pluribus-context 0.3.34 → 0.3.36

package/examples/install-plan-receipts/agent-install-plan-receipt.json

@@ -0,0 +1,56 @@
+{
+  "receipt_type": "agent.install.plan.v1",
+  "run_id": "demo-install-2026-05-29T16:00Z",
+  "installer": "example-agent-setup",
+  "mode_requested": "plan",
+  "mode_effective": "plan",
+  "agents_detected": [
+    "claude-code",
+    "cursor",
+    "codex",
+    "openclaw"
+  ],
+  "agents_selected": [
+    "claude-code",
+    "openclaw"
+  ],
+  "planned_writes": [
+    {
+      "kind": "mcp_config",
+      "target": "claude-code project config",
+      "operation": "add_local_mcp_server",
+      "backup_planned": true
+    },
+    {
+      "kind": "instruction_file",
+      "target": "AGENTS.md",
+      "operation": "append_usage_notes",
+      "backup_planned": true
+    },
+    {
+      "kind": "hook",
+      "target": "pre-tool hook config",
+      "operation": "register_receipt_guard",
+      "backup_planned": true
+    }
+  ],
+  "external_commands_planned": [
+    {
+      "phase": "apply",
+      "command_class": "package_manager_install"
+    }
+  ],
+  "network_after_install": "local_mcp_server_only",
+  "writes_started": false,
+  "next_safe_command": "example-agent-setup apply --from-plan install-plan.json",
+  "privacy_exclusions": [
+    "raw_source",
+    "secrets",
+    "env_dump",
+    "raw_prompt",
+    "transcript",
+    "raw_tool_output",
+    "customer_data",
+    "private_absolute_path"
+  ]
+}

package/examples/loaded-resource-boundary/README.md

@@ -0,0 +1,22 @@
+# Loaded-resource boundary example
+
+This example turns "my Skill works in chat but disappears in ACP/Zed/CLI" into a stage-level receipt.
+
+Run:
+
+```bash
+node check-loaded-resource-boundary.mjs loaded-resource-boundary.json
+```
+
+Expected output:
+
+```text
+loaded-resource boundary ok: 1 required resource/runtime gap recorded
+```
+
+The sample records the same project skills across two sessions:
+
+- `chat` discovers, attaches, injects, and reads `skill:pr-review`;
+- `acp`/`zed` discovers and attaches it, but never injects it, so the receipt records `runtime_does_not_inject_resources` and sets `safe_to_continue=false`.
+
+Use this shape when prompt instructions cannot explain a missing Skill. The host/runtime needs to prove the resource crossed the boundary, not merely that it exists on disk.

package/examples/loaded-resource-boundary/check-loaded-resource-boundary.mjs

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+import fs from 'node:fs';
+
+const file = process.argv[2] ?? new URL('./loaded-resource-boundary.json', import.meta.url);
+const receipt = JSON.parse(fs.readFileSync(file, 'utf8'));
+const fail = (message) => {
+  console.error(`loaded-resource boundary invalid: ${message}`);
+  process.exit(1);
+};
+
+if (receipt.receipt_type !== 'pluribus.loaded_resource_boundary.v1') fail('unexpected receipt_type');
+if (!Array.isArray(receipt.expected_resources) || receipt.expected_resources.length === 0) fail('expected_resources must be non-empty');
+if (!Array.isArray(receipt.sessions) || receipt.sessions.length < 2) fail('sessions must include at least two runtimes for parity checks');
+
+const expectedIds = new Set(receipt.expected_resources.map((resource) => resource.id));
+const requiredIds = new Set(receipt.expected_resources.filter((resource) => resource.required !== false).map((resource) => resource.id));
+for (const resource of receipt.expected_resources) {
+  if (!resource.id || !resource.kind || !resource.source_ref || !resource.source_hash?.startsWith('sha256:')) {
+    fail(`expected resource ${resource.id ?? '<missing>'} needs id, kind, source_ref, and sha256 source_hash`);
+  }
+}
+
+const allowedSkipReasons = new Set([
+  'not_discovered',
+  'not_attached_to_agent',
+  'runtime_does_not_inject_resources',
+  'trigger_not_matched',
+  'resource_read_failed'
+]);
+
+let mismatches = 0;
+for (const session of receipt.sessions) {
+  for (const key of ['runtime', 'client', 'agent']) {
+    if (!session[key]) fail(`session ${session.session_id ?? '<missing>'} missing ${key}`);
+  }
+  for (const listName of ['discovered_resources', 'attached_resources', 'injected_resources', 'readable_resources', 'skipped_resources']) {
+    if (!Array.isArray(session[listName])) fail(`${session.session_id}: ${listName} must be an array`);
+  }
+
+  const stageSets = {
+    discovered: new Set(session.discovered_resources),
+    attached: new Set(session.attached_resources),
+    injected: new Set(session.injected_resources),
+    readable: new Set(session.readable_resources)
+  };
+  const skipped = new Map(session.skipped_resources.map((skip) => [skip.id, skip]));
+
+  for (const id of expectedIds) {
+    if (stageSets.readable.has(id)) continue;
+    const skip = skipped.get(id);
+    if (!skip) {
+      if (requiredIds.has(id)) fail(`${session.session_id}: ${id} is required, not readable, and has no skipped_resources entry`);
+      continue;
+    }
+    if (!allowedSkipReasons.has(skip.reason)) fail(`${session.session_id}: ${id} has unknown skip reason ${skip.reason}`);
+    if (!skip.stage) fail(`${session.session_id}: ${id} skip entry needs a stage`);
+    if (requiredIds.has(id)) mismatches += 1;
+  }
+}
+
+if (receipt.safe_to_continue !== false && mismatches > 0) {
+  fail('safe_to_continue must be false when expected resources are missing or skipped');
+}
+
+console.log(`loaded-resource boundary ok: ${mismatches} required resource/runtime gaps recorded`);

package/examples/loaded-resource-boundary/loaded-resource-boundary.json

@@ -0,0 +1,69 @@
+{
+  "receipt_type": "pluribus.loaded_resource_boundary.v1",
+  "scenario": "custom-agent skill parity across chat and ACP/Zed",
+  "expected_resources": [
+    {
+      "id": "skill:pr-review",
+      "kind": "skill",
+      "scope": "project",
+      "source_ref": ".kiro/skills/pr-review/SKILL.md",
+      "source_hash": "sha256:7fb8c53b1b1f9b0e0f5a6fdab315b748c64c8b926fdff3d1d6fe6b3f5c8c6a01",
+      "required": true
+    },
+    {
+      "id": "skill:release-notes",
+      "kind": "skill",
+      "scope": "project",
+      "source_ref": ".kiro/skills/release-notes/SKILL.md",
+      "source_hash": "sha256:290d6bbf8d43b5b3f9134718ce9f7b6d08cc25f1a0e9255f5b8ceadcab4e6c18",
+      "required": false
+    }
+  ],
+  "sessions": [
+    {
+      "session_id": "chat-reviewer-2026-06-03",
+      "runtime": "chat",
+      "client": "kiro-desktop",
+      "client_version": "2.5.1",
+      "agent": "reviewer",
+      "task_hash": "sha256:9ed0fd91ef88f64a7de10e7fbab4e979ec6b13701d8a7569e3d4ad4ed9932a9a",
+      "discovered_resources": ["skill:pr-review", "skill:release-notes"],
+      "attached_resources": ["skill:pr-review", "skill:release-notes"],
+      "injected_resources": ["skill:pr-review"],
+      "readable_resources": ["skill:pr-review"],
+      "skipped_resources": [
+        {
+          "id": "skill:release-notes",
+          "stage": "injected",
+          "reason": "trigger_not_matched"
+        }
+      ]
+    },
+    {
+      "session_id": "acp-zed-reviewer-2026-06-03",
+      "runtime": "acp",
+      "client": "zed",
+      "client_version": "2.5.1",
+      "agent": "reviewer",
+      "task_hash": "sha256:9ed0fd91ef88f64a7de10e7fbab4e979ec6b13701d8a7569e3d4ad4ed9932a9a",
+      "discovered_resources": ["skill:pr-review", "skill:release-notes"],
+      "attached_resources": ["skill:pr-review", "skill:release-notes"],
+      "injected_resources": [],
+      "readable_resources": [],
+      "skipped_resources": [
+        {
+          "id": "skill:pr-review",
+          "stage": "injected",
+          "reason": "runtime_does_not_inject_resources"
+        },
+        {
+          "id": "skill:release-notes",
+          "stage": "injected",
+          "reason": "trigger_not_matched"
+        }
+      ]
+    }
+  ],
+  "safe_to_continue": false,
+  "next_action": "file a host/runtime bug with stage-level evidence; do not fix this with stronger prompt wording alone"
+}

package/examples/memory-write-policy/README.md

@@ -0,0 +1,28 @@
+# Memory write policy receipt gate
+
+Shared memory systems are useful when many agents can read the same durable facts. They become risky when every run can also write to that memory without review.
+
+This example treats a memory write like a code change:
+
+1. the agent proposes a memory diff;
+2. the diff is scoped to a repo/project/org/user boundary;
+3. the source is hashed instead of copied;
+4. stale facts get an expiry or review date;
+5. future sessions can see what memory was injected;
+6. private/sensitive writes are quarantined until a human or external policy approves them.
+
+Run the passing fixture:
+
+```bash
+node examples/memory-write-policy/check-memory-update.mjs \
+  examples/memory-write-policy/approved-memory-update.json
+```
+
+Run the failing fixture:
+
+```bash
+node examples/memory-write-policy/check-memory-update.mjs \
+  examples/memory-write-policy/quarantined-memory-update.json
+```
+
+Use this shape when evaluating cross-agent memory MCPs, knowledge graphs, or shared `CLAUDE.md`/`AGENTS.md` update flows. The point is not to store the memory body in the receipt. The point is to prove that a durable memory update had source, scope, lifecycle, visibility, approval, and privacy checks before it could teach every harness the same fact.

package/examples/memory-write-policy/approved-memory-update.json

@@ -0,0 +1,48 @@
+{
+  "type": "agent.memory_update_receipt.v1",
+  "update_id": "memupd_2026_06_01_001",
+  "run_id": "agent_run_8742",
+  "source": {
+    "kind": "claude-code-session",
+    "ref": "repo:acme/shop#issue-4812",
+    "content_hash": "sha256:4df7b1b9d6f4a2c51ad3e1ce761a8f0f918c9a0f4d26c4c8fd9f1e21ad1a19f4"
+  },
+  "scope": {
+    "kind": "repo",
+    "id": "acme/shop",
+    "path_prefix": "apps/checkout"
+  },
+  "proposed_diff": {
+    "adds": [
+      {
+        "memory_ref": "memory:checkout:idempotency-key-policy",
+        "summary_hash": "sha256:dad59f7764d0a6dd8db8f2d6f23d9dd30b3e6b1e1197d5478c05f9d093bc5fed",
+        "reason": "captured repo-local invariant after failing duplicate-charge test"
+      }
+    ],
+    "updates": [],
+    "supersedes": [],
+    "expires": []
+  },
+  "write_policy": {
+    "status": "approved",
+    "policy_ref": "repo-memory-policy:v2",
+    "approved_by": "maintainer:checkout-platform",
+    "approval_channel": "pull-request-review",
+    "private_or_sensitive_detected": false
+  },
+  "lifecycle": {
+    "review_after": "2026-07-01T00:00:00Z",
+    "supersedes_required": false
+  },
+  "injection_visibility": {
+    "next_session_visible": true,
+    "preview_path": ".pluribus/memory-previews/checkout-idempotency-key-policy.md"
+  },
+  "privacy": {
+    "raw_memory_text_logged": false,
+    "raw_prompts_logged": false,
+    "raw_tool_output_logged": false,
+    "secrets_logged": false
+  }
+}

package/examples/memory-write-policy/check-memory-update.mjs

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+import { readFileSync } from 'node:fs'
+
+const [file] = process.argv.slice(2)
+
+if (!file) {
+  console.error('Usage: node check-memory-update.mjs <memory-update-receipt.json>')
+  process.exit(2)
+}
+
+let receipt
+try {
+  receipt = JSON.parse(readFileSync(file, 'utf8'))
+} catch (error) {
+  console.error(JSON.stringify({ ok: false, file, errors: [`invalid JSON: ${error.message}`] }, null, 2))
+  process.exit(2)
+}
+
+const errors = []
+const warnings = []
+
+if (receipt.type !== 'agent.memory_update_receipt.v1') {
+  errors.push('type must be agent.memory_update_receipt.v1')
+}
+
+for (const key of ['update_id', 'run_id']) {
+  if (!receipt[key] || typeof receipt[key] !== 'string') {
+    errors.push(`${key} is required`)
+  }
+}
+
+const source = receipt.source || {}
+if (!source.kind || typeof source.kind !== 'string') {
+  errors.push('source.kind is required')
+}
+if (!source.ref || typeof source.ref !== 'string') {
+  errors.push('source.ref is required')
+}
+if (!source.content_hash || typeof source.content_hash !== 'string') {
+  errors.push('source.content_hash is required; do not rely on raw memory text')
+}
+
+const scope = receipt.scope || {}
+if (!scope.kind || !['repo', 'project', 'org', 'user'].includes(scope.kind)) {
+  errors.push('scope.kind must be repo, project, org, or user')
+}
+if (!scope.id || typeof scope.id !== 'string') {
+  errors.push('scope.id is required so a memory write cannot silently become global')
+}
+if (scope.kind === 'user') {
+  warnings.push('user-scoped durable memory is broad; prefer repo/project scope when possible')
+}
+
+const diff = receipt.proposed_diff || {}
+const changed = ['adds', 'updates', 'supersedes', 'expires'].flatMap((key) => Array.isArray(diff[key]) ? diff[key] : [])
+if (changed.length === 0) {
+  errors.push('proposed_diff must include at least one add, update, supersede, or expire entry')
+}
+for (const [index, item] of changed.entries()) {
+  if (!item.memory_ref || typeof item.memory_ref !== 'string') {
+    errors.push(`proposed_diff item ${index} is missing memory_ref`)
+  }
+  if (!item.summary_hash || typeof item.summary_hash !== 'string') {
+    errors.push(`proposed_diff item ${index} is missing summary_hash; log hashes, not raw memory bodies`)
+  }
+  if (item.raw_text) {
+    errors.push(`proposed_diff item ${index} must not include raw_text`)
+  }
+}
+
+const policy = receipt.write_policy || {}
+if (policy.status !== 'approved') {
+  errors.push(`write_policy.status is ${policy.status || 'missing'}; shared memory write must remain proposed/quarantined until approved`)
+}
+if (!policy.policy_ref || typeof policy.policy_ref !== 'string') {
+  errors.push('write_policy.policy_ref is required')
+}
+if (!policy.approved_by || typeof policy.approved_by !== 'string') {
+  errors.push('write_policy.approved_by is required for durable writes')
+}
+if (policy.private_or_sensitive_detected !== false) {
+  errors.push('write_policy.private_or_sensitive_detected must be false before merge')
+}
+
+const lifecycle = receipt.lifecycle || {}
+if (!lifecycle.expires_at && !lifecycle.review_after) {
+  errors.push('lifecycle.expires_at or lifecycle.review_after is required to avoid immortal stale facts')
+}
+if (lifecycle.supersedes_required === true && (!Array.isArray(diff.supersedes) || diff.supersedes.length === 0)) {
+  errors.push('lifecycle.supersedes_required is true but proposed_diff.supersedes is empty')
+}
+
+const visibility = receipt.injection_visibility || {}
+if (visibility.next_session_visible !== true) {
+  errors.push('injection_visibility.next_session_visible must be true so future agents can see what memory was injected')
+}
+if (!visibility.preview_path || typeof visibility.preview_path !== 'string') {
+  warnings.push('injection_visibility.preview_path is recommended for human review')
+}
+
+const privacy = receipt.privacy || {}
+for (const key of ['raw_memory_text_logged', 'raw_prompts_logged', 'raw_tool_output_logged', 'secrets_logged']) {
+  if (privacy[key] !== false) {
+    errors.push(`privacy.${key} must be false for this gate`)
+  }
+}
+
+const result = {
+  ok: errors.length === 0,
+  file,
+  update_id: receipt.update_id,
+  run_id: receipt.run_id,
+  scope: scope.kind && scope.id ? `${scope.kind}:${scope.id}` : undefined,
+  write_status: policy.status,
+  errors,
+  warnings
+}
+
+console.log(JSON.stringify(result, null, 2))
+process.exit(result.ok ? 0 : 1)

package/examples/memory-write-policy/quarantined-memory-update.json

@@ -0,0 +1,43 @@
+{
+  "type": "agent.memory_update_receipt.v1",
+  "update_id": "memupd_2026_06_01_002",
+  "run_id": "agent_run_8743",
+  "source": {
+    "kind": "claude-code-session",
+    "ref": "repo:acme/shop#debug-chat",
+    "content_hash": "sha256:6d4fa2a2114f83fd8bd9d6eb3c632ff6f20252f978bc9deec0b9d85694e02d4b"
+  },
+  "scope": {
+    "kind": "user",
+    "id": "developer-laptop"
+  },
+  "proposed_diff": {
+    "adds": [
+      {
+        "memory_ref": "memory:global:production-debug-shortcut",
+        "summary_hash": "sha256:5ee95af43fd2fb8b90908ef8cc4a5e6f050a8f52c97c7c93fd7f37bd1dcf3c2a",
+        "raw_text": "do not store raw memory bodies here"
+      }
+    ],
+    "updates": [],
+    "supersedes": [],
+    "expires": []
+  },
+  "write_policy": {
+    "status": "quarantined",
+    "policy_ref": "repo-memory-policy:v2",
+    "private_or_sensitive_detected": true
+  },
+  "lifecycle": {
+    "supersedes_required": false
+  },
+  "injection_visibility": {
+    "next_session_visible": false
+  },
+  "privacy": {
+    "raw_memory_text_logged": true,
+    "raw_prompts_logged": false,
+    "raw_tool_output_logged": false,
+    "secrets_logged": false
+  }
+}

package/examples/parallel-session-review-ledger/README.md

@@ -0,0 +1,13 @@
+# Parallel session review ledger example
+
+This example is a copyable receipt for teams running multiple agent sessions at once. It is designed for the review bottleneck: deciding whether each session can be trusted, continued, or rejected without reading an entire transcript.
+
+```bash
+node examples/parallel-session-review-ledger/check-parallel-session-review-ledger.mjs examples/parallel-session-review-ledger/parallel-session-review-ledger.json
+```
+
+Expected output:
+
+```text
+parallel session review ledger ok: 3 sessions checked
+```

package/examples/parallel-session-review-ledger/check-parallel-session-review-ledger.mjs

@@ -0,0 +1,69 @@
+#!/usr/bin/env node
+import fs from 'node:fs';
+import path from 'node:path';
+
+const file = process.argv[2] || path.join('examples', 'parallel-session-review-ledger', 'parallel-session-review-ledger.json');
+const receipt = JSON.parse(fs.readFileSync(file, 'utf8'));
+const errors = [];
+
+const allowedStates = new Set(['complete', 'partial', 'blocked', 'unsafe_to_resume']);
+const allowedNextActions = new Set([
+  'review_diff',
+  'run_missing_check',
+  'continue_same_scope',
+  'ask_human',
+  'stop_manual_review'
+]);
+
+function add(condition, message) {
+  if (!condition) errors.push(message);
+}
+
+function globPrefix(pattern) {
+  return pattern.replace(/\*\*.*$/, '').replace(/\*.*$/, '');
+}
+
+add(receipt.schema === 'pluribus.parallel_session_review_ledger.v1', 'schema must be pluribus.parallel_session_review_ledger.v1');
+add(Array.isArray(receipt.sessions) && receipt.sessions.length > 0, 'sessions must be a non-empty array');
+
+for (const session of receipt.sessions || []) {
+  const label = session.id || '<missing-id>';
+  add(Boolean(session.id), 'session id is required');
+  add(Boolean(session.assignment), `${label}: assignment is required`);
+  add(Boolean(session.branch), `${label}: branch is required`);
+  add(Boolean(session.allowed_scope), `${label}: allowed_scope is required`);
+  add(Array.isArray(session.allowed_scope?.files) && session.allowed_scope.files.length > 0, `${label}: allowed_scope.files must be non-empty`);
+  add(allowedStates.has(session.state), `${label}: invalid state ${session.state}`);
+  add(allowedNextActions.has(session.safe_next_action), `${label}: invalid safe_next_action ${session.safe_next_action}`);
+
+  const evidence = session.evidence || [];
+  const missingChecks = session.missing_checks || [];
+  const privacyFlags = session.privacy_flags || [];
+
+  if (session.state === 'complete') {
+    add(evidence.length > 0, `${label}: complete sessions need evidence`);
+    add(missingChecks.length === 0, `${label}: complete sessions cannot have missing_checks`);
+    add(privacyFlags.length === 0, `${label}: complete sessions cannot have privacy_flags`);
+  }
+
+  if (session.state === 'partial') {
+    add(missingChecks.length > 0, `${label}: partial sessions must name missing_checks`);
+  }
+
+  if (session.state === 'unsafe_to_resume') {
+    add(session.safe_next_action === 'stop_manual_review', `${label}: unsafe_to_resume must use stop_manual_review`);
+  }
+
+  const allowedPrefixes = (session.allowed_scope?.files || []).map(globPrefix);
+  for (const touched of session.touched_files || []) {
+    add(allowedPrefixes.some((prefix) => touched.startsWith(prefix)), `${label}: touched file outside allowed scope: ${touched}`);
+  }
+}
+
+if (errors.length > 0) {
+  console.error('parallel session review ledger invalid:');
+  for (const error of errors) console.error(`- ${error}`);
+  process.exit(1);
+}
+
+console.log(`parallel session review ledger ok: ${receipt.sessions.length} sessions checked`);

package/examples/parallel-session-review-ledger/parallel-session-review-ledger.json

@@ -0,0 +1,72 @@
+{
+  "schema": "pluribus.parallel_session_review_ledger.v1",
+  "generated_at": "2026-06-04T19:00:00Z",
+  "run": {
+    "orchestrator": "human",
+    "repo": "redacted-service",
+    "coordination_mode": "parallel_sessions"
+  },
+  "sessions": [
+    {
+      "id": "session-a",
+      "agent": "claude-code",
+      "assignment": "update validation for billing webhook retries",
+      "branch": "agent/billing-webhook-retry-validation",
+      "allowed_scope": {
+        "files": ["src/billing/**", "test/billing/**"],
+        "commands": ["npm test -- --test-name-pattern=billing"],
+        "network": "none"
+      },
+      "touched_files": ["src/billing/retries.js", "test/billing/retries.test.js"],
+      "agent_claim": "added retry validation and regression coverage",
+      "evidence": [
+        { "type": "commit", "ref": "abc1234" },
+        { "type": "test", "name": "billing retry validation", "status": "passed" }
+      ],
+      "missing_checks": [],
+      "privacy_flags": [],
+      "state": "complete",
+      "safe_next_action": "review_diff"
+    },
+    {
+      "id": "session-b",
+      "agent": "cursor-agent",
+      "assignment": "draft migration notes for webhook retry config",
+      "branch": "agent/retry-config-notes",
+      "allowed_scope": {
+        "files": ["docs/**"],
+        "commands": ["npm test -- --test-name-pattern=docs"],
+        "network": "none"
+      },
+      "touched_files": ["docs/webhook-retry-config.md"],
+      "agent_claim": "documented retry config and rollback notes",
+      "evidence": [
+        { "type": "diff", "ref": "docs-only" }
+      ],
+      "missing_checks": ["link-check docs/webhook-retry-config.md"],
+      "privacy_flags": [],
+      "state": "partial",
+      "safe_next_action": "run_missing_check"
+    },
+    {
+      "id": "session-c",
+      "agent": "codex-cli",
+      "assignment": "investigate retry metrics regression",
+      "branch": "agent/retry-metrics-investigation",
+      "allowed_scope": {
+        "files": ["src/metrics/**", "test/metrics/**"],
+        "commands": ["npm test -- --test-name-pattern=metrics"],
+        "network": "none"
+      },
+      "touched_files": ["src/metrics/retry-metrics.js"],
+      "agent_claim": "found possible metrics label mismatch, not fixed",
+      "evidence": [
+        { "type": "note", "ref": "suspected-label-mismatch" }
+      ],
+      "missing_checks": ["confirm label contract with owner"],
+      "privacy_flags": ["scope_expanded_without_approval"],
+      "state": "unsafe_to_resume",
+      "safe_next_action": "stop_manual_review"
+    }
+  ]
+}

package/examples/phase-boundary-contract/README.md

@@ -0,0 +1,23 @@
+# Phase-boundary contract example
+
+This example is for multi-model coding workflows where one phase plans, another phase applies, and another verifies. It records the exact handoff boundary without storing prompts, transcripts, raw source, secrets, or full command output.
+
+Run:
+
+```bash
+node check-phase-boundary.mjs phase-boundary-contract.json
+```
+
+Expected output:
+
+```text
+phase-boundary contract ok: checkout-refactor-2026-06-03 apply->verify
+```
+
+Use the shape as a small gate before moving from Apply to Verify:
+
+- approved plan/task refs and hashes entered the phase;
+- output artifact hash exists;
+- changed file-set hash and tests are present;
+- open risks are explicit;
+- stale exploration transcript or rejected designs are intentionally dropped.