@amistio/cli 0.1.17 → 0.1.19

package/README.md

@@ -15,7 +15,7 @@ Runner lifecycle controls in the web app, such as update, restart, and remove, a
 
 Runner Update installs the official `@amistio/cli` package and then refreshes the runner runtime. Background runners attempt a replacement restart so the next heartbeat reports the new CLI version. If replacement restart metadata is missing or restart fails after a successful install, the old runner still stops and reports manual restart guidance instead of continuing to heartbeat the stale runtime. Foreground `amistio run --watch` sessions stop after a successful install with restart guidance; start the command again to load the updated package.
 
-Current runners advertise the work kinds they can claim. Older runners that do not send this capability can continue legacy brain generation, implementation, and plan revision work, but they will skip source-aware assistant, impact-preview, project-context refresh, issue-diagnosis, app-evaluation, and security-posture work until updated.
+Current runners advertise the work kinds they can claim. Older runners that do not send this capability can continue legacy brain generation, implementation, and plan revision work, but they will skip source-aware assistant, impact-preview, project-context refresh, issue-diagnosis, app-evaluation, security-posture, and implementation-verification work until updated.
 
 Repository brain auto-sync is disabled until the repository link option is enabled in the app. After pairing, run `amistio sync watch` from the paired checkout to push recognized external brain Markdown/MDX files and HTML companions under `docs/html/<area>/`, including local ADRs, plans, prompts, workflows, memory, context, architecture, and feature docs, to the app for review. `amistio run --watch` also runs the same cycle between work polls when the option is enabled. The CLI skips templates, unsupported paths, oversized files, unchanged managed docs, and conflicts instead of silently overwriting web state.
 
@@ -43,14 +43,18 @@ When `--tool codex` uses the Codex SDK, intermediate progress can be quiet until
 
 `amistio runner status` reports local background runner state, latest heartbeat, and bounded resource usage when available. Resource usage is latest-sample runner process memory/CPU plus safe aggregate system memory/load signals; it does not include source files, environment variables, command lines, process lists, credentials, or arbitrary local paths.
 
-The runner advertises its supported work kinds in heartbeats. Current runners can claim read-only `projectContextRefresh` jobs from the workspace Context panel and create due runner-driven refreshes when no fresh approved map exists. Context refreshes inspect the paired checkout locally without modifying files and submit only bounded summaries, slices, entities, relations, safe citations, confidence, freshness, and repo-relative paths. If a submitted context refresh contains unsafe evidence, unsafe paths, or a map too large to store safely, Amistio marks the refresh failed with a safe reason instead of storing the rejected raw result. Approved maps are reused as context packs for source-aware assistant and impact-preview work. Current runners can also claim read-only issue diagnosis jobs from the web Issues panel, generate root-cause analysis and a proposed fix, and submit that result without modifying source. They can claim manual read-only `appEvaluationScan` jobs from the workspace Evaluate panel and create at most one due hourly evaluation during normal watch/background polling when app evaluation is enabled for the repository link. Evaluation results contain bounded summaries, safe evidence, suggested actions, lifecycle proposals, and repo-relative paths only. Current runners can also claim manual read-only `securityPostureScan` jobs from the workspace Security panel and create due daily posture checks during normal watch/background polling. Security scan results contain bounded summaries, standard references, safe evidence, and repo-relative paths only; source, secrets, environment variables, command lines, process lists, credentials, provider sessions, and arbitrary local paths stay local. Implementation or cleanup is queued separately only after the user approves an issue analysis, app evaluation finding, or security remediation plan in the app.
+The runner advertises its supported work kinds in heartbeats. Current runners can claim read-only `projectContextRefresh` jobs from the workspace Context panel and create due runner-driven refreshes when no fresh approved map exists. Context refreshes inspect the paired checkout locally without modifying files and submit only bounded summaries, slices, entities, relations, safe citations, confidence, freshness, and repo-relative paths. If a submitted context refresh contains unsafe evidence, unsafe paths, or a map too large to store safely, Amistio marks the refresh failed with a safe reason instead of storing the rejected raw result. Approved maps are reused as context packs for source-aware assistant and impact-preview work. Current runners can also claim read-only issue diagnosis jobs from the web Issues panel, generate root-cause analysis and a proposed fix, and submit that result without modifying source. They can claim manual read-only `appEvaluationScan` jobs from the workspace Evaluate panel and create at most one due hourly evaluation during normal watch/background polling when app evaluation is enabled for the repository link. Evaluation results contain bounded summaries, safe evidence, suggested actions, lifecycle proposals, and repo-relative paths only. Current runners can also claim manual read-only `securityPostureScan` jobs from the workspace Security panel and create due daily posture checks during normal watch/background polling. Security scan results contain bounded summaries, standard references, safe evidence, and repo-relative paths only. Current runners can claim read-only `implementationVerification` jobs from Tasks to prove whether completed implementation work actually landed; verification submits bounded acceptance-criteria evidence, checks, gaps, outcome, and recommendation without mutating source. Source, secrets, environment variables, command lines, process lists, credentials, provider sessions, and arbitrary local paths stay local. Implementation or cleanup is queued separately only after the user approves an issue analysis, app evaluation finding, or security remediation plan in the app.
 
 Approved implementation work uses Git as the handoff boundary. After the local tool completes successfully, the runner commits the isolated worktree, pushes an `amistio/work/...` branch to the linked GitHub remote, opens or reuses a pull request with the locally authenticated `gh` CLI, reports only safe PR metadata to Amistio, and removes the local worktree after the PR URL is durable. Prepare the runner machine with Git commit identity, push permission to the linked remote, and `gh auth status`. If commit, push, or PR creation fails, the work item is blocked and the branch/worktree stay on disk for manual recovery; source files and patches are not uploaded to Amistio.
 
+Failed or stale work can be requeued from the web Tasks panel. Requeue creates a new linked work attempt and preserves the original terminal attempt for audit history; it is blocked while equivalent work is already active or when the paired runner does not advertise the needed work kind. Completed implementation status is separate from proof: queue `implementationVerification` from Tasks when a plan needs source-aware evidence before cleanup or implementation status decisions.
+
 Runner setup and local-tool execution use bounded failure controls. `amistio run --watch` retries Git worktree preflight failures by releasing the claim for another attempt, then fails the work item after `--max-preflight-attempts` attempts, defaulting to 3. Active local-tool runs renew the work lease, and `--tool-timeout-seconds` caps tool execution, defaulting to 1800 seconds.
 
 Watch mode prints a completed-work success once per work item, keeps fresh completion visible briefly, and returns old completed work to the ready state when no queued, running, blocked, failed, review, or runner-readiness action needs attention.
 
+Known validation failures such as `unsafe_context_path` are printed with attention-needed next steps. For project-context refresh path-safety failures, deploy the latest web/API fix, update and restart the runner when applicable, retry the refresh, and capture only bounded non-secret output if it repeats.
+
 For headless startup after login on supported user-level service managers:
 
 ```sh

package/dist/index.js

@@ -26,6 +26,7 @@ var itemTypeSchema = z.enum([
   "securityPostureSnapshot",
   "appEvaluationScan",
   "appEvaluationFinding",
+  "implementationVerification",
   "projectContextMap",
   "projectContextRefresh",
   "projectSystemDiagram",
@@ -78,9 +79,12 @@ var workStatusSchema = z.enum([
 ]);
 var sourceSchema = z.enum(["web", "repo", "generated", "runner"]);
 var executionModeSchema = z.enum(["localRunner", "cloudSandbox"]);
-var workKindSchema = z.enum(["brainGeneration", "implementation", "planRevision", "assistantQuestion", "impactPreview", "issueDiagnosis", "securityPostureScan", "appEvaluationScan", "projectContextRefresh"]);
+var workKindSchema = z.enum(["brainGeneration", "implementation", "planRevision", "assistantQuestion", "impactPreview", "issueDiagnosis", "securityPostureScan", "appEvaluationScan", "projectContextRefresh", "implementationVerification"]);
 var implementationHandoffStatusSchema = z.enum(["notStarted", "noChanges", "prReady", "blocked", "failed"]);
 var implementationHandoffCleanupStatusSchema = z.enum(["notApplicable", "pending", "completed", "failed"]);
+var implementationVerificationOutcomeSchema = z.enum(["verifiedImplemented", "partiallyImplemented", "notImplemented", "inconclusive", "verificationBlocked"]);
+var implementationVerificationStatusSchema = z.enum(["queued", "running", "completed", "failed", "blocked", "stale"]);
+var implementationProofStatusSchema = z.enum(["unverified", "verificationQueued", "verificationRunning", "verifiedImplemented", "partiallyImplemented", "notImplemented", "inconclusive", "verificationBlocked", "humanOverride"]);
 var implementationHandoffSchema = z.object({
   provider: z.string().trim().min(1).max(80).optional(),
   status: implementationHandoffStatusSchema,
@@ -105,7 +109,7 @@ var issueStatusSchema = z.enum(["queued", "diagnosing", "analysisReady", "approv
 var issueApprovalStateSchema = z.enum(["proposed", "approved", "changesRequested", "rejected", "implemented", "blocked"]);
 var securityScanStatusSchema = z.enum(["queued", "running", "completed", "failed", "stale", "skipped"]);
 var securityScanSourceSchema = z.enum(["nightly", "manual", "runner"]);
-var securityFindingCategorySchema = z.enum(["owasp", "dependency", "supplyChain", "secretHygiene", "authentication", "authorization", "tenantIsolation", "headers", "redirects", "csrf", "cors", "ciCd", "logging", "runnerBoundary", "other"]);
+var securityFindingCategorySchema = z.enum(["owasp", "dependency", "supplyChain", "secretHygiene", "authentication", "authorization", "tenantIsolation", "headers", "redirects", "csrf", "cors", "ciCd", "logging", "rateLimiting", "runnerBoundary", "other"]);
 var securityFindingSeveritySchema = z.enum(["info", "low", "medium", "high", "critical"]);
 var securityFindingConfidenceSchema = z.enum(["low", "medium", "high"]);
 var securityFindingStatusSchema = z.enum(["open", "planReady", "approved", "changesRequested", "dismissed", "acceptedRisk", "remediationQueued", "resolved", "failed"]);
@@ -156,6 +160,14 @@ var activityEventTypeSchema = z.enum([
   "appEvaluationFindingReviewed",
   "appEvaluationPlanCreated",
   "appEvaluationImplementationQueued",
+  "workRequeueRequested",
+  "workRequeueQueued",
+  "workRequeueBlocked",
+  "implementationVerificationQueued",
+  "implementationVerificationStarted",
+  "implementationVerificationCompleted",
+  "implementationVerificationBlocked",
+  "implementationVerificationOverride",
   "projectContextRefreshQueued",
   "projectContextRefreshStarted",
   "projectContextRefreshCompleted",
@@ -423,8 +435,20 @@ var workItemSchema = baseItemSchema.extend({
   securityFindingId: z.string().min(1).optional(),
   appEvaluationScanId: z.string().min(1).optional(),
   appEvaluationFindingId: z.string().min(1).optional(),
+  implementationVerificationId: z.string().min(1).optional(),
   projectContextRefreshId: z.string().min(1).optional(),
   contextMissId: z.string().min(1).optional(),
+  sourceWorkItemId: z.string().min(1).optional(),
+  requeueReason: z.string().trim().min(1).max(600).optional(),
+  requeuedByUserId: z.string().min(1).optional(),
+  requeuedAt: isoDateTimeSchema.optional(),
+  sourceAttempt: z.number().int().nonnegative().optional(),
+  sourceTerminalStatus: workStatusSchema.optional(),
+  sourceFailureSummary: z.string().trim().min(1).max(1e3).optional(),
+  implementationProofStatus: implementationProofStatusSchema.optional(),
+  implementationVerificationOutcome: implementationVerificationOutcomeSchema.optional(),
+  implementationVerificationResultId: z.string().min(1).optional(),
+  humanImplementationOverrideReason: z.string().trim().min(1).max(1e3).optional(),
   repositoryLinkId: z.string().min(1).optional(),
   reviewThreadId: z.string().min(1).optional(),
   reviewDocumentId: z.string().min(1).optional(),
@@ -965,6 +989,59 @@ var projectContextPackSchema = z.object({
   tokenEstimate: z.number().int().nonnegative().default(0),
   generatedAt: isoDateTimeSchema
 });
+var implementationVerificationCheckStatusSchema = z.enum(["passed", "failed", "blocked", "skipped"]);
+var implementationVerificationRecommendationSchema = z.enum(["none", "requeue", "createFollowUpPlan", "requestHumanReview", "markBlocked"]);
+var implementationVerificationEvidenceSchema = z.object({
+  acceptanceCriterion: z.string().trim().min(1).max(500),
+  status: z.enum(["satisfied", "partial", "missing", "unknown"]),
+  summary: z.string().trim().min(1).max(1200),
+  citations: z.array(projectContextCitationSchema).default([])
+});
+var implementationVerificationCheckSchema = z.object({
+  name: z.string().trim().min(1).max(200),
+  status: implementationVerificationCheckStatusSchema,
+  summary: z.string().trim().min(1).max(1200),
+  safePaths: z.array(projectContextRepoPathSchema).default([])
+});
+var implementationVerificationResultSchema = z.object({
+  outcome: implementationVerificationOutcomeSchema,
+  summary: z.string().trim().min(1).max(2e3),
+  evidence: z.array(implementationVerificationEvidenceSchema).min(1),
+  checks: z.array(implementationVerificationCheckSchema).default([]),
+  gaps: z.array(z.string().trim().min(1).max(600)).default([]),
+  branch: z.string().trim().min(1).max(200).optional(),
+  pullRequestUrl: z.string().trim().url().max(500).optional(),
+  worktreeKey: z.string().trim().min(1).max(300).optional(),
+  recommendation: implementationVerificationRecommendationSchema.default("none"),
+  verificationPlan: z.array(z.string().trim().min(1).max(300)).default([]),
+  warnings: z.array(z.string().trim().min(1).max(600)).default([])
+});
+var implementationVerificationItemSchema = baseItemSchema.extend({
+  type: z.literal("implementationVerification"),
+  projectId: z.string().min(1),
+  implementationVerificationId: z.string().min(1),
+  status: implementationVerificationStatusSchema,
+  source: z.enum(["manual", "runner", "appEvaluation", "planCleanup", "system"]).default("manual"),
+  planDocumentId: z.string().min(1).optional(),
+  planDocumentRevision: z.number().int().nonnegative().optional(),
+  sourceWorkItemId: z.string().min(1).optional(),
+  verificationWorkItemId: z.string().min(1).optional(),
+  repositoryLinkId: z.string().min(1).optional(),
+  runnerId: z.string().min(1).optional(),
+  sourceRevision: z.string().trim().min(1).max(160).optional(),
+  brainRevision: z.number().int().nonnegative().optional(),
+  contextPackId: z.string().min(1).optional(),
+  outcome: implementationVerificationOutcomeSchema.optional(),
+  result: implementationVerificationResultSchema.optional(),
+  summary: z.string().trim().min(1).max(2e3).optional(),
+  startedAt: isoDateTimeSchema.optional(),
+  completedAt: isoDateTimeSchema.optional(),
+  failedAt: isoDateTimeSchema.optional(),
+  overriddenByUserId: z.string().min(1).optional(),
+  overrideReason: z.string().trim().min(1).max(1e3).optional(),
+  overriddenAt: isoDateTimeSchema.optional(),
+  error: z.string().max(1e3).optional()
+});
 var contextMissItemSchema = baseItemSchema.extend({
   type: z.literal("contextMiss"),
   projectId: z.string().min(1),
@@ -1275,6 +1352,7 @@ var activityEventItemSchema = baseItemSchema.extend({
   relatedSecurityFindingId: z.string().min(1).optional(),
   relatedAppEvaluationScanId: z.string().min(1).optional(),
   relatedAppEvaluationFindingId: z.string().min(1).optional(),
+  relatedImplementationVerificationId: z.string().min(1).optional(),
   relatedProjectContextRefreshId: z.string().min(1).optional(),
   relatedProjectSystemDiagramId: z.string().min(1).optional(),
   relatedContextMissId: z.string().min(1).optional(),
@@ -1340,6 +1418,7 @@ var projectItemUnionSchema = z.discriminatedUnion("type", [
   securityPostureSnapshotItemSchema,
   appEvaluationScanItemSchema,
   appEvaluationFindingItemSchema,
+  implementationVerificationItemSchema,
   projectContextMapItemSchema,
   projectContextRefreshItemSchema,
   projectSystemDiagramItemSchema,
@@ -1583,6 +1662,73 @@ function decideSyncState(state) {
 }
 
 // ../shared/src/next-action.ts
+var workFailureGuidanceCodes = ["unsafe_context_path", "unsafe_context_result", "invalid_context_result", "context_map_too_large", "context_map_store_failed"];
+var projectContextFailureGuidance = {
+  unsafe_context_path: {
+    code: "unsafe_context_path",
+    title: "Attention needed",
+    message: "Project context refresh was rejected because a returned path looked unsafe.",
+    steps: [
+      "Deploy the latest web/API fix and update the local runner if this started after a path-safety release.",
+      "Retry the project context refresh.",
+      "If it fails again, capture the failing repo-relative path or bounded runner output without sharing secrets."
+    ]
+  },
+  unsafe_context_result: {
+    code: "unsafe_context_result",
+    title: "Attention needed",
+    message: "Project context refresh was rejected because the result looked like it contained unsafe evidence.",
+    steps: [
+      "Review the local runner output for accidental secret-looking evidence without pasting secrets into Amistio.",
+      "Retry the project context refresh after removing or narrowing unsafe evidence.",
+      "If it repeats, capture a bounded redacted summary of the runner output."
+    ]
+  },
+  invalid_context_result: {
+    code: "invalid_context_result",
+    title: "Attention needed",
+    message: "Project context refresh returned structured data the server could not accept.",
+    steps: [
+      "Update and restart the local runner so it uses the latest context refresh schema.",
+      "Retry the project context refresh.",
+      "If it fails again, capture the bounded marker-delimited result without source dumps or secrets."
+    ]
+  },
+  context_map_too_large: {
+    code: "context_map_too_large",
+    title: "Attention needed",
+    message: "Project context refresh produced a map too large to store safely.",
+    steps: [
+      "Retry the refresh after narrowing the context scope or waiting for smaller incremental refresh support.",
+      "Keep raw source and large dumps out of the context result.",
+      "If this repeats on normal output, split the context-map storage model before retrying large repositories."
+    ]
+  },
+  context_map_store_failed: {
+    code: "context_map_store_failed",
+    title: "Attention needed",
+    message: "Project context refresh could not be stored safely after validation.",
+    steps: [
+      "Retry the project context refresh once.",
+      "If it repeats, check the web/API storage logs for the safe rejection reason.",
+      "Keep the runner output bounded and avoid sharing raw source or secrets."
+    ]
+  }
+};
+function getWorkFailureGuidance(input) {
+  const normalizedMessage = (input.message ?? "").toLowerCase();
+  const code = workFailureGuidanceCodes.find((candidate) => normalizedMessage.includes(candidate));
+  if (!code) {
+    return void 0;
+  }
+  if (input.workKind && input.workKind !== "projectContextRefresh" && !normalizedMessage.includes("project context")) {
+    return void 0;
+  }
+  return projectContextFailureGuidance[code];
+}
+function formatWorkFailureGuidanceDetail(guidance) {
+  return `Next steps: ${guidance.steps.join(" ")}`;
+}
 var nextActionRunnerHeartbeatFreshMs = 15 * 60 * 1e3;
 var nextActionCompletedWorkFreshMs = 60 * 60 * 1e3;
 function computeProjectNextAction(input) {
@@ -1647,11 +1793,11 @@ function computeProjectNextAction(input) {
   }
   const failedBrainGeneration = latestWorkItem(input.workItems.filter((item) => item.workKind === "brainGeneration" && item.status === "failed"));
   if (failedBrainGeneration) {
-    return workAction(failedBrainGeneration, "brainGenerationFailed", "user", "danger", "Brain generation failed", failedBrainGeneration.lastStatusMessage ?? "Retry generation after checking the runner output.");
+    return failedWorkAction(failedBrainGeneration, "brainGenerationFailed", "Brain generation failed", failedBrainGeneration.lastStatusMessage ?? "Retry generation after checking the runner output.");
   }
   const failedPlanRevision = latestWorkItem(input.workItems.filter((item) => item.workKind === "planRevision" && item.status === "failed"));
   if (failedPlanRevision) {
-    return workAction(failedPlanRevision, "planRevisionFailed", "user", "danger", "Plan revision failed", failedPlanRevision.lastStatusMessage ?? "Review the conversation and request another revision if needed.");
+    return failedWorkAction(failedPlanRevision, "planRevisionFailed", "Plan revision failed", failedPlanRevision.lastStatusMessage ?? "Review the conversation and request another revision if needed.");
   }
   const blockedWork = latestWorkItem(input.workItems.filter((item) => item.status === "blocked" || item.status === "changesRequested"));
   if (blockedWork) {
@@ -1659,7 +1805,7 @@ function computeProjectNextAction(input) {
   }
   const failedWork = latestWorkItem(input.workItems.filter((item) => item.status === "failed"));
   if (failedWork) {
-    return workAction(failedWork, "workFailed", "user", "danger", "Work failed", failedWork.lastStatusMessage ?? "Review the failure and retry or update the plan.");
+    return failedWorkAction(failedWork, "workFailed", "Work failed", failedWork.lastStatusMessage ?? "Review the failure and retry or update the plan.");
   }
   const queuedBrainGeneration = latestWorkItem(input.workItems.filter((item) => item.workKind === "brainGeneration" && item.status === "approved"));
   const queuedPlanRevision = latestWorkItem(input.workItems.filter((item) => item.workKind === "planRevision" && item.status === "approved"));
@@ -1698,7 +1844,7 @@ function computeProjectNextAction(input) {
   };
 }
 function formatProjectNextAction(action) {
-  return `${action.title}: ${action.message}`;
+  return `${action.title}: ${action.message}${action.detail ? ` ${action.detail}` : ""}`;
 }
 function runnerWaitAction(readiness, fallbackTitle) {
   const repositoryName = readiness.repositoryLink?.repoName ?? "the paired repository";
@@ -1761,13 +1907,21 @@ function isGeneratedDocument(document) {
   const generatedDraftId = document.frontmatter.generatedDraftId;
   return typeof generatedDraftId === "string" && generatedDraftId.length > 0;
 }
-function workAction(workItem, kind, actor, tone, title, message) {
+function failedWorkAction(workItem, kind, fallbackTitle, fallbackMessage) {
+  const guidance = getWorkFailureGuidance({ message: workItem.lastStatusMessage, workKind: workItem.workKind });
+  if (guidance) {
+    return workAction(workItem, kind, "user", "danger", guidance.title, guidance.message, formatWorkFailureGuidanceDetail(guidance));
+  }
+  return workAction(workItem, kind, "user", "danger", fallbackTitle, fallbackMessage);
+}
+function workAction(workItem, kind, actor, tone, title, message, detail) {
   return {
     kind,
     actor,
     tone,
     title,
     message,
+    ...detail ? { detail } : {},
     workItemId: workItem.workItemId,
     ...workItem.claimedByRunnerId ? { runnerId: workItem.claimedByRunnerId } : {},
     updatedAt: workItem.lastStatusAt
@@ -2339,6 +2493,16 @@ var ApiClient = class {
       }
     );
   }
+  async submitImplementationVerificationResult(projectId, workItemId, result) {
+    return this.request(
+      `/projects/${projectId}/work-items/${workItemId}/implementation-verification-result`,
+      z3.object({ verification: implementationVerificationItemSchema, workItem: workItemSchema, sourceWorkItem: workItemSchema.optional() }),
+      {
+        method: "POST",
+        body: JSON.stringify(result)
+      }
+    );
+  }
   async request(urlPath, schema, init) {
     const response = await fetch(resolveApiUrl(this.options.apiUrl, urlPath), {
       ...init,
@@ -4392,9 +4556,60 @@ var appEvaluationStart = "AMISTIO_APP_EVALUATION_START";
 var appEvaluationEnd = "AMISTIO_APP_EVALUATION_END";
 var projectContextRefreshStart = "AMISTIO_PROJECT_CONTEXT_REFRESH_START";
 var projectContextRefreshEnd = "AMISTIO_PROJECT_CONTEXT_REFRESH_END";
+var implementationVerificationStart = "AMISTIO_IMPLEMENTATION_VERIFICATION_START";
+var implementationVerificationEnd = "AMISTIO_IMPLEMENTATION_VERIFICATION_END";
 var validProjectContextSliceKinds = /* @__PURE__ */ new Set(["overview", "architecture", "domain", "data", "api", "frontend", "backend", "cli", "workflow", "operations", "security", "testing", "unknown"]);
 var validProjectContextEntityTypes = /* @__PURE__ */ new Set(["project", "system", "component", "domain", "tool", "decision", "feature", "risk", "team", "workflow", "unknown"]);
 var validProjectContextRelationTypes = /* @__PURE__ */ new Set(["uses", "depends_on", "decides", "supersedes", "touches", "blocks", "implements", "mentions"]);
+function createImplementationVerificationPrompt(workItem) {
+  return [
+    "# Amistio Implementation Verification",
+    "",
+    "You are running locally through the Amistio CLI inside the user's repository.",
+    "Verify whether the linked implementation work was actually completed. This is a read-only proof pass.",
+    "Do not modify files, create branches, commit, install packages, run implementation prompts, or make destructive changes.",
+    "Use local repository inspection and focused verification commands only when they are safe for this checkout.",
+    "",
+    "## Work Item",
+    "",
+    `Title: ${workItem.title}`,
+    `Work item ID: ${workItem.workItemId}`,
+    `Project ID: ${workItem.projectId}`,
+    `Implementation verification ID: ${workItem.implementationVerificationId ?? "unknown"}`,
+    `Source work item ID: ${workItem.sourceWorkItemId ?? "unknown"}`,
+    "",
+    "## Verification Request",
+    "",
+    workItem.sourceWish ?? "Verify that the linked implementation plan was completed in the local repository.",
+    "",
+    "## Verification Requirements",
+    "",
+    "- Compare the approved plan or prompt requirements against the current local repository state.",
+    "- Look beyond runner status. Use source evidence, generated handoff details, PR/branch/worktree metadata when present, and targeted checks.",
+    "- Treat missing acceptance criteria as an explicit gap instead of guessing.",
+    "- Record evidence for at least one acceptance criterion with safe repository-relative citations.",
+    "- Use outcome verifiedImplemented only when the implementation is materially present and checks support it.",
+    "- Use partiallyImplemented, notImplemented, inconclusive, or verificationBlocked when evidence is incomplete, absent, contradictory, or checks cannot run.",
+    "",
+    "## Data Safety",
+    "",
+    "- Persist summaries, safe paths, short citation excerpts, and verification status only.",
+    "- Do not include raw source dumps, secrets, env vars, process lists, absolute local paths, credential values, tokens, provider sessions, or destructive shell output.",
+    "- Citations and safePaths must be repository-relative and must not use ../ traversal.",
+    "",
+    "## Output Contract",
+    "",
+    "Print exactly one JSON object between the markers below. The CLI will submit only this structured verification result back to Amistio.",
+    "Accepted outcome values: verifiedImplemented, partiallyImplemented, notImplemented, inconclusive, verificationBlocked.",
+    "Accepted recommendation values: none, requeue, createFollowUpPlan, requestHumanReview, markBlocked.",
+    "",
+    implementationVerificationStart,
+    '{"outcome":"partiallyImplemented","summary":"The implementation is present in the workspace, but one acceptance check could not be confirmed.","evidence":[{"acceptanceCriterion":"The requested behavior is wired through the runner lifecycle.","status":"partial","summary":"The route and UI wiring exist, but the runner result submission still needs validation.","citations":[{"source":"localSource","repoPath":"src/apps/web/components/workspace-client.tsx","excerpt":"Implementation verification queued for the local runner."}]}],"checks":[{"name":"Focused typecheck","status":"passed","summary":"The touched package typechecked successfully.","safePaths":["src/apps/web"]}],"gaps":["Runner result submission was not exercised end to end."],"recommendation":"requestHumanReview","verificationPlan":["Run focused CLI tests","Review the verification evidence in Amistio"],"warnings":[]}',
+    implementationVerificationEnd,
+    "",
+    "Do not put Markdown fences around the markers. Do not implement or fix anything during this verification pass."
+  ].join("\n");
+}
 function createWorkExecutionPrompt(workItem, context) {
   if (workItem.workKind === "brainGeneration") {
     return createBrainGenerationPrompt(workItem);
@@ -4420,6 +4635,9 @@ function createWorkExecutionPrompt(workItem, context) {
   if (workItem.workKind === "projectContextRefresh") {
     return createProjectContextRefreshPrompt(workItem, context?.projectContextRefresh);
   }
+  if (workItem.workKind === "implementationVerification") {
+    return createImplementationVerificationPrompt(workItem);
+  }
   return [
     "# Amistio Work Execution",
     "",
@@ -4570,6 +4788,7 @@ function createSecurityPostureScanPrompt(workItem, context) {
     "## Output Contract",
     "",
     "Print exactly one JSON object between the markers below. The CLI will submit only this structured scan result back to Amistio.",
+    "Accepted category values: owasp, dependency, supplyChain, secretHygiene, authentication, authorization, tenantIsolation, headers, redirects, csrf, cors, ciCd, logging, rateLimiting, runnerBoundary, other.",
     "",
     securityPostureStart,
     '{"summary":"Security posture is mostly healthy, but dependency advisory review is not automated.","baselineVersion":"amistio-security-baseline-v1","postureScore":82,"postureGrade":"B","categorySummaries":[{"category":"dependency","status":"warning","summary":"Dependency audit automation is incomplete."}],"findings":[{"title":"Dependency audit is not enforced in CI","category":"dependency","severity":"medium","confidence":"high","summary":"The repository has a lockfile, but CI does not appear to fail on known vulnerable dependencies.","standardReferences":[{"standard":"OWASP ASVS","control":"V14.2 Dependency"}],"affectedSurfaces":["CI verification"],"evidence":["No dependency audit step was found in the CI verification summary."],"recommendedRemediation":"Add a dependency advisory check to the existing verification pipeline and document how failures are handled.","verificationPlan":["Run the updated CI verification command locally","Confirm a known advisory fails the check in a controlled test"],"safePaths":["package.json","pnpm-lock.yaml"]}],"verificationPlan":["Run focused dependency and CI checks","Review Security panel findings for approval"]}',
@@ -4970,11 +5189,23 @@ function parseProjectContextRefreshResult(output, options = {}) {
   const normalized = normalizeProjectContextRefreshPaths(normalizeProjectContextRefreshEnums(parsed), options);
   return projectContextRefreshResultSchema.parse(normalized);
 }
+function parseImplementationVerificationResult(output) {
+  const start = output.indexOf(implementationVerificationStart);
+  const end = output.indexOf(implementationVerificationEnd, start + implementationVerificationStart.length);
+  if (start === -1 || end === -1 || end <= start) {
+    throw new Error("Local AI verification did not return an Amistio implementation verification block.");
+  }
+  const payload = output.slice(start + implementationVerificationStart.length, end).trim();
+  const parsed = JSON.parse(stripJsonFence(payload));
+  return implementationVerificationResultSchema.parse(parsed);
+}
 function projectContextRefreshSubmissionFailureSummary(result) {
   if (result.refresh.status !== "failed" && result.workItem.status !== "failed") {
     return void 0;
   }
-  return result.refresh.error ?? result.workItem.lastStatusMessage ?? "Server rejected the project context refresh result.";
+  const summary = result.refresh.error ?? result.workItem.lastStatusMessage ?? "Server rejected the project context refresh result.";
+  const guidance = getWorkFailureGuidance({ message: summary, workKind: "projectContextRefresh" });
+  return guidance ? `${summary} ${formatWorkFailureGuidanceDetail(guidance)}` : summary;
 }
 function createBrainGenerationPrompt(workItem) {
   const wish = workItem.sourceWish ?? workItem.title;
@@ -6041,7 +6272,7 @@ var DEFAULT_MAX_PREFLIGHT_ATTEMPTS = 3;
 var DEFAULT_TOOL_TIMEOUT_SECONDS = 30 * 60;
 var RUNNER_WORK_LEASE_SECONDS = 300;
 var RUNNER_WORK_LEASE_RENEWAL_MS = 12e4;
-var runnerSupportedWorkKinds = ["brainGeneration", "implementation", "planRevision", "assistantQuestion", "impactPreview", "issueDiagnosis", "securityPostureScan", "appEvaluationScan", "projectContextRefresh"];
+var runnerSupportedWorkKinds = ["brainGeneration", "implementation", "planRevision", "assistantQuestion", "impactPreview", "issueDiagnosis", "securityPostureScan", "appEvaluationScan", "projectContextRefresh", "implementationVerification"];
 program.name("amistio").description("Amistio project brain CLI").version(CLI_VERSION);
 program.command("init").description("Create Amistio control-plane folders for a new project").option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
   const created = await initControlPlane(options.root);
@@ -7077,6 +7308,24 @@ async function runNextWorkItem({
       return recordFinalizationFailure({ apiClient, error, isolationTelemetry, projectId, repositoryLinkId, runnerId, sessionContext, toolConfig, toolName: preview.toolName, workItem: result.workItem, durationMs: Date.now() - startedAt });
     }
   }
+  if (result.workItem.workKind === "implementationVerification") {
+    try {
+      return await finalizeImplementationVerificationWork({
+        apiClient,
+        durationMs: Date.now() - startedAt,
+        projectId,
+        repositoryLinkId,
+        runnerId,
+        sessionContext,
+        toolConfig,
+        toolName: preview.toolName,
+        toolResult,
+        workItem: result.workItem
+      });
+    } catch (error) {
+      return recordFinalizationFailure({ apiClient, error, isolationTelemetry, projectId, repositoryLinkId, runnerId, sessionContext, toolConfig, toolName: preview.toolName, workItem: result.workItem, durationMs: Date.now() - startedAt });
+    }
+  }
   let finalStatus = toolResult.exitCode === 0 ? "completed" : "failed";
   const durationMs = Date.now() - startedAt;
   const failureExcerpt = toolResult.exitCode === 0 ? void 0 : truncateLogExcerpt(toolResult.stderr || toolResult.stdout);
@@ -8014,6 +8263,92 @@ ${toolResult.stderr}`, { repositoryRoot: executionRoot });
   console.error(refreshError ?? "Local runner project context refresh failed.");
   return { status: "failed", exitCode: toolResult.exitCode || 1 };
 }
+async function finalizeImplementationVerificationWork({
+  apiClient,
+  durationMs,
+  projectId,
+  repositoryLinkId,
+  runnerId,
+  sessionContext,
+  toolConfig,
+  toolName,
+  toolResult,
+  workItem
+}) {
+  let verificationResult = void 0;
+  let verificationError;
+  if (toolResult.exitCode === 0) {
+    try {
+      verificationResult = parseImplementationVerificationResult(`${toolResult.stdout}
+${toolResult.stderr}`);
+    } catch (error) {
+      verificationError = errorMessage3(error);
+    }
+  } else {
+    verificationError = truncateLogExcerpt(toolResult.stderr || toolResult.stdout) || `${toolName} exited with code ${toolResult.exitCode}.`;
+  }
+  const finalStatus = verificationResult ? "completed" : "failed";
+  const updatedToolSession = await finalizeToolSession({
+    apiClient,
+    projectId,
+    status: finalStatus,
+    runnerId,
+    workItemId: workItem.workItemId,
+    stdout: toolResult.stdout,
+    ...sessionContext.toolSession ? { session: sessionContext.toolSession } : {},
+    ...toolResult.messageCount !== void 0 ? { messageCount: toolResult.messageCount } : {},
+    ...toolResult.tokensIn !== void 0 ? { tokensIn: toolResult.tokensIn } : {},
+    ...toolResult.tokensOut !== void 0 ? { tokensOut: toolResult.tokensOut } : {},
+    ...toolResult.costUsd !== void 0 ? { costUsd: toolResult.costUsd } : {}
+  });
+  const sessionTelemetry = {
+    sessionPolicy: sessionContext.policy,
+    sessionDecision: sessionContext.decision,
+    sessionDecisionReason: sessionContext.reason,
+    ...updatedToolSession ? { toolSessionId: updatedToolSession.toolSessionId } : {},
+    ...updatedToolSession?.sessionGroupKey ? { sessionGroupKey: updatedToolSession.sessionGroupKey } : {}
+  };
+  if (verificationResult) {
+    const result = await apiClient.submitImplementationVerificationResult(projectId, workItem.workItemId, {
+      status: "completed",
+      runnerId,
+      idempotencyKey: `implementation_verification_${workItem.workItemId}_${randomUUID()}`,
+      result: verificationResult,
+      tool: toolName,
+      durationMs,
+      ...sessionTelemetry,
+      message: `${toolName} returned implementation verification proof.`
+    });
+    await recordRunnerMilestone(apiClient, projectId, workItem, runnerId, repositoryLinkId, {
+      status: verificationResult.outcome === "verifiedImplemented" ? "completed" : verificationResult.outcome === "verificationBlocked" ? "blocked" : "warning",
+      summary: verificationResult.summary,
+      idempotencyKey: `runner_milestone_implementation_verification_completed_${workItem.workItemId}_${result.workItem.idempotencyKey}`,
+      metadata: { tool: toolName, durationMs, outcome: verificationResult.outcome, recommendation: verificationResult.recommendation, gapCount: verificationResult.gaps.length, verificationSummary: verificationResult.verificationPlan.join(" | ") }
+    });
+    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", runnerHeartbeatMetadata(toolConfig));
+    console.log("Implementation verification returned for review.");
+    return { status: "completed", exitCode: 0 };
+  }
+  const failedResult = await apiClient.submitImplementationVerificationResult(projectId, workItem.workItemId, {
+    status: "failed",
+    runnerId,
+    idempotencyKey: `implementation_verification_${workItem.workItemId}_${randomUUID()}`,
+    tool: toolName,
+    durationMs,
+    ...sessionTelemetry,
+    message: `${toolName} did not produce valid implementation verification proof.`,
+    ...verificationError ? { error: verificationError } : {}
+  });
+  await recordRunnerMilestone(apiClient, projectId, workItem, runnerId, repositoryLinkId, {
+    status: "failed",
+    summary: verificationError ?? `${toolName} did not produce valid implementation verification proof.`,
+    idempotencyKey: `runner_milestone_implementation_verification_failed_${workItem.workItemId}_${failedResult.workItem.idempotencyKey}`,
+    metadata: { tool: toolName, durationMs, verificationSummary: "Implementation verification output did not include valid structured JSON." }
+  });
+  await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", runnerHeartbeatMetadata(toolConfig));
+  console.error(verificationError ?? "Local runner implementation verification failed.");
+  return { status: "failed", exitCode: toolResult.exitCode || 1 };
+}
 async function createRunnerWorkPrompt(apiClient, projectId, workItem) {
   if (workItem.workKind === "assistantQuestion") {
     const emptyProjectContext = { maps: [], refreshes: [], misses: [] };