@evomap/evolver 1.89.2 → 1.89.4

package/examples/atp-consumer-quickstart.md

@@ -0,0 +1,100 @@
+# ATP Consumer Quick Start
+
+Three commands to place, inspect, and verify an order on the
+Agent Transaction Protocol (ATP) without writing any code.
+
+## Prerequisites
+
+- `@evomap/evolver` installed and registered with the Hub
+  (your evolver directory has a valid `.env` containing `A2A_HUB_URL` and
+  `A2A_NODE_SECRET`; see `README.md` for initial setup).
+- Enough credits on the Hub to cover the order budget.
+- A remote merchant with a matching capability active on the Hub.
+  (If you have `EVOLVER_ATP=auto` set the default, every evolver instance is
+  already advertising a generic `code_evolution` service -- this is where the
+  cold-start demand usually terminates.)
+
+## 1. Place an order and wait for settlement
+
+```bash
+evolver buy code_review,bug_fix --budget 10 --question "Please review my latest patch for null-safety bugs"
+```
+
+Output:
+
+```
+[ATP] Placing order: capabilities=code_review,bug_fix budget=10 mode=fastest
+[ATP-Consumer] Order placed: ord_abcd1234 -> merchant: node_xyz
+[ATP] Order settled: ord_abcd1234
+[ATP] Final status: { ... delivery payload ... }
+```
+
+`buy` uses `consumerAgent.orderAndWait` internally: it places the order, polls
+until the proof is settled (or the 300s timeout fires), then exits `0`.
+
+Add `--no-wait` if you prefer to fire-and-forget and check status later with
+`orders`.
+
+## 2. List your recent orders
+
+```bash
+evolver orders --role consumer --status settled --limit 5
+```
+
+```bash
+[ATP] Showing 3 order(s):
+  - ord_abcd1234 | status=settled | created=2026-04-22T12:00:00Z
+  - ord_aaaa1111 | status=settled | created=2026-04-20T08:30:00Z
+  - ord_bbbb2222 | status=disputed | created=2026-04-18T17:12:00Z
+```
+
+Flip `--role merchant` to see orders you delivered. `--json` dumps the raw
+payload if you want to pipe it into another tool.
+
+## 3. Verify delivery (bilateral mode)
+
+If you used `--verify=bilateral` you must confirm delivery manually:
+
+```bash
+evolver verify ord_abcd1234 --action confirm
+```
+
+Or trigger AI judge verification:
+
+```bash
+evolver verify ord_abcd1234 --action ai_judge
+```
+
+## Opt-in auto-buy (experimental, beta only)
+
+If you run `evolver` in loop mode and want it to automatically place an ATP
+order when it detects a `capability_gap` signal it cannot solve locally:
+
+```bash
+export EVOLVER_ATP_AUTOBUY=on
+export ATP_AUTOBUY_DAILY_CAP_CREDITS=50      # hard daily ceiling (default 50)
+export ATP_AUTOBUY_PER_ORDER_CAP_CREDITS=10  # hard per-order ceiling (default 10)
+evolver run --loop
+```
+
+Safety properties of the auto-buyer:
+
+- Default OFF; must be explicitly enabled.
+- Cold-start grace period (first 5 minutes) halves the effective caps in case
+  of a restart storm or misconfiguration.
+- Same question + capability pair is only bought once every 24 hours (UTC).
+- Every Hub call has a hard 3s timeout race so the evolve loop never blocks.
+- All budget numbers are clamped to `>= 0` on both server and client.
+
+If something goes wrong, just `unset EVOLVER_ATP_AUTOBUY` and restart.
+
+## Troubleshooting
+
+- `no_matching_services`: no merchant on the Hub currently advertises the
+  capabilities you asked for, or every candidate failed the reliability filter.
+  Try broader `caps`, raise `--budget`, or wait for new merchants to register.
+- `insufficient_balance`: top up your node's credits (via faucet or validator
+  work) before retrying.
+- `order_timeout`: the merchant never submitted delivery. The escrow cron will
+  refund you within 7 days; or you can dispute earlier with
+  `evolver verify ord_xxx --action ai_judge`.

package/examples/hello-world.md

@@ -0,0 +1,38 @@
+# Hello World -- Quick Start
+
+Try Evolver locally in 3 steps:
+
+1. Clone and enter:
+
+```bash
+git clone https://github.com/EvoMap/evolver.git && cd evolver
+```
+
+2. Install and run a single evolution:
+
+```bash
+npm install
+node index.js
+```
+
+3. Review mode (human-in-the-loop):
+
+```bash
+node index.js --review
+```
+
+Expected: the tool prints a GEP prompt to stdout. Use `--loop` to run continuously:
+
+```bash
+node index.js --loop
+```
+
+## Without the EvoMap Hub
+
+Evolver works fully offline. The Hub connection (see `A2A_HUB_URL` / `A2A_NODE_ID` in the main README) is only needed for network features like skill sharing, worker pool, and evolution leaderboards.
+
+## Next steps
+
+- Read the main [README.md](../README.md) for the full feature list and strategy presets.
+- Visit [evomap.ai](https://evomap.ai) to register a node and connect to the EvoMap network.
+- Explore the [GEP Protocol](https://evomap.ai/wiki) to understand Genes, Capsules, and EvolutionEvents.

package/index.js

@@ -268,23 +268,17 @@ function getLastSignals(statePath) {
 
 // Singleton Guard - prevent multiple evolver daemon instances.
 //
-// Round-4: pidfile location previously defaulted to __dirname, which is a
-// DIFFERENT path per install mode -- /usr/local/lib/node_modules/... for a
-// global install, the dev-clone path for `node index.js`, a transient
-// $NPM_CACHE/_npx/<hash> for `npx evolver`. Two daemons launched under
-// different install modes never saw each other's lock and could run
-// concurrently against the same ~/.evomap/node_secret, ping-ponging on
-// secret rotation and silently entering reauth backoff -- the user-
-// reported "first launch ok, idle, then dead forever" pattern. Default
-// now lives under the per-user state dir so all install modes converge.
-// EVOLVER_LOCK_DIR still overrides for tests / sandboxed runs.
-function getLockFilePath() {
-  if (process.env.EVOLVER_LOCK_DIR) {
-    return path.join(process.env.EVOLVER_LOCK_DIR, 'evolver.pid');
-  }
-  // os.homedir() is cross-platform; process.env.HOME is unset on Windows.
-  return path.join(os.homedir(), '.evomap', 'instance.lock');
-}
+// Lock location + lease tunables live in src/adapters/scripts/_lockPaths.js
+// (issue #176): the session-start hook's auto-restart guard needs the exact
+// same resolution, and inlining it in both places drifted. The Round-4
+// (per-install-mode pidfile convergence) and Round-9 (lease staleness)
+// history notes moved there with the code.
+const {
+  getLockFilePath,
+  lockIsStaleByLease: _lockIsStaleByLease,
+  STALE_LOCK_TTL_MS,
+  LOCK_REFRESH_MS,
+} = require('./src/adapters/scripts/_lockPaths');
 
 function _writeLockAtomic(lockFile, payload) {
   // Round-6 (§19.8): the previous implementation used tmp + rename, which
@@ -372,38 +366,11 @@ function _lockPayload() {
   });
 }
 
-// Round-9: lease tunables for the daemon lock. A live daemon refreshes the
-// lock mtime every LOCK_REFRESH_MS; a lock whose mtime is older than
-// STALE_LOCK_TTL_MS (and that was written by a lease-aware daemon) is
-// treated as stale even if its PID happens to be alive -- closing the
-// "crash + PID reuse -> new daemon silently refuses to start" hole and the
-// "SIGKILL leaves a stale lock nobody reclaims" hole. The TTL is well above
-// the heartbeat interval (default 6min) so a healthy daemon never trips it.
-// On Windows, SIGTERM is implemented as TerminateProcess() (not a catchable
-// signal), so the shutdown() handler that calls releaseLock() never runs.
-// The lock file stays on disk with the dead PID. Reduce the TTL on Windows
-// so a subsequent start doesn't wait 15 minutes to reclaim the stale lock.
-// Unix dropped from 15 min -> 5 min so a wedged daemon does not block takeover
-// for a quarter hour. 5 min is still 2.5x the 2-min Unix refresh cadence.
-// Windows 3 min TTL gets a 1-min refresh (3x margin) since 2-min refresh left
-// only 1.5x margin against transient FS hiccups.
-const STALE_LOCK_TTL_MS = process.platform === 'win32' ? 3 * 60_000 : 5 * 60_000;
-const LOCK_REFRESH_MS = process.platform === 'win32' ? 1 * 60_000 : 2 * 60_000;
+// STALE_LOCK_TTL_MS / LOCK_REFRESH_MS / _lockIsStaleByLease come from
+// src/adapters/scripts/_lockPaths.js (required next to getLockFilePath
+// above) — see issue #176 and the Round-9 history note in that module.
 let _lockRefreshTimer = null;
 
-// Returns true if the lock was written by a lease-aware daemon AND its
-// mtime is older than the stale TTL -- i.e. no live owner is refreshing it,
-// so it is safe to reclaim regardless of whether the recorded PID resolves.
-function _lockIsStaleByLease(lockFile, payload) {
-  if (!payload || payload.lease !== true) return false;
-  try {
-    const ageMs = Date.now() - fs.statSync(lockFile).mtimeMs;
-    return ageMs > STALE_LOCK_TTL_MS;
-  } catch (_) {
-    return false;
-  }
-}
-
 // Start refreshing the lock file's mtime so other processes can tell this
 // daemon is alive without trusting a (recyclable) PID. unref'd: it never
 // keeps the event loop open on its own, but fires for as long as the daemon
@@ -2955,10 +2922,39 @@ async function main() {
       process.exit(1);
     }
 
+  } else if (command === 'experiment') {
+    // Comparative experiment runner: run the SAME task twice -- a baseline arm
+    // and a variant arm that reuses a gene's strategy -- via a headless agent
+    // CLI, collect duration/rounds/tokens/pass-rate, and print a comparison
+    // JSON to stdout. Consumed by EvoMap Desktop's ExperimentsAPI.Run, which
+    // spawns `node index.js experiment --request-file=<json>` and parses stdout.
+    try {
+      const expCli = require('./src/experiment/cli');
+      const parsed = expCli.parseExperimentArgs(args.slice(1));
+      if (!parsed.ok) {
+        console.error('[Experiment] ' + parsed.error);
+        console.error(expCli.printExperimentUsage());
+        process.exit(2);
+      }
+      const res = await expCli.runExperiment(parsed.opts, { err: (...a) => console.error(...a) });
+      // stdout carries ONLY the structured JSON so the Go caller can JSON.parse
+      // it without log contamination; all logging above went to stderr. res.data
+      // is already secret-redacted by runExperiment (sanitizePayload).
+      if (res && res.data) process.stdout.write(JSON.stringify(res.data) + '\n');
+      process.exit(res && typeof res.exitCode === 'number' ? res.exitCode : (res && res.ok ? 0 : 1));
+    } catch (expErr) {
+      console.error('[Experiment] CLI error:', expErr && expErr.message || expErr);
+      process.exit(1);
+    }
+
   } else {
-    console.log(`Usage: node index.js [run|/evolve|login|logout|solidify|review|distill|fetch|sync|asset-log|webui|setup-hooks|recipe|buy|orders|verify|atp|atp-complete] [--loop]
+    console.log(`Usage: node index.js [run|/evolve|login|logout|solidify|review|distill|fetch|sync|asset-log|webui|setup-hooks|recipe|buy|orders|verify|atp|atp-complete|experiment] [--loop]
   - login                      (authorize this device via the hub, gh-auth-login style; stores an OAuth token used instead of node_secret)
   - logout                     (remove the stored OAuth token)
+  - experiment flags:
+    - --task="..." --metric="..."              (required; same task, baseline vs variant)
+    - --gene=<geneId>                          (variant arm reuses this gene's strategy)
+    - --baseline="..." --variant="..." --validation="c1;;c2" --request-file=<json>
   - recipe flags:
     - build --title="..." --genes=<asset_id,...> [--description] [--price=N] [--publish]
                               (builds a DRAFT DNA blueprint; --publish is opt-in)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@evomap/evolver",
-  "version": "1.89.2",
+  "version": "1.89.4",
   "description": "A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.",
   "main": "index.js",
   "bin": {
@@ -28,10 +28,12 @@
     "run": "node index.js run",
     "solidify": "node index.js solidify",
     "review": "node index.js review",
+    "distill": "node index.js distill",
+    "webui": "node index.js webui",
+    "test": "node -e \"const fs=require('fs'),cp=require('child_process');const all=fs.readdirSync('test').filter(f=>f.endsWith('.test.js'));const iso=new Set(['solidifyIntegration.test.js']);const others=all.filter(f=>!iso.has(f)).map(f=>'test/'+f);const isoFiles=all.filter(f=>iso.has(f)).map(f=>'test/'+f);if(others.length)cp.execSync('node --test '+others.join(' '),{stdio:'inherit'});if(isoFiles.length)cp.execSync('node --test '+isoFiles.join(' '),{stdio:'inherit'})\"",
     "a2a:export": "node scripts/a2a_export.js",
     "a2a:ingest": "node scripts/a2a_ingest.js",
-    "a2a:promote": "node scripts/a2a_promote.js",
-    "test": "node -e \"const fs=require('fs'),cp=require('child_process');const all=fs.readdirSync('test').filter(f=>f.endsWith('.test.js'));const iso=new Set(['solidifyIntegration.test.js']);const others=all.filter(f=>!iso.has(f)).map(f=>'test/'+f);const isoFiles=all.filter(f=>iso.has(f)).map(f=>'test/'+f);if(others.length)cp.execSync('node --test '+others.join(' '),{stdio:'inherit'});if(isoFiles.length)cp.execSync('node --test '+isoFiles.join(' '),{stdio:'inherit'})\""
+    "a2a:promote": "node scripts/a2a_promote.js"
   },
   "engines": {
     "node": ">=22.12"
@@ -48,18 +50,5 @@
   },
   "optionalDependencies": {
     "@napi-rs/keyring": "^1.1.6"
-  },
-  "files": [
-    "assets/",
-    "index.js",
-    "src/",
-    "scripts/",
-    "skills/",
-    "README.md",
-    "README.zh-CN.md",
-    "README.ja-JP.md",
-    "SKILL.md",
-    "CONTRIBUTING.md",
-    "LICENSE"
-  ]
+  }
 }

package/proxy-package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@evomap/proxy",
+  "version": "0.1.0",
+  "description": "Local mailbox proxy for agent-to-hub communication via Evomap. Decouples agents from Hub business details through an async message queue.",
+  "main": "src/proxy/index.js",
+  "exports": {
+    ".": "./src/proxy/index.js",
+    "./store": "./src/proxy/mailbox/store.js",
+    "./transport": "./src/gep/mailboxTransport.js"
+  },
+  "files": [
+    "src/proxy/",
+    "src/gep/mailboxTransport.js"
+  ],
+  "scripts": {
+    "test": "node --test test/mailboxStore.test.js test/proxyServer.test.js test/proxySettings.test.js test/taskMonitor.test.js"
+  },
+  "keywords": [
+    "evomap",
+    "proxy",
+    "mailbox",
+    "agent",
+    "a2a",
+    "gep"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/EvoMap/evolver"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {},
+  "peerDependencies": {},
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/public.manifest.json

@@ -0,0 +1,143 @@
+{
+  "version": 1,
+  "outDir": "dist-public",
+  "include": [
+    "assets/cover.png",
+    "index.js",
+    "package.json",
+    "README.public.md",
+    "README.zh-CN.md",
+    "README.ja-JP.md",
+    "README.ko-KR.md",
+    "SKILL.md",
+    "CONTRIBUTING.md",
+    "LICENSE",
+    "src/**",
+    "bundled-skills/**",
+    "scripts/*.js",
+    "test/*.test.js",
+    "test/helpers/**",
+    "examples/**",
+    ".github/**",
+    ".gitignore",
+    ".npmignore"
+  ],
+  "exclude": [
+    ".github/CODEOWNERS",
+    "assets/gep/candidates.jsonl",
+    "assets/gep/external_candidates.jsonl",
+    "assets/gep/genes.json",
+    "assets/gep/capsules.json",
+    "assets/gep/events.jsonl",
+    "assets/gep/genes.jsonl",
+    "assets/gep/capsules.jsonl",
+    "assets/gep/a2a/**",
+    "docs/**",
+    "memory/**",
+    "dist-public/**",
+    ".evolver/**",
+    "scripts/build_public.js",
+    "scripts/publish_public.js",
+    "scripts/pre_publish_check.js",
+    "scripts/normalize_skill2gep_genes.js",
+    "scripts/normalize_skill2gep_capsules.js",
+    "scripts/publish_skill2gep_bundle.js",
+    "scripts/repush_skill2gep_skills.js",
+    "scripts/evolver.service",
+    "scripts/com.evomap.evolver.plist",
+    "scripts/install-evolver-windows.ps1",
+    "public.manifest.json",
+    "test/Dockerfile",
+    "test/fixtures/**",
+    "test/llm_helper.js",
+    "test/proxyTraceExtractor.test.js",
+    "test/proxyAutoInject.test.js",
+    "test/vibe_test.js",
+    "test/build-exclude.test.js",
+    "test/npm-pack-includes-scripts.test.js",
+    "test/validator.test.js",
+    "test/validatorReportDiagnostics.test.js",
+    "test/selfPR.test.js",
+    "test/execBridge.test.js",
+    "test/autoDistillLlm.test.js",
+    "test/modelRouter.test.js",
+    "docker-compose.test.yml",
+    ".git/**",
+    ".cursor/**"
+  ],
+  "rename": {
+    "README.public.md": "README.md",
+    "bundled-skills": "skills"
+  },
+  "obfuscate": [
+    "src/evolve.js",
+    "src/evolve/guards.js",
+    "src/evolve/pipeline/collect.js",
+    "src/evolve/pipeline/signals.js",
+    "src/evolve/pipeline/hub.js",
+    "src/evolve/pipeline/enrich.js",
+    "src/evolve/pipeline/select.js",
+    "src/evolve/pipeline/dispatch.js",
+    "src/evolve/utils.js",
+    "src/gep/selector.js",
+    "src/gep/mutation.js",
+    "src/gep/solidify.js",
+    "src/gep/tokenSavings.js",
+    "src/gep/prompt.js",
+    "src/gep/candidates.js",
+    "src/gep/reflection.js",
+    "src/gep/narrativeMemory.js",
+    "src/gep/curriculum.js",
+    "src/gep/personality.js",
+    "src/gep/learningSignals.js",
+    "src/gep/memoryGraph.js",
+    "src/gep/memoryGraphAdapter.js",
+    "src/gep/openPRRegistry.js",
+    "src/gep/recallVerifier.js",
+    "src/gep/strategy.js",
+    "src/gep/candidateEval.js",
+    "src/gep/hubVerify.js",
+    "src/gep/crypto.js",
+    "src/gep/contentHash.js",
+    "src/gep/a2aProtocol.js",
+    "src/gep/hubSearch.js",
+    "src/gep/hubReview.js",
+    "src/gep/hubFetch.js",
+    "src/gep/policyCheck.js",
+    "src/gep/hash.js",
+    "src/gep/epigenetics.js",
+    "src/gep/deviceId.js",
+    "src/gep/envFingerprint.js",
+    "src/gep/antiAbuseTelemetry.js",
+    "src/gep/skillDistiller.js",
+    "src/gep/explore.js",
+    "src/gep/conversationSniffer.js",
+    "src/gep/execBridge.js",
+    "src/gep/autoDistillLlm.js",
+    "src/gep/autoDistillConv.js",
+    "src/gep/recallInject.js",
+    "src/gep/workspaceKeychain.js",
+    "src/proxy/inject.js",
+    "src/proxy/trace/extractor.js",
+    "src/proxy/trace/usage.js",
+    "src/proxy/extensions/traceControl.js"
+  ],
+  "rewrite": {
+    "package.json": {
+      "replace": [
+        {
+          "from": "\"name\": \"evolver\"",
+          "to": "\"name\": \"@evomap/evolver\""
+        }
+      ]
+    },
+    "README.zh-CN.md": {
+      "replace": [
+        {
+          "from": "本仓库作为 public 仓库的私有维护区。",
+          "to": "本仓库为公开发行版本。"
+        }
+      ]
+    }
+  }
+}

package/src/adapters/hookAdapter.js

@@ -168,6 +168,7 @@ function copyHookScripts(destDir, evolverRoot) {
   const scripts = [
     '_runtimePaths.js',
     '_memoryFiltering.js',
+    '_lockPaths.js',
     'evolver-session-start.js',
     'evolver-signal-detect.js',
     'evolver-session-end.js',
@@ -255,6 +256,7 @@ function removeHookScripts(hooksDir) {
   const scripts = [
     '_runtimePaths.js',
     '_memoryFiltering.js',
+    '_lockPaths.js',
     'evolver-session-start.js',
     'evolver-signal-detect.js',
     'evolver-session-end.js',

package/src/adapters/scripts/_lockPaths.js

@@ -0,0 +1,74 @@
+// _lockPaths.js
+// Single source of truth for the daemon singleton-lock location and lease
+// tunables, shared by the daemon (index.js) and the session-start hook's
+// auto-restart guard (evolver-session-start.js).
+//
+// Issue #176: the hook used to replicate this logic inline ("keep index.js
+// out of the hook's require graph"), which could silently diverge whenever
+// the daemon's lock resolution changed. This module keeps that property —
+// it depends only on fs/os/path — while making divergence structurally
+// impossible.
+//
+// Deployed-layout constraint (PR #163): hook scripts are COPIED into the
+// host's hooks dir (e.g. `.claude/hooks/`) and run from there, so every
+// same-dir helper they require must be a sibling file listed in
+// hookAdapter.js's copy/remove lists (enforced by test/adapters.test.js).
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+// Round-4 (see the history note above index.js's daemon-lock block): the
+// pidfile previously defaulted to __dirname, which differs per install mode
+// (global install vs dev clone vs npx cache), so two daemons launched under
+// different install modes never saw each other's lock. Default now lives
+// under the per-user state dir so all install modes converge.
+// EVOLVER_LOCK_DIR still overrides for tests / sandboxed runs — note the
+// basename differs from the default in that case (`evolver.pid` vs
+// `instance.lock`).
+function getLockFilePath(env) {
+  const e = env || process.env;
+  if (e.EVOLVER_LOCK_DIR) {
+    return path.join(e.EVOLVER_LOCK_DIR, 'evolver.pid');
+  }
+  // os.homedir() is cross-platform; process.env.HOME is unset on Windows.
+  return path.join(os.homedir(), '.evomap', 'instance.lock');
+}
+
+// Round-9: lease tunables for the daemon lock. A live daemon refreshes the
+// lock mtime every LOCK_REFRESH_MS; a lock whose mtime is older than
+// STALE_LOCK_TTL_MS (and that was written by a lease-aware daemon) is
+// treated as stale even if its PID happens to be alive — closing the
+// "crash + PID reuse -> new daemon silently refuses to start" hole and the
+// "SIGKILL leaves a stale lock nobody reclaims" hole. The TTL is well above
+// the heartbeat interval (default 6min) so a healthy daemon never trips it.
+// On Windows, SIGTERM is implemented as TerminateProcess() (not a catchable
+// signal), so the daemon's releaseLock() never runs and the lock file stays
+// on disk with the dead PID — hence the shorter Windows TTL, with a 1-min
+// refresh (3x margin against transient FS hiccups). Unix: 5 min TTL is
+// 2.5x the 2-min refresh cadence.
+const STALE_LOCK_TTL_MS = process.platform === 'win32' ? 3 * 60_000 : 5 * 60_000;
+const LOCK_REFRESH_MS = process.platform === 'win32' ? 1 * 60_000 : 2 * 60_000;
+
+// Returns true if the lock was written by a lease-aware daemon AND its
+// mtime is older than the stale TTL — i.e. no live owner is refreshing it,
+// so it is safe to treat the recorded PID as dead regardless of whether
+// process.kill(pid, 0) resolves (the PID may have been reused). Locks
+// written by pre-lease daemons (payload.lease !== true) are never judged
+// stale by mtime, so we never falsely steal an older daemon's lock.
+function lockIsStaleByLease(lockFile, payload) {
+  if (!payload || payload.lease !== true) return false;
+  try {
+    const ageMs = Date.now() - fs.statSync(lockFile).mtimeMs;
+    return ageMs > STALE_LOCK_TTL_MS;
+  } catch (_) {
+    return false;
+  }
+}
+
+module.exports = {
+  getLockFilePath,
+  lockIsStaleByLease,
+  STALE_LOCK_TTL_MS,
+  LOCK_REFRESH_MS,
+};

package/src/adapters/scripts/evolver-session-start.js

@@ -9,6 +9,10 @@ const os = require('os');
 
 const { findEvolverRoot, findMemoryGraph, resolveProjectDir, resolveWorkspaceId, isGitWorkspace } = require('./_runtimePaths');
 const { filterRelevantOutcomes } = require('./_memoryFiltering');
+// Top-level on purpose: a missing sibling helper in the deployed hooks dir
+// must fail LOUD at load time (the #547 failure mode), not vanish inside
+// _maybeRestartDaemon's catch-all and silently disable daemon auto-restart.
+const lockPaths = require('./_lockPaths');
 
 // Auto-restart guard: if the evolver daemon is not running when a new agent
 // session starts, attempt a background restart. This covers the "idle-death"
@@ -35,43 +39,31 @@ function _maybeRestartDaemon(evolverRoot) {
     if (!lifecyclePath || !fs.existsSync(lifecyclePath)) return;
 
     // Check if daemon is running by looking for the PID file / lock file.
-    // R12: index.js:getLockFilePath honors EVOLVER_LOCK_DIR. If that env is
-    // set the lock file lives at <EVOLVER_LOCK_DIR>/evolver.pid (basename
-    // differs from the default!); otherwise fall back to the canonical
-    // ~/.evomap/instance.lock. We replicate the logic inline rather than
-    // importing index.js, since pulling the daemon module into the hook
-    // would load far more than we need.
-    var lockFile = process.env.EVOLVER_LOCK_DIR
-      ? path.join(process.env.EVOLVER_LOCK_DIR, 'evolver.pid')
-      : path.join(os.homedir(), '.evomap', 'instance.lock');
-    // R1: PID-reuse defense. process.kill(pid, 0) only proves SOME process
-    // owns that PID -- after macOS sleep / OOM, the kernel may have reused
-    // the slain daemon's PID for an unrelated process (Chrome tab, shell).
-    // Mirror index.js:_lockIsStaleByLease (search for STALE_LOCK_TTL_MS
-    // around line 373): a lease-aware daemon refreshes the lock mtime on a
-    // timer, so if mtime is older than the TTL the daemon is dead/wedged
-    // regardless of kill(0). Constants inlined to keep index.js out of the
-    // hook's require graph.
-    var STALE_LOCK_TTL_MS = process.platform === 'win32' ? 3 * 60_000 : 5 * 60_000;
+    // Lock resolution + lease staleness live in ./_lockPaths (issue #176) —
+    // the same module index.js uses, so the hook can never drift from the
+    // daemon again. It is fs/os/path-only, keeping index.js out of the
+    // hook's require graph (R12), and ships in hookAdapter.js's copy list
+    // for the deployed `.claude/hooks/` layout (PR #163).
+    var lockFile = lockPaths.getLockFilePath();
     var daemonRunning = false;
     try {
       if (fs.existsSync(lockFile)) {
         var raw = fs.readFileSync(lockFile, 'utf8').trim();
         var payload = raw && raw[0] === '{' ? JSON.parse(raw) : { pid: parseInt(raw, 10) };
         if (payload && payload.pid > 0) {
+          // R1: PID-reuse defense. process.kill(pid, 0) only proves SOME
+          // process owns that PID -- after macOS sleep / OOM, the kernel may
+          // have reused the slain daemon's PID for an unrelated process.
           try { process.kill(payload.pid, 0); daemonRunning = true; } catch (e) {
             // EPERM = process exists but owned by a different user; still a live daemon.
             if (e && e.code === 'EPERM') daemonRunning = true;
           }
-          // Lease staleness overrides kill(0)=alive. Only trust mtime when
-          // the payload came from a lease-aware daemon (matches index.js's
-          // _lockIsStaleByLease guard) so we never falsely steal an older
-          // pre-lease daemon's lock.
-          if (daemonRunning && payload.lease === true) {
-            try {
-              var ageMs = Date.now() - fs.statSync(lockFile).mtimeMs;
-              if (ageMs > STALE_LOCK_TTL_MS) daemonRunning = false;
-            } catch (_) { /* stat failed: leave running flag as-is */ }
+          // Lease staleness overrides kill(0)=alive: a lease-aware daemon
+          // refreshes the lock mtime on a timer, so an expired lease means
+          // dead/wedged regardless of kill(0). Pre-lease locks are never
+          // judged stale by mtime (lockIsStaleByLease handles both).
+          if (daemonRunning && lockPaths.lockIsStaleByLease(lockFile, payload)) {
+            daemonRunning = false;
           }
         }
       }