@lamentis/naome 1.3.2 → 1.3.4

package/Cargo.lock

@@ -76,7 +76,7 @@ checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "naome-cli"
-version = "1.3.2"
+version = "1.3.4"
 dependencies = [
  "naome-core",
  "serde_json",
@@ -84,7 +84,7 @@ dependencies = [
 
 [[package]]
 name = "naome-core"
-version = "1.3.2"
+version = "1.3.4"
 dependencies = [
  "serde",
  "serde_json",

package/crates/naome-cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "naome-cli"
-version = "1.3.2"
+version = "1.3.4"
 edition.workspace = true
 license.workspace = true
 repository.workspace = true

package/crates/naome-cli/src/main.rs

@@ -69,6 +69,7 @@ const HELP: &str = r#"Usage:
   naome workflow phases [--json]
   naome workflow processes [--json]
   naome workflow mutations --path <path> [path...] [--json]
+  naome workflow information [--path <path>] [--json]
   naome check-harness-health [--root <path>] [--allow-missing-archive]
   naome check-task-state [--root <path>] [--admission|--progress|--commit-gate|--push-gate] [--allow-missing-archive]
   naome validate-verification [--root <path>]"#;

package/crates/naome-cli/src/workflow_commands.rs

@@ -1,9 +1,10 @@
 use std::path::Path;
 
 use naome_core::{
-    agent_run_plan, classify_mutations, context_delta_report, decision_gate, doctor_report,
-    edit_session_watchdog, proof_plan_for_task, refresh_integrity, repository_capability_graph,
-    safe_rg_args, summarize_command_output, tracked_process_report, validate_search_command,
+    agent_run_plan, classify_information_path, classify_mutations, context_delta_report,
+    decision_gate, doctor_report, edit_session_watchdog, information_architecture_report,
+    proof_plan_for_task, refresh_integrity, repository_capability_graph, safe_rg_args,
+    summarize_command_output, tracked_process_report, validate_search_command,
     verification_phase_plan,
 };
 
@@ -32,7 +33,7 @@ pub fn run_workflow_command(
     args: &[String],
 ) -> Result<(), Box<dyn std::error::Error>> {
     let Some(subcommand) = args.get(1).map(String::as_str) else {
-        return Err("naome workflow requires agent-plan, context-delta, proof-plan, capabilities, edit-watchdog, decision-gate, digest, search-profile, check-search, phases, processes, or mutations.".into());
+        return Err("naome workflow requires agent-plan, context-delta, proof-plan, capabilities, edit-watchdog, decision-gate, digest, search-profile, check-search, phases, processes, mutations, or information.".into());
     };
     let json = args.iter().any(|arg| arg == "--json");
 
@@ -103,6 +104,7 @@ pub fn run_workflow_command(
             }
         }
         "mutations" => run_mutations(root, args, json)?,
+        "information" => run_information(args, json)?,
         _ => return Err(format!("unknown naome workflow command: {subcommand}").into()),
     }
     Ok(())
@@ -179,6 +181,30 @@ fn run_mutations(
     Ok(())
 }
 
+fn run_information(args: &[String], json: bool) -> Result<(), Box<dyn std::error::Error>> {
+    if let Some(path) = option_value(args, "--path") {
+        let classification = classify_information_path(&path);
+        if json {
+            println!("{}", serde_json::to_string_pretty(&classification)?);
+        } else {
+            println!(
+                "{}: {} ({}, {})",
+                classification.path,
+                classification.class,
+                classification.commit_policy,
+                classification.restore_policy
+            );
+        }
+        return Ok(());
+    }
+
+    print_json_or_label(
+        serde_json::to_value(information_architecture_report())?,
+        json,
+        "NAOME information architecture ready.",
+    )
+}
+
 fn run_context_delta(
     root: &Path,
     args: &[String],

package/crates/naome-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "naome-core"
-version = "1.3.2"
+version = "1.3.4"
 edition.workspace = true
 license.workspace = true
 repository.workspace = true

package/crates/naome-core/src/information_architecture.rs

@@ -0,0 +1,179 @@
+use serde::Serialize;
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+pub struct InformationArchitectureReport {
+    pub schema: &'static str,
+    pub version: u8,
+    pub classes: Vec<InformationClass>,
+    pub rules: Vec<InformationPathRule>,
+}
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+pub struct InformationClass {
+    pub id: &'static str,
+    pub description: &'static str,
+    pub commit_policy: &'static str,
+    pub restore_policy: &'static str,
+}
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+pub struct InformationPathRule {
+    pub path_pattern: &'static str,
+    pub class: &'static str,
+    pub commit_policy: &'static str,
+    pub restore_policy: &'static str,
+}
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+pub struct InformationPathClassification {
+    pub path: String,
+    pub class: &'static str,
+    pub commit_policy: &'static str,
+    pub restore_policy: &'static str,
+}
+
+const CLASSES: &[(&str, &str, &str, &str)] = &[
+    (
+        "durable_project_state",
+        "Committed configuration, policy, and templates required to reconstruct the harness.",
+        "commit",
+        "restore_from_repository_or_package",
+    ),
+    (
+        "durable_task_ledger",
+        "Committed task intent, scope, and lifecycle records.",
+        "commit",
+        "restore_from_repository",
+    ),
+    (
+        "generated_projection",
+        "Compatibility views generated from durable state.",
+        "commit_when_required_by_compatibility",
+        "regenerate_from_durable_state",
+    ),
+    (
+        "local_runtime_state",
+        "Machine-local prompts, caches, temporary files, and runtime state.",
+        "never_commit",
+        "recreate_on_demand",
+    ),
+    (
+        "run_evidence",
+        "Verification outputs from a specific run.",
+        "prefer_compact_release_evidence",
+        "restore_from_ci_or_task_ledger_when_audited",
+    ),
+    (
+        "product_source",
+        "Repository source, package metadata, tests, scripts, and documentation.",
+        "commit_when_in_task_scope",
+        "restore_from_repository",
+    ),
+];
+struct RuleSeed {
+    path_pattern: &'static str,
+    class: &'static str,
+}
+
+const RULES: &[RuleSeed] = &[
+    RuleSeed { path_pattern: ".naome/tmp/**", class: "local_runtime_state" },
+    RuleSeed { path_pattern: ".naome/task-state.json", class: "generated_projection" },
+    RuleSeed { path_pattern: ".naome/tasks/active.json", class: "durable_task_ledger" },
+    RuleSeed { path_pattern: ".naome/tasks/*/task.json", class: "durable_task_ledger" },
+    RuleSeed { path_pattern: ".naome/tasks/*/events.jsonl", class: "durable_task_ledger" },
+    RuleSeed { path_pattern: ".naome/tasks/*/proofs/*.json", class: "run_evidence" },
+    RuleSeed { path_pattern: ".naome/manifest.json", class: "durable_project_state" },
+    RuleSeed { path_pattern: ".naome/verification.json", class: "durable_project_state" },
+    RuleSeed { path_pattern: ".naome/repository-quality*.json", class: "durable_project_state" },
+    RuleSeed { path_pattern: "docs/naome/**", class: "durable_project_state" },
+    RuleSeed { path_pattern: "packages/naome/templates/naome-root/**", class: "durable_project_state" },
+];
+pub fn information_architecture_report() -> InformationArchitectureReport {
+    InformationArchitectureReport {
+        schema: "naome.information-architecture.v1",
+        version: 1,
+        classes: CLASSES
+            .iter()
+            .map(|entry| class_from_tuple(*entry))
+            .collect(),
+        rules: RULES
+            .iter()
+            .map(|rule| rule_from_class(rule.path_pattern, rule.class))
+            .collect(),
+    }
+}
+
+pub fn classify_information_path(path: &str) -> InformationPathClassification {
+    let path = normalize_path(path);
+    let class_id = RULES
+        .iter()
+        .find(|rule| matches_information_rule(&path, rule.path_pattern))
+        .map(|rule| rule.class)
+        .unwrap_or("product_source");
+    let class = class_by_id(class_id);
+    InformationPathClassification {
+        path,
+        class: class.id,
+        commit_policy: class.commit_policy,
+        restore_policy: class.restore_policy,
+    }
+}
+
+fn rule_from_class(path_pattern: &'static str, class_id: &'static str) -> InformationPathRule {
+    let class = class_by_id(class_id);
+    InformationPathRule {
+        path_pattern,
+        class: class.id,
+        commit_policy: class.commit_policy,
+        restore_policy: class.restore_policy,
+    }
+}
+
+fn class_by_id(id: &str) -> InformationClass {
+    CLASSES
+        .iter()
+        .find(|(class_id, _, _, _)| *class_id == id)
+        .map(|entry| class_from_tuple(*entry))
+        .expect("information class rule must reference a known class")
+}
+
+fn class_from_tuple(
+    entry: (&'static str, &'static str, &'static str, &'static str),
+) -> InformationClass {
+    InformationClass {
+        id: entry.0,
+        description: entry.1,
+        commit_policy: entry.2,
+        restore_policy: entry.3,
+    }
+}
+
+fn normalize_path(path: &str) -> String {
+    path.replace('\\', "/")
+        .trim_start_matches("./")
+        .trim_end_matches('/')
+        .to_string()
+}
+
+fn matches_information_rule(path: &str, pattern: &str) -> bool {
+    if let Some(prefix) = pattern.strip_suffix("/**") {
+        return path == prefix || path.starts_with(&format!("{prefix}/"));
+    }
+    if let Some(prefix) = pattern
+        .strip_suffix("*.json")
+        .filter(|prefix| !prefix.contains('*'))
+    {
+        return path.starts_with(prefix) && path.ends_with(".json");
+    }
+
+    let path_parts: Vec<&str> = path.split('/').collect();
+    let pattern_parts: Vec<&str> = pattern.split('/').collect();
+    path_parts.len() == pattern_parts.len()
+        && path_parts
+            .iter()
+            .zip(pattern_parts.iter())
+            .all(|(path_part, pattern_part)| {
+                *pattern_part == "*"
+                    || *path_part == *pattern_part
+                    || pattern_part
+                        .strip_prefix('*')
+                        .is_some_and(|suffix| path_part.ends_with(suffix))
+            })
+}

package/crates/naome-core/src/lib.rs

@@ -2,6 +2,7 @@ mod context;
 mod decision;
 mod git;
 mod harness_health;
+mod information_architecture;
 mod install_plan;
 mod intent;
 mod journal;
@@ -14,6 +15,7 @@ mod task_ledger;
 mod task_state;
 mod verification;
 mod verification_contract;
+mod verification_contract_policy;
 mod workflow;
 
 pub use context::{
@@ -22,6 +24,10 @@ pub use context::{
 };
 pub use decision::{evaluate_decision, format_decision, EvaluationOptions};
 pub use harness_health::{validate_harness_health, HarnessHealthOptions};
+pub use information_architecture::{
+    classify_information_path, information_architecture_report, InformationArchitectureReport,
+    InformationClass, InformationPathClassification, InformationPathRule,
+};
 pub use install_plan::{install_plan, InstallPlan};
 pub use install_plan::{MACHINE_OWNED_PATHS, PROJECT_OWNED_PATHS};
 pub use intent::{evaluate_intent, format_intent, IntentDecision, PromptEvidence};

package/crates/naome-core/src/route/quality_gate_config.rs

@@ -98,6 +98,7 @@ pub(super) fn user_diff_check_ids(
             "No quality checks are configured for these changed paths.",
         ));
     }
+    enforce_repository_semantic_companion(&mut ids, checks)?;
 
     Ok(ids)
 }
@@ -124,3 +125,20 @@ fn push_unique_string(values: &mut Vec<String>, value: &str) {
         values.push(value.to_string());
     }
 }
+
+fn enforce_repository_semantic_companion(
+    ids: &mut Vec<String>,
+    checks: &HashMap<&str, QualityCheck>,
+) -> Result<(), NaomeError> {
+    if !ids.iter().any(|item| item == "repository-quality-check") {
+        return Ok(());
+    }
+    if checks.contains_key("repository-semantic-check") {
+        push_unique_string(ids, "repository-semantic-check");
+        return Ok(());
+    }
+
+    Err(NaomeError::new(
+        "repository-quality-check requires repository-semantic-check so semantic findings are mandatory quality-gate failures.",
+    ))
+}

package/crates/naome-core/src/task_ledger/render.rs

@@ -1,6 +1,6 @@
 use std::path::Path;
 
-use serde_json::{json, Value};
+use serde_json::{json, Map, Value};
 
 use crate::models::NaomeError;
 
@@ -28,28 +28,62 @@ pub(super) fn render_from_ledger(root: &Path) -> Result<Option<TaskLedgerProject
 }
 
 fn render_active_task(spec: Value, proof_results: Vec<Value>) -> Value {
-    json!({
-        "id": spec.get("id").cloned().unwrap_or(Value::Null),
-        "request": spec.get("request").cloned().unwrap_or(Value::Null),
-        "userPrompt": spec.get("userPrompt").cloned().unwrap_or(Value::Null),
-        "admission": spec.get("admission").cloned().unwrap_or(Value::Null),
-        "allowedPaths": spec.get("allowedPaths").cloned().unwrap_or_else(|| json!([])),
-        "declaredChangeTypes": spec
-            .get("declaredChangeTypes")
+    let mut active_task = Map::new();
+    active_task.insert(
+        "id".to_string(),
+        spec.get("id").cloned().unwrap_or(Value::Null),
+    );
+    active_task.insert(
+        "request".to_string(),
+        spec.get("request").cloned().unwrap_or(Value::Null),
+    );
+    active_task.insert(
+        "userPrompt".to_string(),
+        spec.get("userPrompt").cloned().unwrap_or(Value::Null),
+    );
+    active_task.insert(
+        "admission".to_string(),
+        spec.get("admission").cloned().unwrap_or(Value::Null),
+    );
+    active_task.insert(
+        "allowedPaths".to_string(),
+        spec.get("allowedPaths")
             .cloned()
             .unwrap_or_else(|| json!([])),
-        "requiredCheckIds": spec
-            .get("requiredCheckIds")
+    );
+    active_task.insert(
+        "declaredChangeTypes".to_string(),
+        spec.get("declaredChangeTypes")
             .cloned()
             .unwrap_or_else(|| json!([])),
-        "proofResults": proof_results,
-        "revisions": spec.get("revisions").cloned().unwrap_or_else(|| json!([])),
-        "humanReview": spec.get("humanReview").cloned().unwrap_or_else(|| {
+    );
+    active_task.insert(
+        "requiredCheckIds".to_string(),
+        spec.get("requiredCheckIds")
+            .cloned()
+            .unwrap_or_else(|| json!([])),
+    );
+    active_task.insert("proofResults".to_string(), Value::Array(proof_results));
+    if let Some(path_sets) = spec.get("proofPathSets") {
+        active_task.insert("proofPathSets".to_string(), path_sets.clone());
+    }
+    if let Some(batches) = spec.get("proofBatches") {
+        active_task.insert("proofBatches".to_string(), batches.clone());
+    }
+    active_task.insert(
+        "revisions".to_string(),
+        spec.get("revisions").cloned().unwrap_or_else(|| json!([])),
+    );
+    active_task.insert(
+        "humanReview".to_string(),
+        spec.get("humanReview").cloned().unwrap_or_else(|| {
             json!({
                 "required": false,
                 "approved": false,
                 "reason": null
             })
-        })
-    })
+        }),
+    );
+
+    Value::Object(active_task)
 }

package/crates/naome-core/src/task_state/diff.rs

@@ -6,7 +6,7 @@ use serde_json::Value;
 use crate::models::NaomeError;
 
 use super::git_io::read_git_changed_entries;
-use super::types::{is_control_state_path, ChangedEntry, TaskDiff};
+use super::types::{is_control_state_path, is_local_runtime_path, ChangedEntry, TaskDiff};
 use super::util::{matches_any_pattern, normalize_path, string_array};
 pub(super) fn validate_changed_paths(
     active_task: &Value,
@@ -80,7 +80,7 @@ pub(super) fn task_diff_from_entries(active_task: &Value, entries: &[ChangedEntr
     let diff_paths: Vec<String> = entries
         .iter()
         .map(|entry| entry.path.clone())
-        .filter(|path| !is_control_state_path(path))
+        .filter(|path| !is_control_state_path(path) && !is_local_runtime_path(path))
         .collect();
     let outside_paths = diff_paths
         .iter()

package/crates/naome-core/src/task_state/git_io.rs

@@ -6,7 +6,7 @@ use crate::models::NaomeError;
 
 pub(super) use super::git_parse::{parse_name_status_output, split_nul, upsert_changed_entry};
 pub(super) use super::git_refs::{command_output, git_commit_exists, read_git_head, run_git};
-use super::types::ChangedEntry;
+use super::types::{is_local_runtime_path, ChangedEntry};
 use super::util::normalize_path;
 pub(super) fn read_git_changed_paths(root: &Path) -> Result<Vec<String>, NaomeError> {
     Ok(read_git_changed_entries(root)?
@@ -55,6 +55,9 @@ pub(super) fn read_git_changed_entries(root: &Path) -> Result<Vec<ChangedEntry>,
         }
 
         for entry in parse_name_status_output(&output.stdout) {
+            if is_local_runtime_path(&entry.path) {
+                continue;
+            }
             upsert_changed_entry(&mut entries, entry);
         }
     }
@@ -69,7 +72,7 @@ pub(super) fn read_git_changed_entries(root: &Path) -> Result<Vec<ChangedEntry>,
 
     for token in split_nul(&untracked.stdout) {
         let path = normalize_path(token.trim());
-        if !path.is_empty() {
+        if !path.is_empty() && !is_local_runtime_path(&path) {
             upsert_changed_entry(
                 &mut entries,
                 ChangedEntry {

package/crates/naome-core/src/task_state/types.rs

@@ -97,6 +97,10 @@ pub(super) fn is_control_state_path(path: &str) -> bool {
     path == CONTROL_STATE_PATH || path.starts_with(TASK_LEDGER_PATH_PREFIX)
 }
 
+pub(super) fn is_local_runtime_path(path: &str) -> bool {
+    path == ".naome/tmp" || path.starts_with(".naome/tmp/")
+}
+
 pub(super) fn read_complete_active_task(root: &Path) -> Result<Option<(Value, Value)>, NaomeError> {
     let Some(task_state) = read_task_state_projection(root)? else {
         return Ok(None);

package/crates/naome-core/src/verification_contract.rs

@@ -5,6 +5,7 @@ use std::path::Path;
 use serde_json::Value;
 
 use crate::models::NaomeError;
+use crate::verification_contract_policy::validate_semantic_quality_gate_policy;
 
 const REQUIRED_TESTING_HEADINGS: &[&str] = &[
     "# Testing And Verification",
@@ -29,7 +30,7 @@ const ALLOWED_TOP_LEVEL_KEYS: &[&str] = &[
 const MAX_CHECKS: usize = 20;
 const MAX_PHASES: usize = 8;
 const MAX_CHANGE_TYPES: usize = 12;
-const MAX_RELEASE_GATES: usize = 10;
+const MAX_RELEASE_GATES: usize = 12;
 
 pub fn validate_verification_contract(root: &Path) -> Result<Vec<String>, NaomeError> {
     let mut errors = Vec::new();
@@ -135,6 +136,7 @@ fn validate_contract_shape(contract: &Value, errors: &mut Vec<String>) {
     }
     validate_change_types(change_types, &check_ids, errors);
     validate_release_gates(release_gates, &check_ids, errors);
+    validate_semantic_quality_gate_policy(change_types, release_gates, &check_ids, errors);
 
     if status == Some("ready") && contains_example_placeholders(contract) {
         errors.push(

package/crates/naome-core/src/verification_contract_policy.rs

@@ -0,0 +1,52 @@
+use std::collections::HashSet;
+
+use serde_json::Value;
+
+pub(crate) fn validate_semantic_quality_gate_policy(
+    change_types: &[Value],
+    release_gates: &[Value],
+    check_ids: &HashSet<String>,
+    errors: &mut Vec<String>,
+) {
+    if check_ids.contains("repository-quality-check")
+        && !check_ids.contains("repository-semantic-check")
+    {
+        errors.push(
+            "checks must include repository-semantic-check whenever repository-quality-check is configured.".to_string(),
+        );
+    }
+
+    for (index, change_type) in change_types.iter().enumerate() {
+        let Some(required_checks) = change_type
+            .get("requiredChecks")
+            .and_then(Value::as_array)
+        else {
+            continue;
+        };
+        let has_quality = contains_string(required_checks, "repository-quality-check");
+        let has_semantic = contains_string(required_checks, "repository-semantic-check");
+        if has_quality && !has_semantic {
+            errors.push(format!(
+                "changeTypes[{index}].requiredChecks must include repository-semantic-check whenever repository-quality-check is required."
+            ));
+        }
+    }
+
+    let has_quality_release_gate = release_gates.iter().any(|gate| {
+        gate.get("checkId").and_then(Value::as_str) == Some("repository-quality-check")
+    });
+    let has_semantic_release_gate = release_gates.iter().any(|gate| {
+        gate.get("checkId").and_then(Value::as_str) == Some("repository-semantic-check")
+    });
+    if has_quality_release_gate && !has_semantic_release_gate {
+        errors.push(
+            "releaseGates must include repository-semantic-check whenever repository-quality-check is a release gate.".to_string(),
+        );
+    }
+}
+
+fn contains_string(values: &[Value], expected: &str) -> bool {
+    values
+        .iter()
+        .any(|value| value.as_str() == Some(expected))
+}

package/crates/naome-core/tests/information_architecture.rs

@@ -0,0 +1,58 @@
+use naome_core::{classify_information_path, information_architecture_report};
+
+#[test]
+fn classifies_naome_information_by_restore_source() {
+    let durable = classify_information_path(".naome/verification.json");
+    assert_eq!(durable.class, "durable_project_state");
+    assert_eq!(durable.commit_policy, "commit");
+    assert_eq!(durable.restore_policy, "restore_from_repository_or_package");
+
+    let projection = classify_information_path(".naome/task-state.json");
+    assert_eq!(projection.class, "generated_projection");
+    assert_eq!(
+        projection.commit_policy,
+        "commit_when_required_by_compatibility"
+    );
+    assert_eq!(projection.restore_policy, "regenerate_from_durable_state");
+
+    let local = classify_information_path(".naome/tmp/route.prompt");
+    assert_eq!(local.class, "local_runtime_state");
+    assert_eq!(local.commit_policy, "never_commit");
+    assert_eq!(local.restore_policy, "recreate_on_demand");
+
+    let proof = classify_information_path(".naome/tasks/readme-task/proofs/diff-check.json");
+    assert_eq!(proof.class, "run_evidence");
+    assert_eq!(proof.commit_policy, "prefer_compact_release_evidence");
+    assert_eq!(
+        proof.restore_policy,
+        "restore_from_ci_or_task_ledger_when_audited"
+    );
+
+    let task = classify_information_path(".naome/tasks/readme-task/task.json");
+    assert_eq!(task.class, "durable_task_ledger");
+    assert_eq!(task.commit_policy, "commit");
+    assert_eq!(task.restore_policy, "restore_from_repository");
+}
+
+#[test]
+fn reports_information_architecture_contract_for_agents() {
+    let report = information_architecture_report();
+
+    assert_eq!(report.schema, "naome.information-architecture.v1");
+    assert!(report
+        .classes
+        .iter()
+        .any(|class| class.id == "durable_project_state"));
+    assert!(report
+        .classes
+        .iter()
+        .any(|class| class.id == "generated_projection"));
+    assert!(report
+        .classes
+        .iter()
+        .any(|class| class.id == "run_evidence"));
+    assert!(report
+        .rules
+        .iter()
+        .any(|rule| rule.path_pattern == ".naome/tasks/*/proofs/*.json"));
+}

package/crates/naome-core/tests/repo_support/mod.rs

@@ -17,6 +17,7 @@ pub use verification_values::{
     change_type, check_missing_last_verified_fixture, diff_check,
     placeholder_verification_contract_fixture, quality_check, repo_docs_verification_fixture,
     repository_quality_config_source,
-    repository_quality_config_value, semantic_repository_quality_fixture_source,
+    repository_quality_config_value, repository_semantic_check,
+    semantic_repository_quality_fixture_source,
     verification_value,
 };

package/crates/naome-core/tests/repo_support/verification.rs

@@ -2,7 +2,8 @@ use serde_json::{json, Value};
 
 use super::repo::TestRepo;
 use super::verification_values::{
-    change_type, diff_check, mutating_diff_check, repository_quality_check, verification_value,
+    change_type, diff_check, mutating_diff_check, repository_quality_check,
+    repository_semantic_check, verification_value,
 };
 
 impl TestRepo {
@@ -33,54 +34,39 @@ impl TestRepo {
     ) {
         let mut checks = vec![diff_check(vec!["README.md"])];
         checks.extend(extra_checks);
-
         self.write_naome_json(
             "verification.json",
-            json!({
-                "schema": "naome.verification.v1",
-                "version": 1,
-                "status": "ready",
-                "checks": checks,
-                "changeTypes": [
-                    {
-                        "id": "readme",
-                        "description": "README changes.",
-                        "paths": ["README.md"],
-                        "requiredChecks": required_checks,
-                        "recommendedChecks": [],
-                        "humanReview": false
-                    }
-                ],
-                "releaseGates": []
-            }),
+            verification_value(
+                "ready",
+                checks,
+                vec![change_type(
+                    "readme",
+                    "README changes.",
+                    vec!["README.md"],
+                    required_checks,
+                )],
+            ),
         );
     }
 
     pub fn write_product_quality_verification(&self) {
         self.write_naome_json(
             "verification.json",
-            json!({
-                "schema": "naome.verification.v1",
-                "version": 1,
-                "status": "ready",
-                "checks": product_quality_checks(),
-                "changeTypes": [
-                    {
-                        "id": "product-installer-or-template",
-                        "description": "NAOME product changes.",
-                        "paths": ["packages/naome/**", "scripts/**"],
-                        "requiredChecks": [
-                            "installer-tests",
-                            "rust-build",
-                            "decision-engine-tests",
-                            "package-dry-run"
-                        ],
-                        "recommendedChecks": [],
-                        "humanReview": false
-                    }
-                ],
-                "releaseGates": []
-            }),
+            verification_value(
+                "ready",
+                product_quality_checks(),
+                vec![change_type(
+                    "product-installer-or-template",
+                    "NAOME product changes.",
+                    vec!["packages/naome/**", "scripts/**"],
+                    vec![
+                        "installer-tests",
+                        "rust-build",
+                        "decision-engine-tests",
+                        "package-dry-run",
+                    ],
+                )],
+            ),
         );
     }
 
@@ -89,7 +75,7 @@ impl TestRepo {
             "verification.json",
             verification_value(
                 "ready",
-                vec![repository_quality_check()],
+                vec![repository_quality_check(), repository_semantic_check()],
                 vec![change_type(
                     "source",
                     "Source changes.",

package/crates/naome-core/tests/repo_support/verification_values.rs

@@ -242,6 +242,19 @@ pub fn repository_quality_check() -> serde_json::Value {
     })
 }
 
+pub fn repository_semantic_check() -> serde_json::Value {
+    json!({
+        "id": "repository-semantic-check",
+        "command": "naome semantic check --changed",
+        "cwd": ".",
+        "purpose": "Validate changed files against repository semantic rules.",
+        "cost": "fast",
+        "source": "NAOME built-in",
+        "evidence": ["src/**"],
+        "lastVerified": null
+    })
+}
+
 pub fn semantic_repository_quality_fixture_source(name: &str) -> String {
     [
         format!("const {name} = {{"),

package/crates/naome-core/tests/route_user_diff.rs

@@ -73,14 +73,14 @@ fn execute_route_runs_repository_quality_check_without_shelling_to_repo_command(
 }
 
 #[test]
-fn execute_route_refuses_semantic_changed_findings_through_repository_quality_gate() {
-    let repo = TestRepo::new("route-semantic-quality-gate");
+fn execute_route_requires_semantic_gate_with_repository_quality_gate() {
+    let repo = TestRepo::new("route-repository-quality-requires-semantic");
     repo.init_git();
     repo.write_file(
         ".naome/repository-quality.json",
         &repository_quality_config_source(),
     );
-    repo.write_file("scripts/baseline.test.js", "const ok = { value: 1 };\n");
+    repo.write_file("src/clean.js", "export const clean = true;\n");
     repo.write_base_naome_state(json!({ "status": "idle", "activeTask": null }));
     repo.write_naome_json(
         "verification.json",
@@ -91,8 +91,56 @@ fn execute_route_refuses_semantic_changed_findings_through_repository_quality_ga
                 "naome quality check --changed",
                 "Validate changed files against repository quality rules.",
                 "fast",
-                vec!["scripts/**"],
+                vec!["src/**"],
             )],
+            vec![change_type(
+                "source",
+                "Source changes.",
+                vec!["src/**"],
+                vec!["repository-quality-check"],
+            )],
+        ),
+    );
+    repo.commit_all("baseline");
+    repo.write_file("src/clean.js", "export const clean = false;\n");
+    let before_head = repo.git_stdout(&["rev-parse", "HEAD"]);
+
+    let route = route_commit_request(&repo);
+
+    assert_quality_gate_blocked(&repo, &route, before_head, "src/clean.js");
+    assert!(route.user_message.contains("repository-semantic-check"));
+}
+
+#[test]
+fn execute_route_refuses_semantic_changed_findings_through_repository_quality_gate() {
+    let repo = TestRepo::new("route-semantic-quality-gate");
+    repo.init_git();
+    repo.write_file(
+        ".naome/repository-quality.json",
+        &repository_quality_config_source(),
+    );
+    repo.write_file("scripts/baseline.test.js", "const ok = { value: 1 };\n");
+    repo.write_base_naome_state(json!({ "status": "idle", "activeTask": null }));
+    repo.write_naome_json(
+        "verification.json",
+        verification_value(
+            "ready",
+            vec![
+                quality_check(
+                    "repository-quality-check",
+                    "naome quality check --changed",
+                    "Validate changed files against repository quality rules.",
+                    "fast",
+                    vec!["scripts/**"],
+                ),
+                quality_check(
+                    "repository-semantic-check",
+                    "naome semantic check --changed",
+                    "Validate changed files against repository semantic rules.",
+                    "fast",
+                    vec!["scripts/**"],
+                ),
+            ],
             vec![change_type(
                 "scripts",
                 "Script changes.",

package/crates/naome-core/tests/task_ledger.rs

@@ -119,6 +119,57 @@ fn task_state_v2_can_migrate_to_ledger_without_losing_compact_proof_data() {
     assert!(report.errors.is_empty(), "{:?}", report.errors);
 }
 
+#[test]
+fn ledger_projection_preserves_compact_proof_batches_from_task_spec() {
+    let repo = TestRepo::new("compact-ledger");
+    repo.init_git();
+    repo.write_file("README.md", "# Baseline\n");
+    repo.write_base_harness(Some(idle_state()));
+    repo.git(&["add", "."]);
+    repo.git(&["commit", "-m", "baseline"]);
+    let head = repo.git_stdout(&["rev-parse", "HEAD"]);
+
+    repo.write_file(
+        ".naome/tasks/active.json",
+        &format_json(object([
+            ("schema", json!("naome.task-ledger-active.v1")),
+            ("version", json!(1)),
+            ("primaryTaskId", json!("readme-task")),
+            (
+                "worklanes",
+                json!([{ "id": "default", "taskId": "readme-task", "status": "active" }]),
+            ),
+        ])),
+    );
+    repo.write_file(
+        ".naome/tasks/readme-task/task.json",
+        &format_json(compact_task_spec_record(&head)),
+    );
+    repo.write_file(
+        ".naome/tasks/readme-task/events.jsonl",
+        concat!(
+            "{\"schema\":\"naome.task-ledger-event.v1\",\"type\":\"status\",\"status\":\"implementing\",\"recordedAt\":\"2026-05-08T00:00:01.000Z\"}\n",
+            "{\"schema\":\"naome.task-ledger-event.v1\",\"type\":\"status\",\"status\":\"complete\",\"recordedAt\":\"2026-05-08T00:00:02.000Z\"}\n"
+        ),
+    );
+    repo.write_file("README.md", "# Changed\n");
+
+    let projected = read_task_state_projection(repo.path()).unwrap().unwrap();
+    assert_eq!(projected["activeTask"]["proofResults"], json!([]));
+    assert_eq!(
+        projected["activeTask"]["proofPathSets"]["changed"],
+        json!(["README.md"])
+    );
+    assert_eq!(
+        projected["activeTask"]["proofBatches"][0]["proofs"][0]["checkId"],
+        "diff-check"
+    );
+
+    render_task_state_from_ledger(repo.path(), true).unwrap();
+    let report = validate_task_state(repo.path(), TaskStateOptions::default()).unwrap();
+    assert!(report.errors.is_empty(), "{:?}", report.errors);
+}
+
 #[test]
 fn task_state_validation_reports_stale_rendered_projection_when_ledger_exists() {
     let repo = TestRepo::new("stale-projection");
@@ -261,6 +312,17 @@ fn task_spec_record(admission_head: &str) -> Value {
     ])
 }
 
+fn compact_task_spec_record(admission_head: &str) -> Value {
+    let mut task = task_spec_record(admission_head);
+    let task_object = task.as_object_mut().unwrap();
+    task_object.insert(
+        "proofPathSets".to_string(),
+        object([("changed", json!(["README.md"]))]),
+    );
+    task_object.insert("proofBatches".to_string(), json!([compact_proof_batch()]));
+    task
+}
+
 fn diff_proof_record() -> Value {
     object([
         ("schema", json!("naome.task-ledger-proof.v1")),

package/crates/naome-core/tests/task_state.rs

@@ -410,26 +410,20 @@ fn progress_report(repo: &TaskFixture) -> TaskStateReport {
 }
 
 fn implementing_readme_task_fixture() -> serde_json::Value {
-    json!({
-        "schema": "naome.task-state.v1",
-        "version": 1,
-        "status": "implementing",
-        "activeTask": active_task(json!({
-            "allowedPaths": ["README.md"],
-            "proofResults": []
-        })),
-        "blocker": null,
-        "updatedAt": "2026-05-04T12:00:00.000Z"
-    })
+    implementing_task_fixture(vec!["README.md"])
 }
 
 fn implementing_package_task() -> serde_json::Value {
+    implementing_task_fixture(vec!["Package.swift"])
+}
+
+fn implementing_task_fixture(allowed_paths: Vec<&str>) -> serde_json::Value {
     json!({
         "schema": "naome.task-state.v1",
         "version": 1,
         "status": "implementing",
         "activeTask": active_task(json!({
-            "allowedPaths": ["Package.swift"],
+            "allowedPaths": allowed_paths,
             "proofResults": []
         })),
         "blocker": null,

package/crates/naome-core/tests/verification_contract.rs

@@ -5,7 +5,7 @@ mod repo_support;
 
 use repo_support::{
     change_type, check_missing_last_verified_fixture, diff_check,
-    placeholder_verification_contract_fixture, verification_value, TestRepo,
+    placeholder_verification_contract_fixture, quality_check, verification_value, TestRepo,
 };
 
 #[test]
@@ -52,6 +52,42 @@ fn rejects_missing_check_references_and_ready_placeholders() {
     assert!(joined.contains("must not contain example placeholders"));
 }
 
+#[test]
+fn rejects_repository_quality_without_semantic_required_check() {
+    let repo = TestRepo::new("verification-contract-semantic-required");
+    repo.write_testing_markdown(default_testing_markdown());
+    repo.write_naome_json("verification.json", {
+        let mut value = verification_value(
+            "ready",
+            vec![quality_check(
+                "repository-quality-check",
+                "node .naome/bin/naome.js quality check --changed",
+                "Validate changed files against repository quality rules.",
+                "fast",
+                vec![".naome/repository-quality.json"],
+            )],
+            vec![change_type(
+                "code",
+                "Code changes.",
+                vec!["src/**"],
+                vec!["repository-quality-check"],
+            )],
+        );
+        value["lastUpdated"] = json!("2026-05-11");
+        value["releaseGates"] = json!([{
+            "checkId": "repository-quality-check",
+            "requiredWhen": "Before release."
+        }]);
+        value
+    });
+
+    let errors = validate_verification_contract(repo.path()).unwrap();
+    let joined = errors.join("\n");
+
+    assert!(joined.contains("repository-semantic-check"));
+    assert!(joined.contains("changeTypes[0].requiredChecks"));
+}
+
 #[test]
 fn rejects_checks_without_explicit_last_verified_value() {
     let repo = TestRepo::new("verification-contract-last-verified");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lamentis/naome",
-  "version": "1.3.2",
+  "version": "1.3.4",
   "description": "Native-first CLI for the NAOME agent harness.",
   "license": "Apache-2.0",
   "type": "module",

package/templates/naome-root/.naome/bin/check-harness-health.js

@@ -15,12 +15,12 @@ const expectedMachineOwnedIntegrity = Object.freeze({
   ".naome/package.json": "sha256:8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a",
   ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
   "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
-  "docs/naome/agent-workflow.md": "sha256:78faeb4eed157b60f0b60bc43da36c713fc4a3436b93bd963ce5f3c12dc91f22",
+  "docs/naome/agent-workflow.md": "sha256:2fd1fd02eb6849133b9e8227421914580b1c469a60388a063c1b6ed48016b48d",
   "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
   "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
-  "docs/naome/first-run.md": "sha256:f1a2412f1b542e61c79b5ba65a3fdaa810b0f95cf79d9f734256418cdcfb19aa",
+  "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",
   "docs/naome/index.md": "sha256:07ef776f49130319a5280bdb3ae38af22141708253f38eb983a4336fbae1b25a",
-  "docs/naome/task-ledger.md": "sha256:1e524085a2f88811941fd9f2f48ca826bc3e0e4816039d07e795637847714cbd",
+  "docs/naome/task-ledger.md": "sha256:ac637a31abdd13eee15a49086594e63f5c88fe12a5cf621b227310788ae7e583",
   "docs/naome/upgrade.md": "sha256:2c60f0441bbd98bd528d109b30a7ded4b0ad55d61ffb9f52edac9e93b7999cb1"
 });
 

package/templates/naome-root/.naome/bin/check-task-state.js

@@ -15,12 +15,12 @@ const expectedMachineOwnedIntegrity = Object.freeze({
   ".naome/package.json": "sha256:8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a",
   ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
   "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
-  "docs/naome/agent-workflow.md": "sha256:78faeb4eed157b60f0b60bc43da36c713fc4a3436b93bd963ce5f3c12dc91f22",
+  "docs/naome/agent-workflow.md": "sha256:2fd1fd02eb6849133b9e8227421914580b1c469a60388a063c1b6ed48016b48d",
   "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
   "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
-  "docs/naome/first-run.md": "sha256:f1a2412f1b542e61c79b5ba65a3fdaa810b0f95cf79d9f734256418cdcfb19aa",
+  "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",
   "docs/naome/index.md": "sha256:07ef776f49130319a5280bdb3ae38af22141708253f38eb983a4336fbae1b25a",
-  "docs/naome/task-ledger.md": "sha256:1e524085a2f88811941fd9f2f48ca826bc3e0e4816039d07e795637847714cbd",
+  "docs/naome/task-ledger.md": "sha256:ac637a31abdd13eee15a49086594e63f5c88fe12a5cf621b227310788ae7e583",
   "docs/naome/upgrade.md": "sha256:2c60f0441bbd98bd528d109b30a7ded4b0ad55d61ffb9f52edac9e93b7999cb1"
 });
 

package/templates/naome-root/.naome/manifest.json

@@ -8,12 +8,12 @@
     ".naome/package.json": "sha256:8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a",
     ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
     "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
-    "docs/naome/agent-workflow.md": "sha256:78faeb4eed157b60f0b60bc43da36c713fc4a3436b93bd963ce5f3c12dc91f22",
+    "docs/naome/agent-workflow.md": "sha256:2fd1fd02eb6849133b9e8227421914580b1c469a60388a063c1b6ed48016b48d",
     "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
     "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
-    "docs/naome/first-run.md": "sha256:f1a2412f1b542e61c79b5ba65a3fdaa810b0f95cf79d9f734256418cdcfb19aa",
+    "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",
     "docs/naome/index.md": "sha256:07ef776f49130319a5280bdb3ae38af22141708253f38eb983a4336fbae1b25a",
-    "docs/naome/task-ledger.md": "sha256:1e524085a2f88811941fd9f2f48ca826bc3e0e4816039d07e795637847714cbd",
+    "docs/naome/task-ledger.md": "sha256:ac637a31abdd13eee15a49086594e63f5c88fe12a5cf621b227310788ae7e583",
     "docs/naome/upgrade.md": "sha256:2c60f0441bbd98bd528d109b30a7ded4b0ad55d61ffb9f52edac9e93b7999cb1"
   },
   "machineOwned": [

package/templates/naome-root/docs/naome/agent-workflow.md

@@ -114,10 +114,13 @@ Use this workflow after first-run intake is complete.
    task-state automatically; if a legacy-only active task is still present, run
    `node .naome/bin/naome.js task migrate-ledger --write --json` before adding
    completion proof.
-5. Record proof in `.naome/tasks/<task-id>/proofs/`. If legacy compatibility
-   work is unavoidable, use compact `proofPathSets` and `proofBatches` in
-   `.naome/task-state.json` and include every changed in-scope path reported by
-   git in expanded proof evidence.
+5. Record proof as compact `proofPathSets` and `proofBatches` in
+   `.naome/tasks/<task-id>/task.json` when many checks share evidence paths.
+   Use `.naome/tasks/<task-id>/proofs/` only when separate per-check files are
+   needed for parallel writers or durable audit detail. If legacy compatibility
+   work is unavoidable, use the same compact fields in `.naome/task-state.json`
+   and include every changed in-scope path reported by git in expanded proof
+   evidence.
 6. Run `node .naome/bin/naome.js task render-state --write --json` before
    external compatibility checks. Do not hand-edit the rendered projection when
    `.naome/tasks/active.json` exists.

package/templates/naome-root/docs/naome/architecture.md

@@ -8,7 +8,16 @@ Status: Uninitialized
 
 ## Known Boundaries
 
-- Unknown.
+- NAOME information falls into durable project state, durable task ledger,
+  generated projection, local runtime state, run evidence, and product source.
+- Durable project state is committed repository or package state needed to
+  reinstall or reconstruct the harness.
+- `.naome/task-state.json` is a generated compatibility projection when
+  `.naome/tasks/active.json` exists. Render it from the ledger instead of
+  hand-editing it.
+- `.naome/tmp/` is local runtime state and must not be committed.
+- Per-check proof files are run evidence. Prefer compact ledger proof batches
+  when many release checks share the same evidence paths.
 
 ## Assumed Boundaries
 
@@ -20,7 +29,7 @@ Status: Uninitialized
 
 ## Generated Or External Code
 
-- Unknown.
+- Generated NAOME projections must be reproducible from durable state.
 
 ## Evidence
 

package/templates/naome-root/docs/naome/first-run.md

@@ -102,7 +102,7 @@ Rules:
   real check.
 - This JSON is machine state, not prose context. It is exempt from the
   200-line instruction-file budget, but must stay bounded: at most 20 checks, 12
-  change types, and 10 release gates.
+  change types, and 12 release gates.
 - Do not read `.naome/verification.json` as long-form context during normal
   work. Select the relevant change type or check id, then read only the matching
   entries needed for proof.

package/templates/naome-root/docs/naome/task-ledger.md

@@ -26,6 +26,9 @@ new deterministic task tooling can use `.naome/tasks/` as the source of truth.
 - `mutations.json` records touched paths and mutation ownership.
 - `proofs/<check-id>.json` stores one verification result per check so parallel
   checks do not rewrite the same file.
+- `task.json` may also contain compact `proofPathSets` and `proofBatches`.
+  Prefer that release shape when many checks share evidence paths and detailed
+  command logs are already retained by CI or the local run history.
 
 ## Compatibility
 
@@ -60,7 +63,7 @@ whether product changes stay inside `allowedPaths`.
 The intended long-term model is:
 
 ```text
-task spec + events + mutations + proofs + verification config
+task spec + events + mutations + compact proof batches + verification config
 => canonical task model
 => generated task-state projection
 => gates / route / commit / completion
@@ -69,3 +72,12 @@ task spec + events + mutations + proofs + verification config
 This keeps old repositories backward-compatible while making future parallel
 agents safer: separate agents and checks can write separate event/proof files
 instead of all competing for `.naome/task-state.json`.
+
+## Information Policy
+
+Use `node .naome/bin/naome.js workflow information --path <path> --json` before
+changing NAOME control files whose retention is unclear. Durable configuration,
+templates, task specs, and task events are restored from repository or package
+state. `.naome/task-state.json` is generated from durable state. `.naome/tmp/`
+is local runtime state. Per-check proof files are run evidence; compact release
+proof batches keep release diffs readable without losing verification coverage.

package/templates/naome-root/docs/naome/testing.md

@@ -67,7 +67,7 @@ phase is failing or missing.
 - Use dates as `YYYY-MM-DD` or `null`.
 - Keep instruction files under 200 lines. `.naome/verification.json` is machine
   state instead; keep it schema-valid and bounded to 20 checks, 12 change types,
-  and 10 release gates.
+  and 12 release gates.
 - Store long command output as a compact summary that preserves command, cwd,
   exit code, relevant lines, affected paths, and artifacts.
 - When intake defines change types, include `repository-quality-check` and