@riddledc/riddle-proof 0.8.41 → 0.8.43

package/dist/advanced/index.d.cts

@@ -1,5 +1,5 @@
 export { b as runner } from '../runner-4LJ5z0D-.cjs';
 export { l as engineHarness } from '../engine-harness-LBfqbFSe.cjs';
 export { p as proofRunCore } from '../proof-run-core-B1GeqkR8.cjs';
-export { p as proofRunEngine } from '../proof-run-engine-DYUu2mqY.cjs';
+export { p as proofRunEngine } from '../proof-run-engine-4dM37pEx.cjs';
 import '../types.cjs';

package/dist/advanced/index.d.ts

@@ -1,5 +1,5 @@
 export { b as runner } from '../runner-BdQpOkZD.js';
 export { l as engineHarness } from '../engine-harness-CMACHP6A.js';
 export { p as proofRunCore } from '../proof-run-core-B1GeqkR8.js';
-export { p as proofRunEngine } from '../proof-run-engine-BmNYuOJ7.js';
+export { p as proofRunEngine } from '../proof-run-engine-BqaeqAze.js';
 import '../types.js';

package/dist/advanced/proof-run-engine.d.cts

@@ -1,2 +1,2 @@
-export { R as RiddleProofEngine, c as createRiddleProofEngine, e as executeWorkflow } from '../proof-run-engine-DYUu2mqY.cjs';
+export { R as RiddleProofEngine, c as createRiddleProofEngine, e as executeWorkflow } from '../proof-run-engine-4dM37pEx.cjs';
 import '../proof-run-core-B1GeqkR8.cjs';

package/dist/advanced/proof-run-engine.d.ts

@@ -1,2 +1,2 @@
-export { R as RiddleProofEngine, c as createRiddleProofEngine, e as executeWorkflow } from '../proof-run-engine-BmNYuOJ7.js';
+export { R as RiddleProofEngine, c as createRiddleProofEngine, e as executeWorkflow } from '../proof-run-engine-BqaeqAze.js';
 import '../proof-run-core-B1GeqkR8.js';

package/dist/{proof-run-engine-DYUu2mqY.d.cts → proof-run-engine-4dM37pEx.d.cts}

@@ -292,7 +292,7 @@ declare function executeWorkflow(params: WorkflowParams, pluginConfig: any, reso
     blocking?: boolean;
     details?: Record<string, unknown>;
     ok: boolean;
-    action: "setup" | "recon" | "author" | "implement" | "verify" | "ship" | "run";
+    action: "author" | "recon" | "ship" | "implement" | "verify" | "setup" | "run";
     state_path: string;
     stage: any;
     summary: string;
@@ -382,7 +382,7 @@ declare function executeWorkflow(params: WorkflowParams, pluginConfig: any, reso
     continueWithStage?: WorkflowStage | null;
     blocking?: boolean;
     details?: Record<string, unknown>;
-    action: "setup" | "recon" | "author" | "implement" | "verify" | "ship" | "run";
+    action: "author" | "recon" | "ship" | "implement" | "verify" | "setup" | "run";
     state_path: string;
     stage: any;
     checkpoint: string;
@@ -659,7 +659,7 @@ declare function executeWorkflow(params: WorkflowParams, pluginConfig: any, reso
     error?: undefined;
 } | {
     ok: boolean;
-    action: "setup" | "recon" | "author" | "implement" | "verify" | "ship";
+    action: "author" | "recon" | "ship" | "implement" | "verify" | "setup";
     state_path: string;
     stage: any;
     summary: string;

package/dist/{proof-run-engine-BmNYuOJ7.d.ts → proof-run-engine-BqaeqAze.d.ts}

@@ -292,7 +292,7 @@ declare function executeWorkflow(params: WorkflowParams, pluginConfig: any, reso
     blocking?: boolean;
     details?: Record<string, unknown>;
     ok: boolean;
-    action: "setup" | "recon" | "author" | "implement" | "verify" | "ship" | "run";
+    action: "author" | "recon" | "ship" | "implement" | "verify" | "setup" | "run";
     state_path: string;
     stage: any;
     summary: string;
@@ -382,7 +382,7 @@ declare function executeWorkflow(params: WorkflowParams, pluginConfig: any, reso
     continueWithStage?: WorkflowStage | null;
     blocking?: boolean;
     details?: Record<string, unknown>;
-    action: "setup" | "recon" | "author" | "implement" | "verify" | "ship" | "run";
+    action: "author" | "recon" | "ship" | "implement" | "verify" | "setup" | "run";
     state_path: string;
     stage: any;
     checkpoint: string;
@@ -659,7 +659,7 @@ declare function executeWorkflow(params: WorkflowParams, pluginConfig: any, reso
     error?: undefined;
 } | {
     ok: boolean;
-    action: "setup" | "recon" | "author" | "implement" | "verify" | "ship";
+    action: "author" | "recon" | "ship" | "implement" | "verify" | "setup";
     state_path: string;
     stage: any;
     summary: string;

package/dist/proof-run-engine.d.cts

@@ -1,2 +1,2 @@
 import './proof-run-core-B1GeqkR8.cjs';
-export { R as RiddleProofEngine, c as createRiddleProofEngine, e as executeWorkflow } from './proof-run-engine-DYUu2mqY.cjs';
+export { R as RiddleProofEngine, c as createRiddleProofEngine, e as executeWorkflow } from './proof-run-engine-4dM37pEx.cjs';

package/dist/proof-run-engine.d.ts

@@ -1,2 +1,2 @@
 import './proof-run-core-B1GeqkR8.js';
-export { R as RiddleProofEngine, c as createRiddleProofEngine, e as executeWorkflow } from './proof-run-engine-BmNYuOJ7.js';
+export { R as RiddleProofEngine, c as createRiddleProofEngine, e as executeWorkflow } from './proof-run-engine-BqaeqAze.js';

package/examples/regression-packs/oc-flow-regression.json

@@ -4,8 +4,8 @@
   "public_name": "Riddle Proof OC Flow Regression Pack",
   "description": "Reusable regression pack for the trust boundary between browser evidence, verifier judgment, retry policy, wrapper checkpoint handling, and terminal status.",
   "minimum_versions": {
-    "@riddledc/openclaw-riddle-proof": "0.4.146",
-    "@riddledc/riddle-proof": "0.8.18"
+    "@riddledc/openclaw-riddle-proof": "0.4.155",
+    "@riddledc/riddle-proof": "0.8.43"
   },
   "runtime_gate": {
     "tool": "riddle_proof_status",
@@ -287,7 +287,7 @@
             "wait for main#main-content",
             "click a visible Proof link whose href includes /proof",
             "wait for terminal URL https://riddledc.com/proof/",
-            "return riddle-proof.interaction.v1 evidence with start, action, terminal, assertions, and routeExpectationSource=capture_script.expectedUrl",
+            "return riddle-proof.interaction.v1 evidence with start, action, terminal, assertions, and routeExpectationSource=expected_terminal_path",
             "save screenshot after-proof"
           ]
         },
@@ -295,7 +295,7 @@
           "terminal_status": "ready_to_ship",
           "terminal_path": "/proof/",
           "proof_evidence_present": true,
-          "route_expectation_source": "capture_script.expectedUrl",
+          "route_expectation_source": "expected_terminal_path",
           "forbidden_terminal_markers": []
         }
       },
@@ -321,7 +321,7 @@
           "terminal_status": "ready_to_ship",
           "terminal_path": "/",
           "proof_evidence_present": true,
-          "route_expectation_source": "capture_script.expectedUrl",
+          "route_expectation_source": "expected_terminal_path",
           "forbidden_terminal_markers": []
         }
       },
@@ -386,9 +386,9 @@
       {
         "id": "no-diff-prod-audit-pass",
         "tool": "riddle_proof_change",
-        "intent": "Audit the live production home page without implementation or PR handoff, and prove the current target evidence directly.",
+        "intent": "Audit the live production home page without implementation or PR handoff, and prove the current target visually without any browser interaction.",
         "params": {
-          "verification_mode": "interaction",
+          "verification_mode": "visual",
           "implementation_mode": "none",
           "require_diff": false,
           "allow_code_changes": false,
@@ -398,15 +398,18 @@
           "capture_script_contract": [
             "use the current production target only",
             "do not request implementation or git diff",
+            "do not click, type, submit, copy, navigate, or interact with any button or link",
             "prove main#main-content and expected home-page content are visible",
-            "return structured evidence and save screenshot after-proof"
+            "save screenshot after-proof and treat this as a passive visual/no-diff audit, not an interaction proof"
           ]
         },
         "expect": {
           "terminal_status": "ready_to_ship",
           "ship_handoff": "none",
           "implementation_attempted": false,
-          "proof_evidence_present": true,
+          "proof_evidence_required": false,
+          "screenshot_required": true,
+          "browser_interaction_performed": false,
           "forbidden_terminal_markers": []
         }
       },
@@ -473,16 +476,22 @@
               "verification_mode": "interaction",
               "server_path": "/",
               "wait_for_selector": "main#main-content",
+              "expected_terminal_url": "https://riddledc.com/proof/",
               "checkpoint_mode": "terminal_only",
               "report_mode": "terminal_only",
               "capture_script_contract": [
-                "complete the Home -> Proof route proof",
+                "complete the Home -> Proof route proof by clicking the visible Proof nav link only",
+                "do not click Docs, Pricing, MCP, Blog, Playground, Copy, or any other link or button",
+                "terminal URL must be https://riddledc.com/proof/ and terminal path must be /proof",
                 "terminalize as ready_to_ship before any manual checkpoint injection",
                 "record state_path and run_id from riddle_proof_status"
               ]
             },
             "expect": {
               "terminal_status": "ready_to_ship",
+              "terminal_url": "https://riddledc.com/proof/",
+              "terminal_path": "/proof",
+              "route_expectation_source": "expected_terminal_path",
               "proof_evidence_present": true
             }
           },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@riddledc/riddle-proof",
-  "version": "0.8.41",
+  "version": "0.8.43",
   "description": "Reusable Riddle Proof contracts and helpers for evidence-backed agent changes.",
   "license": "MIT",
   "author": "RiddleDC",

package/runtime/lib/recon.py

@@ -20,6 +20,7 @@ from util import (  # noqa: E402
     build_capture_script,
     capture_static_preview,
     capture_viewport_matrix_status,
+    compose_remote_capture_url,
     enrich_capture_payload,
     has_auth_context,
     invoke_retry,
@@ -41,6 +42,7 @@ MIN_CANVAS_AREA = 50000
 HYDRATION_WAIT_MS = 1500
 PAGE_STATE_PREFIX = 'RIDDLE_PROOF_STATE:'
 PROOF_EVIDENCE_PREFIX = 'RIDDLE_PROOF_EVIDENCE:'
+INTERACTION_VERIFICATION_MODES = {'interaction', 'flow', 'browser_interaction'}
 
 s = load_state()
 after_dir = (s.get('after_worktree') or '').strip()
@@ -808,7 +810,7 @@ def capture_workspace_baseline(project_dir, label, plan, capture_script=''):
 
 
 def capture_prod_baseline(prod_url, plan, capture_script=''):
-    target_url = (prod_url or '').strip()
+    target_url = prod_capture_target_url(prod_url, plan)
     if not target_url:
         raise SystemExit('Requested prod baseline in recon, but prod_url is missing.')
     wait_for_selector = (plan.get('wait_for_selector') or '').strip()
@@ -821,7 +823,7 @@ def capture_prod_baseline(prod_url, plan, capture_script=''):
     append_capture_diagnostic(s, 'prod', 'riddle_script', args, shot)
     record_recon_phase('prod_capture', 'completed', 'Production recon baseline capture completed.')
     return {
-        'source': 'prod_url',
+        'source': 'prod_url_with_target_path' if target_url != (prod_url or '').strip() else 'prod_url',
         'mode': 'remote',
         'path': normalize_observed_path(target_url) or (plan.get('target_path') or '/'),
         'capture_url': target_url,
@@ -831,6 +833,19 @@ def capture_prod_baseline(prod_url, plan, capture_script=''):
     }
 
 
+def interaction_verification_mode():
+    return str(s.get('verification_mode') or '').strip().lower() in INTERACTION_VERIFICATION_MODES
+
+
+def prod_capture_target_url(prod_url, plan):
+    target_path = str((plan or {}).get('target_path') or '').strip()
+    has_explicit_start_route = bool(
+        str(s.get('server_path') or s.get('expected_start_path') or '').strip()
+        and (str(s.get('server_path_source') or '').strip() or interaction_verification_mode())
+    )
+    return compose_remote_capture_url(prod_url, target_path, explicit_target=has_explicit_start_route)
+
+
 def baseline_record(capture, observation):
     return {
         'source': capture.get('source'),
@@ -1066,7 +1081,7 @@ for label in required_baselines:
             expected_path = current_plan['target_path']
         else:
             capture = capture_prod_baseline(s.get('prod_url', ''), current_plan, capture_script='')
-            expected_path = urlparse(s.get('prod_url', '')).path or current_plan['target_path']
+            expected_path = normalize_observed_path(capture.get('capture_url')) or current_plan['target_path']
         observation = build_observation_packet(label, expected_path, capture=capture)
     except SystemExit:
         raise

package/runtime/lib/util.py

@@ -1,7 +1,7 @@
 """Shared helpers for Riddle Proof pipeline."""
 
 import hashlib, json, os, re, shlex, subprocess as sp, tempfile, time
-from urllib.parse import urljoin
+from urllib.parse import urljoin, urlparse, urlunparse
 from urllib.request import urlopen
 
 STATE_FILE = os.environ.get('RIDDLE_PROOF_STATE_FILE', '/tmp/riddle-proof-state.json')
@@ -86,6 +86,44 @@ def normalize_browser_path(value):
     return value.lower() or '/'
 
 
+def compose_remote_capture_url(base_url, target_path='', explicit_target=False):
+    """Resolve a remote capture URL against an explicit browser route.
+
+    prod_url identifies the deployed origin, but interaction proofs may start on
+    a route such as /proof/ before navigating elsewhere. In that case recon must
+    capture the start route, not merely the prod_url root.
+    """
+    base = str(base_url or '').strip()
+    target = str(target_path or '').strip()
+    if not base or not target.startswith('/'):
+        return base
+
+    parsed_base = urlparse(base)
+    if not parsed_base.scheme or not parsed_base.netloc:
+        return base
+
+    parsed_target = urlparse(target)
+    target_browser_path = parsed_target.path or '/'
+    if not target_browser_path.startswith('/'):
+        target_browser_path = '/' + target_browser_path.lstrip('/')
+
+    if not explicit_target:
+        base_browser_path = parsed_base.path or '/'
+        if normalize_browser_path(target_browser_path) in ('', '/') and normalize_browser_path(base_browser_path) != '/':
+            return base
+        if normalize_browser_path(target_browser_path) == normalize_browser_path(base_browser_path):
+            return base
+
+    return urlunparse((
+        parsed_base.scheme,
+        parsed_base.netloc,
+        target_browser_path,
+        '',
+        parsed_target.query,
+        parsed_target.fragment,
+    ))
+
+
 def extract_browser_paths(text):
     paths = []
     for match in re.findall(r'/(?:[A-Za-z0-9._~%!$&\'()*+,;=:@-]+/?)+(?:\?[A-Za-z0-9._~%!$&\'()*+,;=:@/?-]*)?', str(text or '')):

package/runtime/tests/recon_verify_smoke.py

@@ -70,6 +70,35 @@ def load_module(name: str, path: Path):
     return module
 
 
+def run_recon_remote_prod_capture_uses_interaction_start_route():
+    util = load_module('riddle_proof_util_route_target_smoke', UTIL_PATH)
+    cases = [
+        (
+            util.compose_remote_capture_url('https://riddledc.com/', '/proof/', explicit_target=True),
+            'https://riddledc.com/proof/',
+        ),
+        (
+            util.compose_remote_capture_url('https://riddledc.com/', '/pricing/?rp_probe=1#pricing-probe', explicit_target=True),
+            'https://riddledc.com/pricing/?rp_probe=1#pricing-probe',
+        ),
+        (
+            util.compose_remote_capture_url('https://riddledc.com/proof/', '/', explicit_target=True),
+            'https://riddledc.com/',
+        ),
+        (
+            util.compose_remote_capture_url('https://riddledc.com/proof/', '/', explicit_target=False),
+            'https://riddledc.com/proof/',
+        ),
+    ]
+    for observed, expected in cases:
+        assert observed == expected, f'expected {expected}, got {observed}'
+    return {
+        'ok': True,
+        'remote_start_route': 'https://riddledc.com/proof/',
+        'query_hash_route': 'https://riddledc.com/pricing/?rp_probe=1#pricing-probe',
+    }
+
+
 class FakeRiddle:
     def __init__(self):
         self.calls = []

package/runtime/tests/trust_boundary_regression.py

@@ -19,6 +19,12 @@ def load_smoke_module():
 
 
 CASES = [
+    {
+        'name': 'recon-remote-prod-captures-interaction-start-route',
+        'covers': ['route-changing interactions', 'no-diff prod audits'],
+        'function': 'run_recon_remote_prod_capture_uses_interaction_start_route',
+        'expected_terminal': 'pass',
+    },
     {
         'name': 'route-change-forward-pass',
         'covers': ['route-changing interactions', 'proof-evidence-present'],