diff --git a/docs/paper-evidence/README.md b/docs/paper-evidence/README.md
new file mode 100644
index 0000000..cf1873f
--- /dev/null
+++ b/docs/paper-evidence/README.md
@@ -0,0 +1,14 @@
+# Paper Evidence Assets
+
+This folder contains non-code evidence assets referenced by the paper (figures, clean logs, and run links).
+
+## CI evidence: adversarial invalid gate (Figure S8)
+- GitHub Actions run: https://github.com/joy7758/agent-object-protocol/actions/runs/22717328360
+- Summary screenshot: `ci/S8_adversarial-gate-summary-ci.png`
+- Clean log excerpt: `ci/ci_run_22717328360_job_65870183177.clean.log`
+
+Expected summary:
+- total=3
+- parse_reject=1
+- checks_reject=2
+- unexpected_pass=0
diff --git a/docs/paper-evidence/ci/README.md b/docs/paper-evidence/ci/README.md
new file mode 100644
index 0000000..41935f1
--- /dev/null
+++ b/docs/paper-evidence/ci/README.md
@@ -0,0 +1,41 @@
+# CI Log Screenshots
+
+Generated from GitHub Actions run `22658349784` (job `65672839352`, `JSON Schema validate`).
+
+- Run: https://github.com/joy7758/agent-object-protocol/actions/runs/22658349784
+- Job: https://github.com/joy7758/agent-object-protocol/actions/runs/22658349784/job/65672839352
+- Raw log: `ci_run_22658349784_job_65672839352.log`
+- Clean log: `ci_run_22658349784_job_65672839352.clean.log`
+
+## Files
+
+- `S1_object-invalid-rejected.png` (clean log lines 1078-1087)
+- `S2_mcp-derived-schema-invalid-rejected.png` (lines 1545-1556)
+- `S3_v07-e2e-negative-rejected.png` (lines 1904-1944)
+- `S4_v08-evidence-digest-mismatch-rejected.png` (lines 2600-2616)
+- `S5_v09-evidence-digest-mismatch-rejected.png` (lines 2341-2382)
+- `S6_v11-dsse-invalid-rejected.png` (lines 720-752)
+- `S7_v12-intoto-payloadtype-invalid-rejected.png` (lines 529-561)
+
+## Adversarial Gate (local evidence)
+
+- Command: `node tools/validate_invalid_fixtures.mjs`
+- Log: `adversarial_gate_local.log`
+- Screenshot: `S8_adversarial-gate-summary.png`
+- Summary:
+  - `Adversarial invalid fixtures total: 3`
+  - `Rejected at parse: 1`
+  - `Rejected by checks: 2`
+  - `Unexpectedly passed: 0`
+
+## Adversarial Gate (CI evidence)
+
+- Run: https://github.com/joy7758/agent-object-protocol/actions/runs/22717328360
+- Job: https://github.com/joy7758/agent-object-protocol/actions/runs/22717328360/job/65870183177
+- Log: `ci_run_22717328360_job_65870183177.clean.log`
+- Screenshot: `S8_adversarial-gate-summary-ci.png`
+- Summary:
+  - `Adversarial invalid fixtures total: 3`
+  - `Rejected at parse: 1`
+  - `Rejected by checks: 2`
+  - `Unexpectedly passed: 0`
diff --git a/docs/paper-evidence/ci/S8_adversarial-gate-summary-ci.png b/docs/paper-evidence/ci/S8_adversarial-gate-summary-ci.png
new file mode 100644
index 0000000..6f6de71
Binary files /dev/null and b/docs/paper-evidence/ci/S8_adversarial-gate-summary-ci.png differ
diff --git a/docs/paper-evidence/ci/ci_run_22717328360_job_65870183177.clean.log b/docs/paper-evidence/ci/ci_run_22717328360_job_65870183177.clean.log
new file mode 100644
index 0000000..3f5d20a
--- /dev/null
+++ b/docs/paper-evidence/ci/ci_run_22717328360_job_65870183177.clean.log
@@ -0,0 +1,2659 @@
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5768161Z Current runner version: '2.331.0'
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5804929Z ##[group]Runner Image Provisioner
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5806311Z Hosted Compute Agent
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5807152Z Version: 20260213.493
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5808232Z Commit: 5c115507f6dd24b8de37d8bbe0bb4509d0cc0fa3
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5809520Z Build Date: 2026-02-13T00:28:41Z
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5810531Z Worker ID: {f783d9e2-0181-485f-9600-9dd4cd48e79d}
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5811493Z Azure Region: northcentralus
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5812585Z ##[endgroup]
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5814723Z ##[group]Operating System
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5815796Z Ubuntu
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5816479Z 24.04.3
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5817189Z LTS
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5818054Z ##[endgroup]
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5819126Z ##[group]Runner Image
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5820007Z Image: ubuntu-24.04
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5820713Z Version: 20260302.42.1
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5822464Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20260302.42/images/ubuntu/Ubuntu2404-Readme.md
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5825166Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20260302.42
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5826732Z ##[endgroup]
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5828443Z ##[group]GITHUB_TOKEN Permissions
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5832259Z Contents: read
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5833104Z Metadata: read
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5833893Z ##[endgroup]
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5837495Z Secret source: Actions
+JSON Schema validate	Set up job	2026-03-05T12:12:01.5839058Z Prepare workflow directory
+JSON Schema validate	Set up job	2026-03-05T12:12:01.6301860Z Prepare all required actions
+JSON Schema validate	Set up job	2026-03-05T12:12:01.6357226Z Getting action download info
+JSON Schema validate	Set up job	2026-03-05T12:12:01.9026962Z Download action repository 'actions/checkout@v4' (SHA:34e114876b0b11c390a56381ad16ebd13914f8d5)
+JSON Schema validate	Set up job	2026-03-05T12:12:02.0555949Z Download action repository 'actions/setup-node@v4' (SHA:49933ea5288caeca8642d1e84afbd3f7d6820020)
+JSON Schema validate	Set up job	2026-03-05T12:12:02.3033445Z Complete job name: JSON Schema validate
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3843711Z ##[group]Run actions/checkout@v4
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3844467Z with:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3844914Z   repository: joy7758/agent-object-protocol
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3845604Z   token: ***
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3845973Z   ssh-strict: true
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3846340Z   ssh-user: git
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3846721Z   persist-credentials: true
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3847136Z   clean: true
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3847518Z   sparse-checkout-cone-mode: true
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3847969Z   fetch-depth: 1
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3848668Z   fetch-tags: false
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3849166Z   show-progress: true
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3849539Z   lfs: false
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3849890Z   submodules: false
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3850266Z   set-safe-directory: true
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.3850942Z ##[endgroup]
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.4962899Z Syncing repository: joy7758/agent-object-protocol
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.4964657Z ##[group]Getting Git version info
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.4965464Z Working directory is '/home/runner/work/agent-object-protocol/agent-object-protocol'
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.4966597Z [command]/usr/bin/git version
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5086562Z git version 2.53.0
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5116391Z ##[endgroup]
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5134937Z Temporarily overriding HOME='/home/runner/work/_temp/8d4555b0-2726-4ba6-89d1-13adb2794e6a' before making global git config changes
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5137115Z Adding repository directory to the temporary git global config as a safe directory
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5142089Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/agent-object-protocol/agent-object-protocol
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5184354Z Deleting the contents of '/home/runner/work/agent-object-protocol/agent-object-protocol'
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5188854Z ##[group]Initializing the repository
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5192903Z [command]/usr/bin/git init /home/runner/work/agent-object-protocol/agent-object-protocol
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5297497Z hint: Using 'master' as the name for the initial branch. This default branch name
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5298914Z hint: will change to "main" in Git 3.0. To configure the initial branch name
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5300078Z hint: to use in all of your new repositories, which will suppress this warning,
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5300730Z hint: call:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5301171Z hint:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5301626Z hint: 	git config --global init.defaultBranch <name>
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5302385Z hint:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5303212Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5304123Z hint: 'development'. The just-created branch can be renamed via this command:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5304785Z hint:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5305136Z hint: 	git branch -m <name>
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5305555Z hint:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5306098Z hint: Disable this message with "git config set advice.defaultBranchName false"
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5307168Z Initialized empty Git repository in /home/runner/work/agent-object-protocol/agent-object-protocol/.git/
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5313773Z [command]/usr/bin/git remote add origin https://github.com/joy7758/agent-object-protocol
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5351835Z ##[endgroup]
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5352925Z ##[group]Disabling automatic garbage collection
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5357637Z [command]/usr/bin/git config --local gc.auto 0
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5394694Z ##[endgroup]
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5395576Z ##[group]Setting up auth
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5403917Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5444047Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.5976129Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.6029699Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.6317677Z [command]/usr/bin/git config --local --name-only --get-regexp ^includeIf\.gitdir:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.6358772Z [command]/usr/bin/git submodule foreach --recursive git config --local --show-origin --name-only --get-regexp remote.origin.url
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.6621346Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.6660462Z ##[endgroup]
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.6661393Z ##[group]Fetching the repository
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.6669870Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +3be63b992f0b80c6a3ef90c0d71ffc6f2823052c:refs/remotes/pull/1/merge
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9827314Z From https://github.com/joy7758/agent-object-protocol
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9828979Z  * [new ref]         3be63b992f0b80c6a3ef90c0d71ffc6f2823052c -> pull/1/merge
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9863767Z ##[endgroup]
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9864742Z ##[group]Determining the checkout info
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9866171Z ##[endgroup]
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9871774Z [command]/usr/bin/git sparse-checkout disable
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9917378Z [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9945969Z ##[group]Checking out the ref
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:02.9949585Z [command]/usr/bin/git checkout --progress --force refs/remotes/pull/1/merge
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0083307Z Note: switching to 'refs/remotes/pull/1/merge'.
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0084020Z 
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0084560Z You are in 'detached HEAD' state. You can look around, make experimental
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0085899Z changes and commit them, and you can discard any commits you make in this
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0087198Z state without impacting any branches by switching back to a branch.
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0087965Z 
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0088593Z If you want to create a new branch to retain commits you create, you may
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0089411Z do so (now or later) by using -c with the switch command. Example:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0089889Z 
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0090112Z   git switch -c <new-branch-name>
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0090675Z 
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0090851Z Or undo this operation with:
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0091122Z 
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0091280Z   git switch -
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0091538Z 
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0092088Z Turn off this advice by setting config variable advice.detachedHead to false
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0092947Z 
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0093694Z HEAD is now at 3be63b9 Merge 898e8672f8c28e79097b61664d4caea0df4e53ae into c1b8935abf5595111d3e0188fc082d80633d08aa
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0095408Z ##[endgroup]
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0131864Z [command]/usr/bin/git log -1 --format=%H
+JSON Schema validate	Run actions/checkout@v4	2026-03-05T12:12:03.0157756Z 3be63b992f0b80c6a3ef90c0d71ffc6f2823052c
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.0487839Z ##[group]Run actions/setup-node@v4
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.0488636Z with:
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.0488982Z   node-version: 20
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.0489361Z   always-auth: false
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.0489737Z   check-latest: false
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.0490260Z   token: ***
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.0490616Z ##[endgroup]
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.2324950Z Found in cache @ /opt/hostedtoolcache/node/20.20.0/x64
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:03.2326515Z ##[group]Environment details
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:05.6565002Z node: v20.20.0
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:05.6565677Z npm: 10.8.2
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:05.6566029Z yarn: 1.22.22
+JSON Schema validate	Setup Node.js	2026-03-05T12:12:05.6567250Z ##[endgroup]
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:05.6692930Z ##[group]Run npm i -g ajv-cli
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:05.6693365Z npm i -g ajv-cli
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:05.6758521Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:05.6758879Z ##[endgroup]
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:09.5318676Z npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:09.5609398Z npm warn deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:09.6914259Z 
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:09.6915076Z added 26 packages in 4s
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:09.6917361Z 
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:09.6917937Z 4 packages are looking for funding
+JSON Schema validate	Install ajv-cli	2026-03-05T12:12:09.6918548Z   run `npm fund` for details
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7072408Z ##[group]Run node tools/validate_invalid_fixtures.mjs
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7072851Z node tools/validate_invalid_fixtures.mjs
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7129484Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7129764Z ##[endgroup]
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7516513Z [OK] examples/invalid/adversarial/duplicate-keys.invalid.json rejected during strict JSON parse (DUPLICATE_KEY)
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7525120Z [OK] examples/invalid/adversarial/intoto-payloadType.case.invalid.json rejected for non-canonical in-toto payloadType casing
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7527189Z [OK] examples/invalid/adversarial/number-rounding.edge.invalid.json rejected for unsafe integer at /payload/unsafe_integer
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7528524Z Adversarial invalid fixtures total: 3
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7528968Z Rejected at parse: 1
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7529252Z Rejected by checks: 2
+JSON Schema validate	Validate adversarial invalid fixtures are rejected (parse-aware)	2026-03-05T12:12:09.7529620Z Unexpectedly passed: 0
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7595269Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7595622Z shopt -s nullglob
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7595897Z schema_files=(schemas/*.schema.json)
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7596207Z if [ "${#schema_files[@]}" -eq 0 ]; then
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7596569Z   echo "No schema files found under schemas/"
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7596861Z   exit 1
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7597046Z fi
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7597259Z for schema in "${schema_files[@]}"; do
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7597550Z   echo "Compiling schema: ${schema}"
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7597871Z   ajv compile --spec=draft2020 -s "${schema}"
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7598143Z done
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7653547Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7653824Z ##[endgroup]
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.7735401Z Compiling schema: schemas/aop-evidence.schema.json
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:09.9883201Z schema schemas/aop-evidence.schema.json is valid
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.0015953Z Compiling schema: schemas/aop-object.schema.json
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.2512325Z schema schemas/aop-object.schema.json is valid
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.2597826Z Compiling schema: schemas/aop-policy-decision.schema.json
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.4908928Z schema schemas/aop-policy-decision.schema.json is valid
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.5004081Z Compiling schema: schemas/aop-policy.schema.json
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.7311992Z schema schemas/aop-policy.schema.json is valid
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.7366927Z Compiling schema: schemas/aop-registry-record.schema.json
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.9627365Z schema schemas/aop-registry-record.schema.json is valid
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:10.9742553Z Compiling schema: schemas/aop-resolve-response.schema.json
+JSON Schema validate	Compile all schemas (draft2020)	2026-03-05T12:12:11.1981917Z schema schemas/aop-resolve-response.schema.json is valid
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2080299Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2080656Z shopt -s nullglob
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2080870Z object_files=()
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2081104Z for file in examples/*.json; do
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2081416Z   if [[ "${file}" == examples/aop-policy.*.json ]] || \
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2081793Z      [[ "${file}" == examples/aop-policy-decision.*.json ]]; then
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2082148Z     continue
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2082344Z   fi
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2082552Z   object_files+=("${file}")
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2082779Z done
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2082986Z if [ "${#object_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2083297Z   echo "No object examples found under examples/"
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2083582Z   exit 1
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2083749Z fi
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2083946Z for file in "${object_files[@]}"; do
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2084237Z   echo "Validating object example: ${file}"
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2084751Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2085216Z done
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2138789Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2139065Z ##[endgroup]
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.2218643Z Validating object example: examples/aop-capabilities-migrated.valid.json
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.4539005Z examples/aop-capabilities-migrated.valid.json valid
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.4588062Z Validating object example: examples/aop-extension-x-vendor.valid.json
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.6850012Z examples/aop-extension-x-vendor.valid.json valid
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.6903585Z Validating object example: examples/aop-invocation-migrated.valid.json
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.9224844Z examples/aop-invocation-migrated.valid.json valid
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:11.9274241Z Validating object example: examples/aop-object.json
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:12.1563135Z examples/aop-object.json valid
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:12.1612193Z Validating object example: examples/aop-security-none.object.json
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:12.3806878Z examples/aop-security-none.object.json valid
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:12.3858972Z Validating object example: examples/aop-security-oauth2.object.json
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:12.6134468Z examples/aop-security-oauth2.object.json valid
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:12.6187455Z Validating object example: examples/aop-tool.object.json
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:12.8414969Z examples/aop-tool.object.json valid
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:12.8463766Z Validating object example: examples/aop-workflow.object.json
+JSON Schema validate	Validate object examples against aop-object schema (draft2020)	2026-03-05T12:12:13.0735146Z examples/aop-workflow.object.json valid
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0820326Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0820658Z shopt -s nullglob
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0820927Z policy_files=(examples/aop-policy.*.json)
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0821246Z if [ "${#policy_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0821558Z   echo "No policy examples found under examples/"
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0821845Z   exit 1
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0822205Z fi
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0822406Z for file in "${policy_files[@]}"; do
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0822702Z   echo "Validating policy example: ${file}"
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0823170Z   ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0823585Z done
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0877794Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0878045Z ##[endgroup]
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.0954325Z Validating policy example: examples/aop-policy.allow.json
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.3154495Z examples/aop-policy.allow.json valid
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.3239199Z Validating policy example: examples/aop-policy.deny.json
+JSON Schema validate	Validate policy examples against aop-policy schema (draft2020)	2026-03-05T12:12:13.5531869Z examples/aop-policy.deny.json valid
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5649423Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5649739Z shopt -s nullglob
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5650047Z decision_files=(examples/aop-policy-decision.*.json)
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5650405Z if [ "${#decision_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5650764Z   echo "No policy decision examples found under examples/"
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5651071Z   exit 1
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5651247Z fi
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5651453Z for file in "${decision_files[@]}"; do
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5651769Z   echo "Validating policy decision example: ${file}"
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5652292Z   ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5652745Z done
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5705491Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5705748Z ##[endgroup]
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.5784716Z Validating policy decision example: examples/aop-policy-decision.allow.json
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.8036374Z examples/aop-policy-decision.allow.json valid
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:13.8134224Z Validating policy decision example: examples/aop-policy-decision.deny.json
+JSON Schema validate	Validate policy decision examples (draft2020)	2026-03-05T12:12:14.0406033Z examples/aop-policy-decision.deny.json valid
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0641222Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0641530Z shopt -s nullglob
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0641860Z evidence_files=(examples/v0.8/e2e/positive/*/evidence*.json)
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0642232Z if [ "${#evidence_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0642597Z   echo "No v0.8 evidence examples found under examples/v0.8/e2e/positive"
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0642944Z   exit 1
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0643118Z fi
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0643308Z for file in "${evidence_files[@]}"; do
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0643625Z   echo "Validating v0.8 evidence example: ${file}"
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0644099Z   ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0644514Z done
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0697178Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0697411Z ##[endgroup]
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.0772729Z Validating v0.8 evidence example: examples/v0.8/e2e/positive/scenario-1/evidence.decision.json
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.2953441Z examples/v0.8/e2e/positive/scenario-1/evidence.decision.json valid
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.3069809Z Validating v0.8 evidence example: examples/v0.8/e2e/positive/scenario-1/evidence.manifest.json
+JSON Schema validate	Validate v0.8 evidence examples (draft2020)	2026-03-05T12:12:14.5258534Z examples/v0.8/e2e/positive/scenario-1/evidence.manifest.json valid
+JSON Schema validate	Compile evidence profile schemas (draft2020)	2026-03-05T12:12:14.5408844Z ##[group]Run ajv compile --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/aop-provenance.profile.schema.json
+JSON Schema validate	Compile evidence profile schemas (draft2020)	2026-03-05T12:12:14.5409828Z ajv compile --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/aop-provenance.profile.schema.json
+JSON Schema validate	Compile evidence profile schemas (draft2020)	2026-03-05T12:12:14.5410716Z ajv compile --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/slsa-provenance-min.profile.schema.json
+JSON Schema validate	Compile evidence profile schemas (draft2020)	2026-03-05T12:12:14.5464789Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Compile evidence profile schemas (draft2020)	2026-03-05T12:12:14.5465039Z ##[endgroup]
+JSON Schema validate	Compile evidence profile schemas (draft2020)	2026-03-05T12:12:14.7808669Z schema schemas/profiles/aop-provenance.profile.schema.json is valid
+JSON Schema validate	Compile evidence profile schemas (draft2020)	2026-03-05T12:12:15.0133866Z schema schemas/profiles/slsa-provenance-min.profile.schema.json is valid
+JSON Schema validate	Compile DSSE envelope profile schema (draft2020)	2026-03-05T12:12:15.0271186Z ##[group]Run ajv compile --spec=draft2020 -s schemas/profiles/dsse-envelope.profile.schema.json
+JSON Schema validate	Compile DSSE envelope profile schema (draft2020)	2026-03-05T12:12:15.0272226Z ajv compile --spec=draft2020 -s schemas/profiles/dsse-envelope.profile.schema.json
+JSON Schema validate	Compile DSSE envelope profile schema (draft2020)	2026-03-05T12:12:15.0325379Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Compile DSSE envelope profile schema (draft2020)	2026-03-05T12:12:15.0325640Z ##[endgroup]
+JSON Schema validate	Compile DSSE envelope profile schema (draft2020)	2026-03-05T12:12:15.2526917Z schema schemas/profiles/dsse-envelope.profile.schema.json is valid
+JSON Schema validate	Compile in-toto Statement profile schema (draft2020)	2026-03-05T12:12:15.2699155Z ##[group]Run ajv compile --spec=draft2020 -s schemas/profiles/in-toto-statement.profile.schema.json
+JSON Schema validate	Compile in-toto Statement profile schema (draft2020)	2026-03-05T12:12:15.2700310Z ajv compile --spec=draft2020 -s schemas/profiles/in-toto-statement.profile.schema.json
+JSON Schema validate	Compile in-toto Statement profile schema (draft2020)	2026-03-05T12:12:15.2775575Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Compile in-toto Statement profile schema (draft2020)	2026-03-05T12:12:15.2775968Z ##[endgroup]
+JSON Schema validate	Compile in-toto Statement profile schema (draft2020)	2026-03-05T12:12:15.5136631Z schema schemas/profiles/in-toto-statement.profile.schema.json is valid
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5292370Z ##[group]Run set -euo pipefail
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5292710Z set -euo pipefail
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5292932Z shopt -s nullglob
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5293196Z dsse_files=(examples/v1.1/dsse/positive/*.json)
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5293512Z if [ "${#dsse_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5293854Z   echo "No v1.1 DSSE positive fixtures found; skipping."
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5294153Z   exit 0
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5294353Z fi
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5294516Z 
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5294701Z tmp_dir="$(mktemp -d)"
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5294937Z trap 'rm -rf "${tmp_dir}"' EXIT
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5295175Z 
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5295349Z for file in "${dsse_files[@]}"; do
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5295653Z   echo "Validating DSSE envelope schema: ${file}"
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5296208Z   ajv validate --spec=draft2020 -s schemas/profiles/dsse-envelope.profile.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5296732Z 
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5296983Z   out_json="${tmp_dir}/$(basename "${file}" .json).payload.json"
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5297298Z   node -e '
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5297510Z     const fs = require("fs");
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5297794Z     const inputPath = process.argv[1];
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5298078Z     const outputPath = process.argv[2];
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5298612Z     const doc = JSON.parse(fs.readFileSync(inputPath, "utf8"));
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5298929Z 
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5299205Z     if (!doc.payloadType || typeof doc.payloadType !== "string") {
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5299599Z       throw new Error("payloadType missing");
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5299880Z     }
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5300104Z     if (!doc.payloadType.endsWith("+json")) {
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5300524Z       throw new Error("unsupported payloadType for JSON parse: " + doc.payloadType);
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5301016Z     }
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5301234Z 
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5301477Z     const payload = doc.payload || "";
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5301872Z     const normalized = payload.replace(/\s+/g, "");
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5302252Z     const decoded = Buffer.from(normalized, "base64");
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5302668Z     const reencoded = decoded.toString("base64").replace(/=+$/, "");
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5303050Z     const original = normalized.replace(/=+$/, "");
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5303402Z     if (original.length === 0 || reencoded !== original) {
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5303783Z       throw new Error("payload is not valid canonical base64");
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5304093Z     }
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5304258Z 
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5304429Z     let parsed;
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5304633Z     try {
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5305092Z       parsed = JSON.parse(decoded.toString("utf8"));
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5305398Z     } catch (err) {
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5305718Z       throw new Error("decoded payload is not valid JSON: " + err.message);
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5306084Z     }
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5306265Z 
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5306556Z     fs.writeFileSync(outputPath, JSON.stringify(parsed, null, 2));
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5306916Z   ' "${file}" "${out_json}"
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5307136Z 
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5307411Z   echo "Validating decoded DSSE payload as AOP evidence: ${file}"
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5307970Z   ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${out_json}" --all-errors
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5308671Z done
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5363445Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5363773Z ##[endgroup]
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.5454414Z Validating DSSE envelope schema: examples/v1.1/dsse/positive/evidence.dsse.json
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.7543555Z examples/v1.1/dsse/positive/evidence.dsse.json valid
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:15.7843960Z Validating decoded DSSE payload as AOP evidence: examples/v1.1/dsse/positive/evidence.dsse.json
+JSON Schema validate	Validate v1.1 DSSE positive fixtures (draft2020)	2026-03-05T12:12:16.0047596Z /tmp/tmp.CknnVoJiNm/evidence.dsse.payload.json valid
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0273997Z ##[group]Run set -euo pipefail
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0274505Z set -euo pipefail
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0274852Z shopt -s nullglob
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0275289Z dsse_files=(examples/v1.2/dsse/positive/*.json)
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0275807Z if [ "${#dsse_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0276393Z   echo "No v1.2 DSSE in-toto positive fixtures found; skipping."
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0276938Z   exit 0
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0277209Z fi
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0277457Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0277733Z tmp_dir="$(mktemp -d)"
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0278140Z trap 'rm -rf "${tmp_dir}"' EXIT
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0278757Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0279055Z for file in "${dsse_files[@]}"; do
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0279547Z   echo "Validating DSSE envelope schema: ${file}"
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0280503Z   ajv validate --spec=draft2020 -s schemas/profiles/dsse-envelope.profile.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0281395Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0281799Z   out_json="${tmp_dir}/$(basename "${file}" .json).payload.json"
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0282328Z   node -e '
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0282662Z     const fs = require("fs");
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0283107Z     const inputPath = process.argv[1];
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0283602Z     const outputPath = process.argv[2];
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0284182Z     const doc = JSON.parse(fs.readFileSync(inputPath, "utf8"));
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0284702Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0285123Z     if (!doc.payloadType || typeof doc.payloadType !== "string") {
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0285749Z       throw new Error("payloadType missing");
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0286185Z     }
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0286473Z     const isInTotoType =
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0286981Z       doc.payloadType === "application/vnd.in-toto+json" ||
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0287733Z       /^application\/vnd\.in-toto\.[a-z0-9_.-]+\+json$/.test(doc.payloadType);
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0288571Z     if (!isInTotoType) {
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0289166Z       throw new Error("unsupported in-toto payloadType: " + doc.payloadType);
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0289765Z     }
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0290029Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0290325Z     const payload = doc.payload || "";
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0290851Z     const normalized = payload.replace(/\s+/g, "");
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0291436Z     const decoded = Buffer.from(normalized, "base64");
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0292399Z     const reencoded = decoded.toString("base64").replace(/=+$/, "");
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0293063Z     const original = normalized.replace(/=+$/, "");
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0293654Z     if (original.length === 0 || reencoded !== original) {
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0294277Z       throw new Error("payload is not valid canonical base64");
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0294788Z     }
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0295047Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0295311Z     let parsed;
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0295619Z     try {
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0296028Z       parsed = JSON.parse(decoded.toString("utf8"));
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0296514Z     } catch (err) {
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0297045Z       throw new Error("decoded payload is not valid JSON: " + err.message);
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0297625Z     }
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0297881Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0298531Z     fs.writeFileSync(outputPath, JSON.stringify(parsed, null, 2));
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0299106Z   ' "${file}" "${out_json}"
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0299461Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0299914Z   echo "Validating decoded DSSE payload as in-toto Statement: ${file}"
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0301221Z   ajv validate --spec=draft2020 -s schemas/profiles/in-toto-statement.profile.schema.json -d "${out_json}" --all-errors
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0302426Z done
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0377867Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0378725Z ##[endgroup]
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.0491886Z Validating DSSE envelope schema: examples/v1.2/dsse/positive/in-toto.statement.dsse.json
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.2628973Z examples/v1.2/dsse/positive/in-toto.statement.dsse.json valid
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.3001235Z Validating decoded DSSE payload as in-toto Statement: examples/v1.2/dsse/positive/in-toto.statement.dsse.json
+JSON Schema validate	Validate v1.2 DSSE in-toto positive fixtures (draft2020)	2026-03-05T12:12:16.5072085Z /tmp/tmp.Vw934E5Ddv/in-toto.statement.dsse.payload.json valid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5245974Z ##[group]Run set -euo pipefail
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5246327Z set -euo pipefail
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5246545Z shopt -s nullglob
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5246858Z invalid_files=(examples/invalid/v1.2/dsse/*.invalid.json)
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5247221Z if [ "${#invalid_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5247578Z   echo "No v1.2 DSSE in-toto invalid fixtures found; skipping."
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5247895Z   exit 0
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5248079Z fi
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5248412Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5248586Z tmp_dir="$(mktemp -d)"
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5248830Z trap 'rm -rf "${tmp_dir}"' EXIT
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5249054Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5249245Z for file in "${invalid_files[@]}"; do
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5249580Z   echo "Expecting v1.2 in-toto DSSE fixture rejection: ${file}"
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5249988Z   out_json="${tmp_dir}/$(basename "${file}" .json).payload.json"
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5250420Z   if \
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5250903Z     ajv validate --spec=draft2020 -s schemas/profiles/dsse-envelope.profile.schema.json -d "${file}" --all-errors && \
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5251432Z     node -e '
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5251651Z       const fs = require("fs");
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5251920Z       const inputPath = process.argv[1];
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5252207Z       const outputPath = process.argv[2];
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5252557Z       const doc = JSON.parse(fs.readFileSync(inputPath, "utf8"));
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5252866Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5253123Z       if (!doc.payloadType || typeof doc.payloadType !== "string") {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5253487Z         throw new Error("payloadType missing");
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5253764Z       }
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5253958Z       const isInTotoType =
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5254450Z         doc.payloadType === "application/vnd.in-toto+json" ||
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5254913Z         /^application\/vnd\.in-toto\.[a-z0-9_.-]+\+json$/.test(doc.payloadType);
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5255282Z       if (!isInTotoType) {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5255645Z         throw new Error("unsupported in-toto payloadType: " + doc.payloadType);
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5255999Z       }
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5256173Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5256369Z       const payload = doc.payload || "";
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5256681Z       const normalized = payload.replace(/\s+/g, "");
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5257042Z       const decoded = Buffer.from(normalized, "base64");
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5257434Z       const reencoded = decoded.toString("base64").replace(/=+$/, "");
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5257826Z       const original = normalized.replace(/=+$/, "");
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5258174Z       if (original.length === 0 || reencoded !== original) {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5258826Z         throw new Error("payload is not valid canonical base64");
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5259149Z       }
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5259308Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5259480Z       let parsed;
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5259680Z       try {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5259935Z         parsed = JSON.parse(decoded.toString("utf8"));
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5260222Z       } catch (err) {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5260540Z         throw new Error("decoded payload is not valid JSON: " + err.message);
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5260888Z       }
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5261045Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5261315Z       fs.writeFileSync(outputPath, JSON.stringify(parsed, null, 2));
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5261665Z     ' "${file}" "${out_json}" && \
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5262209Z     ajv validate --spec=draft2020 -s schemas/profiles/in-toto-statement.profile.schema.json -d "${out_json}" --all-errors
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5262970Z   then
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5263264Z     echo "Unexpectedly valid v1.2 in-toto DSSE invalid fixture: ${file}"
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5263612Z     exit 1
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5263787Z   fi
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5263987Z   echo "Rejected as expected: ${file}"
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5264227Z done
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5316449Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5316782Z ##[endgroup]
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.5408714Z Expecting v1.2 in-toto DSSE fixture rejection: examples/invalid/v1.2/dsse/in-toto-invalid-base64.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7514761Z examples/invalid/v1.2/dsse/in-toto-invalid-base64.invalid.json valid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7811405Z [eval]:23
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7811991Z         throw new Error("payload is not valid canonical base64");
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7812599Z         ^
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7812750Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7813007Z Error: payload is not valid canonical base64
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7813501Z     at [eval]:23:15
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7813938Z     at runScriptInThisContext (node:internal/vm:209:10)
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7814495Z     at node:internal/process/execution:118:14
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7814926Z     at [eval]-wrapper:6:24
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7815467Z     at runScript (node:internal/process/execution:101:62)
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7816036Z     at evalScript (node:internal/process/execution:133:3)
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7836818Z     at node:internal/main/eval_string:51:3
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7837180Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7837354Z Node.js v20.20.0
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7838073Z Rejected as expected: examples/invalid/v1.2/dsse/in-toto-invalid-base64.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.7839473Z Expecting v1.2 in-toto DSSE fixture rejection: examples/invalid/v1.2/dsse/in-toto-payload-not-json.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:16.9943609Z examples/invalid/v1.2/dsse/in-toto-payload-not-json.invalid.json valid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0235554Z [eval]:30
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0236576Z         throw new Error("decoded payload is not valid JSON: " + err.message);
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0236970Z         ^
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0237077Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0237432Z Error: decoded payload is not valid JSON: Unexpected token 'o', "not-json" is not valid JSON
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0237843Z     at [eval]:30:15
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0238132Z     at runScriptInThisContext (node:internal/vm:209:10)
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0238789Z     at node:internal/process/execution:118:14
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0239069Z     at [eval]-wrapper:6:24
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0239377Z     at runScript (node:internal/process/execution:101:62)
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0239731Z     at evalScript (node:internal/process/execution:133:3)
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0240048Z     at node:internal/main/eval_string:51:3
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0240220Z 
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0240310Z Node.js v20.20.0
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0259788Z Rejected as expected: examples/invalid/v1.2/dsse/in-toto-payload-not-json.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.0261371Z Expecting v1.2 in-toto DSSE fixture rejection: examples/invalid/v1.2/dsse/in-toto-predicate-token-invalid.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2386807Z examples/invalid/v1.2/dsse/in-toto-predicate-token-invalid.invalid.json invalid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2403438Z [
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2403708Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2404036Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2404643Z     schemaPath: '#/properties/payloadType/anyOf/0/const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2405144Z     keyword: 'const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2405665Z     params: { allowedValue: 'application/vnd.aop.evidence+json' },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2406156Z     message: 'must be equal to constant'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2406413Z   },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2406584Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2406784Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2407108Z     schemaPath: '#/properties/payloadType/anyOf/1/const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2407401Z     keyword: 'const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2407691Z     params: { allowedValue: 'application/vnd.in-toto+json' },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2408058Z     message: 'must be equal to constant'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2408834Z   },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2408990Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2409191Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2409520Z     schemaPath: '#/properties/payloadType/anyOf/2/pattern',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2409826Z     keyword: 'pattern',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2410185Z     params: { pattern: '^application\\/vnd\\.in-toto\\.[a-z0-9_.-]+\\+json$' },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2410699Z     message: 'must match pattern "^application\\/vnd\\.in-toto\\.[a-z0-9_.-]+\\+json$"'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2411058Z   },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2411207Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2411401Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2411701Z     schemaPath: '#/properties/payloadType/anyOf',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2411970Z     keyword: 'anyOf',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2412168Z     params: {},
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2412399Z     message: 'must match a schema in anyOf'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2412640Z   }
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2412800Z ]
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2447807Z Rejected as expected: examples/invalid/v1.2/dsse/in-toto-predicate-token-invalid.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.2449585Z Expecting v1.2 in-toto DSSE fixture rejection: examples/invalid/v1.2/dsse/in-toto-statement-missing-predicatetype.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.4566309Z examples/invalid/v1.2/dsse/in-toto-statement-missing-predicatetype.invalid.json valid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6962232Z /tmp/tmp.ieokZhMNEx/in-toto-statement-missing-predicatetype.invalid.payload.json invalid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6983154Z [
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6983451Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6983782Z     instancePath: '',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6984151Z     schemaPath: '#/required',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6985650Z     keyword: 'required',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6986141Z     params: { missingProperty: 'predicateType' },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6986757Z     message: "must have required property 'predicateType'"
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6987227Z   }
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.6987467Z ]
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.7100683Z Rejected as expected: examples/invalid/v1.2/dsse/in-toto-statement-missing-predicatetype.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.7102564Z Expecting v1.2 in-toto DSSE fixture rejection: examples/invalid/v1.2/dsse/in-toto-statement-wrong-type.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:17.9227586Z examples/invalid/v1.2/dsse/in-toto-statement-wrong-type.invalid.json valid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1724871Z /tmp/tmp.ieokZhMNEx/in-toto-statement-wrong-type.invalid.payload.json invalid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1745443Z [
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1745712Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1746028Z     instancePath: '/_type',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1746473Z     schemaPath: '#/properties/_type/const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1747971Z     keyword: 'const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1748873Z     params: { allowedValue: 'https://in-toto.io/Statement/v1' },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1749510Z     message: 'must be equal to constant'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1749899Z   }
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1750133Z ]
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1859606Z Rejected as expected: examples/invalid/v1.2/dsse/in-toto-statement-wrong-type.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.1861046Z Expecting v1.2 in-toto DSSE fixture rejection: examples/invalid/v1.2/dsse/in-toto-unknown-payloadtype.invalid.json
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3973210Z examples/invalid/v1.2/dsse/in-toto-unknown-payloadtype.invalid.json invalid
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3990384Z [
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3990623Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3990930Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3991462Z     schemaPath: '#/properties/payloadType/anyOf/0/const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3991984Z     keyword: 'const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3992495Z     params: { allowedValue: 'application/vnd.aop.evidence+json' },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3993080Z     message: 'must be equal to constant'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3993359Z   },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3993526Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3993729Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3994043Z     schemaPath: '#/properties/payloadType/anyOf/1/const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3994341Z     keyword: 'const',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3994635Z     params: { allowedValue: 'application/vnd.in-toto+json' },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3995015Z     message: 'must be equal to constant'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3995592Z   },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3995744Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3995945Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3996264Z     schemaPath: '#/properties/payloadType/anyOf/2/pattern',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3996559Z     keyword: 'pattern',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3996916Z     params: { pattern: '^application\\/vnd\\.in-toto\\.[a-z0-9_.-]+\\+json$' },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3997436Z     message: 'must match pattern "^application\\/vnd\\.in-toto\\.[a-z0-9_.-]+\\+json$"'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3997800Z   },
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3997960Z   {
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3998151Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3998697Z     schemaPath: '#/properties/payloadType/anyOf',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3999081Z     keyword: 'anyOf',
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3999359Z     params: {},
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.3999698Z     message: 'must match a schema in anyOf'
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4000075Z   }
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4000284Z ]
+JSON Schema validate	Validate v1.2 DSSE in-toto invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4041372Z Rejected as expected: examples/invalid/v1.2/dsse/in-toto-unknown-payloadtype.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4097953Z ##[group]Run set -euo pipefail
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4098768Z set -euo pipefail
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4099131Z shopt -s nullglob
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4099640Z invalid_files=(examples/invalid/v1.1/dsse/*.invalid.json)
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4100231Z if [ "${#invalid_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4100787Z   echo "No v1.1 DSSE invalid fixtures found; skipping."
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4101263Z   exit 0
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4101547Z fi
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4101802Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4102072Z tmp_dir="$(mktemp -d)"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4102457Z trap 'rm -rf "${tmp_dir}"' EXIT
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4102814Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4103094Z for file in "${invalid_files[@]}"; do
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4103591Z   echo "Expecting DSSE fixture rejection: ${file}"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4104513Z   out_json="${tmp_dir}/$(basename "${file}" .json).payload.json"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4105065Z   if \
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4105875Z     ajv validate --spec=draft2020 -s schemas/profiles/dsse-envelope.profile.schema.json -d "${file}" --all-errors && \
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4106778Z     node -e '
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4107131Z       const fs = require("fs");
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4107590Z       const inputPath = process.argv[1];
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4108082Z       const outputPath = process.argv[2];
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4108919Z       const doc = JSON.parse(fs.readFileSync(inputPath, "utf8"));
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4109444Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4109874Z       if (!doc.payloadType || typeof doc.payloadType !== "string") {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4110499Z         throw new Error("payloadType missing");
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4110942Z       }
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4111302Z       if (!doc.payloadType.endsWith("+json")) {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4112032Z         throw new Error("unsupported payloadType for JSON parse: " + doc.payloadType);
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4112738Z       }
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4113002Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4113318Z       const payload = doc.payload || "";
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4113863Z       const normalized = payload.replace(/\s+/g, "");
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4114454Z       const decoded = Buffer.from(normalized, "base64");
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4115221Z       const reencoded = decoded.toString("base64").replace(/=+$/, "");
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4115900Z       const original = normalized.replace(/=+$/, "");
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4116494Z       if (original.length === 0 || reencoded !== original) {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4117151Z         throw new Error("payload is not valid canonical base64");
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4117665Z       }
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4117941Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4118217Z       let parsed;
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4118837Z       try {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4119236Z         parsed = JSON.parse(decoded.toString("utf8"));
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4119727Z       } catch (err) {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4120270Z         throw new Error("decoded payload is not valid JSON: " + err.message);
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4120823Z       }
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4121096Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4121538Z       fs.writeFileSync(outputPath, JSON.stringify(parsed, null, 2));
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4122131Z     ' "${file}" "${out_json}" && \
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4122902Z     ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${out_json}" --all-errors
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4123656Z   then
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4124079Z     echo "Unexpectedly valid DSSE invalid fixture: ${file}"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4124649Z     exit 1
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4124961Z   fi
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4125271Z   echo "Rejected as expected: ${file}"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4126017Z done
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4180223Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4180574Z ##[endgroup]
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.4271376Z Expecting DSSE fixture rejection: examples/invalid/v1.1/dsse/dsse-invalid-base64.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6386313Z examples/invalid/v1.1/dsse/dsse-invalid-base64.invalid.json valid
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6758074Z [eval]:20
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6758904Z         throw new Error("payload is not valid canonical base64");
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6759414Z         ^
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6759573Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6759802Z Error: payload is not valid canonical base64
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6760100Z     at [eval]:20:15
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6760402Z     at runScriptInThisContext (node:internal/vm:209:10)
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6760782Z     at node:internal/process/execution:118:14
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6761066Z     at [eval]-wrapper:6:24
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6761885Z     at runScript (node:internal/process/execution:101:62)
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6762281Z     at evalScript (node:internal/process/execution:133:3)
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6762601Z     at node:internal/main/eval_string:51:3
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6762783Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6762870Z Node.js v20.20.0
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6784061Z Rejected as expected: examples/invalid/v1.1/dsse/dsse-invalid-base64.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.6784893Z Expecting DSSE fixture rejection: examples/invalid/v1.1/dsse/dsse-payload-not-aop-evidence.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:18.8987432Z examples/invalid/v1.1/dsse/dsse-payload-not-aop-evidence.invalid.json valid
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1443635Z /tmp/tmp.y1ULMTpay7/dsse-payload-not-aop-evidence.invalid.payload.json invalid
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1464751Z [
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1465071Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1466795Z     instancePath: '',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1467058Z     schemaPath: '#/required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1467300Z     keyword: 'required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1467634Z     params: { missingProperty: 'aop_version' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1468001Z     message: "must have required property 'aop_version'"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1468484Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1468725Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1468977Z     instancePath: '',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1469307Z     schemaPath: '#/required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1469655Z     keyword: 'required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1470033Z     params: { missingProperty: 'id' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1470518Z     message: "must have required property 'id'"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1470907Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1471141Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1471387Z     instancePath: '',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1471689Z     schemaPath: '#/required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1472028Z     keyword: 'required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1472405Z     params: { missingProperty: 'kind' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1472899Z     message: "must have required property 'kind'"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1473307Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1473481Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1473648Z     instancePath: '',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1473866Z     schemaPath: '#/required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1474080Z     keyword: 'required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1474335Z     params: { missingProperty: 'subject' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1474646Z     message: "must have required property 'subject'"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1474906Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1475056Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1475206Z     instancePath: '',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1475398Z     schemaPath: '#/required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1475605Z     keyword: 'required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1475865Z     params: { missingProperty: 'predicateType' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1476229Z     message: "must have required property 'predicateType'"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1476506Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1476680Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1476861Z     instancePath: '',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1477067Z     schemaPath: '#/required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1477291Z     keyword: 'required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1477546Z     params: { missingProperty: 'predicate' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1477875Z     message: "must have required property 'predicate'"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1478148Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1478473Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1479211Z     instancePath: '',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1479476Z     schemaPath: '#/unevaluatedProperties',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1479770Z     keyword: 'unevaluatedProperties',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1480065Z     params: { unevaluatedProperty: 'foo' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1480380Z     message: 'must NOT have unevaluated properties'
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1480647Z   }
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1480808Z ]
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1569512Z Rejected as expected: examples/invalid/v1.1/dsse/dsse-payload-not-aop-evidence.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.1570787Z Expecting DSSE fixture rejection: examples/invalid/v1.1/dsse/dsse-payload-not-json.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.3682043Z examples/invalid/v1.1/dsse/dsse-payload-not-json.invalid.json valid
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4053816Z [eval]:27
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4054546Z         throw new Error("decoded payload is not valid JSON: " + err.message);
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4055661Z         ^
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4055805Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4056295Z Error: decoded payload is not valid JSON: Unexpected token 'o', "not-json" is not valid JSON
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4056905Z     at [eval]:27:15
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4057302Z     at runScriptInThisContext (node:internal/vm:209:10)
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4057785Z     at node:internal/process/execution:118:14
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4058161Z     at [eval]-wrapper:6:24
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4058861Z     at runScript (node:internal/process/execution:101:62)
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4059230Z     at evalScript (node:internal/process/execution:133:3)
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4059651Z     at node:internal/main/eval_string:51:3
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4059935Z 
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4060062Z Node.js v20.20.0
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4079022Z Rejected as expected: examples/invalid/v1.1/dsse/dsse-payload-not-json.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.4079826Z Expecting DSSE fixture rejection: examples/invalid/v1.1/dsse/dsse-signatures-missing-sig.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6221322Z examples/invalid/v1.1/dsse/dsse-signatures-missing-sig.invalid.json invalid
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6241779Z [
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6242038Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6242357Z     instancePath: '/signatures/0',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6242896Z     schemaPath: '#/properties/signatures/items/required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6243372Z     keyword: 'required',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6243796Z     params: { missingProperty: 'sig' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6244330Z     message: "must have required property 'sig'"
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6244746Z   }
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6244972Z ]
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6356912Z Rejected as expected: examples/invalid/v1.1/dsse/dsse-signatures-missing-sig.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.6357757Z Expecting DSSE fixture rejection: examples/invalid/v1.1/dsse/dsse-unknown-payloadtype.invalid.json
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8436417Z examples/invalid/v1.1/dsse/dsse-unknown-payloadtype.invalid.json invalid
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8453218Z [
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8453502Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8453812Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8454435Z     schemaPath: '#/properties/payloadType/anyOf/0/const',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8454921Z     keyword: 'const',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8455418Z     params: { allowedValue: 'application/vnd.aop.evidence+json' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8456003Z     message: 'must be equal to constant'
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8456366Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8456595Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8456890Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8457378Z     schemaPath: '#/properties/payloadType/anyOf/1/const',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8457831Z     keyword: 'const',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8458463Z     params: { allowedValue: 'application/vnd.in-toto+json' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8458978Z     message: 'must be equal to constant'
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8459337Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8459586Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8459824Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8460153Z     schemaPath: '#/properties/payloadType/anyOf/2/pattern',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8460450Z     keyword: 'pattern',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8460837Z     params: { pattern: '^application\\/vnd\\.in-toto\\.[a-z0-9_.-]+\\+json$' },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8461683Z     message: 'must match pattern "^application\\/vnd\\.in-toto\\.[a-z0-9_.-]+\\+json$"'
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8462036Z   },
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8462194Z   {
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8462387Z     instancePath: '/payloadType',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8462692Z     schemaPath: '#/properties/payloadType/anyOf',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8462965Z     keyword: 'anyOf',
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8463156Z     params: {},
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8463378Z     message: 'must match a schema in anyOf'
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8463622Z   }
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8463772Z ]
+JSON Schema validate	Validate v1.1 DSSE invalid fixtures are rejected (draft2020)	2026-03-05T12:12:19.8505437Z Rejected as expected: examples/invalid/v1.1/dsse/dsse-unknown-payloadtype.invalid.json
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8553041Z ##[group]Run set -euo pipefail
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8553363Z set -euo pipefail
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8553579Z shopt -s nullglob
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8553955Z aop_profile_files=(examples/v0.9/e2e/positive/*/evidence.*.aop-provenance.json)
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8554717Z slsa_profile_files=(examples/v0.9/e2e/positive/*/evidence.*.slsa-provenance.json)
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8555098Z 
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8555405Z if [ "${#aop_profile_files[@]}" -eq 0 ] && [ "${#slsa_profile_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8555849Z   echo "No v0.9 profile evidence fixtures found; skipping."
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8556186Z   exit 0
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8556370Z fi
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8556539Z 
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8556783Z for file in "${aop_profile_files[@]}"; do
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8557149Z   echo "Validating v0.9 AOP provenance profile fixture: ${file}"
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8557889Z   ajv validate --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/aop-provenance.profile.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8558765Z done
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8558954Z 
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8559154Z for file in "${slsa_profile_files[@]}"; do
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8559529Z   echo "Validating v0.9 SLSA-min provenance profile fixture: ${file}"
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8560260Z   ajv validate --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/slsa-provenance-min.profile.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8560881Z done
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8614645Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8614979Z ##[endgroup]
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:19.8690669Z Validating v0.9 AOP provenance profile fixture: examples/v0.9/e2e/positive/scenario-1/evidence.manifest.aop-provenance.json
+JSON Schema validate	Validate v0.9 profile evidence fixtures (draft2020)	2026-03-05T12:12:20.0877616Z examples/v0.9/e2e/positive/scenario-1/evidence.manifest.aop-provenance.json valid
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0994400Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0994705Z shopt -s nullglob
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0995037Z registry_record_files=(examples/registry/aop-registry-record*.json)
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0995469Z if [ "${#registry_record_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0995842Z   echo "No registry record examples found under examples/registry"
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0996177Z   exit 1
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0996357Z fi
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0996571Z for file in "${registry_record_files[@]}"; do
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0996908Z   echo "Validating registry record example: ${file}"
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0997420Z   ajv validate --spec=draft2020 -s schemas/aop-registry-record.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0997892Z done
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0998062Z 
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0998617Z registry_response_files=(examples/registry/aop-resolve-response*.json)
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0999062Z if [ "${#registry_response_files[@]}" -eq 0 ]; then
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0999446Z   echo "No resolve response examples found under examples/registry"
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0999772Z   exit 1
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.0999952Z fi
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.1000179Z for file in "${registry_response_files[@]}"; do
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.1000517Z   echo "Validating resolve response example: ${file}"
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.1001030Z   ajv validate --spec=draft2020 -s schemas/aop-resolve-response.schema.json -d "${file}" --all-errors
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.1001470Z done
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.1053763Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.1054008Z ##[endgroup]
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.1129486Z Validating registry record example: examples/registry/aop-registry-record.example.json
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.3329808Z examples/registry/aop-registry-record.example.json valid
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.3425845Z Validating resolve response example: examples/registry/aop-resolve-response.example.json
+JSON Schema validate	Validate registry examples (draft2020)	2026-03-05T12:12:20.5704078Z examples/registry/aop-resolve-response.example.json valid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5808664Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5809194Z shopt -s nullglob
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5809418Z object_invalid=()
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5809675Z for file in examples/invalid/*.json; do
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5810024Z   if [[ "${file}" == examples/invalid/aop-policy-* ]] || \
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5810419Z      [[ "${file}" == examples/invalid/aop-policy-decision-* ]] || \
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5810824Z      [[ "${file}" == examples/invalid/aop-registry-record-* ]] || \
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5811207Z      [[ "${file}" == examples/invalid/aop-resolve-response-* ]]; then
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5811558Z     continue
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5811752Z   fi
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5811957Z   object_invalid+=("${file}")
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5812195Z done
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5812414Z if [ "${#object_invalid[@]}" -eq 0 ]; then
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5812778Z   echo "No object invalid fixtures found under examples/invalid"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5813151Z   exit 1
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5813332Z fi
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5813544Z for file in "${object_invalid[@]}"; do
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5813901Z   echo "Expecting object schema validation failure: ${file}"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5814440Z   if ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${file}" --all-errors; then
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5815001Z     echo "Unexpectedly valid object invalid fixture: ${file}"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5815325Z     exit 1
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5815514Z   fi
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5815682Z done
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5815949Z echo "All object invalid fixtures were correctly rejected."
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5868765Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5869022Z ##[endgroup]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.5948422Z Expecting object schema validation failure: examples/invalid/aop-auth-none-with-scopes.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8220755Z examples/invalid/aop-auth-none-with-scopes.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8236797Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8237045Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8237373Z     instancePath: '/security/auth',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8237954Z     schemaPath: '#/$defs/AuthConfig/allOf/1/then/not',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8238600Z     keyword: 'not',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8238877Z     params: {},
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8239219Z     message: 'must NOT be valid'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8239562Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8239844Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8240180Z     instancePath: '/security/auth',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8240667Z     schemaPath: '#/$defs/AuthConfig/allOf/1/if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8240942Z     keyword: 'if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8241181Z     params: { failingKeyword: 'then' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8241462Z     message: 'must match "then" schema'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8241688Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8241851Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:20.8290551Z Expecting object schema validation failure: examples/invalid/aop-capabilities-missing-determinism.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0578420Z examples/invalid/aop-capabilities-missing-determinism.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0595847Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0596153Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0596487Z     instancePath: '/capabilities',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0596975Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0597338Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0597769Z     params: { missingProperty: 'determinism' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0598532Z     message: "must have required property 'determinism'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0598973Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0599194Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.0649065Z Expecting object schema validation failure: examples/invalid/aop-capabilities-missing-side-effects.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2896158Z examples/invalid/aop-capabilities-missing-side-effects.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2914305Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2914517Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2914782Z     instancePath: '/capabilities',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2915225Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2916454Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2916756Z     params: { missingProperty: 'side_effects' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2917129Z     message: "must have required property 'side_effects'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2927479Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2927767Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.2965773Z Expecting object schema validation failure: examples/invalid/aop-extension-bad-vendor.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5228445Z examples/invalid/aop-extension-bad-vendor.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5247539Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5247798Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5248062Z     instancePath: '',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5248583Z     schemaPath: '#/additionalProperties',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5249134Z     keyword: 'additionalProperties',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5249660Z     params: { additionalProperty: 'x-Acme-feature-flag' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5250251Z     message: 'must NOT have additional properties'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5250604Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5250768Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.5300967Z Expecting object schema validation failure: examples/invalid/aop-integrity-checksum-without-algo.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7628433Z examples/invalid/aop-integrity-checksum-without-algo.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7644823Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7645037Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7645258Z     instancePath: '/security',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7645649Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7645985Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7646380Z     params: { missingProperty: 'auth' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7646930Z     message: "must have required property 'auth'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7647270Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7647440Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7647655Z     instancePath: '/security/integrity',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7648015Z     schemaPath: '#/$defs/IntegrityConfig/allOf/0/then/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7648604Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7648893Z     params: { missingProperty: 'checksum_algo' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7649256Z     message: "must have required property 'checksum_algo'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7649600Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7649753Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7649964Z     instancePath: '/security/integrity',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7650289Z     schemaPath: '#/$defs/IntegrityConfig/allOf/0/if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7650591Z     keyword: 'if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7650837Z     params: { failingKeyword: 'then' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7651112Z     message: 'must match "then" schema'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7651336Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7651499Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:21.7699557Z Expecting object schema validation failure: examples/invalid/aop-integrity-sha256-length.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0003760Z examples/invalid/aop-integrity-sha256-length.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0019804Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0020056Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0020352Z     instancePath: '/security',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0020785Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0021197Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0021586Z     params: { missingProperty: 'auth' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0022089Z     message: "must have required property 'auth'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0022388Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0022586Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0022821Z     instancePath: '/security/integrity/checksum',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0023270Z     schemaPath: '#/$defs/IntegrityConfig/allOf/1/then/properties/checksum/pattern',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0023673Z     keyword: 'pattern',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0023934Z     params: { pattern: '^[A-Fa-f0-9]{64}$' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0024255Z     message: 'must match pattern "^[A-Fa-f0-9]{64}$"'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0024525Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0024688Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0024891Z     instancePath: '/security/integrity',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0025223Z     schemaPath: '#/$defs/IntegrityConfig/allOf/1/if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0025504Z     keyword: 'if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0025732Z     params: { failingKeyword: 'then' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0026010Z     message: 'must match "then" schema'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0026230Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0026389Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.0068750Z Expecting object schema validation failure: examples/invalid/aop-integrity-signature-without-signed.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2358439Z examples/invalid/aop-integrity-signature-without-signed.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2374404Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2374678Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2374998Z     instancePath: '/security',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2375379Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2375756Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2376180Z     params: { missingProperty: 'auth' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2376758Z     message: "must have required property 'auth'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2377039Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2377203Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2377439Z     instancePath: '/security/integrity/signed',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2377862Z     schemaPath: '#/$defs/IntegrityConfig/allOf/4/then/properties/signed/const',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2378436Z     keyword: 'const',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2378751Z     params: { allowedValue: true },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2379082Z     message: 'must be equal to constant'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2379327Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2379476Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2379678Z     instancePath: '/security/integrity',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2379989Z     schemaPath: '#/$defs/IntegrityConfig/allOf/4/if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2380269Z     keyword: 'if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2380504Z     params: { failingKeyword: 'then' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2380772Z     message: 'must match "then" schema'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2380995Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2381148Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.2424366Z Expecting object schema validation failure: examples/invalid/aop-integrity-signed-missing-signature-ref.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4784042Z examples/invalid/aop-integrity-signed-missing-signature-ref.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4800218Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4800543Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4800852Z     instancePath: '/security',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4801260Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4801632Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4802060Z     params: { missingProperty: 'auth' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4802484Z     message: "must have required property 'auth'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4803003Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4803231Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4803534Z     instancePath: '/security/integrity',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4804046Z     schemaPath: '#/$defs/IntegrityConfig/allOf/3/then/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4804530Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4804948Z     params: { missingProperty: 'signature_ref' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4805486Z     message: "must have required property 'signature_ref'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4805960Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4806193Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4806454Z     instancePath: '/security/integrity',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4806918Z     schemaPath: '#/$defs/IntegrityConfig/allOf/3/if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4807360Z     keyword: 'if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4807687Z     params: { failingKeyword: 'then' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4808096Z     message: 'must match "then" schema'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4808666Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4808895Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.4854097Z Expecting object schema validation failure: examples/invalid/aop-invocation-missing-idempotency.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7137698Z examples/invalid/aop-invocation-missing-idempotency.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7153141Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7153372Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7153702Z     instancePath: '/invocation',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7154091Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7155026Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7155537Z     params: { missingProperty: 'idempotency' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7156200Z     message: "must have required property 'idempotency'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7156616Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7156839Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.7207584Z Expecting object schema validation failure: examples/invalid/aop-invocation-missing-mode.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9474848Z examples/invalid/aop-invocation-missing-mode.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9490517Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9491499Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9491820Z     instancePath: '/invocation',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9492236Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9492653Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9492987Z     params: { missingProperty: 'mode' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9493325Z     message: "must have required property 'mode'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9493604Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9493764Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:22.9537951Z Expecting object schema validation failure: examples/invalid/aop-oauth2-missing-issuer.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1830067Z examples/invalid/aop-oauth2-missing-issuer.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1845222Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1845497Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1845817Z     instancePath: '/security/auth',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1846406Z     schemaPath: '#/$defs/AuthConfig/allOf/0/then/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1846882Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1847285Z     params: { missingProperty: 'issuer' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1847904Z     message: "must have required property 'issuer'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1848551Z   },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1848785Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1849086Z     instancePath: '/security/auth',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1849562Z     schemaPath: '#/$defs/AuthConfig/allOf/0/if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1849982Z     keyword: 'if',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1850340Z     params: { failingKeyword: 'then' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1850783Z     message: 'must match "then" schema'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1851017Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1851174Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.1899158Z Expecting object schema validation failure: examples/invalid/aop-permissions-invalid-network-access.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4139870Z examples/invalid/aop-permissions-invalid-network-access.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4155241Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4155497Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4155948Z     instancePath: '/security/permissions/network_access',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4156759Z     schemaPath: '#/$defs/PermissionConfig/properties/network_access/enum',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4157426Z     keyword: 'enum',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4157883Z     params: { allowedValues: [Array] },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4158635Z     message: 'must be equal to one of the allowed values'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4159152Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4159383Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.4204147Z Expecting object schema validation failure: examples/invalid/aop-security-missing-auth.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6499293Z examples/invalid/aop-security-missing-auth.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6515587Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6515875Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6516202Z     instancePath: '/security',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6516598Z     schemaPath: '#/required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6516962Z     keyword: 'required',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6517366Z     params: { missingProperty: 'auth' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6517949Z     message: "must have required property 'auth'"
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6518627Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6518837Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.6568591Z Expecting object schema validation failure: examples/invalid/aop-token-cost-negative.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8863627Z examples/invalid/aop-token-cost-negative.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8883121Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8883380Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8883874Z     instancePath: '/capabilities/token_cost_hint/input_per_1k',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8884637Z     schemaPath: '#/$defs/TokenCostHint/properties/input_per_1k/minimum',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8885161Z     keyword: 'minimum',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8885604Z     params: { comparison: '>=', limit: 0 },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8886038Z     message: 'must be >= 0'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8886406Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8886647Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:23.8936074Z Expecting object schema validation failure: examples/invalid/aop-token-cost-non-integer.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1229087Z examples/invalid/aop-token-cost-non-integer.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1244226Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1244467Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1244949Z     instancePath: '/capabilities/token_cost_hint/output_per_1k',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1245702Z     schemaPath: '#/$defs/TokenCostHint/properties/output_per_1k/type',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1246911Z     keyword: 'type',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1247259Z     params: { type: 'integer' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1247659Z     message: 'must be integer'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1247982Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1248218Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.1295098Z Expecting object schema validation failure: examples/invalid/aop-unknown-field-invocation.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3619705Z examples/invalid/aop-unknown-field-invocation.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3636237Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3636520Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3636889Z     instancePath: '/invocation',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3637394Z     schemaPath: '#/additionalProperties',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3637831Z     keyword: 'additionalProperties',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3638465Z     params: { additionalProperty: 'foo' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3639035Z     message: 'must NOT have additional properties'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3639415Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3639623Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.3685934Z Expecting object schema validation failure: examples/invalid/aop-unknown-field-top-level.invalid.json
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5965817Z examples/invalid/aop-unknown-field-top-level.invalid.json invalid
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5982656Z [
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5982947Z   {
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5983225Z     instancePath: '',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5983718Z     schemaPath: '#/additionalProperties',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5984125Z     keyword: 'additionalProperties',
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5984470Z     params: { additionalProperty: 'foo' },
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5984983Z     message: 'must NOT have additional properties'
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5985450Z   }
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.5985688Z ]
+JSON Schema validate	Validate object invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6036660Z All object invalid fixtures were correctly rejected.
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6065940Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6066243Z shopt -s nullglob
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6066462Z policy_invalid=()
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6066747Z for file in examples/invalid/aop-policy-*.json; do
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6067167Z   if [[ "${file}" == examples/invalid/aop-policy-decision-* ]]; then
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6067497Z     continue
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6067688Z   fi
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6067879Z   policy_invalid+=("${file}")
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6068123Z done
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6068587Z if [ "${#policy_invalid[@]}" -eq 0 ]; then
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6068964Z   echo "No policy invalid fixtures found under examples/invalid"
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6069288Z   exit 1
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6069468Z fi
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6069674Z for file in "${policy_invalid[@]}"; do
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6070015Z   echo "Expecting policy schema validation failure: ${file}"
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6070577Z   if ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${file}" --all-errors; then
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6071111Z     echo "Unexpectedly valid policy invalid fixture: ${file}"
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6071434Z     exit 1
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6071610Z   fi
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6071785Z done
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6072039Z echo "All policy invalid fixtures were correctly rejected."
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6124773Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6125044Z ##[endgroup]
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.6202459Z Expecting policy schema validation failure: examples/invalid/aop-policy-invalid-operator.invalid.json
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8454326Z examples/invalid/aop-policy-invalid-operator.invalid.json invalid
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8470936Z [
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8471257Z   {
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8471618Z     instancePath: '/rules/0/when/all/0/op',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8472192Z     schemaPath: '#/$defs/Condition/properties/op/enum',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8472757Z     keyword: 'enum',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8473006Z     params: { allowedValues: [Array] },
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8473355Z     message: 'must be equal to one of the allowed values'
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8473648Z   }
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8474156Z ]
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:24.8530663Z Expecting policy schema validation failure: examples/invalid/aop-policy-missing-target.invalid.json
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0775345Z examples/invalid/aop-policy-missing-target.invalid.json invalid
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0791384Z [
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0791687Z   {
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0791960Z     instancePath: '',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0792302Z     schemaPath: '#/required',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0792671Z     keyword: 'required',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0793078Z     params: { missingProperty: 'target' },
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0793618Z     message: "must have required property 'target'"
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0794034Z   }
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0794339Z ]
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.0858502Z Expecting policy schema validation failure: examples/invalid/aop-policy-unknown-field.invalid.json
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3104611Z examples/invalid/aop-policy-unknown-field.invalid.json invalid
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3121165Z [
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3121765Z   {
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3122087Z     instancePath: '',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3122582Z     schemaPath: '#/unevaluatedProperties',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3123113Z     keyword: 'unevaluatedProperties',
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3123651Z     params: { unevaluatedProperty: 'foo' },
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3124195Z     message: 'must NOT have unevaluated properties'
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3124639Z   }
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3124878Z ]
+JSON Schema validate	Validate policy invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3184963Z All policy invalid fixtures were correctly rejected.
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3214221Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3214515Z shopt -s nullglob
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3214848Z decision_invalid=(examples/invalid/aop-policy-decision-*.json)
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3215263Z if [ "${#decision_invalid[@]}" -eq 0 ]; then
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3215647Z   echo "No policy decision invalid fixtures found under examples/invalid"
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3216011Z   exit 1
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3216184Z fi
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3216388Z for file in "${decision_invalid[@]}"; do
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3216780Z   echo "Expecting policy decision schema validation failure: ${file}"
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3217384Z   if ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors; then
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3217979Z     echo "Unexpectedly valid policy decision invalid fixture: ${file}"
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3218533Z     exit 1
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3218720Z   fi
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3218913Z done
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3219197Z echo "All policy decision invalid fixtures were correctly rejected."
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3271249Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3271491Z ##[endgroup]
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.3347463Z Expecting policy decision schema validation failure: examples/invalid/aop-policy-decision-missing-decision.invalid.json
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5528600Z examples/invalid/aop-policy-decision-missing-decision.invalid.json invalid
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5545191Z [
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5545982Z   {
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5546436Z     instancePath: '',
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5546833Z     schemaPath: '#/required',
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5547233Z     keyword: 'required',
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5547684Z     params: { missingProperty: 'decision' },
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5548444Z     message: "must have required property 'decision'"
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5548916Z   }
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5549166Z ]
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.5632163Z Expecting policy decision schema validation failure: examples/invalid/aop-policy-decision-unknown-field.invalid.json
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7799540Z examples/invalid/aop-policy-decision-unknown-field.invalid.json invalid
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7819076Z [
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7819414Z   {
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7819698Z     instancePath: '',
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7820145Z     schemaPath: '#/unevaluatedProperties',
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7820655Z     keyword: 'unevaluatedProperties',
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7821156Z     params: { unevaluatedProperty: 'foo' },
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7821689Z     message: 'must NOT have unevaluated properties'
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7822420Z   }
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7822580Z ]
+JSON Schema validate	Validate policy decision invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7904833Z All policy decision invalid fixtures were correctly rejected.
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7931299Z ##[group]Run shopt -s nullglob
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7931648Z shopt -s nullglob
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7931994Z registry_record_invalid=(examples/invalid/aop-registry-record-*.json)
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7932424Z if [ "${#registry_record_invalid[@]}" -eq 0 ]; then
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7932832Z   echo "No registry record invalid fixtures found under examples/invalid"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7933180Z   exit 1
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7933355Z fi
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7933574Z for file in "${registry_record_invalid[@]}"; do
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7933962Z   echo "Expecting registry-record schema validation failure: ${file}"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7934565Z   if ajv validate --spec=draft2020 -s schemas/aop-registry-record.schema.json -d "${file}" --all-errors; then
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7935183Z     echo "Unexpectedly valid registry-record invalid fixture: ${file}"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7935537Z     exit 1
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7935747Z   fi
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7935923Z done
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7936083Z 
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7936398Z registry_response_invalid=(examples/invalid/aop-resolve-response-*.json)
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7936830Z if [ "${#registry_response_invalid[@]}" -eq 0 ]; then
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7937254Z   echo "No resolve-response invalid fixtures found under examples/invalid"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7937612Z   exit 1
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7937793Z fi
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7938024Z for file in "${registry_response_invalid[@]}"; do
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7938746Z   echo "Expecting resolve-response schema validation failure: ${file}"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7939415Z   if ajv validate --spec=draft2020 -s schemas/aop-resolve-response.schema.json -d "${file}" --all-errors; then
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7940057Z     echo "Unexpectedly valid resolve-response invalid fixture: ${file}"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7940411Z     exit 1
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7940597Z   fi
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7940773Z done
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7941038Z echo "All registry invalid fixtures were correctly rejected."
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7994654Z shell: /usr/bin/bash -e {0}
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.7994904Z ##[endgroup]
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:25.8070340Z Expecting registry-record schema validation failure: examples/invalid/aop-registry-record-missing-id.invalid.json
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0323080Z examples/invalid/aop-registry-record-missing-id.invalid.json invalid
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0333961Z [
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0335690Z   {
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0336251Z     instancePath: '',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0336528Z     schemaPath: '#/required',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0336790Z     keyword: 'required',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0337123Z     params: { missingProperty: 'object_id' },
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0337475Z     message: "must have required property 'object_id'"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0337755Z   }
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0337931Z ]
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.0434161Z Expecting resolve-response schema validation failure: examples/invalid/aop-resolve-response-invalid-shape.invalid.json
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2672700Z examples/invalid/aop-resolve-response-invalid-shape.invalid.json invalid
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2696006Z [
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2696304Z   {
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2696570Z     instancePath: '',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2697013Z     schemaPath: '#/allOf/0/then/anyOf/0/required',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2697442Z     keyword: 'required',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2697813Z     params: { missingProperty: 'record' },
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2698478Z     message: "must have required property 'record'"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2698985Z   },
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2699221Z   {
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2699409Z     instancePath: '',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2699684Z     schemaPath: '#/allOf/0/then/anyOf/1/required',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2700341Z     keyword: 'required',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2700636Z     params: { missingProperty: 'manifest_location' },
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2701051Z     message: "must have required property 'manifest_location'"
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2701612Z   },
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2701773Z   {
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2701937Z     instancePath: '',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2702177Z     schemaPath: '#/allOf/0/then/anyOf',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2702418Z     keyword: 'anyOf',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2702610Z     params: {},
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2702840Z     message: 'must match a schema in anyOf'
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2703077Z   },
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2703227Z   {
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2703383Z     instancePath: '',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2703602Z     schemaPath: '#/allOf/0/if',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2703824Z     keyword: 'if',
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2704038Z     params: { failingKeyword: 'then' },
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2704305Z     message: 'must match "then" schema'
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2704525Z   }
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2704678Z ]
+JSON Schema validate	Validate registry invalid fixtures are rejected (draft2020)	2026-03-05T12:12:26.2752893Z All registry invalid fixtures were correctly rejected.
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2780570Z ##[group]Run set -euo pipefail
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2780917Z set -euo pipefail
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2781308Z if ! find examples/v0.5/combo -type f -name "*.json" -print -quit | grep -q .; then
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2781813Z   echo "No v0.5 combo JSON fixtures present; skipping v0.5 combo gate."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2782146Z   exit 0
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2782324Z fi
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2782488Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2782664Z shopt -s nullglob
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2782927Z object_files=(examples/v0.5/combo/object/*.json)
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2783262Z policy_files=(examples/v0.5/combo/policy/*.json)
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2783640Z expected_files=(examples/v0.5/combo/expected/*.expected.json)
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2784115Z semantic_invalid_files=(examples/v0.5/combo/expected/*.expected.invalid.json)
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2784497Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2784687Z if [ "${#object_files[@]}" -eq 0 ] || \
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2785000Z    [ "${#policy_files[@]}" -eq 0 ] || \
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2785278Z    [ "${#expected_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2785647Z   echo "v0.5 combo gate requires object, policy, and expected fixtures."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2785996Z   exit 1
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2786177Z fi
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2786336Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2786526Z echo "Compiling combo schemas..."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2786880Z ajv compile --spec=draft2020 -s schemas/aop-object.schema.json
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2787303Z ajv compile --spec=draft2020 -s schemas/aop-policy.schema.json
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2787742Z ajv compile --spec=draft2020 -s schemas/aop-policy-decision.schema.json
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2788089Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2788554Z echo "Validating v0.5 combo object fixtures..."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2788870Z for file in "${object_files[@]}"; do
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2789308Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2789726Z done
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2789893Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2790102Z echo "Validating v0.5 combo policy fixtures..."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2790402Z for file in "${policy_files[@]}"; do
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2790815Z   ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2791243Z done
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2791406Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2791633Z echo "Validating v0.5 combo expected decisions..."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2791958Z for file in "${expected_files[@]}"; do
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2792423Z   ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2793076Z done
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2793241Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2793447Z if [ "${#semantic_invalid_files[@]}" -gt 0 ]; then
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2793843Z   echo "Validating schema shape for semantic-invalid combo fixtures..."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2794236Z   for file in "${semantic_invalid_files[@]}"; do
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2794714Z     ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2795146Z   done
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2795318Z fi
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2795480Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2795650Z validate_combo_semantics() {
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2795896Z   local mode="$1"
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2796104Z   local file="$2"
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2796337Z   MODE="${mode}" FILE="${file}" node -e '
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2796605Z     const fs = require("fs");
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2796872Z     const file = process.env.FILE;
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2797131Z     const mode = process.env.MODE;
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2797634Z     const data = JSON.parse(fs.readFileSync(file, "utf8"));
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2797987Z     const basename = file.split("/").pop();
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2798496Z     const strategy = data?.decision?.strategy;
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2798897Z     const effect = data?.decision?.effect;
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2799327Z     const reasonCodes = Array.isArray(data?.reasons) ? data.reasons.map((r) => r.code) : [];
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2799885Z     const hasPatches = Array.isArray(data?.patches) && data.patches.length > 0;
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2800249Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2800418Z     let semanticOk = true;
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2800735Z     if (basename.includes("strategy-demo.first_match")) {
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2801041Z       semanticOk =
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2801284Z         strategy === "first_match" &&
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2801537Z         effect === "allow" &&
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2801846Z         reasonCodes.includes("ALLOW_BASELINE") &&
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2813334Z         !hasPatches;
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2813702Z     } else if (basename.includes("strategy-demo.deny_overrides")) {
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2814073Z       semanticOk =
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2814314Z         strategy === "deny_overrides" &&
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2814585Z         effect === "deny" &&
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2814880Z         reasonCodes.includes("DENY_HIGH_SIDE_EFFECTS") &&
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2815196Z         hasPatches;
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2815408Z     }
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2815574Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2815775Z     if (mode === "valid" && !semanticOk) {
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2816160Z       console.error(`Semantic validation failed (expected valid): ${file}`);
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2816545Z       process.exit(1);
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2816751Z     }
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2816923Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2817114Z     if (mode === "invalid" && semanticOk) {
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2817551Z       console.error(`Semantic validation unexpectedly passed (expected invalid): ${file}`);
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2817969Z       process.exit(1);
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2818182Z     }
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2818523Z   '
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2818682Z }
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2818840Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2819117Z echo "Validating semantic consistency for combo expected fixtures..."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2819515Z for file in "${expected_files[@]}"; do
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2819809Z   validate_combo_semantics "valid" "${file}"
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2820077Z done
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2820245Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2820453Z if [ "${#semantic_invalid_files[@]}" -gt 0 ]; then
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2821049Z   echo "Validating semantic-invalid combo fixtures are rejected..."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2821438Z   for file in "${semantic_invalid_files[@]}"; do
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2821757Z     validate_combo_semantics "invalid" "${file}"
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2822061Z   done
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2822237Z else
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2822555Z   echo "No semantic-invalid combo fixtures found; skipping semantic invalid gate."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2822938Z fi
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2823092Z 
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2823294Z echo "OK: v0.5 combo fixtures validated."
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2875600Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2875932Z ##[endgroup]
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.2973148Z Compiling combo schemas...
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.5254647Z schema schemas/aop-object.schema.json is valid
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.7501069Z schema schemas/aop-policy.schema.json is valid
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.9731979Z schema schemas/aop-policy-decision.schema.json is valid
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:26.9836521Z Validating v0.5 combo object fixtures...
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:27.2284117Z examples/v0.5/combo/object/high-side-effects.object.json valid
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:27.2335063Z Validating v0.5 combo policy fixtures...
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:27.4570546Z examples/v0.5/combo/policy/strategy-demo.policy.json valid
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:27.4655354Z Validating v0.5 combo expected decisions...
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:27.6834381Z examples/v0.5/combo/expected/strategy-demo.deny_overrides.expected.json valid
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:27.9099956Z examples/v0.5/combo/expected/strategy-demo.first_match.expected.json valid
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:27.9199691Z Validating schema shape for semantic-invalid combo fixtures...
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:28.1371107Z examples/v0.5/combo/expected/strategy-demo.first_match.expected.invalid.json valid
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:28.1463714Z Validating semantic consistency for combo expected fixtures...
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:28.1914060Z Validating semantic-invalid combo fixtures are rejected...
+JSON Schema validate	v0.5 combo fixtures gate (skip if none)	2026-03-05T12:12:28.2138866Z OK: v0.5 combo fixtures validated.
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2171407Z ##[group]Run set -euo pipefail
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2171762Z set -euo pipefail
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2172105Z if ! compgen -G "examples/v0.5/mcp/tool/*.json" > /dev/null; then
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2172575Z   echo "No v0.5 MCP tool fixtures present; skipping v0.5 MCP gate."
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2172908Z   exit 0
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2173080Z fi
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2173247Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2173415Z shopt -s nullglob
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2173666Z tool_files=(examples/v0.5/mcp/tool/*.json)
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2173958Z if [ "${#tool_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2174294Z   echo "No v0.5 MCP tool fixtures present; skipping v0.5 MCP gate."
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2174606Z   exit 0
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2174787Z fi
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2174968Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2175204Z echo "Validate MCP tool fixtures as AOP objects..."
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2175537Z for file in "${tool_files[@]}"; do
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2176000Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2176435Z done
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2176613Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2176810Z for tool_file in "${tool_files[@]}"; do
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2177111Z   tool_basename="$(basename "${tool_file}")"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2177403Z   tool_prefix="${tool_basename%%.*}"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2177793Z   tmp_schema="${RUNNER_TEMP:-/tmp}/aop_v05_mcp_output_${tool_prefix}.schema.json"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2178161Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2179047Z   echo "Derive output schema from MCP tool fixture: ${tool_basename}"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2179484Z   TOOL_FILE="${tool_file}" TMP_SCHEMA="${tmp_schema}" node -e '
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2180033Z     const fs = require("fs");
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2180396Z     const tool = JSON.parse(fs.readFileSync(process.env.TOOL_FILE, "utf8"));
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2180827Z     if (!tool.schema || !tool.schema.outputs) {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2181227Z       throw new Error("tool.schema.outputs missing: " + process.env.TOOL_FILE);
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2181579Z     }
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2181942Z     fs.writeFileSync(process.env.TMP_SCHEMA, JSON.stringify(tool.schema.outputs, null, 2));
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2182346Z   '
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2182510Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2182742Z   ajv compile --spec=draft2020 -s "${tmp_schema}"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2183012Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2183298Z   expected_pattern="examples/v0.5/mcp/expected/${tool_prefix}.output*.json"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2183813Z   invalid_pattern="examples/invalid/v0.5/mcp/${tool_prefix}.output*.invalid.json"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2184226Z   expected_files=(${expected_pattern})
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2184503Z   invalid_files=(${invalid_pattern})
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2184750Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2184935Z   if [ "${#expected_files[@]}" -gt 0 ]; then
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2185222Z     for file in "${expected_files[@]}"; do
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2185605Z       ajv validate --spec=draft2020 -s "${tmp_schema}" -d "${file}" --all-errors
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2185963Z     done
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2186138Z   else
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2186498Z     echo "No expected MCP outputs found for prefix ${tool_prefix}; skipping expected validation."
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2186910Z   fi
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2187066Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2187257Z   if [ "${#invalid_files[@]}" -gt 0 ]; then
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2187533Z     for file in "${invalid_files[@]}"; do
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2187938Z       if ajv validate --spec=draft2020 -s "${tmp_schema}" -d "${file}" --all-errors; then
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2188721Z         echo "ERROR: expected invalid MCP output to be rejected: ${file}"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2189247Z         exit 1
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2189438Z       fi
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2189615Z     done
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2189907Z     echo "OK: all invalid MCP outputs rejected for prefix ${tool_prefix}."
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2190235Z   else
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2190557Z     echo "No invalid MCP outputs found for prefix ${tool_prefix}; skipping invalid gate."
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2190931Z   fi
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2191087Z done
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2191253Z 
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2191461Z echo "OK: v0.5 MCP interop fixtures validated."
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2243109Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2243439Z ##[endgroup]
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.2320877Z Validate MCP tool fixtures as AOP objects...
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.4602417Z examples/v0.5/mcp/tool/file-search.tool.object.json valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.6999606Z examples/v0.5/mcp/tool/kv-get.tool.object.json valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.9305327Z examples/v0.5/mcp/tool/web-fetch.tool.object.json valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:28.9373578Z Derive output schema from MCP tool fixture: file-search.tool.object.json
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.1698790Z schema /home/runner/work/_temp/aop_v05_mcp_output_file-search.schema.json is valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.3917012Z examples/v0.5/mcp/expected/file-search.output.expected.json valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6055708Z examples/invalid/v0.5/mcp/file-search.output-missing-results.invalid.json invalid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6071950Z [
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6072251Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6072515Z     instancePath: '',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6072881Z     schemaPath: '#/required',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6073338Z     keyword: 'required',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6073740Z     params: { missingProperty: 'results' },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6074644Z     message: "must have required property 'results'"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6075077Z   },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6075255Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6075447Z     instancePath: '',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6075698Z     schemaPath: '#/additionalProperties',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6076003Z     keyword: 'additionalProperties',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6076307Z     params: { additionalProperty: 'resultz' },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6076633Z     message: 'must NOT have additional properties'
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6076903Z   }
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.6077061Z ]
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8201857Z examples/invalid/v0.5/mcp/file-search.output-score-out-of-range.invalid.json invalid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8217332Z [
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8217614Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8217955Z     instancePath: '/results/0/score',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8218701Z     schemaPath: '#/properties/results/items/properties/score/maximum',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8219216Z     keyword: 'maximum',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8219593Z     params: { comparison: '<=', limit: 1 },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8220069Z     message: 'must be <= 1'
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8220363Z   }
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8220547Z ]
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8265163Z OK: all invalid MCP outputs rejected for prefix file-search.
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:29.8282799Z Derive output schema from MCP tool fixture: kv-get.tool.object.json
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.0610219Z schema /home/runner/work/_temp/aop_v05_mcp_output_kv-get.schema.json is valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.2811192Z examples/v0.5/mcp/expected/kv-get.output.expected.json valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4901618Z examples/invalid/v0.5/mcp/kv-get.output-missing-value.invalid.json invalid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4917316Z [
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4917593Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4918471Z     instancePath: '',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4919261Z     schemaPath: '#/required',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4919657Z     keyword: 'required',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4920051Z     params: { missingProperty: 'value' },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4920518Z     message: "must have required property 'value'"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4920828Z   }
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.4920997Z ]
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7082031Z examples/invalid/v0.5/mcp/kv-get.output-wrong-type.invalid.json invalid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7098142Z [
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7098566Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7098863Z     instancePath: '/value',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7099324Z     schemaPath: '#/properties/value/anyOf/0/type',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7099832Z     keyword: 'type',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7100193Z     params: { type: 'string' },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7100547Z     message: 'must be string'
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7100877Z   },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7101164Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7101428Z     instancePath: '/value',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7101875Z     schemaPath: '#/properties/value/anyOf/1/type',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7102327Z     keyword: 'type',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7102729Z     params: { type: 'number' },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7103084Z     message: 'must be number'
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7103392Z   },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7103622Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7103791Z     instancePath: '/value',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7104086Z     schemaPath: '#/properties/value/anyOf/2/type',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7104360Z     keyword: 'type',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7104573Z     params: { type: 'boolean' },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7104828Z     message: 'must be boolean'
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7105025Z   },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7105181Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7105352Z     instancePath: '/value',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7105627Z     schemaPath: '#/properties/value/anyOf/3/type',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7105905Z     keyword: 'type',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7106110Z     params: { type: 'null' },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7106327Z     message: 'must be null'
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7106527Z   },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7106680Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7106852Z     instancePath: '/value',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7107103Z     schemaPath: '#/properties/value/anyOf',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7107353Z     keyword: 'anyOf',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7107553Z     params: {},
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7107786Z     message: 'must match a schema in anyOf'
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7108133Z   }
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7108833Z ]
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7147008Z OK: all invalid MCP outputs rejected for prefix kv-get.
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.7164882Z Derive output schema from MCP tool fixture: web-fetch.tool.object.json
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:30.9508433Z schema /home/runner/work/_temp/aop_v05_mcp_output_web-fetch.schema.json is valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.1697988Z examples/v0.5/mcp/expected/web-fetch.output.expected.json valid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3793894Z examples/invalid/v0.5/mcp/web-fetch.output-missing-body.invalid.json invalid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3809811Z [
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3810108Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3810375Z     instancePath: '',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3810805Z     schemaPath: '#/required',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3811181Z     keyword: 'required',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3811595Z     params: { missingProperty: 'body' },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3812197Z     message: "must have required property 'body'"
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3812592Z   }
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.3812799Z ]
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5955810Z examples/invalid/v0.5/mcp/web-fetch.output-status-out-of-range.invalid.json invalid
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5970647Z [
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5970818Z   {
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5971066Z     instancePath: '/status',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5971520Z     schemaPath: '#/properties/status/maximum',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5971999Z     keyword: 'maximum',
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5972377Z     params: { comparison: '<=', limit: 599 },
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5972791Z     message: 'must be <= 599'
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5973072Z   }
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.5973258Z ]
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.6020761Z OK: all invalid MCP outputs rejected for prefix web-fetch.
+JSON Schema validate	v0.5 MCP interop fixtures gate (skip if none)	2026-03-05T12:12:31.6021387Z OK: v0.5 MCP interop fixtures validated.
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6051773Z ##[group]Run set -euo pipefail
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6052433Z set -euo pipefail
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6052833Z if ! find examples/v0.6/combo -type f -name "*.json" -print -quit | grep -q .; then
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6053340Z   echo "No v0.6 combo JSON fixtures present; skipping v0.6 combo gate."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6053708Z   exit 0
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6053892Z fi
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6054066Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6054240Z shopt -s nullglob
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6054521Z object_files=(examples/v0.6/combo/object/*.json)
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6054866Z policy_files=(examples/v0.6/combo/policy/*.json)
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6055246Z expected_files=(examples/v0.6/combo/expected/*.expected.json)
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6055604Z semantic_invalid_files=(
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6055915Z   examples/v0.6/combo/expected/*.expected.invalid.json
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6056286Z   examples/v0.6/combo/expected/*.semantic.invalid.json
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6056598Z )
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6056771Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6056966Z if [ "${#object_files[@]}" -eq 0 ] || \
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6057258Z    [ "${#policy_files[@]}" -eq 0 ] || \
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6057542Z    [ "${#expected_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6057931Z   echo "v0.6 combo gate requires object, policy, and expected fixtures."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6058509Z   exit 1
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6058718Z fi
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6058899Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6059107Z echo "Compiling v0.6 combo schemas..."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6059514Z ajv compile --spec=draft2020 -s schemas/aop-object.schema.json
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6059976Z ajv compile --spec=draft2020 -s schemas/aop-policy.schema.json
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6060430Z ajv compile --spec=draft2020 -s schemas/aop-policy-decision.schema.json
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6060801Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6061030Z echo "Validating v0.6 combo object fixtures..."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6061357Z for file in "${object_files[@]}"; do
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6061793Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6062219Z done
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6062601Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6062834Z echo "Validating v0.6 combo policy fixtures..."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6063151Z for file in "${policy_files[@]}"; do
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6063590Z   ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6064008Z done
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6064186Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6064437Z echo "Validating v0.6 combo expected decisions..."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6064767Z for file in "${expected_files[@]}"; do
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6065250Z   ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6065709Z done
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6065874Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6066109Z if [ "${#semantic_invalid_files[@]}" -gt 0 ]; then
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6066516Z   echo "Validating schema shape for v0.6 semantic-invalid fixtures..."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6066935Z   for file in "${semantic_invalid_files[@]}"; do
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6067419Z     ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6067874Z   done
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6068063Z fi
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6068357Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6068553Z validate_v06_combo_semantics() {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6068814Z   local mode="$1"
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6069036Z   local file="$2"
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6069277Z   MODE="${mode}" FILE="${file}" node -e '
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6069561Z     const fs = require("fs");
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6070015Z     const file = process.env.FILE;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6070291Z     const mode = process.env.MODE;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6070624Z     const data = JSON.parse(fs.readFileSync(file, "utf8"));
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6070982Z     const basename = file.split("/").pop();
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6071311Z     const strategy = data?.decision?.strategy;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6071618Z     const effect = data?.decision?.effect;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6072065Z     const reasonCodes = Array.isArray(data?.reasons) ? data.reasons.map((r) => r.code) : [];
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6072620Z     const hasPatches = Array.isArray(data?.patches) && data.patches.length > 0;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6072990Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6073173Z     let caseHandled = false;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6073422Z     let semanticOk = true;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6073656Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6073913Z     if (basename.includes("c1-permit-vs-deny.first_match")) {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6074248Z       caseHandled = true;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6074481Z       semanticOk =
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6074728Z         strategy === "first_match" &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6074996Z         effect === "allow" &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6075290Z         reasonCodes.includes("ALLOW_TOOL_BASELINE") &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6075599Z         !hasPatches;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6075923Z     } else if (basename.includes("c1-permit-vs-deny.deny_overrides")) {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6076283Z       caseHandled = true;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6076509Z       semanticOk =
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6076747Z         strategy === "deny_overrides" &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6077022Z         effect === "deny" &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6077311Z         reasonCodes.includes("DENY_SENSITIVE_WRITE") &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6077619Z         hasPatches;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6077945Z     } else if (basename.includes("c2-permit-vs-deny.permit_overrides")) {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6079479Z       caseHandled = true;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6079713Z       semanticOk =
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6079963Z         strategy === "permit_overrides" &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6080390Z         effect === "allow" &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6080686Z         reasonCodes.includes("ALLOW_LOW_SIDE_EFFECTS") &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6080994Z         !hasPatches;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6081319Z     } else if (basename.includes("c2-permit-vs-deny.deny_unless_permit")) {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6081686Z       caseHandled = true;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6081911Z       semanticOk =
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6082160Z         strategy === "deny_unless_permit" &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6082439Z         effect === "deny" &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6082739Z         reasonCodes.includes("DENY_UNRESTRICTED_NETWORK") &&
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6083068Z         hasPatches;
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6083271Z     }
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6083446Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6083619Z     if (mode === "valid") {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6083887Z       if (!caseHandled || !semanticOk) {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6084298Z         console.error(`v0.6 semantic validation failed (expected valid): ${file}`);
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6084725Z         process.exit(1);
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6084958Z       }
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6085135Z     }
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6085311Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6085482Z     if (mode === "invalid") {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6085724Z       if (!caseHandled) {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6086087Z         console.error(`v0.6 semantic validation could not map invalid case: ${file}`);
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6086488Z         process.exit(1);
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6086877Z       }
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6087060Z       if (semanticOk) {
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6087469Z         console.error(`v0.6 semantic validation unexpectedly passed invalid fixture: ${file}`);
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6087890Z         process.exit(1);
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6088107Z       }
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6088394Z     }
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6088576Z   '
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6088746Z }
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6088918Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6089231Z echo "Validating semantic consistency for v0.6 combo expected fixtures..."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6089655Z for file in "${expected_files[@]}"; do
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6089974Z   validate_v06_combo_semantics "valid" "${file}"
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6090249Z done
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6090427Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6090648Z if [ "${#semantic_invalid_files[@]}" -gt 0 ]; then
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6091069Z   echo "Validating v0.6 semantic-invalid fixtures are rejected..."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6091468Z   for file in "${semantic_invalid_files[@]}"; do
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6091798Z     validate_v06_combo_semantics "invalid" "${file}"
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6092083Z   done
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6092252Z else
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6092578Z   echo "No v0.6 semantic-invalid fixtures found; skipping semantic invalid gate."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6092952Z fi
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6093123Z 
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6093326Z echo "OK: v0.6 combo fixtures validated."
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6145279Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6145619Z ##[endgroup]
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.6239070Z Compiling v0.6 combo schemas...
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:31.8494510Z schema schemas/aop-object.schema.json is valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:32.0794501Z schema schemas/aop-policy.schema.json is valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:32.3071814Z schema schemas/aop-policy-decision.schema.json is valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:32.3171975Z Validating v0.6 combo object fixtures...
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:32.5458111Z examples/v0.6/combo/object/c1-sensitive-writer.object.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:32.7777545Z examples/v0.6/combo/object/c2-network-sensitive.object.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:32.7826807Z Validating v0.6 combo policy fixtures...
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:33.0032816Z examples/v0.6/combo/policy/c1-permit-vs-deny.policy.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:33.2391444Z examples/v0.6/combo/policy/c2-permit-vs-deny.policy.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:33.2472181Z Validating v0.6 combo expected decisions...
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:33.4656763Z examples/v0.6/combo/expected/c1-permit-vs-deny.deny_overrides.expected.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:33.6949959Z examples/v0.6/combo/expected/c1-permit-vs-deny.first_match.expected.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:33.9237614Z examples/v0.6/combo/expected/c2-permit-vs-deny.deny_unless_permit.expected.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:34.1492158Z examples/v0.6/combo/expected/c2-permit-vs-deny.permit_overrides.expected.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:34.1604931Z Validating schema shape for v0.6 semantic-invalid fixtures...
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:34.3765060Z examples/v0.6/combo/expected/c1-permit-vs-deny.first_match.semantic.invalid.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:34.6036093Z examples/v0.6/combo/expected/c2-permit-vs-deny.permit_overrides.semantic.invalid.json valid
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:34.6126972Z Validating semantic consistency for v0.6 combo expected fixtures...
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:34.7055643Z Validating v0.6 semantic-invalid fixtures are rejected...
+JSON Schema validate	v0.6 combo fixtures gate (skip if none)	2026-03-05T12:12:34.7500167Z OK: v0.6 combo fixtures validated.
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7529581Z ##[group]Run set -euo pipefail
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7529936Z set -euo pipefail
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7530318Z if ! compgen -G "examples/v0.7/e2e/positive/*/resolve.json" > /dev/null; then
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7530818Z   echo "No v0.7 E2E positive scenarios present; skipping E2E gate."
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7531155Z   exit 0
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7531329Z fi
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7531497Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7531682Z echo "Compiling E2E schemas..."
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7532075Z ajv compile --spec=draft2020 -s schemas/aop-resolve-response.schema.json
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7532546Z ajv compile --spec=draft2020 -s schemas/aop-object.schema.json
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7532972Z ajv compile --spec=draft2020 -s schemas/aop-policy.schema.json
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7533414Z ajv compile --spec=draft2020 -s schemas/aop-policy-decision.schema.json
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7533763Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7533942Z shopt -s nullglob
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7534239Z for scen_dir in examples/v0.7/e2e/positive/*; do
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7534550Z   [ -d "${scen_dir}" ] || continue
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7534822Z   echo "=== E2E scenario: ${scen_dir} ==="
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7535084Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7535293Z   if [ ! -f "${scen_dir}/resolve.json" ] || \
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7535590Z      [ ! -f "${scen_dir}/manifest.json" ] || \
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7535883Z      [ ! -f "${scen_dir}/policy.json" ]; then
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7536198Z     echo "Missing required E2E files under ${scen_dir}"
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7536598Z     exit 1
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7536869Z   fi
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7537116Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7537428Z   decision_files=("${scen_dir}"/decision*.json)
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7537781Z   if [ "${#decision_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7538113Z     echo "No decision*.json files found under ${scen_dir}"
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7538619Z     exit 1
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7538798Z   fi
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7538954Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7539413Z   ajv validate --spec=draft2020 -s schemas/aop-resolve-response.schema.json -d "${scen_dir}/resolve.json" --all-errors
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7540153Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${scen_dir}/manifest.json" --all-errors
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7540832Z   ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${scen_dir}/policy.json" --all-errors
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7541315Z   for file in "${decision_files[@]}"; do
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7542007Z     ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7542457Z   done
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7542640Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7542823Z   SCEN_DIR="${scen_dir}" node -e '
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7543096Z     const fs = require("fs");
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7543350Z     const path = require("path");
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7543590Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7543773Z     const scen = process.env.SCEN_DIR;
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7544202Z     const resolve = JSON.parse(fs.readFileSync(path.join(scen, "resolve.json"), "utf8"));
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7544761Z     const manifest = JSON.parse(fs.readFileSync(path.join(scen, "manifest.json"), "utf8"));
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7545312Z     const policy = JSON.parse(fs.readFileSync(path.join(scen, "policy.json"), "utf8"));
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7545717Z     const decisionFiles = fs
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7545963Z       .readdirSync(scen)
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7546291Z       .filter((f) => f.startsWith("decision") && f.endsWith(".json"));
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7546608Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7546811Z     if (decisionFiles.length === 0) {
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7547454Z       throw new Error("No decision*.json found");
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7547847Z     }
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7548107Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7548670Z     const reqId = resolve?.request?.object_id;
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7549129Z     if (reqId !== manifest.id) {
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7549753Z       throw new Error(`resolve.request.object_id mismatch: ${reqId} != ${manifest.id}`);
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7550323Z     }
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7550555Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7550848Z     for (const df of decisionFiles) {
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7551472Z       const dec = JSON.parse(fs.readFileSync(path.join(scen, df), "utf8"));
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7552067Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7552373Z       if (dec.policy_id !== policy.id) {
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7553029Z         throw new Error(`${df}: policy_id mismatch: ${dec.policy_id} != ${policy.id}`);
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7553658Z       }
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7553924Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7554263Z       if (dec.target?.selector !== "object_id") {
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7554856Z         throw new Error(`${df}: target.selector must be object_id`);
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7555479Z       }
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7555708Z       if (dec.target.object_id !== manifest.id) {
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7556157Z         throw new Error(`${df}: target.object_id mismatch: ${dec.target.object_id} != ${manifest.id}`);
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7556572Z       }
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7556738Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7557077Z       if (dec.decision?.effect === "deny" && (!Array.isArray(dec.reasons) || dec.reasons.length < 1)) {
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7557587Z         throw new Error(`${df}: deny decision must include reasons[]`);
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7557889Z       }
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7558055Z     }
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7558440Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7558820Z     console.log("OK: semantic consistency checks passed");
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7559310Z   '
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7559511Z done
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7559682Z 
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7559895Z echo "OK: v0.7 E2E positive scenarios validated."
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7615502Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7615866Z ##[endgroup]
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.7704131Z Compiling E2E schemas...
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:34.9968134Z schema schemas/aop-resolve-response.schema.json is valid
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:35.2323835Z schema schemas/aop-object.schema.json is valid
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:35.4602381Z schema schemas/aop-policy.schema.json is valid
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:35.6898849Z schema schemas/aop-policy-decision.schema.json is valid
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:35.7001780Z === E2E scenario: examples/v0.7/e2e/positive/scenario-1 ===
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:35.9184284Z examples/v0.7/e2e/positive/scenario-1/resolve.json valid
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:36.1497044Z examples/v0.7/e2e/positive/scenario-1/manifest.json valid
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:36.3824039Z examples/v0.7/e2e/positive/scenario-1/policy.json valid
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:36.6089927Z examples/v0.7/e2e/positive/scenario-1/decision.deny_overrides.json valid
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:36.6425985Z OK: semantic consistency checks passed
+JSON Schema validate	v0.7 E2E positive gate (skip if none)	2026-03-05T12:12:36.6462998Z OK: v0.7 E2E positive scenarios validated.
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6491284Z ##[group]Run set -euo pipefail
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6491628Z set -euo pipefail
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6491999Z if ! compgen -G "examples/v0.7/e2e/negative/*/resolve.json" > /dev/null; then
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6492508Z   echo "No v0.7 E2E negative scenarios present; skipping E2E negative gate."
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6492868Z   exit 0
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6493047Z fi
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6493206Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6493390Z echo "Compiling E2E schemas..."
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6493775Z ajv compile --spec=draft2020 -s schemas/aop-resolve-response.schema.json
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6494247Z ajv compile --spec=draft2020 -s schemas/aop-object.schema.json
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6494660Z ajv compile --spec=draft2020 -s schemas/aop-policy.schema.json
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6495090Z ajv compile --spec=draft2020 -s schemas/aop-policy-decision.schema.json
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6495440Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6495632Z shopt -s nullglob
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6495900Z for scen_dir in examples/v0.7/e2e/negative/*; do
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6496210Z   [ -d "${scen_dir}" ] || continue
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6496516Z   echo "=== E2E negative scenario: ${scen_dir} ==="
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6496793Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6496998Z   if [ ! -f "${scen_dir}/resolve.json" ] || \
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6497301Z      [ ! -f "${scen_dir}/manifest.json" ] || \
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6497593Z      [ ! -f "${scen_dir}/policy.json" ]; then
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6497910Z     echo "Missing required E2E files under ${scen_dir}"
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6498194Z     exit 1
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6498584Z   fi
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6498749Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6498964Z   decision_files=("${scen_dir}"/decision*.json)
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6499266Z   if [ "${#decision_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6499602Z     echo "No decision*.json files found under ${scen_dir}"
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6499903Z     exit 1
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6500078Z   fi
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6500242Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6500689Z   ajv validate --spec=draft2020 -s schemas/aop-resolve-response.schema.json -d "${scen_dir}/resolve.json" --all-errors
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6501449Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${scen_dir}/manifest.json" --all-errors
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6502155Z   ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${scen_dir}/policy.json" --all-errors
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6502639Z   for file in "${decision_files[@]}"; do
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6503117Z     ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6503552Z   done
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6503727Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6503911Z   if SCEN_DIR="${scen_dir}" node -e '
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6504187Z     const fs = require("fs");
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6504447Z     const path = require("path");
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6504676Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6504874Z     const scen = process.env.SCEN_DIR;
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6505494Z     const resolve = JSON.parse(fs.readFileSync(path.join(scen, "resolve.json"), "utf8"));
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6506065Z     const manifest = JSON.parse(fs.readFileSync(path.join(scen, "manifest.json"), "utf8"));
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6506617Z     const policy = JSON.parse(fs.readFileSync(path.join(scen, "policy.json"), "utf8"));
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6507019Z     const decisionFiles = fs
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6507274Z       .readdirSync(scen)
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6507594Z       .filter((f) => f.startsWith("decision") && f.endsWith(".json"));
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6507912Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6508158Z     if (decisionFiles.length === 0) {
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6509110Z       throw new Error("No decision*.json found");
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6509401Z     }
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6509568Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6509778Z     const reqId = resolve?.request?.object_id;
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6510064Z     if (reqId !== manifest.id) {
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6510471Z       throw new Error(`resolve.request.object_id mismatch: ${reqId} != ${manifest.id}`);
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6510857Z     }
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6511022Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6511198Z     for (const df of decisionFiles) {
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6511563Z       const dec = JSON.parse(fs.readFileSync(path.join(scen, df), "utf8"));
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6511913Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6512100Z       if (dec.policy_id !== policy.id) {
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6512501Z         throw new Error(`${df}: policy_id mismatch: ${dec.policy_id} != ${policy.id}`);
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6512867Z       }
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6513041Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6513241Z       if (dec.target?.selector !== "object_id") {
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6513600Z         throw new Error(`${df}: target.selector must be object_id`);
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6513920Z       }
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6514131Z       if (dec.target.object_id !== manifest.id) {
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6514579Z         throw new Error(`${df}: target.object_id mismatch: ${dec.target.object_id} != ${manifest.id}`);
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6515003Z       }
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6515166Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6515494Z       if (dec.decision?.effect === "deny" && (!Array.isArray(dec.reasons) || dec.reasons.length < 1)) {
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6515988Z         throw new Error(`${df}: deny decision must include reasons[]`);
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6516297Z       }
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6516453Z     }
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6516621Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6516856Z     console.log("OK: semantic consistency checks passed");
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6517173Z   '; then
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6517478Z     echo "ERROR: expected semantic consistency check to fail: ${scen_dir}"
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6517834Z     exit 1
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6518011Z   else
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6518618Z     echo "OK: semantic mismatch rejected as expected: ${scen_dir}"
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6518948Z   fi
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6519112Z done
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6519278Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6519518Z echo "OK: v0.7 E2E negative scenarios rejected as expected."
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6571945Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6572266Z ##[endgroup]
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.6645562Z Compiling E2E schemas...
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:36.8885579Z schema schemas/aop-resolve-response.schema.json is valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:37.1265060Z schema schemas/aop-object.schema.json is valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:37.3541085Z schema schemas/aop-policy.schema.json is valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:37.5798081Z schema schemas/aop-policy-decision.schema.json is valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:37.5907618Z === E2E negative scenario: examples/v0.7/e2e/negative/scenario-n1-resolve-manifest-mismatch ===
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:37.8090095Z examples/v0.7/e2e/negative/scenario-n1-resolve-manifest-mismatch/resolve.json valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.0441348Z examples/v0.7/e2e/negative/scenario-n1-resolve-manifest-mismatch/manifest.json valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.2710138Z examples/v0.7/e2e/negative/scenario-n1-resolve-manifest-mismatch/policy.json valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.4991457Z examples/v0.7/e2e/negative/scenario-n1-resolve-manifest-mismatch/decision.deny_overrides.json valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5332477Z [eval]:19
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5333270Z       throw new Error(`resolve.request.object_id mismatch: ${reqId} != ${manifest.id}`);
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5333835Z       ^
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5334314Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5334717Z Error: resolve.request.object_id mismatch: urn:aop:tool:kv-get:v1 != urn:aop:tool:web-fetch:v1
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5335151Z     at [eval]:19:13
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5335457Z     at runScriptInThisContext (node:internal/vm:209:10)
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5336014Z     at node:internal/process/execution:118:14
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5336462Z     at [eval]-wrapper:6:24
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5336936Z     at runScript (node:internal/process/execution:101:62)
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5337525Z     at evalScript (node:internal/process/execution:133:3)
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5338047Z     at node:internal/main/eval_string:51:3
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5338540Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5338671Z Node.js v20.20.0
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5355174Z OK: semantic mismatch rejected as expected: examples/v0.7/e2e/negative/scenario-n1-resolve-manifest-mismatch
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.5356302Z === E2E negative scenario: examples/v0.7/e2e/negative/scenario-n2-policy-id-mismatch ===
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.7574380Z examples/v0.7/e2e/negative/scenario-n2-policy-id-mismatch/resolve.json valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:38.9967518Z examples/v0.7/e2e/negative/scenario-n2-policy-id-mismatch/manifest.json valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.2233682Z examples/v0.7/e2e/negative/scenario-n2-policy-id-mismatch/policy.json valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4505023Z examples/v0.7/e2e/negative/scenario-n2-policy-id-mismatch/decision.deny_overrides.json valid
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4841833Z [eval]:26
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4842573Z         throw new Error(`${df}: policy_id mismatch: ${dec.policy_id} != ${policy.id}`);
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4843191Z         ^
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4843350Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4844430Z Error: decision.deny_overrides.json: policy_id mismatch: urn:aop:policy:allow-readonly-tools:v1 != urn:aop:policy:deny-unrestricted-network:v1
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4845119Z     at [eval]:26:15
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4845438Z     at runScriptInThisContext (node:internal/vm:209:10)
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4845798Z     at node:internal/process/execution:118:14
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4846082Z     at [eval]-wrapper:6:24
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4846423Z     at runScript (node:internal/process/execution:101:62)
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4846792Z     at evalScript (node:internal/process/execution:133:3)
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4847113Z     at node:internal/main/eval_string:51:3
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4847290Z 
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4847384Z Node.js v20.20.0
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4869317Z OK: semantic mismatch rejected as expected: examples/v0.7/e2e/negative/scenario-n2-policy-id-mismatch
+JSON Schema validate	v0.7 E2E negative gate (skip if none)	2026-03-05T12:12:39.4870268Z OK: v0.7 E2E negative scenarios rejected as expected.
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4901896Z ##[group]Run set -euo pipefail
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4902404Z set -euo pipefail
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4902780Z if ! compgen -G "examples/v0.9/e2e/positive/*/resolve.json" > /dev/null; then
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4903285Z   echo "No v0.9 E2E positive scenarios present; skipping v0.9 positive gate."
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4903640Z   exit 0
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4903819Z fi
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4903987Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4904180Z echo "Compiling v0.9 E2E schemas..."
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4904598Z ajv compile --spec=draft2020 -s schemas/aop-resolve-response.schema.json
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4905071Z ajv compile --spec=draft2020 -s schemas/aop-object.schema.json
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4905679Z ajv compile --spec=draft2020 -s schemas/aop-policy.schema.json
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4906127Z ajv compile --spec=draft2020 -s schemas/aop-policy-decision.schema.json
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4906577Z ajv compile --spec=draft2020 -s schemas/aop-evidence.schema.json
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4907225Z ajv compile --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/aop-provenance.profile.schema.json
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4908047Z ajv compile --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/slsa-provenance-min.profile.schema.json
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4909195Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4909397Z validate_v09_positive_semantics() {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4909668Z   local scen_dir="$1"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4909913Z   SCEN_DIR="${scen_dir}" node -e '
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4910174Z     const fs = require("fs");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4910425Z     const path = require("path");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4910746Z     const { execFileSync } = require("child_process");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4911036Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4911227Z     const scen = process.env.SCEN_DIR;
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4911662Z     const resolve = JSON.parse(fs.readFileSync(path.join(scen, "resolve.json"), "utf8"));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4912244Z     const manifest = JSON.parse(fs.readFileSync(path.join(scen, "manifest.json"), "utf8"));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4912804Z     const policy = JSON.parse(fs.readFileSync(path.join(scen, "policy.json"), "utf8"));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4913425Z     const evidenceManifest = JSON.parse(fs.readFileSync(path.join(scen, "evidence.manifest.json"), "utf8"));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4914094Z     const evidenceDecision = JSON.parse(fs.readFileSync(path.join(scen, "evidence.decision.json"), "utf8"));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4914554Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4914971Z     const decisionFiles = fs.readdirSync(scen).filter((f) => f.startsWith("decision") && f.endsWith(".json")).sort();
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4915490Z     if (decisionFiles.length === 0) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4915798Z       throw new Error("No decision*.json found");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4916071Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4916299Z     const decisions = decisionFiles.map((f) => ({
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4916567Z       file: f,
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4916866Z       doc: JSON.parse(fs.readFileSync(path.join(scen, f), "utf8"))
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4917182Z     }));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4917359Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4917742Z     const aopProfileFiles = fs.readdirSync(scen).filter((f) => f.endsWith(".aop-provenance.json")).sort();
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4918576Z     const slsaProfileFiles = fs.readdirSync(scen).filter((f) => f.endsWith(".slsa-provenance.json")).sort();
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4919234Z     if (aopProfileFiles.length === 0 && slsaProfileFiles.length === 0) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4919798Z       throw new Error("At least one profile evidence file is required in each v0.9 positive scenario");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4920226Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4920399Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4920780Z     const jcsSha256 = (filePath) =>
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4921198Z       execFileSync("node", ["tools/jcs_sha256.mjs", filePath], { encoding: "utf8" }).trim();
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4921593Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4922173Z     const manifestSha = jcsSha256(path.join(scen, "manifest.json"));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4922671Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4923015Z     if (resolve?.request?.object_id !== manifest.id) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4923863Z       throw new Error(`resolve.request.object_id mismatch: ${resolve?.request?.object_id} != ${manifest.id}`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4924823Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4925189Z     if (resolve?.record?.digest?.value !== manifestSha) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4926160Z       throw new Error("resolve.record.digest.value does not match computed manifest sha");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4926834Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4927252Z     if (resolve?.verification?.digest?.value !== manifestSha) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4928124Z       throw new Error("resolve.verification.digest.value does not match computed manifest sha");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4929053Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4929294Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4929659Z     if (evidenceManifest?.subject?.id !== manifest.id) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4930368Z       throw new Error("evidence.manifest.subject.id does not match manifest.id");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4930953Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4931380Z     if (evidenceManifest?.subject?.digest?.sha256 !== manifestSha) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4932302Z       throw new Error("evidence.manifest.subject.digest.sha256 does not match computed manifest sha");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4933065Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4933308Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4933628Z     for (const { file, doc } of decisions) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4933943Z       if (doc.policy_id !== policy.id) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4934360Z         throw new Error(`${file}: policy_id mismatch: ${doc.policy_id} != ${policy.id}`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4934726Z       }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4934961Z       if (doc.target?.selector !== "object_id") {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4935327Z         throw new Error(`${file}: target.selector must be object_id`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4935642Z       }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4935868Z       if (doc.target?.object_id !== manifest.id) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4936330Z         throw new Error(`${file}: target.object_id mismatch: ${doc.target?.object_id} != ${manifest.id}`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4936753Z       }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4937105Z       if (doc.decision?.effect === "deny" && (!Array.isArray(doc.reasons) || doc.reasons.length < 1)) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4937610Z         throw new Error(`${file}: deny decision must include reasons[]`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4937935Z       }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4938099Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4938532Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4938828Z     if (evidenceDecision?.predicate?.policy_id !== policy.id) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4939276Z       throw new Error("evidence.decision.predicate.policy_id mismatch");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4939616Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4940009Z     const matchedDecision = decisions.find(({ doc }) => doc.decision_id === evidenceDecision?.subject?.id);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4940465Z     if (!matchedDecision) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4940854Z       throw new Error("evidence.decision.subject.id does not match any decision_id");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4941241Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4941538Z     const decisionSha = jcsSha256(path.join(scen, matchedDecision.file));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4941992Z     if (evidenceDecision?.subject?.digest?.sha256 !== decisionSha) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4942538Z       throw new Error("evidence.decision.subject.digest.sha256 does not match computed decision sha");
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4943228Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4943395Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4943613Z     for (const profileName of aopProfileFiles) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4944067Z       const profileDoc = JSON.parse(fs.readFileSync(path.join(scen, profileName), "utf8"));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4944522Z       if (profileDoc?.subject?.id !== manifest.id) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4944878Z         throw new Error(`${profileName}: subject.id mismatch`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4945194Z       }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4945445Z       if (profileDoc?.subject?.digest?.sha256 !== manifestSha) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4945986Z         throw new Error(`${profileName}: subject.digest.sha256 mismatch`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4946310Z       }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4946476Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4946631Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4946848Z     for (const profileName of slsaProfileFiles) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4947291Z       const profileDoc = JSON.parse(fs.readFileSync(path.join(scen, profileName), "utf8"));
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4947725Z       if (profileDoc?.subject?.id !== manifest.id) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4948064Z         throw new Error(`${profileName}: subject.id mismatch`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4948540Z       }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4948795Z       if (profileDoc?.subject?.digest?.sha256 !== manifestSha) {
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4949201Z         throw new Error(`${profileName}: subject.digest.sha256 mismatch`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4949521Z       }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4949725Z     }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4949965Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4950435Z     console.log(`OK: v0.9 semantic/profile/digest checks passed for ${scen}`);
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4950881Z   '
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4951050Z }
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4951209Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4951382Z shopt -s nullglob
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4951646Z for scen_dir in examples/v0.9/e2e/positive/*; do
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4951946Z   [ -d "${scen_dir}" ] || continue
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4952241Z   echo "=== v0.9 positive scenario: ${scen_dir} ==="
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4952502Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4952668Z   required_files=(
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4952895Z     "${scen_dir}/resolve.json"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4953143Z     "${scen_dir}/manifest.json"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4953382Z     "${scen_dir}/policy.json"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4953646Z     "${scen_dir}/evidence.manifest.json"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4954033Z     "${scen_dir}/evidence.decision.json"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4954430Z   )
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4954769Z   for required in "${required_files[@]}"; do
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4955215Z     if [ ! -f "${required}" ]; then
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4955692Z       echo "Missing required file: ${required}"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4956134Z       exit 1
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4956432Z     fi
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4956686Z   done
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4956944Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4957244Z   decision_files=("${scen_dir}"/decision*.json)
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4957541Z   if [ "${#decision_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4957870Z     echo "No decision*.json files found under ${scen_dir}"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4958163Z     exit 1
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4958529Z   fi
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4958691Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4959154Z   ajv validate --spec=draft2020 -s schemas/aop-resolve-response.schema.json -d "${scen_dir}/resolve.json" --all-errors
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4959908Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${scen_dir}/manifest.json" --all-errors
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4961677Z   ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${scen_dir}/policy.json" --all-errors
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4962593Z   for file in "${decision_files[@]}"; do
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4963085Z     ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4963538Z   done
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4964001Z   ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${scen_dir}/evidence.manifest.json" --all-errors
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4964740Z   ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${scen_dir}/evidence.decision.json" --all-errors
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4965215Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4965611Z   aop_profile_files=("${scen_dir}"/evidence.*.aop-provenance.json)
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4966046Z   slsa_profile_files=("${scen_dir}"/evidence.*.slsa-provenance.json)
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4966509Z   if [ "${#aop_profile_files[@]}" -eq 0 ] && [ "${#slsa_profile_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4966941Z     echo "No profile evidence fixtures found under ${scen_dir}"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4967256Z     exit 1
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4967434Z   fi
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4967602Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4967794Z   for file in "${aop_profile_files[@]}"; do
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4968621Z     ajv validate --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/aop-provenance.profile.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4969236Z   done
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4969441Z   for file in "${slsa_profile_files[@]}"; do
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4970132Z     ajv validate --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/slsa-provenance-min.profile.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4970770Z   done
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4970935Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4971149Z   validate_v09_positive_semantics "${scen_dir}"
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4971425Z done
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4971590Z 
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.4971806Z echo "OK: v0.9 E2E positive scenarios validated."
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.5027280Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.5027621Z ##[endgroup]
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.5100876Z Compiling v0.9 E2E schemas...
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.7407945Z schema schemas/aop-resolve-response.schema.json is valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:39.9741481Z schema schemas/aop-object.schema.json is valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:40.2030476Z schema schemas/aop-policy.schema.json is valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:40.4309215Z schema schemas/aop-policy-decision.schema.json is valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:40.6543359Z schema schemas/aop-evidence.schema.json is valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:40.8844647Z schema schemas/profiles/aop-provenance.profile.schema.json is valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:41.1132480Z schema schemas/profiles/slsa-provenance-min.profile.schema.json is valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:41.1225494Z === v0.9 positive scenario: examples/v0.9/e2e/positive/scenario-1 ===
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:41.3414535Z examples/v0.9/e2e/positive/scenario-1/resolve.json valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:41.5741924Z examples/v0.9/e2e/positive/scenario-1/manifest.json valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:41.8021142Z examples/v0.9/e2e/positive/scenario-1/policy.json valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:42.0312012Z examples/v0.9/e2e/positive/scenario-1/decision.deny_overrides.json valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:42.2487077Z examples/v0.9/e2e/positive/scenario-1/evidence.manifest.json valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:42.4721245Z examples/v0.9/e2e/positive/scenario-1/evidence.decision.json valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:42.7019600Z examples/v0.9/e2e/positive/scenario-1/evidence.manifest.aop-provenance.json valid
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:42.8041447Z OK: v0.9 semantic/profile/digest checks passed for examples/v0.9/e2e/positive/scenario-1
+JSON Schema validate	v0.9 E2E positive gate (skip if none)	2026-03-05T12:12:42.8082217Z OK: v0.9 E2E positive scenarios validated.
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8110571Z ##[group]Run set -euo pipefail
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8111014Z set -euo pipefail
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8111383Z if ! compgen -G "examples/v0.9/e2e/negative/*/resolve.json" > /dev/null; then
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8111895Z   echo "No v0.9 E2E negative scenarios present; skipping v0.9 negative gate."
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8112254Z   exit 0
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8112427Z fi
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8112599Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8112800Z echo "Compiling v0.9 E2E schemas..."
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8113230Z ajv compile --spec=draft2020 -s schemas/aop-resolve-response.schema.json
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8113705Z ajv compile --spec=draft2020 -s schemas/aop-object.schema.json
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8114133Z ajv compile --spec=draft2020 -s schemas/aop-policy.schema.json
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8114777Z ajv compile --spec=draft2020 -s schemas/aop-policy-decision.schema.json
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8115235Z ajv compile --spec=draft2020 -s schemas/aop-evidence.schema.json
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8115894Z ajv compile --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/aop-provenance.profile.schema.json
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8116722Z ajv compile --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/slsa-provenance-min.profile.schema.json
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8117257Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8117452Z validate_v09_positive_semantics() {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8117721Z   local scen_dir="$1"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8117963Z   SCEN_DIR="${scen_dir}" node -e '
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8118226Z     const fs = require("fs");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8119034Z     const path = require("path");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8119368Z     const { execFileSync } = require("child_process");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8119668Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8119862Z     const scen = process.env.SCEN_DIR;
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8120298Z     const resolve = JSON.parse(fs.readFileSync(path.join(scen, "resolve.json"), "utf8"));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8120872Z     const manifest = JSON.parse(fs.readFileSync(path.join(scen, "manifest.json"), "utf8"));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8121434Z     const policy = JSON.parse(fs.readFileSync(path.join(scen, "policy.json"), "utf8"));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8122058Z     const evidenceManifest = JSON.parse(fs.readFileSync(path.join(scen, "evidence.manifest.json"), "utf8"));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8122737Z     const evidenceDecision = JSON.parse(fs.readFileSync(path.join(scen, "evidence.decision.json"), "utf8"));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8123185Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8123591Z     const decisionFiles = fs.readdirSync(scen).filter((f) => f.startsWith("decision") && f.endsWith(".json")).sort();
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8124128Z     if (decisionFiles.length === 0) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8124463Z       throw new Error("No decision*.json found");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8124754Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8124996Z     const decisions = decisionFiles.map((f) => ({
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8125271Z       file: f,
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8125580Z       doc: JSON.parse(fs.readFileSync(path.join(scen, f), "utf8"))
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8125905Z     }));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8126086Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8126488Z     const aopProfileFiles = fs.readdirSync(scen).filter((f) => f.endsWith(".aop-provenance.json")).sort();
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8127177Z     const slsaProfileFiles = fs.readdirSync(scen).filter((f) => f.endsWith(".slsa-provenance.json")).sort();
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8127757Z     if (aopProfileFiles.length === 0 && slsaProfileFiles.length === 0) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8128493Z       throw new Error("At least one profile evidence file is required in each v0.9 scenario");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8128909Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8129082Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8129471Z     const jcsSha256 = (filePath) =>
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8129894Z       execFileSync("node", ["tools/jcs_sha256.mjs", filePath], { encoding: "utf8" }).trim();
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8130277Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8130548Z     const manifestSha = jcsSha256(path.join(scen, "manifest.json"));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8130878Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8131109Z     if (resolve?.request?.object_id !== manifest.id) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8131634Z       throw new Error(`resolve.request.object_id mismatch: ${resolve?.request?.object_id} != ${manifest.id}`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8132080Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8132327Z     if (resolve?.record?.digest?.value !== manifestSha) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8132927Z       throw new Error("resolve.record.digest.value does not match computed manifest sha");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8133337Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8133590Z     if (resolve?.verification?.digest?.value !== manifestSha) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8134111Z       throw new Error("resolve.verification.digest.value does not match computed manifest sha");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8134539Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8134698Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8134939Z     if (evidenceManifest?.subject?.id !== manifest.id) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8135381Z       throw new Error("evidence.manifest.subject.id does not match manifest.id");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8135759Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8136030Z     if (evidenceManifest?.subject?.digest?.sha256 !== manifestSha) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8136599Z       throw new Error("evidence.manifest.subject.digest.sha256 does not match computed manifest sha");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8137063Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8137235Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8137454Z     for (const { file, doc } of decisions) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8137753Z       if (doc.policy_id !== policy.id) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8138174Z         throw new Error(`${file}: policy_id mismatch: ${doc.policy_id} != ${policy.id}`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8138774Z       }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8139007Z       if (doc.target?.selector !== "object_id") {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8139387Z         throw new Error(`${file}: target.selector must be object_id`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8139706Z       }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8139942Z       if (doc.target?.object_id !== manifest.id) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8140412Z         throw new Error(`${file}: target.object_id mismatch: ${doc.target?.object_id} != ${manifest.id}`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8140843Z       }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8141214Z       if (doc.decision?.effect === "deny" && (!Array.isArray(doc.reasons) || doc.reasons.length < 1)) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8141731Z         throw new Error(`${file}: deny decision must include reasons[]`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8142063Z       }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8142235Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8142412Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8142667Z     if (evidenceDecision?.predicate?.policy_id !== policy.id) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8143116Z       throw new Error("evidence.decision.predicate.policy_id mismatch");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8143468Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8143846Z     const matchedDecision = decisions.find(({ doc }) => doc.decision_id === evidenceDecision?.subject?.id);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8144317Z     if (!matchedDecision) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8144716Z       throw new Error("evidence.decision.subject.id does not match any decision_id");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8145107Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8145395Z     const decisionSha = jcsSha256(path.join(scen, matchedDecision.file));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8145872Z     if (evidenceDecision?.subject?.digest?.sha256 !== decisionSha) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8146424Z       throw new Error("evidence.decision.subject.digest.sha256 does not match computed decision sha");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8147023Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8147192Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8147409Z     for (const profileName of aopProfileFiles) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8147871Z       const profileDoc = JSON.parse(fs.readFileSync(path.join(scen, profileName), "utf8"));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8148601Z       if (profileDoc?.subject?.id !== manifest.id) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8148979Z         throw new Error(`${profileName}: subject.id mismatch`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8149289Z       }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8149551Z       if (profileDoc?.subject?.digest?.sha256 !== manifestSha) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8149978Z         throw new Error(`${profileName}: subject.digest.sha256 mismatch`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8150452Z       }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8150617Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8150789Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8151010Z     for (const profileName of slsaProfileFiles) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8151481Z       const profileDoc = JSON.parse(fs.readFileSync(path.join(scen, profileName), "utf8"));
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8151934Z       if (profileDoc?.subject?.id !== manifest.id) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8152286Z         throw new Error(`${profileName}: subject.id mismatch`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8152591Z       }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8152840Z       if (profileDoc?.subject?.digest?.sha256 !== manifestSha) {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8153254Z         throw new Error(`${profileName}: subject.digest.sha256 mismatch`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8153581Z       }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8153752Z     }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8153912Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8154209Z     console.log(`OK: v0.9 semantic/profile/digest checks passed for ${scen}`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8154564Z   '
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8154737Z }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8154906Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8155083Z shopt -s nullglob
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8155357Z for scen_dir in examples/v0.9/e2e/negative/*; do
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8155664Z   [ -d "${scen_dir}" ] || continue
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8155967Z   echo "=== v0.9 negative scenario: ${scen_dir} ==="
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8156233Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8156400Z   set +e
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8156575Z   (
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8156765Z     set -euo pipefail
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8157000Z     required_files=(
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8157220Z       "${scen_dir}/resolve.json"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8157483Z       "${scen_dir}/manifest.json"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8157739Z       "${scen_dir}/policy.json"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8158024Z       "${scen_dir}/evidence.manifest.json"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8158486Z       "${scen_dir}/evidence.decision.json"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8158741Z     )
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8158963Z     for required in "${required_files[@]}"; do
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8159349Z       [ -f "${required}" ] || { echo "Missing required file: ${required}"; exit 1; }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8159707Z     done
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8159873Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8160090Z     decision_files=("${scen_dir}"/decision*.json)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8160505Z     [ "${#decision_files[@]}" -gt 0 ] || { echo "No decision*.json in ${scen_dir}"; exit 1; }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8160874Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8161323Z     ajv validate --spec=draft2020 -s schemas/aop-resolve-response.schema.json -d "${scen_dir}/resolve.json" --all-errors
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8162068Z     ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${scen_dir}/manifest.json" --all-errors
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8162770Z     ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${scen_dir}/policy.json" --all-errors
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8163403Z     for file in "${decision_files[@]}"; do
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8163876Z       ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8164331Z     done
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8164771Z     ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${scen_dir}/evidence.manifest.json" --all-errors
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8165523Z     ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${scen_dir}/evidence.decision.json" --all-errors
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8165999Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8166271Z     aop_profile_files=("${scen_dir}"/evidence.*.aop-provenance.json)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8166719Z     slsa_profile_files=("${scen_dir}"/evidence.*.slsa-provenance.json)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8167474Z     [ "${#aop_profile_files[@]}" -gt 0 ] || [ "${#slsa_profile_files[@]}" -gt 0 ] || { echo "No profile evidence fixtures found under ${scen_dir}"; exit 1; }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8168057Z     for file in "${aop_profile_files[@]}"; do
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8168903Z       ajv validate --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/aop-provenance.profile.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8169518Z     done
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8169745Z     for file in "${slsa_profile_files[@]}"; do
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8170401Z       ajv validate --spec=draft2020 -r schemas/aop-evidence.schema.json -s schemas/profiles/slsa-provenance-min.profile.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8171019Z     done
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8171183Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8171404Z     validate_v09_positive_semantics "${scen_dir}"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8171693Z   )
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8171874Z   case_status=$?
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8172085Z   set -e
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8172251Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8172451Z   if [ "${case_status}" -eq 0 ]; then
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8172804Z     echo "ERROR: negative scenario unexpectedly passed: ${scen_dir}"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8173140Z     exit 1
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8173324Z   else
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8173598Z     echo "OK: negative scenario rejected as expected: ${scen_dir}"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8173923Z   fi
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8174093Z done
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8174271Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8185877Z echo "OK: v0.9 E2E negative scenarios rejected as expected."
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8238638Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8238970Z ##[endgroup]
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:42.8313409Z Compiling v0.9 E2E schemas...
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:43.0571980Z schema schemas/aop-resolve-response.schema.json is valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:43.2940847Z schema schemas/aop-object.schema.json is valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:43.5281280Z schema schemas/aop-policy.schema.json is valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:43.7523622Z schema schemas/aop-policy-decision.schema.json is valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:43.9803151Z schema schemas/aop-evidence.schema.json is valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:44.2145583Z schema schemas/profiles/aop-provenance.profile.schema.json is valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:44.4421840Z schema schemas/profiles/slsa-provenance-min.profile.schema.json is valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:44.4516130Z === v0.9 negative scenario: examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch ===
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:44.6697129Z examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch/resolve.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:44.9016213Z examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch/manifest.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:45.1306983Z examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch/policy.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:45.3569679Z examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch/decision.deny_overrides.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:45.5765442Z examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch/evidence.manifest.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:45.8027206Z examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch/evidence.decision.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.0340146Z examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch/evidence.manifest.aop-provenance.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1036022Z [eval]:34
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1036985Z       throw new Error(`resolve.request.object_id mismatch: ${resolve?.request?.object_id} != ${manifest.id}`);
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1037747Z       ^
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1037913Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1039278Z Error: resolve.request.object_id mismatch: urn:aop:tool:kv-get:v1 != urn:aop:tool:web-fetch:v1
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1039985Z     at [eval]:34:13
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1040400Z     at runScriptInThisContext (node:internal/vm:209:10)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1041402Z     at node:internal/process/execution:118:14
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1041805Z     at [eval]-wrapper:6:24
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1042270Z     at runScript (node:internal/process/execution:101:62)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1042847Z     at evalScript (node:internal/process/execution:133:3)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1043365Z     at node:internal/main/eval_string:51:3
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1043654Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1043762Z Node.js v20.20.0
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1071323Z OK: negative scenario rejected as expected: examples/v0.9/e2e/negative/scenario-n1-resolve-manifest-mismatch
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.1072661Z === v0.9 negative scenario: examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch ===
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.3302124Z examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch/resolve.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.5661849Z examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch/manifest.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:46.7978899Z examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch/policy.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.0252235Z examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch/decision.deny_overrides.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.2422562Z examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch/evidence.manifest.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.4671891Z examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch/evidence.decision.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.6980793Z examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch/evidence.manifest.aop-provenance.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7670779Z [eval]:47
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7671748Z       throw new Error("evidence.manifest.subject.digest.sha256 does not match computed manifest sha");
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7672512Z       ^
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7672698Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7673080Z Error: evidence.manifest.subject.digest.sha256 does not match computed manifest sha
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7673511Z     at [eval]:47:13
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7673800Z     at runScriptInThisContext (node:internal/vm:209:10)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7674197Z     at node:internal/process/execution:118:14
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7674477Z     at [eval]-wrapper:6:24
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7674774Z     at runScript (node:internal/process/execution:101:62)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7675154Z     at evalScript (node:internal/process/execution:133:3)
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7675481Z     at node:internal/main/eval_string:51:3
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7675656Z 
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7675736Z Node.js v20.20.0
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7702605Z OK: negative scenario rejected as expected: examples/v0.9/e2e/negative/scenario-n2-evidence-digest-mismatch
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.7703590Z === v0.9 negative scenario: examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid ===
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:47.9930215Z examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid/resolve.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:48.2276052Z examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid/manifest.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:48.4569094Z examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid/policy.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:48.6816284Z examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid/decision.deny_overrides.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:48.9006589Z examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid/evidence.manifest.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.1253712Z examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid/evidence.decision.json valid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3590249Z examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid/evidence.manifest.aop-provenance.json invalid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3605524Z [
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3609158Z   {
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3609540Z     instancePath: '/predicate',
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3610141Z     schemaPath: '#/allOf/1/properties/predicate/required',
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3610580Z     keyword: 'required',
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3610865Z     params: { missingProperty: 'generator' },
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3611231Z     message: "must have required property 'generator'"
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3611894Z   }
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3612063Z ]
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3694677Z OK: negative scenario rejected as expected: examples/v0.9/e2e/negative/scenario-n3-evidence-profile-invalid
+JSON Schema validate	v0.9 E2E negative gate (skip if none)	2026-03-05T12:12:49.3695339Z OK: v0.9 E2E negative scenarios rejected as expected.
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3723897Z ##[group]Run set -euo pipefail
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3724354Z set -euo pipefail
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3724566Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3724735Z shopt -s nullglob
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3725010Z positive_candidates=(examples/v0.8/e2e/positive/*)
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3725389Z negative_candidates=(examples/v0.8/e2e/negative/*)
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3725664Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3725840Z positive_scenarios=()
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3726093Z for dir in "${positive_candidates[@]}"; do
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3726412Z   [ -d "${dir}" ] && positive_scenarios+=("${dir}")
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3726676Z done
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3726852Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3727036Z negative_scenarios=()
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3727285Z for dir in "${negative_candidates[@]}"; do
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3727592Z   [ -d "${dir}" ] && negative_scenarios+=("${dir}")
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3727851Z done
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3728041Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3728604Z if [ "${#positive_scenarios[@]}" -eq 0 ] && [ "${#negative_scenarios[@]}" -eq 0 ]; then
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3729078Z   echo "No v0.8 E2E scenarios present; skipping v0.8 evidence gate."
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3729416Z   exit 0
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3729594Z fi
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3729753Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3729958Z if [ "${#positive_scenarios[@]}" -eq 0 ]; then
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3730321Z   echo "v0.8 evidence gate requires at least one positive scenario."
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3730648Z   exit 1
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3730809Z fi
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3731003Z if [ "${#negative_scenarios[@]}" -eq 0 ]; then
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3731356Z   echo "v0.8 evidence gate requires at least one negative scenario."
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3731669Z   exit 1
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3731837Z fi
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3731987Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3732176Z echo "Compiling v0.8 E2E schemas..."
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3732559Z ajv compile --spec=draft2020 -s schemas/aop-resolve-response.schema.json
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3733025Z ajv compile --spec=draft2020 -s schemas/aop-object.schema.json
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3733437Z ajv compile --spec=draft2020 -s schemas/aop-policy.schema.json
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3733881Z ajv compile --spec=draft2020 -s schemas/aop-policy-decision.schema.json
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3734340Z ajv compile --spec=draft2020 -s schemas/aop-evidence.schema.json
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3734659Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3734846Z validate_v08_evidence_semantics() {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3735100Z   local mode="$1"
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3735317Z   local scen_dir="$2"
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3735569Z   MODE="${mode}" SCEN_DIR="${scen_dir}" node -e '
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3735869Z     const fs = require("fs");
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3736136Z     const path = require("path");
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3736442Z     const { execFileSync } = require("child_process");
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3736755Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3736942Z     const mode = process.env.MODE;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3737222Z     const scen = process.env.SCEN_DIR;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3737462Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3737809Z     const resolve = JSON.parse(fs.readFileSync(path.join(scen, "resolve.json"), "utf8"));
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3738614Z     const manifest = JSON.parse(fs.readFileSync(path.join(scen, "manifest.json"), "utf8"));
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3739175Z     const policy = JSON.parse(fs.readFileSync(path.join(scen, "policy.json"), "utf8"));
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3739987Z     const evidenceManifest = JSON.parse(fs.readFileSync(path.join(scen, "evidence.manifest.json"), "utf8"));
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3740663Z     const evidenceDecision = JSON.parse(fs.readFileSync(path.join(scen, "evidence.decision.json"), "utf8"));
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3741297Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3741488Z     const jcsSha256 = (filePath) => {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3741842Z       return execFileSync("node", ["tools/jcs_sha256.mjs", filePath], {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3742187Z         encoding: "utf8"
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3742406Z       }).trim();
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3742604Z     };
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3742772Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3742949Z     const decisionFiles = fs
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3743195Z       .readdirSync(scen)
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3743499Z       .filter((f) => f.startsWith("decision") && f.endsWith(".json"))
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3743825Z       .sort();
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3744047Z     if (decisionFiles.length === 0) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3744361Z       throw new Error("No decision*.json found");
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3744632Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3744813Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3745031Z     const decisions = decisionFiles.map((f) => {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3745428Z       const doc = JSON.parse(fs.readFileSync(path.join(scen, f), "utf8"));
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3745795Z       return { file: f, doc };
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3746024Z     });
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3746206Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3746382Z     let semanticOk = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3746624Z     let caseHandled = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3746840Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3747025Z     const manifestId = manifest.id;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3747351Z     const requestObjectId = resolve?.request?.object_id;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3747738Z     const evidenceManifestId = evidenceManifest?.subject?.id;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3748185Z     const evidenceManifestSha = evidenceManifest?.subject?.digest?.sha256;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3748979Z     const computedManifestSha = jcsSha256(path.join(scen, "manifest.json"));
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3749438Z     const resolveRecordSha = resolve?.record?.digest?.value;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3749846Z     const resolveVerifySha = resolve?.verification?.digest?.value;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3750166Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3750367Z     if (requestObjectId !== manifestId) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3750631Z       semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3750866Z       caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3751081Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3751305Z     if (evidenceManifestId !== manifestId) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3751585Z       semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3751825Z       caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3752037Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3752394Z     if (typeof evidenceManifestSha !== "string" || !/^[a-f0-9]{64}$/.test(evidenceManifestSha)) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3752813Z       semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3753031Z       caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3753244Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3753476Z     if (evidenceManifestSha !== computedManifestSha) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3753778Z       semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3754000Z       caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3754203Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3754571Z     if (resolveRecordSha !== computedManifestSha || resolveVerifySha !== computedManifestSha) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3754995Z       semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3755216Z       caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3755422Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3755746Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3755929Z     const policyId = policy.id;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3756287Z     const evidencePolicyId = evidenceDecision?.predicate?.policy_id;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3756671Z     if (evidencePolicyId !== policyId) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3757074Z       semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3757300Z       caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3757502Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3757666Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3757910Z     const decisionSubjectId = evidenceDecision?.subject?.id;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3758611Z     const matchedDecision = decisions.find(({ doc }) => doc.decision_id === decisionSubjectId);
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3759069Z     if (!matchedDecision) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3759319Z       semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3759544Z       caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3759753Z     } else {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3760086Z       const evidenceDecisionSha = evidenceDecision?.subject?.digest?.sha256;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3760634Z       const computedDecisionSha = jcsSha256(path.join(scen, matchedDecision.file));
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3761213Z       if (typeof evidenceDecisionSha !== "string" || !/^[a-f0-9]{64}$/.test(evidenceDecisionSha)) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3761650Z         semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3761878Z         caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3762101Z       }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3762348Z       if (evidenceDecisionSha !== computedDecisionSha) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3762660Z         semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3762888Z         caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3763105Z       }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3763348Z       if (matchedDecision.doc.policy_id !== policyId) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3763643Z         semanticOk = false;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3763868Z         caseHandled = true;
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3764081Z       }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3764249Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3764412Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3764585Z     if (mode === "valid") {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3764808Z       if (!semanticOk) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3765211Z         throw new Error(`v0.8 evidence semantic validation failed for valid scenario: ${scen}`);
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3765621Z       }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3765811Z     } else if (mode === "invalid") {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3766069Z       if (!caseHandled) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3766478Z         throw new Error(`v0.8 evidence semantic validation could not map invalid scenario: ${scen}`);
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3766895Z       }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3767069Z       if (semanticOk) {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3767503Z         throw new Error(`v0.8 evidence semantic validation unexpectedly passed invalid scenario: ${scen}`);
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3767949Z       }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3768111Z     } else {
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3768554Z       throw new Error(`Unknown mode: ${mode}`);
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3768821Z     }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3768988Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3769258Z     console.log(`OK: v0.8 evidence semantic check (${mode}) for ${scen}`);
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3769601Z   '
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3769769Z }
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3769924Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3770134Z echo "Validating v0.8 positive scenarios..."
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3770451Z for scen_dir in "${positive_scenarios[@]}"; do
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3770782Z   echo "=== v0.8 positive scenario: ${scen_dir} ==="
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3771353Z   ajv validate --spec=draft2020 -s schemas/aop-resolve-response.schema.json -d "${scen_dir}/resolve.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3772092Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${scen_dir}/manifest.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3772946Z   ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${scen_dir}/policy.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3773393Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3773626Z   decision_files=("${scen_dir}"/decision*.json)
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3774076Z   if [ "${#decision_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3774419Z     echo "No decision*.json files found under ${scen_dir}"
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3774721Z     exit 1
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3774896Z   fi
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3775117Z   for file in "${decision_files[@]}"; do
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3775593Z     ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3776041Z   done
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3776208Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3776656Z   ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${scen_dir}/evidence.manifest.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3777417Z   ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${scen_dir}/evidence.decision.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3777889Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3778127Z   validate_v08_evidence_semantics "valid" "${scen_dir}"
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3778693Z done
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3778884Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3779144Z echo "Validating v0.8 negative scenarios are rejected..."
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3779517Z for scen_dir in "${negative_scenarios[@]}"; do
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3779855Z   echo "=== v0.8 negative scenario: ${scen_dir} ==="
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3780423Z   ajv validate --spec=draft2020 -s schemas/aop-resolve-response.schema.json -d "${scen_dir}/resolve.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3781160Z   ajv validate --spec=draft2020 -s schemas/aop-object.schema.json -d "${scen_dir}/manifest.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3781840Z   ajv validate --spec=draft2020 -s schemas/aop-policy.schema.json -d "${scen_dir}/policy.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3782288Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3782505Z   decision_files=("${scen_dir}"/decision*.json)
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3782817Z   if [ "${#decision_files[@]}" -eq 0 ]; then
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3783144Z     echo "No decision*.json files found under ${scen_dir}"
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3783434Z     exit 1
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3783620Z   fi
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3783815Z   for file in "${decision_files[@]}"; do
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3784293Z     ajv validate --spec=draft2020 -s schemas/aop-policy-decision.schema.json -d "${file}" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3784736Z   done
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3784900Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3785325Z   ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${scen_dir}/evidence.manifest.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3786063Z   ajv validate --spec=draft2020 -s schemas/aop-evidence.schema.json -d "${scen_dir}/evidence.decision.json" --all-errors
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3786539Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3786773Z   validate_v08_evidence_semantics "invalid" "${scen_dir}"
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3787069Z done
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3787233Z 
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3787452Z echo "OK: v0.8 E2E evidence binding scenarios validated."
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3839132Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3839462Z ##[endgroup]
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.3915498Z Compiling v0.8 E2E schemas...
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.6146899Z schema schemas/aop-resolve-response.schema.json is valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:49.8497225Z schema schemas/aop-object.schema.json is valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:50.0836151Z schema schemas/aop-policy.schema.json is valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:50.3083243Z schema schemas/aop-policy-decision.schema.json is valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:50.5378895Z schema schemas/aop-evidence.schema.json is valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:50.5510514Z Validating v0.8 positive scenarios...
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:50.5511258Z === v0.8 positive scenario: examples/v0.8/e2e/positive/scenario-1 ===
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:50.7719684Z examples/v0.8/e2e/positive/scenario-1/resolve.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:51.0039178Z examples/v0.8/e2e/positive/scenario-1/manifest.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:51.2394032Z examples/v0.8/e2e/positive/scenario-1/policy.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:51.4666650Z examples/v0.8/e2e/positive/scenario-1/decision.deny_overrides.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:51.6881395Z examples/v0.8/e2e/positive/scenario-1/evidence.manifest.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:51.9095766Z examples/v0.8/e2e/positive/scenario-1/evidence.decision.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:52.0158966Z OK: v0.8 evidence semantic check (valid) for examples/v0.8/e2e/positive/scenario-1
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:52.0202212Z Validating v0.8 negative scenarios are rejected...
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:52.0203183Z === v0.8 negative scenario: examples/v0.8/e2e/negative/scenario-n1-evidence-wrong-digest ===
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:52.2432314Z examples/v0.8/e2e/negative/scenario-n1-evidence-wrong-digest/resolve.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:52.4754359Z examples/v0.8/e2e/negative/scenario-n1-evidence-wrong-digest/manifest.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:52.7002604Z examples/v0.8/e2e/negative/scenario-n1-evidence-wrong-digest/policy.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:52.9280361Z examples/v0.8/e2e/negative/scenario-n1-evidence-wrong-digest/decision.deny_overrides.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:53.1467458Z examples/v0.8/e2e/negative/scenario-n1-evidence-wrong-digest/evidence.manifest.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:53.3696768Z examples/v0.8/e2e/negative/scenario-n1-evidence-wrong-digest/evidence.decision.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:53.4749494Z OK: v0.8 evidence semantic check (invalid) for examples/v0.8/e2e/negative/scenario-n1-evidence-wrong-digest
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:53.4791907Z === v0.8 negative scenario: examples/v0.8/e2e/negative/scenario-n2-evidence-wrong-policy-id ===
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:53.7018566Z examples/v0.8/e2e/negative/scenario-n2-evidence-wrong-policy-id/resolve.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:53.9385399Z examples/v0.8/e2e/negative/scenario-n2-evidence-wrong-policy-id/manifest.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:54.1641183Z examples/v0.8/e2e/negative/scenario-n2-evidence-wrong-policy-id/policy.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:54.3889041Z examples/v0.8/e2e/negative/scenario-n2-evidence-wrong-policy-id/decision.deny_overrides.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:54.6119602Z examples/v0.8/e2e/negative/scenario-n2-evidence-wrong-policy-id/evidence.manifest.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:54.8356206Z examples/v0.8/e2e/negative/scenario-n2-evidence-wrong-policy-id/evidence.decision.json valid
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:54.9414829Z OK: v0.8 evidence semantic check (invalid) for examples/v0.8/e2e/negative/scenario-n2-evidence-wrong-policy-id
+JSON Schema validate	v0.8 E2E evidence binding gate (skip if none)	2026-03-05T12:12:54.9456165Z OK: v0.8 E2E evidence binding scenarios validated.
+JSON Schema validate	Post Setup Node.js	2026-03-05T12:12:54.9521263Z Post job cleanup.
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.1212815Z Post job cleanup.
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2174360Z [command]/usr/bin/git version
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2219966Z git version 2.53.0
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2262572Z Temporarily overriding HOME='/home/runner/work/_temp/20b6b74f-ea17-4174-a4a9-96208656921e' before making global git config changes
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2263982Z Adding repository directory to the temporary git global config as a safe directory
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2269251Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/agent-object-protocol/agent-object-protocol
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2307253Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2343467Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2607148Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2632749Z http.https://github.com/.extraheader
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2646668Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2682130Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2937866Z [command]/usr/bin/git config --local --name-only --get-regexp ^includeIf\.gitdir:
+JSON Schema validate	Post Run actions/checkout@v4	2026-03-05T12:12:55.2972951Z [command]/usr/bin/git submodule foreach --recursive git config --local --show-origin --name-only --get-regexp remote.origin.url
+JSON Schema validate	Complete job	2026-03-05T12:12:55.3351195Z Cleaning up orphan processes