@martinloop/mcp 0.2.7 → 0.3.0

package/dist/vendor/core/index.js

@@ -13,7 +13,7 @@ export { runContextIntegrityPrecheck } from "./context-integrity.js";
 // ─── Prompt packet compiler ──────────────────────────────────────────────────
 export { compilePromptPacket } from "./compiler.js";
 // ─── Persistence (RunStore, LedgerEvent, FileRunStore) ──────────────────────
-export { createFileRunStore, makeLedgerEvent, readAllLoopRecords, readLatestLoopRecord, readLatestLoopRecordFromFile, readLoopRecordsFromFile, resolveRunsRoot } from "./persistence/index.js";
+export { createFileRunStore, makeLedgerEvent, readAllLoopRecords, readLatestLoopRecord, readLatestLoopRecordFromFile, readLoopRecordsFromFile, resolveRunsRoot, resolveReceiptIntegrityPath, verifyReceiptIntegrityFromFiles, writeReceiptIntegrityMaterial } from "./persistence/index.js";
 export { compileAndPersistContext } from "./persistence/index.js";
 /**
  * Admission gate — must pass before any attempt is executed.
@@ -101,6 +101,7 @@ export async function runMartin(input) {
         projectId: input.projectId,
         task: input.task,
         budget: input.budget,
+        ...(input.receiptScope ? { receiptScope: input.receiptScope } : {}),
         ...(input.teamId ? { teamId: input.teamId } : {}),
         ...(input.metadata ? { metadata: input.metadata } : {})
     }, { now: now(), idFactory });
@@ -270,7 +271,7 @@ export async function runMartin(input) {
         // GATHER → ADMIT: run admission control before executing
         currentPhase = "ADMIT";
         // T05: Context Integrity Pre-gate — blocks authority inversion / injection before reasoning
-        const contextPrecheck = await runContextIntegrityPrecheck(loop.loopId, loop.attempts.length + 1, runDir(resolveRunsRoot(), loop.loopId), {
+        const contextPrecheck = await runContextIntegrityPrecheck(loop.loopId, loop.attempts.length + 1, runDir(resolveActiveRunsRoot(input.store), loop.loopId), {
             userPrompt: distilled.focus,
             history: loop.attempts.map(a => a.summary).join("\n")
         });
@@ -418,6 +419,7 @@ export async function runMartin(input) {
         const result = await executingAdapter.execute(request);
         const attemptCompletedAt = now();
         const compiledContext = compilePromptPacket(request);
+        const verification = normalizeVerificationOutcome(result);
         // PATCH → VERIFY
         currentPhase = "VERIFY";
         let failure = result.status === "failed"
@@ -444,7 +446,16 @@ export async function runMartin(input) {
                 actualUsd: roundUsd(loop.cost.actualUsd + getUsageUsd(result.usage)),
                 avoidedUsd: loop.cost.avoidedUsd,
                 tokensIn: loop.cost.tokensIn + result.usage.tokensIn,
-                tokensOut: loop.cost.tokensOut + result.usage.tokensOut
+                tokensOut: loop.cost.tokensOut + result.usage.tokensOut,
+                ...(result.usage.estimatedUsd !== undefined
+                    ? {
+                        estimatedUsd: roundUsd((loop.cost.estimatedUsd ?? loop.cost.actualUsd) + result.usage.estimatedUsd)
+                    }
+                    : {}),
+                provenance: getUsageProvenance(result.usage),
+                ...(result.usage.providerSettlement
+                    ? { providerSettlement: result.usage.providerSettlement }
+                    : {})
             },
             updatedAt: attemptCompletedAt
         };
@@ -503,11 +514,14 @@ export async function runMartin(input) {
         }
         loop = appendLoopEvent(loop, {
             type: "verification.completed",
-            lifecycleState: result.verification.passed ? "completed" : "verifying",
+            lifecycleState: verification.passed ? "completed" : "verifying",
             payload: {
                 attemptId,
-                passed: result.verification.passed,
-                summary: result.verification.summary
+                attemptIndex: currentAttemptIndex,
+                passed: verification.passed,
+                summary: verification.summary,
+                ...(verification.steps?.length ? { steps: verification.steps } : {}),
+                ...(verification.warnings?.length ? { warnings: verification.warnings } : {})
             }
         }, { now: attemptCompletedAt, idFactory });
         const costState = evaluateCostGovernor({
@@ -534,6 +548,7 @@ export async function runMartin(input) {
             });
             await input.store.writeAttemptArtifacts(loop.loopId, currentAttemptIndex, {
                 compiledContext,
+                verification,
                 ...(rollbackBoundary ? { rollbackBoundary } : {})
             });
             await input.store.appendLedger(loop.loopId, makeLedgerEvent({
@@ -546,7 +561,13 @@ export async function runMartin(input) {
                 kind: "verification.completed",
                 runId: loop.loopId,
                 attemptIndex: currentAttemptIndex,
-                payload: { passed: result.verification.passed, summary: result.verification.summary }
+                payload: {
+                    attemptId,
+                    passed: verification.passed,
+                    summary: verification.summary,
+                    ...(verification.steps?.length ? { steps: verification.steps } : {}),
+                    ...(verification.warnings?.length ? { warnings: verification.warnings } : {})
+                }
             }));
             await input.store.appendLedger(loop.loopId, makeLedgerEvent({
                 kind: "budget.settled",
@@ -557,10 +578,13 @@ export async function runMartin(input) {
                     estimatedUsd: result.usage.estimatedUsd,
                     tokensIn: result.usage.tokensIn,
                     tokensOut: result.usage.tokensOut,
+                    cachedInputTokens: result.usage.cachedInputTokens,
+                    reasoningTokensOut: result.usage.reasoningTokensOut,
                     provenance: getUsageProvenance(result.usage),
                     transport: getAdapterTransport(executingAdapter),
                     providerId: executingAdapter.metadata.providerId,
                     model: executingAdapter.metadata.model,
+                    providerSettlement: result.usage.providerSettlement,
                     patchCost: settlement.patchCost,
                     verificationCost: settlement.verificationCost,
                     varianceUsd: settlement.varianceUsd,
@@ -573,11 +597,13 @@ export async function runMartin(input) {
         // returned a non-empty list. A repoRoot alone is insufficient — git may fail (e.g. not
         // a git repo) and silently return [], which would falsely trigger no_code_change.
         const changedFileEvidenceAvailable = result.execution?.changedFiles !== undefined || changedFiles.length > 0;
+        const isVerifierOnlyAdapter = executingAdapter.adapterId === "direct:verifier:verify-only";
+        const patchTruthCountsEdits = !isVerifyOnly && !isVerifierOnlyAdapter && changedFileEvidenceAvailable;
         if (isVerifyOnly && changedFiles.length > 0) {
             const patchDecision = evaluatePatchDecision({
-                verificationPassed: result.verification.passed,
+                verificationPassed: verification.passed,
                 previousVerifierScore,
-                verifierScore: result.verification.passed ? 1 : 0,
+                verifierScore: verification.passed ? 1 : 0,
                 scopeViolationCount: changedFiles.length,
                 changedFileCount: changedFiles.length,
                 diffNovelty: 1,
@@ -842,12 +868,12 @@ export async function runMartin(input) {
         let patchDecision;
         if (result.status === "completed") {
             patchDecision = evaluatePatchDecision({
-                verificationPassed: result.verification.passed,
+                verificationPassed: verification.passed,
                 previousVerifierScore,
-                verifierScore: result.verification.passed ? 1 : 0,
+                verifierScore: verification.passed ? 1 : 0,
                 groundingViolationCount: groundingScanResult?.violations.length ?? 0,
-                changedFileCount: !isVerifyOnly && changedFileEvidenceAvailable ? changedFiles.length : undefined,
-                diffNovelty: !isVerifyOnly && changedFileEvidenceAvailable ? (changedFiles.length > 0 ? 1 : 0) : undefined,
+                changedFileCount: patchTruthCountsEdits ? changedFiles.length : undefined,
+                diffNovelty: patchTruthCountsEdits ? (changedFiles.length > 0 ? 1 : 0) : undefined,
                 diffStats: result.execution?.diffStats,
                 costUsd: getUsageUsd(result.usage),
                 summary: result.summary
@@ -897,10 +923,10 @@ export async function runMartin(input) {
             }
             else {
                 await input.store.appendLedger(loop.loopId, makeLedgerEvent({
-                    kind: result.verification.passed ? "attempt.kept" : "attempt.discarded",
+                    kind: verification.passed ? "attempt.kept" : "attempt.discarded",
                     runId: loop.loopId,
                     attemptIndex: currentAttemptIndex,
-                    payload: { reason: result.verification.summary }
+                    payload: { reason: verification.summary }
                 }));
             }
         }
@@ -1145,6 +1171,9 @@ function createBudgetSettlement(input) {
             usd: 0,
             provenance: "unavailable"
         },
+        ...(input.usage.providerSettlement
+            ? { providerSettlement: input.usage.providerSettlement }
+            : {}),
         totalActualUsd,
         preflightEstimateUsd: input.estimate.estimatedAttemptCostUsd,
         varianceUsd: roundUsd(totalActualUsd - input.estimate.estimatedAttemptCostUsd),
@@ -1185,6 +1214,50 @@ function getLastVerifierScore(loop) {
     }
     return 0;
 }
+function truncateVerificationDetail(text, maxLength) {
+    return text.length <= maxLength ? text : `${text.slice(0, maxLength - 1)}…`;
+}
+function normalizeVerificationOutcome(result) {
+    const warnings = [...(result.verification.warnings ?? [])];
+    const contradiction = detectVerificationContradiction(result);
+    if (contradiction && !warnings.includes(contradiction)) {
+        warnings.push(contradiction);
+    }
+    return {
+        passed: result.verification.passed,
+        summary: result.verification.summary,
+        ...(result.verification.steps?.length ? { steps: result.verification.steps } : {}),
+        ...(warnings.length ? { warnings } : {})
+    };
+}
+function detectVerificationContradiction(result) {
+    if (!result.verification.passed) {
+        return undefined;
+    }
+    const sources = [result.summary, result.failure?.message]
+        .filter((value) => typeof value === "string" && value.trim().length > 0);
+    const contradictionPatterns = [
+        /createprocessasuserw failed:\s*\d+/iu,
+        /\bverifier not run\b/iu,
+        /\bfailed before verifier\b/iu,
+        /\bnever launched\b/iu,
+        /\bfailed to launch\b/iu,
+        /\bcould not launch\b/iu
+    ];
+    for (const source of sources) {
+        const match = contradictionPatterns.find((pattern) => pattern.test(source));
+        if (!match) {
+            continue;
+        }
+        const excerpt = truncateVerificationDetail(source.trim().replace(/\s+/gu, " "), 220);
+        return `Adapter output reported a tool-launch problem before MartinLoop ran its own verifier: ${excerpt}`;
+    }
+    return undefined;
+}
+function resolveActiveRunsRoot(store) {
+    const configuredRunsRoot = store?.runsRoot?.trim();
+    return configuredRunsRoot && configuredRunsRoot.length > 0 ? configuredRunsRoot : resolveRunsRoot();
+}
 function toPatchDecisionArtifact(decision) {
     return {
         decision: decision.decision,

package/dist/vendor/core/persistence/index.d.ts

@@ -1,5 +1,7 @@
 export { makeLedgerEvent } from "./ledger.js";
 export type { LedgerEvent, LedgerEventDraft, LedgerEventKind } from "./ledger.js";
+export { resolveReceiptIntegrityPath, verifyReceiptIntegrityFromFiles, writeReceiptIntegrityMaterial } from "./integrity.js";
+export type { ReceiptIntegrityChainEntry, StoredReceiptIntegrityMaterial } from "./integrity.js";
 export { artifactDir, createFileRunStore, resolveRunsRoot, runDir } from "./store.js";
 export type { AttemptArtifacts, RunContract, RunStore } from "./store.js";
 export { readAllLoopRecords, readLatestLoopRecord, readLatestLoopRecordFromFile, readLoopRecordsFromFile } from "./runs-reader.js";

package/dist/vendor/core/persistence/index.js

@@ -1,4 +1,5 @@
 export { makeLedgerEvent } from "./ledger.js";
+export { resolveReceiptIntegrityPath, verifyReceiptIntegrityFromFiles, writeReceiptIntegrityMaterial } from "./integrity.js";
 export { artifactDir, createFileRunStore, resolveRunsRoot, runDir } from "./store.js";
 export { readAllLoopRecords, readLatestLoopRecord, readLatestLoopRecordFromFile, readLoopRecordsFromFile } from "./runs-reader.js";
 export { compileAndPersistContext } from "./compiler.js";

package/dist/vendor/core/persistence/integrity.d.ts

@@ -0,0 +1,38 @@
+import type { LoopRecord, ReceiptIntegritySummary, ReceiptScope } from "../../contracts/index.js";
+export interface ReceiptIntegrityChainEntry {
+    index: number;
+    eventId?: string;
+    type?: string;
+    kind?: string;
+    timestamp?: string;
+    prevHash: string;
+    entryHash: string;
+}
+export interface StoredReceiptIntegrityMaterial {
+    schemaVersion: "martin.receipt-integrity.v1";
+    runId: string;
+    keyId: string;
+    signedAt: string;
+    scope?: ReceiptScope;
+    loopRecordSha256: string;
+    ledgerSha256: string;
+    ledgerHeadHash: string;
+    entryCount: number;
+    chain: ReceiptIntegrityChainEntry[];
+    signatureHmacSha256: string;
+}
+export declare function writeReceiptIntegrityMaterial(input: {
+    runId: string;
+    runsRoot: string;
+    loopRecord: LoopRecord;
+    ledgerEntries: unknown[];
+    scope?: ReceiptScope;
+    signedAt?: string;
+}): Promise<StoredReceiptIntegrityMaterial>;
+export declare function verifyReceiptIntegrityFromFiles(input: {
+    runId: string;
+    runsRoot: string;
+    loopRecordPath: string;
+    ledgerPath: string;
+}): Promise<ReceiptIntegritySummary>;
+export declare function resolveReceiptIntegrityPath(runsRoot: string, runId: string): string;

package/dist/vendor/core/persistence/integrity.js

@@ -0,0 +1,239 @@
+import { createHash, createHmac, randomBytes } from "node:crypto";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+const RECEIPT_INTEGRITY_SCHEMA_VERSION = "martin.receipt-integrity.v1";
+const RECEIPT_INTEGRITY_KEY_DIR_MODE = 0o700;
+const RECEIPT_INTEGRITY_KEY_FILE_MODE = 0o600;
+export async function writeReceiptIntegrityMaterial(input) {
+    const signedAt = input.signedAt ?? new Date().toISOString();
+    const [key, keyId] = await ensureReceiptIntegrityKey(input.runsRoot, input.runId);
+    const chain = buildReceiptIntegrityChain(input.ledgerEntries);
+    const loopRecordRaw = serializeStoredJson(input.loopRecord);
+    const ledgerRaw = serializeStoredJsonl(input.ledgerEntries);
+    const materialBase = {
+        schemaVersion: RECEIPT_INTEGRITY_SCHEMA_VERSION,
+        runId: input.runId,
+        keyId,
+        signedAt,
+        ...(input.scope ? { scope: input.scope } : {}),
+        loopRecordSha256: sha256(loopRecordRaw),
+        ledgerSha256: sha256(ledgerRaw),
+        ledgerHeadHash: chain.at(-1)?.entryHash ?? "root",
+        entryCount: chain.length,
+        chain
+    };
+    const material = {
+        ...materialBase,
+        signatureHmacSha256: createReceiptIntegritySignature(key, materialBase)
+    };
+    await mkdir(join(input.runsRoot, input.runId), { recursive: true });
+    await writeFile(resolveReceiptIntegrityPath(input.runsRoot, input.runId), serializeStoredJson(material), "utf8");
+    return material;
+}
+export async function verifyReceiptIntegrityFromFiles(input) {
+    const integrityPath = resolveReceiptIntegrityPath(input.runsRoot, input.runId);
+    const [rawMaterial, rawLoopRecord, rawLedger, key] = await Promise.all([
+        readFile(integrityPath, "utf8").catch(() => null),
+        readFile(input.loopRecordPath, "utf8").catch(() => null),
+        readFile(input.ledgerPath, "utf8").catch(() => null),
+        readReceiptIntegrityKey(input.runsRoot, input.runId).catch(() => null)
+    ]);
+    if (!rawMaterial || !rawLoopRecord || rawLedger === null || !key) {
+        return {
+            state: "unsigned",
+            reason: "Receipt integrity material is missing for this run.",
+            warnings: ["Receipts are local-only and unsigned; trust claims are unavailable."]
+        };
+    }
+    let material;
+    try {
+        material = JSON.parse(rawMaterial);
+    }
+    catch {
+        return {
+            state: "tamper_detected",
+            reason: "Receipt integrity metadata is unreadable."
+        };
+    }
+    const actualLoopRecordSha256 = sha256(rawLoopRecord);
+    if (actualLoopRecordSha256 !== material.loopRecordSha256) {
+        return {
+            state: "tamper_detected",
+            keyId: material.keyId,
+            signedAt: material.signedAt,
+            loopRecordSha256: material.loopRecordSha256,
+            ledgerSha256: material.ledgerSha256,
+            ledgerHeadHash: material.ledgerHeadHash,
+            entryCount: material.entryCount,
+            reason: "loop_record_hash_mismatch"
+        };
+    }
+    const actualLedgerSha256 = sha256(rawLedger);
+    if (actualLedgerSha256 !== material.ledgerSha256) {
+        return {
+            state: "tamper_detected",
+            keyId: material.keyId,
+            signedAt: material.signedAt,
+            loopRecordSha256: material.loopRecordSha256,
+            ledgerSha256: material.ledgerSha256,
+            ledgerHeadHash: material.ledgerHeadHash,
+            entryCount: material.entryCount,
+            reason: "ledger_hash_mismatch"
+        };
+    }
+    let parsedLedgerEntries;
+    try {
+        parsedLedgerEntries = rawLedger
+            .split(/\r?\n/u)
+            .map((line) => line.trim())
+            .filter(Boolean)
+            .map((line) => JSON.parse(line));
+    }
+    catch {
+        return {
+            state: "tamper_detected",
+            keyId: material.keyId,
+            signedAt: material.signedAt,
+            loopRecordSha256: material.loopRecordSha256,
+            ledgerSha256: material.ledgerSha256,
+            ledgerHeadHash: material.ledgerHeadHash,
+            entryCount: material.entryCount,
+            reason: "ledger_entry_parse_error"
+        };
+    }
+    const actualChain = buildReceiptIntegrityChain(parsedLedgerEntries);
+    if (actualChain.length !== material.chain.length) {
+        return {
+            state: "tamper_detected",
+            keyId: material.keyId,
+            signedAt: material.signedAt,
+            loopRecordSha256: material.loopRecordSha256,
+            ledgerSha256: material.ledgerSha256,
+            ledgerHeadHash: material.ledgerHeadHash,
+            entryCount: material.entryCount,
+            reason: "ledger_entry_count_mismatch"
+        };
+    }
+    for (let index = 0; index < actualChain.length; index += 1) {
+        const expected = material.chain[index];
+        const actual = actualChain[index];
+        if (!expected ||
+            !actual ||
+            expected.entryHash !== actual.entryHash ||
+            expected.prevHash !== actual.prevHash) {
+            return {
+                state: "tamper_detected",
+                keyId: material.keyId,
+                signedAt: material.signedAt,
+                loopRecordSha256: material.loopRecordSha256,
+                ledgerSha256: material.ledgerSha256,
+                ledgerHeadHash: material.ledgerHeadHash,
+                entryCount: material.entryCount,
+                reason: `ledger_chain_mismatch:${index}`
+            };
+        }
+    }
+    const signatureBase = {
+        schemaVersion: material.schemaVersion,
+        runId: material.runId,
+        keyId: material.keyId,
+        signedAt: material.signedAt,
+        ...(material.scope ? { scope: material.scope } : {}),
+        loopRecordSha256: material.loopRecordSha256,
+        ledgerSha256: material.ledgerSha256,
+        ledgerHeadHash: material.ledgerHeadHash,
+        entryCount: material.entryCount,
+        chain: material.chain
+    };
+    const expectedSignature = createReceiptIntegritySignature(key, signatureBase);
+    if (expectedSignature !== material.signatureHmacSha256) {
+        return {
+            state: "tamper_detected",
+            keyId: material.keyId,
+            signedAt: material.signedAt,
+            loopRecordSha256: material.loopRecordSha256,
+            ledgerSha256: material.ledgerSha256,
+            ledgerHeadHash: material.ledgerHeadHash,
+            entryCount: material.entryCount,
+            reason: "signature_mismatch"
+        };
+    }
+    return {
+        state: "verified",
+        keyId: material.keyId,
+        signedAt: material.signedAt,
+        loopRecordSha256: material.loopRecordSha256,
+        ledgerSha256: material.ledgerSha256,
+        ledgerHeadHash: material.ledgerHeadHash,
+        entryCount: material.entryCount
+    };
+}
+export function resolveReceiptIntegrityPath(runsRoot, runId) {
+    return join(runsRoot, runId, "receipt-integrity.json");
+}
+function buildReceiptIntegrityChain(entries) {
+    let previousHash = "root";
+    return entries.map((entry, index) => {
+        const normalizedEntry = JSON.stringify(entry);
+        const entryHash = sha256(`${previousHash}\n${normalizedEntry}`);
+        const candidate = entry;
+        const chainEntry = {
+            index,
+            prevHash: previousHash,
+            entryHash
+        };
+        if (typeof candidate.eventId === "string") {
+            chainEntry.eventId = candidate.eventId;
+        }
+        if (typeof candidate.type === "string") {
+            chainEntry.type = candidate.type;
+        }
+        if (typeof candidate.kind === "string") {
+            chainEntry.kind = candidate.kind;
+        }
+        if (typeof candidate.timestamp === "string") {
+            chainEntry.timestamp = candidate.timestamp;
+        }
+        previousHash = entryHash;
+        return chainEntry;
+    });
+}
+function createReceiptIntegritySignature(key, material) {
+    return createHmac("sha256", key).update(JSON.stringify(material)).digest("hex");
+}
+async function ensureReceiptIntegrityKey(runsRoot, runId) {
+    const keyPath = resolveReceiptIntegrityKeyPath(runsRoot, runId);
+    const existing = await readFile(keyPath, "utf8").catch(() => null);
+    if (existing) {
+        const trimmed = existing.trim();
+        return [trimmed, sha256(trimmed).slice(0, 16)];
+    }
+    const generated = randomBytes(32).toString("hex");
+    await mkdir(dirname(keyPath), { recursive: true, mode: RECEIPT_INTEGRITY_KEY_DIR_MODE });
+    await writeFile(keyPath, `${generated}\n`, {
+        encoding: "utf8",
+        mode: RECEIPT_INTEGRITY_KEY_FILE_MODE
+    });
+    return [generated, sha256(generated).slice(0, 16)];
+}
+async function readReceiptIntegrityKey(runsRoot, runId) {
+    const raw = await readFile(resolveReceiptIntegrityKeyPath(runsRoot, runId), "utf8");
+    return raw.trim();
+}
+function resolveReceiptIntegrityKeyPath(runsRoot, runId) {
+    const rootHash = sha256(runsRoot).slice(0, 16);
+    return join(homedir(), ".martin", "receipt-integrity", rootHash, `${runId}.key`);
+}
+function serializeStoredJson(value) {
+    return `${JSON.stringify(value, null, 2)}\n`;
+}
+function serializeStoredJsonl(entries) {
+    if (entries.length === 0) {
+        return "";
+    }
+    return `${entries.map((entry) => JSON.stringify(entry)).join("\n")}\n`;
+}
+function sha256(value) {
+    return createHash("sha256").update(value).digest("hex");
+}

package/dist/vendor/core/persistence/store.d.ts

@@ -12,6 +12,8 @@ export interface RunContract {
 export interface AttemptArtifacts {
     /** Compiled PromptPacket written as compiled-context.json */
     compiledContext: unknown;
+    /** Structured verification evidence captured from the authoritative MartinLoop verifier (optional) */
+    verification?: unknown;
     /** Unified diff string from the patch (optional) */
     diff?: string;
     /** Raw verifier command output (optional) */
@@ -35,6 +37,11 @@ export interface AttemptArtifacts {
  * is durably written before the run proceeds to the next step.
  */
 export interface RunStore {
+    /**
+     * Optional runs root hint for filesystem-backed stores.
+     * Orchestration should prefer this over recomputing the default home store.
+     */
+    runsRoot?: string;
     /**
      * Write contract.json for a new run. Called once at run start.
      * The contract is immutable after this point.

package/dist/vendor/core/persistence/store.js

@@ -1,7 +1,8 @@
 /// <reference types="node" />
-import { appendFile, mkdir, writeFile } from "node:fs/promises";
+import { appendFile, mkdir, readFile, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
 import { join } from "node:path";
+import { writeReceiptIntegrityMaterial } from "./integrity.js";
 // ─── FileRunStore implementation ─────────────────────────────────────────────
 export function resolveRunsRoot(env = process.env) {
     return env["MARTIN_RUNS_DIR"]?.trim() ??
@@ -31,6 +32,7 @@ export function artifactDir(runsRoot, runId, attemptIndex) {
 export function createFileRunStore(options = {}) {
     const runsRoot = options.runsRoot ?? resolveRunsRoot();
     return {
+        runsRoot,
         async initRun(contract) {
             const dir = runDir(runsRoot, contract.runId);
             await mkdir(dir, { recursive: true });
@@ -50,6 +52,9 @@ export function createFileRunStore(options = {}) {
             const dir = artifactDir(runsRoot, runId, attemptIndex);
             await mkdir(dir, { recursive: true });
             await writeJsonFile(join(dir, "compiled-context.json"), artifacts.compiledContext);
+            if (artifacts.verification !== undefined) {
+                await writeJsonFile(join(dir, "verification.json"), artifacts.verification);
+            }
             if (artifacts.diff !== undefined) {
                 await writeFile(join(dir, "diff.patch"), artifacts.diff, "utf8");
             }
@@ -79,6 +84,25 @@ export function createFileRunStore(options = {}) {
             const dir = runDir(runsRoot, runId);
             await mkdir(dir, { recursive: true });
             await writeJsonFile(join(dir, "loop-record.json"), loop);
+            const ledgerRaw = await readFile(join(dir, "ledger.jsonl"), "utf8").catch(() => "");
+            const ledgerEntries = ledgerRaw
+                .split(/\r?\n/u)
+                .map((line) => line.trim())
+                .filter(Boolean)
+                .map((line) => JSON.parse(line));
+            await writeReceiptIntegrityMaterial({
+                runId,
+                runsRoot,
+                loopRecord: loop,
+                ledgerEntries,
+                scope: loop.receiptScope ??
+                    {
+                        ...(loop.task.repoRoot ? { repoRoot: loop.task.repoRoot } : {}),
+                        ...(loop.task.repoRoot ? { workingDirectory: loop.task.repoRoot } : {}),
+                        runsRoot
+                    },
+                signedAt: loop.updatedAt
+            });
         }
     };
 }

package/dist/vendor/core/policy.d.ts

@@ -38,6 +38,15 @@ export interface MartinAdapterResultLike {
     verification: {
         passed: boolean;
         summary: string;
+        steps?: Array<{
+            command: string;
+            launched: boolean;
+            exitCode?: number;
+            timedOut: boolean;
+            fastFail?: boolean;
+            detail?: string;
+        }>;
+        warnings?: string[];
     };
     failure?: {
         message: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@martinloop/mcp",
-  "version": "0.2.7",
+  "version": "0.3.0",
   "mcpName": "io.github.Keesan12/martin-loop",
   "private": false,
   "type": "module",

package/server.json

@@ -7,12 +7,12 @@
     "url": "https://github.com/Keesan12/martin-loop",
     "source": "github"
   },
-  "version": "0.2.7",
+  "version": "0.3.0",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "@martinloop/mcp",
-      "version": "0.2.7",
+      "version": "0.3.0",
       "transport": {
         "type": "stdio"
       }