@bookedsolid/rea 0.28.2 → 0.29.0

package/dist/cli/hook.js

@@ -38,6 +38,8 @@ import { runBlockedScan, runProtectedScan } from '../hooks/bash-scanner/index.js
 import { loadPolicy } from '../policy/loader.js';
 import { appendAuditRecord, InvocationStatus, Tier } from '../audit/append.js';
 import { CODEX_REVIEW_TOOL_NAME, CODEX_REVIEW_SERVER_NAME, } from '../audit/codex-event.js';
+import { DELEGATION_SIGNAL_TOOL_NAME, DELEGATION_SIGNAL_SERVER_NAME, DELEGATION_SIGNAL_SCHEMA_VERSION, DelegationSignalMetadataSchema, } from '../audit/delegation-event.js';
+import { compileDefaultSecretPatterns, redactSecrets, } from '../gateway/middleware/redact.js';
 import { CodexNotInstalledError, CodexProtocolError, CodexSubprocessError, CodexTimeoutError, IRON_GATE_DEFAULT_MODEL, IRON_GATE_DEFAULT_REASONING, createRealGitExecutor, runCodexReview, } from '../hooks/push-gate/codex-runner.js';
 import { resolveBaseRef } from '../hooks/push-gate/base.js';
 import { resolvePushGatePolicy } from '../hooks/push-gate/policy.js';
@@ -577,18 +579,296 @@ export async function runHookCodexReview(options) {
     }
     process.exit(exitCode);
 }
+/**
+ * Cached default secret patterns for the redact path. Compiling the
+ * regex set is non-trivial (it spawns a worker per pattern), so cache
+ * across invocations. CLI process lifecycle is short enough that this
+ * is effectively per-process.
+ */
+let _delegationSecretPatterns = null;
+function getDelegationSecretPatterns() {
+    if (_delegationSecretPatterns === null) {
+        // Per-pattern timeout budget. The redact-safe wrapper runs each
+        // regex in a worker thread, and the worker spawn itself takes
+        // ~1ms on hot paths but 50–200ms cold. The spec asked for 50ms
+        // but that value caused spurious timeouts in cold-process tests
+        // (the very first PreToolUse hook invocation in a fresh shell)
+        // and converted every input into the timeout sentinel, leaking
+        // false-positive redactions. 250ms is generous enough to absorb
+        // a cold worker spawn while still bounded enough that the
+        // delegation-capture hook stays well under its 5s settings.json
+        // timeout. The hook itself backgrounds the CLI call so this
+        // budget never gates Claude Code's tool dispatch.
+        _delegationSecretPatterns = compileDefaultSecretPatterns({ timeoutMs: 250 });
+    }
+    return _delegationSecretPatterns;
+}
+/**
+ * Apply `redactSecrets` to a single string field. Returns the
+ * (possibly redacted) string plus the list of pattern names that
+ * fired. On timeout, returns `'[REDACTED: pattern timeout]'` (the
+ * sentinel from redact.ts) and the timeout pattern name so the audit
+ * envelope still records the redaction happened.
+ *
+ * Best-effort: any exception in the redact path returns the input
+ * unchanged + an empty pattern list. The audit record is observational
+ * — failing the whole signal because the redact timer threw would lose
+ * the signal entirely.
+ */
+/**
+ * Sentinel emitted when redaction is unable to make a definitive
+ * decision (regex timeout, worker error). The redactor's invariant is
+ * "never let a potentially secret-bearing string pass through
+ * unredacted on failure" — that invariant MUST hold for the
+ * delegation-signal path too. Falling back to the raw input on
+ * timeout would silently leak a planted credential into
+ * .rea/audit.jsonl. Codex round 2 P1 (2026-05-12).
+ */
+const REDACT_INDETERMINATE_SENTINEL = '[REDACTED: indeterminate]';
+function redactField(value) {
+    try {
+        const { output, redacted, timedOut } = redactSecrets(value, getDelegationSecretPatterns());
+        // Timeout: the redactor's `[REDACTED: pattern timeout]` output
+        // already says "I couldn't decide". Treat that as a full-field
+        // redaction here too — under no circumstance let the raw input
+        // through when the scanner failed to complete. This is the
+        // fail-closed posture redact.ts itself takes; we mirror it.
+        // The redactor's own telemetry separately records the timeout
+        // (REDACT_TIMEOUT_METADATA_KEY), so observability isn't lost.
+        if (timedOut) {
+            return {
+                value: REDACT_INDETERMINATE_SENTINEL,
+                patterns: ['redact_timeout'],
+            };
+        }
+        if (redacted.length === 0)
+            return { value, patterns: [] };
+        // The redact contract replaces matched substrings with `[REDACTED]`.
+        // For a short identifier field like `subagent_type`, treat any hit
+        // as a full-field redaction so a partial match doesn't leak the
+        // surrounding context.
+        return { value: output.includes('[REDACTED') ? '[REDACTED]' : output, patterns: redacted };
+    }
+    catch {
+        // Synchronous redactor exception (extremely rare — the wrapper
+        // catches its own errors). Fail closed: indeterminate sentinel.
+        return {
+            value: REDACT_INDETERMINATE_SENTINEL,
+            patterns: ['redact_error'],
+        };
+    }
+}
+/**
+ * The actual audit-write — wrapped so it can run inline (default) or
+ * as a detached background tail call (`--detach`). Returns the
+ * promise; the caller decides whether to await it.
+ */
+async function writeDelegationSignal(baseDir, metadata, redactedFields, sessionId) {
+    // Defense-in-depth: validate the metadata shape against the strict
+    // zod schema before handing it off to `appendAuditRecord`. A future
+    // refactor that introduces a field-name typo here would otherwise
+    // silently land a malformed line in the chain.
+    const parsed = DelegationSignalMetadataSchema.safeParse(metadata);
+    if (!parsed.success) {
+        process.stderr.write(`[rea] delegation-signal: metadata failed strict-mode validation: ${parsed.error.message}\n`);
+        return;
+    }
+    await appendAuditRecord(baseDir, {
+        tool_name: DELEGATION_SIGNAL_TOOL_NAME,
+        server_name: DELEGATION_SIGNAL_SERVER_NAME,
+        tier: Tier.Read,
+        status: InvocationStatus.Allowed,
+        session_id: sessionId,
+        ...(redactedFields.length > 0 ? { redacted_fields: redactedFields } : {}),
+        metadata: parsed.data,
+    });
+}
+/**
+ * Read the hook stdin payload, redact + hash, and either await the
+ * audit append OR fire-and-forget it (when `--detach` is set).
+ *
+ * Exit-code contract: ALWAYS exit 0. The delegation signal is
+ * observational, not gating — failure to write the record must NOT
+ * block Claude Code's tool dispatch. Errors are surfaced on stderr.
+ */
+export async function runHookDelegationSignal(options) {
+    const baseDir = options.reaRoot ?? process.env['CLAUDE_PROJECT_DIR'] ?? process.cwd();
+    const lockTimeoutMs = options.lockTimeoutMs ?? 2000;
+    // Read stdin. TTY → empty (no harness payload available, nothing to
+    // emit — exit 0 silently). Timeout 1s; the hook shim feeds us a
+    // small JSON blob that fully prints in milliseconds.
+    const stdinRaw = process.stdin.isTTY ? '' : await readStdinWithTimeout(1_000);
+    if (stdinRaw.length === 0) {
+        process.exit(0);
+    }
+    let payload;
+    try {
+        payload = JSON.parse(stdinRaw);
+    }
+    catch (e) {
+        // Malformed payload — observational signal only, exit 0 silently
+        // with stderr breadcrumb. Failing here would propagate to the hook
+        // shim and risk blocking the underlying Agent/Skill dispatch.
+        process.stderr.write(`[rea] delegation-signal: malformed stdin JSON (${e instanceof Error ? e.message : String(e)}), signal dropped\n`);
+        process.exit(0);
+    }
+    // Resolve which delegation tool fired. Anything else is a misfire at
+    // the matcher layer (Claude Code routed a non-delegation tool to us)
+    // — exit 0 silently.
+    const rawToolName = typeof payload.tool_name === 'string' ? payload.tool_name : '';
+    const delegationTool = rawToolName === 'Agent' ? 'Agent' : rawToolName === 'Skill' ? 'Skill' : null;
+    if (delegationTool === null) {
+        process.exit(0);
+    }
+    // Extract the agent / skill name. Agent → tool_input.subagent_type;
+    // Skill → tool_input.skill. Missing → emit a placeholder ('unknown')
+    // so the chain still records the delegation event.
+    const ti = payload.tool_input ?? {};
+    let rawSubagentType = '';
+    if (delegationTool === 'Agent' && typeof ti.subagent_type === 'string') {
+        rawSubagentType = ti.subagent_type;
+    }
+    else if (delegationTool === 'Skill' && typeof ti.skill === 'string') {
+        rawSubagentType = ti.skill;
+    }
+    if (rawSubagentType.length === 0)
+        rawSubagentType = 'unknown';
+    // Parent subagent — Claude Code surfaces this either as
+    // `tool_input.parent_subagent_type` (when the dispatcher attaches
+    // it to the payload) or as the `CLAUDE_PARENT_SUBAGENT` env var
+    // (the alternate source the integrated spec calls out). Payload
+    // wins when both are present — payload is closer to the originating
+    // event and the env var can be stale across subprocess fan-out.
+    // Codex round 4 P2 (2026-05-12): pre-fix the env-var source was
+    // ignored and every nested delegation was recorded as null,
+    // defeating the parent/child telemetry the field was added for.
+    let rawParent = null;
+    if (typeof ti.parent_subagent_type === 'string' && ti.parent_subagent_type.length > 0) {
+        rawParent = ti.parent_subagent_type;
+    }
+    else {
+        const envParent = process.env['CLAUDE_PARENT_SUBAGENT'];
+        if (typeof envParent === 'string' && envParent.length > 0) {
+            rawParent = envParent;
+        }
+    }
+    // Description / prompt → SHA-256, never persisted in clear.
+    // Agent dispatches the prompt under `description`; Skill under
+    // `prompt`. When neither is present we hash the empty string so the
+    // field is always present.
+    const rawDescription = delegationTool === 'Agent' && typeof ti.description === 'string'
+        ? ti.description
+        : delegationTool === 'Skill' && typeof ti.prompt === 'string'
+            ? ti.prompt
+            : '';
+    const descriptionHash = crypto.createHash('sha256').update(rawDescription).digest('hex');
+    // Run subagent_type + parent_subagent_type through the redact path.
+    // A planted credential string in either field is replaced with
+    // [REDACTED] before landing in the audit log.
+    const redactedFields = [];
+    const sub = redactField(rawSubagentType);
+    if (sub.patterns.length > 0) {
+        redactedFields.push('metadata.subagent_type');
+    }
+    let parentValue = rawParent;
+    if (rawParent !== null) {
+        const parentRed = redactField(rawParent);
+        parentValue = parentRed.value;
+        if (parentRed.patterns.length > 0) {
+            redactedFields.push('metadata.parent_subagent_type');
+        }
+    }
+    const sessionIdObserved = typeof payload.session_id === 'string' && payload.session_id.length > 0
+        ? payload.session_id
+        : 'unknown';
+    const hookEventTimestamp = typeof payload.hook_event_timestamp === 'string' && payload.hook_event_timestamp.length > 0
+        ? payload.hook_event_timestamp
+        : undefined;
+    const metadata = {
+        schema_version: DELEGATION_SIGNAL_SCHEMA_VERSION,
+        delegation_tool: delegationTool,
+        subagent_type: sub.value,
+        session_id_observed: sessionIdObserved,
+        parent_subagent_type: parentValue,
+        invocation_description_sha256: descriptionHash,
+        ...(hookEventTimestamp !== undefined ? { hook_event_timestamp: hookEventTimestamp } : {}),
+    };
+    // Audit envelope `session_id` carries the observed session so a
+    // future reader can correlate without traversing metadata. (The
+    // envelope value is duplicated in metadata.session_id_observed for
+    // record-self-containment.)
+    const writePromise = writeDelegationSignal(baseDir, metadata, redactedFields, sessionIdObserved);
+    // The audit append must complete BEFORE this CLI process exits.
+    // Earlier iterations treated `--detach` as "fire-and-forget at the
+    // CLI level", but Node terminates a process when the event loop has
+    // no more sync work — and `appendAuditRecord()` is async filesystem
+    // work that does NOT keep the process alive across `process.exit`.
+    // The fire-and-forget concept lives one level UP, in the SHELL hook:
+    // the .sh stub backgrounds this entire CLI invocation with `&` +
+    // `disown` so Claude Code's tool dispatch is not blocked. From inside
+    // the CLI we always wait for the append.
+    //
+    // Codex round 1 P1 (2026-05-12): the previous implementation called
+    // `process.exit(0)` immediately after kicking off the promise under
+    // `--detach`. Tests stubbed `process.exit` so the promise still ran
+    // to completion in-test, masking the bug. In production every
+    // Agent/Skill dispatch silently dropped its delegation record.
+    //
+    // `--detach` is RETAINED as a flag for backwards compat with the
+    // shell hook stub's `--detach &` argv (and to document that the
+    // shell hook is the backgrounding layer, not the CLI). Its only
+    // remaining effect is the doc comment and an audit-append-failure
+    // mode that NEVER emits to stderr (no parent shell is listening
+    // when the CLI ran detached).
+    const detached = options.detach === true;
+    let timer = null;
+    try {
+        await Promise.race([
+            writePromise,
+            new Promise((resolve) => {
+                timer = setTimeout(() => resolve('timeout'), lockTimeoutMs);
+                timer.unref?.();
+            }).then((tag) => {
+                if (tag === 'timeout') {
+                    if (!detached) {
+                        process.stderr.write(`[rea] delegation-signal: lock timeout, signal dropped\n`);
+                    }
+                    // Surface the eventual error so it doesn't escape as an
+                    // unhandled rejection after we've exited the await.
+                    writePromise.catch(() => {
+                        /* already reported via stderr */
+                    });
+                    return;
+                }
+            }),
+        ]);
+    }
+    catch (e) {
+        // Append failure (e.g. ENOSPC) — surface to stderr unless we ran
+        // detached (no parent shell is listening).
+        if (!detached) {
+            process.stderr.write(`[rea] delegation-signal: audit append failed: ${e instanceof Error ? e.message : String(e)}\n`);
+        }
+    }
+    finally {
+        if (timer !== null)
+            clearTimeout(timer);
+    }
+    process.exit(0);
+}
 /**
  * Attach the `rea hook` subcommand tree to a commander Program.
  *
  * Subcommands:
- *   - `push-gate`     — stateless pre-push Codex review (called by husky).
- *   - `scan-bash`     — parser-backed bash-tier scanner (called by Claude
- *                       Code shim hooks).
- *   - `policy-get`    — single-source-of-truth policy reader for bash hooks.
- *   - `codex-review`  — thin Bash-direct codex invocation (0.27.0+) for
- *                       marathon-mode review cycles. The canonical
- *                       invocation that all agents and slash commands
- *                       route through.
+ *   - `push-gate`           — stateless pre-push Codex review (called by husky).
+ *   - `scan-bash`           — parser-backed bash-tier scanner (called by Claude
+ *                             Code shim hooks).
+ *   - `policy-get`          — single-source-of-truth policy reader for bash hooks.
+ *   - `codex-review`        — thin Bash-direct codex invocation (0.27.0+) for
+ *                             marathon-mode review cycles.
+ *   - `delegation-signal`   — 0.29.0 delegation-telemetry MVP. Reads a Claude
+ *                             Code PreToolUse hook payload for `Agent` / `Skill`
+ *                             and emits a `rea.delegation_signal` audit record.
  *
  * New hooks should land here rather than as top-level commands so the
  * CLI surface stays navigable.
@@ -653,6 +933,23 @@ export function registerHookCommand(program) {
             ...(opts.json === true ? { json: true } : {}),
         });
     });
+    hook
+        .command('delegation-signal')
+        .description('Read a Claude Code PreToolUse hook payload for `Agent` or `Skill` from stdin and emit a `rea.delegation_signal` audit record (0.29.0+). Observational telemetry only — exit ALWAYS 0; failure to write the record never blocks tool dispatch. The hook shim at `.claude/hooks/delegation-capture.sh` invokes this with `--detach` so the Agent/Skill call proceeds without waiting on the audit lock.')
+        .option('--detach', 'fire the audit append in the background and return immediately. Set by the shell hook stub so worst-case latency stays low under lock contention.')
+        .option('--lock-timeout-ms <n>', 'milliseconds to wait for the audit-chain lock before dropping the signal. Default 2000.', (raw) => {
+        const n = Number(raw);
+        if (!Number.isInteger(n) || n <= 0) {
+            throw new Error(`--lock-timeout-ms must be a positive integer, got ${JSON.stringify(raw)}`);
+        }
+        return n;
+    })
+        .action(async (opts) => {
+        await runHookDelegationSignal({
+            ...(opts.detach === true ? { detach: true } : {}),
+            ...(opts.lockTimeoutMs !== undefined ? { lockTimeoutMs: opts.lockTimeoutMs } : {}),
+        });
+    });
     hook
         .command('policy-get')
         .description('Read a value from `.rea/policy.yaml` via the canonical YAML parser. Used by bash-tier hooks (`hooks/_lib/policy-read.sh::policy_nested_scalar`) so inline AND block YAML forms agree at a single source of truth. Default scalar mode: prints raw value or empty. With `--json`: emits JSON (scalar or object/array; missing path → `null`). Unparseable YAML → empty / null, exit 1.')

package/dist/cli/index.js

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
 import { runAuditRotate, runAuditVerify } from './audit.js';
+import { registerAuditSpecialistsSubcommand } from './audit-specialists.js';
 import { runCheck } from './check.js';
 import { registerHookCommand } from './hook.js';
 import { runDoctor } from './doctor.js';
@@ -106,6 +107,10 @@ async function main() {
         .action(async (opts) => {
         await runAuditVerify({ ...(opts.since !== undefined ? { since: opts.since } : {}) });
     });
+    // 0.29.0 — `rea audit specialists` reader for delegation-telemetry
+    // records. Read-only; honors $CLAUDE_SESSION_ID for current-session
+    // filtering. v1 omits --since / --session (deferred to 0.29.1).
+    registerAuditSpecialistsSubcommand(audit);
     // Register `rea hook push-gate` — the stateless pre-push Codex gate
     // called by `.husky/pre-push` and `.git/hooks/pre-push`.
     registerHookCommand(program);
@@ -143,10 +148,12 @@ async function main() {
         .description('Validate the install: policy parses, .rea/ layout, hooks, Codex plugin.')
         .option('--metrics', 'also print a 7-day summary of Codex telemetry (G11.5)')
         .option('--drift', 'report drift vs. the install manifest (read-only; does not mutate)')
+        .option('--smoke', 'also run the 0.29.0 delegation-signal round-trip (writes a probe `rea.delegation_signal` audit record and verifies chain integrity)')
         .action(async (opts) => {
         await runDoctor({
             ...(opts.metrics === true ? { metrics: true } : {}),
             ...(opts.drift === true ? { drift: true } : {}),
+            ...(opts.smoke === true ? { smoke: true } : {}),
         });
     });
     await program.parseAsync(process.argv);

package/dist/cli/install/manifest-schema.d.ts

@@ -22,12 +22,12 @@ export declare const ManifestEntrySchema: z.ZodObject<{
 }, "strict", z.ZodTypeAny, {
     path: string;
     sha256: string;
-    source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+    source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
     mode?: number | undefined;
 }, {
     path: string;
     sha256: string;
-    source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+    source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
     mode?: number | undefined;
 }>;
 export type ManifestEntry = z.infer<typeof ManifestEntrySchema>;
@@ -45,12 +45,12 @@ export declare const InstallManifestSchema: z.ZodObject<{
     }, "strict", z.ZodTypeAny, {
         path: string;
         sha256: string;
-        source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+        source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
         mode?: number | undefined;
     }, {
         path: string;
         sha256: string;
-        source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+        source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
         mode?: number | undefined;
     }>, "many">;
 }, "strict", z.ZodTypeAny, {
@@ -60,7 +60,7 @@ export declare const InstallManifestSchema: z.ZodObject<{
     files: {
         path: string;
         sha256: string;
-        source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+        source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
         mode?: number | undefined;
     }[];
     upgraded_at?: string | undefined;
@@ -72,7 +72,7 @@ export declare const InstallManifestSchema: z.ZodObject<{
     files: {
         path: string;
         sha256: string;
-        source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+        source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
         mode?: number | undefined;
     }[];
     upgraded_at?: string | undefined;

package/dist/cli/install/settings-merge.js

@@ -318,6 +318,26 @@ export function defaultDesiredHooks() {
                 },
             ],
         },
+        {
+            // 0.29.0 delegation-telemetry MVP. The matcher is `Agent|Skill` —
+            // the two delegation tools in current Claude Code. NOT `Task|Skill`:
+            // `TaskCreate`/`TaskList`/`TaskUpdate` are unrelated todo-list tools
+            // and MUST NOT match. The hook is observational; its only effect is
+            // to append a `rea.delegation_signal` audit record. Worst-case
+            // latency budget is 50ms even under audit-chain contention (the
+            // signal is backgrounded and the CLI uses a 2s lock-acquisition
+            // fallback that exits 0 on timeout).
+            event: 'PreToolUse',
+            matcher: 'Agent|Skill',
+            hooks: [
+                {
+                    type: 'command',
+                    command: `${base}/delegation-capture.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Recording delegation signal...',
+                },
+            ],
+        },
         {
             event: 'PreToolUse',
             matcher: 'Write|Edit|MultiEdit|NotebookEdit',

package/dist/config/tier-map.js

@@ -264,9 +264,18 @@ export function reaCommandTier(command) {
     const subcommandTier = (() => {
         switch (sub) {
             case 'check':
-            case 'doctor':
             case 'status':
                 return Tier.Read;
+            case 'doctor': {
+                // 0.29.0 — `rea doctor --smoke` appends a probe
+                // `rea.delegation_signal` record to `.rea/audit.jsonl` to
+                // verify the end-to-end pipeline. That makes it a writer
+                // (hash-chain mutation) and therefore Write-tier — bare
+                // `rea doctor` stays Read. Codex round 3 P2 (2026-05-12).
+                if (tokens.slice(idx + 1).includes('--smoke'))
+                    return Tier.Write;
+                return Tier.Read;
+            }
             case 'hook': {
                 // `rea hook push-gate` is execution-only — it runs codex exec review
                 // and writes `.rea/last-review.json` + an audit record, but the
@@ -275,11 +284,23 @@ export function reaCommandTier(command) {
                 // `audit record codex-review`).
                 if (sub2 === 'push-gate')
                     return Tier.Read;
+                // 0.29.0 — `rea hook delegation-signal` reads stdin, appends a
+                // single audit record, and exits 0. Read-tier: observational
+                // telemetry with no policy effect and no behavior change to the
+                // underlying Agent/Skill dispatch.
+                if (sub2 === 'delegation-signal')
+                    return Tier.Read;
                 return Tier.Write;
             }
             case 'audit': {
                 if (sub2 === 'verify')
                     return Tier.Read;
+                // 0.29.0 — `rea audit specialists` is a read-only reader for
+                // the delegation-telemetry MVP. Classify Read so L0 sessions
+                // can summarize delegation patterns without tripping the
+                // Write-tier default. Codex round 3 P2 (2026-05-12).
+                if (sub2 === 'specialists')
+                    return Tier.Read;
                 if (sub2 === 'rotate')
                     return Tier.Write;
                 return Tier.Write;

package/dist/registry/loader.d.ts

@@ -18,17 +18,17 @@ declare const RegistryServerSchema: z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
 }, "strict", z.ZodTypeAny, {
     name: string;
+    env: Record<string, string>;
     command: string;
     args: string[];
-    env: Record<string, string>;
     enabled: boolean;
     env_passthrough?: string[] | undefined;
     tier_overrides?: Record<string, Tier> | undefined;
 }, {
     name: string;
     command: string;
-    args?: string[] | undefined;
     env?: Record<string, string> | undefined;
+    args?: string[] | undefined;
     env_passthrough?: string[] | undefined;
     tier_overrides?: Record<string, Tier> | undefined;
     enabled?: boolean | undefined;
@@ -45,17 +45,17 @@ declare const RegistrySchema: z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
     }, "strict", z.ZodTypeAny, {
         name: string;
+        env: Record<string, string>;
         command: string;
         args: string[];
-        env: Record<string, string>;
         enabled: boolean;
         env_passthrough?: string[] | undefined;
         tier_overrides?: Record<string, Tier> | undefined;
     }, {
         name: string;
         command: string;
-        args?: string[] | undefined;
         env?: Record<string, string> | undefined;
+        args?: string[] | undefined;
         env_passthrough?: string[] | undefined;
         tier_overrides?: Record<string, Tier> | undefined;
         enabled?: boolean | undefined;
@@ -65,9 +65,9 @@ declare const RegistrySchema: z.ZodObject<{
     version: "1";
     servers: {
         name: string;
+        env: Record<string, string>;
         command: string;
         args: string[];
-        env: Record<string, string>;
         enabled: boolean;
         env_passthrough?: string[] | undefined;
         tier_overrides?: Record<string, Tier> | undefined;
@@ -78,8 +78,8 @@ declare const RegistrySchema: z.ZodObject<{
     servers?: {
         name: string;
         command: string;
-        args?: string[] | undefined;
         env?: Record<string, string> | undefined;
+        args?: string[] | undefined;
         env_passthrough?: string[] | undefined;
         tier_overrides?: Record<string, Tier> | undefined;
         enabled?: boolean | undefined;