npm - oxe-cc - Versions diffs - 1.2.1 → 1.4.0 - Mend

oxe-cc 1.2.1 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (281) hide show

package/.cursor/commands/oxe-ask.md +2 -2
package/.cursor/commands/oxe-capabilities.md +2 -2
package/.cursor/commands/oxe-checkpoint.md +2 -2
package/.cursor/commands/oxe-compact.md +2 -2
package/.cursor/commands/oxe-dashboard.md +2 -2
package/.cursor/commands/oxe-debug.md +2 -2
package/.cursor/commands/oxe-discuss.md +2 -2
package/.cursor/commands/oxe-execute.md +5 -2
package/.cursor/commands/oxe-forensics.md +2 -2
package/.cursor/commands/oxe-help.md +2 -2
package/.cursor/commands/oxe-loop.md +2 -2
package/.cursor/commands/oxe-milestone.md +2 -2
package/.cursor/commands/oxe-next.md +2 -2
package/.cursor/commands/oxe-obs.md +2 -2
package/.cursor/commands/oxe-plan-agent.md +2 -2
package/.cursor/commands/oxe-plan.md +2 -2
package/.cursor/commands/oxe-project.md +2 -2
package/.cursor/commands/oxe-quick.md +2 -2
package/.cursor/commands/oxe-research.md +2 -2
package/.cursor/commands/oxe-retro.md +2 -2
package/.cursor/commands/oxe-review-pr.md +2 -2
package/.cursor/commands/oxe-route.md +2 -2
package/.cursor/commands/oxe-scan.md +2 -2
package/.cursor/commands/oxe-security.md +2 -2
package/.cursor/commands/oxe-session.md +2 -2
package/.cursor/commands/oxe-ship.md +2 -2
package/.cursor/commands/oxe-skill.md +2 -2
package/.cursor/commands/oxe-spec.md +2 -2
package/.cursor/commands/oxe-ui-review.md +2 -2
package/.cursor/commands/oxe-ui-spec.md +2 -2
package/.cursor/commands/oxe-update.md +2 -2
package/.cursor/commands/oxe-validate-gaps.md +2 -2
package/.cursor/commands/oxe-verify.md +5 -2
package/.cursor/commands/oxe-workstream.md +2 -2
package/.cursor/commands/oxe.md +2 -2
package/.github/copilot-instructions.md +13 -13
package/.github/prompts/oxe-ask.prompt.md +2 -2
package/.github/prompts/oxe-capabilities.prompt.md +2 -2
package/.github/prompts/oxe-checkpoint.prompt.md +2 -2
package/.github/prompts/oxe-compact.prompt.md +2 -2
package/.github/prompts/oxe-dashboard.prompt.md +2 -2
package/.github/prompts/oxe-debug.prompt.md +2 -2
package/.github/prompts/oxe-discuss.prompt.md +2 -2
package/.github/prompts/oxe-execute.prompt.md +5 -2
package/.github/prompts/oxe-forensics.prompt.md +2 -2
package/.github/prompts/oxe-help.prompt.md +2 -2
package/.github/prompts/oxe-loop.prompt.md +2 -2
package/.github/prompts/oxe-milestone.prompt.md +2 -2
package/.github/prompts/oxe-next.prompt.md +2 -2
package/.github/prompts/oxe-obs.prompt.md +2 -2
package/.github/prompts/oxe-plan-agent.prompt.md +2 -2
package/.github/prompts/oxe-plan.prompt.md +2 -2
package/.github/prompts/oxe-project.prompt.md +2 -2
package/.github/prompts/oxe-quick.prompt.md +2 -2
package/.github/prompts/oxe-research.prompt.md +2 -2
package/.github/prompts/oxe-retro.prompt.md +2 -2
package/.github/prompts/oxe-review-pr.prompt.md +2 -2
package/.github/prompts/oxe-route.prompt.md +2 -2
package/.github/prompts/oxe-scan.prompt.md +2 -2
package/.github/prompts/oxe-security.prompt.md +2 -2
package/.github/prompts/oxe-session.prompt.md +2 -2
package/.github/prompts/oxe-ship.prompt.md +2 -2
package/.github/prompts/oxe-skill.prompt.md +2 -2
package/.github/prompts/oxe-spec.prompt.md +2 -2
package/.github/prompts/oxe-ui-review.prompt.md +2 -2
package/.github/prompts/oxe-ui-spec.prompt.md +2 -2
package/.github/prompts/oxe-update.prompt.md +2 -2
package/.github/prompts/oxe-validate-gaps.prompt.md +2 -2
package/.github/prompts/oxe-verify.prompt.md +5 -2
package/.github/prompts/oxe-workstream.prompt.md +2 -2
package/.github/prompts/oxe.prompt.md +2 -2
package/AGENTS.md +5 -3
package/CHANGELOG.md +72 -10
package/LICENSE +21 -674
package/README.md +631 -535
package/bin/banner.txt +6 -6
package/bin/lib/oxe-agent-install.cjs +69 -69
package/bin/lib/oxe-azure.cjs +1445 -1445
package/bin/lib/oxe-context-engine.cjs +867 -867
package/bin/lib/oxe-dashboard.cjs +76 -28
package/bin/lib/oxe-operational.cjs +2144 -1340
package/bin/lib/oxe-project-health.cjs +483 -1
package/bin/lib/oxe-runtime-semantics.cjs +12 -0
package/bin/oxe-cc.js +554 -152
package/commands/oxe/ask.md +2 -2
package/commands/oxe/capabilities.md +2 -2
package/commands/oxe/checkpoint.md +2 -2
package/commands/oxe/compact.md +2 -2
package/commands/oxe/dashboard.md +2 -2
package/commands/oxe/debug.md +2 -2
package/commands/oxe/discuss.md +2 -2
package/commands/oxe/execute.md +5 -2
package/commands/oxe/forensics.md +2 -2
package/commands/oxe/help.md +2 -2
package/commands/oxe/loop.md +2 -2
package/commands/oxe/milestone.md +2 -2
package/commands/oxe/next.md +2 -2
package/commands/oxe/obs.md +2 -2
package/commands/oxe/oxe.md +2 -2
package/commands/oxe/plan-agent.md +2 -2
package/commands/oxe/plan.md +2 -2
package/commands/oxe/project.md +2 -2
package/commands/oxe/quick.md +2 -2
package/commands/oxe/research.md +2 -2
package/commands/oxe/retro.md +2 -2
package/commands/oxe/review-pr.md +2 -2
package/commands/oxe/route.md +2 -2
package/commands/oxe/scan.md +2 -2
package/commands/oxe/security.md +2 -2
package/commands/oxe/session.md +2 -2
package/commands/oxe/ship.md +2 -2
package/commands/oxe/skill.md +2 -2
package/commands/oxe/spec.md +2 -2
package/commands/oxe/ui-review.md +2 -2
package/commands/oxe/ui-spec.md +2 -2
package/commands/oxe/update.md +2 -2
package/commands/oxe/validate-gaps.md +2 -2
package/commands/oxe/verify.md +5 -2
package/commands/oxe/workstream.md +2 -2
package/lib/runtime/delivery/branch-manager.d.ts +1 -0
package/lib/runtime/delivery/branch-manager.js +7 -0
package/lib/runtime/delivery/ci-checks.js +34 -1
package/lib/runtime/delivery/delivery-records.d.ts +34 -0
package/lib/runtime/delivery/delivery-records.js +48 -0
package/lib/runtime/delivery/index.d.ts +1 -0
package/lib/runtime/delivery/index.js +1 -0
package/lib/runtime/delivery/promotion-pipeline.d.ts +26 -2
package/lib/runtime/delivery/promotion-pipeline.js +111 -14
package/lib/runtime/gate/gate-manager.d.ts +41 -0
package/lib/runtime/gate/gate-manager.js +108 -1
package/lib/runtime/index.d.ts +2 -2
package/lib/runtime/index.js +3 -1
package/lib/runtime/models/gate-decision.d.ts +4 -1
package/lib/runtime/models/workspace.d.ts +3 -0
package/lib/runtime/plugins/capability-adapter.d.ts +12 -0
package/lib/runtime/plugins/capability-adapter.js +204 -0
package/lib/runtime/plugins/capability-matrix.d.ts +5 -0
package/lib/runtime/plugins/capability-matrix.js +48 -17
package/lib/runtime/plugins/index.d.ts +1 -0
package/lib/runtime/plugins/index.js +1 -0
package/lib/runtime/plugins/plugin-abi.d.ts +2 -0
package/lib/runtime/plugins/plugin-manifest.d.ts +1 -1
package/lib/runtime/plugins/plugin-manifest.js +6 -2
package/lib/runtime/plugins/plugin-registry.d.ts +46 -0
package/lib/runtime/plugins/plugin-registry.js +79 -2
package/lib/runtime/policy/policy-engine.d.ts +19 -0
package/lib/runtime/policy/policy-engine.js +76 -4
package/lib/runtime/projection/projection-engine.d.ts +9 -1
package/lib/runtime/projection/projection-engine.js +73 -3
package/lib/runtime/scheduler/multi-agent-coordinator.d.ts +43 -1
package/lib/runtime/scheduler/multi-agent-coordinator.js +151 -39
package/lib/runtime/scheduler/run-journal.d.ts +1 -1
package/lib/runtime/scheduler/scheduler.d.ts +19 -1
package/lib/runtime/scheduler/scheduler.js +258 -13
package/lib/runtime/verification/verification-compiler.d.ts +43 -0
package/lib/runtime/verification/verification-compiler.js +137 -0
package/lib/runtime/verification/verification-manifest.d.ts +9 -0
package/lib/runtime/verification/verification-manifest.js +56 -6
package/lib/runtime/workspace/strategies/ephemeral-container.d.ts +1 -0
package/lib/runtime/workspace/strategies/ephemeral-container.js +4 -0
package/lib/runtime/workspace/strategies/git-worktree.d.ts +1 -0
package/lib/runtime/workspace/strategies/git-worktree.js +2 -0
package/lib/runtime/workspace/strategies/inplace.d.ts +1 -0
package/lib/runtime/workspace/strategies/inplace.js +2 -0
package/lib/runtime/workspace/workspace-manager.d.ts +2 -1
package/lib/sdk/README.md +20 -8
package/lib/sdk/index.cjs +33 -24
package/lib/sdk/index.d.ts +149 -14
package/oxe/templates/ACTIVE-RUN.template.json +32 -32
package/oxe/templates/CAPABILITIES.template.md +7 -7
package/oxe/templates/CAPABILITY.template.md +45 -45
package/oxe/templates/CHECKPOINTS.template.md +7 -7
package/oxe/templates/EXECUTION-RUNTIME.template.md +68 -68
package/oxe/templates/HYPOTHESES.template.md +33 -33
package/oxe/templates/LESSONS-METRICS.template.json +13 -13
package/oxe/templates/NOTES.template.md +16 -16
package/oxe/templates/PLAN-REVIEW.template.md +31 -31
package/oxe/templates/SESSION.template.md +34 -34
package/oxe/templates/SKILL.template.md +26 -26
package/oxe/templates/STATE.md +55 -55
package/oxe/templates/WORKFLOW_AUTHORING.md +18 -18
package/oxe/workflows/ask.md +96 -96
package/oxe/workflows/capabilities.md +25 -25
package/oxe/workflows/dashboard.md +33 -33
package/oxe/workflows/discuss.md +12 -12
package/oxe/workflows/execute.md +14 -0
package/oxe/workflows/help.md +352 -352
package/oxe/workflows/next.md +22 -22
package/oxe/workflows/oxe.md +6 -6
package/oxe/workflows/plan-agent.md +9 -9
package/oxe/workflows/plan.md +51 -20
package/oxe/workflows/quick.md +10 -10
package/oxe/workflows/references/reasoning-discovery.md +28 -28
package/oxe/workflows/references/reasoning-execution.md +29 -29
package/oxe/workflows/references/reasoning-planning.md +32 -32
package/oxe/workflows/references/reasoning-review.md +29 -29
package/oxe/workflows/references/reasoning-status.md +24 -24
package/oxe/workflows/references/robustness-elevation.md +295 -295
package/oxe/workflows/references/workflow-runtime-contracts.json +952 -930
package/oxe/workflows/route.md +16 -16
package/oxe/workflows/session.md +213 -213
package/oxe/workflows/ship.md +142 -142
package/oxe/workflows/skill.md +44 -44
package/oxe/workflows/ui-review.md +36 -36
package/oxe/workflows/verify-audit.md +73 -73
package/oxe/workflows/verify.md +10 -0
package/package.json +92 -92
package/packages/runtime/package.json +16 -15
package/packages/runtime/src/audit/audit-trail.ts +243 -243
package/packages/runtime/src/audit/index.ts +2 -2
package/packages/runtime/src/audit/policy-pack.ts +62 -62
package/packages/runtime/src/compiler/graph-compiler.ts +245 -245
package/packages/runtime/src/compiler/index.ts +1 -1
package/packages/runtime/src/context/context-pack-builder.ts +259 -259
package/packages/runtime/src/context/context-pack-store.ts +197 -197
package/packages/runtime/src/context/context-profiles.ts +60 -60
package/packages/runtime/src/context/index.ts +3 -3
package/packages/runtime/src/decision/decision-engine.ts +174 -174
package/packages/runtime/src/decision/decision-memo.ts +211 -211
package/packages/runtime/src/decision/index.ts +2 -2
package/packages/runtime/src/delivery/branch-manager.ts +91 -84
package/packages/runtime/src/delivery/ci-checks.ts +285 -252
package/packages/runtime/src/delivery/delivery-records.ts +75 -0
package/packages/runtime/src/delivery/index.ts +5 -4
package/packages/runtime/src/delivery/pr-manager.ts +112 -112
package/packages/runtime/src/delivery/promotion-pipeline.ts +334 -180
package/packages/runtime/src/events/bus.ts +92 -92
package/packages/runtime/src/events/catalog.ts +29 -29
package/packages/runtime/src/events/envelope.ts +14 -14
package/packages/runtime/src/events/index.ts +3 -3
package/packages/runtime/src/evidence/evidence-store.ts +130 -130
package/packages/runtime/src/evidence/index.ts +1 -1
package/packages/runtime/src/gate/gate-manager.ts +289 -137
package/packages/runtime/src/gate/index.ts +1 -1
package/packages/runtime/src/index.ts +41 -37
package/packages/runtime/src/models/attempt.ts +19 -19
package/packages/runtime/src/models/evidence.ts +21 -21
package/packages/runtime/src/models/gate-decision.ts +25 -21
package/packages/runtime/src/models/index.ts +8 -8
package/packages/runtime/src/models/run.ts +24 -24
package/packages/runtime/src/models/session.ts +11 -11
package/packages/runtime/src/models/verification-result.ts +10 -10
package/packages/runtime/src/models/work-item.ts +25 -25
package/packages/runtime/src/models/workspace.ts +31 -28
package/packages/runtime/src/plugins/capability-adapter.ts +206 -0
package/packages/runtime/src/plugins/capability-matrix.ts +126 -83
package/packages/runtime/src/plugins/index.ts +5 -4
package/packages/runtime/src/plugins/plugin-abi.ts +97 -95
package/packages/runtime/src/plugins/plugin-manifest.ts +118 -113
package/packages/runtime/src/plugins/plugin-registry.ts +232 -124
package/packages/runtime/src/policy/index.ts +1 -1
package/packages/runtime/src/policy/policy-engine.ts +330 -244
package/packages/runtime/src/projection/index.ts +1 -1
package/packages/runtime/src/projection/projection-engine.ts +328 -249
package/packages/runtime/src/reducers/debug-reducer.ts +36 -36
package/packages/runtime/src/reducers/index.ts +2 -2
package/packages/runtime/src/reducers/run-state-reducer.ts +269 -269
package/packages/runtime/src/scheduler/agent-registry.ts +132 -132
package/packages/runtime/src/scheduler/agent-roles.ts +109 -109
package/packages/runtime/src/scheduler/index.ts +4 -4
package/packages/runtime/src/scheduler/multi-agent-coordinator.ts +521 -333
package/packages/runtime/src/scheduler/run-journal.ts +62 -62
package/packages/runtime/src/scheduler/scheduler.ts +722 -441
package/packages/runtime/src/verification/index.ts +2 -2
package/packages/runtime/src/verification/verification-compiler.ts +436 -225
package/packages/runtime/src/verification/verification-manifest.ts +252 -192
package/packages/runtime/src/workspace/index.ts +5 -5
package/packages/runtime/src/workspace/strategies/ephemeral-container.ts +126 -121
package/packages/runtime/src/workspace/strategies/git-worktree.ts +79 -77
package/packages/runtime/src/workspace/strategies/inplace.ts +38 -35
package/packages/runtime/src/workspace/workspace-manager.ts +16 -15
package/packages/runtime/tsconfig.json +17 -17
package/vscode-extension/.vscodeignore +7 -7
package/vscode-extension/LICENSE +21 -0
package/vscode-extension/oxe-agents-1.0.0.vsix +0 -0
package/vscode-extension/oxe-agents-1.4.0.vsix +0 -0
package/vscode-extension/package.json +184 -184
package/vscode-extension/src/extension.js +310 -310
package/vscode-extension/src/shared/contextLoader.js +137 -137
package/vscode-extension/src/shared/contractBuilder.js +159 -159
package/vscode-extension/src/shared/stateReader.js +101 -101

package/packages/runtime/src/verification/verification-manifest.ts CHANGED Viewed

@@ -1,192 +1,252 @@
-import crypto from 'crypto';
-import path from 'path';
-import fs from 'fs';
-import type { VerificationStatus } from '../models/verification-result';
-import type { CheckResult } from './verification-compiler';
-export type VerificationProfile = 'quick' | 'standard' | 'critical';
-export type FailureClass =
-  | 'deterministic'
-  | 'flaky'
-  | 'timeout'
-  | 'env_setup'
-  | 'policy_failure'
-  | 'evidence_missing';
-export type VerificationGranularity = 'work_item' | 'wave' | 'run';
-export interface ManifestCheck {
-  check_id: string;
-  acceptance_ref: string | null;
-  status: VerificationStatus;
-  failure_class: FailureClass | null;
-  evidence_refs: string[];
-  duration_ms: number;
-}
-export interface VerificationManifest {
-  manifest_id: string;
-  run_id: string;
-  work_item_id: string | null;
-  wave: number | null;
-  granularity: VerificationGranularity;
-  profile: VerificationProfile;
-  compiled_at: string;
-  checks: ManifestCheck[];
-  summary: {
-    total: number;
-    pass: number;
-    fail: number;
-    skip: number;
-    error: number;
-    all_passed: boolean;
-  };
-}
-export interface ResidualRisk {
-  risk_id: string;
-  work_item_id: string | null;
-  check_id: string | null;
-  failure_class: FailureClass;
-  description: string;
-  severity: 'low' | 'medium' | 'high' | 'critical';
-  mitigation: string | null;
-}
-export interface ResidualRiskLedger {
-  run_id: string;
-  generated_at: string;
-  risks: ResidualRisk[];
-}
-const PROFILE_REQUIRED_CHECKS: Record<VerificationProfile, FailureClass[]> = {
-  quick: ['deterministic'],
-  standard: ['deterministic', 'policy_failure'],
-  critical: ['deterministic', 'policy_failure', 'evidence_missing', 'flaky'],
-};
-export function classifyFailure(result: CheckResult): FailureClass | null {
-  if (result.status === 'pass' || result.status === 'skip') return null;
-  if (result.error && (result.error.toLowerCase().includes('timeout') || result.error.toLowerCase().includes('timed out'))) return 'timeout';
-  if (result.exit_code === null && result.error) return 'env_setup';
-  if (result.stderr.toLowerCase().includes('policy') || result.stderr.toLowerCase().includes('denied')) {
-    return 'policy_failure';
-  }
-  if (result.exit_code !== 0 && result.stderr === '' && result.stdout === '') return 'evidence_missing';
-  // Default: non-deterministic signals (no reliable exit code pattern)
-  return 'deterministic';
-}
-export function buildManifest(
-  runId: string,
-  results: CheckResult[],
-  options: {
-    workItemId?: string;
-    wave?: number;
-    granularity?: VerificationGranularity;
-    profile?: VerificationProfile;
-    evidenceRefs?: Map<string, string[]>;
-  } = {}
-): VerificationManifest {
-  const profile = options.profile ?? 'standard';
-  const granularity = options.granularity ?? 'run';
-  const evidenceRefs = options.evidenceRefs ?? new Map();
-  const checks: ManifestCheck[] = results.map((r) => ({
-    check_id: r.check_id,
-    acceptance_ref: r.acceptance_ref,
-    status: r.status,
-    failure_class: classifyFailure(r),
-    evidence_refs: evidenceRefs.get(r.check_id) ?? [],
-    duration_ms: r.duration_ms,
-  }));
-  const summary = {
-    total: checks.length,
-    pass: checks.filter((c) => c.status === 'pass').length,
-    fail: checks.filter((c) => c.status === 'fail').length,
-    skip: checks.filter((c) => c.status === 'skip').length,
-    error: checks.filter((c) => c.status === 'error').length,
-    all_passed: checks.every((c) => c.status === 'pass' || c.status === 'skip'),
-  };
-  return {
-    manifest_id: `vm-${crypto.randomBytes(4).toString('hex')}`,
-    run_id: runId,
-    work_item_id: options.workItemId ?? null,
-    wave: options.wave ?? null,
-    granularity,
-    profile,
-    compiled_at: new Date().toISOString(),
-    checks,
-    summary,
-  };
-}
-export function buildRiskLedger(
-  runId: string,
-  manifest: VerificationManifest
-): ResidualRiskLedger {
-  const risks: ResidualRisk[] = [];
-  for (const check of manifest.checks) {
-    if (check.status === 'pass' || check.status === 'skip') continue;
-    if (!check.failure_class) continue;
-    const required = PROFILE_REQUIRED_CHECKS[manifest.profile];
-    if (!required.includes(check.failure_class)) continue;
-    risks.push({
-      risk_id: `risk-${crypto.randomBytes(3).toString('hex')}`,
-      work_item_id: manifest.work_item_id,
-      check_id: check.check_id,
-      failure_class: check.failure_class,
-      description: `Check ${check.check_id} ${check.status}: ${check.failure_class}`,
-      severity: check.failure_class === 'policy_failure' || check.failure_class === 'deterministic'
-        ? 'high'
-        : check.failure_class === 'evidence_missing'
-        ? 'medium'
-        : 'low',
-      mitigation: null,
-    });
-  }
-  return {
-    run_id: runId,
-    generated_at: new Date().toISOString(),
-    risks,
-  };
-}
-export function saveManifest(projectRoot: string, runId: string, manifest: VerificationManifest): void {
-  const p = path.join(projectRoot, '.oxe', 'runs', runId, 'verification-manifest.json');
-  fs.mkdirSync(path.dirname(p), { recursive: true });
-  fs.writeFileSync(p, JSON.stringify(manifest, null, 2), 'utf8');
-}
-export function loadManifest(projectRoot: string, runId: string): VerificationManifest | null {
-  const p = path.join(projectRoot, '.oxe', 'runs', runId, 'verification-manifest.json');
-  if (!fs.existsSync(p)) return null;
-  try {
-    return JSON.parse(fs.readFileSync(p, 'utf8')) as VerificationManifest;
-  } catch {
-    return null;
-  }
-}
-export function saveRiskLedger(projectRoot: string, runId: string, ledger: ResidualRiskLedger): void {
-  const p = path.join(projectRoot, '.oxe', 'runs', runId, 'residual-risks.json');
-  fs.mkdirSync(path.dirname(p), { recursive: true });
-  fs.writeFileSync(p, JSON.stringify(ledger, null, 2), 'utf8');
-}
-export function loadRiskLedger(projectRoot: string, runId: string): ResidualRiskLedger | null {
-  const p = path.join(projectRoot, '.oxe', 'runs', runId, 'residual-risks.json');
-  if (!fs.existsSync(p)) return null;
-  try {
-    return JSON.parse(fs.readFileSync(p, 'utf8')) as ResidualRiskLedger;
-  } catch {
-    return null;
-  }
-}
+import crypto from 'crypto';
+import path from 'path';
+import fs from 'fs';
+import type { VerificationStatus } from '../models/verification-result';
+import type { CheckResult } from './verification-compiler';
+export type VerificationProfile = 'quick' | 'standard' | 'critical';
+export type FailureClass =
+  | 'deterministic'
+  | 'flaky'
+  | 'timeout'
+  | 'env_setup'
+  | 'policy_failure'
+  | 'evidence_missing';
+export type VerificationGranularity = 'work_item' | 'wave' | 'run';
+export interface ManifestCheck {
+  check_id: string;
+  acceptance_ref: string | null;
+  status: VerificationStatus;
+  failure_class: FailureClass | null;
+  evidence_refs: string[];
+  duration_ms: number;
+}
+export interface VerificationManifest {
+  manifest_id: string;
+  run_id: string;
+  work_item_id: string | null;
+  wave: number | null;
+  granularity: VerificationGranularity;
+  profile: VerificationProfile;
+  compiled_at: string;
+  checks: ManifestCheck[];
+  summary: {
+    total: number;
+    pass: number;
+    fail: number;
+    skip: number;
+    error: number;
+    all_passed: boolean;
+  };
+}
+export interface ResidualRisk {
+  risk_id: string;
+  work_item_id: string | null;
+  check_id: string | null;
+  failure_class: FailureClass;
+  description: string;
+  severity: 'low' | 'medium' | 'high' | 'critical';
+  mitigation: string | null;
+}
+export interface ResidualRiskLedger {
+  run_id: string;
+  generated_at: string;
+  risks: ResidualRisk[];
+}
+export interface EvidenceCoverageSummary {
+  total_checks: number;
+  checks_with_evidence: number;
+  total_evidence_refs: number;
+  coverage_percent: number;
+}
+function runDir(projectRoot: string, runId: string): string {
+  return path.join(projectRoot, '.oxe', 'runs', runId);
+}
+function manifestPath(projectRoot: string, runId: string): string {
+  return path.join(runDir(projectRoot, runId), 'verification-manifest.json');
+}
+function riskLedgerPath(projectRoot: string, runId: string): string {
+  return path.join(runDir(projectRoot, runId), 'residual-risk-ledger.json');
+}
+function legacyRiskLedgerPath(projectRoot: string, runId: string): string {
+  return path.join(runDir(projectRoot, runId), 'residual-risks.json');
+}
+function evidenceCoveragePath(projectRoot: string, runId: string): string {
+  return path.join(runDir(projectRoot, runId), 'evidence-coverage.json');
+}
+const PROFILE_REQUIRED_CHECKS: Record<VerificationProfile, FailureClass[]> = {
+  quick: ['deterministic'],
+  standard: ['deterministic', 'policy_failure'],
+  critical: ['deterministic', 'policy_failure', 'evidence_missing', 'flaky'],
+};
+export function classifyFailure(result: CheckResult): FailureClass | null {
+  if (result.status === 'pass' || result.status === 'skip') return null;
+  if (result.error && (result.error.toLowerCase().includes('timeout') || result.error.toLowerCase().includes('timed out'))) return 'timeout';
+  if (result.exit_code === null && result.error) return 'env_setup';
+  if (result.stderr.toLowerCase().includes('policy') || result.stderr.toLowerCase().includes('denied')) {
+    return 'policy_failure';
+  }
+  if (result.exit_code !== 0 && result.stderr === '' && result.stdout === '') return 'evidence_missing';
+  // Default: non-deterministic signals (no reliable exit code pattern)
+  return 'deterministic';
+}
+export function buildManifest(
+  runId: string,
+  results: CheckResult[],
+  options: {
+    workItemId?: string;
+    wave?: number;
+    granularity?: VerificationGranularity;
+    profile?: VerificationProfile;
+    evidenceRefs?: Map<string, string[]>;
+  } = {}
+): VerificationManifest {
+  const profile = options.profile ?? 'standard';
+  const granularity = options.granularity ?? 'run';
+  const evidenceRefs = options.evidenceRefs ?? new Map();
+  const checks: ManifestCheck[] = results.map((r) => ({
+    check_id: r.check_id,
+    acceptance_ref: r.acceptance_ref,
+    status: r.status,
+    failure_class: classifyFailure(r),
+    evidence_refs: evidenceRefs.get(r.check_id) ?? [],
+    duration_ms: r.duration_ms,
+  }));
+  const summary = {
+    total: checks.length,
+    pass: checks.filter((c) => c.status === 'pass').length,
+    fail: checks.filter((c) => c.status === 'fail').length,
+    skip: checks.filter((c) => c.status === 'skip').length,
+    error: checks.filter((c) => c.status === 'error').length,
+    all_passed: checks.every((c) => c.status === 'pass' || c.status === 'skip'),
+  };
+  return {
+    manifest_id: `vm-${crypto.randomBytes(4).toString('hex')}`,
+    run_id: runId,
+    work_item_id: options.workItemId ?? null,
+    wave: options.wave ?? null,
+    granularity,
+    profile,
+    compiled_at: new Date().toISOString(),
+    checks,
+    summary,
+  };
+}
+export function buildRiskLedger(
+  runId: string,
+  manifest: VerificationManifest
+): ResidualRiskLedger {
+  const risks: ResidualRisk[] = [];
+  for (const check of manifest.checks) {
+    if (check.status === 'pass' || check.status === 'skip') continue;
+    if (!check.failure_class) continue;
+    const required = PROFILE_REQUIRED_CHECKS[manifest.profile];
+    if (!required.includes(check.failure_class)) continue;
+    risks.push({
+      risk_id: `risk-${crypto.randomBytes(3).toString('hex')}`,
+      work_item_id: manifest.work_item_id,
+      check_id: check.check_id,
+      failure_class: check.failure_class,
+      description: `Check ${check.check_id} ${check.status}: ${check.failure_class}`,
+      severity: check.failure_class === 'policy_failure' || check.failure_class === 'deterministic'
+        ? 'high'
+        : check.failure_class === 'evidence_missing'
+        ? 'medium'
+        : 'low',
+      mitigation: null,
+    });
+  }
+  return {
+    run_id: runId,
+    generated_at: new Date().toISOString(),
+    risks,
+  };
+}
+export function summarizeEvidenceCoverage(manifest: VerificationManifest): EvidenceCoverageSummary {
+  const totalChecks = manifest.checks.length;
+  const checksWithEvidence = manifest.checks.filter((check) => check.evidence_refs.length > 0).length;
+  const totalEvidenceRefs = manifest.checks.reduce((sum, check) => sum + check.evidence_refs.length, 0);
+  const coveragePercent = totalChecks === 0 ? 100 : Math.round((checksWithEvidence / totalChecks) * 100);
+  return {
+    total_checks: totalChecks,
+    checks_with_evidence: checksWithEvidence,
+    total_evidence_refs: totalEvidenceRefs,
+    coverage_percent: coveragePercent,
+  };
+}
+export function saveManifest(projectRoot: string, runId: string, manifest: VerificationManifest): void {
+  const p = manifestPath(projectRoot, runId);
+  fs.mkdirSync(path.dirname(p), { recursive: true });
+  fs.writeFileSync(p, JSON.stringify(manifest, null, 2), 'utf8');
+}
+export function loadManifest(projectRoot: string, runId: string): VerificationManifest | null {
+  const p = manifestPath(projectRoot, runId);
+  if (!fs.existsSync(p)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(p, 'utf8')) as VerificationManifest;
+  } catch {
+    return null;
+  }
+}
+export function saveRiskLedger(projectRoot: string, runId: string, ledger: ResidualRiskLedger): void {
+  const canonical = riskLedgerPath(projectRoot, runId);
+  const legacy = legacyRiskLedgerPath(projectRoot, runId);
+  fs.mkdirSync(path.dirname(canonical), { recursive: true });
+  fs.writeFileSync(canonical, JSON.stringify(ledger, null, 2), 'utf8');
+  fs.writeFileSync(legacy, JSON.stringify(ledger, null, 2), 'utf8');
+}
+export function loadRiskLedger(projectRoot: string, runId: string): ResidualRiskLedger | null {
+  const canonical = riskLedgerPath(projectRoot, runId);
+  const legacy = legacyRiskLedgerPath(projectRoot, runId);
+  const p = fs.existsSync(canonical) ? canonical : legacy;
+  if (!fs.existsSync(p)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(p, 'utf8')) as ResidualRiskLedger;
+  } catch {
+    return null;
+  }
+}
+export function saveEvidenceCoverage(projectRoot: string, runId: string, coverage: EvidenceCoverageSummary): void {
+  const p = evidenceCoveragePath(projectRoot, runId);
+  fs.mkdirSync(path.dirname(p), { recursive: true });
+  fs.writeFileSync(p, JSON.stringify(coverage, null, 2), 'utf8');
+}
+export function loadEvidenceCoverage(projectRoot: string, runId: string): EvidenceCoverageSummary | null {
+  const p = evidenceCoveragePath(projectRoot, runId);
+  if (!fs.existsSync(p)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(p, 'utf8')) as EvidenceCoverageSummary;
+  } catch {
+    return null;
+  }
+}

package/packages/runtime/src/workspace/index.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-export * from './workspace-manager';
-export { InplaceWorkspaceManager } from './strategies/inplace';
-export { GitWorktreeManager } from './strategies/git-worktree';
-export { EphemeralContainerManager } from './strategies/ephemeral-container';
-export type { ContainerOptions } from './strategies/ephemeral-container';
+export * from './workspace-manager';
+export { InplaceWorkspaceManager } from './strategies/inplace';
+export { GitWorktreeManager } from './strategies/git-worktree';
+export { EphemeralContainerManager } from './strategies/ephemeral-container';
+export type { ContainerOptions } from './strategies/ephemeral-container';