From b602befae666ae540680ebc4e697b6a0241f72af Mon Sep 17 00:00:00 2001
From: David Ahmann <dilmurat.personal@gmail.com>
Date: Thu, 19 Feb 2026 20:38:31 -0500
Subject: [PATCH] Handle pending script verdicts in governance promotion

---
 governance.go      | 11 ++++++++---
 governance_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/governance.go b/governance.go
index c1c916b..445baf5 100644
--- a/governance.go
+++ b/governance.go
@@ -69,12 +69,17 @@ func NewRecordFromEvent(event GovernanceEvent, source string) (*Record, error) {
 		}
 	}
 	if strings.TrimSpace(event.Verdict) != "" {
+		verdict := strings.TrimSpace(event.Verdict)
 		if recordType == "compiled_action" {
-			if _, ok := eventPayload["gate_verdict"]; !ok {
-				eventPayload["gate_verdict"] = strings.TrimSpace(event.Verdict)
+			if verdict == "pending" {
+				if _, ok := eventPayload["verdict"]; !ok {
+					eventPayload["verdict"] = verdict
+				}
+			} else if _, ok := eventPayload["gate_verdict"]; !ok {
+				eventPayload["gate_verdict"] = verdict
 			}
 		} else if _, ok := eventPayload["verdict"]; !ok {
-			eventPayload["verdict"] = strings.TrimSpace(event.Verdict)
+			eventPayload["verdict"] = verdict
 		}
 	}
 
diff --git a/governance_test.go b/governance_test.go
index ee2096c..9d04ced 100644
--- a/governance_test.go
+++ b/governance_test.go
@@ -187,6 +187,31 @@ func TestNewRecordFromEventErrors(t *testing.T) {
 	require.Error(t, err)
 }
 
+func TestNewRecordFromEventScriptEvaluationPendingVerdict(t *testing.T) {
+	r, err := NewRecordFromEvent(GovernanceEvent{
+		EventID:   "evt-pending-script",
+		Timestamp: "2026-02-20T15:03:00Z",
+		EventType: "script_evaluation",
+		Verdict:   "pending",
+		Detail: map[string]any{
+			"script_hash":          "sha256:7777777777777777777777777777777777777777777777777777777777777777",
+			"tool_sequence":        []string{"shell.exec", "http.request"},
+			"step_count":           2,
+			"has_conditionals":     false,
+			"has_loops":            false,
+			"composite_risk_class": "limited",
+			"script_source":        "agent_planner",
+		},
+	}, "axym")
+	require.NoError(t, err)
+	require.Equal(t, "compiled_action", r.RecordType)
+	require.NoError(t, ValidateRecord(r))
+
+	_, hasGateVerdict := r.Event["gate_verdict"]
+	require.False(t, hasGateVerdict)
+	require.Equal(t, "pending", r.Event["verdict"])
+}
+
 func loadGovernanceEventFixture(t *testing.T, name string) GovernanceEvent {
 	t.Helper()
 	path := filepath.Join("testdata", "governance_events", name)