proteum 2.5.1 → 2.5.3

package/AGENTS.md

@@ -46,8 +46,8 @@ npx prisma migrate dev --config ./prisma.config.ts --name <migration name>
   [optional body]
   ```
   If the user replies exactly `commit`, treat it as conversation-wide and cross-project, not task-scoped. Identify every affected git repository or worktree touched since the last `commit` and, if there has been no prior `commit`, since the beginning of the whole conversation. In each affected repository or worktree, stage all conversation-related changed files with `git add` while still excluding unrelated pre-existing user changes or incidental untracked files, then create one `git commit`. Do not omit linked local dependencies, framework repos, connected projects, or producer apps when they were changed to make the delivered behavior actually work.
-  After providing a commit message or after creating a commit, immediately follow it with this exact prompt and obey it:
-  `Explain in short minimalistic and few bullet points what we changed in this thread, like you would do to your grandma. Start with a verb in the past.`
+  When the user asks to push, explain the currently unpushed commits in short, minimalistic bullet points in plain language, like you would do to your grandma. Start each bullet with a verb in the past.
+  When an optional commit body is useful, write it as a short, minimalistic bullet list explaining what changed in this thread in plain language, like you would do to your grandma. Start each bullet with a verb in the past. Do not print a separate prompt asking for that explanation.
 
 ## Core Changes
 
@@ -65,7 +65,7 @@ npx prisma migrate dev --config ./prisma.config.ts --name <migration name>
 - Keep the developer-facing contract synchronized when framework work changes CLI commands, profiler capabilities, or the `proteum dev` banner. Update the live surfaces together in the same pass: CLI command/help definitions, profiler panels and dev-only endpoints, banner text/examples, and the most relevant agent docs that describe them, especially `AGENTS.md`, `agents/project/AGENTS.md`, `agents/project/root/AGENTS.md`, `agents/project/app-root/AGENTS.md`, `agents/project/diagnostics.md`, and any narrower `agents/project/**/AGENTS.md` file that mentions the changed workflow.
 - Proteum MCP contract: `proteum mcp` is the machine-scope router agents register once, and `proteum dev` exposes each app runtime at `/__proteum/mcp`. `proteum dev` ensures one managed machine MCP daemon is running; do not start a second managed daemon. Agents should start with MCP `workflow_start` using `cwd` or a known `projectId`; ambiguous routing or offline app candidates use `project_resolve { cwd }`, and follow-up live app tools require the returned `projectId`. Dev-hosted app tools are already rooted to their own runtime. Keep MCP tools/resources compact, typed, capped, paginated for full trace detail, and read-only unless a future task explicitly expands the mutation contract. The database diagnostic exception is still read-only: MCP `db_query` and CLI `proteum db query` allow one capped `SELECT`, `SHOW`, or `EXPLAIN` statement only and return rows plus elapsed milliseconds. MCP payloads are compact single-line `proteum-mcp-v1` JSON, not pretty-printed human output. Do not implement MCP tools as thin CLI process wrappers when the data is available through manifest readers, tracked sessions, or dev runtime registries.
 - Keep the same-system trace contract explicit when request instrumentation changes: `TRACE_*` controls the retained dev trace store plus the trace/perf CLI, dev-only HTTP endpoints, and bottom profiler, while `ENABLE_PROFILER` enables the reduced request-local `request.profiling` snapshot and `request.finished` hook payload without retaining finished requests globally unless dev trace is also enabled.
-- Current CLI banner contract: only the bare `proteum build` and bare `proteum dev` commands print the welcome banner and include the active Proteum installation method. Any extra argument or option skips the welcome banner. Terminal `proteum mcp` may print a compact central MCP ready banner when it starts or reuses the managed daemon. Only `proteum dev` clears the interactive terminal before rendering, exposes `CTRL+R` reload plus `CTRL+C` shutdown hotkeys in its session UI, and reports connected app names plus successful connected `/ping` checks in the ready banner. Every `proteum dev` start ensures tracked instruction files contain the current managed `# Proteum Instructions` section before the dev loop begins.
+- Current CLI banner contract: only the bare `proteum build` and bare `proteum dev` commands print the welcome banner and include the active Proteum installation method. Any extra argument or option skips the welcome banner. Terminal `proteum mcp` may print a compact central MCP ready banner when it starts or reuses the managed daemon. Only `proteum dev` clears the interactive terminal before rendering, exposes `CTRL+R` reload plus `CTRL+C` shutdown hotkeys in its session UI, and reports connected app names plus successful connected `/ping` checks in the ready banner. Every `proteum dev` start ensures tracked instruction files contain the current managed `# Proteum Instructions` section and `CLAUDE.md` symlinks point to sibling `AGENTS.md` files before the dev loop begins.
 - Keep core changes aligned with the explicit controller/page architecture in `agents/project/root/AGENTS.md` and its standalone composition in `agents/project/AGENTS.md`.
 - Prefer removing framework magic when the same result can be expressed with explicit contracts, generated code, or typed context.
 - Apply the pruning rules from `agents/project/optimizations.md`, especially for webpack plugins, Babel plugins, aliases, helpers, runtime services, and npm packages that are not meaningfully used by both apps.

package/README.md

@@ -198,10 +198,12 @@ const createRouter = (app: MyApp): MyRouter =>
     app
   );
 
-const MyApplication = defineApplication<MyAppServices, MyRouter>({
-  services: (app) => ({
-    Users: new Users(app, userConfig.usersConfig, app),
-  }),
+const createServices = (app: MyApp): MyAppServices => ({
+  Users: new Users(app, userConfig.usersConfig, app),
+});
+
+const MyApplication = defineApplication({
+  services: createServices,
   router: createRouter,
 });
 
@@ -281,7 +283,7 @@ What happens here:
 Proteum controllers are explicit request entrypoints.
 
 ```ts
-import { defineAction, defineController, schema } from '@server/app/controller';
+import { defineAction, defineController, schema } from '@generated/server/controller';
 
 export default defineController({
   path: 'Auth',
@@ -399,9 +401,9 @@ Proteum ships with a compact CLI focused on the real app lifecycle:
 | `proteum command` | Run a dev-only internal command locally or against a running dev server |
 | `proteum session` | Mint a dev-only auth session token and Playwright-ready cookie payload |
 | `proteum e2e` | Run Playwright with Proteum-managed `E2E_*` values instead of shell-leading env assignments |
-| `proteum verify` | Validate framework-facing workflows across one or more running dev apps; `framework-change` is the built-in cross-reference-app check |
+| `proteum verify` | Validate targeted changed-file checks, focused owner/request/browser workflows, or the full framework reference-app pass |
 | `proteum init` | Scaffold a new Proteum app with built-in deterministic templates |
-| `proteum configure agents` | Interactively configure tracked Proteum instruction files for standalone or monorepo apps |
+| `proteum configure agents` | Interactively configure tracked Proteum instruction files and Claude aliases |
 | `proteum create` | Scaffold a page, controller, command, route, or root service inside an app |
 | `proteum worktree` | Create or initialize Codex worktrees with a machine-readable bootstrap marker |
 
@@ -411,12 +413,13 @@ Recommended daily workflow:
 proteum dev
 proteum refresh
 proteum check
+proteum verify changed --dry-run
 proteum build --prod
 proteum build --prod --analyze
 proteum build --prod --analyze --analyze-serve --analyze-port auto
 ```
 
-Only the bare `proteum build` and bare `proteum dev` commands print the welcome banner and include the active Proteum installation method. Any extra argument or option skips the banner. `proteum dev` is the only command that clears the interactive terminal before rendering its live session UI, exposes `CTRL+R` reload plus `CTRL+C` shutdown hotkeys, and prints connected app names plus successful connected `/ping` checks in the server-ready banner. Every `proteum dev` start ensures tracked Proteum instruction files contain the current managed `# Proteum Instructions` section before the dev loop begins.
+Only the bare `proteum build` and bare `proteum dev` commands print the welcome banner and include the active Proteum installation method. Any extra argument or option skips the banner. `proteum dev` is the only command that clears the interactive terminal before rendering its live session UI, exposes `CTRL+R` reload plus `CTRL+C` shutdown hotkeys, and prints connected app names plus successful connected `/ping` checks in the server-ready banner. Every `proteum dev` start ensures tracked Proteum instruction files contain the current managed `# Proteum Instructions` section and `CLAUDE.md` symlinks point to sibling `AGENTS.md` files before the dev loop begins.
 
 Useful inspection commands:
 
@@ -464,7 +467,7 @@ proteum create controller Founder/projects --method list
 proteum create service Conversion/Plans
 ```
 
-`proteum configure agents` writes a compact managed `# Proteum Instructions` router plus the task-specific instruction files that router points to. Standalone mode writes root documents into the app root; monorepo mode writes shared root documents such as `AGENTS.md`, `DOCUMENTATION.md`, `CODING_STYLE.md`, `diagnostics.md`, and `optimizations.md` into the chosen monorepo root and keeps only app-local instruction files in the Proteum app root. It preserves content outside managed sections and asks before replacing directories or foreign symlinks. If you decline, that path is left untouched.
+`proteum configure agents` writes a compact managed `# Proteum Instructions` router plus the task-specific instruction files that router points to. Standalone mode writes root documents into the app root; monorepo mode writes shared root documents such as `AGENTS.md`, `DOCUMENTATION.md`, `CODING_STYLE.md`, `diagnostics.md`, and `optimizations.md` into the chosen monorepo root and keeps only app-local instruction files in the Proteum app root. For each generated `AGENTS.md`, it creates a sibling `CLAUDE.md` symlink pointing to `AGENTS.md`. It preserves content outside managed sections and asks before replacing directories, foreign symlinks, or unrelated files. If you decline, that path is left untouched.
 
 Every `proteum dev` start runs the same idempotent instruction check. It updates missing or stale managed sections automatically and prompts only when a blocked path would need to be replaced.
 

package/agents/project/AGENTS.md

@@ -74,13 +74,13 @@ Managed compact root routers must use trigger -> canonical instruction file refe
 - If the current app depends on local `file:` connected projects, boot every connected producer app too, each with its own task-scoped session file and free port, and run every one of those `proteum dev` processes with elevated permissions outside the sandbox before starting or verifying the consumer app.
 - During `npx proteum dev`, the app exposes the read-only Proteum MCP runtime endpoint at `/__proteum/mcp`; use it for repeated agent reads instead of spawning equivalent diagnostics commands. For route/page/controller ownership, prefer MCP `workflow_start`, `route_candidates { projectId, query }`, or `explain_summary { projectId, query }` over broad `npx proteum explain --routes --controllers --full` dumps.
 - For browser validation, use the browser MCP against the running app. Keep Playwright inside `npx proteum e2e --port <port>` for targeted/full end-to-end suites. Bootstrap protected browser MCP state with `npx proteum session`; bootstrap protected E2E runs with `npx proteum e2e --session-email <email> --session-role <role>`.
-- Current CLI banner contract: only the bare `proteum build` and bare `proteum dev` commands print the welcome banner and include the active Proteum installation method. Any extra argument or option skips the welcome banner. Terminal `proteum mcp` may print a compact central MCP ready banner when it starts or reuses the managed daemon. Only `proteum dev` clears the interactive terminal before rendering, exposes `CTRL+R` reload plus `CTRL+C` shutdown hotkeys in its session UI, and reports connected app names plus successful connected `/ping` checks in the ready banner. Every `proteum dev` start ensures tracked instruction files contain the current managed `# Proteum Instructions` section before the dev loop begins.
+- Current CLI banner contract: only the bare `proteum build` and bare `proteum dev` commands print the welcome banner and include the active Proteum installation method. Any extra argument or option skips the welcome banner. Terminal `proteum mcp` may print a compact central MCP ready banner when it starts or reuses the managed daemon. Only `proteum dev` clears the interactive terminal before rendering, exposes `CTRL+R` reload plus `CTRL+C` shutdown hotkeys in its session UI, and reports connected app names plus successful connected `/ping` checks in the ready banner. Every `proteum dev` start ensures tracked instruction files contain the current managed `# Proteum Instructions` section and `CLAUDE.md` symlinks point to sibling `AGENTS.md` files before the dev loop begins.
 
 ### Before Finishing
 
 - Before finishing, re-check touched files against root-level `CODING_STYLE.md` and any narrower area `AGENTS.md` that applied to the edit. Re-check against root-level `optimizations.md` only for touched client-side files. Re-check against root-level `diagnostics.md` only if the task involved an issue, diagnosis, runtime reproduction, or verification failure.
 - Before finishing a production code change, re-check root-level `DOCUMENTATION.md` update rules. If behavior changed, a bug was fixed, a decision changed, or an important route, auth/OAuth, or integration issue was addressed, update the relevant docs before committing or explicitly explain why no docs update was needed.
-- Run targeted tests and checks that match the changed surface before finishing each feature or change. Continue running tests after changes, but do not run coverage by default. Reserve the non-coverage commit gate for commit workflows, and reserve the full `npm run check` gate for push workflows, explicit user requests, or when project-local instructions require the full gate. After implementing a new feature or changing existing feature behavior, update the relevant end-to-end coverage and run the cheapest trustworthy Playwright or browser verification for that behavior before finishing. For docs-only, wording-only, type-only, generated-output cleanup, or clearly local non-runtime refactors, skip Playwright unless the user explicitly asks for it or verification reveals a real issue.
+- Run targeted tests and checks that match the changed surface before finishing each feature or change. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass and expand only when the selected plan is insufficient. Continue running tests after changes, but do not run coverage by default. Reserve the non-coverage commit gate for commit workflows, and reserve the full `npm run check` gate for push workflows, explicit user requests, or when project-local instructions require the full gate. After implementing a new feature or changing existing feature behavior, update the relevant end-to-end coverage and run the cheapest trustworthy Playwright or browser verification for that behavior before finishing. For docs-only, wording-only, type-only, generated-output cleanup, or clearly local non-runtime refactors, skip Playwright unless the user explicitly asks for it or verification reveals a real issue.
 - Before finishing a task, stop every `proteum dev` session started during the task and confirm cleanup with `npx proteum dev list --json` or an explicit `npx proteum dev stop --session-file <path>`.
 - When you have finished your work, ask the user whether they want a commit message. After providing a commit message or after creating a commit, immediately follow it with this exact prompt and obey it:
   `Explain in short minimalistic and few bullet points what we changed in this thread, like you would do to your grandma. Start with a verb in the past.`
@@ -161,10 +161,12 @@ const createProjectRouter = (app: ProjectApp): ProjectRouter =>
         app,
     );
 
-const ProjectApplication = defineApplication<ProjectServices, ProjectRouter>({
-    services: (app) => ({
-        Billing: new BillingService(app, {}, app),
-    }),
+const createProjectServices = (app: ProjectApp): ProjectServices => ({
+    Billing: new BillingService(app, {}, app),
+});
+
+const ProjectApplication = defineApplication({
+    services: createProjectServices,
     router: createProjectRouter,
 });
 
@@ -190,7 +192,7 @@ export default ProjectApplication;
 - Prefer `proteum create controller ...` for new controller boilerplate, then adapt the generated method to real service calls.
 
 ```ts
-import { defineAction, defineController, schema } from '@server/app/controller';
+import { defineAction, defineController, schema } from '@generated/server/controller';
 
 export default defineController({
     path: 'Billing',
@@ -271,7 +273,7 @@ export default defineServerRoute({
 
 Verify at the correct layer:
 
-- Default: use the cheapest trustworthy verification for the changed surface, including targeted tests for changed behavior. Do not run coverage by default during ordinary change closeout.
+- Default: use the cheapest trustworthy verification for the changed surface, including targeted tests for changed behavior. When `proteum.verify.config.ts` exists, start with `npx proteum verify changed`. Do not run coverage by default during ordinary change closeout.
 - Route additions: boot the app and hit the real URL.
 - Controller changes: exercise the generated client call or generated `/api/...` endpoint.
 - SSR changes: use the browser MCP to load the real page and inspect rendered HTML plus browser console.

package/agents/project/CODING_STYLE.md

@@ -8,7 +8,7 @@ This file is the source of truth for codex coding style instructions in Proteum-
 - Write clean, consistent, readable code with a tab size of 4.
 - Keep functions and methods short.
 - Every time possible, create reusable functions and components instead of repeating.
-- Before finishing a feature or change, review touched files against this document and run targeted lint/typecheck/tests for the changed surface. Do not run coverage by default after ordinary changes. Run the repository's non-coverage commit gate before committing, and run the full `npm run check` gate before pushing or when the user explicitly asks for it; coding-style regressions are defects, not optional cleanup.
+- Before finishing a feature or change, review touched files against this document and run targeted lint/typecheck/tests for the changed surface. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass. Do not run coverage by default after ordinary changes. Run the repository's non-coverage commit gate before committing, and run the full `npm run check` gate before pushing or when the user explicitly asks for it; coding-style regressions are defects, not optional cleanup.
 
 ## Type safety
 

package/agents/project/diagnostics.md

@@ -18,7 +18,7 @@ This file is the canonical source of truth for diagnostics, temporary instrument
 
 - For long-lived dev reproductions, always request elevated permissions and run `npx proteum dev` outside the sandbox. Use an explicit task/thread-scoped session file, inspect `npx proteum runtime status` first, then use its exact next action so occupied router/HMR ports and untracked same-app runtimes are handled without page-body probes. After the server is ready, print the live server URL as a clickable Markdown link.
 - Use `--replace-existing` only when restarting the exact session file started by the current thread/task. Never replace another live session that belongs to a user, another thread, or an unknown owner.
-- Only the bare `npx proteum build` and bare `npx proteum dev` commands print the welcome banner and active Proteum installation method. Any extra argument or option skips the welcome banner. Terminal `npx proteum mcp` may print a compact central MCP ready banner when it starts or reuses the managed daemon. Only `npx proteum dev` clears the interactive terminal before rendering and reports connected app names plus successful connected `/ping` checks in the ready banner; keep that in mind when capturing or comparing command logs during diagnosis. Every `npx proteum dev` start ensures tracked instruction files contain the current managed `# Proteum Instructions` section before the dev loop begins.
+- Only the bare `npx proteum build` and bare `npx proteum dev` commands print the welcome banner and active Proteum installation method. Any extra argument or option skips the welcome banner. Terminal `npx proteum mcp` may print a compact central MCP ready banner when it starts or reuses the managed daemon. Only `npx proteum dev` clears the interactive terminal before rendering and reports connected app names plus successful connected `/ping` checks in the ready banner; keep that in mind when capturing or comparing command logs during diagnosis. Every `npx proteum dev` start ensures tracked instruction files contain the current managed `# Proteum Instructions` section and `CLAUDE.md` symlinks point to sibling `AGENTS.md` files before the dev loop begins.
 - During `npx proteum dev`, the running app exposes the read-only Proteum MCP transport at `/__proteum/mcp`. Use it for runtime-adjacent agent reads instead of repeatedly spawning equivalent CLI diagnostics.
 - If machine MCP routing fails, run `npx proteum mcp status` and `npx proteum runtime status` from the intended app root. If no live session exists, use the exact MCP offline or runtime-status next action so occupied router/HMR ports are avoided. If the same app already responds on the configured port without live tracking, use or repair that runtime instead of starting another server. Do not `curl` normal page routes to identify which app owns a port; use runtime status or Proteum dev-only endpoints. If a live session exists but runtime/MCP is unreachable, stop the listed session file first, then start dev again. Do not start a second dev server in the same worktree, and do not start a second managed MCP daemon. Do not run diagnose, trace, or perf reads while runtime health is unreachable. Then retry MCP `workflow_start` and use the returned `projectId`.
 - For ownership or repo discovery questions, start with MCP `workflow_start`; use MCP `route_candidates { projectId, query }`, MCP `orient { projectId, query }`, and MCP `explain_summary { projectId, query }` only when the bootstrap owner summary is insufficient. Use `npx proteum orient <query>` or `npx proteum explain owner <query>` only when MCP is unavailable or terminal evidence is required.
@@ -55,7 +55,7 @@ This file is the canonical source of truth for diagnostics, temporary instrument
 ## Verification And Testing
 
 - Use the cheapest trustworthy verification that matches the failing layer.
-- After implementing a change, verify at the smallest trustworthy layer required by the changed surface first, including targeted tests when behavior changed. Do not run coverage by default, and do not default to a running app, browser MCP, or Playwright while iterating when a narrower static or request-level verification is enough.
+- After implementing a change, verify at the smallest trustworthy layer required by the changed surface first, including targeted tests when behavior changed. When the project defines `proteum.verify.config.ts`, prefer `npx proteum verify changed` for the first post-edit verification plan. Do not run coverage by default, and do not default to a running app, browser MCP, or Playwright while iterating when a narrower static or request-level verification is enough.
 - For compile-time or type-safety issues, start with the relevant targeted typecheck or build command. Do not run them by default for unrelated runtime, copy, docs, or local refactor changes.
 - For request/runtime issues, verify through the real page, route, generated controller call, or command on a running app.
 - Start the smallest trustworthy runtime surface first: MCP `workflow_start`, then MCP `route_candidates { projectId, query }`, MCP `orient { projectId, query }`, or MCP `explain_summary { projectId, query }` only when more owner detail is needed. If runtime health is unreachable, repair/start dev before any diagnose, trace, or perf read. Once runtime is reachable, use the relevant real URL, generated controller call, command, or MCP `diagnose { projectId, path }`. Use CLI equivalents only when MCP is unavailable or terminal evidence is required. Use browser MCP validation only when request-level verification is insufficient or the change is browser-visible.

package/agents/project/root/AGENTS.md

@@ -59,14 +59,14 @@ Managed compact root routers must use trigger -> canonical instruction file refe
 - If the current app depends on local `file:` connected projects, boot every connected producer app too, each with its own task-scoped session file and free port, and run every one of those `proteum dev` processes with elevated permissions outside the sandbox before starting or verifying the consumer app.
 - During `npx proteum dev`, the app exposes the read-only Proteum MCP runtime endpoint at `/__proteum/mcp`; use it for repeated agent reads instead of spawning equivalent diagnostics commands. For route/page/controller ownership, prefer MCP `workflow_start`, `route_candidates { projectId, query }`, or `explain_summary { projectId, query }` over broad `npx proteum explain --routes --controllers --full` dumps.
 - For browser validation, use the browser MCP against the running app. Keep Playwright inside `npx proteum e2e --port <port>` for targeted/full end-to-end suites. Bootstrap protected browser MCP state with `npx proteum session`; bootstrap protected E2E runs with `npx proteum e2e --session-email <email> --session-role <role>`.
-- Current CLI banner contract: only the bare `proteum build` and bare `proteum dev` commands print the welcome banner and include the active Proteum installation method. Any extra argument or option skips the welcome banner. Terminal `proteum mcp` may print a compact central MCP ready banner when it starts or reuses the managed daemon. Only `proteum dev` clears the interactive terminal before rendering, exposes `CTRL+R` reload plus `CTRL+C` shutdown hotkeys in its session UI, and reports connected app names plus successful connected `/ping` checks in the ready banner. Every `proteum dev` start ensures tracked instruction files contain the current managed `# Proteum Instructions` section before the dev loop begins.
+- Current CLI banner contract: only the bare `proteum build` and bare `proteum dev` commands print the welcome banner and include the active Proteum installation method. Any extra argument or option skips the welcome banner. Terminal `proteum mcp` may print a compact central MCP ready banner when it starts or reuses the managed daemon. Only `proteum dev` clears the interactive terminal before rendering, exposes `CTRL+R` reload plus `CTRL+C` shutdown hotkeys in its session UI, and reports connected app names plus successful connected `/ping` checks in the ready banner. Every `proteum dev` start ensures tracked instruction files contain the current managed `# Proteum Instructions` section and `CLAUDE.md` symlinks point to sibling `AGENTS.md` files before the dev loop begins.
 
 ### Before Finishing
 
 - Before finishing, re-check touched files against root-level `CODING_STYLE.md` and any narrower area `AGENTS.md` that applied to the edit. Re-check against root-level `optimizations.md` only for touched client-side files. Re-check against root-level `diagnostics.md` only if the task involved an issue, diagnosis, runtime reproduction, or verification failure.
 - Before finishing a production code change, re-check root-level `DOCUMENTATION.md` update rules. If behavior changed, a bug was fixed, a decision changed, or an important route, auth/OAuth, or integration issue was addressed, update the relevant docs before committing or explicitly explain why no docs update was needed.
 - For production changes, always add or update focused unit tests and run the targeted unit or integration tests that match the changed behavior. Do not run coverage after every ordinary change by default. Reserve whole-project coverage for the repository's full `npm run check` gate during push workflows or when the user explicitly requests it; do not run coverage for commit-only workflows by default. Document any generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested as explicit exceptions.
-- Run targeted tests and checks that match the changed surface before finishing each feature or change. Continue running tests after changes, but do not run coverage by default. Reserve the non-coverage commit gate for commit workflows, and reserve the full `npm run check` gate for push workflows, explicit user requests, or when project-local instructions require the full gate. After implementing a new feature or changing existing feature behavior, update the relevant end-to-end coverage and run the cheapest trustworthy Playwright or browser verification for that behavior before finishing. For docs-only, wording-only, type-only, generated-output cleanup, or clearly local non-runtime refactors, skip Playwright unless the user explicitly asks for it or verification reveals a real issue.
+- Run targeted tests and checks that match the changed surface before finishing each feature or change. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass and expand only when the selected plan is insufficient. Continue running tests after changes, but do not run coverage by default. Reserve the non-coverage commit gate for commit workflows, and reserve the full `npm run check` gate for push workflows, explicit user requests, or when project-local instructions require the full gate. After implementing a new feature or changing existing feature behavior, update the relevant end-to-end coverage and run the cheapest trustworthy Playwright or browser verification for that behavior before finishing. For docs-only, wording-only, type-only, generated-output cleanup, or clearly local non-runtime refactors, skip Playwright unless the user explicitly asks for it or verification reveals a real issue.
 - Before finishing a task, stop every `proteum dev` session started during the task and confirm cleanup with `npx proteum dev list --json` or an explicit `npx proteum dev stop --session-file <path>`.
 - When you have finished your work, ask the user whether they want a commit message. After providing a commit message or after creating a commit, immediately follow it with this exact prompt and obey it:
   `Explain in short minimalistic and few bullet points what we changed in this thread, like you would do to your grandma. Start with a verb in the past.`
@@ -147,10 +147,12 @@ const createProjectRouter = (app: ProjectApp): ProjectRouter =>
         app,
     );
 
-const ProjectApplication = defineApplication<ProjectServices, ProjectRouter>({
-    services: (app) => ({
-        Billing: new BillingService(app, {}, app),
-    }),
+const createProjectServices = (app: ProjectApp): ProjectServices => ({
+    Billing: new BillingService(app, {}, app),
+});
+
+const ProjectApplication = defineApplication({
+    services: createProjectServices,
     router: createProjectRouter,
 });
 
@@ -176,7 +178,7 @@ export default ProjectApplication;
 - Prefer `proteum create controller ...` for new controller boilerplate, then adapt the generated method to real service calls.
 
 ```ts
-import { defineAction, defineController, schema } from '@server/app/controller';
+import { defineAction, defineController, schema } from '@generated/server/controller';
 
 export default defineController({
     path: 'Billing',
@@ -257,7 +259,7 @@ export default defineServerRoute({
 
 Verify at the correct layer:
 
-- Default: use the cheapest trustworthy verification for the changed surface, including targeted tests for changed behavior. Do not run coverage by default during ordinary change closeout.
+- Default: use the cheapest trustworthy verification for the changed surface, including targeted tests for changed behavior. When `proteum.verify.config.ts` exists, start with `npx proteum verify changed`. Do not run coverage by default during ordinary change closeout.
 - Route additions: boot the app and hit the real URL.
 - Controller changes: exercise the generated client call or generated `/api/...` endpoint.
 - SSR changes: use the browser MCP to load the real page and inspect rendered HTML plus browser console.

package/agents/project/tests/AGENTS.md

@@ -9,7 +9,7 @@ Diagnostics source of truth: root-level `diagnostics.md`.
 
 - Understand the real user flow and the main feature branches before writing tests.
 - Test the current controller/page runtime model, not legacy `@Route` or `api.fetch(...)` behavior.
-- For every production change, add or update focused unit tests and run the targeted test command that matches the changed behavior. Do not run whole-project coverage after every ordinary change by default. Use the repository's non-coverage commit gate before commit, and use `npm run check` as the full gate before push or when the user explicitly asks for it, and document any generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested as explicit exceptions.
+- For every production change, add or update focused unit tests and run the targeted test command that matches the changed behavior. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` first so changed test files, related source tests, and project-specific suites are selected consistently. Do not run whole-project coverage after every ordinary change by default. Use the repository's non-coverage commit gate before commit, and use `npm run check` as the full gate before push or when the user explicitly asks for it, and document any generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested as explicit exceptions.
 - Verify routing, controllers, SSR, and router plugins against a running app when behavior depends on real request handling.
 - After implementing a new feature or changing existing feature behavior, update the end-to-end coverage for that behavior and run the full Playwright suite before finishing. Prefer `npx proteum e2e --port <port>` for Playwright runs so base URLs and auth tokens are passed through Proteum-managed child env instead of shell-leading environment assignments. Use a browser MCP repro against a running app during iteration when it is the fastest trustworthy loop.
 - Exercise real URLs, generated controller calls, or real browser flows instead of re-deriving framework internals in tests.

package/cli/commands/configure.ts

@@ -74,7 +74,7 @@ const promptBlockedOverwritePaths = async (blockedPaths: string[]) => {
     console.info(await renderWarning('Proteum found existing paths that block managed instruction updates.'));
     console.info(
         [
-            'Choose whether to overwrite each path with a tracked Proteum instruction file:',
+            'Choose whether to overwrite each path with a Proteum-managed instruction path:',
             ...blockedPaths.map((entry) => `- ${entry}`),
         ].join('\n'),
     );
@@ -163,7 +163,7 @@ export const runConfigureAgentsWizard = async ({
             : undefined;
     console.info(
         [
-            await renderTitle('PROTEUM CONFIGURE AGENTS', 'Configure tracked Proteum instruction files.'),
+            await renderTitle('PROTEUM CONFIGURE AGENTS', 'Configure tracked Proteum instruction files and Claude aliases.'),
             renderRows([{ label: 'app', value: appRoot === process.cwd() ? '.' : appRoot }]),
         ].join('\n\n'),
     );
@@ -201,8 +201,8 @@ export const runConfigureAgentsWizard = async ({
         await renderStep(
             '[1/1]',
             isMonorepo
-                ? `Writing monorepo-aware instruction files using ${monorepoRoot}.`
-                : 'Writing standalone instruction files.',
+                ? `Writing monorepo-aware instruction files and Claude aliases using ${monorepoRoot}.`
+                : 'Writing standalone instruction files and Claude aliases.',
         ),
     );
 
@@ -214,7 +214,7 @@ export const runConfigureAgentsWizard = async ({
     });
     const sections = renderConfigureResultSections(result);
 
-    console.info(await renderSuccess('Proteum-managed instruction files are configured.'));
+    console.info(await renderSuccess('Proteum-managed instruction files and Claude aliases are configured.'));
 
     if (sections.length > 0) console.info(`\n${sections.join('\n\n')}`);
 };

package/cli/commands/dev.ts

@@ -153,7 +153,7 @@ const promptBlockedAgentInstructionOverwrites = async (blockedPaths: string[]) =
     if (cli.args.json === true || !process.stdin.isTTY || !process.stdout.isTTY) {
         throw new UsageError(
             [
-                'Proteum could not update managed instruction files because existing paths are blocked:',
+                'Proteum could not update managed instruction paths because existing paths are blocked:',
                 ...blockedPaths.map((entry) => `- ${entry}`),
                 'Run `proteum configure agents` in an interactive terminal to choose which paths can be replaced.',
             ].join('\n'),
@@ -163,7 +163,7 @@ const promptBlockedAgentInstructionOverwrites = async (blockedPaths: string[]) =
     console.info(await renderWarning('Proteum found existing paths that block managed instruction updates.'));
     console.info(
         [
-            'Choose whether to overwrite each blocked path with a tracked Proteum instruction file:',
+            'Choose whether to overwrite each blocked path with a Proteum-managed instruction path:',
             ...blockedPaths.map((entry) => `- ${entry}`),
         ].join('\n'),
     );
@@ -212,7 +212,7 @@ const ensureProjectAgentInstructions = async () => {
 
     throw new UsageError(
         [
-            'Proteum could not update all managed instruction files because these paths were left blocked:',
+            'Proteum could not update all managed instruction paths because these paths were left blocked:',
             ...result.blocked.map((entry) => `- ${entry}`),
         ].join('\n'),
     );

package/cli/commands/verify.ts

@@ -5,7 +5,6 @@ import path from 'path';
 import { UsageError } from 'clipanion';
 
 import cli from '..';
-import Compiler from '../compiler';
 import Paths from '../paths';
 import { readProteumManifest } from '../compiler/common/proteumManifest';
 import { buildContractsDoctorResponse } from '@common/dev/contractsDoctor';
@@ -14,6 +13,13 @@ import { buildOrientationResponse, type TDiagnoseChainItem, type TDiagnoseRespon
 import type { TProteumManifest, TProteumManifestDiagnostic } from '@common/dev/proteumManifest';
 import type { TDevCommandRunResponse } from '@common/dev/commands';
 import type { TDevSessionErrorResponse, TDevSessionStartResponse } from '@common/dev/session';
+import {
+    renderChangedVerificationPlan,
+    runChangedVerification,
+    type TChangedVerificationCheck,
+    type TChangedVerificationExecution,
+    type TChangedVerificationSkippedCheck,
+} from '../verification/changed';
 
 type TVerifySeverity = 'error' | 'warning';
 type TVerifyStepStatus = 'failed' | 'info' | 'passed';
@@ -23,7 +29,7 @@ type TVerifyFinding = {
     blocking: boolean;
     code: string;
     message: string;
-    source: 'browser' | 'contracts' | 'doctor' | 'framework-change' | 'request' | 'command';
+    source: 'browser' | 'changed' | 'contracts' | 'doctor' | 'framework-change' | 'request' | 'command';
     filepath?: string;
     sourceLocation?: { line?: number; column?: number };
     relatedFilepaths?: string[];
@@ -51,12 +57,20 @@ type TVerifyResult = {
     action: string;
     target?: string;
     orientation?: TOrientResponse;
+    changedFiles?: string[];
+    configFilepath?: string;
+    dryRun?: boolean;
+    executions?: TChangedVerificationExecution[];
     introducedFindings: TVerifyFinding[];
     preExistingFindings: TVerifyFinding[];
+    selectedChecks?: TChangedVerificationCheck[];
+    skippedChecks?: TChangedVerificationSkippedCheck[];
     verificationSteps: TVerifyStep[];
     result: {
         ok: boolean;
         strictGlobal: boolean;
+        failedChecks?: number;
+        selectedChecks?: number;
         introducedBlockingFindings: number;
         preExistingBlockingFindings: number;
         blockingFindings: number;
@@ -267,6 +281,7 @@ const ensureServer = async ({
 };
 
 const resolveLocalManifest = async () => {
+    const { default: Compiler } = await import('../compiler');
     const compiler = new Compiler('dev');
     await compiler.refreshGeneratedTypings();
     return readProteumManifest(cli.paths.appRoot);
@@ -365,9 +380,16 @@ const classifyDiagnostics = ({
 const finalizeResult = ({
     action,
     apps,
+    changedFiles,
+    configFilepath,
+    dryRun,
+    executions,
     introducedFindings,
     orientation,
     preExistingFindings,
+    selectedChecks,
+    skippedChecks,
+    changedResult,
     strictGlobal,
     target,
     verificationSteps,
@@ -375,9 +397,16 @@ const finalizeResult = ({
     action: string;
     target?: string;
     orientation?: TOrientResponse;
+    changedFiles?: string[];
+    configFilepath?: string;
+    dryRun?: boolean;
+    executions?: TChangedVerificationExecution[];
     apps?: TVerifyAppResult[];
     introducedFindings: TVerifyFinding[];
     preExistingFindings: TVerifyFinding[];
+    selectedChecks?: TChangedVerificationCheck[];
+    skippedChecks?: TChangedVerificationSkippedCheck[];
+    changedResult?: { failedChecks: number; selectedChecks: number };
     verificationSteps: TVerifyStep[];
     strictGlobal: boolean;
 }): TVerifyResult => {
@@ -389,13 +418,20 @@ const finalizeResult = ({
         action,
         ...(target ? { target } : {}),
         ...(orientation ? { orientation } : {}),
+        ...(changedFiles ? { changedFiles } : {}),
+        ...(configFilepath ? { configFilepath } : {}),
+        ...(dryRun !== undefined ? { dryRun } : {}),
+        ...(executions ? { executions } : {}),
         ...(apps ? { apps } : {}),
         introducedFindings,
         preExistingFindings,
+        ...(selectedChecks ? { selectedChecks } : {}),
+        ...(skippedChecks ? { skippedChecks } : {}),
         verificationSteps,
         result: {
             ok,
             strictGlobal,
+            ...(changedResult ? { failedChecks: changedResult.failedChecks, selectedChecks: changedResult.selectedChecks } : {}),
             introducedBlockingFindings,
             preExistingBlockingFindings,
             blockingFindings: introducedBlockingFindings + preExistingBlockingFindings,
@@ -437,6 +473,24 @@ const renderFrameworkApps = (apps: TVerifyAppResult[]) =>
         ])
         .join('\n');
 
+const renderChangedChecks = (result: TVerifyResult) => {
+    if (!result.changedFiles || !result.selectedChecks || !result.skippedChecks) return '';
+
+    return [
+        'Changed Verification',
+        `- config=${result.configFilepath || 'none'}`,
+        `- dryRun=${result.dryRun === true}`,
+        `- changedFiles=${result.changedFiles.length}`,
+        `- selectedChecks=${result.selectedChecks.length}`,
+        `- skippedChecks=${result.skippedChecks.length}`,
+        ...result.selectedChecks.map(
+            (check) =>
+                `- [${check.scope}] ${check.id} cwd=${check.cwd} command=${check.command} reason=${check.reasons.join('; ')}`,
+        ),
+        ...result.skippedChecks.map((check) => `- [skipped] ${check.id} reason=${check.reason}`),
+    ].join('\n');
+};
+
 const renderHuman = (result: TVerifyResult) =>
     [
         `Proteum verify ${result.action}${result.target ? ` ${result.target}` : ''}`,
@@ -448,6 +502,7 @@ const renderHuman = (result: TVerifyResult) =>
               ]
             : []),
         ...(result.apps ? [renderFrameworkApps(result.apps)] : []),
+        ...(result.changedFiles ? ['', renderChangedChecks(result)] : []),
         '',
         renderSteps(result.verificationSteps),
         '',
@@ -1075,6 +1130,62 @@ const collectAppResult = async ({
     };
 };
 
+const runChangedVerify = async () => {
+    const base = typeof cli.args.base === 'string' && cli.args.base.trim() ? cli.args.base.trim() : undefined;
+    const changed = await runChangedVerification({
+        base,
+        cwd: String(cli.args.workdir || process.cwd()),
+        dryRun: cli.args.dryRun === true,
+        onPlan: (plan) => {
+            if (cli.args.json !== true) console.log(renderChangedVerificationPlan(plan));
+        },
+        staged: cli.args.staged === true,
+    });
+    const introducedFindings: TVerifyFinding[] = changed.executions
+        .filter((execution) => execution.status === 'failed')
+        .map((execution) => ({
+            severity: 'error',
+            blocking: true,
+            code: 'changed/check-failed',
+            message: `Verification check "${execution.checkId}" failed with exit code ${execution.exitCode ?? 'unknown'}.`,
+            source: 'changed',
+            details: [`command=${execution.command}`, `cwd=${execution.cwd}`, `durationMs=${execution.durationMs}`],
+        }));
+
+    return finalizeResult({
+        action: 'changed',
+        changedFiles: changed.changedFiles,
+        configFilepath: changed.configFilepath,
+        dryRun: changed.dryRun,
+        executions: changed.executions,
+        introducedFindings,
+        preExistingFindings: [],
+        selectedChecks: changed.selectedChecks,
+        skippedChecks: changed.skippedChecks,
+        changedResult: changed.result,
+        strictGlobal: false,
+        verificationSteps: [
+            {
+                label: 'Discover Changed Files',
+                status: 'passed',
+                details: [`files=${changed.changedFiles.length}`, `gitRoot=${changed.gitRoot}`],
+            },
+            {
+                label: 'Plan Targeted Checks',
+                status: 'passed',
+                details: [`selected=${changed.selectedChecks.length}`, `skipped=${changed.skippedChecks.length}`],
+            },
+            {
+                label: changed.dryRun ? 'Skip Execution' : 'Run Targeted Checks',
+                status: changed.result.ok ? 'passed' : 'failed',
+                details: changed.dryRun
+                    ? ['dryRun=true']
+                    : [`executions=${changed.executions.length}`, `failed=${changed.result.failedChecks}`],
+            },
+        ],
+    });
+};
+
 const runFrameworkChangeVerify = async () => {
     const websiteRoute = typeof cli.args.route === 'string' && cli.args.route ? cli.args.route : '/';
     const apps = {
@@ -1208,7 +1319,9 @@ export const run = async () => {
     const target = typeof cli.args.target === 'string' ? cli.args.target.trim() : '';
     let result: TVerifyResult;
 
-    if (action === 'framework-change') {
+    if (action === 'changed') {
+        result = await runChangedVerify();
+    } else if (action === 'framework-change') {
         result = await runFrameworkChangeVerify();
     } else if (action === 'owner') {
         if (!target) throw new UsageError('`proteum verify owner` requires a query.');
@@ -1220,7 +1333,7 @@ export const run = async () => {
         if (!target) throw new UsageError('`proteum verify browser` requires a path or absolute URL.');
         result = await runBrowserVerify(target);
     } else {
-        throw new UsageError(`Unsupported verify action "${action}". Expected framework-change, owner, request, or browser.`);
+        throw new UsageError(`Unsupported verify action "${action}". Expected changed, framework-change, owner, request, or browser.`);
     }
 
     if (cli.args.json === true) {

package/cli/compiler/artifacts/controllerHelper.ts

@@ -0,0 +1,66 @@
+export const createTypedControllerHelperContent = (appIdentifier: string) => `/*----------------------------------
+- GENERATED FILE
+----------------------------------*/
+
+// This file is generated by Proteum from server/index.ts.
+// Do not edit it manually.
+
+import {
+    defineAction as defineBaseAction,
+    defineController,
+    schema,
+} from '@server/app/controller';
+import type {
+    TControllerActionContext,
+    TControllerActionDefinition,
+    TControllerActionInput,
+    TControllerActionResult,
+    TControllerDefinition,
+    TValidationSchema,
+    TValidationShape,
+    z,
+} from '@server/app/controller';
+
+export { defineController, schema };
+export type {
+    TControllerActionDefinition,
+    TControllerActionInput,
+    TControllerActionResult,
+    TControllerDefinition,
+    TValidationSchema,
+    TValidationShape,
+    z,
+};
+
+export type TApplication = import('@/server/index').${appIdentifier};
+export type TControllerRequestServices = import('@/server/index').TControllerRequestServices;
+export type TTypedControllerActionContext<TInput = undefined> = TControllerActionContext<
+    TInput,
+    TApplication,
+    TControllerRequestServices
+>;
+
+export function defineAction<TSchema extends TValidationSchema, TResult>(
+    definition: {
+        input: TSchema;
+        handler: (context: TTypedControllerActionContext<z.output<TSchema>>) => TResult;
+    },
+): TControllerActionDefinition<z.output<TSchema>, TResult, TApplication, TControllerRequestServices>;
+export function defineAction<TShape extends TValidationShape, TResult>(
+    definition: {
+        input: TShape;
+        handler: (context: TTypedControllerActionContext<z.output<z.ZodObject<TShape>>>) => TResult;
+    },
+): TControllerActionDefinition<z.output<z.ZodObject<TShape>>, TResult, TApplication, TControllerRequestServices>;
+export function defineAction<TResult>(
+    definition: {
+        handler: (context: TTypedControllerActionContext<undefined>) => TResult;
+    },
+): TControllerActionDefinition<undefined, TResult, TApplication, TControllerRequestServices>;
+export function defineAction(definition: {
+    input?: TValidationSchema | TValidationShape;
+    handler: (context: TTypedControllerActionContext<any>) => unknown;
+}) {
+    return defineBaseAction(definition as any);
+}
+`;

package/cli/compiler/artifacts/controllers.ts

@@ -5,6 +5,7 @@ import cli from '../..';
 import { indexControllers, printControllerTree, type TControllerFileMeta } from '../common/controllers';
 import { TProteumManifestController } from '../common/proteumManifest';
 import writeIfChanged from '../writeIfChanged';
+import { createTypedControllerHelperContent } from './controllerHelper';
 import { resolveConnectedProjectContracts, writeConnectedProjectContract } from './connectedProjects';
 import { normalizeAbsolutePath } from './shared';
 
@@ -319,6 +320,8 @@ export default controllers;
 `,
     );
 
+    writeIfChanged(path.join(app.paths.server.generated, 'controller.ts'), createTypedControllerHelperContent(app.identity.identifier));
+
     return {
         connectedProjects: connectedProjectContracts,
         controllers: [...manifestControllers, ...connectedManifestControllers],