sodadata
diff --git a/‎README.md‎
Lines changed: 26 additions & 8 deletions b/‎README.md‎
Lines changed: 26 additions & 8 deletions
diff --git a/‎command_tree.txt‎
Lines changed: 9 additions & 9 deletions b/‎command_tree.txt‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎go/cmd/contract.go‎
Lines changed: 203 additions & 10 deletions b/‎go/cmd/contract.go‎
Lines changed: 203 additions & 10 deletions
diff --git a/‎go/go.mod‎
Lines changed: 3 additions & 2 deletions b/‎go/go.mod‎
Lines changed: 3 additions & 2 deletions
@@ -17,13 +17,13 @@ The CLI is functional for core workflows. Here's where things stand:
 | Auth (login, logout, status, profiles) | Working |
 | Datasource (list, get, create, delete, onboard) | Working |
 | Dataset (list, get, update, delete, profiling, permissions, onboard) | Working |
-| Contract (list, push, pull, diff, create, verify via cloud) | Working |
+| Contract (list, push, pull, diff, create, lint, verify via cloud or local) | Working |
 | Monitor (list, config, add column/custom, update, delete) | Working |
 | Results (list with filtering, sorting, date ranges) | Working |
 | Runner (list, get, create, delete) | Working |
 | IAM (user list, group CRUD, role list) | Working |
 | Job logs | Working |
-| Contract verify (local via soda-core) | Planned |
+| Contract verify (local via soda-core) | Working |
 | Incidents | Planned |
 | Notifications, Secrets | Planned |
 | Dashboard | Planned |
@@ -104,9 +104,12 @@ sodacli datasource onboard <datasource-id> --monitoring --profiling --contracts
 ### 3. Verify a contract
 
 ```bash
-# Run checks against your data
+# Run checks via Soda Cloud Runner
 sodacli contract verify orders.yml
 
+# Or run locally via soda-core (no cloud needed)
+sodacli contract verify orders.yml --local --datasource datasource.yml
+
 # Check results
 sodacli results list --status failing
 sodacli job logs <scan-id>
@@ -155,10 +158,12 @@ sodacli contract create --dataset ds/db/schema/table --mode copilot      # AI-ge
 sodacli contract pull ds/db/schema/table                                 # download from cloud
 sodacli contract push my_table.yml                                       # upload to cloud
 sodacli contract diff my_table.yml                                       # local vs cloud diff
-sodacli contract lint my_table.yml                                       # validate syntax
+sodacli contract lint my_table.yml                                       # validate syntax (offline)
+sodacli contract lint contracts/*.yml                                    # lint multiple files
 sodacli contract verify my_table.yml                                     # run checks via cloud Runner
 sodacli contract verify my_table.yml --no-wait                           # fire and forget
-sodacli contract verify my_table.yml --runner soda-core --datasource config.yml  # run locally (planned)
+sodacli contract verify my_table.yml --local --datasource config.yml     # run locally via soda-core
+sodacli contract verify my_table.yml --local --datasource config.yml --push  # run locally + push results to cloud
 ```
 
 ### Monitors
@@ -212,9 +217,12 @@ sodacli auth login \
   --api-key-secret "$SODA_API_KEY_SECRET" \
   --no-interactive
 
-# Run contract checks
+# Run contract checks (via cloud Runner)
 sodacli contract verify contracts/orders.yml --no-interactive --output json
 
+# Or run locally (no cloud auth needed, just soda-core on PATH)
+sodacli contract verify contracts/orders.yml --local --datasource datasource.yml
+
 # Exit codes
 # 0 = all checks passed
 # 1 = one or more checks failed  →  fail the pipeline
@@ -288,8 +296,6 @@ The CLI code is written for these. They'll work as soon as the API endpoints shi
 
 ### Planned Features
 
-- **Local contract execution.** `sodacli contract verify --runner soda-core` runs checks locally via the soda-core Python engine, no Soda Cloud needed.
-- **Real contract linting.** `sodacli contract lint` using soda-core for full schema validation.
 - **Dashboard.** Org-level overview of datasets, results, and incidents.
 - **Contract proposals.** PR-style review flow for contract changes.
 
@@ -306,3 +312,15 @@ The goal is one CLI that covers the full data quality lifecycle:
 7. **Govern.** `sodacli iam` and `sodacli dataset permissions` control who can do what.
 
 All of this works the same way for humans typing commands and for AI agents calling them programmatically. Same interface, same exit codes, same JSON output.
+
+## Soda CLI vs soda-core
+
+| | Soda CLI (`sodacli`) | soda-core (`soda`) |
+|---|---|---|
+| **Language** | Go (single binary, no dependencies) | Python (requires pip + DB connectors) |
+| **Execution** | Cloud via Soda Runner, or local via `--local` | Local only |
+| **Scope** | Full platform: datasources, datasets, contracts, monitors, results, IAM, incidents | Contract verification and data source testing |
+| **Contract generation** | `contract create --mode copilot` (AI) or `skeleton` | Manual authoring only |
+| **CI/CD** | `--no-interactive`, `--output json`, structured exit codes | Basic exit codes |
+
+**Why use Soda CLI?** If you only need to run checks locally, soda-core is enough. If you want to manage your entire data quality lifecycle from one tool — generate contracts with AI, monitor anomalies, track results, control permissions, and integrate with CI/CD — use sodacli. It shells out to soda-core for local execution when needed (`--local`), so you get both.
@@ -93,8 +93,10 @@ sodacli
   │   │   [--no-wait]                 # start generation and return immediately (copilot mode only)
   │   │   # skeleton → async: POST /contracts/actions/createSkeleton → poll status → fetch contract
   │   │   # copilot  → async: POST /contracts/actions/generate → poll status → fetch contract (requires license)
-  │   ├── lint (alias: validate)  [<file>]           # validate contract YAML via soda-core  🔌 [requires soda-core on PATH]
-  │   │   # uses soda-core for real schema validation; falls back to basic YAML parse if not installed
+  │   ├── lint (alias: validate)  [<file...>]         # validate contract YAML against JSON schema  🏠
+  │   │   # validates structure, properties, and types against embedded contract schema
+  │   │   # supports multiple files and glob patterns; defaults to contracts/*.yml
+  │   │   # no auth or network required
   │   ├── push      [<file>]                         # push contract definition to cloud (upsert)  ✅
   │   │   # reads 'dataset:' field from file to find/create the contract
   │   ├── pull      <identifier>                      # pull contract from cloud → <table>.yml  ✅
@@ -108,15 +110,13 @@ sodacli
   │   │   # --no-interactive → fails with clear error describing what's missing
   │   │   --output <file>
   │   ├── verify    <file>                                    # verify contract checks against data
-  │   │   [--datasource <file>]            # explicit datasource config override
-  │   │   [--runner <name>]                # execution target:
-  │   │   │                                #   (omitted) → push to Soda Cloud, verify via cloud Runner  ✅
-  │   │   │                                #   soda-core → run locally via soda-core engine  🔌 [requires soda-core on PATH]
-  │   │   [--push]                         # push results to Soda Cloud (useful with --runner soda-core)
+  │   │   [--datasource <file>]            # datasource config file (required with --local)
+  │   │   [--local]                        # run locally via soda-core  🔌 [requires soda-core on PATH]
+  │   │   [--push]                         # push results to Soda Cloud (useful with --local)
   │   │   [--no-wait]                      # start verification and return immediately (cloud mode only)  ✅
   │   │   [--set key=value]               # runtime variable overrides (repeatable)
-  │   │   # cloud mode: push contract → POST /contracts/{id}/verify → poll GET /scans/{id} → results
-  │   │   # local mode: shell out to soda-core, requires --datasource or soda.yml, prompts install if missing
+  │   │   # default: push contract → POST /contracts/{id}/verify → poll GET /scans/{id} → results  ✅
+  │   │   # --local: shell out to soda-core, requires --datasource, prompts install if missing
   │   │   # exit codes: 0=pass 1=checks failed 2=error 3=auth error
   │   └── proposal                         # PR flow for published contracts  ❌ [NOT YET IMPLEMENTABLE - API work required]
   │       ├── list   [--status open|done|all]
 
@@ -12,7 +12,10 @@ import (
 	"gopkg.in/yaml.v3"
 
 	"github.com/soda-data-inc/soda-cli/internal/api"
+	"github.com/soda-data-inc/soda-cli/internal/config"
+	"github.com/soda-data-inc/soda-cli/internal/lint"
 	"github.com/soda-data-inc/soda-cli/internal/output"
+	"github.com/soda-data-inc/soda-cli/internal/sodacore"
 )
 
 var contractCmd = &cobra.Command{
@@ -276,20 +279,99 @@ var contractDiffCmd = &cobra.Command{
 // ── contract lint ─────────────────────────────────────────────────────────────
 
 var contractLintCmd = &cobra.Command{
-	Use:     "lint [file]",
+	Use:     "lint [file...]",
 	Aliases: []string{"validate"},
 	Short:   "Validate contract syntax (no network required)",
+	Long: `Validate contract YAML files against the Soda data contract schema.
+
+  Checks structure, property names, and value types without connecting to Soda Cloud.
+  Supports multiple files and glob patterns.
+
+  Exit codes: 0=valid, 2=validation errors found`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		file := "contracts/*.yml"
-		if len(args) > 0 {
-			file = args[0]
+		files := resolveLintFiles(args)
+		if len(files) == 0 {
+			return output.Errorf(2, "no contract files found — provide file paths or place contracts in a contracts/ directory")
 		}
-		fmt.Println(output.Dim.Render("  Linting " + file + "..."))
-		output.PrintSuccess("Contract syntax is valid.", GCtx)
-		return nil
+
+		results, err := lint.LintFiles(files)
+		if err != nil {
+			return output.Errorf(2, "lint error: %v", err)
+		}
+
+		return displayLintResults(results)
 	},
 }
 
+// resolveLintFiles expands arguments (which may contain globs) into file paths.
+// Falls back to contracts/*.yml then *.yml in the current directory.
+func resolveLintFiles(args []string) []string {
+	if len(args) > 0 {
+		var files []string
+		for _, arg := range args {
+			matches, err := filepath.Glob(arg)
+			if err != nil || len(matches) == 0 {
+				// Treat as literal file path
+				files = append(files, arg)
+			} else {
+				files = append(files, matches...)
+			}
+		}
+		return files
+	}
+	// Default: contracts/*.yml, then *.yml
+	if matches, _ := filepath.Glob("contracts/*.yml"); len(matches) > 0 {
+		return matches
+	}
+	if matches, _ := filepath.Glob("*.yml"); len(matches) > 0 {
+		return matches
+	}
+	return nil
+}
+
+func displayLintResults(results []*lint.LintResult) error {
+	if output.EffectiveFmt(GCtx) == "json" {
+		s, err := lint.ResultsJSON(results)
+		if err != nil {
+			return output.Errorf(2, "failed to encode results: %v", err)
+		}
+		fmt.Println(s)
+		for _, r := range results {
+			if !r.Valid {
+				return output.Errorf(2, "")
+			}
+		}
+		return nil
+	}
+
+	hasErrors := false
+	totalFiles := len(results)
+	validFiles := 0
+
+	for _, r := range results {
+		if r.Valid {
+			validFiles++
+			if !GCtx.Quiet {
+				fmt.Println("  " + output.Green.Render("✓") + " " + r.File)
+			}
+		} else {
+			hasErrors = true
+			fmt.Println("  " + output.Red.Render("✗") + " " + r.File)
+			for _, e := range r.Errors {
+				fmt.Printf("    %s: %s\n", output.Dim.Render(e.Path), e.Message)
+			}
+		}
+	}
+
+	fmt.Println()
+	if hasErrors {
+		invalidFiles := totalFiles - validFiles
+		return output.Errorf(2, "%d file(s) checked, %d valid, %d with errors", totalFiles, validFiles, invalidFiles)
+	}
+	output.PrintSuccess(fmt.Sprintf("All %d contract file(s) are valid.", totalFiles), GCtx)
+	return nil
+}
+
 // ── contract create ───────────────────────────────────────────────────────────
 
 var contractCreateCmd = &cobra.Command{
@@ -570,13 +652,23 @@ var contractVerifyCmd = &cobra.Command{
 	Short: "Run contract checks against your data",
 	Long: `Execute data quality checks defined in a contract file.
 
-  Pushes the contract to Soda Cloud and triggers verification via a Runner.
+  By default, pushes the contract to Soda Cloud and triggers verification via a Runner.
   Polls for results and displays a summary.
 
+  With --local, runs verification locally via soda-core (must be on PATH).
+  In local mode, --datasource <config.yml> is required.
+  Use --push to publish local results to Soda Cloud.
+
   Exit codes: 0=all passing, 1=checks failed, 2=error, 3=auth error`,
 	Args: cobra.ExactArgs(1),
 	RunE: func(cmd *cobra.Command, args []string) error {
 		file := args[0]
+		local, _ := cmd.Flags().GetBool("local")
+
+		if local {
+			return runContractVerifyLocal(cmd, file)
+		}
+
 		noWait, _ := cmd.Flags().GetBool("no-wait")
 
 		client, err := newAPIClient()
@@ -748,6 +840,107 @@ done:
 	}
 }
 
+// ── contract verify --local ───────────────────────────────────────────────────
+
+func runContractVerifyLocal(cmd *cobra.Command, contractFile string) error {
+	// Validate contract file exists
+	if _, err := os.Stat(contractFile); err != nil {
+		return output.Errorf(2, "could not read file %s: %v", contractFile, err)
+	}
+
+	// --datasource is required in local mode
+	datasourceFile, _ := cmd.Flags().GetString("datasource")
+	if datasourceFile == "" {
+		return output.Errorf(2, "--datasource <config-file> is required in local mode\n  Example: sodacli contract verify orders.yml --local --datasource datasource.yml")
+	}
+	if _, err := os.Stat(datasourceFile); err != nil {
+		return output.Errorf(2, "datasource config file not found: %s", datasourceFile)
+	}
+
+	// --no-wait doesn't apply in local mode
+	if noWait, _ := cmd.Flags().GetBool("no-wait"); noWait {
+		fmt.Println(output.Yellow.Render("  Warning:") + " --no-wait is ignored in local mode (soda-core runs synchronously)")
+	}
+
+	// Find soda-core binary
+	binPath, err := sodacore.FindBinary()
+	if err != nil {
+		return err
+	}
+
+	// Show version in verbose mode
+	if GCtx.Verbose {
+		version := sodacore.CheckVersion(binPath)
+		fmt.Println(output.Dim.Render("  soda-core version: " + version))
+	}
+
+	// Handle --push: build temp soda-cloud config
+	push, _ := cmd.Flags().GetBool("push")
+	var cloudConfigPath string
+	var cleanup func()
+	if push {
+		creds, err := config.LoadCredentials()
+		if err != nil {
+			return output.Errorf(2, "could not read credentials for --push: %v", err)
+		}
+		profile, err := config.GetProfile(GCtx.Profile, creds)
+		if err != nil {
+			return output.Errorf(3, "--push requires authentication: %v", err)
+		}
+		cloudConfigPath, cleanup, err = sodacore.WriteTempCloudConfig(profile.Host, profile.APIKeyID, profile.APIKeySecret)
+		if err != nil {
+			return output.Errorf(2, "could not create soda-cloud config: %v", err)
+		}
+		defer cleanup()
+	}
+
+	// Build args
+	setVars, _ := cmd.Flags().GetStringArray("set")
+	opts := sodacore.VerifyOpts{
+		ContractFile:   contractFile,
+		DatasourceFile: datasourceFile,
+		SetVars:        setVars,
+		Verbose:        GCtx.Verbose,
+		Publish:        push,
+		SodaCloudFile:  cloudConfigPath,
+	}
+	cliArgs := sodacore.BuildVerifyArgs(opts)
+
+	// Print what we're about to do
+	if !GCtx.Quiet {
+		fmt.Println(output.Dim.Render("  Running locally via soda-core..."))
+		if GCtx.Verbose {
+			fmt.Println(output.Dim.Render("  Command: soda " + strings.Join(cliArgs, " ")))
+		}
+	}
+
+	// Execute
+	stream := output.EffectiveFmt(GCtx) != "json"
+	result, err := sodacore.Run(binPath, cliArgs, stream)
+	if err != nil {
+		return output.Errorf(2, "failed to execute soda-core: %v", err)
+	}
+
+	// JSON output mode: wrap soda-core output
+	if !stream {
+		fmt.Printf(`{"local": true, "exit_code": %d, "output": %q}`+"\n", result.ExitCode, result.Stdout)
+	}
+
+	// Map exit code
+	mapped := sodacore.MapExitCode(result.ExitCode, result.Stderr)
+	if mapped == 0 {
+		if !GCtx.Quiet && stream {
+			output.PrintSuccess("Local verification passed.", GCtx)
+		}
+		return nil
+	}
+	if mapped == 1 {
+		// soda-core already printed the failure summary; just set the exit code.
+		return output.Errorf(1, "")
+	}
+	return output.Errorf(2, "soda-core exited with error (exit code: %d)", result.ExitCode)
+}
+
 // ── contract proposal ─────────────────────────────────────────────────────────
 
 var contractProposalCmd = &cobra.Command{
@@ -904,8 +1097,8 @@ func init() {
 	contractCopilotCmd.Flags().String("dataset", "", "Dataset FQN to generate from")
 	contractCopilotCmd.Flags().String("output", "", "Output file path")
 
-	contractVerifyCmd.Flags().String("datasource", "", "Datasource config file override")
-	contractVerifyCmd.Flags().Bool("runner", false, "Delegate execution to Soda Runner")
+	contractVerifyCmd.Flags().String("datasource", "", "Datasource config file (required with --local)")
+	contractVerifyCmd.Flags().Bool("local", false, "Run verification locally via soda-core (requires soda-core on PATH)")
 	contractVerifyCmd.Flags().Bool("push", false, "Push results to Soda Cloud after verification")
 	contractVerifyCmd.Flags().Bool("no-wait", false, "Start verification and return immediately without waiting for results")
 	contractVerifyCmd.Flags().StringArray("set", nil, "Runtime variable overrides (key=value)")
 
@@ -6,8 +6,11 @@ require (
 	github.com/charmbracelet/huh v0.6.0
 	github.com/charmbracelet/lipgloss v1.0.0
 	github.com/olekukonko/tablewriter v0.0.5
+	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/spf13/cobra v1.8.1
 	golang.org/x/term v0.27.0
+	golang.org/x/text v0.18.0
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
@@ -34,6 +37,4 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )