@aikdna/kdna-cli 0.16.10 → 0.18.0

package/src/agent.js

@@ -16,7 +16,7 @@
  *         not treat as a fit decision; many false positives expected)
  *     The agent makes the final call using its own language understanding.
  *
- *   kdna load <name> [--as=prompt|json|raw]
+ *   kdna load <name|file.kdna> [--as=prompt|json|raw]
  *     Read the domain's Core + Patterns and emit:
  *       --as=prompt (default): compact text suitable for system-prompt
  *                              injection (axioms one-liners + stances +
@@ -30,44 +30,44 @@
  */
 
 const fs = require('fs');
-const path = require('path');
 const { parseName } = require('./registry');
 const { recordTrace } = require('./cmds/trace');
+const {
+  getInstalled,
+  listInstalled: listInstalledAssets,
+  readContainer,
+  readContainerEntry,
+  readContainerJson,
+  resolveAsset,
+} = require('./package-store');
+const { licenseDecryptOptionsForManifest } = require('./cmds/license');
 
 function detectAgent() {
   return process.env.KDNA_AGENT || 'cli';
 }
 
-const USER_KDNA_DIR = path.join(process.env.HOME || process.env.USERPROFILE || '.', '.kdna');
-const INSTALL_DIR = path.join(USER_KDNA_DIR, 'domains');
+function listInstalled() {
+  return listInstalledAssets().map((entry) => {
+    const parsed = parseName(entry.full);
+    return { ...entry, scope: parsed.scope, ident: parsed.ident };
+  });
+}
 
-function readJson(p) {
-  try {
-    return JSON.parse(fs.readFileSync(p, 'utf8'));
-  } catch {
-    return null;
-  }
+function assetLabel(asset, fallback) {
+  return asset.name || asset.parsed?.full || fallback;
 }
 
-function listInstalled() {
-  if (!fs.existsSync(INSTALL_DIR)) return [];
-  const out = [];
-  for (const scopeName of fs.readdirSync(INSTALL_DIR)) {
-    if (!scopeName.startsWith('@')) continue;
-    const scopeDir = path.join(INSTALL_DIR, scopeName);
-    try {
-      if (!fs.statSync(scopeDir).isDirectory()) continue;
-      for (const ident of fs.readdirSync(scopeDir)) {
-        if (ident.startsWith('.')) continue;
-        const dir = path.join(scopeDir, ident);
-        if (!fs.statSync(dir).isDirectory()) continue;
-        out.push({ scope: scopeName, ident, dir, full: `${scopeName}/${ident}` });
-      }
-    } catch {
-      /* skip */
-    }
-  }
-  return out;
+function traceAssetFields(asset, manifest = {}, license = null) {
+  const fields = {
+    asset_path: asset.asset_path,
+    asset_digest: asset.asset_digest || null,
+    content_digest: asset.content_digest || null,
+    version: manifest.version || asset.version || null,
+    judgment_version: manifest.judgment_version || asset.judgment_version || null,
+    access: manifest.access || asset.access || null,
+  };
+  if (license?.license_id) fields.license_id = license.license_id;
+  return fields;
 }
 
 // ─── kdna available ────────────────────────────────────────────────────
@@ -78,11 +78,9 @@ function cmdAvailable(args = []) {
 
   const out = [];
   for (const e of installed) {
-    const manifest = readJson(path.join(e.dir, 'kdna.json')) || {};
+    const { manifest = {}, core = {} } = readContainer(e.asset_path);
     if (manifest.yanked === true) continue;
 
-    const core = readJson(path.join(e.dir, 'KDNA_Core.json')) || {};
-
     // Pull applies_when across all axioms (this is what the agent needs
     // for fit-check). Collapsing per-axiom into one set makes the agent's
     // matching decision much cheaper.
@@ -110,14 +108,7 @@ function cmdAvailable(args = []) {
   }
 
   if (wantJson) {
-    const result = out.length
-      ? out
-      : {
-          count: 0,
-          domains: [],
-          note: 'No domains installed. Run: kdna install <name>   See: kdna list --available',
-        };
-    process.stdout.write(JSON.stringify(result, null, 2) + '\n');
+    process.stdout.write(JSON.stringify(out, null, 2) + '\n');
     return;
   }
 
@@ -195,12 +186,11 @@ function cmdMatch(taskText, args = []) {
   const hints = [];
 
   for (const e of installed) {
-    const manifest = readJson(path.join(e.dir, 'kdna.json')) || {};
+    const { manifest = {}, core = {} } = readContainer(e.asset_path);
     if (manifest.yanked === true) {
       dropped.push({ name: manifest.name || e.full, reason: 'yanked' });
       continue;
     }
-    const core = readJson(path.join(e.dir, 'KDNA_Core.json')) || {};
 
     // does_not_apply_when disqualification (HARD signal)
     let disqualified = null;
@@ -318,7 +308,7 @@ function cmdMatch(taskText, args = []) {
       }
     }
     console.log('');
-    console.log('To consider any of these, read its full data: kdna load <name> --as=json');
+    console.log('To consider any of these, read its full data: kdna load <name|file.kdna> --as=json');
   }
 }
 
@@ -348,34 +338,88 @@ function cmdLoad(input, args = []) {
     profileInput = args[inputIdx + 1] || null;
   }
 
-  const parsed = parseName(input);
-  if (!parsed) {
-    console.error(`Invalid name "${input}". Use @scope/name or bare name.`);
+  const asset = resolveAsset(input);
+  if (!asset) {
+    console.error(`KDNA asset not found: ${input}. Use an installed name or a .kdna file.`);
     process.exit(2);
   }
-  const dir = path.join(INSTALL_DIR, parsed.scope, parsed.ident);
-  if (!fs.existsSync(dir)) {
-    console.error(`${parsed.full} is not installed. Run: kdna install ${input}`);
-    process.exit(2);
+
+  const manifest = readContainerJson(asset.asset_path, 'kdna.json') || {};
+  const encryptedEntries = manifest.encryption?.encrypted_entries || [];
+  let decryptOptions = {};
+  let licenseActivation = null;
+  if (manifest.access === 'licensed' || encryptedEntries.length > 0) {
+    const activation = licenseDecryptOptionsForManifest(manifest);
+    if (!activation.ok) {
+      console.error(`KDNA license required for ${manifest.name || input}: ${activation.error}`);
+      console.error(`Install a license with: kdna license install <license.json>`);
+      process.exit(3);
+    }
+    decryptOptions = { decryptEntry: activation.decryptEntry };
+    licenseActivation = activation.license;
   }
 
-  const manifest = readJson(path.join(dir, 'kdna.json')) || {};
+  let container;
+  try {
+    container = readContainer(asset.asset_path, decryptOptions);
+  } catch (e) {
+    console.error(`Failed to load KDNA asset: ${e.message}`);
+    process.exit(3);
+  }
+  const parsed = asset.parsed || parseName(manifest.name || '');
+  const label = assetLabel(asset, input);
   if (manifest.yanked === true) {
-    console.error(`${parsed.full}@${manifest.version} has been yanked.`);
+    console.error(`${label}@${manifest.version} has been yanked.`);
     if (manifest.replaced_by) console.error(`Try: ${manifest.replaced_by}`);
     process.exit(2);
   }
-  const core = readJson(path.join(dir, 'KDNA_Core.json')) || {};
-  const pat = readJson(path.join(dir, 'KDNA_Patterns.json')) || {};
+
+  // ═══ Trust check before loading ═══
+  const loadWarnings = [];
+  const signature = manifest.signature;
+  const isPlaceholder = !signature || signature === '' || signature.includes('placeholder');
+  if (isPlaceholder) {
+    loadWarnings.push('⚠  Domain is unsigned — no cryptographic proof of authorship. Trust depends on source.');
+  }
+  if (manifest.status === 'deprecated') {
+    loadWarnings.push(`⚠  Domain is deprecated${manifest.replaced_by ? ', replaced by ' + manifest.replaced_by : ''}.`);
+  }
+  const riskLevel = manifest.risk_level || 'R1';
+  if (riskLevel === 'R3' || riskLevel === 'R4') {
+    loadWarnings.push(`⚠  High risk domain (${riskLevel}) — may influence agent behavior in safety-critical ways.`);
+    if (manifest.quality_badge === 'untested' || !manifest.quality_badge) {
+      loadWarnings.push('⚠  High risk + untested — load only if you trust the source and understand the risks.');
+    }
+  }
+  if (loadWarnings.length > 0) {
+    console.error(loadWarnings.join('\n'));
+  }
+  const core = container.core || {};
+  const pat = container.patterns || {};
 
   // JSON format
   if (format === 'json') {
-    process.stdout.write(JSON.stringify({ manifest, core, patterns: pat }, null, 2) + '\n');
+    process.stdout.write(JSON.stringify({
+      manifest,
+      core,
+      patterns: pat,
+      trust: {
+        signature: isPlaceholder ? 'unsigned' : 'present',
+        risk_level: riskLevel,
+        deprecated: manifest.status === 'deprecated',
+        yanked: false,
+        warnings: loadWarnings,
+        asset_digest: asset.asset_digest || null,
+        content_digest: asset.content_digest || null,
+        license_id: licenseActivation?.license_id || null,
+      },
+    }, null, 2) + '\n');
     recordTrace({
       timestamp: new Date().toISOString(),
       agent: detectAgent(),
-      domain: parsed.full,
+      domain: label,
       format: 'json',
+      asset: traceAssetFields(asset, manifest, licenseActivation),
     });
     return;
   }
@@ -383,40 +427,46 @@ function cmdLoad(input, args = []) {
   // Raw format
   if (format === 'raw') {
     for (const f of ['KDNA_Core.json', 'KDNA_Patterns.json']) {
-      const p = path.join(dir, f);
-      if (fs.existsSync(p)) {
+      const encrypted = encryptedEntries.includes(f);
+      const buf = encrypted
+        ? Buffer.from(JSON.stringify(container[f === 'KDNA_Core.json' ? 'core' : 'patterns'], null, 2))
+        : readContainerEntry(asset.asset_path, f);
+      if (buf) {
         process.stdout.write(`\n=== ${f} ===\n`);
-        process.stdout.write(fs.readFileSync(p, 'utf8'));
+        process.stdout.write(buf.toString('utf8'));
       }
     }
     recordTrace({
       timestamp: new Date().toISOString(),
       agent: detectAgent(),
-      domain: parsed.full,
+      domain: label,
       format: 'raw',
+      asset: traceAssetFields(asset, manifest, licenseActivation),
     });
     return;
   }
 
   // Load profiles
   if (profile) {
-    emitProfile(parsed, manifest, core, pat, profile, profileInput);
+    emitProfile(parsed || { full: label }, manifest, core, pat, profile, profileInput);
     recordTrace({
       timestamp: new Date().toISOString(),
       agent: detectAgent(),
-      domain: parsed.full,
+      domain: label,
       format: `profile:${profile}`,
+      asset: traceAssetFields(asset, manifest, licenseActivation),
     });
     return;
   }
 
   // Default: --as=prompt — compact text optimized for system-prompt injection.
-  emitCompact(parsed, manifest, core, pat);
+  emitCompact(parsed || { full: label }, manifest, core, pat);
   recordTrace({
     timestamp: new Date().toISOString(),
     agent: detectAgent(),
-    domain: parsed.full,
+    domain: label,
     format: 'prompt',
+    asset: traceAssetFields(asset, manifest, licenseActivation),
   });
 }
 
@@ -429,6 +479,7 @@ function emitProfile(parsed, manifest, core, pat, profile, input) {
   lines.push('');
 
   const axioms = core.axioms || [];
+  emitRequiredOutput(lines, manifest, core, pat);
 
   switch (profile) {
     case 'index':
@@ -514,11 +565,11 @@ function emitProfile(parsed, manifest, core, pat, profile, input) {
     }
 
     if (pat.terminology?.banned_terms?.length) {
-      lines.push('## Banned terms');
+      lines.push('## MUST NOT SAY');
       for (const t of pat.terminology.banned_terms) {
         const term = typeof t === 'string' ? t : t.term;
         const replace = typeof t === 'object' ? t.replace_with : null;
-        lines.push(`- "${term}"${replace ? ` → use: ${replace}` : ''}`);
+        lines.push(`- "${term}"${replace ? ` -> use: ${replace}` : ''}`);
       }
       lines.push('');
     }
@@ -557,8 +608,11 @@ function emitCompact(parsed, manifest, core, pat) {
   if (manifest.core_insight) lines.push(`# core insight: ${manifest.core_insight}`);
   lines.push('');
 
+  emitRequiredOutput(lines, manifest, core, pat);
+
   if (core.axioms?.length) {
-    lines.push('## Axioms (reason from these)');
+    lines.push('## JUDGMENT GUIDANCE');
+    lines.push('### Axioms (reason from these)');
     for (const a of core.axioms) {
       lines.push(`- ${a.one_sentence}`);
       if (a.applies_when?.length) {
@@ -573,7 +627,7 @@ function emitCompact(parsed, manifest, core, pat) {
   }
 
   if (core.stances?.length) {
-    lines.push('## Stances');
+    lines.push('### Stances');
     for (const s of core.stances) {
       const text = typeof s === 'string' ? s : s.stance;
       if (text) lines.push(`- ${text}`);
@@ -582,17 +636,18 @@ function emitCompact(parsed, manifest, core, pat) {
   }
 
   if (pat.terminology?.banned_terms?.length) {
-    lines.push('## Banned terms (do not use even if user uses them)');
+    lines.push('## MUST NOT SAY');
     for (const t of pat.terminology.banned_terms) {
       const term = typeof t === 'string' ? t : t.term;
       const replace = typeof t === 'object' ? t.replace_with : null;
-      lines.push(`- "${term}"${replace ? ` → use: ${replace}` : ''}`);
+      lines.push(`- "${term}"${replace ? ` -> use: ${replace}` : ''}`);
     }
     lines.push('');
   }
 
   if (pat.misunderstandings?.length) {
-    lines.push('## Misunderstandings to detect and avoid');
+    if (!core.axioms?.length) lines.push('## JUDGMENT GUIDANCE');
+    lines.push('### Misunderstandings to detect and avoid');
     for (const m of pat.misunderstandings) {
       lines.push(`- WRONG: ${m.wrong}`);
       lines.push(`  CORRECT: ${m.correct}`);
@@ -602,7 +657,8 @@ function emitCompact(parsed, manifest, core, pat) {
   }
 
   if (pat.self_check?.length) {
-    lines.push('## Self-checks (answer before final output)');
+    lines.push('## SELF-CHECK');
+    lines.push('Answer before final output.');
     for (const q of pat.self_check) {
       const text = typeof q === 'string' ? q : q.question;
       if (text) lines.push(`- ${text}`);
@@ -617,6 +673,37 @@ function emitCompact(parsed, manifest, core, pat) {
   process.stdout.write(lines.join('\n') + '\n');
 }
 
+function emitRequiredOutput(lines, manifest, core, pat) {
+  const required = uniqueStrings([
+    ...asStringArray(manifest.required_output),
+    ...asStringArray(manifest.must_include),
+    ...asStringArray(core.required_output),
+    ...asStringArray(core.must_include),
+    ...asStringArray(pat.required_output),
+    ...asStringArray(pat.must_include),
+    ...asStringArray(pat.output_constraints?.required_output),
+    ...asStringArray(pat.output_constraints?.must_include),
+  ]);
+
+  if (!required.length) return;
+
+  lines.push('## REQUIRED OUTPUT');
+  lines.push('Include these statements when they are relevant to the user request.');
+  for (const item of required) lines.push(`- ${item}`);
+  lines.push('');
+}
+
+function asStringArray(value) {
+  if (!value) return [];
+  if (typeof value === 'string') return [value];
+  if (!Array.isArray(value)) return [];
+  return value.filter((item) => typeof item === 'string' && item.trim()).map((item) => item.trim());
+}
+
+function uniqueStrings(items) {
+  return Array.from(new Set(items.map((item) => item.trim()).filter(Boolean)));
+}
+
 // ─── kdna select ───────────────────────────────────────────────────────
 
 function cmdSelect(args = []) {
@@ -642,9 +729,8 @@ function cmdSelect(args = []) {
   const scores = [];
 
   for (const e of installed) {
-    const manifest = readJson(path.join(e.dir, 'kdna.json')) || {};
+    const { manifest = {}, core = {} } = readContainer(e.asset_path);
     if (manifest.yanked === true) continue;
-    const core = readJson(path.join(e.dir, 'KDNA_Core.json')) || {};
 
     // Check does_not_apply_when hard exclusion
     let excluded = false;
@@ -742,14 +828,15 @@ function cmdPostvalidate(args = []) {
     console.error(`Invalid name "${input}".`);
     process.exit(2);
   }
-  const dir = path.join(INSTALL_DIR, parsed.scope, parsed.ident);
-  if (!fs.existsSync(dir)) {
+  const installed = getInstalled(parsed.full);
+  if (!installed) {
     console.error(`${parsed.full} is not installed.`);
     process.exit(2);
   }
 
-  const core = readJson(path.join(dir, 'KDNA_Core.json')) || {};
-  const pat = readJson(path.join(dir, 'KDNA_Patterns.json')) || {};
+  const container = readContainer(installed.asset_path);
+  const core = container.core || {};
+  const pat = container.patterns || {};
 
   // Read agent output
   let agentOutput = '';
@@ -910,4 +997,327 @@ function cmdPostvalidate(args = []) {
   process.exit(results.violations.length ? 1 : 0);
 }
 
-module.exports = { cmdAvailable, cmdMatch, cmdLoad, cmdSelect, cmdPostvalidate };
+// ─── kdna route ─────────────────────────────────────────────────────────
+
+function cmdRoute(taskText, args = []) {
+  const wantJson = args.includes('--json');
+
+  if (!taskText) {
+    const err = { error: 'Usage: kdna route "<task description>" [--json] [--discover]' };
+    if (wantJson) { console.log(JSON.stringify(err)); process.exit(2); }
+    console.error(err.error);
+    process.exit(2);
+  }
+
+  const traceId = `route_${require('crypto').randomUUID()}`;
+  const taskTokens = tokenize(taskText);
+  const installed = listInstalled();
+  const result = {
+    status: 'SKIP_NO_JUDGMENT_NEEDED',
+    action: 'skip',
+    needs_kdna: false,
+    selected_domain: null,
+    reason: '',
+    confidence: 0,
+    candidates: [],
+    rejected_domains: [],
+    trust: null,
+    ambiguity: null,
+    registry_suggestions: [],
+    auto_install: false,
+    trace_id: traceId,
+    created_at: new Date().toISOString(),
+  };
+
+  // ═══ Gate 1: Intent — does this task need domain judgment? ═══
+  const judgmentKeywords = [
+    'review', 'diagnose', 'critique', 'evaluate', 'assess', 'judge',
+    'should i', 'is this good', 'is this correct', 'how would you rate',
+    '分析', '诊断', '评估', '判断', '审查', '该怎么', '好不好',
+  ];
+  const mechanicalKeywords = [
+    'format', 'translate', 'convert', 'list', 'find', 'lookup', 'search',
+    'run', 'execute', 'compile', 'build', 'fix syntax', 'fix the bug',
+    '格式化', '翻译', '转换', '列出', '查找', '搜索', '运行', '执行', '编译', '修复语法',
+  ];
+
+  const taskLower = taskText.toLowerCase();
+  const hasJudgmentSignal = judgmentKeywords.some(k => taskLower.includes(k));
+  const hasMechanicalSignal = mechanicalKeywords.some(k => taskLower.includes(k));
+
+  result.needs_kdna = hasJudgmentSignal && !hasMechanicalSignal;
+
+  if (!result.needs_kdna) {
+    result.status = 'SKIP_NO_JUDGMENT_NEEDED';
+    result.action = 'skip';
+    result.reason = hasMechanicalSignal
+      ? 'task is mechanical — no domain judgment required'
+      : 'task does not appear to need domain judgment';
+    if (wantJson) { console.log(JSON.stringify(result, null, 2)); return; }
+    console.log('SKIP (no judgment needed)');
+    return;
+  }
+
+  if (!installed.length) {
+    result.status = 'SKIP_NO_LOCAL_DOMAIN';
+    result.action = 'skip';
+    result.reason = 'task may benefit from judgment, but no KDNA domains are installed';
+    if (wantJson) { console.log(JSON.stringify(result, null, 2)); return; }
+    console.log('SKIP (no domains installed)');
+    return;
+  }
+
+  // ═══ Gate 2: Negative Match First — check does_not_apply_when ═══
+  // ═══ Gate 3: Domain Fit — evaluate applies_when + relevance ═══
+  const candidates = [];
+
+  for (const e of installed) {
+    const { manifest = {}, core = {} } = readContainer(e.asset_path);
+    if (manifest.yanked === true) {
+      result.rejected_domains.push({
+        domain: manifest.name || e.full,
+        triggered_rule: 'yanked',
+        reason: 'domain has been yanked',
+      });
+      continue;
+    }
+
+    // Negative match: does_not_apply_when
+    let disqualified = null;
+    for (const a of core.axioms || []) {
+      for (const d of a.does_not_apply_when || []) {
+        const score = overlapScore(taskTokens, d);
+        if (score.hits >= 2) {
+          disqualified = { axiom: a.id, text: d, hits: score.hits };
+          break;
+        }
+      }
+      if (disqualified) break;
+    }
+
+    if (disqualified) {
+      result.rejected_domains.push({
+        domain: manifest.name || e.full,
+        triggered_rule: `${disqualified.axiom}.does_not_apply_when`,
+        reason: `"${disqualified.text.slice(0, 100)}"`,
+      });
+      continue;
+    }
+
+    // Positive fit: applies_when + domain relevance
+    let fitScore = 0;
+    const fitReasons = [];
+
+    for (const a of core.axioms || []) {
+      for (const ap of a.applies_when || []) {
+        const score = overlapScore(taskTokens, ap);
+        if (score.hits >= 2) {
+          fitScore += score.hits * 3;
+          fitReasons.push({ source: a.id, hits: score.hits, text: ap.slice(0, 120) });
+        }
+      }
+    }
+    fitScore += domainRelevanceScore(taskTokens, manifest);
+
+    // Confidence based on fitScore normalized
+    const confidence = Math.min(0.95, fitScore > 0 ? 0.5 + fitScore * 0.05 : 0.15);
+
+    candidates.push({
+      domain: manifest.name || e.full,
+      version: manifest.version || '?',
+      status: manifest.status || 'experimental',
+      score: fitScore,
+      confidence,
+      reasons: fitReasons.slice(0, 5),
+      description: manifest.description || '',
+    });
+  }
+
+  // Sort by score
+  candidates.sort((a, b) => b.score - a.score);
+
+  // ═══ Gate 4: Decision ═══
+  const strongCandidates = candidates.filter(c => c.score >= 6);
+  const weakCandidates = candidates.filter(c => c.score > 0 && c.score < 6);
+
+  if (strongCandidates.length === 0 && weakCandidates.length === 0) {
+    // No matches at all
+    result.status = 'SKIP_NO_LOCAL_DOMAIN';
+    result.action = 'skip';
+    result.reason = 'no installed domain matches this task';
+    if (result.rejected_domains.length > 0) {
+      result.reason += ` (${result.rejected_domains.length} domains explicitly excluded by does_not_apply_when)`;
+    }
+    result.candidates = candidates.map(c => ({
+      domain: c.domain,
+      decision: 'rejected',
+      reason: 'insufficient match score',
+      confidence: c.confidence,
+    }));
+  } else if (strongCandidates.length > 1) {
+    // Multiple strong matches — ambiguity
+    result.status = 'ASK_AMBIGUOUS_DOMAIN';
+    result.action = 'ask';
+    result.reason = `${strongCandidates.length} domains strongly match this task with different judgment frames`;
+
+    result.ambiguity = {
+      domains: strongCandidates.slice(0, 3).map(c => ({
+        domain: c.domain,
+        description: c.description,
+        judgment_frame: c.reasons.length > 0 ? c.reasons[0].text : c.description,
+        risk_if_wrong: `may misclassify the task as a ${c.domain.split('/').pop()} problem`,
+      })),
+      recommendation: 'Choose the domain whose judgment frame best matches the task intent. Do not blend domains.',
+    };
+
+    result.candidates = strongCandidates.map(c => ({
+      domain: c.domain, decision: 'ambiguous', reason: `score ${c.score}`, confidence: c.confidence,
+    }));
+  } else if (strongCandidates.length === 1) {
+    // One strong match + possible weak matches
+    const selected = strongCandidates[0];
+    result.candidates = [
+      { domain: selected.domain, decision: 'strong_match', reason: `score ${selected.score}`, confidence: selected.confidence },
+      ...weakCandidates.map(c => ({ domain: c.domain, decision: 'weak_match', reason: `score ${c.score}`, confidence: c.confidence })),
+    ];
+
+    // ═══ Trust Gate ═══
+    const trust = checkTrust(selected.domain);
+    result.trust = trust;
+
+    if (!trust.passed) {
+      result.status = 'BLOCK_TRUST_FAILED';
+      result.action = 'block';
+      result.reason = `domain matched but trust check failed: ${trust.failures.join(', ')}`;
+    } else {
+      result.status = 'LOAD_STRONG_FIT';
+      result.action = 'load';
+      result.selected_domain = selected.domain;
+      result.confidence = selected.confidence;
+      result.reason = `match: "${selected.description.slice(0, 100)}"`;
+    }
+  } else {
+    // Only weak matches — skip
+    result.status = 'SKIP_WEAK_FIT';
+    result.action = 'skip';
+    result.reason = weakCandidates.length > 0
+      ? `${weakCandidates.length} domain(s) have weak match only — skipping to avoid contamination`
+      : 'no installed domain matches this task';
+    result.candidates = weakCandidates.map(c => ({
+      domain: c.domain, decision: 'weak_match', reason: `score ${c.score}`, confidence: c.confidence,
+    }));
+  }
+
+  // Add rejected domains to candidates array for full trace
+  for (const r of result.rejected_domains) {
+    result.candidates.push({
+      domain: r.domain,
+      decision: 'rejected',
+      reason: r.reason,
+      confidence: 0,
+      matched_does_not_apply_when: r.triggered_rule,
+    });
+  }
+
+  if (wantJson) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+
+  // Human output
+  console.log(`Task: ${taskText.slice(0, 100)}${taskText.length > 100 ? '…' : ''}`);
+  console.log(`Route: ${result.status} → ${result.action}`);
+  if (result.reason) console.log(`Reason: ${result.reason}`);
+  if (result.selected_domain) console.log(`Domain: ${result.selected_domain}`);
+  if (result.rejected_domains.length) {
+    console.log(`Rejected: ${result.rejected_domains.map(r => r.domain).join(', ')}`);
+  }
+}
+
+function checkTrust(domainName) {
+  const failures = [];
+  const warnings = [];
+  const entry = getInstalled(domainName);
+  if (!entry) {
+    failures.push('domain asset not found in package index');
+    return { passed: false, failures, warnings };
+  }
+
+  const { manifest = {}, core = {}, evolution = {} } = readContainer(entry.asset_path);
+
+  // 1. Yank check
+  if (manifest.yanked === true) {
+    failures.push('domain is yanked');
+  }
+
+  // 2. Deprecation check
+  if (manifest.status === 'deprecated') {
+    warnings.push(`domain is deprecated${manifest.replaced_by ? ', replaced by ' + manifest.replaced_by : ''}`);
+  }
+
+  // 3. Signature check
+  const signature = manifest.signature;
+  const isPlaceholder = !signature || signature === '' || signature.includes('placeholder');
+  if (manifest.access === 'licensed' || manifest.access === 'runtime') {
+    if (isPlaceholder) {
+      failures.push('commercial domain has no valid signature');
+    }
+  } else if (isPlaceholder) {
+    warnings.push('domain is unsigned — trust depends on source');
+  }
+
+  // 4. Risk level check
+  const riskLevel = manifest.risk_level || entry.risk_level || 'R1';
+  const riskMap = { R0: 0, R1: 1, R2: 2, R3: 3, R4: 4 };
+  const riskNum = riskMap[riskLevel] || 1;
+  if (riskNum >= 3) {
+    warnings.push(`domain risk level is ${riskLevel} — high-risk judgment may influence agent behavior`);
+  }
+  if (riskNum >= 2 && (manifest.quality_badge === 'untested' || !manifest.quality_badge)) {
+    warnings.push(`risk level ${riskLevel} with quality_badge '${manifest.quality_badge || 'none'}' — consider requiring review`);
+  }
+
+  // 5. SPEC compatibility check
+  const specVersion = manifest.spec_version || manifest.kdna_spec || 'unknown';
+  const supportedSpecs = ['1.0-rc', '1.0', '0.7'];
+  if (!supportedSpecs.includes(specVersion)) {
+    warnings.push(`SPEC version '${specVersion}' may not be fully compatible with current loader`);
+  }
+
+  // 6. License validity (commercial domains)
+  if (manifest.access === 'licensed' || manifest.access === 'runtime') {
+    const licenseCheck = licenseDecryptOptionsForManifest({ ...manifest, name: domainName });
+    if (!licenseCheck.ok) {
+      warnings.push(
+        'commercial domain has no active entitlement — run: kdna license activate ' +
+        domainName +
+        ' --key <license-key> --server <url>'
+      );
+    }
+  }
+
+  // 7. Human Lock check (judgment-class cards)
+  const axioms = core.axioms || [];
+  const hasJudgmentCards = axioms.length > 0;
+  if (hasJudgmentCards) {
+    const humanLocks = evolution.human_locks || [];
+    const lockedAxioms = axioms.filter(a => {
+      // Check if axiom has a human_lock field OR if an evolution lock covers it
+      return a.human_lock || humanLocks.some(hl => hl.lock_type === 'accept');
+    }).length;
+    if (lockedAxioms === 0 && humanLocks.length === 0) {
+      warnings.push('domain has no Human Lock records — judgment-class content may not be human-verified');
+    }
+  }
+
+  return {
+    passed: failures.length === 0,
+    failures,
+    warnings,
+    riskLevel,
+    specVersion,
+    signatureValid: !isPlaceholder,
+  };
+}
+
+module.exports = { cmdAvailable, cmdMatch, cmdLoad, cmdSelect, cmdPostvalidate, cmdRoute, checkTrust };