vigil-codeintel 0.1.0__py3-none-any.whl

vigil_forensic/gate_models.py

@@ -0,0 +1,392 @@
+"""Gate models for vigil_forensic.
+
+Re-exports shared vocabulary types from _shared (inlined from the Vigil shared_helpers.gate_models)
+and defines PostExecGateContext and related dataclasses (inlined from the Vigil autoforensics.gate_models).
+
+This module provides backward-compatible re-exports so gate_checks can use:
+    from vigil_forensic.gate_models import PostExecGateContext, ...
+"""
+from __future__ import annotations
+
+import logging
+import time
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import TYPE_CHECKING, Any, Mapping, Optional
+
+_log = logging.getLogger(__name__)
+
+# Import coerce_float from our inlined _shared
+from vigil_forensic._shared import coerce_float as _coerce_float
+
+# Re-export the shared vocabulary from our inlined _shared module.
+from vigil_forensic._shared import (  # noqa: F401
+    EvidenceReference,
+    GateCategory,
+    GateCheckResult,
+    GateFileSnapshot,
+    GateFinding,
+    GateImpact,
+    GateSeverity,
+    GateVerdict,
+    RepairKind,
+    RepoGateProfile,
+)
+
+# Import stubs for control-plane types (replaces SYSTEM.control_plane.models
+# and SYSTEM.runtime.pocketcoder_adapter imports in the original self_audit.py)
+from vigil_forensic._stubs import ValidationContractProfile, PocketCoderForensicReport
+
+if TYPE_CHECKING:
+    pass  # No TYPE_CHECKING imports needed in the standalone package
+
+
+# Default identity strings
+_VERDICT_OWNER_DEFAULT: str = "orchestrator"
+_PROMPT_OWNER_DEFAULT: str = "orchestrator"
+_SUPERVISOR_DEFAULT: str = "orchestrator"
+
+
+_HOOK_TRACE_KNOWN_KEYS: frozenset[str] = frozenset({
+    "ts", "tool_name", "decision", "reason", "attempt_id", "summary",
+    "command_scope", "is_remote_wrapper", "approval_class", "actor",
+    "policy_rule", "provenance", "target_path", "target_paths",
+    "workspace_root", "path_scope", "tool_input_digest",
+})
+
+
+def _now() -> float:
+    return time.time()
+
+
+@dataclass(frozen=True)
+class HookTraceEntry:
+    ts: float = 0.0
+    tool_name: str = ""
+    decision: str = ""
+    reason: str = ""
+    attempt_id: str = "unknown"
+    summary: str = ""
+    command_scope: str = ""
+    is_remote_wrapper: bool = False
+    approval_class: str = ""
+    actor: str = ""
+    policy_rule: str = ""
+    target_path: str = ""
+    target_paths: tuple[str, ...] = ()
+    workspace_root: str = ""
+    path_scope: str = ""
+    tool_input_digest: str = ""
+    extras: tuple[tuple[str, object], ...] = ()
+
+    @classmethod
+    def from_mapping(cls, data: Mapping[str, object]) -> "HookTraceEntry":
+        provenance_raw = data.get("provenance")
+        provenance: dict[str, object] = dict(provenance_raw) if isinstance(provenance_raw, dict) else {}
+
+        def _pick(name: str, default: object = "") -> object:
+            if name in data:
+                return data.get(name)
+            return provenance.get(name, default)
+
+        extras_raw = [(key, value) for key, value in data.items() if key not in _HOOK_TRACE_KNOWN_KEYS]
+        if provenance:
+            for prov_key, prov_val in provenance.items():
+                if prov_key in _HOOK_TRACE_KNOWN_KEYS:
+                    continue
+                extras_raw.append((prov_key, prov_val))
+        extras_raw.sort(key=lambda item: item[0])
+
+        target_paths_raw = data.get("target_paths")
+        if isinstance(target_paths_raw, (list, tuple)):
+            target_paths = tuple(str(x) for x in target_paths_raw)
+        else:
+            target_paths = ()
+
+        return cls(
+            ts=_coerce_float(data.get("ts")),
+            tool_name=str(data.get("tool_name", "") or ""),
+            decision=str(data.get("decision", "") or ""),
+            reason=str(data.get("reason", "") or ""),
+            attempt_id=str(data.get("attempt_id", "unknown") or "unknown"),
+            summary=str(data.get("summary", "") or ""),
+            command_scope=str(data.get("command_scope", "") or ""),
+            is_remote_wrapper=bool(data.get("is_remote_wrapper", False)),
+            approval_class=str(data.get("approval_class", "") or ""),
+            actor=str(_pick("actor", "") or ""),
+            policy_rule=str(_pick("policy_rule", "") or ""),
+            target_path=str(data.get("target_path", "") or ""),
+            target_paths=target_paths,
+            workspace_root=str(data.get("workspace_root", "") or ""),
+            path_scope=str(data.get("path_scope", "") or ""),
+            tool_input_digest=str(data.get("tool_input_digest", "") or ""),
+            extras=tuple(extras_raw),
+        )
+
+    def to_dict(self) -> dict[str, object]:
+        payload: dict[str, object] = {
+            "ts": self.ts, "tool_name": self.tool_name, "decision": self.decision,
+            "reason": self.reason, "attempt_id": self.attempt_id, "summary": self.summary,
+            "command_scope": self.command_scope, "is_remote_wrapper": self.is_remote_wrapper,
+            "approval_class": self.approval_class, "actor": self.actor,
+            "policy_rule": self.policy_rule, "target_path": self.target_path,
+            "target_paths": list(self.target_paths), "workspace_root": self.workspace_root,
+            "path_scope": self.path_scope, "tool_input_digest": self.tool_input_digest,
+        }
+        for key, value in self.extras:
+            payload[key] = value
+        return payload
+
+
+@dataclass(frozen=True)
+class RuntimeState:
+    health: str = "healthy"
+    runtime_model: str = "local_workspace"
+    survives_console_exit: Optional[bool] = None
+    extras: tuple[tuple[str, object], ...] = ()
+
+    @classmethod
+    def from_mapping(cls, data: Mapping[str, object]) -> "RuntimeState":
+        known = {"health", "runtime_model", "survives_console_exit"}
+        extras = sorted(
+            ((k, v) for k, v in data.items() if k not in known),
+            key=lambda item: item[0],
+        )
+        raw_survives = data.get("survives_console_exit")
+        survives: Optional[bool] = None if raw_survives is None else bool(raw_survives)
+        return cls(
+            health=str(data.get("health", "healthy") or "healthy"),
+            runtime_model=str(data.get("runtime_model", "local_workspace") or "local_workspace"),
+            survives_console_exit=survives,
+            extras=tuple(extras),
+        )
+
+    def to_dict(self) -> dict[str, object]:
+        payload: dict[str, object] = {
+            "health": self.health, "runtime_model": self.runtime_model,
+            "survives_console_exit": self.survives_console_exit,
+        }
+        for key, value in self.extras:
+            payload[key] = value
+        return payload
+
+
+@dataclass(frozen=True)
+class VerificationSummary:
+    passed: bool = True
+    blocking_issues: tuple[str, ...] = ()
+    warnings: tuple[str, ...] = ()
+    summary: str = ""
+    verdict_owner: str = _VERDICT_OWNER_DEFAULT
+    extras: tuple[tuple[str, object], ...] = ()
+
+    @classmethod
+    def from_mapping(cls, data: Mapping[str, object]) -> "VerificationSummary":
+        known = {"passed", "blocking_issues", "warnings", "summary", "verdict_owner"}
+
+        def _str_tuple(value: object) -> tuple[str, ...]:
+            if value is None:
+                return ()
+            if isinstance(value, (list, tuple)):
+                return tuple(str(item) for item in value)
+            return ()
+
+        extras = sorted(
+            ((k, v) for k, v in data.items() if k not in known),
+            key=lambda item: item[0],
+        )
+        return cls(
+            passed=bool(data.get("passed", True)),
+            blocking_issues=_str_tuple(data.get("blocking_issues", ())),
+            warnings=_str_tuple(data.get("warnings", ())),
+            summary=str(data.get("summary", "") or ""),
+            verdict_owner=str(data.get("verdict_owner", _VERDICT_OWNER_DEFAULT) or _VERDICT_OWNER_DEFAULT),
+            extras=tuple(extras),
+        )
+
+    def to_dict(self) -> dict[str, object]:
+        payload: dict[str, object] = {
+            "passed": self.passed, "blocking_issues": list(self.blocking_issues),
+            "warnings": list(self.warnings), "summary": self.summary,
+            "verdict_owner": self.verdict_owner,
+        }
+        for key, value in self.extras:
+            payload[key] = value
+        return payload
+
+
+@dataclass(frozen=True)
+class HookTraceLoadProvenance:
+    kind: str = ""
+    started_at: float = 0.0
+    entries_considered: int = 0
+    entries_loaded: int = 0
+    extras: tuple[tuple[str, object], ...] = ()
+
+    @classmethod
+    def from_mapping(cls, data: Mapping[str, object]) -> "HookTraceLoadProvenance":
+        known = {"kind", "started_at", "entries_considered", "entries_loaded"}
+        extras = tuple(sorted(((k, v) for k, v in data.items() if k not in known), key=lambda item: item[0]))
+        return cls(
+            kind=str(data.get("kind", "") or ""),
+            started_at=_coerce_float(data.get("started_at")),
+            entries_considered=int(data.get("entries_considered", 0) or 0),
+            entries_loaded=int(data.get("entries_loaded", 0) or 0),
+            extras=extras,
+        )
+
+    def to_dict(self) -> dict[str, object]:
+        out: dict[str, object] = {
+            "kind": self.kind, "started_at": self.started_at,
+            "entries_considered": self.entries_considered, "entries_loaded": self.entries_loaded,
+        }
+        for k, v in self.extras:
+            out[k] = v
+        return out
+
+
+@dataclass(frozen=True)
+class DraftMessageEvidence:
+    message_id: str = ""
+    draft_id: str = ""
+    role: str = ""
+    created_at: float = 0.0
+    no_executor_started: bool = True
+    draft_assistant_mode: str = ""
+    extras: tuple[tuple[str, object], ...] = ()
+
+    @classmethod
+    def from_mapping(cls, data: Mapping[str, object]) -> "DraftMessageEvidence":
+        known = {"message_id", "draft_id", "role", "created_at", "no_executor_started", "draft_assistant_mode"}
+        extras = tuple((k, v) for k, v in data.items() if k not in known)
+        return cls(
+            message_id=str(data.get("message_id", "") or ""),
+            draft_id=str(data.get("draft_id", "") or ""),
+            role=str(data.get("role", "") or ""),
+            created_at=_coerce_float(data.get("created_at")),
+            no_executor_started=bool(data.get("no_executor_started", True)),
+            draft_assistant_mode=str(data.get("draft_assistant_mode", "") or ""),
+            extras=extras,
+        )
+
+    def to_dict(self) -> dict[str, object]:
+        out: dict[str, object] = {
+            "message_id": self.message_id, "draft_id": self.draft_id,
+            "role": self.role, "created_at": self.created_at,
+            "no_executor_started": self.no_executor_started,
+            "draft_assistant_mode": self.draft_assistant_mode,
+        }
+        for k, v in self.extras:
+            out[k] = v
+        return out
+
+
+@dataclass(frozen=True)
+class PostExecGateContext:
+    project_dir: Path
+    session_number: int
+    task_id: str
+    a1_task_id: str
+    validation_contract: "ValidationContractProfile"
+    forensic_report: "PocketCoderForensicReport"
+    runtime_state: RuntimeState
+    verification_summary: VerificationSummary
+    attempt_id: str = ""
+    gate_round: int = 1
+    maps: "Optional[Any]" = None
+    task_intent: str = ""
+    transport_mode: str = ""
+    project_mode: str = ""
+    original_user_request: str = ""
+    structured_handoff: Optional[Any] = None
+    self_check_summary: str = ""
+    changed_files_reported: tuple[str, ...] = field(default_factory=tuple)
+    changed_files_observed: tuple[str, ...] = field(default_factory=tuple)
+    touched_files: tuple[str, ...] = field(default_factory=tuple)
+    # True = full-project scan (standalone self-audit): clears cross_touched_duplicate
+    # so it does not double-count duplicate_scan. False = incremental diff (default).
+    is_full_scan: bool = False
+    artifact_refs: dict[str, str] = field(default_factory=dict)
+    prior_findings: tuple[str, ...] = field(default_factory=tuple)
+    tests_touched: tuple[str, ...] = field(default_factory=tuple)
+    file_snapshots: dict[str, GateFileSnapshot] = field(default_factory=dict)
+    source_package_roots: tuple[str, ...] = field(default_factory=tuple)
+    repo_profile: Optional[RepoGateProfile] = None
+    plan_artifact: Optional[Any] = None
+    execution_pack: Optional[Any] = None
+    codex_executor_brief: Optional[Any] = None
+    codex_review: Optional[Any] = None
+    codex_repair_brief: Optional[Any] = None
+    control_task_metadata: dict[str, Any] = field(default_factory=dict)
+    draft_metadata: Optional[Any] = None
+    mutable_draft_artifact: Optional[Any] = None
+    draft_launch_snapshot: Optional[Any] = None
+    session_artifacts: dict[str, str] = field(default_factory=dict)
+    artifact_load_errors: dict[str, str] = field(default_factory=dict)
+    hook_trace_entries: tuple[HookTraceEntry, ...] = field(default_factory=tuple)
+    hook_trace_load_provenance: HookTraceLoadProvenance = field(default_factory=HookTraceLoadProvenance)
+    draft_messages: tuple[DraftMessageEvidence, ...] = field(default_factory=tuple)
+    project_context: Optional[Any] = None
+    self_check_findings: tuple[str, ...] = field(default_factory=tuple)
+    self_check_parse_status: str = "n/a"
+    self_check_passed: Optional[bool] = None
+    foc_pre_gate_results: Optional[Mapping[str, object]] = None
+
+    def to_dict(self) -> dict[str, Any]:
+        return {
+            "session_number": self.session_number,
+            "task_id": self.task_id,
+            "a1_task_id": self.a1_task_id,
+            "attempt_id": self.attempt_id,
+            "gate_round": self.gate_round,
+            "task_intent": self.task_intent,
+            "transport_mode": self.transport_mode,
+            "project_mode": self.project_mode,
+            "original_user_request": self.original_user_request,
+            "self_check_summary": self.self_check_summary,
+            "changed_files_reported": list(self.changed_files_reported),
+            "changed_files_observed": list(self.changed_files_observed),
+            "touched_files": list(self.touched_files),
+            "validation_contract": self.validation_contract.to_dict(),
+            "forensic_report": self.forensic_report.to_dict(),
+            "runtime_state": self.runtime_state.to_dict(),
+            "artifact_refs": self.artifact_refs,
+            "verification_summary": self.verification_summary.to_dict(),
+            "prior_findings": list(self.prior_findings),
+            "tests_touched": list(self.tests_touched),
+            "file_snapshots": {k: v.to_dict() for k, v in self.file_snapshots.items()},
+            "repo_profile": self.repo_profile.to_dict() if self.repo_profile else {},
+            "control_task_metadata": self.control_task_metadata,
+            "session_artifacts": dict(self.session_artifacts),
+            "artifact_load_errors": dict(self.artifact_load_errors),
+            "hook_trace_entries": [entry.to_dict() for entry in self.hook_trace_entries],
+            "hook_trace_load_provenance": self.hook_trace_load_provenance.to_dict(),
+            "draft_messages": [m.to_dict() for m in self.draft_messages],
+            "self_check_findings": list(self.self_check_findings),
+            "self_check_parse_status": self.self_check_parse_status,
+            "self_check_passed": self.self_check_passed,
+            "foc_pre_gate_results": (
+                dict(self.foc_pre_gate_results) if self.foc_pre_gate_results is not None else None
+            ),
+        }
+
+
+def detect_source_package_roots(project_dir: Path) -> tuple[str, ...]:
+    """Auto-detect top-level Python package roots in project_dir."""
+    _EXCLUDE = frozenset({
+        "__pycache__", ".git", ".venv", "venv", "env", "node_modules",
+        "dist", "build", ".tox", ".mypy_cache", ".ruff_cache", ".pytest_cache",
+        ".cortex", "libs", "tests", "test",
+    })
+    roots = []
+    try:
+        for item in sorted(project_dir.iterdir()):
+            if not item.is_dir():
+                continue
+            if item.name.startswith(".") or item.name in _EXCLUDE:
+                continue
+            if (item / "__init__.py").exists():
+                roots.append(item.name)
+    except OSError:
+        _log.warning("gate_models: failed to scan project roots in %s", project_dir, exc_info=True)
+    return tuple(roots)

vigil_forensic/gate_packs/__init__.py

@@ -0,0 +1 @@
+# vigil_forensic gate_packs package

vigil_forensic/gate_packs/universal.py

@@ -0,0 +1,179 @@
+"""Universal gate specifications for vigil_forensic.
+
+Adapted from the Vigil autoforensics gate_packs.universal.
+FOC gates (foc_observability_coverage, foc_secret_logging, foc_duplicate_log) are DROPPED.
+All cluster imports rewritten to vigil_forensic.*.
+"""
+from __future__ import annotations
+
+from typing import Any
+
+from vigil_forensic.gate_checks.broad_except_checks import run_broad_except_checks
+from vigil_forensic.gate_checks.embedded_string_checks import run_embedded_string_checks
+from vigil_forensic.gate_checks.duplication_checks import run_duplication_checks
+from vigil_forensic.gate_checks.file_proliferation_checks import run_file_proliferation_checks
+from vigil_forensic.gate_checks.fix_without_test_checks import run_fix_without_test_checks
+from vigil_forensic.gate_checks.empty_output_checks import run_empty_output_checks
+from vigil_forensic.gate_checks.semantic_intent_checks import run_semantic_intent_checks
+from vigil_forensic.gate_checks.temporal_freshness_checks import run_temporal_freshness_checks
+from vigil_forensic.gate_checks.hallucination_checks import run_hallucination_checks
+from vigil_forensic.gate_checks.encoding_checks import run_encoding_checks, run_subprocess_encoding_checks
+from vigil_forensic.gate_checks.authority_checks import run_authority_checks
+from vigil_forensic.gate_checks.runtime_behavior_checks import run_runtime_duplicate_side_effect_checks
+from vigil_forensic.gate_checks.contract_shape_drift_checks import run_contract_shape_drift_checks
+from vigil_forensic.gate_checks.toctou_checks import run_toctou_check_then_act
+from vigil_forensic.gate_checks.atomic_write_checks import run_atomic_write_safety_checks
+from vigil_forensic.gate_checks.context_fallback_checks import run_context_fallback_save_checks
+from vigil_forensic.gate_checks.broad_except_hidden_sentinel_checks import run_broad_except_hidden_sentinel_checks
+from vigil_forensic.gate_checks.god_object_zones_checks import run_god_object_zones_checks
+from vigil_forensic.gate_checks.forensic_cluster_runners import run_forensic_cluster_checks
+from vigil_forensic.gate_checks.project_specific_runner import run_project_specific_checks
+from vigil_forensic.gate_checks.fallback_checks import run_fallback_checks
+from vigil_forensic.gate_checks.config_ssot_checks import run_config_ssot_checks
+from vigil_forensic.gate_checks.performance_checks import run_performance_checks
+from vigil_forensic.gate_checks.size_complexity_checks import run_size_complexity_checks, run_hotspot_inflation_checks
+from vigil_forensic.gate_checks.testing_checks import run_testing_checks
+from vigil_forensic.gate_checks.test_quality_checks import (
+    run_empty_test_module_checks,
+    run_simulated_test_checks,
+    run_test_quality_checks,
+    run_test_suite_masking_checks,
+)
+from vigil_forensic.gate_checks.reporting_checks import run_reporting_checks
+from vigil_forensic.gate_checks.syntax_validity_checks import run_syntax_validity_checks
+from vigil_forensic.gate_checks.provider_capability_checks import check_provider_capabilities
+from vigil_forensic.gate_checks.import_integrity_checks import run_import_integrity_checks, run_init_order_regression_checks
+from vigil_forensic.gate_checks.boundary_breach_checks import run_boundary_breach_checks
+from vigil_forensic.gate_checks.conflict_checks import run_conflict_touch_checks
+from vigil_forensic.gate_checks.refactor_completeness_checks import run_refactor_completeness_checks
+from vigil_forensic.gate_checks.type_checking_checks import run_type_checking_checks
+from vigil_forensic.gate_checks.reliability_checks import run_reliability_checks
+from vigil_forensic.gate_checks.security_injection_checks import run_security_injection_checks
+from vigil_forensic.gate_checks.config_safety_checks import run_config_safety_checks
+from vigil_forensic.gate_checks.implementation_overfit_checks import run_implementation_overfit_checks
+from vigil_forensic.gate_checks.stuck_feature_flag_checks import run_stuck_feature_flag_checks
+from vigil_forensic.gate_checks.hunter_artifact_completeness_check import run_hunter_artifact_completeness_checks
+from vigil_forensic.gate_checks.export_completeness_checks import run_export_completeness_checks
+from vigil_forensic.gate_checks.imports_in_function_checks import run_imports_in_function_checks
+from vigil_forensic.gate_checks.ml_checks import run_ml_checks
+from vigil_forensic.meta_findings import meta_runner_stub
+from vigil_forensic._shared import GateCategory
+
+# Gate metadata flags — single source of truth for gate classification.
+# FOC gates DROPPED (foc.observability_coverage, foc.secret_logging, foc.duplicate_log).
+GATE_FLAGS: dict[str, frozenset[str]] = {
+    "handoff":              frozenset({"skip_in_static"}),
+    "artifact_completeness": frozenset({"skip_in_static"}),
+    "semantic_intent":      frozenset({"skip_in_static"}),
+    # forensic_clusters is NOT skip_in_static: the pack runs in static mode but
+    # filters out its runtime-only sub-checks (see
+    # forensic_cluster_runners.core._RUNTIME_ONLY_CLUSTERS / _is_static_mode), so
+    # the static-safe checks (security, secrets, mutable defaults, resource
+    # leaks, dead code, hardcoded paths, …) still fire without runtime FPs.
+    "forensic_clusters":    frozenset(),
+    "pipeline_chain":       frozenset({"skip_in_static"}),
+    "testing":              frozenset({"skip_in_static"}),
+    "fix_without_test":     frozenset({"skip_in_static"}),
+    "truth_boundary":       frozenset({"skip_in_static"}),
+    "pe_health":            frozenset({"skip_in_static"}),
+    "hallucination":        frozenset({"skip_in_static"}),
+    "empty_output":         frozenset({"skip_in_static"}),
+    "reporting":            frozenset({"skip_in_static"}),
+    "temporal_freshness":   frozenset({"skip_in_static"}),
+    "provider_capability":  frozenset({"skip_in_static"}),
+    "tool_hook_coverage":   frozenset({"skip_in_static"}),
+    "policy_boundary":      frozenset({"skip_in_static"}),
+    "draft_boundary":       frozenset({"skip_in_static"}),
+    "authority_checks":       frozenset({"requires_git"}),
+    "contract_shape_drift":   frozenset({"requires_git"}),
+    "init_order_regression":  frozenset({"requires_git"}),
+    "stuck_feature_flag":     frozenset(),
+    "hunter_artifact_completeness": frozenset({"skip_in_static"}),
+    "size_complexity":   frozenset({"agnostic"}),
+    "duplication":       frozenset({"agnostic"}),
+    "file_proliferation": frozenset({"agnostic"}),
+    "syntax_validity":   frozenset({"agnostic"}),
+}
+
+GATE_SPECS: tuple[tuple[str, GateCategory, Any], ...] = (
+    # broad_except family
+    ("broad_except", GateCategory.FALLBACK, run_broad_except_checks),
+    ("broad_except.bare", GateCategory.FALLBACK, run_broad_except_checks),
+    ("broad_except.base_exception", GateCategory.FALLBACK, run_broad_except_checks),
+    ("broad_except.return_none", GateCategory.FALLBACK, run_broad_except_checks),
+    ("broad_except.log_swallow", GateCategory.FALLBACK, run_broad_except_checks),
+    ("broad_except.hidden_sentinel", GateCategory.CONTRACT, run_broad_except_hidden_sentinel_checks),
+    # embedded string
+    ("embedded_string", GateCategory.FALLBACK, run_embedded_string_checks),
+    # duplication
+    ("duplication", GateCategory.DUPLICATION, run_duplication_checks),
+    ("file_proliferation", GateCategory.DUPLICATION, run_file_proliferation_checks),
+    # testing
+    ("fix_without_test", GateCategory.TESTING, run_fix_without_test_checks),
+    # reporting
+    ("empty_output", GateCategory.REPORTING, run_empty_output_checks),
+    # semantic / temporal
+    ("semantic_intent", GateCategory.SEMANTIC_INTENT, run_semantic_intent_checks),
+    ("temporal_freshness", GateCategory.TEMPORAL_FRESHNESS, run_temporal_freshness_checks),
+    # contract
+    ("hallucination", GateCategory.CONTRACT, run_hallucination_checks),
+    # runtime behavior
+    ("encoding_safety", GateCategory.RUNTIME_BEHAVIOR, run_encoding_checks),
+    ("subprocess_encoding", GateCategory.RUNTIME_BEHAVIOR, run_subprocess_encoding_checks),
+    ("authority_checks", GateCategory.CONTRACT, run_authority_checks),
+    ("runtime_duplicate_side_effect", GateCategory.RUNTIME_BEHAVIOR, run_runtime_duplicate_side_effect_checks),
+    ("toctou_check_then_act", GateCategory.RUNTIME_BEHAVIOR, run_toctou_check_then_act),
+    ("atomic_write_safety", GateCategory.DRIFT, run_atomic_write_safety_checks),
+    ("context_fallback_save", GateCategory.CONTRACT, run_context_fallback_save_checks),
+    # drift
+    ("contract_shape_drift", GateCategory.DRIFT, run_contract_shape_drift_checks),
+    # object zones
+    ("god_object_zones", GateCategory.DRIFT, run_god_object_zones_checks),
+    # cluster framework runner
+    ("forensic_clusters", GateCategory.CONTRACT, run_forensic_cluster_checks),
+    # dynamic gate loader
+    ("project_specific", GateCategory.CONTRACT, run_project_specific_checks),
+    # profile-driven gates
+    ("fallback", GateCategory.FALLBACK, run_fallback_checks),
+    ("config_ssot", GateCategory.CONFIG_SSOT, run_config_ssot_checks),
+    ("performance", GateCategory.PERFORMANCE, run_performance_checks),
+    ("size_complexity", GateCategory.SIZE_COMPLEXITY, run_size_complexity_checks),
+    ("testing", GateCategory.TESTING, run_testing_checks),
+    ("test_quality", GateCategory.TESTING, run_test_quality_checks),
+    ("test_suite_masking", GateCategory.TESTING, run_test_suite_masking_checks),
+    ("empty_test_module", GateCategory.TESTING, run_empty_test_module_checks),
+    ("simulated_instead_of_executed_test", GateCategory.TESTING, run_simulated_test_checks),
+    ("reporting", GateCategory.REPORTING, run_reporting_checks),
+    ("syntax_validity", GateCategory.REPORTING, run_syntax_validity_checks),
+    ("provider_capability", GateCategory.CONTRACT, check_provider_capabilities),
+    ("import_integrity", GateCategory.CONTRACT, run_import_integrity_checks),
+    ("init_order_regression", GateCategory.CONTRACT, run_init_order_regression_checks),
+    ("boundary_breach", GateCategory.CONTRACT, run_boundary_breach_checks),
+    ("conflict_touch", GateCategory.CONTRACT, run_conflict_touch_checks),
+    ("hotspot_inflation", GateCategory.SIZE_COMPLEXITY, run_hotspot_inflation_checks),
+    ("refactor_completeness", GateCategory.DRIFT, run_refactor_completeness_checks),
+    ("type_checking", GateCategory.CONTRACT, run_type_checking_checks),
+    ("reliability", GateCategory.RUNTIME_BEHAVIOR, run_reliability_checks),
+    ("security_injection", GateCategory.CONTRACT, run_security_injection_checks),
+    ("config_safety", GateCategory.CONFIG_SSOT, run_config_safety_checks),
+    ("implementation_overfit", GateCategory.DRIFT, run_implementation_overfit_checks),
+    ("stuck_feature_flag", GateCategory.DRIFT, run_stuck_feature_flag_checks),
+    ("hunter_artifact_completeness", GateCategory.META, run_hunter_artifact_completeness_checks),
+    ("export_completeness", GateCategory.CONTRACT, run_export_completeness_checks),
+    ("imports_in_function", GateCategory.DRIFT, run_imports_in_function_checks),
+    ("imports_in_function.stdlib", GateCategory.DRIFT, run_imports_in_function_checks),
+    # ML/NN correctness pack (static AST; look-ahead, leakage, seed)
+    ("ml_checks", GateCategory.ML, run_ml_checks),
+    ("ml.lookahead_negative_shift", GateCategory.ML, run_ml_checks),
+    ("ml.nondeterministic_split", GateCategory.ML, run_ml_checks),
+    ("ml.scaler_fit_on_test", GateCategory.ML, run_ml_checks),
+    ("ml.missing_random_seed", GateCategory.ML, run_ml_checks),
+    # meta stubs (FOC gates removed)
+    ("meta.syntax_parse_error", GateCategory.META, meta_runner_stub),
+    ("meta.profile_load_failed", GateCategory.META, meta_runner_stub),
+    ("meta.git_unavailable", GateCategory.META, meta_runner_stub),
+    ("meta.artifact_corrupted", GateCategory.META, meta_runner_stub),
+    ("meta.artifact_unreadable", GateCategory.META, meta_runner_stub),
+    ("meta.file_unreadable", GateCategory.META, meta_runner_stub),
+    ("meta.allowlist_corrupted", GateCategory.META, meta_runner_stub),
+)

vigil_forensic/gate_profile.json

@@ -0,0 +1,31 @@
+{
+  "profile_name": "vigil-default",
+  "version": "1.0",
+  "_doc": "Default forensic gate profile. Size/complexity thresholds use industry-standard linter defaults to silence size-noise false-positives on legitimately large files. JSON forbids comments; the cited justification for every value lives in README.md ('Default gate profile' section). To override for your own repo, copy this file to <your-project>/gate_profile.json (or <your-project>/.cortex/gate_profile.json) and edit size_thresholds.",
+  "size_thresholds": {
+    "file_warn": 750,
+    "file_revise": 1000,
+    "function_warn": 100,
+    "function_revise": 150,
+    "nesting_warn": 5,
+    "nesting_revise": 8
+  },
+  "generated_roots": [
+    ".git",
+    "__pycache__",
+    ".pytest_cache",
+    ".mypy_cache",
+    ".ruff_cache",
+    "dist",
+    "build",
+    "node_modules",
+    "venv",
+    ".venv",
+    ".cortex"
+  ],
+  "vendored_roots": [
+    ".vendor",
+    "vendor",
+    "node_modules"
+  ]
+}

vigil_forensic/gate_registry.py

@@ -0,0 +1,21 @@
+"""Gate registry for vigil_forensic.
+
+Adapted from the Vigil autoforensics gate_registry.
+"""
+from __future__ import annotations
+
+from vigil_forensic.gate_packs.universal import GATE_SPECS as _UNIVERSAL_SPECS
+import logging
+_log = logging.getLogger(__name__)
+
+_u = {check_id: (cat, runner) for check_id, cat, runner in _UNIVERSAL_SPECS}
+
+
+def _u_entry(check_id: str) -> tuple:
+    cat, runner = _u[check_id]
+    return (check_id, cat, runner)
+
+
+DEFAULT_GATE_CHECKS: tuple[tuple, ...] = tuple(
+    _u_entry(spec[0]) for spec in _UNIVERSAL_SPECS
+)