From 8e18bbead70281b4f1a06e2e350a756a07e9a2d5 Mon Sep 17 00:00:00 2001
From: Pengfei Hu <pengfei@threemoonslab.com>
Date: Sun, 31 May 2026 10:18:14 -0700
Subject: [PATCH 1/3] Rebrand canonical tagline to the deterministic merge gate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the old canonical tagline "Local-first, static Tool-Use Readiness
release gate for AI agent tool surfaces" with "The deterministic merge gate
for AI-generated agent capability changes" (the "Merge Gate" repositioning),
atomically across every contract-enforced public surface plus all remaining
repo-wide occurrences. No engine/logic change — copy and positioning only.

- Update POSITIONING_PHRASE / POSITIONING_SCAN_DOCSTRING (atomic enforcer)
- Static surfaces: README hero (new headline + tagline + local-first/static
  trust sub-line + verify-first quickstart), AGENTS.md, pyproject, action.yml,
  .well-known (tagline + positioning.answer), llms.txt, docs/* positioning pages
- Generated sources + regenerated outputs: CLI help, scan docstring, the four
  block renderers + adoption-kit SKILL.md; report/packet disclaimers; cursor
  rule, both committed SKILL.md copies, slash command, benchmark templates,
  llms-full.txt; bumped renderer SHA snapshots + kit prior_render hashes
- Regenerated all sample report/packet goldens (disclaimer text changed)
- Kept "Tool-Use Readiness" as the category/wedge/report-artifact name
- Off-list cleanup: engineering verifier guide, SEO/GEO review, use-case page,
  onboarding prompt; design-partner CTA reframed to "bring us one AI-generated PR"

Verified: pytest 2368 passed / 4 skipped, generate_schemas --check clean,
ruff clean, zero residual old-tagline.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .agents/skills/agents-shipgate/SKILL.md       |  4 +--
 .claude/commands/shipgate.md                  |  8 ++---
 .cursor/rules/agents-shipgate.mdc             |  6 ++--
 .well-known/agents-shipgate.json              |  4 +--
 AGENTS.md                                     |  4 +--
 README.md                                     | 34 ++++++++++++++-----
 action.yml                                    |  6 ++--
 .../.agents-shipgate-kit-metadata.json        |  3 +-
 adoption-kits/claude-code-skill/SKILL.md      |  4 +--
 .../prompts/add-shipgate-to-repo.md           |  3 +-
 .../.agents-shipgate-kit-metadata.json        |  3 +-
 adoption-kits/codex-skill/SKILL.md            |  4 +--
 .../10-agents-md/AGENTS.md.template           |  4 +--
 .../agents-shipgate.mdc.template              |  6 ++--
 docs/ai-search-summary.md                     |  5 +--
 docs/category.md                              |  5 +--
 docs/concepts.md                              |  5 +--
 docs/design-partners.md                       |  8 +++--
 .../ai-coding-workflow-verifier.md            |  6 ++--
 docs/faq.md                                   |  6 ++--
 docs/glossary.md                              |  8 ++---
 docs/overview.md                              |  7 ++--
 docs/target-repo-agent-snippets.md            | 18 +++++-----
 docs/use-cases/ai-generated-agent-prs.md      |  9 ++---
 llms-full.txt                                 |  9 ++---
 llms.txt                                      |  4 +--
 marketing/seo-geo-review.md                   |  6 ++--
 prompts/add-shipgate-to-repo.md               |  3 +-
 pyproject.toml                                |  2 +-
 .../simple_crewai_agent/expected/report.md    |  2 +-
 .../simple_langchain_agent/expected/report.md |  2 +-
 .../expected/report.md                        |  2 +-
 .../support_refund_agent/expected/packet.html |  2 +-
 .../support_refund_agent/expected/packet.json |  2 +-
 .../support_refund_agent/expected/packet.md   |  2 +-
 .../support_refund_agent/expected/report.md   |  2 +-
 skills/agents-shipgate/SKILL.md               |  4 +--
 .../prompts/add-shipgate-to-repo.md           |  3 +-
 src/agents_shipgate/cli/_register_scan.py     |  2 +-
 .../agent_instructions/renderers/agents_md.py |  4 +--
 .../agent_instructions/renderers/claude_md.py |  4 +--
 .../agent_instructions/renderers/cursor.py    |  6 ++--
 .../renderers/pr_template.py                  |  4 +--
 src/agents_shipgate/cli/main.py               |  2 +-
 src/agents_shipgate/packet/disclaimer.py      |  5 +--
 src/agents_shipgate/report/markdown.py        |  5 +--
 tests/test_agent_instructions_renderers.py    |  6 ++--
 tests/test_docs_links.py                      |  2 +-
 tests/test_public_surface_contract.py         | 10 +++---
 49 files changed, 148 insertions(+), 117 deletions(-)

diff --git a/.agents/skills/agents-shipgate/SKILL.md b/.agents/skills/agents-shipgate/SKILL.md
index 59090336..943eb89e 100644
--- a/.agents/skills/agents-shipgate/SKILL.md
+++ b/.agents/skills/agents-shipgate/SKILL.md
@@ -1,11 +1,11 @@
 ---
 name: agents-shipgate
-description: Use when the user wants to add or run Agents Shipgate as a local-first, static Tool-Use Readiness release gate for an AI agent's tool surface; review or prepare a tool-using agent for release; scan MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK, LangChain/LangGraph, CrewAI, OpenAI API, Codex plugin, or n8n tool artifacts; add advisory CI; or interpret, fix, triage, suppress, or explain a Shipgate finding.
+description: Use when the user wants to add or run Agents Shipgate — the deterministic merge gate for AI-generated agent capability changes — on an AI agent's tool surface; review or prepare a tool-using agent for release; scan MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK, LangChain/LangGraph, CrewAI, OpenAI API, Codex plugin, or n8n tool artifacts; add advisory CI; or interpret, fix, triage, suppress, or explain a Shipgate finding.
 ---
 
 # Agents Shipgate
 
-Agents Shipgate is a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It reads `shipgate.yaml` plus local tool sources and writes deterministic reports as Markdown, JSON, SARIF, and Release Evidence Packets.
+Agents Shipgate is the deterministic merge gate for AI-generated agent capability changes — a local-first, static Tool-Use Readiness review. It reads `shipgate.yaml` plus local tool sources and writes deterministic reports as Markdown, JSON, SARIF, and Release Evidence Packets.
 
 Use this skill when a task touches agent tools, MCP exports, OpenAPI specs, prompts that constrain tool use, permissions/scopes, approval or confirmation policies, `shipgate.yaml`, Shipgate CI, or `agents-shipgate-reports/report.json`.
 
diff --git a/.claude/commands/shipgate.md b/.claude/commands/shipgate.md
index 6f181636..081d179f 100644
--- a/.claude/commands/shipgate.md
+++ b/.claude/commands/shipgate.md
@@ -1,14 +1,14 @@
 ---
-description: Bootstrap or verify agents-shipgate as a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces
+description: Bootstrap or verify agents-shipgate as the deterministic merge gate for AI-generated agent capability changes
 ---
 
 Arguments: `$ARGUMENTS`
 
 If the arguments include `verify`, run the ongoing-PR verifier flow. Otherwise
 run the agents-shipgate bootstrap flow on the current repo: install the CLI,
-add a local-first, static Tool-Use Readiness release gate for AI agent tool
-surfaces, generate `shipgate.yaml`, fill in placeholders, run a scan, and
-surface the top findings from the JSON report.
+add the deterministic merge gate for AI-generated agent capability changes (a
+local-first, static Tool-Use Readiness review), generate `shipgate.yaml`, fill
+in placeholders, run a scan, and surface the top findings from the JSON report.
 
 The canonical, self-contained instructions live in the bundled prompt files.
 For bootstrap, read `prompts/add-shipgate-to-repo.md`. For verifier runs, read
diff --git a/.cursor/rules/agents-shipgate.mdc b/.cursor/rules/agents-shipgate.mdc
index 6f07f5f1..503da0b0 100644
--- a/.cursor/rules/agents-shipgate.mdc
+++ b/.cursor/rules/agents-shipgate.mdc
@@ -1,5 +1,5 @@
 ---
-description: Run Agents Shipgate as a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.
+description: Run Agents Shipgate as the deterministic merge gate for AI-generated agent capability changes.
 globs:
   - "shipgate.yaml"
   - "**/*openapi*.yaml"
@@ -28,8 +28,8 @@ globs:
 alwaysApply: false
 ---
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review.
 
 When a change affects agent tools, MCP exports, OpenAPI specs, prompts,
 permissions, approval policies, or release gates, run Agents Shipgate.
diff --git a/.well-known/agents-shipgate.json b/.well-known/agents-shipgate.json
index 5806eda3..9f16f0fb 100644
--- a/.well-known/agents-shipgate.json
+++ b/.well-known/agents-shipgate.json
@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "name": "agents-shipgate",
   "display_name": "Agents Shipgate",
-  "tagline": "Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces",
+  "tagline": "The deterministic merge gate for AI-generated agent capability changes",
   "version": "0.10.0",
   "license": "Apache-2.0",
   "publisher": {
@@ -13,7 +13,7 @@
   "primary_wedge": "tool_use_readiness",
   "positioning": {
     "short": "Agent release readiness for tool-using AI agents",
-    "answer": "Agents Shipgate is described by the canonical tagline: Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It is an open-source CLI and GitHub Action from Three Moons Lab that produces deterministic Tool-Use Readiness Reports before production-like permissions are granted.",
+    "answer": "Agents Shipgate is described by the canonical tagline: The deterministic merge gate for AI-generated agent capability changes. It is an open-source CLI and GitHub Action from Three Moons Lab that produces deterministic Tool-Use Readiness Reports before production-like permissions are granted.",
     "primary_use_case": "Run in CI before promoting an agent whose MCP, OpenAPI, SDK, workflow, or plugin tool surface changed.",
     "not_for": ["llm_evals", "runtime_guardrails", "runtime_observability", "general_linting"]
   },
diff --git a/AGENTS.md b/AGENTS.md
index 24371e40..8cc57fa1 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -8,7 +8,7 @@ Authoritative instructions for AI coding agents (Claude Code, Codex, Cursor, Aid
 
 ## What this project is
 
-Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. Reads `shipgate.yaml` plus tool sources (MCP exports, OpenAPI specs, OpenAI Agents SDK Python files, Anthropic Messages API tool/prompt artifacts, Google ADK Python/config files, LangChain/LangGraph Python files, CrewAI Python files, OpenAI API artifacts, Codex plugin packages and marketplaces, n8n workflow JSON/stubs) and produces deterministic findings.
+The deterministic merge gate for AI-generated agent capability changes. Reads `shipgate.yaml` plus tool sources (MCP exports, OpenAPI specs, OpenAI Agents SDK Python files, Anthropic Messages API tool/prompt artifacts, Google ADK Python/config files, LangChain/LangGraph Python files, CrewAI Python files, OpenAI API artifacts, Codex plugin packages and marketplaces, n8n workflow JSON/stubs) and produces deterministic findings. Local-first and static by default — no agent execution, tool calls, LLM calls, or network access.
 
 - **Inputs:** MCP · OpenAPI · OpenAI Agents SDK · Anthropic Messages API · Google ADK · LangChain/LangGraph · CrewAI · OpenAI API · Codex plugin · n8n
 - **Outputs:** Markdown · JSON · SARIF
@@ -31,7 +31,7 @@ Do **not** use any of: `Agent Shipgate` (singular), `Agent Shipcheck`, `agents s
 
 The canonical tagline is:
 
-> Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.
+> The deterministic merge gate for AI-generated agent capability changes.
 
 This single sentence is the source of truth for the GitHub repo description, [README.md](README.md), the [wiki Home page](https://github.com/ThreeMoonsLab/agents-shipgate/wiki/Home), and the [marketing site](https://threemoonslab.com/) `<meta name="description">`. Keep them in sync.
 
diff --git a/README.md b/README.md
index 142f3903..b0c5bc02 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 <p align="center">
   <picture>
     <source media="(prefers-color-scheme: dark)" srcset="assets/readme-header-dark.png">
-    <img src="assets/readme-header.png" alt="Agents Shipgate · local-first, static Tool-Use Readiness release gate for AI agent tool surfaces" width="100%">
+    <img src="assets/readme-header.png" alt="Agents Shipgate · the deterministic merge gate for AI-generated agent capability changes" width="100%">
   </picture>
 </p>
 
@@ -13,9 +13,13 @@
 [![License](https://img.shields.io/pypi/l/agents-shipgate)](LICENSE)
 [![CI](https://github.com/ThreeMoonsLab/agents-shipgate/actions/workflows/ci.yml/badge.svg)](https://github.com/ThreeMoonsLab/agents-shipgate/actions/workflows/ci.yml)
 
-**Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.**
+**Your coding agent changed what your AI agent can do — Agents Shipgate tells you whether it can merge.**
 
-<!-- Canonical tagline: Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. -->
+**The deterministic merge gate for AI-generated agent capability changes.**
+
+Local-first and static by default — no agent execution, tool calls, LLM calls, or network access.
+
+<!-- Canonical tagline: The deterministic merge gate for AI-generated agent capability changes. -->
 
 Agents Shipgate is an open-source CLI and GitHub Action for local-first,
 static Tool-Use Readiness review. It scans MCP, OpenAPI, OpenAI Agents SDK,
@@ -40,10 +44,21 @@ Apache-2.0.
 
 ## One-command quickstart
 
-For a 5-minute first run, use one of three paths: scan the bundled fixture,
-run the zero-install detector, or initialize Shipgate in your real repo. If you
-already have [`uv`](https://docs.astral.sh/uv/) installed, the fixture path is
-a one-command check with no persistent install:
+The core loop is verify-first: when a PR changes what your agent can do, run the
+deterministic verifier on the diff and read its merge verdict before you merge.
+
+```bash
+agents-shipgate verify --workspace . --config shipgate.yaml \
+  --ci-mode advisory --format json
+```
+
+The release gate is `agents-shipgate-reports/report.json` →
+`release_decision.decision` (`blocked | review_required | insufficient_evidence | passed`).
+No `shipgate.yaml` yet? Run `agents-shipgate init --workspace . --write` first.
+
+Want a 5-minute first run with zero setup? Scan the bundled fixture. If you
+already have [`uv`](https://docs.astral.sh/uv/) installed, the fixture path is a
+one-command check with no persistent install:
 
 ```bash
 uvx agents-shipgate fixture run support_refund_agent
@@ -294,8 +309,9 @@ Once an AI agent can refund, email, cancel, deploy, or modify a record, every to
 
 Agents Shipgate produces a deterministic answer to that question, before promotion.
 
-The current product promise is deliberately narrow: a local-first, static
-Tool-Use Readiness release gate. Broader lifecycle ideas are future roadmap
+The current product promise is deliberately narrow: a deterministic, local-first,
+static merge gate for AI-generated agent capability changes — the Tool-Use
+Readiness review run at PR time. Broader lifecycle ideas are future roadmap
 work, not claims this scanner makes today.
 
 ## Findings Gallery
diff --git a/action.yml b/action.yml
index 560ea522..379e5772 100644
--- a/action.yml
+++ b/action.yml
@@ -1,10 +1,10 @@
 name: Agents Shipgate
 description: >-
-  Local-first, static Tool-Use Readiness release gate for AI agent tool
-  surfaces. Scans MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK,
+  The deterministic merge gate for AI-generated agent capability changes.
+  Scans MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK,
   LangChain, CrewAI, OpenAI API, Codex plugin, and n8n artifacts.
   Writes a Tool-Use Readiness Report (Markdown / JSON / SARIF) before your
-  agent gets production-like permissions. Static-by-default. Audited
+  agent gets production-like permissions. Local-first and static-by-default. Audited
   exceptions are pinned per call site in
   tests/test_adapter_static_only.py::ALLOWED_EXCEPTIONS. Apache-2.0.
 author: ThreeMoonsLab
diff --git a/adoption-kits/claude-code-skill/.agents-shipgate-kit-metadata.json b/adoption-kits/claude-code-skill/.agents-shipgate-kit-metadata.json
index 409c9970..806a7ecd 100644
--- a/adoption-kits/claude-code-skill/.agents-shipgate-kit-metadata.json
+++ b/adoption-kits/claude-code-skill/.agents-shipgate-kit-metadata.json
@@ -4,7 +4,8 @@
   "prior_render_sha256": {
     "SKILL.md": [
       "139b5e00b916448cf2de4752221c66296a7e546865b1efdf93f98d8bb5cb3019",
-      "5ab92f77352ea31ad03c28e1d596b20ada24fa4176a5e0b0b38990e4a00fb5bb"
+      "5ab92f77352ea31ad03c28e1d596b20ada24fa4176a5e0b0b38990e4a00fb5bb",
+      "9ce82bdc41f2e1ea28c7fec3aaeec0137efeacf8986b66a9ac0e3eccc5abd834"
     ]
   },
   "bootstrap_legacy_sha256": {
diff --git a/adoption-kits/claude-code-skill/SKILL.md b/adoption-kits/claude-code-skill/SKILL.md
index 94451e92..bb5e334a 100644
--- a/adoption-kits/claude-code-skill/SKILL.md
+++ b/adoption-kits/claude-code-skill/SKILL.md
@@ -1,11 +1,11 @@
 ---
 name: agents-shipgate
-description: Use when the user wants to add a local-first, static Tool-Use Readiness release gate for an AI agent's tool surface, run agents-shipgate scans, fix or triage Shipgate findings, add Shipgate to CI, or interpret a shipgate report. Triggers on phrases like "add shipgate", "release readiness for my agent", "tool-use readiness", "scan my agent", "shipgate scan", "shipgate.yaml", "agents-shipgate-reports/report.json", "fix shipgate finding".
+description: Use when the user wants to add the deterministic merge gate for AI-generated agent capability changes (a local-first, static Tool-Use Readiness review) to an AI agent's tool surface, run agents-shipgate scans, fix or triage Shipgate findings, add Shipgate to CI, or interpret a shipgate report. Triggers on phrases like "add shipgate", "release readiness for my agent", "tool-use readiness", "scan my agent", "shipgate scan", "shipgate.yaml", "agents-shipgate-reports/report.json", "fix shipgate finding".
 ---
 
 # agents-shipgate skill
 
-`agents-shipgate` is a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It analyzes `shipgate.yaml` plus tool sources (MCP exports, OpenAPI specs, OpenAI Agents SDK Python files, Anthropic Messages API artifacts, Google ADK files, LangChain/LangGraph files, CrewAI files, OpenAI API artifacts, Codex plugin packages and marketplaces, n8n workflow JSON) and emits deterministic findings as Markdown, JSON, and SARIF.
+`agents-shipgate` is the deterministic merge gate for AI-generated agent capability changes — a local-first, static Tool-Use Readiness review. It analyzes `shipgate.yaml` plus tool sources (MCP exports, OpenAPI specs, OpenAI Agents SDK Python files, Anthropic Messages API artifacts, Google ADK files, LangChain/LangGraph files, CrewAI files, OpenAI API artifacts, Codex plugin packages and marketplaces, n8n workflow JSON) and emits deterministic findings as Markdown, JSON, and SARIF.
 
 It does **not** run agents, call tools, invoke LLMs, connect to MCP servers, or send telemetry by default. Static analysis only; audited exceptions are pinned in `tests/test_adapter_static_only.py::ALLOWED_EXCEPTIONS`.
 
diff --git a/adoption-kits/claude-code-skill/prompts/add-shipgate-to-repo.md b/adoption-kits/claude-code-skill/prompts/add-shipgate-to-repo.md
index afa92503..9847a8bb 100644
--- a/adoption-kits/claude-code-skill/prompts/add-shipgate-to-repo.md
+++ b/adoption-kits/claude-code-skill/prompts/add-shipgate-to-repo.md
@@ -3,7 +3,8 @@
 You are working in a repo that may contain an AI agent — likely one of: an MCP server tool list (`*mcp*.json` or `.agents-shipgate/*.json`), an OpenAPI spec the agent calls, a Codex plugin package (`.codex-plugin/plugin.json`) or marketplace (`.agents/plugins/marketplace.json`), a Python file with `@function_tool` / `@tool` decorators (OpenAI Agents SDK, LangChain, CrewAI), a Google ADK agent in `agent.py`, an Anthropic Messages API artifact set under `prompts/`/`tools/anthropic-tools.json`/`policies/anthropic-policy.yaml`, or an OpenAI API artifact set under `prompts/`/`tools/openai-tools.json`/`openai-config.json`.
 
 Your job is to drive the canonical 4-call flow end-to-end in one tool-using
-turn, which adds a local-first, static Tool-Use Readiness release gate.
+turn, which adds the deterministic merge gate for AI-generated agent capability
+changes — a local-first, static Tool-Use Readiness review.
 
 ## Your task
 
diff --git a/adoption-kits/codex-skill/.agents-shipgate-kit-metadata.json b/adoption-kits/codex-skill/.agents-shipgate-kit-metadata.json
index 06096f85..67a538ee 100644
--- a/adoption-kits/codex-skill/.agents-shipgate-kit-metadata.json
+++ b/adoption-kits/codex-skill/.agents-shipgate-kit-metadata.json
@@ -3,7 +3,8 @@
   "target": "codex-skill",
   "prior_render_sha256": {
     "SKILL.md": [
-      "920b60dcfeacb5eac55936d82f31796eb9a88bcec0e910fa56c278018c597772"
+      "920b60dcfeacb5eac55936d82f31796eb9a88bcec0e910fa56c278018c597772",
+      "367ef145ef928912cc517149e61b0efe413e740680787ef13441a6abd55b4647"
     ],
     "references/recipes.md": [
       "df5110bfa05eeabd9b918d8902b5c054fa547d1155be61ef6e7d7d63378bf210"
diff --git a/adoption-kits/codex-skill/SKILL.md b/adoption-kits/codex-skill/SKILL.md
index 59090336..943eb89e 100644
--- a/adoption-kits/codex-skill/SKILL.md
+++ b/adoption-kits/codex-skill/SKILL.md
@@ -1,11 +1,11 @@
 ---
 name: agents-shipgate
-description: Use when the user wants to add or run Agents Shipgate as a local-first, static Tool-Use Readiness release gate for an AI agent's tool surface; review or prepare a tool-using agent for release; scan MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK, LangChain/LangGraph, CrewAI, OpenAI API, Codex plugin, or n8n tool artifacts; add advisory CI; or interpret, fix, triage, suppress, or explain a Shipgate finding.
+description: Use when the user wants to add or run Agents Shipgate — the deterministic merge gate for AI-generated agent capability changes — on an AI agent's tool surface; review or prepare a tool-using agent for release; scan MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK, LangChain/LangGraph, CrewAI, OpenAI API, Codex plugin, or n8n tool artifacts; add advisory CI; or interpret, fix, triage, suppress, or explain a Shipgate finding.
 ---
 
 # Agents Shipgate
 
-Agents Shipgate is a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It reads `shipgate.yaml` plus local tool sources and writes deterministic reports as Markdown, JSON, SARIF, and Release Evidence Packets.
+Agents Shipgate is the deterministic merge gate for AI-generated agent capability changes — a local-first, static Tool-Use Readiness review. It reads `shipgate.yaml` plus local tool sources and writes deterministic reports as Markdown, JSON, SARIF, and Release Evidence Packets.
 
 Use this skill when a task touches agent tools, MCP exports, OpenAPI specs, prompts that constrain tool use, permissions/scopes, approval or confirmation policies, `shipgate.yaml`, Shipgate CI, or `agents-shipgate-reports/report.json`.
 
diff --git a/benchmark/setup-variants/10-agents-md/AGENTS.md.template b/benchmark/setup-variants/10-agents-md/AGENTS.md.template
index 1091441b..9371e597 100644
--- a/benchmark/setup-variants/10-agents-md/AGENTS.md.template
+++ b/benchmark/setup-variants/10-agents-md/AGENTS.md.template
@@ -1,7 +1,7 @@
 ## Tool-Use Readiness Release Gate
 
-This repo uses Agents Shipgate as the local-first, static Tool-Use Readiness
-release gate for AI agent tool surfaces.
+This repo uses Agents Shipgate as the deterministic merge gate for AI-generated
+agent capability changes — a local-first, static Tool-Use Readiness review.
 
 Run Shipgate when this PR changes agent tools, MCP exports, OpenAPI specs,
 prompts that constrain tool use, permissions, approval policies,
diff --git a/benchmark/setup-variants/30-cursor-rule/agents-shipgate.mdc.template b/benchmark/setup-variants/30-cursor-rule/agents-shipgate.mdc.template
index 6f07f5f1..503da0b0 100644
--- a/benchmark/setup-variants/30-cursor-rule/agents-shipgate.mdc.template
+++ b/benchmark/setup-variants/30-cursor-rule/agents-shipgate.mdc.template
@@ -1,5 +1,5 @@
 ---
-description: Run Agents Shipgate as a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.
+description: Run Agents Shipgate as the deterministic merge gate for AI-generated agent capability changes.
 globs:
   - "shipgate.yaml"
   - "**/*openapi*.yaml"
@@ -28,8 +28,8 @@ globs:
 alwaysApply: false
 ---
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review.
 
 When a change affects agent tools, MCP exports, OpenAPI specs, prompts,
 permissions, approval policies, or release gates, run Agents Shipgate.
diff --git a/docs/ai-search-summary.md b/docs/ai-search-summary.md
index bbdc9b01..f1e09740 100644
--- a/docs/ai-search-summary.md
+++ b/docs/ai-search-summary.md
@@ -7,8 +7,9 @@ short, citable description of Agents Shipgate.
 ## What Agents Shipgate is
 
 Agents Shipgate is an open-source CLI and GitHub Action from Three Moons Lab.
-It is a local-first, static Tool-Use Readiness release gate for AI agent tool
-surfaces. It reads a `shipgate.yaml` manifest plus declared local tool sources,
+It is the deterministic merge gate for AI-generated agent capability changes —
+a local-first, static Tool-Use Readiness review. It reads a `shipgate.yaml`
+manifest plus declared local tool sources,
 then writes deterministic Tool-Use Readiness Reports as Markdown, JSON, and
 SARIF.
 
diff --git a/docs/category.md b/docs/category.md
index 04d56c9b..a8aca5e2 100644
--- a/docs/category.md
+++ b/docs/category.md
@@ -4,8 +4,9 @@ A **Tool-Use Readiness release gate** is a local-first, static pre-flight
 check that runs before an agent is promoted to staging, production-like, or
 production environments.
 
-Agents Shipgate is a local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces. It focuses on what tools are attached, what schemas
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes: the local-first, static Tool-Use Readiness review that runs
+at PR time. It focuses on what tools are attached, what schemas
 they expose, what scopes they require, what policies the manifest declares,
 and which release risks need human review.
 
diff --git a/docs/concepts.md b/docs/concepts.md
index 522938cd..6d23a6cd 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -1,7 +1,8 @@
 # Concepts
 
-The mental model behind Agents Shipgate, a local-first, static Tool-Use
-Readiness release gate for AI agent tool surfaces.
+The mental model behind Agents Shipgate, the deterministic merge gate for
+AI-generated agent capability changes — a local-first, static Tool-Use
+Readiness review.
 
 For the product-level definition of a Tool-Use Readiness release gate, see
 [`category.md`](category.md). For the agent-facing
diff --git a/docs/design-partners.md b/docs/design-partners.md
index b372bb7b..013fbcf9 100644
--- a/docs/design-partners.md
+++ b/docs/design-partners.md
@@ -1,7 +1,8 @@
 # Design Partners
 
-Three Moons Lab is looking for early design partners who are shipping
-tool-using AI agents and want a repeatable release-readiness review before
+Three Moons Lab is looking for early design partners who ship tool-using AI
+agents — often with coding agents like Claude Code, Codex, or Cursor — and want
+a deterministic merge gate on every AI-generated agent-capability change before
 production-like permissions are granted.
 
 ## Good Fit
@@ -43,6 +44,9 @@ Three Moons Lab asks for:
 
 ## Contact
 
+The fastest way to start: bring us one AI-generated PR that changes what your
+agent can do, and we'll turn it into a deterministic merge verdict together.
+
 Email `help@threemoonslab.com` with the subject `Agents Shipgate design partner
 review`.
 
diff --git a/docs/engineering/ai-coding-workflow-verifier.md b/docs/engineering/ai-coding-workflow-verifier.md
index 8fe7f120..91fd54b9 100644
--- a/docs/engineering/ai-coding-workflow-verifier.md
+++ b/docs/engineering/ai-coding-workflow-verifier.md
@@ -8,15 +8,15 @@ Scope: product direction, architecture constraints, roadmap, and acceptance crit
 
 ## 1. North star
 
-Agents Shipgate is already a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. The next product step is not to become a broader scanner. The next step is to become the deterministic verifier that must pass when Claude Code, Codex, Cursor, or a human produces an agent-related diff.
+Agents Shipgate is the deterministic merge gate for AI-generated agent capability changes — today delivered as a local-first, static Tool-Use Readiness review. The next product step is not to become a broader scanner. The next step is to make that merge gate the deterministic verifier that must pass when Claude Code, Codex, Cursor, or a human produces an agent-related diff.
 
 North-star sentence:
 
 > When a coding agent changes what an AI agent can do, Agents Shipgate deterministically identifies the capability delta, applies release policy, explains the decision, and tells the coding agent or human reviewer the next safe action.
 
-Keep the canonical category sentence:
+Keep the canonical tagline:
 
-> Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.
+> The deterministic merge gate for AI-generated agent capability changes.
 
 Add this sentence when the verifier loop ships:
 
diff --git a/docs/faq.md b/docs/faq.md
index 692b1eb3..6660065b 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -5,9 +5,9 @@ and AI search engines (ChatGPT, Claude, Perplexity, Google AI Overviews).
 
 ## What is agents-shipgate?
 
-agents-shipgate is a local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces. It is a CLI and GitHub Action. Open source,
-Apache-2.0.
+agents-shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review. It is a
+CLI and GitHub Action. Open source, Apache-2.0.
 
 ## What is agent release readiness?
 
diff --git a/docs/glossary.md b/docs/glossary.md
index 57745c4e..342191c0 100644
--- a/docs/glossary.md
+++ b/docs/glossary.md
@@ -1,9 +1,9 @@
 # Glossary
 
-Category vocabulary for agents-shipgate, a local-first, static Tool-Use
-Readiness release gate for AI agent tool surfaces. Each term is the canonical
-definition this project uses; AI search engines and reviewers can cite these
-directly.
+Category vocabulary for agents-shipgate, the deterministic merge gate for
+AI-generated agent capability changes — a local-first, static Tool-Use
+Readiness review. Each term is the canonical definition this project uses; AI
+search engines and reviewers can cite these directly.
 
 ## Agent release readiness
 
diff --git a/docs/overview.md b/docs/overview.md
index 652c055a..9070b13b 100644
--- a/docs/overview.md
+++ b/docs/overview.md
@@ -1,8 +1,9 @@
 # Agents Shipgate Overview
 
-Agents Shipgate is a local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces. It reads `shipgate.yaml` plus declared local tool
-sources and writes a Tool-Use Readiness Report as Markdown, JSON, and SARIF.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review. It reads
+`shipgate.yaml` plus declared local tool sources and writes a Tool-Use
+Readiness Report as Markdown, JSON, and SARIF.
 
 Use it when an agent can call tools that refund, email, cancel, deploy, modify
 records, read sensitive data, or change infrastructure. The scanner runs before
diff --git a/docs/target-repo-agent-snippets.md b/docs/target-repo-agent-snippets.md
index 404cf9a0..dac46844 100644
--- a/docs/target-repo-agent-snippets.md
+++ b/docs/target-repo-agent-snippets.md
@@ -33,8 +33,8 @@ impact unless Shipgate is already configured or the user explicitly asks.
 ````md
 ## Tool-Use Readiness Release Gate
 
-This repo uses Agents Shipgate as the local-first, static Tool-Use Readiness
-release gate for AI agent tool surfaces.
+This repo uses Agents Shipgate as the deterministic merge gate for AI-generated
+agent capability changes — a local-first, static Tool-Use Readiness review.
 
 Run Shipgate when this PR changes agent tools, MCP exports, OpenAPI specs,
 prompts that constrain tool use, permissions, approval policies,
@@ -132,8 +132,8 @@ advisory GitHub Action template under `ci-recipes/`.
 ````md
 ## Agents Shipgate
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review.
 
 For agent tool-surface or release-policy changes, run:
 
@@ -172,7 +172,7 @@ waivers, removing Shipgate CI, or weakening agent instructions. Verify-mode
 
 ```md
 ---
-description: Run Agents Shipgate as a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.
+description: Run Agents Shipgate as the deterministic merge gate for AI-generated agent capability changes.
 globs:
   - "shipgate.yaml"
   - "**/*openapi*.yaml"
@@ -201,8 +201,8 @@ globs:
 alwaysApply: false
 ---
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review.
 
 When a change affects agent tools, MCP exports, OpenAPI specs, prompts,
 permissions, approval policies, or release gates, run Agents Shipgate.
@@ -271,8 +271,8 @@ References:
 ````md
 ## Tool-Use Readiness Release Gate
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review.
 
 - [ ] If this PR changes agent tools, MCP/OpenAPI specs, prompts, permissions,
       approval policy, confirmation policy, CI release gates, or
diff --git a/docs/use-cases/ai-generated-agent-prs.md b/docs/use-cases/ai-generated-agent-prs.md
index 266010d1..396d777b 100644
--- a/docs/use-cases/ai-generated-agent-prs.md
+++ b/docs/use-cases/ai-generated-agent-prs.md
@@ -1,9 +1,10 @@
 # Verify an AI-Generated Agent PR
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces. Built for AI coding workflows: when Claude Code, Codex,
-Cursor, or a human changes an agent's tool access, Agents Shipgate turns the diff
-into a deterministic merge verdict.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review. Built for
+AI coding workflows: when Claude Code, Codex, Cursor, or a human changes an
+agent's tool access, Agents Shipgate turns the diff into a deterministic merge
+verdict.
 
 This page is the end-to-end use case for that workflow. For the deeper
 engineering rationale and roadmap, see
diff --git a/llms-full.txt b/llms-full.txt
index e4177684..3919c449 100644
--- a/llms-full.txt
+++ b/llms-full.txt
@@ -33,7 +33,7 @@ Authoritative instructions for AI coding agents (Claude Code, Codex, Cursor, Aid
 
 ## What this project is
 
-Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. Reads `shipgate.yaml` plus tool sources (MCP exports, OpenAPI specs, OpenAI Agents SDK Python files, Anthropic Messages API tool/prompt artifacts, Google ADK Python/config files, LangChain/LangGraph Python files, CrewAI Python files, OpenAI API artifacts, Codex plugin packages and marketplaces, n8n workflow JSON/stubs) and produces deterministic findings.
+The deterministic merge gate for AI-generated agent capability changes. Reads `shipgate.yaml` plus tool sources (MCP exports, OpenAPI specs, OpenAI Agents SDK Python files, Anthropic Messages API tool/prompt artifacts, Google ADK Python/config files, LangChain/LangGraph Python files, CrewAI Python files, OpenAI API artifacts, Codex plugin packages and marketplaces, n8n workflow JSON/stubs) and produces deterministic findings. Local-first and static by default — no agent execution, tool calls, LLM calls, or network access.
 
 - **Inputs:** MCP · OpenAPI · OpenAI Agents SDK · Anthropic Messages API · Google ADK · LangChain/LangGraph · CrewAI · OpenAI API · Codex plugin · n8n
 - **Outputs:** Markdown · JSON · SARIF
@@ -56,7 +56,7 @@ Do **not** use any of: `Agent Shipgate` (singular), `Agent Shipcheck`, `agents s
 
 The canonical tagline is:
 
-> Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.
+> The deterministic merge gate for AI-generated agent capability changes.
 
 This single sentence is the source of truth for the GitHub repo description, [README.md](README.md), the [wiki Home page](https://github.com/ThreeMoonsLab/agents-shipgate/wiki/Home), and the [marketing site](https://threemoonslab.com/) `<meta name="description">`. Keep them in sync.
 
@@ -1897,8 +1897,9 @@ credential IDs may be preserved as local release evidence.
 
 # Concepts
 
-The mental model behind Agents Shipgate, a local-first, static Tool-Use
-Readiness release gate for AI agent tool surfaces.
+The mental model behind Agents Shipgate, the deterministic merge gate for
+AI-generated agent capability changes — a local-first, static Tool-Use
+Readiness review.
 
 For the product-level definition of a Tool-Use Readiness release gate, see
 [`category.md`](category.md). For the agent-facing
diff --git a/llms.txt b/llms.txt
index 69e0c5ae..6c659919 100644
--- a/llms.txt
+++ b/llms.txt
@@ -1,6 +1,6 @@
 # agents-shipgate
 
-> Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. CLI and GitHub Action. Apache-2.0.
+> The deterministic merge gate for AI-generated agent capability changes. CLI and GitHub Action. Apache-2.0.
 
 ## Identity
 
@@ -18,7 +18,7 @@
 
 ## What it is
 
-- Agents Shipgate is a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.
+- Agents Shipgate is the deterministic merge gate for AI-generated agent capability changes.
 - Agents Shipgate reads `shipgate.yaml` plus declared local tool sources.
 - Agents Shipgate writes deterministic findings as Markdown, JSON, and SARIF.
 - Agents Shipgate fits the release-gate slot for tool-using AI agents.
diff --git a/marketing/seo-geo-review.md b/marketing/seo-geo-review.md
index 899372b1..e564806d 100644
--- a/marketing/seo-geo-review.md
+++ b/marketing/seo-geo-review.md
@@ -18,10 +18,10 @@ agent-readable README. The highest-return work is not broad SEO hygiene. It is
 tightening the category story around **agent release readiness** while keeping
 the product wedge narrow: **Tool-Use Readiness** for AI agent tool surfaces.
 
-The current product promise should remain:
+The current product promise is:
 
-> Agents Shipgate is a local-first, static Tool-Use Readiness release gate for
-> AI agent tool surfaces.
+> Agents Shipgate is the deterministic merge gate for AI-generated agent
+> capability changes — a local-first, static Tool-Use Readiness review.
 
 The market-facing expansion should be:
 
diff --git a/prompts/add-shipgate-to-repo.md b/prompts/add-shipgate-to-repo.md
index afa92503..9847a8bb 100644
--- a/prompts/add-shipgate-to-repo.md
+++ b/prompts/add-shipgate-to-repo.md
@@ -3,7 +3,8 @@
 You are working in a repo that may contain an AI agent — likely one of: an MCP server tool list (`*mcp*.json` or `.agents-shipgate/*.json`), an OpenAPI spec the agent calls, a Codex plugin package (`.codex-plugin/plugin.json`) or marketplace (`.agents/plugins/marketplace.json`), a Python file with `@function_tool` / `@tool` decorators (OpenAI Agents SDK, LangChain, CrewAI), a Google ADK agent in `agent.py`, an Anthropic Messages API artifact set under `prompts/`/`tools/anthropic-tools.json`/`policies/anthropic-policy.yaml`, or an OpenAI API artifact set under `prompts/`/`tools/openai-tools.json`/`openai-config.json`.
 
 Your job is to drive the canonical 4-call flow end-to-end in one tool-using
-turn, which adds a local-first, static Tool-Use Readiness release gate.
+turn, which adds the deterministic merge gate for AI-generated agent capability
+changes — a local-first, static Tool-Use Readiness review.
 
 ## Your task
 
diff --git a/pyproject.toml b/pyproject.toml
index 4958d966..b5742e91 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,7 +5,7 @@ build-backend = "hatchling.build"
 [project]
 name = "agents-shipgate"
 version = "0.10.0"
-description = "Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. Agent release readiness for tool-using AI agents. CLI + GitHub Action. Scans MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK, LangChain, CrewAI, OpenAI API, Codex plugin, n8n."
+description = "The deterministic merge gate for AI-generated agent capability changes. Agent release readiness for tool-using AI agents. CLI + GitHub Action. Scans MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK, LangChain, CrewAI, OpenAI API, Codex plugin, n8n."
 readme = "README.md"
 requires-python = ">=3.12"
 license = "Apache-2.0"
diff --git a/samples/simple_crewai_agent/expected/report.md b/samples/simple_crewai_agent/expected/report.md
index 54067c28..c71bb0dd 100644
--- a/samples/simple_crewai_agent/expected/report.md
+++ b/samples/simple_crewai_agent/expected/report.md
@@ -106,4 +106,4 @@ No findings.
 
 ## Disclaimer
 
-Agents Shipgate is an advisory, local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It does not certify agent safety or compliance. Findings are based on static configuration, declared policies, tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, and output interpretation are not verified.
+Agents Shipgate is an advisory tool: the deterministic merge gate for AI-generated agent capability changes, run as a local-first, static Tool-Use Readiness review. It does not certify agent safety or compliance. Findings are based on static configuration, declared policies, tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, and output interpretation are not verified.
diff --git a/samples/simple_langchain_agent/expected/report.md b/samples/simple_langchain_agent/expected/report.md
index 529e84c9..8eb477f2 100644
--- a/samples/simple_langchain_agent/expected/report.md
+++ b/samples/simple_langchain_agent/expected/report.md
@@ -96,4 +96,4 @@ No findings.
 
 ## Disclaimer
 
-Agents Shipgate is an advisory, local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It does not certify agent safety or compliance. Findings are based on static configuration, declared policies, tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, and output interpretation are not verified.
+Agents Shipgate is an advisory tool: the deterministic merge gate for AI-generated agent capability changes, run as a local-first, static Tool-Use Readiness review. It does not certify agent safety or compliance. Findings are based on static configuration, declared policies, tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, and output interpretation are not verified.
diff --git a/samples/simple_openai_api_agent/expected/report.md b/samples/simple_openai_api_agent/expected/report.md
index cf3cc7dd..2062299f 100644
--- a/samples/simple_openai_api_agent/expected/report.md
+++ b/samples/simple_openai_api_agent/expected/report.md
@@ -219,4 +219,4 @@ Next validation:
 
 ## Disclaimer
 
-Agents Shipgate is an advisory, local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It does not certify agent safety or compliance. Findings are based on static configuration, declared policies, tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, and output interpretation are not verified.
+Agents Shipgate is an advisory tool: the deterministic merge gate for AI-generated agent capability changes, run as a local-first, static Tool-Use Readiness review. It does not certify agent safety or compliance. Findings are based on static configuration, declared policies, tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, and output interpretation are not verified.
diff --git a/samples/support_refund_agent/expected/packet.html b/samples/support_refund_agent/expected/packet.html
index 35b2f947..098e9f04 100644
--- a/samples/support_refund_agent/expected/packet.html
+++ b/samples/support_refund_agent/expected/packet.html
@@ -26,4 +26,4 @@
 .status-missing { color: #7f1d1d; }
 .status-informational { color: #555; }
 .meta { color: #555; font-size: 0.92rem; }
-</style></head><body><h1>Release Evidence Packet</h1><p class="meta">Project: <strong>support-refund-agent</strong> · Agent: <strong>refund-assistant</strong> · Environment: <strong>production_like</strong><br>Run id: <code>agents_shipgate_ebb71d7248235cc3</code> · Generated at: 2026-01-01T00:00:00+00:00 · Packet schema: 0.6</p><p>This packet is a reviewer-shaped synthesis of a static Agents Shipgate scan. See §10 for what the packet does <em>not</em> prove.</p><h2>§1 Release decision — <span class="verdict verdict-blocked">BLOCKED</span></h2><ul><li>Decision: <code>blocked</code></li><li>Reason: 2 active findings block release.</li><li>Blockers: 2</li><li>Review items: 16</li></ul><h3>CI gate behavior (informational)</h3><ul><li>ci_mode: <code>advisory</code>, would_fail_ci: <code>false</code>, exit code: <code>0</code></li><li>Note: CI behavior is metadata about the run gate, not the verdict. The verdict above derives from <code>release_decision.decision</code>.</li></ul><h3>Blockers</h3><ul><li><code>SHIP-POLICY-APPROVAL-MISSING</code> (critical): stripe.create_refund lacks a declared approval policy</li><li><code>SHIP-SIDEFX-IDEMPOTENCY-MISSING</code> (critical): stripe.create_refund lacks idempotency evidence</li></ul><h3>Review items</h3><ul><li><code>SHIP-INVENTORY-WILDCARD-TOOLS</code> (high): Wildcard tool exposure declared</li><li><code>SHIP-SCHEMA-MISSING-BOUNDS</code> (high): stripe.create_refund.amount has no maximum bound</li><li><code>SHIP-SCHEMA-BROAD-FREE-TEXT</code> (high): zendesk.update_ticket accepts broad free-form action input</li><li><code>SHIP-SCHEMA-BROAD-FREE-TEXT</code> (high): gmail.send_customer_email accepts broad free-form action input</li><li><code>SHIP-SCHEMA-FREEFORM-OUTPUT</code> (medium): send_email_preview returns free-form text output</li><li><code>SHIP-AUTH-MANIFEST-BROAD-SCOPE</code> (high): Manifest declares broad permission scopes</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): shopify.cancel_order requires scopes not declared in the manifest</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): support.search_kb requires scopes not declared in the manifest</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): gmail.send_customer_email requires scopes not declared in the manifest</li><li><code>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</code> (high): stripe.create_refund appears to overlap with a prohibited action</li><li><code>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</code> (high): gmail.send_customer_email appears to overlap with a prohibited action</li><li><code>SHIP-POLICY-CONFIRMATION-MISSING</code> (high): stripe.create_refund lacks a declared confirmation policy</li><li><code>SHIP-POLICY-CONFIRMATION-MISSING</code> (high): gmail.send_customer_email lacks a declared confirmation policy</li><li><code>SHIP-SIDEFX-IDEMPOTENCY-MISSING</code> (high): gmail.send_customer_email lacks idempotency evidence</li><li><code>SHIP-MANIFEST-HIGH-RISK-OWNER-MISSING</code> (high): shopify.cancel_order is high-risk but has no owner</li><li><code>SHIP-MANIFEST-UNUSED-SCOPE</code> (medium): Manifest declares unused permission scope zendesk:tickets:read</li></ul><h2>§1A Evidence matrix — compact review summary</h2><ul><li>Evidence Matrix Light is derived from public report.json only. Release decisions, CI exit behavior, and baseline semantics remain owned by release_decision. Domain rows intentionally overlap; a single finding can appear in multiple rows when it is relevant to each review lens.</li></ul><table><thead><tr><th>Domain</th><th>Evidence present</th><th>Evidence source</th><th>Confidence</th><th>Missing controls</th><th>Blocking findings</th><th>Review items</th></tr></thead><tbody><tr><td>Inventory</td><td>partial</td><td>tool_inventory; tool_surface; +2 more</td><td>high</td><td>SHIP-INVENTORY-WILDCARD-TOOLS on wildcard_mcp_tools.*: Wildcard tool exposure declared</td><td>—</td><td>SHIP-INVENTORY-WILDCARD-TOOLS (high)</td></tr><tr><td>Schema</td><td>partial</td><td>tool_surface_facts.tools[].hashes; findings[]</td><td>mixed</td><td>SHIP-SCHEMA-MISSING-BOUNDS on stripe.create_refund: stripe.create_refund.amount has no maximum bound; SHIP-SCHEMA-BROAD-FREE-TEXT on zendesk.update_ticket: zendesk.update_ticket accepts broad free-form action input; +2 more</td><td>—</td><td>SHIP-SCHEMA-MISSING-BOUNDS (high); SHIP-SCHEMA-BROAD-FREE-TEXT (high); +2 more</td></tr><tr><td>Auth</td><td>partial</td><td>tool_surface_facts.scopes; tool_inventory[].auth_scopes; +1 more</td><td>mixed</td><td>SHIP-AUTH-MANIFEST-BROAD-SCOPE: Manifest declares broad permission scopes; SHIP-AUTH-SCOPE-COVERAGE-MISSING on shopify.cancel_order: shopify.cancel_order requires scopes not declared in the manifest; +3 more</td><td>—</td><td>SHIP-AUTH-MANIFEST-BROAD-SCOPE (high); SHIP-AUTH-SCOPE-COVERAGE-MISSING (high); +3 more</td></tr><tr><td>Approval</td><td>partial</td><td>tool_surface_facts.controls[kind=approval_policy]; findings[]</td><td>high</td><td>SHIP-POLICY-APPROVAL-MISSING on stripe.create_refund: stripe.create_refund lacks a declared approval policy</td><td>SHIP-POLICY-APPROVAL-MISSING (critical)</td><td>—</td></tr><tr><td>Confirmation</td><td>partial</td><td>tool_surface_facts.controls[kind=confirmation_policy]; findings[]</td><td>high</td><td>SHIP-POLICY-CONFIRMATION-MISSING on stripe.create_refund: stripe.create_refund lacks a declared confirmation policy; SHIP-POLICY-CONFIRMATION-MISSING on gmail.send_customer_email: gmail.send_customer_email lacks a declared confirmation policy</td><td>—</td><td>SHIP-POLICY-CONFIRMATION-MISSING (high); SHIP-POLICY-CONFIRMATION-MISSING (high)</td></tr><tr><td>Idempotency</td><td>partial</td><td>tool_surface_facts.controls[kind=idempotency_evidence]; action_surface_facts.actions[].safeguards.idempotency; +1 more</td><td>mixed</td><td>SHIP-SIDEFX-IDEMPOTENCY-MISSING on stripe.create_refund: stripe.create_refund lacks idempotency evidence; SHIP-SIDEFX-IDEMPOTENCY-MISSING on gmail.send_customer_email: gmail.send_customer_email lacks idempotency evidence</td><td>SHIP-SIDEFX-IDEMPOTENCY-MISSING (critical)</td><td>SHIP-SIDEFX-IDEMPOTENCY-MISSING (high)</td></tr><tr><td>Side effects</td><td>partial</td><td>tool_inventory[].risk_tags; action_surface_facts.actions[].effect; +1 more</td><td>mixed</td><td>SHIP-SCHEMA-BROAD-FREE-TEXT on zendesk.update_ticket: zendesk.update_ticket accepts broad free-form action input; SHIP-SCHEMA-BROAD-FREE-TEXT on gmail.send_customer_email: gmail.send_customer_email accepts broad free-form action input; +5 more</td><td>SHIP-POLICY-APPROVAL-MISSING (critical); SHIP-SIDEFX-IDEMPOTENCY-MISSING (critical)</td><td>SHIP-SCHEMA-BROAD-FREE-TEXT (high); SHIP-SCHEMA-BROAD-FREE-TEXT (high); +3 more</td></tr><tr><td>Memory isolation</td><td>not_declared</td><td>—</td><td>unknown</td><td>—</td><td>—</td><td>—</td></tr><tr><td>Human-in-the-loop evidence</td><td>not_declared</td><td>—</td><td>unknown</td><td>—</td><td>—</td><td>—</td></tr><tr><td>Prompt/scope alignment</td><td>partial</td><td>declared_intentions; misalignments; +2 more</td><td>medium</td><td>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT on stripe.create_refund: stripe.create_refund appears to overlap with a prohibited action; SHIP-SCOPE-PROHIBITED-TOOL-PRESENT on gmail.send_customer_email: gmail.send_customer_email appears to overlap with a prohibited action</td><td>—</td><td>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT (high); SHIP-SCOPE-PROHIBITED-TOOL-PRESENT (high)</td></tr><tr><td>Retry/timeout</td><td>not_declared</td><td>—</td><td>unknown</td><td>—</td><td>—</td><td>—</td></tr><tr><td>Baseline debt</td><td>informational</td><td>—</td><td>unknown</td><td>—</td><td>—</td><td>—</td></tr><tr><td>Action-surface policy</td><td>covered</td><td>action_surface_facts.actions</td><td>medium</td><td>—</td><td>—</td><td>—</td></tr></tbody></table><h2>§2 Capability ↔ Intent diff — <span class="status-missing">missing</span></h2><h3>Declared</h3><ul><li>Purpose: answer refund policy questions</li><li>Purpose: prepare refund requests for human review</li><li>Purpose: update support ticket notes</li><li>Prohibited: issue refund without approval</li><li>Prohibited: cancel order without explicit confirmation</li><li>Prohibited: send external email without preview</li></ul><h3>Observed tools</h3><ul><li><code>gmail.send_customer_email</code></li><li><code>refund_status_lookup</code></li><li><code>send_email_preview</code></li><li><code>shopify.cancel_order</code></li><li><code>stripe.create_refund</code></li><li><code>support.search_kb</code></li><li><code>wildcard_mcp_tools.*</code></li><li><code>zendesk.update_ticket</code></li></ul><h3>Divergences</h3><ul><li><code>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</code>: stripe.create_refund appears to overlap with a prohibited action</li><li><code>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</code>: gmail.send_customer_email appears to overlap with a prohibited action</li></ul><h2>§3 High-risk tool surface — <span class="status-partial">partial</span></h2><p class="meta">Total tools: 8 · High-risk: 3</p><table><thead><tr><th>Tool</th><th>Source</th><th>Risk tags</th><th>Approval</th><th>Idempotency</th></tr></thead><tbody><tr><td><code>gmail.send_customer_email</code></td><td>mcp</td><td>customer_communication, external_write</td><td>no</td><td>no</td></tr><tr><td><code>shopify.cancel_order</code></td><td>openapi</td><td>destructive, write</td><td>yes</td><td>yes</td></tr><tr><td><code>stripe.create_refund</code></td><td>openapi</td><td>external_write, financial_action, write</td><td>no</td><td>no</td></tr></tbody></table><h2>§3A Tool-surface diff — <span class="status-not_declared">not declared</span></h2><p>Status: disabled — No --diff-from report or v0.3 baseline snapshot was provided.<br>Base: <code>none</code></p><h2>§3B Action-surface diff — <span class="status-not_declared">not declared</span></h2><p>Status: disabled — No action-surface comparison source was provided.<br>Base: <code>none</code></p><h2>§4 Approval policy coverage — <span class="status-partial">partial</span></h2><table><thead><tr><th>Tool</th><th>Declared</th><th>Source</th><th>Gap finding(s)</th></tr></thead><tbody><tr><td><code>shopify.cancel_order</code></td><td>yes</td><td>policies</td><td>—</td></tr><tr><td><code>stripe.create_refund</code></td><td>no</td><td>—</td><td>fp_f092940f62fbb012</td></tr></tbody></table><h3>Gap findings</h3><ul><li><code>SHIP-POLICY-APPROVAL-MISSING</code> (critical): stripe.create_refund lacks a declared approval policy</li></ul><h2>§5 Idempotency / retry risk — <span class="status-partial">partial</span></h2><p>Retry policy: <strong>not declared</strong></p><table><thead><tr><th>Tool</th><th>Declared</th><th>Source</th><th>Gap finding(s)</th></tr></thead><tbody><tr><td><code>gmail.send_customer_email</code></td><td>no</td><td>—</td><td>fp_0f8aaa912d589cf0</td></tr><tr><td><code>shopify.cancel_order</code></td><td>yes</td><td>policies</td><td>—</td></tr><tr><td><code>stripe.create_refund</code></td><td>no</td><td>—</td><td>fp_dac8011e14c53777</td></tr></tbody></table><h3>Gap findings</h3><ul><li><code>SHIP-SIDEFX-IDEMPOTENCY-MISSING</code> (critical): stripe.create_refund lacks idempotency evidence</li><li><code>SHIP-SIDEFX-IDEMPOTENCY-MISSING</code> (high): gmail.send_customer_email lacks idempotency evidence</li></ul><h2>§6 Scope coverage — <span class="status-missing">missing</span></h2><h3>Declared scopes</h3><ul><li><code>zendesk:tickets:read</code></li><li><code>zendesk:tickets:write</code></li><li><code>stripe:*</code></li></ul><table><thead><tr><th>Scope</th><th>Declared</th><th>Used by tools</th></tr></thead><tbody><tr><td><code>gmail:send</code></td><td>no</td><td><code>gmail.send_customer_email</code></td></tr><tr><td><code>shopify:orders:write</code></td><td>no</td><td><code>shopify.cancel_order</code></td></tr><tr><td><code>stripe:*</code></td><td>yes</td><td>—</td></tr><tr><td><code>stripe:refunds:write</code></td><td>yes</td><td><code>stripe.create_refund</code></td></tr><tr><td><code>support:kb:read</code></td><td>no</td><td><code>support.search_kb</code></td></tr><tr><td><code>zendesk:tickets:read</code></td><td>yes</td><td>—</td></tr><tr><td><code>zendesk:tickets:write</code></td><td>yes</td><td><code>zendesk.update_ticket</code></td></tr></tbody></table><h3>Unused declared scopes</h3><ul><li><code>zendesk:tickets:read</code></li></ul><h3>Used by tools but not declared</h3><ul><li><code>gmail:send</code></li><li><code>shopify:orders:write</code></li><li><code>support:kb:read</code></li></ul><h3>Gap findings</h3><ul><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): shopify.cancel_order requires scopes not declared in the manifest</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): support.search_kb requires scopes not declared in the manifest</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): gmail.send_customer_email requires scopes not declared in the manifest</li><li><code>SHIP-MANIFEST-UNUSED-SCOPE</code> (medium): Manifest declares unused permission scope zendesk:tickets:read</li></ul><h2>§7 Memory isolation — <span class="status-not_declared">not declared</span></h2><p>Manifest does not declare a memory isolation policy. The current manifest schema (v0.1) has no agent.memory field. See §10 for the residual review item.</p><h2>§8 Human-in-the-loop evidence — <span class="status-covered">covered</span></h2><ul><li>Configured: yes</li><li>Human review recommended: yes</li><li>Provenance mode: <code>fresh_scan</code></li><li>HITL evidence is local review evidence only. Missing local evidence does not prove a runtime control is absent, and present local evidence does not certify runtime enforcement.</li></ul><h3>Approval-required tools</h3><ul><li><code>shopify.cancel_order</code></li></ul><h3>Confirmation-required tools</h3><ul><li><code>shopify.cancel_order</code></li></ul><h2>§9 Required dynamic scenarios — <span class="status-partial">partial</span></h2><ul><li><strong>Manual review for SHIP-AUTH-MANIFEST-BROAD-SCOPE</strong> — Replace broad manifest permission scopes with the narrowest scopes needed for this release.<br><span class="meta">Related finding(s): fp_d27325cbdbbf5483</span></li><li><strong>Manual review for SHIP-AUTH-SCOPE-COVERAGE-MISSING</strong> — Add the required scopes for shopify.cancel_order to permissions.scopes or narrow the tool&#x27;s declared auth requirements.<br><span class="meta">Related finding(s): fp_1f6cfd6b7daa9b7c, fp_83852fbd6b440524, fp_d8e6d1865dae97cc</span></li><li><strong>Manual review for SHIP-INVENTORY-WILDCARD-TOOLS</strong> — Replace wildcard tool exposure with an explicit tool allowlist before release review.<br><span class="meta">Related finding(s): fp_fc02d8ecd30f2578</span></li><li><strong>Manual review for SHIP-MANIFEST-HIGH-RISK-OWNER-MISSING</strong> — Declare an owner for each high-risk production tool in risk_overrides.tools.<br><span class="meta">Related finding(s): fp_fd2577850cef1f87</span></li><li><strong>Manual review for SHIP-MANIFEST-UNUSED-SCOPE</strong> — Remove unused manifest scopes or add tool metadata showing why they are required.<br><span class="meta">Related finding(s): fp_39b9ae878f343d1b</span></li><li><strong>Manual review for SHIP-POLICY-APPROVAL-MISSING</strong> — Declare an approval policy for stripe.create_refund or remove this tool from the release.<br><span class="meta">Related finding(s): fp_f092940f62fbb012</span></li><li><strong>Manual review for SHIP-POLICY-CONFIRMATION-MISSING</strong> — Declare a user confirmation policy for stripe.create_refund or remove this action from the release.<br><span class="meta">Related finding(s): fp_8e08a4fe6b0917f6, fp_a62ca2fd9a68a1d1</span></li><li><strong>Manual review for SHIP-SCHEMA-BROAD-FREE-TEXT</strong> — Constrain zendesk.update_ticket.updates with an enum, structured schema, or narrower field-specific parameters.<br><span class="meta">Related finding(s): fp_acd63b899d49aa1c, fp_ff2f028953d1c220</span></li><li><strong>Manual review for SHIP-SCHEMA-FREEFORM-OUTPUT</strong> — Prefer a structured output schema for send_email_preview, especially when output is later passed back into model context.<br><span class="meta">Related finding(s): fp_85f8513ad72cd9ea</span></li><li><strong>Manual review for SHIP-SCHEMA-MISSING-BOUNDS</strong> — Add a maximum bound to stripe.create_refund.amount or document an equivalent limit in the tool policy.<br><span class="meta">Related finding(s): fp_ab60b01cb53cfcbe</span></li><li><strong>Manual review for SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</strong> — Remove stripe.create_refund, narrow its policy, or revise prohibited_actions so the manifest and tool surface do not contradict each other.<br><span class="meta">Related finding(s): fp_12985c36a06026de, fp_e090c62e390e70ab</span></li><li><strong>Manual review for SHIP-SIDEFX-IDEMPOTENCY-MISSING</strong> — Add an idempotency key, idempotent annotation, or declared idempotency policy for stripe.create_refund.<br><span class="meta">Related finding(s): fp_0f8aaa912d589cf0, fp_dac8011e14c53777</span></li><li><strong>Re-run scan after resolving source warnings</strong> — Source loaders emitted warnings; some tool surfaces may have been parsed with reduced confidence.</li><li><strong>Verify low-confidence tool extractions</strong> — One or more tools were extracted with low confidence; confirm against the upstream source before release.</li></ul><h2>§10 What this packet did NOT prove</h2><p>Agents Shipgate is an advisory, local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. The packet below is derived from a scan; it does not, by itself, prove the following properties:</p><ul><li><strong>Prompt robustness.</strong> Whether the agent&#x27;s prompt holds up under jailbreaks, persona drift, indirect prompt injection, or adversarial inputs.</li><li><strong>Runtime behavior.</strong> Whether the agent actually invokes only the declared tools, respects approval gates at runtime, or follows policy under load. Static config is not runtime evidence.</li><li><strong>Model correctness.</strong> Whether the underlying model produces correct outputs, calls the right tools, or stays within the declared scope. The packet does not benchmark the model.</li><li><strong>Adversarial resistance.</strong> Whether the agent withstands red-team or penetration testing. The packet does not run scenarios; it organizes evidence.</li></ul><h3>Per-run residuals</h3><ul><li>Source warnings:<ul><li>MCP source declares wildcard tool exposure</li></ul></li><li>Low-confidence tool extractions: none</li><li>Suppressed findings in effect: none</li><li>Memory isolation is not modeled by the v0.1 manifest schema; no static evidence is available.</li><li>6 active finding(s) came from heuristic provenance (keyword_heuristic=6, regex_heuristic=0); review the finding evidence before acting.</li></ul></body></html>
+</style></head><body><h1>Release Evidence Packet</h1><p class="meta">Project: <strong>support-refund-agent</strong> · Agent: <strong>refund-assistant</strong> · Environment: <strong>production_like</strong><br>Run id: <code>agents_shipgate_ebb71d7248235cc3</code> · Generated at: 2026-01-01T00:00:00+00:00 · Packet schema: 0.6</p><p>This packet is a reviewer-shaped synthesis of a static Agents Shipgate scan. See §10 for what the packet does <em>not</em> prove.</p><h2>§1 Release decision — <span class="verdict verdict-blocked">BLOCKED</span></h2><ul><li>Decision: <code>blocked</code></li><li>Reason: 2 active findings block release.</li><li>Blockers: 2</li><li>Review items: 16</li></ul><h3>CI gate behavior (informational)</h3><ul><li>ci_mode: <code>advisory</code>, would_fail_ci: <code>false</code>, exit code: <code>0</code></li><li>Note: CI behavior is metadata about the run gate, not the verdict. The verdict above derives from <code>release_decision.decision</code>.</li></ul><h3>Blockers</h3><ul><li><code>SHIP-POLICY-APPROVAL-MISSING</code> (critical): stripe.create_refund lacks a declared approval policy</li><li><code>SHIP-SIDEFX-IDEMPOTENCY-MISSING</code> (critical): stripe.create_refund lacks idempotency evidence</li></ul><h3>Review items</h3><ul><li><code>SHIP-INVENTORY-WILDCARD-TOOLS</code> (high): Wildcard tool exposure declared</li><li><code>SHIP-SCHEMA-MISSING-BOUNDS</code> (high): stripe.create_refund.amount has no maximum bound</li><li><code>SHIP-SCHEMA-BROAD-FREE-TEXT</code> (high): zendesk.update_ticket accepts broad free-form action input</li><li><code>SHIP-SCHEMA-BROAD-FREE-TEXT</code> (high): gmail.send_customer_email accepts broad free-form action input</li><li><code>SHIP-SCHEMA-FREEFORM-OUTPUT</code> (medium): send_email_preview returns free-form text output</li><li><code>SHIP-AUTH-MANIFEST-BROAD-SCOPE</code> (high): Manifest declares broad permission scopes</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): shopify.cancel_order requires scopes not declared in the manifest</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): support.search_kb requires scopes not declared in the manifest</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): gmail.send_customer_email requires scopes not declared in the manifest</li><li><code>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</code> (high): stripe.create_refund appears to overlap with a prohibited action</li><li><code>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</code> (high): gmail.send_customer_email appears to overlap with a prohibited action</li><li><code>SHIP-POLICY-CONFIRMATION-MISSING</code> (high): stripe.create_refund lacks a declared confirmation policy</li><li><code>SHIP-POLICY-CONFIRMATION-MISSING</code> (high): gmail.send_customer_email lacks a declared confirmation policy</li><li><code>SHIP-SIDEFX-IDEMPOTENCY-MISSING</code> (high): gmail.send_customer_email lacks idempotency evidence</li><li><code>SHIP-MANIFEST-HIGH-RISK-OWNER-MISSING</code> (high): shopify.cancel_order is high-risk but has no owner</li><li><code>SHIP-MANIFEST-UNUSED-SCOPE</code> (medium): Manifest declares unused permission scope zendesk:tickets:read</li></ul><h2>§1A Evidence matrix — compact review summary</h2><ul><li>Evidence Matrix Light is derived from public report.json only. Release decisions, CI exit behavior, and baseline semantics remain owned by release_decision. Domain rows intentionally overlap; a single finding can appear in multiple rows when it is relevant to each review lens.</li></ul><table><thead><tr><th>Domain</th><th>Evidence present</th><th>Evidence source</th><th>Confidence</th><th>Missing controls</th><th>Blocking findings</th><th>Review items</th></tr></thead><tbody><tr><td>Inventory</td><td>partial</td><td>tool_inventory; tool_surface; +2 more</td><td>high</td><td>SHIP-INVENTORY-WILDCARD-TOOLS on wildcard_mcp_tools.*: Wildcard tool exposure declared</td><td>—</td><td>SHIP-INVENTORY-WILDCARD-TOOLS (high)</td></tr><tr><td>Schema</td><td>partial</td><td>tool_surface_facts.tools[].hashes; findings[]</td><td>mixed</td><td>SHIP-SCHEMA-MISSING-BOUNDS on stripe.create_refund: stripe.create_refund.amount has no maximum bound; SHIP-SCHEMA-BROAD-FREE-TEXT on zendesk.update_ticket: zendesk.update_ticket accepts broad free-form action input; +2 more</td><td>—</td><td>SHIP-SCHEMA-MISSING-BOUNDS (high); SHIP-SCHEMA-BROAD-FREE-TEXT (high); +2 more</td></tr><tr><td>Auth</td><td>partial</td><td>tool_surface_facts.scopes; tool_inventory[].auth_scopes; +1 more</td><td>mixed</td><td>SHIP-AUTH-MANIFEST-BROAD-SCOPE: Manifest declares broad permission scopes; SHIP-AUTH-SCOPE-COVERAGE-MISSING on shopify.cancel_order: shopify.cancel_order requires scopes not declared in the manifest; +3 more</td><td>—</td><td>SHIP-AUTH-MANIFEST-BROAD-SCOPE (high); SHIP-AUTH-SCOPE-COVERAGE-MISSING (high); +3 more</td></tr><tr><td>Approval</td><td>partial</td><td>tool_surface_facts.controls[kind=approval_policy]; findings[]</td><td>high</td><td>SHIP-POLICY-APPROVAL-MISSING on stripe.create_refund: stripe.create_refund lacks a declared approval policy</td><td>SHIP-POLICY-APPROVAL-MISSING (critical)</td><td>—</td></tr><tr><td>Confirmation</td><td>partial</td><td>tool_surface_facts.controls[kind=confirmation_policy]; findings[]</td><td>high</td><td>SHIP-POLICY-CONFIRMATION-MISSING on stripe.create_refund: stripe.create_refund lacks a declared confirmation policy; SHIP-POLICY-CONFIRMATION-MISSING on gmail.send_customer_email: gmail.send_customer_email lacks a declared confirmation policy</td><td>—</td><td>SHIP-POLICY-CONFIRMATION-MISSING (high); SHIP-POLICY-CONFIRMATION-MISSING (high)</td></tr><tr><td>Idempotency</td><td>partial</td><td>tool_surface_facts.controls[kind=idempotency_evidence]; action_surface_facts.actions[].safeguards.idempotency; +1 more</td><td>mixed</td><td>SHIP-SIDEFX-IDEMPOTENCY-MISSING on stripe.create_refund: stripe.create_refund lacks idempotency evidence; SHIP-SIDEFX-IDEMPOTENCY-MISSING on gmail.send_customer_email: gmail.send_customer_email lacks idempotency evidence</td><td>SHIP-SIDEFX-IDEMPOTENCY-MISSING (critical)</td><td>SHIP-SIDEFX-IDEMPOTENCY-MISSING (high)</td></tr><tr><td>Side effects</td><td>partial</td><td>tool_inventory[].risk_tags; action_surface_facts.actions[].effect; +1 more</td><td>mixed</td><td>SHIP-SCHEMA-BROAD-FREE-TEXT on zendesk.update_ticket: zendesk.update_ticket accepts broad free-form action input; SHIP-SCHEMA-BROAD-FREE-TEXT on gmail.send_customer_email: gmail.send_customer_email accepts broad free-form action input; +5 more</td><td>SHIP-POLICY-APPROVAL-MISSING (critical); SHIP-SIDEFX-IDEMPOTENCY-MISSING (critical)</td><td>SHIP-SCHEMA-BROAD-FREE-TEXT (high); SHIP-SCHEMA-BROAD-FREE-TEXT (high); +3 more</td></tr><tr><td>Memory isolation</td><td>not_declared</td><td>—</td><td>unknown</td><td>—</td><td>—</td><td>—</td></tr><tr><td>Human-in-the-loop evidence</td><td>not_declared</td><td>—</td><td>unknown</td><td>—</td><td>—</td><td>—</td></tr><tr><td>Prompt/scope alignment</td><td>partial</td><td>declared_intentions; misalignments; +2 more</td><td>medium</td><td>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT on stripe.create_refund: stripe.create_refund appears to overlap with a prohibited action; SHIP-SCOPE-PROHIBITED-TOOL-PRESENT on gmail.send_customer_email: gmail.send_customer_email appears to overlap with a prohibited action</td><td>—</td><td>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT (high); SHIP-SCOPE-PROHIBITED-TOOL-PRESENT (high)</td></tr><tr><td>Retry/timeout</td><td>not_declared</td><td>—</td><td>unknown</td><td>—</td><td>—</td><td>—</td></tr><tr><td>Baseline debt</td><td>informational</td><td>—</td><td>unknown</td><td>—</td><td>—</td><td>—</td></tr><tr><td>Action-surface policy</td><td>covered</td><td>action_surface_facts.actions</td><td>medium</td><td>—</td><td>—</td><td>—</td></tr></tbody></table><h2>§2 Capability ↔ Intent diff — <span class="status-missing">missing</span></h2><h3>Declared</h3><ul><li>Purpose: answer refund policy questions</li><li>Purpose: prepare refund requests for human review</li><li>Purpose: update support ticket notes</li><li>Prohibited: issue refund without approval</li><li>Prohibited: cancel order without explicit confirmation</li><li>Prohibited: send external email without preview</li></ul><h3>Observed tools</h3><ul><li><code>gmail.send_customer_email</code></li><li><code>refund_status_lookup</code></li><li><code>send_email_preview</code></li><li><code>shopify.cancel_order</code></li><li><code>stripe.create_refund</code></li><li><code>support.search_kb</code></li><li><code>wildcard_mcp_tools.*</code></li><li><code>zendesk.update_ticket</code></li></ul><h3>Divergences</h3><ul><li><code>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</code>: stripe.create_refund appears to overlap with a prohibited action</li><li><code>SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</code>: gmail.send_customer_email appears to overlap with a prohibited action</li></ul><h2>§3 High-risk tool surface — <span class="status-partial">partial</span></h2><p class="meta">Total tools: 8 · High-risk: 3</p><table><thead><tr><th>Tool</th><th>Source</th><th>Risk tags</th><th>Approval</th><th>Idempotency</th></tr></thead><tbody><tr><td><code>gmail.send_customer_email</code></td><td>mcp</td><td>customer_communication, external_write</td><td>no</td><td>no</td></tr><tr><td><code>shopify.cancel_order</code></td><td>openapi</td><td>destructive, write</td><td>yes</td><td>yes</td></tr><tr><td><code>stripe.create_refund</code></td><td>openapi</td><td>external_write, financial_action, write</td><td>no</td><td>no</td></tr></tbody></table><h2>§3A Tool-surface diff — <span class="status-not_declared">not declared</span></h2><p>Status: disabled — No --diff-from report or v0.3 baseline snapshot was provided.<br>Base: <code>none</code></p><h2>§3B Action-surface diff — <span class="status-not_declared">not declared</span></h2><p>Status: disabled — No action-surface comparison source was provided.<br>Base: <code>none</code></p><h2>§4 Approval policy coverage — <span class="status-partial">partial</span></h2><table><thead><tr><th>Tool</th><th>Declared</th><th>Source</th><th>Gap finding(s)</th></tr></thead><tbody><tr><td><code>shopify.cancel_order</code></td><td>yes</td><td>policies</td><td>—</td></tr><tr><td><code>stripe.create_refund</code></td><td>no</td><td>—</td><td>fp_f092940f62fbb012</td></tr></tbody></table><h3>Gap findings</h3><ul><li><code>SHIP-POLICY-APPROVAL-MISSING</code> (critical): stripe.create_refund lacks a declared approval policy</li></ul><h2>§5 Idempotency / retry risk — <span class="status-partial">partial</span></h2><p>Retry policy: <strong>not declared</strong></p><table><thead><tr><th>Tool</th><th>Declared</th><th>Source</th><th>Gap finding(s)</th></tr></thead><tbody><tr><td><code>gmail.send_customer_email</code></td><td>no</td><td>—</td><td>fp_0f8aaa912d589cf0</td></tr><tr><td><code>shopify.cancel_order</code></td><td>yes</td><td>policies</td><td>—</td></tr><tr><td><code>stripe.create_refund</code></td><td>no</td><td>—</td><td>fp_dac8011e14c53777</td></tr></tbody></table><h3>Gap findings</h3><ul><li><code>SHIP-SIDEFX-IDEMPOTENCY-MISSING</code> (critical): stripe.create_refund lacks idempotency evidence</li><li><code>SHIP-SIDEFX-IDEMPOTENCY-MISSING</code> (high): gmail.send_customer_email lacks idempotency evidence</li></ul><h2>§6 Scope coverage — <span class="status-missing">missing</span></h2><h3>Declared scopes</h3><ul><li><code>zendesk:tickets:read</code></li><li><code>zendesk:tickets:write</code></li><li><code>stripe:*</code></li></ul><table><thead><tr><th>Scope</th><th>Declared</th><th>Used by tools</th></tr></thead><tbody><tr><td><code>gmail:send</code></td><td>no</td><td><code>gmail.send_customer_email</code></td></tr><tr><td><code>shopify:orders:write</code></td><td>no</td><td><code>shopify.cancel_order</code></td></tr><tr><td><code>stripe:*</code></td><td>yes</td><td>—</td></tr><tr><td><code>stripe:refunds:write</code></td><td>yes</td><td><code>stripe.create_refund</code></td></tr><tr><td><code>support:kb:read</code></td><td>no</td><td><code>support.search_kb</code></td></tr><tr><td><code>zendesk:tickets:read</code></td><td>yes</td><td>—</td></tr><tr><td><code>zendesk:tickets:write</code></td><td>yes</td><td><code>zendesk.update_ticket</code></td></tr></tbody></table><h3>Unused declared scopes</h3><ul><li><code>zendesk:tickets:read</code></li></ul><h3>Used by tools but not declared</h3><ul><li><code>gmail:send</code></li><li><code>shopify:orders:write</code></li><li><code>support:kb:read</code></li></ul><h3>Gap findings</h3><ul><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): shopify.cancel_order requires scopes not declared in the manifest</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): support.search_kb requires scopes not declared in the manifest</li><li><code>SHIP-AUTH-SCOPE-COVERAGE-MISSING</code> (high): gmail.send_customer_email requires scopes not declared in the manifest</li><li><code>SHIP-MANIFEST-UNUSED-SCOPE</code> (medium): Manifest declares unused permission scope zendesk:tickets:read</li></ul><h2>§7 Memory isolation — <span class="status-not_declared">not declared</span></h2><p>Manifest does not declare a memory isolation policy. The current manifest schema (v0.1) has no agent.memory field. See §10 for the residual review item.</p><h2>§8 Human-in-the-loop evidence — <span class="status-covered">covered</span></h2><ul><li>Configured: yes</li><li>Human review recommended: yes</li><li>Provenance mode: <code>fresh_scan</code></li><li>HITL evidence is local review evidence only. Missing local evidence does not prove a runtime control is absent, and present local evidence does not certify runtime enforcement.</li></ul><h3>Approval-required tools</h3><ul><li><code>shopify.cancel_order</code></li></ul><h3>Confirmation-required tools</h3><ul><li><code>shopify.cancel_order</code></li></ul><h2>§9 Required dynamic scenarios — <span class="status-partial">partial</span></h2><ul><li><strong>Manual review for SHIP-AUTH-MANIFEST-BROAD-SCOPE</strong> — Replace broad manifest permission scopes with the narrowest scopes needed for this release.<br><span class="meta">Related finding(s): fp_d27325cbdbbf5483</span></li><li><strong>Manual review for SHIP-AUTH-SCOPE-COVERAGE-MISSING</strong> — Add the required scopes for shopify.cancel_order to permissions.scopes or narrow the tool&#x27;s declared auth requirements.<br><span class="meta">Related finding(s): fp_1f6cfd6b7daa9b7c, fp_83852fbd6b440524, fp_d8e6d1865dae97cc</span></li><li><strong>Manual review for SHIP-INVENTORY-WILDCARD-TOOLS</strong> — Replace wildcard tool exposure with an explicit tool allowlist before release review.<br><span class="meta">Related finding(s): fp_fc02d8ecd30f2578</span></li><li><strong>Manual review for SHIP-MANIFEST-HIGH-RISK-OWNER-MISSING</strong> — Declare an owner for each high-risk production tool in risk_overrides.tools.<br><span class="meta">Related finding(s): fp_fd2577850cef1f87</span></li><li><strong>Manual review for SHIP-MANIFEST-UNUSED-SCOPE</strong> — Remove unused manifest scopes or add tool metadata showing why they are required.<br><span class="meta">Related finding(s): fp_39b9ae878f343d1b</span></li><li><strong>Manual review for SHIP-POLICY-APPROVAL-MISSING</strong> — Declare an approval policy for stripe.create_refund or remove this tool from the release.<br><span class="meta">Related finding(s): fp_f092940f62fbb012</span></li><li><strong>Manual review for SHIP-POLICY-CONFIRMATION-MISSING</strong> — Declare a user confirmation policy for stripe.create_refund or remove this action from the release.<br><span class="meta">Related finding(s): fp_8e08a4fe6b0917f6, fp_a62ca2fd9a68a1d1</span></li><li><strong>Manual review for SHIP-SCHEMA-BROAD-FREE-TEXT</strong> — Constrain zendesk.update_ticket.updates with an enum, structured schema, or narrower field-specific parameters.<br><span class="meta">Related finding(s): fp_acd63b899d49aa1c, fp_ff2f028953d1c220</span></li><li><strong>Manual review for SHIP-SCHEMA-FREEFORM-OUTPUT</strong> — Prefer a structured output schema for send_email_preview, especially when output is later passed back into model context.<br><span class="meta">Related finding(s): fp_85f8513ad72cd9ea</span></li><li><strong>Manual review for SHIP-SCHEMA-MISSING-BOUNDS</strong> — Add a maximum bound to stripe.create_refund.amount or document an equivalent limit in the tool policy.<br><span class="meta">Related finding(s): fp_ab60b01cb53cfcbe</span></li><li><strong>Manual review for SHIP-SCOPE-PROHIBITED-TOOL-PRESENT</strong> — Remove stripe.create_refund, narrow its policy, or revise prohibited_actions so the manifest and tool surface do not contradict each other.<br><span class="meta">Related finding(s): fp_12985c36a06026de, fp_e090c62e390e70ab</span></li><li><strong>Manual review for SHIP-SIDEFX-IDEMPOTENCY-MISSING</strong> — Add an idempotency key, idempotent annotation, or declared idempotency policy for stripe.create_refund.<br><span class="meta">Related finding(s): fp_0f8aaa912d589cf0, fp_dac8011e14c53777</span></li><li><strong>Re-run scan after resolving source warnings</strong> — Source loaders emitted warnings; some tool surfaces may have been parsed with reduced confidence.</li><li><strong>Verify low-confidence tool extractions</strong> — One or more tools were extracted with low confidence; confirm against the upstream source before release.</li></ul><h2>§10 What this packet did NOT prove</h2><p>Agents Shipgate is an advisory tool: the deterministic merge gate for AI-generated agent capability changes, run as a local-first, static Tool-Use Readiness review. The packet below is derived from a scan; it does not, by itself, prove the following properties:</p><ul><li><strong>Prompt robustness.</strong> Whether the agent&#x27;s prompt holds up under jailbreaks, persona drift, indirect prompt injection, or adversarial inputs.</li><li><strong>Runtime behavior.</strong> Whether the agent actually invokes only the declared tools, respects approval gates at runtime, or follows policy under load. Static config is not runtime evidence.</li><li><strong>Model correctness.</strong> Whether the underlying model produces correct outputs, calls the right tools, or stays within the declared scope. The packet does not benchmark the model.</li><li><strong>Adversarial resistance.</strong> Whether the agent withstands red-team or penetration testing. The packet does not run scenarios; it organizes evidence.</li></ul><h3>Per-run residuals</h3><ul><li>Source warnings:<ul><li>MCP source declares wildcard tool exposure</li></ul></li><li>Low-confidence tool extractions: none</li><li>Suppressed findings in effect: none</li><li>Memory isolation is not modeled by the v0.1 manifest schema; no static evidence is available.</li><li>6 active finding(s) came from heuristic provenance (keyword_heuristic=6, regex_heuristic=0); review the finding evidence before acting.</li></ul></body></html>
diff --git a/samples/support_refund_agent/expected/packet.json b/samples/support_refund_agent/expected/packet.json
index 94c50adc..a9557958 100644
--- a/samples/support_refund_agent/expected/packet.json
+++ b/samples/support_refund_agent/expected/packet.json
@@ -1292,7 +1292,7 @@
       "Memory isolation is not modeled by the v0.1 manifest schema; no static evidence is available.",
       "6 active finding(s) came from heuristic provenance (keyword_heuristic=6, regex_heuristic=0); review the finding evidence before acting."
     ],
-    "headline": "Agents Shipgate is an advisory, local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. The packet below is derived from a scan; it does not, by itself, prove the following properties:",
+    "headline": "Agents Shipgate is an advisory tool: the deterministic merge gate for AI-generated agent capability changes, run as a local-first, static Tool-Use Readiness review. The packet below is derived from a scan; it does not, by itself, prove the following properties:",
     "low_confidence_tools": [],
     "source_warnings": [
       "MCP source declares wildcard tool exposure"
diff --git a/samples/support_refund_agent/expected/packet.md b/samples/support_refund_agent/expected/packet.md
index 46d10dc7..07665195 100644
--- a/samples/support_refund_agent/expected/packet.md
+++ b/samples/support_refund_agent/expected/packet.md
@@ -223,7 +223,7 @@ This packet is a reviewer-shaped synthesis of a static Agents Shipgate scan. See
 
 ## §10 What this packet did NOT prove
 
-Agents Shipgate is an advisory, local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. The packet below is derived from a scan; it does not, by itself, prove the following properties:
+Agents Shipgate is an advisory tool: the deterministic merge gate for AI-generated agent capability changes, run as a local-first, static Tool-Use Readiness review. The packet below is derived from a scan; it does not, by itself, prove the following properties:
 
 - **Prompt robustness.** Whether the agent's prompt holds up under jailbreaks, persona drift, indirect prompt injection, or adversarial inputs.
 - **Runtime behavior.** Whether the agent actually invokes only the declared tools, respects approval gates at runtime, or follows policy under load. Static config is not runtime evidence.
diff --git a/samples/support_refund_agent/expected/report.md b/samples/support_refund_agent/expected/report.md
index 7bd41f71..10415fd5 100644
--- a/samples/support_refund_agent/expected/report.md
+++ b/samples/support_refund_agent/expected/report.md
@@ -225,4 +225,4 @@ Next validation:
 
 ## Disclaimer
 
-Agents Shipgate is an advisory, local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It does not certify agent safety or compliance. Findings are based on static configuration, declared policies, tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, and output interpretation are not verified.
+Agents Shipgate is an advisory tool: the deterministic merge gate for AI-generated agent capability changes, run as a local-first, static Tool-Use Readiness review. It does not certify agent safety or compliance. Findings are based on static configuration, declared policies, tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, and output interpretation are not verified.
diff --git a/skills/agents-shipgate/SKILL.md b/skills/agents-shipgate/SKILL.md
index 94451e92..bb5e334a 100644
--- a/skills/agents-shipgate/SKILL.md
+++ b/skills/agents-shipgate/SKILL.md
@@ -1,11 +1,11 @@
 ---
 name: agents-shipgate
-description: Use when the user wants to add a local-first, static Tool-Use Readiness release gate for an AI agent's tool surface, run agents-shipgate scans, fix or triage Shipgate findings, add Shipgate to CI, or interpret a shipgate report. Triggers on phrases like "add shipgate", "release readiness for my agent", "tool-use readiness", "scan my agent", "shipgate scan", "shipgate.yaml", "agents-shipgate-reports/report.json", "fix shipgate finding".
+description: Use when the user wants to add the deterministic merge gate for AI-generated agent capability changes (a local-first, static Tool-Use Readiness review) to an AI agent's tool surface, run agents-shipgate scans, fix or triage Shipgate findings, add Shipgate to CI, or interpret a shipgate report. Triggers on phrases like "add shipgate", "release readiness for my agent", "tool-use readiness", "scan my agent", "shipgate scan", "shipgate.yaml", "agents-shipgate-reports/report.json", "fix shipgate finding".
 ---
 
 # agents-shipgate skill
 
-`agents-shipgate` is a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces. It analyzes `shipgate.yaml` plus tool sources (MCP exports, OpenAPI specs, OpenAI Agents SDK Python files, Anthropic Messages API artifacts, Google ADK files, LangChain/LangGraph files, CrewAI files, OpenAI API artifacts, Codex plugin packages and marketplaces, n8n workflow JSON) and emits deterministic findings as Markdown, JSON, and SARIF.
+`agents-shipgate` is the deterministic merge gate for AI-generated agent capability changes — a local-first, static Tool-Use Readiness review. It analyzes `shipgate.yaml` plus tool sources (MCP exports, OpenAPI specs, OpenAI Agents SDK Python files, Anthropic Messages API artifacts, Google ADK files, LangChain/LangGraph files, CrewAI files, OpenAI API artifacts, Codex plugin packages and marketplaces, n8n workflow JSON) and emits deterministic findings as Markdown, JSON, and SARIF.
 
 It does **not** run agents, call tools, invoke LLMs, connect to MCP servers, or send telemetry by default. Static analysis only; audited exceptions are pinned in `tests/test_adapter_static_only.py::ALLOWED_EXCEPTIONS`.
 
diff --git a/skills/agents-shipgate/prompts/add-shipgate-to-repo.md b/skills/agents-shipgate/prompts/add-shipgate-to-repo.md
index afa92503..9847a8bb 100644
--- a/skills/agents-shipgate/prompts/add-shipgate-to-repo.md
+++ b/skills/agents-shipgate/prompts/add-shipgate-to-repo.md
@@ -3,7 +3,8 @@
 You are working in a repo that may contain an AI agent — likely one of: an MCP server tool list (`*mcp*.json` or `.agents-shipgate/*.json`), an OpenAPI spec the agent calls, a Codex plugin package (`.codex-plugin/plugin.json`) or marketplace (`.agents/plugins/marketplace.json`), a Python file with `@function_tool` / `@tool` decorators (OpenAI Agents SDK, LangChain, CrewAI), a Google ADK agent in `agent.py`, an Anthropic Messages API artifact set under `prompts/`/`tools/anthropic-tools.json`/`policies/anthropic-policy.yaml`, or an OpenAI API artifact set under `prompts/`/`tools/openai-tools.json`/`openai-config.json`.
 
 Your job is to drive the canonical 4-call flow end-to-end in one tool-using
-turn, which adds a local-first, static Tool-Use Readiness release gate.
+turn, which adds the deterministic merge gate for AI-generated agent capability
+changes — a local-first, static Tool-Use Readiness review.
 
 ## Your task
 
diff --git a/src/agents_shipgate/cli/_register_scan.py b/src/agents_shipgate/cli/_register_scan.py
index bc6de3df..5f66aca4 100644
--- a/src/agents_shipgate/cli/_register_scan.py
+++ b/src/agents_shipgate/cli/_register_scan.py
@@ -181,7 +181,7 @@ def scan(
         ),
         verbose: bool = typer.Option(False, "--verbose", help="Show debug extraction details."),
     ) -> None:
-        """Run the local-first, static Tool-Use Readiness release gate for AI agent tool surfaces."""
+        """Run the deterministic merge gate for AI-generated agent capability changes."""
         # Parse CLI options first, in their own try block. ConfigError raised
         # here is about flag values, not the manifest — emitting a manifest
         # diagnostic ("edit shipgate.yaml") would route the agent to the
diff --git a/src/agents_shipgate/cli/discovery/agent_instructions/renderers/agents_md.py b/src/agents_shipgate/cli/discovery/agent_instructions/renderers/agents_md.py
index 93fe1a51..c54ab9f8 100644
--- a/src/agents_shipgate/cli/discovery/agent_instructions/renderers/agents_md.py
+++ b/src/agents_shipgate/cli/discovery/agent_instructions/renderers/agents_md.py
@@ -15,8 +15,8 @@ def render_block() -> str:
     """Return the inner content (between markers) for AGENTS.md."""
     return f"""## Tool-Use Readiness Release Gate
 
-This repo uses Agents Shipgate as the local-first, static Tool-Use Readiness
-release gate for AI agent tool surfaces.
+This repo uses Agents Shipgate as the deterministic merge gate for AI-generated
+agent capability changes — a local-first, static Tool-Use Readiness review.
 
 Run Shipgate when this PR changes agent tools, MCP exports, OpenAPI specs,
 prompts that constrain tool use, permissions, approval policies,
diff --git a/src/agents_shipgate/cli/discovery/agent_instructions/renderers/claude_md.py b/src/agents_shipgate/cli/discovery/agent_instructions/renderers/claude_md.py
index 47a350db..49083154 100644
--- a/src/agents_shipgate/cli/discovery/agent_instructions/renderers/claude_md.py
+++ b/src/agents_shipgate/cli/discovery/agent_instructions/renderers/claude_md.py
@@ -16,8 +16,8 @@ def render_block() -> str:
     """Return the inner content (between markers) for CLAUDE.md."""
     return f"""## Agents Shipgate
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review.
 
 For agent tool-surface or release-policy changes, run:
 
diff --git a/src/agents_shipgate/cli/discovery/agent_instructions/renderers/cursor.py b/src/agents_shipgate/cli/discovery/agent_instructions/renderers/cursor.py
index d2ce74bb..54b78220 100644
--- a/src/agents_shipgate/cli/discovery/agent_instructions/renderers/cursor.py
+++ b/src/agents_shipgate/cli/discovery/agent_instructions/renderers/cursor.py
@@ -15,7 +15,7 @@
 def render_file() -> str:
     """Return the full file body for ``.cursor/rules/agents-shipgate.mdc``."""
     return """---
-description: Run Agents Shipgate as a local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.
+description: Run Agents Shipgate as the deterministic merge gate for AI-generated agent capability changes.
 globs:
   - "shipgate.yaml"
   - "**/*openapi*.yaml"
@@ -44,8 +44,8 @@ def render_file() -> str:
 alwaysApply: false
 ---
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review.
 
 When a change affects agent tools, MCP exports, OpenAPI specs, prompts,
 permissions, approval policies, or release gates, run Agents Shipgate.
diff --git a/src/agents_shipgate/cli/discovery/agent_instructions/renderers/pr_template.py b/src/agents_shipgate/cli/discovery/agent_instructions/renderers/pr_template.py
index 3e04108c..6348aa40 100644
--- a/src/agents_shipgate/cli/discovery/agent_instructions/renderers/pr_template.py
+++ b/src/agents_shipgate/cli/discovery/agent_instructions/renderers/pr_template.py
@@ -12,8 +12,8 @@ def render_block() -> str:
     """Return the inner content (between markers) for the PR template."""
     return """## Tool-Use Readiness Release Gate
 
-Agents Shipgate is the local-first, static Tool-Use Readiness release gate for
-AI agent tool surfaces.
+Agents Shipgate is the deterministic merge gate for AI-generated agent
+capability changes — a local-first, static Tool-Use Readiness review.
 
 - [ ] If this PR changes agent tools, MCP/OpenAPI specs, prompts, permissions,
       approval policy, confirmation policy, CI release gates, or
diff --git a/src/agents_shipgate/cli/main.py b/src/agents_shipgate/cli/main.py
index b118e5a4..0773b18d 100644
--- a/src/agents_shipgate/cli/main.py
+++ b/src/agents_shipgate/cli/main.py
@@ -29,7 +29,7 @@
 
 app = typer.Typer(
     name="agents-shipgate",
-    help="Local-first, static Tool-Use Readiness release gate for AI agent tool surfaces.",
+    help="The deterministic merge gate for AI-generated agent capability changes.",
     no_args_is_help=True,
     invoke_without_command=True,
 )
diff --git a/src/agents_shipgate/packet/disclaimer.py b/src/agents_shipgate/packet/disclaimer.py
index 9144d6ec..87113fed 100644
--- a/src/agents_shipgate/packet/disclaimer.py
+++ b/src/agents_shipgate/packet/disclaimer.py
@@ -14,8 +14,9 @@
 HITL_RUNTIME_CONTROL_DISCLAIMER = _HITL_RUNTIME_CONTROL_DISCLAIMER
 
 PACKET_NON_PROOF_HEADLINE = (
-    "Agents Shipgate is an advisory, local-first, static Tool-Use Readiness "
-    "release gate for AI agent tool surfaces. The packet below is derived from "
+    "Agents Shipgate is an advisory tool: the deterministic merge gate for "
+    "AI-generated agent capability changes, run as a local-first, static "
+    "Tool-Use Readiness review. The packet below is derived from "
     "a scan; it does not, by itself, prove the following properties:"
 )
 
diff --git a/src/agents_shipgate/report/markdown.py b/src/agents_shipgate/report/markdown.py
index f93468ff..f40984b2 100644
--- a/src/agents_shipgate/report/markdown.py
+++ b/src/agents_shipgate/report/markdown.py
@@ -20,8 +20,9 @@
 )
 
 DISCLAIMER = (
-    "Agents Shipgate is an advisory, local-first, static Tool-Use Readiness "
-    "release gate for AI agent tool surfaces. It does not certify agent safety "
+    "Agents Shipgate is an advisory tool: the deterministic merge gate for "
+    "AI-generated agent capability changes, run as a local-first, static "
+    "Tool-Use Readiness review. It does not certify agent safety "
     "or compliance. Findings are based on static configuration, declared policies, "
     "tool schemas, and optional SDK metadata. Runtime behavior, actual tool routing, "
     "and output interpretation are not verified."
diff --git a/tests/test_agent_instructions_renderers.py b/tests/test_agent_instructions_renderers.py
index 35a1be1e..66e617e1 100644
--- a/tests/test_agent_instructions_renderers.py
+++ b/tests/test_agent_instructions_renderers.py
@@ -40,10 +40,10 @@
 REPO_ROOT = Path(__file__).resolve().parent.parent
 EXPECTED_CLAUDE_CODE_SKILL_RENDER_SHA256 = {
     ".claude/skills/agents-shipgate/SKILL.md": (
-        "9ce82bdc41f2e1ea28c7fec3aaeec0137efeacf8986b66a9ac0e3eccc5abd834"
+        "e1713eecbbb1538987b7bf2cbe90bcdac9c4491f250105b6c68e788c81d49de3"
     ),
     ".claude/skills/agents-shipgate/prompts/add-shipgate-to-repo.md": (
-        "1ea69b1d3d418080c76540fff3b20044f70ed6787418eb5e4d3d39e036b34014"
+        "c19c03db48a5be3b002b385f9df09781e5fe32197d0dd924691f041ebe54d518"
     ),
     ".claude/skills/agents-shipgate/prompts/decide-shipgate-relevance.md": (
         "8fab0595326b127fb1678828fd9b15c63cbe98f0229aad5bb87d47030e4b9ca6"
@@ -75,7 +75,7 @@
 }
 EXPECTED_CODEX_SKILL_RENDER_SHA256 = {
     ".agents/skills/agents-shipgate/SKILL.md": (
-        "367ef145ef928912cc517149e61b0efe413e740680787ef13441a6abd55b4647"
+        "bfd89761a2266ab89bc686a85fdd7700b0b915d5a8b133fafae16bb758d3272e"
     ),
     ".agents/skills/agents-shipgate/references/recipes.md": (
         "b5d90a1b02ebcc5bbc1c25015722508bc6d1ffde4bf28a470df88bb195c56aec"
diff --git a/tests/test_docs_links.py b/tests/test_docs_links.py
index edfd59e8..adfa8fff 100644
--- a/tests/test_docs_links.py
+++ b/tests/test_docs_links.py
@@ -206,7 +206,7 @@ def test_target_repo_snippets_pin_advisory_agent_contract():
 
 def test_readme_onboarding_copy_pins_agent_contract():
     text = (REPO_ROOT / "README.md").read_text(encoding="utf-8")
-    assert "Local-first, static Tool-Use Readiness release gate" in text
+    assert "The deterministic merge gate for AI-generated agent capability changes" in text
     assert "5-minute" in text
     assert "Copy this into your coding agent" in text
     assert "https://github.com/marketplace/actions/agents-shipgate" in text
diff --git a/tests/test_public_surface_contract.py b/tests/test_public_surface_contract.py
index 4ea59fa9..1ca96fbf 100644
--- a/tests/test_public_surface_contract.py
+++ b/tests/test_public_surface_contract.py
@@ -128,12 +128,10 @@
     re.IGNORECASE,
 )
 POSITIONING_PHRASE = (
-    "Local-first, static Tool-Use Readiness release gate for "
-    "AI agent tool surfaces"
+    "The deterministic merge gate for AI-generated agent capability changes"
 )
 POSITIONING_SCAN_DOCSTRING = (
-    "local-first, static Tool-Use Readiness release gate for "
-    "AI agent tool surfaces"
+    "the deterministic merge gate for AI-generated agent capability changes"
 )
 POSITIONING_SURFACES = (
     "README.md",
@@ -1442,8 +1440,8 @@ def test_primary_surfaces_use_mvp_wedge_positioning(relpath):
 def test_scan_help_uses_tool_use_readiness_positioning():
     text = _normalize_ws(_read("src/agents_shipgate/cli/_register_scan.py"))
     assert POSITIONING_SCAN_DOCSTRING.lower() in text.lower(), (
-        "scan command docstring must use the local-first, static Tool-Use "
-        "Readiness release gate positioning."
+        "scan command docstring must use the canonical merge-gate "
+        "positioning phrase."
     )
 
 

From a7677a97f3f399a0a31afec9e957a4e1e19ee1c6 Mon Sep 17 00:00:00 2001
From: Pengfei Hu <pengfei@threemoonslab.com>
Date: Sun, 31 May 2026 10:38:21 -0700
Subject: [PATCH 2/3] README: show base/head verify form for PR/CI, reserve
 no-base/head for local
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The verify-first quickstart framed the PR case but showed the local
(no --base/--head) form, which scans the head workspace without PR diff
context — so capability-diff and trust-root signals can be missing. Show the
`--base origin/main --head HEAD` form for committed PR/CI refs (matching the
AGENTS.md / trigger guidance) and reserve the no-base/--head form for local
uncommitted work.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index b0c5bc02..b5cbf23f 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,17 @@ Apache-2.0.
 
 The core loop is verify-first: when a PR changes what your agent can do, run the
 deterministic verifier on the diff and read its merge verdict before you merge.
+On a committed PR/CI ref, pass the base and head so the diff — the capability
+delta and trust-root signals — is in scope (make the base ref available first,
+e.g. `git fetch origin main`):
+
+```bash
+agents-shipgate verify --workspace . --config shipgate.yaml \
+  --ci-mode advisory --format json --base origin/main --head HEAD
+```
+
+For local, uncommitted work, omit `--base`/`--head` so your working-tree edits
+are scanned instead:
 
 ```bash
 agents-shipgate verify --workspace . --config shipgate.yaml \

From 9653b799c7c7c4ec790ae0af462984a8b1f90ed7 Mon Sep 17 00:00:00 2001
From: Pengfei Hu <pengfei@threemoonslab.com>
Date: Sun, 31 May 2026 10:44:37 -0700
Subject: [PATCH 3/3] AGENTS.md: clarify published surfaces sync at release;
 regen llms-full.txt

Note in the canonical-tagline directive that the website's `.well-known`
discovery file is pinned to the latest released tag and refreshes at each
release (closes a reviewer question about external surfaces not yet matching
the new tagline). Regenerate llms-full.txt since AGENTS.md is one of its
sources.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 AGENTS.md     | 2 +-
 llms-full.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index 8cc57fa1..ab2f9b08 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -33,7 +33,7 @@ The canonical tagline is:
 
 > The deterministic merge gate for AI-generated agent capability changes.
 
-This single sentence is the source of truth for the GitHub repo description, [README.md](README.md), the [wiki Home page](https://github.com/ThreeMoonsLab/agents-shipgate/wiki/Home), and the [marketing site](https://threemoonslab.com/) `<meta name="description">`. Keep them in sync.
+This single sentence is the source of truth for the GitHub repo description, [README.md](README.md), the [wiki Home page](https://github.com/ThreeMoonsLab/agents-shipgate/wiki/Home), and the [marketing site](https://threemoonslab.com/) `<meta name="description">`. Keep them in sync; the website's `.well-known` discovery file is pinned to the latest released tag and refreshes at each release.
 
 Use **Tool-Use Readiness** in Title Case when naming the product/category or
 the **Tool-Use Readiness Report** artifact. Use **tool-use readiness** in
diff --git a/llms-full.txt b/llms-full.txt
index 3919c449..26e12058 100644
--- a/llms-full.txt
+++ b/llms-full.txt
@@ -58,7 +58,7 @@ The canonical tagline is:
 
 > The deterministic merge gate for AI-generated agent capability changes.
 
-This single sentence is the source of truth for the GitHub repo description, [README.md](README.md), the [wiki Home page](https://github.com/ThreeMoonsLab/agents-shipgate/wiki/Home), and the [marketing site](https://threemoonslab.com/) `<meta name="description">`. Keep them in sync.
+This single sentence is the source of truth for the GitHub repo description, [README.md](README.md), the [wiki Home page](https://github.com/ThreeMoonsLab/agents-shipgate/wiki/Home), and the [marketing site](https://threemoonslab.com/) `<meta name="description">`. Keep them in sync; the website's `.well-known` discovery file is pinned to the latest released tag and refreshes at each release.
 
 Use **Tool-Use Readiness** in Title Case when naming the product/category or
 the **Tool-Use Readiness Report** artifact. Use **tool-use readiness** in