@glw907/cairn-cms 0.59.0 → 0.60.1

package/src/lib/components/tidy-validate.ts

@@ -0,0 +1,202 @@
+// The tidy output validation: the safety backstop that proves a tidy result is a proofread and not
+// a restructure (spec 2.6) or a successful prompt injection (spec 2.3.3). A pure module taking the
+// captured original and the model's corrected string and returning either the validated change set
+// (the Task 12 diff) or a typed rejection reason. A rejected result is discarded by the caller with
+// an honest message and the document is left untouched; nothing here mutates the buffer.
+//
+// Four of the five checks are EXACT and are the real structural backstop: the directive structure,
+// the heading count and levels, the fenced-code-block count, the byte-for-byte frontmatter, the
+// media-hash multiset, and every code span and fenced block. The fifth, the divergence bound, is
+// the only fuzzy one, and it is a rewrite/injection backstop only, never a voice safeguard. The
+// config-driven prompt is what protects voice.
+
+import { unified } from 'unified';
+import remarkParse from 'remark-parse';
+import remarkGfm from 'remark-gfm';
+import { visit } from 'unist-util-visit';
+import { fenceScan, frontmatterSpan } from './markdown-directives.js';
+import { parseMediaToken } from '../media/reference.js';
+import { diffTokens, diffChanges } from './tidy-diff.js';
+import type { Change } from './tidy-diff.js';
+
+/** The reason a tidy result was rejected. Task 14 branches on this; every value maps to the one
+ *  honest author-facing message, so the reason is for logging and tests, not the user surface.
+ *  - `structure`: a directive opener/closer sequence, a heading count or level, or a fenced-code
+ *    count diverged (the result restructured the document).
+ *  - `frontmatter`: the frontmatter block is not byte-for-byte equal.
+ *  - `media`: the multiset of `media:` hashes differs (a hash was altered, dropped, or invented).
+ *  - `code`: a code span or fenced code block was edited.
+ *  - `divergence`: the changed-token amount exceeds the length-aware bound (a wholesale rewrite). */
+export type TidyRejectionReason = 'structure' | 'frontmatter' | 'media' | 'code' | 'divergence';
+
+/** The honest author-facing message a rejection maps to. The same message for every reason, by
+ *  design: an author does not need the validator's internal taxonomy, only that the result was
+ *  discarded and their text is safe. */
+export const TIDY_REJECTION_MESSAGE =
+	'Tidy returned a result that changed more than the wording, so it was discarded. Your text is unchanged.';
+
+/** The outcome of validating a tidy result. On success it carries the Task 12 change set the review
+ *  surface accepts and rejects against; on failure it carries the typed reason and the message. */
+export type TidyValidation =
+	| { ok: true; changes: Change[] }
+	| { ok: false; reason: TidyRejectionReason; message: string };
+
+// The divergence bound. The floor allows a fixed number of changed tokens regardless of fraction so
+// a legitimate heavy proofread of a SHORT input is not penalized: a short paragraph with a typo in
+// nearly every word is a real proofread, not a rewrite. The fraction catches a wholesale rewrite of
+// a LONG input, where a large absolute count is past any honest copy-edit. A result is rejected only
+// when it exceeds BOTH the floor and the fraction, so a short input rides the floor and a long input
+// rides the fraction. The values are deliberate: 60 tokens of change covers a dense proofread of a
+// few short paragraphs, and 0.5 of the total tokens marks the point where more than half the text
+// changed, which no proofread does but a rewrite or a successful injection always does.
+const DIVERGENCE_TOKEN_FLOOR = 60;
+const DIVERGENCE_FRACTION = 0.5;
+
+// Every `media:` token anywhere in the text, hash and slug forms alike. The validator scans the raw
+// text rather than going through extractMediaRefs for two reasons. First, a true MULTISET is the
+// invariant a backstop wants: extractMediaRefs dedups by hash, so a doubled token collapsing to one
+// would read as equal, and the validator must catch a dropped duplicate. Second, the raw scan covers
+// the whole text including frontmatter without threading the concept's FrontmatterField[] to the call
+// site, which the validator otherwise has no reason to know. A token mangled inside a code fence is
+// caught here too, redundantly with the code check, which is the right posture for a backstop.
+const MEDIA_TOKEN = /media:[A-Za-z0-9.-]+/g;
+
+/** The sorted multiset of valid media hashes in the text. Each `media:` occurrence is parsed; a
+ *  malformed token (a broken hash, an illegal slug) parses to null and is dropped, so a tidy that
+ *  CORRUPTED a hash drops it from the multiset and the comparison fails. Sorted so two multisets
+ *  compare by value, order-independent. */
+function mediaHashes(text: string): string[] {
+	const hashes: string[] = [];
+	for (const m of text.matchAll(MEDIA_TOKEN)) {
+		const ref = parseMediaToken(m[0]);
+		if (ref) hashes.push(ref.hash);
+	}
+	return hashes.sort();
+}
+
+/** The directive structure signature: each opener or closer in document order, paired with the depth
+ *  the fence scan assigned it. Two texts share a directive structure when these signatures are equal,
+ *  so an added, removed, or relevelled container fails the comparison. A fence-shaped line inside a
+ *  code block is already disowned by the scan (its role is null), so a documented `:::` example does
+ *  not enter the signature. */
+function directiveSignature(text: string): string {
+	const { depths, roles } = fenceScan(text.split('\n'));
+	const parts: string[] = [];
+	for (let i = 0; i < roles.length; i++) {
+		if (roles[i] !== null) parts.push(`${roles[i]}@${depths[i]}`);
+	}
+	return parts.join(',');
+}
+
+/** The heading signature: every ATX heading's level in document order. Parsed as mdast so a `#`
+ *  inside a code block or an escaped one is never counted, and the level is the parser's own depth.
+ *  Two texts share a heading structure when these are equal, so an added, removed, or relevelled
+ *  heading fails the comparison. */
+function headingSignature(text: string): string {
+	const tree = unified().use(remarkParse).use(remarkGfm).parse(text);
+	const levels: number[] = [];
+	visit(tree, 'heading', (node: { depth?: number }) => {
+		if (typeof node.depth === 'number') levels.push(node.depth);
+	});
+	return levels.join(',');
+}
+
+/** Every code span and fenced or indented code block in the text, as a sorted multiset of values.
+ *  Parsed as mdast so the comparison sees exactly what the parser treats as code, the same authority
+ *  the media body scan uses. Sorted so the comparison is order-independent: the divergence and
+ *  structure checks own ordering, this check owns the contents. A `code` node is a block, an
+ *  `inlineCode` node is a span. */
+function codeContents(text: string): string[] {
+	const tree = unified().use(remarkParse).use(remarkGfm).parse(text);
+	const values: string[] = [];
+	visit(tree, (node: { type: string; value?: string }) => {
+		if ((node.type === 'code' || node.type === 'inlineCode') && typeof node.value === 'string') {
+			values.push(`${node.type}:${node.value}`);
+		}
+	});
+	return values.sort();
+}
+
+/** True when two string multisets are equal: same length and same sorted contents. */
+function multisetEqual(a: string[], b: string[]): boolean {
+	if (a.length !== b.length) return false;
+	for (let i = 0; i < a.length; i++) {
+		if (a[i] !== b[i]) return false;
+	}
+	return true;
+}
+
+// The changed token amount: the count of tokens the diff marked inserted or deleted, against the
+// total tokens in the original. An equal run contributes nothing; an inserted or deleted run counts
+// its own tokens. This is the rewrite measure, deliberately coarse, since the structure/token/code
+// checks are the exact backstop and this only catches a wholesale rewrite that slipped past them.
+function divergence(original: string, corrected: string): { changed: number; total: number } {
+	const runs = diffTokens(original, corrected);
+	// Count tokens by splitting each run's text on the same word/non-word boundary the diff uses; a
+	// run's token count is its number of word-or-nonword matches. The original's total is the equal
+	// plus deleted token count.
+	const countTokens = (s: string) => (s.match(/[A-Za-z0-9_]+(?:['’][A-Za-z0-9_]+)*|[^A-Za-z0-9_]+/g) ?? []).length;
+	let changed = 0;
+	let total = 0;
+	for (const run of runs) {
+		const tokens = countTokens(run.text);
+		if (run.kind === 'inserted' || run.kind === 'deleted') changed += tokens;
+		if (run.kind === 'equal' || run.kind === 'deleted') total += tokens;
+	}
+	return { changed, total };
+}
+
+/**
+ * Validate a tidy result against the captured original. Runs the exact structural checks first (a
+ * restructure or a token or code edit is a hard reject regardless of how little else changed), then
+ * the length-aware divergence bound. On success returns the Task 12 change set for the review
+ * surface; on failure returns the typed reason and the one honest message.
+ *
+ * The checks, in order: the directive opener/closer sequence and depths, the ATX heading count and
+ * levels, the fenced-code-block count (folded into the code-contents multiset), the byte-for-byte
+ * frontmatter via the shared frontmatterSpan helper, the media-hash multiset, the code-span and
+ * code-block contents, and finally the divergence bound. A pure function: it reads the two strings
+ * and nothing else, and it never mutates the buffer.
+ */
+export function validateTidy(original: string, corrected: string): TidyValidation {
+	// Directive structure: the opener/closer sequence and depths must match exactly.
+	if (directiveSignature(original) !== directiveSignature(corrected)) {
+		return { ok: false, reason: 'structure', message: TIDY_REJECTION_MESSAGE };
+	}
+
+	// Headings: the same ATX headings at the same levels, in order.
+	if (headingSignature(original) !== headingSignature(corrected)) {
+		return { ok: false, reason: 'structure', message: TIDY_REJECTION_MESSAGE };
+	}
+
+	// Frontmatter: byte-for-byte equal, via the same helper the spellcheck skip uses. A null span
+	// (no frontmatter) on both sides slices to the empty string on both, so a body-only document
+	// passes; a span on one side and not the other diverges.
+	const fmOriginal = frontmatterSpan(original);
+	const fmCorrected = frontmatterSpan(corrected);
+	const fmTextOriginal = fmOriginal ? original.slice(fmOriginal.from, fmOriginal.to) : '';
+	const fmTextCorrected = fmCorrected ? corrected.slice(fmCorrected.from, fmCorrected.to) : '';
+	if (fmTextOriginal !== fmTextCorrected) {
+		return { ok: false, reason: 'frontmatter', message: TIDY_REJECTION_MESSAGE };
+	}
+
+	// Media: the exact same multiset of hashes across the whole text.
+	if (!multisetEqual(mediaHashes(original), mediaHashes(corrected))) {
+		return { ok: false, reason: 'media', message: TIDY_REJECTION_MESSAGE };
+	}
+
+	// Code: every code span and fenced or indented block identical. The block count is folded in
+	// here: a multiset of block-and-span values that differs in count or contents fails.
+	if (!multisetEqual(codeContents(original), codeContents(corrected))) {
+		return { ok: false, reason: 'code', message: TIDY_REJECTION_MESSAGE };
+	}
+
+	// Divergence: rejected only when the changed amount exceeds BOTH the absolute floor and the
+	// fraction of the total. A short input rides the floor; a long input rides the fraction.
+	const { changed, total } = divergence(original, corrected);
+	if (changed > DIVERGENCE_TOKEN_FLOOR && changed > total * DIVERGENCE_FRACTION) {
+		return { ok: false, reason: 'divergence', message: TIDY_REJECTION_MESSAGE };
+	}
+
+	return { ok: true, changes: diffChanges(original, corrected) };
+}

package/src/lib/content/compose.ts

@@ -6,7 +6,7 @@
 import type { AdminPanel, CairnAdapter, CairnExtension, CairnRuntime, ConceptConfig, FieldTypeDef } from './types.js';
 import { resolveConcepts } from './concepts.js';
 import { normalizeAssets } from '../media/config.js';
-import type { SiteConfig } from '../nav/site-config.js';
+import { dictionaryFileForDialect, type SiteConfig } from '../nav/site-config.js';
 
 /** The input to {@link composeRuntime}. `siteConfig` is required so the per-concept URL policy is
  *  always derived from one source and can never be silently dropped. `extensions` fold in after the
@@ -49,6 +49,16 @@ export function composeRuntime({ adapter, siteConfig, extensions = [] }: Compose
     assets: adapter.assets,
     resolvedAssets: normalizeAssets(adapter.assets),
     mediaManifestPath: adapter.mediaManifestPath ?? 'src/content/.cairn/media.json',
+    // The personal dictionary sits beside the manifests under the same `.cairn/` content root, so the
+    // spec's `content/.cairn/dictionary.txt` resolves the same configurable way the manifest paths do.
+    dictionaryPath: adapter.dictionaryPath ?? 'src/content/.cairn/dictionary.txt',
+    // The spellcheck dictionary is resolved once here from the site config's dialect (default US),
+    // so the runtime and the editor never re-derive it. The site config is the one home for the
+    // dialect; the editor resolves this filename to a real asset URL on the main thread.
+    spellcheckDictionary: dictionaryFileForDialect(siteConfig.spellcheck?.dialect),
+    // The tidy block passes through from the site config; the tidy action reads enabled/model at call
+    // time and builds its prompt from conventions. Absent means tidy is off.
+    tidy: siteConfig.tidy,
     adminPanels,
     fieldTypes,
   };

package/src/lib/content/site-dictionary.ts

@@ -0,0 +1,84 @@
+// cairn-cms: the git-committed per-site personal dictionary (spec 1.6). One word per line,
+// sorted, with comment lines (starting with #) and blank lines tolerated on read. This module is
+// pure: it parses the committed file text, inserts words in sorted order, and serializes the
+// canonical form. The insert is order-independent, so the action's commit-and-retry can re-merge
+// the pending additions at a new head and reach the same sorted set regardless of insertion order.
+//
+// The canonical serialization keeps a single leading header comment and one sorted word per line.
+// An inbound file's other comment lines are dropped on serialize (the header is regenerated), so the
+// committed file stays a clean, diffable, sorted word list; a maintainer who wants a richer comment
+// edits it in git, and the next add through here normalizes it back to the header.
+
+/** The header comment the canonical serialization writes above the sorted words. */
+const HEADER = '# cairn personal dictionary: one word per line, sorted, kept in git.';
+
+// A dictionary word: a single line carrying no whitespace and no ASCII control characters, so it can
+// never inject an extra line into the committed file. Hyphens and apostrophes are allowed, since real
+// words carry them ("well-known", "O'Brien"); a non-ASCII surname or place name validates too, since
+// the test is for whitespace and control bytes rather than an allow-list of letters. The action runs
+// inbound words through this before a merge.
+const WORD_RE = /^[^\s\p{Cc}]+$/u;
+
+/** True when a word is a single valid dictionary line (no whitespace, no control characters, non-empty
+ *  and within the length bound). A leading "#" is rejected: parseDictionary re-reads such a line as a
+ *  comment, so committing it would silently drop the word on the next read. The action uses this to
+ *  reject untrusted input before the merge, so a newline or a control byte can never inject an extra
+ *  line into the committed file. */
+export function isValidDictionaryWord(word: string, maxLength = 64): boolean {
+  if (word.startsWith('#')) return false;
+  return word.length > 0 && word.length <= maxLength && WORD_RE.test(word);
+}
+
+/**
+ * Parse the committed dictionary file text into its word list. Comment lines (a `#` after optional
+ * leading whitespace) and blank lines are dropped; every other line is trimmed and kept. A null or
+ * empty file yields an empty list. The result preserves the file's order and is not deduplicated or
+ * sorted here, so a caller can see exactly what the file held; `mergeDictionaryWords` is the path that
+ * normalizes to the sorted, deduplicated set.
+ */
+export function parseDictionary(text: string | null): string[] {
+  if (!text) return [];
+  const words: string[] = [];
+  for (const line of text.split('\n')) {
+    const trimmed = line.trim();
+    if (trimmed === '' || trimmed.startsWith('#')) continue;
+    words.push(trimmed);
+  }
+  return words;
+}
+
+/** Case-insensitive, locale-stable comparator for the canonical sort. Words are compared lowercased
+ *  so "Cairn" and "cairn" collapse to one entry, the same case-folding the Worker's merged set uses. */
+function byWord(a: string, b: string): number {
+  return a.toLowerCase().localeCompare(b.toLowerCase());
+}
+
+/**
+ * Merge `additions` into the `existing` word list, returning the canonical sorted, deduplicated set.
+ * The merge is case-insensitive (a duplicate add of an existing word, in any case, collapses) and
+ * order-independent: the inputs are unioned by lowercased key and sorted, so re-merging the same
+ * additions at a moved head produces the same set. The first-seen casing of each word wins, so an
+ * existing "Cairn" is kept over a later "cairn". Invalid additions (whitespace, control characters,
+ * empty) are skipped here as a backstop; the action validates before this is reached.
+ */
+export function mergeDictionaryWords(existing: readonly string[], additions: readonly string[]): string[] {
+  const byKey = new Map<string, string>();
+  for (const word of [...existing, ...additions]) {
+    if (!isValidDictionaryWord(word)) continue;
+    const key = word.toLowerCase();
+    if (!byKey.has(key)) byKey.set(key, word);
+  }
+  return [...byKey.values()].sort(byWord);
+}
+
+/**
+ * Serialize a word list to the canonical committed file text: the header comment, then one word per
+ * line sorted case-insensitively, with a trailing newline. The input is run through the same dedup
+ * and sort as the merge, so serializing an unsorted or duplicate-bearing list still yields the
+ * canonical form. An empty word list serializes to just the header (so the file stays a valid,
+ * recognizable dictionary rather than vanishing).
+ */
+export function serializeDictionary(words: readonly string[]): string {
+  const sorted = mergeDictionaryWords(words, []);
+  return [HEADER, ...sorted].join('\n') + '\n';
+}

package/src/lib/content/types.ts

@@ -264,6 +264,11 @@ export interface CairnAdapter {
   /** Repo-relative path to the committed media manifest. Defaults to src/content/.cairn/media.json,
    *  applied in composeRuntime. Sits outside any concept directory, like the content manifest. */
   mediaManifestPath?: string;
+  /** Repo-relative path to the committed personal dictionary file. Defaults to
+   *  src/content/.cairn/dictionary.txt, applied in composeRuntime: the same `.cairn/` content root the
+   *  manifests use, so the spec's `content/.cairn/dictionary.txt` resolves the same configurable way the
+   *  manifest paths do. One word per line, sorted, comment lines allowed (see site-dictionary.ts). */
+  dictionaryPath?: string;
   /** Directive component registry; the renderer and the future palette derive from it (seam 3). */
   registry?: ComponentRegistry;
   /** The site's glyph name to SVG path-data map, for the admin icon picker and the renderer. */
@@ -380,6 +385,13 @@ export interface CairnRuntime {
   manifestPath: string;
   /** The repo-relative path to the committed media manifest, defaulted in composeRuntime. */
   mediaManifestPath: string;
+  /** The repo-relative path to the committed personal dictionary file (one word per line, sorted),
+   *  defaulted in composeRuntime to src/content/.cairn/dictionary.txt: the same `.cairn/` content root
+   *  the manifests use. The edit load reads it and threads its words onto EditData; the
+   *  addDictionaryWord action reads, merges, and commits it. Optional on the runtime so a hand-built
+   *  runtime need not set it; composeRuntime always fills it, and the edit load and the action default
+   *  a missing value to the same content-root path. */
+  dictionaryPath?: string;
   /** The adapter's asset config resolved once at compose: `{ enabled: false }` for a no-media site,
    *  otherwise the filled config the upload, storage, delivery, and resolver paths read. */
   resolvedAssets: import('../media/config.js').ResolvedAssetConfig;
@@ -390,6 +402,19 @@ export interface CairnRuntime {
   /** The live site's content styling for the preview frame; passed through from the adapter. */
   preview?: PreviewConfig;
   assets?: AssetConfig;
+  /** The editor's spellcheck dictionary file, resolved once at compose from the site config's
+   *  `spellcheck.dialect` (defaulting to US English). The edit load threads it onto EditData and the
+   *  editor resolves it to a real asset URL on the main thread, so the Worker receives the URL and
+   *  never reads config. Just the filename, e.g. "dictionary-en-us.txt". Optional on the runtime so a
+   *  hand-built runtime need not set it; composeRuntime always fills it, and the edit load defaults a
+   *  missing value to the US English dictionary. */
+  spellcheckDictionary?: string;
+  /** The editor tidy (LLM copy-edit) settings, passed through from the site config. Optional on the
+   *  runtime so a hand-built runtime need not set it; composeRuntime threads it from
+   *  `siteConfig.tidy`. The tidy action reads `enabled` and `model` at call time, and builds its prompt
+   *  from `conventions`. Absent (or `enabled` false) means tidy is off, and the action refuses with a
+   *  fail(503) before any model call. */
+  tidy?: import('../nav/site-config.js').TidyConfig;
   /** Admin panels contributed by extensions (Mode 2). Empty until Plan 09 wires the dispatch route. */
   adminPanels?: AdminPanel[];
   /** Field types contributed by extensions (Mode 2). Empty until Plan 09 wires the form dispatch. */

package/src/lib/doctor/checks-local.ts

@@ -6,6 +6,7 @@ import type { CheckResult, DoctorCheck, DoctorContext } from './types.js';
 import { readWranglerConfig } from './wrangler-config.js';
 import { requireOrigin } from '../env.js';
 import { parseSiteConfig, urlPolicyFrom } from '../nav/site-config.js';
+import type { SiteConfig } from '../nav/site-config.js';
 import { normalizeConcepts } from '../content/concepts.js';
 import { defineFields } from '../content/schema.js';
 import type { ConceptConfig } from '../content/types.js';
@@ -138,16 +139,21 @@ export const configPublicOrigin: DoctorCheck = {
 // src locations the production sites use).
 const SITE_CONFIG_PATHS = ['site.config.yaml', 'src/lib/site.config.yaml', 'src/site.config.yaml'];
 
+// Read the first site.config.yaml that exists in a conventional spot, or null when none does.
+async function readSiteConfigText(ctx: DoctorContext): Promise<string | null> {
+	for (const path of SITE_CONFIG_PATHS) {
+		const text = await ctx.readFile(path);
+		if (text !== null) return text;
+	}
+	return null;
+}
+
 export const configSiteConfig: DoctorCheck = {
 	id: 'config.site-config',
 	conditionId: 'config.site-config-invalid',
 	title: 'Site config',
 	async run(ctx: DoctorContext): Promise<CheckResult> {
-		let text: string | null = null;
-		for (const path of SITE_CONFIG_PATHS) {
-			text = await ctx.readFile(path);
-			if (text !== null) break;
-		}
+		const text = await readSiteConfigText(ctx);
 		if (text === null) return skip(`no site.config.yaml found (looked in ${SITE_CONFIG_PATHS.join(', ')})`);
 		try {
 			const policy = urlPolicyFrom(parseSiteConfig(text));
@@ -165,3 +171,51 @@ export const configSiteConfig: DoctorCheck = {
 		}
 	},
 };
+
+// A site enables tidy with `tidy.enabled: true` in the committed config; ignore a config the rest of
+// the doctor reports through configSiteConfig, so a parse error here just skips rather than doubling
+// the failure.
+function tidyEnabled(text: string): boolean {
+	let config: SiteConfig;
+	try {
+		config = parseSiteConfig(text);
+	} catch {
+		return false;
+	}
+	return config.tidy?.enabled === true;
+}
+
+// The Anthropic key is a Worker secret, so the doctor cannot prove it is unset (it is in neither the
+// committed wrangler config nor anything readFile reaches). It CAN read the two spots a key would also
+// appear if set as a plain var: the wrangler config text and .dev.vars. A bare presence-by-name read
+// is enough for the heuristic; the runtime fail(503) and --probe are the real truth checks.
+function keyAppearsIn(text: string | null): boolean {
+	return text !== null && text.includes('ANTHROPIC_API_KEY');
+}
+
+// The tidy secret heuristic. It reuses the config.bindings-missing condition rather than registering a
+// new one, so the readiness count holds (the same pattern configMediaBucket uses). A warn here is not a
+// definitive unset claim: it asks the operator to verify the secret, since a wrangler secret is
+// invisible to the CLI.
+export const configTidyKey: DoctorCheck = {
+	id: 'config.tidy-key',
+	conditionId: 'config.bindings-missing',
+	title: 'Tidy API key',
+	async run(ctx: DoctorContext): Promise<CheckResult> {
+		const text = await readSiteConfigText(ctx);
+		if (text === null) return skip('no site.config.yaml found, so tidy enablement is unknown');
+		if (!tidyEnabled(text)) return skip('tidy is not enabled in the site config');
+		const wrangler =
+			(await ctx.readFile('wrangler.jsonc')) ?? (await ctx.readFile('wrangler.toml'));
+		if (keyAppearsIn(wrangler)) {
+			return pass('ANTHROPIC_API_KEY appears in the wrangler vars (verify it is the real key, not a placeholder)');
+		}
+		const devVars = await ctx.readFile('.dev.vars');
+		if (keyAppearsIn(devVars)) {
+			return pass('ANTHROPIC_API_KEY appears in .dev.vars (the local override; verify the Worker secret is set for production)');
+		}
+		return fail(
+			'tidy is enabled but ANTHROPIC_API_KEY is in neither the wrangler vars nor .dev.vars; verify the secret is configured with wrangler secret put ANTHROPIC_API_KEY'
+		);
+	},
+};

package/src/lib/doctor/index.ts

@@ -9,6 +9,7 @@ import {
 	configCsrfDisable,
 	configSiteConfig,
 	configPublicOrigin,
+	configTidyKey,
 } from './checks-local.js';
 import { configDependencyFloors } from './check-floors.js';
 import { emailSenderOnboarded, edgeHttpsForced, edgeHsts, authStore } from './checks-cloudflare.js';
@@ -162,6 +163,7 @@ export function defaultChecks(): DoctorCheck[] {
 		configCsrfDisable,
 		configSiteConfig,
 		configPublicOrigin,
+		configTidyKey,
 		configDependencyFloors,
 		emailSenderOnboarded,
 		edgeHttpsForced,

package/src/lib/log/events.ts

@@ -27,4 +27,10 @@ export type CairnLogEvent =
   | 'media.orphans_purged'
   | 'media.replaced'
   | 'media.replace_blocked'
-  | 'media.alt_propagated';
+  | 'media.alt_propagated'
+  | 'dictionary.added'
+  | 'dictionary.add_conflict'
+  | 'tidy.done'
+  | 'tidy.error'
+  | 'tidy.refused'
+  | 'tidy.empty';