From 78db685c7c70459e525cd90ae8eaa6ce7a2ce9c1 Mon Sep 17 00:00:00 2001
From: Ethan Miller <ethanmiller@ethans-mbp.lan>
Date: Fri, 22 May 2026 02:47:42 -0400
Subject: [PATCH] Add repository license compatibility guard

---
 .../README.md                                 |  33 ++
 .../acceptance-notes.md                       |  19 +
 .../demo.js                                   |  31 ++
 .../index.js                                  | 326 ++++++++++++++++++
 .../package.json                              |  13 +
 .../reports/demo.mp4                          | Bin 0 -> 13261 bytes
 .../reports/reviewer-packet.md                |  87 +++++
 .../reports/summary.json                      | 131 +++++++
 .../reports/summary.svg                       |  29 ++
 .../requirements-map.md                       |  19 +
 .../sample-data.js                            |  92 +++++
 .../test.js                                   |  43 +++
 12 files changed, 823 insertions(+)
 create mode 100644 repository-license-compatibility-guard/README.md
 create mode 100644 repository-license-compatibility-guard/acceptance-notes.md
 create mode 100644 repository-license-compatibility-guard/demo.js
 create mode 100644 repository-license-compatibility-guard/index.js
 create mode 100644 repository-license-compatibility-guard/package.json
 create mode 100644 repository-license-compatibility-guard/reports/demo.mp4
 create mode 100644 repository-license-compatibility-guard/reports/reviewer-packet.md
 create mode 100644 repository-license-compatibility-guard/reports/summary.json
 create mode 100644 repository-license-compatibility-guard/reports/summary.svg
 create mode 100644 repository-license-compatibility-guard/requirements-map.md
 create mode 100644 repository-license-compatibility-guard/sample-data.js
 create mode 100644 repository-license-compatibility-guard/test.js

diff --git a/repository-license-compatibility-guard/README.md b/repository-license-compatibility-guard/README.md
new file mode 100644
index 00000000..9b3bc5e1
--- /dev/null
+++ b/repository-license-compatibility-guard/README.md
@@ -0,0 +1,33 @@
+# Repository License Compatibility Guard
+
+This module provides a focused Project Repository & Version Control slice for
+SCIBASE issue #10. It evaluates a synthetic repository release/export manifest
+before DOI publication or partner export, checking code package licenses, dataset
+licenses, model weight terms, generated figure reuse, fork attribution, SPDX
+normalization, missing notices, and release-blocking conflicts.
+
+## What It Covers
+
+- License compatibility for tagged repository releases.
+- Dataset and model export holds for proprietary, missing, or unsupported terms.
+- Non-commercial license conflicts for commercial/partner export intents.
+- Copyleft source-bundle and fork-license evidence checks.
+- Attribution and notice completion tasks before publication.
+- Deterministic reviewer packets and audit digests.
+
+## Run
+
+```bash
+npm run check
+npm test
+npm run demo
+```
+
+Generated artifacts are written to `reports/`:
+
+- `summary.json`
+- `reviewer-packet.md`
+- `summary.svg`
+- `demo.mp4`
+
+The data is synthetic and does not scan a live repository or legal system.
diff --git a/repository-license-compatibility-guard/acceptance-notes.md b/repository-license-compatibility-guard/acceptance-notes.md
new file mode 100644
index 00000000..4e2367e2
--- /dev/null
+++ b/repository-license-compatibility-guard/acceptance-notes.md
@@ -0,0 +1,19 @@
+# Acceptance Notes
+
+The guard classifies release assets as:
+
+- `publishable`: compatible with the requested release/export intent.
+- `notice_required`: export can proceed after attribution or notice completion.
+- `conflict`: license terms conflict with the export intent.
+- `hold`: release-blocking missing, proprietary, unsupported, or incomplete evidence.
+
+Validation commands:
+
+```bash
+npm run check
+npm test
+npm run demo
+ffprobe -v error -show_entries format=duration,size -show_entries stream=codec_name,width,height,pix_fmt -of default=noprint_wrappers=1 reports/demo.mp4
+git diff --check
+git diff --cached --check
+```
diff --git a/repository-license-compatibility-guard/demo.js b/repository-license-compatibility-guard/demo.js
new file mode 100644
index 00000000..5586cda4
--- /dev/null
+++ b/repository-license-compatibility-guard/demo.js
@@ -0,0 +1,31 @@
+const fs = require("node:fs");
+const path = require("node:path");
+const {
+  analyzeRepositoryLicenses,
+  renderMarkdownReport,
+  renderSvgSummary,
+} = require("./index");
+const { sampleRepositoryLicensePacket } = require("./sample-data");
+
+const reportsDir = path.join(__dirname, "reports");
+fs.mkdirSync(reportsDir, { recursive: true });
+
+const result = analyzeRepositoryLicenses(sampleRepositoryLicensePacket, {
+  asOf: "2026-05-22T12:00:00.000Z",
+});
+
+fs.writeFileSync(
+  path.join(reportsDir, "summary.json"),
+  `${JSON.stringify(result, null, 2)}\n`
+);
+fs.writeFileSync(
+  path.join(reportsDir, "reviewer-packet.md"),
+  renderMarkdownReport(result)
+);
+fs.writeFileSync(
+  path.join(reportsDir, "summary.svg"),
+  renderSvgSummary(result)
+);
+
+console.log("repository license compatibility guard demo artifacts written");
+console.log(`audit digest: ${result.auditDigest}`);
diff --git a/repository-license-compatibility-guard/index.js b/repository-license-compatibility-guard/index.js
new file mode 100644
index 00000000..4203d17c
--- /dev/null
+++ b/repository-license-compatibility-guard/index.js
@@ -0,0 +1,326 @@
+const crypto = require("node:crypto");
+
+const PUBLISHABLE = "publishable";
+const NOTICE_REQUIRED = "notice_required";
+const CONFLICT = "conflict";
+const HOLD = "hold";
+
+const PERMISSIVE_LICENSES = new Set(["MIT", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause"]);
+const OPEN_DATA_LICENSES = new Set(["CC-BY-4.0", "CC0-1.0", "ODC-BY-1.0"]);
+const COPYLEFT_LICENSES = new Set(["GPL-3.0", "AGPL-3.0", "LGPL-3.0"]);
+const NON_COMMERCIAL_LICENSES = new Set(["CC-BY-NC-4.0", "CC-BY-NC-SA-4.0"]);
+
+function requireFields(value, fields, label) {
+  for (const field of fields) {
+    if (value[field] === undefined || value[field] === null || value[field] === "") {
+      throw new Error(`missing required ${label} field: ${field}`);
+    }
+  }
+}
+
+function normalizeLicense(value) {
+  return String(value || "").trim();
+}
+
+function stableStringify(value) {
+  if (Array.isArray(value)) {
+    return `[${value.map(stableStringify).join(",")}]`;
+  }
+
+  if (value && typeof value === "object") {
+    return `{${Object.keys(value)
+      .sort()
+      .map((key) => `${JSON.stringify(key)}:${stableStringify(value[key])}`)
+      .join(",")}}`;
+  }
+
+  return JSON.stringify(value);
+}
+
+function createAuditDigest(result) {
+  const payload = {
+    asOf: result.asOf,
+    repositoryId: result.repositoryId,
+    versionTag: result.versionTag,
+    totals: result.totals,
+    decisions: result.decisions.map((decision) => ({
+      id: decision.id,
+      license: decision.license,
+      status: decision.status,
+      reasons: decision.reasons,
+    })),
+  };
+
+  return crypto.createHash("sha256").update(stableStringify(payload)).digest("hex");
+}
+
+function requiresNotice(license) {
+  return (
+    PERMISSIVE_LICENSES.has(license) ||
+    OPEN_DATA_LICENSES.has(license) ||
+    COPYLEFT_LICENSES.has(license) ||
+    NON_COMMERCIAL_LICENSES.has(license)
+  );
+}
+
+function isCommercialExport(intent) {
+  return /commercial|partner|enterprise/i.test(intent);
+}
+
+function evaluateAsset(asset, release) {
+  requireFields(asset, ["id", "componentType", "path", "exportIncluded"], "asset");
+
+  const license = normalizeLicense(asset.license);
+  const reasons = [];
+  const actions = [];
+  const base = {
+    id: asset.id,
+    componentType: asset.componentType,
+    path: asset.path,
+    license,
+    exportIncluded: Boolean(asset.exportIncluded),
+    status: PUBLISHABLE,
+    releaseBlocking: false,
+    reasons,
+    actions,
+  };
+
+  if (!asset.exportIncluded) {
+    return {
+      ...base,
+      status: PUBLISHABLE,
+      reasons: ["asset is not included in the release export"],
+      actions: ["No release action required"],
+    };
+  }
+
+  if (!license) {
+    return {
+      ...base,
+      status: HOLD,
+      releaseBlocking: true,
+      reasons: ["asset has no normalized SPDX or data license"],
+      actions: [
+        "Hold tagged release and export bundle",
+        "Attach license metadata or remove asset from export",
+      ],
+    };
+  }
+
+  if (/proprietary|restricted|unknown/i.test(license)) {
+    return {
+      ...base,
+      status: HOLD,
+      releaseBlocking: true,
+      reasons: ["asset license is proprietary, restricted, or unknown"],
+      actions: [
+        "Exclude from public DOI/export package",
+        "Request rights review and replacement artifact",
+      ],
+    };
+  }
+
+  if (NON_COMMERCIAL_LICENSES.has(license) && isCommercialExport(release.exportIntent)) {
+    return {
+      ...base,
+      status: CONFLICT,
+      releaseBlocking: true,
+      reasons: ["non-commercial license conflicts with commercial partner export intent"],
+      actions: [
+        "Block commercial export until asset is relicensed or omitted",
+        "Generate public-only export variant if permitted",
+      ],
+    };
+  }
+
+  if (COPYLEFT_LICENSES.has(license)) {
+    const sourceOkay = release.sourceBundleIncluded && asset.sourceAvailable;
+    const forkOkay = !asset.derivedFromFork || asset.forkLicense === license;
+    if (!sourceOkay || !forkOkay) {
+      return {
+        ...base,
+        status: HOLD,
+        releaseBlocking: true,
+        reasons: [
+          !sourceOkay
+            ? "copyleft asset requires source bundle availability"
+            : "fork attribution license does not match derived asset",
+        ],
+        actions: [
+          "Hold release until source and fork license evidence are complete",
+          "Attach copy of license and source bundle manifest",
+        ],
+      };
+    }
+  }
+
+  if (requiresNotice(license) && (!asset.noticeIncluded || !asset.attribution)) {
+    return {
+      ...base,
+      status: NOTICE_REQUIRED,
+      releaseBlocking: false,
+      reasons: ["license permits export but attribution or notice is incomplete"],
+      actions: [
+        "Add license notice to export manifest",
+        "Include attribution in citation and repository notice files",
+      ],
+    };
+  }
+
+  if (
+    !PERMISSIVE_LICENSES.has(license) &&
+    !OPEN_DATA_LICENSES.has(license) &&
+    !COPYLEFT_LICENSES.has(license) &&
+    !NON_COMMERCIAL_LICENSES.has(license)
+  ) {
+    return {
+      ...base,
+      status: HOLD,
+      releaseBlocking: true,
+      reasons: ["license is not in the supported compatibility matrix"],
+      actions: [
+        "Route to legal/repository steward review before release",
+        "Map license to compatibility policy",
+      ],
+    };
+  }
+
+  return {
+    ...base,
+    status: PUBLISHABLE,
+    releaseBlocking: false,
+    reasons: ["license is compatible with the requested release/export intent"],
+    actions: [
+      "Allow asset in DOI/export package",
+      "Preserve license metadata in manifest",
+    ],
+  };
+}
+
+function analyzeRepositoryLicenses(packet, options = {}) {
+  requireFields(packet, ["release", "assets"], "repository license packet");
+  requireFields(packet.release, ["repositoryId", "versionTag", "exportIntent"], "release");
+
+  if (!Array.isArray(packet.assets)) {
+    throw new Error("assets must be an array");
+  }
+
+  const asOf = options.asOf || packet.asOf || new Date().toISOString();
+  const decisions = packet.assets.map((asset) => evaluateAsset(asset, packet.release));
+  const totals = decisions.reduce(
+    (acc, decision) => {
+      acc.totalAssets += 1;
+      acc.releaseBlockingAssets += decision.releaseBlocking ? 1 : 0;
+      acc.byStatus[decision.status] = (acc.byStatus[decision.status] || 0) + 1;
+      return acc;
+    },
+    {
+      totalAssets: 0,
+      releaseBlockingAssets: 0,
+      byStatus: {},
+    }
+  );
+  const result = {
+    asOf,
+    repositoryId: packet.release.repositoryId,
+    versionTag: packet.release.versionTag,
+    exportIntent: packet.release.exportIntent,
+    totals,
+    decisions,
+  };
+
+  return {
+    ...result,
+    auditDigest: createAuditDigest(result),
+  };
+}
+
+function renderMarkdownReport(result) {
+  const lines = [
+    "# Repository License Compatibility Guard",
+    "",
+    `Repository: ${result.repositoryId}`,
+    `Version: ${result.versionTag}`,
+    `Export intent: ${result.exportIntent}`,
+    `Audit digest: \`${result.auditDigest}\``,
+    "",
+    "## Totals",
+    "",
+    `- Assets evaluated: ${result.totals.totalAssets}`,
+    `- Release-blocking assets: ${result.totals.releaseBlockingAssets}`,
+  ];
+
+  for (const [status, count] of Object.entries(result.totals.byStatus).sort()) {
+    lines.push(`- ${status}: ${count}`);
+  }
+
+  lines.push("", "## Asset Decisions", "");
+  for (const decision of result.decisions) {
+    lines.push(
+      `### ${decision.id}`,
+      "",
+      `- Path: ${decision.path}`,
+      `- Type: ${decision.componentType}`,
+      `- License: ${decision.license || "(missing)"}`,
+      `- Status: ${decision.status}`,
+      `- Release blocking: ${decision.releaseBlocking}`,
+      `- Reasons: ${decision.reasons.join("; ")}`,
+      `- Actions: ${decision.actions.join("; ")}`,
+      ""
+    );
+  }
+
+  return `${lines.join("\n").trimEnd()}\n`;
+}
+
+function escapeXml(value) {
+  return String(value)
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;");
+}
+
+function renderSvgSummary(result) {
+  const rows = Object.entries(result.totals.byStatus)
+    .sort()
+    .map(([status, count], index) => {
+      const y = 154 + index * 46;
+      const width = Math.max(44, count * 94);
+      return `<text x="58" y="${y + 23}" class="label">${escapeXml(status)}</text>
+  <rect x="290" y="${y}" width="${width}" height="28" rx="5" class="bar"/>
+  <text x="${302 + width}" y="${y + 22}" class="value">${count}</text>`;
+    })
+    .join("\n  ");
+
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="960" height="540" viewBox="0 0 960 540">
+  <style>
+    .bg{fill:#111827}
+    .panel{fill:#f8fafc}
+    .title{font:700 34px Arial,sans-serif;fill:#0f172a}
+    .meta{font:400 18px Arial,sans-serif;fill:#475569}
+    .label{font:600 20px Arial,sans-serif;fill:#1e293b}
+    .value{font:700 20px Arial,sans-serif;fill:#0f172a}
+    .bar{fill:#f59e0b}
+    .digest{font:400 15px monospace;fill:#334155}
+  </style>
+  <rect class="bg" width="960" height="540"/>
+  <rect class="panel" x="28" y="28" width="904" height="484" rx="16"/>
+  <text x="58" y="82" class="title">Repository License Compatibility Guard</text>
+  <text x="58" y="116" class="meta">Assets ${result.totals.totalAssets} | Blocking ${result.totals.releaseBlockingAssets}</text>
+  ${rows}
+  <text x="58" y="482" class="digest">audit ${escapeXml(result.auditDigest.slice(0, 48))}</text>
+</svg>
+`;
+}
+
+module.exports = {
+  PUBLISHABLE,
+  NOTICE_REQUIRED,
+  CONFLICT,
+  HOLD,
+  analyzeRepositoryLicenses,
+  createAuditDigest,
+  renderMarkdownReport,
+  renderSvgSummary,
+};
diff --git a/repository-license-compatibility-guard/package.json b/repository-license-compatibility-guard/package.json
new file mode 100644
index 00000000..14ef6b50
--- /dev/null
+++ b/repository-license-compatibility-guard/package.json
@@ -0,0 +1,13 @@
+{
+  "name": "repository-license-compatibility-guard",
+  "version": "1.0.0",
+  "private": true,
+  "description": "Synthetic repository dependency license compatibility guard for SCIBASE issue #10.",
+  "main": "index.js",
+  "scripts": {
+    "check": "node --check index.js && node --check sample-data.js && node --check demo.js && node --check test.js",
+    "test": "node test.js",
+    "demo": "node demo.js"
+  },
+  "license": "MIT"
+}
diff --git a/repository-license-compatibility-guard/reports/demo.mp4 b/repository-license-compatibility-guard/reports/demo.mp4
new file mode 100644
index 0000000000000000000000000000000000000000..a8678b2e7ea2b873e8522ba21cfd7950a530a06d
GIT binary patch
literal 13261
zcmeHOc{tTg`=4W{WQmf{A%$$`SPrR^tt1p>DN&rwdN$`ATh=y-l7uYTS}7!Ji;xzS
zN{<p{El(v`Qc5X)^F`@--rl#K_qu-9_5NY5GvC?n`<~C-bARud?-&38v>PXo>B(l$
z0N?^h3ZoXmkA$T$b+7;c0XG(f0)WbO8kxX>H0Swv$H&jLuIah@qQ$%{QLP!>vbcXB
zKntgXR!5T<ED9Qn(?zqiwY0R*L~UIhMwb8^%rzi^=6ahoYt?no#tx>Cl1w4N22%zz
zkV<jmptUd<ZFMb-mM*OH;Bc4*nwtLp{u+LsWD0{ypldK#?wUw18Xg=P71A)698U(F
zZGa{bhy)TIi)K;W@Y-lHg-B(Pyzy8Ai~$BspcANpYziI|plyH&z+$!0Gz#8>5`bp=
z5@Ajc&145cR`_&bk?~j!3}k{2G|e-BLUutUVj+hMi$Hg$;ITL~$%Dn95nLcE7R_N%
zs8mlj%;^W{lSv$yA^Fho7zlwt-oc<#@LE_kEEerXU~^oUY;R8{LNO`8hv~v_b7NCD
zcy%o_$Abkqpdc+YmBH{Pc)*g&w@NKEo9an|V7^sg&~(;BCnQfAfr9|?q;n`NDghF~
zdLq@AMF?~uF=$Kz2bM`tM;sQxlMY2dLKXp`abpo^6gJcr(S;cZ^PXfpoGcdtnZQJb
zL3AN{64*#5o-E45!2Btm?j9T>Y-2DfbQgC96ShuPG9jxsB@oKSYw2R9vMw}FI$lc$
z%_dRk6p}9ouY*BgvIvMySroPhWM`3Fz7H2^XOZwEmK&Nzgo;Im1q*mBZ4C_C2N?_=
zqk)52CL(wuB?RDc%V7nZLt)}|(4I^<OVA?VBtlsPA7}u`bb@dIW=ByX_kb1SW6#fx
zNHo_vGsCvTKR9T(a?`e=TB}x8<%sP2N05yB+mF|{M8c%_Gr2uws^)SyD7D6b*1OB+
zZd49>Q-xco#@Q*qG@5?&G=9lzdx9uJ$KAWPp2w-Z&ZotGWg!~YaCg0Wu*lq4UVQ(O
zgJc=qC#^nT*LQ2Ey^7v5X!`8r&0LDgmexVXC#N3Q#S9vD<T)}%vZ`i@kG@6sZ%r8s
z2QqJcN`sWu&UGq1aa>D~N{u`CMUPMsKk!`T%d90|7fabZP&yM5W8YGFqH9&&vg=)A
zi{>uFU|!r2WUi~sDz^XV+rHZCw8cW94>=+G1nisIWIoho->wzI+$^X?(F>VcYaAK?
zuqC_VQumzUan19lpd+31*F8!CJ4D_~4s+`t9Q<(cLs;a#2LZj5Bk7|>JiWO?owWGN
zjeq798-E$&BwOr=#teO$E5v5=p~T%}p7Q>IwwWywIM}$zw=o>(m>Q%PW_<{<5f7SG
zbnj>~y+c~4>O+u}@MiAr^vZ<PG<#<(Exc(#ED-$AGqfQ4te;M6$u2IU&6ZVylBXk>
zk+9M9!RElC%G%}|KyU>k+gK~^>){>QT4w5X4@DgfZ+9x_J#K2N0stdhk;eT>gTfI7
zJXYpjK)P?PCEv0R&N!=jxT!71tM5=o-?2N{m*V~uv5}qczvxZ3g`kOwh3nRlOt3E#
za9v35jIvmBGusGG8ftya9w#VsUUHUQahq$yi$;-S9~1a@e(l*H=(TIm%B1VTdM?|D
zj!XV;mkL%Zj|$PQIKRX;EgfWan_R!NeqEoJpq61!WX{6STt(cMm78^dT8Q0qPkU-&
z$5ETTal-M|Vg=iK#rd=H<~Pe1T-tV_J$y8pctE=<HA=BCNzGJ!Hsen}H9~>wg87F2
zXn=}+7?wZUQqSOvQpUXOU2`FGcH`QLC4UOmDg+yghsnAI`JE&sZc*}ZqF=487(OSG
zRJNbGJM+q3Rjr27%DBb@SN*t3Vu4;Qb6b;btQ0kSC$+mJ*?#@_k~X{)&-=NDw%Klq
zZrK|YRdGI?reUW0#v#0P=Zl>4`8G?pmy|p=le(c<noK@-V8hbhlbmy=zBKk-T`%p-
z^GaSAiEZBDnHm0e4};`$ErZv`uN@j}Tc(ZEog2%0?bCy~&sxJ({B{);DMd9^a39DY
z?-#iUS|qm6+SHFJdTz7(L|<GJ-_$s3UXT%g^{n#ln?*-VPkta>yEN}rUU1=IfoFBY
z8#GUm2R!^(?&m(XN4(2XSkG}GmA*Y(<nrYUzm4z0@gybJTSEsQGE;M8Jp)sBhzrG*
zju=};F0Q)Vds|_*F?Xx|Nk$>}+)V>cLt06rt3=wD-s8)AVQ#$buwG~QohUYaw2nCM
z_Q`sY&LM$$MA6lzZvf8)a)YPUPU!(2N`hD{alVsAoI}E`O`l^rQ1mBS8Dh~!u{LdQ
zZY_S>)RS|eYrQJZsu!G%p$qPL=$=(+-)B&pcRA21!p`BsXbtKW;30H}mK_-RBfm&}
zB|`~|2C|xQ>q=!%4&9zcJPsva(oY)A+f#^Yx+iqwXx6M((s}j_3M$#)t|4m9P2Y{K
zs+mUylWN9wHb~k@oYLdr6VpS-IW($S&94p>Xmcz1SZnd{qMUtsOmB8{#EOwoWnJRo
zanr{~Tgdwo){bgx1Ua8w%v;2nEQGvVHeCp>`Ju3f|A)d}H|28G$}KhvcIxfmE$dF`
zw{satb5Ln&?N)f|n;<8<?UZD<zoN&@Bdrx|eF?9JqavfB0(0+|Ji5H-Y31A=`Hzxr
z2B$(XUHIi?mgV!L;}R>&!}RM2n{9RFPo;bey6TPwe~2CKOKg1+w$<Kgggf_4x%Tjr
zmD+QbTI<5MY^!;uA8II;+G=AZoJ!>yPuoL8<AzqbxqkGOKjo2VhX+H3Ljo!Q<&y6c
zg6+3>9jQ)yki+-tB>Ga4a(w%6U$#WGqXAl_7<FQUd&e>Qwe!O&zS-o^Wqt2ktBfUg
z7$0I{Ppi@b6h8ZWZt}3<s_7<lbhkfo4hPZ!)|+YorAW?NY@U(Q3i4Ga+x>E**Zn@D
z+-3*NKJw82=8HoNqSfP+7j%*_#o5w&!9aOyXz}Ngq59*B&#xWKU8$YwxY<(5DVv(o
zfpgR3uI{CsYnfxinbptg40I3dW35Zh@2g53tA4T5&!^yzK)bY9mC9zZPf-<i)TOs5
zJq-)fs@|W@7ic@{ge!a<v;RQZ@!_6g$u{MSgOnt1j{Xf-0V}G_g*#!LKG;360OZ$=
z&(*n_VR~R7>z2Cm`Gl_Rw2}RR!RGXh!Mhe>m)V$+uc7+#a}r(aHEb(pt&Z?k1JcfK
z)dbGlL@k+}7SHmN$bE1BPNDT}#VpK;6_>f*gq|*m2z-9q>8qy70ps@5Vg0W;Rw+I2
zB_xk)ZYNi?t*VbBo6fyGVut2_vt@M^;PK4Hfy*^ndSdzN@q#M2%(IJEB8wm@`Q^TD
zJ(;|Nn;CXZ3Gp@0N}pDLx#j=W;QIEn3oRB`<!^eFa{aTs=3VN+GiNfjq8Bo@D)$B`
zcDOc(IOj^T=e_3UT5?0@8RbjM0{df*>1TN!uU`4d1ACDVb2u+?MGSwQN$x(OT`4@>
zRT__d{lxI{DUKT+-tNfW-dHUbX&B)gc4!I9E;Hg<soZ!#eCpP^$fs`HO;-GO<o;+m
zWOO?s(V^&&dCc-cSLri57YY~Sf<Cts<2uE{i$1+GJ8SV&C;Z)*8sF38(B6TKHkm8+
z+8Wkw4)aUI+;?=elD&bekY1ms#x4(W)X(;nuI{}rUR}9+-_Z{yS?9}q^czAB%N?k-
zc%NM&?3+Y+ry%@z^@C+EeZ)Dz`{IuHU+n%!?%L0{x;lBlLwm`^wl?m2cU34usC=7u
z$N#MSl!;Qvw%WqeRv!6;hcIBi<DOgU+po8FmA<o&t7?BTCnU7^NLNDY>GjRhg)j4j
zX~Cl&#heq%I}Yifxd&wlLB{><1=1qbrsuLh1*^&xbzkmnTKi;kS;d}czRU3=-dVeB
z-^)mMCRSb#u86vN!H=uIVYi%U7}@L?K{ZLNv|>}e3GG#L?_Tu1ek0YRm*aFw2949_
znn|japX&%s9_{0~P&mhXYkNnX7xiVFr9q9e=>5Z8ib14WL%FL)K;Tp=E5hFOC0*j0
zMqb*IxN2<q8k43_S^>lB(G_l46_;Tvx**LJ7|C3&HFTD{8P*V+UdKp1Hh*2<z{7fS
z+alu4wHYnqQRi(!Gz>ak?@-@ov;Do{$#&aY_g%%Gs^Uj=TF0J=Eos*#9Ue3BHx+g=
zuNl}a+E{-@X{hOTX&P5)h>fZhrL%6Y&Kc$42CQ|0mgNnmywKZZJZR{tx%Ihsfb13C
zmvvI^b(}3KWy1>IltSUXFBD&epWB>cD_a-?iZ_e~=wfFPP-7y!qW%eY8Ck^pry|Dg
zlSJatMG|kD#c^X&=w#<~pX!k-v-ZB+dB^LSVeJcHW?%HVKVM&)*HCb*ZjsM;UR2V^
z4HC|}nXjRMYfF(eaI)s#EquZ*?fB-qEjL=jjuD1<pRPL_WaH`+bLIMVcL(=AVQlOw
zQIBPYnDbcuYg*B}(ABfv%SY=5>%}&>1owAkpCWFEtQT9Fv?%|4nAyg+@9)j?MfddF
zR{YfWxMsJ|sVm_r)n(${6!Qfo3D}5h*Xg~F2E!B#3ynHZhr2AfUOmney?sd4GN!UM
z!AyPNPEAdCm2Rz%p781BGddfNf2oqa;eYJj^X=iIwq#)mGx6=c2k57~pR@9W%%Zig
zSV{T}zjn8mH;lP-k9FW)y*Y8s;@62=V?DBGHL5RP&eEdG`&dWOGaU;Ya*u?5I@f3_
zxu*G}yH~tkwe<s5+evFN)}eV9mMW;;6Mikhcrt=EqM@|M+uoVF@X<f%dvxc&Vw`Zl
z@PUvy?C8^yLpMRa8eVjTy+^-0o|h$fC+W}G&Hm+@ifKkgG7*FZ^NW2MZlggfx0=Ys
z?l71wa^|_K!*W$zlzCa}ka8&i+YNg*&Q|eG8>rdeE&q;DAgUz()soNlMVwD>c*q?k
z<({%u%TiypcS`iyV$?G3TieYam~#ZEe${%sIJE&&!LK#^yG`tCikb6y_lra{udc(*
zp;*L9`(24bZ?R8J)8QLP_S}%5nU;}wt41Np{ElWY;H%3a)OENm-1~7fk8~s?szSlu
za$U}s+3Sjl!EpQd{afO%8Ig4WfHdP2MXG7#SWe;;o#rCYv0T%5g<NTd1#t4%Q~BBZ
z7yus>)@;z{cIIb}8w{i!vp#y&*wNft+T2ore^GKwvp>C`t}mjh6k_w`v)}IQyLVsL
z%T{lzOQv#VU;ub~<(6-=Q+b*5j<Th``4(?R&BEzYT9=a~Bk%F~3L7?lSyICC7HX-F
zPT_U?Apd}Wtt4eQ@wF^z_r`DtaGP<uNx<ImDRemA(0Y8sA#-MKVgnIPZS-=;EJux8
zqyoU}vD)qHrLPtO3I!b?i^r5%k&agW*adivz?PjMZ{&@uxZad^0qx`CH><jVd0;cC
z9q^XG4opz#1dd7NR0rG{Ra|bBt84*q>o>c*Ut@uK?(Ans+fx2NvVroQOCnpPBhCUV
z$+&EklIw%L?*TZ1z{H@^NnYQjSd!f_qHQ9l0l25P^KAWz0gcF=W=Hq%b^?PKb3~fd
z1<13~IK^XKwy{UDm4N^F^bEjeWf#z)4uH~E|B5%nZ6RGZHZR_i`$XIBtk7e7_@M-s
zHq8nC^oTWLYMTF6Irc!Npc4RROiw1;43Ij3W4I8GZ%zRKd?Aou6P12ydgM^5VK7(<
zz|i9-+wigDwKC88SD)n;0t?MDkuHUjA<JS^`kCor!rJdYzT}4|;PDIKs(@t6j8k&q
z$f*B1vhVbh87XKV0B4+jdyV9O9LIMyu8%##0!XiVU64}|mEQB05qziPJNo6tGaMx3
zcAJFV`+Kkle-Act7KJm;nDgJl&QSjqZ1)M+8JfQZJ5}fRU{7j0W7B^P+viuXC$*iy
z{yo?MzXy9t+ll`ib|=)LA}XWgSFoqFUG@vu&`UtuPA&gE*i+hm^3P#U+IGgLU%{Tz
z_UP}y?)*L2liE&~`{%GHwVjUtJ=p1nzXdx*@%La)c@mR<4tvUz{ICjqcOx+KFP`KF
zKmQlHZw_$MNG4qSZ#cjyZAbjqu>b19zayH4J!#uBejBPrYQ}F*uh>7a?HRv~7|D#^
z{*Oj7<F}_h3EY7Hw;R_Pzm0q*%<Q+l?5E$hzkl6i%<Q*k_S+NZ96vRZnf*3$;4rh_
z{&pDlQzMx<Cz(E#nmH$F{P}V-=}BhJNhXeWX3j}|ZY2M|=Om2ru`_$7w?c4_{o@ZK
z50Bp9LGl0Ge%pO~EM4?3P=ADdC43V0|Hk>YigC)o)M47@@iBd)e+QfEDMYPnoFNQ9
zZdAvosMdK8dF)#&?Comy?2%zb$gowxG`q{3HLsA8;Bv^g7?q*%>ytgfXEX-G50X=9
zeja3){t&pKu=z}Y0?2PV{G|Y^|5i4dru<os3jjf3c<Ij@Hac^>C;Ego_B~8VgZ=(J
z{H>p#^~(!+xEdxH6)9v68|GvvR5rY#IuW1*L@v)1W`VslvL^wyplRg4j~xSP(7^u2
z1fRMGnaY~T!3T2r^jjWD9gxeY<^(#KN<nA@Fz_}aav&_>N1G7(BWy+TWSa~bUU@{A
zVL;kv`?9F$$vpocn?r<uNCO3I4*T1LAT*iC{actK;YXPh6}-r>;h(f7;sk}H6{N>$
zX<)G$Sa^Ar>PbW{%1#hZKBUH>NdX+BGDVTWqVX=Uz#XQ!Ek-uHmqigXLLS`U?d}Dx
zD8T2@`}~eV)z^^`gj)jM$DC5C-pNUEK#I+oP&iUV@WsNZK=KlB9LPi<0jY<PCz3Qx
zduXa|s$FO*g_ATrPRKJM3#K#elX{ua&y0OcyiZf_$;|sPX%D~h5Ad(n6V7BpUoy})
zk&p@)rhF6Pw~#!S9c<e%(K7jf^&-YFn*}2QMl%=@e`+)pwPC6RqXvuyFe=ZKXY>JW
z0A3&g$bJm54Y(GP7%)Wwv@w8zk>E?_Aok=)qfDeQ3*>*?aKKFpi@;<edxGyl&2w^B
dqnN{CAOdCJ|KT7)5TO9B{BCgN*G3lp{{wA|QqTYZ

literal 0
HcmV?d00001

diff --git a/repository-license-compatibility-guard/reports/reviewer-packet.md b/repository-license-compatibility-guard/reports/reviewer-packet.md
new file mode 100644
index 00000000..d6792416
--- /dev/null
+++ b/repository-license-compatibility-guard/reports/reviewer-packet.md
@@ -0,0 +1,87 @@
+# Repository License Compatibility Guard
+
+Repository: repo-neuro-open-atlas
+Version: v1.4.0
+Export intent: public_doi_and_commercial_partner_export
+Audit digest: `734ff57751d2a28105e23bf2507f2da485edf49f470f9048cb1e19b332b9d71b`
+
+## Totals
+
+- Assets evaluated: 7
+- Release-blocking assets: 3
+- conflict: 1
+- hold: 2
+- notice_required: 2
+- publishable: 2
+
+## Asset Decisions
+
+### asset-code-core
+
+- Path: code/atlas_pipeline.py
+- Type: code
+- License: MIT
+- Status: publishable
+- Release blocking: false
+- Reasons: license is compatible with the requested release/export intent
+- Actions: Allow asset in DOI/export package; Preserve license metadata in manifest
+
+### asset-dataset-images
+
+- Path: data/images-manifest.json
+- Type: dataset
+- License: CC-BY-4.0
+- Status: notice_required
+- Release blocking: false
+- Reasons: license permits export but attribution or notice is incomplete
+- Actions: Add license notice to export manifest; Include attribution in citation and repository notice files
+
+### asset-training-table
+
+- Path: data/training-table.csv
+- Type: dataset
+- License: CC-BY-NC-4.0
+- Status: conflict
+- Release blocking: true
+- Reasons: non-commercial license conflicts with commercial partner export intent
+- Actions: Block commercial export until asset is relicensed or omitted; Generate public-only export variant if permitted
+
+### asset-model-weights
+
+- Path: models/segmentation-weights.bin
+- Type: model
+- License: Proprietary
+- Status: hold
+- Release blocking: true
+- Reasons: asset license is proprietary, restricted, or unknown
+- Actions: Exclude from public DOI/export package; Request rights review and replacement artifact
+
+### asset-notebook
+
+- Path: notebooks/analysis.ipynb
+- Type: notebook
+- License: GPL-3.0
+- Status: notice_required
+- Release blocking: false
+- Reasons: license permits export but attribution or notice is incomplete
+- Actions: Add license notice to export manifest; Include attribution in citation and repository notice files
+
+### asset-figure
+
+- Path: results/figure-3.svg
+- Type: figure
+- License: CC0-1.0
+- Status: publishable
+- Release blocking: false
+- Reasons: license is compatible with the requested release/export intent
+- Actions: Allow asset in DOI/export package; Preserve license metadata in manifest
+
+### asset-raw-supplement
+
+- Path: data/supplement-private.tsv
+- Type: dataset
+- License: (missing)
+- Status: hold
+- Release blocking: true
+- Reasons: asset has no normalized SPDX or data license
+- Actions: Hold tagged release and export bundle; Attach license metadata or remove asset from export
diff --git a/repository-license-compatibility-guard/reports/summary.json b/repository-license-compatibility-guard/reports/summary.json
new file mode 100644
index 00000000..fc5d0acb
--- /dev/null
+++ b/repository-license-compatibility-guard/reports/summary.json
@@ -0,0 +1,131 @@
+{
+  "asOf": "2026-05-22T12:00:00.000Z",
+  "repositoryId": "repo-neuro-open-atlas",
+  "versionTag": "v1.4.0",
+  "exportIntent": "public_doi_and_commercial_partner_export",
+  "totals": {
+    "totalAssets": 7,
+    "releaseBlockingAssets": 3,
+    "byStatus": {
+      "publishable": 2,
+      "notice_required": 2,
+      "conflict": 1,
+      "hold": 2
+    }
+  },
+  "decisions": [
+    {
+      "id": "asset-code-core",
+      "componentType": "code",
+      "path": "code/atlas_pipeline.py",
+      "license": "MIT",
+      "exportIncluded": true,
+      "status": "publishable",
+      "releaseBlocking": false,
+      "reasons": [
+        "license is compatible with the requested release/export intent"
+      ],
+      "actions": [
+        "Allow asset in DOI/export package",
+        "Preserve license metadata in manifest"
+      ]
+    },
+    {
+      "id": "asset-dataset-images",
+      "componentType": "dataset",
+      "path": "data/images-manifest.json",
+      "license": "CC-BY-4.0",
+      "exportIncluded": true,
+      "status": "notice_required",
+      "releaseBlocking": false,
+      "reasons": [
+        "license permits export but attribution or notice is incomplete"
+      ],
+      "actions": [
+        "Add license notice to export manifest",
+        "Include attribution in citation and repository notice files"
+      ]
+    },
+    {
+      "id": "asset-training-table",
+      "componentType": "dataset",
+      "path": "data/training-table.csv",
+      "license": "CC-BY-NC-4.0",
+      "exportIncluded": true,
+      "status": "conflict",
+      "releaseBlocking": true,
+      "reasons": [
+        "non-commercial license conflicts with commercial partner export intent"
+      ],
+      "actions": [
+        "Block commercial export until asset is relicensed or omitted",
+        "Generate public-only export variant if permitted"
+      ]
+    },
+    {
+      "id": "asset-model-weights",
+      "componentType": "model",
+      "path": "models/segmentation-weights.bin",
+      "license": "Proprietary",
+      "exportIncluded": true,
+      "status": "hold",
+      "releaseBlocking": true,
+      "reasons": [
+        "asset license is proprietary, restricted, or unknown"
+      ],
+      "actions": [
+        "Exclude from public DOI/export package",
+        "Request rights review and replacement artifact"
+      ]
+    },
+    {
+      "id": "asset-notebook",
+      "componentType": "notebook",
+      "path": "notebooks/analysis.ipynb",
+      "license": "GPL-3.0",
+      "exportIncluded": true,
+      "status": "notice_required",
+      "releaseBlocking": false,
+      "reasons": [
+        "license permits export but attribution or notice is incomplete"
+      ],
+      "actions": [
+        "Add license notice to export manifest",
+        "Include attribution in citation and repository notice files"
+      ]
+    },
+    {
+      "id": "asset-figure",
+      "componentType": "figure",
+      "path": "results/figure-3.svg",
+      "license": "CC0-1.0",
+      "exportIncluded": true,
+      "status": "publishable",
+      "releaseBlocking": false,
+      "reasons": [
+        "license is compatible with the requested release/export intent"
+      ],
+      "actions": [
+        "Allow asset in DOI/export package",
+        "Preserve license metadata in manifest"
+      ]
+    },
+    {
+      "id": "asset-raw-supplement",
+      "componentType": "dataset",
+      "path": "data/supplement-private.tsv",
+      "license": "",
+      "exportIncluded": true,
+      "status": "hold",
+      "releaseBlocking": true,
+      "reasons": [
+        "asset has no normalized SPDX or data license"
+      ],
+      "actions": [
+        "Hold tagged release and export bundle",
+        "Attach license metadata or remove asset from export"
+      ]
+    }
+  ],
+  "auditDigest": "734ff57751d2a28105e23bf2507f2da485edf49f470f9048cb1e19b332b9d71b"
+}
diff --git a/repository-license-compatibility-guard/reports/summary.svg b/repository-license-compatibility-guard/reports/summary.svg
new file mode 100644
index 00000000..6f396553
--- /dev/null
+++ b/repository-license-compatibility-guard/reports/summary.svg
@@ -0,0 +1,29 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="960" height="540" viewBox="0 0 960 540">
+  <style>
+    .bg{fill:#111827}
+    .panel{fill:#f8fafc}
+    .title{font:700 34px Arial,sans-serif;fill:#0f172a}
+    .meta{font:400 18px Arial,sans-serif;fill:#475569}
+    .label{font:600 20px Arial,sans-serif;fill:#1e293b}
+    .value{font:700 20px Arial,sans-serif;fill:#0f172a}
+    .bar{fill:#f59e0b}
+    .digest{font:400 15px monospace;fill:#334155}
+  </style>
+  <rect class="bg" width="960" height="540"/>
+  <rect class="panel" x="28" y="28" width="904" height="484" rx="16"/>
+  <text x="58" y="82" class="title">Repository License Compatibility Guard</text>
+  <text x="58" y="116" class="meta">Assets 7 | Blocking 3</text>
+  <text x="58" y="177" class="label">conflict</text>
+  <rect x="290" y="154" width="94" height="28" rx="5" class="bar"/>
+  <text x="396" y="176" class="value">1</text>
+  <text x="58" y="223" class="label">hold</text>
+  <rect x="290" y="200" width="188" height="28" rx="5" class="bar"/>
+  <text x="490" y="222" class="value">2</text>
+  <text x="58" y="269" class="label">notice_required</text>
+  <rect x="290" y="246" width="188" height="28" rx="5" class="bar"/>
+  <text x="490" y="268" class="value">2</text>
+  <text x="58" y="315" class="label">publishable</text>
+  <rect x="290" y="292" width="188" height="28" rx="5" class="bar"/>
+  <text x="490" y="314" class="value">2</text>
+  <text x="58" y="482" class="digest">audit 734ff57751d2a28105e23bf2507f2da485edf49f470f9048</text>
+</svg>
diff --git a/repository-license-compatibility-guard/requirements-map.md b/repository-license-compatibility-guard/requirements-map.md
new file mode 100644
index 00000000..4e639578
--- /dev/null
+++ b/repository-license-compatibility-guard/requirements-map.md
@@ -0,0 +1,19 @@
+# Requirements Map
+
+| Issue #10 area | Coverage |
+| --- | --- |
+| Repository structure and components | Evaluates code, dataset, notebook, model, and figure assets in a release manifest. |
+| File and metadata versioning | Binds decisions to a repository ID and semantic version tag. |
+| Collaboration and forking | Checks fork-derived asset license continuity and attribution. |
+| Computation-aware reproducibility | Holds model/notebook assets when source or license evidence is incomplete. |
+| Repository identifiers and citation | Blocks DOI/export publication when license and attribution evidence is unsafe. |
+| Programmatic access and export | Produces deterministic decision packets for export-bundle gating. |
+
+## Non-overlap
+
+This is not a broad repository ledger, release engine, structured diff/rollback,
+provenance attestation, release embargo, notebook replay, schema migration,
+citation impact, API/export, merge queue, environment drift, access review,
+DOI tombstone, metadata readiness, branch lineage, or sensitive-artifact commit
+slice. It focuses on dependency, dataset, model, and generated-artifact license
+compatibility before release/export.
diff --git a/repository-license-compatibility-guard/sample-data.js b/repository-license-compatibility-guard/sample-data.js
new file mode 100644
index 00000000..b18010ab
--- /dev/null
+++ b/repository-license-compatibility-guard/sample-data.js
@@ -0,0 +1,92 @@
+const sampleRepositoryLicensePacket = {
+  asOf: "2026-05-22T12:00:00.000Z",
+  release: {
+    repositoryId: "repo-neuro-open-atlas",
+    versionTag: "v1.4.0",
+    exportIntent: "public_doi_and_commercial_partner_export",
+    forkedFrom: "repo-vision-source",
+    sourceBundleIncluded: true,
+  },
+  assets: [
+    {
+      id: "asset-code-core",
+      componentType: "code",
+      path: "code/atlas_pipeline.py",
+      license: "MIT",
+      attribution: "SCIBASE Neuro Team",
+      noticeIncluded: true,
+      sourceAvailable: true,
+      derivedFromFork: false,
+      exportIncluded: true,
+    },
+    {
+      id: "asset-dataset-images",
+      componentType: "dataset",
+      path: "data/images-manifest.json",
+      license: "CC-BY-4.0",
+      attribution: "Open Imaging Consortium",
+      noticeIncluded: false,
+      sourceAvailable: true,
+      derivedFromFork: false,
+      exportIncluded: true,
+    },
+    {
+      id: "asset-training-table",
+      componentType: "dataset",
+      path: "data/training-table.csv",
+      license: "CC-BY-NC-4.0",
+      attribution: "Partner Lab",
+      noticeIncluded: true,
+      sourceAvailable: true,
+      derivedFromFork: false,
+      exportIncluded: true,
+    },
+    {
+      id: "asset-model-weights",
+      componentType: "model",
+      path: "models/segmentation-weights.bin",
+      license: "Proprietary",
+      attribution: "Private Vendor",
+      noticeIncluded: true,
+      sourceAvailable: false,
+      derivedFromFork: false,
+      exportIncluded: true,
+    },
+    {
+      id: "asset-notebook",
+      componentType: "notebook",
+      path: "notebooks/analysis.ipynb",
+      license: "GPL-3.0",
+      attribution: "Legacy Methods Group",
+      noticeIncluded: false,
+      sourceAvailable: true,
+      derivedFromFork: true,
+      forkLicense: "GPL-3.0",
+      exportIncluded: true,
+    },
+    {
+      id: "asset-figure",
+      componentType: "figure",
+      path: "results/figure-3.svg",
+      license: "CC0-1.0",
+      attribution: "Generated from synthetic data",
+      noticeIncluded: true,
+      sourceAvailable: true,
+      derivedFromFork: false,
+      exportIncluded: true,
+    },
+    {
+      id: "asset-raw-supplement",
+      componentType: "dataset",
+      path: "data/supplement-private.tsv",
+      license: "",
+      attribution: "",
+      noticeIncluded: false,
+      sourceAvailable: false,
+      derivedFromFork: false,
+      exportIncluded: true,
+    },
+  ],
+};
+
+module.exports = { sampleRepositoryLicensePacket };
diff --git a/repository-license-compatibility-guard/test.js b/repository-license-compatibility-guard/test.js
new file mode 100644
index 00000000..33066a26
--- /dev/null
+++ b/repository-license-compatibility-guard/test.js
@@ -0,0 +1,43 @@
+const assert = require("node:assert/strict");
+const {
+  CONFLICT,
+  HOLD,
+  NOTICE_REQUIRED,
+  PUBLISHABLE,
+  analyzeRepositoryLicenses,
+  createAuditDigest,
+  renderMarkdownReport,
+  renderSvgSummary,
+} = require("./index");
+const { sampleRepositoryLicensePacket } = require("./sample-data");
+
+const result = analyzeRepositoryLicenses(sampleRepositoryLicensePacket);
+
+assert.equal(result.totals.totalAssets, 7);
+assert.equal(result.totals.releaseBlockingAssets, 3);
+assert.equal(result.totals.byStatus[PUBLISHABLE], 2);
+assert.equal(result.totals.byStatus[NOTICE_REQUIRED], 2);
+assert.equal(result.totals.byStatus[CONFLICT], 1);
+assert.equal(result.totals.byStatus[HOLD], 2);
+
+const commercialConflict = result.decisions.find((decision) => decision.id === "asset-training-table");
+assert.equal(commercialConflict.status, CONFLICT);
+assert.match(commercialConflict.reasons.join(" "), /non-commercial license/);
+
+const missingLicense = result.decisions.find((decision) => decision.id === "asset-raw-supplement");
+assert.equal(missingLicense.status, HOLD);
+assert.equal(missingLicense.releaseBlocking, true);
+
+const gplNotebook = result.decisions.find((decision) => decision.id === "asset-notebook");
+assert.equal(gplNotebook.status, NOTICE_REQUIRED);
+
+assert.equal(createAuditDigest(result), result.auditDigest);
+assert.match(renderMarkdownReport(result), /Repository License Compatibility Guard/);
+assert.match(renderSvgSummary(result), /Blocking 3/);
+
+assert.throws(
+  () => analyzeRepositoryLicenses({ release: {}, assets: [] }),
+  /missing required release field: repositoryId/
+);
+
+console.log("repository license compatibility guard tests passed");