@skillcap/gdh 0.13.2 → 0.14.0

package/node_modules/@gdh/verify/dist/scenarios.js

@@ -1,11 +1,21 @@
 import fs from "node:fs/promises";
 import path from "node:path";
-import { GDH_RUNTIME_RUN_BUNDLE_VERSION, GDH_SCENARIO_SCHEMA_VERSION, } from "@gdh/core";
+import { GDH_RUNTIME_RECIPE_RUN_VERSION, GDH_RUNTIME_RUN_BUNDLE_VERSION, GDH_SCENARIO_SCHEMA_VERSION, presentPublicRuntimeTerms, } from "@gdh/core";
 import { computeRuntimeInputSignature, inspectRuntimeRunBundle, writeRuntimeRunBundle, } from "@gdh/observability";
-import { inspectRuntimeRecipeRunState, runRuntimeRecipe, } from "@gdh/runtime";
+import { checkRuntimeRecipe, createRuntimeBridgeManager, inspectRuntimeRecipeRunState, runRuntimeRecipe, } from "@gdh/runtime";
 import { parse } from "yaml";
 const PRIMARY_VERIFICATION_SCENARIO_DIRECTORY = ".gdh/verification-scenarios";
 const LEGACY_SCENARIO_DIRECTORY = [".gdh", "scenarios"].join("/");
+export const SUPPORTED_SCENARIO_RUNTIME_ASSERTION_WAITERS = [
+    "state.node_property.await",
+    "state.node_presence.await",
+    "state.signal.await",
+];
+const RENDERED_PROVIDER_RUNTIME_INCOMPATIBILITY_SIGNALS = [
+    "GLIBCXX_3.4.32",
+    "GLIBC_2.38",
+    "GDExtension",
+];
 export async function listRuntimeScenarios(input) {
     const scenarios = await readScenarioDefinitions(input.targetPath);
     const entries = scenarios.map((scenario) => ({
@@ -63,11 +73,6 @@ export async function runRuntimeVerificationScenario(input) {
         await writeRuntimeRunBundle(input.targetPath, mismatchBundle);
         return mismatchBundle;
     }
-    const unsupportedScreenshotPolicyBundle = await buildUnsupportedScreenshotPolicyBundle(input, scenario);
-    if (unsupportedScreenshotPolicyBundle !== null) {
-        await writeRuntimeRunBundle(input.targetPath, unsupportedScreenshotPolicyBundle);
-        return unsupportedScreenshotPolicyBundle;
-    }
     const startedAt = new Date().toISOString();
     const bundleId = `${startedAt.replace(/[:.]/g, "-")}-scenario-${scenario.id}`;
     const bundlePath = path.join(input.targetPath, ".gdh-state/runs", bundleId);
@@ -86,28 +91,21 @@ export async function runRuntimeVerificationScenario(input) {
     });
     for (let attemptNumber = 1; attemptNumber <= maxAttempts; attemptNumber += 1) {
         const attemptPath = path.join(bundlePath, "attempts", `attempt-${attemptNumber}`);
-        const recipeRun = await runRuntimeRecipe({
-            targetPath: input.targetPath,
-            projectConfig: input.projectConfig,
-            recipeId: input.recipeId,
-            provider: input.provider,
-            parameters: input.parameters,
-            enabledFeatures: input.enabledFeatures,
-            disabledFeatures: input.disabledFeatures,
-            environment: input.environment,
-            workspaceMode: input.workspaceMode,
-            screenshotPolicy: scenario.artifactPolicy.screenshots,
-            maxRuntimeSeconds: scenario.executionPolicy.maxRuntimeSeconds,
-            artifactDirectory: attemptPath,
+        const execution = await executeScenarioAttempt({
+            input,
+            scenario,
+            attemptPath,
         });
-        const inspection = await inspectRuntimeRecipeRunState(recipeRun);
+        const { recipeRun, inspection, runtimeAssertions } = execution;
         const assertions = evaluateAssertions(scenario.assertions, inspection);
         const feedback = deriveFeedback({
             scenario,
             recipeId: input.recipeId,
+            provider: input.provider,
             recipeRun,
             assertions,
             inspection,
+            runtimeAssertions,
         });
         const attempt = buildAttemptResult({
             attemptNumber,
@@ -115,6 +113,7 @@ export async function runRuntimeVerificationScenario(input) {
             recipeRun,
             inspection,
             assertions,
+            runtimeAssertions,
             feedback,
         });
         attempts.push(attempt);
@@ -197,6 +196,293 @@ async function persistProvisionalRunBundle(input) {
 export async function inspectRuntimeVerificationBundleState(input) {
     return inspectRuntimeRunBundle(input.targetPath, { bundleId: input.bundleId ?? null });
 }
+async function executeScenarioAttempt(input) {
+    if (input.scenario.runtimeAssertions.length === 0) {
+        return runPlainScenarioAttempt(input);
+    }
+    return runBridgeBackedScenarioAttempt(input);
+}
+async function runPlainScenarioAttempt(input) {
+    const recipeRun = await runRuntimeRecipe(buildScenarioAttemptRunInput(input.input, input.scenario, input.attemptPath));
+    return {
+        recipeRun,
+        inspection: await inspectRuntimeRecipeRunState(recipeRun),
+        runtimeAssertions: [],
+    };
+}
+async function runBridgeBackedScenarioAttempt(input) {
+    const runInput = buildScenarioAttemptRunInput(input.input, input.scenario, input.attemptPath);
+    const liveCheck = await checkRuntimeRecipe(runInput);
+    if (liveCheck.state !== "runnable" || liveCheck.recipe === null || liveCheck.launchPreview === null) {
+        return runPlainScenarioAttempt(input);
+    }
+    const bridgeManager = createRuntimeBridgeManager();
+    const startResult = await bridgeManager.startSession(runInput);
+    if (startResult.state !== "ready" || startResult.session === null) {
+        const recipeRun = buildBridgeStartFailureRecipeRun({
+            input: input.input,
+            scenario: input.scenario,
+            liveCheck,
+            startResult,
+        });
+        return {
+            recipeRun,
+            inspection: await inspectRuntimeRecipeRunState(recipeRun),
+            runtimeAssertions: [],
+        };
+    }
+    let stopResult = null;
+    try {
+        const runtimeAssertions = await runRuntimeAssertionsOverBridge({
+            bridgeManager,
+            sessionId: startResult.session.sessionId,
+            definitions: input.scenario.runtimeAssertions,
+        });
+        stopResult = await bridgeManager.stopSession(startResult.session.sessionId);
+        if (stopResult.state !== "stopped" || stopResult.session === null) {
+            const recipeRun = buildBridgeStopFailureRecipeRun({
+                input: input.input,
+                scenario: input.scenario,
+                liveCheck,
+                startResult,
+                stopResult,
+            });
+            return {
+                recipeRun,
+                inspection: await inspectRuntimeRecipeRunState(recipeRun),
+                runtimeAssertions,
+            };
+        }
+        const recipeRun = await buildBridgeBackedRecipeRun({
+            input: input.input,
+            scenario: input.scenario,
+            liveCheck,
+            startResult,
+            stopResult,
+        });
+        return {
+            recipeRun,
+            inspection: await inspectRuntimeRecipeRunState(recipeRun),
+            runtimeAssertions,
+        };
+    }
+    finally {
+        if (stopResult === null) {
+            await bridgeManager
+                .stopSession(startResult.session.sessionId)
+                .catch(async () => bridgeManager.stopAll().catch(() => { }));
+        }
+    }
+}
+function buildScenarioAttemptRunInput(input, scenario, attemptPath) {
+    const screenshotPolicy = scenario.artifactPolicy.screenshots;
+    const shouldCaptureRenderedScreenshot = input.screenshotCapture === "rendered" ||
+        screenshotPolicy === "rendered" ||
+        input.provider === "docker";
+    return {
+        targetPath: input.targetPath,
+        projectConfig: input.projectConfig,
+        recipeId: input.recipeId,
+        provider: input.provider,
+        parameters: input.parameters,
+        enabledFeatures: input.enabledFeatures,
+        disabledFeatures: input.disabledFeatures,
+        environment: input.environment,
+        workspaceMode: input.workspaceMode,
+        screenshotCapture: shouldCaptureRenderedScreenshot ? "rendered" : "never",
+        screenshotPolicy,
+        maxRuntimeSeconds: scenario.executionPolicy.maxRuntimeSeconds,
+        artifactDirectory: attemptPath,
+    };
+}
+async function runRuntimeAssertionsOverBridge(input) {
+    const results = [];
+    for (const definition of input.definitions) {
+        const invocation = await input.bridgeManager.invokeEntry(input.sessionId, definition.waiter, definition.input);
+        const result = buildRuntimeAssertionResult(definition, invocation);
+        results.push(result);
+        if (definition.required && result.status !== "passed") {
+            break;
+        }
+    }
+    return results;
+}
+function buildRuntimeAssertionResult(definition, invocation) {
+    const reasons = [...invocation.reasons];
+    if ((invocation.state === "ok" || invocation.state === "unavailable") &&
+        invocation.waiterEvidence === null) {
+        reasons.push("waiter_evidence_missing");
+    }
+    const status = invocation.state === "ok" && invocation.waiterEvidence?.outcome === "satisfied"
+        ? "passed"
+        : invocation.state === "unavailable" && invocation.waiterEvidence?.outcome === "timed_out"
+            ? "blocked"
+            : invocation.state === "unavailable"
+                ? "blocked"
+                : "failed";
+    return {
+        id: definition.id,
+        summary: definition.summary,
+        required: definition.required,
+        waiter: definition.waiter,
+        input: definition.input,
+        status,
+        state: invocation.state,
+        reasons: dedupe(reasons),
+        result: invocation.result,
+        waiterEvidence: invocation.waiterEvidence,
+        transcriptPath: invocation.transcriptPath,
+    };
+}
+function buildBridgeStartFailureRecipeRun(input) {
+    return {
+        version: GDH_RUNTIME_RECIPE_RUN_VERSION,
+        targetPath: input.input.targetPath,
+        recipeId: input.input.recipeId,
+        state: input.startResult.state === "blocked" ? "blocked" : "failed",
+        summary: input.startResult.summary,
+        reasons: input.startResult.reasons,
+        recipe: input.liveCheck.recipe,
+        check: input.liveCheck,
+        session: null,
+        startedAt: null,
+        finishedAt: new Date().toISOString(),
+        exitCode: null,
+        launchCommand: input.startResult.launchCommand ?? input.liveCheck.launchPreview?.command ?? null,
+        screenshot: buildBridgeBackedScreenshotResult(input.scenario.artifactPolicy.screenshots),
+        artifacts: [],
+        statusPromotion: "none",
+    };
+}
+function buildBridgeStopFailureRecipeRun(input) {
+    const artifactDirectory = input.startResult.session?.artifactDirectory ?? null;
+    const transcriptPath = input.stopResult.transcriptPath ?? null;
+    return {
+        version: GDH_RUNTIME_RECIPE_RUN_VERSION,
+        targetPath: input.input.targetPath,
+        recipeId: input.input.recipeId,
+        state: "failed",
+        summary: input.stopResult.summary,
+        reasons: input.stopResult.reasons.length > 0 ? input.stopResult.reasons : ["bridge_session_stop_failed"],
+        recipe: input.liveCheck.recipe,
+        check: input.liveCheck,
+        session: null,
+        startedAt: input.startResult.session?.startedAt ?? null,
+        finishedAt: new Date().toISOString(),
+        exitCode: input.stopResult.exitCode,
+        launchCommand: input.startResult.launchCommand ?? input.liveCheck.launchPreview?.command ?? null,
+        screenshot: buildBridgeBackedScreenshotResult(input.scenario.artifactPolicy.screenshots),
+        artifacts: buildBridgeBackedArtifacts({
+            artifactDirectory,
+            transcriptPath,
+            reportPath: null,
+        }),
+        statusPromotion: "none",
+    };
+}
+async function buildBridgeBackedRecipeRun(input) {
+    const artifactDirectory = input.stopResult.session?.artifactDirectory ?? input.startResult.session?.artifactDirectory ?? null;
+    const reportPath = artifactDirectory === null ? null : path.join(artifactDirectory, "report.json");
+    const recipeRun = {
+        version: GDH_RUNTIME_RECIPE_RUN_VERSION,
+        targetPath: input.input.targetPath,
+        recipeId: input.input.recipeId,
+        state: "passed",
+        summary: `Runtime recipe "${input.input.recipeId}" ran successfully through a bridge-backed verification session.`,
+        reasons: [],
+        recipe: input.liveCheck.recipe,
+        check: input.liveCheck,
+        session: input.stopResult.session === null
+            ? null
+            : {
+                launchMode: "gdh_launch",
+                workspaceMode: input.stopResult.session.workspaceMode,
+                targetPath: input.input.targetPath,
+                workingCopyPath: input.stopResult.session.workingCopyPath,
+            },
+        startedAt: input.startResult.session?.startedAt ?? null,
+        finishedAt: input.stopResult.session?.finishedAt ?? new Date().toISOString(),
+        exitCode: input.stopResult.exitCode,
+        launchCommand: input.startResult.launchCommand ?? input.liveCheck.launchPreview?.command ?? null,
+        screenshot: buildBridgeBackedScreenshotResult(input.scenario.artifactPolicy.screenshots),
+        artifacts: buildBridgeBackedArtifacts({
+            artifactDirectory,
+            transcriptPath: input.stopResult.transcriptPath,
+            reportPath,
+        }),
+        statusPromotion: input.liveCheck.recipe?.status === "draft" ? "candidate_observed" : "none",
+    };
+    if (reportPath !== null) {
+        await fs.mkdir(path.dirname(reportPath), { recursive: true });
+        await fs.writeFile(reportPath, `${JSON.stringify(presentPublicRuntimeTerms(recipeRun), null, 2)}\n`, "utf8");
+    }
+    return recipeRun;
+}
+function buildBridgeBackedArtifacts(input) {
+    if (input.artifactDirectory === null) {
+        return input.transcriptPath === null
+            ? []
+            : [
+                {
+                    id: "bridge-transcript",
+                    path: input.transcriptPath,
+                    description: "Persisted bridge-session transcript captured during runtime-assertion execution.",
+                },
+            ];
+    }
+    const artifacts = [
+        {
+            id: "launch",
+            path: path.join(input.artifactDirectory, "launch.json"),
+            description: "Assembled launch preview used for the bridge-backed runtime session.",
+        },
+        {
+            id: "stdout",
+            path: path.join(input.artifactDirectory, "stdout.log"),
+            description: "Captured standard output from the bridge-backed runtime session.",
+        },
+        {
+            id: "stderr",
+            path: path.join(input.artifactDirectory, "stderr.log"),
+            description: "Captured standard error from the bridge-backed runtime session.",
+        },
+    ];
+    if (input.transcriptPath !== null) {
+        artifacts.push({
+            id: "bridge-transcript",
+            path: input.transcriptPath,
+            description: "Persisted bridge-session transcript captured during runtime-assertion execution.",
+        });
+    }
+    if (input.reportPath !== null) {
+        artifacts.push({
+            id: "report",
+            path: input.reportPath,
+            description: "Structured runtime recipe report for this bridge-backed execution.",
+        });
+    }
+    return artifacts;
+}
+function buildBridgeBackedScreenshotResult(screenshots) {
+    if (screenshots === "rendered") {
+        return {
+            requested: true,
+            state: "unavailable",
+            summary: "Bridge-backed runtime assertions do not capture screenshots yet; waiter evidence remains the durable state-first proof.",
+            reason: "bridge_backed_runtime_assertions_do_not_capture_screenshots",
+            imagePath: null,
+            metadataPath: null,
+        };
+    }
+    return {
+        requested: false,
+        state: "omitted",
+        summary: "Screenshot capture was not requested for this scenario.",
+        reason: null,
+        imagePath: null,
+        metadataPath: null,
+    };
+}
 async function readScenarioDefinitions(targetPath) {
     const scenariosDirectory = await resolveScenarioDirectory(targetPath, PRIMARY_VERIFICATION_SCENARIO_DIRECTORY, LEGACY_SCENARIO_DIRECTORY);
     const entries = await fs.readdir(scenariosDirectory, { withFileTypes: true }).catch(() => []);
@@ -215,9 +501,10 @@ async function loadScenarioDefinition(targetPath, scenarioId) {
     const scenarios = await readScenarioDefinitions(targetPath);
     return scenarios.find((entry) => entry.id === scenarioId) ?? null;
 }
-function parseScenarioDefinition(content) {
+export function parseScenarioDefinition(content) {
     const parsed = toRecord(parse(content));
     const parsedVersion = readNumber(parsed["version"]);
+    const screenshotPolicy = readScenarioScreenshotPolicy(toRecord(parsed["artifact_policy"])["screenshots"]);
     return {
         schemaVersion: (parsedVersion <= GDH_SCENARIO_SCHEMA_VERSION
             ? GDH_SCENARIO_SCHEMA_VERSION
@@ -238,11 +525,10 @@ function parseScenarioDefinition(content) {
             expected: coerceJsonValue(entry["expected"]),
             required: readBoolean(entry["required"], true),
         })),
+        runtimeAssertions: parseScenarioRuntimeAssertions(parsed["runtime_assertions"]),
         artifactPolicy: {
             captureState: readBoolean(toRecord(parsed["artifact_policy"])["capture_state"], true),
-            screenshots: readString(toRecord(parsed["artifact_policy"])["screenshots"]) === "fallback"
-                ? "fallback"
-                : "never",
+            screenshots: screenshotPolicy,
         },
         executionPolicy: {
             maxRuntimeSeconds: Math.max(1, readNumber(toRecord(parsed["execution_policy"])["max_runtime_seconds"]) || 0) || null,
@@ -253,6 +539,33 @@ function parseScenarioDefinition(content) {
         doneRelevance: readStringArray(parsed["done_relevance"]),
     };
 }
+function parseScenarioRuntimeAssertions(value) {
+    return readObjectArray(value).map((entry, index) => {
+        const id = readString(entry["id"]);
+        const summary = readString(entry["summary"]);
+        const waiter = readString(entry["waiter"]);
+        const input = entry["input"];
+        if (id.length === 0) {
+            throw new Error(`Verification scenario runtime_assertions[${index}].id must be a non-empty string.`);
+        }
+        if (summary.length === 0) {
+            throw new Error(`Verification scenario runtime_assertions[${index}].summary must be a non-empty string.`);
+        }
+        if (!SUPPORTED_SCENARIO_RUNTIME_ASSERTION_WAITERS.includes(waiter)) {
+            throw new Error(`Verification scenario runtime_assertions[${index}].waiter must be one of ${SUPPORTED_SCENARIO_RUNTIME_ASSERTION_WAITERS.join(", ")}.`);
+        }
+        if (!isJsonRecord(input)) {
+            throw new Error(`Verification scenario runtime_assertions[${index}].input must be a JSON object.`);
+        }
+        return {
+            id,
+            summary,
+            waiter: waiter,
+            input: coerceJsonRecord(input),
+            required: readBoolean(entry["required"], true),
+        };
+    });
+}
 async function resolveScenarioDirectory(targetPath, primaryRelativePath, legacyRelativePath) {
     const primaryDirectory = path.join(targetPath, primaryRelativePath);
     if (await directoryExists(primaryDirectory)) {
@@ -325,7 +638,7 @@ function evaluateAssertions(assertions, inspection) {
     });
 }
 function buildAttemptResult(input) {
-    const outcome = classifyAttemptOutcome(input.recipeRun, input.assertions);
+    const outcome = classifyAttemptOutcome(input.recipeRun, input.assertions, input.runtimeAssertions);
     const startedAt = input.recipeRun.startedAt ?? input.recipeRun.finishedAt;
     return {
         attemptNumber: input.attemptNumber,
@@ -341,6 +654,11 @@ function buildAttemptResult(input) {
                     : `Verification scenario "${input.scenario.id}" failed on attempt ${input.attemptNumber}.`,
         reasons: dedupe([
             ...input.recipeRun.reasons,
+            ...input.runtimeAssertions
+                .filter((entry) => entry.status !== "passed")
+                .flatMap((entry) => entry.reasons.length > 0
+                ? entry.reasons.map((reason) => `${entry.id}:${reason}`)
+                : [`${entry.id}:${entry.status}`]),
             ...input.assertions
                 .filter((entry) => entry.status !== "passed")
                 .map((entry) => `${entry.id}:${entry.reason ?? entry.status}`),
@@ -348,16 +666,23 @@ function buildAttemptResult(input) {
         recipeRun: input.recipeRun,
         inspection: input.inspection,
         assertions: input.assertions,
+        runtimeAssertions: input.runtimeAssertions,
         feedback: input.feedback,
     };
 }
-function classifyAttemptOutcome(recipeRun, assertions) {
+function classifyAttemptOutcome(recipeRun, assertions, runtimeAssertions) {
     if (recipeRun.state === "blocked") {
         return "blocked";
     }
     if (recipeRun.state === "failed") {
         return "failed";
     }
+    if (runtimeAssertions.some((entry) => entry.required && entry.status === "failed")) {
+        return "failed";
+    }
+    if (runtimeAssertions.some((entry) => entry.required && entry.status === "blocked")) {
+        return "blocked";
+    }
     if (assertions.some((entry) => entry.required && entry.status === "blocked")) {
         return "blocked";
     }
@@ -414,11 +739,27 @@ function buildBundleArtifacts(bundlePath, attempts, feedback) {
             path: artifact.path,
             description: `Attempt ${attempt.attemptNumber}: ${artifact.description}`,
         })));
+        const knownTranscriptPaths = new Set(attempt.recipeRun.artifacts
+            .filter((artifact) => artifact.id === "bridge-transcript")
+            .map((artifact) => artifact.path));
+        for (const runtimeAssertion of attempt.runtimeAssertions) {
+            if (runtimeAssertion.transcriptPath === null ||
+                knownTranscriptPaths.has(runtimeAssertion.transcriptPath)) {
+                continue;
+            }
+            artifacts.push({
+                id: `attempt-${attempt.attemptNumber}-${runtimeAssertion.id}-transcript`,
+                path: runtimeAssertion.transcriptPath,
+                description: `Attempt ${attempt.attemptNumber}: bridge transcript referenced by runtime assertion "${runtimeAssertion.id}".`,
+            });
+            knownTranscriptPaths.add(runtimeAssertion.transcriptPath);
+        }
     }
     return artifacts;
 }
 function deriveFeedback(input) {
     const feedback = [];
+    const renderedScreenshotVerification = isRenderedScreenshotVerification(input.scenario);
     if (input.scenario.recipeId !== input.recipeId) {
         feedback.push({
             id: "scenario-recipe-mismatch",
@@ -446,6 +787,32 @@ function deriveFeedback(input) {
             details: input.recipeRun.reasons,
         });
     }
+    if (input.recipeRun.screenshot.requested &&
+        input.recipeRun.screenshot.state !== "captured") {
+        feedback.push({
+            id: "rendered-screenshot-unavailable",
+            attribution: "recipe_issue",
+            code: "rendered_screenshot_unavailable",
+            summary: "Rendered screenshot capture was requested, but this verification run did not produce usable screenshot evidence.",
+            details: [
+                `provider:${input.provider}`,
+                `screenshot_state:${input.recipeRun.screenshot.state}`,
+                ...(input.recipeRun.screenshot.reason === null
+                    ? []
+                    : [`screenshot_reason:${input.recipeRun.screenshot.reason}`]),
+            ],
+        });
+    }
+    const renderedProviderRuntimeSignals = findRenderedProviderRuntimeIncompatibilitySignals(input.inspection);
+    if (renderedScreenshotVerification && renderedProviderRuntimeSignals.length > 0) {
+        feedback.push({
+            id: "rendered-provider-runtime-incompatible",
+            attribution: "recipe_issue",
+            code: "rendered_provider_runtime_incompatible",
+            summary: "Rendered verification stderr shows provider/runtime incompatibility signals that can block screenshot proof.",
+            details: renderedProviderRuntimeSignals,
+        });
+    }
     const blockedAssertions = input.assertions.filter((entry) => entry.status === "blocked");
     if (blockedAssertions.length > 0) {
         feedback.push({
@@ -466,6 +833,26 @@ function deriveFeedback(input) {
             details: failedAssertions.map((entry) => entry.id),
         });
     }
+    const blockedRuntimeAssertions = input.runtimeAssertions.filter((entry) => entry.required && entry.status === "blocked");
+    if (blockedRuntimeAssertions.length > 0) {
+        feedback.push({
+            id: "runtime-assertions-blocked",
+            attribution: "scenario_issue",
+            code: "runtime_assertion_blocked",
+            summary: "One or more required runtime assertions timed out or were unavailable during scenario execution.",
+            details: blockedRuntimeAssertions.map((entry) => `${entry.id}:${entry.reasons.join("|") || entry.status}`),
+        });
+    }
+    const failedRuntimeAssertions = input.runtimeAssertions.filter((entry) => entry.required && entry.status === "failed");
+    if (failedRuntimeAssertions.length > 0) {
+        feedback.push({
+            id: "runtime-assertions-failed",
+            attribution: "gdh_gap",
+            code: "runtime_assertion_failed",
+            summary: "One or more required runtime assertions failed before GDH could record satisfied waiter evidence.",
+            details: failedRuntimeAssertions.map((entry) => `${entry.id}:${entry.reasons.join("|") || entry.status}`),
+        });
+    }
     const assertedSources = new Set(input.scenario.assertions.map((entry) => entry.source));
     const missingSources = input.inspection.filter((entry) => entry.state !== "available" && assertedSources.has(entry.id));
     if (missingSources.length > 0) {
@@ -479,13 +866,28 @@ function deriveFeedback(input) {
     }
     return dedupeFeedback(feedback);
 }
+function isRenderedScreenshotVerification(scenario) {
+    return (scenario.artifactPolicy.screenshots === "rendered" &&
+        scenario.runtimeAssertions.length === 0);
+}
+function findRenderedProviderRuntimeIncompatibilitySignals(inspection) {
+    const stderrText = inspection.find((entry) => entry.id === "stderr_text");
+    const stderrValue = stderrText?.value;
+    if (stderrText?.state !== "available" || typeof stderrValue !== "string") {
+        return [];
+    }
+    return RENDERED_PROVIDER_RUNTIME_INCOMPATIBILITY_SIGNALS.filter((signal) => stderrValue.includes(signal));
+}
 function classifyReasons(reasons) {
     if (reasons.some((reason) => reason.includes("godot_editor_not_configured") ||
-        reason.includes("missing_environment"))) {
+        reason.includes("missing_environment") ||
+        reason.includes("docker_unavailable") ||
+        reason.includes("docker_runtime_image_missing"))) {
         return "environment_issue";
     }
     if (reasons.some((reason) => reason.includes("recipe_not_found") ||
-        reason.includes("launch_adapter_missing"))) {
+        reason.includes("launch_adapter_missing") ||
+        reason.includes("provider_not_supported"))) {
         return "recipe_issue";
     }
     return "unknown";
@@ -524,6 +926,7 @@ async function buildMissingScenarioBundle(input) {
             setupSteps: [],
             actions: [],
             assertions: [],
+            runtimeAssertions: [],
             artifactPolicy: {
                 captureState: true,
                 screenshots: "never",
@@ -579,46 +982,6 @@ async function buildRecipeMismatchBundle(input, scenario) {
         artifacts: [],
     };
 }
-async function buildUnsupportedScreenshotPolicyBundle(input, scenario) {
-    if (scenario.artifactPolicy.screenshots !== "fallback") {
-        return null;
-    }
-    const startedAt = new Date().toISOString();
-    const bundleId = `${startedAt.replace(/[:.]/g, "-")}-scenario-${scenario.id}`;
-    const bundlePath = path.join(input.targetPath, ".gdh-state/runs", bundleId);
-    const inputSignature = await computeRuntimeInputSignature(input.targetPath);
-    const feedback = [
-        {
-            id: "scenario-screenshot-policy-unsupported",
-            attribution: "scenario_issue",
-            code: "verification_scenario_screenshot_policy_unsupported",
-            summary: "Verification scenarios no longer support `artifact_policy.screenshots: \"fallback\"`; use project-owned signals for scenario truth and manual or external capture only when a human needs a visual.",
-            details: ['artifact_policy.screenshots:"fallback"'],
-        },
-    ];
-    return {
-        version: GDH_RUNTIME_RUN_BUNDLE_VERSION,
-        bundleId,
-        bundlePath,
-        targetPath: input.targetPath,
-        recipeId: input.recipeId,
-        scenarioId: scenario.id,
-        outcome: "blocked",
-        summary: `Runtime verification scenario "${scenario.id}" is invalid: \`artifact_policy.screenshots: "fallback"\` is no longer supported.`,
-        reasons: ["verification_scenario_screenshot_policy_unsupported"],
-        scenario: {
-            ...scenario,
-            status: "broken",
-        },
-        attempts: [],
-        retainedFirstFailureAttempt: null,
-        feedback,
-        startedAt,
-        finishedAt: startedAt,
-        inputSignature,
-        artifacts: [],
-    };
-}
 function resolveJsonPath(value, pathExpression) {
     const normalizedPath = pathExpression.trim();
     if (normalizedPath.length === 0 || normalizedPath === "$" || normalizedPath === ".") {
@@ -688,6 +1051,13 @@ function readNumber(value) {
 function readBoolean(value, fallback) {
     return typeof value === "boolean" ? value : fallback;
 }
+function readScenarioScreenshotPolicy(value) {
+    const screenshotPolicy = readString(value);
+    if (screenshotPolicy === "rendered" || screenshotPolicy === "fallback") {
+        return "rendered";
+    }
+    return "never";
+}
 function readStringArray(value) {
     return Array.isArray(value)
         ? value.filter((entry) => typeof entry === "string")
@@ -696,6 +1066,14 @@ function readStringArray(value) {
 function readObjectArray(value) {
     return Array.isArray(value) ? value.map((entry) => toRecord(entry)) : [];
 }
+function isJsonRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function coerceJsonRecord(value) {
+    return isJsonRecord(value)
+        ? coerceJsonValue(value)
+        : {};
+}
 function coerceJsonValue(value) {
     if (value === null ||
         typeof value === "string" ||