@agentbridge1/cli 0.0.7 → 0.0.9

package/dist/contract-intelligence.js

@@ -0,0 +1,597 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildContractIntelligence = buildContractIntelligence;
+exports.mapFilesToExpectedSurfaces = mapFilesToExpectedSurfaces;
+exports.evaluateCompletionCriteria = evaluateCompletionCriteria;
+exports.nextStepFromCriteria = nextStepFromCriteria;
+exports.renderLiveExpectationSummary = renderLiveExpectationSummary;
+exports.localSessionToContractIntelligence = localSessionToContractIntelligence;
+exports.sessionNeedsContractBackfill = sessionNeedsContractBackfill;
+exports.ensureSessionContractIntelligence = ensureSessionContractIntelligence;
+exports.buildProofRequiredCommands = buildProofRequiredCommands;
+exports.buildLocalHelloPayload = buildLocalHelloPayload;
+exports.renderLiveContractBanner = renderLiveContractBanner;
+const intent_parser_1 = require("./intent-parser");
+const proof_parser_1 = require("./proof-parser");
+const diff_reader_1 = require("./diff-reader");
+const session_state_1 = require("./session-state");
+const MCP_RULE_PROFILE = "mcp_rules_config_install";
+const AUTH_PROFILE = "auth_login_session";
+const DB_PROFILE = "database_schema_migration";
+const UI_PROFILE = "ui_style_copy";
+const API_PROFILE = "api_endpoint";
+const TEST_PROFILE = "tests";
+const PAYMENTS_PROFILE = "payments_webhooks";
+const GENERIC_PROFILE = "generic";
+function unique(values) {
+    return [...new Set(values.map((value) => value.trim()).filter(Boolean))];
+}
+function matchIntent(intent, keywords) {
+    const lower = intent.toLowerCase();
+    return keywords.some((keyword) => lower.includes(keyword));
+}
+function detectProfiles(intent) {
+    const profiles = [];
+    if (matchIntent(intent, ["mcp"]) &&
+        matchIntent(intent, ["rule", "rules", "install", "setup", "config", "configuration"])) {
+        profiles.push(MCP_RULE_PROFILE);
+    }
+    if (matchIntent(intent, ["auth", "login", "session", "token", "oauth"])) {
+        profiles.push(AUTH_PROFILE);
+    }
+    if (matchIntent(intent, ["database", "db", "schema", "migration", "prisma", "sql"])) {
+        profiles.push(DB_PROFILE);
+    }
+    if (matchIntent(intent, ["ui", "style", "css", "copy", "layout", "component"])) {
+        profiles.push(UI_PROFILE);
+    }
+    if (matchIntent(intent, ["api", "endpoint", "route", "handler", "controller"])) {
+        profiles.push(API_PROFILE);
+    }
+    if (matchIntent(intent, ["test", "tests", "vitest", "jest", "proof"])) {
+        profiles.push(TEST_PROFILE);
+    }
+    if (matchIntent(intent, ["payment", "payments", "billing", "stripe", "webhook"])) {
+        profiles.push(PAYMENTS_PROFILE);
+    }
+    return profiles.length > 0 ? profiles : [GENERIC_PROFILE];
+}
+function profileBlueprint(profile) {
+    switch (profile) {
+        case MCP_RULE_PROFILE:
+            return {
+                expectedSurfaces: ["mcp", "rules_installation", "configuration_flow", "tests_or_manual_proof"],
+                expectedFileAreas: [
+                    "mcp/**",
+                    "mcp/agentbridge-mcp.ts",
+                    "AGENTBRIDGE.md",
+                    ".cursor/rules/**",
+                    "cli/src/mcp-config.ts",
+                    "cli/src/commands/setup-mcp.ts",
+                ],
+                completionCriteria: [
+                    "MCP configuration path triggers AgentBridge rule installation.",
+                    "Rules are created or updated in the expected Cursor rules location.",
+                    "Existing rules/config are preserved or safely updated.",
+                    "Re-running MCP configuration is idempotent and does not duplicate rules.",
+                    "Proof exists that MCP configuration causes rules to be installed.",
+                ],
+                proofNeeded: [
+                    "Run MCP setup/configuration flow in a clean repo.",
+                    "Confirm the AgentBridge Cursor rules file is created.",
+                    "Run setup/configuration again to confirm idempotency.",
+                    "Record test/manual proof output.",
+                ],
+                riskyOmissions: [
+                    "MCP server file changed but no install trigger wired to the configuration path.",
+                    "Rules are installed only in local mode or only in server mode.",
+                    "Existing Cursor rules are overwritten.",
+                    "No idempotency check.",
+                    "No proof that the auto-install behavior actually runs.",
+                ],
+                contractProfiles: [MCP_RULE_PROFILE],
+            };
+        case AUTH_PROFILE:
+            return {
+                expectedSurfaces: ["auth", "session", "tests_or_manual_proof"],
+                expectedFileAreas: ["auth/**", "src/**/auth/**", "src/**/session/**", "middleware/**"],
+                completionCriteria: [
+                    "Authentication/session flow handling is updated where intended.",
+                    "Authorization boundaries remain explicit and unchanged outside scope.",
+                    "Proof exists for the auth/session behavior change.",
+                ],
+                proofNeeded: ["Run auth/session flow tests or a reproducible manual proof."],
+                riskyOmissions: [
+                    "Auth logic changed without session or middleware checks.",
+                    "No proof of login/session behavior.",
+                ],
+                contractProfiles: [AUTH_PROFILE],
+            };
+        case DB_PROFILE:
+            return {
+                expectedSurfaces: ["database", "schema_migration", "tests_or_manual_proof"],
+                expectedFileAreas: ["prisma/**", "migrations/**", "src/**/db/**", "src/**/database/**"],
+                completionCriteria: [
+                    "Schema/data-layer changes are applied in intended files.",
+                    "Migration or compatibility impact is accounted for.",
+                    "Proof exists for migration/query behavior.",
+                ],
+                proofNeeded: ["Run migration/database verification command and capture output."],
+                riskyOmissions: [
+                    "Schema changed without migration/compatibility proof.",
+                    "No evidence of migration/query validation.",
+                ],
+                contractProfiles: [DB_PROFILE],
+            };
+        case UI_PROFILE:
+            return {
+                expectedSurfaces: ["ui", "copy_or_style", "tests_or_manual_proof"],
+                expectedFileAreas: ["src/**/components/**", "src/**/pages/**", "src/**/*.css", "src/**/*.html"],
+                completionCriteria: [
+                    "UI/copy/style surface for the contract is updated.",
+                    "Unrelated UI areas are not changed unintentionally.",
+                    "Proof exists for the visible behavior change.",
+                ],
+                proofNeeded: ["Record manual verification steps (or visual/tests) for UI outcome."],
+                riskyOmissions: [
+                    "UI files changed without a clear visible proof.",
+                    "Broad style changes without scope evidence.",
+                ],
+                contractProfiles: [UI_PROFILE],
+            };
+        case API_PROFILE:
+            return {
+                expectedSurfaces: ["api", "endpoint_logic", "tests_or_manual_proof"],
+                expectedFileAreas: ["src/**/routes/**", "src/**/api/**", "src/**/controllers/**"],
+                completionCriteria: [
+                    "Target API/endpoint behavior is changed in the correct surface.",
+                    "Request/response behavior is evidenced.",
+                    "Proof exists for endpoint behavior.",
+                ],
+                proofNeeded: ["Run endpoint tests or reproducible request/response proof."],
+                riskyOmissions: [
+                    "Endpoint files changed without request/response evidence.",
+                    "No proof for API behavior change.",
+                ],
+                contractProfiles: [API_PROFILE],
+            };
+        case TEST_PROFILE:
+            return {
+                expectedSurfaces: ["tests", "proof"],
+                expectedFileAreas: ["**/*.test.ts", "**/*.spec.ts", "tests/**"],
+                completionCriteria: [
+                    "Test/proof artifacts relevant to the contract are updated.",
+                    "Test execution evidence is recorded.",
+                ],
+                proofNeeded: ["Run tests and record command + result output."],
+                riskyOmissions: ["Tests changed but no execution proof recorded."],
+                contractProfiles: [TEST_PROFILE],
+            };
+        case PAYMENTS_PROFILE:
+            return {
+                expectedSurfaces: ["payments", "webhooks", "tests_or_manual_proof"],
+                expectedFileAreas: ["src/**/billing/**", "src/**/payments/**", "src/**/webhooks/**"],
+                completionCriteria: [
+                    "Payments/webhook handling logic is updated in scope.",
+                    "Critical payment side effects are evidenced.",
+                    "Proof exists for payment/webhook behavior.",
+                ],
+                proofNeeded: ["Run payment/webhook verification flow and capture output."],
+                riskyOmissions: [
+                    "Webhook/payment logic changed without behavior proof.",
+                    "No idempotency/effect validation for financial flows.",
+                ],
+                contractProfiles: [PAYMENTS_PROFILE],
+            };
+        default:
+            return {
+                expectedSurfaces: ["implementation_surface", "tests_or_manual_proof"],
+                expectedFileAreas: ["**"],
+                completionCriteria: [
+                    "Files changed align with the declared contract intent.",
+                    "Proof exists for the intended behavior change.",
+                ],
+                proofNeeded: ["Run relevant tests or provide manual proof output."],
+                riskyOmissions: ["Code changed without proof linked to the declared intent."],
+                contractProfiles: [GENERIC_PROFILE],
+            };
+    }
+}
+function buildContractIntelligence(intent, createdBy) {
+    const normalizedIntent = intent?.trim() ?? "";
+    const profiles = detectProfiles(normalizedIntent);
+    const combined = profiles.map((profile) => profileBlueprint(profile));
+    const baseCompletionCriteria = unique(combined.flatMap((item) => item.completionCriteria));
+    // Inject task-specific criteria derived from the intent string
+    const parsed = (0, intent_parser_1.parseIntent)(normalizedIntent);
+    const taskCriteria = (0, intent_parser_1.buildTaskSpecificCriteria)(parsed);
+    // Prepend the first task-specific criterion (focused target), append the last (proof)
+    const firstTask = taskCriteria[0];
+    const lastTask = taskCriteria[1];
+    const completionCriteria = unique([
+        ...(firstTask ? [firstTask] : []),
+        ...baseCompletionCriteria.filter((c) => !c.toLowerCase().startsWith("proof")),
+        ...(lastTask ? [lastTask] : []),
+        ...baseCompletionCriteria.filter((c) => c.toLowerCase().startsWith("proof")),
+    ]);
+    return {
+        expectedSurfaces: unique(combined.flatMap((item) => item.expectedSurfaces)),
+        expectedFileAreas: unique(combined.flatMap((item) => item.expectedFileAreas)),
+        completionCriteria,
+        proofNeeded: unique(combined.flatMap((item) => item.proofNeeded)),
+        riskyOmissions: unique(combined.flatMap((item) => item.riskyOmissions)),
+        contractProfiles: unique(combined.flatMap((item) => item.contractProfiles)),
+        createdBy,
+    };
+}
+function fileMatchesArea(file, area) {
+    const normalizedFile = file.replaceAll("\\", "/");
+    const normalizedArea = area.replaceAll("\\", "/").trim();
+    if (!normalizedArea || normalizedArea === "**")
+        return true;
+    if (normalizedArea.endsWith("/**")) {
+        const prefix = normalizedArea.slice(0, -3);
+        return normalizedFile === prefix || normalizedFile.startsWith(`${prefix}/`);
+    }
+    // Handle **/*.ext — match any file whose name ends with the given suffix.
+    if (normalizedArea.startsWith("**/")) {
+        const suffix = normalizedArea.slice(3); // e.g. "*.test.ts"
+        if (suffix.startsWith("*")) {
+            return normalizedFile.endsWith(suffix.slice(1)); // e.g. ".test.ts"
+        }
+        const parts = normalizedFile.split("/");
+        return parts[parts.length - 1] === suffix;
+    }
+    if (normalizedArea.includes("*")) {
+        const compact = normalizedArea.replaceAll("*", "");
+        return compact.length === 0 || normalizedFile.includes(compact);
+    }
+    return normalizedFile === normalizedArea || normalizedFile.startsWith(`${normalizedArea}/`);
+}
+function mapFilesToExpectedSurfaces(changedFiles, expectedSurfaces) {
+    return changedFiles.map((file) => {
+        const lower = file.toLowerCase();
+        const mapped = [];
+        for (const surface of expectedSurfaces) {
+            if (surface === "mcp" && lower.includes("mcp"))
+                mapped.push(surface);
+            else if (surface === "rules_installation" && (lower.includes(".cursor/rules") || lower.endsWith("agentbridge.md")))
+                mapped.push(surface);
+            else if (surface === "configuration_flow" && (lower.includes("setup-mcp") || lower.includes("mcp-config") || lower.includes("config")))
+                mapped.push(surface);
+            else if (surface === "tests_or_manual_proof" && (lower.includes(".test.") || lower.includes(".spec.") || lower.includes("tests/")))
+                mapped.push(surface);
+            else if (surface === "auth" && lower.includes("auth"))
+                mapped.push(surface);
+            else if (surface === "session" && lower.includes("session"))
+                mapped.push(surface);
+            else if (surface === "database" && (lower.includes("prisma") || lower.includes("migration") || lower.includes("schema") || lower.includes("sql")))
+                mapped.push(surface);
+            else if (surface === "schema_migration" && (lower.includes("migration") || lower.includes("schema")))
+                mapped.push(surface);
+            else if (surface === "ui" && (lower.includes("component") || lower.includes("page") || lower.endsWith(".css") || lower.endsWith(".html")))
+                mapped.push(surface);
+            else if (surface === "api" && (lower.includes("route") || lower.includes("api") || lower.includes("controller")))
+                mapped.push(surface);
+            else if (surface === "endpoint_logic" && (lower.includes("route") || lower.includes("handler")))
+                mapped.push(surface);
+            else if (surface === "tests" && (lower.includes(".test.") || lower.includes(".spec.") || lower.includes("tests/")))
+                mapped.push(surface);
+            else if (surface === "payments" && (lower.includes("payment") || lower.includes("billing") || lower.includes("stripe")))
+                mapped.push(surface);
+            else if (surface === "webhooks" && lower.includes("webhook"))
+                mapped.push(surface);
+            else if (surface === "implementation_surface" && mapped.length === 0)
+                mapped.push(surface);
+        }
+        return { file, surfaces: mapped };
+    });
+}
+function criteriaStatusForMcpRules(criterion, changedFiles, proofRun, fileToSurface, parsedProof, diff) {
+    const coveredSurfaces = new Set(fileToSurface.flatMap((item) => item.surfaces));
+    if (criterion.startsWith("MCP configuration path triggers AgentBridge rule installation")) {
+        if (proofRun?.status === "passed") {
+            return {
+                criterion,
+                status: "evidence_found",
+                evidence: `Proof run passed (${proofRun.command}).`,
+            };
+        }
+        if (coveredSurfaces.has("mcp") && coveredSurfaces.has("configuration_flow")) {
+            return {
+                criterion,
+                status: "partial_evidence",
+                evidence: "Changed files touch MCP and configuration flow surfaces. Run agentbridge verify to record behavioral proof.",
+            };
+        }
+        if (coveredSurfaces.has("mcp") || coveredSurfaces.has("configuration_flow")) {
+            return {
+                criterion,
+                status: "partial_evidence",
+                evidence: "Only part of the expected MCP/configuration surfaces changed.",
+            };
+        }
+        return {
+            criterion,
+            status: "no_evidence",
+            evidence: "No MCP/configuration surface evidence found in changed files.",
+        };
+    }
+    if (criterion.startsWith("Rules are created or updated in the expected Cursor rules location")) {
+        const touchedRules = changedFiles.some((file) => file.endsWith("AGENTBRIDGE.md") || file.includes(".cursor/rules/"));
+        if (touchedRules) {
+            return {
+                criterion,
+                status: "partial_evidence",
+                evidence: "Rules file paths were directly changed. Run agentbridge verify to confirm created/updated behavior.",
+            };
+        }
+        return {
+            criterion,
+            status: "no_evidence",
+            evidence: "No direct evidence that AGENTBRIDGE.md or .cursor/rules files were created/updated.",
+        };
+    }
+    if (criterion.startsWith("Existing rules/config are preserved or safely updated")) {
+        if (proofRun?.status === "passed") {
+            return {
+                criterion,
+                status: "partial_evidence",
+                evidence: "Proof ran, but preservation safety needs explicit idempotency evidence.",
+            };
+        }
+        return {
+            criterion,
+            status: "cannot_verify",
+            evidence: "Cannot infer config preservation from file diff alone.",
+        };
+    }
+    if (criterion.startsWith("Re-running MCP configuration is idempotent")) {
+        const proofText = `${proofRun?.command ?? ""} ${proofRun?.stdoutExcerpt ?? ""}`.toLowerCase();
+        if (proofRun?.status === "passed" &&
+            (proofText.includes("idempotent") ||
+                proofText.includes("second run") ||
+                proofText.includes("re-run") ||
+                proofText.includes("again"))) {
+            return {
+                criterion,
+                status: "evidence_found",
+                evidence: "Proof output indicates repeated setup/idempotency behavior.",
+            };
+        }
+        if (proofRun?.status === "passed") {
+            return {
+                criterion,
+                status: "partial_evidence",
+                evidence: "Proof exists but does not explicitly evidence second-run/idempotency behavior.",
+            };
+        }
+        // Diff-based: guard clauses in MCP files are a structural signal for idempotency
+        const mcpGuards = diff?.files
+            .filter((f) => f.file.toLowerCase().includes("mcp"))
+            .reduce((s, f) => s + f.guard_clauses_added, 0) ?? 0;
+        if (mcpGuards > 0) {
+            return {
+                criterion,
+                status: "partial_evidence",
+                evidence: `${mcpGuards} guard clause(s) added in MCP files — likely idempotency checks. Run agentbridge verify to confirm.`,
+            };
+        }
+        return {
+            criterion,
+            status: "no_evidence",
+            evidence: "No idempotency evidence was recorded.",
+        };
+    }
+    if (criterion.startsWith("Proof exists that MCP configuration causes rules to be installed")) {
+        if (proofRun?.status === "passed") {
+            return {
+                criterion,
+                status: "evidence_found",
+                evidence: parsedProof
+                    ? (0, proof_parser_1.proofEvidenceString)(parsedProof, "mcp")
+                    : `Proof run passed (${proofRun.command}).`,
+            };
+        }
+        if (proofRun?.status === "failed") {
+            return {
+                criterion,
+                status: "no_evidence",
+                evidence: `Proof run failed (${proofRun.command}, exit ${proofRun.exitCode}).`,
+            };
+        }
+        return {
+            criterion,
+            status: "no_evidence",
+            evidence: "No proof run recorded.",
+        };
+    }
+    return {
+        criterion,
+        status: "cannot_verify",
+        evidence: "No deterministic rule available for this criterion.",
+    };
+}
+function evaluateCompletionCriteria(params) {
+    const fileToSurface = mapFilesToExpectedSurfaces(params.changedFiles, params.contract.expectedSurfaces);
+    const parsedProof = params.proofRun ? (0, proof_parser_1.parseProofOutput)(params.proofRun) : null;
+    const diff = params.diff ?? null;
+    return params.contract.completionCriteria.map((criterion) => {
+        if (params.contract.contractProfiles.includes(MCP_RULE_PROFILE)) {
+            return criteriaStatusForMcpRules(criterion, params.changedFiles, params.proofRun, fileToSurface, parsedProof, diff);
+        }
+        if (criterion.toLowerCase().includes("proof")) {
+            if (params.proofRun?.status === "passed" && parsedProof) {
+                const domain = params.contract.contractProfiles[0]?.split("_")[0] ?? null;
+                const hasCoverage = domain ? parsedProof.has_domain_coverage(domain) : true;
+                if (hasCoverage) {
+                    return {
+                        criterion,
+                        status: "evidence_found",
+                        evidence: (0, proof_parser_1.proofEvidenceString)(parsedProof, domain ?? undefined),
+                    };
+                }
+                return {
+                    criterion,
+                    status: "partial_evidence",
+                    evidence: (0, proof_parser_1.proofEvidenceString)(parsedProof, domain ?? undefined),
+                };
+            }
+            if (params.proofRun?.status === "failed") {
+                return {
+                    criterion,
+                    status: "no_evidence",
+                    evidence: `Proof run failed (${params.proofRun.command}, exit ${params.proofRun.exitCode}).`,
+                };
+            }
+            return {
+                criterion,
+                status: "no_evidence",
+                evidence: "No proof run recorded.",
+            };
+        }
+        // Diff-aware evaluation: check for guard clauses, new exports, or specific symbol changes
+        if (diff && diff.files.length > 0) {
+            const totalGuards = diff.files.reduce((s, f) => s + f.guard_clauses_added, 0);
+            const allExportsAdded = diff.files.flatMap((f) => f.exports_added.concat(f.functions_added));
+            const diffSummary = (0, diff_reader_1.summariseDiff)(diff);
+            if (criterion.toLowerCase().includes("idempotent") && totalGuards > 0) {
+                return {
+                    criterion,
+                    status: "partial_evidence",
+                    evidence: `${totalGuards} guard clause(s) added in changed files — possible idempotency checks. Run agentbridge verify to confirm. (${diffSummary})`,
+                };
+            }
+            if (criterion.toLowerCase().includes("boundar") && allExportsAdded.length > 0) {
+                return {
+                    criterion,
+                    status: "partial_evidence",
+                    evidence: `New symbol(s) exported: ${allExportsAdded.slice(0, 3).join(", ")}. Confirm callers stay within the declared domain. (${diffSummary})`,
+                };
+            }
+            // Generic diff-grounded partial evidence
+            const hasAlignedFile = params.changedFiles.some((file) => params.contract.expectedFileAreas.some((area) => fileMatchesArea(file, area)));
+            if (hasAlignedFile && diffSummary) {
+                return {
+                    criterion,
+                    status: "partial_evidence",
+                    evidence: `File changes detected: ${diffSummary}. Criterion not fully proven.`,
+                };
+            }
+        }
+        const hasAlignedFile = params.changedFiles.some((file) => params.contract.expectedFileAreas.some((area) => fileMatchesArea(file, area)));
+        if (hasAlignedFile) {
+            return {
+                criterion,
+                status: "partial_evidence",
+                evidence: "Changed files align with expected areas, but criterion is not fully proven.",
+            };
+        }
+        return {
+            criterion,
+            status: "no_evidence",
+            evidence: "No aligned changed-file evidence detected.",
+        };
+    });
+}
+function nextStepFromCriteria(evaluations, proofNeeded) {
+    const missing = evaluations.filter((item) => item.status === "no_evidence");
+    if (missing.length === 0) {
+        return "All tracked criteria are evidenced. Confirm final proof and commit when ready.";
+    }
+    // Prioritise idempotency if it is anywhere in the unproven list
+    const idempotency = missing.find((item) => item.criterion.toLowerCase().includes("idempotent"));
+    if (idempotency) {
+        return "Run setup/configuration twice in a clean repo and record output proving idempotency.";
+    }
+    const firstMissing = missing[0];
+    if (firstMissing && firstMissing.criterion.toLowerCase().includes("proof")) {
+        return proofNeeded[0] ?? "Run a relevant test/manual proof command and record output.";
+    }
+    return `${firstMissing?.criterion ?? "Missing evidence"} — capture concrete proof before closing this contract.`;
+}
+function renderLiveExpectationSummary(contract) {
+    const lines = ["AgentBridge expects evidence for:"];
+    for (const criterion of contract.completionCriteria.slice(0, 4)) {
+        lines.push(`- ${criterion}`);
+    }
+    return lines.join("\n");
+}
+function localSessionToContractIntelligence(session) {
+    if (session.completionCriteria?.length && session.contractProfiles?.length) {
+        return {
+            contractProfiles: session.contractProfiles,
+            completionCriteria: session.completionCriteria,
+            proofNeeded: session.proofNeeded ?? [],
+            riskyOmissions: session.riskyOmissions ?? [],
+            expectedSurfaces: session.expectedSurfaces ?? [],
+            expectedFileAreas: session.expectedFileAreas ?? [],
+            createdBy: session.createdBy ?? "agent_hello",
+        };
+    }
+    return buildContractIntelligence(session.intent, session.createdBy ?? "agent_hello");
+}
+function sessionNeedsContractBackfill(session) {
+    return !session.completionCriteria?.length || !session.contractProfiles?.length;
+}
+function ensureSessionContractIntelligence(session) {
+    if (!sessionNeedsContractBackfill(session)) {
+        return session;
+    }
+    const createdBy = session.createdBy ?? (session.agentId?.trim() === "local" ? "user_start" : "agent_hello");
+    const contract = buildContractIntelligence(session.intent?.trim(), createdBy);
+    const updated = {
+        ...session,
+        createdBy,
+        contractProfiles: contract.contractProfiles,
+        expectedSurfaces: contract.expectedSurfaces,
+        expectedFileAreas: contract.expectedFileAreas,
+        completionCriteria: contract.completionCriteria,
+        proofNeeded: contract.proofNeeded,
+        riskyOmissions: contract.riskyOmissions,
+    };
+    (0, session_state_1.writeSessionState)(updated);
+    return updated;
+}
+function buildProofRequiredCommands(contract) {
+    if (contract.contractProfiles.includes(MCP_RULE_PROFILE)) {
+        return [
+            "agentbridge verify npm run setup-mcp -- --local",
+            "agentbridge verify npm run setup-mcp -- --local  (run again to confirm idempotency)",
+        ];
+    }
+    if (contract.contractProfiles.includes(DB_PROFILE)) {
+        return [
+            "agentbridge verify npx prisma migrate status",
+            "agentbridge verify npm test",
+        ];
+    }
+    if (contract.contractProfiles.includes(AUTH_PROFILE) ||
+        contract.contractProfiles.includes(API_PROFILE) ||
+        contract.contractProfiles.includes(UI_PROFILE) ||
+        contract.contractProfiles.includes(TEST_PROFILE) ||
+        contract.contractProfiles.includes(PAYMENTS_PROFILE)) {
+        return ["agentbridge verify npm test"];
+    }
+    // GENERIC profile or any unrecognized combination
+    return ["agentbridge verify npm test"];
+}
+function buildLocalHelloPayload(session) {
+    const contract = localSessionToContractIntelligence(session);
+    const scopeSource = session.createdBy ?? (session.agentId?.trim() === "local" ? "user_start" : "agent_hello");
+    return {
+        contract: {
+            id: session.id,
+            intent: session.intent?.trim() ?? null,
+            created_by: scopeSource,
+        },
+        done_checklist: contract.completionCriteria.slice(0, 4),
+        proof_required: buildProofRequiredCommands(contract),
+        warnings: contract.riskyOmissions.slice(0, 2),
+    };
+}
+function renderLiveContractBanner(session) {
+    const prepared = ensureSessionContractIntelligence(session);
+    const summary = renderLiveExpectationSummary(localSessionToContractIntelligence(prepared));
+    return `\nLIVE — ${prepared.intent ?? "(no intent)"}\n${summary}\n`;
+}