@bookedsolid/rea 0.29.0 → 0.30.0

package/dist/config/settings-schema.js

@@ -0,0 +1,294 @@
+/**
+ * Class M — `.claude/settings.json` zod schema (0.30.0+).
+ *
+ * Consumer-side validation for the Claude Code harness `settings.json`
+ * file. The harness itself accepts a JSON object with a documented
+ * shape; rea adds a strict subset of that shape so a typo in a hook
+ * registration ("statusMessasge", "PreToolUze") doesn't silently
+ * disable a load-bearing rea hook on a consumer's install.
+ *
+ * Two modes:
+ *   - Default (`mode: 'warn'`) — `rea doctor` logs a warn for any
+ *     unknown top-level key, unknown hook event, or unrecognized
+ *     matcher pattern. Existing consumer files that haven't seen the
+ *     schema before keep working without action.
+ *   - Strict (`mode: 'strict'`) — `rea doctor --strict` fails on any
+ *     zod failure, on path-traversal in a `command` value, and when
+ *     a rea-shipped hook (`EXPECTED_HOOKS`) is missing from the
+ *     PreToolUse / PostToolUse registrations. Used by CI gates that
+ *     want a hard floor.
+ *
+ * Path-traversal is checked OUTSIDE zod (see `validateNoTraversal`)
+ * — zod's job is shape; ours is to make sure a `command` literally
+ * cannot reference `..` after stripping `$CLAUDE_PROJECT_DIR`. The
+ * harness expands the variable at exec time, so the on-disk value
+ * is the right anchor for the check.
+ */
+import { z } from 'zod';
+import { EXPECTED_HOOKS } from '../cli/doctor.js';
+import { defaultDesiredHooks } from '../cli/install/settings-merge.js';
+/**
+ * Hook event names the harness honors. Strict union so a typo
+ * ("PreToolUze") fails closed. The union mirrors Anthropic's
+ * published list as of 2026-05; new events get added here as the
+ * harness ships them.
+ */
+export const HOOK_EVENT_NAMES = [
+    'PreToolUse',
+    'PostToolUse',
+    'UserPromptSubmit',
+    'Stop',
+    'SubagentStop',
+    'PreCompact',
+    'Notification',
+    'SessionStart',
+];
+/**
+ * Hook-command entry. `statusMessage` is REQUIRED to ALLOW (not to
+ * require) because every canonical entry rea ships carries one — the
+ * harness uses it for the spinner status line, and omitting it would
+ * be technically valid but degrade UX. `timeout` is optional; when
+ * present must be a positive int up to the harness ceiling of
+ * 600_000 ms (10 minutes).
+ */
+export const HookCommandSchema = z
+    .object({
+    type: z.literal('command'),
+    command: z.string().min(1, 'hook command must be a non-empty string'),
+    timeout: z.number().int().positive().max(600_000).optional(),
+    statusMessage: z.string().optional(),
+})
+    .strict();
+/**
+ * Hook entry group: a matcher pattern (string like `Bash` or
+ * `Write|Edit|MultiEdit|NotebookEdit`) plus its list of hook commands.
+ * The matcher is opaque to the schema — the harness parses it as a
+ * pipe-separated tool-name list. Empty matcher is rejected.
+ */
+export const HookEntrySchema = z
+    .object({
+    matcher: z.string().min(1, 'hook matcher must be a non-empty string'),
+    hooks: z.array(HookCommandSchema).min(1, 'each matcher must register at least one hook'),
+})
+    .strict();
+/**
+ * Top-level `.claude/settings.json` shape.
+ *
+ * `permissions` is pass-through (`z.record`) because it carries
+ * harness-defined structure that rea is not the source of truth for.
+ * `env` is a string-to-string map. `model` is a free string (the
+ * harness validates the model name at runtime).
+ *
+ * Each hook-event field is strict — a typo in the event name fails
+ * the parse instead of silently registering on a phantom event.
+ */
+export const SettingsSchema = z
+    .object({
+    env: z.record(z.string()).optional(),
+    permissions: z.unknown().optional(),
+    model: z.string().optional(),
+    hooks: z
+        .object({
+        PreToolUse: z.array(HookEntrySchema).optional(),
+        PostToolUse: z.array(HookEntrySchema).optional(),
+        UserPromptSubmit: z.array(HookEntrySchema).optional(),
+        Stop: z.array(HookEntrySchema).optional(),
+        SubagentStop: z.array(HookEntrySchema).optional(),
+        PreCompact: z.array(HookEntrySchema).optional(),
+        Notification: z.array(HookEntrySchema).optional(),
+        SessionStart: z.array(HookEntrySchema).optional(),
+    })
+        .strict()
+        .optional(),
+})
+    // Codex round 4 P1: top-level is .passthrough(), NOT .strict().
+    // Claude Code keeps adding harness-side top-level keys (model,
+    // permissions, env, future entries) and rea is NOT the source of
+    // truth for them. A strict top-level would refuse to validate the
+    // moment Claude Code ships a new key, breaking `rea upgrade` for
+    // every consumer mid-version. Hook events are still strict (a
+    // matcher typo in a known event must fail loudly).
+    .passthrough();
+/**
+ * Strict variant for `rea doctor --strict`. Same shape as `SettingsSchema`
+ * but rejects unknown top-level keys. Used only by the CI-gate path,
+ * never by `rea upgrade`. Exported so the doctor can opt into stricter
+ * validation when consumers explicitly request it.
+ */
+export const SettingsSchemaStrict = SettingsSchema.extend({}).strict();
+const TRAVERSAL_RE = /\.\.[/\\]/;
+export function validateNoTraversal(settings) {
+    const findings = [];
+    const hooks = settings.hooks;
+    if (hooks === undefined)
+        return findings;
+    for (const event of HOOK_EVENT_NAMES) {
+        const entries = hooks[event];
+        if (!Array.isArray(entries))
+            continue;
+        for (const group of entries) {
+            for (let i = 0; i < group.hooks.length; i += 1) {
+                const hook = group.hooks[i];
+                const stripped = hook.command
+                    .replace(/"\$CLAUDE_PROJECT_DIR"/g, '')
+                    .replace(/\$CLAUDE_PROJECT_DIR/g, '');
+                if (TRAVERSAL_RE.test(stripped)) {
+                    findings.push({
+                        event,
+                        matcher: group.matcher,
+                        index: i,
+                        command: hook.command,
+                        reason: 'contains `..` path segment outside $CLAUDE_PROJECT_DIR',
+                    });
+                }
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Validate a parsed JSON object against the settings schema.
+ *
+ * Strategy: try `SettingsSchema.parse(input)`. On success run the
+ * traversal + missing-hooks checks. On failure fall back to a
+ * best-effort scan of any `hooks: { PreToolUse: [...] }` shape we
+ * recognize, so the operator still sees traversal + missing-hooks
+ * findings.
+ */
+export function validateSettings(input) {
+    const result = {
+        parsed: false,
+        settings: null,
+        errors: [],
+        traversalFindings: [],
+        missingReaHooks: [],
+        warnings: [],
+    };
+    const parsed = SettingsSchema.safeParse(input);
+    if (parsed.success) {
+        result.parsed = true;
+        result.settings = parsed.data;
+        result.traversalFindings = validateNoTraversal(parsed.data);
+        result.missingReaHooks = findMissingReaHooks(parsed.data);
+    }
+    else {
+        result.errors = parsed.error.issues.map((i) => `${i.path.length > 0 ? `${i.path.join('.')}: ` : ''}${i.message}`);
+        // Best-effort fallback scan on the raw input so the operator sees
+        // every finding in one shot.
+        const recovered = recoverSettingsShape(input);
+        if (recovered !== null) {
+            result.traversalFindings = validateNoTraversal(recovered);
+            result.missingReaHooks = findMissingReaHooks(recovered);
+        }
+    }
+    return result;
+}
+/**
+ * Cross-check: every name in `EXPECTED_HOOKS` should appear as the
+ * basename of at least one `command` across PreToolUse + PostToolUse.
+ * Returns the missing list (empty when complete).
+ *
+ * Defensive: `EXPECTED_HOOKS` is sourced from `doctor.ts` so the
+ * single edit-point is preserved (new hook adds → both doctor's
+ * file-existence check AND this schema check pick it up).
+ */
+export function findMissingReaHooks(settings) {
+    const registeredCommands = new Set();
+    const hooks = settings.hooks;
+    if (hooks !== undefined) {
+        for (const event of ['PreToolUse', 'PostToolUse']) {
+            const entries = hooks[event];
+            if (!Array.isArray(entries))
+                continue;
+            for (const group of entries) {
+                for (const hook of group.hooks) {
+                    registeredCommands.add(hook.command);
+                }
+            }
+        }
+    }
+    const missing = [];
+    for (const name of EXPECTED_HOOKS) {
+        const found = Array.from(registeredCommands).some((cmd) => cmd.endsWith(`/${name}`));
+        if (!found)
+            missing.push(name);
+    }
+    return missing;
+}
+/**
+ * Compute the desired-hooks registration that `rea init` would emit
+ * for a fresh install. Exported so `rea doctor --strict` can show the
+ * operator the exact set the schema is enforcing without forcing them
+ * to dig through source.
+ */
+export function expectedHookNames() {
+    // Single source of truth: the canonical desired-hooks list.
+    const out = new Set();
+    for (const group of defaultDesiredHooks()) {
+        for (const hook of group.hooks) {
+            const tail = hook.command.split('/').pop() ?? '';
+            if (tail.length > 0)
+                out.add(tail);
+        }
+    }
+    return Array.from(out).sort();
+}
+/**
+ * Best-effort shape recovery when zod parse fails. Walks `input` and
+ * extracts as much of the `Settings` shape as possible, dropping any
+ * field that doesn't structurally match. Used ONLY to feed the
+ * traversal + missing-hooks checks — never returned to the caller as
+ * a "parsed" result.
+ */
+function recoverSettingsShape(input) {
+    if (input === null || typeof input !== 'object')
+        return null;
+    const o = input;
+    const hooks = o['hooks'];
+    if (hooks === null || typeof hooks !== 'object')
+        return null;
+    const h = hooks;
+    const recovered = { hooks: {} };
+    const recoveredHooks = {};
+    for (const event of HOOK_EVENT_NAMES) {
+        const entries = h[event];
+        if (!Array.isArray(entries))
+            continue;
+        const goodEntries = [];
+        for (const entry of entries) {
+            if (entry === null || typeof entry !== 'object')
+                continue;
+            const e = entry;
+            if (typeof e.matcher !== 'string')
+                continue;
+            if (!Array.isArray(e.hooks))
+                continue;
+            const goodHooks = [];
+            for (const hk of e.hooks) {
+                if (hk === null || typeof hk !== 'object')
+                    continue;
+                const c = hk;
+                if (c.type !== 'command')
+                    continue;
+                if (typeof c.command !== 'string' || c.command.length === 0)
+                    continue;
+                const out = { type: 'command', command: c.command };
+                if (typeof c.timeout === 'number' && Number.isInteger(c.timeout) && c.timeout > 0) {
+                    out.timeout = c.timeout;
+                }
+                if (typeof c.statusMessage === 'string') {
+                    out.statusMessage = c.statusMessage;
+                }
+                goodHooks.push(out);
+            }
+            if (goodHooks.length > 0) {
+                goodEntries.push({ matcher: e.matcher, hooks: goodHooks });
+            }
+        }
+        if (goodEntries.length > 0) {
+            recoveredHooks[event] = goodEntries;
+        }
+    }
+    recovered.hooks = recoveredHooks;
+    return recovered;
+}

package/dist/policy/loader.d.ts

@@ -246,6 +246,48 @@ declare const PolicySchema: z.ZodObject<{
         warn_at_commits?: number | undefined;
         refuse_at_commits?: number | undefined;
     }>>;
+    attribution: z.ZodOptional<z.ZodObject<{
+        co_author: z.ZodOptional<z.ZodEffects<z.ZodObject<{
+            enabled: z.ZodOptional<z.ZodBoolean>;
+            name: z.ZodOptional<z.ZodString>;
+            email: z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodLiteral<"">]>;
+            skip_merge: z.ZodOptional<z.ZodBoolean>;
+        }, "strict", z.ZodTypeAny, {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        }, {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        }>, {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        }, {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        }>>;
+    }, "strict", z.ZodTypeAny, {
+        co_author?: {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        } | undefined;
+    }, {
+        co_author?: {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        } | undefined;
+    }>>;
 }, "strict", z.ZodTypeAny, {
     version: string;
     profile: string;
@@ -311,6 +353,14 @@ declare const PolicySchema: z.ZodObject<{
         warn_at_commits?: number | undefined;
         refuse_at_commits?: number | undefined;
     } | undefined;
+    attribution?: {
+        co_author?: {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        } | undefined;
+    } | undefined;
 }, {
     version: string;
     profile: string;
@@ -376,6 +426,14 @@ declare const PolicySchema: z.ZodObject<{
         warn_at_commits?: number | undefined;
         refuse_at_commits?: number | undefined;
     } | undefined;
+    attribution?: {
+        co_author?: {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        } | undefined;
+    } | undefined;
 }>;
 /**
  * Async policy loader with TTL cache and mtime-based invalidation.

package/dist/policy/loader.js

@@ -212,6 +212,69 @@ const GatewayPolicySchema = z
     health: GatewayHealthPolicySchema.optional(),
 })
     .strict();
+/**
+ * 0.30.0 — attribution augmenter policy. The husky `prepare-commit-msg`
+ * hook appends a `Co-Authored-By: <name> <email>` trailer to every commit
+ * when `co_author.enabled: true`. Idempotent (skip if the email already
+ * appears on a `Co-Authored-By:` line, case-insensitive); skips merge
+ * commits when `skip_merge: true`.
+ *
+ * Cross-field refinement: when `enabled: true`, BOTH `name` AND `email`
+ * MUST be non-empty. Fail-closed at policy load — pre-fix a partial
+ * config (`enabled: true` with empty `email`) would silently fail at
+ * hook fire time, producing zero-name trailers and confusing audit
+ * records. Loud failure at load surfaces the misconfiguration immediately.
+ *
+ * Email validation is permissive (`<local>@<host>.<tld>` shape) — codex
+ * + claude + github noreply emails all pass; the only reject case is a
+ * malformed string (spaces, angle brackets, missing `@` or domain dot).
+ * Stricter validation is the consumer's job — RFC 5322 is too permissive
+ * for an opt-in audit footprint anyway.
+ */
+const AttributionCoAuthorSchema = z
+    .object({
+    enabled: z.boolean().optional(),
+    name: z.string().optional(),
+    email: z
+        .string()
+        .regex(/^[^\s<>@]+@[^\s<>@]+\.[^\s<>@]+$/, {
+        message: 'attribution.co_author.email must match <local>@<host>.<tld> ' +
+            '(no spaces, no angle brackets, must contain @ and a dot in the host)',
+    })
+        .optional()
+        .or(z.literal('')),
+    skip_merge: z.boolean().optional(),
+})
+    .strict()
+    .superRefine((val, ctx) => {
+    if (val.enabled !== true)
+        return;
+    const name = (val.name ?? '').trim();
+    const email = (val.email ?? '').trim();
+    if (name.length === 0) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            path: ['name'],
+            message: 'attribution.co_author.enabled: true requires a non-empty `name`. ' +
+                'Either set `name: "Your Name"` and `email: "you@example.com"`, or ' +
+                'set `enabled: false` to disable the augmenter.',
+        });
+    }
+    if (email.length === 0) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            path: ['email'],
+            message: 'attribution.co_author.enabled: true requires a non-empty `email`. ' +
+                'Either set `name: "Your Name"` and `email: "you@example.com"`, or ' +
+                'set `enabled: false` to disable the augmenter.',
+        });
+    }
+});
+const AttributionPolicySchema = z
+    .object({
+    co_author: AttributionCoAuthorSchema.optional(),
+})
+    .strict();
 const PolicySchema = z
     .object({
     version: z.string(),
@@ -259,6 +322,11 @@ const PolicySchema = z
     // 0.26.0 commit-hygiene thresholds — top-level so it's discoverable
     // separately from `review.local_review`. `rea preflight` consumes it.
     commit_hygiene: CommitHygienePolicySchema.optional(),
+    // 0.30.0 attribution augmenter — drives the husky
+    // `prepare-commit-msg` hook. The cross-field refinement on
+    // `AttributionCoAuthorSchema` fails closed when `enabled: true` but
+    // `name`/`email` are empty so we never ship a half-configured trailer.
+    attribution: AttributionPolicySchema.optional(),
 })
     .strict();
 const DEFAULT_CACHE_TTL_MS = 30_000;

package/dist/policy/profiles.d.ts

@@ -76,6 +76,38 @@ export declare const ProfileSchema: z.ZodObject<{
     }, {
         patterns?: string[] | undefined;
     }>>;
+    attribution: z.ZodOptional<z.ZodObject<{
+        co_author: z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodOptional<z.ZodBoolean>;
+            name: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            skip_merge: z.ZodOptional<z.ZodBoolean>;
+        }, "strict", z.ZodTypeAny, {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        }, {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        }>>;
+    }, "strict", z.ZodTypeAny, {
+        co_author?: {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        } | undefined;
+    }, {
+        co_author?: {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        } | undefined;
+    }>>;
 }, "strict", z.ZodTypeAny, {
     autonomy_level?: AutonomyLevel | undefined;
     max_autonomy_level?: AutonomyLevel | undefined;
@@ -102,6 +134,14 @@ export declare const ProfileSchema: z.ZodObject<{
     architecture_review?: {
         patterns?: string[] | undefined;
     } | undefined;
+    attribution?: {
+        co_author?: {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        } | undefined;
+    } | undefined;
 }, {
     autonomy_level?: AutonomyLevel | undefined;
     max_autonomy_level?: AutonomyLevel | undefined;
@@ -128,6 +168,14 @@ export declare const ProfileSchema: z.ZodObject<{
     architecture_review?: {
         patterns?: string[] | undefined;
     } | undefined;
+    attribution?: {
+        co_author?: {
+            name?: string | undefined;
+            enabled?: boolean | undefined;
+            email?: string | undefined;
+            skip_merge?: boolean | undefined;
+        } | undefined;
+    } | undefined;
 }>;
 export type Profile = z.infer<typeof ProfileSchema>;
 /** Hard defaults applied before any profile or wizard answer. */

package/dist/policy/profiles.js

@@ -75,6 +75,31 @@ export const ProfileSchema = z
         patterns: z.array(z.string()).optional(),
     })
         .optional(),
+    // 0.30.0+ attribution augmenter — every shipped profile pins
+    // `enabled: false`. Opt-in is repo-local (.rea/policy.yaml edit)
+    // because the identity to roll commits onto is per-developer; a
+    // profile that pinned `enabled: true` would route every other
+    // contributor's commits onto the profile author's heatmap.
+    //
+    // The profile-layer schema mirrors the policy-loader's
+    // `AttributionPolicySchema` but does NOT apply the cross-field
+    // refinement — a profile that ships `enabled: false` doesn't need
+    // a `name`/`email` to validate. Cross-field validation only runs
+    // at the policy-loader layer where the materialized file is parsed.
+    attribution: z
+        .object({
+        co_author: z
+            .object({
+            enabled: z.boolean().optional(),
+            name: z.string().optional(),
+            email: z.string().optional(),
+            skip_merge: z.boolean().optional(),
+        })
+            .strict()
+            .optional(),
+    })
+        .strict()
+        .optional(),
 })
     .strict();
 /** Hard defaults applied before any profile or wizard answer. */

package/dist/policy/types.d.ts

@@ -324,6 +324,49 @@ export interface AuditRotationPolicy {
 export interface AuditPolicy {
     rotation?: AuditRotationPolicy;
 }
+/**
+ * Attribution augmenter policy (0.30.0+).
+ *
+ * Drives the husky `prepare-commit-msg` hook that appends a single
+ * `Co-Authored-By: <name> <email>` trailer to every commit message. The
+ * intended use case: a contributor whose enterprise git identity (e.g.
+ * `alice@enterprise.example`) differs from their personal GitHub identity
+ * (e.g. `alice@personal.example`) — GitHub's contribution graph keys off
+ * the commit author/co-author email, so adding the personal address as a
+ * trailer rolls the work onto their personal heatmap.
+ *
+ * The augmenter does NOT modify the primary author line. It appends a
+ * trailer only — and is idempotent: re-running on a message that already
+ * contains the trailer (by email match, case-insensitive) is a no-op.
+ *
+ * Note: this is orthogonal to the `attribution-advisory.sh` Bash hook
+ * and the `block_ai_attribution` enforcement in the commit-msg hook.
+ * Those reject AI-tool noreply emails + AI assistant names. A
+ * human-authored `Co-Authored-By: Real Name <real@email.tld>` trailer
+ * is not AI attribution and is not blocked.
+ *
+ * Profile defaults: every shipped profile leaves `co_author.enabled:
+ * false`. The opt-in lives in repo-local edits to `.rea/policy.yaml`,
+ * never in the profile, because the identity to roll commits onto is
+ * inherently per-developer.
+ */
+export interface AttributionPolicy {
+    co_author?: AttributionCoAuthorPolicy;
+}
+/**
+ * Co-author trailer config. When `enabled: true`, BOTH `name` AND `email`
+ * must be non-empty — the policy loader fails closed with a clear error
+ * message when one is empty. `skip_merge: true` skips augmentation on
+ * merge commits (commit source `merge`) only; all other sources
+ * (`message`, `template`, `squash`, `commit`) are always augmented when
+ * enabled.
+ */
+export interface AttributionCoAuthorPolicy {
+    enabled?: boolean;
+    name?: string;
+    email?: string;
+    skip_merge?: boolean;
+}
 /**
  * G9 — injection tier escalation knobs. The classifier bucketed matches into
  * `clean` / `suspicious` / `likely_injection`; this block governs what happens
@@ -421,4 +464,12 @@ export interface Policy {
      * knob, not a review knob. The push-gate doesn't consume it.
      */
     commit_hygiene?: CommitHygienePolicy;
+    /**
+     * Attribution augmenter (0.30.0+). When `co_author.enabled: true`, the
+     * husky `prepare-commit-msg` hook appends a `Co-Authored-By:` trailer
+     * to every commit (or every non-merge commit when `skip_merge: true`).
+     * Idempotent — repeated runs over a message that already carries the
+     * trailer are no-ops. See `AttributionPolicy` for the full contract.
+     */
+    attribution?: AttributionPolicy;
 }

package/dist/registry/loader.d.ts

@@ -18,20 +18,20 @@ declare const RegistryServerSchema: z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
 }, "strict", z.ZodTypeAny, {
     name: string;
+    enabled: boolean;
     env: Record<string, string>;
     command: string;
     args: string[];
-    enabled: boolean;
     env_passthrough?: string[] | undefined;
     tier_overrides?: Record<string, Tier> | undefined;
 }, {
     name: string;
     command: string;
+    enabled?: boolean | undefined;
     env?: Record<string, string> | undefined;
     args?: string[] | undefined;
     env_passthrough?: string[] | undefined;
     tier_overrides?: Record<string, Tier> | undefined;
-    enabled?: boolean | undefined;
 }>;
 declare const RegistrySchema: z.ZodObject<{
     version: z.ZodLiteral<"1">;
@@ -45,30 +45,30 @@ declare const RegistrySchema: z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
     }, "strict", z.ZodTypeAny, {
         name: string;
+        enabled: boolean;
         env: Record<string, string>;
         command: string;
         args: string[];
-        enabled: boolean;
         env_passthrough?: string[] | undefined;
         tier_overrides?: Record<string, Tier> | undefined;
     }, {
         name: string;
         command: string;
+        enabled?: boolean | undefined;
         env?: Record<string, string> | undefined;
         args?: string[] | undefined;
         env_passthrough?: string[] | undefined;
         tier_overrides?: Record<string, Tier> | undefined;
-        enabled?: boolean | undefined;
     }>, "many">>;
     reviewer: z.ZodOptional<z.ZodEnum<["codex", "claude-self"]>>;
 }, "strict", z.ZodTypeAny, {
     version: "1";
     servers: {
         name: string;
+        enabled: boolean;
         env: Record<string, string>;
         command: string;
         args: string[];
-        enabled: boolean;
         env_passthrough?: string[] | undefined;
         tier_overrides?: Record<string, Tier> | undefined;
     }[];
@@ -78,11 +78,11 @@ declare const RegistrySchema: z.ZodObject<{
     servers?: {
         name: string;
         command: string;
+        enabled?: boolean | undefined;
         env?: Record<string, string> | undefined;
         args?: string[] | undefined;
         env_passthrough?: string[] | undefined;
         tier_overrides?: Record<string, Tier> | undefined;
-        enabled?: boolean | undefined;
     }[] | undefined;
     reviewer?: "codex" | "claude-self" | undefined;
 }>;