vgxness 1.15.0 → 1.17.0

package/dist/mcp/stdio-server.js

@@ -84,7 +84,7 @@ function descriptionForTool(publicToolName) {
     if (publicToolName === 'sdd_reopen_artifact')
         return 'Human-only mutating SDD reopen gate; records an explicit human decision to reopen an artifact and must not be called by agents on their own behalf. Use only after human instruction, then revise or re-review the phase.';
     if (publicToolName === 'run_preflight')
-        return 'Agent-callable advisory/planning-only run preflight; evaluates permissions and records a plan but does not execute the checked shell/git/install/network/provider/secrets operation. Use it to decide whether human approval or a separate executor step is required.';
+        return 'Agent-callable advisory/planning-only run preflight; evaluates permissions, records a plan, and returns a workspace strategy recommendation, but does not execute the checked shell/git/install/network/provider/secrets operation and does not create branches, worktrees, or pull requests. Use it to decide whether human approval or a separate executor step is required.';
     const toolName = toInternalVgxMcpToolName(publicToolName);
     return `VGX control-plane tool ${toolName}`;
 }

package/dist/runs/execution-planning.js

@@ -1,5 +1,6 @@
 import { existsSync } from 'node:fs';
 import { join } from 'node:path';
+import { recommendWorkspaceStrategy } from '../workspace-strategy/index.js';
 import { planWorktreeSandbox } from './sandbox-worktree-planning.js';
 const filesystemCategories = new Set(['read', 'edit', 'external-directory']);
 export function planExecutionIsolation(input) {
@@ -23,6 +24,27 @@ export function planExecutionIsolation(input) {
         createsWorktree: false,
     };
 }
+export function recommendWorkspaceStrategyForExecution(input) {
+    return recommendWorkspaceStrategy(workspaceStrategyInputForExecution(input));
+}
+export function workspaceStrategyInputForExecution(input) {
+    const categories = workspaceStrategyCategories(input.operation, input.decision);
+    const mutationSignal = hasWorkspaceMutationSignal(input.operation, categories);
+    return {
+        categories,
+        intentSignals: workspaceStrategyIntentSignals(input.operation, input.decision),
+        risk: workspaceStrategyRisk(input.decision),
+        readOnly: isReadOnlyWorkspaceOperation(input.operation, input.decision),
+        expectedWrites: mutationSignal,
+        mutatesRepository: mutationSignal,
+        destructive: input.operation.destructive === true,
+        external: input.operation.external === true || input.operation.category === 'external-directory',
+        privileged: input.operation.privileged === true,
+        ambiguous: input.operation.ambiguous === true,
+        changeSize: workspaceStrategyChangeSize(input.decision),
+        ...(mutationSignal ? { workspace: { checkout: 'unknown' } } : {}),
+    };
+}
 function selectStrategy(operation, decision) {
     if (operation.sandboxStrategy === 'worktree')
         return 'worktree';
@@ -109,3 +131,48 @@ const defaultGitBoundaryInspector = ({ workspaceRoot }) => {
     }
     return { status: 'compatible', reason: 'workspace has no git metadata to conflict with a planned worktree boundary' };
 };
+function workspaceStrategyCategories(operation, decision) {
+    const categories = [operation.category];
+    if (decision.riskReasonCodes?.includes('git_write') === true && !categories.includes('git-write'))
+        categories.push('git-write');
+    return categories;
+}
+function workspaceStrategyIntentSignals(operation, decision) {
+    return [
+        `permission:${decision.reason}`,
+        ...(decision.riskReasonCodes ?? []).map((code) => `risk:${code}`),
+        ...(operation.workflow === undefined ? [] : [`workflow:${operation.workflow}`]),
+        ...(operation.phase === undefined ? [] : [`phase:${operation.phase}`]),
+    ];
+}
+function workspaceStrategyRisk(decision) {
+    if (decision.riskTier === 0)
+        return 'none';
+    if (decision.riskTier === 1)
+        return 'low';
+    if (decision.riskTier === 2)
+        return 'medium';
+    if (decision.riskTier === 3)
+        return 'high';
+    if (decision.riskTier === 4)
+        return 'critical';
+    return 'unknown';
+}
+function workspaceStrategyChangeSize(decision) {
+    if (decision.riskReasonCodes?.some((code) => code === 'architecture_change' || code === 'cross_surface_change' || code === 'governance_change') === true)
+        return 'large';
+    if (decision.riskTier === 2)
+        return 'medium';
+    if (decision.riskTier === 1)
+        return 'small';
+    return 'unknown';
+}
+function isReadOnlyWorkspaceOperation(operation, decision) {
+    return decision.riskTier === 0 || operation.category === 'read' || (operation.category === 'git' && decision.riskReasonCodes?.includes('git_write') !== true);
+}
+function hasWorkspaceMutationSignal(operation, categories) {
+    if (operation.destructive === true || operation.privileged === true || operation.external === true || operation.ambiguous === true)
+        return true;
+    return categories.some((category) => workspaceMutationCategories.has(category));
+}
+const workspaceMutationCategories = new Set(['edit', 'implementation-edit', 'spec-write', 'design-write', 'task-write', 'git-write']);

package/dist/runs/run-service.js

@@ -1,8 +1,10 @@
+import { createHash } from 'node:crypto';
 import { evaluatePermission } from '../permissions/policy-evaluator.js';
 import { isRiskyPermissionCategory } from '../permissions/schema.js';
 import { normalizeSddPhaseInput } from '../sdd/schema.js';
-import { planExecutionIsolation } from './execution-planning.js';
+import { planExecutionIsolation, recommendWorkspaceStrategyForExecution } from './execution-planning.js';
 import { evaluateOperationRetry as evaluateOperationRetryPolicy } from './operation-retry.js';
+import { AllowlistedApplyProgressCommandExecutor } from '../workflows/command-allowlist-adapter.js';
 import { RunRepository, } from './repositories/runs.js';
 import { buildRunInsights, buildRunOperatorResumePlan } from './run-insights.js';
 const preflightSafety = {
@@ -45,6 +47,51 @@ export class RunService {
     listRuns(filters = {}) {
         return this.runs.list(filters);
     }
+    getSddOperationalEvidence(input) {
+        const runs = this.runs.list({ project: input.project, limit: input.limit ?? 50 });
+        if (!runs.ok)
+            return runs;
+        const evidenceByPhase = {};
+        for (const run of runs.value) {
+            if (!isSddWorkflow(run.workflow))
+                continue;
+            const phase = normalizeSddPhaseInput(run.phase);
+            if (phase === undefined || evidenceByPhase[phase] !== undefined)
+                continue;
+            const details = this.runs.getDetails(run.id);
+            if (!details.ok)
+                return details;
+            const matchingCheckpoints = details.value.checkpoints.filter((checkpoint) => checkpointHasChangeId(checkpoint.state, input.change));
+            if (matchingCheckpoints.length === 0)
+                continue;
+            const latestMatchingCheckpoint = matchingCheckpoints.at(-1);
+            evidenceByPhase[phase] = {
+                latestRun: {
+                    id: details.value.id,
+                    status: details.value.status,
+                    workflow: details.value.workflow,
+                    phase: details.value.phase,
+                    ...(details.value.outcome === undefined ? {} : { outcome: details.value.outcome }),
+                    createdAt: details.value.createdAt,
+                    updatedAt: details.value.updatedAt,
+                    ...(details.value.completedAt === undefined ? {} : { completedAt: details.value.completedAt }),
+                },
+                approvalCounts: countByStatus(details.value.approvals.map((approval) => approval.status)),
+                attemptCounts: countByStatus(details.value.operationAttempts.map((attempt) => attempt.status)),
+                ...(latestMatchingCheckpoint === undefined
+                    ? {}
+                    : {
+                        latestCheckpoint: {
+                            id: latestMatchingCheckpoint.id,
+                            label: latestMatchingCheckpoint.label,
+                            sequence: latestMatchingCheckpoint.sequence,
+                            createdAt: latestMatchingCheckpoint.createdAt,
+                        },
+                    }),
+            };
+        }
+        return { ok: true, value: evidenceByPhase };
+    }
     listRecentInterruptedRuns(input) {
         const runs = this.runs.list({ project: input.project, statuses: ['failed', 'blocked', 'needs-human'], limit: input.limit ?? 5 });
         if (!runs.ok)
@@ -234,6 +281,7 @@ export class RunService {
         const operation = operationFromPendingExecution(pendingExecutionEvent.payload);
         if (operation === undefined)
             return validationFailure('Pending operation metadata is incomplete and cannot be retried');
+        const replayGuard = replayGuardForApprovedOperation(approval.value, permissionEvent, pendingExecutionEvent, operation);
         const attempts = details.value.operationAttempts.filter((attempt) => attempt.approvalId === approval.value.id);
         const retryDecision = evaluateOperationRetryPolicy(input.policy === undefined ? { attempts } : { attempts, policy: input.policy });
         if (!retryDecision.allowed || retryDecision.reasonCode !== 'status_allowed_by_policy')
@@ -245,7 +293,7 @@ export class RunService {
             pendingExecutionEventId: pendingExecutionEvent.id,
             category: operation.category,
             operation: operation.operation,
-            operationMetadata: operationMetadata(operation),
+            operationMetadata: operationMetadataWithReplayGuard(operation, replayGuard),
             executorName: input.executorName ?? 'retry-admission',
         });
         if (!reserved.ok)
@@ -267,6 +315,8 @@ export class RunService {
                 retryReason: retryDecision.reason,
                 evaluatedAttemptCount: retryDecision.evaluatedAttemptCount,
                 retryableStatuses: [...retryDecision.retryableStatuses],
+                replayGuard,
+                operationFingerprint: replayGuard.operationFingerprint,
                 executorInvoked: false,
                 operationExecuted: false,
             }),
@@ -292,6 +342,11 @@ export class RunService {
             decision: permission.value.decision,
             ...(resolved.value.gitBoundaryInspector === undefined ? {} : { gitBoundaryInspector: resolved.value.gitBoundaryInspector }),
         });
+        const workspaceStrategy = recommendWorkspaceStrategyForExecution({
+            operation: resolved.value,
+            decision: permission.value.decision,
+            ...(resolved.value.gitBoundaryInspector === undefined ? {} : { gitBoundaryInspector: resolved.value.gitBoundaryInspector }),
+        });
         const sandboxDecision = sandboxDecisionSummary(plan.sandbox);
         const planEvent = this.runs.appendEvent({
             runId: resolved.value.runId,
@@ -303,6 +358,7 @@ export class RunService {
                 decisionEventId: permission.value.event.id,
                 approvalId: permission.value.approval?.id ?? null,
                 plan: plan,
+                workspaceStrategy: workspaceStrategy,
                 ...(sandboxDecision === undefined ? {} : { sandboxDecision: sandboxDecision }),
                 operationExecuted: false,
                 executorInvoked: false,
@@ -317,7 +373,7 @@ export class RunService {
         });
         if (!planEvent.ok)
             return { ok: false, error: planEvent.error };
-        return { ok: true, value: { ...permission.value, plan, planEvent: planEvent.value } };
+        return { ok: true, value: { ...permission.value, plan, workspaceStrategy, planEvent: planEvent.value } };
     }
     preflightOperation(input) {
         const resolved = this.buildPermissionContextForRun(input);
@@ -329,7 +385,7 @@ export class RunService {
         const planned = this.planOperationExecution(resolved.value);
         if (!planned.ok)
             return planned;
-        const { decision, event, approval, plan, planEvent } = planned.value;
+        const { decision, event, approval, plan, workspaceStrategy, planEvent } = planned.value;
         const audit = { permissionEventId: event.id, planEventId: planEvent.id };
         if (approval !== undefined)
             audit.approvalId = approval.id;
@@ -351,6 +407,7 @@ export class RunService {
                 permissionEvent: event,
                 ...(approval === undefined ? {} : { approval }),
                 plan,
+                workspaceStrategy,
                 planEvent,
                 audit,
                 eligibleForFutureExecution: plan.executable && !sandboxRejected,
@@ -378,6 +435,10 @@ export class RunService {
         const operation = operationFromPendingExecution(pendingExecutionEvent.payload);
         if (operation === undefined)
             return validationFailure('Pending operation metadata is incomplete and cannot be resumed');
+        const replayGuard = replayGuardForApprovedOperation(approval.value, permissionEvent, pendingExecutionEvent, operation);
+        const replayValidation = validateReplayGuard(pendingExecutionEvent, replayGuard, input.expectedOperationFingerprint);
+        if (!replayValidation.ok)
+            return replayValidation;
         const retry = this.evaluateOperationRetry({ approvalId: approval.value.id });
         if (!retry.ok)
             return retry;
@@ -390,7 +451,7 @@ export class RunService {
             pendingExecutionEventId: pendingExecutionEvent.id,
             category: operation.category,
             operation: operation.operation,
-            operationMetadata: operationMetadata(operation),
+            operationMetadata: operationMetadataWithReplayGuard(operation, replayGuard),
             executorName: input.executor.name,
         });
         if (!reserved.ok)
@@ -413,6 +474,8 @@ export class RunService {
                     originalDecision: 'ask',
                     approvalStatus: 'approved',
                     policyReevaluated: false,
+                    replayGuard,
+                    operationFingerprint: replayGuard.operationFingerprint,
                     resumedFromApprovalId: approval.value.id,
                     executorInvoked: true,
                     error,
@@ -423,6 +486,9 @@ export class RunService {
             if (!executionEvent.ok)
                 return { ok: false, error: executionEvent.error };
             const linkedAttempt = this.runs.attachAttemptResultEvent(attempt.value.id, executionEvent.value.id);
+            const evidence = appendApplyProgressAllowlistEvidenceIfNeeded(this.runs, approval.value.id, permissionEvent, pendingExecutionEvent, linkedAttempt.ok ? linkedAttempt.value : attempt.value, executionEvent.value, replayGuard.operationFingerprint, input.executor.name, operation, undefined, error);
+            if (!evidence.ok)
+                return { ok: false, error: evidence.error };
             return {
                 ok: true,
                 value: {
@@ -432,6 +498,7 @@ export class RunService {
                     attempt: linkedAttempt.ok ? linkedAttempt.value : attempt.value,
                     executionEvent: executionEvent.value,
                     status: 'failed',
+                    ...(evidence.value === undefined ? {} : evidence.value),
                 },
             };
         }
@@ -451,6 +518,8 @@ export class RunService {
                 originalDecision: 'ask',
                 approvalStatus: 'approved',
                 policyReevaluated: false,
+                replayGuard,
+                operationFingerprint: replayGuard.operationFingerprint,
                 resumedFromApprovalId: approval.value.id,
                 executorInvoked: true,
                 output: output ?? null,
@@ -461,6 +530,9 @@ export class RunService {
         if (!executionEvent.ok)
             return { ok: false, error: executionEvent.error };
         const linkedAttempt = this.runs.attachAttemptResultEvent(attempt.value.id, executionEvent.value.id);
+        const evidence = appendApplyProgressAllowlistEvidenceIfNeeded(this.runs, approval.value.id, permissionEvent, pendingExecutionEvent, linkedAttempt.ok ? linkedAttempt.value : attempt.value, executionEvent.value, replayGuard.operationFingerprint, input.executor.name, operation, output, undefined);
+        if (!evidence.ok)
+            return { ok: false, error: evidence.error };
         return {
             ok: true,
             value: {
@@ -471,9 +543,17 @@ export class RunService {
                 executionEvent: executionEvent.value,
                 status: 'succeeded',
                 ...(output === undefined ? {} : { output }),
+                ...(evidence.value === undefined ? {} : evidence.value),
             },
         };
     }
+    resumeApprovedAllowlistedApplyProgressCommand(input) {
+        return this.resumeApprovedOperation({
+            approvalId: input.approvalId,
+            executor: new AllowlistedApplyProgressCommandExecutor(input.executorOptions),
+            ...(input.expectedOperationFingerprint === undefined ? {} : { expectedOperationFingerprint: input.expectedOperationFingerprint }),
+        });
+    }
     executeOperation(input) {
         const permission = this.evaluatePermissionForRun({ runId: input.runId, ...input.operation, reusePendingApproval: true });
         if (!permission.ok)
@@ -534,6 +614,7 @@ export class RunService {
                 : { ok: false, error: executionEvent.error };
         }
         if (permission.value.decision.decision === 'ask') {
+            const replayGuard = permission.value.approval === undefined ? undefined : replayGuardForApprovedOperation(permission.value.approval, permission.value.event, undefined, input.operation);
             const executionEvent = this.runs.appendEvent({
                 runId: input.runId,
                 kind: 'operation-execution',
@@ -544,6 +625,7 @@ export class RunService {
                     decision: 'ask',
                     reason: permission.value.decision.reason,
                     message: permission.value.decision.message,
+                    ...(replayGuard === undefined ? {} : { replayGuard, operationFingerprint: replayGuard.operationFingerprint }),
                     executorInvoked: false,
                     operationExecuted: false,
                 }),
@@ -848,8 +930,49 @@ export class RunService {
         return { ok: true, value: resolved[0] };
     }
 }
+export function calculateStableOperationFingerprint(input) {
+    const canonical = {
+        runId: input.runId,
+        approvalId: input.approvalId,
+        category: input.category,
+        operation: input.operation,
+    };
+    if (input.phase !== undefined)
+        canonical.phase = input.phase;
+    if (input.agentId !== undefined)
+        canonical.agentId = input.agentId;
+    if (input.workspaceRoot !== undefined)
+        canonical.workspaceRoot = input.workspaceRoot;
+    if (input.targetPath !== undefined)
+        canonical.targetPath = input.targetPath;
+    if (input.input !== undefined)
+        canonical.input = input.input;
+    return `sha256:${createHash('sha256').update(stableJson(canonical)).digest('hex')}`;
+}
 function checkpointHasChangeId(state, change) {
-    return typeof state === 'object' && state !== null && !Array.isArray(state) && state.changeId === change;
+    return typeof state === 'object' && state !== null && !Array.isArray(state) && (state.changeId === change || state.change === change);
+}
+function countByStatus(statuses) {
+    const counts = { total: statuses.length };
+    for (const status of statuses) {
+        if (status === 'pending')
+            counts.pending = (counts.pending ?? 0) + 1;
+        else if (status === 'approved')
+            counts.approved = (counts.approved ?? 0) + 1;
+        else if (status === 'rejected')
+            counts.rejected = (counts.rejected ?? 0) + 1;
+        else if (status === 'cancelled')
+            counts.cancelled = (counts.cancelled ?? 0) + 1;
+        else if (status === 'reserved')
+            counts.reserved = (counts.reserved ?? 0) + 1;
+        else if (status === 'succeeded')
+            counts.succeeded = (counts.succeeded ?? 0) + 1;
+        else if (status === 'failed')
+            counts.failed = (counts.failed ?? 0) + 1;
+        else if (status === 'abandoned')
+            counts.abandoned = (counts.abandoned ?? 0) + 1;
+    }
+    return counts;
 }
 function preflightOutcome(decision) {
     if (decision.decision === 'allow')
@@ -879,6 +1002,54 @@ function workflowConflictDecision(input, runWorkflow) {
         auditEvidence: [`runWorkflow:${runWorkflow}`, `explicitWorkflow:${input.workflow}`],
     };
 }
+function appendApplyProgressAllowlistEvidenceIfNeeded(runs, approvalId, permissionEvent, pendingExecutionEvent, attempt, executionEvent, operationFingerprint, executorName, operation, output, error) {
+    if (!isApplyProgressAllowlistedCommandOperation(operation))
+        return { ok: true, value: undefined };
+    const base = {
+        kind: 'apply-progress-operation',
+        operationKind: 'allowlisted-command',
+        runId: attempt.runId,
+        approvalId,
+        attemptId: attempt.id,
+        pendingExecutionEventId: pendingExecutionEvent.id,
+        permissionEventId: permissionEvent.id,
+        executionEventId: executionEvent.id,
+        operationFingerprint,
+        executor: executorName,
+        operation: operationMetadata(operation),
+        status: attempt.status,
+        output: output ?? null,
+        error: error ?? null,
+    };
+    const evidence = runs.appendEvent({
+        runId: attempt.runId,
+        kind: 'evidence',
+        title: `Apply-progress allowlisted command ${attempt.status}: ${operation.operation}`,
+        payload: base,
+        relatedType: 'operation-attempt',
+        relatedId: attempt.id,
+    });
+    if (!evidence.ok)
+        return { ok: false, error: evidence.error };
+    const checkpoint = runs.appendCheckpoint({
+        runId: attempt.runId,
+        label: 'apply-progress-allowlisted-command-executed',
+        state: { ...base, evidenceEventId: evidence.value.id },
+    });
+    if (!checkpoint.ok)
+        return { ok: false, error: checkpoint.error };
+    return { ok: true, value: { checkpoint: checkpoint.value, evidenceEvent: evidence.value } };
+}
+function isApplyProgressAllowlistedCommandOperation(operation) {
+    if (operation.input === undefined)
+        return false;
+    if (!isObject(operation.input))
+        return false;
+    return (operation.phase === 'apply-progress' &&
+        operation.input.kind === 'apply-progress-operation' &&
+        operation.input.operationKind === 'allowlisted-command' &&
+        /^command-allowlist:[A-Za-z0-9._/-]+$/u.test(operation.operation));
+}
 function executionPayload(operation, executorName, status, extra) {
     return {
         status,
@@ -889,6 +1060,65 @@ function executionPayload(operation, executorName, status, extra) {
         ...extra,
     };
 }
+function operationMetadataWithReplayGuard(operation, replayGuard) {
+    const metadata = operationMetadata(operation);
+    if (!isObject(metadata))
+        return metadata;
+    return { ...metadata, replayGuard };
+}
+function replayGuardForApprovedOperation(approval, permissionEvent, pendingExecutionEvent, operation) {
+    const fingerprintInput = fingerprintInputForApprovedOperation(approval, permissionEvent, operation);
+    const operationFingerprint = calculateStableOperationFingerprint(fingerprintInput);
+    return {
+        version: 1,
+        operationFingerprint,
+        fingerprintAlgorithm: 'sha256:stable-json:v1',
+        expectedPendingExecutionEventId: pendingExecutionEvent?.id ?? null,
+        associated: fingerprintInput,
+    };
+}
+function fingerprintInputForApprovedOperation(approval, permissionEvent, operation) {
+    const permissionPayload = isObject(permissionEvent.payload) ? permissionEvent.payload : {};
+    const requestedOperation = permissionPayload.requestedOperation !== undefined && isObject(permissionPayload.requestedOperation) ? permissionPayload.requestedOperation : {};
+    const agent = permissionPayload.agent !== undefined && isObject(permissionPayload.agent) ? permissionPayload.agent : undefined;
+    const phase = stringField(operation.phase) ?? stringField(requestedOperation.phase) ?? stringField(permissionPayload.phase);
+    const agentId = stringField(operation.agentId) ?? stringField(requestedOperation.agentId) ?? stringField(agent?.id);
+    const workspaceRoot = stringField(operation.workspaceRoot) ?? stringField(requestedOperation.workspaceRoot);
+    const targetPath = stringField(operation.targetPath) ?? stringField(requestedOperation.targetPath);
+    const fingerprintInput = {
+        runId: approval.runId,
+        approvalId: approval.id,
+        category: operation.category,
+        operation: operation.operation,
+    };
+    if (phase !== undefined)
+        fingerprintInput.phase = phase;
+    if (agentId !== undefined)
+        fingerprintInput.agentId = agentId;
+    if (workspaceRoot !== undefined)
+        fingerprintInput.workspaceRoot = workspaceRoot;
+    if (targetPath !== undefined)
+        fingerprintInput.targetPath = targetPath;
+    if (operation.input !== undefined)
+        fingerprintInput.input = operation.input;
+    return fingerprintInput;
+}
+function validateReplayGuard(pendingExecutionEvent, replayGuard, expectedOperationFingerprint) {
+    const actualFingerprint = replayGuard.operationFingerprint;
+    if (expectedOperationFingerprint !== undefined && expectedOperationFingerprint !== actualFingerprint) {
+        return validationFailure(`Operation fingerprint mismatch: expected ${expectedOperationFingerprint}, calculated ${actualFingerprint}`);
+    }
+    if (isObject(pendingExecutionEvent.payload)) {
+        const stored = typeof pendingExecutionEvent.payload.operationFingerprint === 'string' ? pendingExecutionEvent.payload.operationFingerprint : undefined;
+        const storedReplayGuard = pendingExecutionEvent.payload.replayGuard !== undefined && isObject(pendingExecutionEvent.payload.replayGuard) ? pendingExecutionEvent.payload.replayGuard : undefined;
+        const storedReplayFingerprint = typeof storedReplayGuard?.operationFingerprint === 'string' ? storedReplayGuard.operationFingerprint : undefined;
+        const storedFingerprint = stored ?? storedReplayFingerprint;
+        if (storedFingerprint !== undefined && storedFingerprint !== actualFingerprint) {
+            return validationFailure(`Stored operation fingerprint mismatch: stored ${storedFingerprint}, calculated ${actualFingerprint}`);
+        }
+    }
+    return { ok: true, value: undefined };
+}
 function summarizeOperation(operation) {
     return {
         category: operation.category,
@@ -1078,6 +1308,10 @@ function operationFromPendingExecution(payload) {
         operation.targetPath = requested.targetPath;
     if (typeof requested.providerToolName === 'string')
         operation.providerToolName = requested.providerToolName;
+    if (typeof requested.phase === 'string')
+        operation.phase = requested.phase;
+    if (typeof requested.agentId === 'string')
+        operation.agentId = requested.agentId;
     if (typeof requested.destructive === 'boolean')
         operation.destructive = requested.destructive;
     if (typeof requested.external === 'boolean')
@@ -1088,10 +1322,13 @@ function operationFromPendingExecution(payload) {
         operation.ambiguous = requested.ambiguous;
     if ('input' in requested)
         operation.input = requested.input;
-    if ('input' in payload)
+    if ('input' in payload && payload.input !== null)
         operation.input = payload.input;
     return operation;
 }
+function stringField(value) {
+    return typeof value === 'string' && value.length > 0 ? value : undefined;
+}
 function isObject(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
 }

package/dist/runs/sandbox-process-execution.js

@@ -160,10 +160,12 @@ function acceptedEvidence(workspaceRoot, cwd, checks) {
     return {
         strategy: 'bounded-process',
         enforceable: true,
+        createsSandbox: false,
+        createsWorktree: false,
         workspaceRoot,
         cwd,
         capabilities: {
-            sandboxEnforceable: true,
+            sandboxEnforceable: false,
             processExecutionEnforceable: true,
             workspaceBoundaryEnforced: true,
             providerConfigWritesBlocked: true,
@@ -172,10 +174,14 @@ function acceptedEvidence(workspaceRoot, cwd, checks) {
             limitedEnvironment: true,
             timeoutEnforced: true,
             outputCapEnforced: true,
+            createsSandbox: false,
+            createsWorktree: false,
             filesystemIsolation: false,
             networkIsolation: false,
         },
         limitations: [
+            'bounded-process does not create an OS-level sandbox',
+            'bounded-process does not create or manage a git worktree',
             'bounded-process enforces local process launch constraints only; it is not an OS-level filesystem sandbox',
             'bounded-process does not prove network isolation',
         ],

package/dist/sdd/cockpit-read-model.js

@@ -17,11 +17,11 @@ export class SddCockpitReadModelService {
         return { ok: true, value: buildSddCockpitSurfaceResponse(cockpit.value) };
     }
 }
-export function buildSddCockpitSurfaceResponse(cockpit) {
-    return { ...cockpit, readModel: buildSddCockpitReadModel(cockpit) };
+export function buildSddCockpitSurfaceResponse(cockpit, options = {}) {
+    return { ...cockpit, readModel: buildSddCockpitReadModel(cockpit, options) };
 }
-export function buildSddCockpitReadModel(cockpit) {
-    const phases = cockpit.phases.map((phase) => toPhaseReadModel(phase));
+export function buildSddCockpitReadModel(cockpit, options = {}) {
+    const phases = cockpit.phases.map((phase) => toPhaseReadModel(phase, options.operationalEvidenceByPhase?.[phase.phase]));
     const blockers = toReadBlockers(cockpit);
     const nextAction = chooseNextAction(cockpit, phases);
     return {
@@ -36,7 +36,7 @@ export function buildSddCockpitReadModel(cockpit) {
         contentIncluded: false,
     };
 }
-function toPhaseReadModel(phase) {
+function toPhaseReadModel(phase, operationalEvidence) {
     const status = artifactReadStatus(phase);
     const contentAvailable = phase.present && phase.artifact !== undefined;
     const reasons = phase.blockers.map((blocker) => blocker.action ?? blocker.reason);
@@ -70,6 +70,7 @@ function toPhaseReadModel(phase) {
             reasons,
         },
         ...(phase.gates === undefined ? {} : { gates: phase.gates }),
+        ...(operationalEvidence === undefined ? {} : { operationalEvidence }),
         guidance: guidanceForPhase(phase, status, canAccept),
     };
 }

package/dist/sdd/sdd-continuation-plan.js

@@ -6,6 +6,7 @@ export function sddContinuationPlanFrom(input) {
     const blockerGuidance = input.next.blockerGuidance ?? [];
     const blockerActions = blockerGuidance.map((blocker) => continuationBlockerAction(input.project, input.next.change, blocker, dbFlag));
     const recommendedActions = continuationRecommendedActions(input.project, input.next, blockerGuidance);
+    const advice = continuationAdvice(input.next, blockerGuidance);
     const relatedRunContext = relatedRunContextView(input.project, input.relatedRunContext, dbFlag);
     return {
         kind: 'sdd-continuation-plan',
@@ -18,6 +19,7 @@ export function sddContinuationPlanFrom(input) {
         reason: input.next.reason,
         suggestedCommand,
         inspectCommand,
+        advice,
         blockerActions,
         recommendedActions,
         ...(relatedRunContext === undefined ? {} : { relatedRunContext }),
@@ -30,6 +32,50 @@ export function sddContinuationPlanFrom(input) {
         ],
     };
 }
+function continuationAdvice(next, blockerGuidance) {
+    const advice = [];
+    if (next.nextPhase === 'proposal' || hasProposalMissingBlocker(next, blockerGuidance))
+        advice.push(proposalQuestionRoundAdvice(next.change));
+    if (next.nextPhase === 'apply-progress')
+        advice.push(reviewWorkloadGuardAdvice(next.change));
+    return advice;
+}
+function hasProposalMissingBlocker(next, blockerGuidance) {
+    return (blockerGuidance.some((blocker) => blocker.phase === 'proposal' && blocker.reason === 'missing') ||
+        next.missingArtifactTopicKeys.some((topicKey) => topicKey.endsWith('/proposal')));
+}
+function proposalQuestionRoundAdvice(change) {
+    return {
+        id: `sdd.${change}.advice.proposal-question-round`,
+        kind: 'proposal-question-round',
+        title: 'Run proposal question round when product clarity is missing',
+        message: 'Before drafting or accepting the proposal, run a product/business question round if clarity is still missing; this advice does not claim low clarity from metadata alone.',
+        readOnly: true,
+        advisoryOnly: true,
+        mutating: false,
+        providerExecution: false,
+        artifactMutation: false,
+        runCreation: false,
+        openspecWrite: false,
+        reason: 'Proposal work benefits from explicit business rules, product outcomes, edge cases, non-goals, and tradeoff decisions before proposal drafting or acceptance.',
+    };
+}
+function reviewWorkloadGuardAdvice(change) {
+    return {
+        id: `sdd.${change}.advice.review-workload-guard`,
+        kind: 'review-workload-guard',
+        title: 'Inspect Review Workload Forecast before apply',
+        message: 'Before apply, inspect tasks/Review Workload Forecast and ask for a delivery decision if risk is high, estimated changes exceed 400 lines, chained PRs are recommended, or a decision is pending.',
+        readOnly: true,
+        advisoryOnly: true,
+        mutating: false,
+        providerExecution: false,
+        artifactMutation: false,
+        runCreation: false,
+        openspecWrite: false,
+        reason: 'Apply work can exceed review budget; continuation advice must surface the guard without executing providers, mutating artifacts, creating runs, or writing openspec files.',
+    };
+}
 function continuationRecommendedActions(project, next, blockerGuidance) {
     const actions = [inspectCockpitAction(project, next.change)];
     if (next.status === 'runnable' && next.nextPhase !== undefined)