← All receipts

Kontour Flow Agents — delivery workflow

Flow Agents delivery bundle

The trust.bundle a Flow Agents delivery run emits as its own receipt: every workflow check (build, source-tree validation, verification) recorded as a claim with its evidence and status.

32 verified 1 assumed 1 superseded
Download raw .bundle schemaVersion 5 · 34 claims · 19 evidence

Provenance

Committed by the Flow Agents delivery pipeline and tracked in-repo since PR #269; this copy is taken verbatim from origin/main at the pinned commit.

Repository
kontourai/flow-agents
Source path
delivery/trust.bundle
Pinned commit
fe41e3cfbf465a2e186af39d235c7b746b3aee05
Bundle source
flow-agents/workflow-sidecar;statusFunctionVersion=2

Claims

What was gated, and how it landed

Each row is a claim the pipeline recorded — its type, the facet it belongs to, the field or behavior it covers, its recorded value, and the trust status the kernel derived. Read straight from the downloadable artifact.

Status Subject / field Type · facet Value
verified kontourai-flow-agents-290/build-compile-summary NON-command-backed summary (ADR 0020 rule: bare `npm run build --silent` is not itself a manifest entry, so it is not recorded as command-backed test_output; it is subsumed by the manifest-matched `so… workflow.check.runtime flow-agents.workflow pass
verified kontourai-flow-agents-290/source-tree-validation Manifest-matched (source-tree-validation). `npm run validate:source --` exits 0; this script's own package.json definition runs `npm run build --silent` first, so a clean run also confirms the CLI mod… workflow.check.command flow-agents.workflow pass
verified kontourai-flow-agents-290/context-map-drift Manifest-matched (context-map-drift). `npm run context-map -- --check` exits 0 with 'docs/context-map.md is current.' -- confirms AC10's context-map regeneration is committed and non-drifted. workflow.check.command flow-agents.workflow pass
verified kontourai-flow-agents-290/static-eval-suite Manifest-matched (static-eval-suite). Full static suite exits 0, no failures (35/35 TS unit tests pass; all other static assertion blocks pass). Runs `npm run build` as a prerequisite, so a clean run… workflow.check.test flow-agents.workflow pass
verified kontourai-flow-agents-290/assignment-provider-local-file-integration Manifest-matched (assignment-provider-local-file-integration). Re-verify iteration-1: all 34/34 assertions pass (up from 30 pre-fix), including three NEW genuine OS-process concurrency-race assertions… workflow.check.test flow-agents.workflow pass
verified kontourai-flow-agents-290/assignment-provider-github-integration Manifest-matched (assignment-provider-github-integration). Re-verify iteration-1: all 45/45 assertions pass (up from 42 pre-fix), including NEW F2 (hostile branch/artifact_dir/actor.human payload with… workflow.check.test flow-agents.workflow pass
verified kontourai-flow-agents-290/pull-work-assignment-join-integration Manifest-matched (pull-work-assignment-join-integration). Re-verify iteration-1: unaffected by F1-F5, still 10/10 assertions pass. Two-actor simulation: subject is free before either session claims; s… workflow.check.test flow-agents.workflow pass
verified kontourai-flow-agents-290/pull-work-liveness-preflight-integration Manifest-matched (pull-work-liveness-preflight-integration). Re-verify iteration-1: 68/68 assertions pass (up from 65 pre-fix), including NEW F5 wording-correction assertions: pull-work now scopes tru… workflow.check.test flow-agents.workflow pass
verified kontourai-flow-agents-290/pull-work-provider-integration Manifest-matched (pull-work-provider-integration). Re-verify iteration-1: unaffected by F1-F5, still 69/69 assertions pass -- regression check confirming this issue's changes to pull-work/SKILL.md and… workflow.check.test flow-agents.workflow pass
verified kontourai-flow-agents-290/gh-process-absence-source-scan SESSION-LOCAL (no command; not a manifest entry). Independent source-tree grep, re-run this session: `execFileSync|spawnSync|spawn\(|exec\(` naming `gh` anywhere under src/ -> zero hits outside a sing… workflow.check.security flow-agents.workflow pass
verified kontourai-flow-agents-290/trust-reconcile-manifest-parity SESSION-LOCAL (kind=policy is non-reconcilable regardless of command presence per ADR 0020's classification table; deliberately recorded without a `command` field since the exact command run this sess… workflow.check.policy flow-agents.workflow pass
verified kontourai-flow-agents-290/concurrency-race-independent-reproduction SESSION-LOCAL (no command; independent of the checked-in eval's own single-iteration race assertion). Re-ran the EXACT 40-iteration concurrent OS-process race script (race40.sh) originally used to rep… workflow.check.security flow-agents.workflow pass
verified kontourai-flow-agents-290/f2-hostile-payload-independent-reproduction SESSION-LOCAL (no command; independent of the checked-in eval's own hostile fixture). Built a DISTINCT hostile fixture from the eval's own (different marker text, different control bytes: CR + BEL + a… workflow.check.security flow-agents.workflow pass
verified kontourai-flow-agents-290/ac1-contract-doc-review Re-verify iteration-1: re-read context/contracts/assignment-provider-contract.md; unchanged in substance from the prior verification pass other than F4's additive argv-array-execution note. Cross-chec… workflow.check.diff flow-agents.workflow pass
verified kontourai-flow-agents-290/ac2-settings-schema-independent-validation Re-verify iteration-1: schemas/assignment-provider-settings.schema.json is unchanged by the F1-F5 fix set (confirmed via diff-scope: the fix touches only src/cli/assignment-provider.ts, kits/builder/s… workflow.check.diff flow-agents.workflow pass
verified kontourai-flow-agents-290/ac8-pull-work-skill-wiring-review Re-read the diff of kits/builder/skills/pull-work/SKILL.md's F4/F5 changes: an explicit argv-array (never shell-string interpolation) execution note added to the Assignment Claim On Selection section… workflow.check.diff flow-agents.workflow pass
verified kontourai-flow-agents-290/ac10-docs-and-context-map-review docs/context-map.md drift-checked clean via the command-backed context-map-drift check above. docs/workflow-usage-guide.md's 'Assignment ownership: the third provider leg' subsection re-read, unchange… workflow.check.diff flow-agents.workflow pass
verified kontourai-flow-agents-290/goal-fit User outcome now fully met: a selected GitHub issue carries a durable, human-visible ownership record; the same operations work against a local-file record for tracker-less repos/evals with GENUINE mu… workflow.check.policy flow-agents.workflow pass
assumed kontourai-flow-agents-290/pre-existing-unrelated-eval-failures ACCEPTED GAP, waived. This check's underlying record-evidence call carried this check's waiver via the PER-CHECK `_waiver` JSON payload (ADR 0020 rule: a waiver cannot ride the global --accepted-gap-r… workflow.check.runtime flow-agents.workflow skip
verified kontourai-flow-agents-290/ac1-contract-doc-covers-adr-0021-sections-context-contracts-assignment-provider-contract-md AC1 `contract-doc-covers-adr-0021-sections`: `context/contracts/assignment-provider-contract.md` workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac2-settings-schema-validates-schemas-assignment-provider-settings-schema-json AC2 `settings-schema-validates`: `schemas/assignment-provider-settings.schema.json` workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac3-github-render-emits-versioned-comment-assignment-provider-render-claim-provider AC3 `github-render-emits-versioned-comment`: `assignment-provider render-claim --provider workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac4-github-status-parses-existing-claim-assignment-provider-status-provider-github AC4 `github-status-parses-existing-claim`: `assignment-provider status --provider github` workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac5-local-file-round-trip-assignment-provider-claim-status-supersede-release-provider AC5 `local-file-round-trip`: `assignment-provider claim|status|supersede|release --provider workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac6-list-returns-actor-claims-assignment-provider-list-actor-actor-both-provider AC6 `list-returns-actor-claims`: `assignment-provider list --actor <actor>` (both provider workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac7-concurrent-claim-fails-loud-or-reports-holder-a-second-claim-on-an-already-claimed AC7 `concurrent-claim-fails-loud-or-reports-holder`: a second `claim` on an already-claimed workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac8-pull-work-wires-durable-claim-at-selection-pull-work-skill-md-s-selection-step AC8 `pull-work-wires-durable-claim-at-selection`: `pull-work/SKILL.md`'s selection step workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac9-no-live-gh-process-in-evals-none-of-this-issue-s-new-eval-scripts-invoke-a-live-or AC9 `no-live-gh-process-in-evals`: none of this issue's new eval scripts invoke a live or workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac10-docs-and-context-map-updated-docs-context-map-md-lists-the-new-schema-via AC10 `docs-and-context-map-updated`: `docs/context-map.md` lists the new schema (via workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac11-human-assignee-policy-knob-present-and-respected-the-settings-schema-s AC11 `human-assignee-policy-knob-present-and-respected`: the settings schema's workflow.acceptance.criterion flow-agents.workflow pass
verified kontourai-flow-agents-290/ac12-disjoint-selection-simulated-a-two-actor-join-simulation-proves-that-once-actor-a-s AC12 `disjoint-selection-simulated`: a two-actor join simulation proves that once actor A's workflow.acceptance.criterion flow-agents.workflow pass
superseded kontourai-flow-agents-290/code-review-290-iteration-1 26 files reviewed (12 modified, 14 new). Abstraction, GitHub render/parse path, join logic, and pull-work wiring are solid and well-tested, but the local-file claim path has a reproducible TOCTOU race… workflow.critique.review flow-agents.workflow fail
verified kontourai-flow-agents-290/code-review-290-iteration-1-recheck Focused re-review of the iteration-1 fix for all 5 prior findings. Delta reviewed: src/cli/assignment-provider.ts (withSubjectLock/sanitizeDisplayField/computeEffectiveState's nowMs threading), kits/b… workflow.critique.review flow-agents.workflow pass
verified kontourai-flow-agents-290/code-review-290-iteration-1 SUPERSEDES the original CHANGES_REQUESTED review (same critique id, same reviewer, per #344's reviewer-scoped critique supersession). All 5 findings (1 CRITICAL, 1 HIGH, 2 MEDIUM, 1 LOW) independently… workflow.critique.review flow-agents.workflow pass

Evidence

What supports the claims

Open questions

Gaps this receipt does not hide

Verify it yourself

Recompute this exact file

Download the raw .bundle above, then run it through the named validator — validateTrustBundle from @kontourai/surface. The CLI wraps it and exits non-zero if the artifact is not a well-formed trust.bundle.

validate this receipt
$ npx @kontourai/[email protected] report \
--input flow-agents-delivery.trust.bundle --format summary
# exit 0 prints the trust summary; a broken file exits 1

Prefer the library directly? The CLI just calls it:

node — the named validator
import { validateTrustBundle } from "@kontourai/surface";
import { readFileSync } from "node:fs";
validateTrustBundle(JSON.parse(readFileSync("flow-agents-delivery.trust.bundle", "utf8")));
# throws if the bundle is invalid; returns the parsed bundle otherwise