mustflow 2.22.5 → 2.22.9

package/dist/cli/commands/verify.js

@@ -1,8 +1,8 @@
 import { createHash } from 'node:crypto';
 import path from 'node:path';
-import { createClassifyOutput } from './classify.js';
 import { runRun } from './run.js';
 import { createChangeVerificationReport, } from '../../core/change-verification.js';
+import { createCorrelationId } from '../../core/correlation-id.js';
 import { readUtf8FileInsideWithoutSymlinks, writeJsonFileInsideWithoutSymlinks } from '../../core/safe-filesystem.js';
 import { createVerifyCompletionVerdict, } from '../../core/completion-verdict.js';
 import { createStateRunId } from '../../core/atomic-state-write.js';
@@ -15,10 +15,13 @@ import { countValidationRatchetVerdictEffects, createValidationRatchetRisks, } f
 import { finishRunWriteBatchTracking, startRunWriteBatchTracking, } from '../../core/run-write-drift.js';
 import { readCommandContract } from '../../core/config-loading.js';
 import { DEFAULT_VERIFY_PARALLELISM, parseVerifyArgs, resolveVerifyParallelism, } from './verify/args.js';
+import { createInputFromChanged, createSyntheticClassificationReport, planErrorMessageKey, readInputFromClassificationReport, resolveVerifyInputPath, writeChangedPlan, } from './verify/input.js';
+import { readExternalEvidenceFile, readReproEvidenceFile } from './verify/evidence-input.js';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { t } from '../lib/i18n.js';
 import { readLocalCommandEffectGraphs, readLocalPathSurfaces, readLocalSourceAnchorVerdictRisks, } from '../lib/local-index.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
+export { planErrorMessageKey, readInputFromClassificationReport } from './verify/input.js';
 const VERIFY_SCHEMA_VERSION = '1';
 const RUN_STATE_DIR = path.join('.mustflow', 'state', 'runs');
 const LATEST_RUN_RECEIPT_PATH = path.join(RUN_STATE_DIR, 'latest.json');
@@ -96,474 +99,6 @@ function sanitizeIntentFilePart(value) {
     const sanitized = value.replace(/[^A-Za-z0-9._-]+/g, '_').replace(/^_+|_+$/g, '');
     return sanitized.length > 0 ? sanitized.slice(0, 80) : 'intent';
 }
-function readStringArray(value) {
-    if (!Array.isArray(value)) {
-        return [];
-    }
-    return value.filter((item) => typeof item === 'string');
-}
-function isStringArray(value) {
-    return Array.isArray(value) && value.every((item) => typeof item === 'string');
-}
-function isPlainRecord(value) {
-    return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
-}
-function isUpdatePolicy(value) {
-    return value === 'update' || value === 'update_or_mark_stale' || value === 'not_applicable';
-}
-function isUpdatePolicyArray(value) {
-    return Array.isArray(value) && value.every((item) => isUpdatePolicy(item));
-}
-function readPlanRoot(value) {
-    if (!isPlainRecord(value)) {
-        return null;
-    }
-    const root = value.mustflow_root;
-    return typeof root === 'string' && root.length > 0 ? root : null;
-}
-function readStrictClassificationSummary(value) {
-    if (!isPlainRecord(value)) {
-        return null;
-    }
-    if (!Number.isInteger(value.fileCount) ||
-        Number(value.fileCount) < 0 ||
-        !Number.isInteger(value.publicSurfaceCount) ||
-        Number(value.publicSurfaceCount) < 0 ||
-        !isStringArray(value.changeKinds) ||
-        !isStringArray(value.validationReasons) ||
-        !isUpdatePolicyArray(value.updatePolicies) ||
-        !isStringArray(value.driftChecks) ||
-        !isStringArray(value.affectedContracts)) {
-        return null;
-    }
-    return {
-        fileCount: Number(value.fileCount),
-        publicSurfaceCount: Number(value.publicSurfaceCount),
-        changeKinds: [...value.changeKinds],
-        validationReasons: uniqueStrings(value.validationReasons),
-        updatePolicies: [...value.updatePolicies],
-        driftChecks: [...value.driftChecks],
-        affectedContracts: [...value.affectedContracts],
-    };
-}
-function readStrictClassification(value) {
-    if (!isPlainRecord(value) || typeof value.path !== 'string' || !isStringArray(value.changeKinds)) {
-        return null;
-    }
-    const surface = value.surface;
-    if (!isPlainRecord(surface)) {
-        return null;
-    }
-    if (typeof surface.kind !== 'string' ||
-        typeof surface.category !== 'string' ||
-        typeof surface.isPublicSurface !== 'boolean' ||
-        !isStringArray(surface.validationReasons) ||
-        !isStringArray(surface.affectedContracts) ||
-        !isUpdatePolicy(surface.updatePolicy) ||
-        !isStringArray(surface.driftChecks)) {
-        return null;
-    }
-    return {
-        path: value.path,
-        changeKinds: [...value.changeKinds],
-        surface: {
-            kind: surface.kind,
-            category: surface.category,
-            isPublicSurface: surface.isPublicSurface,
-            validationReasons: [...surface.validationReasons],
-            affectedContracts: [...surface.affectedContracts],
-            updatePolicy: surface.updatePolicy,
-            driftChecks: [...surface.driftChecks],
-        },
-    };
-}
-function readStrictClassifications(value) {
-    if (!Array.isArray(value)) {
-        return null;
-    }
-    const classifications = value.map(readStrictClassification);
-    return classifications.every((classification) => classification !== null)
-        ? classifications
-        : null;
-}
-function readStrictClassifyPlan(projectRoot, plan) {
-    if (!isPlainRecord(plan)) {
-        throw new Error('unsupported_plan_source');
-    }
-    if (plan.schema_version !== '1' || plan.command !== 'classify') {
-        throw new Error('unsupported_plan_source');
-    }
-    if (readPlanRoot(plan) !== projectRoot) {
-        throw new Error('plan_root_mismatch');
-    }
-    const source = plan.source;
-    const files = plan.files;
-    const classifications = readStrictClassifications(plan.classifications);
-    const summary = readStrictClassificationSummary(plan.summary);
-    if ((source !== 'changed' && source !== 'paths') || !isStringArray(files) || !classifications || !summary) {
-        throw new Error('invalid_plan_file');
-    }
-    if (summary.validationReasons.length === 0) {
-        throw new Error('missing_plan_reasons');
-    }
-    return {
-        source,
-        files: [...files],
-        classifications,
-        summary,
-    };
-}
-function emptyClassificationSummary(validationReasons) {
-    return {
-        fileCount: 0,
-        publicSurfaceCount: 0,
-        changeKinds: [],
-        validationReasons,
-        updatePolicies: [],
-        driftChecks: [],
-        affectedContracts: [],
-    };
-}
-function createSyntheticClassificationReport(reasons, source = 'paths', files = []) {
-    return {
-        source,
-        files,
-        classifications: [],
-        summary: emptyClassificationSummary(reasons),
-    };
-}
-function resolvePlanPath(projectRoot, inputPath) {
-    const resolved = path.resolve(projectRoot, inputPath);
-    const relative = path.relative(projectRoot, resolved);
-    if (relative.startsWith('..') || path.isAbsolute(relative)) {
-        throw new Error('plan_path_outside_root');
-    }
-    return resolved;
-}
-function readJsonInputFile(projectRoot, inputPath, invalidCode) {
-    const inputFilePath = resolvePlanPath(projectRoot, inputPath);
-    let content;
-    try {
-        content = readUtf8FileInsideWithoutSymlinks(projectRoot, inputFilePath);
-    }
-    catch (error) {
-        if (error instanceof Error && error.message.startsWith('Path must not contain symlinks:')) {
-            throw new Error('input_path_contains_symlink');
-        }
-        throw new Error(invalidCode);
-    }
-    try {
-        return JSON.parse(content);
-    }
-    catch {
-        throw new Error(invalidCode);
-    }
-}
-export function readInputFromClassificationReport(projectRoot, inputPath) {
-    const parsed = readJsonInputFile(projectRoot, inputPath, 'invalid_plan_file');
-    const classificationReport = readStrictClassifyPlan(projectRoot, parsed);
-    return {
-        reasons: classificationReport.summary.validationReasons,
-        classificationReport,
-    };
-}
-function isExternalEvidenceStatus(value) {
-    return value === 'passed' || value === 'failed' || value === 'cancelled' || value === 'unknown';
-}
-function isLegacyReproEvidenceStatus(value) {
-    return value === 'present' || value === 'unavailable' || value === 'missing';
-}
-function isReproBeforeFixStatus(value) {
-    return value === 'reproduced' || value === 'unavailable' || value === 'missing';
-}
-function isReproBeforeFixOutcome(value) {
-    return value === 'failed_as_expected' || value === 'failed_differently' || value === 'passed_unexpectedly' || value === null;
-}
-function isReproAfterFixStatus(value) {
-    return value === 'passed' || value === 'failed' || value === 'unavailable' || value === 'missing';
-}
-function isReproAfterFixOutcome(value) {
-    return value === 'passed_expected_behavior' || value === 'failed_same_route' || value === 'failed_differently' || value === null;
-}
-function isReproRegressionGuardStatus(value) {
-    return value === 'passed' || value === 'failed' || value === 'unavailable' || value === 'missing';
-}
-function isReproRouteKind(value) {
-    return (value === 'test' ||
-        value === 'cli' ||
-        value === 'browser' ||
-        value === 'api' ||
-        value === 'manual' ||
-        value === 'unknown' ||
-        value === null);
-}
-function readOptionalString(value) {
-    return typeof value === 'string' && value.length > 0 ? value : null;
-}
-function readRouteStep(value, index) {
-    if (!isPlainRecord(value)) {
-        return {
-            ordinal: index + 1,
-            action: null,
-            target: null,
-            input_digest: null,
-            observation_digest: null,
-            summary: null,
-        };
-    }
-    const ordinal = typeof value.ordinal === 'number' && Number.isInteger(value.ordinal) && value.ordinal > 0 ? value.ordinal : index + 1;
-    return {
-        ordinal,
-        action: readOptionalString(value.action),
-        target: readOptionalString(value.target),
-        input_digest: readOptionalString(value.input_digest),
-        observation_digest: readOptionalString(value.observation_digest),
-        summary: readOptionalString(value.summary),
-    };
-}
-function readReproductionRoute(value) {
-    if (!isPlainRecord(value)) {
-        return {
-            route_id: null,
-            route_kind: null,
-            route_digest: null,
-            failure_oracle_hash: null,
-            steps: [],
-        };
-    }
-    const routeKind = value.route_kind ?? null;
-    if (!isReproRouteKind(routeKind)) {
-        throw new Error('invalid_repro_evidence_file');
-    }
-    const rawSteps = Array.isArray(value.steps) ? value.steps : [];
-    return {
-        route_id: readOptionalString(value.route_id),
-        route_kind: routeKind,
-        route_digest: readOptionalString(value.route_digest),
-        failure_oracle_hash: readOptionalString(value.failure_oracle_hash),
-        steps: rawSteps.map((step, index) => readRouteStep(step, index)),
-    };
-}
-function readLegacyReproEvidenceItem(value) {
-    if (!isPlainRecord(value)) {
-        return {
-            status: 'missing',
-            summary: null,
-            reason: null,
-        };
-    }
-    if (!isLegacyReproEvidenceStatus(value.status)) {
-        throw new Error('invalid_repro_evidence_file');
-    }
-    return {
-        status: value.status,
-        summary: readOptionalString(value.summary),
-        reason: readOptionalString(value.reason),
-    };
-}
-function legacyBeforeFixEvidence(value) {
-    const item = readLegacyReproEvidenceItem(value);
-    return {
-        status: item.status === 'present' ? 'reproduced' : item.status,
-        outcome: item.status === 'present' ? 'failed_as_expected' : null,
-        receipt_path: null,
-        receipt_sha256: null,
-        verification_plan_id: null,
-        summary: item.summary,
-        reason: item.reason,
-    };
-}
-function legacyAfterFixEvidence(value) {
-    const item = readLegacyReproEvidenceItem(value);
-    return {
-        status: item.status === 'present' ? 'passed' : item.status,
-        outcome: item.status === 'present' ? 'passed_expected_behavior' : null,
-        same_route_as: null,
-        receipt_path: null,
-        receipt_sha256: null,
-        verification_plan_id: null,
-        summary: item.summary,
-        reason: item.reason,
-    };
-}
-function legacyRegressionGuardEvidence(value) {
-    const item = readLegacyReproEvidenceItem(value);
-    return {
-        status: item.status === 'present' ? 'passed' : item.status,
-        intent: null,
-        test_path: null,
-        receipt_path: null,
-        receipt_sha256: null,
-        verification_plan_id: null,
-        summary: item.summary,
-        reason: item.reason,
-    };
-}
-function readBeforeFixEvidence(value) {
-    if (!isPlainRecord(value)) {
-        return {
-            status: 'missing',
-            outcome: null,
-            receipt_path: null,
-            receipt_sha256: null,
-            verification_plan_id: null,
-            summary: null,
-            reason: null,
-        };
-    }
-    const outcome = value.outcome ?? null;
-    if (!isReproBeforeFixStatus(value.status) || !isReproBeforeFixOutcome(outcome)) {
-        throw new Error('invalid_repro_evidence_file');
-    }
-    return {
-        status: value.status,
-        outcome,
-        receipt_path: readOptionalString(value.receipt_path),
-        receipt_sha256: readOptionalString(value.receipt_sha256),
-        verification_plan_id: readOptionalString(value.verification_plan_id),
-        summary: readOptionalString(value.summary),
-        reason: readOptionalString(value.reason),
-    };
-}
-function readAfterFixEvidence(value) {
-    if (!isPlainRecord(value)) {
-        return {
-            status: 'missing',
-            outcome: null,
-            same_route_as: null,
-            receipt_path: null,
-            receipt_sha256: null,
-            verification_plan_id: null,
-            summary: null,
-            reason: null,
-        };
-    }
-    const outcome = value.outcome ?? null;
-    if (!isReproAfterFixStatus(value.status) || !isReproAfterFixOutcome(outcome)) {
-        throw new Error('invalid_repro_evidence_file');
-    }
-    return {
-        status: value.status,
-        outcome,
-        same_route_as: readOptionalString(value.same_route_as),
-        receipt_path: readOptionalString(value.receipt_path),
-        receipt_sha256: readOptionalString(value.receipt_sha256),
-        verification_plan_id: readOptionalString(value.verification_plan_id),
-        summary: readOptionalString(value.summary),
-        reason: readOptionalString(value.reason),
-    };
-}
-function readRegressionGuardEvidence(value) {
-    if (!isPlainRecord(value)) {
-        return {
-            status: 'missing',
-            intent: null,
-            test_path: null,
-            receipt_path: null,
-            receipt_sha256: null,
-            verification_plan_id: null,
-            summary: null,
-            reason: null,
-        };
-    }
-    if (!isReproRegressionGuardStatus(value.status)) {
-        throw new Error('invalid_repro_evidence_file');
-    }
-    return {
-        status: value.status,
-        intent: readOptionalString(value.intent),
-        test_path: readOptionalString(value.test_path),
-        receipt_path: readOptionalString(value.receipt_path),
-        receipt_sha256: readOptionalString(value.receipt_sha256),
-        verification_plan_id: readOptionalString(value.verification_plan_id),
-        summary: readOptionalString(value.summary),
-        reason: readOptionalString(value.reason),
-    };
-}
-function readReproEvidenceFile(projectRoot, inputPath) {
-    const parsed = readJsonInputFile(projectRoot, inputPath, 'invalid_repro_evidence_file');
-    if (!isPlainRecord(parsed) || parsed.schema_version !== '1' || parsed.command !== 'repro-evidence') {
-        throw new Error('unsupported_repro_evidence_source');
-    }
-    const regressionGuard = isPlainRecord(parsed.regression_guard) && isReproRegressionGuardStatus(parsed.regression_guard.status)
-        ? readRegressionGuardEvidence(parsed.regression_guard)
-        : legacyRegressionGuardEvidence(parsed.regression_guard);
-    return {
-        source: 'repro_first_debug',
-        authority: 'claim_evidence',
-        reported_symptom: readOptionalString(parsed.reported_symptom),
-        expected_behavior: readOptionalString(parsed.expected_behavior),
-        observed_behavior: readOptionalString(parsed.observed_behavior),
-        reproduction_route: readReproductionRoute(parsed.reproduction_route),
-        before_fix: isPlainRecord(parsed.before_fix)
-            ? readBeforeFixEvidence(parsed.before_fix)
-            : legacyBeforeFixEvidence(parsed.evidence_before_fix),
-        after_fix: isPlainRecord(parsed.after_fix)
-            ? readAfterFixEvidence(parsed.after_fix)
-            : legacyAfterFixEvidence(parsed.evidence_after_fix),
-        regression_guard: regressionGuard,
-    };
-}
-function readExternalEvidenceFile(projectRoot, inputPath) {
-    const parsed = readJsonInputFile(projectRoot, inputPath, 'invalid_external_evidence_file');
-    if (!isPlainRecord(parsed) || parsed.schema_version !== '1' || parsed.command !== 'external-evidence') {
-        throw new Error('unsupported_external_evidence_source');
-    }
-    if (!Array.isArray(parsed.checks)) {
-        throw new Error('invalid_external_evidence_file');
-    }
-    return parsed.checks.map((check) => {
-        if (!isPlainRecord(check) ||
-            typeof check.provider !== 'string' ||
-            check.provider.length === 0 ||
-            typeof check.name !== 'string' ||
-            check.name.length === 0 ||
-            !isExternalEvidenceStatus(check.status)) {
-            throw new Error('invalid_external_evidence_file');
-        }
-        return {
-            source: 'external_ci',
-            authority: 'supporting_only',
-            provider: check.provider,
-            name: check.name,
-            status: check.status,
-            url: readOptionalString(check.url),
-            summary: readOptionalString(check.summary),
-        };
-    });
-}
-function createInputFromChanged(projectRoot) {
-    const plan = createClassifyOutput(projectRoot, 'changed', []);
-    return {
-        plan,
-        input: {
-            reasons: plan.summary.validationReasons,
-            classificationReport: plan,
-        },
-    };
-}
-function writeChangedPlan(projectRoot, inputPath, plan) {
-    const planPath = resolvePlanPath(projectRoot, inputPath);
-    writeJsonFileInsideWithoutSymlinks(projectRoot, planPath, plan);
-}
-export function planErrorMessageKey(code) {
-    switch (code) {
-        case 'plan_path_outside_root':
-            return 'verify.error.plan_path_outside_root';
-        case 'input_path_contains_symlink':
-            return 'verify.error.input_path_contains_symlink';
-        case 'missing_plan_reasons':
-            return 'verify.error.missing_plan_reasons';
-        case 'unsupported_plan_source':
-            return 'verify.error.unsupported_plan_source';
-        case 'plan_root_mismatch':
-            return 'verify.error.plan_root_mismatch';
-        case 'git_changed_files_unavailable':
-            return 'verify.error.changed_files_unavailable';
-        default:
-            return 'verify.error.invalid_plan_file';
-    }
-}
 function skippedResult(candidate) {
     return {
         intent: candidate.intent || null,
@@ -628,9 +163,10 @@ function testTargetsByScheduledIntent(report) {
         candidate.appliedTestTargets.length > 0)
         .map((candidate) => [candidate.intent, candidate.appliedTestTargets]));
 }
-async function runVerificationIntent(intent, lang, verificationPlanId, testTargets = [], additionalDeclaredWritePaths = []) {
+async function runVerificationIntent(intent, lang, verificationPlanId, correlationId, testTargets = [], additionalDeclaredWritePaths = []) {
     const output = createBufferedOutput();
     const exitCode = await runRun([intent, '--json'], output.reporter, lang, {
+        correlationId,
         writeLatestReceipt: false,
         writeLatestProfile: false,
         recordPerformanceHistory: false,
@@ -672,19 +208,19 @@ function entriesForScheduleBatch(entries, batch) {
     const batchIntents = new Set(batch.intents);
     return entries.filter((entry) => batchIntents.has(entry.intent));
 }
-async function runVerificationEntriesSequentially(entries, lang, verificationPlanId, scheduledTestTargets) {
+async function runVerificationEntriesSequentially(entries, lang, verificationPlanId, correlationId, scheduledTestTargets) {
     const results = [];
     for (const entry of entries) {
-        results.push(await runVerificationIntent(entry.intent, lang, verificationPlanId, scheduledTestTargets.get(entry.intent) ?? []));
+        results.push(await runVerificationIntent(entry.intent, lang, verificationPlanId, correlationId, scheduledTestTargets.get(entry.intent) ?? []));
     }
     return results;
 }
-async function runVerificationEntriesInParallelChunks(projectRoot, entries, parallelism, lang, verificationPlanId, scheduledTestTargets) {
+async function runVerificationEntriesInParallelChunks(projectRoot, entries, parallelism, lang, verificationPlanId, correlationId, scheduledTestTargets) {
     const results = [];
     for (let index = 0; index < entries.length; index += parallelism) {
         const chunk = entries.slice(index, index + parallelism);
         const batchTracker = startRunWriteBatchTracking(projectRoot);
-        const chunkResults = await Promise.all(chunk.map((entry) => runVerificationIntent(entry.intent, lang, verificationPlanId, scheduledTestTargets.get(entry.intent) ?? [])));
+        const chunkResults = await Promise.all(chunk.map((entry) => runVerificationIntent(entry.intent, lang, verificationPlanId, correlationId, scheduledTestTargets.get(entry.intent) ?? [])));
         const writeDriftByIntent = finishRunWriteBatchTracking(batchTracker, chunk.map((entry) => ({
             intentName: entry.intent,
             declaredPaths: declaredWritePathsForScheduleEntry(entry),
@@ -732,7 +268,7 @@ function verificationResultFailed(result) {
             result.status === 'start_failed' ||
             result.status === 'output_limit_exceeded'));
 }
-async function runScheduledVerificationIntents(report, projectRoot, lang, verificationPlanId, scheduledTestTargets, parallelism) {
+async function runScheduledVerificationIntents(report, projectRoot, lang, verificationPlanId, correlationId, scheduledTestTargets, parallelism) {
     const results = [];
     for (let batchIndex = 0; batchIndex < report.schedule.batches.length; batchIndex += 1) {
         const batch = report.schedule.batches[batchIndex];
@@ -744,11 +280,11 @@ async function runScheduledVerificationIntents(report, projectRoot, lang, verifi
         if (entries.length > 1 && entries.every((entry) => entry.parallelEligible)) {
             batchResults =
                 parallelism > DEFAULT_VERIFY_PARALLELISM
-                    ? await runVerificationEntriesInParallelChunks(projectRoot, entries, parallelism, lang, verificationPlanId, scheduledTestTargets)
-                    : await runVerificationEntriesSequentially(entries, lang, verificationPlanId, scheduledTestTargets);
+                    ? await runVerificationEntriesInParallelChunks(projectRoot, entries, parallelism, lang, verificationPlanId, correlationId, scheduledTestTargets)
+                    : await runVerificationEntriesSequentially(entries, lang, verificationPlanId, correlationId, scheduledTestTargets);
         }
         else {
-            batchResults = await runVerificationEntriesSequentially(entries, lang, verificationPlanId, scheduledTestTargets);
+            batchResults = await runVerificationEntriesSequentially(entries, lang, verificationPlanId, correlationId, scheduledTestTargets);
         }
         results.push(...batchResults);
         if (!batchResults.some(verificationResultFailed)) {
@@ -1217,6 +753,7 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
     const manifest = {
         schema_version: '1',
         command: 'verify',
+        correlation_id: outputWithReceiptPaths.correlation_id,
         reason: outputWithReceiptPaths.reason,
         reasons: outputWithReceiptPaths.reasons,
         plan_source: outputWithReceiptPaths.plan_source,
@@ -1237,6 +774,7 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
         schema_version: '1',
         command: 'verify',
         kind: 'verify_run_summary',
+        correlation_id: outputWithReceiptPaths.correlation_id,
         reason: outputWithReceiptPaths.reason,
         reasons: outputWithReceiptPaths.reasons,
         plan_source: outputWithReceiptPaths.plan_source,
@@ -1269,7 +807,7 @@ async function createVerifyOutput(input, planSource, projectRoot, lang, reproEvi
     const reproEvidenceRisks = createReproEvidenceRisks(reproEvidence, { verificationPlanId });
     const reproEvidenceVerdictEffects = countReproEvidenceVerdictEffects(reproEvidenceRisks);
     const externalEvidenceRisks = createExternalEvidenceRisks(externalChecks);
-    const results = await runScheduledVerificationIntents(report, projectRoot, lang, verificationPlanId, scheduledTestTargets, parallelism);
+    const results = await runScheduledVerificationIntents(report, projectRoot, lang, verificationPlanId, input.correlationId, scheduledTestTargets, parallelism);
     results.push(...createSkippedResults(report.candidates, scheduledIntents, report.gaps));
     const summary = summarizeResults(results);
     const status = getVerificationStatus(summary);
@@ -1325,6 +863,7 @@ async function createVerifyOutput(input, planSource, projectRoot, lang, reproEvi
     const output = {
         schema_version: VERIFY_SCHEMA_VERSION,
         command: 'verify',
+        correlation_id: input.correlationId,
         mustflow_root: projectRoot,
         reason: input.reasons.join(', '),
         reasons: input.reasons,
@@ -1359,16 +898,17 @@ async function createPlanOnlyOutput(input, projectRoot) {
         return surfaceReadModels.length > 0 ? { ...requirement, surfaceReadModels } : requirement;
     });
     if (!firstEntry) {
-        return { ...report, verification_plan_id: verificationPlanId, requirements };
+        return { ...report, correlation_id: input.correlationId, verification_plan_id: verificationPlanId, requirements };
     }
     const scheduledIntents = Array.from(new Set(report.schedule.entries.map((entry) => entry.intent)));
     const graphsByIntent = await readLocalCommandEffectGraphs(projectRoot, scheduledIntents);
     const firstGraph = graphsByIntent.get(firstEntry.intent);
     if (!firstGraph) {
-        return { ...report, verification_plan_id: verificationPlanId, requirements };
+        return { ...report, correlation_id: input.correlationId, verification_plan_id: verificationPlanId, requirements };
     }
     return {
         ...report,
+        correlation_id: input.correlationId,
         verification_plan_id: verificationPlanId,
         requirements,
         schedule: {
@@ -1475,7 +1015,7 @@ export async function runVerify(args, reporter, lang = 'en') {
     let externalChecks = [];
     try {
         if (parsed.writePlan) {
-            resolvePlanPath(projectRoot, parsed.writePlan);
+            resolveVerifyInputPath(projectRoot, parsed.writePlan);
         }
         if (parsed.changed) {
             const changedInput = createInputFromChanged(projectRoot);
@@ -1487,6 +1027,7 @@ export async function runVerify(args, reporter, lang = 'en') {
         }
         else {
             input = {
+                correlationId: createCorrelationId('verify'),
                 reasons: [parsed.reason],
                 classificationReport: createSyntheticClassificationReport([parsed.reason]),
             };

package/dist/cli/i18n/en.js

@@ -652,6 +652,7 @@ Read these files before working:
     "run.help.option.dryRun": "Print a non-executing command plan",
     "run.help.option.planOnly": "Alias for --dry-run",
     "run.help.option.json": "Print the run record or command plan as JSON",
+    "run.help.option.allowUntrustedRoot": "Allow one execution from a root with a missing or invalid manifest lock after manual review",
     "run.help.exit.ok": "The command completed with an allowed exit code",
     "run.help.exit.fail": "The command was invalid, refused, timed out, or failed",
     "run.label.suggestedIntentSnippet": "Suggested command contract snippet",
@@ -674,6 +675,8 @@ Read these files before working:
     "run.error.maxOutputBytes": 'Command "{intent}" has invalid max_output_bytes. {detail}',
     "run.error.maxOutputBytesDetail": "The output limit must stay within the allowed maximum.",
     "run.error.conflictingPreviewModes": "Use either --dry-run or --plan-only, not both",
+    "run.error.untrustedRootMissing": "Refused to execute commands because {path} is missing. Run mf init/update to install the workflow, or pass --allow-untrusted-root after reviewing AGENTS.md and .mustflow/config/commands.toml.",
+    "run.error.untrustedRootInvalid": "Refused to execute commands because the manifest lock is invalid: {detail}. Restore or regenerate it, or pass --allow-untrusted-root after reviewing AGENTS.md and .mustflow/config/commands.toml.",
     "run.error.timedOut": 'Command "{intent}" timed out after {seconds} seconds',
     "run.error.outputLimitExceeded": 'Command "{intent}" exceeded max_output_bytes: {message}',
     "run.error.startFailed": 'Command "{intent}" failed to start: {message}',

package/dist/cli/i18n/es.js

@@ -652,6 +652,7 @@ Lee estos archivos antes de trabajar:
     "run.help.option.dryRun": "Imprime un plan de comando sin ejecutarlo",
     "run.help.option.planOnly": "Alias de --dry-run",
     "run.help.option.json": "Imprime el registro de ejecución o el plan de comando como JSON",
+    "run.help.option.allowUntrustedRoot": "Permite una ejecución desde una raíz con bloqueo de manifiesto ausente o inválido tras revisión manual",
     "run.help.exit.ok": "El comando se completo con un codigo de salida permitido",
     "run.help.exit.fail": "El comando no era válido, fue rechazado, agotó el tiempo o falló",
     "run.label.suggestedIntentSnippet": "Snippet sugerido para el contrato de comandos",
@@ -674,6 +675,8 @@ Lee estos archivos antes de trabajar:
     "run.error.maxOutputBytes": 'El comando "{intent}" tiene max_output_bytes no válido. {detail}',
     "run.error.maxOutputBytesDetail": "El límite de salida debe permanecer dentro del máximo permitido.",
     "run.error.conflictingPreviewModes": "Usa --dry-run o --plan-only, no ambos",
+    "run.error.untrustedRootMissing": "Se rechazó ejecutar comandos porque falta {path}. Ejecuta mf init/update para instalar el flujo, o usa --allow-untrusted-root tras revisar AGENTS.md y .mustflow/config/commands.toml.",
+    "run.error.untrustedRootInvalid": "Se rechazó ejecutar comandos porque el bloqueo de manifiesto no es válido: {detail}. Restáuralo o regenéralo, o usa --allow-untrusted-root tras revisar AGENTS.md y .mustflow/config/commands.toml.",
     "run.error.timedOut": 'El comando "{intent}" agotó el tiempo después de {seconds} segundos',
     "run.error.outputLimitExceeded": 'El comando "{intent}" superó max_output_bytes: {message}',
     "run.error.startFailed": 'No se pudo iniciar el comando "{intent}": {message}',

package/dist/cli/i18n/fr.js

@@ -652,6 +652,7 @@ Lisez ces fichiers avant de travailler :
     "run.help.option.dryRun": "Imprime un plan de commande sans l'exécuter",
     "run.help.option.planOnly": "Alias de --dry-run",
     "run.help.option.json": "Imprime l'enregistrement d'exécution ou le plan de commande en JSON",
+    "run.help.option.allowUntrustedRoot": "Autorise une seule exécution depuis une racine sans verrou de manifeste valide après revue manuelle",
     "run.help.exit.ok": "La commande s'est terminée avec un code de sortie autorisé",
     "run.help.exit.fail": "La commande était non valide, refusée, expirée ou a échoué",
     "run.label.suggestedIntentSnippet": "Extrait suggéré de contrat de commande",
@@ -674,6 +675,8 @@ Lisez ces fichiers avant de travailler :
     "run.error.maxOutputBytes": 'La commande "{intent}" a une valeur max_output_bytes non valide. {detail}',
     "run.error.maxOutputBytesDetail": "La limite de sortie doit rester dans le maximum autorisé.",
     "run.error.conflictingPreviewModes": "Utilisez --dry-run ou --plan-only, pas les deux",
+    "run.error.untrustedRootMissing": "Exécution refusée car {path} est absent. Lancez mf init/update pour installer le workflow, ou ajoutez --allow-untrusted-root après avoir relu AGENTS.md et .mustflow/config/commands.toml.",
+    "run.error.untrustedRootInvalid": "Exécution refusée car le verrou de manifeste est invalide : {detail}. Restaurez-le ou régénérez-le, ou ajoutez --allow-untrusted-root après avoir relu AGENTS.md et .mustflow/config/commands.toml.",
     "run.error.timedOut": 'La commande "{intent}" a expiré après {seconds} secondes',
     "run.error.outputLimitExceeded": 'La commande "{intent}" a dépassé max_output_bytes : {message}',
     "run.error.startFailed": 'Impossible de démarrer la commande "{intent}" : {message}',