@martinloop/mcp 0.2.7 → 0.3.1

package/dist/tools/get-run.d.ts

@@ -1,4 +1,5 @@
 import { buildArtifactSummary, buildBudgetSnapshot, buildCostSnapshot, buildLoopPreview, buildVerificationSummary } from "./tool-support.js";
+import type { ReceiptIntegritySummary, ReceiptScope } from "../vendor/contracts/index.js";
 export interface MartinGetRunInput {
     file?: string;
     loopId?: string;
@@ -12,6 +13,8 @@ export interface MartinGetRunOutput {
     budget: ReturnType<typeof buildBudgetSnapshot>;
     cost: ReturnType<typeof buildCostSnapshot>;
     verification: ReturnType<typeof buildVerificationSummary>;
+    receiptIntegrity: ReceiptIntegritySummary;
+    receiptScope?: ReceiptScope;
     artifacts: ReturnType<typeof buildArtifactSummary>;
     inspection: {
         runsRoot: string;

package/dist/tools/get-run.js

@@ -1,4 +1,4 @@
-import { buildArtifactSummary, buildBudgetSnapshot, buildCostSnapshot, buildLoopPreview, buildVerificationSummary } from "./tool-support.js";
+import { buildArtifactSummary, buildBudgetSnapshot, buildCostSnapshot, buildLoopPreview, resolveReceiptIntegrity, buildVerificationSummary } from "./tool-support.js";
 import { loadDetailedLoopRecord, readLedgerEvents } from "./run-store.js";
 export async function martinGetRunTool(input) {
     const detail = await loadDetailedLoopRecord(input);
@@ -11,6 +11,8 @@ export async function martinGetRunTool(input) {
         budget: buildBudgetSnapshot(detail.loop.budget),
         cost: buildCostSnapshot(detail.loop.cost),
         verification,
+        receiptIntegrity: resolveReceiptIntegrity(detail.loop),
+        ...(detail.loop.receiptScope ? { receiptScope: detail.loop.receiptScope } : {}),
         artifacts: buildArtifactSummary(detail.loop),
         inspection: {
             runsRoot: detail.runsRoot,

package/dist/tools/get-verification-results.d.ts

@@ -1,4 +1,5 @@
 import { buildLoopPreview, buildVerificationSummary } from "./tool-support.js";
+import type { ReceiptIntegritySummary, ReceiptScope } from "../vendor/contracts/index.js";
 export interface MartinGetVerificationResultsInput {
     file?: string;
     loopId?: string;
@@ -9,6 +10,8 @@ export interface MartinGetVerificationResultsOutput {
     sourceKind: "file" | "loop_id" | "latest" | "runs_root";
     loop: ReturnType<typeof buildLoopPreview>;
     verification: ReturnType<typeof buildVerificationSummary>;
+    receiptIntegrity: ReceiptIntegritySummary;
+    receiptScope?: ReceiptScope;
     warnings: string[];
 }
 export declare function martinGetVerificationResultsTool(input: MartinGetVerificationResultsInput): Promise<MartinGetVerificationResultsOutput>;

package/dist/tools/get-verification-results.js

@@ -1,4 +1,4 @@
-import { buildLoopPreview, buildVerificationSummary } from "./tool-support.js";
+import { buildLoopPreview, buildVerificationSummary, resolveReceiptIntegrity } from "./tool-support.js";
 import { loadDetailedLoopRecord, readLedgerEvents } from "./run-store.js";
 export async function martinGetVerificationResultsTool(input) {
     const detail = await loadDetailedLoopRecord(input);
@@ -9,6 +9,8 @@ export async function martinGetVerificationResultsTool(input) {
         sourceKind: detail.sourceKind,
         loop: buildLoopPreview(detail.loop),
         verification,
+        receiptIntegrity: resolveReceiptIntegrity(detail.loop),
+        ...(detail.loop.receiptScope ? { receiptScope: detail.loop.receiptScope } : {}),
         warnings: [...detail.warnings, ...verification.warnings]
     };
 }

package/dist/tools/plan.js

@@ -1,8 +1,10 @@
 import { resolveSafeRepoRoot } from "../server-validation.js";
-import { buildPlanProposal } from "./workflow-governance.js";
+import { buildPlanProposal, inspectRepoSignals } from "./workflow-governance.js";
 export async function martinPlanTool(input) {
     const workingDirectory = resolveSafeRepoRoot(input.workingDirectory);
-    const proposal = buildPlanProposal(workingDirectory, input);
+    const proposal = buildPlanProposal(workingDirectory, input, {
+        signals: inspectRepoSignals(workingDirectory, { includeHostAvailability: false })
+    });
     return {
         workingDirectory,
         ...proposal

package/dist/tools/pr-tools.js

@@ -2,6 +2,7 @@ import { spawnSync } from "node:child_process";
 import { loadDetailedLoopRecord } from "./run-store.js";
 import { martinRunDossierTool } from "./run-dossier.js";
 import { martinEvalTool } from "./eval.js";
+import { resolveTrustedLoopRepoRoot } from "../server-validation.js";
 import { detectCliAvailability } from "./tool-support.js";
 import { MartinToolError } from "./tool-errors.js";
 export async function martinPrSummaryTool(input) {
@@ -20,7 +21,7 @@ export async function martinPrSummaryTool(input) {
 export async function martinCreatePrTool(input) {
     const summary = await martinPrSummaryTool(input);
     const detail = await loadDetailedLoopRecord(input);
-    const repoRoot = detail.loop.task?.repoRoot ?? process.cwd();
+    const repoRoot = resolveTrustedLoopRepoRoot(detail.loop.task?.repoRoot);
     const branch = readGitValue(repoRoot, ["branch", "--show-current"]);
     const title = input.title?.trim() || summary.title;
     if (!input.execute) {

package/dist/tools/preflight.d.ts

@@ -1,3 +1,4 @@
+import { type CodexHostPlatform } from "../vendor/adapters/index.js";
 import { type MartinEngine } from "./tool-support.js";
 import { buildPolicyPackDefinition, type MartinPlanProposal, type MartinPolicyPack, type MartinRiskAssessment, type MartinRunContract } from "./workflow-governance.js";
 export interface MartinPreflightInput {
@@ -23,8 +24,20 @@ export interface MartinPreflightOutput {
     ok: boolean;
     summary: string;
     warnings: string[];
+    receiptScope: {
+        invocationRoot: string;
+        workingDirectory: string;
+        repoRoot: string;
+        runsRoot: string;
+    };
+    scope: {
+        invocationRoot: string;
+        workingDirectory: string;
+        repoRoot: string;
+        runsRoot: string;
+    };
     readiness: {
-        mode: "live" | "stub";
+        mode: "live" | "proof";
         liveMode: boolean;
         engineReady: boolean;
     };
@@ -51,6 +64,33 @@ export interface MartinPreflightOutput {
             available: boolean;
             detail: string;
             resolvedPath?: string;
+            candidatePaths?: string[];
+        };
+        codexDiagnostics?: {
+            selectedPath?: string;
+            hostPlatform: CodexHostPlatform;
+            installKind: string;
+            nativeInstallValid: boolean;
+            invocationMode: string;
+            sandboxMode: string;
+            sandboxCompatible: boolean;
+            nativeDependencyStatus?: string;
+            nativeDependencyPackage?: string;
+            launchReady: boolean;
+            summary: string;
+            remediation?: string;
+            candidateProbeResults?: Array<{
+                path: string;
+                installKind: string;
+                invocationMode: string;
+                nativeInstallValid: boolean;
+                sandboxCompatible: boolean;
+                launchReady: boolean;
+                summary: string;
+                remediation?: string;
+                nativeDependencyStatus?: string;
+                nativeDependencyPackage?: string;
+            }>;
         };
         runsRoot: string;
         pathScope: {

package/dist/tools/preflight.js

@@ -1,30 +1,45 @@
-import { DEFAULT_BUDGET } from "../vendor/contracts/index.js";
+import { probeCodexLaunch, resolveCliCommandAvailability } from "../vendor/adapters/index.js";
 import { resolveRunsRoot } from "../vendor/core/index.js";
 import { resolveSafeRepoRoot } from "../server-validation.js";
-import { formatUsd, getEngineAvailability, resolveExecutionMode } from "./tool-support.js";
-import { buildPlanProposal, buildRunContract, buildPolicyPackDefinition, inspectRepoSignals } from "./workflow-governance.js";
+import { createSkippedCliAvailability, formatUsd, getEngineAvailability, resolveExecutionMode } from "./tool-support.js";
+import { buildPlanProposal, normalizeLoopBudget, buildRunContract, buildPolicyPackDefinition, inspectRepoSignals } from "./workflow-governance.js";
 export async function martinPreflightTool(input) {
     const executionMode = resolveExecutionMode();
+    const workspaceRoot = resolveSafeRepoRoot();
     const workingDirectory = resolveSafeRepoRoot(input.workingDirectory);
-    const signals = inspectRepoSignals(workingDirectory);
+    const signals = inspectRepoSignals(workingDirectory, {
+        includeHostAvailability: executionMode.liveMode
+    });
     const engine = input.engine ?? "claude";
-    const engineAvailability = getEngineAvailability(engine);
+    const engineAvailability = executionMode.liveMode
+        ? engine === "codex"
+            ? resolveCliCommandAvailability("codex")
+            : getEngineAvailability(engine)
+        : createSkippedCliAvailability(engine);
+    const codexProbe = executionMode.liveMode && engine === "codex" && engineAvailability.available
+        ? probeCodexLaunch({
+            workingDirectory,
+            availability: engineAvailability
+        })
+        : undefined;
     const warnings = [];
     const allowedPaths = input.allowedPaths ?? [];
     const deniedPaths = input.deniedPaths ?? [];
     const overlappingScopes = allowedPaths.filter((candidate) => deniedPaths.includes(candidate));
-    const budget = {
-        ...DEFAULT_BUDGET,
-        ...(input.maxUsd !== undefined ? { maxUsd: input.maxUsd } : {}),
-        ...(input.maxIterations !== undefined ? { maxIterations: input.maxIterations } : {}),
-        ...(input.maxTokens !== undefined ? { maxTokens: input.maxTokens } : {})
-    };
+    const budget = normalizeLoopBudget({
+        maxUsd: input.maxUsd,
+        maxIterations: input.maxIterations,
+        maxTokens: input.maxTokens
+    });
     if (!executionMode.liveMode) {
-        warnings.push("Stub mode is active; preflight only proves configuration shape, not live CLI readiness.");
+        warnings.push("Proof mode is active; preflight only proves configuration shape, not live CLI readiness.");
     }
     else if (!engineAvailability.available) {
         warnings.push(`Requested engine '${engine}' is not available on PATH.`);
     }
+    else if (engine === "codex" && codexProbe && !codexProbe.ok) {
+        warnings.push(codexProbe.summary);
+    }
     if ((input.verificationPlan?.length ?? 0) === 0) {
         warnings.push("No verificationPlan was provided; Martin can run, but completion confidence will be lower.");
     }
@@ -34,20 +49,34 @@ export async function martinPreflightTool(input) {
     if (overlappingScopes.length > 0) {
         warnings.push(`Some path patterns appear in both allowedPaths and deniedPaths: ${overlappingScopes.join(", ")}.`);
     }
-    const plan = buildPlanProposal(workingDirectory, input);
-    const runContract = buildRunContract(workingDirectory, input);
+    const plan = buildPlanProposal(workingDirectory, input, { signals });
+    const runContract = buildRunContract(workingDirectory, input, { signals, plan });
     const policy = buildPolicyPackDefinition(input.policyPack, signals);
-    const ok = !executionMode.liveMode || engineAvailability.available;
+    const engineReady = !executionMode.liveMode ||
+        (engineAvailability.available && (engine !== "codex" || codexProbe?.ok !== false));
+    const ok = engineReady;
+    const receiptScope = {
+        invocationRoot: workspaceRoot,
+        workingDirectory,
+        repoRoot: workingDirectory,
+        runsRoot: resolveRunsRoot(process.env)
+    };
     return {
         ok,
         summary: ok
             ? `Preflight ready for ${engine} in ${workingDirectory} with a ${formatUsd(budget.maxUsd)} budget cap and ${runContract.risk.level} risk.`
-            : `Preflight blocked: ${engine} is not available for live execution.`,
+            : `Preflight blocked: ${engine === "codex" && codexProbe && !codexProbe.ok
+                ? codexProbe.summary
+                : `${engine} is not available for live execution.`}`,
         warnings,
+        receiptScope,
+        scope: {
+            ...receiptScope
+        },
         readiness: {
             mode: executionMode.mode,
             liveMode: executionMode.liveMode,
-            engineReady: !executionMode.liveMode || engineAvailability.available
+            engineReady
         },
         normalized: {
             objective: input.objective,
@@ -66,10 +95,36 @@ export async function martinPreflightTool(input) {
             engineAvailability: {
                 available: engineAvailability.available,
                 detail: engineAvailability.detail,
-                ...(engineAvailability.resolvedPath
-                    ? { resolvedPath: engineAvailability.resolvedPath }
+                ...(engineAvailability.resolvedPath ? { resolvedPath: engineAvailability.resolvedPath } : {}),
+                ...(engineAvailability.candidatePaths?.length
+                    ? { candidatePaths: engineAvailability.candidatePaths }
                     : {})
             },
+            ...(codexProbe
+                ? {
+                    codexDiagnostics: {
+                        selectedPath: codexProbe.command,
+                        hostPlatform: codexProbe.diagnosis.hostPlatform,
+                        installKind: codexProbe.diagnosis.installKind,
+                        nativeInstallValid: codexProbe.diagnosis.nativeInstallValid,
+                        invocationMode: codexProbe.diagnosis.invocationMode,
+                        sandboxMode: codexProbe.diagnosis.sandboxMode,
+                        sandboxCompatible: codexProbe.diagnosis.sandboxCompatible,
+                        ...(codexProbe.diagnosis.nativeDependencyStatus
+                            ? { nativeDependencyStatus: codexProbe.diagnosis.nativeDependencyStatus }
+                            : {}),
+                        ...(codexProbe.diagnosis.nativeDependencyPackage
+                            ? { nativeDependencyPackage: codexProbe.diagnosis.nativeDependencyPackage }
+                            : {}),
+                        launchReady: codexProbe.ok,
+                        summary: codexProbe.summary,
+                        ...(codexProbe.diagnosis.remediation ? { remediation: codexProbe.diagnosis.remediation } : {}),
+                        ...(codexProbe.candidateProbeResults?.length
+                            ? { candidateProbeResults: codexProbe.candidateProbeResults }
+                            : {})
+                    }
+                }
+                : {}),
             runsRoot: resolveRunsRoot(process.env),
             pathScope: {
                 repoRoot: workingDirectory,

package/dist/tools/run-dossier.d.ts

@@ -2,6 +2,7 @@ import { buildArtifactSummary, buildBudgetSnapshot, buildCostSnapshot, buildEven
 import { readRunControlState } from "./run-controls.js";
 import { martinEvalTool } from "./eval.js";
 import { assessRunRisk } from "./workflow-governance.js";
+import type { ReceiptIntegritySummary, ReceiptScope } from "../vendor/contracts/index.js";
 export interface MartinRunDossierInput {
     file?: string;
     loopId?: string;
@@ -15,6 +16,8 @@ export interface MartinRunDossierOutput {
     loop: ReturnType<typeof buildLoopPreview>;
     budget: ReturnType<typeof buildBudgetSnapshot>;
     cost: ReturnType<typeof buildCostSnapshot>;
+    receiptIntegrity: ReceiptIntegritySummary;
+    receiptScope?: ReceiptScope;
     attempts: Array<{
         index: number;
         attemptId?: string;

package/dist/tools/run-dossier.js

@@ -1,4 +1,5 @@
-import { buildArtifactSummary, buildBudgetSnapshot, buildCostSnapshot, buildEventSummaries, buildLoopPreview, buildSuggestedPromptNames, buildSuggestedResourceUris, buildVerificationSummary } from "./tool-support.js";
+import { buildArtifactSummary, buildBudgetSnapshot, buildCostSnapshot, buildEventSummaries, buildLoopPreview, resolveReceiptIntegrity, buildSuggestedPromptNames, buildSuggestedResourceUris, buildVerificationSummary } from "./tool-support.js";
+import { resolveTrustedLoopRepoRoot } from "../server-validation.js";
 import { loadDetailedLoopRecord, readAttemptArtifactFiles, readLedgerEvents } from "./run-store.js";
 import { readRunControlState } from "./run-controls.js";
 import { martinEvalTool } from "./eval.js";
@@ -9,7 +10,7 @@ export async function martinRunDossierTool(input) {
     const verification = buildVerificationSummary(detail.loop, ledgerEvents);
     const control = await readRunControlState(detail);
     const evaluation = await martinEvalTool(input);
-    const repoRoot = detail.loop.task?.repoRoot ?? process.cwd();
+    const repoRoot = resolveTrustedLoopRepoRoot(detail.loop.task?.repoRoot);
     const risk = assessRunRisk({
         objective: detail.loop.task?.objective ?? detail.loop.loopId,
         allowedPaths: detail.loop.task?.allowedPaths ?? [],
@@ -51,6 +52,8 @@ export async function martinRunDossierTool(input) {
         loop: buildLoopPreview(detail.loop),
         budget: buildBudgetSnapshot(detail.loop.budget),
         cost: buildCostSnapshot(detail.loop.cost),
+        receiptIntegrity: resolveReceiptIntegrity(detail.loop),
+        ...(detail.loop.receiptScope ? { receiptScope: detail.loop.receiptScope } : {}),
         attempts,
         verification,
         artifacts: buildArtifactSummary(detail.loop),

package/dist/tools/run-loop.d.ts

@@ -1,9 +1,11 @@
-import { type LoopBudget } from "../vendor/contracts/index.js";
+import { type SpawnLike } from "../vendor/adapters/index.js";
+import { type RunStore } from "../vendor/core/index.js";
+import type { LoopBudget, ReceiptScope } from "../vendor/contracts/index.js";
 import { buildArtifactSummary, buildVerificationSummary, buildLoopPreview, type MartinEngine } from "./tool-support.js";
 export interface RunLoopInput {
     objective: string;
     workingDirectory?: string;
-    engine?: "claude" | "codex";
+    engine?: "claude" | "codex" | "gemini";
     model?: string;
     maxUsd?: number;
     maxIterations?: number;
@@ -35,9 +37,12 @@ export interface RunLoopOutput {
         runDirectory: string;
         loopRecordPath: string;
         ledgerPath: string;
+        receiptScope: ReceiptScope;
         loop: ReturnType<typeof buildLoopPreview>;
         verification: ReturnType<typeof buildVerificationSummary>;
         artifacts: ReturnType<typeof buildArtifactSummary>;
     };
 }
+export declare function __setProofModeVerifierSpawnImplForTests(spawnImpl?: SpawnLike): void;
+export declare function __setRunStoreOverrideForTests(store?: RunStore): void;
 export declare function runLoopTool(input: RunLoopInput): Promise<RunLoopOutput>;

package/dist/tools/run-loop.js

@@ -1,10 +1,17 @@
-import { createClaudeCliAdapter, createCodexCliAdapter, createStubDirectProviderAdapter } from "../vendor/adapters/index.js";
+import { createClaudeCliAdapter, createCodexCliAdapter, createGeminiCliAdapter, probeCodexLaunch, resolveCliCommandAvailability, createVerifierOnlyAdapter } from "../vendor/adapters/index.js";
 import { createFileRunStore, evaluateCostGovernor, resolveRunsRoot, runMartin } from "../vendor/core/index.js";
-import { DEFAULT_BUDGET } from "../vendor/contracts/index.js";
 import { normalizeSafePathPatterns, resolveSafeRepoRoot } from "../server-validation.js";
-import { evaluateMcpRunGate } from "../workflow-state.js";
 import { MartinToolError } from "./tool-errors.js";
 import { buildArtifactSummary, buildVerificationSummary, buildLoopPreview, buildRunRecordPaths, getEngineAvailability, resolveExecutionMode } from "./tool-support.js";
+import { normalizeLoopBudget } from "./workflow-governance.js";
+let proofModeVerifierSpawnImpl;
+let runStoreOverrideForTests;
+export function __setProofModeVerifierSpawnImplForTests(spawnImpl) {
+    proofModeVerifierSpawnImpl = spawnImpl;
+}
+export function __setRunStoreOverrideForTests(store) {
+    runStoreOverrideForTests = store;
+}
 export async function runLoopTool(input) {
     const workingDirectory = resolveSafeRepoRoot(input.workingDirectory);
     const engine = input.engine ?? "claude";
@@ -12,38 +19,64 @@ export async function runLoopTool(input) {
     const allowedPaths = normalizeSafePathPatterns(input.allowedPaths, "allowedPaths");
     const deniedPaths = normalizeSafePathPatterns(input.deniedPaths, "deniedPaths");
     const executionMode = resolveExecutionMode();
-    const engineAvailability = getEngineAvailability(engine);
+    const workspaceRoot = resolveSafeRepoRoot();
     const runsRoot = resolveRunsRoot(process.env);
-    const gate = await evaluateMcpRunGate({
-        runsRoot,
+    const receiptScope = {
+        invocationRoot: workspaceRoot,
         workingDirectory,
-        objective: input.objective,
-        engine,
-        verificationPlan: input.verificationPlan
-    });
-    if (!gate.allowed) {
-        throw new MartinToolError("policy_blocked", gate.summary, {
-            category: "policy_blocked",
-            suggestion: gate.nextAction,
-            retryable: false,
-            details: {
-                missingSteps: gate.missingSteps,
-                nextAction: gate.nextAction
+        repoRoot: workingDirectory,
+        runsRoot
+    };
+    let codexCommandOverride;
+    if (executionMode.liveMode) {
+        if (engine === "codex") {
+            const engineAvailability = resolveCliCommandAvailability("codex");
+            if (!engineAvailability.available) {
+                throw new MartinToolError("engine_unavailable", `Engine '${engine}' is not available on PATH.`, {
+                    category: "environment",
+                    suggestion: "Install the requested CLI or set MARTIN_LIVE=false for a no-spend proof run.",
+                    retryable: false
+                });
             }
-        });
-    }
-    if (executionMode.liveMode && !engineAvailability.available) {
-        throw new MartinToolError("engine_unavailable", `Engine '${engine}' is not available on PATH.`, {
-            category: "environment",
-            suggestion: "Install the requested CLI or set MARTIN_LIVE=false for stub execution.",
-            retryable: false
-        });
+            const codexProbe = probeCodexLaunch({
+                workingDirectory,
+                availability: engineAvailability
+            });
+            if (!codexProbe.ok) {
+                throw new MartinToolError("engine_unavailable", codexProbe.summary, {
+                    category: "environment",
+                    suggestion: "Run martin_doctor or martin_preflight with engine='codex' before retrying live governed work.",
+                    retryable: false
+                });
+            }
+            codexCommandOverride = codexProbe.command;
+        }
+        else {
+            const engineAvailability = getEngineAvailability(engine);
+            if (!engineAvailability.available) {
+                throw new MartinToolError("engine_unavailable", `Engine '${engine}' is not available on PATH.`, {
+                    category: "environment",
+                    suggestion: "Install the requested CLI or set MARTIN_LIVE=false for a no-spend proof run.",
+                    retryable: false
+                });
+            }
+        }
     }
-    const adapter = process.env.MARTIN_LIVE === "false"
-        ? createStubDirectProviderAdapter({ label: "Stub adapter (MARTIN_LIVE=false)", providerId: "stub", model: "stub" })
+    const adapter = !executionMode.liveMode
+        ? createVerifierOnlyAdapter({
+            workingDirectory,
+            label: "Proof mode adapter (MARTIN_LIVE=false)",
+            ...(proofModeVerifierSpawnImpl ? { spawnImpl: proofModeVerifierSpawnImpl } : {})
+        })
         : engine === "codex"
-            ? createCodexCliAdapter({ workingDirectory, ...(model ? { model } : {}) })
-            : createClaudeCliAdapter({ workingDirectory, ...(model ? { model } : {}) });
+            ? createCodexCliAdapter({
+                workingDirectory,
+                ...(model ? { model } : {}),
+                ...(codexCommandOverride ? { command: codexCommandOverride } : {})
+            })
+            : engine === "gemini"
+                ? createGeminiCliAdapter({ workingDirectory, ...(model ? { model } : {}) })
+                : createClaudeCliAdapter({ workingDirectory, ...(model ? { model } : {}) });
     const partialBudget = {};
     if (input.maxUsd !== undefined) {
         partialBudget.maxUsd = input.maxUsd;
@@ -54,14 +87,12 @@ export async function runLoopTool(input) {
     if (input.maxTokens !== undefined) {
         partialBudget.maxTokens = input.maxTokens;
     }
-    const budget = {
-        ...DEFAULT_BUDGET,
-        ...partialBudget
-    };
+    const budget = normalizeLoopBudget(partialBudget);
     const result = await runMartin({
         workspaceId: input.workspaceId ?? "ws_mcp",
         projectId: input.projectId ?? "proj_mcp",
-        store: createFileRunStore({ runsRoot }),
+        store: runStoreOverrideForTests ?? createFileRunStore({ runsRoot }),
+        receiptScope,
         task: {
             title: input.objective.slice(0, 100),
             objective: input.objective,
@@ -106,6 +137,7 @@ export async function runLoopTool(input) {
         budget,
         inspection: {
             ...recordPaths,
+            receiptScope: result.loop.receiptScope ?? receiptScope,
             loop: buildLoopPreview(result.loop),
             verification,
             artifacts

package/dist/tools/run-store.js

@@ -1,8 +1,60 @@
 import { readFile, readdir, stat } from "node:fs/promises";
 import path from "node:path";
-import { readLatestLoopRecordFromFile, readLoopRecordsFromFile, resolveRunsRoot } from "../vendor/core/index.js";
+import { readLatestLoopRecordFromFile, readLoopRecordsFromFile, resolveRunsRoot, verifyReceiptIntegrityFromFiles } from "../vendor/core/index.js";
 import { resolveSafeLoopRecordPath, resolveSafeRunsJsonPath, resolveSafeRunsPath, resolveSafeRunsRootPath } from "../server-validation.js";
 import { attemptNotFoundError, invalidSelectorError, noLoopRecordsError, storeUnreadableError } from "./tool-errors.js";
+async function attachReceiptIntegrity(detail) {
+    const ledgerPath = detail.canonicalRunDirectory
+        ? await resolveReceiptEvidencePath(detail.canonicalRunDirectory)
+        : detail.ledgerPath;
+    const integrity = detail.canonicalLoopRecordPath && detail.canonicalRunDirectory && ledgerPath
+        ? await verifyReceiptIntegrityFromFiles({
+            runId: detail.loop.loopId,
+            runsRoot: detail.runsRoot,
+            loopRecordPath: detail.canonicalLoopRecordPath,
+            ledgerPath
+        }).catch(() => ({
+            state: "unsigned",
+            reason: "Receipt integrity verification could not be completed."
+        }))
+        : ({
+            state: "unsigned",
+            reason: "Receipt integrity is only available for canonical run directories."
+        });
+    const receiptScope = resolveReceiptScope(detail.loop, detail.runsRoot);
+    return {
+        ...detail,
+        ...(ledgerPath ? { ledgerPath } : {}),
+        loop: {
+            ...detail.loop,
+            receiptIntegrity: integrity,
+            ...(receiptScope ? { receiptScope } : {})
+        }
+    };
+}
+function resolveReceiptScope(loop, runsRoot) {
+    if (loop.receiptScope) {
+        return loop.receiptScope;
+    }
+    if (!loop.task?.repoRoot && !runsRoot) {
+        return undefined;
+    }
+    return {
+        ...(loop.task?.repoRoot ? { repoRoot: loop.task.repoRoot } : {}),
+        ...(loop.task?.repoRoot ? { workingDirectory: loop.task.repoRoot } : {}),
+        ...(runsRoot ? { runsRoot } : {})
+    };
+}
+async function resolveReceiptEvidencePath(runDirectory) {
+    for (const candidate of ["ledger.jsonl", "events.jsonl"]) {
+        const candidatePath = path.join(runDirectory, candidate);
+        const candidateStats = await safeStat(candidatePath);
+        if (candidateStats?.isFile()) {
+            return candidatePath;
+        }
+    }
+    return undefined;
+}
 export async function loadLoopRecordsForInspect(input) {
     const runsRoot = resolveSafeRunsRootPath(input.runsDir, resolveRunsRoot(process.env));
     if (!input.file) {
@@ -118,14 +170,14 @@ export async function loadDetailedLoopRecord(input) {
                 const canonicalStats = await safeStat(canonicalLoopRecordPath);
                 if (canonicalStats?.isFile()) {
                     const loop = await readCanonicalLoopRecord(canonicalLoopRecordPath);
-                    return buildDetailedLoopSource({
+                    return await attachReceiptIntegrity(buildDetailedLoopSource({
                         source: canonicalLoopRecordPath,
                         sourceKind: "file",
                         runsRoot,
                         loop,
                         canonicalLoopRecordPath,
                         canonicalRunDirectory: path.dirname(canonicalLoopRecordPath)
-                    });
+                    }));
                 }
             }
             const inspected = await readAllLoopRecordsSafely(targetPath);
@@ -139,10 +191,10 @@ export async function loadDetailedLoopRecord(input) {
                 runsRoot,
                 loop
             });
-            return {
+            return await attachReceiptIntegrity({
                 ...detail,
                 warnings: [...detail.warnings, ...inspected.warnings]
-            };
+            });
         }
         const latest = await readLatestLoopRecordFromFile(targetPath);
         if (!latest) {
@@ -150,35 +202,35 @@ export async function loadDetailedLoopRecord(input) {
         }
         if (path.basename(targetPath) === "loop-record.json") {
             const loop = await readCanonicalLoopRecord(targetPath);
-            return buildDetailedLoopSource({
+            return await attachReceiptIntegrity(buildDetailedLoopSource({
                 source: targetPath,
                 sourceKind: "file",
                 runsRoot,
                 loop,
                 canonicalLoopRecordPath: targetPath,
                 canonicalRunDirectory: path.dirname(targetPath)
-            });
+            }));
         }
-        return await buildDetailedLoopSourceFromDiscoveredLoop({
+        return await attachReceiptIntegrity(await buildDetailedLoopSourceFromDiscoveredLoop({
             source: targetPath,
             sourceKind: "file",
             runsRoot,
             loop: latest
-        });
+        }));
     }
     if (input.loopId) {
         const canonicalLoopRecordPath = resolvePotentialLoopRecordPath(input.loopId, runsRoot);
         const canonicalStats = await safeStat(canonicalLoopRecordPath);
         if (canonicalStats?.isFile()) {
             const loop = await readCanonicalLoopRecord(canonicalLoopRecordPath);
-            return buildDetailedLoopSource({
+            return await attachReceiptIntegrity(buildDetailedLoopSource({
                 source: canonicalLoopRecordPath,
                 sourceKind: "loop_id",
                 runsRoot,
                 loop,
                 canonicalLoopRecordPath,
                 canonicalRunDirectory: path.dirname(canonicalLoopRecordPath)
-            });
+            }));
         }
         const inspected = await readAllLoopRecordsSafely(runsRoot);
         const loop = inspected.loops.find((candidate) => candidate.loopId === input.loopId);
@@ -191,10 +243,10 @@ export async function loadDetailedLoopRecord(input) {
             runsRoot,
             loop
         });
-        return {
+        return await attachReceiptIntegrity({
             ...detail,
             warnings: [...detail.warnings, ...inspected.warnings]
-        };
+        });
     }
     const inspected = await readAllLoopRecordsSafely(runsRoot);
     const loop = inspected.loops[0];
@@ -207,10 +259,10 @@ export async function loadDetailedLoopRecord(input) {
         runsRoot,
         loop
     });
-    return {
+    return await attachReceiptIntegrity({
         ...detail,
         warnings: [...detail.warnings, ...inspected.warnings]
-    };
+    });
 }
 export async function loadAttemptFromLoop(input) {
     const detail = await loadDetailedLoopRecord(input);