@agentbridge1/cli 0.0.4 → 0.0.6

package/dist/init.js

@@ -5,6 +5,7 @@ exports.refineRecoveredDomains = refineRecoveredDomains;
 exports.writeLocalRulesArtifacts = writeLocalRulesArtifacts;
 exports.buildBootstrapPayloadFromEvidence = buildBootstrapPayloadFromEvidence;
 exports.runInit = runInit;
+exports.scanRecoveryFromRepo = scanRecoveryFromRepo;
 exports.runBootstrapRecovery = runBootstrapRecovery;
 const promises_1 = require("node:readline/promises");
 const node_child_process_1 = require("node:child_process");
@@ -16,6 +17,7 @@ const git_evidence_1 = require("./git-evidence");
 const config_1 = require("./config");
 const watch_core_1 = require("./watch-core");
 const precommit_1 = require("./precommit");
+const recovery_reconcile_1 = require("./recovery-reconcile");
 const WORKFLOW_SUMMARY = "Recover domains from repository evidence, map ownership boundaries, enforce lane discipline, and require authority requests before cross-domain edits.";
 const KNOWN_DOMAIN_LABELS = {
     communications: "Communications",
@@ -104,25 +106,83 @@ function assertInsideGitRepo() {
 function normalizeToken(value) {
     return value.trim().toLowerCase().replace(/[_\s]+/g, "-");
 }
-function classifyDomainKey(path) {
-    const normalized = path.replace(/\\/g, "/");
-    const srcMatch = normalized.match(/^src\/([^/]+)\//);
-    if (srcMatch) {
-        const folder = normalizeToken(srcMatch[1] ?? "");
+function normalizePath(path) {
+    return path.replace(/\\/g, "/").replace(/^\.\//, "");
+}
+function deriveDomainKeyFromPath(path) {
+    const normalized = normalizePath(path);
+    const packageSourcesMatch = normalized.match(/^([^/]+)\/Sources\/([^/]+)\//);
+    if (packageSourcesMatch) {
+        const folder = normalizeToken(packageSourcesMatch[2] ?? "");
+        if (folder === "supabase")
+            return "database";
+        return folder || null;
+    }
+    const srcLikeMatch = normalized.match(/^(src|Sources|modules|Modules|feature|features)\/([^/]+)\//);
+    if (srcLikeMatch) {
+        const folder = normalizeToken(srcLikeMatch[2] ?? "");
         if (folder === "supabase")
             return "database";
-        if (folder)
-            return folder;
-        return null;
+        return folder || null;
     }
     if (normalized.startsWith("db/") || normalized.startsWith("prisma/") || normalized.startsWith("supabase/")) {
         return "database";
     }
+    if (normalized.startsWith("backend/supabase/") ||
+        normalized.includes("/supabase/functions/") ||
+        normalized.includes("/supabase/migrations/")) {
+        return "database";
+    }
     if (/^supabase_.*\.sql$/i.test(normalized)) {
         return "database";
     }
+    const xcodeAppMatch = normalized.match(/^([^/]+)\/\1\//);
+    if (xcodeAppMatch) {
+        const appName = normalizeToken(xcodeAppMatch[1] ?? "");
+        if (appName)
+            return appName;
+    }
+    const topLevelMatch = normalized.match(/^([^/]+)\//);
+    if (topLevelMatch) {
+        const top = normalizeToken(topLevelMatch[1] ?? "");
+        if (top === "backend")
+            return "backend";
+    }
+    return null;
+}
+function extractDomainPrefix(path) {
+    const normalized = normalizePath(path);
+    const packageSourcesMatch = normalized.match(/^([^/]+)\/Sources\/([^/]+)\//);
+    if (packageSourcesMatch) {
+        return `${packageSourcesMatch[1]}/Sources/${packageSourcesMatch[2]}/`;
+    }
+    const srcLikeMatch = normalized.match(/^(src|Sources|modules|Modules|feature|features)\/([^/]+)\//);
+    if (srcLikeMatch) {
+        return `${srcLikeMatch[1]}/${srcLikeMatch[2]}/`;
+    }
+    if (normalized.startsWith("db/"))
+        return "db/";
+    if (normalized.startsWith("prisma/"))
+        return "prisma/";
+    if (normalized.startsWith("supabase/"))
+        return "supabase/";
+    if (normalized.startsWith("backend/supabase/"))
+        return "backend/supabase/";
+    if (/^supabase_.*\.sql$/i.test(normalized))
+        return "supabase_*.sql";
+    const xcodeAppMatch = normalized.match(/^([^/]+)\/\1\//);
+    if (xcodeAppMatch) {
+        return `${xcodeAppMatch[1]}/${xcodeAppMatch[1]}/`;
+    }
+    const topLevelMatch = normalized.match(/^([^/]+)\//);
+    if (topLevelMatch?.[1] === "backend") {
+        return "backend/";
+    }
     return null;
 }
+function classifyDomainKey(path) {
+    return deriveDomainKeyFromPath(path);
+}
 function tierForDomainKey(domainKey, files) {
     if (domainKey === "sessions") {
         const highRisk = files.some((file) => /(token|auth|state|orchestrator|repository|session)/i.test(file));
@@ -148,9 +208,11 @@ function confidenceForDomain(fileCount) {
 }
 function collectWorkspaceDomainSeeds() {
     const seeds = new Set();
-    const srcPath = (0, node_path_1.resolve)(process.cwd(), "src");
-    if ((0, node_fs_1.existsSync)(srcPath)) {
-        for (const entry of (0, node_fs_1.readdirSync)(srcPath, { withFileTypes: true })) {
+    for (const root of ["src", "Sources", "modules", "Modules", "feature", "features"]) {
+        const rootPath = (0, node_path_1.resolve)(process.cwd(), root);
+        if (!(0, node_fs_1.existsSync)(rootPath))
+            continue;
+        for (const entry of (0, node_fs_1.readdirSync)(rootPath, { withFileTypes: true })) {
             if (!entry.isDirectory())
                 continue;
             const folder = normalizeToken(entry.name);
@@ -162,19 +224,53 @@ function collectWorkspaceDomainSeeds() {
             }
         }
     }
+    for (const topLevelEntry of (0, node_fs_1.readdirSync)(process.cwd(), { withFileTypes: true })) {
+        if (!topLevelEntry.isDirectory())
+            continue;
+        const packageSourcesPath = (0, node_path_1.resolve)(process.cwd(), topLevelEntry.name, "Sources");
+        if (!(0, node_fs_1.existsSync)(packageSourcesPath))
+            continue;
+        for (const sourceEntry of (0, node_fs_1.readdirSync)(packageSourcesPath, { withFileTypes: true })) {
+            if (!sourceEntry.isDirectory())
+                continue;
+            const folder = normalizeToken(sourceEntry.name);
+            if (folder === "supabase") {
+                seeds.add("database");
+            }
+            else if (folder) {
+                seeds.add(folder);
+            }
+        }
+    }
     for (const dbFolder of ["db", "prisma", "supabase"]) {
         if ((0, node_fs_1.existsSync)((0, node_path_1.resolve)(process.cwd(), dbFolder))) {
             seeds.add("database");
         }
     }
+    if ((0, node_fs_1.existsSync)((0, node_path_1.resolve)(process.cwd(), "backend", "supabase"))) {
+        seeds.add("database");
+    }
+    for (const topLevelEntry of (0, node_fs_1.readdirSync)(process.cwd(), { withFileTypes: true })) {
+        if (!topLevelEntry.isDirectory())
+            continue;
+        const nestedSameName = (0, node_path_1.resolve)(process.cwd(), topLevelEntry.name, topLevelEntry.name);
+        if ((0, node_fs_1.existsSync)(nestedSameName)) {
+            const folder = normalizeToken(topLevelEntry.name);
+            if (folder)
+                seeds.add(folder);
+        }
+    }
     return Array.from(seeds);
 }
 function refineRecoveredDomains(inferredClusters, evidence, architectureDomains) {
     const domainFiles = new Map();
+    const domainPrefixes = new Map();
     const workspaceSeeds = collectWorkspaceDomainSeeds();
     for (const seed of workspaceSeeds) {
         if (!domainFiles.has(seed))
             domainFiles.set(seed, new Set());
+        if (!domainPrefixes.has(seed))
+            domainPrefixes.set(seed, new Set());
     }
     for (const file of evidence.files) {
         const key = classifyDomainKey(file);
@@ -183,6 +279,12 @@ function refineRecoveredDomains(inferredClusters, evidence, architectureDomains)
         if (!domainFiles.has(key))
             domainFiles.set(key, new Set());
         domainFiles.get(key)?.add(file);
+        const prefix = extractDomainPrefix(file);
+        if (prefix) {
+            if (!domainPrefixes.has(key))
+                domainPrefixes.set(key, new Set());
+            domainPrefixes.get(key)?.add(prefix);
+        }
     }
     for (const cluster of inferredClusters) {
         const clusterPaths = [...cluster.files, ...cluster.path_prefixes];
@@ -207,6 +309,12 @@ function refineRecoveredDomains(inferredClusters, evidence, architectureDomains)
         for (const file of cluster.files) {
             if (classifyDomainKey(file) === chosenKey) {
                 domainFiles.get(chosenKey)?.add(file);
+                const prefix = extractDomainPrefix(file);
+                if (prefix) {
+                    if (!domainPrefixes.has(chosenKey))
+                        domainPrefixes.set(chosenKey, new Set());
+                    domainPrefixes.get(chosenKey)?.add(prefix);
+                }
             }
         }
     }
@@ -237,12 +345,14 @@ function refineRecoveredDomains(inferredClusters, evidence, architectureDomains)
     return Array.from(domainFiles.entries())
         .map(([key, filesSet]) => {
         const files = Array.from(filesSet).sort((a, b) => a.localeCompare(b));
+        const inferredPrefixes = Array.from(domainPrefixes.get(key) ?? []);
         const pathPatterns = DOMAIN_PREFIX_BY_KEY[key] ??
+            (inferredPrefixes.length > 0 ? inferredPrefixes : undefined) ??
             (key === "database"
                 ? ["db/", "prisma/", "supabase/", "supabase_*.sql"]
                 : key === "shared"
                     ? ["src/shared/"]
-                    : [`src/${key}/`]);
+                    : [`${key}/`]);
         const primaryPrefix = pathPatterns[0] ? pathPatterns[0].replace(/\/$/, "") : key;
         const protectionTier = tierForDomainKey(key, files);
         return {
@@ -298,14 +408,42 @@ function toCursorRule(domains) {
         "",
     ].join("\n");
 }
-function writeLocalRulesArtifacts(domains) {
+function writeLocalRulesArtifacts(domains, opts = {}) {
     const md = toRulesMarkdown(domains);
     const cursorRule = toCursorRule(domains);
     const rootFile = (0, node_path_1.resolve)(process.cwd(), "AGENTBRIDGE.md");
     const cursorRulesDir = (0, node_path_1.resolve)(process.cwd(), ".cursor", "rules");
+    const cursorFile = (0, node_path_1.resolve)(cursorRulesDir, "agentbridge.mdc");
+    const mdTarget = `${md}\n`;
+    const cursorTarget = `${cursorRule}\n`;
+    if ((0, node_fs_1.existsSync)(rootFile) && (0, node_fs_1.existsSync)(cursorFile) && !opts.force) {
+        const existingMd = (0, node_fs_1.readFileSync)(rootFile, "utf8");
+        const existingCursor = (0, node_fs_1.readFileSync)(cursorFile, "utf8");
+        if (existingMd === mdTarget && existingCursor === cursorTarget) {
+            return { wrote: false, skipped: true, reason: "already up to date" };
+        }
+        if (!existingMd.startsWith("# AgentBridge Local Rules") ||
+            !existingCursor.includes("Recovered domains:")) {
+            return { wrote: false, skipped: true, reason: "local edits preserved" };
+        }
+    }
     (0, node_fs_1.mkdirSync)(cursorRulesDir, { recursive: true });
-    (0, node_fs_1.writeFileSync)(rootFile, `${md}\n`, "utf8");
-    (0, node_fs_1.writeFileSync)((0, node_path_1.resolve)(cursorRulesDir, "agentbridge.mdc"), `${cursorRule}\n`, "utf8");
+    (0, node_fs_1.writeFileSync)(rootFile, mdTarget, "utf8");
+    (0, node_fs_1.writeFileSync)(cursorFile, cursorTarget, "utf8");
+    return { wrote: true, skipped: false };
+}
+function refsToBootstrapDomains(refs) {
+    return refs.map((ref) => ({
+        name: ref.name,
+        pathPatterns: ref.pathPatterns.length > 0 ? ref.pathPatterns : [`${ref.name.toLowerCase()}/`],
+        files: [],
+        evidenceSource: "git_history",
+        confidence: 0.72,
+        protectionTier: (0, watch_core_1.inferTierFromDomainName)(ref.name),
+        knownTraps: [],
+        relatedDomains: [],
+        openRisks: [],
+    }));
 }
 async function buildBootstrapPayloadFromEvidence(ctx, productSummary, architectureDomains, evidence) {
     const clusterResult = await (0, http_1.postJson)(ctx, `/v1/dev/projects/${encodeURIComponent(ctx.projectId)}/recovery/evidence`, evidence);
@@ -416,16 +554,12 @@ async function runInit(ctx) {
         rl.close();
     }
 }
-async function runBootstrapRecovery(ctx, opts = {}) {
+async function scanRecoveryFromRepo(ctx, opts = {}) {
     assertInsideGitRepo();
-    const runtimeCliPath = process.argv[1] ? (0, node_path_1.resolve)(process.argv[1]) : undefined;
-    const hookCliPath = runtimeCliPath ?? (0, node_path_1.resolve)(__dirname, "index.js");
     const productSummary = opts.productSummary?.trim() || "Recovered existing repository baseline for supervised agent work.";
     const architectureDomains = opts.architectureDomains ?? [];
     const collectedEvidence = (0, git_evidence_1.collectGitEvidence)();
-    const evidence = collectedEvidence.payload;
-    const { inferredClusters, payload: bootstrapPayload } = await buildBootstrapPayloadFromEvidence(ctx, productSummary, architectureDomains, evidence);
-    await (0, http_1.postJson)(ctx, `/v1/dev/projects/${encodeURIComponent(ctx.projectId)}/bootstrap`, bootstrapPayload);
+    const { inferredClusters, payload: bootstrapPayload } = await buildBootstrapPayloadFromEvidence(ctx, productSummary, architectureDomains, collectedEvidence.payload);
     const recoveredDomains = inferredClusters
         .filter(isValidAuthorityDomain)
         .map((cluster) => ({
@@ -434,25 +568,65 @@ async function runBootstrapRecovery(ctx, opts = {}) {
         ownerAgentId: `${cluster.suggested_name} Agent`,
         tier: cluster.protection_tier ?? (0, watch_core_1.inferTierFromDomainName)(cluster.suggested_name),
     }));
+    const candidateRefs = recoveredDomains.map((domain) => ({
+        name: domain.domain,
+        pathPatterns: domain.pathPatterns,
+    }));
+    return { inferredClusters, bootstrapPayload, recoveredDomains, candidateRefs };
+}
+async function runBootstrapRecovery(ctx, opts = {}) {
+    assertInsideGitRepo();
+    const runtimeCliPath = process.argv[1] ? (0, node_path_1.resolve)(process.argv[1]) : undefined;
+    const hookCliPath = runtimeCliPath ?? (0, node_path_1.resolve)(__dirname, "index.js");
+    const scan = opts.scan ??
+        (await scanRecoveryFromRepo(ctx, {
+            productSummary: opts.productSummary,
+            architectureDomains: opts.architectureDomains,
+        }));
+    const { inferredClusters, bootstrapPayload, recoveredDomains } = scan;
+    if (opts.reconcilePlan) {
+        const candidateBootstrap = toBootstrapDomains(scan.candidateRefs.map((ref) => ({
+            name: ref.name,
+            files: [],
+            pathPatterns: ref.pathPatterns,
+            confidence: 0.72,
+            protectionTier: (0, watch_core_1.inferTierFromDomainName)(ref.name),
+            knownTraps: [],
+            rationale: "candidate from repository scan",
+        })));
+        const existingBootstrap = refsToBootstrapDomains(opts.reconcilePlan.existingActive);
+        bootstrapPayload.domains = (0, recovery_reconcile_1.mergeBootstrapDomainEntries)(opts.reconcilePlan, candidateBootstrap, existingBootstrap);
+    }
+    await (0, http_1.postJson)(ctx, `/v1/dev/projects/${encodeURIComponent(ctx.projectId)}/bootstrap`, bootstrapPayload);
+    const payloadDomains = Array.isArray(bootstrapPayload.domains)
+        ? bootstrapPayload.domains
+        : [];
+    const payloadDomainKeys = new Set(payloadDomains.map((d) => (d.name ?? "").trim().toLowerCase()).filter(Boolean));
+    const mergedLocalDomains = payloadDomainKeys.size > 0
+        ? recoveredDomains.filter((d) => payloadDomainKeys.has(d.domain.trim().toLowerCase()))
+        : recoveredDomains;
     (0, config_1.updateConfig)({
         apiBaseUrl: ctx.apiBaseUrl,
         projectId: ctx.projectId,
-        domains: recoveredDomains,
+        domains: (0, watch_core_1.toDomainOwnershipInput)(mergedLocalDomains),
         cliPath: runtimeCliPath,
     });
-    writeLocalRulesArtifacts(recoveredDomains.map((domain) => ({
+    writeLocalRulesArtifacts(mergedLocalDomains.map((domain) => ({
         domain: domain.domain,
         owner: domain.ownerAgentId,
         tier: domain.tier,
-    })));
+    })), { force: opts.reconcilePlan?.mode === "force" });
     if (opts.installHook) {
         (0, precommit_1.installPrecommitHookWithPath)(hookCliPath);
         (0, config_1.updateConfig)({ precommitHookInstalled: true, cliPath: runtimeCliPath });
     }
-    node_process_1.stdout.write([
-        "Recovery baseline created.",
-        `Domains mapped: ${recoveredDomains.length}.`,
-        "Project context and local rules are now ready.",
-        "",
-    ].join("\n"));
+    if (!opts.reconcilePlan) {
+        node_process_1.stdout.write([
+            "Recovery baseline created.",
+            `Domains mapped: ${mergedLocalDomains.length}.`,
+            "Project context and local rules are now ready.",
+            "",
+        ].join("\n"));
+    }
+    return { recoveredDomains: mergedLocalDomains };
 }

package/dist/local-memory.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeLocalMemory = writeLocalMemory;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const MEMORY_DIR = (0, node_path_1.resolve)(process.cwd(), ".agentbridge", "memory");
+function summarizeProof(state) {
+    const run = state.lastLocalVerificationRun;
+    if (!run) {
+        return state.changedFiles.length > 0 ? { status: "missing" } : { status: "none" };
+    }
+    if (run.exitCode !== 0) {
+        return { status: "failed", command: run.command, finishedAt: run.finishedAt };
+    }
+    return { status: "ok", command: run.command, finishedAt: run.finishedAt };
+}
+function writeLocalMemory(state, options) {
+    const closedAt = state.closedAt ?? new Date().toISOString();
+    const record = {
+        sessionId: state.id,
+        intent: state.intent?.trim() || "Untitled task",
+        mode: state.mode ?? "local_supervision",
+        changedFiles: [...state.changedFiles].sort(),
+        proofSummary: summarizeProof(state),
+        openedAt: state.startedAt ?? state.createdAt,
+        closedAt,
+        cloudSync: options.cloudSync,
+    };
+    (0, node_fs_1.mkdirSync)(MEMORY_DIR, { recursive: true });
+    const filePath = (0, node_path_1.resolve)(MEMORY_DIR, `${state.id}.json`);
+    (0, node_fs_1.writeFileSync)(filePath, `${JSON.stringify(record, null, 2)}\n`, "utf8");
+    return filePath;
+}

package/dist/local-proof.js

@@ -0,0 +1,158 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isProofNoiseFile = isProofNoiseFile;
+exports.normalizeProofMatchingFileSet = normalizeProofMatchingFileSet;
+exports.fingerprintSetKeyForPaths = fingerprintSetKeyForPaths;
+exports.evaluateLocalProof = evaluateLocalProof;
+exports.buildLocalProofBlockingIssue = buildLocalProofBlockingIssue;
+exports.isLocalVerificationRun = isLocalVerificationRun;
+const file_fingerprints_1 = require("./file-fingerprints");
+function normalizePath(path) {
+    return path.trim().replaceAll("\\", "/");
+}
+function isProofNoiseFile(file) {
+    const normalized = normalizePath(file).toLowerCase();
+    return (normalized === "agentbridge.md" ||
+        normalized === ".cursor" ||
+        normalized.startsWith(".cursor/"));
+}
+function normalizeProofMatchingFileSet(files) {
+    return [...new Set(files.map(normalizePath).filter((file) => file.length > 0 && !isProofNoiseFile(file)))].sort();
+}
+function fingerprintValue(fingerprint) {
+    if (!fingerprint.exists)
+        return "missing";
+    if (fingerprint.sha256)
+        return `sha:${fingerprint.sha256}`;
+    return `meta:${fingerprint.fileType ?? "unknown"}:${fingerprint.size ?? -1}:${Math.trunc(fingerprint.mtimeMs ?? -1)}`;
+}
+function fingerprintSetKeyForPaths(paths, fingerprints) {
+    const normalizedPaths = normalizeProofMatchingFileSet(paths);
+    if (normalizedPaths.length === 0)
+        return "";
+    const map = new Map(fingerprints.map((fingerprint) => [normalizePath(fingerprint.path), fingerprint]));
+    const entries = [];
+    for (const path of normalizedPaths) {
+        const fingerprint = map.get(path);
+        if (!fingerprint)
+            return null;
+        entries.push(`${path}=>${fingerprintValue(fingerprint)}`);
+    }
+    return entries.join("\n");
+}
+function evaluateLocalProof(changedFiles, lastRun) {
+    const normalizedChanged = normalizeProofMatchingFileSet(changedFiles);
+    if (normalizedChanged.length === 0) {
+        return { decision: "ok", changedFiles: [], staleFiles: [] };
+    }
+    if (!lastRun) {
+        return { decision: "needs_proof", changedFiles: normalizedChanged, staleFiles: [] };
+    }
+    if (lastRun.status !== "passed") {
+        return { decision: "failed", changedFiles: normalizedChanged, staleFiles: normalizedChanged };
+    }
+    const currentKey = fingerprintSetKeyForPaths(normalizedChanged, (0, file_fingerprints_1.computeFileFingerprints)(normalizedChanged));
+    const proofKey = fingerprintSetKeyForPaths(lastRun.proofScopeFiles, lastRun.proofScopeFingerprints);
+    if (currentKey === null || proofKey === null || currentKey !== proofKey) {
+        const proofScopeSet = new Set(normalizeProofMatchingFileSet(lastRun.proofScopeFiles));
+        const staleFiles = normalizedChanged.filter((file) => {
+            if (!proofScopeSet.has(file))
+                return true;
+            const currentFp = (0, file_fingerprints_1.computeFileFingerprints)([file])[0];
+            const proofFp = lastRun.proofScopeFingerprints.find((fp) => normalizePath(fp.path) === file);
+            if (!proofFp)
+                return true;
+            return fingerprintValue(currentFp) !== fingerprintValue(proofFp);
+        });
+        return {
+            decision: "stale_evidence",
+            changedFiles: normalizedChanged,
+            staleFiles: staleFiles.length > 0 ? staleFiles : normalizedChanged,
+        };
+    }
+    return { decision: "ok", changedFiles: normalizedChanged, staleFiles: [] };
+}
+function buildLocalProofBlockingIssue(evaluation) {
+    const summarizePromptFiles = (files) => {
+        const unique = [...new Set(files)];
+        if (unique.length === 0)
+            return "current files";
+        const visible = unique.slice(0, 3);
+        if (unique.length <= 3)
+            return visible.join(", ");
+        return `${visible.join(", ")} (+${unique.length - visible.length} more)`;
+    };
+    if (evaluation.decision === "ok")
+        return null;
+    if (evaluation.decision === "stale_evidence") {
+        const staleFiles = [...new Set(evaluation.staleFiles)];
+        return {
+            errorCode: "PROOF_STALE_AFTER_CHANGE",
+            whatHappened: "Verification proof is stale because files changed after the last passing verify.",
+            whyItMatters: "Proof must match the final edited files before you can trust the agent is done.",
+            files: staleFiles,
+            suggestedPrompt: [
+                "Your proof is stale because files changed after verification.",
+                "Rerun verification after your final edit: agentbridge verify -- <test command>",
+                `Files: ${summarizePromptFiles(staleFiles)}`,
+            ].join("\n"),
+            nextAction: "Run: agentbridge verify -- <your test command>",
+        };
+    }
+    if (evaluation.decision === "failed") {
+        return {
+            errorCode: "VERIFICATION_FAILED",
+            whatHappened: "The last verification command failed.",
+            whyItMatters: "Failed verification cannot count as proof.",
+            files: evaluation.changedFiles,
+            suggestedPrompt: [
+                "The last verification command failed.",
+                "Fix the failure and rerun verification with a passing result: agentbridge verify -- <test command>",
+            ].join("\n"),
+            nextAction: "Run: agentbridge verify -- <your test command>",
+        };
+    }
+    const files = [...new Set(evaluation.changedFiles)];
+    return {
+        errorCode: "PROOF_MISSING",
+        whatHappened: "Coding changes were detected with no passing verification proof.",
+        whyItMatters: "Changed files need a recorded verify command before they are safe to trust.",
+        files,
+        suggestedPrompt: [
+            `AgentBridge found ${files.length} changed files without proof.`,
+            "Run verification for the changed files: agentbridge verify -- <test command>",
+            `Files: ${summarizePromptFiles(files)}`,
+        ].join("\n"),
+        nextAction: "Run: agentbridge verify -- <your test command>",
+    };
+}
+function isLocalVerificationRun(value) {
+    if (typeof value !== "object" || value === null)
+        return false;
+    const row = value;
+    if (typeof row.command !== "string" || row.command.length === 0)
+        return false;
+    if (typeof row.startedAt !== "string" || row.startedAt.length === 0)
+        return false;
+    if (typeof row.finishedAt !== "string" || row.finishedAt.length === 0)
+        return false;
+    if (typeof row.exitCode !== "number" || !Number.isFinite(row.exitCode))
+        return false;
+    if (typeof row.stdoutExcerpt !== "string")
+        return false;
+    if (typeof row.stderrExcerpt !== "string")
+        return false;
+    if (typeof row.gitHead !== "string")
+        return false;
+    if (!Array.isArray(row.repoDirtySnapshot) || !row.repoDirtySnapshot.every((entry) => typeof entry === "string")) {
+        return false;
+    }
+    if (!Array.isArray(row.proofScopeFiles) || !row.proofScopeFiles.every((entry) => typeof entry === "string")) {
+        return false;
+    }
+    if (!Array.isArray(row.proofScopeFingerprints))
+        return false;
+    if (row.status !== "passed" && row.status !== "failed")
+        return false;
+    return true;
+}