feat(config): promote gateway policy example → live (Phase E §1.5)

[hyperpolymath]

Summary

Lands config/gateway-policy-boj.yaml — the live Verb Governance Spec
the HCG tier-2 gateway loads via POLICY_PATH in staging (§2.1) and
production (§3.1) per the rollout runbook. The Phase A worked example
(config/gateway-policy-boj-example.yaml) is retained as the documentation
artefact; the live file is now the operational one. Closes the example→live
promotion item on the Phase E §1.5 checklist.

Single-lane HCG tier-2 channel (standards#91). Phase A (#96), B (#97),
C (#98), D (#99) are joint-closed; Phase E (standards#100) is the active
phase, with multiple artefacts gating closure (§6.4 Trustfile flip is the
last). This PR lands one tractable artefact; staging soak (§2), production
traffic split (§3) and the §6.4 flip remain owner-driven.

What this PR lands

• config/gateway-policy-boj.yaml — live policy file. Content-identical
  to gateway-policy-boj-example.yaml at promotion time. Header rewritten
  to reflect its live-file role (operational artefact, not pedagogical),
  with DEFAULT-DENY INVARIANT reframed from "Phase A check" to "permanent
  invariant — must hold for every future gateway release". DSL v1 conformance
  preserved; all 28 routes (global_verbs: [GET, POST]; per-route verbs,
  exposure, name, narrative; stealth_profile on internal routes;
  top-level stealth: { enabled: true, status_code: 404 }) carried forward
  unchanged.
• Runbook §1.5 — flips the trailing "still to be promoted from this
  example before §3.1" note (on the existing [x] example-in-place line)
  to a discrete [x] item recording the live file's existence and the
  divergence policy ("future BoJ-surface evolution lands in the live file;
  the example remains as the worked-example artefact").
• Runbook §2.1 step 2 — switches staging POLICY_PATH from the example
  to the live file so staging exercises the same artefact that production
  will. Production §3.1 (which inherits §2.1's environment with the
  traffic-shift mechanism overlaid) needs no change.
• Runbook header — version 0.2 → 0.3; status line updated to acknowledge
  the live-policy promotion.

What this PR deliberately does NOT do

• Close standards#100. Per runbook §6.5 the joint-close happens after
  the §6.4 Trustfile flip (tier_2_gateway.status: PENDING → DEPLOYED),
  which itself follows the §3.3 100% production-soak window. Using Refs
  not Closes to match the established Phase E pattern (PRs chore(deps): bump nixpkgs from 01fbdee to 6368eda #38, and
  Phase D PRs fix: offline inspection mode for Glama tool detection #14, Update dependabot.yml #22, Add Green Web Foundation badge #26, Claude/resume repos migration 9 o2 u1 #30 — all Refs'd their phase issue and the
  owner joint-closed the issue once the final artefact landed). This
  deliberately diverges from the dispatch brief's literal "Closes
  hyperpolymath/standards#" line in favour of the
  canonical runbook §6.5 close-out discipline that the brief itself points
  to as the source of truth ("using the canonical sources"). The owner
  remains the sole closer of standards#100.
• Touch the HCG deploy spec. container/gateway-deploy.k9.ncl in
  hyperpolymath/http-capability-gateway (PR chore(deps): bump nixpkgs from 01fbdee to 6368eda #38) reads POLICY_PATH at
  deploy time from the env, so the live-file cut-over is a runbook + config
  artefact change on the BoJ side, not a deploy-spec change on the gateway
  side. No companion PR on the gateway repo.
• Diverge the live file from the example. At promotion the two files
  are content-identical. Future divergence is intentional and the live file
  is authoritative; the example may be intentionally simpler.
• Trigger any deploy. No traffic shift, no staging cut-over, no §6.4
  flip happens at merge time. This is a static artefact landing.
• Update the deploy spec's POLICY_PATH default. The deploy spec
  carries env-var declarations; the live-file path is operator-supplied at
  deploy time.

Verification

• DSL v1 conformance: dsl_version: "1"; governance.global_verbs is
  [GET, POST]; every route has a non-empty verbs; exposure ∈ {public, authenticated, internal}; stealth.enabled boolean,
  stealth.status_code: 404 in 100..599.
• All 28 example routes preserved unchanged in the live file (route
  count, names, paths, verbs, exposures, narratives).
• SPDX header MPL-2.0 matches repo convention (config/, docs/).
• Runbook §1.5 and §2.1 cross-references to gateway-policy-boj.yaml
  and gateway-policy-boj-example.yaml resolve.
• Manual: mix gateway.validate config/gateway-policy-boj.yaml
  (gateway-side; can be run by the operator before §2.1 stand-up —
  see runbook §1.5 last open item, smoke-test).

Channel position

standards#91 (parent, open)
├── #96 Phase A — closed (boj-server: contract + policy-authoring + example; gateway: -)
├── #97 Phase B — closed (gateway#10: mTLS primary path)
├── #98 Phase C — closed (gateway#11: strip; boj-server#106: TrustPolicy clause)
├── #99 Phase D — closed (boj-server#168 on 2026-06-01; gateway#12/#14/#22/#26/#30)
└── #100 Phase E — IN PROGRESS
     ├── E5 runbook draft — boj-server#128 (landed; rehearsal pending)
     ├── E1 loopback prereqs — boj-server#130/#131/#132/#165/#173 (landed)
     ├── E1 deploy spec — http-capability-gateway#38 (landed)
     ├── E1 live policy promotion — THIS PR (in review)
     ├── E1 .ctp signing — owner follow-up
     ├── E2 staging cut-over — owner follow-up
     ├── E3 telemetry verification — owner follow-up
     ├── E4 production rollout — owner follow-up
     └── §6.4 Trustfile flip + §6.5 joint-close — owner-only

Refs hyperpolymath/standards#91
Refs hyperpolymath/standards#100

🤖 Generated with Claude Code

---

Generated by Claude Code

[github-actions]

🔍 Hypatia Security Scan

Findings: 270 issues detected

Severity	Count
🔴 Critical	15
🟠 High	134
🟡 Medium	121

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Stale AI session file -- delete",
    "type": "stale",
    "file": "GEMINI.md",
    "action": "delete",
    "rule_module": "root_hygiene",
    "severity": "medium"
  },
  {
    "reason": "Action  if: always()\n        uses: actions/upload-artifact@ea165f8 needs attention",
    "type": "unpinned_action",
    "file": "e2e.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in abi-drift.yml",
    "type": "missing_timeout_minutes",
    "file": "abi-drift.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in container-publish.yml",
    "type": "missing_timeout_minutes",
    "file": "container-publish.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence