From c5b2febd285fe562ab97093dfda50fbae8eaa864 Mon Sep 17 00:00:00 2001
From: AnkanMisra <misra13arko@gmail.com>
Date: Sun, 3 May 2026 20:33:30 +0530
Subject: [PATCH 1/2] harden client id validation

---
 AGENTS.md                     |  2 +-
 CLAUDE.md                     |  8 ++--
 README.md                     | 10 ++---
 docs/architecture.md          |  2 +-
 docs/submission.md            | 16 ++++++--
 src/README.md                 |  2 +-
 src/risk-gate/app.ts          | 38 +++++++++++++++++--
 tests/README.md               |  4 +-
 tests/clientIsolation.test.ts | 71 ++++++++++++++++++++++++++++++++---
 9 files changed, 126 insertions(+), 27 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index b8796e1..81f56cf 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -28,7 +28,7 @@ This hackathon submission is **TypeScript on Bun, end to end**. There is no Rust
 bun install                # install deps from bun.lock
 bun run dev                # start risk-gate server with watch on 127.0.0.1:8787
 bun run start              # production-style boot (no watch)
-bun test                   # 90 specs across 10 files
+bun test                   # 112 specs across 13 files
 bun run test:coverage      # v8 coverage report
 bun run typecheck          # tsc --noEmit, must exit 0
 bun run build              # bundle to ./dist/server.js
diff --git a/CLAUDE.md b/CLAUDE.md
index ad013a2..82e6215 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -6,7 +6,7 @@ Project context for Claude Code. Read this first.
 
 **ChainShield Agent** — a policy-bound risk gate for treasury wallets. Built for ETHGlobal OpenAgents 2026. The server takes a transaction intent, evaluates it against deterministic rules + a heuristic ERC-20 simulator, anchors the resulting decision JSON on 0G Storage, and fires KeeperHub remediation playbooks on `BLOCK`. Three verdicts: `ALLOW`, `REQUIRE_HUMAN_CONFIRMATION`, `BLOCK`.
 
-The submission is shipped: PR #6 merged into `main` on 2026-05-03. 90 specs across 10 files green. Live anchor verified on Galileo testnet.
+The submission is shipped: PR #6 merged into `main` on 2026-05-03. 112 specs across 13 files green. Live anchor verified on Galileo testnet.
 
 ## Stack (do not assume Rust/Solidity)
 
@@ -31,7 +31,7 @@ bun run dev:server         # just the Fastify server
 bun run dev:web            # just the Astro frontend
 
 bun run typecheck          # both: server + web (must be 0 errors)
-bun test                   # 90 specs, ~280ms
+bun test                   # 112 specs
 bun run demo               # CLI four-scene runner against the live API
 
 bun run build              # bundle server + Astro static output
@@ -46,7 +46,7 @@ docker compose up --build  # containerised path
 - `src/playbooks/` — `PlaybookRunner` interface, `KeeperHubRunner`, notification channels
 - `src/risk-gate/` — Fastify `app.ts` and `server.ts` composition root
 - `src/cli/demo.ts` — four-canonical-scene CLI
-- `tests/` — 90 specs across 10 files
+- `tests/` — 112 specs across 13 files
 - `web/` — Astro 6 frontend (components, lib, pages, styles)
 - `docs/` — `submission.md` (judge one-pager), `demo-script.md`, `architecture.md`, `sponsors/`
 - `scripts/` — `kh.sh` (KeeperHub helper), `dev.sh` (parallel dev)
@@ -97,7 +97,7 @@ Every PR to `main` and every push to `main` runs [`.github/workflows/ci.yml`](./
 2. Installs web deps with `bun install --frozen-lockfile`
 3. `bun run typecheck:server` — `tsc --noEmit`
 4. `bun run typecheck:web` — `astro check`
-5. `bun test` — 90 specs
+5. `bun test` — 112 specs
 6. `bun run build:web` — Astro production build
 7. Emoji scan — fails the build if any banned emoji byte sequence appears in tracked files
 
diff --git a/README.md b/README.md
index f828cd7..9e8d9ef 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@
 | **API hot path** | `< 50 ms` (anchor uploads stream in the background) |
 | **Verdicts** | `ALLOW` / `REQUIRE_HUMAN_CONFIRMATION` / `BLOCK` |
 | **Decision ladder** | 5 deterministic rules + 1 heuristic ERC-20 simulator |
-| **Test suite** | 109 specs / 13 files / 317 assertions / `~340 ms` cold |
+| **Test suite** | 112 specs / 13 files |
 | **Type safety** | `tsc --noEmit` + `astro check`, both zero-error, strict + `noUncheckedIndexedAccess` |
 | **Sponsors integrated** | 0G Storage, KeeperHub, Gensyn AXL, Discord webhooks |
 | **Lines of TypeScript (server)** | `~1,700` across `src/` |
@@ -223,7 +223,7 @@ The Astro UI lands at <http://localhost:4321>; the API health check at <http://l
 | `bun run dev:web` | Just Astro |
 | `bun run demo` | CLI runs four canonical scenes against the live API |
 | `bun run typecheck` | `tsc --noEmit` (server) + `astro check` (web) |
-| `bun test` | All 109 specs |
+| `bun test` | All 112 specs |
 | `bun run build` | Server bundle + Astro static output |
 | `bun run clean` | Remove `dist`, `coverage`, `.tsbuildinfo`, `web/dist`, `web/.astro` |
 
@@ -231,7 +231,7 @@ The Astro UI lands at <http://localhost:4321>; the API health check at <http://l
 
 ## Test coverage
 
-`109 specs / 13 files / 317 assertions / ~340 ms cold`
+`112 specs / 13 files`
 
 | File | What it covers |
 |---|---|
@@ -264,11 +264,11 @@ Live anchor proofs are pinned as test constants in `tests/webFormat.test.ts` so
 | `src/transport/` | `GossipTransport` interface, `AxlGossipTransport`, `NoopGossip` |
 | `src/risk-gate/` | Fastify `app.ts` + `server.ts` composition root |
 | `src/cli/` | `demo.ts` - four canonical scene runner |
-| `tests/` | 109 specs across 13 files |
+| `tests/` | 112 specs across 13 files |
 | `web/` | Astro 6 frontend (separate Bun workspace) |
 | `docs/` | `submission.md`, `demo-script.md`, `architecture.md`, `deploy.md`, `sponsors/` |
 | `scripts/` | `kh.sh` (KeeperHub helper), `dev.sh` (parallel dev) |
-| `.github/workflows/` | CI: install + dual typecheck + 109 specs + Astro build + emoji scan |
+| `.github/workflows/` | CI: install + dual typecheck + 112 specs + Astro build + emoji scan |
 
 ---
 
diff --git a/docs/architecture.md b/docs/architecture.md
index f7d51fb..ebd1c4e 100644
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -18,7 +18,7 @@ Design for the ChainShield product, mapped onto the sponsor APIs that ship in th
 | Persistence — read path | In-memory cache (anchored writes are best-effort durability, not the read source) |
 | Remediation execution | KeeperHub REST (`https://app.keeperhub.com/api/workflow/{id}/execute`) via `fetch` |
 | Browser UI | Astro 6 at `web/` (vanilla TS, no React/Vue) |
-| Tests | `bun:test` (90 specs across 10 files at the time of writing) |
+| Tests | `bun:test` (112 specs across 13 files at the time of writing) |
 | Containerization | Docker (`oven/bun:1`) |
 
 ## Current Module Map (`src/`)
diff --git a/docs/submission.md b/docs/submission.md
index 8961ddf..2406344 100644
--- a/docs/submission.md
+++ b/docs/submission.md
@@ -6,11 +6,11 @@
 
 ## Progress
 
-**Done** — Phases 1-6 shipped and merged to `main`. 90 specs across 10 files green, server `tsc --noEmit` and Astro `astro check` both clean, Astro production build succeeds. 0G anchor verified live on Galileo (rootHash + storage tx + block + gas all recorded below).
+**Done** — Phases 1-6 shipped and merged to `main`. 112 specs across 13 files green, server `tsc --noEmit` and Astro `astro check` both clean, Astro production build succeeds. 0G anchor verified live on Galileo (rootHash + storage tx + block + gas all recorded below).
 
 **Left** — record demo per [`./demo-script.md`](./demo-script.md), submit at the ETHGlobal portal.
 
-**De-scoped** — 0G Compute (stretch), Gensyn AXL, Rust + Solidity port (post-hackathon).
+**De-scoped** — 0G Compute (stretch), Rust + Solidity port (post-hackathon).
 
 ## What it does
 
@@ -71,6 +71,12 @@ Verify independently:
 - HTML 404 pages and other non-JSON error bodies are scrubbed out of error messages so they never leak into the UI
 - Helper script `scripts/kh.sh` provides `list/get/run/status/ping` subcommands for testing
 
+### Gensyn AXL (wired)
+
+- `src/transport/axlGossip.ts` publishes every `BLOCK` decision to the configured AXL bridge
+- `src/risk-gate/server.ts` uses `AxlGossipTransport` when `AXL_BASE_URL` is set and `NoopGossip` otherwise
+- Soft failures are logged and never block the verdict response
+
 ### Optional integrations
 
 - **Discord** notifications: `WebhookChannel` posts an embed to a Discord webhook on every `BLOCK`. Set `NOTIFY_DISCORD_WEBHOOK` to enable.
@@ -78,7 +84,6 @@ Verify independently:
 ### Stretch / not shipped
 
 - **0G Compute (Inference)** — env stub present; `ZERO_G_INFERENCE_PROVIDER` is discovered at runtime, not yet wired
-- **Gensyn AXL** — env stub orphaned, never integrated. De-scoped after timeline pivot to TypeScript.
 
 ## How the decision engine works
 
@@ -111,11 +116,14 @@ For the Astro frontend specifically:
 ## Test coverage
 
 ```
-90 specs across 10 files · all green · ~280ms
+112 specs across 13 files
 
 tests/api.test.ts                  Risk-Gate API end-to-end
 tests/apiAnchor.test.ts            Anchor surfacing on policy + decision responses
                                    (incl. real ZeroGStore + buildApp e2e)
+tests/axlGossip.test.ts            AXL gossip transport + no-op fallback
+tests/clientIsolation.test.ts      Per-browser isolation + invalid client-id rejection
+tests/cors.test.ts                 WEB_ORIGIN allowlist + preview regex
 tests/engine.test.ts               5-rule decision ladder + invalidIntentValue / invalidApprovalCap guards
 tests/engineRemediation.test.ts    Playbook trigger + notification fan-out
 tests/engineSimulation.test.ts     Simulator integration + revert escalation
diff --git a/src/README.md b/src/README.md
index 68fd1bf..ff7617a 100644
--- a/src/README.md
+++ b/src/README.md
@@ -40,7 +40,7 @@ flowchart LR
 
 | | |
 |---|---|
-| Tests | [`../tests/`](../tests) — 109 specs across 13 files |
+| Tests | [`../tests/`](../tests) — 112 specs across 13 files |
 | Composition root | [`risk-gate/server.ts`](./risk-gate/server.ts) |
 | Frontend | [`../web/`](../web) — Astro 6, separate Bun workspace |
 | Conventions | [`../AGENTS.md`](../AGENTS.md) |
diff --git a/src/risk-gate/app.ts b/src/risk-gate/app.ts
index 87671be..4823b6d 100644
--- a/src/risk-gate/app.ts
+++ b/src/risk-gate/app.ts
@@ -16,6 +16,15 @@ export interface AppDeps {
 }
 
 const DEFAULT_WEB_ORIGINS = ["http://127.0.0.1:4321", "http://localhost:4321"];
+const CLIENT_ID_MAX_LENGTH = 128;
+const CLIENT_ID_PATTERN = /^[A-Za-z0-9._:-]+$/;
+
+class InvalidClientIdError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "InvalidClientIdError";
+  }
+}
 
 /**
  * Parse a single comma-separated `WEB_ORIGIN` entry. Entries surrounded by
@@ -82,6 +91,10 @@ export function buildApp(deps: AppDeps = {}): FastifyInstance {
       reply.status(400).send({ error: "ValidationError", issues: err.issues });
       return;
     }
+    if (err instanceof InvalidClientIdError) {
+      reply.status(400).send({ error: "InvalidClientId", message: err.message });
+      return;
+    }
     const message = err instanceof Error ? err.message : String(err);
     reply.status(500).send({ error: "InternalError", message });
   });
@@ -98,13 +111,29 @@ export function buildApp(deps: AppDeps = {}): FastifyInstance {
    * Requests without the header (curl, the demo CLI, integration tests) get
    * `undefined` and the Store reverts to "no filter" — i.e. global view —
    * which is the legacy behaviour and is still useful for admin / debug.
+   * Requests with a present-but-invalid header are rejected instead of being
+   * treated as admin, so malformed browser traffic cannot bypass isolation.
    */
   function clientIdOf(req: { headers: Record<string, unknown> }): string | undefined {
     const raw = req.headers["x-client-id"];
-    if (typeof raw !== "string") return undefined;
+    if (raw === undefined) return undefined;
+    if (typeof raw !== "string") {
+      throw new InvalidClientIdError("X-Client-Id must be a string.");
+    }
     const trimmed = raw.trim();
-    // Cap at 128 chars to bound the dimension of the in-memory store.
-    if (trimmed.length === 0 || trimmed.length > 128) return undefined;
+    if (trimmed.length === 0) {
+      throw new InvalidClientIdError("X-Client-Id must not be blank.");
+    }
+    if (trimmed.length > CLIENT_ID_MAX_LENGTH) {
+      throw new InvalidClientIdError(
+        `X-Client-Id must be ${CLIENT_ID_MAX_LENGTH} characters or fewer.`,
+      );
+    }
+    if (!CLIENT_ID_PATTERN.test(trimmed)) {
+      throw new InvalidClientIdError(
+        "X-Client-Id may only contain letters, numbers, dot, underscore, colon, or hyphen.",
+      );
+    }
     return trimmed;
   }
 
@@ -117,8 +146,9 @@ export function buildApp(deps: AppDeps = {}): FastifyInstance {
   app.put("/policies/:id", async (req, reply) => {
     const { id } = req.params as { id: string };
     const parsed = policyInputSchema.parse(req.body);
+    const cid = clientIdOf(req);
     try {
-      return withAnchorPolicy(await policyService.update(id, parsed, clientIdOf(req)));
+      return withAnchorPolicy(await policyService.update(id, parsed, cid));
     } catch (err) {
       reply.status(404);
       return { error: "NotFound", message: (err as Error).message };
diff --git a/tests/README.md b/tests/README.md
index c761011..1b29038 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -1,9 +1,9 @@
 # `tests/` — unit + integration coverage
 
-> 109 specs across 13 files, all green in `~340 ms`. Every external dependency is faked at the trait boundary; live anchor hashes are pinned as test constants so the renderer is exercised against real chain data.
+> 112 specs across 13 files. Every external dependency is faked at the trait boundary; live anchor hashes are pinned as test constants so the renderer is exercised against real chain data.
 
 ```sh
-bun test                      # all 109 specs
+bun test                      # all 112 specs
 bun test tests/engine.test.ts # one file
 bun test --watch              # watch mode
 bun test --coverage           # coverage report
diff --git a/tests/clientIsolation.test.ts b/tests/clientIsolation.test.ts
index 244ea3a..8eae610 100644
--- a/tests/clientIsolation.test.ts
+++ b/tests/clientIsolation.test.ts
@@ -31,6 +31,15 @@ function getPolicy(app: ReturnType<typeof buildApp>, id: string, clientId?: stri
   });
 }
 
+function putPolicy(app: ReturnType<typeof buildApp>, id: string, clientId?: string) {
+  return app.inject({
+    method: "PUT",
+    url: `/policies/${encodeURIComponent(id)}`,
+    headers: clientId ? { "x-client-id": clientId } : {},
+    payload: { owner: TREASURY, rules: { allowedDestinations: [COLD_VAULT] } },
+  });
+}
+
 function postEvaluate(
   app: ReturnType<typeof buildApp>,
   policyId: string,
@@ -130,15 +139,67 @@ describe("Per-browser session isolation via X-Client-Id", () => {
     await app.close();
   });
 
-  it("rejects oversized X-Client-Id headers and falls back to admin view", async () => {
+  it("rejects oversized X-Client-Id headers instead of falling back to admin view", async () => {
     const app = buildApp();
     const oversized = "x".repeat(200);
+
     const created = await postPolicy(app, oversized);
-    expect(created.statusCode).toBe(201);
-    // Server treated the oversized id as "no clientId", so the policy was
-    // tagged null and the admin view (no header) sees it.
+    expect(created.statusCode).toBe(400);
+    expect(created.json().error).toBe("InvalidClientId");
+
     const adminSeesIt = await listPolicies(app);
-    expect(adminSeesIt.json().length).toBeGreaterThanOrEqual(1);
+    expect(adminSeesIt.json()).toHaveLength(0);
+    await app.close();
+  });
+
+  it("rejects blank X-Client-Id headers instead of writing unscoped rows", async () => {
+    const app = buildApp();
+
+    const created = await postPolicy(app, "   ");
+    expect(created.statusCode).toBe(400);
+    expect(created.json().error).toBe("InvalidClientId");
+
+    const adminSeesIt = await listPolicies(app);
+    expect(adminSeesIt.json()).toHaveLength(0);
+    await app.close();
+  });
+
+  it("rejects invalid X-Client-Id headers on read paths instead of exposing admin data", async () => {
+    const app = buildApp();
+    const created = await postPolicy(app, A);
+    const policyId = created.json().id;
+
+    const oversized = "x".repeat(200);
+    const policyRead = await getPolicy(app, policyId, oversized);
+    expect(policyRead.statusCode).toBe(400);
+    expect(policyRead.json().error).toBe("InvalidClientId");
+
+    const timelineRead = await getTimeline(app, oversized);
+    expect(timelineRead.statusCode).toBe(400);
+    expect(timelineRead.json().error).toBe("InvalidClientId");
+    await app.close();
+  });
+
+  it("rejects malformed X-Client-Id headers consistently across scoped API routes", async () => {
+    const app = buildApp();
+    const created = await postPolicy(app, A);
+    const policyId = created.json().id;
+    const malformed = "browser id with spaces";
+
+    const calls = [
+      postPolicy(app, malformed),
+      listPolicies(app, malformed),
+      getPolicy(app, policyId, malformed),
+      putPolicy(app, policyId, malformed),
+      postEvaluate(app, policyId, malformed),
+      getTimeline(app, malformed),
+    ];
+
+    for (const res of await Promise.all(calls)) {
+      expect(res.statusCode).toBe(400);
+      expect(res.json().error).toBe("InvalidClientId");
+    }
+
     await app.close();
   });
 });

From b995dd1d39fb7fc1facc6627aaf8c3c8cf29a802 Mon Sep 17 00:00:00 2001
From: AnkanMisra <misra13arko@gmail.com>
Date: Sun, 3 May 2026 20:48:54 +0530
Subject: [PATCH 2/2] narrow policy update errors

---
 AGENTS.md                 |  2 +-
 CLAUDE.md                 |  8 +++----
 README.md                 | 10 ++++-----
 docs/architecture.md      |  2 +-
 docs/submission.md        |  4 ++--
 src/README.md             |  2 +-
 src/core/policyService.ts |  9 +++++++-
 src/risk-gate/app.ts      |  7 ++++--
 tests/README.md           |  4 ++--
 tests/api.test.ts         | 47 +++++++++++++++++++++++++++++++++++++++
 10 files changed, 76 insertions(+), 19 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index 81f56cf..5e6bbe8 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -28,7 +28,7 @@ This hackathon submission is **TypeScript on Bun, end to end**. There is no Rust
 bun install                # install deps from bun.lock
 bun run dev                # start risk-gate server with watch on 127.0.0.1:8787
 bun run start              # production-style boot (no watch)
-bun test                   # 112 specs across 13 files
+bun test                   # 114 specs across 13 files
 bun run test:coverage      # v8 coverage report
 bun run typecheck          # tsc --noEmit, must exit 0
 bun run build              # bundle to ./dist/server.js
diff --git a/CLAUDE.md b/CLAUDE.md
index 82e6215..ef49560 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -6,7 +6,7 @@ Project context for Claude Code. Read this first.
 
 **ChainShield Agent** — a policy-bound risk gate for treasury wallets. Built for ETHGlobal OpenAgents 2026. The server takes a transaction intent, evaluates it against deterministic rules + a heuristic ERC-20 simulator, anchors the resulting decision JSON on 0G Storage, and fires KeeperHub remediation playbooks on `BLOCK`. Three verdicts: `ALLOW`, `REQUIRE_HUMAN_CONFIRMATION`, `BLOCK`.
 
-The submission is shipped: PR #6 merged into `main` on 2026-05-03. 112 specs across 13 files green. Live anchor verified on Galileo testnet.
+The submission is shipped: PR #6 merged into `main` on 2026-05-03. 114 specs across 13 files green. Live anchor verified on Galileo testnet.
 
 ## Stack (do not assume Rust/Solidity)
 
@@ -31,7 +31,7 @@ bun run dev:server         # just the Fastify server
 bun run dev:web            # just the Astro frontend
 
 bun run typecheck          # both: server + web (must be 0 errors)
-bun test                   # 112 specs
+bun test                   # 114 specs
 bun run demo               # CLI four-scene runner against the live API
 
 bun run build              # bundle server + Astro static output
@@ -46,7 +46,7 @@ docker compose up --build  # containerised path
 - `src/playbooks/` — `PlaybookRunner` interface, `KeeperHubRunner`, notification channels
 - `src/risk-gate/` — Fastify `app.ts` and `server.ts` composition root
 - `src/cli/demo.ts` — four-canonical-scene CLI
-- `tests/` — 112 specs across 13 files
+- `tests/` — 114 specs across 13 files
 - `web/` — Astro 6 frontend (components, lib, pages, styles)
 - `docs/` — `submission.md` (judge one-pager), `demo-script.md`, `architecture.md`, `sponsors/`
 - `scripts/` — `kh.sh` (KeeperHub helper), `dev.sh` (parallel dev)
@@ -97,7 +97,7 @@ Every PR to `main` and every push to `main` runs [`.github/workflows/ci.yml`](./
 2. Installs web deps with `bun install --frozen-lockfile`
 3. `bun run typecheck:server` — `tsc --noEmit`
 4. `bun run typecheck:web` — `astro check`
-5. `bun test` — 112 specs
+5. `bun test` — 114 specs
 6. `bun run build:web` — Astro production build
 7. Emoji scan — fails the build if any banned emoji byte sequence appears in tracked files
 
diff --git a/README.md b/README.md
index 9e8d9ef..7cd4313 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@
 | **API hot path** | `< 50 ms` (anchor uploads stream in the background) |
 | **Verdicts** | `ALLOW` / `REQUIRE_HUMAN_CONFIRMATION` / `BLOCK` |
 | **Decision ladder** | 5 deterministic rules + 1 heuristic ERC-20 simulator |
-| **Test suite** | 112 specs / 13 files |
+| **Test suite** | 114 specs / 13 files |
 | **Type safety** | `tsc --noEmit` + `astro check`, both zero-error, strict + `noUncheckedIndexedAccess` |
 | **Sponsors integrated** | 0G Storage, KeeperHub, Gensyn AXL, Discord webhooks |
 | **Lines of TypeScript (server)** | `~1,700` across `src/` |
@@ -223,7 +223,7 @@ The Astro UI lands at <http://localhost:4321>; the API health check at <http://l
 | `bun run dev:web` | Just Astro |
 | `bun run demo` | CLI runs four canonical scenes against the live API |
 | `bun run typecheck` | `tsc --noEmit` (server) + `astro check` (web) |
-| `bun test` | All 112 specs |
+| `bun test` | All 114 specs |
 | `bun run build` | Server bundle + Astro static output |
 | `bun run clean` | Remove `dist`, `coverage`, `.tsbuildinfo`, `web/dist`, `web/.astro` |
 
@@ -231,7 +231,7 @@ The Astro UI lands at <http://localhost:4321>; the API health check at <http://l
 
 ## Test coverage
 
-`112 specs / 13 files`
+`114 specs / 13 files`
 
 | File | What it covers |
 |---|---|
@@ -264,11 +264,11 @@ Live anchor proofs are pinned as test constants in `tests/webFormat.test.ts` so
 | `src/transport/` | `GossipTransport` interface, `AxlGossipTransport`, `NoopGossip` |
 | `src/risk-gate/` | Fastify `app.ts` + `server.ts` composition root |
 | `src/cli/` | `demo.ts` - four canonical scene runner |
-| `tests/` | 112 specs across 13 files |
+| `tests/` | 114 specs across 13 files |
 | `web/` | Astro 6 frontend (separate Bun workspace) |
 | `docs/` | `submission.md`, `demo-script.md`, `architecture.md`, `deploy.md`, `sponsors/` |
 | `scripts/` | `kh.sh` (KeeperHub helper), `dev.sh` (parallel dev) |
-| `.github/workflows/` | CI: install + dual typecheck + 112 specs + Astro build + emoji scan |
+| `.github/workflows/` | CI: install + dual typecheck + 114 specs + Astro build + emoji scan |
 
 ---
 
diff --git a/docs/architecture.md b/docs/architecture.md
index ebd1c4e..227e6c1 100644
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -18,7 +18,7 @@ Design for the ChainShield product, mapped onto the sponsor APIs that ship in th
 | Persistence — read path | In-memory cache (anchored writes are best-effort durability, not the read source) |
 | Remediation execution | KeeperHub REST (`https://app.keeperhub.com/api/workflow/{id}/execute`) via `fetch` |
 | Browser UI | Astro 6 at `web/` (vanilla TS, no React/Vue) |
-| Tests | `bun:test` (112 specs across 13 files at the time of writing) |
+| Tests | `bun:test` (114 specs across 13 files at the time of writing) |
 | Containerization | Docker (`oven/bun:1`) |
 
 ## Current Module Map (`src/`)
diff --git a/docs/submission.md b/docs/submission.md
index 2406344..a4bb211 100644
--- a/docs/submission.md
+++ b/docs/submission.md
@@ -6,7 +6,7 @@
 
 ## Progress
 
-**Done** — Phases 1-6 shipped and merged to `main`. 112 specs across 13 files green, server `tsc --noEmit` and Astro `astro check` both clean, Astro production build succeeds. 0G anchor verified live on Galileo (rootHash + storage tx + block + gas all recorded below).
+**Done** — Phases 1-6 shipped and merged to `main`. 114 specs across 13 files green, server `tsc --noEmit` and Astro `astro check` both clean, Astro production build succeeds. 0G anchor verified live on Galileo (rootHash + storage tx + block + gas all recorded below).
 
 **Left** — record demo per [`./demo-script.md`](./demo-script.md), submit at the ETHGlobal portal.
 
@@ -116,7 +116,7 @@ For the Astro frontend specifically:
 ## Test coverage
 
 ```
-112 specs across 13 files
+114 specs across 13 files
 
 tests/api.test.ts                  Risk-Gate API end-to-end
 tests/apiAnchor.test.ts            Anchor surfacing on policy + decision responses
diff --git a/src/README.md b/src/README.md
index ff7617a..d388099 100644
--- a/src/README.md
+++ b/src/README.md
@@ -40,7 +40,7 @@ flowchart LR
 
 | | |
 |---|---|
-| Tests | [`../tests/`](../tests) — 112 specs across 13 files |
+| Tests | [`../tests/`](../tests) — 114 specs across 13 files |
 | Composition root | [`risk-gate/server.ts`](./risk-gate/server.ts) |
 | Frontend | [`../web/`](../web) — Astro 6, separate Bun workspace |
 | Conventions | [`../AGENTS.md`](../AGENTS.md) |
diff --git a/src/core/policyService.ts b/src/core/policyService.ts
index d77d79c..94e07a4 100644
--- a/src/core/policyService.ts
+++ b/src/core/policyService.ts
@@ -3,6 +3,13 @@ import type { Policy } from "./types.js";
 import type { Store } from "../memory/store.js";
 import { policyInputSchema, type PolicyInput } from "./schemas.js";
 
+export class PolicyNotFoundError extends Error {
+  constructor(id: string) {
+    super(`Policy ${id} not found`);
+    this.name = "PolicyNotFoundError";
+  }
+}
+
 export class PolicyService {
   constructor(
     private readonly store: Store,
@@ -26,7 +33,7 @@ export class PolicyService {
 
   async update(id: string, input: PolicyInput, clientId?: string): Promise<Policy> {
     const existing = await this.store.getPolicy(id, clientId);
-    if (!existing) throw new Error(`Policy ${id} not found`);
+    if (!existing) throw new PolicyNotFoundError(id);
     const policy: Policy = {
       ...existing,
       owner: input.owner,
diff --git a/src/risk-gate/app.ts b/src/risk-gate/app.ts
index 4823b6d..b67ebc0 100644
--- a/src/risk-gate/app.ts
+++ b/src/risk-gate/app.ts
@@ -4,7 +4,7 @@ import { ZodError } from "zod";
 import type { AnchorRecord, Store } from "../memory/store.js";
 import { InMemoryStore } from "../memory/memoryStore.js";
 import { DecisionEngine, type DecisionEngineOptions } from "../core/engine.js";
-import { PolicyService } from "../core/policyService.js";
+import { PolicyNotFoundError, PolicyService } from "../core/policyService.js";
 import { evaluateRequestSchema, policyInputSchema } from "../core/schemas.js";
 import type { Decision, Policy } from "../core/types.js";
 import { HeuristicSimulator } from "../simulator/heuristic.js";
@@ -150,8 +150,11 @@ export function buildApp(deps: AppDeps = {}): FastifyInstance {
     try {
       return withAnchorPolicy(await policyService.update(id, parsed, cid));
     } catch (err) {
+      if (!(err instanceof PolicyNotFoundError)) {
+        throw err;
+      }
       reply.status(404);
-      return { error: "NotFound", message: (err as Error).message };
+      return { error: "NotFound", message: err.message };
     }
   });
 
diff --git a/tests/README.md b/tests/README.md
index 1b29038..3c26187 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -1,9 +1,9 @@
 # `tests/` — unit + integration coverage
 
-> 112 specs across 13 files. Every external dependency is faked at the trait boundary; live anchor hashes are pinned as test constants so the renderer is exercised against real chain data.
+> 114 specs across 13 files. Every external dependency is faked at the trait boundary; live anchor hashes are pinned as test constants so the renderer is exercised against real chain data.
 
 ```sh
-bun test                      # all 112 specs
+bun test                      # all 114 specs
 bun test tests/engine.test.ts # one file
 bun test --watch              # watch mode
 bun test --coverage           # coverage report
diff --git a/tests/api.test.ts b/tests/api.test.ts
index 40b9d52..1bae924 100644
--- a/tests/api.test.ts
+++ b/tests/api.test.ts
@@ -1,5 +1,6 @@
 import { describe, expect, it } from "bun:test";
 import { buildApp } from "../src/risk-gate/app.js";
+import type { PolicyService } from "../src/core/policyService.js";
 import { TREASURY, COLD_VAULT, ATTACKER } from "./helpers.js";
 
 describe("Risk-Gate API", () => {
@@ -149,4 +150,50 @@ describe("Risk-Gate API", () => {
     expect(res.json().error).toBe("ValidationError");
     await app.close();
   });
+
+  it("returns 404 when updating an unknown policy", async () => {
+    const app = buildApp();
+    const res = await app.inject({
+      method: "PUT",
+      url: "/policies/missing",
+      payload: {
+        owner: TREASURY,
+        rules: { allowedDestinations: [COLD_VAULT] },
+      },
+    });
+
+    const body = res.json() as { error: string; message: string };
+    expect(res.statusCode).toBe(404);
+    expect(body).toEqual({
+      error: "NotFound",
+      message: "Policy missing not found",
+    });
+    await app.close();
+  });
+
+  it("does not report unexpected policy update failures as NotFound", async () => {
+    const policyService = {
+      update: async () => {
+        throw new Error("storage unavailable");
+      },
+    } as unknown as PolicyService;
+    const app = buildApp({ policyService });
+
+    const res = await app.inject({
+      method: "PUT",
+      url: "/policies/policy-1",
+      payload: {
+        owner: TREASURY,
+        rules: { allowedDestinations: [COLD_VAULT] },
+      },
+    });
+
+    const body = res.json() as { error: string; message: string };
+    expect(res.statusCode).toBe(500);
+    expect(body).toEqual({
+      error: "InternalError",
+      message: "storage unavailable",
+    });
+    await app.close();
+  });
 });