agentskeptic 3.3.3 → 3.5.0

package/dist/decisionEvidenceBundle/validateDecisionEvidenceBundle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validateDecisionEvidenceBundle.js","sourceRoot":"","sources":["../../src/decisionEvidenceBundle/validateDecisionEvidenceBundle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,4BAA4B,EAAE,MAAM,mBAAmB,CAAC;AAkBjE,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,EAAE,CAAC;IACzD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IACrC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,SAAiB;IAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAA6C,EAAE,CAAC;IAEtE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;IAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,UAAU,CAAC,CAAC;IACvE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,WAAW,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAEvE,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI;QACvB,CAAC,0BAA0B,EAAE,MAAM,CAAC;QACpC,CAAC,WAAW,EAAE,QAAQ,CAAC;QACvB,CAAC,kBAAkB,EAAE,MAAM,CAAC;QAC5B,CAAC,eAAe,EAAE,YAAY,CAAC;KACvB,EAAE,CAAC;QACX,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YACnB,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,IAAI,WAAW,GAAgC,IAAI,CAAC;IACpD,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAE7B,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,mBAAmB,CAAC,wBAAwB,CAAC,CAAC;YACxD,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrB,gBAAgB,CAAC,IAAI,CAAC;oBACpB,IAAI,EAAE,oBAAoB;oBAC1B,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;iBACxC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,gBAAgB,GAAG,IAAI,CAAC;gBACxB,WAAW,GAAG,MAAM,CAAC,KAA6B,CAAC;YACrD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,mBAAmB,CAAC,2BAA2B,CAAC,CAAC;YAC3D,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrB,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAC1F,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,mBAAmB,CAAC,kCAAkC,CAAC,CAAC;YAClE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrB,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YACjG,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAErC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,mBAAmB,CAAC,kCAAkC,CAAC,CAAC;YAClE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrB,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YACjG,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,mBAAmB,CAAC,kCAAkC,CAAC,CAAC;YAClE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrB,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YACjG,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,mBAAmB,CAAC,sCAAsC,CAAC,CAAC;YACtE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrB,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GACpB,UAAU,CAAC,MAAM,CAAC;QAClB,UAAU,CAAC,QAAQ,CAAC;QACpB,UAAU,CAAC,MAAM,CAAC;QAClB,UAAU,CAAC,YAAY,CAAC,CAAC;IAE3B,MAAM,QAAQ,GAAG,4BAA4B,CAAC;QAC5C,gBAAgB;QAChB,gBAAgB;QAChB,WAAW;QACX,SAAS;QACT,SAAS;KACV,CAAC,CAAC;IAEH,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,aAAa,EAAE,CAAC;YAChB,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE;gBACZ,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,QAAQ,CAAC,SAAS;aAC9B;YACD,MAAM,EAAE,gBAAgB;SACzB,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC/B,OAAO;QACL,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,4BAA4B;QAClC,MAAM;QACN,SAAS,EAAE,QAAQ;QACnB,YAAY,EAAE;YACZ,MAAM;YACN,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B;QACD,MAAM,EAAE,QAAQ,CAAC,MAAM;KACxB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAkC;IACvE,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC"}

package/dist/decisionEvidenceBundle/writeDecisionEvidenceBundle.d.ts

@@ -0,0 +1,21 @@
+import type { OutcomeCertificateV1 } from "../outcomeCertificate.js";
+import { type DecisionEvidenceCompleteness } from "./completeness.js";
+export type WriteDecisionEvidenceBundleOptions = {
+    outDir: string;
+    certificate: OutcomeCertificateV1;
+    noHumanReport: boolean;
+    runId?: string;
+    producer?: {
+        name: string;
+        version: string;
+    };
+    /** Validated against decision-evidence-attestation-v1 when present. */
+    attestation?: unknown;
+    /** Validated against decision-evidence-next-action-v1 when present. */
+    nextAction?: unknown;
+};
+/**
+ * Writes Decision Evidence Bundle: outcome-certificate, exit, human-layer, optional attestation/next-action, manifest last.
+ */
+export declare function writeDecisionEvidenceBundle(options: WriteDecisionEvidenceBundleOptions): DecisionEvidenceCompleteness;
+//# sourceMappingURL=writeDecisionEvidenceBundle.d.ts.map

package/dist/decisionEvidenceBundle/writeDecisionEvidenceBundle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"writeDecisionEvidenceBundle.d.ts","sourceRoot":"","sources":["../../src/decisionEvidenceBundle/writeDecisionEvidenceBundle.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAOrE,OAAO,EAGL,KAAK,4BAA4B,EAClC,MAAM,mBAAmB,CAAC;AAW3B,MAAM,MAAM,kCAAkC,GAAG;IAC/C,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,oBAAoB,CAAC;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7C,uEAAuE;IACvE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uEAAuE;IACvE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAYF;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,kCAAkC,GAAG,4BAA4B,CA8ErH"}

package/dist/decisionEvidenceBundle/writeDecisionEvidenceBundle.js

@@ -0,0 +1,88 @@
+import { mkdirSync, readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { atomicWriteUtf8File } from "../quickVerify/atomicWrite.js";
+import { loadSchemaValidator } from "../schemaLoad.js";
+import { TruthLayerError } from "../truthLayerError.js";
+import { CLI_OPERATIONAL_CODES, formatOperationalMessage } from "../failureCatalog.js";
+import { buildHumanLayerFileJson } from "../decisionEvidenceHumanLayer.js";
+import { DECISION_EVIDENCE_FILES } from "./constants.js";
+import { exitCodeFromOutcomeCertificate } from "./exitCode.js";
+import { computeCompletenessFromParts, } from "./completeness.js";
+function readPackageIdentity() {
+    const pkgPath = path.join(path.dirname(fileURLToPath(import.meta.url)), "..", "..", "package.json");
+    const raw = readFileSync(pkgPath, "utf8");
+    const pkg = JSON.parse(raw);
+    const name = typeof pkg.name === "string" && pkg.name.length > 0 ? pkg.name : "agentskeptic";
+    const version = typeof pkg.version === "string" && pkg.version.length > 0 ? pkg.version : "0.0.0";
+    return { name, version };
+}
+function validateOptional(schemaName, label, value) {
+    const v = loadSchemaValidator(schemaName);
+    if (!v(value)) {
+        throw new TruthLayerError(CLI_OPERATIONAL_CODES.CLI_USAGE, formatOperationalMessage(`${label}: ${JSON.stringify(v.errors ?? [])}`));
+    }
+}
+/**
+ * Writes Decision Evidence Bundle: outcome-certificate, exit, human-layer, optional attestation/next-action, manifest last.
+ */
+export function writeDecisionEvidenceBundle(options) {
+    const resolved = path.resolve(options.outDir);
+    mkdirSync(resolved, { recursive: true });
+    const validateCert = loadSchemaValidator("outcome-certificate-v1");
+    if (!validateCert(options.certificate)) {
+        throw new TruthLayerError(CLI_OPERATIONAL_CODES.INTERNAL_ERROR, formatOperationalMessage(`writeDecisionEvidenceBundle: certificate invalid ${JSON.stringify(validateCert.errors ?? [])}`));
+    }
+    if (options.attestation !== undefined) {
+        validateOptional("decision-evidence-attestation-v1", "decision attestation", options.attestation);
+    }
+    if (options.nextAction !== undefined) {
+        validateOptional("decision-evidence-next-action-v1", "decision next-action", options.nextAction);
+    }
+    const outcomeUtf8 = `${JSON.stringify(options.certificate)}\n`;
+    const exitPayload = {
+        schemaVersion: 1,
+        exitCode: exitCodeFromOutcomeCertificate(options.certificate),
+        cliConvention: "outcome_certificate_v1",
+    };
+    validateOptional("decision-evidence-exit-v1", "exit", exitPayload);
+    const exitUtf8 = `${JSON.stringify(exitPayload)}\n`;
+    const humanLayer = buildHumanLayerFileJson(options.certificate, options.noHumanReport);
+    validateOptional("decision-evidence-human-layer-v1", "human-layer", humanLayer);
+    const humanUtf8 = `${JSON.stringify(humanLayer)}\n`;
+    const producer = options.producer ?? readPackageIdentity();
+    const a4Present = options.attestation !== undefined;
+    const a5Present = options.nextAction !== undefined;
+    atomicWriteUtf8File(path.join(resolved, DECISION_EVIDENCE_FILES.outcomeCertificate), outcomeUtf8);
+    atomicWriteUtf8File(path.join(resolved, DECISION_EVIDENCE_FILES.exit), exitUtf8);
+    atomicWriteUtf8File(path.join(resolved, DECISION_EVIDENCE_FILES.humanLayer), humanUtf8);
+    if (options.attestation !== undefined) {
+        atomicWriteUtf8File(path.join(resolved, DECISION_EVIDENCE_FILES.attestation), `${JSON.stringify(options.attestation)}\n`);
+    }
+    if (options.nextAction !== undefined) {
+        atomicWriteUtf8File(path.join(resolved, DECISION_EVIDENCE_FILES.nextAction), `${JSON.stringify(options.nextAction)}\n`);
+    }
+    const computed = computeCompletenessFromParts({
+        certificateValid: true,
+        coreFilesPresent: true,
+        certificate: options.certificate,
+        a4Present,
+        a5Present,
+    });
+    const manifestPayload = {
+        schemaVersion: 1,
+        bundleKind: "decision_evidence",
+        producer,
+        createdAt: new Date().toISOString(),
+        workflowId: options.certificate.workflowId,
+        ...(options.runId !== undefined ? { runId: options.runId } : {}),
+        completeness: {
+            status: computed.status,
+            artifacts: computed.artifacts,
+        },
+    };
+    validateOptional("decision-evidence-bundle-manifest-v1", "manifest", manifestPayload);
+    atomicWriteUtf8File(path.join(resolved, DECISION_EVIDENCE_FILES.manifest), `${JSON.stringify(manifestPayload)}\n`);
+    return computed;
+}
+//# sourceMappingURL=writeDecisionEvidenceBundle.js.map

package/dist/decisionEvidenceBundle/writeDecisionEvidenceBundle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"writeDecisionEvidenceBundle.js","sourceRoot":"","sources":["../../src/decisionEvidenceBundle/writeDecisionEvidenceBundle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAEpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AACvF,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,8BAA8B,EAAE,MAAM,eAAe,CAAC;AAC/D,OAAO,EAEL,4BAA4B,GAE7B,MAAM,mBAAmB,CAAC;AAE3B,SAAS,mBAAmB;IAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;IACpG,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwC,CAAC;IACnE,MAAM,IAAI,GAAG,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC;IAC7F,MAAM,OAAO,GAAG,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IAClG,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC;AAcD,SAAS,gBAAgB,CAAC,UAAqD,EAAE,KAAa,EAAE,KAAc;IAC5G,MAAM,CAAC,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACd,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,SAAS,EAC/B,wBAAwB,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,CACxE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,OAA2C;IACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzC,MAAM,YAAY,GAAG,mBAAmB,CAAC,wBAAwB,CAAC,CAAC;IACnE,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,cAAc,EACpC,wBAAwB,CAAC,oDAAoD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,CAC1H,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QACtC,gBAAgB,CAAC,kCAAkC,EAAE,sBAAsB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IACpG,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACrC,gBAAgB,CAAC,kCAAkC,EAAE,sBAAsB,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACnG,CAAC;IAED,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/D,MAAM,WAAW,GAAG;QAClB,aAAa,EAAE,CAAU;QACzB,QAAQ,EAAE,8BAA8B,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7D,aAAa,EAAE,wBAAiC;KACjD,CAAC;IACF,gBAAgB,CAAC,2BAA2B,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC;IAEpD,MAAM,UAAU,GAAG,uBAAuB,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACvF,gBAAgB,CAAC,kCAAkC,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;IAEpD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,mBAAmB,EAAE,CAAC;IAC3D,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,KAAK,SAAS,CAAC;IACpD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,KAAK,SAAS,CAAC;IAEnD,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,kBAAkB,CAAC,EAAE,WAAW,CAAC,CAAC;IAClG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,CAAC;IACjF,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,CAAC;IAExF,IAAI,OAAO,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,CACjB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,WAAW,CAAC,EACxD,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAC3C,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACrC,mBAAmB,CACjB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,UAAU,CAAC,EACvD,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAC1C,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,4BAA4B,CAAC;QAC5C,gBAAgB,EAAE,IAAI;QACtB,gBAAgB,EAAE,IAAI;QACtB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,SAAS;QACT,SAAS;KACV,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG;QACtB,aAAa,EAAE,CAAU;QACzB,UAAU,EAAE,mBAA4B;QACxC,QAAQ;QACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,UAAU;QAC1C,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,YAAY,EAAE;YACZ,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B;KACF,CAAC;IAEF,gBAAgB,CAAC,sCAAsC,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;IACtF,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,QAAQ,CAAC,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IAEnH,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/decisionEvidenceBundle.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=decisionEvidenceBundle.test.d.ts.map

package/dist/decisionEvidenceBundle.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionEvidenceBundle.test.d.ts","sourceRoot":"","sources":["../src/decisionEvidenceBundle.test.ts"],"names":[],"mappings":""}

package/dist/decisionEvidenceBundle.test.js

@@ -0,0 +1,59 @@
+import { describe, expect, it } from "vitest";
+import { mkdirSync, rmSync } from "node:fs";
+import path from "node:path";
+import { writeDecisionEvidenceBundle } from "./decisionEvidenceBundle/writeDecisionEvidenceBundle.js";
+import { formatValidationStdout, validateDecisionEvidenceBundle, } from "./decisionEvidenceBundle/validateDecisionEvidenceBundle.js";
+function minimalCertificate(stateRelation) {
+    return {
+        schemaVersion: 1,
+        workflowId: "wf_test",
+        runKind: "contract_sql",
+        stateRelation,
+        highStakesReliance: stateRelation === "matches_expectations" ? "permitted" : "prohibited",
+        relianceRationale: "r",
+        intentSummary: "s",
+        explanation: { headline: "h", details: [] },
+        steps: [],
+        humanReport: "human",
+    };
+}
+describe("decisionEvidenceBundle", () => {
+    it("validate fails partial when A5 required and missing", () => {
+        const dir = path.join(process.cwd(), `tmp-de-bundle-${Date.now()}`);
+        mkdirSync(dir, { recursive: true });
+        try {
+            writeDecisionEvidenceBundle({
+                outDir: dir,
+                certificate: minimalCertificate("does_not_match"),
+                noHumanReport: false,
+                runId: "run-1",
+            });
+            const line = validateDecisionEvidenceBundle(dir);
+            expect(line.status).toBe("partial");
+            expect(line.errors.some((e) => e.code === "A5_REQUIRED_MISSING")).toBe(true);
+            expect(JSON.parse(formatValidationStdout(line)).schemaVersion).toBe(1);
+        }
+        finally {
+            rmSync(dir, { recursive: true, force: true });
+        }
+    });
+    it("validate complete for matches_expectations without next-action", () => {
+        const dir = path.join(process.cwd(), `tmp-de-bundle-${Date.now()}`);
+        mkdirSync(dir, { recursive: true });
+        try {
+            writeDecisionEvidenceBundle({
+                outDir: dir,
+                certificate: minimalCertificate("matches_expectations"),
+                noHumanReport: false,
+                runId: "run-2",
+            });
+            const line = validateDecisionEvidenceBundle(dir);
+            expect(line.status).toBe("complete");
+            expect(line.errors).toHaveLength(0);
+        }
+        finally {
+            rmSync(dir, { recursive: true, force: true });
+        }
+    });
+});
+//# sourceMappingURL=decisionEvidenceBundle.test.js.map

package/dist/decisionEvidenceBundle.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionEvidenceBundle.test.js","sourceRoot":"","sources":["../src/decisionEvidenceBundle.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAgB,MAAM,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,2BAA2B,EAAE,MAAM,yDAAyD,CAAC;AACtG,OAAO,EACL,sBAAsB,EACtB,8BAA8B,GAC/B,MAAM,4DAA4D,CAAC;AAEpE,SAAS,kBAAkB,CAAC,aAAoD;IAC9E,OAAO;QACL,aAAa,EAAE,CAAC;QAChB,UAAU,EAAE,SAAS;QACrB,OAAO,EAAE,cAAc;QACvB,aAAa;QACb,kBAAkB,EAAE,aAAa,KAAK,sBAAsB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,YAAY;QACzF,iBAAiB,EAAE,GAAG;QACtB,aAAa,EAAE,GAAG;QAClB,WAAW,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE;QAC3C,KAAK,EAAE,EAAE;QACT,WAAW,EAAE,OAAO;KACrB,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,iBAAiB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACpE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,IAAI,CAAC;YACH,2BAA2B,CAAC;gBAC1B,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,kBAAkB,CAAC,gBAAgB,CAAC;gBACjD,aAAa,EAAE,KAAK;gBACpB,KAAK,EAAE,OAAO;aACf,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,8BAA8B,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7E,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzE,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,iBAAiB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACpE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,IAAI,CAAC;YACH,2BAA2B,CAAC;gBAC1B,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,kBAAkB,CAAC,sBAAsB,CAAC;gBACvD,aAAa,EAAE,KAAK;gBACpB,KAAK,EAAE,OAAO;aACf,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,8BAA8B,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/decisionEvidenceHumanLayer.d.ts

@@ -0,0 +1,23 @@
+import type { OutcomeCertificateV1 } from "./outcomeCertificate.js";
+export type HumanLayerFileV1 = {
+    schemaVersion: 1;
+    kind: "report";
+    text: string;
+} | {
+    schemaVersion: 1;
+    kind: "suppressed";
+    reason: "no_human_report";
+};
+/**
+ * Canonical JSON for human-layer.json (A3).
+ */
+export declare function buildHumanLayerFileJson(certificate: OutcomeCertificateV1, noHumanReport: boolean): HumanLayerFileV1;
+/**
+ * Batch/contract verify: stderr bytes used with `process.stderr.write`. Ends with newline after footer.
+ */
+export declare function formatContractVerifyStderrForStderrWrite(certificate: OutcomeCertificateV1): string;
+/**
+ * Batch/contract verify: single line passed to `console.error` / `stderrLine` (no trailing newline after footer block; Node adds one).
+ */
+export declare function formatContractVerifyStderrForStderrLine(certificate: OutcomeCertificateV1): string;
+//# sourceMappingURL=decisionEvidenceHumanLayer.d.ts.map

package/dist/decisionEvidenceHumanLayer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionEvidenceHumanLayer.d.ts","sourceRoot":"","sources":["../src/decisionEvidenceHumanLayer.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAEpE,MAAM,MAAM,gBAAgB,GACxB;IAAE,aAAa,EAAE,CAAC,CAAC;IAAC,IAAI,EAAE,QAAQ,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAClD;IAAE,aAAa,EAAE,CAAC,CAAC;IAAC,IAAI,EAAE,YAAY,CAAC;IAAC,MAAM,EAAE,iBAAiB,CAAA;CAAE,CAAC;AAExE;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,oBAAoB,EACjC,aAAa,EAAE,OAAO,GACrB,gBAAgB,CAKlB;AAED;;GAEG;AACH,wBAAgB,wCAAwC,CAAC,WAAW,EAAE,oBAAoB,GAAG,MAAM,CAElG;AAED;;GAEG;AACH,wBAAgB,uCAAuC,CAAC,WAAW,EAAE,oBAAoB,GAAG,MAAM,CAEjG"}

package/dist/decisionEvidenceHumanLayer.js

@@ -0,0 +1,23 @@
+import { formatDistributionFooter } from "./distributionFooter.js";
+/**
+ * Canonical JSON for human-layer.json (A3).
+ */
+export function buildHumanLayerFileJson(certificate, noHumanReport) {
+    if (noHumanReport) {
+        return { schemaVersion: 1, kind: "suppressed", reason: "no_human_report" };
+    }
+    return { schemaVersion: 1, kind: "report", text: certificate.humanReport };
+}
+/**
+ * Batch/contract verify: stderr bytes used with `process.stderr.write`. Ends with newline after footer.
+ */
+export function formatContractVerifyStderrForStderrWrite(certificate) {
+    return `${certificate.humanReport}\n${formatDistributionFooter()}\n`;
+}
+/**
+ * Batch/contract verify: single line passed to `console.error` / `stderrLine` (no trailing newline after footer block; Node adds one).
+ */
+export function formatContractVerifyStderrForStderrLine(certificate) {
+    return `${certificate.humanReport}\n${formatDistributionFooter()}`;
+}
+//# sourceMappingURL=decisionEvidenceHumanLayer.js.map

package/dist/decisionEvidenceHumanLayer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisionEvidenceHumanLayer.js","sourceRoot":"","sources":["../src/decisionEvidenceHumanLayer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AAOnE;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,WAAiC,EACjC,aAAsB;IAEtB,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAC7E,CAAC;IACD,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,WAAW,EAAE,CAAC;AAC7E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wCAAwC,CAAC,WAAiC;IACxF,OAAO,GAAG,WAAW,CAAC,WAAW,KAAK,wBAAwB,EAAE,IAAI,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uCAAuC,CAAC,WAAiC;IACvF,OAAO,GAAG,WAAW,CAAC,WAAW,KAAK,wBAAwB,EAAE,EAAE,CAAC;AACrE,CAAC"}

package/dist/enforceCli.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"enforceCli.d.ts","sourceRoot":"","sources":["../src/enforceCli.ts"],"names":[],"mappings":"AASA,wFAAwF;AACxF,eAAO,MAAM,wBAAwB,wXACkV,CAAC;AAuBxX,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAoB9D"}
+{"version":3,"file":"enforceCli.d.ts","sourceRoot":"","sources":["../src/enforceCli.ts"],"names":[],"mappings":"AAUA,wFAAwF;AACxF,eAAO,MAAM,wBAAwB,wXACkV,CAAC;AAuBxX,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsC9D"}

package/dist/enforceCli.js

@@ -1,6 +1,7 @@
 import { CLI_OPERATIONAL_CODES, cliErrorEnvelope, formatOperationalMessage, } from "./failureCatalog.js";
 import { TruthLayerError } from "./truthLayerError.js";
 import { LICENSE_PREFLIGHT_ENABLED } from "./generated/commercialBuildFlags.js";
+import { exitAfterEnforceCliReceipt } from "./cliExecutionFinalize.js";
 import { runStatefulEnforce } from "./enforceStateful.js";
 /** User-facing message for OSS builds when `enforce` is invoked; exported for tests. */
 export const ENFORCE_OSS_GATE_MESSAGE = "The OSS build cannot run agentskeptic enforce (CI lock gating). Install the published npm package agentskeptic, set AGENTSKEPTIC_API_KEY (legacy WORKFLOW_VERIFIER_API_KEY accepted), and point COMMERCIAL_LICENSE_API_BASE_URL at your license server; or run npm run build:commercial with COMMERCIAL_LICENSE_API_BASE_URL set. Policy: docs/commercial-enforce-gate-normative.md";
@@ -30,7 +31,13 @@ export async function runEnforce(args) {
     }
     if (!LICENSE_PREFLIGHT_ENABLED) {
         writeCliError(CLI_OPERATIONAL_CODES.ENFORCE_REQUIRES_COMMERCIAL_BUILD, ENFORCE_OSS_GATE_MESSAGE);
-        process.exit(3);
+        exitAfterEnforceCliReceipt({
+            parsedBatch: null,
+            quick: null,
+            exitCode: 3,
+            operationalCode: CLI_OPERATIONAL_CODES.ENFORCE_REQUIRES_COMMERCIAL_BUILD,
+            certificate: null,
+        });
     }
     try {
         await runStatefulEnforce(args);
@@ -38,11 +45,23 @@ export async function runEnforce(args) {
     catch (e) {
         if (e instanceof TruthLayerError) {
             writeCliError(e.code, e.message);
-            process.exit(3);
+            exitAfterEnforceCliReceipt({
+                parsedBatch: null,
+                quick: null,
+                exitCode: 3,
+                operationalCode: e.code,
+                certificate: null,
+            });
         }
         const msg = e instanceof Error ? e.message : String(e);
         writeCliError(CLI_OPERATIONAL_CODES.INTERNAL_ERROR, formatOperationalMessage(msg));
-        process.exit(3);
+        exitAfterEnforceCliReceipt({
+            parsedBatch: null,
+            quick: null,
+            exitCode: 3,
+            operationalCode: CLI_OPERATIONAL_CODES.INTERNAL_ERROR,
+            certificate: null,
+        });
     }
 }
 //# sourceMappingURL=enforceCli.js.map

package/dist/enforceCli.js.map

@@ -1 +1 @@
-{"version":3,"file":"enforceCli.js","sourceRoot":"","sources":["../src/enforceCli.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,wFAAwF;AACxF,MAAM,CAAC,MAAM,wBAAwB,GACnC,qXAAqX,CAAC;AAExX,SAAS,aAAa,CAAC,IAAY,EAAE,OAAe;IAClD,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,YAAY;IACnB,OAAO;;;;;;;;;;;;;4CAamC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAc;IAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAC/B,aAAa,CAAC,qBAAqB,CAAC,iCAAiC,EAAE,wBAAwB,CAAC,CAAC;QACjG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,eAAe,EAAE,CAAC;YACjC,aAAa,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,aAAa,CAAC,qBAAqB,CAAC,cAAc,EAAE,wBAAwB,CAAC,GAAG,CAAC,CAAC,CAAC;QACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}
+{"version":3,"file":"enforceCli.js","sourceRoot":"","sources":["../src/enforceCli.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,wFAAwF;AACxF,MAAM,CAAC,MAAM,wBAAwB,GACnC,qXAAqX,CAAC;AAExX,SAAS,aAAa,CAAC,IAAY,EAAE,OAAe;IAClD,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,YAAY;IACnB,OAAO;;;;;;;;;;;;;4CAamC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAc;IAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAC/B,aAAa,CAAC,qBAAqB,CAAC,iCAAiC,EAAE,wBAAwB,CAAC,CAAC;QACjG,0BAA0B,CAAC;YACzB,WAAW,EAAE,IAAI;YACjB,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,CAAC;YACX,eAAe,EAAE,qBAAqB,CAAC,iCAAiC;YACxE,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,eAAe,EAAE,CAAC;YACjC,aAAa,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;YACjC,0BAA0B,CAAC;gBACzB,WAAW,EAAE,IAAI;gBACjB,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,CAAC;gBACX,eAAe,EAAE,CAAC,CAAC,IAAI;gBACvB,WAAW,EAAE,IAAI;aAClB,CAAC,CAAC;QACL,CAAC;QACD,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,aAAa,CAAC,qBAAqB,CAAC,cAAc,EAAE,wBAAwB,CAAC,GAAG,CAAC,CAAC,CAAC;QACnF,0BAA0B,CAAC;YACzB,WAAW,EAAE,IAAI;YACjB,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,CAAC;YACX,eAAe,EAAE,qBAAqB,CAAC,cAAc;YACrD,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/enforceStateful.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"enforceStateful.d.ts","sourceRoot":"","sources":["../src/enforceStateful.ts"],"names":[],"mappings":"AAuDA,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsGtE"}
+{"version":3,"file":"enforceStateful.d.ts","sourceRoot":"","sources":["../src/enforceStateful.ts"],"names":[],"mappings":"AAgEA,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA4JtE"}

package/dist/enforceStateful.js

@@ -1,16 +1,17 @@
 import { randomUUID } from "node:crypto";
-import { CLI_OPERATIONAL_CODES } from "./cliOperationalCodes.js";
 import { parseBatchVerifyCliArgs, parseQuickCliArgs } from "./cliArgv.js";
-import { verifyWorkflow } from "./pipeline.js";
-import { runBatchVerifyToValidatedResult } from "./standardVerifyWorkflowCli.js";
-import { TruthLayerError } from "./truthLayerError.js";
+import { CLI_OPERATIONAL_CODES } from "./cliOperationalCodes.js";
+import { exitAfterEnforceCliReceipt } from "./cliExecutionFinalize.js";
+import { cliErrorEnvelope, formatOperationalMessage } from "./failureCatalog.js";
+import { canonicalCertificateSha256, materialTruthSha256 } from "./governanceEvidence.js";
+import { buildOutcomeCertificateFromQuickReport, buildOutcomeCertificateFromWorkflowResult, } from "./outcomeCertificate.js";
 import { stableStringify } from "./jsonStableStringify.js";
 import { runLicensePreflightIfNeeded } from "./commercial/licensePreflight.js";
-import { cliErrorEnvelope } from "./failureCatalog.js";
-import { postEnforcementJson } from "./sdk/transport.js";
-import { buildOutcomeCertificateFromQuickReport, buildOutcomeCertificateFromWorkflowResult } from "./outcomeCertificate.js";
+import { verifyWorkflow } from "./pipeline.js";
 import { runQuickVerifyToValidatedReport } from "./quickVerify/runQuickVerify.js";
-import { canonicalCertificateSha256, materialTruthSha256 } from "./governanceEvidence.js";
+import { postEnforcementJson } from "./sdk/transport.js";
+import { runBatchVerifyToValidatedResult } from "./standardVerifyWorkflowCli.js";
+import { TruthLayerError } from "./truthLayerError.js";
 function parseEnforceMode(args) {
     const hasCreate = args.includes("--create-baseline");
     const hasAccept = args.includes("--accept-drift");
@@ -27,8 +28,7 @@ function stripEnforceModeArgs(args) {
     return args.filter((a) => a !== "--create-baseline" && a !== "--accept-drift");
 }
 function apiKeyOrThrow() {
-    const apiKey = process.env.AGENTSKEPTIC_API_KEY?.trim() ||
-        process.env.WORKFLOW_VERIFIER_API_KEY?.trim();
+    const apiKey = process.env.AGENTSKEPTIC_API_KEY?.trim() || process.env.WORKFLOW_VERIFIER_API_KEY?.trim();
     if (!apiKey) {
         throw new TruthLayerError(CLI_OPERATIONAL_CODES.LICENSE_KEY_MISSING, "Commercial agentskeptic enforce requires AGENTSKEPTIC_API_KEY.");
     }
@@ -38,96 +38,149 @@ async function postEnforcementState(path, payload) {
     const apiKey = apiKeyOrThrow();
     return postEnforcementJson({ path, payload, apiKey });
 }
+function writeOperationalErr(code, message) {
+    console.error(cliErrorEnvelope(code, formatOperationalMessage(message)));
+}
 export async function runStatefulEnforce(args) {
-    const mode = parseEnforceMode(args);
-    const stripped = stripEnforceModeArgs(args);
-    const isQuick = stripped.includes("--input") || stripped.includes("--export-registry") || stripped.includes("--emit-events");
-    const runId = process.env.AGENTSKEPTIC_RUN_ID?.trim() ||
-        process.env.WORKFLOW_VERIFIER_RUN_ID?.trim() ||
-        randomUUID();
-    await runLicensePreflightIfNeeded("enforce", { runId, xRequestId: randomUUID() });
-    let terminalStatus;
-    let workflowId;
-    let certificate;
-    if (isQuick) {
-        const pq = parseQuickCliArgs(stripped);
-        const out = await runQuickVerifyToValidatedReport({
-            inputUtf8: pq.inputPath === "-" ? await new Promise((resolve, reject) => {
-                let s = "";
-                process.stdin.setEncoding("utf8");
-                process.stdin.on("data", (d) => {
-                    s += d;
-                });
-                process.stdin.on("end", () => resolve(s));
-                process.stdin.on("error", reject);
-            }) : await import("node:fs/promises").then((m) => m.readFile(pq.inputPath, "utf8")),
-            postgresUrl: pq.postgresUrl ?? undefined,
-            sqlitePath: pq.dbPath ?? undefined,
-        });
-        workflowId = pq.workflowIdQuick;
-        certificate = buildOutcomeCertificateFromQuickReport({
-            report: out.report,
-            workflowId: pq.workflowIdQuick,
-            humanReportOptions: {
-                workflowId: pq.workflowIdQuick,
-                eventsPath: pq.emitEventsPath ?? undefined,
-                registryPath: pq.exportPath,
-                dbFlag: pq.dbPath ?? undefined,
-                postgresUrl: pq.postgresUrl !== undefined,
-            },
+    let parsedBatch = null;
+    let pq = null;
+    let certificate = null;
+    try {
+        const mode = parseEnforceMode(args);
+        const stripped = stripEnforceModeArgs(args);
+        const isQuick = stripped.includes("--input") ||
+            stripped.includes("--export-registry") ||
+            stripped.includes("--emit-events");
+        const runId = process.env.AGENTSKEPTIC_RUN_ID?.trim() ||
+            process.env.WORKFLOW_VERIFIER_RUN_ID?.trim() ||
+            randomUUID();
+        await runLicensePreflightIfNeeded("enforce", { runId, xRequestId: randomUUID() });
+        let terminalStatus;
+        let workflowId;
+        if (isQuick) {
+            const q = parseQuickCliArgs(stripped);
+            pq = q;
+            const out = await runQuickVerifyToValidatedReport({
+                inputUtf8: q.inputPath === "-"
+                    ? await new Promise((resolve, reject) => {
+                        let s = "";
+                        process.stdin.setEncoding("utf8");
+                        process.stdin.on("data", (d) => {
+                            s += d;
+                        });
+                        process.stdin.on("end", () => resolve(s));
+                        process.stdin.on("error", reject);
+                    })
+                    : await import("node:fs/promises").then((m) => m.readFile(q.inputPath, "utf8")),
+                postgresUrl: q.postgresUrl ?? undefined,
+                sqlitePath: q.dbPath ?? undefined,
+            });
+            workflowId = q.workflowIdQuick;
+            certificate = buildOutcomeCertificateFromQuickReport({
+                report: out.report,
+                workflowId: q.workflowIdQuick,
+                humanReportOptions: {
+                    workflowId: q.workflowIdQuick,
+                    eventsPath: q.emitEventsPath ?? undefined,
+                    registryPath: q.exportPath,
+                    dbFlag: q.dbPath ?? undefined,
+                    postgresUrl: q.postgresUrl !== undefined,
+                },
+            });
+            terminalStatus =
+                out.report.verdict === "pass" ? "complete"
+                    : out.report.verdict === "fail" ? "inconsistent"
+                        : "incomplete";
+        }
+        else {
+            const parsed = parseBatchVerifyCliArgs(stripped);
+            parsedBatch = parsed;
+            const wf = await runBatchVerifyToValidatedResult(() => verifyWorkflow({
+                workflowId: parsed.workflowId,
+                eventsPath: parsed.eventsPath,
+                registryPath: parsed.registryPath,
+                database: parsed.database,
+                verificationPolicy: parsed.verificationPolicy,
+                truthReport: parsed.noHumanReport ? () => { } : (report) => process.stderr.write(`${report}\n`),
+            }));
+            workflowId = parsed.workflowId;
+            certificate = buildOutcomeCertificateFromWorkflowResult(wf, "contract_sql");
+            terminalStatus =
+                wf.status === "complete" ? "complete"
+                    : wf.status === "inconsistent" ? "inconsistent"
+                        : "incomplete";
+        }
+        const payload = {
+            schema_version: 2,
+            run_id: runId,
+            workflow_id: workflowId,
+            outcome_certificate_v1: certificate,
+            material_truth_sha256: materialTruthSha256(certificate),
+            certificate_sha256: canonicalCertificateSha256(certificate),
+        };
+        const route = mode === "create-baseline" ? "/api/v1/enforcement/baselines"
+            : mode === "accept-drift" ? "/api/v1/enforcement/accept"
+                : "/api/v1/enforcement/check";
+        const stateRes = await postEnforcementState(route, payload);
+        if (!stateRes.ok) {
+            const detail = typeof stateRes.body === "object" && stateRes.body !== null && "detail" in stateRes.body
+                ? String(stateRes.body.detail ?? `HTTP ${stateRes.status}`)
+                : `HTTP ${stateRes.status}`;
+            throw new TruthLayerError(CLI_OPERATIONAL_CODES.LICENSE_DENIED, `${detail}${stateRes.requestId ? ` [x-request-id=${stateRes.requestId}]` : ""}`);
+        }
+        const status = typeof stateRes.body === "object" && stateRes.body !== null && "status" in stateRes.body
+            ? String(stateRes.body.status ?? "ok")
+            : "ok";
+        process.stdout.write(`${stableStringify({ schemaVersion: 1, enforce: stateRes.body })}\n`);
+        if (status === "drift") {
+            console.error(cliErrorEnvelope(CLI_OPERATIONAL_CODES.VERIFICATION_OUTPUT_LOCK_MISMATCH, "Drift detected."));
+            exitAfterEnforceCliReceipt({
+                parsedBatch,
+                quick: pq,
+                exitCode: 4,
+                operationalCode: null,
+                certificate,
+                enforceExitKindDrift: true,
+            });
+        }
+        if (terminalStatus === "complete") {
+            exitAfterEnforceCliReceipt({
+                parsedBatch,
+                quick: pq,
+                exitCode: 0,
+                operationalCode: null,
+                certificate,
+            });
+        }
+        if (terminalStatus === "inconsistent") {
+            exitAfterEnforceCliReceipt({
+                parsedBatch,
+                quick: pq,
+                exitCode: 1,
+                operationalCode: null,
+                certificate,
+            });
+        }
+        exitAfterEnforceCliReceipt({
+            parsedBatch,
+            quick: pq,
+            exitCode: 2,
+            operationalCode: null,
+            certificate,
         });
-        terminalStatus =
-            out.report.verdict === "pass" ? "complete"
-                : out.report.verdict === "fail" ? "inconsistent"
-                    : "incomplete";
-    }
-    else {
-        const parsed = parseBatchVerifyCliArgs(stripped);
-        const wf = await runBatchVerifyToValidatedResult(() => verifyWorkflow({
-            workflowId: parsed.workflowId,
-            eventsPath: parsed.eventsPath,
-            registryPath: parsed.registryPath,
-            database: parsed.database,
-            verificationPolicy: parsed.verificationPolicy,
-            truthReport: parsed.noHumanReport ? () => { } : (report) => process.stderr.write(`${report}\n`),
-        }));
-        workflowId = parsed.workflowId;
-        certificate = buildOutcomeCertificateFromWorkflowResult(wf, "contract_sql");
-        terminalStatus =
-            wf.status === "complete" ? "complete"
-                : wf.status === "inconsistent" ? "inconsistent"
-                    : "incomplete";
-    }
-    const payload = {
-        schema_version: 2,
-        run_id: runId,
-        workflow_id: workflowId,
-        outcome_certificate_v1: certificate,
-        material_truth_sha256: materialTruthSha256(certificate),
-        certificate_sha256: canonicalCertificateSha256(certificate),
-    };
-    const route = mode === "create-baseline" ? "/api/v1/enforcement/baselines"
-        : mode === "accept-drift" ? "/api/v1/enforcement/accept"
-            : "/api/v1/enforcement/check";
-    const stateRes = await postEnforcementState(route, payload);
-    if (!stateRes.ok) {
-        const detail = typeof stateRes.body === "object" && stateRes.body !== null && "detail" in stateRes.body
-            ? String(stateRes.body.detail ?? `HTTP ${stateRes.status}`)
-            : `HTTP ${stateRes.status}`;
-        throw new TruthLayerError(CLI_OPERATIONAL_CODES.LICENSE_DENIED, `${detail}${stateRes.requestId ? ` [x-request-id=${stateRes.requestId}]` : ""}`);
     }
-    const status = typeof stateRes.body === "object" && stateRes.body !== null && "status" in stateRes.body
-        ? String(stateRes.body.status ?? "ok")
-        : "ok";
-    process.stdout.write(`${stableStringify({ schemaVersion: 1, enforce: stateRes.body })}\n`);
-    if (status === "drift") {
-        console.error(cliErrorEnvelope(CLI_OPERATIONAL_CODES.VERIFICATION_OUTPUT_LOCK_MISMATCH, "Drift detected."));
-        process.exit(4);
+    catch (e) {
+        if (e instanceof TruthLayerError) {
+            writeOperationalErr(e.code, e.message);
+            exitAfterEnforceCliReceipt({
+                parsedBatch,
+                quick: pq,
+                exitCode: 3,
+                operationalCode: e.code,
+                certificate,
+            });
+        }
+        throw e;
     }
-    if (terminalStatus === "complete")
-        process.exit(0);
-    if (terminalStatus === "inconsistent")
-        process.exit(1);
-    process.exit(2);
 }
 //# sourceMappingURL=enforceStateful.js.map