@substrate-ai/sdlc 0.20.4 → 0.20.5

package/dist/verification/checks/index.d.ts

@@ -2,14 +2,17 @@
  * Barrel export for VerificationCheck implementations.
  *
  * Check registration order (Tier A before Tier B, and within Tier A in
- * pipeline sequence order per architecture section 3.5):
+ * pipeline sequence order):
  *   1. PhantomReviewCheck  — story 51-2
  *   2. TrivialOutputCheck  — story 51-3
  *   3. AcceptanceCriteriaEvidenceCheck
  *   4. BuildCheck          — story 51-4
+ *   5. RuntimeProbeCheck   — Epic 55 Phase 2
  */
 export { PhantomReviewCheck } from './phantom-review-check.js';
 export { TrivialOutputCheck, DEFAULT_TRIVIAL_OUTPUT_THRESHOLD } from './trivial-output-check.js';
 export { AcceptanceCriteriaEvidenceCheck, extractAcceptanceCriteriaIds } from './acceptance-criteria-evidence-check.js';
 export { BuildCheck, BUILD_CHECK_TIMEOUT_MS, detectBuildCommand } from './build-check.js';
+export { RuntimeProbeCheck } from './runtime-probe-check.js';
+export type { RuntimeProbeExecutors } from './runtime-probe-check.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/verification/checks/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/verification/checks/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,kBAAkB,EAAE,gCAAgC,EAAE,MAAM,2BAA2B,CAAA;AAChG,OAAO,EAAE,+BAA+B,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAA;AACvH,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/verification/checks/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,kBAAkB,EAAE,gCAAgC,EAAE,MAAM,2BAA2B,CAAA;AAChG,OAAO,EAAE,+BAA+B,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAA;AACvH,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AACzF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAC5D,YAAY,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAA"}

package/dist/verification/checks/index.js

@@ -2,14 +2,16 @@
  * Barrel export for VerificationCheck implementations.
  *
  * Check registration order (Tier A before Tier B, and within Tier A in
- * pipeline sequence order per architecture section 3.5):
+ * pipeline sequence order):
  *   1. PhantomReviewCheck  — story 51-2
  *   2. TrivialOutputCheck  — story 51-3
  *   3. AcceptanceCriteriaEvidenceCheck
  *   4. BuildCheck          — story 51-4
+ *   5. RuntimeProbeCheck   — Epic 55 Phase 2
  */
 export { PhantomReviewCheck } from './phantom-review-check.js';
 export { TrivialOutputCheck, DEFAULT_TRIVIAL_OUTPUT_THRESHOLD } from './trivial-output-check.js';
 export { AcceptanceCriteriaEvidenceCheck, extractAcceptanceCriteriaIds } from './acceptance-criteria-evidence-check.js';
 export { BuildCheck, BUILD_CHECK_TIMEOUT_MS, detectBuildCommand } from './build-check.js';
+export { RuntimeProbeCheck } from './runtime-probe-check.js';
 //# sourceMappingURL=index.js.map

package/dist/verification/checks/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/verification/checks/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,kBAAkB,EAAE,gCAAgC,EAAE,MAAM,2BAA2B,CAAA;AAChG,OAAO,EAAE,+BAA+B,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAA;AACvH,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/verification/checks/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,kBAAkB,EAAE,gCAAgC,EAAE,MAAM,2BAA2B,CAAA;AAChG,OAAO,EAAE,+BAA+B,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAA;AACvH,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AACzF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA"}

package/dist/verification/checks/runtime-probe-check.d.ts

@@ -0,0 +1,43 @@
+/**
+ * RuntimeProbeCheck — Epic 55 / Phase 2.
+ *
+ * Tier A verification check that parses and executes the author-declared
+ * runtime probes in a story's `## Runtime Probes` section. Each probe's
+ * outcome becomes a structured VerificationFinding, leveraging the
+ * Phase 1 persistence surface to flow through retry prompts, the run
+ * manifest, and post-run analysis without string-parsing.
+ *
+ * Architecture / scoring contract:
+ *
+ *   - No probes declared                  → pass (skip note finding array is empty)
+ *   - Probes declared, YAML invalid       → fail (one finding per parse error)
+ *   - Probe `sandbox: twin`               → warn (deferred until Phase 3)
+ *   - Probe `sandbox: host`, exit 0       → pass; no finding emitted for that probe
+ *   - Probe `sandbox: host`, exit ≠ 0     → fail (exit code + stdout/stderr tails)
+ *   - Probe `sandbox: host`, timed out    → fail (runtime-probe-timeout category)
+ *   - No storyContent on context          → warn (cannot verify without story text)
+ *
+ * Registered last in the canonical Tier A pipeline, after BuildCheck,
+ * because probes may depend on a successful build's output.
+ */
+import type { VerificationCheck, VerificationContext, VerificationResult } from '../types.js';
+import { type ProbeResult, type RuntimeProbe } from '../probes/index.js';
+/**
+ * Per-sandbox executors, injected via constructor so tests (and future
+ * twin integration in Phase 3) can swap implementations without touching
+ * the check's dispatch logic.
+ */
+export interface RuntimeProbeExecutors {
+    host: (probe: RuntimeProbe) => Promise<ProbeResult>;
+    /** Twin execution is deferred; the default returns undefined so the check
+     *  emits a `probe-deferred` warn finding. Phase 3 replaces this. */
+    twin?: (probe: RuntimeProbe) => Promise<ProbeResult> | undefined;
+}
+export declare class RuntimeProbeCheck implements VerificationCheck {
+    readonly name = "runtime-probes";
+    readonly tier: "A";
+    private readonly _executors;
+    constructor(executors?: Partial<RuntimeProbeExecutors>);
+    run(context: VerificationContext): Promise<VerificationResult>;
+}
+//# sourceMappingURL=runtime-probe-check.d.ts.map

package/dist/verification/checks/runtime-probe-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-probe-check.d.ts","sourceRoot":"","sources":["../../../src/verification/checks/runtime-probe-check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EAEnB,kBAAkB,EACnB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,YAAY,EAClB,MAAM,oBAAoB,CAAA;AAgB3B;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,OAAO,CAAC,WAAW,CAAC,CAAA;IACnD;wEACoE;IACpE,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,OAAO,CAAC,WAAW,CAAC,GAAG,SAAS,CAAA;CACjE;AAWD,qBAAa,iBAAkB,YAAW,iBAAiB;IACzD,QAAQ,CAAC,IAAI,oBAAmB;IAChC,QAAQ,CAAC,IAAI,EAAG,GAAG,CAAS;IAE5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAuB;gBAEtC,SAAS,CAAC,EAAE,OAAO,CAAC,qBAAqB,CAAC;IAOhD,GAAG,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAmHrE"}

package/dist/verification/checks/runtime-probe-check.js

@@ -0,0 +1,152 @@
+/**
+ * RuntimeProbeCheck — Epic 55 / Phase 2.
+ *
+ * Tier A verification check that parses and executes the author-declared
+ * runtime probes in a story's `## Runtime Probes` section. Each probe's
+ * outcome becomes a structured VerificationFinding, leveraging the
+ * Phase 1 persistence surface to flow through retry prompts, the run
+ * manifest, and post-run analysis without string-parsing.
+ *
+ * Architecture / scoring contract:
+ *
+ *   - No probes declared                  → pass (skip note finding array is empty)
+ *   - Probes declared, YAML invalid       → fail (one finding per parse error)
+ *   - Probe `sandbox: twin`               → warn (deferred until Phase 3)
+ *   - Probe `sandbox: host`, exit 0       → pass; no finding emitted for that probe
+ *   - Probe `sandbox: host`, exit ≠ 0     → fail (exit code + stdout/stderr tails)
+ *   - Probe `sandbox: host`, timed out    → fail (runtime-probe-timeout category)
+ *   - No storyContent on context          → warn (cannot verify without story text)
+ *
+ * Registered last in the canonical Tier A pipeline, after BuildCheck,
+ * because probes may depend on a successful build's output.
+ */
+import { renderFindings } from '../findings.js';
+import { parseRuntimeProbes, executeProbeOnHost, } from '../probes/index.js';
+// ---------------------------------------------------------------------------
+// Finding categories
+// ---------------------------------------------------------------------------
+const CATEGORY_PARSE = 'runtime-probe-parse-error';
+const CATEGORY_SKIP = 'runtime-probe-skip';
+const CATEGORY_DEFERRED = 'runtime-probe-deferred';
+const CATEGORY_FAIL = 'runtime-probe-fail';
+const CATEGORY_TIMEOUT = 'runtime-probe-timeout';
+const defaultExecutors = {
+    host: (probe) => executeProbeOnHost(probe, { cwd: process.cwd() }),
+    // twin intentionally omitted → RuntimeProbeCheck emits a warn finding
+};
+// ---------------------------------------------------------------------------
+// RuntimeProbeCheck
+// ---------------------------------------------------------------------------
+export class RuntimeProbeCheck {
+    name = 'runtime-probes';
+    tier = 'A';
+    _executors;
+    constructor(executors) {
+        this._executors = {
+            ...defaultExecutors,
+            ...(executors ?? {}),
+        };
+    }
+    async run(context) {
+        const start = Date.now();
+        // Story content is required to locate the `## Runtime Probes` section.
+        // Absence is treated as a warn so reviewers know the check could not
+        // make a decision, distinct from "present but no probes declared".
+        if (context.storyContent === undefined) {
+            const findings = [
+                {
+                    category: CATEGORY_SKIP,
+                    severity: 'warn',
+                    message: 'story content unavailable — skipping runtime probe check',
+                },
+            ];
+            return {
+                status: 'warn',
+                details: renderFindings(findings),
+                duration_ms: Date.now() - start,
+                findings,
+            };
+        }
+        const parsed = parseRuntimeProbes(context.storyContent);
+        if (parsed.kind === 'absent') {
+            return {
+                status: 'pass',
+                details: 'runtime-probes: no ## Runtime Probes section declared — skipping',
+                duration_ms: Date.now() - start,
+                findings: [],
+            };
+        }
+        if (parsed.kind === 'invalid') {
+            const findings = [
+                {
+                    category: CATEGORY_PARSE,
+                    severity: 'error',
+                    message: parsed.error,
+                },
+            ];
+            return {
+                status: 'fail',
+                details: renderFindings(findings),
+                duration_ms: Date.now() - start,
+                findings,
+            };
+        }
+        // kind === 'parsed'. Empty list is a valid author-declared state
+        // (e.g. they declared the section but intentionally zero probes yet);
+        // treat identically to `absent` for the verdict.
+        if (parsed.probes.length === 0) {
+            return {
+                status: 'pass',
+                details: 'runtime-probes: 0 probes declared — skipping',
+                duration_ms: Date.now() - start,
+                findings: [],
+            };
+        }
+        const findings = [];
+        for (const probe of parsed.probes) {
+            if (probe.sandbox === 'twin') {
+                findings.push({
+                    category: CATEGORY_DEFERRED,
+                    severity: 'warn',
+                    message: `probe "${probe.name}" uses sandbox=twin which is deferred until ` +
+                        `Phase 3 (Digital Twin integration); skipping`,
+                });
+                continue;
+            }
+            // sandbox === 'host'
+            const result = await this._executors.host(probe);
+            if (result.outcome === 'pass') {
+                continue;
+            }
+            const category = result.outcome === 'timeout' ? CATEGORY_TIMEOUT : CATEGORY_FAIL;
+            const descriptor = probe.description ? ` (${probe.description})` : '';
+            const message = result.outcome === 'timeout'
+                ? `probe "${probe.name}"${descriptor} timed out after ${result.durationMs}ms`
+                : `probe "${probe.name}"${descriptor} failed with exit ${result.exitCode ?? 'unknown'}`;
+            findings.push({
+                category,
+                severity: 'error',
+                message,
+                command: result.command,
+                ...(result.exitCode !== undefined ? { exitCode: result.exitCode } : {}),
+                stdoutTail: result.stdoutTail,
+                stderrTail: result.stderrTail,
+                durationMs: result.durationMs,
+            });
+        }
+        const status = findings.some((f) => f.severity === 'error')
+            ? 'fail'
+            : findings.some((f) => f.severity === 'warn')
+                ? 'warn'
+                : 'pass';
+        return {
+            status,
+            details: findings.length > 0
+                ? renderFindings(findings)
+                : `runtime-probes: ${parsed.probes.length} probe(s) passed`,
+            duration_ms: Date.now() - start,
+            findings,
+        };
+    }
+}
+//# sourceMappingURL=runtime-probe-check.js.map

package/dist/verification/checks/runtime-probe-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-probe-check.js","sourceRoot":"","sources":["../../../src/verification/checks/runtime-probe-check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAQH,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAC/C,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GAGnB,MAAM,oBAAoB,CAAA;AAE3B,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,MAAM,cAAc,GAAG,2BAA2B,CAAA;AAClD,MAAM,aAAa,GAAG,oBAAoB,CAAA;AAC1C,MAAM,iBAAiB,GAAG,wBAAwB,CAAA;AAClD,MAAM,aAAa,GAAG,oBAAoB,CAAA;AAC1C,MAAM,gBAAgB,GAAG,uBAAuB,CAAA;AAkBhD,MAAM,gBAAgB,GAA0B;IAC9C,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;IAClE,sEAAsE;CACvE,CAAA;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,OAAO,iBAAiB;IACnB,IAAI,GAAG,gBAAgB,CAAA;IACvB,IAAI,GAAG,GAAY,CAAA;IAEX,UAAU,CAAuB;IAElD,YAAY,SAA0C;QACpD,IAAI,CAAC,UAAU,GAAG;YAChB,GAAG,gBAAgB;YACnB,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC;SACrB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAA4B;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAExB,uEAAuE;QACvE,qEAAqE;QACrE,mEAAmE;QACnE,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACvC,MAAM,QAAQ,GAA0B;gBACtC;oBACE,QAAQ,EAAE,aAAa;oBACvB,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,0DAA0D;iBACpE;aACF,CAAA;YACD,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,cAAc,CAAC,QAAQ,CAAC;gBACjC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,QAAQ;aACT,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;QAEvD,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,kEAAkE;gBAC3E,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,QAAQ,EAAE,EAAE;aACb,CAAA;QACH,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAA0B;gBACtC;oBACE,QAAQ,EAAE,cAAc;oBACxB,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,MAAM,CAAC,KAAK;iBACtB;aACF,CAAA;YACD,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,cAAc,CAAC,QAAQ,CAAC;gBACjC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,QAAQ;aACT,CAAA;QACH,CAAC;QAED,iEAAiE;QACjE,sEAAsE;QACtE,iDAAiD;QACjD,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,8CAA8C;gBACvD,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,QAAQ,EAAE,EAAE;aACb,CAAA;QACH,CAAC;QAED,MAAM,QAAQ,GAA0B,EAAE,CAAA;QAC1C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClC,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;gBAC7B,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,iBAAiB;oBAC3B,QAAQ,EAAE,MAAM;oBAChB,OAAO,EACL,UAAU,KAAK,CAAC,IAAI,8CAA8C;wBAClE,8CAA8C;iBACjD,CAAC,CAAA;gBACF,SAAQ;YACV,CAAC;YAED,qBAAqB;YACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAChD,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;gBAC9B,SAAQ;YACV,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,aAAa,CAAA;YAChF,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;YACrE,MAAM,OAAO,GACX,MAAM,CAAC,OAAO,KAAK,SAAS;gBAC1B,CAAC,CAAC,UAAU,KAAK,CAAC,IAAI,IAAI,UAAU,oBAAoB,MAAM,CAAC,UAAU,IAAI;gBAC7E,CAAC,CAAC,UAAU,KAAK,CAAC,IAAI,IAAI,UAAU,qBAAqB,MAAM,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAA;YAE3F,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ;gBACR,QAAQ,EAAE,OAAO;gBACjB,OAAO;gBACP,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvE,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC;YACzD,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;gBAC3C,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,MAAM,CAAA;QAEZ,OAAO;YACL,MAAM;YACN,OAAO,EACL,QAAQ,CAAC,MAAM,GAAG,CAAC;gBACjB,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC;gBAC1B,CAAC,CAAC,mBAAmB,MAAM,CAAC,MAAM,CAAC,MAAM,kBAAkB;YAC/D,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC/B,QAAQ;SACT,CAAA;IACH,CAAC;CACF"}

package/dist/verification/index.d.ts

@@ -7,6 +7,10 @@
 export { VerificationPipeline, createDefaultVerificationPipeline } from './verification-pipeline.js';
 export type { VerificationCheck, VerificationContext, VerificationResult, VerificationCheckResult, VerificationSummary, ReviewSignals, DevStorySignals, VerificationFinding, VerificationFindingSeverity, } from './types.js';
 export { renderFindings } from './findings.js';
+export { RuntimeProbeCheck } from './checks/runtime-probe-check.js';
+export type { RuntimeProbeExecutors } from './checks/runtime-probe-check.js';
+export { DEFAULT_PROBE_TIMEOUT_MS, PROBE_TAIL_BYTES, RuntimeProbeListSchema, RuntimeProbeSandboxSchema, RuntimeProbeSchema, parseRuntimeProbes, executeProbeOnHost, } from './probes/index.js';
+export type { HostExecuteOptions, ProbeResult, RuntimeProbe, RuntimeProbeParseResult, RuntimeProbeSandbox, } from './probes/index.js';
 export { PhantomReviewCheck } from './checks/index.js';
 export { TrivialOutputCheck, DEFAULT_TRIVIAL_OUTPUT_THRESHOLD } from './checks/index.js';
 export { AcceptanceCriteriaEvidenceCheck, extractAcceptanceCriteriaIds } from './checks/index.js';

package/dist/verification/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/verification/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,iCAAiC,EAAE,MAAM,4BAA4B,CAAA;AACpG,YAAY,EACV,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,uBAAuB,EACvB,mBAAmB,EACnB,aAAa,EACb,eAAe,EACf,mBAAmB,EACnB,2BAA2B,GAC5B,MAAM,YAAY,CAAA;AACnB,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,gCAAgC,EAAE,MAAM,mBAAmB,CAAA;AACxF,OAAO,EAAE,+BAA+B,EAAE,4BAA4B,EAAE,MAAM,mBAAmB,CAAA;AACjG,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/verification/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,iCAAiC,EAAE,MAAM,4BAA4B,CAAA;AACpG,YAAY,EACV,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,uBAAuB,EACvB,mBAAmB,EACnB,aAAa,EACb,eAAe,EACf,mBAAmB,EACnB,2BAA2B,GAC5B,MAAM,YAAY,CAAA;AACnB,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAG9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,YAAY,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAA;AAC5E,OAAO,EACL,wBAAwB,EACxB,gBAAgB,EAChB,sBAAsB,EACtB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,kBAAkB,EAClB,WAAW,EACX,YAAY,EACZ,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,mBAAmB,CAAA;AAE1B,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,gCAAgC,EAAE,MAAM,mBAAmB,CAAA;AACxF,OAAO,EAAE,+BAA+B,EAAE,4BAA4B,EAAE,MAAM,mBAAmB,CAAA;AACjG,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA"}

package/dist/verification/index.js

@@ -6,6 +6,9 @@
  */
 export { VerificationPipeline, createDefaultVerificationPipeline } from './verification-pipeline.js';
 export { renderFindings } from './findings.js';
+// Epic 55 Phase 2 — Runtime probe support.
+export { RuntimeProbeCheck } from './checks/runtime-probe-check.js';
+export { DEFAULT_PROBE_TIMEOUT_MS, PROBE_TAIL_BYTES, RuntimeProbeListSchema, RuntimeProbeSandboxSchema, RuntimeProbeSchema, parseRuntimeProbes, executeProbeOnHost, } from './probes/index.js';
 // Concrete check implementations (story 51-2+)
 export { PhantomReviewCheck } from './checks/index.js';
 export { TrivialOutputCheck, DEFAULT_TRIVIAL_OUTPUT_THRESHOLD } from './checks/index.js';

package/dist/verification/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/verification/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,iCAAiC,EAAE,MAAM,4BAA4B,CAAA;AAYpG,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAC9C,+CAA+C;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,gCAAgC,EAAE,MAAM,mBAAmB,CAAA;AACxF,OAAO,EAAE,+BAA+B,EAAE,4BAA4B,EAAE,MAAM,mBAAmB,CAAA;AACjG,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/verification/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,iCAAiC,EAAE,MAAM,4BAA4B,CAAA;AAYpG,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE9C,2CAA2C;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AAEnE,OAAO,EACL,wBAAwB,EACxB,gBAAgB,EAChB,sBAAsB,EACtB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,mBAAmB,CAAA;AAQ1B,+CAA+C;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,gCAAgC,EAAE,MAAM,mBAAmB,CAAA;AACxF,OAAO,EAAE,+BAA+B,EAAE,4BAA4B,EAAE,MAAM,mBAAmB,CAAA;AACjG,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA"}

package/dist/verification/probes/executor.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Host-sandbox probe executor — Epic 55 / Phase 2.
+ *
+ * Runs one runtime probe directly on the operator machine via a detached
+ * shell process, with stream-separated capture and a hard timeout that
+ * terminates the entire process group. Same safety posture as BuildCheck —
+ * specifically the detached-process-group + SIGKILL-on-timeout pattern —
+ * so probe execution cannot orphan long-running descendants.
+ *
+ * Twin-sandbox execution is **deferred to Phase 3** (Digital Twin
+ * integration). RuntimeProbeCheck handles the `sandbox: twin` case itself
+ * without routing through this module.
+ */
+import { type ProbeResult, type RuntimeProbe } from './types.js';
+/** Options for host execution. Injected primarily to make tests deterministic. */
+export interface HostExecuteOptions {
+    /** Working directory for the spawned shell. Defaults to process.cwd(). */
+    cwd?: string;
+    /** Environment override. Defaults to the parent process's env. */
+    env?: NodeJS.ProcessEnv;
+}
+/**
+ * Execute one probe on the host and return a structured ProbeResult.
+ *
+ * Behavior notes:
+ *   - The shell used is `/bin/sh -c '<probe.command>'` inside a detached
+ *     process group (so the entire tree is killed on timeout).
+ *   - stdout and stderr are captured independently; each is returned
+ *     tailed to PROBE_TAIL_BYTES (≤ 4 KiB) so published tarballs of the
+ *     run manifest stay small.
+ *   - Timeout defaults to `probe.timeout_ms ?? DEFAULT_PROBE_TIMEOUT_MS`
+ *     (60 s). When the timeout fires, the process group is SIGKILL'd and
+ *     the returned result has `outcome: 'timeout'`, `exitCode` undefined.
+ *   - Never throws. Spawn errors (e.g. exec format error) are returned as
+ *     `outcome: 'fail'` with exitCode -1 and the error message captured on
+ *     stderrTail, so the caller can emit a deterministic finding.
+ */
+export declare function executeProbeOnHost(probe: RuntimeProbe, options?: HostExecuteOptions): Promise<ProbeResult>;
+//# sourceMappingURL=executor.d.ts.map

package/dist/verification/probes/executor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../../src/verification/probes/executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,YAAY,EAClB,MAAM,YAAY,CAAA;AAenB,kFAAkF;AAClF,MAAM,WAAW,kBAAkB;IACjC,0EAA0E;IAC1E,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,kEAAkE;IAClE,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;CACxB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,YAAY,EACnB,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,WAAW,CAAC,CA0EtB"}

package/dist/verification/probes/executor.js

@@ -0,0 +1,109 @@
+/**
+ * Host-sandbox probe executor — Epic 55 / Phase 2.
+ *
+ * Runs one runtime probe directly on the operator machine via a detached
+ * shell process, with stream-separated capture and a hard timeout that
+ * terminates the entire process group. Same safety posture as BuildCheck —
+ * specifically the detached-process-group + SIGKILL-on-timeout pattern —
+ * so probe execution cannot orphan long-running descendants.
+ *
+ * Twin-sandbox execution is **deferred to Phase 3** (Digital Twin
+ * integration). RuntimeProbeCheck handles the `sandbox: twin` case itself
+ * without routing through this module.
+ */
+import { spawn } from 'node:child_process';
+import { DEFAULT_PROBE_TIMEOUT_MS, PROBE_TAIL_BYTES, } from './types.js';
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/** Return the last N bytes of a UTF-8 string (sliced by length for simplicity). */
+function tail(text, bytes = PROBE_TAIL_BYTES) {
+    return text.length <= bytes ? text : text.slice(text.length - bytes);
+}
+/**
+ * Execute one probe on the host and return a structured ProbeResult.
+ *
+ * Behavior notes:
+ *   - The shell used is `/bin/sh -c '<probe.command>'` inside a detached
+ *     process group (so the entire tree is killed on timeout).
+ *   - stdout and stderr are captured independently; each is returned
+ *     tailed to PROBE_TAIL_BYTES (≤ 4 KiB) so published tarballs of the
+ *     run manifest stay small.
+ *   - Timeout defaults to `probe.timeout_ms ?? DEFAULT_PROBE_TIMEOUT_MS`
+ *     (60 s). When the timeout fires, the process group is SIGKILL'd and
+ *     the returned result has `outcome: 'timeout'`, `exitCode` undefined.
+ *   - Never throws. Spawn errors (e.g. exec format error) are returned as
+ *     `outcome: 'fail'` with exitCode -1 and the error message captured on
+ *     stderrTail, so the caller can emit a deterministic finding.
+ */
+export function executeProbeOnHost(probe, options = {}) {
+    const timeoutMs = probe.timeout_ms ?? DEFAULT_PROBE_TIMEOUT_MS;
+    const cwd = options.cwd ?? process.cwd();
+    const env = options.env ?? process.env;
+    const start = Date.now();
+    return new Promise((resolve) => {
+        let stdout = '';
+        let stderr = '';
+        let settled = false;
+        const child = spawn(probe.command, [], {
+            cwd,
+            env,
+            detached: true,
+            shell: true,
+            stdio: ['ignore', 'pipe', 'pipe'],
+        });
+        const finalize = (result) => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(result);
+        };
+        child.on('error', (err) => {
+            // spawn error (ENOENT, EACCES, EMFILE, etc.) — never reach 'close'.
+            finalize({
+                outcome: 'fail',
+                command: probe.command,
+                exitCode: -1,
+                stdoutTail: tail(stdout),
+                stderrTail: tail(stderr + (stderr.length > 0 && !stderr.endsWith('\n') ? '\n' : '') + `spawn error: ${err.message}\n`),
+                durationMs: Date.now() - start,
+            });
+        });
+        child.stdout?.on('data', (chunk) => {
+            stdout += chunk.toString();
+        });
+        child.stderr?.on('data', (chunk) => {
+            stderr += chunk.toString();
+        });
+        const timeoutHandle = setTimeout(() => {
+            try {
+                if (child.pid !== undefined) {
+                    process.kill(-child.pid, 'SIGKILL');
+                }
+            }
+            catch {
+                // Process already exited between timeout fire and kill call.
+            }
+            finalize({
+                outcome: 'timeout',
+                command: probe.command,
+                stdoutTail: tail(stdout),
+                stderrTail: tail(stderr),
+                durationMs: Date.now() - start,
+            });
+        }, timeoutMs);
+        child.on('close', (code) => {
+            clearTimeout(timeoutHandle);
+            const duration = Date.now() - start;
+            finalize({
+                outcome: code === 0 ? 'pass' : 'fail',
+                command: probe.command,
+                ...(code !== null ? { exitCode: code } : {}),
+                stdoutTail: tail(stdout),
+                stderrTail: tail(stderr),
+                durationMs: duration,
+            });
+        });
+    });
+}
+//# sourceMappingURL=executor.js.map

package/dist/verification/probes/executor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"executor.js","sourceRoot":"","sources":["../../../src/verification/probes/executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAA;AAC1C,OAAO,EACL,wBAAwB,EACxB,gBAAgB,GAGjB,MAAM,YAAY,CAAA;AAEnB,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,mFAAmF;AACnF,SAAS,IAAI,CAAC,IAAY,EAAE,KAAK,GAAG,gBAAgB;IAClD,OAAO,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,CAAA;AACtE,CAAC;AAcD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAmB,EACnB,UAA8B,EAAE;IAEhC,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,IAAI,wBAAwB,CAAA;IAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;IACxC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAExB,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,EAAE;QAC1C,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,OAAO,GAAG,KAAK,CAAA;QAEnB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,EAAE;YACrC,GAAG;YACH,GAAG;YACH,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,IAAI;YACX,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,CAAC,MAAmB,EAAE,EAAE;YACvC,IAAI,OAAO;gBAAE,OAAM;YACnB,OAAO,GAAG,IAAI,CAAA;YACd,OAAO,CAAC,MAAM,CAAC,CAAA;QACjB,CAAC,CAAA;QAED,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,oEAAoE;YACpE,QAAQ,CAAC;gBACP,OAAO,EAAE,MAAM;gBACf,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,QAAQ,EAAE,CAAC,CAAC;gBACZ,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC;gBACxB,UAAU,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,gBAAgB,GAAG,CAAC,OAAO,IAAI,CAAC;gBACtH,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QAEF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAA;QAC5B,CAAC,CAAC,CAAA;QACF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAA;QAC5B,CAAC,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE;YACpC,IAAI,CAAC;gBACH,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;oBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBACrC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,6DAA6D;YAC/D,CAAC;YACD,QAAQ,CAAC;gBACP,OAAO,EAAE,SAAS;gBAClB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC;gBACxB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC;gBACxB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC,CAAA;QACJ,CAAC,EAAE,SAAS,CAAC,CAAA;QAEb,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,YAAY,CAAC,aAAa,CAAC,CAAA;YAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAA;YACnC,QAAQ,CAAC;gBACP,OAAO,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;gBACrC,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,GAAG,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5C,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC;gBACxB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC;gBACxB,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/verification/probes/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Runtime probe public surface — Epic 55 / Phase 2.
+ *
+ * Re-exports the parser, executor, and supporting types. The actual
+ * VerificationCheck implementation lives in ../checks/runtime-probe-check.ts
+ * to keep the existing `checks/` directory as the canonical location for
+ * all VerificationCheck subclasses.
+ */
+export { DEFAULT_PROBE_TIMEOUT_MS, PROBE_TAIL_BYTES, RuntimeProbeListSchema, RuntimeProbeSandboxSchema, RuntimeProbeSchema, } from './types.js';
+export type { ProbeResult, RuntimeProbe, RuntimeProbeParseResult, RuntimeProbeSandbox, } from './types.js';
+export { parseRuntimeProbes } from './parser.js';
+export { executeProbeOnHost } from './executor.js';
+export type { HostExecuteOptions } from './executor.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/verification/probes/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/verification/probes/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,wBAAwB,EACxB,gBAAgB,EAChB,sBAAsB,EACtB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,YAAY,CAAA;AACnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,YAAY,CAAA;AAEnB,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAEhD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA;AAClD,YAAY,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA"}

package/dist/verification/probes/index.js

@@ -0,0 +1,12 @@
+/**
+ * Runtime probe public surface — Epic 55 / Phase 2.
+ *
+ * Re-exports the parser, executor, and supporting types. The actual
+ * VerificationCheck implementation lives in ../checks/runtime-probe-check.ts
+ * to keep the existing `checks/` directory as the canonical location for
+ * all VerificationCheck subclasses.
+ */
+export { DEFAULT_PROBE_TIMEOUT_MS, PROBE_TAIL_BYTES, RuntimeProbeListSchema, RuntimeProbeSandboxSchema, RuntimeProbeSchema, } from './types.js';
+export { parseRuntimeProbes } from './parser.js';
+export { executeProbeOnHost } from './executor.js';
+//# sourceMappingURL=index.js.map

package/dist/verification/probes/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/verification/probes/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,wBAAwB,EACxB,gBAAgB,EAChB,sBAAsB,EACtB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,YAAY,CAAA;AAQnB,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAEhD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA"}

package/dist/verification/probes/parser.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Runtime probe parser — Epic 55 / Phase 2.
+ *
+ * Locates the `## Runtime Probes` section in a story's markdown content and
+ * extracts any probe declarations contained in a `yaml` code fence inside
+ * it. Never throws: every failure mode is returned as a RuntimeProbeParseResult
+ * variant so the VerificationCheck can emit a structured finding rather than
+ * crash the verification pipeline.
+ */
+import { type RuntimeProbeParseResult } from './types.js';
+/**
+ * Parse the `## Runtime Probes` section of a story's markdown content.
+ *
+ * Outcomes:
+ *   - section missing                                  → { kind: 'absent' }
+ *   - section present, no yaml fence                   → { kind: 'invalid' }
+ *   - section present, yaml fence malformed            → { kind: 'invalid' }
+ *   - section present, yaml root is not a list         → { kind: 'invalid' }
+ *   - section present, entry fails RuntimeProbeSchema  → { kind: 'invalid' }
+ *   - section present, yaml valid, all entries valid   → { kind: 'parsed' }
+ *
+ * Duplicate names within a single story are surfaced as `invalid` so that
+ * finding messages can unambiguously reference a probe by name.
+ */
+export declare function parseRuntimeProbes(storyContent: string): RuntimeProbeParseResult;
+//# sourceMappingURL=parser.d.ts.map

package/dist/verification/probes/parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../../src/verification/probes/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAGL,KAAK,uBAAuB,EAC7B,MAAM,YAAY,CAAA;AAmEnB;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,uBAAuB,CAsDhF"}

package/dist/verification/probes/parser.js

@@ -0,0 +1,134 @@
+/**
+ * Runtime probe parser — Epic 55 / Phase 2.
+ *
+ * Locates the `## Runtime Probes` section in a story's markdown content and
+ * extracts any probe declarations contained in a `yaml` code fence inside
+ * it. Never throws: every failure mode is returned as a RuntimeProbeParseResult
+ * variant so the VerificationCheck can emit a structured finding rather than
+ * crash the verification pipeline.
+ */
+import { load as yamlLoad, YAMLException } from 'js-yaml';
+import { RuntimeProbeListSchema, } from './types.js';
+// ---------------------------------------------------------------------------
+// Section extraction
+// ---------------------------------------------------------------------------
+const SECTION_HEADING = /^##\s+Runtime\s+Probes\s*$/i;
+/**
+ * Return the raw text of the story's `## Runtime Probes` section (excluding
+ * the heading line itself), or `undefined` if the section is not present.
+ *
+ * The section ends at the next `##` heading or end-of-file. Sub-headings
+ * (`###`, `####`) remain part of the section body.
+ */
+function extractRuntimeProbesSection(storyContent) {
+    const lines = storyContent.split(/\r?\n/);
+    const start = lines.findIndex((line) => SECTION_HEADING.test(line.trim()));
+    if (start === -1)
+        return undefined;
+    let end = lines.length;
+    for (let i = start + 1; i < lines.length; i += 1) {
+        if (/^##\s+\S/.test(lines[i] ?? '')) {
+            end = i;
+            break;
+        }
+    }
+    return lines.slice(start + 1, end).join('\n');
+}
+/**
+ * Extract the body of the first ```yaml (or ```yml) fenced block in the
+ * given section text. Returns `undefined` if no yaml fence is present.
+ *
+ * The opening fence is recognized case-insensitively and may carry an
+ * arbitrary trailing info string (e.g. ```yaml title=...). The closing
+ * fence is any line whose first non-whitespace run is exactly three
+ * backticks.
+ */
+function extractYamlFence(section) {
+    const lines = section.split(/\r?\n/);
+    let inside = false;
+    let collected;
+    for (const line of lines) {
+        if (!inside) {
+            if (/^\s*```\s*(yaml|yml)\b/i.test(line)) {
+                inside = true;
+                collected = [];
+            }
+            continue;
+        }
+        // inside a yaml fence
+        if (/^\s*```\s*$/.test(line)) {
+            return (collected ?? []).join('\n');
+        }
+        collected?.push(line);
+    }
+    // Unterminated fence → treat as missing; the caller surfaces this as an
+    // `invalid` parse result with a clear message.
+    return undefined;
+}
+// ---------------------------------------------------------------------------
+// parseRuntimeProbes — public entry point
+// ---------------------------------------------------------------------------
+/**
+ * Parse the `## Runtime Probes` section of a story's markdown content.
+ *
+ * Outcomes:
+ *   - section missing                                  → { kind: 'absent' }
+ *   - section present, no yaml fence                   → { kind: 'invalid' }
+ *   - section present, yaml fence malformed            → { kind: 'invalid' }
+ *   - section present, yaml root is not a list         → { kind: 'invalid' }
+ *   - section present, entry fails RuntimeProbeSchema  → { kind: 'invalid' }
+ *   - section present, yaml valid, all entries valid   → { kind: 'parsed' }
+ *
+ * Duplicate names within a single story are surfaced as `invalid` so that
+ * finding messages can unambiguously reference a probe by name.
+ */
+export function parseRuntimeProbes(storyContent) {
+    const section = extractRuntimeProbesSection(storyContent);
+    if (section === undefined) {
+        return { kind: 'absent' };
+    }
+    const yamlBody = extractYamlFence(section);
+    if (yamlBody === undefined) {
+        return {
+            kind: 'invalid',
+            error: '## Runtime Probes section is present but contains no terminated ```yaml fenced block',
+        };
+    }
+    let parsed;
+    try {
+        parsed = yamlLoad(yamlBody) ?? [];
+    }
+    catch (err) {
+        const detail = err instanceof YAMLException ? err.message : String(err);
+        return { kind: 'invalid', error: `YAML parse error: ${detail}` };
+    }
+    if (!Array.isArray(parsed)) {
+        return {
+            kind: 'invalid',
+            error: `probe block root must be a YAML list; got ${typeof parsed}`,
+        };
+    }
+    const validation = RuntimeProbeListSchema.safeParse(parsed);
+    if (!validation.success) {
+        const first = validation.error.issues[0];
+        const path = first?.path.join('.') ?? '';
+        const message = first?.message ?? 'schema validation failed';
+        return {
+            kind: 'invalid',
+            error: `probe list is malformed at ${path || '<root>'}: ${message}`,
+        };
+    }
+    const probes = validation.data;
+    const seen = new Set();
+    for (const probe of probes) {
+        if (seen.has(probe.name)) {
+            return {
+                kind: 'invalid',
+                error: `duplicate probe name: ${probe.name}`,
+            };
+        }
+        seen.add(probe.name);
+    }
+    return { kind: 'parsed', probes };
+}
+//# sourceMappingURL=parser.js.map

package/dist/verification/probes/parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../../src/verification/probes/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,IAAI,IAAI,QAAQ,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AACzD,OAAO,EACL,sBAAsB,GAGvB,MAAM,YAAY,CAAA;AAEnB,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,MAAM,eAAe,GAAG,6BAA6B,CAAA;AAErD;;;;;;GAMG;AACH,SAAS,2BAA2B,CAAC,YAAoB;IACvD,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IACzC,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;IAC1E,IAAI,KAAK,KAAK,CAAC,CAAC;QAAE,OAAO,SAAS,CAAA;IAElC,IAAI,GAAG,GAAG,KAAK,CAAC,MAAM,CAAA;IACtB,KAAK,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACjD,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YACpC,GAAG,GAAG,CAAC,CAAA;YACP,MAAK;QACP,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC/C,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IACpC,IAAI,MAAM,GAAG,KAAK,CAAA;IAClB,IAAI,SAA+B,CAAA;IACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzC,MAAM,GAAG,IAAI,CAAA;gBACb,SAAS,GAAG,EAAE,CAAA;YAChB,CAAC;YACD,SAAQ;QACV,CAAC;QACD,sBAAsB;QACtB,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACrC,CAAC;QACD,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;IACvB,CAAC;IACD,wEAAwE;IACxE,+CAA+C;IAC/C,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,YAAoB;IACrD,MAAM,OAAO,GAAG,2BAA2B,CAAC,YAAY,CAAC,CAAA;IACzD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC3B,CAAC;IAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;IAC1C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO;YACL,IAAI,EAAE,SAAS;YACf,KAAK,EACH,sFAAsF;SACzF,CAAA;IACH,CAAC;IAED,IAAI,MAAe,CAAA;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;IACnC,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,GAAG,YAAY,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QACvE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,qBAAqB,MAAM,EAAE,EAAE,CAAA;IAClE,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO;YACL,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,6CAA6C,OAAO,MAAM,EAAE;SACpE,CAAA;IACH,CAAC;IAED,MAAM,UAAU,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IAC3D,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;QACxC,MAAM,IAAI,GAAG,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;QACxC,MAAM,OAAO,GAAG,KAAK,EAAE,OAAO,IAAI,0BAA0B,CAAA;QAC5D,OAAO;YACL,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,8BAA8B,IAAI,IAAI,QAAQ,KAAK,OAAO,EAAE;SACpE,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAmB,UAAU,CAAC,IAAI,CAAA;IAC9C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;IAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,yBAAyB,KAAK,CAAC,IAAI,EAAE;aAC7C,CAAA;QACH,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;AACnC,CAAC"}

package/dist/verification/probes/types.d.ts

@@ -0,0 +1,122 @@
+/**
+ * Runtime probe types — Epic 55 / Phase 2.
+ *
+ * A "runtime probe" is an author-declared executable command that the
+ * verification pipeline runs against a real or ephemeral target environment
+ * to answer the question "does the artifact this story produced actually
+ * work?". Runtime probes exist specifically to catch the class of bugs that
+ * static shape-gates (phantom-review, trivial-output, ac-evidence, build)
+ * cannot — runtime misconfiguration, wrong image paths, systemd semantics,
+ * credential issues, and so on.
+ *
+ * This file defines the data shape; parsing lives in ./parser.ts, execution
+ * lives in ./executor.ts, and the VerificationCheck implementation lives in
+ * ../checks/runtime-probe-check.ts.
+ */
+import { z } from 'zod';
+/**
+ * Execution sandbox for a runtime probe.
+ *
+ * - `host`: probe runs directly on the operator's machine. Explicit opt-in.
+ *   Cheapest; most dangerous. Authors choosing `host` acknowledge the probe
+ *   may touch host state (ports, systemd units, filesystem) and take
+ *   responsibility for cleanup.
+ * - `twin`: probe runs inside an ephemeral sandbox brokered by the Digital
+ *   Twin subsystem (Epic 47). Twin integration is **deferred to Phase 3** —
+ *   probes with `sandbox: twin` currently emit a `probe-deferred` warn
+ *   finding rather than executing. Authors can declare twin-scoped probes
+ *   today and they will execute transparently once Phase 3 lands.
+ */
+export declare const RuntimeProbeSandboxSchema: z.ZodEnum<{
+    host: "host";
+    twin: "twin";
+}>;
+export type RuntimeProbeSandbox = z.infer<typeof RuntimeProbeSandboxSchema>;
+/**
+ * Default per-probe timeout in milliseconds. Matches the existing
+ * BuildCheck ceiling (60 s) — deliberate, so probe timeouts are bounded
+ * by the same policy the pipeline already uses for long-running checks.
+ */
+export declare const DEFAULT_PROBE_TIMEOUT_MS = 60000;
+/** Hard upper bound on per-probe stdout/stderr retention (≤ 4 KiB — the
+ *  same convention as VerificationFinding.{stdoutTail,stderrTail}). */
+export declare const PROBE_TAIL_BYTES: number;
+/**
+ * Zod schema for one runtime probe declared in a story's
+ * `## Runtime Probes` section.
+ *
+ * Required fields (`name`, `sandbox`, `command`) force authors to make
+ * intent explicit — no silent defaults that could mask a miswritten probe.
+ * Optional fields cover operational knobs with sensible fallbacks.
+ */
+export declare const RuntimeProbeSchema: z.ZodObject<{
+    name: z.ZodString;
+    sandbox: z.ZodEnum<{
+        host: "host";
+        twin: "twin";
+    }>;
+    command: z.ZodString;
+    timeout_ms: z.ZodOptional<z.ZodNumber>;
+    description: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type RuntimeProbe = z.infer<typeof RuntimeProbeSchema>;
+/** Zod schema for the full list (wrapping the per-probe schema). */
+export declare const RuntimeProbeListSchema: z.ZodArray<z.ZodObject<{
+    name: z.ZodString;
+    sandbox: z.ZodEnum<{
+        host: "host";
+        twin: "twin";
+    }>;
+    command: z.ZodString;
+    timeout_ms: z.ZodOptional<z.ZodNumber>;
+    description: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>;
+/**
+ * Result of parsing the `## Runtime Probes` section from story markdown.
+ *
+ * Parsing never throws — instead it returns one of three variants so the
+ * VerificationCheck can distinguish and emit appropriate findings:
+ *
+ * - `absent`:  section missing entirely. Treat as "no probes declared" →
+ *              check emits pass with skip note. Backward compat for every
+ *              story authored before Phase 2.
+ * - `parsed`:  section present, YAML valid, all entries match
+ *              RuntimeProbeSchema. `probes` is the parsed array (may be
+ *              empty if the YAML list was intentionally `[]`).
+ * - `invalid`: section present but YAML is malformed, the root value is
+ *              not a list, or at least one entry fails schema validation.
+ *              The check surfaces `invalid` as a fail finding with the
+ *              original parse error so authors see the exact problem.
+ */
+export type RuntimeProbeParseResult = {
+    kind: 'absent';
+} | {
+    kind: 'parsed';
+    probes: RuntimeProbe[];
+} | {
+    kind: 'invalid';
+    error: string;
+};
+/**
+ * Outcome of one probe execution.
+ *
+ * Mirrors the optional `{command, exitCode, stdoutTail, stderrTail,
+ * durationMs}` surface on VerificationFinding so the RuntimeProbeCheck can
+ * lift ProbeResult fields into a finding with minimal translation.
+ *
+ * `outcome` disambiguates the three terminal states the check cares about:
+ *
+ * - `pass`:    command exited 0 within its timeout.
+ * - `fail`:    command exited non-zero within its timeout.
+ * - `timeout`: probe exceeded its timeout and was killed. `exitCode` is
+ *              undefined (the process never reported one).
+ */
+export interface ProbeResult {
+    outcome: 'pass' | 'fail' | 'timeout';
+    command: string;
+    exitCode?: number;
+    stdoutTail: string;
+    stderrTail: string;
+    durationMs: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/verification/probes/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/verification/probes/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,yBAAyB;;;EAA2B,CAAA;AACjE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA;AAM3E;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,QAAS,CAAA;AAE9C;uEACuE;AACvE,eAAO,MAAM,gBAAgB,QAAW,CAAA;AAExC;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;iBAW7B,CAAA;AAEF,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAA;AAE7D,oEAAoE;AACpE,eAAO,MAAM,sBAAsB;;;;;;;;;kBAA8B,CAAA;AAMjE;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,MAAM,uBAAuB,GAC/B;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,GAClB;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,YAAY,EAAE,CAAA;CAAE,GAC1C;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAA;AAMtC;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;IACpC,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;CACnB"}

package/dist/verification/probes/types.js

@@ -0,0 +1,68 @@
+/**
+ * Runtime probe types — Epic 55 / Phase 2.
+ *
+ * A "runtime probe" is an author-declared executable command that the
+ * verification pipeline runs against a real or ephemeral target environment
+ * to answer the question "does the artifact this story produced actually
+ * work?". Runtime probes exist specifically to catch the class of bugs that
+ * static shape-gates (phantom-review, trivial-output, ac-evidence, build)
+ * cannot — runtime misconfiguration, wrong image paths, systemd semantics,
+ * credential issues, and so on.
+ *
+ * This file defines the data shape; parsing lives in ./parser.ts, execution
+ * lives in ./executor.ts, and the VerificationCheck implementation lives in
+ * ../checks/runtime-probe-check.ts.
+ */
+import { z } from 'zod';
+// ---------------------------------------------------------------------------
+// Sandbox — where the probe runs
+// ---------------------------------------------------------------------------
+/**
+ * Execution sandbox for a runtime probe.
+ *
+ * - `host`: probe runs directly on the operator's machine. Explicit opt-in.
+ *   Cheapest; most dangerous. Authors choosing `host` acknowledge the probe
+ *   may touch host state (ports, systemd units, filesystem) and take
+ *   responsibility for cleanup.
+ * - `twin`: probe runs inside an ephemeral sandbox brokered by the Digital
+ *   Twin subsystem (Epic 47). Twin integration is **deferred to Phase 3** —
+ *   probes with `sandbox: twin` currently emit a `probe-deferred` warn
+ *   finding rather than executing. Authors can declare twin-scoped probes
+ *   today and they will execute transparently once Phase 3 lands.
+ */
+export const RuntimeProbeSandboxSchema = z.enum(['host', 'twin']);
+// ---------------------------------------------------------------------------
+// RuntimeProbe — one author-declared probe
+// ---------------------------------------------------------------------------
+/**
+ * Default per-probe timeout in milliseconds. Matches the existing
+ * BuildCheck ceiling (60 s) — deliberate, so probe timeouts are bounded
+ * by the same policy the pipeline already uses for long-running checks.
+ */
+export const DEFAULT_PROBE_TIMEOUT_MS = 60_000;
+/** Hard upper bound on per-probe stdout/stderr retention (≤ 4 KiB — the
+ *  same convention as VerificationFinding.{stdoutTail,stderrTail}). */
+export const PROBE_TAIL_BYTES = 4 * 1024;
+/**
+ * Zod schema for one runtime probe declared in a story's
+ * `## Runtime Probes` section.
+ *
+ * Required fields (`name`, `sandbox`, `command`) force authors to make
+ * intent explicit — no silent defaults that could mask a miswritten probe.
+ * Optional fields cover operational knobs with sensible fallbacks.
+ */
+export const RuntimeProbeSchema = z.object({
+    /** Stable, unique-within-story identifier used in finding messages and logs. */
+    name: z.string().min(1, 'probe name is required'),
+    /** Where the probe runs. See RuntimeProbeSandboxSchema. */
+    sandbox: RuntimeProbeSandboxSchema,
+    /** Shell command line(s). Passed to a detached `sh -c` wrapper on host execution. */
+    command: z.string().min(1, 'probe command is required'),
+    /** Optional per-probe timeout in ms. Defaults to DEFAULT_PROBE_TIMEOUT_MS. */
+    timeout_ms: z.number().int().positive().optional(),
+    /** Optional human-readable description. Surfaced in finding messages. */
+    description: z.string().optional(),
+});
+/** Zod schema for the full list (wrapping the per-probe schema). */
+export const RuntimeProbeListSchema = z.array(RuntimeProbeSchema);
+//# sourceMappingURL=types.js.map

package/dist/verification/probes/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/verification/probes/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,8EAA8E;AAC9E,iCAAiC;AACjC,8EAA8E;AAE9E;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;AAGjE,8EAA8E;AAC9E,2CAA2C;AAC3C,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,MAAM,CAAA;AAE9C;uEACuE;AACvE,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAG,IAAI,CAAA;AAExC;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,gFAAgF;IAChF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACjD,2DAA2D;IAC3D,OAAO,EAAE,yBAAyB;IAClC,qFAAqF;IACrF,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,2BAA2B,CAAC;IACvD,8EAA8E;IAC9E,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAClD,yEAAyE;IACzE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAA;AAIF,oEAAoE;AACpE,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAA"}

package/dist/verification/verification-pipeline.d.ts

@@ -52,11 +52,13 @@ export declare class VerificationPipeline {
 /**
  * Create a VerificationPipeline pre-loaded with the canonical check set.
  *
- * Canonical Tier A check order (architecture section 3.5):
+ * Canonical Tier A check order:
  *   1. PhantomReviewCheck — story 51-2  (runs first: unreviewed stories skipped)
  *   2. TrivialOutputCheck — story 51-3
  *   3. AcceptanceCriteriaEvidenceCheck
  *   4. BuildCheck         — story 51-4
+ *   5. RuntimeProbeCheck  — Epic 55 Phase 2: runtime behavior gate; runs last
+ *                           in Tier A because probes may depend on built artifacts
  *
  * @param bus    Typed event bus for verification events.
  * @param config Optional config (used to forward threshold to TrivialOutputCheck).

package/dist/verification/verification-pipeline.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verification-pipeline.d.ts","sourceRoot":"","sources":["../../src/verification/verification-pipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EAEnB,mBAAmB,EACpB,MAAM,YAAY,CAAA;AAGnB,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAA;AA2BhF;;;;;;GAMG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAA2B;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA0B;IAElD;;;OAGG;gBACS,GAAG,EAAE,aAAa,CAAC,UAAU,CAAC,EAAE,MAAM,GAAE,iBAAiB,EAAO;IAO5E;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI;IAIxC;;;;;;;;;;OAUG;IACG,GAAG,CAAC,OAAO,EAAE,mBAAmB,EAAE,IAAI,GAAE,GAAG,GAAG,GAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAuD7F;AAMD;;;;;;;;;;;GAWG;AACH,wBAAgB,iCAAiC,CAC/C,GAAG,EAAE,aAAa,CAAC,UAAU,CAAC,EAC9B,MAAM,CAAC,EAAE,wBAAwB,GAChC,oBAAoB,CAQtB"}
+{"version":3,"file":"verification-pipeline.d.ts","sourceRoot":"","sources":["../../src/verification/verification-pipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EAEnB,mBAAmB,EACpB,MAAM,YAAY,CAAA;AAGnB,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAA;AA4BhF;;;;;;GAMG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAA2B;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA0B;IAElD;;;OAGG;gBACS,GAAG,EAAE,aAAa,CAAC,UAAU,CAAC,EAAE,MAAM,GAAE,iBAAiB,EAAO;IAO5E;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI;IAIxC;;;;;;;;;;OAUG;IACG,GAAG,CAAC,OAAO,EAAE,mBAAmB,EAAE,IAAI,GAAE,GAAG,GAAG,GAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAqE7F;AAMD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,iCAAiC,CAC/C,GAAG,EAAE,aAAa,CAAC,UAAU,CAAC,EAC9B,MAAM,CAAC,EAAE,wBAAwB,GAChC,oBAAoB,CAStB"}

package/dist/verification/verification-pipeline.js

@@ -14,6 +14,7 @@ import { PhantomReviewCheck } from './checks/phantom-review-check.js';
 import { TrivialOutputCheck } from './checks/trivial-output-check.js';
 import { AcceptanceCriteriaEvidenceCheck } from './checks/acceptance-criteria-evidence-check.js';
 import { BuildCheck } from './checks/build-check.js';
+import { RuntimeProbeCheck } from './checks/runtime-probe-check.js';
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -88,17 +89,31 @@ export class VerificationPipeline {
                     status: runResult.status,
                     details: runResult.details,
                     duration_ms: runResult.duration_ms,
+                    // Story 55-1/55-2: preserve the structured findings array so
+                    // downstream consumers (retry prompts, run manifest, post-run
+                    // analysis) see each issue as its own addressable record.
+                    ...(runResult.findings !== undefined ? { findings: runResult.findings } : {}),
                 };
             }
             catch (err) {
                 const elapsed = Date.now() - checkStart;
                 const message = err instanceof Error ? err.message : String(err);
                 process.stderr.write(`[verification-pipeline] check "${check.name}" threw an unhandled exception: ${message}\n`);
+                // Synthesize a structured finding for the thrown error so the
+                // retry-prompt injector has something to render. Matches the
+                // behavior of the check-level migrations in story 55-2.
                 result = {
                     checkName: check.name,
                     status: 'warn',
                     details: message,
                     duration_ms: elapsed,
+                    findings: [
+                        {
+                            category: 'check-exception',
+                            severity: 'warn',
+                            message,
+                        },
+                    ],
                 };
             }
             checkResults.push(result);
@@ -128,11 +143,13 @@ export class VerificationPipeline {
 /**
  * Create a VerificationPipeline pre-loaded with the canonical check set.
  *
- * Canonical Tier A check order (architecture section 3.5):
+ * Canonical Tier A check order:
  *   1. PhantomReviewCheck — story 51-2  (runs first: unreviewed stories skipped)
  *   2. TrivialOutputCheck — story 51-3
  *   3. AcceptanceCriteriaEvidenceCheck
  *   4. BuildCheck         — story 51-4
+ *   5. RuntimeProbeCheck  — Epic 55 Phase 2: runtime behavior gate; runs last
+ *                           in Tier A because probes may depend on built artifacts
  *
  * @param bus    Typed event bus for verification events.
  * @param config Optional config (used to forward threshold to TrivialOutputCheck).
@@ -142,7 +159,8 @@ export function createDefaultVerificationPipeline(bus, config) {
         new PhantomReviewCheck(),
         new TrivialOutputCheck(config),
         new AcceptanceCriteriaEvidenceCheck(),
-        new BuildCheck(), // story 51-4: runs last in Tier A (expensive, 60s worst-case)
+        new BuildCheck(), // story 51-4: runs late in Tier A (expensive, 60s worst-case)
+        new RuntimeProbeCheck(), // Epic 55 Phase 2: runtime behavior verification
     ];
     return new VerificationPipeline(bus, checks);
 }

package/dist/verification/verification-pipeline.js.map

@@ -1 +1 @@
-{"version":3,"file":"verification-pipeline.js","sourceRoot":"","sources":["../../src/verification/verification-pipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAUH,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AAErE,OAAO,EAAE,+BAA+B,EAAE,MAAM,gDAAgD,CAAA;AAChG,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAEpD,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,eAAe,CACtB,MAAiC;IAEjC,IAAI,MAAM,GAA6B,MAAM,CAAA;IAC7C,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,MAAM,CAAA;QACtC,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM;YAAE,MAAM,GAAG,MAAM,CAAA;IAC1C,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,OAAO,oBAAoB;IACd,IAAI,CAA2B;IAC/B,OAAO,GAAwB,EAAE,CAAA;IAElD;;;OAGG;IACH,YAAY,GAA8B,EAAE,SAA8B,EAAE;QAC1E,IAAI,CAAC,IAAI,GAAG,GAAG,CAAA;QACf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QACtB,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,QAAQ,CAAC,KAAwB;QAC/B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,GAAG,CAAC,OAA4B,EAAE,OAAkB,GAAG;QAC3D,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAA;QAC1D,MAAM,YAAY,GAA8B,EAAE,CAAA;QAElD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YAC7B,IAAI,MAA+B,CAAA;YAEnC,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;gBAC1C,MAAM,GAAG;oBACP,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,MAAM,EAAE,SAAS,CAAC,MAAM;oBACxB,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,WAAW,EAAE,SAAS,CAAC,WAAW;iBACnC,CAAA;YACH,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAA;gBACvC,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kCAAkC,KAAK,CAAC,IAAI,mCAAmC,OAAO,IAAI,CAC3F,CAAA;gBACD,MAAM,GAAG;oBACP,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,OAAO;oBAChB,WAAW,EAAE,OAAO;iBACrB,CAAA;YACH,CAAC;YAED,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAEzB,yDAAyD;YACzD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC5C,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,WAAW,EAAE,MAAM,CAAC,WAAW;aAChC,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,OAAO,GAAwB;YACnC,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,eAAe,CAAC,YAAY,CAAC;YACrC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa;SACxC,CAAA;QAED,0DAA0D;QAC1D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE,OAAO,CAAC,CAAA;QAEtD,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAED,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iCAAiC,CAC/C,GAA8B,EAC9B,MAAiC;IAEjC,MAAM,MAAM,GAAwB;QAClC,IAAI,kBAAkB,EAAE;QACxB,IAAI,kBAAkB,CAAC,MAAM,CAAC;QAC9B,IAAI,+BAA+B,EAAE;QACrC,IAAI,UAAU,EAAE,EAAE,8DAA8D;KACjF,CAAA;IACD,OAAO,IAAI,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;AAC9C,CAAC"}
+{"version":3,"file":"verification-pipeline.js","sourceRoot":"","sources":["../../src/verification/verification-pipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAUH,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AAErE,OAAO,EAAE,+BAA+B,EAAE,MAAM,gDAAgD,CAAA;AAChG,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AAEnE,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,eAAe,CACtB,MAAiC;IAEjC,IAAI,MAAM,GAA6B,MAAM,CAAA;IAC7C,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,MAAM,CAAA;QACtC,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM;YAAE,MAAM,GAAG,MAAM,CAAA;IAC1C,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,OAAO,oBAAoB;IACd,IAAI,CAA2B;IAC/B,OAAO,GAAwB,EAAE,CAAA;IAElD;;;OAGG;IACH,YAAY,GAA8B,EAAE,SAA8B,EAAE;QAC1E,IAAI,CAAC,IAAI,GAAG,GAAG,CAAA;QACf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QACtB,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,QAAQ,CAAC,KAAwB;QAC/B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,GAAG,CAAC,OAA4B,EAAE,OAAkB,GAAG;QAC3D,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAA;QAC1D,MAAM,YAAY,GAA8B,EAAE,CAAA;QAElD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YAC7B,IAAI,MAA+B,CAAA;YAEnC,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;gBAC1C,MAAM,GAAG;oBACP,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,MAAM,EAAE,SAAS,CAAC,MAAM;oBACxB,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,WAAW,EAAE,SAAS,CAAC,WAAW;oBAClC,6DAA6D;oBAC7D,8DAA8D;oBAC9D,0DAA0D;oBAC1D,GAAG,CAAC,SAAS,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC9E,CAAA;YACH,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAA;gBACvC,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kCAAkC,KAAK,CAAC,IAAI,mCAAmC,OAAO,IAAI,CAC3F,CAAA;gBACD,8DAA8D;gBAC9D,6DAA6D;gBAC7D,wDAAwD;gBACxD,MAAM,GAAG;oBACP,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,OAAO;oBAChB,WAAW,EAAE,OAAO;oBACpB,QAAQ,EAAE;wBACR;4BACE,QAAQ,EAAE,iBAAiB;4BAC3B,QAAQ,EAAE,MAAM;4BAChB,OAAO;yBACR;qBACF;iBACF,CAAA;YACH,CAAC;YAED,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAEzB,yDAAyD;YACzD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC5C,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,WAAW,EAAE,MAAM,CAAC,WAAW;aAChC,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,OAAO,GAAwB;YACnC,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,eAAe,CAAC,YAAY,CAAC;YACrC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa;SACxC,CAAA;QAED,0DAA0D;QAC1D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE,OAAO,CAAC,CAAA;QAEtD,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAED,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iCAAiC,CAC/C,GAA8B,EAC9B,MAAiC;IAEjC,MAAM,MAAM,GAAwB;QAClC,IAAI,kBAAkB,EAAE;QACxB,IAAI,kBAAkB,CAAC,MAAM,CAAC;QAC9B,IAAI,+BAA+B,EAAE;QACrC,IAAI,UAAU,EAAE,EAAE,8DAA8D;QAChF,IAAI,iBAAiB,EAAE,EAAE,iDAAiD;KAC3E,CAAA;IACD,OAAO,IAAI,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;AAC9C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@substrate-ai/sdlc",
-  "version": "0.20.4",
+  "version": "0.20.5",
   "type": "module",
   "license": "MIT",
   "repository": {
@@ -24,8 +24,11 @@
     "node": ">=22.0.0"
   },
   "dependencies": {
-    "@substrate-ai/core": "0.20.4",
+    "@substrate-ai/core": "0.20.5",
+    "js-yaml": "^4.1.1",
     "zod": "^4.3.6"
   },
-  "devDependencies": {}
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9"
+  }
 }