@haus-tech/haus-workflow 0.14.0 → 0.16.0

package/dist/cli.js

@@ -6,8 +6,9 @@ import path34 from "path";
 import { Command } from "commander";
 
 // src/commands/apply.ts
-import path10 from "path";
+import path13 from "path";
 import checkbox from "@inquirer/checkbox";
+import fs11 from "fs-extra";
 
 // src/catalog/remote-catalog.ts
 import os from "os";
@@ -31,7 +32,9 @@ var CATALOG_REF = process.env.HAUS_CATALOG_REF ?? "main";
 var CATALOG_CACHE_SUBDIR = ".claude/haus/catalog-cache";
 
 // src/catalog/remote-catalog.ts
-var CACHE_DIR = process.env["HAUS_CATALOG_CACHE_DIR_OVERRIDE"] ?? path.join(os.homedir(), CATALOG_CACHE_SUBDIR);
+function getCacheDir() {
+  return process.env["HAUS_CATALOG_CACHE_DIR_OVERRIDE"] ?? path.join(os.homedir(), CATALOG_CACHE_SUBDIR);
+}
 var REMOTE_BASE = process.env["HAUS_CATALOG_REMOTE_BASE"] ?? `${CATALOG_REPO_URL}/${CATALOG_REF}`;
 var REMOTE_MANIFEST_URL = `${REMOTE_BASE}/manifest.json`;
 async function fetchText(url) {
@@ -53,15 +56,29 @@ async function fetchRemoteManifest() {
     return null;
   }
 }
+async function writeTextIfChanged(dest, text) {
+  if (await fs.pathExists(dest)) {
+    const local = await fs.readFile(dest, "utf8");
+    if (local === text) return "unchanged";
+    await fs.writeFile(dest, text, "utf8");
+    return "updated";
+  }
+  await fs.ensureDir(path.dirname(dest));
+  await fs.writeFile(dest, text, "utf8");
+  return "created";
+}
 var WORKFLOW_TEMPLATE_REL = "templates/agentic-workflow-standard.md";
 async function readWorkflowTemplate(opts = {}) {
-  const dest = path.join(CACHE_DIR, WORKFLOW_TEMPLATE_REL);
-  if (await fs.pathExists(dest)) return fs.readFile(dest, "utf8");
+  const dest = path.join(getCacheDir(), WORKFLOW_TEMPLATE_REL);
   const text = await fetchText(`${REMOTE_BASE}/${WORKFLOW_TEMPLATE_REL}`);
-  if (text === null) return null;
+  if (text === null) {
+    if (await fs.pathExists(dest)) return fs.readFile(dest, "utf8");
+    return null;
+  }
   if (!opts.dryRun) {
-    await fs.ensureDir(path.dirname(dest));
-    await fs.writeFile(dest, text, "utf8");
+    await writeTextIfChanged(dest, text);
+  } else if (await fs.pathExists(dest)) {
+    return fs.readFile(dest, "utf8");
   }
   return text;
 }
@@ -86,30 +103,37 @@ async function downloadSkillReferences(item, destDir) {
       warn(`Skipping reference "${ref}" for ${item.id}: path traversal detected`);
       continue;
     }
-    if (await fs.pathExists(refDest)) continue;
     const text = await fetchText(`${REMOTE_BASE}/${item.path}/${ref}`);
     if (text === null) {
       warn(`Failed to fetch reference "${ref}" for ${item.id}`);
       continue;
     }
-    await fs.ensureDir(path.dirname(refDest));
-    await fs.writeFile(refDest, text, "utf8");
+    await writeTextIfChanged(refDest, text);
   }
 }
 async function syncRemoteCatalog() {
   const items = await fetchRemoteManifest();
   if (!items) {
     warn("Remote catalog fetch failed \u2014 using bundled catalog");
-    return { newItems: [], unchanged: 0, failed: [] };
+    return { newItems: [], refreshed: [], unchanged: 0, failed: [] };
   }
-  await fs.ensureDir(CACHE_DIR);
-  await fs.writeFile(
-    path.join(CACHE_DIR, "manifest.json"),
-    `${JSON.stringify({ items }, null, 2)}
+  const cacheDir = getCacheDir();
+  try {
+    await fs.ensureDir(cacheDir);
+    await fs.writeFile(
+      path.join(cacheDir, "manifest.json"),
+      `${JSON.stringify({ items }, null, 2)}
 `,
-    "utf8"
-  );
+      "utf8"
+    );
+  } catch (err) {
+    warn(
+      `Catalog cache not writable (${cacheDir}) \u2014 skipping cache sync: ${err instanceof Error ? err.message : String(err)}`
+    );
+    return { newItems: [], refreshed: [], unchanged: 0, failed: [] };
+  }
   const newItems = [];
+  const refreshed = [];
   let unchanged = 0;
   const failed = [];
   for (const item of items) {
@@ -121,18 +145,13 @@ async function syncRemoteCatalog() {
       continue;
     }
     if (item.type === "skill") {
-      const destDir = safeJoin(CACHE_DIR, item.path);
+      const destDir = safeJoin(getCacheDir(), item.path);
       if (!destDir) {
         warn(`Skipping ${item.id}: path traversal detected`);
         failed.push(item.id);
         continue;
       }
       const dest = path.join(destDir, "SKILL.md");
-      if (await fs.pathExists(dest)) {
-        await downloadSkillReferences(item, destDir);
-        unchanged++;
-        continue;
-      }
       const url = `${REMOTE_BASE}/${item.path}/SKILL.md`;
       const text = await fetchText(url);
       if (!text) {
@@ -140,21 +159,23 @@ async function syncRemoteCatalog() {
         failed.push(item.id);
         continue;
       }
-      await fs.ensureDir(path.dirname(dest));
-      await fs.writeFile(dest, text, "utf8");
-      await downloadSkillReferences(item, destDir);
-      newItems.push(item.id);
+      try {
+        const outcome = await writeTextIfChanged(dest, text);
+        await downloadSkillReferences(item, destDir);
+        if (outcome === "created") newItems.push(item.id);
+        else if (outcome === "updated") refreshed.push(item.id);
+        else unchanged++;
+      } catch (err) {
+        warn(`Failed to cache ${item.id}: ${err instanceof Error ? err.message : String(err)}`);
+        failed.push(item.id);
+      }
     } else {
-      const dest = safeJoin(CACHE_DIR, item.path);
+      const dest = safeJoin(getCacheDir(), item.path);
       if (!dest) {
         warn(`Skipping ${item.id}: path traversal detected`);
         failed.push(item.id);
         continue;
       }
-      if (await fs.pathExists(dest)) {
-        unchanged++;
-        continue;
-      }
       const url = `${REMOTE_BASE}/${item.path}`;
       const text = await fetchText(url);
       if (!text) {
@@ -162,12 +183,18 @@ async function syncRemoteCatalog() {
         failed.push(item.id);
         continue;
       }
-      await fs.ensureDir(path.dirname(dest));
-      await fs.writeFile(dest, text, "utf8");
-      newItems.push(item.id);
+      try {
+        const outcome = await writeTextIfChanged(dest, text);
+        if (outcome === "created") newItems.push(item.id);
+        else if (outcome === "updated") refreshed.push(item.id);
+        else unchanged++;
+      } catch (err) {
+        warn(`Failed to cache ${item.id}: ${err instanceof Error ? err.message : String(err)}`);
+        failed.push(item.id);
+      }
     }
   }
-  return { newItems, unchanged, failed };
+  return { newItems, refreshed, unchanged, failed };
 }
 var CATALOG_TAGS_API_URL = "https://api.github.com/repos/WeAreHausTech/haus-workflow-catalog/tags";
 async function fetchLatestCatalogTag() {
@@ -186,20 +213,28 @@ async function fetchLatestCatalogTag() {
 }
 async function getCacheManifestAge() {
   try {
-    const stat = await fs.stat(path.join(CACHE_DIR, "manifest.json"));
+    const stat = await fs.stat(path.join(getCacheDir(), "manifest.json"));
     return Date.now() - stat.mtimeMs;
   } catch {
     return null;
   }
 }
 
-// src/claude/write-claude-files.ts
-import path9 from "path";
-import fs9 from "fs-extra";
+// src/install/allow-rules.ts
+var ALLOWED_SUBCOMMANDS = [
+  "setup-project",
+  "apply",
+  "doctor",
+  "scan",
+  "context",
+  "recommend"
+];
+function buildAllowRules() {
+  return [...new Set(ALLOWED_SUBCOMMANDS.map((sub) => `Bash(haus ${sub}:*)`))];
+}
 
-// src/update/hash-installed.ts
-import path3 from "path";
-import fg2 from "fast-glob";
+// src/install/settings-merge.ts
+import path4 from "path";
 import fs3 from "fs-extra";
 
 // src/utils/fs.ts
@@ -253,7 +288,414 @@ async function mapWithConcurrency(items, fn, concurrency = 24) {
   return results;
 }
 
+// src/install/manifest.ts
+import os2 from "os";
+import path3 from "path";
+var MANIFEST_SCHEMA = "haus-install-manifest/1";
+function globalClaudeDir() {
+  return path3.join(os2.homedir(), ".claude");
+}
+function hausManifestPath() {
+  return path3.join(globalClaudeDir(), "haus", "install-manifest.json");
+}
+async function readManifest() {
+  return readJson(hausManifestPath());
+}
+async function writeManifest(manifest) {
+  await writeJson(hausManifestPath(), manifest);
+}
+function buildManifest(source, files, hooks) {
+  return {
+    _schema: MANIFEST_SCHEMA,
+    source,
+    installedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    files,
+    hooks
+  };
+}
+
+// src/install/settings-merge.ts
+function settingsJsonPath() {
+  return path4.join(globalClaudeDir(), "settings.json");
+}
+async function readSettings() {
+  const parsed = await readJson(settingsJsonPath());
+  return parsed ?? {};
+}
+async function writeSettings(settings) {
+  await writeJson(settingsJsonPath(), settings);
+}
+function mergeHooks(settings, fragments) {
+  const existing = settings._haus?.hooks ?? [];
+  const existingCommands = settings._haus?.hookCommands ?? [];
+  const existingSet = new Set(existing);
+  const updated = { ...settings };
+  updated.hooks = { ...settings.hooks ?? {} };
+  const addedIds = [];
+  const addedCommands = [];
+  for (const fragment of fragments) {
+    if (fragment.gate !== "keep") continue;
+    if (existingSet.has(fragment.id)) continue;
+    const event = fragment.event;
+    if (!updated.hooks[event]) updated.hooks[event] = [];
+    const entry = {
+      hooks: [{ type: "command", command: fragment.command }]
+    };
+    if (fragment.matcher) entry.matcher = fragment.matcher;
+    updated.hooks[event] = [...updated.hooks[event] ?? [], entry];
+    addedIds.push(fragment.id);
+    addedCommands.push(fragment.command);
+  }
+  updated._haus = {
+    hooks: [...existing, ...addedIds],
+    hookCommands: [...existingCommands, ...addedCommands],
+    // Preserve deny/allow tracking so hook, deny, and allow merges are order-independent.
+    ...settings._haus?.denyRules ? { denyRules: settings._haus.denyRules } : {},
+    ...settings._haus?.allowRules ? { allowRules: settings._haus.allowRules } : {}
+  };
+  return { settings: updated, addedIds };
+}
+function mergeDenyRules(settings, rules) {
+  const existingDeny = settings.permissions?.deny ?? [];
+  const seen = new Set(existingDeny);
+  const trackedDeny = settings._haus?.denyRules ?? [];
+  const addedRules = [];
+  for (const rule of rules) {
+    if (seen.has(rule)) continue;
+    seen.add(rule);
+    addedRules.push(rule);
+  }
+  const updated = { ...settings };
+  updated.permissions = {
+    ...settings.permissions ?? {},
+    deny: [...existingDeny, ...addedRules]
+  };
+  updated._haus = {
+    hooks: settings._haus?.hooks ?? [],
+    ...settings._haus?.hookCommands ? { hookCommands: settings._haus.hookCommands } : {},
+    denyRules: [...trackedDeny, ...addedRules],
+    ...settings._haus?.allowRules ? { allowRules: settings._haus.allowRules } : {}
+  };
+  return { settings: updated, addedRules };
+}
+function mergeAllowRules(settings, rules) {
+  const existingAllow = settings.permissions?.allow ?? [];
+  const seen = new Set(existingAllow);
+  const trackedAllow = settings._haus?.allowRules ?? [];
+  const addedRules = [];
+  for (const rule of rules) {
+    if (seen.has(rule)) continue;
+    seen.add(rule);
+    addedRules.push(rule);
+  }
+  const updated = { ...settings };
+  updated.permissions = {
+    ...settings.permissions ?? {},
+    allow: [...existingAllow, ...addedRules]
+  };
+  updated._haus = {
+    hooks: settings._haus?.hooks ?? [],
+    ...settings._haus?.hookCommands ? { hookCommands: settings._haus.hookCommands } : {},
+    ...settings._haus?.denyRules ? { denyRules: settings._haus.denyRules } : {},
+    allowRules: [...trackedAllow, ...addedRules]
+  };
+  return { settings: updated, addedRules };
+}
+function stripHausAllow(settings) {
+  const prevHaus = settings._haus;
+  if (!prevHaus?.allowRules || prevHaus.allowRules.length === 0) return settings;
+  const ownedSet = new Set(prevHaus.allowRules);
+  const updated = { ...settings };
+  const remainingAllow = (settings.permissions?.allow ?? []).filter((rule) => !ownedSet.has(rule));
+  const permissions = { ...settings.permissions ?? {} };
+  if (remainingAllow.length > 0) permissions.allow = remainingAllow;
+  else delete permissions.allow;
+  if (Object.keys(permissions).length > 0) updated.permissions = permissions;
+  else delete updated.permissions;
+  const haus = { ...prevHaus };
+  delete haus.allowRules;
+  const stillTracking = (haus.hooks?.length ?? 0) > 0 || (haus.hookCommands?.length ?? 0) > 0 || (haus.denyRules?.length ?? 0) > 0;
+  if (stillTracking) updated._haus = haus;
+  else delete updated._haus;
+  return updated;
+}
+function stripHausDeny(settings) {
+  const prevHaus = settings._haus;
+  if (!prevHaus?.denyRules || prevHaus.denyRules.length === 0) return settings;
+  const ownedSet = new Set(prevHaus.denyRules);
+  const updated = { ...settings };
+  const remainingDeny = (settings.permissions?.deny ?? []).filter((rule) => !ownedSet.has(rule));
+  const permissions = { ...settings.permissions ?? {} };
+  if (remainingDeny.length > 0) permissions.deny = remainingDeny;
+  else delete permissions.deny;
+  if (Object.keys(permissions).length > 0) updated.permissions = permissions;
+  else delete updated.permissions;
+  const haus = { ...prevHaus };
+  delete haus.denyRules;
+  const stillTracking = (haus.hooks?.length ?? 0) > 0 || (haus.hookCommands?.length ?? 0) > 0 || (haus.allowRules?.length ?? 0) > 0;
+  if (stillTracking) updated._haus = haus;
+  else delete updated._haus;
+  return updated;
+}
+function stripHausHooks(settings) {
+  if (!settings._haus) return settings;
+  const ownedCommands = new Set(settings._haus.hookCommands ?? []);
+  const usePrefix = ownedCommands.size === 0;
+  const updated = { ...settings };
+  updated.hooks = {};
+  for (const [event, entries] of Object.entries(settings.hooks ?? {})) {
+    const kept = entries.filter((entry) => {
+      const cmd = entry.hooks[0]?.command ?? "";
+      return usePrefix ? !cmd.startsWith("haus ") : !ownedCommands.has(cmd);
+    });
+    if (kept.length > 0) updated.hooks[event] = kept;
+  }
+  const { _haus: _, ...rest } = updated;
+  void _;
+  return rest;
+}
+async function loadHooksFragment(fragmentPath) {
+  let raw;
+  try {
+    raw = await fs3.readJson(fragmentPath);
+  } catch {
+    return [];
+  }
+  const data = raw;
+  return Array.isArray(data?.hooks) ? data.hooks : [];
+}
+
+// src/security/dangerous-commands.ts
+var DANGEROUS_COMMANDS = [
+  "rm -rf",
+  "sudo",
+  "chmod -R 777",
+  "chown -R",
+  "git push --force",
+  "git reset --hard",
+  "docker system prune",
+  "drop database",
+  "truncate table",
+  "php artisan migrate --force",
+  "npm publish",
+  "yarn npm publish",
+  "pnpm publish"
+];
+
+// src/security/sensitive-paths.ts
+var SENSITIVE_PATHS = [
+  ".env",
+  ".env.*",
+  "*.pem",
+  "*.key",
+  "*.p12",
+  "*.pfx",
+  "id_rsa",
+  "id_ed25519",
+  "*.sql",
+  "*.dump",
+  "*.backup",
+  "*.bak",
+  "storage/logs",
+  "wp-content/uploads",
+  "uploads",
+  "customer-data",
+  "exports",
+  "secrets",
+  "certs"
+];
+var SENSITIVE_PATH_REGEXES = [
+  /^\.env(\.|$)/,
+  /(^|\/)\.env(\.|$)/,
+  /\.pem$/,
+  /\.key$/,
+  /\.p12$/,
+  /\.pfx$/,
+  /\.sql$/,
+  /\.dump$/,
+  /customer-data/,
+  /exports/,
+  /certs/,
+  /secrets/,
+  /(^|\/)storage\/logs(\/|$)/,
+  /(^|\/)wp-content\/uploads(\/|$)/,
+  /(^|\/)uploads(\/|$)/
+];
+var SENSITIVE_ITEM_KEYWORDS = [
+  ".env",
+  "secrets",
+  "certs",
+  "customer-data",
+  "exports",
+  ".pem",
+  ".key"
+];
+
+// src/security/deny-rules.ts
+var SENSITIVE_DIRS = /* @__PURE__ */ new Set([
+  "storage/logs",
+  "wp-content/uploads",
+  "uploads",
+  "customer-data",
+  "exports",
+  "secrets",
+  "certs"
+]);
+var FILE_TOOLS = ["Read", "Edit", "Write"];
+function buildDenyRules() {
+  const rules = [];
+  for (const command of DANGEROUS_COMMANDS) {
+    rules.push(`Bash(${command}:*)`);
+  }
+  for (const path35 of SENSITIVE_PATHS) {
+    const pattern = SENSITIVE_DIRS.has(path35) ? `${path35}/**` : path35;
+    for (const tool of FILE_TOOLS) {
+      rules.push(`${tool}(${pattern})`);
+    }
+  }
+  return [...new Set(rules)];
+}
+
+// src/utils/paths.ts
+import { existsSync, readFileSync } from "fs";
+import os3 from "os";
+import path5 from "path";
+import { fileURLToPath } from "url";
+var HAUS_DIR = ".haus-workflow";
+function hausPath(root, ...parts) {
+  return path5.join(root, HAUS_DIR, ...parts);
+}
+function claudePath(root, ...parts) {
+  return path5.join(root, ".claude", ...parts);
+}
+function displayPath(root, targetPath) {
+  const rel = path5.relative(root, targetPath).replace(/\\/g, "/");
+  if (rel && !rel.startsWith("../") && rel !== "..") {
+    return rel.startsWith("./") ? rel : `./${rel}`;
+  }
+  const home = os3.homedir();
+  const normalized = targetPath.replace(/\\/g, "/");
+  if (home && home.trim().length > 0) {
+    const homeRel = path5.relative(home, targetPath).replace(/\\/g, "/");
+    if (homeRel && !homeRel.startsWith("../") && homeRel !== "..") {
+      return `~/${homeRel}`;
+    }
+  }
+  return normalized;
+}
+function packageRoot() {
+  let dir = path5.dirname(fileURLToPath(import.meta.url));
+  for (let i = 0; i < 12; i++) {
+    const pkgPath = path5.join(dir, "package.json");
+    if (existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
+        if (pkg.name === "haus" || pkg.name === "@haus-tech/haus-workflow") return dir;
+      } catch {
+      }
+    }
+    const parent = path5.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  const file = fileURLToPath(import.meta.url);
+  return path5.resolve(path5.dirname(file), "../..");
+}
+
+// src/claude/merge-project-settings.ts
+var PROJECT_HOOK_FRAGMENTS = [
+  {
+    id: "haus.context-hook",
+    gate: "keep",
+    event: "UserPromptSubmit",
+    command: "haus context --from-hook"
+  },
+  {
+    id: "haus.guard-file",
+    gate: "keep",
+    event: "PreToolUse",
+    matcher: "Read|Edit|Write",
+    command: "haus guard file-access --from-hook"
+  },
+  {
+    id: "haus.guard-bash",
+    gate: "keep",
+    event: "PreToolUse",
+    matcher: "Bash",
+    command: "haus guard bash --from-hook"
+  }
+];
+async function readProjectSettings(root) {
+  const parsed = await readJson(claudePath(root, "settings.json"));
+  return parsed ?? {};
+}
+async function writeProjectSettings(root, settings) {
+  await writeJson(claudePath(root, "settings.json"), settings);
+}
+async function mergeProjectSettings(root) {
+  const base = await readProjectSettings(root);
+  const { settings: withHooks } = mergeHooks(base, PROJECT_HOOK_FRAGMENTS);
+  const { settings: withDeny } = mergeDenyRules(withHooks, buildDenyRules());
+  const { settings: merged } = mergeAllowRules(withDeny, buildAllowRules());
+  return merged;
+}
+async function applyProjectSettingsMerge(root) {
+  const merged = await mergeProjectSettings(root);
+  await writeProjectSettings(root, merged);
+  return merged;
+}
+
+// src/claude/write-claude-files.ts
+import path12 from "path";
+import fs10 from "fs-extra";
+
+// src/catalog/load-catalog.ts
+import path6 from "path";
+async function loadCatalogContext(root) {
+  const envPath = process.env["HAUS_FIXTURE_CATALOG"];
+  if (envPath) {
+    const data2 = await readJson(envPath);
+    return {
+      items: data2?.items ?? [],
+      contentRoot: path6.dirname(envPath),
+      source: "fixture"
+    };
+  }
+  const cacheDir = getCacheDir();
+  const cacheManifestPath = path6.join(cacheDir, "manifest.json");
+  const cacheData = await readJson(cacheManifestPath);
+  if (cacheData?.items?.length) {
+    return { items: cacheData.items, contentRoot: cacheDir, source: "cache" };
+  }
+  const localManifest = path6.join(root, "library/catalog/manifest.json");
+  const localData = await readJson(localManifest);
+  if (localData?.items?.length) {
+    return {
+      items: localData.items,
+      contentRoot: path6.dirname(localManifest),
+      source: "local"
+    };
+  }
+  const packageManifest = path6.join(packageRoot(), "library/catalog/manifest.json");
+  const data = await readJson(packageManifest);
+  return {
+    items: data?.items ?? [],
+    contentRoot: path6.dirname(packageManifest),
+    source: "bundled"
+  };
+}
+async function loadCatalog(root) {
+  const ctx = await loadCatalogContext(root);
+  return ctx.items;
+}
+function catalogItemContentPath(contentRoot, item) {
+  return path6.join(contentRoot, item.path);
+}
+
 // src/update/hash-installed.ts
+import path7 from "path";
+import fg2 from "fast-glob";
+import fs4 from "fs-extra";
 var EMPTY_LOCK_PATHS_TOKEN = "haus-lock:empty-paths";
 async function hashInstalledPaths(root, relPaths) {
   if (relPaths.length === 0) {
@@ -262,20 +704,20 @@ async function hashInstalledPaths(root, relPaths) {
   const normalized = [...new Set(relPaths.map((p) => p.replace(/\\/g, "/")))].sort();
   const fileDigests = [];
   for (const rel of normalized) {
-    const abs = path3.join(root, rel);
-    if (!await fs3.pathExists(abs)) continue;
-    const stat = await fs3.stat(abs);
+    const abs = path7.join(root, rel);
+    if (!await fs4.pathExists(abs)) continue;
+    const stat = await fs4.stat(abs);
     if (stat.isFile()) {
-      const body = await fs3.readFile(abs, "utf8");
+      const body = await fs4.readFile(abs, "utf8");
       fileDigests.push({ rel, digest: hashText(body) });
       continue;
     }
     if (!stat.isDirectory()) continue;
     const inner = await fg2("**/*", { cwd: abs, onlyFiles: true, dot: true });
     for (const sub of inner.sort()) {
-      const relFile = path3.join(rel, sub).replace(/\\/g, "/");
-      const absFile = path3.join(abs, sub);
-      const body = await fs3.readFile(absFile, "utf8");
+      const relFile = path7.join(rel, sub).replace(/\\/g, "/");
+      const absFile = path7.join(abs, sub);
+      const body = await fs4.readFile(absFile, "utf8");
       fileDigests.push({ rel: relFile, digest: hashText(body) });
     }
   }
@@ -308,54 +750,8 @@ function summarizeDiff(diffText) {
   return { additions, deletions };
 }
 
-// src/utils/paths.ts
-import { existsSync, readFileSync } from "fs";
-import os2 from "os";
-import path4 from "path";
-import { fileURLToPath } from "url";
-var HAUS_DIR = ".haus-workflow";
-function hausPath(root, ...parts) {
-  return path4.join(root, HAUS_DIR, ...parts);
-}
-function claudePath(root, ...parts) {
-  return path4.join(root, ".claude", ...parts);
-}
-function displayPath(root, targetPath) {
-  const rel = path4.relative(root, targetPath).replace(/\\/g, "/");
-  if (rel && !rel.startsWith("../") && rel !== "..") {
-    return rel.startsWith("./") ? rel : `./${rel}`;
-  }
-  const home = os2.homedir();
-  const normalized = targetPath.replace(/\\/g, "/");
-  if (home && home.trim().length > 0) {
-    const homeRel = path4.relative(home, targetPath).replace(/\\/g, "/");
-    if (homeRel && !homeRel.startsWith("../") && homeRel !== "..") {
-      return `~/${homeRel}`;
-    }
-  }
-  return normalized;
-}
-function packageRoot() {
-  let dir = path4.dirname(fileURLToPath(import.meta.url));
-  for (let i = 0; i < 12; i++) {
-    const pkgPath = path4.join(dir, "package.json");
-    if (existsSync(pkgPath)) {
-      try {
-        const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
-        if (pkg.name === "haus" || pkg.name === "@haus-tech/haus-workflow") return dir;
-      } catch {
-      }
-    }
-    const parent = path4.dirname(dir);
-    if (parent === dir) break;
-    dir = parent;
-  }
-  const file = fileURLToPath(import.meta.url);
-  return path4.resolve(path4.dirname(file), "../..");
-}
-
 // src/claude/load-hooks-config.ts
-import path5 from "path";
+import path8 from "path";
 var CONFIG_PATH = ".haus-workflow/config.json";
 var DEFAULT_HOOKS_CONFIG = {
   hooks: {
@@ -363,125 +759,37 @@ var DEFAULT_HOOKS_CONFIG = {
   }
 };
 async function isHookEnabled(root, key) {
-  const cfg = await readJson(path5.join(root, CONFIG_PATH));
+  const cfg = await readJson(path8.join(root, CONFIG_PATH));
   return cfg?.hooks?.[key]?.enabled === true;
 }
 
-// src/security/dangerous-commands.ts
-var DANGEROUS_COMMANDS = [
-  "rm -rf",
-  "sudo",
-  "chmod -R 777",
-  "chown -R",
-  "git push --force",
-  "git reset --hard",
-  "docker system prune",
-  "drop database",
-  "truncate table",
-  "php artisan migrate --force",
-  "npm publish",
-  "yarn npm publish",
-  "pnpm publish"
-];
-
-// src/security/sensitive-paths.ts
-var SENSITIVE_PATHS = [
-  ".env",
-  ".env.*",
-  "*.pem",
-  "*.key",
-  "*.p12",
-  "*.pfx",
-  "id_rsa",
-  "id_ed25519",
-  "*.sql",
-  "*.dump",
-  "*.backup",
-  "*.bak",
-  "storage/logs",
-  "wp-content/uploads",
-  "uploads",
-  "customer-data",
-  "exports",
-  "secrets",
-  "certs"
-];
-var SENSITIVE_PATH_REGEXES = [
-  /^\.env(\.|$)/,
-  /(^|\/)\.env(\.|$)/,
-  /\.pem$/,
-  /\.key$/,
-  /\.p12$/,
-  /\.pfx$/,
-  /\.sql$/,
-  /\.dump$/,
-  /customer-data/,
-  /exports/,
-  /certs/,
-  /secrets/,
-  /(^|\/)storage\/logs(\/|$)/,
-  /(^|\/)wp-content\/uploads(\/|$)/,
-  /(^|\/)uploads(\/|$)/
-];
-var SENSITIVE_ITEM_KEYWORDS = [
-  ".env",
-  "secrets",
-  "certs",
-  "customer-data",
-  "exports",
-  ".pem",
-  ".key"
-];
-
-// src/security/deny-rules.ts
-var SENSITIVE_DIRS = /* @__PURE__ */ new Set([
-  "storage/logs",
-  "wp-content/uploads",
-  "uploads",
-  "customer-data",
-  "exports",
-  "secrets",
-  "certs"
-]);
-var FILE_TOOLS = ["Read", "Edit", "Write"];
-function buildDenyRules() {
-  const rules = [];
-  for (const command of DANGEROUS_COMMANDS) {
-    rules.push(`Bash(${command}:*)`);
-  }
-  for (const path35 of SENSITIVE_PATHS) {
-    const pattern = SENSITIVE_DIRS.has(path35) ? `${path35}/**` : path35;
-    for (const tool of FILE_TOOLS) {
-      rules.push(`${tool}(${pattern})`);
-    }
-  }
-  return [...new Set(rules)];
-}
+// src/claude/verify-hooks-contract.ts
+import fs5 from "fs-extra";
 
 // src/claude/load-hooks.ts
 var CANONICAL_HOOKS = {
   hooks: {
     UserPromptSubmit: [
       {
-        hooks: [{ type: "command", command: "haus context --from-hook || true" }]
+        hooks: [{ type: "command", command: "haus context --from-hook" }]
       }
     ],
     PreToolUse: [
       {
         matcher: "Read|Edit|Write",
-        hooks: [{ type: "command", command: "haus guard file-access --from-hook || true" }]
+        hooks: [{ type: "command", command: "haus guard file-access --from-hook" }]
       },
       {
         matcher: "Bash",
-        hooks: [{ type: "command", command: "haus guard bash --from-hook || true" }]
+        hooks: [{ type: "command", command: "haus guard bash --from-hook" }]
       }
     ]
   }
 };
 var STABLE_HOOK_IDS = {
-  "haus context --from-hook || true": "haus.context-hook",
-  "haus guard file-access --from-hook || true": "haus.guard-file",
-  "haus guard bash --from-hook || true": "haus.guard-bash"
+  "haus context --from-hook": "haus.context-hook",
+  "haus guard file-access --from-hook": "haus.guard-file",
+  "haus guard bash --from-hook": "haus.guard-bash"
 };
 async function loadClaudeHooksSettings() {
   return { ...CANONICAL_HOOKS, permissions: { deny: buildDenyRules() } };
@@ -505,24 +813,52 @@ function flattenRecommendedHooks(settings) {
 }
 
 // src/claude/verify-hooks-contract.ts
-import { isDeepStrictEqual } from "util";
-import fs4 from "fs-extra";
-async function assertPostApplySettingsMatchCanonical(root, canonical) {
+function collectHookCommands(settings) {
+  const cmds = [];
+  for (const entries of Object.values(settings.hooks ?? {})) {
+    for (const entry of entries) {
+      for (const h of entry.hooks ?? []) {
+        if (h.command) cmds.push(h.command);
+      }
+    }
+  }
+  return cmds;
+}
+function hausHookContractSatisfied(project, canonical) {
+  const present = new Set(collectHookCommands(project));
+  for (const block of canonical.hooks.UserPromptSubmit) {
+    for (const h of block.hooks) {
+      if (!present.has(h.command)) return false;
+    }
+  }
+  for (const block of canonical.hooks.PreToolUse) {
+    for (const h of block.hooks) {
+      if (!present.has(h.command)) return false;
+    }
+  }
+  const denySet = new Set(project.permissions?.deny ?? []);
+  for (const rule of canonical.permissions?.deny ?? []) {
+    if (!denySet.has(rule)) return false;
+  }
+  return true;
+}
+async function assertPostApplySettingsHausContract(root) {
+  const canonical = await loadClaudeHooksSettings();
   const written = await readJson(claudePath(root, "settings.json"));
   if (written == null || typeof written !== "object") {
     throw new Error(
       "haus: post-apply self-check failed: .claude/settings.json missing or unreadable"
     );
   }
-  if (!isDeepStrictEqual(canonical, written)) {
+  if (!hausHookContractSatisfied(written, canonical)) {
     throw new Error(
-      "haus: post-apply self-check failed: .claude/settings.json does not match canonical hook contract"
+      "haus: post-apply self-check failed: .claude/settings.json missing required haus hooks or deny rules"
     );
   }
 }
 async function verifyProjectSettingsHooksContract(root) {
   const settingsPath = claudePath(root, "settings.json");
-  if (!await fs4.pathExists(settingsPath)) {
+  if (!await fs5.pathExists(settingsPath)) {
     return {
       ok: true,
       skipped: true,
@@ -539,18 +875,18 @@ async function verifyProjectSettingsHooksContract(root) {
   if (project == null || typeof project !== "object") {
     return { ok: false, message: ".claude/settings.json is unreadable." };
   }
-  if (!isDeepStrictEqual(canonical, project)) {
+  if (!hausHookContractSatisfied(project, canonical)) {
     return {
       ok: false,
-      message: ".claude/settings.json drifts from canonical hook config (regenerate with `haus apply --write`)."
+      message: ".claude/settings.json missing required haus hooks or deny rules (regenerate with `haus apply --write`)."
     };
   }
-  return { ok: true, message: "settings.json matches canonical hook contract." };
+  return { ok: true, message: "settings.json carries required haus hook contract." };
 }
 
 // src/claude/write-root-claude-md.ts
-import path6 from "path";
-import fs5 from "fs-extra";
+import path9 from "path";
+import fs6 from "fs-extra";
 var BLOCK_BEGIN = "<!-- HAUS:BEGIN haus-imports v=1 -->";
 var BLOCK_END = "<!-- HAUS:END haus-imports -->";
 var IMPORT_CONTENT = `@.haus-workflow/WORKFLOW.md
@@ -560,6 +896,16 @@ function buildImportBlock() {
 ${IMPORT_CONTENT}
 ${BLOCK_END}`;
 }
+function stripHausBlock(existing) {
+  const beginIdx = existing.indexOf(BLOCK_BEGIN);
+  const endIdx = existing.indexOf(BLOCK_END);
+  if (beginIdx === -1 || endIdx === -1 || endIdx <= beginIdx) return existing;
+  const before = existing.slice(0, beginIdx);
+  const after = existing.slice(endIdx + BLOCK_END.length);
+  const merged = `${before}${after}`.replace(/\n{3,}/g, "\n\n").trimEnd();
+  return merged.length > 0 ? `${merged}
+` : "";
+}
 function injectHausBlock(existing, block) {
   const beginIdx = existing.indexOf(BLOCK_BEGIN);
   const endIdx = existing.indexOf(BLOCK_END);
@@ -579,9 +925,9 @@ ${block}
 `;
 }
 async function writeRootClaudeMd(root, dryRun) {
-  const filePath = path6.join(root, "CLAUDE.md");
+  const filePath = path9.join(root, "CLAUDE.md");
   const block = buildImportBlock();
-  const prev = await fs5.pathExists(filePath) ? await fs5.readFile(filePath, "utf8") : "";
+  const prev = await fs6.pathExists(filePath) ? await fs6.readFile(filePath, "utf8") : "";
   const next = injectHausBlock(prev, block);
   const printable = displayPath(root, filePath);
   if (dryRun) {
@@ -604,12 +950,12 @@ async function writeRootClaudeMd(root, dryRun) {
 }
 
 // src/claude/write-workflow-config.ts
-import path8 from "path";
-import fs7 from "fs-extra";
+import path11 from "path";
+import fs8 from "fs-extra";
 
 // src/claude/derive-workflow-config.ts
-import path7 from "path";
-import fs6 from "fs-extra";
+import path10 from "path";
+import fs7 from "fs-extra";
 function binCmd(pm, bin, args) {
   const tail = args ? ` ${args}` : "";
   if (pm === "yarn") return `yarn ${bin}${tail}`;
@@ -618,7 +964,7 @@ function binCmd(pm, bin, args) {
 }
 async function deriveWorkflowConfig(root, ctx) {
   const pm = ctx.packageManager === "unknown" ? "npm" : ctx.packageManager;
-  const pkg = await readJson(path7.join(root, "package.json"));
+  const pkg = await readJson(path10.join(root, "package.json"));
   const scripts = pkg?.scripts ?? {};
   const deps = new Set(ctx.dependencies);
   const stacks = Object.values(ctx.detectedStacks ?? {}).flat();
@@ -628,7 +974,7 @@ async function deriveWorkflowConfig(root, ctx) {
     return null;
   };
   const hasDep = (name) => deps.has(name);
-  const exists = (rel) => fs6.pathExistsSync(path7.join(root, rel));
+  const exists = (rel) => fs7.pathExistsSync(path10.join(root, rel));
   const hasPlaywright = hasDep("@playwright/test") || stacks.includes("playwright");
   const hasCypress = hasDep("cypress");
   const preCommitTool = exists("lefthook.yml") || exists("lefthook.yaml") ? "lefthook" : exists(".husky") || hasDep("husky") || (scripts.prepare ?? "").includes("husky") ? "husky" : exists(".pre-commit-config.yaml") ? "pre-commit (Python framework)" : null;
@@ -697,7 +1043,7 @@ var FALLBACK_CONTEXT = {
 async function writeWorkflowConfig(root, dryRun, opts = {}) {
   const destPath = hausPath(root, "workflow-config.md");
   const printable = displayPath(root, destPath);
-  const exists = await fs7.pathExists(destPath);
+  const exists = await fs8.pathExists(destPath);
   if (exists && !opts.refill) {
     if (dryRun) log(printable + ": exists (project-owned, skipping)");
     return null;
@@ -705,11 +1051,11 @@ async function writeWorkflowConfig(root, dryRun, opts = {}) {
   const ctx = await readJson(hausPath(root, "context-map.json")) ?? {
     ...FALLBACK_CONTEXT,
     root,
-    repoName: path8.basename(root)
+    repoName: path11.basename(root)
   };
   const values = await deriveWorkflowConfig(root, ctx);
   if (exists) {
-    const current = await fs7.readFile(destPath, "utf8");
+    const current = await fs8.readFile(destPath, "utf8");
     const refilled = refillContent(current, values);
     if (refilled === current) {
       if (dryRun) log(printable + ": no blank fields to refill");
@@ -731,7 +1077,7 @@ async function writeWorkflowConfig(root, dryRun, opts = {}) {
 }
 
 // src/claude/write-workflow.ts
-import fs8 from "fs-extra";
+import fs9 from "fs-extra";
 
 // src/claude/managed-template.ts
 function normaliseLF(content2) {
@@ -764,8 +1110,8 @@ async function writeWorkflow(root, pkgVersion, dryRun) {
 ${templateContent}`;
   const destPath = hausPath(root, "WORKFLOW.md");
   const printable = displayPath(root, destPath);
-  if (await fs8.pathExists(destPath)) {
-    const existing = await fs8.readFile(destPath, "utf8");
+  if (await fs9.pathExists(destPath)) {
+    const existing = await fs9.readFile(destPath, "utf8");
     const firstLine = existing.split("\n")[0] ?? "";
     const parsed = parseHausManagedHeader(firstLine);
     if (!parsed) {
@@ -787,7 +1133,7 @@ ${templateContent}`;
     }
   }
   if (dryRun) {
-    const prev = await fs8.pathExists(destPath) ? await fs8.readFile(destPath, "utf8") : "";
+    const prev = await fs9.pathExists(destPath) ? await fs9.readFile(destPath, "utf8") : "";
     if (!prev) {
       log(createUnifiedDiff(printable, "", next));
     } else {
@@ -814,7 +1160,7 @@ async function writeClaudeFiles(root, dryRun, selectedIds, opts = {}) {
     estimatedTokenReductionPct: 0
   };
   const pkgRoot = packageRoot();
-  const hausVersion2 = (await readJson(path9.join(pkgRoot, "package.json")))?.version ?? "0.0.0";
+  const hausVersion2 = (await readJson(path12.join(pkgRoot, "package.json")))?.version ?? "0.0.0";
   const coreFiles = [
     claudePath(root, "settings.json"),
     claudePath(root, "rules", "haus.md"),
@@ -838,11 +1184,15 @@ async function writeClaudeFiles(root, dryRun, selectedIds, opts = {}) {
     hausPath(root, "selected-context.json"),
     hausPath(root, "haus.lock.json")
   ];
-  const hookSettings = await loadClaudeHooksSettings();
-  await writeManagedJson(root, claudePath(root, "settings.json"), hookSettings, dryRun);
-  if (!dryRun) await assertPostApplySettingsMatchCanonical(root, hookSettings);
+  if (dryRun) {
+    const mergedSettings = await mergeProjectSettings(root);
+    await writeManagedJson(root, claudePath(root, "settings.json"), mergedSettings, true);
+  } else {
+    await applyProjectSettingsMerge(root);
+    await assertPostApplySettingsHausContract(root);
+  }
   const configPath = hausPath(root, "config.json");
-  if (!await fs9.pathExists(configPath)) {
+  if (!await fs10.pathExists(configPath)) {
     await writeManagedJson(root, configPath, DEFAULT_HOOKS_CONFIG, dryRun);
   }
   await writeManagedText(
@@ -869,15 +1219,8 @@ async function writeClaudeFiles(root, dryRun, selectedIds, opts = {}) {
     "- Never read secrets.\n- Block dangerous shell commands.\n",
     dryRun
   );
-  const fixtureManifestPath = process.env["HAUS_FIXTURE_CATALOG"];
-  const manifestPath2 = fixtureManifestPath ?? path9.join(pkgRoot, "library", "catalog", "manifest.json");
-  const manifestDir = path9.dirname(manifestPath2);
-  const manifest = await readJson(manifestPath2) ?? { items: [] };
-  const manifestById = new Map((manifest.items ?? []).map((item) => [item.id, item]));
-  const cacheManifest = await readJson(
-    path9.join(CACHE_DIR, "manifest.json")
-  );
-  const cacheManifestById = new Map((cacheManifest?.items ?? []).map((item) => [item.id, item]));
+  const { items: manifestItems, contentRoot } = await loadCatalogContext(root);
+  const manifestById = new Map(manifestItems.map((item) => [item.id, item]));
   const installedPathsByItem = /* @__PURE__ */ new Map();
   const installedIds = /* @__PURE__ */ new Set();
   const catalogItems = selectedIds !== void 0 ? rec.recommended.filter((r) => selectedIds.includes(r.id)) : rec.recommended;
@@ -896,24 +1239,22 @@ async function writeClaudeFiles(root, dryRun, selectedIds, opts = {}) {
         continue;
       }
     }
-    const cachedItem = cacheManifestById.get(item.id);
-    const cachePath = cachedItem?.path ? path9.join(CACHE_DIR, cachedItem.path) : null;
-    const sourcePath = cachePath && await fs9.pathExists(cachePath) ? cachePath : path9.join(manifestDir, manifestItem.path);
+    const sourcePath = catalogItemContentPath(contentRoot, manifestItem);
     const target = item.type === "agent" ? "agents" : item.type === "template" ? "templates" : "skills";
-    const destination = claudePath(root, target, path9.basename(sourcePath));
-    if (await fs9.pathExists(sourcePath)) {
+    const destination = claudePath(root, target, path12.basename(sourcePath));
+    if (await fs10.pathExists(sourcePath)) {
       if (dryRun) {
-        const exists = await fs9.pathExists(destination);
+        const exists = await fs10.pathExists(destination);
         log(
           `${displayPath(root, destination)}: ${exists ? "would overwrite" : "would create"} (${item.id})`
         );
       } else {
-        await fs9.ensureDir(path9.dirname(destination));
-        await fs9.copy(sourcePath, destination, { overwrite: true, errorOnExist: false });
+        await fs10.ensureDir(path12.dirname(destination));
+        await fs10.copy(sourcePath, destination, { overwrite: true, errorOnExist: false });
       }
       files.push(destination);
       const current = installedPathsByItem.get(item.id) ?? [];
-      installedPathsByItem.set(item.id, [...current, path9.relative(root, destination)]);
+      installedPathsByItem.set(item.id, [...current, path12.relative(root, destination)]);
       installedIds.add(item.id);
     } else {
       warn(
@@ -964,7 +1305,7 @@ async function writeClaudeFiles(root, dryRun, selectedIds, opts = {}) {
   return [...new Set(files)];
 }
 async function writeManagedText(root, filePath, nextText, dryRun) {
-  const prev = await fs9.pathExists(filePath) ? await fs9.readFile(filePath, "utf8") : "";
+  const prev = await fs10.pathExists(filePath) ? await fs10.readFile(filePath, "utf8") : "";
   const printable = displayPath(root, filePath);
   if (dryRun) {
     if (!prev) {
@@ -991,7 +1332,7 @@ async function writeManagedJson(root, filePath, value, dryRun) {
 
 // src/commands/apply.ts
 async function cacheHasItems() {
-  const data = await readJson(path10.join(CACHE_DIR, "manifest.json"));
+  const data = await readJson(path13.join(getCacheDir(), "manifest.json"));
   return Array.isArray(data?.items) && data.items.length > 0;
 }
 async function runApply(options) {
@@ -1035,17 +1376,9 @@ async function runApply(options) {
     const rec = await readJson(hausPath(root, "recommendation.json"));
     const catalogItemCount = selectedIds !== void 0 ? selectedIds.length : rec?.recommended.length ?? 0;
     if (catalogItemCount > 0 && !await cacheHasItems()) {
-      if (isDryRun) {
-        warn(
-          "Catalog cache is empty \u2014 `haus apply --write` will skip catalog items. Run `haus update` first."
-        );
-      } else {
-        error(
-          "Catalog cache is empty \u2014 cannot install catalog items. Run `haus update` first, or pass --allow-empty-cache to apply core files only."
-        );
-        process.exitCode = 1;
-        return;
-      }
+      warn(
+        isDryRun ? "Catalog cache is empty \u2014 `haus apply --write` will skip catalog items. Run `haus update` first." : "Catalog cache is empty \u2014 catalog items will be skipped. Run `haus update` first, or pass --allow-empty-cache to silence this warning."
+      );
     }
   }
   const files = await writeClaudeFiles(root, isDryRun, selectedIds, {
@@ -1058,25 +1391,17 @@ async function runApply(options) {
     files.forEach((f) => log(`- ${displayPath(root, f)}`));
   }
 }
-
-// src/catalog/load-catalog.ts
-import os3 from "os";
-import path11 from "path";
-var CACHE_MANIFEST = path11.join(os3.homedir(), CATALOG_CACHE_SUBDIR, "manifest.json");
-async function loadCatalog(root) {
-  const envPath = process.env["HAUS_FIXTURE_CATALOG"];
-  if (envPath) {
-    const data2 = await readJson(envPath);
-    return data2?.items ?? [];
+async function isHausProject(root) {
+  if (await fs11.pathExists(hausPath(root, "recommendation.json"))) return true;
+  if (await fs11.pathExists(claudePath(root, "settings.json"))) {
+    const settings = await readProjectSettings(root);
+    if (settings._haus != null) return true;
   }
-  const cacheData = await readJson(CACHE_MANIFEST);
-  if (cacheData?.items?.length) return cacheData.items;
-  const localManifest = path11.join(root, "library/catalog/manifest.json");
-  const localData = await readJson(localManifest);
-  if (localData?.items?.length) return localData.items;
-  const packageManifest = path11.join(packageRoot(), "library/catalog/manifest.json");
-  const data = await readJson(packageManifest);
-  return data?.items ?? [];
+  return false;
+}
+async function refreshProjectApply(root) {
+  if (!await isHausProject(root)) return [];
+  return writeClaudeFiles(root, false, void 0, { refillConfig: false });
 }
 
 // library/catalog/validation-rules.json
@@ -1284,7 +1609,7 @@ async function runCatalogAudit() {
 }
 
 // src/commands/config.ts
-import path12 from "path";
+import path14 from "path";
 var CONFIG_PATH2 = ".haus-workflow/config.json";
 var HOOK_ALIASES = {
   "hook.context": "context"
@@ -1297,7 +1622,7 @@ async function runConfig(key, action) {
     );
   }
   const root = process.cwd();
-  const configPath = path12.join(root, CONFIG_PATH2);
+  const configPath = path14.join(root, CONFIG_PATH2);
   const existing = await readJson(configPath);
   const cfg = existing ?? structuredClone(DEFAULT_HOOKS_CONFIG);
   cfg.hooks ??= {};
@@ -1669,7 +1994,7 @@ function selectRules(recommended, task, taskIntents) {
 
 // src/scanner/scan-project.ts
 import { readFile as readFile2 } from "fs/promises";
-import path16 from "path";
+import path18 from "path";
 
 // src/utils/audit-checks.ts
 function isRecord(v) {
@@ -1696,8 +2021,8 @@ function compareVersions(a, b) {
 }
 
 // src/scanner/detect-package-manager.ts
-import path13 from "path";
-import fs10 from "fs-extra";
+import path15 from "path";
+import fs12 from "fs-extra";
 function detectPackageManager(root, packageManagerField) {
   const field = String(packageManagerField ?? "").trim();
   if (field.startsWith("yarn@")) {
@@ -1715,9 +2040,9 @@ function detectPackageManager(root, packageManagerField) {
     if (satisfiesVersion(version, ">=9")) return "npm";
     return "unknown";
   }
-  if (fs10.existsSync(path13.join(root, "yarn.lock"))) return "yarn";
-  if (fs10.existsSync(path13.join(root, "pnpm-lock.yaml"))) return "pnpm";
-  if (fs10.existsSync(path13.join(root, "package-lock.json"))) return "npm";
+  if (fs12.existsSync(path15.join(root, "yarn.lock"))) return "yarn";
+  if (fs12.existsSync(path15.join(root, "pnpm-lock.yaml"))) return "pnpm";
+  if (fs12.existsSync(path15.join(root, "package-lock.json"))) return "npm";
   return "unknown";
 }
 
@@ -1890,7 +2215,7 @@ function runDetection(ctx, rules = STACK_RULES) {
 }
 
 // src/scanner/detection.ts
-import path14 from "path";
+import path16 from "path";
 var UNSUPPORTED_MARKERS = {
   "requirements.txt": "python",
   "pyproject.toml": "python",
@@ -1944,14 +2269,14 @@ function finalizeRoles(registryRoles, deps, files) {
 function collectUnsupportedSignals(files) {
   return [
     ...new Set(
-      files.map((f) => UNSUPPORTED_MARKERS[path14.basename(f)]).filter((s) => Boolean(s))
+      files.map((f) => UNSUPPORTED_MARKERS[path16.basename(f)]).filter((s) => Boolean(s))
     )
   ].sort();
 }
 
 // src/scanner/render.ts
 import { readFile } from "fs/promises";
-import path15 from "path";
+import path17 from "path";
 
 // src/scanner/role-labels.ts
 var ROLE_LABELS = {
@@ -2013,7 +2338,7 @@ async function buildContentBlob(root, files) {
   const slice = candidates.slice(0, 300);
   const parts = await mapWithConcurrency(slice, async (rel) => {
     try {
-      return await readFile(path15.join(root, rel), "utf8");
+      return await readFile(path17.join(root, rel), "utf8");
     } catch {
       return "";
     }
@@ -2032,6 +2357,38 @@ ${describeRepo(context)}
 `;
 }
 
+// src/scanner/write-sources-report.ts
+function buildSourcesReport(items) {
+  const statusBySource = /* @__PURE__ */ new Map();
+  for (const item of items) {
+    const src = item.source?.trim();
+    if (!src || src === "haus") continue;
+    if (src === "curated") {
+      if (item.reviewStatus === "approved" && item.riskLevel !== "blocked") {
+        statusBySource.set("curated", "approved");
+      } else if (!statusBySource.has("curated")) {
+        statusBySource.set("curated", "candidate");
+      }
+      continue;
+    }
+    if (item.reviewStatus === "approved" && item.riskLevel !== "blocked") {
+      statusBySource.set(src, "approved");
+    } else if (!statusBySource.has(src)) {
+      statusBySource.set(src, "candidate");
+    }
+  }
+  return {
+    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    items: [...statusBySource.entries()].map(([id, status]) => ({ id, status })).sort((a, b) => a.id.localeCompare(b.id))
+  };
+}
+async function writeSourcesReport(root) {
+  const items = await loadCatalog(root);
+  const report = buildSourcesReport(items);
+  await writeJson(hausPath(root, "sources-report.json"), report);
+  return report;
+}
+
 // src/scanner/scan-project.ts
 var SAFE_FILES = [
   "package.json",
@@ -2079,8 +2436,8 @@ var SAFE_FILES = [
   "Gemfile"
 ];
 async function scanProject(root, mode = "fast") {
-  const pkg = await readJson(path16.join(root, "package.json"));
-  const composer = await readJson(path16.join(root, "composer.json"));
+  const pkg = await readJson(path18.join(root, "package.json"));
+  const composer = await readJson(path18.join(root, "composer.json"));
   const files = await listFiles(root, SAFE_FILES);
   const safeFiles = files.filter((f) => !blocked(f));
   const deps = dependencySet(pkg, composer);
@@ -2114,7 +2471,7 @@ async function scanProject(root, mode = "fast") {
     mode,
     generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
     root,
-    repoName: String(pkg?.name ?? path16.basename(root)),
+    repoName: String(pkg?.name ?? path18.basename(root)),
     packageManager,
     repoRoles: roles,
     detectedStacks: stacks,
@@ -2132,7 +2489,7 @@ async function scanProject(root, mode = "fast") {
   const scanHashes = Object.fromEntries(
     await mapWithConcurrency(
       safeFiles,
-      async (f) => [f, hashText(await readFile2(path16.join(root, f), "utf8"))]
+      async (f) => [f, hashText(await readFile2(path18.join(root, f), "utf8"))]
     )
   );
   const repoSummary = renderSummary(context);
@@ -2140,6 +2497,7 @@ async function scanProject(root, mode = "fast") {
   await writeJson(hausPath(root, "dependency-map.json"), dependencyMap);
   await writeJson(hausPath(root, "scan-hashes.json"), scanHashes);
   await writeText(hausPath(root, "repo-summary.md"), repoSummary);
+  await writeSourcesReport(root);
   return { ...context, dependencyMap, scanHashes, repoSummary };
 }
 
@@ -2151,6 +2509,18 @@ async function readContextOrScan(root) {
   return scan;
 }
 
+// src/security/secret-patterns.ts
+var SECRET_PATTERNS = [
+  /api[_-]?key\s*[:=]\s*\S+/i,
+  /token\s*[:=]\s*\S+/i,
+  /password\s*[:=]\s*\S+/i
+];
+
+// src/security/redact-sensitive.ts
+function redactSensitive(input2) {
+  return SECRET_PATTERNS.reduce((acc, pattern) => acc.replace(pattern, "[REDACTED]"), input2);
+}
+
 // src/commands/context.ts
 async function runContext(options) {
   const root = process.cwd();
@@ -2199,13 +2569,13 @@ async function runContext(options) {
     }),
     summary
   ];
-  const text = lines.join("\n");
+  const text = redactSensitive(lines.join("\n"));
   log(options.fromHook ? text.slice(0, 3e3) : text);
 }
 
 // src/commands/doctor.ts
-import path17 from "path";
-import fs11 from "fs-extra";
+import path19 from "path";
+import fs13 from "fs-extra";
 
 // src/update/npm-version.ts
 var NPM_PACKAGE_NAME = "@haus-tech/haus-workflow";
@@ -2285,7 +2655,7 @@ async function runDoctor(options) {
     const enabled = await isHookEnabled(root, key);
     ok(`- HOOK ${key}: ${enabled ? "enabled" : "disabled (default)"}`);
   }
-  const rootClaudeMdPath = path17.join(root, "CLAUDE.md");
+  const rootClaudeMdPath = path19.join(root, "CLAUDE.md");
   const rootClaudeMdContent = await readText(rootClaudeMdPath);
   if (!rootClaudeMdContent) {
     flag(
@@ -2313,7 +2683,7 @@ async function runDoctor(options) {
       const block = rootClaudeMdContent.slice(beginIdx, endIdx + BLOCK_END.length);
       const importTargets = [...block.matchAll(/@\.haus-workflow\/(\S+)/g)].map((m) => m[1]);
       for (const target of importTargets) {
-        if (!await fs11.pathExists(hausPath(root, target))) {
+        if (!await fs13.pathExists(hausPath(root, target))) {
           flag(
             `- CLAUDE.md import: @.haus-workflow/${target} does not resolve (run \`haus apply --write\`)`,
             `A file CLAUDE.md links to (${target}) is missing, so part of the guidance won't load`,
@@ -2324,7 +2694,7 @@ async function runDoctor(options) {
     }
   }
   const workflowPath = hausPath(root, "WORKFLOW.md");
-  const workflowExists = await fs11.pathExists(workflowPath);
+  const workflowExists = await fs13.pathExists(workflowPath);
   if (!workflowExists) {
     flag(
       "- .haus-workflow/WORKFLOW.md: missing (run `haus apply --write`)",
@@ -2338,15 +2708,15 @@ async function runDoctor(options) {
       ok("- .haus-workflow/WORKFLOW.md: OK (user-owned)");
     } else {
       const storedHashMatch = firstLine.match(/hash=(sha256-[a-f0-9]+)/);
-      const cachePath = path17.join(CACHE_DIR, "templates/agentic-workflow-standard.md");
-      const bundledPath = path17.join(
+      const cachePath = path19.join(getCacheDir(), "templates/agentic-workflow-standard.md");
+      const bundledPath = path19.join(
         packageRoot(),
         "library",
         "global",
         "templates",
         "agentic-workflow-standard.md"
       );
-      const templatePath = await fs11.pathExists(cachePath) ? cachePath : bundledPath;
+      const templatePath = await fs13.pathExists(cachePath) ? cachePath : bundledPath;
       const templateContent = await readText(templatePath);
       if (storedHashMatch && templateContent) {
         const currentHash = hashText(normaliseLF(templateContent));
@@ -2365,7 +2735,7 @@ async function runDoctor(options) {
     }
   }
   const workflowConfigPath = hausPath(root, "workflow-config.md");
-  const workflowConfigExists = await fs11.pathExists(workflowConfigPath);
+  const workflowConfigExists = await fs13.pathExists(workflowConfigPath);
   if (!workflowConfigExists) {
     flag(
       "- .haus-workflow/workflow-config.md: missing (run `haus apply --write`)",
@@ -2373,7 +2743,7 @@ async function runDoctor(options) {
       "haus apply --write"
     );
   } else {
-    const cfg = await fs11.readFile(workflowConfigPath, "utf8");
+    const cfg = await fs13.readFile(workflowConfigPath, "utf8");
     const unfilled = cfg.split("\n").filter((l) => l.includes("<!-- fill in")).length;
     if (unfilled > 0) {
       flag(
@@ -2404,7 +2774,7 @@ async function runDoctor(options) {
       ok(`- CATALOG CACHE: OK (${cacheAgeDays}d old)`);
     }
   }
-  const pkgJson = await readJson(path17.join(packageRoot(), "package.json"));
+  const pkgJson = await readJson(path19.join(packageRoot(), "package.json"));
   const currentVersion = pkgJson?.version ?? "0.0.0";
   const npmStatus = await fetchNpmVersionStatus(currentVersion);
   if (npmStatus.updateAvailable && npmStatus.latest !== null) {
@@ -2413,7 +2783,9 @@ async function runDoctor(options) {
       `A newer haus (${npmStatus.latest}) is available`,
       `npm install -g ${NPM_PACKAGE_NAME}`
     );
-    process.exitCode = 1;
+    if (!process.env["HAUS_FIXTURE_CATALOG"]) {
+      process.exitCode = 1;
+    }
   } else if (npmStatus.latest !== null) {
     ok(`- CLI: ${currentVersion} (up to date)`);
   } else {
@@ -2545,8 +2917,8 @@ async function runGuard(kind, _options) {
 }
 
 // src/commands/init.ts
-import path18 from "path";
-import fs12 from "fs-extra";
+import path20 from "path";
+import fs14 from "fs-extra";
 
 // src/utils/prompts.ts
 import { stdin as input, stdout as output } from "process";
@@ -2606,23 +2978,7 @@ async function readChangedFiles(root) {
 }
 
 // src/recommender/policies.ts
-var UNSUPPORTED = [
-  "python",
-  "django",
-  "go",
-  "rust",
-  "java",
-  "spring",
-  "kotlin",
-  "swift",
-  "android",
-  "flutter",
-  "dart",
-  "c++",
-  "perl",
-  "defi",
-  "trading"
-];
+var UNSUPPORTED = FORBIDDEN_TAGS;
 function matchRequiresAny(clauses, ctx) {
   for (const clause of clauses) {
     if ("stack" in clause) {
@@ -2908,6 +3264,15 @@ async function runSetupCore(root, opts) {
       return baseResult;
     }
   }
+  if (!dryRun && !process.env["HAUS_FIXTURE_CATALOG"]) {
+    log("Syncing remote catalog...");
+    const sync = await syncRemoteCatalog();
+    if (sync.newItems.length > 0) {
+      log(`Catalog cache populated: ${sync.newItems.length} new item(s).`);
+    } else if (sync.refreshed.length > 0) {
+      log(`Catalog cache refreshed: ${sync.refreshed.length} updated item(s).`);
+    }
+  }
   const files = await writeClaudeFiles(root, dryRun ?? false);
   log("Applied files:");
   files.forEach((f) => log(`- ${displayPath(root, f)}`));
@@ -2974,35 +3339,22 @@ async function runSetupProject(options) {
 // src/commands/init.ts
 async function runInit(options) {
   const root = process.cwd();
-  const hausDir = path18.join(root, ".haus-workflow");
-  const alreadyInit = await fs12.pathExists(hausDir);
+  const hausDir = path20.join(root, ".haus-workflow");
+  const alreadyInit = await fs14.pathExists(hausDir);
   if (alreadyInit) {
-    log("Haus AI already initialized in this project.");
-    log("Run `haus setup-project` to reconfigure.");
-    return;
-  }
-  log("Welcome to Haus AI. Initializing this project for the first time.");
-  await runSetupProject(options);
-}
-
-// src/install/apply.ts
-import crypto2 from "crypto";
-import path21 from "path";
-import fs14 from "fs-extra";
-
-// src/install/allow-rules.ts
-var ALLOWED_SUBCOMMANDS = [
-  "setup-project",
-  "apply",
-  "doctor",
-  "scan",
-  "context",
-  "recommend"
-];
-function buildAllowRules() {
-  return [...new Set(ALLOWED_SUBCOMMANDS.map((sub) => `Bash(haus ${sub}:*)`))];
+    log("Haus AI already initialized in this project.");
+    log("Run `haus setup-project` to reconfigure.");
+    return;
+  }
+  log("Welcome to Haus AI. Initializing this project for the first time.");
+  await runSetupProject(options);
 }
 
+// src/install/apply.ts
+import crypto2 from "crypto";
+import path21 from "path";
+import fs15 from "fs-extra";
+
 // src/install/header.ts
 var MD_PREFIX = "<!-- HAUS-MANAGED";
 var MD_SUFFIX = " -->";
@@ -3033,185 +3385,6 @@ ${rest}`;
 ${content2}`;
 }
 
-// src/install/manifest.ts
-import os4 from "os";
-import path19 from "path";
-var MANIFEST_SCHEMA = "haus-install-manifest/1";
-function globalClaudeDir() {
-  return path19.join(os4.homedir(), ".claude");
-}
-function hausManifestPath() {
-  return path19.join(globalClaudeDir(), "haus", "install-manifest.json");
-}
-async function readManifest() {
-  return readJson(hausManifestPath());
-}
-async function writeManifest(manifest) {
-  await writeJson(hausManifestPath(), manifest);
-}
-function buildManifest(source, files, hooks) {
-  return {
-    _schema: MANIFEST_SCHEMA,
-    source,
-    installedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    files,
-    hooks
-  };
-}
-
-// src/install/settings-merge.ts
-import path20 from "path";
-import fs13 from "fs-extra";
-function settingsJsonPath() {
-  return path20.join(globalClaudeDir(), "settings.json");
-}
-async function readSettings() {
-  const parsed = await readJson(settingsJsonPath());
-  return parsed ?? {};
-}
-async function writeSettings(settings) {
-  await writeJson(settingsJsonPath(), settings);
-}
-function mergeHooks(settings, fragments) {
-  const existing = settings._haus?.hooks ?? [];
-  const existingCommands = settings._haus?.hookCommands ?? [];
-  const existingSet = new Set(existing);
-  const updated = { ...settings };
-  updated.hooks = { ...settings.hooks ?? {} };
-  const addedIds = [];
-  const addedCommands = [];
-  for (const fragment of fragments) {
-    if (fragment.gate !== "keep") continue;
-    if (existingSet.has(fragment.id)) continue;
-    const event = fragment.event;
-    if (!updated.hooks[event]) updated.hooks[event] = [];
-    const entry = {
-      hooks: [{ type: "command", command: fragment.command }]
-    };
-    if (fragment.matcher) entry.matcher = fragment.matcher;
-    updated.hooks[event] = [...updated.hooks[event] ?? [], entry];
-    addedIds.push(fragment.id);
-    addedCommands.push(fragment.command);
-  }
-  updated._haus = {
-    hooks: [...existing, ...addedIds],
-    hookCommands: [...existingCommands, ...addedCommands],
-    // Preserve deny/allow tracking so hook, deny, and allow merges are order-independent.
-    ...settings._haus?.denyRules ? { denyRules: settings._haus.denyRules } : {},
-    ...settings._haus?.allowRules ? { allowRules: settings._haus.allowRules } : {}
-  };
-  return { settings: updated, addedIds };
-}
-function mergeDenyRules(settings, rules) {
-  const existingDeny = settings.permissions?.deny ?? [];
-  const seen = new Set(existingDeny);
-  const trackedDeny = settings._haus?.denyRules ?? [];
-  const addedRules = [];
-  for (const rule of rules) {
-    if (seen.has(rule)) continue;
-    seen.add(rule);
-    addedRules.push(rule);
-  }
-  const updated = { ...settings };
-  updated.permissions = {
-    ...settings.permissions ?? {},
-    deny: [...existingDeny, ...addedRules]
-  };
-  updated._haus = {
-    hooks: settings._haus?.hooks ?? [],
-    ...settings._haus?.hookCommands ? { hookCommands: settings._haus.hookCommands } : {},
-    denyRules: [...trackedDeny, ...addedRules],
-    ...settings._haus?.allowRules ? { allowRules: settings._haus.allowRules } : {}
-  };
-  return { settings: updated, addedRules };
-}
-function mergeAllowRules(settings, rules) {
-  const existingAllow = settings.permissions?.allow ?? [];
-  const seen = new Set(existingAllow);
-  const trackedAllow = settings._haus?.allowRules ?? [];
-  const addedRules = [];
-  for (const rule of rules) {
-    if (seen.has(rule)) continue;
-    seen.add(rule);
-    addedRules.push(rule);
-  }
-  const updated = { ...settings };
-  updated.permissions = {
-    ...settings.permissions ?? {},
-    allow: [...existingAllow, ...addedRules]
-  };
-  updated._haus = {
-    hooks: settings._haus?.hooks ?? [],
-    ...settings._haus?.hookCommands ? { hookCommands: settings._haus.hookCommands } : {},
-    ...settings._haus?.denyRules ? { denyRules: settings._haus.denyRules } : {},
-    allowRules: [...trackedAllow, ...addedRules]
-  };
-  return { settings: updated, addedRules };
-}
-function stripHausAllow(settings) {
-  const prevHaus = settings._haus;
-  if (!prevHaus?.allowRules || prevHaus.allowRules.length === 0) return settings;
-  const ownedSet = new Set(prevHaus.allowRules);
-  const updated = { ...settings };
-  const remainingAllow = (settings.permissions?.allow ?? []).filter((rule) => !ownedSet.has(rule));
-  const permissions = { ...settings.permissions ?? {} };
-  if (remainingAllow.length > 0) permissions.allow = remainingAllow;
-  else delete permissions.allow;
-  if (Object.keys(permissions).length > 0) updated.permissions = permissions;
-  else delete updated.permissions;
-  const haus = { ...prevHaus };
-  delete haus.allowRules;
-  const stillTracking = (haus.hooks?.length ?? 0) > 0 || (haus.hookCommands?.length ?? 0) > 0 || (haus.denyRules?.length ?? 0) > 0;
-  if (stillTracking) updated._haus = haus;
-  else delete updated._haus;
-  return updated;
-}
-function stripHausDeny(settings) {
-  const prevHaus = settings._haus;
-  if (!prevHaus?.denyRules || prevHaus.denyRules.length === 0) return settings;
-  const ownedSet = new Set(prevHaus.denyRules);
-  const updated = { ...settings };
-  const remainingDeny = (settings.permissions?.deny ?? []).filter((rule) => !ownedSet.has(rule));
-  const permissions = { ...settings.permissions ?? {} };
-  if (remainingDeny.length > 0) permissions.deny = remainingDeny;
-  else delete permissions.deny;
-  if (Object.keys(permissions).length > 0) updated.permissions = permissions;
-  else delete updated.permissions;
-  const haus = { ...prevHaus };
-  delete haus.denyRules;
-  const stillTracking = (haus.hooks?.length ?? 0) > 0 || (haus.hookCommands?.length ?? 0) > 0 || (haus.allowRules?.length ?? 0) > 0;
-  if (stillTracking) updated._haus = haus;
-  else delete updated._haus;
-  return updated;
-}
-function stripHausHooks(settings) {
-  if (!settings._haus) return settings;
-  const ownedCommands = new Set(settings._haus.hookCommands ?? []);
-  const usePrefix = ownedCommands.size === 0;
-  const updated = { ...settings };
-  updated.hooks = {};
-  for (const [event, entries] of Object.entries(settings.hooks ?? {})) {
-    const kept = entries.filter((entry) => {
-      const cmd = entry.hooks[0]?.command ?? "";
-      return usePrefix ? !cmd.startsWith("haus ") : !ownedCommands.has(cmd);
-    });
-    if (kept.length > 0) updated.hooks[event] = kept;
-  }
-  const { _haus: _, ...rest } = updated;
-  void _;
-  return rest;
-}
-async function loadHooksFragment(fragmentPath) {
-  let raw;
-  try {
-    raw = await fs13.readJson(fragmentPath);
-  } catch {
-    return [];
-  }
-  const data = raw;
-  return Array.isArray(data?.hooks) ? data.hooks : [];
-}
-
 // src/install/apply.ts
 var SCHEMA_VERSION2 = "1";
 function hashContent(content2) {
@@ -3220,7 +3393,7 @@ function hashContent(content2) {
 function sourceVersion() {
   try {
     const pkgPath = path21.join(packageRoot(), "package.json");
-    const pkg = JSON.parse(fs14.readFileSync(pkgPath, "utf8"));
+    const pkg = JSON.parse(fs15.readFileSync(pkgPath, "utf8"));
     return `${pkg.name ?? "haus"}@${pkg.version ?? "0.0.0"}`;
   } catch {
     return "haus@0.0.0";
@@ -3232,10 +3405,10 @@ function globalSrcDir() {
 function collectSourceFiles(srcDir, claudeDir) {
   const entries = [];
   const skillsDir = path21.join(srcDir, "skills");
-  if (fs14.pathExistsSync(skillsDir)) {
-    for (const skillName of fs14.readdirSync(skillsDir)) {
+  if (fs15.pathExistsSync(skillsDir)) {
+    for (const skillName of fs15.readdirSync(skillsDir)) {
       const skillFile = path21.join(skillsDir, skillName, "SKILL.md");
-      if (fs14.pathExistsSync(skillFile)) {
+      if (fs15.pathExistsSync(skillFile)) {
         entries.push({
           stableId: `skill.${skillName}`,
           srcRelPath: path21.join("library", "global", "skills", skillName, "SKILL.md"),
@@ -3245,8 +3418,8 @@ function collectSourceFiles(srcDir, claudeDir) {
     }
   }
   const commandsDir = path21.join(srcDir, "commands");
-  if (fs14.pathExistsSync(commandsDir)) {
-    for (const fileName of fs14.readdirSync(commandsDir)) {
+  if (fs15.pathExistsSync(commandsDir)) {
+    for (const fileName of fs15.readdirSync(commandsDir)) {
       if (!fileName.endsWith(".md")) continue;
       const commandName = fileName.slice(0, -".md".length);
       entries.push({
@@ -3296,7 +3469,7 @@ async function applyInstall(options = {}) {
       }
       continue;
     }
-    const destExists = fs14.pathExistsSync(entry.destPath);
+    const destExists = fs15.pathExistsSync(entry.destPath);
     if (destExists) {
       const currentContent = await readText(entry.destPath);
       if (currentContent !== void 0) {
@@ -3343,13 +3516,13 @@ async function applyInstall(options = {}) {
     const currentDestPaths = new Set(sourceFiles.map((f) => f.destPath));
     for (const entry of existingManifest.files) {
       if (currentDestPaths.has(entry.destPath)) continue;
-      if (!fs14.pathExistsSync(entry.destPath)) continue;
+      if (!fs15.pathExistsSync(entry.destPath)) continue;
       const content2 = await readText(entry.destPath);
       if (!content2) continue;
       const hasHeader = parseMarkdownHeader(content2) !== void 0;
       const currentHash = hashContent(content2);
       if (hasHeader && currentHash === entry.hash) {
-        if (!dryRun) await fs14.remove(entry.destPath);
+        if (!dryRun) await fs15.remove(entry.destPath);
         result.deleted.push(entry.destPath);
       } else {
         warn(`Orphaned file ${entry.destPath} was user-modified \u2014 leaving in place`);
@@ -3452,10 +3625,14 @@ async function runRecommend(options) {
 
 // src/commands/refresh.ts
 async function runRefresh() {
-  const result = await scanProject(process.cwd(), "fast");
-  log("Haus scan complete");
-  log(`Roles: ${result.repoRoles.join(", ") || "unknown"}`);
-  log(`Package manager: ${result.packageManager}`);
+  const root = process.cwd();
+  const context = await scanProject(root, "fast");
+  const recommendation = await recommend(root, context);
+  await writeJson(hausPath(root, "recommendation.json"), recommendation);
+  log("Haus refresh complete");
+  log(`Roles: ${context.repoRoles.join(", ") || "unknown"}`);
+  log(`Package manager: ${context.packageManager}`);
+  log(`Recommended items: ${recommendation.recommended.length}`);
 }
 
 // src/commands/scan.ts
@@ -3473,35 +3650,128 @@ async function runScan(options) {
 
 // src/commands/undo.ts
 import path22 from "path";
-import fs15 from "fs-extra";
-var CLAUDE_DIR = ".claude";
+import fs16 from "fs-extra";
+
+// src/claude/managed-paths.ts
+var PROJECT_MANAGED_CLAUDE_REL = [
+  "rules/haus.md",
+  "rules/security.md",
+  "commands/haus-doctor.md",
+  "commands/haus-review.md"
+];
+var PROJECT_MANAGED_HAUS_REL = [
+  "selected-context.json",
+  "haus.lock.json",
+  "config.json"
+];
+function coreManagedAbsolutePaths(root) {
+  const claude = PROJECT_MANAGED_CLAUDE_REL.map((rel) => claudePath(root, rel));
+  const haus = PROJECT_MANAGED_HAUS_REL.map((rel) => hausPath(root, rel));
+  return [...claude, ...haus];
+}
+
+// src/commands/undo.ts
+async function collectManagedPaths(root) {
+  const paths = new Set(coreManagedAbsolutePaths(root));
+  const lock = await readJson(hausPath(root, "haus.lock.json"));
+  for (const row of lock ?? []) {
+    for (const rel of row.paths ?? []) {
+      paths.add(path22.resolve(root, rel));
+    }
+  }
+  const existing = [];
+  for (const abs of paths) {
+    if (await fs16.pathExists(abs)) existing.push(abs);
+  }
+  return existing;
+}
+async function settingsHasHausContent(root) {
+  const settingsPath = claudePath(root, "settings.json");
+  if (!await fs16.pathExists(settingsPath)) return false;
+  const settings = await readProjectSettings(root);
+  return settings._haus != null;
+}
+async function claudeMdHasHausBlock(root) {
+  const filePath = path22.join(root, "CLAUDE.md");
+  if (!await fs16.pathExists(filePath)) return false;
+  const text = await fs16.readFile(filePath, "utf8");
+  return text.includes(BLOCK_BEGIN);
+}
+async function stripProjectSettings(root) {
+  const settingsPath = claudePath(root, "settings.json");
+  if (!await fs16.pathExists(settingsPath)) return false;
+  let settings = await readProjectSettings(root);
+  settings = stripHausAllow(stripHausDeny(stripHausHooks(settings)));
+  const hasContent = Object.keys(settings).length > 0;
+  if (hasContent) {
+    await writeProjectSettings(root, settings);
+    log(`Stripped haus rules from ${path22.relative(root, settingsPath)} (user settings preserved).`);
+    return true;
+  }
+  await fs16.remove(settingsPath);
+  log(`Removed ${path22.relative(root, settingsPath)} (no user-owned settings remained).`);
+  return true;
+}
+async function stripRootClaudeMd(root) {
+  const filePath = path22.join(root, "CLAUDE.md");
+  if (!await fs16.pathExists(filePath)) return false;
+  const prev = await fs16.readFile(filePath, "utf8");
+  if (!prev.includes(BLOCK_BEGIN)) return false;
+  const next = stripHausBlock(prev);
+  if (next.length === 0) {
+    await fs16.remove(filePath);
+    log("Removed CLAUDE.md (only contained haus import block).");
+  } else {
+    await fs16.writeFile(filePath, next, "utf8");
+    log("Removed haus import block from CLAUDE.md (user content preserved).");
+  }
+  return true;
+}
+async function pruneDirIfEmpty(dir) {
+  if (!await fs16.pathExists(dir)) return;
+  const entries = await fs16.readdir(dir);
+  if (entries.length === 0) await fs16.remove(dir);
+}
 async function runUndo(options) {
   const root = process.cwd();
-  const targets = [path22.join(root, CLAUDE_DIR), path22.join(root, HAUS_DIR)];
-  const existing = targets.filter((p) => fs15.existsSync(p));
-  if (existing.length === 0) {
-    log("Nothing to remove: no .claude/ or .haus-workflow/ in this directory.");
+  const managed = await collectManagedPaths(root);
+  const stripSettings = await settingsHasHausContent(root);
+  const stripClaudeMd = await claudeMdHasHausBlock(root);
+  if (managed.length === 0 && !stripSettings && !stripClaudeMd) {
+    log("Nothing to remove: no haus-managed files found in this directory.");
     return;
   }
+  const relTargets = managed.map((p) => path22.relative(root, p));
+  const summaryParts = [...relTargets];
+  if (stripSettings) summaryParts.push(".claude/settings.json (haus rules only)");
+  if (stripClaudeMd) summaryParts.push("CLAUDE.md (haus import block only)");
   if (!options.yes) {
     const ok = await confirm(
-      `Remove ${existing.map((p) => path22.relative(root, p)).join(" and ")}? This cannot be undone.`
+      `Remove haus-managed files?
+  ${summaryParts.join("\n  ")}
+User-owned .claude/ files will be preserved.`
     );
     if (!ok) {
       log("Cancelled.");
       return;
     }
   }
-  for (const p of existing) {
-    await fs15.remove(p);
-    log(`Removed ${path22.relative(root, p)}`);
+  for (const abs of managed) {
+    if (!await fs16.pathExists(abs)) continue;
+    await fs16.remove(abs);
+    log(`Removed ${path22.relative(root, abs)}`);
   }
+  if (stripSettings) await stripProjectSettings(root);
+  if (stripClaudeMd) await stripRootClaudeMd(root);
+  await pruneDirIfEmpty(claudePath(root));
+  await pruneDirIfEmpty(hausPath(root));
+  log("haus undo complete. Scan artifacts under .haus-workflow/ were left in place.");
 }
 
 // src/install/uninstall.ts
 import crypto3 from "crypto";
 import path23 from "path";
-import fs16 from "fs-extra";
+import fs17 from "fs-extra";
 async function runUninstall(options = {}) {
   const { force = false } = options;
   const manifest = await readManifest();
@@ -3511,7 +3781,7 @@ async function runUninstall(options = {}) {
     return result;
   }
   for (const entry of manifest.files) {
-    const exists = fs16.pathExistsSync(entry.destPath);
+    const exists = fs17.pathExistsSync(entry.destPath);
     if (!exists) continue;
     const content2 = await readText(entry.destPath);
     if (content2 === void 0) continue;
@@ -3529,7 +3799,7 @@ async function runUninstall(options = {}) {
       result.skipped.push(entry.destPath);
       continue;
     }
-    await fs16.remove(entry.destPath);
+    await fs17.remove(entry.destPath);
     await pruneEmptyDir(path23.dirname(entry.destPath));
     result.deleted.push(entry.destPath);
   }
@@ -3539,12 +3809,12 @@ async function runUninstall(options = {}) {
   result.hooksStripped = true;
   const hausDir = path23.join(globalClaudeDir(), "haus");
   const manifestPath2 = hausManifestPath();
-  if (fs16.pathExistsSync(manifestPath2)) {
-    await fs16.remove(manifestPath2);
+  if (fs17.pathExistsSync(manifestPath2)) {
+    await fs17.remove(manifestPath2);
   }
-  if (fs16.pathExistsSync(hausDir)) {
-    const remaining = await fs16.readdir(hausDir);
-    if (remaining.length === 0) await fs16.remove(hausDir);
+  if (fs17.pathExistsSync(hausDir)) {
+    const remaining = await fs17.readdir(hausDir);
+    if (remaining.length === 0) await fs17.remove(hausDir);
   }
   return result;
 }
@@ -3563,8 +3833,8 @@ function printUninstallResult(result) {
 }
 async function pruneEmptyDir(dir) {
   try {
-    const entries = await fs16.readdir(dir);
-    if (entries.length === 0) await fs16.remove(dir);
+    const entries = await fs17.readdir(dir);
+    if (entries.length === 0) await fs17.remove(dir);
   } catch {
   }
 }
@@ -3616,7 +3886,17 @@ async function checkLock(root) {
     (item) => !item.version || normalizeVersion(item.version) !== null
   );
   const catalogRef = lock[0]?.catalogRef ?? null;
-  return { ok: lock.length > 0 && hasValidVersions, count: lock.length, catalogRef };
+  const drift = [];
+  for (const item of lock) {
+    if (!item.hash) continue;
+    const paths = Array.isArray(item.paths) ? item.paths.map(String) : [];
+    const actual = await hashInstalledPaths(root, paths);
+    if (item.hash !== actual) {
+      drift.push({ id: item.id, expected: item.hash, actual });
+    }
+  }
+  const ok = lock.length > 0 && hasValidVersions && drift.length === 0;
+  return { ok, count: lock.length, catalogRef, drift, driftCount: drift.length };
 }
 async function applyLock(root) {
   const lockPath = hausPath(root, "haus.lock.json");
@@ -3666,10 +3946,11 @@ async function runUpdate(options) {
   if (options.check) {
     const pkgJson2 = await readJson(path25.join(packageRoot(), "package.json"));
     const currentVersion2 = pkgJson2?.version ?? "0.0.0";
-    const [status, npmVersion, latestCatalogTag] = await Promise.all([
+    const [status, npmVersion, latestCatalogTag, globalInstallDrift] = await Promise.all([
       checkLock(root),
       fetchNpmVersionStatus(currentVersion2),
-      fetchLatestCatalogTag()
+      fetchLatestCatalogTag(),
+      detectGlobalInstallDrift()
     ]);
     const installedRef = status.catalogRef ?? "main";
     const catalogRefBehind = latestCatalogTag !== null && installedRef !== latestCatalogTag ? `installed from ${installedRef}, latest tag is ${latestCatalogTag}` : false;
@@ -3680,6 +3961,7 @@ async function runUpdate(options) {
           installedCatalogRef: installedRef,
           latestCatalogTag,
           catalogRefBehind,
+          globalInstallDrift,
           localOverrides: await hasLocalOverrides(root),
           summary: diffGeneratedFiles(),
           npmVersion
@@ -3689,6 +3971,7 @@ async function runUpdate(options) {
       )
     );
     if (!status.ok) process.exitCode = 1;
+    if (status.driftCount > 0) process.exitCode = 1;
     return;
   }
   const pkgJson = await readJson(path25.join(packageRoot(), "package.json"));
@@ -3701,7 +3984,7 @@ async function runUpdate(options) {
     log(`npm package up to date: ${currentVersion}`);
   }
   if (await hasLocalOverrides(root)) {
-    log("Local .claude overrides detected. Preserving local files; only lockfile updated.");
+    log("Existing .claude/settings.json \u2014 haus rules will be merged, not replaced.");
   }
   const { before, after } = await applyLock(root);
   log(diffLock(before, after));
@@ -3711,18 +3994,91 @@ async function runUpdate(options) {
   if (sync.newItems.length > 0) {
     log(`Catalog updated: ${sync.newItems.length} new item(s): ${sync.newItems.join(", ")}`);
     log("Run `haus recommend && haus apply --write` to install new skills.");
-  } else if (sync.unchanged > 0) {
+  }
+  if (sync.refreshed.length > 0) {
+    log(`Catalog refreshed: ${sync.refreshed.length} updated item(s): ${sync.refreshed.join(", ")}`);
+    log("Run `haus apply --write` to install refreshed skill content.");
+  }
+  if (sync.newItems.length === 0 && sync.refreshed.length === 0 && sync.unchanged > 0) {
     log(`Catalog up to date (${sync.unchanged} item(s) unchanged).`);
   }
   if (sync.failed.length > 0) {
     warn(`Failed to fetch ${sync.failed.length} item(s): ${sync.failed.join(", ")}`);
   }
+  await refreshGlobalInstall();
+  await refreshProjectFiles(root);
   log("Update applied with backup in .haus-workflow/backups/. Run haus doctor.");
 }
+async function refreshProjectFiles(root) {
+  log("Refreshing project .claude/ files...");
+  try {
+    const files = await refreshProjectApply(root);
+    if (files.length === 0) {
+      log("No prior haus project setup detected \u2014 skipped project re-apply.");
+      return;
+    }
+    log(`Project refreshed: ${files.length} managed path(s) updated.`);
+  } catch (err) {
+    warn(`Could not refresh project files: ${err instanceof Error ? err.message : String(err)}`);
+  }
+}
+async function refreshGlobalInstall() {
+  log("Refreshing ~/.claude/ global files...");
+  try {
+    const result = await applyInstall({});
+    const total = result.created.length + result.updated.length;
+    if (total > 0) {
+      log(`~/.claude refreshed: ${result.created.length} added, ${result.updated.length} updated.`);
+    } else {
+      log("~/.claude already up to date.");
+    }
+    if (result.skipped.length > 0) {
+      log(
+        `Preserved ${result.skipped.length} locally-edited file(s) (run \`haus install --force\` to overwrite).`
+      );
+    }
+  } catch (err) {
+    warn(`Could not refresh ~/.claude/: ${err instanceof Error ? err.message : String(err)}`);
+  }
+}
+async function detectGlobalInstallDrift() {
+  try {
+    const result = await applyInstall({ check: true });
+    return result.drift;
+  } catch {
+    return null;
+  }
+}
 
 // src/commands/validate-catalog.ts
-import fs17 from "fs";
+import fs18 from "fs";
 import path26 from "path";
+
+// src/catalog/forbidden-content.ts
+var PROSE_FORBIDDEN_TAGS = FORBIDDEN_TAGS.filter((t) => t.toLowerCase() !== "go");
+function escapeRegExp(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function extractUseWhenSection(text) {
+  const marker = "## Use when";
+  const idx = text.toLowerCase().indexOf(marker.toLowerCase());
+  if (idx < 0) return "";
+  const tail = text.slice(idx + marker.length);
+  const next = tail.search(/\n##\s+/);
+  return next < 0 ? tail : tail.slice(0, next);
+}
+function auditForbiddenTagsInText(text, label) {
+  const body = extractUseWhenSection(text);
+  if (!body.trim()) return [];
+  const failures = [];
+  for (const word of PROSE_FORBIDDEN_TAGS) {
+    const re = new RegExp(`\\b${escapeRegExp(word)}\\b`, "i");
+    if (re.test(body)) failures.push(`${label}: forbidden stack/tag "${word}" in content`);
+  }
+  return failures;
+}
+
+// src/commands/validate-catalog.ts
 function auditForbiddenStacks(items) {
   const failures = [];
   for (const item of items) {
@@ -3793,20 +4149,23 @@ function auditShippedFiles(manifestDir, items) {
     const absPath = path26.join(manifestDir, item.path);
     if (item.type === "skill") {
       const skillMd = path26.join(absPath, "SKILL.md");
-      if (!fs17.existsSync(skillMd)) {
+      if (!fs18.existsSync(skillMd)) {
         failures.push(`${item.id}: missing ${path26.relative(manifestDir, skillMd)}`);
         continue;
       }
-      const text = fs17.readFileSync(skillMd, "utf8");
+      const text = fs18.readFileSync(skillMd, "utf8");
       for (const section of REQUIRED_SKILL_SECTIONS) {
         if (!text.includes(section)) failures.push(`${item.id}: SKILL.md missing ${section}`);
       }
+      failures.push(
+        ...auditForbiddenTagsInText(text, `${item.id}: ${path26.relative(manifestDir, skillMd)}`)
+      );
     } else if (item.type === "agent") {
-      if (!fs17.existsSync(absPath)) {
+      if (!fs18.existsSync(absPath)) {
         failures.push(`${item.id}: missing agent file ${item.path}`);
         continue;
       }
-      const text = fs17.readFileSync(absPath, "utf8");
+      const text = fs18.readFileSync(absPath, "utf8");
       if (!text.startsWith("---")) failures.push(`${item.id}: agent file missing YAML frontmatter`);
       for (const section of REQUIRED_AGENT_SECTIONS) {
         if (!text.includes(section)) failures.push(`${item.id}: agent file missing ${section}`);
@@ -3816,22 +4175,47 @@ function auditShippedFiles(manifestDir, items) {
         if (lower.includes(phrase))
           failures.push(`${item.id}: agent file contains disallowed phrase "${phrase}"`);
       }
+      failures.push(
+        ...auditForbiddenTagsInText(text, `${item.id}: ${path26.relative(manifestDir, absPath)}`)
+      );
     } else if (item.type === "template") {
-      if (!fs17.existsSync(absPath)) {
+      if (!fs18.existsSync(absPath)) {
         failures.push(`${item.id}: missing template file ${item.path}`);
+        continue;
       }
+      failures.push(...auditTemplateContent(manifestDir, absPath, item.id));
     }
   }
   return failures;
 }
+function auditTemplateContent(manifestDir, absPath, itemId) {
+  const rel = path26.relative(manifestDir, absPath);
+  const text = fs18.readFileSync(absPath, "utf8");
+  const failures = [];
+  const lines = text.split(/\r?\n/);
+  for (let i = 0; i < lines.length; i++) {
+    const line2 = lines[i] ?? "";
+    if (PLACEHOLDER_PATTERN.test(line2)) {
+      failures.push(`${rel}:${i + 1}: TODO or placeholder in shipped content`);
+    }
+    if (RISKY_INSTALL_PATTERNS.some((re) => re.test(line2))) {
+      failures.push(`${rel}:${i + 1}: risky install pattern`);
+    }
+    if (ANY_NPX_PATTERN.test(line2) && !ALLOWED_NPX_PATTERN.test(line2)) {
+      failures.push(`${rel}:${i + 1}: disallowed npx (only npx tsx allowed)`);
+    }
+  }
+  failures.push(...auditForbiddenTagsInText(text, `${itemId}: ${rel}`));
+  return failures;
+}
 function auditMarkdownContent(manifestDir) {
   const failures = [];
-  const dirs = ["skills", "agents"];
+  const dirs = ["skills", "agents", "templates"];
   for (const dir of dirs) {
     const abs = path26.join(manifestDir, dir);
-    if (!fs17.existsSync(abs)) continue;
+    if (!fs18.existsSync(abs)) continue;
     walkMd(abs, (file) => {
-      const text = fs17.readFileSync(file, "utf8");
+      const text = fs18.readFileSync(file, "utf8");
       const rel = path26.relative(manifestDir, file);
       const lines = text.split(/\r?\n/);
       for (let i = 0; i < lines.length; i++) {
@@ -3846,12 +4230,15 @@ function auditMarkdownContent(manifestDir) {
           failures.push(`${rel}:${i + 1}: disallowed npx (only npx tsx allowed)`);
         }
       }
+      if (!rel.includes("/references/")) {
+        failures.push(...auditForbiddenTagsInText(text, rel));
+      }
     });
   }
   return failures;
 }
 function walkMd(dir, fn) {
-  for (const entry of fs17.readdirSync(dir, { withFileTypes: true })) {
+  for (const entry of fs18.readdirSync(dir, { withFileTypes: true })) {
     const full = path26.join(dir, entry.name);
     if (entry.isDirectory()) walkMd(full, fn);
     else if (entry.name.endsWith(".md")) fn(full);
@@ -4254,7 +4641,7 @@ import path32 from "path";
 
 // src/claude/write-workspace-claude-md.ts
 import path31 from "path";
-import fs18 from "fs-extra";
+import fs19 from "fs-extra";
 function buildWorkspaceImportBlock(client, members) {
   const memberLines = members.map((m) => `- ${m.name} (${m.path})`);
   const body = [
@@ -4273,7 +4660,7 @@ async function writeWorkspaceClaudeMd(workspaceRoot, opts) {
   const block = buildWorkspaceImportBlock(opts.client, opts.members);
   const dryRun = opts.dryRun ?? false;
   const filePath = opts.collision ? hausPath(workspaceRoot, "WORKSPACE.md") : path31.join(workspaceRoot, "CLAUDE.md");
-  const prev = await fs18.pathExists(filePath) ? await fs18.readFile(filePath, "utf8") : "";
+  const prev = await fs19.pathExists(filePath) ? await fs19.readFile(filePath, "utf8") : "";
   const next = opts.collision ? `${block}
 ` : injectHausBlock(prev, block);
   const printable = displayPath(workspaceRoot, filePath);