@jigyasudham/veto 1.2.2 → 1.2.6

package/dist/council/security.js

@@ -157,6 +157,54 @@ export function analyze(task) {
             recommendation: recommendations[0],
         };
     }
+    // Topic-based security analysis for tasks with no specific pattern matches
+    const TOPIC_INSIGHTS = [
+        {
+            pattern: /plugin|extensi|loader|dynamic.?import|user.?code/i,
+            concern: 'User-supplied code executed in the same process as the MCP server has full access to the filesystem, network, and database. A malicious plugin could exfiltrate memory, delete sessions, or escalate to arbitrary code execution.',
+            recommendation: 'Run plugins in a vm.Script sandbox with a restricted module allowlist. Verify plugin exports schema before loading. Log all plugin loads to the audit trail with file hash.',
+        },
+        {
+            pattern: /llm|model|prompt|injection|user.?input/i,
+            concern: 'Prompt injection: a malicious user can craft a task description that overrides agent instructions, extracts system prompts, or causes the agent to produce harmful output.',
+            recommendation: 'Sanitize task inputs: strip control characters, enforce max length, validate against an allow-list of task types where possible. Never include raw user input verbatim in system prompts.',
+        },
+        {
+            pattern: /github|api|token|oauth|credential|key/i,
+            concern: 'API tokens stored in config files or environment variables can be read by any process with filesystem access. If the token leaks, all PRs and repositories it can access are compromised.',
+            recommendation: 'Never store tokens in plaintext config files. Use OS keychain or a secrets manager. Scope tokens to minimum required permissions (read-only for PR fetching).',
+        },
+        {
+            pattern: /http|transport|remote|server|port|network/i,
+            concern: 'Adding HTTP transport changes Veto from a local-only tool to a network service. Without authentication and TLS, any process on the local network can call all 41 tools including memory deletion and file watching.',
+            recommendation: 'HTTP transport must require authentication from day one — even locally. Use mutual TLS or bearer tokens. Bind to 127.0.0.1 by default, not 0.0.0.0.',
+        },
+        {
+            pattern: /mcp|tool|handler|input.?schema/i,
+            concern: 'MCP tool inputs are deserialized from JSON without schema validation in most handlers — args are accessed as `args?.field` with no type checking. A crafted tool call could pass unexpected types.',
+            recommendation: 'Validate all tool inputs with a schema library (zod) at the top of each handler. Reject calls with unexpected fields or wrong types immediately with a descriptive error.',
+        },
+        {
+            pattern: /audit|log|event|trace/i,
+            concern: 'Audit logs that include user-supplied task content may inadvertently store sensitive information (API keys pasted in task descriptions, PII in code review requests).',
+            recommendation: 'Truncate task content in audit logs to the first 200 characters. Scan audit log entries for secrets before writing. Provide a log rotation/expiry policy.',
+        },
+        {
+            pattern: /phase|feature|agent|improvement/i,
+            concern: 'New tools and agents increase the attack surface. Each new tool is a new entry point that can receive arbitrary user input and execute code.',
+            recommendation: 'For every new tool: define input validation, define maximum input size, consider what the worst-case malicious input looks like, and write a security note in the tool description.',
+        },
+    ];
+    const topicMatched = TOPIC_INSIGHTS.filter(t => t.pattern.test(task));
+    if (topicMatched.length > 0) {
+        const top = topicMatched.slice(0, 2);
+        return {
+            verdict: 'warn',
+            reason: top[0].concern,
+            concerns: top.slice(1).map(t => t.concern),
+            recommendation: top.map(t => t.recommendation).join(' | '),
+        };
+    }
     return { verdict: 'approve', reason: 'No security threats identified in threat model.', concerns: [] };
 }
 //# sourceMappingURL=security.js.map

package/dist/council/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/council/security.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,GAAuE;IACtF;QACE,OAAO,EAAE,qKAAqK;QAC9K,MAAM,EAAE,0FAA0F;QAClG,cAAc,EAAE,4FAA4F;KAC7G;IACD;QACE,OAAO,EAAE,2EAA2E;QACpF,MAAM,EAAE,yFAAyF;QACjG,cAAc,EAAE,2FAA2F;KAC5G;IACD;QACE,OAAO,EAAE,wGAAwG;QACjH,MAAM,EAAE,oGAAoG;QAC5G,cAAc,EAAE,mFAAmF;KACpG;IACD;QACE,OAAO,EAAE,sEAAsE;QAC/E,MAAM,EAAE,wGAAwG;QAChH,cAAc,EAAE,2FAA2F;KAC5G;IACD;QACE,OAAO,EAAE,oEAAoE;QAC7E,MAAM,EAAE,oEAAoE;QAC5E,cAAc,EAAE,gFAAgF;KACjG;IACD;QACE,OAAO,EAAE,oFAAoF;QAC7F,MAAM,EAAE,uGAAuG;QAC/G,cAAc,EAAE,0FAA0F;KAC3G;IACD;QACE,OAAO,EAAE,2EAA2E;QACpF,MAAM,EAAE,iGAAiG;QACzG,cAAc,EAAE,gFAAgF;KACjG;IACD;QACE,OAAO,EAAE,mGAAmG;QAC5G,MAAM,EAAE,qGAAqG;QAC7G,cAAc,EAAE,+EAA+E;KAChG;IACD;QACE,OAAO,EAAE,mDAAmD;QAC5D,MAAM,EAAE,+EAA+E;QACvF,cAAc,EAAE,kFAAkF;KACnG;IACD;QACE,OAAO,EAAE,wDAAwD;QACjE,MAAM,EAAE,yFAAyF;QACjG,cAAc,EAAE,uFAAuF;KACxG;IACD;QACE,OAAO,EAAE,yEAAyE;QAClF,MAAM,EAAE,6FAA6F;QACrG,cAAc,EAAE,sFAAsF;KACvG;IACD;QACE,OAAO,EAAE,kGAAkG;QAC3G,MAAM,EAAE,2FAA2F;QACnG,cAAc,EAAE,8FAA8F;KAC/G;CACF,CAAC;AAEF,MAAM,UAAU,GAAwE;IACtF;QACE,OAAO,EAAE,+CAA+C;QACxD,OAAO,EAAE,2EAA2E;QACpF,cAAc,EAAE,4EAA4E;KAC7F;IACD;QACE,OAAO,EAAE,4EAA4E;QACrF,OAAO,EAAE,4FAA4F;QACrG,cAAc,EAAE,uEAAuE;KACxF;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,OAAO,EAAE,sFAAsF;QAC/F,cAAc,EAAE,gGAAgG;KACjH;IACD;QACE,OAAO,EAAE,kEAAkE;QAC3E,OAAO,EAAE,+EAA+E;QACxF,cAAc,EAAE,gFAAgF;KACjG;IACD;QACE,OAAO,EAAE,yDAAyD;QAClE,OAAO,EAAE,wFAAwF;QACjG,cAAc,EAAE,oGAAoG;KACrH;IACD;QACE,OAAO,EAAE,+CAA+C;QACxD,OAAO,EAAE,0FAA0F;QACnG,cAAc,EAAE,wFAAwF;KACzG;IACD;QACE,OAAO,EAAE,gEAAgE;QACzE,OAAO,EAAE,mFAAmF;QAC5F,cAAc,EAAE,yEAAyE;KAC1F;IACD;QACE,OAAO,EAAE,kEAAkE;QAC3E,OAAO,EAAE,gFAAgF;QACzF,cAAc,EAAE,uFAAuF;KACxG;IACD;QACE,OAAO,EAAE,+EAA+E;QACxF,OAAO,EAAE,4FAA4F;QACrG,cAAc,EAAE,qFAAqF;KACtG;IACD;QACE,OAAO,EAAE,oGAAoG;QAC7G,OAAO,EAAE,mEAAmE;QAC5E,cAAc,EAAE,mEAAmE;KACpF;IACD;QACE,OAAO,EAAE,4CAA4C;QACrD,OAAO,EAAE,gFAAgF;QACzF,cAAc,EAAE,qFAAqF;KACtG;IACD;QACE,OAAO,EAAE,yEAAyE;QAClF,OAAO,EAAE,+EAA+E;QACxF,cAAc,EAAE,qFAAqF;KACtG;CACF,CAAC;AAEF,MAAM,OAAO,GAAG,0EAA0E,CAAC;AAE3F,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,wCAAwC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAChG,CAAC;IAED,MAAM,MAAM,GAAsD,EAAE,CAAC;IACrE,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5B,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM;YACxB,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;YAC5C,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;SAC9D,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,oBAAoB,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,iCAAiC;YAC7G,QAAQ;YACR,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC;SACnC,CAAC;IACJ,CAAC;IAED,2EAA2E;IAC3E,MAAM,cAAc,GAAwE;QAC1F;YACE,OAAO,EAAE,mDAAmD;YAC5D,OAAO,EAAE,mOAAmO;YAC5O,cAAc,EAAE,6KAA6K;SAC9L;QACD;YACE,OAAO,EAAE,yCAAyC;YAClD,OAAO,EAAE,4KAA4K;YACrL,cAAc,EAAE,2LAA2L;SAC5M;QACD;YACE,OAAO,EAAE,wCAAwC;YACjD,OAAO,EAAE,2LAA2L;YACpM,cAAc,EAAE,+JAA+J;SAChL;QACD;YACE,OAAO,EAAE,4CAA4C;YACrD,OAAO,EAAE,qNAAqN;YAC9N,cAAc,EAAE,qJAAqJ;SACtK;QACD;YACE,OAAO,EAAE,iCAAiC;YAC1C,OAAO,EAAE,oMAAoM;YAC7M,cAAc,EAAE,2KAA2K;SAC5L;QACD;YACE,OAAO,EAAE,wBAAwB;YACjC,OAAO,EAAE,uKAAuK;YAChL,cAAc,EAAE,2JAA2J;SAC5K;QACD;YACE,OAAO,EAAE,kCAAkC;YAC3C,OAAO,EAAE,8IAA8I;YACvJ,cAAc,EAAE,qLAAqL;SACtM;KACF,CAAC;IAEF,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACtE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACrC,OAAO;YACL,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO;YACtB,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YAC1C,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;SAC3D,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,iDAAiD,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;AACzG,CAAC"}

package/dist/council/system-architect.d.ts

@@ -0,0 +1,3 @@
+import type { AgentVote } from './types.js';
+export declare function analyze(task: string): AgentVote;
+//# sourceMappingURL=system-architect.d.ts.map

package/dist/council/system-architect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"system-architect.d.ts","sourceRoot":"","sources":["../../src/council/system-architect.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAqI5C,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CAmD/C"}

package/dist/council/system-architect.js

@@ -83,6 +83,48 @@ const WARN_RULES = [
     },
 ];
 const TRIVIAL = /^(rename|fix typo|reorder|reformat|format|update comment|add comment)\b/i;
+const TOPIC_INSIGHTS = [
+    {
+        pattern: /mcp|stdio|transport|protocol|server/i,
+        concern: 'stdio MCP transport processes one message at a time per connection. If any handler blocks the event loop (e.g. sync SQLite writes, CPU-heavy regex), all tool calls queue behind it.',
+        recommendation: 'Keep all MCP handlers async. Move any CPU-intensive work off the main handler with setImmediate or worker threads. Benchmark handler latency under concurrent tool calls.',
+    },
+    {
+        pattern: /sqlite|database|db|persist|schema/i,
+        concern: 'SQLite WAL mode serialises writes but allows concurrent reads. Multiple MCP connections sharing one DB file without connection pooling can cause SQLITE_BUSY errors under load.',
+        recommendation: 'Use a single shared DB connection with WAL mode. For high-write scenarios, batch writes in transactions. Add busy_timeout pragma to handle lock contention gracefully.',
+    },
+    {
+        pattern: /agent|worker|executor|parallel/i,
+        concern: 'A growing agent registry with a single switch-case dispatcher becomes a maintenance liability. Every new agent type requires editing the central switch.',
+        recommendation: 'Consider a registry pattern: agents register themselves at import time. The executor resolves by key, not by switch-case. New agents require no changes to the executor.',
+    },
+    {
+        pattern: /llm|model|ai.?call|external.?api|fetch|http/i,
+        concern: 'LLM calls introduce an external dependency with variable latency (2–30s) and failure modes. The server must handle timeout, rate limit, and model error without crashing the MCP connection.',
+        recommendation: 'Wrap every external call in a circuit breaker. Set explicit timeouts. Cache responses where idempotency allows. Return a structured degraded response on failure, never throw.',
+    },
+    {
+        pattern: /version|package\.json|semver/i,
+        concern: 'Multiple hardcoded version strings across server.ts, cli.ts, and adapter files create a drift problem that gets worse with each release.',
+        recommendation: 'Single source: read version from package.json at startup. Export it from one shared module. All other files import it.',
+    },
+    {
+        pattern: /plugin|extensi|loader|dynamic.?import/i,
+        concern: 'Dynamic plugin loading from user directories creates a security boundary: any code in ~/.veto/agents/ runs with full server privileges. There is currently no sandboxing.',
+        recommendation: 'Validate plugin exports schema before loading. Consider running plugins in a restricted vm.Script context. Log all plugin load events to the audit trail.',
+    },
+    {
+        pattern: /vscode|extension|ide|ui|frontend/i,
+        concern: 'VS Code extension + MCP server creates a distributed architecture: the extension communicates with the server via MCP protocol, not direct function calls. Version compatibility between extension and server must be managed explicitly.',
+        recommendation: 'Define a minimum server version requirement in the extension. On connect, call veto_status and verify server version meets the minimum. Show a clear upgrade prompt if not.',
+    },
+    {
+        pattern: /phase|roadmap|migrat|upgrade/i,
+        concern: 'Schema migrations that run inline in the DB constructor (as currently implemented) are safe for additive changes but risky for destructive ones. There is no migration version tracking.',
+        recommendation: 'Add a schema_version table. Record each migration with a unique ID. Before running a migration, check if it has already been applied. This prevents re-running on restart.',
+    },
+];
 export function analyze(task) {
     if (TRIVIAL.test(task.trim())) {
         return { verdict: 'approve', reason: 'Trivial change — no architectural concerns.', concerns: [] };
@@ -117,6 +159,16 @@ export function analyze(task) {
             recommendation: recommendations[0],
         };
     }
-    return { verdict: 'approve', reason: 'Architecture looks sound. No structural concerns.', concerns: [] };
+    const matched = TOPIC_INSIGHTS.filter(t => t.pattern.test(task));
+    if (matched.length > 0) {
+        const top = matched.slice(0, 2);
+        return {
+            verdict: 'warn',
+            reason: top[0].concern,
+            concerns: top.slice(1).map(t => t.concern),
+            recommendation: top.map(t => t.recommendation).join(' | '),
+        };
+    }
+    return { verdict: 'approve', reason: 'Architecture looks sound. No structural concerns identified.', concerns: [] };
 }
 //# sourceMappingURL=system-architect.js.map

package/dist/council/system-architect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"system-architect.js","sourceRoot":"","sources":["../../src/council/system-architect.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,GAAuE;IACtF;QACE,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,mEAAmE;QAC3E,cAAc,EAAE,oFAAoF;KACrG;IACD;QACE,OAAO,EAAE,eAAe;QACxB,MAAM,EAAE,oEAAoE;QAC5E,cAAc,EAAE,0EAA0E;KAC3F;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,MAAM,EAAE,qDAAqD;QAC7D,cAAc,EAAE,kEAAkE;KACnF;IACD;QACE,OAAO,EAAE,uEAAuE;QAChF,MAAM,EAAE,8DAA8D;QACtE,cAAc,EAAE,6DAA6D;KAC9E;IACD;QACE,OAAO,EAAE,6FAA6F;QACtG,MAAM,EAAE,6EAA6E;QACrF,cAAc,EAAE,8EAA8E;KAC/F;IACD;QACE,OAAO,EAAE,uEAAuE;QAChF,MAAM,EAAE,yEAAyE;QACjF,cAAc,EAAE,oFAAoF;KACrG;CACF,CAAC;AAEF,MAAM,UAAU,GAAwE;IACtF;QACE,OAAO,EAAE,cAAc;QACvB,OAAO,EAAE,2EAA2E;QACpF,cAAc,EAAE,wCAAwC;KACzD;IACD;QACE,OAAO,EAAE,uDAAuD;QAChE,OAAO,EAAE,sEAAsE;QAC/E,cAAc,EAAE,2DAA2D;KAC5E;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,OAAO,EAAE,iEAAiE;QAC1E,cAAc,EAAE,2DAA2D;KAC5E;IACD;QACE,OAAO,EAAE,oDAAoD;QAC7D,OAAO,EAAE,sEAAsE;QAC/E,cAAc,EAAE,wDAAwD;KACzE;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,OAAO,EAAE,kEAAkE;QAC3E,cAAc,EAAE,yDAAyD;KAC1E;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,OAAO,EAAE,6EAA6E;QACtF,cAAc,EAAE,4EAA4E;KAC7F;IACD;QACE,OAAO,EAAE,oEAAoE;QAC7E,OAAO,EAAE,uEAAuE;QAChF,cAAc,EAAE,iEAAiE;KAClF;IACD;QACE,OAAO,EAAE,uCAAuC;QAChD,OAAO,EAAE,6EAA6E;QACtF,cAAc,EAAE,sDAAsD;KACvE;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,OAAO,EAAE,+EAA+E;QACxF,cAAc,EAAE,2DAA2D;KAC5E;IACD;QACE,OAAO,EAAE,sDAAsD;QAC/D,OAAO,EAAE,+EAA+E;QACxF,cAAc,EAAE,4EAA4E;KAC7F;CACF,CAAC;AAEF,MAAM,OAAO,GAAG,0EAA0E,CAAC;AAE3F,MAAM,cAAc,GAAwE;IAC1F;QACE,OAAO,EAAE,sCAAsC;QAC/C,OAAO,EAAE,sLAAsL;QAC/L,cAAc,EAAE,2KAA2K;KAC5L;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,OAAO,EAAE,iLAAiL;QAC1L,cAAc,EAAE,wKAAwK;KACzL;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,OAAO,EAAE,0JAA0J;QACnK,cAAc,EAAE,0KAA0K;KAC3L;IACD;QACE,OAAO,EAAE,8CAA8C;QACvD,OAAO,EAAE,8LAA8L;QACvM,cAAc,EAAE,gLAAgL;KACjM;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,OAAO,EAAE,0IAA0I;QACnJ,cAAc,EAAE,wHAAwH;KACzI;IACD;QACE,OAAO,EAAE,wCAAwC;QACjD,OAAO,EAAE,2KAA2K;QACpL,cAAc,EAAE,2JAA2J;KAC5K;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,OAAO,EAAE,2OAA2O;QACpP,cAAc,EAAE,6KAA6K;KAC9L;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,OAAO,EAAE,0LAA0L;QACnM,cAAc,EAAE,4KAA4K;KAC7L;CACF,CAAC;AAEF,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,6CAA6C,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACrG,CAAC;IAED,MAAM,MAAM,GAAsD,EAAE,CAAC;IACrE,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5B,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM;YACxB,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;YAC5C,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;SAC9D,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,sBAAsB,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,4BAA4B;YAC1G,QAAQ;YACR,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC;SACnC,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChC,OAAO;YACL,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO;YACtB,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YAC1C,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;SAC3D,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,8DAA8D,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;AACtH,CAAC"}

package/dist/council/types.d.ts

@@ -0,0 +1,32 @@
+export type AgentVerdict = 'approve' | 'warn' | 'block';
+export type CouncilVerdict = 'GREEN' | 'YELLOW' | 'RED' | 'DEADLOCK';
+export interface AgentVote {
+    verdict: AgentVerdict;
+    reason: string;
+    concerns: string[];
+    recommendation?: string;
+}
+export interface DebateInput {
+    task: string;
+    context?: string;
+    project_dir?: string;
+}
+export interface DebateResult {
+    task: string;
+    final_verdict: CouncilVerdict;
+    votes: {
+        lead_dev: AgentVote;
+        pm: AgentVote;
+        architect: AgentVote;
+        ux: AgentVote;
+        devil: AgentVote;
+        legal: AgentVote;
+        security: AgentVote;
+    };
+    recommended: string;
+    block_reasons: string[];
+    warnings: string[];
+    debated_at: string;
+    formatted_output: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/council/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/council/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC;AACxD,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,QAAQ,GAAG,KAAK,GAAG,UAAU,CAAC;AAErE,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,YAAY,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,cAAc,CAAC;IAC9B,KAAK,EAAE;QACL,QAAQ,EAAE,SAAS,CAAC;QACpB,EAAE,EAAE,SAAS,CAAC;QACd,SAAS,EAAE,SAAS,CAAC;QACrB,EAAE,EAAE,SAAS,CAAC;QACd,KAAK,EAAE,SAAS,CAAC;QACjB,KAAK,EAAE,SAAS,CAAC;QACjB,QAAQ,EAAE,SAAS,CAAC;KACrB,CAAC;IACF,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;CAC1B"}

package/dist/council/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/council/types.ts"],"names":[],"mappings":""}

package/dist/council/ux-designer.d.ts

@@ -0,0 +1,3 @@
+import type { AgentVote } from './types.js';
+export declare function analyze(task: string): AgentVote;
+//# sourceMappingURL=ux-designer.d.ts.map

package/dist/council/ux-designer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ux-designer.d.ts","sourceRoot":"","sources":["../../src/council/ux-designer.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAqE5C,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CA+F/C"}

package/dist/council/ux-designer.js

@@ -104,6 +104,49 @@ export function analyze(task) {
             recommendation: recommendations[0],
         };
     }
-    return { verdict: 'approve', reason: 'UX looks solid. No user experience concerns.', concerns: [] };
+    // Topic-based UX analysis for tasks with no direct frontend signals
+    const TOPIC_INSIGHTS = [
+        {
+            pattern: /cli|terminal|command.?line|help|flag|arg/i,
+            concern: 'CLI UX is still UX. Commands that give no feedback on success, have inconsistent flag names, or print walls of unformatted text drive users to abandon the tool.',
+            recommendation: 'Every CLI command needs: success/fail output, consistent flag naming (kebab-case), and color-coded status (green/red/yellow). Test with a first-time user.',
+        },
+        {
+            pattern: /error|message|feedback|output|response/i,
+            concern: 'Technical error messages like "TypeError: Cannot read property of undefined" tell the developer nothing actionable. Users want to know what to do, not what went wrong internally.',
+            recommendation: 'Every user-facing error must include: what failed, why it failed (if knowable), and what the user should do next. Never expose stack traces.',
+        },
+        {
+            pattern: /install|setup|init|onboard|first.?run/i,
+            concern: 'Onboarding friction is the leading cause of tool abandonment. Every extra step in setup loses 20–30% of users. The first experience must succeed or users never return.',
+            recommendation: 'Time-box the happy path setup to under 2 minutes. Every step must have a clear success indicator. Provide a single copy-paste command that does everything.',
+        },
+        {
+            pattern: /vscode|extension|sidebar|panel|button/i,
+            concern: 'VS Code extensions that clutter the UI with too many buttons and panels feel like bloatware. Users uninstall extensions that are visually noisy.',
+            recommendation: 'Default to minimal UI: one status bar item. Expand to sidebar only when user explicitly enables it. Follow VS Code\'s own design patterns and icon conventions.',
+        },
+        {
+            pattern: /41.?tool|tool.?count|tool.?list|discover/i,
+            concern: '41 tools requires users to read documentation before they can use the product. No tool is valuable if users can\'t discover it exists.',
+            recommendation: 'Make veto_discover the entry point. Ship it as the first thing users learn about. Consider surfacing 3 "most useful for your current task" recommendations automatically.',
+        },
+        {
+            pattern: /wait|loading|slow|latency|timeout/i,
+            concern: 'Operations that take more than 300ms with no feedback feel broken to users. For LLM-backed operations (2–30s), silence is indistinguishable from a crash.',
+            recommendation: 'Show progress for any operation over 500ms. For long operations, stream partial results or show a "working..." status. Never leave the user in silence.',
+        },
+    ];
+    const topicMatched = TOPIC_INSIGHTS.filter(t => t.pattern.test(task));
+    if (topicMatched.length > 0) {
+        const top = topicMatched.slice(0, 2);
+        return {
+            verdict: 'warn',
+            reason: top[0].concern,
+            concerns: top.slice(1).map(t => t.concern),
+            recommendation: top.map(t => t.recommendation).join(' | '),
+        };
+    }
+    return { verdict: 'approve', reason: 'UX looks solid. No user experience concerns identified.', concerns: [] };
 }
 //# sourceMappingURL=ux-designer.js.map

package/dist/council/ux-designer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ux-designer.js","sourceRoot":"","sources":["../../src/council/ux-designer.ts"],"names":[],"mappings":"AAGA,mDAAmD;AACnD,MAAM,YAAY,GAAG,4JAA4J,CAAC;AAClL,MAAM,gBAAgB,GAAG,uKAAuK,CAAC;AAEjM,MAAM,WAAW,GAAuE;IACtF;QACE,OAAO,EAAE,0CAA0C;QACnD,MAAM,EAAE,2EAA2E;QACnF,cAAc,EAAE,uEAAuE;KACxF;IACD;QACE,OAAO,EAAE,0EAA0E;QACnF,MAAM,EAAE,8EAA8E;QACtF,cAAc,EAAE,+DAA+D;KAChF;IACD;QACE,OAAO,EAAE,wCAAwC;QACjD,MAAM,EAAE,oEAAoE;QAC5E,cAAc,EAAE,yDAAyD;KAC1E;CACF,CAAC;AAEF,MAAM,UAAU,GAAwE;IACtF;QACE,OAAO,EAAE,wCAAwC;QACjD,OAAO,EAAE,mEAAmE;QAC5E,cAAc,EAAE,2DAA2D;KAC5E;IACD;QACE,OAAO,EAAE,+CAA+C;QACxD,OAAO,EAAE,uEAAuE;QAChF,cAAc,EAAE,6DAA6D;KAC9E;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,OAAO,EAAE,iEAAiE;QAC1E,cAAc,EAAE,oFAAoF;KACrG;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,OAAO,EAAE,8DAA8D;QACvE,cAAc,EAAE,uEAAuE;KACxF;IACD;QACE,OAAO,EAAE,6CAA6C;QACtD,OAAO,EAAE,wEAAwE;QACjF,cAAc,EAAE,iEAAiE;KAClF;IACD;QACE,OAAO,EAAE,kDAAkD;QAC3D,OAAO,EAAE,yEAAyE;QAClF,cAAc,EAAE,mEAAmE;KACpF;IACD;QACE,OAAO,EAAE,kDAAkD;QAC3D,OAAO,EAAE,kEAAkE;QAC3E,cAAc,EAAE,+EAA+E;KAChG;IACD;QACE,OAAO,EAAE,2DAA2D;QACpE,OAAO,EAAE,0DAA0D;QACnE,cAAc,EAAE,kDAAkD;KACnE;CACF,CAAC;AAEF,MAAM,OAAO,GAAG,0EAA0E,CAAC;AAE3F,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,kCAAkC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC1F,CAAC;IAED,sCAAsC;IACtC,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1E,IAAI,SAAS,EAAE,CAAC;QACd,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,mFAAmF;YAC3F,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAsD,EAAE,CAAC;IACrE,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5B,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM;YACxB,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;YAC5C,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;SAC9D,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,cAAc,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,iCAAiC;YACvG,QAAQ;YACR,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC;SACnC,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,MAAM,cAAc,GAAwE;QAC1F;YACE,OAAO,EAAE,2CAA2C;YACpD,OAAO,EAAE,kKAAkK;YAC3K,cAAc,EAAE,4JAA4J;SAC7K;QACD;YACE,OAAO,EAAE,yCAAyC;YAClD,OAAO,EAAE,oLAAoL;YAC7L,cAAc,EAAE,8IAA8I;SAC/J;QACD;YACE,OAAO,EAAE,wCAAwC;YACjD,OAAO,EAAE,yKAAyK;YAClL,cAAc,EAAE,6JAA6J;SAC9K;QACD;YACE,OAAO,EAAE,wCAAwC;YACjD,OAAO,EAAE,kJAAkJ;YAC3J,cAAc,EAAE,iKAAiK;SAClL;QACD;YACE,OAAO,EAAE,2CAA2C;YACpD,OAAO,EAAE,wIAAwI;YACjJ,cAAc,EAAE,2KAA2K;SAC5L;QACD;YACE,OAAO,EAAE,oCAAoC;YAC7C,OAAO,EAAE,2JAA2J;YACpK,cAAc,EAAE,yJAAyJ;SAC1K;KACF,CAAC;IAEF,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACtE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACrC,OAAO;YACL,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO;YACtB,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YAC1C,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;SAC3D,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,yDAAyD,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;AACjH,CAAC"}

package/dist/github/pr-fetcher.d.ts

@@ -0,0 +1,25 @@
+export interface PrMeta {
+    owner: string;
+    repo: string;
+    number: number;
+    title: string;
+    author: string;
+    base_branch: string;
+    head_branch: string;
+    html_url: string;
+    additions: number;
+    deletions: number;
+    changed_files: number;
+    state: string;
+}
+export interface PrFetchResult {
+    ok: true;
+    diff: string;
+    meta: PrMeta;
+}
+export interface PrFetchError {
+    ok: false;
+    error: string;
+}
+export declare function fetchPrDiff(prUrl: string): Promise<PrFetchResult | PrFetchError>;
+//# sourceMappingURL=pr-fetcher.d.ts.map

package/dist/github/pr-fetcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pr-fetcher.d.ts","sourceRoot":"","sources":["../../src/github/pr-fetcher.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,MAAM;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,IAAI,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,KAAK,CAAC;IACV,KAAK,EAAE,MAAM,CAAC;CACf;AAiBD,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC,CAgDtF"}

package/dist/github/pr-fetcher.js

@@ -0,0 +1,60 @@
+// Fetches a GitHub PR diff and metadata via the GitHub REST API.
+// Supports public repos without auth; set GITHUB_TOKEN for private repos.
+function parsePrUrl(url) {
+    const m = url.match(/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)/);
+    if (!m)
+        return null;
+    return { owner: m[1], repo: m[2], number: parseInt(m[3], 10) };
+}
+function githubHeaders() {
+    const headers = {
+        'User-Agent': 'veto-mcp-server',
+    };
+    const token = process.env.GITHUB_TOKEN;
+    if (token)
+        headers['Authorization'] = `Bearer ${token}`;
+    return headers;
+}
+export async function fetchPrDiff(prUrl) {
+    const parsed = parsePrUrl(prUrl);
+    if (!parsed) {
+        return { ok: false, error: `Cannot parse PR URL. Expected format: https://github.com/owner/repo/pull/123` };
+    }
+    const { owner, repo, number } = parsed;
+    const apiBase = `https://api.github.com/repos/${owner}/${repo}/pulls/${number}`;
+    // Fetch PR metadata and diff in parallel
+    const [metaRes, diffRes] = await Promise.all([
+        fetch(apiBase, { headers: githubHeaders() }),
+        fetch(apiBase, { headers: { ...githubHeaders(), Accept: 'application/vnd.github.v3.diff' } }),
+    ]);
+    if (metaRes.status === 404) {
+        return { ok: false, error: `PR not found: ${prUrl}. Check the URL and ensure GITHUB_TOKEN is set for private repos.` };
+    }
+    if (metaRes.status === 401 || metaRes.status === 403) {
+        return { ok: false, error: `GitHub API auth error (${metaRes.status}). Set the GITHUB_TOKEN environment variable.` };
+    }
+    if (!metaRes.ok) {
+        return { ok: false, error: `GitHub API error ${metaRes.status}: ${metaRes.statusText}` };
+    }
+    const pr = await metaRes.json();
+    const diff = diffRes.ok ? await diffRes.text() : '';
+    if (!diff.trim()) {
+        return { ok: false, error: `PR #${number} has no diff (may be empty or already merged with no changes).` };
+    }
+    const meta = {
+        owner,
+        repo,
+        number,
+        title: String(pr.title ?? ''),
+        author: String(pr.user?.login ?? ''),
+        base_branch: String(pr.base?.ref ?? ''),
+        head_branch: String(pr.head?.ref ?? ''),
+        html_url: String(pr.html_url ?? prUrl),
+        additions: Number(pr.additions ?? 0),
+        deletions: Number(pr.deletions ?? 0),
+        changed_files: Number(pr.changed_files ?? 0),
+        state: String(pr.state ?? 'unknown'),
+    };
+    return { ok: true, diff, meta };
+}
+//# sourceMappingURL=pr-fetcher.js.map

package/dist/github/pr-fetcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pr-fetcher.js","sourceRoot":"","sources":["../../src/github/pr-fetcher.ts"],"names":[],"mappings":"AAAA,iEAAiE;AACjE,0EAA0E;AA4B1E,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAClE,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,OAAO,GAA2B;QACtC,YAAY,EAAE,iBAAiB;KAChC,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACvC,IAAI,KAAK;QAAE,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IACxD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAa;IAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,8EAA8E,EAAE,CAAC;IAC9G,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IACvC,MAAM,OAAO,GAAG,gCAAgC,KAAK,IAAI,IAAI,UAAU,MAAM,EAAE,CAAC;IAEhF,yCAAyC;IACzC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC3C,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,CAAC;QAC5C,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,EAAE,GAAG,aAAa,EAAE,EAAE,MAAM,EAAE,gCAAgC,EAAE,EAAE,CAAC;KAC9F,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC3B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,KAAK,mEAAmE,EAAE,CAAC;IACzH,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,GAAG,IAAI,OAAO,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACrD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,OAAO,CAAC,MAAM,+CAA+C,EAAE,CAAC;IACvH,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;IAC3F,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,EAA6B,CAAC;IAC3D,MAAM,IAAI,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAEpD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACjB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,MAAM,gEAAgE,EAAE,CAAC;IAC7G,CAAC;IAED,MAAM,IAAI,GAAW;QACnB,KAAK;QACL,IAAI;QACJ,MAAM;QACN,KAAK,EAAE,MAAM,CAAE,EAAE,CAAC,KAAgB,IAAI,EAAE,CAAC;QACzC,MAAM,EAAE,MAAM,CAAG,EAAE,CAAC,IAAgC,EAAE,KAAgB,IAAI,EAAE,CAAC;QAC7E,WAAW,EAAE,MAAM,CAAG,EAAE,CAAC,IAAgC,EAAE,GAAc,IAAI,EAAE,CAAC;QAChF,WAAW,EAAE,MAAM,CAAG,EAAE,CAAC,IAAgC,EAAE,GAAc,IAAI,EAAE,CAAC;QAChF,QAAQ,EAAE,MAAM,CAAE,EAAE,CAAC,QAAmB,IAAI,KAAK,CAAC;QAClD,SAAS,EAAE,MAAM,CAAC,EAAE,CAAC,SAAS,IAAI,CAAC,CAAC;QACpC,SAAS,EAAE,MAAM,CAAC,EAAE,CAAC,SAAS,IAAI,CAAC,CAAC;QACpC,aAAa,EAAE,MAAM,CAAC,EAAE,CAAC,aAAa,IAAI,CAAC,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAE,EAAE,CAAC,KAAgB,IAAI,SAAS,CAAC;KACjD,CAAC;IAEF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAClC,CAAC"}

package/dist/memory/local.d.ts

@@ -0,0 +1,144 @@
+import type { DatabaseSync } from 'node:sqlite';
+import { type SessionRow, type KnowledgeRow, type KnowledgeType, type ProjectMapRow } from './schema.js';
+export declare const CONTEXT_WINDOWS: Record<string, number>;
+export declare function resetDb(): void;
+export declare function getDb(): DatabaseSync;
+export type SaveSessionInput = {
+    platform?: string;
+    connection_type?: string;
+    project_dir?: string;
+    summary?: string;
+    context?: string;
+    task_state?: string;
+    token_count?: number;
+};
+export type SessionSaveResult = {
+    session_id: string;
+    saved_at: string;
+    context_warning: boolean;
+    usage_pct: number;
+    continuation_prompt: string | null;
+};
+export declare function saveSession(input: SaveSessionInput): SessionSaveResult;
+export type RestoreSessionResult = {
+    found: boolean;
+    session?: SessionRow;
+};
+export declare function restoreSession(session_id: string, active_client?: string): RestoreSessionResult;
+export declare function listSessions(limit?: number): SessionRow[];
+export declare function closeSession(session_id: string): void;
+export declare function getDbPath(): string;
+export type SaveCouncilOutcomeInput = {
+    session_id?: string;
+    task: string;
+    verdict: string;
+    lead_dev: string;
+    pm: string;
+    architect: string;
+    ux: string;
+    devil: string;
+    legal: string;
+    security: string;
+    recommended: string;
+    duration_ms?: number;
+};
+export declare function saveCouncilOutcome(input: SaveCouncilOutcomeInput): string;
+export type StoreKnowledgeInput = {
+    type?: KnowledgeType;
+    title: string;
+    content: string;
+    tags?: string[];
+    project_dir?: string;
+    session_id?: string;
+    relevance?: number;
+};
+export declare function storeKnowledge(input: StoreKnowledgeInput): string;
+export type SearchKnowledgeOptions = {
+    query?: string;
+    type?: KnowledgeType;
+    tags?: string[];
+    project_dir?: string;
+    limit?: number;
+};
+export declare function searchKnowledge(opts: SearchKnowledgeOptions): KnowledgeRow[];
+export declare function deleteKnowledge(id: string): boolean;
+export type UpdateProjectMapInput = {
+    project_dir: string;
+    structure: Record<string, unknown> | string;
+    key_modules?: string[];
+    tech_stack?: string[];
+};
+export declare function updateProjectMap(input: UpdateProjectMapInput): string;
+export declare function getProjectMap(project_dir: string): ProjectMapRow | null;
+export type UpsertPatternInput = {
+    pattern_key: string;
+    pattern_val: string;
+    confidence?: number;
+};
+export declare function upsertPattern(input: UpsertPatternInput): void;
+export declare function getPatterns(prefix?: string, limit?: number): import('./schema.js').PatternRow[];
+export type ContextStatus = {
+    session_id: string;
+    platform: string;
+    token_count: number;
+    context_window: number;
+    usage_pct: number;
+    recommended_action: 'safe' | 'compress' | 'handoff';
+};
+export declare function getContextStatus(session_id: string): ContextStatus | null;
+export declare function fetchAndCacheDocs(package_name: string, ecosystem: 'npm' | 'pypi' | 'crates', version?: string, max_chars?: number, agentVersion?: string): Promise<{
+    package_name: string;
+    version: string;
+    ecosystem: string;
+    content: string;
+    cached: boolean;
+    fetched_at: string;
+} | null>;
+export declare function saveTaskPlan(plan_json: string, description_hash: string, project_dir?: string): string;
+export type UsageStatus = {
+    today: {
+        by_platform: Array<{
+            platform: string;
+            requests: number;
+            tokens_reported: number;
+            connection_breakdown: {
+                subscription: number;
+                api: number;
+            };
+        }>;
+    };
+    history: Array<{
+        date: string;
+        total_requests: number;
+        total_tokens: number;
+    }>;
+    warnings: string[];
+};
+export declare function getUsageStatus(): UsageStatus;
+export type AuditEvent = {
+    timestamp: string;
+    event_type: string;
+    session_id: string | null;
+    agent: string | null;
+    verdict: string | null;
+    summary: string;
+    affected_files: string | null;
+};
+export type AuditLogOptions = {
+    session_id?: string;
+    agent?: string;
+    verdict?: string;
+    since?: string;
+    limit?: number;
+};
+export declare function getAuditLog(opts?: AuditLogOptions): AuditEvent[];
+export type HealthStats = {
+    total_sessions: number;
+    total_memories: number;
+    total_patterns: number;
+    total_council_outcomes: number;
+    total_decisions: number;
+    avg_council_latency_ms: number | null;
+};
+export declare function getHealthStats(): HealthStats;
+//# sourceMappingURL=local.d.ts.map

package/dist/memory/local.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../src/memory/local.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAShD,OAAO,EAAiB,KAAK,UAAU,EAAE,KAAK,YAAY,EAAE,KAAK,aAAa,EAAE,KAAK,aAAa,EAAqB,MAAM,aAAa,CAAC;AAG3I,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAIlD,CAAC;AAOF,wBAAgB,OAAO,IAAI,IAAI,CAE9B;AAED,wBAAgB,KAAK,IAAI,YAAY,CAYpC;AA4CD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;CACpC,CAAC;AAEF,wBAAgB,WAAW,CAAC,KAAK,EAAE,gBAAgB,GAAG,iBAAiB,CAmCtE;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,UAAU,CAAC;CACtB,CAAC;AAEF,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,oBAAoB,CAc/F;AAED,wBAAgB,YAAY,CAAC,KAAK,SAAK,GAAG,UAAU,EAAE,CAKrD;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAIrD;AAED,wBAAgB,SAAS,IAAI,MAAM,CAElC;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,uBAAuB,GAAG,MAAM,CAYzE;AAID,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,CAAC,EAAE,aAAa,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wBAAgB,cAAc,CAAC,KAAK,EAAE,mBAAmB,GAAG,MAAM,CAoBjE;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,aAAa,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,wBAAgB,eAAe,CAAC,IAAI,EAAE,sBAAsB,GAAG,YAAY,EAAE,CA+B5E;AAED,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAInD;AAID,MAAM,MAAM,qBAAqB,GAAG;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC;IAC5C,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB,CAAC;AAEF,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,qBAAqB,GAAG,MAAM,CAuBrE;AAED,wBAAgB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAGvE;AAID,MAAM,MAAM,kBAAkB,GAAG;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,wBAAgB,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,IAAI,CAiB7D;AAED,wBAAgB,WAAW,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,SAAK,GAAG,OAAO,aAAa,EAAE,UAAU,EAAE,CAU3F;AAID,MAAM,MAAM,aAAa,GAAG;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAAC;CACrD,CAAC;AAEF,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CASzE;AAMD,wBAAsB,iBAAiB,CACrC,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,KAAK,GAAG,MAAM,GAAG,QAAQ,EACpC,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,SAAO,EAChB,YAAY,SAAU,GACrB,OAAO,CAAC;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CA4DpI;AAID,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAQtG;AAID,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE;QACL,WAAW,EAAE,KAAK,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;YACjB,eAAe,EAAE,MAAM,CAAC;YACxB,oBAAoB,EAAE;gBAAE,YAAY,EAAE,MAAM,CAAC;gBAAC,GAAG,EAAE,MAAM,CAAA;aAAE,CAAC;SAC7D,CAAC,CAAC;KACJ,CAAC;IACF,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/E,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB,CAAC;AAEF,wBAAgB,cAAc,IAAI,WAAW,CAsD5C;AAID,MAAM,MAAM,UAAU,GAAG;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,wBAAgB,WAAW,CAAC,IAAI,GAAE,eAAoB,GAAG,UAAU,EAAE,CAoCpE;AAID,MAAM,MAAM,WAAW,GAAG;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,eAAe,EAAE,MAAM,CAAC;IACxB,sBAAsB,EAAE,MAAM,GAAG,IAAI,CAAC;CACvC,CAAC;AAEF,wBAAgB,cAAc,IAAI,WAAW,CAoB5C"}

package/dist/memory/local.js

@@ -36,8 +36,16 @@ export function getDb() {
     migrateCouncilOutcomes(_db);
     migrateCouncilColumns(_db);
     migrateSessionColumns(_db);
+    migrateCouncilDuration(_db);
     return _db;
 }
+// Adds duration_ms column to council_outcomes if it doesn't exist (v1.2.3 migration)
+function migrateCouncilDuration(db) {
+    const cols = db.prepare('PRAGMA table_info(council_outcomes)').all();
+    const names = new Set(cols.map(c => c.name));
+    if (!names.has('duration_ms'))
+        db.exec('ALTER TABLE council_outcomes ADD COLUMN duration_ms INTEGER DEFAULT 0');
+}
 // Adds active_client, last_resumed_at, and connection_type columns if they don't exist
 function migrateSessionColumns(db) {
     const cols = db.prepare('PRAGMA table_info(sessions)').all();
@@ -132,9 +140,9 @@ export function saveCouncilOutcome(input) {
     const now = new Date().toISOString();
     db.prepare(`
     INSERT INTO council_outcomes
-      (id, session_id, task, verdict, lead_dev, pm, architect, ux, devil, legal, security, recommended, debated_at)
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-  `).run(id, input.session_id ?? null, input.task, input.verdict, input.lead_dev, input.pm, input.architect, input.ux, input.devil, input.legal, input.security, input.recommended, now);
+      (id, session_id, task, verdict, lead_dev, pm, architect, ux, devil, legal, security, recommended, debated_at, duration_ms)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(id, input.session_id ?? null, input.task, input.verdict, input.lead_dev, input.pm, input.architect, input.ux, input.devil, input.legal, input.security, input.recommended, now, input.duration_ms ?? 0);
     return id;
 }
 export function storeKnowledge(input) {
@@ -168,8 +176,9 @@ export function searchKnowledge(opts) {
     const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
     const rows = db.prepare(`SELECT * FROM knowledge_base ${where} ORDER BY relevance DESC, accessed_count DESC, created_at DESC LIMIT ?`).all(...params, limit);
     if (rows.length > 0 && opts.query) {
-        const ids = rows.map(r => `'${r.id}'`).join(',');
-        db.exec(`UPDATE knowledge_base SET accessed_count = accessed_count + 1 WHERE id IN (${ids})`);
+        const updateStmt = db.prepare('UPDATE knowledge_base SET accessed_count = accessed_count + 1 WHERE id = ?');
+        for (const row of rows)
+            updateStmt.run(row.id);
     }
     return rows;
 }
@@ -240,7 +249,7 @@ export function getContextStatus(session_id) {
 }
 // ─── Docs Cache ───────────────────────────────────────────────────────────────
 const DOCS_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
-export async function fetchAndCacheDocs(package_name, ecosystem, version, max_chars = 8000) {
+export async function fetchAndCacheDocs(package_name, ecosystem, version, max_chars = 8000, agentVersion = '1.0.0') {
     const db = getDb();
     // Check cache first
     const cached = db.prepare('SELECT * FROM docs_cache WHERE package_name = ? AND ecosystem = ? ORDER BY fetched_at DESC LIMIT 1').get(package_name, ecosystem);
@@ -277,7 +286,7 @@ export async function fetchAndCacheDocs(package_name, ecosystem, version, max_ch
         else {
             const res = await fetch(`https://crates.io/api/v1/crates/${encodeURIComponent(package_name)}`, {
                 signal: controller.signal,
-                headers: { 'User-Agent': 'veto-mcp/1.1.0' },
+                headers: { 'User-Agent': `veto-mcp/${agentVersion}` },
             });
             if (!res.ok)
                 return null;
@@ -378,8 +387,6 @@ export function getAuditLog(opts = {}) {
     }
     const councilRows = db.prepare(`SELECT id, session_id, task, verdict, recommended, debated_at FROM council_outcomes WHERE ${councilWhere.join(' AND ')} ORDER BY debated_at DESC LIMIT ?`).all(...councilParams, limit);
     for (const r of councilRows) {
-        if (opts.agent)
-            continue; // council events don't have a single agent
         events.push({ timestamp: r.debated_at, event_type: 'council', session_id: r.session_id, agent: null, verdict: r.verdict, summary: r.task.slice(0, 100), affected_files: null });
     }
     // Decisions
@@ -403,16 +410,9 @@ export function getAuditLog(opts = {}) {
 export function getHealthStats() {
     const db = getDb();
     const count = (table) => db.prepare(`SELECT COUNT(*) as n FROM ${table}`).get().n;
-    // Avg latency: approximate from 10 most recent council outcomes (debated_at timestamps as proxy)
-    const latencyRows = db.prepare('SELECT debated_at FROM council_outcomes ORDER BY debated_at DESC LIMIT 10').all();
-    let avg_council_latency_ms = null;
-    if (latencyRows.length >= 2) {
-        const diffs = [];
-        for (let i = 0; i < latencyRows.length - 1; i++) {
-            diffs.push(Math.abs(new Date(latencyRows[i].debated_at).getTime() - new Date(latencyRows[i + 1].debated_at).getTime()));
-        }
-        avg_council_latency_ms = Math.round(diffs.reduce((a, b) => a + b, 0) / diffs.length);
-    }
+    // Avg latency: average of actual recorded debate durations
+    const latencyRow = db.prepare('SELECT AVG(duration_ms) as avg_ms, COUNT(*) as n FROM council_outcomes WHERE duration_ms > 0').get();
+    const avg_council_latency_ms = latencyRow.n > 0 && latencyRow.avg_ms != null ? Math.round(latencyRow.avg_ms) : null;
     return {
         total_sessions: count('sessions'),
         total_memories: count('knowledge_base'),