@hstm-labs/forge-run 0.1.11

package/README.md

@@ -0,0 +1,44 @@
+# @hstm-labs/forge-run
+
+Post-deliver stage that updates root `package.json` scripts and optionally runs the dev stack for verification.
+
+## Purpose
+
+- **Script updates**: Add or fill in `infra:up`, `db:create`, `db:seed`, `build`, `start`, and `run:all` so the delivered project has a consistent dev workflow.
+- **Optional execute**: When `config.runVerify.execute` is true, run the script sequence and HTTP health checks (for CI or local smoke tests).
+
+## Auth mode (Keycloak vs local users)
+
+Run-verify supports two auth modes so dev deployment matches how the application authenticates users:
+
+- **`authMode: 'oidc'`** — Application uses an IdP (OIDC/OAuth) and has a local user table that caches IdP data plus app-specific values. For dev, we include **Keycloak** (or another IdP) in the deployment and seed it with users that **match the users seeded in the database**. Use this when the app relies on IdP for authentication and you want to test the full flow (Keycloak + DB users aligned).
+- **`authMode: 'local'`** (or unset) — Application only supports authentication with application-owned users (local users table, no IdP). Keycloak is **not** included in the dev deployment. Use this when there is no IdP and users exist only in the app DB.
+
+Set in `forge.config.json`:
+
+```json
+{
+  "runVerify": {
+    "execute": true,
+    "authMode": "oidc"
+  }
+}
+```
+
+When `authMode` is `'oidc'`, the stage adds scripts `keycloak:up` and `keycloak:seed` and uses a `run:all` order: infra up → keycloak seed → db create → db seed → build → start. The Keycloak seed step should align users with those from `db:seed` (same identities/attributes). When `authMode` is `'local'` or omitted, no Keycloak scripts are added.
+
+## Config
+
+| Option | Type | Description |
+|--------|------|-------------|
+| `runVerify.execute` | boolean | If true, run script sequence and health checks after updating scripts. |
+| `runVerify.healthUrls` | string[] | URLs to GET for health checks (default: localhost:3000/health). |
+| `runVerify.authMode` | `'oidc'` \| `'local'` | IdP + Keycloak in dev vs local users only; see above. |
+
+## Public API
+
+- `RunVerifyStage` — Pipeline stage (depends on `deliver`).
+- `updatePackageJsonScripts(rootDir, layoutName, authMode?)` — Add default scripts to root `package.json`.
+- `getDefaultScriptsForLayout(layoutName, authMode?)` — Get script map for a layout and optional auth mode.
+- `runScript`, `runScriptSequence`, `healthCheck`, `healthCheckWithRetry` — Execution helpers.
+- Types: `RunVerifyReport`, `ScriptRunResult`, `HealthCheckResult`, `RunVerifyAuthMode`.

package/dist/executor.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Run npm/pnpm scripts and perform HTTP health checks.
+ */
+import type { ScriptRunResult, HealthCheckResult } from './types.js';
+/**
+ * Run a single npm script in the given directory.
+ *
+ * @param cwd - Working directory (project root)
+ * @param scriptName - Script name (e.g. 'infra:up', 'db:create')
+ * @param timeoutMs - Max time to wait
+ * @returns Script run result
+ */
+export declare function runScript(cwd: string, scriptName: string, timeoutMs?: number): Promise<ScriptRunResult>;
+/**
+ * Run a sequence of scripts in order; stop on first failure.
+ *
+ * @param cwd - Project root
+ * @param scriptNames - Script names in order
+ * @param timeoutMs - Timeout per script
+ * @returns Array of results (one per script run)
+ */
+export declare function runScriptSequence(cwd: string, scriptNames: string[], timeoutMs?: number): Promise<ScriptRunResult[]>;
+/**
+ * Perform a single HTTP GET health check.
+ *
+ * @param url - URL to request (e.g. http://localhost:3000/health)
+ * @returns Health check result
+ */
+export declare function healthCheck(url: string): Promise<HealthCheckResult>;
+/**
+ * Perform health checks with retries and delay (for services that may not be up yet).
+ *
+ * @param urls - URLs to check
+ * @param retries - Number of retries per URL
+ * @param delayMs - Delay between retries
+ * @returns Array of final health check results
+ */
+export declare function healthCheckWithRetry(urls: string[], retries?: number, delayMs?: number): Promise<HealthCheckResult[]>;
+//# sourceMappingURL=executor.d.ts.map

package/dist/executor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAOrE;;;;;;;GAOG;AACH,wBAAgB,SAAS,CACvB,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,EAClB,SAAS,GAAE,MAAkC,GAC5C,OAAO,CAAC,eAAe,CAAC,CA6C1B;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,WAAW,EAAE,MAAM,EAAE,EACrB,SAAS,GAAE,MAAkC,GAC5C,OAAO,CAAC,eAAe,EAAE,CAAC,CAU5B;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CA6BzE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE,MAA6B,EACtC,OAAO,GAAE,MAAoC,GAC5C,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAkB9B"}

package/dist/executor.js

@@ -0,0 +1,137 @@
+/**
+ * Run npm/pnpm scripts and perform HTTP health checks.
+ */
+import { spawn } from 'node:child_process';
+const DEFAULT_SCRIPT_TIMEOUT_MS = 120_000;
+const HEALTH_CHECK_TIMEOUT_MS = 10_000;
+const HEALTH_CHECK_RETRIES = 10;
+const HEALTH_CHECK_RETRY_DELAY_MS = 2000;
+/**
+ * Run a single npm script in the given directory.
+ *
+ * @param cwd - Working directory (project root)
+ * @param scriptName - Script name (e.g. 'infra:up', 'db:create')
+ * @param timeoutMs - Max time to wait
+ * @returns Script run result
+ */
+export function runScript(cwd, scriptName, timeoutMs = DEFAULT_SCRIPT_TIMEOUT_MS) {
+    return new Promise((resolve) => {
+        const start = Date.now();
+        const child = spawn('npm', ['run', scriptName], {
+            cwd,
+            shell: true,
+            stdio: ['ignore', 'pipe', 'pipe'],
+        });
+        let stderr = '';
+        child.stderr?.on('data', (chunk) => {
+            stderr += chunk.toString();
+        });
+        const timer = setTimeout(() => {
+            child.kill('SIGTERM');
+            resolve({
+                script: scriptName,
+                ok: false,
+                stderr: stderr || 'Timeout',
+                durationMs: Date.now() - start,
+            });
+        }, timeoutMs);
+        child.on('close', (code) => {
+            clearTimeout(timer);
+            resolve({
+                script: scriptName,
+                ok: code === 0,
+                ...(code !== undefined && code !== null ? { exitCode: code } : {}),
+                ...(stderr ? { stderr } : {}),
+                durationMs: Date.now() - start,
+            });
+        });
+        child.on('error', (err) => {
+            clearTimeout(timer);
+            resolve({
+                script: scriptName,
+                ok: false,
+                stderr: err.message,
+                durationMs: Date.now() - start,
+            });
+        });
+    });
+}
+/**
+ * Run a sequence of scripts in order; stop on first failure.
+ *
+ * @param cwd - Project root
+ * @param scriptNames - Script names in order
+ * @param timeoutMs - Timeout per script
+ * @returns Array of results (one per script run)
+ */
+export async function runScriptSequence(cwd, scriptNames, timeoutMs = DEFAULT_SCRIPT_TIMEOUT_MS) {
+    const results = [];
+    for (const name of scriptNames) {
+        const result = await runScript(cwd, name, timeoutMs);
+        results.push(result);
+        if (!result.ok) {
+            break;
+        }
+    }
+    return results;
+}
+/**
+ * Perform a single HTTP GET health check.
+ *
+ * @param url - URL to request (e.g. http://localhost:3000/health)
+ * @returns Health check result
+ */
+export async function healthCheck(url) {
+    const start = Date.now();
+    try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), HEALTH_CHECK_TIMEOUT_MS);
+        const res = await fetch(url, {
+            signal: controller.signal,
+            headers: { Accept: 'application/json' },
+        });
+        clearTimeout(timeout);
+        const responseMs = Date.now() - start;
+        return {
+            url,
+            ok: res.ok,
+            statusCode: res.status,
+            responseMs,
+        };
+    }
+    catch (err) {
+        const responseMs = Date.now() - start;
+        return {
+            url,
+            ok: false,
+            error: err instanceof Error ? err.message : String(err),
+            responseMs,
+        };
+    }
+}
+/**
+ * Perform health checks with retries and delay (for services that may not be up yet).
+ *
+ * @param urls - URLs to check
+ * @param retries - Number of retries per URL
+ * @param delayMs - Delay between retries
+ * @returns Array of final health check results
+ */
+export async function healthCheckWithRetry(urls, retries = HEALTH_CHECK_RETRIES, delayMs = HEALTH_CHECK_RETRY_DELAY_MS) {
+    const results = [];
+    for (const url of urls) {
+        let last;
+        for (let i = 0; i < retries; i++) {
+            last = await healthCheck(url);
+            if (last.ok) {
+                break;
+            }
+            if (i < retries - 1) {
+                await new Promise((r) => setTimeout(r, delayMs));
+            }
+        }
+        results.push(last ?? { url, ok: false, error: 'No attempt' });
+    }
+    return results;
+}
+//# sourceMappingURL=executor.js.map

package/dist/executor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"executor.js","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAG3C,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAC1C,MAAM,uBAAuB,GAAG,MAAM,CAAC;AACvC,MAAM,oBAAoB,GAAG,EAAE,CAAC;AAChC,MAAM,2BAA2B,GAAG,IAAI,CAAC;AAEzC;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CACvB,GAAW,EACX,UAAkB,EAClB,YAAoB,yBAAyB;IAE7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE;YAC9C,GAAG;YACH,KAAK,EAAE,IAAI;YACX,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtB,OAAO,CAAC;gBACN,MAAM,EAAE,UAAU;gBAClB,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,MAAM,IAAI,SAAS;gBAC3B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC,CAAC;QACL,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,MAAM,EAAE,UAAU;gBAClB,EAAE,EAAE,IAAI,KAAK,CAAC;gBACd,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,MAAM,EAAE,UAAU;gBAClB,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,GAAG,CAAC,OAAO;gBACnB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAW,EACX,WAAqB,EACrB,YAAoB,yBAAyB;IAE7C,MAAM,OAAO,GAAsB,EAAE,CAAC;IACtC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,MAAM;QACR,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,GAAW;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CACxB,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EACxB,uBAAuB,CACxB,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,YAAY,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACtC,OAAO;YACL,GAAG;YACH,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,UAAU,EAAE,GAAG,CAAC,MAAM;YACtB,UAAU;SACX,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACtC,OAAO;YACL,GAAG;YACH,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;YACvD,UAAU;SACX,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,IAAc,EACd,UAAkB,oBAAoB,EACtC,UAAkB,2BAA2B;IAE7C,MAAM,OAAO,GAAwB,EAAE,CAAC;IAExC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,IAAmC,CAAC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;YACjC,IAAI,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YAC9B,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM;YACR,CAAC;YACD,IAAI,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * @hstm-labs/forge-run — Post-deliver run and verify stage.
+ *
+ * Updates package.json scripts (infra:up, db:create, db:seed, build, start)
+ * and optionally runs the stack and verifies services are responding.
+ */
+export { RunVerifyStage } from './run-verify-stage.js';
+export { updatePackageJsonScripts, getDefaultScriptsForLayout, type RunVerifyAuthMode, } from './script-updater.js';
+export { runScript, runScriptSequence, healthCheck, healthCheckWithRetry, } from './executor.js';
+export type { RunVerifyReport, ScriptRunResult, HealthCheckResult, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EACL,wBAAwB,EACxB,0BAA0B,EAC1B,KAAK,iBAAiB,GACvB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,WAAW,EACX,oBAAoB,GACrB,MAAM,eAAe,CAAC;AACvB,YAAY,EACV,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+/**
+ * @hstm-labs/forge-run — Post-deliver run and verify stage.
+ *
+ * Updates package.json scripts (infra:up, db:create, db:seed, build, start)
+ * and optionally runs the stack and verifies services are responding.
+ */
+export { RunVerifyStage } from './run-verify-stage.js';
+export { updatePackageJsonScripts, getDefaultScriptsForLayout, } from './script-updater.js';
+export { runScript, runScriptSequence, healthCheck, healthCheckWithRetry, } from './executor.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EACL,wBAAwB,EACxB,0BAA0B,GAE3B,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,WAAW,EACX,oBAAoB,GACrB,MAAM,eAAe,CAAC"}

package/dist/run-verify-stage.d.ts

@@ -0,0 +1,29 @@
+/**
+ * RunVerifyStage — pipeline stage after deliver that updates package.json
+ * scripts (infra:up, db:create, db:seed, build, start) and optionally runs
+ * the stack and verifies services are responding.
+ *
+ * Order when executing: infra up → [keycloak:seed when authMode=oidc] →
+ * db create → db seed → build → start → health checks.
+ *
+ * When config.runVerify.authMode is 'oidc', Keycloak is included (scripts and
+ * execute sequence) so dev can test IdP auth with users seeded in Keycloak
+ * that match DB-seeded users. When 'local', only app-owned users; no Keycloak.
+ */
+import type { StageName } from '@hstm-labs/forge-common';
+import type { PipelineStage, PipelineStageInput, PipelineStageOutput, PipelineContext } from '@hstm-labs/forge-core';
+/**
+ * Pipeline stage that runs after deliver: updates root package.json scripts
+ * for infra, db, seed, build, and start; optionally executes the sequence
+ * and verifies services via health checks.
+ *
+ * Enable execution by setting config.runVerify.execute to true and
+ * optionally config.runVerify.healthUrls (defaults to localhost:3000).
+ */
+export declare class RunVerifyStage implements PipelineStage {
+    readonly name: StageName;
+    readonly dependsOn: StageName[];
+    readonly requiresLLM = false;
+    execute(_input: PipelineStageInput, context: PipelineContext): Promise<PipelineStageOutput>;
+}
+//# sourceMappingURL=run-verify-stage.d.ts.map

package/dist/run-verify-stage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"run-verify-stage.d.ts","sourceRoot":"","sources":["../src/run-verify-stage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAEzD,OAAO,KAAK,EACV,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EAEhB,MAAM,uBAAuB,CAAC;AAY/B;;;;;;;GAOG;AACH,qBAAa,cAAe,YAAW,aAAa;IAClD,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAgB;IACxC,QAAQ,CAAC,SAAS,EAAE,SAAS,EAAE,CAAe;IAC9C,QAAQ,CAAC,WAAW,SAAS;IAEvB,OAAO,CACX,MAAM,EAAE,kBAAkB,EAC1B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,mBAAmB,CAAC;CA+EhC"}

package/dist/run-verify-stage.js

@@ -0,0 +1,94 @@
+/**
+ * RunVerifyStage — pipeline stage after deliver that updates package.json
+ * scripts (infra:up, db:create, db:seed, build, start) and optionally runs
+ * the stack and verifies services are responding.
+ *
+ * Order when executing: infra up → [keycloak:seed when authMode=oidc] →
+ * db create → db seed → build → start → health checks.
+ *
+ * When config.runVerify.authMode is 'oidc', Keycloak is included (scripts and
+ * execute sequence) so dev can test IdP auth with users seeded in Keycloak
+ * that match DB-seeded users. When 'local', only app-owned users; no Keycloak.
+ */
+import { join } from 'node:path';
+import { writeFileSync, mkdirSync, existsSync } from 'node:fs';
+import { hashContent } from '@hstm-labs/forge-common';
+import { updatePackageJsonScripts } from './script-updater.js';
+import { runScriptSequence, healthCheckWithRetry, } from './executor.js';
+/** Default health check URLs when execute is enabled and none configured. */
+const DEFAULT_HEALTH_URLS = ['http://localhost:3000/health', 'http://localhost:3000'];
+/**
+ * Pipeline stage that runs after deliver: updates root package.json scripts
+ * for infra, db, seed, build, and start; optionally executes the sequence
+ * and verifies services via health checks.
+ *
+ * Enable execution by setting config.runVerify.execute to true and
+ * optionally config.runVerify.healthUrls (defaults to localhost:3000).
+ */
+export class RunVerifyStage {
+    name = 'run-verify';
+    dependsOn = ['deliver'];
+    requiresLLM = false;
+    async execute(_input, context) {
+        const rootDir = context.workspace.rootDir;
+        const layoutName = context.config.layout ?? 'standard';
+        const report = {
+            runId: context.runId,
+            scriptsUpdated: false,
+            scriptsAdded: [],
+            executed: false,
+            success: true,
+            generatedAt: new Date().toISOString(),
+        };
+        const runConfig = context.config.runVerify;
+        const authMode = runConfig?.authMode;
+        // 1. Update root package.json scripts (if present); include Keycloak when authMode=oidc
+        if (existsSync(join(rootDir, 'package.json'))) {
+            report.scriptsAdded = updatePackageJsonScripts(rootDir, layoutName, authMode);
+            report.scriptsUpdated = report.scriptsAdded.length > 0;
+        }
+        // 2. Optionally run infra → [keycloak:seed if oidc] → db → seed → build → start and health checks
+        const shouldExecute = runConfig?.execute === true;
+        const healthUrls = runConfig?.healthUrls?.length
+            ? runConfig.healthUrls
+            : DEFAULT_HEALTH_URLS;
+        if (shouldExecute) {
+            report.executed = true;
+            const sequence = authMode === 'oidc'
+                ? ['infra:up', 'keycloak:seed', 'db:create', 'db:seed', 'build', 'start']
+                : ['infra:up', 'db:create', 'db:seed', 'build', 'start'];
+            const stepResults = await runScriptSequence(rootDir, sequence);
+            report.stepResults = stepResults;
+            const allStepsOk = stepResults.every((r) => r.ok);
+            if (allStepsOk) {
+                const checks = await healthCheckWithRetry(healthUrls);
+                report.healthChecks = checks;
+                report.success = checks.every((c) => c.ok);
+            }
+            else {
+                report.success = false;
+            }
+        }
+        // 3. Write report artifact
+        const outputDir = join(context.workspace.forgeDir, 'runs', context.runId, 'stages', 'run-verify', 'artifacts');
+        mkdirSync(outputDir, { recursive: true });
+        const reportPath = 'run-verify-report.json';
+        const reportJson = JSON.stringify(report, null, 2);
+        writeFileSync(join(outputDir, reportPath), reportJson, 'utf-8');
+        const artifacts = [
+            {
+                filePath: reportPath,
+                content: reportJson,
+                contentHash: hashContent(reportJson),
+                sizeBytes: Buffer.byteLength(reportJson, 'utf-8'),
+            },
+        ];
+        return {
+            artifacts,
+            data: {
+                runVerify: report,
+            },
+        };
+    }
+}
+//# sourceMappingURL=run-verify-stage.js.map

package/dist/run-verify-stage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run-verify-stage.js","sourceRoot":"","sources":["../src/run-verify-stage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAE/D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAUtD,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,eAAe,CAAC;AAEvB,6EAA6E;AAC7E,MAAM,mBAAmB,GAAG,CAAC,8BAA8B,EAAE,uBAAuB,CAAC,CAAC;AAEtF;;;;;;;GAOG;AACH,MAAM,OAAO,cAAc;IAChB,IAAI,GAAc,YAAY,CAAC;IAC/B,SAAS,GAAgB,CAAC,SAAS,CAAC,CAAC;IACrC,WAAW,GAAG,KAAK,CAAC;IAE7B,KAAK,CAAC,OAAO,CACX,MAA0B,EAC1B,OAAwB;QAExB,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;QAC1C,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,UAAU,CAAC;QAEvD,MAAM,MAAM,GAAoB;YAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,cAAc,EAAE,KAAK;YACrB,YAAY,EAAE,EAAE;YAChB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACtC,CAAC;QAEF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,SAEpB,CAAC;QACd,MAAM,QAAQ,GAAG,SAAS,EAAE,QAAQ,CAAC;QAErC,wFAAwF;QACxF,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,YAAY,GAAG,wBAAwB,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;YAC9E,MAAM,CAAC,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;QACzD,CAAC;QAED,kGAAkG;QAClG,MAAM,aAAa,GAAG,SAAS,EAAE,OAAO,KAAK,IAAI,CAAC;QAClD,MAAM,UAAU,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM;YAC9C,CAAC,CAAC,SAAS,CAAC,UAAU;YACtB,CAAC,CAAC,mBAAmB,CAAC;QAExB,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC;YACvB,MAAM,QAAQ,GACZ,QAAQ,KAAK,MAAM;gBACjB,CAAC,CAAC,CAAC,UAAU,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC;gBACzE,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7D,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;YAEjC,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAClD,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBACtD,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC;gBAC7B,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;YACzB,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,MAAM,SAAS,GAAG,IAAI,CACpB,OAAO,CAAC,SAAS,CAAC,QAAQ,EAC1B,MAAM,EACN,OAAO,CAAC,KAAK,EACb,QAAQ,EACR,YAAY,EACZ,WAAW,CACZ,CAAC;QACF,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,wBAAwB,CAAC;QAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACnD,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAEhE,MAAM,SAAS,GAAoB;YACjC;gBACE,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,UAAU;gBACnB,WAAW,EAAE,WAAW,CAAC,UAAU,CAAC;gBACpC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC;aAClD;SACF,CAAC;QAEF,OAAO;YACL,SAAS;YACT,IAAI,EAAE;gBACJ,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/script-updater.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Update root package.json with scripts for infra, db, seed, build, and start.
+ *
+ * Ensures the delivered project has consistent script names so run-verify
+ * (or the user) can run: infra:up → [keycloak:seed when OIDC] → db:create →
+ * db:seed → build → start.
+ *
+ * When authMode is 'oidc', Keycloak-related scripts are added so dev can deploy
+ * Keycloak and seed it with users that match DB-seeded users (IdP + local user
+ * cache). When authMode is 'local', only application-owned users; no Keycloak.
+ */
+import type { ProjectLayoutName } from '@hstm-labs/forge-common';
+/** Auth mode for dev: IdP (OIDC/OAuth + Keycloak) vs local users only. */
+export type RunVerifyAuthMode = 'oidc' | 'local';
+/**
+ * Propose scripts for the given layout and optional auth mode.
+ *
+ * When authMode is 'oidc', adds keycloak:up, keycloak:seed and uses run:all
+ * that includes Keycloak seed before db. When 'local' or undefined, no Keycloak.
+ *
+ * @param layoutName - Project layout (standard, monorepo, scalable-monorepo)
+ * @param authMode - 'oidc' to include Keycloak for IdP apps; 'local' or undefined for app-only users
+ * @returns Scripts to add or merge
+ */
+export declare function getDefaultScriptsForLayout(layoutName: ProjectLayoutName, authMode?: RunVerifyAuthMode | undefined): Record<string, string>;
+/**
+ * Update or add scripts to the root package.json at rootDir.
+ * Only adds script keys that are missing; does not overwrite existing.
+ *
+ * When authMode is 'oidc', adds keycloak:up and keycloak:seed and run:all
+ * includes Keycloak. When 'local' or undefined, no Keycloak scripts.
+ *
+ * @param rootDir - Project root (delivered project)
+ * @param layoutName - Project layout for layout-specific defaults
+ * @param authMode - 'oidc' to include Keycloak for IdP; 'local' or undefined for local users only
+ * @returns List of script names that were added
+ */
+export declare function updatePackageJsonScripts(rootDir: string, layoutName: ProjectLayoutName, authMode?: RunVerifyAuthMode | undefined): string[];
+//# sourceMappingURL=script-updater.d.ts.map

package/dist/script-updater.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"script-updater.d.ts","sourceRoot":"","sources":["../src/script-updater.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAGjE,0EAA0E;AAC1E,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,OAAO,CAAC;AAuBjD;;;;;;;;;GASG;AACH,wBAAgB,0BAA0B,CACxC,UAAU,EAAE,iBAAiB,EAC7B,QAAQ,CAAC,EAAE,iBAAiB,GAAG,SAAS,GACvC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAgBxB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,iBAAiB,EAC7B,QAAQ,CAAC,EAAE,iBAAiB,GAAG,SAAS,GACvC,MAAM,EAAE,CA4BV"}

package/dist/script-updater.js

@@ -0,0 +1,87 @@
+/**
+ * Update root package.json with scripts for infra, db, seed, build, and start.
+ *
+ * Ensures the delivered project has consistent script names so run-verify
+ * (or the user) can run: infra:up → [keycloak:seed when OIDC] → db:create →
+ * db:seed → build → start.
+ *
+ * When authMode is 'oidc', Keycloak-related scripts are added so dev can deploy
+ * Keycloak and seed it with users that match DB-seeded users (IdP + local user
+ * cache). When authMode is 'local', only application-owned users; no Keycloak.
+ */
+import { join } from 'node:path';
+import { readFileSync, writeFileSync, existsSync } from 'node:fs';
+import { getLayout } from '@hstm-labs/forge-common';
+const DEFAULT_SCRIPTS = {
+    'infra:up': 'docker compose -f infra/docker/compose.dev.yml up -d 2>/dev/null || docker compose up -d',
+    'db:create': 'npx prisma migrate deploy 2>/dev/null || echo "No Prisma; add db create command"',
+    'db:seed': 'node scripts/seed.js 2>/dev/null || npm run seed 2>/dev/null || echo "Add seed script"',
+    build: 'echo "Add workspace build (e.g. pnpm run build)"',
+    start: 'echo "Add workspace start (e.g. pnpm run start)"',
+    'run:all': 'npm run infra:up && npm run db:create && npm run db:seed && npm run build && npm run start',
+};
+/** Scripts added only when authMode is 'oidc' (Keycloak deploy + seed to match DB users). */
+const OIDC_SCRIPTS = {
+    'keycloak:up': 'docker compose -f infra/docker/compose.dev.yml up -d keycloak 2>/dev/null || echo "Add Keycloak service to compose"',
+    'keycloak:seed': 'node scripts/seed-keycloak.js 2>/dev/null || echo "Add Keycloak user seed (align with db:seed users)"',
+    'run:all': 'npm run infra:up && npm run keycloak:seed && npm run db:create && npm run db:seed && npm run build && npm run start',
+};
+/**
+ * Propose scripts for the given layout and optional auth mode.
+ *
+ * When authMode is 'oidc', adds keycloak:up, keycloak:seed and uses run:all
+ * that includes Keycloak seed before db. When 'local' or undefined, no Keycloak.
+ *
+ * @param layoutName - Project layout (standard, monorepo, scalable-monorepo)
+ * @param authMode - 'oidc' to include Keycloak for IdP apps; 'local' or undefined for app-only users
+ * @returns Scripts to add or merge
+ */
+export function getDefaultScriptsForLayout(layoutName, authMode) {
+    const layout = getLayout(layoutName);
+    const scripts = {
+        ...DEFAULT_SCRIPTS,
+        ...(authMode === 'oidc' ? OIDC_SCRIPTS : {}),
+    };
+    if (layout.name === 'scalable-monorepo' || layout.name === 'monorepo') {
+        scripts.build = 'turbo run build';
+        scripts.start = 'turbo run start';
+    }
+    else {
+        scripts.build = 'pnpm run build 2>/dev/null || npm run build';
+        scripts.start = 'pnpm run start 2>/dev/null || npm run start';
+    }
+    return scripts;
+}
+/**
+ * Update or add scripts to the root package.json at rootDir.
+ * Only adds script keys that are missing; does not overwrite existing.
+ *
+ * When authMode is 'oidc', adds keycloak:up and keycloak:seed and run:all
+ * includes Keycloak. When 'local' or undefined, no Keycloak scripts.
+ *
+ * @param rootDir - Project root (delivered project)
+ * @param layoutName - Project layout for layout-specific defaults
+ * @param authMode - 'oidc' to include Keycloak for IdP; 'local' or undefined for local users only
+ * @returns List of script names that were added
+ */
+export function updatePackageJsonScripts(rootDir, layoutName, authMode) {
+    const pkgPath = join(rootDir, 'package.json');
+    if (!existsSync(pkgPath)) {
+        return [];
+    }
+    const raw = readFileSync(pkgPath, 'utf-8');
+    const pkg = JSON.parse(raw);
+    const existing = pkg.scripts ?? {};
+    const defaults = getDefaultScriptsForLayout(layoutName, authMode);
+    const added = [];
+    for (const [name, value] of Object.entries(defaults)) {
+        if (existing[name] === undefined || existing[name] === '') {
+            existing[name] = value;
+            added.push(name);
+        }
+    }
+    pkg.scripts = existing;
+    writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n', 'utf-8');
+    return added;
+}
+//# sourceMappingURL=script-updater.js.map

package/dist/script-updater.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"script-updater.js","sourceRoot":"","sources":["../src/script-updater.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAElE,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAKpD,MAAM,eAAe,GAA2B;IAC9C,UAAU,EACR,0FAA0F;IAC5F,WAAW,EAAE,kFAAkF;IAC/F,SAAS,EAAE,wFAAwF;IACnG,KAAK,EAAE,kDAAkD;IACzD,KAAK,EAAE,kDAAkD;IACzD,SAAS,EACP,4FAA4F;CAC/F,CAAC;AAEF,6FAA6F;AAC7F,MAAM,YAAY,GAA2B;IAC3C,aAAa,EACX,qHAAqH;IACvH,eAAe,EACb,uGAAuG;IACzG,SAAS,EACP,qHAAqH;CACxH,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,UAAU,0BAA0B,CACxC,UAA6B,EAC7B,QAAwC;IAExC,MAAM,MAAM,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,OAAO,GAA2B;QACtC,GAAG,eAAe;QAClB,GAAG,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7C,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,KAAK,mBAAmB,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACtE,OAAO,CAAC,KAAK,GAAG,iBAAiB,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,iBAAiB,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,GAAG,6CAA6C,CAAC;QAC9D,OAAO,CAAC,KAAK,GAAG,6CAA6C,CAAC;IAChE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAAe,EACf,UAA6B,EAC7B,QAAwC;IAExC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAKzB,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrD,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,SAAS,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC1D,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAED,GAAG,CAAC,OAAO,GAAG,QAAQ,CAAC;IACvB,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACrE,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Types for the run-verify stage: script updates, execution, and health checks.
+ */
+/** Result of a single health check. */
+export interface HealthCheckResult {
+    /** URL checked. */
+    url: string;
+    /** Whether the check succeeded. */
+    ok: boolean;
+    /** HTTP status code (if applicable). */
+    statusCode?: number;
+    /** Error message if failed. */
+    error?: string;
+    /** Response time in ms (if applicable). */
+    responseMs?: number;
+}
+/** Result of running a single script (e.g. infra:up, db:create). */
+export interface ScriptRunResult {
+    script: string;
+    ok: boolean;
+    exitCode?: number;
+    stderr?: string;
+    durationMs: number;
+}
+/** Report produced by the run-verify stage. */
+export interface RunVerifyReport {
+    runId: string;
+    /** Whether script updates were applied. */
+    scriptsUpdated: boolean;
+    /** Scripts added or updated (key = script name). */
+    scriptsAdded: string[];
+    /** Whether the execute sequence was run. */
+    executed: boolean;
+    /** Results of each step when executed (infra:up, db:create, db:seed, build, start). */
+    stepResults?: ScriptRunResult[];
+    /** Health check results when executed. */
+    healthChecks?: HealthCheckResult[];
+    /** Overall success (all health checks passed when executed). */
+    success: boolean;
+    generatedAt: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,uCAAuC;AACvC,MAAM,WAAW,iBAAiB;IAChC,mBAAmB;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,mCAAmC;IACnC,EAAE,EAAE,OAAO,CAAC;IACZ,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,oEAAoE;AACpE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,+CAA+C;AAC/C,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,cAAc,EAAE,OAAO,CAAC;IACxB,oDAAoD;IACpD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,4CAA4C;IAC5C,QAAQ,EAAE,OAAO,CAAC;IAClB,uFAAuF;IACvF,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAChC,0CAA0C;IAC1C,YAAY,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACnC,gEAAgE;IAChE,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB"}

package/dist/types.js

@@ -0,0 +1,5 @@
+/**
+ * Types for the run-verify stage: script updates, execution, and health checks.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@hstm-labs/forge-run",
+  "version": "0.1.11",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@hstm-labs/forge-common": "0.1.11",
+    "@hstm-labs/forge-core": "0.1.11"
+  },
+  "devDependencies": {
+    "@types/node": "^25.2.3"
+  }
+}