ -7,14 +7,15 @@ import { DatabaseSync } from "node:sqlite";
 import { describe, expect, it, beforeAll, afterAll } from "vitest";
 import { normalizeSpkiPemForSidecar } from "./workflowResultSignature.js";
 import { loadCorpusRun, resolveCorpusRootReal } from "./debugCorpus.js";
-import { withWorkflowVerification } from "./pipeline.js";
+import { createDecisionGate } from "./decisionGate.js";
+import { writeRunBundleFromDecisionGate } from "./agentRunBundle.js";
 import { verifyRunBundleSignature } from "./verifyRunBundleSignature.js";
 const root = join(fileURLToPath(import.meta.url), "..", "..");
-describe("withWorkflowVerification persistBundle", () => {
+describe("DecisionGate run bundle write", () => {
     let workDir;
     let dbPath;
     beforeAll(() => {
-        workDir = mkdtempSync(join(tmpdir(), "etl-wfv-persist-"));
+        workDir = mkdtempSync(join(tmpdir(), "etl-dg-persist-"));
         dbPath = join(workDir, "demo.db");
         const sql = readFileSync(join(root, "examples", "seed.sql"), "utf8");
         const db = new DatabaseSync(dbPath);
@@ -34,19 +35,24 @@ describe("withWorkflowVerification persistBundle", () => {
         const runId = "hook_run";
         const outDir = join(bundleParent, runId);
         try {
-            const result = await withWorkflowVerification({
+            const gate = createDecisionGate({
                 workflowId: wfId,
                 registryPath,
-                dbPath,
+                databaseUrl: dbPath,
+                projectRoot: root,
                 truthReport: () => { },
-                persistBundle: { outDir },
-            }, (observeStep) => {
-                for (const ev of events) {
-                    observeStep(ev);
-                }
             });
+            for (const ev of events) {
+                gate.appendRunEvent(ev);
+            }
+            const result = await gate.evaluate();
             expect(result.steps.length).toBe(1);
             expect(result.steps[0].status).toBe("verified");
+            writeRunBundleFromDecisionGate({
+                outDir,
+                eventsNdjson: gate.toNdjsonUtf8(),
+                workflowResult: result,
+            });
             const loaded = loadCorpusRun(resolveCorpusRootReal(bundleParent), runId);
             expect(loaded.loadStatus).toBe("ok");
             const written = readFileSync(join(outDir, "events.ndjson"), "utf8").trim().split(/\r?\n/);
@@ -57,7 +63,7 @@ describe("withWorkflowVerification persistBundle", () => {
             rmSync(bundleParent, { recursive: true, force: true });
         }
     });
-    it("persistBundle with ed25519PrivateKeyPemPath writes v2 bundle verifiable by verifyRunBundleSignature", async () => {
+    it("ed25519PrivateKeyPemPath writes v2 bundle verifiable by verifyRunBundleSignature", async () => {
         const eventsPath = join(root, "examples", "events.ndjson");
         const registryPath = join(root, "examples", "tools.json");
         const wfId = "wf_complete";
@@ -74,16 +80,22 @@ describe("withWorkflowVerification persistBundle", () => {
         writeFileSync(keyPath, privatePem, "utf8");
         writeFileSync(pubPath, normalizeSpkiPemForSidecar(publicPem), "utf8");
         try {
-            await withWorkflowVerification({
+            const gate = createDecisionGate({
                 workflowId: wfId,
                 registryPath,
-                dbPath,
+                databaseUrl: dbPath,
+                projectRoot: root,
                 truthReport: () => { },
-                persistBundle: { outDir, ed25519PrivateKeyPemPath: keyPath },
-            }, (observeStep) => {
-                for (const ev of events) {
-                    observeStep(ev);
-                }
+            });
+            for (const ev of events) {
+                gate.appendRunEvent(ev);
+            }
+            const result = await gate.evaluate();
+            writeRunBundleFromDecisionGate({
+                outDir,
+                eventsNdjson: gate.toNdjsonUtf8(),
+                workflowResult: result,
+                ed25519PrivateKeyPemPath: keyPath,
             });
             const loaded = loadCorpusRun(resolveCorpusRootReal(bundleParent), runId);
             expect(loaded.loadStatus).toBe("ok");
@@ -101,4 +113,4 @@ describe("withWorkflowVerification persistBundle", () => {
         }
     });
 });
-//# sourceMappingURL=withWorkflowVerification.persistBundle.test.js.map
+//# sourceMappingURL=decisionGate.persistBundle.test.js.map

package/dist/decisionGate.persistBundle.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionGate.persistBundle.test.js","sourceRoot":"","sources":["../src/decisionGate.persistBundle.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,8BAA8B,EAAE,MAAM,qBAAqB,CAAC;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAEzE,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAE9D,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,IAAI,OAAe,CAAC;IACpB,IAAI,MAAc,CAAC;IAEnB,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC,CAAC;QACzD,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QACpC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACb,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,aAAa,CAAC;QAC3B,MAAM,KAAK,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjG,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA4B,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;QAE/G,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,UAAU,CAAC;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,kBAAkB,CAAC;gBAC9B,UAAU,EAAE,IAAI;gBAChB,YAAY;gBACZ,WAAW,EAAE,MAAM;gBACnB,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,GAAG,EAAE,GAAE,CAAC;aACtB,CAAC,CAAC;YACH,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;gBACxB,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;YAC1B,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEjD,8BAA8B,CAAC;gBAC7B,MAAM;gBACN,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE;gBACjC,cAAc,EAAE,MAAM;aACvB,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,aAAa,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAErC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC1F,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kFAAkF,EAAE,KAAK,IAAI,EAAE;QAChG,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,aAAa,CAAC;QAC3B,MAAM,KAAK,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjG,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA4B,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;QAE/G,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,aAAa,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACzC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;QACjF,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;QAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QACjD,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAC3C,aAAa,CAAC,OAAO,EAAE,0BAA0B,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,kBAAkB,CAAC;gBAC9B,UAAU,EAAE,IAAI;gBAChB,YAAY;gBACZ,WAAW,EAAE,MAAM;gBACnB,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,GAAG,EAAE,GAAE,CAAC;aACtB,CAAC,CAAC;YACH,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;gBACxB,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;YAC1B,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrC,8BAA8B,CAAC;gBAC7B,MAAM;gBACN,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE;gBACjC,cAAc,EAAE,MAAM;gBACtB,wBAAwB,EAAE,OAAO;aAClC,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,aAAa,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrC,IAAI,MAAM,CAAC,UAAU,KAAK,IAAI;gBAAE,OAAO;YACvC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpD,IAAI,MAAM,CAAC,cAAc,CAAC,aAAa,KAAK,CAAC;gBAAE,OAAO;YACtD,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,uBAAuB,CAAC,YAAY,CAAC,CAAC,IAAI,CAC/E,0BAA0B,CAC3B,CAAC;YAEF,MAAM,EAAE,GAAG,wBAAwB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACrD,MAAM,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/decisionUnsafeError.d.ts

@@ -0,0 +1,8 @@
+import type { OutcomeCertificateV1 } from "./outcomeCertificate.js";
+import type { TrustDecision } from "./trustDecision.js";
+export declare class DecisionUnsafeError extends Error {
+    readonly trustDecision: TrustDecision;
+    readonly certificate: OutcomeCertificateV1;
+    constructor(certificate: OutcomeCertificateV1, lines: string[]);
+}
+//# sourceMappingURL=decisionUnsafeError.d.ts.map

package/dist/decisionUnsafeError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionUnsafeError.d.ts","sourceRoot":"","sources":["../src/decisionUnsafeError.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGxD,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,WAAW,EAAE,oBAAoB,CAAC;gBAE/B,WAAW,EAAE,oBAAoB,EAAE,KAAK,EAAE,MAAM,EAAE;CAM/D"}

package/dist/decisionUnsafeError.js

@@ -0,0 +1,12 @@
+import { trustDecisionFromCertificate } from "./trustDecision.js";
+export class DecisionUnsafeError extends Error {
+    trustDecision;
+    certificate;
+    constructor(certificate, lines) {
+        super(lines.join("\n"));
+        this.name = "DecisionUnsafeError";
+        this.certificate = certificate;
+        this.trustDecision = trustDecisionFromCertificate(certificate);
+    }
+}
+//# sourceMappingURL=decisionUnsafeError.js.map

package/dist/decisionUnsafeError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionUnsafeError.js","sourceRoot":"","sources":["../src/decisionUnsafeError.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,4BAA4B,EAAE,MAAM,oBAAoB,CAAC;AAElE,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,aAAa,CAAgB;IAC7B,WAAW,CAAuB;IAE3C,YAAY,WAAiC,EAAE,KAAe;QAC5D,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,aAAa,GAAG,4BAA4B,CAAC,WAAW,CAAC,CAAC;IACjE,CAAC;CACF"}