release-gate 0.3.0__tar.gz

release_gate-0.3.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 VamsiSudhakaran1
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

release_gate-0.3.0/PKG-INFO

@@ -0,0 +1,18 @@
+Metadata-Version: 2.4
+Name: release-gate
+Version: 0.3.0
+Summary: Governance enforcement for AI agents
+Home-page: https://github.com/VamsiSudhakaran1/release-gate
+Author: Vamsi Sudhakaran
+Author-email: vamsi.sudhakaran@gmail.com
+Requires-Python: >=3.8
+License-File: LICENSE
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: jsonschema>=4.0
+Dynamic: author
+Dynamic: author-email
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary

release_gate-0.3.0/README.md

@@ -0,0 +1,535 @@
+# release-gate
+
+🚪 **Governance enforcement for AI agents** — Prevent cost explosions, ensure safety measures, and enforce access control before deployment.
+
+[![GitHub License](https://img.shields.io/github/license/VamsiSudhakaran1/release-gate)](LICENSE)
+[![Tests](https://github.com/VamsiSudhakaran1/release-gate/actions/workflows/tests.yml/badge.svg)](https://github.com/VamsiSudhakaran1/release-gate/actions)
+[![PyPI Version](https://img.shields.io/pypi/v/release-gate)](https://pypi.org/project/release-gate/)
+[![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)
+
+## The Problem It Solves
+
+**Your AI agent costs you $50,000 in a single day.** No warning. No limit. No questions.
+
+This happens because:
+- ❌ No cost limits are set
+- ❌ No one validates agent configuration
+- ❌ Request volumes spiral unexpectedly
+- ❌ Token usage balloons with complex prompts
+- ❌ One retry loop = 10x cost multiplier
+
+**release-gate stops this before it happens.**
+
+---
+
+## What It Does (The 4 Checks)
+
+release-gate sits between testing and deployment, validating agents against 4 critical checks:
+
+### 🎯 PRIMARY CHECK: ACTION_BUDGET (NEW v0.3)
+
+**Prevents cost explosions** — The hero feature that stops $50K mistakes.
+
+```yaml
+checks:
+  action_budget:
+    enabled: true
+    max_daily_cost: 100  # Sets the limit
+```
+
+What happens:
+
+```
+Agent estimated to cost $250/day
+Budget set to $100/day
+Status: ❌ FAIL - Deployment blocked
+
+Remediation:
+  Option 1: Use cheaper model (gpt-4-turbo saves 70%)
+  Option 2: Reduce daily request volume
+  Option 3: Increase budget to $250/day
+```
+
+**Cost Calculation (Full Transparency):**
+```
+Model: GPT-4-Turbo
+Daily requests: 500
+Input tokens/request: 800
+Output tokens/request: 400
+Estimated daily cost: $12.50
+Monthly cost: $375.00
+Safety margin: 8x (well under $100 budget)
+Status: ✅ PASS
+```
+
+### Supporting Checks (Existing v0.2)
+
+#### 📋 INPUT_CONTRACT
+Ensures request schemas are defined and tested.
+- ✅ Schema explicitly defined
+- ✅ Valid inputs pass validation
+- ✅ Invalid inputs fail validation
+- Prevents input-based failures
+
+#### ⏹ FALLBACK_DECLARED
+Ensures agent can be stopped if something goes wrong.
+- ✅ Kill switch defined (feature flag)
+- ✅ Fallback mode exists (escalate to human)
+- ✅ Team ownership clear
+- ✅ Runbook provided
+
+#### 🔐 IDENTITY_BOUNDARY
+Enforces access control and rate limiting.
+- ✅ Authentication required
+- ✅ Rate limits configured
+- ✅ Data isolation defined
+- Prevents unauthorized access
+
+---
+
+## Quick Start (5 Minutes)
+
+### 1. Install
+```bash
+pip install release-gate
+```
+
+### 2. Create governance.yaml
+```yaml
+project:
+  name: my-agent
+
+agent:
+  model: gpt-4-turbo
+  daily_requests: 500
+  avg_input_tokens: 800
+  avg_output_tokens: 400
+  retry_rate: 1.1
+
+checks:
+  action_budget:
+    enabled: true
+    max_daily_cost: 100
+```
+
+### 3. Run Validation
+```bash
+release-gate check --config governance.yaml
+```
+
+### 4. See Decision
+```
+┌──────────────────────────────────────────┐
+│ 🚪 release-gate: All 4 Checks            │
+├──────────────────────────────────────────┤
+
+💰 ACTION_BUDGET: ✓ PASS
+   Daily Cost: $12.50
+   Budget: $100.00
+   Safety Margin: 8.0x
+
+📋 INPUT_CONTRACT: ✓ PASS
+   Schema defined
+
+⏹ FALLBACK_DECLARED: ✓ PASS
+   Kill switch configured
+
+🔐 IDENTITY_BOUNDARY: ✓ PASS
+   Authentication required
+
+✅ FINAL DECISION: PASS (Safe to deploy)
+└──────────────────────────────────────────┘
+```
+
+---
+
+## Real-World Example: The $50K Mistake
+
+### Scenario
+You deploy a customer support agent without checking costs:
+
+```yaml
+agent:
+  model: gpt-4           # Expensive model
+  daily_requests: 5000   # High volume
+  avg_input_tokens: 2000 # Long context
+  avg_output_tokens: 1000
+```
+
+**Without release-gate:**
+```
+Day 1: Agent costs $250
+Day 2: No one notices
+Day 3: Cost spike warning
+...
+Week 2: You've spent $50,000
+```
+
+**With release-gate:**
+```
+$ release-gate check --config governance.yaml
+
+❌ FAIL - Cost Control: Budget Exceeded
+
+Daily cost: $250.00
+Budget: $100.00
+Daily overage: $150.00
+Monthly overage: $4,500.00
+
+❌ BLOCKED: Cannot deploy without fixing cost configuration
+
+Remediation Options:
+  Option 1: Use gpt-4-turbo (3.3x cheaper)
+           New cost: $75.88/day → PASS ✓
+  
+  Option 2: Reduce daily requests to 1000
+           New cost: $50/day → PASS ✓
+  
+  Option 3: Increase budget to $250/day
+           Then re-run validation
+```
+
+**Result:** Deployment blocked. Problem caught before it costs you $50K.
+
+---
+
+## Key Features
+
+### 💰 ACTION_BUDGET: Cost Control (v0.3 New)
+
+#### Automatic Cost Estimation
+```python
+# Reads agent config
+agent:
+  model: gpt-4-turbo
+  daily_requests: 500
+  avg_input_tokens: 800
+  avg_output_tokens: 400
+  retry_rate: 1.1
+
+# Automatically calculates:
+# Input cost: $0.00001 × 800 ÷ 1000 × 500 × 1.1 = $4.40/day
+# Output cost: $0.00003 × 400 ÷ 1000 × 500 × 1.1 = $6.60/day
+# Total: $11.00/day
+```
+
+#### Smart Thresholds
+```yaml
+checks:
+  action_budget:
+    max_daily_cost: 100
+    auto_approve_threshold: 10      # < $10 = instant PASS
+    manual_approval_threshold: 50   # $10-$50 = needs review
+    # $50+ = approval routing
+```
+
+#### Approval Routing (Future)
+```yaml
+approval_routes:
+  - type: slack
+    channel: "#ai-governance"
+    mentions: ["@platform-leads"]
+  - type: email
+    to: ["ai-team@company.com"]
+    cc: ["security@company.com"]
+```
+
+### 🔄 Dynamic Pricing
+
+#### No Hardcoding
+```python
+# Instead of hardcoded enums:
+# - Supports ANY model (past, present, future)
+# - Auto-detects from code
+# - User-extensible via JSON
+```
+
+#### Auto-Detection
+```python
+# Code:
+client = OpenAI(model="gpt-4o")
+response = client.chat.completions.create(model="gpt-4o")
+
+# release-gate automatically detects: gpt-4o
+# Looks up pricing
+# Estimates cost
+# All automatic
+```
+
+#### Custom Models
+```json
+{
+  "models": {
+    "my-internal-llama": {
+      "input": 0.0001,
+      "output": 0.0002,
+      "provider": "Internal"
+    }
+  }
+}
+```
+
+Add a custom model. No code changes. Instant support.
+
+---
+
+## Installation
+
+### Via pip
+```bash
+pip install release-gate
+```
+
+### From source
+```bash
+git clone https://github.com/VamsiSudhakaran1/release-gate.git
+cd release-gate
+pip install -e .
+```
+
+### Requirements
+- Python 3.8+
+- PyYAML >= 6.0
+- jsonschema >= 4.0
+
+---
+
+## Configuration
+
+### Minimal (Cost Control Only)
+```yaml
+project:
+  name: my-agent
+
+agent:
+  model: gpt-4-turbo
+  daily_requests: 100
+  avg_input_tokens: 500
+  avg_output_tokens: 300
+
+checks:
+  action_budget:
+    enabled: true
+    max_daily_cost: 50
+```
+
+### Complete (All 4 Checks)
+```yaml
+project:
+  name: customer-support-agent
+  version: 1.0.0
+
+agent:
+  model: gpt-4-turbo
+  daily_requests: 500
+  avg_input_tokens: 800
+  avg_output_tokens: 400
+  retry_rate: 1.1
+
+checks:
+  action_budget:
+    enabled: true
+    max_daily_cost: 100
+    auto_approve_threshold: 10
+    manual_approval_threshold: 50
+  
+  input_contract:
+    enabled: true
+    schema:
+      type: object
+      required: [user_query]
+      properties:
+        user_query:
+          type: string
+  
+  fallback_declared:
+    enabled: true
+    kill_switch:
+      type: feature_flag
+      name: disable_agent
+    fallback:
+      mode: escalate_to_human
+    ownership:
+      team: support-team
+      oncall: "oncall@company.com"
+  
+  identity_boundary:
+    enabled: true
+    authentication: required
+    rate_limit: 10
+    data_isolation:
+      - customer_data_only
+```
+
+---
+
+## Usage
+
+### Command Line
+```bash
+# Simple validation
+release-gate check --config governance.yaml
+
+# JSON output (for CI/CD)
+release-gate check --config governance.yaml --output json
+
+# YAML output (save to repo)
+release-gate check --config governance.yaml --output yaml > audit.yaml
+```
+
+### GitHub Actions
+```yaml
+name: Governance Gate
+on: [pull_request, push]
+
+jobs:
+  governance:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+      - run: pip install release-gate
+      - run: release-gate check --config governance.yaml
+```
+
+### Python API
+```python
+from release_gate.checks.action_budget import ActionBudgetCheck
+import yaml
+
+with open('governance.yaml') as f:
+    config = yaml.safe_load(f)
+
+check = ActionBudgetCheck()
+result = check.evaluate(config)
+
+if result['status'] == 'PASS':
+    print("✅ Safe to deploy")
+else:
+    print("❌ Fix cost configuration")
+    for step in result.get('remediation_steps', []):
+        print(f"  - {step}")
+```
+
+---
+
+## Exit Codes
+
+- **0** = PASS (all checks passed, safe to deploy)
+- **10** = WARN (manual review recommended)
+- **1** = FAIL (deployment blocked, fix issues)
+
+Perfect for CI/CD pipelines.
+
+---
+
+## Roadmap
+
+### v0.3 (Current) ✅
+- [x] ACTION_BUDGET check (cost control)
+- [x] Dynamic pricing system
+- [x] Auto-model detection
+- [x] Custom model support
+- [x] All 4 checks working together
+
+### v0.4 (Planned)
+- [ ] GitHub Actions marketplace integration
+- [ ] Web dashboard
+- [ ] Advanced approval workflows
+- [ ] Enterprise SSO/RBAC
+
+### v1.0 (Vision)
+- [ ] Real-time pricing API integration
+- [ ] Advanced policy templates
+- [ ] Multi-agent governance
+- [ ] Analytics & reporting
+
+---
+
+## Supported Models
+
+### OpenAI
+- GPT-4
+- GPT-4 Turbo
+- GPT-4o
+
+### Anthropic
+- Claude 3 Opus
+- Claude 3 Sonnet
+- Claude 3.5 Sonnet
+
+### Open Source
+- Llama 70B
+- Mistral Large
+
+### Custom
+- Any model (add to pricing.json)
+
+---
+
+## Examples
+
+See `examples/` directory:
+- `governance-simple.yaml` - Minimal setup
+- `governance-complete.yaml` - Full setup
+- `pricing.json` - All supported models
+- `test_action_budget.py` - Test suite
+
+---
+
+## Architecture
+
+### 4 Independent Checks
+Each check validates independently:
+- **ACTION_BUDGET** validates cost
+- **INPUT_CONTRACT** validates schema
+- **FALLBACK_DECLARED** validates safety
+- **IDENTITY_BOUNDARY** validates access
+
+No cross-dependencies. Easy to extend.
+
+### Decision Logic
+```
+If ANY check FAILS → FAIL (deployment blocked)
+Else if ANY check WARNS → WARN (manual review)
+Else → PASS (all good)
+```
+
+All 4 checks are equal partners in the decision.
+
+---
+
+## Contributing
+
+Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+---
+
+## Support
+
+- 📖 [Documentation](docs/)
+- 🐛 [Issues](https://github.com/VamsiSudhakaran1/release-gate/issues)
+- 💬 [Discussions](https://github.com/VamsiSudhakaran1/release-gate/discussions)
+- 🌐 [Website](https://release-gate.com)
+
+---
+
+## License
+
+MIT — See [LICENSE](LICENSE) for details.
+
+---
+
+## The Vision
+
+**Every AI agent should have cost limits, safety measures, and access controls before deployment.**
+
+release-gate makes this simple, automatic, and transparent.
+
+---
+
+**Prevent cost explosions. Enforce governance. Deploy with confidence.** 🚀
+
+Built by [Vamsi](https://github.com/VamsiSudhakaran1) • [release-gate.com](https://release-gate.com)

release_gate-0.3.0/release_gate.egg-info/PKG-INFO

@@ -0,0 +1,18 @@
+Metadata-Version: 2.4
+Name: release-gate
+Version: 0.3.0
+Summary: Governance enforcement for AI agents
+Home-page: https://github.com/VamsiSudhakaran1/release-gate
+Author: Vamsi Sudhakaran
+Author-email: vamsi.sudhakaran@gmail.com
+Requires-Python: >=3.8
+License-File: LICENSE
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: jsonschema>=4.0
+Dynamic: author
+Dynamic: author-email
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary

release_gate-0.3.0/release_gate.egg-info/SOURCES.txt

@@ -0,0 +1,10 @@
+LICENSE
+README.md
+setup.py
+release_gate.egg-info/PKG-INFO
+release_gate.egg-info/SOURCES.txt
+release_gate.egg-info/dependency_links.txt
+release_gate.egg-info/entry_points.txt
+release_gate.egg-info/requires.txt
+release_gate.egg-info/top_level.txt
+tests/test_release_gate.py

release_gate-0.3.0/release_gate.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

release_gate-0.3.0/release_gate.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+release-gate = release_gate.cli:main

release_gate-0.3.0/release_gate.egg-info/requires.txt

@@ -0,0 +1,2 @@
+pyyaml>=6.0
+jsonschema>=4.0

release_gate-0.3.0/release_gate.egg-info/top_level.txt

@@ -0,0 +1 @@
+

release_gate-0.3.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

release_gate-0.3.0/setup.py

@@ -0,0 +1,21 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="release-gate",
+    version="0.3.0",
+    description="Governance enforcement for AI agents",
+    author="Vamsi Sudhakaran",
+    author_email="vamsi.sudhakaran@gmail.com",
+    url="https://github.com/VamsiSudhakaran1/release-gate",
+    packages=find_packages(),
+    install_requires=[
+        "pyyaml>=6.0",
+        "jsonschema>=4.0",
+    ],
+    python_requires=">=3.8",
+    entry_points={
+        "console_scripts": [
+            "release-gate=release_gate.cli:main",
+        ],
+    },
+)

release_gate-0.3.0/tests/test_release_gate.py

@@ -0,0 +1,444 @@
+#!/usr/bin/env python3
+"""
+Minimal automated smoke test suite for release-gate CLI
+
+Tests:
+1. Initialization creates files
+2. PASS case returns exit code 0
+3. WARN case returns exit code 10
+4. FAIL case returns exit code 1
+5. JSON output is valid
+6. Custom output file is created
+
+No pytest required - just run: python test_release_gate.py
+"""
+
+import subprocess
+import json
+import sys
+import tempfile
+import shutil
+from pathlib import Path
+
+
+def run_cli(*args, cwd=None):
+    """Run CLI command and return (exit_code, stdout, stderr)"""
+    cmd = [sys.executable, "cli.py"] + list(args)
+    result = subprocess.run(
+        cmd,
+        cwd=cwd,
+        capture_output=True,
+        text=True
+    )
+    return result.returncode, result.stdout, result.stderr
+
+
+def test_init():
+    """Test 1: Initialization creates files"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        # Copy cli.py to temp dir
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        code, stdout, stderr = run_cli("init", "--project", "test-init", cwd=tmpdir)
+        
+        assert code == 0, f"Init failed: {stderr}"
+        assert (tmpdir / "release-gate.yaml").exists(), "Config not created"
+        assert (tmpdir / "valid_requests.jsonl").exists(), "Valid samples not created"
+        assert (tmpdir / "invalid_requests.jsonl").exists(), "Invalid samples not created"
+        print("✓ Test 1: Initialization - PASSED")
+
+
+def test_pass_case():
+    """Test 2: Valid config returns PASS (exit code 0)"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Initialize
+        run_cli("init", "--project", "test-pass", cwd=tmpdir)
+        
+        # Run (should PASS)
+        code, stdout, stderr = run_cli("run", "--config", "release-gate.yaml", cwd=tmpdir)
+        
+        assert code == 0, f"Expected exit code 0 for PASS, got {code}. Stderr: {stderr}"
+        assert "PASS" in stdout or "pass" in stdout.lower(), "PASS not in output"
+        print("✓ Test 2: PASS case (exit 0) - PASSED")
+
+
+def test_fail_case():
+    """Test 3: Invalid config returns FAIL (exit code 1)"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Create broken config (missing fallback)
+        broken_config = """
+project:
+  name: broken
+
+checks:
+  input_contract:
+    enabled: true
+    schema:
+      type: object
+  fallback_declared:
+    enabled: true
+"""
+        (tmpdir / "broken.yaml").write_text(broken_config)
+        
+        # Run (should FAIL)
+        code, stdout, stderr = run_cli("run", "--config", "broken.yaml", cwd=tmpdir)
+        
+        assert code == 1, f"Expected exit code 1 for FAIL, got {code}"
+        print("✓ Test 3: FAIL case (exit 1) - PASSED")
+
+
+def test_json_output():
+    """Test 4: JSON output is valid"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Initialize
+        run_cli("init", "--project", "test-json", cwd=tmpdir)
+        
+        # Run with JSON format
+        code, stdout, stderr = run_cli("run", "--config", "release-gate.yaml", "--format", "json", cwd=tmpdir)
+        
+        assert code == 0, f"Run failed: {stderr}"
+        
+        # Parse JSON
+        try:
+            data = json.loads(stdout)
+            assert "overall" in data, "JSON missing 'overall' field"
+            assert "checks" in data, "JSON missing 'checks' field"
+            assert data["overall"] == "PASS", f"Expected PASS, got {data['overall']}"
+            print("✓ Test 4: JSON output - PASSED")
+        except json.JSONDecodeError as e:
+            assert False, f"Invalid JSON output: {e}\n{stdout}"
+
+
+def test_custom_output_file():
+    """Test 5: Custom output file is created"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Initialize
+        run_cli("init", "--project", "test-output", cwd=tmpdir)
+        
+        # Run with custom output
+        code, stdout, stderr = run_cli(
+            "run", 
+            "--config", "release-gate.yaml",
+            "--output", "custom-report.json",
+            cwd=tmpdir
+        )
+        
+        assert code == 0, f"Run failed: {stderr}"
+        
+        output_file = tmpdir / "custom-report.json"
+        assert output_file.exists(), f"Custom output file not created: {output_file}"
+        
+        # Verify it's valid JSON
+        data = json.loads(output_file.read_text())
+        assert data["overall"] == "PASS"
+        print("✓ Test 5: Custom output file - PASSED")
+
+
+def test_sample_validation():
+    """Test 6: INPUT_CONTRACT tests samples"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Initialize
+        run_cli("init", "--project", "test-samples", cwd=tmpdir)
+        
+        # Run
+        code, stdout, stderr = run_cli("run", "--config", "release-gate.yaml", "--format", "json", cwd=tmpdir)
+        
+        assert code == 0
+        data = json.loads(stdout)
+        
+        # Find INPUT_CONTRACT check
+        input_contract = next((c for c in data["checks"] if c["name"] == "input_contract"), None)
+        assert input_contract is not None, "input_contract not found"
+        
+        # Check evidence includes sample counts
+        evidence = input_contract["evidence"]
+        assert "valid_samples_tested" in evidence, "valid_samples_tested not in evidence"
+        assert "invalid_samples_tested" in evidence, "invalid_samples_tested not in evidence"
+        assert evidence["valid_samples_tested"] > 0, "No valid samples tested"
+        assert evidence["invalid_samples_tested"] > 0, "No invalid samples tested"
+        print("✓ Test 6: Sample validation - PASSED")
+
+
+def test_warn_case_invalid_samples_accepted():
+    """Test 7: WARN when invalid samples incorrectly pass schema"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Create config with schema that's too loose (accepts everything)
+        config = """
+project:
+  name: warn-test
+
+gate:
+  policy: default-v0.1
+
+checks:
+  input_contract:
+    enabled: true
+    schema:
+      type: object
+    samples:
+      valid_path: valid_requests.jsonl
+      invalid_path: invalid_requests.jsonl
+
+  fallback_declared:
+    enabled: true
+    kill_switch:
+      type: feature_flag
+      name: disable_warn_test
+    fallback:
+      mode: static_placeholder
+    ownership:
+      team: platform-team
+      oncall: oncall-platform
+    runbook_url: https://wiki.internal/runbooks/test
+"""
+        (tmpdir / "release-gate.yaml").write_text(config)
+        
+        # Create invalid samples that will pass the loose schema
+        invalid_samples = """{"any": "value"}
+{"random": "data"}
+{"test": 123}
+"""
+        (tmpdir / "invalid_requests.jsonl").write_text(invalid_samples)
+        
+        # Create valid samples
+        valid_samples = """{"test": "valid"}
+{"data": "here"}
+{"foo": "bar"}
+"""
+        (tmpdir / "valid_requests.jsonl").write_text(valid_samples)
+        
+        # Run
+        code, stdout, stderr = run_cli("run", "--config", "release-gate.yaml", "--format", "json", cwd=tmpdir)
+        
+        # Should return WARN (exit code 10) because invalid samples are accepted
+        assert code == 10, f"Expected exit code 10 for WARN, got {code}. Stderr: {stderr}"
+        
+        data = json.loads(stdout)
+        assert data["overall"] == "WARN", f"Expected overall WARN, got {data['overall']}"
+        
+        # Check INPUT_CONTRACT returned WARN
+        input_contract = next((c for c in data["checks"] if c["name"] == "input_contract"), None)
+        assert input_contract is not None
+        assert input_contract["result"] == "WARN", f"Expected INPUT_CONTRACT WARN, got {input_contract['result']}"
+        
+        # Check evidence shows invalid samples were accepted
+        evidence = input_contract["evidence"]
+        assert evidence["invalid_samples_accepted"] > 0, "Expected some invalid samples to be accepted"
+        
+        print("✓ Test 7: WARN case (invalid samples accepted) - PASSED")
+
+
+def test_warn_exit_code_10():
+    """Test 8: WARN returns exit code 10"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Create config with loose schema
+        config = """
+project:
+  name: warn-exit-test
+
+checks:
+  input_contract:
+    enabled: true
+    schema:
+      type: object
+    samples:
+      valid_path: valid_requests.jsonl
+      invalid_path: invalid_requests.jsonl
+
+  fallback_declared:
+    enabled: true
+    kill_switch:
+      type: feature_flag
+      name: test
+    fallback:
+      mode: static_placeholder
+    ownership:
+      team: team
+      oncall: oncall
+    runbook_url: https://test.com
+"""
+        (tmpdir / "release-gate.yaml").write_text(config)
+        
+        # Create samples where invalid ones pass
+        (tmpdir / "valid_requests.jsonl").write_text('{"valid": true}\n')
+        (tmpdir / "invalid_requests.jsonl").write_text('{"invalid": true}\n')
+        
+        # Run
+        code, _, stderr = run_cli("run", "--config", "release-gate.yaml", cwd=tmpdir)
+        
+        # Should return exit code 10 for WARN
+        assert code == 10, f"Expected exit code 10 for WARN, got {code}"
+        print("✓ Test 8: WARN exit code (10) - PASSED")
+
+
+def test_warn_in_summary():
+    """Test 9: WARN appears in summary"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Create loose schema config
+        config = """
+project:
+  name: warn-summary-test
+
+checks:
+  input_contract:
+    enabled: true
+    schema:
+      type: object
+    samples:
+      valid_path: valid_requests.jsonl
+      invalid_path: invalid_requests.jsonl
+
+  fallback_declared:
+    enabled: true
+    kill_switch:
+      type: feature_flag
+      name: test
+    fallback:
+      mode: static_placeholder
+    ownership:
+      team: team
+      oncall: oncall
+    runbook_url: https://test.com
+"""
+        (tmpdir / "release-gate.yaml").write_text(config)
+        (tmpdir / "valid_requests.jsonl").write_text('{"valid": true}\n')
+        (tmpdir / "invalid_requests.jsonl").write_text('{"invalid": true}\n')
+        
+        # Run with JSON format
+        code, stdout, stderr = run_cli("run", "--config", "release-gate.yaml", "--format", "json", cwd=tmpdir)
+        
+        data = json.loads(stdout)
+        
+        # Check summary counts warn
+        summary = data["summary"]["counts"]
+        assert summary["warn"] > 0, "Expected warn count > 0 in summary"
+        
+        print("✓ Test 9: WARN in summary counts - PASSED")
+
+
+def test_warn_precedence_fail_wins():
+    """Test 10: FAIL takes precedence over WARN"""
+    with tempfile.TemporaryDirectory() as tmpdir:
+        tmpdir = Path(tmpdir)
+        import shutil as sh
+        sh.copy("cli.py", tmpdir / "cli.py")
+        
+        # Create config: INPUT_CONTRACT WARN + FALLBACK_DECLARED FAIL
+        config = """
+project:
+  name: fail-precedence-test
+
+checks:
+  input_contract:
+    enabled: true
+    schema:
+      type: object
+    samples:
+      valid_path: valid_requests.jsonl
+      invalid_path: invalid_requests.jsonl
+
+  fallback_declared:
+    enabled: true
+"""
+        (tmpdir / "release-gate.yaml").write_text(config)
+        (tmpdir / "valid_requests.jsonl").write_text('{"valid": true}\n')
+        (tmpdir / "invalid_requests.jsonl").write_text('{"invalid": true}\n')
+        
+        # Run
+        code, stdout, stderr = run_cli("run", "--config", "release-gate.yaml", "--format", "json", cwd=tmpdir)
+        
+        data = json.loads(stdout)
+        
+        # Even though INPUT_CONTRACT might WARN, overall should be FAIL (fallback missing)
+        assert data["overall"] == "FAIL", f"Expected FAIL to take precedence, got {data['overall']}"
+        assert code == 1, f"Expected exit code 1 (FAIL), got {code}"
+        
+        print("✓ Test 10: FAIL precedence over WARN - PASSED")
+
+
+def main():
+    """Run all tests"""
+    print("\n" + "="*70)
+    print("  release-gate Automated Smoke Test Suite")
+    print("="*70 + "\n")
+    
+    tests = [
+        ("Initialization", test_init),
+        ("PASS case", test_pass_case),
+        ("FAIL case", test_fail_case),
+        ("JSON output", test_json_output),
+        ("Custom output file", test_custom_output_file),
+        ("Sample validation", test_sample_validation),
+        ("WARN case (invalid samples accepted)", test_warn_case_invalid_samples_accepted),
+        ("WARN exit code (10)", test_warn_exit_code_10),
+        ("WARN in summary", test_warn_in_summary),
+        ("FAIL precedence over WARN", test_warn_precedence_fail_wins),
+        # Phase 2 tests
+        ("Phase 2: IDENTITY_BOUNDARY PASS", test_phase_2_identity_boundary),
+        ("Phase 2: IDENTITY_BOUNDARY FAIL", test_phase_2_identity_boundary_fail),
+        ("Phase 2: ACTION_BUDGET PASS", test_phase_2_action_budget),
+        ("Phase 2: ACTION_BUDGET FAIL", test_phase_2_action_budget_fail),
+    ]
+    
+    passed = 0
+    failed = 0
+    
+    for test_name, test_func in tests:
+        try:
+            test_func()
+            passed += 1
+        except AssertionError as e:
+            print(f"✗ {test_name} - FAILED: {e}")
+            failed += 1
+        except Exception as e:
+            print(f"✗ {test_name} - ERROR: {e}")
+            failed += 1
+    
+    print("\n" + "="*70)
+    print(f"Results: {passed} passed, {failed} failed")
+    print("="*70 + "\n")
+    
+    if failed == 0:
+        print("✅ All tests passed! release-gate is working correctly.\n")
+        return 0
+    else:
+        print("❌ Some tests failed. See details above.\n")
+        return 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())