- scripts/validate-assets.mjs: walks ASSETS_DIR (default 'assets'), requires every
non-sidecar non-.gitkeep non-README file to carry a sibling <name>.provenance.json
validating against Zod ProvenanceSchema (6 required fields per CLAUDE.md / AEST-08
+ optional provenance_schema_version per RESEARCH Open Question #2). Excludes
assets/__samples__/refused/ so the proof-of-gate fixture passes the gate.
- assets/__samples__/refused/no-provenance.png: 1x1 transparent PNG with no sidecar;
the gate-proof artifact per CONTEXT D-03.
- scripts/validate-assets.test.ts: Vitest integration test covering both cases.
Positive: real /assets/ tree must exit 0. Negative: per-test-run mkdtemp under
os.tmpdir() with one orphan PNG; runs validator with ASSETS_DIR pointing at the
tmpdir; asserts exit 1 + clear error message + cleanup in afterAll. No risk of
polluting the real /assets/ tree (BLOCKER 2 fix).
- vitest.config.ts: extend include glob to also pick up scripts/**/*.test.ts (Rule 3
blocking fix — without this the new test file is invisible to vitest).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
