npm - @riddledc/riddle-proof - Versions diffs - 0.8.27 → 0.8.28 - Mend

@riddledc/riddle-proof 0.8.27 → 0.8.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/runtime/lib/setup.py +23 -4
package/runtime/lib/verify.py +41 -1
package/runtime/tests/recon_verify_smoke.py +110 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@riddledc/riddle-proof",
-  "version": "0.8.27",
+  "version": "0.8.28",
   "description": "Reusable Riddle Proof contracts and helpers for evidence-backed agent changes.",
   "license": "MIT",
   "author": "RiddleDC",

package/runtime/lib/setup.py CHANGED Viewed

@@ -213,6 +213,16 @@ def audit_no_diff_mode():
     )
+def interaction_verification_mode():
+    return str(s.get('verification_mode') or '').strip().lower() in (
+        'interaction',
+        'interactive',
+        'user_flow',
+        'user-flow',
+        'workflow',
+    )
 def remote_audit_mode():
     return bool(s.get('remote_audit')) or (
         not repo
@@ -560,10 +570,19 @@ if remote_audit_mode():
         'keyword_hits': [],
         'max_attempts': 0,
     }
-    s['author_status'] = 'ready'
-    s['proof_plan_status'] = 'ready'
-    s['proof_plan'] = (s.get('proof_plan') or 'Audit the current prod_url target and capture current evidence without requiring a repo diff.').strip()
-    if not (s.get('capture_script') or '').strip():
+    has_capture_script = bool((s.get('capture_script') or '').strip())
+    needs_authored_interaction_capture = interaction_verification_mode() and not has_capture_script
+    if needs_authored_interaction_capture:
+        s['author_status'] = 'needs_authoring'
+        s['proof_plan_status'] = 'needs_authoring'
+        s['proof_plan'] = (s.get('proof_plan') or '').strip()
+        s['author_summary'] = 'Remote interaction audit requires an authored browser interaction capture before verify.'
+        s['capture_script_source'] = ''
+    else:
+        s['author_status'] = 'ready'
+        s['proof_plan_status'] = 'ready'
+        s['proof_plan'] = (s.get('proof_plan') or 'Audit the current prod_url target and capture current evidence without requiring a repo diff.').strip()
+    if not has_capture_script and not needs_authored_interaction_capture:
         s['capture_script'] = 'await page.waitForTimeout(1500);'
         s['capture_script_source'] = 'default_remote_audit_current_target'
     s['dependency_install'] = {

package/runtime/lib/verify.py CHANGED Viewed

@@ -3711,7 +3711,47 @@ def build_supervisor_assessment_request(state, payload, after_observation, requi
 s = load_state()
 capture_script = (s.get('capture_script') or '').strip()
 no_implementation_mode = audit_no_diff_mode(s)
-if not capture_script and no_implementation_mode:
+initial_verification_mode = normalized_verification_mode(s.get('verification_mode'))
+if not capture_script and no_implementation_mode and initial_verification_mode in INTERACTION_MODES:
+    s['stage'] = 'verify'
+    s['verify_status'] = 'capture_incomplete'
+    s['merge_recommendation'] = 'do-not-merge'
+    s['structured_interaction_capture_failure_summary'] = (
+        'Interaction verification requires an authored browser interaction capture script; '
+        'the default remote audit current-target capture is passive and cannot prove an interaction.'
+    )
+    s['verify_summary'] = s['structured_interaction_capture_failure_summary']
+    s['proof_summary'] = s['structured_interaction_capture_failure_summary']
+    s['proof_assessment'] = {}
+    s['proof_assessment_source'] = None
+    s['proof_assessment_request'] = {}
+    s['verify_decision_request'] = {
+        'status': s['verify_status'],
+        'summary': s['structured_interaction_capture_failure_summary'],
+        'expected_path': s.get('expected_terminal_path') or s.get('requested_expected_terminal_path') or s.get('server_path') or '/',
+        'expected_start_path': s.get('expected_start_path') or s.get('server_path') or '/',
+        'route_expectation': s.get('route_expectation') or {},
+        'capture_quality': {
+            'decision': 'failed_interaction_capture',
+            'summary': s['structured_interaction_capture_failure_summary'],
+            'recommended_stage': None,
+            'continue_with_stage': None,
+            'blocking': True,
+            'terminal_blocker': True,
+            'reasons': [s['structured_interaction_capture_failure_summary']],
+        },
+        'next_stage_options': ['author', 'verify', 'recon'],
+        'recommended_stage': None,
+        'continue_with_stage': None,
+        'fields_agent_may_update': ['proof_plan', 'capture_script', 'server_path', 'wait_for_selector'],
+        'instructions': [
+            'Author a real Playwright browser interaction capture script before retrying verify.',
+            'Do not use the default remote audit current-target capture for interaction verification.',
+        ],
+    }
+    save_state(s)
+    raise SystemExit(s['structured_interaction_capture_failure_summary'])
+elif not capture_script and no_implementation_mode:
     capture_script = 'await page.waitForTimeout(1500);'
     s['capture_script'] = capture_script
     s['capture_script_source'] = s.get('capture_script_source') or 'default_remote_audit_current_target'

package/runtime/tests/recon_verify_smoke.py CHANGED Viewed

@@ -1658,6 +1658,61 @@ def run_remote_audit_setup_without_repo():
         shutil.rmtree(tempdir, ignore_errors=True)
+def run_remote_interaction_audit_setup_requires_authoring():
+    tempdir = Path(tempfile.mkdtemp(prefix='riddle-proof-remote-interaction-audit-'))
+    args_path = tempdir / 'args.json'
+    state_path = tempdir / 'state.json'
+    try:
+        args_path.write_text(json.dumps({
+            'repo': '',
+            'mode': 'server',
+            'reference': 'both',
+            'prod_url': 'https://riddledc.com/',
+            'change_request': 'Verify Home -> Proof navigation. Start at https://riddledc.com/. Click the visible Proof nav link. Expected terminal URL is https://riddledc.com/proof/.',
+            'commit_message': '',
+            'success_criteria': 'Terminal URL is https://riddledc.com/proof/ and structured proof evidence is present.',
+            'verification_mode': 'interaction',
+            'implementation_mode': 'none',
+            'require_diff': False,
+            'allow_code_changes': False,
+            'server_image': 'node:20-slim',
+            'server_command': 'npm start',
+            'server_port': '3000',
+        }, indent=2))
+        with temporary_env(
+            RIDDLE_PROOF_ARGS_FILE=str(args_path),
+            RIDDLE_PROOF_STATE_FILE=str(state_path),
+        ):
+            sys.modules.pop('util', None)
+            load_module('util_remote_interaction_audit_preflight', UTIL_PATH)
+            load_module('preflight_remote_interaction_audit', PREFLIGHT_PATH)
+            sys.modules.pop('util', None)
+            try:
+                load_module('setup_remote_interaction_audit', SETUP_PATH)
+            except SystemExit as exc:
+                assert exc.code in (0, None), exc
+        state = json.loads(state_path.read_text())
+        assert state['remote_audit'] is True
+        assert state['workspace_ready'] is True
+        assert state['reference'] == 'prod'
+        assert state['implementation_status'] == 'not_required'
+        assert state['server_path'] == '/'
+        assert state['recon_status'] == 'ready_for_proof_plan'
+        assert state['author_status'] == 'needs_authoring'
+        assert state['proof_plan_status'] == 'needs_authoring'
+        assert state.get('capture_script', '') == ''
+        assert state.get('capture_script_source', '') == ''
+        assert 'requires an authored browser interaction capture' in state['author_summary']
+        return {
+            'ok': True,
+            'author_status': state['author_status'],
+            'capture_script_source': state.get('capture_script_source', ''),
+        }
+    finally:
+        sys.modules.pop('util', None)
+        shutil.rmtree(tempdir, ignore_errors=True)
 def run_preflight_resumes_visual_proof_session():
     tempdir = Path(tempfile.mkdtemp(prefix='riddle-proof-preflight-session-'))
     args_path = tempdir / 'args.json'
@@ -2833,6 +2888,59 @@ def run_remote_audit_verify_uses_default_capture_script():
         shutil.rmtree(tempdir, ignore_errors=True)
+def run_remote_interaction_audit_verify_rejects_default_capture():
+    tempdir = Path(tempfile.mkdtemp(prefix='riddle-proof-remote-interaction-audit-verify-'))
+    state_path = tempdir / 'state.json'
+    try:
+        state = base_state(tempdir, reference='prod', prod_url='https://riddledc.com/')
+        state.update({
+            'remote_audit': True,
+            'workspace_kind': 'remote_audit',
+            'mode': 'server',
+            'recon_status': 'ready_for_proof_plan',
+            'author_status': 'ready',
+            'proof_plan_status': 'ready',
+            'implementation_status': 'not_required',
+            'implementation_mode': 'none',
+            'require_diff': False,
+            'allow_code_changes': False,
+            'verification_mode': 'interaction',
+            'server_path': '/',
+            'expected_start_path': '/',
+            'expected_terminal_path': '/proof',
+            'requested_expected_terminal_path': '/proof',
+            'proof_plan': 'Verify Home -> Proof navigation.',
+            'capture_script': '',
+            'recon_results': {'baselines': {}, 'mode': 'remote_audit'},
+        })
+        write_state(state_path, state)
+        os.environ['RIDDLE_PROOF_STATE_FILE'] = str(state_path)
+        fake = FakeRiddle()
+        load_util_with_fake(fake)
+        try:
+            load_module('verify_remote_interaction_audit_rejects_default_capture', VERIFY_PATH)
+        except SystemExit as exc:
+            assert 'requires an authored browser interaction capture script' in str(exc), exc
+        else:
+            raise AssertionError('interaction remote audit verify should reject missing capture_script')
+        after_verify = json.loads(state_path.read_text())
+        assert after_verify['verify_status'] == 'capture_incomplete'
+        assert after_verify.get('capture_script', '') == ''
+        assert after_verify.get('capture_script_source', '') == ''
+        assert after_verify['verify_decision_request']['capture_quality']['decision'] == 'failed_interaction_capture'
+        assert after_verify['verify_decision_request']['capture_quality']['blocking'] is True
+        assert 'default remote audit current-target capture is passive' in after_verify['structured_interaction_capture_failure_summary']
+        return {
+            'ok': True,
+            'verify_status': after_verify['verify_status'],
+            'capture_quality': after_verify['verify_decision_request']['capture_quality']['decision'],
+        }
+    finally:
+        shutil.rmtree(tempdir, ignore_errors=True)
 def run_verify_interaction_terminal_route_from_proof_evidence():
     tempdir = Path(tempfile.mkdtemp(prefix='riddle-proof-interaction-forward-'))
     state_path = tempdir / 'state.json'
@@ -3941,6 +4049,7 @@ if __name__ == '__main__':
     payload = {
         'preflight_reference_skip_reason': run_preflight_records_prod_reference_skip_reason(),
         'remote_audit_setup_without_repo': run_remote_audit_setup_without_repo(),
+        'remote_interaction_audit_setup_requires_authoring': run_remote_interaction_audit_setup_requires_authoring(),
         'preflight_resume_visual_proof_session': run_preflight_resumes_visual_proof_session(),
         'capture_artifact_enrichment': run_capture_artifact_enrichment(),
         'capture_diagnostics_redaction': run_capture_diagnostics_redact_sensitive_values(),
@@ -3966,6 +4075,7 @@ if __name__ == '__main__':
         'verify_preserves_proof_evidence_on_capture_script_error': run_verify_preserves_proof_evidence_on_capture_script_error(),
         'verify_capture_retry': run_verify_capture_retry(),
         'remote_audit_verify_uses_default_capture_script': run_remote_audit_verify_uses_default_capture_script(),
+        'remote_interaction_audit_verify_rejects_default_capture': run_remote_interaction_audit_verify_rejects_default_capture(),
         'verify_interaction_terminal_route_from_proof_evidence': run_verify_interaction_terminal_route_from_proof_evidence(),
         'verify_interaction_iife_structured_evidence_without_screenshot': run_verify_interaction_iife_structured_evidence_without_screenshot(),
         'verify_interaction_proof_evidence_overrides_stale_expected_path': run_verify_interaction_proof_evidence_overrides_stale_expected_path(),