@chrisdudek/yg 5.0.0 → 5.0.1

package/dist/bin.js

@@ -6,7 +6,7 @@ import { Command as Command2 } from "commander";
 // src/cli/init.ts
 import chalk2 from "chalk";
 import { existsSync as existsSync2 } from "fs";
-import { mkdir as mkdir3, writeFile as writeFile4, readdir as readdir3, readFile as readFile10, stat as stat3 } from "fs/promises";
+import { mkdir as mkdir3, writeFile as writeFile4, readdir as readdir3, readFile as readFile11, stat as stat3 } from "fs/promises";
 import path13 from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import * as p from "@clack/prompts";
@@ -145,7 +145,7 @@ Fix a refusal in one of two ways: declare the relation in the node's \`yg-node.y
 
 ### Verification and the lock
 
-A verdict is valid exactly while the inputs that produced it hash to the stored value. Any input change \u2014 an edited subject file, an edited \`content.md\` / \`check.mjs\`, an edited \`scope\`, a tier change \u2014 makes the pair **unverified**, and \`yg check --approve\` re-verifies it. (A status flip is NOT an input \u2014 it never invalidates a verdict.) States are: **verified / unverified / refused**.
+A verdict is valid exactly while the inputs that produced it hash to the stored value. Any input change \u2014 an edited subject file, an edited \`content.md\` / \`check.mjs\`, an edited \`scope\`, or a change to which named tier the aspect uses \u2014 makes the pair **unverified**, and \`yg check --approve\` re-verifies it. (A status flip is NOT an input, and neither is a tier's underlying config \u2014 only the tier NAME folds in, so swapping the model or provider behind a named tier never invalidates a verdict.) States are: **verified / unverified / refused**.
 
 \`yg check\` writes nothing and makes no LLM calls: it re-hashes each lock verdict and reports (on plain \`yg check\` it never runs an aspect reviewer or a deterministic \`check.mjs\`), and it runs the built-in relation-conformance check live (parse + resolve). So CI runs it cheap and keyless. \`yg check --approve\` fills the unverified pairs and then reports.
 
@@ -473,7 +473,7 @@ context.
 
 **Flow** \u2014 when you see a sequence of steps toward a business goal. Not code call sequences \u2014 real-world processes. "User places an order" = flow. "Handler calls service" = relation between nodes. Read \`schemas/yg-flow.yaml\` and \`yg knowledge read flows\` before creating.
 
-**Node** \u2014 one per cohesive feature area. Not per directory, not per file. If a node covers >3 distinct workflows, split into children. Size is bounded by the reviewer prompt, not the node: an LLM aspect assembles its content.md, references, and the unit's subject files into one prompt, checked against the resolved tier's \`max_prompt_chars\`. Exceeding it is a blocking \`prompt-too-large\` error naming the pair, with remedies in safety order: narrow \`scope.files\` (when the overflow is non-target payload), switch the aspect to \`per: file\` (ONLY if the rule is file-local), split the node, or raise the limit / move to a higher tier (a tier edit cascades re-verification across every aspect on that tier). Deterministic checks read files programmatically with no prompt and are never subject to the gate. Read \`schemas/yg-node.yaml\` before creating.
+**Node** \u2014 one per cohesive feature area. Not per directory, not per file. If a node covers >3 distinct workflows, split into children. Size is bounded by the reviewer prompt, not the node: an LLM aspect assembles its content.md, references, and the unit's subject files into one prompt, checked against the resolved tier's \`max_prompt_chars\`. Exceeding it is a blocking \`prompt-too-large\` error naming the pair, with remedies in safety order: narrow \`scope.files\` (when the overflow is non-target payload), switch the aspect to \`per: file\` (ONLY if the rule is file-local), split the node, or raise the limit / move to a higher-capability tier (re-pointing an aspect to a different named tier re-verifies that aspect's pairs; editing a tier's own config does not \u2014 only the tier name is a verdict input). Deterministic checks read files programmatically with no prompt and are never subject to the gate. Read \`schemas/yg-node.yaml\` before creating.
 
 **Port / relation** \u2014 when a critical aspect must cross a node boundary, or when a new typed dependency is needed. Bare relations do NOT propagate aspects; ports do. Six relation types exist (\`calls\`, \`uses\`, \`extends\`, \`implements\`, \`emits\`, \`listens\`); event relations must be paired. Deep dive: \`yg knowledge read ports-and-relations\`.
 
@@ -1129,9 +1129,16 @@ async function testOllama(model, endpoint) {
     body: JSON.stringify({
       model,
       messages: [{ role: "user", content: "Respond with OK" }],
-      stream: false
+      stream: false,
+      // Mirror the real reviewer (OllamaProvider.verifyAspect): disable the
+      // model's reasoning trace so a "thinking" model does not burn the probe
+      // on a long chain-of-thought for a trivial prompt.
+      think: false
     }),
-    signal: AbortSignal.timeout(15e3)
+    // A large local model is cold-loaded from disk on the first request; 15s was
+    // too tight and produced false "connection failed" on working setups. Match
+    // the real reviewer's tolerance (apiFetch default).
+    signal: AbortSignal.timeout(6e4)
   });
   if (!res.ok) {
     const msg = `HTTP ${res.status} ${res.statusText}`;
@@ -1287,9 +1294,9 @@ import path10 from "path";
 import { gt as gt3, lt, valid as valid3 } from "semver";
 
 // src/io/config-parser.ts
-import { readFile as readFile3 } from "fs/promises";
+import { readFile as readFile4 } from "fs/promises";
 import path4 from "path";
-import { parse as parseYaml2 } from "yaml";
+import { parse as parseYaml3 } from "yaml";
 
 // src/utils/known-providers.ts
 var KNOWN_PROVIDERS = [
@@ -1303,6 +1310,39 @@ var KNOWN_PROVIDERS = [
   "gemini-cli"
 ];
 
+// src/io/secrets-parser.ts
+import { readFile as readFile3 } from "fs/promises";
+import { join } from "path";
+import { parse as parseYaml2 } from "yaml";
+function isPlainObject(v) {
+  return typeof v === "object" && v !== null && !Array.isArray(v);
+}
+function deepMerge(base, overlay) {
+  const out = { ...base };
+  for (const [key, ov] of Object.entries(overlay)) {
+    const bv = out[key];
+    out[key] = isPlainObject(bv) && isPlainObject(ov) ? deepMerge(bv, ov) : ov;
+  }
+  return out;
+}
+async function loadConfigOverlay(yggRoot) {
+  let content14;
+  try {
+    content14 = await readFile3(join(yggRoot, "yg-secrets.yaml"), "utf-8");
+  } catch (err) {
+    debugWrite(`[secrets-parser] readFile: ${err.message}`);
+    return void 0;
+  }
+  const raw = parseYaml2(content14);
+  if (raw === null || raw === void 0) return void 0;
+  if (typeof raw !== "object" || Array.isArray(raw)) {
+    throw new Error(
+      "yg-secrets.yaml: top level must be a YAML mapping (it is a deep-merge overlay over yg-config.yaml)"
+    );
+  }
+  return raw;
+}
+
 // src/io/config-parser.ts
 var ConfigParseError = class extends Error {
   constructor(messageData, code) {
@@ -1371,15 +1411,17 @@ var PROVIDER_DEFAULTS = {
 };
 async function parseConfig(filePath) {
   const filename = path4.basename(filePath);
-  const content14 = await readFile3(filePath, "utf-8");
-  const raw = parseYaml2(content14);
-  if (!raw || typeof raw !== "object") {
+  const content14 = await readFile4(filePath, "utf-8");
+  const baseRaw = parseYaml3(content14);
+  if (!baseRaw || typeof baseRaw !== "object") {
     throw new ConfigParseError({
       what: `${filename} is empty or not a valid YAML mapping`,
       why: "the top-level structure must be a YAML mapping with keys like reviewer, quality, parallel",
       next: "restore the file from version control, or regenerate it via `yg init`"
     }, "config-invalid");
   }
+  const overlay = await loadConfigOverlay(path4.dirname(filePath));
+  const raw = overlay ? deepMerge(baseRaw, overlay) : baseRaw;
   const version = typeof raw.version === "string" ? raw.version.trim() : void 0;
   const qualityRaw = raw.quality;
   if (qualityRaw !== void 0 && (typeof qualityRaw !== "object" || Array.isArray(qualityRaw))) {
@@ -1608,8 +1650,8 @@ function parseTier(name, raw, filename) {
 }
 
 // src/io/node-parser.ts
-import { readFile as readFile4 } from "fs/promises";
-import { parse as parseYaml3 } from "yaml";
+import { readFile as readFile5 } from "fs/promises";
+import { parse as parseYaml4 } from "yaml";
 
 // src/model/graph.ts
 var STATUS_ORDER = {
@@ -1867,8 +1909,8 @@ function isValidRelationType(t) {
   return typeof t === "string" && RELATION_TYPES2.includes(t);
 }
 async function parseNodeYaml(filePath) {
-  const content14 = await readFile4(filePath, "utf-8");
-  const raw = parseYaml3(content14);
+  const content14 = await readFile5(filePath, "utf-8");
+  const raw = parseYaml4(content14);
   if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
     throw new Error(`yg-node.yaml at ${filePath}: file is empty or not a valid YAML mapping`);
   }
@@ -2058,12 +2100,12 @@ function parsePorts(rawPorts, filePath) {
 }
 
 // src/io/aspect-parser.ts
-import { readFile as readFile6 } from "fs/promises";
+import { readFile as readFile7 } from "fs/promises";
 import path6 from "path";
-import { parse as parseYaml4 } from "yaml";
+import { parse as parseYaml5 } from "yaml";
 
 // src/io/artifact-reader.ts
-import { readFile as readFile5, readdir as readdir2 } from "fs/promises";
+import { readFile as readFile6, readdir as readdir2 } from "fs/promises";
 import path5 from "path";
 async function readArtifacts(dirPath, excludeFiles = ["yg-node.yaml"], includeFiles) {
   let entries;
@@ -2080,7 +2122,7 @@ async function readArtifacts(dirPath, excludeFiles = ["yg-node.yaml"], includeFi
     if (excludeFiles.includes(entry.name)) continue;
     if (includeSet && !includeSet.has(entry.name)) continue;
     const filePath = path5.join(dirPath, entry.name);
-    const content14 = await readFile5(filePath, "utf-8");
+    const content14 = await readFile6(filePath, "utf-8");
     artifacts.push({ filename: entry.name, content: content14 });
   }
   artifacts.sort((a, b) => a.filename.localeCompare(b.filename));
@@ -2227,8 +2269,8 @@ async function parseAspect(aspectDir, aspectYamlPath, id) {
       }]
     };
   }
-  const content14 = await readFile6(aspectYamlPath, "utf-8");
-  const raw = parseYaml4(content14);
+  const content14 = await readFile7(aspectYamlPath, "utf-8");
+  const raw = parseYaml5(content14);
   if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
     return {
       ok: false,
@@ -2719,12 +2761,12 @@ function parseScope(rawScope, aspectId, aspectYamlPath, reviewerType) {
 }
 
 // src/io/flow-parser.ts
-import { readFile as readFile7 } from "fs/promises";
+import { readFile as readFile8 } from "fs/promises";
 import path7 from "path";
-import { parse as parseYaml5 } from "yaml";
+import { parse as parseYaml6 } from "yaml";
 async function parseFlow(flowDir, flowYamlPath) {
-  const content14 = await readFile7(flowYamlPath, "utf-8");
-  const raw = parseYaml5(content14);
+  const content14 = await readFile8(flowYamlPath, "utf-8");
+  const raw = parseYaml6(content14);
   if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
     throw new Error(`yg-flow.yaml at ${flowYamlPath}: file is empty or not a valid YAML mapping`);
   }
@@ -2780,13 +2822,13 @@ async function parseFlow(flowDir, flowYamlPath) {
 }
 
 // src/io/schema-parser.ts
-import { readFile as readFile8 } from "fs/promises";
+import { readFile as readFile9 } from "fs/promises";
 import path8 from "path";
-import { parse as parseYaml6 } from "yaml";
+import { parse as parseYaml7 } from "yaml";
 async function parseSchema(filePath) {
   const filename = path8.basename(filePath);
-  const content14 = await readFile8(filePath, "utf-8");
-  const raw = parseYaml6(content14);
+  const content14 = await readFile9(filePath, "utf-8");
+  const raw = parseYaml7(content14);
   if (raw != null && (typeof raw !== "object" || Array.isArray(raw))) {
     throw new Error(`${filename} at ${filePath}: expected YAML mapping or empty document`);
   }
@@ -2796,12 +2838,12 @@ async function parseSchema(filePath) {
 }
 
 // src/io/architecture-parser.ts
-import { readFile as readFile9 } from "fs/promises";
-import { parse as parseYaml7 } from "yaml";
+import { readFile as readFile10 } from "fs/promises";
+import { parse as parseYaml8 } from "yaml";
 var VALID_RELATION_TYPES = /* @__PURE__ */ new Set(["uses", "calls", "extends", "implements", "emits", "listens"]);
 async function parseArchitecture(filePath) {
-  const content14 = await readFile9(filePath, "utf-8");
-  const raw = parseYaml7(content14);
+  const content14 = await readFile10(filePath, "utf-8");
+  const raw = parseYaml8(content14);
   if (raw && (typeof raw !== "object" || Array.isArray(raw))) {
     throw new Error(`yg-architecture.yaml: file must be a YAML mapping (or empty/omitted)`);
   }
@@ -3350,7 +3392,7 @@ function readLock(yggRoot) {
     nodes: obj.nodes
   };
 }
-function isPlainObject(value) {
+function isPlainObject2(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
 function throwMalformed(detail) {
@@ -3365,19 +3407,19 @@ function validateLockShape(obj) {
   for (const key of Object.keys(obj)) {
     if (!TOP_KEYS.has(key)) throwMalformed(`unexpected top-level key "${key}" (allowed: version, verdicts, nodes)`);
   }
-  if (!isPlainObject(obj.verdicts)) {
+  if (!isPlainObject2(obj.verdicts)) {
     throwMalformed('"verdicts" must be a JSON object (found ' + describe(obj.verdicts) + ")");
   }
   for (const aspectId of Object.keys(obj.verdicts)) {
     const unitMap = obj.verdicts[aspectId];
-    if (!isPlainObject(unitMap)) {
+    if (!isPlainObject2(unitMap)) {
       throwMalformed(`"verdicts.${aspectId}" must be a JSON object (found ${describe(unitMap)})`);
     }
     for (const unitKey of Object.keys(unitMap)) {
       validateVerdictEntry(unitMap[unitKey], `verdicts.${aspectId}.${unitKey}`);
     }
   }
-  if (!isPlainObject(obj.nodes)) {
+  if (!isPlainObject2(obj.nodes)) {
     throwMalformed('"nodes" must be a JSON object (found ' + describe(obj.nodes) + ")");
   }
   for (const nodePath of Object.keys(obj.nodes)) {
@@ -3385,7 +3427,7 @@ function validateLockShape(obj) {
   }
 }
 function validateVerdictEntry(entry, at) {
-  if (!isPlainObject(entry)) throwMalformed(`"${at}" must be a JSON object (found ${describe(entry)})`);
+  if (!isPlainObject2(entry)) throwMalformed(`"${at}" must be a JSON object (found ${describe(entry)})`);
   const ENTRY_KEYS = /* @__PURE__ */ new Set(["verdict", "hash", "reason", "touched"]);
   for (const key of Object.keys(entry)) {
     if (!ENTRY_KEYS.has(key)) throwMalformed(`"${at}" has unexpected key "${key}" (allowed: verdict, hash, reason, touched)`);
@@ -3412,7 +3454,7 @@ function validateVerdictEntry(entry, at) {
   }
 }
 function validateNodeEntry(entry, at) {
-  if (!isPlainObject(entry)) throwMalformed(`"${at}" must be a JSON object (found ${describe(entry)})`);
+  if (!isPlainObject2(entry)) throwMalformed(`"${at}" must be a JSON object (found ${describe(entry)})`);
   const NODE_KEYS = /* @__PURE__ */ new Set(["source", "log"]);
   for (const key of Object.keys(entry)) {
     if (!NODE_KEYS.has(key)) throwMalformed(`"${at}" has unexpected key "${key}" (allowed: source, log)`);
@@ -3421,7 +3463,7 @@ function validateNodeEntry(entry, at) {
     throwMalformed(`"${at}.source" must be a string when present (found ${describe(entry.source)})`);
   }
   if (entry.log !== void 0) {
-    if (!isPlainObject(entry.log)) {
+    if (!isPlainObject2(entry.log)) {
       throwMalformed(`"${at}.log" must be a JSON object when present (found ${describe(entry.log)})`);
     }
     const LOG_KEYS = /* @__PURE__ */ new Set(["last_entry_datetime", "prefix_hash"]);
@@ -3575,11 +3617,6 @@ function getPackageRoot() {
 function getGraphSchemasDir() {
   return path13.join(getPackageRoot(), "graph-schemas");
 }
-async function getCliVersion() {
-  const pkgPath = path13.join(getPackageRoot(), "package.json");
-  const pkg2 = JSON.parse(await readFile10(pkgPath, "utf-8"));
-  return pkg2.version;
-}
 async function refreshSchemas(yggRoot) {
   const schemasDir = path13.join(yggRoot, "schemas");
   await mkdir3(schemasDir, { recursive: true });
@@ -3589,7 +3626,7 @@ async function refreshSchemas(yggRoot) {
     const schemaFiles = entries.filter((e) => e.isFile()).map((e) => e.name);
     for (const file of schemaFiles) {
       const srcPath = path13.join(graphSchemasDir, file);
-      const content14 = await readFile10(srcPath, "utf-8");
+      const content14 = await readFile11(srcPath, "utf-8");
       await writeFile4(path13.join(schemasDir, file), content14, "utf-8");
     }
   } catch (e) {
@@ -3610,7 +3647,7 @@ async function ensureGitattributes(repoRoot) {
   const gaPath = path13.join(repoRoot, ".gitattributes");
   let existing;
   try {
-    existing = await readFile10(gaPath, "utf-8");
+    existing = await readFile11(gaPath, "utf-8");
   } catch (e) {
     if (e.code !== "ENOENT") throw e;
     debugWrite(`[init] ensureGitattributes: ${gaPath} not found (ENOENT), will create`);
@@ -3636,7 +3673,7 @@ async function ensureYggdrasilGitignore(yggRoot) {
   const giPath = path13.join(yggRoot, ".gitignore");
   let existing;
   try {
-    existing = await readFile10(giPath, "utf-8");
+    existing = await readFile11(giPath, "utf-8");
   } catch (e) {
     if (e.code !== "ENOENT") throw e;
     debugWrite(`[init] ensureYggdrasilGitignore: ${giPath} not found (ENOENT), will create`);
@@ -3825,7 +3862,7 @@ async function writeReviewerConfig(yggRoot, config) {
   const configPath = path13.join(yggRoot, "yg-config.yaml");
   let raw = {};
   try {
-    const content14 = await readFile10(configPath, "utf-8");
+    const content14 = await readFile11(configPath, "utf-8");
     raw = yamlParse(content14) ?? {};
   } catch (err) {
     const e = err;
@@ -3857,7 +3894,7 @@ async function writeSecretsFile(yggRoot, provider, apiKey) {
   const secretsPath = path13.join(yggRoot, "yg-secrets.yaml");
   let raw = {};
   try {
-    const content14 = await readFile10(secretsPath, "utf-8");
+    const content14 = await readFile11(secretsPath, "utf-8");
     raw = yamlParse(content14) ?? {};
   } catch (err) {
     const e = err;
@@ -3919,7 +3956,7 @@ async function createYggdrasilStructure(projectRoot, yggRoot, platform) {
     const schemaFiles = entries.filter((e) => e.isFile()).map((e) => e.name);
     for (const file of schemaFiles) {
       const srcPath = path13.join(graphSchemasDir, file);
-      const content14 = await readFile10(srcPath, "utf-8");
+      const content14 = await readFile11(srcPath, "utf-8");
       await writeFile4(path13.join(schemasDir, file), content14, "utf-8");
     }
   } catch (err) {
@@ -3966,9 +4003,8 @@ async function existingInit(projectRoot) {
   }
   p.intro(chalk2.bold("Yggdrasil Configuration"));
   const currentVersion = await detectVersion(yggRoot);
-  const cliVersion = await getCliVersion();
-  if (currentVersion && currentVersion !== cliVersion) {
-    p.log.step(`Graph version ${currentVersion} detected \u2014 CLI is ${cliVersion}. Upgrade required.`);
+  if (currentVersion && currentVersion !== CLI_SUPPORTED_SCHEMA) {
+    p.log.step(`Graph schema ${currentVersion} detected \u2014 this CLI uses schema ${CLI_SUPPORTED_SCHEMA}. Upgrade required.`);
     p.log.info("Select the agent platform so rules and schemas advance together.");
     const platform = await promptPlatform();
     const s = p.spinner();
@@ -4994,7 +5030,7 @@ function formatFileContext(data) {
 }
 
 // src/io/file-content-cache.ts
-import { readFile as readFile11, stat as stat4 } from "fs/promises";
+import { readFile as readFile12, stat as stat4 } from "fs/promises";
 var SIZE_LIMIT_BYTES = 5 * 1024 * 1024;
 var BINARY_PROBE_BYTES = 8 * 1024;
 var FileContentCache = class {
@@ -5024,7 +5060,7 @@ var FileContentCache = class {
     }
     let buf;
     try {
-      buf = await readFile11(absPath);
+      buf = await readFile12(absPath);
     } catch (e) {
       return {
         isBinary: false,
@@ -5255,21 +5291,21 @@ function renderNode(node, indent, lines) {
 }
 
 // src/io/hash.ts
-import { readFile as readFile13, readdir as readdir5, stat as stat5 } from "fs/promises";
+import { readFile as readFile14, readdir as readdir5, stat as stat5 } from "fs/promises";
 import path15 from "path";
 import { createHash } from "crypto";
 import { createRequire as createRequire2 } from "module";
 
 // src/io/repo-scanner.ts
-import { readFile as readFile12, readdir as readdir4 } from "fs/promises";
-import { join, relative, sep } from "path";
+import { readFile as readFile13, readdir as readdir4 } from "fs/promises";
+import { join as join2, relative, sep } from "path";
 import { createRequire } from "module";
 var require2 = createRequire(import.meta.url);
 var ignoreFactory = require2("ignore");
 var YGGDRASIL_DIRNAME = ".yggdrasil";
 async function loadRootGitignoreStack(projectRoot) {
   try {
-    const content14 = await readFile12(join(projectRoot, ".gitignore"), "utf-8");
+    const content14 = await readFile13(join2(projectRoot, ".gitignore"), "utf-8");
     const ig = ignoreFactory();
     ig.add(content14);
     return [{ dir: projectRoot, ig }];
@@ -5290,7 +5326,7 @@ function isIgnoredByStack(absPath, stack) {
 async function collectFiles(dir, projectRoot, stack) {
   let localStack = stack;
   try {
-    const content14 = await readFile12(join(dir, ".gitignore"), "utf-8");
+    const content14 = await readFile13(join2(dir, ".gitignore"), "utf-8");
     const ig = ignoreFactory();
     ig.add(content14);
     localStack = [...stack, { dir, ig }];
@@ -5306,7 +5342,7 @@ async function collectFiles(dir, projectRoot, stack) {
   }
   const results = [];
   for (const entry of entries) {
-    const absPath = join(dir, entry.name);
+    const absPath = join2(dir, entry.name);
     if (entry.isDirectory()) {
       if (entry.name === ".git") continue;
       if (entry.name === YGGDRASIL_DIRNAME && dir === projectRoot) continue;
@@ -5344,13 +5380,13 @@ async function walkRepoFiles(projectRoot) {
 var require3 = createRequire2(import.meta.url);
 var ignoreFactory2 = require3("ignore");
 async function hashFile(filePath) {
-  const content14 = await readFile13(filePath);
+  const content14 = await readFile14(filePath);
   return createHash("sha256").update(content14).digest("hex");
 }
 async function loadRootGitignoreStack2(projectRoot) {
   if (!projectRoot) return [];
   try {
-    const content14 = await readFile13(path15.join(projectRoot, ".gitignore"), "utf-8");
+    const content14 = await readFile14(path15.join(projectRoot, ".gitignore"), "utf-8");
     const matcher = ignoreFactory2();
     matcher.add(content14);
     return [{ basePath: projectRoot, matcher }];
@@ -5375,7 +5411,7 @@ function hashBytes(bytes) {
 async function collectDirectoryFilePaths(directoryPath, rootDirectoryPath, options) {
   let stack = options.gitignoreStack ?? [];
   try {
-    const localContent = await readFile13(path15.join(directoryPath, ".gitignore"), "utf-8");
+    const localContent = await readFile14(path15.join(directoryPath, ".gitignore"), "utf-8");
     const localMatcher = ignoreFactory2();
     localMatcher.add(localContent);
     stack = [...stack, { basePath: directoryPath, matcher: localMatcher }];
@@ -6867,81 +6903,6 @@ async function checkDirectoriesHaveNodeYaml(graph) {
   return issues;
 }
 
-// src/io/secrets-parser.ts
-import { readFile as readFile14 } from "fs/promises";
-import { join as join2 } from "path";
-import { parse as parseYaml8 } from "yaml";
-async function loadSecrets(rootPath, providerName) {
-  const secretsPath = join2(rootPath, "yg-secrets.yaml");
-  let content14;
-  try {
-    content14 = await readFile14(secretsPath, "utf-8");
-  } catch (err) {
-    debugWrite(`[secrets-parser] readFile: ${err.message}`);
-    return void 0;
-  }
-  const raw = parseYaml8(content14);
-  if (raw === null || raw === void 0) return void 0;
-  if (typeof raw !== "object" || Array.isArray(raw)) {
-    throw new Error(`yg-secrets.yaml: top level must be a YAML mapping`);
-  }
-  const rawObj = raw;
-  if (rawObj.reviewer === void 0) return void 0;
-  if (typeof rawObj.reviewer !== "object" || rawObj.reviewer === null || Array.isArray(rawObj.reviewer)) {
-    throw new Error(`yg-secrets.yaml: 'reviewer' must be a YAML mapping`);
-  }
-  if (!providerName) return void 0;
-  const reviewerRaw = rawObj.reviewer;
-  const providerSection = reviewerRaw[providerName];
-  if (providerSection === void 0) return void 0;
-  if (typeof providerSection !== "object" || providerSection === null || Array.isArray(providerSection)) {
-    throw new Error(`yg-secrets.yaml: 'reviewer.${providerName}' must be a YAML mapping`);
-  }
-  return extractSecretFields(providerSection, providerName);
-}
-function extractSecretFields(raw, providerName) {
-  const ctx = (field) => `yg-secrets.yaml at reviewer.${providerName}.${field}`;
-  if (raw.api_key !== void 0) {
-    if (typeof raw.api_key !== "string") throw new Error(`${ctx("api_key")}: must be a string`);
-    if (raw.api_key.trim() !== "") {
-      return { api_key: raw.api_key };
-    }
-  }
-  return void 0;
-}
-function mergeLlmConfig(base, secrets) {
-  return { ...base, ...secrets };
-}
-async function inspectSecretsForValidation(rootPath) {
-  const secretsPath = join2(rootPath, "yg-secrets.yaml");
-  let content14;
-  try {
-    content14 = await readFile14(secretsPath, "utf-8");
-  } catch {
-    return [];
-  }
-  const raw = parseYaml8(content14);
-  if (raw === null || raw === void 0) return [];
-  if (typeof raw !== "object" || Array.isArray(raw)) {
-    throw new Error(`yg-secrets.yaml: top level must be a YAML mapping`);
-  }
-  if (raw.reviewer === void 0) return [];
-  if (typeof raw.reviewer !== "object" || raw.reviewer === null || Array.isArray(raw.reviewer)) {
-    throw new Error(`yg-secrets.yaml: 'reviewer' must be a YAML mapping`);
-  }
-  const reviewerRaw = raw.reviewer;
-  const results = [];
-  for (const [provider, section] of Object.entries(reviewerRaw)) {
-    if (!section || typeof section !== "object" || Array.isArray(section)) continue;
-    const sectionObj = section;
-    const foreignKeys = Object.keys(sectionObj).filter((k) => k !== "api_key");
-    if (foreignKeys.length > 0) {
-      results.push({ provider, foreignKeys });
-    }
-  }
-  return results;
-}
-
 // src/core/checks/relations.ts
 function findSimilar(target, candidates2) {
   if (candidates2.length === 0) return null;
@@ -7205,21 +7166,6 @@ function checkMissingDescriptions(graph) {
   }
   return issues;
 }
-async function checkSecretsCredentialsOnly(graph) {
-  const foreign = await inspectSecretsForValidation(graph.rootPath);
-  const issues = [];
-  for (const { provider, foreignKeys } of foreign) {
-    for (const key of foreignKeys) {
-      const msgData = {
-        what: `yg-secrets.yaml has '${key}' under reviewer.${provider}.`,
-        why: "The secrets file accepts only api_key; non-credential fields belong in yg-config.yaml tiers.",
-        next: `Move '${key}' into reviewer.tiers.<name> in .yggdrasil/yg-config.yaml and remove it from yg-secrets.yaml.`
-      };
-      issues.push({ code: "secrets-non-credential-field", severity: "error", rule: "secrets-non-credential-field", ...issueMsg(msgData), messageData: msgData });
-    }
-  }
-  return issues;
-}
 
 // src/core/validator.ts
 var ARCHITECTURE_FATAL_CODES = /* @__PURE__ */ new Set([
@@ -7332,7 +7278,6 @@ async function validate(graph, scope = "all") {
   issues.push(...await checkAspectReferences(graph));
   issues.push(...checkAspectStatusDowngrade(graph));
   issues.push(...checkFileDuplicateMapping(graph));
-  issues.push(...await checkSecretsCredentialsOnly(graph));
   const strictOutcome = await checkStrictBackwardCoverage(graph, cache);
   issues.push(...strictOutcome.issues);
   allUnreadable.push(...strictOutcome.unreadable);
@@ -9285,11 +9230,7 @@ var STRUCTURAL_CODES = /* @__PURE__ */ new Set([
   // re-validation in runCheck. Always an error (not an aspect, not suppressible);
   // a node depends on another node without a declared, sanctioned relation, or its
   // relation verdict could not be confirmed against the current tree.
-  "relation-undeclared-dependency",
-  // yg-secrets.yaml carries a non-credential field (only api_key is allowed).
-  // Emitted as a blocking error and gates --approve; structural so the summary
-  // tally counts it and computeSuggestedNext can point at it.
-  "secrets-non-credential-field"
+  "relation-undeclared-dependency"
 ]);
 var COMPLETENESS_CODES = /* @__PURE__ */ new Set(["description-missing"]);
 var APPROVE_GATING_CODES = /* @__PURE__ */ new Set([
@@ -9313,8 +9254,7 @@ var APPROVE_GATING_CODES = /* @__PURE__ */ new Set([
   "aspect-reviewer-type-invalid",
   "aspect-reviewer-unknown-key",
   "aspect-tier-on-deterministic",
-  "aspect-tier-unknown",
-  "secrets-non-credential-field"
+  "aspect-tier-unknown"
 ]);
 
 // src/core/log-format.ts
@@ -9454,10 +9394,7 @@ function computeLlmInputHash(input) {
     kind: "llm",
     references,
     tier: {
-      config: input.tier.config,
-      consensus: input.tier.consensus,
-      name: input.tier.name,
-      provider: input.tier.provider
+      name: input.tier.name
     }
   };
   return hashString(codePointCanonicalJson(canonical));
@@ -9490,14 +9427,8 @@ function hashListObservation(entries) {
 function hashExistsObservation(result) {
   return hashString(result === false ? "false" : result);
 }
-function tierHashView(tierName, llm) {
-  const { api_key: _a, timeout: _t, ...rest } = llm.config;
-  return {
-    name: tierName,
-    provider: llm.provider,
-    consensus: llm.consensus,
-    config: rest
-  };
+function tierHashView(tierName) {
+  return { name: tierName };
 }
 
 // src/structure/ctx-graph.ts
@@ -9673,16 +9604,8 @@ function ruleHashFor(aspect, filename) {
 function nodeDescriptionFor(graph, nodePath) {
   return graph.nodes.get(nodePath)?.meta.description ?? "";
 }
-function tierHashViewFromTier(tierName, tier) {
-  const {
-    provider,
-    consensus,
-    // Excluded gates — never fold into the verdict hash.
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    max_prompt_chars: _mpc,
-    ...rest
-  } = tier;
-  return tierHashView(tierName, { provider, consensus, config: rest });
+function tierHashViewFromTier(tierName) {
+  return tierHashView(tierName);
 }
 
 // src/llm/xml-escape.ts
@@ -9868,7 +9791,7 @@ async function verifyLlmPair(pair, aspect, graph, lock, projectRoot, storedEntry
       ruleHash,
       files: subjects.map((s) => [s.path, hashCached(path24.resolve(projectRoot, s.path), s.bytes)]),
       references: referencesForHash,
-      tier: tierHashViewFromTier(tierResult.tierName, tierResult.tier),
+      tier: tierHashViewFromTier(tierResult.tierName),
       verdict: storedEntry.verdict
     });
     valid4 = expectedHash === storedEntry.hash;
@@ -13289,14 +13212,41 @@ import { execFile as execFile2 } from "child_process";
 import { tmpdir } from "os";
 import { promisify as promisify2 } from "util";
 var execFileAsync2 = promisify2(execFile2);
+function coerceBool(v) {
+  if (typeof v === "boolean") return v;
+  if (typeof v === "string") {
+    const s = v.trim().toLowerCase();
+    if (s === "true") return true;
+    if (s === "false") return false;
+  }
+  return void 0;
+}
 function normalizeResponse(raw) {
   const r = raw;
   return {
-    satisfied: typeof r.satisfied === "boolean" ? r.satisfied : false,
+    satisfied: coerceBool(r.satisfied) ?? false,
     reason: typeof r.reason === "string" ? r.reason : "",
     errorSource: "codeViolation"
   };
 }
+function salvageVerdict(text2) {
+  if (!text2.includes("{")) return void 0;
+  const verdicts = [...text2.matchAll(/"satisfied"\s*:\s*"?(true|false)"?/gi)];
+  if (verdicts.length === 0) return void 0;
+  const satisfied = verdicts[verdicts.length - 1][1].toLowerCase() === "true";
+  let reason = "";
+  const rms = [...text2.matchAll(/"reason"\s*:\s*"/g)];
+  if (rms.length > 0) {
+    const m = rms[rms.length - 1];
+    reason = text2.slice((m.index ?? 0) + m[0].length).split(/"\s*,\s*"satisfied"\s*:/i)[0].replace(/\s*}\s*$/, "").replace(/"\s*$/, "").replace(/\\"/g, '"').replace(/\\n/g, "\n").replace(/\\t/g, "	").replace(/\\\\/g, "\\").trim();
+  }
+  debugWrite("[parseAspectResponse] salvaged verdict from invalid-JSON reply");
+  return {
+    satisfied,
+    reason: reason || "(verdict salvaged; reviewer reason was not valid JSON)",
+    errorSource: "codeViolation"
+  };
+}
 function extractLastVerdict(text2) {
   let last;
   for (let i = 0; i < text2.length; i++) {
@@ -13319,7 +13269,7 @@ function extractLastVerdict(text2) {
         if (depth === 0) {
           try {
             const obj = JSON.parse(text2.slice(i, j + 1));
-            if (obj && typeof obj.satisfied === "boolean") last = obj;
+            if (obj && coerceBool(obj.satisfied) !== void 0) last = obj;
           } catch {
           }
           break;
@@ -13347,6 +13297,8 @@ function parseAspectResponse(output) {
   }
   const verdict = extractLastVerdict(trimmed);
   if (verdict) return normalizeResponse(verdict);
+  const salvaged = salvageVerdict(trimmed);
+  if (salvaged) return salvaged;
   debugWrite("[parseAspectResponse] no parseable JSON verdict \u2014 classifying as provider error");
   return { satisfied: false, reason: `Unparseable reviewer response: ${trimmed.slice(0, 160)}`, errorSource: "provider" };
 }
@@ -13432,10 +13384,12 @@ var OllamaProvider = class {
   endpoint;
   model;
   temperature;
+  timeout;
   constructor(config) {
     this.endpoint = config.endpoint ?? "http://localhost:11434";
     this.model = config.model;
     this.temperature = config.temperature;
+    this.timeout = config.timeout ?? 3e5;
   }
   async isAvailable() {
     try {
@@ -13452,7 +13406,11 @@ var OllamaProvider = class {
       model: this.model,
       messages: [{ role: "user", content: prompt }],
       stream: false,
-      think: false,
+      // Native thinking ON: the model reasons in its own `thinking` channel and
+      // emits only the final JSON verdict in `content`. The verdict therefore
+      // follows the reasoning (no snap-judgment before the rules are weighed) and
+      // chain-of-thought never leaks into the parsed `reason`.
+      think: true,
       // num_predict: -1 → generate until the model stops; no cap, so the verdict
       // is never truncated (a cut-off JSON would otherwise fail to parse and waste
       // a re-verification).
@@ -13464,7 +13422,7 @@ var OllamaProvider = class {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify(body)
-      }, "ollama");
+      }, "ollama", this.timeout);
       if (!res.ok) {
         debugWrite(`[ollama] http_error: ${res.status} ${res.statusText}`);
         return fallback;
@@ -14705,7 +14663,7 @@ async function fillLlmPair(graph, projectRoot, pair, aspect, tier, tierName, mer
     ruleHash: ruleHashFor(aspect, "content.md"),
     files: subjects.map((s) => [s.path, hashBytes(s.bytes)]),
     references: referencesForHash,
-    tier: tierHashViewFromTier(tierName, tier),
+    tier: tierHashViewFromTier(tierName),
     verdict
   });
   const entry = { verdict, hash };
@@ -14772,7 +14730,7 @@ async function logGateBlocks(graph, projectRoot, node, lock, emitIssue) {
   if (!blocked) return false;
   emitIssue({
     what: `No fresh log entry for node '${toPosixPath(node.path)}' \u2014 mandatory before --approve when source changed.`,
-    why: `Node type '${node.meta.type}' has log_required: true \u2014 every source change needs a justification entry capturing WHY. This node's pairs are skipped this run; other nodes proceed.`,
+    why: `Node type '${node.meta.type}' has log_required: true \u2014 every source change needs a justification entry capturing WHY. --approve stops here and approves nothing this run until a fresh entry exists.`,
     next: `yg log add --node ${toPosixPath(node.path)} --reason '<justification>', then re-run: yg check --approve`
   });
   return true;
@@ -14936,6 +14894,14 @@ async function runFill(graph, opts) {
     const blocked = await logGateBlocks(graph, projectRoot, node, lock, emitIssue);
     if (blocked) blockedNodes.add(nodePath);
   }
+  if (blockedNodes.size > 0) {
+    throw new FillGatingError([{
+      code: "log-entry-required",
+      what: `${blockedNodes.size} node(s) need a fresh log entry before --approve.`,
+      why: "Source changed on log_required nodes without a justification entry; nothing was approved this run.",
+      next: "Add the log entries listed above (yg log add), then re-run: yg check --approve"
+    }]);
+  }
   let reviewerCallsMade = 0;
   let infraFailures = 0;
   let runtimeErrors = 0;
@@ -14975,7 +14941,6 @@ async function runFill(graph, opts) {
       next: `Fix the deterministic violations on '${toPosixPath(nodePath)}', then re-run: yg check --approve`
     });
   }
-  const secretsByProvider = /* @__PURE__ */ new Map();
   const referencesCache = /* @__PURE__ */ new Map();
   const byTier = /* @__PURE__ */ new Map();
   const infraReport = [];
@@ -15002,12 +14967,7 @@ async function runFill(graph, opts) {
   const parallel = Math.max(1, graph.config.parallel ?? 1);
   for (const [tierName, group] of byTier) {
     const baseTier = group[0].tier;
-    if (!secretsByProvider.has(baseTier.provider)) {
-      const secrets = await loadSecrets(graph.rootPath, baseTier.provider);
-      secretsByProvider.set(baseTier.provider, secrets ?? null);
-    }
-    const merged = applySecrets(baseTier, secretsByProvider.get(baseTier.provider));
-    const provider = createLlmProvider(merged);
+    const provider = createLlmProvider(baseTier);
     let available;
     try {
       available = await provider.isAvailable();
@@ -15017,16 +14977,22 @@ async function runFill(graph, opts) {
     }
     if (!available) {
       infraFailures += group.length;
-      infraReport.push({ provider: merged.provider, tier: tierName });
+      infraReport.push({ provider: baseTier.provider, tier: tierName });
       emitIssue({
-        what: `Reviewer provider '${merged.provider}' (tier '${tierName}') is unreachable \u2014 ${group.length} pair(s) left unverified.`,
+        what: `Reviewer provider '${baseTier.provider}' (tier '${tierName}') is unreachable \u2014 ${group.length} pair(s) left unverified.`,
         why: "The configured reviewer endpoint did not respond (availability check failed) \u2014 an infrastructure problem, not a code violation. No verdict was written.",
         next: `Check the provider endpoint, network, and credentials, then re-run: yg check --approve`
       });
       continue;
     }
     const outcomes = await runPairPool(group, parallel, async (item) => {
-      return fillLlmPair(graph, projectRoot, item.pair, item.aspect, item.tier, item.tierName, merged, provider, referencesCache);
+      const outcome = await fillLlmPair(graph, projectRoot, item.pair, item.aspect, item.tier, item.tierName, baseTier, provider, referencesCache);
+      if (outcome.kind !== "infra") {
+        await setEntry(item.pair.aspectId, item.pair.unitKey, outcome.entry);
+        write(`  [llm] ${item.pair.aspectId} on ${toPosixPath(item.pair.unitKey)} \u2014 ${outcome.entry.verdict}
+`);
+      }
+      return outcome;
     });
     for (let i = 0; i < group.length; i++) {
       const item = group[i];
@@ -15034,17 +15000,13 @@ async function runFill(graph, opts) {
       reviewerCallsMade += outcome.callsMade;
       if (outcome.kind === "infra") {
         infraFailures += 1;
-        infraReport.push({ provider: merged.provider, tier: tierName });
+        infraReport.push({ provider: baseTier.provider, tier: tierName });
         emitIssue({
           what: `Reviewer could not verify aspect '${item.pair.aspectId}' on ${toPosixPath(item.pair.unitKey)} \u2014 left unverified.`,
           why: outcome.why,
           next: `Resolve the provider/config problem, then re-run: yg check --approve`
         });
-        continue;
       }
-      await setEntry(item.pair.aspectId, item.pair.unitKey, outcome.entry);
-      write(`  [llm] ${item.pair.aspectId} on ${toPosixPath(item.pair.unitKey)} \u2014 ${outcome.entry.verdict}
-`);
     }
   }
   await applyPositiveClosure(graph, projectRoot, lock, blockedNodes, persistLock);
@@ -15073,9 +15035,6 @@ async function runFill(graph, opts) {
   const checkResult = await runCheck(graph, opts.gitTrackedFiles);
   return { checkResult, reviewerCallsMade, infraFailures, runtimeErrors };
 }
-function applySecrets(tier, secrets) {
-  return secrets ? mergeLlmConfig(tier, secrets) : tier;
-}
 
 // src/cli/check.ts
 import { execFileSync } from "child_process";
@@ -15643,8 +15602,7 @@ async function runLlmAspectTest(graph, projectRoot, aspect, nodePath, dryRun) {
   const nodeDescription = nodeDescriptionFor(graph, nodePath);
   const aspectContent = contentFor(aspect, "content.md");
   if (!dryRun) {
-    const secrets = await loadSecrets(graph.rootPath, tier.provider);
-    const mergedTier = secrets ? mergeLlmConfig(tier, secrets) : tier;
+    const mergedTier = tier;
     const provider = createLlmProvider(mergedTier);
     let available;
     try {
@@ -18351,8 +18309,10 @@ verdict: "approved" | "refused"             // the discrete token \u2014 tamper
 \`\`\`
 
 LLM pairs additionally fold their prompt inputs: the aspect description, each
-reference \`[path, sha256(bytes), description]\`, and the resolved tier
-\`{name, provider, consensus, config}\`.
+reference \`[path, sha256(bytes), description]\`, and the resolved tier's NAME.
+The tier's config (provider, model, endpoint, temperature, consensus, api_key,
+timeout) is NOT a verdict input \u2014 only the name folds in, so a named tier can be
+re-pointed at a different reviewer without invalidating any recorded verdict.
 
 Deterministic pairs additionally fold the **observation set** \u2014 everything the
 check observed through \`ctx\` beyond its subject files, recorded by the runner:
@@ -18382,8 +18342,10 @@ costs at worst one free re-run; a missed one yields a stale-green verdict.
 - **\`reason\`** / free-text output \u2014 only the discrete verdict token is folded.
 - **Node description** \u2014 prompt garnish, not hashed (the aspect description IS
   hashed for LLM pairs).
-- **\`timeout\`** and **api_key** in tier config \u2014 transport / secret knobs, not
-  judgment inputs.
+- **Tier config** \u2014 provider, model, endpoint, temperature, consensus, api_key,
+  and timeout. Only the tier NAME folds into the hash; the resolved config is the
+  reviewer's private business, so re-pointing a named tier at a different model or
+  provider does not invalidate a verdict.
 - **\`max_prompt_chars\`** \u2014 a gate, not an input; lowering it can trip the gate on
   an already-verified pair without invalidating the verdict.
 - **\`when\` / \`implies\` / port declarations** \u2014 applicability is recomputed live
@@ -18637,10 +18599,10 @@ Provider-specific options passed to the LLM client:
 | \`endpoint\` | string | Required for \`openai-compatible\` (no default host \u2014 else falls back to api.openai.com); \`ollama\` defaults to http://localhost:11434. |
 | \`timeout\` | number | Timeout in seconds. Default 300. Applies to CLI providers only \u2014 non-CLI/API providers ignore it. Not folded into a verdict's hash (a transport knob). |
 
-API keys do NOT live here \u2014 they belong in \`yg-secrets.yaml\` (api_key only).
-API providers also read the provider API key from environment variables (e.g.
-the provider's standard \`*_API_KEY\`) as a fallback when not present in
-\`yg-secrets.yaml\`.
+API keys do NOT belong in the committed config \u2014 put them in \`yg-secrets.yaml\`,
+the local overlay (see "Secrets and local overrides" below). API providers also
+read the provider API key from the standard \`*_API_KEY\` environment variable as
+a fallback when it is not present in \`yg-secrets.yaml\`.
 
 ## Multi-tier example
 
@@ -18677,25 +18639,30 @@ reviewer:
   type: llm
 \`\`\`
 
-## Secrets (yg-secrets.yaml)
+## Secrets and local overrides (yg-secrets.yaml)
 
-API keys go in \`yg-secrets.yaml\`, NOT in \`yg-config.yaml\`.
-\`yg-secrets.yaml\` is gitignored by default \u2014 see "Local state (.yggdrasil/.gitignore)" below.
+\`yg-secrets.yaml\` is a deep-merge OVERLAY over \`yg-config.yaml\`: it mirrors the
+same shape, and any field present in it wins. Use it for the API key of a tier,
+or to point a named tier at a different provider/model/endpoint on your machine.
+It is gitignored by default \u2014 see "Local state (.yggdrasil/.gitignore)" below \u2014
+and is never committed.
 
 \`\`\`yaml
 # .yggdrasil/yg-secrets.yaml  \u2014 gitignored, never commit
 reviewer:
-  anthropic:
-    api_key: sk-ant-...
+  tiers:
+    standard:
+      config:
+        api_key: sk-ant-...
 \`\`\`
 
-The secrets file accepts only \`api_key\` per provider. Any other field
-triggers \`secrets-non-credential-field\` from \`yg check\` \u2014 non-credential
-overrides belong in the tier's \`config:\` block instead.
+Because only the tier NAME is folded into a verdict's hash, an overlay never
+invalidates recorded baselines: the committed config names a canonical reviewer
+while each machine points the same named tier at its own provider, model, or key.
 
-API providers also read the provider API key from environment variables (e.g.
-the provider's standard \`*_API_KEY\`) as a fallback when not present in
-\`yg-secrets.yaml\`. If the env var is set, \`yg-secrets.yaml\` is not required.
+API providers also read the provider API key from the standard \`*_API_KEY\`
+environment variable as a fallback. If the env var is set, the key is not needed
+in \`yg-secrets.yaml\`.
 
 \`yg-config.yaml\` itself must never contain credentials. Commit it to the
 repository \u2014 it is safe to share.

package/graph-schemas/yg-config.yaml

@@ -46,4 +46,8 @@ reviewer:                         # required — aspect verification during yg c
     #     tier: deep
     #
     # Tier names match ^[a-zA-Z][a-zA-Z0-9_-]{0,62}$ and `default` is reserved.
-    # API keys live in yg-secrets.yaml (api_key only) — never in this file.
+    # yg-secrets.yaml is a deep-merge overlay over this file (gitignored): it
+    # mirrors the same shape and overrides any field locally — most often a
+    # tier's api_key, or pointing a named tier at a different provider/model.
+    # Only the tier NAME is folded into a verdict hash, so a local override never
+    # invalidates recorded baselines. Keep credentials out of this committed file.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chrisdudek/yg",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "description": "Architecture rules your AI coding agent can't ignore. It gets the rules for a file before it edits, and every change is checked — by a free local script or an LLM reviewer — before it moves on. Works with Claude Code, Cursor, Copilot, Codex, Cline.",
   "type": "module",
   "bin": {