terramend 0.2.0 → 0.2.1

package/dist/internal.js

@@ -751,7 +751,7 @@ Inline comments use the same severity framing as body \`### \` sections, scaled
 - **Legacy headings REMOVED.** Do not use \`### Key changes\`, \`### Issues found\`, \`<b>TL;DR</b>\`, or \`<sub><b>Summary</b>\`. The new structure subsumes them.`;
 var REMEDIATION_PR_FORMAT = `### Remediation PR format
 
-**Minimum (ALWAYS include, even under tight budget):** a one-paragraph plain-English summary of *what was wrong and what you changed*, then a \`## What changed\` list with one *Was / Changed / Safe because* note per concern, then the \`## Validation (\u2717 \u2192 \u2713)\` list. If you produce nothing else, produce these three \u2014 a PR a human can't understand from its body alone has failed its job. Everything below enriches this minimum; it does not replace it.
+**Minimum (ALWAYS include, even under tight budget):** a one-paragraph plain-English summary of *what was wrong and what you changed*, then a \`## What changed\` list with one *Was / Changed / Safe because* note per concern, then the \`## Validation\` list. If you produce nothing else, produce these three \u2014 a PR a human can't understand from its body alone has failed its job. Everything below enriches this minimum; it does not replace it.
 
 Build the PR body in this EXACT order. Every line is backed by a tool result \u2014 never write a status you didn't get from a tool. Omit a whole section only when its tool didn't run (e.g. no plan without cloud creds); never fabricate it. Keep a blank line between every block-level element (GitHub needs it to render).
 
@@ -789,19 +789,21 @@ One \`### \` subsection per resolved concern (or one per rule for a by-rule grou
 
 Lead each heading with a severity emoji (\u{1F6A8} critical \xB7 \u26A0\uFE0F high \xB7 \u{1F512} security \xB7 \u2139\uFE0F low/info). Backtick-wrap every identifier. No raw diff dumps \u2014 the Files tab shows the diff.
 
-#### 4. \`## Validation (\u2717 \u2192 \u2713)\`
+#### 4. \`## Validation\`
 
-Built ONLY from \`terraform_verify_remediation\`'s result \u2014 this is the proof, not a self-report. One line per id in \`resolved\`, then any still-open id honestly:
+Built ONLY from \`terraform_verify_remediation\`'s result \u2014 this is the proof, not a self-report. One \u2705 line per id in \`resolved\`, then any still-open id honestly:
 
 \`\`\`
-## Validation (\u2717 \u2192 \u2713)
+## Validation
 
-- \u2717 \u2192 \u2713 \\\`trivy:AVD-AWS-0088\\\` resolved
-- \u2717 \u2192 \u2713 \\\`checkov:CKV_AWS_19\\\` resolved
+- \u2705 \\\`trivy:AVD-AWS-0088\\\` resolved
+- \u2705 \\\`checkov:CKV_AWS_19\\\` resolved
 - \u26A0\uFE0F still open: \\\`tflint:...\\\` \u2014 {why it couldn't be cleared}
 \`\`\`
 
-If \`has_regressions\` is true, add a \`> [!CAUTION]\` **Regression** callout listing each new concern id BEFORE this list, and ensure the \`needs-human\` label is set. Never mark an id \u2713 unless the tool returned it in \`resolved\`.
+**Resolved XOR still-open \u2014 never both.** Each concern appears on exactly one line: an \`id\` in the tool's \`resolved\` set gets a \`\u2705 \u2026 resolved\` line (the green check means cleared); an \`id\` in \`remaining\` gets a \`\u26A0\uFE0F still open: \u2026\` line. NEVER put a \u2705 on an unresolved concern (no \`\u2705 \u2026 re-flagged\`, no \`\u2705 \u2026 still open\`) \u2014 that is a false attestation and the single worst thing this body can do. A concern earns its \u2705 only if the tool returned its id in \`resolved\`; if it's in \`remaining\`, it is still-open, full stop.
+
+If \`has_regressions\` is true, add a \`> [!CAUTION]\` **Regression** callout listing each id in the tool's \`regressions\` set BEFORE this list, and ensure the \`needs-human\` label is set. \`regressions\` are concerns the fix genuinely INTRODUCED (a new \`rule\`+\`file\` not present before) \u2014 they are computed line-independently, so a pre-existing concern that merely moved lines is NOT a regression; do not relabel a \`remaining\` concern as a regression.
 
 #### 5. \`<details><summary>Plan</summary>\` (when \`terraform_plan\` ran)
 
@@ -1196,6 +1198,42 @@ ${PR_SUMMARY_FORMAT}`
 ${REVIEW_FINDING_PRECEDENTS}
 
 ${PR_SUMMARY_FORMAT}`
+    },
+    {
+      name: "SummarizePr",
+      description: "Summarize a pull request's changes in a single structured comment \u2014 what it does, the key changes, and any areas worth a closer look. Does NOT review, approve, or change code (use Review for a verdict).",
+      prompt: `### Checklist
+
+This mode posts ONE plain-English summary of what a PR does \u2014 an orientation aid, not a verdict. Do NOT approve, request changes, leave inline review comments, or modify any code. If a real review is wanted, that's the Review mode.
+
+1. **task list**: create your task list for this run as your first action.
+
+2. **checkout**: call \`${t("checkout_pr")}\` \u2014 this returns PR metadata and a \`diffPath\`. Read the diff TOC so you understand the scope.
+
+3. **Terraform anchor (when relevant)**: call \`${t("terraform_change_summary")}\` \u2014 it returns the DETERMINISTIC Terraform block changes (resource/module/data/variable/output addresses ADDED and REMOVED, plus the Terraform files touched) vs the base. It degrades green (\`ok: false\`) when git can't resolve the base \u2014 run \`${t("git_fetch")}\` on the base ref first and retry \u2014 or when the PR has no Terraform changes (then it's a general summary). Use its counts as the factual backbone of the Terraform part of your summary instead of counting by eye.
+
+4. **read for intent**: read the \`diffPath\` (and related files as needed) to understand WHAT the PR does and WHY \u2014 not just the mechanics. Pull as much context as you need; you are the synthesizer.
+
+5. **post the summary**: call \`${t("create_issue_comment")}\` ONCE on the PR with a structured summary in this shape (omit a section when it has nothing):
+
+   \`\`\`
+   ## Summary
+   {1\u20132 sentences: what this PR does and why, in plain English.}
+
+   ### Key changes
+   - **{short title}** \u2014 {one sentence}; backtick-wrap files/identifiers you name.
+   - ...
+
+   ### Terraform changes
+   {only when terraform_change_summary returned data \u2014 e.g. "Adds \\\`module.vpc\\\` and \\\`aws_s3_bucket.logs\\\`; removes \\\`aws_launch_configuration.web\\\`; edits 3 files." Use its real addresses/counts.}
+
+   ### Worth a closer look (optional)
+   - {non-blocking observations a reviewer might want to focus on \u2014 risk areas, sequencing, things the diff implies but doesn't address. Phrase as orientation, not findings \u2014 this is not a review.}
+   \`\`\`
+
+   Keep it scannable: lead with intent, alternate prose with structure, backtick-wrap identifiers, no raw diff dumps, no \`+N/-M\` stats. NEVER fabricate a change \u2014 every claim must be in the diff (the Terraform counts come from the tool).
+
+6. **finalize**: call \`${t("report_progress")}\` with a one-line note that the summary was posted (or the exact error if the comment failed). Do NOT call \`${t("create_pull_request_review")}\` \u2014 this mode summarizes, it does not review.`
     },
     {
       name: "Plan",
@@ -1263,10 +1301,30 @@ ${PR_SUMMARY_FORMAT}`
    - \`git add . && git commit -m "resolve merge conflicts"\`
    - confirm a clean working tree, then push via \`${t("push_branch")}\` (same push/prepush guidance as Build mode in *SYSTEM*)
    - Call \`${t("report_progress")}\` with a summary of what was resolved (or the exact push error if push failed)`
+    },
+    {
+      name: "Assess",
+      description: "Read-only Terraform best-practice ASSESSMENT: scan with the deterministic check tools, map findings to compliance controls, and report the posture (clean / advisory / action-required) \u2014 without modifying any Terraform or opening a PR.",
+      prompt: `### Checklist
+
+This mode is **read-only** \u2014 the Assess half of Terramend's one-engine-two-modes design. It reports posture; it never fixes. Do NOT edit Terraform, commit, push, or open a PR/issue in this mode. If the findings warrant a fix, say so and recommend re-running in \`remediate\` mode.
+
+1. **task list**: create your task list for this run as your first action.
+
+2. **assess**: call \`${t("terraform_assess")}\`. It runs the scanners and returns a deterministic \`scorecard\` (overall \`posture\`, \`by_severity\` counts, \`top_risks\`, and an indicative compliance-crosswalk summary) plus a ready-to-post \`markdown\` report. This is the core deliverable \u2014 built from tool results, not your own judgement.
+
+3. **optional lenses** (fold each into the report only when it actually ran):
+   - \`${t("infracost_diff")}\` \u2014 current monthly cost (auto-skips without \`INFRACOST_API_KEY\`/the CLI).
+   - \`${t("terraform_version_currency")}\` \u2014 provider/module pins that are outdated or unpinned.
+   - \`${t("terraform_emit_sarif")}\` \u2014 when the workflow has a SARIF upload step, emit \`terramend.sarif\` so every concern also lands in the repo's Security tab (read-only, complementary).
+
+4. **report**: call \`${t("report_progress")}\` once with the assessment. Use the \`markdown\` from \`${t("terraform_assess")}\` as the base (it carries the posture banner, severity counts, top risks, and the indicative-crosswalk note verbatim \u2014 do not soften or inflate it), then append one-line **Cost** / **Version currency** notes if those lenses ran. If \`${t("set_output")}\` is available (standalone runs), also emit the structured result (\`posture\`, \`total\`, \`by_severity\`, the touched \`frameworks\`) so a CI step can gate on \`posture\`.
+
+5. **guardrails**: never modify \`*.tf\`/\`*.tfvars\`, never push, never open a PR or issue. The assessment is the only deliverable.`
     },
     {
       name: "Remediate",
-      description: "Bring a repository's Terraform up to best practice: scan with the deterministic check tools, then open one scoped, reviewable PR per concern that fixes it and proves it fixed (\u2717\u2192\u2713).",
+      description: "Bring a repository's Terraform up to best practice: scan with the deterministic check tools, then open one scoped, reviewable PR per concern that fixes it and proves each fix by re-scanning (\u2705).",
       prompt: `### Checklist
 
 1. **task list**: create your task list for this run as your first action.
@@ -1287,6 +1345,8 @@ ${PR_SUMMARY_FORMAT}`
 
    **Comment command (\xA73.12)**: when this run was triggered by a \`@terramend fix \u2026\` comment, the triggering body is in your prompt \u2014 honour the requested scope INSTEAD of "highest-severity group": \`fix #<concern-id>\` \u2192 act only on the group containing that concern id; \`fix all <severity>-severity\` \u2192 set the scan \`severity_threshold\` to that level and act on those groups (up to \`max_prs\`); \`fix <file>.tf\` \u2192 act on that file's group; \`fix all\` \u2192 act on the highest-severity groups up to \`max_prs\`. If the comment isn't a recognised fix command, fall back to the default scope. A **strategy suffix** \u2014 \`fix #<concern-id> with strategy B\` (or a bare \`strategy B\` reply on a proposal thread) \u2014 additionally tells you **which** fix to apply: see \xA726 in step 4.
 
+   **Bulk remediation (\xA737 \u2014 \`fix rule <rule-id>\` / \`fix all rule <rule-id>\`)**: a request to fix ONE scanner rule everywhere it fires (e.g. \`@terramend fix rule CKV_AWS_23\` \u2014 "add a description to every security group", or \`fix rule terraform_required_version\`). Re-scan with \`group_by: "rule"\` (\xA73.11) so that rule becomes ONE group spanning every file, then act on the single group whose \`rule_ids\` include \`<rule-id>\` \u2014 apply the SAME minimal fix at every site in its \`files\` and open ONE coherent PR (not one per file). This is the sweep path; still honour \`max_prs\` and never batch a \`needs-human\` group. Cite each fixed site in the PR body.
+
 4. **for the chosen group**:
    - **base branch**: this run's base branch is resolved deterministically \u2014 \`${t("create_pull_request")}\` targets the \`base_branch\` input if set, else the repository's default branch (\`main\`, or \`master\`). You do not choose it; just **omit** the \`base\` argument when opening the PR (below) and it is filled in.
    - **idempotency**: the remediation branch is \`remediate/<group-id>\`. Before doing anything, check whether that branch or an open PR for it already exists (\`${t("git")}\` / \`${t("get_pull_request")}\`). If one exists, update it rather than opening a duplicate.
@@ -1294,6 +1354,10 @@ ${PR_SUMMARY_FORMAT}`
    - **honest refusal (\xA729 \u2014 decide BEFORE fixing)**: if the group's concerns appear in the scan's \`refusal_candidates\` (the fix needs a human decision \u2014 narrowing an IAM wildcard, a KMS key policy, a real ingress CIDR), do **not** guess a fix that could break the stack. Instead open a structured issue (\`${t("create_issue")}\`) describing the concern, why it isn't auto-fixed, and what a human should do, and skip the PR for that group. A proven fix or an honest refusal \u2014 never a guessed, unverifiable PR.
    - **propose, then let me steer (\xA726 \u2014 when there's no single right fix)**: distinct from \xA729 (which refuses a fix a human must *decide*), \xA726 is for a finding with **2\u20133 genuinely distinct, defensible fixes** that differ in trade-offs, not correctness (e.g. encrypt with an AWS-managed key **vs** a customer-managed KMS key; a narrow security-group rule **vs** a prefix list **vs** a VPC endpoint). When such a fork exists **and the triggering comment did not already select a strategy**, do **not** silently pick for the reviewer: via \`${t("create_issue_comment")}\` post one short comment listing the options as **A / B / C** \u2014 each a single line (what it does + its trade-off) \u2014 and ask the reviewer to reply \`@terramend fix #<concern-id> with strategy <A|B|C>\`. Then **skip the PR for this group** this run and note it in your final report (it resumes when the reviewer replies). When the comment **did** select one (\`fix #<id> with strategy B\`, or a bare \`strategy B\` reply on the proposal thread), apply **exactly** that strategy \u2014 don't second-guess it. Reserve this for real forks in the road; a fix with one obvious correct answer just gets made.
    - **fix**: edit the group's file(s), using your native file tools. For a by-file group that's the single \`file\`; for a **by-rule group (\xA73.11)** it's every entry in \`files\` (fix the one rule everywhere it fires). Resolve **every** concern in the group \u2014 when the scan's \`co_located\` shows several scanners flagged the same \`file:line\` (\xA730), they're one underlying defect: write ONE canonical fix and one explanation, not separate edits. **Only touch \`*.tf\` / \`*.tfvars\` files.** Make the smallest changes that clear the concerns \u2014 do NOT reformat or refactor unrelated code (see *SYSTEM* surgical-change rules). **Module-source awareness (\xA74.14):** call \`${t("terraform_module_graph")}\` first \u2014 if the concern's file is inside a \`local_module_dir\`, fix it ONCE at the module source (it propagates to all callers; note them in the PR); if the fix would require editing a registry/git/remote module, you can't fix it here \u2014 report it (open an issue naming the upstream module + version) instead. **Approved modules (\xA74.14):** call \`${t("list_modules")}\` and prefer a catalogue module (registry or house, pinned) when the fix is genuinely a module swap \u2014 but for a one-line fix on an existing raw resource, fix it in place. **Provider-major awareness (\xA74.15):** before introducing an argument or block, check \`terraform_validate\`'s \`providers\` list for the pinned \`major\` \u2014 argument names and valid blocks differ across majors. After the dir is init-ed (validate/plan ran), you can **verify an argument exists** for the installed provider with \`${t("terraform_provider_schema")}\` (pass the resource type + the arg names you added; it returns any \`unknown_args\` that would break \`plan\`). **Reusing a module?** call \`${t("terraform_module_interface")}\` on its dir to get its real \`variable\` names + which are required, so the \`module\` block you write is correct.
+   - **fix QUALITY \u2014 a real fix, not a scanner-silencer (enterprise bar)**: the goal is infrastructure that is *actually* safer, not Terraform that merely stops tripping the scanner. Three rules:
+     - **Secure defaults, never a hidden-insecure one.** When you parameterise a hardcoded value (\xA74.13), the new \`variable\`'s \`default\` must be the SECURE choice, or have **no \`default\`** (forcing the operator to set it). NEVER preserve the insecure value as the default \u2014 e.g. replacing \`cidr_blocks = ["0.0.0.0/0"]\` with \`var.allowed_cidr_blocks\` *defaulting to \`["0.0.0.0/0"]\`* is not a fix: the deployed behaviour is identical and you've just moved the problem somewhere a scanner may not see it. If the secure value genuinely needs a human decision, this is an honest-refusal (\xA729) / propose-then-steer (\xA726) case, not a default-to-insecure.
+     - **Optional-input resources must be conditional.** If a fix adds a resource or block that only works when an OPTIONAL input is set (e.g. an HTTPS listener that needs \`var.ssl_certificate_arn\`, which defaults to \`null\`), gate it with \`count\`/\`for_each\` or a \`dynamic\` block so it is NOT emitted \u2014 and cannot break \`plan\`/\`apply\` \u2014 when the input is unset. Do not write an always-present resource that references a null/empty value, and never claim in the PR that something is "only active when set" unless the HCL actually makes it conditional. Remember \`${t("terraform_validate")}\` can pass on HCL that still fails at \`plan\`/\`apply\` \u2014 your claim of conditionality must be in the code, not just the prose.
+     - **Modernise, don't perpetuate (\xA74.15).** Call \`${t("terraform_version_currency")}\` and, when you must add a \`required_providers\`/\`required_version\` block, pin a CURRENT supported major, not an ancient one chosen only to match legacy code. Flag (in the PR body, as a follow-up \u2014 not necessarily fixed in this scoped PR) deprecated patterns the scanners don't encode: the archived \`hashicorp/template\` provider + \`data "template_file"\` (modern: the built-in \`templatefile()\` function), \`aws_launch_configuration\` (\u2192 \`aws_launch_template\`), and any provider/module pin that is several majors behind. A best-practice fix should not entrench an EOL provider.
    - **keep the module's tests/examples consistent (\xA728 \u2014 only when you fixed a reusable module)**: if the file(s) you changed live inside a \`local_module_dir\` (from \`${t("terraform_module_graph")}\`) AND your fix changed the module's public interface (added/removed/renamed a \`variable\`, tightened a type), call \`${t("terraform_module_tests")}\` with that module dir. It returns the module's existing \`examples/\` fixtures + \`terraform test\` (\`*.tftest.hcl\`) / Go Terratest files and the \`drift\` per asset \u2014 \`missing_required\` (a variable the asset must now set) and \`unknown_set\` (a variable the asset references that no longer exists). Update **exactly** the drifting assets so they match the new interface; **never weaken, delete, or comment out an assertion just to make a test pass** \u2014 a fix that breaks a module's contract is the test doing its job, so correct the fix or the fixture, not the assertion. \`examples/\` are \`*.tf\` (always within the push allow-list); native \`*.tftest.hcl\` / Go \`*_test.go\` files are only pushable when the \`terratest\` input is enabled \u2014 when it isn't and only those drift, note the needed test update in the PR body for a human rather than leaving the module's own tests broken. Skip this entirely for a one-off raw-resource fix that doesn't touch a module interface.
    - **validate**: call \`${t("terraform_validate")}\`. If it does not pass, fix what it reports or abandon this group \u2014 **never open a PR whose validate did not pass**. Its \`providers\` field carries the pinned provider majors (use them as above). It also returns \`unknown_arguments\` (\xA74.15-next): arguments you wrote that are NOT in the installed provider's schema and would break \`plan\` \u2014 treat any entry as a must-fix (correct the argument for the pinned major) even though \`passed\` doesn't gate on it. \`schema_checked: false\` means the schema wasn't available (rely on \`${t("terraform_plan")}\` then).
    - **policy gate (optional, \xA73.5)**: if the repo ships policy-as-code (a \`policy/\`, \`policies/\`, or \`.conftest\` dir of Rego), call \`${t("policy_check")}\` \u2014 it runs \`conftest\` against the plan JSON. It degrades green (\`ok: false\`) when conftest or a policy dir is absent. When it returns \`passed: false\`, treat it exactly like a failed validate: fix the violation (listed in \`failures\`) or label the PR \`needs-human\` and surface it \u2014 never push past a policy denial.
@@ -1305,7 +1369,7 @@ ${PR_SUMMARY_FORMAT}`
      - **full plan (\`plan_text\`, \xA71.2)**: when present, attach it to the PR body as a collapsed \`<details><summary>Plan</summary>\\n\\n\\\`\\\`\\\`\\n\u2026\\n\\\`\\\`\\\`\\n</details>\` block so a reviewer can see the exact planned change without re-running it.
    - **commit + push**: \`git add\` only the file you changed, commit with a message naming the file and the key rules (e.g. \`fix(tf): harden main.tf \u2014 S3 encryption + block public access\`), then \`${t("push_branch")}\` (same push/prepush guidance as Build mode in *SYSTEM*).
    - **open PR \u2014 with a COMPLETE body (MANDATORY)**: \`${t("create_pull_request")}\` (omit \`base\` \u2014 it resolves to the run's base branch above). The PR body is the primary deliverable a human reviews \u2014 open the PR **with a full body**, never a placeholder you intend to fill in later. At an absolute minimum the body MUST explain, in plain English: (a) **what was wrong** \u2014 each concern by \`rule_id\` + its \`evidence\`; and (b) **what you changed** to fix each one, and why it's safe. Build it with the **Remediation PR format** at the end of this checklist (status banner \u2192 title + badges \u2192 \`## What changed\` with the \xA75.17 *Was / Changed / Safe because* note per concern). \u26A0\uFE0F \`${t("report_progress")}\` writes the GitHub Actions **job summary**, which is NOT the PR body \u2014 a good job summary does **not** substitute for a complete PR body. If you only have time/budget for one, the PR body wins.
-   - **prove it (\u2717\u2192\u2713)**: call \`${t("terraform_verify_remediation")}\` with the group's \`concern_ids\`. It re-runs the scanners and returns the authoritative \`resolved\` / \`remaining\` sets and a \`verified\` flag \u2014 this is the proof, do NOT eyeball a scan or self-report. Then \`${t("update_pull_request_body")}\` to add a "Validation" section built **from that result**: one \`\u2717 \u2192 \u2713 <rule_id> resolved\` line per id in \`resolved\`, and list every id in \`remaining\` honestly as still-open. Never mark a concern \u2713 unless the tool returned it in \`resolved\`. Act on two more fields it returns:
+   - **prove it (re-scan)**: call \`${t("terraform_verify_remediation")}\` with the group's \`concern_ids\`. It re-runs the scanners and returns the authoritative \`resolved\` / \`remaining\` sets and a \`verified\` flag \u2014 this is the proof, do NOT eyeball a scan or self-report. Then \`${t("update_pull_request_body")}\` to add a "Validation" section built **from that result**: one \`\u2705 <rule_id> resolved\` line per id in \`resolved\`, and list every id in \`remaining\` honestly as still-open. Never put a \u2705 on a concern unless the tool returned it in \`resolved\`. Act on two more fields it returns:
      - **regressions (\xA71.4)**: when \`has_regressions\` is true, the fix INTRODUCED new concerns (listed in \`regressions\`) that weren't there before \u2014 it traded one defect for another. Add a prominent **\u26A0\uFE0F Regression** callout listing them, add the \`needs-human\` label (\`${t("add_labels")}\`), and prefer reworking the fix to remove the regression before relying on the PR.
      - **confidence (\xA75.19)**: render the returned \`confidence\` (high/medium/low) as a one-line badge in the PR body (e.g. \`Confidence: high\`) with its \`confidence_reasons\`. It is computed deterministically from the verification evidence (verified + no regressions + plan idempotency + blast radius + cost) \u2014 report it verbatim, do NOT inflate it.
    - **per-finding explanation (\xA75.17)**: in the PR body, give each resolved concern a short three-line note \u2014 **Was** (what the scanner flagged, from its \`evidence\`), **Changed** (what your fix did), **Safe because** (why it's correct/non-breaking) \u2014 and hyperlink the \`rule_id\` to its documentation. The scan output carries a \`doc_url\` per concern (and \`doc_urls\` per group); use it, falling back to the concern's \`remediation_hint\` when no \`doc_url\` is present.
@@ -1315,7 +1379,7 @@ ${PR_SUMMARY_FORMAT}`
 
 5. **guardrails** (always): one scoped PR per group, never a mega-PR spanning multiple files; **never auto-merge** and always leave the PR for human review; never modify files outside \`*.tf\` / \`*.tfvars\`.
 
-6. **finalize**: call \`${t("report_progress")}\` once with a summary \u2014 which file/group was fixed, the PR link, and the \u2717\u2192\u2713 result (or the exact tool error if push/PR creation failed).
+6. **finalize**: call \`${t("report_progress")}\` once with a summary \u2014 which file/group was fixed, the PR link, and the validation result (resolved \u2705 / still-open) (or the exact tool error if push/PR creation failed).
 
    **SARIF for code-scanning (optional, \xA73.5)**: when the workflow has a SARIF upload step (it grants \`security-events: write\` and runs \`github/codeql-action/upload-sarif\` on a \`terramend.sarif\`), call \`${t("terraform_emit_sarif")}\` once at the end so the full scan also lands in the repo's Security tab \u2014 complementary to the fix PR, not a replacement for it.
 
@@ -1380,7 +1444,7 @@ ${REMEDIATION_PR_FORMAT}`
 
 8. **finalize**:
    - confirm a clean working tree (only your new \`*.tf\`/\`*.tfvars\` files), then push via \`${t("push_branch")}\` (same push/prepush guidance as Build mode in *SYSTEM*).
-   - open a PR via \`${t("create_pull_request")}\` (omit \`base\` \u2014 it resolves to the run's base branch above). Use the **Remediation PR format** conventions (the same status banner + badge row + \`## What changed\` shape, and the body-wide rules) ADAPTED for generation: the body states the requirement, what was generated, the key best-practice choices (security defaults, parameters, modules, pinned versions) and any assumptions; the badge row carries \`Plan\`/\`Cost\` when those tools ran; and in place of the \`## Validation (\u2717 \u2192 \u2713)\` section put a \`## Validation\` line stating \`terraform_validate\` passed and \`terraform_scan\` is clean (self-scan: 0 concerns).
+   - open a PR via \`${t("create_pull_request")}\` (omit \`base\` \u2014 it resolves to the run's base branch above). Use the **Remediation PR format** conventions (the same status banner + badge row + \`## What changed\` shape, and the body-wide rules) ADAPTED for generation: the body states the requirement, what was generated, the key best-practice choices (security defaults, parameters, modules, pinned versions) and any assumptions; the badge row carries \`Plan\`/\`Cost\` when those tools ran; and in place of the \`## Validation\` proof list put a \`## Validation\` line stating \`terraform_validate\` passed and \`terraform_scan\` is clean (self-scan: 0 concerns).
    - **never auto-merge** \u2014 leave the PR for human review.
    - call \`${t("report_progress")}\` once with the PR link (or the exact tool error if push/PR creation failed).
 

package/dist/mcp/assess.d.ts

@@ -0,0 +1,86 @@
+import { type CrosswalkReport } from "#app/mcp/crosswalk";
+import type { LocalToolContext } from "#app/mcp/localContext";
+import { type Concern, type ScannerOutcome, type Severity } from "#app/mcp/terraform/types";
+import { type VerificationSummary } from "#app/mcp/terraform/verification";
+import { type ResolvedToolSelection } from "#app/utils/toolSelection";
+/**
+ * Assess pillar — the read-only product (roadmap pillar 3). Terramend's scanner
+ * engine has two modes off ONE codebase: Remediate = engine + fix loop + verify;
+ * **Assess = engine, read-only**. This surfaces that read-only half as a
+ * first-class deliverable: run the deterministic scanners, normalise into the
+ * findings schema, map to the compliance crosswalk (§23), and produce a
+ * **scorecard** + an auditor-facing markdown report — WITHOUT touching the
+ * Terraform or opening a PR. No cloud credentials, no writes.
+ *
+ * The scorecard is deterministic (computed from tool results, never the model's
+ * word) so a CI gate can branch on `posture` and an assessor gets a reproducible,
+ * framework-mapped report.
+ */
+export type AssessPosture = "clean" | "advisory" | "action-required";
+export interface AssessTopRisk {
+    rule_id: string;
+    severity: Severity;
+    file: string;
+    line: number | null;
+    evidence: string;
+}
+export interface AssessmentScorecard {
+    /** clean (0 concerns) · advisory (only medium/low/info) · action-required (≥1 critical/high). */
+    posture: AssessPosture;
+    total: number;
+    by_severity: Record<Severity, number>;
+    /** highest-severity concerns first, capped — the "what to look at first" list. */
+    top_risks: AssessTopRisk[];
+    compliance: {
+        /** frameworks this scan touched (from the crosswalk's by_framework index). */
+        frameworks: string[];
+        /** distinct controls touched across all frameworks. */
+        controls_touched: number;
+        /** concerns that mapped to ≥1 control vs none (honest coverage signal). */
+        mapped: number;
+        unmapped: number;
+        version: string;
+        reviewed: string;
+    };
+    /** five-status verification taxonomy: per-concern fail / not-code-verifiable +
+     * the scanner coverage (verified vs inconclusive). Keeps a "clean" posture
+     * honest — e.g. "clean, but tflint inconclusive (not run)". */
+    verification: VerificationSummary;
+}
+/** posture from the severity distribution: any critical/high ⇒ action-required;
+ * any lower-severity concern ⇒ advisory; nothing ⇒ clean. */
+export declare function assessPosture(bySeverity: Record<Severity, number>): AssessPosture;
+/**
+ * Build the deterministic assessment scorecard from a scan's concerns + their
+ * crosswalk report. Pure. `concerns` should be the severity-sorted, deduped,
+ * Terraform-only set; `crosswalk` is `buildCrosswalkReport(concerns)`.
+ */
+export declare function buildAssessment(concerns: Concern[], crosswalk: CrosswalkReport, verification: VerificationSummary): AssessmentScorecard;
+/**
+ * Render the scorecard as a deterministic, auditor-facing markdown report (the
+ * Assess deliverable). Built entirely from the scorecard so it's reproducible and
+ * model-independent. Pure.
+ */
+export declare function renderAssessmentMarkdown(s: AssessmentScorecard): string;
+export declare const TerraformAssessParams: import("arktype/internal/variants/object.ts").ObjectType<{
+    severity_threshold?: "critical" | "high" | "medium" | "low" | "info";
+}, {}>;
+/** the full read-only assessment pipeline: scan (honouring the §1.5 licence gate
+ * + module-fetch credential) → crosswalk → verification taxonomy → scorecard.
+ * Shared by `terraform_assess` and the evidence-bundle emitter so both report the
+ * identical posture from the identical toolchain. Pure-ish (only the scanners do
+ * I/O); no writes. */
+export declare function runAssessmentPipeline(ctx: LocalToolContext, threshold: Severity): {
+    cwd: string;
+    selection: ResolvedToolSelection;
+    outcomes: ScannerOutcome[];
+    concerns: Concern[];
+    crosswalk: CrosswalkReport;
+    verification: VerificationSummary;
+    scorecard: AssessmentScorecard;
+};
+export declare function TerraformAssessTool(ctx: LocalToolContext): import("fastmcp").Tool<any, import("@standard-schema/spec").StandardSchemaV1<{
+    severity_threshold?: "critical" | "high" | "medium" | "low" | "info";
+}, {
+    severity_threshold?: "critical" | "high" | "medium" | "low" | "info";
+}>>;

package/dist/mcp/changeSummary.d.ts

@@ -0,0 +1,50 @@
+import type { ToolContext } from "#app/mcp/server";
+/**
+ * §36 AI PR summaries — the deterministic Terraform-change anchor. A PR summary
+ * written purely by the model drifts (miscounts resources, invents changes). This
+ * parses the PR's unified diff for Terraform BLOCK changes (which resource /
+ * module / data / variable / output addresses were added or removed, which files
+ * were touched) so the human-readable summary is anchored to facts, not prose.
+ *
+ * Pure parser (`summarizeTerraformResourceDiff`) + a tool that runs the
+ * merge-base diff and feeds it in. Block ADDED/REMOVED is precise (a block header
+ * on a +/- line); in-place edits to an existing block surface as a touched FILE
+ * (attributing a sub-block edit to a specific address needs full-file parsing —
+ * we stay honest and report the file rather than guess).
+ */
+export interface TerraformChangeSummary {
+    /** addresses of blocks added in this diff (e.g. `aws_s3_bucket.logs`, `module.vpc`). */
+    added: string[];
+    /** addresses of blocks removed in this diff. */
+    removed: string[];
+    /** Terraform files touched (a superset signal — includes in-place edits). */
+    files: string[];
+    counts: {
+        added: number;
+        removed: number;
+        files: number;
+    };
+}
+/**
+ * Parse a Terraform block header into its address, or null when the line is not a
+ * top-level block header. Handles two-label blocks (`resource`/`data`) and
+ * single-label blocks (`module`/`variable`/`output`/`provider`). The line is the
+ * raw HCL (diff +/- prefix already stripped). Pure.
+ */
+export declare function parseBlockAddress(line: string): string | null;
+/**
+ * Summarise a unified `git diff` into added/removed Terraform block addresses +
+ * the touched Terraform files. Tracks the current file from `+++ b/<path>`
+ * headers and only considers `.tf`/`.tfvars` files. Pure; deterministic ordering
+ * (sorted, de-duplicated). A block counted as both added and removed (moved) is
+ * left in both lists — the prose can describe the move.
+ */
+export declare function summarizeTerraformResourceDiff(diff: string): TerraformChangeSummary;
+export declare const TerraformChangeSummaryParams: import("arktype/internal/variants/object.ts").ObjectType<{
+    base?: string;
+}, {}>;
+export declare function TerraformChangeSummaryTool(ctx: ToolContext): import("fastmcp").Tool<any, import("@standard-schema/spec").StandardSchemaV1<{
+    base?: string;
+}, {
+    base?: string;
+}>>;

package/dist/mcp/crosswalk.d.ts

@@ -1,4 +1,5 @@
 import type { ToolContext } from "#app/mcp/server";
+import { type ConcernVerificationStatus } from "#app/mcp/terraform/verification";
 /**
  * Compliance crosswalk (§differentiator 23 — "explain like I'm the auditor", the
  * seed of the Part-6 moat). Maps a best-practice concern → the control families
@@ -56,6 +57,10 @@ export interface CrosswalkEntry {
     rule_id: string;
     themes: string[];
     controls: ControlRef[];
+    /** the five-status verdict for this control statement: `fail` (code-verified
+     * violation) or `not-code-verifiable` (a human-decision control the engine can
+     * flag but not prove). Lets an assessor read the crosswalk honestly. */
+    status: ConcernVerificationStatus;
 }
 export interface CrosswalkReport {
     version: string;

package/dist/mcp/localContext.d.ts

@@ -13,7 +13,7 @@ import type { ResolvedPayload } from "#app/utils/payload";
  * needs more (octokit, push, PR state) belongs on `ToolContext`, not here.
  */
 export interface LocalToolContext {
-    payload: Pick<ResolvedPayload, "cwd" | "scanScope" | "severityThreshold" | "autonomyThreshold" | "costIncreaseBlockUsd" | "moduleCatalogue">;
+    payload: Pick<ResolvedPayload, "cwd" | "scanScope" | "severityThreshold" | "autonomyThreshold" | "costIncreaseBlockUsd" | "moduleCatalogue" | "toolsEnabled" | "gitleaks" | "terratest" | "terraformMcp" | "moduleFetchToken">;
     toolState: ToolState;
     tmpdir: string;
 }

package/dist/mcp/terraform/evidence.d.ts

@@ -0,0 +1,99 @@
+import { type AssessmentScorecard } from "#app/mcp/assess";
+import type { CrosswalkReport } from "#app/mcp/crosswalk";
+import type { LocalToolContext } from "#app/mcp/localContext";
+import { type VerificationStatus, type VerificationSummary } from "#app/mcp/terraform/verification";
+/**
+ * Backend-free compliance evidence bundle (the WS4a wedge — an auditor-facing
+ * artifact the OSS action can emit with **zero cloud and no backend**, committed
+ * to a `compliance/` path). It packages the read-only assessment — posture,
+ * per-control statements with their five-status verdict ([[verification]]), the
+ * crosswalk index, and the scanner coverage — into one deterministic JSON file.
+ *
+ * SCHEMA / HONESTY: this is Terramend's OWN structured schema, NOT OSCAL. A
+ * strict OSCAL (or compliance-trestle / C2P) emitter is a deliberate follow-up,
+ * gated on a buyer who actually needs OSCAL — emitting OSCAL nobody consumes is
+ * cost without value. The bundle is INDICATIVE alignment guidance, never an audit
+ * verdict, and it never claims `pass` for an unfired control (absence of a
+ * finding is not proof). Pure builder + a thin file-writing tool.
+ */
+export declare const EVIDENCE_SCHEMA: "terramend-evidence/v0.1";
+export declare const DEFAULT_EVIDENCE_PATH = "compliance/terramend-evidence.json";
+export interface EvidenceControlStatement {
+    concern_id: string;
+    rule_id: string;
+    /** the five-status verdict for this statement (fail / not-code-verifiable). */
+    status: VerificationStatus;
+    severity?: string | undefined;
+    file?: string | undefined;
+    line?: number | null | undefined;
+    controls: {
+        framework: string;
+        control: string;
+        title: string;
+    }[];
+}
+export interface EvidenceBundle {
+    /** Terramend's own schema id — explicitly NOT OSCAL (see module note). */
+    schema: typeof EVIDENCE_SCHEMA;
+    /** caller-supplied ISO timestamp (kept out of the builder so it stays pure). */
+    generated_at: string;
+    tool: {
+        name: "terramend";
+        version: string;
+    };
+    subject: {
+        scanned_dir: string;
+        repo?: string | undefined;
+        ref?: string | undefined;
+        commit?: string | undefined;
+    };
+    posture: AssessmentScorecard["posture"];
+    summary: {
+        total: number;
+        by_severity: AssessmentScorecard["by_severity"];
+        verification: VerificationSummary["counts"];
+    };
+    /** one statement per mapped concern, each carrying its status + controls. */
+    control_statements: EvidenceControlStatement[];
+    /** which scanners code-verified vs which were inconclusive (coverage gaps). */
+    coverage: VerificationSummary["coverage"];
+    crosswalk: {
+        version: string;
+        reviewed: string;
+        by_framework: CrosswalkReport["by_framework"];
+    };
+    /** the five-status legend, so the bundle is self-describing for an assessor. */
+    legend: Record<VerificationStatus, string>;
+    disclaimer: string;
+}
+export interface EvidenceSubject {
+    scanned_dir: string;
+    repo?: string | undefined;
+    ref?: string | undefined;
+    commit?: string | undefined;
+}
+/**
+ * Build the evidence bundle from an assessment's scorecard + crosswalk. Pure —
+ * `generatedAt` and the subject identifiers are passed in so the same inputs
+ * always produce the same bytes (and tests don't need a clock). Control
+ * statements come from the crosswalk entries (which already carry the
+ * verification status), enriched with the concern's severity/location.
+ */
+export declare function buildEvidenceBundle(args: {
+    scorecard: AssessmentScorecard;
+    crosswalk: CrosswalkReport;
+    subject: EvidenceSubject;
+    generatedAt: string;
+    version?: string;
+}): EvidenceBundle;
+export declare const TerraformEmitEvidenceParams: import("arktype/internal/variants/object.ts").ObjectType<{
+    output_path?: string;
+    severity_threshold?: "critical" | "high" | "medium" | "low" | "info";
+}, {}>;
+export declare function TerraformEmitEvidenceTool(ctx: LocalToolContext): import("fastmcp").Tool<any, import("@standard-schema/spec").StandardSchemaV1<{
+    output_path?: string;
+    severity_threshold?: "critical" | "high" | "medium" | "low" | "info";
+}, {
+    output_path?: string;
+    severity_threshold?: "critical" | "high" | "medium" | "low" | "info";
+}>>;

package/dist/mcp/terraform/scanners.d.ts

@@ -1,4 +1,5 @@
 import { type Concern, type ScannerOutcome } from "#app/mcp/terraform/types";
+import { type ResolvedToolSelection } from "#app/utils/toolSelection";
 export declare function scanFmt(cwd: string): ScannerOutcome;
 /** `terraform fmt -check -list=true` prints one unformatted file path per line. */
 export declare function parseFmtOutput(stdout: string, cwd?: string): Concern[];
@@ -8,7 +9,7 @@ export declare function parseFmtOutput(stdout: string, cwd?: string): Concern[];
  * whole tree), so a multi-root repo only catches subdir-root validate errors
  * when we visit each root.
  */
-export declare function scanValidate(cwd: string): ScannerOutcome;
+export declare function scanValidate(cwd: string, extraEnv?: Record<string, string>): ScannerOutcome;
 /** parse `terraform validate -json`; keeps real errors, drops uninitialized-dir noise. */
 export declare function parseValidateOutput(stdout: string, cwd?: string): Concern[];
 export interface ProviderRequirement {
@@ -95,9 +96,20 @@ export declare function parseCheckovOutput(stdout: string, cwd?: string): Concer
  * the base can't be determined (caller then falls back to a full scan).
  */
 export declare function changedTerraformFiles(cwd: string): Set<string> | null;
+export interface RunScannersOptions {
+    /** §1.5 — the resolved tool selection. A scanner whose tool is gated/disabled
+     * is reported as a `skipped` outcome (with the licence/disable reason) instead
+     * of running, so `terraform_scan` and the ✗→✓ verifier see the SAME toolchain. */
+    selection?: ResolvedToolSelection | undefined;
+    /** §1.5 — module-fetch credential env, threaded into `terraform validate`'s
+     * init so a private cross-repo `git::` module resolves during a scan. */
+    terraformEnv?: Record<string, string> | undefined;
+}
 /** run every scanner once over `cwd`. shared by `terraform_scan` and the
- * deterministic remediation verifier so both see the identical toolchain. */
-export declare function runScanners(cwd: string): ScannerOutcome[];
+ * deterministic remediation verifier so both see the identical toolchain. A
+ * scanner the selection has turned off is emitted as `skipped` (never run), so
+ * the gate applies identically to the scan and its verification re-scan. */
+export declare function runScanners(cwd: string, opts?: RunScannersOptions): ScannerOutcome[];
 export interface RemediationVerdict {
     /** true only when every original concern id is absent from the re-scan. */
     verified: boolean;
@@ -129,3 +141,26 @@ export declare function computeRemediationVerdict(originalConcernIds: string[],
  * Returns sorted ids for a stable PR body.
  */
 export declare function computeRegressions(baselineConcernIds: Iterable<string>, currentConcernIds: Iterable<string>): string[];
+/**
+ * Line-INDEPENDENT ✗→✓ partition (the integrity-preserving replacement for the
+ * raw-id `computeRemediationVerdict` when scan context is available). Each
+ * requested entry carries its display `id` and its `key` (see `concernKeyOf`);
+ * a concern is `remaining` iff its KEY still appears in the re-scan, else
+ * `resolved`. Because a fix that shifts lines keeps the same (source|rule|file)
+ * key, an unfixed concern can no longer be mis-reported as resolved. Pure.
+ */
+export declare function partitionByKey(requested: {
+    id: string;
+    key: string;
+}[], currentKeys: Set<string>): RemediationVerdict;
+/**
+ * Line-INDEPENDENT regression set: one representative current concern id per KEY
+ * present in the re-scan but absent from the pre-fix baseline keys. A pre-existing
+ * concern that merely shifted to a new line (same key) is NOT a regression — only
+ * a genuinely new (rule, file) defect is. Replaces the raw-id `computeRegressions`
+ * for the integrity path. Pure; returns sorted ids for a stable PR body.
+ */
+export declare function regressionIdsByKey(current: {
+    id: string;
+    key: string;
+}[], baselineKeys: Set<string>): string[];

package/dist/mcp/terraform/types.d.ts

@@ -46,6 +46,22 @@ export declare const SEVERITIES: readonly ["critical", "high", "medium", "low",
 export type Severity = (typeof SEVERITIES)[number];
 export declare const SEVERITY_RANK: Record<Severity, number>;
 export declare function concernId(source: string, ruleId: string, file: string, line: number | null): string;
+/**
+ * A LINE-INDEPENDENT identity for a concern — which rule fires in which file,
+ * ignoring the exact line. Two instances of the same rule in the same file at
+ * different lines share a key.
+ *
+ * The full content `id` keys on the line so it's unique per instance (right for
+ * SARIF alerts + branch naming), but that makes it UNSTABLE under a fix: almost
+ * every fix adds or removes lines, shifting every concern below it to a new line
+ * → a new id. If ✗→✓ verification compared raw ids, a shifted-but-unfixed concern
+ * would look RESOLVED (old id gone) and simultaneously look like a REGRESSION
+ * (new id appeared) — a false attestation either way. `terraform_verify_remediation`
+ * compares on this key instead, so a line shift can't fabricate a resolution or a
+ * regression. Derived identically to `id` minus the line (same bare-rule
+ * normalization) so keys match across the original scan and the re-scan.
+ */
+export declare function concernKeyOf(c: Pick<Concern, "source" | "rule_id" | "location">): string;
 /**
  * Normalize a scanner-reported path to a repo-relative POSIX path. Each scanner
  * reports the file differently — tflint gives `main.tf` (relative), trivy a

package/dist/mcp/terraform/verification.d.ts

@@ -0,0 +1,74 @@
+import type { Concern, ScannerOutcome } from "#app/mcp/terraform/types";
+/**
+ * Five-status verification taxonomy (the auditor-credibility win the evidence
+ * pack + crosswalk both lean on). The point is HONESTY: never let "no finding"
+ * read as "compliant", and never claim the engine proved something it cannot see
+ * from code. Every assessment statement carries exactly one of these:
+ *
+ *   - `pass`                — a check ran and code-verified compliance.
+ *   - `fail`                — a check ran and code-verified a violation.
+ *   - `not-applicable`      — the control does not apply to the resources present.
+ *   - `inconclusive`        — a relevant check did NOT run (gated / not installed /
+ *                             unparseable). A coverage gap, never silently a pass.
+ *   - `not-code-verifiable` — the control needs human / process evidence
+ *                             (governance, training, a key-policy decision); IaC
+ *                             scanning structurally cannot prove it either way.
+ *
+ * What this engine asserts today: `fail` and `not-code-verifiable` per concern,
+ * and `inconclusive` per scanner that didn't run. It deliberately does NOT
+ * fabricate `pass` / `not-applicable` for controls nothing fired on — absence of
+ * a finding is not proof, and over-claiming is exactly what costs credibility
+ * with an assessor. The two reserved statuses are part of the shared vocabulary
+ * for the evidence consumer (and a future full-framework crosswalk). Pure.
+ */
+export declare const VERIFICATION_STATUSES: readonly ["pass", "fail", "not-applicable", "inconclusive", "not-code-verifiable"];
+export type VerificationStatus = (typeof VERIFICATION_STATUSES)[number];
+/** one-line legend per status — for the report / evidence bundle. */
+export declare const VERIFICATION_STATUS_LABEL: Record<VerificationStatus, string>;
+/** the statuses the engine asserts per concern (a concern is always one or the
+ * other — it fired, the only question is whether code can prove the fix). */
+export type ConcernVerificationStatus = Extract<VerificationStatus, "fail" | "not-code-verifiable">;
+/**
+ * Classify one concern: a code-verified violation (`fail`) — UNLESS its
+ * remediation is a human decision the engine can flag but not prove from code
+ * (IAM least-privilege, a KMS key policy, a real CIDR — the §29 refusal set), in
+ * which case it is `not-code-verifiable`. Pure.
+ */
+export declare function concernVerificationStatus(concern: Pick<Concern, "rule_id" | "evidence">): {
+    status: ConcernVerificationStatus;
+    reason?: string;
+};
+export interface VerifiedConcern {
+    id: string;
+    status: ConcernVerificationStatus;
+    reason?: string;
+}
+export interface VerificationSummary {
+    /** per-concern verification status. */
+    concerns: VerifiedConcern[];
+    counts: {
+        fail: number;
+        not_code_verifiable: number;
+        /** scanners that did not run (each is a coverage gap). */
+        inconclusive: number;
+    };
+    coverage: {
+        /** scanners that ran — their checks are code-verified for what they cover. */
+        verified: string[];
+        /** scanners that did NOT run — their checks are INCONCLUSIVE, never a pass. */
+        inconclusive: {
+            source: string;
+            reason: string;
+        }[];
+    };
+    /** the honesty caveat an assessor should read alongside the statuses. */
+    note: string;
+}
+/**
+ * Roll a scan up into a verification summary: every concern classified
+ * (fail / not-code-verifiable) and every scanner partitioned into verified (ran)
+ * vs inconclusive (skipped — gated, not installed, or unparseable). Pure;
+ * `outcomes` is the raw `runScanners` result, `concerns` the deduped,
+ * Terraform-only set the assessment reports on.
+ */
+export declare function buildVerificationSummary(concerns: Pick<Concern, "id" | "rule_id" | "evidence">[], outcomes: ScannerOutcome[]): VerificationSummary;

package/dist/mcp/terraform.d.ts

@@ -11,12 +11,16 @@
  *   findings  — reviewer findings + SARIF ingest/emit
  *   plan      — plan parsing + destroy/blast/stability/aggregation
  *   tools     — the MCP Tool factories + their *Params schemas
+ *   verification — the five-status taxonomy (fail / not-code-verifiable / …)
+ *   evidence  — the backend-free compliance evidence bundle + emitter
  */
 export * from "#app/mcp/terraform/cost";
 export * from "#app/mcp/terraform/currency";
 export * from "#app/mcp/terraform/decisions";
+export * from "#app/mcp/terraform/evidence";
 export * from "#app/mcp/terraform/findings";
 export * from "#app/mcp/terraform/plan";
 export * from "#app/mcp/terraform/scanners";
 export * from "#app/mcp/terraform/tools";
 export * from "#app/mcp/terraform/types";
+export * from "#app/mcp/terraform/verification";