npm - @fenglimg/fabric-server - Versions diffs - 1.5.1 → 1.6.0 - Mend

@fenglimg/fabric-server 1.5.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/{chunk-E3RZ276F.js → chunk-TZCE2K4D.js} +284 -67
package/dist/{http-BVF4GWIM.js → http-DJCTLGF4.js} +43 -14
package/dist/index.d.ts +17 -2
package/dist/index.js +477 -71
package/dist/static/assets/{index-BRegf31x.js → index-LJh6IezM.js} +7 -7
package/dist/static/index.html +1 -1
package/package.json +3 -3

package/dist/{chunk-E3RZ276F.js → chunk-TZCE2K4D.js} RENAMED Viewed

@@ -82,23 +82,29 @@ var ContextCache = class {
 };
 var contextCache = new ContextCache(5e3);
-// src/services/read-human-lock.ts
-import { readFile } from "fs/promises";
-import { join } from "path";
-import { humanLockEntrySchema } from "@fenglimg/fabric-shared";
 // src/services/_shared.ts
-import { resolve, sep } from "path";
+import { dirname, join, resolve, sep } from "path";
 import { createHash } from "crypto";
-import { rename, writeFile } from "fs/promises";
+import { mkdir, rename, writeFile } from "fs/promises";
 var FABRIC_DIR = ".fabric";
 var HUMAN_LOCK_FILE = "human-lock.json";
 var LEDGER_FILE = ".intent-ledger.jsonl";
+var LEDGER_PATH = `${FABRIC_DIR}/${LEDGER_FILE}`;
+var LEGACY_LEDGER_PATH = LEDGER_FILE;
 async function atomicWriteText(path, content) {
   const tempPath = `${path}.${process.pid}.${Date.now()}.tmp`;
   await writeFile(tempPath, content, "utf8");
   await rename(tempPath, path);
 }
+function getLedgerPath(projectRoot) {
+  return join(projectRoot, LEDGER_PATH);
+}
+function getLegacyLedgerPath(projectRoot) {
+  return join(projectRoot, LEGACY_LEDGER_PATH);
+}
+async function ensureParentDirectory(path) {
+  await mkdir(dirname(path), { recursive: true });
+}
 function sha256(content) {
   return `sha256:${createHash("sha256").update(content).digest("hex")}`;
 }
@@ -116,6 +122,9 @@ function assertPathWithinProjectRoot(projectRoot, file) {
 }
 // src/services/read-human-lock.ts
+import { readFile } from "fs/promises";
+import { join as join2 } from "path";
+import { humanLockEntrySchema } from "@fenglimg/fabric-shared";
 async function readHumanLock(projectRoot) {
   const document = await readHumanLockDocument(projectRoot);
   return await Promise.all(
@@ -134,7 +143,7 @@ async function readHumanLockEntry(projectRoot, file) {
   return entries.find((entry) => entry.file === file) ?? null;
 }
 async function readHumanLockDocument(projectRoot) {
-  const humanLockPath = join(projectRoot, FABRIC_DIR, HUMAN_LOCK_FILE);
+  const humanLockPath = join2(projectRoot, FABRIC_DIR, HUMAN_LOCK_FILE);
   const raw = await readFile(humanLockPath, "utf8");
   const parsed = JSON.parse(raw);
   if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
@@ -177,7 +186,7 @@ import { detectFramework } from "@fenglimg/fabric-shared/node";
 // src/meta-reader.ts
 import { readFile as readFile2 } from "fs/promises";
-import { join as join2 } from "path";
+import { join as join3 } from "path";
 import { agentsMetaSchema } from "@fenglimg/fabric-shared";
 import { agentsMetaNodeSchema, agentsMetaSchema as agentsMetaSchema2 } from "@fenglimg/fabric-shared";
 var AgentsMetaFileMissingError = class extends Error {
@@ -200,7 +209,7 @@ var AgentsMetaInvalidError = class extends Error {
   code = "FABRIC_META_INVALID";
 };
 function getAgentsMetaPath(projectRoot) {
-  return join2(projectRoot, ".fabric", "agents.meta.json");
+  return join3(projectRoot, ".fabric", "agents.meta.json");
 }
 function resolveProjectRoot() {
   return process.env.FABRIC_PROJECT_ROOT ?? process.cwd();
@@ -231,8 +240,8 @@ async function readAgentsMeta(projectRoot) {
 }
 // src/services/audit-log.ts
-import { appendFile, mkdir, open, stat } from "fs/promises";
-import { isAbsolute, join as join3, posix, relative, resolve as resolve2 } from "path";
+import { appendFile, mkdir as mkdir2, open, stat } from "fs/promises";
+import { isAbsolute, join as join4, posix, relative, resolve as resolve2 } from "path";
 var AUDIT_LOG_FILE = `${FABRIC_DIR}/audit.jsonl`;
 var DEFAULT_AUDIT_WINDOW_MS = 5 * 60 * 1e3;
 async function appendGetRulesAuditEvent(projectRoot, input) {
@@ -246,6 +255,25 @@ async function appendGetRulesAuditEvent(projectRoot, input) {
   await appendAuditLogEntries(projectRoot, [entry]);
   return entry;
 }
+async function appendRuleSelectionAuditEvent(projectRoot, input) {
+  const entry = {
+    kind: "audit-event",
+    event: "rule_selection",
+    ts: input.ts ?? Date.now(),
+    path: normalizeAuditPath(projectRoot, input.path),
+    selection_token: input.selection_token,
+    target_paths: input.target_paths.map((path) => normalizeAuditPath(projectRoot, path)),
+    required_stable_ids: input.required_stable_ids,
+    ai_selectable_stable_ids: input.ai_selectable_stable_ids,
+    ai_selected_stable_ids: input.ai_selected_stable_ids,
+    final_stable_ids: input.final_stable_ids,
+    ai_selection_reasons: input.ai_selection_reasons,
+    rejected_stable_ids: input.rejected_stable_ids,
+    ignored_stable_ids: input.ignored_stable_ids
+  };
+  await appendAuditLogEntries(projectRoot, [entry]);
+  return entry;
+}
 async function appendEditIntentAuditEvents(projectRoot, input) {
   const ts = input.ts ?? Date.now();
   const windowMs = input.window_ms ?? DEFAULT_AUDIT_WINDOW_MS;
@@ -285,7 +313,7 @@ async function readAuditLog(projectRoot, opts) {
   return readAuditLogWindowed(projectRoot, opts.ts, opts.windowMs);
 }
 async function readAuditLogFull(projectRoot) {
-  const auditPath = join3(projectRoot, AUDIT_LOG_FILE);
+  const auditPath = join4(projectRoot, AUDIT_LOG_FILE);
   let raw;
   try {
     const fileStat = await stat(auditPath);
@@ -306,7 +334,7 @@ async function readAuditLogFull(projectRoot) {
   return parseAuditLogText(raw);
 }
 async function readAuditLogWindowed(projectRoot, ts, windowMs) {
-  const auditPath = join3(projectRoot, AUDIT_LOG_FILE);
+  const auditPath = join4(projectRoot, AUDIT_LOG_FILE);
   let fileSize;
   try {
     const fileStat = await stat(auditPath);
@@ -394,9 +422,9 @@ function isGetRulesAuditEntry(entry) {
   return entry.event === "get_rules";
 }
 async function appendAuditLogEntries(projectRoot, entries) {
-  const auditPath = join3(projectRoot, AUDIT_LOG_FILE);
-  const auditDir = join3(projectRoot, FABRIC_DIR);
-  await mkdir(auditDir, { recursive: true });
+  const auditPath = join4(projectRoot, AUDIT_LOG_FILE);
+  const auditDir = join4(projectRoot, FABRIC_DIR);
+  await mkdir2(auditDir, { recursive: true });
   await appendFile(auditPath, `${entries.map((entry) => JSON.stringify(entry)).join("\n")}
 `, "utf8");
 }
@@ -428,22 +456,61 @@ function parseAuditLogLine(line) {
         window_ms: parsed.window_ms
       };
     }
+    if (parsed.event === "rule_selection" && typeof parsed.selection_token === "string" && Array.isArray(parsed.target_paths) && Array.isArray(parsed.required_stable_ids) && Array.isArray(parsed.ai_selectable_stable_ids) && Array.isArray(parsed.ai_selected_stable_ids) && Array.isArray(parsed.final_stable_ids) && isStringRecord(parsed.ai_selection_reasons) && Array.isArray(parsed.rejected_stable_ids) && Array.isArray(parsed.ignored_stable_ids)) {
+      return {
+        kind: "audit-event",
+        event: "rule_selection",
+        ts: parsed.ts,
+        path: parsed.path,
+        selection_token: parsed.selection_token,
+        target_paths: parsed.target_paths.filter(isString),
+        required_stable_ids: parsed.required_stable_ids.filter(isString),
+        ai_selectable_stable_ids: parsed.ai_selectable_stable_ids.filter(isString),
+        ai_selected_stable_ids: parsed.ai_selected_stable_ids.filter(isString),
+        final_stable_ids: parsed.final_stable_ids.filter(isString),
+        ai_selection_reasons: parsed.ai_selection_reasons,
+        rejected_stable_ids: parsed.rejected_stable_ids.filter(isString),
+        ignored_stable_ids: parsed.ignored_stable_ids.filter(isString)
+      };
+    }
     return null;
   } catch {
     return null;
   }
 }
+function isString(value) {
+  return typeof value === "string";
+}
+function isStringRecord(value) {
+  if (typeof value !== "object" || value === null || Array.isArray(value)) {
+    return false;
+  }
+  return Object.values(value).every((entry) => typeof entry === "string");
+}
 // src/services/read-ledger.ts
 import { randomUUID } from "crypto";
-import { appendFile as appendFile2, readFile as readFile3 } from "fs/promises";
-import { join as join4 } from "path";
+import { access, appendFile as appendFile2, copyFile, readFile as readFile3, rm } from "fs/promises";
 import { ledgerEntrySchema } from "@fenglimg/fabric-shared";
+async function resolveLedgerPaths(projectRoot) {
+  const primaryPath = getLedgerPath(projectRoot);
+  const legacyPath = getLegacyLedgerPath(projectRoot);
+  const [primaryExists, legacyExists] = await Promise.all([
+    pathExists(primaryPath),
+    pathExists(legacyPath)
+  ]);
+  return {
+    primaryPath,
+    legacyPath,
+    readPath: primaryExists ? primaryPath : legacyPath,
+    usingLegacy: !primaryExists && legacyExists
+  };
+}
 async function readLedger(projectRoot, options = {}) {
-  const ledgerPath = join4(projectRoot, LEDGER_FILE);
+  const { readPath } = await resolveLedgerPaths(projectRoot);
   let raw;
   try {
-    raw = await readFile3(ledgerPath, "utf8");
+    raw = await readFile3(readPath, "utf8");
   } catch (error) {
     if (isNodeError(error) && error.code === "ENOENT") {
       return [];
@@ -453,15 +520,40 @@ async function readLedger(projectRoot, options = {}) {
   return raw.split(/\r?\n/).map((line) => line.trim()).filter((line) => line.length > 0).map((line, index) => parseLedgerLine(line, index)).filter((entry) => entry !== null).filter((entry) => options.source === void 0 || entry.source === options.source).filter((entry) => options.since === void 0 || entry.ts >= options.since);
 }
 async function appendLedgerEntry(projectRoot, entry) {
-  const ledgerPath = join4(projectRoot, LEDGER_FILE);
+  const ledgerPath = getLedgerPath(projectRoot);
   const nextEntry = ledgerEntrySchema.parse({
     ...entry,
     id: entry.id ?? `ledger:${randomUUID()}`
   });
+  await ensureParentDirectory(ledgerPath);
   await appendFile2(ledgerPath, `${JSON.stringify(nextEntry)}
 `, "utf8");
   return nextEntry;
 }
+async function migrateLegacyLedger(projectRoot) {
+  const { primaryPath, legacyPath } = await resolveLedgerPaths(projectRoot);
+  const [primaryExists, legacyExists] = await Promise.all([
+    pathExists(primaryPath),
+    pathExists(legacyPath)
+  ]);
+  if (!legacyExists) {
+    return {
+      migrated: false,
+      from: null,
+      to: primaryPath
+    };
+  }
+  if (!primaryExists) {
+    await ensureParentDirectory(primaryPath);
+    await copyFile(legacyPath, primaryPath);
+  }
+  await rm(legacyPath, { force: true });
+  return {
+    migrated: true,
+    from: legacyPath,
+    to: primaryPath
+  };
+}
 function parseLedgerLine(line, index) {
   try {
     const parsed = JSON.parse(line);
@@ -483,6 +575,17 @@ function parseLedgerLine(line, index) {
 function createDerivedId(index, line) {
   return `ledger:${index + 1}:${sha256(line).slice("sha256:".length)}`;
 }
+async function pathExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch (error) {
+    if (isNodeError(error) && error.code === "ENOENT") {
+      return false;
+    }
+    throw error;
+  }
+}
 // src/services/doctor.ts
 var SCRIPT_EXTENSIONS = /* @__PURE__ */ new Set([".js", ".jsx", ".ts", ".tsx"]);
@@ -538,6 +641,9 @@ async function runDoctorReport(target) {
       lastLedgerEntryTs: ledgerSnapshot.lastEntryTs,
       lastLedgerEntryAgeMs: ledgerSnapshot.lastEntryAgeMs,
       metaRevision: metaSnapshot.revision,
+      ledgerPath: ledgerSnapshot.primaryPath,
+      legacyLedgerPath: ledgerSnapshot.legacyPath,
+      legacyLedgerDetected: ledgerSnapshot.usingLegacy,
       audit: auditReport.skipped ? null : {
         enabled: true,
         mode: auditReport.mode,
@@ -549,6 +655,17 @@ async function runDoctorReport(target) {
     audit: auditReport.skipped ? null : auditReport
   };
 }
+async function runDoctorFix(target) {
+  const projectRoot = normalizeTarget(target);
+  const migration = await migrateLegacyLedger(projectRoot);
+  const report = await runDoctorReport(projectRoot);
+  return {
+    changed: migration.migrated,
+    migratedLedger: migration.migrated,
+    message: migration.migrated ? `Migrated legacy ledger from ${migration.from} to ${migration.to}.` : `No legacy ledger migration needed. Canonical ledger path: ${migration.to}.`,
+    report
+  };
+}
 async function runDoctorAuditReport(target, options = {}) {
   const projectRoot = normalizeTarget(target);
   const mode = options.mode ?? readDoctorAuditMode(projectRoot);
@@ -567,13 +684,13 @@ async function runDoctorAuditReport(target, options = {}) {
     readLedger(projectRoot, { source: "ai" }),
     readAuditLog(projectRoot)
   ]);
-  const getRulesEntries = auditEntries.filter(
-    (entry) => entry.event === "get_rules"
+  const ruleAccessEntries = auditEntries.filter(
+    (entry) => entry.event === "get_rules" || entry.event === "rule_selection"
   );
   const { checkedPathCount, violations } = collectAuditViolations(
     projectRoot,
     ledgerEntries,
-    getRulesEntries,
+    ruleAccessEntries,
     windowMs
   );
   return {
@@ -647,6 +764,15 @@ function createMetaRevisionCheck(snapshot) {
       message: `agents.meta.json revision ${snapshot.revision} is stale: ${parts.join(" \xB7 ")}.`
     };
   }
+  if (snapshot.derivedIdentityFiles.length > 0) {
+    const [firstFile] = snapshot.derivedIdentityFiles;
+    const suffix = snapshot.derivedIdentityFiles.length > 1 ? ` (+${snapshot.derivedIdentityFiles.length - 1} more)` : "";
+    return {
+      name: "Meta revision",
+      status: "warn",
+      message: `agents.meta.json revision ${snapshot.revision} matches ${snapshot.nodeCount} tracked AGENTS files, but ${snapshot.derivedIdentityFiles.length} rule node${snapshot.derivedIdentityFiles.length === 1 ? "" : "s"} still use derived identities. Add \`<!-- fab:rule-id ... -->\` to the rule file header instead of editing meta directly (${firstFile}${suffix}).`
+    };
+  }
   return {
     name: "Meta revision",
     status: "ok",
@@ -675,6 +801,13 @@ function createProtectedPathsCheck(snapshot) {
   };
 }
 function createLedgerCheck(snapshot) {
+  if (snapshot.usingLegacy) {
+    return {
+      name: "Intent ledger",
+      status: "warn",
+      message: `Legacy ledger path detected at ${snapshot.legacyPath}. Fabric now reads ${snapshot.primaryPath} by default; run fab doctor --fix to migrate.`
+    };
+  }
   if (snapshot.lastEntryTs === null || snapshot.lastEntryAgeMs === null) {
     return {
       name: "Intent ledger",
@@ -714,13 +847,13 @@ function createAuditCheck(report) {
     return {
       name: "Rules fetch audit",
       status: report.mode === "strict" ? "error" : "warn",
-      message: `${report.violationCount} edit path${report.violationCount === 1 ? "" : "s"} lack a preceding fab_get_rules call within ${formatDuration(report.windowMs)}.`
+      message: `${report.violationCount} edit path${report.violationCount === 1 ? "" : "s"} lack a preceding rule_selection or get_rules event within ${formatDuration(report.windowMs)}.`
     };
   }
   return {
     name: "Rules fetch audit",
     status: "ok",
-    message: `All ${report.checkedPathCount} audited edit path${report.checkedPathCount === 1 ? "" : "s"} have a preceding fab_get_rules call within ${formatDuration(report.windowMs)}.`
+    message: `All ${report.checkedPathCount} audited edit path${report.checkedPathCount === 1 ? "" : "s"} have a preceding rule_selection or get_rules event within ${formatDuration(report.windowMs)}.`
   };
 }
 async function readSavedForensic(projectRoot) {
@@ -756,8 +889,9 @@ async function inspectMetaRevision(projectRoot) {
     const meta = await readAgentsMeta(projectRoot);
     const entries = Object.entries(meta.nodes).sort(([left], [right]) => left.localeCompare(right));
     const missingFiles = [];
+    const derivedIdentityFiles = [];
     let driftCount = 0;
-    const revisionSource = entries.map(([, node]) => {
+    const revisionSource = entries.map(([id, node]) => {
       const absolutePath = join5(projectRoot, node.file);
       if (!existsSync(absolutePath)) {
         missingFiles.push(node.file);
@@ -768,15 +902,19 @@ async function inspectMetaRevision(projectRoot) {
       if (actualHash !== node.hash) {
         driftCount += 1;
       }
-      return actualHash;
-    }).join("");
+      if (node.file !== ".fabric/bootstrap/README.md" && node.identity_source !== "declared") {
+        derivedIdentityFiles.push(node.file);
+      }
+      return [id, actualHash, node.stable_id ?? "", node.identity_source ?? ""].join("|");
+    }).join("\n");
     const revision = sha2562(revisionSource);
     return {
       present: true,
       revision: meta.revision,
       nodeCount: entries.length,
       driftCount: revision === meta.revision ? driftCount : Math.max(driftCount, 1),
-      missingFiles
+      missingFiles,
+      derivedIdentityFiles
     };
   } catch (error) {
     return {
@@ -785,6 +923,7 @@ async function inspectMetaRevision(projectRoot) {
       nodeCount: 0,
       driftCount: 0,
       missingFiles: [],
+      derivedIdentityFiles: [],
       unexpectedError: error instanceof Error ? error.message : String(error)
     };
   }
@@ -815,6 +954,7 @@ async function inspectHumanLock(projectRoot) {
   }
 }
 async function inspectLedger(projectRoot) {
+  const paths = await resolveLedgerPaths(projectRoot);
   const entries = await readLedger(projectRoot);
   const lastEntry = entries.reduce(
     (latest, entry) => latest === null || entry.ts > latest ? entry.ts : latest,
@@ -823,16 +963,19 @@ async function inspectLedger(projectRoot) {
   return {
     count: entries.length,
     lastEntryTs: lastEntry,
-    lastEntryAgeMs: lastEntry === null ? null : Math.max(Date.now() - lastEntry, 0)
+    lastEntryAgeMs: lastEntry === null ? null : Math.max(Date.now() - lastEntry, 0),
+    primaryPath: paths.primaryPath,
+    legacyPath: paths.legacyPath,
+    usingLegacy: paths.usingLegacy
   };
 }
-function collectAuditViolations(projectRoot, ledgerEntries, getRulesEntries, windowMs) {
+function collectAuditViolations(projectRoot, ledgerEntries, ruleAccessEntries, windowMs) {
   let checkedPathCount = 0;
   const violations = [];
   for (const entry of ledgerEntries) {
     for (const affectedPath of entry.affected_paths) {
       const normalizedPath = normalizeAuditPath(projectRoot, affectedPath);
-      const matched = findPrecedingGetRulesEvent(getRulesEntries, normalizedPath, entry.ts, windowMs);
+      const matched = findPrecedingRuleAccessEvent(ruleAccessEntries, normalizedPath, entry.ts, windowMs);
       checkedPathCount += 1;
       if (matched !== null) {
         continue;
@@ -841,7 +984,7 @@ function collectAuditViolations(projectRoot, ledgerEntries, getRulesEntries, win
         editTs: entry.ts,
         entryId: entry.id,
         intent: entry.intent,
-        lastGetRulesTs: findLatestGetRulesTs(getRulesEntries, normalizedPath, entry.ts),
+        lastRuleAccessTs: findLatestRuleAccessTs(ruleAccessEntries, normalizedPath, entry.ts),
         path: normalizedPath
       });
     }
@@ -851,16 +994,49 @@ function collectAuditViolations(projectRoot, ledgerEntries, getRulesEntries, win
     violations
   };
 }
-function findLatestGetRulesTs(entries, path, ts) {
+function findPrecedingRuleAccessEvent(entries, path, ts, windowMs) {
+  const getRulesMatch = findPrecedingGetRulesEvent(entries.filter(isGetRulesAuditEntry2), path, ts, windowMs);
+  const ruleSelectionMatch = findPrecedingRuleSelectionEvent(entries.filter(isRuleSelectionAuditEntry), path, ts, windowMs);
+  if (getRulesMatch === null) {
+    return ruleSelectionMatch;
+  }
+  if (ruleSelectionMatch === null) {
+    return getRulesMatch;
+  }
+  return getRulesMatch.ts >= ruleSelectionMatch.ts ? getRulesMatch : ruleSelectionMatch;
+}
+function findPrecedingRuleSelectionEvent(entries, path, ts, windowMs) {
+  let matched = null;
+  for (const entry of entries) {
+    if (!entry.target_paths.includes(path) && entry.path !== path) {
+      continue;
+    }
+    if (entry.ts > ts || ts - entry.ts > windowMs) {
+      continue;
+    }
+    if (matched === null || entry.ts > matched.ts) {
+      matched = entry;
+    }
+  }
+  return matched;
+}
+function findLatestRuleAccessTs(entries, path, ts) {
   let latest = null;
   for (const entry of entries) {
-    if (entry.path !== path || entry.ts > ts) {
+    const matchesPath = entry.event === "rule_selection" ? entry.path === path || entry.target_paths.includes(path) : entry.path === path;
+    if (!matchesPath || entry.ts > ts) {
       continue;
     }
     latest = latest === null || entry.ts > latest ? entry.ts : latest;
   }
   return latest;
 }
+function isGetRulesAuditEntry2(entry) {
+  return entry.event === "get_rules";
+}
+function isRuleSelectionAuditEntry(entry) {
+  return entry.event === "rule_selection";
+}
 function readDoctorAuditMode(projectRoot) {
   const configPath = join5(projectRoot, "fabric.config.json");
   try {
@@ -1106,56 +1282,76 @@ async function loadGetRulesContext(projectRoot) {
   return context;
 }
 async function resolveRulesForPath(projectRoot, context, path, options = {}) {
-  const { rules: loadedRules, stubs } = await loadRulesForPath(projectRoot, context.meta, path);
-  const { L1, L2 } = partitionRulesByLevel(loadedRules, options.dedupeByPath ?? false);
-  return {
-    L0: context.l0Content,
-    L1,
-    L2,
-    human_locked_nearby: context.humanLockedNearby,
-    description_stubs: stubs.length > 0 ? dedupeDescriptionStubsByPath(stubs) : void 0
-  };
+  const matchedNodes = matchRuleNodes(context.meta, path);
+  const loaded = await loadMatchedRules(projectRoot, matchedNodes);
+  return buildRulesPayload(context, loaded, options);
 }
 function normalizeRulesPath(value) {
   return value.replaceAll("\\", "/");
 }
-function classifyNode(nodeId) {
-  if (nodeId.startsWith("L1/")) {
-    return "L1";
-  }
-  if (nodeId.startsWith("L2/")) {
-    return "L2";
-  }
-  return null;
-}
-async function loadRulesForPath(projectRoot, meta, path) {
+function matchRuleNodes(meta, path) {
   const requestedPath = normalizeRulesPath(path);
-  const matchedNodes = Object.entries(meta.nodes).filter(([, node]) => shouldLoadNodeForPath(requestedPath, node)).sort((left, right) => {
+  return Object.entries(meta.nodes).filter(([, node]) => shouldLoadNodeForPath(requestedPath, node)).sort((left, right) => {
     const [leftId, leftNode] = left;
     const [rightId, rightNode] = right;
     const priorityDelta = PRIORITY_ORDER[leftNode.priority] - PRIORITY_ORDER[rightNode.priority];
     return priorityDelta !== 0 ? priorityDelta : leftId.localeCompare(rightId);
-  });
+  }).map(([nodeId, node]) => ({
+    node_id: nodeId,
+    level: classifyNode(nodeId, node),
+    stable_id: node.stable_id ?? nodeId,
+    identity_source: node.identity_source ?? "derived",
+    node
+  }));
+}
+async function loadMatchedRules(projectRoot, matchedNodes, fileContentCache = /* @__PURE__ */ new Map()) {
   const rules = [];
   const stubs = [];
-  for (const [nodeId, node] of matchedNodes) {
-    if (node.activation?.tier === "description") {
+  for (const matchedNode of matchedNodes) {
+    if (matchedNode.level === null) {
+      continue;
+    }
+    if (matchedNode.node.activation?.tier === "description") {
       stubs.push({
-        path: node.file,
-        description: node.activation.description ?? ""
+        stable_id: matchedNode.stable_id,
+        identity_source: matchedNode.identity_source,
+        level: matchedNode.level,
+        path: matchedNode.node.file,
+        description: matchedNode.node.activation.description ?? ""
       });
       continue;
     }
     rules.push({
-      level: classifyNode(nodeId),
+      level: matchedNode.level,
+      stable_id: matchedNode.stable_id,
+      identity_source: matchedNode.identity_source,
       entry: {
-        path: node.file,
-        content: await readFile5(join6(projectRoot, node.file), "utf8")
+        path: matchedNode.node.file,
+        content: await readRuleContent(projectRoot, matchedNode.node.file, fileContentCache)
       }
     });
   }
   return { rules, stubs };
 }
+function buildRulesPayload(context, loaded, options = {}) {
+  const { L1, L2 } = partitionRulesByLevel(loaded.rules, options.dedupeByPath ?? false);
+  return {
+    L0: context.l0Content,
+    L1,
+    L2,
+    human_locked_nearby: context.humanLockedNearby,
+    description_stubs: loaded.stubs.length > 0 ? dedupeDescriptionStubsByPath(loaded.stubs).map(toDescriptionStub) : void 0
+  };
+}
+function classifyNode(nodeId, node) {
+  if (nodeId.startsWith("L1/")) {
+    return "L1";
+  }
+  if (nodeId.startsWith("L2/")) {
+    return "L2";
+  }
+  return node.layer === "L0" ? null : node.layer;
+}
 function partitionRulesByLevel(loadedRules, dedupeByPath) {
   const l1 = [];
   const l2 = [];
@@ -1204,6 +1400,21 @@ function dedupeDescriptionStubsByPath(stubs) {
     return true;
   });
 }
+function toDescriptionStub(stub) {
+  return {
+    path: stub.path,
+    description: stub.description
+  };
+}
+async function readRuleContent(projectRoot, file, fileContentCache) {
+  const cached = fileContentCache.get(file);
+  if (cached !== void 0) {
+    return await cached;
+  }
+  const pending = readFile5(join6(projectRoot, file), "utf8");
+  fileContentCache.set(file, pending);
+  return await pending;
+}
 export {
   AGENTS_MD_RESOURCE_URI,
@@ -1213,18 +1424,24 @@ export {
   resolveProjectRoot,
   readAgentsMeta,
   FABRIC_DIR,
+  LEDGER_PATH,
+  LEGACY_LEDGER_PATH,
   atomicWriteText,
+  getLedgerPath,
+  getLegacyLedgerPath,
+  ensureParentDirectory,
   sha256,
+  appendRuleSelectionAuditEvent,
   appendEditIntentAuditEvents,
+  resolveLedgerPaths,
   readLedger,
   appendLedgerEntry,
   readHumanLock,
   readHumanLockEntry,
   getRules,
-  loadGetRulesContext,
-  resolveRulesForPath,
   normalizeRulesPath,
   runDoctorReport,
+  runDoctorFix,
   runDoctorAuditReport,
   approveHumanLock
 };