v22.0 Autonomous Gate 0 Maintenance Pass (2026-06-12)
Purpose
Make safe autonomous progress while Gate 0 remains blocked on user-owned C1 legal evidence and D4 partner-operations evidence.
This pass intentionally does not close UA-1, UA-3, G0-3, G0-8, or Gate 0. No partner names, legal conclusions, outreach facts, service data, or production instructions were generated.
Constraints
- Leave C1 and D4 pending until real evidence exists.
- Improve evidence discipline without requiring private operations material.
- Keep changes repo-local and boundary-safe.
- Add validation that can run before a future Gate 0 re-review.
Options Considered
| Option | Assessment | Decision |
|---|---|---|
| Docs-only cleanup | Low risk but weak; future reviewers could still accidentally mark prep-only evidence as closure. | Not sufficient |
| Add the full Gate 0 decision guard to normal CI | Not viable while Gate 0 intentionally remains NO-GO; would block unrelated safe maintenance. | Rejected |
| Add evidence-intake guard to normal validation | Viable after targeted tests proved it passes pending-state docs while blocking false closure states. | Chosen |
| Targeted evidence-intake guard | Directly protects the active blocker surface without changing app behavior or gate status. | Chosen |
| Add DB-level pilot replay constraints | Not safe autonomously because it would require a migration and live-schema preflight. | Deferred |
| Define replay criteria in code and runbook | Safe repo-local progress that makes the future duplicate-suppression implementation testable. | Chosen |
| Use existing event primary keys for retries | Backward-compatible no-migration path for atomic supplied-ID retry suppression. | Chosen |
| Suppress semantic duplicates without event IDs | Not safe without a new stored fingerprint/unique index or a non-atomic pre-query. | Rejected |
| Keep duplicate responses inline per route | Works but leaves six routes open to cache/status/body drift. | Rejected |
| Centralize pilot write responses | Small, testable helper keeps create and idempotent retry responses consistent. | Chosen |
| Add a pilot draft table/store now | Not justified because no current pilot draft queue exists and a new persistence surface raises risk. | Rejected |
| Add reserved-prefix draft cleanup on sign-out | Safe no-op for current behavior that gives future pilot drafts a tested expiry and cleanup contract. | Chosen |
| Document existing pilot scope route in OpenAPI | Safe contract alignment for an implemented internal endpoint; no runtime, data, auth, or DB change. | Chosen |
| Add supplied-ID duplicate response to scope | Misaligned with current route semantics; scope uses upsert and returns 201 success. | Rejected |
| Document existing metrics recompute route | Safe contract alignment for an implemented internal endpoint and tested route behavior. | Chosen |
Change recompute to return 201 or snapshots | Not a contract-alignment task; changing response semantics could affect existing clients/tests. | Rejected |
| Add a threat-model consistency guard | Safe enforcement of the documented Gate 0 security rule without changing finding verification status. | Chosen |
| Auto-close high/medium threat-model findings | Requires manual QA, integration, or dry-run evidence that is not available autonomously. | Rejected |
| Align remaining pilot response schemas | Safe OpenAPI-only hardening for already-tested internal route behavior. | Chosen |
| Refactor pilot route response bodies | Unnecessary for contract alignment and could create runtime/client risk. | Rejected |
| Add pilot storage resilience coverage | Existing storage code already uses withCircuitBreaker; tests can pin the contract without churn. | Chosen |
| Rewrite pilot storage around a new abstraction | Higher risk and unnecessary while the current storage seam is small and already circuit-wrapped. | Rejected |
| Align stale C2 evidence wording | Safe docs consistency fix using existing C2 verification evidence already present in the repo. | Chosen |
| Re-open C2 or invent new verification evidence | Not justified; existing C2 docs contain completed read-only verification evidence. | Rejected |
| Clarify baseline report sign-off wording | Safe docs consistency fix: M1/M3 execution is recorded, while formal sign-off remains non-gating. | Chosen |
| Mark baseline product/governance sign-off done | Would invent formal sign-off evidence. | Rejected |
| Add route tests for documented success envelopes | Safe coverage hardening for existing referral update and integration-feasibility behavior. | Chosen |
| Change response helpers for these routes | Unnecessary; routes already return the documented envelope and no-store headers. | Rejected |
| Add integration-feasibility error-path tests | Safe route coverage for documented 401/429/501/500 behavior without changing runtime code. | Chosen |
| Broaden integration route behavior now | Not needed; the existing route behavior matches the documented internal contract. | Rejected |
| Add referral update error-path tests | Safe route coverage for documented protected update behavior without changing runtime code. | Chosen |
| Change referral update authorization semantics | Not safe or necessary; existing assertPermission behavior is already the intended protection path. | Rejected |
| Add shared instrumentation rate-limit tests | Safe coverage for documented 429 behavior across existing internal pilot instrumentation routes. | Chosen |
| Refactor instrumentation route rate limiting | Unnecessary; existing route behavior is consistent and only needed test coverage. | Rejected |
| Add metrics-recompute rate-limit coverage | Safe coverage for documented 429 behavior on the existing internal recompute route. | Chosen |
| Change recompute limiter/auth ordering | Not needed; the route already fails fast on rate limit before authenticated work. | Rejected |
| Add referral create error-path tests | Safe route coverage for existing protected create behavior without changing runtime code. | Chosen |
| Change referral create response semantics | Not needed; existing success, retry, storage, and error envelopes are now covered by tests. | Rejected |
Document and test pilot JSON 415 responses | Safe contract alignment for existing shared content-type validation on internal JSON write routes. | Chosen |
| Change content-type enforcement behavior | Not needed; current shared validateContentType behavior already matches the privacy-safe contract. | Rejected |
| Derive OpenAPI route coverage from filesystem | Safe test-only guard that prevents new internal pilot routes from silently missing contract docs. | Chosen |
| Keep route documentation guard hardcoded only | Too easy for future route additions to bypass until someone remembers to update the test inventory. | Rejected |
| Derive OpenAPI method coverage from route files | Safe test-only guard that catches undocumented implemented GET/POST/PATCH pilot methods. | Chosen |
| Assume documented path implies documented method | Too weak; a path can exist in OpenAPI while a new route method remains undocumented. | Rejected |
| Assert OpenAPI pilot paths match implemented set | Safe test-only guard that prevents stale pilot contract paths from outliving removed routes. | Chosen |
| Allow stale planned pilot paths in OpenAPI | Rejected for internal routes; the public-safe contract should describe implemented behavior. | Rejected |
| Assert OpenAPI methods match route exports | Safe test-only guard that prevents stale method docs under otherwise valid pilot paths. | Chosen |
| Keep method coverage one-way only | Too weak; it catches missing methods but not stale documented methods after route changes. | Rejected |
| Validate local OpenAPI component refs | Safe test-only guard that catches broken schema/response refs without adding a YAML parser dependency. | Chosen |
| Add a new OpenAPI parser dependency | Not needed for this narrow guard; existing string checks can validate local refs with lower churn. | Rejected |
| Guard pilot OpenAPI operation metadata | Safe test-only guard that keeps internal pilot operations cookie-authenticated and uniquely named. | Chosen |
| Change runtime auth from contract test work | Not needed; this slice verifies the documented contract rather than changing authorization behavior. | Rejected |
| Derive pilot JSON-write contract checks | Safe test-only guard that removes a hardcoded write-route list and follows implemented non-GET routes. | Chosen |
| Keep JSON-write coverage manually listed | Too easy for future write routes to miss request-body or 415 contract checks. | Rejected |
| Add recovery snapshot freshness status | Safe aggregate diagnostic improvement using the existing offline stale/fresh policy. | Chosen |
| Add raw queue inspection to recovery diagnostics | Rejected; recovery evidence must remain aggregate-only and avoid raw payload exposure. | Rejected |
| Add aggregate recovery recommendations | Safe dry-run support that turns aggregate diagnostics into non-destructive next-action IDs. | Chosen |
| Add destructive recovery actions to helper | Rejected; destructive clearing requires queue preservation evidence and owner judgment. | Rejected |
Return null for uninspectable draft counts | Safer than a false zero when browser storage access is blocked or unavailable. | Chosen |
| Treat inaccessible draft storage as empty | Rejected; it could hide local draft data during recovery triage. | Rejected |
| Sanitize offline recovery warning metadata | Safe privacy hardening; aggregate diagnostics do not need raw exception objects or messages. | Chosen |
| Keep raw recovery exceptions in warning logs | Rejected; local storage/browser errors can contain details that are not needed for public-safe triage. | Rejected |
| Normalize offline feedback queue payloads | Safe local hardening that makes stored/replayed payloads match the public feedback API schema. | Chosen |
| Replay queued feedback exactly as stored | Rejected; legacy empty optional fields can make valid offline votes fail later API validation. | Rejected |
| Delete invalid queued feedback immediately | Rejected for now; invalid items follow the existing retry-count policy without being sent to the API. | Rejected |
| Restrict idempotent retry suppression to PKs | Safe storage hardening; future semantic unique constraints should not be silently treated as retries. | Chosen |
| Suppress every duplicate-key error with an ID | Rejected; too broad once replay/fingerprint unique constraints are introduced. | Rejected |
| Sanitize offline sync failure metadata | Safe privacy hardening for local recovery diagnostics and background sync logs. | Chosen |
| Return raw sync exceptions to UI callers | Rejected; raw browser/network exceptions are not needed for recovery triage. | Rejected |
| Validate pilot readiness scope inputs | Safe governance hardening; malformed scope evidence should fail closed before producing audit outputs. | Chosen |
| Trust readiness scope files and DB rows as typed | Rejected; unchecked casts can turn malformed partner scope inputs into misleading readiness reports. | Rejected |
| Neutralize readiness CSV formula prefixes | Safe worksheet hardening for audit outputs that may be opened in spreadsheet software. | Chosen |
| Leave readiness CSV cells unmodified | Rejected; formula-like service names or reviewer fields could be interpreted by spreadsheet software. | Rejected |
| Reject duplicate readiness scope identities | Safe governance hardening; repeated scope rows should not inflate readiness audit counts. | Chosen |
| Deduplicate readiness scope rows silently | Rejected; silent dedupe can hide upstream scope-prep errors that should be corrected before review. | Rejected |
| Tighten D4 outreach CSV structure checks | Safe evidence-discipline hardening for future closure attempts without judging outreach sufficiency. | Chosen |
| Accept any D4 outreach CSV shape | Rejected; malformed logs could pass structure checks while lacking dated traceability. | Rejected |
| Validate closure submission dates and counts | Safe evidence-discipline hardening for dated, attributable C1/D4 closure packets. | Chosen |
| Accept free-form closure dates and count text | Rejected; malformed dates/counts weaken auditability and can pass current placeholder-only checks. | Rejected |
| Require C1 non-pass rationale and fallback | Safe evidence-structure hardening; non-pass clause rows need auditable rationale and fallback fields. | Chosen |
| Accept bare C1 non-pass matrix outcomes | Rejected; a failed/conditional clause without rationale or fallback is not auditable closure evidence. | Rejected |
| Enforce C1 clause matrix header and row count | Safe evidence-structure hardening; duplicate or malformed matrix rows make closure evidence ambiguous. | Chosen |
| Read the first matching C1 matrix row only | Rejected; silently ignoring duplicate clause rows can hide contradictory closure evidence. | Rejected |
| Enforce D4 partner-list header, types, duplicates | Safe evidence-structure hardening; partner target counts must come from unambiguous rows. | Chosen |
| Count loose D4 partner-list type text | Rejected; broad substring matching can count ambiguous or placeholder partner type values. | Rejected |
| Cross-check D4 submitted counts against artifacts | Safe evidence-structure hardening; submitted counts should match the attached traceability artifacts. | Chosen |
| Trust D4 submitted counts without cross-checking | Rejected; count text can drift from partner-list and outreach-log evidence. | Rejected |
| Require C1 artifact inventory traceability | Safe evidence-structure hardening; C1 source artifacts need auditable mapping without storing private raw files in git. | Chosen |
| Trust C1 matrix source text without inventory | Rejected; matrix source labels can drift from the attached review bundle and weaken closure auditability. | Rejected |
| Require closure Submission ID filename match | Safe evidence-structure hardening; dated closure packets should have one unambiguous identity across file and content. | Chosen |
| Trust mismatched submission identifiers | Rejected; mismatched IDs make evidence packets harder to audit and can route checks to the wrong dated artifacts. | Rejected |
| Require D4 artifact inventory traceability | Safe evidence-structure hardening; outreach source artifacts need auditable mapping without storing private raw files. | Chosen |
| Trust D4 outreach source text without inventory | Rejected; outreach-log source labels can drift from the attached execution bundle and weaken closure auditability. | Rejected |
Implementation
- Added
scripts/check-v22-evidence-intake.sh. - Added
npm run check:v22-evidence. - Wired the evidence-intake guard into
npm run check:v22-gate0before the final GO/NO-GO decision check. - Added fixture-oriented Vitest coverage for the guard in
tests/scripts/check-v22-evidence-intake.test.ts. - Hardened
scripts/check-v22-gate0-exit.shsoNO-GOblocking checks must match the actual non-passrequired-check rows. - Added fixture-oriented Vitest coverage for the Gate 0 decision guard in
tests/scripts/check-v22-gate0-exit.test.ts. - Added
npm run check:v22-evidenceto local CI validation and GitHub static analysis. - Updated the intake pack, sync runbook, action tracker, and README command reference.
- Hardened
lib/schemas/privacy-guards.tsso pilot/integration payload validation rejects raw personal contact and free-text field names in addition to raw query/message/notes fields. - Added focused schema coverage for the expanded privacy guard in
tests/lib/schemas/privacy-guards.test.tsandtests/lib/schemas/pilot-events.test.ts. - Updated
docs/security/v22-0-offline-local-threat-model.mdwith a repo-local mitigation evidence audit that preserves the unverified status of local queue expiry, replay suppression, and corruption recovery findings. - Added
lib/pilot/event-replay-policy.tswith deterministic privacy-safe replay fingerprints for pilot event payloads. - Added
tests/lib/pilot/event-replay-policy.test.tscoverage for stable fingerprints, criteria changes, event-kind separation, and ignoring fields outside the replay criteria. - Added the public-safe
docs/runbooks/pilot-event-replay.mdsummary and linked it from the runbook index. - Added the public-safe
docs/runbooks/offline-local-recovery.mdsummary for aggregate queue audit, non-destructive re-sync, and destructive-clearing safeguards, and linked it from the runbook index. - Added
lib/offline/pilot-draft-cleanup.tswith reserved-prefix pilot draft TTL, expired/malformed envelope pruning, and sign-out cleanup helpers. - Wired pilot draft cleanup into
components/layout/AuthProvider.tsxbefore Supabase sign-out. - Added focused coverage in
tests/lib/offline/pilot-draft-cleanup.test.tsandtests/components/AuthProvider.test.tsx. - Updated
docs/runbooks/offline-local-recovery.mdanddocs/security/v22-0-offline-local-threat-model.mdto record F2 as code-covered but not fully verified because no actual pilot draft queue or manual QA evidence exists. - Added
lib/offline/local-recovery-audit.tsto build a privacy-preserving local recovery snapshot with only aggregate cache, queue, draft-key, and sync-metadata counts. - Added
tests/lib/offline/local-recovery-audit.test.tscoverage showing the helper avoids queued payload reads and omits internal error details from returned snapshots. - Added optional client event UUID
idsupport to pilot event create schemas. - Updated pilot event storage so duplicate primary-key conflicts are treated as idempotent retries only when a client event
idwas supplied. - Updated pilot event create routes to return no-store
200responses withduplicate: truefor those supplied-ID retries. - Added schema, storage, and route coverage for supplied-ID idempotent retry handling.
- Updated
docs/api/openapi.yamlso pilot event create endpoints document optional client event IDs and supplied-ID duplicate retry responses. - Added
tests/unit/openapi-pilot-events.test.tsto pin the documented pilot event OpenAPI contract. - Added
lib/pilot/responses.tsto centralize no-store pilot create success and idempotent retry responses. - Updated pilot event create routes to use the shared pilot response helper.
- Added
tests/lib/pilot/responses.test.tsfor helper-level response contract coverage. - Documented the existing
POST /api/v1/pilot/scope/servicesinternal route indocs/api/openapi.yamlwith its privacy-safe payload schema. - Extended
tests/unit/openapi-pilot-events.test.tsto pin the pilot scope OpenAPI contract and its current201success behavior. - Documented the existing
POST /api/v1/pilot/metrics/recomputeinternal route indocs/api/openapi.yamlwith its privacy-safe selector and current success envelope. - Extended
tests/unit/openapi-pilot-events.test.tsto pin the recompute OpenAPI contract, including200success and501storage-readiness behavior. - Added OpenAPI path-presence coverage for all implemented internal pilot routes listed in the v22 Phase 0 plan.
- Added
scripts/check-v22-threat-model.shto validate that the offline/local threat-model mitigation matrix and Gate 0 security outcome stay internally consistent. - Added
tests/scripts/check-v22-threat-model.test.tsfixture coverage for high findings with pending verification, unresolved critical findings, incomplete high-finding metadata, contradictory Gate 0 security outcomes, and placeholder sign-off lines. - Added
npm run check:v22-threat-model, wired it into local CI validation, GitHub static analysis, and the Gate 0 release guard. - Updated the README command reference and threat-model automation note.
- Updated
docs/api/openapi.yamlso referral update and integration feasibility success responses document their existingsuccess: trueenvelope. - Updated
docs/api/openapi.yamlso pilot scorecard responses document the scorecard envelope, optional Gate 1 threshold evaluation, and existing404not-found response. - Extended
tests/unit/openapi-pilot-events.test.tsto pin those response contracts. - Expanded
tests/lib/pilot/storage.test.tsto pin circuit-breaker wrapping for representative insert, update, and read storage paths. - Updated the C2 retention evidence README and C2-20260329 field-level rows so they reference the existing completed read-only verification evidence instead of stale pending-evidence wording.
- Added documentation-hygiene coverage to keep C2 retention evidence aligned with the Gate 0
G0-4pass state. - Updated the Phase 0 baseline report sign-off note so it no longer says the report is waiting on database execution context after M1/M3 execution was recorded.
- Added documentation-hygiene coverage to keep baseline execution evidence distinct from still-pending product/governance sign-off fields.
- Added route coverage proving referral update and integration-feasibility success paths return the documented
success: trueenvelopes withCache-Control: no-store. - Added integration-feasibility route coverage for rate limit, unauthenticated access, missing pilot storage, and storage failure responses.
- Added referral update route coverage for rate limit, unauthenticated access, authorization failure, missing pilot storage, and storage failure responses.
- Added shared instrumentation-route coverage for rate-limit responses across connection, scope, service-status, data-decay-audit, and preference-fit writes.
- Added metrics-recompute route coverage for rate-limit responses and the authenticated-work short-circuit.
- Added referral create route coverage for rate limit, unauthenticated access, authorization failure, invalid payloads, missing pilot storage, storage failure, and the no-store success envelope.
- Added pilot JSON write route coverage for unsupported media type responses and documented the existing
415contract in OpenAPI. - Updated the OpenAPI pilot contract test to derive implemented pilot route paths from
app/api/v1/pilot/**/route.ts, including Next dynamic segment mapping from[id]to{id}. - Extended the OpenAPI pilot contract test to derive exported HTTP methods from each implemented
route.tsfile and assert the matching OpenAPI method block is documented. - Added a symmetric OpenAPI pilot path inventory check so documented
/pilot/...paths must exactly match implemented pilot route files. - Added a symmetric OpenAPI pilot method inventory check so documented HTTP method blocks must exactly match exported route methods for each pilot path.
- Added a deduplicated local OpenAPI component reference check for
#/components/schemas/*and#/components/responses/*refs. - Added OpenAPI pilot operation metadata checks for documented
cookieAuth, validoperationIdfields, and unique pilot operation IDs. - Replaced the hardcoded pilot JSON-write path list with derived non-GET route operations, and asserted each documents an
application/jsonrequest body plus the existing415response. - Extended the offline local recovery snapshot with
lastSyncStatususing the existing offline snapshot freshness policy, and documented the aggregate diagnostic in the public recovery runbook. - Added
buildOfflineLocalRecoveryPlan()to convert aggregate recovery snapshots into non-destructive recommendation IDs for dry-run notes. - Made pilot draft storage counts nullable when
localStorageorsessionStoragecannot be inspected, and mapped unknown draft counts to the non-destructiveinspect_browser_storagerecommendation. - Sanitized offline local recovery and pilot draft cleanup warning metadata so logs carry storage class and error type only, not raw exception objects or messages.
- Moved sign-out draft storage lookup inside each guarded cleanup block so blocked
localStorageaccess does not preventsessionStoragecleanup. - Added offline feedback queue payload normalization through
FeedbackSubmitSchemabefore IndexedDB storage and before API replay. - Removed empty optional strings from queued feedback payloads so offline thumbs-up/down submissions do not persist invalid
category_searchedvalues. - Added sanitized sync warnings for invalid queued feedback, API rejection, and DB-access failure paths without logging raw feedback text.
- Tightened pilot event storage idempotency so supplied-ID duplicate retries are suppressed only for primary-key or
idkey conflicts, while other duplicate constraints remain storage errors. - Sanitized
syncOfflineData()failure results and warning logs so they returnerrorTypeand optionalhttpStatusinstead of raw thrown objects or browser/network messages. - Sanitized
OfflineSyncbackground warning logs for service worker registration, data sync, pending feedback sync, and offline fallback prewarm failures. - Added fail-closed validation for pilot readiness scope entries loaded from JSON files or Supabase before generating audit outputs.
- Sanitized Supabase pilot scope load failures and invalid-scope errors so readiness tooling reports field paths and error codes without raw row values, partner notes, or database messages.
- Neutralized spreadsheet formula prefixes in pilot readiness CSV output so generated verification worksheets treat formula-like text as text.
- Applied the pilot readiness scope validator inside
buildPilotReadinessReport()as well as the file and Supabase loaders, so direct report-builder callers cannot bypass malformed-scope checks. - Added duplicate pilot readiness scope identity detection for
(pilot_cycle_id, org_id, service_id)so repeated rows fail closed instead of inflating audit counts. - Tightened the D4 outreach log evidence-intake guard to require the canonical CSV header,
YYYY-MM-DDdates, positive attempt numbers, andsource_artifacttraceability on execution rows. - Updated the Gate 0 evidence intake pack and sync runbook to document the machine-enforced D4 outreach CSV structure.
- Tightened C1 and D4 closure submission validation so required submission dates must use
YYYY-MM-DDand D4 target/contact-attempt counts must be positive integers. - Updated the Gate 0 evidence intake pack and sync runbook to document the machine-enforced closure submission date and count structure.
- Tightened C1 clause-matrix validation so non-pass outcomes require both
Notes / rationaleandRequired mitigation or fallbackvalues. - Updated the Gate 0 evidence intake pack and sync runbook to document the machine-enforced C1 non-pass rationale and fallback structure.
- Tightened C1 clause-matrix validation so closure evidence must use the canonical matrix header and include exactly one row for each required clause ID (
C1-1throughC1-4). - Updated the Gate 0 evidence intake pack and sync runbook to document the machine-enforced C1 matrix header and exact-row structure.
- Tightened D4 partner-list validation so closure evidence must use the canonical partner-list header, exact partner types, and no duplicate organization / partner rows.
- Updated the Gate 0 evidence intake pack and sync runbook to document the machine-enforced D4 partner-list header, type, and duplicate-row structure.
- Tightened D4 closure validation so submitted target and contact-attempt counts must match the attached provider rows, frontline organization rows, and outreach-log execution rows.
- Updated the Gate 0 evidence intake pack and sync runbook to document the machine-enforced D4 submission-to-artifact count consistency checks.
- Tightened C1 closure validation so completed legal/API review evidence must include a canonical artifact inventory with non-placeholder source metadata and at least one artifact marked as used in the clause matrix.
- Cross-checked C1 clause-matrix source artifact values against inventory Artifact ID and Filename / location values marked
Used in clause matrix=yes. - Added the reusable C1 artifact inventory template and updated the C1 evidence README, intake pack, and sync runbook to document the machine-enforced artifact traceability checks.
- Normalized Markdown table header comparisons in the evidence-intake guard so formatter-aligned table spacing does not fail otherwise canonical C1/D4 evidence headers.
- Added a regression fixture for formatter-aligned C1 matrix, C1 inventory, and D4 partner-list headers.
- Normalized the existing prep-only C1 artifact inventory scaffold to match the canonical inventory column names while preserving its
prep_onlystatus. - Tightened C1 and D4 closure validation so the
Submission IDline must be present and match the dated submission filename prefix. - Added fixture coverage for mismatched C1 and D4 submission IDs.
- Updated the Gate 0 evidence intake pack and sync runbook to document the machine-enforced submission-ID-to-filename consistency check.
- Updated the C1 and D4 evidence submission templates and README files so future closure packets state the same submission-ID-to-filename rule at the source.
- Tightened D4 closure validation so completed partner-operations evidence must include a canonical artifact inventory with non-placeholder source metadata and at least one artifact marked as supporting an outreach-log row.
- Cross-checked D4 outreach-log
source_artifactvalues against inventory Artifact ID and Filename / location values markedSupports outreach-log row=yes. - Added the reusable D4 artifact inventory template and updated the D4 evidence README, submission template, intake pack, and sync runbook to document the machine-enforced artifact traceability checks.
- Added fixture coverage for missing D4 artifact inventories and outreach-log source artifacts that are absent from the inventory.
- Added the v22.0 Worktree Checkpoint to group the current worktree by review theme and recommend commit boundaries without creating commits.
Guard Behavior
The guard is status-aware:
- Pending
UA-1/G0-3andUA-3/G0-8may have onlyprep_onlyartifacts. - Complete/pass C1 requires a non-prep C1 submission, artifact inventory, and clause matrix with non-placeholder reviewer, artifact, clause, and recommendation fields, plus a
Submission IDmatching the submission filename. - Complete/pass D4 requires a non-prep D4 submission, partner list, outreach log, and artifact inventory with non-placeholder owner, target-count, dated execution, and source-artifact traceability fields, plus a
Submission IDmatching the submission filename. - The guard checks evidence structure and doc consistency only. It does not determine whether legal terms are acceptable or whether outreach evidence is strategically sufficient.
Verification
Commands run from the repo root:
bash scripts/check-v22-evidence-intake.sh- passed; current pending C1/D4 state is internally consistent.bash -n scripts/check-v22-evidence-intake.sh- passed.bash -n scripts/check-v22-gate0-exit.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts- passed (9tests).node --import tsx scripts/check-references.ts- passed (143files checked).node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts- passed.node node_modules/typescript/bin/tsc --noEmit- passed.bash scripts/check-root-hygiene.sh- passed.git diff --check- passed.node node_modules/prettier/bin/prettier.cjs --check ...- passed after formatting new implementation/test artifacts.node node_modules/vitest/vitest.mjs run tests/lib/schemas/privacy-guards.test.ts tests/lib/schemas/pilot-events.test.ts- passed (19tests).node node_modules/eslint/bin/eslint.js lib/schemas/privacy-guards.ts tests/lib/schemas/privacy-guards.test.ts tests/lib/schemas/pilot-events.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/lib/pilot/event-replay-policy.test.ts- passed (4tests).node node_modules/eslint/bin/eslint.js lib/pilot/event-replay-policy.ts tests/lib/pilot/event-replay-policy.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts tests/lib/schemas/privacy-guards.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/pilot/event-replay-policy.test.ts- passed (32tests).node node_modules/prettier/bin/prettier.cjs --check docs/runbooks/offline-local-recovery.md docs/runbooks/README.md docs/security/v22-0-offline-local-threat-model.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/vitest/vitest.mjs run tests/lib/offline/pilot-draft-cleanup.test.ts tests/components/AuthProvider.test.tsx- passed (8tests).node node_modules/eslint/bin/eslint.js lib/offline/pilot-draft-cleanup.ts components/layout/AuthProvider.tsx tests/lib/offline/pilot-draft-cleanup.test.ts tests/components/AuthProvider.test.tsx- passed.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts tests/lib/schemas/privacy-guards.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/components/AuthProvider.test.tsx- passed (40tests).node node_modules/vitest/vitest.mjs run tests/lib/offline/local-recovery-audit.test.ts- passed (3tests).node node_modules/eslint/bin/eslint.js lib/offline/local-recovery-audit.ts tests/lib/offline/local-recovery-audit.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts tests/lib/schemas/privacy-guards.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/local-recovery-audit.test.ts tests/components/AuthProvider.test.tsx- passed (43tests).node node_modules/vitest/vitest.mjs run tests/lib/pilot/storage.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/lib/schemas/pilot-events.test.ts- passed (67tests).node node_modules/eslint/bin/eslint.js lib/pilot/storage.ts lib/schemas/pilot-events.ts app/api/v1/pilot/events/contact-attempt/route.ts app/api/v1/pilot/events/referral/route.ts app/api/v1/pilot/events/connection/route.ts app/api/v1/pilot/events/service-status/route.ts app/api/v1/pilot/events/data-decay-audit/route.ts app/api/v1/pilot/events/preference-fit/route.ts tests/lib/pilot/storage.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/lib/schemas/pilot-events.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts tests/lib/schemas/privacy-guards.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/pilot/storage.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/local-recovery-audit.test.ts tests/components/AuthProvider.test.tsx tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts- passed (95tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (13tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts tests/lib/schemas/privacy-guards.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/pilot/storage.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/local-recovery-audit.test.ts tests/components/AuthProvider.test.tsx tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/unit/openapi-pilot-events.test.ts- passed (108tests).node node_modules/vitest/vitest.mjs run tests/lib/pilot/responses.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts- passed (51tests).node node_modules/eslint/bin/eslint.js lib/pilot/responses.ts tests/lib/pilot/responses.test.ts app/api/v1/pilot/events/contact-attempt/route.ts app/api/v1/pilot/events/referral/route.ts app/api/v1/pilot/events/connection/route.ts app/api/v1/pilot/events/service-status/route.ts app/api/v1/pilot/events/data-decay-audit/route.ts app/api/v1/pilot/events/preference-fit/route.ts- passed.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts tests/lib/schemas/privacy-guards.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/pilot/storage.test.ts tests/lib/pilot/responses.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/local-recovery-audit.test.ts tests/components/AuthProvider.test.tsx tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/unit/openapi-pilot-events.test.ts- passed (110tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (14tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check docs/api/openapi.yaml tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node --import tsx scripts/check-references.ts- passed (143files checked).git diff --check- passed.bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/typescript/bin/tsc --noEmit- passed.node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts tests/api/pilot-metrics-recompute.test.ts- passed (21tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts tests/api/pilot-metrics-recompute.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check docs/api/openapi.yaml tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node --import tsx scripts/check-references.ts- passed (143files checked).git diff --check- passed.node node_modules/typescript/bin/tsc --noEmit- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.- Static OpenAPI route-contract check with the bundled desktop Node runtime - passed after adding full internal pilot route path coverage.
- Bundled desktop Node
prettier --check docs/api/openapi.yaml tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed. node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (26tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check docs/api/openapi.yaml tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.bash -n scripts/check-v22-threat-model.sh && bash scripts/check-v22-threat-model.sh- passed.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-threat-model.test.ts- passed (5tests).node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-threat-model.test.ts- passed.npm run check:v22-threat-model- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result after threat-model guard integration: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-threat-model.test.ts tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts tests/unit/openapi-pilot-events.test.ts- passed (40tests).node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-threat-model.test.ts package.json .github/workflows/ci.yml README.md docs/security/v22-0-offline-local-threat-model.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md docs/api/openapi.yaml tests/unit/openapi-pilot-events.test.ts- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-threat-model.test.ts tests/scripts/check-v22-gate0-exit.test.ts tests/scripts/check-v22-evidence-intake.test.ts tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).bash scripts/check-root-hygiene.sh- passed.git diff --check- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts- passed (41tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check docs/api/openapi.yaml tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/lib/pilot/storage.test.ts- passed (5tests).node node_modules/eslint/bin/eslint.js tests/lib/pilot/storage.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/lib/pilot/storage.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/unit/openapi-pilot-events.test.ts- passed (95tests).node node_modules/eslint/bin/eslint.js tests/lib/pilot/storage.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/lib/pilot/storage.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md docs/api/openapi.yaml tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/documentation-hygiene.test.ts- passed (14tests).node node_modules/eslint/bin/eslint.js tests/unit/documentation-hygiene.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check docs/implementation/v22-0-evidence/c2-retention/README.md docs/implementation/v22-0-evidence/c2-retention/C2-20260329.md tests/unit/documentation-hygiene.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/documentation-hygiene.test.ts- passed (15tests).node node_modules/eslint/bin/eslint.js tests/unit/documentation-hygiene.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check docs/implementation/v22-0-phase-0-baseline-report-2026-03-09.md tests/unit/documentation-hygiene.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formatting the maintenance log.git diff --check- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts- passed (8tests).node node_modules/eslint/bin/eslint.js tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formatting the maintenance log.node node_modules/vitest/vitest.mjs run tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (40tests).node node_modules/eslint/bin/eslint.js tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).bash scripts/check-root-hygiene.sh- passed.git diff --check- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/api/v1/pilot-integration-feasibility.test.ts- passed (7tests).node node_modules/eslint/bin/eslint.js tests/api/v1/pilot-integration-feasibility.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/api/v1/pilot-integration-feasibility.test.ts tests/api/v1/pilot-referral.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (44tests).node node_modules/eslint/bin/eslint.js tests/api/v1/pilot-integration-feasibility.test.ts tests/api/v1/pilot-referral.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/api/v1/pilot-integration-feasibility.test.ts tests/api/v1/pilot-referral.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/api/v1/pilot-referral.test.ts- passed (9tests).node node_modules/eslint/bin/eslint.js tests/api/v1/pilot-referral.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts tests/lib/schemas/pilot-events.test.ts- passed (64tests).node node_modules/eslint/bin/eslint.js tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts tests/lib/schemas/pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/api/pilot-instrumentation-routes.test.ts- passed (40tests).node node_modules/eslint/bin/eslint.js tests/api/pilot-instrumentation-routes.test.ts- passed.node node_modules/vitest/vitest.mjs run tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (114tests).node node_modules/eslint/bin/eslint.js tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/api/pilot-instrumentation-routes.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/api/pilot-metrics-recompute.test.ts- passed (7tests).node node_modules/vitest/vitest.mjs run tests/api/pilot-metrics-recompute.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/observability/pilot-metrics.test.ts tests/lib/schemas/pilot-events.test.ts- passed (71tests).node node_modules/eslint/bin/eslint.js tests/api/pilot-metrics-recompute.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/api/pilot-metrics-recompute.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/api/v1/pilot-referral.test.ts- passed (15tests).node node_modules/vitest/vitest.mjs run tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts tests/lib/pilot/responses.test.ts- passed (122tests).node node_modules/eslint/bin/eslint.js tests/api/v1/pilot-referral.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/api/v1/pilot-referral.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/unit/openapi-pilot-events.test.ts- passed (116tests).node node_modules/eslint/bin/eslint.js tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check docs/api/openapi.yaml tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/unit/openapi-pilot-events.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts tests/lib/pilot/responses.test.ts- passed (148tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (38tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (49tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (170tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (50tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (171tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (61tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (182tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (85tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (206tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (108tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (229tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts- passed (118tests).node node_modules/vitest/vitest.mjs run tests/unit/openapi-pilot-events.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/v1/pilot-referral.test.ts tests/api/v1/pilot-integration-feasibility.test.ts tests/api/pilot-metrics-recompute.test.ts tests/api/pilot-scorecard.test.ts tests/api/v1/pilot-scorecard.test.ts tests/lib/schemas/pilot-events.test.ts tests/lib/schemas/integration-feasibility.test.ts- passed (239tests).node node_modules/eslint/bin/eslint.js tests/unit/openapi-pilot-events.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/unit/openapi-pilot-events.test.ts docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/snapshot.test.ts- passed (14tests).node node_modules/vitest/vitest.mjs run tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/snapshot.test.ts tests/components/offline/OfflineSnapshotStatus.test.tsx tests/components/AuthProvider.test.tsx- passed (20tests).node node_modules/eslint/bin/eslint.js lib/offline/local-recovery-audit.ts tests/lib/offline/local-recovery-audit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/offline/local-recovery-audit.ts tests/lib/offline/local-recovery-audit.test.ts docs/runbooks/offline-local-recovery.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/snapshot.test.ts tests/components/offline/OfflineSnapshotStatus.test.tsx tests/components/AuthProvider.test.tsx- passed (24tests).node node_modules/eslint/bin/eslint.js lib/offline/local-recovery-audit.ts tests/lib/offline/local-recovery-audit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/offline/local-recovery-audit.ts tests/lib/offline/local-recovery-audit.test.ts docs/runbooks/offline-local-recovery.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed.git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.bash scripts/check-v22-gate0-exit.sh- expected blocked result: evidence intake and threat-model checks pass, then Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8.node node_modules/vitest/vitest.mjs run tests/lib/offline/local-recovery-audit.test.ts- passed (10tests).node node_modules/vitest/vitest.mjs run tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/snapshot.test.ts tests/components/offline/OfflineSnapshotStatus.test.tsx tests/components/AuthProvider.test.tsx- passed (25tests).node node_modules/eslint/bin/eslint.js lib/offline/local-recovery-audit.ts tests/lib/offline/local-recovery-audit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/offline/local-recovery-audit.ts tests/lib/offline/local-recovery-audit.test.ts docs/runbooks/offline-local-recovery.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh- passed.if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: evidence intake and threat-model checks pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts- passed (15tests).node node_modules/vitest/vitest.mjs run tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/snapshot.test.ts tests/components/offline/OfflineSnapshotStatus.test.tsx tests/components/AuthProvider.test.tsx- passed (26tests).node node_modules/eslint/bin/eslint.js lib/offline/local-recovery-audit.ts lib/offline/pilot-draft-cleanup.ts tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/offline/local-recovery-audit.ts lib/offline/pilot-draft-cleanup.ts tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts docs/runbooks/offline-local-recovery.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattingtests/lib/offline/local-recovery-audit.test.ts.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/lib/offline/feedback.test.ts- passed (10tests).node node_modules/vitest/vitest.mjs run tests/lib/offline/feedback.test.ts tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/snapshot.test.ts tests/components/offline/OfflineSnapshotStatus.test.tsx tests/components/offline/OfflineSync.test.tsx tests/components/AuthProvider.test.tsx- passed (54tests).node node_modules/eslint/bin/eslint.js lib/offline/feedback.ts tests/lib/offline/feedback.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/offline/feedback.ts tests/lib/offline/feedback.test.ts docs/runbooks/offline-local-recovery.md docs/security/v22-0-offline-local-threat-model.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattinglib/offline/feedback.tsanddocs/security/v22-0-offline-local-threat-model.md.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/lib/pilot/storage.test.ts- passed (6tests).node node_modules/vitest/vitest.mjs run tests/lib/pilot/storage.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/pilot/responses.test.ts tests/api/pilot-contact-attempt.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/v1/pilot-referral.test.ts- passed (84tests).node node_modules/eslint/bin/eslint.js lib/pilot/storage.ts tests/lib/pilot/storage.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/pilot/storage.ts tests/lib/pilot/storage.test.ts docs/runbooks/pilot-event-replay.md docs/security/v22-0-offline-local-threat-model.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattingdocs/security/v22-0-offline-local-threat-model.md.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/unit/lib/offline/sync.test.ts tests/components/offline/OfflineSync.test.tsx- passed (24tests).node node_modules/vitest/vitest.mjs run tests/unit/lib/offline/sync.test.ts tests/components/offline/OfflineSync.test.tsx tests/lib/offline/feedback.test.ts tests/lib/offline/local-recovery-audit.test.ts tests/lib/offline/pilot-draft-cleanup.test.ts tests/lib/offline/snapshot.test.ts tests/components/offline/OfflineSnapshotStatus.test.tsx tests/components/ui/OfflineBanner.test.tsx tests/components/AuthProvider.test.tsx- passed (70tests) after retrying an intermittent WSL transport failure.node node_modules/eslint/bin/eslint.js lib/offline/sync.ts components/offline/OfflineSync.tsx tests/unit/lib/offline/sync.test.ts tests/components/offline/OfflineSync.test.tsx- passed.node node_modules/prettier/bin/prettier.cjs --check lib/offline/sync.ts components/offline/OfflineSync.tsx tests/unit/lib/offline/sync.test.ts tests/components/offline/OfflineSync.test.tsx docs/runbooks/offline-local-recovery.md docs/security/v22-0-offline-local-threat-model.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattingdocs/security/v22-0-offline-local-threat-model.mdanddocs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed after retrying an intermittent WSL transport timeout.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/lib/pilot/readiness-audit.test.ts- passed (7tests).node node_modules/eslint/bin/eslint.js lib/pilot/readiness-audit.ts tests/lib/pilot/readiness-audit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/pilot/readiness-audit.ts tests/lib/pilot/readiness-audit.test.ts docs/implementation/v22-pilot-readiness/README.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node node_modules/vitest/vitest.mjs run tests/lib/pilot/readiness-audit.test.ts tests/lib/pilot/storage.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/pilot/responses.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-metrics-recompute.test.ts tests/unit/openapi-pilot-events.test.ts- passed (190tests).node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/lib/pilot/readiness-audit.test.ts- passed (8tests).node node_modules/vitest/vitest.mjs run tests/lib/pilot/readiness-audit.test.ts tests/lib/pilot/storage.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/pilot/responses.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-metrics-recompute.test.ts tests/unit/openapi-pilot-events.test.ts- passed (191tests).node node_modules/eslint/bin/eslint.js lib/pilot/readiness-audit.ts tests/lib/pilot/readiness-audit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/pilot/readiness-audit.ts tests/lib/pilot/readiness-audit.test.ts docs/implementation/v22-pilot-readiness/README.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattingtests/lib/pilot/readiness-audit.test.ts.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/lib/pilot/readiness-audit.test.ts- passed (9tests).node node_modules/vitest/vitest.mjs run tests/lib/pilot/readiness-audit.test.ts tests/lib/pilot/storage.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/pilot/responses.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-metrics-recompute.test.ts tests/unit/openapi-pilot-events.test.ts- passed (192tests).node node_modules/eslint/bin/eslint.js lib/pilot/readiness-audit.ts tests/lib/pilot/readiness-audit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/pilot/readiness-audit.ts tests/lib/pilot/readiness-audit.test.ts docs/implementation/v22-pilot-readiness/README.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/lib/pilot/readiness-audit.test.ts- passed (11tests).node node_modules/eslint/bin/eslint.js lib/pilot/readiness-audit.ts tests/lib/pilot/readiness-audit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check lib/pilot/readiness-audit.ts tests/lib/pilot/readiness-audit.test.ts docs/implementation/v22-pilot-readiness/README.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattinglib/pilot/readiness-audit.ts.node node_modules/typescript/bin/tsc --noEmit- passed.node node_modules/vitest/vitest.mjs run tests/lib/pilot/readiness-audit.test.ts tests/lib/pilot/storage.test.ts tests/lib/pilot/event-replay-policy.test.ts tests/lib/pilot/responses.test.ts tests/api/pilot-instrumentation-routes.test.ts tests/api/pilot-metrics-recompute.test.ts tests/unit/openapi-pilot-events.test.ts- passed (194tests).node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check && bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (12tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattingtests/scripts/check-v22-evidence-intake.test.ts.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check && bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (14tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattingdocs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check && bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (16tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattingtests/scripts/check-v22-evidence-intake.test.ts.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check && bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (18tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check && bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (21tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formattingdocs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check && bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (22tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (25tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts docs/implementation/v22-0-evidence/c1-partner-terms/ARTIFACT_INVENTORY_TEMPLATE.md docs/implementation/v22-0-evidence/c1-partner-terms/C1-20260428-artifact-inventory.md docs/implementation/v22-0-evidence/c1-partner-terms/README.md docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed after formatting the C1 prep inventory scaffold.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (27tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed after retrying a transient WSL transport failure.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/prettier/bin/prettier.cjs --check docs/implementation/v22-0-evidence/c1-partner-terms/SUBMISSION_TEMPLATE.md docs/implementation/v22-0-evidence/c1-partner-terms/README.md docs/implementation/v22-0-evidence/d4-partner-ops/SUBMISSION_TEMPLATE.md docs/implementation/v22-0-evidence/d4-partner-ops/README.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.node node_modules/vitest/vitest.mjs run tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed (29tests).bash -n scripts/check-v22-evidence-intake.sh && bash -n scripts/check-v22-gate0-exit.sh && bash -n scripts/check-v22-threat-model.sh- passed.node node_modules/eslint/bin/eslint.js tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts- passed.node node_modules/prettier/bin/prettier.cjs --check tests/scripts/check-v22-evidence-intake.test.ts tests/scripts/check-v22-gate0-exit.test.ts docs/implementation/v22-0-evidence/d4-partner-ops/ARTIFACT_INVENTORY_TEMPLATE.md docs/implementation/v22-0-evidence/d4-partner-ops/D4-20260428-artifact-inventory.md docs/implementation/v22-0-evidence/d4-partner-ops/README.md docs/implementation/v22-0-evidence/d4-partner-ops/SUBMISSION_TEMPLATE.md docs/implementation/v22-0-gate-0-evidence-intake-pack.md docs/implementation/v22-0-gate-0-evidence-sync-runbook.md docs/implementation/archive/2026-06-13-v22-0-autonomous-gate0-maintenance.md docs/implementation/v22-0-worktree-checkpoint-2026-06-13.md- passed after formatting the D4 prep inventory scaffold, sync runbook, script tests, and maintenance ledger.node node_modules/typescript/bin/tsc --noEmit- passed.node --import tsx scripts/check-references.ts- passed (144files checked).git diff --check- passed.bash scripts/check-root-hygiene.sh- passed.bash scripts/check-v22-threat-model.sh && bash scripts/check-v22-evidence-intake.sh && if bash scripts/check-v22-gate0-exit.sh; then echo GATE0_EXIT_ZERO; else echo GATE0_EXIT_NONZERO; fi- expected blocked result: consistency guards pass, Gate 0 remainsNO-GOwith blocking checksG0-3,G0-8, and the guard exits nonzero.
The desktop shell did not expose npm on WSL PATH, so validation used an available Linux Node runtime directly with repo-local node_modules. WSL later became intermittently unavailable with Wsl/Service/E_UNEXPECTED, so the final path-coverage-only OpenAPI assertion was also checked with the bundled desktop Node runtime.
Remaining Work
- Obtain and attach real C1 partner legal/API terms before any C1 closure attempt.
- Obtain and attach real D4 named partner, outreach owner, and dated execution evidence before any D4 closure attempt.
- Run
npm run check:v22-evidenceandnpm run check:v22-gate0after any evidence sync.