@fusengine/harness 0.1.9 → 0.1.11

package/dist/adapters/claude/index.mjs

@@ -1,2 +1,2 @@
-import { a as readClaudeInput, i as guard, n as denyResponse, o as toClaudeResponse, r as fileSizeGuard, t as contextResponse } from "../../claude-DbzjbxmO.mjs";
+import { a as readClaudeInput, i as guard, n as denyResponse, o as toClaudeResponse, r as fileSizeGuard, t as contextResponse } from "../../claude-B3aJwu6O.mjs";
 export { contextResponse, denyResponse, fileSizeGuard, guard, readClaudeInput, toClaudeResponse };

package/dist/adapters/cline/index.mjs

@@ -1,4 +1,4 @@
-import { t as evaluate } from "../../evaluate-CsYyUucy.mjs";
+import { t as evaluate } from "../../evaluate-DkTgwHNh.mjs";
 import { t as formatPrompt } from "../../types-ernB1Dy3.mjs";
 //#region src/adapters/cline/index.ts
 /**

package/dist/adapters/codex/index.mjs

@@ -1,2 +1,2 @@
-import { a as readClaudeInput, i as guard, n as denyResponse, t as contextResponse } from "../../claude-DbzjbxmO.mjs";
+import { a as readClaudeInput, i as guard, n as denyResponse, t as contextResponse } from "../../claude-B3aJwu6O.mjs";
 export { contextResponse, denyResponse, guard, readClaudeInput as readCodexInput };

package/dist/adapters/cursor/index.mjs

@@ -1,4 +1,4 @@
-import { t as evaluate } from "../../evaluate-CsYyUucy.mjs";
+import { t as evaluate } from "../../evaluate-DkTgwHNh.mjs";
 import { t as formatPrompt } from "../../types-ernB1Dy3.mjs";
 //#region src/adapters/cursor/index.ts
 /**

package/dist/adapters/gemini/index.mjs

@@ -1,4 +1,4 @@
-import { t as evaluate } from "../../evaluate-CsYyUucy.mjs";
+import { t as evaluate } from "../../evaluate-DkTgwHNh.mjs";
 import { t as formatPrompt } from "../../types-ernB1Dy3.mjs";
 //#region src/adapters/gemini/index.ts
 /**

package/dist/{apex-gGrHzvM2.mjs → apex-BcJSE-VL.mjs}

@@ -30,8 +30,16 @@ const freshnessGate = (ctx) => ctx.agentsFresh === false ? {
 	reason: `Run explore-codebase and research-expert (within the freshness window) before editing ${ctx.framework}.`,
 	actions: ["Launch the explore-codebase agent", "Launch the research-expert agent"]
 } : null;
-/** Default APEX gate chain (freshness, then docs, then SOLID refs). */
+/** Gate: brainstorming must precede creating new files when flagged. */
+const brainstormGate = (ctx) => ctx.brainstormRequired && ctx.brainstormFresh === false ? {
+	kind: "block",
+	title: "APEX: brainstorm first",
+	reason: `Creation intent detected — brainstorm before creating new ${ctx.framework} files.`,
+	actions: ["Launch the brainstorming agent"]
+} : null;
+/** Default APEX gate chain (brainstorm, freshness, docs, SOLID refs). */
 const APEX_GATES = [
+	brainstormGate,
 	freshnessGate,
 	docConsultedGate,
 	solidReadGate
@@ -44,4 +52,4 @@ function evaluateApex(ctx, gates = APEX_GATES) {
 	return gates.reduce((hit, gate) => hit ?? gate(ctx), null);
 }
 //#endregion
-export { solidReadGate as a, freshnessGate as i, docConsultedGate as n, evaluateApex as r, APEX_GATES as t };
+export { freshnessGate as a, evaluateApex as i, brainstormGate as n, solidReadGate as o, docConsultedGate as r, APEX_GATES as t };

package/dist/{claude-DbzjbxmO.mjs → claude-B3aJwu6O.mjs}

@@ -1,4 +1,4 @@
-import { t as evaluate } from "./evaluate-CsYyUucy.mjs";
+import { t as evaluate } from "./evaluate-DkTgwHNh.mjs";
 import { t as formatPrompt } from "./types-ernB1Dy3.mjs";
 //#region src/adapters/claude/index.ts
 /**

package/dist/cli/bin.mjs

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import { t as detectHarness } from "../harness-C8Nxxyn_.mjs";
-import { n as stagedContent, r as stagedFiles, t as checkStaged } from "../run-h_2LNEA8.mjs";
+import { n as stagedContent, r as stagedFiles, t as checkStaged } from "../run-D2na7Z2Z.mjs";
 import { n as writeInitFile, t as initFor } from "../run-Cdp2Ef9B.mjs";
-import { t as handleHook } from "../handle-Lz_thVKr.mjs";
+import { t as handleHook } from "../handle-Cr0YQYz-.mjs";
 //#region src/cli/bin.ts
 /**
 * harness — CLI for @fusengine/harness.

package/dist/cli/index.mjs

@@ -1,2 +1,2 @@
-import { n as stagedContent, r as stagedFiles, t as checkStaged } from "../run-h_2LNEA8.mjs";
+import { n as stagedContent, r as stagedFiles, t as checkStaged } from "../run-D2na7Z2Z.mjs";
 export { checkStaged, stagedContent, stagedFiles };

package/dist/evaluate-DkTgwHNh.mjs

@@ -0,0 +1,316 @@
+import { i as splitTarget, r as resolveMaxLines } from "./limits-CHn8AIL1.mjs";
+import { t as isCodeFile } from "./project-root-C4ks_q1G.mjs";
+//#region src/policy/detect-framework.ts
+/**
+* Detect the framework from a file path extension + content patterns.
+* Aligned with the fusengine require-solid-read detection (distinct from
+* {@link detectProjectType}, which scans config files on disk).
+*/
+function detectFramework(filePath, content) {
+	if (/\.(tsx?|jsx?|vue|svelte)$/.test(filePath) || /from ['"]react|useState|className=/.test(content)) {
+		if (/(page|layout|loading|error|route)\.(ts|tsx)$/.test(filePath) || /use client|use server/.test(content)) return "nextjs";
+		return "react";
+	}
+	if (/\.swift$/.test(filePath)) return "swift";
+	if (/\.php$/.test(filePath)) return "laravel";
+	if (/\.java$/.test(filePath)) return "java";
+	if (/\.go$/.test(filePath)) return "go";
+	if (/\.rb$/.test(filePath)) return "ruby";
+	if (/\.rs$/.test(filePath)) return "rust";
+	if (/\.css$/.test(filePath) || /@tailwind|@apply/.test(content)) return "tailwind";
+	return "generic";
+}
+//#endregion
+//#region src/policy/file-size.ts
+/** Count lines in file content (empty string = 0). */
+function countLines(content) {
+	return content === "" ? 0 : content.split("\n").length;
+}
+/**
+* Evaluate a file's line count against the SOLID limit.
+* @param lines - the file's line count
+* @param max - the limit (defaults to `resolveMaxLines()`)
+*/
+function evaluateFileSize(lines, max = resolveMaxLines()) {
+	if (lines <= max) return {
+		ok: true,
+		lines,
+		max,
+		message: null
+	};
+	return {
+		ok: false,
+		lines,
+		max,
+		message: `File has ${lines} lines (max: ${max}). Split into modules under ${splitTarget(max)} lines (Single Responsibility).`
+	};
+}
+//#endregion
+//#region src/policy/patterns.ts
+/**
+* Guard pattern data, ported verbatim from the fusengine git/install guards.
+* Note (faithful): `git push.*--force` also matches `--force-with-lease` —
+* preserved from the source guard.
+*/
+/** Destructive git operations to block outright. */
+const GIT_BLOCKED = [
+	/git push.*--force/,
+	/git push.*-f/,
+	/git reset.*--hard/,
+	/git clean.*-fd/,
+	/git branch.*-D/,
+	/git rebase.*--force/
+];
+/** Git operations that warrant a confirmation prompt. */
+const GIT_ASK = [
+	/git push/,
+	/git checkout/,
+	/git reset/,
+	/git rebase/,
+	/git merge/,
+	/git stash/,
+	/git clean/,
+	/git rm/,
+	/git mv/,
+	/git restore/,
+	/git revert/,
+	/git cherry-pick/
+];
+/** System-level package installs (need confirmation). */
+const SYSTEM_INSTALL = [
+	/brew install/,
+	/brew upgrade/,
+	/brew cask/,
+	/apt install/,
+	/apt-get install/
+];
+/** Project-level package installs. */
+const PROJECT_INSTALL = [
+	/npm install/,
+	/npm i /,
+	/yarn add/,
+	/pnpm add/,
+	/pip install/,
+	/pip3 install/,
+	/composer require/,
+	/bun add/,
+	/bun install/,
+	/cargo install/,
+	/go install/,
+	/gem install/,
+	/pipx install/
+];
+/** True when `cmd` matches any pattern in `patterns`. */
+function matchPatterns(cmd, patterns) {
+	return patterns.some((re) => re.test(cmd));
+}
+//#endregion
+//#region src/policy/guards/security.ts
+/** Critical patterns that must always be blocked. */
+const CRITICAL_PATTERNS = [
+	/\brm\s+(?:-[a-z]*\s+)*-[a-z]*[rf][a-z]*\s+(?:-[a-z]+\s+)*(?:\/|~)(?:\s|$)/,
+	/:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/,
+	/\b(?:curl|wget)\b[^|]*\|\s*(?:sudo\s+)?(?:ba|z|da|k)?sh\b/,
+	/\bchmod\s+(?:-[a-zA-Z]+\s+)*777\s+\//,
+	/\bmkfs(?:\.[a-z0-9]+)?\b/,
+	/\bdd\b[^\n]*\bif=\/dev\/zero\b[^\n]*\bof=\/dev\//
+];
+/** Patterns that warrant explicit confirmation before running. */
+const ASK_PATTERNS = [
+	/\bsudo\s/,
+	/\bchmod\s+(?:-[a-zA-Z]+\s+)*777\b/,
+	/\bchown\s+-R\b/,
+	/\beval\s/,
+	/(?:>|>>|\btee\b)\s*\/etc\//
+];
+/** Guards against dangerous Bash commands (critical → block, sensitive → ask). */
+function securityGuard(ctx) {
+	if (ctx.tool !== "Bash" || !ctx.command) return null;
+	const cmd = ctx.command;
+	for (const re of CRITICAL_PATTERNS) if (re.test(cmd)) return {
+		kind: "block",
+		title: "Dangerous command",
+		reason: "Command matches a destructive pattern (recursive root delete, fork bomb, remote-script piped to a shell, world-writable root, filesystem format, or disk overwrite).",
+		actions: ["Remove the destructive command", "Scope the operation to a specific safe path"]
+	};
+	for (const re of ASK_PATTERNS) if (re.test(cmd)) return {
+		kind: "ask",
+		title: "Dangerous command",
+		reason: "Command requests elevated privileges or alters sensitive targets (sudo, chmod 777, recursive chown, eval, or writing to /etc).",
+		actions: ["Confirm this command is intended", "Run with least privilege"]
+	};
+	return null;
+}
+//#endregion
+//#region src/policy/guards/protected-path.ts
+/** Path fragments that mark a location as internal/generated state (off-limits to Write/Edit). */
+const PROTECTED_FRAGMENTS = [
+	".claude/plugins/marketplaces",
+	".claude/plugins/cache",
+	".claude/logs/00-apex",
+	".claude/fusengine-cache",
+	".git/"
+];
+/** Blocks direct edits to internal/generated state directories. */
+function protectedPathGuard(ctx) {
+	if ((ctx.tool === "Write" || ctx.tool === "Edit") && ctx.filePath) {
+		const path = ctx.filePath;
+		if (PROTECTED_FRAGMENTS.some((fragment) => path.includes(fragment))) return {
+			kind: "block",
+			title: "Protected path",
+			reason: "This is internal/generated state — do not edit it directly.",
+			actions: ["Edit the source, not the generated/cache copy"]
+		};
+	}
+	return null;
+}
+//#endregion
+//#region src/policy/guards/bash-write.ts
+/** Redirect (`>`/`>>`) targeting a code-file extension. */
+const CODE_REDIRECT = /(?:>>?)\s*[^\s|;&]*\.(?:ts|tsx|js|jsx|py|go|rb|rs|java|kt|php|swift|vue|svelte|c|cpp|h)\b/;
+/** Interpreters / tools that mutate source in place, plus heredoc-into-file. */
+const CODE_MUTATORS = /\bpython3?\s+-c\b|\bsed\s+-i\b|\bperl\s+-i\b|\bawk\s+-i\s+inplace\b|\bpatch\s+|<<[-~]?\s*['"]?\w+['"]?[\s\S]*?>/;
+/** Redirect to a non-code file, or other ambiguous file writers (ASK). */
+const ASK_WRITERS = /(?:>>?\s*[^\s|;&]+)|\btee\s+|\bdd\s+of=|\bnode\s+-e\b.*(?:writeFile|appendFile)|\bruby\s+-e\b.*File\.write/;
+/**
+* Blocks shell commands that mutate code files in place (and heredocs/redirects
+* to source files); asks before other file-writing shell commands. Forces use
+* of the Write/Edit tool so APEX/SOLID checks are not bypassed.
+*/
+function bashWriteGuard(ctx) {
+	if (ctx.tool !== "Bash" || !ctx.command) return null;
+	const cmd = ctx.command;
+	if (CODE_MUTATORS.test(cmd) || CODE_REDIRECT.test(cmd)) return {
+		kind: "block",
+		title: "Bash write to code file",
+		reason: "Shell in-place edits / redirects to source files bypass APEX/SOLID checks.",
+		actions: ["Use the Write/Edit tool instead"]
+	};
+	if (ASK_WRITERS.test(cmd)) return {
+		kind: "ask",
+		title: "Bash file write",
+		reason: "This command writes a file from the shell; confirm it is intended.",
+		actions: ["Use the Write/Edit tool instead"]
+	};
+	return null;
+}
+//#endregion
+//#region src/policy/guards/interface-separation.ts
+/** TS/JS component files: top-level `interface`/`type Foo`. */
+const TS_DECL_RE = /^\s*(export\s+)?(interface|type)\s+[A-Z]/m;
+/** Python view models: class subclassing a schema/protocol base. */
+const PY_MODEL_RE = /^\s*class\s+\w+\((BaseModel|TypedDict|Protocol)\)/m;
+/** PHP controllers: top-level `interface` / `abstract class`. */
+const PHP_DECL_RE = /^\s*(interface|abstract class)\b/m;
+/** Swift views: top-level `protocol Foo`. */
+const SWIFT_PROTO_RE = /^\s*protocol\s+[A-Z]/m;
+/**
+* Blocks top-level interface/type/protocol declarations in component, view or
+* controller files (Interface Segregation). Fires only when BOTH the path
+* category AND the content pattern match.
+*/
+function interfaceSeparationGuard(ctx) {
+	if (ctx.tool !== "Write" && ctx.tool !== "Edit") return null;
+	const path = ctx.filePath;
+	const content = ctx.content;
+	if (!path || !content) return null;
+	const block = {
+		kind: "block",
+		title: "Separate the interface",
+		reason: "Top-level interface/type/protocol declarations belong in their own file, not in a component/view/controller.",
+		actions: ["Move the interface/type to its own file (Interface Segregation)"]
+	};
+	if (/\.(tsx|jsx|vue|svelte)$/.test(path) && TS_DECL_RE.test(content)) return block;
+	if (path.includes("views/") && /\.py$/.test(path) && PY_MODEL_RE.test(content)) return block;
+	if (path.includes("Controllers/") && /\.php$/.test(path) && PHP_DECL_RE.test(content)) return block;
+	if (path.includes("Views/") && /\.swift$/.test(path) && SWIFT_PROTO_RE.test(content)) return block;
+	return null;
+}
+//#endregion
+//#region src/policy/guards/install.ts
+/** Project-level dependency installs (npm/yarn/pnpm/bun/pip/cargo/go/gem/composer). */
+const PROJECT_INSTALL_RE = /\b(?:npm\s+(?:install|i)|(?:yarn|pnpm|bun)\s+add|pip3?\s+install|cargo\s+install|go\s+install|gem\s+install|composer\s+require)\b/;
+/** System-level package installs (brew/apt/apt-get/dnf/pacman). */
+const SYSTEM_INSTALL_RE = /\b(?:brew\s+install|apt(?:-get)?\s+install|dnf\s+install|pacman\s+-S)\b/;
+/** Asks for confirmation before a dependency or system package install. */
+function installGuard(ctx) {
+	if (ctx.tool !== "Bash" || !ctx.command) return null;
+	const cmd = ctx.command;
+	if (PROJECT_INSTALL_RE.test(cmd) || SYSTEM_INSTALL_RE.test(cmd)) return {
+		kind: "ask",
+		title: "Dependency install",
+		reason: `This command installs packages: ${cmd.trim()}`,
+		actions: ["Confirm this install is intended"]
+	};
+	return null;
+}
+//#endregion
+//#region src/policy/guards/index.ts
+/** Ordered guard chain: critical/security + protected first, then writes/installs. */
+const GUARDS = [
+	securityGuard,
+	protectedPathGuard,
+	bashWriteGuard,
+	interfaceSeparationGuard,
+	installGuard
+];
+/** Run the guard chain; the first firing guard's Prompt wins, else null. */
+function runGuards(ctx) {
+	for (const guard of GUARDS) {
+		const hit = guard(ctx);
+		if (hit) return hit;
+	}
+	return null;
+}
+//#endregion
+//#region src/policy/evaluate.ts
+/**
+* Evaluate a single tool-use against the bundled policies, returning a pure
+* decision plus a portable {@link Prompt}. Adapters translate the prompt into
+* their harness's native response (Claude `permissionDecision`, etc.).
+*/
+function evaluate(ctx) {
+	const guard = runGuards(ctx);
+	if (guard) return {
+		decision: "deny",
+		message: guard.reason,
+		prompt: guard
+	};
+	if (ctx.command && matchPatterns(ctx.command, GIT_BLOCKED)) {
+		const reason = `Destructive git command: ${ctx.command}`;
+		return {
+			decision: "deny",
+			message: reason,
+			prompt: {
+				kind: "block",
+				title: "Destructive git command",
+				reason,
+				actions: ["Use a non-destructive alternative (e.g. --force-with-lease; avoid --hard / -D)"]
+			}
+		};
+	}
+	if (ctx.filePath && isCodeFile(ctx.filePath) && ctx.content !== void 0) {
+		const verdict = evaluateFileSize(countLines(ctx.content), ctx.maxLines);
+		if (!verdict.ok) return {
+			decision: "deny",
+			message: verdict.message,
+			prompt: {
+				kind: "block",
+				title: "SOLID file-size limit",
+				reason: verdict.message ?? "",
+				actions: [`Split into modules under ${verdict.max} lines (Single Responsibility)`, "Then re-run the write"]
+			},
+			meta: {
+				framework: detectFramework(ctx.filePath, ctx.content),
+				lines: verdict.lines,
+				max: verdict.max
+			}
+		};
+	}
+	return {
+		decision: "allow",
+		message: null
+	};
+}
+//#endregion
+export { PROJECT_INSTALL as C, evaluateFileSize as D, countLines as E, detectFramework as O, GIT_BLOCKED as S, matchPatterns as T, protectedPathGuard as _, SYSTEM_INSTALL_RE as a, securityGuard as b, PY_MODEL_RE as c, interfaceSeparationGuard as d, ASK_WRITERS as f, PROTECTED_FRAGMENTS as g, bashWriteGuard as h, PROJECT_INSTALL_RE as i, SWIFT_PROTO_RE as l, CODE_REDIRECT as m, GUARDS as n, installGuard as o, CODE_MUTATORS as p, runGuards as r, PHP_DECL_RE as s, evaluate as t, TS_DECL_RE as u, ASK_PATTERNS as v, SYSTEM_INSTALL as w, GIT_ASK as x, CRITICAL_PATTERNS as y };

package/dist/{handle-Lz_thVKr.mjs → handle-Cr0YQYz-.mjs}

@@ -1,8 +1,8 @@
-import { l as detectFramework, t as evaluate } from "./evaluate-CsYyUucy.mjs";
-import { r as evaluateApex } from "./apex-gGrHzvM2.mjs";
+import { O as detectFramework, t as evaluate } from "./evaluate-DkTgwHNh.mjs";
+import { i as evaluateApex } from "./apex-BcJSE-VL.mjs";
 import { t as formatPrompt } from "./types-ernB1Dy3.mjs";
 import { t as loadRefs } from "./loader-BephwI8n.mjs";
-import { a as recordAgent, n as saveTrack, o as recordDoc, r as agentsFresh, s as recordRefRead, t as loadTrack } from "./store-BWvwnnf6.mjs";
+import { a as recordAgent, c as recordRefRead, l as recordTrivialEdit, n as saveTrack, r as agentsFresh, s as recordDoc, t as loadTrack, u as trivialCount } from "./store-gtbP-Bv9.mjs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
 //#region src/runtime/activity.ts
@@ -49,10 +49,12 @@ function activityFor(event) {
 const REQUIRED_AGENTS = ["explore-codebase", "research-expert"];
 /** Default freshness window for {@link REQUIRED_AGENTS} (4 min, the APEX TTL). */
 const DEFAULT_WINDOW_MS = 24e4;
+/** Trivial edits allowed within the window before the full APEX gates apply. */
+const TRIVIAL_BUDGET = 4;
 /**
-* Full gate: the stateless guards (file-size, git) first, then the stateful
-* APEX gates fed from the session track. Returns the first blocking prompt, or
-* null to allow. APEX gates apply only to code edits (a `filePath`).
+* Full gate: the stateless guards (file-size, git, security...) first, then a
+* trivial-edit fast path, then the stateful APEX gates fed from the session
+* track. Returns the first blocking prompt, or null to allow.
 */
 async function gate(input) {
 	const quick = evaluate({
@@ -63,7 +65,13 @@ async function gate(input) {
 	});
 	if (quick.decision !== "allow" && quick.prompt) return quick.prompt;
 	if (!input.filePath) return null;
+	const window = input.windowMs ?? 24e4;
 	const track = await loadTrack(input.trackFile);
+	const lineCount = input.content === void 0 ? Number.POSITIVE_INFINITY : input.content.split("\n").length;
+	if (!input.isReplaceAll && lineCount < 5 && trivialCount(track, window, input.now) < 4) {
+		await saveTrack(input.trackFile, recordTrivialEdit(track, input.now, window, input.now));
+		return null;
+	}
 	return evaluateApex({
 		sessionId: input.sessionId,
 		framework: input.framework,
@@ -72,7 +80,9 @@ async function gate(input) {
 		authorizations: track.authorizations,
 		refs: input.refs,
 		refsRead: track.refsRead,
-		agentsFresh: agentsFresh(track, [...REQUIRED_AGENTS], input.windowMs ?? 24e4, input.now)
+		agentsFresh: agentsFresh(track, [...REQUIRED_AGENTS], window, input.now),
+		brainstormRequired: track.brainstormRequired,
+		brainstormFresh: agentsFresh(track, ["brainstorming"], window, input.now)
 	});
 }
 //#endregion
@@ -211,6 +221,7 @@ async function handleHook(id, payload, opts) {
 		content: event.content,
 		command: event.command,
 		refs: opts.refsDir ? await loadRefs(opts.refsDir) : void 0,
+		isReplaceAll: event.input.replace_all === true,
 		now: opts.now,
 		trackFile: file
 	});
@@ -223,4 +234,4 @@ async function handleHook(id, payload, opts) {
 	};
 }
 //#endregion
-export { trackFile as a, REQUIRED_AGENTS as c, recordActivity as i, gate as l, harnessTrackDir as n, normalizeEvent as o, respond as r, DEFAULT_WINDOW_MS as s, handleHook as t, activityFor as u };
+export { trackFile as a, REQUIRED_AGENTS as c, activityFor as d, recordActivity as i, TRIVIAL_BUDGET as l, harnessTrackDir as n, normalizeEvent as o, respond as r, DEFAULT_WINDOW_MS as s, handleHook as t, gate as u };

package/dist/index-CGFPvQ69.d.mts

@@ -0,0 +1,201 @@
+import { t as Prompt } from "./types-D56jSgD9.mjs";
+import { t as AuthEntry } from "./doc-helpers-CG1nuf-c.mjs";
+import { t as RefMeta } from "./types-CY5qT2X1.mjs";
+
+//#region src/policy/detect-project.d.ts
+/** Project types detected from filesystem indicators. */
+type ProjectType = "nextjs" | "nuxt" | "angular" | "svelte" | "vue" | "react" | "tailwind" | "laravel" | "rails" | "django" | "python" | "go" | "rust" | "swift" | "java" | "scala" | "elixir" | "ruby" | "generic";
+/** Keywords that signal a development task (APEX trigger). */
+declare const DEV_KEYWORDS: RegExp;
+/** True when the prompt invokes the /apex command. */
+declare function isApexCommand(prompt: string): boolean;
+/** Detect the project type by scanning config files in `dir`. */
+declare function detectProjectType(dir: string): ProjectType;
+//#endregion
+//#region src/policy/detect-framework.d.ts
+/**
+* Detect the framework from a file path extension + content patterns.
+* Aligned with the fusengine require-solid-read detection (distinct from
+* {@link detectProjectType}, which scans config files on disk).
+*/
+declare function detectFramework(filePath: string, content: string): string;
+//#endregion
+//#region src/policy/file-size.d.ts
+/** Verdict from {@link evaluateFileSize}. */
+interface FileSizeVerdict {
+  ok: boolean;
+  lines: number;
+  max: number;
+  message: string | null;
+}
+/** Count lines in file content (empty string = 0). */
+declare function countLines(content: string): number;
+/**
+* Evaluate a file's line count against the SOLID limit.
+* @param lines - the file's line count
+* @param max - the limit (defaults to `resolveMaxLines()`)
+*/
+declare function evaluateFileSize(lines: number, max?: number): FileSizeVerdict;
+//#endregion
+//#region src/policy/patterns.d.ts
+/**
+* Guard pattern data, ported verbatim from the fusengine git/install guards.
+* Note (faithful): `git push.*--force` also matches `--force-with-lease` —
+* preserved from the source guard.
+*/
+/** Destructive git operations to block outright. */
+declare const GIT_BLOCKED: ReadonlyArray<RegExp>;
+/** Git operations that warrant a confirmation prompt. */
+declare const GIT_ASK: ReadonlyArray<RegExp>;
+/** System-level package installs (need confirmation). */
+declare const SYSTEM_INSTALL: ReadonlyArray<RegExp>;
+/** Project-level package installs. */
+declare const PROJECT_INSTALL: ReadonlyArray<RegExp>;
+/** True when `cmd` matches any pattern in `patterns`. */
+declare function matchPatterns(cmd: string, patterns: ReadonlyArray<RegExp>): boolean;
+//#endregion
+//#region src/policy/evaluate.d.ts
+/** Harness-agnostic input to {@link evaluate}. */
+interface PolicyContext {
+  /** Tool name (e.g. "Write", "Edit", "Bash"). */
+  tool: string;
+  filePath?: string;
+  content?: string;
+  command?: string;
+  /** Optional override for the SOLID max-lines limit. */
+  maxLines?: number;
+}
+/** Harness-agnostic policy decision (+ a portable prompt for adapters to render). */
+interface PolicyResult {
+  decision: "allow" | "deny" | "warn";
+  message: string | null;
+  prompt?: Prompt;
+  meta?: Record<string, unknown>;
+}
+/**
+* Evaluate a single tool-use against the bundled policies, returning a pure
+* decision plus a portable {@link Prompt}. Adapters translate the prompt into
+* their harness's native response (Claude `permissionDecision`, etc.).
+*/
+declare function evaluate(ctx: PolicyContext): PolicyResult;
+//#endregion
+//#region src/policy/apex.d.ts
+/**
+* Session context for the stateful APEX gates. The harness adapter supplies this
+* (the package owns the gate LOGIC; recording the session activity is the
+* adapter's tracking layer).
+*/
+interface ApexContext {
+  sessionId: string;
+  framework: string;
+  filePath: string;
+  content: string;
+  /** Doc-consultation authorizations from session state (Context7/Exa). */
+  authorizations?: Record<string, AuthEntry>;
+  /** Available SOLID references for the framework's skill. */
+  refs?: RefMeta[];
+  /** Absolute paths of SOLID refs already read this session. */
+  refsRead?: string[];
+  /** Whether the required prior agents (explore + research) ran within the freshness window. */
+  agentsFresh?: boolean;
+  /** Whether brainstorming is required for this edit (creation intent on a new file). */
+  brainstormRequired?: boolean;
+  /** Whether the brainstorming agent ran within the window. */
+  brainstormFresh?: boolean;
+}
+/** A single APEX gate: returns a blocking {@link Prompt}, or null to pass. */
+type ApexGate = (ctx: ApexContext) => Prompt | null;
+/** Gate: Context7 + Exa must have been consulted this session. */
+declare const docConsultedGate: ApexGate;
+/** Gate: the routed SOLID references for this edit must have been read. */
+declare const solidReadGate: ApexGate;
+/** Gate: the required prior agents (explore + research) must have run within the window. */
+declare const freshnessGate: ApexGate;
+/** Gate: brainstorming must precede creating new files when flagged. */
+declare const brainstormGate: ApexGate;
+/** Default APEX gate chain (brainstorm, freshness, docs, SOLID refs). */
+declare const APEX_GATES: ReadonlyArray<ApexGate>;
+/**
+* Run the APEX gates (chain-of-responsibility): the first failing gate's prompt
+* wins; null means every gate passed (allow).
+*/
+declare function evaluateApex(ctx: ApexContext, gates?: ReadonlyArray<ApexGate>): Prompt | null;
+//#endregion
+//#region src/policy/guards/context.d.ts
+/** Context handed to every guard in the chain. */
+interface GuardContext {
+  tool: string;
+  filePath?: string;
+  content?: string;
+  command?: string;
+}
+/** A single guard: returns a blocking/asking Prompt, or null to continue. */
+type Guard = (ctx: GuardContext) => Prompt | null;
+//#endregion
+//#region src/policy/guards/security.d.ts
+/** Critical patterns that must always be blocked. */
+declare const CRITICAL_PATTERNS: RegExp[];
+/** Patterns that warrant explicit confirmation before running. */
+declare const ASK_PATTERNS: RegExp[];
+/** Guards against dangerous Bash commands (critical → block, sensitive → ask). */
+declare function securityGuard(ctx: GuardContext): Prompt | null;
+//#endregion
+//#region src/policy/guards/protected-path.d.ts
+/** Path fragments that mark a location as internal/generated state (off-limits to Write/Edit). */
+declare const PROTECTED_FRAGMENTS: readonly string[];
+/** Blocks direct edits to internal/generated state directories. */
+declare function protectedPathGuard(ctx: GuardContext): Prompt | null;
+//#endregion
+//#region src/policy/guards/bash-write.d.ts
+/** Redirect (`>`/`>>`) targeting a code-file extension. */
+declare const CODE_REDIRECT: RegExp;
+/** Interpreters / tools that mutate source in place, plus heredoc-into-file. */
+declare const CODE_MUTATORS: RegExp;
+/** Redirect to a non-code file, or other ambiguous file writers (ASK). */
+declare const ASK_WRITERS: RegExp;
+/**
+* Blocks shell commands that mutate code files in place (and heredocs/redirects
+* to source files); asks before other file-writing shell commands. Forces use
+* of the Write/Edit tool so APEX/SOLID checks are not bypassed.
+*/
+declare function bashWriteGuard(ctx: GuardContext): Prompt | null;
+//#endregion
+//#region src/policy/guards/interface-separation.d.ts
+/** TS/JS component files: top-level `interface`/`type Foo`. */
+declare const TS_DECL_RE: RegExp;
+/** Python view models: class subclassing a schema/protocol base. */
+declare const PY_MODEL_RE: RegExp;
+/** PHP controllers: top-level `interface` / `abstract class`. */
+declare const PHP_DECL_RE: RegExp;
+/** Swift views: top-level `protocol Foo`. */
+declare const SWIFT_PROTO_RE: RegExp;
+/**
+* Blocks top-level interface/type/protocol declarations in component, view or
+* controller files (Interface Segregation). Fires only when BOTH the path
+* category AND the content pattern match.
+*/
+declare function interfaceSeparationGuard(ctx: GuardContext): Prompt | null;
+//#endregion
+//#region src/policy/guards/install.d.ts
+/** Project-level dependency installs (npm/yarn/pnpm/bun/pip/cargo/go/gem/composer). */
+declare const PROJECT_INSTALL_RE: RegExp;
+/** System-level package installs (brew/apt/apt-get/dnf/pacman). */
+declare const SYSTEM_INSTALL_RE: RegExp;
+/** Asks for confirmation before a dependency or system package install. */
+declare function installGuard(ctx: GuardContext): Prompt | null;
+//#endregion
+//#region src/policy/guards/index.d.ts
+/** Ordered guard chain: critical/security + protected first, then writes/installs. */
+declare const GUARDS: ReadonlyArray<Guard>;
+/** Run the guard chain; the first firing guard's Prompt wins, else null. */
+declare function runGuards(ctx: GuardContext): Prompt | null;
+//#endregion
+//#region src/policy/creation-intent.d.ts
+/**
+* True when a prompt expresses creation intent (a new feature/component) and is
+* not a fix/refactor — the signal that brainstorming should precede creation.
+* The harness calls this on UserPromptSubmit, then `recordBrainstormRequired`.
+*/
+declare function detectCreationIntent(prompt: string): boolean;
+//#endregion
+export { solidReadGate as A, countLines as B, APEX_GATES as C, docConsultedGate as D, brainstormGate as E, GIT_BLOCKED as F, detectProjectType as G, detectFramework as H, PROJECT_INSTALL as I, isApexCommand as K, SYSTEM_INSTALL as L, PolicyResult as M, evaluate as N, evaluateApex as O, GIT_ASK as P, matchPatterns as R, GuardContext as S, ApexGate as T, DEV_KEYWORDS as U, evaluateFileSize as V, ProjectType as W, protectedPathGuard as _, SYSTEM_INSTALL_RE as a, securityGuard as b, PY_MODEL_RE as c, interfaceSeparationGuard as d, ASK_WRITERS as f, PROTECTED_FRAGMENTS as g, bashWriteGuard as h, PROJECT_INSTALL_RE as i, PolicyContext as j, freshnessGate as k, SWIFT_PROTO_RE as l, CODE_REDIRECT as m, GUARDS as n, installGuard as o, CODE_MUTATORS as p, runGuards as r, PHP_DECL_RE as s, detectCreationIntent as t, TS_DECL_RE as u, ASK_PATTERNS as v, ApexContext as w, Guard as x, CRITICAL_PATTERNS as y, FileSizeVerdict as z };

package/dist/index.d.mts

@@ -5,10 +5,10 @@ import { a as detectHarness, i as HarnessVia, n as HarnessInfo, o as detectMode,
 import { a as isDocConsulted, i as formatDocSatisfactionStatus, n as DocSatisfactionStatus, o as resolveSessions, r as formatDocDeny, t as AuthEntry } from "./doc-helpers-CG1nuf-c.mjs";
 import { t as incrementTrivialEditCounter } from "./index-BOBXQ91y.mjs";
 import { i as compactJson, n as projectRoot, r as projectRootOrNull, t as isCodeFile } from "./index-C1vLIMwN.mjs";
-import { C as isApexCommand, S as detectProjectType, _ as countLines, a as evaluateApex, b as DEV_KEYWORDS, c as PolicyContext, d as GIT_ASK, f as GIT_BLOCKED, g as FileSizeVerdict, h as matchPatterns, i as docConsultedGate, l as PolicyResult, m as SYSTEM_INSTALL, n as ApexContext, o as freshnessGate, p as PROJECT_INSTALL, r as ApexGate, s as solidReadGate, t as APEX_GATES, u as evaluate, v as evaluateFileSize, x as ProjectType, y as detectFramework } from "./index-BbJucvaG.mjs";
+import { A as solidReadGate, B as countLines, C as APEX_GATES, D as docConsultedGate, E as brainstormGate, F as GIT_BLOCKED, G as detectProjectType, H as detectFramework, I as PROJECT_INSTALL, K as isApexCommand, L as SYSTEM_INSTALL, M as PolicyResult, N as evaluate, O as evaluateApex, P as GIT_ASK, R as matchPatterns, S as GuardContext, T as ApexGate, U as DEV_KEYWORDS, V as evaluateFileSize, W as ProjectType, _ as protectedPathGuard, a as SYSTEM_INSTALL_RE, b as securityGuard, c as PY_MODEL_RE, d as interfaceSeparationGuard, f as ASK_WRITERS, g as PROTECTED_FRAGMENTS, h as bashWriteGuard, i as PROJECT_INSTALL_RE, j as PolicyContext, k as freshnessGate, l as SWIFT_PROTO_RE, m as CODE_REDIRECT, n as GUARDS, o as installGuard, p as CODE_MUTATORS, r as runGuards, s as PHP_DECL_RE, t as detectCreationIntent, u as TS_DECL_RE, v as ASK_PATTERNS, w as ApexContext, x as Guard, y as CRITICAL_PATTERNS, z as FileSizeVerdict } from "./index-CGFPvQ69.mjs";
 import { n as RouteResult, r as ScoredRef, t as RefMeta } from "./types-CY5qT2X1.mjs";
 import { a as ReminderState, c as setStateField, i as registryFile, l as stateFileFor, n as addRoot, o as nowStamp, r as readRoots, s as readState, t as ensureMemoryGitignore, u as throttleMs } from "./index-BEM-mQMC.mjs";
 import { a as globToRe, i as scoreReferences, n as toRefMeta, o as parseFrontmatter, r as routeReferences, t as loadRefs } from "./index-hL_r6tlc.mjs";
 import { a as taskStart, c as ensureStateDir, d as stateFilePath, f as acquireLock, i as taskCreate, l as loadState, n as ApexTaskFile, o as ApexState, r as taskComplete, s as apexStateDir, t as ApexTask, u as saveState } from "./index-CPoF_hLP.mjs";
 import { _ as TIME_INTERVALS, a as formatCost, c as formatTokens, d as colors, f as progressiveColor, g as PROGRESS_CHARS, h as PROGRESS_BAR_DEFAULTS, i as formatBasename, l as ColorFn, m as GRADIENT_BLOCKS, n as generateGradientBar, o as formatPath, p as COLOR_THRESHOLDS, r as generateProgressBar, s as formatTimeLeft, t as ProgressBarOptions, u as Palette } from "./index-BWK8slRi.mjs";
-export { APEX_GATES, ApexContext, ApexGate, ApexState, ApexTask, ApexTaskFile, AuthEntry, COLOR_THRESHOLDS, ColorFn, DEFAULT_MAX_LINES, DEFAULT_TTL_SEC, DEV_KEYWORDS, DocSatisfactionStatus, FileSizeVerdict, GIT_ASK, GIT_BLOCKED, GRADIENT_BLOCKS, HarnessId, HarnessInfo, HarnessMode, HarnessVia, IndexSummary, MAX_LINES_ENV_KEY, PROGRESS_BAR_DEFAULTS, PROGRESS_CHARS, PROJECT_INSTALL, Palette, PolicyContext, PolicyResult, ProgressBarOptions, ProjectType, Prompt, PromptKind, RefMeta, ReminderState, RouteResult, SYSTEM_INSTALL, ScoredRef, TIME_INTERVALS, TTL_ENV_KEY, acquireLock, addRoot, apexStateDir, colors, compactJson, compactMarkdown, countLines, detectFramework, detectHarness, detectMode, detectProjectType, docConsultedGate, ensureMemoryGitignore, ensureStateDir, evaluate, evaluateApex, evaluateFileSize, extractText, formatBasename, formatCost, formatDocDeny, formatDocSatisfactionStatus, formatPath, formatPrompt, formatTimeLeft, formatTokens, freshnessGate, generateGradientBar, generateProgressBar, globToRe, incrementTrivialEditCounter, isApexCommand, isCodeFile, isDocConsulted, jaccardSimilar, loadIndex, loadRefs, loadState, matchPatterns, modeFor, nowStamp, parseEnvInt, parseFrontmatter, progressiveColor, projectRoot, projectRootOrNull, queryHash, readRoots, readState, registryFile, resolveMaxLines, resolveSessions, resolveTtlSec, routeReferences, saveState, scoreReferences, setStateField, solidReadGate, splitTarget, stateFileFor, stateFilePath, summarizeIndex, taskComplete, taskCreate, taskStart, throttleMs, toRefMeta, ttlLabel };
+export { APEX_GATES, ASK_PATTERNS, ASK_WRITERS, ApexContext, ApexGate, ApexState, ApexTask, ApexTaskFile, AuthEntry, CODE_MUTATORS, CODE_REDIRECT, COLOR_THRESHOLDS, CRITICAL_PATTERNS, ColorFn, DEFAULT_MAX_LINES, DEFAULT_TTL_SEC, DEV_KEYWORDS, DocSatisfactionStatus, FileSizeVerdict, GIT_ASK, GIT_BLOCKED, GRADIENT_BLOCKS, GUARDS, Guard, GuardContext, HarnessId, HarnessInfo, HarnessMode, HarnessVia, IndexSummary, MAX_LINES_ENV_KEY, PHP_DECL_RE, PROGRESS_BAR_DEFAULTS, PROGRESS_CHARS, PROJECT_INSTALL, PROJECT_INSTALL_RE, PROTECTED_FRAGMENTS, PY_MODEL_RE, Palette, PolicyContext, PolicyResult, ProgressBarOptions, ProjectType, Prompt, PromptKind, RefMeta, ReminderState, RouteResult, SWIFT_PROTO_RE, SYSTEM_INSTALL, SYSTEM_INSTALL_RE, ScoredRef, TIME_INTERVALS, TS_DECL_RE, TTL_ENV_KEY, acquireLock, addRoot, apexStateDir, bashWriteGuard, brainstormGate, colors, compactJson, compactMarkdown, countLines, detectCreationIntent, detectFramework, detectHarness, detectMode, detectProjectType, docConsultedGate, ensureMemoryGitignore, ensureStateDir, evaluate, evaluateApex, evaluateFileSize, extractText, formatBasename, formatCost, formatDocDeny, formatDocSatisfactionStatus, formatPath, formatPrompt, formatTimeLeft, formatTokens, freshnessGate, generateGradientBar, generateProgressBar, globToRe, incrementTrivialEditCounter, installGuard, interfaceSeparationGuard, isApexCommand, isCodeFile, isDocConsulted, jaccardSimilar, loadIndex, loadRefs, loadState, matchPatterns, modeFor, nowStamp, parseEnvInt, parseFrontmatter, progressiveColor, projectRoot, projectRootOrNull, protectedPathGuard, queryHash, readRoots, readState, registryFile, resolveMaxLines, resolveSessions, resolveTtlSec, routeReferences, runGuards, saveState, scoreReferences, securityGuard, setStateField, solidReadGate, splitTarget, stateFileFor, stateFilePath, summarizeIndex, taskComplete, taskCreate, taskStart, throttleMs, toRefMeta, ttlLabel };

package/dist/index.mjs

@@ -3,11 +3,11 @@ import { i as ttlLabel, n as TTL_ENV_KEY, r as resolveTtlSec, t as DEFAULT_TTL_S
 import { t as compactJson } from "./compact-json-DK2nX-MK.mjs";
 import { n as projectRoot, r as projectRootOrNull, t as isCodeFile } from "./project-root-C4ks_q1G.mjs";
 import { n as detectMode, r as modeFor, t as detectHarness } from "./harness-C8Nxxyn_.mjs";
-import { n as detectProjectType, r as isApexCommand, t as DEV_KEYWORDS } from "./policy-C_pXmeNB.mjs";
-import { a as SYSTEM_INSTALL, c as evaluateFileSize, i as PROJECT_INSTALL, l as detectFramework, n as GIT_ASK, o as matchPatterns, r as GIT_BLOCKED, s as countLines, t as evaluate } from "./evaluate-CsYyUucy.mjs";
+import { i as isApexCommand, n as DEV_KEYWORDS, r as detectProjectType, t as detectCreationIntent } from "./policy-Djmqxow2.mjs";
+import { C as PROJECT_INSTALL, D as evaluateFileSize, E as countLines, O as detectFramework, S as GIT_BLOCKED, T as matchPatterns, _ as protectedPathGuard, a as SYSTEM_INSTALL_RE, b as securityGuard, c as PY_MODEL_RE, d as interfaceSeparationGuard, f as ASK_WRITERS, g as PROTECTED_FRAGMENTS, h as bashWriteGuard, i as PROJECT_INSTALL_RE, l as SWIFT_PROTO_RE, m as CODE_REDIRECT, n as GUARDS, o as installGuard, p as CODE_MUTATORS, r as runGuards, s as PHP_DECL_RE, t as evaluate, u as TS_DECL_RE, v as ASK_PATTERNS, w as SYSTEM_INSTALL, x as GIT_ASK, y as CRITICAL_PATTERNS } from "./evaluate-DkTgwHNh.mjs";
 import { i as resolveSessions, n as formatDocSatisfactionStatus, r as isDocConsulted, t as formatDocDeny } from "./doc-helpers-Dd_x1-tZ.mjs";
 import { i as parseFrontmatter, n as scoreReferences, r as globToRe, t as routeReferences } from "./router-Dj3AfgBE.mjs";
-import { a as solidReadGate, i as freshnessGate, n as docConsultedGate, r as evaluateApex, t as APEX_GATES } from "./apex-gGrHzvM2.mjs";
+import { a as freshnessGate, i as evaluateApex, n as brainstormGate, o as solidReadGate, r as docConsultedGate, t as APEX_GATES } from "./apex-BcJSE-VL.mjs";
 import { t as formatPrompt } from "./types-ernB1Dy3.mjs";
 import { a as readState, c as throttleMs, i as nowStamp, l as ensureMemoryGitignore, n as readRoots, o as setStateField, r as registryFile, s as stateFileFor, t as addRoot } from "./memory-BVNt4Ary.mjs";
 import { a as jaccardSimilar, i as compactMarkdown, n as loadIndex, o as queryHash, r as summarizeIndex, t as extractText } from "./cache-DbPSJ9bC.mjs";
@@ -15,4 +15,4 @@ import { t as incrementTrivialEditCounter } from "./freshness-BK9Xg6oG.mjs";
 import { n as toRefMeta, t as loadRefs } from "./loader-BephwI8n.mjs";
 import { a as ensureStateDir, c as stateFilePath, i as apexStateDir, l as acquireLock, n as taskCreate, o as loadState, r as taskStart, s as saveState, t as taskComplete } from "./state-Bc4wdnCG.mjs";
 import { a as formatPath, c as colors, d as GRADIENT_BLOCKS, f as PROGRESS_BAR_DEFAULTS, i as formatCost, l as progressiveColor, m as TIME_INTERVALS, n as generateProgressBar, o as formatTimeLeft, p as PROGRESS_CHARS, r as formatBasename, s as formatTokens, t as generateGradientBar, u as COLOR_THRESHOLDS } from "./statusline-D87eUNXl.mjs";
-export { APEX_GATES, COLOR_THRESHOLDS, DEFAULT_MAX_LINES, DEFAULT_TTL_SEC, DEV_KEYWORDS, GIT_ASK, GIT_BLOCKED, GRADIENT_BLOCKS, MAX_LINES_ENV_KEY, PROGRESS_BAR_DEFAULTS, PROGRESS_CHARS, PROJECT_INSTALL, SYSTEM_INSTALL, TIME_INTERVALS, TTL_ENV_KEY, acquireLock, addRoot, apexStateDir, colors, compactJson, compactMarkdown, countLines, detectFramework, detectHarness, detectMode, detectProjectType, docConsultedGate, ensureMemoryGitignore, ensureStateDir, evaluate, evaluateApex, evaluateFileSize, extractText, formatBasename, formatCost, formatDocDeny, formatDocSatisfactionStatus, formatPath, formatPrompt, formatTimeLeft, formatTokens, freshnessGate, generateGradientBar, generateProgressBar, globToRe, incrementTrivialEditCounter, isApexCommand, isCodeFile, isDocConsulted, jaccardSimilar, loadIndex, loadRefs, loadState, matchPatterns, modeFor, nowStamp, parseEnvInt, parseFrontmatter, progressiveColor, projectRoot, projectRootOrNull, queryHash, readRoots, readState, registryFile, resolveMaxLines, resolveSessions, resolveTtlSec, routeReferences, saveState, scoreReferences, setStateField, solidReadGate, splitTarget, stateFileFor, stateFilePath, summarizeIndex, taskComplete, taskCreate, taskStart, throttleMs, toRefMeta, ttlLabel };
+export { APEX_GATES, ASK_PATTERNS, ASK_WRITERS, CODE_MUTATORS, CODE_REDIRECT, COLOR_THRESHOLDS, CRITICAL_PATTERNS, DEFAULT_MAX_LINES, DEFAULT_TTL_SEC, DEV_KEYWORDS, GIT_ASK, GIT_BLOCKED, GRADIENT_BLOCKS, GUARDS, MAX_LINES_ENV_KEY, PHP_DECL_RE, PROGRESS_BAR_DEFAULTS, PROGRESS_CHARS, PROJECT_INSTALL, PROJECT_INSTALL_RE, PROTECTED_FRAGMENTS, PY_MODEL_RE, SWIFT_PROTO_RE, SYSTEM_INSTALL, SYSTEM_INSTALL_RE, TIME_INTERVALS, TS_DECL_RE, TTL_ENV_KEY, acquireLock, addRoot, apexStateDir, bashWriteGuard, brainstormGate, colors, compactJson, compactMarkdown, countLines, detectCreationIntent, detectFramework, detectHarness, detectMode, detectProjectType, docConsultedGate, ensureMemoryGitignore, ensureStateDir, evaluate, evaluateApex, evaluateFileSize, extractText, formatBasename, formatCost, formatDocDeny, formatDocSatisfactionStatus, formatPath, formatPrompt, formatTimeLeft, formatTokens, freshnessGate, generateGradientBar, generateProgressBar, globToRe, incrementTrivialEditCounter, installGuard, interfaceSeparationGuard, isApexCommand, isCodeFile, isDocConsulted, jaccardSimilar, loadIndex, loadRefs, loadState, matchPatterns, modeFor, nowStamp, parseEnvInt, parseFrontmatter, progressiveColor, projectRoot, projectRootOrNull, protectedPathGuard, queryHash, readRoots, readState, registryFile, resolveMaxLines, resolveSessions, resolveTtlSec, routeReferences, runGuards, saveState, scoreReferences, securityGuard, setStateField, solidReadGate, splitTarget, stateFileFor, stateFilePath, summarizeIndex, taskComplete, taskCreate, taskStart, throttleMs, toRefMeta, ttlLabel };

package/dist/policy/index.d.mts

@@ -1,2 +1,2 @@
-import { C as isApexCommand, S as detectProjectType, _ as countLines, a as evaluateApex, b as DEV_KEYWORDS, c as PolicyContext, d as GIT_ASK, f as GIT_BLOCKED, g as FileSizeVerdict, h as matchPatterns, i as docConsultedGate, l as PolicyResult, m as SYSTEM_INSTALL, n as ApexContext, o as freshnessGate, p as PROJECT_INSTALL, r as ApexGate, s as solidReadGate, t as APEX_GATES, u as evaluate, v as evaluateFileSize, x as ProjectType, y as detectFramework } from "../index-BbJucvaG.mjs";
-export { APEX_GATES, ApexContext, ApexGate, DEV_KEYWORDS, FileSizeVerdict, GIT_ASK, GIT_BLOCKED, PROJECT_INSTALL, PolicyContext, PolicyResult, ProjectType, SYSTEM_INSTALL, countLines, detectFramework, detectProjectType, docConsultedGate, evaluate, evaluateApex, evaluateFileSize, freshnessGate, isApexCommand, matchPatterns, solidReadGate };
+import { A as solidReadGate, B as countLines, C as APEX_GATES, D as docConsultedGate, E as brainstormGate, F as GIT_BLOCKED, G as detectProjectType, H as detectFramework, I as PROJECT_INSTALL, K as isApexCommand, L as SYSTEM_INSTALL, M as PolicyResult, N as evaluate, O as evaluateApex, P as GIT_ASK, R as matchPatterns, S as GuardContext, T as ApexGate, U as DEV_KEYWORDS, V as evaluateFileSize, W as ProjectType, _ as protectedPathGuard, a as SYSTEM_INSTALL_RE, b as securityGuard, c as PY_MODEL_RE, d as interfaceSeparationGuard, f as ASK_WRITERS, g as PROTECTED_FRAGMENTS, h as bashWriteGuard, i as PROJECT_INSTALL_RE, j as PolicyContext, k as freshnessGate, l as SWIFT_PROTO_RE, m as CODE_REDIRECT, n as GUARDS, o as installGuard, p as CODE_MUTATORS, r as runGuards, s as PHP_DECL_RE, t as detectCreationIntent, u as TS_DECL_RE, v as ASK_PATTERNS, w as ApexContext, x as Guard, y as CRITICAL_PATTERNS, z as FileSizeVerdict } from "../index-CGFPvQ69.mjs";
+export { APEX_GATES, ASK_PATTERNS, ASK_WRITERS, ApexContext, ApexGate, CODE_MUTATORS, CODE_REDIRECT, CRITICAL_PATTERNS, DEV_KEYWORDS, FileSizeVerdict, GIT_ASK, GIT_BLOCKED, GUARDS, Guard, GuardContext, PHP_DECL_RE, PROJECT_INSTALL, PROJECT_INSTALL_RE, PROTECTED_FRAGMENTS, PY_MODEL_RE, PolicyContext, PolicyResult, ProjectType, SWIFT_PROTO_RE, SYSTEM_INSTALL, SYSTEM_INSTALL_RE, TS_DECL_RE, bashWriteGuard, brainstormGate, countLines, detectCreationIntent, detectFramework, detectProjectType, docConsultedGate, evaluate, evaluateApex, evaluateFileSize, freshnessGate, installGuard, interfaceSeparationGuard, isApexCommand, matchPatterns, protectedPathGuard, runGuards, securityGuard, solidReadGate };

package/dist/policy/index.mjs

@@ -1,4 +1,4 @@
-import { n as detectProjectType, r as isApexCommand, t as DEV_KEYWORDS } from "../policy-C_pXmeNB.mjs";
-import { a as SYSTEM_INSTALL, c as evaluateFileSize, i as PROJECT_INSTALL, l as detectFramework, n as GIT_ASK, o as matchPatterns, r as GIT_BLOCKED, s as countLines, t as evaluate } from "../evaluate-CsYyUucy.mjs";
-import { a as solidReadGate, i as freshnessGate, n as docConsultedGate, r as evaluateApex, t as APEX_GATES } from "../apex-gGrHzvM2.mjs";
-export { APEX_GATES, DEV_KEYWORDS, GIT_ASK, GIT_BLOCKED, PROJECT_INSTALL, SYSTEM_INSTALL, countLines, detectFramework, detectProjectType, docConsultedGate, evaluate, evaluateApex, evaluateFileSize, freshnessGate, isApexCommand, matchPatterns, solidReadGate };
+import { i as isApexCommand, n as DEV_KEYWORDS, r as detectProjectType, t as detectCreationIntent } from "../policy-Djmqxow2.mjs";
+import { C as PROJECT_INSTALL, D as evaluateFileSize, E as countLines, O as detectFramework, S as GIT_BLOCKED, T as matchPatterns, _ as protectedPathGuard, a as SYSTEM_INSTALL_RE, b as securityGuard, c as PY_MODEL_RE, d as interfaceSeparationGuard, f as ASK_WRITERS, g as PROTECTED_FRAGMENTS, h as bashWriteGuard, i as PROJECT_INSTALL_RE, l as SWIFT_PROTO_RE, m as CODE_REDIRECT, n as GUARDS, o as installGuard, p as CODE_MUTATORS, r as runGuards, s as PHP_DECL_RE, t as evaluate, u as TS_DECL_RE, v as ASK_PATTERNS, w as SYSTEM_INSTALL, x as GIT_ASK, y as CRITICAL_PATTERNS } from "../evaluate-DkTgwHNh.mjs";
+import { a as freshnessGate, i as evaluateApex, n as brainstormGate, o as solidReadGate, r as docConsultedGate, t as APEX_GATES } from "../apex-BcJSE-VL.mjs";
+export { APEX_GATES, ASK_PATTERNS, ASK_WRITERS, CODE_MUTATORS, CODE_REDIRECT, CRITICAL_PATTERNS, DEV_KEYWORDS, GIT_ASK, GIT_BLOCKED, GUARDS, PHP_DECL_RE, PROJECT_INSTALL, PROJECT_INSTALL_RE, PROTECTED_FRAGMENTS, PY_MODEL_RE, SWIFT_PROTO_RE, SYSTEM_INSTALL, SYSTEM_INSTALL_RE, TS_DECL_RE, bashWriteGuard, brainstormGate, countLines, detectCreationIntent, detectFramework, detectProjectType, docConsultedGate, evaluate, evaluateApex, evaluateFileSize, freshnessGate, installGuard, interfaceSeparationGuard, isApexCommand, matchPatterns, protectedPathGuard, runGuards, securityGuard, solidReadGate };

package/dist/{policy-C_pXmeNB.mjs → policy-Djmqxow2.mjs}

@@ -30,4 +30,16 @@ function detectProjectType(dir) {
 	return "generic";
 }
 //#endregion
-export { detectProjectType as n, isApexCommand as r, DEV_KEYWORDS as t };
+//#region src/policy/creation-intent.ts
+const CREATE_RE = /\b(?:create|implement|add|build|new|feature|component|generate|make|develop|scaffold)\b/i;
+const SKIP_RE = /\b(?:fix|bug|debug|update|refactor|rename|move|delete|remove|commit|push|edit|modify|change)\b/i;
+/**
+* True when a prompt expresses creation intent (a new feature/component) and is
+* not a fix/refactor — the signal that brainstorming should precede creation.
+* The harness calls this on UserPromptSubmit, then `recordBrainstormRequired`.
+*/
+function detectCreationIntent(prompt) {
+	return CREATE_RE.test(prompt) && !SKIP_RE.test(prompt);
+}
+//#endregion
+export { isApexCommand as i, DEV_KEYWORDS as n, detectProjectType as r, detectCreationIntent as t };

package/dist/{run-h_2LNEA8.mjs → run-D2na7Z2Z.mjs}

@@ -1,5 +1,5 @@
 import { t as isCodeFile } from "./project-root-C4ks_q1G.mjs";
-import { t as evaluate } from "./evaluate-CsYyUucy.mjs";
+import { t as evaluate } from "./evaluate-DkTgwHNh.mjs";
 import { t as formatPrompt } from "./types-ernB1Dy3.mjs";
 import { execSync } from "node:child_process";
 //#region src/cli/run.ts

package/dist/runtime/index.d.mts

@@ -56,6 +56,8 @@ declare function activityFor(event: ToolEvent): Activity | null;
 declare const REQUIRED_AGENTS: ReadonlyArray<string>;
 /** Default freshness window for {@link REQUIRED_AGENTS} (4 min, the APEX TTL). */
 declare const DEFAULT_WINDOW_MS = 24e4;
+/** Trivial edits allowed within the window before the full APEX gates apply. */
+declare const TRIVIAL_BUDGET = 4;
 /** A tool-use to gate, plus the session pointers needed for the stateful gates. */
 interface GateInput {
   sessionId: string;
@@ -68,11 +70,12 @@ interface GateInput {
   now: number;
   trackFile: string;
   windowMs?: number;
+  isReplaceAll?: boolean;
 }
 /**
-* Full gate: the stateless guards (file-size, git) first, then the stateful
-* APEX gates fed from the session track. Returns the first blocking prompt, or
-* null to allow. APEX gates apply only to code edits (a `filePath`).
+* Full gate: the stateless guards (file-size, git, security...) first, then a
+* trivial-edit fast path, then the stateful APEX gates fed from the session
+* track. Returns the first blocking prompt, or null to allow.
 */
 declare function gate(input: GateInput): Promise<Prompt | null>;
 //#endregion
@@ -123,4 +126,4 @@ interface HandleOutcome {
 */
 declare function handleHook(id: string, payload: Record<string, unknown>, opts: HandleOptions): Promise<HandleOutcome>;
 //#endregion
-export { Activity, DEFAULT_WINDOW_MS, GateInput, HandleOptions, HandleOutcome, NormalizedEvent, REQUIRED_AGENTS, ToolEvent, activityFor, gate, handleHook, harnessTrackDir, normalizeEvent, recordActivity, respond, trackFile };
+export { Activity, DEFAULT_WINDOW_MS, GateInput, HandleOptions, HandleOutcome, NormalizedEvent, REQUIRED_AGENTS, TRIVIAL_BUDGET, ToolEvent, activityFor, gate, handleHook, harnessTrackDir, normalizeEvent, recordActivity, respond, trackFile };

package/dist/runtime/index.mjs

@@ -1,2 +1,2 @@
-import { a as trackFile, c as REQUIRED_AGENTS, i as recordActivity, l as gate, n as harnessTrackDir, o as normalizeEvent, r as respond, s as DEFAULT_WINDOW_MS, t as handleHook, u as activityFor } from "../handle-Lz_thVKr.mjs";
-export { DEFAULT_WINDOW_MS, REQUIRED_AGENTS, activityFor, gate, handleHook, harnessTrackDir, normalizeEvent, recordActivity, respond, trackFile };
+import { a as trackFile, c as REQUIRED_AGENTS, d as activityFor, i as recordActivity, l as TRIVIAL_BUDGET, n as harnessTrackDir, o as normalizeEvent, r as respond, s as DEFAULT_WINDOW_MS, t as handleHook, u as gate } from "../handle-Cr0YQYz-.mjs";
+export { DEFAULT_WINDOW_MS, REQUIRED_AGENTS, TRIVIAL_BUDGET, activityFor, gate, handleHook, harnessTrackDir, normalizeEvent, recordActivity, respond, trackFile };

package/dist/{store-BWvwnnf6.mjs → store-gtbP-Bv9.mjs}

@@ -5,7 +5,8 @@ function emptyTrack() {
 	return {
 		authorizations: {},
 		refsRead: [],
-		agents: []
+		agents: [],
+		trivialEdits: []
 	};
 }
 /** Record a doc consultation (Context7/Exa) for a framework in this session. Immutable. */
@@ -34,20 +35,45 @@ function recordRefRead(track, path) {
 		refsRead: [...track.refsRead, path]
 	};
 }
-/** Record an agent/tool call with a timestamp. Immutable. */
-function recordAgent(track, name, ts) {
+/** Record an agent/tool call with a timestamp + optional quality. Immutable. */
+function recordAgent(track, name, ts, quality) {
+	const entry = quality ? {
+		name,
+		ts,
+		quality
+	} : {
+		name,
+		ts
+	};
 	return {
 		...track,
-		agents: [...track.agents, {
-			name,
-			ts
-		}]
+		agents: [...track.agents, entry]
 	};
 }
-/** True when ALL of `names` were called within `windowMs` before `now`. */
+/** True when ALL of `names` ran within `windowMs` with non-insufficient quality. */
 function agentsFresh(track, names, windowMs, now) {
 	const cutoff = now - windowMs;
-	return names.every((n) => track.agents.some((a) => a.name === n && a.ts > cutoff));
+	return names.every((n) => track.agents.some((a) => a.name === n && a.ts > cutoff && a.quality !== "insufficient"));
+}
+/** Record a trivial edit timestamp (sliding window; old evicted). Immutable. */
+function recordTrivialEdit(track, ts, windowMs, now) {
+	const cutoff = now - windowMs;
+	return {
+		...track,
+		trivialEdits: [...(track.trivialEdits ?? []).filter((t) => t > cutoff), ts]
+	};
+}
+/** Count trivial edits within the sliding window. */
+function trivialCount(track, windowMs, now) {
+	const cutoff = now - windowMs;
+	return (track.trivialEdits ?? []).filter((t) => t > cutoff).length;
+}
+/** Set the brainstorm-required flag (from creation-intent detection). Immutable. */
+function recordBrainstormRequired(track, required) {
+	return {
+		...track,
+		brainstormRequired: required
+	};
 }
 //#endregion
 //#region src/tracking/store.ts
@@ -60,4 +86,4 @@ async function saveTrack(file, track) {
 	await writeJsonFile(file, track);
 }
 //#endregion
-export { recordAgent as a, emptyTrack as i, saveTrack as n, recordDoc as o, agentsFresh as r, recordRefRead as s, loadTrack as t };
+export { recordAgent as a, recordRefRead as c, emptyTrack as i, recordTrivialEdit as l, saveTrack as n, recordBrainstormRequired as o, agentsFresh as r, recordDoc as s, loadTrack as t, trivialCount as u };

package/dist/tracking/index.d.mts

@@ -1,6 +1,8 @@
 import { t as AuthEntry } from "../doc-helpers-CG1nuf-c.mjs";
 
 //#region src/tracking/session-state.d.ts
+/** Quality of a recorded agent call (the freshness gate ignores insufficient ones). */
+type AgentQuality = "sufficient" | "insufficient";
 /** Recorded session activity that feeds the APEX gates. */
 interface SessionTrack {
   authorizations: Record<string, AuthEntry>;
@@ -8,7 +10,10 @@ interface SessionTrack {
   agents: {
     name: string;
     ts: number;
+    quality?: AgentQuality;
   }[];
+  trivialEdits: number[];
+  brainstormRequired?: boolean;
 }
 /** A fresh, empty track. */
 declare function emptyTrack(): SessionTrack;
@@ -16,10 +21,16 @@ declare function emptyTrack(): SessionTrack;
 declare function recordDoc(track: SessionTrack, framework: string, sessionId: string, source: string): SessionTrack;
 /** Record that a SOLID reference file was read (deduped). Immutable. */
 declare function recordRefRead(track: SessionTrack, path: string): SessionTrack;
-/** Record an agent/tool call with a timestamp. Immutable. */
-declare function recordAgent(track: SessionTrack, name: string, ts: number): SessionTrack;
-/** True when ALL of `names` were called within `windowMs` before `now`. */
+/** Record an agent/tool call with a timestamp + optional quality. Immutable. */
+declare function recordAgent(track: SessionTrack, name: string, ts: number, quality?: AgentQuality): SessionTrack;
+/** True when ALL of `names` ran within `windowMs` with non-insufficient quality. */
 declare function agentsFresh(track: SessionTrack, names: string[], windowMs: number, now: number): boolean;
+/** Record a trivial edit timestamp (sliding window; old evicted). Immutable. */
+declare function recordTrivialEdit(track: SessionTrack, ts: number, windowMs: number, now: number): SessionTrack;
+/** Count trivial edits within the sliding window. */
+declare function trivialCount(track: SessionTrack, windowMs: number, now: number): number;
+/** Set the brainstorm-required flag (from creation-intent detection). Immutable. */
+declare function recordBrainstormRequired(track: SessionTrack, required: boolean): SessionTrack;
 //#endregion
 //#region src/tracking/store.d.ts
 /** Load a session track from a file (an empty track if absent/corrupt). */
@@ -27,4 +38,4 @@ declare function loadTrack(file: string): Promise<SessionTrack>;
 /** Persist a session track. */
 declare function saveTrack(file: string, track: SessionTrack): Promise<void>;
 //#endregion
-export { SessionTrack, agentsFresh, emptyTrack, loadTrack, recordAgent, recordDoc, recordRefRead, saveTrack };
+export { AgentQuality, SessionTrack, agentsFresh, emptyTrack, loadTrack, recordAgent, recordBrainstormRequired, recordDoc, recordRefRead, recordTrivialEdit, saveTrack, trivialCount };

package/dist/tracking/index.mjs

@@ -1,2 +1,2 @@
-import { a as recordAgent, i as emptyTrack, n as saveTrack, o as recordDoc, r as agentsFresh, s as recordRefRead, t as loadTrack } from "../store-BWvwnnf6.mjs";
-export { agentsFresh, emptyTrack, loadTrack, recordAgent, recordDoc, recordRefRead, saveTrack };
+import { a as recordAgent, c as recordRefRead, i as emptyTrack, l as recordTrivialEdit, n as saveTrack, o as recordBrainstormRequired, r as agentsFresh, s as recordDoc, t as loadTrack, u as trivialCount } from "../store-gtbP-Bv9.mjs";
+export { agentsFresh, emptyTrack, loadTrack, recordAgent, recordBrainstormRequired, recordDoc, recordRefRead, recordTrivialEdit, saveTrack, trivialCount };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fusengine/harness",
-  "version": "0.1.9",
+  "version": "0.1.11",
   "description": "Harness-agnostic toolkit for AI coding agents: runtime harness detection (Claude Code, Codex, Cursor, Cline, Gemini, Aider...), pure policy core (env config, project/framework detection, SOLID/file-size limits, APEX freshness, guard patterns, portable prompts), cache, project memory, ref routing, state/locks, statusline, per-harness adapters (Claude/Cursor/Cline/Gemini) and a cli-mode harness-check binary. Bun-native, with a built dist for Node + bundlers.",
   "type": "module",
   "module": "src/index.ts",

package/dist/evaluate-CsYyUucy.mjs

@@ -1,152 +0,0 @@
-import { i as splitTarget, r as resolveMaxLines } from "./limits-CHn8AIL1.mjs";
-import { t as isCodeFile } from "./project-root-C4ks_q1G.mjs";
-//#region src/policy/detect-framework.ts
-/**
-* Detect the framework from a file path extension + content patterns.
-* Aligned with the fusengine require-solid-read detection (distinct from
-* {@link detectProjectType}, which scans config files on disk).
-*/
-function detectFramework(filePath, content) {
-	if (/\.(tsx?|jsx?|vue|svelte)$/.test(filePath) || /from ['"]react|useState|className=/.test(content)) {
-		if (/(page|layout|loading|error|route)\.(ts|tsx)$/.test(filePath) || /use client|use server/.test(content)) return "nextjs";
-		return "react";
-	}
-	if (/\.swift$/.test(filePath)) return "swift";
-	if (/\.php$/.test(filePath)) return "laravel";
-	if (/\.java$/.test(filePath)) return "java";
-	if (/\.go$/.test(filePath)) return "go";
-	if (/\.rb$/.test(filePath)) return "ruby";
-	if (/\.rs$/.test(filePath)) return "rust";
-	if (/\.css$/.test(filePath) || /@tailwind|@apply/.test(content)) return "tailwind";
-	return "generic";
-}
-//#endregion
-//#region src/policy/file-size.ts
-/** Count lines in file content (empty string = 0). */
-function countLines(content) {
-	return content === "" ? 0 : content.split("\n").length;
-}
-/**
-* Evaluate a file's line count against the SOLID limit.
-* @param lines - the file's line count
-* @param max - the limit (defaults to `resolveMaxLines()`)
-*/
-function evaluateFileSize(lines, max = resolveMaxLines()) {
-	if (lines <= max) return {
-		ok: true,
-		lines,
-		max,
-		message: null
-	};
-	return {
-		ok: false,
-		lines,
-		max,
-		message: `File has ${lines} lines (max: ${max}). Split into modules under ${splitTarget(max)} lines (Single Responsibility).`
-	};
-}
-//#endregion
-//#region src/policy/patterns.ts
-/**
-* Guard pattern data, ported verbatim from the fusengine git/install guards.
-* Note (faithful): `git push.*--force` also matches `--force-with-lease` —
-* preserved from the source guard.
-*/
-/** Destructive git operations to block outright. */
-const GIT_BLOCKED = [
-	/git push.*--force/,
-	/git push.*-f/,
-	/git reset.*--hard/,
-	/git clean.*-fd/,
-	/git branch.*-D/,
-	/git rebase.*--force/
-];
-/** Git operations that warrant a confirmation prompt. */
-const GIT_ASK = [
-	/git push/,
-	/git checkout/,
-	/git reset/,
-	/git rebase/,
-	/git merge/,
-	/git stash/,
-	/git clean/,
-	/git rm/,
-	/git mv/,
-	/git restore/,
-	/git revert/,
-	/git cherry-pick/
-];
-/** System-level package installs (need confirmation). */
-const SYSTEM_INSTALL = [
-	/brew install/,
-	/brew upgrade/,
-	/brew cask/,
-	/apt install/,
-	/apt-get install/
-];
-/** Project-level package installs. */
-const PROJECT_INSTALL = [
-	/npm install/,
-	/npm i /,
-	/yarn add/,
-	/pnpm add/,
-	/pip install/,
-	/pip3 install/,
-	/composer require/,
-	/bun add/,
-	/bun install/,
-	/cargo install/,
-	/go install/,
-	/gem install/,
-	/pipx install/
-];
-/** True when `cmd` matches any pattern in `patterns`. */
-function matchPatterns(cmd, patterns) {
-	return patterns.some((re) => re.test(cmd));
-}
-//#endregion
-//#region src/policy/evaluate.ts
-/**
-* Evaluate a single tool-use against the bundled policies, returning a pure
-* decision plus a portable {@link Prompt}. Adapters translate the prompt into
-* their harness's native response (Claude `permissionDecision`, etc.).
-*/
-function evaluate(ctx) {
-	if (ctx.command && matchPatterns(ctx.command, GIT_BLOCKED)) {
-		const reason = `Destructive git command: ${ctx.command}`;
-		return {
-			decision: "deny",
-			message: reason,
-			prompt: {
-				kind: "block",
-				title: "Destructive git command",
-				reason,
-				actions: ["Use a non-destructive alternative (e.g. --force-with-lease; avoid --hard / -D)"]
-			}
-		};
-	}
-	if (ctx.filePath && isCodeFile(ctx.filePath) && ctx.content !== void 0) {
-		const verdict = evaluateFileSize(countLines(ctx.content), ctx.maxLines);
-		if (!verdict.ok) return {
-			decision: "deny",
-			message: verdict.message,
-			prompt: {
-				kind: "block",
-				title: "SOLID file-size limit",
-				reason: verdict.message ?? "",
-				actions: [`Split into modules under ${verdict.max} lines (Single Responsibility)`, "Then re-run the write"]
-			},
-			meta: {
-				framework: detectFramework(ctx.filePath, ctx.content),
-				lines: verdict.lines,
-				max: verdict.max
-			}
-		};
-	}
-	return {
-		decision: "allow",
-		message: null
-	};
-}
-//#endregion
-export { SYSTEM_INSTALL as a, evaluateFileSize as c, PROJECT_INSTALL as i, detectFramework as l, GIT_ASK as n, matchPatterns as o, GIT_BLOCKED as r, countLines as s, evaluate as t };

package/dist/index-BbJucvaG.d.mts

@@ -1,118 +0,0 @@
-import { t as Prompt } from "./types-D56jSgD9.mjs";
-import { t as AuthEntry } from "./doc-helpers-CG1nuf-c.mjs";
-import { t as RefMeta } from "./types-CY5qT2X1.mjs";
-
-//#region src/policy/detect-project.d.ts
-/** Project types detected from filesystem indicators. */
-type ProjectType = "nextjs" | "nuxt" | "angular" | "svelte" | "vue" | "react" | "tailwind" | "laravel" | "rails" | "django" | "python" | "go" | "rust" | "swift" | "java" | "scala" | "elixir" | "ruby" | "generic";
-/** Keywords that signal a development task (APEX trigger). */
-declare const DEV_KEYWORDS: RegExp;
-/** True when the prompt invokes the /apex command. */
-declare function isApexCommand(prompt: string): boolean;
-/** Detect the project type by scanning config files in `dir`. */
-declare function detectProjectType(dir: string): ProjectType;
-//#endregion
-//#region src/policy/detect-framework.d.ts
-/**
-* Detect the framework from a file path extension + content patterns.
-* Aligned with the fusengine require-solid-read detection (distinct from
-* {@link detectProjectType}, which scans config files on disk).
-*/
-declare function detectFramework(filePath: string, content: string): string;
-//#endregion
-//#region src/policy/file-size.d.ts
-/** Verdict from {@link evaluateFileSize}. */
-interface FileSizeVerdict {
-  ok: boolean;
-  lines: number;
-  max: number;
-  message: string | null;
-}
-/** Count lines in file content (empty string = 0). */
-declare function countLines(content: string): number;
-/**
-* Evaluate a file's line count against the SOLID limit.
-* @param lines - the file's line count
-* @param max - the limit (defaults to `resolveMaxLines()`)
-*/
-declare function evaluateFileSize(lines: number, max?: number): FileSizeVerdict;
-//#endregion
-//#region src/policy/patterns.d.ts
-/**
-* Guard pattern data, ported verbatim from the fusengine git/install guards.
-* Note (faithful): `git push.*--force` also matches `--force-with-lease` —
-* preserved from the source guard.
-*/
-/** Destructive git operations to block outright. */
-declare const GIT_BLOCKED: ReadonlyArray<RegExp>;
-/** Git operations that warrant a confirmation prompt. */
-declare const GIT_ASK: ReadonlyArray<RegExp>;
-/** System-level package installs (need confirmation). */
-declare const SYSTEM_INSTALL: ReadonlyArray<RegExp>;
-/** Project-level package installs. */
-declare const PROJECT_INSTALL: ReadonlyArray<RegExp>;
-/** True when `cmd` matches any pattern in `patterns`. */
-declare function matchPatterns(cmd: string, patterns: ReadonlyArray<RegExp>): boolean;
-//#endregion
-//#region src/policy/evaluate.d.ts
-/** Harness-agnostic input to {@link evaluate}. */
-interface PolicyContext {
-  /** Tool name (e.g. "Write", "Edit", "Bash"). */
-  tool: string;
-  filePath?: string;
-  content?: string;
-  command?: string;
-  /** Optional override for the SOLID max-lines limit. */
-  maxLines?: number;
-}
-/** Harness-agnostic policy decision (+ a portable prompt for adapters to render). */
-interface PolicyResult {
-  decision: "allow" | "deny" | "warn";
-  message: string | null;
-  prompt?: Prompt;
-  meta?: Record<string, unknown>;
-}
-/**
-* Evaluate a single tool-use against the bundled policies, returning a pure
-* decision plus a portable {@link Prompt}. Adapters translate the prompt into
-* their harness's native response (Claude `permissionDecision`, etc.).
-*/
-declare function evaluate(ctx: PolicyContext): PolicyResult;
-//#endregion
-//#region src/policy/apex.d.ts
-/**
-* Session context for the stateful APEX gates. The harness adapter supplies this
-* (the package owns the gate LOGIC; recording the session activity is the
-* adapter's tracking layer).
-*/
-interface ApexContext {
-  sessionId: string;
-  framework: string;
-  filePath: string;
-  content: string;
-  /** Doc-consultation authorizations from session state (Context7/Exa). */
-  authorizations?: Record<string, AuthEntry>;
-  /** Available SOLID references for the framework's skill. */
-  refs?: RefMeta[];
-  /** Absolute paths of SOLID refs already read this session. */
-  refsRead?: string[];
-  /** Whether the required prior agents (explore + research) ran within the freshness window. */
-  agentsFresh?: boolean;
-}
-/** A single APEX gate: returns a blocking {@link Prompt}, or null to pass. */
-type ApexGate = (ctx: ApexContext) => Prompt | null;
-/** Gate: Context7 + Exa must have been consulted this session. */
-declare const docConsultedGate: ApexGate;
-/** Gate: the routed SOLID references for this edit must have been read. */
-declare const solidReadGate: ApexGate;
-/** Gate: the required prior agents (explore + research) must have run within the window. */
-declare const freshnessGate: ApexGate;
-/** Default APEX gate chain (freshness, then docs, then SOLID refs). */
-declare const APEX_GATES: ReadonlyArray<ApexGate>;
-/**
-* Run the APEX gates (chain-of-responsibility): the first failing gate's prompt
-* wins; null means every gate passed (allow).
-*/
-declare function evaluateApex(ctx: ApexContext, gates?: ReadonlyArray<ApexGate>): Prompt | null;
-//#endregion
-export { isApexCommand as C, detectProjectType as S, countLines as _, evaluateApex as a, DEV_KEYWORDS as b, PolicyContext as c, GIT_ASK as d, GIT_BLOCKED as f, FileSizeVerdict as g, matchPatterns as h, docConsultedGate as i, PolicyResult as l, SYSTEM_INSTALL as m, ApexContext as n, freshnessGate as o, PROJECT_INSTALL as p, ApexGate as r, solidReadGate as s, APEX_GATES as t, evaluate as u, evaluateFileSize as v, ProjectType as x, detectFramework as y };