@harness-engineering/core 0.13.1 → 0.15.0

package/dist/index.mjs

@@ -41,7 +41,7 @@ import {
   runAll,
   validateDependencies,
   violationId
-} from "./chunk-D6VFA6AS.mjs";
+} from "./chunk-BQUWXBGR.mjs";
 
 // src/index.ts
 export * from "@harness-engineering/types";
@@ -84,15 +84,15 @@ function validateConfig(data, schema) {
   let message = "Configuration validation failed";
   const suggestions = [];
   if (firstError) {
-    const path20 = firstError.path.join(".");
-    const pathDisplay = path20 ? ` at "${path20}"` : "";
+    const path23 = firstError.path.join(".");
+    const pathDisplay = path23 ? ` at "${path23}"` : "";
     if (firstError.code === "invalid_type") {
       const received = firstError.received;
       const expected = firstError.expected;
       if (received === "undefined") {
         code = "MISSING_FIELD";
         message = `Missing required field${pathDisplay}: ${firstError.message}`;
-        suggestions.push(`Field "${path20}" is required and must be of type "${expected}"`);
+        suggestions.push(`Field "${path23}" is required and must be of type "${expected}"`);
       } else {
         code = "INVALID_TYPE";
         message = `Invalid type${pathDisplay}: ${firstError.message}`;
@@ -246,6 +246,43 @@ function extractMarkdownLinks(content) {
   }
   return links;
 }
+function isDescriptionTerminator(trimmed) {
+  return trimmed.startsWith("#") || trimmed.startsWith("-") || trimmed.startsWith("*") || trimmed.startsWith("```");
+}
+function extractDescription(sectionLines) {
+  const descriptionLines = [];
+  for (const line of sectionLines) {
+    const trimmed = line.trim();
+    if (trimmed === "") {
+      if (descriptionLines.length > 0) break;
+      continue;
+    }
+    if (isDescriptionTerminator(trimmed)) break;
+    descriptionLines.push(trimmed);
+  }
+  return descriptionLines.length > 0 ? descriptionLines.join(" ") : void 0;
+}
+function buildAgentMapSection(section, lines) {
+  const endIndex = section.endIndex ?? lines.length;
+  const sectionLines = lines.slice(section.startIndex + 1, endIndex);
+  const sectionContent = sectionLines.join("\n");
+  const links = extractMarkdownLinks(sectionContent).map((link) => ({
+    ...link,
+    line: link.line + section.startIndex + 1,
+    exists: false
+  }));
+  const result = {
+    title: section.title,
+    level: section.level,
+    line: section.line,
+    links
+  };
+  const description = extractDescription(sectionLines);
+  if (description) {
+    result.description = description;
+  }
+  return result;
+}
 function extractSections(content) {
   const lines = content.split("\n");
   const sections = [];
@@ -258,7 +295,6 @@ function extractSections(content) {
         title: match[2].trim(),
         level: match[1].length,
         line: i + 1,
-        // 1-indexed
         startIndex: i
       });
     }
@@ -270,62 +306,29 @@ function extractSections(content) {
       currentSection.endIndex = nextSection ? nextSection.startIndex : lines.length;
     }
   }
-  return sections.map((section) => {
-    const endIndex = section.endIndex ?? lines.length;
-    const sectionLines = lines.slice(section.startIndex + 1, endIndex);
-    const sectionContent = sectionLines.join("\n");
-    const links = extractMarkdownLinks(sectionContent).map((link) => ({
-      ...link,
-      line: link.line + section.startIndex + 1,
-      // Adjust line number
-      exists: false
-      // Will be set later by validateAgentsMap
-    }));
-    const descriptionLines = [];
-    for (const line of sectionLines) {
-      const trimmed = line.trim();
-      if (trimmed === "") {
-        if (descriptionLines.length > 0) break;
-        continue;
-      }
-      if (trimmed.startsWith("#")) break;
-      if (trimmed.startsWith("-") || trimmed.startsWith("*")) break;
-      if (trimmed.startsWith("```")) break;
-      descriptionLines.push(trimmed);
-    }
-    const result = {
-      title: section.title,
-      level: section.level,
-      line: section.line,
-      links
-    };
-    if (descriptionLines.length > 0) {
-      result.description = descriptionLines.join(" ");
-    }
-    return result;
-  });
+  return sections.map((section) => buildAgentMapSection(section, lines));
 }
-function isExternalLink(path20) {
-  return path20.startsWith("http://") || path20.startsWith("https://") || path20.startsWith("#") || path20.startsWith("mailto:");
+function isExternalLink(path23) {
+  return path23.startsWith("http://") || path23.startsWith("https://") || path23.startsWith("#") || path23.startsWith("mailto:");
 }
 function resolveLinkPath(linkPath, baseDir) {
   return linkPath.startsWith(".") ? join(baseDir, linkPath) : linkPath;
 }
-async function validateAgentsMap(path20 = "./AGENTS.md") {
-  const contentResult = await readFileContent(path20);
+async function validateAgentsMap(path23 = "./AGENTS.md") {
+  const contentResult = await readFileContent(path23);
   if (!contentResult.ok) {
     return Err(
       createError(
         "PARSE_ERROR",
         `Failed to read AGENTS.md: ${contentResult.error.message}`,
-        { path: path20 },
+        { path: path23 },
         ["Ensure the file exists", "Check file permissions"]
       )
     );
   }
   const content = contentResult.value;
   const sections = extractSections(content);
-  const baseDir = dirname(path20);
+  const baseDir = dirname(path23);
   const sectionTitles = sections.map((s) => s.title);
   const missingSections = REQUIRED_SECTIONS.filter(
     (required) => !sectionTitles.some((title) => title.toLowerCase().includes(required.toLowerCase()))
@@ -466,8 +469,8 @@ async function checkDocCoverage(domain, options = {}) {
 
 // src/context/knowledge-map.ts
 import { join as join2, basename as basename2 } from "path";
-function suggestFix(path20, existingFiles) {
-  const targetName = basename2(path20).toLowerCase();
+function suggestFix(path23, existingFiles) {
+  const targetName = basename2(path23).toLowerCase();
   const similar = existingFiles.find((file) => {
     const fileName = basename2(file).toLowerCase();
     return fileName.includes(targetName) || targetName.includes(fileName);
@@ -475,7 +478,7 @@ function suggestFix(path20, existingFiles) {
   if (similar) {
     return `Did you mean "${similar}"?`;
   }
-  return `Create the file "${path20}" or remove the link`;
+  return `Create the file "${path23}" or remove the link`;
 }
 async function validateKnowledgeMap(rootDir = process.cwd()) {
   const agentsPath = join2(rootDir, "AGENTS.md");
@@ -827,8 +830,8 @@ function createBoundaryValidator(schema, name) {
         return Ok(result.data);
       }
       const suggestions = result.error.issues.map((issue) => {
-        const path20 = issue.path.join(".");
-        return path20 ? `${path20}: ${issue.message}` : issue.message;
+        const path23 = issue.path.join(".");
+        return path23 ? `${path23}: ${issue.message}` : issue.message;
       });
       return Err(
         createError(
@@ -1050,175 +1053,183 @@ function stringArraysEqual(a, b) {
   const sortedB = [...b].sort();
   return sortedA.every((val, i) => val === sortedB[i]);
 }
-function deepMergeConstraints(localConfig, bundleConstraints, _existingContributions) {
-  const config = { ...localConfig };
-  const contributions = {};
-  const conflicts = [];
-  if (bundleConstraints.layers && bundleConstraints.layers.length > 0) {
-    const localLayers = Array.isArray(localConfig.layers) ? localConfig.layers : [];
-    const mergedLayers = [...localLayers];
-    const contributedLayerNames = [];
-    for (const bundleLayer of bundleConstraints.layers) {
-      const existing = localLayers.find((l) => l.name === bundleLayer.name);
-      if (!existing) {
-        mergedLayers.push(bundleLayer);
-        contributedLayerNames.push(bundleLayer.name);
-      } else {
-        const same = existing.pattern === bundleLayer.pattern && stringArraysEqual(existing.allowedDependencies, bundleLayer.allowedDependencies);
-        if (!same) {
-          conflicts.push({
-            section: "layers",
-            key: bundleLayer.name,
-            localValue: existing,
-            packageValue: bundleLayer,
-            description: `Layer '${bundleLayer.name}' already exists locally with different configuration`
-          });
-        }
+function mergeLayers(localConfig, bundleLayers, config, contributions, conflicts) {
+  const localLayers = Array.isArray(localConfig.layers) ? localConfig.layers : [];
+  const mergedLayers = [...localLayers];
+  const contributedLayerNames = [];
+  for (const bundleLayer of bundleLayers) {
+    const existing = localLayers.find((l) => l.name === bundleLayer.name);
+    if (!existing) {
+      mergedLayers.push(bundleLayer);
+      contributedLayerNames.push(bundleLayer.name);
+    } else {
+      const same = existing.pattern === bundleLayer.pattern && stringArraysEqual(existing.allowedDependencies, bundleLayer.allowedDependencies);
+      if (!same) {
+        conflicts.push({
+          section: "layers",
+          key: bundleLayer.name,
+          localValue: existing,
+          packageValue: bundleLayer,
+          description: `Layer '${bundleLayer.name}' already exists locally with different configuration`
+        });
+      }
+    }
+  }
+  config.layers = mergedLayers;
+  if (contributedLayerNames.length > 0) contributions.layers = contributedLayerNames;
+}
+function mergeForbiddenImports(localConfig, bundleRules, config, contributions, conflicts) {
+  const localFI = Array.isArray(localConfig.forbiddenImports) ? localConfig.forbiddenImports : [];
+  const mergedFI = [...localFI];
+  const contributedFromKeys = [];
+  for (const bundleRule of bundleRules) {
+    const existing = localFI.find((r) => r.from === bundleRule.from);
+    if (!existing) {
+      const entry = { from: bundleRule.from, disallow: bundleRule.disallow };
+      if (bundleRule.message !== void 0) entry.message = bundleRule.message;
+      mergedFI.push(entry);
+      contributedFromKeys.push(bundleRule.from);
+    } else {
+      if (!stringArraysEqual(existing.disallow, bundleRule.disallow)) {
+        conflicts.push({
+          section: "forbiddenImports",
+          key: bundleRule.from,
+          localValue: existing,
+          packageValue: bundleRule,
+          description: `Forbidden import rule for '${bundleRule.from}' already exists locally with different disallow list`
+        });
       }
     }
-    config.layers = mergedLayers;
-    if (contributedLayerNames.length > 0) {
-      contributions.layers = contributedLayerNames;
+  }
+  config.forbiddenImports = mergedFI;
+  if (contributedFromKeys.length > 0) contributions.forbiddenImports = contributedFromKeys;
+}
+function mergeBoundaries(localConfig, bundleBoundaries, config, contributions) {
+  const localBoundaries = localConfig.boundaries ?? { requireSchema: [] };
+  const localSchemas = new Set(localBoundaries.requireSchema ?? []);
+  const newSchemas = [];
+  for (const schema of bundleBoundaries.requireSchema ?? []) {
+    if (!localSchemas.has(schema)) {
+      newSchemas.push(schema);
+      localSchemas.add(schema);
+    }
+  }
+  config.boundaries = { requireSchema: [...localBoundaries.requireSchema ?? [], ...newSchemas] };
+  if (newSchemas.length > 0) contributions.boundaries = newSchemas;
+}
+function mergeArchitecture(localConfig, bundleArch, config, contributions, conflicts) {
+  const localArch = localConfig.architecture ?? { thresholds: {}, modules: {} };
+  const mergedThresholds = { ...localArch.thresholds };
+  const contributedThresholdKeys = [];
+  for (const [category, value] of Object.entries(bundleArch.thresholds ?? {})) {
+    if (!(category in mergedThresholds)) {
+      mergedThresholds[category] = value;
+      contributedThresholdKeys.push(category);
+    } else if (!deepEqual(mergedThresholds[category], value)) {
+      conflicts.push({
+        section: "architecture.thresholds",
+        key: category,
+        localValue: mergedThresholds[category],
+        packageValue: value,
+        description: `Architecture threshold '${category}' already exists locally with a different value`
+      });
     }
   }
-  if (bundleConstraints.forbiddenImports && bundleConstraints.forbiddenImports.length > 0) {
-    const localFI = Array.isArray(localConfig.forbiddenImports) ? localConfig.forbiddenImports : [];
-    const mergedFI = [...localFI];
-    const contributedFromKeys = [];
-    for (const bundleRule of bundleConstraints.forbiddenImports) {
-      const existing = localFI.find((r) => r.from === bundleRule.from);
-      if (!existing) {
-        const entry = {
-          from: bundleRule.from,
-          disallow: bundleRule.disallow
-        };
-        if (bundleRule.message !== void 0) {
-          entry.message = bundleRule.message;
-        }
-        mergedFI.push(entry);
-        contributedFromKeys.push(bundleRule.from);
-      } else {
-        const same = stringArraysEqual(existing.disallow, bundleRule.disallow);
-        if (!same) {
+  const mergedModules = { ...localArch.modules };
+  const contributedModuleKeys = [];
+  for (const [modulePath, bundleCategoryMap] of Object.entries(bundleArch.modules ?? {})) {
+    if (!(modulePath in mergedModules)) {
+      mergedModules[modulePath] = bundleCategoryMap;
+      for (const cat of Object.keys(bundleCategoryMap))
+        contributedModuleKeys.push(`${modulePath}:${cat}`);
+    } else {
+      const mergedCategoryMap = { ...mergedModules[modulePath] };
+      for (const [category, value] of Object.entries(bundleCategoryMap)) {
+        if (!(category in mergedCategoryMap)) {
+          mergedCategoryMap[category] = value;
+          contributedModuleKeys.push(`${modulePath}:${category}`);
+        } else if (!deepEqual(mergedCategoryMap[category], value)) {
           conflicts.push({
-            section: "forbiddenImports",
-            key: bundleRule.from,
-            localValue: existing,
-            packageValue: bundleRule,
-            description: `Forbidden import rule for '${bundleRule.from}' already exists locally with different disallow list`
+            section: "architecture.modules",
+            key: `${modulePath}:${category}`,
+            localValue: mergedCategoryMap[category],
+            packageValue: value,
+            description: `Architecture module override '${modulePath}' category '${category}' already exists locally with a different value`
           });
         }
       }
+      mergedModules[modulePath] = mergedCategoryMap;
+    }
+  }
+  config.architecture = { ...localArch, thresholds: mergedThresholds, modules: mergedModules };
+  if (contributedThresholdKeys.length > 0)
+    contributions["architecture.thresholds"] = contributedThresholdKeys;
+  if (contributedModuleKeys.length > 0)
+    contributions["architecture.modules"] = contributedModuleKeys;
+}
+function mergeSecurityRules(localConfig, bundleRules, config, contributions, conflicts) {
+  const localSecurity = localConfig.security ?? { rules: {} };
+  const localRules = localSecurity.rules ?? {};
+  const mergedRules = { ...localRules };
+  const contributedRuleIds = [];
+  for (const [ruleId, severity] of Object.entries(bundleRules)) {
+    if (!(ruleId in mergedRules)) {
+      mergedRules[ruleId] = severity;
+      contributedRuleIds.push(ruleId);
+    } else if (mergedRules[ruleId] !== severity) {
+      conflicts.push({
+        section: "security.rules",
+        key: ruleId,
+        localValue: mergedRules[ruleId],
+        packageValue: severity,
+        description: `Security rule '${ruleId}' already exists locally with severity '${mergedRules[ruleId]}', bundle has '${severity}'`
+      });
     }
-    config.forbiddenImports = mergedFI;
-    if (contributedFromKeys.length > 0) {
-      contributions.forbiddenImports = contributedFromKeys;
-    }
+  }
+  config.security = { ...localSecurity, rules: mergedRules };
+  if (contributedRuleIds.length > 0) contributions["security.rules"] = contributedRuleIds;
+}
+function deepMergeConstraints(localConfig, bundleConstraints, _existingContributions) {
+  const config = { ...localConfig };
+  const contributions = {};
+  const conflicts = [];
+  if (bundleConstraints.layers && bundleConstraints.layers.length > 0) {
+    mergeLayers(localConfig, bundleConstraints.layers, config, contributions, conflicts);
+  }
+  if (bundleConstraints.forbiddenImports && bundleConstraints.forbiddenImports.length > 0) {
+    mergeForbiddenImports(
+      localConfig,
+      bundleConstraints.forbiddenImports,
+      config,
+      contributions,
+      conflicts
+    );
   }
   if (bundleConstraints.boundaries) {
-    const localBoundaries = localConfig.boundaries ?? { requireSchema: [] };
-    const localSchemas = new Set(localBoundaries.requireSchema ?? []);
-    const bundleSchemas = bundleConstraints.boundaries.requireSchema ?? [];
-    const newSchemas = [];
-    for (const schema of bundleSchemas) {
-      if (!localSchemas.has(schema)) {
-        newSchemas.push(schema);
-        localSchemas.add(schema);
-      }
-    }
-    config.boundaries = {
-      requireSchema: [...localBoundaries.requireSchema ?? [], ...newSchemas]
-    };
-    if (newSchemas.length > 0) {
-      contributions.boundaries = newSchemas;
-    }
+    mergeBoundaries(
+      localConfig,
+      bundleConstraints.boundaries,
+      config,
+      contributions
+    );
   }
   if (bundleConstraints.architecture) {
-    const localArch = localConfig.architecture ?? {
-      thresholds: {},
-      modules: {}
-    };
-    const mergedThresholds = { ...localArch.thresholds };
-    const contributedThresholdKeys = [];
-    const bundleThresholds = bundleConstraints.architecture.thresholds ?? {};
-    for (const [category, value] of Object.entries(bundleThresholds)) {
-      if (!(category in mergedThresholds)) {
-        mergedThresholds[category] = value;
-        contributedThresholdKeys.push(category);
-      } else if (!deepEqual(mergedThresholds[category], value)) {
-        conflicts.push({
-          section: "architecture.thresholds",
-          key: category,
-          localValue: mergedThresholds[category],
-          packageValue: value,
-          description: `Architecture threshold '${category}' already exists locally with a different value`
-        });
-      }
-    }
-    const mergedModules = { ...localArch.modules };
-    const contributedModuleKeys = [];
-    const bundleModules = bundleConstraints.architecture.modules ?? {};
-    for (const [modulePath, bundleCategoryMap] of Object.entries(bundleModules)) {
-      if (!(modulePath in mergedModules)) {
-        mergedModules[modulePath] = bundleCategoryMap;
-        for (const cat of Object.keys(bundleCategoryMap)) {
-          contributedModuleKeys.push(`${modulePath}:${cat}`);
-        }
-      } else {
-        const localCategoryMap = mergedModules[modulePath];
-        const mergedCategoryMap = { ...localCategoryMap };
-        for (const [category, value] of Object.entries(bundleCategoryMap)) {
-          if (!(category in mergedCategoryMap)) {
-            mergedCategoryMap[category] = value;
-            contributedModuleKeys.push(`${modulePath}:${category}`);
-          } else if (!deepEqual(mergedCategoryMap[category], value)) {
-            conflicts.push({
-              section: "architecture.modules",
-              key: `${modulePath}:${category}`,
-              localValue: mergedCategoryMap[category],
-              packageValue: value,
-              description: `Architecture module override '${modulePath}' category '${category}' already exists locally with a different value`
-            });
-          }
-        }
-        mergedModules[modulePath] = mergedCategoryMap;
-      }
-    }
-    config.architecture = {
-      ...localArch,
-      thresholds: mergedThresholds,
-      modules: mergedModules
-    };
-    if (contributedThresholdKeys.length > 0) {
-      contributions["architecture.thresholds"] = contributedThresholdKeys;
-    }
-    if (contributedModuleKeys.length > 0) {
-      contributions["architecture.modules"] = contributedModuleKeys;
-    }
+    mergeArchitecture(
+      localConfig,
+      bundleConstraints.architecture,
+      config,
+      contributions,
+      conflicts
+    );
   }
   if (bundleConstraints.security?.rules) {
-    const localSecurity = localConfig.security ?? { rules: {} };
-    const localRules = localSecurity.rules ?? {};
-    const mergedRules = { ...localRules };
-    const contributedRuleIds = [];
-    for (const [ruleId, severity] of Object.entries(bundleConstraints.security.rules)) {
-      if (!(ruleId in mergedRules)) {
-        mergedRules[ruleId] = severity;
-        contributedRuleIds.push(ruleId);
-      } else if (mergedRules[ruleId] !== severity) {
-        conflicts.push({
-          section: "security.rules",
-          key: ruleId,
-          localValue: mergedRules[ruleId],
-          packageValue: severity,
-          description: `Security rule '${ruleId}' already exists locally with severity '${mergedRules[ruleId]}', bundle has '${severity}'`
-        });
-      }
-    }
-    config.security = { ...localSecurity, rules: mergedRules };
-    if (contributedRuleIds.length > 0) {
-      contributions["security.rules"] = contributedRuleIds;
-    }
+    mergeSecurityRules(
+      localConfig,
+      bundleConstraints.security.rules,
+      config,
+      contributions,
+      conflicts
+    );
   }
   return { config, contributions, conflicts };
 }
@@ -1379,14 +1390,84 @@ function walk(node, visitor) {
     }
   }
 }
+function makeLocation(node) {
+  return {
+    file: "",
+    line: node.loc?.start.line ?? 0,
+    column: node.loc?.start.column ?? 0
+  };
+}
+function processImportSpecifiers(importDecl, imp) {
+  for (const spec of importDecl.specifiers) {
+    if (spec.type === "ImportDefaultSpecifier") {
+      imp.default = spec.local.name;
+    } else if (spec.type === "ImportNamespaceSpecifier") {
+      imp.namespace = spec.local.name;
+    } else if (spec.type === "ImportSpecifier") {
+      imp.specifiers.push(spec.local.name);
+      if (spec.importKind === "type") {
+        imp.kind = "type";
+      }
+    }
+  }
+}
+function getExportedName(exported) {
+  return exported.type === "Identifier" ? exported.name : String(exported.value);
+}
+function processReExportSpecifiers(exportDecl, exports) {
+  for (const spec of exportDecl.specifiers) {
+    if (spec.type !== "ExportSpecifier") continue;
+    exports.push({
+      name: getExportedName(spec.exported),
+      type: "named",
+      location: makeLocation(exportDecl),
+      isReExport: true,
+      source: exportDecl.source.value
+    });
+  }
+}
+function processExportDeclaration(exportDecl, exports) {
+  const decl = exportDecl.declaration;
+  if (!decl) return;
+  if (decl.type === "VariableDeclaration") {
+    for (const declarator of decl.declarations) {
+      if (declarator.id.type === "Identifier") {
+        exports.push({
+          name: declarator.id.name,
+          type: "named",
+          location: makeLocation(decl),
+          isReExport: false
+        });
+      }
+    }
+  } else if ((decl.type === "FunctionDeclaration" || decl.type === "ClassDeclaration") && decl.id) {
+    exports.push({
+      name: decl.id.name,
+      type: "named",
+      location: makeLocation(decl),
+      isReExport: false
+    });
+  }
+}
+function processExportListSpecifiers(exportDecl, exports) {
+  for (const spec of exportDecl.specifiers) {
+    if (spec.type !== "ExportSpecifier") continue;
+    exports.push({
+      name: getExportedName(spec.exported),
+      type: "named",
+      location: makeLocation(exportDecl),
+      isReExport: false
+    });
+  }
+}
 var TypeScriptParser = class {
   name = "typescript";
   extensions = [".ts", ".tsx", ".mts", ".cts"];
-  async parseFile(path20) {
-    const contentResult = await readFileContent(path20);
+  async parseFile(path23) {
+    const contentResult = await readFileContent(path23);
     if (!contentResult.ok) {
       return Err(
-        createParseError("NOT_FOUND", `File not found: ${path20}`, { path: path20 }, [
+        createParseError("NOT_FOUND", `File not found: ${path23}`, { path: path23 }, [
           "Check that the file exists",
           "Verify the path is correct"
         ])
@@ -1396,7 +1477,7 @@ var TypeScriptParser = class {
       const ast = parse(contentResult.value, {
         loc: true,
         range: true,
-        jsx: path20.endsWith(".tsx"),
+        jsx: path23.endsWith(".tsx"),
         errorOnUnknownASTType: false
       });
       return Ok({
@@ -1407,7 +1488,7 @@ var TypeScriptParser = class {
     } catch (e) {
       const error = e;
       return Err(
-        createParseError("SYNTAX_ERROR", `Failed to parse ${path20}: ${error.message}`, { path: path20 }, [
+        createParseError("SYNTAX_ERROR", `Failed to parse ${path23}: ${error.message}`, { path: path23 }, [
           "Check for syntax errors in the file",
           "Ensure valid TypeScript syntax"
         ])
@@ -1423,26 +1504,12 @@ var TypeScriptParser = class {
         const imp = {
           source: importDecl.source.value,
           specifiers: [],
-          location: {
-            file: "",
-            line: importDecl.loc?.start.line ?? 0,
-            column: importDecl.loc?.start.column ?? 0
-          },
+          location: makeLocation(importDecl),
           kind: importDecl.importKind === "type" ? "type" : "value"
         };
-        for (const spec of importDecl.specifiers) {
-          if (spec.type === "ImportDefaultSpecifier") {
-            imp.default = spec.local.name;
-          } else if (spec.type === "ImportNamespaceSpecifier") {
-            imp.namespace = spec.local.name;
-          } else if (spec.type === "ImportSpecifier") {
-            imp.specifiers.push(spec.local.name);
-            if (spec.importKind === "type") {
-              imp.kind = "type";
-            }
-          }
-        }
+        processImportSpecifiers(importDecl, imp);
         imports.push(imp);
+        return;
       }
       if (node.type === "ImportExpression") {
         const importExpr = node;
@@ -1450,11 +1517,7 @@ var TypeScriptParser = class {
           imports.push({
             source: importExpr.source.value,
             specifiers: [],
-            location: {
-              file: "",
-              line: importExpr.loc?.start.line ?? 0,
-              column: importExpr.loc?.start.column ?? 0
-            },
+            location: makeLocation(importExpr),
             kind: "value"
           });
         }
@@ -1469,97 +1532,29 @@ var TypeScriptParser = class {
       if (node.type === "ExportNamedDeclaration") {
         const exportDecl = node;
         if (exportDecl.source) {
-          for (const spec of exportDecl.specifiers) {
-            if (spec.type === "ExportSpecifier") {
-              const exported = spec.exported;
-              const name = exported.type === "Identifier" ? exported.name : String(exported.value);
-              exports.push({
-                name,
-                type: "named",
-                location: {
-                  file: "",
-                  line: exportDecl.loc?.start.line ?? 0,
-                  column: exportDecl.loc?.start.column ?? 0
-                },
-                isReExport: true,
-                source: exportDecl.source.value
-              });
-            }
-          }
+          processReExportSpecifiers(exportDecl, exports);
           return;
         }
-        if (exportDecl.declaration) {
-          const decl = exportDecl.declaration;
-          if (decl.type === "VariableDeclaration") {
-            for (const declarator of decl.declarations) {
-              if (declarator.id.type === "Identifier") {
-                exports.push({
-                  name: declarator.id.name,
-                  type: "named",
-                  location: {
-                    file: "",
-                    line: decl.loc?.start.line ?? 0,
-                    column: decl.loc?.start.column ?? 0
-                  },
-                  isReExport: false
-                });
-              }
-            }
-          } else if (decl.type === "FunctionDeclaration" || decl.type === "ClassDeclaration") {
-            if (decl.id) {
-              exports.push({
-                name: decl.id.name,
-                type: "named",
-                location: {
-                  file: "",
-                  line: decl.loc?.start.line ?? 0,
-                  column: decl.loc?.start.column ?? 0
-                },
-                isReExport: false
-              });
-            }
-          }
-        }
-        for (const spec of exportDecl.specifiers) {
-          if (spec.type === "ExportSpecifier") {
-            const exported = spec.exported;
-            const name = exported.type === "Identifier" ? exported.name : String(exported.value);
-            exports.push({
-              name,
-              type: "named",
-              location: {
-                file: "",
-                line: exportDecl.loc?.start.line ?? 0,
-                column: exportDecl.loc?.start.column ?? 0
-              },
-              isReExport: false
-            });
-          }
-        }
+        processExportDeclaration(exportDecl, exports);
+        processExportListSpecifiers(exportDecl, exports);
+        return;
       }
       if (node.type === "ExportDefaultDeclaration") {
         const exportDecl = node;
         exports.push({
           name: "default",
           type: "default",
-          location: {
-            file: "",
-            line: exportDecl.loc?.start.line ?? 0,
-            column: exportDecl.loc?.start.column ?? 0
-          },
+          location: makeLocation(exportDecl),
           isReExport: false
         });
+        return;
       }
       if (node.type === "ExportAllDeclaration") {
         const exportDecl = node;
         exports.push({
           name: exportDecl.exported?.name ?? "*",
           type: "namespace",
-          location: {
-            file: "",
-            line: exportDecl.loc?.start.line ?? 0,
-            column: exportDecl.loc?.start.column ?? 0
-          },
+          location: makeLocation(exportDecl),
           isReExport: true,
           source: exportDecl.source.value
         });
@@ -1575,10 +1570,27 @@ var TypeScriptParser = class {
 // src/entropy/snapshot.ts
 import { join as join3, resolve } from "path";
 import { minimatch as minimatch2 } from "minimatch";
+function collectFieldEntries(rootDir, field) {
+  if (typeof field === "string") return [resolve(rootDir, field)];
+  if (typeof field === "object" && field !== null) {
+    return Object.values(field).filter((v) => typeof v === "string").map((v) => resolve(rootDir, v));
+  }
+  return [];
+}
+function extractPackageEntries(rootDir, pkg) {
+  const entries = [];
+  entries.push(...collectFieldEntries(rootDir, pkg["exports"]));
+  if (entries.length === 0 && typeof pkg["main"] === "string") {
+    entries.push(resolve(rootDir, pkg["main"]));
+  }
+  if (pkg["bin"]) {
+    entries.push(...collectFieldEntries(rootDir, pkg["bin"]));
+  }
+  return entries;
+}
 async function resolveEntryPoints(rootDir, explicitEntries) {
   if (explicitEntries && explicitEntries.length > 0) {
-    const resolved = explicitEntries.map((e) => resolve(rootDir, e));
-    return Ok(resolved);
+    return Ok(explicitEntries.map((e) => resolve(rootDir, e)));
   }
   const pkgPath = join3(rootDir, "package.json");
   if (await fileExists(pkgPath)) {
@@ -1586,38 +1598,8 @@ async function resolveEntryPoints(rootDir, explicitEntries) {
     if (pkgContent.ok) {
       try {
         const pkg = JSON.parse(pkgContent.value);
-        const entries = [];
-        if (pkg["exports"]) {
-          const exports = pkg["exports"];
-          if (typeof exports === "string") {
-            entries.push(resolve(rootDir, exports));
-          } else if (typeof exports === "object" && exports !== null) {
-            for (const value of Object.values(exports)) {
-              if (typeof value === "string") {
-                entries.push(resolve(rootDir, value));
-              }
-            }
-          }
-        }
-        const main = pkg["main"];
-        if (typeof main === "string" && entries.length === 0) {
-          entries.push(resolve(rootDir, main));
-        }
-        const bin = pkg["bin"];
-        if (bin) {
-          if (typeof bin === "string") {
-            entries.push(resolve(rootDir, bin));
-          } else if (typeof bin === "object") {
-            for (const value of Object.values(bin)) {
-              if (typeof value === "string") {
-                entries.push(resolve(rootDir, value));
-              }
-            }
-          }
-        }
-        if (entries.length > 0) {
-          return Ok(entries);
-        }
+        const entries = extractPackageEntries(rootDir, pkg);
+        if (entries.length > 0) return Ok(entries);
       } catch {
       }
     }
@@ -1691,66 +1673,49 @@ function extractInlineRefs(content) {
   }
   return refs;
 }
-async function parseDocumentationFile(path20) {
-  const contentResult = await readFileContent(path20);
+async function parseDocumentationFile(path23) {
+  const contentResult = await readFileContent(path23);
   if (!contentResult.ok) {
     return Err(
       createEntropyError(
         "PARSE_ERROR",
-        `Failed to read documentation file: ${path20}`,
-        { file: path20 },
+        `Failed to read documentation file: ${path23}`,
+        { file: path23 },
         ["Check that the file exists"]
       )
     );
   }
   const content = contentResult.value;
-  const type = path20.endsWith(".md") ? "markdown" : "text";
+  const type = path23.endsWith(".md") ? "markdown" : "text";
   return Ok({
-    path: path20,
+    path: path23,
     type,
     content,
     codeBlocks: extractCodeBlocks(content),
     inlineRefs: extractInlineRefs(content)
   });
 }
+function makeInternalSymbol(name, type, line) {
+  return { name, type, line, references: 0, calledBy: [] };
+}
+function extractSymbolsFromNode(node) {
+  const line = node.loc?.start?.line || 0;
+  if (node.type === "FunctionDeclaration" && node.id?.name) {
+    return [makeInternalSymbol(node.id.name, "function", line)];
+  }
+  if (node.type === "VariableDeclaration") {
+    return (node.declarations || []).filter((decl) => decl.id?.name).map((decl) => makeInternalSymbol(decl.id.name, "variable", line));
+  }
+  if (node.type === "ClassDeclaration" && node.id?.name) {
+    return [makeInternalSymbol(node.id.name, "class", line)];
+  }
+  return [];
+}
 function extractInternalSymbols(ast) {
-  const symbols = [];
   const body = ast.body;
-  if (!body?.body) return symbols;
-  for (const node of body.body) {
-    if (node.type === "FunctionDeclaration" && node.id?.name) {
-      symbols.push({
-        name: node.id.name,
-        type: "function",
-        line: node.loc?.start?.line || 0,
-        references: 0,
-        calledBy: []
-      });
-    }
-    if (node.type === "VariableDeclaration") {
-      for (const decl of node.declarations || []) {
-        if (decl.id?.name) {
-          symbols.push({
-            name: decl.id.name,
-            type: "variable",
-            line: node.loc?.start?.line || 0,
-            references: 0,
-            calledBy: []
-          });
-        }
-      }
-    }
-    if (node.type === "ClassDeclaration" && node.id?.name) {
-      symbols.push({
-        name: node.id.name,
-        type: "class",
-        line: node.loc?.start?.line || 0,
-        references: 0,
-        calledBy: []
-      });
-    }
-  }
-  return symbols;
+  if (!body?.body) return [];
+  const nodes = body.body;
+  return nodes.flatMap(extractSymbolsFromNode);
 }
 function extractJSDocComments(ast) {
   const comments = [];
@@ -1891,27 +1856,34 @@ async function buildSnapshot(config) {
 
 // src/entropy/detectors/drift.ts
 import { dirname as dirname3, resolve as resolve2 } from "path";
-function levenshteinDistance(a, b) {
+function initLevenshteinMatrix(aLen, bLen) {
   const matrix = [];
-  for (let i = 0; i <= b.length; i++) {
+  for (let i = 0; i <= bLen; i++) {
     matrix[i] = [i];
   }
-  for (let j = 0; j <= a.length; j++) {
-    const row = matrix[0];
-    if (row) {
-      row[j] = j;
+  const firstRow = matrix[0];
+  if (firstRow) {
+    for (let j = 0; j <= aLen; j++) {
+      firstRow[j] = j;
     }
   }
+  return matrix;
+}
+function computeLevenshteinCell(row, prevRow, j, charsMatch) {
+  if (charsMatch) {
+    row[j] = prevRow[j - 1] ?? 0;
+  } else {
+    row[j] = Math.min((prevRow[j - 1] ?? 0) + 1, (row[j - 1] ?? 0) + 1, (prevRow[j] ?? 0) + 1);
+  }
+}
+function levenshteinDistance(a, b) {
+  const matrix = initLevenshteinMatrix(a.length, b.length);
   for (let i = 1; i <= b.length; i++) {
     for (let j = 1; j <= a.length; j++) {
       const row = matrix[i];
       const prevRow = matrix[i - 1];
       if (!row || !prevRow) continue;
-      if (b.charAt(i - 1) === a.charAt(j - 1)) {
-        row[j] = prevRow[j - 1] ?? 0;
-      } else {
-        row[j] = Math.min((prevRow[j - 1] ?? 0) + 1, (row[j - 1] ?? 0) + 1, (prevRow[j] ?? 0) + 1);
-      }
+      computeLevenshteinCell(row, prevRow, j, b.charAt(i - 1) === a.charAt(j - 1));
     }
   }
   const lastRow = matrix[b.length];
@@ -2197,32 +2169,27 @@ function findDeadExports(snapshot, usageMap, reachability) {
   }
   return deadExports;
 }
-function countLinesFromAST(ast) {
-  if (ast.body && Array.isArray(ast.body)) {
-    let maxLine = 0;
-    const traverse = (node) => {
-      if (node && typeof node === "object") {
-        const n = node;
-        if (n.loc?.end?.line && n.loc.end.line > maxLine) {
-          maxLine = n.loc.end.line;
-        }
-        for (const key of Object.keys(node)) {
-          const value = node[key];
-          if (Array.isArray(value)) {
-            for (const item of value) {
-              traverse(item);
-            }
-          } else if (value && typeof value === "object") {
-            traverse(value);
-          }
-        }
+function findMaxLineInNode(node) {
+  if (!node || typeof node !== "object") return 0;
+  const n = node;
+  let maxLine = n.loc?.end?.line ?? 0;
+  for (const key of Object.keys(node)) {
+    const value = node[key];
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        maxLine = Math.max(maxLine, findMaxLineInNode(item));
       }
-    };
-    traverse(ast);
-    if (maxLine > 0) return maxLine;
-    return Math.max(ast.body.length * 3, 1);
+    } else if (value && typeof value === "object") {
+      maxLine = Math.max(maxLine, findMaxLineInNode(value));
+    }
   }
-  return 1;
+  return maxLine;
+}
+function countLinesFromAST(ast) {
+  if (!ast.body || !Array.isArray(ast.body)) return 1;
+  const maxLine = findMaxLineInNode(ast);
+  if (maxLine > 0) return maxLine;
+  return Math.max(ast.body.length * 3, 1);
 }
 function findDeadFiles(snapshot, reachability) {
   const deadFiles = [];
@@ -2373,130 +2340,146 @@ function fileMatchesPattern(filePath, pattern, rootDir) {
   const relativePath = relativePosix(rootDir, filePath);
   return minimatch3(relativePath, pattern);
 }
-function checkConfigPattern(pattern, file, rootDir) {
+var CONVENTION_DESCRIPTIONS = {
+  camelCase: "camelCase (e.g., myFunction)",
+  PascalCase: "PascalCase (e.g., MyClass)",
+  UPPER_SNAKE: "UPPER_SNAKE_CASE (e.g., MY_CONSTANT)",
+  "kebab-case": "kebab-case (e.g., my-component)"
+};
+function checkMustExport(rule, file, message) {
+  if (rule.type !== "must-export") return [];
   const matches = [];
-  const fileMatches = pattern.files.some((glob) => fileMatchesPattern(file.path, glob, rootDir));
-  if (!fileMatches) {
-    return matches;
-  }
-  const rule = pattern.rule;
-  switch (rule.type) {
-    case "must-export": {
-      for (const name of rule.names) {
-        const hasExport = file.exports.some((e) => e.name === name);
-        if (!hasExport) {
-          matches.push({
-            line: 1,
-            message: pattern.message || `Missing required export: "${name}"`,
-            suggestion: `Add export for "${name}"`
-          });
-        }
-      }
-      break;
-    }
-    case "must-export-default": {
-      const hasDefault = file.exports.some((e) => e.type === "default");
-      if (!hasDefault) {
-        matches.push({
-          line: 1,
-          message: pattern.message || "File must have a default export",
-          suggestion: "Add a default export"
-        });
-      }
-      break;
-    }
-    case "no-export": {
-      for (const name of rule.names) {
-        const exp = file.exports.find((e) => e.name === name);
-        if (exp) {
-          matches.push({
-            line: exp.location.line,
-            message: pattern.message || `Forbidden export: "${name}"`,
-            suggestion: `Remove export "${name}"`
-          });
-        }
-      }
-      break;
+  for (const name of rule.names) {
+    if (!file.exports.some((e) => e.name === name)) {
+      matches.push({
+        line: 1,
+        message: message || `Missing required export: "${name}"`,
+        suggestion: `Add export for "${name}"`
+      });
     }
-    case "must-import": {
-      const hasImport = file.imports.some(
-        (i) => i.source === rule.from || i.source.endsWith(rule.from)
-      );
-      if (!hasImport) {
-        matches.push({
-          line: 1,
-          message: pattern.message || `Missing required import from "${rule.from}"`,
-          suggestion: `Add import from "${rule.from}"`
-        });
+  }
+  return matches;
+}
+function checkMustExportDefault(_rule, file, message) {
+  if (!file.exports.some((e) => e.type === "default")) {
+    return [
+      {
+        line: 1,
+        message: message || "File must have a default export",
+        suggestion: "Add a default export"
       }
-      break;
+    ];
+  }
+  return [];
+}
+function checkNoExport(rule, file, message) {
+  if (rule.type !== "no-export") return [];
+  const matches = [];
+  for (const name of rule.names) {
+    const exp = file.exports.find((e) => e.name === name);
+    if (exp) {
+      matches.push({
+        line: exp.location.line,
+        message: message || `Forbidden export: "${name}"`,
+        suggestion: `Remove export "${name}"`
+      });
     }
-    case "no-import": {
-      const forbiddenImport = file.imports.find(
-        (i) => i.source === rule.from || i.source.endsWith(rule.from)
-      );
-      if (forbiddenImport) {
-        matches.push({
-          line: forbiddenImport.location.line,
-          message: pattern.message || `Forbidden import from "${rule.from}"`,
-          suggestion: `Remove import from "${rule.from}"`
-        });
+  }
+  return matches;
+}
+function checkMustImport(rule, file, message) {
+  if (rule.type !== "must-import") return [];
+  const hasImport = file.imports.some(
+    (i) => i.source === rule.from || i.source.endsWith(rule.from)
+  );
+  if (!hasImport) {
+    return [
+      {
+        line: 1,
+        message: message || `Missing required import from "${rule.from}"`,
+        suggestion: `Add import from "${rule.from}"`
       }
-      break;
-    }
-    case "naming": {
-      const regex = new RegExp(rule.match);
-      for (const exp of file.exports) {
-        if (!regex.test(exp.name)) {
-          let expected = "";
-          switch (rule.convention) {
-            case "camelCase":
-              expected = "camelCase (e.g., myFunction)";
-              break;
-            case "PascalCase":
-              expected = "PascalCase (e.g., MyClass)";
-              break;
-            case "UPPER_SNAKE":
-              expected = "UPPER_SNAKE_CASE (e.g., MY_CONSTANT)";
-              break;
-            case "kebab-case":
-              expected = "kebab-case (e.g., my-component)";
-              break;
-          }
-          matches.push({
-            line: exp.location.line,
-            message: pattern.message || `"${exp.name}" does not follow ${rule.convention} convention`,
-            suggestion: `Rename to follow ${expected}`
-          });
-        }
+    ];
+  }
+  return [];
+}
+function checkNoImport(rule, file, message) {
+  if (rule.type !== "no-import") return [];
+  const forbiddenImport = file.imports.find(
+    (i) => i.source === rule.from || i.source.endsWith(rule.from)
+  );
+  if (forbiddenImport) {
+    return [
+      {
+        line: forbiddenImport.location.line,
+        message: message || `Forbidden import from "${rule.from}"`,
+        suggestion: `Remove import from "${rule.from}"`
       }
-      break;
+    ];
+  }
+  return [];
+}
+function checkNaming(rule, file, message) {
+  if (rule.type !== "naming") return [];
+  const regex = new RegExp(rule.match);
+  const matches = [];
+  for (const exp of file.exports) {
+    if (!regex.test(exp.name)) {
+      const expected = CONVENTION_DESCRIPTIONS[rule.convention] ?? rule.convention;
+      matches.push({
+        line: exp.location.line,
+        message: message || `"${exp.name}" does not follow ${rule.convention} convention`,
+        suggestion: `Rename to follow ${expected}`
+      });
     }
-    case "max-exports": {
-      if (file.exports.length > rule.count) {
-        matches.push({
-          line: 1,
-          message: pattern.message || `File has ${file.exports.length} exports, max is ${rule.count}`,
-          suggestion: `Split into multiple files or reduce exports to ${rule.count}`
-        });
+  }
+  return matches;
+}
+function checkMaxExports(rule, file, message) {
+  if (rule.type !== "max-exports") return [];
+  if (file.exports.length > rule.count) {
+    return [
+      {
+        line: 1,
+        message: message || `File has ${file.exports.length} exports, max is ${rule.count}`,
+        suggestion: `Split into multiple files or reduce exports to ${rule.count}`
       }
-      break;
-    }
-    case "max-lines": {
-      break;
-    }
-    case "require-jsdoc": {
-      if (file.jsDocComments.length === 0 && file.exports.length > 0) {
-        matches.push({
-          line: 1,
-          message: pattern.message || "Exported symbols require JSDoc documentation",
-          suggestion: "Add JSDoc comments to exports"
-        });
+    ];
+  }
+  return [];
+}
+function checkMaxLines(_rule, _file, _message) {
+  return [];
+}
+function checkRequireJsdoc(_rule, file, message) {
+  if (file.jsDocComments.length === 0 && file.exports.length > 0) {
+    return [
+      {
+        line: 1,
+        message: message || "Exported symbols require JSDoc documentation",
+        suggestion: "Add JSDoc comments to exports"
       }
-      break;
-    }
+    ];
   }
-  return matches;
+  return [];
+}
+var RULE_CHECKERS = {
+  "must-export": checkMustExport,
+  "must-export-default": checkMustExportDefault,
+  "no-export": checkNoExport,
+  "must-import": checkMustImport,
+  "no-import": checkNoImport,
+  naming: checkNaming,
+  "max-exports": checkMaxExports,
+  "max-lines": checkMaxLines,
+  "require-jsdoc": checkRequireJsdoc
+};
+function checkConfigPattern(pattern, file, rootDir) {
+  const fileMatches = pattern.files.some((glob) => fileMatchesPattern(file.path, glob, rootDir));
+  if (!fileMatches) return [];
+  const checker = RULE_CHECKERS[pattern.rule.type];
+  if (!checker) return [];
+  return checker(pattern.rule, file, pattern.message);
 }
 async function detectPatternViolations(snapshot, config) {
   const violations = [];
@@ -3015,17 +2998,35 @@ function createUnusedImportFixes(deadCodeReport) {
     reversible: true
   }));
 }
+var EXPORT_TYPE_KEYWORD = {
+  class: "class",
+  function: "function",
+  variable: "const",
+  type: "type",
+  interface: "interface",
+  enum: "enum"
+};
+function getExportKeyword(exportType) {
+  return EXPORT_TYPE_KEYWORD[exportType] ?? "enum";
+}
+function getDefaultExportKeyword(exportType) {
+  if (exportType === "class" || exportType === "function") return exportType;
+  return "";
+}
 function createDeadExportFixes(deadCodeReport) {
-  return deadCodeReport.deadExports.filter((exp) => exp.reason === "NO_IMPORTERS").map((exp) => ({
-    type: "dead-exports",
-    file: exp.file,
-    description: `Remove export keyword from ${exp.name} (${exp.reason})`,
-    action: "replace",
-    oldContent: exp.isDefault ? `export default ${exp.type === "class" ? "class" : exp.type === "function" ? "function" : ""} ${exp.name}` : `export ${exp.type === "class" ? "class" : exp.type === "function" ? "function" : exp.type === "variable" ? "const" : exp.type === "type" ? "type" : exp.type === "interface" ? "interface" : "enum"} ${exp.name}`,
-    newContent: exp.isDefault ? `${exp.type === "class" ? "class" : exp.type === "function" ? "function" : ""} ${exp.name}` : `${exp.type === "class" ? "class" : exp.type === "function" ? "function" : exp.type === "variable" ? "const" : exp.type === "type" ? "type" : exp.type === "interface" ? "interface" : "enum"} ${exp.name}`,
-    safe: true,
-    reversible: true
-  }));
+  return deadCodeReport.deadExports.filter((exp) => exp.reason === "NO_IMPORTERS").map((exp) => {
+    const keyword = exp.isDefault ? getDefaultExportKeyword(exp.type) : getExportKeyword(exp.type);
+    return {
+      type: "dead-exports",
+      file: exp.file,
+      description: `Remove export keyword from ${exp.name} (${exp.reason})`,
+      action: "replace",
+      oldContent: exp.isDefault ? `export default ${keyword} ${exp.name}` : `export ${keyword} ${exp.name}`,
+      newContent: `${keyword} ${exp.name}`,
+      safe: true,
+      reversible: true
+    };
+  });
 }
 function createCommentedCodeFixes(blocks) {
   return blocks.map((block) => ({
@@ -3204,53 +3205,80 @@ var ALWAYS_UNSAFE_TYPES = /* @__PURE__ */ new Set([
   "dead-internal"
 ]);
 var idCounter = 0;
+var DEAD_CODE_FIX_ACTIONS = {
+  "dead-export": "Remove export keyword",
+  "dead-file": "Delete file",
+  "commented-code": "Delete commented block",
+  "unused-import": "Remove import"
+};
+function classifyDeadCode(input) {
+  if (input.isPublicApi) {
+    return {
+      safety: "unsafe",
+      safetyReason: "Public API export may have external consumers",
+      suggestion: "Deprecate before removing"
+    };
+  }
+  const fixAction = DEAD_CODE_FIX_ACTIONS[input.type];
+  if (fixAction) {
+    return {
+      safety: "safe",
+      safetyReason: "zero importers, non-public",
+      fixAction,
+      suggestion: fixAction
+    };
+  }
+  if (input.type === "orphaned-dep") {
+    return {
+      safety: "probably-safe",
+      safetyReason: "No imports found, but needs install+test verification",
+      fixAction: "Remove from package.json",
+      suggestion: "Remove from package.json"
+    };
+  }
+  return {
+    safety: "unsafe",
+    safetyReason: "Unknown dead code type",
+    suggestion: "Manual review required"
+  };
+}
+function classifyArchitecture(input) {
+  if (input.type === "import-ordering") {
+    return {
+      safety: "safe",
+      safetyReason: "Mechanical reorder, no semantic change",
+      fixAction: "Reorder imports",
+      suggestion: "Reorder imports"
+    };
+  }
+  if (input.type === "forbidden-import" && input.hasAlternative) {
+    return {
+      safety: "probably-safe",
+      safetyReason: "Alternative configured, needs typecheck+test",
+      fixAction: "Replace with configured alternative",
+      suggestion: "Replace with configured alternative"
+    };
+  }
+  return {
+    safety: "unsafe",
+    safetyReason: `${input.type} requires structural changes`,
+    suggestion: "Restructure code to fix violation"
+  };
+}
 function classifyFinding(input) {
   idCounter++;
   const id = `${input.concern === "dead-code" ? "dc" : "arch"}-${idCounter}`;
-  let safety;
-  let safetyReason;
-  let fixAction;
-  let suggestion;
+  let classification;
   if (ALWAYS_UNSAFE_TYPES.has(input.type)) {
-    safety = "unsafe";
-    safetyReason = `${input.type} requires human judgment`;
-    suggestion = "Review and refactor manually";
+    classification = {
+      safety: "unsafe",
+      safetyReason: `${input.type} requires human judgment`,
+      suggestion: "Review and refactor manually"
+    };
   } else if (input.concern === "dead-code") {
-    if (input.isPublicApi) {
-      safety = "unsafe";
-      safetyReason = "Public API export may have external consumers";
-      suggestion = "Deprecate before removing";
-    } else if (input.type === "dead-export" || input.type === "unused-import" || input.type === "commented-code" || input.type === "dead-file") {
-      safety = "safe";
-      safetyReason = "zero importers, non-public";
-      fixAction = input.type === "dead-export" ? "Remove export keyword" : input.type === "dead-file" ? "Delete file" : input.type === "commented-code" ? "Delete commented block" : "Remove import";
-      suggestion = fixAction;
-    } else if (input.type === "orphaned-dep") {
-      safety = "probably-safe";
-      safetyReason = "No imports found, but needs install+test verification";
-      fixAction = "Remove from package.json";
-      suggestion = fixAction;
-    } else {
-      safety = "unsafe";
-      safetyReason = "Unknown dead code type";
-      suggestion = "Manual review required";
-    }
+    classification = classifyDeadCode(input);
   } else {
-    if (input.type === "import-ordering") {
-      safety = "safe";
-      safetyReason = "Mechanical reorder, no semantic change";
-      fixAction = "Reorder imports";
-      suggestion = fixAction;
-    } else if (input.type === "forbidden-import" && input.hasAlternative) {
-      safety = "probably-safe";
-      safetyReason = "Alternative configured, needs typecheck+test";
-      fixAction = "Replace with configured alternative";
-      suggestion = fixAction;
-    } else {
-      safety = "unsafe";
-      safetyReason = `${input.type} requires structural changes`;
-      suggestion = "Restructure code to fix violation";
-    }
+    classification = classifyArchitecture(input);
   }
   return {
     id,
@@ -3259,11 +3287,11 @@ function classifyFinding(input) {
     ...input.line !== void 0 ? { line: input.line } : {},
     type: input.type,
     description: input.description,
-    safety,
-    safetyReason,
+    safety: classification.safety,
+    safetyReason: classification.safetyReason,
     hotspotDowngraded: false,
-    ...fixAction !== void 0 ? { fixAction } : {},
-    suggestion
+    ...classification.fixAction !== void 0 ? { fixAction: classification.fixAction } : {},
+    suggestion: classification.suggestion
   };
 }
 function applyHotspotDowngrade(finding, hotspot) {
@@ -3557,43 +3585,57 @@ var BenchmarkRunner = class {
       };
     }
   }
+  /**
+   * Extract a BenchmarkResult from a single assertion with benchmark data.
+   */
+  parseBenchAssertion(assertion, file) {
+    if (!assertion.benchmark) return null;
+    const bench = assertion.benchmark;
+    return {
+      name: assertion.fullName || assertion.title || "unknown",
+      file: file.replace(process.cwd() + "/", ""),
+      opsPerSec: Math.round(bench.hz || 0),
+      meanMs: bench.mean ? bench.mean * 1e3 : 0,
+      p99Ms: bench.p99 ? bench.p99 * 1e3 : bench.mean ? bench.mean * 1e3 * 1.5 : 0,
+      marginOfError: bench.rme ? bench.rme / 100 : 0.05
+    };
+  }
+  /**
+   * Extract JSON from output that may contain non-JSON preamble.
+   */
+  extractJson(output) {
+    const jsonStart = output.indexOf("{");
+    const jsonEnd = output.lastIndexOf("}");
+    if (jsonStart === -1 || jsonEnd === -1) return null;
+    return JSON.parse(output.slice(jsonStart, jsonEnd + 1));
+  }
   /**
    * Parse vitest bench JSON reporter output into BenchmarkResult[].
    * Vitest bench JSON output contains testResults with benchmark data.
    */
-  parseVitestBenchOutput(output) {
+  collectAssertionResults(testResults) {
     const results = [];
-    try {
-      const jsonStart = output.indexOf("{");
-      const jsonEnd = output.lastIndexOf("}");
-      if (jsonStart === -1 || jsonEnd === -1) return results;
-      const jsonStr = output.slice(jsonStart, jsonEnd + 1);
-      const parsed = JSON.parse(jsonStr);
-      if (parsed.testResults) {
-        for (const testResult of parsed.testResults) {
-          const file = testResult.name || testResult.filepath || "";
-          if (testResult.assertionResults) {
-            for (const assertion of testResult.assertionResults) {
-              if (assertion.benchmark) {
-                const bench = assertion.benchmark;
-                results.push({
-                  name: assertion.fullName || assertion.title || "unknown",
-                  file: file.replace(process.cwd() + "/", ""),
-                  opsPerSec: Math.round(bench.hz || 0),
-                  meanMs: bench.mean ? bench.mean * 1e3 : 0,
-                  // p99: use actual p99 if available, otherwise estimate as 1.5× mean
-                  p99Ms: bench.p99 ? bench.p99 * 1e3 : bench.mean ? bench.mean * 1e3 * 1.5 : 0,
-                  marginOfError: bench.rme ? bench.rme / 100 : 0.05
-                });
-              }
-            }
-          }
-        }
+    for (const testResult of testResults) {
+      const file = testResult.name || testResult.filepath || "";
+      const assertions = testResult.assertionResults ?? [];
+      for (const assertion of assertions) {
+        const result = this.parseBenchAssertion(assertion, file);
+        if (result) results.push(result);
       }
-    } catch {
     }
     return results;
   }
+  parseVitestBenchOutput(output) {
+    try {
+      const parsed = this.extractJson(output);
+      if (!parsed) return [];
+      const testResults = parsed.testResults;
+      if (!testResults) return [];
+      return this.collectAssertionResults(testResults);
+    } catch {
+      return [];
+    }
+  }
 };
 
 // src/performance/regression-detector.ts
@@ -3903,39 +3945,31 @@ function resetFeedbackConfig() {
 }
 
 // src/feedback/review/diff-analyzer.ts
+function detectFileStatus(part) {
+  if (/new file mode/.test(part)) return "added";
+  if (/deleted file mode/.test(part)) return "deleted";
+  if (part.includes("rename from")) return "renamed";
+  return "modified";
+}
+function parseDiffPart(part) {
+  if (!part.trim()) return null;
+  const headerMatch = /diff --git a\/(.+?) b\/(.+?)(?:\n|$)/.exec(part);
+  if (!headerMatch || !headerMatch[2]) return null;
+  const additionRegex = /^\+(?!\+\+)/gm;
+  const deletionRegex = /^-(?!--)/gm;
+  return {
+    path: headerMatch[2],
+    status: detectFileStatus(part),
+    additions: (part.match(additionRegex) || []).length,
+    deletions: (part.match(deletionRegex) || []).length
+  };
+}
 function parseDiff(diff2) {
   try {
     if (!diff2.trim()) {
       return Ok({ diff: diff2, files: [] });
     }
-    const files = [];
-    const newFileRegex = /new file mode/;
-    const deletedFileRegex = /deleted file mode/;
-    const additionRegex = /^\+(?!\+\+)/gm;
-    const deletionRegex = /^-(?!--)/gm;
-    const diffParts = diff2.split(/(?=diff --git)/);
-    for (const part of diffParts) {
-      if (!part.trim()) continue;
-      const headerMatch = /diff --git a\/(.+?) b\/(.+?)(?:\n|$)/.exec(part);
-      if (!headerMatch || !headerMatch[2]) continue;
-      const filePath = headerMatch[2];
-      let status = "modified";
-      if (newFileRegex.test(part)) {
-        status = "added";
-      } else if (deletedFileRegex.test(part)) {
-        status = "deleted";
-      } else if (part.includes("rename from")) {
-        status = "renamed";
-      }
-      const additions = (part.match(additionRegex) || []).length;
-      const deletions = (part.match(deletionRegex) || []).length;
-      files.push({
-        path: filePath,
-        status,
-        additions,
-        deletions
-      });
-    }
+    const files = diff2.split(/(?=diff --git)/).map(parseDiffPart).filter((f) => f !== null);
     return Ok({ diff: diff2, files });
   } catch (error) {
     return Err({
@@ -4101,107 +4135,123 @@ var ChecklistBuilder = class {
     this.graphImpactData = graphImpactData;
     return this;
   }
-  async run(changes) {
-    const startTime = Date.now();
+  /**
+   * Build a single harness check item with or without graph data.
+   */
+  buildHarnessCheckItem(id, check, fallbackDetails, graphItemBuilder) {
+    if (this.graphHarnessData && graphItemBuilder) {
+      return graphItemBuilder();
+    }
+    return {
+      id,
+      category: "harness",
+      check,
+      passed: true,
+      severity: "info",
+      details: fallbackDetails
+    };
+  }
+  /**
+   * Build all harness check items based on harnessOptions and graph data.
+   */
+  buildHarnessItems() {
+    if (!this.harnessOptions) return [];
     const items = [];
-    if (this.harnessOptions) {
-      if (this.harnessOptions.context !== false) {
-        if (this.graphHarnessData) {
-          items.push({
-            id: "harness-context",
-            category: "harness",
-            check: "Context validation",
-            passed: this.graphHarnessData.graphExists && this.graphHarnessData.nodeCount > 0,
-            severity: "info",
-            details: this.graphHarnessData.graphExists ? `Graph loaded: ${this.graphHarnessData.nodeCount} nodes, ${this.graphHarnessData.edgeCount} edges` : "No graph available \u2014 run harness scan to build the knowledge graph"
-          });
-        } else {
-          items.push({
+    const graphData = this.graphHarnessData;
+    if (this.harnessOptions.context !== false) {
+      items.push(
+        this.buildHarnessCheckItem(
+          "harness-context",
+          "Context validation",
+          "Harness context validation not yet integrated (run with graph for real checks)",
+          graphData ? () => ({
             id: "harness-context",
             category: "harness",
             check: "Context validation",
-            passed: true,
-            severity: "info",
-            details: "Harness context validation not yet integrated (run with graph for real checks)"
-          });
-        }
-      }
-      if (this.harnessOptions.constraints !== false) {
-        if (this.graphHarnessData) {
-          const violations = this.graphHarnessData.constraintViolations;
-          items.push({
-            id: "harness-constraints",
-            category: "harness",
-            check: "Constraint validation",
-            passed: violations === 0,
-            severity: violations > 0 ? "error" : "info",
-            details: violations === 0 ? "No constraint violations detected" : `${violations} constraint violation(s) detected`
-          });
-        } else {
-          items.push({
-            id: "harness-constraints",
-            category: "harness",
-            check: "Constraint validation",
-            passed: true,
-            severity: "info",
-            details: "Harness constraint validation not yet integrated (run with graph for real checks)"
-          });
-        }
-      }
-      if (this.harnessOptions.entropy !== false) {
-        if (this.graphHarnessData) {
-          const issues = this.graphHarnessData.unreachableNodes + this.graphHarnessData.undocumentedFiles;
-          items.push({
-            id: "harness-entropy",
-            category: "harness",
-            check: "Entropy detection",
-            passed: issues === 0,
-            severity: issues > 0 ? "warning" : "info",
-            details: issues === 0 ? "No entropy issues detected" : `${this.graphHarnessData.unreachableNodes} unreachable node(s), ${this.graphHarnessData.undocumentedFiles} undocumented file(s)`
-          });
-        } else {
-          items.push({
-            id: "harness-entropy",
-            category: "harness",
-            check: "Entropy detection",
-            passed: true,
+            passed: graphData.graphExists && graphData.nodeCount > 0,
             severity: "info",
-            details: "Harness entropy detection not yet integrated (run with graph for real checks)"
-          });
-        }
-      }
+            details: graphData.graphExists ? `Graph loaded: ${graphData.nodeCount} nodes, ${graphData.edgeCount} edges` : "No graph available \u2014 run harness scan to build the knowledge graph"
+          }) : void 0
+        )
+      );
+    }
+    if (this.harnessOptions.constraints !== false) {
+      items.push(
+        this.buildHarnessCheckItem(
+          "harness-constraints",
+          "Constraint validation",
+          "Harness constraint validation not yet integrated (run with graph for real checks)",
+          graphData ? () => {
+            const violations = graphData.constraintViolations;
+            return {
+              id: "harness-constraints",
+              category: "harness",
+              check: "Constraint validation",
+              passed: violations === 0,
+              severity: violations > 0 ? "error" : "info",
+              details: violations === 0 ? "No constraint violations detected" : `${violations} constraint violation(s) detected`
+            };
+          } : void 0
+        )
+      );
+    }
+    if (this.harnessOptions.entropy !== false) {
+      items.push(
+        this.buildHarnessCheckItem(
+          "harness-entropy",
+          "Entropy detection",
+          "Harness entropy detection not yet integrated (run with graph for real checks)",
+          graphData ? () => {
+            const issues = graphData.unreachableNodes + graphData.undocumentedFiles;
+            return {
+              id: "harness-entropy",
+              category: "harness",
+              check: "Entropy detection",
+              passed: issues === 0,
+              severity: issues > 0 ? "warning" : "info",
+              details: issues === 0 ? "No entropy issues detected" : `${graphData.unreachableNodes} unreachable node(s), ${graphData.undocumentedFiles} undocumented file(s)`
+            };
+          } : void 0
+        )
+      );
+    }
+    return items;
+  }
+  /**
+   * Execute a single custom rule and return a ReviewItem.
+   */
+  async executeCustomRule(rule, changes) {
+    try {
+      const result = await rule.check(changes, this.rootDir);
+      const item = {
+        id: rule.id,
+        category: "custom",
+        check: rule.name,
+        passed: result.passed,
+        severity: rule.severity,
+        details: result.details
+      };
+      if (result.suggestion !== void 0) item.suggestion = result.suggestion;
+      if (result.file !== void 0) item.file = result.file;
+      if (result.line !== void 0) item.line = result.line;
+      return item;
+    } catch (error) {
+      return {
+        id: rule.id,
+        category: "custom",
+        check: rule.name,
+        passed: false,
+        severity: "error",
+        details: `Rule execution failed: ${String(error)}`
+      };
     }
+  }
+  async run(changes) {
+    const startTime = Date.now();
+    const items = [];
+    items.push(...this.buildHarnessItems());
     for (const rule of this.customRules) {
-      try {
-        const result = await rule.check(changes, this.rootDir);
-        const item = {
-          id: rule.id,
-          category: "custom",
-          check: rule.name,
-          passed: result.passed,
-          severity: rule.severity,
-          details: result.details
-        };
-        if (result.suggestion !== void 0) {
-          item.suggestion = result.suggestion;
-        }
-        if (result.file !== void 0) {
-          item.file = result.file;
-        }
-        if (result.line !== void 0) {
-          item.line = result.line;
-        }
-        items.push(item);
-      } catch (error) {
-        items.push({
-          id: rule.id,
-          category: "custom",
-          check: rule.name,
-          passed: false,
-          severity: "error",
-          details: `Rule execution failed: ${String(error)}`
-        });
-      }
+      items.push(await this.executeCustomRule(rule, changes));
     }
     if (this.diffOptions) {
       const diffResult = await analyzeDiff(changes, this.diffOptions, this.graphImpactData);
@@ -4216,7 +4266,6 @@ var ChecklistBuilder = class {
     const checklist = {
       items,
       passed: failed === 0,
-      // Pass if no failed items
       summary: {
         total: items.length,
         passed,
@@ -4769,6 +4818,10 @@ var INDEX_FILE = "index.json";
 var SESSIONS_DIR = "sessions";
 var SESSION_INDEX_FILE = "index.md";
 var SUMMARY_FILE = "summary.md";
+var SESSION_STATE_FILE = "session-state.json";
+var ARCHIVE_DIR = "archive";
+var CONTENT_HASHES_FILE = "content-hashes.json";
+var EVENTS_FILE = "events.jsonl";
 
 // src/state/stream-resolver.ts
 var STREAMS_DIR = "streams";
@@ -5111,6 +5164,85 @@ async function saveState(projectPath, state, stream, session) {
 // src/state/learnings.ts
 import * as fs9 from "fs";
 import * as path6 from "path";
+import * as crypto from "crypto";
+function parseFrontmatter(line) {
+  const match = line.match(/^<!--\s+hash:([a-f0-9]+)(?:\s+tags:([^\s]+))?\s+-->/);
+  if (!match) return null;
+  const hash = match[1];
+  const tags = match[2] ? match[2].split(",").filter(Boolean) : [];
+  return { hash, tags };
+}
+function computeEntryHash(text) {
+  return crypto.createHash("sha256").update(text).digest("hex").slice(0, 8);
+}
+function normalizeLearningContent(text) {
+  let normalized = text;
+  normalized = normalized.replace(/\d{4}-\d{2}-\d{2}/g, "");
+  normalized = normalized.replace(/\[skill:[^\]]*\]/g, "");
+  normalized = normalized.replace(/\[outcome:[^\]]*\]/g, "");
+  normalized = normalized.replace(/^[\s]*[-*]\s+/gm, "");
+  normalized = normalized.replace(/\*\*/g, "");
+  normalized = normalized.replace(/:\s*/g, " ");
+  normalized = normalized.toLowerCase();
+  normalized = normalized.replace(/\s+/g, " ").trim();
+  return normalized;
+}
+function computeContentHash(text) {
+  return crypto.createHash("sha256").update(text).digest("hex").slice(0, 16);
+}
+function loadContentHashes(stateDir) {
+  const hashesPath = path6.join(stateDir, CONTENT_HASHES_FILE);
+  if (!fs9.existsSync(hashesPath)) return {};
+  try {
+    const raw = fs9.readFileSync(hashesPath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) return {};
+    return parsed;
+  } catch {
+    return {};
+  }
+}
+function saveContentHashes(stateDir, index) {
+  const hashesPath = path6.join(stateDir, CONTENT_HASHES_FILE);
+  fs9.writeFileSync(hashesPath, JSON.stringify(index, null, 2) + "\n");
+}
+function rebuildContentHashes(stateDir) {
+  const learningsPath = path6.join(stateDir, LEARNINGS_FILE);
+  if (!fs9.existsSync(learningsPath)) return {};
+  const content = fs9.readFileSync(learningsPath, "utf-8");
+  const lines = content.split("\n");
+  const index = {};
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const isDatedBullet = /^- \*\*\d{4}-\d{2}-\d{2}/.test(line);
+    if (isDatedBullet) {
+      const learningMatch = line.match(/:\*\*\s*(.+)$/);
+      if (learningMatch?.[1]) {
+        const normalized = normalizeLearningContent(learningMatch[1]);
+        const hash = computeContentHash(normalized);
+        const dateMatch = line.match(/(\d{4}-\d{2}-\d{2})/);
+        index[hash] = { date: dateMatch?.[1] ?? "", line: i + 1 };
+      }
+    }
+  }
+  saveContentHashes(stateDir, index);
+  return index;
+}
+function extractIndexEntry(entry) {
+  const lines = entry.split("\n");
+  const summary = lines[0] ?? entry;
+  const tags = [];
+  const skillMatch = entry.match(/\[skill:([^\]]+)\]/);
+  if (skillMatch?.[1]) tags.push(skillMatch[1]);
+  const outcomeMatch = entry.match(/\[outcome:([^\]]+)\]/);
+  if (outcomeMatch?.[1]) tags.push(outcomeMatch[1]);
+  return {
+    hash: computeEntryHash(entry),
+    tags,
+    summary,
+    fullText: entry
+  };
+}
 var learningsCacheMap = /* @__PURE__ */ new Map();
 function clearLearningsCache() {
   learningsCacheMap.clear();
@@ -5122,27 +5254,55 @@ async function appendLearning(projectPath, learning, skillName, outcome, stream,
     const stateDir = dirResult.value;
     const learningsPath = path6.join(stateDir, LEARNINGS_FILE);
     fs9.mkdirSync(stateDir, { recursive: true });
+    const normalizedContent = normalizeLearningContent(learning);
+    const contentHash = computeContentHash(normalizedContent);
+    const hashesPath = path6.join(stateDir, CONTENT_HASHES_FILE);
+    let contentHashes;
+    if (fs9.existsSync(hashesPath)) {
+      contentHashes = loadContentHashes(stateDir);
+      if (Object.keys(contentHashes).length === 0 && fs9.existsSync(learningsPath)) {
+        contentHashes = rebuildContentHashes(stateDir);
+      }
+    } else if (fs9.existsSync(learningsPath)) {
+      contentHashes = rebuildContentHashes(stateDir);
+    } else {
+      contentHashes = {};
+    }
+    if (contentHashes[contentHash]) {
+      return Ok(void 0);
+    }
     const timestamp = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
-    let entry;
+    const fmTags = [];
+    if (skillName) fmTags.push(skillName);
+    if (outcome) fmTags.push(outcome);
+    let bulletLine;
     if (skillName && outcome) {
-      entry = `
-- **${timestamp} [skill:${skillName}] [outcome:${outcome}]:** ${learning}
-`;
+      bulletLine = `- **${timestamp} [skill:${skillName}] [outcome:${outcome}]:** ${learning}`;
     } else if (skillName) {
-      entry = `
-- **${timestamp} [skill:${skillName}]:** ${learning}
-`;
+      bulletLine = `- **${timestamp} [skill:${skillName}]:** ${learning}`;
     } else {
-      entry = `
-- **${timestamp}:** ${learning}
-`;
+      bulletLine = `- **${timestamp}:** ${learning}`;
     }
+    const hash = crypto.createHash("sha256").update(bulletLine).digest("hex").slice(0, 8);
+    const tagsStr = fmTags.length > 0 ? ` tags:${fmTags.join(",")}` : "";
+    const frontmatter = `<!-- hash:${hash}${tagsStr} -->`;
+    const entry = `
+${frontmatter}
+${bulletLine}
+`;
+    let existingLineCount;
     if (!fs9.existsSync(learningsPath)) {
       fs9.writeFileSync(learningsPath, `# Learnings
 ${entry}`);
+      existingLineCount = 1;
     } else {
+      const existingContent = fs9.readFileSync(learningsPath, "utf-8");
+      existingLineCount = existingContent.split("\n").length;
       fs9.appendFileSync(learningsPath, entry);
     }
+    const bulletLine_lineNum = existingLineCount + 2;
+    contentHashes[contentHash] = { date: timestamp ?? "", line: bulletLine_lineNum };
+    saveContentHashes(stateDir, contentHashes);
     learningsCacheMap.delete(learningsPath);
     return Ok(void 0);
   } catch (error) {
@@ -5190,7 +5350,30 @@ function analyzeLearningPatterns(entries) {
   return patterns.sort((a, b) => b.count - a.count);
 }
 async function loadBudgetedLearnings(projectPath, options) {
-  const { intent, tokenBudget = 1e3, skill, session, stream } = options;
+  const { intent, tokenBudget = 1e3, skill, session, stream, depth = "summary" } = options;
+  if (depth === "index") {
+    const indexEntries = [];
+    if (session) {
+      const sessionResult = await loadIndexEntries(projectPath, skill, stream, session);
+      if (sessionResult.ok) indexEntries.push(...sessionResult.value);
+    }
+    const globalResult2 = await loadIndexEntries(projectPath, skill, stream);
+    if (globalResult2.ok) {
+      const sessionHashes = new Set(indexEntries.map((e) => e.hash));
+      const uniqueGlobal = globalResult2.value.filter((e) => !sessionHashes.has(e.hash));
+      indexEntries.push(...uniqueGlobal);
+    }
+    const budgeted2 = [];
+    let totalTokens2 = 0;
+    for (const entry of indexEntries) {
+      const separator = budgeted2.length > 0 ? "\n" : "";
+      const entryCost = estimateTokens(entry.summary + separator);
+      if (totalTokens2 + entryCost > tokenBudget) break;
+      budgeted2.push(entry.summary);
+      totalTokens2 += entryCost;
+    }
+    return Ok(budgeted2);
+  }
   const sortByRecencyAndRelevance = (entries) => {
     return [...entries].sort((a, b) => {
       const dateA = parseDateFromEntry(a) ?? "0000-00-00";
@@ -5209,7 +5392,9 @@ async function loadBudgetedLearnings(projectPath, options) {
   }
   const globalResult = await loadRelevantLearnings(projectPath, skill, stream);
   if (globalResult.ok) {
-    allEntries.push(...sortByRecencyAndRelevance(globalResult.value));
+    const sessionSet = new Set(allEntries.map((e) => e.trim()));
+    const uniqueGlobal = globalResult.value.filter((e) => !sessionSet.has(e.trim()));
+    allEntries.push(...sortByRecencyAndRelevance(uniqueGlobal));
   }
   const budgeted = [];
   let totalTokens = 0;
@@ -5222,6 +5407,68 @@ async function loadBudgetedLearnings(projectPath, options) {
   }
   return Ok(budgeted);
 }
+async function loadIndexEntries(projectPath, skillName, stream, session) {
+  try {
+    const dirResult = await getStateDir(projectPath, stream, session);
+    if (!dirResult.ok) return dirResult;
+    const stateDir = dirResult.value;
+    const learningsPath = path6.join(stateDir, LEARNINGS_FILE);
+    if (!fs9.existsSync(learningsPath)) {
+      return Ok([]);
+    }
+    const content = fs9.readFileSync(learningsPath, "utf-8");
+    const lines = content.split("\n");
+    const indexEntries = [];
+    let pendingFrontmatter = null;
+    let currentBlock = [];
+    for (const line of lines) {
+      if (line.startsWith("# ")) continue;
+      const fm = parseFrontmatter(line);
+      if (fm) {
+        pendingFrontmatter = fm;
+        continue;
+      }
+      const isDatedBullet = /^- \*\*\d{4}-\d{2}-\d{2}/.test(line);
+      const isHeading = /^## \d{4}-\d{2}-\d{2}/.test(line);
+      if (isDatedBullet || isHeading) {
+        if (pendingFrontmatter) {
+          indexEntries.push({
+            hash: pendingFrontmatter.hash,
+            tags: pendingFrontmatter.tags,
+            summary: line,
+            fullText: ""
+            // Placeholder — full text not loaded in index mode
+          });
+          pendingFrontmatter = null;
+        } else {
+          const idx = extractIndexEntry(line);
+          indexEntries.push({
+            hash: idx.hash,
+            tags: idx.tags,
+            summary: line,
+            fullText: ""
+          });
+        }
+        currentBlock = [line];
+      } else if (line.trim() !== "" && currentBlock.length > 0) {
+        currentBlock.push(line);
+      }
+    }
+    if (skillName) {
+      const filtered = indexEntries.filter(
+        (e) => e.tags.includes(skillName) || e.summary.includes(`[skill:${skillName}]`)
+      );
+      return Ok(filtered);
+    }
+    return Ok(indexEntries);
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to load index entries: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
 async function loadRelevantLearnings(projectPath, skillName, stream, session) {
   try {
     const dirResult = await getStateDir(projectPath, stream, session);
@@ -5244,6 +5491,7 @@ async function loadRelevantLearnings(projectPath, skillName, stream, session) {
       let currentBlock = [];
       for (const line of lines) {
         if (line.startsWith("# ")) continue;
+        if (/^<!--\s+hash:[a-f0-9]+/.test(line)) continue;
         const isDatedBullet = /^- \*\*\d{4}-\d{2}-\d{2}/.test(line);
         const isHeading = /^## \d{4}-\d{2}-\d{2}/.test(line);
         if (isDatedBullet || isHeading) {
@@ -5353,6 +5601,68 @@ async function pruneLearnings(projectPath, stream) {
     );
   }
 }
+var PROMOTABLE_OUTCOMES = ["gotcha", "decision", "observation"];
+function isGeneralizable(entry) {
+  for (const outcome of PROMOTABLE_OUTCOMES) {
+    if (entry.includes(`[outcome:${outcome}]`)) return true;
+  }
+  return false;
+}
+async function promoteSessionLearnings(projectPath, sessionSlug, stream) {
+  try {
+    const sessionResult = await loadRelevantLearnings(projectPath, void 0, stream, sessionSlug);
+    if (!sessionResult.ok) return sessionResult;
+    const sessionEntries = sessionResult.value;
+    if (sessionEntries.length === 0) {
+      return Ok({ promoted: 0, skipped: 0 });
+    }
+    const toPromote = [];
+    let skipped = 0;
+    for (const entry of sessionEntries) {
+      if (isGeneralizable(entry)) {
+        toPromote.push(entry);
+      } else {
+        skipped++;
+      }
+    }
+    if (toPromote.length === 0) {
+      return Ok({ promoted: 0, skipped });
+    }
+    const dirResult = await getStateDir(projectPath, stream);
+    if (!dirResult.ok) return dirResult;
+    const stateDir = dirResult.value;
+    const globalPath = path6.join(stateDir, LEARNINGS_FILE);
+    const existingGlobal = fs9.existsSync(globalPath) ? fs9.readFileSync(globalPath, "utf-8") : "";
+    const newEntries = toPromote.filter((entry) => !existingGlobal.includes(entry.trim()));
+    if (newEntries.length === 0) {
+      return Ok({ promoted: 0, skipped: skipped + toPromote.length });
+    }
+    const promotedContent = newEntries.join("\n\n") + "\n";
+    if (!existingGlobal) {
+      fs9.writeFileSync(globalPath, `# Learnings
+
+${promotedContent}`);
+    } else {
+      fs9.appendFileSync(globalPath, "\n\n" + promotedContent);
+    }
+    learningsCacheMap.delete(globalPath);
+    return Ok({
+      promoted: newEntries.length,
+      skipped: skipped + (toPromote.length - newEntries.length)
+    });
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to promote session learnings: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
+async function countLearningEntries(projectPath, stream) {
+  const loadResult = await loadRelevantLearnings(projectPath, void 0, stream);
+  if (!loadResult.ok) return 0;
+  return loadResult.value.length;
+}
 
 // src/state/failures.ts
 import * as fs10 from "fs";
@@ -5677,37 +5987,319 @@ function listActiveSessions(projectPath) {
   }
 }
 
-// src/workflow/runner.ts
-async function executeWorkflow(workflow, executor) {
-  const stepResults = [];
-  const startTime = Date.now();
-  let previousArtifact;
-  let stopped = false;
-  for (const step of workflow.steps) {
-    if (stopped) {
-      stepResults.push({
-        step,
-        outcome: "skipped",
-        durationMs: 0
-      });
-      continue;
-    }
-    const stepResult = await executor(step, previousArtifact);
-    stepResults.push(stepResult);
-    if (stepResult.outcome === "pass") {
-      previousArtifact = stepResult.artifact;
-    } else {
-      const gate = step.gate ?? "pass-required";
-      if (gate === "pass-required") {
-        stopped = true;
+// src/state/session-sections.ts
+import * as fs14 from "fs";
+import * as path11 from "path";
+import { SESSION_SECTION_NAMES } from "@harness-engineering/types";
+function emptySections() {
+  const sections = {};
+  for (const name of SESSION_SECTION_NAMES) {
+    sections[name] = [];
+  }
+  return sections;
+}
+async function loadSessionState(projectPath, sessionSlug) {
+  const dirResult = resolveSessionDir(projectPath, sessionSlug);
+  if (!dirResult.ok) return dirResult;
+  const sessionDir = dirResult.value;
+  const filePath = path11.join(sessionDir, SESSION_STATE_FILE);
+  if (!fs14.existsSync(filePath)) {
+    return Ok(emptySections());
+  }
+  try {
+    const raw = fs14.readFileSync(filePath, "utf-8");
+    const parsed = JSON.parse(raw);
+    const sections = emptySections();
+    for (const name of SESSION_SECTION_NAMES) {
+      if (Array.isArray(parsed[name])) {
+        sections[name] = parsed[name];
       }
     }
+    return Ok(sections);
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to load session state: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
   }
-  const hasFailure = stepResults.some((r) => r.outcome === "fail");
-  return {
-    workflow,
-    stepResults,
-    pass: !hasFailure,
+}
+async function saveSessionState(projectPath, sessionSlug, sections) {
+  const dirResult = resolveSessionDir(projectPath, sessionSlug, { create: true });
+  if (!dirResult.ok) return dirResult;
+  const sessionDir = dirResult.value;
+  const filePath = path11.join(sessionDir, SESSION_STATE_FILE);
+  try {
+    fs14.writeFileSync(filePath, JSON.stringify(sections, null, 2));
+    return Ok(void 0);
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to save session state: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
+async function readSessionSections(projectPath, sessionSlug) {
+  return loadSessionState(projectPath, sessionSlug);
+}
+async function readSessionSection(projectPath, sessionSlug, section) {
+  const result = await loadSessionState(projectPath, sessionSlug);
+  if (!result.ok) return result;
+  return Ok(result.value[section]);
+}
+async function appendSessionEntry(projectPath, sessionSlug, section, authorSkill, content) {
+  const loadResult = await loadSessionState(projectPath, sessionSlug);
+  if (!loadResult.ok) return loadResult;
+  const sections = loadResult.value;
+  const entry = {
+    id: generateEntryId(),
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    authorSkill,
+    content,
+    status: "active"
+  };
+  sections[section].push(entry);
+  const saveResult = await saveSessionState(projectPath, sessionSlug, sections);
+  if (!saveResult.ok) return saveResult;
+  return Ok(entry);
+}
+async function updateSessionEntryStatus(projectPath, sessionSlug, section, entryId, newStatus) {
+  const loadResult = await loadSessionState(projectPath, sessionSlug);
+  if (!loadResult.ok) return loadResult;
+  const sections = loadResult.value;
+  const entry = sections[section].find((e) => e.id === entryId);
+  if (!entry) {
+    return Err(new Error(`Entry '${entryId}' not found in section '${section}'`));
+  }
+  entry.status = newStatus;
+  const saveResult = await saveSessionState(projectPath, sessionSlug, sections);
+  if (!saveResult.ok) return saveResult;
+  return Ok(entry);
+}
+function generateEntryId() {
+  const timestamp = Date.now().toString(36);
+  const random = Math.random().toString(36).substring(2, 8);
+  return `${timestamp}-${random}`;
+}
+
+// src/state/session-archive.ts
+import * as fs15 from "fs";
+import * as path12 from "path";
+async function archiveSession(projectPath, sessionSlug) {
+  const dirResult = resolveSessionDir(projectPath, sessionSlug);
+  if (!dirResult.ok) return dirResult;
+  const sessionDir = dirResult.value;
+  if (!fs15.existsSync(sessionDir)) {
+    return Err(new Error(`Session '${sessionSlug}' not found at ${sessionDir}`));
+  }
+  const archiveBase = path12.join(projectPath, HARNESS_DIR, ARCHIVE_DIR, "sessions");
+  try {
+    fs15.mkdirSync(archiveBase, { recursive: true });
+    const date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+    let archiveName = `${sessionSlug}-${date}`;
+    let counter = 1;
+    while (fs15.existsSync(path12.join(archiveBase, archiveName))) {
+      archiveName = `${sessionSlug}-${date}-${counter}`;
+      counter++;
+    }
+    const dest = path12.join(archiveBase, archiveName);
+    try {
+      fs15.renameSync(sessionDir, dest);
+    } catch (renameErr) {
+      if (renameErr instanceof Error && "code" in renameErr && renameErr.code === "EXDEV") {
+        fs15.cpSync(sessionDir, dest, { recursive: true });
+        fs15.rmSync(sessionDir, { recursive: true });
+      } else {
+        throw renameErr;
+      }
+    }
+    return Ok(void 0);
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to archive session: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
+
+// src/state/events.ts
+import * as fs16 from "fs";
+import * as path13 from "path";
+import { z as z5 } from "zod";
+var SkillEventSchema = z5.object({
+  timestamp: z5.string(),
+  skill: z5.string(),
+  session: z5.string().optional(),
+  type: z5.enum(["phase_transition", "decision", "gate_result", "handoff", "error", "checkpoint"]),
+  summary: z5.string(),
+  data: z5.record(z5.unknown()).optional(),
+  refs: z5.array(z5.string()).optional(),
+  contentHash: z5.string().optional()
+});
+function computeEventHash(event, session) {
+  const identity = `${event.skill}|${event.type}|${event.summary}|${session ?? ""}`;
+  return computeContentHash(identity);
+}
+var knownHashesCache = /* @__PURE__ */ new Map();
+function loadKnownHashes(eventsPath) {
+  const cached = knownHashesCache.get(eventsPath);
+  if (cached) return cached;
+  const hashes = /* @__PURE__ */ new Set();
+  if (fs16.existsSync(eventsPath)) {
+    const content = fs16.readFileSync(eventsPath, "utf-8");
+    const lines = content.split("\n").filter((line) => line.trim() !== "");
+    for (const line of lines) {
+      try {
+        const existing = JSON.parse(line);
+        if (existing.contentHash) {
+          hashes.add(existing.contentHash);
+        }
+      } catch {
+      }
+    }
+  }
+  knownHashesCache.set(eventsPath, hashes);
+  return hashes;
+}
+function clearEventHashCache() {
+  knownHashesCache.clear();
+}
+async function emitEvent(projectPath, event, options) {
+  try {
+    const dirResult = await getStateDir(projectPath, options?.stream, options?.session);
+    if (!dirResult.ok) return dirResult;
+    const stateDir = dirResult.value;
+    const eventsPath = path13.join(stateDir, EVENTS_FILE);
+    fs16.mkdirSync(stateDir, { recursive: true });
+    const contentHash = computeEventHash(event, options?.session);
+    const knownHashes = loadKnownHashes(eventsPath);
+    if (knownHashes.has(contentHash)) {
+      return Ok({ written: false, reason: "duplicate" });
+    }
+    const fullEvent = {
+      ...event,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      contentHash
+    };
+    if (options?.session) {
+      fullEvent.session = options.session;
+    }
+    fs16.appendFileSync(eventsPath, JSON.stringify(fullEvent) + "\n");
+    knownHashes.add(contentHash);
+    return Ok({ written: true });
+  } catch (error) {
+    return Err(
+      new Error(`Failed to emit event: ${error instanceof Error ? error.message : String(error)}`)
+    );
+  }
+}
+async function loadEvents(projectPath, options) {
+  try {
+    const dirResult = await getStateDir(projectPath, options?.stream, options?.session);
+    if (!dirResult.ok) return dirResult;
+    const stateDir = dirResult.value;
+    const eventsPath = path13.join(stateDir, EVENTS_FILE);
+    if (!fs16.existsSync(eventsPath)) {
+      return Ok([]);
+    }
+    const content = fs16.readFileSync(eventsPath, "utf-8");
+    const lines = content.split("\n").filter((line) => line.trim() !== "");
+    const events = [];
+    for (const line of lines) {
+      try {
+        const parsed = JSON.parse(line);
+        const result = SkillEventSchema.safeParse(parsed);
+        if (result.success) {
+          events.push(result.data);
+        }
+      } catch {
+      }
+    }
+    return Ok(events);
+  } catch (error) {
+    return Err(
+      new Error(`Failed to load events: ${error instanceof Error ? error.message : String(error)}`)
+    );
+  }
+}
+function formatPhaseTransition(event) {
+  const data = event.data;
+  const suffix = data?.taskCount ? ` (${data.taskCount} tasks)` : "";
+  return `phase: ${data?.from ?? "?"} -> ${data?.to ?? "?"}${suffix}`;
+}
+function formatGateResult(event) {
+  const data = event.data;
+  const status = data?.passed ? "passed" : "failed";
+  const checks = data?.checks?.map((c) => `${c.name} ${c.passed ? "Y" : "N"}`).join(", ");
+  return checks ? `gate: ${status} (${checks})` : `gate: ${status}`;
+}
+function formatHandoffDetail(event) {
+  const data = event.data;
+  const direction = data?.toSkill ? ` -> ${data.toSkill}` : "";
+  return `handoff: ${event.summary}${direction}`;
+}
+var EVENT_FORMATTERS = {
+  phase_transition: formatPhaseTransition,
+  gate_result: formatGateResult,
+  decision: (event) => `decision: ${event.summary}`,
+  handoff: formatHandoffDetail,
+  error: (event) => `error: ${event.summary}`,
+  checkpoint: (event) => `checkpoint: ${event.summary}`
+};
+function formatEventTimeline(events, limit = 20) {
+  if (events.length === 0) return "";
+  const recent = events.slice(-limit);
+  return recent.map((event) => {
+    const time = formatTime(event.timestamp);
+    const formatter = EVENT_FORMATTERS[event.type];
+    const detail = formatter ? formatter(event) : event.summary;
+    return `- ${time} [${event.skill}] ${detail}`;
+  }).join("\n");
+}
+function formatTime(timestamp) {
+  try {
+    const date = new Date(timestamp);
+    const hours = String(date.getHours()).padStart(2, "0");
+    const minutes = String(date.getMinutes()).padStart(2, "0");
+    return `${hours}:${minutes}`;
+  } catch {
+    return "??:??";
+  }
+}
+
+// src/workflow/runner.ts
+async function executeWorkflow(workflow, executor) {
+  const stepResults = [];
+  const startTime = Date.now();
+  let previousArtifact;
+  let stopped = false;
+  for (const step of workflow.steps) {
+    if (stopped) {
+      stepResults.push({
+        step,
+        outcome: "skipped",
+        durationMs: 0
+      });
+      continue;
+    }
+    const stepResult = await executor(step, previousArtifact);
+    stepResults.push(stepResult);
+    if (stepResult.outcome === "pass") {
+      previousArtifact = stepResult.artifact;
+    } else {
+      const gate = step.gate ?? "pass-required";
+      if (gate === "pass-required") {
+        stopped = true;
+      }
+    }
+  }
+  const hasFailure = stepResults.some((r) => r.outcome === "fail");
+  return {
+    workflow,
+    stepResults,
+    pass: !hasFailure,
     totalDurationMs: Date.now() - startTime
   };
 }
@@ -5826,7 +6418,8 @@ async function runMultiTurnPipeline(initialContext, turnExecutor, options) {
 }
 
 // src/security/scanner.ts
-import * as fs15 from "fs/promises";
+import * as fs18 from "fs/promises";
+import { minimatch as minimatch4 } from "minimatch";
 
 // src/security/rules/registry.ts
 var RuleRegistry = class {
@@ -5857,7 +6450,7 @@ var RuleRegistry = class {
 };
 
 // src/security/config.ts
-import { z as z5 } from "zod";
+import { z as z6 } from "zod";
 
 // src/security/types.ts
 var DEFAULT_SECURITY_CONFIG = {
@@ -5868,19 +6461,19 @@ var DEFAULT_SECURITY_CONFIG = {
 };
 
 // src/security/config.ts
-var RuleOverrideSchema = z5.enum(["off", "error", "warning", "info"]);
-var SecurityConfigSchema = z5.object({
-  enabled: z5.boolean().default(true),
-  strict: z5.boolean().default(false),
-  rules: z5.record(z5.string(), RuleOverrideSchema).optional().default({}),
-  exclude: z5.array(z5.string()).optional().default(["**/node_modules/**", "**/dist/**", "**/*.test.ts", "**/fixtures/**"]),
-  external: z5.object({
-    semgrep: z5.object({
-      enabled: z5.union([z5.literal("auto"), z5.boolean()]).default("auto"),
-      rulesets: z5.array(z5.string()).optional()
+var RuleOverrideSchema = z6.enum(["off", "error", "warning", "info"]);
+var SecurityConfigSchema = z6.object({
+  enabled: z6.boolean().default(true),
+  strict: z6.boolean().default(false),
+  rules: z6.record(z6.string(), RuleOverrideSchema).optional().default({}),
+  exclude: z6.array(z6.string()).optional().default(["**/node_modules/**", "**/dist/**", "**/*.test.ts", "**/fixtures/**"]),
+  external: z6.object({
+    semgrep: z6.object({
+      enabled: z6.union([z6.literal("auto"), z6.boolean()]).default("auto"),
+      rulesets: z6.array(z6.string()).optional()
     }).optional(),
-    gitleaks: z5.object({
-      enabled: z5.union([z5.literal("auto"), z5.boolean()]).default("auto")
+    gitleaks: z6.object({
+      enabled: z6.union([z6.literal("auto"), z6.boolean()]).default("auto")
     }).optional()
   }).optional()
 });
@@ -5913,15 +6506,15 @@ function resolveRuleSeverity(ruleId, defaultSeverity, overrides, strict) {
 }
 
 // src/security/stack-detector.ts
-import * as fs14 from "fs";
-import * as path11 from "path";
+import * as fs17 from "fs";
+import * as path14 from "path";
 function detectStack(projectRoot) {
   const stacks = [];
-  const pkgJsonPath = path11.join(projectRoot, "package.json");
-  if (fs14.existsSync(pkgJsonPath)) {
+  const pkgJsonPath = path14.join(projectRoot, "package.json");
+  if (fs17.existsSync(pkgJsonPath)) {
     stacks.push("node");
     try {
-      const pkgJson = JSON.parse(fs14.readFileSync(pkgJsonPath, "utf-8"));
+      const pkgJson = JSON.parse(fs17.readFileSync(pkgJsonPath, "utf-8"));
       const allDeps = {
         ...pkgJson.dependencies,
         ...pkgJson.devDependencies
@@ -5936,13 +6529,13 @@ function detectStack(projectRoot) {
     } catch {
     }
   }
-  const goModPath = path11.join(projectRoot, "go.mod");
-  if (fs14.existsSync(goModPath)) {
+  const goModPath = path14.join(projectRoot, "go.mod");
+  if (fs17.existsSync(goModPath)) {
     stacks.push("go");
   }
-  const requirementsPath = path11.join(projectRoot, "requirements.txt");
-  const pyprojectPath = path11.join(projectRoot, "pyproject.toml");
-  if (fs14.existsSync(requirementsPath) || fs14.existsSync(pyprojectPath)) {
+  const requirementsPath = path14.join(projectRoot, "requirements.txt");
+  const pyprojectPath = path14.join(projectRoot, "pyproject.toml");
+  if (fs17.existsSync(requirementsPath) || fs17.existsSync(pyprojectPath)) {
     stacks.push("python");
   }
   return stacks;
@@ -6006,6 +6599,72 @@ var secretRules = [
     message: "Hardcoded JWT token detected",
     remediation: "Tokens should be fetched at runtime, not embedded in source",
     references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-006",
+    name: "Anthropic API Key",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/sk-ant-api\d{2}-[A-Za-z0-9_-]{20,}/],
+    message: "Hardcoded Anthropic API key detected",
+    remediation: "Use environment variables: process.env.ANTHROPIC_API_KEY",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-007",
+    name: "OpenAI API Key",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/sk-proj-[A-Za-z0-9_-]{20,}/],
+    message: "Hardcoded OpenAI API key detected",
+    remediation: "Use environment variables: process.env.OPENAI_API_KEY",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-008",
+    name: "Google API Key",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/AIza[A-Za-z0-9_-]{35}/],
+    message: "Hardcoded Google API key detected",
+    remediation: "Use environment variables or a secrets manager for Google API keys",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-009",
+    name: "GitHub Personal Access Token",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/gh[pous]_[A-Za-z0-9_]{36,}/],
+    message: "Hardcoded GitHub personal access token detected",
+    remediation: "Use environment variables: process.env.GITHUB_TOKEN",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-010",
+    name: "Stripe Live Key",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/\b[spr]k_live_[A-Za-z0-9]{24,}/],
+    message: "Hardcoded Stripe live key detected",
+    remediation: "Use environment variables for Stripe keys; never commit live keys",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-011",
+    name: "Database Connection String with Credentials",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/(?:postgres|mysql|mongodb|redis|amqp|mssql)(?:\+\w+)?:\/\/[^/\s:]+:[^@/\s]+@/i],
+    message: "Database connection string with embedded credentials detected",
+    remediation: "Use environment variables for connection strings; separate credentials from URIs",
+    references: ["CWE-798"]
   }
 ];
 
@@ -6192,6 +6851,158 @@ var deserializationRules = [
   }
 ];
 
+// src/security/rules/agent-config.ts
+var agentConfigRules = [
+  {
+    id: "SEC-AGT-001",
+    name: "Hidden Unicode Characters",
+    category: "agent-config",
+    severity: "error",
+    confidence: "high",
+    patterns: [/\u200B|\u200C|\u200D|\uFEFF|\u2060/],
+    fileGlob: "**/CLAUDE.md,**/AGENTS.md,**/*.yaml",
+    message: "Hidden zero-width Unicode characters detected in agent configuration",
+    remediation: "Remove invisible Unicode characters; they may hide malicious instructions",
+    references: ["CWE-116"]
+  },
+  {
+    id: "SEC-AGT-002",
+    name: "URL Execution Directives",
+    category: "agent-config",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [/\b(?:curl|wget)\s+\S+/i, /\bfetch\s*\(/i],
+    fileGlob: "**/CLAUDE.md,**/AGENTS.md",
+    message: "URL execution directive found in agent configuration",
+    remediation: "Avoid instructing agents to download and execute remote content",
+    references: ["CWE-94"]
+  },
+  {
+    id: "SEC-AGT-003",
+    name: "Wildcard Tool Permissions",
+    category: "agent-config",
+    severity: "warning",
+    confidence: "high",
+    patterns: [/(?:Bash|Write|Edit)\s*\(\s*\*\s*\)/],
+    fileGlob: "**/.claude/**,**/settings*.json",
+    message: "Wildcard tool permissions grant unrestricted access",
+    remediation: "Scope tool permissions to specific patterns instead of wildcards",
+    references: ["CWE-250"]
+  },
+  {
+    id: "SEC-AGT-004",
+    name: "Auto-approve Patterns",
+    category: "agent-config",
+    severity: "warning",
+    confidence: "high",
+    patterns: [/\bautoApprove\b/i, /\bauto_approve\b/i],
+    fileGlob: "**/.claude/**,**/.mcp.json",
+    message: "Auto-approve configuration bypasses human review of tool calls",
+    remediation: "Review auto-approved tools carefully; prefer explicit approval for destructive operations",
+    references: ["CWE-862"]
+  },
+  {
+    id: "SEC-AGT-005",
+    name: "Prompt Injection Surface",
+    category: "agent-config",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [/\$\{[^}]*\}/, /\{\{[^}]*\}\}/],
+    fileGlob: "**/skill.yaml",
+    message: "Template interpolation syntax in skill YAML may enable prompt injection",
+    remediation: "Avoid dynamic interpolation in skill descriptions; use static text",
+    references: ["CWE-94"]
+  },
+  {
+    id: "SEC-AGT-006",
+    name: "Permission Bypass Flags",
+    category: "agent-config",
+    severity: "error",
+    confidence: "high",
+    patterns: [/--dangerously-skip-permissions/, /--no-verify/],
+    fileGlob: "**/CLAUDE.md,**/AGENTS.md,**/.claude/**",
+    message: "Permission bypass flag detected in agent configuration",
+    remediation: "Remove flags that bypass safety checks; they undermine enforcement",
+    references: ["CWE-863"]
+  },
+  {
+    id: "SEC-AGT-007",
+    name: "Hook Injection Surface",
+    category: "agent-config",
+    severity: "error",
+    confidence: "low",
+    patterns: [/\$\(/, /`[^`]+`/, /\s&&\s/, /\s\|\|\s/],
+    fileGlob: "**/settings*.json,**/hooks.json",
+    message: "Shell metacharacters in hook commands may enable command injection",
+    remediation: "Use simple, single-command hooks without shell operators; chain logic inside the script",
+    references: ["CWE-78"]
+  }
+];
+
+// src/security/rules/mcp.ts
+var mcpRules = [
+  {
+    id: "SEC-MCP-001",
+    name: "Hardcoded MCP Secrets",
+    category: "mcp",
+    severity: "error",
+    confidence: "medium",
+    patterns: [/(?:API_KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)\s*["']?\s*:\s*["'][^"']{8,}["']/i],
+    fileGlob: "**/.mcp.json",
+    message: "Hardcoded secret detected in MCP server configuration",
+    remediation: "Use environment variable references instead of inline secrets in .mcp.json",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-MCP-002",
+    name: "Shell Injection in MCP Args",
+    category: "mcp",
+    severity: "error",
+    confidence: "medium",
+    patterns: [/\$\(/, /`[^`]+`/],
+    fileGlob: "**/.mcp.json",
+    message: "Shell metacharacters detected in MCP server arguments",
+    remediation: "Use literal argument values; avoid shell interpolation in MCP args",
+    references: ["CWE-78"]
+  },
+  {
+    id: "SEC-MCP-003",
+    name: "Network Exposure",
+    category: "mcp",
+    severity: "warning",
+    confidence: "high",
+    patterns: [/0\.0\.0\.0/, /["']\*["']\s*:\s*\d/, /host["']?\s*:\s*["']\*["']/i],
+    fileGlob: "**/.mcp.json",
+    message: "MCP server binding to all network interfaces (0.0.0.0 or wildcard *)",
+    remediation: "Bind to 127.0.0.1 or localhost to restrict access to local machine",
+    references: ["CWE-668"]
+  },
+  {
+    id: "SEC-MCP-004",
+    name: "Typosquatting Vector",
+    category: "mcp",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [/\bnpx\s+(?:-y|--yes)\b/],
+    fileGlob: "**/.mcp.json",
+    message: "npx -y auto-installs packages without confirmation, enabling typosquatting",
+    remediation: "Pin exact package versions or install packages explicitly before use",
+    references: ["CWE-427"]
+  },
+  {
+    id: "SEC-MCP-005",
+    name: "Unencrypted Transport",
+    category: "mcp",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [/http:\/\/(?!localhost\b|127\.0\.0\.1\b)/],
+    fileGlob: "**/.mcp.json",
+    message: "Unencrypted HTTP transport detected for MCP server connection",
+    remediation: "Use https:// for all non-localhost MCP server connections",
+    references: ["CWE-319"]
+  }
+];
+
 // src/security/rules/stack/node.ts
 var nodeRules = [
   {
@@ -6319,7 +7130,9 @@ var SecurityScanner = class {
       ...cryptoRules,
       ...pathTraversalRules,
       ...networkRules,
-      ...deserializationRules
+      ...deserializationRules,
+      ...agentConfigRules,
+      ...mcpRules
     ]);
     this.registry.registerAll([...nodeRules, ...expressRules, ...reactRules, ...goRules]);
     this.activeRules = this.registry.getAll();
@@ -6328,6 +7141,12 @@ var SecurityScanner = class {
     const stacks = detectStack(projectRoot);
     this.activeRules = this.registry.getForStacks(stacks.length > 0 ? stacks : []);
   }
+  /**
+   * Scan raw content against all active rules. Note: this method does NOT apply
+   * fileGlob filtering — every active rule is evaluated regardless of filePath.
+   * If you are scanning a specific file and want fileGlob-based rule filtering,
+   * use {@link scanFile} instead.
+   */
   scanContent(content, filePath, startLine = 1) {
     if (!this.config.enabled) return [];
     const findings = [];
@@ -6369,8 +7188,52 @@ var SecurityScanner = class {
   }
   async scanFile(filePath) {
     if (!this.config.enabled) return [];
-    const content = await fs15.readFile(filePath, "utf-8");
-    return this.scanContent(content, filePath, 1);
+    const content = await fs18.readFile(filePath, "utf-8");
+    return this.scanContentForFile(content, filePath, 1);
+  }
+  scanContentForFile(content, filePath, startLine = 1) {
+    if (!this.config.enabled) return [];
+    const findings = [];
+    const lines = content.split("\n");
+    const applicableRules = this.activeRules.filter((rule) => {
+      if (!rule.fileGlob) return true;
+      const globs = rule.fileGlob.split(",").map((g) => g.trim());
+      return globs.some((glob) => minimatch4(filePath, glob, { dot: true }));
+    });
+    for (const rule of applicableRules) {
+      const resolved = resolveRuleSeverity(
+        rule.id,
+        rule.severity,
+        this.config.rules ?? {},
+        this.config.strict
+      );
+      if (resolved === "off") continue;
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        if (line.includes("harness-ignore") && line.includes(rule.id)) continue;
+        for (const pattern of rule.patterns) {
+          pattern.lastIndex = 0;
+          if (pattern.test(line)) {
+            findings.push({
+              ruleId: rule.id,
+              ruleName: rule.name,
+              category: rule.category,
+              severity: resolved,
+              confidence: rule.confidence,
+              file: filePath,
+              line: startLine + i,
+              match: line.trim(),
+              context: line,
+              message: rule.message,
+              remediation: rule.remediation,
+              ...rule.references ? { references: rule.references } : {}
+            });
+            break;
+          }
+        }
+      }
+    }
+    return findings;
   }
   async scanFiles(filePaths) {
     const allFindings = [];
@@ -6394,7 +7257,7 @@ var SecurityScanner = class {
 };
 
 // src/ci/check-orchestrator.ts
-import * as path12 from "path";
+import * as path15 from "path";
 var ALL_CHECKS = [
   "validate",
   "deps",
@@ -6407,7 +7270,7 @@ var ALL_CHECKS = [
 ];
 async function runValidateCheck(projectRoot, config) {
   const issues = [];
-  const agentsPath = path12.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
+  const agentsPath = path15.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
   const result = await validateAgentsMap(agentsPath);
   if (!result.ok) {
     issues.push({ severity: "error", message: result.error.message });
@@ -6464,7 +7327,7 @@ async function runDepsCheck(projectRoot, config) {
 }
 async function runDocsCheck(projectRoot, config) {
   const issues = [];
-  const docsDir = path12.join(projectRoot, config.docsDir ?? "docs");
+  const docsDir = path15.join(projectRoot, config.docsDir ?? "docs");
   const entropyConfig = config.entropy || {};
   const result = await checkDocCoverage("project", {
     docsDir,
@@ -6489,10 +7352,14 @@ async function runDocsCheck(projectRoot, config) {
   }
   return issues;
 }
-async function runEntropyCheck(projectRoot, _config) {
+async function runEntropyCheck(projectRoot, config) {
   const issues = [];
+  const entropyConfig = config.entropy || {};
+  const perfConfig = config.performance || {};
+  const entryPoints = entropyConfig.entryPoints ?? perfConfig.entryPoints;
   const analyzer = new EntropyAnalyzer({
     rootDir: projectRoot,
+    ...entryPoints ? { entryPoints } : {},
     analyze: { drift: true, deadCode: true, patterns: false }
   });
   const result = await analyzer.analyze();
@@ -6554,8 +7421,10 @@ async function runSecurityCheck(projectRoot, config) {
 async function runPerfCheck(projectRoot, config) {
   const issues = [];
   const perfConfig = config.performance || {};
+  const entryPoints = perfConfig.entryPoints;
   const perfAnalyzer = new EntropyAnalyzer({
     rootDir: projectRoot,
+    ...entryPoints ? { entryPoints } : {},
     analyze: {
       complexity: perfConfig.complexity || true,
       coupling: perfConfig.coupling || true,
@@ -6736,7 +7605,7 @@ async function runCIChecks(input) {
 }
 
 // src/review/mechanical-checks.ts
-import * as path13 from "path";
+import * as path16 from "path";
 async function runMechanicalChecks(options) {
   const { projectRoot, config, skip = [], changedFiles } = options;
   const findings = [];
@@ -6748,7 +7617,7 @@ async function runMechanicalChecks(options) {
   };
   if (!skip.includes("validate")) {
     try {
-      const agentsPath = path13.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
+      const agentsPath = path16.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
       const result = await validateAgentsMap(agentsPath);
       if (!result.ok) {
         statuses.validate = "fail";
@@ -6785,7 +7654,7 @@ async function runMechanicalChecks(options) {
       statuses.validate = "fail";
       findings.push({
         tool: "validate",
-        file: path13.join(projectRoot, "AGENTS.md"),
+        file: path16.join(projectRoot, "AGENTS.md"),
         message: err instanceof Error ? err.message : String(err),
         severity: "error"
       });
@@ -6849,7 +7718,7 @@ async function runMechanicalChecks(options) {
       (async () => {
         const localFindings = [];
         try {
-          const docsDir = path13.join(projectRoot, config.docsDir ?? "docs");
+          const docsDir = path16.join(projectRoot, config.docsDir ?? "docs");
           const result = await checkDocCoverage("project", { docsDir });
           if (!result.ok) {
             statuses["check-docs"] = "warn";
@@ -6876,7 +7745,7 @@ async function runMechanicalChecks(options) {
           statuses["check-docs"] = "warn";
           localFindings.push({
             tool: "check-docs",
-            file: path13.join(projectRoot, "docs"),
+            file: path16.join(projectRoot, "docs"),
             message: err instanceof Error ? err.message : String(err),
             severity: "warning"
           });
@@ -7024,7 +7893,7 @@ function detectChangeType(commitMessage, diff2) {
 }
 
 // src/review/context-scoper.ts
-import * as path14 from "path";
+import * as path17 from "path";
 var ALL_DOMAINS = ["compliance", "bug", "security", "architecture"];
 var SECURITY_PATTERNS = /auth|crypto|password|secret|token|session|cookie|hash|encrypt|decrypt|sql|shell|exec|eval/i;
 function computeContextBudget(diffLines) {
@@ -7032,18 +7901,18 @@ function computeContextBudget(diffLines) {
   return diffLines;
 }
 function isWithinProject(absPath, projectRoot) {
-  const resolvedRoot = path14.resolve(projectRoot) + path14.sep;
-  const resolvedPath = path14.resolve(absPath);
-  return resolvedPath.startsWith(resolvedRoot) || resolvedPath === path14.resolve(projectRoot);
+  const resolvedRoot = path17.resolve(projectRoot) + path17.sep;
+  const resolvedPath = path17.resolve(absPath);
+  return resolvedPath.startsWith(resolvedRoot) || resolvedPath === path17.resolve(projectRoot);
 }
 async function readContextFile(projectRoot, filePath, reason) {
-  const absPath = path14.isAbsolute(filePath) ? filePath : path14.join(projectRoot, filePath);
+  const absPath = path17.isAbsolute(filePath) ? filePath : path17.join(projectRoot, filePath);
   if (!isWithinProject(absPath, projectRoot)) return null;
   const result = await readFileContent(absPath);
   if (!result.ok) return null;
   const content = result.value;
   const lines = content.split("\n").length;
-  const relPath = path14.isAbsolute(filePath) ? relativePosix(projectRoot, filePath) : filePath;
+  const relPath = path17.isAbsolute(filePath) ? relativePosix(projectRoot, filePath) : filePath;
   return { path: relPath, content, reason, lines };
 }
 function extractImportSources(content) {
@@ -7058,18 +7927,18 @@ function extractImportSources(content) {
 }
 async function resolveImportPath(projectRoot, fromFile, importSource) {
   if (!importSource.startsWith(".")) return null;
-  const fromDir = path14.dirname(path14.join(projectRoot, fromFile));
-  const basePath = path14.resolve(fromDir, importSource);
+  const fromDir = path17.dirname(path17.join(projectRoot, fromFile));
+  const basePath = path17.resolve(fromDir, importSource);
   if (!isWithinProject(basePath, projectRoot)) return null;
   const relBase = relativePosix(projectRoot, basePath);
   const candidates = [
     relBase + ".ts",
     relBase + ".tsx",
     relBase + ".mts",
-    path14.join(relBase, "index.ts")
+    path17.join(relBase, "index.ts")
   ];
   for (const candidate of candidates) {
-    const absCandidate = path14.join(projectRoot, candidate);
+    const absCandidate = path17.join(projectRoot, candidate);
     if (await fileExists(absCandidate)) {
       return candidate;
     }
@@ -7077,7 +7946,7 @@ async function resolveImportPath(projectRoot, fromFile, importSource) {
   return null;
 }
 async function findTestFiles(projectRoot, sourceFile) {
-  const baseName = path14.basename(sourceFile, path14.extname(sourceFile));
+  const baseName = path17.basename(sourceFile, path17.extname(sourceFile));
   const pattern = `**/${baseName}.{test,spec}.{ts,tsx,mts}`;
   const results = await findFiles(pattern, projectRoot);
   return results.map((f) => relativePosix(projectRoot, f));
@@ -7366,101 +8235,102 @@ function findMissingJsDoc(bundle) {
   }
   return missing;
 }
-function runComplianceAgent(bundle) {
-  const findings = [];
-  const rules = extractConventionRules(bundle);
-  const jsDocRuleExists = rules.some((r) => r.text.toLowerCase().includes("jsdoc"));
-  if (jsDocRuleExists) {
-    const missingDocs = findMissingJsDoc(bundle);
-    for (const m of missingDocs) {
-      findings.push({
-        id: makeFindingId("compliance", m.file, m.line, `Missing JSDoc ${m.exportName}`),
-        file: m.file,
-        lineRange: [m.line, m.line],
-        domain: "compliance",
-        severity: "important",
-        title: `Missing JSDoc on exported \`${m.exportName}\``,
-        rationale: `Convention requires all exports to have JSDoc comments (from ${rules.find((r) => r.text.toLowerCase().includes("jsdoc"))?.source ?? "conventions"}).`,
-        suggestion: `Add a JSDoc comment above the export of \`${m.exportName}\`.`,
-        evidence: [
-          `changeType: ${bundle.changeType}`,
-          `Convention rule: "${rules.find((r) => r.text.toLowerCase().includes("jsdoc"))?.text ?? ""}"`
-        ],
-        validatedBy: "heuristic"
-      });
-    }
-  }
-  switch (bundle.changeType) {
-    case "feature": {
-      const hasSpecContext = bundle.contextFiles.some(
-        (f) => f.reason === "spec" || f.reason === "convention"
-      );
-      if (!hasSpecContext && bundle.changedFiles.length > 0) {
-        const firstFile = bundle.changedFiles[0];
-        findings.push({
-          id: makeFindingId("compliance", firstFile.path, 1, "No spec for feature"),
-          file: firstFile.path,
-          lineRange: [1, 1],
-          domain: "compliance",
-          severity: "suggestion",
-          title: "No spec/design doc found for feature change",
-          rationale: "Feature changes should reference a spec or design doc to verify alignment. No spec context was included in the review bundle.",
-          evidence: [`changeType: feature`, `contextFiles count: ${bundle.contextFiles.length}`],
-          validatedBy: "heuristic"
-        });
-      }
-      break;
-    }
-    case "bugfix": {
-      if (bundle.commitHistory.length === 0 && bundle.changedFiles.length > 0) {
-        const firstFile = bundle.changedFiles[0];
-        findings.push({
-          id: makeFindingId("compliance", firstFile.path, 1, "Bugfix no history"),
-          file: firstFile.path,
-          lineRange: [1, 1],
-          domain: "compliance",
-          severity: "suggestion",
-          title: "Bugfix without commit history context",
-          rationale: "Bugfix changes benefit from commit history to verify the root cause is addressed, not just the symptom. No commit history was provided.",
-          evidence: [`changeType: bugfix`, `commitHistory entries: ${bundle.commitHistory.length}`],
-          validatedBy: "heuristic"
-        });
-      }
-      break;
-    }
-    case "refactor": {
-      break;
+function checkMissingJsDoc(bundle, rules) {
+  const jsDocRule = rules.find((r) => r.text.toLowerCase().includes("jsdoc"));
+  if (!jsDocRule) return [];
+  const missingDocs = findMissingJsDoc(bundle);
+  return missingDocs.map((m) => ({
+    id: makeFindingId("compliance", m.file, m.line, `Missing JSDoc ${m.exportName}`),
+    file: m.file,
+    lineRange: [m.line, m.line],
+    domain: "compliance",
+    severity: "important",
+    title: `Missing JSDoc on exported \`${m.exportName}\``,
+    rationale: `Convention requires all exports to have JSDoc comments (from ${jsDocRule.source}).`,
+    suggestion: `Add a JSDoc comment above the export of \`${m.exportName}\`.`,
+    evidence: [`changeType: ${bundle.changeType}`, `Convention rule: "${jsDocRule.text}"`],
+    validatedBy: "heuristic"
+  }));
+}
+function checkFeatureSpec(bundle) {
+  const hasSpecContext = bundle.contextFiles.some(
+    (f) => f.reason === "spec" || f.reason === "convention"
+  );
+  if (hasSpecContext || bundle.changedFiles.length === 0) return [];
+  const firstFile = bundle.changedFiles[0];
+  return [
+    {
+      id: makeFindingId("compliance", firstFile.path, 1, "No spec for feature"),
+      file: firstFile.path,
+      lineRange: [1, 1],
+      domain: "compliance",
+      severity: "suggestion",
+      title: "No spec/design doc found for feature change",
+      rationale: "Feature changes should reference a spec or design doc to verify alignment. No spec context was included in the review bundle.",
+      evidence: [`changeType: feature`, `contextFiles count: ${bundle.contextFiles.length}`],
+      validatedBy: "heuristic"
     }
-    case "docs": {
-      break;
+  ];
+}
+function checkBugfixHistory(bundle) {
+  if (bundle.commitHistory.length > 0 || bundle.changedFiles.length === 0) return [];
+  const firstFile = bundle.changedFiles[0];
+  return [
+    {
+      id: makeFindingId("compliance", firstFile.path, 1, "Bugfix no history"),
+      file: firstFile.path,
+      lineRange: [1, 1],
+      domain: "compliance",
+      severity: "suggestion",
+      title: "Bugfix without commit history context",
+      rationale: "Bugfix changes benefit from commit history to verify the root cause is addressed, not just the symptom. No commit history was provided.",
+      evidence: [`changeType: bugfix`, `commitHistory entries: ${bundle.commitHistory.length}`],
+      validatedBy: "heuristic"
     }
+  ];
+}
+function checkChangeTypeSpecific(bundle) {
+  switch (bundle.changeType) {
+    case "feature":
+      return checkFeatureSpec(bundle);
+    case "bugfix":
+      return checkBugfixHistory(bundle);
+    default:
+      return [];
   }
+}
+function checkResultTypeConvention(bundle, rules) {
   const resultTypeRule = rules.find((r) => r.text.toLowerCase().includes("result type"));
-  if (resultTypeRule) {
-    for (const cf of bundle.changedFiles) {
-      const hasTryCatch = cf.content.includes("try {") || cf.content.includes("try{");
-      const usesResult = cf.content.includes("Result<") || cf.content.includes("Result >") || cf.content.includes(": Result");
-      if (hasTryCatch && !usesResult) {
-        findings.push({
-          id: makeFindingId("compliance", cf.path, 1, "try-catch not Result"),
-          file: cf.path,
-          lineRange: [1, cf.lines],
-          domain: "compliance",
-          severity: "suggestion",
-          title: "Fallible operation uses try/catch instead of Result type",
-          rationale: `Convention requires using Result type for fallible operations (from ${resultTypeRule.source}).`,
-          suggestion: "Refactor error handling to use the Result type pattern.",
-          evidence: [
-            `changeType: ${bundle.changeType}`,
-            `Convention rule: "${resultTypeRule.text}"`
-          ],
-          validatedBy: "heuristic"
-        });
-      }
+  if (!resultTypeRule) return [];
+  const findings = [];
+  for (const cf of bundle.changedFiles) {
+    const hasTryCatch = cf.content.includes("try {") || cf.content.includes("try{");
+    const usesResult = cf.content.includes("Result<") || cf.content.includes("Result >") || cf.content.includes(": Result");
+    if (hasTryCatch && !usesResult) {
+      findings.push({
+        id: makeFindingId("compliance", cf.path, 1, "try-catch not Result"),
+        file: cf.path,
+        lineRange: [1, cf.lines],
+        domain: "compliance",
+        severity: "suggestion",
+        title: "Fallible operation uses try/catch instead of Result type",
+        rationale: `Convention requires using Result type for fallible operations (from ${resultTypeRule.source}).`,
+        suggestion: "Refactor error handling to use the Result type pattern.",
+        evidence: [`changeType: ${bundle.changeType}`, `Convention rule: "${resultTypeRule.text}"`],
+        validatedBy: "heuristic"
+      });
     }
   }
   return findings;
 }
+function runComplianceAgent(bundle) {
+  const rules = extractConventionRules(bundle);
+  return [
+    ...checkMissingJsDoc(bundle, rules),
+    ...checkChangeTypeSpecific(bundle),
+    ...checkResultTypeConvention(bundle, rules)
+  ];
+}
 
 // src/review/agents/bug-agent.ts
 var BUG_DETECTION_DESCRIPTOR = {
@@ -7737,31 +8607,32 @@ var ARCHITECTURE_DESCRIPTOR = {
   ]
 };
 var LARGE_FILE_THRESHOLD = 300;
+function isViolationLine(line) {
+  const lower = line.toLowerCase();
+  return lower.includes("violation") || lower.includes("layer");
+}
+function createLayerViolationFinding(line, fallbackPath) {
+  const fileMatch = line.match(/(?:in\s+)?(\S+\.(?:ts|tsx|js|jsx))(?::(\d+))?/);
+  const file = fileMatch?.[1] ?? fallbackPath;
+  const lineNum = fileMatch?.[2] ? parseInt(fileMatch[2], 10) : 1;
+  return {
+    id: makeFindingId("arch", file, lineNum, "layer violation"),
+    file,
+    lineRange: [lineNum, lineNum],
+    domain: "architecture",
+    severity: "critical",
+    title: "Layer boundary violation detected by check-deps",
+    rationale: `Architectural layer violation: ${line.trim()}. Imports must flow in the correct direction per the project's layer definitions.`,
+    suggestion: "Route the dependency through the correct intermediate layer (e.g., routes -> services -> db, not routes -> db).",
+    evidence: [line.trim()],
+    validatedBy: "heuristic"
+  };
+}
 function detectLayerViolations(bundle) {
-  const findings = [];
   const checkDepsFile = bundle.contextFiles.find((f) => f.path === "harness-check-deps-output");
-  if (!checkDepsFile) return findings;
-  const lines = checkDepsFile.content.split("\n");
-  for (const line of lines) {
-    if (line.toLowerCase().includes("violation") || line.toLowerCase().includes("layer")) {
-      const fileMatch = line.match(/(?:in\s+)?(\S+\.(?:ts|tsx|js|jsx))(?::(\d+))?/);
-      const file = fileMatch?.[1] ?? bundle.changedFiles[0]?.path ?? "unknown";
-      const lineNum = fileMatch?.[2] ? parseInt(fileMatch[2], 10) : 1;
-      findings.push({
-        id: makeFindingId("arch", file, lineNum, "layer violation"),
-        file,
-        lineRange: [lineNum, lineNum],
-        domain: "architecture",
-        severity: "critical",
-        title: "Layer boundary violation detected by check-deps",
-        rationale: `Architectural layer violation: ${line.trim()}. Imports must flow in the correct direction per the project's layer definitions.`,
-        suggestion: "Route the dependency through the correct intermediate layer (e.g., routes -> services -> db, not routes -> db).",
-        evidence: [line.trim()],
-        validatedBy: "heuristic"
-      });
-    }
-  }
-  return findings;
+  if (!checkDepsFile) return [];
+  const fallbackPath = bundle.changedFiles[0]?.path ?? "unknown";
+  return checkDepsFile.content.split("\n").filter(isViolationLine).map((line) => createLayerViolationFinding(line, fallbackPath));
 }
 function detectLargeFiles(bundle) {
   const findings = [];
@@ -7783,45 +8654,61 @@ function detectLargeFiles(bundle) {
   }
   return findings;
 }
+function extractRelativeImports(content) {
+  const importRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
+  let match;
+  const imports = /* @__PURE__ */ new Set();
+  while ((match = importRegex.exec(content)) !== null) {
+    const source = match[1];
+    if (source.startsWith(".")) {
+      imports.add(source.replace(/^\.\//, "").replace(/^\.\.\//, ""));
+    }
+  }
+  return imports;
+}
+function fileBaseName(filePath) {
+  return filePath.replace(/.*\//, "").replace(/\.(ts|tsx|js|jsx)$/, "");
+}
+function findCircularImportInCtxFile(ctxFile, changedFilePath, changedPaths, fileImports) {
+  const ctxImportRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
+  let ctxMatch;
+  while ((ctxMatch = ctxImportRegex.exec(ctxFile.content)) !== null) {
+    const ctxSource = ctxMatch[1];
+    if (!ctxSource.startsWith(".")) continue;
+    for (const changedPath of changedPaths) {
+      const baseName = fileBaseName(changedPath);
+      const ctxBaseName = fileBaseName(ctxFile.path);
+      if (ctxSource.includes(baseName) && fileImports.has(ctxBaseName)) {
+        return {
+          id: makeFindingId("arch", changedFilePath, 1, `circular ${ctxFile.path}`),
+          file: changedFilePath,
+          lineRange: [1, 1],
+          domain: "architecture",
+          severity: "important",
+          title: `Potential circular import between ${changedFilePath} and ${ctxFile.path}`,
+          rationale: "Circular imports can cause runtime issues (undefined values at import time) and indicate tightly coupled modules that should be refactored.",
+          suggestion: "Extract shared types/interfaces into a separate module that both files can import from.",
+          evidence: [
+            `${changedFilePath} imports from a module that also imports from ${changedFilePath}`
+          ],
+          validatedBy: "heuristic"
+        };
+      }
+    }
+  }
+  return null;
+}
 function detectCircularImports(bundle) {
   const findings = [];
   const changedPaths = new Set(bundle.changedFiles.map((f) => f.path));
+  const relevantCtxFiles = bundle.contextFiles.filter(
+    (f) => f.reason === "import" || f.reason === "graph-dependency"
+  );
   for (const cf of bundle.changedFiles) {
-    const importRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
-    let match;
-    const imports = /* @__PURE__ */ new Set();
-    while ((match = importRegex.exec(cf.content)) !== null) {
-      const source = match[1];
-      if (source.startsWith(".")) {
-        imports.add(source.replace(/^\.\//, "").replace(/^\.\.\//, ""));
-      }
-    }
-    for (const ctxFile of bundle.contextFiles) {
-      if (ctxFile.reason !== "import" && ctxFile.reason !== "graph-dependency") continue;
-      const ctxImportRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
-      let ctxMatch;
-      while ((ctxMatch = ctxImportRegex.exec(ctxFile.content)) !== null) {
-        const ctxSource = ctxMatch[1];
-        if (ctxSource.startsWith(".")) {
-          for (const changedPath of changedPaths) {
-            const baseName = changedPath.replace(/.*\//, "").replace(/\.(ts|tsx|js|jsx)$/, "");
-            if (ctxSource.includes(baseName) && imports.has(ctxFile.path.replace(/.*\//, "").replace(/\.(ts|tsx|js|jsx)$/, ""))) {
-              findings.push({
-                id: makeFindingId("arch", cf.path, 1, `circular ${ctxFile.path}`),
-                file: cf.path,
-                lineRange: [1, 1],
-                domain: "architecture",
-                severity: "important",
-                title: `Potential circular import between ${cf.path} and ${ctxFile.path}`,
-                rationale: "Circular imports can cause runtime issues (undefined values at import time) and indicate tightly coupled modules that should be refactored.",
-                suggestion: "Extract shared types/interfaces into a separate module that both files can import from.",
-                evidence: [`${cf.path} imports from a module that also imports from ${cf.path}`],
-                validatedBy: "heuristic"
-              });
-            }
-          }
-        }
-      }
+    const imports = extractRelativeImports(cf.content);
+    for (const ctxFile of relevantCtxFiles) {
+      const finding = findCircularImportInCtxFile(ctxFile, cf.path, changedPaths, imports);
+      if (finding) findings.push(finding);
     }
   }
   return findings;
@@ -7868,7 +8755,7 @@ async function fanOutReview(options) {
 }
 
 // src/review/validate-findings.ts
-import * as path15 from "path";
+import * as path18 from "path";
 var DOWNGRADE_MAP = {
   critical: "important",
   important: "suggestion",
@@ -7889,7 +8776,7 @@ function normalizePath(filePath, projectRoot) {
   let normalized = filePath;
   normalized = normalized.replace(/\\/g, "/");
   const normalizedRoot = projectRoot.replace(/\\/g, "/");
-  if (path15.isAbsolute(normalized)) {
+  if (path18.isAbsolute(normalized)) {
     const root = normalizedRoot.endsWith("/") ? normalizedRoot : normalizedRoot + "/";
     if (normalized.startsWith(root)) {
       normalized = normalized.slice(root.length);
@@ -7914,12 +8801,12 @@ function followImportChain(fromFile, fileContents, maxDepth = 2) {
     while ((match = importRegex.exec(content)) !== null) {
       const importPath = match[1];
       if (!importPath.startsWith(".")) continue;
-      const dir = path15.dirname(current.file);
-      let resolved = path15.join(dir, importPath).replace(/\\/g, "/");
+      const dir = path18.dirname(current.file);
+      let resolved = path18.join(dir, importPath).replace(/\\/g, "/");
       if (!resolved.match(/\.(ts|tsx|js|jsx)$/)) {
         resolved += ".ts";
       }
-      resolved = path15.normalize(resolved).replace(/\\/g, "/");
+      resolved = path18.normalize(resolved).replace(/\\/g, "/");
       if (!visited.has(resolved) && current.depth + 1 <= maxDepth) {
         queue.push({ file: resolved, depth: current.depth + 1 });
       }
@@ -7936,7 +8823,7 @@ async function validateFindings(options) {
     if (exclusionSet.isExcluded(normalizedFile, finding.lineRange) || exclusionSet.isExcluded(finding.file, finding.lineRange)) {
       continue;
     }
-    const absoluteFile = path15.isAbsolute(finding.file) ? finding.file : path15.join(projectRoot, finding.file).replace(/\\/g, "/");
+    const absoluteFile = path18.isAbsolute(finding.file) ? finding.file : path18.join(projectRoot, finding.file).replace(/\\/g, "/");
     if (exclusionSet.isExcluded(absoluteFile, finding.lineRange)) {
       continue;
     }
@@ -7993,6 +8880,28 @@ async function validateFindings(options) {
 function rangesOverlap(a, b, gap) {
   return a[0] <= b[1] + gap && b[0] <= a[1] + gap;
 }
+function pickLongest(a, b) {
+  if (a && b) return a.length >= b.length ? a : b;
+  return a ?? b;
+}
+function buildMergedTitle(a, b, domains) {
+  const primaryFinding = SEVERITY_RANK[a.severity] >= SEVERITY_RANK[b.severity] ? a : b;
+  const domainList = [...domains].sort().join(", ");
+  const cleanTitle = primaryFinding.title.replace(/^\[.*?\]\s*/, "");
+  return { title: `[${domainList}] ${cleanTitle}`, primaryFinding };
+}
+function mergeSecurityFields(merged, primary, a, b) {
+  const cweId = primary.cweId ?? a.cweId ?? b.cweId;
+  const owaspCategory = primary.owaspCategory ?? a.owaspCategory ?? b.owaspCategory;
+  const confidence = primary.confidence ?? a.confidence ?? b.confidence;
+  const remediation = pickLongest(a.remediation, b.remediation);
+  const mergedRefs = [.../* @__PURE__ */ new Set([...a.references ?? [], ...b.references ?? []])];
+  if (cweId !== void 0) merged.cweId = cweId;
+  if (owaspCategory !== void 0) merged.owaspCategory = owaspCategory;
+  if (confidence !== void 0) merged.confidence = confidence;
+  if (remediation !== void 0) merged.remediation = remediation;
+  if (mergedRefs.length > 0) merged.references = mergedRefs;
+}
 function mergeFindings(a, b) {
   const highestSeverity = SEVERITY_RANK[a.severity] >= SEVERITY_RANK[b.severity] ? a.severity : b.severity;
   const highestValidatedBy = (VALIDATED_BY_RANK[a.validatedBy] ?? 0) >= (VALIDATED_BY_RANK[b.validatedBy] ?? 0) ? a.validatedBy : b.validatedBy;
@@ -8002,18 +8911,12 @@ function mergeFindings(a, b) {
     Math.min(a.lineRange[0], b.lineRange[0]),
     Math.max(a.lineRange[1], b.lineRange[1])
   ];
-  const domains = /* @__PURE__ */ new Set();
-  domains.add(a.domain);
-  domains.add(b.domain);
-  const suggestion = a.suggestion && b.suggestion ? a.suggestion.length >= b.suggestion.length ? a.suggestion : b.suggestion : a.suggestion ?? b.suggestion;
-  const primaryFinding = SEVERITY_RANK[a.severity] >= SEVERITY_RANK[b.severity] ? a : b;
-  const domainList = [...domains].sort().join(", ");
-  const cleanTitle = primaryFinding.title.replace(/^\[.*?\]\s*/, "");
-  const title = `[${domainList}] ${cleanTitle}`;
+  const domains = /* @__PURE__ */ new Set([a.domain, b.domain]);
+  const suggestion = pickLongest(a.suggestion, b.suggestion);
+  const { title, primaryFinding } = buildMergedTitle(a, b, domains);
   const merged = {
     id: primaryFinding.id,
     file: a.file,
-    // same file for all merged findings
     lineRange,
     domain: primaryFinding.domain,
     severity: highestSeverity,
@@ -8025,16 +8928,7 @@ function mergeFindings(a, b) {
   if (suggestion !== void 0) {
     merged.suggestion = suggestion;
   }
-  const cweId = primaryFinding.cweId ?? a.cweId ?? b.cweId;
-  const owaspCategory = primaryFinding.owaspCategory ?? a.owaspCategory ?? b.owaspCategory;
-  const confidence = primaryFinding.confidence ?? a.confidence ?? b.confidence;
-  const remediation = a.remediation && b.remediation ? a.remediation.length >= b.remediation.length ? a.remediation : b.remediation : a.remediation ?? b.remediation;
-  const mergedRefs = [.../* @__PURE__ */ new Set([...a.references ?? [], ...b.references ?? []])];
-  if (cweId !== void 0) merged.cweId = cweId;
-  if (owaspCategory !== void 0) merged.owaspCategory = owaspCategory;
-  if (confidence !== void 0) merged.confidence = confidence;
-  if (remediation !== void 0) merged.remediation = remediation;
-  if (mergedRefs.length > 0) merged.references = mergedRefs;
+  mergeSecurityFields(merged, primaryFinding, a, b);
   return merged;
 }
 function deduplicateFindings(options) {
@@ -8206,6 +9100,17 @@ function formatTerminalOutput(options) {
     if (suggestionCount > 0) parts.push(`${suggestionCount} suggestion(s)`);
     sections.push(`  Found ${issueCount} issue(s): ${parts.join(", ")}.`);
   }
+  if (options.evidenceCoverage) {
+    const ec = options.evidenceCoverage;
+    sections.push("");
+    sections.push("## Evidence Coverage\n");
+    sections.push(`  Evidence entries: ${ec.totalEntries}`);
+    sections.push(
+      `  Findings with evidence: ${ec.findingsWithEvidence}/${ec.findingsWithEvidence + ec.uncitedCount}`
+    );
+    sections.push(`  Uncited findings: ${ec.uncitedCount} (flagged as [UNVERIFIED])`);
+    sections.push(`  Coverage: ${ec.coveragePercentage}%`);
+  }
   return sections.join("\n");
 }
 
@@ -8282,9 +9187,108 @@ function formatGitHubSummary(options) {
   const assessment = determineAssessment(findings);
   const assessmentLabel = assessment === "approve" ? "Approve" : assessment === "comment" ? "Comment" : "Request Changes";
   sections.push(`## Assessment: ${assessmentLabel}`);
+  if (options.evidenceCoverage) {
+    const ec = options.evidenceCoverage;
+    sections.push("");
+    sections.push("## Evidence Coverage\n");
+    sections.push(`- Evidence entries: ${ec.totalEntries}`);
+    sections.push(
+      `- Findings with evidence: ${ec.findingsWithEvidence}/${ec.findingsWithEvidence + ec.uncitedCount}`
+    );
+    sections.push(`- Uncited findings: ${ec.uncitedCount} (flagged as \\[UNVERIFIED\\])`);
+    sections.push(`- Coverage: ${ec.coveragePercentage}%`);
+  }
   return sections.join("\n");
 }
 
+// src/review/evidence-gate.ts
+var FILE_LINE_RANGE_PATTERN = /^([\w./@-]+\.\w+):(\d+)-(\d+)/;
+var FILE_LINE_PATTERN = /^([\w./@-]+\.\w+):(\d+)/;
+var FILE_ONLY_PATTERN = /^([\w./@-]+\.\w+)\s/;
+function parseEvidenceRef(content) {
+  const trimmed = content.trim();
+  const rangeMatch = trimmed.match(FILE_LINE_RANGE_PATTERN);
+  if (rangeMatch) {
+    return {
+      file: rangeMatch[1],
+      lineStart: parseInt(rangeMatch[2], 10),
+      lineEnd: parseInt(rangeMatch[3], 10)
+    };
+  }
+  const lineMatch = trimmed.match(FILE_LINE_PATTERN);
+  if (lineMatch) {
+    return {
+      file: lineMatch[1],
+      lineStart: parseInt(lineMatch[2], 10)
+    };
+  }
+  const fileMatch = trimmed.match(FILE_ONLY_PATTERN);
+  if (fileMatch) {
+    return { file: fileMatch[1] };
+  }
+  return null;
+}
+function evidenceMatchesFinding(ref, finding) {
+  if (ref.file !== finding.file) return false;
+  if (ref.lineStart === void 0) return true;
+  const [findStart, findEnd] = finding.lineRange;
+  if (ref.lineEnd !== void 0) {
+    return ref.lineStart <= findEnd && ref.lineEnd >= findStart;
+  }
+  return ref.lineStart >= findStart && ref.lineStart <= findEnd;
+}
+function checkEvidenceCoverage(findings, evidenceEntries) {
+  if (findings.length === 0) {
+    return {
+      totalEntries: evidenceEntries.filter((e) => e.status === "active").length,
+      findingsWithEvidence: 0,
+      uncitedCount: 0,
+      uncitedFindings: [],
+      coveragePercentage: 100
+    };
+  }
+  const activeEvidence = evidenceEntries.filter((e) => e.status === "active");
+  const evidenceRefs = [];
+  for (const entry of activeEvidence) {
+    const ref = parseEvidenceRef(entry.content);
+    if (ref) evidenceRefs.push(ref);
+  }
+  let findingsWithEvidence = 0;
+  const uncitedFindings = [];
+  for (const finding of findings) {
+    const hasEvidence = evidenceRefs.some((ref) => evidenceMatchesFinding(ref, finding));
+    if (hasEvidence) {
+      findingsWithEvidence++;
+    } else {
+      uncitedFindings.push(finding.title);
+    }
+  }
+  const uncitedCount = findings.length - findingsWithEvidence;
+  const coveragePercentage = Math.round(findingsWithEvidence / findings.length * 100);
+  return {
+    totalEntries: activeEvidence.length,
+    findingsWithEvidence,
+    uncitedCount,
+    uncitedFindings,
+    coveragePercentage
+  };
+}
+function tagUncitedFindings(findings, evidenceEntries) {
+  const activeEvidence = evidenceEntries.filter((e) => e.status === "active");
+  const evidenceRefs = [];
+  for (const entry of activeEvidence) {
+    const ref = parseEvidenceRef(entry.content);
+    if (ref) evidenceRefs.push(ref);
+  }
+  for (const finding of findings) {
+    const hasEvidence = evidenceRefs.some((ref) => evidenceMatchesFinding(ref, finding));
+    if (!hasEvidence && !finding.title.startsWith("[UNVERIFIED]")) {
+      finding.title = `[UNVERIFIED] ${finding.title}`;
+    }
+  }
+  return findings;
+}
+
 // src/review/pipeline-orchestrator.ts
 async function runReviewPipeline(options) {
   const {
@@ -8297,7 +9301,8 @@ async function runReviewPipeline(options) {
     conventionFiles,
     checkDepsOutput,
     config = {},
-    commitHistory
+    commitHistory,
+    sessionSlug
   } = options;
   if (flags.ci && prMetadata) {
     const eligibility = checkEligibility(prMetadata, true);
@@ -8393,13 +9398,25 @@ async function runReviewPipeline(options) {
     projectRoot,
     fileContents
   });
+  let evidenceCoverage;
+  if (sessionSlug) {
+    try {
+      const evidenceResult = await readSessionSection(projectRoot, sessionSlug, "evidence");
+      if (evidenceResult.ok) {
+        evidenceCoverage = checkEvidenceCoverage(validatedFindings, evidenceResult.value);
+        tagUncitedFindings(validatedFindings, evidenceResult.value);
+      }
+    } catch {
+    }
+  }
   const dedupedFindings = deduplicateFindings({ findings: validatedFindings });
   const strengths = [];
   const assessment = determineAssessment(dedupedFindings);
   const exitCode = getExitCode(assessment);
   const terminalOutput = formatTerminalOutput({
     findings: dedupedFindings,
-    strengths
+    strengths,
+    ...evidenceCoverage != null ? { evidenceCoverage } : {}
   });
   let githubComments = [];
   if (flags.comment) {
@@ -8414,7 +9431,8 @@ async function runReviewPipeline(options) {
     terminalOutput,
     githubComments,
     exitCode,
-    ...mechanicalResult !== void 0 ? { mechanicalResult } : {}
+    ...mechanicalResult != null ? { mechanicalResult } : {},
+    ...evidenceCoverage != null ? { evidenceCoverage } : {}
   };
 }
 
@@ -8433,7 +9451,7 @@ function parseRoadmap(markdown) {
   if (!fmMatch) {
     return Err2(new Error("Missing or malformed YAML frontmatter"));
   }
-  const fmResult = parseFrontmatter(fmMatch[1]);
+  const fmResult = parseFrontmatter2(fmMatch[1]);
   if (!fmResult.ok) return fmResult;
   const body = markdown.slice(fmMatch[0].length);
   const milestonesResult = parseMilestones(body);
@@ -8443,7 +9461,7 @@ function parseRoadmap(markdown) {
     milestones: milestonesResult.value
   });
 }
-function parseFrontmatter(raw) {
+function parseFrontmatter2(raw) {
   const lines = raw.split("\n");
   const map = /* @__PURE__ */ new Map();
   for (const line of lines) {
@@ -8517,13 +9535,29 @@ function parseFeatures(sectionBody) {
   }
   return Ok2(features);
 }
-function parseFeatureFields(name, body) {
+function extractFieldMap(body) {
   const fieldMap = /* @__PURE__ */ new Map();
   const fieldPattern = /^- \*\*(.+?):\*\* (.+)$/gm;
   let match;
   while ((match = fieldPattern.exec(body)) !== null) {
     fieldMap.set(match[1], match[2]);
   }
+  return fieldMap;
+}
+function parseListField(fieldMap, ...keys) {
+  let raw = EM_DASH;
+  for (const key of keys) {
+    const val = fieldMap.get(key);
+    if (val !== void 0) {
+      raw = val;
+      break;
+    }
+  }
+  if (raw === EM_DASH || raw === "none") return [];
+  return raw.split(",").map((s) => s.trim());
+}
+function parseFeatureFields(name, body) {
+  const fieldMap = extractFieldMap(body);
   const statusRaw = fieldMap.get("Status");
   if (!statusRaw || !VALID_STATUSES.has(statusRaw)) {
     return Err2(
@@ -8532,15 +9566,17 @@ function parseFeatureFields(name, body) {
       )
     );
   }
-  const status = statusRaw;
   const specRaw = fieldMap.get("Spec") ?? EM_DASH;
-  const spec = specRaw === EM_DASH ? null : specRaw;
-  const plansRaw = fieldMap.get("Plans") ?? fieldMap.get("Plan") ?? EM_DASH;
-  const plans = plansRaw === EM_DASH || plansRaw === "none" ? [] : plansRaw.split(",").map((p) => p.trim());
-  const blockedByRaw = fieldMap.get("Blocked by") ?? fieldMap.get("Blockers") ?? EM_DASH;
-  const blockedBy = blockedByRaw === EM_DASH || blockedByRaw === "none" ? [] : blockedByRaw.split(",").map((b) => b.trim());
-  const summary = fieldMap.get("Summary") ?? "";
-  return Ok2({ name, status, spec, plans, blockedBy, summary });
+  const plans = parseListField(fieldMap, "Plans", "Plan");
+  const blockedBy = parseListField(fieldMap, "Blocked by", "Blockers");
+  return Ok2({
+    name,
+    status: statusRaw,
+    spec: specRaw === EM_DASH ? null : specRaw,
+    plans,
+    blockedBy,
+    summary: fieldMap.get("Summary") ?? ""
+  });
 }
 
 // src/roadmap/serialize.ts
@@ -8591,8 +9627,8 @@ function serializeFeature(feature) {
 }
 
 // src/roadmap/sync.ts
-import * as fs16 from "fs";
-import * as path16 from "path";
+import * as fs19 from "fs";
+import * as path19 from "path";
 import { Ok as Ok3 } from "@harness-engineering/types";
 function inferStatus(feature, projectPath, allFeatures) {
   if (feature.blockedBy.length > 0) {
@@ -8607,10 +9643,10 @@ function inferStatus(feature, projectPath, allFeatures) {
   const featuresWithPlans = allFeatures.filter((f) => f.plans.length > 0);
   const useRootState = featuresWithPlans.length <= 1;
   if (useRootState) {
-    const rootStatePath = path16.join(projectPath, ".harness", "state.json");
-    if (fs16.existsSync(rootStatePath)) {
+    const rootStatePath = path19.join(projectPath, ".harness", "state.json");
+    if (fs19.existsSync(rootStatePath)) {
       try {
-        const raw = fs16.readFileSync(rootStatePath, "utf-8");
+        const raw = fs19.readFileSync(rootStatePath, "utf-8");
         const state = JSON.parse(raw);
         if (state.progress) {
           for (const status of Object.values(state.progress)) {
@@ -8621,16 +9657,16 @@ function inferStatus(feature, projectPath, allFeatures) {
       }
     }
   }
-  const sessionsDir = path16.join(projectPath, ".harness", "sessions");
-  if (fs16.existsSync(sessionsDir)) {
+  const sessionsDir = path19.join(projectPath, ".harness", "sessions");
+  if (fs19.existsSync(sessionsDir)) {
     try {
-      const sessionDirs = fs16.readdirSync(sessionsDir, { withFileTypes: true });
+      const sessionDirs = fs19.readdirSync(sessionsDir, { withFileTypes: true });
       for (const entry of sessionDirs) {
         if (!entry.isDirectory()) continue;
-        const autopilotPath = path16.join(sessionsDir, entry.name, "autopilot-state.json");
-        if (!fs16.existsSync(autopilotPath)) continue;
+        const autopilotPath = path19.join(sessionsDir, entry.name, "autopilot-state.json");
+        if (!fs19.existsSync(autopilotPath)) continue;
         try {
-          const raw = fs16.readFileSync(autopilotPath, "utf-8");
+          const raw = fs19.readFileSync(autopilotPath, "utf-8");
           const autopilot = JSON.parse(raw);
           if (!autopilot.phases) continue;
           const linkedPhases = autopilot.phases.filter(
@@ -8660,17 +9696,26 @@ function inferStatus(feature, projectPath, allFeatures) {
   if (anyStarted) return "in-progress";
   return null;
 }
+var STATUS_RANK = {
+  backlog: 0,
+  planned: 1,
+  blocked: 1,
+  // lateral to planned — sync can move to/from blocked freely
+  "in-progress": 2,
+  done: 3
+};
+function isRegression(from, to) {
+  return STATUS_RANK[to] < STATUS_RANK[from];
+}
 function syncRoadmap(options) {
   const { projectPath, roadmap, forceSync } = options;
-  const isManuallyEdited = new Date(roadmap.frontmatter.lastManualEdit) > new Date(roadmap.frontmatter.lastSynced);
-  const skipOverride = isManuallyEdited && !forceSync;
   const allFeatures = roadmap.milestones.flatMap((m) => m.features);
   const changes = [];
   for (const feature of allFeatures) {
-    if (skipOverride) continue;
     const inferred = inferStatus(feature, projectPath, allFeatures);
     if (inferred === null) continue;
     if (inferred === feature.status) continue;
+    if (!forceSync && isRegression(feature.status, inferred)) continue;
     changes.push({
       feature: feature.name,
       from: feature.status,
@@ -8679,48 +9724,60 @@ function syncRoadmap(options) {
   }
   return Ok3(changes);
 }
+function applySyncChanges(roadmap, changes) {
+  for (const change of changes) {
+    for (const m of roadmap.milestones) {
+      const feature = m.features.find((f) => f.name.toLowerCase() === change.feature.toLowerCase());
+      if (feature) {
+        feature.status = change.to;
+        break;
+      }
+    }
+  }
+  roadmap.frontmatter.lastSynced = (/* @__PURE__ */ new Date()).toISOString();
+}
 
 // src/interaction/types.ts
-import { z as z6 } from "zod";
-var InteractionTypeSchema = z6.enum(["question", "confirmation", "transition"]);
-var QuestionSchema = z6.object({
-  text: z6.string(),
-  options: z6.array(z6.string()).optional(),
-  default: z6.string().optional()
+import { z as z7 } from "zod";
+var InteractionTypeSchema = z7.enum(["question", "confirmation", "transition"]);
+var QuestionSchema = z7.object({
+  text: z7.string(),
+  options: z7.array(z7.string()).optional(),
+  default: z7.string().optional()
 });
-var ConfirmationSchema = z6.object({
-  text: z6.string(),
-  context: z6.string()
+var ConfirmationSchema = z7.object({
+  text: z7.string(),
+  context: z7.string()
 });
-var TransitionSchema = z6.object({
-  completedPhase: z6.string(),
-  suggestedNext: z6.string(),
-  reason: z6.string(),
-  artifacts: z6.array(z6.string()),
-  requiresConfirmation: z6.boolean(),
-  summary: z6.string()
+var TransitionSchema = z7.object({
+  completedPhase: z7.string(),
+  suggestedNext: z7.string(),
+  reason: z7.string(),
+  artifacts: z7.array(z7.string()),
+  requiresConfirmation: z7.boolean(),
+  summary: z7.string()
 });
-var EmitInteractionInputSchema = z6.object({
-  path: z6.string(),
+var EmitInteractionInputSchema = z7.object({
+  path: z7.string(),
   type: InteractionTypeSchema,
-  stream: z6.string().optional(),
+  stream: z7.string().optional(),
   question: QuestionSchema.optional(),
   confirmation: ConfirmationSchema.optional(),
   transition: TransitionSchema.optional()
 });
 
 // src/blueprint/scanner.ts
-import * as fs17 from "fs/promises";
-import * as path17 from "path";
+import * as fs20 from "fs/promises";
+import * as path20 from "path";
 var ProjectScanner = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
   }
   async scan() {
-    let projectName = path17.basename(this.rootDir);
+    let projectName = path20.basename(this.rootDir);
     try {
-      const pkgPath = path17.join(this.rootDir, "package.json");
-      const pkgRaw = await fs17.readFile(pkgPath, "utf-8");
+      const pkgPath = path20.join(this.rootDir, "package.json");
+      const pkgRaw = await fs20.readFile(pkgPath, "utf-8");
       const pkg = JSON.parse(pkgRaw);
       if (pkg.name) projectName = pkg.name;
     } catch {
@@ -8761,8 +9818,8 @@ var ProjectScanner = class {
 };
 
 // src/blueprint/generator.ts
-import * as fs18 from "fs/promises";
-import * as path18 from "path";
+import * as fs21 from "fs/promises";
+import * as path21 from "path";
 import * as ejs from "ejs";
 
 // src/blueprint/templates.ts
@@ -8846,19 +9903,19 @@ var BlueprintGenerator = class {
       styles: STYLES,
       scripts: SCRIPTS
     });
-    await fs18.mkdir(options.outputDir, { recursive: true });
-    await fs18.writeFile(path18.join(options.outputDir, "index.html"), html);
+    await fs21.mkdir(options.outputDir, { recursive: true });
+    await fs21.writeFile(path21.join(options.outputDir, "index.html"), html);
   }
 };
 
 // src/update-checker.ts
-import * as fs19 from "fs";
-import * as path19 from "path";
+import * as fs22 from "fs";
+import * as path22 from "path";
 import * as os from "os";
 import { spawn } from "child_process";
 function getStatePath() {
   const home = process.env["HOME"] || os.homedir();
-  return path19.join(home, ".harness", "update-check.json");
+  return path22.join(home, ".harness", "update-check.json");
 }
 function isUpdateCheckEnabled(configInterval) {
   if (process.env["HARNESS_NO_UPDATE_CHECK"] === "1") return false;
@@ -8871,7 +9928,7 @@ function shouldRunCheck(state, intervalMs) {
 }
 function readCheckState() {
   try {
-    const raw = fs19.readFileSync(getStatePath(), "utf-8");
+    const raw = fs22.readFileSync(getStatePath(), "utf-8");
     const parsed = JSON.parse(raw);
     if (typeof parsed === "object" && parsed !== null && "lastCheckTime" in parsed && typeof parsed.lastCheckTime === "number" && "currentVersion" in parsed && typeof parsed.currentVersion === "string") {
       const state = parsed;
@@ -8888,7 +9945,7 @@ function readCheckState() {
 }
 function spawnBackgroundCheck(currentVersion) {
   const statePath = getStatePath();
-  const stateDir = path19.dirname(statePath);
+  const stateDir = path22.dirname(statePath);
   const script = `
 const { execSync } = require('child_process');
 const fs = require('fs');
@@ -8941,8 +9998,410 @@ function getUpdateNotification(currentVersion) {
 Run "harness update" to upgrade.`;
 }
 
+// src/code-nav/types.ts
+var EXTENSION_MAP = {
+  ".ts": "typescript",
+  ".tsx": "typescript",
+  ".mts": "typescript",
+  ".cts": "typescript",
+  ".js": "javascript",
+  ".jsx": "javascript",
+  ".mjs": "javascript",
+  ".cjs": "javascript",
+  ".py": "python"
+};
+function detectLanguage(filePath) {
+  const ext = filePath.slice(filePath.lastIndexOf("."));
+  return EXTENSION_MAP[ext] ?? null;
+}
+
+// src/code-nav/parser.ts
+import Parser from "web-tree-sitter";
+var parserCache = /* @__PURE__ */ new Map();
+var initialized = false;
+var GRAMMAR_MAP = {
+  typescript: "tree-sitter-typescript",
+  javascript: "tree-sitter-javascript",
+  python: "tree-sitter-python"
+};
+async function ensureInit() {
+  if (!initialized) {
+    await Parser.init();
+    initialized = true;
+  }
+}
+async function resolveWasmPath(grammarName) {
+  const { createRequire } = await import("module");
+  const require2 = createRequire(import.meta.url ?? __filename);
+  const pkgPath = require2.resolve("tree-sitter-wasms/package.json");
+  const path23 = await import("path");
+  const pkgDir = path23.dirname(pkgPath);
+  return path23.join(pkgDir, "out", `${grammarName}.wasm`);
+}
+async function loadLanguage(lang) {
+  const grammarName = GRAMMAR_MAP[lang];
+  const wasmPath = await resolveWasmPath(grammarName);
+  return Parser.Language.load(wasmPath);
+}
+async function getParser(lang) {
+  const cached = parserCache.get(lang);
+  if (cached) return cached;
+  await ensureInit();
+  const parser = new Parser();
+  const language = await loadLanguage(lang);
+  parser.setLanguage(language);
+  parserCache.set(lang, parser);
+  return parser;
+}
+async function parseFile(filePath) {
+  const lang = detectLanguage(filePath);
+  if (!lang) {
+    return Err({
+      code: "UNSUPPORTED_LANGUAGE",
+      message: `Unsupported file extension: ${filePath}`
+    });
+  }
+  const contentResult = await readFileContent(filePath);
+  if (!contentResult.ok) {
+    return Err({
+      code: "FILE_NOT_FOUND",
+      message: `Cannot read file: ${filePath}`
+    });
+  }
+  try {
+    const parser = await getParser(lang);
+    const tree = parser.parse(contentResult.value);
+    return Ok({ tree, language: lang, source: contentResult.value, filePath });
+  } catch (e) {
+    return Err({
+      code: "PARSE_FAILED",
+      message: `Tree-sitter parse failed for ${filePath}: ${e.message}`
+    });
+  }
+}
+function resetParserCache() {
+  parserCache.clear();
+  initialized = false;
+}
+
+// src/code-nav/outline.ts
+var TOP_LEVEL_TYPES = {
+  typescript: {
+    function_declaration: "function",
+    class_declaration: "class",
+    interface_declaration: "interface",
+    type_alias_declaration: "type",
+    lexical_declaration: "variable",
+    variable_declaration: "variable",
+    export_statement: "export",
+    import_statement: "import",
+    enum_declaration: "type"
+  },
+  javascript: {
+    function_declaration: "function",
+    class_declaration: "class",
+    lexical_declaration: "variable",
+    variable_declaration: "variable",
+    export_statement: "export",
+    import_statement: "import"
+  },
+  python: {
+    function_definition: "function",
+    class_definition: "class",
+    assignment: "variable",
+    import_statement: "import",
+    import_from_statement: "import"
+  }
+};
+var METHOD_TYPES = {
+  typescript: ["method_definition", "public_field_definition"],
+  javascript: ["method_definition"],
+  python: ["function_definition"]
+};
+var IDENTIFIER_TYPES = /* @__PURE__ */ new Set(["identifier", "property_identifier", "type_identifier"]);
+function findIdentifier(node) {
+  return node.childForFieldName("name") ?? node.children.find((c) => IDENTIFIER_TYPES.has(c.type)) ?? null;
+}
+function getVariableDeclarationName(node) {
+  const declarator = node.children.find((c) => c.type === "variable_declarator");
+  if (!declarator) return null;
+  const id = findIdentifier(declarator);
+  return id?.text ?? null;
+}
+function getExportName(node, source) {
+  const decl = node.children.find(
+    (c) => c.type !== "export" && c.type !== "default" && c.type !== "comment"
+  );
+  return decl ? getNodeName(decl, source) : "<anonymous>";
+}
+function getAssignmentName(node) {
+  const left = node.childForFieldName("left") ?? node.children[0];
+  return left?.text ?? "<anonymous>";
+}
+function getNodeName(node, source) {
+  const id = findIdentifier(node);
+  if (id) return id.text;
+  const isVarDecl = node.type === "lexical_declaration" || node.type === "variable_declaration";
+  if (isVarDecl) return getVariableDeclarationName(node) ?? "<anonymous>";
+  if (node.type === "export_statement") return getExportName(node, source);
+  if (node.type === "assignment") return getAssignmentName(node);
+  return "<anonymous>";
+}
+function getSignature(node, source) {
+  const startLine = node.startPosition.row;
+  const lines = source.split("\n");
+  return (lines[startLine] ?? "").trim();
+}
+function extractMethods(classNode, language, source, filePath) {
+  const methodTypes = METHOD_TYPES[language] ?? [];
+  const body = classNode.childForFieldName("body") ?? classNode.children.find((c) => c.type === "class_body" || c.type === "block");
+  if (!body) return [];
+  return body.children.filter((child) => methodTypes.includes(child.type)).map((child) => ({
+    name: getNodeName(child, source),
+    kind: "method",
+    file: filePath,
+    line: child.startPosition.row + 1,
+    endLine: child.endPosition.row + 1,
+    signature: getSignature(child, source)
+  }));
+}
+function nodeToSymbol(node, kind, source, filePath) {
+  return {
+    name: getNodeName(node, source),
+    kind,
+    file: filePath,
+    line: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    signature: getSignature(node, source)
+  };
+}
+function processExportStatement(child, topLevelTypes, lang, source, filePath) {
+  const declaration = child.children.find(
+    (c) => c.type !== "export" && c.type !== "default" && c.type !== ";" && c.type !== "comment"
+  );
+  const kind = declaration ? topLevelTypes[declaration.type] : void 0;
+  if (declaration && kind) {
+    const sym = nodeToSymbol(child, kind, source, filePath);
+    sym.name = getNodeName(declaration, source);
+    if (kind === "class") {
+      sym.children = extractMethods(declaration, lang, source, filePath);
+    }
+    return sym;
+  }
+  return nodeToSymbol(child, "export", source, filePath);
+}
+function extractSymbols(rootNode, lang, source, filePath) {
+  const symbols = [];
+  const topLevelTypes = TOP_LEVEL_TYPES[lang] ?? {};
+  for (const child of rootNode.children) {
+    if (child.type === "export_statement") {
+      symbols.push(processExportStatement(child, topLevelTypes, lang, source, filePath));
+      continue;
+    }
+    const kind = topLevelTypes[child.type];
+    if (!kind || kind === "import") continue;
+    const sym = nodeToSymbol(child, kind, source, filePath);
+    if (kind === "class") {
+      sym.children = extractMethods(child, lang, source, filePath);
+    }
+    symbols.push(sym);
+  }
+  return symbols;
+}
+function buildFailedResult(filePath, lang) {
+  return { file: filePath, language: lang, totalLines: 0, symbols: [], error: "[parse-failed]" };
+}
+async function getOutline(filePath) {
+  const lang = detectLanguage(filePath);
+  if (!lang) return buildFailedResult(filePath, "unknown");
+  const result = await parseFile(filePath);
+  if (!result.ok) return buildFailedResult(filePath, lang);
+  const { tree, source } = result.value;
+  const totalLines = source.split("\n").length;
+  const symbols = extractSymbols(tree.rootNode, lang, source, filePath);
+  return { file: filePath, language: lang, totalLines, symbols };
+}
+function formatOutline(outline) {
+  if (outline.error) {
+    return `${outline.file} ${outline.error}`;
+  }
+  const lines = [`${outline.file} (${outline.totalLines} lines)`];
+  const last = outline.symbols.length - 1;
+  outline.symbols.forEach((sym, i) => {
+    const prefix = i === last ? "\u2514\u2500\u2500" : "\u251C\u2500\u2500";
+    lines.push(`${prefix} ${sym.signature}    :${sym.line}`);
+    if (sym.children) {
+      const childLast = sym.children.length - 1;
+      sym.children.forEach((child, j) => {
+        const childConnector = i === last ? "    " : "\u2502   ";
+        const childPrefix = j === childLast ? "\u2514\u2500\u2500" : "\u251C\u2500\u2500";
+        lines.push(`${childConnector}${childPrefix} ${child.signature}    :${child.line}`);
+      });
+    }
+  });
+  return lines.join("\n");
+}
+
+// src/code-nav/search.ts
+function buildGlob(directory, fileGlob) {
+  const dir = directory.replaceAll("\\", "/");
+  if (fileGlob) {
+    return `${dir}/**/${fileGlob}`;
+  }
+  const exts = Object.keys(EXTENSION_MAP).map((e) => e.slice(1));
+  return `${dir}/**/*.{${exts.join(",")}}`;
+}
+function matchesQuery(name, query) {
+  return name.toLowerCase().includes(query.toLowerCase());
+}
+function flattenSymbols(symbols) {
+  const flat = [];
+  for (const sym of symbols) {
+    flat.push(sym);
+    if (sym.children) {
+      flat.push(...sym.children);
+    }
+  }
+  return flat;
+}
+async function searchSymbols(query, directory, fileGlob) {
+  const pattern = buildGlob(directory, fileGlob);
+  let files;
+  try {
+    files = await findFiles(pattern, directory);
+  } catch {
+    files = [];
+  }
+  const matches = [];
+  const skipped = [];
+  for (const file of files) {
+    const lang = detectLanguage(file);
+    if (!lang) {
+      skipped.push(file);
+      continue;
+    }
+    const outline = await getOutline(file);
+    if (outline.error) {
+      skipped.push(file);
+      continue;
+    }
+    const allSymbols = flattenSymbols(outline.symbols);
+    for (const sym of allSymbols) {
+      if (matchesQuery(sym.name, query)) {
+        matches.push({
+          symbol: sym,
+          context: sym.signature
+        });
+      }
+    }
+  }
+  return { query, matches, skipped };
+}
+
+// src/code-nav/unfold.ts
+function findSymbolInList(symbols, name) {
+  for (const sym of symbols) {
+    if (sym.name === name) return sym;
+    if (sym.children) {
+      const found = findSymbolInList(sym.children, name);
+      if (found) return found;
+    }
+  }
+  return null;
+}
+function extractLines(source, startLine, endLine) {
+  const lines = source.split("\n");
+  const start = Math.max(0, startLine - 1);
+  const end = Math.min(lines.length, endLine);
+  return lines.slice(start, end).join("\n");
+}
+function buildFallbackResult(filePath, symbolName, content, language) {
+  const totalLines = content ? content.split("\n").length : 0;
+  return {
+    file: filePath,
+    symbolName,
+    startLine: content ? 1 : 0,
+    endLine: totalLines,
+    content,
+    language,
+    fallback: true,
+    warning: "[fallback: raw content]"
+  };
+}
+async function readContentSafe(filePath) {
+  const result = await readFileContent(filePath);
+  return result.ok ? result.value : "";
+}
+async function unfoldSymbol(filePath, symbolName) {
+  const lang = detectLanguage(filePath);
+  if (!lang) {
+    const content2 = await readContentSafe(filePath);
+    return buildFallbackResult(filePath, symbolName, content2, "unknown");
+  }
+  const outline = await getOutline(filePath);
+  if (outline.error) {
+    const content2 = await readContentSafe(filePath);
+    return buildFallbackResult(filePath, symbolName, content2, lang);
+  }
+  const symbol = findSymbolInList(outline.symbols, symbolName);
+  if (!symbol) {
+    const content2 = await readContentSafe(filePath);
+    return buildFallbackResult(filePath, symbolName, content2, lang);
+  }
+  const parseResult = await parseFile(filePath);
+  if (!parseResult.ok) {
+    const content2 = await readContentSafe(filePath);
+    return {
+      ...buildFallbackResult(
+        filePath,
+        symbolName,
+        extractLines(content2, symbol.line, symbol.endLine),
+        lang
+      ),
+      startLine: symbol.line,
+      endLine: symbol.endLine
+    };
+  }
+  const content = extractLines(parseResult.value.source, symbol.line, symbol.endLine);
+  return {
+    file: filePath,
+    symbolName,
+    startLine: symbol.line,
+    endLine: symbol.endLine,
+    content,
+    language: lang,
+    fallback: false
+  };
+}
+async function unfoldRange(filePath, startLine, endLine) {
+  const lang = detectLanguage(filePath) ?? "unknown";
+  const contentResult = await readFileContent(filePath);
+  if (!contentResult.ok) {
+    return {
+      file: filePath,
+      startLine: 0,
+      endLine: 0,
+      content: "",
+      language: lang,
+      fallback: true,
+      warning: "[fallback: raw content]"
+    };
+  }
+  const totalLines = contentResult.value.split("\n").length;
+  const clampedEnd = Math.min(endLine, totalLines);
+  const content = extractLines(contentResult.value, startLine, clampedEnd);
+  return {
+    file: filePath,
+    startLine,
+    endLine: clampedEnd,
+    content,
+    language: lang,
+    fallback: false
+  };
+}
+
 // src/index.ts
-var VERSION = "0.13.0";
+var VERSION = "0.15.0";
 export {
   AGENT_DESCRIPTORS,
   ARCHITECTURE_DESCRIPTOR,
@@ -8976,6 +10435,7 @@ export {
   DEFAULT_STATE,
   DEFAULT_STREAM_INDEX,
   DepDepthCollector,
+  EXTENSION_MAP,
   EmitInteractionInputSchema,
   EntropyAnalyzer,
   EntropyConfigSchema,
@@ -9010,6 +10470,7 @@ export {
   SharableForbiddenImportSchema,
   SharableLayerSchema,
   SharableSecurityRulesSchema,
+  SkillEventSchema,
   StreamIndexSchema,
   StreamInfoSchema,
   ThresholdConfigSchema,
@@ -9018,30 +10479,37 @@ export {
   VERSION,
   ViolationSchema,
   addProvenance,
+  agentConfigRules,
   analyzeDiff,
   analyzeLearningPatterns,
   appendFailure,
   appendLearning,
+  appendSessionEntry,
   applyFixes,
   applyHotspotDowngrade,
+  applySyncChanges,
   archMatchers,
   archModule,
   architecture,
   archiveFailures,
   archiveLearnings,
+  archiveSession,
   archiveStream,
   buildDependencyGraph,
   buildExclusionSet,
   buildSnapshot,
   checkDocCoverage,
   checkEligibility,
+  checkEvidenceCoverage,
   classifyFinding,
+  clearEventHashCache,
   clearFailuresCache,
   clearLearningsCache,
   configureFeedback,
   constraintRuleId,
   contextBudget,
   contextFilter,
+  countLearningEntries,
   createBoundaryValidator,
   createCommentedCodeFixes,
   createError,
@@ -9065,27 +10533,34 @@ export {
   detectCouplingViolations,
   detectDeadCode,
   detectDocDrift,
+  detectLanguage,
   detectPatternViolations,
   detectSizeBudgetViolations,
   detectStack,
   detectStaleConstraints,
   determineAssessment,
   diff,
+  emitEvent,
   executeWorkflow,
   expressRules,
   extractBundle,
+  extractIndexEntry,
   extractMarkdownLinks,
   extractSections,
   fanOutReview,
+  formatEventTimeline,
   formatFindingBlock,
   formatGitHubComment,
   formatGitHubSummary,
+  formatOutline,
   formatTerminalOutput,
   generateAgentsMap,
   generateSuggestions,
   getActionEmitter,
   getExitCode,
   getFeedbackConfig,
+  getOutline,
+  getParser,
   getPhaseCategories,
   getStreamForBranch,
   getUpdateNotification,
@@ -9096,33 +10571,42 @@ export {
   listActiveSessions,
   listStreams,
   loadBudgetedLearnings,
+  loadEvents,
   loadFailures,
   loadHandoff,
+  loadIndexEntries,
   loadRelevantLearnings,
   loadSessionSummary,
   loadState,
   loadStreamIndex,
   logAgentAction,
+  mcpRules,
   migrateToStreams,
   networkRules,
   nodeRules,
   parseDateFromEntry,
   parseDiff,
+  parseFile,
+  parseFrontmatter,
   parseManifest,
   parseRoadmap,
   parseSecurityConfig,
   parseSize,
   pathTraversalRules,
   previewFix,
+  promoteSessionLearnings,
   pruneLearnings,
   reactRules,
   readCheckState,
   readLockfile,
+  readSessionSection,
+  readSessionSections,
   removeContributions,
   removeProvenance,
   requestMultiplePeerReviews,
   requestPeerReview,
   resetFeedbackConfig,
+  resetParserCache,
   resolveFileToLayer,
   resolveModelTier,
   resolveRuleSeverity,
@@ -9144,6 +10628,7 @@ export {
   saveState,
   saveStreamIndex,
   scopeContext,
+  searchSymbols,
   secretRules,
   serializeRoadmap,
   setActiveStream,
@@ -9151,8 +10636,12 @@ export {
   spawnBackgroundCheck,
   syncConstraintNodes,
   syncRoadmap,
+  tagUncitedFindings,
   touchStream,
   trackAction,
+  unfoldRange,
+  unfoldSymbol,
+  updateSessionEntryStatus,
   updateSessionIndex,
   validateAgentsMap,
   validateBoundaries,