@algosuite/vo-mcp 0.1.0

package/dist/index.js

@@ -0,0 +1,4968 @@
+import { createRequire as __cr } from 'module'; const require = __cr(import.meta.url);
+
+// src/server.ts
+import { randomUUID as randomUUID2 } from "node:crypto";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+
+// src/tools/common.ts
+import { createHash as createHash2, randomUUID } from "node:crypto";
+import { readFileSync as readFileSync4 } from "node:fs";
+import { dirname as dirname3, join as join4 } from "node:path";
+import { fileURLToPath as fileURLToPath2 } from "node:url";
+import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
+
+// src/logging/events-writer.ts
+import {
+  appendFileSync,
+  chmodSync,
+  mkdirSync,
+  readdirSync as readdirSync2,
+  readFileSync as readFileSync3,
+  statSync as statSync2,
+  unlinkSync,
+  writeFileSync
+} from "node:fs";
+import { homedir as homedir2 } from "node:os";
+import { basename, dirname as dirname2, join as join3 } from "node:path";
+import { gzipSync } from "node:zlib";
+
+// ../vo-arch-defaults/src/schema/rule-v1.ts
+import { z } from "zod";
+var EvidenceMatcherKind = z.enum([
+  "regex",
+  "import-detector",
+  "package-json-field",
+  "file-size",
+  "ast-pattern",
+  "custom"
+]);
+var EvidenceMatcher = z.object({
+  kind: EvidenceMatcherKind,
+  pattern: z.string().optional(),
+  config: z.record(z.string(), z.unknown()).optional(),
+  description: z.string().min(1)
+}).strict().refine(
+  (m) => m.kind !== "regex" || typeof m.pattern === "string" && m.pattern.length > 0,
+  { message: "regex matcher requires non-empty pattern" }
+);
+var ChangeType = z.enum(["new-file", "edit", "delete", "rename", "any"]);
+var AppliesWhen = z.object({
+  stack: z.array(z.string().min(1)).optional(),
+  change_types: z.array(ChangeType).optional(),
+  file_globs: z.array(z.string().min(1)).optional(),
+  not_file_globs: z.array(z.string().min(1)).optional()
+}).strict();
+var Reference = z.object({
+  type: z.enum(["framework-doc", "internal-doc", "pr", "incident", "external"]),
+  url: z.string().min(1),
+  description: z.string().min(1)
+}).strict();
+var IsoDate = z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "last_verified must be ISO date YYYY-MM-DD").refine((s) => {
+  const d = /* @__PURE__ */ new Date(s + "T00:00:00Z");
+  return !Number.isNaN(d.getTime()) && d.toISOString().startsWith(s);
+}, "last_verified must be a real calendar date");
+var RuleId = z.string().regex(/^[a-z][a-z0-9-]*\/[a-z][a-z0-9-]*$/, {
+  message: "rule_id must be `<category>/<kebab-name>`"
+});
+var ArchitecturalDefaultRuleSchema = z.object({
+  schema_version: z.literal(1),
+  rule_id: RuleId,
+  rule_version: z.number().int().positive(),
+  category: z.string().min(1),
+  severity: z.enum(["blocker", "warning", "info"]),
+  title: z.string().min(1),
+  rationale: z.string().min(1),
+  applies_when: AppliesWhen,
+  evidence_of_violation: z.array(EvidenceMatcher).min(1, {
+    message: "rule must declare at least one evidence matcher"
+  }),
+  remediation: z.string().min(1),
+  references: z.array(Reference),
+  last_verified: IsoDate,
+  tags: z.array(z.string().min(1))
+}).strict();
+function parseRule(input) {
+  return ArchitecturalDefaultRuleSchema.parse(input);
+}
+
+// ../vo-arch-defaults/src/schema/override-v1.ts
+import { z as z2 } from "zod";
+var PartialRuleSchema = ArchitecturalDefaultRuleSchema.partial();
+var TenantOverrideSchema = z2.object({
+  schema_version: z2.literal(1),
+  suppressed_rule_ids: z2.array(z2.string().min(1)),
+  modified_rules: z2.record(z2.string().min(1), PartialRuleSchema),
+  added_rules: z2.array(ArchitecturalDefaultRuleSchema),
+  /**
+   * Per-tenant stack override (added 2026-05-24 — audit HIGH
+   * "DEFAULT_STACK hardcoded for Nexus repo"). When set, downstream
+   * consumers (vo-mcp KB pre-filter, vo-arch-check CLI) use this list
+   * instead of their built-in default. Lets external tenants whose
+   * repo isn't `firebase+react+pnpm` get useful KB rule matches by
+   * dropping a `~/.claude/vo-arch-defaults.local.json` with their own
+   * stack identifiers — no code change required.
+   *
+   * Open string union — values are not constrained beyond non-empty
+   * strings so out-of-tree tenants can declare their own
+   * (e.g. `vercel-edge`, `next-15`, `drizzle-postgres`).
+   *
+   * Optional. Undefined / omitted preserves pre-2026-05-24 behavior
+   * (consumer falls back to its hardcoded default stack).
+   */
+  tenant_stack: z2.array(z2.string().min(1)).optional()
+}).strict();
+function parseOverride(input) {
+  return TenantOverrideSchema.parse(input);
+}
+
+// ../vo-arch-defaults/src/storage/load-bundled.ts
+import { readdirSync, readFileSync, statSync, existsSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+function resolveBundledCorpusDir() {
+  const here = dirname(fileURLToPath(import.meta.url));
+  const candidates = [
+    join(here, "..", "corpus"),
+    // dist/corpus next to dist/storage
+    join(here, "..", "..", "corpus")
+    // src/corpus next to src/storage (under vitest)
+  ];
+  for (const c of candidates) {
+    if (existsSync(c) && statSync(c).isDirectory()) return c;
+  }
+  throw new Error(
+    `vo-arch-defaults: could not locate bundled corpus directory. Tried: ${candidates.join(", ")}`
+  );
+}
+function walkJson(dir, out) {
+  for (const entry of readdirSync(dir)) {
+    const full = join(dir, entry);
+    const st = statSync(full);
+    if (st.isDirectory()) {
+      walkJson(full, out);
+    } else if (entry.endsWith(".json")) {
+      out.push(full);
+    }
+  }
+}
+function loadBundledCorpus(opts = {}) {
+  const dir = opts.corpusDir ?? resolveBundledCorpusDir();
+  const files = [];
+  walkJson(dir, files);
+  files.sort();
+  const rules = [];
+  const seenIds = /* @__PURE__ */ new Set();
+  for (const file of files) {
+    const raw = readFileSync(file, "utf8");
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch (err) {
+      const m = err instanceof Error ? err.message : String(err);
+      throw new Error(`vo-arch-defaults: invalid JSON in ${file}: ${m}`, { cause: err });
+    }
+    try {
+      const rule = parseRule(parsed);
+      if (seenIds.has(rule.rule_id)) {
+        throw new Error(
+          `vo-arch-defaults: duplicate rule_id '${rule.rule_id}' (second occurrence in ${file})`
+        );
+      }
+      seenIds.add(rule.rule_id);
+      rules.push(rule);
+    } catch (err) {
+      const m = err instanceof Error ? err.message : String(err);
+      throw new Error(`vo-arch-defaults: schema validation failed for ${file}: ${m}`, { cause: err });
+    }
+  }
+  return { rules, source_paths: files };
+}
+
+// ../vo-arch-defaults/src/storage/load-override.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "node:fs";
+import { homedir } from "node:os";
+import { join as join2 } from "node:path";
+function defaultOverridePath() {
+  return join2(homedir(), ".claude", "vo-arch-defaults.local.json");
+}
+function loadTenantOverride(opts = {}) {
+  const path3 = opts.path ?? defaultOverridePath();
+  if (!existsSync2(path3)) {
+    return { override: null, source_path: null };
+  }
+  const raw = readFileSync2(path3, "utf8");
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (err) {
+    const m = err instanceof Error ? err.message : String(err);
+    throw new Error(`vo-arch-defaults: invalid JSON in override ${path3}: ${m}`, { cause: err });
+  }
+  try {
+    const override = parseOverride(parsed);
+    return { override, source_path: path3 };
+  } catch (err) {
+    const m = err instanceof Error ? err.message : String(err);
+    throw new Error(`vo-arch-defaults: override schema validation failed for ${path3}: ${m}`, { cause: err });
+  }
+}
+
+// ../vo-arch-defaults/src/storage/merge.ts
+var IMMUTABLE_FIELDS = [
+  "schema_version",
+  "rule_id"
+];
+function applyModification(base, patch) {
+  const cleanPatch = { ...patch };
+  for (const k of IMMUTABLE_FIELDS) {
+    delete cleanPatch[k];
+  }
+  return { ...base, ...cleanPatch };
+}
+function mergeCorpusWithOverride(bundled, override) {
+  if (override === null) {
+    return {
+      rules: bundled,
+      suppressed_count: 0,
+      modified_count: 0,
+      added_count: 0
+    };
+  }
+  const suppressed = new Set(override.suppressed_rule_ids);
+  let suppressedCount = 0;
+  let modifiedCount = 0;
+  const afterFilter = [];
+  for (const rule of bundled) {
+    if (suppressed.has(rule.rule_id)) {
+      suppressedCount += 1;
+      continue;
+    }
+    const patch = override.modified_rules[rule.rule_id];
+    if (patch !== void 0) {
+      afterFilter.push(applyModification(rule, patch));
+      modifiedCount += 1;
+    } else {
+      afterFilter.push(rule);
+    }
+  }
+  const byId = new Map(
+    afterFilter.map((r) => [r.rule_id, r])
+  );
+  let addedCount = 0;
+  for (const rule of override.added_rules) {
+    if (suppressed.has(rule.rule_id)) {
+      continue;
+    }
+    byId.set(rule.rule_id, rule);
+    addedCount += 1;
+  }
+  return {
+    rules: Array.from(byId.values()),
+    suppressed_count: suppressedCount,
+    modified_count: modifiedCount,
+    added_count: addedCount
+  };
+}
+
+// ../vo-arch-defaults/src/query/applies-to-stack.ts
+function appliesToStack(rule, stacks) {
+  const required = rule.applies_when.stack;
+  if (!required || required.length === 0) return true;
+  if (stacks.length === 0) return false;
+  const want = new Set(required);
+  for (const s of stacks) {
+    if (want.has(s)) return true;
+  }
+  return false;
+}
+
+// ../vo-arch-defaults/src/query/applies-to-change.ts
+function appliesToChangeType(rule, changeType) {
+  const required = rule.applies_when.change_types;
+  if (!required || required.length === 0) return true;
+  if (required.includes("any")) return true;
+  if (changeType === "any") return true;
+  return required.includes(changeType);
+}
+
+// ../vo-arch-defaults/src/query/glob.ts
+var REGEX_META = /[.+^${}()|[\]\\]/g;
+function globToRegExp(glob) {
+  let out = "";
+  let i = 0;
+  while (i < glob.length) {
+    const c = glob[i] ?? "";
+    if (c === "*") {
+      const next = glob[i + 1];
+      if (next === "*") {
+        const after = glob[i + 2];
+        if (after === "/") {
+          out += "(?:.*/)?";
+          i += 3;
+        } else {
+          out += ".*";
+          i += 2;
+        }
+      } else {
+        out += "[^/]*";
+        i += 1;
+      }
+    } else if (c === "?") {
+      out += "[^/]";
+      i += 1;
+    } else if (c === "{") {
+      const closeIdx = glob.indexOf("}", i + 1);
+      if (closeIdx < 0) {
+        out += "\\{";
+        i += 1;
+      } else {
+        const inner = glob.slice(i + 1, closeIdx);
+        if (inner.length === 0) {
+          i = closeIdx + 1;
+        } else {
+          const opts = inner.split(",");
+          const escapedOpts = opts.map((o) => o.replace(REGEX_META, "\\$&"));
+          out += "(?:" + escapedOpts.join("|") + ")";
+          i = closeIdx + 1;
+        }
+      }
+    } else {
+      out += c.replace(REGEX_META, "\\$&");
+      i += 1;
+    }
+  }
+  return new RegExp("^" + out + "$");
+}
+function matchesAnyGlob(path3, globs) {
+  for (const g of globs) {
+    if (globToRegExp(g).test(path3)) return true;
+  }
+  return false;
+}
+
+// ../vo-arch-defaults/src/query/applies-to-files.ts
+function appliesToFiles(rule, filePaths) {
+  const include = rule.applies_when.file_globs;
+  const exclude = rule.applies_when.not_file_globs;
+  const noInclude = !include || include.length === 0;
+  const noExclude = !exclude || exclude.length === 0;
+  if (noInclude && noExclude) return true;
+  if (filePaths.length === 0) {
+    return noInclude;
+  }
+  for (const p of filePaths) {
+    const isIncluded = noInclude || include !== void 0 && matchesAnyGlob(p, include);
+    if (!isIncluded) continue;
+    const isExcluded = !noExclude && exclude !== void 0 && matchesAnyGlob(p, exclude);
+    if (isExcluded) continue;
+    return true;
+  }
+  return false;
+}
+
+// ../vo-arch-defaults/src/analyze/diff-parser.ts
+function stripPathPrefix(p) {
+  if (p.startsWith("a/") || p.startsWith("b/")) return p.slice(2);
+  return p;
+}
+function parseUnifiedDiff(text) {
+  const lines = text.split(/\r?\n/);
+  const files = [];
+  let current = null;
+  let newLine = 0;
+  for (let i = 0; i < lines.length; i++) {
+    const raw = lines[i] ?? "";
+    if (raw.startsWith("diff --git ")) {
+      const m = /^diff --git (\S+) (\S+)$/.exec(raw);
+      if (m && m[1] && m[2]) {
+        current = {
+          path: stripPathPrefix(m[2]),
+          previous_path: stripPathPrefix(m[1]),
+          change_type: "edit",
+          // refined as we see new file mode / deleted file mode / rename
+          added_lines: []
+        };
+        if (current.previous_path === current.path) current.previous_path = null;
+        files.push(current);
+      }
+      newLine = 0;
+      continue;
+    }
+    if (!current) continue;
+    if (raw.startsWith("new file mode ")) {
+      current.change_type = "new-file";
+      continue;
+    }
+    if (raw.startsWith("deleted file mode ")) {
+      current.change_type = "delete";
+      continue;
+    }
+    if (raw.startsWith("rename from ")) {
+      current.previous_path = raw.slice("rename from ".length).trim();
+      current.change_type = "rename";
+      continue;
+    }
+    if (raw.startsWith("rename to ")) {
+      current.path = raw.slice("rename to ".length).trim();
+      current.change_type = "rename";
+      continue;
+    }
+    const hunk = /^@@ -\d+(?:,\d+)? \+(\d+)(?:,\d+)? @@/.exec(raw);
+    if (hunk && hunk[1]) {
+      newLine = parseInt(hunk[1], 10);
+      continue;
+    }
+    if (raw.startsWith("+++") || raw.startsWith("---")) {
+      continue;
+    }
+    if (raw.startsWith("+") && !raw.startsWith("+++")) {
+      current.added_lines.push({ line: newLine, text: raw.slice(1) });
+      newLine += 1;
+      continue;
+    }
+    if (raw.startsWith("-") && !raw.startsWith("---")) {
+      continue;
+    }
+    if (raw.startsWith("\\")) {
+      continue;
+    }
+    if (newLine > 0) newLine += 1;
+  }
+  return { files };
+}
+
+// ../vo-arch-defaults/src/analyze/evidence-matchers/regex-matcher.ts
+var MAX_EXCERPT = 200;
+function sanitizeLine(s) {
+  let out = s.replace(/^\s+/, "");
+  if (out.length > MAX_EXCERPT) out = out.slice(0, MAX_EXCERPT) + "\u2026";
+  return out;
+}
+function runRegexMatcher(matcher, file) {
+  if (matcher.kind !== "regex" || !matcher.pattern) return [];
+  let re;
+  try {
+    re = new RegExp(matcher.pattern);
+  } catch {
+    return [];
+  }
+  const hits = [];
+  for (const { line, text } of file.added_lines) {
+    if (re.test(text)) {
+      hits.push({
+        matcher_kind: "regex",
+        matcher_description: matcher.description,
+        file: file.path,
+        line,
+        excerpt: sanitizeLine(text)
+      });
+    }
+  }
+  return hits;
+}
+
+// ../vo-arch-defaults/src/analyze/evidence-matchers/import-detector.ts
+var STATIC_IMPORT = /import\s+(?:[^'"\n]{0,200}?from\s+)?(['"])([^'"]+)\1/;
+var DYNAMIC_IMPORT = /import\(\s*(['"])([^'"]+)\1\s*\)/;
+var REQUIRE_CALL = /require\(\s*(['"])([^'"]+)\1\s*\)/;
+var MAX_EXCERPT2 = 200;
+function sanitize(s) {
+  let out = s.replace(/^\s+/, "");
+  if (out.length > MAX_EXCERPT2) out = out.slice(0, MAX_EXCERPT2) + "\u2026";
+  return out;
+}
+function tryExtractSpec(line) {
+  const m = STATIC_IMPORT.exec(line) ?? DYNAMIC_IMPORT.exec(line) ?? REQUIRE_CALL.exec(line);
+  if (!m || !m[2]) return null;
+  return m[2];
+}
+function specMatches(spec, matcher) {
+  const cfg = matcher.config ?? {};
+  const from = typeof cfg.from === "string" ? cfg.from : null;
+  const mode = typeof cfg.match === "string" ? cfg.match : "exact";
+  if (from === null) return false;
+  if (mode === "regex") {
+    try {
+      return new RegExp(from).test(spec);
+    } catch {
+      return false;
+    }
+  }
+  if (mode === "prefix") {
+    return spec === from || spec.startsWith(from + "/");
+  }
+  return spec === from;
+}
+function runImportDetector(matcher, file) {
+  if (matcher.kind !== "import-detector") return [];
+  const hits = [];
+  for (const { line, text } of file.added_lines) {
+    const spec = tryExtractSpec(text);
+    if (spec === null) continue;
+    if (!specMatches(spec, matcher)) continue;
+    hits.push({
+      matcher_kind: "import-detector",
+      matcher_description: matcher.description,
+      file: file.path,
+      line,
+      excerpt: sanitize(text)
+    });
+  }
+  return hits;
+}
+
+// ../vo-arch-defaults/src/analyze/evidence-matchers/file-size.ts
+function runFileSizeMatcher(matcher, file) {
+  if (matcher.kind !== "file-size") return [];
+  const cfg = matcher.config ?? {};
+  const maxLines = typeof cfg.max_lines === "number" ? cfg.max_lines : null;
+  const explicitMaxAdded = typeof cfg.max_added_lines === "number" ? cfg.max_added_lines : null;
+  const cap = explicitMaxAdded ?? maxLines;
+  if (cap === null || cap <= 0) return [];
+  if (file.added_lines.length <= cap) return [];
+  const sample = file.added_lines[0]?.text ?? "";
+  return [
+    {
+      matcher_kind: "file-size",
+      matcher_description: `${matcher.description} (heuristic: ${file.added_lines.length} added lines > cap ${cap})`,
+      file: file.path,
+      excerpt: sample.slice(0, 100)
+    }
+  ];
+}
+
+// ../vo-arch-defaults/src/analyze/evidence-matchers/package-json.ts
+function valueMatches(value, cfg) {
+  if (typeof cfg.forbidden_prefix === "string" && value.startsWith(cfg.forbidden_prefix)) {
+    return true;
+  }
+  if (typeof cfg.forbidden_exact === "string" && value === cfg.forbidden_exact) {
+    return true;
+  }
+  if (typeof cfg.forbidden_regex === "string") {
+    try {
+      if (new RegExp(cfg.forbidden_regex).test(value)) return true;
+    } catch {
+    }
+  }
+  return false;
+}
+function runPackageJsonMatcher(matcher, file) {
+  if (matcher.kind !== "package-json-field") return [];
+  if (!file.path.endsWith("package.json")) return [];
+  const cfg = matcher.config ?? {};
+  const field = typeof cfg.field === "string" ? cfg.field : null;
+  if (field === null) return [];
+  const fieldRe = new RegExp(`"${field}"\\s*:\\s*"([^"]+)"`);
+  const hits = [];
+  for (const { line, text } of file.added_lines) {
+    const m = fieldRe.exec(text);
+    if (!m || !m[1]) continue;
+    if (valueMatches(m[1], cfg)) {
+      hits.push({
+        matcher_kind: "package-json-field",
+        matcher_description: matcher.description,
+        file: file.path,
+        line,
+        excerpt: text.trim().slice(0, 200)
+      });
+    }
+  }
+  return hits;
+}
+
+// ../vo-arch-defaults/src/analyze/evidence-matchers/index.ts
+function runEvidenceMatcher(matcher, file) {
+  switch (matcher.kind) {
+    case "regex":
+      return runRegexMatcher(matcher, file);
+    case "import-detector":
+      return runImportDetector(matcher, file);
+    case "file-size":
+      return runFileSizeMatcher(matcher, file);
+    case "package-json-field":
+      return runPackageJsonMatcher(matcher, file);
+    case "ast-pattern":
+    case "custom":
+      return [];
+    default:
+      return [];
+  }
+}
+
+// ../vo-arch-defaults/src/query/staleness.ts
+var DEFAULT_STALENESS_THRESHOLD_DAYS = 365;
+function computeStaleRules(rules, opts = {}) {
+  const threshold = opts.thresholdDays ?? DEFAULT_STALENESS_THRESHOLD_DAYS;
+  if (!Number.isFinite(threshold)) return [];
+  if (threshold <= 0) return [];
+  const now = opts.now ?? /* @__PURE__ */ new Date();
+  const nowMs = now.getTime();
+  if (!Number.isFinite(nowMs)) return [];
+  const out = [];
+  for (const rule of rules) {
+    const verifiedMs = Date.parse(rule.last_verified + "T00:00:00Z");
+    if (!Number.isFinite(verifiedMs)) continue;
+    const daysStale = Math.floor((nowMs - verifiedMs) / 864e5);
+    if (daysStale > threshold) {
+      out.push({
+        rule_id: rule.rule_id,
+        last_verified: rule.last_verified,
+        days_stale: daysStale
+      });
+    }
+  }
+  out.sort((a, b) => b.days_stale - a.days_stale);
+  return out;
+}
+
+// ../vo-arch-defaults/src/query/run-query.ts
+function findApplicableRules(input, opts = {}) {
+  const bundled = opts.rules !== void 0 ? opts.rules : loadBundledCorpus({ corpusDir: opts.corpusDir }).rules;
+  const override = opts.override !== void 0 ? opts.override : loadTenantOverride({ path: opts.tenantOverridePath }).override;
+  const merged = mergeCorpusWithOverride(bundled, override);
+  const parsedDiff = input.diff_excerpt ? parseUnifiedDiff(input.diff_excerpt) : null;
+  const categoryFilter = input.categories !== void 0 ? new Set(input.categories) : null;
+  const tagAnyFilter = input.tags_any !== void 0 ? new Set(input.tags_any) : null;
+  const applicable = [];
+  for (const rule of merged.rules) {
+    const stackOk = appliesToStack(rule, input.stack);
+    const changeOk = appliesToChangeType(rule, input.change_type);
+    const filesOk = appliesToFiles(rule, input.file_paths);
+    if (!stackOk || !changeOk || !filesOk) continue;
+    if (categoryFilter !== null && !categoryFilter.has(rule.category)) continue;
+    if (tagAnyFilter !== null) {
+      let tagHit = false;
+      for (const t of rule.tags) {
+        if (tagAnyFilter.has(t)) {
+          tagHit = true;
+          break;
+        }
+      }
+      if (!tagHit) continue;
+    }
+    const hits = [];
+    if (parsedDiff !== null) {
+      for (const file of parsedDiff.files) {
+        const filePathArr = [file.path];
+        if (!appliesToFiles(rule, filePathArr)) continue;
+        for (const matcher of rule.evidence_of_violation) {
+          const fileHits = runEvidenceMatcher(matcher, file);
+          for (const h of fileHits) hits.push(h);
+        }
+      }
+    }
+    applicable.push({
+      rule,
+      reason: {
+        stack_matched: stackOk,
+        change_type_matched: changeOk,
+        file_glob_matched: filesOk
+      },
+      evidence: hits
+    });
+  }
+  const stale_rules = computeStaleRules(merged.rules, {
+    ...opts.stalenessThresholdDays !== void 0 ? { thresholdDays: opts.stalenessThresholdDays } : {},
+    ...opts.now !== void 0 ? { now: opts.now } : {}
+  });
+  return {
+    applicable,
+    considered_count: merged.rules.length,
+    suppressed_count: merged.suppressed_count,
+    stale_rules
+  };
+}
+
+// ../vo-arch-defaults/src/query/corpus-version.ts
+import { createHash } from "node:crypto";
+
+// ../vo-arch-defaults/src/query/resolve-stack.ts
+function resolveStack(override, fallback) {
+  if (override !== null && override.tenant_stack !== void 0) {
+    return override.tenant_stack;
+  }
+  return fallback;
+}
+
+// ../vo-arch-defaults/src/pii-sanitize.ts
+var SANITIZE_DEFAULT_MAX_LEN = 200;
+function sanitizeExcerpt(raw, maxLen = SANITIZE_DEFAULT_MAX_LEN) {
+  let s = raw;
+  s = s.replace(/eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{5,}/g, "[REDACTED_JWT]");
+  s = s.replace(/\b(?:AKIA|ASIA)[A-Z0-9]{16}\b/g, "[REDACTED_AWS_KEY]");
+  s = s.replace(/\bAIza[0-9A-Za-z_-]{35}\b/g, "[REDACTED_GOOGLE_KEY]");
+  s = s.replace(/\bgh[pousr]_[A-Za-z0-9]{36,}\b/g, "[REDACTED_GITHUB_TOKEN]");
+  s = s.replace(/\bsk_(?:live|test)_[A-Za-z0-9_-]{20,}/g, "[REDACTED_STRIPE_KEY]");
+  s = s.replace(/sk-[A-Za-z0-9]{16,}/g, "[REDACTED_KEY]");
+  s = s.replace(/Bearer\s+[A-Za-z0-9_\-.]{16,}/g, "Bearer [REDACTED]");
+  s = s.replace(/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}/g, "[REDACTED_EMAIL]");
+  s = s.replace(/\b\d{3}-\d{2}-\d{4}\b/g, "[REDACTED_SSN]");
+  s = s.replace(/(?<![A-Za-z0-9])([\\/])(Users|home)\1[^\\/\s'"`]+/g, "$1$2$1[USER]");
+  if (s.length > maxLen) s = s.slice(0, maxLen) + "\u2026";
+  return s;
+}
+
+// src/logging/events-writer.ts
+var DEFAULT_EVENTS_MAX_BYTES = 50 * 1024 * 1024;
+var DEFAULT_EVENTS_KEEP_ROTATED = 10;
+function defaultEventsPath() {
+  const envPath = process.env["VO_MCP_EVENTS_PATH"];
+  if (envPath && envPath.length > 0) return envPath;
+  return join3(homedir2(), ".claude", "vo-mcp-events.jsonl");
+}
+function envPositiveInt(name) {
+  const raw = process.env[name];
+  if (raw === void 0 || raw.length === 0) return null;
+  const n = Number(raw);
+  return Number.isFinite(n) && n > 0 && Number.isInteger(n) ? n : null;
+}
+function rotateNow(filePath) {
+  try {
+    if (!statSync2(filePath).isFile()) return false;
+    const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+    const rotatedPath = `${filePath}.${ts}.gz`;
+    const contents = readFileSync3(filePath);
+    writeFileSync(rotatedPath, gzipSync(contents));
+    try {
+      chmodSync(rotatedPath, 384);
+    } catch {
+    }
+    unlinkSync(filePath);
+    return true;
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`[vo-mcp] events log rotation failed: ${msg}
+`);
+    return false;
+  }
+}
+function pruneRotated(filePath, keep) {
+  try {
+    const dir = dirname2(filePath);
+    const baseName = basename(filePath);
+    const prefix = `${baseName}.`;
+    const rotated = [];
+    for (const entry of readdirSync2(dir)) {
+      if (!entry.startsWith(prefix) || !entry.endsWith(".gz")) continue;
+      const full = join3(dir, entry);
+      try {
+        rotated.push({ full, mtimeMs: statSync2(full).mtimeMs });
+      } catch {
+      }
+    }
+    rotated.sort((a, b) => b.mtimeMs - a.mtimeMs);
+    for (const r of rotated.slice(keep)) {
+      try {
+        unlinkSync(r.full);
+      } catch {
+      }
+    }
+  } catch {
+  }
+}
+function createFileEventsWriter(opts = {}) {
+  const filePath = opts.path ?? defaultEventsPath();
+  const maxBytes = opts.maxBytes ?? envPositiveInt("VO_MCP_EVENTS_MAX_BYTES") ?? DEFAULT_EVENTS_MAX_BYTES;
+  const keepRotated = opts.keepRotated ?? envPositiveInt("VO_MCP_EVENTS_KEEP_ROTATED") ?? DEFAULT_EVENTS_KEEP_ROTATED;
+  mkdirSync(dirname2(filePath), { recursive: true, mode: 448 });
+  let permsApplied = false;
+  let currentBytes = 0;
+  try {
+    currentBytes = statSync2(filePath).size;
+  } catch {
+  }
+  return {
+    append(event) {
+      const line = JSON.stringify(event) + "\n";
+      const lineBytes = Buffer.byteLength(line, "utf8");
+      if (currentBytes > 0 && currentBytes + lineBytes > maxBytes) {
+        if (rotateNow(filePath)) {
+          pruneRotated(filePath, keepRotated);
+          currentBytes = 0;
+          permsApplied = false;
+        }
+      }
+      try {
+        appendFileSync(filePath, line, "utf8");
+        currentBytes += lineBytes;
+      } catch (err) {
+        const code = err.code;
+        if (code === "ENOSPC") {
+          process.stderr.write(
+            `[vo-mcp] events log write failed (disk full): event dropped
+`
+          );
+          return;
+        }
+        throw err;
+      }
+      if (!permsApplied) {
+        try {
+          chmodSync(filePath, 384);
+        } catch {
+        }
+        permsApplied = true;
+      }
+    },
+    path() {
+      return filePath;
+    },
+    close() {
+    }
+  };
+}
+function createMemoryEventsWriter() {
+  const events = [];
+  return {
+    events,
+    append(event) {
+      events.push(event);
+    },
+    path() {
+      return "memory";
+    },
+    close() {
+    }
+  };
+}
+
+// src/tools/common.ts
+function readVoMcpVersion() {
+  try {
+    const here = dirname3(fileURLToPath2(import.meta.url));
+    const pkgPath = join4(here, "..", "..", "package.json");
+    const pkg = JSON.parse(readFileSync4(pkgPath, "utf8"));
+    return typeof pkg.version === "string" ? pkg.version : "0.0.0-unknown";
+  } catch {
+    return "0.0.0-unknown";
+  }
+}
+var VO_MCP_VERSION = readVoMcpVersion();
+function bytesOf(s) {
+  return Buffer.byteLength(s, "utf8");
+}
+function sha256Hex(s) {
+  return createHash2("sha256").update(s, "utf8").digest("hex");
+}
+function invalidParams(toolName, message) {
+  return new McpError(ErrorCode.InvalidParams, `${toolName}: ${message}`);
+}
+function methodNotFound(toolName, knownTools) {
+  return new McpError(
+    ErrorCode.MethodNotFound,
+    `Unknown tool: ${toolName}. Registered tools: ${knownTools.join(", ")}`
+  );
+}
+function assertWithinByteCap(toolName, fieldName, value, maxBytes) {
+  const bytes = Buffer.byteLength(value, "utf8");
+  if (bytes > maxBytes) {
+    throw invalidParams(
+      toolName,
+      `input field '${fieldName}' exceeds ${maxBytes}-byte cap (got ${bytes} bytes). Trim the input or split across multiple calls.`
+    );
+  }
+}
+function buildBaseEvent(args) {
+  return {
+    schema_version: 1,
+    event_id: args.eventId ?? randomUUID(),
+    ts: args.now.toISOString(),
+    tenant_id: args.session.tenantId,
+    operator_id: args.session.operatorId,
+    session_id: args.session.sessionId,
+    client_id: args.session.clientId,
+    mode: args.session.mode,
+    tool: args.tool,
+    gate_type: args.gateType,
+    input_hash: args.inputHash,
+    input_excerpt: sanitizeExcerpt(args.inputExcerpt),
+    input_size_bytes: args.inputSizeBytes,
+    per_model_verdicts: [],
+    synthesized_verdict: null,
+    consensus_confidence: null,
+    per_model_tokens_in: null,
+    per_model_tokens_out: null,
+    total_cost_usd: null,
+    duration_ms: null,
+    dev_override: null,
+    downstream_outcome: null,
+    vo_mcp_version: VO_MCP_VERSION,
+    consensus_engine_version: null,
+    cache_hit: false
+  };
+}
+function jsonContent(value) {
+  return {
+    content: [{ type: "text", text: JSON.stringify(value, null, 2) }]
+  };
+}
+function toEventPerModelVerdicts(src) {
+  return src.map((v) => {
+    const sanitizedExcerpt = sanitizeExcerpt(v.raw_response_excerpt);
+    return {
+      model: v.model,
+      model_id: v.model,
+      provider: v.provider,
+      verdict: v.verdict,
+      confidence: v.confidence,
+      duration_ms: v.duration_ms,
+      raw_response_excerpt: sanitizedExcerpt,
+      // Hash over the sanitized excerpt — engine doesn't yet thread the full
+      // raw response. Documented limitation on `raw_response_hash` in types.ts.
+      raw_response_hash: sha256Hex(v.raw_response_excerpt),
+      reasoning_summary: typeof v.reasoning_excerpt === "string" && v.reasoning_excerpt.length > 0 ? sanitizeExcerpt(v.reasoning_excerpt, 500) : null,
+      // Engine doesn't yet emit cited_sources; ship empty array so cloud
+      // ingestion doesn't NPE on `Array.isArray()` checks.
+      cited_sources: [],
+      error: v.error ?? null
+    };
+  });
+}
+function toEventSynthesizedVerdict(src) {
+  return {
+    verdict: src.verdict,
+    confidence: src.confidence,
+    reasoning_excerpt: sanitizeExcerpt(src.reasoning_excerpt)
+  };
+}
+
+// src/modes/local.ts
+function createLocalMode() {
+  return {
+    mode: "local",
+    tenantId: "local",
+    operatorId: "local",
+    isCloudConnected() {
+      return false;
+    }
+  };
+}
+
+// src/tools/check-assertion-strength.ts
+var TOOL_NAME = "vo_check_assertion_strength";
+var GATE_TYPE = "ratchet";
+var MAX_SOURCE_BYTES = 512 * 1024;
+var inputSchema = {
+  type: "object",
+  properties: {
+    source: {
+      type: "string",
+      description: "Full test file body to analyze."
+    },
+    file_path: {
+      type: "string",
+      description: "Optional path hint for nicer findings messages."
+    },
+    language: {
+      type: "string",
+      enum: ["ts", "tsx", "js", "jsx", "py"],
+      description: "Optional language hint."
+    }
+  },
+  required: ["source"],
+  additionalProperties: false
+};
+var description = "Analyzes a test file's assertions and returns a strength score (0-100), an overall verdict (strong/weak/hollow), and per-assertion findings. Hollow patterns flagged include toBeDefined()-only checks, toBeTruthy/toBeFalsy against literals, and tautological self-comparisons. Strong patterns rewarded include toBe, toEqual, toMatchObject, toContain, toHaveBeenCalledWith, toStrictEqual. Use BEFORE accepting a generated or hand-written test, to catch tests that 'pass' without verifying product truth. Open-shell ratchet \u2014 institutional thresholds load from a closed ratchet library; the scoring shape is stable across versions.";
+function isToolInput(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["source"] !== "string") return false;
+  if (o["file_path"] !== void 0 && typeof o["file_path"] !== "string") return false;
+  if (o["language"] !== void 0 && typeof o["language"] !== "string") return false;
+  return true;
+}
+async function handleCheckAssertionStrength(deps, rawInput, _signal) {
+  if (!isToolInput(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME,
+      "invalid input. Required: { source: string }. Optional: file_path, language."
+    );
+  }
+  assertWithinByteCap(TOOL_NAME, "source", rawInput.source, MAX_SOURCE_BYTES);
+  const key = deps.cache.keyFor(TOOL_NAME, rawInput);
+  const excerpt = rawInput.source.slice(0, 300);
+  const inputSizeBytes = bytesOf(rawInput.source);
+  const cached = deps.cache.get(key);
+  if (cached) {
+    const envelope2 = {
+      ...cached.value,
+      cache: { hit: true, key }
+    };
+    deps.events.append({
+      ...buildBaseEvent({
+        tool: TOOL_NAME,
+        gateType: GATE_TYPE,
+        inputHash: key,
+        inputExcerpt: excerpt,
+        inputSizeBytes,
+        session: deps.session,
+        now: deps.now()
+      }),
+      cache_hit: true
+    });
+    return jsonContent(envelope2);
+  }
+  const result = await deps.ratchets.checkAssertionStrength({
+    source: rawInput.source,
+    ...rawInput.file_path !== void 0 ? { filePath: rawInput.file_path } : {},
+    ...rawInput.language !== void 0 ? { language: rawInput.language } : {}
+  });
+  const payload = {
+    score: result.score,
+    max_score: result.maxScore,
+    verdict: result.verdict,
+    per_assertion_findings: result.findings,
+    summary: result.summary
+  };
+  const envelope = {
+    tool: TOOL_NAME,
+    schema_version: 1,
+    cache: { hit: false, key },
+    payload
+  };
+  deps.cache.set(key, envelope);
+  deps.events.append(
+    buildBaseEvent({
+      tool: TOOL_NAME,
+      gateType: GATE_TYPE,
+      inputHash: key,
+      inputExcerpt: excerpt,
+      inputSizeBytes,
+      session: deps.session,
+      now: deps.now()
+    })
+  );
+  return jsonContent(envelope);
+}
+
+// src/tools/architecture-review-kb-prefilter.ts
+var DEFAULT_STACK = [
+  "node",
+  "node-pnpm-monorepo",
+  "typescript-strict",
+  "firebase-cloud-functions",
+  "react-frontend"
+];
+var _cachedEffectiveStack = null;
+function getEffectiveStack() {
+  if (_cachedEffectiveStack === null) {
+    try {
+      const override = loadTenantOverride().override;
+      _cachedEffectiveStack = resolveStack(override, DEFAULT_STACK);
+    } catch {
+      process.stderr.write(
+        `[vo-mcp] vo-arch-defaults tenant override unreadable; falling back to DEFAULT_STACK
+`
+      );
+      _cachedEffectiveStack = DEFAULT_STACK;
+    }
+  }
+  return _cachedEffectiveStack;
+}
+var MAX_KB_RULES = 10;
+var SEVERITY_RANK = {
+  blocker: 0,
+  warning: 1,
+  info: 2
+};
+function findRulesForDiff(diff) {
+  try {
+    const parsed = parseUnifiedDiff(diff);
+    const filePaths = parsed.files.map((f) => f.path);
+    if (filePaths.length === 0) return { rules: [], error: null };
+    const result = findApplicableRules({
+      stack: getEffectiveStack(),
+      change_type: "any",
+      file_paths: filePaths,
+      diff_excerpt: diff
+    });
+    return { rules: result.applicable, error: null };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`[vo-mcp] vo-arch-defaults KB unavailable: ${message}
+`);
+    return { rules: [], error: message };
+  }
+}
+function prepareKBRules(hits) {
+  const sorted = [...hits].sort((a, b) => {
+    const sa = SEVERITY_RANK[a.rule.severity] ?? 99;
+    const sb = SEVERITY_RANK[b.rule.severity] ?? 99;
+    if (sa !== sb) return sa - sb;
+    return a.rule.rule_id.localeCompare(b.rule.rule_id);
+  });
+  const topRules = sorted.slice(0, MAX_KB_RULES);
+  const truncated = Math.max(0, sorted.length - topRules.length);
+  return { topRules, truncated };
+}
+function formatRulesForPrompt(hits, truncated, domainLabel = "ARCHITECTURAL") {
+  if (hits.length === 0) return "";
+  const lines = ["", `---${domainLabel} RULES MATCHED FROM KB---`];
+  for (const hit of hits) {
+    const evidenceTag = hit.evidence.length > 0 ? ` (${hit.evidence.length} evidence hit${hit.evidence.length === 1 ? "" : "s"} from mechanical detector)` : "";
+    lines.push(
+      `- [${hit.rule.severity}] ${hit.rule.rule_id}: ${hit.rule.title}${evidenceTag}`
+    );
+    lines.push(`  Rationale: ${hit.rule.rationale}`);
+    if (hit.evidence.length > 0) {
+      for (const e of hit.evidence.slice(0, 3)) {
+        const loc = e.line !== void 0 ? `${e.file}:${e.line}` : e.file;
+        lines.push(`  - ${loc} \u2014 ${sanitizeExcerpt(e.excerpt)}`);
+      }
+    }
+  }
+  if (truncated > 0) {
+    lines.push(
+      `... and ${truncated} more lower-severity rule${truncated === 1 ? "" : "s"} truncated to bound prompt size.`
+    );
+  }
+  lines.push("---END KB RULES---");
+  return lines.join("\n");
+}
+
+// src/tools/kb-metadata-prefilter.ts
+function findRulesByMetadata(opts) {
+  if (opts.category === void 0 && opts.tagsAny === void 0) {
+    return {
+      rules: [],
+      error: "findRulesByMetadata called without category or tagsAny \u2014 refusing to surface every rule"
+    };
+  }
+  try {
+    const bundled = loadBundledCorpus().rules;
+    const override = loadTenantOverride().override;
+    const merged = mergeCorpusWithOverride(bundled, override);
+    const tagAnyFilter = opts.tagsAny !== void 0 ? new Set(opts.tagsAny) : null;
+    const hits = [];
+    for (const rule of merged.rules) {
+      if (opts.category !== void 0 && rule.category !== opts.category) continue;
+      if (tagAnyFilter !== null) {
+        let tagHit = false;
+        for (const t of rule.tags) {
+          if (tagAnyFilter.has(t)) {
+            tagHit = true;
+            break;
+          }
+        }
+        if (!tagHit) continue;
+      }
+      hits.push({
+        rule,
+        // No applies-context for metadata queries; report all matched=true so
+        // downstream KBLookupResult consumers don't NPE on the field.
+        reason: { stack_matched: true, change_type_matched: true, file_glob_matched: true },
+        evidence: []
+        // No diff → no evidence matchers run.
+      });
+    }
+    return { rules: hits, error: null };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`[vo-mcp] vo-arch-defaults KB unavailable: ${message}
+`);
+    return { rules: [], error: message };
+  }
+}
+
+// src/tools/check-hollow-test.ts
+var TOOL_NAME2 = "vo_check_hollow_test";
+var GATE_TYPE2 = "plan-review";
+var MAX_SOURCE_BYTES2 = 512 * 1024;
+var inputSchema2 = {
+  type: "object",
+  properties: {
+    source: { type: "string", description: "Full test file body to analyze." },
+    file_path: { type: "string", description: "Optional path hint for nicer findings messages." }
+  },
+  required: ["source"],
+  additionalProperties: false
+};
+var description2 = "Detects 'hollow' test patterns where a test passes without verifying product behavior \u2014 e.g. mocks that return whatever the test expects, assertions on local fixtures rather than real outputs, tests that exercise no real code path. Returns a consensus verdict (pass/fail/uncertain) with per-model reasoning. Complements vo_check_assertion_strength (static ratchet); this tool uses LLM judgment for patterns static analysis can't reach. Falls back to 'unimplemented' when no engine credentials are configured; the call is always logged.";
+function isToolInput2(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["source"] !== "string") return false;
+  if (o["file_path"] !== void 0 && typeof o["file_path"] !== "string") return false;
+  return true;
+}
+function buildPrompt(input, kbRules, kbTruncated) {
+  const pathHint = input.file_path !== void 0 ? `File: ${input.file_path}
+` : "";
+  const rulesBlock = formatRulesForPrompt(kbRules, kbTruncated, "TESTING");
+  return `${pathHint}Analyze the following test source for HOLLOW patterns \u2014 tests that pass without verifying product truth. Hollow patterns include: assertions on locally-defined fixtures (not real product output), mocks that return the expected value verbatim, toBeDefined()/toBeTruthy() against literal values, tests that exercise NO real product code path, tautological self-comparisons (expect(x).toBe(x)).
+
+Respond with verdict 'fail' if the test is HOLLOW (does not verify product truth), 'pass' if the test is genuinely verifying product behavior, or 'uncertain' if the determination cannot be made from the source alone.${rulesBlock}
+
+---TEST SOURCE---
+${input.source}
+---END---`;
+}
+async function handleCheckHollowTest(deps, rawInput, signal) {
+  if (!isToolInput2(rawInput)) {
+    throw invalidParams(TOOL_NAME2, "invalid input. Required: { source: string }.");
+  }
+  assertWithinByteCap(TOOL_NAME2, "source", rawInput.source, MAX_SOURCE_BYTES2);
+  const key = deps.cache.keyFor(TOOL_NAME2, rawInput);
+  const excerpt = rawInput.source.slice(0, 300);
+  const inputSizeBytes = bytesOf(rawInput.source);
+  const cached = deps.cache.get(key);
+  if (cached !== null) {
+    const replayEvent = {
+      ...buildBaseEvent({
+        tool: TOOL_NAME2,
+        gateType: GATE_TYPE2,
+        inputHash: key,
+        inputExcerpt: excerpt,
+        inputSizeBytes,
+        session: deps.session,
+        now: deps.now()
+      }),
+      per_model_verdicts: cached.value.payload.per_model_verdicts,
+      synthesized_verdict: cached.value.payload.synthesized_verdict ?? null,
+      consensus_confidence: cached.value.payload.synthesized_verdict?.confidence ?? null,
+      consensus_engine_version: cached.value.payload.engine_version ?? null,
+      cache_hit: true
+    };
+    deps.events.append(replayEvent);
+    return jsonContent({ ...cached.value, cache: { hit: true, key } });
+  }
+  const kbResult = findRulesByMetadata({ category: "testing" });
+  const { topRules, truncated: kbTruncated } = prepareKBRules(kbResult.rules);
+  const baseEvent = buildBaseEvent({
+    tool: TOOL_NAME2,
+    gateType: GATE_TYPE2,
+    inputHash: key,
+    inputExcerpt: excerpt,
+    inputSizeBytes,
+    session: deps.session,
+    now: deps.now()
+  });
+  let engineResult;
+  let engineThrew = false;
+  try {
+    engineResult = await deps.consensus.run({
+      gate_type: GATE_TYPE2,
+      prompt: buildPrompt(rawInput, topRules, kbTruncated),
+      ...signal !== void 0 ? { signal } : {}
+    });
+  } catch (err) {
+    engineThrew = true;
+    const message = err instanceof Error ? err.message : String(err);
+    engineResult = { ok: false, reason: `engine-threw: ${message}` };
+  }
+  if (!engineResult.ok && engineResult.reason === "cancelled") {
+    deps.events.append({
+      ...baseEvent,
+      downstream_outcome: {
+        status: "cancelled",
+        notes: "mcp notifications/cancelled \u2014 handler aborted via SDK signal"
+      }
+    });
+    const e = new Error("Request cancelled by client (notifications/cancelled)");
+    e.name = "AbortError";
+    throw e;
+  }
+  if (!engineResult.ok) {
+    const payload2 = {
+      verdict: "unimplemented",
+      reason: engineResult.reason,
+      per_model_verdicts: [],
+      gate_type: GATE_TYPE2,
+      ...engineThrew ? { degraded_mode: true } : {},
+      ...kbResult.error !== null ? { kb_unavailable: true } : {},
+      ...kbTruncated > 0 ? { kb_rules_truncated: kbTruncated } : {}
+    };
+    const envelope2 = {
+      tool: TOOL_NAME2,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload: payload2
+    };
+    deps.events.append(baseEvent);
+    return jsonContent(envelope2);
+  }
+  const perModelForEvent = toEventPerModelVerdicts(engineResult.per_model_verdicts);
+  const synthForEvent = toEventSynthesizedVerdict(engineResult.synthesized_verdict);
+  const enrichedEvent = {
+    ...baseEvent,
+    per_model_verdicts: perModelForEvent,
+    synthesized_verdict: synthForEvent,
+    consensus_confidence: engineResult.synthesized_verdict.confidence,
+    duration_ms: engineResult.duration_ms,
+    consensus_engine_version: engineResult.engine_version
+  };
+  const payload = {
+    verdict: engineResult.synthesized_verdict.verdict,
+    reason: engineResult.synthesized_verdict.dissent_summary ?? `panel agreed (${engineResult.per_model_verdicts.length} models, engine=${engineResult.engine_version})`,
+    per_model_verdicts: perModelForEvent,
+    synthesized_verdict: synthForEvent,
+    engine_version: engineResult.engine_version,
+    degraded: engineResult.degraded,
+    gate_type: GATE_TYPE2,
+    ...kbResult.error !== null ? { kb_unavailable: true } : {},
+    ...kbTruncated > 0 ? { kb_rules_truncated: kbTruncated } : {}
+  };
+  const envelope = {
+    tool: TOOL_NAME2,
+    schema_version: 1,
+    cache: { hit: false, key },
+    payload
+  };
+  deps.cache.set(key, envelope);
+  deps.events.append(enrichedEvent);
+  return jsonContent(envelope);
+}
+
+// src/tools/verify-answer.ts
+var TOOL_NAME3 = "vo_verify_answer";
+var SHALLOW_GATE = "mid-exec-verify";
+var DEEP_GATE = "final-deep-verify";
+var MAX_VALUE_BYTES = 256 * 1024;
+var inputSchema3 = {
+  type: "object",
+  properties: {
+    expected: {
+      description: "The expected value (string, number, or structured JSON)."
+    },
+    observed: {
+      description: "The observed value to compare against expected."
+    },
+    domain: {
+      type: "string",
+      description: "Domain hint for semantic comparison (e.g. tax, code, prose)."
+    },
+    deep: {
+      type: "boolean",
+      description: "When true, routes to the final-deep-verify gate (deliberation synthesizer, 4-model expensive panel, max 2 rounds). Default false \u2192 mid-exec-verify gate (weighted, 3-model cheap panel)."
+    }
+  },
+  required: ["expected", "observed"],
+  additionalProperties: false
+};
+var description3 = 'Compares an expected value against an observed value via consensus fan-out and returns whether they are semantically equivalent (handles formatting drift, unit conversions, paraphrase). Default routes to the mid-exec-verify gate (cheap 3-model panel); pass deep:true to escalate to final-deep-verify (4-model deliberation). Returns per-model verdicts and a synthesized pass/fail/uncertain. Falls back to "unimplemented" when engine credentials are absent; the call is always logged.';
+function isToolInput3(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (!("expected" in o) || !("observed" in o)) return false;
+  if (o["domain"] !== void 0 && typeof o["domain"] !== "string") return false;
+  if (o["deep"] !== void 0 && typeof o["deep"] !== "boolean") return false;
+  return true;
+}
+function safeStringify(v) {
+  try {
+    return JSON.stringify(v);
+  } catch {
+    return String(v);
+  }
+}
+function buildPrompt2(input, kbRules, kbTruncated) {
+  const domain = input.domain !== void 0 ? ` (domain: ${input.domain})` : "";
+  const rulesBlock = formatRulesForPrompt(kbRules, kbTruncated, "SECURITY");
+  return `Judge whether the OBSERVED value is semantically equivalent to the EXPECTED value${domain}. Treat formatting drift (whitespace, casing, currency symbols, unit notation) and paraphrase as equivalent; treat numerically different values, wrong units, or wrong factual content as NOT equivalent.
+
+Respond with verdict 'pass' when equivalent, 'fail' when not equivalent, or 'uncertain' when the determination requires information not present in the inputs.${rulesBlock}
+
+---EXPECTED---
+${safeStringify(input.expected)}
+---OBSERVED---
+${safeStringify(input.observed)}
+---END---`;
+}
+async function handleVerifyAnswer(deps, rawInput, signal) {
+  if (!isToolInput3(rawInput)) {
+    throw invalidParams(TOOL_NAME3, "invalid input. Required: { expected, observed }.");
+  }
+  const expectedStr = safeStringify(rawInput.expected);
+  const observedStr = safeStringify(rawInput.observed);
+  assertWithinByteCap(TOOL_NAME3, "expected", expectedStr, MAX_VALUE_BYTES);
+  assertWithinByteCap(TOOL_NAME3, "observed", observedStr, MAX_VALUE_BYTES);
+  const gateType = rawInput.deep === true ? DEEP_GATE : SHALLOW_GATE;
+  const cacheInput = {
+    expected: rawInput.expected,
+    observed: rawInput.observed,
+    ...rawInput.domain !== void 0 ? { domain: rawInput.domain } : {},
+    gate_type: gateType
+  };
+  const key = deps.cache.keyFor(TOOL_NAME3, cacheInput);
+  const excerpt = safeStringify(rawInput).slice(0, 300);
+  const inputSizeBytes = bytesOf(expectedStr) + bytesOf(observedStr);
+  const isDeep = gateType === DEEP_GATE;
+  const kbResult = isDeep ? findRulesByMetadata({ category: "security" }) : { rules: [], error: null };
+  const { topRules, truncated: kbTruncated } = prepareKBRules(kbResult.rules);
+  const cached = deps.cache.get(key);
+  if (cached !== null) {
+    const replayEvent = {
+      ...buildBaseEvent({
+        tool: TOOL_NAME3,
+        gateType,
+        inputHash: key,
+        inputExcerpt: excerpt,
+        inputSizeBytes,
+        session: deps.session,
+        now: deps.now()
+      }),
+      per_model_verdicts: cached.value.payload.per_model_verdicts,
+      synthesized_verdict: cached.value.payload.synthesized_verdict ?? null,
+      consensus_confidence: cached.value.payload.synthesized_verdict?.confidence ?? null,
+      consensus_engine_version: cached.value.payload.engine_version ?? null,
+      cache_hit: true
+    };
+    deps.events.append(replayEvent);
+    return jsonContent({ ...cached.value, cache: { hit: true, key } });
+  }
+  const baseEvent = buildBaseEvent({
+    tool: TOOL_NAME3,
+    gateType,
+    inputHash: key,
+    inputExcerpt: excerpt,
+    inputSizeBytes,
+    session: deps.session,
+    now: deps.now()
+  });
+  let engineResult;
+  let engineThrew = false;
+  try {
+    engineResult = await deps.consensus.run({
+      gate_type: gateType,
+      prompt: buildPrompt2(rawInput, topRules, kbTruncated),
+      ...signal !== void 0 ? { signal } : {}
+    });
+  } catch (err) {
+    engineThrew = true;
+    const message = err instanceof Error ? err.message : String(err);
+    engineResult = { ok: false, reason: `engine-threw: ${message}` };
+  }
+  if (!engineResult.ok && engineResult.reason === "cancelled") {
+    deps.events.append({
+      ...baseEvent,
+      downstream_outcome: {
+        status: "cancelled",
+        notes: "mcp notifications/cancelled \u2014 handler aborted via SDK signal"
+      }
+    });
+    const e = new Error("Request cancelled by client (notifications/cancelled)");
+    e.name = "AbortError";
+    throw e;
+  }
+  if (!engineResult.ok) {
+    const payload2 = {
+      verdict: "unimplemented",
+      reason: engineResult.reason,
+      per_model_verdicts: [],
+      gate_type: gateType,
+      ...engineThrew ? { degraded_mode: true } : {},
+      ...kbResult.error !== null ? { kb_unavailable: true } : {},
+      ...kbTruncated > 0 ? { kb_rules_truncated: kbTruncated } : {}
+    };
+    const envelope2 = {
+      tool: TOOL_NAME3,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload: payload2
+    };
+    deps.events.append(baseEvent);
+    return jsonContent(envelope2);
+  }
+  const perModelForEvent = toEventPerModelVerdicts(engineResult.per_model_verdicts);
+  const synthForEvent = toEventSynthesizedVerdict(engineResult.synthesized_verdict);
+  const enrichedEvent = {
+    ...baseEvent,
+    per_model_verdicts: perModelForEvent,
+    synthesized_verdict: synthForEvent,
+    consensus_confidence: engineResult.synthesized_verdict.confidence,
+    duration_ms: engineResult.duration_ms,
+    consensus_engine_version: engineResult.engine_version
+  };
+  const payload = {
+    verdict: engineResult.synthesized_verdict.verdict,
+    reason: engineResult.synthesized_verdict.dissent_summary ?? `panel agreed (${engineResult.per_model_verdicts.length} models, engine=${engineResult.engine_version})`,
+    per_model_verdicts: perModelForEvent,
+    synthesized_verdict: synthForEvent,
+    engine_version: engineResult.engine_version,
+    degraded: engineResult.degraded,
+    gate_type: gateType,
+    ...kbResult.error !== null ? { kb_unavailable: true } : {},
+    ...kbTruncated > 0 ? { kb_rules_truncated: kbTruncated } : {}
+  };
+  const envelope = {
+    tool: TOOL_NAME3,
+    schema_version: 1,
+    cache: { hit: false, key },
+    payload
+  };
+  deps.cache.set(key, envelope);
+  deps.events.append(enrichedEvent);
+  return jsonContent(envelope);
+}
+
+// src/consensus/gate-types.ts
+var LEGACY_GATE_TYPES = [
+  "test_assertion",
+  "architecture_review",
+  "factual_grounding",
+  "verify_answer",
+  "other"
+];
+var KNOWN_GATE_TYPES = [
+  "plan-review",
+  "mid-exec-verify",
+  "final-deep-verify",
+  "architecture-review"
+];
+var ALL_RECOGNIZED_GATE_TYPES = [
+  ...LEGACY_GATE_TYPES,
+  ...KNOWN_GATE_TYPES
+];
+
+// src/tools/consensus-judgment.ts
+var TOOL_NAME4 = "vo_consensus_judgment";
+var MAX_PROMPT_BYTES = 64 * 1024;
+var MAX_CONTEXT_BYTES = 256 * 1024;
+var ALL_GATE_TYPES = ALL_RECOGNIZED_GATE_TYPES;
+var DEFAULT_GATE_TYPE = "plan-review";
+var inputSchema4 = {
+  type: "object",
+  properties: {
+    prompt: {
+      type: "string",
+      description: "The judgment prompt \u2014 what you want multiple models to assess."
+    },
+    gate_type: {
+      type: "string",
+      enum: [...ALL_GATE_TYPES],
+      description: "Which gate this judgment serves. Phase 2 kebab-case names (plan-review, mid-exec-verify, final-deep-verify, architecture-review) drive the engine\u2019s synthesizer choice. Phase 1 underscore names back-compat to strict-consensus. Default: plan-review."
+    },
+    context: {
+      type: "object",
+      description: "Tool-specific context (e.g. source file, diff, observed value).",
+      additionalProperties: true
+    }
+  },
+  required: ["prompt"],
+  additionalProperties: false
+};
+var description4 = "Submit a prompt to multiple LLMs and return a synthesized consensus verdict with per-model verdicts visible. Use for high-stakes judgment calls where a single model's verdict is too risky (architecture reviews, weak-vs-strong-assertion calls, factual grounding against authoritative sources). Returns a real synthesized verdict when the closed consensus engine is wired in with credentials; falls back to 'unimplemented' otherwise. The call IS always logged for dataset and unit-economics audit (V1 launch gate #7).";
+function isToolInput4(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["prompt"] !== "string") return false;
+  if (o["gate_type"] !== void 0 && typeof o["gate_type"] !== "string") return false;
+  return true;
+}
+function isAcceptedGateType(v) {
+  return ALL_GATE_TYPES.includes(v);
+}
+async function handleConsensusJudgment(deps, rawInput, signal) {
+  if (!isToolInput4(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME4,
+      "invalid input. Required: { prompt: string, gate_type?: string }."
+    );
+  }
+  assertWithinByteCap(TOOL_NAME4, "prompt", rawInput.prompt, MAX_PROMPT_BYTES);
+  let contextStrForSize = "";
+  if (rawInput.context !== void 0) {
+    try {
+      contextStrForSize = JSON.stringify(rawInput.context);
+    } catch {
+      throw invalidParams(TOOL_NAME4, "input field 'context' is not JSON-serializable.");
+    }
+    assertWithinByteCap(TOOL_NAME4, "context", contextStrForSize, MAX_CONTEXT_BYTES);
+  }
+  const rawGate = rawInput.gate_type ?? DEFAULT_GATE_TYPE;
+  const gateType = isAcceptedGateType(rawGate) ? rawGate : DEFAULT_GATE_TYPE;
+  const inputSizeBytes = bytesOf(rawInput.prompt) + bytesOf(contextStrForSize);
+  const cacheInput = {
+    prompt: rawInput.prompt,
+    gate_type: gateType,
+    ...rawInput.context !== void 0 ? { context: rawInput.context } : {}
+  };
+  const key = deps.cache.keyFor(TOOL_NAME4, cacheInput);
+  const excerpt = rawInput.prompt.slice(0, 300);
+  const cached = deps.cache.get(key);
+  if (cached !== null) {
+    const replayEvent = buildBaseEvent({
+      tool: TOOL_NAME4,
+      gateType,
+      inputHash: key,
+      inputExcerpt: excerpt,
+      inputSizeBytes,
+      session: deps.session,
+      now: deps.now()
+    });
+    const enrichedReplay = {
+      ...replayEvent,
+      per_model_verdicts: cached.value.payload.per_model_verdicts,
+      synthesized_verdict: cached.value.payload.synthesized_verdict ?? null,
+      consensus_confidence: cached.value.payload.synthesized_verdict?.confidence ?? null,
+      consensus_engine_version: cached.value.payload.engine_version ?? null,
+      cache_hit: true
+    };
+    deps.events.append(enrichedReplay);
+    const replayEnvelope = {
+      ...cached.value,
+      cache: { hit: true, key }
+    };
+    return jsonContent(replayEnvelope);
+  }
+  const baseEvent = buildBaseEvent({
+    tool: TOOL_NAME4,
+    gateType,
+    inputHash: key,
+    inputExcerpt: excerpt,
+    inputSizeBytes,
+    session: deps.session,
+    now: deps.now()
+  });
+  let engineResult;
+  let engineThrew = false;
+  try {
+    engineResult = await deps.consensus.run({
+      gate_type: gateType,
+      prompt: rawInput.prompt,
+      ...rawInput.context !== void 0 ? { caller_context: rawInput.context } : {},
+      ...signal !== void 0 ? { signal } : {}
+    });
+  } catch (err) {
+    engineThrew = true;
+    const message = err instanceof Error ? err.message : String(err);
+    engineResult = { ok: false, reason: `engine-threw: ${message}` };
+  }
+  if (!engineResult.ok && engineResult.reason === "cancelled") {
+    deps.events.append({
+      ...baseEvent,
+      downstream_outcome: {
+        status: "cancelled",
+        notes: "mcp notifications/cancelled \u2014 handler aborted via SDK signal"
+      }
+    });
+    const e = new Error("Request cancelled by client (notifications/cancelled)");
+    e.name = "AbortError";
+    throw e;
+  }
+  if (!engineResult.ok) {
+    const payload2 = {
+      verdict: "unimplemented",
+      reason: engineResult.reason,
+      per_model_verdicts: [],
+      gate_type: gateType,
+      ...engineThrew ? { degraded_mode: true } : {}
+    };
+    const envelope2 = {
+      tool: TOOL_NAME4,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload: payload2
+    };
+    deps.events.append(baseEvent);
+    return jsonContent(envelope2);
+  }
+  const perModelForEvent = toEventPerModelVerdicts(engineResult.per_model_verdicts);
+  const synthForEvent = toEventSynthesizedVerdict(engineResult.synthesized_verdict);
+  const enrichedEvent = {
+    ...baseEvent,
+    consensus_confidence: engineResult.synthesized_verdict.confidence,
+    duration_ms: engineResult.duration_ms,
+    consensus_engine_version: engineResult.engine_version,
+    per_model_verdicts: perModelForEvent,
+    synthesized_verdict: synthForEvent
+  };
+  const payload = {
+    verdict: engineResult.synthesized_verdict.verdict,
+    reason: engineResult.synthesized_verdict.dissent_summary ?? `panel agreed (${engineResult.per_model_verdicts.length} models, engine=${engineResult.engine_version})`,
+    per_model_verdicts: perModelForEvent,
+    synthesized_verdict: synthForEvent,
+    engine_version: engineResult.engine_version,
+    degraded: engineResult.degraded,
+    gate_type: gateType
+  };
+  const envelope = {
+    tool: TOOL_NAME4,
+    schema_version: 1,
+    cache: { hit: false, key },
+    payload
+  };
+  deps.cache.set(key, envelope);
+  deps.events.append(enrichedEvent);
+  return jsonContent(envelope);
+}
+
+// src/tools/architecture-review.ts
+var TOOL_NAME5 = "vo_architecture_review";
+var GATE_TYPE3 = "architecture-review";
+var MAX_DIFF_BYTES = 1024 * 1024;
+var MAX_SUMMARY_BYTES = 16 * 1024;
+var ACCEPTED_CHANGE_TYPES = [
+  "refactor",
+  "new_feature",
+  "bug_fix",
+  "dep_update",
+  "config",
+  "docs",
+  "other"
+];
+var inputSchema5 = {
+  type: "object",
+  properties: {
+    diff: {
+      type: "string",
+      description: "Unified diff of the proposed change."
+    },
+    change_type: {
+      type: "string",
+      enum: [...ACCEPTED_CHANGE_TYPES],
+      description: "Classification of the change."
+    },
+    summary: {
+      type: "string",
+      description: "One-paragraph summary of intent / motivation."
+    }
+  },
+  required: ["diff", "change_type"],
+  additionalProperties: false
+};
+var description5 = "Senior-architect review of a proposed diff against the project's architectural defaults \u2014 naming conventions, boundary discipline, error-handling shape, test honesty. Runs the architecture-review gate (human-tiebreak synthesizer, expensive 3-model panel). When the panel disagrees, the response includes an `escalation` field recommending operator review (the verdict still resolves via majority-vote \u2014 the engine does NOT block). Falls back to 'unimplemented' when engine credentials are absent; the call is always logged.";
+function isToolInput5(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["diff"] !== "string" || typeof o["change_type"] !== "string") return false;
+  if (o["summary"] !== void 0 && typeof o["summary"] !== "string") return false;
+  return true;
+}
+function isAcceptedChangeType(v) {
+  return ACCEPTED_CHANGE_TYPES.includes(v);
+}
+function buildPrompt3(input, changeType, rules, truncated) {
+  const summary = input.summary !== void 0 ? `Summary: ${input.summary}
+` : "";
+  const rulesBlock = formatRulesForPrompt(rules, truncated);
+  return `Senior architecture review (change type: ${changeType}).
+${summary}Review the following diff against architectural defaults: naming conventions, boundary discipline (no leaky abstractions across packages), error-handling shape (typed errors, no swallowed throws), test honesty (assertions verify product truth \u2014 not mocks-of-mocks).
+
+Respond with verdict 'pass' if the change is sound, 'fail' if it introduces architectural regressions or breaks defaults, or 'uncertain' if context outside the diff is needed.${rulesBlock}
+
+---DIFF---
+${input.diff}
+---END---`;
+}
+async function handleArchitectureReview(deps, rawInput, signal) {
+  if (!isToolInput5(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME5,
+      "invalid input. Required: { diff: string, change_type: string }."
+    );
+  }
+  assertWithinByteCap(TOOL_NAME5, "diff", rawInput.diff, MAX_DIFF_BYTES);
+  if (rawInput.summary !== void 0) {
+    assertWithinByteCap(TOOL_NAME5, "summary", rawInput.summary, MAX_SUMMARY_BYTES);
+  }
+  const changeType = isAcceptedChangeType(rawInput.change_type) ? rawInput.change_type : "other";
+  const cacheInput = {
+    diff: rawInput.diff,
+    change_type: changeType,
+    ...rawInput.summary !== void 0 ? { summary: rawInput.summary } : {},
+    gate_type: GATE_TYPE3
+  };
+  const key = deps.cache.keyFor(TOOL_NAME5, cacheInput);
+  const excerpt = rawInput.diff.slice(0, 300);
+  const inputSizeBytes = bytesOf(rawInput.diff) + (rawInput.summary !== void 0 ? bytesOf(rawInput.summary) : 0);
+  const cached = deps.cache.get(key);
+  if (cached !== null) {
+    const replayEvent = {
+      ...buildBaseEvent({
+        tool: TOOL_NAME5,
+        gateType: GATE_TYPE3,
+        inputHash: key,
+        inputExcerpt: excerpt,
+        inputSizeBytes,
+        session: deps.session,
+        now: deps.now()
+      }),
+      per_model_verdicts: cached.value.payload.per_model_verdicts,
+      synthesized_verdict: cached.value.payload.synthesized_verdict ?? null,
+      consensus_confidence: cached.value.payload.synthesized_verdict?.confidence ?? null,
+      consensus_engine_version: cached.value.payload.engine_version ?? null,
+      cache_hit: true
+    };
+    deps.events.append(replayEvent);
+    return jsonContent({ ...cached.value, cache: { hit: true, key } });
+  }
+  const kbResult = findRulesForDiff(rawInput.diff);
+  const { topRules, truncated: kbTruncated } = prepareKBRules(kbResult.rules);
+  const baseEvent = buildBaseEvent({
+    tool: TOOL_NAME5,
+    gateType: GATE_TYPE3,
+    inputHash: key,
+    inputExcerpt: excerpt,
+    inputSizeBytes,
+    session: deps.session,
+    now: deps.now()
+  });
+  let engineResult;
+  let engineThrew = false;
+  try {
+    engineResult = await deps.consensus.run({
+      gate_type: GATE_TYPE3,
+      prompt: buildPrompt3(rawInput, changeType, topRules, kbTruncated),
+      ...signal !== void 0 ? { signal } : {}
+    });
+  } catch (err) {
+    engineThrew = true;
+    const message = err instanceof Error ? err.message : String(err);
+    engineResult = { ok: false, reason: `engine-threw: ${message}` };
+  }
+  if (!engineResult.ok && engineResult.reason === "cancelled") {
+    deps.events.append({
+      ...baseEvent,
+      downstream_outcome: {
+        status: "cancelled",
+        notes: "mcp notifications/cancelled \u2014 handler aborted via SDK signal"
+      }
+    });
+    const e = new Error("Request cancelled by client (notifications/cancelled)");
+    e.name = "AbortError";
+    throw e;
+  }
+  if (!engineResult.ok) {
+    const payload2 = {
+      verdict: "unimplemented",
+      reason: engineResult.reason,
+      per_model_verdicts: [],
+      gate_type: GATE_TYPE3,
+      ...engineThrew ? { degraded_mode: true } : {},
+      ...kbResult.error !== null ? { kb_unavailable: true } : {},
+      ...kbTruncated > 0 ? { kb_rules_truncated: kbTruncated } : {}
+    };
+    const envelope2 = {
+      tool: TOOL_NAME5,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload: payload2
+    };
+    deps.events.append(baseEvent);
+    return jsonContent(envelope2);
+  }
+  const perModelForEvent = toEventPerModelVerdicts(engineResult.per_model_verdicts);
+  const synthForEvent = toEventSynthesizedVerdict(engineResult.synthesized_verdict);
+  const enrichedEvent = {
+    ...baseEvent,
+    per_model_verdicts: perModelForEvent,
+    synthesized_verdict: synthForEvent,
+    consensus_confidence: engineResult.synthesized_verdict.confidence,
+    duration_ms: engineResult.duration_ms,
+    consensus_engine_version: engineResult.engine_version
+  };
+  const escalationRequired = engineResult.escalation_required === true || engineResult.escalation_required === void 0 && engineResult.synthesized_verdict.dissent_summary !== null;
+  const escalationReason = engineResult.escalation_reason ?? engineResult.synthesized_verdict.dissent_summary ?? "";
+  const payload = {
+    verdict: engineResult.synthesized_verdict.verdict,
+    reason: engineResult.synthesized_verdict.dissent_summary ?? `panel agreed (${engineResult.per_model_verdicts.length} models, engine=${engineResult.engine_version})`,
+    per_model_verdicts: perModelForEvent,
+    synthesized_verdict: synthForEvent,
+    engine_version: engineResult.engine_version,
+    degraded: engineResult.degraded,
+    gate_type: GATE_TYPE3,
+    ...escalationRequired ? {
+      escalation: {
+        required: true,
+        reason: sanitizeExcerpt(
+          escalationReason.length > 0 ? escalationReason : "panel disagreement \u2014 operator review recommended"
+        )
+      }
+    } : {},
+    ...kbResult.error !== null ? { kb_unavailable: true } : {},
+    ...kbTruncated > 0 ? { kb_rules_truncated: kbTruncated } : {}
+  };
+  const envelope = {
+    tool: TOOL_NAME5,
+    schema_version: 1,
+    cache: { hit: false, key },
+    payload
+  };
+  deps.cache.set(key, envelope);
+  deps.events.append(enrichedEvent);
+  return jsonContent(envelope);
+}
+
+// ../vo-ratchets/src/config.ts
+import { readFile } from "node:fs/promises";
+import path from "node:path";
+import { z as z3 } from "zod";
+var ratchetIdSchema = z3.enum([
+  "assertion-strength",
+  "hollow-tests",
+  "verify-answer",
+  "fix-strength",
+  "qa-honesty"
+]);
+var thresholdSchema = z3.enum(["strict", "medium", "permissive"]);
+var userConfigSchema = z3.object({
+  enabled: z3.record(ratchetIdSchema, z3.boolean()).optional(),
+  thresholds: z3.record(ratchetIdSchema, thresholdSchema).optional(),
+  allowlist: z3.object({
+    paths: z3.array(z3.string()).optional(),
+    rules: z3.array(z3.string()).optional()
+  }).optional(),
+  reportOnly: z3.boolean().optional(),
+  paths: z3.array(z3.string()).optional()
+}).strict();
+var DEFAULT_CONFIG = {
+  enabled: {
+    "assertion-strength": true,
+    "hollow-tests": true,
+    "verify-answer": true,
+    "fix-strength": true,
+    "qa-honesty": true
+  },
+  thresholds: {
+    "assertion-strength": "medium",
+    "hollow-tests": "medium",
+    "verify-answer": "medium",
+    "fix-strength": "medium",
+    "qa-honesty": "medium"
+  },
+  allowlist: {
+    paths: [],
+    rules: []
+  },
+  reportOnly: false,
+  paths: []
+};
+function resolveConfig(userConfig) {
+  const parsed = userConfigSchema.parse(userConfig ?? {});
+  const enabled = {
+    ...DEFAULT_CONFIG.enabled,
+    ...parsed.enabled ?? {}
+  };
+  const thresholds = {
+    ...DEFAULT_CONFIG.thresholds,
+    ...parsed.thresholds ?? {}
+  };
+  const allowlist = {
+    paths: parsed.allowlist?.paths ?? [],
+    rules: parsed.allowlist?.rules ?? []
+  };
+  return {
+    enabled,
+    thresholds,
+    allowlist,
+    reportOnly: parsed.reportOnly ?? DEFAULT_CONFIG.reportOnly,
+    paths: parsed.paths ?? DEFAULT_CONFIG.paths
+  };
+}
+function applyOnlyFilter(config, only) {
+  if (!only) return config;
+  const enabled = {
+    "assertion-strength": false,
+    "hollow-tests": false,
+    "verify-answer": false,
+    "fix-strength": false,
+    "qa-honesty": false
+  };
+  enabled[only] = true;
+  return { ...config, enabled };
+}
+
+// ../vo-ratchets/src/util/walk.ts
+import { readdir, readFile as readFile2 } from "node:fs/promises";
+import path2 from "node:path";
+var SKIP_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  "dist",
+  "build",
+  "out",
+  "lib",
+  ".next",
+  ".nuxt",
+  ".svelte-kit",
+  ".turbo",
+  "coverage",
+  ".coverage",
+  ".cache",
+  ".parcel-cache",
+  ".vscode",
+  ".idea",
+  ".claude",
+  ".agent-worktrees",
+  "test-results"
+]);
+function toForwardSlashes(p) {
+  return p.replace(/\\/g, "/");
+}
+async function walkFiles(cwd, filter) {
+  const results = [];
+  await walkDir(cwd, cwd, filter, results);
+  results.sort();
+  return results;
+}
+async function walkDir(root, current, filter, results) {
+  let entries;
+  try {
+    entries = await readdir(current, { withFileTypes: true });
+  } catch {
+    return;
+  }
+  for (const entry of entries) {
+    const absolute = path2.join(current, entry.name);
+    if (entry.isDirectory()) {
+      if (SKIP_DIRS.has(entry.name)) continue;
+      await walkDir(root, absolute, filter, results);
+      continue;
+    }
+    if (!entry.isFile()) continue;
+    const relative = toForwardSlashes(path2.relative(root, absolute));
+    if (!filter(relative)) continue;
+    results.push(relative);
+  }
+}
+async function readRelative(cwd, relativePath) {
+  try {
+    return await readFile2(path2.resolve(cwd, relativePath), "utf8");
+  } catch {
+    return "";
+  }
+}
+function pathMatchesAny(relativePath, patterns) {
+  for (const pattern of patterns) {
+    if (matchGlob(relativePath, pattern)) return true;
+  }
+  return false;
+}
+function matchGlob(input, pattern) {
+  const regexSource = globToRegex(pattern);
+  return new RegExp(`^${regexSource}$`).test(input);
+}
+function globToRegex(pattern) {
+  const doubleStarToken = "\0DOUBLE_STAR\0";
+  const singleStarToken = "\0SINGLE_STAR\0";
+  let work = pattern.replace(/\*\*/g, doubleStarToken).replace(/\*/g, singleStarToken);
+  work = work.replace(/[.+?^${}()|[\]\\/]/g, (m) => `\\${m}`);
+  work = work.replace(new RegExp(singleStarToken, "g"), "[^/]*");
+  work = work.replace(new RegExp(doubleStarToken, "g"), ".*");
+  return work;
+}
+
+// ../vo-ratchets/src/util/test-files.ts
+var TEST_FILE_RE = /(?:^|\/)[^/]+\.(?:test|spec)\.(?:ts|tsx|js|jsx|mjs|cjs)$/u;
+var TEST_TSX_RE = /\.test\.tsx$/u;
+function isTestFile(filePath) {
+  return TEST_FILE_RE.test(toForwardSlashes(filePath));
+}
+function isComponentTestFile(filePath) {
+  return TEST_TSX_RE.test(toForwardSlashes(filePath));
+}
+function maskStringsAndComments(content) {
+  let out = "";
+  let quote = null;
+  let escaped = false;
+  let lineComment = false;
+  let blockComment = false;
+  const text = String(content || "");
+  for (let index = 0; index < text.length; index += 1) {
+    const char = text[index] ?? "";
+    const next = text[index + 1] ?? "";
+    if (lineComment) {
+      if (char === "\r" || char === "\n") {
+        out += char;
+        lineComment = false;
+      } else {
+        out += " ";
+      }
+      continue;
+    }
+    if (blockComment) {
+      if (char === "*" && next === "/") {
+        out += "  ";
+        index += 1;
+        blockComment = false;
+      } else if (char === "\r" || char === "\n") {
+        out += char;
+      } else {
+        out += " ";
+      }
+      continue;
+    }
+    if (!quote) {
+      if (char === "/" && next === "/") {
+        out += "  ";
+        index += 1;
+        lineComment = true;
+        continue;
+      }
+      if (char === "/" && next === "*") {
+        out += "  ";
+        index += 1;
+        blockComment = true;
+        continue;
+      }
+      if (char === '"' || char === "'" || char === "`") {
+        quote = char;
+        out += char;
+        continue;
+      }
+      out += char;
+      continue;
+    }
+    if (char === "\r" || char === "\n") {
+      out += char;
+      if (quote !== "`") {
+        quote = null;
+        escaped = false;
+      }
+      continue;
+    }
+    if (escaped) {
+      out += " ";
+      escaped = false;
+      continue;
+    }
+    if (char === "\\") {
+      out += " ";
+      escaped = true;
+      continue;
+    }
+    if (char === quote) {
+      out += char;
+      quote = null;
+      continue;
+    }
+    out += " ";
+  }
+  return out;
+}
+function countMatches(content, regex) {
+  const re = new RegExp(regex.source, regex.flags);
+  return (String(content || "").match(re) || []).length;
+}
+
+// ../vo-ratchets/src/detectors/assertion-strength.ts
+var RATCHET_ID = "assertion-strength";
+var ALLOW_MARKER_RE = /\/\/\s*vo-ratchets-allow-assertion-strength\s*:\s*\S/iu;
+var ANY_MATCHER_RE = /\.(?:not\s*\.\s*)?to[A-Z]\w*\s*\(/gu;
+var TRIVIAL_MATCHER_RE = new RegExp(
+  "\\.(?:toBeDefined|toBeTruthy|toBeFalsy|toBeNull|toBeUndefined)\\s*\\(\\s*\\)|\\.toBe\\s*\\(\\s*(?:true|false)\\s*\\)|\\.(?:not\\s*\\.\\s*)?toThrow\\s*\\(\\s*\\)",
+  "gu"
+);
+var TO_HAVE_BEEN_CALLED_RE = /\.toHaveBeenCalled\s*\(\s*\)/u;
+var TO_HAVE_BEEN_CALLED_WITH_RE = /\.toHaveBeenCalledWith\s*\(/u;
+var MOCK_CALLS_LENGTH_RE = /\.mock\.calls\.length\b/u;
+var NOT_TO_THROW_RE = /\.not\s*\.\s*toThrow\s*\(/u;
+var LITERAL_TRUE_RE = /\b(?:expect|assert(?:\.ok)?)\s*\(\s*true\s*\)/u;
+function hasAllowMarker(content) {
+  return ALLOW_MARKER_RE.test(content);
+}
+function inspectFile({
+  filePath,
+  content,
+  threshold
+}) {
+  if (!isTestFile(filePath)) return [];
+  if (hasAllowMarker(content)) return [];
+  const masked = maskStringsAndComments(content);
+  const hits = [];
+  if (LITERAL_TRUE_RE.test(masked)) {
+    hits.push({
+      rule: "literal-true",
+      severity: "error",
+      message: "Found `expect(true)` or `assert(true)`. Literal-true assertions pass by construction and prove no behavior. Replace with a value-comparing matcher against the actual output."
+    });
+  }
+  const totalMatchers = countMatches(masked, ANY_MATCHER_RE);
+  if (totalMatchers > 0 && countMockCallsLengthAssertions(masked) === totalMatchers) {
+    hits.push({
+      rule: "mock-calls-length-only",
+      severity: "error",
+      message: "Every assertion in this file checks `.mock.calls.length`. Verifying a mock was called N times without verifying the arguments or the effect on the unit under test does not prove behavior. Add at least one assertion against the system's actual output."
+    });
+  }
+  if (totalMatchers > 0 && isNotToThrowOnly(masked, totalMatchers)) {
+    hits.push({
+      rule: "not-to-throw-only",
+      severity: "error",
+      message: 'The only assertion is `expect(...).not.toThrow()`. "Doesn\'t crash" is a smoke check, not a behavioral test. Verify the return value or side effect, not just the absence of an exception.'
+    });
+  }
+  if (shouldFlagBareToHaveBeenCalled(masked, threshold)) {
+    hits.push({
+      rule: "to-have-been-called",
+      severity: threshold === "permissive" ? "warning" : "error",
+      message: "`toHaveBeenCalled()` appears without any `toHaveBeenCalledWith(...)` or value-comparing assertion in this file. Verifying that a mock fired tells you nothing about whether it was called correctly. Pair with `toHaveBeenCalledWith(...)` or assert on the resulting state."
+    });
+  }
+  if (totalMatchers > 0) {
+    const trivialMatchers = countMatches(masked, TRIVIAL_MATCHER_RE);
+    if (trivialMatchers === totalMatchers && threshold !== "permissive") {
+      hits.push({
+        rule: "trivial-only",
+        severity: "error",
+        message: `All ${totalMatchers} expect() matcher${totalMatchers === 1 ? "" : "s"} are trivial (toBeDefined / toBeTruthy / toBeFalsy / toBeNull / toBeUndefined / toBe(true|false) / not.toThrow). These prove the file imported and ran but verify no behavior. Add at least one value-comparing matcher: toEqual, toStrictEqual, toBe(<value>), toMatch, toMatchObject, toContain, toHaveLength, toHaveProperty.`
+      });
+    }
+  }
+  return hits;
+}
+function countMockCallsLengthAssertions(masked) {
+  let count = 0;
+  for (const line of masked.split(/\r?\n/u)) {
+    if (!MOCK_CALLS_LENGTH_RE.test(line)) continue;
+    if (!/\.(?:not\s*\.\s*)?to[A-Z]\w*\s*\(/u.test(line)) continue;
+    count += 1;
+  }
+  return count;
+}
+function isNotToThrowOnly(masked, totalMatchers) {
+  if (!NOT_TO_THROW_RE.test(masked)) return false;
+  const notToThrowCount = countMatches(masked, /\.not\s*\.\s*toThrow\s*\(/gu);
+  return notToThrowCount === totalMatchers;
+}
+function shouldFlagBareToHaveBeenCalled(masked, threshold) {
+  if (!TO_HAVE_BEEN_CALLED_RE.test(masked)) return false;
+  if (TO_HAVE_BEEN_CALLED_WITH_RE.test(masked)) return false;
+  const totalMatchers = countMatches(masked, ANY_MATCHER_RE);
+  const trivialMatchers = countMatches(masked, TRIVIAL_MATCHER_RE);
+  const valueComparing = totalMatchers - trivialMatchers - countMatches(masked, /\.toHaveBeenCalled\s*\(\s*\)/gu);
+  if (threshold === "permissive") return false;
+  if (threshold === "medium" && valueComparing >= 1) return false;
+  return true;
+}
+var assertionStrengthDetector = {
+  id: RATCHET_ID,
+  stub: false,
+  async run(input) {
+    const threshold = input.config.thresholds[RATCHET_ID];
+    const files = await walkFiles(input.cwd, (rel) => isTestFile(rel));
+    const findings = [];
+    for (const file of files) {
+      const content = await readRelative(input.cwd, file);
+      for (const hit of inspectFile({ filePath: file, content, threshold })) {
+        findings.push({
+          ratchet: RATCHET_ID,
+          rule: hit.rule,
+          file,
+          severity: hit.severity,
+          message: hit.message
+        });
+      }
+    }
+    return {
+      ratchet: RATCHET_ID,
+      ran: true,
+      findings,
+      filesScanned: files.length,
+      stub: false
+    };
+  }
+};
+
+// ../vo-ratchets/src/detectors/fix-strength.ts
+import { spawnSync } from "node:child_process";
+var RATCHET_ID2 = "fix-strength";
+var FILE_ALLOW_RE = /\/\/\s*vo-ratchets-allow-fix-strength\s*:\s*\S/iu;
+var ALLOW_MARKER_RE2 = /\b(?:fix-strength-allow|verify-answer-allow)\s*:\s*\S/iu;
+var DEFAULT_STRONG_PATTERNS = [
+  /\.toBe\s*\(\s*(?:-?\d+(?:\.\d+)?|true|false|null|undefined|"[^"\n]*"|'[^'\n]*'|`[^`\n]*`)/u,
+  /\.toEqual\s*\(\s*(?:-?\d+(?:\.\d+)?|true|false|null|undefined|"[^"\n]*"|'[^'\n]*'|`[^`\n]*`|\[|\{)/u,
+  /\.toStrictEqual\s*\(/u,
+  /\.toBeCloseTo\s*\(/u,
+  /\.toMatchObject\s*\(/u,
+  /\.toMatchInlineSnapshot\s*\(/u
+];
+var DEFAULT_WEAK_PATTERNS = [
+  /\.toBeGreaterThan\s*\(/u,
+  /\.toBeGreaterThanOrEqual\s*\(/u,
+  /\.toBeLessThan\s*\(/u,
+  /\.toBeLessThanOrEqual\s*\(/u,
+  /\.toBeTruthy\s*\(\s*\)/u,
+  /\.toBeFalsy\s*\(\s*\)/u
+];
+function buildHelperPatterns(names) {
+  const result = [];
+  for (const name of names) {
+    if (!/^[A-Za-z_$][\w$]*$/u.test(name)) continue;
+    result.push(new RegExp(`\\b${name}\\s*\\(`, "u"));
+  }
+  return result;
+}
+function countMatchesInSource(source, patterns) {
+  if (typeof source !== "string" || !source) return 0;
+  let total = 0;
+  const lines = source.split(/\r?\n/u);
+  for (const line of lines) {
+    const stripped = line.trim();
+    if (!stripped) continue;
+    if (stripped.startsWith("//") || stripped.startsWith("*")) continue;
+    for (const re of patterns) {
+      const matches = line.match(new RegExp(re.source, `${re.flags}g`));
+      if (matches) total += matches.length;
+    }
+  }
+  return total;
+}
+function countStrong(source, extras = {}) {
+  const patterns = [
+    ...DEFAULT_STRONG_PATTERNS,
+    ...buildHelperPatterns(extras.extraStrongHelpers ?? []),
+    ...extras.extraStrongPatterns ?? []
+  ];
+  return countMatchesInSource(source, patterns);
+}
+function countWeak(source, extras = {}) {
+  const patterns = [
+    ...DEFAULT_WEAK_PATTERNS,
+    ...extras.extraWeakPatterns ?? []
+  ];
+  return countMatchesInSource(source, patterns);
+}
+function compareStrengthBetweenVersions(input) {
+  const { filePath, preSource, postSource } = input;
+  const preStrong = countStrong(preSource, input);
+  const preWeak = countWeak(preSource, input);
+  const postStrong = countStrong(postSource, input);
+  const postWeak = countWeak(postSource, input);
+  const pre = { strong: preStrong, weak: preWeak };
+  const post = { strong: postStrong, weak: postWeak };
+  if (FILE_ALLOW_RE.test(preSource) || FILE_ALLOW_RE.test(postSource)) {
+    return { filePath, verdict: "ok", pre, post, reason: "file-allow-marker" };
+  }
+  const sources = `${preSource ?? ""}
+${postSource ?? ""}`;
+  if (ALLOW_MARKER_RE2.test(sources)) {
+    return { filePath, verdict: "ok", pre, post, reason: "line-allow-marker" };
+  }
+  if (preStrong === 0) {
+    return { filePath, verdict: "no-strong-pre", pre, post };
+  }
+  const strongLost = preStrong > postStrong;
+  const weakRose = postWeak > preWeak;
+  if (strongLost && weakRose) {
+    return { filePath, verdict: "strength-decreased", pre, post };
+  }
+  if (strongLost && !weakRose) {
+    return { filePath, verdict: "strong-removed", pre, post };
+  }
+  return { filePath, verdict: "ok", pre, post };
+}
+async function inspectChanges(input) {
+  const findings = [];
+  for (const file of input.changedFiles) {
+    if (!isTestFile(file)) continue;
+    const [pre, post] = await Promise.all([
+      input.readBase(file),
+      input.readHead(file)
+    ]);
+    const verdict = compareStrengthBetweenVersions({
+      filePath: file,
+      preSource: pre,
+      postSource: post,
+      // Conditional-spread the optional `extra*` overrides so
+      // exactOptionalPropertyTypes is satisfied (undefined isn't assignable
+      // to `readonly T[]` when the property is non-optional in the target).
+      ...input.extraStrongHelpers !== void 0 ? { extraStrongHelpers: input.extraStrongHelpers } : {},
+      ...input.extraStrongPatterns !== void 0 ? { extraStrongPatterns: input.extraStrongPatterns } : {},
+      ...input.extraWeakPatterns !== void 0 ? { extraWeakPatterns: input.extraWeakPatterns } : {}
+    });
+    if (verdict.verdict === "strength-decreased") {
+      findings.push({
+        rule: "strength-decreased",
+        file,
+        severity: input.threshold === "permissive" ? "warning" : "error",
+        message: `${file} weakened: pre had ${verdict.pre.strong} strong / ${verdict.pre.weak} weak; post has ${verdict.post.strong} strong / ${verdict.post.weak} weak. A fix must not replace strong literal-pinned assertions with comparator-only ones. Restore the strong assertion, pin a new expected value, or add \`// fix-strength-allow: <reason>\`.`
+      });
+      continue;
+    }
+    if (verdict.verdict === "strong-removed") {
+      findings.push({
+        rule: "strong-removed",
+        file,
+        severity: input.threshold === "strict" ? "error" : "warning",
+        message: `${file} dropped strong assertion(s) without compensation: pre ${verdict.pre.strong} -> post ${verdict.post.strong}. If this was intentional (test moved/split, fixture corrected), add \`// fix-strength-allow: <reason>\`.`
+      });
+    }
+  }
+  return findings;
+}
+function readGitFile(cwd, ref, filePath) {
+  const result = spawnSync("git", ["show", `${ref}:${filePath}`], {
+    cwd,
+    encoding: "utf8",
+    maxBuffer: 16 * 1024 * 1024
+  });
+  if (result.status !== 0) return "";
+  return result.stdout || "";
+}
+function listChangedFiles(cwd, baseRef, headRef) {
+  const result = spawnSync(
+    "git",
+    ["diff", "--name-only", "--diff-filter=AMR", `${baseRef}...${headRef}`],
+    { cwd, encoding: "utf8", maxBuffer: 16 * 1024 * 1024 }
+  );
+  if (result.status !== 0) return [];
+  return (result.stdout || "").split(/\r?\n/u).map((line) => line.trim()).filter(Boolean);
+}
+var fixStrengthDetector = {
+  id: RATCHET_ID2,
+  stub: false,
+  async run(input) {
+    const threshold = input.config.thresholds[RATCHET_ID2];
+    const baseRef = process.env["VO_RATCHETS_FIX_STRENGTH_BASE"] || "";
+    const headRef = process.env["VO_RATCHETS_FIX_STRENGTH_HEAD"] || "";
+    if (!baseRef || !headRef) {
+      return {
+        ratchet: RATCHET_ID2,
+        ran: false,
+        findings: [],
+        filesScanned: 0,
+        stub: false
+      };
+    }
+    const changedFiles = listChangedFiles(input.cwd, baseRef, headRef);
+    const findings = await inspectChanges({
+      changedFiles,
+      readBase: async (file) => readGitFile(input.cwd, baseRef, file),
+      readHead: async (file) => readGitFile(input.cwd, headRef, file),
+      threshold
+    });
+    const ratchetFindings = findings.map((f) => ({
+      ratchet: RATCHET_ID2,
+      rule: f.rule,
+      file: f.file,
+      severity: f.severity,
+      message: f.message
+    }));
+    return {
+      ratchet: RATCHET_ID2,
+      ran: true,
+      findings: ratchetFindings,
+      filesScanned: changedFiles.filter(isTestFile).length,
+      stub: false
+    };
+  }
+};
+
+// ../vo-ratchets/src/detectors/hollow-tests.ts
+var RATCHET_ID3 = "hollow-tests";
+var FILE_ALLOW_RE2 = /\/\/\s*vo-ratchets-allow-hollow-tests\s*:\s*\S/iu;
+var SKIP_ALLOW_RE = /\/\/\s*vo-ratchets-allow-hollow-tests-skip\s*:\s*\S/iu;
+var IT_COUNTING_RE = /(?<![.\w])(?:it|test)(?:\.only)?\s*\(/gu;
+var IT_SKIP_RE = /(?<![.\w])(?:it|test)\s*\.\s*(?:skip|todo)\s*\(/u;
+var USER_EVENT_RE = /\buserEvent\s*\.\s*\w+\s*\(/u;
+var FIRE_EVENT_RE = /\bfireEvent\s*\.\s*\w+\s*\(/u;
+var AWAIT_USER_RE = /\bawait\s+user\s*\.\s*\w+\s*\(/u;
+var ANY_MATCHER_RE2 = /\.(?:not\s*\.\s*)?to[A-Z]\w*\s*\(/gu;
+var SWALLOWING_CATCH_RE = /catch\s*(?:\([^)]*\))?\s*\{\s*(?:\/\/[^\n]*\n\s*)?\}/u;
+var CATCH_RETURN_TRUE_RE = /catch\s*(?:\([^)]*\))?\s*\{\s*return\s+true\s*;?\s*\}/u;
+var EMPTY_IT_RE = /(?<![.\w])(?:it|test)\s*\(\s*['"`][^'"`\n]+['"`]\s*,\s*(?:async\s*)?(?:\(\s*\)\s*=>|function\s*\(\s*\))\s*\{\s*\}\s*\)/gu;
+var FLOOR_BY_THRESHOLD = {
+  strict: 4,
+  medium: 3,
+  permissive: 1
+};
+function hasFileScopeAllowMarker(content) {
+  const lines = String(content || "").split(/\r?\n/u);
+  let firstImport = -1;
+  for (let index = 0; index < lines.length; index += 1) {
+    if (/^\s*import\s/u.test(lines[index] || "")) {
+      firstImport = index;
+      break;
+    }
+  }
+  const cap = firstImport >= 0 ? firstImport : Math.min(20, lines.length - 1);
+  for (let index = 0; index <= cap; index += 1) {
+    if (FILE_ALLOW_RE2.test(lines[index] || "")) return true;
+  }
+  return false;
+}
+function countAllowedSkips(content) {
+  const lines = String(content || "").split(/\r?\n/u);
+  let count = 0;
+  for (let index = 0; index < lines.length; index += 1) {
+    if (!IT_SKIP_RE.test(lines[index] || "")) continue;
+    const previous = lines[index - 1] || "";
+    if (SKIP_ALLOW_RE.test(previous)) count += 1;
+  }
+  return count;
+}
+function inspectFile2({
+  filePath,
+  content,
+  threshold
+}) {
+  if (!isTestFile(filePath)) return [];
+  if (hasFileScopeAllowMarker(content)) return [];
+  const masked = maskStringsAndComments(content);
+  const hits = [];
+  const emptyBodyCount = countMatches(masked, EMPTY_IT_RE);
+  if (emptyBodyCount > 0) {
+    hits.push({
+      rule: "empty-test-body",
+      severity: "error",
+      message: `Found ${emptyBodyCount} it()/test() block${emptyBodyCount === 1 ? "" : "s"} with an empty body. An empty test passes by construction and verifies nothing. Either implement the test or remove the placeholder; if you genuinely want a planned-but-not-yet-written marker, use \`.todo()\`.`
+    });
+  }
+  const floor = FLOOR_BY_THRESHOLD[threshold];
+  const itCount = countMatches(masked, IT_COUNTING_RE);
+  const allowedSkipCount = countAllowedSkips(content);
+  const effectiveCount = itCount + allowedSkipCount;
+  if (effectiveCount < floor && itCount + allowedSkipCount > 0) {
+    const skipNote = allowedSkipCount > 0 ? ` (+ ${allowedSkipCount} allow-marked skip${allowedSkipCount === 1 ? "" : "s"})` : "";
+    hits.push({
+      rule: "it-count-floor",
+      severity: threshold === "strict" ? "error" : "warning",
+      message: `Found ${itCount} it()/test() block${itCount === 1 ? "" : "s"}${skipNote}. Threshold (${threshold}) requires ${floor}+ tests, including at least one interaction case and one edge/error case. To exempt this file, add \`// vo-ratchets-allow-hollow-tests: <why>\` above the first import.`
+    });
+  }
+  if (isComponentTestFile(filePath) && threshold !== "permissive") {
+    const hasInteraction = USER_EVENT_RE.test(masked) || FIRE_EVENT_RE.test(masked) || AWAIT_USER_RE.test(masked);
+    const hasAnyMatcher = countMatches(masked, ANY_MATCHER_RE2) > 0;
+    if (!hasInteraction && hasAnyMatcher) {
+      hits.push({
+        rule: "no-interaction",
+        severity: "warning",
+        message: ".test.tsx file has no userEvent / fireEvent / `await user.*` call. Component tests must verify behavior, not just render. Use `const user = userEvent.setup()` then `await user.click(...)`, or `fireEvent.X(...)` for events userEvent does not support."
+      });
+    }
+  }
+  if (SWALLOWING_CATCH_RE.test(masked) || CATCH_RETURN_TRUE_RE.test(masked)) {
+    hits.push({
+      rule: "swallowing-catch",
+      severity: "error",
+      message: 'Test body contains an empty `catch {}` or `catch { return true; }`. Swallowing exceptions turns "the system threw" into a passing test. Either assert on the expected error (`expect(() => ...).toThrow(...)`) or let the exception bubble.'
+    });
+  }
+  return hits;
+}
+var hollowTestsDetector = {
+  id: RATCHET_ID3,
+  stub: false,
+  async run(input) {
+    const threshold = input.config.thresholds[RATCHET_ID3];
+    const files = await walkFiles(input.cwd, (rel) => isTestFile(rel));
+    const findings = [];
+    for (const file of files) {
+      const content = await readRelative(input.cwd, file);
+      for (const hit of inspectFile2({ filePath: file, content, threshold })) {
+        findings.push({
+          ratchet: RATCHET_ID3,
+          rule: hit.rule,
+          file,
+          severity: hit.severity,
+          message: hit.message
+        });
+      }
+    }
+    return {
+      ratchet: RATCHET_ID3,
+      ran: true,
+      findings,
+      filesScanned: files.length,
+      stub: false
+    };
+  }
+};
+
+// ../vo-ratchets/src/detectors/qa-honesty.ts
+var RATCHET_ID4 = "qa-honesty";
+function isTesterMjsPath(filePath) {
+  const lc = filePath.toLowerCase();
+  if (!lc.endsWith(".mjs")) return false;
+  const slash = lc.lastIndexOf("/");
+  const basename2 = slash >= 0 ? lc.slice(slash + 1) : lc;
+  return basename2.includes("tester");
+}
+var FILE_ALLOW_RE3 = /\/\/\s*vo-ratchets-allow-qa-honesty\s*:\s*\S/iu;
+var LINE_ALLOW_GENERIC_RE = /\b(?:qa-honesty-allow|vo-qa-allow-[a-z0-9-]+)\s*:\s*\S/iu;
+var REPORTER_PASS_RE = /\breporter\s*\.\s*pass\s*\(/u;
+var ASSERTION_RE = /\b(?:expect|assert(?:\.ok|Slow|Quality)?)\s*\(/u;
+var CATCH_RETURN_TRUE_RE2 = /catch\s*(?:\([^)]*\))?\s*\{[^{}]*?\breturn\s+true\b/u;
+var RENDER_RE = /\brender\s*\(/u;
+var USER_EVENT_RE2 = /\buserEvent\s*\.\s*\w+\s*\(/u;
+var FIRE_EVENT_RE2 = /\bfireEvent\s*\.\s*\w+\s*\(/u;
+var TO_BE_IN_DOCUMENT_RE = /\.toBeInTheDocument\s*\(\s*\)/u;
+var TO_HAVE_TEXT_CONTENT_RE = /\.toHaveTextContent\s*\(/u;
+var TRUTHY_RE = /\bexpect\s*\(\s*([A-Za-z_$][\w$]*)\s*\)\s*\.\s*toBeTruthy\s*\(\s*\)/u;
+var CALLABLE_RESULT_ASSIGN_RE = /\b(?:const|let|var)\s+([A-Za-z_$][\w$]*)\s*=\s*await\s+[A-Za-z_$][\w$.]*\s*\(/u;
+var INVALID_ARGUMENT_RETURN_TRUE_RE = /\bINVALID_ARGUMENT\b[^;\n]*return\s+true/iu;
+var VALUE_COMPARING_MATCHER_RE = /\.(?:toBe|toEqual|toStrictEqual|toBeCloseTo|toContain|toHaveLength|toMatch|toMatchObject|toHaveProperty)\s*\(/u;
+var SMOKE_TEST_RE = /\.smoke\.test\.(?:ts|tsx|js|jsx|mjs|cjs)$/u;
+function hasFileAllowMarker(content) {
+  return FILE_ALLOW_RE3.test(content);
+}
+function hasLineAllowMarkerNearby(lines, index) {
+  const start = Math.max(0, index - 3);
+  for (let cursor = start; cursor <= index; cursor += 1) {
+    if (LINE_ALLOW_GENERIC_RE.test(lines[cursor] ?? "")) return true;
+  }
+  return false;
+}
+function inspectFile3({
+  filePath,
+  content,
+  threshold
+}) {
+  const isTesterMjs = isTesterMjsPath(filePath);
+  if (!isTestFile(filePath) && !isTesterMjs) return [];
+  if (hasFileAllowMarker(content)) return [];
+  const masked = maskStringsAndComments(content);
+  const maskedLines = masked.split(/\r?\n/u);
+  const rawLines = content.split(/\r?\n/u);
+  const hits = [];
+  const fileHasAssertion = ASSERTION_RE.test(masked);
+  for (let i = 0; i < maskedLines.length; i += 1) {
+    const maskedLine = maskedLines[i] ?? "";
+    if (!REPORTER_PASS_RE.test(maskedLine)) continue;
+    if (fileHasAssertion) continue;
+    if (hasLineAllowMarkerNearby(rawLines, i)) continue;
+    hits.push({
+      rule: "reporter-pass-without-evidence",
+      severity: "error",
+      line: i + 1,
+      message: "`reporter.pass(...)` called but no `expect(...)` / `assert(...)` appears anywhere in this file. Reporting success without proving it is a fake green. Add at least one value-comparing assertion before the pass call."
+    });
+  }
+  if (CATCH_RETURN_TRUE_RE2.test(masked)) {
+    let firstHit;
+    for (let i = 0; i < maskedLines.length; i += 1) {
+      if (/\breturn\s+true\b/u.test(maskedLines[i] ?? "")) {
+        firstHit = i + 1;
+        break;
+      }
+    }
+    const hitLine = firstHit ?? 1;
+    if (firstHit === void 0 || !hasLineAllowMarkerNearby(rawLines, firstHit - 1)) {
+      hits.push({
+        rule: "catch-return-true",
+        severity: "error",
+        line: hitLine,
+        message: "A catch block returns `true`. Swallowing exceptions turns errors (including INVALID_ARGUMENT) into passing tests. Either assert on the expected error or let the exception bubble. To exempt this block, add `// qa-honesty-allow: <reason>`."
+      });
+    }
+  }
+  if (isComponentTestFile(filePath) && !SMOKE_TEST_RE.test(filePath) && threshold !== "permissive") {
+    const hasRender = RENDER_RE.test(masked);
+    const hasInteraction = USER_EVENT_RE2.test(masked) || FIRE_EVENT_RE2.test(masked);
+    const onlyTextMatchers = (TO_BE_IN_DOCUMENT_RE.test(masked) || TO_HAVE_TEXT_CONTENT_RE.test(masked)) && !VALUE_COMPARING_MATCHER_RE.test(masked);
+    if (hasRender && !hasInteraction && onlyTextMatchers) {
+      hits.push({
+        rule: "render-text-only",
+        severity: "warning",
+        message: "render() followed by `toBeInTheDocument` / `toHaveTextContent` and nothing else \u2014 Tier-1 smoke parading as Tier-2 verification. Either add user interaction (`await user.click(...)`) and a value-comparing matcher, or rename the file to `*.smoke.test.tsx` to mark it as intentional smoke."
+      });
+    }
+  }
+  if (FIRE_EVENT_RE2.test(masked) && !USER_EVENT_RE2.test(masked)) {
+    let firstLine;
+    for (let i = 0; i < maskedLines.length; i += 1) {
+      if (FIRE_EVENT_RE2.test(maskedLines[i] ?? "")) {
+        firstLine = i + 1;
+        break;
+      }
+    }
+    if (firstLine === void 0 || !hasLineAllowMarkerNearby(rawLines, firstLine - 1)) {
+      hits.push({
+        rule: "fire-event-without-user-event",
+        severity: threshold === "strict" ? "error" : "warning",
+        ...firstLine ? { line: firstLine } : {},
+        message: "`fireEvent.X(...)` used without any `userEvent.X(...)` in the same file. userEvent models real human interaction (focus, debounce, pointer events); fireEvent short-circuits that. Prefer userEvent unless the event genuinely cannot be modeled (in which case add a `// qa-honesty-allow: <reason>` marker)."
+      });
+    }
+  }
+  const callableVars = /* @__PURE__ */ new Set();
+  for (const line of maskedLines) {
+    const match = CALLABLE_RESULT_ASSIGN_RE.exec(line);
+    if (match) callableVars.add(match[1] ?? "");
+  }
+  for (let i = 0; i < maskedLines.length; i += 1) {
+    const maskedLine = maskedLines[i] ?? "";
+    const truthyMatch = TRUTHY_RE.exec(maskedLine);
+    if (!truthyMatch) continue;
+    const variable = truthyMatch[1];
+    if (!variable || !callableVars.has(variable)) continue;
+    if (hasLineAllowMarkerNearby(rawLines, i)) continue;
+    hits.push({
+      rule: "loose-truthy-result",
+      severity: "error",
+      line: i + 1,
+      message: `\`expect(${variable}).toBeTruthy()\` where \`${variable}\` was assigned from an awaited call. Truthy proves the callable returned something, not the right something. Assert on specific fields or values from the result.`
+    });
+  }
+  for (let i = 0; i < rawLines.length; i += 1) {
+    const rawLine = rawLines[i] ?? "";
+    const slashIdx = rawLine.indexOf("//");
+    const codeOnly = slashIdx >= 0 ? rawLine.slice(0, slashIdx) : rawLine;
+    if (!INVALID_ARGUMENT_RETURN_TRUE_RE.test(codeOnly)) continue;
+    if (hasLineAllowMarkerNearby(rawLines, i)) continue;
+    hits.push({
+      rule: "invalid-argument-pass-risk",
+      severity: "error",
+      line: i + 1,
+      message: "INVALID_ARGUMENT error path returns `true`. This turns a validation failure into a passing test \u2014 the system rejected the call but the test claims pass. Assert on the rejection explicitly."
+    });
+  }
+  const snapshotMatchers = (masked.match(/\.(?:toMatchSnapshot|toMatchInlineSnapshot)\s*\(/gu) || []).length;
+  const valueMatchers = (masked.match(/\.(?:toBe|toEqual|toStrictEqual|toBeCloseTo|toContain|toHaveLength|toMatch|toMatchObject|toHaveProperty)\s*\(/gu) || []).length;
+  if (snapshotMatchers > 0 && valueMatchers === 0 && threshold !== "permissive") {
+    hits.push({
+      rule: "snapshot-heavy",
+      severity: "warning",
+      message: `Every assertion in this file is a snapshot (${snapshotMatchers} toMatchSnapshot / toMatchInlineSnapshot). Snapshots detect drift but rarely prove the verified product answer. Pair with at least one value-comparing matcher (toEqual / toBe / toMatchObject).`
+    });
+  }
+  return hits;
+}
+var qaHonestyDetector = {
+  id: RATCHET_ID4,
+  stub: false,
+  async run(input) {
+    const threshold = input.config.thresholds[RATCHET_ID4];
+    const files = await walkFiles(input.cwd, (rel) => {
+      if (isTestFile(rel)) return true;
+      return isTesterMjsPath(rel);
+    });
+    const findings = [];
+    for (const file of files) {
+      const content = await readRelative(input.cwd, file);
+      for (const hit of inspectFile3({ filePath: file, content, threshold })) {
+        findings.push({
+          ratchet: RATCHET_ID4,
+          rule: hit.rule,
+          file,
+          severity: hit.severity,
+          message: hit.message,
+          ...typeof hit.line === "number" ? { line: hit.line } : {}
+        });
+      }
+    }
+    return {
+      ratchet: RATCHET_ID4,
+      ran: true,
+      findings,
+      filesScanned: files.length,
+      stub: false
+    };
+  }
+};
+
+// ../vo-ratchets/src/detectors/verify-answer.ts
+var RATCHET_ID5 = "verify-answer";
+var FILE_ALLOW_RE4 = /\/\/\s*vo-ratchets-allow-verify-answer\s*:\s*\S/iu;
+var LINE_ALLOW_RE = /\bverify-answer-allow\s*:\s*\S/iu;
+var COMPARATOR_PATTERNS = [
+  { re: /\.toBeGreaterThan\s*\(/u, name: "toBeGreaterThan" },
+  { re: /\.toBeGreaterThanOrEqual\s*\(/u, name: "toBeGreaterThanOrEqual" },
+  { re: /\.toBeLessThan\s*\(/u, name: "toBeLessThan" },
+  { re: /\.toBeLessThanOrEqual\s*\(/u, name: "toBeLessThanOrEqual" },
+  { re: /\.toBeTruthy\s*\(\s*\)/u, name: "toBeTruthy" },
+  { re: /\.toBeFalsy\s*\(\s*\)/u, name: "toBeFalsy" }
+];
+var DEFAULT_PINNING_PATTERNS = [
+  /\.toBe\s*\(\s*(?:-?\d+(?:\.\d+)?|true|false|null|undefined|"[^"\n]*"|'[^'\n]*'|`[^`\n]*`)/u,
+  /\.toEqual\s*\(\s*(?:-?\d+(?:\.\d+)?|true|false|null|undefined|"[^"\n]*"|'[^'\n]*'|`[^`\n]*`|\[|\{)/u,
+  /\.toStrictEqual\s*\(/u,
+  /\.toBeCloseTo\s*\(/u,
+  /\.toMatchObject\s*\(/u,
+  /\.toMatchInlineSnapshot\s*\(/u
+];
+var LITERAL_TRUE_ASSERT_RE = /\b(?:expect|assert(?:\.ok)?)\s*\(\s*true\s*\)\s*(?:\.\s*toBe\s*\(\s*true\s*\)\s*)?/u;
+var AWAIT_CALL_RE = /\bawait\s+[A-Za-z_$][\w$.]*\s*\(/u;
+function hasFileAllowMarker2(content) {
+  return FILE_ALLOW_RE4.test(content);
+}
+function lineHasPinning(line, extraHelpers) {
+  for (const pattern of DEFAULT_PINNING_PATTERNS) {
+    if (pattern.test(line)) return true;
+  }
+  for (const helper of extraHelpers) {
+    if (!/^[A-Za-z_$][\w$]*$/u.test(helper)) continue;
+    if (new RegExp(`\\b${helper}\\s*\\(`, "u").test(line)) return true;
+  }
+  return false;
+}
+function hasLineAllowMarkerNearby2(lines, index) {
+  const start = Math.max(0, index - 3);
+  for (let cursor = start; cursor <= index; cursor += 1) {
+    if (LINE_ALLOW_RE.test(lines[cursor] ?? "")) return true;
+  }
+  return false;
+}
+function inspectFile4({
+  filePath,
+  content,
+  threshold,
+  extraPinningHelpers = []
+}) {
+  if (!isTestFile(filePath)) return [];
+  if (hasFileAllowMarker2(content)) return [];
+  const hits = [];
+  const masked = maskStringsAndComments(content);
+  const maskedLines = masked.split(/\r?\n/u);
+  const rawLines = content.split(/\r?\n/u);
+  for (let i = 0; i < maskedLines.length; i += 1) {
+    const maskedLine = maskedLines[i] ?? "";
+    if (!maskedLine.trim()) continue;
+    let matchedName = null;
+    for (const { re, name } of COMPARATOR_PATTERNS) {
+      if (re.test(maskedLine)) {
+        matchedName = name;
+        break;
+      }
+    }
+    if (!matchedName) continue;
+    if (lineHasPinning(maskedLine, extraPinningHelpers)) continue;
+    if (hasLineAllowMarkerNearby2(rawLines, i)) continue;
+    hits.push({
+      rule: "comparator-only",
+      severity: threshold === "permissive" ? "warning" : "error",
+      line: i + 1,
+      message: `Comparator-only matcher \`.${matchedName}\` does not pin an expected value. A failure here can't tell the orchestrator the right answer. Use \`.toBe(<literal>)\`, \`.toEqual(<literal>)\`, \`.toBeCloseTo(<value>)\`, or \`.toMatchObject(...)\` instead. To exempt this line, add \`// verify-answer-allow: <reason>\` on the line above.`
+    });
+  }
+  const fileHasAwaitCall = AWAIT_CALL_RE.test(masked);
+  if (fileHasAwaitCall && threshold !== "permissive") {
+    for (let i = 0; i < maskedLines.length; i += 1) {
+      const maskedLine = maskedLines[i] ?? "";
+      if (!LITERAL_TRUE_ASSERT_RE.test(maskedLine)) continue;
+      if (hasLineAllowMarkerNearby2(rawLines, i)) continue;
+      hits.push({
+        rule: "call-succeeded-only",
+        severity: "error",
+        line: i + 1,
+        message: "Found `expect(true).toBe(true)` / `assert(true)` in a file that issues a call. The test proves the callable invocation didn't throw \u2014 not that it produced the right answer. Replace with a value-comparing matcher against the actual output."
+      });
+    }
+  }
+  return hits;
+}
+var verifyAnswerDetector = {
+  id: RATCHET_ID5,
+  stub: false,
+  async run(input) {
+    const threshold = input.config.thresholds[RATCHET_ID5];
+    const files = await walkFiles(input.cwd, (rel) => isTestFile(rel));
+    const findings = [];
+    for (const file of files) {
+      const content = await readRelative(input.cwd, file);
+      for (const hit of inspectFile4({ filePath: file, content, threshold })) {
+        findings.push({
+          ratchet: RATCHET_ID5,
+          rule: hit.rule,
+          file,
+          severity: hit.severity,
+          message: hit.message,
+          ...typeof hit.line === "number" ? { line: hit.line } : {}
+        });
+      }
+    }
+    return {
+      ratchet: RATCHET_ID5,
+      ran: true,
+      findings,
+      filesScanned: files.length,
+      stub: false
+    };
+  }
+};
+
+// ../vo-ratchets/src/detectors/index.ts
+var ALL_DETECTORS = [
+  assertionStrengthDetector,
+  hollowTestsDetector,
+  verifyAnswerDetector,
+  fixStrengthDetector,
+  qaHonestyDetector
+];
+
+// ../vo-ratchets/src/runner.ts
+async function runRatchets(options) {
+  const startedAtMs = Date.now();
+  const startedAt = new Date(startedAtMs).toISOString();
+  const resolved = applyOnlyFilter(resolveConfig(options.config), options.only);
+  const detectorResults = [];
+  for (const detector of ALL_DETECTORS) {
+    if (!resolved.enabled[detector.id]) {
+      detectorResults.push({
+        ratchet: detector.id,
+        ran: false,
+        findings: [],
+        filesScanned: 0,
+        stub: detector.stub
+      });
+      continue;
+    }
+    const result = await detector.run({ cwd: options.cwd, config: resolved });
+    detectorResults.push(result);
+  }
+  const allFindings = detectorResults.flatMap((r) => r.findings);
+  const { kept, suppressed } = partitionByAllowlist(allFindings, resolved.allowlist);
+  const hasErrorFinding = kept.some((f) => f.severity === "error");
+  const failed = !resolved.reportOnly && hasErrorFinding;
+  return {
+    startedAt,
+    durationMs: Date.now() - startedAtMs,
+    cwd: options.cwd,
+    config: resolved,
+    detectors: detectorResults,
+    findings: kept,
+    suppressedFindings: suppressed,
+    failed
+  };
+}
+function partitionByAllowlist(findings, allowlist) {
+  const kept = [];
+  const suppressed = [];
+  for (const finding of findings) {
+    if (pathMatchesAny(finding.file, allowlist.paths)) {
+      suppressed.push(finding);
+      continue;
+    }
+    if (allowlist.rules.includes(finding.rule)) {
+      suppressed.push(finding);
+      continue;
+    }
+    if (allowlist.rules.includes(`${finding.ratchet}:${finding.rule}`)) {
+      suppressed.push(finding);
+      continue;
+    }
+    kept.push(finding);
+  }
+  return { kept, suppressed };
+}
+
+// src/tools/check-ratchets.ts
+var TOOL_NAME6 = "vo_check_ratchets";
+var GATE_TYPE4 = "ratchet";
+var ALL_RATCHET_IDS = [
+  "assertion-strength",
+  "hollow-tests",
+  "verify-answer",
+  "fix-strength",
+  "qa-honesty"
+];
+var inputSchema6 = {
+  type: "object",
+  properties: {
+    cwd: {
+      type: "string",
+      description: "Absolute path the ratchet run resolves files against. Defaults to the MCP server process cwd (the directory the operator launched it from \u2014 typically the project root)."
+    },
+    only: {
+      type: "string",
+      enum: [...ALL_RATCHET_IDS],
+      description: "Restrict the run to a single detector. Equivalent to disabling every other detector. Omit to run all enabled detectors."
+    },
+    report_only: {
+      type: "boolean",
+      description: "When true, the run never reports `failed: true` even on error-severity findings. Useful for diagnostic scans; do NOT set in CI gates."
+    },
+    paths: {
+      type: "array",
+      items: { type: "string" },
+      description: "Optional list of file globs / paths to scan. When omitted, each detector walks the project and applies its own file filters."
+    }
+  },
+  additionalProperties: false
+};
+var description6 = "Runs the vo-ratchets library against a project directory and returns the deterministic detector report (assertion-strength, hollow-tests, verify-answer, fix-strength, qa-honesty). Use BEFORE accepting generated tests or fixes to catch hollow assertions, weak verification, and other product-truth bypass patterns. Output includes per-detector findings (file, line, severity, message), suppressed findings (allowlist hits), and a pass/fail signal. Use `only` to scope to one detector for speed. Cache is bypassed \u2014 output reflects the live filesystem state at `cwd`.";
+function isToolInput6(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (o["cwd"] !== void 0 && typeof o["cwd"] !== "string") return false;
+  if (o["only"] !== void 0) {
+    if (typeof o["only"] !== "string") return false;
+    if (!ALL_RATCHET_IDS.includes(o["only"])) return false;
+  }
+  if (o["report_only"] !== void 0 && typeof o["report_only"] !== "boolean") return false;
+  if (o["paths"] !== void 0) {
+    if (!Array.isArray(o["paths"])) return false;
+    if (!o["paths"].every((p) => typeof p === "string")) return false;
+  }
+  return true;
+}
+async function handleCheckRatchets(deps, rawInput, _signal) {
+  if (!isToolInput6(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME6,
+      `invalid input. All fields optional. Shape: { cwd?: string, only?: '${ALL_RATCHET_IDS.join("' | '")}', report_only?: boolean, paths?: string[] }.`
+    );
+  }
+  const cwd = rawInput.cwd ?? process.cwd();
+  const key = deps.cache.keyFor(TOOL_NAME6, rawInput);
+  const excerpt = JSON.stringify({
+    cwd,
+    only: rawInput.only ?? null,
+    report_only: rawInput.report_only ?? false,
+    paths_count: rawInput.paths?.length ?? 0
+  }).slice(0, 300);
+  const inputSizeBytes = bytesOf(JSON.stringify(rawInput));
+  const config = {};
+  if (rawInput.report_only !== void 0) config.reportOnly = rawInput.report_only;
+  if (rawInput.paths !== void 0) config.paths = rawInput.paths;
+  const report = await runRatchets({
+    cwd,
+    ...Object.keys(config).length > 0 ? { config } : {},
+    ...rawInput.only !== void 0 ? { only: rawInput.only } : {}
+  });
+  const payload = {
+    failed: report.failed,
+    started_at: report.startedAt,
+    duration_ms: report.durationMs,
+    cwd: report.cwd,
+    detectors: report.detectors.map((d) => ({
+      ratchet: d.ratchet,
+      ran: d.ran,
+      files_scanned: d.filesScanned,
+      stub: d.stub,
+      finding_count: d.findings.length
+    })),
+    findings: report.findings.map((f) => ({
+      ratchet: f.ratchet,
+      rule: f.rule,
+      file: f.file,
+      severity: f.severity,
+      message: f.message,
+      ...f.line !== void 0 ? { line: f.line } : {}
+    })),
+    suppressed_findings: report.suppressedFindings.map((f) => ({
+      ratchet: f.ratchet,
+      rule: f.rule,
+      file: f.file,
+      severity: f.severity,
+      message: f.message,
+      ...f.line !== void 0 ? { line: f.line } : {}
+    })),
+    summary: buildSummary(report)
+  };
+  const envelope = {
+    tool: TOOL_NAME6,
+    schema_version: 1,
+    cache: { hit: false, key },
+    payload
+  };
+  deps.events.append(
+    buildBaseEvent({
+      tool: TOOL_NAME6,
+      gateType: GATE_TYPE4,
+      inputHash: key,
+      inputExcerpt: excerpt,
+      inputSizeBytes,
+      session: deps.session,
+      now: deps.now()
+    })
+  );
+  return jsonContent(envelope);
+}
+function buildSummary(report) {
+  const ranCount = report.detectors.filter((d) => d.ran).length;
+  const errorCount = report.findings.filter((f) => f.severity === "error").length;
+  const warnCount = report.findings.filter((f) => f.severity === "warning").length;
+  const infoCount = report.findings.filter((f) => f.severity === "info").length;
+  const verdict = report.failed ? "fail" : "pass";
+  return `verdict=${verdict} detectors_ran=${ranCount}/${report.detectors.length} findings=error:${errorCount} warning:${warnCount} info:${infoCount} suppressed=${report.suppressedFindings.length}`;
+}
+
+// src/tools/decompose-dispatch.ts
+var TOOL_NAME7 = "vo_decompose_dispatch";
+var GATE_TYPE5 = "plan-review";
+var MAX_GOAL_BYTES = 32 * 1024;
+var MAX_CONTEXT_BYTES2 = 256 * 1024;
+var SYSTEM_PROMPT_VERSION = "v1";
+var SYSTEM_PROMPT = `You are a dispatch architect for an AI agent fleet operated by a non-coder founder. Given a customer goal, produce a STRUCTURED JSON dispatch plan that decomposes the work into bounded tiers and surfaces the cost shape BEFORE execution begins.
+
+Tiers (use only those that apply; omit irrelevant phases):
+  - research:  subagents read code/docs and produce a finding report
+  - build:     subagents implement changes
+  - verify:    subagents run tests / smoke / consensus checks
+  - ship:      a single agent commits + PRs + merges + deploys
+
+For each phase you include, specify:
+  - subagent_count          how many parallel finite tasks vs single-threaded (1)
+  - model_recommendation    model id (claude-opus-4, claude-sonnet-4, gpt-4o, etc.)
+  - estimated_tokens_in     integer best-guess input tokens for the phase
+  - estimated_tokens_out    integer best-guess output tokens for the phase
+  - estimated_cost_usd      USD number (or the string "unknown" if you cannot estimate)
+  - kill_switch             one-sentence condition that should HALT this phase
+  - artifacts               array of file paths / report names the phase produces
+
+Output STRICT JSON conforming to this schema (no markdown fences, no prose outside the JSON):
+
+{
+  "summary": "<one-sentence framing of the overall work>",
+  "phases": [
+    {
+      "name": "research" | "build" | "verify" | "ship",
+      "subagent_count": <integer >= 1>,
+      "model_recommendation": "<model-id>",
+      "estimated_tokens_in": <integer>,
+      "estimated_tokens_out": <integer>,
+      "estimated_cost_usd": <number> | "unknown",
+      "kill_switch": "<condition that should halt this phase>",
+      "artifacts": ["<file or report this phase produces>"]
+    }
+  ],
+  "total_estimated_tokens": <integer> | "unknown",
+  "total_estimated_cost_usd": <number> | "unknown",
+  "risks": ["<risk + suggested mitigation>"],
+  "operator_decision_points": ["<question the operator should answer before next phase starts>"]
+}
+
+Honesty rules (NON-NEGOTIABLE):
+  - If you cannot estimate a token cost, return the string "unknown" \u2014 do NOT bluff a number.
+  - If a phase requires consensus verification, list it as an artifact dependency on \`vo_consensus_judgment\`, not as work-itself.
+  - The plan is a PROPOSAL, not a commitment \u2014 the operator approves each tier separately.
+  - Surface at least one operator_decision_point unless the goal is trivially scoped.
+  - Surface at least one risk + mitigation. If you genuinely see no risk, say "no significant risk identified; primary failure mode is cost overrun" and explain why.
+  - Do NOT pad the plan with phases that add no value. A 1-file change may only need a build phase.`;
+var inputSchema7 = {
+  type: "object",
+  properties: {
+    customer_goal: {
+      type: "string",
+      description: "The customer's goal statement \u2014 what they want accomplished. Keep concise; large supporting material belongs in `context`."
+    },
+    context: {
+      type: "object",
+      description: "Optional context: relevant file paths, current state observations, constraints, prior decisions, deadlines. Forwarded to the engine as caller_context.",
+      additionalProperties: true
+    }
+  },
+  required: ["customer_goal"],
+  additionalProperties: false
+};
+var description7 = "Decomposes a customer goal into a structured dispatch plan (research / build / verify / ship tiers) with subagent counts, model recommendations, token cost estimates, kill switches, and per-tier artifacts. Runs the consensus engine with gate_type='plan-review' so multiple models each propose a plan, then surfaces the synthesized JSON plan AND each model's raw plan for operator audit. Use BEFORE starting any non-trivial work to make the cost shape visible up front. Operator approves each tier separately; the plan is a proposal, not a commitment.";
+function isToolInput7(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["customer_goal"] !== "string") return false;
+  if (o["context"] !== void 0 && (typeof o["context"] !== "object" || o["context"] === null)) {
+    return false;
+  }
+  return true;
+}
+function tryParseDispatchPlan(text) {
+  const trimmed = text.trim();
+  if (trimmed.length === 0) return null;
+  let body = trimmed;
+  const fenceMatch = body.match(/^```(?:json)?\s*([\s\S]*?)\s*```$/u);
+  if (fenceMatch && fenceMatch[1]) body = fenceMatch[1].trim();
+  const firstBrace = body.indexOf("{");
+  const lastBrace = body.lastIndexOf("}");
+  if (firstBrace === -1 || lastBrace === -1 || lastBrace < firstBrace) return null;
+  const jsonStr = body.slice(firstBrace, lastBrace + 1);
+  try {
+    const parsed = JSON.parse(jsonStr);
+    if (!isDispatchPlan(parsed)) return null;
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+function isDispatchPlan(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["summary"] !== "string") return false;
+  if (!Array.isArray(o["phases"])) return false;
+  if (!Array.isArray(o["risks"])) return false;
+  if (!Array.isArray(o["operator_decision_points"])) return false;
+  const totalToks = o["total_estimated_tokens"];
+  if (typeof totalToks !== "number" && totalToks !== "unknown") return false;
+  const totalCost = o["total_estimated_cost_usd"];
+  if (typeof totalCost !== "number" && totalCost !== "unknown") return false;
+  for (const phase of o["phases"]) {
+    if (typeof phase !== "object" || phase === null) return false;
+    const p = phase;
+    if (typeof p["name"] !== "string") return false;
+    if (typeof p["subagent_count"] !== "number") return false;
+  }
+  return true;
+}
+async function handleDecomposeDispatch(deps, rawInput, signal) {
+  if (!isToolInput7(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME7,
+      "invalid input. Required: { customer_goal: string }. Optional: context (object)."
+    );
+  }
+  assertWithinByteCap(TOOL_NAME7, "customer_goal", rawInput.customer_goal, MAX_GOAL_BYTES);
+  let contextStrForSize = "";
+  if (rawInput.context !== void 0) {
+    try {
+      contextStrForSize = JSON.stringify(rawInput.context);
+    } catch {
+      throw invalidParams(TOOL_NAME7, "input field 'context' is not JSON-serializable.");
+    }
+    assertWithinByteCap(TOOL_NAME7, "context", contextStrForSize, MAX_CONTEXT_BYTES2);
+  }
+  const cacheInput = {
+    system_prompt_version: SYSTEM_PROMPT_VERSION,
+    customer_goal: rawInput.customer_goal,
+    ...rawInput.context !== void 0 ? { context: rawInput.context } : {}
+  };
+  const key = deps.cache.keyFor(TOOL_NAME7, cacheInput);
+  const excerpt = rawInput.customer_goal.slice(0, 300);
+  const inputSizeBytes = bytesOf(rawInput.customer_goal) + bytesOf(contextStrForSize);
+  const cached = deps.cache.get(key);
+  if (cached !== null) {
+    const replayEvent = {
+      ...buildBaseEvent({
+        tool: TOOL_NAME7,
+        gateType: GATE_TYPE5,
+        inputHash: key,
+        inputExcerpt: excerpt,
+        inputSizeBytes,
+        session: deps.session,
+        now: deps.now()
+      }),
+      per_model_verdicts: cached.value.payload.per_model_plans.map((p) => ({
+        model: p.model_id,
+        model_id: p.model_id,
+        provider: "cache-replay",
+        verdict: p.parse_ok ? "pass" : "uncertain",
+        confidence: p.confidence,
+        duration_ms: 0,
+        raw_response_excerpt: p.plan_text.slice(0, 500),
+        raw_response_hash: "",
+        reasoning_summary: null,
+        cited_sources: [],
+        error: null
+      })),
+      consensus_engine_version: cached.value.payload.engine_version ?? null,
+      cache_hit: true
+    };
+    deps.events.append(replayEvent);
+    const replayEnvelope = {
+      ...cached.value,
+      cache: { hit: true, key }
+    };
+    return jsonContent(replayEnvelope);
+  }
+  const fullPrompt = `${SYSTEM_PROMPT}
+
+---
+
+Customer goal:
+${rawInput.customer_goal}
+
+Produce the JSON dispatch plan now.`;
+  const baseEvent = buildBaseEvent({
+    tool: TOOL_NAME7,
+    gateType: GATE_TYPE5,
+    inputHash: key,
+    inputExcerpt: excerpt,
+    inputSizeBytes,
+    session: deps.session,
+    now: deps.now()
+  });
+  let engineResult;
+  let engineThrew = false;
+  try {
+    engineResult = await deps.consensus.run({
+      gate_type: GATE_TYPE5,
+      prompt: fullPrompt,
+      ...rawInput.context !== void 0 ? { caller_context: rawInput.context } : {},
+      ...signal !== void 0 ? { signal } : {}
+    });
+  } catch (err) {
+    engineThrew = true;
+    const message = err instanceof Error ? err.message : String(err);
+    engineResult = { ok: false, reason: `engine-threw: ${message}` };
+  }
+  if (!engineResult.ok && engineResult.reason === "cancelled") {
+    deps.events.append({
+      ...baseEvent,
+      downstream_outcome: {
+        status: "cancelled",
+        notes: "mcp notifications/cancelled \u2014 handler aborted via SDK signal"
+      }
+    });
+    const e = new Error("Request cancelled by client (notifications/cancelled)");
+    e.name = "AbortError";
+    throw e;
+  }
+  if (!engineResult.ok) {
+    const payload2 = {
+      verdict: "unimplemented",
+      reason: engineResult.reason,
+      dispatch_plan: null,
+      per_model_plans: [],
+      synthesized_reasoning: "",
+      consensus_confidence: 0,
+      ...engineThrew ? { degraded_mode: true } : {}
+    };
+    const envelope2 = {
+      tool: TOOL_NAME7,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload: payload2
+    };
+    deps.events.append(baseEvent);
+    return jsonContent(envelope2);
+  }
+  const perModelPlans = engineResult.per_model_verdicts.map((v) => {
+    const parsed = tryParseDispatchPlan(v.raw_response_excerpt);
+    return {
+      model_id: v.model,
+      plan_text: v.raw_response_excerpt,
+      confidence: v.confidence,
+      parse_ok: parsed !== null
+    };
+  });
+  const synthText = engineResult.synthesized_verdict.reasoning_excerpt;
+  const synthPlan = tryParseDispatchPlan(synthText);
+  const payload = {
+    verdict: synthPlan !== null ? "pass" : "uncertain",
+    reason: synthPlan !== null ? "Synthesized dispatch plan parsed successfully" : "Synthesized verdict did not parse as a valid dispatch plan JSON \u2014 see per_model_plans for raw outputs",
+    dispatch_plan: synthPlan,
+    ...synthPlan === null ? { parse_error: "synthesized verdict text was not valid dispatch-plan JSON" } : {},
+    per_model_plans: perModelPlans,
+    synthesized_reasoning: synthText,
+    consensus_confidence: engineResult.synthesized_verdict.confidence,
+    engine_version: engineResult.engine_version,
+    ...engineResult.per_model_verdicts.length < 3 ? { degraded: true } : {}
+  };
+  const envelope = {
+    tool: TOOL_NAME7,
+    schema_version: 1,
+    cache: { hit: false, key },
+    payload
+  };
+  deps.cache.set(key, envelope);
+  const enrichedEvent = {
+    ...baseEvent,
+    consensus_confidence: engineResult.synthesized_verdict.confidence,
+    duration_ms: engineResult.duration_ms,
+    consensus_engine_version: engineResult.engine_version,
+    per_model_verdicts: toEventPerModelVerdicts(engineResult.per_model_verdicts),
+    synthesized_verdict: toEventSynthesizedVerdict(engineResult.synthesized_verdict)
+  };
+  deps.events.append(enrichedEvent);
+  return jsonContent(envelope);
+}
+
+// src/cloud/credential-store.ts
+import { homedir as homedir3 } from "node:os";
+import { join as join5, dirname as dirname4 } from "node:path";
+import {
+  existsSync as existsSync3,
+  mkdirSync as mkdirSync2,
+  readFileSync as readFileSync5,
+  writeFileSync as writeFileSync2,
+  chmodSync as chmodSync2,
+  rmSync
+} from "node:fs";
+
+// src/cloud/keychain.ts
+import { createRequire } from "node:module";
+
+// src/cloud/admin-callable-client.ts
+var AdminCallableError = class extends Error {
+  constructor(status, path3, message) {
+    super(message);
+    this.status = status;
+    this.path = path3;
+    this.name = "AdminCallableError";
+  }
+  status;
+  path;
+};
+
+// src/tools/cloud-call.ts
+var ADMIN_READONLY_GATE_REASON = "admin callables are in read-only mode (VO_ADMIN_CALLABLES_READONLY) \u2014 this write tool is gated to its stub. Unset VO_ADMIN_CALLABLES_READONLY to enable write tools.";
+async function buildCloudOrStubResponse(args) {
+  const inputJson = JSON.stringify(args.normalizedInput);
+  const excerpt = inputJson.slice(0, 300);
+  const key = args.deps.cache.keyFor(args.toolName, args.normalizedInput);
+  const event = buildBaseEvent({
+    tool: args.toolName,
+    gateType: args.gateType,
+    inputHash: key,
+    inputExcerpt: excerpt,
+    inputSizeBytes: bytesOf(inputJson),
+    session: args.deps.session,
+    now: args.deps.now()
+  });
+  const gatedByReadonly = Boolean(args.deps.adminCallables?.readOnly) && !args.readOnly;
+  if (!args.deps.adminCallables || gatedByReadonly) {
+    const payload = {
+      verdict: "unimplemented",
+      reason: gatedByReadonly ? ADMIN_READONLY_GATE_REASON : args.stubReason,
+      callable: args.callableName,
+      normalized_input: args.normalizedInput
+    };
+    const envelope = {
+      tool: args.toolName,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload
+    };
+    args.deps.events.append(event);
+    return jsonContent(envelope);
+  }
+  try {
+    const result = await args.deps.adminCallables.invoke(
+      args.adminPath,
+      args.cloudBody ?? args.normalizedInput,
+      args.rawEnvelope ? { rawEnvelope: true } : void 0
+    );
+    const payload = {
+      verdict: "pass",
+      reason: `forwarded to ${args.callableName} via vo-control-plane ${args.adminPath}`,
+      callable: args.callableName,
+      normalized_input: args.normalizedInput,
+      response_data: result && typeof result === "object" && !Array.isArray(result) ? result : { value: result }
+    };
+    const envelope = {
+      tool: args.toolName,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload
+    };
+    args.deps.events.append(event);
+    return jsonContent(envelope);
+  } catch (err) {
+    const status = err instanceof AdminCallableError ? err.status : void 0;
+    const message = err instanceof Error ? err.message : String(err);
+    const payload = {
+      verdict: "fail",
+      reason: status !== void 0 ? `vo-control-plane returned HTTP ${status}: ${message.slice(0, 300)}` : `cloud invocation failed: ${message.slice(0, 300)}`,
+      callable: args.callableName,
+      normalized_input: args.normalizedInput
+    };
+    const envelope = {
+      tool: args.toolName,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload
+    };
+    args.deps.events.append(event);
+    return jsonContent(envelope);
+  }
+}
+
+// src/tools/heal/common-heal.ts
+var HEAL_STUB_REASON = 'cloud-mode not yet wired; tool surface is live, admin-callable wiring pending vo-cloud-tenant-model dispatch (see packages/vo-mcp/src/modes/cloud.ts + EXTRACTION_AUDIT.md "Stub remaining")';
+var HEAL_GATE_TYPE = "admin-action";
+
+// src/tools/heal/trigger-heal.ts
+var TOOL_NAME8 = "vo_trigger_heal";
+var CALLABLE_NAME = "voTriggerHeal";
+var ADMIN_PATH = "/api/v1/admin/heal/trigger";
+var inputSchema8 = {
+  type: "object",
+  properties: {
+    focus_page: {
+      type: "string",
+      description: "Optional focus page identifier (maps to a known tester via vo-heal-focus state). When set, the heal pass becomes priority-queued for that tester. Omit to trigger the auto-process queue."
+    },
+    force: {
+      type: "boolean",
+      description: "When true, request the heal pass even if a queue manager is already active. Default false."
+    }
+  },
+  additionalProperties: false
+};
+var description8 = "Triggers a self-heal pass against open PRs. Optionally scope to a `focus_page` (priority queue for one tester) or omit to fire the auto-process queue. Wraps the `voTriggerHeal` admin Cloud Function. V1 stub: returns `verdict: 'unimplemented'` with structured normalized_input \u2014 cloud-mode wiring is pending. The contract is locked; consumers can call this tool today and get the correct surface without working execution.";
+function isToolInput8(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (o["focus_page"] !== void 0 && typeof o["focus_page"] !== "string") return false;
+  if (o["force"] !== void 0 && typeof o["force"] !== "boolean") return false;
+  return true;
+}
+async function handleTriggerHeal(deps, rawInput, _signal) {
+  if (!isToolInput8(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME8,
+      "invalid input. All fields optional. Shape: { focus_page?: string, force?: boolean }."
+    );
+  }
+  const normalizedInput = {};
+  const cloudBody = {};
+  if (rawInput.focus_page !== void 0) {
+    normalizedInput["focus_page"] = rawInput.focus_page;
+    cloudBody["focusPage"] = rawInput.focus_page;
+  }
+  if (rawInput.force !== void 0) {
+    normalizedInput["force"] = rawInput.force;
+    cloudBody["force"] = rawInput.force;
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME8,
+    callableName: CALLABLE_NAME,
+    adminPath: ADMIN_PATH,
+    normalizedInput,
+    cloudBody,
+    gateType: HEAL_GATE_TYPE,
+    stubReason: HEAL_STUB_REASON,
+    deps
+  });
+}
+
+// src/tools/heal/fix-retry.ts
+var TOOL_NAME9 = "vo_fix_retry";
+var MAX_BATCH = 50;
+var ADMIN_PATH_SINGLE = "/api/v1/admin/heal/retry-attempt";
+var ADMIN_PATH_BATCH = "/api/v1/admin/heal/retry-attempts";
+var inputSchema9 = {
+  type: "object",
+  properties: {
+    attempt_id: {
+      type: "string",
+      description: "Retry a single fix attempt by id (wraps voRetryFixAttempt). Mutually exclusive with attempt_ids."
+    },
+    attempt_ids: {
+      type: "array",
+      items: { type: "string" },
+      description: "Retry up to 50 fix attempts by id (wraps voRetryFixAttempts). Mutually exclusive with attempt_id."
+    }
+  },
+  additionalProperties: false
+};
+var description9 = "Retries one or more failed fix attempts by id. Pass `attempt_id` for the single case or `attempt_ids` (up to 50) for the batch case. Wraps `voRetryFixAttempt` / `voRetryFixAttempts` admin Cloud Functions. V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput9(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (o["attempt_id"] !== void 0 && typeof o["attempt_id"] !== "string") return false;
+  if (o["attempt_ids"] !== void 0) {
+    if (!Array.isArray(o["attempt_ids"])) return false;
+    if (!o["attempt_ids"].every((id) => typeof id === "string")) return false;
+  }
+  return true;
+}
+async function handleFixRetry(deps, rawInput, _signal) {
+  if (!isToolInput9(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME9,
+      "invalid input. Shape: { attempt_id: string } OR { attempt_ids: string[] } (mutually exclusive)."
+    );
+  }
+  const { attempt_id, attempt_ids } = rawInput;
+  const hasSingle = typeof attempt_id === "string" && attempt_id.trim().length > 0;
+  const hasBatch = Array.isArray(attempt_ids) && attempt_ids.length > 0;
+  if (!hasSingle && !hasBatch) {
+    throw invalidParams(
+      TOOL_NAME9,
+      "either attempt_id (string) or attempt_ids (non-empty array) is required."
+    );
+  }
+  if (hasSingle && hasBatch) {
+    throw invalidParams(
+      TOOL_NAME9,
+      "attempt_id and attempt_ids are mutually exclusive \u2014 pass exactly one."
+    );
+  }
+  if (Array.isArray(attempt_ids) && attempt_ids.length > MAX_BATCH) {
+    throw invalidParams(
+      TOOL_NAME9,
+      `attempt_ids exceeds batch cap of ${MAX_BATCH} (got ${attempt_ids.length}).`
+    );
+  }
+  const normalizedInput = {};
+  const cloudBody = {};
+  let resolvedCallable;
+  let resolvedAdminPath;
+  if (typeof attempt_id === "string" && attempt_id.trim().length > 0) {
+    const trimmed = attempt_id.trim();
+    normalizedInput["attempt_id"] = trimmed;
+    cloudBody["attemptId"] = trimmed;
+    resolvedCallable = "voRetryFixAttempt";
+    resolvedAdminPath = ADMIN_PATH_SINGLE;
+  } else if (Array.isArray(attempt_ids)) {
+    const cleaned = [
+      ...new Set(attempt_ids.map((id) => id.trim()).filter(Boolean))
+    ].slice(0, MAX_BATCH);
+    normalizedInput["attempt_ids"] = cleaned;
+    cloudBody["attemptIds"] = cleaned;
+    resolvedCallable = "voRetryFixAttempts";
+    resolvedAdminPath = ADMIN_PATH_BATCH;
+  } else {
+    throw invalidParams(TOOL_NAME9, "internal validation skipped \u2014 please report.");
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME9,
+    callableName: resolvedCallable,
+    adminPath: resolvedAdminPath,
+    normalizedInput,
+    cloudBody,
+    gateType: HEAL_GATE_TYPE,
+    stubReason: HEAL_STUB_REASON,
+    deps
+  });
+}
+
+// src/tools/heal/fix-clear.ts
+var TOOL_NAME10 = "vo_fix_clear";
+var CALLABLE_NAME2 = "voClearFixAttempt";
+var ADMIN_PATH2 = "/api/v1/admin/heal/clear-attempt";
+var inputSchema10 = {
+  type: "object",
+  properties: {
+    attempt_id: {
+      type: "string",
+      description: "Required. Fix-attempt id in the virtual_office_attempts collection."
+    }
+  },
+  required: ["attempt_id"],
+  additionalProperties: false
+};
+var description10 = "Clears (cancels) a single fix attempt by id. Wraps `voClearFixAttempt` admin Cloud Function. V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput10(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["attempt_id"] !== "string") return false;
+  if (o["attempt_id"].trim().length === 0) return false;
+  return true;
+}
+async function handleFixClear(deps, rawInput, _signal) {
+  if (!isToolInput10(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME10,
+      "invalid input. Shape: { attempt_id: non-empty string }."
+    );
+  }
+  const trimmed = rawInput.attempt_id.trim();
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME10,
+    callableName: CALLABLE_NAME2,
+    adminPath: ADMIN_PATH2,
+    normalizedInput: { attempt_id: trimmed },
+    cloudBody: { attemptId: trimmed },
+    gateType: HEAL_GATE_TYPE,
+    stubReason: HEAL_STUB_REASON,
+    deps
+  });
+}
+
+// src/tools/heal/stop-workflow.ts
+var TOOL_NAME11 = "vo_stop_workflow";
+var CALLABLE_NAME3 = "voStopWorkflow";
+var ADMIN_PATH3 = "/api/v1/admin/workflow/stop";
+var inputSchema11 = {
+  type: "object",
+  properties: {
+    run_id: {
+      type: "number",
+      description: "Required. GitHub Actions workflow run id (positive integer)."
+    },
+    force: {
+      type: "boolean",
+      description: "Optional. When true, force-cancel even if the run looks healthy. Default false."
+    }
+  },
+  required: ["run_id"],
+  additionalProperties: false
+};
+var description11 = "Cancels a running GitHub Actions workflow by run id. Wraps `voStopWorkflow` admin Cloud Function. V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput11(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["run_id"] !== "number") return false;
+  if (!Number.isFinite(o["run_id"]) || o["run_id"] <= 0 || !Number.isInteger(o["run_id"])) {
+    return false;
+  }
+  if (o["force"] !== void 0 && typeof o["force"] !== "boolean") return false;
+  return true;
+}
+async function handleStopWorkflow(deps, rawInput, _signal) {
+  if (!isToolInput11(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME11,
+      "invalid input. Shape: { run_id: positive integer, force?: boolean }."
+    );
+  }
+  const normalizedInput = { run_id: rawInput.run_id };
+  const cloudBody = { runId: rawInput.run_id };
+  if (rawInput.force !== void 0) {
+    normalizedInput["force"] = rawInput.force;
+    cloudBody["force"] = rawInput.force;
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME11,
+    callableName: CALLABLE_NAME3,
+    adminPath: ADMIN_PATH3,
+    normalizedInput,
+    cloudBody,
+    gateType: HEAL_GATE_TYPE,
+    stubReason: HEAL_STUB_REASON,
+    deps
+  });
+}
+
+// src/tools/heal/get-workflow-runs.ts
+var TOOL_NAME12 = "vo_get_workflow_runs";
+var CALLABLE_NAME4 = "voGetWorkflowRuns";
+var ADMIN_PATH4 = "/api/v1/admin/workflow/runs";
+var inputSchema12 = {
+  type: "object",
+  properties: {},
+  additionalProperties: false
+};
+var description12 = "Returns the current Command Center workflow-runs snapshot (Heal, Manager, Auto-Merge, Deploy on Merge, etc.). Wraps `voGetWorkflowRuns` admin Cloud Function. Read-only diagnostic. V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput12(v) {
+  if (typeof v !== "object" || v === null) return false;
+  return true;
+}
+async function handleGetWorkflowRuns(deps, rawInput, _signal) {
+  if (!isToolInput12(rawInput)) {
+    throw invalidParams(TOOL_NAME12, "invalid input. This tool takes no parameters.");
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME12,
+    callableName: CALLABLE_NAME4,
+    adminPath: ADMIN_PATH4,
+    normalizedInput: {},
+    gateType: HEAL_GATE_TYPE,
+    stubReason: HEAL_STUB_REASON,
+    // Read-only diagnostic — stays live under VO_ADMIN_CALLABLES_READONLY.
+    readOnly: true,
+    deps
+  });
+}
+
+// src/tools/pr/common-pr.ts
+var PR_STUB_REASON = 'cloud-mode not yet wired; tool surface is live, admin-callable wiring pending vo-cloud-tenant-model dispatch (see packages/vo-mcp/src/modes/cloud.ts + EXTRACTION_AUDIT.md "Stub remaining")';
+var PR_GATE_TYPE = "admin-action";
+
+// src/tools/pr/list-pending-prs.ts
+var TOOL_NAME13 = "vo_list_pending_prs";
+var CALLABLE_NAME5 = "voListPendingPRs";
+var ADMIN_PATH5 = "/api/v1/admin/pr/list";
+var inputSchema13 = {
+  type: "object",
+  properties: {},
+  additionalProperties: false
+};
+var description13 = "Lists open VO-source pull requests with blocker / source / tester / specialist-context metadata. Read-only diagnostic for Command Center reads. Wraps `voListPendingPRs` admin Cloud Function. V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput13(v) {
+  return typeof v === "object" && v !== null;
+}
+async function handleListPendingPRs(deps, rawInput, _signal) {
+  if (!isToolInput13(rawInput)) {
+    throw invalidParams(TOOL_NAME13, "invalid input. This tool takes no parameters.");
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME13,
+    callableName: CALLABLE_NAME5,
+    adminPath: ADMIN_PATH5,
+    normalizedInput: {},
+    gateType: PR_GATE_TYPE,
+    stubReason: PR_STUB_REASON,
+    // Read-only diagnostic — stays live under VO_ADMIN_CALLABLES_READONLY.
+    readOnly: true,
+    deps
+  });
+}
+
+// src/tools/pr/merge-pr.ts
+var TOOL_NAME14 = "vo_merge_pr";
+var CALLABLE_NAME6 = "voMergePR";
+var ADMIN_PATH6 = "/api/v1/admin/pr/merge";
+var inputSchema14 = {
+  type: "object",
+  properties: {
+    pr_number: {
+      type: "number",
+      description: "Required. GitHub pull request number (positive integer)."
+    }
+  },
+  required: ["pr_number"],
+  additionalProperties: false
+};
+var description14 = "Approves + merges a single VO-source pull request by number. Wraps `voMergePR` admin Cloud Function (server-side refuses non-VO PRs with permission-denied). V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput14(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["pr_number"] !== "number") return false;
+  if (!Number.isFinite(o["pr_number"]) || o["pr_number"] < 1 || !Number.isInteger(o["pr_number"])) {
+    return false;
+  }
+  return true;
+}
+async function handleMergePR(deps, rawInput, _signal) {
+  if (!isToolInput14(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME14,
+      "invalid input. Shape: { pr_number: positive integer }."
+    );
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME14,
+    callableName: CALLABLE_NAME6,
+    adminPath: ADMIN_PATH6,
+    normalizedInput: { pr_number: rawInput.pr_number },
+    cloudBody: { prNumber: rawInput.pr_number },
+    gateType: PR_GATE_TYPE,
+    stubReason: PR_STUB_REASON,
+    deps
+  });
+}
+
+// src/tools/pr/reject-pr.ts
+var TOOL_NAME15 = "vo_reject_pr";
+var CALLABLE_NAME7 = "voRejectPR";
+var ADMIN_PATH7 = "/api/v1/admin/pr/reject";
+var inputSchema15 = {
+  type: "object",
+  properties: {
+    pr_number: {
+      type: "number",
+      description: "Required. GitHub pull request number (positive integer)."
+    }
+  },
+  required: ["pr_number"],
+  additionalProperties: false
+};
+var description15 = "Closes a pull request without merging. No retry dispatched \u2014 use `vo_reject_and_retry` for close+retry. Wraps `voRejectPR` admin Cloud Function. V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput15(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["pr_number"] !== "number") return false;
+  if (!Number.isFinite(o["pr_number"]) || o["pr_number"] < 1 || !Number.isInteger(o["pr_number"])) {
+    return false;
+  }
+  return true;
+}
+async function handleRejectPR(deps, rawInput, _signal) {
+  if (!isToolInput15(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME15,
+      "invalid input. Shape: { pr_number: positive integer }."
+    );
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME15,
+    callableName: CALLABLE_NAME7,
+    adminPath: ADMIN_PATH7,
+    normalizedInput: { pr_number: rawInput.pr_number },
+    cloudBody: { prNumber: rawInput.pr_number },
+    gateType: PR_GATE_TYPE,
+    stubReason: PR_STUB_REASON,
+    deps
+  });
+}
+
+// src/tools/pr/approve-all-fixes.ts
+var TOOL_NAME16 = "vo_approve_all_fixes";
+var CALLABLE_NAME8 = "voApproveAllFixes";
+var ADMIN_PATH8 = "/api/v1/admin/pr/approve-all";
+var inputSchema16 = {
+  type: "object",
+  properties: {},
+  additionalProperties: false
+};
+var description16 = "Iterates all open VO-source pull requests and merges (or arms auto-merge) on each. Returns counts of merged / accepted / total plus per-PR results. Wraps `voApproveAllFixes` admin Cloud Function. V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput16(v) {
+  return typeof v === "object" && v !== null;
+}
+async function handleApproveAllFixes(deps, rawInput, _signal) {
+  if (!isToolInput16(rawInput)) {
+    throw invalidParams(TOOL_NAME16, "invalid input. This tool takes no parameters.");
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME16,
+    callableName: CALLABLE_NAME8,
+    adminPath: ADMIN_PATH8,
+    normalizedInput: {},
+    gateType: PR_GATE_TYPE,
+    stubReason: PR_STUB_REASON,
+    deps
+  });
+}
+
+// src/tools/pr/reject-and-retry.ts
+var TOOL_NAME17 = "vo_reject_and_retry";
+var CALLABLE_NAME9 = "voRejectAndRetry";
+var ADMIN_PATH9 = "/api/v1/admin/pr/reject-retry";
+var inputSchema17 = {
+  type: "object",
+  properties: {
+    pr_number: {
+      type: "number",
+      description: "Required. GitHub pull request number (positive integer)."
+    }
+  },
+  required: ["pr_number"],
+  additionalProperties: false
+};
+var description17 = "Closes a VO pull request and dispatches a self-heal pass to retry the same focus page. Cloud callable refuses non-VO PRs and respects the self-heal kill switch + per-PR retry block. Wraps `voRejectAndRetry` admin Cloud Function. V1 stub: returns `verdict: 'unimplemented'` \u2014 cloud-mode wiring pending.";
+function isToolInput17(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["pr_number"] !== "number") return false;
+  if (!Number.isFinite(o["pr_number"]) || o["pr_number"] < 1 || !Number.isInteger(o["pr_number"])) {
+    return false;
+  }
+  return true;
+}
+async function handleRejectAndRetry(deps, rawInput, _signal) {
+  if (!isToolInput17(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME17,
+      "invalid input. Shape: { pr_number: positive integer }."
+    );
+  }
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME17,
+    callableName: CALLABLE_NAME9,
+    adminPath: ADMIN_PATH9,
+    normalizedInput: { pr_number: rawInput.pr_number },
+    cloudBody: { prNumber: rawInput.pr_number },
+    gateType: PR_GATE_TYPE,
+    stubReason: PR_STUB_REASON,
+    deps
+  });
+}
+
+// src/tools/pr/review-merge.ts
+var TOOL_NAME18 = "vo_review_merge";
+var LIST_PATH = "/api/v1/admin/pr/list";
+var ENGINE_GATE = "final-deep-verify";
+var EVENT_GATE = "merge-review";
+var UNAVAILABLE_REASON = "vo_review_merge needs cloud mode to fetch PR context \u2014 set VO_CONTROL_PLANE_URL + VO_CONTROL_PLANE_ADMIN_TOKEN in the MCP env. (It is read-only; it never merges.)";
+var inputSchema18 = {
+  type: "object",
+  properties: {
+    pr_number: {
+      type: "number",
+      description: "GitHub pull request number (positive integer) to review for merge."
+    },
+    notes: {
+      type: "string",
+      description: "Optional reviewer notes / context to factor into the verdict."
+    }
+  },
+  required: ["pr_number"],
+  additionalProperties: false
+};
+var description18 = "READ-ONLY pre-merge review: given a PR number, fetches its CI/blocker status + source + linked bugs, runs a multi-model consensus 'should this merge?' check, and returns a recommendation (merge | hold | reject) with per-model reasoning. NEVER merges \u2014 acting on it is a separate vo_merge_pr call. A deterministic safety overlay refuses to recommend merge when the PR has an open blocker and defaults to hold when consensus is unavailable. Use BEFORE vo_merge_pr to put a verification gate in front of the Command Center. Increment 1 reviews on metadata; needs cloud mode for PR context + model keys for a real verdict.";
+function isToolInput18(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["pr_number"] !== "number") return false;
+  if (o["notes"] !== void 0 && typeof o["notes"] !== "string") return false;
+  return true;
+}
+function str(v) {
+  return typeof v === "string" && v.length > 0 ? v : null;
+}
+function readPr(raw) {
+  const bugsRaw = raw["bugIds"] ?? raw["bug_ids"];
+  const bug_ids = Array.isArray(bugsRaw) ? bugsRaw.filter((b) => typeof b === "string") : [];
+  return {
+    number: Number(raw["number"]),
+    title: str(raw["title"]) ?? "(untitled)",
+    source: str(raw["source"]) ?? str(raw["prSource"]),
+    blocker: str(raw["blockerKind"]) ?? str(raw["blocker_kind"]) ?? str(raw["blockerLabel"]),
+    bug_ids
+  };
+}
+function buildPrompt4(pr, notes) {
+  const lines = [
+    "You are a release gatekeeper deciding whether a pull request is safe to MERGE.",
+    "Recommend exactly one of: merge / hold / reject. Be conservative \u2014 this is a high-stakes irreversible action.",
+    "Rules: HOLD if CI is failing/blocked, there is a merge conflict, or the change is a draft. REJECT if the PR is not a legitimate VO-source change or has no clear purpose. MERGE only if it looks complete, scoped, and unblocked.",
+    "",
+    `PR #${pr.number}: ${pr.title}`,
+    `Source: ${pr.source ?? "unknown"}`,
+    `Linked bug ids: ${pr.bug_ids.length > 0 ? pr.bug_ids.join(", ") : "(none)"}`,
+    `Open blocker: ${pr.blocker ?? "none reported"}`
+  ];
+  if (notes !== void 0 && notes.length > 0) lines.push("", `Reviewer notes: ${notes}`);
+  lines.push("", "Return your verdict (pass = recommend merge, fail = reject, uncertain = hold) with concise reasoning.");
+  return lines.join("\n");
+}
+async function handleReviewMerge(deps, rawInput, signal) {
+  if (!isToolInput18(rawInput) || !Number.isInteger(rawInput.pr_number) || rawInput.pr_number < 1) {
+    throw invalidParams(TOOL_NAME18, "invalid input. Required: { pr_number: positive integer }. Optional: notes.");
+  }
+  const prNumber = rawInput.pr_number;
+  const normalizedInput = { pr_number: prNumber };
+  if (rawInput.notes !== void 0) normalizedInput.notes = rawInput.notes;
+  const inputJson = JSON.stringify(normalizedInput);
+  const key = deps.cache.keyFor(TOOL_NAME18, normalizedInput);
+  const baseEvent = buildBaseEvent({
+    tool: TOOL_NAME18,
+    gateType: EVENT_GATE,
+    inputHash: key,
+    inputExcerpt: inputJson.slice(0, 300),
+    inputSizeBytes: bytesOf(inputJson),
+    session: deps.session,
+    now: deps.now()
+  });
+  const emit = (payload2, eventExtra) => {
+    deps.events.append(eventExtra ? { ...baseEvent, ...eventExtra } : baseEvent);
+    const envelope = {
+      tool: TOOL_NAME18,
+      schema_version: 1,
+      cache: { hit: false, key },
+      payload: payload2
+    };
+    return jsonContent(envelope);
+  };
+  const emptyPayload = (recommendation2, reason2, pr2) => ({
+    recommendation: recommendation2,
+    verdict: null,
+    confidence: null,
+    reason: reason2,
+    basis: "metadata",
+    pr: pr2,
+    per_model_verdicts: [],
+    synthesized_verdict: null,
+    engine_version: null,
+    degraded: false,
+    merged: false
+  });
+  if (!deps.adminCallables) {
+    return emit(emptyPayload("unavailable", UNAVAILABLE_REASON, null));
+  }
+  let pr = null;
+  try {
+    const list = await deps.adminCallables.invoke(LIST_PATH, {});
+    const entries = Array.isArray(list) ? list : [];
+    const found = entries.find((p) => Number(p["number"]) === prNumber);
+    if (found) pr = readPr(found);
+  } catch (err) {
+    const status = err instanceof AdminCallableError ? ` (HTTP ${err.status})` : "";
+    const message = err instanceof Error ? err.message : String(err);
+    return emit(emptyPayload("hold", `could not fetch PR context${status}: ${message.slice(0, 200)}`, null));
+  }
+  if (pr === null) {
+    return emit(
+      emptyPayload("hold", `PR #${prNumber} is not among open VO PRs (already merged/closed, or not a VO-source PR).`, null)
+    );
+  }
+  const hasBlocker = pr.blocker !== null && pr.blocker !== "none";
+  let result;
+  let threw = false;
+  try {
+    result = await deps.consensus.run({
+      gate_type: ENGINE_GATE,
+      prompt: buildPrompt4(pr, rawInput.notes),
+      caller_context: { pr_number: prNumber, pr_metadata: pr, basis: "metadata" },
+      ...signal !== void 0 ? { signal } : {}
+    });
+  } catch (err) {
+    threw = true;
+    result = { ok: false, reason: `engine-threw: ${err instanceof Error ? err.message : String(err)}` };
+  }
+  if (!result.ok && result.reason === "cancelled") {
+    deps.events.append({
+      ...baseEvent,
+      downstream_outcome: { status: "cancelled", notes: "mcp notifications/cancelled" }
+    });
+    const e = new Error("Request cancelled by client (notifications/cancelled)");
+    e.name = "AbortError";
+    throw e;
+  }
+  if (!result.ok) {
+    const reason2 = `consensus unavailable (${result.reason}) \u2014 holding for manual review.` + (hasBlocker ? ` PR also has an open blocker: ${pr.blocker}.` : "");
+    return emit(
+      { ...emptyPayload("hold", reason2, pr), degraded: threw },
+      threw ? {} : void 0
+    );
+  }
+  const verdict = result.synthesized_verdict.verdict;
+  let recommendation = verdict === "pass" ? "merge" : verdict === "fail" ? "reject" : "hold";
+  let reason = result.synthesized_verdict.dissent_summary ?? result.synthesized_verdict.reasoning_excerpt ?? `panel agreed (${result.per_model_verdicts.length} models, engine=${result.engine_version})`;
+  if (hasBlocker && recommendation === "merge") {
+    recommendation = "hold";
+    reason = `Consensus leaned merge, but PR has an open blocker (${pr.blocker}) \u2014 holding (safety overlay). ${reason}`;
+  }
+  const perModel = toEventPerModelVerdicts(result.per_model_verdicts);
+  const synth = toEventSynthesizedVerdict(result.synthesized_verdict);
+  const payload = {
+    recommendation,
+    verdict,
+    confidence: result.synthesized_verdict.confidence,
+    reason,
+    basis: "metadata",
+    pr,
+    per_model_verdicts: perModel,
+    synthesized_verdict: synth,
+    engine_version: result.engine_version,
+    degraded: result.degraded,
+    merged: false
+  };
+  return emit(payload, {
+    consensus_confidence: result.synthesized_verdict.confidence,
+    duration_ms: result.duration_ms,
+    consensus_engine_version: result.engine_version,
+    per_model_verdicts: perModel,
+    synthesized_verdict: synth
+  });
+}
+
+// src/tools/session/directive.ts
+var SESSION_DIRECTIVE_THRESHOLDS = {
+  prepare_handoff_pct: 70,
+  execute_handoff_now_pct: 85
+};
+function computeDirective(context_used_pct) {
+  const clamped = Math.max(0, Math.min(100, context_used_pct));
+  if (clamped >= SESSION_DIRECTIVE_THRESHOLDS.execute_handoff_now_pct) {
+    return "execute_handoff_now";
+  }
+  if (clamped >= SESSION_DIRECTIVE_THRESHOLDS.prepare_handoff_pct) {
+    return "prepare_handoff";
+  }
+  return "continue";
+}
+function directiveMessage(directive) {
+  switch (directive) {
+    case "continue":
+      return "Context usage healthy. Continue work.";
+    case "prepare_handoff":
+      return `Context usage at or above ${SESSION_DIRECTIVE_THRESHOLDS.prepare_handoff_pct}%. Begin wrapping up the current sub-task and prepare a handoff doc covering current state, next steps, blockers, and verification needed.`;
+    case "execute_handoff_now":
+      return `Context usage at or above ${SESSION_DIRECTIVE_THRESHOLDS.execute_handoff_now_pct}%. Stop work, write the handoff doc using the template at ~/.vo/templates/handoff.md to ~/.vo/handoffs/<session_id>-<ts>.md, then call endSession with terminal_status='handed_off' and the handoff path.`;
+  }
+}
+function suggestedHandoffPath(session_id, isoTimestamp) {
+  const safeTs = isoTimestamp.replace(/[:.]/g, "-");
+  return `~/.vo/handoffs/${session_id}-${safeTs}.md`;
+}
+
+// src/tools/session/report-session-state.ts
+var TOOL_NAME19 = "vo_report_session_state";
+var VALID_AGENT_TYPES = ["claude-code", "codex", "cursor", "continue"];
+var MAX_GOAL_CHARS = 500;
+var MAX_RECENT_FILES = 20;
+var MAX_RECENT_TOOLS = 50;
+var inputSchema19 = {
+  type: "object",
+  properties: {
+    operator_id: {
+      type: "string",
+      minLength: 1,
+      description: "Stable identifier (UUID expected) of the operator owning this session."
+    },
+    session_id: {
+      type: "string",
+      minLength: 1,
+      description: "Stable identifier (UUID expected) of the session reporting state."
+    },
+    agent_type: {
+      type: "string",
+      enum: [...VALID_AGENT_TYPES],
+      description: "Which host agent runtime is reporting (claude-code | codex | cursor | continue)."
+    },
+    context_used_pct: {
+      type: "number",
+      minimum: 0,
+      maximum: 100,
+      description: "Current context-window utilization, 0-100. Used to compute the directive."
+    },
+    current_goal: {
+      type: "string",
+      maxLength: MAX_GOAL_CHARS,
+      description: "Optional one-line goal statement. Truncated server-side at 500 chars."
+    },
+    recent_files_touched: {
+      type: "array",
+      items: { type: "string" },
+      maxItems: MAX_RECENT_FILES,
+      description: `Optional list of recent file paths touched in the session. Capped at ${MAX_RECENT_FILES} items.`
+    },
+    recent_tool_uses: {
+      type: "array",
+      items: { type: "string" },
+      maxItems: MAX_RECENT_TOOLS,
+      description: `Optional list of recent tool names invoked in the session. Capped at ${MAX_RECENT_TOOLS} items.`
+    }
+  },
+  required: ["operator_id", "session_id", "agent_type", "context_used_pct"],
+  additionalProperties: false
+};
+var description19 = "Reports per-session context-window utilization to VO and returns a directive: 'continue' (under 70%), 'prepare_handoff' (70-84%), or 'execute_handoff_now' (\u226585%). Implements V1 launch gate #9 (fleet context lifecycle management) per the official VO roadmap. V1 backend is stub-local \u2014 computes the directive purely from `context_used_pct` against the documented thresholds without a network call. Phase 3 wires this to the deployed vo-control-plane HTTP API; the response shape stays stable across the cutover (`backend_mode` field in the payload tells the caller which mode produced the verdict).";
+function isStringArray(v, maxItems) {
+  if (!Array.isArray(v)) return false;
+  if (v.length > maxItems) return false;
+  return v.every((item) => typeof item === "string");
+}
+function isToolInput19(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const o = v;
+  if (typeof o["operator_id"] !== "string" || o["operator_id"].length === 0) return false;
+  if (typeof o["session_id"] !== "string" || o["session_id"].length === 0) return false;
+  if (typeof o["agent_type"] !== "string") return false;
+  if (!VALID_AGENT_TYPES.includes(o["agent_type"])) return false;
+  if (typeof o["context_used_pct"] !== "number") return false;
+  if (!Number.isFinite(o["context_used_pct"])) return false;
+  if (o["context_used_pct"] < 0 || o["context_used_pct"] > 100) return false;
+  if (o["current_goal"] !== void 0 && typeof o["current_goal"] !== "string") return false;
+  if (o["recent_files_touched"] !== void 0 && !isStringArray(o["recent_files_touched"], MAX_RECENT_FILES)) {
+    return false;
+  }
+  if (o["recent_tool_uses"] !== void 0 && !isStringArray(o["recent_tool_uses"], MAX_RECENT_TOOLS)) {
+    return false;
+  }
+  return true;
+}
+async function handleReportSessionState(deps, rawInput, _signal) {
+  if (!isToolInput19(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME19,
+      `invalid input. Required fields: operator_id (non-empty string), session_id (non-empty string), agent_type (one of: ${VALID_AGENT_TYPES.join(" | ")}), context_used_pct (number 0-100). Optional: current_goal (string \u2264${MAX_GOAL_CHARS} chars), recent_files_touched (string[] \u2264${MAX_RECENT_FILES}), recent_tool_uses (string[] \u2264${MAX_RECENT_TOOLS}).`
+    );
+  }
+  const directive = computeDirective(rawInput.context_used_pct);
+  const ts = deps.now().toISOString();
+  const payload = {
+    directive,
+    message: directiveMessage(directive),
+    session_id: rawInput.session_id,
+    operator_id: rawInput.operator_id,
+    agent_type: rawInput.agent_type,
+    context_used_pct: rawInput.context_used_pct,
+    backend_mode: "stub-local",
+    ts,
+    schema_version: 1,
+    ...directive === "execute_handoff_now" ? { handoff_path: suggestedHandoffPath(rawInput.session_id, ts) } : {}
+  };
+  return jsonContent(payload);
+}
+
+// src/tools/concierge/common-concierge.ts
+var CONCIERGE_STUB_REASON = "cloud mode not active in this MCP runtime \u2014 set VO_CONTROL_PLANE_URL + VO_CONTROL_PLANE_ADMIN_TOKEN to enable. The server-side /api/v1/admin/concierge/dispatch endpoint IS built + deployed (vo-control-plane #5724/#5734); in cloud mode this tool returns the routed pack README + file index.";
+var CONCIERGE_GATE_TYPE = "concierge-dispatch";
+var KNOWN_CONCIERGE_PACKS = [
+  "gcp",
+  "firebase",
+  "aws",
+  "cloudflare",
+  "vercel",
+  "netlify",
+  "tax",
+  "hybrid"
+];
+function isKnownConciergePack(value) {
+  return typeof value === "string" && KNOWN_CONCIERGE_PACKS.includes(value);
+}
+
+// src/tools/concierge/dispatch.ts
+var TOOL_NAME20 = "vo_concierge_dispatch";
+var CALLABLE_NAME10 = "voConciergeDispatch";
+var ADMIN_PATH10 = "/api/v1/admin/concierge/dispatch";
+var inputSchema20 = {
+  type: "object",
+  properties: {
+    pack: {
+      type: "string",
+      description: `Explicit knowledge pack name. One of: ${KNOWN_CONCIERGE_PACKS.join(", ")}. When provided, overrides tenant-based routing. Omit to let server route by tenant_id.`,
+      enum: [...KNOWN_CONCIERGE_PACKS]
+    },
+    tenant_id: {
+      type: "string",
+      description: "Tenant identifier. When provided (and pack is omitted), the server looks up Tenant.cloud_provider and dispatches to the matching pack. Ignored when pack is also provided."
+    }
+  },
+  additionalProperties: false
+};
+var description20 = "Dispatches a provider-scoped knowledge pack (gcp | firebase | aws | cloudflare | vercel | netlify | tax | hybrid). Cross-vendor MCP equivalent of the /vo-concierge Claude-Code slash command. Route explicitly via `pack`, or via tenant.cloud_provider by passing `tenant_id`. Returns the pack's README (`readme_markdown`) + file index. In cloud mode, dispatches via vo-control-plane and returns `verdict: 'pass'` with the pack/directory data; without cloud config, returns `verdict: 'unimplemented'`.";
+function isToolInput20(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const obj = v;
+  if (obj.pack !== void 0 && typeof obj.pack !== "string") return false;
+  if (obj.tenant_id !== void 0 && typeof obj.tenant_id !== "string") return false;
+  return true;
+}
+async function handleConciergeDispatch(deps, rawInput, _signal) {
+  if (!isToolInput20(rawInput)) {
+    throw invalidParams(
+      TOOL_NAME20,
+      "invalid input. Expected { pack?: string, tenant_id?: string }."
+    );
+  }
+  if (rawInput.pack !== void 0 && rawInput.pack !== "" && !isKnownConciergePack(rawInput.pack)) {
+    throw invalidParams(
+      TOOL_NAME20,
+      `unknown pack: ${JSON.stringify(rawInput.pack)}. Known packs: ${KNOWN_CONCIERGE_PACKS.join(", ")}.`
+    );
+  }
+  const normalizedInput = {};
+  if (rawInput.pack) normalizedInput.pack = rawInput.pack;
+  if (rawInput.tenant_id) normalizedInput.tenant_id = rawInput.tenant_id;
+  const cloudBody = {};
+  if (rawInput.pack) cloudBody.pack = rawInput.pack;
+  if (rawInput.tenant_id) cloudBody.tenantId = rawInput.tenant_id;
+  return buildCloudOrStubResponse({
+    toolName: TOOL_NAME20,
+    callableName: CALLABLE_NAME10,
+    adminPath: ADMIN_PATH10,
+    normalizedInput,
+    cloudBody,
+    // Concierge dispatch returns `{ok, mode, routed_from, pack|packs}`,
+    // NOT the callable-proxy `{ok, callable, result}` shape — take the
+    // raw envelope as response_data instead of mandating `.result`.
+    rawEnvelope: true,
+    gateType: CONCIERGE_GATE_TYPE,
+    stubReason: CONCIERGE_STUB_REASON,
+    // Read-only pack fetch — stays live under VO_ADMIN_CALLABLES_READONLY.
+    readOnly: true,
+    deps
+  });
+}
+
+// src/server.ts
+function buildToolRegistry() {
+  return {
+    [TOOL_NAME]: {
+      definition: {
+        name: TOOL_NAME,
+        description,
+        inputSchema
+      },
+      handler: handleCheckAssertionStrength
+    },
+    [TOOL_NAME2]: {
+      definition: {
+        name: TOOL_NAME2,
+        description: description2,
+        inputSchema: inputSchema2
+      },
+      handler: handleCheckHollowTest
+    },
+    [TOOL_NAME3]: {
+      definition: {
+        name: TOOL_NAME3,
+        description: description3,
+        inputSchema: inputSchema3
+      },
+      handler: handleVerifyAnswer
+    },
+    [TOOL_NAME4]: {
+      definition: {
+        name: TOOL_NAME4,
+        description: description4,
+        inputSchema: inputSchema4
+      },
+      handler: handleConsensusJudgment
+    },
+    [TOOL_NAME5]: {
+      definition: {
+        name: TOOL_NAME5,
+        description: description5,
+        inputSchema: inputSchema5
+      },
+      handler: handleArchitectureReview
+    },
+    [TOOL_NAME7]: {
+      definition: {
+        name: TOOL_NAME7,
+        description: description7,
+        inputSchema: inputSchema7
+      },
+      handler: handleDecomposeDispatch
+    },
+    [TOOL_NAME6]: {
+      definition: {
+        name: TOOL_NAME6,
+        description: description6,
+        inputSchema: inputSchema6
+      },
+      handler: handleCheckRatchets
+    },
+    [TOOL_NAME8]: {
+      definition: {
+        name: TOOL_NAME8,
+        description: description8,
+        inputSchema: inputSchema8
+      },
+      handler: handleTriggerHeal
+    },
+    [TOOL_NAME9]: {
+      definition: {
+        name: TOOL_NAME9,
+        description: description9,
+        inputSchema: inputSchema9
+      },
+      handler: handleFixRetry
+    },
+    [TOOL_NAME10]: {
+      definition: {
+        name: TOOL_NAME10,
+        description: description10,
+        inputSchema: inputSchema10
+      },
+      handler: handleFixClear
+    },
+    [TOOL_NAME11]: {
+      definition: {
+        name: TOOL_NAME11,
+        description: description11,
+        inputSchema: inputSchema11
+      },
+      handler: handleStopWorkflow
+    },
+    [TOOL_NAME12]: {
+      definition: {
+        name: TOOL_NAME12,
+        description: description12,
+        inputSchema: inputSchema12
+      },
+      handler: handleGetWorkflowRuns
+    },
+    [TOOL_NAME13]: {
+      definition: {
+        name: TOOL_NAME13,
+        description: description13,
+        inputSchema: inputSchema13
+      },
+      handler: handleListPendingPRs
+    },
+    [TOOL_NAME14]: {
+      definition: {
+        name: TOOL_NAME14,
+        description: description14,
+        inputSchema: inputSchema14
+      },
+      handler: handleMergePR
+    },
+    [TOOL_NAME15]: {
+      definition: {
+        name: TOOL_NAME15,
+        description: description15,
+        inputSchema: inputSchema15
+      },
+      handler: handleRejectPR
+    },
+    [TOOL_NAME16]: {
+      definition: {
+        name: TOOL_NAME16,
+        description: description16,
+        inputSchema: inputSchema16
+      },
+      handler: handleApproveAllFixes
+    },
+    [TOOL_NAME17]: {
+      definition: {
+        name: TOOL_NAME17,
+        description: description17,
+        inputSchema: inputSchema17
+      },
+      handler: handleRejectAndRetry
+    },
+    [TOOL_NAME18]: {
+      definition: {
+        name: TOOL_NAME18,
+        description: description18,
+        inputSchema: inputSchema18
+      },
+      handler: handleReviewMerge
+    },
+    [TOOL_NAME19]: {
+      definition: {
+        name: TOOL_NAME19,
+        description: description19,
+        inputSchema: inputSchema19
+      },
+      handler: handleReportSessionState
+    },
+    [TOOL_NAME20]: {
+      definition: {
+        name: TOOL_NAME20,
+        description: description20,
+        inputSchema: inputSchema20
+      },
+      handler: handleConciergeDispatch
+    }
+  };
+}
+function createServer(options) {
+  const sessionId = options.sessionId ?? randomUUID2();
+  const mode = createLocalMode();
+  const now = options.now ?? (() => /* @__PURE__ */ new Date());
+  const server = new Server(
+    {
+      name: "vo-mcp",
+      version: "0.1.0"
+    },
+    {
+      capabilities: {
+        tools: {}
+      }
+    }
+  );
+  const registry = buildToolRegistry();
+  server.setRequestHandler(ListToolsRequestSchema, async () => {
+    return {
+      tools: Object.values(registry).map((t) => t.definition)
+    };
+  });
+  server.setRequestHandler(CallToolRequestSchema, async (req, extra) => {
+    const toolName = req.params.name;
+    const entry = registry[toolName];
+    if (!entry) {
+      throw methodNotFound(toolName, Object.keys(registry));
+    }
+    const clientInfo = server.getClientVersion();
+    const session = {
+      sessionId,
+      clientId: clientInfo?.name ?? "unknown",
+      mode: mode.mode,
+      tenantId: mode.tenantId,
+      operatorId: mode.operatorId
+    };
+    const deps = {
+      session,
+      cache: options.cache,
+      events: options.events,
+      ratchets: options.ratchets,
+      consensus: options.consensus,
+      now,
+      adminCallables: options.adminCallables ?? null
+    };
+    return entry.handler(deps, req.params.arguments ?? {}, extra?.signal);
+  });
+  return server;
+}
+function listToolNames() {
+  return Object.keys(buildToolRegistry());
+}
+
+// src/cache/sqlite-cache.ts
+import { createHash as createHash3 } from "node:crypto";
+import { chmodSync as chmodSync3, mkdirSync as mkdirSync3 } from "node:fs";
+import { dirname as dirname5 } from "node:path";
+import { DatabaseSync } from "node:sqlite";
+
+// src/cache/canonicalize.ts
+var DEFAULT_VOLATILE_KEYS = /* @__PURE__ */ new Set([
+  "ts",
+  "timestamp",
+  "session_id",
+  "sessionId",
+  "request_id",
+  "requestId",
+  "nonce"
+]);
+function canonicalize(value, options = {}) {
+  const excluded = /* @__PURE__ */ new Set([
+    ...DEFAULT_VOLATILE_KEYS,
+    ...options.excludeKeys ?? /* @__PURE__ */ new Set()
+  ]);
+  const normalized = normalize(value, excluded);
+  return JSON.stringify(normalized);
+}
+function normalize(value, excluded) {
+  if (value === null || value === void 0) return null;
+  if (typeof value === "string") return normalizeString(value);
+  if (typeof value === "number" || typeof value === "boolean") return value;
+  if (Array.isArray(value)) return value.map((item) => normalize(item, excluded));
+  if (typeof value === "object") {
+    const out = {};
+    const obj = value;
+    const keys = Object.keys(obj).filter((k) => !excluded.has(k)).sort();
+    for (const key of keys) {
+      out[key] = normalize(obj[key], excluded);
+    }
+    return out;
+  }
+  return String(value);
+}
+function normalizeString(s) {
+  return s.replace(/\r\n/g, "\n").replace(/\r/g, "\n").trim();
+}
+
+// src/cache/sqlite-cache.ts
+function createSqliteCache(options) {
+  const fileBacked = options.dbPath !== ":memory:";
+  if (fileBacked) {
+    mkdirSync3(dirname5(options.dbPath), { recursive: true, mode: 448 });
+  }
+  const versionNamespace = options.cacheVersionNamespace ?? "";
+  const db = new DatabaseSync(options.dbPath);
+  db.exec("PRAGMA journal_mode=WAL; PRAGMA busy_timeout=5000; PRAGMA synchronous=NORMAL;");
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS cache (
+      key TEXT PRIMARY KEY,
+      value TEXT NOT NULL,
+      cached_at INTEGER NOT NULL,
+      expires_at INTEGER
+    );
+  `);
+  if (fileBacked) {
+    try {
+      chmodSync3(options.dbPath, 384);
+    } catch {
+    }
+  }
+  const insertStmt = db.prepare(
+    "INSERT OR REPLACE INTO cache (key, value, cached_at, expires_at) VALUES (?, ?, ?, ?)"
+  );
+  const selectStmt = db.prepare(
+    "SELECT key, value, cached_at, expires_at FROM cache WHERE key = ?"
+  );
+  const deleteStmt = db.prepare("DELETE FROM cache WHERE key = ?");
+  const clearAllStmt = db.prepare("DELETE FROM cache");
+  const countStmt = db.prepare("SELECT COUNT(*) AS c FROM cache");
+  return {
+    keyFor(toolName, input, opts) {
+      const canonical = canonicalize(input, opts);
+      const hash = createHash3("sha256");
+      if (versionNamespace.length > 0) {
+        hash.update(versionNamespace);
+        hash.update("|");
+      }
+      hash.update(toolName);
+      hash.update(" ");
+      hash.update(canonical);
+      return hash.digest("hex");
+    },
+    get(key) {
+      const row = selectStmt.get(key);
+      if (!row) return null;
+      if (row.expires_at !== null && row.expires_at < Date.now()) {
+        deleteStmt.run(key);
+        return null;
+      }
+      return {
+        key: row.key,
+        value: JSON.parse(row.value),
+        cachedAt: row.cached_at
+      };
+    },
+    set(key, value, ttlMs) {
+      const now = Date.now();
+      const expiresAt = typeof ttlMs === "number" ? now + ttlMs : null;
+      insertStmt.run(key, JSON.stringify(value), now, expiresAt);
+    },
+    delete(key) {
+      const result = deleteStmt.run(key);
+      return Number(result.changes) > 0;
+    },
+    clear() {
+      const result = clearAllStmt.run();
+      return Number(result.changes);
+    },
+    size() {
+      const r = countStmt.get();
+      return r?.c ?? 0;
+    },
+    close() {
+      db.close();
+    }
+  };
+}
+
+// src/ratchets/stub-client.ts
+var HOLLOW_PATTERNS = [
+  {
+    regex: /expect\([^)]*\)\.toBeDefined\(\)/g,
+    code: "hollow.toBeDefined",
+    severity: "warn",
+    message: "toBeDefined() only proves the call returned something; assert a value."
+  },
+  {
+    regex: /expect\((true|false|1|0|'[^']*'|"[^"]*")\)\.toBe\(\1\)/g,
+    code: "hollow.tautology",
+    severity: "error",
+    message: "Tautological assertion: literal compared to itself."
+  },
+  {
+    regex: /expect\([^)]*\)\.toBeTruthy\(\)|expect\([^)]*\)\.toBeFalsy\(\)/g,
+    code: "hollow.toBeTruthy",
+    severity: "warn",
+    message: "toBeTruthy/toBeFalsy hide what value you expected; prefer toBe(...) / toEqual(...)."
+  }
+];
+var STRONG_PATTERNS = [
+  /\.toBe\(/g,
+  /\.toEqual\(/g,
+  /\.toMatchObject\(/g,
+  /\.toContain\(/g,
+  /\.toHaveBeenCalledWith\(/g,
+  /\.toStrictEqual\(/g
+];
+var MAX_SCORE = 100;
+var WEAK_FLOOR = 30;
+var HOLLOW_PENALTY = 25;
+var HOLLOW_TAUTOLOGY_PENALTY = 50;
+var STRONG_REWARD_PER = 8;
+function createStubRatchetClient() {
+  return {
+    async checkAssertionStrength(req) {
+      const findings = [];
+      let score = 50;
+      let hollowHits = 0;
+      let tautologyHits = 0;
+      for (const pat of HOLLOW_PATTERNS) {
+        pat.regex.lastIndex = 0;
+        let m;
+        while ((m = pat.regex.exec(req.source)) !== null) {
+          findings.push({
+            line_excerpt: clip(m[0], 80),
+            severity: pat.severity,
+            code: pat.code,
+            message: pat.message
+          });
+          if (pat.code === "hollow.tautology") tautologyHits += 1;
+          else hollowHits += 1;
+        }
+      }
+      let strongHits = 0;
+      for (const pat of STRONG_PATTERNS) {
+        pat.lastIndex = 0;
+        const matches = req.source.match(pat);
+        if (matches) strongHits += matches.length;
+      }
+      score -= hollowHits * HOLLOW_PENALTY;
+      score -= tautologyHits * HOLLOW_TAUTOLOGY_PENALTY;
+      score += strongHits * STRONG_REWARD_PER;
+      score = Math.max(0, Math.min(MAX_SCORE, score));
+      const verdict = tautologyHits > 0 || hollowHits > 0 && strongHits === 0 ? "hollow" : score < WEAK_FLOOR ? "weak" : "strong";
+      const summary = buildSummary2({
+        verdict,
+        score,
+        strongHits,
+        hollowHits,
+        tautologyHits,
+        filePath: req.filePath
+      });
+      return { score, maxScore: MAX_SCORE, verdict, findings, summary };
+    }
+  };
+}
+function clip(s, n) {
+  return s.length <= n ? s : s.slice(0, n) + "\u2026";
+}
+function buildSummary2(args) {
+  const fileTag = args.filePath ? `${args.filePath}: ` : "";
+  return `${fileTag}verdict=${args.verdict} score=${args.score}/${MAX_SCORE} (strong=${args.strongHits} hollow=${args.hollowHits} tautology=${args.tautologyHits}) [stub-ratchet \u2014 real thresholds load from @algosuite/ratchets-generic in Phase 2]`;
+}
+
+// src/consensus/null-client.ts
+var NULL_CLIENT_DEFAULT_REASON = "consensus-engine-package-pending";
+var ENGINE_UNAVAILABLE_REASONS = {
+  /** Fewer than 2 provider API keys present in env — can't form a panel. */
+  CREDENTIALS_MISSING: "consensus-credentials-missing",
+  /** `@algosuite/consensus-engine` module not resolvable / installed. */
+  ENGINE_PACKAGE_NOT_INSTALLED: "consensus-engine-package-not-installed",
+  /** `functions-shared` module not resolvable in the host's node_modules. */
+  FUNCTIONS_SHARED_NOT_INSTALLED: "consensus-functions-shared-not-installed",
+  /** Engine + functions-shared loaded but adapter construction failed for all providers. */
+  PANEL_CONSTRUCTION_FAILED: "consensus-panel-construction-failed"
+};
+function createNullConsensusEngineClient(reason = NULL_CLIENT_DEFAULT_REASON) {
+  return {
+    async run() {
+      return { ok: false, reason };
+    }
+  };
+}
+
+// src/consensus/engine-client.ts
+import { randomUUID as randomUUID3 } from "node:crypto";
+async function loadEngineModule() {
+  try {
+    const moduleName = ["@algosuite", "consensus-engine"].join("/");
+    const mod = await import(moduleName);
+    if (mod !== null && typeof mod === "object" && "runConsensus" in mod && typeof mod.runConsensus === "function") {
+      return mod;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function createEngineConsensusClient(options) {
+  const cachedEngine = options.engineModule;
+  let loaded = null;
+  async function getEngine() {
+    if (cachedEngine !== void 0) return cachedEngine;
+    if (loaded === null) loaded = loadEngineModule();
+    return loaded;
+  }
+  return {
+    async run(request) {
+      const signal = request.signal;
+      if (signal?.aborted) {
+        return { ok: false, reason: "cancelled" };
+      }
+      const engine = await getEngine();
+      if (engine === null) {
+        return { ok: false, reason: "consensus-engine-package-pending" };
+      }
+      if (options.panel.length < 2) {
+        return { ok: false, reason: "panel-too-small" };
+      }
+      try {
+        const engineRequest = {
+          gate_type: request.gate_type,
+          prompt: request.prompt,
+          ...request.system_prompt !== void 0 ? { system_prompt: request.system_prompt } : {}
+        };
+        const panel = signal === void 0 ? options.panel : options.panel.map((adapter) => ({
+          ...adapter,
+          call: (args) => adapter.call({ ...args, abort_signal: signal })
+        }));
+        const engineOptions = {
+          panel,
+          ...options.per_model_timeout_ms !== void 0 ? { per_model_timeout_ms: options.per_model_timeout_ms } : {}
+        };
+        const result = signal === void 0 ? await engine.runConsensus(engineRequest, engineOptions) : await Promise.race([
+          engine.runConsensus(engineRequest, engineOptions),
+          new Promise((_, reject) => {
+            const onAbort = () => {
+              reject(new Error("__VO_MCP_CANCELLED__"));
+            };
+            if (signal.aborted) onAbort();
+            else signal.addEventListener("abort", onAbort, { once: true });
+          })
+        ]);
+        if (!result.ok || result.response === void 0) {
+          return {
+            ok: false,
+            reason: result.error?.reason ?? "engine-returned-not-ok"
+          };
+        }
+        return {
+          ok: true,
+          synthesized_verdict: result.response.synthesized_verdict,
+          per_model_verdicts: result.response.per_model_verdicts,
+          degraded: result.response.degraded,
+          duration_ms: result.response.duration_ms,
+          engine_version: result.response.engine_version,
+          // Phase 2 Lane D-1 — forward escalation signal when present.
+          ...result.response.escalation_required !== void 0 ? { escalation_required: result.response.escalation_required } : {},
+          ...result.response.escalation_reason !== void 0 ? { escalation_reason: result.response.escalation_reason } : {}
+        };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        if (message === "__VO_MCP_CANCELLED__" || signal?.aborted || err instanceof Error && err.name === "AbortError") {
+          return { ok: false, reason: "cancelled" };
+        }
+        return { ok: false, reason: `engine-threw: ${message}` };
+      }
+    }
+  };
+}
+var DEFAULT_MODELS = {
+  // These ids match the strategic-roadmap §4 `newsStandard` / `newsDeep` panel
+  // intent — current production model ids. Per handoff §C-3 these MUST come
+  // from `CONSENSUS_PANELS` in `functions-shared/shared-model-resolvers.ts`
+  // for V1; placeholder defaults here keep Phase 2 Lane A non-blocking.
+  anthropic: "claude-opus-4-7",
+  openai: "gpt-5",
+  // gemini-2.5-FLASH (not -pro): flash accepts the default thinkingBudget=0 from
+  // callGeminiWithMetrics; 2.5-pro REJECTS budget 0 ("only works in thinking mode").
+  // Flash is also ~10x cheaper. 2026-06-02.
+  google: "gemini-2.5-flash",
+  deepseek: "deepseek-chat"
+};
+function probeProviders(env = process.env) {
+  const out = [];
+  if ((env["ANTHROPIC_API_KEY"] ?? "").trim().length > 0) out.push("anthropic");
+  if ((env["OPENAI_API_KEY"] ?? "").trim().length > 0) out.push("openai");
+  if ((env["GOOGLE_API_KEY"] ?? "").trim().length > 0) out.push("google");
+  if ((env["DEEPSEEK_API_KEY"] ?? "").trim().length > 0) out.push("deepseek");
+  return out;
+}
+async function loadFactoryAndCallers(injectedEngine, injectedShared) {
+  let engineMod = injectedEngine;
+  if (engineMod === void 0) {
+    try {
+      engineMod = await import(["@algosuite", "consensus-engine"].join("/"));
+    } catch {
+      return { ok: false, reason: ENGINE_UNAVAILABLE_REASONS.ENGINE_PACKAGE_NOT_INSTALLED };
+    }
+  }
+  if (engineMod === null || typeof engineMod !== "object" || typeof engineMod.createAdapter !== "function" || typeof engineMod.runConsensus !== "function") {
+    return { ok: false, reason: ENGINE_UNAVAILABLE_REASONS.ENGINE_PACKAGE_NOT_INSTALLED };
+  }
+  let sharedMod = injectedShared;
+  if (sharedMod === void 0) {
+    try {
+      sharedMod = await import(["functions", "shared"].join("-"));
+    } catch {
+      return { ok: false, reason: ENGINE_UNAVAILABLE_REASONS.FUNCTIONS_SHARED_NOT_INSTALLED };
+    }
+  }
+  if (sharedMod === null || typeof sharedMod !== "object" || typeof sharedMod.callAnthropicWithMetrics !== "function" || typeof sharedMod.callOpenAIWithMetrics !== "function" || typeof sharedMod.callGeminiWithMetrics !== "function") {
+    return { ok: false, reason: ENGINE_UNAVAILABLE_REASONS.FUNCTIONS_SHARED_NOT_INSTALLED };
+  }
+  return {
+    ok: true,
+    engine: engineMod,
+    shared: sharedMod
+  };
+}
+async function tryCreateEngineConsensusClientFromEnvAsync(options = {}) {
+  const env = options.envSource ?? process.env;
+  const providers = probeProviders(env);
+  if (providers.length < 2) {
+    return createNullConsensusEngineClient(ENGINE_UNAVAILABLE_REASONS.CREDENTIALS_MISSING);
+  }
+  const loaded = await loadFactoryAndCallers(options.engineModule, options.functionsSharedModule);
+  if (!loaded.ok) {
+    return createNullConsensusEngineClient(loaded.reason);
+  }
+  const callerByProvider = {
+    anthropic: loaded.shared.callAnthropicWithMetrics,
+    openai: loaded.shared.callOpenAIWithMetrics,
+    google: loaded.shared.callGeminiWithMetrics,
+    deepseek: loaded.shared.callDeepSeekWithMetrics
+  };
+  const modelByProvider = {
+    anthropic: options.models?.anthropic ?? DEFAULT_MODELS.anthropic,
+    openai: options.models?.openai ?? DEFAULT_MODELS.openai,
+    google: options.models?.google ?? DEFAULT_MODELS.google,
+    deepseek: options.models?.deepseek ?? DEFAULT_MODELS.deepseek
+  };
+  const panel = [];
+  for (const p of providers) {
+    try {
+      const adapter = loaded.engine.createAdapter(p, {
+        model: modelByProvider[p],
+        caller: callerByProvider[p],
+        envSource: env
+      });
+      panel.push(adapter);
+    } catch {
+    }
+  }
+  if (panel.length < 2) {
+    return createNullConsensusEngineClient(ENGINE_UNAVAILABLE_REASONS.PANEL_CONSTRUCTION_FAILED);
+  }
+  const clientOptions = {
+    panel,
+    engineModule: loaded.engine,
+    ...options.per_model_timeout_ms !== void 0 ? { per_model_timeout_ms: options.per_model_timeout_ms } : {}
+  };
+  return createEngineConsensusClient(clientOptions);
+}
+function tryCreateEngineConsensusClientFromEnv(options = {}) {
+  const env = options.envSource ?? process.env;
+  if (probeProviders(env).length < 2) {
+    return createNullConsensusEngineClient(ENGINE_UNAVAILABLE_REASONS.CREDENTIALS_MISSING);
+  }
+  let resolved = null;
+  return {
+    async run(request) {
+      if (resolved === null) {
+        resolved = tryCreateEngineConsensusClientFromEnvAsync(options);
+      }
+      const real = await resolved;
+      return real.run(request);
+    }
+  };
+}
+export {
+  canonicalize,
+  createEngineConsensusClient,
+  createFileEventsWriter,
+  createMemoryEventsWriter,
+  createNullConsensusEngineClient,
+  createServer,
+  createSqliteCache,
+  createStubRatchetClient,
+  defaultEventsPath,
+  listToolNames,
+  sanitizeExcerpt,
+  tryCreateEngineConsensusClientFromEnv
+};
+//# sourceMappingURL=index.js.map