@balpal4495/quorum 0.2.0 → 0.4.0

package/bin/shared/chronicle.js

@@ -0,0 +1,129 @@
+import { promises as fs } from "fs"
+import path from "path"
+
+/**
+ * Walk up from startDir looking for a .chronicle/ directory.
+ * Returns the .chronicle path if found, null otherwise.
+ */
+export async function findChronicleDir(startDir = process.cwd()) {
+  let dir = startDir
+  while (true) {
+    const candidate = path.join(dir, ".chronicle")
+    try {
+      const stat = await fs.stat(candidate)
+      if (stat.isDirectory()) return candidate
+    } catch { /* keep walking */ }
+    const parent = path.dirname(dir)
+    if (parent === dir) return null
+    dir = parent
+  }
+}
+
+/**
+ * Read all proposal JSON files from .chronicle/proposals/.
+ * Returns array of { proposalId, ...entry } objects.
+ */
+export async function readProposals(chronicleDir) {
+  const dir = path.join(chronicleDir, "proposals")
+  let files
+  try { files = await fs.readdir(dir) } catch { return [] }
+  const results = []
+  for (const file of files) {
+    if (!file.endsWith(".json")) continue
+    try {
+      const raw = await fs.readFile(path.join(dir, file), "utf8")
+      results.push({ proposalId: file.replace(".json", ""), ...JSON.parse(raw) })
+    } catch { /* skip malformed */ }
+  }
+  return results
+}
+
+/**
+ * Read all committed Chronicle entries from .chronicle/committed/.
+ * Returns ChronicleEntry array sorted newest-first.
+ */
+export async function readCommitted(chronicleDir) {
+  const dir = path.join(chronicleDir, "committed")
+  let files
+  try { files = await fs.readdir(dir) } catch { return [] }
+  const results = []
+  for (const file of files) {
+    if (!file.endsWith(".json")) continue
+    try {
+      const raw = await fs.readFile(path.join(dir, file), "utf8")
+      results.push(JSON.parse(raw))
+    } catch { /* skip malformed */ }
+  }
+  return results.sort((a, b) => b.timestamp?.localeCompare(a.timestamp ?? "") ?? 0)
+}
+
+/** entryText mirrors the shared/types.ts entryText helper. */
+export function entryText(entry) {
+  return `${entry.key_insight}. ${entry.decision ?? ""}`.trim().replace(/\.\.$/, ".")
+}
+
+/** Rebuild .chronicle/SUMMARY.md from all committed entries. */
+export async function updateSummary(chronicleDir) {
+  const SUMMARY_WEEKS = 12
+  const DIRECTIVE =
+    "<!-- Chronicle Summary v1 — temporal orientation for agents. " +
+    "Use for sequence context; query Oracle by entry ID for full reasoning. -->"
+
+  function isoWeekKey(date) {
+    const d = new Date(Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate()))
+    const day = d.getUTCDay() || 7
+    d.setUTCDate(d.getUTCDate() + 4 - day)
+    const yearStart = new Date(Date.UTC(d.getUTCFullYear(), 0, 1))
+    const week = Math.ceil(((d.getTime() - yearStart.getTime()) / 86_400_000 + 1) / 7)
+    return `${d.getUTCFullYear()}-W${String(week).padStart(2, "0")}`
+  }
+
+  function workRefLabel(entry) {
+    if (!entry.work_ref) return "__none__"
+    const { type, ref } = entry.work_ref
+    return ref ? `[${type} ${ref}]` : `[${type}]`
+  }
+
+  function renderEntry(entry) {
+    const areas = entry.affected_areas.join(", ")
+    const id = entry.id.slice(0, 8)
+    return `- **[${id}]** ${areas} — \`${entry.status}\` (${entry.confidence.toFixed(2)}) — ${entryText(entry)}`
+  }
+
+  const entries = await readCommitted(chronicleDir)
+  if (entries.length === 0) return
+
+  const byWeek = new Map()
+  for (const entry of entries) {
+    const week = isoWeekKey(new Date(entry.timestamp))
+    const bucket = byWeek.get(week) ?? []
+    bucket.push(entry)
+    byWeek.set(week, bucket)
+  }
+
+  const weeks = [...byWeek.keys()].sort().reverse().slice(0, SUMMARY_WEEKS)
+  const lines = [DIRECTIVE, ""]
+
+  for (const week of weeks) {
+    lines.push(`## Week ${week}`, "")
+    const weekEntries = byWeek.get(week)
+    const byWork = new Map()
+    for (const entry of weekEntries) {
+      const key = workRefLabel(entry)
+      const bucket = byWork.get(key) ?? []
+      bucket.push(entry)
+      byWork.set(key, bucket)
+    }
+    const workKeys = [...byWork.keys()].sort((a, b) =>
+      a === "__none__" ? 1 : b === "__none__" ? -1 : a.localeCompare(b))
+    for (const key of workKeys) {
+      lines.push(key === "__none__"
+        ? `### (no work context — query Oracle by entry ID for details)`
+        : `### ${key}`)
+      for (const entry of byWork.get(key)) lines.push(renderEntry(entry))
+      lines.push("")
+    }
+  }
+
+  await fs.writeFile(path.join(chronicleDir, "SUMMARY.md"), lines.join("\n"), "utf8")
+}

package/bin/shared/colors.js

@@ -0,0 +1,22 @@
+#!/usr/bin/env node
+export const c = {
+  bold:   (s) => `\x1b[1m${s}\x1b[0m`,
+  green:  (s) => `\x1b[32m${s}\x1b[0m`,
+  blue:   (s) => `\x1b[34m${s}\x1b[0m`,
+  dim:    (s) => `\x1b[90m${s}\x1b[0m`,
+  yellow: (s) => `\x1b[33m${s}\x1b[0m`,
+  red:    (s) => `\x1b[31m${s}\x1b[0m`,
+  cyan:   (s) => `\x1b[36m${s}\x1b[0m`,
+  magenta:(s) => `\x1b[35m${s}\x1b[0m`,
+}
+
+export const log = {
+  section: (title) => console.log(`\n${c.bold(title)}`),
+  created: (file)  => console.log(`  ${c.green("+ created ")} ${file}`),
+  appended:(file)  => console.log(`  ${c.blue("~ appended")} ${file}`),
+  skipped: (file)  => console.log(`  ${c.dim("· skipped ")} ${file}`),
+  warn:    (msg)   => console.log(`  ${c.yellow("⚠ " + msg)}`),
+  ok:      (msg)   => console.log(`  ${c.green("✓")} ${msg}`),
+  fail:    (msg)   => console.log(`  ${c.red("✗")} ${msg}`),
+  info:    (msg)   => console.log(`  ${c.dim(msg)}`),
+}

package/bin/shared/patterns.js

@@ -0,0 +1,83 @@
+/**
+ * Mirrors modules/jury/preflight.ts (SENSITIVE_PATTERNS, ROLLBACK_PATTERN, TEST_PATTERN)
+ * and modules/council/risk.ts (RISK_RULES).
+ * Keep these in sync when modifying those files.
+ */
+
+export const SENSITIVE_PATTERNS = {
+  auth:          /\b(auth(?:entication|orization)?|jwt|token|session|password|oauth|login|logout|credential|bearer)\b/i,
+  database:      /\b(migrat(?:ion|e)|alter\s+table|schema\s+change|postgres|mysql|sqlite|prisma|drizzle|knex|sequelize)\b/i,
+  crypto:        /\b(encrypt|decrypt|cipher|hash(?:ing)?|hmac|sign(?:ing)?|verify|private\s+key|certificate|tls|ssl)\b/i,
+  payments:      /\b(payment|stripe|charge|billing|invoice|subscription|price|checkout|refund)\b/i,
+  permissions:   /\b(permission|role(?:s)?|acl|access\s+control|rbac|authorization|entitlement)\b/i,
+  pii:           /\b(pii|personal\s+data|gdpr|ccpa|email(?:\s+address)?|phone(?:\s+number)?|postal\s+address|ssn|passport)\b/i,
+  data_deletion: /\b(delete(?:\s+all)?|drop\s+table|truncate|purge|wipe|destroy.*data|hard\s+delete)\b/i,
+  secrets:       /\b(api\s+key|secret(?:s)?|env(?:ironment)?\s+var(?:iable)?|\.env|private\s+key|credentials?)\b/i,
+}
+
+export const ROLLBACK_PATTERN = /\b(rollback|roll\s+back|revert|undo|restore|recovery|fallback|backward[- ]compat)\b/i
+export const TEST_PATTERN     = /\b(test(?:ing|s)?|spec(?:ification)?|unit\s+test|integration\s+test|coverage|vitest|jest|mocha)\b/i
+
+const RISK_RULES = [
+  // Critical
+  { pattern: /\b(auth(?:entication|orization)?|jwt|token|session|password|oauth|credential|bearer)\b/i, level: "critical", reason: "authentication or authorisation logic" },
+  { pattern: /\b(payment|stripe|charge|billing|checkout|refund|subscription)\b/i,                       level: "critical", reason: "payment or billing logic" },
+  { pattern: /\b(encrypt|decrypt|private\s+key|certificate|tls|ssl|hmac|cipher)\b/i,                   level: "critical", reason: "cryptography or key management" },
+  { pattern: /\b(delete\s+all|drop\s+table|truncate|wipe|destroy.*data|hard\s+delete)\b/i,             level: "critical", reason: "irreversible data deletion" },
+  // High
+  { pattern: /\b(migrat(?:ion|e)|alter\s+table|schema\s+change|not\s+null|backfill|pg_repack|shadow\s+column)\b/i, level: "high", reason: "database schema migration" },
+  { pattern: /\b(permission|role(?:s)?|acl|rbac|access\s+control|entitlement)\b/i,                     level: "high", reason: "permissions or access control" },
+  { pattern: /\b(pii|personal\s+data|gdpr|ccpa|email(?:\s+address)?|phone(?:\s+number)?|ssn|passport)\b/i, level: "high", reason: "PII or compliance-regulated data" },
+  { pattern: /\b(api\s+key|secret(?:s)?|private\s+key|credentials?)\b/i,                               level: "high", reason: "secrets or credentials handling" },
+  // Medium
+  { pattern: /\b(cache|redis|memcached|invalidat(?:e|ion))\b/i,                                         level: "medium", reason: "cache strategy" },
+  { pattern: /\b(rate\s*limit|throttl(?:e|ing)|quota)\b/i,                                             level: "medium", reason: "rate limiting or throttling" },
+  { pattern: /\b(webhook|event|queue|pubsub|kafka|rabbitmq|sns|sqs)\b/i,                               level: "medium", reason: "async event or messaging" },
+  { pattern: /\b(deploy(?:ment)?|ci(?:\/cd)?|docker|kubernetes|infra(?:structure)?)\b/i,               level: "medium", reason: "deployment or infrastructure" },
+]
+
+const RISK_ORDER = ["low", "medium", "high", "critical"]
+
+function maxLevel(a, b) {
+  return RISK_ORDER.indexOf(a) >= RISK_ORDER.indexOf(b) ? a : b
+}
+
+export function runPreflight(outcome, design) {
+  const text = `${outcome} ${design}`
+  const sensitive_areas = Object.entries(SENSITIVE_PATTERNS)
+    .filter(([, pattern]) => pattern.test(text))
+    .map(([area]) => area)
+  return {
+    touches_sensitive_area: sensitive_areas.length > 0,
+    sensitive_areas,
+    rollback_mentioned:      ROLLBACK_PATTERN.test(text),
+    test_strategy_mentioned: TEST_PATTERN.test(text),
+  }
+}
+
+export function classifyRisk(outcome, design, refutedCount = 0) {
+  const text = `${outcome} ${design}`
+  let level = "low"
+  const reasons = []
+
+  for (const rule of RISK_RULES) {
+    if (rule.pattern.test(text)) {
+      const prev = level
+      level = maxLevel(level, rule.level)
+      if (!reasons.includes(rule.reason)) reasons.push(rule.reason)
+      void prev
+    }
+  }
+
+  if (refutedCount > 0) {
+    const refutedRisk = refutedCount >= 2 ? "high" : "medium"
+    level = maxLevel(level, refutedRisk)
+    reasons.push(`${refutedCount} refuted Chronicle ${refutedCount === 1 ? "entry" : "entries"} in evidence pack`)
+  }
+
+  return {
+    level,
+    reasons: reasons.length > 0 ? reasons : ["no sensitive patterns detected"],
+    council_mode: level === "low" ? "jury-only" : level === "medium" ? "lite" : "full",
+  }
+}

package/evals/__tests__/eval.test.ts

@@ -0,0 +1,31 @@
+/**
+ * Eval suite — runs all cases from evals/cases/ through deterministic checks.
+ *
+ * Deterministic assertions (preflight, risk classifier) run on every CI pass.
+ * LLM-dependent assertions (jury confidence, council recommendation) are skipped
+ * unless EVAL_LLM env var is set — they are too slow and costly for standard CI.
+ *
+ * To run with a real LLM locally:
+ *   EVAL_LLM=1 OPENAI_API_KEY=sk-... npx vitest run evals/
+ */
+import { describe, it, expect } from "vitest"
+import path from "path"
+import { loadCases, runCase } from "../runner"
+
+describe("eval suite — deterministic checks", async () => {
+  const cases = await loadCases(path.join(__dirname, "../cases"))
+
+  for (const evalCase of cases) {
+    it(`[${evalCase.id}] ${evalCase.description}`, async () => {
+      // No LLM — only runs deterministic assertions (preflight + risk classifier)
+      const result = await runCase(evalCase)
+
+      if (!result.passed) {
+        // Surface all failures clearly
+        throw new Error(
+          `Eval case "${evalCase.id}" failed:\n${result.failures.map(f => `  • ${f}`).join("\n")}`,
+        )
+      }
+    })
+  }
+})

package/evals/cases/auth_hs256_rejected.json

@@ -0,0 +1,46 @@
+{
+  "id": "auth_hs256_rejected",
+  "description": "Proposing HS256 JWT when RS256 was already chosen — should block",
+  "outcome": "Add JWT authentication to the API",
+  "design": "Use HS256 symmetric JWT tokens with a shared secret stored in environment variables",
+  "oracle_evidence": [
+    {
+      "id": "auth-022",
+      "key_insight": "HS256 JWT rejected — no way to rotate keys without invalidating all active sessions",
+      "decision": "HS256 JWT rejected — no way to rotate keys without invalidating all active sessions. Use RS256.",
+      "schema_version": 2,
+      "affected_areas": ["src/auth/", "src/middleware/"],
+      "scope": ["auth", "sessions"],
+      "status": "refuted",
+      "confidence": 0.91,
+      "source_module": "council",
+      "evidence_cited": [],
+      "timestamp": "2025-03-01T09:00:00Z"
+    },
+    {
+      "id": "auth-031",
+      "key_insight": "RS256 with short-lived tokens and refresh rotation in httpOnly cookies is the approved pattern",
+      "decision": "RS256 with 15-min access tokens and refresh rotation stored in httpOnly cookies is the approved auth pattern",
+      "schema_version": 2,
+      "affected_areas": ["src/auth/", "src/middleware/"],
+      "scope": ["auth", "sessions"],
+      "status": "validated",
+      "confidence": 0.88,
+      "source_module": "council",
+      "evidence_cited": ["auth-022"],
+      "timestamp": "2025-03-15T11:00:00Z"
+    }
+  ],
+  "expected": {
+    "jury_max_confidence": 0.45,
+    "council_recommendation": "redesign",
+    "must_flag": ["key rotation", "HS256"],
+    "must_cite": ["auth-022"],
+    "risk_level": "critical",
+    "preflight_expects": {
+      "touches_sensitive_area": true,
+      "sensitive_areas_include": ["auth"],
+      "chronicle_conflicts": ["auth-022"]
+    }
+  }
+}

package/evals/cases/auth_rs256_valid.json

@@ -0,0 +1,30 @@
+{
+  "id": "auth_rs256_valid",
+  "description": "Proposing the already-approved RS256 pattern — should proceed",
+  "outcome": "Add JWT authentication to the API",
+  "design": "RS256 tokens with 15-minute expiry and refresh rotation stored in httpOnly cookies, matching the approved pattern in Chronicle",
+  "oracle_evidence": [
+    {
+      "id": "auth-031",
+      "key_insight": "RS256 with short-lived tokens and refresh rotation in httpOnly cookies is the approved pattern",
+      "decision": "RS256 with 15-min access tokens and refresh rotation stored in httpOnly cookies is the approved auth pattern",
+      "schema_version": 2,
+      "affected_areas": ["src/auth/", "src/middleware/"],
+      "scope": ["auth", "sessions"],
+      "status": "validated",
+      "confidence": 0.88,
+      "source_module": "council",
+      "evidence_cited": [],
+      "timestamp": "2025-03-15T11:00:00Z"
+    }
+  ],
+  "expected": {
+    "jury_min_confidence": 0.65,
+    "council_recommendation": "proceed",
+    "must_not_flag": ["key rotation problem"],
+    "risk_level": "critical",
+    "preflight_expects": {
+      "touches_sensitive_area": true
+    }
+  }
+}

package/evals/cases/cache_missing_lock.json

@@ -0,0 +1,31 @@
+{
+  "id": "cache_missing_lock",
+  "description": "Cache implementation missing stampede protection — should warn or block",
+  "outcome": "Cache expensive product catalogue queries in Redis",
+  "design": "On cache miss, fetch from database and write to Redis with a 5-minute TTL. No locking strategy.",
+  "oracle_evidence": [
+    {
+      "id": "cache-008",
+      "key_insight": "Redis cache without stampede protection caused DB overload during peak traffic",
+      "decision": "Redis cache without stampede protection caused DB overload — all cache misses hit DB simultaneously during spikes",
+      "schema_version": 2,
+      "affected_areas": ["src/cache/", "src/api/products.ts"],
+      "scope": ["cache", "performance"],
+      "status": "refuted",
+      "confidence": 0.85,
+      "source_module": "council",
+      "evidence_cited": [],
+      "timestamp": "2025-02-20T14:00:00Z"
+    }
+  ],
+  "expected": {
+    "jury_max_confidence": 0.60,
+    "council_recommendation": "redesign",
+    "must_flag": ["stampede", "lock"],
+    "must_cite": ["cache-008"],
+    "risk_level": "medium",
+    "preflight_expects": {
+      "chronicle_conflicts": ["cache-008"]
+    }
+  }
+}

package/evals/cases/db_naive_not_null.json

@@ -0,0 +1,32 @@
+{
+  "id": "db_naive_not_null",
+  "description": "Naive NOT NULL migration on a large table — should block",
+  "outcome": "Add a NOT NULL region column to the users table",
+  "design": "Run ALTER TABLE users ADD COLUMN region TEXT NOT NULL DEFAULT 'uk'",
+  "oracle_evidence": [
+    {
+      "id": "db-017",
+      "key_insight": "Avoid naive locking migrations on large tables",
+      "decision": "Avoid naive locking migrations on large tables — use shadow column pattern or pg_repack",
+      "schema_version": 2,
+      "affected_areas": ["db/migrations", "src/models/user.ts"],
+      "scope": ["database", "migrations"],
+      "status": "refuted",
+      "confidence": 0.91,
+      "source_module": "council",
+      "evidence_cited": [],
+      "timestamp": "2025-01-10T10:00:00Z"
+    }
+  ],
+  "expected": {
+    "jury_max_confidence": 0.55,
+    "council_recommendation": "redesign",
+    "must_flag": ["lock strategy", "rollback"],
+    "must_cite": ["db-017"],
+    "risk_level": "high",
+    "preflight_expects": {
+      "rollback_mentioned": false,
+      "chronicle_conflicts": ["db-017"]
+    }
+  }
+}

package/evals/cases/logging_pii_leak.json

@@ -0,0 +1,32 @@
+{
+  "id": "logging_pii_leak",
+  "description": "Logging request bodies that contain PII — should block",
+  "outcome": "Add structured request logging to the API for debugging",
+  "design": "Log full request body including email, name, and any user-submitted fields to stdout using JSON format",
+  "oracle_evidence": [
+    {
+      "id": "sec-003",
+      "key_insight": "Logging PII fields violates GDPR and our data retention policy",
+      "decision": "Logging PII fields (email, name, address) violates GDPR Article 5 — all request logging must scrub or omit PII fields",
+      "schema_version": 2,
+      "affected_areas": ["src/middleware/logger.ts", "src/api/"],
+      "scope": ["pii", "compliance", "logging"],
+      "status": "validated",
+      "confidence": 0.95,
+      "source_module": "council",
+      "evidence_cited": [],
+      "timestamp": "2025-01-05T08:00:00Z"
+    }
+  ],
+  "expected": {
+    "jury_max_confidence": 0.40,
+    "council_recommendation": "redesign",
+    "must_flag": ["PII", "GDPR", "email"],
+    "must_cite": ["sec-003"],
+    "risk_level": "high",
+    "preflight_expects": {
+      "touches_sensitive_area": true,
+      "sensitive_areas_include": ["pii"]
+    }
+  }
+}

package/evals/cases/migration_with_rollback.json

@@ -0,0 +1,43 @@
+{
+  "id": "migration_with_rollback",
+  "description": "DB migration that explicitly addresses rollback and uses safe pattern — should proceed",
+  "outcome": "Add a NOT NULL region column to the users table",
+  "design": "Use shadow column pattern: add region TEXT NULLABLE, backfill via batched update, then add NOT NULL constraint after 100% fill confirmed. Rollback: drop shadow column. Uses pg_repack to avoid exclusive locks.",
+  "oracle_evidence": [
+    {
+      "id": "db-017",
+      "key_insight": "Avoid naive locking migrations on large tables — use shadow column pattern or pg_repack",
+      "decision": "Avoid naive locking migrations on large tables — use shadow column pattern or pg_repack",
+      "schema_version": 2,
+      "affected_areas": ["db/migrations", "src/models/user.ts"],
+      "scope": ["database", "migrations"],
+      "status": "refuted",
+      "confidence": 0.91,
+      "source_module": "council",
+      "evidence_cited": [],
+      "timestamp": "2025-01-10T10:00:00Z"
+    },
+    {
+      "id": "db-019",
+      "key_insight": "Shadow column pattern with batched backfill is the approved approach for NOT NULL migrations",
+      "decision": "Shadow column pattern with batched backfill is the approved approach for large NOT NULL migrations",
+      "schema_version": 2,
+      "affected_areas": ["db/migrations"],
+      "scope": ["database", "migrations"],
+      "status": "validated",
+      "confidence": 0.87,
+      "source_module": "council",
+      "evidence_cited": ["db-017"],
+      "timestamp": "2025-02-01T12:00:00Z"
+    }
+  ],
+  "expected": {
+    "jury_min_confidence": 0.65,
+    "council_recommendation": "proceed",
+    "risk_level": "high",
+    "preflight_expects": {
+      "rollback_mentioned": true,
+      "chronicle_conflicts": ["db-017"]
+    }
+  }
+}

package/evals/cases/no_evidence_novel_design.json

@@ -0,0 +1,16 @@
+{
+  "id": "no_evidence_novel_design",
+  "description": "Novel design with no Chronicle evidence either way — should investigate-more",
+  "outcome": "Implement real-time collaboration features using WebSockets",
+  "design": "Use Socket.io for bi-directional communication, Redis pub/sub for multi-instance message fanout, and optimistic UI updates with conflict resolution via last-write-wins",
+  "oracle_evidence": [],
+  "expected": {
+    "jury_max_confidence": 0.65,
+    "council_recommendation": "investigate-more",
+    "risk_level": "medium",
+    "preflight_expects": {
+      "touches_sensitive_area": false,
+      "chronicle_conflicts": []
+    }
+  }
+}

package/evals/cases/payment_no_idempotency.json

@@ -0,0 +1,33 @@
+{
+  "id": "payment_no_idempotency",
+  "description": "Payment charge without idempotency key — should block",
+  "outcome": "Implement one-click repurchase for customers",
+  "design": "On button click, POST /api/charge with the stored card token and amount. Retry on network failure up to 3 times.",
+  "oracle_evidence": [
+    {
+      "id": "pay-004",
+      "key_insight": "Payment charges without idempotency keys caused duplicate charges during network retries",
+      "decision": "All payment charge requests must include a Stripe idempotency key — retries without idempotency keys caused duplicate charges in production",
+      "schema_version": 2,
+      "affected_areas": ["src/payments/", "src/api/checkout.ts"],
+      "scope": ["payments", "stripe"],
+      "status": "refuted",
+      "confidence": 0.97,
+      "source_module": "council",
+      "evidence_cited": [],
+      "timestamp": "2025-04-01T16:00:00Z"
+    }
+  ],
+  "expected": {
+    "jury_max_confidence": 0.40,
+    "council_recommendation": "redesign",
+    "must_flag": ["idempotency", "duplicate charge"],
+    "must_cite": ["pay-004"],
+    "risk_level": "critical",
+    "preflight_expects": {
+      "touches_sensitive_area": true,
+      "sensitive_areas_include": ["payments"],
+      "chronicle_conflicts": ["pay-004"]
+    }
+  }
+}

package/evals/cases/redis_session_rejected.json

@@ -0,0 +1,32 @@
+{
+  "id": "redis_session_rejected",
+  "description": "Proposing Redis sessions when they were already removed — should block",
+  "outcome": "Implement user session management",
+  "design": "Store session data in Redis with a 30-minute TTL and auto-extend on activity. Use express-session with connect-redis.",
+  "oracle_evidence": [
+    {
+      "id": "auth-015",
+      "key_insight": "Redis sessions removed due to memory overhead at scale and operational complexity",
+      "decision": "Redis sessions removed — memory overhead at scale was unsustainable and operational complexity (Redis cluster, failover) added too much risk",
+      "schema_version": 2,
+      "affected_areas": ["src/auth/", "src/middleware/session.ts"],
+      "scope": ["auth", "sessions", "infrastructure"],
+      "status": "refuted",
+      "confidence": 0.89,
+      "source_module": "council",
+      "evidence_cited": [],
+      "timestamp": "2025-02-10T15:00:00Z"
+    }
+  ],
+  "expected": {
+    "jury_max_confidence": 0.50,
+    "council_recommendation": "redesign",
+    "must_flag": ["memory overhead", "Redis"],
+    "must_cite": ["auth-015"],
+    "risk_level": "critical",
+    "preflight_expects": {
+      "touches_sensitive_area": true,
+      "chronicle_conflicts": ["auth-015"]
+    }
+  }
+}

package/evals/cases/safe_refactor.json

@@ -0,0 +1,17 @@
+{
+  "id": "safe_refactor",
+  "description": "Low-risk internal refactor with no sensitive areas — should proceed without friction",
+  "outcome": "Rename internal helper functions in the reporting module for consistency",
+  "design": "Rename generateCsvReport to exportReportAsCsv and generatePdfReport to exportReportAsPdf in src/reports/. Update all callers. No behaviour change.",
+  "oracle_evidence": [],
+  "expected": {
+    "jury_min_confidence": 0.70,
+    "council_recommendation": "proceed",
+    "risk_level": "low",
+    "preflight_expects": {
+      "touches_sensitive_area": false,
+      "rollback_mentioned": false,
+      "chronicle_conflicts": []
+    }
+  }
+}