feat: Boundary Calculus evidence envelope integration

Makefile

@@ -1,6 +1,6 @@
-.PHONY: validate test validate-agent-cycle-health validate-authority-dependency-evidence validate-prometheus-sr validate-reasoning-failure-traces validate-governance-context validate-lattice-data-governai-execution-refs validate-lattice-runtime-profile-refs validate-network-native-assistant-evidence validate-guardrail-evidence-artifacts validate-stop-gate-evaluator validate-guarded-workcell-artifact validate-guarded-workcell-executor validate-guarded-invocation-artifact validate-guarded-invocation validate-agentic-pr-work-order validate-semantic-enterprise-agent-boundary validate-ops-history-contracts validate-action-contracts validate-agent-operation-contract validate-superconscious-reasoning-import validate-agent-harness-runtime-contracts validate-bounded-action-loop agentplane-evidence-receipt-composition-tier2-binding-ci lawful-learning-phase9-contract-ci validate-evidence-receipt-binding validate-semantic-activation-receipt validate-governed-run-contract validate-preflight-receipt validate-attempt-admission-receipt validate-verification-execution-receipt validate-synthetic-verification-receipt validate-governed-runner-v0-2-contract-chain validate-budget-settlement-receipt validate-rollback-receipts validate-run-dossier validate-governed-runner-readonly validate-workroom-context-evidence validate-wallguard-collaboration-admission validate-prophet-mesh-agentplane-adapter
+.PHONY: validate test validate-agent-cycle-health validate-authority-dependency-evidence validate-prometheus-sr validate-reasoning-failure-traces validate-governance-context validate-lattice-data-governai-execution-refs validate-lattice-runtime-profile-refs validate-network-native-assistant-evidence validate-guardrail-evidence-artifacts validate-stop-gate-evaluator validate-guarded-workcell-artifact validate-guarded-workcell-executor validate-guarded-invocation-artifact validate-guarded-invocation validate-agentic-pr-work-order validate-semantic-enterprise-agent-boundary validate-ops-history-contracts validate-action-contracts validate-agent-operation-contract validate-superconscious-reasoning-import validate-agent-harness-runtime-contracts validate-bounded-action-loop agentplane-evidence-receipt-composition-tier2-binding-ci lawful-learning-phase9-contract-ci validate-evidence-receipt-binding validate-semantic-activation-receipt validate-governed-run-contract validate-preflight-receipt validate-attempt-admission-receipt validate-verification-execution-receipt validate-synthetic-verification-receipt validate-governed-runner-v0-2-contract-chain validate-budget-settlement-receipt validate-rollback-receipts validate-run-dossier validate-governed-runner-readonly validate-workroom-context-evidence validate-wallguard-collaboration-admission validate-prophet-mesh-agentplane-adapter validate-boundary-calculus-evidence
 
-validate: validate-agent-cycle-health validate-authority-dependency-evidence validate-prometheus-sr validate-reasoning-failure-traces validate-governance-context validate-lattice-data-governai-execution-refs validate-lattice-runtime-profile-refs validate-network-native-assistant-evidence validate-guardrail-evidence-artifacts validate-stop-gate-evaluator validate-guarded-workcell-artifact validate-guarded-workcell-executor validate-guarded-invocation-artifact validate-guarded-invocation validate-agentic-pr-work-order validate-semantic-enterprise-agent-boundary validate-ops-history-contracts validate-action-contracts validate-agent-operation-contract validate-superconscious-reasoning-import validate-agent-harness-runtime-contracts validate-bounded-action-loop agentplane-evidence-receipt-composition-tier2-binding-ci lawful-learning-phase9-contract-ci validate-evidence-receipt-binding validate-semantic-activation-receipt validate-governed-run-contract validate-preflight-receipt validate-attempt-admission-receipt validate-verification-execution-receipt validate-synthetic-verification-receipt validate-governed-runner-v0-2-contract-chain validate-budget-settlement-receipt validate-rollback-receipts validate-run-dossier validate-governed-runner-readonly validate-workroom-context-evidence validate-wallguard-collaboration-admission validate-prophet-mesh-agentplane-adapter
+validate: validate-agent-cycle-health validate-authority-dependency-evidence validate-prometheus-sr validate-reasoning-failure-traces validate-governance-context validate-lattice-data-governai-execution-refs validate-lattice-runtime-profile-refs validate-network-native-assistant-evidence validate-guardrail-evidence-artifacts validate-stop-gate-evaluator validate-guarded-workcell-artifact validate-guarded-workcell-executor validate-guarded-invocation-artifact validate-guarded-invocation validate-agentic-pr-work-order validate-semantic-enterprise-agent-boundary validate-ops-history-contracts validate-action-contracts validate-agent-operation-contract validate-superconscious-reasoning-import validate-agent-harness-runtime-contracts validate-bounded-action-loop agentplane-evidence-receipt-composition-tier2-binding-ci lawful-learning-phase9-contract-ci validate-evidence-receipt-binding validate-semantic-activation-receipt validate-governed-run-contract validate-preflight-receipt validate-attempt-admission-receipt validate-verification-execution-receipt validate-synthetic-verification-receipt validate-governed-runner-v0-2-contract-chain validate-budget-settlement-receipt validate-rollback-receipts validate-run-dossier validate-governed-runner-readonly validate-workroom-context-evidence validate-wallguard-collaboration-admission validate-prophet-mesh-agentplane-adapter validate-boundary-calculus-evidence
 	python3 tools/validate_execution_timing.py
 
 validate-governance-context:
@@ -248,6 +248,9 @@ validate-prophet-mesh-agentplane-adapter:
 	python3 -m json.tool contracts/prophet-mesh/prophet-mesh-agentplane-adapter.v0.1.json >/dev/null
 	python3 tools/validate_prophet_mesh_agentplane_adapter.py
 
+validate-boundary-calculus-evidence:
+	python3 tools/validate_boundary_calculus_evidence.py
+
 validate-agent-cycle-health:
 	python3 tools/validate_agent_cycle_health.py
 

docs/integrations/boundary-calculus-evidence-envelope.md

@@ -0,0 +1,78 @@
+# Boundary Calculus Evidence Envelope Integration
+
+AgentPlane emits a `BoundaryCalculusEvidenceEnvelope` when an agent uses the Boundary Calculus claim discipline. SocioSphere owns the standard and the promotion/demotion controller.
+
+## Boundary
+
+- AgentPlane: emits evidence envelopes, enforces policy gates, provides replay artifacts.
+- SocioSphere: owns the Boundary Calculus standard, controls claim promotion/demotion.
+- AgentPlane does not promote or demote claims unilaterally.
+
+## Envelope fields
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `claim_id` | Yes | Stable identifier for this claim instance |
+| `claim_status` | Yes | `observation` / `hypothesis` / `supported` / `confirmed` / `falsified` / `metaphor` / `load_bearing_assertion` |
+| `local_model` | Yes | Model or agent producing the claim |
+| `boundary_or_interface` | Yes | The boundary or interface at which the claim is evaluated |
+| `load_bearing` | No | Whether the claim is load-bearing in a downstream decision or security gate |
+| `non_claims` | Yes | Explicit list of what this envelope does NOT assert (minItems 1) |
+| `evidence_refs` | Yes | References to supporting evidence (minItems 1) |
+| `promotion_gate` | Yes | Gate required before promotion: `none_required` / `peer_review` / `sociosphere_controller` / `policy_fabric_evaluation` / `agentplane_replay_verification` |
+| `policy_result` | Yes | `allow` / `allow_with_warning` / `block` / `escalate` / `pending_review` |
+| `security_escalation_ref` | Conditional | Required when `policy_result=escalate` |
+| `attribution_source` | No | Attribution claim source; if present, requires `attribution_discriminating_evidence_refs` |
+
+## Policy hooks
+
+The validator warns or blocks when:
+
+- `claim_status=metaphor` and `load_bearing=true` — metaphors must not be load-bearing.
+- `claim_status` is `confirmed` or `load_bearing_assertion` and `promotion_gate=none_required` — strong claims require a gate.
+- `policy_result=escalate` without a `security_escalation_ref` — security escalations must reference their escalation record.
+- `attribution_source` is present without `attribution_discriminating_evidence_refs` — attribution without discriminating evidence is not valid.
+
+## Schema location
+
+`schemas/boundary-calculus-evidence-envelope.schema.v0.1.json`
+
+## Validation
+
+```
+make validate-boundary-calculus-evidence
+```
+
+## Example: supported claim
+
+```json
+{
+  "kind": "BoundaryCalculusEvidenceEnvelope",
+  "claim_status": "supported",
+  "promotion_gate": "peer_review",
+  "policy_result": "allow",
+  "non_claims": ["This envelope does not authorize deployment."],
+  "evidence_refs": ["evidence://agentplane/run/.../policy-gate-trace"]
+}
+```
+
+## Example: security escalation
+
+When a hypothesis at a security boundary triggers escalation:
+
+```json
+{
+  "claim_status": "hypothesis",
+  "load_bearing": true,
+  "promotion_gate": "policy_fabric_evaluation",
+  "policy_result": "escalate",
+  "security_escalation_ref": "escalation://security/agentplane/..."
+}
+```
+
+## Non-claims
+
+This document does not:
+- Define the Boundary Calculus standard (SocioSphere owns this).
+- Grant AgentPlane authority to promote or demote claims.
+- Certify that claim evidence is complete or sufficient for downstream use.

schemas/boundary-calculus-evidence-envelope.schema.v0.1.json

@@ -0,0 +1,107 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://socioprophet.io/schemas/agentplane/boundary-calculus-evidence-envelope/v0.1",
+  "title": "BoundaryCalculusEvidenceEnvelope",
+  "description": "AgentPlane evidence envelope emitted when agents use the Boundary Calculus claim discipline. AgentPlane emits evidence; SocioSphere owns the standard and promotion/demotion controller.",
+  "type": "object",
+  "required": [
+    "kind",
+    "envelope_id",
+    "run_ref",
+    "claim_id",
+    "claim_status",
+    "local_model",
+    "boundary_or_interface",
+    "non_claims",
+    "evidence_refs",
+    "promotion_gate",
+    "policy_result",
+    "captured_at"
+  ],
+  "additionalProperties": false,
+  "properties": {
+    "kind": { "type": "string", "const": "BoundaryCalculusEvidenceEnvelope" },
+    "envelope_id": { "type": "string", "minLength": 1 },
+    "run_ref": {
+      "type": "string",
+      "description": "AgentPlane run artifact reference that emitted this envelope"
+    },
+    "claim_id": { "type": "string", "minLength": 1 },
+    "claim_status": {
+      "type": "string",
+      "enum": [
+        "observation",
+        "hypothesis",
+        "supported",
+        "confirmed",
+        "falsified",
+        "metaphor",
+        "load_bearing_assertion"
+      ]
+    },
+    "local_model": {
+      "type": "string",
+      "description": "The model or agent producing the claim"
+    },
+    "boundary_or_interface": {
+      "type": "string",
+      "description": "The boundary or interface at which the claim is being evaluated"
+    },
+    "load_bearing": {
+      "type": "boolean",
+      "description": "Whether the claim is load-bearing in a downstream decision or security gate"
+    },
+    "non_claims": {
+      "type": "array",
+      "items": { "type": "string" },
+      "minItems": 1,
+      "description": "Explicit list of what this envelope does NOT assert"
+    },
+    "evidence_refs": {
+      "type": "array",
+      "items": { "type": "string" },
+      "minItems": 1,
+      "description": "References to supporting evidence for this claim"
+    },
+    "promotion_gate": {
+      "type": "string",
+      "description": "Reference to the gate that must approve promotion to a stronger claim status",
+      "enum": [
+        "none_required",
+        "peer_review",
+        "sociosphere_controller",
+        "policy_fabric_evaluation",
+        "agentplane_replay_verification"
+      ]
+    },
+    "policy_result": {
+      "type": "string",
+      "enum": ["allow", "allow_with_warning", "block", "escalate", "pending_review"]
+    },
+    "security_escalation_ref": {
+      "type": "string",
+      "description": "Reference to security escalation record, required when policy_result=escalate"
+    },
+    "attribution_source": {
+      "type": "string",
+      "description": "Source of attribution claim, if any"
+    },
+    "attribution_discriminating_evidence_refs": {
+      "type": "array",
+      "items": { "type": "string" },
+      "description": "Evidence refs that discriminate this attribution from alternatives"
+    },
+    "captured_at": { "type": "string", "format": "date-time" }
+  },
+  "if": {
+    "properties": {
+      "claim_status": { "const": "metaphor" }
+    }
+  },
+  "then": {
+    "properties": {
+      "load_bearing": { "const": false }
+    },
+    "required": ["load_bearing"]
+  }
+}

tests/fixtures/boundary-calculus/escalation-claim.valid.json

@@ -0,0 +1,23 @@
+{
+  "kind": "BoundaryCalculusEvidenceEnvelope",
+  "envelope_id": "bcee_security_escalation_001",
+  "run_ref": "agentplane://run/boundary-calculus/run_20260611_002",
+  "claim_id": "claim://boundary-calculus/security-boundary-breach-001",
+  "claim_status": "hypothesis",
+  "local_model": "claude-sonnet-4-6",
+  "boundary_or_interface": "Security.CapabilityBoundary.DataAccess",
+  "load_bearing": true,
+  "non_claims": [
+    "This envelope does not confirm a breach has occurred.",
+    "This envelope does not authorize incident response actions.",
+    "This envelope does not replace a formal security review."
+  ],
+  "evidence_refs": [
+    "evidence://agentplane/run/boundary-calculus/run_20260611_002/anomaly-signal",
+    "evidence://agentplane/run/boundary-calculus/run_20260611_002/capability-trace"
+  ],
+  "promotion_gate": "policy_fabric_evaluation",
+  "policy_result": "escalate",
+  "security_escalation_ref": "escalation://security/agentplane/boundary-calculus/esc_20260611_001",
+  "captured_at": "2026-06-11T11:00:00Z"
+}

tests/fixtures/boundary-calculus/reject_metaphor-load-bearing.json

@@ -0,0 +1,20 @@
+{
+  "_reject_reason": "claim_status=metaphor but load_bearing=true — schema enforces load_bearing must be false for metaphor claims",
+  "kind": "BoundaryCalculusEvidenceEnvelope",
+  "envelope_id": "bcee_reject_metaphor_001",
+  "run_ref": "agentplane://run/boundary-calculus/run_reject_001",
+  "claim_id": "claim://boundary-calculus/reject-metaphor-001",
+  "claim_status": "metaphor",
+  "local_model": "claude-sonnet-4-6",
+  "boundary_or_interface": "API.Authorization.PolicyGate",
+  "load_bearing": true,
+  "non_claims": [
+    "This is a reject fixture."
+  ],
+  "evidence_refs": [
+    "evidence://agentplane/run/boundary-calculus/run_reject_001/trace"
+  ],
+  "promotion_gate": "none_required",
+  "policy_result": "allow",
+  "captured_at": "2026-06-11T10:30:00Z"
+}

tests/fixtures/boundary-calculus/reject_promoted-without-gate.json

@@ -0,0 +1,19 @@
+{
+  "_reject_reason": "claim_status=confirmed but promotion_gate=none_required — validator must reject promotion without a gate for confirmed claims",
+  "kind": "BoundaryCalculusEvidenceEnvelope",
+  "envelope_id": "bcee_reject_no_gate_001",
+  "run_ref": "agentplane://run/boundary-calculus/run_reject_002",
+  "claim_id": "claim://boundary-calculus/reject-no-gate-001",
+  "claim_status": "confirmed",
+  "local_model": "claude-sonnet-4-6",
+  "boundary_or_interface": "API.Authorization.PolicyGate",
+  "non_claims": [
+    "This is a reject fixture."
+  ],
+  "evidence_refs": [
+    "evidence://agentplane/run/boundary-calculus/run_reject_002/trace"
+  ],
+  "promotion_gate": "none_required",
+  "policy_result": "allow",
+  "captured_at": "2026-06-11T10:45:00Z"
+}

tests/fixtures/boundary-calculus/supported-claim.valid.json

@@ -0,0 +1,22 @@
+{
+  "kind": "BoundaryCalculusEvidenceEnvelope",
+  "envelope_id": "bcee_supported_claim_001",
+  "run_ref": "agentplane://run/boundary-calculus/run_20260611_001",
+  "claim_id": "claim://boundary-calculus/auth-bypass-absent-001",
+  "claim_status": "supported",
+  "local_model": "claude-sonnet-4-6",
+  "boundary_or_interface": "API.Authorization.PolicyGate",
+  "load_bearing": false,
+  "non_claims": [
+    "This envelope does not assert that the boundary is secure against all attack vectors.",
+    "This envelope does not certify that upstream policy gates are correctly configured.",
+    "This envelope does not authorize deployment."
+  ],
+  "evidence_refs": [
+    "evidence://agentplane/run/boundary-calculus/run_20260611_001/policy-gate-trace",
+    "evidence://agentplane/run/boundary-calculus/run_20260611_001/test-harness-output"
+  ],
+  "promotion_gate": "peer_review",
+  "policy_result": "allow",
+  "captured_at": "2026-06-11T10:00:00Z"
+}