[pitboss] sweep after phase 31: 1 deferred items resolved

2026-06-09 19:45:13 +02:00 · 2026-05-15 20:51:20 -05:00 · 2026-05-15 20:51:20 -05:00 · 93e4764e3c
commit 93e4764e3c
parent 77d40900aa
3 changed files with 18 additions and 0 deletions
--- a/src/cli.rs
+++ b/src/cli.rs
@ -272,6 +272,17 @@ pub enum Commands {
        #[arg(long, help_heading = "Output")]
        quiet: bool,

+        /// Print the dynamic-verifier trace to stderr at end-of-verify.
+        ///
+        /// When dynamic verification is enabled, the verifier records a
+        /// per-finding [`crate::dynamic::trace::VerifyTrace`].  Setting this
+        /// flag flushes every recorded `TraceEvent` to stderr after each
+        /// verdict, matching the stream that already lands in the repro
+        /// bundle at `expected/trace.jsonl`.  Off by default so non-interactive
+        /// scans stay quiet.
+        #[arg(long, help_heading = "Output")]
+        verbose: bool,
+
        /// Exit with code 1 if any finding meets or exceeds this severity
        ///
        /// Useful for CI gating. Example: --fail-on HIGH
--- a/src/commands/mod.rs
+++ b/src/commands/mod.rs
@ -58,6 +58,7 @@ pub fn handle_command(
            all_targets,
            keep_nonprod_severity,
            quiet,
+            verbose,
            fail_on,
            no_state,
            no_rank,
@ -378,6 +379,7 @@ pub fn handle_command(
                baseline.as_deref().map(std::path::Path::new),
                baseline_write.as_deref().map(std::path::Path::new),
                gate.as_deref(),
+                verbose,
            )?;
        }
        #[cfg(feature = "dynamic")]
--- a/src/commands/scan.rs
+++ b/src/commands/scan.rs
@ -404,6 +404,7 @@ pub fn handle(
    baseline: Option<&Path>,
    baseline_write: Option<&Path>,
    gate: Option<&str>,
+    #[cfg_attr(not(feature = "dynamic"), allow(unused_variables))] verbose: bool,
 ) -> NyxResult<()> {
    let scan_path = Path::new(path).canonicalize()?;
    let (project_name, db_path) = get_project_info(&scan_path, database_dir)?;
@ -548,6 +549,10 @@ pub fn handle(
    #[cfg(feature = "dynamic")]
    if config.scanner.verify {
        let mut opts = crate::dynamic::verify::VerifyOptions::from_config(config);
+        // Phase 30 (Track C observability): surface the per-finding
+        // [`crate::dynamic::trace::VerifyTrace`] on stderr when the
+        // operator passes `--verbose`.
+        opts.trace_verbose = verbose;
        // Enable the verdict cache (§12 Q5) when an index DB is in use.
        // When index_mode is Off, the DB is never created, so no cache.
        if index_mode != IndexMode::Off && db_path.exists() {