@guilz-dev/belay 0.1.1 → 0.2.0

package/dist/bundle/cursor-runtime.mjs

@@ -86,7 +86,7 @@ var LEGACY_POLICY_V3 = {
   fenceWarnThreshold: DEFAULT_FENCE_WARN_THRESHOLD
 };
 var DEFAULT_POLICY_V3 = {
-  unknownLocalEffect: "deny",
+  unknownLocalEffect: "allow_flagged",
   unparseableShell: "deny",
   codexUnmappedTool: "deny",
   confidenceThresholds: { ...DEFAULT_CONFIDENCE_THRESHOLDS },
@@ -703,16 +703,25 @@ import { mkdir as mkdir3, readFile as readFile2, writeFile as writeFile2 } from
 import path16 from "node:path";
 
 // src/core/approval.ts
+var APPROVAL_EXECUTION_LEASE_MS = 6e4;
 function nowIso() {
   return (/* @__PURE__ */ new Date()).toISOString();
 }
 function isExpired(approval) {
   return Date.parse(approval.expiresAt) <= Date.now();
 }
+function isExecutionLeaseExpired(approval) {
+  if (!approval.executionLeaseExpiresAt) {
+    return false;
+  }
+  return Date.parse(approval.executionLeaseExpiresAt) <= Date.now();
+}
 function compactApprovals(state) {
   return {
     version: state.version,
-    approvals: state.approvals.filter((approval) => !isExpired(approval))
+    approvals: state.approvals.filter(
+      (approval) => !isExpired(approval) && !isExecutionLeaseExpired(approval)
+    )
   };
 }
 function escapeRegex(value) {
@@ -721,8 +730,15 @@ function escapeRegex(value) {
 }
 function approvalCommandMatch(prompt, tokenPrefix) {
   const escapedPrefix = escapeRegex(tokenPrefix);
-  const match = prompt.match(new RegExp(`^\\s*${escapedPrefix}\\s+(\\S+)\\s*$`, "i"));
-  return match?.[1] ?? null;
+  const linePattern = new RegExp(`^\\s*${escapedPrefix}\\s+(\\S+)\\s*$`, "i");
+  for (const line of prompt.split(/\r?\n/)) {
+    if (!line.trim()) {
+      continue;
+    }
+    const match = line.match(linePattern);
+    return match?.[1] ?? null;
+  }
+  return null;
 }
 function buildRetryInstruction(tokenPrefix, approvalId) {
   return `To allow the next matching action once, send ${tokenPrefix} ${approvalId} and then retry the original action unchanged.`;
@@ -1249,7 +1265,7 @@ function classifyResultToGateVerdict(params) {
     approvalId,
     user_message,
     agent_message,
-    v2: result.v2
+    axes: result.axes
   };
 }
 function unnormalizedGateVerdict(params) {
@@ -1503,7 +1519,7 @@ function matchesSensitivePath(filePath, patterns) {
   return false;
 }
 
-// src/core/v2/judge-audit.ts
+// src/core/verdict/judge-audit.ts
 function judgeTraceAuditFields(trace) {
   if (!trace) {
     return {};
@@ -1518,7 +1534,7 @@ function judgeTraceAuditFields(trace) {
   };
 }
 
-// src/core/v2/judge-outbound.ts
+// src/core/verdict/judge-outbound.ts
 var PATH_LIKE = /(?:^|[\s"'`=])(~\/[^\s"'`]+|\/[^\s"'`]+|\.\/[^\s"'`]+|\.\.\/[^\s"'`]+|[A-Za-z]:\\[^\s"'`]+)/g;
 var REDACTED_PLACEHOLDER = /^(?:<redacted>|\[REDACTED\]|<secret>|<high-entropy>|<approval-id>)$/i;
 var URL_CREDENTIALS_PATTERN2 = /\b[A-Za-z][A-Za-z0-9+.-]*:\/\/([^/\s:@]+):([^@\s/]+)@/gi;
@@ -1587,16 +1603,16 @@ function scrubOutboundForJudge(text, options) {
   }
 }
 
-// src/core/v2/judge.ts
+// src/core/verdict/judge.ts
 var SECRET_PATTERNS = [/\.env\b/i, /\.pem\b/i, /id_rsa\b/i, /credentials/i, /secrets?\b/i];
 var DESTRUCTIVE_VERBS = /\b(rm|rmtree|unlink|delete|truncate|shred|destroy|drop)\b/i;
 var GIT_PATTERNS = /\.git\b/i;
-var TIER1_PROMPT = `Answer ONLY with JSON: {"external_change":boolean,"destroys_outside_repo":boolean,"destroys_history_or_secrets":boolean,"reason":string}
-Default all three booleans to true when unsure. reason should be a short snake_case label.
+var TIER1_PROMPT = `Answer ONLY with JSON: {"external_change":boolean,"reason":string}
+reason should be a short snake_case label.
 
-external_change: CREATE/MODIFY/DELETE on database, network endpoint, cloud, remote git, registry, queue. READ/QUERY/GET is NOT a change.
-destroys_outside_repo: DELETE/OVERWRITE files OUTSIDE the current repository working tree.
-destroys_history_or_secrets: DELETE/OVERWRITE .git directory OR secret/credential files (.env, *.pem, id_rsa, credentials).
+external_change: true if this operation CREATEs, MODIFYs, DELETEs, or SENDs data to any system outside the local machine and its git repository working tree.
+READ/QUERY/GET/list/describe/SELECT/HTTP GET is NOT a change. Local build, test, and package install inside the repo are NOT external changes.
+If unsure, answer true.
 
 Command/code:
 `;
@@ -1611,13 +1627,13 @@ function failClosedVerdict(reason) {
 function parseTier1Json(raw) {
   try {
     const parsed = JSON.parse(raw);
-    if (typeof parsed.external_change !== "boolean" || typeof parsed.destroys_outside_repo !== "boolean" || typeof parsed.destroys_history_or_secrets !== "boolean") {
+    if (typeof parsed.external_change !== "boolean") {
       return null;
     }
     return {
-      external_change: parsed.external_change !== false,
-      destroys_outside_repo: parsed.destroys_outside_repo !== false,
-      destroys_history_or_secrets: parsed.destroys_history_or_secrets !== false,
+      external_change: parsed.external_change,
+      destroys_outside_repo: false,
+      destroys_history_or_secrets: false,
       reason: typeof parsed.reason === "string" ? parsed.reason : "tier1_llm"
     };
   } catch {
@@ -1840,10 +1856,10 @@ function createOpenAiCompatibleJudge(options) {
   return judge;
 }
 function tier1RequiresAsk(verdict2) {
-  return verdict2.external_change || verdict2.destroys_outside_repo || verdict2.destroys_history_or_secrets;
+  return verdict2.external_change || verdict2.destroys_history_or_secrets;
 }
 
-// src/core/v2/judge-factory.ts
+// src/core/verdict/judge-factory.ts
 var FIXTURE_MODELS_URL = new URL("../../../fixtures/judge-models.json", import.meta.url);
 function resolveCloudModel(requested, pinned) {
   if (requested === "auto") {
@@ -1890,10 +1906,10 @@ function createJudgeFromConfig(config, options = {}) {
   return createDeterministicJudgeStub();
 }
 
-// src/core/v2/verdict.ts
+// src/core/verdict/verdict.ts
 import path11 from "node:path";
 
-// src/core/v2/containment.ts
+// src/core/verdict/containment.ts
 import path8 from "node:path";
 function expandHome(token) {
   if (token === "~" || token.startsWith("~/")) {
@@ -1985,7 +2001,7 @@ function cwdRelative(repoRoot, cwd) {
   return relativeWithinRepo(repoRoot, cwd) ?? cwd;
 }
 
-// src/core/v2/egress-classify.ts
+// src/core/verdict/egress-classify.ts
 var EGRESS_TOOL_HEADS = /* @__PURE__ */ new Set([
   "aws",
   "curl",
@@ -2083,6 +2099,9 @@ function classifyAws(tokens) {
   if (/\bs3\s+rm\b/.test(joined)) {
     return "destructive";
   }
+  if (/\bs3\s+mb\b/.test(joined)) {
+    return "destructive";
+  }
   if (/\bs3\s+sync\b/.test(joined)) {
     return "destructive";
   }
@@ -2193,15 +2212,59 @@ function classifyNetlify(tokens) {
   return "ambiguous";
 }
 
-// src/core/v2/fingerprint.ts
+// src/core/verdict/fingerprint.ts
 function verdictFingerprint(cwdRelative2, commandRedacted) {
   return hashValue(`v2:${cwdRelative2}:${commandRedacted}`);
 }
 
-// src/core/v2/launcher-resolve.ts
+// src/core/verdict/launcher-resolve.ts
 import { existsSync as existsSync4, readFileSync as readFileSync2 } from "node:fs";
 import path9 from "node:path";
 var MAX_RESOLVE_DEPTH = 8;
+var PNPM_BUILTIN_COMMANDS = /* @__PURE__ */ new Set([
+  "add",
+  "audit",
+  "cache",
+  "config",
+  "deploy",
+  "dlx",
+  "exec",
+  "fetch",
+  "help",
+  "import",
+  "init",
+  "install",
+  "i",
+  "licenses",
+  "link",
+  "list",
+  "outdated",
+  "pack",
+  "patch",
+  "patch-commit",
+  "patch-remove",
+  "publish",
+  "prune",
+  "rebuild",
+  "remove",
+  "rm",
+  "store",
+  "unlink",
+  "update",
+  "up",
+  "why"
+]);
+var PNPM_EXEC_LIKE_HEADS = /* @__PURE__ */ new Set([
+  "vitest",
+  "vite",
+  "biome",
+  "eslint",
+  "jest",
+  "mocha",
+  "tsc",
+  "tsx",
+  "node"
+]);
 function readPackageJson(dir) {
   const packagePath = path9.join(dir, "package.json");
   if (!existsSync4(packagePath)) {
@@ -2256,6 +2319,12 @@ function npmScriptName(tokens) {
   if (launcher[0] === "pnpm" && launcher[1] === "run" && launcher[2]) {
     return launcher[2];
   }
+  if (launcher[0] === "pnpm" && launcher[1] === "test") {
+    return "test";
+  }
+  if (launcher[0] === "pnpm" && launcher[1] && !launcher[1].startsWith("-") && !PNPM_BUILTIN_COMMANDS.has(launcher[1])) {
+    return launcher[1];
+  }
   if (launcher[0] === "npm" && launcher[1] && launcher[1] !== "run" && launcher[1] !== "install") {
     return null;
   }
@@ -2377,11 +2446,31 @@ function resolveLauncherRecipe(params) {
   const tokens = params.tokens;
   const scriptName = npmScriptName(tokens);
   if (scriptName) {
-    return resolveNpmRecipe(params.cwd, params.repoRoot, scriptName, forwardedArgs(tokens));
+    const resolution = resolveNpmRecipe(
+      params.cwd,
+      params.repoRoot,
+      scriptName,
+      forwardedArgs(tokens)
+    );
+    if (tokens[0] === "pnpm" && tokens[1] && PNPM_EXEC_LIKE_HEADS.has(tokens[1]) && resolution.reason === "npm_script_undefined") {
+      return {
+        recipes: [tokens.slice(1).join(" ")],
+        opaque: false,
+        reason: "pnpm_exec_like"
+      };
+    }
+    return resolution;
   }
   if (tokens[0] === "make" && tokens[1] && !tokens[1].startsWith("-")) {
     return resolveMakeRecipe(params.cwd, params.repoRoot, tokens[1]);
   }
+  if (tokens[0] === "pnpm" && tokens[1] && PNPM_EXEC_LIKE_HEADS.has(tokens[1])) {
+    return {
+      recipes: [tokens.slice(1).join(" ")],
+      opaque: false,
+      reason: "pnpm_exec_like"
+    };
+  }
   return null;
 }
 function isRoutineLauncher(tokens) {
@@ -2397,7 +2486,7 @@ function matchesCustomCommand(normalizedCommand, key, pattern) {
   return normalizedCommand === trimmed || key === trimmed;
 }
 
-// src/core/v2/overrides.ts
+// src/core/verdict/overrides.ts
 function matchesCustomPatterns(command, segment, patterns) {
   if (!patterns || patterns.length === 0) {
     return false;
@@ -2436,7 +2525,7 @@ function askFromCustomExternal(opacity) {
   };
 }
 
-// src/core/v2/parser.ts
+// src/core/verdict/parser.ts
 import path10 from "node:path";
 
 // src/core/shell-substitution.ts
@@ -2660,7 +2749,7 @@ function hasUnbalancedDollarParen(command) {
   return depth > 0;
 }
 
-// src/core/v2/parser.ts
+// src/core/verdict/parser.ts
 var ENV_PREFIX_PATTERN = /^[A-Za-z_][A-Za-z0-9_]*=(?:'[^']*'|"[^"]*"|\S+)$/;
 var TRANSPARENT_WRAPPERS = /* @__PURE__ */ new Set([
   "sudo",
@@ -2860,7 +2949,7 @@ function redactCommand(command) {
   return command.replace(/Bearer\s+[A-Za-z0-9._~+/=-]+/gi, "Bearer [REDACTED]").replace(/sk-[A-Za-z0-9]{8,}/g, "sk-[REDACTED]").trim();
 }
 
-// src/core/v2/verdict.ts
+// src/core/verdict/verdict.ts
 var DEFAULT_MAX_DEPTH = 8;
 var TIER0_EXTERNAL_KEYS = /* @__PURE__ */ new Set([
   "git push",
@@ -2943,6 +3032,7 @@ var LOCAL_ROUTINE_HEADS = /* @__PURE__ */ new Set([
   "make",
   "cmake"
 ]);
+var BELAY_SELF_COMMANDS = /* @__PURE__ */ new Set(["approve", "revoke"]);
 var FIND_DANGEROUS_FLAGS = /* @__PURE__ */ new Set(["-delete", "-exec", "-execdir", "-ok", "-okdir"]);
 function isFindDangerous(tokens) {
   return tokens.some(
@@ -3090,6 +3180,11 @@ function tier0ExternalMatch(key, head, tokens) {
   }
   return false;
 }
+function isBelaySelfCommand(tokens) {
+  const head = tokens[0] ?? "";
+  const subcommand = tokens[1] ?? "";
+  return head === "belay" && BELAY_SELF_COMMANDS.has(subcommand);
+}
 function tier0HighStakesRm(tokens, context) {
   const head = tokens[0] ?? "";
   if (head !== "rm") {
@@ -3321,6 +3416,16 @@ async function evaluateSegment(command, context, depth) {
   if (rmVerdict) {
     return rmVerdict;
   }
+  if (isBelaySelfCommand(peeled)) {
+    return allowVerdict({
+      location: "unknown",
+      opacity: "transparent",
+      effect: "local_mutation",
+      confidence: "deterministic",
+      reason: "belay_control_plane_command",
+      signals: ["belay_control_plane_command", segment.head]
+    });
+  }
   let effect = "unknown";
   if (READ_ONLY_KEYS.has(segment.key) || READ_ONLY_KEYS.has(segment.head)) {
     effect = "read_only";
@@ -3541,7 +3646,7 @@ async function verdict(command, context) {
   );
 }
 
-// src/core/v2/adapter.ts
+// src/core/verdict/adapter.ts
 function buildVerdictContext(params) {
   const protectedArtifactRoots2 = [
     ...params.options?.protectedArtifactRoots ?? [],
@@ -3588,6 +3693,12 @@ function mapLegacyReason(result) {
   if (result.reason === "repo_local_mutation") {
     return "local_mutation";
   }
+  if (result.reason === "tier1_not_restorable") {
+    return "tier1_catastrophic";
+  }
+  if (result.reason === "tier0_restorable" || result.reason === "tier1_restorable") {
+    return result.effect === "local_mutation" ? "local_mutation" : result.reason;
+  }
   return result.reason;
 }
 function verdictToClassifyResult(result) {
@@ -3608,13 +3719,13 @@ function verdictToClassifyResult(result) {
     assessment,
     normalizedCommand: result.commandRedacted,
     summary: result.commandRedacted,
-    v2: {
+    axes: {
       location: result.location,
       opacity: result.opacity,
       effect: result.effect,
       confidence: result.confidence,
       would: result.permission,
-      by: "v2",
+      by: "verdict",
       commandRedacted: result.commandRedacted,
       commandFingerprint: result.fingerprint,
       signals: result.signals,
@@ -4064,7 +4175,7 @@ function normalizeGatedAction(params) {
   };
 }
 function applyShellPeripheralPolicy(command, action, result, options) {
-  if (options.brokerFsScope && result.verdict === "deny_pending_approval" && (result.reason === "outside_repo_mutation" || result.reason === "outside_repo_redirect" || result.reason === "repo_outside_mutation" || result.v2?.location === "repo_outside")) {
+  if (options.brokerFsScope && result.verdict === "deny_pending_approval" && (result.reason === "outside_repo_mutation" || result.reason === "outside_repo_redirect" || result.reason === "repo_outside_mutation" || result.axes?.location === "repo_outside")) {
     const outsideRepoPaths = collectOutsideRepoPaths(command, action.cwd, action.repoRoot);
     if (outsideRepoPaths.length > 0 && options.fsScopeAllowlist && allPathsAllowlisted(outsideRepoPaths, options.fsScopeAllowlist)) {
       return {
@@ -4743,7 +4854,15 @@ async function consumeApprovedApproval(ctx, deps, kind, fingerprint) {
     await deps.writeApprovals(approved.filePath, approved.state);
     return null;
   }
-  const [approval] = approved.state.approvals.splice(index, 1);
+  const approval = approved.state.approvals[index];
+  if (approval.executionLeaseExpiresAt) {
+    await deps.writeApprovals(approved.filePath, approved.state);
+    return approval;
+  }
+  approved.state.approvals[index] = {
+    ...approval,
+    executionLeaseExpiresAt: new Date(Date.now() + APPROVAL_EXECUTION_LEASE_MS).toISOString()
+  };
   await deps.writeApprovals(approved.filePath, approved.state);
   return approval;
 }
@@ -4859,8 +4978,8 @@ async function gateDecisionToVerdict(ctx, deps, kind, result, auditExtras = {})
     predictedAssessment: auditExtras.predictedAssessment,
     observedAssessment: auditExtras.observedAssessment,
     mode: ctx.config.mode,
-    schemaVersion: result.v2 ? 2 : 1,
-    ...result.v2 ?? {},
+    schemaVersion: result.axes ? 2 : 1,
+    ...result.axes ?? {},
     ...auditExtras.transactionalLayer
   };
   if (result.reason === TRANSACTIONAL_ALREADY_APPLIED) {

package/dist/cli.js

@@ -65,10 +65,10 @@ function parseArgs(argv) {
         }
         if (token === '--judge-profile') {
             const next = rest[index + 1];
-            if (!next || next !== 'local-ollama') {
-                throw new Error('--judge-profile requires local-ollama.');
+            if (!next || !['local-ollama', 'cursor', 'claude', 'codex'].includes(next)) {
+                throw new Error('--judge-profile requires local-ollama, cursor, claude, or codex.');
             }
-            options.judgeProfile = 'local-ollama';
+            options.judgeProfile = next;
             index += 1;
             continue;
         }
@@ -329,7 +329,7 @@ function printHelp() {
     process.stdout.write(`${c}
 
 Usage:
-  ${c} init [--target <dir>] [--adapter cursor|claude|codex] [--scope project|global] [--preset strict|standard|audit-first|l1-full-recommended] [--judge-profile local-ollama] [--judge-provider ollama|openai-compatible] [--judge-model <id|auto>] [--judge-endpoint <url>] [--accept-cloud-judge] [--with-skill] [--dogfood]
+  ${c} init [--target <dir>] [--adapter cursor|claude|codex] [--scope project|global] [--preset strict|standard|audit-first|l1-full-recommended] [--judge-profile local-ollama|cursor|claude|codex] [--judge-provider ollama|openai-compatible] [--judge-model <id|auto>] [--judge-endpoint <url>] [--accept-cloud-judge] [--with-skill] [--dogfood]
   ${c} init-wizard [--target <dir>]
   (--dogfood runs after --preset and sets mode: audit, overriding preset enforce mode)
   ${c} upgrade [--target <dir>] [--adapter cursor|claude|codex] [--scope project|global] [--with-skill]

package/dist/commands/classify-for-report.js

@@ -5,7 +5,7 @@ import { detectAdapterName, loadConfigFile } from '../config-io.js';
 import { isCapabilityBrokerDemotionActive } from '../core/capability/broker.js';
 import { classifySubagent, classifyToolUse } from '../core/index.js';
 import { isTransactionalEligible } from '../core/transactional/index.js';
-import { classifyShell } from '../core/v2/adapter.js';
+import { classifyShell } from '../core/verdict/adapter.js';
 import { egressStatus } from '../services/egress-service.js';
 import { sandboxStatus } from '../services/sandbox-service.js';
 export async function classifyForReport(params) {
@@ -57,11 +57,11 @@ export async function classifyForReport(params) {
         throw new Error(`Unknown classify kind: ${kind}`);
     }
     const transactionalEligible = kind === 'shell' && isTransactionalEligible(config, 'shell', result);
-    const permission = result.v2?.would ??
+    const permission = result.axes?.would ??
         (result.verdict === 'allow' || result.verdict === 'allow_flagged' ? 'allow' : 'ask');
     const tier = result.reason.startsWith('tier0_') || result.reason === 'external_effect'
         ? 'Tier0'
-        : result.v2?.confidence === 'llm' || result.reason === 'unknown_local_effect'
+        : result.axes?.confidence === 'llm' || result.reason === 'unknown_local_effect'
             ? 'Tier1'
             : 'deterministic';
     return {

package/dist/commands/doctor.js

@@ -90,7 +90,7 @@ export async function doctorProject(options = {}) {
                 ? `Install scope: global (hooks/runtime at ${scopedPaths.hooksDir})`
                 : 'Install scope: project');
             notes.push(`Config mode: ${loadedConfig.mode}`);
-            notes.push('Verdict engine: v2 (location × opacity × effect × confidence). Shell gates use the v2 classifier; audit records include schemaVersion 2 axes when available.');
+            notes.push('Verdict engine (Tier0 + Tier1; location × opacity × effect × confidence). Audit records include schemaVersion 2 axes when available.');
             const repoLocalDir = repoLocalStateDirFor(repoRoot, loadedConfig);
             if (loadedConfig.controlPlane.enabled) {
                 notes.push(`Control plane: ${belayStateDir(loadedConfig, repoLocalDir)}`);

package/dist/commands/explain.js

@@ -70,15 +70,15 @@ export async function explainCommand(options) {
 }
 export function formatExplainReport(report) {
     const { result } = report;
-    const judgeFields = result.v2
+    const judgeFields = result.axes
         ? [
-            result.v2.judgeProvider ? `  judgeProvider: ${result.v2.judgeProvider}` : null,
-            result.v2.judgeModelResolved ? `  judgeModel: ${result.v2.judgeModelResolved}` : null,
-            result.v2.judgeLatencyMs !== undefined
-                ? `  judgeLatencyMs: ${result.v2.judgeLatencyMs}`
+            result.axes.judgeProvider ? `  judgeProvider: ${result.axes.judgeProvider}` : null,
+            result.axes.judgeModelResolved ? `  judgeModel: ${result.axes.judgeModelResolved}` : null,
+            result.axes.judgeLatencyMs !== undefined
+                ? `  judgeLatencyMs: ${result.axes.judgeLatencyMs}`
                 : null,
-            result.v2.judgeFallbackReason
-                ? `  judgeFallbackReason: ${result.v2.judgeFallbackReason}`
+            result.axes.judgeFallbackReason
+                ? `  judgeFallbackReason: ${result.axes.judgeFallbackReason}`
                 : null,
         ].filter((line) => line !== null)
         : [];
@@ -106,15 +106,15 @@ export function formatExplainReport(report) {
         `Verdict: ${result.verdict}`,
         `Reason: ${result.reason}`,
         `Fingerprint: ${result.fingerprint}`,
-        ...(result.v2
+        ...(result.axes
             ? [
                 '',
-                'v2 axes:',
-                `  location: ${result.v2.location}`,
-                `  opacity: ${result.v2.opacity}`,
-                `  effect: ${result.v2.effect}`,
-                `  confidence: ${result.v2.confidence}`,
-                `  would: ${result.v2.would}`,
+                'verdict axes:',
+                `  location: ${result.axes.location}`,
+                `  opacity: ${result.axes.opacity}`,
+                `  effect: ${result.axes.effect}`,
+                `  confidence: ${result.axes.confidence}`,
+                `  would: ${result.axes.would}`,
                 ...(judgeFields.length > 0 ? ['judgeTrace:', ...judgeFields] : []),
             ]
             : []),

package/dist/commands/init-wizard.d.ts

@@ -3,8 +3,13 @@ export interface WizardAnswers {
     adapter: AdapterName;
     scope: 'project' | 'global';
     withSkill: boolean;
+    judgeProfile: 'local-ollama' | 'cursor' | 'claude' | 'codex';
     dogfood: boolean;
 }
+export declare function parseAdapter(value: string | undefined): AdapterName;
+export declare function parseScope(value: string | undefined): 'project' | 'global';
+export declare function parseYesNo(value: string | undefined, defaultValue: boolean): boolean;
+export declare function parseJudgeProfile(value: string | undefined, defaultProfile: 'local-ollama' | 'cursor' | 'claude' | 'codex'): 'local-ollama' | 'cursor' | 'claude' | 'codex';
 export declare function buildInitOptionsFromWizard(answers: WizardAnswers, targetDir?: string): InitOptions;
 export declare function runInitWizard(options?: {
     targetDir?: string;

package/dist/commands/init-wizard.js

@@ -1,22 +1,22 @@
 import { stdin as input, stdout as output } from 'node:process';
 import readline from 'node:readline/promises';
 import { initProject } from '../installer.js';
-function parseAdapter(value) {
-    const normalized = (value ?? 'cursor').trim().toLowerCase();
+export function parseAdapter(value) {
+    const normalized = (value?.trim() || 'cursor').toLowerCase();
     if (normalized === 'claude' || normalized === 'codex' || normalized === 'cursor') {
         return normalized;
     }
     throw new Error(`Unknown adapter: ${value ?? '(empty)'}`);
 }
-function parseScope(value) {
-    const normalized = (value ?? 'project').trim().toLowerCase();
+export function parseScope(value) {
+    const normalized = (value?.trim() || 'project').toLowerCase();
     if (normalized === 'global' || normalized === 'project') {
         return normalized;
     }
     throw new Error(`Unknown scope: ${value ?? '(empty)'}`);
 }
-function parseYesNo(value, defaultValue) {
-    const normalized = (value ?? (defaultValue ? 'y' : 'n')).trim().toLowerCase();
+export function parseYesNo(value, defaultValue) {
+    const normalized = (value?.trim() || (defaultValue ? 'y' : 'n')).toLowerCase();
     if (['y', 'yes', 'true', '1'].includes(normalized)) {
         return true;
     }
@@ -25,12 +25,23 @@ function parseYesNo(value, defaultValue) {
     }
     return defaultValue;
 }
+export function parseJudgeProfile(value, defaultProfile) {
+    const normalized = (value?.trim() || defaultProfile).toLowerCase();
+    if (normalized === 'local-ollama' ||
+        normalized === 'cursor' ||
+        normalized === 'claude' ||
+        normalized === 'codex') {
+        return normalized;
+    }
+    throw new Error(`Unknown judge profile: ${value ?? '(empty)'}`);
+}
 export function buildInitOptionsFromWizard(answers, targetDir) {
     return {
         targetDir,
         adapter: answers.adapter,
         scope: answers.scope,
         withSkill: answers.withSkill,
+        judgeProfile: answers.judgeProfile,
         dogfood: answers.dogfood,
     };
 }
@@ -38,11 +49,13 @@ export async function runInitWizard(options = {}) {
     const rl = readline.createInterface({ input, output });
     try {
         output.write('belay init wizard\n');
-        const adapter = parseAdapter(await rl.question('Adapter (cursor/claude/codex) [cursor]: '));
-        const scope = parseScope(await rl.question('Install scope (project/global) [project]: '));
-        const withSkill = parseYesNo(await rl.question('Install SKILL.md and slash commands? (y/n) [y]: '), true);
-        const dogfood = parseYesNo(await rl.question('Start in audit dogfood mode? (y/n) [n]: '), false);
-        return initProject(buildInitOptionsFromWizard({ adapter, scope, withSkill, dogfood }, options.targetDir));
+        const adapter = parseAdapter(await rl.question('Adapter [cursor | claude | codex] (cursor): '));
+        const scope = parseScope(await rl.question('Install scope [project | global] (project): '));
+        const withSkill = parseYesNo(await rl.question('Install SKILL.md and slash commands? [y | n] (y): '), true);
+        // Show Tier1 judge choice explicitly so init defaults are visible in wizard UX.
+        const defaultJudgeProfile = adapter;
+        const judgeProfile = parseJudgeProfile(await rl.question(`Tier1 judge profile [cursor | claude | codex | local-ollama] (${defaultJudgeProfile}): `), defaultJudgeProfile);
+        return initProject(buildInitOptionsFromWizard({ adapter, scope, withSkill, judgeProfile, dogfood: false }, options.targetDir));
     }
     finally {
         rl.close();

package/dist/commands/recover.js

@@ -20,8 +20,8 @@ export async function recoverProject(options = {}) {
         target = {
             summary: classified.input,
             reason: classified.result.reason,
-            effect: classified.result.v2?.effect,
-            location: classified.result.v2?.location,
+            effect: classified.result.axes?.effect,
+            location: classified.result.axes?.location,
             permission: classified.permission,
             assessment: classified.result.assessment,
         };

package/dist/core/approval.d.ts

@@ -1,6 +1,9 @@
 import type { ApprovalRecord, ApprovalStateFile } from './types.js';
+/** Cursor may invoke the same shell gate more than once per retry; lease covers that window. */
+export declare const APPROVAL_EXECUTION_LEASE_MS = 60000;
 export declare function nowIso(): string;
 export declare function isExpired(approval: ApprovalRecord): boolean;
+export declare function isExecutionLeaseExpired(approval: ApprovalRecord): boolean;
 export declare function compactApprovals(state: ApprovalStateFile): ApprovalStateFile;
 export declare function mergeApprovalStates(target: ApprovalStateFile, source: ApprovalStateFile): ApprovalStateFile;
 export declare function escapeRegex(value: string): string;