@trac3er/oh-my-god 2.0.8 → 2.0.9

package/build/lib/runtime/claim_judge.py

@@ -1,15 +1,68 @@
 from __future__ import annotations
 
+import json
+from pathlib import Path
 from typing import Any
 
+from runtime import artifact_parsers
+from runtime.evidence_query import get_evidence_pack
+
+
+def judge_claims(project_dir: str, claims: list[dict[str, Any]]) -> dict[str, Any]:
+    root = Path(project_dir)
+    evidence_dir = root / ".omg" / "evidence"
+    evidence_dir.mkdir(parents=True, exist_ok=True)
+
+    results: list[dict[str, Any]] = []
+    aggregate_tokens: list[str] = []
+
+    for index, claim in enumerate(claims):
+        run_id = str(claim.get("run_id", "")).strip()
+        resolved_claim = dict(claim)
+
+        if run_id:
+            evidence_pack = get_evidence_pack(project_dir, run_id)
+            trace_ids: list[str] = []
+            if isinstance(evidence_pack, dict):
+                trace_ids = _as_non_empty_str_list(evidence_pack.get("trace_ids"))
+            resolved_claim = {
+                **claim,
+                "artifacts": [f".omg/evidence/{run_id}.json"],
+                "trace_ids": trace_ids,
+            }
+
+        result = judge_claim(resolved_claim)
+        result_with_run = {**result, "run_id": run_id}
+        results.append(result_with_run)
+        aggregate_tokens.append(str(result.get("verdict", "")).strip().lower())
+
+        artifact_run_id = run_id or f"unknown-{index + 1}"
+        artifact_path = evidence_dir / f"claim-judge-{_sanitize_run_id(artifact_run_id)}.json"
+        artifact_payload = {
+            "schema": "ClaimJudgeResult",
+            "run_id": run_id,
+            "claim": claim,
+            "result": result,
+        }
+        artifact_path.write_text(json.dumps(artifact_payload, indent=2, sort_keys=True), encoding="utf-8")
+
+    verdict = "pass"
+    if any(token == "fail" for token in aggregate_tokens):
+        verdict = "fail"
+    elif any(token == "block" for token in aggregate_tokens):
+        verdict = "insufficient"
+
+    return {"schema": "ClaimJudgeResults", "verdict": verdict, "results": results}
+
 
 def judge_claim(claim: dict[str, Any]) -> dict[str, Any]:
-    claim_type = str(claim.get("claim_type", "")).strip()
-    subject = str(claim.get("subject", "")).strip()
-    artifacts = _as_non_empty_str_list(claim.get("artifacts"))
-    trace_ids = _as_non_empty_str_list(claim.get("trace_ids"))
-    security_scans = claim.get("security_scans")
-    browser_evidence = claim.get("browser_evidence")
+    normalized_claim = _normalize_claim(claim)
+    claim_type = str(normalized_claim.get("claim_type", "")).strip()
+    subject = str(normalized_claim.get("subject", "")).strip()
+    artifacts = _as_non_empty_str_list(normalized_claim.get("artifacts"))
+    trace_ids = _as_non_empty_str_list(normalized_claim.get("trace_ids"))
+    security_scans = normalized_claim.get("security_scans")
+    browser_evidence = normalized_claim.get("browser_evidence")
 
     reasons: list[dict[str, Any]] = []
 
@@ -49,6 +102,22 @@ def judge_claim(claim: dict[str, Any]) -> dict[str, Any]:
             }
         )
 
+    raw_artifacts = _extract_artifact_dicts(claim)
+    project_dir = str(claim.get("project_dir", "."))
+    for artifact in raw_artifacts:
+        parse_result = parse_artifact_content(artifact=artifact, project_dir=project_dir)
+        if parse_result.get("parsed"):
+            continue
+        kind = str(parse_result.get("kind", "artifact")).strip().lower() or "artifact"
+        error = str(parse_result.get("error", "parse_error")).strip() or "parse_error"
+        reasons.append(
+            {
+                "code": f"artifact_parse_failed_{kind}",
+                "message": f"Artifact content parse failed for {kind}: {error}",
+                "field": "evidence.artifacts",
+            }
+        )
+
     hard_fail_codes = {"missing_artifacts", "missing_trace_ids"}
     if any(reason.get("code") in hard_fail_codes for reason in reasons):
         verdict = "fail"
@@ -66,19 +135,105 @@ def judge_claim(claim: dict[str, Any]) -> dict[str, Any]:
         "evidence": {
             "artifacts": artifacts,
             "trace_ids": trace_ids,
-            "lineage": claim.get("lineage") if isinstance(claim.get("lineage"), dict) else {},
+            "lineage": normalized_claim.get("lineage") if isinstance(normalized_claim.get("lineage"), dict) else {},
             "security_scans": security_scans if isinstance(security_scans, list) else [],
             "browser_evidence": browser_evidence if isinstance(browser_evidence, list) else [],
         },
     }
 
 
+def _normalize_claim(claim: dict[str, Any]) -> dict[str, Any]:
+    evidence = _as_dict(claim.get("evidence"))
+    artifact_refs = _as_non_empty_str_list(claim.get("artifacts"))
+    artifact_refs.extend(_normalize_artifact_records(evidence.get("artifacts")))
+
+    trace_ids = _as_non_empty_str_list(evidence.get("trace_ids"))
+    if not trace_ids:
+        trace_ids = _as_non_empty_str_list(claim.get("trace_ids"))
+
+    claim_lineage = claim.get("lineage")
+    lineage = claim_lineage if isinstance(claim_lineage, dict) else _as_dict(evidence.get("lineage"))
+
+    claim_security_scans = claim.get("security_scans")
+    security_scans = claim_security_scans if isinstance(claim_security_scans, list) else _as_non_empty_dict_list(evidence.get("security_scans"))
+
+    claim_browser_evidence = claim.get("browser_evidence")
+    browser_evidence = claim_browser_evidence if isinstance(claim_browser_evidence, list) else _as_non_empty_dict_list(evidence.get("browser_evidence"))
+
+    return {
+        "schema_version": claim.get("schema_version", 1),
+        "claim_type": claim.get("claim_type", ""),
+        "subject": claim.get("subject", ""),
+        "artifacts": artifact_refs,
+        "trace_ids": trace_ids,
+        "lineage": lineage,
+        "security_scans": security_scans,
+        "browser_evidence": browser_evidence,
+    }
+
+
+def _normalize_artifact_records(value: Any) -> list[str]:
+    if not isinstance(value, list):
+        return []
+
+    refs: list[str] = []
+    for item in value:
+        if isinstance(item, str):
+            cleaned = item.strip()
+            if cleaned:
+                refs.append(cleaned)
+            continue
+        if not isinstance(item, dict):
+            continue
+        for field in ("kind", "path", "sha256", "parser", "summary", "trace_id"):
+            field_value = str(item.get(field, "")).strip()
+            if not field_value:
+                raise ValueError(f"claim_artifact_missing_{field}")
+        refs.append(str(item.get("path", "")).strip())
+    return refs
+
+
+def parse_artifact_content(artifact: dict[str, Any], project_dir: str) -> dict[str, Any]:
+    kind = str(artifact.get("kind", "")).strip().lower()
+    path_value = str(artifact.get("path", "")).strip()
+    if not kind or not path_value:
+        return {"parsed": False, "kind": kind or "unknown", "summary": {}, "error": "missing_kind_or_path"}
+
+    parser = _PARSERS.get(kind)
+    if parser is None:
+        return {"parsed": False, "kind": kind, "summary": {}, "error": "unsupported_artifact_kind"}
+
+    file_path = Path(path_value)
+    if not file_path.is_absolute():
+        file_path = Path(project_dir) / file_path
+
+    parsed = parser(str(file_path))
+    return {
+        "parsed": bool(parsed.get("valid")),
+        "kind": kind,
+        "summary": parsed.get("summary", {}),
+        "error": parsed.get("error"),
+    }
+
+
 def _as_non_empty_str_list(value: Any) -> list[str]:
     if not isinstance(value, list):
         return []
     return [str(item).strip() for item in value if str(item).strip()]
 
 
+def _as_non_empty_dict_list(value: Any) -> list[dict[str, Any]]:
+    if not isinstance(value, list):
+        return []
+    return [item for item in value if isinstance(item, dict)]
+
+
+def _as_dict(value: Any) -> dict[str, Any]:
+    if not isinstance(value, dict):
+        return {}
+    return value
+
+
 def _has_failed_scan(value: Any) -> bool:
     if not isinstance(value, list):
         return False
@@ -93,3 +248,25 @@ def _has_failed_scan(value: Any) -> bool:
         if isinstance(unresolved_risks, list) and unresolved_risks:
             return True
     return False
+
+
+def _extract_artifact_dicts(claim: dict[str, Any]) -> list[dict[str, Any]]:
+    evidence = _as_dict(claim.get("evidence"))
+    raw_artifacts = evidence.get("artifacts")
+    if not isinstance(raw_artifacts, list):
+        return []
+    return [item for item in raw_artifacts if isinstance(item, dict)]
+
+
+_PARSERS: dict[str, Any] = {
+    "junit": artifact_parsers.parse_junit,
+    "sarif": artifact_parsers.parse_sarif,
+    "coverage": artifact_parsers.parse_coverage,
+    "browser_trace": artifact_parsers.parse_browser_trace,
+    "diff_hunk": artifact_parsers.parse_diff_hunk,
+}
+
+
+def _sanitize_run_id(value: str) -> str:
+    cleaned = "".join(ch if ch.isalnum() or ch in {"-", "_", "."} else "-" for ch in value.strip())
+    return cleaned or "unknown"

package/build/lib/runtime/contract_compiler.py

@@ -19,6 +19,7 @@ import zipfile
 import yaml
 
 from runtime.asset_loader import resolve_asset, resolve_assets
+from runtime.proof_chain import _normalize_evidence_pack
 from runtime.adoption import (
     CANONICAL_MARKETPLACE_ID,
     CANONICAL_PACKAGE_NAME,
@@ -31,7 +32,7 @@ from runtime.adoption import (
 CONTRACT_DOC_PATH = Path("OMG_COMPAT_CONTRACT.md")
 SCHEMA_PATH = Path("registry") / "omg-capability.schema.json"
 BUNDLES_DIR = Path("registry") / "bundles"
-SUPPORTED_HOSTS = ("claude", "codex")
+SUPPORTED_HOSTS = ("claude", "codex", "gemini", "kimi")
 SUPPORTED_CHANNELS = ("public", "enterprise")
 DEFAULT_REQUIRED_BUNDLES = (
     "control-plane",
@@ -120,6 +121,25 @@ REQUIRED_CODEX_OUTPUTS = (
     "codex-rules.md",
     "codex-mcp.toml",
 )
+HOST_COMPILED_ARTIFACTS = {
+    "claude": (
+        ".claude-plugin/plugin.json",
+        ".claude-plugin/marketplace.json",
+        ".mcp.json",
+        "settings.json",
+    ),
+    "codex": (
+        ".agents/skills/omg/AGENTS.fragment.md",
+        ".agents/skills/omg/codex-rules.md",
+        ".agents/skills/omg/codex-mcp.toml",
+    ),
+    "gemini": (
+        ".gemini/settings.json",
+    ),
+    "kimi": (
+        ".kimi/mcp.json",
+    ),
+}
 
 
 def _ensure_list(
@@ -170,7 +190,12 @@ def _validate_host_rule(
         )
 
 
-def _validate_policy_model(bundle_id: str, policy_model: Any) -> list[str]:
+def _validate_policy_model(
+    bundle_id: str,
+    policy_model: Any,
+    *,
+    bundle_hosts: Iterable[str] = (),
+) -> list[str]:
     errors: list[str] = []
     payload = _ensure_dict(bundle_id=bundle_id, path="policy_model", value=policy_model, errors=errors)
     if not payload:
@@ -289,6 +314,8 @@ def _validate_policy_model(bundle_id: str, policy_model: Any) -> list[str]:
         value=payload.get("host_rules", {}),
         errors=errors,
     )
+    declared_hosts = {str(host).strip() for host in bundle_hosts if str(host).strip()}
+
     _validate_host_rule(
         bundle_id=bundle_id,
         host_name="claude",
@@ -303,6 +330,15 @@ def _validate_policy_model(bundle_id: str, policy_model: Any) -> list[str]:
         required_fields=("compilation_targets", "skills", "agents_fragments", "rules", "automations"),
         errors=errors,
     )
+    for host_name in ("gemini", "kimi"):
+        if host_name in host_rules or host_name in declared_hosts:
+            _validate_host_rule(
+                bundle_id=bundle_id,
+                host_name=host_name,
+                host_rule=host_rules.get(host_name),
+                required_fields=("compilation_targets", "mcp", "skills", "automations"),
+                errors=errors,
+            )
     return errors
 
 
@@ -461,7 +497,7 @@ def validate_contract_registry(root_dir: str | Path | None = None) -> dict[str,
             if bad_hosts:
                 errors.append(f"{bundle_id}: unsupported hosts {bad_hosts}")
         if "policy_model" in bundle:
-            errors.extend(_validate_policy_model(bundle_id, bundle.get("policy_model")))
+            errors.extend(_validate_policy_model(bundle_id, bundle.get("policy_model"), bundle_hosts=hosts))
 
     missing_bundles = [bundle_id for bundle_id in DEFAULT_REQUIRED_BUNDLES if bundle_id not in bundle_ids]
     for bundle_id in missing_bundles:
@@ -1145,6 +1181,34 @@ def _compile_codex_outputs(
     return artifacts
 
 
+def _compile_gemini_outputs(output_root: Path, channel: str) -> dict[str, Any]:
+    del channel
+    from runtime.mcp_config_writers import write_gemini_mcp_stdio_config
+
+    config_path = output_root / ".gemini" / "settings.json"
+    write_gemini_mcp_stdio_config(
+        command="python3",
+        args=["-m", "runtime.omg_mcp_server"],
+        server_name="omg-control",
+        config_path=config_path,
+    )
+    return {"host": "gemini", "artifacts": [config_path]}
+
+
+def _compile_kimi_outputs(output_root: Path, channel: str) -> dict[str, Any]:
+    del channel
+    from runtime.mcp_config_writers import write_kimi_mcp_stdio_config
+
+    config_path = output_root / ".kimi" / "mcp.json"
+    write_kimi_mcp_stdio_config(
+        command="python3",
+        args=["-m", "runtime.omg_mcp_server"],
+        server_name="omg-control",
+        config_path=config_path,
+    )
+    return {"host": "kimi", "artifacts": [config_path]}
+
+
 def _copy_release_bundle(
     *,
     output_root: Path,
@@ -1164,11 +1228,12 @@ def _copy_release_bundle(
     return copied
 
 
-def _build_dist_manifest(output_root: Path, *, channel: str, artifacts: list[Path]) -> Path:
+def _build_dist_manifest(output_root: Path, *, channel: str, hosts: list[str], artifacts: list[Path]) -> Path:
     dist_root = output_root / "dist" / channel
     payload = {
         "schema": "OmgCompiledArtifactManifest",
         "channel": channel,
+        "hosts": list(hosts),
         "contract_version": CANONICAL_VERSION,
         "artifacts": [
             {
@@ -1269,8 +1334,14 @@ def compile_contract_outputs(
                 "artifacts": [],
             }
 
+    if "gemini" in selected_hosts:
+        artifacts.extend(_compile_gemini_outputs(output, channel)["artifacts"])
+
+    if "kimi" in selected_hosts:
+        artifacts.extend(_compile_kimi_outputs(output, channel)["artifacts"])
+
     bundled_artifacts = _copy_release_bundle(output_root=output, channel=channel, artifacts=artifacts)
-    manifest_path = _build_dist_manifest(output, channel=channel, artifacts=bundled_artifacts)
+    manifest_path = _build_dist_manifest(output, channel=channel, hosts=selected_hosts, artifacts=bundled_artifacts)
     artifacts.append(manifest_path)
 
     return {
@@ -1291,7 +1362,7 @@ def _provider_statuses() -> dict[str, dict[str, Any]]:
     }
     statuses: dict[str, dict[str, Any]] = {}
 
-    for provider_name in ("claude", "codex"):
+    for provider_name in SUPPORTED_HOSTS:
         if provider_name in ready_override:
             statuses[provider_name] = {"ready": True, "source": "env"}
             continue
@@ -1307,10 +1378,15 @@ def _provider_statuses() -> dict[str, dict[str, Any]]:
             }
             continue
 
-        import runtime.providers.codex_provider  # noqa: F401
+        if provider_name == "gemini":
+            import runtime.providers.gemini_provider  # noqa: F401
+        elif provider_name == "kimi":
+            import runtime.providers.kimi_provider  # noqa: F401
+        else:
+            import runtime.providers.codex_provider  # noqa: F401
         from runtime.cli_provider import get_provider
 
-        provider = get_provider("codex")
+        provider = get_provider(provider_name)
         ready = bool(provider and provider.detect())
         statuses[provider_name] = {"ready": ready, "source": "provider"}
 
@@ -1557,6 +1633,12 @@ def _check_provider_host_parity(output_root: Path, providers: dict[str, dict[str
             output_root / ".agents" / "skills" / "omg" / "AGENTS.fragment.md",
             output_root / ".agents" / "skills" / "omg" / "codex-mcp.toml",
         ),
+        "gemini": (
+            output_root / ".gemini" / "settings.json",
+        ),
+        "kimi": (
+            output_root / ".kimi" / "mcp.json",
+        ),
     }
     for provider, status in providers.items():
         if not status.get("ready"):
@@ -1628,6 +1710,7 @@ def build_release_readiness(
     output = _resolve_output_root(root, output_root)
     blockers: list[str] = []
     checks: dict[str, Any] = {}
+    required_provider_hosts: set[str] = set()
 
     validation = validate_contract_registry(root)
     checks["contract_validation"] = validation
@@ -1655,6 +1738,17 @@ def build_release_readiness(
             if _sha256_file(artifact_path) != expected_sha:
                 manifest_errors.append(f"{required_channel}: sha mismatch for {rel_path}")
         manifest_paths = {str(a.get("path", "")) for a in manifest.get("artifacts", []) if isinstance(a, dict)}
+        declared_hosts = [str(host) for host in manifest.get("hosts", []) if str(host).strip()]
+        if not declared_hosts:
+            declared_hosts = ["claude", "codex"]
+        required_provider_hosts.update(declared_hosts)
+        for host_name in declared_hosts:
+            for host_path in HOST_COMPILED_ARTIFACTS.get(host_name, ()):
+                bundled_host_path = f"bundle/{host_path}"
+                if bundled_host_path not in manifest_paths:
+                    manifest_errors.append(
+                        f"{required_channel}: host_parity_missing {host_name} {bundled_host_path}"
+                    )
         for req_path in REQUIRED_ADVANCED_PLUGIN_ARTIFACTS:
             if req_path not in manifest_paths:
                 manifest_errors.append(f"{required_channel}: advanced_plugin_missing {req_path}")
@@ -1739,10 +1833,17 @@ def build_release_readiness(
     providers = _provider_statuses()
     checks["providers"] = providers
     for provider_name, status in providers.items():
+        if provider_name not in required_provider_hosts:
+            continue
         if not status.get("ready"):
             blockers.append(f"provider not ready: {provider_name}")
 
-    provider_parity = _check_provider_host_parity(output, providers)
+    required_providers = {
+        provider_name: status
+        for provider_name, status in providers.items()
+        if provider_name in required_provider_hosts
+    }
+    provider_parity = _check_provider_host_parity(output, required_providers)
     checks["provider_host_parity"] = provider_parity
     blockers.extend(provider_parity.get("blockers", []))
 
@@ -1781,6 +1882,14 @@ def _check_recent_evidence(output_root: Path) -> dict[str, Any]:
         except Exception:
             continue
         if payload.get("schema") == "EvidencePack":
+            try:
+                payload = _normalize_evidence_pack(payload)
+            except ValueError as exc:
+                return {
+                    "status": "error",
+                    "evidence_file": str(path.relative_to(output_root)),
+                    "blockers": [f"invalid evidence pack: {exc}"],
+                }
             evidence_payloads.append((path, payload))
 
     if not evidence_payloads:

package/build/lib/runtime/evidence_query.py

@@ -0,0 +1,203 @@
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import cast
+
+JsonPrimitive = str | int | float | bool | None
+JsonValue = JsonPrimitive | dict[str, "JsonValue"] | list["JsonValue"]
+JsonObject = dict[str, JsonValue]
+
+
+_EVIDENCE_DIRS = (
+    Path(".omg") / "evidence",
+    Path(".omg") / "tracebank",
+    Path(".omg") / "evals",
+    Path(".omg") / "lineage",
+    Path(".omg") / "state",
+)
+
+
+def _iter_json_files(root: Path, rel_dir: Path) -> list[Path]:
+    directory = root / rel_dir
+    if not directory.exists():
+        return []
+    return sorted(path for path in directory.glob("*.json") if path.is_file())
+
+
+def _load_json(path: Path) -> JsonObject | None:
+    try:
+        payload: object = json.loads(path.read_text(encoding="utf-8"))  # pyright: ignore[reportAny]
+    except (OSError, json.JSONDecodeError):
+        return None
+    if not isinstance(payload, dict):
+        return None
+    return cast(JsonObject, payload)
+
+
+def _read_jsonl(path: Path) -> list[JsonObject]:
+    if not path.exists():
+        return []
+    rows: list[JsonObject] = []
+    try:
+        for line in path.read_text(encoding="utf-8").splitlines():
+            line = line.strip()
+            if not line:
+                continue
+            try:
+                item: object = json.loads(line)  # pyright: ignore[reportAny]
+            except json.JSONDecodeError:
+                continue
+            if isinstance(item, dict):
+                rows.append(cast(JsonObject, item))
+    except OSError:
+        return []
+    return rows
+
+
+def _record_string(record: JsonObject, key: str) -> str:
+    value = record.get(key)
+    return value if isinstance(value, str) else ""
+
+
+def _record_string_list(record: JsonObject, key: str) -> list[str]:
+    value = record.get(key)
+    if not isinstance(value, list):
+        return []
+    return [item for item in value if isinstance(item, str)]
+
+
+def _record_matches(
+    record: JsonObject,
+    *,
+    run_id: str | None,
+    trace_id: str | None,
+    schema: str | None,
+    kind: str | None,
+) -> bool:
+    if run_id is not None and _record_string(record, "run_id") != run_id:
+        return False
+    if trace_id is not None:
+        direct_trace_id = _record_string(record, "trace_id")
+        trace_ids = _record_string_list(record, "trace_ids")
+        if direct_trace_id != trace_id and trace_id not in trace_ids:
+            return False
+    if schema is not None and _record_string(record, "schema") != schema:
+        return False
+    if kind is not None:
+        direct_kind = _record_string(record, "kind")
+        artifacts = record.get("artifacts")
+        artifact_kinds: list[str] = []
+        if isinstance(artifacts, list):
+            for item in artifacts:
+                if isinstance(item, dict):
+                    item_kind = item.get("kind")
+                    if isinstance(item_kind, str):
+                        artifact_kinds.append(item_kind)
+        if direct_kind != kind and kind not in artifact_kinds:
+            return False
+    return True
+
+
+def get_evidence_pack(project_dir: str, run_id: str) -> JsonObject | None:
+    root = Path(project_dir)
+    evidence_files = _iter_json_files(root, Path(".omg") / "evidence")
+    for path in evidence_files:
+        payload = _load_json(path)
+        if payload is None:
+            continue
+        if payload.get("schema") != "EvidencePack":
+            continue
+        if _record_string(payload, "run_id") == run_id:
+            return payload
+    return None
+
+
+def query_evidence(
+    project_dir: str,
+    *,
+    run_id: str | None = None,
+    trace_id: str | None = None,
+    schema: str | None = None,
+    kind: str | None = None,
+) -> list[JsonObject]:
+    root = Path(project_dir)
+    records: list[JsonObject] = []
+
+    for rel_dir in _EVIDENCE_DIRS:
+        for path in _iter_json_files(root, rel_dir):
+            payload = _load_json(path)
+            if payload is None:
+                continue
+            if _record_matches(
+                payload,
+                run_id=run_id,
+                trace_id=trace_id,
+                schema=schema,
+                kind=kind,
+            ):
+                records.append(payload)
+
+        for row in _read_jsonl(root / rel_dir / "events.jsonl"):
+            if _record_matches(
+                row,
+                run_id=run_id,
+                trace_id=trace_id,
+                schema=schema,
+                kind=kind,
+            ):
+                records.append(row)
+
+    return records
+
+
+def list_evidence_packs(project_dir: str) -> list[JsonObject]:
+    root = Path(project_dir)
+    evidence_files = _iter_json_files(root, Path(".omg") / "evidence")
+    payloads: list[tuple[float, JsonObject]] = []
+
+    for path in evidence_files:
+        payload = _load_json(path)
+        if payload is None or payload.get("schema") != "EvidencePack":
+            continue
+        try:
+            mtime = path.stat().st_mtime
+        except OSError:
+            mtime = 0.0
+        payloads.append((mtime, payload))
+
+    payloads.sort(key=lambda item: item[0], reverse=True)
+    return [payload for _, payload in payloads]
+
+
+def get_trace(project_dir: str, trace_id: str) -> JsonObject | None:
+    trace_rows = _read_jsonl(Path(project_dir) / ".omg" / "tracebank" / "events.jsonl")
+    for row in trace_rows:
+        if _record_string(row, "trace_id") == trace_id:
+            return row
+    return None
+
+
+def get_eval(project_dir: str) -> JsonObject | None:
+    return _load_json(Path(project_dir) / ".omg" / "evals" / "latest.json")
+
+
+def get_lineage(project_dir: str, lineage_id: str) -> JsonObject | None:
+    root = Path(project_dir)
+    lineage_files = _iter_json_files(root, Path(".omg") / "lineage")
+    for path in lineage_files:
+        payload = _load_json(path)
+        if payload is None:
+            continue
+        if _record_string(payload, "lineage_id") == lineage_id:
+            return payload
+    return None
+
+
+def get_verification_state(project_dir: str) -> JsonObject | None:
+    payload = _load_json(Path(project_dir) / ".omg" / "state" / "background-verification.json")
+    if payload is None:
+        return None
+    if payload.get("schema") != "BackgroundVerificationState":
+        return None
+    return payload