@rtrentjones/greenlight 0.6.1 → 0.7.0

package/assets/skills/provider-docker/SKILL.md

@@ -0,0 +1,68 @@
+---
+name: provider-docker
+description: Docker host in a Greenlight setup — the `target: docker` runtime for stateful tools on a host you own (VPS/homelab) over SSH; a stable alternative to OCI's idle-reclaimed free tier. Use when wiring or debugging a docker-target tool.
+---
+
+# provider-docker
+
+`target: docker` runs a **stateful** tool on **a host you own** — a cheap VPS or a homelab box —
+instead of OCI's Always-Free tier. Same shape as `oci`: **the tool is provider-agnostic and just
+builds a container via GitHub→GHCR; Greenlight owns the tunnel + DNS** and deploys over SSH. Use it
+when you want the OCI loop without OCI's idle-reclaim — you trade "free" for "a host that stays up".
+
+## The model — GHCR image + SSH deploy + Cloudflare tunnel
+
+- **Build:** the tool repo's own CI builds + pushes the image to **GHCR** (free), exactly like oci
+  (`greenlight-build.yml`), then fires `repository_dispatch(deploy-<name>)` at the wrapper.
+- **Host:** a machine you own runs a **docker-compose** with the GHCR image **+ a cloudflared
+  service** using the tunnel token. You set this up **once** (the compute is yours — Greenlight does
+  NOT provision it).
+- **Deploy:** the wrapper's deploy listener SSHes the host and runs
+  `docker compose pull && docker compose up -d` (via `greenlight deploy <name>`), then verifies prod.
+- **Ingress:** the **same `tunnel` module as oci** — cloudflared dials out from the host, so no
+  inbound ports/firewall holes. DNS `<name>.<domain>` → the tunnel (the `tool` module).
+
+There is **no compute Terraform** (unlike oci's `oci-network` / `oci-container-instance`) — only the
+`tunnel` + `tool` (DNS) modules. The wrapper emits the `<name>_tunnel_token` output; put it in the
+host's compose env once.
+
+## Tokens — SSH connection (per-tool)
+
+The deploy creds are SSH facts, gathered onto the **wrapper** (they live only there):
+- `DOCKER_SSH_HOST` — hostname/IP of the host (required).
+- `DOCKER_SSH_KEY` — the deploy user's **private key** (PEM content; required).
+- `DOCKER_SSH_USER` — SSH user (optional, default `root`).
+- `DOCKER_SSH_PORT` — SSH port (optional, default `22`).
+
+All are **per-tool** (`DOCKER_SSH_HOST_<TOOL>`, …) so multiple docker tools can live on different
+hosts without colliding; the deploy workflow maps them to the unsuffixed env the adapter reads. No
+cheap verify (SSH reachability isn't a bearer fetch). Plus the option-B event-driven deploy PATs
+(same as oci): `GREENLIGHT_DISPATCH_TOKEN` on the tool repo, `GREENLIGHT_STATUS_TOKEN` (per-tool) on
+the wrapper. `Cloudflare Tunnel:Edit` is needed on `CLOUDFLARE_API_TOKEN` (as with oci).
+
+Gather: `greenlight secrets gather <tool> --repo <wrapper>` (DOCKER_SSH_* + status) and
+`--repo <tool>` (dispatch). Full reference:
+[tokens-reference.md](https://github.com/RTrentJones/greenlight/blob/main/docs/tokens-reference.md).
+
+## Deploy = SSH `compose pull && up -d`
+
+`greenlight deploy <tool>` (docker) writes `DOCKER_SSH_KEY` to a temp `600` file and runs
+`ssh … "cd <remoteDir> && docker compose pull && docker compose up -d"` (default remote dir
+`greenlight/<name>`; override with `DOCKER_COMPOSE_DIR`). The adapter does **not** build — the image
+is already on GHCR. Verify prod gates the signal on the new image actually serving.
+
+## Verify
+Usually an **MCP server**: `mode: mcp`, connect at `<name>.<domain>/mcp`. Keepalive health-checks
+`target: docker` (a plain GET); on an outage the keepalive Worker dispatches `remediate-<name>`,
+which simply **re-runs the SSH deploy** (no Always-Free box to recreate).
+
+## Gotchas
+- **The host is yours — Greenlight won't provision or patch it.** Keep Docker running and the
+  compose present; `up -d` + a `restart: unless-stopped` policy survives reboots.
+- **Tunnel token lives on the host.** The `<name>_tunnel_token` output must reach the host's
+  cloudflared (its compose env), set up once — the deploy step doesn't push it.
+- **SSH key hygiene.** Use a dedicated deploy key with least privilege; rotate it on a schedule
+  (nothing automated rotates it). `StrictHostKeyChecking=accept-new` trusts the host on first
+  connect — pin a known_hosts entry if you want stricter.
+- **Not free, but stable.** This is the deliberate trade vs oci: you pay for a host that doesn't get
+  idle-reclaimed. For ephemeral/throwaway MCP, `target: workers` is still the cheaper path.

package/dist/{agent-web-BG5ZIVAB.js → agent-web-JVJFUAIZ.js}

@@ -1,7 +1,9 @@
 import {
+  runScenario,
   verifyAgentWeb
-} from "./chunk-IYEIZYI5.js";
+} from "./chunk-2LAYOVFP.js";
 import "./chunk-QFKE5JKC.js";
 export {
+  runScenario,
   verifyAgentWeb
 };

package/dist/bin.js

@@ -9,12 +9,12 @@ import {
   scanSqlFiles,
   toExportResult,
   verifyAll
-} from "./chunk-MDG3MT34.js";
-import "./chunk-HX7VA25D.js";
+} from "./chunk-NFNVF4HV.js";
+import "./chunk-UMY5ZDOQ.js";
 import "./chunk-N3IKUCSF.js";
 import "./chunk-KP3Y6WRU.js";
-import "./chunk-IYEIZYI5.js";
-import "./chunk-3A6F2JNP.js";
+import "./chunk-2LAYOVFP.js";
+import "./chunk-C6NJHCRI.js";
 import "./chunk-QFKE5JKC.js";
 
 // src/commands/add.ts
@@ -150,6 +150,7 @@ function serializeTool(t) {
     parts.push(`tokenOverrides: { ${ov} }`);
   }
   if (t.dataShareWith !== void 0) parts.push(`dataShareWith: ${q(t.dataShareWith)}`);
+  if (t.requireMigrationApproval) parts.push("requireMigrationApproval: true");
   return `    { ${parts.join(", ")} },`;
 }
 function serializeConfig(c) {
@@ -198,7 +199,8 @@ function addTool(config, t) {
         ...t.preview ? { preview: t.preview } : {},
         ...t.tokens?.length ? { tokens: t.tokens } : {},
         ...t.tokenOverrides && Object.keys(t.tokenOverrides).length ? { tokenOverrides: t.tokenOverrides } : {},
-        ...t.dataShareWith ? { dataShareWith: t.dataShareWith } : {}
+        ...t.dataShareWith ? { dataShareWith: t.dataShareWith } : {},
+        ...t.requireMigrationApproval ? { requireMigrationApproval: true } : {}
       }
     ]
   };
@@ -227,7 +229,8 @@ function upsertTool(config, t) {
     ...t.preview ? { preview: t.preview } : {},
     ...t.tokens?.length ? { tokens: t.tokens } : {},
     ...t.tokenOverrides && Object.keys(t.tokenOverrides).length ? { tokenOverrides: t.tokenOverrides } : {},
-    ...t.dataShareWith ? { dataShareWith: t.dataShareWith } : {}
+    ...t.dataShareWith ? { dataShareWith: t.dataShareWith } : {},
+    ...t.requireMigrationApproval ? { requireMigrationApproval: true } : {}
   };
   const tools = config.tools.some((x) => x.name === t.name) ? config.tools.map((x) => x.name === t.name ? entry : x) : [...config.tools, entry];
   const result = ConfigSchema.safeParse({ ...config, tools });
@@ -302,7 +305,14 @@ async function loadVerifySpecAt(relPath) {
   const path = resolve2(process.cwd(), relPath);
   if (!existsSync2(path)) return null;
   const jiti = createJiti(import.meta.url);
-  const mod = await jiti.import(path);
+  let mod;
+  try {
+    mod = await jiti.import(path);
+  } catch (e) {
+    throw new Error(
+      `Could not load verify spec ${relPath}: ${e instanceof Error ? e.message : String(e)}`
+    );
+  }
   const def = "default" in mod ? mod.default : mod;
   if (Array.isArray(def)) return def.map((s) => asSpec(relPath, s));
   return asSpec(relPath, def);
@@ -323,7 +333,7 @@ var PACKS = [
     always: true,
     // the zone/DNS provider + Workers (keepalive) for every Greenlight setup
     appliesTo: () => true,
-    guide: "docs/provider-tokens.md \u2014 CLOUDFLARE_API_TOKEN (Workers Scripts:Edit + Zone DNS:Edit + Cloudflare Tunnel:Edit for oci tools)",
+    guide: "docs/provider-tokens.md \u2014 CLOUDFLARE_API_TOKEN (Workers Scripts:Edit + Zone DNS:Edit + Cloudflare Tunnel:Edit for oci/docker tools)",
     setupUrl: "https://dash.cloudflare.com/profile/api-tokens",
     tokens: [
       {
@@ -333,7 +343,7 @@ var PACKS = [
           "Account \xB7 Workers Scripts \xB7 Edit",
           "Zone \xB7 DNS \xB7 Edit",
           "Account \xB7 Account Settings \xB7 Read",
-          "Account \xB7 Cloudflare Tunnel \xB7 Edit (only if a tool uses target: oci)"
+          "Account \xB7 Cloudflare Tunnel \xB7 Edit (only if a tool uses target: oci or docker)"
         ],
         verify: async (t) => {
           const auth = { Authorization: `Bearer ${t}` };
@@ -569,6 +579,59 @@ var PACKS = [
     skill: "provider-oci",
     // DNS + tunnel + network (VCN/subnet) + compute; deploy = restart.
     tfModules: ["tool", "tunnel", "oci-network", "oci-container-instance"]
+  },
+  {
+    id: "docker",
+    name: "Docker host (SSH)",
+    appliesTo: (t) => t.target === "docker",
+    // A host YOU own (VPS / homelab) — a stable alternative to OCI's idle-reclaimed free tier for
+    // stateful tools. Build → GHCR (the tool's own CI, like oci); deploy = SSH `docker compose
+    // pull && up -d`; ingress via the same Cloudflare tunnel (a cloudflared service in the compose).
+    guide: "docs/provider-tokens.md \u2014 DOCKER_SSH_* (a host you own; build\u2192GHCR, deploy = ssh docker compose up)",
+    // No web console (SSH to a host you own) — point at the deep guide for how to mint a deploy key.
+    setupUrl: "https://github.com/RTrentJones/greenlight/blob/main/docs/provider-tokens.md",
+    tokens: [
+      // SSH connection facts. perTool so multiple docker tools can live on DIFFERENT hosts without
+      // colliding (the deploy workflow maps DOCKER_SSH_*_<TOOL> → the unsuffixed env the adapter reads).
+      // No cheap verify — SSH reachability isn't a bearer fetch.
+      {
+        envVar: "DOCKER_SSH_HOST",
+        label: "SSH host (hostname or IP of the Docker host)",
+        perTool: true
+      },
+      {
+        envVar: "DOCKER_SSH_KEY",
+        label: "SSH private key (PEM content) for the deploy user",
+        perTool: true
+      },
+      {
+        envVar: "DOCKER_SSH_USER",
+        label: "SSH user (default: root)",
+        optional: true,
+        perTool: true
+      },
+      { envVar: "DOCKER_SSH_PORT", label: "SSH port (default: 22)", optional: true, perTool: true },
+      // Option-B event-driven deploy (same model as oci): the TOOL repo builds→GHCR→dispatches, the
+      // WRAPPER's deploy listener SSHes the host + posts status back. dispatch → on the TOOL repo;
+      // status → on the WRAPPER (per-tool so multiple tools' status tokens don't collide).
+      {
+        envVar: "GREENLIGHT_DISPATCH_TOKEN",
+        label: "GitHub PAT, Contents:write on the WRAPPER (TOOL repo fires the deploy dispatch)",
+        optional: true,
+        setupUrl: "https://github.com/settings/personal-access-tokens/new"
+      },
+      {
+        envVar: "GREENLIGHT_STATUS_TOKEN",
+        label: "GitHub PAT, Commit statuses:write on the TOOL (WRAPPER posts deploy status back)",
+        optional: true,
+        perTool: true,
+        setupUrl: "https://github.com/settings/personal-access-tokens/new"
+      }
+    ],
+    skill: "provider-docker",
+    // DNS + tunnel only — the host (VM/homelab) is user-owned, so there is NO compute Terraform
+    // (unlike oci). The host runs the GHCR image + a cloudflared sidecar via docker compose.
+    tfModules: ["tool", "tunnel"]
   }
 ];
 function secretKeyFor(tok, toolName, overrides) {
@@ -602,7 +665,7 @@ function tokensForTool(tool) {
 }
 
 // src/version.ts
-var MODULE_REF = "v0.6.1";
+var MODULE_REF = "v0.7.0";
 var MODULE_SOURCE_BASE = "git::https://github.com/RTrentJones/greenlight.git//infra/modules";
 function moduleSource(module, ref = MODULE_REF) {
   return `${MODULE_SOURCE_BASE}/${module}?ref=${ref}`;
@@ -610,8 +673,25 @@ function moduleSource(module, ref = MODULE_REF) {
 
 // src/tf-emit.ts
 var hcl = (s) => s.replace(/\n{3,}/g, "\n\n").trimEnd();
+function assertHclSafe(fields) {
+  for (const [field, value] of Object.entries(fields)) {
+    if (value && /["\\\n]/.test(value)) {
+      throw new Error(
+        `refusing to emit Terraform: ${field} contains an invalid character ("${value}")`
+      );
+    }
+  }
+}
 function emitToolTf(opts) {
   const { name, domain, lane, target, data, envs, ref = MODULE_REF } = opts;
+  assertHclSafe({
+    name,
+    domain,
+    slug: opts.slug,
+    dataShareWith: opts.dataShareWith,
+    "tokenOverrides.SUPABASE_ACCESS_TOKEN": opts.tokenOverrides?.SUPABASE_ACCESS_TOKEN,
+    "tokenOverrides.NEON_API_KEY": opts.tokenOverrides?.NEON_API_KEY
+  });
   if (lane === "agent") {
     const suffix = data && data !== "none" ? `/${data}` : "";
     return `# ${name} \u2014 agent/${target}${suffix}, emitted by \`greenlight add\`.
@@ -626,6 +706,7 @@ function emitToolTf(opts) {
   const useNeon = data === "neon";
   const useVercel = target === "vercel";
   const useOci = target === "oci";
+  const useDocker = target === "docker";
   const supabaseOverride = opts.tokenOverrides?.SUPABASE_ACCESS_TOKEN;
   const neonOverride = opts.tokenOverrides?.NEON_API_KEY;
   const neonOwner = opts.dataShareWith ?? name;
@@ -633,6 +714,7 @@ function emitToolTf(opts) {
   const blocks = [];
   const assumes = ["var.cloudflare_zone_id"];
   if (useOci) assumes.push("var.cloudflare_account_id", "local.oci_compartment_id");
+  if (useDocker) assumes.push("var.cloudflare_account_id");
   if (useSupabase) assumes.push("var.supabase_organization_id");
   const ghcrOwner = (slug.split("/")[0] ?? "owner").toLowerCase();
   blocks.push(
@@ -810,7 +892,23 @@ variable "${name}_image" {
   description = "GHCR image for ${name} (built + pushed by ${slug}'s own CI)."
 }`);
   }
-  blocks.push(`# Subdomain DNS \u2014 CNAME ${name}/beta.${name} \u2192 ${useVercel ? "cname.vercel-dns.com" : useOci ? "the tunnel" : "the target"}.
+  if (useDocker) {
+    blocks.push(`# Self-hosted Docker target \u2014 a host YOU own (VPS/homelab). Only the Cloudflare tunnel + DNS are
+# Terraform here; the COMPUTE is the host (not managed by Greenlight). The tool's own CI builds +
+# pushes the image to GHCR; deploy = SSH \`docker compose pull && up -d\` (the docker adapter), with a
+# cloudflared service in the compose using \`${name}_tunnel_token\`. The tunnel routes ${name}.${domain}
+# \u2192 the container at localhost:${port}.
+module "${name}_tunnel" {
+  source = "${moduleSource("tunnel", ref)}"
+
+  account_id = var.cloudflare_account_id
+  name       = "${name}-tunnel"
+  ingress = [
+    { hostname = "${name}.${domain}", service = "http://localhost:${port}" },
+  ]
+}`);
+  }
+  blocks.push(`# Subdomain DNS \u2014 CNAME ${name}/beta.${name} \u2192 ${useVercel ? "cname.vercel-dns.com" : useOci || useDocker ? "the tunnel" : "the target"}.
 module "${name}_dns" {
   source = "${moduleSource("tool", ref)}"
 
@@ -821,7 +919,7 @@ module "${name}_dns" {
   lane        = "${lane}"
   target      = "${target}"
   data        = "${data}"
-  envs        = [${envList}]${useOci ? `
+  envs        = [${envList}]${useOci || useDocker ? `
   cname_target = module.${name}_tunnel.cname_target` : ""}${opts.external ? "\n  # External repo managed elsewhere; no GitHub envs here so CI stays single-repo.\n  manage_github_environments = false" : ""}
 }`);
   if (useSupabase) {
@@ -831,16 +929,22 @@ module "${name}_dns" {
   }
   const outputs = useVercel ? `output "${name}_prod_url" { value = module.${name}_vercel.prod_url }
 output "${name}_beta_url" { value = module.${name}_vercel.beta_url }` : `output "${name}_prod_url" { value = module.${name}_dns.prod_url }`;
-  blocks.push(
-    useOci ? `${outputs}
-output "${name}_tunnel_token" {
+  const tunnelTokenOutput = `output "${name}_tunnel_token" {
   value     = module.${name}_tunnel.token
   sensitive = true
-}
+}`;
+  blocks.push(
+    useOci ? `${outputs}
+${tunnelTokenOutput}
 output "${name}_container_instance_id" {
   value       = module.${name}_instance.container_instance_id
   description = "Set as OCI_CONTAINER_INSTANCE_OCID so \`greenlight deploy ${name}\` restarts it."
-}` : outputs
+}` : useDocker ? (
+      // The host's cloudflared needs this token (passed to the compose at deploy time); no
+      // container_instance_id (the host is user-owned, not an OCI instance Greenlight restarts).
+      `${outputs}
+${tunnelTokenOutput}`
+    ) : outputs
   );
   return `${hcl(blocks.join("\n\n"))}
 `;
@@ -1745,7 +1849,19 @@ function ociDeployAndVerifySteps(name) {
         # posted back is red. oci is verify-gated direct-to-prod (no cheap standing beta on free A1).
         run: pnpm exec greenlight verify ${name} --env prod`;
 }
-function deployListenerYml(name, toolRepo) {
+function dockerDeployAndVerifySteps(name) {
+  const SUF = name.toUpperCase().replace(/-/g, "_");
+  return `      - name: Deploy (SSH \`docker compose pull && up -d\` on the host)
+        env:
+          DOCKER_SSH_HOST: \${{ secrets.DOCKER_SSH_HOST_${SUF} }}
+          DOCKER_SSH_USER: \${{ secrets.DOCKER_SSH_USER_${SUF} }}
+          DOCKER_SSH_KEY: \${{ secrets.DOCKER_SSH_KEY_${SUF} }}
+          DOCKER_SSH_PORT: \${{ secrets.DOCKER_SSH_PORT_${SUF} }}
+        run: pnpm exec greenlight deploy ${name} --env prod
+      - name: Verify prod (gate the signal on real health, not just the restart)
+        run: pnpm exec greenlight verify ${name} --env prod`;
+}
+function deployListenerYml(name, toolRepo, deploySteps = ociDeployAndVerifySteps(name)) {
   return `name: greenlight-deploy-${name}
 
 # Option B: ${toolRepo} fires repository_dispatch(deploy-${name}) after pushing a new image.
@@ -1769,7 +1885,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: jdx/mise-action@v2
       - run: pnpm install --frozen-lockfile
-${ociDeployAndVerifySteps(name)}
+${deploySteps}
       - name: Report status back to ${toolRepo}
         if: \${{ always() && github.event.client_payload.sha != '' }}
         env:
@@ -1842,6 +1958,83 @@ ${ociDeployAndVerifySteps(name)}
             --label keepalive || true
 `;
 }
+function migrateWorkflowYml(name) {
+  const SUF = name.toUpperCase().replace(/-/g, "_");
+  return `name: greenlight-migrate-${name}
+
+# Manual-approval prod DB migration gate. Set the required reviewers on the \`${name}-prod\`
+# environment (the tool module's \`prod_reviewers\`, or repo Settings \u2192 Environments) \u2014 GitHub pauses
+# the job below until one approves. Move migrate OUT of the app/platform build into this gated job.
+on:
+  workflow_dispatch:
+  # Tip: gate the prod deploy on this \u2014 call it first, or make the deploy \`needs:\` a green run here.
+
+permissions:
+  contents: read
+
+concurrency:
+  group: migrate-${name}
+  cancel-in-progress: false
+
+jobs:
+  migrate:
+    runs-on: ubuntu-latest
+    # Required-reviewer gate: GitHub pauses here until a reviewer approves the ${name}-prod environment.
+    environment: ${name}-prod
+    steps:
+      - uses: actions/checkout@v4
+      - uses: jdx/mise-action@v2
+      - run: pnpm install --frozen-lockfile
+      - name: Scan migrations (block destructive SQL)
+        run: pnpm exec greenlight migrations scan --strict
+      - name: Apply prod migrations
+        env:
+          # Prod DIRECT (non-pooled) connection \u2014 set as a secret. Neon/Supabase expose a DIRECT_URL.
+          DIRECT_URL: \${{ secrets.DIRECT_URL_${SUF} }}
+        # TODO: replace with your migrate command against $DIRECT_URL, e.g.
+        #   pnpm drizzle-kit migrate   |   pnpm prisma migrate deploy
+        run: |
+          echo "::error::set the migrate command in greenlight-migrate-${name}.yml (drizzle-kit migrate / prisma migrate deploy)"
+          exit 1
+`;
+}
+function dockerRemediateYml(name) {
+  return `name: greenlight-remediate-${name}
+
+# Auto-heal: the keepalive Worker dispatches remediate-${name} when ${name} (docker) is unreachable.
+on:
+  repository_dispatch:
+    types: [remediate-${name}]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  issues: write
+
+# Same group as greenlight-deploy-${name}: a self-heal never overlaps a deploy or another heal.
+concurrency:
+  group: deploy-${name}
+  cancel-in-progress: false
+
+jobs:
+  remediate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: jdx/mise-action@v2
+      - run: pnpm install --frozen-lockfile
+${dockerDeployAndVerifySteps(name)}
+      - name: Escalate if the self-heal failed
+        if: \${{ failure() }}
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh issue create --repo \${{ github.repository }} \\
+            --title "remediate-${name}: self-heal FAILED" \\
+            --body "Automatic remediation for ${name} (reason: \${{ github.event.client_payload.reason }}) did not bring prod back. Manual attention needed." \\
+            --label keepalive || true
+`;
+}
 function verifyWorkflowYml(name) {
   return `name: greenlight-verify
 
@@ -1932,7 +2125,7 @@ async function adoptCommand(args) {
   const name = args[0];
   if (!name || name.startsWith("-")) {
     throw new Error(
-      "usage: greenlight adopt <name> --repo <url|path> --lane <l> --target <t> [--data --auth --envs] [--standalone]\n  default: wrap <repo> as a tools/<name> submodule + edit infra in this wrapper + push the loop kit into the tool repo.\n  --standalone: scaffold a full self-contained consumer into the tool repo (it owns its whole stack)."
+      "usage: greenlight adopt <name> --repo <url|path> --lane <l> --target <t> [--data --auth --envs] [--require-migration-approval] [--standalone]\n  default: wrap <repo> as a tools/<name> submodule + edit infra in this wrapper + push the loop kit into the tool repo.\n  --standalone: scaffold a full self-contained consumer into the tool repo (it owns its whole stack)."
     );
   }
   const repoArg = flag3(args, "--repo");
@@ -1943,6 +2136,7 @@ async function adoptCommand(args) {
   const data = flag3(args, "--data") ?? "none";
   const auth = flag3(args, "--auth") ?? "none";
   const envs = flag3(args, "--envs")?.split(",") ?? ["beta", "prod"];
+  const requireMigrationApproval = args.includes("--require-migration-approval");
   const { path: regPath, config: reg } = await loadManifest();
   if (regPath.endsWith(".example.ts")) {
     throw new Error(
@@ -1953,12 +2147,36 @@ async function adoptCommand(args) {
     throw new Error('"blog" is the apex site, not an adopted tool');
   }
   const domain = flag3(args, "--domain") ?? reg.domain;
-  const ctx = { name, repoArg, lane, target, data, auth, envs, domain, reg, regPath };
+  const ctx = {
+    name,
+    repoArg,
+    lane,
+    target,
+    data,
+    auth,
+    envs,
+    domain,
+    requireMigrationApproval,
+    reg,
+    regPath
+  };
   if (args.includes("--standalone")) return adoptStandalone(ctx);
   return adoptWrapper(ctx);
 }
 async function adoptWrapper(ctx) {
-  const { name, repoArg, lane, target, data, auth, envs, domain, reg, regPath } = ctx;
+  const {
+    name,
+    repoArg,
+    lane,
+    target,
+    data,
+    auth,
+    envs,
+    domain,
+    requireMigrationApproval,
+    reg,
+    regPath
+  } = ctx;
   const cwd = process.cwd();
   const toolRel = `tools/${name}`;
   const dest = resolve6(cwd, toolRel);
@@ -1988,17 +2206,18 @@ async function adoptWrapper(ctx) {
     dir: toolRel,
     external: true,
     adopted: true,
-    // oci has no built-in local serve — scaffold a `preview` descriptor so the uniform local gate
-    // (`greenlight preview <name>`) works. Default: a docker `preview` profile matching the prod
-    // transport (the tool adds that profile to its compose). Edit the command/port/path to fit.
-    ...target === "oci" ? {
+    // Container targets (oci/docker) have no built-in local serve — scaffold a `preview` descriptor
+    // so the uniform local gate (`greenlight preview <name>`) works. Default: a docker `preview`
+    // profile matching the prod transport (the tool adds that profile to its compose). Edit to fit.
+    ...target === "oci" || target === "docker" ? {
       preview: {
         command: "docker compose --profile preview up",
         teardown: "docker compose --profile preview down -v",
         port: 8e3,
         path: lane === "mcp" ? "/mcp" : ""
       }
-    } : {}
+    } : {},
+    ...requireMigrationApproval ? { requireMigrationApproval: true } : {}
   });
   writeFileSync3(regPath, serializeConfig(nextReg));
   console.log(
@@ -2023,16 +2242,17 @@ async function adoptWrapper(ctx) {
   }
   materializeAgentKit(dest, { lane, target, data });
   addGreenlightScript(dest);
-  if (target === "oci") {
+  if (target === "oci" || target === "docker") {
     const wrapperSlug = parseRepo(safeGit(cwd, ["remote", "get-url", "origin"])) ?? "OWNER/REPO";
+    const deploySteps = target === "docker" ? dockerDeployAndVerifySteps(name) : ociDeployAndVerifySteps(name);
     writeIfAbsent(
       join2(cwd, `.github/workflows/greenlight-deploy-${name}.yml`),
-      deployListenerYml(name, slug),
+      deployListenerYml(name, slug, deploySteps),
       `.github/workflows/greenlight-deploy-${name}.yml (wrapper deploy listener)`
     );
     writeIfAbsent(
       join2(cwd, `.github/workflows/greenlight-remediate-${name}.yml`),
-      remediateYml(name),
+      target === "docker" ? dockerRemediateYml(name) : remediateYml(name),
       `.github/workflows/greenlight-remediate-${name}.yml (wrapper self-heal listener)`
     );
     writeIfAbsent(
@@ -2053,6 +2273,13 @@ async function adoptWrapper(ctx) {
       `${toolRel}/.github/workflows/greenlight-verify.yml (verify on Vercel deployment_status)`
     );
   }
+  if (requireMigrationApproval && (data === "supabase" || data === "neon")) {
+    writeIfAbsent(
+      join2(dest, `.github/workflows/greenlight-migrate-${name}.yml`),
+      migrateWorkflowYml(name),
+      `${toolRel}/.github/workflows/greenlight-migrate-${name}.yml (gated prod migration)`
+    );
+  }
   console.log(`
 Next:
   (in the tool repo) commit the Greenlight kit + build workflow so they travel with the submodule:
@@ -2062,14 +2289,30 @@ Next:
     git commit && git push      # CI (infra.yml) applies. Tool's CI builds; wrapper deploys.${target === "oci" ? `
   Secrets (guided): greenlight secrets gather ${name} --repo <wrapper>   # TF_VAR_OCI_* + GREENLIGHT_STATUS_TOKEN
                     greenlight secrets gather ${name} --repo ${slug}   # GREENLIGHT_DISPATCH_TOKEN
-  The instance OCID is auto-resolved by the deploy workflow (by display name) \u2014 nothing to set.` : target === "vercel" ? `
+  The instance OCID is auto-resolved by the deploy workflow (by display name) \u2014 nothing to set.` : target === "docker" ? `
+  Secrets (guided): greenlight secrets gather ${name} --repo <wrapper>   # DOCKER_SSH_* + GREENLIGHT_STATUS_TOKEN
+                    greenlight secrets gather ${name} --repo ${slug}   # GREENLIGHT_DISPATCH_TOKEN
+  On the host (one-time): a docker-compose with the GHCR image + a cloudflared service using the
+  ${name}_tunnel_token output; the deploy listener SSHes it and runs \`docker compose pull && up -d\`.` : target === "vercel" ? `
   Deploy is Vercel's git integration (no wrapper deploy). The tool's greenlight-verify.yml verifies
   each deployment (deployment_status). Optional secrets on ${slug}:
     \xB7 VERCEL_AUTOMATION_BYPASS_SECRET_${name.toUpperCase().replace(/-/g, "_")}  (Vercel \u2192 project \u2192 Deployment Protection \u2192 Bypass for Automation) \u2192 verify asserts 200, not 401
     \xB7 ANTHROPIC_API_KEY \u2192 enables the agent-web scenarios in verify/${name}.config.ts (absent \u2192 api gate alone)` : ""}`);
 }
 async function adoptStandalone(ctx) {
-  const { name, repoArg, lane, target, data, auth, envs, domain, reg, regPath } = ctx;
+  const {
+    name,
+    repoArg,
+    lane,
+    target,
+    data,
+    auth,
+    envs,
+    domain,
+    requireMigrationApproval,
+    reg,
+    regPath
+  } = ctx;
   const repo = resolve6(process.cwd(), repoArg);
   if (!existsSync6(repo)) throw new Error(`no such repo: ${repo} (--standalone needs a local path)`);
   const regVendor = resolve6(process.cwd(), "vendor");
@@ -2081,7 +2324,17 @@ async function adoptStandalone(ctx) {
   }
   console.log(`adopting "${name}" (${lane}/${target}) into ${repo} (standalone)
 `);
-  const toolEntry = { name, lane, target, data, auth, envs, dir: ".", adopted: true };
+  const toolEntry = {
+    name,
+    lane,
+    target,
+    data,
+    auth,
+    envs,
+    dir: ".",
+    adopted: true,
+    ...requireMigrationApproval ? { requireMigrationApproval: true } : {}
+  };
   const toolConfig = addTool({ domain, alerts: { sink: "github-issue" }, tools: [] }, toolEntry);
   writeIfAbsent(
     join2(repo, "greenlight.config.ts"),
@@ -2119,6 +2372,13 @@ async function adoptStandalone(ctx) {
     ".github/workflows/greenlight-promote.yml"
   );
   writeIfAbsent(join2(repo, "verify.config.ts"), starterVerifyConfig(lane), "verify.config.ts");
+  if (requireMigrationApproval && (data === "supabase" || data === "neon")) {
+    writeIfAbsent(
+      join2(repo, `.github/workflows/greenlight-migrate-${name}.yml`),
+      migrateWorkflowYml(name),
+      `.github/workflows/greenlight-migrate-${name}.yml (gated prod migration)`
+    );
+  }
   materializeAgentKit(repo, { lane, target, data });
   writeIfAbsent(join2(repo, "mise.toml"), MISE_TOML, "mise.toml");
   writeIfAbsent(join2(repo, ".node-version"), "24\n", ".node-version");
@@ -2130,7 +2390,8 @@ async function adoptStandalone(ctx) {
     auth,
     envs,
     external: true,
-    adopted: true
+    adopted: true,
+    ...requireMigrationApproval ? { requireMigrationApproval: true } : {}
   });
   writeFileSync3(regPath, serializeConfig(nextReg));
   console.log(`\u2714 registered "${name}" in ${regPath.replace(`${process.cwd()}/`, "")} (external)`);
@@ -2268,6 +2529,8 @@ async function configCommand() {
 
 // ../packages/adapters/src/index.ts
 import { execFileSync as execFileSync3 } from "child_process";
+import { chmodSync, mkdtempSync, rmSync, writeFileSync as writeFileSync6 } from "fs";
+import { tmpdir } from "os";
 import { join as join4 } from "path";
 function run(cmd, args, cwd, extraEnv) {
   execFileSync3(cmd, args, { cwd, stdio: "inherit", env: { ...process.env, ...extraEnv } });
@@ -2329,6 +2592,63 @@ function ociAdapter(ctx) {
     }
   };
 }
+function dockerConfig(name, source = process.env) {
+  return {
+    host: source.DOCKER_SSH_HOST,
+    user: source.DOCKER_SSH_USER || "root",
+    port: source.DOCKER_SSH_PORT || "22",
+    remoteDir: source.DOCKER_COMPOSE_DIR || `greenlight/${name ?? "app"}`,
+    key: source.DOCKER_SSH_KEY
+  };
+}
+function sshDeployArgs(cfg, identityPath) {
+  const remoteCmd = `cd ${cfg.remoteDir} && docker compose pull && docker compose up -d`;
+  return [
+    "-i",
+    identityPath,
+    "-p",
+    cfg.port,
+    "-o",
+    "StrictHostKeyChecking=accept-new",
+    "-o",
+    "BatchMode=yes",
+    `${cfg.user}@${cfg.host}`,
+    remoteCmd
+  ];
+}
+function dockerAdapter(ctx) {
+  const url = (env) => resolveUrl({ domain: ctx.domain, name: ctx.name, env });
+  return {
+    target: "docker",
+    async build() {
+      return { artifactDir: "." };
+    },
+    async deploy(_toolDir, env) {
+      const cfg = dockerConfig(ctx.name);
+      if (!cfg.host) throw new Error("docker deploy needs DOCKER_SSH_HOST (the host you own)");
+      if (!cfg.key) {
+        throw new Error("docker deploy needs DOCKER_SSH_KEY (the deploy user's private key)");
+      }
+      const dir = mkdtempSync(join4(tmpdir(), "gl-ssh-"));
+      const keyPath = join4(dir, "id");
+      try {
+        writeFileSync6(keyPath, cfg.key.endsWith("\n") ? cfg.key : `${cfg.key}
+`);
+        chmodSync(keyPath, 384);
+        run("ssh", sshDeployArgs(cfg, keyPath), ".");
+      } finally {
+        rmSync(dir, { recursive: true, force: true });
+      }
+      return { url: url(env) };
+    },
+    url,
+    async teardown() {
+      throw new Error(
+        "docker teardown is on the host \u2014 `ssh \u2026 docker compose down` in the tool dir."
+      );
+    }
+  };
+}
 function vercelSkeletonAdapter(ctx) {
   const url = (env) => resolveUrl({ domain: ctx.domain, name: ctx.name, env });
   const notWired = () => {
@@ -2350,6 +2670,8 @@ function createAdapter(target, ctx) {
       return workersAdapter(ctx);
     case "oci":
       return ociAdapter(ctx);
+    case "docker":
+      return dockerAdapter(ctx);
     case "vercel":
       return vercelSkeletonAdapter(ctx);
   }
@@ -2371,7 +2693,7 @@ async function deployCommand(args) {
   }
   const { config } = await loadManifest();
   const entry = resolveEntry(config, name);
-  if (entry.external && entry.target !== "oci") {
+  if (entry.external && entry.target !== "oci" && entry.target !== "docker") {
     throw new Error(`"${name}" is external (registry pointer) \u2014 deploy it from its own repo`);
   }
   const adapter = createAdapter(entry.target, { domain: config.domain, name: entry.name });
@@ -2532,6 +2854,18 @@ function conformanceChecks(t, root) {
       });
     }
   }
+  if (t.requireMigrationApproval) {
+    const migrateWf = `greenlight-migrate-${t.name}.yml`;
+    const hasWf = [
+      join6(root, toolDir, ".github/workflows", migrateWf),
+      join6(root, ".github/workflows", migrateWf)
+    ].some((p) => existsSync9(p));
+    out.push({
+      name: `${t.name}: migration approval`,
+      status: hasWf ? "ok" : "warn",
+      detail: hasWf ? `${migrateWf} present \u2014 set required reviewers on the ${t.name}-prod environment (prod_reviewers)` : `requireMigrationApproval set but ${migrateWf} is missing \u2014 re-run adopt with --require-migration-approval, and set prod_reviewers on the ${t.name}-prod environment`
+    });
+  }
   return out;
 }
 function versionDriftCheck(root) {
@@ -2598,11 +2932,13 @@ function runDoctor(config, root) {
     }
     checks.push(...conformanceChecks(t, root));
   }
-  const needsKeepalive = config.tools.filter((t) => t.data === "supabase" || t.target === "oci");
+  const needsKeepalive = config.tools.filter(
+    (t) => t.data === "supabase" || t.target === "oci" || t.target === "docker"
+  );
   checks.push({
     name: "keepalive coverage",
     status: needsKeepalive.length > 0 ? "ok" : "skip",
-    detail: needsKeepalive.length > 0 ? needsKeepalive.map((t) => `${t.name} (${t.data === "supabase" ? "supabase" : "oci"})`).join(", ") : "no data:supabase / target:oci tools"
+    detail: needsKeepalive.length > 0 ? needsKeepalive.map((t) => `${t.name} (${t.data === "supabase" ? "supabase" : t.target})`).join(", ") : "no data:supabase / target:oci|docker tools"
   });
   checks.push(versionDriftCheck(root));
   checks.push(submoduleDriftCheck(root));
@@ -2682,7 +3018,7 @@ ${failed === 0 ? "\u2714 no failures" : `\u2718 ${failed} failure(s)`}${warned ?
 }
 
 // src/commands/init.ts
-import { existsSync as existsSync10, mkdirSync as mkdirSync4, writeFileSync as writeFileSync6 } from "fs";
+import { existsSync as existsSync10, mkdirSync as mkdirSync4, writeFileSync as writeFileSync7 } from "fs";
 import { resolve as resolve8 } from "path";
 import { createInterface as createInterface2 } from "readline/promises";
 
@@ -2738,6 +3074,13 @@ ${key} \u2014 ${spec.label}`);
             `${key} failed verification${check.detail ? ` (${check.detail})` : ""} \u2014 check the token's scopes (${spec.label}).`
           );
         }
+        if (!check.ok) {
+          console.log(
+            `  \xB7 ${key} not pushed (verify failed${check.detail ? `: ${check.detail}` : ""})`
+          );
+          results.push({ envVar: spec.envVar, outcome: "skipped", verify: check });
+          continue;
+        }
       }
       setGitHubSecret(repo, opts.env, key, entered);
       results.push({ envVar: spec.envVar, outcome: "entered", verify: check });
@@ -2838,7 +3181,7 @@ function scaffoldIfAbsent(path, contents, label) {
     return;
   }
   mkdirSync4(resolve8(path, ".."), { recursive: true });
-  writeFileSync6(path, contents);
+  writeFileSync7(path, contents);
   console.log(`\u2714 wrote ${label}`);
 }
 var TOKEN_FLAGS = {
@@ -2863,7 +3206,7 @@ async function initCommand(args) {
   if (existsSync10(configPath) && !force) {
     throw new Error("greenlight.config.ts already exists \u2014 pass --force to overwrite");
   }
-  writeFileSync6(configPath, scaffoldConfig(domain));
+  writeFileSync7(configPath, scaffoldConfig(domain));
   console.log(`\u2714 wrote greenlight.config.ts (domain: ${domain})`);
   const repoName = domain.replace(/\./g, "-");
   scaffoldIfAbsent(

package/dist/{chunk-IYEIZYI5.js → chunk-2LAYOVFP.js}

@@ -87,11 +87,12 @@ ${tree}`.slice(0, 6e3);
 async function evalAsserts(page, asserts) {
   const checks = [];
   let text = "";
+  let textError = "";
   if (asserts.some((a) => a.textContains)) {
     try {
       text = await page.locator("body").innerText({ timeout: 3e3 });
-    } catch {
-      text = "";
+    } catch (e) {
+      textError = msg(e);
     }
   }
   for (const a of asserts) {
@@ -105,7 +106,11 @@ async function evalAsserts(page, asserts) {
     }
     if (a.textContains !== void 0) {
       const ok = text.includes(a.textContains);
-      checks.push({ name: `text contains "${a.textContains}"`, pass: ok });
+      checks.push({
+        name: `text contains "${a.textContains}"`,
+        pass: ok,
+        detail: ok ? void 0 : textError ? `could not read page text: ${textError}` : void 0
+      });
     }
     if (a.selector !== void 0) {
       let count = 0;
@@ -123,10 +128,20 @@ async function runScenario(client, page, base, spec, scenario) {
   await page.goto(base + (scenario.start ?? "/"), { waitUntil: "domcontentloaded" });
   const messages = [{ role: "user", content: `Task: ${scenario.task}` }];
   const maxSteps = spec.maxSteps ?? 12;
+  const historyTurns = spec.historyWindow ?? 6;
+  const maxRepeats = spec.maxRepeats ?? 3;
   let finish = null;
   let tokensIn = 0;
   let tokensOut = 0;
+  let budgetExceeded = false;
+  let lastFailSig = "";
+  let repeats = 0;
+  let stuckOn = "";
   for (let step = 0; step < maxSteps && !finish; step++) {
+    if (spec.maxTokens && tokensIn + tokensOut >= spec.maxTokens) {
+      budgetExceeded = true;
+      break;
+    }
     const resp = await client.messages.create({
       model: spec.model ?? "claude-sonnet-4-6",
       max_tokens: 1024,
@@ -149,9 +164,33 @@ async function runScenario(client, page, base, spec, scenario) {
       results.push({ type: "tool_result", tool_use_id: tu.id, content: out });
     }
     messages.push({ role: "user", content: results });
+    const sig = toolUses.map((tu) => `${tu.name}:${JSON.stringify(tu.input)}`).join("|");
+    const allErrored = results.every((r) => r.content.startsWith("error:"));
+    repeats = allErrored && sig === lastFailSig ? repeats + 1 : 0;
+    lastFailSig = allErrored ? sig : "";
+    if (repeats + 1 >= maxRepeats) {
+      stuckOn = toolUses.map((tu) => tu.name).join(", ");
+      break;
+    }
+    const keep = historyTurns * 2;
+    if (messages.length > keep + 1) {
+      messages.splice(1, messages.length - keep - 1);
+    }
   }
   const checks = [];
-  if (!finish) {
+  if (budgetExceeded) {
+    checks.push({
+      name: `${tag} token budget`,
+      pass: false,
+      detail: `exceeded maxTokens (${spec.maxTokens}) \u2014 ${tokensIn + tokensOut} tokens used`
+    });
+  } else if (stuckOn) {
+    checks.push({
+      name: `${tag} progress`,
+      pass: false,
+      detail: `agent stuck repeating failing action(s): ${stuckOn}`
+    });
+  } else if (!finish) {
     checks.push({
       name: `${tag} completed`,
       pass: false,
@@ -246,5 +285,6 @@ async function verifyAgentWeb(baseUrl, spec) {
 }
 
 export {
+  runScenario,
   verifyAgentWeb
 };

package/dist/{chunk-3A6F2JNP.js → chunk-C6NJHCRI.js}

@@ -6,13 +6,16 @@ import {
 // ../packages/verify/src/eval.ts
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+var MAX_RESULT_CHARS = 8e3;
 function resultText(res) {
   const r = res;
-  if (r.structuredContent !== void 0) return JSON.stringify(r.structuredContent);
-  if (Array.isArray(r.content)) {
-    return r.content.map((c) => c.type === "text" ? c.text ?? "" : JSON.stringify(c)).join("\n");
-  }
-  return JSON.stringify(res);
+  let text;
+  if (r.structuredContent !== void 0) text = JSON.stringify(r.structuredContent);
+  else if (Array.isArray(r.content)) {
+    text = r.content.map((c) => c.type === "text" ? c.text ?? "" : JSON.stringify(c)).join("\n");
+  } else text = JSON.stringify(res);
+  return text.length > MAX_RESULT_CHARS ? `${text.slice(0, MAX_RESULT_CHARS)}
+\u2026[truncated ${text.length - MAX_RESULT_CHARS} chars]` : text;
 }
 var clamp01 = (n) => {
   const v = typeof n === "number" ? n : Number(n);

package/dist/{chunk-MDG3MT34.js → chunk-NFNVF4HV.js}

@@ -6,7 +6,7 @@ import {
 // ../packages/shared/src/schema.ts
 import { z } from "zod";
 var LaneEnum = z.enum(["astro", "next", "mcp", "agent"]);
-var TargetEnum = z.enum(["workers", "vercel", "oci"]);
+var TargetEnum = z.enum(["workers", "vercel", "oci", "docker"]);
 var DataEnum = z.enum(["none", "d1", "kv", "supabase", "neon"]);
 var AuthEnum = z.enum(["none", "bearer", "oauth"]);
 var AccessEnum = z.enum(["public", "private"]);
@@ -14,7 +14,7 @@ var EnvEnum = z.enum(["preview", "beta", "prod"]);
 var MATRIX = {
   astro: { targets: ["workers"], data: ["none", "d1", "kv"] },
   next: { targets: ["vercel"], data: ["none", "supabase", "neon"] },
-  mcp: { targets: ["workers", "oci"], data: ["none"] },
+  mcp: { targets: ["workers", "oci", "docker"], data: ["none"] },
   agent: { targets: ["workers"], data: ["none", "kv"] }
 };
 function describeMatrix() {
@@ -32,9 +32,9 @@ var ToolSchema = z.object({
   access: AccessEnum.default("public"),
   envs: z.array(EnvEnum).nonempty("a tool needs at least one env"),
   adopted: z.boolean().default(false),
-  // The port the container listens on (target: oci). The tunnel routes to localhost:<port>;
-  // defaults to 8000 (the mcp/FastMCP convention). Set it for a lane:docker tool on a different
-  // port so the oci modules stay generic. Ignored by non-oci targets.
+  // The port the container listens on (target: oci | docker). The Cloudflare tunnel routes to
+  // localhost:<port>; defaults to 8000 (the mcp/FastMCP convention). Set it for a container tool
+  // on a different port so the tunnel/modules stay generic. Ignored by non-container targets.
   port: z.number().int().positive().optional(),
   // Directory the tool builds/deploys from. Defaults to tools/<name>; a standalone
   // (poly-repo) tool sets '.' (the repo root).
@@ -44,7 +44,7 @@ var ToolSchema = z.object({
   external: z.boolean().default(false),
   // How `greenlight preview` spins the tool up LOCALLY for the pre-deploy gate. Optional — node
   // lanes (astro/next/mcp→workers) use the built-in build+serve path. Set it for targets with no
-  // built-in serve (e.g. oci: a docker command that matches the prod transport). The harness polls
+  // built-in serve (e.g. oci/docker: a docker command that matches the prod transport). The harness polls
   // the local URL (http://localhost:<port><path>), verifies, then runs `teardown`.
   preview: z.object({
     command: z.string(),
@@ -69,7 +69,12 @@ var ToolSchema = z.object({
   // The value is the OWNER tool's name; this tool emits no data module and wires the owner's
   // connection strings. Cross-tool validity (owner exists, same data, no chains) is checked on
   // the whole config below.
-  dataShareWith: z.string().optional()
+  dataShareWith: z.string().optional(),
+  // Gate prod DB migrations behind a human approval. When true, `adopt` emits a dedicated, gated
+  // migrate workflow (run under the `<name>-prod` GitHub Environment → required reviewers pause it)
+  // and the prod environment's `prod_reviewers` should be set in infra. Only meaningful for a data
+  // tool (supabase/neon); a `doctor` check flags it when set but unwired. Default off.
+  requireMigrationApproval: z.boolean().default(false)
 }).superRefine((tool, ctx) => {
   const rule = MATRIX[tool.lane];
   if (!rule.targets.includes(tool.target)) {
@@ -109,8 +114,9 @@ var BlogSchema = z.object({
 var AlertsSchema = z.object({
   sink: z.enum(["github-issue", "email"])
 });
+var DOMAIN_RE = /^(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z]{2,}$/i;
 var ConfigSchema = z.object({
-  domain: z.string().min(1, "domain is required"),
+  domain: z.string().min(1, "domain is required").regex(DOMAIN_RE, 'domain must be a valid hostname, e.g. "example.com"'),
   alerts: AlertsSchema,
   // Optional: a tool-only repo (a poly-repo consumer) has no blog.
   blog: BlogSchema.optional(),
@@ -155,7 +161,14 @@ function defineConfig(config) {
 import { createJiti } from "jiti";
 async function loadConfig(path) {
   const jiti = createJiti(import.meta.url);
-  const mod = await jiti.import(path);
+  let mod;
+  try {
+    mod = await jiti.import(path);
+  } catch (e) {
+    throw new Error(
+      `Could not load Greenlight manifest at ${path}: ${e instanceof Error ? e.message : String(e)}`
+    );
+  }
   const raw = "default" in mod ? mod.default : mod;
   const result = ConfigSchema.safeParse(raw);
   if (!result.success) {
@@ -283,9 +296,27 @@ import { setTimeout as sleep } from "timers/promises";
 var trimSlash = (s) => s.replace(/\/+$/, "");
 var DEFAULT_TIMEOUT_MS = 1e4;
 var DEFAULT_MAX_LINKS = 50;
+var MAX_BODY_CHARS = 2e6;
 function timedFetch(url, timeoutMs, init) {
   return fetch(url, { redirect: "manual", ...init, signal: AbortSignal.timeout(timeoutMs) });
 }
+async function boundedText(res, max = MAX_BODY_CHARS) {
+  if (!res.body) return (await res.text()).slice(0, max);
+  const reader = res.body.getReader();
+  const decoder = new TextDecoder();
+  let text = "";
+  try {
+    while (text.length < max) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      text += decoder.decode(value, { stream: true });
+    }
+  } finally {
+    await reader.cancel().catch(() => {
+    });
+  }
+  return text.slice(0, max);
+}
 async function checkRoute(base, c, timeoutMs) {
   const name = `GET ${c.path}`;
   try {
@@ -295,7 +326,7 @@ async function checkRoute(base, c, timeoutMs) {
       reasons.push(`status ${res.status} != ${c.status}`);
     }
     if (c.contains !== void 0) {
-      const body = await res.text();
+      const body = await boundedText(res);
       if (!body.includes(c.contains)) reasons.push(`body missing "${c.contains}"`);
     }
     if (c.header) {
@@ -315,7 +346,7 @@ async function checkXml(base, candidates, label, marker, timeoutMs) {
     try {
       const res = await timedFetch(base + path, timeoutMs);
       if (res.status === 200) {
-        const body = await res.text();
+        const body = await boundedText(res);
         const ok = marker.test(body);
         return {
           name: `${label} (${path})`,
@@ -331,7 +362,7 @@ async function checkXml(base, candidates, label, marker, timeoutMs) {
 async function checkInternalLinks(base, timeoutMs, max = DEFAULT_MAX_LINKS) {
   try {
     const res = await timedFetch(`${base}/`, timeoutMs);
-    const html = await res.text();
+    const html = await boundedText(res);
     const hrefs = /* @__PURE__ */ new Set();
     let capped = false;
     for (const m of html.matchAll(/href="(\/[^"#?]*)"/g)) {
@@ -491,7 +522,7 @@ async function verify(baseUrl, spec, opts) {
     case "api":
       return verifyApi(baseUrl, spec);
     case "mcp": {
-      const { verifyMcp: verifyMcp2 } = await import("./mcp-FFLOX4YP.js");
+      const { verifyMcp: verifyMcp2 } = await import("./mcp-KHLYS3RL.js");
       return verifyMcp2(baseUrl, spec);
     }
     case "playwright": {
@@ -503,11 +534,11 @@ async function verify(baseUrl, spec, opts) {
       return verifyTest2(spec, opts?.toolDir ?? process.cwd());
     }
     case "agent-web": {
-      const { verifyAgentWeb: verifyAgentWeb2 } = await import("./agent-web-BG5ZIVAB.js");
+      const { verifyAgentWeb: verifyAgentWeb2 } = await import("./agent-web-JVJFUAIZ.js");
       return verifyAgentWeb2(baseUrl, spec);
     }
     case "eval": {
-      const { verifyEval: verifyEval2 } = await import("./eval-YZXJSUKH.js");
+      const { verifyEval: verifyEval2 } = await import("./eval-45HUMZ6V.js");
       return verifyEval2(baseUrl, spec);
     }
   }

package/dist/{chunk-HX7VA25D.js → chunk-UMY5ZDOQ.js}

@@ -6,22 +6,34 @@ import {
 // ../packages/verify/src/mcp.ts
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+var DEFAULT_TIMEOUT_MS = 1e4;
+function withTimeout(p, timeoutMs, label) {
+  return Promise.race([
+    p,
+    new Promise(
+      (_, reject) => setTimeout(() => reject(new Error(`${label} timed out after ${timeoutMs}ms`)), timeoutMs)
+    )
+  ]);
+}
 async function verifyMcp(baseUrl, spec) {
   const checks = [];
+  const timeoutMs = spec.timeoutMs ?? DEFAULT_TIMEOUT_MS;
   const client = new Client({ name: "greenlight-verify", version: "0.0.0" });
   const transport = new StreamableHTTPClientTransport(
     new URL(baseUrl),
     spec.headers ? { requestInit: { headers: spec.headers } } : void 0
   );
   try {
-    await client.connect(transport);
+    await withTimeout(client.connect(transport), timeoutMs, "initialize");
     checks.push({ name: "initialize handshake", pass: true });
   } catch (e) {
     checks.push({ name: "initialize handshake", pass: false, detail: msg(e) });
+    await client.close().catch(() => {
+    });
     return report("mcp", baseUrl, checks);
   }
   try {
-    const { tools } = await client.listTools();
+    const { tools } = await withTimeout(client.listTools(), timeoutMs, "tools/list");
     const names = tools.map((t) => t.name);
     checks.push({ name: `tools/list responded (${names.length} tools)`, pass: true });
     for (const t of spec.expectTools) {
@@ -52,10 +64,11 @@ async function verifyMcp(baseUrl, spec) {
   if (spec.call) {
     const label = `tools/call ${spec.call.name}`;
     try {
-      const res = await client.callTool({
-        name: spec.call.name,
-        arguments: spec.call.args ?? {}
-      });
+      const res = await withTimeout(
+        client.callTool({ name: spec.call.name, arguments: spec.call.args ?? {} }),
+        timeoutMs,
+        label
+      );
       const reasons = [];
       if (res.isError) reasons.push("result.isError = true");
       for (const k of spec.call.expectKeys ?? []) {
@@ -73,13 +86,14 @@ async function verifyMcp(baseUrl, spec) {
     }
   }
   await client.close();
-  if (spec.requireAuthRejection) checks.push(await checkAuthRejection(baseUrl));
+  if (spec.requireAuthRejection) checks.push(await checkAuthRejection(baseUrl, timeoutMs));
   return report("mcp", baseUrl, checks);
 }
-async function checkAuthRejection(baseUrl) {
+async function checkAuthRejection(baseUrl, timeoutMs) {
   try {
     const res = await fetch(baseUrl, {
       method: "POST",
+      signal: AbortSignal.timeout(timeoutMs),
       headers: {
         "content-type": "application/json",
         accept: "application/json, text/event-stream"
@@ -107,5 +121,6 @@ async function checkAuthRejection(baseUrl) {
 }
 
 export {
+  withTimeout,
   verifyMcp
 };

package/dist/{eval-YZXJSUKH.js → eval-45HUMZ6V.js}

@@ -2,7 +2,7 @@ import {
   clamp01,
   llmJudge,
   verifyEval
-} from "./chunk-3A6F2JNP.js";
+} from "./chunk-C6NJHCRI.js";
 import "./chunk-QFKE5JKC.js";
 export {
   clamp01,

package/dist/index.js

@@ -3,12 +3,12 @@ import {
   defineVerify,
   loadConfig,
   resolveUrl
-} from "./chunk-MDG3MT34.js";
-import "./chunk-HX7VA25D.js";
+} from "./chunk-NFNVF4HV.js";
+import "./chunk-UMY5ZDOQ.js";
 import "./chunk-N3IKUCSF.js";
 import "./chunk-KP3Y6WRU.js";
-import "./chunk-IYEIZYI5.js";
-import "./chunk-3A6F2JNP.js";
+import "./chunk-2LAYOVFP.js";
+import "./chunk-C6NJHCRI.js";
 import "./chunk-QFKE5JKC.js";
 export {
   defineConfig,

package/dist/mcp-KHLYS3RL.js

@@ -0,0 +1,9 @@
+import {
+  verifyMcp,
+  withTimeout
+} from "./chunk-UMY5ZDOQ.js";
+import "./chunk-QFKE5JKC.js";
+export {
+  verifyMcp,
+  withTimeout
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rtrentjones/greenlight",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "description": "Greenlight CLI — setup and lifecycle for the harness.",
   "license": "MIT",
   "repository": {
@@ -31,10 +31,10 @@
     "@anthropic-ai/sdk": "^0.69.0"
   },
   "devDependencies": {
-    "@rtrentjones/greenlight-adapters": "0.6.1",
-    "@rtrentjones/greenlight-loop": "0.6.1",
-    "@rtrentjones/greenlight-shared": "0.6.1",
-    "@rtrentjones/greenlight-verify": "0.6.1"
+    "@rtrentjones/greenlight-loop": "0.7.0",
+    "@rtrentjones/greenlight-shared": "0.7.0",
+    "@rtrentjones/greenlight-adapters": "0.7.0",
+    "@rtrentjones/greenlight-verify": "0.7.0"
   },
   "scripts": {
     "build": "node scripts/copy-assets.mjs && tsup",

package/dist/mcp-FFLOX4YP.js

@@ -1,7 +0,0 @@
-import {
-  verifyMcp
-} from "./chunk-HX7VA25D.js";
-import "./chunk-QFKE5JKC.js";
-export {
-  verifyMcp
-};