@riddledc/riddle-proof 0.7.115 → 0.7.116

package/dist/{chunk-QOOPPRYK.js → chunk-SBOGXOV5.js}

@@ -699,6 +699,38 @@ function collectRiddleProofProfileWarnings(profile) {
   }
   return warnings;
 }
+function profileStatusProbeCounts(profile) {
+  let httpStatus = 0;
+  let linkStatus = 0;
+  for (const check of profile.checks || []) {
+    if (check.type === "http_status") httpStatus += 1;
+    if (check.type === "link_status" || check.type === "artifact_link_status") linkStatus += 1;
+  }
+  return { httpStatus, linkStatus };
+}
+function riddleApiStrictSafetyWarnings(blocker) {
+  const rawWarnings = Array.isArray(blocker?.warnings) ? blocker.warnings.filter((warning) => typeof warning === "string") : [];
+  const errorText = typeof blocker?.error === "string" ? blocker.error.toLowerCase() : "";
+  const hasSafetyError = errorText.includes("potentially unsafe operations");
+  const hasDirectNetworkWarning = rawWarnings.some((warning) => warning.toLowerCase().includes("direct network operations"));
+  return hasSafetyError || hasDirectNetworkWarning ? rawWarnings : [];
+}
+function collectRiddleProofProfileEnvironmentBlockedWarnings(profile, blocker) {
+  const warnings = collectRiddleProofProfileWarnings(profile);
+  const safetyWarnings = riddleApiStrictSafetyWarnings(blocker);
+  if (!safetyWarnings.length) return warnings;
+  const counts = profileStatusProbeCounts(profile);
+  const statusProbeCount = counts.httpStatus + counts.linkStatus;
+  if (!statusProbeCount) return warnings;
+  const parts = [
+    counts.httpStatus ? `${counts.httpStatus} http_status` : "",
+    counts.linkStatus ? `${counts.linkStatus} link_status/artifact_link_status` : ""
+  ].filter(Boolean);
+  warnings.push(
+    `Riddle API strict script validation blocked a hosted profile runner with ${parts.join(" and ")} check(s). These checks intentionally collect endpoint/link evidence from inside the generated browser runner; hosted run-profile defaults to --strict=false, so omit --strict=true or rerun with --strict=false for trusted generated profile runs.`
+  );
+  return warnings;
+}
 function normalizeRouteInventoryPath(value, label) {
   const path = stringValue(value);
   if (!path) throw new Error(`${label} requires path.`);
@@ -2223,7 +2255,7 @@ function createRiddleProofProfileConfigurationError(name, error, runner = "riddl
 function createRiddleProofProfileEnvironmentBlockedResult(input) {
   const message = input.error instanceof Error ? input.error.message : input.error ? String(input.error) : "Riddle runner did not complete successfully.";
   const environmentBlocker = extractRiddleRunnerBlocker(message);
-  const warnings = collectRiddleProofProfileWarnings(input.profile);
+  const warnings = collectRiddleProofProfileEnvironmentBlockedWarnings(input.profile, environmentBlocker);
   return {
     version: RIDDLE_PROOF_PROFILE_RESULT_VERSION,
     profile_name: input.profile.name,
@@ -2266,6 +2298,11 @@ function extractRiddleRunnerBlocker(message) {
   for (const key of ["error", "required_seconds", "available_seconds", "deficit_seconds", "minimum_purchase_dollars"]) {
     copyScalar(key);
   }
+  const warnings = payload?.warnings;
+  if (Array.isArray(warnings)) {
+    const warningStrings = warnings.filter((warning) => typeof warning === "string");
+    if (warningStrings.length) details.warnings = warningStrings;
+  }
   const httpStatus = typeof details.http_status === "number" ? details.http_status : void 0;
   const errorText = typeof details.error === "string" ? details.error.toLowerCase() : "";
   if (httpStatus === 402 && errorText.includes("balance")) {

package/dist/cli.cjs

@@ -7636,6 +7636,38 @@ function collectRiddleProofProfileWarnings(profile) {
   }
   return warnings;
 }
+function profileStatusProbeCounts(profile) {
+  let httpStatus = 0;
+  let linkStatus = 0;
+  for (const check of profile.checks || []) {
+    if (check.type === "http_status") httpStatus += 1;
+    if (check.type === "link_status" || check.type === "artifact_link_status") linkStatus += 1;
+  }
+  return { httpStatus, linkStatus };
+}
+function riddleApiStrictSafetyWarnings(blocker) {
+  const rawWarnings = Array.isArray(blocker?.warnings) ? blocker.warnings.filter((warning) => typeof warning === "string") : [];
+  const errorText = typeof blocker?.error === "string" ? blocker.error.toLowerCase() : "";
+  const hasSafetyError = errorText.includes("potentially unsafe operations");
+  const hasDirectNetworkWarning = rawWarnings.some((warning) => warning.toLowerCase().includes("direct network operations"));
+  return hasSafetyError || hasDirectNetworkWarning ? rawWarnings : [];
+}
+function collectRiddleProofProfileEnvironmentBlockedWarnings(profile, blocker) {
+  const warnings = collectRiddleProofProfileWarnings(profile);
+  const safetyWarnings = riddleApiStrictSafetyWarnings(blocker);
+  if (!safetyWarnings.length) return warnings;
+  const counts = profileStatusProbeCounts(profile);
+  const statusProbeCount = counts.httpStatus + counts.linkStatus;
+  if (!statusProbeCount) return warnings;
+  const parts = [
+    counts.httpStatus ? `${counts.httpStatus} http_status` : "",
+    counts.linkStatus ? `${counts.linkStatus} link_status/artifact_link_status` : ""
+  ].filter(Boolean);
+  warnings.push(
+    `Riddle API strict script validation blocked a hosted profile runner with ${parts.join(" and ")} check(s). These checks intentionally collect endpoint/link evidence from inside the generated browser runner; hosted run-profile defaults to --strict=false, so omit --strict=true or rerun with --strict=false for trusted generated profile runs.`
+  );
+  return warnings;
+}
 function normalizeRouteInventoryPath(value, label) {
   const path7 = stringValue2(value);
   if (!path7) throw new Error(`${label} requires path.`);
@@ -9144,7 +9176,7 @@ function profileStatusExitCode(profile, status) {
 function createRiddleProofProfileEnvironmentBlockedResult(input) {
   const message = input.error instanceof Error ? input.error.message : input.error ? String(input.error) : "Riddle runner did not complete successfully.";
   const environmentBlocker = extractRiddleRunnerBlocker(message);
-  const warnings = collectRiddleProofProfileWarnings(input.profile);
+  const warnings = collectRiddleProofProfileEnvironmentBlockedWarnings(input.profile, environmentBlocker);
   return {
     version: RIDDLE_PROOF_PROFILE_RESULT_VERSION,
     profile_name: input.profile.name,
@@ -9187,6 +9219,11 @@ function extractRiddleRunnerBlocker(message) {
   for (const key of ["error", "required_seconds", "available_seconds", "deficit_seconds", "minimum_purchase_dollars"]) {
     copyScalar(key);
   }
+  const warnings = payload?.warnings;
+  if (Array.isArray(warnings)) {
+    const warningStrings = warnings.filter((warning) => typeof warning === "string");
+    if (warningStrings.length) details.warnings = warningStrings;
+  }
   const httpStatus = typeof details.http_status === "number" ? details.http_status : void 0;
   const errorText = typeof details.error === "string" ? details.error.toLowerCase() : "";
   if (httpStatus === 402 && errorText.includes("balance")) {

package/dist/cli.js

@@ -10,7 +10,7 @@ import {
   profileStatusExitCode,
   resolveRiddleProofProfileTargetUrl,
   resolveRiddleProofProfileTimeoutSec
-} from "./chunk-QOOPPRYK.js";
+} from "./chunk-SBOGXOV5.js";
 import {
   createRiddleApiClient,
   parseRiddleViewport

package/dist/index.cjs

@@ -9429,6 +9429,38 @@ function collectRiddleProofProfileWarnings(profile) {
   }
   return warnings;
 }
+function profileStatusProbeCounts(profile) {
+  let httpStatus = 0;
+  let linkStatus = 0;
+  for (const check of profile.checks || []) {
+    if (check.type === "http_status") httpStatus += 1;
+    if (check.type === "link_status" || check.type === "artifact_link_status") linkStatus += 1;
+  }
+  return { httpStatus, linkStatus };
+}
+function riddleApiStrictSafetyWarnings(blocker) {
+  const rawWarnings = Array.isArray(blocker?.warnings) ? blocker.warnings.filter((warning) => typeof warning === "string") : [];
+  const errorText = typeof blocker?.error === "string" ? blocker.error.toLowerCase() : "";
+  const hasSafetyError = errorText.includes("potentially unsafe operations");
+  const hasDirectNetworkWarning = rawWarnings.some((warning) => warning.toLowerCase().includes("direct network operations"));
+  return hasSafetyError || hasDirectNetworkWarning ? rawWarnings : [];
+}
+function collectRiddleProofProfileEnvironmentBlockedWarnings(profile, blocker) {
+  const warnings = collectRiddleProofProfileWarnings(profile);
+  const safetyWarnings = riddleApiStrictSafetyWarnings(blocker);
+  if (!safetyWarnings.length) return warnings;
+  const counts = profileStatusProbeCounts(profile);
+  const statusProbeCount = counts.httpStatus + counts.linkStatus;
+  if (!statusProbeCount) return warnings;
+  const parts = [
+    counts.httpStatus ? `${counts.httpStatus} http_status` : "",
+    counts.linkStatus ? `${counts.linkStatus} link_status/artifact_link_status` : ""
+  ].filter(Boolean);
+  warnings.push(
+    `Riddle API strict script validation blocked a hosted profile runner with ${parts.join(" and ")} check(s). These checks intentionally collect endpoint/link evidence from inside the generated browser runner; hosted run-profile defaults to --strict=false, so omit --strict=true or rerun with --strict=false for trusted generated profile runs.`
+  );
+  return warnings;
+}
 function normalizeRouteInventoryPath(value, label) {
   const path6 = stringValue5(value);
   if (!path6) throw new Error(`${label} requires path.`);
@@ -10953,7 +10985,7 @@ function createRiddleProofProfileConfigurationError(name, error, runner = "riddl
 function createRiddleProofProfileEnvironmentBlockedResult(input) {
   const message = input.error instanceof Error ? input.error.message : input.error ? String(input.error) : "Riddle runner did not complete successfully.";
   const environmentBlocker = extractRiddleRunnerBlocker(message);
-  const warnings = collectRiddleProofProfileWarnings(input.profile);
+  const warnings = collectRiddleProofProfileEnvironmentBlockedWarnings(input.profile, environmentBlocker);
   return {
     version: RIDDLE_PROOF_PROFILE_RESULT_VERSION,
     profile_name: input.profile.name,
@@ -10996,6 +11028,11 @@ function extractRiddleRunnerBlocker(message) {
   for (const key of ["error", "required_seconds", "available_seconds", "deficit_seconds", "minimum_purchase_dollars"]) {
     copyScalar(key);
   }
+  const warnings = payload?.warnings;
+  if (Array.isArray(warnings)) {
+    const warningStrings = warnings.filter((warning) => typeof warning === "string");
+    if (warningStrings.length) details.warnings = warningStrings;
+  }
   const httpStatus = typeof details.http_status === "number" ? details.http_status : void 0;
   const errorText = typeof details.error === "string" ? details.error.toLowerCase() : "";
   if (httpStatus === 402 && errorText.includes("balance")) {

package/dist/index.js

@@ -59,7 +59,7 @@ import {
   resolveRiddleProofProfileTimeoutSec,
   slugifyRiddleProofProfileName,
   summarizeRiddleProofProfileResult
-} from "./chunk-QOOPPRYK.js";
+} from "./chunk-SBOGXOV5.js";
 import {
   DEFAULT_RIDDLE_API_BASE_URL,
   DEFAULT_RIDDLE_API_KEY_FILE,

package/dist/profile.cjs

@@ -743,6 +743,38 @@ function collectRiddleProofProfileWarnings(profile) {
   }
   return warnings;
 }
+function profileStatusProbeCounts(profile) {
+  let httpStatus = 0;
+  let linkStatus = 0;
+  for (const check of profile.checks || []) {
+    if (check.type === "http_status") httpStatus += 1;
+    if (check.type === "link_status" || check.type === "artifact_link_status") linkStatus += 1;
+  }
+  return { httpStatus, linkStatus };
+}
+function riddleApiStrictSafetyWarnings(blocker) {
+  const rawWarnings = Array.isArray(blocker?.warnings) ? blocker.warnings.filter((warning) => typeof warning === "string") : [];
+  const errorText = typeof blocker?.error === "string" ? blocker.error.toLowerCase() : "";
+  const hasSafetyError = errorText.includes("potentially unsafe operations");
+  const hasDirectNetworkWarning = rawWarnings.some((warning) => warning.toLowerCase().includes("direct network operations"));
+  return hasSafetyError || hasDirectNetworkWarning ? rawWarnings : [];
+}
+function collectRiddleProofProfileEnvironmentBlockedWarnings(profile, blocker) {
+  const warnings = collectRiddleProofProfileWarnings(profile);
+  const safetyWarnings = riddleApiStrictSafetyWarnings(blocker);
+  if (!safetyWarnings.length) return warnings;
+  const counts = profileStatusProbeCounts(profile);
+  const statusProbeCount = counts.httpStatus + counts.linkStatus;
+  if (!statusProbeCount) return warnings;
+  const parts = [
+    counts.httpStatus ? `${counts.httpStatus} http_status` : "",
+    counts.linkStatus ? `${counts.linkStatus} link_status/artifact_link_status` : ""
+  ].filter(Boolean);
+  warnings.push(
+    `Riddle API strict script validation blocked a hosted profile runner with ${parts.join(" and ")} check(s). These checks intentionally collect endpoint/link evidence from inside the generated browser runner; hosted run-profile defaults to --strict=false, so omit --strict=true or rerun with --strict=false for trusted generated profile runs.`
+  );
+  return warnings;
+}
 function normalizeRouteInventoryPath(value, label) {
   const path = stringValue(value);
   if (!path) throw new Error(`${label} requires path.`);
@@ -2267,7 +2299,7 @@ function createRiddleProofProfileConfigurationError(name, error, runner = "riddl
 function createRiddleProofProfileEnvironmentBlockedResult(input) {
   const message = input.error instanceof Error ? input.error.message : input.error ? String(input.error) : "Riddle runner did not complete successfully.";
   const environmentBlocker = extractRiddleRunnerBlocker(message);
-  const warnings = collectRiddleProofProfileWarnings(input.profile);
+  const warnings = collectRiddleProofProfileEnvironmentBlockedWarnings(input.profile, environmentBlocker);
   return {
     version: RIDDLE_PROOF_PROFILE_RESULT_VERSION,
     profile_name: input.profile.name,
@@ -2310,6 +2342,11 @@ function extractRiddleRunnerBlocker(message) {
   for (const key of ["error", "required_seconds", "available_seconds", "deficit_seconds", "minimum_purchase_dollars"]) {
     copyScalar(key);
   }
+  const warnings = payload?.warnings;
+  if (Array.isArray(warnings)) {
+    const warningStrings = warnings.filter((warning) => typeof warning === "string");
+    if (warningStrings.length) details.warnings = warningStrings;
+  }
   const httpStatus = typeof details.http_status === "number" ? details.http_status : void 0;
   const errorText = typeof details.error === "string" ? details.error.toLowerCase() : "";
   if (httpStatus === 402 && errorText.includes("balance")) {

package/dist/profile.js

@@ -20,7 +20,7 @@ import {
   resolveRiddleProofProfileTimeoutSec,
   slugifyRiddleProofProfileName,
   summarizeRiddleProofProfileResult
-} from "./chunk-QOOPPRYK.js";
+} from "./chunk-SBOGXOV5.js";
 export {
   RIDDLE_PROOF_PROFILE_CHECK_TYPES,
   RIDDLE_PROOF_PROFILE_EVIDENCE_VERSION,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@riddledc/riddle-proof",
-  "version": "0.7.115",
+  "version": "0.7.116",
   "description": "Reusable Riddle Proof contracts and helpers for evidence-backed agent changes.",
   "license": "MIT",
   "author": "RiddleDC",