@harness-engineering/core 0.13.0 → 0.14.0

package/dist/index.mjs

@@ -36,11 +36,12 @@ import {
   fileExists,
   findFiles,
   readFileContent,
+  relativePosix,
   resolveFileToLayer,
   runAll,
   validateDependencies,
   violationId
-} from "./chunk-ZHGBWFYD.mjs";
+} from "./chunk-BQUWXBGR.mjs";
 
 // src/index.ts
 export * from "@harness-engineering/types";
@@ -83,15 +84,15 @@ function validateConfig(data, schema) {
   let message = "Configuration validation failed";
   const suggestions = [];
   if (firstError) {
-    const path20 = firstError.path.join(".");
-    const pathDisplay = path20 ? ` at "${path20}"` : "";
+    const path22 = firstError.path.join(".");
+    const pathDisplay = path22 ? ` at "${path22}"` : "";
     if (firstError.code === "invalid_type") {
       const received = firstError.received;
       const expected = firstError.expected;
       if (received === "undefined") {
         code = "MISSING_FIELD";
         message = `Missing required field${pathDisplay}: ${firstError.message}`;
-        suggestions.push(`Field "${path20}" is required and must be of type "${expected}"`);
+        suggestions.push(`Field "${path22}" is required and must be of type "${expected}"`);
       } else {
         code = "INVALID_TYPE";
         message = `Invalid type${pathDisplay}: ${firstError.message}`;
@@ -245,6 +246,43 @@ function extractMarkdownLinks(content) {
   }
   return links;
 }
+function isDescriptionTerminator(trimmed) {
+  return trimmed.startsWith("#") || trimmed.startsWith("-") || trimmed.startsWith("*") || trimmed.startsWith("```");
+}
+function extractDescription(sectionLines) {
+  const descriptionLines = [];
+  for (const line of sectionLines) {
+    const trimmed = line.trim();
+    if (trimmed === "") {
+      if (descriptionLines.length > 0) break;
+      continue;
+    }
+    if (isDescriptionTerminator(trimmed)) break;
+    descriptionLines.push(trimmed);
+  }
+  return descriptionLines.length > 0 ? descriptionLines.join(" ") : void 0;
+}
+function buildAgentMapSection(section, lines) {
+  const endIndex = section.endIndex ?? lines.length;
+  const sectionLines = lines.slice(section.startIndex + 1, endIndex);
+  const sectionContent = sectionLines.join("\n");
+  const links = extractMarkdownLinks(sectionContent).map((link) => ({
+    ...link,
+    line: link.line + section.startIndex + 1,
+    exists: false
+  }));
+  const result = {
+    title: section.title,
+    level: section.level,
+    line: section.line,
+    links
+  };
+  const description = extractDescription(sectionLines);
+  if (description) {
+    result.description = description;
+  }
+  return result;
+}
 function extractSections(content) {
   const lines = content.split("\n");
   const sections = [];
@@ -257,7 +295,6 @@ function extractSections(content) {
         title: match[2].trim(),
         level: match[1].length,
         line: i + 1,
-        // 1-indexed
         startIndex: i
       });
     }
@@ -269,62 +306,29 @@ function extractSections(content) {
       currentSection.endIndex = nextSection ? nextSection.startIndex : lines.length;
     }
   }
-  return sections.map((section) => {
-    const endIndex = section.endIndex ?? lines.length;
-    const sectionLines = lines.slice(section.startIndex + 1, endIndex);
-    const sectionContent = sectionLines.join("\n");
-    const links = extractMarkdownLinks(sectionContent).map((link) => ({
-      ...link,
-      line: link.line + section.startIndex + 1,
-      // Adjust line number
-      exists: false
-      // Will be set later by validateAgentsMap
-    }));
-    const descriptionLines = [];
-    for (const line of sectionLines) {
-      const trimmed = line.trim();
-      if (trimmed === "") {
-        if (descriptionLines.length > 0) break;
-        continue;
-      }
-      if (trimmed.startsWith("#")) break;
-      if (trimmed.startsWith("-") || trimmed.startsWith("*")) break;
-      if (trimmed.startsWith("```")) break;
-      descriptionLines.push(trimmed);
-    }
-    const result = {
-      title: section.title,
-      level: section.level,
-      line: section.line,
-      links
-    };
-    if (descriptionLines.length > 0) {
-      result.description = descriptionLines.join(" ");
-    }
-    return result;
-  });
+  return sections.map((section) => buildAgentMapSection(section, lines));
 }
-function isExternalLink(path20) {
-  return path20.startsWith("http://") || path20.startsWith("https://") || path20.startsWith("#") || path20.startsWith("mailto:");
+function isExternalLink(path22) {
+  return path22.startsWith("http://") || path22.startsWith("https://") || path22.startsWith("#") || path22.startsWith("mailto:");
 }
 function resolveLinkPath(linkPath, baseDir) {
   return linkPath.startsWith(".") ? join(baseDir, linkPath) : linkPath;
 }
-async function validateAgentsMap(path20 = "./AGENTS.md") {
-  const contentResult = await readFileContent(path20);
+async function validateAgentsMap(path22 = "./AGENTS.md") {
+  const contentResult = await readFileContent(path22);
   if (!contentResult.ok) {
     return Err(
       createError(
         "PARSE_ERROR",
         `Failed to read AGENTS.md: ${contentResult.error.message}`,
-        { path: path20 },
+        { path: path22 },
         ["Ensure the file exists", "Check file permissions"]
       )
     );
   }
   const content = contentResult.value;
   const sections = extractSections(content);
-  const baseDir = dirname(path20);
+  const baseDir = dirname(path22);
   const sectionTitles = sections.map((s) => s.title);
   const missingSections = REQUIRED_SECTIONS.filter(
     (required) => !sectionTitles.some((title) => title.toLowerCase().includes(required.toLowerCase()))
@@ -365,7 +369,7 @@ async function validateAgentsMap(path20 = "./AGENTS.md") {
 
 // src/context/doc-coverage.ts
 import { minimatch } from "minimatch";
-import { basename, relative } from "path";
+import { basename } from "path";
 function determineImportance(filePath) {
   const name = basename(filePath).toLowerCase();
   if (name === "index.ts" || name === "index.js" || name === "main.ts") {
@@ -405,7 +409,7 @@ async function checkDocCoverage(domain, options = {}) {
   try {
     const sourceFiles = await findFiles("**/*.{ts,js,tsx,jsx}", sourceDir);
     const filteredSourceFiles = sourceFiles.filter((file) => {
-      const relativePath = relative(sourceDir, file);
+      const relativePath = relativePosix(sourceDir, file);
       return !excludePatterns.some((pattern) => {
         return minimatch(relativePath, pattern, { dot: true }) || minimatch(file, pattern, { dot: true });
       });
@@ -428,7 +432,7 @@ async function checkDocCoverage(domain, options = {}) {
     const undocumented = [];
     const gaps = [];
     for (const sourceFile of filteredSourceFiles) {
-      const relativePath = relative(sourceDir, sourceFile);
+      const relativePath = relativePosix(sourceDir, sourceFile);
       const fileName = basename(sourceFile);
       const isDocumented = documentedPaths.has(relativePath) || documentedPaths.has(fileName) || documentedPaths.has(`src/${relativePath}`);
       if (isDocumented) {
@@ -464,9 +468,9 @@ async function checkDocCoverage(domain, options = {}) {
 }
 
 // src/context/knowledge-map.ts
-import { join as join2, basename as basename2, relative as relative2 } from "path";
-function suggestFix(path20, existingFiles) {
-  const targetName = basename2(path20).toLowerCase();
+import { join as join2, basename as basename2 } from "path";
+function suggestFix(path22, existingFiles) {
+  const targetName = basename2(path22).toLowerCase();
   const similar = existingFiles.find((file) => {
     const fileName = basename2(file).toLowerCase();
     return fileName.includes(targetName) || targetName.includes(fileName);
@@ -474,7 +478,7 @@ function suggestFix(path20, existingFiles) {
   if (similar) {
     return `Did you mean "${similar}"?`;
   }
-  return `Create the file "${path20}" or remove the link`;
+  return `Create the file "${path22}" or remove the link`;
 }
 async function validateKnowledgeMap(rootDir = process.cwd()) {
   const agentsPath = join2(rootDir, "AGENTS.md");
@@ -488,7 +492,7 @@ async function validateKnowledgeMap(rootDir = process.cwd()) {
     totalLinks: agentsTotalLinks
   } = agentsResult.value;
   const existingFiles = await findFiles("**/*", rootDir);
-  const relativeExistingFiles = existingFiles.map((f) => relative2(rootDir, f));
+  const relativeExistingFiles = existingFiles.map((f) => relativePosix(rootDir, f));
   const brokenLinks = agentsBrokenLinks.map((link) => {
     const section = sections.find(
       (s) => s.links.some((l) => l.path === link.path && l.line === link.line)
@@ -513,7 +517,7 @@ async function validateKnowledgeMap(rootDir = process.cwd()) {
 }
 
 // src/context/generate.ts
-import { relative as relative3, basename as basename3, dirname as dirname2 } from "path";
+import { basename as basename3, dirname as dirname2 } from "path";
 var DEFAULT_SECTIONS = [
   {
     name: "Documentation",
@@ -529,7 +533,7 @@ var DEFAULT_SECTIONS = [
 function groupByDirectory(files, rootDir) {
   const groups = /* @__PURE__ */ new Map();
   for (const file of files) {
-    const relativePath = relative3(rootDir, file);
+    const relativePath = relativePosix(rootDir, file);
     const dir = dirname2(relativePath);
     if (!groups.has(dir)) {
       groups.set(dir, []);
@@ -585,7 +589,7 @@ async function generateAgentsMap(config, graphSections) {
         allFiles.push(...files);
       }
       const filteredFiles = allFiles.filter((file) => {
-        const relativePath = relative3(rootDir, file);
+        const relativePath = relativePosix(rootDir, file);
         return !matchesExcludePattern(relativePath, excludePaths);
       });
       lines.push("## Repository Structure");
@@ -613,11 +617,11 @@ async function generateAgentsMap(config, graphSections) {
         }
         const sectionFiles = await findFiles(section.pattern, rootDir);
         const filteredSectionFiles = sectionFiles.filter((file) => {
-          const relativePath = relative3(rootDir, file);
+          const relativePath = relativePosix(rootDir, file);
           return !matchesExcludePattern(relativePath, excludePaths);
         });
         for (const file of filteredSectionFiles.slice(0, 20)) {
-          lines.push(formatFileLink(relative3(rootDir, file)));
+          lines.push(formatFileLink(relativePosix(rootDir, file)));
         }
         if (filteredSectionFiles.length > 20) {
           lines.push(`- _... and ${filteredSectionFiles.length - 20} more files_`);
@@ -826,8 +830,8 @@ function createBoundaryValidator(schema, name) {
         return Ok(result.data);
       }
       const suggestions = result.error.issues.map((issue) => {
-        const path20 = issue.path.join(".");
-        return path20 ? `${path20}: ${issue.message}` : issue.message;
+        const path22 = issue.path.join(".");
+        return path22 ? `${path22}: ${issue.message}` : issue.message;
       });
       return Err(
         createError(
@@ -1049,175 +1053,183 @@ function stringArraysEqual(a, b) {
   const sortedB = [...b].sort();
   return sortedA.every((val, i) => val === sortedB[i]);
 }
-function deepMergeConstraints(localConfig, bundleConstraints, _existingContributions) {
-  const config = { ...localConfig };
-  const contributions = {};
-  const conflicts = [];
-  if (bundleConstraints.layers && bundleConstraints.layers.length > 0) {
-    const localLayers = Array.isArray(localConfig.layers) ? localConfig.layers : [];
-    const mergedLayers = [...localLayers];
-    const contributedLayerNames = [];
-    for (const bundleLayer of bundleConstraints.layers) {
-      const existing = localLayers.find((l) => l.name === bundleLayer.name);
-      if (!existing) {
-        mergedLayers.push(bundleLayer);
-        contributedLayerNames.push(bundleLayer.name);
-      } else {
-        const same = existing.pattern === bundleLayer.pattern && stringArraysEqual(existing.allowedDependencies, bundleLayer.allowedDependencies);
-        if (!same) {
-          conflicts.push({
-            section: "layers",
-            key: bundleLayer.name,
-            localValue: existing,
-            packageValue: bundleLayer,
-            description: `Layer '${bundleLayer.name}' already exists locally with different configuration`
-          });
-        }
+function mergeLayers(localConfig, bundleLayers, config, contributions, conflicts) {
+  const localLayers = Array.isArray(localConfig.layers) ? localConfig.layers : [];
+  const mergedLayers = [...localLayers];
+  const contributedLayerNames = [];
+  for (const bundleLayer of bundleLayers) {
+    const existing = localLayers.find((l) => l.name === bundleLayer.name);
+    if (!existing) {
+      mergedLayers.push(bundleLayer);
+      contributedLayerNames.push(bundleLayer.name);
+    } else {
+      const same = existing.pattern === bundleLayer.pattern && stringArraysEqual(existing.allowedDependencies, bundleLayer.allowedDependencies);
+      if (!same) {
+        conflicts.push({
+          section: "layers",
+          key: bundleLayer.name,
+          localValue: existing,
+          packageValue: bundleLayer,
+          description: `Layer '${bundleLayer.name}' already exists locally with different configuration`
+        });
+      }
+    }
+  }
+  config.layers = mergedLayers;
+  if (contributedLayerNames.length > 0) contributions.layers = contributedLayerNames;
+}
+function mergeForbiddenImports(localConfig, bundleRules, config, contributions, conflicts) {
+  const localFI = Array.isArray(localConfig.forbiddenImports) ? localConfig.forbiddenImports : [];
+  const mergedFI = [...localFI];
+  const contributedFromKeys = [];
+  for (const bundleRule of bundleRules) {
+    const existing = localFI.find((r) => r.from === bundleRule.from);
+    if (!existing) {
+      const entry = { from: bundleRule.from, disallow: bundleRule.disallow };
+      if (bundleRule.message !== void 0) entry.message = bundleRule.message;
+      mergedFI.push(entry);
+      contributedFromKeys.push(bundleRule.from);
+    } else {
+      if (!stringArraysEqual(existing.disallow, bundleRule.disallow)) {
+        conflicts.push({
+          section: "forbiddenImports",
+          key: bundleRule.from,
+          localValue: existing,
+          packageValue: bundleRule,
+          description: `Forbidden import rule for '${bundleRule.from}' already exists locally with different disallow list`
+        });
       }
     }
-    config.layers = mergedLayers;
-    if (contributedLayerNames.length > 0) {
-      contributions.layers = contributedLayerNames;
+  }
+  config.forbiddenImports = mergedFI;
+  if (contributedFromKeys.length > 0) contributions.forbiddenImports = contributedFromKeys;
+}
+function mergeBoundaries(localConfig, bundleBoundaries, config, contributions) {
+  const localBoundaries = localConfig.boundaries ?? { requireSchema: [] };
+  const localSchemas = new Set(localBoundaries.requireSchema ?? []);
+  const newSchemas = [];
+  for (const schema of bundleBoundaries.requireSchema ?? []) {
+    if (!localSchemas.has(schema)) {
+      newSchemas.push(schema);
+      localSchemas.add(schema);
+    }
+  }
+  config.boundaries = { requireSchema: [...localBoundaries.requireSchema ?? [], ...newSchemas] };
+  if (newSchemas.length > 0) contributions.boundaries = newSchemas;
+}
+function mergeArchitecture(localConfig, bundleArch, config, contributions, conflicts) {
+  const localArch = localConfig.architecture ?? { thresholds: {}, modules: {} };
+  const mergedThresholds = { ...localArch.thresholds };
+  const contributedThresholdKeys = [];
+  for (const [category, value] of Object.entries(bundleArch.thresholds ?? {})) {
+    if (!(category in mergedThresholds)) {
+      mergedThresholds[category] = value;
+      contributedThresholdKeys.push(category);
+    } else if (!deepEqual(mergedThresholds[category], value)) {
+      conflicts.push({
+        section: "architecture.thresholds",
+        key: category,
+        localValue: mergedThresholds[category],
+        packageValue: value,
+        description: `Architecture threshold '${category}' already exists locally with a different value`
+      });
     }
   }
-  if (bundleConstraints.forbiddenImports && bundleConstraints.forbiddenImports.length > 0) {
-    const localFI = Array.isArray(localConfig.forbiddenImports) ? localConfig.forbiddenImports : [];
-    const mergedFI = [...localFI];
-    const contributedFromKeys = [];
-    for (const bundleRule of bundleConstraints.forbiddenImports) {
-      const existing = localFI.find((r) => r.from === bundleRule.from);
-      if (!existing) {
-        const entry = {
-          from: bundleRule.from,
-          disallow: bundleRule.disallow
-        };
-        if (bundleRule.message !== void 0) {
-          entry.message = bundleRule.message;
-        }
-        mergedFI.push(entry);
-        contributedFromKeys.push(bundleRule.from);
-      } else {
-        const same = stringArraysEqual(existing.disallow, bundleRule.disallow);
-        if (!same) {
+  const mergedModules = { ...localArch.modules };
+  const contributedModuleKeys = [];
+  for (const [modulePath, bundleCategoryMap] of Object.entries(bundleArch.modules ?? {})) {
+    if (!(modulePath in mergedModules)) {
+      mergedModules[modulePath] = bundleCategoryMap;
+      for (const cat of Object.keys(bundleCategoryMap))
+        contributedModuleKeys.push(`${modulePath}:${cat}`);
+    } else {
+      const mergedCategoryMap = { ...mergedModules[modulePath] };
+      for (const [category, value] of Object.entries(bundleCategoryMap)) {
+        if (!(category in mergedCategoryMap)) {
+          mergedCategoryMap[category] = value;
+          contributedModuleKeys.push(`${modulePath}:${category}`);
+        } else if (!deepEqual(mergedCategoryMap[category], value)) {
           conflicts.push({
-            section: "forbiddenImports",
-            key: bundleRule.from,
-            localValue: existing,
-            packageValue: bundleRule,
-            description: `Forbidden import rule for '${bundleRule.from}' already exists locally with different disallow list`
+            section: "architecture.modules",
+            key: `${modulePath}:${category}`,
+            localValue: mergedCategoryMap[category],
+            packageValue: value,
+            description: `Architecture module override '${modulePath}' category '${category}' already exists locally with a different value`
           });
         }
       }
+      mergedModules[modulePath] = mergedCategoryMap;
+    }
+  }
+  config.architecture = { ...localArch, thresholds: mergedThresholds, modules: mergedModules };
+  if (contributedThresholdKeys.length > 0)
+    contributions["architecture.thresholds"] = contributedThresholdKeys;
+  if (contributedModuleKeys.length > 0)
+    contributions["architecture.modules"] = contributedModuleKeys;
+}
+function mergeSecurityRules(localConfig, bundleRules, config, contributions, conflicts) {
+  const localSecurity = localConfig.security ?? { rules: {} };
+  const localRules = localSecurity.rules ?? {};
+  const mergedRules = { ...localRules };
+  const contributedRuleIds = [];
+  for (const [ruleId, severity] of Object.entries(bundleRules)) {
+    if (!(ruleId in mergedRules)) {
+      mergedRules[ruleId] = severity;
+      contributedRuleIds.push(ruleId);
+    } else if (mergedRules[ruleId] !== severity) {
+      conflicts.push({
+        section: "security.rules",
+        key: ruleId,
+        localValue: mergedRules[ruleId],
+        packageValue: severity,
+        description: `Security rule '${ruleId}' already exists locally with severity '${mergedRules[ruleId]}', bundle has '${severity}'`
+      });
     }
-    config.forbiddenImports = mergedFI;
-    if (contributedFromKeys.length > 0) {
-      contributions.forbiddenImports = contributedFromKeys;
-    }
+  }
+  config.security = { ...localSecurity, rules: mergedRules };
+  if (contributedRuleIds.length > 0) contributions["security.rules"] = contributedRuleIds;
+}
+function deepMergeConstraints(localConfig, bundleConstraints, _existingContributions) {
+  const config = { ...localConfig };
+  const contributions = {};
+  const conflicts = [];
+  if (bundleConstraints.layers && bundleConstraints.layers.length > 0) {
+    mergeLayers(localConfig, bundleConstraints.layers, config, contributions, conflicts);
+  }
+  if (bundleConstraints.forbiddenImports && bundleConstraints.forbiddenImports.length > 0) {
+    mergeForbiddenImports(
+      localConfig,
+      bundleConstraints.forbiddenImports,
+      config,
+      contributions,
+      conflicts
+    );
   }
   if (bundleConstraints.boundaries) {
-    const localBoundaries = localConfig.boundaries ?? { requireSchema: [] };
-    const localSchemas = new Set(localBoundaries.requireSchema ?? []);
-    const bundleSchemas = bundleConstraints.boundaries.requireSchema ?? [];
-    const newSchemas = [];
-    for (const schema of bundleSchemas) {
-      if (!localSchemas.has(schema)) {
-        newSchemas.push(schema);
-        localSchemas.add(schema);
-      }
-    }
-    config.boundaries = {
-      requireSchema: [...localBoundaries.requireSchema ?? [], ...newSchemas]
-    };
-    if (newSchemas.length > 0) {
-      contributions.boundaries = newSchemas;
-    }
+    mergeBoundaries(
+      localConfig,
+      bundleConstraints.boundaries,
+      config,
+      contributions
+    );
   }
   if (bundleConstraints.architecture) {
-    const localArch = localConfig.architecture ?? {
-      thresholds: {},
-      modules: {}
-    };
-    const mergedThresholds = { ...localArch.thresholds };
-    const contributedThresholdKeys = [];
-    const bundleThresholds = bundleConstraints.architecture.thresholds ?? {};
-    for (const [category, value] of Object.entries(bundleThresholds)) {
-      if (!(category in mergedThresholds)) {
-        mergedThresholds[category] = value;
-        contributedThresholdKeys.push(category);
-      } else if (!deepEqual(mergedThresholds[category], value)) {
-        conflicts.push({
-          section: "architecture.thresholds",
-          key: category,
-          localValue: mergedThresholds[category],
-          packageValue: value,
-          description: `Architecture threshold '${category}' already exists locally with a different value`
-        });
-      }
-    }
-    const mergedModules = { ...localArch.modules };
-    const contributedModuleKeys = [];
-    const bundleModules = bundleConstraints.architecture.modules ?? {};
-    for (const [modulePath, bundleCategoryMap] of Object.entries(bundleModules)) {
-      if (!(modulePath in mergedModules)) {
-        mergedModules[modulePath] = bundleCategoryMap;
-        for (const cat of Object.keys(bundleCategoryMap)) {
-          contributedModuleKeys.push(`${modulePath}:${cat}`);
-        }
-      } else {
-        const localCategoryMap = mergedModules[modulePath];
-        const mergedCategoryMap = { ...localCategoryMap };
-        for (const [category, value] of Object.entries(bundleCategoryMap)) {
-          if (!(category in mergedCategoryMap)) {
-            mergedCategoryMap[category] = value;
-            contributedModuleKeys.push(`${modulePath}:${category}`);
-          } else if (!deepEqual(mergedCategoryMap[category], value)) {
-            conflicts.push({
-              section: "architecture.modules",
-              key: `${modulePath}:${category}`,
-              localValue: mergedCategoryMap[category],
-              packageValue: value,
-              description: `Architecture module override '${modulePath}' category '${category}' already exists locally with a different value`
-            });
-          }
-        }
-        mergedModules[modulePath] = mergedCategoryMap;
-      }
-    }
-    config.architecture = {
-      ...localArch,
-      thresholds: mergedThresholds,
-      modules: mergedModules
-    };
-    if (contributedThresholdKeys.length > 0) {
-      contributions["architecture.thresholds"] = contributedThresholdKeys;
-    }
-    if (contributedModuleKeys.length > 0) {
-      contributions["architecture.modules"] = contributedModuleKeys;
-    }
+    mergeArchitecture(
+      localConfig,
+      bundleConstraints.architecture,
+      config,
+      contributions,
+      conflicts
+    );
   }
   if (bundleConstraints.security?.rules) {
-    const localSecurity = localConfig.security ?? { rules: {} };
-    const localRules = localSecurity.rules ?? {};
-    const mergedRules = { ...localRules };
-    const contributedRuleIds = [];
-    for (const [ruleId, severity] of Object.entries(bundleConstraints.security.rules)) {
-      if (!(ruleId in mergedRules)) {
-        mergedRules[ruleId] = severity;
-        contributedRuleIds.push(ruleId);
-      } else if (mergedRules[ruleId] !== severity) {
-        conflicts.push({
-          section: "security.rules",
-          key: ruleId,
-          localValue: mergedRules[ruleId],
-          packageValue: severity,
-          description: `Security rule '${ruleId}' already exists locally with severity '${mergedRules[ruleId]}', bundle has '${severity}'`
-        });
-      }
-    }
-    config.security = { ...localSecurity, rules: mergedRules };
-    if (contributedRuleIds.length > 0) {
-      contributions["security.rules"] = contributedRuleIds;
-    }
+    mergeSecurityRules(
+      localConfig,
+      bundleConstraints.security.rules,
+      config,
+      contributions,
+      conflicts
+    );
   }
   return { config, contributions, conflicts };
 }
@@ -1378,14 +1390,84 @@ function walk(node, visitor) {
     }
   }
 }
+function makeLocation(node) {
+  return {
+    file: "",
+    line: node.loc?.start.line ?? 0,
+    column: node.loc?.start.column ?? 0
+  };
+}
+function processImportSpecifiers(importDecl, imp) {
+  for (const spec of importDecl.specifiers) {
+    if (spec.type === "ImportDefaultSpecifier") {
+      imp.default = spec.local.name;
+    } else if (spec.type === "ImportNamespaceSpecifier") {
+      imp.namespace = spec.local.name;
+    } else if (spec.type === "ImportSpecifier") {
+      imp.specifiers.push(spec.local.name);
+      if (spec.importKind === "type") {
+        imp.kind = "type";
+      }
+    }
+  }
+}
+function getExportedName(exported) {
+  return exported.type === "Identifier" ? exported.name : String(exported.value);
+}
+function processReExportSpecifiers(exportDecl, exports) {
+  for (const spec of exportDecl.specifiers) {
+    if (spec.type !== "ExportSpecifier") continue;
+    exports.push({
+      name: getExportedName(spec.exported),
+      type: "named",
+      location: makeLocation(exportDecl),
+      isReExport: true,
+      source: exportDecl.source.value
+    });
+  }
+}
+function processExportDeclaration(exportDecl, exports) {
+  const decl = exportDecl.declaration;
+  if (!decl) return;
+  if (decl.type === "VariableDeclaration") {
+    for (const declarator of decl.declarations) {
+      if (declarator.id.type === "Identifier") {
+        exports.push({
+          name: declarator.id.name,
+          type: "named",
+          location: makeLocation(decl),
+          isReExport: false
+        });
+      }
+    }
+  } else if ((decl.type === "FunctionDeclaration" || decl.type === "ClassDeclaration") && decl.id) {
+    exports.push({
+      name: decl.id.name,
+      type: "named",
+      location: makeLocation(decl),
+      isReExport: false
+    });
+  }
+}
+function processExportListSpecifiers(exportDecl, exports) {
+  for (const spec of exportDecl.specifiers) {
+    if (spec.type !== "ExportSpecifier") continue;
+    exports.push({
+      name: getExportedName(spec.exported),
+      type: "named",
+      location: makeLocation(exportDecl),
+      isReExport: false
+    });
+  }
+}
 var TypeScriptParser = class {
   name = "typescript";
   extensions = [".ts", ".tsx", ".mts", ".cts"];
-  async parseFile(path20) {
-    const contentResult = await readFileContent(path20);
+  async parseFile(path22) {
+    const contentResult = await readFileContent(path22);
     if (!contentResult.ok) {
       return Err(
-        createParseError("NOT_FOUND", `File not found: ${path20}`, { path: path20 }, [
+        createParseError("NOT_FOUND", `File not found: ${path22}`, { path: path22 }, [
           "Check that the file exists",
           "Verify the path is correct"
         ])
@@ -1395,7 +1477,7 @@ var TypeScriptParser = class {
       const ast = parse(contentResult.value, {
         loc: true,
         range: true,
-        jsx: path20.endsWith(".tsx"),
+        jsx: path22.endsWith(".tsx"),
         errorOnUnknownASTType: false
       });
       return Ok({
@@ -1406,7 +1488,7 @@ var TypeScriptParser = class {
     } catch (e) {
       const error = e;
       return Err(
-        createParseError("SYNTAX_ERROR", `Failed to parse ${path20}: ${error.message}`, { path: path20 }, [
+        createParseError("SYNTAX_ERROR", `Failed to parse ${path22}: ${error.message}`, { path: path22 }, [
           "Check for syntax errors in the file",
           "Ensure valid TypeScript syntax"
         ])
@@ -1422,26 +1504,12 @@ var TypeScriptParser = class {
         const imp = {
           source: importDecl.source.value,
           specifiers: [],
-          location: {
-            file: "",
-            line: importDecl.loc?.start.line ?? 0,
-            column: importDecl.loc?.start.column ?? 0
-          },
+          location: makeLocation(importDecl),
           kind: importDecl.importKind === "type" ? "type" : "value"
         };
-        for (const spec of importDecl.specifiers) {
-          if (spec.type === "ImportDefaultSpecifier") {
-            imp.default = spec.local.name;
-          } else if (spec.type === "ImportNamespaceSpecifier") {
-            imp.namespace = spec.local.name;
-          } else if (spec.type === "ImportSpecifier") {
-            imp.specifiers.push(spec.local.name);
-            if (spec.importKind === "type") {
-              imp.kind = "type";
-            }
-          }
-        }
+        processImportSpecifiers(importDecl, imp);
         imports.push(imp);
+        return;
       }
       if (node.type === "ImportExpression") {
         const importExpr = node;
@@ -1449,11 +1517,7 @@ var TypeScriptParser = class {
           imports.push({
             source: importExpr.source.value,
             specifiers: [],
-            location: {
-              file: "",
-              line: importExpr.loc?.start.line ?? 0,
-              column: importExpr.loc?.start.column ?? 0
-            },
+            location: makeLocation(importExpr),
             kind: "value"
           });
         }
@@ -1468,97 +1532,29 @@ var TypeScriptParser = class {
       if (node.type === "ExportNamedDeclaration") {
         const exportDecl = node;
         if (exportDecl.source) {
-          for (const spec of exportDecl.specifiers) {
-            if (spec.type === "ExportSpecifier") {
-              const exported = spec.exported;
-              const name = exported.type === "Identifier" ? exported.name : String(exported.value);
-              exports.push({
-                name,
-                type: "named",
-                location: {
-                  file: "",
-                  line: exportDecl.loc?.start.line ?? 0,
-                  column: exportDecl.loc?.start.column ?? 0
-                },
-                isReExport: true,
-                source: exportDecl.source.value
-              });
-            }
-          }
+          processReExportSpecifiers(exportDecl, exports);
           return;
         }
-        if (exportDecl.declaration) {
-          const decl = exportDecl.declaration;
-          if (decl.type === "VariableDeclaration") {
-            for (const declarator of decl.declarations) {
-              if (declarator.id.type === "Identifier") {
-                exports.push({
-                  name: declarator.id.name,
-                  type: "named",
-                  location: {
-                    file: "",
-                    line: decl.loc?.start.line ?? 0,
-                    column: decl.loc?.start.column ?? 0
-                  },
-                  isReExport: false
-                });
-              }
-            }
-          } else if (decl.type === "FunctionDeclaration" || decl.type === "ClassDeclaration") {
-            if (decl.id) {
-              exports.push({
-                name: decl.id.name,
-                type: "named",
-                location: {
-                  file: "",
-                  line: decl.loc?.start.line ?? 0,
-                  column: decl.loc?.start.column ?? 0
-                },
-                isReExport: false
-              });
-            }
-          }
-        }
-        for (const spec of exportDecl.specifiers) {
-          if (spec.type === "ExportSpecifier") {
-            const exported = spec.exported;
-            const name = exported.type === "Identifier" ? exported.name : String(exported.value);
-            exports.push({
-              name,
-              type: "named",
-              location: {
-                file: "",
-                line: exportDecl.loc?.start.line ?? 0,
-                column: exportDecl.loc?.start.column ?? 0
-              },
-              isReExport: false
-            });
-          }
-        }
+        processExportDeclaration(exportDecl, exports);
+        processExportListSpecifiers(exportDecl, exports);
+        return;
       }
       if (node.type === "ExportDefaultDeclaration") {
         const exportDecl = node;
         exports.push({
           name: "default",
           type: "default",
-          location: {
-            file: "",
-            line: exportDecl.loc?.start.line ?? 0,
-            column: exportDecl.loc?.start.column ?? 0
-          },
+          location: makeLocation(exportDecl),
           isReExport: false
         });
+        return;
       }
       if (node.type === "ExportAllDeclaration") {
         const exportDecl = node;
         exports.push({
           name: exportDecl.exported?.name ?? "*",
           type: "namespace",
-          location: {
-            file: "",
-            line: exportDecl.loc?.start.line ?? 0,
-            column: exportDecl.loc?.start.column ?? 0
-          },
+          location: makeLocation(exportDecl),
           isReExport: true,
           source: exportDecl.source.value
         });
@@ -1572,12 +1568,29 @@ var TypeScriptParser = class {
 };
 
 // src/entropy/snapshot.ts
-import { join as join3, resolve, relative as relative4 } from "path";
+import { join as join3, resolve } from "path";
 import { minimatch as minimatch2 } from "minimatch";
+function collectFieldEntries(rootDir, field) {
+  if (typeof field === "string") return [resolve(rootDir, field)];
+  if (typeof field === "object" && field !== null) {
+    return Object.values(field).filter((v) => typeof v === "string").map((v) => resolve(rootDir, v));
+  }
+  return [];
+}
+function extractPackageEntries(rootDir, pkg) {
+  const entries = [];
+  entries.push(...collectFieldEntries(rootDir, pkg["exports"]));
+  if (entries.length === 0 && typeof pkg["main"] === "string") {
+    entries.push(resolve(rootDir, pkg["main"]));
+  }
+  if (pkg["bin"]) {
+    entries.push(...collectFieldEntries(rootDir, pkg["bin"]));
+  }
+  return entries;
+}
 async function resolveEntryPoints(rootDir, explicitEntries) {
   if (explicitEntries && explicitEntries.length > 0) {
-    const resolved = explicitEntries.map((e) => resolve(rootDir, e));
-    return Ok(resolved);
+    return Ok(explicitEntries.map((e) => resolve(rootDir, e)));
   }
   const pkgPath = join3(rootDir, "package.json");
   if (await fileExists(pkgPath)) {
@@ -1585,38 +1598,8 @@ async function resolveEntryPoints(rootDir, explicitEntries) {
     if (pkgContent.ok) {
       try {
         const pkg = JSON.parse(pkgContent.value);
-        const entries = [];
-        if (pkg["exports"]) {
-          const exports = pkg["exports"];
-          if (typeof exports === "string") {
-            entries.push(resolve(rootDir, exports));
-          } else if (typeof exports === "object" && exports !== null) {
-            for (const value of Object.values(exports)) {
-              if (typeof value === "string") {
-                entries.push(resolve(rootDir, value));
-              }
-            }
-          }
-        }
-        const main = pkg["main"];
-        if (typeof main === "string" && entries.length === 0) {
-          entries.push(resolve(rootDir, main));
-        }
-        const bin = pkg["bin"];
-        if (bin) {
-          if (typeof bin === "string") {
-            entries.push(resolve(rootDir, bin));
-          } else if (typeof bin === "object") {
-            for (const value of Object.values(bin)) {
-              if (typeof value === "string") {
-                entries.push(resolve(rootDir, value));
-              }
-            }
-          }
-        }
-        if (entries.length > 0) {
-          return Ok(entries);
-        }
+        const entries = extractPackageEntries(rootDir, pkg);
+        if (entries.length > 0) return Ok(entries);
       } catch {
       }
     }
@@ -1690,66 +1673,49 @@ function extractInlineRefs(content) {
   }
   return refs;
 }
-async function parseDocumentationFile(path20) {
-  const contentResult = await readFileContent(path20);
+async function parseDocumentationFile(path22) {
+  const contentResult = await readFileContent(path22);
   if (!contentResult.ok) {
     return Err(
       createEntropyError(
         "PARSE_ERROR",
-        `Failed to read documentation file: ${path20}`,
-        { file: path20 },
+        `Failed to read documentation file: ${path22}`,
+        { file: path22 },
         ["Check that the file exists"]
       )
     );
   }
   const content = contentResult.value;
-  const type = path20.endsWith(".md") ? "markdown" : "text";
+  const type = path22.endsWith(".md") ? "markdown" : "text";
   return Ok({
-    path: path20,
+    path: path22,
     type,
     content,
     codeBlocks: extractCodeBlocks(content),
     inlineRefs: extractInlineRefs(content)
   });
 }
+function makeInternalSymbol(name, type, line) {
+  return { name, type, line, references: 0, calledBy: [] };
+}
+function extractSymbolsFromNode(node) {
+  const line = node.loc?.start?.line || 0;
+  if (node.type === "FunctionDeclaration" && node.id?.name) {
+    return [makeInternalSymbol(node.id.name, "function", line)];
+  }
+  if (node.type === "VariableDeclaration") {
+    return (node.declarations || []).filter((decl) => decl.id?.name).map((decl) => makeInternalSymbol(decl.id.name, "variable", line));
+  }
+  if (node.type === "ClassDeclaration" && node.id?.name) {
+    return [makeInternalSymbol(node.id.name, "class", line)];
+  }
+  return [];
+}
 function extractInternalSymbols(ast) {
-  const symbols = [];
   const body = ast.body;
-  if (!body?.body) return symbols;
-  for (const node of body.body) {
-    if (node.type === "FunctionDeclaration" && node.id?.name) {
-      symbols.push({
-        name: node.id.name,
-        type: "function",
-        line: node.loc?.start?.line || 0,
-        references: 0,
-        calledBy: []
-      });
-    }
-    if (node.type === "VariableDeclaration") {
-      for (const decl of node.declarations || []) {
-        if (decl.id?.name) {
-          symbols.push({
-            name: decl.id.name,
-            type: "variable",
-            line: node.loc?.start?.line || 0,
-            references: 0,
-            calledBy: []
-          });
-        }
-      }
-    }
-    if (node.type === "ClassDeclaration" && node.id?.name) {
-      symbols.push({
-        name: node.id.name,
-        type: "class",
-        line: node.loc?.start?.line || 0,
-        references: 0,
-        calledBy: []
-      });
-    }
-  }
-  return symbols;
+  if (!body?.body) return [];
+  const nodes = body.body;
+  return nodes.flatMap(extractSymbolsFromNode);
 }
 function extractJSDocComments(ast) {
   const comments = [];
@@ -1836,7 +1802,7 @@ async function buildSnapshot(config) {
     sourceFilePaths.push(...files2);
   }
   sourceFilePaths = sourceFilePaths.filter((f) => {
-    const rel = relative4(rootDir, f);
+    const rel = relativePosix(rootDir, f);
     return !excludePatterns.some((p) => minimatch2(rel, p));
   });
   const files = [];
@@ -1890,27 +1856,34 @@ async function buildSnapshot(config) {
 
 // src/entropy/detectors/drift.ts
 import { dirname as dirname3, resolve as resolve2 } from "path";
-function levenshteinDistance(a, b) {
+function initLevenshteinMatrix(aLen, bLen) {
   const matrix = [];
-  for (let i = 0; i <= b.length; i++) {
+  for (let i = 0; i <= bLen; i++) {
     matrix[i] = [i];
   }
-  for (let j = 0; j <= a.length; j++) {
-    const row = matrix[0];
-    if (row) {
-      row[j] = j;
+  const firstRow = matrix[0];
+  if (firstRow) {
+    for (let j = 0; j <= aLen; j++) {
+      firstRow[j] = j;
     }
   }
+  return matrix;
+}
+function computeLevenshteinCell(row, prevRow, j, charsMatch) {
+  if (charsMatch) {
+    row[j] = prevRow[j - 1] ?? 0;
+  } else {
+    row[j] = Math.min((prevRow[j - 1] ?? 0) + 1, (row[j - 1] ?? 0) + 1, (prevRow[j] ?? 0) + 1);
+  }
+}
+function levenshteinDistance(a, b) {
+  const matrix = initLevenshteinMatrix(a.length, b.length);
   for (let i = 1; i <= b.length; i++) {
     for (let j = 1; j <= a.length; j++) {
       const row = matrix[i];
       const prevRow = matrix[i - 1];
       if (!row || !prevRow) continue;
-      if (b.charAt(i - 1) === a.charAt(j - 1)) {
-        row[j] = prevRow[j - 1] ?? 0;
-      } else {
-        row[j] = Math.min((prevRow[j - 1] ?? 0) + 1, (row[j - 1] ?? 0) + 1, (prevRow[j] ?? 0) + 1);
-      }
+      computeLevenshteinCell(row, prevRow, j, b.charAt(i - 1) === a.charAt(j - 1));
     }
   }
   const lastRow = matrix[b.length];
@@ -2196,32 +2169,27 @@ function findDeadExports(snapshot, usageMap, reachability) {
   }
   return deadExports;
 }
-function countLinesFromAST(ast) {
-  if (ast.body && Array.isArray(ast.body)) {
-    let maxLine = 0;
-    const traverse = (node) => {
-      if (node && typeof node === "object") {
-        const n = node;
-        if (n.loc?.end?.line && n.loc.end.line > maxLine) {
-          maxLine = n.loc.end.line;
-        }
-        for (const key of Object.keys(node)) {
-          const value = node[key];
-          if (Array.isArray(value)) {
-            for (const item of value) {
-              traverse(item);
-            }
-          } else if (value && typeof value === "object") {
-            traverse(value);
-          }
-        }
+function findMaxLineInNode(node) {
+  if (!node || typeof node !== "object") return 0;
+  const n = node;
+  let maxLine = n.loc?.end?.line ?? 0;
+  for (const key of Object.keys(node)) {
+    const value = node[key];
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        maxLine = Math.max(maxLine, findMaxLineInNode(item));
       }
-    };
-    traverse(ast);
-    if (maxLine > 0) return maxLine;
-    return Math.max(ast.body.length * 3, 1);
+    } else if (value && typeof value === "object") {
+      maxLine = Math.max(maxLine, findMaxLineInNode(value));
+    }
   }
-  return 1;
+  return maxLine;
+}
+function countLinesFromAST(ast) {
+  if (!ast.body || !Array.isArray(ast.body)) return 1;
+  const maxLine = findMaxLineInNode(ast);
+  if (maxLine > 0) return maxLine;
+  return Math.max(ast.body.length * 3, 1);
 }
 function findDeadFiles(snapshot, reachability) {
   const deadFiles = [];
@@ -2368,135 +2336,150 @@ async function detectDeadCode(snapshot, graphDeadCodeData) {
 
 // src/entropy/detectors/patterns.ts
 import { minimatch as minimatch3 } from "minimatch";
-import { relative as relative5 } from "path";
 function fileMatchesPattern(filePath, pattern, rootDir) {
-  const relativePath = relative5(rootDir, filePath);
+  const relativePath = relativePosix(rootDir, filePath);
   return minimatch3(relativePath, pattern);
 }
-function checkConfigPattern(pattern, file, rootDir) {
+var CONVENTION_DESCRIPTIONS = {
+  camelCase: "camelCase (e.g., myFunction)",
+  PascalCase: "PascalCase (e.g., MyClass)",
+  UPPER_SNAKE: "UPPER_SNAKE_CASE (e.g., MY_CONSTANT)",
+  "kebab-case": "kebab-case (e.g., my-component)"
+};
+function checkMustExport(rule, file, message) {
+  if (rule.type !== "must-export") return [];
   const matches = [];
-  const fileMatches = pattern.files.some((glob) => fileMatchesPattern(file.path, glob, rootDir));
-  if (!fileMatches) {
-    return matches;
-  }
-  const rule = pattern.rule;
-  switch (rule.type) {
-    case "must-export": {
-      for (const name of rule.names) {
-        const hasExport = file.exports.some((e) => e.name === name);
-        if (!hasExport) {
-          matches.push({
-            line: 1,
-            message: pattern.message || `Missing required export: "${name}"`,
-            suggestion: `Add export for "${name}"`
-          });
-        }
-      }
-      break;
-    }
-    case "must-export-default": {
-      const hasDefault = file.exports.some((e) => e.type === "default");
-      if (!hasDefault) {
-        matches.push({
-          line: 1,
-          message: pattern.message || "File must have a default export",
-          suggestion: "Add a default export"
-        });
-      }
-      break;
-    }
-    case "no-export": {
-      for (const name of rule.names) {
-        const exp = file.exports.find((e) => e.name === name);
-        if (exp) {
-          matches.push({
-            line: exp.location.line,
-            message: pattern.message || `Forbidden export: "${name}"`,
-            suggestion: `Remove export "${name}"`
-          });
-        }
-      }
-      break;
+  for (const name of rule.names) {
+    if (!file.exports.some((e) => e.name === name)) {
+      matches.push({
+        line: 1,
+        message: message || `Missing required export: "${name}"`,
+        suggestion: `Add export for "${name}"`
+      });
     }
-    case "must-import": {
-      const hasImport = file.imports.some(
-        (i) => i.source === rule.from || i.source.endsWith(rule.from)
-      );
-      if (!hasImport) {
-        matches.push({
-          line: 1,
-          message: pattern.message || `Missing required import from "${rule.from}"`,
-          suggestion: `Add import from "${rule.from}"`
-        });
+  }
+  return matches;
+}
+function checkMustExportDefault(_rule, file, message) {
+  if (!file.exports.some((e) => e.type === "default")) {
+    return [
+      {
+        line: 1,
+        message: message || "File must have a default export",
+        suggestion: "Add a default export"
       }
-      break;
+    ];
+  }
+  return [];
+}
+function checkNoExport(rule, file, message) {
+  if (rule.type !== "no-export") return [];
+  const matches = [];
+  for (const name of rule.names) {
+    const exp = file.exports.find((e) => e.name === name);
+    if (exp) {
+      matches.push({
+        line: exp.location.line,
+        message: message || `Forbidden export: "${name}"`,
+        suggestion: `Remove export "${name}"`
+      });
     }
-    case "no-import": {
-      const forbiddenImport = file.imports.find(
-        (i) => i.source === rule.from || i.source.endsWith(rule.from)
-      );
-      if (forbiddenImport) {
-        matches.push({
-          line: forbiddenImport.location.line,
-          message: pattern.message || `Forbidden import from "${rule.from}"`,
-          suggestion: `Remove import from "${rule.from}"`
-        });
+  }
+  return matches;
+}
+function checkMustImport(rule, file, message) {
+  if (rule.type !== "must-import") return [];
+  const hasImport = file.imports.some(
+    (i) => i.source === rule.from || i.source.endsWith(rule.from)
+  );
+  if (!hasImport) {
+    return [
+      {
+        line: 1,
+        message: message || `Missing required import from "${rule.from}"`,
+        suggestion: `Add import from "${rule.from}"`
       }
-      break;
-    }
-    case "naming": {
-      const regex = new RegExp(rule.match);
-      for (const exp of file.exports) {
-        if (!regex.test(exp.name)) {
-          let expected = "";
-          switch (rule.convention) {
-            case "camelCase":
-              expected = "camelCase (e.g., myFunction)";
-              break;
-            case "PascalCase":
-              expected = "PascalCase (e.g., MyClass)";
-              break;
-            case "UPPER_SNAKE":
-              expected = "UPPER_SNAKE_CASE (e.g., MY_CONSTANT)";
-              break;
-            case "kebab-case":
-              expected = "kebab-case (e.g., my-component)";
-              break;
-          }
-          matches.push({
-            line: exp.location.line,
-            message: pattern.message || `"${exp.name}" does not follow ${rule.convention} convention`,
-            suggestion: `Rename to follow ${expected}`
-          });
-        }
+    ];
+  }
+  return [];
+}
+function checkNoImport(rule, file, message) {
+  if (rule.type !== "no-import") return [];
+  const forbiddenImport = file.imports.find(
+    (i) => i.source === rule.from || i.source.endsWith(rule.from)
+  );
+  if (forbiddenImport) {
+    return [
+      {
+        line: forbiddenImport.location.line,
+        message: message || `Forbidden import from "${rule.from}"`,
+        suggestion: `Remove import from "${rule.from}"`
       }
-      break;
+    ];
+  }
+  return [];
+}
+function checkNaming(rule, file, message) {
+  if (rule.type !== "naming") return [];
+  const regex = new RegExp(rule.match);
+  const matches = [];
+  for (const exp of file.exports) {
+    if (!regex.test(exp.name)) {
+      const expected = CONVENTION_DESCRIPTIONS[rule.convention] ?? rule.convention;
+      matches.push({
+        line: exp.location.line,
+        message: message || `"${exp.name}" does not follow ${rule.convention} convention`,
+        suggestion: `Rename to follow ${expected}`
+      });
     }
-    case "max-exports": {
-      if (file.exports.length > rule.count) {
-        matches.push({
-          line: 1,
-          message: pattern.message || `File has ${file.exports.length} exports, max is ${rule.count}`,
-          suggestion: `Split into multiple files or reduce exports to ${rule.count}`
-        });
+  }
+  return matches;
+}
+function checkMaxExports(rule, file, message) {
+  if (rule.type !== "max-exports") return [];
+  if (file.exports.length > rule.count) {
+    return [
+      {
+        line: 1,
+        message: message || `File has ${file.exports.length} exports, max is ${rule.count}`,
+        suggestion: `Split into multiple files or reduce exports to ${rule.count}`
       }
-      break;
-    }
-    case "max-lines": {
-      break;
-    }
-    case "require-jsdoc": {
-      if (file.jsDocComments.length === 0 && file.exports.length > 0) {
-        matches.push({
-          line: 1,
-          message: pattern.message || "Exported symbols require JSDoc documentation",
-          suggestion: "Add JSDoc comments to exports"
-        });
+    ];
+  }
+  return [];
+}
+function checkMaxLines(_rule, _file, _message) {
+  return [];
+}
+function checkRequireJsdoc(_rule, file, message) {
+  if (file.jsDocComments.length === 0 && file.exports.length > 0) {
+    return [
+      {
+        line: 1,
+        message: message || "Exported symbols require JSDoc documentation",
+        suggestion: "Add JSDoc comments to exports"
       }
-      break;
-    }
+    ];
   }
-  return matches;
+  return [];
+}
+var RULE_CHECKERS = {
+  "must-export": checkMustExport,
+  "must-export-default": checkMustExportDefault,
+  "no-export": checkNoExport,
+  "must-import": checkMustImport,
+  "no-import": checkNoImport,
+  naming: checkNaming,
+  "max-exports": checkMaxExports,
+  "max-lines": checkMaxLines,
+  "require-jsdoc": checkRequireJsdoc
+};
+function checkConfigPattern(pattern, file, rootDir) {
+  const fileMatches = pattern.files.some((glob) => fileMatchesPattern(file.path, glob, rootDir));
+  if (!fileMatches) return [];
+  const checker = RULE_CHECKERS[pattern.rule.type];
+  if (!checker) return [];
+  return checker(pattern.rule, file, pattern.message);
 }
 async function detectPatternViolations(snapshot, config) {
   const violations = [];
@@ -3015,19 +2998,37 @@ function createUnusedImportFixes(deadCodeReport) {
     reversible: true
   }));
 }
-function createDeadExportFixes(deadCodeReport) {
-  return deadCodeReport.deadExports.filter((exp) => exp.reason === "NO_IMPORTERS").map((exp) => ({
-    type: "dead-exports",
-    file: exp.file,
-    description: `Remove export keyword from ${exp.name} (${exp.reason})`,
-    action: "replace",
-    oldContent: exp.isDefault ? `export default ${exp.type === "class" ? "class" : exp.type === "function" ? "function" : ""} ${exp.name}` : `export ${exp.type === "class" ? "class" : exp.type === "function" ? "function" : exp.type === "variable" ? "const" : exp.type === "type" ? "type" : exp.type === "interface" ? "interface" : "enum"} ${exp.name}`,
-    newContent: exp.isDefault ? `${exp.type === "class" ? "class" : exp.type === "function" ? "function" : ""} ${exp.name}` : `${exp.type === "class" ? "class" : exp.type === "function" ? "function" : exp.type === "variable" ? "const" : exp.type === "type" ? "type" : exp.type === "interface" ? "interface" : "enum"} ${exp.name}`,
-    safe: true,
-    reversible: true
-  }));
+var EXPORT_TYPE_KEYWORD = {
+  class: "class",
+  function: "function",
+  variable: "const",
+  type: "type",
+  interface: "interface",
+  enum: "enum"
+};
+function getExportKeyword(exportType) {
+  return EXPORT_TYPE_KEYWORD[exportType] ?? "enum";
 }
-function createCommentedCodeFixes(blocks) {
+function getDefaultExportKeyword(exportType) {
+  if (exportType === "class" || exportType === "function") return exportType;
+  return "";
+}
+function createDeadExportFixes(deadCodeReport) {
+  return deadCodeReport.deadExports.filter((exp) => exp.reason === "NO_IMPORTERS").map((exp) => {
+    const keyword = exp.isDefault ? getDefaultExportKeyword(exp.type) : getExportKeyword(exp.type);
+    return {
+      type: "dead-exports",
+      file: exp.file,
+      description: `Remove export keyword from ${exp.name} (${exp.reason})`,
+      action: "replace",
+      oldContent: exp.isDefault ? `export default ${keyword} ${exp.name}` : `export ${keyword} ${exp.name}`,
+      newContent: `${keyword} ${exp.name}`,
+      safe: true,
+      reversible: true
+    };
+  });
+}
+function createCommentedCodeFixes(blocks) {
   return blocks.map((block) => ({
     type: "commented-code",
     file: block.file,
@@ -3204,53 +3205,80 @@ var ALWAYS_UNSAFE_TYPES = /* @__PURE__ */ new Set([
   "dead-internal"
 ]);
 var idCounter = 0;
+var DEAD_CODE_FIX_ACTIONS = {
+  "dead-export": "Remove export keyword",
+  "dead-file": "Delete file",
+  "commented-code": "Delete commented block",
+  "unused-import": "Remove import"
+};
+function classifyDeadCode(input) {
+  if (input.isPublicApi) {
+    return {
+      safety: "unsafe",
+      safetyReason: "Public API export may have external consumers",
+      suggestion: "Deprecate before removing"
+    };
+  }
+  const fixAction = DEAD_CODE_FIX_ACTIONS[input.type];
+  if (fixAction) {
+    return {
+      safety: "safe",
+      safetyReason: "zero importers, non-public",
+      fixAction,
+      suggestion: fixAction
+    };
+  }
+  if (input.type === "orphaned-dep") {
+    return {
+      safety: "probably-safe",
+      safetyReason: "No imports found, but needs install+test verification",
+      fixAction: "Remove from package.json",
+      suggestion: "Remove from package.json"
+    };
+  }
+  return {
+    safety: "unsafe",
+    safetyReason: "Unknown dead code type",
+    suggestion: "Manual review required"
+  };
+}
+function classifyArchitecture(input) {
+  if (input.type === "import-ordering") {
+    return {
+      safety: "safe",
+      safetyReason: "Mechanical reorder, no semantic change",
+      fixAction: "Reorder imports",
+      suggestion: "Reorder imports"
+    };
+  }
+  if (input.type === "forbidden-import" && input.hasAlternative) {
+    return {
+      safety: "probably-safe",
+      safetyReason: "Alternative configured, needs typecheck+test",
+      fixAction: "Replace with configured alternative",
+      suggestion: "Replace with configured alternative"
+    };
+  }
+  return {
+    safety: "unsafe",
+    safetyReason: `${input.type} requires structural changes`,
+    suggestion: "Restructure code to fix violation"
+  };
+}
 function classifyFinding(input) {
   idCounter++;
   const id = `${input.concern === "dead-code" ? "dc" : "arch"}-${idCounter}`;
-  let safety;
-  let safetyReason;
-  let fixAction;
-  let suggestion;
+  let classification;
   if (ALWAYS_UNSAFE_TYPES.has(input.type)) {
-    safety = "unsafe";
-    safetyReason = `${input.type} requires human judgment`;
-    suggestion = "Review and refactor manually";
+    classification = {
+      safety: "unsafe",
+      safetyReason: `${input.type} requires human judgment`,
+      suggestion: "Review and refactor manually"
+    };
   } else if (input.concern === "dead-code") {
-    if (input.isPublicApi) {
-      safety = "unsafe";
-      safetyReason = "Public API export may have external consumers";
-      suggestion = "Deprecate before removing";
-    } else if (input.type === "dead-export" || input.type === "unused-import" || input.type === "commented-code" || input.type === "dead-file") {
-      safety = "safe";
-      safetyReason = "zero importers, non-public";
-      fixAction = input.type === "dead-export" ? "Remove export keyword" : input.type === "dead-file" ? "Delete file" : input.type === "commented-code" ? "Delete commented block" : "Remove import";
-      suggestion = fixAction;
-    } else if (input.type === "orphaned-dep") {
-      safety = "probably-safe";
-      safetyReason = "No imports found, but needs install+test verification";
-      fixAction = "Remove from package.json";
-      suggestion = fixAction;
-    } else {
-      safety = "unsafe";
-      safetyReason = "Unknown dead code type";
-      suggestion = "Manual review required";
-    }
+    classification = classifyDeadCode(input);
   } else {
-    if (input.type === "import-ordering") {
-      safety = "safe";
-      safetyReason = "Mechanical reorder, no semantic change";
-      fixAction = "Reorder imports";
-      suggestion = fixAction;
-    } else if (input.type === "forbidden-import" && input.hasAlternative) {
-      safety = "probably-safe";
-      safetyReason = "Alternative configured, needs typecheck+test";
-      fixAction = "Replace with configured alternative";
-      suggestion = fixAction;
-    } else {
-      safety = "unsafe";
-      safetyReason = `${input.type} requires structural changes`;
-      suggestion = "Restructure code to fix violation";
-    }
+    classification = classifyArchitecture(input);
   }
   return {
     id,
@@ -3259,11 +3287,11 @@ function classifyFinding(input) {
     ...input.line !== void 0 ? { line: input.line } : {},
     type: input.type,
     description: input.description,
-    safety,
-    safetyReason,
+    safety: classification.safety,
+    safetyReason: classification.safetyReason,
     hotspotDowngraded: false,
-    ...fixAction !== void 0 ? { fixAction } : {},
-    suggestion
+    ...classification.fixAction !== void 0 ? { fixAction: classification.fixAction } : {},
+    suggestion: classification.suggestion
   };
 }
 function applyHotspotDowngrade(finding, hotspot) {
@@ -3557,43 +3585,57 @@ var BenchmarkRunner = class {
       };
     }
   }
+  /**
+   * Extract a BenchmarkResult from a single assertion with benchmark data.
+   */
+  parseBenchAssertion(assertion, file) {
+    if (!assertion.benchmark) return null;
+    const bench = assertion.benchmark;
+    return {
+      name: assertion.fullName || assertion.title || "unknown",
+      file: file.replace(process.cwd() + "/", ""),
+      opsPerSec: Math.round(bench.hz || 0),
+      meanMs: bench.mean ? bench.mean * 1e3 : 0,
+      p99Ms: bench.p99 ? bench.p99 * 1e3 : bench.mean ? bench.mean * 1e3 * 1.5 : 0,
+      marginOfError: bench.rme ? bench.rme / 100 : 0.05
+    };
+  }
+  /**
+   * Extract JSON from output that may contain non-JSON preamble.
+   */
+  extractJson(output) {
+    const jsonStart = output.indexOf("{");
+    const jsonEnd = output.lastIndexOf("}");
+    if (jsonStart === -1 || jsonEnd === -1) return null;
+    return JSON.parse(output.slice(jsonStart, jsonEnd + 1));
+  }
   /**
    * Parse vitest bench JSON reporter output into BenchmarkResult[].
    * Vitest bench JSON output contains testResults with benchmark data.
    */
-  parseVitestBenchOutput(output) {
+  collectAssertionResults(testResults) {
     const results = [];
-    try {
-      const jsonStart = output.indexOf("{");
-      const jsonEnd = output.lastIndexOf("}");
-      if (jsonStart === -1 || jsonEnd === -1) return results;
-      const jsonStr = output.slice(jsonStart, jsonEnd + 1);
-      const parsed = JSON.parse(jsonStr);
-      if (parsed.testResults) {
-        for (const testResult of parsed.testResults) {
-          const file = testResult.name || testResult.filepath || "";
-          if (testResult.assertionResults) {
-            for (const assertion of testResult.assertionResults) {
-              if (assertion.benchmark) {
-                const bench = assertion.benchmark;
-                results.push({
-                  name: assertion.fullName || assertion.title || "unknown",
-                  file: file.replace(process.cwd() + "/", ""),
-                  opsPerSec: Math.round(bench.hz || 0),
-                  meanMs: bench.mean ? bench.mean * 1e3 : 0,
-                  // p99: use actual p99 if available, otherwise estimate as 1.5× mean
-                  p99Ms: bench.p99 ? bench.p99 * 1e3 : bench.mean ? bench.mean * 1e3 * 1.5 : 0,
-                  marginOfError: bench.rme ? bench.rme / 100 : 0.05
-                });
-              }
-            }
-          }
-        }
+    for (const testResult of testResults) {
+      const file = testResult.name || testResult.filepath || "";
+      const assertions = testResult.assertionResults ?? [];
+      for (const assertion of assertions) {
+        const result = this.parseBenchAssertion(assertion, file);
+        if (result) results.push(result);
       }
-    } catch {
     }
     return results;
   }
+  parseVitestBenchOutput(output) {
+    try {
+      const parsed = this.extractJson(output);
+      if (!parsed) return [];
+      const testResults = parsed.testResults;
+      if (!testResults) return [];
+      return this.collectAssertionResults(testResults);
+    } catch {
+      return [];
+    }
+  }
 };
 
 // src/performance/regression-detector.ts
@@ -3903,39 +3945,31 @@ function resetFeedbackConfig() {
 }
 
 // src/feedback/review/diff-analyzer.ts
+function detectFileStatus(part) {
+  if (/new file mode/.test(part)) return "added";
+  if (/deleted file mode/.test(part)) return "deleted";
+  if (part.includes("rename from")) return "renamed";
+  return "modified";
+}
+function parseDiffPart(part) {
+  if (!part.trim()) return null;
+  const headerMatch = /diff --git a\/(.+?) b\/(.+?)(?:\n|$)/.exec(part);
+  if (!headerMatch || !headerMatch[2]) return null;
+  const additionRegex = /^\+(?!\+\+)/gm;
+  const deletionRegex = /^-(?!--)/gm;
+  return {
+    path: headerMatch[2],
+    status: detectFileStatus(part),
+    additions: (part.match(additionRegex) || []).length,
+    deletions: (part.match(deletionRegex) || []).length
+  };
+}
 function parseDiff(diff2) {
   try {
     if (!diff2.trim()) {
       return Ok({ diff: diff2, files: [] });
     }
-    const files = [];
-    const newFileRegex = /new file mode/;
-    const deletedFileRegex = /deleted file mode/;
-    const additionRegex = /^\+(?!\+\+)/gm;
-    const deletionRegex = /^-(?!--)/gm;
-    const diffParts = diff2.split(/(?=diff --git)/);
-    for (const part of diffParts) {
-      if (!part.trim()) continue;
-      const headerMatch = /diff --git a\/(.+?) b\/(.+?)(?:\n|$)/.exec(part);
-      if (!headerMatch || !headerMatch[2]) continue;
-      const filePath = headerMatch[2];
-      let status = "modified";
-      if (newFileRegex.test(part)) {
-        status = "added";
-      } else if (deletedFileRegex.test(part)) {
-        status = "deleted";
-      } else if (part.includes("rename from")) {
-        status = "renamed";
-      }
-      const additions = (part.match(additionRegex) || []).length;
-      const deletions = (part.match(deletionRegex) || []).length;
-      files.push({
-        path: filePath,
-        status,
-        additions,
-        deletions
-      });
-    }
+    const files = diff2.split(/(?=diff --git)/).map(parseDiffPart).filter((f) => f !== null);
     return Ok({ diff: diff2, files });
   } catch (error) {
     return Err({
@@ -4101,107 +4135,123 @@ var ChecklistBuilder = class {
     this.graphImpactData = graphImpactData;
     return this;
   }
-  async run(changes) {
-    const startTime = Date.now();
+  /**
+   * Build a single harness check item with or without graph data.
+   */
+  buildHarnessCheckItem(id, check, fallbackDetails, graphItemBuilder) {
+    if (this.graphHarnessData && graphItemBuilder) {
+      return graphItemBuilder();
+    }
+    return {
+      id,
+      category: "harness",
+      check,
+      passed: true,
+      severity: "info",
+      details: fallbackDetails
+    };
+  }
+  /**
+   * Build all harness check items based on harnessOptions and graph data.
+   */
+  buildHarnessItems() {
+    if (!this.harnessOptions) return [];
     const items = [];
-    if (this.harnessOptions) {
-      if (this.harnessOptions.context !== false) {
-        if (this.graphHarnessData) {
-          items.push({
-            id: "harness-context",
-            category: "harness",
-            check: "Context validation",
-            passed: this.graphHarnessData.graphExists && this.graphHarnessData.nodeCount > 0,
-            severity: "info",
-            details: this.graphHarnessData.graphExists ? `Graph loaded: ${this.graphHarnessData.nodeCount} nodes, ${this.graphHarnessData.edgeCount} edges` : "No graph available \u2014 run harness scan to build the knowledge graph"
-          });
-        } else {
-          items.push({
+    const graphData = this.graphHarnessData;
+    if (this.harnessOptions.context !== false) {
+      items.push(
+        this.buildHarnessCheckItem(
+          "harness-context",
+          "Context validation",
+          "Harness context validation not yet integrated (run with graph for real checks)",
+          graphData ? () => ({
             id: "harness-context",
             category: "harness",
             check: "Context validation",
-            passed: true,
-            severity: "info",
-            details: "Harness context validation not yet integrated (run with graph for real checks)"
-          });
-        }
-      }
-      if (this.harnessOptions.constraints !== false) {
-        if (this.graphHarnessData) {
-          const violations = this.graphHarnessData.constraintViolations;
-          items.push({
-            id: "harness-constraints",
-            category: "harness",
-            check: "Constraint validation",
-            passed: violations === 0,
-            severity: violations > 0 ? "error" : "info",
-            details: violations === 0 ? "No constraint violations detected" : `${violations} constraint violation(s) detected`
-          });
-        } else {
-          items.push({
-            id: "harness-constraints",
-            category: "harness",
-            check: "Constraint validation",
-            passed: true,
-            severity: "info",
-            details: "Harness constraint validation not yet integrated (run with graph for real checks)"
-          });
-        }
-      }
-      if (this.harnessOptions.entropy !== false) {
-        if (this.graphHarnessData) {
-          const issues = this.graphHarnessData.unreachableNodes + this.graphHarnessData.undocumentedFiles;
-          items.push({
-            id: "harness-entropy",
-            category: "harness",
-            check: "Entropy detection",
-            passed: issues === 0,
-            severity: issues > 0 ? "warning" : "info",
-            details: issues === 0 ? "No entropy issues detected" : `${this.graphHarnessData.unreachableNodes} unreachable node(s), ${this.graphHarnessData.undocumentedFiles} undocumented file(s)`
-          });
-        } else {
-          items.push({
-            id: "harness-entropy",
-            category: "harness",
-            check: "Entropy detection",
-            passed: true,
+            passed: graphData.graphExists && graphData.nodeCount > 0,
             severity: "info",
-            details: "Harness entropy detection not yet integrated (run with graph for real checks)"
-          });
-        }
-      }
+            details: graphData.graphExists ? `Graph loaded: ${graphData.nodeCount} nodes, ${graphData.edgeCount} edges` : "No graph available \u2014 run harness scan to build the knowledge graph"
+          }) : void 0
+        )
+      );
+    }
+    if (this.harnessOptions.constraints !== false) {
+      items.push(
+        this.buildHarnessCheckItem(
+          "harness-constraints",
+          "Constraint validation",
+          "Harness constraint validation not yet integrated (run with graph for real checks)",
+          graphData ? () => {
+            const violations = graphData.constraintViolations;
+            return {
+              id: "harness-constraints",
+              category: "harness",
+              check: "Constraint validation",
+              passed: violations === 0,
+              severity: violations > 0 ? "error" : "info",
+              details: violations === 0 ? "No constraint violations detected" : `${violations} constraint violation(s) detected`
+            };
+          } : void 0
+        )
+      );
+    }
+    if (this.harnessOptions.entropy !== false) {
+      items.push(
+        this.buildHarnessCheckItem(
+          "harness-entropy",
+          "Entropy detection",
+          "Harness entropy detection not yet integrated (run with graph for real checks)",
+          graphData ? () => {
+            const issues = graphData.unreachableNodes + graphData.undocumentedFiles;
+            return {
+              id: "harness-entropy",
+              category: "harness",
+              check: "Entropy detection",
+              passed: issues === 0,
+              severity: issues > 0 ? "warning" : "info",
+              details: issues === 0 ? "No entropy issues detected" : `${graphData.unreachableNodes} unreachable node(s), ${graphData.undocumentedFiles} undocumented file(s)`
+            };
+          } : void 0
+        )
+      );
+    }
+    return items;
+  }
+  /**
+   * Execute a single custom rule and return a ReviewItem.
+   */
+  async executeCustomRule(rule, changes) {
+    try {
+      const result = await rule.check(changes, this.rootDir);
+      const item = {
+        id: rule.id,
+        category: "custom",
+        check: rule.name,
+        passed: result.passed,
+        severity: rule.severity,
+        details: result.details
+      };
+      if (result.suggestion !== void 0) item.suggestion = result.suggestion;
+      if (result.file !== void 0) item.file = result.file;
+      if (result.line !== void 0) item.line = result.line;
+      return item;
+    } catch (error) {
+      return {
+        id: rule.id,
+        category: "custom",
+        check: rule.name,
+        passed: false,
+        severity: "error",
+        details: `Rule execution failed: ${String(error)}`
+      };
     }
+  }
+  async run(changes) {
+    const startTime = Date.now();
+    const items = [];
+    items.push(...this.buildHarnessItems());
     for (const rule of this.customRules) {
-      try {
-        const result = await rule.check(changes, this.rootDir);
-        const item = {
-          id: rule.id,
-          category: "custom",
-          check: rule.name,
-          passed: result.passed,
-          severity: rule.severity,
-          details: result.details
-        };
-        if (result.suggestion !== void 0) {
-          item.suggestion = result.suggestion;
-        }
-        if (result.file !== void 0) {
-          item.file = result.file;
-        }
-        if (result.line !== void 0) {
-          item.line = result.line;
-        }
-        items.push(item);
-      } catch (error) {
-        items.push({
-          id: rule.id,
-          category: "custom",
-          check: rule.name,
-          passed: false,
-          severity: "error",
-          details: `Rule execution failed: ${String(error)}`
-        });
-      }
+      items.push(await this.executeCustomRule(rule, changes));
     }
     if (this.diffOptions) {
       const diffResult = await analyzeDiff(changes, this.diffOptions, this.graphImpactData);
@@ -4216,7 +4266,6 @@ var ChecklistBuilder = class {
     const checklist = {
       items,
       passed: failed === 0,
-      // Pass if no failed items
       summary: {
         total: items.length,
         passed,
@@ -4769,6 +4818,8 @@ var INDEX_FILE = "index.json";
 var SESSIONS_DIR = "sessions";
 var SESSION_INDEX_FILE = "index.md";
 var SUMMARY_FILE = "summary.md";
+var SESSION_STATE_FILE = "session-state.json";
+var ARCHIVE_DIR = "archive";
 
 // src/state/stream-resolver.ts
 var STREAMS_DIR = "streams";
@@ -5677,6 +5728,143 @@ function listActiveSessions(projectPath) {
   }
 }
 
+// src/state/session-sections.ts
+import * as fs14 from "fs";
+import * as path11 from "path";
+import { SESSION_SECTION_NAMES } from "@harness-engineering/types";
+function emptySections() {
+  const sections = {};
+  for (const name of SESSION_SECTION_NAMES) {
+    sections[name] = [];
+  }
+  return sections;
+}
+async function loadSessionState(projectPath, sessionSlug) {
+  const dirResult = resolveSessionDir(projectPath, sessionSlug);
+  if (!dirResult.ok) return dirResult;
+  const sessionDir = dirResult.value;
+  const filePath = path11.join(sessionDir, SESSION_STATE_FILE);
+  if (!fs14.existsSync(filePath)) {
+    return Ok(emptySections());
+  }
+  try {
+    const raw = fs14.readFileSync(filePath, "utf-8");
+    const parsed = JSON.parse(raw);
+    const sections = emptySections();
+    for (const name of SESSION_SECTION_NAMES) {
+      if (Array.isArray(parsed[name])) {
+        sections[name] = parsed[name];
+      }
+    }
+    return Ok(sections);
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to load session state: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
+async function saveSessionState(projectPath, sessionSlug, sections) {
+  const dirResult = resolveSessionDir(projectPath, sessionSlug, { create: true });
+  if (!dirResult.ok) return dirResult;
+  const sessionDir = dirResult.value;
+  const filePath = path11.join(sessionDir, SESSION_STATE_FILE);
+  try {
+    fs14.writeFileSync(filePath, JSON.stringify(sections, null, 2));
+    return Ok(void 0);
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to save session state: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
+async function readSessionSections(projectPath, sessionSlug) {
+  return loadSessionState(projectPath, sessionSlug);
+}
+async function readSessionSection(projectPath, sessionSlug, section) {
+  const result = await loadSessionState(projectPath, sessionSlug);
+  if (!result.ok) return result;
+  return Ok(result.value[section]);
+}
+async function appendSessionEntry(projectPath, sessionSlug, section, authorSkill, content) {
+  const loadResult = await loadSessionState(projectPath, sessionSlug);
+  if (!loadResult.ok) return loadResult;
+  const sections = loadResult.value;
+  const entry = {
+    id: generateEntryId(),
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    authorSkill,
+    content,
+    status: "active"
+  };
+  sections[section].push(entry);
+  const saveResult = await saveSessionState(projectPath, sessionSlug, sections);
+  if (!saveResult.ok) return saveResult;
+  return Ok(entry);
+}
+async function updateSessionEntryStatus(projectPath, sessionSlug, section, entryId, newStatus) {
+  const loadResult = await loadSessionState(projectPath, sessionSlug);
+  if (!loadResult.ok) return loadResult;
+  const sections = loadResult.value;
+  const entry = sections[section].find((e) => e.id === entryId);
+  if (!entry) {
+    return Err(new Error(`Entry '${entryId}' not found in section '${section}'`));
+  }
+  entry.status = newStatus;
+  const saveResult = await saveSessionState(projectPath, sessionSlug, sections);
+  if (!saveResult.ok) return saveResult;
+  return Ok(entry);
+}
+function generateEntryId() {
+  const timestamp = Date.now().toString(36);
+  const random = Math.random().toString(36).substring(2, 8);
+  return `${timestamp}-${random}`;
+}
+
+// src/state/session-archive.ts
+import * as fs15 from "fs";
+import * as path12 from "path";
+async function archiveSession(projectPath, sessionSlug) {
+  const dirResult = resolveSessionDir(projectPath, sessionSlug);
+  if (!dirResult.ok) return dirResult;
+  const sessionDir = dirResult.value;
+  if (!fs15.existsSync(sessionDir)) {
+    return Err(new Error(`Session '${sessionSlug}' not found at ${sessionDir}`));
+  }
+  const archiveBase = path12.join(projectPath, HARNESS_DIR, ARCHIVE_DIR, "sessions");
+  try {
+    fs15.mkdirSync(archiveBase, { recursive: true });
+    const date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+    let archiveName = `${sessionSlug}-${date}`;
+    let counter = 1;
+    while (fs15.existsSync(path12.join(archiveBase, archiveName))) {
+      archiveName = `${sessionSlug}-${date}-${counter}`;
+      counter++;
+    }
+    const dest = path12.join(archiveBase, archiveName);
+    try {
+      fs15.renameSync(sessionDir, dest);
+    } catch (renameErr) {
+      if (renameErr instanceof Error && "code" in renameErr && renameErr.code === "EXDEV") {
+        fs15.cpSync(sessionDir, dest, { recursive: true });
+        fs15.rmSync(sessionDir, { recursive: true });
+      } else {
+        throw renameErr;
+      }
+    }
+    return Ok(void 0);
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to archive session: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
+
 // src/workflow/runner.ts
 async function executeWorkflow(workflow, executor) {
   const stepResults = [];
@@ -5826,7 +6014,7 @@ async function runMultiTurnPipeline(initialContext, turnExecutor, options) {
 }
 
 // src/security/scanner.ts
-import * as fs15 from "fs/promises";
+import * as fs17 from "fs/promises";
 
 // src/security/rules/registry.ts
 var RuleRegistry = class {
@@ -5913,15 +6101,15 @@ function resolveRuleSeverity(ruleId, defaultSeverity, overrides, strict) {
 }
 
 // src/security/stack-detector.ts
-import * as fs14 from "fs";
-import * as path11 from "path";
+import * as fs16 from "fs";
+import * as path13 from "path";
 function detectStack(projectRoot) {
   const stacks = [];
-  const pkgJsonPath = path11.join(projectRoot, "package.json");
-  if (fs14.existsSync(pkgJsonPath)) {
+  const pkgJsonPath = path13.join(projectRoot, "package.json");
+  if (fs16.existsSync(pkgJsonPath)) {
     stacks.push("node");
     try {
-      const pkgJson = JSON.parse(fs14.readFileSync(pkgJsonPath, "utf-8"));
+      const pkgJson = JSON.parse(fs16.readFileSync(pkgJsonPath, "utf-8"));
       const allDeps = {
         ...pkgJson.dependencies,
         ...pkgJson.devDependencies
@@ -5936,13 +6124,13 @@ function detectStack(projectRoot) {
     } catch {
     }
   }
-  const goModPath = path11.join(projectRoot, "go.mod");
-  if (fs14.existsSync(goModPath)) {
+  const goModPath = path13.join(projectRoot, "go.mod");
+  if (fs16.existsSync(goModPath)) {
     stacks.push("go");
   }
-  const requirementsPath = path11.join(projectRoot, "requirements.txt");
-  const pyprojectPath = path11.join(projectRoot, "pyproject.toml");
-  if (fs14.existsSync(requirementsPath) || fs14.existsSync(pyprojectPath)) {
+  const requirementsPath = path13.join(projectRoot, "requirements.txt");
+  const pyprojectPath = path13.join(projectRoot, "pyproject.toml");
+  if (fs16.existsSync(requirementsPath) || fs16.existsSync(pyprojectPath)) {
     stacks.push("python");
   }
   return stacks;
@@ -6369,7 +6557,7 @@ var SecurityScanner = class {
   }
   async scanFile(filePath) {
     if (!this.config.enabled) return [];
-    const content = await fs15.readFile(filePath, "utf-8");
+    const content = await fs17.readFile(filePath, "utf-8");
     return this.scanContent(content, filePath, 1);
   }
   async scanFiles(filePaths) {
@@ -6394,7 +6582,7 @@ var SecurityScanner = class {
 };
 
 // src/ci/check-orchestrator.ts
-import * as path12 from "path";
+import * as path14 from "path";
 var ALL_CHECKS = [
   "validate",
   "deps",
@@ -6405,238 +6593,276 @@ var ALL_CHECKS = [
   "phase-gate",
   "arch"
 ];
-async function runSingleCheck(name, projectRoot, config) {
-  const start = Date.now();
+async function runValidateCheck(projectRoot, config) {
   const issues = [];
-  try {
-    switch (name) {
-      case "validate": {
-        const agentsPath = path12.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
-        const result = await validateAgentsMap(agentsPath);
-        if (!result.ok) {
-          issues.push({ severity: "error", message: result.error.message });
-        } else if (!result.value.valid) {
-          if (result.value.errors) {
-            for (const err of result.value.errors) {
-              issues.push({ severity: "error", message: err.message });
-            }
-          }
-          for (const section of result.value.missingSections) {
-            issues.push({ severity: "warning", message: `Missing section: ${section}` });
-          }
-          for (const link of result.value.brokenLinks) {
-            issues.push({
-              severity: "warning",
-              message: `Broken link: ${link.text} \u2192 ${link.path}`,
-              file: link.path
-            });
-          }
-        }
-        break;
-      }
-      case "deps": {
-        const rawLayers = config.layers;
-        if (rawLayers && rawLayers.length > 0) {
-          const parser = new TypeScriptParser();
-          const layers = rawLayers.map(
-            (l) => defineLayer(
-              l.name,
-              Array.isArray(l.patterns) ? l.patterns : [l.pattern],
-              l.allowedDependencies
-            )
-          );
-          const result = await validateDependencies({
-            layers,
-            rootDir: projectRoot,
-            parser
-          });
-          if (!result.ok) {
-            issues.push({ severity: "error", message: result.error.message });
-          } else if (result.value.violations.length > 0) {
-            for (const v of result.value.violations) {
-              issues.push({
-                severity: "error",
-                message: `${v.reason}: ${v.file} imports ${v.imports} (${v.fromLayer} \u2192 ${v.toLayer})`,
-                file: v.file,
-                line: v.line
-              });
-            }
-          }
-        }
-        break;
+  const agentsPath = path14.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
+  const result = await validateAgentsMap(agentsPath);
+  if (!result.ok) {
+    issues.push({ severity: "error", message: result.error.message });
+  } else if (!result.value.valid) {
+    if (result.value.errors) {
+      for (const err of result.value.errors) {
+        issues.push({ severity: "error", message: err.message });
+      }
+    }
+    for (const section of result.value.missingSections) {
+      issues.push({ severity: "warning", message: `Missing section: ${section}` });
+    }
+    for (const link of result.value.brokenLinks) {
+      issues.push({
+        severity: "warning",
+        message: `Broken link: ${link.text} \u2192 ${link.path}`,
+        file: link.path
+      });
+    }
+  }
+  return issues;
+}
+async function runDepsCheck(projectRoot, config) {
+  const issues = [];
+  const rawLayers = config.layers;
+  if (rawLayers && rawLayers.length > 0) {
+    const parser = new TypeScriptParser();
+    const layers = rawLayers.map(
+      (l) => defineLayer(
+        l.name,
+        Array.isArray(l.patterns) ? l.patterns : [l.pattern],
+        l.allowedDependencies
+      )
+    );
+    const result = await validateDependencies({
+      layers,
+      rootDir: projectRoot,
+      parser
+    });
+    if (!result.ok) {
+      issues.push({ severity: "error", message: result.error.message });
+    } else if (result.value.violations.length > 0) {
+      for (const v of result.value.violations) {
+        issues.push({
+          severity: "error",
+          message: `${v.reason}: ${v.file} imports ${v.imports} (${v.fromLayer} \u2192 ${v.toLayer})`,
+          file: v.file,
+          line: v.line
+        });
       }
-      case "docs": {
-        const docsDir = path12.join(projectRoot, config.docsDir ?? "docs");
-        const entropyConfig = config.entropy || {};
-        const result = await checkDocCoverage("project", {
-          docsDir,
-          sourceDir: projectRoot,
-          excludePatterns: entropyConfig.excludePatterns || [
-            "**/node_modules/**",
-            "**/dist/**",
-            "**/*.test.ts",
-            "**/fixtures/**"
-          ]
+    }
+  }
+  return issues;
+}
+async function runDocsCheck(projectRoot, config) {
+  const issues = [];
+  const docsDir = path14.join(projectRoot, config.docsDir ?? "docs");
+  const entropyConfig = config.entropy || {};
+  const result = await checkDocCoverage("project", {
+    docsDir,
+    sourceDir: projectRoot,
+    excludePatterns: entropyConfig.excludePatterns || [
+      "**/node_modules/**",
+      "**/dist/**",
+      "**/*.test.ts",
+      "**/fixtures/**"
+    ]
+  });
+  if (!result.ok) {
+    issues.push({ severity: "warning", message: result.error.message });
+  } else if (result.value.gaps.length > 0) {
+    for (const gap of result.value.gaps) {
+      issues.push({
+        severity: "warning",
+        message: `Undocumented: ${gap.file} (suggested: ${gap.suggestedSection})`,
+        file: gap.file
+      });
+    }
+  }
+  return issues;
+}
+async function runEntropyCheck(projectRoot, config) {
+  const issues = [];
+  const entropyConfig = config.entropy || {};
+  const perfConfig = config.performance || {};
+  const entryPoints = entropyConfig.entryPoints ?? perfConfig.entryPoints;
+  const analyzer = new EntropyAnalyzer({
+    rootDir: projectRoot,
+    ...entryPoints ? { entryPoints } : {},
+    analyze: { drift: true, deadCode: true, patterns: false }
+  });
+  const result = await analyzer.analyze();
+  if (!result.ok) {
+    issues.push({ severity: "warning", message: result.error.message });
+  } else {
+    const report = result.value;
+    if (report.drift) {
+      for (const drift of report.drift.drifts) {
+        issues.push({
+          severity: "warning",
+          message: `Doc drift (${drift.type}): ${drift.details}`,
+          file: drift.docFile,
+          line: drift.line
         });
-        if (!result.ok) {
-          issues.push({ severity: "warning", message: result.error.message });
-        } else if (result.value.gaps.length > 0) {
-          for (const gap of result.value.gaps) {
-            issues.push({
-              severity: "warning",
-              message: `Undocumented: ${gap.file} (suggested: ${gap.suggestedSection})`,
-              file: gap.file
-            });
-          }
-        }
-        break;
       }
-      case "entropy": {
-        const analyzer = new EntropyAnalyzer({
-          rootDir: projectRoot,
-          analyze: { drift: true, deadCode: true, patterns: false }
+    }
+    if (report.deadCode) {
+      for (const dead of report.deadCode.deadExports) {
+        issues.push({
+          severity: "warning",
+          message: `Dead export: ${dead.name}`,
+          file: dead.file,
+          line: dead.line
         });
-        const result = await analyzer.analyze();
-        if (!result.ok) {
-          issues.push({ severity: "warning", message: result.error.message });
-        } else {
-          const report = result.value;
-          if (report.drift) {
-            for (const drift of report.drift.drifts) {
-              issues.push({
-                severity: "warning",
-                message: `Doc drift (${drift.type}): ${drift.details}`,
-                file: drift.docFile,
-                line: drift.line
-              });
-            }
-          }
-          if (report.deadCode) {
-            for (const dead of report.deadCode.deadExports) {
-              issues.push({
-                severity: "warning",
-                message: `Dead export: ${dead.name}`,
-                file: dead.file,
-                line: dead.line
-              });
-            }
-          }
-        }
-        break;
       }
-      case "security": {
-        const securityConfig = parseSecurityConfig(config.security);
-        if (!securityConfig.enabled) break;
-        const scanner = new SecurityScanner(securityConfig);
-        scanner.configureForProject(projectRoot);
-        const { glob: globFn } = await import("glob");
-        const sourceFiles = await globFn("**/*.{ts,tsx,js,jsx,go,py}", {
-          cwd: projectRoot,
-          ignore: securityConfig.exclude ?? [
-            "**/node_modules/**",
-            "**/dist/**",
-            "**/*.test.ts",
-            "**/fixtures/**"
-          ],
-          absolute: true
+    }
+  }
+  return issues;
+}
+async function runSecurityCheck(projectRoot, config) {
+  const issues = [];
+  const securityConfig = parseSecurityConfig(config.security);
+  if (!securityConfig.enabled) return issues;
+  const scanner = new SecurityScanner(securityConfig);
+  scanner.configureForProject(projectRoot);
+  const { glob: globFn } = await import("glob");
+  const sourceFiles = await globFn("**/*.{ts,tsx,js,jsx,go,py}", {
+    cwd: projectRoot,
+    ignore: securityConfig.exclude ?? [
+      "**/node_modules/**",
+      "**/dist/**",
+      "**/*.test.ts",
+      "**/fixtures/**"
+    ],
+    absolute: true
+  });
+  const scanResult = await scanner.scanFiles(sourceFiles);
+  for (const finding of scanResult.findings) {
+    issues.push({
+      severity: finding.severity === "info" ? "warning" : finding.severity,
+      message: `[${finding.ruleId}] ${finding.message}: ${finding.match}`,
+      file: finding.file,
+      line: finding.line
+    });
+  }
+  return issues;
+}
+async function runPerfCheck(projectRoot, config) {
+  const issues = [];
+  const perfConfig = config.performance || {};
+  const entryPoints = perfConfig.entryPoints;
+  const perfAnalyzer = new EntropyAnalyzer({
+    rootDir: projectRoot,
+    ...entryPoints ? { entryPoints } : {},
+    analyze: {
+      complexity: perfConfig.complexity || true,
+      coupling: perfConfig.coupling || true,
+      sizeBudget: perfConfig.sizeBudget || false
+    }
+  });
+  const perfResult = await perfAnalyzer.analyze();
+  if (!perfResult.ok) {
+    issues.push({ severity: "warning", message: perfResult.error.message });
+  } else {
+    const perfReport = perfResult.value;
+    if (perfReport.complexity) {
+      for (const v of perfReport.complexity.violations) {
+        issues.push({
+          severity: v.severity === "info" ? "warning" : v.severity,
+          message: `[Tier ${v.tier}] ${v.metric}: ${v.function} in ${v.file} (${v.value} > ${v.threshold})`,
+          file: v.file,
+          line: v.line
         });
-        const scanResult = await scanner.scanFiles(sourceFiles);
-        for (const finding of scanResult.findings) {
-          issues.push({
-            severity: finding.severity === "info" ? "warning" : finding.severity,
-            message: `[${finding.ruleId}] ${finding.message}: ${finding.match}`,
-            file: finding.file,
-            line: finding.line
-          });
-        }
-        break;
       }
-      case "perf": {
-        const perfConfig = config.performance || {};
-        const perfAnalyzer = new EntropyAnalyzer({
-          rootDir: projectRoot,
-          analyze: {
-            complexity: perfConfig.complexity || true,
-            coupling: perfConfig.coupling || true,
-            sizeBudget: perfConfig.sizeBudget || false
-          }
+    }
+    if (perfReport.coupling) {
+      for (const v of perfReport.coupling.violations) {
+        issues.push({
+          severity: v.severity === "info" ? "warning" : v.severity,
+          message: `[Tier ${v.tier}] ${v.metric}: ${v.file} (${v.value} > ${v.threshold})`,
+          file: v.file
         });
-        const perfResult = await perfAnalyzer.analyze();
-        if (!perfResult.ok) {
-          issues.push({ severity: "warning", message: perfResult.error.message });
-        } else {
-          const perfReport = perfResult.value;
-          if (perfReport.complexity) {
-            for (const v of perfReport.complexity.violations) {
-              issues.push({
-                severity: v.severity === "info" ? "warning" : v.severity,
-                message: `[Tier ${v.tier}] ${v.metric}: ${v.function} in ${v.file} (${v.value} > ${v.threshold})`,
-                file: v.file,
-                line: v.line
-              });
-            }
-          }
-          if (perfReport.coupling) {
-            for (const v of perfReport.coupling.violations) {
-              issues.push({
-                severity: v.severity === "info" ? "warning" : v.severity,
-                message: `[Tier ${v.tier}] ${v.metric}: ${v.file} (${v.value} > ${v.threshold})`,
-                file: v.file
-              });
-            }
-          }
-        }
-        break;
       }
-      case "phase-gate": {
-        const phaseGates = config.phaseGates;
-        if (!phaseGates?.enabled) {
-          break;
-        }
+    }
+  }
+  return issues;
+}
+async function runPhaseGateCheck(_projectRoot, config) {
+  const issues = [];
+  const phaseGates = config.phaseGates;
+  if (!phaseGates?.enabled) {
+    return issues;
+  }
+  issues.push({
+    severity: "warning",
+    message: "Phase gate is enabled but requires CLI context. Run `harness check-phase-gate` separately for full validation."
+  });
+  return issues;
+}
+async function runArchCheck(projectRoot, config) {
+  const issues = [];
+  const rawArchConfig = config.architecture;
+  const archConfig = ArchConfigSchema.parse(rawArchConfig ?? {});
+  if (!archConfig.enabled) return issues;
+  const results = await runAll(archConfig, projectRoot);
+  const baselineManager = new ArchBaselineManager(projectRoot, archConfig.baselinePath);
+  const baseline = baselineManager.load();
+  if (baseline) {
+    const diffResult = diff(results, baseline);
+    if (!diffResult.passed) {
+      for (const v of diffResult.newViolations) {
         issues.push({
-          severity: "warning",
-          message: "Phase gate is enabled but requires CLI context. Run `harness check-phase-gate` separately for full validation."
+          severity: v.severity,
+          message: `[${v.category || "arch"}] NEW: ${v.detail}`,
+          file: v.file
         });
-        break;
       }
-      case "arch": {
-        const rawArchConfig = config.architecture;
-        const archConfig = ArchConfigSchema.parse(rawArchConfig ?? {});
-        if (!archConfig.enabled) break;
-        const results = await runAll(archConfig, projectRoot);
-        const baselineManager = new ArchBaselineManager(projectRoot, archConfig.baselinePath);
-        const baseline = baselineManager.load();
-        if (baseline) {
-          const diffResult = diff(results, baseline);
-          if (!diffResult.passed) {
-            for (const v of diffResult.newViolations) {
-              issues.push({
-                severity: v.severity,
-                message: `[${v.category || "arch"}] NEW: ${v.detail}`,
-                file: v.file
-              });
-            }
-            for (const r of diffResult.regressions) {
-              issues.push({
-                severity: "error",
-                message: `[${r.category}] REGRESSION: ${r.currentValue} > ${r.baselineValue} (delta: ${r.delta})`
-              });
-            }
-          }
-        } else {
-          for (const result of results) {
-            for (const v of result.violations) {
-              issues.push({
-                severity: v.severity,
-                message: `[${result.category}] ${v.detail}`,
-                file: v.file
-              });
-            }
-          }
-        }
-        break;
+      for (const r of diffResult.regressions) {
+        issues.push({
+          severity: "error",
+          message: `[${r.category}] REGRESSION: ${r.currentValue} > ${r.baselineValue} (delta: ${r.delta})`
+        });
       }
     }
+  } else {
+    for (const result of results) {
+      for (const v of result.violations) {
+        issues.push({
+          severity: v.severity,
+          message: `[${result.category}] ${v.detail}`,
+          file: v.file
+        });
+      }
+    }
+  }
+  return issues;
+}
+async function runSingleCheck(name, projectRoot, config) {
+  const start = Date.now();
+  const issues = [];
+  try {
+    switch (name) {
+      case "validate":
+        issues.push(...await runValidateCheck(projectRoot, config));
+        break;
+      case "deps":
+        issues.push(...await runDepsCheck(projectRoot, config));
+        break;
+      case "docs":
+        issues.push(...await runDocsCheck(projectRoot, config));
+        break;
+      case "entropy":
+        issues.push(...await runEntropyCheck(projectRoot, config));
+        break;
+      case "security":
+        issues.push(...await runSecurityCheck(projectRoot, config));
+        break;
+      case "perf":
+        issues.push(...await runPerfCheck(projectRoot, config));
+        break;
+      case "phase-gate":
+        issues.push(...await runPhaseGateCheck(projectRoot, config));
+        break;
+      case "arch":
+        issues.push(...await runArchCheck(projectRoot, config));
+        break;
+    }
   } catch (error) {
     issues.push({
       severity: "error",
@@ -6704,7 +6930,7 @@ async function runCIChecks(input) {
 }
 
 // src/review/mechanical-checks.ts
-import * as path13 from "path";
+import * as path15 from "path";
 async function runMechanicalChecks(options) {
   const { projectRoot, config, skip = [], changedFiles } = options;
   const findings = [];
@@ -6716,7 +6942,7 @@ async function runMechanicalChecks(options) {
   };
   if (!skip.includes("validate")) {
     try {
-      const agentsPath = path13.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
+      const agentsPath = path15.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
       const result = await validateAgentsMap(agentsPath);
       if (!result.ok) {
         statuses.validate = "fail";
@@ -6753,7 +6979,7 @@ async function runMechanicalChecks(options) {
       statuses.validate = "fail";
       findings.push({
         tool: "validate",
-        file: path13.join(projectRoot, "AGENTS.md"),
+        file: path15.join(projectRoot, "AGENTS.md"),
         message: err instanceof Error ? err.message : String(err),
         severity: "error"
       });
@@ -6817,7 +7043,7 @@ async function runMechanicalChecks(options) {
       (async () => {
         const localFindings = [];
         try {
-          const docsDir = path13.join(projectRoot, config.docsDir ?? "docs");
+          const docsDir = path15.join(projectRoot, config.docsDir ?? "docs");
           const result = await checkDocCoverage("project", { docsDir });
           if (!result.ok) {
             statuses["check-docs"] = "warn";
@@ -6844,7 +7070,7 @@ async function runMechanicalChecks(options) {
           statuses["check-docs"] = "warn";
           localFindings.push({
             tool: "check-docs",
-            file: path13.join(projectRoot, "docs"),
+            file: path15.join(projectRoot, "docs"),
             message: err instanceof Error ? err.message : String(err),
             severity: "warning"
           });
@@ -6992,7 +7218,7 @@ function detectChangeType(commitMessage, diff2) {
 }
 
 // src/review/context-scoper.ts
-import * as path14 from "path";
+import * as path16 from "path";
 var ALL_DOMAINS = ["compliance", "bug", "security", "architecture"];
 var SECURITY_PATTERNS = /auth|crypto|password|secret|token|session|cookie|hash|encrypt|decrypt|sql|shell|exec|eval/i;
 function computeContextBudget(diffLines) {
@@ -7000,18 +7226,18 @@ function computeContextBudget(diffLines) {
   return diffLines;
 }
 function isWithinProject(absPath, projectRoot) {
-  const resolvedRoot = path14.resolve(projectRoot) + path14.sep;
-  const resolvedPath = path14.resolve(absPath);
-  return resolvedPath.startsWith(resolvedRoot) || resolvedPath === path14.resolve(projectRoot);
+  const resolvedRoot = path16.resolve(projectRoot) + path16.sep;
+  const resolvedPath = path16.resolve(absPath);
+  return resolvedPath.startsWith(resolvedRoot) || resolvedPath === path16.resolve(projectRoot);
 }
 async function readContextFile(projectRoot, filePath, reason) {
-  const absPath = path14.isAbsolute(filePath) ? filePath : path14.join(projectRoot, filePath);
+  const absPath = path16.isAbsolute(filePath) ? filePath : path16.join(projectRoot, filePath);
   if (!isWithinProject(absPath, projectRoot)) return null;
   const result = await readFileContent(absPath);
   if (!result.ok) return null;
   const content = result.value;
   const lines = content.split("\n").length;
-  const relPath = path14.isAbsolute(filePath) ? path14.relative(projectRoot, filePath) : filePath;
+  const relPath = path16.isAbsolute(filePath) ? relativePosix(projectRoot, filePath) : filePath;
   return { path: relPath, content, reason, lines };
 }
 function extractImportSources(content) {
@@ -7026,18 +7252,18 @@ function extractImportSources(content) {
 }
 async function resolveImportPath(projectRoot, fromFile, importSource) {
   if (!importSource.startsWith(".")) return null;
-  const fromDir = path14.dirname(path14.join(projectRoot, fromFile));
-  const basePath = path14.resolve(fromDir, importSource);
+  const fromDir = path16.dirname(path16.join(projectRoot, fromFile));
+  const basePath = path16.resolve(fromDir, importSource);
   if (!isWithinProject(basePath, projectRoot)) return null;
-  const relBase = path14.relative(projectRoot, basePath);
+  const relBase = relativePosix(projectRoot, basePath);
   const candidates = [
     relBase + ".ts",
     relBase + ".tsx",
     relBase + ".mts",
-    path14.join(relBase, "index.ts")
+    path16.join(relBase, "index.ts")
   ];
   for (const candidate of candidates) {
-    const absCandidate = path14.join(projectRoot, candidate);
+    const absCandidate = path16.join(projectRoot, candidate);
     if (await fileExists(absCandidate)) {
       return candidate;
     }
@@ -7045,10 +7271,10 @@ async function resolveImportPath(projectRoot, fromFile, importSource) {
   return null;
 }
 async function findTestFiles(projectRoot, sourceFile) {
-  const baseName = path14.basename(sourceFile, path14.extname(sourceFile));
+  const baseName = path16.basename(sourceFile, path16.extname(sourceFile));
   const pattern = `**/${baseName}.{test,spec}.{ts,tsx,mts}`;
   const results = await findFiles(pattern, projectRoot);
-  return results.map((f) => path14.relative(projectRoot, f));
+  return results.map((f) => relativePosix(projectRoot, f));
 }
 async function gatherImportContext(projectRoot, changedFiles, budget) {
   const contextFiles = [];
@@ -7334,101 +7560,102 @@ function findMissingJsDoc(bundle) {
   }
   return missing;
 }
-function runComplianceAgent(bundle) {
+function checkMissingJsDoc(bundle, rules) {
+  const jsDocRule = rules.find((r) => r.text.toLowerCase().includes("jsdoc"));
+  if (!jsDocRule) return [];
+  const missingDocs = findMissingJsDoc(bundle);
+  return missingDocs.map((m) => ({
+    id: makeFindingId("compliance", m.file, m.line, `Missing JSDoc ${m.exportName}`),
+    file: m.file,
+    lineRange: [m.line, m.line],
+    domain: "compliance",
+    severity: "important",
+    title: `Missing JSDoc on exported \`${m.exportName}\``,
+    rationale: `Convention requires all exports to have JSDoc comments (from ${jsDocRule.source}).`,
+    suggestion: `Add a JSDoc comment above the export of \`${m.exportName}\`.`,
+    evidence: [`changeType: ${bundle.changeType}`, `Convention rule: "${jsDocRule.text}"`],
+    validatedBy: "heuristic"
+  }));
+}
+function checkFeatureSpec(bundle) {
+  const hasSpecContext = bundle.contextFiles.some(
+    (f) => f.reason === "spec" || f.reason === "convention"
+  );
+  if (hasSpecContext || bundle.changedFiles.length === 0) return [];
+  const firstFile = bundle.changedFiles[0];
+  return [
+    {
+      id: makeFindingId("compliance", firstFile.path, 1, "No spec for feature"),
+      file: firstFile.path,
+      lineRange: [1, 1],
+      domain: "compliance",
+      severity: "suggestion",
+      title: "No spec/design doc found for feature change",
+      rationale: "Feature changes should reference a spec or design doc to verify alignment. No spec context was included in the review bundle.",
+      evidence: [`changeType: feature`, `contextFiles count: ${bundle.contextFiles.length}`],
+      validatedBy: "heuristic"
+    }
+  ];
+}
+function checkBugfixHistory(bundle) {
+  if (bundle.commitHistory.length > 0 || bundle.changedFiles.length === 0) return [];
+  const firstFile = bundle.changedFiles[0];
+  return [
+    {
+      id: makeFindingId("compliance", firstFile.path, 1, "Bugfix no history"),
+      file: firstFile.path,
+      lineRange: [1, 1],
+      domain: "compliance",
+      severity: "suggestion",
+      title: "Bugfix without commit history context",
+      rationale: "Bugfix changes benefit from commit history to verify the root cause is addressed, not just the symptom. No commit history was provided.",
+      evidence: [`changeType: bugfix`, `commitHistory entries: ${bundle.commitHistory.length}`],
+      validatedBy: "heuristic"
+    }
+  ];
+}
+function checkChangeTypeSpecific(bundle) {
+  switch (bundle.changeType) {
+    case "feature":
+      return checkFeatureSpec(bundle);
+    case "bugfix":
+      return checkBugfixHistory(bundle);
+    default:
+      return [];
+  }
+}
+function checkResultTypeConvention(bundle, rules) {
+  const resultTypeRule = rules.find((r) => r.text.toLowerCase().includes("result type"));
+  if (!resultTypeRule) return [];
   const findings = [];
-  const rules = extractConventionRules(bundle);
-  const jsDocRuleExists = rules.some((r) => r.text.toLowerCase().includes("jsdoc"));
-  if (jsDocRuleExists) {
-    const missingDocs = findMissingJsDoc(bundle);
-    for (const m of missingDocs) {
+  for (const cf of bundle.changedFiles) {
+    const hasTryCatch = cf.content.includes("try {") || cf.content.includes("try{");
+    const usesResult = cf.content.includes("Result<") || cf.content.includes("Result >") || cf.content.includes(": Result");
+    if (hasTryCatch && !usesResult) {
       findings.push({
-        id: makeFindingId("compliance", m.file, m.line, `Missing JSDoc ${m.exportName}`),
-        file: m.file,
-        lineRange: [m.line, m.line],
+        id: makeFindingId("compliance", cf.path, 1, "try-catch not Result"),
+        file: cf.path,
+        lineRange: [1, cf.lines],
         domain: "compliance",
-        severity: "important",
-        title: `Missing JSDoc on exported \`${m.exportName}\``,
-        rationale: `Convention requires all exports to have JSDoc comments (from ${rules.find((r) => r.text.toLowerCase().includes("jsdoc"))?.source ?? "conventions"}).`,
-        suggestion: `Add a JSDoc comment above the export of \`${m.exportName}\`.`,
-        evidence: [
-          `changeType: ${bundle.changeType}`,
-          `Convention rule: "${rules.find((r) => r.text.toLowerCase().includes("jsdoc"))?.text ?? ""}"`
-        ],
+        severity: "suggestion",
+        title: "Fallible operation uses try/catch instead of Result type",
+        rationale: `Convention requires using Result type for fallible operations (from ${resultTypeRule.source}).`,
+        suggestion: "Refactor error handling to use the Result type pattern.",
+        evidence: [`changeType: ${bundle.changeType}`, `Convention rule: "${resultTypeRule.text}"`],
         validatedBy: "heuristic"
       });
     }
   }
-  switch (bundle.changeType) {
-    case "feature": {
-      const hasSpecContext = bundle.contextFiles.some(
-        (f) => f.reason === "spec" || f.reason === "convention"
-      );
-      if (!hasSpecContext && bundle.changedFiles.length > 0) {
-        const firstFile = bundle.changedFiles[0];
-        findings.push({
-          id: makeFindingId("compliance", firstFile.path, 1, "No spec for feature"),
-          file: firstFile.path,
-          lineRange: [1, 1],
-          domain: "compliance",
-          severity: "suggestion",
-          title: "No spec/design doc found for feature change",
-          rationale: "Feature changes should reference a spec or design doc to verify alignment. No spec context was included in the review bundle.",
-          evidence: [`changeType: feature`, `contextFiles count: ${bundle.contextFiles.length}`],
-          validatedBy: "heuristic"
-        });
-      }
-      break;
-    }
-    case "bugfix": {
-      if (bundle.commitHistory.length === 0 && bundle.changedFiles.length > 0) {
-        const firstFile = bundle.changedFiles[0];
-        findings.push({
-          id: makeFindingId("compliance", firstFile.path, 1, "Bugfix no history"),
-          file: firstFile.path,
-          lineRange: [1, 1],
-          domain: "compliance",
-          severity: "suggestion",
-          title: "Bugfix without commit history context",
-          rationale: "Bugfix changes benefit from commit history to verify the root cause is addressed, not just the symptom. No commit history was provided.",
-          evidence: [`changeType: bugfix`, `commitHistory entries: ${bundle.commitHistory.length}`],
-          validatedBy: "heuristic"
-        });
-      }
-      break;
-    }
-    case "refactor": {
-      break;
-    }
-    case "docs": {
-      break;
-    }
-  }
-  const resultTypeRule = rules.find((r) => r.text.toLowerCase().includes("result type"));
-  if (resultTypeRule) {
-    for (const cf of bundle.changedFiles) {
-      const hasTryCatch = cf.content.includes("try {") || cf.content.includes("try{");
-      const usesResult = cf.content.includes("Result<") || cf.content.includes("Result >") || cf.content.includes(": Result");
-      if (hasTryCatch && !usesResult) {
-        findings.push({
-          id: makeFindingId("compliance", cf.path, 1, "try-catch not Result"),
-          file: cf.path,
-          lineRange: [1, cf.lines],
-          domain: "compliance",
-          severity: "suggestion",
-          title: "Fallible operation uses try/catch instead of Result type",
-          rationale: `Convention requires using Result type for fallible operations (from ${resultTypeRule.source}).`,
-          suggestion: "Refactor error handling to use the Result type pattern.",
-          evidence: [
-            `changeType: ${bundle.changeType}`,
-            `Convention rule: "${resultTypeRule.text}"`
-          ],
-          validatedBy: "heuristic"
-        });
-      }
-    }
-  }
   return findings;
 }
+function runComplianceAgent(bundle) {
+  const rules = extractConventionRules(bundle);
+  return [
+    ...checkMissingJsDoc(bundle, rules),
+    ...checkChangeTypeSpecific(bundle),
+    ...checkResultTypeConvention(bundle, rules)
+  ];
+}
 
 // src/review/agents/bug-agent.ts
 var BUG_DETECTION_DESCRIPTOR = {
@@ -7705,31 +7932,32 @@ var ARCHITECTURE_DESCRIPTOR = {
   ]
 };
 var LARGE_FILE_THRESHOLD = 300;
+function isViolationLine(line) {
+  const lower = line.toLowerCase();
+  return lower.includes("violation") || lower.includes("layer");
+}
+function createLayerViolationFinding(line, fallbackPath) {
+  const fileMatch = line.match(/(?:in\s+)?(\S+\.(?:ts|tsx|js|jsx))(?::(\d+))?/);
+  const file = fileMatch?.[1] ?? fallbackPath;
+  const lineNum = fileMatch?.[2] ? parseInt(fileMatch[2], 10) : 1;
+  return {
+    id: makeFindingId("arch", file, lineNum, "layer violation"),
+    file,
+    lineRange: [lineNum, lineNum],
+    domain: "architecture",
+    severity: "critical",
+    title: "Layer boundary violation detected by check-deps",
+    rationale: `Architectural layer violation: ${line.trim()}. Imports must flow in the correct direction per the project's layer definitions.`,
+    suggestion: "Route the dependency through the correct intermediate layer (e.g., routes -> services -> db, not routes -> db).",
+    evidence: [line.trim()],
+    validatedBy: "heuristic"
+  };
+}
 function detectLayerViolations(bundle) {
-  const findings = [];
   const checkDepsFile = bundle.contextFiles.find((f) => f.path === "harness-check-deps-output");
-  if (!checkDepsFile) return findings;
-  const lines = checkDepsFile.content.split("\n");
-  for (const line of lines) {
-    if (line.toLowerCase().includes("violation") || line.toLowerCase().includes("layer")) {
-      const fileMatch = line.match(/(?:in\s+)?(\S+\.(?:ts|tsx|js|jsx))(?::(\d+))?/);
-      const file = fileMatch?.[1] ?? bundle.changedFiles[0]?.path ?? "unknown";
-      const lineNum = fileMatch?.[2] ? parseInt(fileMatch[2], 10) : 1;
-      findings.push({
-        id: makeFindingId("arch", file, lineNum, "layer violation"),
-        file,
-        lineRange: [lineNum, lineNum],
-        domain: "architecture",
-        severity: "critical",
-        title: "Layer boundary violation detected by check-deps",
-        rationale: `Architectural layer violation: ${line.trim()}. Imports must flow in the correct direction per the project's layer definitions.`,
-        suggestion: "Route the dependency through the correct intermediate layer (e.g., routes -> services -> db, not routes -> db).",
-        evidence: [line.trim()],
-        validatedBy: "heuristic"
-      });
-    }
-  }
-  return findings;
+  if (!checkDepsFile) return [];
+  const fallbackPath = bundle.changedFiles[0]?.path ?? "unknown";
+  return checkDepsFile.content.split("\n").filter(isViolationLine).map((line) => createLayerViolationFinding(line, fallbackPath));
 }
 function detectLargeFiles(bundle) {
   const findings = [];
@@ -7751,45 +7979,61 @@ function detectLargeFiles(bundle) {
   }
   return findings;
 }
+function extractRelativeImports(content) {
+  const importRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
+  let match;
+  const imports = /* @__PURE__ */ new Set();
+  while ((match = importRegex.exec(content)) !== null) {
+    const source = match[1];
+    if (source.startsWith(".")) {
+      imports.add(source.replace(/^\.\//, "").replace(/^\.\.\//, ""));
+    }
+  }
+  return imports;
+}
+function fileBaseName(filePath) {
+  return filePath.replace(/.*\//, "").replace(/\.(ts|tsx|js|jsx)$/, "");
+}
+function findCircularImportInCtxFile(ctxFile, changedFilePath, changedPaths, fileImports) {
+  const ctxImportRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
+  let ctxMatch;
+  while ((ctxMatch = ctxImportRegex.exec(ctxFile.content)) !== null) {
+    const ctxSource = ctxMatch[1];
+    if (!ctxSource.startsWith(".")) continue;
+    for (const changedPath of changedPaths) {
+      const baseName = fileBaseName(changedPath);
+      const ctxBaseName = fileBaseName(ctxFile.path);
+      if (ctxSource.includes(baseName) && fileImports.has(ctxBaseName)) {
+        return {
+          id: makeFindingId("arch", changedFilePath, 1, `circular ${ctxFile.path}`),
+          file: changedFilePath,
+          lineRange: [1, 1],
+          domain: "architecture",
+          severity: "important",
+          title: `Potential circular import between ${changedFilePath} and ${ctxFile.path}`,
+          rationale: "Circular imports can cause runtime issues (undefined values at import time) and indicate tightly coupled modules that should be refactored.",
+          suggestion: "Extract shared types/interfaces into a separate module that both files can import from.",
+          evidence: [
+            `${changedFilePath} imports from a module that also imports from ${changedFilePath}`
+          ],
+          validatedBy: "heuristic"
+        };
+      }
+    }
+  }
+  return null;
+}
 function detectCircularImports(bundle) {
   const findings = [];
   const changedPaths = new Set(bundle.changedFiles.map((f) => f.path));
+  const relevantCtxFiles = bundle.contextFiles.filter(
+    (f) => f.reason === "import" || f.reason === "graph-dependency"
+  );
   for (const cf of bundle.changedFiles) {
-    const importRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
-    let match;
-    const imports = /* @__PURE__ */ new Set();
-    while ((match = importRegex.exec(cf.content)) !== null) {
-      const source = match[1];
-      if (source.startsWith(".")) {
-        imports.add(source.replace(/^\.\//, "").replace(/^\.\.\//, ""));
-      }
-    }
-    for (const ctxFile of bundle.contextFiles) {
-      if (ctxFile.reason !== "import" && ctxFile.reason !== "graph-dependency") continue;
-      const ctxImportRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
-      let ctxMatch;
-      while ((ctxMatch = ctxImportRegex.exec(ctxFile.content)) !== null) {
-        const ctxSource = ctxMatch[1];
-        if (ctxSource.startsWith(".")) {
-          for (const changedPath of changedPaths) {
-            const baseName = changedPath.replace(/.*\//, "").replace(/\.(ts|tsx|js|jsx)$/, "");
-            if (ctxSource.includes(baseName) && imports.has(ctxFile.path.replace(/.*\//, "").replace(/\.(ts|tsx|js|jsx)$/, ""))) {
-              findings.push({
-                id: makeFindingId("arch", cf.path, 1, `circular ${ctxFile.path}`),
-                file: cf.path,
-                lineRange: [1, 1],
-                domain: "architecture",
-                severity: "important",
-                title: `Potential circular import between ${cf.path} and ${ctxFile.path}`,
-                rationale: "Circular imports can cause runtime issues (undefined values at import time) and indicate tightly coupled modules that should be refactored.",
-                suggestion: "Extract shared types/interfaces into a separate module that both files can import from.",
-                evidence: [`${cf.path} imports from a module that also imports from ${cf.path}`],
-                validatedBy: "heuristic"
-              });
-            }
-          }
-        }
-      }
+    const imports = extractRelativeImports(cf.content);
+    for (const ctxFile of relevantCtxFiles) {
+      const finding = findCircularImportInCtxFile(ctxFile, cf.path, changedPaths, imports);
+      if (finding) findings.push(finding);
     }
   }
   return findings;
@@ -7836,7 +8080,7 @@ async function fanOutReview(options) {
 }
 
 // src/review/validate-findings.ts
-import * as path15 from "path";
+import * as path17 from "path";
 var DOWNGRADE_MAP = {
   critical: "important",
   important: "suggestion",
@@ -7857,7 +8101,7 @@ function normalizePath(filePath, projectRoot) {
   let normalized = filePath;
   normalized = normalized.replace(/\\/g, "/");
   const normalizedRoot = projectRoot.replace(/\\/g, "/");
-  if (path15.isAbsolute(normalized)) {
+  if (path17.isAbsolute(normalized)) {
     const root = normalizedRoot.endsWith("/") ? normalizedRoot : normalizedRoot + "/";
     if (normalized.startsWith(root)) {
       normalized = normalized.slice(root.length);
@@ -7882,12 +8126,12 @@ function followImportChain(fromFile, fileContents, maxDepth = 2) {
     while ((match = importRegex.exec(content)) !== null) {
       const importPath = match[1];
       if (!importPath.startsWith(".")) continue;
-      const dir = path15.dirname(current.file);
-      let resolved = path15.join(dir, importPath).replace(/\\/g, "/");
+      const dir = path17.dirname(current.file);
+      let resolved = path17.join(dir, importPath).replace(/\\/g, "/");
       if (!resolved.match(/\.(ts|tsx|js|jsx)$/)) {
         resolved += ".ts";
       }
-      resolved = path15.normalize(resolved).replace(/\\/g, "/");
+      resolved = path17.normalize(resolved).replace(/\\/g, "/");
       if (!visited.has(resolved) && current.depth + 1 <= maxDepth) {
         queue.push({ file: resolved, depth: current.depth + 1 });
       }
@@ -7904,7 +8148,7 @@ async function validateFindings(options) {
     if (exclusionSet.isExcluded(normalizedFile, finding.lineRange) || exclusionSet.isExcluded(finding.file, finding.lineRange)) {
       continue;
     }
-    const absoluteFile = path15.isAbsolute(finding.file) ? finding.file : path15.join(projectRoot, finding.file).replace(/\\/g, "/");
+    const absoluteFile = path17.isAbsolute(finding.file) ? finding.file : path17.join(projectRoot, finding.file).replace(/\\/g, "/");
     if (exclusionSet.isExcluded(absoluteFile, finding.lineRange)) {
       continue;
     }
@@ -7961,6 +8205,28 @@ async function validateFindings(options) {
 function rangesOverlap(a, b, gap) {
   return a[0] <= b[1] + gap && b[0] <= a[1] + gap;
 }
+function pickLongest(a, b) {
+  if (a && b) return a.length >= b.length ? a : b;
+  return a ?? b;
+}
+function buildMergedTitle(a, b, domains) {
+  const primaryFinding = SEVERITY_RANK[a.severity] >= SEVERITY_RANK[b.severity] ? a : b;
+  const domainList = [...domains].sort().join(", ");
+  const cleanTitle = primaryFinding.title.replace(/^\[.*?\]\s*/, "");
+  return { title: `[${domainList}] ${cleanTitle}`, primaryFinding };
+}
+function mergeSecurityFields(merged, primary, a, b) {
+  const cweId = primary.cweId ?? a.cweId ?? b.cweId;
+  const owaspCategory = primary.owaspCategory ?? a.owaspCategory ?? b.owaspCategory;
+  const confidence = primary.confidence ?? a.confidence ?? b.confidence;
+  const remediation = pickLongest(a.remediation, b.remediation);
+  const mergedRefs = [.../* @__PURE__ */ new Set([...a.references ?? [], ...b.references ?? []])];
+  if (cweId !== void 0) merged.cweId = cweId;
+  if (owaspCategory !== void 0) merged.owaspCategory = owaspCategory;
+  if (confidence !== void 0) merged.confidence = confidence;
+  if (remediation !== void 0) merged.remediation = remediation;
+  if (mergedRefs.length > 0) merged.references = mergedRefs;
+}
 function mergeFindings(a, b) {
   const highestSeverity = SEVERITY_RANK[a.severity] >= SEVERITY_RANK[b.severity] ? a.severity : b.severity;
   const highestValidatedBy = (VALIDATED_BY_RANK[a.validatedBy] ?? 0) >= (VALIDATED_BY_RANK[b.validatedBy] ?? 0) ? a.validatedBy : b.validatedBy;
@@ -7970,18 +8236,12 @@ function mergeFindings(a, b) {
     Math.min(a.lineRange[0], b.lineRange[0]),
     Math.max(a.lineRange[1], b.lineRange[1])
   ];
-  const domains = /* @__PURE__ */ new Set();
-  domains.add(a.domain);
-  domains.add(b.domain);
-  const suggestion = a.suggestion && b.suggestion ? a.suggestion.length >= b.suggestion.length ? a.suggestion : b.suggestion : a.suggestion ?? b.suggestion;
-  const primaryFinding = SEVERITY_RANK[a.severity] >= SEVERITY_RANK[b.severity] ? a : b;
-  const domainList = [...domains].sort().join(", ");
-  const cleanTitle = primaryFinding.title.replace(/^\[.*?\]\s*/, "");
-  const title = `[${domainList}] ${cleanTitle}`;
+  const domains = /* @__PURE__ */ new Set([a.domain, b.domain]);
+  const suggestion = pickLongest(a.suggestion, b.suggestion);
+  const { title, primaryFinding } = buildMergedTitle(a, b, domains);
   const merged = {
     id: primaryFinding.id,
     file: a.file,
-    // same file for all merged findings
     lineRange,
     domain: primaryFinding.domain,
     severity: highestSeverity,
@@ -7993,16 +8253,7 @@ function mergeFindings(a, b) {
   if (suggestion !== void 0) {
     merged.suggestion = suggestion;
   }
-  const cweId = primaryFinding.cweId ?? a.cweId ?? b.cweId;
-  const owaspCategory = primaryFinding.owaspCategory ?? a.owaspCategory ?? b.owaspCategory;
-  const confidence = primaryFinding.confidence ?? a.confidence ?? b.confidence;
-  const remediation = a.remediation && b.remediation ? a.remediation.length >= b.remediation.length ? a.remediation : b.remediation : a.remediation ?? b.remediation;
-  const mergedRefs = [.../* @__PURE__ */ new Set([...a.references ?? [], ...b.references ?? []])];
-  if (cweId !== void 0) merged.cweId = cweId;
-  if (owaspCategory !== void 0) merged.owaspCategory = owaspCategory;
-  if (confidence !== void 0) merged.confidence = confidence;
-  if (remediation !== void 0) merged.remediation = remediation;
-  if (mergedRefs.length > 0) merged.references = mergedRefs;
+  mergeSecurityFields(merged, primaryFinding, a, b);
   return merged;
 }
 function deduplicateFindings(options) {
@@ -8174,6 +8425,17 @@ function formatTerminalOutput(options) {
     if (suggestionCount > 0) parts.push(`${suggestionCount} suggestion(s)`);
     sections.push(`  Found ${issueCount} issue(s): ${parts.join(", ")}.`);
   }
+  if (options.evidenceCoverage) {
+    const ec = options.evidenceCoverage;
+    sections.push("");
+    sections.push("## Evidence Coverage\n");
+    sections.push(`  Evidence entries: ${ec.totalEntries}`);
+    sections.push(
+      `  Findings with evidence: ${ec.findingsWithEvidence}/${ec.findingsWithEvidence + ec.uncitedCount}`
+    );
+    sections.push(`  Uncited findings: ${ec.uncitedCount} (flagged as [UNVERIFIED])`);
+    sections.push(`  Coverage: ${ec.coveragePercentage}%`);
+  }
   return sections.join("\n");
 }
 
@@ -8250,9 +8512,108 @@ function formatGitHubSummary(options) {
   const assessment = determineAssessment(findings);
   const assessmentLabel = assessment === "approve" ? "Approve" : assessment === "comment" ? "Comment" : "Request Changes";
   sections.push(`## Assessment: ${assessmentLabel}`);
+  if (options.evidenceCoverage) {
+    const ec = options.evidenceCoverage;
+    sections.push("");
+    sections.push("## Evidence Coverage\n");
+    sections.push(`- Evidence entries: ${ec.totalEntries}`);
+    sections.push(
+      `- Findings with evidence: ${ec.findingsWithEvidence}/${ec.findingsWithEvidence + ec.uncitedCount}`
+    );
+    sections.push(`- Uncited findings: ${ec.uncitedCount} (flagged as \\[UNVERIFIED\\])`);
+    sections.push(`- Coverage: ${ec.coveragePercentage}%`);
+  }
   return sections.join("\n");
 }
 
+// src/review/evidence-gate.ts
+var FILE_LINE_RANGE_PATTERN = /^([\w./@-]+\.\w+):(\d+)-(\d+)/;
+var FILE_LINE_PATTERN = /^([\w./@-]+\.\w+):(\d+)/;
+var FILE_ONLY_PATTERN = /^([\w./@-]+\.\w+)\s/;
+function parseEvidenceRef(content) {
+  const trimmed = content.trim();
+  const rangeMatch = trimmed.match(FILE_LINE_RANGE_PATTERN);
+  if (rangeMatch) {
+    return {
+      file: rangeMatch[1],
+      lineStart: parseInt(rangeMatch[2], 10),
+      lineEnd: parseInt(rangeMatch[3], 10)
+    };
+  }
+  const lineMatch = trimmed.match(FILE_LINE_PATTERN);
+  if (lineMatch) {
+    return {
+      file: lineMatch[1],
+      lineStart: parseInt(lineMatch[2], 10)
+    };
+  }
+  const fileMatch = trimmed.match(FILE_ONLY_PATTERN);
+  if (fileMatch) {
+    return { file: fileMatch[1] };
+  }
+  return null;
+}
+function evidenceMatchesFinding(ref, finding) {
+  if (ref.file !== finding.file) return false;
+  if (ref.lineStart === void 0) return true;
+  const [findStart, findEnd] = finding.lineRange;
+  if (ref.lineEnd !== void 0) {
+    return ref.lineStart <= findEnd && ref.lineEnd >= findStart;
+  }
+  return ref.lineStart >= findStart && ref.lineStart <= findEnd;
+}
+function checkEvidenceCoverage(findings, evidenceEntries) {
+  if (findings.length === 0) {
+    return {
+      totalEntries: evidenceEntries.filter((e) => e.status === "active").length,
+      findingsWithEvidence: 0,
+      uncitedCount: 0,
+      uncitedFindings: [],
+      coveragePercentage: 100
+    };
+  }
+  const activeEvidence = evidenceEntries.filter((e) => e.status === "active");
+  const evidenceRefs = [];
+  for (const entry of activeEvidence) {
+    const ref = parseEvidenceRef(entry.content);
+    if (ref) evidenceRefs.push(ref);
+  }
+  let findingsWithEvidence = 0;
+  const uncitedFindings = [];
+  for (const finding of findings) {
+    const hasEvidence = evidenceRefs.some((ref) => evidenceMatchesFinding(ref, finding));
+    if (hasEvidence) {
+      findingsWithEvidence++;
+    } else {
+      uncitedFindings.push(finding.title);
+    }
+  }
+  const uncitedCount = findings.length - findingsWithEvidence;
+  const coveragePercentage = Math.round(findingsWithEvidence / findings.length * 100);
+  return {
+    totalEntries: activeEvidence.length,
+    findingsWithEvidence,
+    uncitedCount,
+    uncitedFindings,
+    coveragePercentage
+  };
+}
+function tagUncitedFindings(findings, evidenceEntries) {
+  const activeEvidence = evidenceEntries.filter((e) => e.status === "active");
+  const evidenceRefs = [];
+  for (const entry of activeEvidence) {
+    const ref = parseEvidenceRef(entry.content);
+    if (ref) evidenceRefs.push(ref);
+  }
+  for (const finding of findings) {
+    const hasEvidence = evidenceRefs.some((ref) => evidenceMatchesFinding(ref, finding));
+    if (!hasEvidence && !finding.title.startsWith("[UNVERIFIED]")) {
+      finding.title = `[UNVERIFIED] ${finding.title}`;
+    }
+  }
+  return findings;
+}
+
 // src/review/pipeline-orchestrator.ts
 async function runReviewPipeline(options) {
   const {
@@ -8265,7 +8626,8 @@ async function runReviewPipeline(options) {
     conventionFiles,
     checkDepsOutput,
     config = {},
-    commitHistory
+    commitHistory,
+    sessionSlug
   } = options;
   if (flags.ci && prMetadata) {
     const eligibility = checkEligibility(prMetadata, true);
@@ -8361,13 +8723,25 @@ async function runReviewPipeline(options) {
     projectRoot,
     fileContents
   });
+  let evidenceCoverage;
+  if (sessionSlug) {
+    try {
+      const evidenceResult = await readSessionSection(projectRoot, sessionSlug, "evidence");
+      if (evidenceResult.ok) {
+        evidenceCoverage = checkEvidenceCoverage(validatedFindings, evidenceResult.value);
+        tagUncitedFindings(validatedFindings, evidenceResult.value);
+      }
+    } catch {
+    }
+  }
   const dedupedFindings = deduplicateFindings({ findings: validatedFindings });
   const strengths = [];
   const assessment = determineAssessment(dedupedFindings);
   const exitCode = getExitCode(assessment);
   const terminalOutput = formatTerminalOutput({
     findings: dedupedFindings,
-    strengths
+    strengths,
+    ...evidenceCoverage != null ? { evidenceCoverage } : {}
   });
   let githubComments = [];
   if (flags.comment) {
@@ -8382,7 +8756,8 @@ async function runReviewPipeline(options) {
     terminalOutput,
     githubComments,
     exitCode,
-    ...mechanicalResult !== void 0 ? { mechanicalResult } : {}
+    ...mechanicalResult != null ? { mechanicalResult } : {},
+    ...evidenceCoverage != null ? { evidenceCoverage } : {}
   };
 }
 
@@ -8485,13 +8860,29 @@ function parseFeatures(sectionBody) {
   }
   return Ok2(features);
 }
-function parseFeatureFields(name, body) {
+function extractFieldMap(body) {
   const fieldMap = /* @__PURE__ */ new Map();
   const fieldPattern = /^- \*\*(.+?):\*\* (.+)$/gm;
   let match;
   while ((match = fieldPattern.exec(body)) !== null) {
     fieldMap.set(match[1], match[2]);
   }
+  return fieldMap;
+}
+function parseListField(fieldMap, ...keys) {
+  let raw = EM_DASH;
+  for (const key of keys) {
+    const val = fieldMap.get(key);
+    if (val !== void 0) {
+      raw = val;
+      break;
+    }
+  }
+  if (raw === EM_DASH || raw === "none") return [];
+  return raw.split(",").map((s) => s.trim());
+}
+function parseFeatureFields(name, body) {
+  const fieldMap = extractFieldMap(body);
   const statusRaw = fieldMap.get("Status");
   if (!statusRaw || !VALID_STATUSES.has(statusRaw)) {
     return Err2(
@@ -8500,15 +8891,17 @@ function parseFeatureFields(name, body) {
       )
     );
   }
-  const status = statusRaw;
   const specRaw = fieldMap.get("Spec") ?? EM_DASH;
-  const spec = specRaw === EM_DASH ? null : specRaw;
-  const plansRaw = fieldMap.get("Plans") ?? fieldMap.get("Plan") ?? EM_DASH;
-  const plans = plansRaw === EM_DASH || plansRaw === "none" ? [] : plansRaw.split(",").map((p) => p.trim());
-  const blockedByRaw = fieldMap.get("Blocked by") ?? fieldMap.get("Blockers") ?? EM_DASH;
-  const blockedBy = blockedByRaw === EM_DASH || blockedByRaw === "none" ? [] : blockedByRaw.split(",").map((b) => b.trim());
-  const summary = fieldMap.get("Summary") ?? "";
-  return Ok2({ name, status, spec, plans, blockedBy, summary });
+  const plans = parseListField(fieldMap, "Plans", "Plan");
+  const blockedBy = parseListField(fieldMap, "Blocked by", "Blockers");
+  return Ok2({
+    name,
+    status: statusRaw,
+    spec: specRaw === EM_DASH ? null : specRaw,
+    plans,
+    blockedBy,
+    summary: fieldMap.get("Summary") ?? ""
+  });
 }
 
 // src/roadmap/serialize.ts
@@ -8559,8 +8952,8 @@ function serializeFeature(feature) {
 }
 
 // src/roadmap/sync.ts
-import * as fs16 from "fs";
-import * as path16 from "path";
+import * as fs18 from "fs";
+import * as path18 from "path";
 import { Ok as Ok3 } from "@harness-engineering/types";
 function inferStatus(feature, projectPath, allFeatures) {
   if (feature.blockedBy.length > 0) {
@@ -8575,10 +8968,10 @@ function inferStatus(feature, projectPath, allFeatures) {
   const featuresWithPlans = allFeatures.filter((f) => f.plans.length > 0);
   const useRootState = featuresWithPlans.length <= 1;
   if (useRootState) {
-    const rootStatePath = path16.join(projectPath, ".harness", "state.json");
-    if (fs16.existsSync(rootStatePath)) {
+    const rootStatePath = path18.join(projectPath, ".harness", "state.json");
+    if (fs18.existsSync(rootStatePath)) {
       try {
-        const raw = fs16.readFileSync(rootStatePath, "utf-8");
+        const raw = fs18.readFileSync(rootStatePath, "utf-8");
         const state = JSON.parse(raw);
         if (state.progress) {
           for (const status of Object.values(state.progress)) {
@@ -8589,16 +8982,16 @@ function inferStatus(feature, projectPath, allFeatures) {
       }
     }
   }
-  const sessionsDir = path16.join(projectPath, ".harness", "sessions");
-  if (fs16.existsSync(sessionsDir)) {
+  const sessionsDir = path18.join(projectPath, ".harness", "sessions");
+  if (fs18.existsSync(sessionsDir)) {
     try {
-      const sessionDirs = fs16.readdirSync(sessionsDir, { withFileTypes: true });
+      const sessionDirs = fs18.readdirSync(sessionsDir, { withFileTypes: true });
       for (const entry of sessionDirs) {
         if (!entry.isDirectory()) continue;
-        const autopilotPath = path16.join(sessionsDir, entry.name, "autopilot-state.json");
-        if (!fs16.existsSync(autopilotPath)) continue;
+        const autopilotPath = path18.join(sessionsDir, entry.name, "autopilot-state.json");
+        if (!fs18.existsSync(autopilotPath)) continue;
         try {
-          const raw = fs16.readFileSync(autopilotPath, "utf-8");
+          const raw = fs18.readFileSync(autopilotPath, "utf-8");
           const autopilot = JSON.parse(raw);
           if (!autopilot.phases) continue;
           const linkedPhases = autopilot.phases.filter(
@@ -8678,17 +9071,17 @@ var EmitInteractionInputSchema = z6.object({
 });
 
 // src/blueprint/scanner.ts
-import * as fs17 from "fs/promises";
-import * as path17 from "path";
+import * as fs19 from "fs/promises";
+import * as path19 from "path";
 var ProjectScanner = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
   }
   async scan() {
-    let projectName = path17.basename(this.rootDir);
+    let projectName = path19.basename(this.rootDir);
     try {
-      const pkgPath = path17.join(this.rootDir, "package.json");
-      const pkgRaw = await fs17.readFile(pkgPath, "utf-8");
+      const pkgPath = path19.join(this.rootDir, "package.json");
+      const pkgRaw = await fs19.readFile(pkgPath, "utf-8");
       const pkg = JSON.parse(pkgRaw);
       if (pkg.name) projectName = pkg.name;
     } catch {
@@ -8729,8 +9122,8 @@ var ProjectScanner = class {
 };
 
 // src/blueprint/generator.ts
-import * as fs18 from "fs/promises";
-import * as path18 from "path";
+import * as fs20 from "fs/promises";
+import * as path20 from "path";
 import * as ejs from "ejs";
 
 // src/blueprint/templates.ts
@@ -8814,19 +9207,19 @@ var BlueprintGenerator = class {
       styles: STYLES,
       scripts: SCRIPTS
     });
-    await fs18.mkdir(options.outputDir, { recursive: true });
-    await fs18.writeFile(path18.join(options.outputDir, "index.html"), html);
+    await fs20.mkdir(options.outputDir, { recursive: true });
+    await fs20.writeFile(path20.join(options.outputDir, "index.html"), html);
   }
 };
 
 // src/update-checker.ts
-import * as fs19 from "fs";
-import * as path19 from "path";
+import * as fs21 from "fs";
+import * as path21 from "path";
 import * as os from "os";
 import { spawn } from "child_process";
 function getStatePath() {
   const home = process.env["HOME"] || os.homedir();
-  return path19.join(home, ".harness", "update-check.json");
+  return path21.join(home, ".harness", "update-check.json");
 }
 function isUpdateCheckEnabled(configInterval) {
   if (process.env["HARNESS_NO_UPDATE_CHECK"] === "1") return false;
@@ -8839,7 +9232,7 @@ function shouldRunCheck(state, intervalMs) {
 }
 function readCheckState() {
   try {
-    const raw = fs19.readFileSync(getStatePath(), "utf-8");
+    const raw = fs21.readFileSync(getStatePath(), "utf-8");
     const parsed = JSON.parse(raw);
     if (typeof parsed === "object" && parsed !== null && "lastCheckTime" in parsed && typeof parsed.lastCheckTime === "number" && "currentVersion" in parsed && typeof parsed.currentVersion === "string") {
       const state = parsed;
@@ -8856,7 +9249,7 @@ function readCheckState() {
 }
 function spawnBackgroundCheck(currentVersion) {
   const statePath = getStatePath();
-  const stateDir = path19.dirname(statePath);
+  const stateDir = path21.dirname(statePath);
   const script = `
 const { execSync } = require('child_process');
 const fs = require('fs');
@@ -8910,7 +9303,7 @@ Run "harness update" to upgrade.`;
 }
 
 // src/index.ts
-var VERSION = "0.11.0";
+var VERSION = "0.14.0";
 export {
   AGENT_DESCRIPTORS,
   ARCHITECTURE_DESCRIPTOR,
@@ -8990,6 +9383,7 @@ export {
   analyzeLearningPatterns,
   appendFailure,
   appendLearning,
+  appendSessionEntry,
   applyFixes,
   applyHotspotDowngrade,
   archMatchers,
@@ -8997,12 +9391,14 @@ export {
   architecture,
   archiveFailures,
   archiveLearnings,
+  archiveSession,
   archiveStream,
   buildDependencyGraph,
   buildExclusionSet,
   buildSnapshot,
   checkDocCoverage,
   checkEligibility,
+  checkEvidenceCoverage,
   classifyFinding,
   clearFailuresCache,
   clearLearningsCache,
@@ -9086,6 +9482,8 @@ export {
   reactRules,
   readCheckState,
   readLockfile,
+  readSessionSection,
+  readSessionSections,
   removeContributions,
   removeProvenance,
   requestMultiplePeerReviews,
@@ -9119,8 +9517,10 @@ export {
   spawnBackgroundCheck,
   syncConstraintNodes,
   syncRoadmap,
+  tagUncitedFindings,
   touchStream,
   trackAction,
+  updateSessionEntryStatus,
   updateSessionIndex,
   validateAgentsMap,
   validateBoundaries,