now with build tools

add a cargo dist feature that just builds the right thing

users need guides, too

Supervised + strict contracts: tighten boundary record enforcement and align docs

• Enforce fixed result.outcome vocabulary (success|denied|partial|error) on every emitted record (strict + supervised), even when boundaries.json is permissive.
• Make strict mode fail fast on first script-level contract break.
• Reject symlinked scripts at discovery.
• Remove internal __schema-validate helper and its tests.
• Raise payload/snippet limits (16 KiB payload, 2000-char snippets) and ensure supervised synthetic records use the same payload builder/caps as emit-record.
• Update docs/fencerunner-user.md (new user guide, restructured) and bring docs/boundaries.md in line with runner-enforced reality.

vibe it out

fencerunner v1.0.0

fencerunner is a contracted script runner for macOS: point it at one or more flat run dirs of Bash 3.2 scripts, and it streams a deterministic NDJSON boundary record per script—validated, normalized, and ready for downstream tooling.

• Run dirs are flat: every top-level *.sh is a script; subdirectories are ignored; script ids come from filenames (<script_id>.sh) and must be unique across all run dirs in a single run.
• The triad is the API: each run dir includes commitments.json (commitments_v1), gates.json (gates_v1), and boundaries.json (boundaries_v1), validated before any script executes.
• Two-layer validation: run-dir contracts validate against meta-schemas in schema/, then each emitted boundary record validates at runtime against the run dir’s boundaries.json.record_schema.
• A boundary stream you can trust: stdout is reserved for exactly one JSON object per script (emitted as one NDJSON line); stderr stays diagnostic (or can be enforced empty via gates.json with stderr.empty).
• Strict vs supervised:
  • --strict (default): contract breaks make the run fail (non-zero exit).
  • --supervised: contract breaks become synthetic error records (tagged under extensions.synthetic) so stdout stays well-formed NDJSON; exits 0 unless preflight/runner fails.
• Script-facing helpers without extra installs: at runtime fencerunner materializes an ephemeral ${FENCERUNNER_ROOT} containing lib/library.sh plus shims like emit-record and commit-help-me; scripts source the library, enroll commitments with commit_help_me, then emit schema-valid records with emit-record (payload snippets are required and size-bounded).