@hegemonart/get-design-done 1.13.3 → 1.14.2

package/hooks/budget-enforcer.js

@@ -32,6 +32,7 @@ const { spawn } = require('child_process');
 const BUDGET_PATH = path.join(process.cwd(), '.design', 'budget.json');
 const MANIFEST_PATH = path.join(process.cwd(), '.design', 'cache-manifest.json');
 const TELEMETRY_PATH = path.join(process.cwd(), '.design', 'telemetry', 'costs.jsonl');
+const PHASE_TOTALS_PATH = path.join(process.cwd(), '.design', 'telemetry', 'phase-totals.json');
 const STATE_PATH = path.join(process.cwd(), '.design', 'STATE.md');
 
 // ---- budget.json loader with defaults per D-12 ----
@@ -49,8 +50,18 @@ function loadBudget() {
   catch { return defaults; }
 }
 
-// ---- cumulative phase spend from telemetry (D-02 per_phase_cap_usd check) ----
+// ---- cumulative phase spend (WR-02) ----
+// Reads from the lightweight phase-totals.json written by aggregate-agent-metrics.js
+// instead of replaying the full costs.jsonl on every hook invocation.
+// Falls back to 0 when the file doesn't exist yet (early in a session).
 function currentPhaseSpend(phase) {
+  if (fs.existsSync(PHASE_TOTALS_PATH)) {
+    try {
+      const data = JSON.parse(fs.readFileSync(PHASE_TOTALS_PATH, 'utf8'));
+      return Number(data.totals?.[phase] || 0);
+    } catch { /* fall through */ }
+  }
+  // Fallback: replay JSONL when phase-totals.json not yet written (first spawn of session).
   if (!fs.existsSync(TELEMETRY_PATH)) return 0;
   const lines = fs.readFileSync(TELEMETRY_PATH, 'utf8').split(/\r?\n/).filter(Boolean);
   let sum = 0;
@@ -118,7 +129,7 @@ function spawnAggregator() {
       cwd: process.cwd(),
       detached: true,
       stdio: 'ignore',
-      env: process.env,
+      env: { PATH: process.env.PATH },  // IN-02: minimal env; aggregator needs no secrets
     });
     child.unref();
   } catch {

package/hooks/gdd-read-injection-scanner.js

@@ -6,16 +6,11 @@
  */
 
 const readline = require('readline');
+const path = require('path');
+const { INJECTION_PATTERNS: RAW_PATTERNS } = require(path.join(__dirname, '..', 'scripts', 'injection-patterns.cjs'));
 
-const INJECTION_PATTERNS = [
-  /ignore\s+(all\s+)?(previous|prior|above)\s+instructions?/i,
-  /disregard\s+(all\s+)?(previous|prior|above)\s+instructions?/i,
-  /you\s+are\s+now\s+a\s+different/i,
-  /system\s*:\s*you\s+are/i,
-  /<\s*\/?\s*(system|assistant|human)\s*>/i,
-  /\[INST\]/i,
-  /###\s*instruction/i,
-];
+// The hook needs bare RegExp objects; extract them from the shared {name,re} entries.
+const INJECTION_PATTERNS = RAW_PATTERNS.map(p => p.re);
 
 async function main() {
   const rl = readline.createInterface({ input: process.stdin });

package/hooks/update-check.sh

@@ -165,6 +165,14 @@ if [ "${BASH_SOURCE[0]}" = "$0" ]; then
       BODY_EXCERPT="$(printf '%s' "${RAW}" | extract_body)"
       # Strip control chars defensively (T-13.3-03)
       BODY_EXCERPT="$(printf '%s' "${BODY_EXCERPT}" | tr -d '\000-\010\013\014\016-\037')"
+      # Strip double-quotes so the JSON round-trip sed read-back cannot be injected via a
+      # crafted release body. Body is display-only — losing quotes is acceptable.
+      BODY_EXCERPT="$(printf '%s' "${BODY_EXCERPT}" | tr -d '"')"
+      # Validate LATEST_TAG is a safe semver string before trusting it (CR-02).
+      if ! printf '%s' "${LATEST_TAG}" | grep -qE '^v?[0-9]+\.[0-9]+(\.[0-9]+)*$'; then
+        log "LATEST_TAG '${LATEST_TAG}' failed semver safety check — aborting cache write"
+        LATEST_TAG=""
+      fi
       if [ -n "${LATEST_TAG}" ]; then
         read -r DELTA_STATE DELTA_KIND <<EOF
 $(classify_delta "${DISPLAY_CURRENT}" "${LATEST_TAG}")
@@ -195,6 +203,11 @@ EOF
 
   C_LATEST="$(grep -E '"latest_tag"' "${CACHE}" 2>/dev/null | head -n1 | sed -E 's/.*"latest_tag"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/')"
   C_DELTA="$(grep -E '"delta"' "${CACHE}" 2>/dev/null | head -n1 | sed -E 's/.*"delta"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/')"
+  # Allowlist-gate C_DELTA before it reaches any shell context (WR-04).
+  case "${C_DELTA:-}" in
+    major|minor|patch|off-cadence|none) : ;;
+    *) C_DELTA="unknown" ;;
+  esac
   C_NEWER="$(grep -E '"is_newer"' "${CACHE}" 2>/dev/null | head -n1 | sed -E 's/.*"is_newer"[[:space:]]*:[[:space:]]*(true|false).*/\1/')"
   C_BODY="$(grep -E '"changelog_excerpt"' "${CACHE}" 2>/dev/null | head -n1 | sed -E 's/.*"changelog_excerpt"[[:space:]]*:[[:space:]]*"(.*)".*/\1/' | sed -E 's/\\n/\n/g')"
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hegemonart/get-design-done",
-  "version": "1.13.3",
+  "version": "1.14.2",
   "description": "A Claude Code plugin for systematic design improvement",
   "author": "Hegemon",
   "homepage": "https://github.com/hegemonart/get-design-done",
@@ -25,6 +25,9 @@
     "CHANGELOG.md",
     "LICENSE"
   ],
+  "bin": {
+    "get-design-done": "./scripts/install.cjs"
+  },
   "publishConfig": {
     "access": "public",
     "provenance": true

package/reference/ai-native-tool-interface.md

@@ -0,0 +1,102 @@
+# AI-Native Design Tool Interface — Capability Contract
+
+This file defines the capability-based contract that AI-native design tools must implement to integrate with the get-design-done pipeline. Two sub-categories are defined: **canvas** and **component-generator**. Future tools implement one sub-category and plug in via the same probe/read/write or probe/generate/adopt surface.
+
+---
+
+## Sub-Categories
+
+### Canvas Tools
+
+Canvas tools treat the design canvas as both source AND destination. They expose a bidirectional read+write surface.
+
+**Contract:**
+
+```
+probe()  → { available | unavailable | not_configured }
+
+read(selection) → {
+  jsx:        string,      // React JSX of component tree
+  styles:     object,      // computed CSS styles
+  screenshot: base64_png,  // visual snapshot
+  metadata:   object       // component name, bounds, id
+}
+
+write(proposal) → { confirmed | rejected }
+```
+
+**Implementations:**
+- `connections/paper-design.md` — MCP-based; 24-tool server; budget: 100 calls/week (free)
+- `connections/pencil-dev.md` — file-based; `.pen` YAML spec files; git-tracked; no MCP
+
+**Pipeline stages:** `explore` (read) + `verify` (screenshot) + `design` (write via writer agent)
+
+---
+
+### Component Generators
+
+Component generators produce UI component code from a natural-language description and an optional design-system target. They expose a generative one-way (or roundtrip) surface.
+
+**Contract:**
+
+```
+probe() → { available | unavailable | not_configured }
+
+generate(description: string, ds: "shadcn"|"tailwind"|"mantine"|"chakra") → {
+  code:        string,   // component source code
+  preview_url: string,   // hosted preview URL
+  variants:    array,    // multiple generated variations
+  component_id: string   // for adopt/annotate operations
+}
+
+adopt(variant: object) → { confirmed | rejected }
+```
+
+**Implementations:**
+- `connections/21st-dev.md` — Magic MCP; `npx @21st-dev/magic@latest init`; marketplace prior-art gate
+- `connections/magic-patterns.md` — Claude connector (`mcp__magic_patterns*`) + API key fallback; DS-aware generation
+
+**Pipeline stages:** `explore` (prior-art gate for 21st.dev) + `design` (generate + adopt)
+
+---
+
+## Shared Probe Pattern
+
+All AI-native tools use the three-value status schema from `connections/connections.md`:
+
+| Status | Meaning |
+|--------|---------|
+| `available` | Tool confirmed present and responsive |
+| `unavailable` | Tool present but errored (rate-limited, auth failure) |
+| `not_configured` | ToolSearch returned empty or no .pen files found |
+
+STATE.md format: `<tool-name>: <status>` in the `<connections>` block.
+
+---
+
+## Extending with Future Tools
+
+To add a new AI-native design tool:
+
+1. Determine sub-category: **canvas** (bidirectional design source) or **component-generator** (code generator).
+2. Create `connections/<tool-name>.md` following the frozen template in `connections/figma.md`.
+3. Implement `probe()` using ToolSearch or file-based check. Write status to STATE.md.
+4. For **canvas**: expose `read()` and `write()` surfaces via the corresponding agent.
+5. For **component-generator**: implement `generate()` and `adopt()` in `agents/design-component-generator.md` as a new `<!-- impl: <tool> -->` section.
+6. Add a row to `connections/connections.md` capability matrix with `canvas` or `generator` column marked.
+7. Append to `test-fixture/baselines/current/connection-list.txt` in sorted order.
+
+---
+
+## Candidate Tools (Backlog)
+
+| Tool | Sub-category | Priority | Notes |
+|------|-------------|----------|-------|
+| Subframe | canvas | high | MCP-based; production-ready components; check for `mcp__subframe*` |
+| v0.dev | generator | high | Vercel product; generates shadcn/tailwind; check for `mcp__v0*` |
+| Galileo AI | generator | medium | Enterprise DS generation; API key required |
+| Builder.io Visual Copilot | canvas + generator | medium | Figma plugin + code export; check for `mcp__builder*` |
+| Locofy | generator | low | Figma→React/Next.js; Figma plugin-based |
+| Anima | canvas | low | Figma→React; Figma plugin-based |
+| Plasmic | generator | medium | Headless CMS + visual builder; `mcp__plasmic*` |
+| TeleportHQ | generator | low | Code export + collaboration |

package/scripts/aggregate-agent-metrics.js

@@ -25,6 +25,7 @@ const os = require('os');
 const CWD = process.cwd();
 const TELEMETRY_PATH = path.join(CWD, '.design', 'telemetry', 'costs.jsonl');
 const METRICS_PATH = path.join(CWD, '.design', 'agent-metrics.json');
+const PHASE_TOTALS_PATH = path.join(CWD, '.design', 'telemetry', 'phase-totals.json');
 const AGENTS_DIR = path.join(CWD, 'agents');
 
 // ---- frontmatter reader (no YAML dep) ----
@@ -124,6 +125,18 @@ function writeAtomic(filePath, content) {
   fs.renameSync(tmp, filePath);
 }
 
+// ---- phase totals aggregator (WR-02: avoids full JSONL replay in budget enforcer) ----
+function aggregateByPhase(rows) {
+  const byPhase = {};
+  for (const r of rows) {
+    const phase = r.phase || 'unknown';
+    byPhase[phase] = (byPhase[phase] || 0) + Number(r.est_cost_usd || 0);
+  }
+  // Round to 6dp to match per-agent precision
+  for (const k of Object.keys(byPhase)) byPhase[k] = Number(byPhase[k].toFixed(6));
+  return byPhase;
+}
+
 // ---- main ----
 function main() {
   const rows = readTelemetryRows();
@@ -133,6 +146,13 @@ function main() {
     agents,
   };
   writeAtomic(METRICS_PATH, JSON.stringify(payload, null, 2) + '\n');
+  // Write lightweight phase-totals.json so budget-enforcer can read phase spend
+  // in O(1) without replaying the full JSONL on every agent spawn (WR-02).
+  const phaseTotals = {
+    generated_at: new Date().toISOString(),
+    totals: aggregateByPhase(rows),
+  };
+  writeAtomic(PHASE_TOTALS_PATH, JSON.stringify(phaseTotals, null, 2) + '\n');
 }
 
 try {

package/scripts/build-intel.cjs

@@ -17,7 +17,7 @@
 
 const fs = require('fs');
 const path = require('path');
-const { execSync } = require('child_process');
+const { spawnSync } = require('child_process');
 
 const ROOT = process.cwd();
 const INTEL_DIR = path.join(ROOT, '.design', 'intel');
@@ -46,15 +46,23 @@ function writeSlice(name, data) {
 
 function gitHash(filePath) {
   try {
-    return execSync(`git log -1 --format=%h -- "${filePath}"`, { stdio: ['pipe', 'pipe', 'ignore'] })
-      .toString().trim() || 'untracked';
+    const r = spawnSync('git', ['log', '-1', '--format=%h', '--', filePath], {
+      stdio: ['pipe', 'pipe', 'ignore'],
+      encoding: 'utf8',
+      timeout: 5000,
+    });
+    return r.stdout.trim() || 'untracked';
   } catch { return 'untracked'; }
 }
 
 function headHash() {
   try {
-    return execSync('git rev-parse --short HEAD', { stdio: ['pipe', 'pipe', 'ignore'] })
-      .toString().trim();
+    const r = spawnSync('git', ['rev-parse', '--short', 'HEAD'], {
+      stdio: ['pipe', 'pipe', 'ignore'],
+      encoding: 'utf8',
+      timeout: 5000,
+    });
+    return r.stdout.trim() || 'unknown';
   } catch { return 'unknown'; }
 }
 

package/scripts/injection-patterns.cjs

@@ -0,0 +1,17 @@
+'use strict';
+// Shared prompt-injection patterns — single source of truth for both
+// hooks/gdd-read-injection-scanner.js (runtime hook) and
+// scripts/run-injection-scanner-ci.cjs (CI scanner).
+// Add new patterns here; both consumers pick them up automatically.
+
+const INJECTION_PATTERNS = [
+  { name: 'ignore previous',         re: /ignore\s+(all\s+)?(previous|prior|above)\s+instructions?/i },
+  { name: 'disregard previous',      re: /disregard\s+(all\s+)?(previous|prior|above)\s+instructions?/i },
+  { name: 'you are now a different', re: /you\s+are\s+now\s+a\s+different/i },
+  { name: 'system: you are',         re: /system\s*:\s*you\s+are/i },
+  { name: 'role tag injection',      re: /<\s*\/?\s*(system|assistant|human)\s*>/i },
+  { name: '[INST] fragment',         re: /\[INST\]/i },
+  { name: '### instruction fragment',re: /###\s*instruction/i },
+];
+
+module.exports = { INJECTION_PATTERNS };

package/scripts/run-injection-scanner-ci.cjs

@@ -13,16 +13,7 @@ const path = require('path');
 
 const REPO_ROOT = path.resolve(__dirname, '..');
 
-// Patterns mirror hooks/gdd-read-injection-scanner.js.
-const INJECTION_PATTERNS = [
-  { name: 'ignore previous', re: /ignore\s+(all\s+)?(previous|prior|above)\s+instructions?/i },
-  { name: 'disregard previous', re: /disregard\s+(all\s+)?(previous|prior|above)\s+instructions?/i },
-  { name: 'you are now a different', re: /you\s+are\s+now\s+a\s+different/i },
-  { name: 'system: you are', re: /system\s*:\s*you\s+are/i },
-  { name: 'role tag injection', re: /<\s*\/?\s*(system|assistant|human)\s*>/i },
-  { name: '[INST] fragment', re: /\[INST\]/i },
-  { name: '### instruction fragment', re: /###\s*instruction/i },
-];
+const { INJECTION_PATTERNS } = require('./injection-patterns.cjs');
 
 function walkMd(dir, out) {
   if (!fs.existsSync(dir)) return;

package/scripts/tests/test-authority-watcher-diff.sh

@@ -35,7 +35,11 @@ fi
 
 # Count actual fixture files (should be 4 frozen feeds + 1 README; we only
 # care that at least one XML/JSON fixture is present).
-FIXTURE_COUNT=$(find "$FIXTURE_DIR" -maxdepth 1 -type f \( -name '*.atom' -o -name '*.rss' -o -name '*.json' \) | wc -l | tr -d ' ')
+# Use null-delimited find to handle filenames with spaces/newlines (WR-05).
+FIXTURE_COUNT=0
+while IFS= read -r -d '' _f; do
+  FIXTURE_COUNT=$((FIXTURE_COUNT + 1))
+done < <(find "$FIXTURE_DIR" -maxdepth 1 -type f \( -name '*.atom' -o -name '*.rss' -o -name '*.json' \) -print0)
 if [ "$FIXTURE_COUNT" -lt 1 ]; then
   echo "FAIL: $FIXTURE_DIR contains no feed fixtures (.atom/.rss/.json)." >&2
   exit 1

package/skills/check-update/SKILL.md

@@ -35,6 +35,8 @@ Flags can be combined: `--refresh --prompt` is valid (re-fetch, then enrich). `-
     - Print: `No cache. Network may be unreachable or the hook has not run yet. Try /gdd:check-update --refresh.`
     - Exit.
 
+<!-- markdownlint-disable MD025 -->
+
 4. **Dismiss path** (if `--dismiss` in flags):
     Compute new config contents and write atomically. The python heredoc receives CONFIG_PATH and LATEST_TAG via the ENVIRONMENT (env-prefix form — `KEY=VALUE python3 <<PY`), NOT via trailing argv. Passing `python3 -c '...' KEY=VALUE` makes Python treat the assignments as `sys.argv`, which the old draft did incorrectly; env-prefix form is the portable fix.
 

package/skills/explore/SKILL.md

@@ -31,7 +31,59 @@ Empty → refero: not_configured
 Non-empty → refero: available
 ```
 
-Write results to STATE.md `<connections>`.
+**C — 21st.dev probe:**
+```
+ToolSearch({ query: "mcp__21st", max_results: 5 })
+Empty → 21st-dev: not_configured
+Non-empty → 21st-dev: available
+```
+
+**D — Magic Patterns probe:**
+```
+ToolSearch({ query: "mcp__magic_patterns", max_results: 5 })
+Empty → magic-patterns: not_configured
+Non-empty → magic-patterns: available
+```
+
+**E — paper.design probe:**
+```
+ToolSearch({ query: "mcp__paper", max_results: 5 })
+Empty → paper-design: not_configured
+Non-empty → call mcp__paper-design__get_selection; success → available; error → unavailable
+```
+
+**F — pencil.dev probe (file-based):**
+```bash
+find . -name "*.pen" -not -path "*/node_modules/*" 2>/dev/null | head -1
+Empty → pencil-dev: not_configured
+Found → pencil-dev: available
+```
+
+Write all results to STATE.md `<connections>`.
+
+## Step 1.5 — 21st.dev Prior-Art Check (when 21st-dev: available)
+
+If `21st-dev: not_configured` in STATE.md: skip this step entirely.
+
+When the explore stage identifies any greenfield component in scope (component name from BRIEF.md or user request that does not yet have an implementation file):
+
+1. `21st_magic_component_search(component_name, limit: 3)`
+2. Evaluate top result:
+   - **fit ≥ 80%**: add `<prior-art>` block to DESIGN.md:
+     ```xml
+     <prior-art source="21st.dev" component="<name>" fit="<score>%" id="<component_id>">
+       Recommendation: adopt — do not build custom. Confirm with design-executor.
+     </prior-art>
+     ```
+   - **fit < 80%**: note top candidate in DESIGN.md as a reference, proceed with custom build:
+     ```xml
+     <prior-art source="21st.dev" component="<name>" fit="<score>%" id="<component_id>">
+       Low fit — noted for reference. Building custom component.
+     </prior-art>
+     ```
+3. If `svgl_get_brand_logo` is available and explore scope includes brand logo assets: call `svgl_get_brand_logo(brand_name)` for each required brand asset; add SVG results to `.design/assets/` and note in DESIGN.md.
+
+If no greenfield components in scope: skip this step.
 
 ## Step 2 — Inventory scan (unless `--skip-scan`)
 

package/reference/BRANCH-PROTECTION.md

@@ -1,65 +0,0 @@
-# Branch Protection — Two-Phase Rollout
-
-Per D-16 / D-17: branch protection on `main` is rolled out in two phases. The
-repo admin applies each phase manually via `scripts/apply-branch-protection.sh`
-(no CI automation — avoids leaking repo admin credentials).
-
-## Phase A — Advisory (initial state)
-
-Status checks **run** on every push, but they are **not required to merge**.
-This is the default posture while CI stabilizes and baselines are established.
-
-Apply:
-
-```bash
-bash scripts/apply-branch-protection.sh --advisory
-```
-
-Effects:
-
-- Required status checks: **none** (checks run but don't block)
-- `main` accepts direct pushes (the solo maintainer's existing workflow)
-- Force-push: allowed by admins
-
-## Phase B — Enforcing (after first clean release)
-
-After the first full release cycle ships clean (plan 13-06 / 13-07 smoke test
-passes on a real tag + GitHub Release), tighten to enforcing.
-
-Apply:
-
-```bash
-bash scripts/apply-branch-protection.sh --enforcing
-```
-
-Effects:
-
-- Required status checks (all must pass to merge):
-  - `Lint (markdown + frontmatter + stale-refs)`
-  - `Validate (schemas + plugin + shellcheck)`
-  - `Test (Node 22 / ubuntu-latest)`
-  - `Test (Node 22 / macos-latest)`
-  - `Test (Node 22 / windows-latest)`
-  - `Test (Node 24 / ubuntu-latest)`
-  - `Test (Node 24 / macos-latest)`
-  - `Test (Node 24 / windows-latest)`
-  - `Security (secrets + injection scan)`
-  - `Size budget (blocking)`
-- Require linear history (no merge commits)
-- Disallow force-push
-- Admins still bypass for emergency fixes (logged)
-
-## When to promote Phase A → Phase B
-
-- [ ] Wave A + B of Phase 13 merged to main
-- [ ] `release.yml` (plan 13-06) merged and triggered at least once successfully
-- [ ] Release smoke test (plan 13-07) passed on a real tag
-- [ ] Baseline lock (plan 13-08) committed
-
-When all four are true, run `apply-branch-protection.sh --enforcing`.
-
-## Rollback
-
-To revert either phase: `apply-branch-protection.sh --disable` removes all
-protection rules. Use only if a protection misconfiguration is blocking a
-legitimate merge.

package/scripts/apply-branch-protection.sh

@@ -1,75 +0,0 @@
-#!/usr/bin/env bash
-# apply-branch-protection.sh — manually apply branch protection to `main`.
-# Per D-16: this script is run by the repo admin locally, NOT from CI.
-# Usage:
-#   bash scripts/apply-branch-protection.sh --advisory
-#   bash scripts/apply-branch-protection.sh --enforcing
-#   bash scripts/apply-branch-protection.sh --disable
-
-set -euo pipefail
-
-MODE="${1:-}"
-REPO="${GITHUB_REPOSITORY:-hegemonart/get-design-done}"
-
-if ! command -v gh >/dev/null 2>&1; then
-  echo "ERROR: gh CLI not found. Install from https://cli.github.com/"
-  exit 1
-fi
-
-case "$MODE" in
-  --advisory)
-    echo "Applying ADVISORY branch protection to $REPO main..."
-    gh api -X PUT "repos/${REPO}/branches/main/protection" \
-      -H "Accept: application/vnd.github+json" \
-      -f "required_status_checks=null" \
-      -F "enforce_admins=false" \
-      -f "required_pull_request_reviews=null" \
-      -F "restrictions=null" \
-      -F "required_linear_history=false" \
-      -F "allow_force_pushes=true" \
-      -F "allow_deletions=false"
-    echo "Advisory mode applied. CI checks will run but not block merges."
-    ;;
-  --enforcing)
-    echo "Applying ENFORCING branch protection to $REPO main..."
-    # Status check names must match the `name:` field of each job exactly.
-    # See reference/BRANCH-PROTECTION.md §Phase B for the authoritative list.
-    gh api -X PUT "repos/${REPO}/branches/main/protection" \
-      -H "Accept: application/vnd.github+json" \
-      --input - <<'JSON'
-{
-  "required_status_checks": {
-    "strict": true,
-    "contexts": [
-      "Lint (markdown + frontmatter + stale-refs)",
-      "Validate (schemas + plugin + shellcheck)",
-      "Test (Node 22 / ubuntu-latest)",
-      "Test (Node 22 / macos-latest)",
-      "Test (Node 22 / windows-latest)",
-      "Test (Node 24 / ubuntu-latest)",
-      "Test (Node 24 / macos-latest)",
-      "Test (Node 24 / windows-latest)",
-      "Security (secrets + injection scan)",
-      "Size budget (blocking)"
-    ]
-  },
-  "enforce_admins": false,
-  "required_pull_request_reviews": null,
-  "restrictions": null,
-  "required_linear_history": true,
-  "allow_force_pushes": false,
-  "allow_deletions": false
-}
-JSON
-    echo "Enforcing mode applied. CI must pass before merge; linear history required."
-    ;;
-  --disable)
-    echo "Removing branch protection from $REPO main..."
-    gh api -X DELETE "repos/${REPO}/branches/main/protection" || true
-    echo "Protection removed."
-    ;;
-  *)
-    echo "Usage: $0 --advisory | --enforcing | --disable"
-    exit 1
-    ;;
-esac