@riddledc/riddle-proof 0.8.15 → 0.8.17

package/README.md

@@ -208,6 +208,27 @@ viewport and returns an `environment_blocked` result without starting partial
 jobs when the account balance cannot cover the intended sweep. Use
 `--balance-preflight=false` to bypass this check.
 
+## Regression Packs
+
+Reusable regression packs live in `examples/regression-packs`. They are
+host-readable manifests for recurring trust-boundary checks that should produce
+the same terminal outcomes across generic runners and wrappers.
+
+The first pack is
+`examples/regression-packs/oc-flow-regression.json`. It names the live OpenClaw
+regression cases for route-changing interactions, query/hash preservation,
+negative dropped query/hash evidence, no-diff production audits, selector and
+thrown-error blockers, and stale checkpoint responses after terminal status.
+The same pack also points at the local generic core suite:
+
+```sh
+python3 packages/riddle-proof/runtime/tests/trust_boundary_regression.py
+```
+
+Before counting live wrapper runs, use the pack's runtime gate: verify
+`riddle_proof_status` reports the loaded `@riddledc/openclaw-riddle-proof` and
+`@riddledc/riddle-proof` versions. Disk package versions alone are not enough.
+
 Use `--viewport-name <name>` to run only one named viewport from a
 multi-viewport profile while preserving viewport-scoped setup actions and
 checks:

package/dist/advanced/engine-harness.cjs

@@ -5221,7 +5221,7 @@ function checkpointResponseContinuation(state, value) {
   };
 }
 function finalizedCheckpointResponseWithoutPacketResult(state, value) {
-  if (!value || state.checkpoint_packet || !state.finalized || !isProtectedFinalStatus(state.status)) return null;
+  if (!value || state.checkpoint_packet || !isProtectedFinalStatus(state.status)) return null;
   const response = normalizeCheckpointResponse(value);
   if (!response) return null;
   if (isDuplicateCheckpointResponse(state, response)) return null;

package/dist/advanced/engine-harness.js

@@ -2,7 +2,7 @@ import {
   createDisabledRiddleProofAgentAdapter,
   readRiddleProofRunStatus,
   runRiddleProofEngineHarness
-} from "../chunk-RW4OUHN4.js";
+} from "../chunk-ZOZLORGR.js";
 import "../chunk-YZUVEJ5B.js";
 import "../chunk-FMOYUYH2.js";
 import "../chunk-7GZY5PLT.js";

package/dist/advanced/index.cjs

@@ -5758,7 +5758,7 @@ function checkpointResponseContinuation(state, value) {
   };
 }
 function finalizedCheckpointResponseWithoutPacketResult(state, value) {
-  if (!value || state.checkpoint_packet || !state.finalized || !isProtectedFinalStatus(state.status)) return null;
+  if (!value || state.checkpoint_packet || !isProtectedFinalStatus(state.status)) return null;
   const response = normalizeCheckpointResponse(value);
   if (!response) return null;
   if (isDuplicateCheckpointResponse(state, response)) return null;

package/dist/advanced/index.js

@@ -6,7 +6,7 @@ import {
 } from "../chunk-NGX4SUQN.js";
 import {
   engine_harness_exports
-} from "../chunk-RW4OUHN4.js";
+} from "../chunk-ZOZLORGR.js";
 import "../chunk-YZUVEJ5B.js";
 import "../chunk-FMOYUYH2.js";
 import {

package/dist/{chunk-KTIDPXE2.js → chunk-E7UTJ7KB.js}

@@ -22,7 +22,7 @@ import {
   createDisabledRiddleProofAgentAdapter,
   readRiddleProofRunStatus,
   runRiddleProofEngineHarness
-} from "./chunk-RW4OUHN4.js";
+} from "./chunk-ZOZLORGR.js";
 import {
   createCheckpointResponseTemplate
 } from "./chunk-4FOHZ7JG.js";

package/dist/{chunk-RW4OUHN4.js → chunk-ZOZLORGR.js}

@@ -862,7 +862,7 @@ function checkpointResponseContinuation(state, value) {
   };
 }
 function finalizedCheckpointResponseWithoutPacketResult(state, value) {
-  if (!value || state.checkpoint_packet || !state.finalized || !isProtectedFinalStatus(state.status)) return null;
+  if (!value || state.checkpoint_packet || !isProtectedFinalStatus(state.status)) return null;
   const response = normalizeCheckpointResponse(value);
   if (!response) return null;
   if (isDuplicateCheckpointResponse(state, response)) return null;

package/dist/cli/index.js

@@ -1,7 +1,7 @@
-import "../chunk-KTIDPXE2.js";
+import "../chunk-E7UTJ7KB.js";
 import "../chunk-PEWAIEER.js";
 import "../chunk-TWTEUS7R.js";
-import "../chunk-RW4OUHN4.js";
+import "../chunk-ZOZLORGR.js";
 import "../chunk-YZUVEJ5B.js";
 import "../chunk-FMOYUYH2.js";
 import "../chunk-7GZY5PLT.js";

package/dist/cli.cjs

@@ -5290,7 +5290,7 @@ function checkpointResponseContinuation(state, value) {
   };
 }
 function finalizedCheckpointResponseWithoutPacketResult(state, value) {
-  if (!value || state.checkpoint_packet || !state.finalized || !isProtectedFinalStatus(state.status)) return null;
+  if (!value || state.checkpoint_packet || !isProtectedFinalStatus(state.status)) return null;
   const response = normalizeCheckpointResponse(value);
   if (!response) return null;
   if (isDuplicateCheckpointResponse(state, response)) return null;

package/dist/cli.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
-import "./chunk-KTIDPXE2.js";
+import "./chunk-E7UTJ7KB.js";
 import "./chunk-PEWAIEER.js";
 import "./chunk-TWTEUS7R.js";
-import "./chunk-RW4OUHN4.js";
+import "./chunk-ZOZLORGR.js";
 import "./chunk-YZUVEJ5B.js";
 import "./chunk-FMOYUYH2.js";
 import "./chunk-7GZY5PLT.js";

package/dist/engine-harness.cjs

@@ -5219,7 +5219,7 @@ function checkpointResponseContinuation(state, value) {
   };
 }
 function finalizedCheckpointResponseWithoutPacketResult(state, value) {
-  if (!value || state.checkpoint_packet || !state.finalized || !isProtectedFinalStatus(state.status)) return null;
+  if (!value || state.checkpoint_packet || !isProtectedFinalStatus(state.status)) return null;
   const response = normalizeCheckpointResponse(value);
   if (!response) return null;
   if (isDuplicateCheckpointResponse(state, response)) return null;

package/dist/engine-harness.js

@@ -2,7 +2,7 @@ import {
   createDisabledRiddleProofAgentAdapter,
   readRiddleProofRunStatus,
   runRiddleProofEngineHarness
-} from "./chunk-RW4OUHN4.js";
+} from "./chunk-ZOZLORGR.js";
 import "./chunk-YZUVEJ5B.js";
 import "./chunk-FMOYUYH2.js";
 import "./chunk-7GZY5PLT.js";

package/dist/index.cjs

@@ -5953,7 +5953,7 @@ function checkpointResponseContinuation(state, value) {
   };
 }
 function finalizedCheckpointResponseWithoutPacketResult(state, value) {
-  if (!value || state.checkpoint_packet || !state.finalized || !isProtectedFinalStatus(state.status)) return null;
+  if (!value || state.checkpoint_packet || !isProtectedFinalStatus(state.status)) return null;
   const response = normalizeCheckpointResponse(value);
   if (!response) return null;
   if (isDuplicateCheckpointResponse(state, response)) return null;

package/dist/index.js

@@ -95,7 +95,7 @@ import {
   createDisabledRiddleProofAgentAdapter,
   readRiddleProofRunStatus,
   runRiddleProofEngineHarness
-} from "./chunk-RW4OUHN4.js";
+} from "./chunk-ZOZLORGR.js";
 import {
   RIDDLE_PROOF_RUN_STATE_VERSION,
   appendRunEvent,

package/examples/regression-packs/oc-flow-regression.json

@@ -0,0 +1,318 @@
+{
+  "version": "riddle-proof.regression-pack.v1",
+  "pack_id": "riddle-proof-oc-flow-2026-06",
+  "public_name": "Riddle Proof OC Flow Regression Pack",
+  "description": "Reusable regression pack for the trust boundary between browser evidence, verifier judgment, retry policy, wrapper checkpoint handling, and terminal status.",
+  "minimum_versions": {
+    "@riddledc/openclaw-riddle-proof": "0.4.144",
+    "@riddledc/riddle-proof": "0.8.16"
+  },
+  "runtime_gate": {
+    "tool": "riddle_proof_status",
+    "require_loaded_metadata": true,
+    "fresh_runtime_rule": "Count only runs whose riddle_proof_status package_metadata reports the minimum_versions or newer. If disk package versions differ from loaded metadata, restart the gateway and discard stale runs."
+  },
+  "forbidden_terminal_markers": [
+    "codex_invalid_json",
+    "codex_no_final_response",
+    "codex_timeout",
+    "max_iterations_reached",
+    "stage_iteration_limit_reached",
+    "verify_capture_retry",
+    "checkpoint_response_without_packet"
+  ],
+  "local_core_suite": {
+    "command": "python3 packages/riddle-proof/runtime/tests/trust_boundary_regression.py",
+    "required_cases": [
+      "route-change-forward-pass",
+      "route-change-retry-state-drift-ignored",
+      "route-change-reverse-pass",
+      "route-change-reverse-nested-terminal-url-pass",
+      "query-hash-trailing-slash-pass",
+      "query-hash-dropped-structured-negative-blocker",
+      "same-page-hash-pass",
+      "missing-selector-timeout-specific-blocker",
+      "thrown-error-preserves-structured-evidence",
+      "interaction-thrown-error-specific-blocker",
+      "proof-evidence-absent-specific-blocker",
+      "no-diff-prod-audit-default-capture-pass"
+    ]
+  },
+  "openclaw_live_suite": {
+    "target": {
+      "repo": "davisdiehl/riddle-site",
+      "prod_url": "https://riddledc.com/",
+      "ship_mode": "none",
+      "implementation_mode": "none",
+      "require_diff": false,
+      "allow_code_changes": false
+    },
+    "result_log_fields": [
+      "run_id",
+      "loaded_metadata",
+      "state_path",
+      "terminal_status",
+      "last_checkpoint",
+      "route_expectation_source",
+      "proof_evidence_present",
+      "proof_json_urls",
+      "screenshots",
+      "forbidden_terminal_markers_seen"
+    ],
+    "cases": [
+      {
+        "id": "home-to-proof-route-change-pass",
+        "tool": "riddle_proof_change",
+        "intent": "Start on the production home page, click the visible Proof navigation link, and prove the terminal route is /proof/.",
+        "params": {
+          "verification_mode": "interaction",
+          "server_path": "/",
+          "wait_for_selector": "main#main-content",
+          "capture_script_contract": [
+            "goto https://riddledc.com/",
+            "wait for main#main-content",
+            "click a visible Proof link whose href includes /proof",
+            "wait for terminal URL https://riddledc.com/proof/",
+            "return riddle-proof.interaction.v1 evidence with start, action, terminal, assertions, and routeExpectationSource=capture_script.expectedUrl",
+            "save screenshot after-proof"
+          ]
+        },
+        "expect": {
+          "terminal_status": "ready_to_ship",
+          "terminal_path": "/proof/",
+          "proof_evidence_present": true,
+          "route_expectation_source": "capture_script.expectedUrl",
+          "forbidden_terminal_markers": []
+        }
+      },
+      {
+        "id": "proof-to-home-route-change-pass",
+        "tool": "riddle_proof_change",
+        "intent": "Start on /proof/, click the visible Riddle/Home root navigation link, and prove the terminal route is /.",
+        "params": {
+          "verification_mode": "interaction",
+          "prod_url": "https://riddledc.com/proof/",
+          "server_path": "/proof/",
+          "wait_for_selector": "main#main-content",
+          "capture_script_contract": [
+            "goto https://riddledc.com/proof/",
+            "wait for main#main-content",
+            "click the visible Riddle/Home nav link whose href is / or resolves to the site root",
+            "wait for terminal URL https://riddledc.com/",
+            "return riddle-proof.interaction.v1 evidence with nested terminal.expectedUrl and terminal.observedUrl",
+            "save screenshot after-home"
+          ]
+        },
+        "expect": {
+          "terminal_status": "ready_to_ship",
+          "terminal_path": "/",
+          "proof_evidence_present": true,
+          "route_expectation_source": "capture_script.expectedUrl",
+          "forbidden_terminal_markers": []
+        }
+      },
+      {
+        "id": "pricing-query-hash-positive-pass",
+        "tool": "riddle_proof_change",
+        "intent": "Click into Pricing with a terminal query/hash expectation and prove slash, query, and hash are preserved.",
+        "params": {
+          "verification_mode": "interaction",
+          "server_path": "/",
+          "wait_for_selector": "main#main-content",
+          "expected_terminal_url": "https://riddledc.com/pricing/?rp_probe=1#pricing-probe",
+          "capture_script_contract": [
+            "start from https://riddledc.com/",
+            "navigate or click to the pricing route with ?rp_probe=1#pricing-probe",
+            "wait for https://riddledc.com/pricing/?rp_probe=1#pricing-probe",
+            "return structured evidence proving pathname /pricing/, search ?rp_probe=1, and hash #pricing-probe",
+            "save screenshot after-proof"
+          ]
+        },
+        "expect": {
+          "terminal_status": "ready_to_ship",
+          "terminal_url": "https://riddledc.com/pricing/?rp_probe=1#pricing-probe",
+          "proof_evidence_present": true,
+          "query_preserved": true,
+          "hash_preserved": true,
+          "forbidden_terminal_markers": []
+        }
+      },
+      {
+        "id": "pricing-query-hash-dropped-blocker",
+        "tool": "riddle_proof_change",
+        "intent": "Force a negative control where expected query/hash are dropped at terminal; this must block specifically as invalid browser evidence.",
+        "params": {
+          "verification_mode": "interaction",
+          "server_path": "/",
+          "wait_for_selector": "main#main-content",
+          "expected_terminal_url": "https://riddledc.com/pricing/?rp_probe=1#pricing-probe",
+          "forced_observed_terminal_url": "https://riddledc.com/pricing/",
+          "capture_script_contract": [
+            "record expected terminal URL with ?rp_probe=1#pricing-probe",
+            "intentionally observe or force terminal evidence for https://riddledc.com/pricing/",
+            "return riddle-proof.interaction.v1 evidence with expected and observed terminal URLs",
+            "save screenshot terminal-pricing-negative-control"
+          ]
+        },
+        "expect": {
+          "terminal_status": "blocked",
+          "last_checkpoint": "verify_capture_blocked",
+          "blocker_code": "verify_capture_blocked",
+          "capture_decision": "failed_interaction_capture",
+          "observed_terminal_url": "https://riddledc.com/pricing/",
+          "forbidden_terminal_markers": [
+            "ready_to_ship",
+            "codex_invalid_json",
+            "codex_timeout",
+            "max_iterations_reached",
+            "checkpoint_response_without_packet"
+          ]
+        }
+      },
+      {
+        "id": "no-diff-prod-audit-pass",
+        "tool": "riddle_proof_change",
+        "intent": "Audit the live production home page without implementation or PR handoff, and prove the current target evidence directly.",
+        "params": {
+          "verification_mode": "interaction",
+          "implementation_mode": "none",
+          "require_diff": false,
+          "allow_code_changes": false,
+          "ship_mode": "none",
+          "server_path": "/",
+          "wait_for_selector": "main#main-content",
+          "capture_script_contract": [
+            "use the current production target only",
+            "do not request implementation or git diff",
+            "prove main#main-content and expected home-page content are visible",
+            "return structured evidence and save screenshot after-proof"
+          ]
+        },
+        "expect": {
+          "terminal_status": "ready_to_ship",
+          "ship_handoff": "none",
+          "implementation_attempted": false,
+          "proof_evidence_present": true,
+          "forbidden_terminal_markers": []
+        }
+      },
+      {
+        "id": "missing-selector-timeout-blocker",
+        "tool": "riddle_proof_change",
+        "intent": "Use a missing selector in capture and require a specific Playwright selector timeout in terminal evidence.",
+        "params": {
+          "verification_mode": "interaction",
+          "server_path": "/",
+          "wait_for_selector": "main#main-content",
+          "capture_script_contract": [
+            "start from https://riddledc.com/",
+            "try to click or scroll a selector that does not exist",
+            "use a short selector timeout",
+            "surface the exact Playwright timeout message in structured failure evidence"
+          ]
+        },
+        "expect": {
+          "terminal_status": "blocked",
+          "failure_kind": "specific_blocker",
+          "message_contains": "Timeout",
+          "forbidden_terminal_markers": [
+            "codex_invalid_json",
+            "codex_timeout",
+            "max_iterations_reached"
+          ]
+        }
+      },
+      {
+        "id": "thrown-error-specific-blocker",
+        "tool": "riddle_proof_change",
+        "intent": "Throw an intentional marker from capture and require the exact marker to survive in structured failure evidence.",
+        "params": {
+          "verification_mode": "interaction",
+          "server_path": "/",
+          "wait_for_selector": "main#main-content",
+          "capture_script_contract": [
+            "throw intentional-riddle-proof-regression-thrown-error from the capture script",
+            "preserve the exact marker in terminal evidence",
+            "do not convert the failure to generic Codex JSON/lifecycle failure"
+          ]
+        },
+        "expect": {
+          "terminal_status": "blocked",
+          "failure_kind": "specific_blocker",
+          "message_contains": "intentional-riddle-proof-regression-thrown-error",
+          "forbidden_terminal_markers": [
+            "codex_invalid_json",
+            "codex_timeout",
+            "max_iterations_reached"
+          ]
+        }
+      },
+      {
+        "id": "late-stale-checkpoint-ignored",
+        "tool": "riddle_proof_change + riddle_proof_review",
+        "intent": "Complete a terminal ready_to_ship proof, then submit a stale manual author checkpoint response after terminal status and preserve ready_to_ship.",
+        "steps": [
+          {
+            "tool": "riddle_proof_change",
+            "params": {
+              "verification_mode": "interaction",
+              "server_path": "/",
+              "wait_for_selector": "main#main-content",
+              "checkpoint_mode": "terminal_only",
+              "report_mode": "terminal_only",
+              "capture_script_contract": [
+                "complete the Home -> Proof route proof",
+                "terminalize as ready_to_ship before any manual checkpoint injection",
+                "record state_path and run_id from riddle_proof_status"
+              ]
+            },
+            "expect": {
+              "terminal_status": "ready_to_ship",
+              "proof_evidence_present": true
+            }
+          },
+          {
+            "tool": "riddle_proof_review",
+            "after": "terminal ready_to_ship",
+            "params_template": {
+              "state_path": "${state_path}",
+              "decision": "continue_checkpoint",
+              "summary": "Submit stale checkpoint response after terminal ready_to_ship.",
+              "checkpoint_response": {
+                "version": "riddle-proof.checkpoint_response.v1",
+                "run_id": "${run_id}",
+                "checkpoint": "author_supervisor_judgment",
+                "decision": "author_packet",
+                "summary": "Late stale author packet after terminal ready_to_ship.",
+                "payload": {
+                  "proof_plan": "STALE PACKET: do not resume. This packet is intentionally late and should not alter a terminal run.",
+                  "capture_script": "return { passed: true, staleManualCheckpointProbe: true };"
+                }
+              }
+            },
+            "expect": {
+              "terminal_status": "ready_to_ship",
+              "ignored_checkpoint_response": true,
+              "background_resume_started": false,
+              "forbidden_terminal_markers": [
+                "checkpoint_response_without_packet",
+                "max_iterations_reached",
+                "codex_invalid_json"
+              ]
+            }
+          }
+        ],
+        "expect": {
+          "terminal_status": "ready_to_ship",
+          "ignored_checkpoint_response": true,
+          "background_resume_started": false,
+          "forbidden_terminal_markers": [
+            "checkpoint_response_without_packet",
+            "max_iterations_reached",
+            "codex_invalid_json"
+          ]
+        }
+      }
+    ]
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@riddledc/riddle-proof",
-  "version": "0.8.15",
+  "version": "0.8.17",
   "description": "Reusable Riddle Proof contracts and helpers for evidence-backed agent changes.",
   "license": "MIT",
   "author": "RiddleDC",
@@ -227,6 +227,6 @@
     "build": "tsup src/index.ts src/types.ts src/result.ts src/state.ts src/checkpoint.ts src/run-card.ts src/runner.ts src/engine-harness.ts src/codex-exec-agent.ts src/local-agent.ts src/cli.ts src/cli/index.ts src/diagnostics.ts src/proof-session.ts src/playability.ts src/basic-gameplay.ts src/profile.ts src/profile/index.ts src/openclaw.ts src/proof-run-core.ts src/proof-run-engine.ts src/riddle-client.ts src/runtime/riddle-client.ts src/spec/index.ts src/spec/types.ts src/spec/result.ts src/spec/state.ts src/spec/checkpoint.ts src/spec/run-card.ts src/runtime/index.ts src/app-contract/index.ts src/advanced/index.ts src/advanced/runner.ts src/advanced/engine-harness.ts src/advanced/proof-run-core.ts src/advanced/proof-run-engine.ts src/adapters/openclaw.ts src/adapters/local-agent.ts src/adapters/codex-exec-agent.ts src/adapters/codex.ts --format cjs,esm --dts --out-dir dist --clean",
     "clean": "rm -rf dist",
     "lint": "echo 'lint: (not configured)'",
-    "test": "npm run build && node test.js && node proof-run.test.js && node trust-boundary.test.js && python3 runtime/tests/trust_boundary_regression.py"
+    "test": "npm run build && node test.js && node proof-run.test.js && node trust-boundary.test.js && node regression-packs.test.js && python3 runtime/tests/trust_boundary_regression.py"
   }
 }

package/runtime/lib/verify.py

@@ -2109,6 +2109,8 @@ FULL_LOCATION_PATH_KEYS = (
     'afterUrl', 'after_url',
     'finalUrl', 'final_url',
     'currentUrl', 'current_url',
+    'observedUrl', 'observed_url',
+    'actualUrl', 'actual_url',
     'pathWithSearchAndHash', 'path_with_search_and_hash',
     'fullPath', 'full_path',
 )
@@ -2116,6 +2118,8 @@ PARTIAL_LOCATION_PATH_KEYS = (
     'route',
     'path',
     'pathname',
+    'observedPath', 'observed_path',
+    'actualPath', 'actual_path',
     'normalizedPath', 'normalized_path',
     'rawPath', 'raw_path',
 )
@@ -2246,6 +2250,20 @@ def expected_terminal_path_from_record(record, depth=0):
                 candidate = expected_terminal_path_from_record(item, depth + 1)
                 if candidate:
                     return candidate
+    for key in AFTER_STATE_KEYS:
+        value = record.get(key)
+        if isinstance(value, dict):
+            candidate = (
+                record_path_candidate_for_keys(value, EXPECTED_TERMINAL_PATH_KEYS)
+                or expected_terminal_path_from_record(value, depth + 1)
+            )
+            if candidate:
+                return candidate
+        elif isinstance(value, list):
+            for item in value:
+                candidate = expected_terminal_path_from_record(item, depth + 1)
+                if candidate:
+                    return candidate
     for key in EVIDENCE_CONTAINER_KEYS:
         value = record.get(key)
         if isinstance(value, dict):

package/runtime/tests/recon_verify_smoke.py

@@ -488,6 +488,69 @@ class FakeRiddle:
                         'totalPixels': 972000,
                     },
                 }
+            if 'clickedHomeNavigationOcTerminalShape' in script:
+                page_state = {
+                    'bodyTextLength': 180,
+                    'visibleTextSample': 'Riddle Proof homepage hero Start Free',
+                    'interactiveElements': 4,
+                    'visibleInteractiveElements': 4,
+                    'pathname': '/',
+                    'href': 'https://riddledc.com/',
+                    'title': 'Riddle',
+                    'buttons': ['Start Free'],
+                    'headings': ['Riddle Proof'],
+                    'links': [],
+                    'canvasCount': 0,
+                    'largeVisibleElements': [{'tag': 'h1', 'text': 'Riddle Proof'}],
+                }
+                proof_evidence = {
+                    'version': 'riddle-proof.interaction.v1',
+                    'start': {
+                        'expectedUrl': 'https://riddledc.com/proof/',
+                        'expectedPath': '/proof/',
+                        'observedUrl': 'https://riddledc.com/proof/',
+                        'observedPath': '/proof/',
+                    },
+                    'action': {
+                        'type': 'click',
+                        'target': 'visible Riddle/Home nav link to root',
+                        'chosenText': 'Riddle',
+                        'chosenHref': '/',
+                        'clicked': True,
+                    },
+                    'terminal': {
+                        'expectedUrl': 'https://riddledc.com/',
+                        'expectedPath': '/',
+                        'routeExpectationSource': 'capture_script.expectedUrl',
+                        'observedUrl': 'https://riddledc.com/',
+                        'observedPath': '/',
+                        'pageReady': True,
+                    },
+                    'assertions': {
+                        'startedOnProofRoute': True,
+                        'clickedRootNavLink': True,
+                        'terminalUrlMatchedExpected': True,
+                        'terminalRouteMatchedRoot': True,
+                        'terminalMainVisible': True,
+                        'routeExpectationSourceMatched': True,
+                    },
+                    'errors': [],
+                }
+                return {
+                    'ok': True,
+                    'screenshots': [{'url': 'https://cdn.example.com/home-after.png'}],
+                    'outputs': [{'name': 'after-home.png', 'url': 'https://cdn.example.com/home-after.png'}],
+                    'result': {'pageState': page_state, 'proofEvidence': proof_evidence},
+                    'console': [
+                        'RIDDLE_PROOF_STATE:' + json.dumps(page_state),
+                        'RIDDLE_PROOF_EVIDENCE:' + json.dumps(proof_evidence),
+                    ],
+                    'visual_diff': {
+                        'diffPercentage': 1.2,
+                        'differentPixels': 12000,
+                        'totalPixels': 972000,
+                    },
+                }
             if 'clickedHomeNavigation' in script:
                 page_state = {
                     'bodyTextLength': 180,
@@ -2768,6 +2831,56 @@ def run_verify_interaction_reverse_terminal_route_from_proof_evidence():
         shutil.rmtree(tempdir, ignore_errors=True)
 
 
+def run_verify_interaction_reverse_terminal_expected_url_from_nested_terminal_evidence():
+    tempdir = Path(tempfile.mkdtemp(prefix='riddle-proof-interaction-reverse-oc-shape-'))
+    state_path = tempdir / 'state.json'
+    try:
+        state = base_state(tempdir, reference='prod')
+        state.update({
+            'recon_status': 'ready_for_proof_plan',
+            'author_status': 'ready',
+            'proof_plan_status': 'ready',
+            'implementation_status': 'not_required',
+            'verification_mode': 'interaction',
+            'implementation_mode': 'none',
+            'require_diff': False,
+            'allow_code_changes': False,
+            'server_path': '/proof/',
+            'prod_url': 'https://riddledc.com/proof/',
+            'prod_cdn': 'https://cdn.example.com/prod-proof.png',
+            'proof_plan': 'Start on the proof page, click the visible Riddle/Home root nav link, and trust the structured evidence for the terminal route.',
+            'capture_script': "clickedHomeNavigationOcTerminalShape(); await saveScreenshot('after-home');",
+            'recon_results': {
+                'baselines': {'prod': {'path': '/proof/', 'url': 'https://cdn.example.com/prod-proof.png'}},
+            },
+        })
+        write_state(state_path, state)
+        os.environ['RIDDLE_PROOF_STATE_FILE'] = str(state_path)
+
+        fake = FakeRiddle()
+        load_util_with_fake(fake)
+        load_module('verify_interaction_reverse_terminal_nested_expected_url', VERIFY_PATH)
+        after_verify = json.loads(state_path.read_text())
+
+        assert after_verify['verify_status'] == 'evidence_captured'
+        assert after_verify['route_expectation']['source'] == 'proof_evidence_contract'
+        assert after_verify['route_expectation']['start_path'] == '/proof'
+        assert after_verify['route_expectation']['expected_path'] == '/'
+        route = after_verify['proof_assessment_request']['semantic_context']['route']
+        assert route['expected_start_path'] == '/proof'
+        assert route['expected_after_path'] == '/'
+        assert route['after_observed_path'] == '/'
+        assert 'wrong route' not in after_verify['verify_results']['after']['observation']['reason']
+        return {
+            'ok': True,
+            'expected_path': after_verify['route_expectation']['expected_path'],
+            'after_observed_path': route['after_observed_path'],
+            'source': after_verify['route_expectation']['source'],
+        }
+    finally:
+        shutil.rmtree(tempdir, ignore_errors=True)
+
+
 def run_verify_interaction_prose_route_noise_uses_proof_evidence():
     tempdir = Path(tempfile.mkdtemp(prefix='riddle-proof-interaction-prose-noise-'))
     state_path = tempdir / 'state.json'
@@ -3553,6 +3666,7 @@ if __name__ == '__main__':
         'verify_interaction_terminal_route_from_proof_evidence': run_verify_interaction_terminal_route_from_proof_evidence(),
         'verify_interaction_proof_evidence_overrides_stale_expected_path': run_verify_interaction_proof_evidence_overrides_stale_expected_path(),
         'verify_interaction_reverse_terminal_route_from_proof_evidence': run_verify_interaction_reverse_terminal_route_from_proof_evidence(),
+        'verify_interaction_reverse_terminal_expected_url_from_nested_terminal_evidence': run_verify_interaction_reverse_terminal_expected_url_from_nested_terminal_evidence(),
         'verify_interaction_prose_route_noise_uses_proof_evidence': run_verify_interaction_prose_route_noise_uses_proof_evidence(),
         'verify_interaction_hash_terminal_route_from_proof_evidence': run_verify_interaction_hash_terminal_route_from_proof_evidence(),
         'verify_interaction_authored_query_hash_mismatch_blocks_with_evidence': run_verify_interaction_authored_query_hash_mismatch_blocks_with_evidence(),

package/runtime/tests/trust_boundary_regression.py

@@ -37,6 +37,12 @@ CASES = [
         'function': 'run_verify_interaction_reverse_terminal_route_from_proof_evidence',
         'expected_terminal': 'pass',
     },
+    {
+        'name': 'route-change-reverse-nested-terminal-url-pass',
+        'covers': ['route-changing interactions', 'proof-evidence-present'],
+        'function': 'run_verify_interaction_reverse_terminal_expected_url_from_nested_terminal_evidence',
+        'expected_terminal': 'pass',
+    },
     {
         'name': 'route-prose-noise-ignored',
         'covers': ['route-changing interactions', 'proof-evidence-present'],