oxe-cc 1.2.1 → 1.3.0

package/commands/oxe/verify.md

@@ -16,7 +16,7 @@ oxe_tool_profile: review_heavy
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 442bb4594208d058
+oxe_semantics_hash: 8b47625394eec62a
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -30,7 +30,7 @@ oxe_semantics_hash: 442bb4594208d058
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `442bb4594208d058`
+- **Checksum semântico:** `8b47625394eec62a`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/verify.md` e `.oxe/context/packs/verify.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow verify --json`
@@ -39,6 +39,9 @@ oxe_semantics_hash: 442bb4594208d058
 - Se não houver findings, declarar isso explicitamente e listar riscos residuais.
 - **Seções esperadas:** Findings · Perguntas abertas · Riscos residuais · Resumo
 - **Bloqueios formais:** missing:state
+- **Caminho runtime padrão:** `oxe-cc runtime verify --dir <projeto>` → `oxe-cc runtime project --dir <projeto>`
+- **Artefatos canónicos primários:** `.oxe/runs/<run_id>/verification-manifest.json` · `.oxe/runs/<run_id>/residual-risk-ledger.json` · `.oxe/runs/<run_id>/evidence-coverage.json` · `VERIFY.md projetado`
+- **Fallback runtime:** Se runtime verify não estiver disponível, declarar fallback explícito para a verificação manual; se retornar partial, usar os gaps explícitos como backlog da revisão.
 - **Referência canónica:** `oxe/workflows/references/reasoning-review.md`
 
 <!-- oxe-reasoning-contract:end -->

package/commands/oxe/workstream.md

@@ -17,7 +17,7 @@ oxe_tool_profile: write_bounded
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 82d171363381cc0d
+oxe_semantics_hash: 380bd0a3f3620845
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -31,7 +31,7 @@ oxe_semantics_hash: 82d171363381cc0d
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `82d171363381cc0d`
+- **Checksum semântico:** `380bd0a3f3620845`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/workstream.md` e `.oxe/context/packs/workstream.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow workstream --json`

package/lib/runtime/delivery/branch-manager.d.ts

@@ -15,5 +15,6 @@ export declare class BranchManager {
     listOxeBranches(): BranchInfo[];
     mergeWorktreeBranch(worktreeBranch: string, targetBranch: string): void;
     branchExists(name: string): boolean;
+    push(remote: string, branchName: string, setUpstream?: boolean): void;
     private git;
 }

package/lib/runtime/delivery/branch-manager.js

@@ -68,6 +68,13 @@ class BranchManager {
         });
         return result.status === 0;
     }
+    push(remote, branchName, setUpstream = false) {
+        const args = ['push'];
+        if (setUpstream)
+            args.push('-u');
+        args.push(remote, branchName);
+        this.git(args);
+    }
     git(args) {
         return (0, child_process_1.execFileSync)('git', args, {
             cwd: this.projectRoot,

package/lib/runtime/delivery/ci-checks.js

@@ -41,6 +41,25 @@ exports.verifyAcceptanceCheck = {
     name: 'oxe-verify-acceptance',
     description: 'Checks that VERIFY.md exists and contains no failed criteria',
     async run(ctx) {
+        const manifestPath = path_1.default.join(ctx.projectRoot, '.oxe', 'runs', ctx.runId || '', 'verification-manifest.json');
+        if (ctx.runId && fs_1.default.existsSync(manifestPath)) {
+            try {
+                const manifest = JSON.parse(fs_1.default.readFileSync(manifestPath, 'utf8'));
+                const failCount = Number(manifest.summary?.fail || 0);
+                const errorCount = Number(manifest.summary?.error || 0);
+                return failCount === 0 && errorCount === 0
+                    ? { check: this.name, status: 'pass', message: `Manifest reports ${manifest.summary.total} checks with no failures` }
+                    : {
+                        check: this.name,
+                        status: 'fail',
+                        message: `Manifest reports ${failCount} failed and ${errorCount} errored checks`,
+                        details: manifest.summary,
+                    };
+            }
+            catch (err) {
+                return { check: this.name, status: 'error', message: `Failed to parse verification manifest: ${String(err)}` };
+            }
+        }
         const verifyPath = ctx.sessionId
             ? path_1.default.join(ctx.projectRoot, '.oxe', ctx.sessionId, 'verification', 'VERIFY.md')
             : path_1.default.join(ctx.projectRoot, '.oxe', 'VERIFY.md');
@@ -86,7 +105,21 @@ exports.policyCheck = {
                     details: pending.map((g) => ({ gate_id: g.gate_id, scope: g.scope })),
                 };
             }
-            return { check: this.name, status: 'pass', message: 'All gates resolved' };
+            if (ctx.runId) {
+                const policyPath = path_1.default.join(ctx.projectRoot, '.oxe', 'runs', ctx.runId, 'policy-decisions.json');
+                if (fs_1.default.existsSync(policyPath)) {
+                    const policyDecisions = JSON.parse(fs_1.default.readFileSync(policyPath, 'utf8'));
+                    const withoutRationale = policyDecisions.filter((decision) => decision.override && !decision.rationale);
+                    if (withoutRationale.length > 0) {
+                        return {
+                            check: this.name,
+                            status: 'fail',
+                            message: `${withoutRationale.length} policy override(s) without rationale`,
+                        };
+                    }
+                }
+            }
+            return { check: this.name, status: 'pass', message: 'All gates resolved and policy overrides are justified' };
         }
         catch (err) {
             return { check: this.name, status: 'error', message: `Failed to read GATES.json: ${String(err)}` };

package/lib/runtime/delivery/delivery-records.d.ts

@@ -0,0 +1,34 @@
+export type PromotionTarget = 'local_commit' | 'remote_promotion';
+export type PromotionRemoteTarget = 'pr_draft' | 'branch_push';
+export interface CommitRecord {
+    run_id: string;
+    branch: string;
+    commit_sha: string | null;
+    status: 'pending' | 'committed' | 'blocked';
+    created_at: string;
+    committed_at: string | null;
+    message: string | null;
+    summary_path: string | null;
+}
+export interface PromotionRecord {
+    run_id: string;
+    target: PromotionTarget;
+    target_kind: PromotionRemoteTarget;
+    branch: string;
+    status: 'pending' | 'open' | 'merged' | 'closed' | 'blocked' | 'promoted';
+    created_at: string;
+    promoted_at: string | null;
+    summary_path: string | null;
+    remote: string | null;
+    target_ref: string | null;
+    pr_url: string | null;
+    pr_number: number | null;
+    reasons?: string[];
+    coverage_percent?: number | null;
+}
+export declare function commitRecordPath(projectRoot: string, runId: string): string;
+export declare function promotionRecordPath(projectRoot: string, runId: string): string;
+export declare function saveCommitRecord(projectRoot: string, runId: string, record: CommitRecord): void;
+export declare function loadCommitRecord(projectRoot: string, runId: string): CommitRecord | null;
+export declare function savePromotionRecord(projectRoot: string, runId: string, record: PromotionRecord): void;
+export declare function loadPromotionRecord(projectRoot: string, runId: string): PromotionRecord | null;

package/lib/runtime/delivery/delivery-records.js

@@ -0,0 +1,48 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.commitRecordPath = commitRecordPath;
+exports.promotionRecordPath = promotionRecordPath;
+exports.saveCommitRecord = saveCommitRecord;
+exports.loadCommitRecord = loadCommitRecord;
+exports.savePromotionRecord = savePromotionRecord;
+exports.loadPromotionRecord = loadPromotionRecord;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+function runDir(projectRoot, runId) {
+    return path_1.default.join(projectRoot, '.oxe', 'runs', runId);
+}
+function saveJson(filePath, payload) {
+    fs_1.default.mkdirSync(path_1.default.dirname(filePath), { recursive: true });
+    fs_1.default.writeFileSync(filePath, JSON.stringify(payload, null, 2), 'utf8');
+}
+function loadJson(filePath) {
+    if (!fs_1.default.existsSync(filePath))
+        return null;
+    try {
+        return JSON.parse(fs_1.default.readFileSync(filePath, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+function commitRecordPath(projectRoot, runId) {
+    return path_1.default.join(runDir(projectRoot, runId), 'commit-record.json');
+}
+function promotionRecordPath(projectRoot, runId) {
+    return path_1.default.join(runDir(projectRoot, runId), 'promotion-record.json');
+}
+function saveCommitRecord(projectRoot, runId, record) {
+    saveJson(commitRecordPath(projectRoot, runId), record);
+}
+function loadCommitRecord(projectRoot, runId) {
+    return loadJson(commitRecordPath(projectRoot, runId));
+}
+function savePromotionRecord(projectRoot, runId, record) {
+    saveJson(promotionRecordPath(projectRoot, runId), record);
+}
+function loadPromotionRecord(projectRoot, runId) {
+    return loadJson(promotionRecordPath(projectRoot, runId));
+}

package/lib/runtime/delivery/index.d.ts

@@ -1,4 +1,5 @@
 export * from './branch-manager';
 export * from './pr-manager';
 export * from './ci-checks';
+export * from './delivery-records';
 export * from './promotion-pipeline';

package/lib/runtime/delivery/index.js

@@ -17,4 +17,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./branch-manager"), exports);
 __exportStar(require("./pr-manager"), exports);
 __exportStar(require("./ci-checks"), exports);
+__exportStar(require("./delivery-records"), exports);
 __exportStar(require("./promotion-pipeline"), exports);

package/lib/runtime/delivery/promotion-pipeline.d.ts

@@ -1,7 +1,10 @@
 import type { PRManager } from './pr-manager';
 import type { BranchManager } from './branch-manager';
 import type { VerificationManifest, ResidualRiskLedger } from '../verification/verification-manifest';
+import type { EvidenceCoverageSummary } from '../verification/verification-manifest';
 import type { RunResult } from '../scheduler/scheduler';
+import type { GateToken } from '../gate/gate-manager';
+import { type CommitRecord, type PromotionRecord, type PromotionRemoteTarget } from './delivery-records';
 export interface RunPRLink {
     run_id: string;
     branch: string;
@@ -16,15 +19,24 @@ export interface PromotionOptions {
     draftPR?: boolean;
     autoMerge?: boolean;
     mergeMethod?: 'merge' | 'squash' | 'rebase';
+    targetRef?: string;
+    remote?: string;
+    targetKind?: PromotionRemoteTarget;
+    minimumCoverage?: number;
 }
 export type MergeGateVerdict = 'approved' | 'blocked' | 'needs_review';
 export interface MergeGateReport {
     verdict: MergeGateVerdict;
     reasons: string[];
     blocking_risks: string[];
+    pending_gates: Array<{
+        gate_id: string;
+        scope: string;
+        work_item_id: string | null;
+    }>;
 }
 export declare class MergeGateEvaluator {
-    evaluate(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null): MergeGateReport;
+    evaluate(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null, gates?: GateToken[], evidenceCoverage?: EvidenceCoverageSummary | null, minimumCoverage?: number): MergeGateReport;
 }
 export declare class PromotionPipeline {
     private readonly projectRoot;
@@ -32,8 +44,20 @@ export declare class PromotionPipeline {
     private readonly prManager;
     private readonly gateEvaluator;
     constructor(projectRoot: string, branchManager: BranchManager, prManager: PRManager, gateEvaluator?: MergeGateEvaluator);
+    private baseSummaryLines;
+    buildCommitSummary(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null, commitMessage?: string | null): string;
+    buildPromotionSummary(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null): string;
     buildPRBody(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null): string;
-    promote(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null, opts?: PromotionOptions): Promise<RunPRLink>;
+    recordLocalCommit(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null, options?: {
+        commitMessage?: string;
+        commitSha?: string | null;
+        summaryPath?: string | null;
+    }): CommitRecord;
+    promote(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null, opts?: PromotionOptions, gates?: GateToken[], evidenceCoverage?: EvidenceCoverageSummary | null): Promise<PromotionRecord>;
+    loadCommitRecord(runId: string): CommitRecord | null;
+    loadPromotionRecord(runId: string): PromotionRecord | null;
     savePRLink(runId: string, link: RunPRLink): void;
     loadPRLink(runId: string): RunPRLink | null;
+    private asRunPRLink;
+    private safeCurrentCommit;
 }

package/lib/runtime/delivery/promotion-pipeline.js

@@ -6,10 +6,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PromotionPipeline = exports.MergeGateEvaluator = void 0;
 const path_1 = __importDefault(require("path"));
 const fs_1 = __importDefault(require("fs"));
+const delivery_records_1 = require("./delivery-records");
 class MergeGateEvaluator {
-    evaluate(runResult, manifest, riskLedger) {
+    evaluate(runResult, manifest, riskLedger, gates = [], evidenceCoverage = null, minimumCoverage = 100) {
         const reasons = [];
         const blockingRisks = [];
+        const pendingGates = gates
+            .filter((gate) => gate.status === 'pending')
+            .map((gate) => ({
+            gate_id: gate.gate_id,
+            scope: gate.scope,
+            work_item_id: gate.work_item_id ?? null,
+        }));
         if (runResult.failed.length > 0) {
             reasons.push(`${runResult.failed.length} task(s) failed: ${runResult.failed.join(', ')}`);
         }
@@ -25,9 +33,15 @@ class MergeGateEvaluator {
                 blockingRisks.push(`[${risk.severity.toUpperCase()}] ${risk.description}`);
             }
         }
+        if (pendingGates.length > 0) {
+            reasons.push(`${pendingGates.length} pending gate(s)`);
+        }
+        if (evidenceCoverage && evidenceCoverage.coverage_percent < minimumCoverage) {
+            reasons.push(`Evidence coverage below threshold: ${evidenceCoverage.coverage_percent}%/${minimumCoverage}%`);
+        }
         const hasBlockers = reasons.length > 0 || blockingRisks.length > 0;
         const verdict = hasBlockers ? 'blocked' : 'approved';
-        return { verdict, reasons, blocking_risks: blockingRisks };
+        return { verdict, reasons, blocking_risks: blockingRisks, pending_gates: pendingGates };
     }
 }
 exports.MergeGateEvaluator = MergeGateEvaluator;
@@ -38,10 +52,8 @@ class PromotionPipeline {
         this.prManager = prManager;
         this.gateEvaluator = gateEvaluator;
     }
-    buildPRBody(runResult, manifest, riskLedger) {
+    baseSummaryLines(runResult, manifest, riskLedger) {
         const lines = [];
-        lines.push('## OXE Run Summary');
-        lines.push('');
         lines.push(`**Run ID:** \`${runResult.run_id}\``);
         lines.push(`**Status:** ${runResult.status}`);
         lines.push(`**Completed:** ${runResult.completed.length} tasks`);
@@ -71,25 +83,79 @@ class PromotionPipeline {
         lines.push('');
         lines.push('---');
         lines.push('*Generated by OXE Runtime*');
+        return lines;
+    }
+    buildCommitSummary(runResult, manifest, riskLedger, commitMessage = null) {
+        const lines = ['## OXE Commit Summary', ''];
+        if (commitMessage)
+            lines.push(`**Commit message:** \`${commitMessage}\``, '');
+        lines.push(...this.baseSummaryLines(runResult, manifest, riskLedger));
+        return lines.join('\n');
+    }
+    buildPromotionSummary(runResult, manifest, riskLedger) {
+        const lines = ['## OXE Promotion Summary', '', ...this.baseSummaryLines(runResult, manifest, riskLedger)];
         return lines.join('\n');
     }
-    async promote(runResult, manifest, riskLedger, opts = {}) {
-        const gateReport = this.gateEvaluator.evaluate(runResult, manifest, riskLedger);
+    buildPRBody(runResult, manifest, riskLedger) {
+        return this.buildPromotionSummary(runResult, manifest, riskLedger);
+    }
+    recordLocalCommit(runResult, manifest, riskLedger, options = {}) {
+        const blocked = runResult.failed.length > 0 || runResult.blocked.length > 0;
+        const record = {
+            run_id: runResult.run_id,
+            branch: this.branchManager.currentBranch(),
+            commit_sha: options.commitSha ?? this.safeCurrentCommit(),
+            status: blocked ? 'blocked' : 'committed',
+            created_at: new Date().toISOString(),
+            committed_at: blocked ? null : new Date().toISOString(),
+            message: options.commitMessage ?? null,
+            summary_path: options.summaryPath ?? null,
+        };
+        (0, delivery_records_1.saveCommitRecord)(this.projectRoot, runResult.run_id, record);
+        return record;
+    }
+    async promote(runResult, manifest, riskLedger, opts = {}, gates = [], evidenceCoverage = null) {
+        const gateReport = this.gateEvaluator.evaluate(runResult, manifest, riskLedger, gates, evidenceCoverage, opts.minimumCoverage ?? 100);
+        const targetKind = opts.targetKind ?? 'pr_draft';
         const link = {
             run_id: runResult.run_id,
+            target: 'remote_promotion',
+            target_kind: targetKind,
             branch: this.branchManager.currentBranch(),
-            pr_url: null,
-            pr_number: null,
             status: 'pending',
             created_at: new Date().toISOString(),
-            merged_at: null,
+            promoted_at: null,
+            summary_path: null,
+            remote: opts.remote ?? 'origin',
+            target_ref: opts.targetRef ?? opts.baseBranch ?? 'main',
+            pr_url: null,
+            pr_number: null,
+            reasons: gateReport.reasons,
+            coverage_percent: evidenceCoverage ? evidenceCoverage.coverage_percent : null,
         };
         if (gateReport.verdict === 'blocked') {
             link.status = 'blocked';
-            this.savePRLink(runResult.run_id, link);
+            (0, delivery_records_1.savePromotionRecord)(this.projectRoot, runResult.run_id, link);
+            this.savePRLink(runResult.run_id, this.asRunPRLink(link));
             return link;
         }
-        const body = this.buildPRBody(runResult, manifest, riskLedger);
+        if (targetKind === 'branch_push') {
+            try {
+                this.branchManager.push(opts.remote ?? 'origin', link.branch, false);
+                link.status = 'promoted';
+                link.promoted_at = new Date().toISOString();
+                (0, delivery_records_1.savePromotionRecord)(this.projectRoot, runResult.run_id, link);
+                this.savePRLink(runResult.run_id, this.asRunPRLink(link));
+                return link;
+            }
+            catch {
+                link.status = 'blocked';
+                (0, delivery_records_1.savePromotionRecord)(this.projectRoot, runResult.run_id, link);
+                this.savePRLink(runResult.run_id, this.asRunPRLink(link));
+                return link;
+            }
+        }
+        const body = this.buildPromotionSummary(runResult, manifest, riskLedger);
         const title = `oxe: run ${runResult.run_id} — ${runResult.completed.length} tasks`;
         const prResult = this.prManager.createDraft({
             title,
@@ -99,14 +165,23 @@ class PromotionPipeline {
         });
         if (!prResult.success || !prResult.url) {
             link.status = 'blocked';
-            this.savePRLink(runResult.run_id, link);
+            (0, delivery_records_1.savePromotionRecord)(this.projectRoot, runResult.run_id, link);
+            this.savePRLink(runResult.run_id, this.asRunPRLink(link));
             return link;
         }
         link.pr_url = prResult.url;
         link.status = 'open';
-        this.savePRLink(runResult.run_id, link);
+        link.promoted_at = new Date().toISOString();
+        (0, delivery_records_1.savePromotionRecord)(this.projectRoot, runResult.run_id, link);
+        this.savePRLink(runResult.run_id, this.asRunPRLink(link));
         return link;
     }
+    loadCommitRecord(runId) {
+        return (0, delivery_records_1.loadCommitRecord)(this.projectRoot, runId);
+    }
+    loadPromotionRecord(runId) {
+        return (0, delivery_records_1.loadPromotionRecord)(this.projectRoot, runId);
+    }
     savePRLink(runId, link) {
         const p = path_1.default.join(this.projectRoot, '.oxe', 'runs', runId, 'pr-link.json');
         fs_1.default.mkdirSync(path_1.default.dirname(p), { recursive: true });
@@ -119,6 +194,28 @@ class PromotionPipeline {
         try {
             return JSON.parse(fs_1.default.readFileSync(p, 'utf8'));
         }
+        catch {
+            const promotion = (0, delivery_records_1.loadPromotionRecord)(this.projectRoot, runId);
+            return promotion ? this.asRunPRLink(promotion) : null;
+        }
+    }
+    asRunPRLink(record) {
+        return {
+            run_id: record.run_id,
+            branch: record.branch,
+            pr_url: record.pr_url,
+            pr_number: record.pr_number,
+            status: record.target_kind === 'branch_push'
+                ? (record.status === 'blocked' ? 'blocked' : 'open')
+                : (record.status === 'promoted' ? 'open' : record.status),
+            created_at: record.created_at,
+            merged_at: record.status === 'merged' ? record.promoted_at : null,
+        };
+    }
+    safeCurrentCommit() {
+        try {
+            return this.branchManager.currentCommit();
+        }
         catch {
             return null;
         }

package/lib/runtime/gate/gate-manager.d.ts

@@ -2,13 +2,25 @@ import type { GateScope, GateDecisionValue } from '../models/gate-decision';
 export interface GateContext {
     work_item_id?: string;
     run_id?: string;
+    action?: string;
     description: string;
     evidence_refs: string[];
     risks: string[];
+    rationale?: string;
+    policy_decision_id?: string | null;
+}
+export interface GateResolutionRecord {
+    decision: GateDecisionValue;
+    actor: string;
+    reason?: string;
+    resolved_at: string;
 }
 export interface GateToken {
     gate_id: string;
     scope: GateScope;
+    run_id: string | null;
+    work_item_id: string | null;
+    action: string | null;
     requested_at: string;
     context: GateContext;
     status: 'pending' | 'resolved';
@@ -16,12 +28,32 @@ export interface GateToken {
     actor?: string;
     reason?: string;
     resolved_at?: string;
+    resolution_history?: GateResolutionRecord[];
 }
 export interface GateResolution {
     decision: GateDecisionValue;
     actor: string;
     reason?: string;
 }
+export interface GateQuery {
+    run_id?: string | null;
+    status?: 'pending' | 'stale' | 'resolved' | 'all';
+    scope?: GateScope;
+    work_item_id?: string | null;
+    action?: string | null;
+    gate_sla_hours?: number;
+}
+export interface GateQueueSnapshot {
+    total: number;
+    gate_sla_hours: number;
+    pending: GateToken[];
+    stale_pending: GateToken[];
+    staleCount: number;
+    resolved_recent: GateToken[];
+    byRun: Record<string, number>;
+    byScope: Record<string, number>;
+    all: GateToken[];
+}
 export declare class GateManager {
     private readonly projectRoot;
     private readonly sessionId;
@@ -34,6 +66,15 @@ export declare class GateManager {
     resolve(token: GateToken, resolution: GateResolution): Promise<GateToken>;
     isPending(scope: GateScope): boolean;
     listPending(): GateToken[];
+    listResolved(): GateToken[];
+    listPendingByRun(runId?: string): GateToken[];
+    listPendingForWorkItem(workItemId: string): GateToken[];
+    stalePending(maxAgeHours?: number): GateToken[];
+    listRecentResolved(maxAgeHours?: number): GateToken[];
     listAll(): GateToken[];
     get(gateId: string): GateToken | null;
+    filter(query?: GateQuery): GateToken[];
+    snapshot(maxAgeHours?: number, query?: Omit<GateQuery, 'gate_sla_hours'>): GateQueueSnapshot;
 }
+export declare function listPendingGates(manager: GateManager, runId?: string, query?: Omit<GateQuery, 'run_id'>): GateQueueSnapshot;
+export declare function resolveGate(manager: GateManager, gateId: string, resolution: GateResolution): Promise<GateToken>;