@imdeadpool/guardex 7.0.20 → 7.0.21

package/src/cli/main.js

@@ -1,364 +1,132 @@
 #!/usr/bin/env node
 
-const fs = require('node:fs');
-const os = require('node:os');
-const path = require('node:path');
-const cp = require('node:child_process');
 const hooksModule = require('../hooks');
 const sandboxModule = require('../sandbox');
 const toolchainModule = require('../toolchain');
 const finishModule = require('../finish');
+const {
+  fs,
+  path,
+  cp,
+  packageJson,
+  TOOL_NAME,
+  SHORT_TOOL_NAME,
+  OPENSPEC_PACKAGE,
+  NPX_BIN,
+  GUARDEX_HOME_DIR,
+  GLOBAL_TOOLCHAIN_SERVICES,
+  GLOBAL_TOOLCHAIN_PACKAGES,
+  OPTIONAL_LOCAL_COMPANION_TOOLS,
+  GH_BIN,
+  REQUIRED_SYSTEM_TOOLS,
+  MAINTAINER_RELEASE_REPO,
+  NPM_BIN,
+  OPENSPEC_BIN,
+  SCORECARD_BIN,
+  GIT_PROTECTED_BRANCHES_KEY,
+  GIT_BASE_BRANCH_KEY,
+  GIT_SYNC_STRATEGY_KEY,
+  GUARDEX_REPO_TOGGLE_ENV,
+  DEFAULT_PROTECTED_BRANCHES,
+  DEFAULT_BASE_BRANCH,
+  DEFAULT_SYNC_STRATEGY,
+  COMPOSE_HINT_FILES,
+  TEMPLATE_ROOT,
+  HOOK_NAMES,
+  TEMPLATE_FILES,
+  LEGACY_WORKFLOW_SHIM_SPECS,
+  LEGACY_MANAGED_REPO_FILES,
+  REQUIRED_MANAGED_REPO_FILES,
+  LEGACY_MANAGED_PACKAGE_SCRIPTS,
+  PACKAGE_SCRIPT_ASSETS,
+  USER_LEVEL_SKILL_ASSETS,
+  EXECUTABLE_RELATIVE_PATHS,
+  CRITICAL_GUARDRAIL_PATHS,
+  LOCK_FILE_RELATIVE,
+  AGENTS_BOTS_STATE_RELATIVE,
+  AGENTS_MARKER_START,
+  AGENTS_MARKER_END,
+  GITIGNORE_MARKER_START,
+  GITIGNORE_MARKER_END,
+  SHARED_VSCODE_SETTINGS_RELATIVE,
+  REPO_SCAN_IGNORED_FOLDERS_SETTING,
+  AGENT_WORKTREE_RELATIVE_DIRS,
+  MANAGED_REPO_SCAN_IGNORED_FOLDERS,
+  MANAGED_GITIGNORE_PATHS,
+  REPO_SCAFFOLD_DIRECTORIES,
+  OMX_SCAFFOLD_DIRECTORIES,
+  OMX_SCAFFOLD_FILES,
+  TARGETED_FORCEABLE_MANAGED_PATHS,
+  DEPRECATED_COMMAND_ALIASES,
+  envFlagIsTruthy,
+  defaultAgentWorktreeRelativeDir,
+  AI_SETUP_PROMPT,
+  AI_SETUP_COMMANDS,
+  SCORECARD_RISK_BY_CHECK,
+} = require('../context');
+const {
+  gitRun,
+  resolveRepoRoot,
+  isGitRepo,
+  discoverNestedGitRepos,
+} = require('../git');
+const {
+  run,
+  extractTargetedArgs,
+  packageAssetEnv,
+  runPackageAsset,
+  runReviewBotCommand,
+  invokePackageAsset,
+} = require('../core/runtime');
+const {
+  normalizeManagedForcePath,
+  parseCommonArgs,
+  parseSetupArgs,
+  parseDoctorArgs,
+  parseTargetFlag,
+  parseReviewArgs,
+  parseAgentsArgs,
+  parseReportArgs,
+  parseSyncArgs,
+  parseCleanupArgs,
+  parseMergeArgs,
+  parseFinishArgs,
+} = require('./args');
+const {
+  maybeSuggestCommand,
+  normalizeCommandOrThrow,
+  warnDeprecatedAlias,
+  extractFlag,
+} = require('./dispatch');
+const {
+  runtimeVersion,
+  colorize,
+  colorizeDoctorOutput,
+  statusDot,
+  printToolLogsSummary,
+  usage,
+  formatElapsedDuration,
+  compactAutoFinishPathSegments,
+  detectRecoverableAutoFinishConflict,
+  printAutoFinishSummary,
+} = require('../output');
+const {
+  toDestinationPath,
+  ensureParentDir,
+  ensureExecutable,
+  isCriticalGuardrailPath,
+  shellSingleQuote,
+  renderShellDispatchShim,
+  renderPythonDispatchShim,
+  managedForceConflictMessage,
+  printOperations,
+  printStandaloneOperations,
+} = require('../scaffold');
 
 let sandboxApi;
 let toolchainApi;
 let finishApi;
 
-const PACKAGE_ROOT = path.resolve(__dirname, '../..');
-const CLI_ENTRY_PATH = path.join(PACKAGE_ROOT, 'bin', 'multiagent-safety.js');
-const packageJsonPath = path.join(PACKAGE_ROOT, 'package.json');
-const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
-
-const TOOL_NAME = 'gitguardex';
-const SHORT_TOOL_NAME = 'gx';
-if (!process.env.GUARDEX_CLI_ENTRY) {
-  process.env.GUARDEX_CLI_ENTRY = CLI_ENTRY_PATH;
-}
-if (!process.env.GUARDEX_NODE_BIN) {
-  process.env.GUARDEX_NODE_BIN = process.execPath;
-}
-const LEGACY_NAMES = ['guardex', 'multiagent-safety'];
-const GLOBAL_INSTALL_COMMAND = `npm i -g ${packageJson.name}`;
-const OPENSPEC_PACKAGE = '@fission-ai/openspec';
-const OMC_PACKAGE = 'oh-my-claude-sisyphus';
-const OMC_REPO_URL = 'https://github.com/Yeachan-Heo/oh-my-claudecode';
-const CAVEMEM_PACKAGE = 'cavemem';
-const NPX_BIN = process.env.GUARDEX_NPX_BIN || 'npx';
-const GUARDEX_HOME_DIR = path.resolve(process.env.GUARDEX_HOME_DIR || os.homedir());
-const GLOBAL_TOOLCHAIN_SERVICES = [
-  { name: 'oh-my-codex', packageName: 'oh-my-codex' },
-  {
-    name: 'oh-my-claudecode',
-    packageName: OMC_PACKAGE,
-    dependencyUrl: OMC_REPO_URL,
-  },
-  { name: OPENSPEC_PACKAGE, packageName: OPENSPEC_PACKAGE },
-  { name: CAVEMEM_PACKAGE, packageName: CAVEMEM_PACKAGE },
-  {
-    name: '@imdeadpool/codex-account-switcher',
-    packageName: '@imdeadpool/codex-account-switcher',
-  },
-];
-const GLOBAL_TOOLCHAIN_PACKAGES = [
-  ...GLOBAL_TOOLCHAIN_SERVICES.map((service) => service.packageName),
-];
-const OPTIONAL_LOCAL_COMPANION_TOOLS = [
-  {
-    name: 'cavekit',
-    candidatePaths: [
-      '.cavekit/plugin.json',
-      '.codex/local-marketplaces/cavekit/.agents/plugins/marketplace.json',
-    ],
-    installCommand: `${NPX_BIN} skills add JuliusBrussee/cavekit`,
-    installArgs: ['skills', 'add', 'JuliusBrussee/cavekit'],
-  },
-  {
-    name: 'caveman',
-    candidatePaths: [
-      '.config/caveman/config.json',
-      '.cavekit/skills/caveman/SKILL.md',
-    ],
-    installCommand: `${NPX_BIN} skills add JuliusBrussee/caveman`,
-    installArgs: ['skills', 'add', 'JuliusBrussee/caveman'],
-  },
-];
-const GH_BIN = process.env.GUARDEX_GH_BIN || 'gh';
-const REQUIRED_SYSTEM_TOOLS = [
-  {
-    name: 'gh',
-    displayName: 'GitHub (gh)',
-    command: GH_BIN,
-    installHint: 'https://cli.github.com/',
-  },
-];
-const MAINTAINER_RELEASE_REPO = path.resolve(
-  process.env.GUARDEX_RELEASE_REPO || path.resolve(__dirname, '..'),
-);
-const NPM_BIN = process.env.GUARDEX_NPM_BIN || 'npm';
-const OPENSPEC_BIN = process.env.GUARDEX_OPENSPEC_BIN || 'openspec';
-const SCORECARD_BIN = process.env.GUARDEX_SCORECARD_BIN || 'scorecard';
-const GIT_PROTECTED_BRANCHES_KEY = 'multiagent.protectedBranches';
-const GIT_BASE_BRANCH_KEY = 'multiagent.baseBranch';
-const GIT_SYNC_STRATEGY_KEY = 'multiagent.sync.strategy';
-const GUARDEX_REPO_TOGGLE_ENV = 'GUARDEX_ON';
-const DEFAULT_PROTECTED_BRANCHES = ['dev', 'main', 'master'];
-const DEFAULT_BASE_BRANCH = 'dev';
-const DEFAULT_SYNC_STRATEGY = 'rebase';
-const DEFAULT_SHADOW_CLEANUP_IDLE_MINUTES = 60;
-const COMPOSE_HINT_FILES = [
-  'docker-compose.yml',
-  'docker-compose.yaml',
-  'compose.yml',
-  'compose.yaml',
-];
-
-const TEMPLATE_ROOT = path.join(PACKAGE_ROOT, 'templates');
-
-const HOOK_NAMES = ['pre-commit', 'pre-push', 'post-merge', 'post-checkout'];
-
-const TEMPLATE_FILES = [
-  'scripts/agent-session-state.js',
-  'scripts/guardex-docker-loader.sh',
-  'scripts/guardex-env.sh',
-  'scripts/install-vscode-active-agents-extension.js',
-  'github/pull.yml.example',
-  'github/workflows/cr.yml',
-  'vscode/guardex-active-agents/package.json',
-  'vscode/guardex-active-agents/extension.js',
-  'vscode/guardex-active-agents/session-schema.js',
-  'vscode/guardex-active-agents/README.md',
-];
-
-const LEGACY_WORKFLOW_SHIM_SPECS = [
-  { relativePath: 'scripts/agent-branch-start.sh', kind: 'shell', command: ['branch', 'start'] },
-  { relativePath: 'scripts/agent-branch-finish.sh', kind: 'shell', command: ['branch', 'finish'] },
-  { relativePath: 'scripts/agent-branch-merge.sh', kind: 'shell', command: ['branch', 'merge'] },
-  { relativePath: 'scripts/codex-agent.sh', kind: 'shell', command: ['internal', 'run-shell', 'codexAgent'] },
-  { relativePath: 'scripts/review-bot-watch.sh', kind: 'shell', command: ['internal', 'run-shell', 'reviewBot'] },
-  { relativePath: 'scripts/agent-worktree-prune.sh', kind: 'shell', command: ['worktree', 'prune'] },
-  { relativePath: 'scripts/agent-file-locks.py', kind: 'python', command: ['locks'] },
-  { relativePath: 'scripts/openspec/init-plan-workspace.sh', kind: 'shell', command: ['internal', 'run-shell', 'planInit'] },
-  { relativePath: 'scripts/openspec/init-change-workspace.sh', kind: 'shell', command: ['internal', 'run-shell', 'changeInit'] },
-];
-
-const LEGACY_WORKFLOW_SHIMS = LEGACY_WORKFLOW_SHIM_SPECS.map((entry) => entry.relativePath);
-
-const MANAGED_TEMPLATE_DESTINATIONS = TEMPLATE_FILES.map((entry) => toDestinationPath(entry));
-const MANAGED_TEMPLATE_SCRIPT_FILES = MANAGED_TEMPLATE_DESTINATIONS.filter((entry) =>
-  entry.startsWith('scripts/'),
-);
-
-const LEGACY_MANAGED_REPO_FILES = [
-  ...LEGACY_WORKFLOW_SHIMS,
-  'scripts/agent-session-state.js',
-  'scripts/guardex-docker-loader.sh',
-  'scripts/install-vscode-active-agents-extension.js',
-  'scripts/guardex-env.sh',
-  'scripts/install-agent-git-hooks.sh',
-  '.githooks/pre-commit',
-  '.githooks/pre-push',
-  '.githooks/post-merge',
-  '.githooks/post-checkout',
-  '.codex/skills/gitguardex/SKILL.md',
-  '.codex/skills/guardex-merge-skills-to-dev/SKILL.md',
-  '.claude/commands/gitguardex.md',
-];
-
-const REQUIRED_MANAGED_REPO_FILES = [
-  ...MANAGED_TEMPLATE_DESTINATIONS,
-  ...HOOK_NAMES.map((entry) => path.posix.join('.githooks', entry)),
-  '.omx/state/agent-file-locks.json',
-];
-
-const LEGACY_MANAGED_PACKAGE_SCRIPTS = {
-  'agent:codex': 'bash ./scripts/codex-agent.sh',
-  'agent:branch:start': 'bash ./scripts/agent-branch-start.sh',
-  'agent:branch:finish': 'bash ./scripts/agent-branch-finish.sh',
-  'agent:branch:merge': 'bash ./scripts/agent-branch-merge.sh',
-  'agent:cleanup': 'gx cleanup',
-  'agent:hooks:install': 'bash ./scripts/install-agent-git-hooks.sh',
-  'agent:locks:claim': 'python3 ./scripts/agent-file-locks.py claim',
-  'agent:locks:allow-delete': 'python3 ./scripts/agent-file-locks.py allow-delete',
-  'agent:locks:release': 'python3 ./scripts/agent-file-locks.py release',
-  'agent:locks:status': 'python3 ./scripts/agent-file-locks.py status',
-  'agent:plan:init': 'bash ./scripts/openspec/init-plan-workspace.sh',
-  'agent:change:init': 'bash ./scripts/openspec/init-change-workspace.sh',
-  'agent:protect:list': 'gx protect list',
-  'agent:branch:sync': 'gx sync',
-  'agent:branch:sync:check': 'gx sync --check',
-  'agent:safety:setup': 'gx setup',
-  'agent:safety:scan': 'gx status --strict',
-  'agent:safety:fix': 'gx setup --repair',
-  'agent:safety:doctor': 'gx doctor',
-  'agent:docker:load': 'bash ./scripts/guardex-docker-loader.sh',
-  'agent:review:watch': 'bash ./scripts/review-bot-watch.sh',
-  'agent:finish': 'gx finish --all',
-};
-
-const PACKAGE_SCRIPT_ASSETS = {
-  branchStart: path.join(TEMPLATE_ROOT, 'scripts', 'agent-branch-start.sh'),
-  branchFinish: path.join(TEMPLATE_ROOT, 'scripts', 'agent-branch-finish.sh'),
-  branchMerge: path.join(TEMPLATE_ROOT, 'scripts', 'agent-branch-merge.sh'),
-  codexAgent: path.join(TEMPLATE_ROOT, 'scripts', 'codex-agent.sh'),
-  reviewBot: path.join(TEMPLATE_ROOT, 'scripts', 'review-bot-watch.sh'),
-  worktreePrune: path.join(TEMPLATE_ROOT, 'scripts', 'agent-worktree-prune.sh'),
-  lockTool: path.join(TEMPLATE_ROOT, 'scripts', 'agent-file-locks.py'),
-  planInit: path.join(TEMPLATE_ROOT, 'scripts', 'openspec', 'init-plan-workspace.sh'),
-  changeInit: path.join(TEMPLATE_ROOT, 'scripts', 'openspec', 'init-change-workspace.sh'),
-};
-
-const USER_LEVEL_SKILL_ASSETS = [
-  {
-    source: path.join(TEMPLATE_ROOT, 'codex', 'skills', 'gitguardex', 'SKILL.md'),
-    destination: path.join('.codex', 'skills', 'gitguardex', 'SKILL.md'),
-  },
-  {
-    source: path.join(TEMPLATE_ROOT, 'codex', 'skills', 'guardex-merge-skills-to-dev', 'SKILL.md'),
-    destination: path.join('.codex', 'skills', 'guardex-merge-skills-to-dev', 'SKILL.md'),
-  },
-  {
-    source: path.join(TEMPLATE_ROOT, 'claude', 'commands', 'gitguardex.md'),
-    destination: path.join('.claude', 'commands', 'gitguardex.md'),
-  },
-];
-
-const EXECUTABLE_RELATIVE_PATHS = new Set([
-  ...MANAGED_TEMPLATE_SCRIPT_FILES,
-  ...HOOK_NAMES.map((entry) => path.posix.join('.githooks', entry)),
-]);
-
-const CRITICAL_GUARDRAIL_PATHS = new Set([
-  'AGENTS.md',
-  ...HOOK_NAMES.map((entry) => path.posix.join('.githooks', entry)),
-  'scripts/guardex-env.sh',
-]);
-
-const LOCK_FILE_RELATIVE = '.omx/state/agent-file-locks.json';
-const AGENTS_BOTS_STATE_RELATIVE = '.omx/state/agents-bots.json';
-const AGENTS_MARKER_START = '<!-- multiagent-safety:START -->';
-const AGENTS_MARKER_END = '<!-- multiagent-safety:END -->';
-const GITIGNORE_MARKER_START = '# multiagent-safety:START';
-const GITIGNORE_MARKER_END = '# multiagent-safety:END';
-const CODEX_WORKTREE_RELATIVE_DIR = path.join('.omx', 'agent-worktrees');
-const CLAUDE_WORKTREE_RELATIVE_DIR = path.join('.omc', 'agent-worktrees');
-const SHARED_VSCODE_SETTINGS_RELATIVE = path.posix.join('.vscode', 'settings.json');
-const REPO_SCAN_IGNORED_FOLDERS_SETTING = 'git.repositoryScanIgnoredFolders';
-const AGENT_WORKTREE_RELATIVE_DIRS = [
-  CODEX_WORKTREE_RELATIVE_DIR,
-  CLAUDE_WORKTREE_RELATIVE_DIR,
-];
-const MANAGED_REPO_SCAN_IGNORED_FOLDERS = [
-  '.omx/agent-worktrees',
-  '**/.omx/agent-worktrees',
-  '.omc/agent-worktrees',
-  '**/.omc/agent-worktrees',
-];
-const MANAGED_GITIGNORE_PATHS = [
-  '.omx/',
-  '.omc/',
-  '!.vscode/',
-  '.vscode/*',
-  '!.vscode/settings.json',
-  'scripts/agent-session-state.js',
-  'scripts/guardex-docker-loader.sh',
-  'scripts/guardex-env.sh',
-  'scripts/install-vscode-active-agents-extension.js',
-  '.githooks',
-  'oh-my-codex/',
-  LOCK_FILE_RELATIVE,
-];
-const REPO_SCAFFOLD_DIRECTORIES = ['bin'];
-const OMX_SCAFFOLD_DIRECTORIES = [
-  '.omx',
-  '.omx/state',
-  '.omx/logs',
-  '.omx/plans',
-  CODEX_WORKTREE_RELATIVE_DIR,
-  '.omc',
-  CLAUDE_WORKTREE_RELATIVE_DIR,
-];
-const OMX_SCAFFOLD_FILES = new Map([
-  ['.omx/notepad.md', '\n\n## WORKING MEMORY\n'],
-  ['.omx/project-memory.json', '{}\n'],
-]);
-const TARGETED_FORCEABLE_MANAGED_PATHS = new Set([
-  'AGENTS.md',
-  '.gitignore',
-  ...Array.from(OMX_SCAFFOLD_FILES.keys()),
-  ...REQUIRED_MANAGED_REPO_FILES,
-  ...LEGACY_WORKFLOW_SHIMS,
-]);
-const COMMAND_TYPO_ALIASES = new Map([
-  ['relaese', 'release'],
-  ['realaese', 'release'],
-  ['relase', 'release'],
-  ['setpu', 'setup'],
-  ['inti', 'init'],
-  ['intsall', 'install'],
-  ['docter', 'doctor'],
-  ['doctro', 'doctor'],
-  ['cleunup', 'cleanup'],
-  ['scna', 'scan'],
-]);
-const SUGGESTIBLE_COMMANDS = [
-  'status',
-  'setup',
-  'doctor',
-  'branch',
-  'locks',
-  'worktree',
-  'hook',
-  'migrate',
-  'install-agent-skills',
-  'agents',
-  'merge',
-  'finish',
-  'report',
-  'protect',
-  'sync',
-  'cleanup',
-  'prompt',
-  'help',
-  'version',
-  // deprecated aliases still routable with a warning
-  'init',
-  'install',
-  'fix',
-  'scan',
-  'review',
-  'copy-prompt',
-  'copy-commands',
-  'print-agents-snippet',
-  'release',
-];
-const CLI_COMMAND_DESCRIPTIONS = [
-  ['status', 'Show GitGuardex CLI + service health without modifying files'],
-  ['setup', 'Install, repair, and verify guardrails (flags: --repair, --install-only, --target)'],
-  ['doctor', 'Repair drift + verify (auto-sandboxes on protected main)'],
-  ['branch', 'CLI-owned branch workflow surface (start/finish/merge)'],
-  ['locks', 'CLI-owned file lock surface (claim/allow-delete/release/status/validate)'],
-  ['worktree', 'CLI-owned worktree cleanup surface (prune)'],
-  ['hook', 'Hook dispatch/install surface used by managed shims'],
-  ['migrate', 'Convert legacy repo-local installs to the zero-copy CLI-owned surface'],
-  ['install-agent-skills', 'Install Guardex Codex/Claude skills into the user home'],
-  ['protect', 'Manage protected branches (list/add/remove/set/reset)'],
-  ['merge', 'Create/reuse an integration lane and merge overlapping agent branches'],
-  ['sync', 'Sync agent branches with origin/<base>'],
-  ['finish', 'Commit + PR + merge completed agent branches (--all, --branch)'],
-  ['cleanup', 'Prune merged/stale agent branches and worktrees'],
-  ['release', 'Create or update the current GitHub release with README-generated notes'],
-  ['agents', 'Start/stop repo-scoped review + cleanup bots'],
-  ['prompt', 'Print AI setup checklist (--exec, --snippet)'],
-  ['report', 'Security/safety reports (e.g. OpenSSF scorecard)'],
-  ['help', 'Show this help output'],
-  ['version', 'Print GitGuardex version'],
-];
-const DEPRECATED_COMMAND_ALIASES = new Map([
-  ['init', { target: 'setup', hint: 'gx setup' }],
-  ['install', { target: 'setup', hint: 'gx setup --install-only' }],
-  ['fix', { target: 'setup', hint: 'gx setup --repair' }],
-  ['scan', { target: 'status', hint: 'gx status --strict' }],
-  ['copy-prompt', { target: 'prompt', hint: 'gx prompt' }],
-  ['copy-commands', { target: 'prompt', hint: 'gx prompt --exec' }],
-  ['print-agents-snippet', { target: 'prompt', hint: 'gx prompt --snippet' }],
-  ['review', { target: 'agents', hint: 'gx agents start (runs review + cleanup)' }],
-]);
-const AGENT_BOT_DESCRIPTIONS = [
-  ['agents', 'Start/stop review + cleanup bots for this repo'],
-];
-const DOCTOR_AUTO_FINISH_DETAIL_LIMIT = 6;
-const DOCTOR_AUTO_FINISH_BRANCH_LABEL_MAX = 72;
-const DOCTOR_AUTO_FINISH_MESSAGE_MAX = 160;
-
 function getSandboxApi() {
   if (!sandboxApi) {
     sandboxApi = sandboxModule.createSandboxApi({
@@ -439,114 +207,6 @@ function getFinishApi() {
   return finishApi;
 }
 
-function envFlagIsTruthy(raw) {
-  const lowered = String(raw || '').trim().toLowerCase();
-  return lowered === '1' || lowered === 'true' || lowered === 'yes' || lowered === 'on';
-}
-
-function isClaudeCodeSession(env = process.env) {
-  return envFlagIsTruthy(env.CLAUDECODE) || Boolean(env.CLAUDE_CODE_SESSION_ID);
-}
-
-function defaultAgentWorktreeRelativeDir(env = process.env) {
-  return isClaudeCodeSession(env) ? CLAUDE_WORKTREE_RELATIVE_DIR : CODEX_WORKTREE_RELATIVE_DIR;
-}
-
-const AI_SETUP_PROMPT = `GitGuardex (gx) setup checklist for Codex/Claude in this repo.
-
-1) Install:    ${GLOBAL_INSTALL_COMMAND} && gh --version
-2) Bootstrap:  gx setup
-3) Repair:     gx doctor
-4) Task loop:  gx branch start "<task>" "<agent>"
-               then gx locks claim --branch "<agent-branch>" <file...> -> gx branch finish
-5) Integrate:  gx merge --branch <agent-a> --branch <agent-b>
-6) Finish:     gx finish --all
-7) Cleanup:    gx cleanup
-8) OpenSpec:   /opsx:propose -> /opsx:apply -> /opsx:archive
-9) Optional:   gx protect add release staging
-10) Optional:  gx sync --check && gx sync
-11) Review bot: install https://github.com/apps/cr-gpt + set OPENAI_API_KEY
-12) Fork sync:  install https://github.com/apps/pull + cp .github/pull.yml.example .github/pull.yml
-`;
-
-const AI_SETUP_COMMANDS = `${GLOBAL_INSTALL_COMMAND}
-gh --version
-gx setup
-gx doctor
-gx branch start "<task>" "<agent>"
-gx locks claim --branch "<agent-branch>" <file...>
-gx merge --branch "<agent-a>" --branch "<agent-b>"
-gx finish --all
-gx cleanup
-gx protect add release staging
-gx sync --check && gx sync
-`;
-
-const SCORECARD_RISK_BY_CHECK = {
-  'Dangerous-Workflow': 'Critical',
-  'Code-Review': 'High',
-  Maintained: 'High',
-  'Binary-Artifacts': 'High',
-  'Dependency-Update-Tool': 'High',
-  'Token-Permissions': 'High',
-  Vulnerabilities: 'High',
-  'Branch-Protection': 'High',
-  Fuzzing: 'Medium',
-  'Pinned-Dependencies': 'Medium',
-  SAST: 'Medium',
-  'Security-Policy': 'Medium',
-  'CII-Best-Practices': 'Low',
-  Contributors: 'Low',
-  License: 'Low',
-};
-
-function runtimeVersion() {
-  return `${packageJson.name}/${packageJson.version} ${process.platform}-${process.arch} node-${process.version}`;
-}
-
-function supportsAnsiColors() {
-  const forced = String(process.env.FORCE_COLOR || '').trim().toLowerCase();
-  if (['0', 'false', 'no', 'off'].includes(forced)) {
-    return false;
-  }
-  if (forced.length > 0) {
-    return true;
-  }
-  if (process.env.NO_COLOR) {
-    return false;
-  }
-  return Boolean(process.stdout.isTTY) && process.env.TERM !== 'dumb';
-}
-
-function colorize(text, colorCode) {
-  if (!supportsAnsiColors()) {
-    return text;
-  }
-  return `\u001B[${colorCode}m${text}\u001B[0m`;
-}
-
-function doctorOutputColorCode(status) {
-  const normalized = String(status || '').trim().toLowerCase();
-  if (['active', 'done', 'ok', 'safe', 'success'].includes(normalized)) {
-    return '32';
-  }
-  if (normalized === 'disabled') {
-    return '36';
-  }
-  if (['degraded', 'pending', 'skip', 'warn', 'warning'].includes(normalized)) {
-    return '33';
-  }
-  if (['error', 'fail', 'inactive', 'unsafe'].includes(normalized)) {
-    return '31';
-  }
-  return null;
-}
-
-function colorizeDoctorOutput(text, status) {
-  const colorCode = doctorOutputColorCode(status);
-  return colorCode ? colorize(text, colorCode) : text;
-}
-
 /**
  * @typedef {Object} AutoFinishSummary
  * @property {boolean} [enabled]
@@ -601,658 +261,6 @@ function colorizeDoctorOutput(text, status) {
  * @property {AutoFinishSummary} autoFinish
  * @property {string | null} sandboxLockContent
  */
-
-/**
- * @param {string | null | undefined} detail
- * @returns {string | null}
- */
-function detectAutoFinishDetailStatus(detail) {
-  const trimmed = String(detail || '').trim();
-  const match = trimmed.match(/^\[(\w+)\]/);
-  if (match) {
-    return match[1].toLowerCase();
-  }
-  if (/^Skipped\b/i.test(trimmed) || /^No local agent branches found\b/i.test(trimmed)) {
-    return 'skip';
-  }
-  return null;
-}
-
-/**
- * @param {AutoFinishSummary | null | undefined} summary
- * @returns {string | null}
- */
-function detectAutoFinishSummaryStatus(summary) {
-  if (!summary || summary.enabled === false) {
-    return detectAutoFinishDetailStatus(summary?.details?.[0]);
-  }
-  if ((summary.failed || 0) > 0) {
-    return 'fail';
-  }
-  if ((summary.completed || 0) > 0) {
-    return 'done';
-  }
-  if ((summary.skipped || 0) > 0) {
-    return 'skip';
-  }
-  return null;
-}
-
-function statusDot(status) {
-  if (status === 'active') {
-    return colorize('●', '32'); // green
-  }
-  if (status === 'inactive') {
-    return colorize('●', '31'); // red
-  }
-  if (status === 'disabled') {
-    return colorize('●', '36'); // cyan
-  }
-  return colorize('●', '33'); // yellow for degraded/unknown
-}
-
-function commandCatalogLines(indent = '  ') {
-  const maxCommandLength = CLI_COMMAND_DESCRIPTIONS.reduce(
-    (max, [command]) => Math.max(max, command.length),
-    0,
-  );
-  return CLI_COMMAND_DESCRIPTIONS.map(
-    ([command, description]) => `${indent}${command.padEnd(maxCommandLength + 2)}${description}`,
-  );
-}
-
-function agentBotCatalogLines(indent = '  ') {
-  const maxCommandLength = AGENT_BOT_DESCRIPTIONS.reduce(
-    (max, [command]) => Math.max(max, command.length),
-    0,
-  );
-  return AGENT_BOT_DESCRIPTIONS.map(
-    ([command, description]) => `${indent}${command.padEnd(maxCommandLength + 2)}${description}`,
-  );
-}
-
-function repoToggleLines(indent = '  ') {
-  return [
-    `${indent}Set repo-root .env: ${GUARDEX_REPO_TOGGLE_ENV}=0 disables Guardex, ${GUARDEX_REPO_TOGGLE_ENV}=1 enables it again`,
-  ];
-}
-
-function printToolLogsSummary() {
-  const usageLine = `    $ ${SHORT_TOOL_NAME} <command> [options]`;
-  const commandDetails = commandCatalogLines('    ');
-  const agentBotDetails = agentBotCatalogLines('    ');
-  const repoToggleDetails = repoToggleLines('    ');
-
-  if (!supportsAnsiColors()) {
-    console.log(`${TOOL_NAME}-tools logs:`);
-    console.log('  USAGE');
-    console.log(usageLine);
-    console.log('  COMMANDS');
-    for (const line of commandDetails) {
-      console.log(line);
-    }
-    console.log('  AGENT BOT');
-    for (const line of agentBotDetails) {
-      console.log(line);
-    }
-    console.log('  REPO TOGGLE');
-    for (const line of repoToggleDetails) {
-      console.log(line);
-    }
-    return;
-  }
-
-  const title = colorize(`${TOOL_NAME}-tools logs`, '1;36');
-  const usageHeader = colorize('USAGE', '1');
-  const commandsHeader = colorize('COMMANDS', '1');
-  const agentBotHeader = colorize('AGENT BOT', '1');
-  const repoToggleHeader = colorize('REPO TOGGLE', '1');
-  const pipe = colorize('│', '90');
-  const tee = colorize('├', '90');
-  const corner = colorize('└', '90');
-
-  console.log(`${title}:`);
-  console.log(`  ${tee}─ ${usageHeader}`);
-  console.log(`  ${pipe}${usageLine}`);
-  console.log(`  ${tee}─ ${commandsHeader}`);
-  for (const line of commandDetails) {
-    if (!line) {
-      console.log(`  ${pipe}`);
-      continue;
-    }
-    console.log(`  ${pipe}${line.slice(2)}`);
-  }
-  console.log(`  ${tee}─ ${agentBotHeader}`);
-  for (const line of agentBotDetails) {
-    if (!line) {
-      console.log(`  ${pipe}`);
-      continue;
-    }
-    console.log(`  ${pipe}${line.slice(2)}`);
-  }
-  console.log(`  ${tee}─ ${repoToggleHeader}`);
-  for (const line of repoToggleDetails) {
-    if (!line) {
-      console.log(`  ${pipe}`);
-      continue;
-    }
-    console.log(`  ${pipe}${line.slice(2)}`);
-  }
-  console.log(`  ${corner}─ ${colorize(`Try '${TOOL_NAME} doctor' for one-step repair + verification.`, '2')}`);
-}
-
-function usage(options = {}) {
-  const { outsideGitRepo = false } = options;
-
-  console.log(`A command-line tool that sets up hardened multi-agent safety for git repositories.
-
-VERSION
-  ${runtimeVersion()}
-
-USAGE
-  $ ${SHORT_TOOL_NAME} <command> [options]
-
-COMMANDS
-${commandCatalogLines().join('\n')}
-
-AGENT BOT
-${agentBotCatalogLines().join('\n')}
-
-REPO TOGGLE
-${repoToggleLines().join('\n')}
-
-NOTES
-  - No command = ${SHORT_TOOL_NAME} status. ${SHORT_TOOL_NAME} init is an alias of ${SHORT_TOOL_NAME} setup.
-  - Global installs need Y/N approval; GitHub CLI (gh) is required for PR automation.
-  - Target another repo: ${SHORT_TOOL_NAME} <cmd> --target <repo-path>.
-  - On protected main, setup/install/fix/doctor auto-sandbox via agent branch + PR flow.
-  - Run '${SHORT_TOOL_NAME} cleanup' to prune merged agent branches/worktrees.
-  - Legacy aliases: ${LEGACY_NAMES.join(', ')}.`);
-
-  if (outsideGitRepo) {
-    console.log(`
-[${TOOL_NAME}] No git repository detected in current directory.
-[${TOOL_NAME}] Start from a repo root, or pass an explicit target:
-  ${TOOL_NAME} setup --target <path-to-git-repo>
-  ${TOOL_NAME} doctor --target <path-to-git-repo>`);
-  }
-}
-
-function run(cmd, args, options = {}) {
-  return cp.spawnSync(cmd, args, {
-    encoding: 'utf8',
-    stdio: options.stdio || 'pipe',
-    cwd: options.cwd,
-    env: options.env ? { ...process.env, ...options.env } : process.env,
-    timeout: options.timeout,
-  });
-}
-
-function extractTargetedArgs(rawArgs, defaultTarget = process.cwd()) {
-  const passthrough = [];
-  let target = defaultTarget;
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--target' || arg === '-t') {
-      target = requireValue(rawArgs, index, '--target');
-      index += 1;
-      continue;
-    }
-    passthrough.push(arg);
-  }
-
-  return { target, passthrough };
-}
-
-function packageAssetEnv(extraEnv = {}) {
-  return {
-    GUARDEX_CLI_ENTRY: __filename,
-    GUARDEX_NODE_BIN: process.execPath,
-    ...extraEnv,
-  };
-}
-
-function packageAssetPath(assetKey) {
-  const assetPath = PACKAGE_SCRIPT_ASSETS[assetKey];
-  if (!assetPath) {
-    throw new Error(`Unknown package asset: ${assetKey}`);
-  }
-  if (!fs.existsSync(assetPath)) {
-    throw new Error(`Missing package asset: ${assetPath}`);
-  }
-  return assetPath;
-}
-
-function runPackageAsset(assetKey, rawArgs, options = {}) {
-  const assetPath = packageAssetPath(assetKey);
-  let cmd = 'bash';
-  if (assetPath.endsWith('.py')) {
-    cmd = 'python3';
-  } else if (assetPath.endsWith('.js')) {
-    cmd = process.execPath;
-  }
-  return run(cmd, [assetPath, ...rawArgs], {
-    cwd: options.cwd || process.cwd(),
-    stdio: options.stdio || 'pipe',
-    timeout: options.timeout,
-    env: packageAssetEnv(options.env),
-  });
-}
-
-function repoLocalLegacyScriptPath(repoRoot, relativePath) {
-  const assetPath = path.join(repoRoot, relativePath);
-  return fs.existsSync(assetPath) ? assetPath : null;
-}
-
-function runReviewBotCommand(repoRoot, rawArgs, options = {}) {
-  const legacyScript = repoLocalLegacyScriptPath(repoRoot, 'scripts/review-bot-watch.sh');
-  if (legacyScript) {
-    return run('bash', [legacyScript, ...rawArgs], {
-      cwd: repoRoot,
-      stdio: options.stdio || 'pipe',
-      timeout: options.timeout,
-      env: packageAssetEnv(options.env),
-    });
-  }
-  return runPackageAsset('reviewBot', rawArgs, {
-    ...options,
-    cwd: repoRoot,
-  });
-}
-
-function invokePackageAsset(assetKey, rawArgs, options = {}) {
-  const result = runPackageAsset(assetKey, rawArgs, options);
-  if (result.stdout) process.stdout.write(result.stdout);
-  if (result.stderr) process.stderr.write(result.stderr);
-  if (result.status !== 0) {
-    throw new Error(`${assetKey} command failed with status ${result.status}`);
-  }
-  process.exitCode = 0;
-  return result;
-}
-
-function formatElapsedDuration(ms) {
-  const durationMs = Number.isFinite(ms) ? Math.max(0, ms) : 0;
-  if (durationMs < 1000) {
-    return `${Math.round(durationMs)}ms`;
-  }
-  if (durationMs < 10_000) {
-    return `${(durationMs / 1000).toFixed(1)}s`;
-  }
-  return `${Math.round(durationMs / 1000)}s`;
-}
-
-function truncateMiddle(value, maxLength) {
-  const text = String(value || '');
-  const limit = Number.isFinite(maxLength) ? Math.max(4, maxLength) : 0;
-  if (!limit || text.length <= limit) {
-    return text;
-  }
-
-  const visible = limit - 1;
-  const headLength = Math.ceil(visible / 2);
-  const tailLength = Math.floor(visible / 2);
-  return `${text.slice(0, headLength)}…${text.slice(text.length - tailLength)}`;
-}
-
-function truncateTail(value, maxLength) {
-  const text = String(value || '');
-  const limit = Number.isFinite(maxLength) ? Math.max(4, maxLength) : 0;
-  if (!limit || text.length <= limit) {
-    return text;
-  }
-  return `${text.slice(0, limit - 1)}…`;
-}
-
-function compactAutoFinishPathSegments(message) {
-  return String(message || '').replace(/\((\/[^)]+)\)/g, (_, rawPath) => {
-    if (
-      rawPath.includes(`${path.sep}.omx${path.sep}agent-worktrees${path.sep}`) ||
-      rawPath.includes(`${path.sep}.omc${path.sep}agent-worktrees${path.sep}`)
-    ) {
-      return `(${path.basename(rawPath)})`;
-    }
-    return `(${truncateMiddle(rawPath, 72)})`;
-  });
-}
-
-function detectRecoverableAutoFinishConflict(message) {
-  const text = String(message || '').trim();
-  if (!text) {
-    return null;
-  }
-
-  if (/rebase --continue/i.test(text) && /rebase --abort/i.test(text)) {
-    return {
-      rawLabel: 'auto-finish requires manual rebase.',
-      summary: 'manual rebase required in the source-probe worktree; run rebase --continue or rebase --abort',
-    };
-  }
-
-  if (/Rebase\/merge '.+' into '.+' and resolve conflicts before finishing\./i.test(text)) {
-    return {
-      rawLabel: 'auto-finish requires manual rebase or merge.',
-      summary: 'manual rebase or merge required before auto-finish can continue',
-    };
-  }
-
-  if (/Merge conflict detected while merging/i.test(text)) {
-    return {
-      rawLabel: 'auto-finish requires manual merge resolution.',
-      summary: 'manual merge resolution required before auto-finish can continue',
-    };
-  }
-
-  return null;
-}
-
-function summarizeAutoFinishDetail(detail) {
-  const trimmed = String(detail || '').trim();
-  const match = trimmed.match(/^\[(\w+)\]\s+([^:]+):\s*(.*)$/);
-  if (!match) {
-    return truncateTail(compactAutoFinishPathSegments(trimmed), DOCTOR_AUTO_FINISH_MESSAGE_MAX);
-  }
-
-  const [, status, rawBranch, rawMessage] = match;
-  const branch = truncateMiddle(rawBranch, DOCTOR_AUTO_FINISH_BRANCH_LABEL_MAX);
-  let message = String(rawMessage || '').trim();
-  const recoverableConflict = status === 'skip' ? detectRecoverableAutoFinishConflict(message) : null;
-
-  if (recoverableConflict) {
-    message = recoverableConflict.summary;
-  } else if (status === 'fail') {
-    message = message.replace(/^auto-finish failed\.?\s*/i, '');
-    if (/\[agent-sync-guard\]/.test(message) && /Resolve conflicts/i.test(message)) {
-      message = 'rebase conflict in finish flow; run rebase --continue or rebase --abort in the source-probe worktree';
-    } else if (/unable to compute ahead\/behind/i.test(message)) {
-      const aheadBehindMatch = message.match(/unable to compute ahead\/behind(?: \([^)]+\))?/i);
-      if (aheadBehindMatch) {
-        message = aheadBehindMatch[0];
-      }
-    } else if (/remote ref does not exist/i.test(message)) {
-      message = 'branch merged, but the remote ref was already removed during cleanup';
-    }
-  }
-
-  message = compactAutoFinishPathSegments(message)
-    .replace(/\s+\|\s+/g, '; ')
-    .trim();
-
-  return `[${status}] ${branch}: ${truncateTail(message, DOCTOR_AUTO_FINISH_MESSAGE_MAX)}`;
-}
-
-/**
- * @param {AutoFinishSummary | null | undefined} summary
- * @param {{ baseBranch?: string, verbose?: boolean, detailLimit?: number }} [options]
- */
-function printAutoFinishSummary(summary, options = {}) {
-  const enabled = Boolean(summary && summary.enabled);
-  const details = Array.isArray(summary && summary.details) ? summary.details : [];
-  const baseBranch = String(options.baseBranch || summary?.baseBranch || '').trim();
-  const verbose = Boolean(options.verbose);
-  const detailLimit = Number.isFinite(options.detailLimit)
-    ? Math.max(0, options.detailLimit)
-    : DOCTOR_AUTO_FINISH_DETAIL_LIMIT;
-
-  if (enabled) {
-    console.log(
-      colorizeDoctorOutput(
-        `[${TOOL_NAME}] Auto-finish sweep (base=${baseBranch}): attempted=${summary.attempted}, completed=${summary.completed}, skipped=${summary.skipped}, failed=${summary.failed}`,
-        detectAutoFinishSummaryStatus(summary),
-      ),
-    );
-    const visibleDetails = verbose ? details : details.slice(0, detailLimit).map(summarizeAutoFinishDetail);
-    for (const detail of visibleDetails) {
-      console.log(colorizeDoctorOutput(`[${TOOL_NAME}]   ${detail}`, detectAutoFinishDetailStatus(detail)));
-    }
-    if (!verbose && details.length > detailLimit) {
-      console.log(
-        colorizeDoctorOutput(
-          `[${TOOL_NAME}]   … ${details.length - detailLimit} more branch result(s). Re-run with --verbose-auto-finish for full details.`,
-          'warn',
-        ),
-      );
-    }
-    return;
-  }
-
-  if (details.length > 0) {
-    const detail = verbose ? details[0] : summarizeAutoFinishDetail(details[0]);
-    console.log(colorizeDoctorOutput(`[${TOOL_NAME}] ${detail}`, detectAutoFinishDetailStatus(detail)));
-  }
-}
-
-function gitRun(repoRoot, args, { allowFailure = false } = {}) {
-  const result = run('git', ['-C', repoRoot, ...args]);
-  if (!allowFailure && result.status !== 0) {
-    throw new Error(`git ${args.join(' ')} failed: ${(result.stderr || '').trim()}`);
-  }
-  return result;
-}
-
-function resolveRepoRoot(targetPath) {
-  const resolvedTarget = path.resolve(targetPath || process.cwd());
-  const result = run('git', ['-C', resolvedTarget, 'rev-parse', '--show-toplevel']);
-  if (result.status !== 0) {
-    const stderr = (result.stderr || '').trim();
-    throw new Error(
-      `Target is not inside a git repository: ${resolvedTarget}${stderr ? `\n${stderr}` : ''}`,
-    );
-  }
-  return result.stdout.trim();
-}
-
-function isGitRepo(targetPath) {
-  const resolvedTarget = path.resolve(targetPath || process.cwd());
-  const result = run('git', ['-C', resolvedTarget, 'rev-parse', '--show-toplevel']);
-  return result.status === 0;
-}
-
-const NESTED_REPO_DEFAULT_MAX_DEPTH = 6;
-const NESTED_REPO_DEFAULT_SKIP_DIRS = new Set([
-  'node_modules',
-  '.git',
-  'dist',
-  'build',
-  '.next',
-  '.cache',
-  'target',
-  'vendor',
-  '.venv',
-  '.pnpm-store',
-]);
-function discoverNestedGitRepos(rootPath, opts = {}) {
-  const maxDepth = Number.isFinite(opts.maxDepth) ? Math.max(1, opts.maxDepth) : NESTED_REPO_DEFAULT_MAX_DEPTH;
-  const extraSkip = new Set(Array.isArray(opts.extraSkip) ? opts.extraSkip : []);
-  const includeSubmodules = Boolean(opts.includeSubmodules);
-  const resolvedRoot = path.resolve(rootPath);
-
-  const rootCommonDir = (() => {
-    const result = run('git', ['-C', resolvedRoot, 'rev-parse', '--git-common-dir'], { cwd: resolvedRoot });
-    if (result.status !== 0) return null;
-    const raw = result.stdout.trim();
-    if (!raw) return null;
-    return path.resolve(resolvedRoot, raw);
-  })();
-
-  const worktreeSkipAbsolutes = AGENT_WORKTREE_RELATIVE_DIRS.map((relativeDir) => path.join(resolvedRoot, relativeDir));
-  const found = new Set();
-  found.add(resolvedRoot);
-
-  function shouldSkipDir(dirName) {
-    return NESTED_REPO_DEFAULT_SKIP_DIRS.has(dirName) || extraSkip.has(dirName);
-  }
-
-  function walk(currentPath, depth) {
-    if (depth > maxDepth) return;
-    let entries;
-    try {
-      entries = fs.readdirSync(currentPath, { withFileTypes: true });
-    } catch {
-      return;
-    }
-
-    for (const entry of entries) {
-      const entryPath = path.join(currentPath, entry.name);
-
-      if (entry.name === '.git') {
-        if (entry.isDirectory()) {
-          if (entryPath === path.join(resolvedRoot, '.git')) continue;
-          found.add(path.dirname(entryPath));
-        } else if (includeSubmodules && entry.isFile()) {
-          found.add(path.dirname(entryPath));
-        }
-        continue;
-      }
-
-      if (!entry.isDirectory() || entry.isSymbolicLink()) continue;
-      if (shouldSkipDir(entry.name)) continue;
-      if (worktreeSkipAbsolutes.includes(entryPath)) continue;
-      walk(entryPath, depth + 1);
-    }
-  }
-
-  walk(resolvedRoot, 0);
-
-  const filtered = Array.from(found).filter((repoPath) => {
-    if (repoPath === resolvedRoot) return true;
-    if (!rootCommonDir) return true;
-    const childResult = run('git', ['-C', repoPath, 'rev-parse', '--git-common-dir'], { cwd: repoPath });
-    if (childResult.status !== 0) return true;
-    const childCommonDirRaw = childResult.stdout.trim();
-    if (!childCommonDirRaw) return true;
-    const childCommonDir = path.resolve(repoPath, childCommonDirRaw);
-    return childCommonDir !== rootCommonDir;
-  });
-
-  const [root, ...rest] = filtered;
-  rest.sort((a, b) => a.localeCompare(b));
-  return [root, ...rest];
-}
-
-function toDestinationPath(relativeTemplatePath) {
-  if (relativeTemplatePath.startsWith('scripts/')) {
-    return relativeTemplatePath;
-  }
-  if (relativeTemplatePath.startsWith('githooks/')) {
-    return `.${relativeTemplatePath}`;
-  }
-  if (relativeTemplatePath.startsWith('codex/')) {
-    return `.${relativeTemplatePath}`;
-  }
-  if (relativeTemplatePath.startsWith('claude/')) {
-    return `.${relativeTemplatePath}`;
-  }
-  if (relativeTemplatePath.startsWith('github/')) {
-    return `.${relativeTemplatePath}`;
-  }
-  if (relativeTemplatePath.startsWith('vscode/')) {
-    return relativeTemplatePath;
-  }
-  throw new Error(`Unsupported template path: ${relativeTemplatePath}`);
-}
-
-function ensureParentDir(repoRoot, filePath, dryRun) {
-  if (dryRun) return;
-
-  const parentDir = path.dirname(filePath);
-  const relativeParentDir = path.relative(repoRoot, parentDir);
-  const segments = relativeParentDir.split(path.sep).filter(Boolean);
-  let currentPath = repoRoot;
-
-  for (const segment of segments) {
-    currentPath = path.join(currentPath, segment);
-    if (fs.existsSync(currentPath) && !fs.statSync(currentPath).isDirectory()) {
-      const blockingPath = path.relative(repoRoot, currentPath) || path.basename(currentPath);
-      const targetPath = path.relative(repoRoot, filePath) || path.basename(filePath);
-      throw new Error(
-        `Path conflict: ${blockingPath} exists as a file, but ${targetPath} needs it to be a directory. ` +
-        `Remove or rename ${blockingPath} and rerun '${SHORT_TOOL_NAME} setup'.`,
-      );
-    }
-  }
-
-  fs.mkdirSync(parentDir, { recursive: true });
-}
-
-function ensureExecutable(destinationPath, relativePath, dryRun) {
-  if (dryRun) return;
-  if (EXECUTABLE_RELATIVE_PATHS.has(relativePath)) {
-    fs.chmodSync(destinationPath, 0o755);
-  }
-}
-
-function isCriticalGuardrailPath(relativePath) {
-  return CRITICAL_GUARDRAIL_PATHS.has(relativePath);
-}
-
-function shellSingleQuote(value) {
-  return `'${String(value).replace(/'/g, `'\"'\"'`)}'`;
-}
-
-function renderShellDispatchShim(commandParts) {
-  const rendered = commandParts.map((part) => shellSingleQuote(part)).join(' ');
-  return (
-    '#!/usr/bin/env bash\n' +
-    'set -euo pipefail\n' +
-    '\n' +
-    'if [[ -n "${GUARDEX_CLI_ENTRY:-}" ]]; then\n' +
-    '  node_bin="${GUARDEX_NODE_BIN:-node}"\n' +
-    `  exec "$node_bin" "$GUARDEX_CLI_ENTRY" ${rendered} "$@"\n` +
-    'fi\n' +
-    '\n' +
-    'resolve_guardex_cli() {\n' +
-    '  if [[ -n "${GUARDEX_CLI_BIN:-}" ]]; then\n' +
-    '    printf \'%s\' "$GUARDEX_CLI_BIN"\n' +
-    '    return 0\n' +
-    '  fi\n' +
-    '  if command -v gx >/dev/null 2>&1; then\n' +
-    '    printf \'%s\' "gx"\n' +
-    '    return 0\n' +
-    '  fi\n' +
-    '  if command -v gitguardex >/dev/null 2>&1; then\n' +
-    '    printf \'%s\' "gitguardex"\n' +
-    '    return 0\n' +
-    '  fi\n' +
-    '  echo "[gitguardex-shim] Missing gx CLI in PATH." >&2\n' +
-    '  exit 1\n' +
-    '}\n' +
-    '\n' +
-    'cli_bin="$(resolve_guardex_cli)"\n' +
-    `exec "$cli_bin" ${rendered} "$@"\n`
-  );
-}
-
-function renderPythonDispatchShim(commandParts) {
-  return (
-    '#!/usr/bin/env python3\n' +
-    'import os\n' +
-    'import shutil\n' +
-    'import subprocess\n' +
-    'import sys\n' +
-    '\n' +
-    `COMMAND = ${JSON.stringify(commandParts)}\n` +
-    '\n' +
-    'entry = os.environ.get("GUARDEX_CLI_ENTRY")\n' +
-    'if entry:\n' +
-    '    node_bin = os.environ.get("GUARDEX_NODE_BIN") or shutil.which("node") or "node"\n' +
-    '    raise SystemExit(subprocess.call([node_bin, entry, *COMMAND, *sys.argv[1:]]))\n' +
-    'cli = os.environ.get("GUARDEX_CLI_BIN") or shutil.which("gx") or shutil.which("gitguardex")\n' +
-    'if not cli:\n' +
-    '    sys.stderr.write("[gitguardex-shim] Missing gx CLI in PATH.\\n")\n' +
-    '    raise SystemExit(1)\n' +
-    'raise SystemExit(subprocess.call([cli, *COMMAND, *sys.argv[1:]]))\n'
-  );
-}
-
-function managedForceConflictMessage(relativePath) {
-  return (
-    `Refusing to overwrite existing file without --force: ${relativePath}\n` +
-    `Use '--force ${relativePath}' to rewrite only this managed file, or '--force' to rewrite all managed files.`
-  );
-}
-
 function renderManagedFile(repoRoot, relativePath, content, options = {}) {
   const destinationPath = path.join(repoRoot, relativePath);
   const destinationExists = fs.existsSync(destinationPath);
@@ -1854,252 +862,29 @@ function configureHooks(repoRoot, dryRun) {
     throw new Error(`Failed to set git hooksPath: ${(result.stderr || '').trim()}`);
   }
 
-  return { status: 'set', key: 'core.hooksPath', value: '.githooks' };
-}
-
-function requireValue(rawArgs, index, flagName) {
-  const value = rawArgs[index + 1];
-  if (!value || value.startsWith('-')) {
-    throw new Error(`${flagName} requires a value`);
-  }
-  return value;
-}
-
-function normalizeManagedForcePath(rawPath) {
-  if (typeof rawPath !== 'string') {
-    return null;
-  }
-  const normalized = path.posix.normalize(rawPath.replace(/\\/g, '/'));
-  if (!normalized || normalized === '.' || normalized.startsWith('../') || path.posix.isAbsolute(normalized)) {
-    return null;
-  }
-  return normalized.startsWith('./') ? normalized.slice(2) : normalized;
-}
-
-function collectForceManagedPaths(rawArgs, startIndex) {
-  const forceManagedPaths = [];
-  let nextIndex = startIndex;
-
-  while (nextIndex + 1 < rawArgs.length) {
-    const candidate = rawArgs[nextIndex + 1];
-    if (!candidate || candidate.startsWith('-')) {
-      break;
-    }
-    const normalized = normalizeManagedForcePath(candidate);
-    if (!normalized || !TARGETED_FORCEABLE_MANAGED_PATHS.has(normalized)) {
-      throw new Error(`Unknown managed path after --force: ${candidate}`);
-    }
-    forceManagedPaths.push(normalized);
-    nextIndex += 1;
-  }
-
-  return { forceManagedPaths, nextIndex };
-}
-
-function appendForceArgs(args, options) {
-  if (!options.force) {
-    return;
-  }
-  args.push('--force');
-  for (const managedPath of options.forceManagedPaths || []) {
-    args.push(managedPath);
-  }
-}
-
-function shouldForceManagedPath(options, relativePath) {
-  if (!options.force) {
-    return false;
-  }
-  const targetedPaths = Array.isArray(options.forceManagedPaths) ? options.forceManagedPaths : [];
-  if (targetedPaths.length === 0) {
-    return true;
-  }
-  const normalized = normalizeManagedForcePath(relativePath);
-  return normalized !== null && targetedPaths.includes(normalized);
-}
-
-function parseCommonArgs(rawArgs, defaults) {
-  const options = { ...defaults };
-  const supportsForce = Object.prototype.hasOwnProperty.call(options, 'force');
-  if (supportsForce && !Array.isArray(options.forceManagedPaths)) {
-    options.forceManagedPaths = [];
-  }
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--target' || arg === '-t') {
-      options.target = requireValue(rawArgs, index, '--target');
-      index += 1;
-      continue;
-    }
-    if (arg === '--dry-run') {
-      options.dryRun = true;
-      continue;
-    }
-    if (arg === '--skip-agents') {
-      options.skipAgents = true;
-      continue;
-    }
-    if (arg === '--skip-package-json') {
-      options.skipPackageJson = true;
-      continue;
-    }
-    if (arg === '--force') {
-      if (!supportsForce) {
-        throw new Error(`Unknown option: ${arg}`);
-      }
-      options.force = true;
-      const parsed = collectForceManagedPaths(rawArgs, index);
-      if (parsed.forceManagedPaths.length > 0) {
-        options.forceManagedPaths = Array.from(
-          new Set([...(options.forceManagedPaths || []), ...parsed.forceManagedPaths]),
-        );
-      }
-      index = parsed.nextIndex;
-      continue;
-    }
-    if (arg === '--keep-stale-locks') {
-      options.dropStaleLocks = false;
-      continue;
-    }
-    if (arg === '--json') {
-      options.json = true;
-      continue;
-    }
-    if (arg === '--yes-global-install') {
-      options.yesGlobalInstall = true;
-      continue;
-    }
-    if (arg === '--no-global-install') {
-      options.noGlobalInstall = true;
-      continue;
-    }
-    if (arg === '--no-gitignore') {
-      options.skipGitignore = true;
-      continue;
-    }
-    if (arg === '--allow-protected-base-write') {
-      options.allowProtectedBaseWrite = true;
-      continue;
-    }
-    if (Object.prototype.hasOwnProperty.call(options, 'waitForMerge') && arg === '--wait-for-merge') {
-      options.waitForMerge = true;
-      continue;
-    }
-    if (Object.prototype.hasOwnProperty.call(options, 'waitForMerge') && arg === '--no-wait-for-merge') {
-      options.waitForMerge = false;
-      continue;
-    }
-
-    throw new Error(`Unknown option: ${arg}`);
-  }
-
-  if (!options.target) {
-    throw new Error('--target requires a path value');
-  }
-
-  return options;
-}
-
-function parseRepoTraversalArgs(rawArgs, defaults) {
-  const traversalDefaults = {
-    ...defaults,
-    recursive: true,
-    nestedMaxDepth: NESTED_REPO_DEFAULT_MAX_DEPTH,
-    nestedSkipDirs: [],
-    includeSubmodules: false,
-  };
-  const forwardedArgs = [];
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--no-recursive' || arg === '--no-nested' || arg === '--single-repo') {
-      traversalDefaults.recursive = false;
-      continue;
-    }
-    if (arg === '--recursive' || arg === '--nested') {
-      traversalDefaults.recursive = true;
-      continue;
-    }
-    if (arg === '--max-depth') {
-      const raw = requireValue(rawArgs, index, '--max-depth');
-      const parsed = Number.parseInt(raw, 10);
-      if (!Number.isFinite(parsed) || parsed < 1) {
-        throw new Error('--max-depth requires a positive integer');
-      }
-      traversalDefaults.nestedMaxDepth = parsed;
-      index += 1;
-      continue;
-    }
-    if (arg === '--skip-nested') {
-      const raw = requireValue(rawArgs, index, '--skip-nested');
-      traversalDefaults.nestedSkipDirs.push(raw);
-      index += 1;
-      continue;
-    }
-    if (arg === '--include-submodules') {
-      traversalDefaults.includeSubmodules = true;
-      continue;
-    }
-    forwardedArgs.push(arg);
-  }
-
-  return parseCommonArgs(forwardedArgs, traversalDefaults);
-}
-
-function parseSetupArgs(rawArgs, defaults) {
-  const setupDefaults = {
-    ...defaults,
-    parentWorkspaceView: false,
-  };
-  const forwardedArgs = [];
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--parent-workspace-view') {
-      setupDefaults.parentWorkspaceView = true;
-      continue;
-    }
-    if (arg === '--no-parent-workspace-view') {
-      setupDefaults.parentWorkspaceView = false;
-      continue;
-    }
-    forwardedArgs.push(arg);
-  }
-
-  return parseRepoTraversalArgs(forwardedArgs, setupDefaults);
+  return { status: 'set', key: 'core.hooksPath', value: '.githooks' };
 }
 
-function parseDoctorArgs(rawArgs) {
-  const doctorDefaults = {
-    target: process.cwd(),
-    force: false,
-    dropStaleLocks: true,
-    skipAgents: false,
-    skipPackageJson: false,
-    skipGitignore: false,
-    dryRun: false,
-    json: false,
-    allowProtectedBaseWrite: false,
-    waitForMerge: true,
-    verboseAutoFinish: false,
-  };
-  const forwardedArgs = [];
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--verbose-auto-finish') {
-      doctorDefaults.verboseAutoFinish = true;
-      continue;
-    }
-    if (arg === '--compact-auto-finish') {
-      doctorDefaults.verboseAutoFinish = false;
-      continue;
-    }
-    forwardedArgs.push(arg);
+function appendForceArgs(args, options) {
+  if (!options.force) {
+    return;
+  }
+  args.push('--force');
+  for (const managedPath of options.forceManagedPaths || []) {
+    args.push(managedPath);
   }
+}
 
-  return parseRepoTraversalArgs(forwardedArgs, doctorDefaults);
+function shouldForceManagedPath(options, relativePath) {
+  if (!options.force) {
+    return false;
+  }
+  const targetedPaths = Array.isArray(options.forceManagedPaths) ? options.forceManagedPaths : [];
+  if (targetedPaths.length === 0) {
+    return true;
+  }
+  const normalized = normalizeManagedForcePath(relativePath);
+  return normalized !== null && targetedPaths.includes(normalized);
 }
 
 function normalizeWorkspacePath(relativePath) {
@@ -2931,10 +1716,6 @@ function mergeDoctorSandboxRepairsBackToProtectedBase(options, blocked, metadata
   };
 }
 
-function syncDoctorLocalSupportFiles(repoRoot, dryRun) {
-  return [];
-}
-
 /**
  * @param {string} [note]
  * @returns {OperationResult}
@@ -3131,8 +1912,6 @@ function executeDoctorSandboxLifecycle(options, blocked, metadata) {
     execution.finish,
   );
 
-  syncDoctorLocalSupportFiles(blocked.repoRoot, dryRun);
-
   execution.omxScaffoldSync = summarizeDoctorOmxScaffoldSync(blocked.repoRoot, dryRun);
   execution.lockSync = syncDoctorLockRegistryAfterMerge(
     blocked.repoRoot,
@@ -3249,7 +2028,6 @@ function emitDoctorSandboxConsoleOutput(options, blocked, metadata, startResult,
     if (execution.finish.stdout) process.stdout.write(execution.finish.stdout);
     if (execution.finish.stderr) process.stderr.write(execution.finish.stderr);
   } else if (execution.finish.status === 'failed') {
-    console.log(`[${TOOL_NAME}] Auto-finish flow failed for sandbox branch '${metadata.branch}'.`);
     console.log(`[${TOOL_NAME}] Auto-finish flow failed for sandbox branch '${metadata.branch}'.`);
     if (execution.finish.stdout) process.stdout.write(execution.finish.stdout);
     if (execution.finish.stderr) process.stderr.write(execution.finish.stderr);
@@ -3399,171 +2177,6 @@ function runSetupInSandbox(options, blocked, repoLabel = '') {
   };
 }
 
-function parseTargetFlag(rawArgs, defaultTarget = process.cwd()) {
-  const remaining = [];
-  let target = defaultTarget;
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--target') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--target requires a path value');
-      }
-      target = next;
-      index += 1;
-      continue;
-    }
-    remaining.push(arg);
-  }
-
-  return { target, args: remaining };
-}
-
-function parseReviewArgs(rawArgs) {
-  const parsed = parseTargetFlag(rawArgs, process.cwd());
-  const passthroughArgs = [...parsed.args];
-  if (passthroughArgs[0] === 'start') {
-    passthroughArgs.shift();
-  }
-  return {
-    target: parsed.target,
-    passthroughArgs,
-  };
-}
-
-function parseAgentsArgs(rawArgs) {
-  const parsed = parseTargetFlag(rawArgs, process.cwd());
-  const [subcommandRaw = '', ...rest] = parsed.args;
-  const subcommand = subcommandRaw || 'status';
-  const options = {
-    target: parsed.target,
-    subcommand,
-    reviewIntervalSeconds: 30,
-    cleanupIntervalSeconds: 60,
-    idleMinutes: DEFAULT_SHADOW_CLEANUP_IDLE_MINUTES,
-  };
-
-  for (let index = 0; index < rest.length; index += 1) {
-    const arg = rest[index];
-    if (arg === '--review-interval') {
-      const next = rest[index + 1];
-      if (!next) {
-        throw new Error('--review-interval requires an integer seconds value');
-      }
-      const parsedValue = Number.parseInt(next, 10);
-      if (!Number.isInteger(parsedValue) || parsedValue < 5) {
-        throw new Error('--review-interval must be an integer >= 5 seconds');
-      }
-      options.reviewIntervalSeconds = parsedValue;
-      index += 1;
-      continue;
-    }
-    if (arg === '--cleanup-interval') {
-      const next = rest[index + 1];
-      if (!next) {
-        throw new Error('--cleanup-interval requires an integer seconds value');
-      }
-      const parsedValue = Number.parseInt(next, 10);
-      if (!Number.isInteger(parsedValue) || parsedValue < 5) {
-        throw new Error('--cleanup-interval must be an integer >= 5 seconds');
-      }
-      options.cleanupIntervalSeconds = parsedValue;
-      index += 1;
-      continue;
-    }
-    if (arg === '--idle-minutes') {
-      const next = rest[index + 1];
-      if (!next) {
-        throw new Error('--idle-minutes requires an integer minutes value');
-      }
-      const parsedValue = Number.parseInt(next, 10);
-      if (!Number.isInteger(parsedValue) || parsedValue < 1) {
-        throw new Error('--idle-minutes must be an integer >= 1');
-      }
-      options.idleMinutes = parsedValue;
-      index += 1;
-      continue;
-    }
-    throw new Error(`Unknown option: ${arg}`);
-  }
-
-  if (!['start', 'stop', 'status'].includes(options.subcommand)) {
-    throw new Error(`Unknown agents subcommand: ${options.subcommand}`);
-  }
-
-  return options;
-}
-
-function parseReportArgs(rawArgs) {
-  const options = {
-    target: process.cwd(),
-    subcommand: '',
-    repo: '',
-    scorecardJson: '',
-    outputDir: '',
-    date: '',
-    dryRun: false,
-    json: false,
-  };
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--target') {
-      const next = rawArgs[index + 1];
-      if (!next) throw new Error('--target requires a path value');
-      options.target = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--repo') {
-      const next = rawArgs[index + 1];
-      if (!next) throw new Error('--repo requires a value like github.com/owner/repo');
-      options.repo = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--scorecard-json') {
-      const next = rawArgs[index + 1];
-      if (!next) throw new Error('--scorecard-json requires a path value');
-      options.scorecardJson = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--output-dir') {
-      const next = rawArgs[index + 1];
-      if (!next) throw new Error('--output-dir requires a path value');
-      options.outputDir = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--date') {
-      const next = rawArgs[index + 1];
-      if (!next) throw new Error('--date requires a YYYY-MM-DD value');
-      options.date = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--dry-run') {
-      options.dryRun = true;
-      continue;
-    }
-    if (arg === '--json') {
-      options.json = true;
-      continue;
-    }
-    if (arg.startsWith('-')) {
-      throw new Error(`Unknown option: ${arg}`);
-    }
-    if (!options.subcommand) {
-      options.subcommand = arg;
-      continue;
-    }
-    throw new Error(`Unexpected argument: ${arg}`);
-  }
-
-  return options;
-}
 
 function todayDateStamp() {
   return new Date().toISOString().slice(0, 10);
@@ -4167,430 +2780,35 @@ function ensureOriginBaseRef(repoRoot, baseBranch) {
   if (hasRemoteBase.status !== 0) {
     throw new Error(`Remote base branch not found: origin/${baseBranch}`);
   }
-}
-
-function aheadBehind(repoRoot, branchRef, baseRef) {
-  const result = gitRun(repoRoot, ['rev-list', '--left-right', '--count', `${branchRef}...${baseRef}`], {
-    allowFailure: true,
-  });
-  if (result.status !== 0) {
-    throw new Error(`Unable to compute ahead/behind for ${branchRef} vs ${baseRef}`);
-  }
-  const parts = (result.stdout || '').trim().split(/\s+/).filter(Boolean);
-  const ahead = Number.parseInt(parts[0] || '0', 10);
-  const behind = Number.parseInt(parts[1] || '0', 10);
-  return { ahead: Number.isFinite(ahead) ? ahead : 0, behind: Number.isFinite(behind) ? behind : 0 };
-}
-
-function lockRegistryStatus(repoRoot) {
-  const result = gitRun(repoRoot, ['status', '--porcelain', '--', LOCK_FILE_RELATIVE], { allowFailure: true });
-  if (result.status !== 0) {
-    return { dirty: false, untracked: false };
-  }
-  const lines = (result.stdout || '').split('\n').filter((line) => line.length > 0);
-  if (lines.length === 0) {
-    return { dirty: false, untracked: false };
-  }
-  const untracked = lines.some((line) => line.startsWith('??'));
-  return { dirty: true, untracked };
-}
-
-function parseSyncArgs(rawArgs) {
-  const options = {
-    target: process.cwd(),
-    check: false,
-    base: '',
-    strategy: '',
-    ffOnly: false,
-    dryRun: false,
-    json: false,
-    allAgentBranches: false,
-    allowNonAgent: false,
-    allowDirty: false,
-  };
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--target') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--target requires a path value');
-      }
-      options.target = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--base') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--base requires a branch value');
-      }
-      options.base = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--strategy') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--strategy requires a value (rebase|merge)');
-      }
-      options.strategy = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--check') {
-      options.check = true;
-      continue;
-    }
-    if (arg === '--ff-only') {
-      options.ffOnly = true;
-      continue;
-    }
-    if (arg === '--dry-run') {
-      options.dryRun = true;
-      continue;
-    }
-    if (arg === '--json') {
-      options.json = true;
-      continue;
-    }
-    if (arg === '--all-agent-branches') {
-      options.allAgentBranches = true;
-      continue;
-    }
-    if (arg === '--allow-non-agent') {
-      options.allowNonAgent = true;
-      continue;
-    }
-    if (arg === '--allow-dirty') {
-      options.allowDirty = true;
-      continue;
-    }
-    throw new Error(`Unknown option: ${arg}`);
-  }
-
-  return options;
-}
-
-function parseCleanupArgs(rawArgs) {
-  const options = {
-    target: process.cwd(),
-    base: '',
-    branch: '',
-    dryRun: false,
-    forceDirty: false,
-    keepRemote: false,
-    keepCleanWorktrees: false,
-    includePrMerged: false,
-    idleMinutes: 0,
-    watch: false,
-    intervalSeconds: 60,
-    once: false,
-    maxBranches: 0,
-  };
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--target') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--target requires a path value');
-      }
-      options.target = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--base') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--base requires a branch value');
-      }
-      options.base = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--branch') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--branch requires an agent branch value');
-      }
-      options.branch = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--dry-run') {
-      options.dryRun = true;
-      continue;
-    }
-    if (arg === '--force-dirty') {
-      options.forceDirty = true;
-      continue;
-    }
-    if (arg === '--keep-remote') {
-      options.keepRemote = true;
-      continue;
-    }
-    if (arg === '--keep-clean-worktrees') {
-      options.keepCleanWorktrees = true;
-      continue;
-    }
-    if (arg === '--include-pr-merged') {
-      options.includePrMerged = true;
-      continue;
-    }
-    if (arg === '--idle-minutes') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--idle-minutes requires an integer value');
-      }
-      const parsed = Number.parseInt(next, 10);
-      if (!Number.isInteger(parsed) || parsed < 0) {
-        throw new Error('--idle-minutes must be an integer >= 0');
-      }
-      options.idleMinutes = parsed;
-      index += 1;
-      continue;
-    }
-    if (arg === '--watch') {
-      options.watch = true;
-      continue;
-    }
-    if (arg === '--interval') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--interval requires an integer seconds value');
-      }
-      const parsed = Number.parseInt(next, 10);
-      if (!Number.isInteger(parsed) || parsed < 5) {
-        throw new Error('--interval must be an integer >= 5 seconds');
-      }
-      options.intervalSeconds = parsed;
-      index += 1;
-      continue;
-    }
-    if (arg === '--once') {
-      options.once = true;
-      continue;
-    }
-    if (arg === '--max-branches') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--max-branches requires an integer value');
-      }
-      const parsed = Number.parseInt(next, 10);
-      if (!Number.isInteger(parsed) || parsed < 1) {
-        throw new Error('--max-branches must be an integer >= 1');
-      }
-      options.maxBranches = parsed;
-      index += 1;
-      continue;
-    }
-    throw new Error(`Unknown option: ${arg}`);
-  }
-
-  if (options.watch && options.idleMinutes === 0) {
-    options.idleMinutes = DEFAULT_SHADOW_CLEANUP_IDLE_MINUTES;
-  }
-
-  return options;
-}
-
-function parseMergeArgs(rawArgs) {
-  const options = {
-    target: process.cwd(),
-    base: '',
-    into: '',
-    branches: [],
-    task: '',
-    agent: '',
-  };
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--target') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--target requires a path value');
-      }
-      options.target = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--base') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--base requires a branch value');
-      }
-      options.base = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--into') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--into requires an agent/* branch value');
-      }
-      options.into = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--branch') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--branch requires an agent/* branch value');
-      }
-      options.branches.push(next);
-      index += 1;
-      continue;
-    }
-    if (arg === '--task') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--task requires a task value');
-      }
-      options.task = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--agent') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--agent requires an agent value');
-      }
-      options.agent = next;
-      index += 1;
-      continue;
-    }
-    throw new Error(`Unknown option: ${arg}`);
-  }
+}
 
-  if (options.branches.length === 0) {
-    throw new Error('merge requires at least one --branch <agent/*> input');
+function aheadBehind(repoRoot, branchRef, baseRef) {
+  const result = gitRun(repoRoot, ['rev-list', '--left-right', '--count', `${branchRef}...${baseRef}`], {
+    allowFailure: true,
+  });
+  if (result.status !== 0) {
+    throw new Error(`Unable to compute ahead/behind for ${branchRef} vs ${baseRef}`);
   }
-
-  return options;
+  const parts = (result.stdout || '').trim().split(/\s+/).filter(Boolean);
+  const ahead = Number.parseInt(parts[0] || '0', 10);
+  const behind = Number.parseInt(parts[1] || '0', 10);
+  return { ahead: Number.isFinite(ahead) ? ahead : 0, behind: Number.isFinite(behind) ? behind : 0 };
 }
 
-function parseFinishArgs(rawArgs, defaults = {}) {
-  const options = {
-    target: process.cwd(),
-    base: '',
-    branch: '',
-    all: false,
-    dryRun: false,
-    waitForMerge: defaults.waitForMerge ?? true,
-    cleanup: defaults.cleanup ?? true,
-    keepRemote: false,
-    noAutoCommit: false,
-    failFast: false,
-    commitMessage: '',
-    mergeMode: defaults.mergeMode || 'pr',
-  };
-
-  for (let index = 0; index < rawArgs.length; index += 1) {
-    const arg = rawArgs[index];
-    if (arg === '--target') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--target requires a path value');
-      }
-      options.target = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--base') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--base requires a branch value');
-      }
-      options.base = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--branch') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--branch requires an agent/* branch value');
-      }
-      options.branch = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--commit-message') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--commit-message requires a value');
-      }
-      options.commitMessage = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--all') {
-      options.all = true;
-      continue;
-    }
-    if (arg === '--dry-run') {
-      options.dryRun = true;
-      continue;
-    }
-    if (arg === '--wait-for-merge') {
-      options.waitForMerge = true;
-      continue;
-    }
-    if (arg === '--no-wait-for-merge') {
-      options.waitForMerge = false;
-      continue;
-    }
-    if (arg === '--via-pr') {
-      options.mergeMode = 'pr';
-      continue;
-    }
-    if (arg === '--direct-only') {
-      options.mergeMode = 'direct';
-      continue;
-    }
-    if (arg === '--mode') {
-      const next = rawArgs[index + 1];
-      if (!next) {
-        throw new Error('--mode requires a value');
-      }
-      if (!['auto', 'direct', 'pr'].includes(next)) {
-        throw new Error(`Invalid --mode value: ${next} (expected auto|direct|pr)`);
-      }
-      options.mergeMode = next;
-      index += 1;
-      continue;
-    }
-    if (arg === '--cleanup') {
-      options.cleanup = true;
-      continue;
-    }
-    if (arg === '--no-cleanup') {
-      options.cleanup = false;
-      continue;
-    }
-    if (arg === '--keep-remote') {
-      options.keepRemote = true;
-      continue;
-    }
-    if (arg === '--no-auto-commit') {
-      options.noAutoCommit = true;
-      continue;
-    }
-    if (arg === '--fail-fast') {
-      options.failFast = true;
-      continue;
-    }
-    throw new Error(`Unknown option: ${arg}`);
+function lockRegistryStatus(repoRoot) {
+  const result = gitRun(repoRoot, ['status', '--porcelain', '--', LOCK_FILE_RELATIVE], { allowFailure: true });
+  if (result.status !== 0) {
+    return { dirty: false, untracked: false };
   }
-
-  if (options.branch && !options.branch.startsWith('agent/')) {
-    throw new Error(`--branch must reference an agent/* branch (received: ${options.branch})`);
+  const lines = (result.stdout || '').split('\n').filter((line) => line.length > 0);
+  if (lines.length === 0) {
+    return { dirty: false, untracked: false };
   }
-
-  return options;
+  const untracked = lines.some((line) => line.startsWith('??'));
+  return { dirty: true, untracked };
 }
 
+
 function listAgentWorktrees(repoRoot) {
   const result = gitRun(repoRoot, ['worktree', 'list', '--porcelain'], { allowFailure: true });
   if (result.status !== 0) {
@@ -4927,31 +3145,6 @@ function readSingleLineFromStdin() {
   }
 }
 
-function promptYesNo(question, defaultYes = true) {
-  const hint = defaultYes ? '[Y/n]' : '[y/N]';
-  while (true) {
-    process.stdout.write(`${question} ${hint} `);
-    const answer = readSingleLineFromStdin().trim().toLowerCase();
-
-    if (!answer) {
-      return defaultYes;
-    }
-    if (answer === 'y' || answer === 'yes') {
-      return true;
-    }
-    if (answer === 'n' || answer === 'no') {
-      return false;
-    }
-    process.stdout.write('Please answer with y or n.\n');
-  }
-}
-
-function envFlagEnabled(name) {
-  const raw = process.env[name];
-  if (raw == null) return false;
-  return ['1', 'true', 'yes', 'on'].includes(String(raw).trim().toLowerCase());
-}
-
 function parseAutoApproval(name) {
   const raw = process.env[name];
   if (raw == null) return null;
@@ -5079,11 +3272,11 @@ function parseNpmVersionOutput(stdout) {
 }
 
 function checkForGuardexUpdate() {
-  if (envFlagEnabled('GUARDEX_SKIP_UPDATE_CHECK')) {
+  if (envFlagIsTruthy(process.env.GUARDEX_SKIP_UPDATE_CHECK)) {
     return { checked: false, reason: 'disabled' };
   }
 
-  const forceCheck = envFlagEnabled('GUARDEX_FORCE_UPDATE_CHECK');
+  const forceCheck = envFlagIsTruthy(process.env.GUARDEX_FORCE_UPDATE_CHECK);
   if (!forceCheck && !isInteractiveTerminal()) {
     return { checked: false, reason: 'non-interactive' };
   }
@@ -5203,11 +3396,11 @@ function restartIntoUpdatedGuardex(expectedVersion) {
 }
 
 function checkForOpenSpecPackageUpdate() {
-  if (envFlagEnabled('GUARDEX_SKIP_OPENSPEC_UPDATE_CHECK')) {
+  if (envFlagIsTruthy(process.env.GUARDEX_SKIP_OPENSPEC_UPDATE_CHECK)) {
     return { checked: false, reason: 'disabled' };
   }
 
-  const forceCheck = envFlagEnabled('GUARDEX_FORCE_OPENSPEC_UPDATE_CHECK');
+  const forceCheck = envFlagIsTruthy(process.env.GUARDEX_FORCE_OPENSPEC_UPDATE_CHECK);
   if (!forceCheck && !isInteractiveTerminal()) {
     return { checked: false, reason: 'non-interactive' };
   }
@@ -5432,10 +3625,6 @@ function installGlobalToolchain(options) {
   return getToolchainApi().installGlobalToolchain(options);
 }
 
-function gitRefExists(repoRoot, refName) {
-  return gitRun(repoRoot, ['show-ref', '--verify', '--quiet', refName], { allowFailure: true }).status === 0;
-}
-
 function findStaleLockPaths(repoRoot, locks) {
   const stale = [];
 
@@ -5716,21 +3905,6 @@ function runScanInternal(options) {
   };
 }
 
-function printOperations(title, payload, dryRun = false) {
-  console.log(`[${TOOL_NAME}] ${title}: ${payload.repoRoot}`);
-  for (const operation of payload.operations) {
-    const note = operation.note ? ` (${operation.note})` : '';
-    console.log(`  - ${operation.status.padEnd(12)} ${operation.file}${note}`);
-  }
-  console.log(
-    `  - hooksPath    ${payload.hookResult.status} ${payload.hookResult.key}=${payload.hookResult.value}`,
-  );
-
-  if (dryRun) {
-    console.log(`[${TOOL_NAME}] Dry run complete. No files were modified.`);
-  }
-}
-
 function printScanResult(scan, json = false) {
   if (json) {
     process.stdout.write(
@@ -6046,17 +4220,18 @@ function doctor(rawArgs) {
   const topRepoRoot = resolveRepoRoot(options.target);
   const discoveredRepos = options.recursive
     ? discoverNestedGitRepos(topRepoRoot, {
-      maxDepth: options.nestedMaxDepth,
-      extraSkip: options.nestedSkipDirs,
-      includeSubmodules: options.includeSubmodules,
-    })
+        maxDepth: options.nestedMaxDepth,
+        extraSkip: options.nestedSkipDirs,
+        includeSubmodules: options.includeSubmodules,
+        skipRelativeDirs: AGENT_WORKTREE_RELATIVE_DIRS,
+      })
     : [topRepoRoot];
 
   if (discoveredRepos.length > 1) {
     if (!options.json) {
       console.log(
         `[${TOOL_NAME}] Detected ${discoveredRepos.length} git repos under ${topRepoRoot}. ` +
-        `Repairing each with doctor (use --single-repo to limit to the target).`,
+        `Repairing each with doctor (use --single-repo or --current to limit to the target).`,
       );
     }
 
@@ -6680,12 +4855,13 @@ function setup(rawArgs) {
         maxDepth: options.nestedMaxDepth,
         extraSkip: options.nestedSkipDirs,
         includeSubmodules: options.includeSubmodules,
+        skipRelativeDirs: AGENT_WORKTREE_RELATIVE_DIRS,
       })
     : [topRepoRoot];
 
   if (discoveredRepos.length > 1) {
     console.log(
-      `[${TOOL_NAME}] Detected ${discoveredRepos.length} git repos under ${topRepoRoot}. Installing into each (use --no-recursive to limit to the top-level).`,
+      `[${TOOL_NAME}] Detected ${discoveredRepos.length} git repos under ${topRepoRoot}. Installing into each (use --no-recursive or --current to limit to the top-level).`,
     );
     for (const repoPath of discoveredRepos) {
       const marker = repoPath === topRepoRoot ? ' (top-level)' : '';
@@ -6733,16 +4909,9 @@ function setup(rawArgs) {
       dryRun: perRepoOptions.dryRun,
     });
     printScanResult(scanResult, false);
-    if (autoFinishSummary.enabled) {
-      console.log(
-        `[${TOOL_NAME}] Auto-finish sweep (base=${currentBaseBranch}): attempted=${autoFinishSummary.attempted}, completed=${autoFinishSummary.completed}, skipped=${autoFinishSummary.skipped}, failed=${autoFinishSummary.failed}`,
-      );
-      for (const detail of autoFinishSummary.details) {
-        console.log(`[${TOOL_NAME}]   ${detail}`);
-      }
-    } else if (autoFinishSummary.details.length > 0) {
-      console.log(`[${TOOL_NAME}] ${autoFinishSummary.details[0]}`);
-    }
+    printAutoFinishSummary(autoFinishSummary, {
+      baseBranch: currentBaseBranch,
+    });
     printSetupRepoHints(scanResult.repoRoot, currentBaseBranch, repoLabel);
 
     aggregateErrors += scanResult.errors;
@@ -7039,247 +5208,6 @@ function release(rawArgs) {
   process.exitCode = 0;
 }
 
-function installMany(rawArgs) {
-  const options = parseInstallManyArgs(rawArgs);
-  const targets = collectInstallManyTargets(options);
-
-  if (!targets.length) {
-    throw new Error('install-many did not find any targets to process.');
-  }
-
-  if (options.usedImplicitWorkspaceDefault) {
-    console.log(
-      `[multiagent-safety] No explicit targets provided. Defaulting to workspace scan: ${path.resolve(
-        options.workspace,
-      )} (max depth ${options.maxDepth})`,
-    );
-  }
-
-  console.log(
-    `[multiagent-safety] install-many starting for ${targets.length} target path(s)${
-      options.dryRun ? ' [dry-run]' : ''
-    }`,
-  );
-
-  let installed = 0;
-  let duplicateRepos = 0;
-  const seenRepoRoots = new Set();
-  const failures = [];
-
-  for (const targetPath of targets) {
-    let repoRoot;
-    try {
-      repoRoot = resolveRepoRoot(targetPath);
-    } catch (error) {
-      failures.push({ target: targetPath, message: error.message });
-      if (options.failFast) {
-        break;
-      }
-      continue;
-    }
-
-    if (seenRepoRoots.has(repoRoot)) {
-      duplicateRepos += 1;
-      console.log(`[multiagent-safety] Skipping duplicate repo target: ${targetPath} -> ${repoRoot}`);
-      continue;
-    }
-
-    seenRepoRoots.add(repoRoot);
-
-    try {
-      const report = installIntoRepoRoot(repoRoot, options);
-      printInstallReport(report);
-      installed += 1;
-    } catch (error) {
-      failures.push({ target: repoRoot, message: error.message });
-      if (options.failFast) {
-        break;
-      }
-    }
-  }
-
-  console.log(
-    `[multiagent-safety] install-many summary: installed=${installed}, failures=${failures.length}, duplicate-targets=${duplicateRepos}`,
-  );
-
-  if (failures.length > 0) {
-    console.error('[multiagent-safety] Failed targets:');
-    for (const failure of failures) {
-      console.error(`  - ${failure.target}`);
-      console.error(`    ${failure.message}`);
-    }
-    throw new Error(`install-many completed with ${failures.length} failure(s)`);
-  }
-
-  if (options.dryRun) {
-    console.log('[multiagent-safety] Dry run complete. No files were modified.');
-  } else {
-    console.log('[multiagent-safety] Installed multi-agent safety workflow across all targets.');
-  }
-}
-
-function initWorkspace(rawArgs) {
-  const options = parseInitWorkspaceArgs(rawArgs);
-  const resolvedWorkspace = path.resolve(options.workspace);
-  const repos = discoverGitRepos(resolvedWorkspace, options.maxDepth)
-    .map((repoPath) => path.resolve(repoPath))
-    .sort();
-
-  const outputPath = options.output
-    ? path.resolve(options.output)
-    : path.join(resolvedWorkspace, DEFAULT_WORKSPACE_TARGETS_FILE);
-
-  if (fs.existsSync(outputPath) && !options.force) {
-    throw new Error(`Refusing to overwrite existing file without --force: ${outputPath}`);
-  }
-
-  const headerLines = [
-    '# multiagent-safety workspace targets',
-    `# generated: ${new Date().toISOString()}`,
-    `# workspace: ${resolvedWorkspace}`,
-    `# max-depth: ${options.maxDepth}`,
-    '#',
-    '# Run:',
-    `# multiagent-safety install-many --targets-file "${outputPath}"`,
-    '',
-  ];
-  const content = `${headerLines.join('\n')}${repos.join('\n')}${repos.length ? '\n' : ''}`;
-
-  fs.mkdirSync(path.dirname(outputPath), { recursive: true });
-  fs.writeFileSync(outputPath, content, 'utf8');
-
-  console.log(`[multiagent-safety] Workspace target file written: ${outputPath}`);
-  console.log(`[multiagent-safety] Repos discovered: ${repos.length}`);
-  if (repos.length === 0) {
-    console.log('[multiagent-safety] No git repos found. You can add target paths manually to the file.');
-  } else {
-    console.log(`[multiagent-safety] Next step: multiagent-safety install-many --targets-file "${outputPath}"`);
-  }
-}
-
-function doctorAudit(rawArgs) {
-  const options = parseDoctorArgs(rawArgs);
-  const repoRoot = resolveRepoRoot(options.target);
-  const guardexToggle = resolveGuardexRepoToggle(repoRoot);
-  const failures = [];
-  const warnings = [];
-
-  function ok(message) {
-    console.log(`  [ok]   ${message}`);
-  }
-  function warn(message) {
-    warnings.push(message);
-    console.log(`  [warn] ${message}`);
-  }
-  function fail(message) {
-    failures.push(message);
-    console.log(`  [fail] ${message}`);
-  }
-
-  console.log(`[multiagent-safety] doctor target: ${repoRoot}`);
-  if (!guardexToggle.enabled) {
-    console.log(
-      `[multiagent-safety] Guardex is disabled for this repo (${describeGuardexRepoToggle(guardexToggle)}).`,
-    );
-    console.log('[multiagent-safety] doctor passed.');
-    return;
-  }
-
-  const hooksPath = run('git', ['-C', repoRoot, 'config', '--get', 'core.hooksPath']);
-  if (hooksPath.status !== 0) {
-    fail('git core.hooksPath is not configured');
-  } else if (hooksPath.stdout.trim() !== '.githooks') {
-    fail(`git core.hooksPath is "${hooksPath.stdout.trim()}" (expected ".githooks")`);
-  } else {
-    ok('git core.hooksPath is .githooks');
-  }
-
-  for (const relativePath of REQUIRED_MANAGED_REPO_FILES) {
-    const absolutePath = path.join(repoRoot, relativePath);
-    if (!fs.existsSync(absolutePath)) {
-      fail(`missing ${relativePath}`);
-      continue;
-    }
-    ok(`found ${relativePath}`);
-
-    if (EXECUTABLE_RELATIVE_PATHS.has(relativePath)) {
-      try {
-        fs.accessSync(absolutePath, fs.constants.X_OK);
-      } catch {
-        fail(`${relativePath} exists but is not executable`);
-      }
-    }
-  }
-
-  const lockFilePath = path.join(repoRoot, '.omx/state/agent-file-locks.json');
-  if (fs.existsSync(lockFilePath)) {
-    try {
-      const parsed = JSON.parse(fs.readFileSync(lockFilePath, 'utf8'));
-      if (!parsed || typeof parsed !== 'object' || typeof parsed.locks !== 'object') {
-        fail('.omx/state/agent-file-locks.json does not contain a valid { locks: {} } object');
-      } else {
-        ok('lock registry JSON is valid');
-      }
-    } catch (error) {
-      fail(`lock registry JSON is invalid: ${error.message}`);
-    }
-  }
-
-  const packagePath = path.join(repoRoot, 'package.json');
-  if (!fs.existsSync(packagePath)) {
-    warn('package.json not found (legacy agent:* script drift cannot be checked)');
-  } else {
-    try {
-      const pkg = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
-      const scripts = pkg.scripts || {};
-      const legacyAgentScripts = Object.entries(LEGACY_MANAGED_PACKAGE_SCRIPTS)
-        .filter(([name, expectedValue]) => scripts[name] === expectedValue)
-        .map(([name]) => name);
-      if (legacyAgentScripts.length > 0) {
-        warn(`legacy agent:* package.json scripts remain (${legacyAgentScripts.join(', ')}); run '${SHORT_TOOL_NAME} migrate' to remove them`);
-      } else {
-        ok('package.json does not contain Guardex-managed agent:* helper scripts');
-      }
-    } catch (error) {
-      fail(`package.json is invalid JSON: ${error.message}`);
-    }
-  }
-
-  const agentsPath = path.join(repoRoot, 'AGENTS.md');
-  if (!fs.existsSync(agentsPath)) {
-    warn('AGENTS.md not found (multi-agent contract snippet not present)');
-  } else {
-    const agentsContent = fs.readFileSync(agentsPath, 'utf8');
-    if (!agentsContent.includes(AGENTS_MARKER_START)) {
-      warn('AGENTS.md exists but multiagent-safety snippet marker is missing');
-    } else {
-      ok('AGENTS.md contains multiagent-safety snippet marker');
-    }
-  }
-
-  if (warnings.length) {
-    console.log(`[multiagent-safety] warnings: ${warnings.length}`);
-  }
-  if (failures.length) {
-    console.log(`[multiagent-safety] failures: ${failures.length}`);
-  }
-
-  if (failures.length === 0 && (!options.strict || warnings.length === 0)) {
-    console.log('[multiagent-safety] doctor passed.');
-    if (warnings.length > 0) {
-      console.log('[multiagent-safety] tip: run with --strict to treat warnings as failures.');
-    }
-    return;
-  }
-
-  if (options.strict && warnings.length > 0 && failures.length === 0) {
-    console.log('[multiagent-safety] strict mode failed due to warnings.');
-  } else {
-    console.log('[multiagent-safety] doctor failed.');
-  }
-  throw new Error('doctor detected configuration issues');
-}
-
 function printAgentsSnippet() {
   const snippetPath = path.join(TEMPLATE_ROOT, 'AGENTS.multiagent-safety.md');
   process.stdout.write(fs.readFileSync(snippetPath, 'utf8'));
@@ -7320,17 +5248,6 @@ function prompt(rawArgs) {
   return copyPrompt();
 }
 
-function printStandaloneOperations(title, rootLabel, operations, dryRun = false) {
-  console.log(`[${TOOL_NAME}] ${title}: ${rootLabel}`);
-  for (const operation of operations) {
-    const note = operation.note ? ` (${operation.note})` : '';
-    console.log(`  - ${operation.status.padEnd(12)} ${operation.file}${note}`);
-  }
-  if (dryRun) {
-    console.log(`[${TOOL_NAME}] Dry run complete. No files were modified.`);
-  }
-}
-
 function branch(rawArgs) {
   const [subcommand, ...rest] = rawArgs;
   if (subcommand === 'start') {
@@ -7552,78 +5469,6 @@ function protect(rawArgs) {
   throw new Error(`Unknown protect subcommand: ${subcommand}`);
 }
 
-function levenshteinDistance(a, b) {
-  const rows = a.length + 1;
-  const cols = b.length + 1;
-  const matrix = Array.from({ length: rows }, () => Array(cols).fill(0));
-
-  for (let i = 0; i < rows; i += 1) matrix[i][0] = i;
-  for (let j = 0; j < cols; j += 1) matrix[0][j] = j;
-
-  for (let i = 1; i < rows; i += 1) {
-    for (let j = 1; j < cols; j += 1) {
-      const cost = a[i - 1] === b[j - 1] ? 0 : 1;
-      matrix[i][j] = Math.min(
-        matrix[i - 1][j] + 1, // deletion
-        matrix[i][j - 1] + 1, // insertion
-        matrix[i - 1][j - 1] + cost, // substitution
-      );
-    }
-  }
-  return matrix[a.length][b.length];
-}
-
-function maybeSuggestCommand(command) {
-  let best = null;
-  let bestDistance = Number.POSITIVE_INFINITY;
-
-  for (const candidate of SUGGESTIBLE_COMMANDS) {
-    const dist = levenshteinDistance(command, candidate);
-    if (dist < bestDistance) {
-      bestDistance = dist;
-      best = candidate;
-    }
-  }
-
-  if (best && bestDistance <= 2) {
-    return best;
-  }
-
-  return null;
-}
-
-function normalizeCommandOrThrow(command) {
-  if (COMMAND_TYPO_ALIASES.has(command)) {
-    const mapped = COMMAND_TYPO_ALIASES.get(command);
-    console.log(`[${TOOL_NAME}] Interpreting '${command}' as '${mapped}'.`);
-    return mapped;
-  }
-  return command;
-}
-
-function warnDeprecatedAlias(aliasName) {
-  const entry = DEPRECATED_COMMAND_ALIASES.get(aliasName);
-  if (!entry) return;
-  console.error(
-    `[${TOOL_NAME}] '${aliasName}' is deprecated and will be removed in a future major release. ` +
-    `Use: ${entry.hint}`,
-  );
-}
-
-function extractFlag(args, ...names) {
-  const flagSet = new Set(names);
-  let found = false;
-  const remaining = [];
-  for (const arg of args) {
-    if (flagSet.has(arg)) {
-      found = true;
-    } else {
-      remaining.push(arg);
-    }
-  }
-  return { found, remaining };
-}
-
 function main() {
   const args = process.argv.slice(2);