@harness-engineering/core 0.14.0 → 0.15.0

package/dist/index.mjs

@@ -84,15 +84,15 @@ function validateConfig(data, schema) {
   let message = "Configuration validation failed";
   const suggestions = [];
   if (firstError) {
-    const path22 = firstError.path.join(".");
-    const pathDisplay = path22 ? ` at "${path22}"` : "";
+    const path23 = firstError.path.join(".");
+    const pathDisplay = path23 ? ` at "${path23}"` : "";
     if (firstError.code === "invalid_type") {
       const received = firstError.received;
       const expected = firstError.expected;
       if (received === "undefined") {
         code = "MISSING_FIELD";
         message = `Missing required field${pathDisplay}: ${firstError.message}`;
-        suggestions.push(`Field "${path22}" is required and must be of type "${expected}"`);
+        suggestions.push(`Field "${path23}" is required and must be of type "${expected}"`);
       } else {
         code = "INVALID_TYPE";
         message = `Invalid type${pathDisplay}: ${firstError.message}`;
@@ -308,27 +308,27 @@ function extractSections(content) {
   }
   return sections.map((section) => buildAgentMapSection(section, lines));
 }
-function isExternalLink(path22) {
-  return path22.startsWith("http://") || path22.startsWith("https://") || path22.startsWith("#") || path22.startsWith("mailto:");
+function isExternalLink(path23) {
+  return path23.startsWith("http://") || path23.startsWith("https://") || path23.startsWith("#") || path23.startsWith("mailto:");
 }
 function resolveLinkPath(linkPath, baseDir) {
   return linkPath.startsWith(".") ? join(baseDir, linkPath) : linkPath;
 }
-async function validateAgentsMap(path22 = "./AGENTS.md") {
-  const contentResult = await readFileContent(path22);
+async function validateAgentsMap(path23 = "./AGENTS.md") {
+  const contentResult = await readFileContent(path23);
   if (!contentResult.ok) {
     return Err(
       createError(
         "PARSE_ERROR",
         `Failed to read AGENTS.md: ${contentResult.error.message}`,
-        { path: path22 },
+        { path: path23 },
         ["Ensure the file exists", "Check file permissions"]
       )
     );
   }
   const content = contentResult.value;
   const sections = extractSections(content);
-  const baseDir = dirname(path22);
+  const baseDir = dirname(path23);
   const sectionTitles = sections.map((s) => s.title);
   const missingSections = REQUIRED_SECTIONS.filter(
     (required) => !sectionTitles.some((title) => title.toLowerCase().includes(required.toLowerCase()))
@@ -469,8 +469,8 @@ async function checkDocCoverage(domain, options = {}) {
 
 // src/context/knowledge-map.ts
 import { join as join2, basename as basename2 } from "path";
-function suggestFix(path22, existingFiles) {
-  const targetName = basename2(path22).toLowerCase();
+function suggestFix(path23, existingFiles) {
+  const targetName = basename2(path23).toLowerCase();
   const similar = existingFiles.find((file) => {
     const fileName = basename2(file).toLowerCase();
     return fileName.includes(targetName) || targetName.includes(fileName);
@@ -478,7 +478,7 @@ function suggestFix(path22, existingFiles) {
   if (similar) {
     return `Did you mean "${similar}"?`;
   }
-  return `Create the file "${path22}" or remove the link`;
+  return `Create the file "${path23}" or remove the link`;
 }
 async function validateKnowledgeMap(rootDir = process.cwd()) {
   const agentsPath = join2(rootDir, "AGENTS.md");
@@ -830,8 +830,8 @@ function createBoundaryValidator(schema, name) {
         return Ok(result.data);
       }
       const suggestions = result.error.issues.map((issue) => {
-        const path22 = issue.path.join(".");
-        return path22 ? `${path22}: ${issue.message}` : issue.message;
+        const path23 = issue.path.join(".");
+        return path23 ? `${path23}: ${issue.message}` : issue.message;
       });
       return Err(
         createError(
@@ -1463,11 +1463,11 @@ function processExportListSpecifiers(exportDecl, exports) {
 var TypeScriptParser = class {
   name = "typescript";
   extensions = [".ts", ".tsx", ".mts", ".cts"];
-  async parseFile(path22) {
-    const contentResult = await readFileContent(path22);
+  async parseFile(path23) {
+    const contentResult = await readFileContent(path23);
     if (!contentResult.ok) {
       return Err(
-        createParseError("NOT_FOUND", `File not found: ${path22}`, { path: path22 }, [
+        createParseError("NOT_FOUND", `File not found: ${path23}`, { path: path23 }, [
           "Check that the file exists",
           "Verify the path is correct"
         ])
@@ -1477,7 +1477,7 @@ var TypeScriptParser = class {
       const ast = parse(contentResult.value, {
         loc: true,
         range: true,
-        jsx: path22.endsWith(".tsx"),
+        jsx: path23.endsWith(".tsx"),
         errorOnUnknownASTType: false
       });
       return Ok({
@@ -1488,7 +1488,7 @@ var TypeScriptParser = class {
     } catch (e) {
       const error = e;
       return Err(
-        createParseError("SYNTAX_ERROR", `Failed to parse ${path22}: ${error.message}`, { path: path22 }, [
+        createParseError("SYNTAX_ERROR", `Failed to parse ${path23}: ${error.message}`, { path: path23 }, [
           "Check for syntax errors in the file",
           "Ensure valid TypeScript syntax"
         ])
@@ -1673,22 +1673,22 @@ function extractInlineRefs(content) {
   }
   return refs;
 }
-async function parseDocumentationFile(path22) {
-  const contentResult = await readFileContent(path22);
+async function parseDocumentationFile(path23) {
+  const contentResult = await readFileContent(path23);
   if (!contentResult.ok) {
     return Err(
       createEntropyError(
         "PARSE_ERROR",
-        `Failed to read documentation file: ${path22}`,
-        { file: path22 },
+        `Failed to read documentation file: ${path23}`,
+        { file: path23 },
         ["Check that the file exists"]
       )
     );
   }
   const content = contentResult.value;
-  const type = path22.endsWith(".md") ? "markdown" : "text";
+  const type = path23.endsWith(".md") ? "markdown" : "text";
   return Ok({
-    path: path22,
+    path: path23,
     type,
     content,
     codeBlocks: extractCodeBlocks(content),
@@ -4820,6 +4820,8 @@ var SESSION_INDEX_FILE = "index.md";
 var SUMMARY_FILE = "summary.md";
 var SESSION_STATE_FILE = "session-state.json";
 var ARCHIVE_DIR = "archive";
+var CONTENT_HASHES_FILE = "content-hashes.json";
+var EVENTS_FILE = "events.jsonl";
 
 // src/state/stream-resolver.ts
 var STREAMS_DIR = "streams";
@@ -5162,6 +5164,85 @@ async function saveState(projectPath, state, stream, session) {
 // src/state/learnings.ts
 import * as fs9 from "fs";
 import * as path6 from "path";
+import * as crypto from "crypto";
+function parseFrontmatter(line) {
+  const match = line.match(/^<!--\s+hash:([a-f0-9]+)(?:\s+tags:([^\s]+))?\s+-->/);
+  if (!match) return null;
+  const hash = match[1];
+  const tags = match[2] ? match[2].split(",").filter(Boolean) : [];
+  return { hash, tags };
+}
+function computeEntryHash(text) {
+  return crypto.createHash("sha256").update(text).digest("hex").slice(0, 8);
+}
+function normalizeLearningContent(text) {
+  let normalized = text;
+  normalized = normalized.replace(/\d{4}-\d{2}-\d{2}/g, "");
+  normalized = normalized.replace(/\[skill:[^\]]*\]/g, "");
+  normalized = normalized.replace(/\[outcome:[^\]]*\]/g, "");
+  normalized = normalized.replace(/^[\s]*[-*]\s+/gm, "");
+  normalized = normalized.replace(/\*\*/g, "");
+  normalized = normalized.replace(/:\s*/g, " ");
+  normalized = normalized.toLowerCase();
+  normalized = normalized.replace(/\s+/g, " ").trim();
+  return normalized;
+}
+function computeContentHash(text) {
+  return crypto.createHash("sha256").update(text).digest("hex").slice(0, 16);
+}
+function loadContentHashes(stateDir) {
+  const hashesPath = path6.join(stateDir, CONTENT_HASHES_FILE);
+  if (!fs9.existsSync(hashesPath)) return {};
+  try {
+    const raw = fs9.readFileSync(hashesPath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) return {};
+    return parsed;
+  } catch {
+    return {};
+  }
+}
+function saveContentHashes(stateDir, index) {
+  const hashesPath = path6.join(stateDir, CONTENT_HASHES_FILE);
+  fs9.writeFileSync(hashesPath, JSON.stringify(index, null, 2) + "\n");
+}
+function rebuildContentHashes(stateDir) {
+  const learningsPath = path6.join(stateDir, LEARNINGS_FILE);
+  if (!fs9.existsSync(learningsPath)) return {};
+  const content = fs9.readFileSync(learningsPath, "utf-8");
+  const lines = content.split("\n");
+  const index = {};
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const isDatedBullet = /^- \*\*\d{4}-\d{2}-\d{2}/.test(line);
+    if (isDatedBullet) {
+      const learningMatch = line.match(/:\*\*\s*(.+)$/);
+      if (learningMatch?.[1]) {
+        const normalized = normalizeLearningContent(learningMatch[1]);
+        const hash = computeContentHash(normalized);
+        const dateMatch = line.match(/(\d{4}-\d{2}-\d{2})/);
+        index[hash] = { date: dateMatch?.[1] ?? "", line: i + 1 };
+      }
+    }
+  }
+  saveContentHashes(stateDir, index);
+  return index;
+}
+function extractIndexEntry(entry) {
+  const lines = entry.split("\n");
+  const summary = lines[0] ?? entry;
+  const tags = [];
+  const skillMatch = entry.match(/\[skill:([^\]]+)\]/);
+  if (skillMatch?.[1]) tags.push(skillMatch[1]);
+  const outcomeMatch = entry.match(/\[outcome:([^\]]+)\]/);
+  if (outcomeMatch?.[1]) tags.push(outcomeMatch[1]);
+  return {
+    hash: computeEntryHash(entry),
+    tags,
+    summary,
+    fullText: entry
+  };
+}
 var learningsCacheMap = /* @__PURE__ */ new Map();
 function clearLearningsCache() {
   learningsCacheMap.clear();
@@ -5173,27 +5254,55 @@ async function appendLearning(projectPath, learning, skillName, outcome, stream,
     const stateDir = dirResult.value;
     const learningsPath = path6.join(stateDir, LEARNINGS_FILE);
     fs9.mkdirSync(stateDir, { recursive: true });
+    const normalizedContent = normalizeLearningContent(learning);
+    const contentHash = computeContentHash(normalizedContent);
+    const hashesPath = path6.join(stateDir, CONTENT_HASHES_FILE);
+    let contentHashes;
+    if (fs9.existsSync(hashesPath)) {
+      contentHashes = loadContentHashes(stateDir);
+      if (Object.keys(contentHashes).length === 0 && fs9.existsSync(learningsPath)) {
+        contentHashes = rebuildContentHashes(stateDir);
+      }
+    } else if (fs9.existsSync(learningsPath)) {
+      contentHashes = rebuildContentHashes(stateDir);
+    } else {
+      contentHashes = {};
+    }
+    if (contentHashes[contentHash]) {
+      return Ok(void 0);
+    }
     const timestamp = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
-    let entry;
+    const fmTags = [];
+    if (skillName) fmTags.push(skillName);
+    if (outcome) fmTags.push(outcome);
+    let bulletLine;
     if (skillName && outcome) {
-      entry = `
-- **${timestamp} [skill:${skillName}] [outcome:${outcome}]:** ${learning}
-`;
+      bulletLine = `- **${timestamp} [skill:${skillName}] [outcome:${outcome}]:** ${learning}`;
     } else if (skillName) {
-      entry = `
-- **${timestamp} [skill:${skillName}]:** ${learning}
-`;
+      bulletLine = `- **${timestamp} [skill:${skillName}]:** ${learning}`;
     } else {
-      entry = `
-- **${timestamp}:** ${learning}
-`;
+      bulletLine = `- **${timestamp}:** ${learning}`;
     }
+    const hash = crypto.createHash("sha256").update(bulletLine).digest("hex").slice(0, 8);
+    const tagsStr = fmTags.length > 0 ? ` tags:${fmTags.join(",")}` : "";
+    const frontmatter = `<!-- hash:${hash}${tagsStr} -->`;
+    const entry = `
+${frontmatter}
+${bulletLine}
+`;
+    let existingLineCount;
     if (!fs9.existsSync(learningsPath)) {
       fs9.writeFileSync(learningsPath, `# Learnings
 ${entry}`);
+      existingLineCount = 1;
     } else {
+      const existingContent = fs9.readFileSync(learningsPath, "utf-8");
+      existingLineCount = existingContent.split("\n").length;
       fs9.appendFileSync(learningsPath, entry);
     }
+    const bulletLine_lineNum = existingLineCount + 2;
+    contentHashes[contentHash] = { date: timestamp ?? "", line: bulletLine_lineNum };
+    saveContentHashes(stateDir, contentHashes);
     learningsCacheMap.delete(learningsPath);
     return Ok(void 0);
   } catch (error) {
@@ -5241,7 +5350,30 @@ function analyzeLearningPatterns(entries) {
   return patterns.sort((a, b) => b.count - a.count);
 }
 async function loadBudgetedLearnings(projectPath, options) {
-  const { intent, tokenBudget = 1e3, skill, session, stream } = options;
+  const { intent, tokenBudget = 1e3, skill, session, stream, depth = "summary" } = options;
+  if (depth === "index") {
+    const indexEntries = [];
+    if (session) {
+      const sessionResult = await loadIndexEntries(projectPath, skill, stream, session);
+      if (sessionResult.ok) indexEntries.push(...sessionResult.value);
+    }
+    const globalResult2 = await loadIndexEntries(projectPath, skill, stream);
+    if (globalResult2.ok) {
+      const sessionHashes = new Set(indexEntries.map((e) => e.hash));
+      const uniqueGlobal = globalResult2.value.filter((e) => !sessionHashes.has(e.hash));
+      indexEntries.push(...uniqueGlobal);
+    }
+    const budgeted2 = [];
+    let totalTokens2 = 0;
+    for (const entry of indexEntries) {
+      const separator = budgeted2.length > 0 ? "\n" : "";
+      const entryCost = estimateTokens(entry.summary + separator);
+      if (totalTokens2 + entryCost > tokenBudget) break;
+      budgeted2.push(entry.summary);
+      totalTokens2 += entryCost;
+    }
+    return Ok(budgeted2);
+  }
   const sortByRecencyAndRelevance = (entries) => {
     return [...entries].sort((a, b) => {
       const dateA = parseDateFromEntry(a) ?? "0000-00-00";
@@ -5260,7 +5392,9 @@ async function loadBudgetedLearnings(projectPath, options) {
   }
   const globalResult = await loadRelevantLearnings(projectPath, skill, stream);
   if (globalResult.ok) {
-    allEntries.push(...sortByRecencyAndRelevance(globalResult.value));
+    const sessionSet = new Set(allEntries.map((e) => e.trim()));
+    const uniqueGlobal = globalResult.value.filter((e) => !sessionSet.has(e.trim()));
+    allEntries.push(...sortByRecencyAndRelevance(uniqueGlobal));
   }
   const budgeted = [];
   let totalTokens = 0;
@@ -5273,6 +5407,68 @@ async function loadBudgetedLearnings(projectPath, options) {
   }
   return Ok(budgeted);
 }
+async function loadIndexEntries(projectPath, skillName, stream, session) {
+  try {
+    const dirResult = await getStateDir(projectPath, stream, session);
+    if (!dirResult.ok) return dirResult;
+    const stateDir = dirResult.value;
+    const learningsPath = path6.join(stateDir, LEARNINGS_FILE);
+    if (!fs9.existsSync(learningsPath)) {
+      return Ok([]);
+    }
+    const content = fs9.readFileSync(learningsPath, "utf-8");
+    const lines = content.split("\n");
+    const indexEntries = [];
+    let pendingFrontmatter = null;
+    let currentBlock = [];
+    for (const line of lines) {
+      if (line.startsWith("# ")) continue;
+      const fm = parseFrontmatter(line);
+      if (fm) {
+        pendingFrontmatter = fm;
+        continue;
+      }
+      const isDatedBullet = /^- \*\*\d{4}-\d{2}-\d{2}/.test(line);
+      const isHeading = /^## \d{4}-\d{2}-\d{2}/.test(line);
+      if (isDatedBullet || isHeading) {
+        if (pendingFrontmatter) {
+          indexEntries.push({
+            hash: pendingFrontmatter.hash,
+            tags: pendingFrontmatter.tags,
+            summary: line,
+            fullText: ""
+            // Placeholder — full text not loaded in index mode
+          });
+          pendingFrontmatter = null;
+        } else {
+          const idx = extractIndexEntry(line);
+          indexEntries.push({
+            hash: idx.hash,
+            tags: idx.tags,
+            summary: line,
+            fullText: ""
+          });
+        }
+        currentBlock = [line];
+      } else if (line.trim() !== "" && currentBlock.length > 0) {
+        currentBlock.push(line);
+      }
+    }
+    if (skillName) {
+      const filtered = indexEntries.filter(
+        (e) => e.tags.includes(skillName) || e.summary.includes(`[skill:${skillName}]`)
+      );
+      return Ok(filtered);
+    }
+    return Ok(indexEntries);
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to load index entries: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
 async function loadRelevantLearnings(projectPath, skillName, stream, session) {
   try {
     const dirResult = await getStateDir(projectPath, stream, session);
@@ -5295,6 +5491,7 @@ async function loadRelevantLearnings(projectPath, skillName, stream, session) {
       let currentBlock = [];
       for (const line of lines) {
         if (line.startsWith("# ")) continue;
+        if (/^<!--\s+hash:[a-f0-9]+/.test(line)) continue;
         const isDatedBullet = /^- \*\*\d{4}-\d{2}-\d{2}/.test(line);
         const isHeading = /^## \d{4}-\d{2}-\d{2}/.test(line);
         if (isDatedBullet || isHeading) {
@@ -5404,6 +5601,68 @@ async function pruneLearnings(projectPath, stream) {
     );
   }
 }
+var PROMOTABLE_OUTCOMES = ["gotcha", "decision", "observation"];
+function isGeneralizable(entry) {
+  for (const outcome of PROMOTABLE_OUTCOMES) {
+    if (entry.includes(`[outcome:${outcome}]`)) return true;
+  }
+  return false;
+}
+async function promoteSessionLearnings(projectPath, sessionSlug, stream) {
+  try {
+    const sessionResult = await loadRelevantLearnings(projectPath, void 0, stream, sessionSlug);
+    if (!sessionResult.ok) return sessionResult;
+    const sessionEntries = sessionResult.value;
+    if (sessionEntries.length === 0) {
+      return Ok({ promoted: 0, skipped: 0 });
+    }
+    const toPromote = [];
+    let skipped = 0;
+    for (const entry of sessionEntries) {
+      if (isGeneralizable(entry)) {
+        toPromote.push(entry);
+      } else {
+        skipped++;
+      }
+    }
+    if (toPromote.length === 0) {
+      return Ok({ promoted: 0, skipped });
+    }
+    const dirResult = await getStateDir(projectPath, stream);
+    if (!dirResult.ok) return dirResult;
+    const stateDir = dirResult.value;
+    const globalPath = path6.join(stateDir, LEARNINGS_FILE);
+    const existingGlobal = fs9.existsSync(globalPath) ? fs9.readFileSync(globalPath, "utf-8") : "";
+    const newEntries = toPromote.filter((entry) => !existingGlobal.includes(entry.trim()));
+    if (newEntries.length === 0) {
+      return Ok({ promoted: 0, skipped: skipped + toPromote.length });
+    }
+    const promotedContent = newEntries.join("\n\n") + "\n";
+    if (!existingGlobal) {
+      fs9.writeFileSync(globalPath, `# Learnings
+
+${promotedContent}`);
+    } else {
+      fs9.appendFileSync(globalPath, "\n\n" + promotedContent);
+    }
+    learningsCacheMap.delete(globalPath);
+    return Ok({
+      promoted: newEntries.length,
+      skipped: skipped + (toPromote.length - newEntries.length)
+    });
+  } catch (error) {
+    return Err(
+      new Error(
+        `Failed to promote session learnings: ${error instanceof Error ? error.message : String(error)}`
+      )
+    );
+  }
+}
+async function countLearningEntries(projectPath, stream) {
+  const loadResult = await loadRelevantLearnings(projectPath, void 0, stream);
+  if (!loadResult.ok) return 0;
+  return loadResult.value.length;
+}
 
 // src/state/failures.ts
 import * as fs10 from "fs";
@@ -5865,6 +6124,151 @@ async function archiveSession(projectPath, sessionSlug) {
   }
 }
 
+// src/state/events.ts
+import * as fs16 from "fs";
+import * as path13 from "path";
+import { z as z5 } from "zod";
+var SkillEventSchema = z5.object({
+  timestamp: z5.string(),
+  skill: z5.string(),
+  session: z5.string().optional(),
+  type: z5.enum(["phase_transition", "decision", "gate_result", "handoff", "error", "checkpoint"]),
+  summary: z5.string(),
+  data: z5.record(z5.unknown()).optional(),
+  refs: z5.array(z5.string()).optional(),
+  contentHash: z5.string().optional()
+});
+function computeEventHash(event, session) {
+  const identity = `${event.skill}|${event.type}|${event.summary}|${session ?? ""}`;
+  return computeContentHash(identity);
+}
+var knownHashesCache = /* @__PURE__ */ new Map();
+function loadKnownHashes(eventsPath) {
+  const cached = knownHashesCache.get(eventsPath);
+  if (cached) return cached;
+  const hashes = /* @__PURE__ */ new Set();
+  if (fs16.existsSync(eventsPath)) {
+    const content = fs16.readFileSync(eventsPath, "utf-8");
+    const lines = content.split("\n").filter((line) => line.trim() !== "");
+    for (const line of lines) {
+      try {
+        const existing = JSON.parse(line);
+        if (existing.contentHash) {
+          hashes.add(existing.contentHash);
+        }
+      } catch {
+      }
+    }
+  }
+  knownHashesCache.set(eventsPath, hashes);
+  return hashes;
+}
+function clearEventHashCache() {
+  knownHashesCache.clear();
+}
+async function emitEvent(projectPath, event, options) {
+  try {
+    const dirResult = await getStateDir(projectPath, options?.stream, options?.session);
+    if (!dirResult.ok) return dirResult;
+    const stateDir = dirResult.value;
+    const eventsPath = path13.join(stateDir, EVENTS_FILE);
+    fs16.mkdirSync(stateDir, { recursive: true });
+    const contentHash = computeEventHash(event, options?.session);
+    const knownHashes = loadKnownHashes(eventsPath);
+    if (knownHashes.has(contentHash)) {
+      return Ok({ written: false, reason: "duplicate" });
+    }
+    const fullEvent = {
+      ...event,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      contentHash
+    };
+    if (options?.session) {
+      fullEvent.session = options.session;
+    }
+    fs16.appendFileSync(eventsPath, JSON.stringify(fullEvent) + "\n");
+    knownHashes.add(contentHash);
+    return Ok({ written: true });
+  } catch (error) {
+    return Err(
+      new Error(`Failed to emit event: ${error instanceof Error ? error.message : String(error)}`)
+    );
+  }
+}
+async function loadEvents(projectPath, options) {
+  try {
+    const dirResult = await getStateDir(projectPath, options?.stream, options?.session);
+    if (!dirResult.ok) return dirResult;
+    const stateDir = dirResult.value;
+    const eventsPath = path13.join(stateDir, EVENTS_FILE);
+    if (!fs16.existsSync(eventsPath)) {
+      return Ok([]);
+    }
+    const content = fs16.readFileSync(eventsPath, "utf-8");
+    const lines = content.split("\n").filter((line) => line.trim() !== "");
+    const events = [];
+    for (const line of lines) {
+      try {
+        const parsed = JSON.parse(line);
+        const result = SkillEventSchema.safeParse(parsed);
+        if (result.success) {
+          events.push(result.data);
+        }
+      } catch {
+      }
+    }
+    return Ok(events);
+  } catch (error) {
+    return Err(
+      new Error(`Failed to load events: ${error instanceof Error ? error.message : String(error)}`)
+    );
+  }
+}
+function formatPhaseTransition(event) {
+  const data = event.data;
+  const suffix = data?.taskCount ? ` (${data.taskCount} tasks)` : "";
+  return `phase: ${data?.from ?? "?"} -> ${data?.to ?? "?"}${suffix}`;
+}
+function formatGateResult(event) {
+  const data = event.data;
+  const status = data?.passed ? "passed" : "failed";
+  const checks = data?.checks?.map((c) => `${c.name} ${c.passed ? "Y" : "N"}`).join(", ");
+  return checks ? `gate: ${status} (${checks})` : `gate: ${status}`;
+}
+function formatHandoffDetail(event) {
+  const data = event.data;
+  const direction = data?.toSkill ? ` -> ${data.toSkill}` : "";
+  return `handoff: ${event.summary}${direction}`;
+}
+var EVENT_FORMATTERS = {
+  phase_transition: formatPhaseTransition,
+  gate_result: formatGateResult,
+  decision: (event) => `decision: ${event.summary}`,
+  handoff: formatHandoffDetail,
+  error: (event) => `error: ${event.summary}`,
+  checkpoint: (event) => `checkpoint: ${event.summary}`
+};
+function formatEventTimeline(events, limit = 20) {
+  if (events.length === 0) return "";
+  const recent = events.slice(-limit);
+  return recent.map((event) => {
+    const time = formatTime(event.timestamp);
+    const formatter = EVENT_FORMATTERS[event.type];
+    const detail = formatter ? formatter(event) : event.summary;
+    return `- ${time} [${event.skill}] ${detail}`;
+  }).join("\n");
+}
+function formatTime(timestamp) {
+  try {
+    const date = new Date(timestamp);
+    const hours = String(date.getHours()).padStart(2, "0");
+    const minutes = String(date.getMinutes()).padStart(2, "0");
+    return `${hours}:${minutes}`;
+  } catch {
+    return "??:??";
+  }
+}
+
 // src/workflow/runner.ts
 async function executeWorkflow(workflow, executor) {
   const stepResults = [];
@@ -6014,7 +6418,8 @@ async function runMultiTurnPipeline(initialContext, turnExecutor, options) {
 }
 
 // src/security/scanner.ts
-import * as fs17 from "fs/promises";
+import * as fs18 from "fs/promises";
+import { minimatch as minimatch4 } from "minimatch";
 
 // src/security/rules/registry.ts
 var RuleRegistry = class {
@@ -6045,7 +6450,7 @@ var RuleRegistry = class {
 };
 
 // src/security/config.ts
-import { z as z5 } from "zod";
+import { z as z6 } from "zod";
 
 // src/security/types.ts
 var DEFAULT_SECURITY_CONFIG = {
@@ -6056,19 +6461,19 @@ var DEFAULT_SECURITY_CONFIG = {
 };
 
 // src/security/config.ts
-var RuleOverrideSchema = z5.enum(["off", "error", "warning", "info"]);
-var SecurityConfigSchema = z5.object({
-  enabled: z5.boolean().default(true),
-  strict: z5.boolean().default(false),
-  rules: z5.record(z5.string(), RuleOverrideSchema).optional().default({}),
-  exclude: z5.array(z5.string()).optional().default(["**/node_modules/**", "**/dist/**", "**/*.test.ts", "**/fixtures/**"]),
-  external: z5.object({
-    semgrep: z5.object({
-      enabled: z5.union([z5.literal("auto"), z5.boolean()]).default("auto"),
-      rulesets: z5.array(z5.string()).optional()
+var RuleOverrideSchema = z6.enum(["off", "error", "warning", "info"]);
+var SecurityConfigSchema = z6.object({
+  enabled: z6.boolean().default(true),
+  strict: z6.boolean().default(false),
+  rules: z6.record(z6.string(), RuleOverrideSchema).optional().default({}),
+  exclude: z6.array(z6.string()).optional().default(["**/node_modules/**", "**/dist/**", "**/*.test.ts", "**/fixtures/**"]),
+  external: z6.object({
+    semgrep: z6.object({
+      enabled: z6.union([z6.literal("auto"), z6.boolean()]).default("auto"),
+      rulesets: z6.array(z6.string()).optional()
     }).optional(),
-    gitleaks: z5.object({
-      enabled: z5.union([z5.literal("auto"), z5.boolean()]).default("auto")
+    gitleaks: z6.object({
+      enabled: z6.union([z6.literal("auto"), z6.boolean()]).default("auto")
     }).optional()
   }).optional()
 });
@@ -6101,15 +6506,15 @@ function resolveRuleSeverity(ruleId, defaultSeverity, overrides, strict) {
 }
 
 // src/security/stack-detector.ts
-import * as fs16 from "fs";
-import * as path13 from "path";
+import * as fs17 from "fs";
+import * as path14 from "path";
 function detectStack(projectRoot) {
   const stacks = [];
-  const pkgJsonPath = path13.join(projectRoot, "package.json");
-  if (fs16.existsSync(pkgJsonPath)) {
+  const pkgJsonPath = path14.join(projectRoot, "package.json");
+  if (fs17.existsSync(pkgJsonPath)) {
     stacks.push("node");
     try {
-      const pkgJson = JSON.parse(fs16.readFileSync(pkgJsonPath, "utf-8"));
+      const pkgJson = JSON.parse(fs17.readFileSync(pkgJsonPath, "utf-8"));
       const allDeps = {
         ...pkgJson.dependencies,
         ...pkgJson.devDependencies
@@ -6124,13 +6529,13 @@ function detectStack(projectRoot) {
     } catch {
     }
   }
-  const goModPath = path13.join(projectRoot, "go.mod");
-  if (fs16.existsSync(goModPath)) {
+  const goModPath = path14.join(projectRoot, "go.mod");
+  if (fs17.existsSync(goModPath)) {
     stacks.push("go");
   }
-  const requirementsPath = path13.join(projectRoot, "requirements.txt");
-  const pyprojectPath = path13.join(projectRoot, "pyproject.toml");
-  if (fs16.existsSync(requirementsPath) || fs16.existsSync(pyprojectPath)) {
+  const requirementsPath = path14.join(projectRoot, "requirements.txt");
+  const pyprojectPath = path14.join(projectRoot, "pyproject.toml");
+  if (fs17.existsSync(requirementsPath) || fs17.existsSync(pyprojectPath)) {
     stacks.push("python");
   }
   return stacks;
@@ -6194,6 +6599,72 @@ var secretRules = [
     message: "Hardcoded JWT token detected",
     remediation: "Tokens should be fetched at runtime, not embedded in source",
     references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-006",
+    name: "Anthropic API Key",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/sk-ant-api\d{2}-[A-Za-z0-9_-]{20,}/],
+    message: "Hardcoded Anthropic API key detected",
+    remediation: "Use environment variables: process.env.ANTHROPIC_API_KEY",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-007",
+    name: "OpenAI API Key",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/sk-proj-[A-Za-z0-9_-]{20,}/],
+    message: "Hardcoded OpenAI API key detected",
+    remediation: "Use environment variables: process.env.OPENAI_API_KEY",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-008",
+    name: "Google API Key",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/AIza[A-Za-z0-9_-]{35}/],
+    message: "Hardcoded Google API key detected",
+    remediation: "Use environment variables or a secrets manager for Google API keys",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-009",
+    name: "GitHub Personal Access Token",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/gh[pous]_[A-Za-z0-9_]{36,}/],
+    message: "Hardcoded GitHub personal access token detected",
+    remediation: "Use environment variables: process.env.GITHUB_TOKEN",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-010",
+    name: "Stripe Live Key",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/\b[spr]k_live_[A-Za-z0-9]{24,}/],
+    message: "Hardcoded Stripe live key detected",
+    remediation: "Use environment variables for Stripe keys; never commit live keys",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-SEC-011",
+    name: "Database Connection String with Credentials",
+    category: "secrets",
+    severity: "error",
+    confidence: "high",
+    patterns: [/(?:postgres|mysql|mongodb|redis|amqp|mssql)(?:\+\w+)?:\/\/[^/\s:]+:[^@/\s]+@/i],
+    message: "Database connection string with embedded credentials detected",
+    remediation: "Use environment variables for connection strings; separate credentials from URIs",
+    references: ["CWE-798"]
   }
 ];
 
@@ -6380,6 +6851,158 @@ var deserializationRules = [
   }
 ];
 
+// src/security/rules/agent-config.ts
+var agentConfigRules = [
+  {
+    id: "SEC-AGT-001",
+    name: "Hidden Unicode Characters",
+    category: "agent-config",
+    severity: "error",
+    confidence: "high",
+    patterns: [/\u200B|\u200C|\u200D|\uFEFF|\u2060/],
+    fileGlob: "**/CLAUDE.md,**/AGENTS.md,**/*.yaml",
+    message: "Hidden zero-width Unicode characters detected in agent configuration",
+    remediation: "Remove invisible Unicode characters; they may hide malicious instructions",
+    references: ["CWE-116"]
+  },
+  {
+    id: "SEC-AGT-002",
+    name: "URL Execution Directives",
+    category: "agent-config",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [/\b(?:curl|wget)\s+\S+/i, /\bfetch\s*\(/i],
+    fileGlob: "**/CLAUDE.md,**/AGENTS.md",
+    message: "URL execution directive found in agent configuration",
+    remediation: "Avoid instructing agents to download and execute remote content",
+    references: ["CWE-94"]
+  },
+  {
+    id: "SEC-AGT-003",
+    name: "Wildcard Tool Permissions",
+    category: "agent-config",
+    severity: "warning",
+    confidence: "high",
+    patterns: [/(?:Bash|Write|Edit)\s*\(\s*\*\s*\)/],
+    fileGlob: "**/.claude/**,**/settings*.json",
+    message: "Wildcard tool permissions grant unrestricted access",
+    remediation: "Scope tool permissions to specific patterns instead of wildcards",
+    references: ["CWE-250"]
+  },
+  {
+    id: "SEC-AGT-004",
+    name: "Auto-approve Patterns",
+    category: "agent-config",
+    severity: "warning",
+    confidence: "high",
+    patterns: [/\bautoApprove\b/i, /\bauto_approve\b/i],
+    fileGlob: "**/.claude/**,**/.mcp.json",
+    message: "Auto-approve configuration bypasses human review of tool calls",
+    remediation: "Review auto-approved tools carefully; prefer explicit approval for destructive operations",
+    references: ["CWE-862"]
+  },
+  {
+    id: "SEC-AGT-005",
+    name: "Prompt Injection Surface",
+    category: "agent-config",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [/\$\{[^}]*\}/, /\{\{[^}]*\}\}/],
+    fileGlob: "**/skill.yaml",
+    message: "Template interpolation syntax in skill YAML may enable prompt injection",
+    remediation: "Avoid dynamic interpolation in skill descriptions; use static text",
+    references: ["CWE-94"]
+  },
+  {
+    id: "SEC-AGT-006",
+    name: "Permission Bypass Flags",
+    category: "agent-config",
+    severity: "error",
+    confidence: "high",
+    patterns: [/--dangerously-skip-permissions/, /--no-verify/],
+    fileGlob: "**/CLAUDE.md,**/AGENTS.md,**/.claude/**",
+    message: "Permission bypass flag detected in agent configuration",
+    remediation: "Remove flags that bypass safety checks; they undermine enforcement",
+    references: ["CWE-863"]
+  },
+  {
+    id: "SEC-AGT-007",
+    name: "Hook Injection Surface",
+    category: "agent-config",
+    severity: "error",
+    confidence: "low",
+    patterns: [/\$\(/, /`[^`]+`/, /\s&&\s/, /\s\|\|\s/],
+    fileGlob: "**/settings*.json,**/hooks.json",
+    message: "Shell metacharacters in hook commands may enable command injection",
+    remediation: "Use simple, single-command hooks without shell operators; chain logic inside the script",
+    references: ["CWE-78"]
+  }
+];
+
+// src/security/rules/mcp.ts
+var mcpRules = [
+  {
+    id: "SEC-MCP-001",
+    name: "Hardcoded MCP Secrets",
+    category: "mcp",
+    severity: "error",
+    confidence: "medium",
+    patterns: [/(?:API_KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)\s*["']?\s*:\s*["'][^"']{8,}["']/i],
+    fileGlob: "**/.mcp.json",
+    message: "Hardcoded secret detected in MCP server configuration",
+    remediation: "Use environment variable references instead of inline secrets in .mcp.json",
+    references: ["CWE-798"]
+  },
+  {
+    id: "SEC-MCP-002",
+    name: "Shell Injection in MCP Args",
+    category: "mcp",
+    severity: "error",
+    confidence: "medium",
+    patterns: [/\$\(/, /`[^`]+`/],
+    fileGlob: "**/.mcp.json",
+    message: "Shell metacharacters detected in MCP server arguments",
+    remediation: "Use literal argument values; avoid shell interpolation in MCP args",
+    references: ["CWE-78"]
+  },
+  {
+    id: "SEC-MCP-003",
+    name: "Network Exposure",
+    category: "mcp",
+    severity: "warning",
+    confidence: "high",
+    patterns: [/0\.0\.0\.0/, /["']\*["']\s*:\s*\d/, /host["']?\s*:\s*["']\*["']/i],
+    fileGlob: "**/.mcp.json",
+    message: "MCP server binding to all network interfaces (0.0.0.0 or wildcard *)",
+    remediation: "Bind to 127.0.0.1 or localhost to restrict access to local machine",
+    references: ["CWE-668"]
+  },
+  {
+    id: "SEC-MCP-004",
+    name: "Typosquatting Vector",
+    category: "mcp",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [/\bnpx\s+(?:-y|--yes)\b/],
+    fileGlob: "**/.mcp.json",
+    message: "npx -y auto-installs packages without confirmation, enabling typosquatting",
+    remediation: "Pin exact package versions or install packages explicitly before use",
+    references: ["CWE-427"]
+  },
+  {
+    id: "SEC-MCP-005",
+    name: "Unencrypted Transport",
+    category: "mcp",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [/http:\/\/(?!localhost\b|127\.0\.0\.1\b)/],
+    fileGlob: "**/.mcp.json",
+    message: "Unencrypted HTTP transport detected for MCP server connection",
+    remediation: "Use https:// for all non-localhost MCP server connections",
+    references: ["CWE-319"]
+  }
+];
+
 // src/security/rules/stack/node.ts
 var nodeRules = [
   {
@@ -6507,7 +7130,9 @@ var SecurityScanner = class {
       ...cryptoRules,
       ...pathTraversalRules,
       ...networkRules,
-      ...deserializationRules
+      ...deserializationRules,
+      ...agentConfigRules,
+      ...mcpRules
     ]);
     this.registry.registerAll([...nodeRules, ...expressRules, ...reactRules, ...goRules]);
     this.activeRules = this.registry.getAll();
@@ -6516,6 +7141,12 @@ var SecurityScanner = class {
     const stacks = detectStack(projectRoot);
     this.activeRules = this.registry.getForStacks(stacks.length > 0 ? stacks : []);
   }
+  /**
+   * Scan raw content against all active rules. Note: this method does NOT apply
+   * fileGlob filtering — every active rule is evaluated regardless of filePath.
+   * If you are scanning a specific file and want fileGlob-based rule filtering,
+   * use {@link scanFile} instead.
+   */
   scanContent(content, filePath, startLine = 1) {
     if (!this.config.enabled) return [];
     const findings = [];
@@ -6557,8 +7188,52 @@ var SecurityScanner = class {
   }
   async scanFile(filePath) {
     if (!this.config.enabled) return [];
-    const content = await fs17.readFile(filePath, "utf-8");
-    return this.scanContent(content, filePath, 1);
+    const content = await fs18.readFile(filePath, "utf-8");
+    return this.scanContentForFile(content, filePath, 1);
+  }
+  scanContentForFile(content, filePath, startLine = 1) {
+    if (!this.config.enabled) return [];
+    const findings = [];
+    const lines = content.split("\n");
+    const applicableRules = this.activeRules.filter((rule) => {
+      if (!rule.fileGlob) return true;
+      const globs = rule.fileGlob.split(",").map((g) => g.trim());
+      return globs.some((glob) => minimatch4(filePath, glob, { dot: true }));
+    });
+    for (const rule of applicableRules) {
+      const resolved = resolveRuleSeverity(
+        rule.id,
+        rule.severity,
+        this.config.rules ?? {},
+        this.config.strict
+      );
+      if (resolved === "off") continue;
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        if (line.includes("harness-ignore") && line.includes(rule.id)) continue;
+        for (const pattern of rule.patterns) {
+          pattern.lastIndex = 0;
+          if (pattern.test(line)) {
+            findings.push({
+              ruleId: rule.id,
+              ruleName: rule.name,
+              category: rule.category,
+              severity: resolved,
+              confidence: rule.confidence,
+              file: filePath,
+              line: startLine + i,
+              match: line.trim(),
+              context: line,
+              message: rule.message,
+              remediation: rule.remediation,
+              ...rule.references ? { references: rule.references } : {}
+            });
+            break;
+          }
+        }
+      }
+    }
+    return findings;
   }
   async scanFiles(filePaths) {
     const allFindings = [];
@@ -6582,7 +7257,7 @@ var SecurityScanner = class {
 };
 
 // src/ci/check-orchestrator.ts
-import * as path14 from "path";
+import * as path15 from "path";
 var ALL_CHECKS = [
   "validate",
   "deps",
@@ -6595,7 +7270,7 @@ var ALL_CHECKS = [
 ];
 async function runValidateCheck(projectRoot, config) {
   const issues = [];
-  const agentsPath = path14.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
+  const agentsPath = path15.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
   const result = await validateAgentsMap(agentsPath);
   if (!result.ok) {
     issues.push({ severity: "error", message: result.error.message });
@@ -6652,7 +7327,7 @@ async function runDepsCheck(projectRoot, config) {
 }
 async function runDocsCheck(projectRoot, config) {
   const issues = [];
-  const docsDir = path14.join(projectRoot, config.docsDir ?? "docs");
+  const docsDir = path15.join(projectRoot, config.docsDir ?? "docs");
   const entropyConfig = config.entropy || {};
   const result = await checkDocCoverage("project", {
     docsDir,
@@ -6930,7 +7605,7 @@ async function runCIChecks(input) {
 }
 
 // src/review/mechanical-checks.ts
-import * as path15 from "path";
+import * as path16 from "path";
 async function runMechanicalChecks(options) {
   const { projectRoot, config, skip = [], changedFiles } = options;
   const findings = [];
@@ -6942,7 +7617,7 @@ async function runMechanicalChecks(options) {
   };
   if (!skip.includes("validate")) {
     try {
-      const agentsPath = path15.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
+      const agentsPath = path16.join(projectRoot, config.agentsMapPath ?? "AGENTS.md");
       const result = await validateAgentsMap(agentsPath);
       if (!result.ok) {
         statuses.validate = "fail";
@@ -6979,7 +7654,7 @@ async function runMechanicalChecks(options) {
       statuses.validate = "fail";
       findings.push({
         tool: "validate",
-        file: path15.join(projectRoot, "AGENTS.md"),
+        file: path16.join(projectRoot, "AGENTS.md"),
         message: err instanceof Error ? err.message : String(err),
         severity: "error"
       });
@@ -7043,7 +7718,7 @@ async function runMechanicalChecks(options) {
       (async () => {
         const localFindings = [];
         try {
-          const docsDir = path15.join(projectRoot, config.docsDir ?? "docs");
+          const docsDir = path16.join(projectRoot, config.docsDir ?? "docs");
           const result = await checkDocCoverage("project", { docsDir });
           if (!result.ok) {
             statuses["check-docs"] = "warn";
@@ -7070,7 +7745,7 @@ async function runMechanicalChecks(options) {
           statuses["check-docs"] = "warn";
           localFindings.push({
             tool: "check-docs",
-            file: path15.join(projectRoot, "docs"),
+            file: path16.join(projectRoot, "docs"),
             message: err instanceof Error ? err.message : String(err),
             severity: "warning"
           });
@@ -7218,7 +7893,7 @@ function detectChangeType(commitMessage, diff2) {
 }
 
 // src/review/context-scoper.ts
-import * as path16 from "path";
+import * as path17 from "path";
 var ALL_DOMAINS = ["compliance", "bug", "security", "architecture"];
 var SECURITY_PATTERNS = /auth|crypto|password|secret|token|session|cookie|hash|encrypt|decrypt|sql|shell|exec|eval/i;
 function computeContextBudget(diffLines) {
@@ -7226,18 +7901,18 @@ function computeContextBudget(diffLines) {
   return diffLines;
 }
 function isWithinProject(absPath, projectRoot) {
-  const resolvedRoot = path16.resolve(projectRoot) + path16.sep;
-  const resolvedPath = path16.resolve(absPath);
-  return resolvedPath.startsWith(resolvedRoot) || resolvedPath === path16.resolve(projectRoot);
+  const resolvedRoot = path17.resolve(projectRoot) + path17.sep;
+  const resolvedPath = path17.resolve(absPath);
+  return resolvedPath.startsWith(resolvedRoot) || resolvedPath === path17.resolve(projectRoot);
 }
 async function readContextFile(projectRoot, filePath, reason) {
-  const absPath = path16.isAbsolute(filePath) ? filePath : path16.join(projectRoot, filePath);
+  const absPath = path17.isAbsolute(filePath) ? filePath : path17.join(projectRoot, filePath);
   if (!isWithinProject(absPath, projectRoot)) return null;
   const result = await readFileContent(absPath);
   if (!result.ok) return null;
   const content = result.value;
   const lines = content.split("\n").length;
-  const relPath = path16.isAbsolute(filePath) ? relativePosix(projectRoot, filePath) : filePath;
+  const relPath = path17.isAbsolute(filePath) ? relativePosix(projectRoot, filePath) : filePath;
   return { path: relPath, content, reason, lines };
 }
 function extractImportSources(content) {
@@ -7252,18 +7927,18 @@ function extractImportSources(content) {
 }
 async function resolveImportPath(projectRoot, fromFile, importSource) {
   if (!importSource.startsWith(".")) return null;
-  const fromDir = path16.dirname(path16.join(projectRoot, fromFile));
-  const basePath = path16.resolve(fromDir, importSource);
+  const fromDir = path17.dirname(path17.join(projectRoot, fromFile));
+  const basePath = path17.resolve(fromDir, importSource);
   if (!isWithinProject(basePath, projectRoot)) return null;
   const relBase = relativePosix(projectRoot, basePath);
   const candidates = [
     relBase + ".ts",
     relBase + ".tsx",
     relBase + ".mts",
-    path16.join(relBase, "index.ts")
+    path17.join(relBase, "index.ts")
   ];
   for (const candidate of candidates) {
-    const absCandidate = path16.join(projectRoot, candidate);
+    const absCandidate = path17.join(projectRoot, candidate);
     if (await fileExists(absCandidate)) {
       return candidate;
     }
@@ -7271,7 +7946,7 @@ async function resolveImportPath(projectRoot, fromFile, importSource) {
   return null;
 }
 async function findTestFiles(projectRoot, sourceFile) {
-  const baseName = path16.basename(sourceFile, path16.extname(sourceFile));
+  const baseName = path17.basename(sourceFile, path17.extname(sourceFile));
   const pattern = `**/${baseName}.{test,spec}.{ts,tsx,mts}`;
   const results = await findFiles(pattern, projectRoot);
   return results.map((f) => relativePosix(projectRoot, f));
@@ -8080,7 +8755,7 @@ async function fanOutReview(options) {
 }
 
 // src/review/validate-findings.ts
-import * as path17 from "path";
+import * as path18 from "path";
 var DOWNGRADE_MAP = {
   critical: "important",
   important: "suggestion",
@@ -8101,7 +8776,7 @@ function normalizePath(filePath, projectRoot) {
   let normalized = filePath;
   normalized = normalized.replace(/\\/g, "/");
   const normalizedRoot = projectRoot.replace(/\\/g, "/");
-  if (path17.isAbsolute(normalized)) {
+  if (path18.isAbsolute(normalized)) {
     const root = normalizedRoot.endsWith("/") ? normalizedRoot : normalizedRoot + "/";
     if (normalized.startsWith(root)) {
       normalized = normalized.slice(root.length);
@@ -8126,12 +8801,12 @@ function followImportChain(fromFile, fileContents, maxDepth = 2) {
     while ((match = importRegex.exec(content)) !== null) {
       const importPath = match[1];
       if (!importPath.startsWith(".")) continue;
-      const dir = path17.dirname(current.file);
-      let resolved = path17.join(dir, importPath).replace(/\\/g, "/");
+      const dir = path18.dirname(current.file);
+      let resolved = path18.join(dir, importPath).replace(/\\/g, "/");
       if (!resolved.match(/\.(ts|tsx|js|jsx)$/)) {
         resolved += ".ts";
       }
-      resolved = path17.normalize(resolved).replace(/\\/g, "/");
+      resolved = path18.normalize(resolved).replace(/\\/g, "/");
       if (!visited.has(resolved) && current.depth + 1 <= maxDepth) {
         queue.push({ file: resolved, depth: current.depth + 1 });
       }
@@ -8148,7 +8823,7 @@ async function validateFindings(options) {
     if (exclusionSet.isExcluded(normalizedFile, finding.lineRange) || exclusionSet.isExcluded(finding.file, finding.lineRange)) {
       continue;
     }
-    const absoluteFile = path17.isAbsolute(finding.file) ? finding.file : path17.join(projectRoot, finding.file).replace(/\\/g, "/");
+    const absoluteFile = path18.isAbsolute(finding.file) ? finding.file : path18.join(projectRoot, finding.file).replace(/\\/g, "/");
     if (exclusionSet.isExcluded(absoluteFile, finding.lineRange)) {
       continue;
     }
@@ -8776,7 +9451,7 @@ function parseRoadmap(markdown) {
   if (!fmMatch) {
     return Err2(new Error("Missing or malformed YAML frontmatter"));
   }
-  const fmResult = parseFrontmatter(fmMatch[1]);
+  const fmResult = parseFrontmatter2(fmMatch[1]);
   if (!fmResult.ok) return fmResult;
   const body = markdown.slice(fmMatch[0].length);
   const milestonesResult = parseMilestones(body);
@@ -8786,7 +9461,7 @@ function parseRoadmap(markdown) {
     milestones: milestonesResult.value
   });
 }
-function parseFrontmatter(raw) {
+function parseFrontmatter2(raw) {
   const lines = raw.split("\n");
   const map = /* @__PURE__ */ new Map();
   for (const line of lines) {
@@ -8952,8 +9627,8 @@ function serializeFeature(feature) {
 }
 
 // src/roadmap/sync.ts
-import * as fs18 from "fs";
-import * as path18 from "path";
+import * as fs19 from "fs";
+import * as path19 from "path";
 import { Ok as Ok3 } from "@harness-engineering/types";
 function inferStatus(feature, projectPath, allFeatures) {
   if (feature.blockedBy.length > 0) {
@@ -8968,10 +9643,10 @@ function inferStatus(feature, projectPath, allFeatures) {
   const featuresWithPlans = allFeatures.filter((f) => f.plans.length > 0);
   const useRootState = featuresWithPlans.length <= 1;
   if (useRootState) {
-    const rootStatePath = path18.join(projectPath, ".harness", "state.json");
-    if (fs18.existsSync(rootStatePath)) {
+    const rootStatePath = path19.join(projectPath, ".harness", "state.json");
+    if (fs19.existsSync(rootStatePath)) {
       try {
-        const raw = fs18.readFileSync(rootStatePath, "utf-8");
+        const raw = fs19.readFileSync(rootStatePath, "utf-8");
         const state = JSON.parse(raw);
         if (state.progress) {
           for (const status of Object.values(state.progress)) {
@@ -8982,16 +9657,16 @@ function inferStatus(feature, projectPath, allFeatures) {
       }
     }
   }
-  const sessionsDir = path18.join(projectPath, ".harness", "sessions");
-  if (fs18.existsSync(sessionsDir)) {
+  const sessionsDir = path19.join(projectPath, ".harness", "sessions");
+  if (fs19.existsSync(sessionsDir)) {
     try {
-      const sessionDirs = fs18.readdirSync(sessionsDir, { withFileTypes: true });
+      const sessionDirs = fs19.readdirSync(sessionsDir, { withFileTypes: true });
       for (const entry of sessionDirs) {
         if (!entry.isDirectory()) continue;
-        const autopilotPath = path18.join(sessionsDir, entry.name, "autopilot-state.json");
-        if (!fs18.existsSync(autopilotPath)) continue;
+        const autopilotPath = path19.join(sessionsDir, entry.name, "autopilot-state.json");
+        if (!fs19.existsSync(autopilotPath)) continue;
         try {
-          const raw = fs18.readFileSync(autopilotPath, "utf-8");
+          const raw = fs19.readFileSync(autopilotPath, "utf-8");
           const autopilot = JSON.parse(raw);
           if (!autopilot.phases) continue;
           const linkedPhases = autopilot.phases.filter(
@@ -9021,17 +9696,26 @@ function inferStatus(feature, projectPath, allFeatures) {
   if (anyStarted) return "in-progress";
   return null;
 }
+var STATUS_RANK = {
+  backlog: 0,
+  planned: 1,
+  blocked: 1,
+  // lateral to planned — sync can move to/from blocked freely
+  "in-progress": 2,
+  done: 3
+};
+function isRegression(from, to) {
+  return STATUS_RANK[to] < STATUS_RANK[from];
+}
 function syncRoadmap(options) {
   const { projectPath, roadmap, forceSync } = options;
-  const isManuallyEdited = new Date(roadmap.frontmatter.lastManualEdit) > new Date(roadmap.frontmatter.lastSynced);
-  const skipOverride = isManuallyEdited && !forceSync;
   const allFeatures = roadmap.milestones.flatMap((m) => m.features);
   const changes = [];
   for (const feature of allFeatures) {
-    if (skipOverride) continue;
     const inferred = inferStatus(feature, projectPath, allFeatures);
     if (inferred === null) continue;
     if (inferred === feature.status) continue;
+    if (!forceSync && isRegression(feature.status, inferred)) continue;
     changes.push({
       feature: feature.name,
       from: feature.status,
@@ -9040,48 +9724,60 @@ function syncRoadmap(options) {
   }
   return Ok3(changes);
 }
+function applySyncChanges(roadmap, changes) {
+  for (const change of changes) {
+    for (const m of roadmap.milestones) {
+      const feature = m.features.find((f) => f.name.toLowerCase() === change.feature.toLowerCase());
+      if (feature) {
+        feature.status = change.to;
+        break;
+      }
+    }
+  }
+  roadmap.frontmatter.lastSynced = (/* @__PURE__ */ new Date()).toISOString();
+}
 
 // src/interaction/types.ts
-import { z as z6 } from "zod";
-var InteractionTypeSchema = z6.enum(["question", "confirmation", "transition"]);
-var QuestionSchema = z6.object({
-  text: z6.string(),
-  options: z6.array(z6.string()).optional(),
-  default: z6.string().optional()
+import { z as z7 } from "zod";
+var InteractionTypeSchema = z7.enum(["question", "confirmation", "transition"]);
+var QuestionSchema = z7.object({
+  text: z7.string(),
+  options: z7.array(z7.string()).optional(),
+  default: z7.string().optional()
 });
-var ConfirmationSchema = z6.object({
-  text: z6.string(),
-  context: z6.string()
+var ConfirmationSchema = z7.object({
+  text: z7.string(),
+  context: z7.string()
 });
-var TransitionSchema = z6.object({
-  completedPhase: z6.string(),
-  suggestedNext: z6.string(),
-  reason: z6.string(),
-  artifacts: z6.array(z6.string()),
-  requiresConfirmation: z6.boolean(),
-  summary: z6.string()
+var TransitionSchema = z7.object({
+  completedPhase: z7.string(),
+  suggestedNext: z7.string(),
+  reason: z7.string(),
+  artifacts: z7.array(z7.string()),
+  requiresConfirmation: z7.boolean(),
+  summary: z7.string()
 });
-var EmitInteractionInputSchema = z6.object({
-  path: z6.string(),
+var EmitInteractionInputSchema = z7.object({
+  path: z7.string(),
   type: InteractionTypeSchema,
-  stream: z6.string().optional(),
+  stream: z7.string().optional(),
   question: QuestionSchema.optional(),
   confirmation: ConfirmationSchema.optional(),
   transition: TransitionSchema.optional()
 });
 
 // src/blueprint/scanner.ts
-import * as fs19 from "fs/promises";
-import * as path19 from "path";
+import * as fs20 from "fs/promises";
+import * as path20 from "path";
 var ProjectScanner = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
   }
   async scan() {
-    let projectName = path19.basename(this.rootDir);
+    let projectName = path20.basename(this.rootDir);
     try {
-      const pkgPath = path19.join(this.rootDir, "package.json");
-      const pkgRaw = await fs19.readFile(pkgPath, "utf-8");
+      const pkgPath = path20.join(this.rootDir, "package.json");
+      const pkgRaw = await fs20.readFile(pkgPath, "utf-8");
       const pkg = JSON.parse(pkgRaw);
       if (pkg.name) projectName = pkg.name;
     } catch {
@@ -9122,8 +9818,8 @@ var ProjectScanner = class {
 };
 
 // src/blueprint/generator.ts
-import * as fs20 from "fs/promises";
-import * as path20 from "path";
+import * as fs21 from "fs/promises";
+import * as path21 from "path";
 import * as ejs from "ejs";
 
 // src/blueprint/templates.ts
@@ -9207,19 +9903,19 @@ var BlueprintGenerator = class {
       styles: STYLES,
       scripts: SCRIPTS
     });
-    await fs20.mkdir(options.outputDir, { recursive: true });
-    await fs20.writeFile(path20.join(options.outputDir, "index.html"), html);
+    await fs21.mkdir(options.outputDir, { recursive: true });
+    await fs21.writeFile(path21.join(options.outputDir, "index.html"), html);
   }
 };
 
 // src/update-checker.ts
-import * as fs21 from "fs";
-import * as path21 from "path";
+import * as fs22 from "fs";
+import * as path22 from "path";
 import * as os from "os";
 import { spawn } from "child_process";
 function getStatePath() {
   const home = process.env["HOME"] || os.homedir();
-  return path21.join(home, ".harness", "update-check.json");
+  return path22.join(home, ".harness", "update-check.json");
 }
 function isUpdateCheckEnabled(configInterval) {
   if (process.env["HARNESS_NO_UPDATE_CHECK"] === "1") return false;
@@ -9232,7 +9928,7 @@ function shouldRunCheck(state, intervalMs) {
 }
 function readCheckState() {
   try {
-    const raw = fs21.readFileSync(getStatePath(), "utf-8");
+    const raw = fs22.readFileSync(getStatePath(), "utf-8");
     const parsed = JSON.parse(raw);
     if (typeof parsed === "object" && parsed !== null && "lastCheckTime" in parsed && typeof parsed.lastCheckTime === "number" && "currentVersion" in parsed && typeof parsed.currentVersion === "string") {
       const state = parsed;
@@ -9249,7 +9945,7 @@ function readCheckState() {
 }
 function spawnBackgroundCheck(currentVersion) {
   const statePath = getStatePath();
-  const stateDir = path21.dirname(statePath);
+  const stateDir = path22.dirname(statePath);
   const script = `
 const { execSync } = require('child_process');
 const fs = require('fs');
@@ -9302,8 +9998,410 @@ function getUpdateNotification(currentVersion) {
 Run "harness update" to upgrade.`;
 }
 
+// src/code-nav/types.ts
+var EXTENSION_MAP = {
+  ".ts": "typescript",
+  ".tsx": "typescript",
+  ".mts": "typescript",
+  ".cts": "typescript",
+  ".js": "javascript",
+  ".jsx": "javascript",
+  ".mjs": "javascript",
+  ".cjs": "javascript",
+  ".py": "python"
+};
+function detectLanguage(filePath) {
+  const ext = filePath.slice(filePath.lastIndexOf("."));
+  return EXTENSION_MAP[ext] ?? null;
+}
+
+// src/code-nav/parser.ts
+import Parser from "web-tree-sitter";
+var parserCache = /* @__PURE__ */ new Map();
+var initialized = false;
+var GRAMMAR_MAP = {
+  typescript: "tree-sitter-typescript",
+  javascript: "tree-sitter-javascript",
+  python: "tree-sitter-python"
+};
+async function ensureInit() {
+  if (!initialized) {
+    await Parser.init();
+    initialized = true;
+  }
+}
+async function resolveWasmPath(grammarName) {
+  const { createRequire } = await import("module");
+  const require2 = createRequire(import.meta.url ?? __filename);
+  const pkgPath = require2.resolve("tree-sitter-wasms/package.json");
+  const path23 = await import("path");
+  const pkgDir = path23.dirname(pkgPath);
+  return path23.join(pkgDir, "out", `${grammarName}.wasm`);
+}
+async function loadLanguage(lang) {
+  const grammarName = GRAMMAR_MAP[lang];
+  const wasmPath = await resolveWasmPath(grammarName);
+  return Parser.Language.load(wasmPath);
+}
+async function getParser(lang) {
+  const cached = parserCache.get(lang);
+  if (cached) return cached;
+  await ensureInit();
+  const parser = new Parser();
+  const language = await loadLanguage(lang);
+  parser.setLanguage(language);
+  parserCache.set(lang, parser);
+  return parser;
+}
+async function parseFile(filePath) {
+  const lang = detectLanguage(filePath);
+  if (!lang) {
+    return Err({
+      code: "UNSUPPORTED_LANGUAGE",
+      message: `Unsupported file extension: ${filePath}`
+    });
+  }
+  const contentResult = await readFileContent(filePath);
+  if (!contentResult.ok) {
+    return Err({
+      code: "FILE_NOT_FOUND",
+      message: `Cannot read file: ${filePath}`
+    });
+  }
+  try {
+    const parser = await getParser(lang);
+    const tree = parser.parse(contentResult.value);
+    return Ok({ tree, language: lang, source: contentResult.value, filePath });
+  } catch (e) {
+    return Err({
+      code: "PARSE_FAILED",
+      message: `Tree-sitter parse failed for ${filePath}: ${e.message}`
+    });
+  }
+}
+function resetParserCache() {
+  parserCache.clear();
+  initialized = false;
+}
+
+// src/code-nav/outline.ts
+var TOP_LEVEL_TYPES = {
+  typescript: {
+    function_declaration: "function",
+    class_declaration: "class",
+    interface_declaration: "interface",
+    type_alias_declaration: "type",
+    lexical_declaration: "variable",
+    variable_declaration: "variable",
+    export_statement: "export",
+    import_statement: "import",
+    enum_declaration: "type"
+  },
+  javascript: {
+    function_declaration: "function",
+    class_declaration: "class",
+    lexical_declaration: "variable",
+    variable_declaration: "variable",
+    export_statement: "export",
+    import_statement: "import"
+  },
+  python: {
+    function_definition: "function",
+    class_definition: "class",
+    assignment: "variable",
+    import_statement: "import",
+    import_from_statement: "import"
+  }
+};
+var METHOD_TYPES = {
+  typescript: ["method_definition", "public_field_definition"],
+  javascript: ["method_definition"],
+  python: ["function_definition"]
+};
+var IDENTIFIER_TYPES = /* @__PURE__ */ new Set(["identifier", "property_identifier", "type_identifier"]);
+function findIdentifier(node) {
+  return node.childForFieldName("name") ?? node.children.find((c) => IDENTIFIER_TYPES.has(c.type)) ?? null;
+}
+function getVariableDeclarationName(node) {
+  const declarator = node.children.find((c) => c.type === "variable_declarator");
+  if (!declarator) return null;
+  const id = findIdentifier(declarator);
+  return id?.text ?? null;
+}
+function getExportName(node, source) {
+  const decl = node.children.find(
+    (c) => c.type !== "export" && c.type !== "default" && c.type !== "comment"
+  );
+  return decl ? getNodeName(decl, source) : "<anonymous>";
+}
+function getAssignmentName(node) {
+  const left = node.childForFieldName("left") ?? node.children[0];
+  return left?.text ?? "<anonymous>";
+}
+function getNodeName(node, source) {
+  const id = findIdentifier(node);
+  if (id) return id.text;
+  const isVarDecl = node.type === "lexical_declaration" || node.type === "variable_declaration";
+  if (isVarDecl) return getVariableDeclarationName(node) ?? "<anonymous>";
+  if (node.type === "export_statement") return getExportName(node, source);
+  if (node.type === "assignment") return getAssignmentName(node);
+  return "<anonymous>";
+}
+function getSignature(node, source) {
+  const startLine = node.startPosition.row;
+  const lines = source.split("\n");
+  return (lines[startLine] ?? "").trim();
+}
+function extractMethods(classNode, language, source, filePath) {
+  const methodTypes = METHOD_TYPES[language] ?? [];
+  const body = classNode.childForFieldName("body") ?? classNode.children.find((c) => c.type === "class_body" || c.type === "block");
+  if (!body) return [];
+  return body.children.filter((child) => methodTypes.includes(child.type)).map((child) => ({
+    name: getNodeName(child, source),
+    kind: "method",
+    file: filePath,
+    line: child.startPosition.row + 1,
+    endLine: child.endPosition.row + 1,
+    signature: getSignature(child, source)
+  }));
+}
+function nodeToSymbol(node, kind, source, filePath) {
+  return {
+    name: getNodeName(node, source),
+    kind,
+    file: filePath,
+    line: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    signature: getSignature(node, source)
+  };
+}
+function processExportStatement(child, topLevelTypes, lang, source, filePath) {
+  const declaration = child.children.find(
+    (c) => c.type !== "export" && c.type !== "default" && c.type !== ";" && c.type !== "comment"
+  );
+  const kind = declaration ? topLevelTypes[declaration.type] : void 0;
+  if (declaration && kind) {
+    const sym = nodeToSymbol(child, kind, source, filePath);
+    sym.name = getNodeName(declaration, source);
+    if (kind === "class") {
+      sym.children = extractMethods(declaration, lang, source, filePath);
+    }
+    return sym;
+  }
+  return nodeToSymbol(child, "export", source, filePath);
+}
+function extractSymbols(rootNode, lang, source, filePath) {
+  const symbols = [];
+  const topLevelTypes = TOP_LEVEL_TYPES[lang] ?? {};
+  for (const child of rootNode.children) {
+    if (child.type === "export_statement") {
+      symbols.push(processExportStatement(child, topLevelTypes, lang, source, filePath));
+      continue;
+    }
+    const kind = topLevelTypes[child.type];
+    if (!kind || kind === "import") continue;
+    const sym = nodeToSymbol(child, kind, source, filePath);
+    if (kind === "class") {
+      sym.children = extractMethods(child, lang, source, filePath);
+    }
+    symbols.push(sym);
+  }
+  return symbols;
+}
+function buildFailedResult(filePath, lang) {
+  return { file: filePath, language: lang, totalLines: 0, symbols: [], error: "[parse-failed]" };
+}
+async function getOutline(filePath) {
+  const lang = detectLanguage(filePath);
+  if (!lang) return buildFailedResult(filePath, "unknown");
+  const result = await parseFile(filePath);
+  if (!result.ok) return buildFailedResult(filePath, lang);
+  const { tree, source } = result.value;
+  const totalLines = source.split("\n").length;
+  const symbols = extractSymbols(tree.rootNode, lang, source, filePath);
+  return { file: filePath, language: lang, totalLines, symbols };
+}
+function formatOutline(outline) {
+  if (outline.error) {
+    return `${outline.file} ${outline.error}`;
+  }
+  const lines = [`${outline.file} (${outline.totalLines} lines)`];
+  const last = outline.symbols.length - 1;
+  outline.symbols.forEach((sym, i) => {
+    const prefix = i === last ? "\u2514\u2500\u2500" : "\u251C\u2500\u2500";
+    lines.push(`${prefix} ${sym.signature}    :${sym.line}`);
+    if (sym.children) {
+      const childLast = sym.children.length - 1;
+      sym.children.forEach((child, j) => {
+        const childConnector = i === last ? "    " : "\u2502   ";
+        const childPrefix = j === childLast ? "\u2514\u2500\u2500" : "\u251C\u2500\u2500";
+        lines.push(`${childConnector}${childPrefix} ${child.signature}    :${child.line}`);
+      });
+    }
+  });
+  return lines.join("\n");
+}
+
+// src/code-nav/search.ts
+function buildGlob(directory, fileGlob) {
+  const dir = directory.replaceAll("\\", "/");
+  if (fileGlob) {
+    return `${dir}/**/${fileGlob}`;
+  }
+  const exts = Object.keys(EXTENSION_MAP).map((e) => e.slice(1));
+  return `${dir}/**/*.{${exts.join(",")}}`;
+}
+function matchesQuery(name, query) {
+  return name.toLowerCase().includes(query.toLowerCase());
+}
+function flattenSymbols(symbols) {
+  const flat = [];
+  for (const sym of symbols) {
+    flat.push(sym);
+    if (sym.children) {
+      flat.push(...sym.children);
+    }
+  }
+  return flat;
+}
+async function searchSymbols(query, directory, fileGlob) {
+  const pattern = buildGlob(directory, fileGlob);
+  let files;
+  try {
+    files = await findFiles(pattern, directory);
+  } catch {
+    files = [];
+  }
+  const matches = [];
+  const skipped = [];
+  for (const file of files) {
+    const lang = detectLanguage(file);
+    if (!lang) {
+      skipped.push(file);
+      continue;
+    }
+    const outline = await getOutline(file);
+    if (outline.error) {
+      skipped.push(file);
+      continue;
+    }
+    const allSymbols = flattenSymbols(outline.symbols);
+    for (const sym of allSymbols) {
+      if (matchesQuery(sym.name, query)) {
+        matches.push({
+          symbol: sym,
+          context: sym.signature
+        });
+      }
+    }
+  }
+  return { query, matches, skipped };
+}
+
+// src/code-nav/unfold.ts
+function findSymbolInList(symbols, name) {
+  for (const sym of symbols) {
+    if (sym.name === name) return sym;
+    if (sym.children) {
+      const found = findSymbolInList(sym.children, name);
+      if (found) return found;
+    }
+  }
+  return null;
+}
+function extractLines(source, startLine, endLine) {
+  const lines = source.split("\n");
+  const start = Math.max(0, startLine - 1);
+  const end = Math.min(lines.length, endLine);
+  return lines.slice(start, end).join("\n");
+}
+function buildFallbackResult(filePath, symbolName, content, language) {
+  const totalLines = content ? content.split("\n").length : 0;
+  return {
+    file: filePath,
+    symbolName,
+    startLine: content ? 1 : 0,
+    endLine: totalLines,
+    content,
+    language,
+    fallback: true,
+    warning: "[fallback: raw content]"
+  };
+}
+async function readContentSafe(filePath) {
+  const result = await readFileContent(filePath);
+  return result.ok ? result.value : "";
+}
+async function unfoldSymbol(filePath, symbolName) {
+  const lang = detectLanguage(filePath);
+  if (!lang) {
+    const content2 = await readContentSafe(filePath);
+    return buildFallbackResult(filePath, symbolName, content2, "unknown");
+  }
+  const outline = await getOutline(filePath);
+  if (outline.error) {
+    const content2 = await readContentSafe(filePath);
+    return buildFallbackResult(filePath, symbolName, content2, lang);
+  }
+  const symbol = findSymbolInList(outline.symbols, symbolName);
+  if (!symbol) {
+    const content2 = await readContentSafe(filePath);
+    return buildFallbackResult(filePath, symbolName, content2, lang);
+  }
+  const parseResult = await parseFile(filePath);
+  if (!parseResult.ok) {
+    const content2 = await readContentSafe(filePath);
+    return {
+      ...buildFallbackResult(
+        filePath,
+        symbolName,
+        extractLines(content2, symbol.line, symbol.endLine),
+        lang
+      ),
+      startLine: symbol.line,
+      endLine: symbol.endLine
+    };
+  }
+  const content = extractLines(parseResult.value.source, symbol.line, symbol.endLine);
+  return {
+    file: filePath,
+    symbolName,
+    startLine: symbol.line,
+    endLine: symbol.endLine,
+    content,
+    language: lang,
+    fallback: false
+  };
+}
+async function unfoldRange(filePath, startLine, endLine) {
+  const lang = detectLanguage(filePath) ?? "unknown";
+  const contentResult = await readFileContent(filePath);
+  if (!contentResult.ok) {
+    return {
+      file: filePath,
+      startLine: 0,
+      endLine: 0,
+      content: "",
+      language: lang,
+      fallback: true,
+      warning: "[fallback: raw content]"
+    };
+  }
+  const totalLines = contentResult.value.split("\n").length;
+  const clampedEnd = Math.min(endLine, totalLines);
+  const content = extractLines(contentResult.value, startLine, clampedEnd);
+  return {
+    file: filePath,
+    startLine,
+    endLine: clampedEnd,
+    content,
+    language: lang,
+    fallback: false
+  };
+}
+
 // src/index.ts
-var VERSION = "0.14.0";
+var VERSION = "0.15.0";
 export {
   AGENT_DESCRIPTORS,
   ARCHITECTURE_DESCRIPTOR,
@@ -9337,6 +10435,7 @@ export {
   DEFAULT_STATE,
   DEFAULT_STREAM_INDEX,
   DepDepthCollector,
+  EXTENSION_MAP,
   EmitInteractionInputSchema,
   EntropyAnalyzer,
   EntropyConfigSchema,
@@ -9371,6 +10470,7 @@ export {
   SharableForbiddenImportSchema,
   SharableLayerSchema,
   SharableSecurityRulesSchema,
+  SkillEventSchema,
   StreamIndexSchema,
   StreamInfoSchema,
   ThresholdConfigSchema,
@@ -9379,6 +10479,7 @@ export {
   VERSION,
   ViolationSchema,
   addProvenance,
+  agentConfigRules,
   analyzeDiff,
   analyzeLearningPatterns,
   appendFailure,
@@ -9386,6 +10487,7 @@ export {
   appendSessionEntry,
   applyFixes,
   applyHotspotDowngrade,
+  applySyncChanges,
   archMatchers,
   archModule,
   architecture,
@@ -9400,12 +10502,14 @@ export {
   checkEligibility,
   checkEvidenceCoverage,
   classifyFinding,
+  clearEventHashCache,
   clearFailuresCache,
   clearLearningsCache,
   configureFeedback,
   constraintRuleId,
   contextBudget,
   contextFilter,
+  countLearningEntries,
   createBoundaryValidator,
   createCommentedCodeFixes,
   createError,
@@ -9429,27 +10533,34 @@ export {
   detectCouplingViolations,
   detectDeadCode,
   detectDocDrift,
+  detectLanguage,
   detectPatternViolations,
   detectSizeBudgetViolations,
   detectStack,
   detectStaleConstraints,
   determineAssessment,
   diff,
+  emitEvent,
   executeWorkflow,
   expressRules,
   extractBundle,
+  extractIndexEntry,
   extractMarkdownLinks,
   extractSections,
   fanOutReview,
+  formatEventTimeline,
   formatFindingBlock,
   formatGitHubComment,
   formatGitHubSummary,
+  formatOutline,
   formatTerminalOutput,
   generateAgentsMap,
   generateSuggestions,
   getActionEmitter,
   getExitCode,
   getFeedbackConfig,
+  getOutline,
+  getParser,
   getPhaseCategories,
   getStreamForBranch,
   getUpdateNotification,
@@ -9460,24 +10571,30 @@ export {
   listActiveSessions,
   listStreams,
   loadBudgetedLearnings,
+  loadEvents,
   loadFailures,
   loadHandoff,
+  loadIndexEntries,
   loadRelevantLearnings,
   loadSessionSummary,
   loadState,
   loadStreamIndex,
   logAgentAction,
+  mcpRules,
   migrateToStreams,
   networkRules,
   nodeRules,
   parseDateFromEntry,
   parseDiff,
+  parseFile,
+  parseFrontmatter,
   parseManifest,
   parseRoadmap,
   parseSecurityConfig,
   parseSize,
   pathTraversalRules,
   previewFix,
+  promoteSessionLearnings,
   pruneLearnings,
   reactRules,
   readCheckState,
@@ -9489,6 +10606,7 @@ export {
   requestMultiplePeerReviews,
   requestPeerReview,
   resetFeedbackConfig,
+  resetParserCache,
   resolveFileToLayer,
   resolveModelTier,
   resolveRuleSeverity,
@@ -9510,6 +10628,7 @@ export {
   saveState,
   saveStreamIndex,
   scopeContext,
+  searchSymbols,
   secretRules,
   serializeRoadmap,
   setActiveStream,
@@ -9520,6 +10639,8 @@ export {
   tagUncitedFindings,
   touchStream,
   trackAction,
+  unfoldRange,
+  unfoldSymbol,
   updateSessionEntryStatus,
   updateSessionIndex,
   validateAgentsMap,