Skip to content

Executable zone-gate engine (CHK-01..CHK-10) + gate policies#19

Closed
mdheller wants to merge 1 commit into
mainfrom
feature/exodus-zone-gate-engine
Closed

Executable zone-gate engine (CHK-01..CHK-10) + gate policies#19
mdheller wants to merge 1 commit into
mainfrom
feature/exodus-zone-gate-engine

Conversation

@mdheller

Copy link
Copy Markdown
Member

The Phase-0 Metadata Standards schema pack is committed, but §7's WNZL Dirt-to-Diamond promotion gates were schema-only: policy-gate.json referenced CHK-01..CHK-10, yet there were zero policy instances and no enforcement. This makes the gates executable and fail-closed.

What

  • scripts/exodus_gate.pyevaluate_gate(artifact, policy, ctx) runs a policy's required fields + checks and returns a GateDecision plus the CustodyEvent to write:
    • ZonePromotion when admitted, PolicyException when blocked;
    • custody_status = IntegrityViolation whenever CHK-01 fails (recomputed BLAKE3 ≠ stored) — and fail-closed if bytes weren't recomputed at all;
    • auto_promote only when checks pass and no human/legal review is outstanding (Governed/Diamond never auto-promote).
  • examples/gate-policies/ — the first concrete gate policies (all validate against schemas/policy-gate.json):
    • GATE-Landing-Examination-v1 (CHK-01/03/09/10 + CHK-08 non-blocking flag)
    • GATE-Examination-Integration-v1 — the adversarial-evidence gate: CHK-04 counter-explanations + CHK-05 null hypothesis at E3+
    • GATE-Integration-Governed-v1 (CHK-06/07 + human + legal review)
  • scripts/test_exodus_gate.py — dependency-free CHK matrix (each check pass/fail, integrity-violation custody status, non-blocking duplicate flag, review-gated Governed promotion). Wired into CI.
  • docs/zone-gate-enforcement.md — check semantics + traceability.

Verification

python3 scripts/test_exodus_gate.py passes; CLI smoke works; the existing validate_phase0_schemas.py still passes; all 3 policies validate against the JSON-Schema.

Still open (unchanged)

TriTRPC BEACON_COMMIT sealing of CustodyEvents, HellGraph atom signing, the working ForensicBundle export command, account-registry population, BSM ingest. The engine emits the CustodyEvent shape; cryptographic sealing is the next dependency.

🤖 Generated with Claude Code

Metadata Standards §7 defined the WNZL promotion gates as a schema with zero
policy instances and no enforcement. This makes them executable, fail-closed:

- scripts/exodus_gate.py: evaluate_gate() runs a policy's required fields +
  checks and returns a GateDecision + the CustodyEvent to write (ZonePromotion
  vs PolicyException; custody_status=IntegrityViolation when CHK-01 fails;
  auto_promote false whenever human/legal review is outstanding).
- examples/gate-policies/: first concrete policies — Landing→Examination,
  Examination→Integration (the adversarial-evidence gate: counter-explanations
  CHK-04 + null hypothesis CHK-05 at E3+), Integration→Governed (CHK-06/07 +
  human+legal review). All validate against schemas/policy-gate.json.
- scripts/test_exodus_gate.py: dependency-free CHK matrix; wired into CI.
- docs/zone-gate-enforcement.md: check semantics + what remains
  (TriTRPC BEACON_COMMIT sealing, atom signing, ForensicBundle export command).
@mdheller

mdheller commented Jul 5, 2026

Copy link
Copy Markdown
Member Author

Closed as superseded (keeper review, 2026-07-05). This branch's content landed on main via #22 (703001d0) — verified by blob-SHA comparison: all 7 files on feature/exodus-zone-gate-engine are byte-identical to main. Merging would be a no-op. Branch left intact.

@mdheller mdheller closed this Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant