substrate-ai 0.20.23 → 0.20.27

package/dist/cli/index.js

@@ -1,10 +1,10 @@
 #!/usr/bin/env node
-import { FileStateStore, RunManifest, SUBSTRATE_OWNED_SETTINGS_KEYS, SupervisorLock, VALID_PHASES, WorkGraphRepository, ZERO_FINDING_COUNTS, buildPipelineStatusOutput, createDatabaseAdapter, createStateStore, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, parseDbTimestampAsUtc, registerHealthCommand, resolveBmadMethodSrcPath, resolveBmadMethodVersion, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts } from "../health-Cq8K_jrJ.js";
+import { FileStateStore, RunManifest, SUBSTRATE_OWNED_SETTINGS_KEYS, SupervisorLock, VALID_PHASES, WorkGraphRepository, ZERO_FINDING_COUNTS, buildPipelineStatusOutput, createDatabaseAdapter, createStateStore, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, parseDbTimestampAsUtc, registerHealthCommand, resolveBmadMethodSrcPath, resolveBmadMethodVersion, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts } from "../health-0_axmI2t.js";
 import { createLogger } from "../logger-KeHncl-f.js";
 import { createEventBus } from "../helpers-CElYrONe.js";
 import { AdapterRegistry, BudgetConfigSchema, CURRENT_CONFIG_FORMAT_VERSION, CURRENT_TASK_GRAPH_VERSION, ConfigError, CostTrackerConfigSchema, DEFAULT_CONFIG, DoltClient, DoltNotInstalled, GlobalSettingsSchema, IngestionServer, MonitorDatabaseImpl, OPERATIONAL_FINDING, PartialGlobalSettingsSchema, PartialProviderConfigSchema, ProvidersSchema, RoutingRecommender, STORY_METRICS, TelemetryConfigSchema, addTokenUsage, aggregateTokenUsageForRun, checkDoltInstalled, compareRunMetrics, createAmendmentRun, createConfigSystem, createDecision, createDoltClient, createPipelineRun, getActiveDecisions, getAllCostEntriesFiltered, getBaselineRunMetrics, getDecisionsByCategory, getDecisionsByPhaseForRun, getLatestCompletedRun, getLatestRun, getPipelineRunById, getPlanningCostTotal, getRetryableEscalations, getRunMetrics, getRunningPipelineRuns, getSessionCostSummary, getSessionCostSummaryFiltered, getStoryMetricsForRun, getTokenUsageSummary, incrementRunRestarts, initSchema, initializeDolt, listRunMetrics, loadParentRunDecisions, supersedeDecision, tagRunAsBaseline, updatePipelineRun } from "../dist-CqtWS9wF.js";
 import "../adapter-registry-DXLMTmfD.js";
-import { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GitClient, GrammarLoader, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runSolutioningPhase, validateStopAfterFromConflict } from "../run-B3e4O0Rk.js";
+import { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GitClient, GrammarLoader, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runSolutioningPhase, validateStopAfterFromConflict } from "../run-DQcG05Ar.js";
 import "../errors-1uLGqnvr.js";
 import "../routing-CcBOCuC9.js";
 import "../decisions-C0pz9Clx.js";
@@ -3667,7 +3667,7 @@ async function runStatusAction(options) {
 			logger$12.debug({ err }, "Work graph query failed, continuing without work graph data");
 		}
 		if (run === void 0) {
-			const { inspectProcessTree: inspectProcessTree$1 } = await import("../health-CsRLsKgu.js");
+			const { inspectProcessTree: inspectProcessTree$1 } = await import("../health-CrEdV2B3.js");
 			const substrateDirPath = join(projectRoot, ".substrate");
 			const processInfo = inspectProcessTree$1({
 				projectRoot,
@@ -5198,7 +5198,7 @@ async function runSupervisorAction(options, deps = {}) {
 								await initSchema(expAdapter);
 								const { runRunAction: runPipeline } = await import(
 									/* @vite-ignore */
-									"../run-DEeTPCdU.js"
+									"../run-DQ29oNG2.js"
 );
 								const runStoryFn = async (opts) => {
 									const exitCode = await runPipeline({

package/dist/{health-Cq8K_jrJ.js → health-0_axmI2t.js}

@@ -3428,13 +3428,24 @@ const PROBE_TAIL_BYTES = 4 * 1024;
 * Required fields (`name`, `sandbox`, `command`) force authors to make
 * intent explicit — no silent defaults that could mask a miswritten probe.
 * Optional fields cover operational knobs with sensible fallbacks.
+*
+* Story 60-4: `expect_stdout_no_regex` and `expect_stdout_regex` close the
+* exit-0-with-error-body gap. A probe that calls a tool returning HTTP 200
+* with `{"isError": true}` (MCP convention) or `{"status": "error"}` (REST
+* convention) exits 0 — exit-code-only verification accepts the broken tool
+* as passing. Authors of probes that hit MCP / REST / JSON-RPC / A2A surfaces
+* declare success-shape patterns to assert response payload structure beyond
+* the shell exit code. Driven by strata Run 12 evidence: four MCP tools
+* shipped SHIP_IT while throwing real Python TypeErrors against real data.
 */
 const RuntimeProbeSchema = z.object({
 	name: z.string().min(1, "probe name is required"),
 	sandbox: RuntimeProbeSandboxSchema,
 	command: z.string().min(1, "probe command is required"),
 	timeout_ms: z.number().int().positive().optional(),
-	description: z.string().optional()
+	description: z.string().optional(),
+	expect_stdout_no_regex: z.array(z.string().min(1)).optional(),
+	expect_stdout_regex: z.array(z.string().min(1)).optional()
 });
 /** Zod schema for the full list (wrapping the per-probe schema). */
 const RuntimeProbeListSchema = z.array(RuntimeProbeSchema);
@@ -3586,6 +3597,46 @@ function tail(text, bytes = PROBE_TAIL_BYTES) {
 	return text.length <= bytes ? text : text.slice(text.length - bytes);
 }
 /**
+* Story 60-4: evaluate `expect_stdout_no_regex` and `expect_stdout_regex`
+* patterns against the captured stdout. Runs against the full (un-tailed)
+* stdout so authors can match payload shape even when the response is
+* larger than PROBE_TAIL_BYTES.
+*
+* Returns an array of human-readable failure descriptions. Empty array
+* means all assertions passed.
+*
+* Invalid regex patterns (RegExp constructor throws) are reported as
+* assertion failures themselves rather than crashing the executor — this
+* way a typo in one author's probe surfaces as a deterministic finding,
+* not a pipeline crash that masks the rest of the run.
+*/
+function evaluateStdoutAssertions(probe, stdout) {
+	const failures = [];
+	for (const pattern of probe.expect_stdout_no_regex ?? []) {
+		let re;
+		try {
+			re = new RegExp(pattern);
+		} catch (err) {
+			const detail = err instanceof Error ? err.message : String(err);
+			failures.push(`expect_stdout_no_regex pattern is not a valid regex (${detail}): ${pattern}`);
+			continue;
+		}
+		if (re.test(stdout)) failures.push(`expect_stdout_no_regex: stdout matched forbidden pattern: ${pattern}`);
+	}
+	for (const pattern of probe.expect_stdout_regex ?? []) {
+		let re;
+		try {
+			re = new RegExp(pattern);
+		} catch (err) {
+			const detail = err instanceof Error ? err.message : String(err);
+			failures.push(`expect_stdout_regex pattern is not a valid regex (${detail}): ${pattern}`);
+			continue;
+		}
+		if (!re.test(stdout)) failures.push(`expect_stdout_regex: stdout did not match required pattern: ${pattern}`);
+	}
+	return failures;
+}
+/**
 * Execute one probe on the host and return a structured ProbeResult.
 *
 * Behavior notes:
@@ -3657,13 +3708,23 @@ function executeProbeOnHost(probe, options = {}) {
 		child.on("close", (code) => {
 			clearTimeout(timeoutHandle);
 			const duration = Date.now() - start;
+			let outcome = code === 0 ? "pass" : "fail";
+			let assertionFailures;
+			if (outcome === "pass") {
+				const failures = evaluateStdoutAssertions(probe, stdout);
+				if (failures.length > 0) {
+					outcome = "fail";
+					assertionFailures = failures;
+				}
+			}
 			finalize({
-				outcome: code === 0 ? "pass" : "fail",
+				outcome,
 				command: probe.command,
 				...code !== null ? { exitCode: code } : {},
 				stdoutTail: tail(stdout),
 				stderrTail: tail(stderr),
-				durationMs: duration
+				durationMs: duration,
+				...assertionFailures !== void 0 ? { assertionFailures } : {}
 			});
 		});
 	});
@@ -3676,6 +3737,13 @@ const CATEGORY_SKIP = "runtime-probe-skip";
 const CATEGORY_DEFERRED = "runtime-probe-deferred";
 const CATEGORY_FAIL = "runtime-probe-fail";
 const CATEGORY_TIMEOUT = "runtime-probe-timeout";
+/**
+* Story 60-4: command exited 0 but a stdout-shape assertion declared by the
+* author tripped. Distinct from `runtime-probe-fail` (non-zero exit code)
+* so retry prompts and post-run analysis can tell "tool crashed politely"
+* from "tool errored loudly".
+*/
+const CATEGORY_ASSERTION_FAIL = "runtime-probe-assertion-fail";
 const defaultExecutors = { host: (probe) => executeProbeOnHost(probe, { cwd: process.cwd() }) };
 var RuntimeProbeCheck = class {
 	name = "runtime-probes";
@@ -3740,9 +3808,12 @@ var RuntimeProbeCheck = class {
 			}
 			const result = await this._executors.host(probe);
 			if (result.outcome === "pass") continue;
-			const category = result.outcome === "timeout" ? CATEGORY_TIMEOUT : CATEGORY_FAIL;
+			const category = result.outcome === "timeout" ? CATEGORY_TIMEOUT : result.assertionFailures !== void 0 ? CATEGORY_ASSERTION_FAIL : CATEGORY_FAIL;
 			const descriptor = probe.description ? ` (${probe.description})` : "";
-			const message = result.outcome === "timeout" ? `probe "${probe.name}"${descriptor} timed out after ${result.durationMs}ms` : `probe "${probe.name}"${descriptor} failed with exit ${result.exitCode ?? "unknown"}`;
+			let message;
+			if (result.outcome === "timeout") message = `probe "${probe.name}"${descriptor} timed out after ${result.durationMs}ms`;
+			else if (result.assertionFailures !== void 0) message = `probe "${probe.name}"${descriptor} exit 0 but stdout assertion failed: ` + result.assertionFailures.join("; ");
+			else message = `probe "${probe.name}"${descriptor} failed with exit ${result.exitCode ?? "unknown"}`;
 			findings.push({
 				category,
 				severity: "error",
@@ -3786,6 +3857,56 @@ const SKIP_DIRS = new Set([
 /** Max depth for the basename walk. Prevents pathological traversal. */
 const MAX_WALK_DEPTH = 8;
 /**
+* Story 60-7: detect operational/runtime path references in source AC.
+*
+* Source ACs frequently mention runtime locations the implementation
+* INTERACTS WITH but does not SHIP — install destinations, system paths,
+* user home references, git internals. The check's existing path-clause
+* pipeline treats every backtick path as a deliverable and emits
+* architectural-drift error when it isn't found in code. This produces
+* false-positive verification failures.
+*
+* Concrete strata example (Run a880f201, Story 1-12, 2026-04-26): source AC
+* said "When `.git/hooks/post-merge` is installed" — describing the runtime
+* install location of a hook the dev's installer script writes. The dev
+* correctly shipped `hooks/install-vault-hooks.sh` + `hooks/vault-conflict-resolver.sh`,
+* but the check flagged `.git/hooks/post-merge` as architectural drift and
+* VERIFICATION_FAILED'd the story across both review cycles.
+*
+* Patterns covered:
+*   - `^\.git/...`           git internals (vault hooks, repo-internal paths)
+*   - `^/usr/...`, `^/etc/...`, `^/var/...`, `^/mnt/...`, `^/opt/...`,
+*     `^/srv/...`, `^/tmp/...`, `^/run/...`, `^/sys/...`, `^/proc/...`,
+*     `^/dev/...`, `^/home/...`  Unix system / install destinations
+*   - `^~/...`               user home references (`~/.config/...`, `~/obsidian-vault-test/`)
+*
+* Out of scope for v1 (deferred to follow-up if real evidence accumulates):
+*   - HTTP routes (`/api/embeddings`) — distinguishing a route from a system
+*     path requires extra signal (extension absence + plural-noun heuristic);
+*     punt until a story actually trips on this.
+*/
+function isOperationalPath(pathClause) {
+	const raw = pathClause.replace(/^`/, "").replace(/`$/, "");
+	if (raw.startsWith(".git/")) return true;
+	if (raw.startsWith("~/")) return true;
+	const SYSTEM_ROOTS = [
+		"usr",
+		"etc",
+		"var",
+		"mnt",
+		"opt",
+		"srv",
+		"tmp",
+		"run",
+		"sys",
+		"proc",
+		"dev",
+		"home"
+	];
+	for (const root of SYSTEM_ROOTS) if (raw.startsWith(`/${root}/`)) return true;
+	return false;
+}
+/**
 * Return true if `base` (a filename like `discover.ts`) exists somewhere under
 * `root` within MAX_WALK_DEPTH levels, skipping SKIP_DIRS. The walk is
 * synchronous and bounded; finding a single match exits early.
@@ -3894,36 +4015,156 @@ function pathReferencedInModifiedFiles(workingDir, pathClause, modifiedFiles) {
 /**
 * Extract the story's section from the full epic content.
 *
-* Uses the same heading pattern as `isImplicitlyCovered` in the monolith:
-*   `### Story <storyKey>:` or `### Story <storyKey> ` or `### Story <storyKey>\n`
+* Uses the heading pattern `### Story <storyKey>:` or `### Story <storyKey>[whitespace]`.
+*
+* **Separator-tolerant matching** (Story 60-6, mirrors create-story.ts Story
+* 58-5 normalization): Substrate's canonical storyKey form is hyphen
+* (`1-10c`) — `seed-methodology-context.ts` normalizes any author convention
+* to hyphen before storing in `wg_stories`. But strata's `epics.md` uses
+* dot-form headings (`### Story 1.10c:`). When the supplied storyKey
+* (`1-10c`) doesn't textually match the heading separator (`.`), the
+* extraction must still find the right section — silently scanning the
+* whole epic and attributing every story's clauses to this one is far worse
+* than emitting a clear "could not isolate" signal.
 *
 * Returns the extracted section text (from the heading match through to the
-* next `### Story` heading or end of file), or the full content if no
-* matching heading is found.
+* next `### Story` heading or end of file), or `null` if no matching heading
+* is found. Callers MUST handle null explicitly — the previous silent-fallback
+* behavior (return-full-epic) inflated findings cross-story and is gone.
 */
 function extractStorySection(epicContent, storyKey) {
-	const escapedKey = storyKey.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-	const headingPattern = new RegExp(`^###\\s+Story\\s+${escapedKey}[:\\s]`, "m");
+	const parts = storyKey.split(/[-._ ]/);
+	const normalized = parts.map((p) => p.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")).join("[-._ ]");
+	const headingPattern = new RegExp(`^###\\s+Story\\s+${normalized}[:\\s]`, "m");
 	const match = headingPattern.exec(epicContent);
-	if (!match) return epicContent;
+	if (!match) return null;
 	const start = match.index;
 	const nextHeading = /\n### Story /m.exec(epicContent.slice(start + 1));
 	if (nextHeading) return epicContent.slice(start, start + 1 + nextHeading.index);
 	return epicContent.slice(start);
 }
+const ALTERNATIVE_ITEM = /^\s*-\s+\*\*\(([a-zA-Z])\)/;
+/**
+* Scan section lines for alternative-option groups. A group requires at least
+* two consecutive lettered list items; isolated `- **(a)**` items are NOT
+* treated as alternatives because there is no second option to compare against.
+*
+* Returns a flat list of options (each item annotated with its group id) so
+* the caller can map any path-clause line back to its (group, option) bucket.
+*/
+function detectAlternativeOptions(lines) {
+	const options = [];
+	let i = 0;
+	while (i < lines.length) {
+		const start = lines[i];
+		const m = start !== void 0 ? ALTERNATIVE_ITEM.exec(start) : null;
+		if (m) {
+			const groupStartLine = i;
+			const items = [{
+				letter: m[1].toLowerCase(),
+				line: i
+			}];
+			let j = i + 1;
+			while (j < lines.length) {
+				const line = lines[j] ?? "";
+				const am = ALTERNATIVE_ITEM.exec(line);
+				if (am) {
+					items.push({
+						letter: am[1].toLowerCase(),
+						line: j
+					});
+					j++;
+					continue;
+				}
+				if (line.trim() === "" || /^\s+\S/.test(line)) {
+					j++;
+					continue;
+				}
+				break;
+			}
+			if (items.length >= 2) {
+				const groupId = `alt-L${groupStartLine}`;
+				for (let k = 0; k < items.length; k++) {
+					const item = items[k];
+					const next = k + 1 < items.length ? items[k + 1].line : j;
+					options.push({
+						group: groupId,
+						option: item.letter,
+						lineStart: item.line,
+						lineEnd: next
+					});
+				}
+			}
+			i = j;
+		} else i++;
+	}
+	return options;
+}
+/** Resolve the (group, option) for a path clause whose match appeared on
+*  `lineIndex`, or undefined if the line is not inside any alternative option. */
+function findOptionForLine(lineIndex, options) {
+	for (const opt of options) if (lineIndex >= opt.lineStart && lineIndex < opt.lineEnd) return {
+		group: opt.group,
+		option: opt.option
+	};
+	return void 0;
+}
+/**
+* Story 60-5: compute the "taken" option per alternative group.
+*
+* For each group of alternative options:
+*   - Each option owns one or more path clauses (tagged with the same `group`
+*     and the option's letter).
+*   - An option is satisfied when every path clause it owns exists in code
+*     (pathSatisfiedByCode === true). Missing paths in code make the option
+*     unsatisfied — the dev did not take this option.
+*   - The group's taken-option is the alphabetically-first satisfied letter,
+*     for deterministic selection when multiple options happen to be
+*     satisfied (uncommon, but possible if both options' paths exist from
+*     prior unrelated work).
+*
+* Returns a map: group-id → option-letter that was taken. Groups with no
+* satisfied option are absent from the map (caller falls back to existing
+* per-path error-severity drift detection).
+*/
+function computeTakenOptionPerGroup(hardClauses, workingDir) {
+	const optionState = new Map();
+	for (const clause of hardClauses) {
+		if (clause.type !== "path" || !clause.alternative) continue;
+		const { group, option } = clause.alternative;
+		if (!optionState.has(group)) optionState.set(group, new Map());
+		const groupMap = optionState.get(group);
+		const exists = pathSatisfiedByCode(workingDir, clause.text);
+		if (!groupMap.has(option)) groupMap.set(option, exists);
+		else if (!exists) groupMap.set(option, false);
+	}
+	const taken = new Map();
+	for (const [group, opts] of optionState) {
+		const sorted = [...opts.entries()].sort((a, b) => a[0].localeCompare(b[0]));
+		for (const [letter, satisfied] of sorted) if (satisfied) {
+			taken.set(group, letter);
+			break;
+		}
+	}
+	return taken;
+}
 /**
 * Extract hard clauses from a story section of an epic file.
 *
 * Hard clauses:
 *   1. Lines containing MUST NOT / MUST / SHALL NOT / SHALL as standalone keywords (case-sensitive)
-*   2. Backtick-wrapped paths with at least one `/` (excludes bare filenames)
+*   2. Backtick-wrapped paths with at least one `/` (excludes bare filenames).
+*      Story 60-5: paths inside `- **(letter)**` list items belonging to a
+*      multi-option alternative group are tagged with `{group, option}` so
+*      the verification phase can OR satisfaction across options.
 *   3. The presence of `## Runtime Probes` heading followed by a fenced yaml block
 *      (represented as a single "runtime-probes-section" clause)
 */
 function extractHardClauses(sectionContent) {
 	const clauses = [];
-	const mustPattern = /\b(MUST NOT|MUST|SHALL NOT|SHALL)\b/;
 	const lines = sectionContent.split("\n");
+	const alternativeOptions = detectAlternativeOptions(lines);
+	const mustPattern = /\b(MUST NOT|MUST|SHALL NOT|SHALL)\b/;
 	for (const line of lines) {
 		const match = mustPattern.exec(line);
 		if (match) {
@@ -3935,11 +4176,19 @@ function extractHardClauses(sectionContent) {
 		}
 	}
 	const pathPattern = /`([a-zA-Z0-9_./-]+\/[a-zA-Z0-9_./-]+)`/g;
-	let pathMatch;
-	while ((pathMatch = pathPattern.exec(sectionContent)) !== null) clauses.push({
-		type: "path",
-		text: `\`${pathMatch[1]}\``
-	});
+	for (let lineIdx = 0; lineIdx < lines.length; lineIdx++) {
+		const line = lines[lineIdx] ?? "";
+		pathPattern.lastIndex = 0;
+		let pathMatch;
+		while ((pathMatch = pathPattern.exec(line)) !== null) {
+			const alt = findOptionForLine(lineIdx, alternativeOptions);
+			clauses.push({
+				type: "path",
+				text: `\`${pathMatch[1]}\``,
+				...alt ? { alternative: alt } : {}
+			});
+		}
+	}
 	const probesPattern = /^##\s+Runtime Probes[\s\S]*?```yaml/m;
 	if (probesPattern.test(sectionContent)) clauses.push({
 		type: "runtime-probes-section",
@@ -3966,9 +4215,23 @@ var SourceAcFidelityCheck = class {
 			};
 		}
 		const storySection = extractStorySection(context.sourceEpicContent, context.storyKey);
+		if (storySection === null) {
+			const findings$1 = [{
+				category: "source-ac-section-not-found",
+				severity: "warn",
+				message: `could not locate "### Story ${context.storyKey}" heading in source epic content — skipping fidelity check (the heading may use a separator convention (e.g. dot vs hyphen vs underscore) the matcher does not recognize, or the story may not exist in this epic file)`
+			}];
+			return {
+				status: "pass",
+				details: renderFindings(findings$1),
+				duration_ms: Date.now() - start,
+				findings: findings$1
+			};
+		}
 		const hardClauses = extractHardClauses(storySection);
 		const findings = [];
 		const storyContent = context.storyContent ?? "";
+		const takenOption = computeTakenOptionPerGroup(hardClauses, context.workingDir);
 		for (const clause of hardClauses) if (clause.type === "runtime-probes-section") {
 			if (!storyContent.includes("## Runtime Probes")) {
 				const truncated = clause.text.length > 120 ? clause.text.slice(0, 120) : clause.text;
@@ -3981,6 +4244,26 @@ var SourceAcFidelityCheck = class {
 		} else if (!storyContent.includes(clause.text)) {
 			const truncated = clause.text.length > 120 ? clause.text.slice(0, 120) : clause.text;
 			if (clause.type === "path") {
+				if (isOperationalPath(clause.text)) {
+					findings.push({
+						category: "source-ac-operational-path-reference",
+						severity: "info",
+						message: `path: "${truncated}" referenced in source AC as a runtime / install / system location (matches operational-path heuristic) — treated as informational, not a deliverable file path`
+					});
+					continue;
+				}
+				if (clause.alternative) {
+					const { group, option } = clause.alternative;
+					const taken = takenOption.get(group);
+					if (taken !== void 0 && taken !== option) {
+						findings.push({
+							category: "source-ac-alternative-not-taken",
+							severity: "info",
+							message: `path: "${truncated}" not implemented — source AC offered this as alternative option (${option}); story implemented option (${taken}) instead`
+						});
+						continue;
+					}
+				}
 				const existsInCode = pathSatisfiedByCode(context.workingDir, clause.text);
 				const modifiedFiles = context.devStoryResult?.files_modified ?? [];
 				const referencedByStory = pathReferencedInModifiedFiles(context.workingDir, clause.text, modifiedFiles);
@@ -4226,6 +4509,37 @@ const StoredVerificationSummarySchema = z.object({
 	duration_ms: z.number().nonnegative()
 });
 
+//#endregion
+//#region packages/sdlc/dist/run-model/dev-story-signals.js
+/**
+* Persisted shape of the normalized dev-story signals.
+*
+* All fields optional because:
+*   - Different dev-story dispatches surface different subsets of fields
+*     depending on the agent's YAML output (some omit `tests`, some omit
+*     `ac_failures` when none failed, etc.).
+*   - `result` uses the open extensible-union pattern (v0.19.6 convention)
+*     so future result strings (e.g. 'partial-checkpoint') don't break
+*     deserialization.
+*/
+const StoredDevStorySignalsSchema = z.object({
+	result: z.union([
+		z.literal("completed"),
+		z.literal("failed"),
+		z.literal("partial"),
+		z.string()
+	]).optional(),
+	ac_met: z.array(z.string()).optional(),
+	ac_failures: z.array(z.string()).optional(),
+	files_modified: z.array(z.string()).optional(),
+	tests: z.union([
+		z.literal("pass"),
+		z.literal("fail"),
+		z.literal("unknown"),
+		z.string()
+	]).optional()
+});
+
 //#endregion
 //#region packages/sdlc/dist/run-model/per-story-state.js
 /**
@@ -4271,7 +4585,8 @@ const PerStoryStateSchema = z.object({
 	cost_usd: z.number().nonnegative().optional(),
 	review_cycles: z.number().int().nonnegative().optional(),
 	dispatches: z.number().int().nonnegative().optional(),
-	retry_count: z.number().int().nonnegative().optional()
+	retry_count: z.number().int().nonnegative().optional(),
+	dev_story_signals: StoredDevStorySignalsSchema.optional()
 });
 
 //#endregion
@@ -5681,4 +5996,4 @@ function registerHealthCommand(program, _version = "0.0.0", projectRoot = proces
 
 //#endregion
 export { BMAD_BASELINE_TOKENS_FULL, DEFAULT_STALL_THRESHOLD_SECONDS, DoltMergeConflict, FileStateStore, FindingsInjector, RunManifest, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN$1 as STORY_KEY_PATTERN, SUBSTRATE_OWNED_SETTINGS_KEYS, SupervisorLock, VALID_PHASES, WorkGraphRepository, ZERO_FINDING_COUNTS, __commonJS, __require, __toESM, applyConfigToGraph, buildPipelineStatusOutput, createDatabaseAdapter$1 as createDatabaseAdapter, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, createStateStore, detectCycles, extractTargetFilesFromStoryContent, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, isOrchestratorProcessLine, parseDbTimestampAsUtc, registerHealthCommand, renderFindings, resolveBmadMethodSrcPath, resolveBmadMethodVersion, resolveGraphPath, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts, runHealthAction, validateStoryKey };
-//# sourceMappingURL=health-Cq8K_jrJ.js.map
+//# sourceMappingURL=health-0_axmI2t.js.map

package/dist/{health-CsRLsKgu.js → health-CrEdV2B3.js}

@@ -1,4 +1,4 @@
-import { DEFAULT_STALL_THRESHOLD_SECONDS, getAllDescendantPids, getAutoHealthData, inspectProcessTree, isOrchestratorProcessLine, registerHealthCommand, runHealthAction } from "./health-Cq8K_jrJ.js";
+import { DEFAULT_STALL_THRESHOLD_SECONDS, getAllDescendantPids, getAutoHealthData, inspectProcessTree, isOrchestratorProcessLine, registerHealthCommand, runHealthAction } from "./health-0_axmI2t.js";
 import "./logger-KeHncl-f.js";
 import "./dist-CqtWS9wF.js";
 import "./decisions-C0pz9Clx.js";

package/dist/{run-DEeTPCdU.js → run-DQ29oNG2.js}

@@ -1,8 +1,8 @@
-import "./health-Cq8K_jrJ.js";
+import "./health-0_axmI2t.js";
 import "./logger-KeHncl-f.js";
 import "./helpers-CElYrONe.js";
 import "./dist-CqtWS9wF.js";
-import { normalizeGraphSummaryToStatus, registerRunCommand, resolveMaxReviewCycles, runRunAction, wireNdjsonEmitter } from "./run-B3e4O0Rk.js";
+import { normalizeGraphSummaryToStatus, registerRunCommand, resolveMaxReviewCycles, runRunAction, wireNdjsonEmitter } from "./run-DQcG05Ar.js";
 import "./routing-CcBOCuC9.js";
 import "./decisions-C0pz9Clx.js";
 

package/dist/{run-B3e4O0Rk.js → run-DQcG05Ar.js}

@@ -1,4 +1,4 @@
-import { BMAD_BASELINE_TOKENS_FULL, DoltMergeConflict, FileStateStore, FindingsInjector, RunManifest, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN, VALID_PHASES, WorkGraphRepository, __commonJS, __require, __toESM, applyConfigToGraph, buildPipelineStatusOutput, createDatabaseAdapter, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, detectCycles, extractTargetFilesFromStoryContent, formatOutput, formatPipelineSummary, formatTokenTelemetry, inspectProcessTree, parseDbTimestampAsUtc, renderFindings, resolveGraphPath, resolveMainRepoRoot, validateStoryKey } from "./health-Cq8K_jrJ.js";
+import { BMAD_BASELINE_TOKENS_FULL, DoltMergeConflict, FileStateStore, FindingsInjector, RunManifest, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN, VALID_PHASES, WorkGraphRepository, __commonJS, __require, __toESM, applyConfigToGraph, buildPipelineStatusOutput, createDatabaseAdapter, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, detectCycles, extractTargetFilesFromStoryContent, formatOutput, formatPipelineSummary, formatTokenTelemetry, inspectProcessTree, parseDbTimestampAsUtc, renderFindings, resolveGraphPath, resolveMainRepoRoot, validateStoryKey } from "./health-0_axmI2t.js";
 import { createLogger } from "./logger-KeHncl-f.js";
 import { TypedEventBusImpl, createEventBus, createTuiApp, isTuiCapable, printNonTtyWarning, sleep } from "./helpers-CElYrONe.js";
 import { ADVISORY_NOTES, Categorizer, ConsumerAnalyzer, DEFAULT_GLOBAL_SETTINGS, DispatcherImpl, DoltClient, ESCALATION_DIAGNOSIS, EXPERIMENT_RESULT, EfficiencyScorer, IngestionServer, LogTurnAnalyzer, OPERATIONAL_FINDING, Recommender, RoutingRecommender, RoutingResolver, RoutingTelemetry, RoutingTokenAccumulator, RoutingTuner, STORY_METRICS, STORY_OUTCOME, SubstrateConfigSchema, TEST_EXPANSION_FINDING, TEST_PLAN, TelemetryNormalizer, TelemetryPipeline, TurnAnalyzer, addTokenUsage, aggregateTokenUsageForRun, aggregateTokenUsageForStory, callLLM, createConfigSystem, createDatabaseAdapter$1, createDecision, createPipelineRun, createRequirement, detectInterfaceChanges, getArtifactByTypeForRun, getArtifactsByRun, getDecisionsByCategory, getDecisionsByPhase, getDecisionsByPhaseForRun, getLatestRun, getPipelineRunById, getRunMetrics, getRunningPipelineRuns, getStoryMetricsForRun, getTokenUsageSummary, initSchema, listRequirements, loadModelRoutingConfig, registerArtifact, updatePipelineRun, updatePipelineRunConfig, upsertDecision, writeRunMetrics, writeStoryMetrics } from "./dist-CqtWS9wF.js";
@@ -10729,6 +10729,36 @@ function persistVerificationResult(storyKey, summary, runManifest) {
 	}, "manifest verification_result write failed — pipeline continues"));
 }
 /**
+* Non-fatally persist dev-story signals to the run manifest.
+*
+* Called right before each verification dispatch so the signals that fed
+* into the verification context are durably recorded. Closes a manifest-as-
+* source-of-truth gap (Epic 52 design contract): Story 60-3's under-delivery
+* detection in source-ac-fidelity reads `context.devStoryResult.files_modified`,
+* which the orchestrator passes in-memory at dispatch time but never wrote
+* to the manifest. Resume / retry-escalated / supervisor-restart / post-mortem
+* paths read state from the manifest and saw `dev_story_signals: undefined`,
+* forcing the under-delivery check into "benefit of doubt" warn mode rather
+* than the intended error.
+*
+* Surfaced strata Run a880f201 (2026-04-26): manifest's per_story_state["1-12"]
+* had no `dev_story_signals` field even though dev-story shipped 3 files.
+*
+* Same non-fatal / fire-and-forget semantics as persistVerificationResult.
+*
+* @param storyKey    - Story key being verified
+* @param signals     - Normalized DevStorySignals from the orchestrator's
+*                      replaceDevStorySignals / mergeDevStorySignals helpers
+* @param runManifest - RunManifest instance to write to, or null/undefined to skip
+*/
+function persistDevStorySignals(storyKey, signals, runManifest) {
+	if (runManifest == null || signals === void 0) return Promise.resolve();
+	return runManifest.patchStoryState(storyKey, { dev_story_signals: signals }).catch((err) => _logger.warn({
+		err,
+		storyKey
+	}, "manifest dev_story_signals write failed — pipeline continues"));
+}
+/**
 * Flatten every finding from a VerificationSummary's checks into a single
 * prompt-ready string. Returns '' when the summary is undefined, contains
 * no checks, or every check emits zero findings (e.g. every check passed).
@@ -13807,6 +13837,7 @@ function createImplementationOrchestrator(deps) {
 						const section = extractStorySection(epicFull, storyKey);
 						if (section) sourceEpicContent = section;
 					} catch {}
+					await persistDevStorySignals(storyKey, devStorySignals, runManifest);
 					const verifContext = assembleVerificationContext({
 						storyKey,
 						workingDir: projectRoot ?? process.cwd(),
@@ -14079,6 +14110,7 @@ function createImplementationOrchestrator(deps) {
 						const section2 = extractStorySection(epicFull2, storyKey);
 						if (section2) sourceEpicContent2 = section2;
 					} catch {}
+					await persistDevStorySignals(storyKey, devStorySignals, runManifest);
 					const verifContext = assembleVerificationContext({
 						storyKey,
 						workingDir: projectRoot ?? process.cwd(),
@@ -14151,7 +14183,7 @@ function createImplementationOrchestrator(deps) {
 			updateStory(storyKey, { phase: "NEEDS_FIXES" });
 			startPhase(storyKey, "fix");
 			const taskType = verdict === "NEEDS_MINOR_FIXES" ? "minor-fixes" : "major-rework";
-			const fixModel = taskType === "major-rework" ? "claude-opus-4-6" : void 0;
+			const fixModel = taskType === "major-rework" ? "claude-opus-4-7" : void 0;
 			try {
 				let fixPrompt;
 				const isMajorRework = taskType === "major-rework";
@@ -44456,4 +44488,4 @@ function registerRunCommand(program, _version = "0.0.0", projectRoot = process.c
 
 //#endregion
 export { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GitClient, GrammarLoader, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, normalizeGraphSummaryToStatus, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveMaxReviewCycles, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runRunAction, runSolutioningPhase, validateStopAfterFromConflict, wireNdjsonEmitter };
-//# sourceMappingURL=run-B3e4O0Rk.js.map
+//# sourceMappingURL=run-DQcG05Ar.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "substrate-ai",
-  "version": "0.20.23",
+  "version": "0.20.27",
   "description": "Substrate — multi-agent orchestration daemon for AI coding agents",
   "type": "module",
   "license": "MIT",

package/packs/bmad/prompts/create-story.md

@@ -118,9 +118,13 @@ Declare probes as a YAML list inside a single fenced `yaml` block directly under
   command: <shell command line(s)>        # required
   timeout_ms: 60000                       # optional; defaults to 60000
   description: <optional context>         # optional
+  expect_stdout_no_regex:                 # optional; stdout must NOT match any of these
+    - '<regex pattern>'
+  expect_stdout_regex:                    # optional; stdout must match each of these
+    - '<regex pattern>'
 ```
 
-Required fields: `name`, `sandbox`, `command`. `timeout_ms` and `description` are optional. Probe names must be unique within one story.
+Required fields: `name`, `sandbox`, `command`. `timeout_ms`, `description`, `expect_stdout_no_regex`, and `expect_stdout_regex` are optional. Probe names must be unique within one story.
 
 ### Sandbox choice
 
@@ -134,6 +138,26 @@ For stories with multiple runtime concerns (install + start + connect), declare
 
 Probe names are hyphen-separated identifiers, not sentences: `dolt-image-pullable`, not `verify that the dolt image can be pulled`.
 
+### Asserting success-shape on structured-output probes
+
+Exit-code success is necessary but **not sufficient** for probes calling tools that return structured payloads (MCP, REST, JSON-RPC, A2A). Many such tools respond HTTP 200 with an error envelope (`{"isError": true}`, `{"status": "error"}`, `{"error": {...}}`) — exit-0 hides the failure. Strata Run 12 shipped four broken MCP tools under SHIP_IT because probes only asserted "tool advertised", not "tool returned a success-shaped response."
+
+**Use** `expect_stdout_no_regex` (forbidden patterns) and/or `expect_stdout_regex` (required patterns) when the probe hits MCP / REST / JSON-RPC / A2A. **Skip** for commands that exit non-zero on logical failure (`systemctl`, `podman pull`, `docker compose config`).
+
+```yaml
+- name: mcp-semantic-search-returns-results
+  sandbox: host
+  command: |
+    mcp-client call strata_semantic_search '{"query": "auth"}'
+  expect_stdout_no_regex:
+    - '"isError"\s*:\s*true'
+    - '"status"\s*:\s*"error"'
+  expect_stdout_regex:
+    - '"similarity_score"'
+```
+
+Patterns are JavaScript regex (`new RegExp`). Evaluated only when exit code is 0; non-zero exits emit `runtime-probe-fail` and assertions are skipped to avoid redundant findings.
+
 ### Examples by artifact class
 
 **Systemd unit:**