pluribus-context 0.3.28 → 0.3.30

package/docs/context-budget-receipts.md

@@ -43,6 +43,29 @@ A useful receipt starts small:
 
 Keep exact counts when they are not sensitive. Bucket token counts and sizes when exact values could reveal private workload shape.
 
+## Post-hoc pruning / context cleaning
+
+Context-cleaning tools can reduce a bloated session after context has already entered the transcript. That creates a separate proof boundary from lazy loading: what was pruned, minified, stubbed, deduped, protected, and backed up?
+
+The receipt should prove:
+
+- prescription/mode/trigger without raw session JSONL;
+- before/after token and byte buckets;
+- per-strategy candidate, changed, removed, and protected buckets;
+- compact summaries, behavioral digests, active task state, and other protected items were not removed;
+- a backup was created/verified for executed runs; and
+- raw tool output, file contents, session text, emails, secrets, paths, and customer data stayed out of the receipt.
+
+Runnable fixture:
+
+```bash
+node examples/context-input-evidence/convert-pruning-log.mjs
+```
+
+Public trace:
+
+- `examples/context-input-evidence/pruning-otel-trace.json`
+
 ## Subagent boot budget
 
 Subagents can fail before task #1 if they inherit every MCP schema, skill listing, rule, or memory index from the parent. The receipt should separate:
@@ -79,6 +102,34 @@ Minimal events:
 - `subagent.mcp_policy.applied`
 - `subagent.context_boot.evaluated`
 
+## ToolSearch propagation into subagents
+
+When MCP tools are deferred behind `ToolSearch`, subagent bugs can hide in three different layers:
+
+- the parent/orchestrator policy intended to expose or exclude MCP/ToolSearch;
+- the subagent `tools:` declaration made `ToolSearch` available, stripped it, or froze an older registry; and
+- the runtime filter actually exposed the deferred-tools channel after spawn.
+
+The receipt should make those layers distinguishable without raw tool schemas, prompts, agent files, or private paths. It should include:
+
+- spawn path and whether skill context was active;
+- coarse bucket for parent intermediate tool calls before spawn;
+- `tools:` declaration shape such as wildcard, explicit include, or exclusion style;
+- whether `ToolSearch` was declared and actually exposed to the subagent;
+- parent vs subagent MCP server count buckets;
+- loaded vs deferred tool-definition buckets; and
+- a `filtered_by` or `filter_reason` category.
+
+Runnable fixture:
+
+```bash
+node examples/context-input-evidence/convert-subagent-toolsearch-propagation-log.mjs
+```
+
+Public trace:
+
+- `examples/context-input-evidence/subagent-toolsearch-propagation-otel-trace.json`
+
 ## Delegation boundary
 
 A subagent can save parent context at boot and still lose the benefit if raw child output is pasted back into the parent. The receipt should prove:

package/docs/context-input-evidence.md

@@ -330,6 +330,20 @@ It reads `sample-compaction-log.jsonl` and writes `compaction-receipt.ndjson` pl
 
 This is for reliability/auditability work where users need to know whether the original engineering objective survived compaction. The receipt should prove the compaction boundary and item decisions without exposing raw prompts, private instructions, tool outputs, memory bodies, summaries, customer data, or transcripts.
 
+To test post-hoc pruning / context-cleaning receipts — where a Claude Code-style session cleaner trims, minifies, stubs, or dedupes context after it entered the transcript — run:
+
+```bash
+node examples/context-input-evidence/convert-pruning-log.mjs
+```
+
+It reads `sample-pruning-log.jsonl` and writes `pruning-receipt.ndjson` plus `pruning-otel-trace.json`. The sample emits three event types:
+
+- `context.prune.started` — prescription, mode, trigger, before token/byte buckets, backup identity hash, plan hash, and privacy flags.
+- `context.prune.strategy.evaluated` — each pruning strategy, action (`trimmed`, `minified`, `deduped`, or `protected`), candidate/changed/protected buckets, removed token/byte buckets, reason hash, and sample hash.
+- `context.prune.completed` — after token/byte buckets, changed/protected item buckets, backup verification, summary hash, and the audit gap.
+
+This is for tools that promise to clean bloated sessions while preserving active task state. The receipt should prove what was pruned and what was protected without exporting raw session JSONL, tool outputs, file contents, paths, secrets, emails, screenshots, customer data, or summaries.
+
 To test incremental memory consolidation — where a shared-memory server runs a hook-safe pass after a session and turns several recent memories into one consolidated memory with lineage — run:
 
 ```bash

package/examples/agent-skills/context-receipts/README.md

@@ -13,10 +13,14 @@ It is intentionally markdown-only so it can be copied into a local skills direct
 Ask an agent or harness using the skill to emit a receipt for one workflow and verify these constraints:
 
 ```bash
-grep -E 'mcp\.tool_index\.loaded|context\.skill\.registry\.index\.loaded|subagent\.mcp_policy\.applied|subagent\.delegation\.requested' receipt.jsonl
+grep -E 'mcp\.tool_index\.loaded|context\.skill\.registry\.index\.loaded|subagent\.mcp_policy\.applied|subagent\.toolsearch\.propagation\.evaluated|subagent\.delegation\.requested' receipt.jsonl
 grep -E 'raw_(schema|query|args|result|output)_copied":false|raw.*CopiedToReceipt":false' receipt.jsonl
 ```
 
 Then manually check that the receipt contains counts, hashes, ids, buckets, and `audit_gap`, but does **not** contain private prompts, raw schemas, tool args/results, skill bodies, memory bodies, customer names, secrets, or transcript text.
 
-For executable fixture examples, see [`../../context-input-evidence/`](../../context-input-evidence/).
+For executable fixture examples, see [`../../context-input-evidence/`](../../context-input-evidence/), including the ToolSearch propagation smoke:
+
+```bash
+node ../../context-input-evidence/convert-subagent-toolsearch-propagation-log.mjs
+```

package/examples/agent-skills/context-receipts/SKILL.md

@@ -77,6 +77,24 @@ Minimal JSONL event names:
 {"event":"subagent.context_boot.evaluated","subagent_role":"testing","loaded_tool_definition_count":0,"deferred_tool_definition_count":48,"startup_token_bucket":"50k_75k","raw_schema_copied":false,"audit_gap":"proves injection boundary, not tool relevance"}
 ```
 
+## ToolSearch propagation smoke
+
+For subagents that should inherit MCP through `ToolSearch`, distinguish policy, declaration, and runtime filtering:
+
+- did the parent/orchestrator intend to expose MCP or exclude it for this subagent?
+- was the subagent spawned immediately or after parent tool calls/orchestration work?
+- was the `tools:` declaration wildcard, explicit include, or exclusion style?
+- was `ToolSearch` declared and was it actually exposed in the subagent tool surface?
+- did MCP servers/tool definitions stay deferred, or did the channel collapse to zero?
+- was the agent registry loaded at session boot, making newly added agent files invisible until restart?
+
+Minimal JSONL event names:
+
+```jsonl
+{"event":"subagent.toolsearch.propagation.evaluated","spawn_path":"Task","tools_declaration_shape":"enumerated_include","toolsearch_declared":false,"toolsearch_exposed":false,"mcp_servers_available_bucket":"0","deferred_tool_definitions_bucket":"0","filtered_by":"frontmatter_tools_policy_or_runtime_filter","raw_tool_schemas_copied":false}
+{"event":"subagent.toolsearch.matrix.completed","tested_axis":"tools_frontmatter_shape","audit_gap":"proves ToolSearch exposure, not semantic tool relevance or runtime call success"}
+```
+
 ## Subagent / manager boundary smoke
 
 For subagents, manager agents, or child workers, answer:

package/examples/context-input-evidence/convert-pruning-log.mjs

@@ -0,0 +1,275 @@
+#!/usr/bin/env node
+import { createHash } from 'node:crypto';
+import { readFileSync, writeFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const here = dirname(fileURLToPath(import.meta.url));
+const inputPath = process.argv[2] ? resolve(process.argv[2]) : join(here, 'sample-pruning-log.jsonl');
+const receiptPath = process.argv[3] ? resolve(process.argv[3]) : join(here, 'pruning-receipt.ndjson');
+const tracePath = process.argv[4] ? resolve(process.argv[4]) : join(here, 'pruning-otel-trace.json');
+
+function sha256(value) {
+  return `sha256:${createHash('sha256').update(value ?? '').digest('hex')}`;
+}
+
+function hashRef(value) {
+  return sha256(value ?? '').slice(0, 19);
+}
+
+function readJsonl(path) {
+  return readFileSync(path, 'utf8')
+    .trim()
+    .split('\n')
+    .filter(Boolean)
+    .map((line, index) => {
+      try {
+        return JSON.parse(line);
+      } catch (error) {
+        throw new Error(`Invalid JSONL at ${path}:${index + 1}: ${error.message}`);
+      }
+    });
+}
+
+function unixNano(isoTimestamp) {
+  return `${BigInt(Date.parse(isoTimestamp)) * 1_000_000n}`;
+}
+
+function otelValue(value) {
+  if (typeof value === 'boolean') return { boolValue: value };
+  if (typeof value === 'number' && Number.isInteger(value)) return { intValue: String(value) };
+  if (typeof value === 'number') return { doubleValue: value };
+  if (value == null) return { stringValue: '' };
+  return { stringValue: String(value) };
+}
+
+function attributesToOtel(attributes) {
+  return Object.entries(attributes).map(([key, value]) => ({ key, value: otelValue(value) }));
+}
+
+function tokenBucket(value) {
+  if (value < 1_000) return 'under_1k';
+  if (value < 10_000) return 'under_10k';
+  if (value < 50_000) return 'under_50k';
+  if (value < 100_000) return 'under_100k';
+  return 'over_100k';
+}
+
+function bytesBucket(value) {
+  if (value < 1024) return 'under_1kb';
+  if (value < 1024 * 1024) return 'under_1mb';
+  if (value < 10 * 1024 * 1024) return 'under_10mb';
+  if (value < 50 * 1024 * 1024) return 'under_50mb';
+  return 'over_50mb';
+}
+
+function countBucket(value) {
+  if (value === 0) return 'zero';
+  if (value <= 5) return 'under_5';
+  if (value <= 25) return 'under_25';
+  if (value <= 100) return 'under_100';
+  if (value <= 500) return 'under_500';
+  return 'over_500';
+}
+
+function ratioBucket(numerator, denominator) {
+  const ratio = denominator > 0 ? numerator / denominator : 0;
+  if (ratio < 0.25) return 'under_25_percent';
+  if (ratio < 0.5) return 'under_50_percent';
+  if (ratio < 0.75) return 'under_75_percent';
+  if (ratio < 0.9) return 'under_90_percent';
+  return 'over_90_percent';
+}
+
+const records = readJsonl(inputPath);
+const session = records.find((record) => record.type === 'session.start');
+const start = records.find((record) => record.type === 'context.prune.start');
+const strategies = records.filter((record) => record.type === 'context.prune.strategy.evaluated');
+const completed = records.find((record) => record.type === 'context.prune.completed');
+
+if (!session || !start || strategies.length === 0 || !completed) {
+  throw new Error(`Expected session.start, context.prune.start, strategy evaluations, and context.prune.completed records in ${inputPath}`);
+}
+
+const traceSeed = `${session.session_id}:${start.run_id}:context-pruning`;
+const traceId = sha256(traceSeed).replace('sha256:', '').slice(0, 32);
+const spanId = sha256(`${traceSeed}:span`).replace('sha256:', '').slice(0, 16);
+const runIdHash = hashRef(start.run_id);
+
+const startedEvent = {
+  trace_id: traceId,
+  span_id: spanId,
+  name: 'context.prune.started',
+  time: start.time,
+  attributes: {
+    'session.id': session.session_id,
+    'gen_ai.conversation.id': session.conversation_id,
+    'agent.name': session.agent,
+    'context.prune.run_id_hash': runIdHash,
+    'context.prune.tool': start.tool,
+    'context.prune.command_hash': sha256(start.command),
+    'context.prune.prescription': start.prescription,
+    'context.prune.mode': start.mode,
+    'context.prune.trigger': start.trigger,
+    'context.prune.context_window_bucket': tokenBucket(start.context_window_tokens),
+    'context.prune.token_count.before_bucket': tokenBucket(start.token_count_before),
+    'context.prune.byte_count.before_bucket': bytesBucket(start.byte_count_before),
+    'context.prune.start_ratio_bucket': ratioBucket(start.token_count_before, start.context_window_tokens),
+    'context.prune.backup_id_hash': hashRef(start.backup_id),
+    'context.prune.backup.created': true,
+    'context.prune.plan.hash': sha256(start.raw_plan_notes),
+    'privacy.raw_session_recorded': false,
+    'privacy.raw_plan_recorded': false,
+    'privacy.raw_prompt_recorded': false,
+    'privacy.raw_tool_output_recorded': false
+  }
+};
+
+const strategyEvents = strategies.map((strategy) => ({
+  trace_id: traceId,
+  span_id: spanId,
+  name: 'context.prune.strategy.evaluated',
+  time: strategy.time,
+  attributes: {
+    'session.id': session.session_id,
+    'gen_ai.conversation.id': session.conversation_id,
+    'context.prune.run_id_hash': runIdHash,
+    'context.prune.strategy': strategy.strategy,
+    'context.prune.strategy.action': strategy.action,
+    'context.prune.strategy.candidate_count_bucket': countBucket(strategy.candidate_count),
+    'context.prune.strategy.changed_count_bucket': countBucket(strategy.changed_count),
+    'context.prune.strategy.protected_count_bucket': countBucket(strategy.protected_count),
+    'context.prune.strategy.token_count.before_bucket': tokenBucket(strategy.token_count_before),
+    'context.prune.strategy.token_count.removed_bucket': tokenBucket(strategy.token_count_removed),
+    'context.prune.strategy.byte_count.removed_bucket': bytesBucket(strategy.byte_count_removed),
+    'context.prune.strategy.reason_hash': sha256(strategy.reason),
+    'context.prune.strategy.sample_hash': sha256(strategy.raw_sample),
+    'context.prune.strategy.raw_text_recorded': false,
+    'privacy.raw_session_recorded': false,
+    'privacy.raw_tool_output_recorded': false,
+    'privacy.raw_file_content_recorded': false
+  }
+}));
+
+const completedEvent = {
+  trace_id: traceId,
+  span_id: spanId,
+  name: 'context.prune.completed',
+  time: completed.time,
+  attributes: {
+    'session.id': session.session_id,
+    'gen_ai.conversation.id': session.conversation_id,
+    'context.prune.run_id_hash': runIdHash,
+    'context.prune.status': completed.status,
+    'context.prune.token_count.after_bucket': tokenBucket(completed.token_count_after),
+    'context.prune.byte_count.after_bucket': bytesBucket(completed.byte_count_after),
+    'context.prune.token_count.removed_bucket': tokenBucket(completed.total_token_count_removed),
+    'context.prune.byte_count.removed_bucket': bytesBucket(completed.total_byte_count_removed),
+    'context.prune.end_ratio_bucket': ratioBucket(completed.token_count_after, start.context_window_tokens),
+    'context.prune.changed_item_count_bucket': countBucket(completed.changed_item_count),
+    'context.prune.protected_item_count_bucket': countBucket(completed.protected_item_count),
+    'context.prune.backup.verified': completed.backup_verified,
+    'context.prune.summary.hash': sha256(completed.raw_summary),
+    'context.prune.audit_gap': completed.audit_gap,
+    'privacy.raw_session_recorded': false,
+    'privacy.raw_summary_recorded': false,
+    'privacy.raw_tool_output_recorded': false,
+    'privacy.raw_file_content_recorded': false
+  }
+};
+
+const events = [startedEvent, ...strategyEvents, completedEvent]
+  .sort((left, right) => Date.parse(left.time) - Date.parse(right.time));
+
+writeFileSync(receiptPath, `${events.map((event) => JSON.stringify(event)).join('\n')}\n`);
+
+const trace = {
+  resourceSpans: [
+    {
+      resource: {
+        attributes: attributesToOtel({
+          'service.name': 'pluribus-context-pruning-receipt-demo',
+          'service.version': '0.0.0-fixture',
+          'deployment.environment.name': 'local-fixture'
+        })
+      },
+      scopeSpans: [
+        {
+          scope: {
+            name: 'pluribus.context_input_evidence.pruning_demo',
+            version: '0.0.0-fixture'
+          },
+          spans: [
+            {
+              traceId,
+              spanId,
+              parentSpanId: '',
+              name: 'agent.session.context_prune',
+              kind: 1,
+              startTimeUnixNano: unixNano(start.time),
+              endTimeUnixNano: unixNano(completed.time),
+              attributes: attributesToOtel({
+                'session.id': session.session_id,
+                'gen_ai.conversation.id': session.conversation_id,
+                'agent.name': session.agent,
+                'workspace.name': session.workspace,
+                'gen_ai.request.model': session.model,
+                'context.prune.run_id_hash': runIdHash,
+                'context.prune.prescription': start.prescription,
+                'context.prune.mode': start.mode,
+                'context.prune.trigger': start.trigger
+              }),
+              events: events.map((event) => ({
+                name: event.name,
+                timeUnixNano: unixNano(event.time),
+                attributes: attributesToOtel(event.attributes)
+              }))
+            }
+          ]
+        }
+      ]
+    }
+  ]
+};
+
+writeFileSync(tracePath, `${JSON.stringify(trace, null, 2)}\n`);
+
+const forbiddenRawStrings = [
+  'Acme-Co',
+  'sk_live_private_fixture',
+  'finance@acme.example',
+  'Bearer private_fixture',
+  'PAY-1234',
+  '/workspace/acme',
+  '/private/work/acme',
+  'private support transcript',
+  'internal deployment host',
+  'private order',
+  'auth header'
+];
+const exportedText = `${events.map((event) => JSON.stringify(event)).join('\n')}\n${JSON.stringify(trace)}`;
+const rawTextCopiedToReceipt = forbiddenRawStrings.some((value) => exportedText.includes(value));
+const strategyActionCounts = strategies.reduce((counts, strategy) => {
+  counts[strategy.action] = (counts[strategy.action] ?? 0) + 1;
+  return counts;
+}, {});
+
+const summary = {
+  schema: 'pluribus.contextPruningReceipt.demo.v0',
+  eventCount: events.length,
+  strategyEvents: strategyEvents.length,
+  strategyActionCounts,
+  tokenBeforeBucket: startedEvent.attributes['context.prune.token_count.before_bucket'],
+  tokenAfterBucket: completedEvent.attributes['context.prune.token_count.after_bucket'],
+  tokenRemovedBucket: completedEvent.attributes['context.prune.token_count.removed_bucket'],
+  changedItemCountBucket: completedEvent.attributes['context.prune.changed_item_count_bucket'],
+  protectedItemCountBucket: completedEvent.attributes['context.prune.protected_item_count_bucket'],
+  backupVerified: completedEvent.attributes['context.prune.backup.verified'],
+  includesAuditGap: completedEvent.attributes['context.prune.audit_gap'],
+  rawTextCopiedToReceipt,
+  receiptPath: 'examples/context-input-evidence/pruning-receipt.ndjson',
+  tracePath: 'examples/context-input-evidence/pruning-otel-trace.json',
+  lesson: 'Post-hoc context cleaning needs receipts for what was pruned, minified, stubbed, protected, backed up, and kept private; token savings alone do not prove safe context preservation.'
+};
+
+console.log(JSON.stringify(summary, null, 2));

package/examples/context-input-evidence/convert-subagent-toolsearch-propagation-log.mjs

@@ -0,0 +1,171 @@
+#!/usr/bin/env node
+import { createHash } from 'node:crypto';
+import { readFileSync, writeFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const here = dirname(fileURLToPath(import.meta.url));
+const inputPath = process.argv[2] ? resolve(process.argv[2]) : join(here, 'sample-subagent-toolsearch-propagation-log.jsonl');
+const receiptPath = process.argv[3] ? resolve(process.argv[3]) : join(here, 'subagent-toolsearch-propagation-receipt.ndjson');
+const tracePath = process.argv[4] ? resolve(process.argv[4]) : join(here, 'subagent-toolsearch-propagation-otel-trace.json');
+
+function sha256(value) {
+  return `sha256:${createHash('sha256').update(value ?? '').digest('hex')}`;
+}
+
+function hashRef(value) {
+  return sha256(value ?? '').slice(0, 19);
+}
+
+function readJsonl(path) {
+  return readFileSync(path, 'utf8')
+    .trim()
+    .split('\n')
+    .filter(Boolean)
+    .map((line, index) => {
+      try {
+        return JSON.parse(line);
+      } catch (error) {
+        throw new Error(`Invalid JSONL at ${path}:${index + 1}: ${error.message}`);
+      }
+    });
+}
+
+function unixNano(isoTimestamp) {
+  return `${BigInt(Date.parse(isoTimestamp)) * 1_000_000n}`;
+}
+
+function otelValue(value) {
+  if (typeof value === 'boolean') return { boolValue: value };
+  if (typeof value === 'number' && Number.isInteger(value)) return { intValue: String(value) };
+  if (typeof value === 'number') return { doubleValue: value };
+  if (value == null) return { stringValue: '' };
+  return { stringValue: String(value) };
+}
+
+function attributesToOtel(attributes) {
+  return Object.entries(attributes).map(([key, value]) => ({ key, value: otelValue(value) }));
+}
+
+function countBucket(value) {
+  if (value === 0) return 'zero';
+  if (value <= 5) return 'under_5';
+  if (value <= 25) return 'under_25';
+  if (value <= 100) return 'under_100';
+  if (value <= 500) return 'under_500';
+  return 'over_500';
+}
+
+const records = readJsonl(inputPath);
+const session = records.find((record) => record.type === 'session.start');
+const probes = records.filter((record) => record.type === 'subagent.spawn.probe');
+const completed = records.find((record) => record.type === 'subagent.toolsearch.matrix.completed');
+
+if (!session || probes.length === 0 || !completed) {
+  throw new Error(`Expected session.start, subagent.spawn.probe records, and subagent.toolsearch.matrix.completed in ${inputPath}`);
+}
+
+const traceSeed = `${session.session_id}:${session.conversation_id}:subagent-toolsearch-propagation`;
+const traceId = sha256(traceSeed).replace('sha256:', '').slice(0, 32);
+const spanId = sha256(`${traceSeed}:span`).replace('sha256:', '').slice(0, 16);
+
+const events = [
+  ...probes.map((record) => ({
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'subagent.toolsearch.propagation.evaluated',
+    time: record.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'agent.name': session.agent,
+      'subagent.type_hash': hashRef(record.subagent_type),
+      'subagent.spawn.path': record.spawn_path,
+      'subagent.skill_context_active': record.skill_context_active,
+      'subagent.parent_intermediate_tool_call_count_bucket': countBucket(record.parent_intermediate_tool_call_count),
+      'subagent.tools.declaration_shape': record.tools_declaration_shape,
+      'subagent.tools.toolsearch_declared': record.toolsearch_declared,
+      'subagent.tools.toolsearch_exposed': record.toolsearch_exposed,
+      'subagent.mcp.parent_server_count_bucket': countBucket(record.mcp_server_count_parent),
+      'subagent.mcp.available_server_count_bucket': countBucket(record.mcp_server_count_subagent),
+      'subagent.mcp.loaded_tool_definition_count_bucket': countBucket(record.loaded_tool_definition_count),
+      'subagent.mcp.deferred_tool_definition_count_bucket': countBucket(record.deferred_tool_definition_count),
+      'subagent.tools.filter_reason': record.filter_reason,
+      'subagent.tools.declaration_hash': sha256(record.raw_tools_declaration),
+      'privacy.raw_tools_declaration_recorded': false,
+      'privacy.raw_tool_schemas_recorded': false,
+      'privacy.raw_prompts_recorded': false,
+      'privacy.raw_paths_recorded': false
+    }
+  })),
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'subagent.toolsearch.matrix.completed',
+    time: completed.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'subagent.toolsearch.tested_axis': completed.tested_axis,
+      'subagent.toolsearch.probe_count_bucket': countBucket(completed.probe_count),
+      'subagent.toolsearch.passing_probe_count_bucket': countBucket(completed.passing_probe_count),
+      'subagent.toolsearch.failing_probe_count_bucket': countBucket(completed.failing_probe_count),
+      'subagent.toolsearch.recommended_next_probe_hash': hashRef(completed.recommended_next_probe),
+      'subagent.toolsearch.audit_gap': completed.audit_gap
+    }
+  }
+];
+
+writeFileSync(receiptPath, `${events.map((event) => JSON.stringify(event)).join('\n')}\n`);
+
+const trace = {
+  resourceSpans: [
+    {
+      resource: {
+        attributes: attributesToOtel({
+          'service.name': 'pluribus-subagent-toolsearch-propagation-receipt-demo',
+          'service.version': '0.0.0-fixture',
+          'deployment.environment.name': 'local-fixture'
+        })
+      },
+      scopeSpans: [
+        {
+          scope: {
+            name: 'pluribus.context_input_evidence.subagent_toolsearch_propagation_demo',
+            version: '0.0.0-fixture'
+          },
+          spans: [
+            {
+              traceId,
+              spanId,
+              parentSpanId: '',
+              name: 'agent.subagent.toolsearch.propagation',
+              kind: 1,
+              startTimeUnixNano: unixNano(probes[0].time),
+              endTimeUnixNano: unixNano(completed.time),
+              attributes: attributesToOtel({
+                'session.id': session.session_id,
+                'gen_ai.conversation.id': session.conversation_id,
+                'agent.name': session.agent,
+                'workspace.name_hash': hashRef(session.workspace),
+                'gen_ai.request.model': session.model,
+                'subagent.context.receipt.scope': 'toolsearch_propagation_matrix'
+              }),
+              events: events.map((event) => ({
+                name: event.name,
+                timeUnixNano: unixNano(event.time),
+                attributes: attributesToOtel(event.attributes)
+              })),
+              status: { code: 1 }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+};
+
+writeFileSync(tracePath, `${JSON.stringify(trace, null, 2)}\n`);
+
+console.log(`Wrote ${receiptPath}`);
+console.log(`Wrote ${tracePath}`);