Incomex AI Portal
KB-6477

commands.sh

4 min read Revision 1

#!/usr/bin/env bash

TKT Base Pack — gate runner (the pack is itself a TKT packet).

NON_AUTHORITY: emits exit codes + logs only. No seal, no registry/PG/Directus

write, no production action.

set -uo pipefail cd "$(dirname "$0")"

PACKET="tkt-base-structural-evidence-governance-pack-2026-06-11" OUT="./evidence" mkdir -p "$OUT/logs"

names=(); exps=(); acts=() run_gate () { local name="$1" exp="$2"; shift 2 "$@" >"$OUT/logs/$name.log" 2>&1; local act=$? names+=("$name"); exps+=("$exp"); acts+=("$act") printf '%-24s expected=%s actual=%s\n' "$name" "$exp" "$act" }

G0 — L0 manifest: tree pin + forward (present + hash) over every listed file.

run_gate G0_manifest 0 bash -c ' test "$(shasum -a 256 HASH_MANIFEST.txt | awk "{print $1}")" = "$(cat packet_tree.sha256)" && shasum -a 256 -c HASH_MANIFEST.txt'

G1 — L2 harness: 10/10 fail-closed probes + 4/4 controls, any_fail_open=false.

run_gate G1_harness 0 python3 harness/tkt_base_harness.py

G2 — required pack files present (the L0 "no missing load-bearing file" check).

run_gate G2_required_files 0 bash -c ' req="README_FOR_OPERATOR_AND_AGENTS.md TKT_BASE_SCOPE_AND_LIMITS.md
TKT_OUTPUT_LEVEL_POLICY.md TKT_BASE_PACKET_TEMPLATE.md
packet_template/README_FOR_REVIEWER.md packet_template/commands.sh
packet_template/RERUN.sh packet_template/exit_codes.json
packet_template/HASH_MANIFEST.txt.example packet_template/packet_tree.sha256.example
packet_template/manifest.json.example
checkers/manifest_file_presence_policy.md checkers/packet_tree_policy.md
checkers/report_vs_file_audit_policy.md checkers/fail_closed_probe_policy.md
checkers/authority_firewall_policy.md checkers/object_id_collision_policy.md
checkers/nvsz_no_vector_evidence_policy.md
examples/v02-review-packet-example.md examples/nvsz-dryrun-example.md
examples/fix7-n6-example.md
limitations/TEXT_AS_CODE_SEMANTIC_DEFERRED.md
limitations/IU_INPUT_REQUIREMENTS_FOR_LEVEL_4_5_6.md
harness/tkt_base_harness.py manifest.json" for f in $req; do [ -f "$f" ] || { echo "MISSING:$f"; exit 1; }; done; echo OK'

G3 — overclaim guard present: output policy must name the three forbidden tokens.

run_gate G3_overclaim_guard 0 bash -c ' for t in IU_TRACEABILITY_PASS SEMANTIC_TEXT_AS_CODE_PASS RELEASE_BUNDLE_PASS; do grep -q "$t" TKT_OUTPUT_LEVEL_POLICY.md || { echo "policy missing $t"; exit 1; } grep -q "$t" limitations/TEXT_AS_CODE_SEMANTIC_DEFERRED.md || { echo "limit missing $t"; exit 1; } done; echo OK'

ok=true { printf '{\n "packet": "%s",\n "authority": "NON_AUTHORITY / NOT_PROMOTED",\n "gates": [\n' "$PACKET" for i in "${!names[@]}"; do g_ok=false; [ "${exps[$i]}" = "${acts[$i]}" ] && g_ok=true || ok=false comma=,; [ "$i" -eq $(( ${#names[@]} - 1 )) ] && comma= printf ' {"name": "%s", "expected": %s, "actual": %s, "ok": %s}%s\n'
"${names[$i]}" "${exps[$i]}" "${acts[$i]}" "$g_ok" "$comma" done printf ' ]\n}\n' } > exit_codes.json

if $ok; then echo "OVERALL_RESULT: PASS"; exit 0; else echo "OVERALL_RESULT: FAIL"; exit 1; fi

Back to Knowledge Hub knowledge/dev/laws/tool-kiem-thu/base/tkt-base-structural-evidence-governance-pack-2026-06-11/commands.sh