substrate-ai 0.20.57 → 0.20.58

package/dist/cli/index.js

@@ -1,10 +1,10 @@
 #!/usr/bin/env node
-import { FileStateStore, RunManifest, SUBSTRATE_OWNED_SETTINGS_KEYS, SupervisorLock, VALID_PHASES, WorkGraphRepository, ZERO_FINDINGS_BY_AUTHOR, ZERO_FINDING_COUNTS, ZERO_PROBE_AUTHOR_METRICS, aggregateProbeAuthorMetrics, buildPipelineStatusOutput, createDatabaseAdapter, createStateStore, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, parseDbTimestampAsUtc, parseRuntimeProbes, registerHealthCommand, resolveBmadMethodSrcPath, resolveBmadMethodVersion, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts, rollupFindingsByAuthor, rollupProbeAuthorByClass, rollupProbeAuthorMetrics } from "../health-PdI4-96I.js";
+import { FileStateStore, RunManifest, SUBSTRATE_OWNED_SETTINGS_KEYS, SupervisorLock, VALID_PHASES, WorkGraphRepository, ZERO_FINDINGS_BY_AUTHOR, ZERO_FINDING_COUNTS, ZERO_PROBE_AUTHOR_METRICS, aggregateProbeAuthorMetrics, buildPipelineStatusOutput, createDatabaseAdapter, createStateStore, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, parseDbTimestampAsUtc, parseRuntimeProbes, registerHealthCommand, resolveBmadMethodSrcPath, resolveBmadMethodVersion, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts, rollupFindingsByAuthor, rollupProbeAuthorByClass, rollupProbeAuthorMetrics } from "../health-CNqQFdaT.js";
 import { createLogger } from "../logger-KeHncl-f.js";
 import { createEventBus } from "../helpers-CElYrONe.js";
 import { AdapterRegistry, BudgetConfigSchema, CURRENT_CONFIG_FORMAT_VERSION, CURRENT_TASK_GRAPH_VERSION, ConfigError, CostTrackerConfigSchema, DEFAULT_CONFIG, DoltClient, DoltNotInstalled, GlobalSettingsSchema, InMemoryDatabaseAdapter, IngestionServer, MonitorDatabaseImpl, OPERATIONAL_FINDING, PartialGlobalSettingsSchema, PartialProviderConfigSchema, ProvidersSchema, RoutingRecommender, STORY_METRICS, TelemetryConfigSchema, addTokenUsage, aggregateTokenUsageForRun, checkDoltInstalled, compareRunMetrics, createAmendmentRun, createConfigSystem, createDecision, createDoltClient, createPipelineRun, getActiveDecisions, getAllCostEntriesFiltered, getBaselineRunMetrics, getDecisionsByCategory, getDecisionsByPhaseForRun, getLatestCompletedRun, getLatestRun, getPipelineRunById, getPlanningCostTotal, getRetryableEscalations, getRunMetrics, getRunningPipelineRuns, getSessionCostSummary, getSessionCostSummaryFiltered, getStoryMetricsForRun, getTokenUsageSummary, incrementRunRestarts, initSchema, initializeDolt, listRunMetrics, loadParentRunDecisions, supersedeDecision, tagRunAsBaseline, updatePipelineRun } from "../dist-W2emvN3F.js";
 import "../adapter-registry-DXLMTmfD.js";
-import { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GLOBSTAR, GitClient, GrammarLoader, Minimatch, Minipass, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, escape, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runProbeAuthor, runSolutioningPhase, unescape, validateStopAfterFromConflict } from "../run-DcDoaG12.js";
+import { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GLOBSTAR, GitClient, GrammarLoader, Minimatch, Minipass, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, escape, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runProbeAuthor, runSolutioningPhase, unescape, validateStopAfterFromConflict } from "../run-DE5xoB9U.js";
 import "../errors-CKFu8YI9.js";
 import "../routing-CcBOCuC9.js";
 import "../decisions-C0pz9Clx.js";
@@ -7484,7 +7484,7 @@ async function runStatusAction(options) {
 			logger$13.debug({ err }, "Work graph query failed, continuing without work graph data");
 		}
 		if (run === void 0) {
-			const { inspectProcessTree: inspectProcessTree$1 } = await import("../health-HmyFdWEf.js");
+			const { inspectProcessTree: inspectProcessTree$1 } = await import("../health-BX84L5Qe.js");
 			const substrateDirPath = join(projectRoot, ".substrate");
 			const processInfo = inspectProcessTree$1({
 				projectRoot,
@@ -9030,7 +9030,7 @@ async function runSupervisorAction(options, deps = {}) {
 								await initSchema(expAdapter);
 								const { runRunAction: runPipeline } = await import(
 									/* @vite-ignore */
-									"../run-BF8oeJhG.js"
+									"../run-ChqBlPYZ.js"
 );
 								const runStoryFn = async (opts) => {
 									const exitCode = await runPipeline({

package/dist/{health-HmyFdWEf.js → health-BX84L5Qe.js}

@@ -1,4 +1,4 @@
-import { DEFAULT_STALL_THRESHOLD_SECONDS, getAllDescendantPids, getAutoHealthData, inspectProcessTree, isOrchestratorProcessLine, registerHealthCommand, runHealthAction } from "./health-PdI4-96I.js";
+import { DEFAULT_STALL_THRESHOLD_SECONDS, getAllDescendantPids, getAutoHealthData, inspectProcessTree, isOrchestratorProcessLine, registerHealthCommand, runHealthAction } from "./health-CNqQFdaT.js";
 import "./logger-KeHncl-f.js";
 import "./dist-W2emvN3F.js";
 import "./decisions-C0pz9Clx.js";

package/dist/{health-PdI4-96I.js → health-CNqQFdaT.js}

@@ -1,19 +1,22 @@
 import { createLogger } from "./logger-KeHncl-f.js";
 import { DoltClient, DoltQueryError, LEARNING_FINDING, createDatabaseAdapter$1 as createDatabaseAdapter, createDecision, getDecisionsByCategory, getLatestRun, getPipelineRunById, initSchema } from "./dist-W2emvN3F.js";
 import { createRequire } from "module";
+import * as path$1 from "path";
 import { dirname, join } from "path";
 import { readFile } from "fs/promises";
 import { EventEmitter } from "node:events";
 import { YAMLException, load } from "js-yaml";
 import { existsSync, promises, readFileSync, readdirSync, statSync } from "node:fs";
 import { spawn, spawnSync } from "node:child_process";
-import * as path$1 from "node:path";
+import * as path$2 from "node:path";
 import { basename as basename$1, dirname as dirname$1, join as join$1, resolve as resolve$1 } from "node:path";
 import { z } from "zod";
 import { mkdir as mkdir$1, open, readFile as readFile$1, unlink, writeFile as writeFile$1 } from "node:fs/promises";
+import * as fs from "fs";
 import { existsSync as existsSync$1 } from "fs";
 import { createRequire as createRequire$1 } from "node:module";
 import { fileURLToPath } from "node:url";
+import { execSync as execSync$1 } from "child_process";
 
 //#region rolldown:runtime
 var __create = Object.create;
@@ -481,20 +484,20 @@ function detectCycles(edges) {
 	}
 	const visited = new Set();
 	const visiting = new Set();
-	const path$2 = [];
+	const path$3 = [];
 	function dfs(node) {
 		if (visiting.has(node)) {
-			const cycleStart = path$2.indexOf(node);
-			return [...path$2.slice(cycleStart), node];
+			const cycleStart = path$3.indexOf(node);
+			return [...path$3.slice(cycleStart), node];
 		}
 		if (visited.has(node)) return null;
 		visiting.add(node);
-		path$2.push(node);
+		path$3.push(node);
 		for (const neighbor of adj.get(node) ?? []) {
 			const cycle = dfs(neighbor);
 			if (cycle !== null) return cycle;
 		}
-		path$2.pop();
+		path$3.pop();
 		visiting.delete(node);
 		visited.add(node);
 		return null;
@@ -2928,6 +2931,16 @@ const SEVERITY_PREFIX = {
 	info: "INFO"
 };
 /**
+* source-ac-shellout-npx-fallback — Story 67-3, obs_2026-05-03_023 fix #3.
+*
+* Severity: warn. Emitted by SourceAcShelloutCheck when a bare `npx <package>`
+* invocation (without `--no-install`) is detected in a story-modified source file.
+* A bare `npx <package>` without `--no-install` falls through to the public npm
+* registry on first use if the package binary is not locally installed —
+* a dependency-confusion attack vector.
+*/
+const CATEGORY_SHELLOUT_NPX_FALLBACK = "source-ac-shellout-npx-fallback";
+/**
 * Render a list of findings into the multi-line human-readable string that
 * populates VerificationResult.details. One line per finding:
 *
@@ -3444,15 +3457,15 @@ function findCodeEvidence(opts) {
 		reason: `AC text references ${token}, which is in files_modified`
 	};
 	for (const token of tokens) {
-		const base = path$1.basename(token);
-		const match = filesModified.find((f) => path$1.basename(f) === base);
+		const base = path$2.basename(token);
+		const match = filesModified.find((f) => path$2.basename(f) === base);
 		if (match !== void 0) return {
 			found: true,
 			reason: `AC text references ${token}; matching basename ${match} is in files_modified`
 		};
 	}
 	for (const token of tokens) try {
-		if (existsSync(path$1.join(workingDir, token))) return {
+		if (existsSync(path$2.join(workingDir, token))) return {
 			found: true,
 			reason: `AC text references ${token}, which exists in working tree`
 		};
@@ -3462,7 +3475,7 @@ function findCodeEvidence(opts) {
 		const acMentionRe = new RegExp(`\\bAC\\s*:?\\s*#?\\s*${num}\\b`, "i");
 		const testFiles = filesModified.filter(isTestFilePath);
 		for (const testFile of testFiles) try {
-			const content = readFileSync(path$1.join(workingDir, testFile), "utf-8");
+			const content = readFileSync(path$2.join(workingDir, testFile), "utf-8");
 			if (acMentionRe.test(content)) return {
 				found: true,
 				reason: `${testFile} mentions ${acId}`
@@ -3790,11 +3803,11 @@ function parseRuntimeProbes(storyContent) {
 	const validation = RuntimeProbeListSchema.safeParse(parsed);
 	if (!validation.success) {
 		const first = validation.error.issues[0];
-		const path$2 = first?.path.join(".") ?? "";
+		const path$3 = first?.path.join(".") ?? "";
 		const message = first?.message ?? "schema validation failed";
 		return {
 			kind: "invalid",
-			error: `probe list is malformed at ${path$2 || "<root>"}: ${message}`
+			error: `probe list is malformed at ${path$3 || "<root>"}: ${message}`
 		};
 	}
 	const probes = validation.data;
@@ -4552,18 +4565,18 @@ function existsAnywhereUnderRoot(root, base) {
 		depth: 0
 	}];
 	while (stack.length > 0) {
-		const { path: path$2, depth } = stack.pop();
+		const { path: path$3, depth } = stack.pop();
 		if (depth > MAX_WALK_DEPTH) continue;
 		let entries;
 		try {
-			entries = readdirSync(path$2);
+			entries = readdirSync(path$3);
 		} catch {
 			continue;
 		}
 		for (const entry of entries) {
 			if (SKIP_DIRS.has(entry)) continue;
 			if (entry === base) return true;
-			const full = join$1(path$2, entry);
+			const full = join$1(path$3, entry);
 			try {
 				const s = statSync(full);
 				if (s.isDirectory()) stack.push({
@@ -5106,6 +5119,140 @@ var SourceAcFidelityCheck = class {
 	}
 };
 
+//#endregion
+//#region packages/sdlc/dist/verification/checks/source-ac-shellout-check.js
+/** Matches `npx <name>` but NOT `npx --no-install <name>`. */
+const NPX_PATTERN = /npx\s+(?!--no-install)([a-zA-Z0-9_@\-/]+)/g;
+/**
+* Returns `true` when the line (after trimming leading whitespace) starts with
+* a single-line comment marker (`//` or `#`). Block comments (/* … *\/) are not
+* matched here — they are handled by the string-literal context check.
+*/
+function isCommentLine(line) {
+	const trimmed = line.trimStart();
+	return trimmed.startsWith("//") || trimmed.startsWith("#");
+}
+/**
+* Returns `true` when `matchIndex` falls inside a single-quoted (`'...'`),
+* double-quoted (`"..."`), or template-literal (`` `...` ``) region of the line,
+* OR when the line is a shebang (`#!...`).
+*
+* Implementation: scan character-by-character from index 0, toggling
+* `inSingle`, `inDouble`, `inTemplate` flags at unescaped quote characters.
+* An escaped quote is one where the immediately preceding character is `\`.
+* (Note: this is a heuristic — it does not handle `\\` or complex escape
+* sequences correctly. For a static-analysis severity:warn heuristic, the
+* simplification is acceptable.)
+*/
+function isInStringLiteralContext(line, matchIndex) {
+	if (line.trimStart().startsWith("#!")) return true;
+	let inSingle = false;
+	let inDouble = false;
+	let inTemplate = false;
+	for (let i = 0; i < matchIndex; i++) {
+		const char = line[i];
+		const escaped = i > 0 && line[i - 1] === "\\";
+		if (!escaped) {
+			if (char === "'" && !inDouble && !inTemplate) inSingle = !inSingle;
+			else if (char === "\"" && !inSingle && !inTemplate) inDouble = !inDouble;
+			else if (char === "`" && !inSingle && !inDouble) inTemplate = !inTemplate;
+		}
+	}
+	return inSingle || inDouble || inTemplate;
+}
+/**
+* Reads the file at `absolutePath` and returns every line/match pair where
+* a bare `npx <name>` (without `--no-install`) appears inside a string-literal
+* context on a non-comment line.
+*
+* Returns 1-indexed line numbers.
+*/
+function scanFile(absolutePath) {
+	const content = fs.readFileSync(absolutePath, "utf-8");
+	const lines = content.split("\n");
+	const results = [];
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (line === void 0) continue;
+		if (isCommentLine(line)) continue;
+		NPX_PATTERN.lastIndex = 0;
+		let match;
+		const linePattern = new RegExp(NPX_PATTERN.source, "g");
+		while ((match = linePattern.exec(line)) !== null) {
+			const name = match[1];
+			if (name !== void 0 && isInStringLiteralContext(line, match.index)) results.push({
+				lineNum: i + 1,
+				name
+			});
+		}
+	}
+	return results;
+}
+/**
+* Standalone function implementing the shellout check logic.
+* Exported separately so tests can call it directly without instantiating the class.
+*/
+async function runShelloutCheck(context) {
+	const start = Date.now();
+	const findings = [];
+	let modifiedFiles = context.devStoryResult?.files_modified ?? [];
+	if (modifiedFiles.length === 0) try {
+		const output = execSync$1("git diff --name-only HEAD~1", {
+			cwd: context.workingDir,
+			encoding: "utf-8"
+		});
+		modifiedFiles = output.trim().split("\n").filter((f) => f.length > 0);
+	} catch {
+		return {
+			status: "pass",
+			details: "source-ac-shellout: no modified files available — skipping check",
+			duration_ms: Date.now() - start,
+			findings: []
+		};
+	}
+	const filesToCheck = modifiedFiles.filter((f) => !f.endsWith(".md"));
+	if (filesToCheck.length === 0) return {
+		status: "pass",
+		details: "source-ac-shellout: no non-.md modified files — skipping check",
+		duration_ms: Date.now() - start,
+		findings: []
+	};
+	for (const relPath of filesToCheck) {
+		const absPath = path$1.join(context.workingDir, relPath);
+		let matches;
+		try {
+			matches = scanFile(absPath);
+		} catch {
+			continue;
+		}
+		for (const { lineNum, name } of matches) findings.push({
+			category: CATEGORY_SHELLOUT_NPX_FALLBACK,
+			severity: "warn",
+			message: `npx fallback detected in ${relPath}:${lineNum}: "npx ${name}" — bare \`npx <package>\` without \`--no-install\` falls through to the public npm registry on first use. If \`<package>\` isn't a registered binary in your dev dependencies, this is a dependency-confusion vector. Use absolute path or \`npx --no-install <package>\` instead.`
+		});
+	}
+	const status = findings.some((f) => f.severity === "error") ? "fail" : findings.some((f) => f.severity === "warn") ? "warn" : "pass";
+	return {
+		status,
+		details: findings.length > 0 ? renderFindings(findings) : "source-ac-shellout: no bare npx fallback patterns detected",
+		duration_ms: Date.now() - start,
+		findings
+	};
+}
+/**
+* VerificationCheck class for the shellout static-analysis gate.
+*
+* name  = 'source-ac-shellout'
+* tier  = 'A' (fast — file I/O only, no LLM, no subprocess except optional git fallback)
+*/
+var SourceAcShelloutCheck = class {
+	name = "source-ac-shellout";
+	tier = "A";
+	async run(context) {
+		return runShelloutCheck(context);
+	}
+};
+
 //#endregion
 //#region packages/sdlc/dist/verification/verification-pipeline.js
 /**
@@ -5232,7 +5379,8 @@ function createDefaultVerificationPipeline(bus, config) {
 		new AcceptanceCriteriaEvidenceCheck(),
 		new BuildCheck(),
 		new RuntimeProbeCheck(),
-		new SourceAcFidelityCheck()
+		new SourceAcFidelityCheck(),
+		new SourceAcShelloutCheck()
 	];
 	return new VerificationPipeline(bus, checks);
 }
@@ -6595,7 +6743,7 @@ function inspectProcessTree(opts) {
 		}
 		const lines = psOutput.split("\n");
 		if (substrateDirPath !== void 0) try {
-			const readFileSyncFn = readFileSyncOverride ?? ((path$2, encoding) => readFileSync(path$2, encoding));
+			const readFileSyncFn = readFileSyncOverride ?? ((path$3, encoding) => readFileSync(path$3, encoding));
 			const pidContent = readFileSyncFn(join(substrateDirPath, "orchestrator.pid"), "utf-8");
 			const pid = parseInt(pidContent.trim(), 10);
 			if (!isNaN(pid) && pid > 0) {
@@ -7030,4 +7178,4 @@ function registerHealthCommand(program, _version = "0.0.0", projectRoot = proces
 
 //#endregion
 export { BMAD_BASELINE_TOKENS_FULL, DEFAULT_STALL_THRESHOLD_SECONDS, DoltMergeConflict, FileStateStore, FindingsInjector, RunManifest, RuntimeProbeListSchema, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN$1 as STORY_KEY_PATTERN, SUBSTRATE_OWNED_SETTINGS_KEYS, SupervisorLock, VALID_PHASES, WorkGraphRepository, ZERO_FINDINGS_BY_AUTHOR, ZERO_FINDING_COUNTS, ZERO_PROBE_AUTHOR_METRICS, __commonJS, __require, __toESM, aggregateProbeAuthorMetrics, applyConfigToGraph, buildPipelineStatusOutput, createDatabaseAdapter$1 as createDatabaseAdapter, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, createStateStore, detectCycles, detectsEventDrivenAC, detectsStateIntegratingAC, extractTargetFilesFromStoryContent, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, isOrchestratorProcessLine, parseDbTimestampAsUtc, parseRuntimeProbes, registerHealthCommand, renderFindings, resolveBmadMethodSrcPath, resolveBmadMethodVersion, resolveGraphPath, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts, rollupFindingsByAuthor, rollupProbeAuthorByClass, rollupProbeAuthorMetrics, runHealthAction, validateStoryKey };
-//# sourceMappingURL=health-PdI4-96I.js.map
+//# sourceMappingURL=health-CNqQFdaT.js.map

package/dist/{run-BF8oeJhG.js → run-ChqBlPYZ.js}

@@ -1,8 +1,8 @@
-import "./health-PdI4-96I.js";
+import "./health-CNqQFdaT.js";
 import "./logger-KeHncl-f.js";
 import "./helpers-CElYrONe.js";
 import "./dist-W2emvN3F.js";
-import { normalizeGraphSummaryToStatus, registerRunCommand, resolveMaxReviewCycles, resolveProbeAuthorStateIntegrating, runRunAction, wireNdjsonEmitter } from "./run-DcDoaG12.js";
+import { normalizeGraphSummaryToStatus, registerRunCommand, resolveMaxReviewCycles, resolveProbeAuthorStateIntegrating, runRunAction, wireNdjsonEmitter } from "./run-DE5xoB9U.js";
 import "./routing-CcBOCuC9.js";
 import "./decisions-C0pz9Clx.js";
 

package/dist/{run-DcDoaG12.js → run-DE5xoB9U.js}

@@ -1,4 +1,4 @@
-import { BMAD_BASELINE_TOKENS_FULL, DoltMergeConflict, FileStateStore, FindingsInjector, RunManifest, RuntimeProbeListSchema, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN, VALID_PHASES, WorkGraphRepository, __commonJS, __require, __toESM, applyConfigToGraph, buildPipelineStatusOutput, createDatabaseAdapter, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, detectCycles, detectsEventDrivenAC, detectsStateIntegratingAC, extractTargetFilesFromStoryContent, formatOutput, formatPipelineSummary, formatTokenTelemetry, inspectProcessTree, parseDbTimestampAsUtc, renderFindings, resolveGraphPath, resolveMainRepoRoot, validateStoryKey } from "./health-PdI4-96I.js";
+import { BMAD_BASELINE_TOKENS_FULL, DoltMergeConflict, FileStateStore, FindingsInjector, RunManifest, RuntimeProbeListSchema, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN, VALID_PHASES, WorkGraphRepository, __commonJS, __require, __toESM, applyConfigToGraph, buildPipelineStatusOutput, createDatabaseAdapter, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, detectCycles, detectsEventDrivenAC, detectsStateIntegratingAC, extractTargetFilesFromStoryContent, formatOutput, formatPipelineSummary, formatTokenTelemetry, inspectProcessTree, parseDbTimestampAsUtc, renderFindings, resolveGraphPath, resolveMainRepoRoot, validateStoryKey } from "./health-CNqQFdaT.js";
 import { createLogger } from "./logger-KeHncl-f.js";
 import { TypedEventBusImpl, createEventBus, createTuiApp, isTuiCapable, printNonTtyWarning, sleep } from "./helpers-CElYrONe.js";
 import { ADVISORY_NOTES, Categorizer, ConsumerAnalyzer, DEFAULT_GLOBAL_SETTINGS, DispatcherImpl, DoltClient, ESCALATION_DIAGNOSIS, EXPERIMENT_RESULT, EfficiencyScorer, IngestionServer, LogTurnAnalyzer, OPERATIONAL_FINDING, Recommender, RoutingRecommender, RoutingResolver, RoutingTelemetry, RoutingTokenAccumulator, RoutingTuner, STORY_METRICS, STORY_OUTCOME, SubstrateConfigSchema, TEST_EXPANSION_FINDING, TEST_PLAN, TelemetryNormalizer, TelemetryPipeline, TurnAnalyzer, addTokenUsage, aggregateTokenUsageForRun, aggregateTokenUsageForStory, callLLM, createConfigSystem, createDatabaseAdapter$1, createDecision, createPipelineRun, createRequirement, detectInterfaceChanges, getArtifactByTypeForRun, getArtifactsByRun, getDecisionsByCategory, getDecisionsByPhase, getDecisionsByPhaseForRun, getLatestRun, getPipelineRunById, getRunMetrics, getRunningPipelineRuns, getStoryMetricsForRun, getTokenUsageSummary, initSchema, listRequirements, loadModelRoutingConfig, registerArtifact, updatePipelineRun, updatePipelineRunConfig, upsertDecision, writeRunMetrics, writeStoryMetrics } from "./dist-W2emvN3F.js";
@@ -45472,4 +45472,4 @@ function registerRunCommand(program, _version = "0.0.0", projectRoot = process.c
 
 //#endregion
 export { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GLOBSTAR$1 as GLOBSTAR, GitClient, GrammarLoader, Minimatch$1 as Minimatch, Minipass, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, escape$1 as escape, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, normalizeGraphSummaryToStatus, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveMaxReviewCycles, resolveProbeAuthorStateIntegrating, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runProbeAuthor, runRunAction, runSolutioningPhase, unescape$1 as unescape, validateStopAfterFromConflict, wireNdjsonEmitter };
-//# sourceMappingURL=run-DcDoaG12.js.map
+//# sourceMappingURL=run-DE5xoB9U.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "substrate-ai",
-  "version": "0.20.57",
+  "version": "0.20.58",
   "description": "Substrate — multi-agent orchestration daemon for AI coding agents",
   "type": "module",
   "license": "MIT",

package/packs/bmad/prompts/create-story.md

@@ -108,6 +108,20 @@ Use this exact format for each item:
 
 **Behavioral signals (runtime-dependent even when the artifact ships as TypeScript / JavaScript / Python source):** the AC describes the implementation invoking a **subprocess** (`execSync`, `spawn`, `child_process`), reading or writing the **filesystem outside test tmpdirs** (`fs.read*`, `fs.write*`, `path.join(homedir(), ...)`), running **git operations** (`git log`, `git push`, `git merge`), querying a **database** (Dolt, mysql, sqlite, postgres), making **network requests** (`fetch`, `axios`, `http.get`), or scanning a **registry / configuration source** ("queries the registry", "scans the fleet").
 
+**Shell-script generation signals (runtime-dependent even when the artifact ships as source: the generated script runs on a live host, installs into `.git/hooks/`, or registers with the OS):** the AC describes the implementation generating or installing a script that a user or system event invokes — the correctness of that script can only be confirmed by running it in a real or ephemeral environment, not by inspecting source code alone. Signal types to recognize:
+
+- **Hook generators**: code that writes or installs git hooks (`pre-push`, `post-merge`, `pre-commit`, `post-commit`, `post-rewrite`), configures `husky` or other hook managers, or writes files to `.git/hooks/*`.
+- **Install scripts**: commands like `vg install`, `<binary> install`, or AC phrases like "installs the X hook", "writes the X script", "generates a wrapper for Y".
+- **Lifecycle scripts**: generates npm `prepublish`, `postinstall`, or `prepare` scripts; writes entries into `package.json` `scripts` field programmatically.
+- **Service generators**: generates systemd `.service` or `.timer` unit files, podman/docker image build scripts, or any file invoked by a scheduler or init system.
+- **Wrapper scripts**: produces `#!/bin/sh`-style shell wrappers around binaries (e.g., `#!/bin/sh` / `exec node "$@"` shape), shim generators, or delegate-to-binary shell scripts.
+
+Phrase patterns to flag as shell-script generation signals: "writes a hook", "generates a script", "installs a pre-push hook", "creates a wrapper", "emits a shell script", "writes to .git/hooks/", "creates a systemd unit".
+
+Strata Stories 3-3+3-4 shipped LGTM_WITH_NOTES with a real dependency-confusion attack vector (`npx strata` fallback) because the verification gate accepted shell-script-generating code without a canonical-invocation probe. See `obs_2026-05-03_023` (create-story prompt enforce probe section for shell-out boundaries).
+
+If any shell-script generation signal fires, the story MUST include a `## Runtime Probes` section that invokes the canonical user trigger in a fresh fixture project, not direct-call the script.
+
 **Architectural-level signals (the same external-state interactions described at higher abstraction levels — runtime-dependent identically):** the AC names a **named external dependency** (service, package, agent, skill, mesh, registry, queue, outbox, store, daemon, etc.) AND describes any **interaction verb** (queries, publishes, consumes, calls, writes to, reads from, subscribes to, registers with, delegates to, reaches for, persists to). Phrase patterns to recognize as the architectural-level equivalents of the code-API enumeration above:
 
 - `queries <service-or-skill>` (network / database) — e.g., "queries agent-mesh's `query-reports` skill", "queries the Dolt registry"

package/packs/bmad/prompts/probe-author.md

@@ -312,6 +312,59 @@ Read from an npm/package registry or fleet-config source. Precede the registry p
   description: npm registry resolves @substrate-ai/sdlc and returns a semver version string
 ```
 
+## Shell-script generation probe shapes
+
+Shell-script generation ACs describe a generator that produces a lifecycle script — a pre-push hook, a postinstall wrapper, a systemd unit startup shim, or a cron-job body — that the **user** then invokes through a canonical mechanism (`git push`, `npm install`, etc.). This AC class was identified in obs_2026-05-03_023 (strata 3-3+3-4 incident: a pre-push hook generator shipped SHIP_IT with a dependency-confusion attack vector because the verification probe direct-called the generated script with synthetic inputs rather than invoking the canonical user trigger).
+
+**Why the fresh-fixture requirement is critical:**
+
+(a) The orchestrator's working tree may have global state (installed binaries, config files) that a typical user environment does not. A probe run against substrate's own working tree silently satisfies preconditions that would fail in a fresh project.
+
+(b) The canonical user invocation runs in the user's project root — not substrate's. A probe that bypasses the install + wiring step (e.g., calls `bash .git/hooks/pre-push` directly) cannot detect that the hook was installed to the wrong path, was installed with the wrong mode, or was wired to the wrong trigger event.
+
+(c) Defects like dependency-confusion (`npx <package>` fallback to global registry) only manifest when no local binary exists. On the orchestrator's machine, `node_modules/.bin/strata` satisfies the lookup before npm's fallback fires — masking the defect from any probe that runs inside the substrate working tree.
+
+**Three rules for shell-script generation probes:**
+
+1. **Fresh fixture in `mktemp -d`** — never run against substrate's own project tree. The working tree silently satisfies probes that would fail in a user's fresh environment. Create a throwaway `mktemp -d` directory, `git init` it, and install the generator into it via the canonical install command.
+
+2. **Canonical user trigger** — `git push` for a pre-push hook, `npm install` for a postinstall hook, NOT direct script invocation (`bash .git/hooks/pre-push`). Direct invocation skips the wiring layer that determines whether the hook actually fires on the user's machine. See the trigger table in "Probes for event-driven mechanisms must invoke the production trigger" above.
+
+3. **Observable post-condition** — assert filesystem or process state the user would observe (e.g., `test -f .findings/history.jsonl`), not just exit code. A script that exits 0 without writing the expected artifact satisfies exit-code-only probes but silently fails the user. The assertion target must be the output the user can inspect after the event fires.
+
+**Canonical worked example (strata 3-3 pre-push hook scenario — obs_2026-05-03_023 fix #1):**
+
+```yaml
+- name: pre-push-hook-fires-on-real-push-and-archives-findings
+  sandbox: twin
+  command: |
+    set -e
+    FIXTURE=$(mktemp -d)
+    cd "$FIXTURE"
+    npm init -y >/dev/null
+    git init -q
+    git config user.email t@example.com && git config user.name test
+    # install via canonical user invocation (no global packages)
+    node <REPO_ROOT>/dist/cli.js vg install
+    # produce a finding-eligible change
+    mkdir -p src
+    echo "import x from 'lodash';" > src/bad.ts
+    git add . && git commit -qm "initial"
+    # trigger canonical user-facing event via git push (pre-push hook fires here)
+    REMOTE=$(mktemp -d)
+    git init --bare -q "$REMOTE"
+    git remote add origin "$REMOTE"
+    git push origin main 2>&1 || true
+    # assert observable post-condition
+    test -f .findings/history.jsonl && echo "ARCHIVE_PRESENT" || echo "ARCHIVE_MISSING"
+  expect_stdout_regex:
+    - ARCHIVE_PRESENT
+  description: >-
+    strata 3-3 canonical pre-push hook shape — fresh fixture (mktemp -d),
+    canonical user trigger (git push), observable post-condition assertion
+    (obs_2026-05-03_023 fix #1)
+```
+
 ## Mission
 
 Author runtime probes for the story described above. Use the AC sections provided: