@bookedsolid/rea 0.28.2 → 0.30.0

package/dist/cli/hook.js

@@ -38,6 +38,8 @@ import { runBlockedScan, runProtectedScan } from '../hooks/bash-scanner/index.js
 import { loadPolicy } from '../policy/loader.js';
 import { appendAuditRecord, InvocationStatus, Tier } from '../audit/append.js';
 import { CODEX_REVIEW_TOOL_NAME, CODEX_REVIEW_SERVER_NAME, } from '../audit/codex-event.js';
+import { DELEGATION_SIGNAL_TOOL_NAME, DELEGATION_SIGNAL_SERVER_NAME, DELEGATION_SIGNAL_SCHEMA_VERSION, DelegationSignalMetadataSchema, } from '../audit/delegation-event.js';
+import { compileDefaultSecretPatterns, redactSecrets, } from '../gateway/middleware/redact.js';
 import { CodexNotInstalledError, CodexProtocolError, CodexSubprocessError, CodexTimeoutError, IRON_GATE_DEFAULT_MODEL, IRON_GATE_DEFAULT_REASONING, createRealGitExecutor, runCodexReview, } from '../hooks/push-gate/codex-runner.js';
 import { resolveBaseRef } from '../hooks/push-gate/base.js';
 import { resolvePushGatePolicy } from '../hooks/push-gate/policy.js';
@@ -577,18 +579,296 @@ export async function runHookCodexReview(options) {
     }
     process.exit(exitCode);
 }
+/**
+ * Cached default secret patterns for the redact path. Compiling the
+ * regex set is non-trivial (it spawns a worker per pattern), so cache
+ * across invocations. CLI process lifecycle is short enough that this
+ * is effectively per-process.
+ */
+let _delegationSecretPatterns = null;
+function getDelegationSecretPatterns() {
+    if (_delegationSecretPatterns === null) {
+        // Per-pattern timeout budget. The redact-safe wrapper runs each
+        // regex in a worker thread, and the worker spawn itself takes
+        // ~1ms on hot paths but 50–200ms cold. The spec asked for 50ms
+        // but that value caused spurious timeouts in cold-process tests
+        // (the very first PreToolUse hook invocation in a fresh shell)
+        // and converted every input into the timeout sentinel, leaking
+        // false-positive redactions. 250ms is generous enough to absorb
+        // a cold worker spawn while still bounded enough that the
+        // delegation-capture hook stays well under its 5s settings.json
+        // timeout. The hook itself backgrounds the CLI call so this
+        // budget never gates Claude Code's tool dispatch.
+        _delegationSecretPatterns = compileDefaultSecretPatterns({ timeoutMs: 250 });
+    }
+    return _delegationSecretPatterns;
+}
+/**
+ * Apply `redactSecrets` to a single string field. Returns the
+ * (possibly redacted) string plus the list of pattern names that
+ * fired. On timeout, returns `'[REDACTED: pattern timeout]'` (the
+ * sentinel from redact.ts) and the timeout pattern name so the audit
+ * envelope still records the redaction happened.
+ *
+ * Best-effort: any exception in the redact path returns the input
+ * unchanged + an empty pattern list. The audit record is observational
+ * — failing the whole signal because the redact timer threw would lose
+ * the signal entirely.
+ */
+/**
+ * Sentinel emitted when redaction is unable to make a definitive
+ * decision (regex timeout, worker error). The redactor's invariant is
+ * "never let a potentially secret-bearing string pass through
+ * unredacted on failure" — that invariant MUST hold for the
+ * delegation-signal path too. Falling back to the raw input on
+ * timeout would silently leak a planted credential into
+ * .rea/audit.jsonl. Codex round 2 P1 (2026-05-12).
+ */
+const REDACT_INDETERMINATE_SENTINEL = '[REDACTED: indeterminate]';
+function redactField(value) {
+    try {
+        const { output, redacted, timedOut } = redactSecrets(value, getDelegationSecretPatterns());
+        // Timeout: the redactor's `[REDACTED: pattern timeout]` output
+        // already says "I couldn't decide". Treat that as a full-field
+        // redaction here too — under no circumstance let the raw input
+        // through when the scanner failed to complete. This is the
+        // fail-closed posture redact.ts itself takes; we mirror it.
+        // The redactor's own telemetry separately records the timeout
+        // (REDACT_TIMEOUT_METADATA_KEY), so observability isn't lost.
+        if (timedOut) {
+            return {
+                value: REDACT_INDETERMINATE_SENTINEL,
+                patterns: ['redact_timeout'],
+            };
+        }
+        if (redacted.length === 0)
+            return { value, patterns: [] };
+        // The redact contract replaces matched substrings with `[REDACTED]`.
+        // For a short identifier field like `subagent_type`, treat any hit
+        // as a full-field redaction so a partial match doesn't leak the
+        // surrounding context.
+        return { value: output.includes('[REDACTED') ? '[REDACTED]' : output, patterns: redacted };
+    }
+    catch {
+        // Synchronous redactor exception (extremely rare — the wrapper
+        // catches its own errors). Fail closed: indeterminate sentinel.
+        return {
+            value: REDACT_INDETERMINATE_SENTINEL,
+            patterns: ['redact_error'],
+        };
+    }
+}
+/**
+ * The actual audit-write — wrapped so it can run inline (default) or
+ * as a detached background tail call (`--detach`). Returns the
+ * promise; the caller decides whether to await it.
+ */
+async function writeDelegationSignal(baseDir, metadata, redactedFields, sessionId) {
+    // Defense-in-depth: validate the metadata shape against the strict
+    // zod schema before handing it off to `appendAuditRecord`. A future
+    // refactor that introduces a field-name typo here would otherwise
+    // silently land a malformed line in the chain.
+    const parsed = DelegationSignalMetadataSchema.safeParse(metadata);
+    if (!parsed.success) {
+        process.stderr.write(`[rea] delegation-signal: metadata failed strict-mode validation: ${parsed.error.message}\n`);
+        return;
+    }
+    await appendAuditRecord(baseDir, {
+        tool_name: DELEGATION_SIGNAL_TOOL_NAME,
+        server_name: DELEGATION_SIGNAL_SERVER_NAME,
+        tier: Tier.Read,
+        status: InvocationStatus.Allowed,
+        session_id: sessionId,
+        ...(redactedFields.length > 0 ? { redacted_fields: redactedFields } : {}),
+        metadata: parsed.data,
+    });
+}
+/**
+ * Read the hook stdin payload, redact + hash, and either await the
+ * audit append OR fire-and-forget it (when `--detach` is set).
+ *
+ * Exit-code contract: ALWAYS exit 0. The delegation signal is
+ * observational, not gating — failure to write the record must NOT
+ * block Claude Code's tool dispatch. Errors are surfaced on stderr.
+ */
+export async function runHookDelegationSignal(options) {
+    const baseDir = options.reaRoot ?? process.env['CLAUDE_PROJECT_DIR'] ?? process.cwd();
+    const lockTimeoutMs = options.lockTimeoutMs ?? 2000;
+    // Read stdin. TTY → empty (no harness payload available, nothing to
+    // emit — exit 0 silently). Timeout 1s; the hook shim feeds us a
+    // small JSON blob that fully prints in milliseconds.
+    const stdinRaw = process.stdin.isTTY ? '' : await readStdinWithTimeout(1_000);
+    if (stdinRaw.length === 0) {
+        process.exit(0);
+    }
+    let payload;
+    try {
+        payload = JSON.parse(stdinRaw);
+    }
+    catch (e) {
+        // Malformed payload — observational signal only, exit 0 silently
+        // with stderr breadcrumb. Failing here would propagate to the hook
+        // shim and risk blocking the underlying Agent/Skill dispatch.
+        process.stderr.write(`[rea] delegation-signal: malformed stdin JSON (${e instanceof Error ? e.message : String(e)}), signal dropped\n`);
+        process.exit(0);
+    }
+    // Resolve which delegation tool fired. Anything else is a misfire at
+    // the matcher layer (Claude Code routed a non-delegation tool to us)
+    // — exit 0 silently.
+    const rawToolName = typeof payload.tool_name === 'string' ? payload.tool_name : '';
+    const delegationTool = rawToolName === 'Agent' ? 'Agent' : rawToolName === 'Skill' ? 'Skill' : null;
+    if (delegationTool === null) {
+        process.exit(0);
+    }
+    // Extract the agent / skill name. Agent → tool_input.subagent_type;
+    // Skill → tool_input.skill. Missing → emit a placeholder ('unknown')
+    // so the chain still records the delegation event.
+    const ti = payload.tool_input ?? {};
+    let rawSubagentType = '';
+    if (delegationTool === 'Agent' && typeof ti.subagent_type === 'string') {
+        rawSubagentType = ti.subagent_type;
+    }
+    else if (delegationTool === 'Skill' && typeof ti.skill === 'string') {
+        rawSubagentType = ti.skill;
+    }
+    if (rawSubagentType.length === 0)
+        rawSubagentType = 'unknown';
+    // Parent subagent — Claude Code surfaces this either as
+    // `tool_input.parent_subagent_type` (when the dispatcher attaches
+    // it to the payload) or as the `CLAUDE_PARENT_SUBAGENT` env var
+    // (the alternate source the integrated spec calls out). Payload
+    // wins when both are present — payload is closer to the originating
+    // event and the env var can be stale across subprocess fan-out.
+    // Codex round 4 P2 (2026-05-12): pre-fix the env-var source was
+    // ignored and every nested delegation was recorded as null,
+    // defeating the parent/child telemetry the field was added for.
+    let rawParent = null;
+    if (typeof ti.parent_subagent_type === 'string' && ti.parent_subagent_type.length > 0) {
+        rawParent = ti.parent_subagent_type;
+    }
+    else {
+        const envParent = process.env['CLAUDE_PARENT_SUBAGENT'];
+        if (typeof envParent === 'string' && envParent.length > 0) {
+            rawParent = envParent;
+        }
+    }
+    // Description / prompt → SHA-256, never persisted in clear.
+    // Agent dispatches the prompt under `description`; Skill under
+    // `prompt`. When neither is present we hash the empty string so the
+    // field is always present.
+    const rawDescription = delegationTool === 'Agent' && typeof ti.description === 'string'
+        ? ti.description
+        : delegationTool === 'Skill' && typeof ti.prompt === 'string'
+            ? ti.prompt
+            : '';
+    const descriptionHash = crypto.createHash('sha256').update(rawDescription).digest('hex');
+    // Run subagent_type + parent_subagent_type through the redact path.
+    // A planted credential string in either field is replaced with
+    // [REDACTED] before landing in the audit log.
+    const redactedFields = [];
+    const sub = redactField(rawSubagentType);
+    if (sub.patterns.length > 0) {
+        redactedFields.push('metadata.subagent_type');
+    }
+    let parentValue = rawParent;
+    if (rawParent !== null) {
+        const parentRed = redactField(rawParent);
+        parentValue = parentRed.value;
+        if (parentRed.patterns.length > 0) {
+            redactedFields.push('metadata.parent_subagent_type');
+        }
+    }
+    const sessionIdObserved = typeof payload.session_id === 'string' && payload.session_id.length > 0
+        ? payload.session_id
+        : 'unknown';
+    const hookEventTimestamp = typeof payload.hook_event_timestamp === 'string' && payload.hook_event_timestamp.length > 0
+        ? payload.hook_event_timestamp
+        : undefined;
+    const metadata = {
+        schema_version: DELEGATION_SIGNAL_SCHEMA_VERSION,
+        delegation_tool: delegationTool,
+        subagent_type: sub.value,
+        session_id_observed: sessionIdObserved,
+        parent_subagent_type: parentValue,
+        invocation_description_sha256: descriptionHash,
+        ...(hookEventTimestamp !== undefined ? { hook_event_timestamp: hookEventTimestamp } : {}),
+    };
+    // Audit envelope `session_id` carries the observed session so a
+    // future reader can correlate without traversing metadata. (The
+    // envelope value is duplicated in metadata.session_id_observed for
+    // record-self-containment.)
+    const writePromise = writeDelegationSignal(baseDir, metadata, redactedFields, sessionIdObserved);
+    // The audit append must complete BEFORE this CLI process exits.
+    // Earlier iterations treated `--detach` as "fire-and-forget at the
+    // CLI level", but Node terminates a process when the event loop has
+    // no more sync work — and `appendAuditRecord()` is async filesystem
+    // work that does NOT keep the process alive across `process.exit`.
+    // The fire-and-forget concept lives one level UP, in the SHELL hook:
+    // the .sh stub backgrounds this entire CLI invocation with `&` +
+    // `disown` so Claude Code's tool dispatch is not blocked. From inside
+    // the CLI we always wait for the append.
+    //
+    // Codex round 1 P1 (2026-05-12): the previous implementation called
+    // `process.exit(0)` immediately after kicking off the promise under
+    // `--detach`. Tests stubbed `process.exit` so the promise still ran
+    // to completion in-test, masking the bug. In production every
+    // Agent/Skill dispatch silently dropped its delegation record.
+    //
+    // `--detach` is RETAINED as a flag for backwards compat with the
+    // shell hook stub's `--detach &` argv (and to document that the
+    // shell hook is the backgrounding layer, not the CLI). Its only
+    // remaining effect is the doc comment and an audit-append-failure
+    // mode that NEVER emits to stderr (no parent shell is listening
+    // when the CLI ran detached).
+    const detached = options.detach === true;
+    let timer = null;
+    try {
+        await Promise.race([
+            writePromise,
+            new Promise((resolve) => {
+                timer = setTimeout(() => resolve('timeout'), lockTimeoutMs);
+                timer.unref?.();
+            }).then((tag) => {
+                if (tag === 'timeout') {
+                    if (!detached) {
+                        process.stderr.write(`[rea] delegation-signal: lock timeout, signal dropped\n`);
+                    }
+                    // Surface the eventual error so it doesn't escape as an
+                    // unhandled rejection after we've exited the await.
+                    writePromise.catch(() => {
+                        /* already reported via stderr */
+                    });
+                    return;
+                }
+            }),
+        ]);
+    }
+    catch (e) {
+        // Append failure (e.g. ENOSPC) — surface to stderr unless we ran
+        // detached (no parent shell is listening).
+        if (!detached) {
+            process.stderr.write(`[rea] delegation-signal: audit append failed: ${e instanceof Error ? e.message : String(e)}\n`);
+        }
+    }
+    finally {
+        if (timer !== null)
+            clearTimeout(timer);
+    }
+    process.exit(0);
+}
 /**
  * Attach the `rea hook` subcommand tree to a commander Program.
  *
  * Subcommands:
- *   - `push-gate`     — stateless pre-push Codex review (called by husky).
- *   - `scan-bash`     — parser-backed bash-tier scanner (called by Claude
- *                       Code shim hooks).
- *   - `policy-get`    — single-source-of-truth policy reader for bash hooks.
- *   - `codex-review`  — thin Bash-direct codex invocation (0.27.0+) for
- *                       marathon-mode review cycles. The canonical
- *                       invocation that all agents and slash commands
- *                       route through.
+ *   - `push-gate`           — stateless pre-push Codex review (called by husky).
+ *   - `scan-bash`           — parser-backed bash-tier scanner (called by Claude
+ *                             Code shim hooks).
+ *   - `policy-get`          — single-source-of-truth policy reader for bash hooks.
+ *   - `codex-review`        — thin Bash-direct codex invocation (0.27.0+) for
+ *                             marathon-mode review cycles.
+ *   - `delegation-signal`   — 0.29.0 delegation-telemetry MVP. Reads a Claude
+ *                             Code PreToolUse hook payload for `Agent` / `Skill`
+ *                             and emits a `rea.delegation_signal` audit record.
  *
  * New hooks should land here rather than as top-level commands so the
  * CLI surface stays navigable.
@@ -653,6 +933,23 @@ export function registerHookCommand(program) {
             ...(opts.json === true ? { json: true } : {}),
         });
     });
+    hook
+        .command('delegation-signal')
+        .description('Read a Claude Code PreToolUse hook payload for `Agent` or `Skill` from stdin and emit a `rea.delegation_signal` audit record (0.29.0+). Observational telemetry only — exit ALWAYS 0; failure to write the record never blocks tool dispatch. The hook shim at `.claude/hooks/delegation-capture.sh` invokes this with `--detach` so the Agent/Skill call proceeds without waiting on the audit lock.')
+        .option('--detach', 'fire the audit append in the background and return immediately. Set by the shell hook stub so worst-case latency stays low under lock contention.')
+        .option('--lock-timeout-ms <n>', 'milliseconds to wait for the audit-chain lock before dropping the signal. Default 2000.', (raw) => {
+        const n = Number(raw);
+        if (!Number.isInteger(n) || n <= 0) {
+            throw new Error(`--lock-timeout-ms must be a positive integer, got ${JSON.stringify(raw)}`);
+        }
+        return n;
+    })
+        .action(async (opts) => {
+        await runHookDelegationSignal({
+            ...(opts.detach === true ? { detach: true } : {}),
+            ...(opts.lockTimeoutMs !== undefined ? { lockTimeoutMs: opts.lockTimeoutMs } : {}),
+        });
+    });
     hook
         .command('policy-get')
         .description('Read a value from `.rea/policy.yaml` via the canonical YAML parser. Used by bash-tier hooks (`hooks/_lib/policy-read.sh::policy_nested_scalar`) so inline AND block YAML forms agree at a single source of truth. Default scalar mode: prints raw value or empty. With `--json`: emits JSON (scalar or object/array; missing path → `null`). Unparseable YAML → empty / null, exit 1.')

package/dist/cli/index.js

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
 import { runAuditRotate, runAuditVerify } from './audit.js';
+import { registerAuditSpecialistsSubcommand } from './audit-specialists.js';
 import { runCheck } from './check.js';
 import { registerHookCommand } from './hook.js';
 import { runDoctor } from './doctor.js';
@@ -106,6 +107,10 @@ async function main() {
         .action(async (opts) => {
         await runAuditVerify({ ...(opts.since !== undefined ? { since: opts.since } : {}) });
     });
+    // 0.29.0 — `rea audit specialists` reader for delegation-telemetry
+    // records. Read-only; honors $CLAUDE_SESSION_ID for current-session
+    // filtering. v1 omits --since / --session (deferred to 0.29.1).
+    registerAuditSpecialistsSubcommand(audit);
     // Register `rea hook push-gate` — the stateless pre-push Codex gate
     // called by `.husky/pre-push` and `.git/hooks/pre-push`.
     registerHookCommand(program);
@@ -143,10 +148,14 @@ async function main() {
         .description('Validate the install: policy parses, .rea/ layout, hooks, Codex plugin.')
         .option('--metrics', 'also print a 7-day summary of Codex telemetry (G11.5)')
         .option('--drift', 'report drift vs. the install manifest (read-only; does not mutate)')
+        .option('--smoke', 'also run the 0.29.0 delegation-signal round-trip (writes a probe `rea.delegation_signal` audit record and verifies chain integrity)')
+        .option('--strict', '0.30.0 Class M — promote settings.json schema warnings (zod parse failures, path traversal, missing rea hooks) to hard fail. Use in CI gates.')
         .action(async (opts) => {
         await runDoctor({
             ...(opts.metrics === true ? { metrics: true } : {}),
             ...(opts.drift === true ? { drift: true } : {}),
+            ...(opts.smoke === true ? { smoke: true } : {}),
+            ...(opts.strict === true ? { strict: true } : {}),
         });
     });
     await program.parseAsync(process.argv);

package/dist/cli/init.js

@@ -9,6 +9,7 @@ import { copyArtifacts } from './install/copy.js';
 import { ensureReaGitignore } from './install/gitignore.js';
 import { canonicalSettingsSubsetHash, defaultDesiredHooks, mergeSettings, readSettings, writeSettingsAtomic, } from './install/settings-merge.js';
 import { installCommitMsgHook } from './install/commit-msg.js';
+import { installPrepareCommitMsgHook } from './install/prepare-commit-msg.js';
 import { installPrePushFallback } from './install/pre-push.js';
 import { CodexProbe } from '../gateway/observability/codex-probe.js';
 import { buildFragment, writeClaudeMdFragment } from './install/claude-md.js';
@@ -220,11 +221,56 @@ async function runWizard(options, targetDir, reagentPolicyPath, layeredBase, exi
         ...(existingPolicy?.commitHygieneRefuseAtCommits !== undefined
             ? { commitHygieneRefuseAtCommits: existingPolicy.commitHygieneRefuseAtCommits }
             : {}),
+        // 0.30.0 attribution augmenter — preserved across re-init OR
+        // seeded from the layered profile (every shipped profile pins
+        // `enabled: false`). Conditional spread so undefined → key omitted
+        // (the field is exact-optional).
+        ...attributionConfigSpread(layeredBase, existingPolicy),
         fromReagent,
         reagentPolicyPath,
         reagentNotices: [],
     };
 }
+/**
+ * Compute the attribution-augmenter config spread to inject into a
+ * partial `ResolvedConfig` literal. Returns `{}` when neither the
+ * existing on-disk policy nor the layered profile declared the
+ * augmenter — the policy writer then omits the block entirely so
+ * consumers who haven't seen 0.30.0 don't get a mystery YAML block.
+ *
+ * Returns `{ attributionCoAuthor: ... }` otherwise. Using a spread
+ * helper instead of a value-returning function lets `exactOptionalProperty
+ * Types` distinguish "omitted" from "explicitly undefined" — required
+ * by the strict tsconfig.
+ */
+function attributionConfigSpread(layered, existing) {
+    const preserved = existing?.attributionCoAuthor;
+    if (preserved !== undefined) {
+        return {
+            attributionCoAuthor: {
+                ...(preserved.enabled !== undefined ? { enabled: preserved.enabled } : {}),
+                ...(preserved.name !== undefined ? { name: preserved.name } : {}),
+                ...(preserved.email !== undefined ? { email: preserved.email } : {}),
+                ...(preserved.skipMerge !== undefined ? { skipMerge: preserved.skipMerge } : {}),
+            },
+        };
+    }
+    const fromProfile = layered.attribution?.co_author;
+    if (fromProfile === undefined)
+        return {};
+    return {
+        attributionCoAuthor: {
+            ...(fromProfile.enabled !== undefined ? { enabled: fromProfile.enabled } : {}),
+            ...(fromProfile.name !== undefined && fromProfile.name.length > 0
+                ? { name: fromProfile.name }
+                : {}),
+            ...(fromProfile.email !== undefined && fromProfile.email.length > 0
+                ? { email: fromProfile.email }
+                : {}),
+            ...(fromProfile.skip_merge !== undefined ? { skipMerge: fromProfile.skip_merge } : {}),
+        },
+    };
+}
 /**
  * G6 — Codex install-assist probe.
  *
@@ -408,6 +454,38 @@ function readExistingPolicyForPreservation(targetDir) {
             out.commitHygieneRefuseAtCommits = refuseAt;
         }
     }
+    // 0.30.0 attribution augmenter. Preserve every field the operator
+    // may have configured so re-running `rea init` doesn't silently
+    // revert an opt-in. Block AND inline forms agree at the parser
+    // layer.
+    const attribution = policy['attribution'];
+    if (attribution !== null && typeof attribution === 'object') {
+        const attr = attribution;
+        const coAuthor = attr['co_author'];
+        if (coAuthor !== null && typeof coAuthor === 'object') {
+            const ca = coAuthor;
+            const preserved = {};
+            let any = false;
+            if (typeof ca['enabled'] === 'boolean') {
+                preserved.enabled = ca['enabled'];
+                any = true;
+            }
+            if (typeof ca['name'] === 'string') {
+                preserved.name = ca['name'];
+                any = true;
+            }
+            if (typeof ca['email'] === 'string') {
+                preserved.email = ca['email'];
+                any = true;
+            }
+            if (typeof ca['skip_merge'] === 'boolean') {
+                preserved.skipMerge = ca['skip_merge'];
+                any = true;
+            }
+            if (any)
+                out.attributionCoAuthor = preserved;
+        }
+    }
     return out;
 }
 function readExistingInstalledAt(policyPath) {
@@ -484,6 +562,28 @@ function writePolicyYaml(targetDir, config, layered) {
             lines.push(`    - ${JSON.stringify(p)}`);
         }
     }
+    // 0.30.0 attribution augmenter — emit the block whenever the layered
+    // profile (or a preserved on-disk policy) declared it. We always emit
+    // a fully-explicit `enabled` so an operator reading the file can
+    // confirm the current state at a glance without falling back to
+    // schema defaults. Identity (name/email) is omitted when empty —
+    // operators opt in by hand-editing those two fields, which keeps
+    // the policy file diff-clean on profile re-init.
+    const attr = config.attributionCoAuthor;
+    if (attr !== undefined) {
+        lines.push(`attribution:`);
+        lines.push(`  co_author:`);
+        lines.push(`    enabled: ${attr.enabled === true ? 'true' : 'false'}`);
+        if (attr.name !== undefined && attr.name.length > 0) {
+            lines.push(`    name: ${JSON.stringify(attr.name)}`);
+        }
+        if (attr.email !== undefined && attr.email.length > 0) {
+            lines.push(`    email: ${JSON.stringify(attr.email)}`);
+        }
+        if (attr.skipMerge !== undefined) {
+            lines.push(`    skip_merge: ${attr.skipMerge ? 'true' : 'false'}`);
+        }
+    }
     // 0.18.1+ helixir #9: emit audit.rotation when the layered profile
     // declared it. Empty `rotation: {}` opts in to documented defaults
     // (50 MiB / 30 days); explicit values override.
@@ -741,6 +841,10 @@ export async function runInit(options) {
             ...(existingPolicy?.commitHygieneRefuseAtCommits !== undefined
                 ? { commitHygieneRefuseAtCommits: existingPolicy.commitHygieneRefuseAtCommits }
                 : {}),
+            // 0.30.0 attribution augmenter — preserved across re-init OR
+            // seeded from the layered profile. Same precedence as the
+            // wizard path above. Conditional spread for exact-optional.
+            ...attributionConfigSpread(layeredBase, existingPolicy),
             fromReagent,
             reagentPolicyPath,
             reagentNotices,
@@ -772,6 +876,12 @@ export async function runInit(options) {
     const mergeResult = mergeSettings(settings, desired);
     await writeSettingsAtomic(settingsPath, mergeResult.merged);
     const commitMsgResult = await installCommitMsgHook(targetDir);
+    // 0.30.0 attribution augmenter — install the prepare-commit-msg
+    // hook unconditionally. The hook is a no-op when
+    // policy.attribution.co_author.enabled !== true, so it is safe to
+    // ship under every profile; consumers opt in by editing their
+    // .rea/policy.yaml.
+    const prepareCommitMsgResult = await installPrepareCommitMsgHook(targetDir);
     const prePushResult = await installPrePushFallback({ targetDir });
     const fragmentInput = {
         policyPath: `.${path.sep}rea${path.sep}policy.yaml`.replace(/\\/g, '/'),
@@ -800,6 +910,14 @@ export async function runInit(options) {
         console.log(`  + ${path.relative(targetDir, commitMsgResult.gitHook)}`);
     if (commitMsgResult.huskyHook)
         console.log(`  + ${path.relative(targetDir, commitMsgResult.huskyHook)}`);
+    if (prepareCommitMsgResult.gitHook) {
+        const verb = prepareCommitMsgResult.refreshed === true ? '~' : '+';
+        console.log(`  ${verb} ${path.relative(targetDir, prepareCommitMsgResult.gitHook)} (attribution augmenter)`);
+    }
+    if (prepareCommitMsgResult.huskyHook) {
+        const verb = prepareCommitMsgResult.refreshed === true ? '~' : '+';
+        console.log(`  ${verb} ${path.relative(targetDir, prepareCommitMsgResult.huskyHook)} (attribution augmenter)`);
+    }
     if (prePushResult.written !== undefined) {
         const verb = prePushResult.decision.action === 'refresh' ? '~' : '+';
         console.log(`  ${verb} ${path.relative(targetDir, prePushResult.written)} (pre-push fallback)`);
@@ -828,6 +946,8 @@ export async function runInit(options) {
     }
     for (const w of commitMsgResult.warnings)
         warn(w);
+    for (const w of prepareCommitMsgResult.warnings)
+        warn(w);
     for (const w of prePushResult.warnings)
         warn(w);
     for (const n of config.reagentNotices)

package/dist/cli/install/manifest-schema.d.ts

@@ -22,12 +22,12 @@ export declare const ManifestEntrySchema: z.ZodObject<{
 }, "strict", z.ZodTypeAny, {
     path: string;
     sha256: string;
-    source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+    source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
     mode?: number | undefined;
 }, {
     path: string;
     sha256: string;
-    source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+    source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
     mode?: number | undefined;
 }>;
 export type ManifestEntry = z.infer<typeof ManifestEntrySchema>;
@@ -45,12 +45,12 @@ export declare const InstallManifestSchema: z.ZodObject<{
     }, "strict", z.ZodTypeAny, {
         path: string;
         sha256: string;
-        source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+        source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
         mode?: number | undefined;
     }, {
         path: string;
         sha256: string;
-        source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+        source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
         mode?: number | undefined;
     }>, "many">;
 }, "strict", z.ZodTypeAny, {
@@ -60,7 +60,7 @@ export declare const InstallManifestSchema: z.ZodObject<{
     files: {
         path: string;
         sha256: string;
-        source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+        source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
         mode?: number | undefined;
     }[];
     upgraded_at?: string | undefined;
@@ -72,7 +72,7 @@ export declare const InstallManifestSchema: z.ZodObject<{
     files: {
         path: string;
         sha256: string;
-        source: "command" | "hook" | "agent" | "husky" | "claude-md" | "settings";
+        source: "agent" | "command" | "hook" | "husky" | "claude-md" | "settings";
         mode?: number | undefined;
     }[];
     upgraded_at?: string | undefined;