[pitboss/grind] deferred session-0001 (20260521T201327Z-3848)

docs/cli.md

@@ -154,7 +154,7 @@ nyx scan --engine-profile deep --no-smt --explain-engine
 
 ### Dynamic verification
 
-Available with `--features dynamic`. See [dynamic.md](dynamic.md) for the full pipeline and verdict semantics.
+Available in default builds, or in custom builds with `--features dynamic`. See [dynamic.md](dynamic.md) for the full pipeline and verdict semantics.
 
 | Flag | Default | Description |
 |------|---------|-------------|

docs/configuration.md

@@ -68,7 +68,7 @@ excluded_extensions = ["foo", "jpg"]
 | `enable_auth_analysis` | bool | `true` | Enable auth-state analysis within the state engine. When false, only resource lifecycle findings (leak, use-after-close, double-close) are produced. |
 | `enable_panic_recovery` | bool | `false` | Catch per-file analysis panics as warnings and continue. When false, a panic aborts the scan, preserving the loud-fail behaviour for users debugging engine bugs. |
 | `enable_auth_as_taint` | bool | `false` | Fold auth analysis into the SSA/taint engine via `Cap::UNAUTHORIZED_ID`. Off while the standalone path still carries stable detection. |
-| `verify` | bool | `true` | Run dynamic verification on each `Confidence >= Medium` finding after the static pass. Requires the binary to be built with `--features dynamic`. CLI overrides: `--verify` / `--no-verify`. |
+| `verify` | bool | `true` | Run dynamic verification on each `Confidence >= Medium` finding after the static pass. Included in default builds; custom `--no-default-features` builds need `--features dynamic`. CLI overrides: `--verify` / `--no-verify`. |
 | `verify_all_confidence` | bool | `false` | Extend dynamic verification to findings below `Confidence::Medium`. Intended for corpus-building, not production scans. CLI: `--verify-all-confidence`. |
 | `verify_backend` | string | `"auto"` | Sandbox backend for dynamic verification. `"auto"` picks docker when available else process; `"docker"` requires docker; `"process"` runs in-process (same as `--unsafe-sandbox`). |
 | `harden_profile` | string | `"standard"` | Process-backend hardening profile. `"standard"` engages `PR_SET_NO_NEW_PRIVS` + `setrlimit(RLIMIT_AS)` on Linux; `"strict"` adds namespace unshare, chroot to workdir, and a default-deny seccomp filter on Linux, plus `sandbox-exec` wrapping on macOS keyed off the finding's expected cap. |

docs/dynamic.md

@@ -3,6 +3,9 @@
 Nyx re-runs findings in generated harnesses when verification is enabled. By
 default, `nyx scan` verifies each `Confidence >= Medium` finding, tries
 payloads in a sandbox, and writes the result to `evidence.dynamic_verdict`.
+Default Nyx builds include the `dynamic` feature; custom
+`--no-default-features` builds run static-only unless rebuilt with
+`--features dynamic`.
 
 Dynamic verification is a second signal, not a replacement for review. A
 confirmed verdict means Nyx triggered the sink in its harness. `NotConfirmed`