@kbediako/codex-orchestrator 0.1.38 → 0.2.1

package/dist/scripts/lib/review-command-probe-classification.js

@@ -0,0 +1,385 @@
+import { REVIEW_SHELL_COMMANDS, extractShellCommandPayload, normalizeCommandToken, normalizeShellCommandPathSeparators, splitShellControlSegments, splitShellControlSegmentsDetailed, stripLeadingEnvAssignments, tokenizeShellSegment, unwrapEnvCommandTokens } from './review-shell-command-parser.js';
+export const REVIEW_HEAVY_SCRIPT_TARGETS = new Set([
+    'test',
+    'lint',
+    'build',
+    'typecheck',
+    'check',
+    'docs:check',
+    'docs:freshness',
+    'docs:freshness:maintain'
+]);
+const REVIEW_PACKAGE_RUN_SUBCOMMAND_ALIASES = new Set(['run', 'run-script', 'rum', 'urn']);
+const REVIEW_PACKAGE_TEST_SUBCOMMAND_ALIASES = new Set(['test', 't', 'tst']);
+const REVIEW_SHELL_PROBE_ENV_VARS = new Set(['MANIFEST', 'RUNNER_LOG', 'RUN_LOG']);
+const REVIEW_DIRECT_VALIDATION_RUNNERS = new Set(['vitest', 'jest', 'pytest']);
+const REVIEW_LIKELY_COMMANDS = new Set([
+    'npm',
+    'pnpm',
+    'yarn',
+    'bun',
+    'npx',
+    'bunx',
+    'git',
+    'bash',
+    'sh',
+    'zsh',
+    'ksh',
+    'fish',
+    'python',
+    'python3',
+    'py',
+    'pytest',
+    'go',
+    'cargo',
+    'mvn',
+    'mvnw',
+    'gradle',
+    'gradlew',
+    'node',
+    'codex',
+    'codex-orchestrator',
+    'cmd',
+    'powershell',
+    'pwsh',
+    'sed',
+    'rg',
+    'grep',
+    'cat',
+    'head',
+    'tail',
+    'nl',
+    'awk',
+    'find',
+    'ls'
+]);
+function normalizeReviewCommandLine(line) {
+    const trimmed = line.trim();
+    if (!trimmed) {
+        return '';
+    }
+    const succeededIndex = trimmed.indexOf(' succeeded in ');
+    if (succeededIndex >= 0) {
+        return trimmed.slice(0, succeededIndex).trimEnd();
+    }
+    const exitedIndex = trimmed.indexOf(' exited ');
+    if (exitedIndex >= 0) {
+        return trimmed.slice(0, exitedIndex).trimEnd();
+    }
+    return trimmed;
+}
+function packageOptionConsumesValue(option) {
+    if (/^--(?:prefix|workspace|filter|cwd)$/iu.test(option)) {
+        return true;
+    }
+    if (/^-(?:C|w)$/iu.test(option)) {
+        return true;
+    }
+    return false;
+}
+export function resolvePackageScriptTarget(args) {
+    let index = 0;
+    while (index < args.length) {
+        const token = args[index] ?? '';
+        const normalized = token.toLowerCase();
+        if (normalized === '--') {
+            const fallback = args[index + 1];
+            return fallback ? fallback.toLowerCase() : null;
+        }
+        if (REVIEW_PACKAGE_TEST_SUBCOMMAND_ALIASES.has(normalized)) {
+            return 'test';
+        }
+        if (REVIEW_PACKAGE_RUN_SUBCOMMAND_ALIASES.has(normalized)) {
+            index += 1;
+            while (index < args.length) {
+                const candidate = args[index] ?? '';
+                const candidateNormalized = candidate.toLowerCase();
+                if (candidateNormalized === '--') {
+                    index += 1;
+                    continue;
+                }
+                if (candidate.startsWith('-')) {
+                    index += packageOptionConsumesValue(candidate) ? 2 : 1;
+                    continue;
+                }
+                return candidateNormalized;
+            }
+            return null;
+        }
+        if (token.startsWith('-')) {
+            index += packageOptionConsumesValue(token) ? 2 : 1;
+            continue;
+        }
+        return normalized;
+    }
+    return null;
+}
+function hasHeavyCommandTokens(tokens) {
+    if (tokens.length === 0) {
+        return false;
+    }
+    const unwrappedTokens = unwrapEnvCommandTokens(tokens);
+    if (unwrappedTokens.length === 0) {
+        return false;
+    }
+    if (unwrappedTokens.length !== tokens.length) {
+        return hasHeavyCommandTokens(unwrappedTokens);
+    }
+    const command = normalizeCommandToken(unwrappedTokens[0] ?? '');
+    const args = unwrappedTokens.slice(1);
+    if (REVIEW_DIRECT_VALIDATION_RUNNERS.has(command)) {
+        return true;
+    }
+    if (command === 'npm' || command === 'pnpm' || command === 'yarn' || command === 'bun') {
+        const scriptTarget = resolvePackageScriptTarget(args);
+        return scriptTarget !== null && REVIEW_HEAVY_SCRIPT_TARGETS.has(scriptTarget);
+    }
+    const launcherTarget = resolveValidationLauncherTarget(command, args);
+    if (launcherTarget !== null && REVIEW_DIRECT_VALIDATION_RUNNERS.has(launcherTarget)) {
+        return true;
+    }
+    if (command === 'python' || command === 'python3' || command === 'py') {
+        for (let index = 0; index < args.length - 1; index += 1) {
+            if ((args[index] ?? '').toLowerCase() !== '-m') {
+                continue;
+            }
+            if (normalizeCommandToken(args[index + 1] ?? '') === 'pytest') {
+                return true;
+            }
+        }
+    }
+    const firstArg = normalizeCommandToken(args[0] ?? '');
+    if (command === 'go' && firstArg === 'test') {
+        return true;
+    }
+    if (command === 'cargo' && firstArg === 'test') {
+        return true;
+    }
+    if (command === 'mvn' || command === 'mvnw' || command === 'gradle' || command === 'gradlew') {
+        return args.some((arg) => {
+            const normalized = normalizeCommandToken(arg);
+            return normalized === 'test' || normalized.endsWith(':test');
+        });
+    }
+    return false;
+}
+function resolveValidationLauncherTarget(command, args) {
+    if (command === 'npx' || command === 'bunx') {
+        return resolveFirstBinaryLauncherTarget(args);
+    }
+    const firstArg = normalizeCommandToken(args[0] ?? '');
+    if (command === 'npm' && firstArg === 'exec') {
+        return resolveFirstBinaryLauncherTarget(args.slice(1), { skipDlx: false });
+    }
+    if (command === 'pnpm' && (firstArg === 'dlx' || firstArg === 'exec')) {
+        return resolveFirstBinaryLauncherTarget(args.slice(1), { skipDlx: false });
+    }
+    if (command === 'yarn' && (firstArg === 'dlx' || firstArg === 'exec')) {
+        return resolveFirstBinaryLauncherTarget(args.slice(1), { skipDlx: false });
+    }
+    if (command === 'bun' && firstArg === 'x') {
+        return resolveFirstBinaryLauncherTarget(args.slice(1), { skipDlx: false });
+    }
+    return null;
+}
+function resolveFirstBinaryLauncherTarget(args, options = {}) {
+    let index = 0;
+    while (index < args.length) {
+        const token = args[index] ?? '';
+        const normalized = token.toLowerCase();
+        if (normalized === '--') {
+            const target = args[index + 1];
+            return target ? normalizeCommandToken(target) : null;
+        }
+        if (options.skipDlx !== false && (normalized === 'dlx' || normalized === 'exec')) {
+            index += 1;
+            continue;
+        }
+        if (token.startsWith('-')) {
+            index += binaryLauncherOptionExpectsValue(token) && !token.includes('=') ? 2 : 1;
+            continue;
+        }
+        return normalizeCommandToken(token);
+    }
+    return null;
+}
+function binaryLauncherOptionExpectsValue(option) {
+    const normalized = option.toLowerCase();
+    return (normalized === '-p' ||
+        normalized === '--package' ||
+        normalized === '-c' ||
+        normalized === '--call' ||
+        normalized === '--node-options');
+}
+function detectHeavyReviewCommandFromSegment(segment, depth = 0) {
+    const tokens = stripLeadingEnvAssignments(tokenizeShellSegment(segment));
+    if (tokens.length === 0) {
+        return null;
+    }
+    if (depth < 3) {
+        const payload = extractShellCommandPayload(tokens);
+        if (payload) {
+            const nestedSegments = splitShellControlSegments(normalizeShellCommandPathSeparators(payload));
+            for (const nestedSegment of nestedSegments) {
+                const nestedHeavyCommand = detectHeavyReviewCommandFromSegment(nestedSegment, depth + 1);
+                if (nestedHeavyCommand) {
+                    return nestedHeavyCommand;
+                }
+            }
+        }
+    }
+    return hasHeavyCommandTokens(tokens) ? segment.trim() : null;
+}
+export function detectHeavyReviewCommand(commandLine) {
+    const normalized = normalizeShellCommandPathSeparators(normalizeReviewCommandLine(commandLine));
+    const segments = splitShellControlSegments(normalized);
+    for (const segment of segments) {
+        const heavyCommand = detectHeavyReviewCommandFromSegment(segment);
+        if (heavyCommand) {
+            return heavyCommand;
+        }
+    }
+    return null;
+}
+export function tokenReferencesReviewShellProbeEnvVar(token) {
+    const normalized = token.trim().toUpperCase();
+    if (!normalized) {
+        return false;
+    }
+    for (const envVar of REVIEW_SHELL_PROBE_ENV_VARS) {
+        if (normalized === envVar) {
+            return true;
+        }
+        if (new RegExp(`\\$${envVar}(?=$|[^A-Z0-9_])`, 'u').test(normalized)) {
+            return true;
+        }
+        if (new RegExp(`\\$\\{${envVar}(?=$|[:}?+\\-/])`, 'u').test(normalized)) {
+            return true;
+        }
+        if (new RegExp(`(^|[^A-Z0-9_])${envVar}(?=$|[^A-Z0-9_])`, 'u').test(normalized)) {
+            return true;
+        }
+    }
+    return false;
+}
+function grepOptionConsumesValue(option) {
+    const normalized = option.toLowerCase();
+    return (normalized === '-e' ||
+        normalized === '-f' ||
+        normalized === '-m' ||
+        normalized === '--regexp' ||
+        normalized === '--file' ||
+        normalized === '--max-count' ||
+        normalized === '--after-context' ||
+        normalized === '--before-context' ||
+        normalized === '--context');
+}
+export function grepSegmentUsesExplicitSearchTargets(args) {
+    let patternConsumed = false;
+    for (let index = 0; index < args.length; index += 1) {
+        const arg = args[index] ?? '';
+        if (!patternConsumed) {
+            if (arg === '--') {
+                continue;
+            }
+            if (grepOptionConsumesValue(arg)) {
+                if (index + 1 < args.length) {
+                    if (arg === '-e' || arg === '--regexp') {
+                        patternConsumed = true;
+                    }
+                    index += 1;
+                }
+                continue;
+            }
+            if (arg.startsWith('-') && arg !== '-') {
+                continue;
+            }
+            patternConsumed = true;
+            continue;
+        }
+        if (arg === '--') {
+            continue;
+        }
+        if (arg.startsWith('<')) {
+            continue;
+        }
+        return true;
+    }
+    return false;
+}
+function segmentLooksLikeShellProbe(rawTokens, depth = 0) {
+    const strippedTokens = stripLeadingEnvAssignments(rawTokens);
+    if (strippedTokens.length === 0) {
+        return false;
+    }
+    const tokens = unwrapEnvCommandTokens(strippedTokens);
+    if (tokens.length === 0) {
+        return false;
+    }
+    const command = normalizeCommandToken(tokens[0] ?? '');
+    const args = tokens.slice(1);
+    if (depth < 3 && REVIEW_SHELL_COMMANDS.has(command)) {
+        const nestedPayload = extractShellCommandPayload(tokens);
+        return nestedPayload ? payloadContainsShellProbe(nestedPayload, depth + 1) : false;
+    }
+    const referencesReviewEnvVar = args.some((token) => tokenReferencesReviewShellProbeEnvVar(token));
+    if (!referencesReviewEnvVar) {
+        return false;
+    }
+    if (command === 'printf' || command === 'echo' || command === 'printenv') {
+        return true;
+    }
+    if (command === 'grep') {
+        return !grepSegmentUsesExplicitSearchTargets(args);
+    }
+    if (command === 'declare' || command === 'typeset') {
+        return args.some((arg) => arg === '-p' || arg === '-xp' || arg === '-px');
+    }
+    return false;
+}
+function payloadContainsShellProbe(payload, depth = 0) {
+    const segments = splitShellControlSegmentsDetailed(normalizeShellCommandPathSeparators(payload));
+    for (const { segment } of segments) {
+        if (segmentLooksLikeShellProbe(tokenizeShellSegment(segment), depth)) {
+            return true;
+        }
+    }
+    return false;
+}
+export function classifyShellProbeCommandLine(commandLine) {
+    const normalized = normalizeShellCommandPathSeparators(normalizeReviewCommandLine(commandLine));
+    if (detectHeavyReviewCommand(normalized)) {
+        return null;
+    }
+    const shellTokens = stripLeadingEnvAssignments(tokenizeShellSegment(normalized));
+    const payload = extractShellCommandPayload(shellTokens);
+    if (!payload) {
+        return null;
+    }
+    return payloadContainsShellProbe(payload) ? normalized : null;
+}
+export function isLikelyReviewCommandLine(line) {
+    const normalized = normalizeShellCommandPathSeparators(normalizeReviewCommandLine(line));
+    if (!normalized) {
+        return false;
+    }
+    if (detectHeavyReviewCommand(normalized)) {
+        return true;
+    }
+    const segments = splitShellControlSegments(normalized);
+    for (const segment of segments) {
+        const shellTokens = stripLeadingEnvAssignments(tokenizeShellSegment(segment));
+        if (extractShellCommandPayload(shellTokens)) {
+            return true;
+        }
+        const unwrappedTokens = unwrapEnvCommandTokens(shellTokens);
+        const command = normalizeCommandToken(unwrappedTokens[0] ?? shellTokens[0] ?? '');
+        if (REVIEW_LIKELY_COMMANDS.has(command)) {
+            return true;
+        }
+    }
+    if (normalized.includes(' in ') && /\s-\w+\s+/u.test(normalized)) {
+        return true;
+    }
+    return false;
+}

package/dist/scripts/lib/review-execution-boundary-preflight.js

@@ -0,0 +1,279 @@
+import path from 'node:path';
+import { formatRuntimeSelectionSummary } from '../../orchestrator/src/cli/runtime/index.js';
+import { ARCHITECTURE_ALLOWED_META_SURFACE_KINDS, AUDIT_ALLOWED_META_SURFACE_KINDS, formatDurationMs } from './review-execution-state.js';
+import { resolveReviewRuntimeContext } from './review-launch-attempt.js';
+export const DEFAULT_REVIEW_STARTUP_LOOP_MIN_EVENTS = 8;
+export const DEFAULT_REVIEW_MONITOR_INTERVAL_SECONDS = 60;
+export const REVIEW_MONITOR_INTERVAL_ENV_KEY = 'CODEX_REVIEW_MONITOR_INTERVAL_SECONDS';
+export const REVIEW_ALLOW_HEAVY_COMMANDS_ENV_KEY = 'CODEX_REVIEW_ALLOW_HEAVY_COMMANDS';
+export const REVIEW_ENFORCE_BOUNDED_MODE_ENV_KEY = 'CODEX_REVIEW_ENFORCE_BOUNDED_MODE';
+export const REVIEW_LOW_SIGNAL_TIMEOUT_ENV_KEY = 'CODEX_REVIEW_LOW_SIGNAL_TIMEOUT_SECONDS';
+export const REVIEW_VERDICT_STABILITY_TIMEOUT_ENV_KEY = 'CODEX_REVIEW_VERDICT_STABILITY_TIMEOUT_SECONDS';
+export const REVIEW_META_SURFACE_TIMEOUT_ENV_KEY = 'CODEX_REVIEW_META_SURFACE_TIMEOUT_SECONDS';
+export function allowHeavyReviewCommands(env = process.env) {
+    return envFlagEnabled(env[REVIEW_ALLOW_HEAVY_COMMANDS_ENV_KEY]);
+}
+export function enforceBoundedReviewMode(env = process.env) {
+    return envFlagEnabled(env[REVIEW_ENFORCE_BOUNDED_MODE_ENV_KEY]);
+}
+export async function prepareReviewExecutionBoundaryPreflight(options) {
+    const resolveRuntimeContext = options.resolveReviewRuntimeContextFn ?? resolveReviewRuntimeContext;
+    const runtimeContext = await resolveRuntimeContext({
+        options: options.cliOptions,
+        manifestPath: options.manifestPath,
+        env: options.env,
+        repoRoot: options.repoRoot
+    });
+    console.log(`[run-review] ${formatRuntimeSelectionSummary(runtimeContext.runtime)}.`);
+    const timeoutMs = resolveReviewTimeoutMs(options.env);
+    if (timeoutMs !== null) {
+        console.log(`[run-review] enforcing codex review timeout at ${Math.round(timeoutMs / 1000)}s (configured via CODEX_REVIEW_TIMEOUT_SECONDS).`);
+    }
+    const stallTimeoutMs = resolveReviewStallTimeoutMs(options.env);
+    if (stallTimeoutMs !== null) {
+        console.log(`[run-review] enforcing codex review stall timeout at ${Math.round(stallTimeoutMs / 1000)}s of no output (configured via CODEX_REVIEW_STALL_TIMEOUT_SECONDS).`);
+    }
+    const startupLoopTimeoutMs = resolveReviewStartupLoopTimeoutMs(options.env);
+    const startupLoopMinEvents = resolveReviewStartupLoopMinEvents(options.env);
+    if (startupLoopTimeoutMs !== null) {
+        console.log(`[run-review] enforcing delegation-startup loop timeout at ${Math.round(startupLoopTimeoutMs / 1000)}s after ${startupLoopMinEvents} startup events (configured via CODEX_REVIEW_STARTUP_LOOP_TIMEOUT_SECONDS).`);
+    }
+    const monitorIntervalMs = resolveReviewMonitorIntervalMs(options.env);
+    if (monitorIntervalMs === null) {
+        console.log('[run-review] patience-first monitor checkpoints disabled (configured via CODEX_REVIEW_MONITOR_INTERVAL_SECONDS=0).');
+    }
+    else {
+        console.log(`[run-review] patience-first monitor checkpoints every ${formatDurationMs(monitorIntervalMs)} (set CODEX_REVIEW_MONITOR_INTERVAL_SECONDS=0 to disable).`);
+    }
+    const lowSignalTimeoutMs = options.allowHeavyCommands
+        ? null
+        : resolveReviewLowSignalTimeoutMs(options.env);
+    const verdictStabilityTimeoutMs = options.allowHeavyCommands
+        ? null
+        : resolveReviewVerdictStabilityTimeoutMs(options.env);
+    const metaSurfaceTimeoutMs = options.allowHeavyCommands
+        ? null
+        : resolveReviewMetaSurfaceTimeoutMs(options.env);
+    const allowedMetaSurfaceKinds = options.reviewSurface === 'audit'
+        ? AUDIT_ALLOWED_META_SURFACE_KINDS
+        : options.reviewSurface === 'architecture'
+            ? ARCHITECTURE_ALLOWED_META_SURFACE_KINDS
+            : [];
+    const architectureRelevantPaths = options.reviewSurface === 'architecture'
+        ? options.architectureSurfacePaths
+            .map((entry) => path.relative(options.repoRoot, entry))
+            .filter((entry) => entry.length > 0)
+        : [];
+    const touchedPaths = options.reviewSurface === 'architecture'
+        ? [...new Set([...options.scopeTouchedPaths, ...architectureRelevantPaths])]
+        : [...options.scopeTouchedPaths];
+    const startupAnchorMode = options.allowHeavyCommands
+        ? null
+        : options.reviewSurface === 'audit'
+            ? 'audit'
+            : options.reviewSurface === 'diff' && touchedPaths.length > 0
+                ? 'diff'
+                : null;
+    const enforceStartupAnchorBoundary = startupAnchorMode !== null;
+    const enforceActiveCloseoutBundleRereadBoundary = options.reviewSurface === 'diff' &&
+        !options.allowHeavyCommands &&
+        options.activeCloseoutBundleRoots.length > 0;
+    const announceRelevantReinspectionDwellBoundary = (options.reviewSurface === 'diff' || options.reviewSurface === 'architecture') &&
+        !options.allowHeavyCommands &&
+        touchedPaths.length > 0;
+    const enforceRelevantReinspectionDwellBoundary = announceRelevantReinspectionDwellBoundary && lowSignalTimeoutMs !== null;
+    const auditStartupAnchorPaths = options.reviewSurface === 'audit'
+        ? [options.manifestPath, ...(options.runnerLogExists ? [options.runnerLogPath] : [])]
+        : [];
+    const allowedMetaSurfacePaths = options.reviewSurface === 'audit'
+        ? [...auditStartupAnchorPaths]
+        : options.reviewSurface === 'architecture'
+            ? [...options.architectureSurfacePaths]
+            : [];
+    const auditStartupAnchorEnvVarPaths = options.reviewSurface === 'audit'
+        ? {
+            MANIFEST: options.manifestPath,
+            ...(options.runnerLogExists
+                ? { RUNNER_LOG: options.runnerLogPath, RUN_LOG: options.runnerLogPath }
+                : {})
+        }
+        : {};
+    const allowedMetaSurfaceEnvVarPaths = options.reviewSurface === 'audit' ? { ...auditStartupAnchorEnvVarPaths } : {};
+    if (!options.allowHeavyCommands) {
+        if (lowSignalTimeoutMs === null) {
+            console.log(`[run-review] low-signal drift guard disabled (${REVIEW_LOW_SIGNAL_TIMEOUT_ENV_KEY}=0).`);
+        }
+        else {
+            console.log(`[run-review] low-signal drift guard enabled after ${formatDurationMs(lowSignalTimeoutMs)} of repetitive bounded activity (set ${REVIEW_LOW_SIGNAL_TIMEOUT_ENV_KEY}=0 to disable).`);
+        }
+        if (verdictStabilityTimeoutMs === null) {
+            console.log(`[run-review] verdict-stability guard disabled (${REVIEW_VERDICT_STABILITY_TIMEOUT_ENV_KEY}=0).`);
+        }
+        else {
+            console.log(`[run-review] verdict-stability guard enabled after ${formatDurationMs(verdictStabilityTimeoutMs)} of repeated speculative no-progress output (set ${REVIEW_VERDICT_STABILITY_TIMEOUT_ENV_KEY}=0 to disable).`);
+        }
+        if (metaSurfaceTimeoutMs === null) {
+            console.log(`[run-review] meta-surface expansion guard disabled (${REVIEW_META_SURFACE_TIMEOUT_ENV_KEY}=0).`);
+        }
+        else if (allowedMetaSurfaceKinds.length > 0) {
+            const allowedMetaSurfaceLabel = options.reviewSurface === 'audit'
+                ? 'allowed audit meta surfaces'
+                : 'allowed architecture meta surfaces';
+            console.log(`[run-review] meta-surface expansion guard enabled after ${formatDurationMs(metaSurfaceTimeoutMs)} of sustained off-task meta activity; ${allowedMetaSurfaceLabel}: ${allowedMetaSurfaceKinds.join(', ')} (set ${REVIEW_META_SURFACE_TIMEOUT_ENV_KEY}=0 to disable).`);
+        }
+        else {
+            console.log(`[run-review] meta-surface expansion guard enabled after ${formatDurationMs(metaSurfaceTimeoutMs)} of sustained off-task meta activity (set ${REVIEW_META_SURFACE_TIMEOUT_ENV_KEY}=0 to disable).`);
+        }
+        if (startupAnchorMode === 'diff') {
+            console.log('[run-review] startup-anchor boundary enabled for diff mode; repeated memory/skills/review-docs/manifest/review-artifact reads before the first startup anchor will terminate the review.');
+        }
+        else if (startupAnchorMode === 'audit') {
+            console.log('[run-review] startup-anchor boundary enabled for audit mode; repeated memory/skills/review-doc reads before the first manifest/runner-log startup anchor will terminate the review.');
+        }
+        if (announceRelevantReinspectionDwellBoundary) {
+            if (lowSignalTimeoutMs === null) {
+                console.log(`[run-review] bounded relevant reinspection dwell boundary disabled (${REVIEW_LOW_SIGNAL_TIMEOUT_ENV_KEY}=0).`);
+            }
+            else {
+                console.log(`[run-review] bounded relevant reinspection dwell boundary enabled after ${formatDurationMs(lowSignalTimeoutMs)} of repetitive on-task reinspection without concrete findings (set ${REVIEW_LOW_SIGNAL_TIMEOUT_ENV_KEY}=0 to disable).`);
+            }
+        }
+    }
+    return {
+        runtimeContext,
+        timeoutMs,
+        stallTimeoutMs,
+        startupLoopTimeoutMs,
+        startupLoopMinEvents,
+        monitorIntervalMs,
+        lowSignalTimeoutMs,
+        verdictStabilityTimeoutMs,
+        metaSurfaceTimeoutMs,
+        allowedMetaSurfaceKinds: [...allowedMetaSurfaceKinds],
+        touchedPaths,
+        startupAnchorMode,
+        enforceStartupAnchorBoundary,
+        enforceActiveCloseoutBundleRereadBoundary,
+        enforceRelevantReinspectionDwellBoundary,
+        auditStartupAnchorPaths,
+        allowedMetaSurfacePaths,
+        auditStartupAnchorEnvVarPaths,
+        allowedMetaSurfaceEnvVarPaths
+    };
+}
+export function resolveReviewTimeoutMs(env = process.env) {
+    const configured = env.CODEX_REVIEW_TIMEOUT_SECONDS?.trim();
+    if (!configured) {
+        return null;
+    }
+    const parsedSeconds = Number(configured);
+    if (!Number.isFinite(parsedSeconds)) {
+        throw new Error('CODEX_REVIEW_TIMEOUT_SECONDS must be a finite number.');
+    }
+    if (parsedSeconds <= 0) {
+        return null;
+    }
+    return Math.round(parsedSeconds * 1000);
+}
+export function resolveReviewStallTimeoutMs(env = process.env) {
+    const configured = env.CODEX_REVIEW_STALL_TIMEOUT_SECONDS?.trim();
+    if (!configured) {
+        return null;
+    }
+    const parsedSeconds = Number(configured);
+    if (!Number.isFinite(parsedSeconds)) {
+        throw new Error('CODEX_REVIEW_STALL_TIMEOUT_SECONDS must be a finite number.');
+    }
+    if (parsedSeconds <= 0) {
+        return null;
+    }
+    return Math.round(parsedSeconds * 1000);
+}
+export function resolveReviewStartupLoopTimeoutMs(env = process.env) {
+    const configured = env.CODEX_REVIEW_STARTUP_LOOP_TIMEOUT_SECONDS?.trim();
+    if (!configured) {
+        return null;
+    }
+    const parsedSeconds = Number(configured);
+    if (!Number.isFinite(parsedSeconds)) {
+        throw new Error('CODEX_REVIEW_STARTUP_LOOP_TIMEOUT_SECONDS must be a finite number.');
+    }
+    if (parsedSeconds <= 0) {
+        return null;
+    }
+    return Math.round(parsedSeconds * 1000);
+}
+export function resolveReviewStartupLoopMinEvents(env = process.env) {
+    const configured = env.CODEX_REVIEW_STARTUP_LOOP_MIN_EVENTS?.trim();
+    if (!configured) {
+        return DEFAULT_REVIEW_STARTUP_LOOP_MIN_EVENTS;
+    }
+    const parsed = Number(configured);
+    if (!Number.isFinite(parsed) || !Number.isInteger(parsed) || parsed < 1) {
+        throw new Error('CODEX_REVIEW_STARTUP_LOOP_MIN_EVENTS must be a positive integer.');
+    }
+    return parsed;
+}
+export function resolveReviewMonitorIntervalMs(env = process.env) {
+    const configured = env[REVIEW_MONITOR_INTERVAL_ENV_KEY]?.trim();
+    if (!configured) {
+        return DEFAULT_REVIEW_MONITOR_INTERVAL_SECONDS * 1000;
+    }
+    const parsedSeconds = Number(configured);
+    if (!Number.isFinite(parsedSeconds)) {
+        throw new Error(`${REVIEW_MONITOR_INTERVAL_ENV_KEY} must be a finite number.`);
+    }
+    if (parsedSeconds <= 0) {
+        return null;
+    }
+    return Math.round(parsedSeconds * 1000);
+}
+export function resolveReviewLowSignalTimeoutMs(env = process.env) {
+    const configured = env[REVIEW_LOW_SIGNAL_TIMEOUT_ENV_KEY]?.trim();
+    if (!configured) {
+        return 180_000;
+    }
+    const parsedSeconds = Number(configured);
+    if (!Number.isFinite(parsedSeconds)) {
+        throw new Error(`${REVIEW_LOW_SIGNAL_TIMEOUT_ENV_KEY} must be a finite number.`);
+    }
+    if (parsedSeconds <= 0) {
+        return null;
+    }
+    return Math.round(parsedSeconds * 1000);
+}
+export function resolveReviewVerdictStabilityTimeoutMs(env = process.env) {
+    const configured = env[REVIEW_VERDICT_STABILITY_TIMEOUT_ENV_KEY]?.trim();
+    if (!configured) {
+        return 180_000;
+    }
+    const parsedSeconds = Number(configured);
+    if (!Number.isFinite(parsedSeconds)) {
+        throw new Error(`${REVIEW_VERDICT_STABILITY_TIMEOUT_ENV_KEY} must be a finite number.`);
+    }
+    if (parsedSeconds <= 0) {
+        return null;
+    }
+    return Math.round(parsedSeconds * 1000);
+}
+export function resolveReviewMetaSurfaceTimeoutMs(env = process.env) {
+    const configured = env[REVIEW_META_SURFACE_TIMEOUT_ENV_KEY]?.trim();
+    if (!configured) {
+        return 180_000;
+    }
+    const parsedSeconds = Number(configured);
+    if (!Number.isFinite(parsedSeconds)) {
+        throw new Error(`${REVIEW_META_SURFACE_TIMEOUT_ENV_KEY} must be a finite number.`);
+    }
+    if (parsedSeconds <= 0) {
+        return null;
+    }
+    return Math.round(parsedSeconds * 1000);
+}
+function envFlagEnabled(value) {
+    if (!value) {
+        return false;
+    }
+    const normalized = value.trim().toLowerCase();
+    return normalized === '1' || normalized === 'true' || normalized === 'yes';
+}