@bookedsolid/rea 0.3.0 → 0.4.0

package/.husky/pre-push

@@ -1,4 +1,6 @@
 #!/bin/sh
+# rea:husky-pre-push-gate v1
+# rea:gate-body-v1
 # .husky/pre-push — rea governance gate for terminal-initiated pushes.
 #
 # Mirrors the logic of `.claude/hooks/push-review-gate.sh` but consumes the
@@ -20,8 +22,10 @@
 # which ran the loop in a subshell — `exit 1` inside the loop aborted the
 # subshell only, and the script then ran `exit 0` and allowed the push. We
 # now feed the loop with a here-doc so it runs in the main shell, and we
-# track `block_push` in the enclosing scope. Final `exit 1` is reached only
-# if no refspec is blocked; a single blocking refspec propagates correctly.
+# abort immediately (`exit 1`) on the first blocking refspec. The accumulator
+# pattern (`block_push=1; continue`) was dropped so the text-level detector
+# in `src/cli/install/pre-push.ts` can verify the miss-path is truly blocking
+# without modeling loop-carried flags and post-loop exit blocks.
 
 set -eu
 
@@ -63,13 +67,11 @@ if [ -f "$READ_FIELD_JS" ]; then
   fi
 fi
 
-block_push=0
-
-# Here-doc feeds the loop without creating a subshell, so `block_push=1`
-# assignments below persist in the enclosing scope and the final `exit`
-# reflects them. A pipeline would run the loop in a subshell and `exit 1`
-# inside it would only abort that subshell — NOT the push — which was a
-# real governance defect in the pre-review version of this file.
+# Here-doc feeds the loop without creating a subshell, so an `exit 1`
+# inside the loop terminates the hook and blocks the push. A pipeline
+# would run the loop in a subshell and `exit 1` inside it would only
+# abort that subshell — NOT the push — which was a real governance
+# defect in the pre-review version of this file.
 while IFS=' ' read -r local_ref local_sha remote_ref remote_sha; do
   [ -z "${local_sha:-}" ] && continue
   # Branch deletion: local_sha is 40 zeros. Skip protected-path check.
@@ -103,26 +105,21 @@ while IFS=' ' read -r local_ref local_sha remote_ref remote_sha; do
     if [ ! -f "$AUDIT_LOG" ]; then
       printf 'PUSH BLOCKED: protected paths changed but no audit log found at %s\n' "$AUDIT_LOG" >&2
       printf '  Run /codex-review on HEAD %s before pushing.\n' "$local_sha" >&2
-      block_push=1
-      continue
+      exit 1
     fi
     # Require both (a) a `codex.review` tool_name and (b) the exact head_sha
     # on the same JSONL line. The `codex.review` pattern ends with a closing
-    # quote, so `codex.review.skipped` never satisfies the gate.
+    # quote, so `codex.review.skipped` never satisfies the gate. The first
+    # refspec that fails this check aborts the hook — no accumulator needed.
     if ! grep -E '"tool_name":"codex\.review"' "$AUDIT_LOG" 2>/dev/null | \
          grep -qF "\"head_sha\":\"$local_sha\""; then
       printf 'PUSH BLOCKED: protected paths changed — /codex-review required for HEAD %s\n' "$local_sha" >&2
       printf '  Run /codex-review, or set REA_SKIP_CODEX_REVIEW=<reason> to bypass.\n' >&2
-      block_push=1
-      continue
+      exit 1
     fi
   fi
 done <<HOOK_INPUT_EOF
 $INPUT
 HOOK_INPUT_EOF
 
-if [ "$block_push" -ne 0 ]; then
-  exit 1
-fi
-
 exit 0

package/README.md

@@ -66,7 +66,10 @@ to build a separate package that composes with REA.
   `policy.yaml` is the maximum surface area — one outbound POST, opt-in.
 - **Not a daemon supervisor.** `rea serve` is started by Claude Code via
   `.mcp.json`. Claude Code owns the lifecycle. There is no `rea start`,
-  no `rea stop`, no pid file, no systemd unit.
+  no `rea stop`, no systemd unit. A short-lived `.rea/serve.pid`
+  breadcrumb is written at startup so `rea status` can detect a live
+  gateway — it is removed on graceful shutdown and never used for
+  locking or lifecycle management.
 - **Not a hosted service.** There is no REA Cloud, no SaaS tier, no
   multi-token workstreams, no workload isolation platform.
 - **Not a 70-agent roster.** 10 curated agents ship in the package. Four
@@ -132,6 +135,43 @@ install, `.mcp.json` gateway wiring, Codex plugin availability, and the
 integrity of the audit hash chain. It returns a pass/fail summary with
 specific remediation hints.
 
+### 4. Watch the running gateway
+
+```bash
+rea status              # human-readable summary
+rea status --json       # JSON — pipe to jq
+```
+
+`rea status` is the live-process view. It reads the pidfile written by
+`rea serve`, verifies the pid is alive, and surfaces the session id,
+policy summary (profile, autonomy, HALT state), and audit stats (lines,
+last timestamp, whether the tail record's hash looks well-formed). Use
+`rea check` when you want the pure on-disk view without probing for a
+live process.
+
+### 5. Optional Prometheus `/metrics` endpoint
+
+`rea serve` can expose a loopback-only Prometheus endpoint when the
+`REA_METRICS_PORT` environment variable is set:
+
+```bash
+REA_METRICS_PORT=9464 rea serve
+# in another shell
+curl http://127.0.0.1:9464/metrics
+```
+
+Metrics exposed: per-downstream call and error counters, in-flight
+gauge, audit-lines-appended counter, circuit-breaker state gauge, and a
+seconds-since-last-HALT-check gauge. The listener binds to `127.0.0.1`
+only, serves only `GET /metrics` (everything else is a fixed-body 404),
+and never binds by default — "no silent listeners" is a design rule.
+There is no TLS; scrape through SSH/a reverse proxy if you need
+cross-host access.
+
+Set `REA_LOG_LEVEL=debug` for verbose gateway logs; the default is
+`info`. Records are JSON lines on a non-TTY stderr and pretty-printed
+on an interactive terminal.
+
 ## Architecture
 
 ### Middleware chain

package/dist/cli/doctor.d.ts

@@ -1,4 +1,5 @@
 import { type CodexProbeState } from '../gateway/observability/codex-probe.js';
+import { type PrePushDoctorState } from './install/pre-push.js';
 export interface CheckResult {
     label: string;
     /**
@@ -9,6 +10,15 @@ export interface CheckResult {
     status: 'pass' | 'fail' | 'warn' | 'info';
     detail?: string;
 }
+/**
+ * G7: report the TOFU fingerprint-store state. Pass = every enabled server
+ * in the registry has a matching stored fingerprint. Warn = at least one
+ * server would be first-seen or drifted at next `rea serve`. Info = no
+ * enabled servers (nothing to fingerprint). Fail only for unreadable store.
+ *
+ * Exported so tests can drive this without spinning up the full `runDoctor`.
+ */
+export declare function checkFingerprintStore(baseDir: string): Promise<CheckResult>;
 /**
  * Translate a `CodexProbeState` into two doctor CheckResults: one for
  * responsiveness (pass/warn) and one informational line about the last
@@ -22,11 +32,16 @@ export declare function checksFromProbeState(state: CodexProbeState): CheckResul
  * `runDoctor`.
  *
  * `codexProbeState` is consulted ONLY when Codex is required by policy.
- * Callers that already have a fresh probe state (e.g. `runDoctor`) should
- * pass it; callers that don't (e.g. unit tests of the existing doctor
- * surface) can omit it and the probe-derived fields are skipped.
+ * `prePushState` is the pre-computed G6 pre-push inspection; when omitted
+ * the pre-push check is skipped entirely (older call sites that don't yet
+ * thread the state through keep working without behavioural change).
+ * Callers that already have fresh state (e.g. `runDoctor`) should pass
+ * both; callers that don't (e.g. unit tests of the existing doctor
+ * surface) can omit them and those checks are skipped.
+ *
+ * `activeForeign` always yields `fail` — a foreign hook bypassing the gate is a hard governance gap.
  */
-export declare function collectChecks(baseDir: string, codexProbeState?: CodexProbeState): CheckResult[];
+export declare function collectChecks(baseDir: string, codexProbeState?: CodexProbeState, prePushState?: PrePushDoctorState): CheckResult[];
 export interface RunDoctorOptions {
     /** When true, print a 7-day telemetry summary after the checks (G11.5). */
     metrics?: boolean;

package/dist/cli/doctor.js

@@ -2,7 +2,10 @@ import fs from 'node:fs';
 import path from 'node:path';
 import { loadPolicy } from '../policy/loader.js';
 import { loadRegistry } from '../registry/loader.js';
+import { loadFingerprintStore } from '../registry/fingerprints-store.js';
+import { fingerprintServer } from '../registry/fingerprint.js';
 import { CodexProbe, } from '../gateway/observability/codex-probe.js';
+import { inspectPrePushState, } from './install/pre-push.js';
 import { summarizeTelemetry } from '../gateway/observability/codex-telemetry.js';
 import { CLAUDE_MD_MANIFEST_PATH, SETTINGS_MANIFEST_PATH, enumerateCanonicalFiles, } from './install/canonical.js';
 import { buildFragment } from './install/claude-md.js';
@@ -40,6 +43,69 @@ function checkPolicyParses(baseDir, policyPath) {
         };
     }
 }
+/**
+ * G7: report the TOFU fingerprint-store state. Pass = every enabled server
+ * in the registry has a matching stored fingerprint. Warn = at least one
+ * server would be first-seen or drifted at next `rea serve`. Info = no
+ * enabled servers (nothing to fingerprint). Fail only for unreadable store.
+ *
+ * Exported so tests can drive this without spinning up the full `runDoctor`.
+ */
+export async function checkFingerprintStore(baseDir) {
+    const label = 'fingerprint store';
+    let registry;
+    try {
+        registry = loadRegistry(baseDir);
+    }
+    catch {
+        return {
+            label,
+            status: 'info',
+            detail: 'registry missing — no fingerprints to compare',
+        };
+    }
+    const enabled = registry.servers.filter((s) => s.enabled);
+    if (enabled.length === 0) {
+        return { label, status: 'info', detail: 'no enabled servers to fingerprint' };
+    }
+    let store;
+    try {
+        store = await loadFingerprintStore(baseDir);
+    }
+    catch (e) {
+        return {
+            label,
+            status: 'fail',
+            detail: e instanceof Error ? e.message : String(e),
+        };
+    }
+    let firstSeen = 0;
+    let drifted = 0;
+    for (const s of enabled) {
+        const stored = store.servers[s.name];
+        if (stored === undefined)
+            firstSeen += 1;
+        else if (stored !== fingerprintServer(s))
+            drifted += 1;
+    }
+    if (firstSeen === 0 && drifted === 0) {
+        return {
+            label,
+            status: 'pass',
+            detail: `${enabled.length} server(s) trusted`,
+        };
+    }
+    const parts = [];
+    if (firstSeen > 0)
+        parts.push(`${firstSeen} first-seen`);
+    if (drifted > 0)
+        parts.push(`${drifted} drifted`);
+    return {
+        label,
+        status: 'warn',
+        detail: `${parts.join(', ')} — next \`rea serve\` will block drift (set REA_ACCEPT_DRIFT=<name> to accept)`,
+    };
+}
 function checkRegistryParses(baseDir, registryPath) {
     if (!fs.existsSync(registryPath)) {
         return {
@@ -198,6 +264,86 @@ function checkCommitMsgHook(baseDir) {
         };
     }
 }
+/**
+ * G6 — Verify at least one pre-push hook is installed and executable AND
+ * actually wires the protected-path review gate.
+ *
+ * Three install shapes are acceptable:
+ *   1. `.git/hooks/pre-push` — vanilla git (no hooksPath). Must carry the
+ *      rea fallback marker or delegate to `push-review-gate.sh`.
+ *   2. `${core.hooksPath}/pre-push` — husky 9 or custom hooksPath. Same
+ *      governance rule.
+ *   3. `.husky/pre-push` is present on disk but only counts if husky has
+ *      configured `core.hooksPath=.husky`. A `.husky/pre-push` with an
+ *      unconfigured hooksPath is dead weight; we do NOT treat it as
+ *      sufficient.
+ *
+ * Two possible outcomes:
+ *   - `pass`: active hook exists, is executable, and governance-carrying
+ *     (rea-managed marker or direct gate delegation).
+ *   - `fail`: no active hook, active file is non-executable, OR the active
+ *     hook does not reference `.claude/hooks/push-review-gate.sh`. The last
+ *     case is the "silent bypass" state — a lint-only husky hook or a
+ *     pre-existing repo hook that bypasses the Codex audit gate entirely.
+ *     Always a hard fail; `rea init` can install the fallback if the user
+ *     removes or updates the existing hook.
+ *
+ * "Executable" is defined by any user/group/other exec bit, matching
+ * `checkHooksInstalled`.
+ */
+function checkPrePushHook(state) {
+    if (state.ok) {
+        const active = state.candidates.find((c) => c.path === state.activePath);
+        const kind = active?.reaManaged === true
+            ? 'rea-managed'
+            : active?.delegatesToGate === true
+                ? 'external (delegates to push-review-gate.sh)'
+                : 'external';
+        const detail = active !== undefined ? `${kind} at ${active.path}` : undefined;
+        return detail !== undefined
+            ? { label: 'pre-push hook installed', status: 'pass', detail }
+            : { label: 'pre-push hook installed', status: 'pass' };
+    }
+    if (state.activeForeign) {
+        // Executable file exists at the active path but does not carry
+        // governance — the parser could not confirm the review gate is
+        // invoked unconditionally. Always a hard fail.
+        //
+        // R13 F3: previously, a substring match of the gate path in the hook
+        // downgraded this to WARN. That was unsafe — any comment, echo, or
+        // dead string mentioning the path would mask a silent-bypass hook.
+        // The classifier now fails closed: either the structural parser
+        // (`referencesReviewGate` in `pre-push.ts`) recognizes a real
+        // invocation, or doctor reports fail.
+        return {
+            label: 'pre-push hook installed',
+            status: 'fail',
+            detail: `active pre-push at ${state.activePath} is present and executable but does NOT ` +
+                `reference \`.claude/hooks/push-review-gate.sh\` — the protected-path ` +
+                `Codex audit gate is silently bypassed. Either add ` +
+                '`exec .claude/hooks/push-review-gate.sh "$@"` to the existing hook, or ' +
+                'remove it and re-run `rea init` to install the fallback.',
+        };
+    }
+    const present = state.candidates
+        .filter((c) => c.exists)
+        .map((c) => `${c.path}${c.executable ? '' : ' (not executable)'}`);
+    if (present.length > 0) {
+        return {
+            label: 'pre-push hook installed',
+            status: 'fail',
+            detail: `no active pre-push hook. Files on disk: ${present.join(', ')}. ` +
+                'Run `rea init` to install the fallback, or configure `core.hooksPath=.husky` ' +
+                'if you are using husky.',
+        };
+    }
+    return {
+        label: 'pre-push hook installed',
+        status: 'fail',
+        detail: 'no pre-push hook found in `.git/hooks/`, configured `core.hooksPath`, or `.husky/`. ' +
+            'Run `rea init` to install the fallback.',
+    };
+}
 function checkCodexAgent(baseDir) {
     const agentPath = path.join(baseDir, '.claude', 'agents', 'codex-adversarial.md');
     if (fs.existsSync(agentPath))
@@ -277,11 +423,16 @@ function codexRequiredFromPolicy(baseDir) {
  * `runDoctor`.
  *
  * `codexProbeState` is consulted ONLY when Codex is required by policy.
- * Callers that already have a fresh probe state (e.g. `runDoctor`) should
- * pass it; callers that don't (e.g. unit tests of the existing doctor
- * surface) can omit it and the probe-derived fields are skipped.
+ * `prePushState` is the pre-computed G6 pre-push inspection; when omitted
+ * the pre-push check is skipped entirely (older call sites that don't yet
+ * thread the state through keep working without behavioural change).
+ * Callers that already have fresh state (e.g. `runDoctor`) should pass
+ * both; callers that don't (e.g. unit tests of the existing doctor
+ * surface) can omit them and those checks are skipped.
+ *
+ * `activeForeign` always yields `fail` — a foreign hook bypassing the gate is a hard governance gap.
  */
-export function collectChecks(baseDir, codexProbeState) {
+export function collectChecks(baseDir, codexProbeState, prePushState) {
     const policyPath = reaPath(baseDir, POLICY_FILE);
     const registryPath = reaPath(baseDir, REGISTRY_FILE);
     const reaDirPath = path.join(baseDir, REA_DIR);
@@ -294,6 +445,9 @@ export function collectChecks(baseDir, codexProbeState) {
         checkSettingsJson(baseDir),
         checkCommitMsgHook(baseDir),
     ];
+    if (prePushState !== undefined) {
+        checks.push(checkPrePushHook(prePushState));
+    }
     if (codexRequiredFromPolicy(baseDir)) {
         checks.push(checkCodexAgent(baseDir), checkCodexCommand(baseDir));
         if (codexProbeState !== undefined) {
@@ -486,7 +640,20 @@ export async function runDoctor(opts = {}) {
             probeState = undefined;
         }
     }
-    const checks = collectChecks(baseDir, probeState);
+    // G6 — inspect pre-push state. Never throws; unreadable files downgrade
+    // individual candidates but never break the whole check.
+    let prePushState;
+    try {
+        prePushState = await inspectPrePushState(baseDir);
+    }
+    catch {
+        prePushState = undefined;
+    }
+    const checks = collectChecks(baseDir, probeState, prePushState);
+    // G7: async fingerprint-store check. Kept out of `collectChecks` so the
+    // existing sync contract stays intact for downstream consumers; appended
+    // here so runDoctor surfaces it inline.
+    checks.push(await checkFingerprintStore(baseDir));
     console.log('');
     log(`Doctor — ${baseDir}`);
     console.log('');

package/dist/cli/index.js

@@ -6,6 +6,7 @@ import { runDoctor } from './doctor.js';
 import { runFreeze, runUnfreeze } from './freeze.js';
 import { runInit } from './init.js';
 import { runServe } from './serve.js';
+import { runStatus } from './status.js';
 import { runUpgrade } from './upgrade.js';
 import { err, getPkgVersion } from './utils.js';
 async function main() {
@@ -53,7 +54,7 @@ async function main() {
     });
     program
         .command('serve')
-        .description('Start the MCP gateway (stub — prints status, verifies policy loads).')
+        .description('Start the MCP gateway — stdio server that proxies downstream MCPs declared in .rea/registry.yaml through the middleware chain.')
         .action(async () => {
         await runServe();
     });
@@ -77,6 +78,13 @@ async function main() {
         .action(() => {
         runCheck();
     });
+    program
+        .command('status')
+        .description('Running-process view — is `rea serve` live for this project? Session id, policy summary, audit stats. Use `rea check` for the on-disk view.')
+        .option('--json', 'emit JSON instead of the pretty table (composes with jq)')
+        .action((opts) => {
+        runStatus({ json: opts.json });
+    });
     const audit = program
         .command('audit')
         .description('Audit log operations — rotate and verify .rea/audit.jsonl (G1).');

package/dist/cli/init.js

@@ -7,6 +7,8 @@ import { HARD_DEFAULTS, loadProfile, mergeProfiles } from '../policy/profiles.js
 import { copyArtifacts } from './install/copy.js';
 import { canonicalSettingsSubsetHash, defaultDesiredHooks, mergeSettings, readSettings, writeSettingsAtomic, } from './install/settings-merge.js';
 import { installCommitMsgHook } from './install/commit-msg.js';
+import { installPrePushFallback } from './install/pre-push.js';
+import { CodexProbe } from '../gateway/observability/codex-probe.js';
 import { buildFragment, writeClaudeMdFragment } from './install/claude-md.js';
 import { CLAUDE_MD_MANIFEST_PATH, SETTINGS_MANIFEST_PATH, enumerateCanonicalFiles, } from './install/canonical.js';
 import { writeManifestAtomic } from './install/manifest-io.js';
@@ -188,6 +190,48 @@ async function runWizard(options, targetDir, reagentPolicyPath, layeredBase) {
         reagentNotices: [],
     };
 }
+/**
+ * G6 — Codex install-assist probe.
+ *
+ * Runs a single {@link CodexProbe} attempt and prints a guidance block when
+ * the CLI is NOT responsive. Behavior:
+ *
+ *   - `cli_responsive === true`  → print a single-line "Codex CLI detected"
+ *     acknowledgement (informational, not verbose).
+ *   - `cli_responsive === false` → print a 4-line install guidance block
+ *     naming the Claude Code helper that installs Codex.
+ *
+ * Failure of the probe itself is never fatal — a hung CLI must not stall
+ * `rea init`. The probe class already caps each subcommand at 2s/5s. Any
+ * throw bubbling out here is caught and treated as "not responsive".
+ *
+ * We deliberately reference the user-visible helper path (`/codex:setup`)
+ * rather than shelling out to install Codex ourselves. `rea init` does not
+ * auto-install third-party tooling; the operator signs off.
+ */
+async function printCodexInstallAssist() {
+    let responsive = false;
+    let versionLine;
+    try {
+        const state = await new CodexProbe().probe();
+        responsive = state.cli_responsive;
+        versionLine = state.version;
+    }
+    catch {
+        // probe() is documented as never-throws, but belt-and-suspenders.
+        responsive = false;
+    }
+    console.log('');
+    if (responsive) {
+        const suffix = versionLine !== undefined ? ` (${versionLine})` : '';
+        console.log(`Codex CLI detected${suffix}.`);
+        return;
+    }
+    console.log('Codex CLI not detected on PATH.');
+    console.log('  Adversarial review via `/codex-review` requires the Codex plugin.');
+    console.log('  Install via the Claude Code Codex plugin helper: `/codex:setup`,');
+    console.log('  or set `review.codex_required: false` in .rea/policy.yaml to opt out.');
+}
 function writePolicyYaml(targetDir, config, layered) {
     const policyPath = path.join(targetDir, REA_DIR, POLICY_FILE);
     const installedBy = process.env.USER ?? os.userInfo().username ?? 'unknown';
@@ -213,6 +257,14 @@ function writePolicyYaml(targetDir, config, layered) {
     if (layered.injection_detection !== undefined) {
         lines.push(`injection_detection: ${layered.injection_detection}`);
     }
+    // G9: preserve `injection.suspicious_blocks_writes` when the layered profile
+    // pinned it (bst-internal/bst-internal-no-codex pin `true`). External profiles
+    // leave this unset so the policy loader's schema default (`false`) applies,
+    // which keeps 0.2.x consumers from being silently tightened on upgrade.
+    if (layered.injection?.suspicious_blocks_writes !== undefined) {
+        lines.push(`injection:`);
+        lines.push(`  suspicious_blocks_writes: ${layered.injection.suspicious_blocks_writes ? 'true' : 'false'}`);
+    }
     if (layered.context_protection !== undefined) {
         lines.push(`context_protection:`);
         const cp = layered.context_protection;
@@ -243,6 +295,21 @@ function writeRegistryYaml(targetDir) {
     const content = [
         `# .rea/registry.yaml — downstream MCP servers proxied through rea serve.`,
         `# Every entry below is subject to the same middleware chain as native tool calls.`,
+        `#`,
+        `# env: values support \${VAR} interpolation against rea-serve's own process.env.`,
+        `# If a referenced var is unset at startup, the affected server fails to start`,
+        `# (the rest of the gateway still comes up). Only the curly-brace form is`,
+        `# supported — no $VAR, no defaults, no command substitution.`,
+        `#`,
+        `# Example (uncomment and export the vars in your shell before running \`rea serve\`):`,
+        `#`,
+        `#   - name: discord-ops`,
+        `#     command: npx`,
+        `#     args: ['-y', 'discord-ops@latest']`,
+        `#     env:`,
+        `#       BOOKED_DISCORD_BOT_TOKEN: '\${BOOKED_DISCORD_BOT_TOKEN}'`,
+        `#       CLARITY_DISCORD_BOT_TOKEN: '\${CLARITY_DISCORD_BOT_TOKEN}'`,
+        `#     enabled: false  # flip to true after exporting the tokens`,
         `version: "1"`,
         `servers: []`,
         ``,
@@ -387,6 +454,7 @@ export async function runInit(options) {
     const mergeResult = mergeSettings(settings, desired);
     await writeSettingsAtomic(settingsPath, mergeResult.merged);
     const commitMsgResult = await installCommitMsgHook(targetDir);
+    const prePushResult = await installPrePushFallback(targetDir);
     const fragmentInput = {
         policyPath: `.${path.sep}rea${path.sep}policy.yaml`.replace(/\\/g, '/'),
         profile: config.profile,
@@ -410,6 +478,14 @@ export async function runInit(options) {
         console.log(`  + ${path.relative(targetDir, commitMsgResult.gitHook)}`);
     if (commitMsgResult.huskyHook)
         console.log(`  + ${path.relative(targetDir, commitMsgResult.huskyHook)}`);
+    if (prePushResult.written !== undefined) {
+        const verb = prePushResult.decision.action === 'refresh' ? '~' : '+';
+        console.log(`  ${verb} ${path.relative(targetDir, prePushResult.written)} (pre-push fallback)`);
+    }
+    else if (prePushResult.decision.action === 'skip' &&
+        prePushResult.decision.reason === 'active-pre-push-present') {
+        console.log(`  = ${path.relative(targetDir, prePushResult.decision.hookPath)} (active pre-push already present — skipped fallback)`);
+    }
     console.log(`  ${mdResult.replaced ? '~' : '+'} ${path.relative(targetDir, mdResult.path)} (fragment ${mdResult.replaced ? 'replaced' : 'written'})`);
     console.log(`  + ${path.relative(targetDir, manifestPath)}`);
     if (mergeResult.warnings.length > 0) {
@@ -419,15 +495,25 @@ export async function runInit(options) {
     }
     for (const w of commitMsgResult.warnings)
         warn(w);
+    for (const w of prePushResult.warnings)
+        warn(w);
     for (const n of config.reagentNotices)
         warn(n);
-    // G11.4: when Codex review is disabled, print a durable notice. Mentions
-    // the exact edit path so the operator can flip back later without having
-    // to re-run init. (Coupling note: a future G6-style "Codex install
-    // assist" prompt belongs here too, and should short-circuit when
-    // codex_required is false — do not invoke install-assist in no-codex
-    // mode.)
-    if (!config.codexRequired) {
+    // G6 + G11.4: Codex install-assist.
+    //
+    // Split by codex_required:
+    //   - codex_required=true  → probe the CLI; if it is not responsive, print
+    //                            a clear "install Codex" guidance block so the
+    //                            operator knows why /codex-review will fail.
+    //   - codex_required=false → skip the probe entirely and print the
+    //                            existing "Codex review disabled" notice.
+    //                            Probing here is pointless (wasted 2s) and
+    //                            actively confusing — no-codex mode is a
+    //                            supported first-class configuration.
+    if (config.codexRequired) {
+        await printCodexInstallAssist();
+    }
+    else {
         console.log('');
         console.log('Codex review disabled. ClaudeSelfReviewer will be used.');
         console.log('  Set review.codex_required: true in .rea/policy.yaml to re-enable.');