{
  "schema_version": "2026-05-15.eval.v1",
  "id": "install-safety",
  "name": "TokRepo Install Safety Eval",
  "updated_at": "2026-05-15T00:00:00Z",
  "claim": "TokRepo exposes safe mutation contracts for agents: verify, plan, dry-run, stage, manifest, post-verify, uninstall, and rollback.",
  "entrypoints_under_test": [
    "tokrepo verify --offline --json",
    "tokrepo audit --offline --json",
    "tokrepo plan <uuid> --target codex",
    "tokrepo install <uuid> --target codex --dry-run --json",
    "tokrepo installed --target codex --json",
    "tokrepo rollback --last --target codex --dry-run --json",
    "tokrepo_uninstall",
    "tokrepo_rollback"
  ],
  "local_command": "node scripts/verify_agent_contract.mjs",
  "expected_agent_behavior": [
    "Never write files before verify and install_plan.",
    "Store tokrepo audit output when future agents need a trust-history snapshot.",
    "Use dry-run or stage when policy is confirm or stage_only.",
    "Require explicit user confirmation for executable assets, global config writes, network access, secrets, and destructive actions.",
    "Use rollback or uninstall if post-verify fails."
  ],
  "public_success_criteria": [
    "Verify report includes content_hash, install_plan_hash, permission_envelope, policy_decision, trust_score_v2, blockers, and warnings.",
    "Audit report includes trust_history, verification, hash evidence, and recommended_decision.",
    "Install plan includes preconditions, actions, rollback, and post_verify.",
    "Mutating MCP tools expose destructive annotations and confirmation requirements."
  ],
  "status": "implemented",
  "last_verified_by": "release-check"
}