agentskeptic 4.1.1 → 5.0.0

package/schemas/openapi-commercial-v1.in.yaml

@@ -12,7 +12,7 @@ info:
     url: __CONTRACT_URL__
     version: __CONTRACT_VERSION__
     manifestSha256: __CONTRACT_SHA__
-  description: "__IDENTITY_ONE_LINER__\n\nMachine-readable contract for license preflight used by the published npm CLI.\nBase URL is your deployed app origin (same as NEXT_PUBLIC_APP_URL).\n\nEvery path in this document returns an `x-request-id` response header on all status codes (echo a valid client `x-request-id` when supplied; otherwise server-generated). Non-2xx JSON bodies follow RFC 7807-style Problem Details (`type`, `title`, `status`, `detail`, optional `code`, `instance`) unless noted; `POST /api/v1/usage/reserve` denials additionally include legacy `allowed`, `code`, `message`, and optional `upgrade_url` for backward compatibility.\n"
+  description: "__IDENTITY_ONE_LINER__\n\nMachine-readable contract for license preflight used by the published npm CLI.\nBase URL is your deployed app origin (same as NEXT_PUBLIC_APP_URL).\n\nEvery path in this document returns an `x-request-id` response header on all status codes (echo a valid client `x-request-id` when supplied; otherwise server-generated). Non-2xx JSON bodies follow RFC 7807-style Problem Details (`type`, `title`, `status`, `detail`, optional `code`, `instance`) unless noted; `POST /api/v1/usage/reserve` denials additionally include legacy `allowed`, `code`, `message`, and optional `upgrade_url` for backward compatibility.\n\n**Breaking (agentskeptic 5.x):** Hosted enforcement ingestion uses `schema_version` 3 with `outcome_certificate` (Outcome Certificate v2 inner JSON). Legacy `schema_version` 2 payloads with `outcome_certificate_v1` are rejected. `POST /api/v1/funnel/verify-outcome` requires `schema_version` 3 and `evidence_gap_primary`. `POST /api/public/verification-reports` accepts envelope `schemaVersion` 3 only.\n"
 externalDocs:
   description: "First-run integration guide"
   url: __DISTRIBUTION_INTEGRATE_URL__
@@ -125,7 +125,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/EnforcementEvidenceRequestV2"
+              $ref: "#/components/schemas/EnforcementEvidenceRequestV3"
       responses:
         "200":
           description: Lifecycle transition completed
@@ -162,7 +162,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/EnforcementEvidenceRequestV2"
+              $ref: "#/components/schemas/EnforcementEvidenceRequestV3"
       responses:
         "200":
           description: Check completed (match, open drift, rerun pass/fail, etc.)
@@ -187,7 +187,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/EnforcementAcceptEvidenceRequestV2"
+              $ref: "#/components/schemas/EnforcementAcceptEvidenceRequestV3"
       responses:
         "200":
           description: Baseline updated; rerun POST /check required before returning to trusted-only posture
@@ -315,7 +315,7 @@ paths:
       summary: Licensed verify-outcome beacon (idempotent per API key + run_id)
       description: >
         POST after a successful `POST /api/v1/usage/reserve` for the same `run_id`. Success is HTTP 204 with an empty body.
-        Requires Bearer API key. Body schemaVersion must be 2.
+        Requires Bearer API key. Body `schema_version` must be 3 (`VerifyOutcomeRequestV3`). `evidence_gap_primary` duplicates `certificate.evidenceCompleteness.blockerCategory` at CLI emission time.
       security:
         - bearerAuth: []
       requestBody:
@@ -323,7 +323,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/VerifyOutcomeRequestV2"
+              $ref: "#/components/schemas/VerifyOutcomeRequestV3"
       responses:
         "204":
           description: Beacon accepted (or duplicate ignored)
@@ -556,27 +556,28 @@ components:
       scheme: bearer
       bearerFormat: API key
   schemas:
-    EnforcementEvidenceRequestV2:
+    EnforcementEvidenceRequestV3:
       type: object
-      required: [schema_version, run_id, workflow_id, outcome_certificate_v1, material_truth_sha256, certificate_sha256]
+      required: [schema_version, run_id, workflow_id, outcome_certificate, material_truth_sha256, certificate_sha256]
       properties:
         schema_version:
           type: integer
-          const: 2
+          const: 3
         run_id:
           type: string
         workflow_id:
           type: string
-        outcome_certificate_v1:
+        outcome_certificate:
           type: object
           additionalProperties: true
+          description: Outcome Certificate v2 JSON (schemaVersion 2) including evidenceCompleteness
         material_truth_sha256:
           type: string
         certificate_sha256:
           type: string
     EnforcementFsmEnvelopeV2:
       type: object
-      description: Hosted enforcement lifecycle + verification attempt payload (schema_version 2).
+      description: Hosted enforcement lifecycle response envelope for POST /check | /baselines | /accept (schema_version 2 on responses; distinct from evidence ingestion schema_version 3).
       required: [schema_version, code]
       properties:
         schema_version:
@@ -587,9 +588,9 @@ components:
         quota_enforced_via_reserve:
           type: boolean
       additionalProperties: true
-    EnforcementAcceptEvidenceRequestV2:
+    EnforcementAcceptEvidenceRequestV3:
       allOf:
-        - $ref: "#/components/schemas/EnforcementEvidenceRequestV2"
+        - $ref: "#/components/schemas/EnforcementEvidenceRequestV3"
         - type: object
           required: [expected_projection_hash, lifecycle_state_version]
           properties:
@@ -715,13 +716,14 @@ components:
           type: string
         code:
           type: string
-    VerifyOutcomeRequestV2:
+    VerifyOutcomeRequestV3:
       type: object
       required:
         - schema_version
         - run_id
         - workflow_id
         - trust_decision
+        - evidence_gap_primary
         - reason_codes
         - terminal_status
         - workload_class
@@ -729,7 +731,7 @@ components:
       properties:
         schema_version:
           type: integer
-          const: 2
+          const: 3
         run_id:
           type: string
           maxLength: 256
@@ -739,6 +741,24 @@ components:
         trust_decision:
           type: string
           enum: [safe, unsafe, unknown]
+        evidence_gap_primary:
+          type: string
+          enum:
+            - "none"
+            - "preview_lane"
+            - "ingest_empty"
+            - "ingest_unstructured"
+            - "registry_unknown_tool"
+            - "registry_resolution"
+            - "database_access"
+            - "timing_or_window"
+            - "witness_unavailable"
+            - "state_mismatch"
+            - "verification_incomplete"
+            - "event_sequence"
+            - "control_flow_context"
+            - "unclassified"
+          description: Mirrors Outcome Certificate evidenceCompleteness.blockerCategory at CLI emission time
         reason_codes:
           type: array
           maxItems: 8
@@ -752,7 +772,12 @@ components:
           enum: [bundled_examples, non_bundled]
         subcommand:
           type: string
-          enum: [batch_verify, quick_verify, verify_integrator_owned]
+          enum: [batch_verify, quick_verify, verify_integrator_owned, activate]
+        activation:
+          description: Present only when subcommand is activate (mirrors ActivationManifest-derived wire)
+          type: object
+          nullable: true
+          additionalProperties: true
     TrustDecisionRecordRequestV1:
       type: object
       additionalProperties: false
@@ -792,8 +817,8 @@ components:
           $ref: "#/components/schemas/TrustCertificateSnapshotRequestV1"
         human_blocker_lines:
           type: array
-          minItems: 6
-          maxItems: 6
+          minItems: 1
+          maxItems: 48
           items:
             type: string
     TrustCertificateSnapshotRequestV1:
@@ -907,8 +932,8 @@ components:
       additionalProperties: false
     PublicVerificationReportCreate:
       description: >
-        POST accepts schemaVersion 2 only: { "schemaVersion": 2, "certificate": <OutcomeCertificateV1> } per
-        schemas/public-verification-report-v2.schema.json. Legacy v1 envelopes are rejected with HTTP 400.
+        POST accepts schemaVersion 3 only: { "schemaVersion": 3, "certificate": <OutcomeCertificateV2> } per
+        schemas/public-verification-report-v3.schema.json. Legacy envelope POST bodies return HTTP 400.
       type: object
       additionalProperties: true
     PublicVerificationReportCreated:
@@ -921,7 +946,7 @@ components:
       properties:
         schemaVersion:
           type: integer
-          const: 2
+          const: 3
         id:
           type: string
           format: uuid

package/schemas/openapi-commercial-v1.yaml

@@ -1,7 +1,7 @@
 openapi: "3.0.3"
 info:
   title: AgentSkeptic commercial license API
-  version: "4.1.1"
+  version: "5.0.0"
   contact:
     url: https://agentskeptic.com
   x-agentskeptic-distribution:
@@ -12,7 +12,7 @@ info:
     url: https://agentskeptic.com/contract/v1.json
     version: "1.0.1"
     manifestSha256: "c5f23ec43576716c4b9a13e752cd2962a78bb4b4da1f9e521f911e15dfd80268"
-  description: "Read-only checks at verify time—not color.\n\nMachine-readable contract for license preflight used by the published npm CLI.\nBase URL is your deployed app origin (same as NEXT_PUBLIC_APP_URL).\n\nEvery path in this document returns an `x-request-id` response header on all status codes (echo a valid client `x-request-id` when supplied; otherwise server-generated). Non-2xx JSON bodies follow RFC 7807-style Problem Details (`type`, `title`, `status`, `detail`, optional `code`, `instance`) unless noted; `POST /api/v1/usage/reserve` denials additionally include legacy `allowed`, `code`, `message`, and optional `upgrade_url` for backward compatibility.\n"
+  description: "Read-only checks at verify time—not color.\n\nMachine-readable contract for license preflight used by the published npm CLI.\nBase URL is your deployed app origin (same as NEXT_PUBLIC_APP_URL).\n\nEvery path in this document returns an `x-request-id` response header on all status codes (echo a valid client `x-request-id` when supplied; otherwise server-generated). Non-2xx JSON bodies follow RFC 7807-style Problem Details (`type`, `title`, `status`, `detail`, optional `code`, `instance`) unless noted; `POST /api/v1/usage/reserve` denials additionally include legacy `allowed`, `code`, `message`, and optional `upgrade_url` for backward compatibility.\n\n**Breaking (agentskeptic 5.x):** Hosted enforcement ingestion uses `schema_version` 3 with `outcome_certificate` (Outcome Certificate v2 inner JSON). Legacy `schema_version` 2 payloads with `outcome_certificate_v1` are rejected. `POST /api/v1/funnel/verify-outcome` requires `schema_version` 3 and `evidence_gap_primary`. `POST /api/public/verification-reports` accepts envelope `schemaVersion` 3 only.\n"
 externalDocs:
   description: "First-run integration guide"
   url: https://agentskeptic.com/integrate
@@ -125,7 +125,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/EnforcementEvidenceRequestV2"
+              $ref: "#/components/schemas/EnforcementEvidenceRequestV3"
       responses:
         "200":
           description: Lifecycle transition completed
@@ -162,7 +162,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/EnforcementEvidenceRequestV2"
+              $ref: "#/components/schemas/EnforcementEvidenceRequestV3"
       responses:
         "200":
           description: Check completed (match, open drift, rerun pass/fail, etc.)
@@ -187,7 +187,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/EnforcementAcceptEvidenceRequestV2"
+              $ref: "#/components/schemas/EnforcementAcceptEvidenceRequestV3"
       responses:
         "200":
           description: Baseline updated; rerun POST /check required before returning to trusted-only posture
@@ -315,7 +315,7 @@ paths:
       summary: Licensed verify-outcome beacon (idempotent per API key + run_id)
       description: >
         POST after a successful `POST /api/v1/usage/reserve` for the same `run_id`. Success is HTTP 204 with an empty body.
-        Requires Bearer API key. Body schemaVersion must be 2.
+        Requires Bearer API key. Body `schema_version` must be 3 (`VerifyOutcomeRequestV3`). `evidence_gap_primary` duplicates `certificate.evidenceCompleteness.blockerCategory` at CLI emission time.
       security:
         - bearerAuth: []
       requestBody:
@@ -323,7 +323,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/VerifyOutcomeRequestV2"
+              $ref: "#/components/schemas/VerifyOutcomeRequestV3"
       responses:
         "204":
           description: Beacon accepted (or duplicate ignored)
@@ -556,27 +556,28 @@ components:
       scheme: bearer
       bearerFormat: API key
   schemas:
-    EnforcementEvidenceRequestV2:
+    EnforcementEvidenceRequestV3:
       type: object
-      required: [schema_version, run_id, workflow_id, outcome_certificate_v1, material_truth_sha256, certificate_sha256]
+      required: [schema_version, run_id, workflow_id, outcome_certificate, material_truth_sha256, certificate_sha256]
       properties:
         schema_version:
           type: integer
-          const: 2
+          const: 3
         run_id:
           type: string
         workflow_id:
           type: string
-        outcome_certificate_v1:
+        outcome_certificate:
           type: object
           additionalProperties: true
+          description: Outcome Certificate v2 JSON (schemaVersion 2) including evidenceCompleteness
         material_truth_sha256:
           type: string
         certificate_sha256:
           type: string
     EnforcementFsmEnvelopeV2:
       type: object
-      description: Hosted enforcement lifecycle + verification attempt payload (schema_version 2).
+      description: Hosted enforcement lifecycle response envelope for POST /check | /baselines | /accept (schema_version 2 on responses; distinct from evidence ingestion schema_version 3).
       required: [schema_version, code]
       properties:
         schema_version:
@@ -587,9 +588,9 @@ components:
         quota_enforced_via_reserve:
           type: boolean
       additionalProperties: true
-    EnforcementAcceptEvidenceRequestV2:
+    EnforcementAcceptEvidenceRequestV3:
       allOf:
-        - $ref: "#/components/schemas/EnforcementEvidenceRequestV2"
+        - $ref: "#/components/schemas/EnforcementEvidenceRequestV3"
         - type: object
           required: [expected_projection_hash, lifecycle_state_version]
           properties:
@@ -715,13 +716,14 @@ components:
           type: string
         code:
           type: string
-    VerifyOutcomeRequestV2:
+    VerifyOutcomeRequestV3:
       type: object
       required:
         - schema_version
         - run_id
         - workflow_id
         - trust_decision
+        - evidence_gap_primary
         - reason_codes
         - terminal_status
         - workload_class
@@ -729,7 +731,7 @@ components:
       properties:
         schema_version:
           type: integer
-          const: 2
+          const: 3
         run_id:
           type: string
           maxLength: 256
@@ -739,6 +741,24 @@ components:
         trust_decision:
           type: string
           enum: [safe, unsafe, unknown]
+        evidence_gap_primary:
+          type: string
+          enum:
+            - "none"
+            - "preview_lane"
+            - "ingest_empty"
+            - "ingest_unstructured"
+            - "registry_unknown_tool"
+            - "registry_resolution"
+            - "database_access"
+            - "timing_or_window"
+            - "witness_unavailable"
+            - "state_mismatch"
+            - "verification_incomplete"
+            - "event_sequence"
+            - "control_flow_context"
+            - "unclassified"
+          description: Mirrors Outcome Certificate evidenceCompleteness.blockerCategory at CLI emission time
         reason_codes:
           type: array
           maxItems: 8
@@ -752,7 +772,12 @@ components:
           enum: [bundled_examples, non_bundled]
         subcommand:
           type: string
-          enum: [batch_verify, quick_verify, verify_integrator_owned]
+          enum: [batch_verify, quick_verify, verify_integrator_owned, activate]
+        activation:
+          description: Present only when subcommand is activate (mirrors ActivationManifest-derived wire)
+          type: object
+          nullable: true
+          additionalProperties: true
     TrustDecisionRecordRequestV1:
       type: object
       additionalProperties: false
@@ -792,8 +817,8 @@ components:
           $ref: "#/components/schemas/TrustCertificateSnapshotRequestV1"
         human_blocker_lines:
           type: array
-          minItems: 6
-          maxItems: 6
+          minItems: 1
+          maxItems: 48
           items:
             type: string
     TrustCertificateSnapshotRequestV1:
@@ -907,8 +932,8 @@ components:
       additionalProperties: false
     PublicVerificationReportCreate:
       description: >
-        POST accepts schemaVersion 2 only: { "schemaVersion": 2, "certificate": <OutcomeCertificateV1> } per
-        schemas/public-verification-report-v2.schema.json. Legacy v1 envelopes are rejected with HTTP 400.
+        POST accepts schemaVersion 3 only: { "schemaVersion": 3, "certificate": <OutcomeCertificateV2> } per
+        schemas/public-verification-report-v3.schema.json. Legacy envelope POST bodies return HTTP 400.
       type: object
       additionalProperties: true
     PublicVerificationReportCreated:
@@ -921,7 +946,7 @@ components:
       properties:
         schemaVersion:
           type: integer
-          const: 2
+          const: 3
         id:
           type: string
           format: uuid

package/schemas/outcome-certificate-v2.schema.json

@@ -0,0 +1,93 @@
+{
+  "$id": "https://agentskeptic.com/schemas/outcome-certificate-v2.schema.json",
+  "title": "OutcomeCertificateV2",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schemaVersion",
+    "workflowId",
+    "runKind",
+    "stateRelation",
+    "highStakesReliance",
+    "relianceRationale",
+    "intentSummary",
+    "explanation",
+    "steps",
+    "humanReport",
+    "evidenceCompleteness"
+  ],
+  "properties": {
+    "schemaVersion": { "type": "integer", "const": 2 },
+    "workflowId": { "type": "string", "minLength": 1, "maxLength": 512 },
+    "runKind": {
+      "type": "string",
+      "enum": ["contract_sql", "contract_sql_langgraph_checkpoint_trust", "quick_preview"]
+    },
+    "stateRelation": {
+      "type": "string",
+      "enum": ["matches_expectations", "does_not_match", "not_established"]
+    },
+    "highStakesReliance": { "type": "string", "enum": ["permitted", "prohibited"] },
+    "relianceRationale": { "type": "string", "minLength": 1, "maxLength": 8192 },
+    "intentSummary": { "type": "string", "minLength": 1, "maxLength": 8192 },
+    "explanation": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["headline", "details"],
+      "properties": {
+        "headline": { "type": "string", "minLength": 1, "maxLength": 2048 },
+        "details": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": ["code", "message"],
+            "properties": {
+              "code": { "type": "string", "minLength": 1, "maxLength": 256 },
+              "message": { "type": "string", "minLength": 1, "maxLength": 4096 }
+            }
+          }
+        }
+      }
+    },
+    "steps": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["seq", "declaredAction", "expectedOutcome", "observedOutcome"],
+        "properties": {
+          "seq": { "type": "integer", "minimum": 0 },
+          "toolId": { "type": "string", "maxLength": 512 },
+          "declaredAction": { "type": "string", "minLength": 1, "maxLength": 4096 },
+          "expectedOutcome": { "type": "string", "minLength": 1, "maxLength": 4096 },
+          "observedOutcome": { "type": "string", "minLength": 1, "maxLength": 8192 }
+        }
+      }
+    },
+    "humanReport": { "type": "string", "minLength": 1, "maxLength": 1048576 },
+    "checkpointVerdicts": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["checkpointKey", "verdict", "seqs", "productionMeaning"],
+        "properties": {
+          "checkpointKey": { "type": "string", "minLength": 1, "maxLength": 2048 },
+          "verdict": {
+            "type": "string",
+            "enum": ["verified", "inconsistent", "incomplete"]
+          },
+          "seqs": {
+            "type": "array",
+            "items": { "type": "integer", "minimum": 0 }
+          },
+          "productionMeaning": { "type": "string", "minLength": 1, "maxLength": 8192 }
+        }
+      }
+    },
+    "evidenceCompleteness": {
+      "$ref": "https://agentskeptic.com/schemas/evidence-completeness-v1.schema.json"
+    }
+  }
+}

package/schemas/public-verification-report-v3.schema.json

@@ -0,0 +1,15 @@
+{
+  "$id": "https://agentskeptic.com/schemas/public-verification-report-v3.schema.json",
+  "title": "PublicVerificationReportEnvelopeV3",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["schemaVersion", "certificate"],
+  "properties": {
+    "schemaVersion": { "type": "integer", "const": 3 },
+    "certificate": {
+      "$ref": "https://agentskeptic.com/schemas/outcome-certificate-v2.schema.json"
+    },
+    "cliVersion": { "type": "string", "maxLength": 128 },
+    "createdFrom": { "type": "string", "maxLength": 256 }
+  }
+}

package/schemas/quick-verify-report.schema.json

@@ -12,10 +12,11 @@
     "ingest",
     "units",
     "exportableRegistry",
-    "productTruth"
+    "productTruth",
+    "evidenceCompleteness"
   ],
   "properties": {
-    "schemaVersion": { "type": "integer", "const": 4 },
+    "schemaVersion": { "type": "integer", "const": 5 },
     "verdict": { "type": "string", "enum": ["pass", "fail", "uncertain"] },
     "summary": { "type": "string", "minLength": 1 },
     "verificationMode": { "type": "string", "const": "inferred" },
@@ -246,6 +247,9 @@
         "quickVerifyProvisional": { "type": "boolean", "const": true },
         "contractReplayPartialCoverage": { "type": "boolean" }
       }
+    },
+    "evidenceCompleteness": {
+      "$ref": "https://agentskeptic.com/schemas/evidence-completeness-v1.schema.json"
     }
   }
 }

package/schemas/regression-artifact-v1.schema.json

@@ -82,7 +82,7 @@
             "enum": ["contract_sql", "contract_sql_langgraph_checkpoint_trust"]
           },
           "certificateCanonicalDigest": { "type": "string", "pattern": "^[a-f0-9]{64}$" },
-          "certificate": { "$ref": "https://agentskeptic.com/schemas/outcome-certificate-v1.schema.json" }
+          "certificate": { "$ref": "https://agentskeptic.com/schemas/outcome-certificate-v2.schema.json" }
         }
       }
     },

package/schemas/trust-decision-record-v1.schema.json

@@ -64,9 +64,9 @@
     },
     "human_blocker_lines": {
       "type": "array",
-      "minItems": 6,
-      "maxItems": 6,
-      "items": { "type": "string", "maxLength": 4096 }
+      "minItems": 1,
+      "maxItems": 48,
+      "items": { "type": "string", "maxLength": 8192 }
     }
   }
 }

package/dist/decisionBlocker.contract.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=decisionBlocker.contract.test.d.ts.map

package/dist/decisionBlocker.contract.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"decisionBlocker.contract.test.d.ts","sourceRoot":"","sources":["../src/decisionBlocker.contract.test.ts"],"names":[],"mappings":""}

package/dist/decisionBlocker.contract.test.js

@@ -1,51 +0,0 @@
-import { readFileSync, mkdtempSync, rmSync } from "node:fs";
-import { join, dirname } from "node:path";
-import { tmpdir } from "node:os";
-import { fileURLToPath } from "node:url";
-import { DatabaseSync } from "node:sqlite";
-import { afterAll, beforeAll, describe, expect, it } from "vitest";
-import { buildOutcomeCertificateFromWorkflowResult } from "./outcomeCertificate.js";
-import { formatDecisionBlockerForHumans } from "./decisionBlocker.js";
-import { verifyWorkflow } from "./pipeline.js";
-const root = join(dirname(fileURLToPath(import.meta.url)), "..");
-describe("formatDecisionBlockerForHumans contract", () => {
-    /** Seeded SQLite under tmp — `examples/demo.db` is gitignored and absent on clean CI. */
-    let workDir;
-    let dbPath;
-    beforeAll(() => {
-        workDir = mkdtempSync(join(tmpdir(), "agentskeptic-decision-blocker-"));
-        dbPath = join(workDir, "demo.db");
-        const sql = readFileSync(join(root, "examples", "seed.sql"), "utf8");
-        const db = new DatabaseSync(dbPath);
-        db.exec(sql);
-        db.close();
-    });
-    afterAll(() => {
-        rmSync(workDir, { recursive: true, force: true });
-    });
-    it("emits exactly six lines with required tokens for wf_missing certificate", async () => {
-        const eventsPath = join(root, "examples", "events.ndjson");
-        const registryPath = join(root, "examples", "tools.json");
-        const result = await verifyWorkflow({
-            workflowId: "wf_missing",
-            eventsPath,
-            registryPath,
-            database: { kind: "sqlite", path: dbPath },
-            logStep: () => { },
-            truthReport: () => { },
-        });
-        const certificate = buildOutcomeCertificateFromWorkflowResult(result, "contract_sql");
-        const { lines, trustDecision } = formatDecisionBlockerForHumans(certificate);
-        expect(trustDecision).toBe("unsafe");
-        expect(lines).toHaveLength(6);
-        expect(lines[0]).toMatch(/^Trust: unsafe$/);
-        expect(lines[1]).toMatch(/^Workflow: wf_missing$/);
-        expect(lines[2]).toMatch(/^First problem step: seq=/);
-        expect(lines[2]).toContain("tool=crm.upsert_contact");
-        expect(lines[2]).toContain("status=missing");
-        expect(lines[3]).toContain("ROW_ABSENT");
-        expect(lines[4]).toMatch(/^Expected: /);
-        expect(lines[5]).toMatch(/^Observed: /);
-    });
-});
-//# sourceMappingURL=decisionBlocker.contract.test.js.map

package/dist/decisionBlocker.contract.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decisionBlocker.contract.test.js","sourceRoot":"","sources":["../src/decisionBlocker.contract.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,EAAE,yCAAyC,EAAE,MAAM,yBAAyB,CAAC;AACpF,OAAO,EAAE,8BAA8B,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;AAEjE,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACvD,yFAAyF;IACzF,IAAI,OAAe,CAAC;IACpB,IAAI,MAAc,CAAC;IAEnB,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,gCAAgC,CAAC,CAAC,CAAC;QACxE,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QACpC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACb,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;YAClC,UAAU,EAAE,YAAY;YACxB,UAAU;YACV,YAAY;YACZ,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE;YAC1C,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;YACjB,WAAW,EAAE,GAAG,EAAE,GAAE,CAAC;SACtB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,yCAAyC,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QACtF,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,8BAA8B,CAAC,WAAW,CAAC,CAAC;QAC7E,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QACnD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QACtD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACtD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/loop/failureHints.d.ts

@@ -1,6 +0,0 @@
-import type { OutcomeCertificateV1 } from "../outcomeCertificate.js";
-export declare function buildFailureHint(certificate: OutcomeCertificateV1): {
-    likelyCause: string;
-    nextAction: string;
-};
-//# sourceMappingURL=failureHints.d.ts.map

package/dist/loop/failureHints.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"failureHints.d.ts","sourceRoot":"","sources":["../../src/loop/failureHints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAyBrE,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,oBAAoB,GAAG;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAW/G"}