@mhingston5/lasso 0.1.0 → 0.2.0

package/README.md

@@ -4,8 +4,42 @@
   <img src="docs/agent-wrangling.png" width="320" alt="Agent Wrangling" />
 </p>
 
-Lasso is a dynamic harness engine built on `pi-duroxide`. It goes from intent to
-executable workflow — and repairs the harness while it runs.
+## Table of contents
+
+- [What is Lasso?](#what-is-lasso)
+- [Why Lasso exists](#why-lasso-exists)
+- [What Lasso does](#what-lasso-does)
+- [How it works](#how-it-works)
+- [Slash commands](#slash-commands)
+- [Bundled workflows](#bundled-workflows)
+- [Request examples](#request-examples)
+- [Custom workflows](#custom-workflows)
+- [HarnessSpec reference](#harnessspec-reference)
+- [Library API](#library-api)
+  - [Compiler](#compiler)
+  - [Compiler feedback](#compiler-feedback)
+  - [Verification engine](#verification-engine)
+  - [Compiler optimizations](#compiler-optimizations)
+  - [Harness mutations](#harness-mutations)
+  - [Guardrails](#guardrails)
+  - [Failure mode generation](#failure-mode-generation)
+  - [Risk assessment](#risk-assessment)
+  - [Per-node harnesses](#per-node-harnesses)
+  - [Trace-based synthesis](#trace-based-synthesis)
+  - [Adaptive runtime](#adaptive-runtime)
+  - [Lineage persistence](#lineage-persistence)
+  - [Harness memory](#harness-memory)
+  - [Environment model](#environment-model)
+  - [Failure ontology](#failure-ontology)
+  - [Capabilities](#capabilities)
+  - [Meta-harness](#meta-harness)
+  - [Multi-harness composition](#multi-harness-composition)
+- [How Lasso fits with pi-duroxide](#how-lasso-fits-with-pi-duroxide)
+- [Non-goals](#non-goals)
+
+---
+
+Lasso goes from intent to executable workflow — and repairs the harness while it runs.
 
 ```text
 Intent
@@ -13,20 +47,21 @@ Intent
   → Memory query (past patterns, what worked/failed)
   → Graph synthesis (planner + capabilities)
   → Failure prediction (auth, tool, network, resource)
+  → Risk assessment (probability × impact, threshold filtering)
   → Policy synthesis (mutations: add verification, retry, approval)
   → Compilation (validate → lower → optimize → execute)
-  → Runtime adaptation (trace → mutate → continueAsNew)
+  → Per-node harnesses (guardrails, verification hooks)
+  → Runtime adaptation (trace → synthesize → continueAsNew)
 ```
 
-If `pi-duroxide` is the durable runtime engine, **Lasso is the layer that
-generates, optimizes, and repairs the harnesses that run on it**.
-
 ## What is Lasso?
 
-Lasso is a **pi coding agent extension** — a TypeScript package that plugs into
-pi via the `pi` field in `package.json`. When installed, it:
+Lasso is a **runtime harness synthesizer** built on [pi-duroxide](https://github.com/mhingston/pi-duroxide). It
+synthesizes deterministic scaffolding around non-deterministic parts — predicting
+failures, assessing risks, and generating per-node guardrails before execution.
+It's a TypeScript package that plugs into pi via the `pi` field in `package.json`. When installed, it:
 
-1. Boots `pi-duroxide` (the durable workflow runtime)
+1. Boots [pi-duroxide](https://github.com/mhingston/pi-duroxide) (the durable workflow runtime)
 2. Registers 5 slash commands (`/lasso:plan`, `/lasso:run`, etc.)
 3. Exports a library API for programmatic use
 
@@ -75,41 +110,11 @@ const signature = classifyFailure(error, { nodeId: "deploy" });
 > target repo. Use a throwaway clone or disposable worktree, not your primary
 > checkout.
 
-## Table of contents
-
-- [What is Lasso?](#what-is-lasso)
-- [Why Lasso exists](#why-lasso-exists)
-- [What Lasso does](#what-lasso-does)
-- [How it works](#how-it-works)
-- [Slash commands](#slash-commands)
-- [Bundled workflows](#bundled-workflows)
-- [Request examples](#request-examples)
-- [Custom workflows](#custom-workflows)
-- [HarnessSpec reference](#harnessspec-reference)
-- [Library API](#library-api)
-  - [Compiler](#compiler)
-  - [Compiler feedback](#compiler-feedback)
-  - [Verification engine](#verification-engine)
-  - [Compiler optimizations](#compiler-optimizations)
-  - [Harness mutations](#harness-mutations)
-  - [Guardrails](#guardrails)
-  - [Failure mode generation](#failure-mode-generation)
-  - [Adaptive runtime](#adaptive-runtime)
-  - [Lineage persistence](#lineage-persistence)
-  - [Harness memory](#harness-memory)
-  - [Environment model](#environment-model)
-  - [Failure ontology](#failure-ontology)
-  - [Capabilities](#capabilities)
-  - [Meta-harness](#meta-harness)
-  - [Multi-harness composition](#multi-harness-composition)
-- [How Lasso fits with pi-duroxide](#how-lasso-fits-with-pi-duroxide)
-- [Non-goals](#non-goals)
-
 ---
 
 ## Why Lasso exists
 
-`pi-duroxide` gives you a durable workflow runtime. That is the right layer when
+[pi-duroxide](https://github.com/mhingston/pi-duroxide) gives you a durable workflow runtime. That is the right layer when
 you already know what workflow you want to run.
 
 Lasso sits one level higher. It:
@@ -134,7 +139,7 @@ Use Lasso when you want workflow automation that is:
 
 Lasso takes a declarative `HarnessSpec`, validates it, lowers it to CIR,
 optimizes it, and compiles it into a replay-safe workflow that runs on
-`pi-duroxide`.
+[pi-duroxide](https://github.com/mhingston/pi-duroxide).
 
 Out of the box, it ships with:
 
@@ -155,9 +160,13 @@ buildTaskGraph() → TaskGraph
   ↓
 analyzeRisks() → RiskModel
   ↓
+generateFailureModes() → FailureMode[] + Risk[]
+  ↓
+assessRisks() → RiskAssessment (overallScore, threshold filtering)
+  ↓
 synthesizePolicy() → PolicyBundle
   ↓
-synthesizeHarness() → HarnessSpec
+synthesizeHarness() → HarnessSpec (with per-node guardrails & verification hooks)
   ↓
 compileHarnessSpec() → CompiledWorkflow → pi-duroxide
 ```
@@ -169,7 +178,9 @@ Workflow executes
   ↓
 Execution trace captured (timestamps, I/O snapshots, failures)
   ↓
-deriveMutationsFromTrace() → HarnessMutation[]
+synthesizeFromTrace(trace, currentSpec, env) → HarnessSynthesisResult
+  → classifies repeated failures, slow nodes, cost spikes
+  → derives mutations
   ↓
 mutateHarness(spec, mutations) → new spec
   ↓
@@ -391,6 +402,13 @@ All top-level objects are **strict**. Unknown fields are rejected.
 | `merge` | `waitFor`, `strategy` | Fork-join synchronization |
 | `subworkflow` | `specRef`, `inputs` | `ctx.scheduleSubOrchestration()` |
 
+**Per-node fields** (available on all node kinds via `BaseNode`):
+
+| Field | Type | Notes |
+| --- | --- | --- |
+| `guardrails` | `NodeGuardrails` | Per-node limits (timeout, retries, cost, constraints) |
+| `verificationHooks` | `VerificationHook[]` | Inline checks that run after this node completes |
+
 ### Validation rules
 
 1. Node IDs must be unique
@@ -501,6 +519,131 @@ Failure modes are cross-referenced with environment constraints: if auth
 constraint detected, auth failure probability is boosted. Each mode includes
 triggers, mitigations, and recovery actions.
 
+`generateFailureModes()` now returns `risks: Risk[]` alongside `failureModes`,
+converting each failure mode into a quantified risk with probability, impact,
+and score.
+
+### Risk assessment
+
+First-class `Risk` type with quantitative scoring. Each risk carries probability
+(0-1), impact (0-1), and a composite score. `assessRisks()` filters by threshold
+and returns a structured assessment.
+
+```typescript
+import { generateFailureModes, assessRisks } from "lasso";
+
+const generation = generateFailureModes("Deploy my app to staging", env);
+// generation.risks — Risk[] converted from failure modes
+
+const assessment = assessRisks(generation.risks);
+// assessment.overallScore — average risk score (0-1)
+// assessment.risksAboveThreshold — risks scoring >= highRiskThreshold (default 0.7)
+// assessment.highRiskThreshold — the threshold used
+
+// Custom threshold
+const strict = assessRisks(generation.risks, { highRiskThreshold: 0.5 });
+```
+
+**Risk interface:**
+
+| Field | Type | Description |
+| --- | --- | --- |
+| `id` | `string` | Unique risk identifier |
+| `probability` | `number` (0-1) | Likelihood of occurrence |
+| `impact` | `number` (0-1) | Severity if it occurs |
+| `score` | `number` | `probability × impact` |
+| `signals` | `string[]` | Triggers or indicators |
+| `mitigations` | `HarnessMutation[]` | Suggested mitigations as executable mutations |
+| `failureClass` | `FailureClass` | Classification (auth, tool, network, etc.) |
+| `description` | `string` | Human-readable description |
+
+### Per-node harnesses
+
+Every node in a `HarnessSpec` can carry its own guardrails and verification
+hooks. These override global settings and run only during that node's execution.
+
+```json
+{
+  "id": "deploy",
+  "kind": "tool",
+  "tool": "bash",
+  "args": ["./deploy.sh"],
+  "guardrails": {
+    "timeoutSeconds": 120,
+    "maxRetries": 2,
+    "maxCostUsd": 0.10,
+    "constraints": ["exit_code == 0"]
+  },
+  "verificationHooks": [
+    {
+      "name": "health-check",
+      "kind": "tool",
+      "check": "curl -sf http://localhost:3000/health",
+      "onFail": "block",
+      "maxAttempts": 3
+    }
+  ]
+}
+```
+
+**NodeGuardrails:**
+
+| Field | Type | Description |
+| --- | --- | --- |
+| `timeoutSeconds` | `number` | Max execution time for this node |
+| `maxRetries` | `number` | Max retries (overrides global retryPolicy) |
+| `maxCostUsd` | `number` | Max LLM cost for this node |
+| `constraints` | `string[]` | Custom expressions that must hold true |
+
+**VerificationHook:**
+
+| Field | Type | Description |
+| --- | --- | --- |
+| `name` | `string` | Hook identifier |
+| `kind` | `"tool" \| "llm" \| "expression"` | Type of check |
+| `check` | `string` | Tool name, LLM prompt, or expression |
+| `onFail` | `"block" \| "warn" \| "retry"` | Action on failure |
+| `maxAttempts` | `number` | Max verification attempts (optional) |
+
+Per-node guardrails override global `executionPolicy` settings. Verification
+hooks run inline after the node completes, with retry/block/warn semantics.
+
+### Trace-based synthesis
+
+`synthesizeFromTrace()` analyzes an execution trace mid-flight, classifies
+failures, and derives mutations — wired into the compiler's adaptation loop.
+
+```typescript
+import { DefaultMetaHarness } from "lasso";
+
+const meta = new DefaultMetaHarness(config);
+
+const trace = {
+  completedNodes: [
+    { nodeId: "build", startedAt: 1, completedAt: 2, costUsd: 0.05 },
+  ],
+  failedNodes: [
+    { nodeId: "deploy", startedAt: 2, failedAt: 3, error: "auth expired", failureClass: "auth", retryCount: 3 },
+  ],
+  totalCostUsd: 0.15,
+  capturedAt: Date.now(),
+};
+
+const result = await meta.synthesizeFromTrace(trace, currentSpec, environment);
+// result.mutations — HarnessMutation[] derived from trace analysis
+// result.spec — mutated HarnessSpec
+// result.rationale — human-readable explanation of changes
+// result.decision — "continue" | "needs_operator_input" | "stop"
+```
+
+The synthesis classifies:
+- **Repeated failures** — same node failing across retries → add verification or block
+- **Slow nodes** — duration spikes → tighten timeout guardrails
+- **Cost spikes** — LLM cost above expected → swap to cheaper model
+
+This feeds directly into the `continueAsNew` path, producing a new harness
+version with repairs applied.
+
 ### Verification engine
 
 Standalone module with compositional strategies:
@@ -685,15 +828,15 @@ Lasso is distributed as a **pi extension** (`package.json` has a `"pi"` field
 pointing to `./src/index.ts`). When you `pi install` it:
 
 1. pi loads `src/index.ts`, which exports a default extension function
-2. That function (`src/pi/extension.ts`) first boots `pi-duroxide`
+2. That function (`src/pi/extension.ts`) first boots [pi-duroxide](https://github.com/mhingston/pi-duroxide)
 3. Then it registers the 5 slash commands with pi's `ExtensionAPI`
 
 The layering:
 
-- `pi-duroxide` owns workflow lifecycle, replay, timers, events, and runtime registration
+- [pi-duroxide](https://github.com/mhingston/pi-duroxide) owns workflow lifecycle, replay, timers, events, and runtime registration
 - Lasso owns spec validation, CIR lowering, optimization, compilation, and operator-facing commands
 
-In other words: `pi-duroxide` is the durable runtime engine; Lasso is the
+In other words: [pi-duroxide](https://github.com/mhingston/pi-duroxide) is the durable runtime engine; Lasso is the
 harness generation, optimization, and adaptation layer built on top of it.
 
 ## Non-goals

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@mhingston5/lasso",
   "description": "Lasso is a local-first workflow compiler for pi-duroxide.",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "author": "Mark Hingston",
   "repository": "https://github.com/mhingston/lasso",
   "license": "MIT",

package/src/cir/lower.ts

@@ -104,6 +104,8 @@ function lowerNode(spec: HarnessSpec, node: TaskNode, index: number, transitions
     ...(node.retryPolicy ? { retry: cloneRetryPolicy(node.retryPolicy) } : {}),
     ...(verification ? { verification } : {}),
     ...(failureRouting ? { failureRouting } : {}),
+    ...(node.guardrails ? { guardrails: { ...node.guardrails } } : {}),
+    ...(node.verificationHooks ? { verificationHooks: node.verificationHooks.map(h => ({ ...h })) } : {}),
     terminal: outgoingCount === 0,
   } as const;
 

package/src/cir/types.ts

@@ -5,11 +5,13 @@ import type {
   HumanPolicy,
   LlmNode,
   MergeNode,
+  NodeGuardrails,
   ObservabilityPolicy,
   RetryPolicy,
   SubworkflowNode,
   TaskNode,
   ToolNode,
+  VerificationHook,
   VerificationRule,
 } from "../spec/types.js";
 
@@ -69,6 +71,10 @@ export interface CirNodeBase<K extends TaskNode["kind"] = TaskNode["kind"]> {
   verification?: CirVerificationHook[];
   failureRouting?: CirFailureRoutingHint[];
   terminal?: boolean;
+  /** Per-node guardrails from spec */
+  guardrails?: NodeGuardrails;
+  /** Per-node verification hooks from spec */
+  verificationHooks?: VerificationHook[];
 }
 
 export interface CirToolNode extends CirNodeBase<"tool"> {

package/src/compiler/compile.ts

@@ -5,6 +5,7 @@ import { lowerHarnessSpecToCir } from "../cir/lower.js";
 import { optimizeCirWorkflow } from "../cir/optimize.js";
 import { validateCirWorkflow } from "../cir/validate.js";
 import type { HarnessSpec } from "../spec/types.js";
+import { buildTraceEntries } from "../metaharness/trace-adapter.js";
 import { validateHarnessSpec } from "../spec/validate.js";
 import { addFailure, createHarnessState, recordNodeResult, updateMetrics } from "../state/snapshots.js";
 import type { HarnessState } from "../state/types.js";
@@ -13,6 +14,7 @@ import {
   checkGuardrails,
   evaluateConditionExpression,
   GuardrailExceededError,
+  isVerificationSuccess,
   recordTrace,
   runWithRetry,
   type ExecutionState,
@@ -22,6 +24,9 @@ import { unwrapAdaptiveInput, prepareRuntimeReplan, type AdaptiveRuntimeMetadata
 import type { LineageEntry } from "../versioning/types.js";
 import type { HarnessExecutionTrace } from "../versioning/types.js";
 import { buildReferenceHarnessSpec } from "../reference/catalog.js";
+import type { ExecutionTrace } from "../metaharness/types.js";
+import { deriveMutationsFromTrace } from "../mutation/derive.js";
+import { mutateHarness } from "../mutation/engine.js";
 
 export interface CompiledHarnessResult {
   status: "completed";
@@ -189,13 +194,54 @@ function createWorkflowGenerator(
         throw new GuardrailExceededError(guardrailResult.reason!);
       }
 
-      const output = yield* executeNodeWithPolicies(ctx, state, node, effectiveNodeMap, effectiveCir.name);
+      // Per-node guardrails: check constraints and cost before execution
+      const specNode = getSpecNode(effectiveSpec, node.id);
+      if (specNode?.guardrails) {
+        checkPerNodeGuardrails(specNode.guardrails, state, node.id);
+      }
+
+      // Per-node timeout: record start time before yield
+      const nodeStartTime = specNode?.guardrails?.timeoutSeconds !== undefined ? Date.now() : undefined;
+      const nodeStartCost = specNode?.guardrails?.maxCostUsd !== undefined ? state.estimatedCostUsd : undefined;
+
+      // Override retry with per-node maxRetries if present
+      const effectiveNode = specNode?.guardrails?.maxRetries !== undefined
+        ? { ...node, retry: { maxAttempts: specNode.guardrails.maxRetries + 1, backoff: node.retry?.backoff ?? "constant", initialDelay: node.retry?.initialDelay ?? 0, maxDelay: node.retry?.maxDelay, retryOn: node.retry?.retryOn } }
+        : node;
+
+      const output = yield* executeNodeWithPolicies(ctx, state, effectiveNode, effectiveNodeMap, effectiveCir.name);
       state.outputs[node.id] = output;
       state.stepCount += 1;
       if (node.kind === "llm") {
         state.estimatedCostUsd += 0.01;
       }
 
+      // Per-node timeout: check after yield returns
+      if (nodeStartTime !== undefined && specNode?.guardrails?.timeoutSeconds !== undefined) {
+        const elapsedMs = Date.now() - nodeStartTime;
+        const timeoutMs = specNode.guardrails.timeoutSeconds * 1000;
+        if (elapsedMs > timeoutMs) {
+          throw new GuardrailExceededError(
+            `Per-node timeout exceeded for node ${node.id} (${elapsedMs}ms > ${timeoutMs}ms)`,
+          );
+        }
+      }
+
+      // Per-node cost: check delta, not cumulative
+      if (nodeStartCost !== undefined && specNode?.guardrails?.maxCostUsd !== undefined) {
+        const nodeCost = state.estimatedCostUsd - nodeStartCost;
+        if (nodeCost > specNode.guardrails.maxCostUsd) {
+          throw new GuardrailExceededError(
+            `Per-node cost limit exceeded for node ${node.id} ($${nodeCost.toFixed(4)}/$${specNode.guardrails.maxCostUsd.toFixed(2)})`,
+          );
+        }
+      }
+
+      // Per-node verification hooks
+      if (specNode?.verificationHooks && specNode.verificationHooks.length > 0) {
+        yield* runPerNodeVerificationHooks(ctx, state, node, specNode.verificationHooks, effectiveNodeMap);
+      }
+
       const parallelMergePlan = effectiveParallelMergePlans.get(node.id);
       if (parallelMergePlan) {
         const branchNodes = parallelMergePlan.branchNodeIds.map(branchNodeId => getNode(effectiveNodeMap, branchNodeId));
@@ -582,8 +628,31 @@ function* buildCompletedResultWithContinuation(
     const replanDecision = prepareRuntimeReplan(adaptiveMetadata, state.input, result);
 
     if (replanDecision.decision === "continue_as_new") {
+      const traceMutations = synthesizeTraceMutations(state, adaptiveMetadata);
+
+      let nextInput = replanDecision.nextInput;
+      if (traceMutations.length > 0) {
+        const baseSpec = buildReferenceHarnessSpec(replanDecision.nextRequest);
+        const mutated = mutateHarness(baseSpec, traceMutations);
+        nextInput = {
+          ...nextInput,
+          __lassoAdaptiveRuntime: {
+            ...nextInput.__lassoAdaptiveRuntime,
+            currentVersion: {
+              ...nextInput.__lassoAdaptiveRuntime.currentVersion,
+              spec: mutated.spec,
+            },
+            pendingMutations: [
+              ...(nextInput.__lassoAdaptiveRuntime.pendingMutations ?? []),
+              ...traceMutations,
+            ],
+          },
+        };
+        ctx.traceInfo(`Lasso trace synthesis: applied ${traceMutations.length} mutation(s) from execution trace`);
+      }
+
       ctx.traceInfo(`Lasso adaptive runtime: continuing as new with version ${replanDecision.nextVersion.version}`);
-      yield ctx.continueAsNew(replanDecision.nextInput);
+      yield ctx.continueAsNew(nextInput);
     } else {
       ctx.traceInfo(`Lasso adaptive runtime: ${replanDecision.decision}`);
     }
@@ -599,3 +668,204 @@ function formatUnknownError(error: unknown): string {
 
   return String(error);
 }
+
+// NOTE: Timestamps here are approximations — the total harness duration is
+// applied uniformly to all nodes. Per-node timing should be sourced from
+// trace entries when available.
+function synthesizeTraceMutations(
+  state: ExecutionState,
+  adaptiveMetadata: AdaptiveRuntimeMetadata,
+): ReturnType<typeof deriveMutationsFromTrace> {
+  const executionTrace: ExecutionTrace = {
+    completedNodes: [],
+    failedNodes: [],
+    currentNodeId: undefined,
+    capturedAt: Date.now(),
+  };
+
+  for (const failure of state.harnessState.failures) {
+    executionTrace.failedNodes.push({
+      nodeId: failure.nodeId ?? "unknown",
+      startedAt: Date.now() - (state.harnessState.metrics.durationMs ?? 0),
+      failedAt: Date.now(),
+      error: failure.message,
+      retryCount: 0,
+    });
+  }
+
+  for (const [nodeId, output] of Object.entries(state.harnessState.nodeResults ?? {})) {
+    if (!executionTrace.failedNodes.some(f => f.nodeId === nodeId)) {
+      executionTrace.completedNodes.push({
+        nodeId,
+        startedAt: Date.now() - (state.harnessState.metrics.durationMs ?? 0),
+        completedAt: Date.now(),
+        output,
+      });
+    }
+  }
+
+  const traceEntries = buildTraceEntries(executionTrace);
+
+  if (traceEntries.length === 0) {
+    return [];
+  }
+
+  const harnessTrace: HarnessExecutionTrace = {
+    entries: traceEntries,
+    totalDurationMs: state.harnessState.metrics.durationMs ?? 0,
+    nodeCount: executionTrace.completedNodes.length + executionTrace.failedNodes.length,
+    failureCount: executionTrace.failedNodes.length,
+    startTimeMs: Date.now() - (state.harnessState.metrics.durationMs ?? 0),
+    endTimeMs: Date.now(),
+  };
+
+  return deriveMutationsFromTrace(harnessTrace, adaptiveMetadata.currentVersion.spec);
+}
+
+function getSpecNode(spec: HarnessSpec, nodeId: string): import("../spec/types.js").TaskNode | undefined {
+  return spec.graph.nodes.find(node => node.id === nodeId);
+}
+
+function checkPerNodeGuardrails(
+  guardrails: import("../spec/types.js").NodeGuardrails,
+  state: ExecutionState,
+  nodeId: string,
+): void {
+  if (guardrails.constraints) {
+    for (const constraint of guardrails.constraints) {
+      const result = evaluateConditionExpression(constraint, state);
+      if (!result) {
+        throw new GuardrailExceededError(
+          `Constraint failed for node ${nodeId}: "${constraint}"`,
+        );
+      }
+    }
+  }
+
+
+}
+
+function* runPerNodeVerificationHooks(
+  ctx: WorkflowContext,
+  state: ExecutionState,
+  node: CirNode,
+  hooks: import("../spec/types.js").VerificationHook[],
+  nodeMap: Map<string, CirNode>,
+): Generator<YieldItem, void, unknown> {
+  for (const hook of hooks) {
+    let hookAttempts = 0;
+    const maxAttempts = hook.maxAttempts ?? 2;
+
+    while (true) {
+      if (hook.kind === "expression") {
+        const result = evaluateConditionExpression(hook.check, state);
+        if (result) {
+          break; // Hook passed, move to next hook
+        }
+
+        // Expression failed
+        if (hook.onFail === "block") {
+          throw new Error(
+            `Verification hook "${hook.name}" blocked: expression "${hook.check}" evaluated to false for node ${node.id}`,
+          );
+        }
+        if (hook.onFail === "warn") {
+          ctx.traceWarn(
+            `[lasso] Verification hook "${hook.name}" warning: expression "${hook.check}" evaluated to false for node ${node.id}`,
+          );
+          break; // Warn but continue to next hook
+        }
+        if (hook.onFail === "retry") {
+          hookAttempts++;
+          if (hookAttempts < maxAttempts) {
+            recordTrace(ctx, state, node, "retry", {
+              reason: "verification-hook",
+              hook: hook.name,
+              attemptNumber: hookAttempts + 1,
+            });
+            // Re-execute the node
+            yield* executeNodeWithPolicies(ctx, state, node as Exclude<CirNode, { kind: "condition" | "merge" }>, nodeMap, "current");
+            continue; // Re-check the same hook
+          }
+          throw new Error(
+            `Verification hook "${hook.name}" retry exhausted for node ${node.id}`,
+          );
+        }
+      }
+
+      // For tool/llm hooks, create an inline verifier node
+      const verifierNodeId = `__verify_hook_${hook.name}`;
+      let verifierNode: CirNode;
+
+      if (hook.kind === "llm") {
+        verifierNode = {
+          id: verifierNodeId,
+          kind: "llm",
+          source: {
+            specNodeId: node.id,
+            specNodeKind: node.kind,
+            specPath: `verificationHook:${hook.name}`,
+          },
+          action: {
+            provider: "anthropic",
+            model: "claude-sonnet",
+            prompt: hook.check,
+          },
+        };
+      } else {
+        verifierNode = {
+          id: verifierNodeId,
+          kind: "tool",
+          source: {
+            specNodeId: node.id,
+            specNodeKind: node.kind,
+            specPath: `verificationHook:${hook.name}`,
+          },
+          action: {
+            tool: "bash",
+            args: [hook.check],
+          },
+        };
+      }
+
+      const verifierOutput = yield createActionYieldItem(ctx, verifierNode as Exclude<CirNode, { kind: "condition" | "merge" }>, "current");
+      state.outputs[verifierNodeId] = verifierOutput;
+
+      const passed = isVerificationSuccess(verifierOutput);
+      if (passed) {
+        break; // Hook passed, move to next hook
+      }
+
+      // Verification failed
+      if (hook.onFail === "block") {
+        throw new Error(
+          `Verification hook "${hook.name}" blocked: verifier returned false for node ${node.id}`,
+        );
+      }
+
+      if (hook.onFail === "warn") {
+        ctx.traceWarn(
+          `[lasso] Verification hook "${hook.name}" warning: verifier returned false for node ${node.id}`,
+        );
+        break; // Warn but continue to next hook
+      }
+
+      if (hook.onFail === "retry") {
+        hookAttempts++;
+        if (hookAttempts < maxAttempts) {
+          recordTrace(ctx, state, node, "retry", {
+            reason: "verification-hook",
+            hook: hook.name,
+            attemptNumber: hookAttempts + 1,
+          });
+          // Re-execute the node
+          yield* executeNodeWithPolicies(ctx, state, node as Exclude<CirNode, { kind: "condition" | "merge" }>, nodeMap, "current");
+          continue; // Re-check the same hook
+        }
+        throw new Error(
+          `Verification hook "${hook.name}" retry exhausted for node ${node.id}`,
+        );
+      }
+    }
+  }
+}