@apifuse/provider-sdk 2.1.0-beta.3 → 2.1.0-beta.4

package/AUTHORING.md

@@ -1,7 +1,7 @@
 ## Generator and runtime alignment
 
 - Canonical scaffolding command: `apifuse create`
-- Monorepo contributors should use `apifuse create <name> --preset monorepo`
+- External bounty workspaces are one-provider repositories initialized with the standalone create flow. `--preset monorepo` is an internal APIFuse maintainer path only and must reject outside the private monorepo detected by `packages/provider-sdk/package.json`.
 - Standalone bounty contributors should use `bunx @apifuse/provider-sdk@beta create <name> --yes` until this release is promoted to `latest`
 - Provider server contract is:
   - dev default `3900`
@@ -47,7 +47,7 @@ description:
 - `description` — 150+ chars English (error-level rule)
 - Every Zod field in input AND output has `.describe()` including nested objects + array items (error-level rule)
 - `fixtures.request` + `fixtures.response` both present (error-level rule)
-- Exactly one of `healthCheck` or `healthCheckUnsupported` per operation. Prefer `healthCheck` for safe read-only upstream probes; use `healthCheckUnsupported` only with a specific reason for destructive, paid, credential-sensitive, flaky, or otherwise unsafe probes.
+- Exactly one of `healthCheck`, `healthCheckUnsupported`, or `healthJourneys[].coversOperations` coverage per operation. Prefer `healthCheck` for safe read-only upstream probes; use `healthCheckUnsupported` only with a specific reason for destructive, paid, credential-sensitive, flaky, or otherwise unsafe probes. Use a provider-level health journey when a destructive or credential-sensitive flow can be proven safely only as a multi-step boundary test, such as stopping at a payment WebView URL.
 
 ### Factored operations
 
@@ -65,6 +65,158 @@ Use `defineOperation()` when an operation is large enough to live beside helper
 - `tags`: operation-level semantic tags for retrieval (e.g., `["weather", "korea", "realtime"]`)
 - `relatedOperations`: `{ alternatives?: string[] }` — links to fallback/sibling operations
 
+### STT runtime capability for audio OTP and short transcription
+
+Providers that need speech-to-text should use the SDK runtime capability instead
+of constructing a vendor client inside provider code. Declare STT at the provider
+level, then call `ctx.stt` from operation handlers or auth-flow handlers.
+
+<!-- @magic-start:sample -->
+```ts
+export default defineProvider({
+  id: "example-provider",
+  // ...metadata, auth, operations, allowedHosts
+  stt: { mode: "required" },
+  operations: {
+    verifyAudioOtp: {
+      input: z.object({
+        audioBase64: z.string().describe("Base64-encoded short OTP audio"),
+        mediaType: z.string().optional().describe("Audio MIME type"),
+      }),
+      output: z.object({ code: z.string().describe("Verification code") }),
+      async handler(ctx, input) {
+        const transcript = await ctx.stt.transcribe({
+          audio: {
+            kind: "base64",
+            data: input.audioBase64,
+            mediaType: input.mediaType,
+          },
+          language: "ko-KR",
+          mode: "otp",
+          verificationCode: { codeLengths: [4, 6] },
+        });
+
+        const code =
+          transcript.verificationCode?.code ??
+          ctx.stt.extractVerificationCode(transcript.text, {
+            locale: "ko-KR",
+            codeLengths: [4, 6],
+          }).code;
+
+        return { code };
+      },
+      healthCheckUnsupported: {
+        reason: "Audio OTP transcription is cost-bearing and requires explicit smoke evidence.",
+      },
+    },
+  },
+});
+```
+<!-- @magic-end:sample -->
+
+Best-practice rules:
+
+- `stt: { mode: "required" }` is the production path for providers that depend
+  on STT; APIFuse provider manifests project STT credentials, model config, and
+  Cloudflare egress only for required STT. Use `mode: "optional"` only when STT
+  is a host/test override or truly best-effort capability that can remain
+  unavailable in production.
+- Do not assume OTPs are always four digits. Configure accepted lengths, for
+  example `[4, 6]`, and keep the returned code as a string to preserve leading
+  zeros.
+- Prompts are hints, not correctness guarantees. General transcription sends no
+  prompt by default. OTP mode may send a default digit-preserving hint. Use a
+  custom `initialPrompt` only with `promptPolicy: "custom-hint"`, and do not log
+  prompts, transcripts, raw audio, or OTP values.
+- STT v1 accepts JSON-safe base64 audio only. Do not fetch arbitrary audio URLs
+  from provider code; URL input needs separate SSRF/private-network policy.
+- Local and production wiring use the same env-backed runtime path. For the
+  Cloudflare Workers AI backend, set `APIFUSE__STT__BACKEND=cloudflare-workers-ai`,
+  `APIFUSE__STT__MODEL=@cf/openai/whisper-large-v3-turbo`,
+  `APIFUSE__CLOUDFLARE__ACCOUNT_ID`, and `APIFUSE__STT__CLOUDFLARE_API_TOKEN` in `.env.local` or the
+  provider workload environment. Do not deploy a Cloudflare Worker proxy for the
+  MVP; the SDK runtime calls Workers AI REST directly.
+- Submission checks and health checks must not invoke live STT by default.
+  Provide explicit smoke evidence when a provider depends on audio OTP behavior.
+
+
+### Health journey DX for SMS/payment flows
+
+Use `defineSmsOtpMatcher()` plus `defineHealthJourney()` when a real health signal requires an OTP ceremony and a safe handoff boundary. Keep matcher fields standards-backed: ISO 3166-1 alpha-2 `country`, BCP 47 `locale`, E.164 `phoneNumber` when present, ISO 8601 durations, and `nationalServiceCode` origins for local service senders. Do not add custom allowlist fields such as `senderAllowlist`; model the sender as an origin instead.
+
+<!-- @magic-start:sample -->
+```ts
+import {
+	defineHealthJourney,
+	defineProvider,
+	defineSmsOtpMatcher,
+	every,
+} from "@apifuse/provider-sdk";
+
+const phoneOtp = defineSmsOtpMatcher({
+	id: "phone-otp",
+	country: "KR",
+	locale: "ko-KR",
+	origins: [
+		{
+			kind: "nationalServiceCode",
+			country: "KR",
+			value: "16615270",
+			display: "1661-5270",
+		},
+	],
+	code: { pattern: /인증번호는\s*\[([0-9]{4})\]/, capture: 1 },
+	maxAge: "PT5M",
+	waitTimeout: "PT2M30S",
+	clockSkew: "PT10S",
+});
+
+const paymentWebviewJourney = defineHealthJourney({
+	id: "sms-payment-webview",
+	schedule: every("8h", { jitter: "PT20M" }),
+	timeout: "PT5M",
+	cooldown: "PT8H",
+	requiredSecrets: [
+		"APIFUSE__HEALTH_MONITOR__PROVIDER_PHONE",
+		"APIFUSE__HEALTH_MONITOR__PROVIDER_PASSWORD",
+		"APIFUSE__HEALTH_MONITOR__PROVIDER_CANARY_ORDER_JSON",
+	],
+	coversOperations: ["verify-phone", "confirm-phone", "place-order"],
+	smsMatchers: [phoneOtp],
+	steps: [
+		{ id: "send-phone-otp", kind: "operation", operationId: "verify-phone" },
+		{ id: "wait-phone-otp", kind: "smsOtp", usesSmsMatcher: "phone-otp" },
+		{ id: "confirm-phone-otp", kind: "operation", operationId: "confirm-phone" },
+		{
+			id: "create-payment-webview",
+			kind: "operation",
+			operationId: "place-order",
+			safeBoundary: "paymentWebviewUrl",
+		},
+	],
+});
+
+export default defineProvider({
+	id: "example-provider",
+	// ...metadata, auth, operations, allowedHosts
+	healthJourneys: [paymentWebviewJourney],
+});
+```
+<!-- @magic-end:sample -->
+
+The journey runner supplies `ctx.gateway`, `ctx.sms.waitForOtp()`, `ctx.journal.sideEffect()`, `ctx.state`, and `ctx.event.operation()` to the optional journey `run` function. Provider authors should keep `run` small: call the covered operations in step order, stop at the declared safe boundary, and let the generated health metadata carry schedule, timeout, required secret, and SMS matcher information to the health monitor.
+
+For authenticated journeys, open a fresh connection inside `run` with `ctx.gateway.connect({ input: { ... } })`, execute covered operations with the returned `connectionId`, and disconnect in a `finally` block. Do not require or store long-lived `HEALTH_MONITOR_*_CONNECTION_ID` secrets; those stale connection IDs can hide broken login ceremonies.
+
+Use the runtime capabilities narrowly:
+
+- `ctx.gateway.execute()` is the default path for operation health evidence; the runner records operation success/failure automatically.
+- `ctx.journal.sideEffect()` wraps non-replayable provider mutations such as create/cancel/send operations.
+- `ctx.state.namespace(name, policy)` stores bounded lifecycle memory and recovery cursors with TTL/quota/value-size policy. It is not a replacement for the side-effect journal.
+- `ctx.event.operation()` records only synthetic operation outcomes proven by the journey, such as recovery/manual-review checks that are not direct gateway calls. The runtime rejects events for operations outside `coversOperations`.
+
+Do not import `apps/health-monitor`, generated health artifacts, database repositories, schedulers, or recorders from provider code. If a journey needs provider-specific helper code, place it under the provider package (for example `providers/<id>/health-journeys/*`) and keep the SDK boundary generic.
+
 ### External bounty submission evidence
 
 External contributors are expected to submit standalone Provider source plus:
@@ -91,12 +243,15 @@ deployment projection checks, and release workflows.
 - Auth-flow debugging starts with `/auth/start`, continues with
   `/auth/continue`, and carries returned `contextPatch` values into the next
   request's `context`.
-- TLS/browser providers may require local runtime setup outside Provider code:
-  use `bun pm untrusted`/`bun pm trust koffi` for blocked native TLS dependency
-  scripts, `browser.engine: "playwright-stealth"` for TypeScript browser
-  Providers (`nodriver` is Python-runtime only), `bunx playwright install
-  chromium` for local Playwright browser assets, or
-  `CDP_POOL_URL`/`APIFUSE_CDP_POOL_URL` for remote browser debugging.
+- Stealth/browser providers may require local runtime setup outside Provider code:
+  keep access-sensitive operations on `ctx.stealth.fetch()` with an SDK stealth
+  `profile`; the TypeScript runtime uses `impit` behind that interface, so do
+  not add per-operation JA3, HTTP/2 SETTINGS, or pseudo-header tuning. `ctx.stealth`
+  supports Chrome/Firefox-style profiles; use `browser.engine:
+  "playwright-stealth"` for Safari-specific or real browser Providers
+  (`nodriver` is Python-runtime only); install local browser assets with
+  `bunx playwright install chromium`, or set
+  `APIFUSE__CDP_POOL__URL` for remote browser debugging.
 
 ### Running the pre-submission report
 

package/CHANGELOG.md

@@ -1,7 +1,14 @@
 # @apifuse/provider-sdk Changelog
 
+## 2.1.0-beta.4
+
+- Align `apifuse create` with the bounty program topology: external contributors use the standalone one-provider-repository scaffold even when their assigned repo contains workspace-like files.
+- Stop auto-detecting `providers/` directories as public monorepo scaffolds. `--preset monorepo` is now reserved for the private APIFuse monorepo where `packages/provider-sdk` is actually present.
+- Remove public CLI/docs examples that present monorepo placement as a contributor workflow.
+
 ## 2.1.0-beta.3
 
+- Replace the legacy TypeScript request transport with `ctx.stealth`, backed by `impit` browser-grade TLS/HTTP2 impersonation without Python runtime dependencies.
 - Add the public `apifuse submit-check` / `apifuse bounty-check` CLI for score-based pre-submission provider quality checks.
 - Ship `SUBMISSION.md` in the npm package so bounty contributors can follow the checklist without access to the private monorepo.
 - Include submit-check in generated provider validation scripts and packed-artifact smoke coverage.
@@ -12,7 +19,7 @@
 - Harden public bounty contributor DX with server-contract accurate README and generated Provider smoke examples.
 - Add packed-artifact regression checks so stale `connection: null` or missing `requestId` examples cannot ship again.
 - Extend clean-room packed SDK smoke coverage to boot the generated dev server and call `/health` plus `POST /v1/ping`.
-- Document credential, auth-flow, TLS, browser, and Bun trusted-dependency troubleshooting for SDK-only local development.
+- Document credential, auth-flow, stealth, browser, and Bun trusted-dependency troubleshooting for SDK-only local development.
 
 ## 2.1.0-beta.1
 

package/README.md

@@ -1,6 +1,6 @@
 # @apifuse/provider-sdk
 
-ApiFuse Provider SDK — build provider declarations and runtimes with one public SDK surface and one canonical CLI.
+APIFuse Provider SDK — build provider declarations and runtimes with one public SDK surface and one canonical CLI.
 
 ## Install
 
@@ -29,13 +29,11 @@ The canonical `create` flow:
 3. runs baseline validation,
 4. prints the exact next local-dev command.
 
-### Monorepo preset
+### Repository shape
 
-Inside the ApiFuse repository:
+The Provider SDK is a public bounty-contributor tool first. External bounty workspaces are one-provider repositories initialized from the standalone create flow. The generated provider must be installable without private APIFuse monorepo access.
 
-```bash
-apifuse create my-provider --preset monorepo
-```
+Do not use internal monorepo placement for bounty workspaces. Accepted provider work is imported into the private APIFuse monorepo later by maintainers or trusted automation.
 
 ## Provider server contract
 
@@ -71,7 +69,7 @@ curl -s -X POST http://localhost:3900/v1/ping \
   -d '{"requestId":"req_local_ping","input":{"value":"hello"},"headers":{}}'
 ```
 
-The operation request body is the same envelope used by the ApiFuse gateway:
+The operation request body is the same envelope used by the APIFuse gateway:
 
 | Field | Required | Notes |
 |---|---:|---|
@@ -89,7 +87,7 @@ curl -s -X POST http://localhost:3900/v1/me \
     "requestId":"req_local_me",
     "input":{},
     "connection":{
-      "id":"conn_local_debug",
+      "id":"af_con_local_debug",
       "mode":"credentials",
       "secrets":{"apiKey":"dev-only-secret"},
       "scopes":[],
@@ -125,14 +123,17 @@ the bad request path; provider/runtime failures include `code`, `message`, and
 - **Auth flows**: call `/auth/start`, then `/auth/continue` with the same
   `flowId`; preserve any returned `contextPatch` in the next local request's
   `context` object.
-- **TLS-sensitive providers**: if Bun reports blocked lifecycle scripts after
-  install, run `bun pm untrusted`; when it lists trusted SDK native dependencies
-  such as `koffi`, run `bun pm trust koffi` (or `bun pm trust`) before debugging
-  `ctx.tls` failures.
+- **Stealth-sensitive providers**: use `ctx.http` for normal JSON/REST calls and
+  `ctx.stealth.fetch()` when you need browser-like session or cookie control. `ctx.stealth.fetch()` uses the impit-backed browser stealth transport and accepts request
+  controls for `params`, `proxy`, `timeout`, `profile`, `throwOnHttpError`, and
+  `stealth.insecureSkipVerify`. Select an SDK stealth `profile` such as
+  `chrome-146`; do not tune JA3, HTTP/2 SETTINGS, or pseudo-header order in
+  provider code. Chrome/Firefox-style profiles are supported; use `ctx.browser`
+  when Safari-specific behavior is required.
 - **Browser providers**: for TypeScript Providers use `runtime: "browser"` plus
   `browser.engine: "playwright-stealth"`; `nodriver` is a Python-runtime path.
   Install local browser assets with `bunx playwright install chromium` when
-  using the Playwright runtime, or set `CDP_POOL_URL`/`APIFUSE_CDP_POOL_URL`
+  using the Playwright runtime, or set `APIFUSE__CDP_POOL__URL`
   when debugging against a remote browser pool.
 
 ## Authoring ergonomics
@@ -202,7 +203,7 @@ apifuse perf <path> --operation <operation>
 ```
 
 `apifuse record` is for real upstream-backed operations that declare
-`upstream.baseUrl` and call the upstream through `ctx.http` or `ctx.tls`. The
+`upstream.baseUrl` and call the upstream through `ctx.http` or `ctx.stealth`. The
 generated local-only `ping` operation intentionally has no upstream and should
 be replaced before recording fixtures.
 
@@ -214,7 +215,7 @@ Standalone providers include a pre-submission script:
 bun run submit-check
 ```
 
-This runs the public review-readiness evaluator and writes `submission-report.md`. The report contains provider metadata, a 100-point readiness score, hard blockers, warnings, checklist evidence, and remediation. Blockers override the score; fix them before posting bounty evidence. The command is offline-safe by default and does not execute arbitrary upstream calls. Add local smoke notes to your bounty issue after testing `/health` and `POST /v1/{operation}`. See [`SUBMISSION.md`](./SUBMISSION.md) for the full public-only bounty submission checklist shipped in the npm package.
+This runs the public review-readiness evaluator and writes `submission-report.md`. The report contains provider metadata, a 100-point readiness score, hard blockers, warnings, checklist evidence, and remediation. Blockers override the score; fix them before posting bounty evidence. The command is offline-safe by default and does not execute arbitrary upstream calls. Add local smoke notes to your assigned workspace PR after testing `/health` and `POST /v1/{operation}`. See [`SUBMISSION.md`](./SUBMISSION.md) for the full public-only bounty submission checklist shipped in the npm package.
 
 ## Scope boundary
 
@@ -226,6 +227,6 @@ Generator v1 scaffolds **TypeScript providers only** for this redesign. Python g
 Provider cataloging, deployment enrollment, docs indexing, and runtime discovery are internal platform-registry responsibilities and are not part of the public `@apifuse/provider-sdk` contract.
 
 External bounty contributors should submit standalone Provider source plus
-`bun run check` / `bun run test` evidence. ApiFuse maintainers own monorepo
+`bun run check` / `bun run test` evidence. APIFuse maintainers own monorepo
 import, registry generation, deployment projection checks, and release
 publishing.

package/SUBMISSION.md

@@ -1,8 +1,8 @@
 # Provider bounty submission guide
 
-This guide is for public bounty contributors who only have access to the published `@apifuse/provider-sdk` package. You do **not** need the private ApiFuse monorepo to build or pre-check a Provider.
+This guide is for public bounty contributors who only have access to the published `@apifuse/provider-sdk` package. You do **not** need the private APIFuse monorepo to build or pre-check a Provider.
 
-## Public-only workflow
+## SDK-only workspace workflow
 
 ```bash
 bunx @apifuse/provider-sdk@beta create my-provider --yes
@@ -65,7 +65,7 @@ curl -s -X POST http://localhost:3900/v1/<operation> \
 bun run submit-check -- --smoke-note "GET /health and POST /v1/<operation> passed locally with redacted input."
 ```
 
-Never paste real credentials, personal data, account numbers, access tokens, cookies, or unredacted upstream responses into issue comments or reports.
+Never paste real credentials, personal data, account numbers, access tokens, cookies, or unredacted upstream responses into workspace PR comments, chat, or reports.
 
 ## Submission evidence checklist
 
@@ -83,4 +83,4 @@ Include the following when you submit a Provider for review:
 
 ## Maintainer-owned follow-up
 
-After public evidence is submitted, ApiFuse maintainers import accepted standalone Provider work into the private monorepo and run internal registry, generated artifact, deployment projection, and CI checks. Public contributors are not expected to run those private checks.
+After workspace evidence is submitted, APIFuse maintainers import accepted standalone Provider work into the private monorepo and run internal registry, generated artifact, deployment projection, and CI checks. External contributors are not expected to run those private checks.

package/bin/apifuse-dev.ts

@@ -2,16 +2,18 @@
 
 import { existsSync } from "node:fs";
 import { dirname, relative, resolve } from "node:path";
-
 import type { ProviderDefinition } from "../src";
 import {
 	createBrowserClient,
 	createCredentialContext,
 	createEnvContext,
 	createHttpClient,
-	createTlsClient,
+	createProviderCache,
+	createStealthClient,
+	createSttClientFromEnv,
 	ProviderError,
 } from "../src";
+import { createUnsupportedProviderRuntimeState } from "../src/runtime/state";
 import { createTraceContext } from "../src/runtime/trace";
 import type { BrowserClient, ProviderContext } from "../src/types";
 
@@ -35,7 +37,7 @@ export async function main() {
 	);
 
 	const { startDevServer } = await import("../src/dev");
-	const port = Number(process.env.PORT) || 3900;
+	const port = Number(process.env.APIFUSE__RUNTIME__PORT) || 3900;
 
 	startDevServer(provider, { port });
 
@@ -85,8 +87,11 @@ export function createProviderContext(provider: ProviderDefinition): {
 					})
 				: createUnsupportedBrowserStub(),
 		http: createHttpClient(),
+		cache: createProviderCache({ providerId: provider.id }),
+		state: createUnsupportedProviderRuntimeState(),
 		trace: createTraceContext(),
-		tls: createTlsClient("http://localhost"),
+		stealth: createStealthClient("http://localhost"),
+		stt: createSttClientFromEnv(provider.stt),
 	};
 
 	return { ctx };
@@ -129,7 +134,9 @@ function renderHotReloadCommand(providerPath: string, port: number): string {
 	const devEntry = resolve(providerPath, "dev.ts");
 	if (existsSync(devEntry)) {
 		const relativeDevEntry = relative(process.cwd(), devEntry) || "dev.ts";
-		const portPrefix = process.env.PORT ? `PORT=${port} ` : "";
+		const portPrefix = process.env.APIFUSE__RUNTIME__PORT
+			? `APIFUSE__RUNTIME__PORT=${port} `
+			: "";
 		return `${portPrefix}bun --hot ${relativeDevEntry}`;
 	}
 	return "rerun `apifuse dev` after edits (no dev.ts entrypoint found)";

package/bin/apifuse-pack-check.ts

@@ -38,6 +38,13 @@ const requiredPaths = [
 	"src/cli/create.ts",
 	"src/cli/templates/provider/index.ts.tpl",
 	"src/cli/templates/provider/README.md.tpl",
+	"src/cli/templates/provider/meta.ts.tpl",
+	"src/cli/templates/provider/domain/README.md.tpl",
+	"src/cli/templates/provider/mappers/README.md.tpl",
+	"src/cli/templates/provider/operations/index.ts.tpl",
+	"src/cli/templates/provider/operations/ping.ts.tpl",
+	"src/cli/templates/provider/schemas/ping.ts.tpl",
+	"src/cli/templates/provider/upstream/README.md.tpl",
 ];
 const forbiddenMatches = filePaths.filter(
 	(path) =>
@@ -113,9 +120,9 @@ function assertPublicSmokeDocs(label: string, content: string): void {
 		);
 	}
 
-	if (!content.includes("bun pm untrusted")) {
+	if (!content.includes("impit")) {
 		throw new Error(
-			`${label} must include Bun trusted-dependency troubleshooting for TLS/browser bounties.`,
+			`${label} must include impit stealth runtime guidance for TLS/browser bounties.`,
 		);
 	}
 

package/bin/apifuse-pack-smoke.ts

@@ -39,17 +39,19 @@ const PING_RESPONSE_SCHEMA = z.object({
 	error: z.unknown().optional(),
 });
 
-const KEEP_TEMP = process.env.APIFUSE_PACK_SMOKE_KEEP_TEMP === "1";
+const KEEP_TEMP = process.env.APIFUSE__PACK_SMOKE__KEEP_TEMP === "1";
 
 const tempRoot = mkdtempSync(
 	join(tmpdir(), "apifuse-provider-sdk-pack-smoke-"),
 );
 const packDir = join(tempRoot, "pack");
 const consumerDir = join(tempRoot, "consumer");
+const externalWorkspaceDir = join(tempRoot, "external-workspace");
 
 try {
 	mkdirSync(packDir, { recursive: true });
 	mkdirSync(consumerDir, { recursive: true });
+	mkdirSync(join(externalWorkspaceDir, "providers"), { recursive: true });
 
 	const packed = packSdk(packDir);
 	const tarballPath = resolve(packDir, packed.filename);
@@ -97,6 +99,11 @@ try {
 	run("bun", ["run", "test"], generatedProviderDir);
 	assertGeneratedReadme(generatedProviderDir);
 	await smokeGeneratedDevServer(generatedProviderDir);
+	assertExternalWorkspaceTopology(
+		cliBin,
+		externalWorkspaceDir,
+		tarballSpecifier,
+	);
 
 	console.log(
 		`Provider SDK packed-artifact smoke passed: ${tarballPath} -> ${generatedProviderDir}`,
@@ -109,6 +116,103 @@ try {
 	}
 }
 
+function assertExternalWorkspaceTopology(
+	cliBin: string,
+	externalWorkspaceDir: string,
+	tarballSpecifier: string,
+): void {
+	writeFileSync(
+		join(externalWorkspaceDir, "package.json"),
+		`${JSON.stringify(
+			{
+				private: true,
+				type: "module",
+				workspaces: ["providers/*"],
+			},
+			null,
+			2,
+		)}\n`,
+	);
+
+	run(
+		"bun",
+		[
+			cliBin,
+			"create",
+			"external-workspace-smoke",
+			"--yes",
+			"--json",
+			"--sdk-specifier",
+			tarballSpecifier,
+		],
+		externalWorkspaceDir,
+	);
+
+	const generatedProviderDir = join(
+		externalWorkspaceDir,
+		"external-workspace-smoke",
+	);
+	const forbiddenProviderDir = join(
+		externalWorkspaceDir,
+		"providers",
+		"external-workspace-smoke",
+	);
+	if (!existsSync(generatedProviderDir)) {
+		throw new Error(
+			"Public create must generate a one-provider repository at <name>/ even when providers/ exists.",
+		);
+	}
+	if (existsSync(forbiddenProviderDir)) {
+		throw new Error(
+			"Public create must not generate providers/<name>/ in external bounty workspaces.",
+		);
+	}
+
+	const packageJson = JSON.parse(
+		readFileSync(join(generatedProviderDir, "package.json"), "utf8"),
+	);
+	const sdkDependency = packageJson?.dependencies?.["@apifuse/provider-sdk"];
+	if (sdkDependency !== tarballSpecifier) {
+		throw new Error(
+			`Expected generated provider to depend on packed SDK ${tarballSpecifier}, got ${sdkDependency}`,
+		);
+	}
+	if (JSON.stringify(packageJson).includes("workspace:")) {
+		throw new Error(
+			"External bounty workspace scaffold must not contain workspace: dependencies.",
+		);
+	}
+
+	run("bun", ["install"], generatedProviderDir);
+	run("bun", ["run", "check"], generatedProviderDir);
+	run("bun", ["run", "submit-check"], generatedProviderDir);
+	run("bun", ["run", "test"], generatedProviderDir);
+
+	const monorepoAttempt = spawnSync(
+		"bun",
+		[cliBin, "create", "bad-monorepo-smoke", "--preset", "monorepo", "--yes"],
+		{
+			cwd: externalWorkspaceDir,
+			env: { ...process.env, APIFUSE__SDK__SPECIFIER: tarballSpecifier },
+			encoding: "utf8",
+			stdio: ["ignore", "pipe", "pipe"],
+		},
+	);
+	if (monorepoAttempt.status === 0) {
+		throw new Error(
+			"--preset monorepo must reject outside the private APIFuse monorepo.",
+		);
+	}
+	const rejectionOutput = `${monorepoAttempt.stdout}\n${monorepoAttempt.stderr}`;
+	if (
+		!rejectionOutput.includes(
+			"Monorepo preset is internal to the APIFuse repository",
+		)
+	) {
+		throw new Error(`Unexpected monorepo rejection output: ${rejectionOutput}`);
+	}
+}
+
 function packSdk(destination: string): { filename: string } {
 	const raw = execFileSync(
 		"npm",
@@ -162,9 +266,9 @@ function assertGeneratedReadme(providerDir: string): void {
 			"Generated README is missing browser runtime troubleshooting guidance.",
 		);
 	}
-	if (!readme.includes("bun pm untrusted")) {
+	if (!readme.includes("impit")) {
 		throw new Error(
-			"Generated README is missing Bun trusted-dependency troubleshooting guidance.",
+			"Generated README is missing impit stealth runtime guidance.",
 		);
 	}
 	if (!readme.includes("bun run submit-check")) {
@@ -183,7 +287,8 @@ async function smokeGeneratedDevServer(providerDir: string): Promise<void> {
 	const port = await getAvailablePort();
 	const server = spawn("bun", ["run", "dev"], {
 		cwd: providerDir,
-		env: { ...process.env, PORT: String(port) },
+		env: { ...process.env, APIFUSE__RUNTIME__PORT: String(port) },
+		detached: process.platform !== "win32",
 		stdio: ["ignore", "pipe", "pipe"],
 	});
 	let output = "";
@@ -286,11 +391,11 @@ async function stopServer(server: ChildProcess): Promise<void> {
 	if (server.exitCode !== null) {
 		return;
 	}
-	server.kill("SIGTERM");
+	killProcessTree(server, "SIGTERM");
 	await new Promise<void>((resolvePromise) => {
 		const timeout = setTimeout(() => {
 			if (server.exitCode === null) {
-				server.kill("SIGKILL");
+				killProcessTree(server, "SIGKILL");
 			}
 			resolvePromise();
 		}, 2_000);
@@ -300,3 +405,19 @@ async function stopServer(server: ChildProcess): Promise<void> {
 		});
 	});
 }
+
+function killProcessTree(server: ChildProcess, signal: NodeJS.Signals): void {
+	if (server.pid === undefined) {
+		return;
+	}
+
+	try {
+		if (process.platform === "win32") {
+			server.kill(signal);
+			return;
+		}
+		process.kill(-server.pid, signal);
+	} catch {
+		server.kill(signal);
+	}
+}