npm - @hiveai/cli - Versions diffs - 0.9.8 → 0.9.9 - Mend

@hiveai/cli 0.9.8 → 0.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,11 +1,11 @@
 #!/usr/bin/env node
 // src/index.ts
-import { Command as Command48 } from "commander";
+import { Command as Command49 } from "commander";
 // src/commands/briefing.ts
 import { existsSync } from "fs";
-import { readFile } from "fs/promises";
+import { mkdir, readFile } from "fs/promises";
 import path from "path";
 import "commander";
 import {
@@ -21,7 +21,8 @@ import {
   resolveBriefingBudget,
   resolveHaivePaths,
   tokenizeQuery,
-  trackReads
+  trackReads,
+  writeBriefingMarker
 } from "@hiveai/core";
 // src/utils/ui.ts
@@ -197,7 +198,7 @@ async function getHotFiles(root, daysBack, maxHotFiles, filePaths) {
       if (!f) continue;
       counts.set(f, (counts.get(f) ?? 0) + 1);
     }
-    let entries = [...counts.entries()].map(([path45, changes]) => ({ path: path45, changes }));
+    let entries = [...counts.entries()].map(([path46, changes]) => ({ path: path46, changes }));
     const lowerPaths = filePaths.map((p) => p.toLowerCase());
     if (lowerPaths.length > 0) {
       entries = entries.filter((e) => lowerPaths.some((p) => e.path.toLowerCase().includes(p)));
@@ -307,6 +308,15 @@ function registerBriefing(program2) {
   ).option("-d, --dir <dir>", "project root").action(async (opts) => {
     const root = findProjectRoot(opts.dir);
     const paths = resolveHaivePaths(root);
+    if (existsSync(paths.haiveDir)) {
+      await mkdir(paths.runtimeDir, { recursive: true });
+      await writeBriefingMarker(paths, {
+        task: opts.task ?? "CLI briefing",
+        source: "haive-briefing-cli",
+        sessionId: process.env.HAIVE_SESSION_ID
+      }).catch(() => {
+      });
+    }
     let budgetPreset = null;
     if (opts.budget) {
       const b = opts.budget.trim().toLowerCase();
@@ -710,7 +720,7 @@ function registerIndexCode(program2) {
 }
 // src/commands/init.ts
-import { mkdir as mkdir3, readFile as readFile4, writeFile as writeFile3 } from "fs/promises";
+import { mkdir as mkdir4, readFile as readFile4, writeFile as writeFile3 } from "fs/promises";
 import { existsSync as existsSync6 } from "fs";
 import path7 from "path";
 import { spawnSync } from "child_process";
@@ -1052,7 +1062,7 @@ async function generateBootstrapContext(root) {
 }
 // src/commands/init-mcp-setup.ts
-import { readFile as readFile3, writeFile, mkdir } from "fs/promises";
+import { readFile as readFile3, writeFile, mkdir as mkdir2 } from "fs/promises";
 import { existsSync as existsSync4 } from "fs";
 import path5 from "path";
 import os from "os";
@@ -1085,7 +1095,7 @@ async function configureCursor() {
   config.mcpServers ??= {};
   if (config.mcpServers["haive"]) return { client: "Cursor", status: "already_configured" };
   config.mcpServers["haive"] = HAIVE_MCP_ENTRY;
-  await mkdir(cursorDir, { recursive: true });
+  await mkdir2(cursorDir, { recursive: true });
   await writeFile(mcpPath, JSON.stringify(config, null, 2), "utf8");
   return { client: "Cursor", status: "configured", path: mcpPath };
 }
@@ -1117,7 +1127,7 @@ async function configureVSCode() {
   config.servers ??= {};
   if (config.servers["haive"]) return { client: "VS Code", status: "already_configured" };
   config.servers["haive"] = { ...HAIVE_MCP_ENTRY, type: "stdio" };
-  await mkdir(path5.dirname(mcpPath), { recursive: true });
+  await mkdir2(path5.dirname(mcpPath), { recursive: true });
   await writeFile(mcpPath, JSON.stringify(config, null, 2), "utf8");
   return { client: "VS Code", status: "configured", path: mcpPath };
 }
@@ -1169,7 +1179,7 @@ async function configureWindsurf() {
   config.mcpServers ??= {};
   if (config.mcpServers["haive"]) return { client: "Windsurf", status: "already_configured" };
   config.mcpServers["haive"] = HAIVE_MCP_ENTRY;
-  await mkdir(path5.dirname(mcpPath), { recursive: true });
+  await mkdir2(path5.dirname(mcpPath), { recursive: true });
   await writeFile(mcpPath, JSON.stringify(config, null, 2), "utf8");
   return { client: "Windsurf", status: "configured", path: mcpPath };
 }
@@ -1200,7 +1210,7 @@ async function configureProjectMcpClients(root) {
     }
     config.mcpServers ??= {};
     config.mcpServers["haive"] = entry;
-    await mkdir(path5.dirname(cursorPath), { recursive: true });
+    await mkdir2(path5.dirname(cursorPath), { recursive: true });
     await writeFile(cursorPath, JSON.stringify(config, null, 2) + "\n", "utf8");
     results.push({ client: "Cursor (project)", status: "configured", path: cursorPath });
   } catch (err) {
@@ -1217,7 +1227,7 @@ async function configureProjectMcpClients(root) {
     }
     config.servers ??= {};
     config.servers["haive"] = { ...entry, type: "stdio" };
-    await mkdir(path5.dirname(vscodePath), { recursive: true });
+    await mkdir2(path5.dirname(vscodePath), { recursive: true });
     await writeFile(vscodePath, JSON.stringify(config, null, 2) + "\n", "utf8");
     results.push({ client: "VS Code (workspace)", status: "configured", path: vscodePath });
   } catch (err) {
@@ -1243,7 +1253,7 @@ async function configureProjectMcpClients(root) {
 }
 // src/commands/init-stack-packs.ts
-import { mkdir as mkdir2, writeFile as writeFile2 } from "fs/promises";
+import { mkdir as mkdir3, writeFile as writeFile2 } from "fs/promises";
 import { existsSync as existsSync5 } from "fs";
 import path6 from "path";
 import {
@@ -1857,7 +1867,7 @@ function autoDetectStacks(deps) {
 async function seedStackPack(haivePaths, stack) {
   const memories = PACKS[stack];
   if (!memories) return 0;
-  await mkdir2(haivePaths.teamDir, { recursive: true });
+  await mkdir3(haivePaths.teamDir, { recursive: true });
   let count = 0;
   for (const mem of memories) {
     const fm = buildFrontmatter({
@@ -1870,7 +1880,7 @@ async function seedStackPack(haivePaths, stack) {
     const filePath = memoryFilePath(haivePaths, "team", fm.id);
     if (existsSync5(filePath)) continue;
     const content = serializeMemory({ frontmatter: fm, body: mem.body });
-    await mkdir2(path6.dirname(filePath), { recursive: true });
+    await mkdir3(path6.dirname(filePath), { recursive: true });
     await writeFile2(filePath, content, "utf8");
     count++;
   }
@@ -2094,10 +2104,10 @@ function registerInit(program2) {
     if (existsSync6(paths.haiveDir)) {
       ui.warn(`.ai/ already exists at ${paths.haiveDir} \u2014 leaving existing files in place.`);
     }
-    await mkdir3(paths.personalDir, { recursive: true });
-    await mkdir3(paths.teamDir, { recursive: true });
-    await mkdir3(paths.moduleDir, { recursive: true });
-    await mkdir3(paths.modulesContextDir, { recursive: true });
+    await mkdir4(paths.personalDir, { recursive: true });
+    await mkdir4(paths.teamDir, { recursive: true });
+    await mkdir4(paths.moduleDir, { recursive: true });
+    await mkdir4(paths.modulesContextDir, { recursive: true });
     await ensureAiRuntimeLayout(paths.runtimeDir);
     if (!existsSync6(paths.projectContext)) {
       if (wantBootstrap) {
@@ -2154,32 +2164,22 @@ function registerInit(program2) {
       if (existsSync6(ciPath)) {
         ui.info("CI workflow already exists \u2014 skipped");
       } else {
-        await mkdir3(path7.dirname(ciPath), { recursive: true });
+        await mkdir4(path7.dirname(ciPath), { recursive: true });
         await writeFile3(ciPath, CI_WORKFLOW, "utf8");
         ui.success(`Created ${path7.relative(root, ciPath)}`);
       }
     }
     if (autopilot) {
       const haiveBin = process.argv[1];
-      const hookResult = spawnSync(
+      const enforcementResult = spawnSync(
         process.execPath,
-        [haiveBin, "install-hooks", "--dir", root],
+        [haiveBin, "enforce", "install", "--dir", root],
         { encoding: "utf8" }
       );
-      if (hookResult.status === 0) {
-        ui.success("Git hooks installed (auto-sync after pull/merge)");
+      if (enforcementResult.status === 0) {
+        ui.success("hAIve enforcement installed (MCP, git, CI, client hooks where available)");
       } else {
-        ui.warn("Git hooks not installed (not a git repo or no .git/ found) \u2014 run `haive install-hooks` manually");
-      }
-      const claudeHookResult = spawnSync(
-        process.execPath,
-        [haiveBin, "install-hooks", "claude", "--scope", "project", "--dir", root],
-        { encoding: "utf8" }
-      );
-      if (claudeHookResult.status === 0) {
-        ui.success("Claude Code enforcement hooks installed (.claude/settings.local.json)");
-      } else {
-        ui.warn("Claude Code hooks not installed \u2014 run `haive install-hooks claude --scope project` manually");
+        ui.warn("hAIve enforcement not fully installed \u2014 run `haive enforce install` manually");
       }
       try {
         ui.info("Building code-map\u2026");
@@ -2230,8 +2230,8 @@ function registerInit(program2) {
       console.log(ui.dim("  \u2713 Proposed memories auto-approve after 72h without rejection"));
       console.log(ui.dim("  \u2713 Session recap saved automatically when the AI session closes"));
       console.log(ui.dim("  \u2713 Code-map refreshes automatically after every pull"));
-      console.log(ui.dim("  \u2713 Git hooks installed (auto-sync after pull/merge)"));
-      console.log(ui.dim("  \u2713 CI workflow created (pr-stale-check + sync-on-merge)"));
+      console.log(ui.dim("  \u2713 Agent-agnostic enforcement gates installed (MCP, git, CI, wrapper-ready)"));
+      console.log(ui.dim("  \u2713 CI workflows created (sync + enforcement)"));
       if (stacksToSeed.length > 0) {
         console.log(ui.dim(`  \u2713 Stack memory packs pre-seeded (${stacksToSeed.join(", ")})`));
       }
@@ -2288,7 +2288,7 @@ async function writeCursorHaiveRule(root) {
     ui.info(`Cursor rule ${relPath} already exists \u2014 skipped`);
     return;
   }
-  await mkdir3(path7.dirname(target), { recursive: true });
+  await mkdir4(path7.dirname(target), { recursive: true });
   await writeFile3(target, CURSOR_HAIVE_RULE_MDC, "utf8");
   ui.success(`Created Cursor rule ${relPath}`);
 }
@@ -2298,7 +2298,7 @@ async function writeBridge(root, relPath) {
     ui.info(`Bridge ${relPath} already exists \u2014 skipped`);
     return;
   }
-  await mkdir3(path7.dirname(target), { recursive: true });
+  await mkdir4(path7.dirname(target), { recursive: true });
   await writeFile3(target, BRIDGE_BODY, "utf8");
   ui.success(`Created bridge ${relPath}`);
 }
@@ -2315,7 +2315,7 @@ var RUNTIME_GITIGNORE_BODY = `*
 !README.md
 `;
 async function ensureAiRuntimeLayout(runtimeDir) {
-  await mkdir3(runtimeDir, { recursive: true });
+  await mkdir4(runtimeDir, { recursive: true });
   const gi = path7.join(runtimeDir, ".gitignore");
   if (!existsSync6(gi)) {
     await writeFile3(gi, RUNTIME_GITIGNORE_BODY, "utf8");
@@ -2342,7 +2342,7 @@ async function ensureGitignoreEntries(root, patterns) {
 }
 // src/commands/install-hooks.ts
-import { mkdir as mkdir5, writeFile as writeFile5, chmod, readFile as readFile6 } from "fs/promises";
+import { mkdir as mkdir6, writeFile as writeFile5, chmod, readFile as readFile6 } from "fs/promises";
 import { existsSync as existsSync8 } from "fs";
 import path9 from "path";
 import "commander";
@@ -2350,7 +2350,7 @@ import { findProjectRoot as findProjectRoot6 } from "@hiveai/core";
 // src/utils/claude-hooks.ts
 import { existsSync as existsSync7 } from "fs";
-import { mkdir as mkdir4, readFile as readFile5, writeFile as writeFile4 } from "fs/promises";
+import { mkdir as mkdir5, readFile as readFile5, writeFile as writeFile4 } from "fs/promises";
 import path8 from "path";
 var HAIVE_HOOK_TAG = "haive-enforcement";
 var POST_TOOL_USE_GROUP = {
@@ -2447,7 +2447,7 @@ async function installClaudeHooksAtPath(settingsPath) {
     created = true;
   }
   const patched = patchClaudeSettings(raw);
-  await mkdir4(path8.dirname(settingsPath), { recursive: true });
+  await mkdir5(path8.dirname(settingsPath), { recursive: true });
   await writeFile4(settingsPath, JSON.stringify(patched, null, 2) + "\n", "utf8");
   return { settingsPath, created };
 }
@@ -2484,9 +2484,8 @@ fi
 var PRE_PUSH_BODY = `#!/bin/sh
 ${HOOK_MARKER} \u2014 keep this block to allow upgrades. Hand-edit anything outside it.
-# Before pushing, run haive precommit to surface known anti-patterns and stale memories.
-# Exit 0 always \u2014 this is advisory only (set HAIVE_BLOCK=1 to make it blocking).
-HAIVE_BLOCK=\${HAIVE_BLOCK:-0}
+# Before pushing, run the hAIve workflow policy gate. This is blocking by default:
+# initialized projects should not accept AI changes that bypass hAIve.
 _haive() {
   if command -v haive >/dev/null 2>&1; then haive "$@"
@@ -2495,15 +2494,7 @@ _haive() {
   fi
 }
-# Run pre-commit check on diff between local and remote
-LOCAL_BRANCH=$(git rev-parse --abbrev-ref HEAD)
-REMOTE_SHA=$(git rev-parse --verify "@{u}" 2>/dev/null || echo "")
-if [ -n "$REMOTE_SHA" ]; then
-  DIFF=$(git diff "$REMOTE_SHA"..HEAD 2>/dev/null || "")
-  if [ -n "$DIFF" ]; then
-    _haive precommit --quiet 2>/dev/null || true
-  fi
-fi
+_haive enforce check --stage pre-push --dir . || exit $?
 # Remind agent to save session recap if env var is set
 if [ "$HAIVE_SESSION_REMINDER" = "1" ]; then
@@ -2515,7 +2506,19 @@ exit 0
 var HOOKS = [
   { name: "post-merge", body: POST_MERGE_BODY },
   { name: "post-rewrite", body: POST_MERGE_BODY },
-  { name: "pre-push", body: PRE_PUSH_BODY }
+  { name: "pre-push", body: PRE_PUSH_BODY },
+  {
+    name: "pre-commit",
+    body: `#!/bin/sh
+${HOOK_MARKER} \u2014 keep this block to allow upgrades. Hand-edit anything outside it.
+if command -v haive >/dev/null 2>&1; then
+  haive enforce check --stage pre-commit --dir . || exit $?
+elif [ -x ./node_modules/.bin/haive ]; then
+  ./node_modules/.bin/haive enforce check --stage pre-commit --dir . || exit $?
+fi
+`
+  }
 ];
 async function installGitHooks(opts) {
   const root = findProjectRoot6(opts.dir);
@@ -2526,7 +2529,7 @@ async function installGitHooks(opts) {
     return;
   }
   const hooksDir = path9.join(gitDir, "hooks");
-  await mkdir5(hooksDir, { recursive: true });
+  await mkdir6(hooksDir, { recursive: true });
   let installed = 0;
   let skipped = 0;
   for (const { name, body } of HOOKS) {
@@ -2545,8 +2548,8 @@ async function installGitHooks(opts) {
   }
   ui.success(`Installed ${installed} git hook(s) in .git/hooks/${skipped ? `, skipped ${skipped}` : ""}`);
   ui.info("post-merge: haive sync runs after every pull/merge.");
-  ui.info("pre-push:   haive precommit runs before every push (advisory, never blocks).");
-  ui.info("           Set HAIVE_BLOCK=1 in your shell to make pre-push blocking.");
+  ui.info("pre-commit: haive enforce check blocks unsafe staged changes.");
+  ui.info("pre-push:   haive enforce check blocks pushes that bypass briefing/session recap policy.");
 }
 async function installClaudeHooks(opts) {
   const root = findProjectRoot6(opts.dir);
@@ -2594,7 +2597,7 @@ function registerInstallHooks(program2) {
 }
 // src/commands/observe.ts
-import { appendFile, mkdir as mkdir6 } from "fs/promises";
+import { appendFile, mkdir as mkdir7 } from "fs/promises";
 import { existsSync as existsSync9 } from "fs";
 import path10 from "path";
 import "commander";
@@ -2685,7 +2688,7 @@ function registerObserve(program2) {
         files: extractFiles(payload)
       };
       const cacheDir = path10.join(paths.haiveDir, ".cache");
-      await mkdir6(cacheDir, { recursive: true });
+      await mkdir7(cacheDir, { recursive: true });
       await appendFile(
         path10.join(cacheDir, "observations.jsonl"),
         JSON.stringify(observation) + "\n",
@@ -2704,7 +2707,7 @@ import { findProjectRoot as findProjectRoot9 } from "@hiveai/core";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { findProjectRoot as findProjectRoot8, resolveHaivePaths as resolveHaivePaths6 } from "@hiveai/core";
-import { mkdir as mkdir7, writeFile as writeFile6 } from "fs/promises";
+import { mkdir as mkdir8, writeFile as writeFile6 } from "fs/promises";
 import { existsSync as existsSync10 } from "fs";
 import path11 from "path";
 import { z } from "zod";
@@ -2986,7 +2989,7 @@ async function bootstrapProjectSave(input, ctx) {
       `${target} already exists. Pass overwrite=true to replace it.`
     );
   }
-  await mkdir7(path11.dirname(target), { recursive: true });
+  await mkdir8(path11.dirname(target), { recursive: true });
   await writeFile6(target, input.content, "utf8");
   return {
     file_path: target,
@@ -6069,7 +6072,7 @@ When done, respond with: "Imported N memories: [list of IDs]" or "Nothing action
   };
 }
 var SERVER_NAME = "haive";
-var SERVER_VERSION = "0.9.8";
+var SERVER_VERSION = "0.9.9";
 function jsonResult(data) {
   return {
     content: [
@@ -6993,7 +6996,7 @@ function registerMcp(program2) {
 // src/commands/sync.ts
 import { spawnSync as spawnSync2 } from "child_process";
-import { readFile as readFile8, writeFile as writeFile13, mkdir as mkdir8 } from "fs/promises";
+import { readFile as readFile8, writeFile as writeFile13, mkdir as mkdir9 } from "fs/promises";
 import { existsSync as existsSync29 } from "fs";
 import path12 from "path";
 import "commander";
@@ -7269,7 +7272,7 @@ Attends une **confirmation explicite** avant d'agir.
                   topic: `dep-bump-${slugParts}`
                 });
                 const teamDir = path12.join(paths.memoriesDir, "team");
-                await mkdir8(teamDir, { recursive: true });
+                await mkdir9(teamDir, { recursive: true });
                 await writeFile13(
                   path12.join(teamDir, `${fm.id}.md`),
                   serializeMemory11({ frontmatter: { ...fm, requires_human_approval: true }, body }),
@@ -7336,7 +7339,7 @@ Attends une **confirmation explicite** avant d'agir.
               topic: `contract-breaking-${diff.contract}`
             });
             const teamDir = path12.join(paths.memoriesDir, "team");
-            await mkdir8(teamDir, { recursive: true });
+            await mkdir9(teamDir, { recursive: true });
             await writeFile13(
               path12.join(teamDir, `${fm.id}.md`),
               serializeMemory11({ frontmatter: { ...fm, requires_human_approval: true }, body }),
@@ -7475,7 +7478,7 @@ function collectSinceChanges(root, ref) {
 // src/commands/memory-add.ts
 import { createHash as createHash2 } from "crypto";
-import { mkdir as mkdir9, readFile as readFile9, writeFile as writeFile14 } from "fs/promises";
+import { mkdir as mkdir10, readFile as readFile9, writeFile as writeFile14 } from "fs/promises";
 import { existsSync as existsSync30 } from "fs";
 import path13 from "path";
 import "commander";
@@ -7610,7 +7613,7 @@ TODO \u2014 write the memory body.
       topic: opts.topic
     });
     const file = memoryFilePath6(paths, frontmatter.scope, frontmatter.id, frontmatter.module);
-    await mkdir9(path13.dirname(file), { recursive: true });
+    await mkdir10(path13.dirname(file), { recursive: true });
     if (existsSync30(file)) {
       ui.error(`Memory already exists at ${file}`);
       process.exitCode = 1;
@@ -7743,7 +7746,7 @@ function matchesFilters(loaded, opts) {
 }
 // src/commands/memory-promote.ts
-import { mkdir as mkdir10, unlink as unlink2, writeFile as writeFile15 } from "fs/promises";
+import { mkdir as mkdir11, unlink as unlink2, writeFile as writeFile15 } from "fs/promises";
 import { existsSync as existsSync33 } from "fs";
 import path15 from "path";
 import "commander";
@@ -7792,7 +7795,7 @@ function registerMemoryPromote(memory2) {
       body: found.memory.body
     };
     const newPath = memoryFilePath7(paths, "team", updated.frontmatter.id);
-    await mkdir10(path15.dirname(newPath), { recursive: true });
+    await mkdir11(path15.dirname(newPath), { recursive: true });
     await writeFile15(newPath, serializeMemory13(updated), "utf8");
     await unlink2(found.filePath);
     ui.success(`Promoted ${id} to team scope (status=proposed)`);
@@ -8252,7 +8255,7 @@ function registerMemoryHot(memory2) {
 }
 // src/commands/memory-tried.ts
-import { mkdir as mkdir11, writeFile as writeFile19 } from "fs/promises";
+import { mkdir as mkdir12, writeFile as writeFile19 } from "fs/promises";
 import { existsSync as existsSync40 } from "fs";
 import path23 from "path";
 import "commander";
@@ -8305,7 +8308,7 @@ function registerMemoryTried(memory2) {
     }
     const body = lines.join("\n") + "\n";
     const file = memoryFilePath8(paths, frontmatter.scope, frontmatter.id, frontmatter.module);
-    await mkdir11(path23.dirname(file), { recursive: true });
+    await mkdir12(path23.dirname(file), { recursive: true });
     if (existsSync40(file)) {
       ui.error(`Memory already exists at ${file}`);
       process.exitCode = 1;
@@ -8805,7 +8808,7 @@ function registerMemoryImport(memory2) {
 // src/commands/memory-import-changelog.ts
 import { existsSync as existsSync50 } from "fs";
-import { readFile as readFile13, mkdir as mkdir12, writeFile as writeFile23 } from "fs/promises";
+import { readFile as readFile13, mkdir as mkdir13, writeFile as writeFile23 } from "fs/promises";
 import path30 from "path";
 import "commander";
 import {
@@ -8902,7 +8905,7 @@ function registerMemoryImportChangelog(memory2) {
     const pkgName = opts.package ?? path30.basename(path30.dirname(changelogPath));
     const scope = opts.scope ?? "team";
     const teamDir = path30.join(paths.memoriesDir, scope);
-    await mkdir12(teamDir, { recursive: true });
+    await mkdir13(teamDir, { recursive: true });
     let saved = 0;
     for (const entry of entries) {
       const lines = [];
@@ -9073,7 +9076,7 @@ function registerMemoryDigest(program2) {
 }
 // src/commands/session-end.ts
-import { writeFile as writeFile25, mkdir as mkdir13, readFile as readFile14, rm as rm2 } from "fs/promises";
+import { writeFile as writeFile25, mkdir as mkdir14, readFile as readFile14, rm as rm2 } from "fs/promises";
 import { existsSync as existsSync53 } from "fs";
 import path33 from "path";
 import "commander";
@@ -9248,7 +9251,7 @@ function registerSessionEnd(session2) {
       status: "validated"
     });
     const file = memoryFilePath9(paths, frontmatter.scope, frontmatter.id, frontmatter.module);
-    await mkdir13(path33.dirname(file), { recursive: true });
+    await mkdir14(path33.dirname(file), { recursive: true });
     await writeFile25(file, serializeMemory21({ frontmatter, body }), "utf8");
     await cleanupObservations();
     if (!opts.quiet) {
@@ -9432,7 +9435,7 @@ function detectFormat(filePath) {
 // src/commands/hub.ts
 import { existsSync as existsSync55 } from "fs";
-import { mkdir as mkdir14, readFile as readFile15, writeFile as writeFile26, copyFile } from "fs/promises";
+import { mkdir as mkdir15, readFile as readFile15, writeFile as writeFile26, copyFile } from "fs/promises";
 import path35 from "path";
 import { spawnSync as spawnSync3 } from "child_process";
 import "commander";
@@ -9453,7 +9456,7 @@ function registerHub(program2) {
     "Initialize a new team-knowledge hub repo at <hubPath>.\n\n  Creates a git repo with a .ai/ directory structure ready for shared memories.\n\n  Example:\n    haive hub init ../team-hub\n    haive hub init /srv/git/team-knowledge\n"
   ).action(async (hubPath) => {
     const absPath = path35.resolve(hubPath);
-    await mkdir14(absPath, { recursive: true });
+    await mkdir15(absPath, { recursive: true });
     const gitCheck = spawnSync3("git", ["rev-parse", "--git-dir"], { cwd: absPath });
     if (gitCheck.status !== 0) {
       const init = spawnSync3("git", ["init"], { cwd: absPath, encoding: "utf8" });
@@ -9464,7 +9467,7 @@ function registerHub(program2) {
       }
     }
     const sharedDir = path35.join(absPath, ".ai", "memories", "shared");
-    await mkdir14(sharedDir, { recursive: true });
+    await mkdir15(sharedDir, { recursive: true });
     await writeFile26(
       path35.join(absPath, ".ai", "README.md"),
       `# hAIve Team Knowledge Hub
@@ -9540,7 +9543,7 @@ Next steps:
     }
     const projectName = path35.basename(root);
     const destDir = path35.join(hubRoot, ".ai", "memories", "shared", projectName);
-    await mkdir14(destDir, { recursive: true });
+    await mkdir15(destDir, { recursive: true });
     const all = await loadMemoriesFromDir28(paths.memoriesDir);
     const shared = all.filter(
       ({ memory: memory2 }) => memory2.frontmatter.scope === "shared" && memory2.frontmatter.status !== "rejected" && memory2.frontmatter.status !== "deprecated" && // Don't push imported memories (avoid echo loops)
@@ -9619,7 +9622,7 @@ Next steps:
     for (const sourceName of projectDirs) {
       const sourceDir = path35.join(hubSharedDir, sourceName);
       const destDir = path35.join(paths.memoriesDir, "shared", sourceName);
-      await mkdir14(destDir, { recursive: true });
+      await mkdir15(destDir, { recursive: true });
       const sourceFiles = (await readdir5(sourceDir)).filter((f) => f.endsWith(".md"));
       const { loadMemoriesFromDir: loadDir } = await import("@hiveai/core");
       const existingInDest = await loadDir(destDir);
@@ -9688,7 +9691,7 @@ Next steps:
 // src/commands/stats.ts
 import "commander";
 import { existsSync as existsSync56 } from "fs";
-import { mkdir as mkdir15, writeFile as writeFile27 } from "fs/promises";
+import { mkdir as mkdir16, writeFile as writeFile27 } from "fs/promises";
 import path36 from "path";
 import {
   aggregateUsage,
@@ -9796,7 +9799,7 @@ async function writeRoiReport(paths, root, sinceRaw, outRelative) {
     ui.warn("Usage log missing or empty \u2014 report still written with partial data.");
     events = [];
   }
-  await mkdir15(path36.dirname(outAbs), { recursive: true });
+  await mkdir16(path36.dirname(outAbs), { recursive: true });
   const payload = {
     generated_at: (/* @__PURE__ */ new Date()).toISOString(),
     project_root: root,
@@ -9985,7 +9988,7 @@ function summarize(name, t0, payload, notes) {
 }
 // src/commands/memory-suggest.ts
-import { mkdir as mkdir16, writeFile as writeFile28 } from "fs/promises";
+import { mkdir as mkdir17, writeFile as writeFile28 } from "fs/promises";
 import { existsSync as existsSync57 } from "fs";
 import path37 from "path";
 import "commander";
@@ -10080,7 +10083,7 @@ function registerMemorySuggest(memory2) {
         fm.status = "draft";
         const body = renderTemplate(s);
         const file = memoryFilePath10(paths, fm.scope, fm.id, fm.module);
-        await mkdir16(path37.dirname(file), { recursive: true });
+        await mkdir17(path37.dirname(file), { recursive: true });
         if (existsSync57(file)) {
           skipped.push({ query: s.query, reason: `file already exists at ${path37.relative(root, file)}` });
           continue;
@@ -10334,8 +10337,8 @@ function registerDoctor(program2) {
         fix: "haive init"
       });
     } else {
-      const { readFile: readFile16 } = await import("fs/promises");
-      const content = await readFile16(paths.projectContext, "utf8");
+      const { readFile: readFile17 } = await import("fs/promises");
+      const content = await readFile17(paths.projectContext, "utf8");
       const isTemplate = content.includes("TODO \u2014 high-level overview") || content.includes("Generated by `haive init`");
       if (isTemplate) {
         findings.push({
@@ -10461,8 +10464,8 @@ function registerDoctor(program2) {
       let hasClaudeEnforcement = false;
       if (existsSync59(claudeSettings)) {
         try {
-          const { readFile: readFile16 } = await import("fs/promises");
-          const raw = await readFile16(claudeSettings, "utf8");
+          const { readFile: readFile17 } = await import("fs/promises");
+          const raw = await readFile17(claudeSettings, "utf8");
           hasClaudeEnforcement = raw.includes("haive enforce session-start") && raw.includes("haive enforce pre-tool-use");
         } catch {
           hasClaudeEnforcement = false;
@@ -10491,7 +10494,7 @@ function registerDoctor(program2) {
         timeout: 3e3,
         stdio: ["ignore", "pipe", "ignore"]
       }).trim();
-      const cliVersion = "0.9.8";
+      const cliVersion = "0.9.9";
       if (legacyRaw && legacyRaw !== cliVersion) {
         findings.push({
           severity: "warn",
@@ -11094,29 +11097,86 @@ function registerMemoryConflictCandidates(memory2) {
 }
 // src/commands/enforce.ts
+import { spawn as spawn5 } from "child_process";
 import { existsSync as existsSync67 } from "fs";
-import { mkdir as mkdir17 } from "fs/promises";
+import { chmod as chmod2, mkdir as mkdir18, readFile as readFile16, writeFile as writeFile30 } from "fs/promises";
+import path45 from "path";
 import "commander";
 import {
   findProjectRoot as findProjectRoot46,
   hasRecentBriefingMarker,
+  isFreshIsoDate,
+  loadConfig as loadConfig8,
+  loadMemoriesFromDir as loadMemoriesFromDir36,
   resolveBriefingBudget as resolveBriefingBudget3,
   resolveHaivePaths as resolveHaivePaths43,
-  writeBriefingMarker
+  saveConfig as saveConfig3,
+  SESSION_RECAP_TTL_MS,
+  verifyAnchor as verifyAnchor4,
+  writeBriefingMarker as writeBriefingMarker2
 } from "@hiveai/core";
 var MAX_STDIN_BYTES2 = 256 * 1024;
+var ENFORCE_HOOK_MARKER = "# hAIve enforcement hook";
 function registerEnforce(program2) {
-  const enforce = program2.command("enforce").description("Agent enforcement helpers used by hAIve-installed hooks.");
+  const enforce = program2.command("enforce").description(
+    "Agent-agnostic enforcement helpers: install policy gates, report status, and block unsafe workflows."
+  );
+  enforce.command("install").description("Install hAIve enforcement across MCP config, git hooks, CI template, and supported client hooks.").option("-d, --dir <dir>", "project root").option("--no-git", "skip git pre-commit/pre-push enforcement hooks").option("--no-claude", "skip Claude Code hooks").option("--no-ci", "skip GitHub Actions enforcement workflow").action(async (opts) => {
+    const root = findProjectRoot46(opts.dir);
+    const paths = resolveHaivePaths43(root);
+    await mkdir18(paths.haiveDir, { recursive: true });
+    const current = await loadConfig8(paths);
+    await saveConfig3(paths, {
+      ...current,
+      enforcement: {
+        ...current.enforcement,
+        mode: "strict",
+        requireBriefingFirst: true,
+        requireSessionRecap: true,
+        requireMemoryVerify: true,
+        blockStaleDecisionChanges: true,
+        toolProfile: "enforcement"
+      }
+    });
+    ui.success("hAIve strict enforcement enabled in .ai/haive.config.json");
+    if (opts.git !== false) await installGitEnforcement(root);
+    if (opts.ci !== false) await installCiEnforcement(root);
+    if (opts.claude !== false) {
+      try {
+        const result = await installClaudeHooksAtPath(defaultClaudeSettingsPath("project", root));
+        ui.success(`${result.created ? "Created" : "Patched"} Claude Code hooks (${path45.relative(root, result.settingsPath)})`);
+      } catch (err) {
+        ui.warn(`Claude Code hooks not installed: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    }
+    ui.info("Agent-agnostic gates are now active at workflow level: MCP, git, CI, and optional client hooks.");
+    ui.info("Use `haive run -- <agent command>` for agents that do not expose blocking hooks.");
+  });
+  enforce.command("status").description("Show whether this project has agent-agnostic hAIve enforcement installed.").option("-d, --dir <dir>", "project root").option("--json", "emit JSON", false).action(async (opts) => {
+    const report = await buildEnforcementReport(opts.dir, "local");
+    printReport(report, Boolean(opts.json));
+    if (report.should_block) process.exitCode = 1;
+  });
+  enforce.command("check").description("Run the hAIve policy gate. Intended for pre-commit, pre-push, wrappers, and any agent client.").option("-d, --dir <dir>", "project root").option("--stage <stage>", "local | pre-commit | pre-push | ci", "local").option("--json", "emit JSON", false).action(async (opts) => {
+    const report = await buildEnforcementReport(opts.dir, opts.stage ?? "local");
+    printReport(report, Boolean(opts.json));
+    if (report.should_block) process.exit(2);
+  });
+  enforce.command("ci").description("CI entrypoint: fail if the repository violates hAIve enforcement policy.").option("-d, --dir <dir>", "project root").option("--json", "emit JSON", false).action(async (opts) => {
+    const report = await buildEnforcementReport(opts.dir, "ci");
+    printReport(report, Boolean(opts.json));
+    if (report.should_block) process.exit(2);
+  });
   enforce.command("session-start").description("Claude Code SessionStart hook: inject briefing and write a local briefing marker.").option("-d, --dir <dir>", "project root").option("--task <text>", "task text to rank memories").option("--source <name>", "marker source", "claude-session-start").option("--session-id <id>", "agent session id").action(async (opts) => {
     const payload = await readHookPayload();
     const root = resolveRoot(opts.dir, payload);
     if (!root) return;
     const paths = resolveHaivePaths43(root);
     if (!existsSync67(paths.haiveDir)) return;
-    await mkdir17(paths.runtimeDir, { recursive: true });
+    await mkdir18(paths.runtimeDir, { recursive: true });
     const sessionId = opts.sessionId ?? payload.session_id;
     const task = opts.task ?? payload.prompt ?? "Start an AI coding session in this hAIve-initialized project.";
-    await writeBriefingMarker(paths, {
+    await writeBriefingMarker2(paths, {
       sessionId,
       task,
       source: opts.source ?? "claude-session-start"
@@ -11194,6 +11254,317 @@ ${briefing.project_context.content.slice(0, 1800)}`);
     process.exit(2);
   });
 }
+async function runWithEnforcement(command, args, opts) {
+  const root = findProjectRoot46(opts.dir);
+  const paths = resolveHaivePaths43(root);
+  if (!existsSync67(paths.haiveDir)) {
+    ui.error(`No .ai/ found at ${root}. Run \`haive init\` first.`);
+    process.exit(1);
+  }
+  const sessionId = `haive-run-${process.pid}-${Date.now()}`;
+  const task = opts.task ?? `Run agent command: ${[command, ...args].join(" ")}`;
+  await writeBriefingMarker2(paths, {
+    sessionId,
+    task,
+    source: "haive-run"
+  });
+  const briefingFile = await writeWrapperBriefing(paths, sessionId, task);
+  const before = await buildEnforcementReport(root, "local", sessionId);
+  const blocking = before.findings.filter((f) => f.severity === "error" && f.code !== "session-recap-missing");
+  if (blocking.length > 0) {
+    printReport({ ...before, should_block: true, findings: blocking }, false);
+    process.exit(2);
+  }
+  ui.info(`hAIve briefing marker created for wrapped agent session: ${sessionId}`);
+  ui.info(`Briefing written to ${path45.relative(root, briefingFile)} and exported as HAIVE_BRIEFING_FILE`);
+  const child = spawn5(command, args, {
+    cwd: root,
+    stdio: "inherit",
+    env: {
+      ...process.env,
+      HAIVE_PROJECT_ROOT: root,
+      HAIVE_SESSION_ID: sessionId,
+      HAIVE_BRIEFING_FILE: briefingFile,
+      HAIVE_ENFORCEMENT: "strict",
+      HAIVE_TOOL_PROFILE: process.env.HAIVE_TOOL_PROFILE ?? "enforcement"
+    }
+  });
+  await new Promise((resolve, reject) => {
+    child.on("error", reject);
+    child.on("close", (code, signal) => {
+      if (signal) process.exit(128);
+      process.exitCode = code ?? 0;
+      resolve();
+    });
+  });
+}
+async function writeWrapperBriefing(paths, sessionId, task) {
+  const budget = resolveBriefingBudget3("quick", {
+    max_tokens: 2500,
+    max_memories: 5,
+    include_module_contexts: false
+  });
+  const briefing = await getBriefing({
+    task,
+    files: [],
+    max_tokens: budget.max_tokens,
+    max_memories: budget.max_memories,
+    include_project_context: true,
+    include_module_contexts: budget.include_module_contexts,
+    semantic: true,
+    include_stale: false,
+    track: true,
+    format: "actions",
+    symbols: [],
+    min_semantic_score: 0.25,
+    budget_preset: "quick"
+  }, { paths });
+  const dir = path45.join(paths.runtimeDir, "enforcement", "briefings");
+  await mkdir18(dir, { recursive: true });
+  const file = path45.join(dir, `${sessionId}.md`);
+  const parts = [
+    "# hAIve Briefing",
+    "",
+    `Task: ${task}`,
+    ""
+  ];
+  if (briefing.last_session) parts.push("## Last Session", briefing.last_session.body.trim(), "");
+  if (briefing.project_context?.content) parts.push("## Project Context", briefing.project_context.content.trim(), "");
+  if (briefing.memories.length > 0) {
+    parts.push("## Relevant Memories");
+    for (const memory2 of briefing.memories) {
+      parts.push("", `### ${memory2.id}`, memory2.body.trim());
+    }
+  }
+  if (briefing.setup_warnings.length > 0) {
+    parts.push("", "## Setup Warnings", ...briefing.setup_warnings.map((w) => `- ${w}`));
+  }
+  await writeFile30(file, parts.join("\n") + "\n", "utf8");
+  return file;
+}
+async function buildEnforcementReport(dir, stage, sessionId) {
+  const root = findProjectRoot46(dir);
+  const paths = resolveHaivePaths43(root);
+  const initialized = existsSync67(paths.haiveDir);
+  const config = initialized ? await loadConfig8(paths) : {};
+  const mode = config.enforcement?.mode ?? "strict";
+  const findings = [];
+  if (!initialized) {
+    return {
+      root,
+      initialized,
+      mode,
+      should_block: true,
+      findings: [{
+        severity: "error",
+        code: "not-initialized",
+        message: "This repository is not initialized with hAIve.",
+        fix: "Run `haive init` or `haive enforce install`."
+      }]
+    };
+  }
+  if (mode === "off") {
+    return {
+      root,
+      initialized,
+      mode,
+      should_block: false,
+      findings: [{ severity: "info", code: "enforcement-off", message: "hAIve enforcement is disabled." }]
+    };
+  }
+  if (config.enforcement?.requireBriefingFirst !== false && stage !== "ci") {
+    const hasBriefing = await hasRecentBriefingMarker(paths, sessionId);
+    findings.push(hasBriefing ? { severity: "ok", code: "briefing-loaded", message: "A recent hAIve briefing marker exists." } : {
+      severity: "error",
+      code: "briefing-missing",
+      message: "No recent hAIve briefing marker was found for this workflow.",
+      fix: 'Run `haive briefing --task "..."`, `haive enforce session-start`, or wrap the agent with `haive run -- <agent>`.'
+    });
+  }
+  if (config.enforcement?.requireSessionRecap !== false && (stage === "pre-push" || stage === "ci")) {
+    const hasRecap = await hasRecentSessionRecap(paths);
+    findings.push(hasRecap ? { severity: "ok", code: "session-recap-present", message: "A recent session_recap memory exists." } : {
+      severity: "error",
+      code: "session-recap-missing",
+      message: "No recent session_recap memory was found.",
+      fix: "Run `haive session end --goal ... --accomplished ...` before pushing."
+    });
+  }
+  if (config.enforcement?.requireMemoryVerify !== false) {
+    findings.push(...await verifyMemoryPolicy(paths, config));
+  }
+  if (stage === "pre-commit" || stage === "ci") {
+    findings.push(...await runPrecommitPolicy(paths));
+  }
+  const hasErrors = findings.some((f) => f.severity === "error");
+  return {
+    root,
+    initialized,
+    mode,
+    should_block: mode === "strict" && hasErrors,
+    findings
+  };
+}
+async function hasRecentSessionRecap(paths) {
+  if (!existsSync67(paths.memoriesDir)) return false;
+  const all = await loadMemoriesFromDir36(paths.memoriesDir);
+  return all.some(
+    ({ memory: memory2 }) => memory2.frontmatter.type === "session_recap" && memory2.frontmatter.status !== "rejected" && isFreshIsoDate(memory2.frontmatter.created_at, SESSION_RECAP_TTL_MS)
+  );
+}
+async function verifyMemoryPolicy(paths, config) {
+  if (!existsSync67(paths.memoriesDir)) return [];
+  const all = await loadMemoriesFromDir36(paths.memoriesDir);
+  const findings = [];
+  const staleImportant = [];
+  let verified = 0;
+  for (const { memory: memory2 } of all) {
+    const fm = memory2.frontmatter;
+    const anchored = fm.anchor.paths.length > 0 || fm.anchor.symbols.length > 0;
+    if (!anchored || fm.status === "rejected" || fm.status === "deprecated") continue;
+    verified++;
+    if (fm.status === "stale") {
+      if (["decision", "gotcha", "architecture", "convention"].includes(fm.type)) {
+        staleImportant.push(fm.id);
+      }
+      continue;
+    }
+    if (config.enforcement?.blockStaleDecisionChanges !== false && ["decision", "gotcha"].includes(fm.type)) {
+      const result = await verifyAnchor4(memory2, { projectRoot: paths.root });
+      if (result.stale) staleImportant.push(fm.id);
+    }
+  }
+  findings.push({
+    severity: "ok",
+    code: "memory-verify-ran",
+    message: `Checked ${verified} anchored memories for stale enforcement policy.`
+  });
+  if (staleImportant.length > 0) {
+    findings.push({
+      severity: "error",
+      code: "stale-important-memories",
+      message: `${staleImportant.length} important anchored memories are stale: ${staleImportant.slice(0, 8).join(", ")}`,
+      fix: "Run `haive memory verify --update`, then update or delete stale decisions/gotchas before merging."
+    });
+  }
+  return findings;
+}
+async function runPrecommitPolicy(paths) {
+  const staged = await runCommand4("git", ["diff", "--cached", "--name-only"], paths.root).catch(() => "");
+  const touchedPaths = staged.split("\n").map((s) => s.trim()).filter(Boolean);
+  if (touchedPaths.length === 0) {
+    return [{ severity: "info", code: "no-staged-changes", message: "No staged changes found for pre-commit policy." }];
+  }
+  const diff = await runCommand4("git", ["diff", "--cached"], paths.root).catch(() => "");
+  const result = await preCommitCheck({
+    diff,
+    paths: touchedPaths,
+    block_on: "high-confidence",
+    semantic: true
+  }, { paths });
+  if (!result.should_block) {
+    return [{
+      severity: "ok",
+      code: "precommit-policy-pass",
+      message: `Pre-commit policy passed for ${touchedPaths.length} staged file(s).`
+    }];
+  }
+  return [{
+    severity: "error",
+    code: "precommit-policy-block",
+    message: `Pre-commit policy matched ${result.summary.anti_patterns} anti-pattern(s), ${result.summary.stale_anchors} stale anchor(s).`,
+    fix: "Review the hAIve warnings, then update the code or the relevant memories."
+  }];
+}
+async function installGitEnforcement(root) {
+  const hooksDir = path45.join(root, ".git", "hooks");
+  if (!existsSync67(path45.join(root, ".git"))) {
+    ui.warn("No .git directory found; git enforcement hooks skipped.");
+    return;
+  }
+  await mkdir18(hooksDir, { recursive: true });
+  const hooks = [
+    {
+      name: "pre-commit",
+      body: `#!/bin/sh
+${ENFORCE_HOOK_MARKER}
+haive enforce check --stage pre-commit --dir . || exit $?
+`
+    },
+    {
+      name: "pre-push",
+      body: `#!/bin/sh
+${ENFORCE_HOOK_MARKER}
+haive enforce check --stage pre-push --dir . || exit $?
+`
+    }
+  ];
+  for (const hook of hooks) {
+    const file = path45.join(hooksDir, hook.name);
+    if (existsSync67(file)) {
+      const current = await readFile16(file, "utf8").catch(() => "");
+      if (current.includes(ENFORCE_HOOK_MARKER)) {
+        await writeFile30(file, hook.body, "utf8");
+      } else {
+        await writeFile30(file, `${current.trimEnd()}
+${hook.body}`, "utf8");
+      }
+    } else {
+      await writeFile30(file, hook.body, "utf8");
+    }
+    await chmod2(file, 493);
+  }
+  ui.success("Installed blocking git enforcement hooks: pre-commit, pre-push");
+}
+async function installCiEnforcement(root) {
+  const workflowPath = path45.join(root, ".github", "workflows", "haive-enforcement.yml");
+  await mkdir18(path45.dirname(workflowPath), { recursive: true });
+  if (existsSync67(workflowPath)) {
+    ui.info("GitHub Actions enforcement workflow already exists \u2014 skipped");
+    return;
+  }
+  await writeFile30(workflowPath, `name: haive-enforcement
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  haive-enforcement:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      - name: Install hAIve
+        run: npm install -g @hiveai/cli
+      - name: Enforce hAIve policy
+        run: haive enforce ci
+`, "utf8");
+  ui.success(`Created ${path45.relative(root, workflowPath)}`);
+}
+function printReport(report, json) {
+  if (json) {
+    console.log(JSON.stringify(report, null, 2));
+    return;
+  }
+  console.log(ui.bold(`hAIve enforcement \u2014 ${report.mode}`));
+  console.log(ui.dim(`  root: ${report.root}`));
+  for (const finding of report.findings) {
+    const marker = finding.severity === "error" ? ui.red("\u2717") : finding.severity === "warn" ? ui.yellow("\u26A0") : finding.severity === "ok" ? ui.green("\u2713") : ui.dim("\u2022");
+    console.log(`${marker} ${finding.code}: ${finding.message}`);
+    if (finding.fix) console.log(ui.dim(`  fix: ${finding.fix}`));
+  }
+  if (report.should_block) ui.error("hAIve enforcement gate failed.");
+  else ui.success("hAIve enforcement gate passed.");
+}
 async function readHookPayload() {
   const raw = await readStdin2(MAX_STDIN_BYTES2);
   if (!raw.trim()) return {};
@@ -11242,15 +11613,46 @@ async function readStdin2(maxBytes) {
     setTimeout(finish, 2e3);
   });
 }
+function runCommand4(cmd, args, cwd) {
+  return new Promise((resolve, reject) => {
+    const proc = spawn5(cmd, args, { cwd, stdio: ["ignore", "pipe", "pipe"] });
+    let stdout = "";
+    let stderr = "";
+    proc.stdout.on("data", (chunk) => {
+      stdout += chunk.toString();
+    });
+    proc.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    proc.on("error", reject);
+    proc.on("close", (code) => {
+      if (code === 0) resolve(stdout);
+      else reject(new Error(stderr || `${cmd} exited with code ${code}`));
+    });
+  });
+}
+// src/commands/run.ts
+import "commander";
+function registerRun(program2) {
+  program2.command("run").description("Run any AI agent command inside a hAIve-enforced session.").option("-d, --dir <dir>", "project root").option("--task <text>", "task text used for the hAIve briefing marker").allowUnknownOption(true).argument("[cmd]", "agent command to run").argument("[args...]", "agent command arguments").action(async (cmd, args, opts) => {
+    if (!cmd) {
+      ui.error("Usage: haive run -- <agent command> [args...]");
+      process.exit(1);
+    }
+    await runWithEnforcement(cmd, args, opts);
+  });
+}
 // src/index.ts
-var program = new Command48();
-program.name("haive").description("hAIve \u2014 team-first persistent memory layer for AI coding agents").version("0.9.8");
+var program = new Command49();
+program.name("haive").description("hAIve \u2014 team-first persistent memory layer for AI coding agents").version("0.9.9");
 registerInit(program);
 registerWelcome(program);
 registerResolveProject(program);
 registerRuntime(program);
 registerEnforce(program);
+registerRun(program);
 registerMcp(program);
 registerBriefing(program);
 registerTui(program);