@gitgov/core 2.7.2 → 2.9.0

package/dist/src/fs.js

@@ -1,18 +1,18 @@
 import * as fs from 'fs/promises';
 import { readdir, readFile } from 'fs/promises';
-import * as path9 from 'path';
-import path9__default, { join, dirname, basename, relative } from 'path';
+import * as path6 from 'path';
+import path6__default, { join, dirname, basename, relative } from 'path';
 import * as fs8 from 'fs';
-import { promises, existsSync, readFileSync, writeFileSync } from 'fs';
+import { promises, existsSync, realpathSync } from 'fs';
 import fg from 'fast-glob';
-import { generateKeyPair, randomUUID, createHash } from 'crypto';
+import { generateKeyPair, createHash, randomUUID } from 'crypto';
 import Ajv from 'ajv';
 import addFormats from 'ajv-formats';
 import { promisify } from 'util';
-import { exec, execSync } from 'child_process';
+import { execSync } from 'child_process';
 import { createRequire } from 'module';
 import { fileURLToPath } from 'url';
-import os from 'os';
+import * as os from 'os';
 import chokidar from 'chokidar';
 
 // src/record_store/fs/fs_record_store.ts
@@ -52,7 +52,7 @@ var FsRecordStore = class {
   getFilePath(id) {
     validateId(id);
     const fileId = this.idEncoder ? this.idEncoder.encode(id) : id;
-    return path9.join(this.basePath, `${fileId}${this.extension}`);
+    return path6.join(this.basePath, `${fileId}${this.extension}`);
   }
   async get(id) {
     const filePath = this.getFilePath(id);
@@ -69,7 +69,7 @@ var FsRecordStore = class {
   async put(id, value) {
     const filePath = this.getFilePath(id);
     if (this.createIfMissing) {
-      await fs.mkdir(path9.dirname(filePath), { recursive: true });
+      await fs.mkdir(path6.dirname(filePath), { recursive: true });
     }
     const content = this.serializer.stringify(value);
     await fs.writeFile(filePath, content, "utf-8");
@@ -219,7 +219,7 @@ var ConfigManager = class {
 var FsConfigStore = class {
   configPath;
   constructor(projectRootPath) {
-    this.configPath = path9.join(projectRootPath, ".gitgov", "config.json");
+    this.configPath = path6.join(projectRootPath, ".gitgov", "config.json");
   }
   /**
    * Load project configuration from .gitgov/config.json
@@ -384,8 +384,8 @@ var FsSessionStore = class {
   sessionPath;
   keysPath;
   constructor(projectRootPath) {
-    this.sessionPath = path9.join(projectRootPath, ".gitgov", ".session.json");
-    this.keysPath = path9.join(projectRootPath, ".gitgov", "keys");
+    this.sessionPath = path6.join(projectRootPath, ".gitgov", ".session.json");
+    this.keysPath = path6.join(projectRootPath, ".gitgov", "keys");
   }
   /**
    * Load local session from .gitgov/.session.json
@@ -547,7 +547,7 @@ var FsKeyProvider = class {
    */
   getKeyPath(actorId) {
     const sanitized = this.sanitizeActorId(actorId);
-    return path9.join(this.keysDir, `${sanitized}${this.extension}`);
+    return path6.join(this.keysDir, `${sanitized}${this.extension}`);
   }
   /**
    * [EARS-FKP04] Sanitizes actorId to prevent directory traversal.
@@ -605,7 +605,7 @@ var FsFileLister = class {
           pattern
         );
       }
-      if (path9.isAbsolute(pattern)) {
+      if (path6.isAbsolute(pattern)) {
         throw new FileListerError(
           `Invalid pattern: absolute paths not allowed: ${pattern}`,
           "INVALID_PATH",
@@ -613,6 +613,7 @@ var FsFileLister = class {
         );
       }
     }
+    const normalized = patterns.map((p) => p.endsWith("/") ? `${p}**` : p);
     const fgOptions = {
       cwd: this.cwd,
       ignore: options?.ignore ?? [],
@@ -623,7 +624,7 @@ var FsFileLister = class {
     if (options?.maxDepth !== void 0) {
       fgOptions.deep = options.maxDepth;
     }
-    return fg(patterns, fgOptions);
+    return fg(normalized, fgOptions);
   }
   /**
    * [EARS-FL02] Checks if a file exists.
@@ -631,7 +632,7 @@ var FsFileLister = class {
   async exists(filePath) {
     this.validatePath(filePath);
     try {
-      const fullPath = path9.join(this.cwd, filePath);
+      const fullPath = path6.join(this.cwd, filePath);
       await fs.access(fullPath);
       return true;
     } catch {
@@ -644,7 +645,7 @@ var FsFileLister = class {
    */
   async read(filePath) {
     this.validatePath(filePath);
-    const fullPath = path9.join(this.cwd, filePath);
+    const fullPath = path6.join(this.cwd, filePath);
     try {
       return await fs.readFile(fullPath, "utf-8");
     } catch (err) {
@@ -676,7 +677,7 @@ var FsFileLister = class {
    */
   async stat(filePath) {
     this.validatePath(filePath);
-    const fullPath = path9.join(this.cwd, filePath);
+    const fullPath = path6.join(this.cwd, filePath);
     try {
       const stats = await fs.stat(fullPath);
       return {
@@ -712,7 +713,7 @@ var FsFileLister = class {
         filePath
       );
     }
-    if (path9.isAbsolute(filePath)) {
+    if (path6.isAbsolute(filePath)) {
       throw new FileListerError(
         `Invalid path: absolute paths not allowed: ${filePath}`,
         "INVALID_PATH",
@@ -730,12 +731,11 @@ function isCyclePayload(payload) {
   return "title" in payload && "status" in payload && !("priority" in payload);
 }
 
-// src/utils/id_parser.ts
+// src/record_types/common.types.ts
 var DIR_TO_TYPE = {
   "tasks": "task",
   "cycles": "cycle",
   "executions": "execution",
-  "changelogs": "changelog",
   "feedbacks": "feedback",
   "actors": "actor",
   "agents": "agent"
@@ -743,6 +743,15 @@ var DIR_TO_TYPE = {
 Object.fromEntries(
   Object.entries(DIR_TO_TYPE).map(([dir, type]) => [type, dir])
 );
+var GitGovError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = this.constructor.name;
+  }
+};
+
+// src/utils/id_parser.ts
 var VALID_DIRS = Object.keys(DIR_TO_TYPE);
 function extractRecordIdFromPath(filePath) {
   const parts = filePath.split("/");
@@ -762,9 +771,6 @@ function inferEntityTypeFromId(recordId) {
   if (recordId.match(/^\d+-exec-/) || recordId.includes("-execution-")) {
     return "execution";
   }
-  if (recordId.match(/^\d+-changelog-/)) {
-    return "changelog";
-  }
   if (recordId.match(/^\d+-feedback-/)) {
     return "feedback";
   }
@@ -861,15 +867,6 @@ function calculatePayloadChecksum(payload) {
   return createHash("sha256").update(jsonString, "utf8").digest("hex");
 }
 
-// src/record_types/common.types.ts
-var GitGovError = class extends Error {
-  constructor(message, code) {
-    super(message);
-    this.code = code;
-    this.name = this.constructor.name;
-  }
-};
-
 // src/record_schemas/errors.ts
 var DetailedValidationError = class extends GitGovError {
   constructor(recordType, errors) {
@@ -887,7 +884,7 @@ var actor_record_schema_default = {
   $schema: "http://json-schema.org/draft-07/schema#",
   $id: "actor_record_schema.json",
   title: "ActorRecord",
-  description: "Canonical schema for actor records as defined in actor_protocol.md",
+  description: "Canonical schema for actor records as defined in 02_actor.md",
   additionalProperties: false,
   type: "object",
   required: [
@@ -982,8 +979,9 @@ var agent_record_schema_default = {
   $schema: "http://json-schema.org/draft-07/schema#",
   $id: "agent_record_schema.json",
   title: "AgentRecord",
-  description: "Canonical schema for agent operational manifests.",
+  description: "Canonical schema for agent operational manifests \u2014 the work contract that defines how an agent is invoked.",
   type: "object",
+  additionalProperties: false,
   required: [
     "id",
     "engine"
@@ -991,8 +989,13 @@ var agent_record_schema_default = {
   properties: {
     id: {
       type: "string",
-      pattern: "^agent:[a-z0-9:-]+$",
-      description: "Unique identifier for the agent, linking to an ActorRecord."
+      pattern: "^agent(:[a-z0-9-]+)+$",
+      description: "Unique identifier for the agent, linking 1:1 to an ActorRecord of type agent.",
+      examples: [
+        "agent:scribe",
+        "agent:aion",
+        "agent:camilo:cursor"
+      ]
     },
     status: {
       type: "string",
@@ -1000,63 +1003,12 @@ var agent_record_schema_default = {
         "active",
         "archived"
       ],
-      default: "active"
-    },
-    triggers: {
-      type: "array",
-      default: [],
-      description: "Optional list of triggers that activate the agent.\nAdditional fields are allowed and depend on trigger type:\n- webhook triggers: 'event' (event identifier), 'filter' (condition)\n- scheduled triggers: 'cron' (cron expression)\n- manual triggers: 'command' (example CLI command)\n",
-      items: {
-        type: "object",
-        properties: {
-          type: {
-            type: "string",
-            enum: [
-              "manual",
-              "webhook",
-              "scheduled"
-            ],
-            description: "Type of trigger that activates the agent"
-          }
-        },
-        required: [
-          "type"
-        ],
-        additionalProperties: true
-      }
-    },
-    knowledge_dependencies: {
-      type: "array",
-      default: [],
-      items: {
-        type: "string",
-        description: "Glob patterns for blueprint files this agent needs access to"
-      }
-    },
-    prompt_engine_requirements: {
-      type: "object",
-      properties: {
-        roles: {
-          type: "array",
-          items: {
-            type: "string"
-          }
-        },
-        skills: {
-          type: "array",
-          items: {
-            type: "string"
-          }
-        }
-      }
-    },
-    metadata: {
-      type: "object",
-      description: "Optional framework-specific or deployment-specific metadata for agent extensions.\nCommon use cases: framework identification (langchain, google-adk), deployment info (provider, image, region),\ncost tracking (cost_per_invocation, currency), tool capabilities, maintainer info.\nThis field does NOT affect agent execution - it is purely informational.\n",
-      additionalProperties: true
+      default: "active",
+      description: "Operational status. An archived agent cannot be invoked."
     },
     engine: {
       type: "object",
+      description: "Invocation specification \u2014 defines how the agent is executed. Uses oneOf with 4 variants: local, api, mcp, custom.",
       oneOf: [
         {
           required: [
@@ -1103,7 +1055,8 @@ var agent_record_schema_default = {
                 "GET",
                 "PUT"
               ],
-              default: "POST"
+              default: "POST",
+              description: "HTTP method"
             },
             auth: {
               type: "object",
@@ -1149,7 +1102,7 @@ var agent_record_schema_default = {
             },
             tool: {
               type: "string",
-              description: "Name of the MCP tool to invoke. If not specified, defaults to agentId without 'agent:' prefix."
+              description: "Name of the MCP tool to invoke. If omitted, the agent has access to all tools on the server."
             },
             auth: {
               type: "object",
@@ -1198,6 +1151,60 @@ var agent_record_schema_default = {
           }
         }
       ]
+    },
+    triggers: {
+      type: "array",
+      default: [],
+      description: "Optional list of triggers that activate the agent.\nAdditional fields are allowed and depend on trigger type:\n- manual: 'command' (example CLI command)\n- webhook: 'event' (event identifier), 'filter' (condition)\n- scheduled: 'cron' (cron expression)\n",
+      items: {
+        type: "object",
+        properties: {
+          type: {
+            type: "string",
+            enum: [
+              "manual",
+              "webhook",
+              "scheduled"
+            ],
+            description: "Type of trigger that activates the agent"
+          }
+        },
+        required: [
+          "type"
+        ],
+        additionalProperties: true
+      }
+    },
+    knowledge_dependencies: {
+      type: "array",
+      default: [],
+      items: {
+        type: "string",
+        description: "Glob patterns for files this agent needs access to"
+      }
+    },
+    prompt_engine_requirements: {
+      type: "object",
+      description: "Requirements for prompt composition \u2014 roles and skills the agent needs.",
+      properties: {
+        roles: {
+          type: "array",
+          items: {
+            type: "string"
+          }
+        },
+        skills: {
+          type: "array",
+          items: {
+            type: "string"
+          }
+        }
+      }
+    },
+    metadata: {
+      type: "object",
+      description: "Optional framework-specific or deployment-specific metadata.\nCommon use cases: framework identification (langchain, google-adk), deployment info,\ncost tracking, tool capabilities, maintainer info.\nThis field does NOT affect agent execution \u2014 it is purely informational.\n",
+      additionalProperties: true
     }
   },
   examples: [
@@ -1428,193 +1435,12 @@ var agent_record_schema_default = {
   ]
 };
 
-// src/record_schemas/generated/changelog_record_schema.json
-var changelog_record_schema_default = {
-  $schema: "http://json-schema.org/draft-07/schema#",
-  $id: "changelog_record_schema.json",
-  title: "ChangelogRecord",
-  description: "Canonical schema for changelog records - aggregates N tasks into 1 release note",
-  additionalProperties: false,
-  type: "object",
-  required: [
-    "id",
-    "title",
-    "description",
-    "relatedTasks",
-    "completedAt"
-  ],
-  properties: {
-    id: {
-      type: "string",
-      pattern: "^\\d{10}-changelog-[a-z0-9-]{1,50}$",
-      maxLength: 71,
-      description: "Unique identifier for the changelog entry",
-      examples: [
-        "1752707800-changelog-sistema-autenticacion-v1",
-        "1752707800-changelog-sprint-24-api-performance"
-      ]
-    },
-    title: {
-      type: "string",
-      minLength: 10,
-      maxLength: 150,
-      description: "Executive title of the deliverable",
-      examples: [
-        "Sistema de Autenticaci\xF3n Completo v1.0",
-        "Sprint 24 - Performance Optimizations"
-      ]
-    },
-    description: {
-      type: "string",
-      minLength: 20,
-      maxLength: 5e3,
-      description: "Detailed description of the value delivered, including key decisions and impact"
-    },
-    relatedTasks: {
-      type: "array",
-      items: {
-        type: "string",
-        pattern: "^\\d{10}-task-[a-z0-9-]{1,50}$"
-      },
-      minItems: 1,
-      description: "IDs of tasks that compose this deliverable (minimum 1 required)"
-    },
-    completedAt: {
-      type: "number",
-      minimum: 0,
-      description: "Unix timestamp in seconds when the deliverable was completed"
-    },
-    relatedCycles: {
-      type: "array",
-      items: {
-        type: "string",
-        pattern: "^\\d{10}-cycle-[a-z0-9-]{1,50}$"
-      },
-      default: [],
-      description: "Optional IDs of cycles related to this deliverable"
-    },
-    relatedExecutions: {
-      type: "array",
-      items: {
-        type: "string",
-        pattern: "^\\d{10}-exec-[a-z0-9-]{1,50}$"
-      },
-      default: [],
-      description: "Optional IDs of key execution records related to this work"
-    },
-    version: {
-      type: "string",
-      minLength: 1,
-      maxLength: 50,
-      description: "Optional version or release identifier (e.g., 'v1.0.0', 'sprint-24')",
-      examples: [
-        "v1.0.0",
-        "v2.1.3",
-        "sprint-24"
-      ]
-    },
-    tags: {
-      type: "array",
-      items: {
-        type: "string",
-        pattern: "^[a-z0-9-]+(:[a-z0-9-]+)*$"
-      },
-      default: [],
-      description: "Optional tags for categorization (e.g., 'feature:auth', 'bugfix', 'security')"
-    },
-    commits: {
-      type: "array",
-      items: {
-        type: "string",
-        maxLength: 100
-      },
-      default: [],
-      description: "Optional list of git commit hashes related to this deliverable"
-    },
-    files: {
-      type: "array",
-      items: {
-        type: "string",
-        maxLength: 500
-      },
-      default: [],
-      description: "Optional list of main files that were created or modified"
-    },
-    notes: {
-      type: "string",
-      maxLength: 3e3,
-      description: "Optional additional context, decisions, or learnings"
-    }
-  },
-  examples: [
-    {
-      id: "1752707800-changelog-sistema-autenticacion-v1",
-      title: "Sistema de Autenticaci\xF3n Completo v1.0",
-      description: "Implementaci\xF3n completa del sistema de autenticaci\xF3n con OAuth2, 2FA via TOTP, recuperaci\xF3n de contrase\xF1a, y UI responsive. Incluye tests E2E completos (95% coverage) y documentaci\xF3n t\xE9cnica actualizada.",
-      relatedTasks: [
-        "1752274500-task-crear-ui-login",
-        "1752274600-task-integrar-oauth2-backend",
-        "1752274700-task-implementar-2fa-totp",
-        "1752274800-task-tests-e2e-auth",
-        "1752274900-task-documentar-flujo-auth"
-      ],
-      completedAt: 1752707800,
-      relatedCycles: [
-        "1752200000-cycle-q1-auth-milestone"
-      ],
-      relatedExecutions: [
-        "1752274550-exec-analisis-auth-providers",
-        "1752707750-exec-final-integration-test"
-      ],
-      version: "v1.0.0",
-      tags: [
-        "feature:auth",
-        "security",
-        "frontend",
-        "backend"
-      ],
-      commits: [
-        "abc123def",
-        "456ghi789",
-        "jkl012mno"
-      ],
-      files: [
-        "src/pages/Login.tsx",
-        "src/services/auth.ts",
-        "src/components/TwoFactorSetup.tsx",
-        "e2e/auth.spec.ts"
-      ],
-      notes: "Decisi\xF3n t\xE9cnica: Usamos NextAuth.js despu\xE9s de evaluar Passport.js. El 2FA se implement\xF3 con TOTP (Google Authenticator compatible) en lugar de SMS por seguridad y costo."
-    },
-    {
-      id: "1752707900-changelog-hotfix-payment-timeout",
-      title: "Hotfix: Critical Payment Timeout Fix",
-      description: "Fixed critical payment timeout issue affecting 15% of transactions. Increased timeout from 5s to 30s and added circuit breaker pattern for third-party API calls.",
-      relatedTasks: [
-        "1752707850-task-fix-payment-timeout",
-        "1752707870-task-add-circuit-breaker"
-      ],
-      completedAt: 1752707900,
-      version: "v1.2.1",
-      tags: [
-        "hotfix",
-        "critical",
-        "payment"
-      ],
-      commits: [
-        "xyz789abc"
-      ],
-      notes: "Emergency response to production incident. Deployed to production within 2 hours."
-    }
-  ]
-};
-
 // src/record_schemas/generated/cycle_record_schema.json
 var cycle_record_schema_default = {
   $schema: "http://json-schema.org/draft-07/schema#",
   $id: "cycle_record_schema.json",
   title: "CycleRecord",
-  description: "Canonical schema for cycle records - strategic grouping of work",
+  description: "Canonical schema for cycle records \u2014 strategic grouping of work into sprints, milestones, or roadmaps.",
   additionalProperties: false,
   type: "object",
   required: [
@@ -1627,7 +1453,7 @@ var cycle_record_schema_default = {
       type: "string",
       pattern: "^\\d{10}-cycle-[a-z0-9-]{1,50}$",
       maxLength: 67,
-      description: "Unique identifier for the cycle (10 timestamp + 1 dash + 5 'cycle' + 1 dash + max 50 slug = 67 max)",
+      description: "Unique identifier for the cycle (10 timestamp + 1 dash + 5 'cycle' + 1 dash + max 50 slug = 67 max).",
       examples: [
         "1754400000-cycle-sprint-24-api-performance",
         "1754500000-cycle-auth-system-v2",
@@ -1638,7 +1464,7 @@ var cycle_record_schema_default = {
       type: "string",
       minLength: 1,
       maxLength: 256,
-      description: "Human-readable title for the cycle (e.g., 'Sprint 24', 'Auth v2.0', 'Q4 2025')",
+      description: "Human-readable title for the cycle (e.g., 'Sprint 24', 'Auth v2.0', 'Q4 2025').",
       examples: [
         "Sprint 24 - API Performance",
         "Authentication System v2.0",
@@ -1653,7 +1479,7 @@ var cycle_record_schema_default = {
         "completed",
         "archived"
       ],
-      description: "The lifecycle status of the cycle"
+      description: "The lifecycle status of the cycle."
     },
     taskIds: {
       type: "array",
@@ -1663,7 +1489,7 @@ var cycle_record_schema_default = {
         maxLength: 66
       },
       default: [],
-      description: "Optional array of Task IDs that belong to this cycle. Can be empty for cycles that only contain child cycles. (10 timestamp + 1 dash + 4 'task' + 1 dash + max 50 slug = 66 max)",
+      description: "Optional array of Task IDs that belong to this cycle. Bidirectional with TaskRecord.cycleIds. Can be empty for container cycles.",
       examples: [
         [
           "1752274500-task-optimizar-endpoint-search",
@@ -1679,7 +1505,7 @@ var cycle_record_schema_default = {
         maxLength: 67
       },
       default: [],
-      description: "Optional array of Cycle IDs that are children of this cycle, allowing for hierarchies (e.g., Q1 containing Sprint 1, Sprint 2, Sprint 3). (10 timestamp + 1 dash + 5 'cycle' + 1 dash + max 50 slug = 67 max)",
+      description: "Optional array of child Cycle IDs for hierarchical composition (e.g., Q1 containing Sprint 1, Sprint 2, Sprint 3).",
       examples: [
         [
           "1754400000-cycle-sprint-24",
@@ -1713,9 +1539,29 @@ var cycle_record_schema_default = {
     },
     notes: {
       type: "string",
-      minLength: 0,
-      maxLength: 1e4,
-      description: "Optional description of the cycle's goals, objectives, and context"
+      minLength: 1,
+      description: "Optional description of the cycle's goals, objectives, and context."
+    },
+    metadata: {
+      type: "object",
+      additionalProperties: true,
+      description: "Optional structured data for machine consumption.\nUse this field for domain-specific data that needs to be programmatically processed.\nExtends the strategic grouping with structured, queryable attributes.\nCommon use cases: epic lifecycle, sprint configuration, OKR tracking, budget allocation.\n",
+      examples: [
+        {
+          epic: true,
+          phase: "active",
+          files: {
+            overview: "overview.md",
+            roadmap: "roadmap.md",
+            plan: "implementation_plan.md"
+          }
+        },
+        {
+          sprint: 24,
+          velocity: 42,
+          team: "backend"
+        }
+      ]
     }
   },
   examples: [
@@ -1733,7 +1579,7 @@ var cycle_record_schema_default = {
         "team:backend",
         "focus:performance"
       ],
-      notes: "Objetivo: Reducir la latencia p95 de la API por debajo de 200ms y preparar infraestructura para Black Friday."
+      notes: "Objective: Reduce API p95 latency below 200ms and prepare infrastructure for Black Friday."
     },
     {
       id: "1754500000-cycle-auth-system-v2",
@@ -1750,7 +1596,7 @@ var cycle_record_schema_default = {
         "security",
         "feature:auth"
       ],
-      notes: "Milestone mayor: Sistema completo de autenticaci\xF3n con OAuth2, 2FA, y gesti\xF3n avanzada de sesiones. Cr\xEDtico para lanzamiento Q4."
+      notes: "Major milestone: Complete authentication system with OAuth2, 2FA, and advanced session management. Critical for Q4 launch."
     },
     {
       id: "1754600000-cycle-q4-2025-growth",
@@ -1766,7 +1612,7 @@ var cycle_record_schema_default = {
         "strategy:growth",
         "okr:scale-to-1m-users"
       ],
-      notes: "Objetivo trimestral: Escalar a 1M usuarios activos. Incluye mejoras de performance, nuevo sistema de auth, y lanzamiento de app m\xF3vil."
+      notes: "Quarterly objective: Scale to 1M active users. Includes performance improvements, new auth system, and mobile app launch."
     }
   ]
 };
@@ -1784,10 +1630,8 @@ var embedded_metadata_schema_default = {
       properties: {
         version: {
           type: "string",
-          enum: [
-            "1.0"
-          ],
-          description: "Version of the embedded metadata format."
+          pattern: "^\\d+\\.\\d+$",
+          description: 'Protocol version in MAJOR.MINOR format (e.g. "1.1", "2.0").'
         },
         type: {
           type: "string",
@@ -1796,12 +1640,23 @@ var embedded_metadata_schema_default = {
             "agent",
             "task",
             "execution",
-            "changelog",
             "feedback",
-            "cycle"
+            "cycle",
+            "workflow",
+            "custom"
           ],
           description: "The type of the record contained in the payload."
         },
+        schemaUrl: {
+          type: "string",
+          format: "uri",
+          description: "URL to a custom schema for the payload. Required when type is 'custom'."
+        },
+        schemaChecksum: {
+          type: "string",
+          pattern: "^[a-fA-F0-9]{64}$",
+          description: "SHA-256 checksum of the custom schema. Required when type is 'custom'."
+        },
         payloadChecksum: {
           type: "string",
           pattern: "^[a-fA-F0-9]{64}$",
@@ -1816,14 +1671,14 @@ var embedded_metadata_schema_default = {
               keyId: {
                 type: "string",
                 pattern: "^(human|agent)(:[a-z0-9-]+)+$",
-                description: "The Actor ID of the signer (must match ActorRecord.id pattern)."
+                description: "The Actor ID of the signer. Supports scoped identifiers (e.g. agent:camilo:cursor)."
               },
               role: {
                 type: "string",
                 pattern: "^([a-z-]+|custom:[a-z0-9-]+)$",
                 minLength: 1,
                 maxLength: 50,
-                description: "The context role of the signature (e.g., 'author', 'reviewer', 'auditor', or 'custom:*')."
+                description: "The context role of the signature (e.g., 'author', 'reviewer', or 'custom:*')."
               },
               notes: {
                 type: "string",
@@ -1838,6 +1693,7 @@ var embedded_metadata_schema_default = {
               },
               timestamp: {
                 type: "integer",
+                minimum: 16e8,
                 description: "Unix timestamp of the signature."
               }
             },
@@ -1871,7 +1727,7 @@ var embedded_metadata_schema_default = {
     "payload"
   ],
   additionalProperties: false,
-  oneOf: [
+  allOf: [
     {
       if: {
         properties: {
@@ -1879,7 +1735,7 @@ var embedded_metadata_schema_default = {
             type: "object",
             properties: {
               type: {
-                const: "actor"
+                const: "custom"
               }
             }
           }
@@ -1887,12 +1743,15 @@ var embedded_metadata_schema_default = {
       },
       then: {
         properties: {
-          payload: {
-            $ref: "ref:actor_record_schema"
+          header: {
+            type: "object",
+            required: [
+              "schemaUrl",
+              "schemaChecksum"
+            ]
           }
         }
-      },
-      else: false
+      }
     },
     {
       if: {
@@ -1901,7 +1760,7 @@ var embedded_metadata_schema_default = {
             type: "object",
             properties: {
               type: {
-                const: "agent"
+                const: "actor"
               }
             }
           }
@@ -1910,11 +1769,10 @@ var embedded_metadata_schema_default = {
       then: {
         properties: {
           payload: {
-            $ref: "ref:agent_record_schema"
+            $ref: "ref:actor_record_schema"
           }
         }
-      },
-      else: false
+      }
     },
     {
       if: {
@@ -1923,7 +1781,7 @@ var embedded_metadata_schema_default = {
             type: "object",
             properties: {
               type: {
-                const: "task"
+                const: "agent"
               }
             }
           }
@@ -1932,11 +1790,10 @@ var embedded_metadata_schema_default = {
       then: {
         properties: {
           payload: {
-            $ref: "ref:task_record_schema"
+            $ref: "ref:agent_record_schema"
           }
         }
-      },
-      else: false
+      }
     },
     {
       if: {
@@ -1945,7 +1802,7 @@ var embedded_metadata_schema_default = {
             type: "object",
             properties: {
               type: {
-                const: "execution"
+                const: "task"
               }
             }
           }
@@ -1954,11 +1811,10 @@ var embedded_metadata_schema_default = {
       then: {
         properties: {
           payload: {
-            $ref: "ref:execution_record_schema"
+            $ref: "ref:task_record_schema"
           }
         }
-      },
-      else: false
+      }
     },
     {
       if: {
@@ -1967,7 +1823,7 @@ var embedded_metadata_schema_default = {
             type: "object",
             properties: {
               type: {
-                const: "changelog"
+                const: "execution"
               }
             }
           }
@@ -1976,11 +1832,10 @@ var embedded_metadata_schema_default = {
       then: {
         properties: {
           payload: {
-            $ref: "ref:changelog_record_schema"
+            $ref: "ref:execution_record_schema"
           }
         }
-      },
-      else: false
+      }
     },
     {
       if: {
@@ -2001,8 +1856,7 @@ var embedded_metadata_schema_default = {
             $ref: "ref:feedback_record_schema"
           }
         }
-      },
-      else: false
+      }
     },
     {
       if: {
@@ -2023,55 +1877,76 @@ var embedded_metadata_schema_default = {
             $ref: "ref:cycle_record_schema"
           }
         }
+      }
+    },
+    {
+      if: {
+        properties: {
+          header: {
+            type: "object",
+            properties: {
+              type: {
+                const: "workflow"
+              }
+            }
+          }
+        }
       },
-      else: false
+      then: {
+        properties: {
+          payload: {
+            $ref: "ref:workflow_record_schema"
+          }
+        }
+      }
     }
   ],
   examples: [
     {
       header: {
-        version: "1.0",
-        type: "task",
-        payloadChecksum: "a1b2c3d4e5f6...",
+        version: "1.1",
+        type: "actor",
+        payloadChecksum: "063d4ba3505e4d2d3852f6063cbd0b98a8728b2afb4a26a323c5c5c512137398",
         signatures: [
           {
             keyId: "human:lead-dev",
             role: "author",
-            notes: "Initial task creation for OAuth 2.0 implementation",
-            signature: "...",
+            notes: "Self-registration of lead developer account",
+            signature: "yEtlWOGAek8ukP8fycqYZOyogQBudO5XUf4v4BUGaOTogDH4wraanhLvutaJBM7rdilFUS2VvmxZmIy0KjTZAg==",
             timestamp: 1752274500
           }
         ]
       },
       payload: {
-        id: "1752274500-task-implementar-auth",
-        status: "pending",
-        priority: "high",
-        description: "Implementar autenticaci\xF3n OAuth 2.0.",
-        tags: [
-          "skill:go",
-          "area:backend"
-        ]
+        id: "human:lead-dev",
+        type: "human",
+        displayName: "Lead Developer",
+        publicKey: "0yyrCETtVql51Id+nRKGmpbfsxNxOz+eCYLpWDoutV0=",
+        roles: [
+          "developer",
+          "reviewer"
+        ],
+        status: "active"
       }
     },
     {
       header: {
-        version: "1.0",
+        version: "1.1",
         type: "execution",
-        payloadChecksum: "b2c3d4e5f6a1...",
+        payloadChecksum: "bd667ddc8698a50594592ac15d0761e62a9f05cc3ba10a9a853ef0819e5fb2ad",
         signatures: [
           {
-            keyId: "agent:cursor",
+            keyId: "agent:camilo:cursor",
             role: "author",
             notes: "OAuth 2.0 flow completed with GitHub provider integration",
-            signature: "...",
+            signature: "8d9LWTtMlK/Ct4+QWGFpH4iFdZb9T/hlFThAAGKqz8UOPe9qDwPFcv3b4qz9G+NQXh1/PgB1pl8YiQCe6fnjAQ==",
             timestamp: 1752274600
           },
           {
             keyId: "human:camilo",
             role: "reviewer",
             notes: "Reviewed and tested locally. LGTM.",
-            signature: "...",
+            signature: "17xsA75W0zzNZI3DXa8iHmxS5NwedfCwu9DoXwk/vArk9yaHcFsY6EgJHNPUtIX+XeKSVF/lOg6CvVIkcXjjAA==",
             timestamp: 1752274650
           }
         ]
@@ -2081,39 +1956,30 @@ var embedded_metadata_schema_default = {
         taskId: "1752274500-task-implement-oauth",
         type: "progress",
         title: "OAuth 2.0 flow implemented",
-        result: "Completed the OAuth 2.0 authentication flow..."
+        result: "Completed the OAuth 2.0 authentication flow with GitHub provider. Token refresh and session management included."
       }
     },
     {
       header: {
-        version: "1.0",
-        type: "actor",
-        payloadChecksum: "c3d4e5f6a1b2...",
+        version: "1.1",
+        type: "custom",
+        schemaUrl: "https://example.com/schemas/deployment-record-v1.json",
+        schemaChecksum: "d4e5f6a1b2c3789012345678901234567890123456789012345678901234abcd",
+        payloadChecksum: "1f9598081fcfcf34732de647de25c8445e68e9320e0c10d3a4bd911c7274a1b3",
         signatures: [
           {
-            keyId: "human:admin",
+            keyId: "agent:deploy-bot",
             role: "author",
-            notes: "New developer onboarded to team",
-            signature: "...",
+            notes: "Production deployment of v2.1.0",
+            signature: "W3cSLJnEp+OmKVOwFqjuLTL1S55/OlQyFDzmmxg+vUfETIiQWNr7aDH06/rHUM11g2BLEGRfXZPQPFry6FJeAw==",
             timestamp: 1752274700
-          },
-          {
-            keyId: "agent:aion",
-            role: "auditor",
-            notes: "Actor verification: 10/10. Credentials validated.",
-            signature: "...",
-            timestamp: 1752274705
           }
         ]
       },
       payload: {
-        id: "human:new-developer",
-        type: "human",
-        displayName: "New Developer",
-        publicKey: "...",
-        roles: [
-          "developer"
-        ]
+        deploymentId: "deploy-2025-07-12-v2.1.0",
+        environment: "production",
+        status: "success"
       }
     }
   ]
@@ -2124,7 +1990,7 @@ var execution_record_schema_default = {
   $schema: "http://json-schema.org/draft-07/schema#",
   $id: "execution_record_schema.json",
   title: "ExecutionRecord",
-  description: "Canonical schema for execution log records - the universal event stream",
+  description: "Canonical schema for execution log records - the universal event stream.",
   additionalProperties: false,
   type: "object",
   required: [
@@ -2139,209 +2005,50 @@ var execution_record_schema_default = {
       type: "string",
       pattern: "^\\d{10}-exec-[a-z0-9-]{1,50}$",
       maxLength: 66,
-      description: "Unique identifier for the execution log entry (10 timestamp + 1 dash + 4 'exec' + 1 dash + max 50 slug = 66 max)",
-      examples: [
-        "1752275000-exec-refactor-queries",
-        "1752361200-exec-api-externa-caida"
-      ]
+      description: "Unique identifier for the execution log entry."
     },
     taskId: {
       type: "string",
       pattern: "^\\d{10}-task-[a-z0-9-]{1,50}$",
       maxLength: 66,
-      description: "ID of the parent task this execution belongs to (10 timestamp + 1 dash + 4 'task' + 1 dash + max 50 slug = 66 max)"
+      description: "ID of the parent task this execution belongs to."
     },
     type: {
       type: "string",
-      enum: [
-        "analysis",
-        "progress",
-        "blocker",
-        "completion",
-        "info",
-        "correction"
-      ],
-      description: "Semantic classification of the execution event",
-      examples: [
-        "progress",
-        "analysis",
-        "blocker",
-        "completion"
-      ]
+      pattern: "^(analysis|decision|progress|blocker|completion|correction|info|custom:[a-z0-9-]+(:[a-z0-9-]+)*)$",
+      description: "Classifies what happened in this execution event. Primitive types cover the fundamental kinds of events that occur during any collaborative work. Extend with 'custom:' for your domain.\nPrimitive types:\n  - analysis: Investigation, research, or evaluation before acting.\n  - decision: A choice that changes the direction of work.\n  - progress: Incremental advancement of work.\n  - blocker: An impediment preventing further progress.\n  - completion: Work on the task is finished.\n  - correction: A fix to something previously done incorrectly.\n  - info: Informational note or status update.\n\nCustom types use the 'custom:' prefix for industry-specific extensions. Software development examples:\n  - custom:review (code review, design review, QA)\n  - custom:deployment (deploy to staging/production)\n  - custom:rollback (revert a deployment or change)\n  - custom:release (version release, PR merge to main)\n  - custom:hotfix (emergency fix in production)\nImplementations that encounter an unrecognized custom type MUST treat it as 'info' for display purposes.\n"
     },
     title: {
       type: "string",
       minLength: 1,
       maxLength: 256,
-      description: "Human-readable title for the execution (used to generate ID)",
-      examples: [
-        "Refactor de queries N+1",
-        "API Externa Ca\xEDda",
-        "Plan de implementaci\xF3n OAuth2"
-      ]
+      description: "Human-readable title for the execution (used to generate ID slug)."
     },
     result: {
       type: "string",
       minLength: 10,
-      maxLength: 22e3,
-      description: 'The tangible, verifiable output or result of the execution. \nThis is the "WHAT" - evidence of work or event summary.\n'
+      description: 'The tangible, verifiable output or result of the execution. This is the "WHAT" - evidence of work or event summary.\n'
     },
     notes: {
       type: "string",
-      maxLength: 6500,
-      description: 'Optional narrative, context and decisions behind the execution.\nThis is the "HOW" and "WHY" - the story behind the result.\n'
+      description: 'Optional narrative, context and decisions behind the execution. This is the "HOW" and "WHY" - the story behind the result.\n'
     },
     references: {
       type: "array",
       items: {
         type: "string",
+        minLength: 1,
         maxLength: 500
       },
       default: [],
-      description: "Optional list of typed references to relevant commits, files, PRs, or external documents.\nShould use typed prefixes for clarity and trazabilidad (see execution_protocol_appendix.md):\n- commit:     Git commit SHA\n- pr:         Pull Request number\n- file:       File path (relative to repo root)\n- url:        External URL\n- issue:      GitHub Issue number\n- task:       TaskRecord ID\n- exec:       ExecutionRecord ID (for corrections or dependencies)\n- changelog:  ChangelogRecord ID\n"
+      description: "Optional list of typed references to relevant commits, files, PRs, or external documents. Standard prefixes: commit:, pr:, issue:, file:, url:, task:, exec:.\n"
     },
     metadata: {
       type: "object",
       additionalProperties: true,
-      description: "Optional structured data for machine consumption.\nUse this field for data that needs to be programmatically processed (e.g., audit findings,\nperformance metrics, scan results). This complements result (human-readable WHAT) and\nnotes (narrative HOW/WHY) by providing structured, queryable data.\nCommon use cases: audit findings arrays, performance metrics, tool outputs, scan summaries.\n",
-      examples: [
-        {
-          findings: [
-            {
-              type: "PII",
-              file: "src/user.ts",
-              line: 42
-            }
-          ],
-          scannedFiles: 245
-        },
-        {
-          metrics: {
-            duration_ms: 1250,
-            memory_mb: 512
-          }
-        }
-      ]
-    }
-  },
-  examples: [
-    {
-      id: "1752275500-exec-refactor-queries",
-      taskId: "1752274500-task-optimizar-api",
-      type: "progress",
-      title: "Refactor de queries N+1",
-      result: "Refactorizados 3 queries N+1 a un solo JOIN optimizado. Performance mejor\xF3 de 2.5s a 200ms.",
-      notes: "Identificados 3 N+1 queries en el endpoint /api/search. Aplicado eager loading y caching de relaciones.",
-      references: [
-        "commit:b2c3d4e",
-        "file:src/api/search.ts"
-      ]
-    },
-    {
-      id: "1752361200-exec-api-externa-caida",
-      taskId: "1752274500-task-optimizar-api",
-      type: "blocker",
-      title: "API Externa Ca\xEDda",
-      result: "No se puede continuar con testing de integraci\xF3n. API de pagos devuelve 503.",
-      notes: "La API de pagos de terceros (api.payments.com) est\xE1 devolviendo errores 503. Contactado soporte del proveedor. ETA de resoluci\xF3n: 2-3 horas.",
-      references: [
-        "url:https://status.payments.com"
-      ]
-    },
-    {
-      id: "1752188000-exec-plan-oauth-implementation",
-      taskId: "1752274500-task-oauth-implementation",
-      type: "analysis",
-      title: "Plan de implementaci\xF3n OAuth2",
-      result: "Documento de dise\xF1o t\xE9cnico completado. 5 sub-tareas identificadas con estimaciones de complejidad.",
-      notes: "Evaluadas 3 opciones: NextAuth.js (elegida), Passport.js, custom implementation. NextAuth.js por madurez y soporte de m\xFAltiples providers.",
-      references: [
-        "file:docs/oauth-design.md"
-      ]
-    },
-    {
-      id: "1752707800-exec-oauth-completed",
-      taskId: "1752274500-task-oauth-implementation",
-      type: "completion",
-      title: "OAuth Implementation Completed",
-      result: "Sistema OAuth2 completamente implementado, testeado y deployado a staging. 95% test coverage. Todos los acceptance criteria cumplidos.",
-      notes: "Implementaci\xF3n finalizada. Code review aprobado. Tests E2E passing. Ready para changelog y deploy a producci\xF3n.",
-      references: [
-        "pr:456",
-        "commit:def789abc",
-        "url:https://staging.app.com/login"
-      ]
-    },
-    {
-      id: "1752275600-exec-cambio-estrategia-redis",
-      taskId: "1752274500-task-oauth-implementation",
-      type: "info",
-      title: "Cambio de estrategia: Usar Redis para sessions",
-      result: "Decisi\xF3n: Migrar de JWT stateless a sessions en Redis por requisito de revocaci\xF3n inmediata.",
-      notes: "Durante code review se identific\xF3 requisito cr\xEDtico: revocar sesiones inmediatamente (ej: compromiso de cuenta). JWT stateless no permite esto sin lista negra compleja. Redis sessions permite revocaci\xF3n instant\xE1nea.",
-      references: [
-        "issue:567",
-        "url:https://redis.io/docs/manual/keyspace-notifications/"
-      ]
-    },
-    {
-      id: "1752275700-exec-correccion-metricas",
-      taskId: "1752274500-task-optimizar-api",
-      type: "correction",
-      title: "Correcci\xF3n: M\xE9tricas de performance",
-      result: "Correcci\xF3n de execution 1752275500-exec-refactor-queries: El performance fue 200ms, no 50ms como se report\xF3.",
-      notes: "Error de tipeo en execution original. La mejora real fue de 2.5s a 200ms (no 50ms). Sigue siendo significativa (92% mejora) pero n\xFAmeros correctos son importantes para m\xE9tricas.",
-      references: [
-        "exec:1752275500-exec-refactor-queries"
-      ]
-    },
-    {
-      id: "1752276000-exec-source-audit-scan",
-      taskId: "1752274500-task-audit-compliance",
-      type: "analysis",
-      title: "Source Audit Scan - 2025-01-15",
-      result: "Escaneados 245 archivos. Encontrados 10 findings (3 critical, 4 high, 3 medium). Ver metadata para detalles estructurados.",
-      notes: "Scan ejecutado con RegexDetector + HeuristicDetector. LLM calls: 0 (tier free).",
-      references: [
-        "file:src/config/db.ts",
-        "file:src/auth/keys.ts"
-      ],
-      metadata: {
-        scannedFiles: 245,
-        scannedLines: 18420,
-        duration_ms: 1250,
-        findings: [
-          {
-            id: "SEC-001",
-            severity: "critical",
-            file: "src/config/db.ts",
-            line: 5,
-            type: "api_key"
-          },
-          {
-            id: "SEC-003",
-            severity: "critical",
-            file: "src/auth/keys.ts",
-            line: 2,
-            type: "private_key"
-          },
-          {
-            id: "PII-003",
-            severity: "critical",
-            file: "src/payments/stripe.ts",
-            line: 8,
-            type: "credit_card"
-          }
-        ],
-        summary: {
-          critical: 3,
-          high: 4,
-          medium: 3,
-          low: 0
-        }
-      }
+      description: "Optional structured data for machine consumption. Use this field for data that needs to be programmatically processed (e.g., audit findings, performance metrics, scan results). Complements result (WHAT) and notes (HOW/WHY) with structured, queryable data.\n"
     }
-  ]
+  }
 };
 
 // src/record_schemas/generated/feedback_record_schema.json
@@ -2349,7 +2056,7 @@ var feedback_record_schema_default = {
   $schema: "http://json-schema.org/draft-07/schema#",
   $id: "feedback_record_schema.json",
   title: "FeedbackRecord",
-  description: "Canonical schema for feedback records - structured conversation about work",
+  description: "Canonical schema for feedback records \u2014 the structured conversation about work.",
   additionalProperties: false,
   type: "object",
   required: [
@@ -2365,32 +2072,35 @@ var feedback_record_schema_default = {
       type: "string",
       pattern: "^\\d{10}-feedback-[a-z0-9-]{1,50}$",
       maxLength: 70,
-      description: "Unique identifier for the feedback entry",
+      description: "Unique identifier for the feedback entry (10 timestamp + 1 dash + 8 'feedback' + 1 dash + max 50 slug = 70 max)",
       examples: [
         "1752788100-feedback-blocking-rest-api",
-        "1752788200-feedback-question-test-coverage"
+        "1752788400-feedback-question-test-coverage"
       ]
     },
     entityType: {
       type: "string",
       enum: [
+        "actor",
+        "agent",
         "task",
         "execution",
-        "changelog",
         "feedback",
-        "cycle"
+        "cycle",
+        "workflow"
       ],
-      description: "The type of entity this feedback refers to"
+      description: "The type of entity this feedback refers to."
     },
     entityId: {
       type: "string",
       minLength: 1,
       maxLength: 256,
-      description: "The ID of the entity this feedback refers to.\nMust match the pattern for its entityType:\n- task: ^\\d{10}-task-[a-z0-9-]{1,50}$\n- execution: ^\\d{10}-exec-[a-z0-9-]{1,50}$\n- changelog: ^\\d{10}-changelog-[a-z0-9-]{1,50}$\n- feedback: ^\\d{10}-feedback-[a-z0-9-]{1,50}$\n- cycle: ^\\d{10}-cycle-[a-z0-9-]{1,50}$\n",
+      description: "The ID of the entity this feedback refers to.\nMust match the ID pattern for its entityType:\n- actor: ^(human|agent)(:[a-z0-9-]+)+$\n- agent: ^agent(:[a-z0-9-]+)+$\n- task: ^\\d{10}-task-[a-z0-9-]{1,50}$\n- execution: ^\\d{10}-exec-[a-z0-9-]{1,50}$\n- feedback: ^\\d{10}-feedback-[a-z0-9-]{1,50}$\n- cycle: ^\\d{10}-cycle-[a-z0-9-]{1,50}$\n- workflow: ^\\d{10}-workflow-[a-z0-9-]{1,50}$\n",
       examples: [
         "1752274500-task-implementar-oauth",
         "1752642000-exec-subtarea-9-4",
-        "1752788100-feedback-blocking-rest-api"
+        "1752788100-feedback-blocking-rest-api",
+        "human:camilo"
       ]
     },
     type: {
@@ -2403,12 +2113,7 @@ var feedback_record_schema_default = {
         "clarification",
         "assignment"
       ],
-      description: "The semantic intent of the feedback",
-      examples: [
-        "blocking",
-        "question",
-        "approval"
-      ]
+      description: "The semantic intent of the feedback."
     },
     status: {
       type: "string",
@@ -2418,19 +2123,18 @@ var feedback_record_schema_default = {
         "resolved",
         "wontfix"
       ],
-      description: 'The lifecycle status of the feedback. \nNote: FeedbackRecords are immutable. To change status, create a new feedback \nthat references this one using entityType: "feedback" and resolvesFeedbackId.\n'
+      description: 'The lifecycle status of the feedback.\nFeedbackRecords are immutable. To change status, create a new FeedbackRecord\nthat references this one using entityType: "feedback" and resolvesFeedbackId.\n'
     },
     content: {
       type: "string",
       minLength: 1,
-      maxLength: 5e3,
-      description: "The content of the feedback. Reduced from 10000 to 5000 chars for practical use."
+      description: "The content of the feedback."
     },
     assignee: {
       type: "string",
       pattern: "^(human|agent)(:[a-z0-9-]+)+$",
       maxLength: 256,
-      description: "Optional. The Actor ID responsible for addressing the feedback (e.g., 'human:maria', 'agent:camilo:cursor')",
+      description: "Optional. The Actor ID responsible for addressing the feedback (e.g., 'human:maria', 'agent:camilo:cursor').",
       examples: [
         "human:maria",
         "agent:code-reviewer",
@@ -2441,7 +2145,7 @@ var feedback_record_schema_default = {
       type: "string",
       pattern: "^\\d{10}-feedback-[a-z0-9-]{1,50}$",
       maxLength: 70,
-      description: "Optional. The ID of another feedback record that this one resolves or responds to",
+      description: "Optional. The ID of another FeedbackRecord that this one resolves or responds to.",
       examples: [
         "1752788100-feedback-blocking-rest-api"
       ]
@@ -2449,18 +2153,151 @@ var feedback_record_schema_default = {
     metadata: {
       type: "object",
       additionalProperties: true,
-      description: "Optional structured data for machine consumption.\nUse this field for domain-specific data that needs to be programmatically processed.\nCommon use cases: waiver details (fingerprint, ruleId, file, line), approval context, assignment metadata.\n",
-      examples: [
-        {
-          fingerprint: "abc123def456",
-          ruleId: "PII-001",
-          file: "src/user.ts",
-          line: 42,
-          expiresAt: "2025-12-31T23:59:59Z"
-        }
-      ]
+      description: "Optional structured data for machine consumption.\nUse this field for domain-specific data that needs to be programmatically processed.\nCommon use cases: waiver details (fingerprint, ruleId, file, line), approval context, assignment metadata.\n"
     }
   },
+  allOf: [
+    {
+      if: {
+        required: [
+          "entityType"
+        ],
+        properties: {
+          entityType: {
+            const: "actor"
+          }
+        }
+      },
+      then: {
+        properties: {
+          entityId: {
+            type: "string",
+            pattern: "^(human|agent)(:[a-z0-9-]+)+$"
+          }
+        }
+      }
+    },
+    {
+      if: {
+        required: [
+          "entityType"
+        ],
+        properties: {
+          entityType: {
+            const: "agent"
+          }
+        }
+      },
+      then: {
+        properties: {
+          entityId: {
+            type: "string",
+            pattern: "^agent(:[a-z0-9-]+)+$"
+          }
+        }
+      }
+    },
+    {
+      if: {
+        required: [
+          "entityType"
+        ],
+        properties: {
+          entityType: {
+            const: "task"
+          }
+        }
+      },
+      then: {
+        properties: {
+          entityId: {
+            type: "string",
+            pattern: "^\\d{10}-task-[a-z0-9-]{1,50}$"
+          }
+        }
+      }
+    },
+    {
+      if: {
+        required: [
+          "entityType"
+        ],
+        properties: {
+          entityType: {
+            const: "execution"
+          }
+        }
+      },
+      then: {
+        properties: {
+          entityId: {
+            type: "string",
+            pattern: "^\\d{10}-exec-[a-z0-9-]{1,50}$"
+          }
+        }
+      }
+    },
+    {
+      if: {
+        required: [
+          "entityType"
+        ],
+        properties: {
+          entityType: {
+            const: "feedback"
+          }
+        }
+      },
+      then: {
+        properties: {
+          entityId: {
+            type: "string",
+            pattern: "^\\d{10}-feedback-[a-z0-9-]{1,50}$"
+          }
+        }
+      }
+    },
+    {
+      if: {
+        required: [
+          "entityType"
+        ],
+        properties: {
+          entityType: {
+            const: "cycle"
+          }
+        }
+      },
+      then: {
+        properties: {
+          entityId: {
+            type: "string",
+            pattern: "^\\d{10}-cycle-[a-z0-9-]{1,50}$"
+          }
+        }
+      }
+    },
+    {
+      if: {
+        required: [
+          "entityType"
+        ],
+        properties: {
+          entityType: {
+            const: "workflow"
+          }
+        }
+      },
+      then: {
+        properties: {
+          entityId: {
+            type: "string",
+            pattern: "^\\d{10}-workflow-[a-z0-9-]{1,50}$"
+          }
+        }
+      }
+    }
+  ],
   examples: [
     {
       id: "1752788100-feedback-blocking-rest-api",
@@ -2468,7 +2305,7 @@ var feedback_record_schema_default = {
       entityId: "1752642000-exec-subtarea-9-4",
       type: "blocking",
       status: "open",
-      content: "Esta implementaci\xF3n no cumple el est\xE1ndar de rutas REST. Los endpoints deben seguir el patr\xF3n /api/v1/{resource}/{id}. Actualmente usa /get-user?id=X que no es RESTful."
+      content: "This implementation does not comply with the REST endpoint standard. Endpoints must follow the /api/v1/{resource}/{id} pattern. Currently uses /get-user?id=X which is not RESTful."
     },
     {
       id: "1752788200-feedback-rest-api-fixed",
@@ -2476,7 +2313,7 @@ var feedback_record_schema_default = {
       entityId: "1752788100-feedback-blocking-rest-api",
       type: "clarification",
       status: "resolved",
-      content: "Implementada la correcci\xF3n. Ahora todos los endpoints siguen el est\xE1ndar REST: GET /api/v1/users/:id, POST /api/v1/users, etc. Tests actualizados y passing.",
+      content: "Fix implemented. All endpoints now follow REST standard: GET /api/v1/users/:id, POST /api/v1/users, etc. Tests updated and passing.",
       resolvesFeedbackId: "1752788100-feedback-blocking-rest-api"
     },
     {
@@ -2485,7 +2322,7 @@ var feedback_record_schema_default = {
       entityId: "1752274500-task-implementar-oauth",
       type: "assignment",
       status: "open",
-      content: "Asignando esta tarea a Mar\xEDa por su experiencia con OAuth2. Prioridad alta para el sprint actual.",
+      content: "Assigning this task to Maria for her experience with OAuth2. High priority for the current sprint.",
       assignee: "human:maria"
     },
     {
@@ -2494,7 +2331,7 @@ var feedback_record_schema_default = {
       entityId: "1752274500-task-implementar-oauth",
       type: "question",
       status: "open",
-      content: "\xBFCu\xE1l es el nivel de test coverage esperado para esta feature? El spec no lo menciona expl\xEDcitamente. \xBFDebemos apuntar a 80% como el resto del proyecto?"
+      content: "What level of test coverage is expected for this feature? The spec does not mention it explicitly. Should we aim for 80% like the rest of the project?"
     }
   ]
 };
@@ -2504,7 +2341,7 @@ var task_record_schema_default = {
   $schema: "http://json-schema.org/draft-07/schema#",
   $id: "task_record_schema.json",
   title: "TaskRecord",
-  description: "Canonical schema for task records as defined in task_protocol.md",
+  description: "Canonical schema for task records as defined in 04_task.md",
   additionalProperties: false,
   type: "object",
   required: [
@@ -2554,7 +2391,6 @@ var task_record_schema_default = {
         "paused",
         "discarded"
       ],
-      maxLength: 40,
       description: "Current state of the task in the institutional flow"
     },
     priority: {
@@ -2565,13 +2401,11 @@ var task_record_schema_default = {
         "high",
         "critical"
       ],
-      maxLength: 40,
       description: "Strategic or tactical priority level"
     },
     description: {
       type: "string",
       minLength: 10,
-      maxLength: 22e3,
       description: "Functional, technical or strategic summary of the objective"
     },
     tags: {
@@ -2579,7 +2413,7 @@ var task_record_schema_default = {
       items: {
         type: "string",
         minLength: 1,
-        pattern: "^[a-z0-9-]+(:[a-z0-9-:]+)*$"
+        pattern: "^[a-z0-9-]+(:[a-z0-9-]+)*$"
       },
       default: [],
       description: "Optional. List of key:value tags for categorization and role suggestion (e.g., 'skill:react', 'role:agent:developer')."
@@ -2596,9 +2430,26 @@ var task_record_schema_default = {
     },
     notes: {
       type: "string",
-      minLength: 0,
-      maxLength: 3e3,
+      minLength: 1,
       description: "Additional comments, decisions made or added context"
+    },
+    metadata: {
+      type: "object",
+      additionalProperties: true,
+      description: "Optional structured data for machine consumption.\nUse this field for domain-specific data that needs to be programmatically processed.\nComplements tags (classification) and notes (free text) with structured, queryable data.\nCommon use cases: epic metadata, external tool references, agent metrics, compliance tags.\n",
+      examples: [
+        {
+          epic: true,
+          phase: "implementation",
+          files: {
+            overview: "overview.md"
+          }
+        },
+        {
+          jira: "AUTH-42",
+          storyPoints: 5
+        }
+      ]
     }
   },
   examples: [
@@ -2681,25 +2532,22 @@ var task_record_schema_default = {
 // src/record_schemas/generated/workflow_record_schema.json
 var workflow_record_schema_default = {
   $schema: "http://json-schema.org/draft-07/schema#",
-  $id: "workflow_schema.json",
+  $id: "workflow_record_schema.json",
   title: "WorkflowRecord",
-  description: "Complete schema for workflow methodology configuration files that define state transitions, signatures, and custom rules",
+  description: "Schema for workflow methodology configuration that defines named state transitions, signatures, and custom rules.",
   type: "object",
   required: [
-    "version",
+    "id",
     "name",
     "state_transitions"
   ],
   additionalProperties: false,
   properties: {
-    $schema: {
-      type: "string",
-      description: "JSON Schema reference"
-    },
-    version: {
+    id: {
       type: "string",
-      pattern: "^\\d+\\.\\d+\\.\\d+$",
-      description: "Semantic version of the methodology configuration"
+      pattern: "^\\d{10}-workflow-[a-z0-9-]{1,50}$",
+      maxLength: 70,
+      description: "Unique identifier for the workflow record (10 timestamp + 1 dash + 8 'workflow' + 1 dash + max 50 slug = 70 max)"
     },
     name: {
       type: "string",
@@ -2714,11 +2562,15 @@ var workflow_record_schema_default = {
     },
     state_transitions: {
       type: "object",
-      description: "Defines valid state transitions and their requirements",
+      description: "Map of named transitions to their rules. Keys are transition names (e.g., submit, approve, activate, resume), not target states.",
+      propertyNames: {
+        pattern: "^[a-z][a-z0-9_]{0,49}$"
+      },
       additionalProperties: {
         type: "object",
         required: [
           "from",
+          "to",
           "requires"
         ],
         additionalProperties: false,
@@ -2732,21 +2584,26 @@ var workflow_record_schema_default = {
             minItems: 1,
             description: "Valid source states for this transition"
           },
+          to: {
+            type: "string",
+            pattern: "^[a-z][a-z0-9_]{0,49}$",
+            description: "Target state for this transition"
+          },
           requires: {
             type: "object",
             additionalProperties: false,
             properties: {
               command: {
                 type: "string",
-                description: "CLI command that triggers this transition"
+                description: "CLI command that triggers this transition (Command Gate)"
               },
               event: {
                 type: "string",
-                description: "System event that triggers this transition"
+                description: "System event that triggers this transition (Event Gate)"
               },
               signatures: {
                 type: "object",
-                description: "Signature requirements keyed by role (e.g., 'approver:quality', 'developer:backend')",
+                description: "Signature group requirements (Signature Gate)",
                 additionalProperties: {
                   type: "object",
                   required: [
@@ -2786,7 +2643,7 @@ var workflow_record_schema_default = {
                       items: {
                         type: "string"
                       },
-                      description: "Optional: specific actors that can sign"
+                      description: "Optional: restrict to specific actor IDs"
                     }
                   }
                 }
@@ -2835,7 +2692,7 @@ var workflow_record_schema_default = {
           },
           expression: {
             type: "string",
-            description: "Inline validation expression for 'custom' validation type. Implementation determines the runtime and language. Must return boolean or Promise<boolean>."
+            description: "Inline validation expression for 'custom' type. Must return boolean."
           },
           module_path: {
             type: "string",
@@ -2846,7 +2703,7 @@ var workflow_record_schema_default = {
     },
     agent_integration: {
       type: "object",
-      description: "Optional agent automation configuration for methodology",
+      description: "Optional agent automation configuration",
       additionalProperties: false,
       properties: {
         description: {
@@ -2856,7 +2713,7 @@ var workflow_record_schema_default = {
         },
         required_agents: {
           type: "array",
-          description: "References to agents required for this methodology. Agent details (engine, knowledge, etc.) live in their AgentRecord.",
+          description: "Agents required for this methodology",
           items: {
             type: "object",
             required: [
@@ -2878,8 +2735,8 @@ var workflow_record_schema_default = {
             properties: {
               id: {
                 type: "string",
-                pattern: "^agent:[a-z0-9:-]+$",
-                description: "Specific agent ID. References an existing AgentRecord."
+                pattern: "^agent(:[a-z0-9-]+)+$",
+                description: "Specific agent ID (references an AgentRecord)"
               },
               required_roles: {
                 type: "array",
@@ -2888,11 +2745,11 @@ var workflow_record_schema_default = {
                   pattern: "^[a-z0-9-]+(:[a-z0-9-]+)*$"
                 },
                 minItems: 1,
-                description: "Required capability roles. Matches any agent with these roles (from ActorRecord)."
+                description: "Required capability roles (matches any agent with these roles)"
               },
               triggers: {
                 type: "array",
-                description: "When this agent activates within this methodology",
+                description: "Events that activate this agent",
                 items: {
                   type: "object",
                   required: [
@@ -2921,190 +2778,13 @@ var workflow_record_schema_default = {
         }
       }
     }
-  },
-  examples: [
-    {
-      version: "1.0.0",
-      name: "Simple Kanban",
-      description: "Basic workflow for small teams",
-      state_transitions: {
-        review: {
-          from: [
-            "draft"
-          ],
-          requires: {
-            command: "gitgov task submit"
-          }
-        },
-        ready: {
-          from: [
-            "review"
-          ],
-          requires: {
-            command: "gitgov task approve",
-            signatures: {
-              __default__: {
-                role: "approver",
-                capability_roles: [
-                  "approver:product"
-                ],
-                min_approvals: 1
-              }
-            }
-          }
-        },
-        active: {
-          from: [
-            "ready"
-          ],
-          requires: {
-            event: "first_execution_record_created"
-          }
-        },
-        done: {
-          from: [
-            "active"
-          ],
-          requires: {
-            command: "gitgov task complete"
-          }
-        }
-      }
-    },
-    {
-      version: "1.0.0",
-      name: "GitGovernance Default Methodology",
-      description: "Standard GitGovernance workflow with quality gates and agent collaboration",
-      state_transitions: {
-        review: {
-          from: [
-            "draft"
-          ],
-          requires: {
-            command: "gitgov task submit",
-            signatures: {
-              __default__: {
-                role: "submitter",
-                capability_roles: [
-                  "author"
-                ],
-                min_approvals: 1
-              }
-            }
-          }
-        },
-        ready: {
-          from: [
-            "review"
-          ],
-          requires: {
-            command: "gitgov task approve",
-            signatures: {
-              __default__: {
-                role: "approver",
-                capability_roles: [
-                  "approver:product"
-                ],
-                min_approvals: 1
-              },
-              design: {
-                role: "approver",
-                capability_roles: [
-                  "approver:design"
-                ],
-                min_approvals: 1
-              },
-              quality: {
-                role: "approver",
-                capability_roles: [
-                  "approver:quality"
-                ],
-                min_approvals: 1
-              }
-            }
-          }
-        },
-        active: {
-          from: [
-            "ready",
-            "paused"
-          ],
-          requires: {
-            event: "first_execution_record_created",
-            custom_rules: [
-              "task_must_have_valid_assignment_for_executor"
-            ]
-          }
-        },
-        done: {
-          from: [
-            "active"
-          ],
-          requires: {
-            command: "gitgov task complete",
-            signatures: {
-              __default__: {
-                role: "approver",
-                capability_roles: [
-                  "approver:quality"
-                ],
-                min_approvals: 1
-              }
-            }
-          }
-        },
-        archived: {
-          from: [
-            "done"
-          ],
-          requires: {
-            event: "changelog_record_created"
-          }
-        },
-        paused: {
-          from: [
-            "active",
-            "review"
-          ],
-          requires: {
-            event: "feedback_blocking_created"
-          }
-        },
-        discarded: {
-          from: [
-            "ready",
-            "active"
-          ],
-          requires: {
-            command: "gitgov task cancel",
-            signatures: {
-              __default__: {
-                role: "canceller",
-                capability_roles: [
-                  "approver:product",
-                  "approver:quality"
-                ],
-                min_approvals: 1
-              }
-            }
-          }
-        }
-      },
-      custom_rules: {
-        task_must_have_valid_assignment_for_executor: {
-          description: "Task must have a valid assignment before execution can begin",
-          validation: "assignment_required"
-        }
-      }
-    }
-  ]
+  }
 };
 
 // src/record_schemas/generated/index.ts
 var Schemas = {
   ActorRecord: actor_record_schema_default,
   AgentRecord: agent_record_schema_default,
-  ChangelogRecord: changelog_record_schema_default,
   CycleRecord: cycle_record_schema_default,
   EmbeddedMetadata: embedded_metadata_schema_default,
   ExecutionRecord: execution_record_schema_default,
@@ -3146,7 +2826,6 @@ var SchemaValidationCache = class {
       const schemaRefMap = {
         "ActorRecord": "ref:actor_record_schema",
         "AgentRecord": "ref:agent_record_schema",
-        "ChangelogRecord": "ref:changelog_record_schema",
         "CycleRecord": "ref:cycle_record_schema",
         "ExecutionRecord": "ref:execution_record_schema",
         "FeedbackRecord": "ref:feedback_record_schema",
@@ -3373,45 +3052,6 @@ function loadExecutionRecord(data) {
   return record;
 }
 
-// src/record_validations/changelog_validator.ts
-function validateChangelogRecordSchema(data) {
-  const validator = SchemaValidationCache.getValidatorFromSchema(Schemas.ChangelogRecord);
-  const isValid = validator(data);
-  return [isValid, validator.errors];
-}
-function validateChangelogRecordDetailed(data) {
-  const [isValid, errors] = validateChangelogRecordSchema(data);
-  if (!isValid && errors) {
-    const formattedErrors = errors.map((error) => ({
-      field: error.instancePath?.replace("/", "") || error.params?.["missingProperty"] || "root",
-      message: error.message || "Unknown validation error",
-      value: error.data
-    }));
-    return {
-      isValid: false,
-      errors: formattedErrors
-    };
-  }
-  return {
-    isValid: true,
-    errors: []
-  };
-}
-
-// src/record_factories/changelog_factory.ts
-function loadChangelogRecord(data) {
-  const embeddedValidation = validateEmbeddedMetadataDetailed(data);
-  if (!embeddedValidation.isValid) {
-    throw new DetailedValidationError("GitGovRecord (ChangelogRecord)", embeddedValidation.errors);
-  }
-  const record = data;
-  const payloadValidation = validateChangelogRecordDetailed(record.payload);
-  if (!payloadValidation.isValid) {
-    throw new DetailedValidationError("ChangelogRecord payload", payloadValidation.errors);
-  }
-  return record;
-}
-
 // src/record_validations/feedback_validator.ts
 function validateFeedbackRecordSchema(data) {
   const validator = SchemaValidationCache.getValidatorFromSchema(Schemas.FeedbackRecord);
@@ -3486,25 +3126,25 @@ var FsLintModule = class {
     this.projectRoot = dependencies.projectRoot;
     this.lintModule = dependencies.lintModule;
     this.fileSystem = dependencies.fileSystem ?? {
-      readFile: async (path14, encoding) => {
-        return promises.readFile(path14, encoding);
+      readFile: async (path13, encoding) => {
+        return promises.readFile(path13, encoding);
       },
-      writeFile: async (path14, content) => {
-        await promises.writeFile(path14, content, "utf-8");
+      writeFile: async (path13, content) => {
+        await promises.writeFile(path13, content, "utf-8");
       },
-      exists: async (path14) => {
+      exists: async (path13) => {
         try {
-          await promises.access(path14);
+          await promises.access(path13);
           return true;
         } catch {
           return false;
         }
       },
-      unlink: async (path14) => {
-        await promises.unlink(path14);
+      unlink: async (path13) => {
+        await promises.unlink(path13);
       },
-      readdir: async (path14) => {
-        return readdir(path14);
+      readdir: async (path13) => {
+        return readdir(path13);
       }
     };
   }
@@ -3516,7 +3156,7 @@ var FsLintModule = class {
     return this.lintModule.lintRecord(record, context);
   }
   /**
-   * Delegates to LintModule.lintRecordReferences() for prefix validation.
+   * Delegates to LintModule.lintRecordReferences() for reference validation.
    */
   lintRecordReferences(record, context) {
     return this.lintModule.lintRecordReferences(record, context);
@@ -3754,9 +3394,6 @@ var FsLintModule = class {
         case "execution":
           record = loadExecutionRecord(raw);
           break;
-        case "changelog":
-          record = loadChangelogRecord(raw);
-          break;
         case "feedback":
           record = loadFeedbackRecord(raw);
           break;
@@ -3769,10 +3406,6 @@ var FsLintModule = class {
         filePath
       });
       results.push(...lintResults);
-      if (options.validateFileNaming) {
-        const namingResults = this.validateFileNaming(record, recordId, filePath, entityType);
-        results.push(...namingResults);
-      }
       if (options.validateReferences) {
         const refResults = this.lintModule.lintRecordReferences(record, {
           recordId,
@@ -3781,6 +3414,10 @@ var FsLintModule = class {
         });
         results.push(...refResults);
       }
+      if (options.validateFileNaming) {
+        const namingResults = this.validateFileNaming(record, recordId, filePath, entityType);
+        results.push(...namingResults);
+      }
     } catch (error) {
       if (error instanceof DetailedValidationError) {
         const hasAdditionalProperties = error.errors.some(
@@ -3833,7 +3470,6 @@ var FsLintModule = class {
       "task": "tasks",
       "cycle": "cycles",
       "execution": "executions",
-      "changelog": "changelogs",
       "feedback": "feedbacks",
       "actor": "actors",
       "agent": "agents"
@@ -3876,7 +3512,6 @@ var FsLintModule = class {
       "cycle",
       "task",
       "execution",
-      "changelog",
       "feedback"
     ];
     const allRecords = [];
@@ -3884,7 +3519,6 @@ var FsLintModule = class {
       "task": "tasks",
       "cycle": "cycles",
       "execution": "executions",
-      "changelog": "changelogs",
       "feedback": "feedbacks",
       "actor": "actors",
       "agent": "agents"
@@ -3910,7 +3544,6 @@ var FsLintModule = class {
       "task": "tasks",
       "cycle": "cycles",
       "execution": "executions",
-      "changelog": "changelogs",
       "feedback": "feedbacks",
       "actor": "actors",
       "agent": "agents"
@@ -4126,8 +3759,7 @@ var GITGOV_DIRECTORIES = [
   "cycles",
   "tasks",
   "executions",
-  "feedbacks",
-  "changelogs"
+  "feedbacks"
 ];
 var FsProjectInitializer = class {
   projectRoot;
@@ -4141,17 +3773,17 @@ var FsProjectInitializer = class {
    * Creates the .gitgov/ directory structure.
    */
   async createProjectStructure() {
-    const gitgovPath = path9.join(this.projectRoot, ".gitgov");
+    const gitgovPath = path6.join(this.projectRoot, ".gitgov");
     await promises.mkdir(gitgovPath, { recursive: true });
     for (const dir of GITGOV_DIRECTORIES) {
-      await promises.mkdir(path9.join(gitgovPath, dir), { recursive: true });
+      await promises.mkdir(path6.join(gitgovPath, dir), { recursive: true });
     }
   }
   /**
    * Checks if .gitgov/config.json exists.
    */
   async isInitialized() {
-    const configPath = path9.join(this.projectRoot, ".gitgov", "config.json");
+    const configPath = path6.join(this.projectRoot, ".gitgov", "config.json");
     try {
       await promises.access(configPath);
       return true;
@@ -4163,14 +3795,14 @@ var FsProjectInitializer = class {
    * Writes config.json to .gitgov/
    */
   async writeConfig(config) {
-    const configPath = path9.join(this.projectRoot, ".gitgov", "config.json");
+    const configPath = path6.join(this.projectRoot, ".gitgov", "config.json");
     await promises.writeFile(configPath, JSON.stringify(config, null, 2), "utf-8");
   }
   /**
    * Creates .session.json with initial actor state.
    */
   async initializeSession(actorId) {
-    const sessionPath = path9.join(this.projectRoot, ".gitgov", ".session.json");
+    const sessionPath = path6.join(this.projectRoot, ".gitgov", ".session.json");
     const session = {
       lastSession: {
         actorId,
@@ -4197,7 +3829,7 @@ var FsProjectInitializer = class {
    * Gets the path for an actor record.
    */
   getActorPath(actorId) {
-    return path9.join(this.projectRoot, ".gitgov", "actors", `${actorId}.json`);
+    return path6.join(this.projectRoot, ".gitgov", "actors", `${actorId}.json`);
   }
   /**
    * Validates environment for GitGovernance initialization.
@@ -4207,7 +3839,7 @@ var FsProjectInitializer = class {
     const warnings = [];
     const suggestions = [];
     try {
-      const gitPath = path9.join(this.projectRoot, ".git");
+      const gitPath = path6.join(this.projectRoot, ".git");
       const isGitRepo = existsSync(gitPath);
       if (!isGitRepo) {
         warnings.push(`Not a Git repository in directory: ${this.projectRoot}`);
@@ -4215,7 +3847,7 @@ var FsProjectInitializer = class {
       }
       let hasWritePermissions = false;
       try {
-        const testFile = path9.join(this.projectRoot, ".gitgov-test");
+        const testFile = path6.join(this.projectRoot, ".gitgov-test");
         await promises.writeFile(testFile, "test");
         await promises.unlink(testFile);
         hasWritePermissions = true;
@@ -4273,7 +3905,7 @@ var FsProjectInitializer = class {
         currentBranch
       };
       if (isAlreadyInitialized) {
-        result.gitgovPath = path9.join(this.projectRoot, ".gitgov");
+        result.gitgovPath = path6.join(this.projectRoot, ".gitgov");
       }
       return result;
     } catch (error) {
@@ -4293,18 +3925,18 @@ var FsProjectInitializer = class {
    * Copies the @gitgov agent prompt to project root for IDE access.
    */
   async copyAgentPrompt() {
-    const targetPrompt = path9.join(this.repoRoot, "gitgov");
+    const targetPrompt = path6.join(this.repoRoot, "gitgov");
     const potentialSources = [];
     potentialSources.push(
-      path9.join(process.cwd(), "src/docs/generated/gitgov_agent.md")
+      path6.join(process.cwd(), "src/docs/generated/gitgov_agent.md")
     );
     try {
       const metaUrl = getImportMetaUrl();
       if (metaUrl) {
         const require2 = createRequire(metaUrl);
         const pkgJsonPath = require2.resolve("@gitgov/core/package.json");
-        const pkgRoot = path9.dirname(pkgJsonPath);
-        potentialSources.push(path9.join(pkgRoot, "dist/src/docs/generated/gitgov_agent.md"));
+        const pkgRoot = path6.dirname(pkgJsonPath);
+        potentialSources.push(path6.join(pkgRoot, "dist/src/docs/generated/gitgov_agent.md"));
       }
     } catch {
     }
@@ -4312,8 +3944,8 @@ var FsProjectInitializer = class {
       const metaUrl = getImportMetaUrl();
       if (metaUrl) {
         const __filename = fileURLToPath(metaUrl);
-        const __dirname = path9.dirname(__filename);
-        potentialSources.push(path9.resolve(__dirname, "../../docs/generated/gitgov_agent.md"));
+        const __dirname = path6.dirname(__filename);
+        potentialSources.push(path6.resolve(__dirname, "../../docs/generated/gitgov_agent.md"));
       }
     } catch {
     }
@@ -4336,7 +3968,7 @@ var FsProjectInitializer = class {
    * Sets up .gitignore for GitGovernance files.
    */
   async setupGitIntegration() {
-    const gitignorePath = path9.join(this.repoRoot, ".gitignore");
+    const gitignorePath = path6.join(this.repoRoot, ".gitignore");
     const gitignoreContent = `
 # GitGovernance
 # Ignore entire .gitgov/ directory (state lives in gitgov-state branch)
@@ -4364,7 +3996,7 @@ gitgov
    * Removes .gitgov/ directory (for rollback on failed init).
    */
   async rollback() {
-    const gitgovPath = path9.join(this.projectRoot, ".gitgov");
+    const gitgovPath = path6.join(this.projectRoot, ".gitgov");
     try {
       await promises.access(gitgovPath);
       await promises.rm(gitgovPath, { recursive: true, force: true });
@@ -4599,7 +4231,7 @@ var LocalGitModule = class {
     if (result.exitCode !== 0) {
       try {
         const repoRoot = await this.ensureRepoRoot();
-        const headPath = path9.join(repoRoot, ".git", "HEAD");
+        const headPath = path6.join(repoRoot, ".git", "HEAD");
         const headContent = fs8.readFileSync(headPath, "utf-8").trim();
         if (headContent.startsWith("ref: refs/heads/")) {
           return headContent.replace("ref: refs/heads/", "");
@@ -4939,8 +4571,8 @@ var LocalGitModule = class {
    */
   async isRebaseInProgress() {
     const repoRoot = await this.ensureRepoRoot();
-    const rebaseMergePath = path9.join(repoRoot, ".git", "rebase-merge");
-    const rebaseApplyPath = path9.join(repoRoot, ".git", "rebase-apply");
+    const rebaseMergePath = path6.join(repoRoot, ".git", "rebase-merge");
+    const rebaseApplyPath = path6.join(repoRoot, ".git", "rebase-apply");
     return fs8.existsSync(rebaseMergePath) || fs8.existsSync(rebaseApplyPath);
   }
   /**
@@ -5488,10 +5120,6 @@ var LocalGitModule = class {
 var projectRootCache = null;
 var lastSearchPath = null;
 function findProjectRoot(startPath = process.cwd()) {
-  if (typeof global.projectRoot !== "undefined" && global.projectRoot === null) {
-    projectRootCache = null;
-    lastSearchPath = null;
-  }
   if (lastSearchPath && lastSearchPath !== startPath) {
     projectRootCache = null;
     lastSearchPath = null;
@@ -5501,61 +5129,67 @@ function findProjectRoot(startPath = process.cwd()) {
   }
   lastSearchPath = startPath;
   let currentPath = startPath;
-  while (currentPath !== path9.parse(currentPath).root) {
-    if (existsSync(path9.join(currentPath, ".git"))) {
+  while (currentPath !== path6.parse(currentPath).root) {
+    if (existsSync(path6.join(currentPath, ".git"))) {
       projectRootCache = currentPath;
       return projectRootCache;
     }
-    currentPath = path9.dirname(currentPath);
+    currentPath = path6.dirname(currentPath);
   }
-  if (existsSync(path9.join(currentPath, ".git"))) {
+  if (existsSync(path6.join(currentPath, ".git"))) {
     projectRootCache = currentPath;
     return projectRootCache;
   }
   return null;
 }
-function findGitgovRoot(startPath = process.cwd()) {
-  let currentPath = startPath;
-  while (currentPath !== path9.parse(currentPath).root) {
-    if (existsSync(path9.join(currentPath, ".gitgov"))) {
-      return currentPath;
-    }
-    currentPath = path9.dirname(currentPath);
-  }
-  if (existsSync(path9.join(currentPath, ".gitgov"))) {
-    return currentPath;
-  }
-  currentPath = startPath;
-  while (currentPath !== path9.parse(currentPath).root) {
-    if (existsSync(path9.join(currentPath, ".git"))) {
-      return currentPath;
-    }
-    currentPath = path9.dirname(currentPath);
-  }
-  if (existsSync(path9.join(currentPath, ".git"))) {
-    return currentPath;
-  }
-  return null;
-}
-function getGitgovPath() {
-  const root = findGitgovRoot();
-  if (!root) {
-    throw new Error("Could not find project root. Make sure you are inside a GitGovernance repository.");
-  }
-  return path9.join(root, ".gitgov");
-}
-function isGitgovProject() {
-  try {
-    const gitgovPath = getGitgovPath();
-    return existsSync(gitgovPath);
-  } catch {
-    return false;
-  }
-}
 function resetDiscoveryCache() {
   projectRootCache = null;
   lastSearchPath = null;
 }
+function getWorktreeBasePath(repoRoot) {
+  const resolvedPath = realpathSync(repoRoot);
+  const hash = createHash("sha256").update(resolvedPath).digest("hex").slice(0, 12);
+  return path6.join(os.homedir(), ".gitgov", "worktrees", hash);
+}
+
+// src/sync_state/sync_state.types.ts
+var SYNC_DIRECTORIES = [
+  "tasks",
+  "cycles",
+  "actors",
+  "agents",
+  "feedbacks",
+  "executions",
+  "workflows"
+];
+var SYNC_ROOT_FILES = [
+  "config.json"
+];
+var SYNC_ALLOWED_EXTENSIONS = [".json"];
+var SYNC_EXCLUDED_PATTERNS = [
+  /\.key$/,
+  // Private keys (e.g., keys/*.key)
+  /\.backup$/,
+  // Backup files from lint
+  /\.backup-\d+$/,
+  // Numbered backup files
+  /\.tmp$/,
+  // Temporary files
+  /\.bak$/
+  // Backup files
+];
+var LOCAL_ONLY_FILES = [
+  "index.json",
+  // Generated index, rebuilt on each machine
+  ".session.json",
+  // Local session state for current user/agent
+  "gitgov"
+  // Local binary/script
+];
+
+// src/sync_state/fs_worktree/fs_worktree_sync_state.types.ts
+var WORKTREE_DIR_NAME = ".gitgov-worktree";
+var DEFAULT_STATE_BRANCH = "gitgov-state";
 
 // src/sync_state/sync_state.errors.ts
 var SyncStateError = class _SyncStateError extends Error {
@@ -5565,17 +5199,6 @@ var SyncStateError = class _SyncStateError extends Error {
     Object.setPrototypeOf(this, _SyncStateError.prototype);
   }
 };
-var PushFromStateBranchError = class _PushFromStateBranchError extends SyncStateError {
-  branch;
-  constructor(branchName) {
-    super(
-      `Cannot push from ${branchName} branch. Please switch to a working branch before pushing state.`
-    );
-    this.name = "PushFromStateBranchError";
-    this.branch = branchName;
-    Object.setPrototypeOf(this, _PushFromStateBranchError.prototype);
-  }
-};
 var ConflictMarkersPresentError = class _ConflictMarkersPresentError extends SyncStateError {
   constructor(filesWithMarkers) {
     super(
@@ -5636,60 +5259,10 @@ var RebaseAlreadyInProgressError = class _RebaseAlreadyInProgressError extends S
     Object.setPrototypeOf(this, _RebaseAlreadyInProgressError.prototype);
   }
 };
-var UncommittedChangesError = class _UncommittedChangesError extends SyncStateError {
-  branch;
-  constructor(branchName) {
-    super(
-      `Uncommitted changes detected in ${branchName}. Please commit or stash changes before synchronizing.`
-    );
-    this.name = "UncommittedChangesError";
-    this.branch = branchName;
-    Object.setPrototypeOf(this, _UncommittedChangesError.prototype);
-  }
-};
-
-// src/sync_state/sync_state.types.ts
-var SYNC_DIRECTORIES = [
-  "tasks",
-  "cycles",
-  "actors",
-  "agents",
-  "feedbacks",
-  "executions",
-  "changelogs",
-  "workflows"
-];
-var SYNC_ROOT_FILES = [
-  "config.json"
-];
-var SYNC_ALLOWED_EXTENSIONS = [".json"];
-var SYNC_EXCLUDED_PATTERNS = [
-  /\.key$/,
-  // Private keys (e.g., keys/*.key)
-  /\.backup$/,
-  // Backup files from lint
-  /\.backup-\d+$/,
-  // Numbered backup files
-  /\.tmp$/,
-  // Temporary files
-  /\.bak$/
-  // Backup files
-];
-var LOCAL_ONLY_FILES = [
-  "index.json",
-  // Generated index, rebuilt on each machine
-  ".session.json",
-  // Local session state for current user/agent
-  "gitgov"
-  // Local binary/script
-];
-
-// src/sync_state/fs/fs_sync_state.ts
-var execAsync = promisify(exec);
-var logger6 = createLogger("[SyncStateModule] ");
+var logger6 = createLogger("[WorktreeSyncState] ");
 function shouldSyncFile(filePath) {
-  const fileName = path9__default.basename(filePath);
-  const ext = path9__default.extname(filePath);
+  const fileName = path6__default.basename(filePath);
+  const ext = path6__default.extname(filePath);
   if (!SYNC_ALLOWED_EXTENSIONS.includes(ext)) {
     return false;
   }
@@ -5727,1955 +5300,56 @@ function shouldSyncFile(filePath) {
   }
   return false;
 }
-async function getAllFiles(dir, baseDir = dir) {
-  const files = [];
-  try {
-    const entries = await promises.readdir(dir, { withFileTypes: true });
-    for (const entry of entries) {
-      const fullPath = path9__default.join(dir, entry.name);
-      if (entry.isDirectory()) {
-        const subFiles = await getAllFiles(fullPath, baseDir);
-        files.push(...subFiles);
-      } else if (entry.isFile()) {
-        files.push(path9__default.relative(baseDir, fullPath));
-      }
-    }
-  } catch {
+var FsWorktreeSyncStateModule = class {
+  deps;
+  repoRoot;
+  stateBranchName;
+  worktreePath;
+  gitgovPath;
+  constructor(deps, config) {
+    if (!deps.git) throw new Error("GitModule is required for FsWorktreeSyncStateModule");
+    if (!deps.config) throw new Error("ConfigManager is required for FsWorktreeSyncStateModule");
+    if (!deps.identity) throw new Error("IdentityAdapter is required for FsWorktreeSyncStateModule");
+    if (!deps.lint) throw new Error("LintModule is required for FsWorktreeSyncStateModule");
+    if (!deps.indexer) throw new Error("IndexerAdapter is required for FsWorktreeSyncStateModule");
+    if (!config.repoRoot) throw new Error("repoRoot is required");
+    this.deps = deps;
+    this.repoRoot = config.repoRoot;
+    this.stateBranchName = config.stateBranchName ?? DEFAULT_STATE_BRANCH;
+    this.worktreePath = config.worktreePath ?? path6__default.join(this.repoRoot, WORKTREE_DIR_NAME);
+    this.gitgovPath = path6__default.join(this.worktreePath, ".gitgov");
   }
-  return files;
-}
-async function copySyncableFiles(sourceDir, destDir, log, excludeFiles = /* @__PURE__ */ new Set()) {
-  let copiedCount = 0;
-  for (const dirName of SYNC_DIRECTORIES) {
-    const sourcePath = path9__default.join(sourceDir, dirName);
-    const destPath = path9__default.join(destDir, dirName);
-    try {
-      const stat2 = await promises.stat(sourcePath);
-      if (!stat2.isDirectory()) continue;
-      const allFiles = await getAllFiles(sourcePath);
-      for (const relativePath of allFiles) {
-        const fullSourcePath = path9__default.join(sourcePath, relativePath);
-        const fullDestPath = path9__default.join(destPath, relativePath);
-        const gitgovRelativePath = `.gitgov/${dirName}/${relativePath}`;
-        if (excludeFiles.has(gitgovRelativePath)) {
-          log(`[EARS-B23] Skipped (remote-only change preserved): ${gitgovRelativePath}`);
-          continue;
-        }
-        if (shouldSyncFile(fullSourcePath)) {
-          await promises.mkdir(path9__default.dirname(fullDestPath), { recursive: true });
-          await promises.copyFile(fullSourcePath, fullDestPath);
-          log(`Copied: ${dirName}/${relativePath}`);
-          copiedCount++;
-        } else {
-          log(`Skipped (not syncable): ${dirName}/${relativePath}`);
-        }
-      }
-    } catch (error) {
-      const errCode = error.code;
-      if (errCode !== "ENOENT") {
-        log(`Error processing ${dirName}: ${error}`);
-      }
-    }
+  // ═══════════════════════════════════════════════
+  // Section A: Worktree Management (WTSYNC-A1..A7)
+  // ═══════════════════════════════════════════════
+  /** [WTSYNC-A4] Returns the worktree path */
+  getWorktreePath() {
+    return this.worktreePath;
   }
-  for (const fileName of SYNC_ROOT_FILES) {
-    const sourcePath = path9__default.join(sourceDir, fileName);
-    const destPath = path9__default.join(destDir, fileName);
-    const gitgovRelativePath = `.gitgov/${fileName}`;
-    if (excludeFiles.has(gitgovRelativePath)) {
-      log(`[EARS-B23] Skipped (remote-only change preserved): ${gitgovRelativePath}`);
-      continue;
+  /** [WTSYNC-A1..A6] Ensures worktree exists and is healthy */
+  async ensureWorktree() {
+    const health = await this.checkWorktreeHealth();
+    if (health.healthy) {
+      logger6.debug("Worktree is healthy");
+      await this.removeLegacyGitignore();
+      return;
+    }
+    if (health.exists && !health.healthy) {
+      logger6.warn(`Worktree corrupted: ${health.error}. Recreating...`);
+      await this.removeWorktree();
     }
+    await this.ensureStateBranch();
     try {
-      await promises.copyFile(sourcePath, destPath);
-      log(`Copied root file: ${fileName}`);
-      copiedCount++;
+      logger6.info(`Creating worktree at ${this.worktreePath}`);
+      await this.execGit(["worktree", "add", this.worktreePath, this.stateBranchName]);
     } catch (error) {
-      const errCode = error.code;
-      if (errCode !== "ENOENT") {
-        log(`Error copying ${fileName}: ${error}`);
-      }
+      throw new WorktreeSetupError(
+        "Failed to create worktree",
+        this.worktreePath,
+        error instanceof Error ? error : void 0
+      );
     }
-  }
-  return copiedCount;
-}
-var FsSyncStateModule = class {
-  git;
-  config;
-  identity;
-  lint;
-  indexer;
-  /**
-   * Constructor with dependency injection
-   */
-  constructor(dependencies) {
-    if (!dependencies.git) {
-      throw new Error("IGitModule is required for SyncStateModule");
-    }
-    if (!dependencies.config) {
-      throw new Error("ConfigManager is required for SyncStateModule");
-    }
-    if (!dependencies.identity) {
-      throw new Error("IdentityAdapter is required for SyncStateModule");
-    }
-    if (!dependencies.lint) {
-      throw new Error("LintModule is required for SyncStateModule");
-    }
-    if (!dependencies.indexer) {
-      throw new Error("RecordProjector is required for SyncStateModule");
-    }
-    this.git = dependencies.git;
-    this.config = dependencies.config;
-    this.identity = dependencies.identity;
-    this.lint = dependencies.lint;
-    this.indexer = dependencies.indexer;
-  }
-  /**
-   * Static method to bootstrap .gitgov/ from gitgov-state branch.
-   * Used when cloning a repo that has gitgov-state but .gitgov/ is not in the work branch.
-   *
-   * This method only requires GitModule and can be called before full SyncStateModule initialization.
-   *
-   * @param gitModule - GitModule instance for git operations
-   * @param stateBranch - Name of the state branch (default: "gitgov-state")
-   * @returns Promise<{ success: boolean; error?: string }>
-   */
-  static async bootstrapFromStateBranch(gitModule, stateBranch = "gitgov-state") {
-    try {
-      const repoRoot = await gitModule.getRepoRoot();
-      const hasLocalBranch = await gitModule.branchExists(stateBranch);
-      let hasRemoteBranch = false;
-      try {
-        const remoteBranches = await gitModule.listRemoteBranches("origin");
-        hasRemoteBranch = remoteBranches.includes(stateBranch);
-      } catch {
-      }
-      if (!hasLocalBranch && !hasRemoteBranch) {
-        return {
-          success: false,
-          error: `State branch '${stateBranch}' does not exist locally or remotely`
-        };
-      }
-      if (!hasLocalBranch && hasRemoteBranch) {
-        try {
-          const currentBranch = await gitModule.getCurrentBranch();
-          await gitModule.fetch("origin");
-          await execAsync(`git checkout -b ${stateBranch} origin/${stateBranch}`, { cwd: repoRoot });
-          if (currentBranch && currentBranch !== stateBranch) {
-            await gitModule.checkoutBranch(currentBranch);
-          }
-        } catch (error) {
-          return {
-            success: false,
-            error: `Failed to fetch state branch: ${error.message}`
-          };
-        }
-      }
-      try {
-        const { stdout } = await execAsync(`git ls-tree -r ${stateBranch} --name-only .gitgov/`, { cwd: repoRoot });
-        if (!stdout.trim()) {
-          return {
-            success: false,
-            error: `No .gitgov/ directory found in '${stateBranch}' branch`
-          };
-        }
-      } catch {
-        return {
-          success: false,
-          error: `Failed to check .gitgov/ in '${stateBranch}' branch`
-        };
-      }
-      try {
-        await execAsync(`git checkout ${stateBranch} -- .gitgov/`, { cwd: repoRoot });
-        await execAsync("git reset HEAD .gitgov/", { cwd: repoRoot });
-        logger6.info(`[bootstrapFromStateBranch] Successfully restored .gitgov/ from ${stateBranch}`);
-      } catch (error) {
-        return {
-          success: false,
-          error: `Failed to copy .gitgov/ from state branch: ${error.message}`
-        };
-      }
-      return { success: true };
-    } catch (error) {
-      return {
-        success: false,
-        error: `Bootstrap failed: ${error.message}`
-      };
-    }
-  }
-  /**
-   * Gets the state branch name from configuration.
-   * Default: "gitgov-state"
-   *
-   * [EARS-A4]
-   */
-  async getStateBranchName() {
-    try {
-      const config = await this.config.loadConfig();
-      return config?.state?.branch ?? "gitgov-state";
-    } catch {
-      return "gitgov-state";
-    }
-  }
-  /**
-   * Ensures that the gitgov-state branch exists both locally and remotely.
-   * If it doesn't exist, creates it as an orphan branch.
-   *
-   * Use cases (4 edge cases):
-   * 1. Doesn't exist locally or remotely → Create orphan branch + initial commit + push
-   * 2. Exists remotely, not locally → Fetch + create local + set tracking
-   * 3. Exists locally, not remotely → Push + set tracking
-   * 4. Exists both → Verify tracking
-   *
-   * [EARS-A1, EARS-A2, EARS-A3]
-   */
-  async ensureStateBranch() {
-    const stateBranch = await this.getStateBranchName();
-    const remoteName = "origin";
-    try {
-      const existsLocal = await this.git.branchExists(stateBranch);
-      try {
-        await this.git.fetch(remoteName);
-      } catch {
-      }
-      const remoteBranches = await this.git.listRemoteBranches(remoteName);
-      const existsRemote = remoteBranches.includes(stateBranch);
-      if (!existsLocal && !existsRemote) {
-        await this.createOrphanStateBranch(stateBranch, remoteName);
-        return;
-      }
-      if (!existsLocal && existsRemote) {
-        const currentBranch = await this.git.getCurrentBranch();
-        const repoRoot = await this.git.getRepoRoot();
-        try {
-          await execAsync(`git checkout -b ${stateBranch} ${remoteName}/${stateBranch}`, { cwd: repoRoot });
-          if (currentBranch !== stateBranch) {
-            await this.git.checkoutBranch(currentBranch);
-          }
-        } catch (checkoutError) {
-          try {
-            await this.git.checkoutBranch(currentBranch);
-          } catch {
-          }
-          throw checkoutError;
-        }
-        return;
-      }
-      if (existsLocal && !existsRemote) {
-        const currentBranch = await this.git.getCurrentBranch();
-        if (currentBranch !== stateBranch) {
-          await this.git.checkoutBranch(stateBranch);
-        }
-        try {
-          await this.git.pushWithUpstream(remoteName, stateBranch);
-        } catch {
-        }
-        if (currentBranch !== stateBranch) {
-          await this.git.checkoutBranch(currentBranch);
-        }
-        return;
-      }
-      if (existsLocal && existsRemote) {
-        const upstreamBranch = await this.git.getBranchRemote(stateBranch);
-        if (!upstreamBranch || upstreamBranch !== `${remoteName}/${stateBranch}`) {
-          await this.git.setUpstream(stateBranch, remoteName, stateBranch);
-        }
-        return;
-      }
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : String(error);
-      throw new StateBranchSetupError(
-        `Failed to ensure state branch ${stateBranch}: ${errorMessage}`,
-        error
-      );
-    }
-  }
-  /**
-   * Creates the gitgov-state orphan branch with an empty initial commit.
-   * Used by ensureStateBranch when the branch doesn't exist locally or remotely.
-   *
-   * [EARS-A1]
-   */
-  async createOrphanStateBranch(stateBranch, remoteName) {
-    const currentBranch = await this.git.getCurrentBranch();
-    const repoRoot = await this.git.getRepoRoot();
-    const currentBranchHasCommits = await this.git.branchExists(currentBranch);
-    if (!currentBranchHasCommits) {
-      throw new Error(
-        `Cannot initialize GitGovernance: branch '${currentBranch}' has no commits. Please create an initial commit first (e.g., 'git commit --allow-empty -m "Initial commit"').`
-      );
-    }
-    try {
-      await this.git.checkoutOrphanBranch(stateBranch);
-      try {
-        await execAsync("git rm -rf . 2>/dev/null || true", { cwd: repoRoot });
-        const gitignoreContent = `# GitGovernance State Branch .gitignore
-# This file is auto-generated during gitgov init
-# These files are machine-specific and should NOT be synced
-
-# Local-only files (regenerated/machine-specific)
-index.json
-.session.json
-gitgov
-
-# Private keys (never synced for security)
-*.key
-
-# Backup and temporary files
-*.backup
-*.backup-*
-*.tmp
-*.bak
-`;
-        const gitignorePath = path9__default.join(repoRoot, ".gitignore");
-        await promises.writeFile(gitignorePath, gitignoreContent, "utf-8");
-        await execAsync("git add .gitignore", { cwd: repoRoot });
-        await execAsync('git commit -m "Initialize state branch with .gitignore"', { cwd: repoRoot });
-      } catch (commitError) {
-        const error = commitError;
-        throw new Error(`Failed to create initial commit on orphan branch: ${error.stderr || error.message}`);
-      }
-      const hasRemote = await this.git.isRemoteConfigured(remoteName);
-      if (hasRemote) {
-        try {
-          await this.git.pushWithUpstream(remoteName, stateBranch);
-        } catch (pushError) {
-          const pushErrorMsg = pushError instanceof Error ? pushError.message : String(pushError);
-          const isRemoteError = pushErrorMsg.includes("does not appear to be") || pushErrorMsg.includes("Could not read from remote") || pushErrorMsg.includes("repository not found");
-          if (!isRemoteError) {
-            throw new Error(`Failed to push state branch to remote: ${pushErrorMsg}`);
-          }
-          logger6.info(`Remote '${remoteName}' not reachable, gitgov-state branch created locally only`);
-        }
-      } else {
-        logger6.info(`No remote '${remoteName}' configured, gitgov-state branch created locally only`);
-      }
-      await this.git.checkoutBranch(currentBranch);
-    } catch (error) {
-      try {
-        await this.git.checkoutBranch(currentBranch);
-      } catch {
-      }
-      throw error;
-    }
-  }
-  /** Returns pending local changes not yet synced (delegates to calculateStateDelta) */
-  async getPendingChanges() {
-    try {
-      return await this.calculateStateDelta("HEAD");
-    } catch {
-      return [];
-    }
-  }
-  /**
-   * Calculates the file delta in .gitgov/ between the current branch and gitgov-state.
-   *
-   * [EARS-A5]
-   */
-  async calculateStateDelta(sourceBranch) {
-    const stateBranch = await this.getStateBranchName();
-    if (!stateBranch) {
-      throw new SyncStateError("Failed to get state branch name");
-    }
-    try {
-      const changedFiles = await this.git.getChangedFiles(
-        stateBranch,
-        sourceBranch,
-        ".gitgov/"
-      );
-      return changedFiles.map((file) => ({
-        status: file.status,
-        file: file.file
-      }));
-    } catch (error) {
-      throw new SyncStateError(
-        `Failed to calculate state delta: ${error.message}`
-      );
-    }
-  }
-  /**
-   * [EARS-B23] Detect file-level conflicts and identify remote-only changes.
-   *
-   * A conflict exists when:
-   * 1. A file was modified by the remote during implicit pull
-   * 2. AND the LOCAL USER also modified that same file (content in tempDir differs from what was in git before pull)
-   *
-   * This catches conflicts that git rebase can't detect because we copy files AFTER the pull.
-   *
-   * @param tempDir - Directory containing local .gitgov/ files (preserved before checkout)
-   * @param repoRoot - Repository root path
-  /**
-   * Checks if a rebase is in progress.
-   *
-   * [EARS-D6]
-   */
-  async isRebaseInProgress() {
-    return await this.git.isRebaseInProgress();
-  }
-  /**
-   * Checks for absence of conflict markers in specified files.
-   * Returns list of files that still have markers.
-   *
-   * [EARS-D7]
-   */
-  async checkConflictMarkers(filePaths) {
-    const repoRoot = await this.git.getRepoRoot();
-    const filesWithMarkers = [];
-    for (const filePath of filePaths) {
-      try {
-        const fullPath = join(repoRoot, filePath);
-        if (!existsSync(fullPath)) {
-          continue;
-        }
-        const content = readFileSync(fullPath, "utf-8");
-        const hasMarkers = content.includes("<<<<<<<") || content.includes("=======") || content.includes(">>>>>>>");
-        if (hasMarkers) {
-          filesWithMarkers.push(filePath);
-        }
-      } catch {
-        continue;
-      }
-    }
-    return filesWithMarkers;
-  }
-  /**
-   * Gets the diff of conflicted files for manual analysis.
-   * Useful so the actor can analyze conflicted changes before resolving.
-   *
-   * [EARS-E8]
-   */
-  async getConflictDiff(filePaths) {
-    try {
-      let conflictedFiles;
-      if (filePaths && filePaths.length > 0) {
-        conflictedFiles = filePaths;
-      } else {
-        conflictedFiles = await this.git.getConflictedFiles();
-      }
-      if (conflictedFiles.length === 0) {
-        return {
-          files: [],
-          message: "No conflicted files found",
-          resolutionSteps: []
-        };
-      }
-      const repoRoot = await this.git.getRepoRoot();
-      const files = [];
-      for (const filePath of conflictedFiles) {
-        const fullPath = join(repoRoot, filePath);
-        try {
-          const localContent = existsSync(fullPath) ? readFileSync(fullPath, "utf-8") : "";
-          const remoteContent = "";
-          const baseContent = null;
-          const conflictMarkers = [];
-          const lines = localContent.split("\n");
-          lines.forEach((line, index) => {
-            if (line.startsWith("<<<<<<<")) {
-              conflictMarkers.push({ line: index + 1, marker: "<<<<<<" });
-            } else if (line.startsWith("=======")) {
-              conflictMarkers.push({ line: index + 1, marker: "=======" });
-            } else if (line.startsWith(">>>>>>>")) {
-              conflictMarkers.push({ line: index + 1, marker: ">>>>>>>" });
-            }
-          });
-          const fileDiff = {
-            filePath,
-            localContent,
-            remoteContent,
-            baseContent
-          };
-          if (conflictMarkers.length > 0) {
-            fileDiff.conflictMarkers = conflictMarkers;
-          }
-          files.push(fileDiff);
-        } catch {
-          continue;
-        }
-      }
-      return {
-        files,
-        message: `${files.length} file(s) in conflict`,
-        resolutionSteps: [
-          "1. Review the conflict diff for each file",
-          "2. Manually edit conflicted files to resolve conflicts",
-          "3. Remove all conflict markers (<<<<<<<, =======, >>>>>>>)",
-          "4. Run 'gitgov sync resolve' to complete the resolution"
-        ]
-      };
-    } catch (error) {
-      throw new SyncStateError(
-        `Failed to get conflict diff: ${error.message}`
-      );
-    }
-  }
-  /**
-   * Verifies integrity of previous resolutions in gitgov-state history.
-   * Returns list of violations if any exist.
-   *
-   * [EARS-E1, EARS-E2, EARS-E3]
-   */
-  async verifyResolutionIntegrity() {
-    const stateBranch = await this.getStateBranchName();
-    if (!stateBranch) {
-      throw new SyncStateError("Failed to get state branch name");
-    }
-    const violations = [];
-    try {
-      const branchExists = await this.git.branchExists(stateBranch);
-      if (!branchExists) {
-        return violations;
-      }
-      let commits;
-      try {
-        commits = await this.git.getCommitHistory(stateBranch, {
-          maxCount: 1e3
-          // Analyze last 1000 commits
-        });
-      } catch (error) {
-        return violations;
-      }
-      for (let i = 0; i < commits.length; i++) {
-        const commit = commits[i];
-        if (!commit) continue;
-        const message = commit.message.toLowerCase();
-        if (message.startsWith("resolution:")) {
-          continue;
-        }
-        if (message.startsWith("sync:")) {
-          continue;
-        }
-        const isExplicitRebaseCommit = message.includes("rebase") || message.includes("pick ");
-        if (isExplicitRebaseCommit) {
-          const nextCommit = commits[i + 1];
-          const isResolutionNext = nextCommit && nextCommit.message.toLowerCase().startsWith("resolution:");
-          if (!isResolutionNext) {
-            violations.push({
-              rebaseCommitHash: commit.hash,
-              commitMessage: commit.message,
-              timestamp: commit.date,
-              author: commit.author
-            });
-          }
-        }
-      }
-      return violations;
-    } catch (error) {
-      return violations;
-    }
-  }
-  /**
-   * Complete audit of gitgov-state status.
-   * Verifies integrity of resolutions, signatures in Records, checksums and expected files.
-   *
-   * [EARS-E4, EARS-E5, EARS-E6, EARS-E7]
-   */
-  async auditState(options = {}) {
-    const scope = options.scope ?? "all";
-    const verifySignatures2 = options.verifySignatures ?? true;
-    const verifyChecksums = options.verifyChecksums ?? true;
-    const report = {
-      passed: true,
-      scope,
-      totalCommits: 0,
-      rebaseCommits: 0,
-      resolutionCommits: 0,
-      integrityViolations: [],
-      summary: ""
-    };
-    try {
-      const integrityViolations = await this.verifyResolutionIntegrity();
-      report.integrityViolations = integrityViolations;
-      if (integrityViolations.length > 0) {
-        report.passed = false;
-      }
-      const stateBranch = await this.getStateBranchName();
-      const branchExists = await this.git.branchExists(stateBranch);
-      if (branchExists) {
-        try {
-          const commits = await this.git.getCommitHistory(stateBranch, {
-            maxCount: 1e3
-          });
-          report.totalCommits = commits.length;
-          report.rebaseCommits = commits.filter(
-            (c) => c.message.toLowerCase().includes("rebase")
-          ).length;
-          report.resolutionCommits = commits.filter(
-            (c) => c.message.toLowerCase().startsWith("resolution:")
-          ).length;
-        } catch {
-          report.totalCommits = 0;
-          report.rebaseCommits = 0;
-          report.resolutionCommits = 0;
-        }
-      }
-      if (verifySignatures2 || verifyChecksums) {
-        const lintReport = await this.lint.lint({
-          validateChecksums: verifyChecksums,
-          validateSignatures: verifySignatures2,
-          validateReferences: false,
-          concurrent: true
-        });
-        report.lintReport = lintReport;
-        if (lintReport.summary.errors > 0) {
-          report.passed = false;
-        }
-      }
-      const lintErrorCount = report.lintReport?.summary.errors || 0;
-      const violationCount = report.integrityViolations.length + lintErrorCount;
-      report.summary = report.passed ? `Audit passed. No violations found (scope: ${scope}).` : `Audit failed. Found ${violationCount} violation(s): ${report.integrityViolations.length} integrity + ${lintErrorCount} structural (scope: ${scope}).`;
-      return report;
-    } catch (error) {
-      throw new SyncStateError(
-        `Failed to audit state: ${error.message}`
-      );
-    }
-  }
-  /**
-   * Publishes local state changes to gitgov-state.
-   * Implements 3 phases: verification, reconciliation, publication.
-   *
-   * [EARS-B1 through EARS-B7]
-   */
-  async pushState(options) {
-    const { actorId, dryRun = false } = options;
-    const stateBranch = await this.getStateBranchName();
-    if (!stateBranch) {
-      throw new SyncStateError("Failed to get state branch name");
-    }
-    let sourceBranch = options.sourceBranch;
-    const log = (msg) => logger6.debug(`[pushState] ${msg}`);
-    const result = {
-      success: false,
-      filesSynced: 0,
-      sourceBranch: "",
-      commitHash: null,
-      commitMessage: null,
-      conflictDetected: false
-    };
-    let stashHash = null;
-    let savedBranch = sourceBranch || "";
-    try {
-      log("=== STARTING pushState ===");
-      if (!sourceBranch) {
-        sourceBranch = await this.git.getCurrentBranch();
-        log(`Got current branch: ${sourceBranch}`);
-      }
-      result.sourceBranch = sourceBranch;
-      if (sourceBranch === stateBranch) {
-        log(`ERROR: Attempting to push from state branch ${stateBranch}`);
-        throw new PushFromStateBranchError(stateBranch);
-      }
-      log(`Pre-check passed: pushing from ${sourceBranch} to ${stateBranch}`);
-      const currentActor = await this.identity.getCurrentActor();
-      if (currentActor.id !== actorId) {
-        log(`ERROR: Actor identity mismatch: requested '${actorId}' but authenticated as '${currentActor.id}'`);
-        throw new ActorIdentityMismatchError(actorId, currentActor.id);
-      }
-      log(`Pre-check passed: actorId '${actorId}' matches authenticated identity`);
-      const remoteName = "origin";
-      const hasRemote = await this.git.isRemoteConfigured(remoteName);
-      if (!hasRemote) {
-        log(`ERROR: No remote '${remoteName}' configured`);
-        throw new SyncStateError(
-          `No remote repository configured. State sync requires a remote for multi-machine collaboration.
-Add a remote with: git remote add origin <url>
-Then push your changes: git push -u origin ${sourceBranch}`
-        );
-      }
-      log(`Pre-check passed: remote '${remoteName}' configured`);
-      const hasCommits = await this.git.branchExists(sourceBranch);
-      if (!hasCommits) {
-        log(`ERROR: Branch '${sourceBranch}' has no commits`);
-        throw new SyncStateError(
-          `Cannot sync: branch '${sourceBranch}' has no commits. Please create an initial commit first (e.g., 'git commit --allow-empty -m "Initial commit"').`
-        );
-      }
-      log(`Pre-check passed: branch '${sourceBranch}' has commits`);
-      log("Phase 0: Starting audit...");
-      const auditReport = await this.auditState({ scope: "current" });
-      log(`Audit result: ${auditReport.passed ? "PASSED" : "FAILED"}`);
-      if (!auditReport.passed) {
-        log(`Audit violations: ${auditReport.summary}`);
-        const affectedFiles = [];
-        const detailedErrors = [];
-        if (auditReport.lintReport?.results) {
-          for (const r of auditReport.lintReport.results) {
-            if (r.level === "error") {
-              if (!affectedFiles.includes(r.filePath)) {
-                affectedFiles.push(r.filePath);
-              }
-              detailedErrors.push(`  \u2022 ${r.filePath}: [${r.validator}] ${r.message}`);
-            }
-          }
-        }
-        for (const v of auditReport.integrityViolations) {
-          detailedErrors.push(`  \u2022 Commit ${v.rebaseCommitHash.slice(0, 8)}: ${v.commitMessage} (by ${v.author})`);
-        }
-        const detailSection = detailedErrors.length > 0 ? `
-
-Details:
-${detailedErrors.join("\n")}` : "";
-        result.conflictDetected = true;
-        result.conflictInfo = {
-          type: "integrity_violation",
-          affectedFiles,
-          message: auditReport.summary + detailSection,
-          resolutionSteps: [
-            "Run 'gitgov lint --fix' to auto-fix signature/checksum issues",
-            "If issues persist, manually review the affected files",
-            "Then retry: gitgov sync push"
-          ]
-        };
-        result.error = "Integrity violations detected. Cannot push.";
-        return result;
-      }
-      log("Ensuring state branch exists...");
-      await this.ensureStateBranch();
-      log("State branch confirmed");
-      log("=== Phase 1: Reconciliation ===");
-      savedBranch = sourceBranch;
-      log(`Saved branch: ${savedBranch}`);
-      const isCurrentBranch = sourceBranch === await this.git.getCurrentBranch();
-      let hasUntrackedGitgovFiles = false;
-      let tempDir = null;
-      if (isCurrentBranch) {
-        const repoRoot2 = await this.git.getRepoRoot();
-        const gitgovPath = path9__default.join(repoRoot2, ".gitgov");
-        hasUntrackedGitgovFiles = existsSync(gitgovPath);
-        log(`[EARS-B10] .gitgov/ exists on filesystem: ${hasUntrackedGitgovFiles}`);
-        if (hasUntrackedGitgovFiles) {
-          log("[EARS-B10] Copying ENTIRE .gitgov/ to temp directory for preservation...");
-          tempDir = await promises.mkdtemp(path9__default.join(os.tmpdir(), "gitgov-sync-"));
-          log(`[EARS-B10] Created temp directory: ${tempDir}`);
-          await promises.cp(gitgovPath, tempDir, { recursive: true });
-          log("[EARS-B10] Entire .gitgov/ copied to temp");
-        }
-      }
-      log("[EARS-B10] Checking for uncommitted changes before checkout...");
-      const hasUncommittedBeforeCheckout = await this.git.hasUncommittedChanges();
-      if (hasUncommittedBeforeCheckout) {
-        log("[EARS-B10] Uncommitted changes detected, stashing before checkout...");
-        stashHash = await this.git.stash("gitgov-sync-temp-stash");
-        log(`[EARS-B10] Changes stashed: ${stashHash || "none"}`);
-      }
-      const restoreStashAndReturn = async (returnResult) => {
-        await this.git.checkoutBranch(savedBranch);
-        if (tempDir) {
-          try {
-            const repoRoot2 = await this.git.getRepoRoot();
-            const gitgovDir = path9__default.join(repoRoot2, ".gitgov");
-            if (returnResult.implicitPull?.hasChanges) {
-              log("[EARS-B21] Implicit pull detected in early return - preserving new files from gitgov-state...");
-              try {
-                await this.git.checkoutFilesFromBranch(stateBranch, [".gitgov/"]);
-                await execAsync("git reset HEAD .gitgov/ 2>/dev/null || true", { cwd: repoRoot2 });
-                log("[EARS-B21] Synced files copied from gitgov-state (unstaged)");
-              } catch (checkoutError) {
-                log(`[EARS-B21] Warning: Failed to checkout from gitgov-state: ${checkoutError}`);
-              }
-              for (const fileName of LOCAL_ONLY_FILES) {
-                const tempFilePath = path9__default.join(tempDir, fileName);
-                const destFilePath = path9__default.join(gitgovDir, fileName);
-                try {
-                  await promises.access(tempFilePath);
-                  await promises.cp(tempFilePath, destFilePath, { force: true });
-                  log(`[EARS-B21] Restored LOCAL_ONLY_FILE: ${fileName}`);
-                } catch {
-                }
-              }
-              const restoreExcludedFilesEarly = async (dir, destDir) => {
-                try {
-                  const entries = await promises.readdir(dir, { withFileTypes: true });
-                  for (const entry of entries) {
-                    const srcPath = path9__default.join(dir, entry.name);
-                    const dstPath = path9__default.join(destDir, entry.name);
-                    if (entry.isDirectory()) {
-                      await restoreExcludedFilesEarly(srcPath, dstPath);
-                    } else {
-                      const isExcluded = SYNC_EXCLUDED_PATTERNS.some((pattern) => pattern.test(entry.name));
-                      if (isExcluded) {
-                        await promises.mkdir(path9__default.dirname(dstPath), { recursive: true });
-                        await promises.copyFile(srcPath, dstPath);
-                        log(`[EARS-B22] Restored excluded file (early return): ${entry.name}`);
-                      }
-                    }
-                  }
-                } catch {
-                }
-              };
-              await restoreExcludedFilesEarly(tempDir, gitgovDir);
-            } else {
-              log("[EARS-B14] Restoring .gitgov/ from temp directory (early return)...");
-              await promises.cp(tempDir, gitgovDir, { recursive: true, force: true });
-              log("[EARS-B14] .gitgov/ restored from temp (early return)");
-            }
-            await promises.rm(tempDir, { recursive: true, force: true });
-            log("[EARS-B14] Temp directory cleaned up (early return)");
-          } catch (tempRestoreError) {
-            log(`[EARS-B14] WARNING: Failed to restore tempDir: ${tempRestoreError}`);
-            returnResult.error = returnResult.error ? `${returnResult.error}. Failed to restore .gitgov/ from temp.` : `Failed to restore .gitgov/ from temp. Check /tmp for gitgov-sync-* directory.`;
-          }
-        }
-        if (stashHash) {
-          try {
-            await this.git.stashPop();
-            log("[EARS-B10] Stashed changes restored");
-          } catch (stashError) {
-            log(`[EARS-B10] Failed to restore stash: ${stashError}`);
-            returnResult.error = returnResult.error ? `${returnResult.error}. Failed to restore stashed changes.` : "Failed to restore stashed changes. Run 'git stash pop' manually.";
-          }
-        }
-        if (returnResult.implicitPull?.hasChanges) {
-          log("[EARS-B21] Regenerating index after implicit pull (early return)...");
-          try {
-            await this.indexer.generateIndex();
-            returnResult.implicitPull.reindexed = true;
-            log("[EARS-B21] Index regenerated successfully");
-          } catch (indexError) {
-            log(`[EARS-B21] Warning: Failed to regenerate index: ${indexError}`);
-            returnResult.implicitPull.reindexed = false;
-          }
-        }
-        return returnResult;
-      };
-      log(`Checking out to ${stateBranch}...`);
-      await this.git.checkoutBranch(stateBranch);
-      log(`Now on branch: ${await this.git.getCurrentBranch()}`);
-      let filesBeforeChanges = /* @__PURE__ */ new Set();
-      try {
-        const repoRoot2 = await this.git.getRepoRoot();
-        const { stdout: filesOutput } = await execAsync(
-          `git ls-files ".gitgov" 2>/dev/null || true`,
-          { cwd: repoRoot2 }
-        );
-        filesBeforeChanges = new Set(filesOutput.trim().split("\n").filter((f) => f && shouldSyncFile(f)));
-        log(`[EARS-B19] Files in gitgov-state before changes: ${filesBeforeChanges.size}`);
-      } catch {
-      }
-      log("=== Phase 2: Publication ===");
-      log("Checking if .gitgov/ exists in gitgov-state...");
-      let isFirstPush = false;
-      try {
-        const repoRoot2 = await this.git.getRepoRoot();
-        const { stdout } = await execAsync(
-          `git ls-tree -d ${stateBranch} .gitgov`,
-          { cwd: repoRoot2 }
-        );
-        isFirstPush = !stdout.trim();
-        log(`First push detected: ${isFirstPush}`);
-      } catch (error) {
-        log("Error checking .gitgov/ existence, assuming first push");
-        isFirstPush = true;
-      }
-      let delta = [];
-      if (!isFirstPush) {
-        log("Calculating state delta...");
-        delta = await this.calculateStateDelta(sourceBranch);
-        log(`Delta: ${delta.length} file(s) changed`);
-        if (delta.length === 0) {
-          log("No changes detected, returning without commit");
-          result.success = true;
-          result.filesSynced = 0;
-          return await restoreStashAndReturn(result);
-        }
-      } else {
-        log("First push: will copy all whitelisted files");
-      }
-      log(`Copying syncable .gitgov/ files from ${sourceBranch}...`);
-      log(`Sync directories: ${SYNC_DIRECTORIES.join(", ")}`);
-      log(`Sync root files: ${SYNC_ROOT_FILES.join(", ")}`);
-      const repoRoot = await this.git.getRepoRoot();
-      if (tempDir) {
-        log("[EARS-B10] Copying ONLY syncable files from temp directory...");
-        const gitgovDir = path9__default.join(repoRoot, ".gitgov");
-        await promises.mkdir(gitgovDir, { recursive: true });
-        log(`[EARS-B10] Ensured .gitgov/ directory exists: ${gitgovDir}`);
-        const copiedCount = await copySyncableFiles(tempDir, gitgovDir, log);
-        log(`[EARS-B10] Syncable files copy complete: ${copiedCount} files copied`);
-      } else {
-        log("Copying syncable files from git...");
-        const existingPaths = [];
-        for (const dirName of SYNC_DIRECTORIES) {
-          const fullPath = `.gitgov/${dirName}`;
-          try {
-            const { stdout } = await execAsync(
-              `git ls-tree -r ${sourceBranch} -- ${fullPath}`,
-              { cwd: repoRoot }
-            );
-            const lines = stdout.trim().split("\n").filter((l) => l);
-            for (const line of lines) {
-              const parts = line.split("	");
-              const filePath = parts[1];
-              if (filePath && shouldSyncFile(filePath)) {
-                existingPaths.push(filePath);
-              } else if (filePath) {
-                log(`Skipped (not syncable): ${filePath}`);
-              }
-            }
-          } catch {
-            log(`Directory ${dirName} does not exist in ${sourceBranch}, skipping`);
-          }
-        }
-        for (const fileName of SYNC_ROOT_FILES) {
-          const fullPath = `.gitgov/${fileName}`;
-          try {
-            const { stdout } = await execAsync(
-              `git ls-tree ${sourceBranch} -- ${fullPath}`,
-              { cwd: repoRoot }
-            );
-            if (stdout.trim()) {
-              existingPaths.push(fullPath);
-            }
-          } catch {
-            log(`File ${fileName} does not exist in ${sourceBranch}, skipping`);
-          }
-        }
-        log(`Syncable paths found: ${existingPaths.length}`);
-        if (existingPaths.length === 0) {
-          log("No syncable files to sync, aborting");
-          result.success = true;
-          result.filesSynced = 0;
-          return await restoreStashAndReturn(result);
-        }
-        await this.git.checkoutFilesFromBranch(sourceBranch, existingPaths);
-        log("Syncable files checked out successfully");
-      }
-      const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-      if (isFirstPush) {
-        await this.git.add([".gitgov"], { force: true });
-        const repoRoot2 = await this.git.getRepoRoot();
-        try {
-          const { stdout } = await execAsync(
-            "git diff --cached --name-status",
-            { cwd: repoRoot2 }
-          );
-          const lines = stdout.trim().split("\n").filter((l) => l);
-          delta = lines.map((line) => {
-            const [status, file] = line.split("	");
-            if (!file) return null;
-            return {
-              status,
-              file
-            };
-          }).filter((item) => item !== null);
-          log(`First push delta calculated: ${delta.length} file(s)`);
-        } catch (error) {
-          log("Error calculating first push delta, using empty delta");
-          delta = [];
-        }
-      }
-      const commitMessage = `sync: ${isFirstPush ? "Initial state" : "Publish state"} from ${sourceBranch}
-
-Actor: ${actorId}
-Timestamp: ${timestamp}
-Files: ${delta.length} file(s) ${isFirstPush ? "synced (initial)" : "changed"}
-
-` + delta.map((d) => `${d.status} ${d.file}`).join("\n");
-      result.commitMessage = commitMessage;
-      if (!dryRun) {
-        if (!isFirstPush) {
-          log("Staging all .gitgov/ files before cleanup...");
-          await this.git.add([".gitgov"], { force: true });
-          log("All files staged, proceeding to cleanup");
-        }
-        log("[EARS-B14] Scanning for non-syncable files in gitgov-state...");
-        try {
-          const { stdout: trackedFiles } = await execAsync(
-            `git ls-files ".gitgov" 2>/dev/null || true`,
-            { cwd: repoRoot }
-          );
-          const allTrackedFiles = trackedFiles.trim().split("\n").filter((f) => f);
-          log(`[EARS-B14] Found ${allTrackedFiles.length} staged/tracked files in .gitgov/`);
-          for (const trackedFile of allTrackedFiles) {
-            if (!shouldSyncFile(trackedFile)) {
-              try {
-                await execAsync(`git rm -f "${trackedFile}"`, { cwd: repoRoot });
-                log(`[EARS-B14] Removed non-syncable file: ${trackedFile}`);
-              } catch {
-              }
-            }
-          }
-        } catch {
-        }
-        log("[EARS-B14] Non-syncable files cleanup complete");
-        log("[EARS-B19] Checking for deleted files to sync...");
-        try {
-          const sourceFiles = /* @__PURE__ */ new Set();
-          const findSourceFiles = async (dir, prefix = ".gitgov") => {
-            try {
-              const entries = await promises.readdir(dir, { withFileTypes: true });
-              for (const entry of entries) {
-                const fullPath = path9__default.join(dir, entry.name);
-                const relativePath = `${prefix}/${entry.name}`;
-                if (entry.isDirectory()) {
-                  await findSourceFiles(fullPath, relativePath);
-                } else if (shouldSyncFile(relativePath)) {
-                  sourceFiles.add(relativePath);
-                }
-              }
-            } catch {
-            }
-          };
-          const sourceDir = tempDir || path9__default.join(repoRoot, ".gitgov");
-          await findSourceFiles(sourceDir);
-          log(`[EARS-B19] Found ${sourceFiles.size} syncable files in source (user's local state)`);
-          log(`[EARS-B19] Files that existed before changes: ${filesBeforeChanges.size}`);
-          let deletedCount = 0;
-          for (const fileBeforeChange of filesBeforeChanges) {
-            if (!sourceFiles.has(fileBeforeChange)) {
-              try {
-                await execAsync(`git rm -f "${fileBeforeChange}"`, { cwd: repoRoot });
-                log(`[EARS-B19] Deleted (user removed): ${fileBeforeChange}`);
-                deletedCount++;
-              } catch {
-              }
-            }
-          }
-          log(`[EARS-B19] Deleted ${deletedCount} files that user removed locally`);
-        } catch (err) {
-          log(`[EARS-B19] Warning: Failed to sync deleted files: ${err}`);
-        }
-        const hasStaged = await this.git.hasUncommittedChanges();
-        log(`Has staged changes: ${hasStaged}`);
-        if (!hasStaged) {
-          log("No staged changes detected, returning without commit");
-          result.success = true;
-          result.filesSynced = 0;
-          return await restoreStashAndReturn(result);
-        }
-        log("Creating local commit...");
-        try {
-          const commitHash = await this.git.commit(commitMessage);
-          log(`Local commit created: ${commitHash}`);
-          result.commitHash = commitHash;
-        } catch (commitError) {
-          const errorMsg = commitError instanceof Error ? commitError.message : String(commitError);
-          const stdout = commitError.stdout || "";
-          const stderr = commitError.stderr || "";
-          log(`Commit attempt output - stdout: ${stdout}, stderr: ${stderr}`);
-          const isNothingToCommit = stdout.includes("nothing to commit") || stderr.includes("nothing to commit") || stdout.includes("nothing added to commit") || stderr.includes("nothing added to commit");
-          if (isNothingToCommit) {
-            log("Nothing to commit - files are identical to gitgov-state HEAD");
-            result.success = true;
-            result.filesSynced = 0;
-            return await restoreStashAndReturn(result);
-          }
-          log(`ERROR: Commit failed: ${errorMsg}`);
-          log(`ERROR: Git stderr: ${stderr}`);
-          throw new Error(`Failed to create commit: ${errorMsg} | stderr: ${stderr}`);
-        }
-        log("=== Phase 3: Reconcile with Remote (Git-Native) ===");
-        let hashBeforePull = null;
-        try {
-          const { stdout: beforeHash } = await execAsync(`git rev-parse HEAD`, { cwd: repoRoot });
-          hashBeforePull = beforeHash.trim();
-          log(`Hash before pull: ${hashBeforePull}`);
-        } catch {
-        }
-        log("Attempting git pull --rebase origin gitgov-state...");
-        try {
-          await this.git.pullRebase("origin", stateBranch);
-          log("Pull rebase successful - no conflicts");
-          if (hashBeforePull) {
-            try {
-              const { stdout: afterHash } = await execAsync(`git rev-parse HEAD`, { cwd: repoRoot });
-              const hashAfterPull = afterHash.trim();
-              if (hashAfterPull !== hashBeforePull) {
-                const pulledChangedFiles = await this.git.getChangedFiles(hashBeforePull, hashAfterPull, ".gitgov/");
-                result.implicitPull = {
-                  hasChanges: true,
-                  filesUpdated: pulledChangedFiles.length,
-                  reindexed: false
-                  // Will be set to true after actual reindex
-                };
-                log(`[EARS-B16] Implicit pull: ${pulledChangedFiles.length} files from remote were rebased`);
-              }
-            } catch (e) {
-              log(`[EARS-B16] Could not capture implicit pull details: ${e}`);
-            }
-          }
-        } catch (pullError) {
-          const errorMsg = pullError instanceof Error ? pullError.message : String(pullError);
-          log(`Pull rebase result: ${errorMsg}`);
-          const isAlreadyUpToDate = errorMsg.includes("up to date") || errorMsg.includes("up-to-date");
-          const isNoRemote = errorMsg.includes("does not appear to be") || errorMsg.includes("Could not read from remote");
-          const isNoUpstream = errorMsg.includes("no tracking information") || errorMsg.includes("There is no tracking information");
-          if (isAlreadyUpToDate || isNoRemote || isNoUpstream) {
-            log("Pull not needed or no remote - continuing to push");
-          } else {
-            const isRebaseInProgress = await this.isRebaseInProgress();
-            const conflictedFiles = await this.git.getConflictedFiles();
-            if (isRebaseInProgress || conflictedFiles.length > 0) {
-              log(`[GIT-NATIVE] Conflict detected! Files: ${conflictedFiles.join(", ")}`);
-              result.conflictDetected = true;
-              const fileWord = conflictedFiles.length === 1 ? "file" : "files";
-              const stageCommand = conflictedFiles.length === 1 ? `git add ${conflictedFiles[0]}` : "git add .gitgov/";
-              result.conflictInfo = {
-                type: "rebase_conflict",
-                affectedFiles: conflictedFiles,
-                message: "Conflict detected during sync - Git has paused the rebase for manual resolution",
-                resolutionSteps: [
-                  `1. Edit the conflicted ${fileWord} to resolve conflicts (remove <<<<<<, ======, >>>>>> markers)`,
-                  `2. Stage resolved ${fileWord}: ${stageCommand}`,
-                  "3. Complete sync: gitgov sync resolve --reason 'your reason'",
-                  "(This will continue the rebase, re-sign the record, and return you to your original branch)"
-                ]
-              };
-              result.error = `Conflict detected: ${conflictedFiles.length} file(s) need manual resolution. Use 'git status' to see details.`;
-              if (stashHash) {
-                try {
-                  await this.git.checkoutBranch(sourceBranch);
-                  await execAsync("git stash pop", { cwd: repoRoot });
-                  await this.git.checkoutBranch(stateBranch);
-                  log("Restored stash to original branch during conflict");
-                } catch (stashErr) {
-                  log(`Warning: Could not restore stash: ${stashErr}`);
-                }
-              }
-              if (tempDir) {
-                log("Restoring local files (.key, .session.json, etc.) for conflict resolution...");
-                const gitgovInState = path9__default.join(repoRoot, ".gitgov");
-                for (const fileName of LOCAL_ONLY_FILES) {
-                  const srcPath = path9__default.join(tempDir, fileName);
-                  const destPath = path9__default.join(gitgovInState, fileName);
-                  try {
-                    await promises.access(srcPath);
-                    await promises.cp(srcPath, destPath, { force: true });
-                    log(`Restored LOCAL_ONLY_FILE for conflict resolution: ${fileName}`);
-                  } catch {
-                  }
-                }
-                const restoreExcluded = async (srcDir, destDir) => {
-                  try {
-                    const entries = await promises.readdir(srcDir, { withFileTypes: true });
-                    for (const entry of entries) {
-                      const srcPath = path9__default.join(srcDir, entry.name);
-                      const dstPath = path9__default.join(destDir, entry.name);
-                      if (entry.isDirectory()) {
-                        await restoreExcluded(srcPath, dstPath);
-                      } else {
-                        const isExcluded = SYNC_EXCLUDED_PATTERNS.some((pattern) => pattern.test(entry.name));
-                        if (isExcluded) {
-                          await promises.mkdir(path9__default.dirname(dstPath), { recursive: true });
-                          await promises.copyFile(srcPath, dstPath);
-                          log(`Restored EXCLUDED file for conflict resolution: ${entry.name}`);
-                        }
-                      }
-                    }
-                  } catch {
-                  }
-                };
-                await restoreExcluded(tempDir, gitgovInState);
-                log("Local files restored for conflict resolution");
-              }
-              return result;
-            }
-            throw pullError;
-          }
-        }
-        log("=== Phase 4: Push to Remote ===");
-        log("Pushing to remote...");
-        try {
-          await this.git.push("origin", stateBranch);
-          log("Push successful");
-        } catch (pushError) {
-          const pushErrorMsg = pushError instanceof Error ? pushError.message : String(pushError);
-          log(`Push failed: ${pushErrorMsg}`);
-          const isNoRemote = pushErrorMsg.includes("does not appear to be") || pushErrorMsg.includes("Could not read from remote");
-          if (!isNoRemote) {
-            log("ERROR: Push failed with non-remote error");
-            throw pushError;
-          }
-          log("Push failed due to no remote, continuing (local commit succeeded)");
-        }
-      }
-      log(`Returning to ${savedBranch}...`);
-      await this.git.checkoutBranch(savedBranch);
-      log(`Back on ${await this.git.getCurrentBranch()}`);
-      if (stashHash) {
-        log("[EARS-B10] Restoring stashed changes...");
-        try {
-          await this.git.stashPop();
-          log("[EARS-B10] Stashed changes restored successfully");
-        } catch (stashError) {
-          log(`[EARS-B10] Warning: Failed to restore stashed changes: ${stashError}`);
-          result.error = `Push succeeded but failed to restore stashed changes. Run 'git stash pop' manually. Error: ${stashError}`;
-        }
-      }
-      if (tempDir) {
-        const repoRoot2 = await this.git.getRepoRoot();
-        const gitgovDir = path9__default.join(repoRoot2, ".gitgov");
-        if (result.implicitPull?.hasChanges) {
-          log("[EARS-B18] Implicit pull detected - copying synced files from gitgov-state first...");
-          try {
-            await this.git.checkoutFilesFromBranch(stateBranch, [".gitgov/"]);
-            await execAsync("git reset HEAD .gitgov/ 2>/dev/null || true", { cwd: repoRoot2 });
-            log("[EARS-B18] Synced files copied from gitgov-state to work branch (unstaged)");
-          } catch (checkoutError) {
-            log(`[EARS-B18] Warning: Failed to checkout from gitgov-state: ${checkoutError}`);
-            await promises.cp(tempDir, gitgovDir, { recursive: true, force: true });
-            log("[EARS-B18] Fallback: Entire .gitgov/ restored from temp");
-          }
-          log("[EARS-B18] Restoring local-only files from temp directory...");
-          for (const fileName of LOCAL_ONLY_FILES) {
-            const tempFilePath = path9__default.join(tempDir, fileName);
-            const destFilePath = path9__default.join(gitgovDir, fileName);
-            try {
-              await promises.access(tempFilePath);
-              await promises.cp(tempFilePath, destFilePath, { force: true });
-              log(`[EARS-B18] Restored LOCAL_ONLY_FILE: ${fileName}`);
-            } catch {
-            }
-          }
-          const restoreExcludedFiles = async (dir, destDir) => {
-            try {
-              const entries = await promises.readdir(dir, { withFileTypes: true });
-              for (const entry of entries) {
-                const srcPath = path9__default.join(dir, entry.name);
-                const dstPath = path9__default.join(destDir, entry.name);
-                if (entry.isDirectory()) {
-                  await restoreExcludedFiles(srcPath, dstPath);
-                } else {
-                  const isExcluded = SYNC_EXCLUDED_PATTERNS.some((pattern) => pattern.test(entry.name));
-                  if (isExcluded) {
-                    await promises.mkdir(path9__default.dirname(dstPath), { recursive: true });
-                    await promises.copyFile(srcPath, dstPath);
-                    log(`[EARS-B22] Restored excluded file: ${entry.name}`);
-                  }
-                }
-              }
-            } catch {
-            }
-          };
-          await restoreExcludedFiles(tempDir, gitgovDir);
-          log("[EARS-B22] Local-only and excluded files restored from temp");
-        } else {
-          log("[EARS-B10] Restoring ENTIRE .gitgov/ from temp directory to working tree...");
-          await promises.cp(tempDir, gitgovDir, { recursive: true, force: true });
-          log("[EARS-B10] Entire .gitgov/ restored from temp");
-        }
-        log("[EARS-B10] Cleaning up temp directory...");
-        try {
-          await promises.rm(tempDir, { recursive: true, force: true });
-          log("[EARS-B10] Temp directory cleaned up");
-        } catch (cleanupError) {
-          log(`[EARS-B10] Warning: Failed to cleanup temp directory: ${cleanupError}`);
-        }
-      }
-      if (result.implicitPull?.hasChanges) {
-        log("[EARS-B16] Regenerating index after implicit pull...");
-        try {
-          await this.indexer.generateIndex();
-          result.implicitPull.reindexed = true;
-          log("[EARS-B16] Index regenerated successfully after implicit pull");
-        } catch (indexError) {
-          log(`[EARS-B16] Warning: Failed to regenerate index after implicit pull: ${indexError}`);
-          result.implicitPull.reindexed = false;
-        }
-      }
-      result.success = true;
-      result.filesSynced = delta.length;
-      log(`=== pushState COMPLETED SUCCESSFULLY: ${delta.length} files synced ===`);
-      return result;
-    } catch (error) {
-      log(`=== pushState FAILED: ${error.message} ===`);
-      try {
-        const currentBranch = await this.git.getCurrentBranch();
-        if (currentBranch !== savedBranch && savedBranch) {
-          log(`[EARS-B10] Restoring original branch: ${savedBranch}...`);
-          await this.git.checkoutBranch(savedBranch);
-          log(`[EARS-B10] Restored to ${savedBranch}`);
-        }
-      } catch (branchError) {
-        log(`[EARS-B10] Failed to restore original branch: ${branchError}`);
-      }
-      if (stashHash) {
-        log("[EARS-B10] Attempting to restore stashed changes after error...");
-        try {
-          await this.git.stashPop();
-          log("[EARS-B10] Stashed changes restored after error");
-        } catch (stashError) {
-          log(`[EARS-B10] Failed to restore stashed changes after error: ${stashError}`);
-          const originalError = error.message;
-          error.message = `${originalError}. Additionally, failed to restore stashed changes. Run 'git stash pop' manually.`;
-        }
-      }
-      if (error instanceof PushFromStateBranchError || error instanceof UncommittedChangesError) {
-        throw error;
-      }
-      result.error = error.message;
-      return result;
-    }
-  }
-  /**
-   * Pulls remote changes from gitgov-state to the local environment.
-   * Includes automatic re-indexing if there are new changes.
-   *
-   * [EARS-C1 through EARS-C4]
-   * [EARS-C5] Requires remote to be configured (pull without remote makes no sense)
-   */
-  async pullState(options = {}) {
-    const { forceReindex = false, force = false } = options;
-    const stateBranch = await this.getStateBranchName();
-    if (!stateBranch) {
-      throw new SyncStateError("Failed to get state branch name");
-    }
-    const log = (msg) => logger6.debug(`[pullState] ${msg}`);
-    const result = {
-      success: false,
-      hasChanges: false,
-      filesUpdated: 0,
-      reindexed: false,
-      conflictDetected: false
-    };
-    try {
-      log("=== STARTING pullState ===");
-      log("Phase 0: Pre-flight checks...");
-      const remoteName = "origin";
-      const hasRemote = await this.git.isRemoteConfigured(remoteName);
-      if (!hasRemote) {
-        throw new SyncStateError(
-          `No remote '${remoteName}' configured. Pull requires a remote repository. Add a remote with: git remote add origin <url>`
-        );
-      }
-      await this.git.fetch(remoteName);
-      const remoteBranches = await this.git.listRemoteBranches(remoteName);
-      const existsRemote = remoteBranches.includes(stateBranch);
-      if (!existsRemote) {
-        const existsLocal = await this.git.branchExists(stateBranch);
-        if (!existsLocal) {
-          const repoRoot = await this.git.getRepoRoot();
-          const gitgovPath2 = path9__default.join(repoRoot, ".gitgov");
-          const gitgovExists2 = existsSync(gitgovPath2);
-          if (gitgovExists2) {
-            throw new SyncStateError(
-              `State branch '${stateBranch}' does not exist remotely yet. Run 'gitgov sync push' to publish your local state to the remote.`
-            );
-          } else {
-            throw new SyncStateError(
-              `State branch '${stateBranch}' does not exist locally or remotely. Run 'gitgov init' first to initialize GitGovernance, then 'gitgov sync push' to publish.`
-            );
-          }
-        }
-        result.success = true;
-        result.hasChanges = false;
-        result.filesUpdated = 0;
-        logger6.info(`[pullState] State branch exists locally but not remotely. Nothing to pull.`);
-        return result;
-      }
-      log("Pre-flight checks complete");
-      log("Phase 1: Setting up branches...");
-      const pullRepoRoot = await this.git.getRepoRoot();
-      await this.ensureStateBranch();
-      const savedBranch = await this.git.getCurrentBranch();
-      const savedLocalFiles = /* @__PURE__ */ new Map();
-      try {
-        for (const fileName of LOCAL_ONLY_FILES) {
-          const filePath = path9__default.join(pullRepoRoot, ".gitgov", fileName);
-          try {
-            const content = await promises.readFile(filePath, "utf-8");
-            savedLocalFiles.set(fileName, content);
-            log(`[EARS-C8] Saved local-only file: ${fileName}`);
-          } catch {
-          }
-        }
-      } catch (error) {
-        log(`[EARS-C8] Warning: Could not save local files: ${error.message}`);
-      }
-      const savedSyncableFiles = /* @__PURE__ */ new Map();
-      try {
-        const gitgovPath2 = path9__default.join(pullRepoRoot, ".gitgov");
-        const gitgovExists2 = await promises.access(gitgovPath2).then(() => true).catch(() => false);
-        if (gitgovExists2) {
-          const readSyncableFilesRecursive = async (dir, baseDir) => {
-            try {
-              const entries = await promises.readdir(dir, { withFileTypes: true });
-              for (const entry of entries) {
-                const fullPath = path9__default.join(dir, entry.name);
-                const relativePath = path9__default.relative(baseDir, fullPath);
-                const gitgovRelativePath = `.gitgov/${relativePath}`;
-                if (entry.isDirectory()) {
-                  await readSyncableFilesRecursive(fullPath, baseDir);
-                } else if (shouldSyncFile(gitgovRelativePath)) {
-                  try {
-                    const content = await promises.readFile(fullPath, "utf-8");
-                    savedSyncableFiles.set(gitgovRelativePath, content);
-                  } catch {
-                  }
-                }
-              }
-            } catch {
-            }
-          };
-          await readSyncableFilesRecursive(gitgovPath2, gitgovPath2);
-          log(`[EARS-C10] Saved ${savedSyncableFiles.size} syncable files before checkout for conflict detection`);
-        }
-      } catch (error) {
-        log(`[EARS-C10] Warning: Could not save syncable files: ${error.message}`);
-      }
-      try {
-        await this.git.checkoutBranch(stateBranch);
-      } catch (checkoutError) {
-        log(`[EARS-C8] Normal checkout failed, trying with force: ${checkoutError.message}`);
-        try {
-          await execAsync(`git checkout -f ${stateBranch}`, { cwd: pullRepoRoot });
-          log(`[EARS-C8] Force checkout successful`);
-        } catch (forceError) {
-          throw checkoutError;
-        }
-      }
-      try {
-        const { stdout } = await execAsync("git status --porcelain", { cwd: pullRepoRoot });
-        const lines = stdout.trim().split("\n").filter((l) => l);
-        const hasStagedOrModified = lines.some((line) => {
-          const status = line.substring(0, 2);
-          return status !== "??" && status.trim().length > 0;
-        });
-        if (hasStagedOrModified) {
-          await this.git.checkoutBranch(savedBranch);
-          throw new UncommittedChangesError(stateBranch);
-        }
-      } catch (error) {
-        if (error instanceof UncommittedChangesError) {
-          throw error;
-        }
-      }
-      log("Branch setup complete");
-      log("Phase 2: Pulling remote changes...");
-      const commitBefore = await this.git.getCommitHistory(stateBranch, {
-        maxCount: 1
-      });
-      const hashBefore = commitBefore[0]?.hash;
-      await this.git.fetch("origin");
-      log("[EARS-C10] Checking for local changes that would be overwritten...");
-      let remoteChangedFiles = [];
-      try {
-        const { stdout: remoteChanges } = await execAsync(
-          `git diff --name-only ${stateBranch} origin/${stateBranch} -- .gitgov/ 2>/dev/null || true`,
-          { cwd: pullRepoRoot }
-        );
-        remoteChangedFiles = remoteChanges.trim().split("\n").filter((f) => f && shouldSyncFile(f));
-        log(`[EARS-C10] Remote changed files: ${remoteChangedFiles.length} - ${remoteChangedFiles.join(", ")}`);
-      } catch {
-        log("[EARS-C10] Could not determine remote changes, continuing...");
-      }
-      let localModifiedFiles = [];
-      if (remoteChangedFiles.length > 0 && savedSyncableFiles.size > 0) {
-        try {
-          for (const remoteFile of remoteChangedFiles) {
-            const savedContent = savedSyncableFiles.get(remoteFile);
-            if (savedContent !== void 0) {
-              try {
-                const { stdout: gitStateContent } = await execAsync(
-                  `git show HEAD:${remoteFile} 2>/dev/null`,
-                  { cwd: pullRepoRoot }
-                );
-                if (savedContent !== gitStateContent) {
-                  localModifiedFiles.push(remoteFile);
-                  log(`[EARS-C10] Local file was modified since last sync: ${remoteFile}`);
-                }
-              } catch {
-                localModifiedFiles.push(remoteFile);
-                log(`[EARS-C10] Local file is new (not in gitgov-state): ${remoteFile}`);
-              }
-            }
-          }
-          log(`[EARS-C10] Local modified files that overlap with remote: ${localModifiedFiles.length}`);
-        } catch (error) {
-          log(`[EARS-C10] Warning: Could not check local modifications: ${error.message}`);
-        }
-      }
-      if (localModifiedFiles.length > 0) {
-        if (force) {
-          log(`[EARS-C11] Force flag set - will overwrite ${localModifiedFiles.length} local file(s)`);
-          logger6.warn(`[pullState] Force pull: overwriting local changes to ${localModifiedFiles.length} file(s)`);
-          result.forcedOverwrites = localModifiedFiles;
-        } else {
-          log(`[EARS-C10] CONFLICT: Local changes would be overwritten by pull`);
-          await this.git.checkoutBranch(savedBranch);
-          for (const [filePath, content] of savedSyncableFiles) {
-            const fullPath = path9__default.join(pullRepoRoot, filePath);
-            try {
-              await promises.mkdir(path9__default.dirname(fullPath), { recursive: true });
-              await promises.writeFile(fullPath, content, "utf-8");
-              log(`[EARS-C10] Restored syncable file: ${filePath}`);
-            } catch {
-            }
-          }
-          for (const [fileName, content] of savedLocalFiles) {
-            const filePath = path9__default.join(pullRepoRoot, ".gitgov", fileName);
-            try {
-              await promises.mkdir(path9__default.dirname(filePath), { recursive: true });
-              await promises.writeFile(filePath, content, "utf-8");
-              log(`[EARS-C10] Restored local-only file: ${fileName}`);
-            } catch {
-            }
-          }
-          result.success = false;
-          result.conflictDetected = true;
-          result.conflictInfo = {
-            type: "local_changes_conflict",
-            affectedFiles: localModifiedFiles,
-            message: `Your local changes to the following files would be overwritten by pull.
-You have modified these files locally, and they were also modified remotely.
-To avoid losing your changes, push first or use --force to overwrite.`,
-            resolutionSteps: [
-              "1. Run 'gitgov sync push' to push your local changes first",
-              "   \u2192 This will trigger a rebase and let you resolve conflicts properly",
-              "2. Or run 'gitgov sync pull --force' to discard your local changes"
-            ]
-          };
-          result.error = "Aborting pull: local changes would be overwritten by remote changes";
-          logger6.warn(`[pullState] Aborting: local changes to ${localModifiedFiles.length} file(s) would be overwritten by pull`);
-          return result;
-        }
-      }
-      log("[EARS-C10] No conflicting local changes (or force enabled), proceeding with pull...");
-      try {
-        await this.git.pullRebase("origin", stateBranch);
-      } catch (error) {
-        const conflictedFiles = await this.git.getConflictedFiles();
-        if (conflictedFiles.length > 0) {
-          await this.git.checkoutBranch(savedBranch);
-          result.conflictDetected = true;
-          result.conflictInfo = {
-            type: "rebase_conflict",
-            affectedFiles: conflictedFiles,
-            message: "Conflict detected during pull",
-            resolutionSteps: [
-              "Review conflicted files",
-              "Manually resolve conflicts",
-              "Run 'gitgov sync resolve' to complete"
-            ]
-          };
-          result.error = "Conflict detected during pull";
-          return result;
-        }
-        throw error;
-      }
-      log("Pull rebase successful");
-      log("Phase 3: Checking for changes and re-indexing...");
-      const commitAfter = await this.git.getCommitHistory(stateBranch, {
-        maxCount: 1
-      });
-      const hashAfter = commitAfter[0]?.hash;
-      const hasNewChanges = hashBefore !== hashAfter;
-      result.hasChanges = hasNewChanges;
-      const indexPath = path9__default.join(pullRepoRoot, ".gitgov", "index.json");
-      const indexExists = await promises.access(indexPath).then(() => true).catch(() => false);
-      const shouldReindex = hasNewChanges || forceReindex || !indexExists;
-      if (shouldReindex) {
-        result.reindexed = true;
-        if (hasNewChanges && hashBefore && hashAfter) {
-          const changedFiles = await this.git.getChangedFiles(
-            hashBefore,
-            hashAfter,
-            ".gitgov/"
-          );
-          result.filesUpdated = changedFiles.length;
-        }
-      }
-      const gitgovPath = path9__default.join(pullRepoRoot, ".gitgov");
-      const gitgovExists = await promises.access(gitgovPath).then(() => true).catch(() => false);
-      if (gitgovExists && hasNewChanges) {
-        logger6.debug("[pullState] Copying .gitgov/ to filesystem for work branch access");
-      }
-      log("Phase 4: Restoring working branch...");
-      await this.git.checkoutBranch(savedBranch);
-      if (gitgovExists) {
-        try {
-          logger6.debug("[pullState] Restoring .gitgov/ to filesystem from gitgov-state (preserving local-only files)");
-          const pathsToCheckout = [];
-          for (const dirName of SYNC_DIRECTORIES) {
-            pathsToCheckout.push(`.gitgov/${dirName}`);
-          }
-          for (const fileName of SYNC_ROOT_FILES) {
-            pathsToCheckout.push(`.gitgov/${fileName}`);
-          }
-          for (const checkoutPath of pathsToCheckout) {
-            try {
-              await execAsync(`git checkout ${stateBranch} -- "${checkoutPath}"`, { cwd: pullRepoRoot });
-              logger6.debug(`[pullState] Checked out: ${checkoutPath}`);
-            } catch {
-              logger6.debug(`[pullState] Skipped (not in gitgov-state): ${checkoutPath}`);
-            }
-          }
-          try {
-            await execAsync("git reset HEAD .gitgov/", { cwd: pullRepoRoot });
-          } catch {
-          }
-          for (const [fileName, content] of savedLocalFiles) {
-            try {
-              const filePath = path9__default.join(pullRepoRoot, ".gitgov", fileName);
-              await promises.writeFile(filePath, content, "utf-8");
-              logger6.debug(`[EARS-C8] Restored local-only file: ${fileName}`);
-            } catch (writeError) {
-              logger6.warn(`[EARS-C8] Failed to restore ${fileName}: ${writeError.message}`);
-            }
-          }
-          logger6.debug("[pullState] .gitgov/ restored to filesystem successfully (local-only files preserved)");
-        } catch (error) {
-          logger6.warn(`[pullState] Failed to restore .gitgov/ to filesystem: ${error.message}`);
-        }
-      }
-      if (shouldReindex) {
-        logger6.info("Invoking RecordProjector.generateIndex() after pull...");
-        try {
-          await this.indexer.generateIndex();
-          logger6.info("Index regenerated successfully");
-        } catch (error) {
-          logger6.warn(`Failed to regenerate index: ${error.message}`);
-        }
-      }
-      result.success = true;
-      log(`=== pullState COMPLETED: ${hasNewChanges ? "new changes pulled" : "no changes"}, reindexed: ${result.reindexed} ===`);
-      return result;
-    } catch (error) {
-      log(`=== pullState FAILED: ${error.message} ===`);
-      if (error instanceof UncommittedChangesError) {
-        throw error;
-      }
-      result.error = error.message;
-      return result;
-    }
-  }
-  /**
-   * Resolves state conflicts in a governed manner (Git-Native).
-   *
-   * Git-Native Flow:
-   * 1. User resolves conflicts using standard Git tools (edit files, remove markers)
-   * 2. User stages resolved files: git add .gitgov/
-   * 3. User runs: gitgov sync resolve --reason "reason"
-   *
-   * This method:
-   * - Verifies that a rebase is in progress
-   * - Checks that no conflict markers remain in staged files
-   * - Updates resolved Records with new checksums and signatures
-   * - Continues the git rebase (git rebase --continue)
-   * - Creates a signed resolution commit
-   * - Regenerates the index
-   *
-   * [EARS-D1 through EARS-D7]
-   */
-  async resolveConflict(options) {
-    const { reason, actorId } = options;
-    const log = (msg) => logger6.debug(`[resolveConflict] ${msg}`);
-    log("=== STARTING resolveConflict (Git-Native) ===");
-    log("Phase 0: Verifying rebase in progress...");
-    const rebaseInProgress = await this.isRebaseInProgress();
-    if (!rebaseInProgress) {
-      throw new NoRebaseInProgressError();
-    }
-    const authenticatedActor = await this.identity.getCurrentActor();
-    if (authenticatedActor.id !== actorId) {
-      log(`ERROR: Actor identity mismatch: requested '${actorId}' but authenticated as '${authenticatedActor.id}'`);
-      throw new ActorIdentityMismatchError(actorId, authenticatedActor.id);
-    }
-    log(`Pre-check passed: actorId '${actorId}' matches authenticated identity`);
-    log("Conflict mode: rebase_conflict (Git-Native)");
-    console.log("[resolveConflict] Getting staged files...");
-    const allStagedFiles = await this.git.getStagedFiles();
-    console.log("[resolveConflict] All staged files:", allStagedFiles);
-    let resolvedRecords = allStagedFiles.filter(
-      (f) => f.startsWith(".gitgov/") && f.endsWith(".json")
-    );
-    console.log("[resolveConflict] Resolved Records (staged .gitgov/*.json):", resolvedRecords);
-    console.log("[resolveConflict] Checking for conflict markers...");
-    const filesWithMarkers = await this.checkConflictMarkers(resolvedRecords);
-    console.log("[resolveConflict] Files with markers:", filesWithMarkers);
-    if (filesWithMarkers.length > 0) {
-      throw new ConflictMarkersPresentError(filesWithMarkers);
-    }
-    let rebaseCommitHash = "";
-    console.log("[resolveConflict] Step 4: Calling git.rebaseContinue()...");
-    await this.git.rebaseContinue();
-    console.log("[resolveConflict] rebaseContinue completed successfully");
-    const currentBranch = await this.git.getCurrentBranch();
-    const rebaseCommit = await this.git.getCommitHistory(currentBranch, {
-      maxCount: 1
-    });
-    rebaseCommitHash = rebaseCommit[0]?.hash ?? "";
-    if (resolvedRecords.length === 0 && rebaseCommitHash) {
-      console.log("[resolveConflict] No staged files detected, getting files from rebase commit...");
-      const repoRoot2 = await this.git.getRepoRoot();
-      try {
-        const { stdout } = await execAsync(
-          `git diff-tree --no-commit-id --name-only -r ${rebaseCommitHash}`,
-          { cwd: repoRoot2 }
-        );
-        const commitFiles = stdout.trim().split("\n").filter((f) => f);
-        resolvedRecords = commitFiles.filter(
-          (f) => f.startsWith(".gitgov/") && f.endsWith(".json")
-        );
-        console.log("[resolveConflict] Files from rebase commit:", resolvedRecords);
-      } catch (e) {
-        console.log("[resolveConflict] Could not get files from rebase commit:", e);
-      }
-    }
-    console.log("[resolveConflict] Updating resolved Records with signatures...");
-    if (resolvedRecords.length > 0) {
-      const currentActor = await this.identity.getCurrentActor();
-      console.log("[resolveConflict] Current actor:", currentActor);
-      console.log("[resolveConflict] Processing", resolvedRecords.length, "resolved Records");
-      for (const filePath of resolvedRecords) {
-        console.log("[resolveConflict] Processing Record:", filePath);
-        try {
-          const repoRoot2 = await this.git.getRepoRoot();
-          const fullPath = join(repoRoot2, filePath);
-          const content = readFileSync(fullPath, "utf-8");
-          const record = JSON.parse(content);
-          if (!record.header || !record.payload) {
-            continue;
-          }
-          const signedRecord = await this.identity.signRecord(
-            record,
-            currentActor.id,
-            "resolver",
-            `Conflict resolved: ${reason}`
-          );
-          writeFileSync(fullPath, JSON.stringify(signedRecord, null, 2) + "\n", "utf-8");
-          logger6.info(`Updated Record: ${filePath} (new checksum + resolver signature)`);
-          console.log("[resolveConflict] Successfully updated Record:", filePath);
-        } catch (error) {
-          logger6.debug(`Skipping file ${filePath}: ${error.message}`);
-          console.log("[resolveConflict] Error updating Record:", filePath, error);
-        }
-      }
-      console.log("[resolveConflict] All Records updated, staging...");
-    }
-    console.log("[resolveConflict] Staging .gitgov/ with updated metadata...");
-    await this.git.add([".gitgov"], { force: true });
-    const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-    const resolutionMessage = `resolution: conflict resolved by ${actorId}
-
-Actor: ${actorId}
-Timestamp: ${timestamp}
-Reason: ${reason}
-Files: ${resolvedRecords.length} file(s) resolved
-
-Signed-off-by: ${actorId}`;
-    let resolutionCommitHash = "";
-    try {
-      resolutionCommitHash = await this.git.commit(resolutionMessage);
-    } catch (commitError) {
-      const stdout = commitError.stdout || "";
-      const stderr = commitError.stderr || "";
-      const isNothingToCommit = stdout.includes("nothing to commit") || stderr.includes("nothing to commit") || stdout.includes("nothing added to commit") || stderr.includes("nothing added to commit");
-      if (isNothingToCommit) {
-        log("No additional changes to commit (no records needed re-signing)");
-        resolutionCommitHash = rebaseCommitHash;
-      } else {
-        throw commitError;
-      }
-    }
-    log("Pushing resolved state to remote...");
-    try {
-      await this.git.push("origin", "gitgov-state");
-      log("Push successful");
-    } catch (pushError) {
-      const pushErrorMsg = pushError instanceof Error ? pushError.message : String(pushError);
-      log(`Push failed (non-fatal): ${pushErrorMsg}`);
-    }
-    log("Returning to original branch and restoring .gitgov/ files...");
-    const repoRoot = await this.git.getRepoRoot();
-    const gitgovDir = path9__default.join(repoRoot, ".gitgov");
-    const tempDir = path9__default.join(os.tmpdir(), `gitgov-resolve-${Date.now()}`);
-    await promises.mkdir(tempDir, { recursive: true });
-    log(`Created temp directory for local files: ${tempDir}`);
-    for (const fileName of LOCAL_ONLY_FILES) {
-      const srcPath = path9__default.join(gitgovDir, fileName);
-      const destPath = path9__default.join(tempDir, fileName);
-      try {
-        await promises.access(srcPath);
-        await promises.cp(srcPath, destPath, { force: true });
-        log(`Saved LOCAL_ONLY_FILE to temp: ${fileName}`);
-      } catch {
-      }
-    }
-    const saveExcludedFiles = async (srcDir, destDir) => {
-      try {
-        const entries = await promises.readdir(srcDir, { withFileTypes: true });
-        for (const entry of entries) {
-          const srcPath = path9__default.join(srcDir, entry.name);
-          const dstPath = path9__default.join(destDir, entry.name);
-          if (entry.isDirectory()) {
-            await promises.mkdir(dstPath, { recursive: true });
-            await saveExcludedFiles(srcPath, dstPath);
-          } else {
-            const isExcluded = SYNC_EXCLUDED_PATTERNS.some((pattern) => pattern.test(entry.name));
-            if (isExcluded) {
-              await promises.mkdir(path9__default.dirname(dstPath), { recursive: true });
-              await promises.copyFile(srcPath, dstPath);
-              log(`Saved EXCLUDED file to temp: ${entry.name}`);
-            }
-          }
-        }
-      } catch {
-      }
-    };
-    await saveExcludedFiles(gitgovDir, tempDir);
-    try {
-      await execAsync("git checkout -", { cwd: repoRoot });
-      log("Returned to original branch");
-    } catch (checkoutError) {
-      log(`Warning: Could not return to original branch: ${checkoutError}`);
-    }
-    log("Restoring .gitgov/ from gitgov-state...");
-    try {
-      await this.git.checkoutFilesFromBranch("gitgov-state", [".gitgov/"]);
-      await execAsync("git reset HEAD .gitgov/ 2>/dev/null || true", { cwd: repoRoot });
-      log("Restored .gitgov/ from gitgov-state (unstaged)");
-    } catch (checkoutFilesError) {
-      log(`Warning: Could not restore .gitgov/ from gitgov-state: ${checkoutFilesError}`);
-    }
-    for (const fileName of LOCAL_ONLY_FILES) {
-      const srcPath = path9__default.join(tempDir, fileName);
-      const destPath = path9__default.join(gitgovDir, fileName);
-      try {
-        await promises.access(srcPath);
-        await promises.cp(srcPath, destPath, { force: true });
-        log(`Restored LOCAL_ONLY_FILE from temp: ${fileName}`);
-      } catch {
-      }
-    }
-    const restoreExcludedFiles = async (srcDir, destDir) => {
-      try {
-        const entries = await promises.readdir(srcDir, { withFileTypes: true });
-        for (const entry of entries) {
-          const srcPath = path9__default.join(srcDir, entry.name);
-          const dstPath = path9__default.join(destDir, entry.name);
-          if (entry.isDirectory()) {
-            await restoreExcludedFiles(srcPath, dstPath);
-          } else {
-            const isExcluded = SYNC_EXCLUDED_PATTERNS.some((pattern) => pattern.test(entry.name));
-            if (isExcluded) {
-              await promises.mkdir(path9__default.dirname(dstPath), { recursive: true });
-              await promises.copyFile(srcPath, dstPath);
-              log(`Restored EXCLUDED file from temp: ${entry.name}`);
-            }
-          }
-        }
-      } catch {
-      }
-    };
-    await restoreExcludedFiles(tempDir, gitgovDir);
-    try {
-      await promises.rm(tempDir, { recursive: true, force: true });
-      log("Temp directory cleaned up");
-    } catch {
-    }
-    logger6.info("Invoking RecordProjector.generateIndex() after conflict resolution...");
-    try {
-      await this.indexer.generateIndex();
-      logger6.info("Index regenerated successfully after conflict resolution");
-    } catch (error) {
-      logger6.warn(`Failed to regenerate index after resolution: ${error.message}`);
-    }
-    log(`=== resolveConflict COMPLETED: ${resolvedRecords.length} conflicts resolved ===`);
-    return {
-      success: true,
-      rebaseCommitHash,
-      resolutionCommitHash,
-      conflictsResolved: resolvedRecords.length,
-      resolvedBy: actorId,
-      reason
-    };
-  }
-};
-
-// src/sync_state/fs_worktree/fs_worktree_sync_state.types.ts
-var WORKTREE_DIR_NAME = ".gitgov-worktree";
-var DEFAULT_STATE_BRANCH = "gitgov-state";
-var logger7 = createLogger("[WorktreeSyncState] ");
-function shouldSyncFile2(filePath) {
-  const fileName = path9__default.basename(filePath);
-  const ext = path9__default.extname(filePath);
-  if (!SYNC_ALLOWED_EXTENSIONS.includes(ext)) {
-    return false;
-  }
-  for (const pattern of SYNC_EXCLUDED_PATTERNS) {
-    if (pattern.test(fileName)) {
-      return false;
-    }
-  }
-  if (LOCAL_ONLY_FILES.includes(fileName)) {
-    return false;
-  }
-  const normalizedPath = filePath.replace(/\\/g, "/");
-  const parts = normalizedPath.split("/");
-  const gitgovIndex = parts.findIndex((p) => p === ".gitgov");
-  let relativeParts;
-  if (gitgovIndex !== -1) {
-    relativeParts = parts.slice(gitgovIndex + 1);
-  } else {
-    const syncDirIndex = parts.findIndex(
-      (p) => SYNC_DIRECTORIES.includes(p)
-    );
-    if (syncDirIndex !== -1) {
-      relativeParts = parts.slice(syncDirIndex);
-    } else if (SYNC_ROOT_FILES.includes(fileName)) {
-      return true;
-    } else {
-      return false;
-    }
-  }
-  if (relativeParts.length === 1) {
-    return SYNC_ROOT_FILES.includes(relativeParts[0]);
-  } else if (relativeParts.length >= 2) {
-    const dirName = relativeParts[0];
-    return SYNC_DIRECTORIES.includes(dirName);
-  }
-  return false;
-}
-var FsWorktreeSyncStateModule = class {
-  deps;
-  repoRoot;
-  stateBranchName;
-  worktreePath;
-  gitgovPath;
-  constructor(deps, config) {
-    if (!deps.git) throw new Error("GitModule is required for FsWorktreeSyncStateModule");
-    if (!deps.config) throw new Error("ConfigManager is required for FsWorktreeSyncStateModule");
-    if (!deps.identity) throw new Error("IdentityAdapter is required for FsWorktreeSyncStateModule");
-    if (!deps.lint) throw new Error("LintModule is required for FsWorktreeSyncStateModule");
-    if (!deps.indexer) throw new Error("IndexerAdapter is required for FsWorktreeSyncStateModule");
-    if (!config.repoRoot) throw new Error("repoRoot is required");
-    this.deps = deps;
-    this.repoRoot = config.repoRoot;
-    this.stateBranchName = config.stateBranchName ?? DEFAULT_STATE_BRANCH;
-    this.worktreePath = config.worktreePath ?? path9__default.join(this.repoRoot, WORKTREE_DIR_NAME);
-    this.gitgovPath = path9__default.join(this.worktreePath, ".gitgov");
-  }
-  // ═══════════════════════════════════════════════
-  // Section A: Worktree Management (WTSYNC-A1..A7)
-  // ═══════════════════════════════════════════════
-  /** [WTSYNC-A4] Returns the worktree path */
-  getWorktreePath() {
-    return this.worktreePath;
-  }
-  /** [WTSYNC-A1..A6] Ensures worktree exists and is healthy */
-  async ensureWorktree() {
-    const health = await this.checkWorktreeHealth();
-    if (health.healthy) {
-      logger7.debug("Worktree is healthy");
-      await this.removeLegacyGitignore();
-      return;
-    }
-    if (health.exists && !health.healthy) {
-      logger7.warn(`Worktree corrupted: ${health.error}. Recreating...`);
-      await this.removeWorktree();
-    }
-    await this.ensureStateBranch();
-    try {
-      logger7.info(`Creating worktree at ${this.worktreePath}`);
-      await this.execGit(["worktree", "add", this.worktreePath, this.stateBranchName]);
-    } catch (error) {
-      throw new WorktreeSetupError(
-        "Failed to create worktree",
-        this.worktreePath,
-        error instanceof Error ? error : void 0
-      );
-    }
-    await this.removeLegacyGitignore();
+    await this.removeLegacyGitignore();
   }
   /**
    * [WTSYNC-A7] Remove .gitignore from state branch if it exists.
@@ -7683,9 +5357,9 @@ var FsWorktreeSyncStateModule = class {
    * Legacy state branches initialized by FsSyncState may have a .gitignore — remove it.
    */
   async removeLegacyGitignore() {
-    const gitignorePath = path9__default.join(this.worktreePath, ".gitignore");
+    const gitignorePath = path6__default.join(this.worktreePath, ".gitignore");
     if (!existsSync(gitignorePath)) return;
-    logger7.info("Removing legacy .gitignore from state branch");
+    logger6.info("Removing legacy .gitignore from state branch");
     try {
       await this.execInWorktree(["rm", ".gitignore"]);
       await this.execInWorktree(["commit", "-m", "gitgov: remove legacy .gitignore (filtering is in code)"]);
@@ -7701,7 +5375,7 @@ var FsWorktreeSyncStateModule = class {
     if (!existsSync(this.worktreePath)) {
       return { exists: false, healthy: false, path: this.worktreePath };
     }
-    const gitFile = path9__default.join(this.worktreePath, ".git");
+    const gitFile = path6__default.join(this.worktreePath, ".git");
     if (!existsSync(gitFile)) {
       return {
         exists: true,
@@ -7745,7 +5419,7 @@ var FsWorktreeSyncStateModule = class {
   /** [WTSYNC-B1..B16] Push local state to remote */
   async pushState(options) {
     const { actorId, dryRun = false, force = false } = options;
-    const log = (msg) => logger7.debug(`[pushState] ${msg}`);
+    const log = (msg) => logger6.debug(`[pushState] ${msg}`);
     if (await this.isRebaseInProgress()) {
       throw new RebaseAlreadyInProgressError();
     }
@@ -7767,7 +5441,7 @@ var FsWorktreeSyncStateModule = class {
       };
     }
     const rawDelta = await this.calculateFileDelta();
-    const delta = rawDelta.filter((f) => shouldSyncFile2(f.file));
+    const delta = rawDelta.filter((f) => shouldSyncFile(f.file));
     log(`Delta: ${delta.length} syncable files (${rawDelta.length} total)`);
     if (delta.length === 0) {
       const { ahead: aheadOfRemote, remoteExists } = await this.isLocalAheadOfRemote();
@@ -7916,7 +5590,7 @@ var FsWorktreeSyncStateModule = class {
   /** [WTSYNC-C1..C9] Pull remote state */
   async pullState(options) {
     const { forceReindex = false, force = false } = options ?? {};
-    const log = (msg) => logger7.debug(`[pullState] ${msg}`);
+    const log = (msg) => logger6.debug(`[pullState] ${msg}`);
     if (await this.isRebaseInProgress()) {
       throw new RebaseAlreadyInProgressError();
     }
@@ -7924,7 +5598,7 @@ var FsWorktreeSyncStateModule = class {
     if (!force) {
       const statusRaw = await this.execInWorktree(["status", "--porcelain", "-uall", ".gitgov/"]);
       const statusLines = statusRaw.split("\n").filter((line) => line.length >= 4);
-      const syncableChanges = statusLines.filter((l) => shouldSyncFile2(l.slice(3)));
+      const syncableChanges = statusLines.filter((l) => shouldSyncFile(l.slice(3)));
       if (syncableChanges.length > 0) {
         log(`Auto-committing ${syncableChanges.length} local changes before pull`);
         for (const line of syncableChanges) {
@@ -8103,7 +5777,7 @@ var FsWorktreeSyncStateModule = class {
   async getPendingChanges() {
     await this.ensureWorktree();
     const allChanges = await this.calculateFileDelta();
-    return allChanges.filter((f) => shouldSyncFile2(f.file));
+    return allChanges.filter((f) => shouldSyncFile(f.file));
   }
   /** Calculate delta between source and worktree state branch */
   async calculateStateDelta(_sourceBranch) {
@@ -8125,10 +5799,10 @@ var FsWorktreeSyncStateModule = class {
   /** [WTSYNC-E6] Check if rebase is in progress in worktree */
   async isRebaseInProgress() {
     try {
-      const gitContent = await promises.readFile(path9__default.join(this.worktreePath, ".git"), "utf8");
+      const gitContent = await promises.readFile(path6__default.join(this.worktreePath, ".git"), "utf8");
       const gitDir = gitContent.replace("gitdir: ", "").trim();
-      const resolvedGitDir = path9__default.resolve(this.worktreePath, gitDir);
-      return existsSync(path9__default.join(resolvedGitDir, "rebase-merge")) || existsSync(path9__default.join(resolvedGitDir, "rebase-apply"));
+      const resolvedGitDir = path6__default.resolve(this.worktreePath, gitDir);
+      return existsSync(path6__default.join(resolvedGitDir, "rebase-merge")) || existsSync(path6__default.join(resolvedGitDir, "rebase-apply"));
     } catch {
       return false;
     }
@@ -8137,7 +5811,7 @@ var FsWorktreeSyncStateModule = class {
   async checkConflictMarkers(filePaths) {
     const filesWithMarkers = [];
     for (const filePath of filePaths) {
-      const fullPath = path9__default.join(this.gitgovPath, filePath);
+      const fullPath = path6__default.join(this.gitgovPath, filePath);
       try {
         const content = await promises.readFile(fullPath, "utf8");
         if (content.includes("<<<<<<<") || content.includes(">>>>>>>")) {
@@ -8153,7 +5827,7 @@ var FsWorktreeSyncStateModule = class {
     const files = filePaths ?? await this.getConflictedFiles();
     const diffFiles = [];
     for (const file of files) {
-      const fullPath = path9__default.join(this.worktreePath, file);
+      const fullPath = path6__default.join(this.worktreePath, file);
       try {
         const content = await promises.readFile(fullPath, "utf8");
         let localContent = "";
@@ -8251,7 +5925,7 @@ var FsWorktreeSyncStateModule = class {
       filePaths
     } = options ?? {};
     if (expectedFilesScope === "all-commits") {
-      logger7.debug('expectedFilesScope "all-commits" treated as "head" in worktree module');
+      logger6.debug('expectedFilesScope "all-commits" treated as "head" in worktree module');
     }
     await this.ensureWorktree();
     const integrityViolations = await this.verifyResolutionIntegrity();
@@ -8267,7 +5941,7 @@ var FsWorktreeSyncStateModule = class {
     if (verifyExpectedFiles) {
       if (filePaths && filePaths.length > 0) {
         for (const fp of filePaths) {
-          if (!existsSync(path9__default.join(this.gitgovPath, fp))) {
+          if (!existsSync(path6__default.join(this.gitgovPath, fp))) {
             integrityViolations.push({
               rebaseCommitHash: "",
               commitMessage: `Missing expected file: ${fp}`,
@@ -8279,7 +5953,7 @@ var FsWorktreeSyncStateModule = class {
       } else {
         const expectedDirs = ["tasks", "cycles", "actors"];
         for (const dir of expectedDirs) {
-          if (!existsSync(path9__default.join(this.gitgovPath, dir))) {
+          if (!existsSync(path6__default.join(this.gitgovPath, dir))) {
             integrityViolations.push({
               rebaseCommitHash: "",
               commitMessage: `Missing expected directory: ${dir}`,
@@ -8288,7 +5962,7 @@ var FsWorktreeSyncStateModule = class {
             });
           }
         }
-        if (!existsSync(path9__default.join(this.gitgovPath, "config.json"))) {
+        if (!existsSync(path6__default.join(this.gitgovPath, "config.json"))) {
           integrityViolations.push({
             rebaseCommitHash: "",
             commitMessage: "Missing expected file: config.json",
@@ -8385,7 +6059,7 @@ var FsWorktreeSyncStateModule = class {
   async stageSyncableFiles(delta, log) {
     let stagedCount = 0;
     for (const file of delta) {
-      if (!shouldSyncFile2(file.file)) {
+      if (!shouldSyncFile(file.file)) {
         log(`Skipped (not syncable): ${file.file}`);
         continue;
       }
@@ -8411,7 +6085,7 @@ var FsWorktreeSyncStateModule = class {
   /** Re-sign records after conflict resolution */
   async resignResolvedRecords(filePaths, actorId, reason) {
     for (const filePath of filePaths) {
-      const fullPath = path9__default.join(this.gitgovPath, filePath);
+      const fullPath = path6__default.join(this.gitgovPath, filePath);
       try {
         const content = await promises.readFile(fullPath, "utf8");
         const record = JSON.parse(content);
@@ -8426,7 +6100,7 @@ var FsWorktreeSyncStateModule = class {
     try {
       await this.deps.indexer.generateIndex();
     } catch {
-      logger7.warn("Re-index failed");
+      logger6.warn("Re-index failed");
     }
   }
   /** Parse git diff --name-status output */
@@ -8724,7 +6398,7 @@ var LocalBackend = class {
    * Executes via entrypoint (dynamic import) and captures output.
    */
   async executeEntrypoint(engine, ctx) {
-    const absolutePath = path9__default.join(this.projectRoot, engine.entrypoint);
+    const absolutePath = path6__default.join(this.projectRoot, engine.entrypoint);
     const mod = await import(absolutePath);
     const fnName = engine.function || "runAgent";
     const fn = mod[fnName];
@@ -9163,7 +6837,7 @@ var FsAgentRunner = class {
       throw new MissingDependencyError("ExecutionAdapter", "required");
     }
     this.projectRoot = deps.projectRoot;
-    this.gitgovPath = deps.gitgovPath ?? path9__default.join(this.projectRoot, ".gitgov");
+    this.gitgovPath = deps.gitgovPath ?? path6__default.join(this.projectRoot, ".gitgov");
     this.identityAdapter = deps.identityAdapter ?? void 0;
     this.executionAdapter = deps.executionAdapter;
     this.eventBus = deps.eventBus ?? void 0;
@@ -9309,7 +6983,7 @@ var FsAgentRunner = class {
    */
   async loadAgent(agentId) {
     const id = agentId.startsWith("agent:") ? agentId.slice(6) : agentId;
-    const agentPath = path9__default.join(this.gitgovPath, "agents", `agent-${id}.json`);
+    const agentPath = path6__default.join(this.gitgovPath, "agents", `agent-${id}.json`);
     try {
       const content = await promises.readFile(agentPath, "utf-8");
       const record = JSON.parse(content);
@@ -9341,10 +7015,10 @@ function createAgentRunner(deps) {
 var FsRecordProjection = class {
   indexPath;
   constructor(options) {
-    this.indexPath = path9.join(options.basePath, "index.json");
+    this.indexPath = path6.join(options.basePath, "index.json");
   }
   async persist(data, _context) {
-    const dir = path9.dirname(this.indexPath);
+    const dir = path6.dirname(this.indexPath);
     await fs.mkdir(dir, { recursive: true });
     const tmpPath = `${this.indexPath}.tmp`;
     const content = JSON.stringify(data, null, 2);
@@ -9382,6 +7056,6 @@ var FsRecordProjection = class {
   }
 };
 
-export { DEFAULT_ID_ENCODER, FsAgentRunner, FsConfigStore, FsFileLister, FsKeyProvider, FsLintModule, FsProjectInitializer, FsRecordProjection, FsRecordStore, FsSessionStore, FsSyncStateModule, FsWatcherStateModule, FsWorktreeSyncStateModule, LocalGitModule as GitModule, LocalGitModule, createAgentRunner, createConfigManager, createSessionManager, findGitgovRoot, findProjectRoot, getGitgovPath, isGitgovProject, resetDiscoveryCache };
+export { DEFAULT_ID_ENCODER, FsAgentRunner, FsConfigStore, FsFileLister, FsKeyProvider, FsLintModule, FsProjectInitializer, FsRecordProjection, FsRecordStore, FsSessionStore, FsWatcherStateModule, FsWorktreeSyncStateModule, LocalGitModule as GitModule, LocalGitModule, createAgentRunner, createConfigManager, createSessionManager, findProjectRoot, getWorktreeBasePath, resetDiscoveryCache };
 //# sourceMappingURL=fs.js.map
 //# sourceMappingURL=fs.js.map