@bookedsolid/rea 0.41.0 → 0.42.0

package/MIGRATING.md

@@ -389,6 +389,145 @@ per finding and produces more consistent verdicts — fewer
 same-code-different-verdict round-trips. Trade-off is push-gate
 latency.
 
+## Node-binary hook scanner (added in 0.32.0)
+
+Pre-0.32.0 every `.claude/hooks/*.sh` carried the full gate body in
+bash. Adversarial review consistently caught bash-only edge cases that
+were structurally unfixable in shell — multi-line awk encodings,
+ANSI-C escapes, deep nested-shell decoding. 0.32.0 pivoted the entire
+hook surface to a Node-binary scanner: hooks became thin shims (~20-80
+LOC each) that delegate the actual gate work to `rea hook <name>` —
+which runs the canonical scanner inside `dist/cli/index.js`.
+
+**Consumer impact:**
+
+- Run `pnpm install` (or `npm install`) after upgrading to 0.32.0+ so
+  `dist/cli/index.js` is built and the shims have something to call.
+- `.claude/hooks/*.sh` files on disk are noticeably smaller after
+  `rea upgrade`; this is the canonical post-0.32.0 shape, not a
+  truncation. `rea doctor` will tell you if a shim is the wrong
+  vintage.
+- The audit trail is unchanged: hooks still emit `rea.bash_scan`-class
+  records to `.rea/audit.jsonl` with the same field shape.
+- Performance is materially better — single Node startup per scan
+  instead of an awk/sed pipeline per pattern.
+
+If `rea doctor` reports `policy-reader Tier 1 (rea CLI)` as `warn:
+dist not found`, you skipped the build step. Run `pnpm install`.
+
+## Graceful-degradation policy reader (added in 0.37.0)
+
+The shimmed hooks need to read `.rea/policy.yaml` from a bash context
+that may or may not have python3, jq, or rea's CLI on PATH. 0.37.0
+formalized a 4-tier reader ladder:
+
+1. **Tier 1** — `rea hook policy-get` (requires `dist/cli/index.js`)
+2. **Tier 2** — `python3 + stdlib yaml` (PyYAML) — handles flow-form
+3. **Tier 3** — POSIX `awk` block-form parser (the always-available floor)
+4. **Fail-closed** — every tier unreachable: shim refuses the action
+
+Tier 1 → 2 → 3 fallthrough is silent at hook-runtime; that's
+intentional (graceful degradation), but means an unreachable Tier 1 +
+unreachable Tier 2 can silently downgrade flow-form policy lookups to
+block-form-only. `rea doctor` (0.39.0+) surfaces all three tier
+reachabilities so you can spot the gap.
+
+**Consumer impact:**
+
+- If you use FLOW-form YAML for any policy block (e.g.
+  `blocked_paths: [.env, ".env.*"]`), make sure either the rea CLI
+  dist is present OR `python3 + PyYAML` is installed. With ONLY awk
+  reachable, flow-form lookups silently no-op on every shim
+  fallthrough path and your declared policy isn't enforced.
+- Install PyYAML on CI runners: `pip3 install pyyaml`. On consumer
+  developer machines, it's almost always already present (macOS ships
+  it; major Linux distros bundle it with python3).
+- For list-valued policy keys (`blocked_paths`, `protected_writes`),
+  the loader iterates the resulting JSON via jq OR python3. Have at
+  least one on PATH or `rea doctor` (0.42.0+) will report `fail` on
+  the `policy-reader Tier 3 (awk)` row with a list-walker-specific
+  remediation message.
+
+## Shim runtime extraction (added in 0.38.0)
+
+Cosmetic-only refactor: every `.claude/hooks/*.sh` shim now sources
+`hooks/_lib/shim-runtime.sh` for shared boilerplate (env loading,
+tier classification, audit-event emission). **No consumer action
+required** — the change is byte-equivalent at the gate surface. New
+shims you author can adopt the same runtime by sourcing the shared
+helper; documented in the shim authoring guide.
+
+## Doctor health surfaces for the policy reader (added in 0.39.0)
+
+`rea doctor` gained explicit reachability checks for the 4-tier
+ladder, the dist invokability probe, and a sandbox-containment check
+on the resolved `dist/cli/index.js` path. Output lines you'll see:
+
+- `policy-reader Tier 1 (rea CLI)` — pass/warn based on dist
+  presence + actual invocation
+- `policy-reader Tier 2 (python3 + PyYAML)` — pass/warn based on
+  python3 + import yaml succeeding
+- `policy-reader Tier 3 (awk)` — pass when awk present; warn or
+  fail conditional on whether other tiers cover the gap (0.40.0
+  refined the verdict logic; 0.42.0 hardened the list-walker
+  predicate)
+- `policy-reader effective floor` — summary verdict across all three
+- `policy-reader jq (JSON accelerator)` — info-level, calls out
+  Tier 1/2 perf when jq is absent
+
+**Consumer action:** run `rea doctor` after each upgrade. The lines
+above accurately reflect what your shims will do at runtime — a
+`warn` is not a hard failure but signals a posture worth knowing
+about (e.g. flow-form policy silently no-ops). A `fail` on any tier
+row IS a hard failure that the doctor exits non-zero on.
+
+## Upgrade preview + audit summary (added in 0.41.0)
+
+Two new consumer-facing commands rolled out:
+
+### `rea upgrade --check`
+
+Dry-run preview of what `rea upgrade` would write, file-by-file, with
+unified diffs. JSON output via `--json`. Always exits 0 — this is a
+preview, not a gate. Use it before any non-trivial rea upgrade to
+sanity-check the diff:
+
+```bash
+rea upgrade --check                       # human-readable table + diffs
+rea upgrade --check --json                # machine-readable for CI
+rea upgrade --check --no-diff             # counts + paths only
+```
+
+0.42.0 added the same settings-schema validation that `rea upgrade`
+itself runs — if the merged settings would fail schema parse (typo'd
+hook event, malformed hook command, …), the preview surfaces the
+`WOULD REFUSE` message rather than promising a write the real
+upgrade would refuse. The `settings_validation` field in the JSON
+output carries the structured outcome.
+
+### `rea audit summary`
+
+High-level rollup of the audit log: counts by `tool_name`, `tier`,
+`status`, `session`, the time window covered, and a sample-verified
+chain-integrity check. `--since <duration>` (e.g. `24h`, `7d`, `2w`)
+narrows to a recent window:
+
+```bash
+rea audit summary                         # all time
+rea audit summary --since 24h             # last 24 hours
+rea audit summary --since 7d --json       # last week, JSON
+```
+
+0.42.0 hardened the rotated-file walk: pre-0.42.0 `--since` pruned
+rotated audit segments by filename stamp, which is wall-clock at the
+rotation INSTANT — not the earliest record contained. A rotated file
+from N days ago can contain records from N+M days ago when the
+rotation cycle was long, so pruning by filename silently dropped
+in-window records. Post-0.42.0 the walker reads every rotated file
+under `--since` and lets the per-record timestamp filter drop the
+out-of-window entries. Correctness over micro-optimization;
+`rea audit summary` performance is unchanged in practice.
+
 ## Policy knobs worth setting
 
 For consumers with a long-running migration branch (>30 commits since

package/dist/cli/audit-summary.d.ts

@@ -81,6 +81,21 @@ export interface AuditSummaryResult {
     window_end: string | null;
     /** Absolute paths of audit files walked. */
     files_scanned: string[];
+    /**
+     * 0.42.0 codex round 4 P2 + round 6 P2 (2026-05-16) — reserved for
+     * future use; ALWAYS EMPTY in 0.42.0. The original intent (round 4)
+     * was to soft-skip rotated segments that the operator could not
+     * read (e.g. EACCES/EPERM after a backup restore). Round 6 showed
+     * the soft-skip was unsound: without per-segment time-range
+     * metadata we cannot prove a skipped file is out-of-scope for the
+     * `--since` window, so a silent skip risks an undercount + a
+     * misleading `chain_integrity: ok`. The current implementation
+     * therefore throws on any non-ENOENT read error; this field is
+     * kept in the public schema so a future release that ships
+     * per-segment time-range metadata can populate it without breaking
+     * JSON consumers.
+     */
+    unreadable_segments: string[];
     total_events: number;
     by_tool_name: Record<string, number>;
     by_tier: Record<string, number>;

package/dist/cli/audit-summary.js

@@ -118,48 +118,49 @@ export function parseDurationSeconds(raw) {
  *     PLUS the current `audit.jsonl`. Round-1 P2: the prior shape
  *     dropped rotated history silently while the header still
  *     advertised "all time", undercounting long-lived repos.
- *   - `windowStart` set: walk every rotated file whose basename
- *     timestamp >= the cutoff, PLUS one rotated file immediately
- *     before the cutoff (the in-flight file at cutoff time may
- *     contain in-window records).
+ *   - `windowStart` set: walk EVERY rotated file. The per-record
+ *     timestamp filter inside `computeAuditSummary` then drops
+ *     out-of-window records during the scan. 0.41.0 round-3 P2 +
+ *     0.42.0 charter item 3: rotated filenames are NOT authoritative
+ *     for "earliest contained record" — they are wall-clock at the
+ *     ROTATION INSTANT, which can be days after the file's earliest
+ *     contents when the rotation size cap is reached late. Pruning
+ *     by filename therefore drops in-window records from
+ *     conservatively-rotated logs (a rotated file from 7 days ago can
+ *     still contain records from 14 days ago because the previous
+ *     rotation event was 14 days ago). The cost of walking every
+ *     rotated segment under `--since` is bounded by the rotation cap
+ *     × number of segments — comfortably manageable in the
+ *     summary-rollup setting where we already read every byte for
+ *     the in-window scan; the win is correctness.
  *
- * Sort order is timestamp-ascending; the current `audit.jsonl` is
- * always appended last (it is the newest segment of the chain).
+ * Sort order is timestamp-ascending (by FILENAME stamp); the current
+ * `audit.jsonl` is always appended last (it is the newest segment
+ * of the chain).
  */
 async function resolveSummaryFileWalk(baseDir, windowStart) {
     const reaDir = path.join(baseDir, REA_DIR);
     const currentAudit = path.join(reaDir, AUDIT_FILE);
     const files = [];
     const rotated = await listRotatedAuditFiles(reaDir);
-    if (windowStart === null) {
-        // Walk every rotated segment. The "all time" header would be a
-        // lie otherwise.
-        for (const name of rotated)
-            files.push(path.join(reaDir, name));
-    }
-    else {
-        // Rotated filenames are `audit-YYYYMMDD-HHMMSS(-N).jsonl` in UTC.
-        // We treat each filename as "rotated at this instant" and include
-        // every file rotated >= windowStart, plus one file immediately
-        // before windowStart (the in-flight file at cutoff time may
-        // contain in-window records).
-        const stampToDate = (name) => {
-            const m = /^audit-(\d{4})(\d{2})(\d{2})-(\d{2})(\d{2})(\d{2})/.exec(name);
-            if (m === null)
-                return null;
-            const iso = `${m[1]}-${m[2]}-${m[3]}T${m[4]}:${m[5]}:${m[6]}Z`;
-            const d = new Date(iso);
-            return Number.isNaN(d.getTime()) ? null : d;
-        };
-        const cutoffIdx = rotated.findIndex((n) => {
-            const d = stampToDate(n);
-            return d !== null && d >= windowStart;
-        });
-        const startIdx = cutoffIdx === -1 ? Math.max(0, rotated.length - 1) : Math.max(0, cutoffIdx - 1);
-        for (const name of rotated.slice(startIdx)) {
-            files.push(path.join(reaDir, name));
-        }
-    }
+    // Both `windowStart === null` and `windowStart` set: walk every
+    // rotated segment. Pre-0.42.0 the `windowStart` branch attempted to
+    // prune rotated files by their filename stamp ("rotated at >=
+    // windowStart minus one buffer file"). That was wrong: the filename
+    // stamp marks the ROTATION event, not the earliest record contained
+    // in the file. A rotated file's records can pre-date its filename
+    // stamp by days when the previous rotation cycle was long. Walking
+    // every rotated file and letting the per-record `timestamp >=
+    // windowStart` filter inside `computeAuditSummary` decide is the
+    // only correct approach: we never falsely drop an in-window record
+    // because of where it happens to live on disk. Reference:
+    // 0.41.0 round-3 P2 + 0.42.0 charter item 3.
+    //
+    // `windowStart === null` (no --since) already walks every rotated
+    // segment — same code path.
+    void windowStart; // intentionally unused — full-walk is correct in both modes
+    for (const name of rotated)
+        files.push(path.join(reaDir, name));
     try {
         const stat = await fs.stat(currentAudit);
         if (stat.isFile())
@@ -261,16 +262,52 @@ export async function computeAuditSummary(options = {}) {
     let latest = null;
     // We only feed in-window records to the chain-sample check.
     const inWindowRecords = [];
+    // 0.42.0 codex round 4 P2 + round 6 P2 (2026-05-16): reserved for
+    // future per-segment time-range metadata that would let us prove a
+    // skipped file is out of scope. Always empty under 0.42.0 — see
+    // the AuditSummaryResult.unreadable_segments docstring.
+    const unreadableSegments = [];
+    // We rebuild the actually-read file list as we go so the summary
+    // never claims to have scanned a file that was silently skipped.
+    // (Currently identical to `files` minus ENOENT entries since every
+    // other read error throws — kept as a separate accumulator so the
+    // shape stays correct when the future `unreadable_segments`
+    // soft-skip path lands.)
+    const actuallyScanned = [];
     for (const filePath of files) {
         let raw;
         try {
             raw = await fs.readFile(filePath, 'utf8');
         }
         catch (e) {
-            if (e.code === 'ENOENT')
+            const errno = e.code;
+            if (errno === 'ENOENT')
                 continue;
-            throw e;
+            // 0.42.0 codex round 4 P2 + round 5 P2 + round 6 P2 (2026-05-16):
+            // earlier rounds attempted to soft-skip unreadable rotations to
+            // accommodate backup-restore artifacts. Round 6 caught that the
+            // soft-skip is unsound: `resolveSummaryFileWalk` now enqueues
+            // every rotated segment under `--since` (filename-stamp pruning
+            // was correctly removed because the stamp marks the rotation
+            // event, not the earliest record contained), so we CANNOT prove
+            // an unreadable file is out of scope without reading it. A
+            // silent skip would mean `rea audit summary` could exit 0 with
+            // an undercount AND `chain_integrity: ok` while real in-window
+            // records went uncounted.
+            //
+            // Throwing with a precise, actionable error is the right call:
+            // the operator can chmod the file, move it out of .rea/, or
+            // delete it. `unreadable_segments` in the result is reserved
+            // for the never-reached future case where we can prove a file
+            // is genuinely out of scope (we'd need rotation start/end
+            // metadata for that — out of scope here).
+            throw new Error(`rea audit summary: cannot read ${filePath} (${errno ?? 'unknown errno'}). ` +
+                `An unreadable audit segment may contain in-window records, so the summary ` +
+                `would be silently incomplete. Fix permissions (e.g. \`chmod u+r ${filePath}\`), ` +
+                `or move the file out of \`.rea/\` if you no longer need it. The current ` +
+                `audit.jsonl is always required.`);
         }
+        actuallyScanned.push(filePath);
         for (const line of raw.split('\n')) {
             if (line.length === 0)
                 continue;
@@ -322,7 +359,12 @@ export async function computeAuditSummary(options = {}) {
         window_seconds: windowSeconds,
         window_start: windowStart !== null ? windowStart.toISOString() : null,
         window_end: windowEnd !== null ? windowEnd.toISOString() : null,
-        files_scanned: files,
+        // 0.42.0 codex round 4 P2: report only the files actually read.
+        // Unreadable rotations are reported separately under
+        // `unreadable_segments` so consumers can tell the difference
+        // between "scanned and empty" and "skipped because permissions".
+        files_scanned: actuallyScanned,
+        unreadable_segments: unreadableSegments,
         total_events: totalEvents,
         by_tool_name: byToolName,
         by_tier: byTier,
@@ -387,6 +429,13 @@ export function renderAuditSummary(result) {
             lines.push('(no audit files found — has `rea serve` ever run?)');
             lines.push('');
         }
+        // 0.42.0 codex round 4 P2: even in the zero-events early-return,
+        // surface unreadable segments so the operator sees the gap.
+        if (result.unreadable_segments.length > 0) {
+            lines.push(`unreadable rotated segments: ${String(result.unreadable_segments.length)} ` +
+                `(see stderr for paths; fix permissions and re-run to include them)`);
+            lines.push('');
+        }
         return lines.join('\n');
     }
     const total = result.total_events;
@@ -409,6 +458,13 @@ export function renderAuditSummary(result) {
             : 'unsampled (no records in window)';
     lines.push(`chain integrity: ${chainLabel}`);
     lines.push(`files scanned:   ${String(result.files_scanned.length)}`);
+    // 0.42.0 codex round 4 P2 (2026-05-16): surface unreadable rotated
+    // segments so an operator scanning the rendered summary doesn't
+    // miss a skipped archive that the JSON consumers can see.
+    if (result.unreadable_segments.length > 0) {
+        lines.push(`unreadable rotated segments: ${String(result.unreadable_segments.length)} ` +
+            `(see stderr for paths; fix permissions and re-run to include them)`);
+    }
     lines.push('');
     return lines.join('\n');
 }

package/dist/cli/doctor.d.ts

@@ -138,6 +138,26 @@ export interface PolicyReaderProbes {
      * ignore the argument; the default production probe uses it.
      */
     python3PyYamlReachable?: (baseDir: string) => boolean;
+    /**
+     * 0.42.0 codex round 5 P2 (2026-05-16) — execution probe for the
+     * python3 list-walker branch in `policy_reader_get_list`. That
+     * branch needs to spawn `python3 -c "..."` with `import json` from
+     * stdlib; PyYAML is irrelevant. The check is execution-based (not
+     * PATH-only) because a `python3` symlink can resolve on PATH but
+     * fail to start in the current sandbox (dangling pyenv/asdf stub,
+     * permission-denied interpreter, missing dynamic libs). A PATH-only
+     * check would let the doctor declare `warn` on a box where the
+     * shim will actually fall through to Tier 3 — masking a real
+     * enforcement gap for list-valued policy keys.
+     *
+     * The probe runs `python3 -c "import json; print('ok')"` with the
+     * same env scrub as the PyYAML probe (PYTHONPATH/PYTHONHOME/
+     * PYTHONSTARTUP unset, PYTHONSAFEPATH=1, sys.path scrubbed) so a
+     * malicious repo cannot plant a `./json.py` that shadows stdlib
+     * and falsely report `true` while the real loader (which scrubs)
+     * fails.
+     */
+    python3ListWalkerReachable?: (baseDir: string) => boolean;
     awkOnPath?: () => string | null;
     jqOnPath?: () => string | null;
 }
@@ -183,12 +203,12 @@ export declare function checkPolicyReaderTier2(baseDir: string, probes?: PolicyR
  * Practically always present (POSIX requirement).
  *
  * 0.40.0 charter item 2 — conditional verdict, refined by codex
- * round 1 P2:
+ * round 1 P2 (0.40.0) and round 2 P2 (0.42.0):
  *   - awk present                                            → `pass`
  *   - awk absent AND Tier 2 reachable                        → `warn`
  *     (Tier 2 implies python3, which is a list-walker)
  *   - awk absent AND Tier 1 reachable AND a list walker
- *     (jq OR python3) is on PATH                             → `warn`
+ *     (jq OR full Tier-2 reachable) is usable                → `warn`
  *   - awk absent AND Tier 1 reachable BUT no list walker     → `fail`
  *     (codex round 1 P2 — list-valued policy reads silently
  *     fail-closed even though scalar reads work, so the
@@ -207,9 +227,29 @@ export declare function checkPolicyReaderTier2(baseDir: string, probes?: PolicyR
  * functional box that has python3 + jq + the rea CLI all wired but
  * happens to lack awk.
  *
+ * List-iteration semantic (clarifying note for codex round 2 P2,
+ * 2026-05-16): `policy_reader_get_list` in
+ * `hooks/_lib/policy-reader.sh` walks the cached subtree JSON via
+ * `jq` OR `python3` (stdlib-only — `json` module, no PyYAML import).
+ * PyYAML is only needed for Tier 2 itself (YAML PARSING into JSON),
+ * NOT for iterating the already-parsed JSON arrays at list-read time.
+ *
+ * Codex round 5 P2 (2026-05-16): the "list walker" predicate uses
+ * `python3ListWalkerReachable` — an EXECUTION probe that actually
+ * spawns `python3 -c "import json"` — instead of `python3OnPath`. A
+ * PATH-only check passes for broken pyenv/asdf shims, dangling
+ * symlinks, and sandboxed environments where the interpreter cannot
+ * start; in those cases the shim's list-walker branch would actually
+ * fail and `blocked_paths`/`protected_writes` enforcement would
+ * silently break while doctor reported `warn`. The execution probe
+ * mirrors `defaultPython3PyYamlReachable` exactly but swaps the
+ * `import yaml` for `import json` so it's not gated on PyYAML
+ * availability (which is irrelevant to list iteration).
+ *
  * Takes `baseDir` so it can evaluate Tier 1's two-stage check (dist
- * present + CLI invokable) and Tier 2's reachability. Probes are
- * threaded through identically.
+ * present + CLI invokable), Tier 2's reachability, and the
+ * list-walker execution probe. All probes are threaded through
+ * identically.
  */
 export declare function checkPolicyReaderTier3(baseDir: string, probes?: PolicyReaderProbes): CheckResult;
 /**

package/dist/cli/doctor.js

@@ -1264,18 +1264,74 @@ function defaultPython3PyYamlReachable(baseDir) {
         return false;
     }
 }
+/**
+ * 0.42.0 codex round 5 P2 (2026-05-16) — execution probe for the
+ * python3 list-walker. Mirrors `defaultPython3PyYamlReachable` exactly
+ * but swaps the `import yaml` for `import json` (the actual stdlib
+ * module the shim's list-walker branch imports). Spawning the
+ * interpreter end-to-end catches the broken-symlink / unreachable-
+ * shim case that a bare PATH check misses.
+ */
+function defaultPython3ListWalkerReachable(baseDir) {
+    try {
+        const probeEnv = { ...process.env, PYTHONSAFEPATH: '1' };
+        delete probeEnv['PYTHONPATH'];
+        delete probeEnv['PYTHONHOME'];
+        delete probeEnv['PYTHONSTARTUP'];
+        // Same sys.path scrub as the production loader, applied before
+        // `import json`. `json` is stdlib so a malicious `./json.py`
+        // attack would matter the same way `./yaml.py` does.
+        const probeBody = [
+            'import sys',
+            'import os',
+            '_cwd = os.getcwd()',
+            '_cwd_real = os.path.realpath(_cwd)',
+            'sys.path[:] = [p for p in sys.path if p not in ("", ".", _cwd, _cwd_real)]',
+            'import json',
+            'sys.stdout.write("ok")',
+        ].join('\n');
+        const res = spawnSync('python3', ['-c', probeBody], {
+            cwd: baseDir,
+            env: probeEnv,
+            timeout: 5_000,
+            stdio: ['ignore', 'pipe', 'ignore'],
+        });
+        if (res.status !== 0)
+            return false;
+        return (res.stdout?.toString().trim() ?? '') === 'ok';
+    }
+    catch {
+        return false;
+    }
+}
 const DEFAULT_PROBES = {
     cliDistExists: defaultCliDistExists,
     cliInvokable: defaultCliInvokable,
     python3OnPath: () => resolveBinaryOnPath('python3'),
     python3PyYamlReachable: defaultPython3PyYamlReachable,
+    python3ListWalkerReachable: defaultPython3ListWalkerReachable,
     awkOnPath: () => resolveBinaryOnPath('awk'),
     jqOnPath: () => resolveBinaryOnPath('jq'),
 };
 function resolveProbes(probes) {
     if (probes === undefined)
         return DEFAULT_PROBES;
-    return { ...DEFAULT_PROBES, ...probes };
+    // 0.42.0 codex round 5 P2 (2026-05-16): when a caller (typically
+    // a unit test) stubs `python3OnPath` but does NOT stub the new
+    // `python3ListWalkerReachable` execution probe, derive a faithful
+    // fallback from `python3OnPath` instead of falling through to the
+    // real `defaultPython3ListWalkerReachable` (which would spawn a
+    // python3 subprocess and break test determinism). The convention
+    // matches `python3PyYamlReachable` in the existing test suite:
+    // stubs that say "python3 is present" want both downstream probes
+    // to report reachable, and stubs that say "python3 is absent" want
+    // both downstream probes to report unreachable.
+    const overrides = { ...probes };
+    if (overrides.python3ListWalkerReachable === undefined && overrides.python3OnPath !== undefined) {
+        const stubbedPython3OnPath = overrides.python3OnPath;
+        overrides.python3ListWalkerReachable = () => stubbedPython3OnPath() !== null;
+    }
+    return { ...DEFAULT_PROBES, ...overrides };
 }
 /**
  * Tier 1 — `rea hook policy-get`. Reachable when the rea CLI is
@@ -1374,12 +1430,12 @@ export function checkPolicyReaderTier2(baseDir, probes) {
  * Practically always present (POSIX requirement).
  *
  * 0.40.0 charter item 2 — conditional verdict, refined by codex
- * round 1 P2:
+ * round 1 P2 (0.40.0) and round 2 P2 (0.42.0):
  *   - awk present                                            → `pass`
  *   - awk absent AND Tier 2 reachable                        → `warn`
  *     (Tier 2 implies python3, which is a list-walker)
  *   - awk absent AND Tier 1 reachable AND a list walker
- *     (jq OR python3) is on PATH                             → `warn`
+ *     (jq OR full Tier-2 reachable) is usable                → `warn`
  *   - awk absent AND Tier 1 reachable BUT no list walker     → `fail`
  *     (codex round 1 P2 — list-valued policy reads silently
  *     fail-closed even though scalar reads work, so the
@@ -1398,9 +1454,29 @@ export function checkPolicyReaderTier2(baseDir, probes) {
  * functional box that has python3 + jq + the rea CLI all wired but
  * happens to lack awk.
  *
+ * List-iteration semantic (clarifying note for codex round 2 P2,
+ * 2026-05-16): `policy_reader_get_list` in
+ * `hooks/_lib/policy-reader.sh` walks the cached subtree JSON via
+ * `jq` OR `python3` (stdlib-only — `json` module, no PyYAML import).
+ * PyYAML is only needed for Tier 2 itself (YAML PARSING into JSON),
+ * NOT for iterating the already-parsed JSON arrays at list-read time.
+ *
+ * Codex round 5 P2 (2026-05-16): the "list walker" predicate uses
+ * `python3ListWalkerReachable` — an EXECUTION probe that actually
+ * spawns `python3 -c "import json"` — instead of `python3OnPath`. A
+ * PATH-only check passes for broken pyenv/asdf shims, dangling
+ * symlinks, and sandboxed environments where the interpreter cannot
+ * start; in those cases the shim's list-walker branch would actually
+ * fail and `blocked_paths`/`protected_writes` enforcement would
+ * silently break while doctor reported `warn`. The execution probe
+ * mirrors `defaultPython3PyYamlReachable` exactly but swaps the
+ * `import yaml` for `import json` so it's not gated on PyYAML
+ * availability (which is irrelevant to list iteration).
+ *
  * Takes `baseDir` so it can evaluate Tier 1's two-stage check (dist
- * present + CLI invokable) and Tier 2's reachability. Probes are
- * threaded through identically.
+ * present + CLI invokable), Tier 2's reachability, and the
+ * list-walker execution probe. All probes are threaded through
+ * identically.
  */
 export function checkPolicyReaderTier3(baseDir, probes) {
     const label = 'policy-reader Tier 3 (awk)';
@@ -1420,22 +1496,25 @@ export function checkPolicyReaderTier3(baseDir, probes) {
     // ladder would actually do at runtime.
     const tier1 = p.cliDistExists(baseDir) && p.cliInvokable(baseDir);
     const tier2 = p.python3OnPath() !== null && p.python3PyYamlReachable(baseDir);
-    // Codex round 1 P2 (2026-05-16): the downgrade-to-warn branch needs
-    // a list walker too. `policy_reader_get_list` (the helper that reads
-    // list-valued keys like `blocked_paths`) iterates the parsed JSON
-    // array via jq OR python3, falling back to Tier 3 awk for inline
-    // arrays. With awk gone AND no jq AND no python3, list-valued
-    // policy reads silently fail-closed even when Tier 1 is reachable —
-    // `blocked-paths-bash-gate.sh` etc. would see an EMPTY blocked-paths
-    // set and stop enforcing entries the operator declared. Pre-fix
-    // this concrete shape (cliInvokable + no python3 + no jq + no awk)
-    // returned `warn` and the doctor exited 0 on a broken install.
-    // Post-fix the downgrade requires a list walker; otherwise we stay
-    // on `fail`. Tier 2 implies python3 on PATH (the interpreter that
-    // ran PyYAML), so Tier 2 always brings list-walker support — no
-    // additional check needed for the Tier-2 branch.
-    const py = p.python3OnPath();
-    const listWalker = p.jqOnPath() !== null || py !== null;
+    // Codex round 1 P2 (0.40.0) + round 2 P2 corrected (0.42.0,
+    // 2026-05-16) + round 5 P2 (0.42.0, 2026-05-16): the
+    // downgrade-to-warn branch needs a list walker too.
+    // `policy_reader_get_list` iterates the parsed JSON array via jq
+    // OR python3. The python3 branch uses `json` from stdlib only —
+    // PyYAML is NOT required (it's only needed for Tier 2's YAML
+    // parsing step, which has already run by the time list iteration
+    // executes).
+    //
+    // Round 5 P2 hardening: the python3 leg of this predicate uses an
+    // EXECUTION probe (`python3ListWalkerReachable`), not just a PATH
+    // check. A `python3` symlink can resolve on PATH while the
+    // interpreter itself fails to start (dangling pyenv/asdf shim,
+    // sandboxed runner without dynamic libs, permission denied on the
+    // resolved binary). PATH-only would let doctor declare `warn` on
+    // a box where the shim's list walker would actually fail —
+    // silently breaking `blocked_paths` / `protected_writes`
+    // enforcement while doctor exits 0.
+    const listWalker = p.jqOnPath() !== null || p.python3ListWalkerReachable(baseDir);
     if (tier2 || (tier1 && listWalker)) {
         const reachable = [];
         if (tier1)
@@ -1451,21 +1530,43 @@ export function checkPolicyReaderTier3(baseDir, probes) {
                 'to restore the last-resort fallback.',
         };
     }
-    // Codex round 1 P2: separate "no list walker" diagnosis from the
-    // catastrophic "no tier at all" case. Tier 1 reachable but no jq
-    // AND no python3 AND no awk means list-valued policy reads
-    // fail-closed silently — distinct from the truly-empty
-    // no-CLI-no-python-no-awk shape, and worth a precise remediation.
+    // Codex round 1 P2 (0.40.0) + round 2 P2 (0.42.0): separate "no list
+    // walker" diagnosis from the catastrophic "no tier at all" case.
+    // Tier 1 reachable but no jq AND no python3 AND no awk means
+    // list-valued policy reads fail-closed silently — distinct from the
+    // truly-empty no-CLI-no-python-no-awk shape, and worth a precise
+    // remediation. The python3-as-list-walker signal is plain
+    // `python3OnPath` (the `json` module is stdlib — PyYAML is NOT
+    // required for list iteration).
     if (tier1) {
+        // 0.42.0 codex round 6 P3 (2026-05-16): distinguish "python3 not
+        // on PATH" from "python3 on PATH but execution fails". Pre-fix
+        // this branch always reported "python3 is not on PATH" even when
+        // a python3 binary was resolvable but a broken pyenv/asdf shim
+        // or sandboxed interpreter failed the execution probe — that
+        // sent operators toward the wrong remediation. Round 5 added
+        // the execution probe specifically to surface this case; the
+        // diagnostic needs to follow.
+        const pythonOnPath = p.python3OnPath();
+        const pythonState = pythonOnPath === null
+            ? 'python3 is not on PATH'
+            : `python3 at ${pythonOnPath} cannot execute \`import json\` (broken pyenv/asdf shim, ` +
+                'sandboxed interpreter, or permission-denied binary — fix the interpreter or ' +
+                'remove the shim)';
+        const remediation = pythonOnPath === null
+            ? 'Install awk OR jq OR python3 to restore list-iteration.'
+            : `Install awk OR jq, or repair the python3 interpreter at ${pythonOnPath}, ` +
+                'to restore list-iteration.';
         return {
             label,
             status: 'fail',
-            detail: 'awk not on PATH AND neither jq nor python3 is on PATH — Tier 1 (rea CLI) parses ' +
-                'flow-form scalars, but `policy_reader_get_list` cannot iterate list-valued keys ' +
-                '(e.g. `blocked_paths: [.env, ...]`) without jq, python3, OR awk to walk the ' +
-                'resulting JSON arrays. Affected hooks (`blocked-paths-bash-gate.sh`, ' +
-                '`blocked-paths-enforcer.sh`, …) see an EMPTY list and silently stop enforcing. ' +
-                'Install awk OR jq OR python3 to restore list-iteration.',
+            detail: `awk not on PATH AND jq is not on PATH AND ${pythonState} — ` +
+                'Tier 1 (rea CLI) parses flow-form scalars, but `policy_reader_get_list` ' +
+                'cannot iterate list-valued keys (e.g. `blocked_paths: [.env, ...]`) ' +
+                'without jq OR python3 OR awk to walk the resulting JSON arrays. ' +
+                'Affected hooks (`blocked-paths-bash-gate.sh`, ' +
+                `\`blocked-paths-enforcer.sh\`, …) see an EMPTY list and silently stop ` +
+                `enforcing. ${remediation}`,
         };
     }
     return {
@@ -1542,11 +1643,14 @@ export function checkPolicyReaderTierSummary(baseDir, probes) {
     const tier2 = py !== null && p.python3PyYamlReachable(baseDir);
     const tier3 = p.awkOnPath() !== null;
     const jq = p.jqOnPath();
-    // List iteration after Tier 1/2 needs jq OR python3 to walk the
-    // JSON. Tier 2 implies python3 on PATH (the interpreter that ran
-    // the loader); so the only "lists broken" shape is Tier 1 reachable
-    // but neither jq nor python3 on PATH.
-    const listWalker = jq !== null || py !== null;
+    // 0.42.0 codex round 5 P2 (2026-05-16): list iteration after Tier
+    // 1/2 needs jq OR a python3 that can ACTUALLY execute (not just
+    // resolve on PATH). The execution probe catches the broken-shim
+    // case where `python3` resolves but the interpreter cannot start —
+    // PATH-only would falsely declare the list walker "usable" on a
+    // box where the shim's python3 branch will fall through to Tier 3
+    // and silently miss flow-form arrays.
+    const listWalker = jq !== null || p.python3ListWalkerReachable(baseDir);
     const reachable = [];
     if (tier1)
         reachable.push('Tier 1 (CLI)');

package/dist/cli/upgrade-check.d.ts

@@ -97,6 +97,24 @@ export interface UpgradeCheckFile {
      *  row (e.g. "removed-upstream — kept by default unless --force"). */
     note?: string;
 }
+/**
+ * 0.42.0 charter item 2 — surface the same settings-schema validation
+ * the real upgrade flow runs. `runUpgrade` calls `validateSettings`
+ * on the merged result and refuses the write (throws) when it fails;
+ * pre-0.42.0 `rea upgrade --check` never invoked that check, so a
+ * preview could promise a write that the real upgrade would refuse.
+ *
+ *   - `parsed: true` — schema validation succeeded; `errors` is empty.
+ *     The real upgrade WOULD write the merged settings on demand.
+ *   - `parsed: false` — schema validation failed. `errors` carries the
+ *     same zod-issue strings `runUpgrade` would surface in its throw
+ *     message. The real upgrade would refuse and leave settings.json
+ *     untouched.
+ */
+export interface UpgradeCheckSettingsValidation {
+    parsed: boolean;
+    errors: string[];
+}
 export interface UpgradeCheckPlan {
     schema_version: typeof UPGRADE_CHECK_SCHEMA_VERSION;
     rea_version: string;
@@ -112,6 +130,26 @@ export interface UpgradeCheckPlan {
         removed_upstream: number;
     };
     files: UpgradeCheckFile[];
+    /** 0.42.0 — schema-validation outcome on the merged settings.json
+     *  the real `rea upgrade` would write. `null` when the synthetic
+     *  settings classification did not produce a merged result (should
+     *  not happen in practice; defensive). */
+    settings_validation: UpgradeCheckSettingsValidation | null;
+    /**
+     * 0.42.0 codex round 3 P2 (2026-05-16) — top-level "preview = real"
+     * verdict. `true` when `rea upgrade` would actually start mutating
+     * the install; `false` when the new pre-flight (settings-validation)
+     * gate would refuse the upgrade before any file is written.
+     *
+     * Why this matters: `counts` + `files` still describe what WOULD be
+     * written if validation passed (operators want the diff so they can
+     * fix the underlying invalid setting and see the upgrade preview in
+     * one shot). But CI and automation consuming the JSON need a single
+     * unambiguous signal that the real upgrade will write nothing in
+     * the current state. Use `would_apply` as that signal; treat
+     * `files[]` + `counts` as conditional on `would_apply === true`.
+     */
+    would_apply: boolean;
 }
 export interface ComputeUpgradeCheckOptions {
     /** Defaults to `process.cwd()`. */

package/dist/cli/upgrade-check.js

@@ -65,6 +65,7 @@ import { manifestExists, readManifest } from './install/manifest-io.js';
 import { sha256OfBuffer, sha256OfFile } from './install/sha.js';
 import { diffUnified, DIFF_TOO_LARGE_NOTICE } from './install/unified-diff.js';
 import { loadPolicy } from '../policy/loader.js';
+import { validateSettings } from '../config/settings-schema.js';
 import { err, getPkgVersion, log } from './utils.js';
 /** Hard cap on the diff input size. Mirrors `DIFF_SIZE_CAP_BYTES` in
  *  upgrade.ts so the two preview surfaces agree on the "too big to
@@ -288,6 +289,11 @@ async function classifyClaudeMd(resolvedRoot, includeDiffs) {
  * upgrade flow, we prune known-stale hook tokens BEFORE merging the
  * default-desired hook set — the order matters so the merge sees a
  * clean baseline.
+ *
+ * 0.42.0 — also returns the merged object so the caller can run the
+ * same `validateSettings` check the real `runUpgrade` runs. We hand
+ * back the merged shape directly (not the file rendering) so the
+ * caller can decide whether to thread it into the schema check.
  */
 async function classifySettings(resolvedRoot, includeDiffs) {
     const desired = defaultDesiredHooks();
@@ -344,7 +350,7 @@ async function classifySettings(resolvedRoot, includeDiffs) {
             Object.assign(file, safeDiff(oldText, newText, file.path));
         }
     }
-    return file;
+    return { file, merged: mergeResult.merged };
 }
 /**
  * Build a `removed_upstream` entry from a manifest record that has no
@@ -480,14 +486,37 @@ export async function computeUpgradeCheck(options = {}) {
         }
     }
     // Synthetic entries.
-    const settingsFile = await classifySettings(resolvedRoot, includeDiffs);
-    files.push(settingsFile);
+    const settingsClassification = await classifySettings(resolvedRoot, includeDiffs);
+    files.push(settingsClassification.file);
     const claudeMd = await classifyClaudeMd(resolvedRoot, includeDiffs);
     if (claudeMd !== null)
         files.push(claudeMd);
     const gitignoreFile = await classifyGitignore(resolvedRoot, includeDiffs);
     if (gitignoreFile !== null)
         files.push(gitignoreFile);
+    // 0.42.0 charter item 2 — schema-validate the merged settings the
+    // real `runUpgrade` would write. `runUpgrade` calls `validateSettings`
+    // (non-strict, matching the upgrade flow's posture) and throws when
+    // the merged result fails — refusing the write. Pre-0.42.0 the
+    // preview never ran this check, so the planner could promise a write
+    // that the real upgrade would refuse. Reproduce the exact validation
+    // shape here so the JSON `settings_validation` field is byte-for-byte
+    // what `runUpgrade` would see.
+    const validation = validateSettings(settingsClassification.merged, { strict: false });
+    const settingsValidation = {
+        parsed: validation.parsed,
+        errors: validation.errors,
+    };
+    // If validation failed, annotate the settings file row so the
+    // human-readable rendering surfaces the refusal alongside the count
+    // table (operators reading the table without scrolling to the
+    // footer still see the warning). Note appends rather than overwrites
+    // so the existing merge / prune annotations remain visible.
+    if (!validation.parsed) {
+        const refusalNote = `WOULD REFUSE: schema validation failed — ${validation.errors.join('; ')}`;
+        const f = settingsClassification.file;
+        f.note = f.note !== undefined ? `${f.note}; ${refusalNote}` : refusalNote;
+    }
     // Stable sort: action priority (modified → created → removed_upstream
     // → unchanged) then path. Operators reviewing the table want to see
     // the changed entries first.
@@ -513,6 +542,13 @@ export async function computeUpgradeCheck(options = {}) {
         bootstrap: isBootstrap,
         counts,
         files,
+        settings_validation: settingsValidation,
+        // Codex round 3 P2 (2026-05-16): mirror runUpgrade's pre-flight
+        // gate. `would_apply` is true when the real upgrade would actually
+        // start mutating disk — currently the only gate is settings-schema
+        // validation, but more pre-flight checks may land in future
+        // releases (in which case they get ANDed in here).
+        would_apply: settingsValidation.parsed,
     };
 }
 /**
@@ -528,8 +564,20 @@ export function renderUpgradeCheck(plan) {
         lines.push(`  bootstrap mode: no install-manifest found yet`);
     }
     lines.push('');
+    // Codex round 3 P2 (2026-05-16): when a pre-flight gate would
+    // refuse the upgrade, the counts/files below describe what WOULD
+    // happen if the gate passed — but `rea upgrade` will actually
+    // write nothing in the current state. Lead with that banner so
+    // operators don't read the summary table as a promise of action.
+    if (!plan.would_apply) {
+        lines.push('BLOCKED — `rea upgrade` would refuse to apply this plan in its current state. ' +
+            'The summary below describes the would-be plan IF the refusal were fixed first; ' +
+            'the real upgrade writes nothing until the refusal clears.');
+        lines.push('');
+    }
     const totalChanges = plan.counts.created + plan.counts.modified + plan.counts.removed_upstream;
-    lines.push(`Summary — ${String(totalChanges)} planned change(s):`);
+    const summaryLabel = plan.would_apply ? 'planned change(s)' : 'change(s) blocked by refusal';
+    lines.push(`Summary — ${String(totalChanges)} ${summaryLabel}:`);
     lines.push(`  created:          ${String(plan.counts.created)}`);
     lines.push(`  modified:         ${String(plan.counts.modified)}`);
     lines.push(`  removed-upstream: ${String(plan.counts.removed_upstream)}`);
@@ -538,6 +586,17 @@ export function renderUpgradeCheck(plan) {
     if (totalChanges === 0) {
         lines.push('No changes — your install is already in sync with this rea version.');
         lines.push('');
+        // 0.42.0 — even with zero planned changes, surface a validation
+        // failure here so an operator doesn't see "in sync" and miss the
+        // settings refusal.
+        if (plan.settings_validation !== null && !plan.settings_validation.parsed) {
+            lines.push('WARNING: `rea upgrade` would REFUSE to run — the merged ' +
+                '.claude/settings.json would fail schema validation:');
+            for (const e of plan.settings_validation.errors) {
+                lines.push(`  - ${e}`);
+            }
+            lines.push('');
+        }
         return lines.join('\n');
     }
     // Per-file detail — skip `unchanged` entries.
@@ -545,7 +604,12 @@ export function renderUpgradeCheck(plan) {
         if (file.action === 'unchanged')
             continue;
         const marker = file.action === 'created' ? '+' : file.action === 'removed_upstream' ? '-' : '~';
-        const label = file.action === 'removed_upstream' ? 'removed-upstream' : file.action;
+        const baseLabel = file.action === 'removed_upstream' ? 'removed-upstream' : file.action;
+        // Codex round 3 P2 (2026-05-16): when a refusal is active, every
+        // would-be-mutated file row gets a BLOCKED suffix so a quick scroll
+        // through the per-file detail cannot miss the fact that no write
+        // will happen until the refusal clears.
+        const label = plan.would_apply ? baseLabel : `${baseLabel} (BLOCKED — refusal active)`;
         const syntheticTag = file.synthetic !== undefined ? ` [${file.synthetic}]` : '';
         lines.push(`${marker} ${file.path}${syntheticTag} — ${label}`);
         if (file.note !== undefined)
@@ -572,8 +636,30 @@ export function renderUpgradeCheck(plan) {
         }
         lines.push('');
     }
-    lines.push('No changes were written. Run `rea upgrade` (without --check) to apply.');
-    lines.push('');
+    // 0.42.0 — surface settings-schema validation outcome alongside the
+    // footer. When the merged settings would fail validation, `rea
+    // upgrade` would refuse to start at all (codex round 2 P2 moved the
+    // validation to a pre-flight check BEFORE any file writes); we
+    // report that here so consumers can fix policy + settings before
+    // invoking the real upgrade.
+    if (plan.settings_validation !== null && !plan.settings_validation.parsed) {
+        lines.push('');
+        lines.push('WARNING: `rea upgrade` would REFUSE to run — the merged ' +
+            '.claude/settings.json would fail schema validation:');
+        for (const e of plan.settings_validation.errors) {
+            lines.push(`  - ${e}`);
+        }
+        lines.push('No files will be written by `rea upgrade` while this is true — the ' +
+            'pre-flight check runs before any canonical hook or agent file is ' +
+            'installed AND before the 0.11.0 .rea/policy.yaml migration, so your ' +
+            'existing install stays untouched. Fix the settings entries flagged ' +
+            'above and re-run `rea upgrade --check`.');
+        lines.push('');
+    }
+    else {
+        lines.push('No changes were written. Run `rea upgrade` (without --check) to apply.');
+        lines.push('');
+    }
     return lines.join('\n');
 }
 /**

package/dist/cli/upgrade.js

@@ -460,10 +460,52 @@ export async function runUpgrade(options = {}) {
     if (options.force === true && !dryRun) {
         warn('--force: overwriting locally-modified files and deleting removed-upstream entries without prompt.');
     }
+    // 0.42.0 codex round 2 P2 (2026-05-16): pre-flight the merged
+    // settings validation BEFORE any file writes happen. Pre-correction,
+    // `upgradeSettings` ran AFTER the canonical-file write loop and only
+    // then validated the merged result; throwing here meant canonical
+    // hook + agent files had already been written to disk, breaking
+    // `rea upgrade --check`'s implicit "preview = real" contract (the
+    // check footer correctly claimed validation would refuse, but did
+    // not warn that hook files would still be written first).
+    //
+    // Codex round 2 P2 (2026-05-16, follow-up): this MUST run before
+    // `migrateReviewPolicyFor0110` as well — the 0.11.0 policy migration
+    // rewrites `.rea/policy.yaml` and creates a `policy.yaml.bak-*`
+    // sibling. If the pre-flight runs after that migration, the
+    // "no files have been written" claim in the refusal message
+    // becomes false for pre-0.11 consumers with malformed settings.
+    // Ordering: pre-flight FIRST, then migration, then canonical
+    // enumeration + write loop.
+    //
+    // The pre-flight reuses the same helpers as `upgradeSettings` —
+    // `readSettings` / `pruneHookCommands` / `mergeSettings` /
+    // `validateSettings` are all pure functions over existing on-disk
+    // state and `defaultDesiredHooks()`, so running them twice is
+    // cheap (microseconds — single JSON parse + small object merge)
+    // and the second run inside `upgradeSettings` re-derives the same
+    // result before writing. Atomicity guarantee: if validation fails,
+    // `runUpgrade` aborts here with ZERO mutations to disk.
+    {
+        const desired = defaultDesiredHooks();
+        const { settings: existingSettings } = readSettings(resolvedRoot);
+        const pruned = pruneHookCommands(existingSettings, STALE_HOOK_COMMAND_TOKENS);
+        const mergeResult = mergeSettings(pruned.merged, desired);
+        const validation = validateSettings(mergeResult.merged);
+        if (!validation.parsed) {
+            throw new Error(`rea upgrade: refusing to start because the merged .claude/settings.json would ` +
+                `fail schema validation. This is a safety guardrail — no files have been written ` +
+                `(including no .rea/policy.yaml 0.11.0 migration). Your existing install is ` +
+                `unchanged. zod errors: ${validation.errors.join('; ')}`);
+        }
+    }
     // 0.11.0 migration — strip removed review.* fields and backfill the new
     // concerns_blocks default. Runs before canonical file reconciliation so a
     // policy that fails strict schema load (which happens on upgrade from
     // 0.10.x the moment we re-read `.rea/policy.yaml`) is cleaned up first.
+    // 0.42.0 round 2 P2 follow-up: ordered AFTER the pre-flight validation
+    // above so a settings-validation refusal does not leave a half-migrated
+    // .rea/policy.yaml + backup behind.
     await migrateReviewPolicyFor0110(resolvedRoot, { dryRun });
     const canonicalFiles = await enumerateCanonicalFiles();
     if (canonicalFiles.length === 0) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bookedsolid/rea",
-  "version": "0.41.0",
+  "version": "0.42.0",
   "description": "Agentic governance layer for Claude Code — policy enforcement, hook-based safety gates, audit logging, and Codex-integrated adversarial review for AI-assisted projects",
   "license": "MIT",
   "author": "Booked Solid Technology <oss@bookedsolid.tech> (https://bookedsolid.tech)",