PyPI - codeframe-ai - Versions diffs - 0.9.0__py3-none-any.whl - Mend

codeframe-ai 0.9.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

codeframe/__init__.py +11 -0
codeframe/__main__.py +20 -0
codeframe/adapters/__init__.py +5 -0
codeframe/adapters/e2b/__init__.py +13 -0
codeframe/adapters/e2b/adapter.py +342 -0
codeframe/adapters/e2b/budget.py +71 -0
codeframe/adapters/e2b/credential_scanner.py +134 -0
codeframe/adapters/llm/__init__.py +92 -0
codeframe/adapters/llm/anthropic.py +414 -0
codeframe/adapters/llm/base.py +444 -0
codeframe/adapters/llm/mock.py +281 -0
codeframe/adapters/llm/openai.py +483 -0
codeframe/agents/__init__.py +8 -0
codeframe/agents/dependency_resolver.py +714 -0
codeframe/auth/__init__.py +16 -0
codeframe/auth/api_key_router.py +238 -0
codeframe/auth/api_keys.py +156 -0
codeframe/auth/dependencies.py +358 -0
codeframe/auth/manager.py +178 -0
codeframe/auth/models.py +30 -0
codeframe/auth/router.py +93 -0
codeframe/auth/schemas.py +15 -0
codeframe/auth/scopes.py +53 -0
codeframe/cli/__init__.py +12 -0
codeframe/cli/__main__.py +20 -0
codeframe/cli/api_client.py +275 -0
codeframe/cli/app.py +5688 -0
codeframe/cli/auth.py +122 -0
codeframe/cli/auth_commands.py +958 -0
codeframe/cli/commands/__init__.py +5 -0
codeframe/cli/config_commands.py +79 -0
codeframe/cli/dashboard_commands.py +67 -0
codeframe/cli/engines_commands.py +205 -0
codeframe/cli/env_commands.py +409 -0
codeframe/cli/helpers.py +56 -0
codeframe/cli/hooks_commands.py +208 -0
codeframe/cli/import_commands.py +129 -0
codeframe/cli/pr_commands.py +549 -0
codeframe/cli/proof_commands.py +415 -0
codeframe/cli/stats_commands.py +311 -0
codeframe/cli/telemetry_runtime.py +153 -0
codeframe/cli/validators.py +123 -0
codeframe/config/rate_limits.py +165 -0
codeframe/core/__init__.py +15 -0
codeframe/core/adapters/__init__.py +43 -0
codeframe/core/adapters/agent_adapter.py +114 -0
codeframe/core/adapters/builtin.py +326 -0
codeframe/core/adapters/claude_code.py +62 -0
codeframe/core/adapters/codex.py +393 -0
codeframe/core/adapters/git_utils.py +40 -0
codeframe/core/adapters/kilocode.py +126 -0
codeframe/core/adapters/opencode.py +48 -0
codeframe/core/adapters/streaming_chat.py +483 -0
codeframe/core/adapters/subprocess_adapter.py +213 -0
codeframe/core/adapters/verification_wrapper.py +269 -0
codeframe/core/agent.py +2183 -0
codeframe/core/agents_config.py +569 -0
codeframe/core/api_key_service.py +211 -0
codeframe/core/artifacts.py +428 -0
codeframe/core/blocker_detection.py +218 -0
codeframe/core/blockers.py +433 -0
codeframe/core/checkpoints.py +481 -0
codeframe/core/conductor.py +2255 -0
codeframe/core/config.py +827 -0
codeframe/core/config_watcher.py +268 -0
codeframe/core/context.py +542 -0
codeframe/core/context_packager.py +234 -0
codeframe/core/credentials.py +735 -0
codeframe/core/dependency_analyzer.py +229 -0
codeframe/core/dependency_graph.py +290 -0
codeframe/core/diagnostic_agent.py +712 -0
codeframe/core/diagnostics.py +616 -0
codeframe/core/editor.py +556 -0
codeframe/core/engine_registry.py +256 -0
codeframe/core/engine_stats.py +231 -0
codeframe/core/environment.py +697 -0
codeframe/core/events.py +375 -0
codeframe/core/executor.py +1005 -0
codeframe/core/fix_tracker.py +480 -0
codeframe/core/gates.py +1322 -0
codeframe/core/git.py +477 -0
codeframe/core/github_connect_service.py +178 -0
codeframe/core/github_integration_config.py +118 -0
codeframe/core/github_issues_service.py +449 -0
codeframe/core/hooks.py +184 -0
codeframe/core/importers/__init__.py +1 -0
codeframe/core/importers/ralph.py +540 -0
codeframe/core/installer.py +650 -0
codeframe/core/models.py +1026 -0
codeframe/core/notifications_config.py +183 -0
codeframe/core/planner.py +437 -0
codeframe/core/prd.py +670 -0
codeframe/core/prd_discovery.py +1118 -0
codeframe/core/prd_stress_test.py +499 -0
codeframe/core/progress.py +126 -0
codeframe/core/proof/__init__.py +34 -0
codeframe/core/proof/capture.py +79 -0
codeframe/core/proof/evidence.py +56 -0
codeframe/core/proof/ledger.py +574 -0
codeframe/core/proof/models.py +162 -0
codeframe/core/proof/obligations.py +103 -0
codeframe/core/proof/runner.py +233 -0
codeframe/core/proof/scope.py +81 -0
codeframe/core/proof/stubs.py +156 -0
codeframe/core/quick_fixes.py +558 -0
codeframe/core/react_agent.py +1650 -0
codeframe/core/reconciliation.py +183 -0
codeframe/core/replay.py +788 -0
codeframe/core/review.py +285 -0
codeframe/core/runtime.py +1134 -0
codeframe/core/sandbox/__init__.py +27 -0
codeframe/core/sandbox/context.py +98 -0
codeframe/core/sandbox/worktree.py +20 -0
codeframe/core/schedule.py +396 -0
codeframe/core/stall_detector.py +71 -0
codeframe/core/stall_monitor.py +134 -0
codeframe/core/state_machine.py +121 -0
codeframe/core/streaming.py +502 -0
codeframe/core/task_tree.py +400 -0
codeframe/core/tasks.py +1022 -0
codeframe/core/telemetry.py +232 -0
codeframe/core/templates.py +221 -0
codeframe/core/tools.py +942 -0
codeframe/core/workspace.py +887 -0
codeframe/core/worktrees.py +276 -0
codeframe/git/__init__.py +5 -0
codeframe/git/github_integration.py +505 -0
codeframe/lib/__init__.py +0 -0
codeframe/lib/audit_logger.py +248 -0
codeframe/lib/metrics_tracker.py +800 -0
codeframe/lib/quality/__init__.py +7 -0
codeframe/lib/quality/complexity_analyzer.py +316 -0
codeframe/lib/quality/owasp_patterns.py +284 -0
codeframe/lib/quality/security_scanner.py +250 -0
codeframe/lib/rate_limiter.py +312 -0
codeframe/notifications/__init__.py +0 -0
codeframe/notifications/webhook.py +380 -0
codeframe/planning/__init__.py +30 -0
codeframe/planning/issue_generator.py +219 -0
codeframe/planning/prd_template_functions.py +137 -0
codeframe/planning/prd_templates.py +975 -0
codeframe/planning/task_scheduler.py +511 -0
codeframe/planning/task_templates.py +533 -0
codeframe/platform_store/__init__.py +5 -0
codeframe/platform_store/database.py +277 -0
codeframe/platform_store/repositories/__init__.py +24 -0
codeframe/platform_store/repositories/api_key_repository.py +245 -0
codeframe/platform_store/repositories/audit_repository.py +67 -0
codeframe/platform_store/repositories/base.py +295 -0
codeframe/platform_store/repositories/interactive_sessions.py +165 -0
codeframe/platform_store/repositories/token_repository.py +598 -0
codeframe/platform_store/repositories/workspace_registry_repository.py +175 -0
codeframe/platform_store/schema_manager.py +321 -0
codeframe/templates/AGENTS.md.default +94 -0
codeframe/tui/__init__.py +5 -0
codeframe/tui/app.py +256 -0
codeframe/tui/data_service.py +103 -0
codeframe/ui/__init__.py +0 -0
codeframe/ui/dependencies.py +103 -0
codeframe/ui/models.py +999 -0
codeframe/ui/response_models.py +201 -0
codeframe/ui/routers/__init__.py +5 -0
codeframe/ui/routers/_helpers.py +29 -0
codeframe/ui/routers/batches_v2.py +315 -0
codeframe/ui/routers/blockers_v2.py +320 -0
codeframe/ui/routers/checkpoints_v2.py +310 -0
codeframe/ui/routers/costs_v2.py +322 -0
codeframe/ui/routers/diagnose_v2.py +225 -0
codeframe/ui/routers/discovery_v2.py +417 -0
codeframe/ui/routers/environment_v2.py +284 -0
codeframe/ui/routers/events_v2.py +75 -0
codeframe/ui/routers/gates_v2.py +166 -0
codeframe/ui/routers/git_v2.py +284 -0
codeframe/ui/routers/github_integrations_v2.py +532 -0
codeframe/ui/routers/interactive_sessions_v2.py +238 -0
codeframe/ui/routers/pr_v2.py +709 -0
codeframe/ui/routers/prd_v2.py +695 -0
codeframe/ui/routers/proof_v2.py +755 -0
codeframe/ui/routers/review_v2.py +360 -0
codeframe/ui/routers/schedule_v2.py +214 -0
codeframe/ui/routers/session_chat_ws.py +354 -0
codeframe/ui/routers/settings_v2.py +562 -0
codeframe/ui/routers/streaming_v2.py +155 -0
codeframe/ui/routers/tasks_v2.py +1098 -0
codeframe/ui/routers/templates_v2.py +232 -0
codeframe/ui/routers/terminal_ws.py +267 -0
codeframe/ui/routers/workspace_v2.py +527 -0
codeframe/ui/server.py +568 -0
codeframe/ui/shared.py +241 -0
codeframe/workspace/__init__.py +5 -0
codeframe/workspace/manager.py +249 -0
codeframe_ai-0.9.0.dist-info/METADATA +517 -0
codeframe_ai-0.9.0.dist-info/RECORD +197 -0
codeframe_ai-0.9.0.dist-info/WHEEL +5 -0
codeframe_ai-0.9.0.dist-info/entry_points.txt +3 -0
codeframe_ai-0.9.0.dist-info/licenses/LICENSE +661 -0
codeframe_ai-0.9.0.dist-info/top_level.txt +1 -0

codeframe/core/proof/capture.py ADDED Viewed

@@ -0,0 +1,79 @@
+"""PROOF9 capture logic.
+Orchestrates the creation of a new requirement from a glitch report:
+classify → obligations → scope → save → generate stubs.
+"""
+from datetime import datetime, timezone
+from typing import Optional
+from codeframe.core.proof import ledger
+from codeframe.core.proof.models import (
+    Gate,
+    Requirement,
+    Severity,
+    Source,
+)
+from codeframe.core.proof.obligations import (
+    classify_glitch,
+    get_obligations,
+    suggest_evidence_rules,
+)
+from codeframe.core.proof.scope import build_scope_from_capture
+from codeframe.core.proof.stubs import generate_stubs
+from codeframe.core.workspace import Workspace
+def capture_requirement(
+    workspace: Workspace,
+    *,
+    title: str,
+    description: str,
+    where: str,
+    severity: Severity,
+    source: Source,
+    created_by: str = "human",
+    source_issue: Optional[str] = None,
+) -> tuple[Requirement, dict[Gate, str]]:
+    """Create a new requirement from a glitch report.
+    Returns the saved Requirement and a dict of Gate → stub content.
+    """
+    # 1. Classify the glitch
+    glitch_type = classify_glitch(description)
+    # 2. Get obligation set
+    obligations = get_obligations(glitch_type)
+    # 3. Build scope from user-provided location
+    scope = build_scope_from_capture(where)
+    # 4. Generate evidence rules for each obligation
+    evidence_rules = []
+    for obl in obligations:
+        evidence_rules.extend(suggest_evidence_rules(obl.gate, title))
+    # 5. Create the requirement
+    req_id = ledger.next_req_id(workspace)
+    req = Requirement(
+        id=req_id,
+        title=title,
+        description=description,
+        severity=severity,
+        source=source,
+        scope=scope,
+        obligations=obligations,
+        evidence_rules=evidence_rules,
+        created_at=datetime.now(timezone.utc),
+        created_by=created_by,
+        source_issue=source_issue,
+        glitch_type=glitch_type,
+    )
+    # 6. Persist
+    ledger.save_requirement(workspace, req)
+    # 7. Generate test stubs
+    stubs = generate_stubs(req)
+    return req, stubs

codeframe/core/proof/evidence.py ADDED Viewed

@@ -0,0 +1,56 @@
+"""PROOF9 evidence attachment and verification.
+Attaches evidence artifacts (test results, screenshots, reports)
+to requirements with SHA-256 checksums for integrity.
+"""
+import hashlib
+from datetime import datetime, timezone
+from pathlib import Path
+from codeframe.core.proof import ledger
+from codeframe.core.proof.models import Evidence, Gate, Requirement
+from codeframe.core.workspace import Workspace
+def _sha256(file_path: str) -> str:
+    """Compute SHA-256 checksum of a file. Raises if file missing."""
+    path = Path(file_path)
+    if not path.exists():
+        raise FileNotFoundError(f"Artifact not found: {file_path}")
+    h = hashlib.sha256()
+    h.update(path.read_bytes())
+    return h.hexdigest()
+def attach_evidence(
+    workspace: Workspace,
+    req_id: str,
+    gate: Gate,
+    artifact_path: str,
+    satisfied: bool,
+    run_id: str,
+) -> Evidence:
+    """Create and persist an evidence record with artifact checksum."""
+    evidence = Evidence(
+        req_id=req_id,
+        gate=gate,
+        satisfied=satisfied,
+        artifact_path=artifact_path,
+        artifact_checksum=_sha256(artifact_path),
+        timestamp=datetime.now(timezone.utc),
+        run_id=run_id,
+    )
+    ledger.save_evidence(workspace, evidence)
+    return evidence
+def check_obligation_satisfied(
+    workspace: Workspace, req: Requirement, gate: Gate
+) -> bool:
+    """Check if a gate obligation has passing evidence."""
+    evidence_list = ledger.list_evidence(workspace, req.id)
+    for ev in evidence_list:
+        if ev.gate == gate and ev.satisfied:
+            return True
+    return False

codeframe/core/proof/ledger.py ADDED Viewed

@@ -0,0 +1,574 @@
+"""PROOF9 ledger — SQLite storage for requirements and evidence.
+Uses raw sqlite3 following the workspace pattern in core/prd.py.
+Tables live in the workspace's state.db alongside PRDs and tasks.
+"""
+import json
+from datetime import date, datetime, timezone
+from typing import Optional
+from codeframe.core.proof.models import (
+    Evidence,
+    EvidenceRule,
+    Gate,
+    GlitchType,
+    Obligation,
+    ProofRun,
+    ReqStatus,
+    Requirement,
+    RequirementScope,
+    Severity,
+    Source,
+    Waiver,
+)
+from codeframe.core.workspace import Workspace, get_db_connection
+def _utc_now() -> datetime:
+    return datetime.now(timezone.utc)
+def init_proof_tables(workspace: Workspace) -> None:
+    """Create proof tables if they don't exist."""
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute("""
+        CREATE TABLE IF NOT EXISTS proof_requirements (
+            id TEXT PRIMARY KEY,
+            title TEXT NOT NULL,
+            description TEXT NOT NULL,
+            severity TEXT NOT NULL,
+            source TEXT NOT NULL,
+            scope TEXT NOT NULL,
+            obligations TEXT NOT NULL,
+            evidence_rules TEXT NOT NULL,
+            status TEXT NOT NULL DEFAULT 'open',
+            waiver TEXT,
+            created_at TEXT NOT NULL,
+            satisfied_at TEXT,
+            created_by TEXT NOT NULL DEFAULT '',
+            source_issue TEXT,
+            related_reqs TEXT NOT NULL DEFAULT '[]',
+            glitch_type TEXT,
+            workspace_id TEXT NOT NULL
+        )
+    """)
+    cursor.execute("""
+        CREATE TABLE IF NOT EXISTS proof_evidence (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            req_id TEXT NOT NULL,
+            gate TEXT NOT NULL,
+            satisfied INTEGER NOT NULL,
+            artifact_path TEXT NOT NULL,
+            artifact_checksum TEXT NOT NULL,
+            timestamp TEXT NOT NULL,
+            run_id TEXT NOT NULL,
+            workspace_id TEXT NOT NULL,
+            FOREIGN KEY (req_id) REFERENCES proof_requirements(id)
+        )
+    """)
+    cursor.execute("""
+        CREATE TABLE IF NOT EXISTS proof_runs (
+            run_id TEXT NOT NULL,
+            workspace_id TEXT NOT NULL,
+            started_at TEXT NOT NULL,
+            completed_at TEXT,
+            triggered_by TEXT NOT NULL DEFAULT 'human',
+            overall_passed INTEGER NOT NULL DEFAULT 0,
+            duration_ms INTEGER,
+            PRIMARY KEY (run_id, workspace_id)
+        )
+    """)
+    cursor.execute("""
+        CREATE TABLE IF NOT EXISTS pr_proof_snapshots (
+            pr_number INTEGER NOT NULL,
+            workspace_id TEXT NOT NULL,
+            gates_passed INTEGER NOT NULL,
+            gates_total INTEGER NOT NULL,
+            gate_breakdown TEXT NOT NULL,
+            snapshotted_at TEXT NOT NULL,
+            PRIMARY KEY (pr_number, workspace_id)
+        )
+    """)
+    conn.commit()
+    conn.close()
+def _ensure_tables(workspace: Workspace) -> None:
+    """Lazily init tables on first access."""
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        "SELECT name FROM sqlite_master WHERE type='table' AND name='proof_requirements'"
+    )
+    missing = not cursor.fetchone()
+    if not missing:
+        cursor.execute(
+            "SELECT name FROM sqlite_master WHERE type='table' AND name='proof_runs'"
+        )
+        missing = not cursor.fetchone()
+    if not missing:
+        cursor.execute(
+            "SELECT name FROM sqlite_master WHERE type='table' AND name='pr_proof_snapshots'"
+        )
+        missing = not cursor.fetchone()
+    conn.close()
+    if missing:
+        init_proof_tables(workspace)
+# --- Serialization helpers ---
+def _scope_to_json(scope: RequirementScope) -> str:
+    return json.dumps({
+        "routes": scope.routes,
+        "components": scope.components,
+        "apis": scope.apis,
+        "files": scope.files,
+        "tags": scope.tags,
+    })
+def _scope_from_json(raw: str) -> RequirementScope:
+    data = json.loads(raw)
+    return RequirementScope(
+        routes=data.get("routes", []),
+        components=data.get("components", []),
+        apis=data.get("apis", []),
+        files=data.get("files", []),
+        tags=data.get("tags", []),
+    )
+def _obligations_to_json(obligations: list[Obligation]) -> str:
+    return json.dumps([{"gate": o.gate.value, "status": o.status} for o in obligations])
+def _obligations_from_json(raw: str) -> list[Obligation]:
+    data = json.loads(raw)
+    return [Obligation(gate=Gate(d["gate"]), status=d.get("status", "pending")) for d in data]
+def _evidence_rules_to_json(rules: list[EvidenceRule]) -> str:
+    return json.dumps([{"test_id": r.test_id, "must_pass": r.must_pass} for r in rules])
+def _evidence_rules_from_json(raw: str) -> list[EvidenceRule]:
+    data = json.loads(raw)
+    return [EvidenceRule(test_id=d["test_id"], must_pass=d.get("must_pass", True)) for d in data]
+def _waiver_to_json(waiver: Optional[Waiver]) -> Optional[str]:
+    if waiver is None:
+        return None
+    return json.dumps({
+        "reason": waiver.reason,
+        "expires": waiver.expires.isoformat() if waiver.expires else None,
+        "manual_checklist": waiver.manual_checklist,
+        "approved_by": waiver.approved_by,
+        "waived_at": waiver.waived_at.isoformat() if waiver.waived_at else None,
+    })
+def _waiver_from_json(raw: Optional[str]) -> Optional[Waiver]:
+    if not raw:
+        return None
+    data = json.loads(raw)
+    waived_at_raw = data.get("waived_at")
+    return Waiver(
+        reason=data["reason"],
+        expires=date.fromisoformat(data["expires"]) if data.get("expires") else None,
+        manual_checklist=data.get("manual_checklist", []),
+        approved_by=data.get("approved_by", ""),
+        waived_at=datetime.fromisoformat(waived_at_raw) if waived_at_raw else None,
+    )
+def _row_to_requirement(row: tuple) -> Requirement:
+    return Requirement(
+        id=row[0],
+        title=row[1],
+        description=row[2],
+        severity=Severity(row[3]),
+        source=Source(row[4]),
+        scope=_scope_from_json(row[5]),
+        obligations=_obligations_from_json(row[6]),
+        evidence_rules=_evidence_rules_from_json(row[7]),
+        status=ReqStatus(row[8]),
+        waiver=_waiver_from_json(row[9]),
+        created_at=datetime.fromisoformat(row[10]),
+        satisfied_at=datetime.fromisoformat(row[11]) if row[11] else None,
+        created_by=row[12],
+        source_issue=row[13],
+        related_reqs=json.loads(row[14]) if row[14] else [],
+        glitch_type=GlitchType(row[15]) if row[15] else None,
+    )
+# --- CRUD ---
+def save_requirement(workspace: Workspace, req: Requirement) -> None:
+    """Insert or replace a requirement in the ledger."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """INSERT OR REPLACE INTO proof_requirements
+           (id, title, description, severity, source, scope, obligations,
+            evidence_rules, status, waiver, created_at, satisfied_at,
+            created_by, source_issue, related_reqs, glitch_type, workspace_id)
+           VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)""",
+        (
+            req.id, req.title, req.description, req.severity.value,
+            req.source.value, _scope_to_json(req.scope),
+            _obligations_to_json(req.obligations),
+            _evidence_rules_to_json(req.evidence_rules),
+            req.status.value, _waiver_to_json(req.waiver),
+            (req.created_at or _utc_now()).isoformat(),
+            req.satisfied_at.isoformat() if req.satisfied_at else None,
+            req.created_by, req.source_issue,
+            json.dumps(req.related_reqs),
+            req.glitch_type.value if req.glitch_type else None,
+            workspace.id,
+        ),
+    )
+    conn.commit()
+    conn.close()
+def get_requirement(workspace: Workspace, req_id: str) -> Optional[Requirement]:
+    """Fetch a single requirement by ID."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """SELECT id, title, description, severity, source, scope, obligations,
+                  evidence_rules, status, waiver, created_at, satisfied_at,
+                  created_by, source_issue, related_reqs, glitch_type
+           FROM proof_requirements WHERE id = ? AND workspace_id = ?""",
+        (req_id, workspace.id),
+    )
+    row = cursor.fetchone()
+    conn.close()
+    return _row_to_requirement(row) if row else None
+def list_requirements(
+    workspace: Workspace, status: Optional[ReqStatus] = None
+) -> list[Requirement]:
+    """List all requirements, optionally filtered by status."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    if status:
+        cursor.execute(
+            """SELECT id, title, description, severity, source, scope, obligations,
+                      evidence_rules, status, waiver, created_at, satisfied_at,
+                      created_by, source_issue, related_reqs, glitch_type
+               FROM proof_requirements WHERE workspace_id = ? AND status = ?
+               ORDER BY created_at DESC""",
+            (workspace.id, status.value),
+        )
+    else:
+        cursor.execute(
+            """SELECT id, title, description, severity, source, scope, obligations,
+                      evidence_rules, status, waiver, created_at, satisfied_at,
+                      created_by, source_issue, related_reqs, glitch_type
+               FROM proof_requirements WHERE workspace_id = ?
+               ORDER BY created_at DESC""",
+            (workspace.id,),
+        )
+    rows = cursor.fetchall()
+    conn.close()
+    return [_row_to_requirement(r) for r in rows]
+def next_req_id(workspace: Workspace) -> str:
+    """Generate the next sequential REQ-#### ID.
+    Uses MAX(id) to avoid collisions from deleted requirements.
+    """
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        "SELECT MAX(CAST(SUBSTR(id, 5) AS INTEGER)) FROM proof_requirements WHERE workspace_id = ?",
+        (workspace.id,),
+    )
+    row = cursor.fetchone()
+    max_num = row[0] if row and row[0] is not None else 0
+    conn.close()
+    return f"REQ-{max_num + 1:04d}"
+def save_evidence(workspace: Workspace, evidence: Evidence) -> None:
+    """Store an evidence record."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """INSERT INTO proof_evidence
+           (req_id, gate, satisfied, artifact_path, artifact_checksum,
+            timestamp, run_id, workspace_id)
+           VALUES (?, ?, ?, ?, ?, ?, ?, ?)""",
+        (
+            evidence.req_id, evidence.gate.value, int(evidence.satisfied),
+            evidence.artifact_path, evidence.artifact_checksum,
+            evidence.timestamp.isoformat(), evidence.run_id, workspace.id,
+        ),
+    )
+    conn.commit()
+    conn.close()
+def list_evidence(workspace: Workspace, req_id: str) -> list[Evidence]:
+    """List all evidence for a requirement."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """SELECT req_id, gate, satisfied, artifact_path, artifact_checksum,
+                  timestamp, run_id
+           FROM proof_evidence WHERE req_id = ? AND workspace_id = ?
+           ORDER BY timestamp DESC""",
+        (req_id, workspace.id),
+    )
+    rows = cursor.fetchall()
+    conn.close()
+    return [
+        Evidence(
+            req_id=r[0], gate=Gate(r[1]), satisfied=bool(r[2]),
+            artifact_path=r[3], artifact_checksum=r[4],
+            timestamp=datetime.fromisoformat(r[5]), run_id=r[6],
+        )
+        for r in rows
+    ]
+def waive_requirement(
+    workspace: Workspace, req_id: str, waiver: Waiver
+) -> Optional[Requirement]:
+    """Waive a requirement with reason and optional expiry."""
+    if waiver.waived_at is None:
+        waiver = Waiver(
+            reason=waiver.reason,
+            expires=waiver.expires,
+            manual_checklist=waiver.manual_checklist,
+            approved_by=waiver.approved_by,
+            waived_at=datetime.now(timezone.utc),
+        )
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """UPDATE proof_requirements SET status = ?, waiver = ?
+           WHERE id = ? AND workspace_id = ?""",
+        (ReqStatus.WAIVED.value, _waiver_to_json(waiver), req_id, workspace.id),
+    )
+    conn.commit()
+    conn.close()
+    return get_requirement(workspace, req_id)
+def save_run(workspace: Workspace, run: ProofRun) -> None:
+    """Insert or replace a proof run record."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """INSERT OR REPLACE INTO proof_runs
+           (run_id, workspace_id, started_at, completed_at, triggered_by,
+            overall_passed, duration_ms)
+           VALUES (?, ?, ?, ?, ?, ?, ?)""",
+        (
+            run.run_id, workspace.id,
+            run.started_at.isoformat(),
+            run.completed_at.isoformat() if run.completed_at else None,
+            run.triggered_by,
+            int(run.overall_passed),
+            run.duration_ms,
+        ),
+    )
+    conn.commit()
+    conn.close()
+def get_run(workspace: Workspace, run_id: str) -> Optional[ProofRun]:
+    """Fetch a single proof run by run_id."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """SELECT run_id, workspace_id, started_at, completed_at, triggered_by,
+                  overall_passed, duration_ms
+           FROM proof_runs WHERE run_id = ? AND workspace_id = ?""",
+        (run_id, workspace.id),
+    )
+    row = cursor.fetchone()
+    conn.close()
+    if not row:
+        return None
+    return ProofRun(
+        run_id=row[0],
+        workspace_id=row[1],
+        started_at=datetime.fromisoformat(row[2]),
+        completed_at=datetime.fromisoformat(row[3]) if row[3] else None,
+        triggered_by=row[4],
+        overall_passed=bool(row[5]),
+        duration_ms=row[6],
+    )
+def list_runs(workspace: Workspace, limit: int = 5) -> list[ProofRun]:
+    """List the most recent proof runs for this workspace."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """SELECT run_id, workspace_id, started_at, completed_at, triggered_by,
+                  overall_passed, duration_ms
+           FROM proof_runs WHERE workspace_id = ?
+           ORDER BY started_at DESC LIMIT ?""",
+        (workspace.id, limit),
+    )
+    rows = cursor.fetchall()
+    conn.close()
+    return [
+        ProofRun(
+            run_id=r[0],
+            workspace_id=r[1],
+            started_at=datetime.fromisoformat(r[2]),
+            completed_at=datetime.fromisoformat(r[3]) if r[3] else None,
+            triggered_by=r[4],
+            overall_passed=bool(r[5]),
+            duration_ms=r[6],
+        )
+        for r in rows
+    ]
+def get_run_evidence(workspace: Workspace, run_id: str) -> list[Evidence]:
+    """List all evidence records for a specific run_id."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """SELECT req_id, gate, satisfied, artifact_path, artifact_checksum,
+                  timestamp, run_id
+           FROM proof_evidence WHERE run_id = ? AND workspace_id = ?
+           ORDER BY timestamp ASC""",
+        (run_id, workspace.id),
+    )
+    rows = cursor.fetchall()
+    conn.close()
+    return [
+        Evidence(
+            req_id=r[0], gate=Gate(r[1]), satisfied=bool(r[2]),
+            artifact_path=r[3], artifact_checksum=r[4],
+            timestamp=datetime.fromisoformat(r[5]), run_id=r[6],
+        )
+        for r in rows
+    ]
+def check_expired_waivers(workspace: Workspace) -> list[Requirement]:
+    """Find and revert expired waivers to open status."""
+    _ensure_tables(workspace)
+    today = date.today().isoformat()
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    # Find waived reqs
+    cursor.execute(
+        """SELECT id, title, description, severity, source, scope, obligations,
+                  evidence_rules, status, waiver, created_at, satisfied_at,
+                  created_by, source_issue, related_reqs, glitch_type
+           FROM proof_requirements WHERE workspace_id = ? AND status = 'waived'""",
+        (workspace.id,),
+    )
+    rows = cursor.fetchall()
+    expired = []
+    for row in rows:
+        req = _row_to_requirement(row)
+        if req.waiver and req.waiver.expires and req.waiver.expires.isoformat() <= today:
+            cursor.execute(
+                "UPDATE proof_requirements SET status = 'open', waiver = NULL WHERE id = ?",
+                (req.id,),
+            )
+            req.status = ReqStatus.OPEN
+            req.waiver = None
+            expired.append(req)
+    if expired:
+        conn.commit()
+    conn.close()
+    return expired
+# --- PR Proof Snapshots ---
+def save_pr_proof_snapshot(
+    workspace: Workspace,
+    pr_number: int,
+    gates_passed: int,
+    gates_total: int,
+    gate_breakdown: list[dict],
+) -> None:
+    """Save a proof snapshot for a PR at creation time."""
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """INSERT OR REPLACE INTO pr_proof_snapshots
+           (pr_number, workspace_id, gates_passed, gates_total,
+            gate_breakdown, snapshotted_at)
+           VALUES (?, ?, ?, ?, ?, ?)""",
+        (
+            pr_number,
+            workspace.id,
+            gates_passed,
+            gates_total,
+            json.dumps(gate_breakdown),
+            _utc_now().isoformat(),
+        ),
+    )
+    conn.commit()
+    conn.close()
+def get_pr_proof_snapshot(
+    workspace: Workspace, pr_number: int
+) -> Optional[dict]:
+    """Fetch a proof snapshot for a PR.
+    Returns:
+        Dict with pr_number, gates_passed, gates_total, gate_breakdown,
+        snapshotted_at — or None if not found.
+    """
+    _ensure_tables(workspace)
+    conn = get_db_connection(workspace)
+    cursor = conn.cursor()
+    cursor.execute(
+        """SELECT pr_number, gates_passed, gates_total, gate_breakdown, snapshotted_at
+           FROM pr_proof_snapshots WHERE pr_number = ? AND workspace_id = ?""",
+        (pr_number, workspace.id),
+    )
+    row = cursor.fetchone()
+    conn.close()
+    if not row:
+        return None
+    return {
+        "pr_number": row[0],
+        "gates_passed": row[1],
+        "gates_total": row[2],
+        "gate_breakdown": json.loads(row[3]),
+        "snapshotted_at": row[4],
+    }