@groundnuty/macf 0.2.0-rc.1 → 0.2.1

package/dist/cli/settings-writer.js

@@ -21,11 +21,27 @@
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { join, resolve } from 'node:path';
 /**
- * The command path written into settings.json. Workspace-relative so
- * it matches what `copyCanonicalScripts` places at
- * `<workspace>/.claude/scripts/check-gh-token.sh`.
+ * The command path written into settings.json. Uses
+ * `$CLAUDE_PROJECT_DIR` (substituted by Claude Code at hook-dispatch
+ * time to the workspace root) rather than a workspace-relative path
+ * because Claude Code invokes hooks with cwd = the tool's spawn dir.
+ * If the agent has `cd`'d into a subdir before a Bash call, a
+ * relative path resolves against the subdir and the script is "not
+ * found" — generating noise and (worse) silently skipping the
+ * attribution-trap check (#140). See macf#232 for the bug report and
+ * macf-devops-toolkit `74c0af2` / macf-science-agent `cf7cbcf` /
+ * macf-testbed `1e3ee8e` for the precedent fix landings on workspace
+ * templates the day this was filed.
+ *
+ * Migration: `installGhTokenHook` re-writes the entry on every call,
+ * matching prior MACF entries by `check-gh-token.sh` basename
+ * (`isMacfManagedCommand`) — so the legacy relative-path form is
+ * dropped + replaced with the absolute form on the next `macf init` /
+ * `macf update` / `macf rules refresh` cycle. No legacy-pattern list
+ * is needed (unlike `MACF_LEGACY_FD_PATTERNS` which compares strings
+ * literally) because the basename matcher is path-agnostic.
  */
-export const MACF_HOOK_COMMAND = '.claude/scripts/check-gh-token.sh';
+export const MACF_HOOK_COMMAND = '$CLAUDE_PROJECT_DIR/.claude/scripts/check-gh-token.sh';
 /**
  * The hook filename used to identify MACF-managed entries on refresh.
  * Matched by path-end equality (see isMacfManagedCommand) so operator
@@ -194,6 +210,168 @@ export function installSandboxFdAllowRead(workspaceDir) {
     };
     writeFileSync(path, JSON.stringify(updated, null, 2) + '\n');
 }
+/**
+ * Canonical MACF-managed `sandbox.excludedCommands` entries.
+ *
+ * Per macf#211 + claude-code#43454: Claude Code 2.1.92+ has a seccomp
+ * regression on Linux that breaks Bash inside the sandbox during the
+ * shell's own startup (it reads from `/proc/self/fd/3` even before
+ * user-code runs). Adding common dev-loop commands to
+ * `excludedCommands` runs them unsandboxed, sidestepping the
+ * regression while keeping sandbox protection for everything else.
+ *
+ * Three command classes:
+ *
+ *  - **Search/read** (`grep`, `rg`, `find`, `head`, `tail`, `cat`,
+ *    `ls`, `wc`, `sort`, `awk`, `sed`, `diff`, `which`) — Bash tool's
+ *    primary dev-loop commands; no side effects beyond the file view
+ *    Claude already has via the `Read` tool.
+ *  - **Shell wrappers** (`bash:*`, `sh:*`, `xargs:*`) — agent-
+ *    composed shell pipelines; sandboxed versions fail at zsh-init
+ *    even when the inner command is a no-op.
+ *  - **Low-blast-radius filesystem mutations** (`mkdir:*`, `cp:*`,
+ *    `touch:*`) — non-destructive create/copy. Higher-blast-radius
+ *    mutations (`rm:*`, `mv:*`) are intentionally NOT in the list:
+ *    keeping them sandboxed limits accidental damage paths.
+ *
+ * Plus the build-loop subset that was already canonical pre-#211:
+ * `ssh:*`, `scp:*`, `rsync:*`, `devbox:*`, `nix:*`, `git:*`,
+ * `gpg:*`, `gpg-agent:*`, `gh:*`, `npx:*`, `npm:*`, `node:*`,
+ * `make:*`, `tmux:*`, `jq:*`, `openssl:*`. These were applied by
+ * hand in operator workspaces; #211 bundles them into the canonical
+ * set so `macf init` / `macf update` install them consistently.
+ *
+ * Keep this list in lockstep with `plugin/rules/coordination.md`'s
+ * sandbox section (the operator-facing doc) — both are sources of
+ * truth and any drift confuses operators reading either.
+ */
+export const SANDBOX_EXCLUDED_COMMANDS = [
+    // Build-loop / deployment
+    'ssh:*',
+    'scp:*',
+    'rsync:*',
+    'devbox:*',
+    'nix:*',
+    'git:*',
+    'gpg:*',
+    'gpg-agent:*',
+    'gh:*',
+    'npx:*',
+    'npm:*',
+    'node:*',
+    'make:*',
+    'tmux:*',
+    'jq:*',
+    'openssl:*',
+    // Search/read dev-loop
+    'grep:*',
+    'rg:*',
+    'find:*',
+    'head:*',
+    'tail:*',
+    'cat:*',
+    'ls:*',
+    'wc:*',
+    'sort:*',
+    'awk:*',
+    'sed:*',
+    'diff:*',
+    'which:*',
+    // Shell wrappers (subprocesses fail at zsh-init under the
+    // regression even when the inner command is a no-op)
+    'bash:*',
+    'sh:*',
+    'xargs:*',
+    // Low-blast-radius filesystem mutations. `rm:*` + `mv:*`
+    // intentionally excluded — keep destructive ops sandboxed.
+    'mkdir:*',
+    'cp:*',
+    'touch:*',
+];
+/**
+ * Legacy MACF-managed `sandbox.excludedCommands` entries. Currently
+ * empty — #211 is the first managed cycle. Future CLI versions can
+ * append here when the canonical set drops a previously-managed
+ * command, so `installSandboxExcludedCommands` removes those entries
+ * from operator workspaces on next refresh.
+ */
+const MACF_LEGACY_EXCLUDED_COMMANDS = [];
+/**
+ * Install (or refresh) the canonical MACF entries in
+ * `.claude/settings.json`'s `sandbox.excludedCommands` array.
+ * Idempotent: repeated calls don't duplicate.
+ *
+ * Operator-authored entries are preserved verbatim. Stale MACF-
+ * managed entries (anything in MACF_LEGACY_EXCLUDED_COMMANDS) are
+ * dropped before the current set is installed; current MACF entries
+ * already present in the operator's list are left in their original
+ * position rather than re-appended.
+ *
+ * Opt-out: `MACF_SANDBOX_EXCLUDED_COMMANDS_SKIP=1|true` skips the
+ * install entirely. Aligned with the
+ * `MACF_SANDBOX_FD_FIX_SKIP` / `MACF_OTEL_DISABLED` family of opt-out
+ * env knobs.
+ *
+ * See macf#211 (this issue), claude-code#43454 (upstream
+ * regression), macf#200 / #208 (precedent fd allowRead pattern).
+ */
+export function installSandboxExcludedCommands(workspaceDir) {
+    const skip = process.env['MACF_SANDBOX_EXCLUDED_COMMANDS_SKIP'];
+    if (skip === '1' || skip === 'true')
+        return;
+    const absDir = resolve(workspaceDir);
+    const claudeDir = join(absDir, '.claude');
+    const path = join(claudeDir, 'settings.json');
+    mkdirSync(claudeDir, { recursive: true });
+    const settings = readSettings(path);
+    // Mirror installSandboxFdAllowRead's deep-narrow shape — operator-
+    // authored alien shapes default to fresh empty branches.
+    const sandboxRaw = settings['sandbox'] ?? {};
+    const existing = Array.isArray(sandboxRaw['excludedCommands'])
+        ? sandboxRaw['excludedCommands'].filter((v) => typeof v === 'string')
+        : [];
+    // Drop legacy MACF-managed entries, preserve everything else
+    // (operator-authored AND current-MACF entries already present).
+    const preserved = existing.filter((entry) => !MACF_LEGACY_EXCLUDED_COMMANDS.includes(entry));
+    // Merge in the current canonical set. Skip duplicates so an
+    // entry the operator already has stays in its original position
+    // rather than being re-appended at the end.
+    const merged = [...preserved];
+    for (const entry of SANDBOX_EXCLUDED_COMMANDS) {
+        if (!merged.includes(entry))
+            merged.push(entry);
+    }
+    // Idempotent short-circuit: nothing changed → skip the write.
+    const sameLength = merged.length === existing.length;
+    const sameContent = sameLength && merged.every((v, i) => v === existing[i]);
+    if (sameContent)
+        return;
+    const updated = {
+        ...settings,
+        sandbox: {
+            ...sandboxRaw,
+            excludedCommands: merged,
+        },
+    };
+    writeFileSync(path, JSON.stringify(updated, null, 2) + '\n');
+}
+/**
+ * Read `.claude/settings.json`'s `sandbox.excludedCommands` array as
+ * a list of strings. Returns an empty array if the file doesn't
+ * exist or the nested shape is absent/alien. Mirrors
+ * `getSandboxAllowRead` — used by `macf doctor` (follow-up under
+ * #211 step 2) once it wires the parity check in.
+ */
+export function getSandboxExcludedCommands(workspaceDir) {
+    const absDir = resolve(workspaceDir);
+    const path = join(absDir, '.claude', 'settings.json');
+    const settings = readSettings(path);
+    const sandboxRaw = settings['sandbox'] ?? {};
+    const list = sandboxRaw['excludedCommands'];
+    if (!Array.isArray(list))
+        return [];
+    return list.filter((v) => typeof v === 'string');
+}
 /**
  * Pattern that identifies MACF-managed skill-permission entries on
  * refresh. Any pattern starting with `Skill(macf-agent:` is

package/dist/cli/settings-writer.js.map

@@ -1 +1 @@
-{"version":3,"file":"settings-writer.js","sourceRoot":"","sources":["../../src/cli/settings-writer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE1C;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,mCAAmC,CAAC;AAErE;;;;GAIG;AACH,MAAM,kBAAkB,GAAG,mBAAmB,CAAC;AAE/C;;;;;;GAMG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,iEAAiE;IACjE,6EAA6E;IAC7E,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACjE,OAAO,QAAQ,KAAK,kBAAkB,CAAC;AACzC,CAAC;AAqBD,SAAS,YAAY,CAAC,IAAY;IAChC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,4DAA4D,IAAI,KAAM,GAAa,CAAC,OAAO,IAAI;YAC7F,gDAAgD,EAClD,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAsB;IACzD,+BAA+B;IAC/B,+BAA+B;IAC/B,8BAA8B;IAC9B,6BAA6B;CAC9B,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,eAAe,CAAC;AAEvD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,YAAoB;IACtD,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,UAAU,GAAI,QAAQ,CAAC,SAAS,CAAyC,IAAI,EAAE,CAAC;IACtF,MAAM,aAAa,GAAI,UAAU,CAAC,YAAY,CAAyC,IAAI,EAAE,CAAC;IAC9F,MAAM,IAAI,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACpC,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,uBAAuB,GAAsB;IACjD,kBAAkB;CACnB,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,yBAAyB,CAAC,YAAoB;IAC5D,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACrD,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO;IAE5C,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAE9C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,iEAAiE;IACjE,kEAAkE;IAClE,MAAM,UAAU,GAAI,QAAQ,CAAC,SAAS,CAAyC,IAAI,EAAE,CAAC;IACtF,MAAM,aAAa,GAAI,UAAU,CAAC,YAAY,CAAyC,IAAI,EAAE,CAAC;IAC9F,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QAC7D,CAAC,CAAE,aAAa,CAAC,WAAW,CAAwB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QACtG,CAAC,CAAC,EAAE,CAAC;IAEP,iEAAiE;IACjE,kEAAkE;IAClE,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CACpC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,QAAQ,CAAC,KAAK,CAAC,CACpD,CAAC;IAEF,gEAAgE;IAChE,6DAA6D;IAC7D,IAAI,SAAS,CAAC,MAAM,KAAK,aAAa,CAAC,MAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;QAC7F,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QAC3D,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,CAAC,GAAG,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAE5C,MAAM,OAAO,GAAa;QACxB,GAAG,QAAQ;QACX,OAAO,EAAE;YACP,GAAG,UAAU;YACb,UAAU,EAAE;gBACV,GAAG,aAAa;gBAChB,SAAS;aACV;SACF;KACF,CAAC;IAEF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED;;;;GAIG;AACH,MAAM,yBAAyB,GAAG,mBAAmB,CAAC;AAEtD;;;;;;;;GAQG;AACH,MAAM,UAAU,6BAA6B,CAAC,YAAoB;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAE9C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAK,QAAQ,CAAC,aAAa,CAAyB,CAAC,OAAO,CAAC,CAAC;QACvH,CAAC,CAAC,CAAE,QAAQ,CAAC,aAAa,CAAkC,CAAC,KAAK,CAAC;QACnE,CAAC,CAAC,EAAE,CAAC;IAEP,+DAA+D;IAC/D,mEAAmE;IACnE,4DAA4D;IAC5D,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CACpC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,yBAAyB,CAAC,CACrF,CAAC;IAEF,MAAM,KAAK,GAAa,CAAC,GAAG,SAAS,EAAE,GAAG,wBAAwB,CAAC,CAAC;IAEpE,MAAM,mBAAmB,GAAI,QAAQ,CAAC,aAAa,CAAyC,IAAI,EAAE,CAAC;IACnG,MAAM,OAAO,GAAa;QACxB,GAAG,QAAQ;QACX,WAAW,EAAE;YACX,GAAG,mBAAmB;YACtB,KAAK;SACN;KACF,CAAC;IAEF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,YAAoB;IACrD,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAE9C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;IACnC,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;IAE1C,qEAAqE;IACrE,kEAAkE;IAClE,oEAAoE;IACpE,2EAA2E;IAC3E,gEAAgE;IAChE,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CACjC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CACrE,CAAC;IAEF,MAAM,SAAS,GAAc;QAC3B,OAAO,EAAE,MAAM;QACf,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;KACzD,CAAC;IAEF,MAAM,OAAO,GAAa;QACxB,GAAG,QAAQ;QACX,KAAK,EAAE;YACL,GAAG,KAAK;YACR,UAAU,EAAE,CAAC,GAAG,SAAS,EAAE,SAAS,CAAC;SACtC;KACF,CAAC;IAEF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC/D,CAAC"}
+{"version":3,"file":"settings-writer.js","sourceRoot":"","sources":["../../src/cli/settings-writer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE1C;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,uDAAuD,CAAC;AAEzF;;;;GAIG;AACH,MAAM,kBAAkB,GAAG,mBAAmB,CAAC;AAE/C;;;;;;GAMG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,iEAAiE;IACjE,6EAA6E;IAC7E,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACjE,OAAO,QAAQ,KAAK,kBAAkB,CAAC;AACzC,CAAC;AAqBD,SAAS,YAAY,CAAC,IAAY;IAChC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,4DAA4D,IAAI,KAAM,GAAa,CAAC,OAAO,IAAI;YAC7F,gDAAgD,EAClD,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAsB;IACzD,+BAA+B;IAC/B,+BAA+B;IAC/B,8BAA8B;IAC9B,6BAA6B;CAC9B,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,eAAe,CAAC;AAEvD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,YAAoB;IACtD,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,UAAU,GAAI,QAAQ,CAAC,SAAS,CAAyC,IAAI,EAAE,CAAC;IACtF,MAAM,aAAa,GAAI,UAAU,CAAC,YAAY,CAAyC,IAAI,EAAE,CAAC;IAC9F,MAAM,IAAI,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACpC,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,uBAAuB,GAAsB;IACjD,kBAAkB;CACnB,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,yBAAyB,CAAC,YAAoB;IAC5D,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACrD,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO;IAE5C,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAE9C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,iEAAiE;IACjE,kEAAkE;IAClE,MAAM,UAAU,GAAI,QAAQ,CAAC,SAAS,CAAyC,IAAI,EAAE,CAAC;IACtF,MAAM,aAAa,GAAI,UAAU,CAAC,YAAY,CAAyC,IAAI,EAAE,CAAC;IAC9F,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QAC7D,CAAC,CAAE,aAAa,CAAC,WAAW,CAAwB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QACtG,CAAC,CAAC,EAAE,CAAC;IAEP,iEAAiE;IACjE,kEAAkE;IAClE,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CACpC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,QAAQ,CAAC,KAAK,CAAC,CACpD,CAAC;IAEF,gEAAgE;IAChE,6DAA6D;IAC7D,IAAI,SAAS,CAAC,MAAM,KAAK,aAAa,CAAC,MAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;QAC7F,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QAC3D,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,CAAC,GAAG,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAE5C,MAAM,OAAO,GAAa;QACxB,GAAG,QAAQ;QACX,OAAO,EAAE;YACP,GAAG,UAAU;YACb,UAAU,EAAE;gBACV,GAAG,aAAa;gBAChB,SAAS;aACV;SACF;KACF,CAAC;IAEF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAsB;IAC1D,0BAA0B;IAC1B,OAAO;IACP,OAAO;IACP,SAAS;IACT,UAAU;IACV,OAAO;IACP,OAAO;IACP,OAAO;IACP,aAAa;IACb,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,WAAW;IACX,uBAAuB;IACvB,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,MAAM;IACN,MAAM;IACN,QAAQ;IACR,OAAO;IACP,OAAO;IACP,QAAQ;IACR,SAAS;IACT,0DAA0D;IAC1D,qDAAqD;IACrD,QAAQ;IACR,MAAM;IACN,SAAS;IACT,yDAAyD;IACzD,2DAA2D;IAC3D,SAAS;IACT,MAAM;IACN,SAAS;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAsB,EAAE,CAAC;AAE5D;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,8BAA8B,CAAC,YAAoB;IACjE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IAChE,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO;IAE5C,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAE9C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,mEAAmE;IACnE,yDAAyD;IACzD,MAAM,UAAU,GAAI,QAAQ,CAAC,SAAS,CAAyC,IAAI,EAAE,CAAC;IACtF,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QAC5D,CAAC,CAAE,UAAU,CAAC,kBAAkB,CAAwB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QAC1G,CAAC,CAAC,EAAE,CAAC;IAEP,6DAA6D;IAC7D,gEAAgE;IAChE,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAC/B,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,6BAA6B,CAAC,QAAQ,CAAC,KAAK,CAAC,CAC1D,CAAC;IAEF,4DAA4D;IAC5D,gEAAgE;IAChE,4CAA4C;IAC5C,MAAM,MAAM,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;IAC9B,KAAK,MAAM,KAAK,IAAI,yBAAyB,EAAE,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,8DAA8D;IAC9D,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,CAAC;IACrD,MAAM,WAAW,GAAG,UAAU,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,IAAI,WAAW;QAAE,OAAO;IAExB,MAAM,OAAO,GAAa;QACxB,GAAG,QAAQ;QACX,OAAO,EAAE;YACP,GAAG,UAAU;YACb,gBAAgB,EAAE,MAAM;SACzB;KACF,CAAC;IAEF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CAAC,YAAoB;IAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,UAAU,GAAI,QAAQ,CAAC,SAAS,CAAyC,IAAI,EAAE,CAAC;IACtF,MAAM,IAAI,GAAG,UAAU,CAAC,kBAAkB,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACpC,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED;;;;GAIG;AACH,MAAM,yBAAyB,GAAG,mBAAmB,CAAC;AAEtD;;;;;;;;GAQG;AACH,MAAM,UAAU,6BAA6B,CAAC,YAAoB;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAE9C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAK,QAAQ,CAAC,aAAa,CAAyB,CAAC,OAAO,CAAC,CAAC;QACvH,CAAC,CAAC,CAAE,QAAQ,CAAC,aAAa,CAAkC,CAAC,KAAK,CAAC;QACnE,CAAC,CAAC,EAAE,CAAC;IAEP,+DAA+D;IAC/D,mEAAmE;IACnE,4DAA4D;IAC5D,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CACpC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,yBAAyB,CAAC,CACrF,CAAC;IAEF,MAAM,KAAK,GAAa,CAAC,GAAG,SAAS,EAAE,GAAG,wBAAwB,CAAC,CAAC;IAEpE,MAAM,mBAAmB,GAAI,QAAQ,CAAC,aAAa,CAAyC,IAAI,EAAE,CAAC;IACnG,MAAM,OAAO,GAAa;QACxB,GAAG,QAAQ;QACX,WAAW,EAAE;YACX,GAAG,mBAAmB;YACtB,KAAK;SACN;KACF,CAAC;IAEF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,YAAoB;IACrD,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAE9C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;IACnC,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;IAE1C,qEAAqE;IACrE,kEAAkE;IAClE,oEAAoE;IACpE,2EAA2E;IAC3E,gEAAgE;IAChE,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CACjC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CACrE,CAAC;IAEF,MAAM,SAAS,GAAc;QAC3B,OAAO,EAAE,MAAM;QACf,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;KACzD,CAAC;IAEF,MAAM,OAAO,GAAa;QACxB,GAAG,QAAQ;QACX,KAAK,EAAE;YACL,GAAG,KAAK;YACR,UAAU,EAAE,CAAC,GAAG,SAAS,EAAE,SAAS,CAAC;SACtC;KACF,CAAC;IAEF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC/D,CAAC"}

package/dist/cli/version-resolver.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version-resolver.d.ts","sourceRoot":"","sources":["../../src/cli/version-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,MAAM,WAAW,GAAG,IAAI,GAAG,eAAe,GAAG,eAAe,GAAG,cAAc,GAAG,kBAAkB,CAAC;AA+BzG,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,GAAG,EAAE,WAAW,CAAC;QAC1B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;QAC7B,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;KAC/B,CAAC;CACH;AAED,eAAO,MAAM,iBAAiB,EAAE,UAI/B,CAAC;AAEF,eAAO,MAAM,cAAc,QAAoB,CAAC;AAChD,eAAO,MAAM,mBAAmB,QAAuB,CAAC;AAExD,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAEhD;AAED,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAEpD;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAW1D;AA4BD;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,WAAW,CAAC,CAgBlE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,WAAW,CAAC,CA6BrE;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,WAAW,CAAC,CA2BtE;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAmBvE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,MAAM,CAQ5E"}
+{"version":3,"file":"version-resolver.d.ts","sourceRoot":"","sources":["../../src/cli/version-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,MAAM,WAAW,GAAG,IAAI,GAAG,eAAe,GAAG,eAAe,GAAG,cAAc,GAAG,kBAAkB,CAAC;AA+BzG,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,GAAG,EAAE,WAAW,CAAC;QAC1B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;QAC7B,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;KAC/B,CAAC;CACH;AAED,eAAO,MAAM,iBAAiB,EAAE,UAgB/B,CAAC;AAEF,eAAO,MAAM,cAAc,QAAoB,CAAC;AAChD,eAAO,MAAM,mBAAmB,QAAuB,CAAC;AAExD,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAEhD;AAED,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAEpD;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAW1D;AA4BD;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,WAAW,CAAC,CAgBlE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,WAAW,CAAC,CA6BrE;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,WAAW,CAAC,CA2BtE;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAmBvE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,MAAM,CAQ5E"}

package/dist/cli/version-resolver.js

@@ -18,6 +18,7 @@
  * fetch failed" message. GitHub fetchers fall back from /releases/latest
  * to /tags so bare-tag versioning (no GitHub Release object) still works.
  */
+import { PACKAGE_VERSION } from '../package-version.js';
 /**
  * GitHub API headers. Uses `GH_TOKEN` from env if present — raises the
  * anonymous 60 req/h limit to 5000 req/h. Primary #186 fix: operators
@@ -48,8 +49,20 @@ function classifyGithubError(status) {
     return 'invalid_response';
 }
 export const FALLBACK_VERSIONS = {
-    cli: '0.2.0-rc.1',
-    plugin: '0.1.0',
+    cli: PACKAGE_VERSION,
+    // Bumped 2026-04-26 (testbed#229 + macf#259): v0.1.0 plugin manifest
+    // shipped `mcpServers.macf-agent.command: "node"` against
+    // `${CLAUDE_PLUGIN_ROOT}/dist/server.js`, which fails with
+    // `Cannot find package '@modelcontextprotocol/sdk'` when Claude Code's
+    // plugin loader spawns it (deps land in CLAUDE_PLUGIN_DATA, not
+    // PLUGIN_ROOT). v0.2.0 cut over to `npx -y @groundnuty/macf-channel-server`
+    // (DR-022 npm-dispatch), which sidesteps dep-resolution entirely.
+    // When the version-resolver's network fetch fails (anon GitHub API
+    // rate limit, 60 req/h — bites bootstrap scripts that don't preset
+    // GH_TOKEN before `macf init`), this fallback was sticking consumers
+    // on the broken v0.1.0. Bumped to '0.2.0' so the failure mode lands
+    // on a working plugin.
+    plugin: '0.2.0',
     actions: 'v1',
 };
 export const SEMVER_PATTERN = /^\d+\.\d+\.\d+$/;

package/dist/cli/version-resolver.js.map

@@ -1 +1 @@
-{"version":3,"file":"version-resolver.js","sourceRoot":"","sources":["../../src/cli/version-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAUH;;;;;;;GAOG;AACH,SAAS,aAAa;IACpB,MAAM,OAAO,GAA2B,EAAE,QAAQ,EAAE,6BAA6B,EAAE,CAAC;IACpF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,EAAE,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QAC5D,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAC/C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,eAAe,CAAC;IAC3C,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,cAAc,CAAC;IAC9E,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAgBD,MAAM,CAAC,MAAM,iBAAiB,GAAe;IAC3C,GAAG,EAAE,YAAY;IACjB,MAAM,EAAE,OAAO;IACf,OAAO,EAAE,IAAI;CACd,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,iBAAiB,CAAC;AAChD,MAAM,CAAC,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;AAExD,MAAM,UAAU,aAAa,CAAC,CAAS;IACrC,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAS;IACzC,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,CAAS,EAAE,CAAS;IAChD,MAAM,KAAK,GAAG,CAAC,CAAS,EAA4B,EAAE;QACpD,MAAM,CAAC,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9F,CAAC,CAAC;IACF,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,GAAG,IAAI,CAAC;IACtC,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,GAAG,IAAI,CAAC;IACtC,OAAO,IAAI,GAAG,IAAI,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,gCAAgC,IAAI,OAAO,EAAE;YACnE,OAAO,EAAE,aAAa,EAAE;SACzB,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC7E,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA+B,CAAC;QAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAE7E,MAAM,UAAU,GAAG,IAAI;aACpB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;aACpD,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,KAAK,IAAI,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAEzE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAE7E,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;QAC7D,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAE,EAAE,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,sCAAsC,EAAE;YAC9D,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACxE,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAChE,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA2C,CAAC;QACvE,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QACzC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,MAAM,IAAI,GAAG,6BAA6B,CAAC;IAE3C,6BAA6B;IAC7B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,gCAAgC,IAAI,kBAAkB,EAAE;YAC9E,OAAO,EAAE,aAAa,EAAE;SACzB,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA2B,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC5B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrC,IAAI,aAAa,CAAC,MAAM,CAAC;oBAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;YACpE,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACrD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACxF,8EAA8E;IAChF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,kBAAkB;IAClB,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK;QAAE,OAAO,UAAU,CAAC;IACvE,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/E,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,MAAM,IAAI,GAAG,yBAAyB,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,gCAAgC,IAAI,kBAAkB,EAAE;YAC9E,OAAO,EAAE,aAAa,EAAE;SACzB,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA2B,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACvD,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACrD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC1F,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,kBAAkB;IAClB,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK;QAAE,OAAO,UAAU,CAAC;IACvE,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAC3C,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC3D,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC/C,qBAAqB,EAAE;QACvB,wBAAwB,EAAE;QAC1B,yBAAyB,EAAE;KAC5B,CAAC,CAAC;IAEH,OAAO;QACL,QAAQ,EAAE;YACR,GAAG,EAAE,GAAG,CAAC,KAAK,IAAI,iBAAiB,CAAC,GAAG;YACvC,MAAM,EAAE,MAAM,CAAC,KAAK,IAAI,iBAAiB,CAAC,MAAM;YAChD,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,iBAAiB,CAAC,OAAO;SACpD;QACD,OAAO,EAAE;YACP,GAAG,EAAE,GAAG,CAAC,MAAM;YACf,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,OAAO,CAAC,MAAM;SACxB;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,MAAmB;IAClE,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,IAAI,CAAC,CAAC,OAAO,GAAG,SAAS,MAAM,CAAC;QACrC,KAAK,eAAe,CAAC,CAAC,OAAO,GAAG,SAAS,8CAA8C,CAAC;QACxF,KAAK,eAAe,CAAC,CAAC,OAAO,GAAG,SAAS,wCAAwC,CAAC;QAClF,KAAK,cAAc,CAAC,CAAC,OAAO,GAAG,SAAS,2GAA2G,CAAC;QACpJ,KAAK,kBAAkB,CAAC,CAAC,OAAO,GAAG,SAAS,8CAA8C,CAAC;IAC7F,CAAC;AACH,CAAC"}
+{"version":3,"file":"version-resolver.js","sourceRoot":"","sources":["../../src/cli/version-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAUxD;;;;;;;GAOG;AACH,SAAS,aAAa;IACpB,MAAM,OAAO,GAA2B,EAAE,QAAQ,EAAE,6BAA6B,EAAE,CAAC;IACpF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,EAAE,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QAC5D,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAC/C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,eAAe,CAAC;IAC3C,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,cAAc,CAAC;IAC9E,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAgBD,MAAM,CAAC,MAAM,iBAAiB,GAAe;IAC3C,GAAG,EAAE,eAAe;IACpB,qEAAqE;IACrE,0DAA0D;IAC1D,2DAA2D;IAC3D,uEAAuE;IACvE,gEAAgE;IAChE,4EAA4E;IAC5E,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,qEAAqE;IACrE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,EAAE,OAAO;IACf,OAAO,EAAE,IAAI;CACd,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,iBAAiB,CAAC;AAChD,MAAM,CAAC,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;AAExD,MAAM,UAAU,aAAa,CAAC,CAAS;IACrC,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAS;IACzC,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,CAAS,EAAE,CAAS;IAChD,MAAM,KAAK,GAAG,CAAC,CAAS,EAA4B,EAAE;QACpD,MAAM,CAAC,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9F,CAAC,CAAC;IACF,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,GAAG,IAAI,CAAC;IACtC,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,GAAG,IAAI,CAAC;IACtC,OAAO,IAAI,GAAG,IAAI,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,gCAAgC,IAAI,OAAO,EAAE;YACnE,OAAO,EAAE,aAAa,EAAE;SACzB,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC7E,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA+B,CAAC;QAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAE7E,MAAM,UAAU,GAAG,IAAI;aACpB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;aACpD,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,KAAK,IAAI,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAEzE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAE7E,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;QAC7D,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAE,EAAE,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,sCAAsC,EAAE;YAC9D,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACxE,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAChE,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA2C,CAAC;QACvE,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QACzC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,MAAM,IAAI,GAAG,6BAA6B,CAAC;IAE3C,6BAA6B;IAC7B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,gCAAgC,IAAI,kBAAkB,EAAE;YAC9E,OAAO,EAAE,aAAa,EAAE;SACzB,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA2B,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC5B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrC,IAAI,aAAa,CAAC,MAAM,CAAC;oBAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;YACpE,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACrD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACxF,8EAA8E;IAChF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,kBAAkB;IAClB,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK;QAAE,OAAO,UAAU,CAAC;IACvE,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/E,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,MAAM,IAAI,GAAG,yBAAyB,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,gCAAgC,IAAI,kBAAkB,EAAE;YAC9E,OAAO,EAAE,aAAa,EAAE;SACzB,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA2B,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACvD,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACrD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC1F,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,kBAAkB;IAClB,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK;QAAE,OAAO,UAAU,CAAC;IACvE,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAC3C,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC3D,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC/C,qBAAqB,EAAE;QACvB,wBAAwB,EAAE;QAC1B,yBAAyB,EAAE;KAC5B,CAAC,CAAC;IAEH,OAAO;QACL,QAAQ,EAAE;YACR,GAAG,EAAE,GAAG,CAAC,KAAK,IAAI,iBAAiB,CAAC,GAAG;YACvC,MAAM,EAAE,MAAM,CAAC,KAAK,IAAI,iBAAiB,CAAC,MAAM;YAChD,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,iBAAiB,CAAC,OAAO;SACpD;QACD,OAAO,EAAE;YACP,GAAG,EAAE,GAAG,CAAC,MAAM;YACf,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,OAAO,CAAC,MAAM;SACxB;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,MAAmB;IAClE,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,IAAI,CAAC,CAAC,OAAO,GAAG,SAAS,MAAM,CAAC;QACrC,KAAK,eAAe,CAAC,CAAC,OAAO,GAAG,SAAS,8CAA8C,CAAC;QACxF,KAAK,eAAe,CAAC,CAAC,OAAO,GAAG,SAAS,wCAAwC,CAAC;QAClF,KAAK,cAAc,CAAC,CAAC,OAAO,GAAG,SAAS,2GAA2G,CAAC;QACpJ,KAAK,kBAAkB,CAAC,CAAC,OAAO,GAAG,SAAS,8CAA8C,CAAC;IAC7F,CAAC;AACH,CAAC"}

package/dist/package-version.d.ts

@@ -0,0 +1,2 @@
+export declare const PACKAGE_VERSION: string;
+//# sourceMappingURL=package-version.d.ts.map

package/dist/package-version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"package-version.d.ts","sourceRoot":"","sources":["../src/package-version.ts"],"names":[],"mappings":"AA0BA,eAAO,MAAM,eAAe,EAAE,MAErB,CAAC"}

package/dist/package-version.js

@@ -0,0 +1,26 @@
+/**
+ * Package version, derived from `package.json` at module load.
+ *
+ * Structural fix for macf#216 — replaces hardcoded version literals
+ * in `cli/index.ts` (commander `.version()`), `version-resolver.ts`
+ * (`FALLBACK_VERSIONS.cli` default), and the init-versions test
+ * assertion. Without this util, every release bump required editing
+ * 4 source literals plus 5 package.json fields; missing any one
+ * caused silent drift (seen on macf#215 PR review + macf#219 rc.1
+ * bump).
+ *
+ * Path resolution works for both dev (source loaded from `src/`) and
+ * installed (compiled loaded from `dist/`) layouts: one dir up from
+ * this file's location lands at the package root where
+ * `package.json` lives in both cases.
+ *
+ * `package.json` is always included in npm-published tarballs
+ * regardless of the `files` field, so the runtime read works post-
+ * publish for operators consuming `@groundnuty/macf` via npm.
+ */
+import { readFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const pkgPath = join(dirname(fileURLToPath(import.meta.url)), '..', 'package.json');
+export const PACKAGE_VERSION = JSON.parse(readFileSync(pkgPath, 'utf-8')).version;
+//# sourceMappingURL=package-version.js.map

package/dist/package-version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"package-version.js","sourceRoot":"","sources":["../src/package-version.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;AAEpF,MAAM,CAAC,MAAM,eAAe,GAC1B,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAC1C,CAAC,OAAO,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@groundnuty/macf",
-  "version": "0.2.0-rc.1",
+  "version": "0.2.1",
   "description": "Multi-Agent Coordination Framework CLI — coordinate Claude Code agents via GitHub. Installs as `macf` binary; use `macf init` to set up an agent workspace, `macf update` to refresh rules + version pins.",
   "type": "module",
   "main": "dist/index.js",
@@ -35,7 +35,7 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@groundnuty/macf-core": "0.2.0-rc.1",
+    "@groundnuty/macf-core": "0.2.1",
     "commander": "^14.0.3",
     "reflect-metadata": "^0.2.2",
     "zod": "^4.0.0"

package/plugin/rules/check-before-propose.md

@@ -0,0 +1,86 @@
+# Check Before Propose
+
+**Before proposing a technical shape, claiming a pattern is broken, or writing code against a memory of how the codebase looks — go read the current state.**
+
+Three cognitive shortcuts repeatedly produce bad proposals:
+
+1. "I remember how this works" → propose changes → the code moved, proposal is off
+2. "This pattern is broken upstream" → the upstream pattern is fine; our implementation differs
+3. "I'll write the fix" → write it against stale API shape → bash/run → surprised it fails
+
+The fix is cheap: open the files, diff against a working peer, read the current convention. A one-minute check beats a twenty-minute unwind.
+
+---
+
+## 1. Check framework convention before proposing a shape
+
+Before proposing a technical shape for cross-cutting design (flag naming, config structure, env-var layout, helm values pattern, GitHub Actions step shape, API surface), scan for how the project already does it:
+
+- Grep the repo for similar patterns. If there are three existing instances, the fourth should match.
+- Read the framework's own docs / DRs / reference implementations.
+- Check adjacent configs (sibling charts, sibling workflows, sibling modules) for conventions you'd be breaking.
+
+For GitHub Actions specifically: step-level `uses:` cannot evaluate `${{ }}` expressions at composition time — it's a static reference. Before proposing `uses: ${{ env.ACTION_REF }}`, check that you're in a job-level or input-level context where expression interpolation runs.
+
+For helm charts: before proposing a new `values.yaml` key, check if the chart's `values.schema.json` or existing `README.md` defines a convention. Bitnami charts in particular have strict naming.
+
+For language-specific configs: `tsconfig.json`, `pyproject.toml`, `go.mod`, `Cargo.toml` — conventions propagate across files in a project. New keys should match the tone of existing ones.
+
+**The rule:** 1 minute of grep saves an embarrassing proposal that requires a subsequent "nvm, that's not how this project does it" turn.
+
+---
+
+## 2. Diff against a working consumer before blaming the pattern
+
+When a call to some upstream pattern or library fails, the default hypothesis should be:
+
+- **First:** my implementation differs from what works elsewhere
+- **Second** (only after ruling out first): the pattern itself is broken
+
+Find a known-working consumer and diff against your invocation:
+
+    diff <(cat path/to/working-consumer) <(cat path/to/my-call)
+
+Or for GitHub Actions: `gh run view` the working consumer's successful run, compare inputs. For helm: compare your `values.yaml` override against an upstream chart's `examples/`. For API calls: run the same call with the working caller's args and yours, compare the error bodies.
+
+Claiming "pattern P is broken upstream" is a strong assertion. It should only survive:
+
+- A found working consumer elsewhere with comparable inputs → if the working consumer exists, the pattern works; the diff IS the problem
+- Or a dive into the upstream source confirming a recent regression with a commit SHA to cite
+
+Without one of those, "pattern is broken" is almost always a misdiagnosis.
+
+---
+
+## 3. Before writing code against memory, read the file
+
+If you "remember" that `src/foo.ts` exports a function `bar` that takes `(a, b)` — before writing code that calls it, read the file. APIs shift. Functions get renamed, arguments reshuffled, return types changed. A proposal that cites function signatures from memory is a proposal that gets written, attempted, failed, reverted.
+
+This is the tightest version of the rule for coding work: **Read → Modify → Test**. Not Remember → Modify → Hope. The Read step is 5 seconds. The cost of skipping it is minutes of confused debugging when the memory-cached API doesn't match the current code.
+
+For devops work specifically: before writing a helm values override, `helm show values <chart>` to see the current defaults. Before writing a `kubectl patch`, `kubectl get -o yaml` the current object shape. Before writing a `terraform import`, `terraform state show` similar resources to see the expected schema.
+
+---
+
+## 4. Before proposing config for a state surface, check where that state already lives
+
+Don't build a parallel config surface when the state already has a home.
+
+Example of the trap: an agent proposes adding an `agents.yaml` config file to track which bots are registered — but the bots are already tracked in GitHub App install sets + organization variables + the MACF registry. The proposed file would be a fourth, drift-prone source of truth.
+
+Before designing a new config format / env var / secret pattern, ask:
+
+- Does GitHub already know this? (App installations, org variables, repo secrets, team membership)
+- Does the cluster already know this? (ConfigMap, Secret, labels on existing resources, helm release notes)
+- Does the registry already know this? (MACF org variables, service catalog, feature flags)
+- Does the filesystem already know this? (existing `.env`, `.gitconfig`, `values.yaml` file)
+
+If yes, your new config should either read from the existing source or be built alongside it, not parallel to it.
+
+---
+
+## Why this rule exists
+
+The failure mode this rule catches isn't sloppiness — it's the opposite. It's the confident proposal from a well-informed agent whose mental model is slightly stale. The fix isn't to be less confident; it's to cheaply refresh the mental model before spending the confidence.
+
+One `grep`, one `gh pr view`, one `helm show values` — then propose. The check adds seconds. The recovery from a misaimed proposal adds minutes of peer time and muddies the thread.

package/plugin/rules/codify-at-correction-time.md

@@ -0,0 +1,92 @@
+# Codify at Correction Time
+
+**When peer correction reveals a substrate-discipline gap — write the workbench rule (or in-thread codification) immediately, not later.** Codify-at-correction-time is the substrate's natural Stage-3 mechanism for absorbing peer correction; making it canonical promotes it from emergent property to expected discipline.
+
+This rule is the cross-agent canonical version of the `codify-at-decision-time` workbench discipline. They're complementary:
+
+- **Decision time** — codify when introducing a new path / file / env var / workaround the canonical rules don't yet acknowledge. Pre-emptive.
+- **Correction time** — codify when peer correction surfaces a gap in your existing application of canonical rules. Post-hoc.
+
+Both are species of "make the lesson explicit and durable rather than implicit and fragile."
+
+---
+
+## When to fire
+
+Within ~2 turns of any of the following:
+
+- **Peer surfaces a class-of-slip** in your behavior (not just a single instance — they identify a recurring shape: *"this is the third time you've...")
+- **You concede after pushback** + the concession represents new framing worth preserving past this thread
+- **Your application of a canonical rule misfired** in a way that's not directly addressed by the rule's existing text — you've found the gap before the canonical rule has
+- **A peer's correction lands a useful generalization** of the canonical rule (e.g., "verify-before-claim cuts at every hop, not just the original claim")
+
+The trigger is *peer correction surfaces a substrate-discipline pattern*, not just *peer correction happens*. Routine "you got X wrong, fix it" doesn't require codification — only patterns that generalize past this incident.
+
+---
+
+## How to codify
+
+Two surfaces, both useful:
+
+### Workbench memory (private, durable across sessions)
+
+Write a one-page feedback memory at `~/.claude/projects/.../memory/feedback_<slug>.md` (or your agent's equivalent memory location). Format:
+
+    ---
+    name: <one-line rule statement>
+    description: <when to apply, why it exists>
+    type: feedback
+    ---
+
+    <body: rule + when-to-apply + when-NOT + cross-references>
+
+The memory loads on session start; future sessions inherit the discipline.
+
+### In-thread paper-trail (durable on GitHub, audit-able)
+
+If your agent class doesn't have durable workbench memory (e.g., ephemeral testers whose workspace regenerates on bootstrap), or if the lesson belongs in the paper-trail, post the codification as a comment on the thread where it surfaced:
+
+    Pattern worth noting on my side: [class-of-slip articulated explicitly]. Hit N times in [window]; corrective shape is [what to do differently].
+
+The thread becomes the durable substrate-of-codification. Future readers (peers, paper authors, future-you) can audit the codification chain via GitHub's issue history.
+
+For research-grade findings: BOTH surfaces. Memory captures the lesson; the paper-trail comment makes it citable.
+
+---
+
+## Multi-agent codification cascades are the goal, not redundant work
+
+When peer correction surfaces a substrate-discipline gap, expect multiple agents to independently codify the same lesson, often within minutes of each other. This is feature, not redundancy:
+
+- **Cross-agent attestation** of the same meta-rule provides stronger evidence that the lesson generalizes than a single-agent codification
+- **Memory-naming convergence** across agents (similar slugs, similar structure) is a signal that the rule is genuinely general
+- **Codification-mechanism diversity** (memory file, in-thread comment, workbench rule promotion, retroactive-application announcement) is appropriate per agent — each agent's persistence model differs
+
+Observed 2026-04-25 / 2026-04-26: 11 codification events across 4 agents (3 substrate + 1 measurement) in ~36 hours, on 3 distinct canonical-rule refinements + the meta-rule itself. Multi-agent codification cascades produced this pattern as a substrate-level emergent property; making the codification habit canonical promotes it from emergent to expected.
+
+See `groundnuty/macf-science-agent:insights/2026-04-26-verify-at-every-hop-emitter-receiver-cross-cell.md` for the case study + meta-tally of the events that motivated this rule's promotion.
+
+---
+
+## When NOT to codify
+
+- The correction was for a single instance with no recurring shape (one-off bug ≠ pattern)
+- The lesson is already captured by an existing canonical rule (don't duplicate; reference)
+- The agent's correction was substantively wrong and you're conceding to maintain harmony rather than because the framing is right (push back per `peer-dynamic.md`)
+- Mid-flow on something more important + can defer by ≤1 turn safely
+
+---
+
+## Apply in real time
+
+The discipline isn't aspirational — it's operational on the next decision after codification. If you save the rule at turn N, you're expected to apply it at turn N+1 (or have an explicit reason not to).
+
+Observed 2026-04-25: code-agent saved `feedback_verify_at_every_hop_when_citing_peer_evidence.md` at ~18:38Z and applied it the same minute by deferring a fix that would have re-framed peer evidence without re-verification. Codify-at-correction-time + immediate application is the full pattern.
+
+---
+
+## Cross-references
+
+- `verify-before-claim.md` §5 — the verify-at-every-hop discipline this rule operationalizes the codification habit for
+- `peer-dynamic.md` — the broader peer-correction protocol this rule extends (correct each other through dialogue → codify the dialogue's lessons)
+- `coordination.md` — the substrate-level coordination protocol that makes peer correction reliable enough for codification cascades to emerge

package/plugin/rules/coordination.md

@@ -217,6 +217,23 @@ The helper is distributed to every agent workspace by `macf init` and refreshed
 
 ---
 
+## Sandbox Configuration (Bash dev-loop unblocking)
+
+Claude Code 2.1.92+ has a seccomp regression on Linux ([anthropic/claude-code#43454](https://github.com/anthropics/claude-code/issues/43454)) that breaks Bash tool calls inside the sandbox during the spawned shell's own startup — zsh tries to read `/proc/self/fd/3` before any user-code runs and the regression denies that read. Even with `sandbox.filesystem.allowRead: ["/proc/self/fd"]` in place (per macf#208), the regression still bites because it hits before the allow-rule applies.
+
+**Workaround**: add common dev-loop commands to `sandbox.excludedCommands` so they run unsandboxed. The sandbox still gates anything not on the list; only the listed prefixes opt out. `macf init` / `macf update` / `macf rules refresh` install a canonical set per macf#211 — operator-authored entries are preserved on refresh.
+
+**Canonical set** (kept in lockstep with `SANDBOX_EXCLUDED_COMMANDS` in `packages/macf/src/cli/settings-writer.ts`):
+
+- **Build-loop / deployment**: `ssh:*`, `scp:*`, `rsync:*`, `devbox:*`, `nix:*`, `git:*`, `gpg:*`, `gpg-agent:*`, `gh:*`, `npx:*`, `npm:*`, `node:*`, `make:*`, `tmux:*`, `jq:*`, `openssl:*`
+- **Search/read**: `grep:*`, `rg:*`, `find:*`, `head:*`, `tail:*`, `cat:*`, `ls:*`, `wc:*`, `sort:*`, `awk:*`, `sed:*`, `diff:*`, `which:*`
+- **Shell wrappers**: `bash:*`, `sh:*`, `xargs:*` (subprocess shells fail at zsh-init under the regression even when the inner command is a no-op)
+- **Low-blast-radius fs mutations**: `mkdir:*`, `cp:*`, `touch:*`. **Destructive ops (`rm:*`, `mv:*`) are intentionally NOT in the list** — keeping them sandboxed limits accidental damage paths even though the sandbox is defense-in-depth here.
+
+**Opt-out**: `MACF_SANDBOX_EXCLUDED_COMMANDS_SKIP=1` skips the canonical install. Aligned with `MACF_SANDBOX_FD_FIX_SKIP` / `MACF_OTEL_DISABLED` opt-out family. If you want a tighter list (e.g., drop the fs-mutation entries), set the skip flag and curate manually — refresh won't re-add canonical entries you removed.
+
+---
+
 ## When to Read vs. Modify These Rules
 
 - **Read:** Every session start. These rules define how you coordinate.