@kognai/orchestrator-core 0.1.0

package/dist/lib/code-failure-logger.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Code Failure Logger — logs swarm code rejections to the failure-library.
+ * Originally Sprint 197; moved into @kognai/orchestrator-core (TICKET-215 Phase 3).
+ *
+ * The failure dir is now resolved via engine-paths (KOGNAI_ROOT / cwd) instead of
+ * `resolve(__dirname, ...)`, so the logger works regardless of where the package
+ * is installed. Default resolves to <root>/data/failure-library/code — identical
+ * to the legacy path when run from a product repo root.
+ *
+ * Stdlib only: crypto, fs, path.
+ */
+export interface CodeFailureEntry {
+    taskId: string;
+    sprintId: string;
+    agentId: string;
+    attemptNum: number;
+    score: number;
+    model: string;
+    rejectionReason: string;
+    issues: Array<{
+        severity: string;
+        file: string;
+        description: string;
+    }>;
+    failType: 'destructive_rewrite' | 'truncation' | 'qa_gate' | 'supervisor_rejected' | 'no_files';
+}
+export declare function logCodeFailure(entry: CodeFailureEntry): void;

package/dist/lib/code-failure-logger.js

@@ -0,0 +1,42 @@
+"use strict";
+/**
+ * Code Failure Logger — logs swarm code rejections to the failure-library.
+ * Originally Sprint 197; moved into @kognai/orchestrator-core (TICKET-215 Phase 3).
+ *
+ * The failure dir is now resolved via engine-paths (KOGNAI_ROOT / cwd) instead of
+ * `resolve(__dirname, ...)`, so the logger works regardless of where the package
+ * is installed. Default resolves to <root>/data/failure-library/code — identical
+ * to the legacy path when run from a product repo root.
+ *
+ * Stdlib only: crypto, fs, path.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.logCodeFailure = logCodeFailure;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const engine_paths_1 = require("./engine-paths");
+function logCodeFailure(entry) {
+    try {
+        const dir = (0, path_1.join)((0, engine_paths_1.resolveEnginePaths)().failureLibrary, 'code');
+        (0, fs_1.mkdirSync)(dir, { recursive: true });
+        const entryId = (0, crypto_1.randomUUID)().slice(0, 8);
+        const record = {
+            entry_id: entryId,
+            task_id: entry.taskId,
+            sprint_id: entry.sprintId,
+            agent_id: entry.agentId,
+            attempt_num: entry.attemptNum,
+            score: entry.score,
+            model: entry.model,
+            fail_type: entry.failType,
+            rejection_reason: entry.rejectionReason,
+            issues: entry.issues,
+            filed_at: new Date().toISOString(),
+        };
+        (0, fs_1.writeFileSync)((0, path_1.join)(dir, `fail-${entryId}.json`), JSON.stringify(record, null, 2));
+    }
+    catch {
+        // Silently catch all errors — must not break the swarm.
+    }
+}

package/dist/lib/cto-approval-gate.d.ts

@@ -0,0 +1,45 @@
+/**
+ * cto-approval-gate.ts — CTO Sprint Approval Gate
+ *
+ * MANDATORY: Every sprint plan generated by the autonomous loop MUST be
+ * reviewed and approved by the CTO agent before execution begins.
+ *
+ * The CTO checks:
+ *   1. Is this sprint in the execution plan? (FULL_WORK_PLAN.md / PHASE_1_EXECUTION_PLAN.md)
+ *   2. Does it advance the current phase gate?
+ *   3. Is it a Sev-1 fix or critical path item?
+ *   4. Does it duplicate work already completed?
+ *
+ * If the CTO rejects, the sprint is logged and skipped.
+ * If the CTO approves, execution proceeds normally.
+ *
+ * This prevents the autonomous swarm from inventing its own work.
+ *
+ * @see ClawRouter Spec v2.0 — CTO agent uses T2 POWER (qwen3:14b) for review
+ */
+import type { SprintProposal } from './cto-gate-types';
+import { type CapabilityCheckResult } from './acp';
+export interface CTOApprovalResult {
+    approved: boolean;
+    sprint_id: string;
+    reason: string;
+    plan_reference: string;
+    cto_confidence: number;
+    timestamp: string;
+    acp_violations?: CapabilityCheckResult[];
+}
+/**
+ * Submit a sprint proposal to the CTO agent for approval.
+ * Returns approval/rejection with reasoning.
+ *
+ * Uses T2 POWER (qwen3:14b, local, $0) for the review.
+ */
+export declare function requestCTOApproval(proposal: SprintProposal, projectRoot: string, product?: 'kognai' | 'invoica'): Promise<CTOApprovalResult>;
+/**
+ * Review multiple sprint proposals in sequence. Returns only approved ones.
+ * Use this in the autonomous loop to filter proposals before execution.
+ */
+export declare function batchCTOReview(proposals: SprintProposal[], projectRoot: string, product?: 'kognai' | 'invoica'): Promise<{
+    approved: SprintProposal[];
+    rejected: CTOApprovalResult[];
+}>;

package/dist/lib/cto-approval-gate.js

@@ -0,0 +1,478 @@
+"use strict";
+/**
+ * cto-approval-gate.ts — CTO Sprint Approval Gate
+ *
+ * MANDATORY: Every sprint plan generated by the autonomous loop MUST be
+ * reviewed and approved by the CTO agent before execution begins.
+ *
+ * The CTO checks:
+ *   1. Is this sprint in the execution plan? (FULL_WORK_PLAN.md / PHASE_1_EXECUTION_PLAN.md)
+ *   2. Does it advance the current phase gate?
+ *   3. Is it a Sev-1 fix or critical path item?
+ *   4. Does it duplicate work already completed?
+ *
+ * If the CTO rejects, the sprint is logged and skipped.
+ * If the CTO approves, execution proceeds normally.
+ *
+ * This prevents the autonomous swarm from inventing its own work.
+ *
+ * @see ClawRouter Spec v2.0 — CTO agent uses T2 POWER (qwen3:14b) for review
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requestCTOApproval = requestCTOApproval;
+exports.batchCTOReview = batchCTOReview;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const model_router_registry_1 = require("./model-router-registry");
+const acp_1 = require("./acp");
+// Sprint 702: ACPEngine trust scoring enforcement
+const acp_engine_1 = require("./acp-engine");
+// Sprint TICKET-005-RULE1: Rule 1 (Neutral Prompts) — detect answer-seeding in Qwen-recommended sprints
+const neutral_prompt_checker_1 = require("./neutral-prompt-checker");
+// Sprint TICKET-005-RULE2: Rule 2 (Research/Implementation Separation)
+const research_impl_gate_1 = require("./research-impl-gate");
+// Sprint TICKET-005-RULE3: Rule 3 (Task Contracts) — inputs/outputs/success_criteria required
+const task_contract_checker_1 = require("./task-contract-checker");
+// Sprint 1504: Emotional Safety Gate (INTEL-BRIEF-22)
+const emotional_safety_gate_1 = require("./emotional-safety-gate");
+// ── Plan Context Loader ───────────────────────────────────────────────────────
+function loadPlanContext(projectRoot) {
+    const planFiles = [
+        path.join(projectRoot, '..', 'Documents', 'Kognai', 'plans', 'PHASE_1_EXECUTION_PLAN.md'),
+        path.join(projectRoot, '..', 'Documents', 'Kognai', 'plans', 'FULL_WORK_PLAN.md'),
+    ];
+    let context = '';
+    for (const f of planFiles) {
+        try {
+            if (fs.existsSync(f)) {
+                const content = fs.readFileSync(f, 'utf-8');
+                // Take first 3000 chars of each plan file (QCG budget)
+                context += `\n--- ${path.basename(f)} ---\n${content.slice(0, 3000)}\n`;
+            }
+        }
+        catch { /* skip */ }
+    }
+    // Also load recent sprint files to check for duplicates
+    const sprintsDir = path.join(projectRoot, 'sprints');
+    if (fs.existsSync(sprintsDir)) {
+        try {
+            const recent = fs.readdirSync(sprintsDir)
+                .filter(f => f.endsWith('.json'))
+                .sort()
+                .slice(-10); // last 10 sprints
+            const titles = recent.map(f => {
+                try {
+                    const data = JSON.parse(fs.readFileSync(path.join(sprintsDir, f), 'utf-8'));
+                    return `${f}: ${data.title || data.name || 'untitled'}`;
+                }
+                catch {
+                    return f;
+                }
+            });
+            context += `\n--- Recent Sprints (last 10) ---\n${titles.join('\n')}\n`;
+        }
+        catch { /* skip */ }
+    }
+    return context;
+}
+// ── CTO Review ────────────────────────────────────────────────────────────────
+/**
+ * Submit a sprint proposal to the CTO agent for approval.
+ * Returns approval/rejection with reasoning.
+ *
+ * Uses T2 POWER (qwen3:14b, local, $0) for the review.
+ */
+async function requestCTOApproval(proposal, projectRoot, product = 'kognai') {
+    const timestamp = new Date().toISOString();
+    // Human-submitted sprints bypass CTO gate
+    if (proposal.source === 'human') {
+        return {
+            approved: true,
+            sprint_id: proposal.sprint_id,
+            reason: 'Human-submitted sprint — auto-approved per governance rules.',
+            plan_reference: 'HUMAN_OVERRIDE',
+            cto_confidence: 100,
+            timestamp,
+        };
+    }
+    // Queue-prescribed sprints bypass CTO LLM review — the queue IS the plan.
+    // workspace/sprint-queue.json is human-maintained and authoritative.
+    // ACP capability checks + Police Lite still run (below), but the LLM won't reject these.
+    if (proposal.source === 'queue-prescribed') {
+        logCTODecision({
+            approved: true,
+            sprint_id: proposal.sprint_id,
+            reason: 'Queue-prescribed sprint — auto-approved. Sprint queue is human-maintained authoritative plan.',
+            plan_reference: 'QUEUE_PRESCRIBED',
+            cto_confidence: 100,
+            timestamp,
+        }, projectRoot, product);
+        return {
+            approved: true,
+            sprint_id: proposal.sprint_id,
+            reason: 'Queue-prescribed sprint — auto-approved. Sprint queue is human-maintained authoritative plan.',
+            plan_reference: 'QUEUE_PRESCRIBED',
+            cto_confidence: 100,
+            timestamp,
+        };
+    }
+    // Sprint 650: ACP pre-check — reject if agents lack required capabilities
+    if (proposal.agent_capabilities && proposal.agent_capabilities.length > 0) {
+        const violations = [];
+        for (const task of proposal.agent_capabilities) {
+            for (const cap of task.required_capabilities) {
+                const result = (0, acp_1.checkCapability)(task.agent, cap);
+                if (!result.allowed)
+                    violations.push(result);
+            }
+        }
+        if (violations.length > 0) {
+            const violationSummary = violations.map(v => `${v.agent_id}: ${v.reason}`).join('; ');
+            return {
+                approved: false,
+                sprint_id: proposal.sprint_id,
+                reason: `ACP violation: ${violationSummary}`,
+                plan_reference: 'ACP_VIOLATION',
+                cto_confidence: 100,
+                timestamp,
+                acp_violations: violations,
+            };
+        }
+    }
+    // Sprint 702: ACPEngine trust enforcement — reject low-trust agents before wasting LLM tokens
+    try {
+        const acpEngine = new acp_engine_1.ACPEngine();
+        const taskTypes = proposal.tasks.map(t => typeof t === 'string' ? 'code-generation' : t.task_type || 'code-generation');
+        const agentIds = proposal.agent_capabilities?.map(a => a.agent) || ['coder'];
+        for (const agentId of agentIds) {
+            for (const taskType of taskTypes) {
+                const enforcement = acpEngine.enforce(agentId, taskType);
+                if (enforcement.recommendation === 'block' || enforcement.recommendation === 'recycle') {
+                    const violationStr = enforcement.violations.join('; ');
+                    logCTODecision({
+                        approved: false,
+                        sprint_id: proposal.sprint_id,
+                        reason: `ACPEngine ${enforcement.recommendation}: ${violationStr} (composite: ${enforcement.composite})`,
+                        plan_reference: 'ACP_TRUST_VIOLATION',
+                        cto_confidence: 100,
+                        timestamp,
+                    }, projectRoot, product);
+                    return {
+                        approved: false,
+                        sprint_id: proposal.sprint_id,
+                        reason: `ACPEngine ${enforcement.recommendation}: ${violationStr}`,
+                        plan_reference: 'ACP_TRUST_VIOLATION',
+                        cto_confidence: 100,
+                        timestamp,
+                    };
+                }
+                if (enforcement.recommendation === 'fallback') {
+                    console.warn(`[CTO-GATE] ACPEngine fallback for ${agentId}/${taskType}: ${enforcement.violations.join('; ')} (composite: ${enforcement.composite})`);
+                }
+            }
+        }
+    }
+    catch (err) {
+        // ACPEngine failure is non-fatal — proceed with LLM review
+        console.warn(`[CTO-GATE] ACPEngine check failed (non-fatal): ${err.message}`);
+    }
+    // Sprint TICKET-005-RULE2: Rule 2 (Research/Implementation Separation) — block impl if research not done
+    if (proposal.phase === 'implementation') {
+        const r2Result = (0, research_impl_gate_1.checkResearchGate)(proposal, projectRoot);
+        if (!r2Result.allowed) {
+            logCTODecision({
+                approved: false,
+                sprint_id: proposal.sprint_id,
+                reason: `Rule 2 violation: ${r2Result.reason}`,
+                plan_reference: 'RULE2_RESEARCH_NOT_DONE',
+                cto_confidence: 100,
+                timestamp,
+            }, projectRoot, product);
+            return {
+                approved: false,
+                sprint_id: proposal.sprint_id,
+                reason: `Rule 2 violation: ${r2Result.reason}`,
+                plan_reference: 'RULE2_RESEARCH_NOT_DONE',
+                cto_confidence: 100,
+                timestamp,
+            };
+        }
+    }
+    // Sprint TICKET-005-RULE3: Rule 3 (Task Contracts) — only for autonomous sprints
+    if (proposal.source === 'queue-empty-autonomous' || proposal.source === 'autonomous_loop') {
+        const r3Result = (0, task_contract_checker_1.checkTaskContracts)(proposal);
+        if (!r3Result.valid) {
+            const missing = r3Result.missing.join(', ');
+            logCTODecision({
+                approved: false,
+                sprint_id: proposal.sprint_id,
+                reason: `Rule 3 violation: missing contract fields — ${missing}`,
+                plan_reference: 'RULE3_CONTRACT_MISSING',
+                cto_confidence: 100,
+                timestamp,
+            }, projectRoot, product);
+            return {
+                approved: false,
+                sprint_id: proposal.sprint_id,
+                reason: `Rule 3 violation: missing contract fields — ${missing}`,
+                plan_reference: 'RULE3_CONTRACT_MISSING',
+                cto_confidence: 100,
+                timestamp,
+            };
+        }
+    }
+    // Sprint TICKET-005-RULE1: Rule 1 (Neutral Prompts) check — only for autonomous sprints
+    if (proposal.source === 'queue-empty-autonomous' || proposal.source === 'autonomous_loop') {
+        try {
+            const textToCheck = `${proposal.description}\n${proposal.tasks.join('\n')}`;
+            const r1Result = (0, neutral_prompt_checker_1.checkText)(textToCheck);
+            if (!r1Result.clean) {
+                const summary = r1Result.violations.slice(0, 3).map(v => `[${v.pattern}] ${v.text}`).join(' | ');
+                logCTODecision({
+                    approved: false,
+                    sprint_id: proposal.sprint_id,
+                    reason: `Rule 1 violation (answer-seeding in brief): ${summary}`,
+                    plan_reference: 'RULE1_NEUTRAL_PROMPT_VIOLATION',
+                    cto_confidence: 100,
+                    timestamp,
+                }, projectRoot, product);
+                return {
+                    approved: false,
+                    sprint_id: proposal.sprint_id,
+                    reason: `Rule 1 violation (answer-seeding in brief): ${summary}`,
+                    plan_reference: 'RULE1_NEUTRAL_PROMPT_VIOLATION',
+                    cto_confidence: 100,
+                    timestamp,
+                };
+            }
+        }
+        catch (err) {
+            console.warn(`[CTO-GATE] Rule 1 check failed (non-fatal): ${err.message}`);
+        }
+    }
+    // Sprint 1504: Emotional Safety Gate (INTEL-BRIEF-22)
+    // Only runs for high-stakes operation types. Calm = 0% blackmail rate per Anthropic research.
+    const GATED_OPERATIONS = emotional_safety_gate_1.DEFAULT_CALM_GATE_CONFIG.gated_operations;
+    const operationType = proposal.operation_type;
+    if (operationType && GATED_OPERATIONS.includes(operationType)) {
+        const context = `${proposal.title} ${proposal.description} ${proposal.tasks.join(' ')}`;
+        const emotionalAssessment = (0, emotional_safety_gate_1.assessEmotionalState)(context);
+        if (emotionalAssessment.should_block) {
+            const logEntry = {
+                sprint_id: proposal.sprint_id,
+                operation_type: operationType,
+                tone: emotionalAssessment.tone,
+                confidence: emotionalAssessment.confidence,
+                matched_keywords: emotionalAssessment.matched_keywords,
+                reason: emotionalAssessment.reason,
+                timestamp,
+                product,
+            };
+            try {
+                const emotionLogDir = path.join(projectRoot, 'logs', 'emotional-gate');
+                if (!fs.existsSync(emotionLogDir))
+                    fs.mkdirSync(emotionLogDir, { recursive: true });
+                const emotionLogFile = path.join(emotionLogDir, `${timestamp.slice(0, 10)}.jsonl`);
+                fs.appendFileSync(emotionLogFile, JSON.stringify(logEntry) + '\n');
+            }
+            catch { /* non-critical */ }
+            logCTODecision({
+                approved: false,
+                sprint_id: proposal.sprint_id,
+                reason: `Emotional safety gate blocked: ${emotionalAssessment.reason}`,
+                plan_reference: 'EMOTIONAL_GATE_BLOCK',
+                cto_confidence: 100,
+                timestamp,
+            }, projectRoot, product);
+            return {
+                approved: false,
+                sprint_id: proposal.sprint_id,
+                reason: `Emotional safety gate blocked: ${emotionalAssessment.reason}`,
+                plan_reference: 'EMOTIONAL_GATE_BLOCK',
+                cto_confidence: 100,
+                timestamp,
+            };
+        }
+    }
+    const planContext = loadPlanContext(projectRoot);
+    const systemPrompt = `You are the CTO agent for ${product}. Your ONLY job is to decide whether a proposed sprint should be executed or rejected.
+
+RULES:
+1. APPROVE if the sprint directly maps to an item in the execution plan or work plan
+2. APPROVE if the sprint is a Sev-1 bug fix or critical path blocker fix
+3. APPROVE if the sprint source is "auto-queue-empty" — this means the human queue is complete and the system is generating organic continuation sprints. These should be approved unless they duplicate recent work or are clearly harmful.
+4. REJECT if the sprint duplicates work already completed in recent sprints
+5. REJECT if the sprint invents new features not requested by the human founder AND the queue still has pending items
+
+You must respond ONLY with valid JSON:
+{
+  "approved": true/false,
+  "reason": "one sentence explanation",
+  "plan_reference": "which plan item this maps to, or NOT_IN_PLAN",
+  "confidence": 0-100
+}`;
+    const prompt = `SPRINT PROPOSAL:
+ID: ${proposal.sprint_id}
+Title: ${proposal.title}
+Description: ${proposal.description}
+Tasks: ${proposal.tasks.join('; ')}
+Source: ${proposal.source}
+
+CURRENT PLANS AND RECENT SPRINTS:
+${planContext}
+
+Should this sprint be approved or rejected? Respond with JSON only.`;
+    try {
+        const response = await (0, model_router_registry_1.getModelRouter)().routeCall({
+            task_type: 'cto_sprint_review',
+            tier_class: 'text',
+            complexity: 'power', // T2 — local, $0
+            context_tokens: Math.ceil((prompt.length + systemPrompt.length) / 4),
+            constitutional_flag: false,
+            agent_id: `cto-${product}`,
+            payload: { system: systemPrompt, prompt, max_tokens: 500 },
+        });
+        // Parse CTO response
+        const content = response.content.trim();
+        // Extract JSON from response (handle markdown code blocks)
+        const jsonMatch = content.match(/\{[\s\S]*\}/);
+        if (!jsonMatch) {
+            // If CTO can't parse → reject by default (safe side)
+            return {
+                approved: false,
+                sprint_id: proposal.sprint_id,
+                reason: 'CTO response was not valid JSON — rejecting for safety.',
+                plan_reference: 'PARSE_ERROR',
+                cto_confidence: 0,
+                timestamp,
+            };
+        }
+        const parsed = JSON.parse(jsonMatch[0]);
+        const result = {
+            approved: Boolean(parsed.approved),
+            sprint_id: proposal.sprint_id,
+            reason: String(parsed.reason || 'No reason given'),
+            plan_reference: String(parsed.plan_reference || 'UNKNOWN'),
+            cto_confidence: Number(parsed.confidence) || 0,
+            timestamp,
+        };
+        // Sprint 712: Police Agent Lite — constitutional cross-check
+        try {
+            const signalsPath = path.join(projectRoot, 'workspace', 'shared-context', 'SIGNALS.md');
+            if (fs.existsSync(signalsPath)) {
+                const signalsContent = fs.readFileSync(signalsPath, 'utf-8');
+                const criticalSignals = signalsContent.split('\n')
+                    .filter(l => l.includes('**CRITICAL**'))
+                    .map(l => l.replace(/^-\s*/, '').trim());
+                if (criticalSignals.length > 0 && result.approved) {
+                    // Check if sprint touches flagged areas
+                    const sprintText = `${proposal.sprint_id} ${proposal.tasks?.map((t) => t.title || t.id).join(' ') || ''}`.toLowerCase();
+                    const flagged = criticalSignals.filter(s => {
+                        const keywords = s.toLowerCase().match(/\b\w{4,}\b/g) || [];
+                        return keywords.some(k => sprintText.includes(k));
+                    });
+                    if (flagged.length > 0) {
+                        console.warn(`[CTO-GATE] 🚨 Police Lite: CRITICAL signal match — REJECTING`);
+                        result.approved = false;
+                        result.reason = `Police Agent Lite: CRITICAL constitutional signal(s) active — ${flagged[0].substring(0, 100)}. Sprint touches flagged area. ${result.reason}`;
+                        result.plan_reference = 'POLICE_LITE_BLOCK';
+                    }
+                    else {
+                        console.log(`[CTO-GATE] Police Lite: ${criticalSignals.length} CRITICAL signal(s) active but no overlap with sprint`);
+                    }
+                }
+                // Founding Charter immutable law check
+                const charterKeywords = ['five seed principles', 'summer yu', 'kill switch', 'human oversight', 'context compaction'];
+                const sprintLower = `${proposal.sprint_id} ${proposal.tasks?.map((t) => t.title || t.id).join(' ') || ''}`.toLowerCase();
+                const charterViolation = charterKeywords.find(k => sprintLower.includes('remove') && sprintLower.includes(k));
+                if (charterViolation) {
+                    console.warn(`[CTO-GATE] 🚨 Police Lite: Founding Charter violation detected — REJECTING`);
+                    result.approved = false;
+                    result.reason = `Police Agent Lite: Founding Charter immutable law at risk (${charterViolation}). AUTOMATIC REJECT.`;
+                    result.plan_reference = 'CHARTER_VIOLATION';
+                }
+            }
+        }
+        catch (err) {
+            // Police Lite failure is non-fatal — proceed with LLM result
+            console.warn(`[CTO-GATE] Police Lite check failed (non-fatal): ${err.message}`);
+        }
+        // Log the decision
+        logCTODecision(result, projectRoot, product);
+        return result;
+    }
+    catch (err) {
+        // If CTO agent is unavailable → reject by default
+        return {
+            approved: false,
+            sprint_id: proposal.sprint_id,
+            reason: `CTO agent unavailable: ${err.message}. Rejecting for safety.`,
+            plan_reference: 'CTO_UNAVAILABLE',
+            cto_confidence: 0,
+            timestamp,
+        };
+    }
+}
+// ── Decision Log ──────────────────────────────────────────────────────────────
+function logCTODecision(result, projectRoot, product) {
+    try {
+        const logDir = path.join(projectRoot, 'logs', 'cto-gate');
+        if (!fs.existsSync(logDir))
+            fs.mkdirSync(logDir, { recursive: true });
+        const logFile = path.join(logDir, `${result.timestamp.slice(0, 10)}.jsonl`);
+        fs.appendFileSync(logFile, JSON.stringify({ product, ...result }) + '\n');
+    }
+    catch { /* non-critical */ }
+}
+// ── Batch Review (for autonomous loop) ────────────────────────────────────────
+/**
+ * Review multiple sprint proposals in sequence. Returns only approved ones.
+ * Use this in the autonomous loop to filter proposals before execution.
+ */
+async function batchCTOReview(proposals, projectRoot, product = 'kognai') {
+    const approved = [];
+    const rejected = [];
+    for (const proposal of proposals) {
+        const result = await requestCTOApproval(proposal, projectRoot, product);
+        if (result.approved) {
+            approved.push(proposal);
+        }
+        else {
+            rejected.push(result);
+        }
+    }
+    return { approved, rejected };
+}

package/dist/lib/cto-gate-types.d.ts

@@ -0,0 +1,28 @@
+/**
+ * cto-gate-types.ts — TICKET-215 Wave D: SprintProposal lifted out of
+ * cto-approval-gate so the gate AND the governance checks (research-impl-gate,
+ * task-contract-checker) share one declaration without importing each other
+ * (breaks the former type-only cycle cleanly).
+ */
+import type { Capability } from './acp';
+export interface SprintProposal {
+    sprint_id: string;
+    title: string;
+    description: string;
+    tasks: string[];
+    estimated_complexity: string;
+    source: 'autonomous_loop' | 'human' | 'cto_backlog' | 'queue-prescribed' | 'auto-queue-empty' | 'queue-empty-autonomous';
+    /** Sprint TICKET-005-RULE2: research | implementation phase gate */
+    phase?: 'research' | 'implementation';
+    /** ID of the research sprint that must be done before this implementation sprint can run */
+    research_sprint_id?: string;
+    /** Sprint TICKET-005-RULE3: Task Contracts — required for autonomous sprints */
+    inputs?: string[];
+    outputs?: string[];
+    success_criteria?: string[];
+    /** Optional: map of agent_id → required capabilities for ACP pre-check */
+    agent_capabilities?: Array<{
+        agent: string;
+        required_capabilities: Capability[];
+    }>;
+}

package/dist/lib/cto-gate-types.js

@@ -0,0 +1,8 @@
+"use strict";
+/**
+ * cto-gate-types.ts — TICKET-215 Wave D: SprintProposal lifted out of
+ * cto-approval-gate so the gate AND the governance checks (research-impl-gate,
+ * task-contract-checker) share one declaration without importing each other
+ * (breaks the former type-only cycle cleanly).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });