[RFC][v2] Host-verified complete_step evidence receipts

[GTC2080]

Problem

complete_step currently verifies that the model supplied evidence fields, but the host runtime does not confirm that the cited command, file read, or edit actually happened in the current turn.

Proposal

Add a small runtime-only evidence receipt ledger. The agent records tool-call receipts during a turn, and complete_step checks verification, diff, and files evidence against those receipts before accepting a step completion.

Non-goals

• No UI changes.
• No performance claims or optimization.
• No auto-plan or multi-agent behavior.
• No prompt, tool schema, or tool list changes.
• No persistence of receipt data.

Conflict check

This is intentionally scoped away from the active auto-plan, worktree agents, goal state, cache diagnostics, and MCP startup/import PRs. The first implementation should touch only the core agent loop, complete_step behavior, and focused tests.

Review evidence plan

PRs will link this RFC. Because the first slice has no UI changes, screenshots are not applicable. Because it makes no performance claim and avoids prompt/tool-schema changes, cache/token metrics are not expected; if scope changes, the PR will include the required data.

[GTC2080]

Phase 1 landed in #2540. I will keep this RFC open as the tracking issue for Phase 2: todo-backed complete_step consistency, still runtime-only with no UI changes, no performance claims, and no prompt or tool schema changes.

[GTC2080]

Phase 2 implementation PR opened: #2569. Scope remains runtime-only with no UI changes, no performance claims, and no prompt or tool schema changes.

[GTC2080]

Phase 2 landed in #2569. The runtime receipt work covered by this RFC is now complete: bash/file evidence verification plus todo-backed complete_step step matching. Closing this RFC; follow-up work for todo completion transitions will use a separate RFC.

[GTC2080]

Closing after #2540 and #2569 landed. Phase 3 will be tracked separately.