@amistio/cli 0.1.18 → 0.1.20

package/README.md

@@ -9,13 +9,13 @@ npm install -g @amistio/cli
 amistio --help
 ```
 
-The package install only installs the `amistio` command. Repository cloning, project pairing, credential storage, sync watching, and runner execution happen only when the user explicitly runs commands such as `amistio bootstrap`, `amistio pair`, `amistio sync watch`, or `amistio run --watch`.
+The package install only installs the `amistio` command. Repository cloning, project pairing, credential storage, sync watching, and runner execution happen only when the user explicitly runs commands such as `amistio bootstrap`, `amistio import`, `amistio pair`, `amistio sync watch`, or `amistio run --watch`. When the app copies a personal project into an organization, the CLI command syntax stays the same; create the org-scoped code and run `amistio import <code>` from the intended local checkout.
 
 Runner lifecycle controls in the web app, such as update, restart, and remove, apply only to the runner paired by that user unless the active organization role is an admin role. The runner API binds command polling, command status, logs, activity, and tool sessions to the local runner credential that produced them.
 
 Runner Update installs the official `@amistio/cli` package and then refreshes the runner runtime. Background runners attempt a replacement restart so the next heartbeat reports the new CLI version. If replacement restart metadata is missing or restart fails after a successful install, the old runner still stops and reports manual restart guidance instead of continuing to heartbeat the stale runtime. Foreground `amistio run --watch` sessions stop after a successful install with restart guidance; start the command again to load the updated package.
 
-Current runners advertise the work kinds they can claim. Older runners that do not send this capability can continue legacy brain generation, implementation, and plan revision work, but they will skip source-aware assistant, impact-preview, project-context refresh, issue-diagnosis, app-evaluation, and security-posture work until updated.
+Current runners advertise the work kinds they can claim. Older runners that do not send this capability can continue legacy brain generation, implementation, and plan revision work, but they will skip source-aware assistant, impact-preview, project-context refresh, issue-diagnosis, app-evaluation, security-posture, and implementation-verification work until updated.
 
 Repository brain auto-sync is disabled until the repository link option is enabled in the app. After pairing, run `amistio sync watch` from the paired checkout to push recognized external brain Markdown/MDX files and HTML companions under `docs/html/<area>/`, including local ADRs, plans, prompts, workflows, memory, context, architecture, and feature docs, to the app for review. `amistio run --watch` also runs the same cycle between work polls when the option is enabled. The CLI skips templates, unsupported paths, oversized files, unchanged managed docs, and conflicts instead of silently overwriting web state.
 
@@ -43,10 +43,12 @@ When `--tool codex` uses the Codex SDK, intermediate progress can be quiet until
 
 `amistio runner status` reports local background runner state, latest heartbeat, and bounded resource usage when available. Resource usage is latest-sample runner process memory/CPU plus safe aggregate system memory/load signals; it does not include source files, environment variables, command lines, process lists, credentials, or arbitrary local paths.
 
-The runner advertises its supported work kinds in heartbeats. Current runners can claim read-only `projectContextRefresh` jobs from the workspace Context panel and create due runner-driven refreshes when no fresh approved map exists. Context refreshes inspect the paired checkout locally without modifying files and submit only bounded summaries, slices, entities, relations, safe citations, confidence, freshness, and repo-relative paths. If a submitted context refresh contains unsafe evidence, unsafe paths, or a map too large to store safely, Amistio marks the refresh failed with a safe reason instead of storing the rejected raw result. Approved maps are reused as context packs for source-aware assistant and impact-preview work. Current runners can also claim read-only issue diagnosis jobs from the web Issues panel, generate root-cause analysis and a proposed fix, and submit that result without modifying source. They can claim manual read-only `appEvaluationScan` jobs from the workspace Evaluate panel and create at most one due hourly evaluation during normal watch/background polling when app evaluation is enabled for the repository link. Evaluation results contain bounded summaries, safe evidence, suggested actions, lifecycle proposals, and repo-relative paths only. Current runners can also claim manual read-only `securityPostureScan` jobs from the workspace Security panel and create due daily posture checks during normal watch/background polling. Security scan results contain bounded summaries, standard references, safe evidence, and repo-relative paths only; source, secrets, environment variables, command lines, process lists, credentials, provider sessions, and arbitrary local paths stay local. Implementation or cleanup is queued separately only after the user approves an issue analysis, app evaluation finding, or security remediation plan in the app.
+The runner advertises its supported work kinds in heartbeats. Current runners can claim read-only `projectContextRefresh` jobs from the workspace Context panel and create due runner-driven refreshes when no fresh approved map exists. Context refreshes inspect the paired checkout locally without modifying files and submit only bounded summaries, slices, entities, relations, safe citations, confidence, freshness, and repo-relative paths. If a submitted context refresh contains unsafe evidence, unsafe paths, or a map too large to store safely, Amistio marks the refresh failed with a safe reason instead of storing the rejected raw result. Approved maps are reused as context packs for source-aware assistant and impact-preview work. Current runners can also claim read-only issue diagnosis jobs from the web Issues panel, generate root-cause analysis and a proposed fix, and submit that result without modifying source. They can claim manual read-only `appEvaluationScan` jobs from the workspace Evaluate panel and create at most one due hourly evaluation during normal watch/background polling when app evaluation is enabled for the repository link. Evaluation results contain bounded summaries, safe evidence, suggested actions, lifecycle proposals, and repo-relative paths only. Current runners can also claim manual read-only `securityPostureScan` jobs from the workspace Security panel and create due daily posture checks during normal watch/background polling. Security scan results contain bounded summaries, standard references, safe evidence, and repo-relative paths only. Current runners can claim read-only `implementationVerification` jobs from Tasks to prove whether completed implementation work actually landed; verification submits bounded acceptance-criteria evidence, checks, gaps, outcome, and recommendation without mutating source. Source, secrets, environment variables, command lines, process lists, credentials, provider sessions, and arbitrary local paths stay local. Implementation or cleanup is queued separately only after the user approves an issue analysis, app evaluation finding, or security remediation plan in the app.
 
 Approved implementation work uses Git as the handoff boundary. After the local tool completes successfully, the runner commits the isolated worktree, pushes an `amistio/work/...` branch to the linked GitHub remote, opens or reuses a pull request with the locally authenticated `gh` CLI, reports only safe PR metadata to Amistio, and removes the local worktree after the PR URL is durable. Prepare the runner machine with Git commit identity, push permission to the linked remote, and `gh auth status`. If commit, push, or PR creation fails, the work item is blocked and the branch/worktree stay on disk for manual recovery; source files and patches are not uploaded to Amistio.
 
+Failed or stale work can be requeued from the web Tasks panel. Requeue creates a new linked work attempt and preserves the original terminal attempt for audit history; it is blocked while equivalent work is already active or when the paired runner does not advertise the needed work kind. Completed implementation status is separate from proof: queue `implementationVerification` from Tasks when a plan needs source-aware evidence before cleanup or implementation status decisions.
+
 Runner setup and local-tool execution use bounded failure controls. `amistio run --watch` retries Git worktree preflight failures by releasing the claim for another attempt, then fails the work item after `--max-preflight-attempts` attempts, defaulting to 3. Active local-tool runs renew the work lease, and `--tool-timeout-seconds` caps tool execution, defaulting to 1800 seconds.
 
 Watch mode prints a completed-work success once per work item, keeps fresh completion visible briefly, and returns old completed work to the ready state when no queued, running, blocked, failed, review, or runner-readiness action needs attention.

package/dist/index.js

@@ -26,6 +26,7 @@ var itemTypeSchema = z.enum([
   "securityPostureSnapshot",
   "appEvaluationScan",
   "appEvaluationFinding",
+  "implementationVerification",
   "projectContextMap",
   "projectContextRefresh",
   "projectSystemDiagram",
@@ -78,9 +79,12 @@ var workStatusSchema = z.enum([
 ]);
 var sourceSchema = z.enum(["web", "repo", "generated", "runner"]);
 var executionModeSchema = z.enum(["localRunner", "cloudSandbox"]);
-var workKindSchema = z.enum(["brainGeneration", "implementation", "planRevision", "assistantQuestion", "impactPreview", "issueDiagnosis", "securityPostureScan", "appEvaluationScan", "projectContextRefresh"]);
+var workKindSchema = z.enum(["brainGeneration", "implementation", "planRevision", "assistantQuestion", "impactPreview", "issueDiagnosis", "securityPostureScan", "appEvaluationScan", "projectContextRefresh", "implementationVerification"]);
 var implementationHandoffStatusSchema = z.enum(["notStarted", "noChanges", "prReady", "blocked", "failed"]);
 var implementationHandoffCleanupStatusSchema = z.enum(["notApplicable", "pending", "completed", "failed"]);
+var implementationVerificationOutcomeSchema = z.enum(["verifiedImplemented", "partiallyImplemented", "notImplemented", "inconclusive", "verificationBlocked"]);
+var implementationVerificationStatusSchema = z.enum(["queued", "running", "completed", "failed", "blocked", "stale"]);
+var implementationProofStatusSchema = z.enum(["unverified", "verificationQueued", "verificationRunning", "verifiedImplemented", "partiallyImplemented", "notImplemented", "inconclusive", "verificationBlocked", "humanOverride"]);
 var implementationHandoffSchema = z.object({
   provider: z.string().trim().min(1).max(80).optional(),
   status: implementationHandoffStatusSchema,
@@ -105,7 +109,7 @@ var issueStatusSchema = z.enum(["queued", "diagnosing", "analysisReady", "approv
 var issueApprovalStateSchema = z.enum(["proposed", "approved", "changesRequested", "rejected", "implemented", "blocked"]);
 var securityScanStatusSchema = z.enum(["queued", "running", "completed", "failed", "stale", "skipped"]);
 var securityScanSourceSchema = z.enum(["nightly", "manual", "runner"]);
-var securityFindingCategorySchema = z.enum(["owasp", "dependency", "supplyChain", "secretHygiene", "authentication", "authorization", "tenantIsolation", "headers", "redirects", "csrf", "cors", "ciCd", "logging", "runnerBoundary", "other"]);
+var securityFindingCategorySchema = z.enum(["owasp", "dependency", "supplyChain", "secretHygiene", "authentication", "authorization", "tenantIsolation", "headers", "redirects", "csrf", "cors", "ciCd", "logging", "rateLimiting", "runnerBoundary", "other"]);
 var securityFindingSeveritySchema = z.enum(["info", "low", "medium", "high", "critical"]);
 var securityFindingConfidenceSchema = z.enum(["low", "medium", "high"]);
 var securityFindingStatusSchema = z.enum(["open", "planReady", "approved", "changesRequested", "dismissed", "acceptedRisk", "remediationQueued", "resolved", "failed"]);
@@ -125,6 +129,7 @@ var activityEventTypeSchema = z.enum([
   "documentGenerated",
   "documentReview",
   "documentSync",
+  "projectTransferred",
   "workQueued",
   "workClaimed",
   "workStatusChanged",
@@ -156,6 +161,14 @@ var activityEventTypeSchema = z.enum([
   "appEvaluationFindingReviewed",
   "appEvaluationPlanCreated",
   "appEvaluationImplementationQueued",
+  "workRequeueRequested",
+  "workRequeueQueued",
+  "workRequeueBlocked",
+  "implementationVerificationQueued",
+  "implementationVerificationStarted",
+  "implementationVerificationCompleted",
+  "implementationVerificationBlocked",
+  "implementationVerificationOverride",
   "projectContextRefreshQueued",
   "projectContextRefreshStarted",
   "projectContextRefreshCompleted",
@@ -335,7 +348,11 @@ var projectItemSchema = baseItemSchema.extend({
   status: projectStatusSchema.default("active"),
   archivedAt: isoDateTimeSchema.optional(),
   archivedByUserId: z.string().min(1).optional(),
-  archiveReason: z.string().min(1).optional()
+  archiveReason: z.string().min(1).optional(),
+  transferredFromAccountId: z.string().min(1).optional(),
+  transferredFromProjectId: z.string().min(1).optional(),
+  transferredByUserId: z.string().min(1).optional(),
+  transferredAt: isoDateTimeSchema.optional()
 });
 var repositoryLinkItemSchema = baseItemSchema.extend({
   type: z.literal("repositoryLink"),
@@ -423,8 +440,20 @@ var workItemSchema = baseItemSchema.extend({
   securityFindingId: z.string().min(1).optional(),
   appEvaluationScanId: z.string().min(1).optional(),
   appEvaluationFindingId: z.string().min(1).optional(),
+  implementationVerificationId: z.string().min(1).optional(),
   projectContextRefreshId: z.string().min(1).optional(),
   contextMissId: z.string().min(1).optional(),
+  sourceWorkItemId: z.string().min(1).optional(),
+  requeueReason: z.string().trim().min(1).max(600).optional(),
+  requeuedByUserId: z.string().min(1).optional(),
+  requeuedAt: isoDateTimeSchema.optional(),
+  sourceAttempt: z.number().int().nonnegative().optional(),
+  sourceTerminalStatus: workStatusSchema.optional(),
+  sourceFailureSummary: z.string().trim().min(1).max(1e3).optional(),
+  implementationProofStatus: implementationProofStatusSchema.optional(),
+  implementationVerificationOutcome: implementationVerificationOutcomeSchema.optional(),
+  implementationVerificationResultId: z.string().min(1).optional(),
+  humanImplementationOverrideReason: z.string().trim().min(1).max(1e3).optional(),
   repositoryLinkId: z.string().min(1).optional(),
   reviewThreadId: z.string().min(1).optional(),
   reviewDocumentId: z.string().min(1).optional(),
@@ -965,6 +994,59 @@ var projectContextPackSchema = z.object({
   tokenEstimate: z.number().int().nonnegative().default(0),
   generatedAt: isoDateTimeSchema
 });
+var implementationVerificationCheckStatusSchema = z.enum(["passed", "failed", "blocked", "skipped"]);
+var implementationVerificationRecommendationSchema = z.enum(["none", "requeue", "createFollowUpPlan", "requestHumanReview", "markBlocked"]);
+var implementationVerificationEvidenceSchema = z.object({
+  acceptanceCriterion: z.string().trim().min(1).max(500),
+  status: z.enum(["satisfied", "partial", "missing", "unknown"]),
+  summary: z.string().trim().min(1).max(1200),
+  citations: z.array(projectContextCitationSchema).default([])
+});
+var implementationVerificationCheckSchema = z.object({
+  name: z.string().trim().min(1).max(200),
+  status: implementationVerificationCheckStatusSchema,
+  summary: z.string().trim().min(1).max(1200),
+  safePaths: z.array(projectContextRepoPathSchema).default([])
+});
+var implementationVerificationResultSchema = z.object({
+  outcome: implementationVerificationOutcomeSchema,
+  summary: z.string().trim().min(1).max(2e3),
+  evidence: z.array(implementationVerificationEvidenceSchema).min(1),
+  checks: z.array(implementationVerificationCheckSchema).default([]),
+  gaps: z.array(z.string().trim().min(1).max(600)).default([]),
+  branch: z.string().trim().min(1).max(200).optional(),
+  pullRequestUrl: z.string().trim().url().max(500).optional(),
+  worktreeKey: z.string().trim().min(1).max(300).optional(),
+  recommendation: implementationVerificationRecommendationSchema.default("none"),
+  verificationPlan: z.array(z.string().trim().min(1).max(300)).default([]),
+  warnings: z.array(z.string().trim().min(1).max(600)).default([])
+});
+var implementationVerificationItemSchema = baseItemSchema.extend({
+  type: z.literal("implementationVerification"),
+  projectId: z.string().min(1),
+  implementationVerificationId: z.string().min(1),
+  status: implementationVerificationStatusSchema,
+  source: z.enum(["manual", "runner", "appEvaluation", "planCleanup", "system"]).default("manual"),
+  planDocumentId: z.string().min(1).optional(),
+  planDocumentRevision: z.number().int().nonnegative().optional(),
+  sourceWorkItemId: z.string().min(1).optional(),
+  verificationWorkItemId: z.string().min(1).optional(),
+  repositoryLinkId: z.string().min(1).optional(),
+  runnerId: z.string().min(1).optional(),
+  sourceRevision: z.string().trim().min(1).max(160).optional(),
+  brainRevision: z.number().int().nonnegative().optional(),
+  contextPackId: z.string().min(1).optional(),
+  outcome: implementationVerificationOutcomeSchema.optional(),
+  result: implementationVerificationResultSchema.optional(),
+  summary: z.string().trim().min(1).max(2e3).optional(),
+  startedAt: isoDateTimeSchema.optional(),
+  completedAt: isoDateTimeSchema.optional(),
+  failedAt: isoDateTimeSchema.optional(),
+  overriddenByUserId: z.string().min(1).optional(),
+  overrideReason: z.string().trim().min(1).max(1e3).optional(),
+  overriddenAt: isoDateTimeSchema.optional(),
+  error: z.string().max(1e3).optional()
+});
 var contextMissItemSchema = baseItemSchema.extend({
   type: z.literal("contextMiss"),
   projectId: z.string().min(1),
@@ -1275,6 +1357,7 @@ var activityEventItemSchema = baseItemSchema.extend({
   relatedSecurityFindingId: z.string().min(1).optional(),
   relatedAppEvaluationScanId: z.string().min(1).optional(),
   relatedAppEvaluationFindingId: z.string().min(1).optional(),
+  relatedImplementationVerificationId: z.string().min(1).optional(),
   relatedProjectContextRefreshId: z.string().min(1).optional(),
   relatedProjectSystemDiagramId: z.string().min(1).optional(),
   relatedContextMissId: z.string().min(1).optional(),
@@ -1340,6 +1423,7 @@ var projectItemUnionSchema = z.discriminatedUnion("type", [
   securityPostureSnapshotItemSchema,
   appEvaluationScanItemSchema,
   appEvaluationFindingItemSchema,
+  implementationVerificationItemSchema,
   projectContextMapItemSchema,
   projectContextRefreshItemSchema,
   projectSystemDiagramItemSchema,
@@ -2414,6 +2498,16 @@ var ApiClient = class {
       }
     );
   }
+  async submitImplementationVerificationResult(projectId, workItemId, result) {
+    return this.request(
+      `/projects/${projectId}/work-items/${workItemId}/implementation-verification-result`,
+      z3.object({ verification: implementationVerificationItemSchema, workItem: workItemSchema, sourceWorkItem: workItemSchema.optional() }),
+      {
+        method: "POST",
+        body: JSON.stringify(result)
+      }
+    );
+  }
   async request(urlPath, schema, init) {
     const response = await fetch(resolveApiUrl(this.options.apiUrl, urlPath), {
       ...init,
@@ -4467,9 +4561,64 @@ var appEvaluationStart = "AMISTIO_APP_EVALUATION_START";
 var appEvaluationEnd = "AMISTIO_APP_EVALUATION_END";
 var projectContextRefreshStart = "AMISTIO_PROJECT_CONTEXT_REFRESH_START";
 var projectContextRefreshEnd = "AMISTIO_PROJECT_CONTEXT_REFRESH_END";
+var implementationVerificationStart = "AMISTIO_IMPLEMENTATION_VERIFICATION_START";
+var implementationVerificationEnd = "AMISTIO_IMPLEMENTATION_VERIFICATION_END";
+var projectContextMissingAreaMaxLength = 160;
+var projectContextCoverageWarningMaxLength = 300;
+var projectContextVerificationPlanMaxLength = 300;
+var projectContextTopLevelWarningMaxLength = 600;
 var validProjectContextSliceKinds = /* @__PURE__ */ new Set(["overview", "architecture", "domain", "data", "api", "frontend", "backend", "cli", "workflow", "operations", "security", "testing", "unknown"]);
 var validProjectContextEntityTypes = /* @__PURE__ */ new Set(["project", "system", "component", "domain", "tool", "decision", "feature", "risk", "team", "workflow", "unknown"]);
 var validProjectContextRelationTypes = /* @__PURE__ */ new Set(["uses", "depends_on", "decides", "supersedes", "touches", "blocks", "implements", "mentions"]);
+function createImplementationVerificationPrompt(workItem) {
+  return [
+    "# Amistio Implementation Verification",
+    "",
+    "You are running locally through the Amistio CLI inside the user's repository.",
+    "Verify whether the linked implementation work was actually completed. This is a read-only proof pass.",
+    "Do not modify files, create branches, commit, install packages, run implementation prompts, or make destructive changes.",
+    "Use local repository inspection and focused verification commands only when they are safe for this checkout.",
+    "",
+    "## Work Item",
+    "",
+    `Title: ${workItem.title}`,
+    `Work item ID: ${workItem.workItemId}`,
+    `Project ID: ${workItem.projectId}`,
+    `Implementation verification ID: ${workItem.implementationVerificationId ?? "unknown"}`,
+    `Source work item ID: ${workItem.sourceWorkItemId ?? "unknown"}`,
+    "",
+    "## Verification Request",
+    "",
+    workItem.sourceWish ?? "Verify that the linked implementation plan was completed in the local repository.",
+    "",
+    "## Verification Requirements",
+    "",
+    "- Compare the approved plan or prompt requirements against the current local repository state.",
+    "- Look beyond runner status. Use source evidence, generated handoff details, PR/branch/worktree metadata when present, and targeted checks.",
+    "- Treat missing acceptance criteria as an explicit gap instead of guessing.",
+    "- Record evidence for at least one acceptance criterion with safe repository-relative citations.",
+    "- Use outcome verifiedImplemented only when the implementation is materially present and checks support it.",
+    "- Use partiallyImplemented, notImplemented, inconclusive, or verificationBlocked when evidence is incomplete, absent, contradictory, or checks cannot run.",
+    "",
+    "## Data Safety",
+    "",
+    "- Persist summaries, safe paths, short citation excerpts, and verification status only.",
+    "- Do not include raw source dumps, secrets, env vars, process lists, absolute local paths, credential values, tokens, provider sessions, or destructive shell output.",
+    "- Citations and safePaths must be repository-relative and must not use ../ traversal.",
+    "",
+    "## Output Contract",
+    "",
+    "Print exactly one JSON object between the markers below. The CLI will submit only this structured verification result back to Amistio.",
+    "Accepted outcome values: verifiedImplemented, partiallyImplemented, notImplemented, inconclusive, verificationBlocked.",
+    "Accepted recommendation values: none, requeue, createFollowUpPlan, requestHumanReview, markBlocked.",
+    "",
+    implementationVerificationStart,
+    '{"outcome":"partiallyImplemented","summary":"The implementation is present in the workspace, but one acceptance check could not be confirmed.","evidence":[{"acceptanceCriterion":"The requested behavior is wired through the runner lifecycle.","status":"partial","summary":"The route and UI wiring exist, but the runner result submission still needs validation.","citations":[{"source":"localSource","repoPath":"src/apps/web/components/workspace-client.tsx","excerpt":"Implementation verification queued for the local runner."}]}],"checks":[{"name":"Focused typecheck","status":"passed","summary":"The touched package typechecked successfully.","safePaths":["src/apps/web"]}],"gaps":["Runner result submission was not exercised end to end."],"recommendation":"requestHumanReview","verificationPlan":["Run focused CLI tests","Review the verification evidence in Amistio"],"warnings":[]}',
+    implementationVerificationEnd,
+    "",
+    "Do not put Markdown fences around the markers. Do not implement or fix anything during this verification pass."
+  ].join("\n");
+}
 function createWorkExecutionPrompt(workItem, context) {
   if (workItem.workKind === "brainGeneration") {
     return createBrainGenerationPrompt(workItem);
@@ -4495,6 +4644,9 @@ function createWorkExecutionPrompt(workItem, context) {
   if (workItem.workKind === "projectContextRefresh") {
     return createProjectContextRefreshPrompt(workItem, context?.projectContextRefresh);
   }
+  if (workItem.workKind === "implementationVerification") {
+    return createImplementationVerificationPrompt(workItem);
+  }
   return [
     "# Amistio Work Execution",
     "",
@@ -4576,6 +4728,8 @@ function createProjectContextRefreshPrompt(workItem, context) {
     "- Capture entities and relations that explain how the app is put together and where future work should look first.",
     "- Prefer summaries, repository-relative paths, short citations, tags, and freshness status over raw source excerpts.",
     "- Mark stale or missing areas explicitly instead of guessing.",
+    "- Keep coverage.missingAreas entries concise noun phrases under 160 characters.",
+    "- Keep coverage.warnings and verificationPlan entries under 300 characters; keep top-level warnings under 600 characters.",
     "- Keep repoPaths repository-relative; never include /absolute paths or ../ traversal.",
     "- If local inspection prints a path inside this checkout, convert it to the repository-relative path before returning JSON.",
     "",
@@ -4645,6 +4799,7 @@ function createSecurityPostureScanPrompt(workItem, context) {
     "## Output Contract",
     "",
     "Print exactly one JSON object between the markers below. The CLI will submit only this structured scan result back to Amistio.",
+    "Accepted category values: owasp, dependency, supplyChain, secretHygiene, authentication, authorization, tenantIsolation, headers, redirects, csrf, cors, ciCd, logging, rateLimiting, runnerBoundary, other.",
     "",
     securityPostureStart,
     '{"summary":"Security posture is mostly healthy, but dependency advisory review is not automated.","baselineVersion":"amistio-security-baseline-v1","postureScore":82,"postureGrade":"B","categorySummaries":[{"category":"dependency","status":"warning","summary":"Dependency audit automation is incomplete."}],"findings":[{"title":"Dependency audit is not enforced in CI","category":"dependency","severity":"medium","confidence":"high","summary":"The repository has a lockfile, but CI does not appear to fail on known vulnerable dependencies.","standardReferences":[{"standard":"OWASP ASVS","control":"V14.2 Dependency"}],"affectedSurfaces":["CI verification"],"evidence":["No dependency audit step was found in the CI verification summary."],"recommendedRemediation":"Add a dependency advisory check to the existing verification pipeline and document how failures are handled.","verificationPlan":["Run the updated CI verification command locally","Confirm a known advisory fails the check in a controlled test"],"safePaths":["package.json","pnpm-lock.yaml"]}],"verificationPlan":["Run focused dependency and CI checks","Review Security panel findings for approval"]}',
@@ -5042,9 +5197,19 @@ function parseProjectContextRefreshResult(output, options = {}) {
   }
   const payload = output.slice(start + projectContextRefreshStart.length, end).trim();
   const parsed = JSON.parse(stripJsonFence(payload));
-  const normalized = normalizeProjectContextRefreshPaths(normalizeProjectContextRefreshEnums(parsed), options);
+  const normalized = normalizeProjectContextRefreshBoundedText(normalizeProjectContextRefreshPaths(normalizeProjectContextRefreshEnums(parsed), options));
   return projectContextRefreshResultSchema.parse(normalized);
 }
+function parseImplementationVerificationResult(output) {
+  const start = output.indexOf(implementationVerificationStart);
+  const end = output.indexOf(implementationVerificationEnd, start + implementationVerificationStart.length);
+  if (start === -1 || end === -1 || end <= start) {
+    throw new Error("Local AI verification did not return an Amistio implementation verification block.");
+  }
+  const payload = output.slice(start + implementationVerificationStart.length, end).trim();
+  const parsed = JSON.parse(stripJsonFence(payload));
+  return implementationVerificationResultSchema.parse(parsed);
+}
 function projectContextRefreshSubmissionFailureSummary(result) {
   if (result.refresh.status !== "failed" && result.workItem.status !== "failed") {
     return void 0;
@@ -5162,6 +5327,42 @@ function normalizeProjectContextSliceKind(value) {
   }
   return "unknown";
 }
+function normalizeProjectContextRefreshBoundedText(value) {
+  if (!isObjectRecord(value)) {
+    return value;
+  }
+  const normalized = { ...value };
+  if (isObjectRecord(normalized.coverage)) {
+    const coverage = { ...normalized.coverage };
+    coverage.missingAreas = normalizeBoundedStringArray(coverage.missingAreas, projectContextMissingAreaMaxLength);
+    coverage.warnings = normalizeBoundedStringArray(coverage.warnings, projectContextCoverageWarningMaxLength);
+    normalized.coverage = coverage;
+  }
+  normalized.verificationPlan = normalizeBoundedStringArray(normalized.verificationPlan, projectContextVerificationPlanMaxLength);
+  normalized.warnings = normalizeBoundedStringArray(normalized.warnings, projectContextTopLevelWarningMaxLength);
+  return normalized;
+}
+function normalizeBoundedStringArray(value, maxLength) {
+  if (!Array.isArray(value)) {
+    return value;
+  }
+  return value.flatMap((entry) => {
+    if (typeof entry !== "string") {
+      return [entry];
+    }
+    const trimmed = entry.trim();
+    return trimmed ? [shortenBoundedString(trimmed, maxLength)] : [];
+  });
+}
+function shortenBoundedString(value, maxLength) {
+  if (value.length <= maxLength) {
+    return value;
+  }
+  if (maxLength <= 3) {
+    return value.slice(0, maxLength);
+  }
+  return `${value.slice(0, maxLength - 3).trimEnd()}...`;
+}
 function normalizeProjectContextRefreshPaths(value, options) {
   if (!isObjectRecord(value)) {
     return value;
@@ -6118,7 +6319,7 @@ var DEFAULT_MAX_PREFLIGHT_ATTEMPTS = 3;
 var DEFAULT_TOOL_TIMEOUT_SECONDS = 30 * 60;
 var RUNNER_WORK_LEASE_SECONDS = 300;
 var RUNNER_WORK_LEASE_RENEWAL_MS = 12e4;
-var runnerSupportedWorkKinds = ["brainGeneration", "implementation", "planRevision", "assistantQuestion", "impactPreview", "issueDiagnosis", "securityPostureScan", "appEvaluationScan", "projectContextRefresh"];
+var runnerSupportedWorkKinds = ["brainGeneration", "implementation", "planRevision", "assistantQuestion", "impactPreview", "issueDiagnosis", "securityPostureScan", "appEvaluationScan", "projectContextRefresh", "implementationVerification"];
 program.name("amistio").description("Amistio project brain CLI").version(CLI_VERSION);
 program.command("init").description("Create Amistio control-plane folders for a new project").option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
   const created = await initControlPlane(options.root);
@@ -7154,6 +7355,24 @@ async function runNextWorkItem({
       return recordFinalizationFailure({ apiClient, error, isolationTelemetry, projectId, repositoryLinkId, runnerId, sessionContext, toolConfig, toolName: preview.toolName, workItem: result.workItem, durationMs: Date.now() - startedAt });
     }
   }
+  if (result.workItem.workKind === "implementationVerification") {
+    try {
+      return await finalizeImplementationVerificationWork({
+        apiClient,
+        durationMs: Date.now() - startedAt,
+        projectId,
+        repositoryLinkId,
+        runnerId,
+        sessionContext,
+        toolConfig,
+        toolName: preview.toolName,
+        toolResult,
+        workItem: result.workItem
+      });
+    } catch (error) {
+      return recordFinalizationFailure({ apiClient, error, isolationTelemetry, projectId, repositoryLinkId, runnerId, sessionContext, toolConfig, toolName: preview.toolName, workItem: result.workItem, durationMs: Date.now() - startedAt });
+    }
+  }
   let finalStatus = toolResult.exitCode === 0 ? "completed" : "failed";
   const durationMs = Date.now() - startedAt;
   const failureExcerpt = toolResult.exitCode === 0 ? void 0 : truncateLogExcerpt(toolResult.stderr || toolResult.stdout);
@@ -8091,6 +8310,92 @@ ${toolResult.stderr}`, { repositoryRoot: executionRoot });
   console.error(refreshError ?? "Local runner project context refresh failed.");
   return { status: "failed", exitCode: toolResult.exitCode || 1 };
 }
+async function finalizeImplementationVerificationWork({
+  apiClient,
+  durationMs,
+  projectId,
+  repositoryLinkId,
+  runnerId,
+  sessionContext,
+  toolConfig,
+  toolName,
+  toolResult,
+  workItem
+}) {
+  let verificationResult = void 0;
+  let verificationError;
+  if (toolResult.exitCode === 0) {
+    try {
+      verificationResult = parseImplementationVerificationResult(`${toolResult.stdout}
+${toolResult.stderr}`);
+    } catch (error) {
+      verificationError = errorMessage3(error);
+    }
+  } else {
+    verificationError = truncateLogExcerpt(toolResult.stderr || toolResult.stdout) || `${toolName} exited with code ${toolResult.exitCode}.`;
+  }
+  const finalStatus = verificationResult ? "completed" : "failed";
+  const updatedToolSession = await finalizeToolSession({
+    apiClient,
+    projectId,
+    status: finalStatus,
+    runnerId,
+    workItemId: workItem.workItemId,
+    stdout: toolResult.stdout,
+    ...sessionContext.toolSession ? { session: sessionContext.toolSession } : {},
+    ...toolResult.messageCount !== void 0 ? { messageCount: toolResult.messageCount } : {},
+    ...toolResult.tokensIn !== void 0 ? { tokensIn: toolResult.tokensIn } : {},
+    ...toolResult.tokensOut !== void 0 ? { tokensOut: toolResult.tokensOut } : {},
+    ...toolResult.costUsd !== void 0 ? { costUsd: toolResult.costUsd } : {}
+  });
+  const sessionTelemetry = {
+    sessionPolicy: sessionContext.policy,
+    sessionDecision: sessionContext.decision,
+    sessionDecisionReason: sessionContext.reason,
+    ...updatedToolSession ? { toolSessionId: updatedToolSession.toolSessionId } : {},
+    ...updatedToolSession?.sessionGroupKey ? { sessionGroupKey: updatedToolSession.sessionGroupKey } : {}
+  };
+  if (verificationResult) {
+    const result = await apiClient.submitImplementationVerificationResult(projectId, workItem.workItemId, {
+      status: "completed",
+      runnerId,
+      idempotencyKey: `implementation_verification_${workItem.workItemId}_${randomUUID()}`,
+      result: verificationResult,
+      tool: toolName,
+      durationMs,
+      ...sessionTelemetry,
+      message: `${toolName} returned implementation verification proof.`
+    });
+    await recordRunnerMilestone(apiClient, projectId, workItem, runnerId, repositoryLinkId, {
+      status: verificationResult.outcome === "verifiedImplemented" ? "completed" : verificationResult.outcome === "verificationBlocked" ? "blocked" : "warning",
+      summary: verificationResult.summary,
+      idempotencyKey: `runner_milestone_implementation_verification_completed_${workItem.workItemId}_${result.workItem.idempotencyKey}`,
+      metadata: { tool: toolName, durationMs, outcome: verificationResult.outcome, recommendation: verificationResult.recommendation, gapCount: verificationResult.gaps.length, verificationSummary: verificationResult.verificationPlan.join(" | ") }
+    });
+    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", runnerHeartbeatMetadata(toolConfig));
+    console.log("Implementation verification returned for review.");
+    return { status: "completed", exitCode: 0 };
+  }
+  const failedResult = await apiClient.submitImplementationVerificationResult(projectId, workItem.workItemId, {
+    status: "failed",
+    runnerId,
+    idempotencyKey: `implementation_verification_${workItem.workItemId}_${randomUUID()}`,
+    tool: toolName,
+    durationMs,
+    ...sessionTelemetry,
+    message: `${toolName} did not produce valid implementation verification proof.`,
+    ...verificationError ? { error: verificationError } : {}
+  });
+  await recordRunnerMilestone(apiClient, projectId, workItem, runnerId, repositoryLinkId, {
+    status: "failed",
+    summary: verificationError ?? `${toolName} did not produce valid implementation verification proof.`,
+    idempotencyKey: `runner_milestone_implementation_verification_failed_${workItem.workItemId}_${failedResult.workItem.idempotencyKey}`,
+    metadata: { tool: toolName, durationMs, verificationSummary: "Implementation verification output did not include valid structured JSON." }
+  });
+  await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", runnerHeartbeatMetadata(toolConfig));
+  console.error(verificationError ?? "Local runner implementation verification failed.");
+  return { status: "failed", exitCode: toolResult.exitCode || 1 };
+}
 async function createRunnerWorkPrompt(apiClient, projectId, workItem) {
   if (workItem.workKind === "assistantQuestion") {
     const emptyProjectContext = { maps: [], refreshes: [], misses: [] };